Thursday, June 01, 2023

Cannot setup more than one WireGuard peer

Hi,

I'm using OpenBSD 7.3 and I have the following issue with WireGuard:
adding more than one peer via ifconfig breaks wgaip assignments.

Initial configuration:

$ doas ifconfig wg0
wg0: flags=80c3<UP,BROADCAST,RUNNING,NOARP,MULTICAST> mtu 1420
index 8 priority 0 llprio 3
wgport <port>
wgpubkey <pubkey>
groups: wg
inet 10.45.0.1 netmask 0xffffff00 broadcast 10.45.0.255

Adding a new peer:

$ doas ifconfig wg0 wgpeer <peer1> wgaip 10.45.0.2/24
$ doas ifconfig wg0
wg0: flags=80c3<UP,BROADCAST,RUNNING,NOARP,MULTICAST> mtu 1420
index 8 priority 0 llprio 3
wgport <port>
wgpubkey <pubkey>
wgpeer <peer1>
tx: 0, rx: 0
wgaip 10.45.0.2/24
groups: wg
inet 10.45.0.1 netmask 0xffffff00 broadcast 10.45.0.255

So far so good, adding another peer:

$ doas ifconfig wg0 wgpeer <peer2> wgaip 10.45.0.3/24
$ doas ifconfig wg0
wg0: flags=80c3<UP,BROADCAST,RUNNING,NOARP,MULTICAST> mtu 1420
index 8 priority 0 llprio 3
wgport <port>
wgpubkey <pubkey>
wgpeer <peer1>
tx: 0, rx: 0
wgpeer <peer2>
tx: 0, rx: 0
wgaip 10.45.0.2/24
groups: wg
inet 10.45.0.1 netmask 0xffffff00 broadcast 10.45.0.255

Bam. The first peer has lost it's wgaip, the second one gets invalid
wgaip, hence nothing works.

Merging it all in a single ifconfig line does not help either.

Please halp.

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)