Is there any way to manitpulate wireguard configuration from the command line interface? I configured my wg interface successfully. But I'd like to apply any change from the command line without interfering other network interfaces. Is there any way to do this ?
Yes.
The wg
command will do this; but the interface must be in place for firewall settings to work via UCI.
Can you kindly provide an example? What would be the correct command when the port number in /etc/config/network was modified? Thanks.
ip link add dev wg type wireguard
ip address add dev wg 192.168.xxx.1/29
wg set wg0 listen-port xxxxx private-key /home/xxxxxxxx/privatekey peer xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx= preshared-key /home/xxxxxxxx/presharedkey allowed-ips 192.168.xxx.2/32
ip link set up dev wg0
I copied this from an Ubuntu config, so the ip
commands may differ slightly; but the wg
command appears identical on both distros.
While I provided the command, if your issue is that the port in OpenWrt doesn't change after the settings are reconfigured, you may have to reboot for settings to take effect (but that doesn't solve your original issue). So the wg command should work.
Hope this helps.
root@OpenWrt:~# wg ?
Invalid subcommand: `?'
Usage: wg <cmd> [<args>]
Available subcommands:
show: Shows the current configuration and device information
showconf: Shows the current configuration of a given WireGuard interface, for use with `setconf'
set: Change the current configuration, add peers, remove peers, or change peers
setconf: Applies a configuration file to a WireGuard interface
addconf: Appends a configuration file to a WireGuard interface
genkey: Generates a new private key and writes it to stdout
genpsk: Generates a new preshared key and writes it to stdout
pubkey: Reads a private key from stdin and writes a public key to stdout
You may pass `--help' to any of these subcommands to view usage.
Thanks for your help. Just like I surmised, for the new settings you'll have to put them after the wg command.
Well today I was forced to make some tests to make it work. I found it is very easy to change the port number and other parameters.
For the server side you just use the wg command to change the port like this:
wg set wg0 listen-port 50001
From the client side you just issue the following command:
wg set wg0 peer sdBhr69BDsK6epiNeNnU8Dz+ABaXCt+k/JWTyOIdfkg= endpoint 12.34.56.78:50001
to change the port accordingly. The public key is needed to identify the server, I guess. You can have more then one servers.
The change will take effect immediately. In other word, you'll have to use the wg command to see the real parameters rather than just looking inside the /etc/config/network.