Page MenuHomeVyOS Platform

Allow WireGuard peers via DNS hostname
Open, NormalPublicFEATURE REQUEST

Description

Hi, I would really like to set int wireg wg123 peer foo address foo.example.com

This is important because:

  1. a number of WG peers I’ve tried to connect to don’t accept connections without a hostname
  2. I have a dynamic IP address at home, which means that if I want another VyOS router to be a WireGuard peer with my home router I need to manually update the IP address in the VyOS config when it changes. Allowing a DNS name would enable using a dynamic DNS hostname, which would Just Work™

I added the 1.3.3 tag because my (likely incorrect) assumption is that this would be as simple as allowing text in addition to IP addresses for peers? In which case I wouldn’t expect it to need much testing/validation. But I’m not certain, don’t quote me on that!

Details

Difficulty level
Unknown (require assessment)
Version
-
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Config syntax change (migratable)
Issue type
Improvement (missing useful functionality)

Event Timeline

Unfortunately this is not a trivial task as WG does the DNS lookup only once on tunnel creation and not subsequently. A 3rd party script would be required to do that.

I have a similar issue and what I do is I have a static HUB and the dynamic clients start the connection to the HUB. The HUB itself has no CLI address or endpoint definition (depending on VyOS version you are using), and all connections are started from the client and the HUB will accept them.