[Solved] Wireguard - multiple SERVER_ALLOWEDIPS_PEER_xx

kulho · 19 April 2023 18:13

Hello,

I am trying to set up 2 (or more) site-to-site wireguard connections. In my compose file for the server, I have:

PEERS=a,b
SERVER_ALLOWEDIPS_PEER_a=192.168.2.0/24
SERVER_ALLOWEDIPS_PEER_b=192.168.3.0/24

where 192.168.2.0/24, and 192.168.3.0/24 are the other site LANs.

when I run docker exec wireguard-server wg I get following:

peer: (a)
  preshared key: (hidden)
  allowed ips: 10.13.13.9/32

peer: (b)
  preshared key: (hidden)
  allowed ips: 10.13.13.10/32, 192.168.3.0/24

any idea why peer (a) does not have 192.168.2.0/24 under allowed ips?

Thanks

kulho · 19 April 2023 18:17

I forgot to mention that in the wg0.conf I can see peer (a) set up correctly:

[Peer]
# peer_a
PublicKey = xx
PresharedKey = xx
AllowedIPs = 10.13.13.9/32,192.168.2.0/24

[Peer]
# peer_b
PublicKey = xx
PresharedKey = xx
AllowedIPs = 10.13.13.10/32,192.168.3.0/24

and also I tried to restart the container / redeploy the stack etc…

aptalca · 19 April 2023 18:28

It looks like wg0.conf was created correctly. That’s the part our init handles. Going from wg0.conf to the working wireguard setup is handled by wireguard’s wg-quick script. We don’t have control over that.

aptalca · 19 April 2023 18:39

I just ran this:
docker run -d --rm --name test --cap-add=NET_ADMIN --cap-add=SYS_MODULE -e PEERS='a,b' -e SERVER_ALLOWEDIPS_PEER_a="192.168.2.0/24" -e SERVER_ALLOWEDIPS_PEER_b="192.168.3.0/24" lscr.io/linuxserver/wireguard:latest
and then checked docker exec test wg show
and I get

interface: wg0
  public key: lFe+dn/pW1ISb49o/qFrXArZSNcjFrknWpDtM4+KVDM=
  private key: (hidden)
  listening port: 51820

peer: 0YwExoarlEur5ErY8+0ihN4kX99e0VHzbm/aGphVDns=
  preshared key: (hidden)
  allowed ips: 10.13.13.2/32, 192.168.2.0/24

peer: Tvf2Si6830ey+XjY+R0Arp0/UoIcY3pISRQgoJ9DaWM=
  preshared key: (hidden)
  allowed ips: 10.13.13.3/32, 192.168.3.0/24

as expected

kulho · 19 April 2023 19:05

I just found my issue - forgot to change one of the networks

- SERVER_ALLOWEDIPS_PEER_a=192.168.3.0/24
- SERVER_ALLOWEDIPS_PEER_b=192.168.3.0/24

that caused the issue apparently.

Thanks @aptalca for fast response!

system · 24 April 2023 19:05

This topic was automatically closed 5 days after the last reply. New replies are no longer allowed.