Wireguard peer public key update leaves redundant peers and breaks connectivity
Closed, ResolvedPublicBUG
Actions

Assigned To

Authored By

	ishan
	Nov 1 2023, 6:53 PM

Description

Summary

I have a peer with public key X. In vyos config, I change public key for this peer to Y and commit. After this, I am now left with two peers with duplicate configs except one has public key X and another has public key Y

Steps to reproduce

Wireguard config

vyos@router# show interfaces wireguard wg1
 address 10.20.203.230/32
 mtu 1432
 peer pia-de-frankfurt {
     address 
     allowed-ips 0.0.0.0/0
     description "PIA DE Frankfurt"
     persistent-keepalive 10
     port 1337
     public-key vRmrVyZc9if1AoZTqS+nAoRqiNj5ZwOneJbwSURUtRc=
 }
 port 51821
 private-key ...

vyos@router# sudo wg show wg1
interface: wg1
  public key: iL9k46UCSGPljlq+McVoYfmxCu4bphGB4rD+/HmSuRA=
  private key: (hidden)
  listening port: 51821

peer: vRmrVyZc9if1AoZTqS+nAoRqiNj5ZwOneJbwSURUtRc=
  endpoint: 138.199.18.149:1337
  allowed ips: 0.0.0.0/0
  latest handshake: 41 seconds ago
  transfer: 184 B received, 872 B sent
  persistent keepalive: every 10 seconds
[edit]
vyos@router# set interfaces wireguard wg1 peer pia-de-frankfurt public-key 'cMsnQ0Va1vyU7j/JY/fuImeH0ScP8A0yIGwMylAa9XM='
[edit]
vyos@router# commit
[edit]
vyos@router# sudo wg show wg1
interface: wg1
  public key: iL9k46UCSGPljlq+McVoYfmxCu4bphGB4rD+/HmSuRA=
  private key: (hidden)
  listening port: 51821

peer: vRmrVyZc9if1AoZTqS+nAoRqiNj5ZwOneJbwSURUtRc=
  endpoint: 138.199.18.149:1337
  allowed ips: (none)
  latest handshake: 1 minute, 13 seconds ago
  transfer: 184 B received, 968 B sent
  persistent keepalive: every 10 seconds

peer: cMsnQ0Va1vyU7j/JY/fuImeH0ScP8A0yIGwMylAa9XM=
  endpoint: 138.199.18.149:1337
  allowed ips: 0.0.0.0/0
  transfer: 0 B received, 592 B sent
  persistent keepalive: every 10 seconds