WireGuard: how to add endpoints using command-line?

Started by tony124, March 07, 2021, 10:08:37 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
March 07, 2021, 10:08:37 PM
Hello,

I am new to WireGuard. I have followed the official docs and could connect 1 client to WireGuard on my opnsense server. Now I would like to add a few dozens of endpoints for my users -- each user gets his/her own wg config. Can I do that via command line? Can I simply edit /usr/local/etc/wireguard/wg0.conf and then issue /usr/local/etc/rc.d/wireguard restart?
March 08, 2021, 06:22:00 AM #1
No, you could write a script calling the needed API calls, but there is none available yet
March 08, 2021, 08:28:28 AM #2
You could add 2 or 3, then export the configuration, then try to understand the structure of the exported XML and edit that for re-import ...
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
March 08, 2021, 10:35:26 AM #3
Quote from: mimugmail on March 08, 2021, 06:22:00 AM
No, you could write a script calling the needed API calls, but there is none available yet

so I guess my best bet is to wait till the API is avail.? Do you know when it might be supported (if at all)?
March 08, 2021, 10:43:32 AM #4 Last Edit: March 08, 2021, 10:54:32 AM by tony124
Quote from: pmhausen on March 08, 2021, 08:28:28 AM
You could add 2 or 3, then export the configuration, then try to understand the structure of the exported XML and edit that for re-import ...

yes that would be a workaround, thanks for the hint. I'd prefer to do partial restore for wireguard only, but it seems partial restore for WireGuard is not possible yet.

The xml fragment for a wg client seems fairly simple, so I am thinking of doing the following:

(1) export the entire config
(2) delete all existing wg endpoints
(3) add all desired wg endpoints
(4) re-import the entire config

When I add/remove an endpoint I can simply repeat the above procedure and have my wg server config correct. Does it seem reasonable/doable?
March 08, 2021, 01:16:26 PM #5
You can open /conf/config.xml and insert the xml part manually without a restore.
The API for Wireguard is already here, you just need to read the docs how to use it.
March 08, 2021, 02:00:05 PM #6
Quote from: mimugmail on March 08, 2021, 01:16:26 PM
You can open /conf/config.xml and insert the xml part manually without a restore.
The API for Wireguard is already here, you just need to read the docs how to use it.

thanks for the hint. So it seems that I can edit /conf/config.xml as needed, make sure that it's valid and then run
/usr/local/etc/rc.d/wireguard restart ?
March 08, 2021, 02:48:16 PM #7
No you need to set another API call for reconfigure services.
Just read the developer docs about the API, maybe this makes it clearer.
Print
Go Up Pages1
User actions