https://wiki.archlinux.org/api.php?action=feedcontributions&user=Calebstdenis&feedformat=atomArchWiki - User contributions [en]2024-03-28T20:16:21ZUser contributionsMediaWiki 1.41.0https://wiki.archlinux.org/index.php?title=WireGuard&diff=571875WireGuard2019-04-23T02:26:10Z<p>Calebstdenis: /* Installation */ Bullet points invite readers to skip over the normal prose. It could be one of the reasons why folks don't read the doc properly.</p>
<hr />
<div>[[Category:Virtual Private Network]]<br />
[[ja:WireGuard]]<br />
[[zh-hans:WireGuard]]<br />
From the [https://www.wireguard.com/ WireGuard] project homepage: <br />
:Wireguard is an extremely simple yet fast and modern VPN that utilizes state-of-the-art cryptography. It aims to be faster, simpler, leaner, and more useful than IPSec, while avoiding the massive headache. It intends to be considerably more performant than OpenVPN. WireGuard is designed as a general purpose VPN for running on embedded interfaces and super computers alike, fit for many different circumstances. Initially released for the Linux kernel, it plans to be cross-platform and widely deployable.<br />
<br />
{{Warning|WireGuard has not undergone proper degrees of security auditing and the protocol is still subject to change [https://www.wireguard.com/#work-in-progress].}}<br />
<br />
== Installation ==<br />
<br />
# [[Install]] the {{Pkg|wireguard-tools}} package.<br />
# Install the appropriate kernel module:<br />
::* {{Pkg|wireguard-arch}} for the default {{Pkg|linux}} kernel.<br />
::* {{Pkg|wireguard-lts}} for the LTS {{Pkg|linux-lts}} kernel.<br />
::* {{Pkg|wireguard-dkms}} for the DKMS variant for other [[kernel]]s.<br />
<br />
{{Tip|[[systemd-networkd]] has native support for setting up Wireguard interfaces since version 237. See [[#Using systemd-networkd]] for details.}}<br />
<br />
== Usage ==<br />
<br />
The below commands demonstrate how to setup a basic tunnel between two peers with the following settings:<br />
<br />
{| class="wikitable"<br />
! <br />
! Peer A<br />
! Peer B<br />
|----------------------------------------------------------<br />
| External IP address<br />
| 10.10.10.1/24<br />
| 10.10.10.2/24<br />
|----------------------------------------------------------<br />
| Internal IP address<br />
| 10.0.0.1/24<br />
| 10.0.0.2/24<br />
|----------------------------------------------------------<br />
| Wireguard listening port<br />
| UDP/48574<br />
| UDP/39814<br />
|}<br />
<br />
The external addresses should already exist. For example, peer A should be able to ping peer B via {{ic|ping 10.10.10.2}}, and vice versa. The internal addresses will be new addresses created by the {{man|8|ip}} commands below and will be shared internally within the new WireGuard network using {{man|8|wg}}. The {{ic|/24}} in the IP addresses is the [[wikipedia:Classless_Inter-Domain_Routing#CIDR_notation|CIDR]].<br />
<br />
=== Key generation ===<br />
<br />
To create a private key:<br />
<br />
$ wg genkey > privatekey<br />
<br />
{{Note|It is recommended to only allow reading and writing access for the owner:<br />
$ chmod 600 privatekey<br />
}}<br />
<br />
To create a public key:<br />
<br />
$ wg pubkey < privatekey > publickey<br />
<br />
Alternatively, do this all at once:<br />
<br />
$ wg genkey | tee privatekey | wg pubkey > publickey<br />
<br />
One can also generate a preshared key to add an additional layer of symmetric-key cryptography to be mixed into the already existing public-key cryptography, for post-quantum resistance.<br />
<br />
# wg genpsk > preshared<br />
<br />
=== Peer A setup ===<br />
<br />
This peer will listen on UDP port 48574 and will accept connection from peer B by linking its public key with both its inner and outer IPs addresses.<br />
<br />
# ip link add dev wg0 type wireguard<br />
# ip addr add 10.0.0.1/24 dev wg0<br />
# wg set wg0 listen-port 48574 private-key ./privatekey<br />
# wg set wg0 peer [Peer B public key] persistent-keepalive 25 allowed-ips 10.0.0.2/32 endpoint 10.10.10.2:39814<br />
# ip link set wg0 up<br />
<br />
