Multiple WireGuard Interfaces with route trouble

littleNewton · August 6, 2023, 8:34am

Hi there.

I have been using WireGuard on OpenWrt for several years. It works very nicely with one interface(wg0) only.

Nowadays, I decided to add a new wg interface (wg1) to be within the WAN firewall zone. Now, the problem occurs. The AllowedIPs in wg1's peer won't be added to the OS route table.

I have disabled wg0 and restarted wg1. It seems that does not work.

My /etc/config/network:

config interface 'lan_wg0'
        option proto 'wireguard'
        option private_key 'secret'
        option listen_port '7980'
        list addresses '10.100.10.2/32'
        option nohostroute '1'
        option defaultroute '0'
        option peerdns '0'
        list dns '119.29.29.29'
        list dns '8.8.8.8'
        option delegate '0'
        option mtu '1400'

config wireguard_lan_wg0
        option description '4415-openwrt'
        option public_key 'qjKOyXHj/qwZNOWp3rRh+xC0Pqg27FpICWrYFsPu2nE='
        option preshared_key 'secret'
        option endpoint_host 'home-v6.littlenewton.cn'
        option endpoint_port '7980'
        option persistent_keepalive '25'
        list allowed_ips '10.100.10.1/32'
        list allowed_ips '10.1.0.0/16'
        option route_allowed_ips '1'

config wireguard_lan_wg0
        option description '7060-openwrt'
        option public_key 'PjviufD60W/CCxYtHENrrJtlwyy9+gRlvvQ8YlGuWxI='
        option preshared_key 'secret'
        option endpoint_host '7060-v6.littlenewton.cn'
        option endpoint_port '7980'
        option persistent_keepalive '25'
        list allowed_ips '10.100.10.3/32'
        list allowed_ips '10.3.0.0/16'
        option route_allowed_ips '1'

config wireguard_lan_wg0
        option description 'Asus RT-AX88U'
        option public_key 'JYwAMFqVZBaf+Fqd8W0p4LnJ0FHNASmn4TtFttoc2SU='
        option preshared_key 'secret'
        option persistent_keepalive '25'
        list allowed_ips '10.100.10.4/32'
        list allowed_ips '192.168.50.0/24'
        option route_allowed_ips '1'

config wireguard_lan_wg0
        option description 'Samsung S6 Edge+'
        option public_key 'ZP7yP1iHPjZh5B6hp69NRP8HzaigickyCEAT06vTWGk='
        option preshared_key 'secret'
        list allowed_ips '10.100.60.1/32'
        option route_allowed_ips '1'

config wireguard_lan_wg0
        option description 'iPhone X'
        option public_key 'WwrYqhUzgBJUy2Rf/2QvEb91+lrvGmIIRuE7+7ktQ2Q='
        option preshared_key 'secret'
        list allowed_ips '10.100.60.2/32'
        option route_allowed_ips '1'

config wireguard_lan_wg0
        option description 'iPad Pro'
        option public_key 'pCby0DCjgQBVDZ10olPMdA1C3YsRZtofztC+aTisxh8='
        option preshared_key 'secret'
        list allowed_ips '10.100.60.3/32'
        option route_allowed_ips '1'

config wireguard_lan_wg0
        option description 'iPhone 14 Pro'
        option public_key 'j1qdgGPKiS75VBHpVGBW0OMC150VnA8MKyInMho/nk8='
        option preshared_key 'secret'
        list allowed_ips '10.100.60.4/32'
        option route_allowed_ips '1'

config wireguard_lan_wg0
        option description 'MacBook Pro'
        option public_key 'uxwrcCFgzmfIU/BeIAnAXznrL3x4wTZ7ktgCAeJiSg4='
        option preshared_key 'secret'
        list allowed_ips '10.100.80.1/32'
        option route_allowed_ips '1'

config wireguard_lan_wg0
        option description 'x1e-win10'
        option public_key '8Dnq8OLhHAW6kNDQCbWJtPhtRM9EOxj3DgDby7cEISQ='
        option preshared_key 'secret'
        list allowed_ips '10.100.80.2/32'
        option route_allowed_ips '1'

config wireguard_lan_wg0
        option description '5820-win10'
        option public_key 'm6/GZUwacRlDb/zzFmE7hmgOAbxhG11NC87jCK2eH2g='
        option preshared_key 'if1NmqY4SD2xg+AcxQNgmZXRXKf1um3eRc9p0jGVEIs='
        list allowed_ips '10.100.80.3/32'
        option route_allowed_ips '1'

config wireguard_lan_wg0
        option description 'x299-win10'
        option public_key 'HX1DgiaJR+xcn/ODGy0Bv2u4b7PGHekdx0RODRoEx24='
        option preshared_key 'secret'
        list allowed_ips '10.100.80.4/32'
        option route_allowed_ips '1'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'eth0'
        option mtu '9000'

config device
        option name 'eth0'
        option mtu '9000'

config device
        option name 'eth1'
        option macaddr '00:0C:29:07:0F:4D'

config interface 'nipc_wg0'
        option proto 'wireguard'
        option private_key 'secret'
        option listen_port '7981'
        option mtu '1400'
        option defaultroute '0'
        list addresses '192.168.123.116/24'

config wireguard_nipc_wg0
        option description 'nipc-openwrt'
        option public_key 'F7pgrguljke6A6NS4Aq0/mQ/scLkSSExFYxxI6bFE3E='
        option preshared_key 'secret'
        option endpoint_host 'secret'
        option endpoint_port '7980'
        option persistent_keepalive '25'
        list allowed_ips '10.10.0.0/16'
        list allowed_ips '192.168.123.1/32'

config route
        option interface 'nipc_wg0'
        option target '10.10.0.0/16'
        option gateway '192.168.123.1'

vgaetera · August 6, 2023, 3:11pm

uci set network.nipc_wg0.route_allowed_ips="1"
uci delete network.@route[-1]
uci commit network
/etc/init.d/network restart

littleNewton · August 6, 2023, 11:36pm

Thanks a lot. It works!

In the Simplified Chinese translation of luci, the route_allowd_ips keyword is translated not so properly, and I was misled.

system · August 16, 2023, 11:36pm

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.