vyos@vyos# show interfaces wireguard wireguard wg0 { address 128.0.0.1/30 peer LR1 { allowed-ips 0.0.0.0/0 endpoint 172.18.201.10:10000 pubkey DnYrUOVWGhGr5IjD94Y68JOVI91AUb5W2pcZvTNxxS0= } peer LR3 { allowed-ips 0.0.0.0/0 endpoint 172.28.254.203:10000 pubkey gskeJI2X5CnMSD273NyBvGCxzPeFNQP/ZHUTBkjqXVg= } port 10000 }
set interfaces wireguard wg0 address '128.0.0.1/30' set interfaces wireguard wg0 peer LR1 allowed-ips '0.0.0.0/0' set interfaces wireguard wg0 peer LR1 endpoint '172.18.201.10:10000' set interfaces wireguard wg0 peer LR1 pubkey 'DnYrUOVWGhGr5IjD94Y68JOVI91AUb5W2pcZvTNxxS0=' set interfaces wireguard wg0 peer LR3 allowed-ips '0.0.0.0/0' set interfaces wireguard wg0 peer LR3 endpoint '172.28.254.203:10000' set interfaces wireguard wg0 peer LR3 pubkey 'gskeJI2X5CnMSD273NyBvGCxzPeFNQP/ZHUTBkjqXVg=' set interfaces wireguard wg0 port '10000'
If only one peer is given, all is fine. As soon as a second peer is added the allowed-ips statement is dropped form the first peer
vyos@vyos# sudo wg show interface: wg0 public key: ZuOCE0oVgixTJxo7oXuwGUrZlitSOkskP2iO8f7+Z00= private key: (hidden) listening port: 10000 peer: DnYrUOVWGhGr5IjD94Y68JOVI91AUb5W2pcZvTNxxS0= endpoint: 172.18.201.10:10000 allowed ips: (none) latest handshake: 1 minute, 16 seconds ago transfer: 67.18 KiB received, 365.13 KiB sent peer: gskeJI2X5CnMSD273NyBvGCxzPeFNQP/ZHUTBkjqXVg= endpoint: 172.28.254.203:10000 allowed ips: 0.0.0.0/0