Wireguard peers setup

I got a Wireguard setup and i have a single peer connected. I would like to four more peers, but i am lost, since the initial config someone else did it for me.
The public and private keys hyave been changed, it is not the real ones. Here are my config.

config interface 'WG_server'
        option proto 'wireguard'
        option private_key 'OExV3qIjhgvbfjknvdf98vfdjkvfdRQWY='
        option listen_port '61820'
        list addresses ''

config wireguard_WG_server
        option description 'Atux_mobile'
        option public_key 'evxbnhsbaliunsvan;oidasisadfjCbuHQ='
        list allowed_ips ''
        option route_allowed_ips '1'
        option persistent_keepalive '25'


config redirect
        option dest 'lan'
        option target 'DNAT'
        option name 'Wireguard_Router'
        option src 'wan'
        option src_dport '61820'
        option dest_port '61820'
        option dest_ip ''

Thanks in advance

add a section like this for each client:

config wireguard_WG_server
        option description 'next client'
        option public_key 'dgwehweghwgwegwe='
        list allowed_ips ''
        option route_allowed_ips '1'
        option persistent_keepalive '25'

Note I think you need to do a /32 in your original client as well.


Yes.... this is key. All remote peers should be /32.

Also... this redirect should be removed -- create a traffic rule instead.


thanks for your responses. Regarding the traffic rule, how should it be?
also, about the /32 are you sure about the

Accept UDP with destination port 61820 from source wan zone.

Yes, I'm positive. When configuring a 'server' like this, each peer should be a /32 address in the allowed_ips field.

The allowed IPs field (when combined with route allowed IPs) will send traffic whose destination matches the allowed IPs through the tunnel.

The 'client' side often has a broader range (one or more subnet, or often -- all IPs) because the client will then be able to send all of that traffic through the tunnel. The return data, though -- from the server's perspectie -- is going to the single IP address of that remote peer.