{{ic|[Peer B public key]}} should have the same format as {{ic|1=EsnHH9m6RthHSs+sd9uM6eCHe/mMVFaRh93GYadDDnM=}}. The keyword {{ic|allowed-ips}} is a list of addresses that peer A will be able to send traffic to; {{ic|allowed-ips 0.0.0.0/0}} would allow sending traffic to any IPv4 address, {{ic|::/0}} allows sending traffic to any IPv6 address.<br />
<br />
=== Peer B setup ===<br />
<br />
As with peer A, whereas the wireguard daemon is listening on the UDP port 39814 and accept connection from peer A only.<br />
<br />
# ip link add dev wg0 type wireguard<br />
# ip addr add 10.0.0.2/24 dev wg0<br />
# wg set wg0 listen-port 39814 private-key ./privatekey<br />
# wg set wg0 peer [Peer A public key] persistent-keepalive 25 allowed-ips 10.0.0.1/32 endpoint 10.10.10.1:48574<br />
# ip link set wg0 up<br />
<br />
=== Basic checkups ===<br />
<br />
Invoking the {{man|8|wg}} command without parameter will give a quick overview of the current configuration.<br />
<br />
As an example, when Peer A has been configured we are able to see its identity and its associated peers:<br />
<br />
peer-a$ wg<br />
interface: wg0<br />
public key: UguPyBThx/+xMXeTbRYkKlP0Wh/QZT3vTLPOVaaXTD8=<br />
private key: (hidden)<br />
listening port: 48574<br />
<br />
peer: 9jalV3EEBnVXahro0pRMQ+cHlmjE33Slo9tddzCVtCw=<br />
endpoint: 10.10.10.2:39814<br />
allowed ips: 10.0.0.2/32<br />
<br />
At this point one could reach the end of the tunnel:<br />
peer-a$ ping 10.0.0.2<br />
<br />
=== Persistent configuration ===<br />
<br />
The configuration can be saved by utilizing {{ic|showconf}}:<br />
<br />
# wg showconf wg0 > /etc/wireguard/wg0.conf<br />
# wg setconf wg0 /etc/wireguard/wg0.conf<br />
<br />
=== Example peer configuration ===<br />
<br />
{{hc|1=/etc/wireguard/wg0.conf|2=<br />
[Interface]<br />
Address = 10.0.0.1/32<br />
PrivateKey = [CLIENT PRIVATE KEY]<br />
<br />
[Peer]<br />
PublicKey = [SERVER PUBLICKEY]<br />
AllowedIPs = 10.0.0.0/24, 10.123.45.0/24, 1234:4567:89ab::/48<br />
Endpoint = [SERVER ENDPOINT]:51820<br />
PersistentKeepalive = 25<br />
}}<br />
<br />
=== Example configuration for systemd-networkd ===<br />
<br />
{{hc|1=/etc/systemd/network/30-wg0.netdev|2=<br />
[NetDev]<br />
Name = wg0<br />
Kind = wireguard<br />
Description = Wireguard<br />
<br />
[WireGuard]<br />
PrivateKey = [CLIENT PRIVATE KEY]<br />
<br />
[WireGuardPeer]<br />
PublicKey = [SERVER PUBLIC KEY]<br />
PresharedKey = [PRE SHARED KEY]<br />
AllowedIPs = 10.0.0.0/24<br />
Endpoint = [SERVER ENDPOINT]:51820<br />
PersistentKeepalive = 25<br />
}}<br />
<br />
{{hc|1=/etc/systemd/network/30-wg0.network|2=<br />
[Match]<br />
Name = wg0<br />
<br />
[Network]<br />
Address = 10.0.0.3/32<br />
DNS = 10.0.0.1<br />
<br />
[Route]<br />
Gateway = 10.0.0.1<br />
Destination = 10.0.0.0/24<br />
}}<br />
<br />
== Specific use-case: VPN server ==<br />
<br />
The purpose of this section is to setup a WireGuard "server" and generic "clients" to enable access to the server/network resources through an encrypted and secured tunnel like [[OpenVPN]] and others. The server runs on Linux and the clients can run any number of platforms (the WireGuard Project offers apps on both iOS and Android platforms in addition to Linux-native and MacOS). See the official project [https://www.wireguard.com/install/ install link] for more.<br />
<br />
{{Tip|Instead of using {{pkg|wireguard-tools}} for server/client configuration, one may want to use [[#Using systemd-networkd|systemd-networkd]] native WireGuard support.}}<br />
<br />
=== Server ===<br />
<br />
On the machine acting as the server, first enable IPv4 forwarding using [[sysctl]]:<br />
<br />
# sysctl net.ipv4.ip_forward=1<br />
<br />
To make the change permanent, add {{ic|1=net.ipv4.ip_forward = 1}} to {{ic|/etc/sysctl.d/99-sysctl.conf}}.<br />
<br />
A properly configured [[firewall]] is ''HIGHLY recommended'' for any Internet-facing device.<br />
Be sure to:<br />
<br />
* Allow UDP traffic on the specified port(s) on which WireGuard will be running (for example allowing traffic on 51820/udp).<br />
