How to apply manual changes from config files

Started by aney1, January 03, 2025, 02:49:38 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
January 03, 2025, 02:49:38 PM
Hi,

I would like to write a script that adds peers to the wireguard config.
When a peer is added via the webui this file is populated: /usr/local/etc/wireguard/wg0.conf.
So I added a peer there, but not matter what I do, the peer is never shown in the webgui and gets removed after a reboot.

Do I have to add it via /conf/config.xml or is there a way to apply from wg0.conf?

This is what I tried:
- created a peer from the gui to get a config that should definitely work.
- copied it from the config file; deleted it again from the gui; added it back to the config file
- configctl wireguard configure /usr/local/etc/wireguard/wg0.conf
- /usr/local/sbin/configctl wireguard restart
- /usr/local/sbin/configctl webgui restart

configctl wireguard showconf does show a new peer after that, but not the webgui, and after a reboot the config is overwritten again.
January 03, 2025, 03:58:07 PM #1
You can't undermine OPNsense like that, as you've discovered - the UI manages config.xml (which is not meant to be meddled with really), and other configs are generated from that. You can't (AFAIK anyway) backfeed it in the other direction.

If you want to automate things, look at the API. I haven't used it myself (yet), but it looks like WG is covered...

https://docs.opnsense.org/development/api.html
https://docs.opnsense.org/development/api/plugins/wireguard.html
January 08, 2025, 02:32:09 PM #2
Ok, I'll check how to do it via the API.

Thanks for the reply.
November 18, 2025, 11:56:43 PM #3
Sry to revive a very old thread. I ran into this too, then noticed that contents of

/usr/local/etc/wireguard/wg0.conf and

wg show | grep -A10 wg0

differ. If they do, the changes you made will not persist. Short version, look into what these (and related) commands do:

wg set wg0 peer 44zfpKeeWkZMUHfOd4ZgKiWxU9AEnha5NwTeqmCk7TU= remove

wg setconf wg0 /usr/local/etc/wireguard/wg0.conf

Make copies of your given files before playing, but at some point GUI and files will agree, saving you from headaches.
Today at 09:41:12 AM #4
Yes, GUI and wg0.conf will agree, but eventually, the contents of config.xml will overwrite wg0.conf again, destroying your efforts.

If you want to do such a thing, use the OpnSense API like already correctly answered in answer #1.
Intel N100, 4* I226-V, 2* 82559, 16 GByte, 500 GByte NVME, ZTE F6005

1100 down / 800 up, Bufferbloat A+
Print
Go Up Pages1
User actions