remove peer endpoint

em12345 em12345 at
Mon Dec 30 11:13:02 CET 2019


in my case the reason is not exactly being able to remove the endpoint,
but rather being able to setup a peer without endpoint, so that only the
endpoint needs to be setup later.

All keys for interface and peer are configured via "wg" standard config
file, so that the interface can be brought up at boot time.

But when having to use a to be resolved host name as endpoint, then the
boot process blocks for around a minute in case no network (incl. DNS)
is available. At least when running systemd reading
/etc/network/interfaces. I'm not using systemd builtin wg support.

There is of course the possibility to bring up the wg-* interfaces later
altogether. But the easiest way for me was to use a local endpoint IP
( address, and then use up/down scripts triggered on LAN/WLAN
up/down, which then only resolve the endpoint host name and set via wg
the resolved IP of that.

This way I'm also able to use several hostnames from different DynDNS
providers, in case one service provider is down, which wg as far as I
know doesn't currently support.
	1.) resolve first host name
	2.) set endpoint IP on peer
	3.) ping into tunnel to see if it is working
	4.) if not working, then try next host name



On 2019-12-30 10:37, Jason A. Donenfeld wrote:
> Hi Devin,
> Could you let me know your reason for wanting this? If there's a good
> justification, we could consider adding it. But I'd like some
> reasoning as it relates to the entire system you're trying to build,
> first.
> Thanks,
> Jason
> On Sat, Dec 28, 2019 at 10:36 PM Jason A. Donenfeld <Jason at> wrote:
>> I'm interested to learn, why would you want such a thing? The endpoint field is only ever a "hint" anyway, due to the roaming.
>> On Sat, Dec 28, 2019, 13:12 Devin Smith <devinrsmith at> wrote:
>>> If I'm not mistaken, `wg set <interface> peer <base64> remove` removes the whole peer - I'm looking to remove just the peer's endpoint attribute [endpoint <ip>:<port>].
>>> ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
>>> On Friday, December 27, 2019 10:51 AM, Lonnie Abelbeck <lists at> wrote:
>>>>> On Dec 27, 2019, at 9:51 AM, Devin Smith devinrsmith at wrote:
>>>>> Is it possible to remove the endpoint of a peer via the `wg set` command? All of the other peer attributes (preshared-key, persistent-keepalive, allowed-ips) are removable in this fashion (and documented in the man page). I've tried `wg set <interface> peer <base64-public-key> endpoint 0` ...
>>>> Yes, this works:
>>>> -------------------
>>>> wg set <interface> peer <base64-public-key> remove
>>>> --
>>>> If you forget, "wg set --help" will remind you.
>>>> Lonnie
>>> _______________________________________________
>>> WireGuard mailing list
>>> WireGuard at
> _______________________________________________
> WireGuard mailing list
> WireGuard at

More information about the WireGuard mailing list