Need to create multiple peers in wireguard client under home assistant

[bryane50]

Problem/Motivation

Added multiple peer but returns invalid yaml error

Expected behavior

wireguard is peer to peer so all clients should be able to be configured with multiple peers

Actual behavior

yaml error when saving configuration

Steps to reproduce

add a second peer entry

Proposed changes

configuration of peers needs to allow an array of peers

[bigmoby]

Hi @bryane50 this is the Wireguard Client add-on. Peer field (one and only one) specifies the host machine that acts as a gateway for your VPN network. Please take a look at Wireguard documentation: https://www.wireguard.com/

[nsg]

Wireguard has not concept of "servers" or "clients", just a list of peers that are connected and used. They can be configured to simulate a server/client setup (if you like), or a full mesh, or some hybrid. This is a small schematic of one of my wg networks that my home assistant is part of (with the help of this addon)

My laptop connect to both Blue and Red for redundancy and performance (when I'm at Red's network there is no point to sent files via Blue). I have connected HA to Green but I would love to have the option to connect it to Blue as well for redundancy (like my laptop).

This network has no gateway, it's not intended to be used for that purpose. I use it as a internal network for services (like HA) to connect components together. I had to be a little creative to solve this with this addon, I added for example

  post_up: /bin/true
  post_down: /bin/true

to "disable" the post_up/down configuration. The validation required me to have them. The DNS also made no sense for me, so I just added my normal DNS again to get past the validation.

I'm fine if you like to keep this addon like it is now, Wireguard is a tool that you can use for many various ways to build interesting networks. I just want to make sure it's an active choice of your part and not a misunderstanding.

[bigmoby]

Hi @nsg thank you for your idea. Yes I know the Wireguard networking concept under that. Regarding your configuration, has your client two different network interfaces?

[nsg]

@bigmoby Yes, my HA has two interfaces, and wg0 is the third virtual network on that machine.

[bigmoby]

Ok thank you @nsg , please could you post here your wireguard (client / peer) configuration, obfuscated of course? so I could try to reproduce it by the add-on configuration.
DISCLAIMER: I created this add-on with raspberry in mind and with only one net interface so I could not promise it works in other environments...I could try

[nsg]

Sure, this is the configuration file I use with WireGuard Client

interface:
  private_key: sEcrEtpRIvatEkey=
  address: 10.0.0.2/24
  dns:
    - 10.0.1.1
  post_up: /bin/true
  post_down: /bin/true
peer:
  public_key: pUBlickey=
  pre_shared_key: ''
  endpoint: myserver.example.com:1234
  allowed_ips:
    - 10.0.0.0/24
  persistent_keep_alive: '25'

This generates this actual config (wg0.conf) inside the container:

[Interface]
PrivateKey = sEcrEtpRIvatEkey=
Address = 10.0.0.2/24
DNS = 10.0.0.1
PostUp = /bin/true
PostDown = /bin/true

[Peer]
PublicKey = pUBlickey=
Endpoint = myserver.example.com:1234
AllowedIPs = 10.0.0.0/24
PersistentKeepalive = 25

DNS, PostUP and PostDown are required so I tried to disable then with /bin/true and my normal DNS. The following config would have be preferred for me:

[Interface]
PrivateKey = sEcrEtpRIvatEkey=
Address = 10.0.0.2/24

[Peer]
PublicKey = pUBlickey=
Endpoint = myserver.example.com:1234
AllowedIPs = 10.0.0.0/24
PersistentKeepalive = 25

My WG network is 10.0.0.0/24, and the two physical interfaces uses 10.0.1.0/24 and 10.0.2.0/24. 10.0.1.0/24 is the default route with the gateway.

---

Here is my configuration on my laptop with multiple peers

[Interface]
ListenPort = 1234
PrivateKey = sEcrEtpRIvatEkey=
Address = 10.0.0.4/24

[Peer]
PublicKey = pUBlickey=
Endpoint = myserver.example.com:1234
AllowedIPs = 10.0.0.0/24

[Peer]
PublicKey = pUBlickey2=
Endpoint = myserver2.example.com:1234
AllowedIPs = 10.0.0.3/24

Multiple peers would of course be even more preferred, with a list instead of a single peer:

peers:
  - public_key: pUBlickey=
    pre_shared_key: ''
    endpoint: myserver.example.com:1234
    allowed_ips:
      - 10.0.0.0/24
    persistent_keep_alive: '25'
  - public_key: pUBlickey2=
    pre_shared_key: ''
    endpoint: myserver2.example.com:1234
    allowed_ips:
      - 10.0.0.3/24

If you like, I can make a PR and/or code suggestions :)

[bryane50]

After my request for multiple peers was closed with no discussion other than to rtfm, I decided to fork the wireguard client addon and make the changes to handle this. If this feature is going to be added to the existing wireguard client please post that information here so that I don't spend any more time on these changes. I also would like to see the requirement for dns, postup and postdown fields removed (but still allowed) since these are optional in the wireguard system and not needed in all situations.

And thank you to @bigmoby for creating this addon from the server oriented version in the home assistant library, since that model is not what I needed to create my vpn connection.

[bigmoby]

Yes as already I wrote I'll try to implement it. Of course you're welcome to write a PR 👍

[bigmoby]

Hi guys, I want to thank You for your suggestions 🙏
I've created the version 0.1.9 of this add-on, I hope could be useful for your needs!
Please give me a feedback 👍