Wireguard peers using uci

I do not have LuCI installed, and would like to add a peer to an exinsting interface. The wiki only has examples of adding new interfaces for each peer. Is there a way to add a peer to an existing interface using uci or editing /etc/config/network?

Currently, when I add a wireguard interface, a new config interface name with option proto wireguard is created, and upon adding a peer a new config wireguard_peername is created, but that section doesn't seem to have any references to which interface the peer is supposed to be on.


1 Like

AFAIK, config wireguard_wgname refers to the interface wgname.
Also, afaik, to name a peer, you need config wireguard_wgname 'peer0'.

Really? :smiley:

See also:


Really really sorry if it sounds stupid, but that only adds one peer for the WG_IF, doesn't it?
I tried this as per @stangri 's suggestion -

config interface 'wg0'
        option proto 'wireguard'
        option private_key 'xx='
        option listen_port '9009'
        list addresses 'fd12:34:56::1'
config wireguard_wg0 phone
        option description 'phone'
        option public_key 'xx='
        list allowed_ips 'fd00::/8'

config wireguard_wg0 laptop
        option description 'laptop'
        option public_key 'xx='
        list allowed_ips 'fd00::/8'

This actually kinda worked, i had 2 peers successfully, but phone peer's allowed ips: were shown as (none) when I ran wg show wg0.

No, just change the peer name.

I tried that as well, and as I mentioned previously, the allowed_ips for the first peer - phone get set to none for some reason

The wiki instructions are verified by multiple users, so that should be a typo on your side.

Alright, I'll check again. Thanks a lot for helping

1 Like

So turns out this is actually expected behaviour:

In wireguard routing is done based on the allowed-ip statements and the destination ip and not on the nexthop ip defined on the neighbor

So, defining the same/overlapping allowed-ips on two peers
in the same tunnel results in only one peer getting the statement, as wireguard removes it from the prevous defined peer

1 Like

Yep, each peer in a single config should use unique non-overlapping allowed IPs ranges.

1 Like

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.