* Setup the forwarding policy for the firewall if it is not included in the WireGuard config for the interface itself {{ic|/etc/wireguard/wg0.conf}}. The example below should work as-is.<br />
<br />
Finally, WireGuard port(s) need to be forwarded to the server's LAN IP from the router so they can be accessed from the WAN (ie router port forwarding).<br />
<br />
=== Key generation ===<br />
<br />
Generate key pairs for the server and for each client as explained in [[#Key generation]].<br />
<br />
=== Server config ===<br />
<br />
Create the server config file:<br />
<br />
{{hc|1=/etc/wireguard/wg0.conf|2=<br />
[Interface]<br />
Address = 10.200.200.1/24<br />
SaveConfig = true<br />
ListenPort = 51820<br />
PrivateKey = [SERVER PRIVATE KEY]<br />
<br />
# note - substitute ''eth0'' in the following lines to match the Internet-facing interface<br />
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE<br />
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE<br />
<br />
[Peer]<br />
# client foo<br />
PublicKey = [FOO's PUBLIC KEY]<br />
PresharedKey = [PRE-SHARED KEY]<br />
AllowedIPs = 10.200.200.2/32<br />
<br />
[Peer]<br />
# client bar<br />
PublicKey = [BAR's PUBLIC KEY]<br />
AllowedIPs = 10.200.200.3/32<br />
}}<br />
<br />
Additional peers can be listed in the same format as needed. Each peer required the {{ic|PublicKey}} to be set. However, specifying {{ic|PresharedKey}} is optional.<br />
<br />
The interface can be managed manually using {{man|8|wg-quick}} or using a [[systemd]] service managed via {{man|1|systemctl}}.<br />
<br />
The interface may be brought up using {{ic|wg-quick up wg0}} respectively by [[start|starting]] and potentially [[enable|enabling]] the interface via {{ic|wg-quick@''interface''.service}}, e.g. {{ic|wg-quick@wg0.service}}. To close the interface use {{ic|wg-quick down wg0}} respectively [[stop]] {{ic|wg-quick@''interface''.service}}.<br />
<br />
=== Client config ===<br />
<br />
Create the corresponding client config file(s):<br />
<br />
{{hc|1=foo.conf|2=<br />
[Interface]<br />
Address = 10.200.200.2/24<br />
PrivateKey = [FOO's PRIVATE KEY]<br />
DNS = 10.200.200.1<br />
<br />
[Peer]<br />
PublicKey = [SERVER PUBLICKEY]<br />
PresharedKey = [PRE-SHARED KEY]<br />
AllowedIPs = 0.0.0.0/0, ::/0<br />
Endpoint = my.ddns.address.com:51820<br />
}}<br />
<br />
{{hc|1=bar.conf|2=<br />
[Interface]<br />
Address = 10.200.200.3/24<br />
PrivateKey = [BAR's PRIVATE KEY]<br />
DNS = 10.200.200.1<br />
<br />
[Peer]<br />
PublicKey = [SERVER PUBLICKEY]<br />
PresharedKey = [PRE-SHARED KEY]<br />
AllowedIPs = 0.0.0.0/0, ::/0<br />
Endpoint = my.ddns.address.com:51820<br />
}}<br />
<br />
Using the catch-all {{ic|1=AllowedIPs = 0.0.0.0/0, ::/0}} will forward all IPv4 ({{ic|0.0.0.0/0}}) and IPv6 ({{ic|::/0}}) traffic over the VPN.<br />
<br />
{{Note|Users of [[NetworkManager]], may need to [[enable]] the {{ic|NetworkManager-wait-online.service}} and users of [[systemd-networkd]] may need to [[enable]] the {{ic|systemd-networkd-wait-online.service}} to wait until devices are network ready before attempting wireguard connection.}}<br />
<br />
{{Tip|If the client is a mobile device such as a phone, {{Pkg|qrencode}} can be used to share the config with the client:<br />
$ qrencode -t ansiutf8 < foo.conf<br />
}}<br />
<br />
== Troubleshooting ==<br />
<br />
=== Routes are periodically reset ===<br />
<br />
Make sure that [[NetworkManager]] is not managing the Wireguard interface:<br />
<br />
{{hc|1=/etc/NetworkManager/conf.d/unmanaged.conf|2=<br />
[keyfile]<br />
unmanaged-devices=interface-name:wg0<br />
}} <br />
<br />
=== Connection loss with NetworkManager ===<br />
<br />
On desktop, connection loss can be experienced when all the traffic is tunneled through a Wireguard interface: typically, the connection is seemingly lost after a while or upon new connection to an access point.<br />
<br />
