Page MenuHomeVyOS Platform

Wireguard peers configuration is not synchronized with CLI
Closed, ResolvedPublicBUG

Description

A disable option does not change a running Wireguard configuration, so the next two configs are actually equal:

set interfaces wireguard wg01 peer cl01 allowed-ips '10.0.0.1/32'
set interfaces wireguard wg01 peer cl01 disable
set interfaces wireguard wg01 peer cl01 public-key 'PQ7XasRmBAZukrKYSQctTMr/CzMJwLVfrulloNVXd1E='
set interfaces wireguard wg01 private-key 'AOMCPhDgCKhleSWV6/hko4QXhtelypAwY5wMqNVn7Xo='
set interfaces wireguard wg01 peer cl01 allowed-ips '10.0.0.1/32'
set interfaces wireguard wg01 peer cl01 public-key 'PQ7XasRmBAZukrKYSQctTMr/CzMJwLVfrulloNVXd1E='
set interfaces wireguard wg01 private-key 'AOMCPhDgCKhleSWV6/hko4QXhtelypAwY5wMqNVn7Xo='

Also, an old peer will stay configured in case of a public key change:

[edit]
[email protected]# set interfaces wireguard wg01 peer cl01 public-key 7U9iuIzhXmjNoj/bbiufkyF5tcmCsdXTXq2AOgRCeF0=
[edit]
[email protected]# commit
[edit]
[email protected]# sudo wg
interface: wg01
  public key: YkAEhGXMPzKhBzzXkwrhBLLQx6osk2EoTbanDigyiDM=
  private key: (hidden)
  listening port: 51491

peer: PQ7XasRmBAZukrKYSQctTMr/CzMJwLVfrulloNVXd1E=
  allowed ips: (none)

peer: 7U9iuIzhXmjNoj/bbiufkyF5tcmCsdXTXq2AOgRCeF0=
  allowed ips: 10.0.0.1/32

Details

Difficulty level
Normal (likely a few hours)
Version
1.4-rolling-202209151133, 1.3.2
Why the issue appeared?
Implementation mistake
Is it a breaking change?
Perfectly compatible
Issue type
Bug (incorrect behavior)

Event Timeline

zsdc renamed this task from A `disable` option does not work for Wireguard peers to Wireguard peers configuration is not synchronized with CLI.Fri, Sep 16, 1:01 PM
zsdc changed the task status from Open to Confirmed.
zsdc triaged this task as Normal priority.
zsdc updated the task description. (Show Details)
zsdc changed Difficulty level from Easy (less than an hour) to Normal (likely a few hours).
zsdc raised the priority of this task from Normal to High.Fri, Sep 16, 3:19 PM
zsdc added a project: VyOS 1.3 Equuleus.
zsdc changed Version from 1.4-rolling-202209151133 to 1.4-rolling-202209151133, 1.3.2.
c-po changed the task status from Confirmed to Needs testing.Sat, Sep 17, 6:41 PM
c-po changed Why the issue appeared? from Will be filled on close to Implementation mistake.
c-po moved this task from Need Triage to Finished on the VyOS 1.4 Sagitta board.