[WireGuard] Wireguard in OpenWRT/LEDE: FYI: Pull Request

Dan Lüdtke mail at danrl.com
Wed Nov 16 18:04:38 CET 2016

> The config value has to be the same to correlate them. In that case,
> you should show an example with multiple peers, so that it's clear
> what's happening.

It says "Peer configurations are managed via one or more wireguard_<ifname> sections." to introduce the example. However, won't hurt to add another peer for clarification.

Consider it done :)


Create a WireGuard tunnel interface named ''foo'' that connects to one peer (VPN server at vpn.example.com) and allows another peer (e.g. road warrior) to connect.
Peer configurations are managed via one or more ''wireguard_<ifname>'' sections.

config interface 'foo'
	option proto 'wireguard'
	option private_key 'qLvQnx5CpXPDo6oplzdIvXLNqkbgpXip3Yv4ouHWZ0Q='
	option preshared_key 'M1IbkkDVwXsQbFbURiMXiVe/iUCjC5TKHCmemVs+oLQ='

config wireguard_foo
	option public_key '9mD+mTiOp7SGIkB4t3ZfWAcfp5iA/WwQRdVypKKwrjY='
	option route_allowed_ips '1'
	list allowed_ips 'fd00:13:37::/48'
	option endpoint_host 'vpn.example.com'
	option persistent_keepalive '25'

config wireguard_foo
	option public_key '4mLeSytW6/y4UcOT6rNorw1Ae9nXSxhXUjxsdzMWkUA='
	list allowed_ips 'fd00:13:37:ffff::23'

To use static addresses on a WireGuard interface, create a static address configuration on top of the interface.

config interface 'bar'
	option proto 'static'
	option ifname 'foo'
	option ip6addr 'fd00:13:37::2/64'

More information about the WireGuard mailing list