7

I have successfully installed Wireguard on Debian Buster. Now I wanted to configure IPv6 afterwards. I have done that. But the settings inside the [Peer]-Section of wg0.conf do not seem to be persistent.

systemctl stop wg-quick@wg0.service
nano /etc/wireguard/wg0.conf

Result:

[Peer]
PublicKey = xxxxx
AllowedIPs = 10.200.200.2/32, xxx:xxxx:xx:xxx:100::2/72

After saving and restarting the service systemctl start wg-quick@wg0.service the wg0.conf looks fine.

When I restart the VM or the Service again, all my additional settings are lost.

[Peer]
PublicKey = xxxxx
AllowedIPs = 10.200.200.2/32

Any idea?

Thats how my wg0.conf should look like

[Interface]
Address = 10.200.200.1/24
Address = xxxx:xxx:xx:xxx::1/72
DNS = 10.200.200.1
SaveConfig = true
PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE; ip6tables -A FORWARD -i wg0 -j ACCEPT; ip6tables -t nat -A POSTROU$
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE; ip6tables -D FORWARD -i wg0 -j ACCEPT; ip6tables -t nat -D POSTR$
ListenPort = 51820
PrivateKey = xxx

[Peer]
PublicKey = xxx
AllowedIPs = 10.200.200.2/32, xxx:xxxx:xx:xxx:100::2/72

[Peer]
PublicKey = xxx
AllowedIPs = 10.200.200.3/32, xxx:xxxx:xx:xxx:100::3/72

[Peer]
PublicKey = xxx
AllowedIPs = 10.200.200.4/32, xxx:xxxx:xx:xxx:100::4/72
Gill-Bates
  • 585
  • 2
  • 8
  • 23

2 Answers2

7

Solved the issue. The magic trick: always stop the Interface with wg-quick down wg0 before editing the wg0.conf File. systemctl stop wg-quick@wg0.service will override the wg0.conf File after the next start.

Gill-Bates
  • 585
  • 2
  • 8
  • 23
  • For anyone like me wondering "Why???" the answer is that SaveConfig is on by default, documented here: https://manpages.debian.org/unstable/wireguard-tools/wg-quick.8.en.html – Nathan Fig Aug 16 '23 at 21:47
0

I had the same problem on an Ubuntu server 22.04LTS. I noticed that the wg0.conf was read (toggling "SaveConfig = true" to false and vice versa was followed) and I even could add a new peer. But any changes to existing peers were ignored. In my case the adding of an allowed IPv6 IP obviously caused a parsing error without any error report. At the beginning I added the IPv6 address like this

AllowedIPs = 10.200.200.2/32, xxx:xxxx:xx:xxx:100::2/64

and it did not work. Then I accidently I forgot the segment descriptor /64

AllowedIPs = 10.200.200.2/32, xxx:xxxx:xx:xxx:100::2

and it works! wg0 reports

AllowedIPs = 10.200.200.2/3 xxx:xxxx:xx:xxx:100::2/128

I can not tell you the exact reason of the behaviour, but for me the problem is solved.

cat linus
  • 1
  • 2