wireguard keys keep getting changed after every configuration change on AP

11 views

Skip to first unread message

Florian Lambrecht

unread,

Oct 22, 2025, 6:00:26 PMOct 22

to OpenWISP

Hi guys,

we are using Openwisp to manage round about 70 APs in our company. The server uses wireguard in a special VLAN to talk to the APs after they got their initial config in the internal network.

Now we repeatedly running into the issue, that the wireguard keys generated by openwisp for the device keep getting changed after every network related configuration change, like assigning a wireless template to the device. Then it takes about 14 attempts for the AP to test the new configuration successfully. You can see in the device overview that the pvt_key and pub_key for the device are replaced. Sometimes also the IP-Address for the wg0 Interface. In comparison just changing the hostname of the device works flawlessly applying the configuration change at the first try.

In the past that sometimes lead to the problem, that after a firmware upgrade on an AP via openwisp while keeping the configuration or a configuration change, the AP never successfully connecting back to the server, because when the AP performing a rollback the keys don't match anymore.

When we were able to connect to the AP directly via SSH we can see, that the AP still had the same keys from before the update while openwisp showed a new pair of keys for that device.

Is that behavior expected, that the keys are getting changed? Is there a way to disable that?

Greetings from Germany

Florian

Federico Capoano

unread,

Oct 23, 2025, 12:01:22 PMOct 23

to open...@googlegroups.com

This sounds like an old set of bugs we have resolved.

We're about to release a new version, I advise you to update as soon as it's available.

Best regards

Federico Capoano

OpenWISP OÜ

Kotkapoja tn 2a-10, 10615, Harju maakond, Tallinn, Estonia

VAT: EE101989729

+372 59361689

openwisp.io

--
You received this message because you are subscribed to the Google Groups "OpenWISP" group.
To unsubscribe from this group and stop receiving emails from it, send an email to openwisp+u...@googlegroups.com.
To view this discussion, visit https://groups.google.com/d/msgid/openwisp/686eb06e-d818-4b92-9450-df950cb65526n%40googlegroups.com.

Reply all

Reply to author

Forward

0 new messages