git: 78d36c860239 - stable/13 - wg.4: Add some enhancements
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Fri, 11 Nov 2022 22:56:01 UTC
The branch stable/13 has been updated by gbe (doc committer): URL: https://cgit.FreeBSD.org/src/commit/?id=78d36c860239d9cbfa23ea6c96dc07ee9f9844ad commit 78d36c860239d9cbfa23ea6c96dc07ee9f9844ad Author: Gordon Bergling <gbe@FreeBSD.org> AuthorDate: 2022-10-30 12:59:37 +0000 Commit: Gordon Bergling <gbe@FreeBSD.org> CommitDate: 2022-11-11 22:55:16 +0000 wg.4: Add some enhancements - add a SPDX-License-Identifier - rename the title of the man page - use better grammar in some places - reword 'IPs' to 'IP addresses' - add a missing word in the AUTHORS section - use '.An -nosplit' in the AUTHORS section - Xr ipsec and ovpn Reviewed by: pauamma, mhorne Differential Revision: https://reviews.freebsd.org/D37205 (cherry picked from commit 19c03f4ab0d68788a561b91278fd13c760227a31) --- share/man/man4/wg.4 | 25 +++++++++++++++---------- 1 file changed, 15 insertions(+), 10 deletions(-) diff --git a/share/man/man4/wg.4 b/share/man/man4/wg.4 index f2ae425002d7..21bb640e7b6c 100644 --- a/share/man/man4/wg.4 +++ b/share/man/man4/wg.4 @@ -1,3 +1,5 @@ +.\" SPDX-License-Identifier: BSD-2-Clause-FreeBSD +.\" .\" Copyright (c) 2020 Gordon Bergling <gbe@FreeBSD.org> .\" .\" Redistribution and use in source and binary forms, with or without @@ -23,12 +25,12 @@ .\" .\" $FreeBSD$ .\" -.Dd October 28, 2022 +.Dd October 30, 2022 .Dt WG 4 .Os .Sh NAME .Nm wg -.Nd "WireGuard - pseudo-device" +.Nd "WireGuard protocol driver" .Sh SYNOPSIS To load the driver as a module at boot time, place the following line in .Xr loader.conf 5 : @@ -44,7 +46,7 @@ protocol. .Pp A .Nm -interface recognises one or more peers, establishes a secure tunnel with +interface recognizes one or more peers, establishes a secure tunnel with each on demand, and tracks each peer's UDP endpoint for exchanging encrypted traffic with. .Pp @@ -72,17 +74,17 @@ interface with its own private key and with the public keys of its peers. In addition to the public keys, each peer pair may be configured with a unique pre-shared symmetric key. This is used in their handshake to guard against future compromise of the -peers' encrypted tunnel if a quantum-computational attack on their +peers' encrypted tunnel if an attack on their Diffie-Hellman exchange becomes feasible. It is optional, but recommended. -.It Allowed IPs +.It Allowed IP addresses A single .Nm interface may maintain concurrent tunnels connecting diverse networks. The interface therefore implements rudimentary routing and reverse-path filtering functions for its tunneled traffic. -These functions reference a set of allowed IP ranges configured against -each peer. +These functions reference a set of allowed IP address ranges configured +against each peer. .Pp The interface will route outbound tunneled traffic to the peer configured with the most specific matching allowed IP address range, or drop it @@ -95,11 +97,11 @@ That is, tunneled traffic routed to a given peer cannot return through another peer of the same .Nm interface. -This ensures that peers cannot spoof another's traffic. +This ensures that peers cannot spoof one another's traffic. .It Handshake Two peers handshake to mutually authenticate each other and to establish a shared series of secret ephemeral encryption keys. -Any peer may initiate a handshake. +Either peer may initiate a handshake. Handshakes occur only when there is traffic to send, and recur every two minutes during transfers. .It Connectionless @@ -181,7 +183,9 @@ is not assigned to the allowed IPs of Peer X. .Sh SEE ALSO .Xr inet 4 , .Xr ip 4 , +.Xr ipsec 4 , .Xr netintro 4 , +.Xr ovpn 4 , .Xr ipf 5 , .Xr pf.conf 5 , .Xr ifconfig 8 , @@ -197,9 +201,10 @@ The device driver first appeared in .Fx 14.0 . .Sh AUTHORS +.An -nosplit The .Nm -device driver written by +device driver was written by .An Jason A. Donenfeld Aq Mt Jason@zx2c4.com , .An Matt Dunwoodie Aq Mt ncon@nconroy.net , and