configuring multiple WireGuard peers in a single WireGuard interface
595 views
Skip to first unread message
Mirja Shahriar Enan
Apr 6, 2022, 11:18:43 AM4/6/22
to OpenWISP
Intention:
to define a template for Wireguard VPN, where we will have one wireguard interface (e.g - wg0) and under that, we will have multiple peers. We are using development version of OpenWisp.
Problem:
adding multiple peers under template config are treated as standalone, because the "peer interface" field has to be unique. There is no referencing between the peers and the wireguard interface. Therefore on the device, it doesn't show any wireguard peers.
Steps:
1. created a template (attached the json config for it), with one wireguard interface (wg0) and two peers (with some configuration variables).
2. attached the template on the device and override values for the config variables (attached is the preview config output). For peer1 interface, used wg1 and for peer2 interface used wg2.
3. config is pushed to the device.
Expected Result:
1. while doing "wg show" command on device, it should show be two of the peers defined in the config.
Instead got this result:
1. "wg show" command doesn't show any peer.
2. "uci show network" shows the wireguard config for peers but there is no referencing between the wireguard interface (wg0) and the peers.
Extra Note:
by 'referencing' what i mean is below (this is a configuration done from LuCi directly on the device). Applicable lines are in bold -
network.wg0=interface
network.wg0.private_key=''
network.wg0.proto='wireguard'
network.wg0.listen_port='51825'
network.wg0.addresses='10.0.1.1/24'
network.wg0.enabled='1'
network.wg0.mtu='1420'
network.wg0.nohostroute='0'
network.wgpeer_wg0=wireguard_wg0
network.wgpeer_wg0.endpoint_host=''
network.wgpeer_wg0.endpoint_port='51825'
network.wgpeer_wg0.persistent_keepalive='25'
network.wgpeer_wg0.public_key=''
network.wgpeer_wg0.route_allowed_ips='1'
network.wgpeer_wg0.allowed_ips='10.0.1.2/32'
network.wgpeer_wg0.description='mirja-1'
network.@wireguard_wg0[1]=wireguard_wg0
network.@wireguard_wg0[1].public_key=''
network.@wireguard_wg0[1].description='Mirja-2'
network.@wireguard_wg0[1].persistent_keepalive='25'
network.@wireguard_wg0[1].endpoint_port='51825'
network.@wireguard_wg0[1].allowed_ips='10.0.1.3/32'
network.@wireguard_wg0[1].route_allowed_ips='1'
network.@wireguard_wg0[1].endpoint_host=''
network.wg0.private_key=''
network.wg0.proto='wireguard'
network.wg0.listen_port='51825'
network.wg0.addresses='10.0.1.1/24'
network.wg0.enabled='1'
network.wg0.mtu='1420'
network.wg0.nohostroute='0'
network.wgpeer_wg0=wireguard_wg0
network.wgpeer_wg0.endpoint_host=''
network.wgpeer_wg0.endpoint_port='51825'
network.wgpeer_wg0.persistent_keepalive='25'
network.wgpeer_wg0.public_key=''
network.wgpeer_wg0.route_allowed_ips='1'
network.wgpeer_wg0.allowed_ips='10.0.1.2/32'
network.wgpeer_wg0.description='mirja-1'
network.@wireguard_wg0[1]=wireguard_wg0
network.@wireguard_wg0[1].public_key=''
network.@wireguard_wg0[1].description='Mirja-2'
network.@wireguard_wg0[1].persistent_keepalive='25'
network.@wireguard_wg0[1].endpoint_port='51825'
network.@wireguard_wg0[1].allowed_ips='10.0.1.3/32'
network.@wireguard_wg0[1].route_allowed_ips='1'
network.@wireguard_wg0[1].endpoint_host=''
so in this output, we can see the wireguard interface is defined as 'wg0' and both the peers have some reference to it "wgpeer_wg0" and ".@wireguard_wg0[1]". But if we look at the attached "Device preview config from OpenWisp" or "Device WG and UCI output" files, the peers are defined as wgpeer_wg1 and wgpeer_wg2.
Reply all
Reply to author
Forward
0 new messages