By default ''wg-quick'' uses a resolvconf provider such as [[openresolv]] to register new [[DNS]] entries (i.e. {{ic|DNS}} keyword in the configuration file). However [[NetworkManager]] does not use resolvconf by default: every time a new [[DHCP]] lease is acquired, [[NetworkManager]] overwrites the global DNS addresses with the DHCP-provided ones which might not be available through the tunnel.<br />
<br />
==== Using resolvconf ====<br />
<br />
If resolvconf is already used by the system and connection losses persist, make sure NetworkManager is configured to use it: [[NetworkManager#Use openresolv]].<br />
<br />
==== Using dnsmasq ====<br />
<br />
See [[Dnsmasq#openresolv]] for configuration.<br />
<br />
==== Using systemd-resolved ====<br />
<br />
{{Out of date|{{Bug|59459}} is fixed, systemd-resolved's resolvconf interface works.}}<br />
<br />
At the time of writing (Sept. 2018), the resolvconf-compatible mode offered by {{Pkg|systemd-resolvconf}} does not work with ''wg-quick''. However [[systemd-resolved]] can still be used by ''wg-quick'' through the {{ic|PostUp}} hook. First make sure that NetworkManager is configured with ''systemd-resolved'': [[NetworkManager#systemd-resolved]] and then alter the tunnel configuration:<br />
<br />
{{hc|1=/etc/wireguard/wg0.conf|2=<br />
[Interface]<br />
Address = 10.0.0.2/24 # The client IP from wg0server.conf with the same subnet mask<br />
PrivateKey = [CLIENT PRIVATE KEY]<br />
PostUp = resolvectl domain %i "~."; resolvectl dns %i 10.0.0.1; resolvectl dnssec %i yes<br />
<br />
[Peer]<br />
PublicKey = [SERVER PUBLICKEY]<br />
AllowedIPs = 0.0.0.0/0, ::0/0<br />
Endpoint = [SERVER ENDPOINT]:51820<br />
PersistentKeepalive = 25<br />
}}<br />
<br />
Setting {{ic|"~."}} as a domain name is necessary for ''systemd-resolved'' to give priority to the newly available DNS server. <br />
<br />
No {{ic|PostDown}} key is necessary as ''systemd-resolved'' automatically revert all parameters when {{ic|wg0}} is torn down.<br />
<br />
== Tips and tricks ==<br />
<br />
=== Using systemd-networkd ===<br />
<br />
[[Systemd-networkd]] has native support for WireGuard protocols and therefore does not require the {{Pkg|wireguard-tools}} package.<br />
<br />
==== Server ====<br />
<br />
{{hc|1=/etc/systemd/network/99-server.netdev|2=<br />
[NetDev]<br />
Name = wg0<br />
Kind = wireguard<br />
Description = Wireguard<br />
<br />
[WireGuard]<br />
ListenPort = 51820<br />
PrivateKey = [SERVER PRIVATE KEY]<br />
<br />
[WireGuardPeer]<br />
PublicKey = [FOO's PUBLIC KEY]<br />
PresharedKey = [PRE-SHARED KEY]<br />
AllowedIPs = 10.200.200.2/32<br />
<br />
[WireGuardPeer]<br />
PublicKey = [BAR's PUBLIC KEY]<br />
PresharedKey = [PRE-SHARED KEY]<br />
AllowedIPs = 10.200.200.3/32<br />
}}<br />
{{hc|1=/etc/systemd/network/99-server.network|2=<br />
[Match]<br />
Name = wg0<br />
<br />
[Network]<br />
Address = 10.200.200.1/32<br />
<br />
[Route]<br />
Gateway = 10.200.200.1<br />
Destination = 10.200.200.0/24<br />
}}<br />
<br />
==== Client foo ====<br />
<br />
{{hc|1=/etc/systemd/network/99-client.netdev|2=<br />
[NetDev]<br />
Name = wg0<br />
Kind = wireguard<br />
Description = Wireguard<br />
<br />
[WireGuard]<br />
PrivateKey = [FOO's PRIVATE KEY]<br />
<br />
[WireGuardPeer]<br />
PublicKey = [SERVER PUBLICKEY]<br />
PresharedKey = [PRE-SHARED KEY]<br />
AllowedIPs = 10.200.0.0/24<br />
Endpoint = my.ddns.address.com:51820<br />
PersistentKeepalive = 25<br />
}}<br />
{{hc|1=/etc/systemd/network/99-client.network|2=<br />
[Match]<br />
Name = wg0<br />
<br />
[Network]<br />
Address = 10.200.200.2/32<br />
<br />
[Route]<br />
Gateway = 10.200.200.1<br />
Destination = 10.200.200.0/24<br />
GatewayOnlink=true<br />
}}<br />
<br />
==== Client bar ====<br />
<br />
{{hc|1=/etc/systemd/network/99-client.netdev|2=<br />
[NetDev]<br />
Name = wg0<br />
Kind = wireguard<br />
Description = Wireguard<br />
<br />
[WireGuard]<br />
PrivateKey = [BAR's PRIVATE KEY]<br />
<br />
[WireGuardPeer]<br />
PublicKey = [SERVER PUBLICKEY]<br />
PresharedKey = [PRE-SHARED KEY]<br />
AllowedIPs = 10.200.0.0/24<br />
Endpoint = my.ddns.address.com:51820<br />
