Text only | Text with Images

OPNsense Forum

English Forums => Virtual private networks => Topic started by: tony124 on March 07, 2021, 10:08:37 PM

Title: WireGuard: how to add endpoints using command-line?
Post by: tony124 on March 07, 2021, 10:08:37 PM
Hello,

I am new to WireGuard. I have followed the official docs and could connect 1 client to WireGuard on my opnsense server. Now I would like to add a few dozens of endpoints for my users -- each user gets his/her own wg config. Can I do that via command line? Can I simply edit /usr/local/etc/wireguard/wg0.conf and then issue /usr/local/etc/rc.d/wireguard restart?
Title: Re: WireGuard: how to add endpoints using command-line?
Post by: mimugmail on March 08, 2021, 06:22:00 AM
No, you could write a script calling the needed API calls, but there is none available yet
Title: Re: WireGuard: how to add endpoints using command-line?
Post by: Patrick M. Hausen on March 08, 2021, 08:28:28 AM
You could add 2 or 3, then export the configuration, then try to understand the structure of the exported XML and edit that for re-import ...
Title: Re: WireGuard: how to add endpoints using command-line?
Post by: tony124 on March 08, 2021, 10:35:26 AM
Quote from: mimugmail on March 08, 2021, 06:22:00 AM
No, you could write a script calling the needed API calls, but there is none available yet

so I guess my best bet is to wait till the API is avail.? Do you know when it might be supported (if at all)?
Title: Re: WireGuard: how to add endpoints using command-line?
Post by: tony124 on March 08, 2021, 10:43:32 AM
Quote from: pmhausen on March 08, 2021, 08:28:28 AM
You could add 2 or 3, then export the configuration, then try to understand the structure of the exported XML and edit that for re-import ...

yes that would be a workaround, thanks for the hint. I'd prefer to do partial restore for wireguard only, but it seems partial restore for WireGuard is not possible yet.

The xml fragment for a wg client seems fairly simple, so I am thinking of doing the following:

(1) export the entire config
(2) delete all existing wg endpoints
(3) add all desired wg endpoints
(4) re-import the entire config

When I add/remove an endpoint I can simply repeat the above procedure and have my wg server config correct. Does it seem reasonable/doable?
Title: Re: WireGuard: how to add endpoints using command-line?
Post by: mimugmail on March 08, 2021, 01:16:26 PM
You can open /conf/config.xml and insert the xml part manually without a restore.
The API for Wireguard is already here, you just need to read the docs how to use it.
Title: Re: WireGuard: how to add endpoints using command-line?
Post by: tony124 on March 08, 2021, 02:00:05 PM
Quote from: mimugmail on March 08, 2021, 01:16:26 PM
You can open /conf/config.xml and insert the xml part manually without a restore.
The API for Wireguard is already here, you just need to read the docs how to use it.

thanks for the hint. So it seems that I can edit /conf/config.xml as needed, make sure that it's valid and then run
/usr/local/etc/rc.d/wireguard restart ?
Title: Re: WireGuard: how to add endpoints using command-line?
Post by: mimugmail on March 08, 2021, 02:48:16 PM
No you need to set another API call for reconfigure services.
Just read the developer docs about the API, maybe this makes it clearer.
Text only | Text with Images