*Intention:*
to define a template for Wireguard VPN, where we will have one wireguard
interface (e.g - wg0) and under that, we will have multiple peers. We are
using development version of OpenWisp.
*Problem:*
adding multiple peers under template config are treated as standalone,
because the "peer interface" field has to be unique. There is no
referencing between the peers and the wireguard interface. Therefore on the
device, it doesn't show any wireguard peers.
*Steps:*
1. created a template (attached the json config for it), with one
wireguard interface (wg0) and two peers (with some configuration variables).
2. attached the template on the device and override values for the config
variables (attached is the preview config output). For peer1 interface,
used wg1 and for peer2 interface used wg2.
3. config is pushed to the device.
*Expected Result:*
1. while doing "wg show" command on device, it should show be two of the
peers defined in the config.
*Instead got this result:*
1. "wg show" command doesn't show any peer.
2. "uci show network" shows the wireguard config for peers but there is no
referencing between the wireguard interface (wg0) and the peers.
*Extra Note:*
by 'referencing' what i mean is below (this is a configuration done from
LuCi directly on the device). Applicable lines are in bold -
network.*wg0*=interface
network.wg0.private_key=''
network.wg0.proto='wireguard'
network.wg0.listen_port='51825'
network.wg0.addresses='10.0.1.1/24'
network.wg0.enabled='1'
network.wg0.mtu='1420'
network.wg0.nohostroute='0'
*network.wgpeer_wg0=wireguard_wg0*
network.wgpeer_wg0.endpoint_host=''
network.wgpeer_wg0.endpoint_port='51825'
network.wgpeer_wg0.persistent_keepalive='25'
network.wgpeer_wg0.public_key=''
network.wgpeer_wg0.route_allowed_ips='1'
network.wgpeer_wg0.allowed_ips='10.0.1.2/32'
network.wgpeer_wg0.description='mirja-1'
*network.@wireguard_wg0[1]=wireguard_wg0*
network.@wireguard_wg0[1].public_key=''
network.@wireguard_wg0[1].description='Mirja-2'
network.@wireguard_wg0[1].persistent_keepalive='25'
network.@wireguard_wg0[1].endpoint_port='51825'
network.@wireguard_wg0[1].allowed_ips='10.0.1.3/32'
network.@wireguard_wg0[1].route_allowed_ips='1'
network.@wireguard_wg0[1].endpoint_host=''
so in this output, we can see the wireguard interface is defined as 'wg0'
and both the peers have some reference to it "*wgpeer_wg0" *and* "*
*.@wireguard_wg0[1]**". *But if we look at the attached* "Device preview
config from OpenWisp" or "Device WG and UCI output" *files, the peers are
defined as* wgpeer_wg1* and *wgpeer_wg2*.
--
You received this message because you are subscribed to the Google Groups
"OpenWISP" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web, visit
https://groups.google.com/d/msgid/openwisp/726f7e86-3deb-4110-9bb3-620586c5adf5n%40googlegroups.com.
package system
config system 'system'
option hostname 'Mirja-Wisp3-VM-01'
package network
config interface 'wg0'
list addresses '10.0.2.1/24'
option enabled '1'
option listen_port '51825'
option mtu '1420'
option nohostroute '0'
option private_key 'wDUMMYDzSvBVI1Uy8GCBrfIkSbg8qKppj6bBXnuFIWg='
option proto 'wireguard'
config wireguard_wg1 'wgpeer_wg1'
list allowed_ips '192.168.1.0/24'
option endpoint_host '209.20.20.1'
option endpoint_port '51825'
option persistent_keepalive '25'
option public_key 'wDUMMYDzSvBVI1Uy8GCBrfIkSbg8qKppj6bBXnuFIWg='
option route_allowed_ips '1'
config wireguard_wg2 'wgpeer_wg2'
list allowed_ips '192.168.2.0/24'
option endpoint_host '209.30.30.1'
option endpoint_port '51826'
option persistent_keepalive '25'
option public_key 'wDUMMYDzSvBVI1Uy8GCBrfIkSbg8qKppj6bBXnuFIWg='
option route_allowed_ips '1'
# ---------- files ---------- #
# path: /etc/dropbear/authorized_keys
# mode: 0644
<OMITTED>{
"interfaces": [
{
"type": "wireguard",
"private_key": "{{pvt_key}}",
"port": 51825,
"mtu": 1420,
"nohostroute": false,
"fwmark": "",
"ip6prefix": [],
"addresses": [
{
"proto": "static",
"family": "ipv4",
"address": "{{int_addr}}",
"mask": 24
}
],
"name": "wg0",
"disabled": false,
"network": "wg0"
}
],
"wireguard_peers": [
{
"interface": "{{peer1_interface}}",
"public_key": "{{peer1_pub_key}}",
"allowed_ips": [
"{{peer1_allowed_ip1}}"
],
"endpoint_host": "{{peer1_pub_ip}}",
"endpoint_port": 51825,
"preshared_key": "",
"persistent_keepalive": 25,
"route_allowed_ips": true
},
{
"interface": "{{peer2_interface}}",
"public_key": "{{peer2_pub_key}}",
"allowed_ips": [
"{{peer2_allowed_ip1}}"
],
"endpoint_host": "{{peer2_pub_ip}}",
"endpoint_port": 51826,
"preshared_key": "",
"persistent_keepalive": 25,
"route_allowed_ips": true
}
]
}root@Mirja-Wisp3-VM-01:~# wg show
interface: wg0
public key: <OMITTED>
private key: (hidden)
listening port: <OMITTED>
root@Mirja-Wisp3-VM-01:~#
root@Mirja-Wisp3-VM-01:~#
root@Mirja-Wisp3-VM-01:~# uci show network
<OMITTED>
network.wg0=interface
network.wg0.enabled='1'
network.wg0.listen_port='51825'
network.wg0.mtu='1420'
network.wg0.nohostroute='0'
network.wg0.private_key='wDUMMYDzSvBVI1Uy8GCBrfIkSbg8qKppj6bBXnuFIWg='
network.wg0.proto='wireguard'
network.wg0.addresses='10.0.2.1/24'
network.wgpeer_wg1=wireguard_wg1
network.wgpeer_wg1.allowed_ips='192.168.1.0/24'
network.wgpeer_wg1.endpoint_host='209.20.20.1'
network.wgpeer_wg1.endpoint_port='51825'
network.wgpeer_wg1.persistent_keepalive='25'
network.wgpeer_wg1.public_key='wDUMMYDzSvBVI1Uy8GCBrfIkSbg8qKppj6bBXnuFIWg='
network.wgpeer_wg1.route_allowed_ips='1'
network.wgpeer_wg2=wireguard_wg2
network.wgpeer_wg2.allowed_ips='192.168.2.0/24'
network.wgpeer_wg2.endpoint_host='209.30.30.1'
network.wgpeer_wg2.endpoint_port='51826'
network.wgpeer_wg2.persistent_keepalive='25'
network.wgpeer_wg2.public_key='wDUMMYDzSvBVI1Uy8GCBrfIkSbg8qKppj6bBXnuFIWg='
network.wgpeer_wg2.route_allowed_ips='1'
root@Mirja-Wisp3-VM-01:~#
