what do you mean with ‘announcing my own /24…’? Via bgp or another dynamic routing protocol?
You can terminate all tunnels on a single interface, or you can spread it through multiple ones. A wg interface can handle multiple endpoints.
Several options, either you define a policy via wg allowed-ips, or you set allowed-ips to 0.0.0.0, ::/0 and set an interface route if you want to use multiple interfaces.
e.g.
wg01 has 3 peers.
peer1 allowed-ips: 10.1.1.0/29
peer2 allowed-ips 10.1.1.8/29
peer2 allowed-ips: 10.1.1.64/26
the interface route would be then 10.1.1.0/24 interface wg01. Allowed IPs is basically your policy of the destination IPs.
If you want to use 1 interface per peer, then allowed IPs is either a list of destination IPs, or 0.0.0.0/0, the your route would be 10.1.1.0.24 interface wg01, 10.2.1.0/24 interface wg01 and so on.
Thanks, I’ll try that. The issue I’m having right now is that apparently the wireguard module isn’t included in the latest rolling ISO. I’m getting the “modprobe: FATAL: Module wireguard not found” error.
@hagbard one of the wireguard interfaces “dissapears” from the config after boot. “wg” shows it’s active (wg0+wg1) & they are both in /config/config.boot but “show” command shows only wg1.
Hi @sebastianm the show command is working fine, however I found a bug with setting the ip for a second interface, it set’s everything but it looks like the config parser calls the commands in a loop and therefore it is not marked as applied. I’m gonna open a bug for it and have a look. Meanwhile, you can terminate multple peers on a single wg interface.
Ok I’ve reverted back to using OpenVPN instead of WireGuard for my tunnels because I had various issues with MTU (I think).
Running speedtest-cli on VMs that were on the subnet going through WireGuard was flaky, sometimes it would be stuck on “Retrieving speedtest.net configuration…” and sometimes it would work (fine or w/ 0mbps download speed & proper upload).
After reverting back to OpenVPN it now works fine though I’ve left the wg0 interface for my management network (ESXi web interface, SNMP & such) which itself is configured in a star topology.
I’m not sure if I’ll have issues with the management WireGuard VPN. If I do, I’ll report back.