PersistentKeepalive = 25<br />
}}<br />
<br />
{{hc|1=/etc/systemd/network/99-client.network|2=<br />
[Match]<br />
Name = wg0<br />
<br />
[Network]<br />
Address = 10.200.200.3/32<br />
<br />
[Route]<br />
Gateway = 10.200.200.1<br />
Destination = 10.200.200.0/24<br />
GatewayOnlink=true<br />
}}<br />
<br />
=== Store private keys in encrypted form ===<br />
<br />
It may be desirable to store private keys in encrypted form, such as through use of {{pkg|pass}}. Just replace the PrivateKey line under [Interface] in the configuration file with:<br />
<br />
PostUp = wg set %i private-key <(su user -c "export PASSWORD_STORE_DIR=/path/to/your/store/; pass WireGuard/private-keys/%i")<br />
<br />
where ''user'' is the Linux username of interest. See the {{man|8|wg-quick}} man page for more details.<br />
<br />
=== Endpoint with changing IP ===<br />
<br />
After resolving a server's domain, WireGuard [https://lists.zx2c4.com/pipermail/wireguard/2017-November/002028.html will not check for changes in DNS again].<br />
<br />
If the WireGuard server is frequently changing its IP-address due DHCP, Dyndns, IPv6, ..., any WireGuard client is going to lose its connection, until its endpoint is updated via something like {{ic|wg set "$INTERFACE" peer "$PUBLIC_KEY" endpoint "$ENDPOINT"}}.<br />
<br />
Also be aware, if the endpoint is ever going to change its address (for example when moving to a new provider/datacenter), just updating DNS will not be enough, so periodically running reresolve-dns might make sense on any DNS-based setup.<br />
<br />
Luckily, {{Pkg|wireguard-tools}} provides an example script {{ic|/usr/share/wireguard/examples/reresolve-dns/reresolve-dns.sh}}, that parses WG configuration files and automatically resets the endpoint address.<br />
<br />
One needs to run the {{ic|/usr/share/wireguard/examples/reresolve-dns/reresolve-dns.sh /etc/wireguard/wg.conf}} periodically to recover from an endpoint that has changed its IP.<br />
<br />
One way of doing so is by updating all WireGuard endpoints once every thirty seconds[https://git.zx2c4.com/WireGuard/tree/contrib/examples/reresolve-dns/README] via a systemd timer:<br />
<br />
{{hc|/etc/systemd/system/wireguard_reresolve-dns.timer|2=<br />
[Unit]<br />
Description=Periodically reresolve DNS of all WireGuard endpoints<br />
<br />
[Timer]<br />
OnCalendar=*:*:0/30<br />
<br />
[Install]<br />
WantedBy=timers.target<br />
}}<br />
<br />
{{hc|/etc/systemd/system/wireguard_reresolve-dns.service|2=<br />
[Unit]<br />
Description=Reresolve DNS of all WireGuard endpoints<br />
Wants=network-online.target<br />
After=network-online.target<br />
<br />
[Service]<br />
Type=oneshot<br />
ExecStart=/bin/sh -c 'for i in /etc/wireguard/*.conf; do /usr/share/wireguard/examples/reresolve-dns/reresolve-dns.sh "\$i"; done'<br />
}}<br />
<br />
Afterwards [[enable]] and [[start]] {{ic|wireguard_reresolve-dns.timer}}<br />
<br />
== See also ==<br />
<br />
* [https://www.wireguard.com/presentations/ Presentations by Jason Donenfeld].<br />
* [https://lists.zx2c4.com/mailman/listinfo/wireguard Mailing list]</div>Calebstdenishttps://wiki.archlinux.org/index.php?title=Screen_capture&diff=571810Screen capture2019-04-21T13:50:00Z<p>Calebstdenis: /* Spectacle */ fix typo</p>
<hr />
<div>[[Category:System administration]]<br />
[[Category:Multimedia]]<br />
[[cs:Taking a screenshot]]<br />
[[es:Screen capture]]<br />
[[fr:Capture d'écran]]<br />
[[ja:スクリーンショットの取得]]<br />
[[ru:Taking a screenshot]]<br />
[[zh-hans:Taking a screenshot]]<br />
{{Related articles start}}<br />
{{Related|Key binding}}<br />
{{Related articles end}}<br />
This article lists and describes [[Wikipedia:Screenshot|screenshot]] and [[Wikipedia:Screencast|screencast]] software.<br />
<br />
== Screenshot software ==<br />
<br />
=== Dedicated software ===<br />
<br />
* {{App|Deepin Screenshot|Quite easy-to-use screenshot tool. Features: global hotkey to trigger screenshot tool, take screenshot of a selected area, easy to add text and line drawings onto the screenshot. Python/Qt5 based.|https://www.deepin.org/en/original/deepin-screenshot/|{{Pkg|deepin-screenshot}}}}<br />
