Deny the opportunity to use one public/private key pair on both wireguard peers.
Key pair generation
vyos@vyos:~$ generate pki wireguard key-pair Private key: oA2mjnxYxccfIFxnNfOZSrcJJiRl7kr9Qee999qywnY= Public key: vu1n32sZC39x97i5wXRWb62KBCsj+UGVigwdmr4uhzg=
Configuration:
set interfaces wireguard wg1 address '10.0.0.1/24' set interfaces wireguard wg1 peer TEST address '192.168.139.20' set interfaces wireguard wg1 peer TEST allowed-ips '10.0.1.0/24' set interfaces wireguard wg1 peer TEST port '51569' set interfaces wireguard wg1 peer TEST public-key 'vu1n32sZC39x97i5wXRWb62KBCsj+UGVigwdmr4uhzg=' set interfaces wireguard wg1 private-key 'oA2mjnxYxccfIFxnNfOZSrcJJiRl7kr9Qee999qywnY='
Result:
interface: wg1 public key: vu1n32sZC39x97i5wXRWb62KBCsj+UGVigwdmr4uhzg= private key: (hidden) listening port: 57089