Page MenuHomeVyOS Platform
Create Task
Maniphest T2632

WireGuard: Cannot use only one preshared-key for one peer
Closed, ResolvedPublicBUG
Actions

Description

Reported via forums

https://forum.vyos.io/t/using-a-preshared-key-in-a-wireguard-interface/5543/6

VyOS 1.2 (crux)

show interfaces wireguard
 wireguard wg0 {
     address 192.0.2.0/31
     peer one {
         allowed-ips 0.0.0.0/0
         preshared-key e+SIIUcrnrSDHhbTtpjwKhSlSdUALA5ZvoCjfQXcvmA=
         pubkey /qQGAQ2HfLSZBSCpdgps04r9wRlK7bSFraCH9+MScmw=
     }
     peer two {
         allowed-ips 0.0.0.0/0
         pubkey /qQGAQ2HfLSZBSCpdgfooor9wRlK7bSFraCH9+MScmw=
     }
 }

A PSK can be configured to only one peer.

VyOS 1.3 (equuleus)

set interfaces wireguard wg0 address '192.0.2.0/31'
set interfaces wireguard wg0 peer one allowed-ips '0.0.0.0/0'
set interfaces wireguard wg0 peer one preshared-key 'e+SIIUcrnrSDHhbTtpjwKhSlSdUALA5ZvoCjfQXcvmA='
set interfaces wireguard wg0 peer one pubkey '/qQGAQ2HfLSZBSCpdgps04r9wRlK7bSFraCH9+MScmw='
set interfaces wireguard wg0 peer two allowed-ips '0.0.0.0/0'
set interfaces wireguard wg0 peer two pubkey '/qQGAQ2HfLSZBSCpdgfooor9wRlK7bSFraCH9+MScmw='

Returns:

  - List Item

VyOS had an issue completing a command.

We are sorry that you encountered a problem while using VyOS.
There are a few things you can do to help us (and yourself):
- Make sure you are running the latest stable version of VyOS
  the code is available at https://downloads.vyos.io/?dir=release/current
- Contact us using the online help desk
  https://support.vyos.io/
- Join our community on slack where our users exchange help and advice
  https://vyos.slack.com

When reporting problems, please include as much information as possible:
- do not obfuscate any data (feel free to contact us privately if your
  business policy requires it)
- and include all the information presented below

Report Time:      2020-06-23 08:55:16
Image Version:    VyOS 1.3-tmp-202006220928
Release Train:    equuleus

Built by:         christian@poessinger.com
Built on:         Mon 22 Jun 2020 09:28 UTC
Build UUID:       b897081c-b8dc-416f-a782-3cc0530e302b
Build Commit ID:  8476678259edc2

Architecture:     x86_64
Boot via:         installed image
System type:      VMware guest

Hardware vendor:  VMware, Inc.
Hardware model:   VMware Virtual Platform
Hardware S/N:     VMware-42 3f 67 73 77 df c4 80-42 c9 42 af ff 15 de 0b
Hardware UUID:    73673f42-df77-80c4-42c9-42afff15de0b

Traceback (most recent call last):
  File "/usr/libexec/vyos/conf_mode/interfaces-wireguard.py", line 327, in <module>
    apply(c)
  File "/usr/libexec/vyos/conf_mode/interfaces-wireguard.py", line 311, in apply
    w.update()
  File "/usr/lib/python3/dist-packages/vyos/ifconfig/wireguard.py", line 214, in update
    self._cmd(cmd)
  File "/usr/lib/python3/dist-packages/vyos/ifconfig/control.py", line 48, in _cmd
    return cmd(command, self.debug)
  File "/usr/lib/python3/dist-packages/vyos/util.py", line 179, in cmd
    raise OSError(code, feedback)
PermissionError: [Errno 1] failed to run command: wg set wg0 listen-port 0 fwmark 0 private-key /config/auth/wireguard/default/private.key peer /qQGAQ2HfLSZBSCpdgfooor9wRlK7bSFraCH9+MScmw=  preshared-key /config/auth/wireguard/psk  allowed-ips 0.0.0.0/0 persistent-keepalive 0
returned:
exit code: 1

noteworthy:
cmd 'wg set wg0 listen-port 0 fwmark 0 private-key /config/auth/wireguard/default/private.key peer /qQGAQ2HfLSZBSCpdgfooor9wRlK7bSFraCH9+MScmw=  preshared-key /config/auth/wireguard/psk  allowed-ips 0.0.0.0/0 persistent-keepalive 0'
returned (out):

returned (err):
fopen: No such file or directory

[[interfaces wireguard wg0]] failed

Details

Version
1.3-202006220
Is it a breaking change?
Unspecified (possibly destroys the router)
Issue type
Bug (incorrect behavior)

Related Objects