Summary
I have a peer with public key X. In vyos config, I change public key for this peer to Y and commit. After this, I am now left with two peers with duplicate configs except one has public key X and another has public key Y
Steps to reproduce
Wireguard config
vyos@router# show interfaces wireguard wg1
address 10.20.203.230/32
mtu 1432
peer pia-de-frankfurt {
address
allowed-ips 0.0.0.0/0
description "PIA DE Frankfurt"
persistent-keepalive 10
port 1337
public-key vRmrVyZc9if1AoZTqS+nAoRqiNj5ZwOneJbwSURUtRc=
}
port 51821
private-key ...vyos@router# sudo wg show wg1 interface: wg1 public key: iL9k46UCSGPljlq+McVoYfmxCu4bphGB4rD+/HmSuRA= private key: (hidden) listening port: 51821 peer: vRmrVyZc9if1AoZTqS+nAoRqiNj5ZwOneJbwSURUtRc= endpoint: 138.199.18.149:1337 allowed ips: 0.0.0.0/0 latest handshake: 41 seconds ago transfer: 184 B received, 872 B sent persistent keepalive: every 10 seconds [edit] vyos@router# set interfaces wireguard wg1 peer pia-de-frankfurt public-key 'cMsnQ0Va1vyU7j/JY/fuImeH0ScP8A0yIGwMylAa9XM=' [edit] vyos@router# commit [edit] vyos@router# sudo wg show wg1 interface: wg1 public key: iL9k46UCSGPljlq+McVoYfmxCu4bphGB4rD+/HmSuRA= private key: (hidden) listening port: 51821 peer: vRmrVyZc9if1AoZTqS+nAoRqiNj5ZwOneJbwSURUtRc= endpoint: 138.199.18.149:1337 allowed ips: (none) latest handshake: 1 minute, 13 seconds ago transfer: 184 B received, 968 B sent persistent keepalive: every 10 seconds peer: cMsnQ0Va1vyU7j/JY/fuImeH0ScP8A0yIGwMylAa9XM= endpoint: 138.199.18.149:1337 allowed ips: 0.0.0.0/0 transfer: 0 B received, 592 B sent persistent keepalive: every 10 seconds
Expected
It should remove the peer with public key vRmrVyZc9if1AoZTqS+nAoRqiNj5ZwOneJbwSURUtRc= completely and then add the new peer.
Instead it adds 2 peers with the same routes and that breaks connectivity.