wgctrl-go icon indicating copy to clipboard operation
wgctrl-go copied to clipboard
verified publisher icon WireGuard

internal/wguser: support for MacOS

Open aep opened this issue 4 years ago • 9 comments

is macox supported? i'm just getting "file does not exist" for ConfigureDevice

aep avatar Dec 29 '20 21:12 aep

I don't have a Mac. It's possible the userspace implementation's UNIX socket lives in an unexpected path on Mac, so PRs are welcome.

mdlayher avatar Dec 29 '20 22:12 mdlayher

yeah looks like it doesnt expose the same control sockets. no idea if it can even be controlled

aep avatar Dec 30 '20 18:12 aep

Works fine on my device.

It's important that you bring up the interface with "wireguard-go " before you configure it.

d1ss0nanz avatar Feb 22 '21 18:02 d1ss0nanz

Works fine on my device.

It's important that you bring up the interface with "wireguard-go " before you configure it.

wireguard-go works but I want to leverage the version in the Mac App Store. Could have better implementation than the wireguard-go

duyleekun avatar Jun 15 '21 13:06 duyleekun

Pretty sure they are the same underlying implementation and the GUI just connects to wireguard-go.

mdlayher avatar Jun 15 '21 17:06 mdlayher

Works fine on my device.

It's important that you bring up the interface with "wireguard-go " before you configure it.

it there a sample about the programming WireGuard?

qzi avatar Feb 13 '22 10:02 qzi

@duyleekun

wireguard-go works but I want to leverage the version in the Mac App Store. Could have better implementation than the wireguard-go

The version from the AppStore is based on WireGuardKit (wireguard-apple repo) which bundles wireguard-go as an macOS/iOS Network Extension.

WireGuardKit does not expose the UAPI via a standard socket. which wireguard-go uses. Instead it uses device.IpcSet() to directly configure the tunnel device: https://git.zx2c4.com/wireguard-apple/tree/Sources/WireGuardKitGo/api-apple.go

We maybe can extend WireGuardKit to also open a UAPI socket for macOS (iOS doesnt really make sense imho). However, we would need to check if macOS Network Extensions are sandboxed and such a socket would be accessible by the user.

stv0g avatar Aug 16 '22 17:08 stv0g

We maybe can extend WireGuardKit to also open a UAPI socket for macOS (iOS doesnt really make sense imho). However, we would need to check if macOS Network Extensions are sandboxed and such a socket would be accessible by the user.

Hi, I have a working implementation of your suggestion. Since all software distributed via App Store has to be sandboxed, there's a limitation as to where you can place the unix socket. However, there's no problem accessing that socket from outside if you assume all the command-line tooling is not sandboxed (which is the case for Homebrew installations at least).

https://github.com/WireGuard/wireguard-apple/pull/27 https://github.com/WireGuard/wireguard-go/pull/89 https://github.com/WireGuard/wgctrl-go/pull/143 https://github.com/WireGuard/wireguard-tools/pull/21

nohajc avatar Sep 09 '23 13:09 nohajc

Great work 👍🏻 I would love to see this merged.

stv0g avatar Sep 11 '23 08:09 stv0g