Feature Request Poll: "wg genpsk" command in WireGuard GUI

[Wrigleys]

Dear all

The current WireGuard plugin is almost perfect. (many thanks to pmhausen).
Except for the generation of the pre-shared key, all settings can be made via the GUI.
The PSK needs to be generated on the CLI itself (wg genpsk).

Now I would like to ask you if you also miss such kind of generation button in the GUI?

@pmhausen: Is such implementation of a generation button possible in the GUI?

If there is an demand of such function, I will open a "feature request" on GitHub.

Many thanks for every reply and all the best
Wrigleys

[Patrick M. Hausen]

First - thank you for the kind words, but the WireGuard plugin is not my work. Kudos go to @mimugmail and @franco, mainly.

Second - that is not necessary. When you create a new local instance, just leave the key fields empty and save:


After saving, click on edit again, the keys will have been generated and the fields filled automatically:


HTH,
Patrick

[Greelan]

The OP is referring to the Shared Secret on the endpoint, not the public/private keypair

[Wrigleys]

Dear Patrick

Many thanks for your quick reply. Therefore I would like to thank you all @mimugmail, @franco and you @pmhausen for your hard work.

This is correct for the local instance, but primarly I mean when adding a new Endpoint (peer) as @Greelan wrote above --> thanks for that.
There you have a field called "Shared Secret" which will stay empty by default. In my case (security enthusiast), I generate a PSK in the CLI with the command "wg genpsk" and copy the output in that field and also in the client config (for example a phone or tablet).

Sorry for being imprecise in my wording above.

All the best,
Wrigleys

[chemlud]

Dear Patrick

Many thanks for your quick reply. Therefore I would like to thank you all @mimugmail, @franco and you @pmhausen for your hard work.

This is correct for the local instance, but primarly I mean when adding a new Endpoint (peer) as @Greelan wrote above --> thanks for that.
There you have a field called "Shared Secret" which will stay empty by default. In my case (security enthusiast), I generate a PSK in the CLI with the command "wg genpsk" and copy the output in that field and also in the client config (for example a phone or tablet).

Sorry for being imprecise in my wording above.

All the best,
Wrigleys

Hi, do you have a policy in place for replacing keys/secrets on a regular basis every x months or so? :-)

[Wrigleys]

Hi chemlud

Not really, but sounds interesting ;D

[mimugmail]

We could add a Tools tab and add some buttons with such commands :)

[Wrigleys]

We could add a Tools tab and add some buttons with such commands :)

Hi mimugmail

This would be awesome and improve security for everyone.  :)
Stupid question: would it make sense to place this button right next to the ,,Shared Secret" Text-Field? Like the ,,Generate keypair-Button" in the WireGuard App.

Have a nice evening.

Best,
Wrigleys

[mimugmail]

It would, but I'm way to unskilled :P

[Wrigleys]

No worries. You all did a great job and will ever do.
A tools-tab is awesome, too.

Please let me know, if I should open a feature request.

Many thanks and take care
Wrigleys

[mimugmail]

No worries. You all did a great job and will ever do.
A tools-tab is awesome, too.

Please let me know, if I should open a feature request.

Many thanks and take care
Wrigleys

Yes please :)

[ChirpyTurnip]

Hi,

I missed this too! I set up a bunch of connections and then there is a step I have to do from the console....not even console-via-GUI, but freaking "Go get the puTTy app to connect to the console..." Ugh!

Personally I don't want to this be implemented as a separate tool - it should simply be a button on the peer form so you can click and generate when you are setting up a connection - I don't want to be jumping from screen to screen.

pfSense might have had a messy Wireguard implementation but at least the GUI for that module was pretty smooth and logical from a workflow/usability perspective. I've just setup a set of site-to-site tunnels and 8 road warrior connections and the pfsense experience doing this was much better than when I just did it on OPNsense (sorry).

OPNsense is free, and one shouldn't look a gift horse in the mouth, but it would be nice if the UX philosophy was  "GUI-is-king" versus "GUI/CLI-its-all-the-same-to-me".....   ;)

[mimugmail]

The Grid in MVC doesnt offer an easy way to add buttons. A Tools Tab besides the rest with such would be easy. Ok for you?

[ChirpyTurnip]

Maybe. The alternative could be a tick box that when selected would generate a PSK and display it in a read-only field once you hit the save button. The primary objective in any UX design should be to minimise screen hopping - a bad layout or a clunky process is still better than jumping from module to module and back again to do a simple task.

And, as a complete aside, if the GUI isn't that flexible then switching that out for a better presentation framework should be an overall priority as in terms of broad appeal any product is going to live or die by the quality and usability of the GUI. There might be diehards who'll take whatever is on offer, but for the unwashed masses eye-candy is king. The market for OPNsense is such that we don't need to go all-in on Apple-type UI design, but doing a half decent job is definitely a requirement. :)

[mimugmail]

Its rather me than the framework since I'm not a dev ;)