wireguard-tools icon indicating copy to clipboard operation
wireguard-tools copied to clipboard
verified publisher icon WireGuard

UAPI socket for the macOS sandboxed Wireguard app

Open nohajc opened this issue 2 years ago • 0 comments

This change makes it possible to configure tunnels created by the App Store Wireguard UI using wg and wgctrl-go.

It's an implementation of this suggestion: https://github.com/WireGuard/wgctrl-go/issues/96#issuecomment-1216933842

Because the app is sandboxed, you cannot create the socket in its usual location (/var/run/wireguard). It should be possible to configure an exception for the path but in practice it only works with regular files and not Unix domain sockets. That's why I create the socket inside the app's sandbox folder instead (~/Library/Containers/com.wireguard.macos.network-extension/Data).

I'm also submitting pull requests to modify wireguard-apple, wireguard-go and wgctrl-go to work with this alternative path.

https://github.com/WireGuard/wireguard-apple/pull/27 https://github.com/WireGuard/wireguard-go/pull/89 https://github.com/WireGuard/wgctrl-go/pull/143

nohajc avatar Sep 09 '23 13:09 nohajc