Missing "generate wireguard default-keypair" command

adhisimon · September 7, 2021, 2:46pm

On 1.4-rolling-202109070739 fresh install, I can not generate keypair for wireguard.

From the docs (and it works few months ago), you can generate it by using command:
$ generate wireguard default-keypair

But that command is missing.

$ generate wireguard
Possible completions:
client-config Generate Client config QR code
key-pair Generate Wireguard key pair for use with server or peer

And if I try to use “generate wireguard key-pair”, It only dump the generated keypair to the screen.

Am I missing something?

adhisimon · September 7, 2021, 3:19pm

I’ve test it on 1.4-rolling-202108231913 and it was missing this command too.

n.fort · September 7, 2021, 4:11pm

Hope this is helpful for you:

vyos@vyos:~$ generate pki 
Possible completions:
  ca            Generate CA certificate
  certificate   Generate certificate request
  crl           Generate CRL for specified CA certificate
  dh            Generate DH parameters
  key-pair      Generate a key pair
  openvpn       Generate OpenVPN keys
  ssh-key       Generate SSH key
  wireguard     Generate Wireguard keys

      
vyos@vyos:~$ generate pki wireguard key-pair 
Private key: YLuJ7pES+tsPXWIpklQFDblvb/XPC5poAzhsXbI/6lk=
Public key: W33j7QuDGHRnsaj3RQrqF9qb3L8BYN6Y2HRu26mWSQ8=

Or:

vyos@vyos:~$ generate wireguard key-pair 
Private key: YHPUWG0CZRNFwbUHL/R/WUl/yVBjGqnpHJ52Bmr290g=
Public key: vvhH3HgUaZ0ESlwqKMqkp3G7SDem1U1RvOo9F8lEHCc=

adhisimon · September 7, 2021, 4:22pm

Thanks for the response @n.fort, So, no default keypair for wireguard anymore and I need to copy/paste it to every new wireguard connection?

n.fort · September 7, 2021, 4:58pm

Yes. An example of wireguard configuration might be:

vyos@vyos:~$ generate wireguard key-pair 
Private key: YHPUWG0CZRNFwbUHL/R/WUl/yVBjGqnpHJ52Bmr290g=
Public key: vvhH3HgUaZ0ESlwqKMqkp3G7SDem1U1RvOo9F8lEHCc=
vyos@vyos:~$ 
vyos@vyos:~$ show config comm | grep wireg
set interfaces wireguard wg0 address '192.168.1.1/24'
set interfaces wireguard wg0 peer R01 allowed-ips '10.0.0.1/32'
set interfaces wireguard wg0 peer R01 persistent-keepalive '15'
set interfaces wireguard wg0 peer R01 public-key 'W33j7QuDGHRnsaj3RQrqF9qb3L8BYN6Y2HRu26mWSQ8='
set interfaces wireguard wg0 port '51820'
set interfaces wireguard wg0 private-key 'YHPUWG0CZRNFwbUHL/R/WUl/yVBjGqnpHJ52Bmr290g='
vyos@vyos:~$

Make sure to set the private-key in wireguard configuration, otherwise commit will fail