OpnSense Wireguard API using

[bobbylv75]

Hi

I wanna automate peer creation in Wireguard plugin. For this I use api.

1. I can create new peer with API call "/api/wireguard/client/addClient" with JSON

{"client":
      {"enabled": "1",
        "name": "WR_Master",
        "pubkey": "user_pubkey",
        "tunneladdress": "10.0.11.50/32",
        "persistentkeepalive": "25"
         }
}

It is ok. Peer is created with uuid "xxxx-xxxx-xxxx"

2. Now I need to enable new peer in VPN -> Wireguard -> Local -> Peers (Endpoints)

I try to call API "/api/wireguard/server/set" with JSON

{
  "server": {
    "enabled": "1",
    "peers": {
      "xxxx-xxxx-xxxx": {
        "selected": "1"
      }
    },
    "uuid": "yyyy-yyyy-yyyy"
  }
}

where "yyyy-yyyy-yyyy" is Wireguard server's uuid.

The call ends successfully with message

"Ok. Saved"

Then I make a API call  "/api/wireguard/service/reconfigure"

Result - "Ok"

But unfortunally new peer is uncheked in GUI VPN -> Wireguard -> Local -> Peers (Endpoints)

What i doing wrong?

[p_kn]

To set an single peer active send

Code Select Expand

{'server': {'peers': SinglePeerUUID}} to wireguard/server/setServer/ServerUUID, then SinglePeerUUID gets enabled. To set multiple active:

Code Select Expand

{'server': {'peers': 'SinglePeerUUID1,SinglePeerUUID2' }}Take care, not to send a json array [...], but a string with comma separated values.

Too sad, that such things have to be figured out by trial and error, instead of reading a doc. IMO this belongs on this page:https://docs.opnsense.org/development/api/plugins/wireguard.html

[p_kn]

I made a little project which allows to make a new wireguard peer and push it to the opensense: https://github.com/pkoevesdi/wg-keygen-notrust/tree/opnsensebridge extending the pure conf generator https://github.com/jcarrano/wg-keygen-notrust. Can also be used as a demo for the wireguard API.