search

WireGuard / wireguard-vyatta-ubnt

WireGuard for Ubiquiti Devices
https://www.wireguard.com/
GNU General Public License v3.0
1.45k stars 68 forks source link

wg setconf broke link to router's config system #131

Closed pettijohn closed 1 year ago

pettijohn commented 1 year ago

Package version

e50-v2-v1.0.20220627-v1.0.20210914

Firmware version

v2.0.9-hotfix.4

Device

EdgeRouter X (SFP) - e50

Issue description

This is probably a silly question with an easy answer. When I was debugging the VPN setup, I used sudo wg showconf to dump config to a file, then edited the file, and then used sudo wg setconf to load the edits. Now I've made edits the right way, using the configure command and set interfaces wireguard wg0 peer xxx; commit; save etc, but those changes aren't reflected when using sudo wg show all. It's like I broke the connection between wireguard and the router's configuration system. Is there a trick to get it back?

Configuration and log output

$ sudo wg showconf wg0
[Interface]
ListenPort = 51820
PrivateKey = aaa=

[Peer]
PublicKey = bbb=
AllowedIPs = 192.168.33.3/32

[Peer]
PublicKey = ccc=
AllowedIPs = 192.168.33.2/32

$ configure
[edit]
admin@ubnt# show interfaces wireguard wg0
 address 192.168.33.1/24
 listen-port 51820
 mtu 1420
 peer ccc= {
     allowed-ips 192.168.33.2/32
 }
 peer ddd= {
     allowed-ips 192.168.33.4/32
 }
 peer bbb= {
     allowed-ips 192.168.33.3/32
 }
 private-key /config/auth/wg.key
 route-allowed-ips true
FossoresLP commented 1 year ago

Hi @pettijohn The easiest solution to your problem would probably be a reboot, which will recreate the WireGuard interface using the vyatta configuration. If I remember correctly, it might also work to disable and reenable the interface. Otherwise, there is always the option to delete and recreate it.

pettijohn commented 1 year ago

Reboot didn't bring wg show in line with what I see in configure show interfaces wireguard. Nor did ifconfig down && ifconfig up, nor did ip link set down dev wg0 && ip link set up dev wg0. Not sure what you mean by delete & recreate, do you mean dpkg to uninstall & reinstall?

pettijohn commented 1 year ago

Oh dear, sudo dpkg -u wireguard && sudo dpkg -i e50-v2-v1.0.20220627-v1.0.20210914.deb did not fix it either.

pettijohn commented 1 year ago

I think this was a user error. Looks like I had a duplicate public key, so I was expecting 3 peers but wireguard correctly deduped. Thanks for the assistance!