-
-
Notifications
You must be signed in to change notification settings - Fork 22
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Need to create multiple peers in wireguard client under home assistant #14
Comments
Hi @bryane50 this is the Wireguard Client add-on. Peer field (one and only one) specifies the host machine that acts as a gateway for your VPN network. Please take a look at Wireguard documentation: https://www.wireguard.com/ |
Wireguard has not concept of "servers" or "clients", just a list of peers that are connected and used. They can be configured to simulate a server/client setup (if you like), or a full mesh, or some hybrid. This is a small schematic of one of my wg networks that my home assistant is part of (with the help of this addon) My laptop connect to both Blue and Red for redundancy and performance (when I'm at Red's network there is no point to sent files via Blue). I have connected HA to Green but I would love to have the option to connect it to Blue as well for redundancy (like my laptop). This network has no gateway, it's not intended to be used for that purpose. I use it as a internal network for services (like HA) to connect components together. I had to be a little creative to solve this with this addon, I added for example
to "disable" the post_up/down configuration. The validation required me to have them. The DNS also made no sense for me, so I just added my normal DNS again to get past the validation. I'm fine if you like to keep this addon like it is now, Wireguard is a tool that you can use for many various ways to build interesting networks. I just want to make sure it's an active choice of your part and not a misunderstanding. |
Hi @nsg thank you for your idea. Yes I know the Wireguard networking concept under that. Regarding your configuration, has your client two different network interfaces? |
@bigmoby Yes, my HA has two interfaces, and wg0 is the third virtual network on that machine. |
Ok thank you @nsg , please could you post here your wireguard (client / peer) configuration, obfuscated of course? so I could try to reproduce it by the add-on configuration. |
Sure, this is the configuration file I use with WireGuard Client interface:
private_key: sEcrEtpRIvatEkey=
address: 10.0.0.2/24
dns:
- 10.0.1.1
post_up: /bin/true
post_down: /bin/true
peer:
public_key: pUBlickey=
pre_shared_key: ''
endpoint: myserver.example.com:1234
allowed_ips:
- 10.0.0.0/24
persistent_keep_alive: '25' This generates this actual config (wg0.conf) inside the container: [Interface]
PrivateKey = sEcrEtpRIvatEkey=
Address = 10.0.0.2/24
DNS = 10.0.0.1
PostUp = /bin/true
PostDown = /bin/true
[Peer]
PublicKey = pUBlickey=
Endpoint = myserver.example.com:1234
AllowedIPs = 10.0.0.0/24
PersistentKeepalive = 25 DNS, PostUP and PostDown are required so I tried to disable then with [Interface]
PrivateKey = sEcrEtpRIvatEkey=
Address = 10.0.0.2/24
[Peer]
PublicKey = pUBlickey=
Endpoint = myserver.example.com:1234
AllowedIPs = 10.0.0.0/24
PersistentKeepalive = 25 My WG network is Here is my configuration on my laptop with multiple peers [Interface]
ListenPort = 1234
PrivateKey = sEcrEtpRIvatEkey=
Address = 10.0.0.4/24
[Peer]
PublicKey = pUBlickey=
Endpoint = myserver.example.com:1234
AllowedIPs = 10.0.0.0/24
[Peer]
PublicKey = pUBlickey2=
Endpoint = myserver2.example.com:1234
AllowedIPs = 10.0.0.3/24 Multiple peers would of course be even more preferred, with a list instead of a single peer: peers:
- public_key: pUBlickey=
pre_shared_key: ''
endpoint: myserver.example.com:1234
allowed_ips:
- 10.0.0.0/24
persistent_keep_alive: '25'
- public_key: pUBlickey2=
pre_shared_key: ''
endpoint: myserver2.example.com:1234
allowed_ips:
- 10.0.0.3/24 If you like, I can make a PR and/or code suggestions :) |
After my request for multiple peers was closed with no discussion other than to rtfm, I decided to fork the wireguard client addon and make the changes to handle this. If this feature is going to be added to the existing wireguard client please post that information here so that I don't spend any more time on these changes. I also would like to see the requirement for dns, postup and postdown fields removed (but still allowed) since these are optional in the wireguard system and not needed in all situations. And thank you to @bigmoby for creating this addon from the server oriented version in the home assistant library, since that model is not what I needed to create my vpn connection. |
Yes as already I wrote I'll try to implement it. Of course you're welcome to write a PR 👍 |
Hi guys, I want to thank You for your suggestions 🙏 |
Problem/Motivation
Expected behavior
Actual behavior
Steps to reproduce
Proposed changes
The text was updated successfully, but these errors were encountered: