Posts by nespola

Quote from madhouse

Hi, send me a file of yours modifying/deleting only the private key.

Ciao!

It is something like this (nothing fancy, just what I need and is working well across my virtual subnetwork):

[Interface]
PrivateKey = xxxxxxxxxxxxxxxxxxxxxxxxxx
Address = 192.168.5.82
ListenPort = 456

[Peer]
PublicKey = zzzzzzzzzzzzzzzzzzzzzzzzzzzzzz
Endpoint =  x.x.x.x:xx
AllowedIps = 192.168.5.82/32
AllowedIPs = 192.168.5.x/32
AllowedIPs = 192.168.5.xx/32
[Other Allowed IPs...]
PersistentKeepalive = 25

I have avoided things like 0.0.0.0/24

I have something like max 8 devices to manage and this approach at the moment is manageable.

The VPN server at the moment is not a gateway to the Internet (I have IP forwarding on the server configuration, but the function is not activated).

Thank you!

Quote from madhouse

Hi, using personal files you have the possibility to choose the path where to keep your personal .conf files safe, you simply have to run the files that are populated in the plugin list.

You do not need to edit the wg0.conf file in /etc/wireguard, that file is overwritten every time a new server is started.

Thank you madhouse.
Nevertheless there is something I still do not fully understand.

I have actually been trying to put the right things in configuration file in my own directory, as suggested.

But then, as far as I understand, the parameters are read from there and translated (especially routing and AllowedIPs) in a way I cannot control in the /etc/wireguard/wg0.conf file. Which is the one that wireguard eventually uses and is therefore the one that counts in the end.

And that does not fully suit my needs.

Which are a bit different from the majority of users here, since I am not using in this circumstances the VPN to cross geofencing and specifically I do not need (and I do not want) to route any general Internet traffic through the VPN.

Inserting bazillions of exceptions is not a very elegant solution (and nevertheless as of now even a few test domains do not work for some reason).

I fully understand why you make it this way, in order to make the configuration task easy even for inexperienced users, but I am hitting a wall here because of this.

Just to describe my "frustration" I had even tried to disable root writing privilege to the wg0.conf file, but of course this brings to nothing, since there must be a wise check about writing errors and plugin initialisation stops!

Actually, at the moment I am reaching 90% of what I need, which is a lot, especially when compared to the 0% level I was only few days ago when I had not yet got to know about your plugin.

But I would be very happy to be able to reach the 100% finish line!

Thank you!

Dear Madhouse,

the plugin works well and solves me a lot of problems.

It really came at the right moment for me!

Therefore, many kudos and thanks!

But not all of them.

If I am not doing something wrong, I see that you write the configuration file that is used by Wireguard in etc/wireguard, which is the usual location across Linux flavours.

The problem is that you make the plugin overwrite it when the plugin starts or connects (I do not know exactly, but it does not matter).

And it is overwritten with specific parameters, which do not reflect (they overrule) what I put in the configuration file in the user directory, or even changing this file directly (the file gets changed again after my modifications).

As I wrote some posts above, I have my own WG server (long story why it is so) and I do not need the traffic to be all directed through it.

I know how to deal with this situation, since I have now some 7 peers in the WG sub network and all works well, at least it works in the way I need.

But if the configuration file gets always rewritten following rules that are very good for commercial VPN servers, I cannot configure it the way I need.

Could it be possible to introduce a switch to avoid this and let the user tamper at its own risk on the wg0.conf file?

Thank you again and please forgive me if some of the above is not totally correct (in that case, correct me! :-) )!

A question:

I have my own WG server.

To use that I need the private key for the local conf file (and that I can take from the file generated for Cloudfare), but how can I get the corresponding publickey?

And in any case, how can i generate the private/public key pair?

I have looked around the plugin and instructions (and obviously in this thread), but at this moment I feel a bit lost.

Thank you for any hint and kudos for the great work!