Page MenuHomeVyOS Platform
Feed Advanced Search

Aug 17 2018

vas-ast added a comment to T427: Wireguard support.

@hagbard
Good. There is no urgency.

Aug 17 2018, 6:45 PM · VyOS-1.2.0-GA, VyOS 1.2 Crux (VyOS 1.2.0-rc1)
vas-ast added a comment to T427: Wireguard support.

@hagbard
This is not critical, but it would be convenient to save the tun interface without specifying a peer. Now validation does not allow this. One of the cases, when we prepared the server, and then we automate the addition and removal of the peer (my case), or we want to do this later for some other reason.

Aug 17 2018, 4:47 PM · VyOS-1.2.0-GA, VyOS 1.2 Crux (VyOS 1.2.0-rc1)
vas-ast added a comment to T427: Wireguard support.
In T427#17621, @hagbard wrote:

All right pull request opened. I'm going to enhance a few parts, like the endpoint format check, show status etc., but as mentioned above I won't have much time next week and it seemed everyone needed it quickly.
I've rebuilt the iso, rebuilt vyos-1x and used the follwing config:

host01:

set interfaces wireguard wg01 address '10.2.2.1/24'
set interfaces wireguard wg01 description 'wg02-test'
set interfaces wireguard wg01 listen-port '12345'
set interfaces wireguard wg01 peer 7QQU75St+Kr4+B097E7qzMv0PbBtbvLCyGCpTwRxBEI= allowed-ips '10.1.1.0/24'
set interfaces wireguard wg01 peer 7QQU75St+Kr4+B097E7qzMv0PbBtbvLCyGCpTwRxBEI= endpoint '192.168.0.130:12345'
set protocols static interface-route 10.1.1.0/24 next-hop-interface wg01

host02:
set interfaces wireguard wg01 address '10.1.1.1/24'
set interfaces wireguard wg01 description 'wg01-test'
set interfaces wireguard wg01 listen-port '12345'
set interfaces wireguard wg01 peer z80pwzfFfwfte3p06iIVVBDPfUL+MSH0dL9I33nJzTo= allowed-ips '10.2.2.0/24'
set interfaces wireguard wg01 peer z80pwzfFfwfte3p06iIVVBDPfUL+MSH0dL9I33nJzTo= endpoint '192.168.0.113:12345'
set protocols static interface-route 10.2.2.0/24 next-hop-interface wg01

You'll need:
https://github.com/vyos/vyos-1x/pull/27/files
https://github.com/vyos/vyos-build/pull/22

and the config above. You can add multiple endpoints and peers to a wg device, or multiple wg devices with single or multiple peers. So far all working as long as you set your route. I did basic IPv6 tests as well, ss the main functionality should be working well.
I'm going to open a subtask for documentation, I need to create first an account for the wiki etc.

Aug 17 2018, 12:18 PM · VyOS-1.2.0-GA, VyOS 1.2 Crux (VyOS 1.2.0-rc1)