Manipulate wireguard from the command line interface

Is there any way to manitpulate wireguard configuration from the command line interface? I configured my wg interface successfully. But I'd like to apply any change from the command line without interfering other network interfaces. Is there any way to do this ?


The wg command will do this; but the interface must be in place for firewall settings to work via UCI.

Can you kindly provide an example? What would be the correct command when the port number in /etc/config/network was modified? Thanks.

ip link add dev wg type wireguard
ip address add dev wg
wg set wg0 listen-port xxxxx private-key /home/xxxxxxxx/privatekey peer xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx= preshared-key /home/xxxxxxxx/presharedkey allowed-ips
ip link set up dev wg0

I copied this from an Ubuntu config, so the ip commands may differ slightly; but the wg command appears identical on both distros.

While I provided the command, if your issue is that the port in OpenWrt doesn't change after the settings are reconfigured, you may have to reboot for settings to take effect (but that doesn't solve your original issue). So the wg command should work.

Hope this helps.

root@OpenWrt:~# wg ?
Invalid subcommand: `?'
Usage: wg <cmd> [<args>]

Available subcommands:
  show: Shows the current configuration and device information
  showconf: Shows the current configuration of a given WireGuard interface, for use with `setconf'
  set: Change the current configuration, add peers, remove peers, or change peers
  setconf: Applies a configuration file to a WireGuard interface
  addconf: Appends a configuration file to a WireGuard interface
  genkey: Generates a new private key and writes it to stdout
  genpsk: Generates a new preshared key and writes it to stdout
  pubkey: Reads a private key from stdin and writes a public key to stdout
You may pass `--help' to any of these subcommands to view usage.

Thanks for your help. Just like I surmised, for the new settings you'll have to put them after the wg command.

1 Like

Well today I was forced to make some tests to make it work. I found it is very easy to change the port number and other parameters.

For the server side you just use the wg command to change the port like this:
wg set wg0 listen-port 50001

From the client side you just issue the following command:
wg set wg0 peer sdBhr69BDsK6epiNeNnU8Dz+ABaXCt+k/JWTyOIdfkg= endpoint
to change the port accordingly. The public key is needed to identify the server, I guess. You can have more then one servers.

The change will take effect immediately. In other word, you'll have to use the wg command to see the real parameters rather than just looking inside the /etc/config/network.

1 Like