It's the first time i configing wireguard, confusing and exiticed and made mistakes and incorrect judgements. The server do saved private key but it already informed you can delete it at the creation field.
The biggest misunderstanding is there are 2 types of "Allowed IPs". Thanks every for your answer!
Problem Description: When configuring WireGuard peers through the LuCI web interface and generating client configurations, the system incorrectly saves the client's private_key to the server's /etc/config/network file.
Another problem is it seems the peer editing page is messing up allowed ips and client ip
There is validity to the concern, but it is necessary to understand the context in which the private key exists on the 'server' side peer:
The remote ('client') peer must have its own private/public keypair
This can be generated by the remote peer and then the public key can be transferred to OpenWrt (and the public key from the OpenWrt side would need to be copied to the remote peer's peer config section)
The above is possible to do manually, but there is no automatic/easy way to move the keys across.
With that in mind:
The OpenWrt side can generate a keypair on behalf of the remote peer
This allows the use of a QR code (with the help of qrencode) to enable the remote peer to simply scan the code to get the entirety of the config (that is the interface address, public key of the OpenWrt side, allowed IPs, and the private key that will be used for the remote peer.
In order to achieve this, the OpenWrt side must have the private key for that remote peer available in order to create the QR code.
So that should explain why OpenWrt is storing the remote peer's private key.
With all of that in mind... After the remote peer has used the QR code to configure itself, the private key can be deleted from the OpenWrt side as it is no longer needed. The caveat here is that it will no longer be possible to generate a QR code for easy configuration of the remote peer. This means that if the remote peer needs to be reconfigured (for example, the owner gets a new phone or needs to reset the WG config or the entire phone), a new keypair would need to be generated as the private for that peer would be lost.
