Wireguard peers setup

I got a Wireguard setup and i have a single peer connected. I would like to four more peers, but i am lost, since the initial config someone else did it for me.
The public and private keys hyave been changed, it is not the real ones. Here are my config.
/etc/configs/network:

config interface 'WG_server'
        option proto 'wireguard'
        option private_key 'OExV3qIjhgvbfjknvdf98vfdjkvfdRQWY='
        option listen_port '61820'
        list addresses '10.14.0.1/24'

config wireguard_WG_server
        option description 'Atux_mobile'
        option public_key 'evxbnhsbaliunsvan;oidasisadfjCbuHQ='
        list allowed_ips '10.14.0.3/21'
        option route_allowed_ips '1'
        option persistent_keepalive '25'

/etc/config/firewall

config redirect
        option dest 'lan'
        option target 'DNAT'
        option name 'Wireguard_Router'
        option src 'wan'
        option src_dport '61820'
        option dest_port '61820'
        option dest_ip '192.168.160.1'

Thanks in advance

add a section like this for each client:

config wireguard_WG_server
        option description 'next client'
        option public_key 'dgwehweghwgwegwe='
        list allowed_ips '10.14.0.4/32'
        option route_allowed_ips '1'
        option persistent_keepalive '25'

Note I think you need to do a /32 in your original client as well.

2 Likes

Yes.... this is key. All remote peers should be /32.

Also... this redirect should be removed -- create a traffic rule instead.

2 Likes

thanks for your responses. Regarding the traffic rule, how should it be?
also, about the /32 are you sure about the 10.14.0.4/32

Accept UDP with destination port 61820 from source wan zone.

Yes, I'm positive. When configuring a 'server' like this, each peer should be a /32 address in the allowed_ips field.

The allowed IPs field (when combined with route allowed IPs) will send traffic whose destination matches the allowed IPs through the tunnel.

The 'client' side often has a broader range (one or more subnet, or often 0.0.0.0/0 -- all IPs) because the client will then be able to send all of that traffic through the tunnel. The return data, though -- from the server's perspectie -- is going to the single IP address of that remote peer.

4 Likes