* {{App|Escrotum|Screen capture using pygtk, inspired by scrot.|https://github.com/Roger/escrotum|{{AUR|escrotum-git}}}}<br />
* {{App|[[Flameshot]]|Qt5 based software for interactive screenshot taking. Select the desired area, draw with different tools and enjoy the customization capabilities.|https://github.com/lupoDharkael/flameshot|{{Pkg|flameshot}}}}<br />
* {{App|[[Wikipedia:GNOME Screenshot|GNOME Screenshot]]|Screenshot tool for the GNOME desktop.|https://gitlab.gnome.org/GNOME/gnome-screenshot/|{{Pkg|gnome-screenshot}}}}<br />
* {{App|grim|Grab images from a Wayland compositor. It currently works on [[Sway]] 1.0 alpha.|https://github.com/emersion/grim|{{AUR|grim-git}}}}<br />
* {{App|gscreenshot|Simple GTK+ screenshot utility with delays, selection, and copy-to-clipboard functionality.|https://github.com/thenaterhood/gscreenshot|{{AUR|gscreenshot}}}}<br />
* {{App|imgur-screenshot|Take screenshot selection, upload to [https://imgur.com imgur]. + more cool things|https://github.com/jomo/imgur-screenshot|{{AUR|imgur-screenshot-git}}}}<br />
* {{App|Lightscreen|Simple tool to automate the tedious process of saving and cataloging screenshots, it operates as a hidden background process that is invoked with one (or multiple) hotkeys and then saves a screenshot file to disk according to the user's preferences.|http://lightscreen.com.ar|{{AUR|lightscreen}}}}<br />
* {{App|LXQt Screenshot|Screenshot tool for LXQt. Run with {{ic|lximage-qt --screenshot}}.|https://github.com/lxde/lximage-qt|{{Pkg|lximage-qt}}}}<br />
* {{App|maim|Simple command line utility that takes screenshots. It's meant to replace scrot and performs better than scrot in many ways.|https://github.com/naelstrof/maim|{{Pkg|maim}}}}<br />
* {{App|MATE Screenshot|Screenshot tool for the MATE desktop.|http://mate-desktop.org|{{Pkg|mate-utils}}}}<br />
* {{App|ScreenCloud|Take a screenshot of the entire screen or to select an area and then uploading the screenshot to [https://imgur.com imgur]+auth. has plugins and system tray.|http://screencloud.net/|{{AUR|screencloud}}}}<br />
* {{App|ScreenGrab|Cross-platform application designed to quickly take screenshots (Qt).|https://github.com/DOOMer/screengrab|{{Pkg|screengrab}}}}<br />
* {{App|[[Wikipedia:Scrot|Scrot]]|Simple command-line screenshot utility for X.|http://freecode.com/projects/scrot|{{Pkg|scrot}}}}<br />
* {{App|Shutter|Rich screenshot and editing program. Supports [https://hyp.is/AVQUNTRUH9ZO4OKSlue9/askubuntu.com/questions/252281/how-do-i-take-screenshots-with-a-delay/260178 delay]. |http://shutter-project.org/|{{AUR|shutter}}}}<br />
* {{App|Spectacle|[[KDE]] application for taking screenshots. It is capable of capturing images of the whole desktop, a single window, a section of a window, a selected rectangular region or a freehand region. Part of {{Grp|kdegraphics}}.|https://github.com/KDE/spectacle/|{{Pkg|spectacle}}}}<br />
* {{App|Xfce4 Screenshooter|Application and Xfce4 panel plugin to take screenshots about the entire screen, the active window or a selected region. Part of {{Grp|xfce4-goodies}}.|http://goodies.xfce.org/projects/applications/xfce4-screenshooter|{{Pkg|xfce4-screenshooter}}}}<br />
* {{App|xwd|X Window System image dumping utility|https://www.x.org/|{{Pkg|xorg-xwd}}}}<br />
<br />
==== xwd ====<br />
<br />
{{man|1|xwd}} provided by {{Pkg|xorg-xwd}}<br />
<br />
Take a screenshot of the root window:<br />
$ xwd -root -out screenshot.xwd<br />
<br />
{{Note|The methods for taking shots of active windows with {{ic|import}} can also be used with {{ic|xwd}}.}}<br />
<br />
==== scrot ====<br />
<br />
{{Pkg|scrot}} enables taking screenshots from the CLI and offers features such as a user-definable time delay. Unless instructed otherwise, it saves the file in the current working directory.<br />
$ scrot -t 20 -d 5<br />
<br />
The above command saves a dated {{ic|.png}} file, along with a thumbnail (20% of original), for Web posting. It provides a 5 second delay before capturing in this instance.<br />
