What is the command in Saggita 1.4 to find previously generated wireguard keys?

Hi Team,

I am creating a lot of wireguard tunnels on 1.4 however once the key-pairs are created how do I see that? I do not see command similar to 1.3 by which one could see the pubkey and private key

Please let me know if anyone aware of it?

TIA
Blason R

They are not stored anywhere. If you used the key in a config, you can get it by running show interfaces wireguard in config mode. Then to get the public key from the private-key value, run the command:

echo "<private_key>" | wg pubkey

If you did not use the private or public key in your config, you’ll just need to generate a new key pair.

1 Like

Thats weird!! Then in that case I’ll have to right down the Priv/Pub key

And do you know how to restore the public-key and private key generated on one router to another? Since I am thinking from disaster perspective if the router where wg keys are defined crashes how do I restore it?

The older method found in 1.3 used the /config/auth directory to store its key contents for consumption. In 1.4, this was migrated, or could be migrated, to the configuration file itself.

show interfaces wireguard wg0 private-key

Assuming a simple configuration with just the default key (i.e. show interfaces wireguard wg0 private-key returns default):

cat /config/auth/wireguard/default/private.key
set interfaces wireguard wg0 private-key yourkeyfromabove

Storing the private key within the configuration file solves your DR case.

https://docs.vyos.io/en/sagitta/configuration/interfaces/wireguard.html#interface-configuration

1 Like

Yeah the way everything is in the config now is a huge improvement over 1.3.

1 Like

Configure vyos 1.4 is better than previous one. no need to back directories.