Automatic assigning of wireguard profiles to OpeWRT devices

[Sai Subramanian]

Dea team,

I have a requirement where I want to automatically configure the OpenWRT CPE with the wg profiles when the CPE on-boards to OpenWISP and delete the profile when needed.

Can this be achieved using OpenWISP?

Regards,

Sai Subramanian

[Federico Capoano]

Yes, definitely, follow instructions here: https://openwisp.io/docs/user/wireguard.html

This feature is also available on the Demo system.

Best regards

Federico Capoano

--
You received this message because you are subscribed to the Google Groups "OpenWISP" group.
To unsubscribe from this group and stop receiving emails from it, send an email to openwisp+u...@googlegroups.com.
To view this discussion on the web, visit https://groups.google.com/d/msgid/openwisp/CAJ-rO8ZyR2sY3YkE3nN%3DV9L0f6mKSV6OgHysc6YU1Ufi1bUn_Q%40mail.gmail.com.

[Sai Subramanian]

Is there a way to see all the WG  profiles which are assigned by the OpenWISP server, where I can see to which device which is been assigned?

And also is there a way where I can get a email when the device is on-boarded, where the email contains the details of the WG profile, device details and the template which has been assigned to it?

Regards,

Sai

[Sai Subramanian]

Hi team,

Thanks a lot for your reply.

I went trough the github repo but the instruction out there are not very clear. Can you please provide me with a better documentation

[Federico Capoano]

First of all, I did not link the github repo but a web page at https://openwisp.io/docs/user/wireguard.html, second, this is the documentation we have right now and I believe that generically saying that "it's not clear", without specifying any detail and ask for "better" documentation (better in what sense?) is pointless and not helpful at all. Please specify what passage is not clear to you so that we can clarify and improve the text.

Best regards

Federico Capoano

To view this discussion on the web, visit https://groups.google.com/d/msgid/openwisp/3bf9ba44-7d7d-4af1-9a36-8402a9aa1890n%40googlegroups.com.

[Sai Subramanian]

Hi Capoano,

The part in which the you give instruction of deploying the wireguard server in not that clear as the github (https://github.com/openwisp/ansible-wireguard-openwisp) mentioned in the website doesn't give proper instruction on how to deploy the wg profile using Ansible. I don't have much knowledge on Ansible and I find very difficult to deploy the wg server

Like information on role variable file. Where do I place this, should it be place in a yml file, how do I run this file, where do I find the openwisp2_wireguard_flask_key?, should I install a flask server in the wg server? , what value should I assign for openwisp2_wireguard_flask_host:? I too have similar questions for the next section in the github repo Automatic SSL certificate.

 

As a person with very less knowledge in Ansible I find it very difficult to understand what is mentioned in the Github repo.

Trust you have a better understanding about the problem which I am facing

[Federico Capoano]

Thank you for giving us more details, that's helpful and constructive because it gives us an opportunity to improve, I have opened an issue: https://github.com/openwisp/ansible-wireguard-openwisp/issues/27 .

The variable openwisp2_wireguard_flask_key is a string you decide on your own to protect the API endpoint from unauthorized users, and make sure to generate a strong key.

A flask app will be deployed by the role, you don't have to do anything, just write an ansible playbook and run it, in a very similar fashion to how we do with ansible-openwisp2 (you can replicate similar steps) from here: https://github.com/openwisp/ansible-openwisp2#create-inventory-file .

Leave openwisp2_wireguard_flask_host out and it will default on 0.0.0.0 (binds on all interfaces).

If you have more questions for the SSL part, please read https://github.com/geerlingguy/ansible-role-certbot#readme and then elaborate your questions.

Federico

[Sai Subramanian]

Thanks a lot for your detailed explanation.
Can you please share the ansible command which I need to type to run the role file?