<br />
You can also use standard date and time formatting when saving to a file. e.g.,<br />
$ scrot ~/screenshots/%Y-%m-%d-%T-screenshot.png<br />
<br />
saves the screenshot in a filename with the current year, month, date, hours, minutes, and seconds to a folder in your home directory called "screenshots" <br />
<br />
See {{man|1|scrot}} for more information. You can simply automate the file to uploaded like so [https://github.com/kaihendry/Kai-s--HOME/tree/master/bin].<br />
<br />
{{Note|In some window managers ({{AUR|dwm}}, {{Pkg|xmonad}} and possibly others) {{ic|scrot -s}} does not work properly when running via window manager's keyboard shortcut, this can be worked around by prepending scrot invocation with a short pause {{ic|sleep 0.2; scrot -s}}.}}<br />
<br />
==== escrotum ====<br />
<br />
{{AUR|escrotum-git}} screen capture using pygtk, inspired by scrot<br />
<br />
Created because scrot has glitches when selection mode is used with refreshing windows.<br />
<br />
Because the command line interface its almost the same as scrot, can be used as a replacement of it.<br />
<br />
==== maim ====<br />
<br />
{{Pkg|maim}} is aimed to be an improved scrot.<br />
<br />
Takes screenshots of your desktop using [https://github.com/naelstrof/slop slop] for regions. It's meant to overcome shortcomings of scrot.<br />
<br />
=== Desktop environment specific ===<br />
<br />
==== Spectacle ====<br />
<br />
If you use [[KDE]], you might want to use {{ic|Spectacle}}.<br />
<br />
Spectacle is provided by the {{Pkg|spectacle}} package.<br />
<br />
==== Xfce Screenshooter ====<br />
<br />
If you use [[Xfce]] you can install {{Pkg|xfce4-screenshooter}} and then add a keyboard binding:<br />
<br />
''Xfce Menu > Settings > Keyboard > Application Shortcuts''<br />
<br />
If you want to skip the Screenshot prompt, type {{ic|$ xfce4-screenshooter -h}} in terminal for the options.<br />
<br />
==== GNOME ====<br />
<br />
[[GNOME]] users can press {{ic|Prnt Scr}} or ''Apps > Accessories > Take Screenshot''. You may need to install {{Pkg|gnome-screenshot}}.<br />
<br />
==== Cinnamon ====<br />
The default installation of [[Cinnamon]] does not provide a screenshot utility. Installing {{Pkg|gnome-screenshot}} will enable screenshots through the ''Menu > Accessories > Screenshot'' or by pressing {{ic|Prnt Scr}}.<br />
<br />
==== Other desktop environments or window managers ====<br />
<br />
For other desktop environments such as [[LXDE]] or window managers such as [[Openbox]] and [[Compiz]], one can add the above commands to the hotkey to take the screenshot. For example,<br />
$ import -window root ~/Pictures/$(date '+%Y%m%d-%H%M%S').png<br />
Adding the above command to the {{ic|Prnt Scr}} key to Compiz allows to take the screenshot to the Pictures folder according to date and time.<br />
Notice that the {{ic|rc.xml}} file in Openbox does not understand commas; so, in order to bind that command to the {{ic|Prnt Scr}} key in Openbox, you need to add the following to the keyboard section of your {{ic|rc.xml}} file:<br />
<br />
{{hc|rc.xml|<nowiki><br />
<!-- Screenshot --><br />
<keybind key="Print"><br />
<action name="Execute"><br />
<command>sh -c "import -window root ~/Pictures/$(date '+%Y%m%d-%H%M%S').png"</command><br />
</action><br />
</keybind><br />
</nowiki>}}<br />
<br />
If the {{ic|Print}} above does not work, see [[Extra keyboard keys]] and use different ''keysym'' or ''keycode''.<br />
<br />
=== Packages including a screenshot utility ===<br />
<br />
==== ImageMagick/GraphicsMagick ====<br />
<br />
See [[ImageMagick#Screenshot taking]].<br />
<br />
==== GIMP ====<br />
<br />
You also can take screenshots with [[GIMP]] (''File > Create > Screenshot''...).<br />
<br />
==== imlib2 ====<br />
<br />
{{Pkg|imlib2}} provides a binary {{ic|imlib2_grab}} to take screenshots. To take a screenshot of the full screen, type:<br />
$ imlib2_grab screenshot.png<br />
<br />
Note that {{Pkg|scrot}} actually uses {{ic|imlib2}}.<br />
<br />
