[Solved] Luci DHCP Tab for Wireguard interface in 22.03

I noticed that Luci has a DHCP Tab in the configuration for a Wireguard Interface
Menu : Network -> Interface -> "defined Wireguard interface" Edit -> DHCP Server.
The Tab contain no config fields apart the Ignore Interface button on General Setup and disabled settings in the IPV6 Settings tab.

/etc/config/dhcp has only the following config related to wireguard :

config dhcp 'WG0'
        option interface 'WG0'
        option ignore '1'

With the last two lines removed if i decide not to ignore the interface in Luci

I did not find anything in the doc or elsewhere on the usage of DHCP to assign a DHCP address to a wireguard peer tunnel ip address. is that a thing ?
If possible can it be done in IPV4 ? I completely turned off IPV6 in my Openwrt configs as I still struggle with the concept.
DHCP would come handy considering that the latest Peer config in Openwrt does not seem to keep track of the Peer Tunnel Ip Address, leaving the IP address config in the hand of the person configuring the peer with the risk of having multiple peers using the same Ip address.

I make use of the configuration export QRCode to configure my phones wireguard config and the only thing missing is that I add the tunnel IPAddress by hand. other than that seem to work great. So close to perfection, whoever developed this THANKS, as I was struggling with the text based config.

By setting the ignore option, the interface will be explicitly "blacklisted" in the dnsmasq configuration and dnsmasq will make not attempt to answer incoming DHCP queries.

When not ignored, dnsmasq will try to answer incoming DHCP requests but likely fail since there's usually no DHCP pool range defined for a wireguard interface.

The main reason for making the DHCP server config tab available for non-static interface types (such as wireguard) was to allow configuration of DHCPv6 / IPv6 relaying

4 Likes

Thanks Jow,

So unless I want to do DHCPv6 Relaying there is no point enabling the DHCP config.
Ok so I'll just manage carefully the IP address on my peer devices.
Maybe one day the wireguard peer config will add an IP address pool that can then be used to generate the config qrcodes.

Thanks again for clarifying.

Is the client device you're importing the config into understanding the Address = ... option in the [interface] section of the config? I guess we could add support for adding Address = ... to the generated config if it is widely supported.

AFAIK, there's no Wireguard support for connecting to a peer and having it assign you an address. There are some proposals/notes about adding such a service, but they don't seem to be ready yet.

2 Likes

Correct, a little information on that - as the IP seems to be part of the crypto at this time:

See: https://www.wireguard.com/#cryptokey-routing

Also, the QR Codes have quite a history to make them usable for [any] purposes:

See: [?] luci-app-wireguard QR Code shows Private Key

Hi Jow,
I use wireguard on a Ubuntu server. There I have installed a wireguard container maintained by linuxserver.io. The peer creation script generate both qrcode and config files that include a Peer IP Address.
I have used this with wireguard clients on Android, ios and windows and it works well.
It's not as flexible as having a dynamic address but work well enough with limited no of peers to manage setup's with few changes.
Rgrds
R.

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.