k4yt3x · itoffshore · Jul 2, 2023 · Jul 2, 2023 · Jul 2, 2023 · Jul 2, 2023
diff --git a/README.md b/README.md
@@ -11,10 +11,13 @@ wg-meshconf is a tool that will help you to generate peer configuration files fo
 # note that Pip for Python3 might be named "pip3" on some systems
 pip install --user -U wg-meshconf
 
+# alternatively install as an isolated app with 'pipx'
+# ensure ~/.local/bin is in your $PATH (e.g 'export PATH=$PATH:~/.local/bin' in your ~/.bashrc)
+pipx install wg-meshconf
+
 # running the program
 wg-meshconf showpeers
 ```
-
 You may now run the program by executing the `wg-meshconf` command.
 
 ## Installation (GitHub)
@@ -42,6 +45,9 @@ cd wg-meshconf
 # install the program with Pip
 # Pip and PDM will take care of dependency installation
 pip install -U .
+
+# alternatively install as an isolated app with 'pipx'
+pipx install .
 ```
 
 ## Learn by an Example
@@ -82,10 +88,12 @@ Once you're done, save the file and execute the `init` command again to automati
 wg-meshconf init
 ```
 
-If you check the file again, you'll see the necessary fields getting automatically filed in.
+If you check the file again, you'll see the necessary fields getting automatically filled in.
 
 ![image](https://user-images.githubusercontent.com/21986859/120081172-a2e83680-c0ab-11eb-963d-b6810a6580a3.png)
 
+When adding multiple `AllowedIPs` to your `database` spreadsheet column, include a comma between the ip addresses or ranges (e.g `192.168.0.0/24, 10.0.0.0/24`)
+
 #### Method B: With Terminal
 
 If, for some reason, you don't want to edit the database file directly, you can also use this tool purely through its command line interface.
@@ -110,6 +118,8 @@ After adding all the peers into the database, you can verify that they have all
 
 Use the `genconfig` command to generate configuration files for all peers. You may also export configurations for only one peer by specifying the peer's name.
 
+Optionally **pre-shared key** configuration for [Quantum Secrecy](https://www.wireguard.com/known-limitations/#post-quantum-secrecy) can be generated by passing to `genconfig` options of `-p` or `--psk` (e.g: `wg-meshconf genconfig --psk`). Pre-shared keys are not stored in the database & are re-generated every time `genconfig` is run (as keys should be rotated periodically).
+
 The configuration files will be named after the peers' names. By default, all configuration files are exported into a subdirectory named `output`. You can change this by specifying output directory using the `-o` or the `--output` option.
 
 ![image](https://user-images.githubusercontent.com/21986859/99202483-352b8b80-27a7-11eb-8479-8749e945a81d.png)
@@ -181,7 +191,6 @@ Database files are essentially just CSV files (it was JSON before version 2.4.0)
 "canada1","10.3.0.1/16","canada1.com","","51820","","","2D34jpbTsU+KeBqfItTEbL5m7nYcBomWWJGTYCT6eko=","","","","","","","",""
 "shanghai1","10.4.0.1/16","shanghai1.com","","51820","","","CGyR7goj/uGH3TQHgVknpb9ZBR+/yMfkve+kVNGBYlg=","","","","","","","",""
 ```
-
 ## Detailed Usages
 
 You may refer to the program's help page for usages. Use the `-h` switch or the `--help` switch to print the help page.

diff --git a/wg_meshconf/__init__.py b/wg_meshconf/__init__.py
@@ -7,6 +7,6 @@
 Last Modified: February 2, 2023
 """
 
-__version__ = "2.5.1"
+__version__ = "2.5.2"
 
 from .wg_meshconf import main
diff --git a/wg_meshconf/database_manager.py b/wg_meshconf/database_manager.py
@@ -9,6 +9,8 @@
 
 import copy
 import csv
+import itertools
+import json
 import pathlib
 import sys
 
@@ -310,7 +312,7 @@ def showpeers(self, Name: str, verbose: bool = False):
         # print the constructed table in console
         Console().print(table)
 
-    def genconfig(self, Name: str, output: pathlib.Path):
+    def genconfig(self, Name: str, output: pathlib.Path, psk: bool):
         database = self.read_database()
 
         # check if peer ID is specified
@@ -331,6 +333,14 @@ def genconfig(self, Name: str, output: pathlib.Path):
             print(f"Creating output directory: {output}", file=sys.stderr)
             output.mkdir(exist_ok=True)
 
+        # optionally generate pre-shared keys for quantum secrecy
+        if psk:
+            preshared_keys = {}
+            for _combo_pair in itertools.combinations(peers, 2):
+                preshared_keys[
+                    json.dumps(sorted(list(_combo_pair)))
+                ] = self.wireguard.genpsk()
+
         # for every peer in the database
         for peer in peers:
             with (output / f"{peer}.conf").open("w") as config:
@@ -361,6 +371,14 @@ def genconfig(self, Name: str, output: pathlib.Path):
                         )
                     )
 
+                    # optionally write pre-shared keys
+                    if psk:
+                        config.write(
+                            "PresharedKey = {}\n".format(
+                                preshared_keys[json.dumps(sorted(list({peer, p})))]
+                            )
+                        )
+
                     if database["peers"][p].get("Endpoint") is not None:
                         config.write(
                             "Endpoint = {}:{}\n".format(

diff --git a/wg_meshconf/wg_meshconf.py b/wg_meshconf/wg_meshconf.py
@@ -104,7 +104,7 @@ def parse_arguments():
     showpeers = subparsers.add_parser("showpeers")
     showpeers.add_argument(
         "name",
-        help="Name of the peer to query",
+        help="name of the peer to query",
         nargs="?",
     )
     showpeers.add_argument(
@@ -118,7 +118,7 @@ def parse_arguments():
     genconfig = subparsers.add_parser("genconfig")
     genconfig.add_argument(
         "name",
-        help="Name of the peer to generate configuration for, \
+        help="name of the peer to generate configuration for, \
             configuration for all peers are generated if omitted",
         nargs="?",
     )
@@ -129,13 +129,19 @@ def parse_arguments():
         type=pathlib.Path,
         default=pathlib.Path.cwd() / "output",
     )
+    genconfig.add_argument(
+        "-p",
+        "--psk",
+        help="generate pre-shared key configuration",
+        default=False,
+        action="store_true",
+    )
 
     return parser.parse_args()
 
 
 # if the file is not being imported
 def main():
-
     args = parse_arguments()
 
     database_manager = DatabaseManager(args.database)
@@ -190,7 +196,7 @@ def main():
         database_manager.showpeers(args.name, args.verbose)
 
     elif args.command == "genconfig":
-        database_manager.genconfig(args.name, args.output)
+        database_manager.genconfig(args.name, args.output, args.psk)
 
     # if no commands are specified
     else: