Peers information in WireGuard server config file disappearing
Hi all,
I' am having this strange issue where the content I put under the Peer section of my server config file is disappearing after a little while.
I have tried taking down the wg interface on both my server and clients with 'wg-quick down wg0' first, edited it, saved it and then brought it back with 'wg-quick up wg0' (as stated on the Linode KB article) and confirmed the peer information I inputted still appear thereafter.
However, after trying to connect on one of my clients (Linux), I check the config file on the server again under the Peers section, and the AllowedIPs info is only showing the network address of my VPN tunnel and not the actual clients IP address that I specified.
It's Public Key still appears however.
The other Peer information I inputted for my other clients (Windows) information has disappeared all together also.
Has anyone seen this happen before or might know why it's occurring?
Also, I believe you're able to input multiple peer information on the one interface (wg0), can somebody confirm that is correct?
Or must you have a different interface for each client/peer you want connected?
Kind Regards,
Leon.
2 Replies
Has anyone seen this happen before or might know why it's occurring?
I've personally never come across this, nor am I finding much information regarding this online.
I did, however, find a Reddit post from a user that seems to be having the same issue you are. One of the comments mentioned that if you have SaveConfig
set to true
, Wireguard overwrites the file with whatever Wireguard is configured with when it brings down the interface. I'm not sure if this completely applies to you, but it may be worth considering. More information on SaveConfig
is here.
Also, I believe you're able to input multiple peer information on the one interface (wg0), can somebody confirm that is correct? Or must you have a different interface for each client/peer you want connected?
According to an archived public mailing list, multiple peers can be added to one interface.
I hope this helps! Best of luck :).
Hi jlee,
Thanks for your help, changing the SafeConfig parameter to false appears to have fixed the issue for me. I've gone back and fourth into my config file and made changes, and the values under the AllowedIPs field for my peers has not changed to their network address.
However, I' am now getting the below warning message when bringing the interface back up with 'wg-quick up wg0' which I was not getting before. And my clients/peers also still don't have Internet connectivity once I activate their tunnel;
"Warning: AllowedIP has nonzero host part: my clients IP and subnet mask shows here"
Any idea what this may be about? It was working fine at one point with those same IP's I had listed.
Thanks for also confiming my question regarding having multiple peers against the same interface :)
Update (16/04/20): I fixed the above warning message by removing the netmask at the end of the value in the AllowedIP's parameter in my wg0.conf file on the server.
After running wg or wg show on the server thereafter, I noticed the netmask in this parameter against my peers changed from /24 to /32 - perhaps I had the wrong netmask all along for the subnet I was using. Either way, the netmask doesn't appear to be needed in the peers section, just in the interface section.