On 1.4-rolling-202109070739 fresh install, I can not generate keypair for wireguard.
From the docs (and it works few months ago), you can generate it by using command:
$ generate wireguard default-keypair
But that command is missing.
$ generate wireguard
Possible completions:
client-config Generate Client config QR code
key-pair Generate Wireguard key pair for use with server or peer
And if I try to use “generate wireguard key-pair”, It only dump the generated keypair to the screen.
Am I missing something?
I’ve test it on 1.4-rolling-202108231913 and it was missing this command too.
n.fort
September 7, 2021, 4:11pm
3
Hope this is helpful for you:
vyos@vyos:~$ generate pki
Possible completions:
ca Generate CA certificate
certificate Generate certificate request
crl Generate CRL for specified CA certificate
dh Generate DH parameters
key-pair Generate a key pair
openvpn Generate OpenVPN keys
ssh-key Generate SSH key
wireguard Generate Wireguard keys
vyos@vyos:~$ generate pki wireguard key-pair
Private key: YLuJ7pES+tsPXWIpklQFDblvb/XPC5poAzhsXbI/6lk=
Public key: W33j7QuDGHRnsaj3RQrqF9qb3L8BYN6Y2HRu26mWSQ8=
Or:
vyos@vyos:~$ generate wireguard key-pair
Private key: YHPUWG0CZRNFwbUHL/R/WUl/yVBjGqnpHJ52Bmr290g=
Public key: vvhH3HgUaZ0ESlwqKMqkp3G7SDem1U1RvOo9F8lEHCc=
Thanks for the response @n.fort , So, no default keypair for wireguard anymore and I need to copy/paste it to every new wireguard connection?
n.fort
September 7, 2021, 4:58pm
5
Yes. An example of wireguard configuration might be:
vyos@vyos:~$ generate wireguard key-pair
Private key: YHPUWG0CZRNFwbUHL/R/WUl/yVBjGqnpHJ52Bmr290g=
Public key: vvhH3HgUaZ0ESlwqKMqkp3G7SDem1U1RvOo9F8lEHCc=
vyos@vyos:~$
vyos@vyos:~$ show config comm | grep wireg
set interfaces wireguard wg0 address '192.168.1.1/24'
set interfaces wireguard wg0 peer R01 allowed-ips '10.0.0.1/32'
set interfaces wireguard wg0 peer R01 persistent-keepalive '15'
set interfaces wireguard wg0 peer R01 public-key 'W33j7QuDGHRnsaj3RQrqF9qb3L8BYN6Y2HRu26mWSQ8='
set interfaces wireguard wg0 port '51820'
set interfaces wireguard wg0 private-key 'YHPUWG0CZRNFwbUHL/R/WUl/yVBjGqnpHJ52Bmr290g='
vyos@vyos:~$
Make sure to set the private-key in wireguard configuration, otherwise commit will fail