Maniphest T6490

Allow creation of wireguard interfaces without requiring peers
Closed, ResolvedPublicFEATURE REQUEST
Actions

Assigned To

Authored By

	Alfa80
	Jun 16 2024, 7:01 AM

Tags

Referenced Files

	F4447932: ExampleMikrotik.jpg
	Jun 16 2024, 7:01 AM

Subscribers

Global Notifications

Description

Reduce requirement for creating a Wireguard interface down to just having a name and a private-key.

As a result we will be able to create a Wireguard interface by just running

generate pki wireguard key-pair install interface wg0

Currently, when you are trying to creating such a stub Wireguard interface, you will see the following message which prevents a commit:

"At least one Wireguard Peer is Required"

NOTE1: Current behavior also prevents you from referencing that to-be-created interface in other commands . For example, if you run

generate wireguard client-config clnt  wg0 server router.example.com

You will receive the following error:

Wireguard interface "wg0" does not exist

NOTE2: Some other platforms I tried allows you to create interfaces first, then create peers later. Where creation of interfaces and peers are decoupled, configuration tasks would easier by being able to be broken down in smaller steps
(example screenshot of a reference idea attached - you see a bunch of interfaces are created, but just one peer is created and assigned to one of the interfaces)

ExampleMikrotik.jpg (359×590 px, 65 KB)

NOTE3: I think it would not be necessary to enforce it this way, but we may request the user to put such interface in "disabled" state before committing such peerless interface configurations if desired

Details

Version: rolling-202406130020
Is it a breaking change?: Perfectly compatible
Issue type: Feature (new functionality)

Related Objects

Mentioned In: rVYOSONEX2419c2f42b12: T6490: Allow creation of wireguard interfaces without requiring peers (#4194)
T4930: Allow using domain names for WireGuard peer addresses

Event Timeline

Alfa80 created this task.Jun 16 2024, 7:01 AM

Alfa80 triaged this task as Wishlist priority.

Alfa80 created this object in space S1 VyOS Public.

pasik subscribed.Jun 16 2024, 12:57 PM

syncer edited projects, added VyOS Rolling; removed VyOS 1.5 Circinus.Nov 1 2024, 6:08 PM

syncer changed the subtype of this task from "Task" to "Feature Request".

syncer added a subscriber: Global Notifications.Nov 1 2024, 9:19 PM

I created a PR https://github.com/vyos/vyos-1x/pull/4194

syncer changed the task status from Open to In progress.Nov 15 2024, 11:34 AM

syncer assigned this task to sskaje.

syncer moved this task from Need Triage to Backlog - Feature Requests on the VyOS Rolling board.

sskaje mentioned this in T4930: Allow using domain names for WireGuard peer addresses.Nov 15 2024, 12:03 PM

Fr0stedD0nut subscribed.Nov 18 2024, 5:17 PM

Restricted Repository Identity mentioned this in rVYOSONEX2419c2f42b12: T6490: Allow creation of wireguard interfaces without requiring peers (#4194).Nov 19 2024, 7:40 PM

Needs testing

dmbaturin added a project: VyOS 1.5 Circinus (1.5-stream-2025-Q2).Jul 9 2025, 10:55 AM

dmbaturin changed Is it a breaking change? from Unspecified (possibly destroys the router) to Perfectly compatible.

dmbaturin changed Issue type from improvement to Feature (new functionality).

dmbaturin moved this task from Open to Finished on the VyOS 1.5 Circinus (1.5-stream-2025-Q2) board.Jul 9 2025, 1:17 PM

Viacheslav closed this task as Resolved.Sep 25 2025, 1:51 AM

Viacheslav moved this task from Backlog - Feature Requests to Completed on the VyOS Rolling board.