==== FFmpeg ====<br />
<br />
See [[FFmpeg#Screen capture]].<br />
<br />
== Screencast software ==<br />
<br />
See also [[FFmpeg#Screen capture]] and [[Wikipedia:Comparison of screencasting software]].<br />
<br />
Screencast utilities allow you to create a video of your desktop or individual windows.<br />
<br />
* {{App|Byzanz|Simple screencast tool that produces GIF animations.|https://blogs.gnome.org/otte/2009/08/30/byzanz-0-2-0/|{{Pkg|byzanz}}}}<br />
* {{App|Deepin Screen Recorder|Screen recorder application for Deepin desktop.|https://www.deepin.org/en/original/deepin-screen-recorder/|{{Pkg|deepin-screen-recorder}}}}<br />
* {{App|FFcast|FFmpeg-based screencast tool written in Bash.|https://github.com/lolilolicon/FFcast|{{AUR|ffcast}}}}<br />
* {{App|Green Recorder|Simple yet functional desktop recorder for Linux systems.|https://github.com/green-project/green-recorder|{{AUR|green-recorder}}}}<br />
* {{App|Kazam|Screencasting program with design in mind. Handles multiscreen setups.|https://launchpad.net/kazam|{{AUR|kazam}}}}<br />
* {{App|[[Wikipedia:Open Broadcaster Software|OBS]]|Video recording and live streaming application.|https://obsproject.com/|{{Pkg|obs-studio}}}}<br />
* {{App|[[Wikipedia:Peek_(software)|Peek]]|Simple screencast tool that produces GIF, APNG, WebM or MP4 animations.|https://github.com/phw/peek|{{Pkg|peek}}}}<br />
* {{App|RecordItNow|Plugin based desktop recorder for KDE.|http://recorditnow.sourceforge.net/|{{AUR|recorditnow}}}}<br />
* {{App|[[RecordMyDesktop]]|Easy to use utility that records your desktop into the ogg format with a CLI, GTK+ or Qt interface. (inactive development)|http://recordmydesktop.sourceforge.net/|CLI: {{Pkg|recordmydesktop}}, GTK+: {{Pkg|gtk-recordmydesktop}}, Qt: {{AUR|qt-recordmydesktop}}}}<br />
* {{App|[[Wikipedia:SimpleScreenRecorder|SimpleScreenRecorder]]|Feature-rich screen recorder written in C++/Qt5 that supports X11 and OpenGL.|http://www.maartenbaert.be/simplescreenrecorder/|{{Pkg|simplescreenrecorder}}}}<br />
* {{App|VokoScreen|Simple screencast GUI tool using FFmpeg.|http://www.kohaupt-online.de/hp|{{AUR|vokoscreen}}}}<br />
* {{App|[[Wikipedia:XVidCap|XVidCap]]|Application used for recording a screencast or digital recording of an X Window System screen output with an audio narration.|http://xvidcap.sourceforge.net/|{{AUR|xvidcap}}}}<br />
<br />
== Weston ==<br />
<br />
See [[Wayland#Screencast recording]].<br />
<br />
== Terminal ==<br />
<br />
{{Expansion|Add subsection about [https://intoli.com/blog/terminal-recorders/ terminal recorders].}}<br />
<br />
=== Capture with ANSI codes ===<br />
<br />
You can use the {{man|1|script}} command, part of the {{Pkg|util-linux}} package.<br />
Just run {{ic|script}} and from that moment, all the output is going to be saved to the {{ic|typescript}} file, including the ANSI codes.<br />
<br />
Once you are done, just run {{ic|exit}} and the {{ic|typescript}} would ready. The resulting file can be converted to HTML using the {{AUR|ansi2html}} package, from the [[AUR]].<br />
<br />
To convert the {{ic|typescript}} file to {{ic|typescript.html}}, do the following:<br />
<br />
$ ansi2html --bg=dark < typescript > typescript.html<br />
<br />
Actually, '''some''' commands can be piped directly to ansi2html:<br />
<br />
$ ls --color|ansi2html --bg=dark >output.html<br />
<br />
That does not work on every single case, so in those cases, using {{ic|script}} is mandatory.<br />
<br />
=== Framebuffer ===<br />
<br />
Install a [[framebuffer]] and use {{Pkg|fbgrab}} or {{Pkg|fbdump}} to take a screenshot.<br />
<br />
=== Virtual console ===<br />
<br />
If you merely want to capture the text in the console and not an actual image, you can use {{ic|setterm}}, which is part of the {{Pkg|util-linux}} package. The following command will dump the textual contents of virtual console 1 to a file screen.dump in the current directory:<br />
# setterm -dump 1 -file screen.dump<br />
<br />
Root permission is needed because the contents of {{ic|/dev/vcs1}} need to be read.</div>Calebstdenis