WireGuard Configuration

wireguard configuration wireguard configuration show wireguard status show wireguard status id \[command] show wireguard status id \[purpose] display wireguard status \[view] system view \[use cases] sonic# show wireguard status 1 interface wg1 public key yvzvppnpuu9hkc1yxh2oopsqm1hf6not0gayxsajdmo= private key (hidden) listening port 51820 peer ey1f+q49i6hpxgboqryuatqgcyg2cnjwpfzi3jyfnjy= endpoint 20 0 0 153 51820 >30 0 0 100 51820 allowed ips 10 0 0 0/24,90 0 0 0/24 show wireguard config show wireguard config id \[command] show wireguard config id \[purpose] display wireguard configuration \[view] system view \[use cases] sonic# show wireguard config 1 ip4 listen port 51820 private key ufntg/3vsdmc6qgimqisl66fzcbnv/4uisocot+gkgw= intf addr 10 0 0 1/24 peer ip4 public key yzkmpdljn+lflsvfxy9zkdhsdzn8j5bpwjjegokucj8= peer public key yzkmpdljn+lflsvfxy9zkdhsdzn8j5bpwjjegokucj8= allowed ip 0 0 0 0/0 genkey genkey \[command] genkey \[purpose] generate wireguard keys \[view] wireguard configuration view \[use cases] sonic(config wireguard 1)# genkey private key ufntg/3vsdmc6qgimqisl66fzcbnv/4uisocot+gkgw= public key yzkmpdljn+lflsvfxy9zkdhsdzn8j5bpwjjegokucj8= ip4 listen port ip4 listen port port private key string intf addr a b c d/m \[command] ip4 listen port port private key string intf addr a b c d/m \[purpose] configure wireguard's listening port, private key, and ipv4 address \[view] wireguard configuration view \[parameter] parameter description listen port wireguard listening port private key local private key inft addr ipv4 address of the wireguard tunnel \[use cases] sonic(config wireguard 1)# ip4 listen port 51820 private key ufntg/3vsdmc6qgimqisl66fzcbnv/4uisocot+gkgw= intf addr 10 0 0 1/24 ip6 listen port ip6 listen port port private key string intf addr a b/m \[command] ip6 listen port port private key string intf addr a b/m \[purpose] ip6 listen port port private key string intf addr a b/m \[view] wireguard configuration view \[parameter] parameter description listen port wireguard listening port private key local private key inft addr ipv6 address of the wireguard tunnel \[use cases] sonic(config wireguard 1)# ip6 listen port 51820 private key ufntg/3vsdmc6qgimqisl66fzcbnv/4uisocot+gkgw= intf addr 2000 1/64 mtu mtu value \[command] mtu value \[purpose] configuring the mtu for the wireguard tunnel \[view] wireguard configuration view \[use cases] sonic(config wireguard 1)# mtu 1000 nat zone nat zone id \[command] nat zone id \[purpose] configuring nat traversal for wireguard tunnels \[view] wireguard configuration view \[parameter] parameter description nat zone the default value is 0, meaning nat functionality is disabled when configured as 1 to 3, nat conversion functionality is enabled \[use cases] sonic(config wireguard 1)# nat zone 1 peer {ip4|ip6} public key peer {ip4|ip6} public key key \[endpoint ip a b c d endpoint port port ] \[persistent keepalive int ] \[command] peer {ip4|ip6} public key key \[endpoint ip a b c d endpoint port port ] \[persistent keepalive int ] \[purpose] configure the wireguard peer's public key and ip settings when the endpoint ip is not configured, it will passively receive peer requests and learn the peer's ip and port \[view] wireguard configuration view \[parameter] parameter description public key the public key of the remote end endpoint ip the ip address of the remote end endpint port the port of the remote end persistent keepalive tunnel survival time \[use cases] sonic(config wireguard 1)# peer ip4 public key yzkmpdljn+lflsvfxy9zkdhsdzn8j5bpwjjegokucj8= endpoint ip 1 1 1 1 endpoint port 51820 persistent keepalive 300 peer public key peer public key key allowed ip a b c d/m \[command] peer public key key allowed ip a b c d/m \[purpose] configure the wireguard peer's public key and allowed ip list \[view] wireguard configuration view \[parameter] parameter description public key the public key of the remote end allowed ip allowed ip list for encryption and decryption \[use cases] sonic(config wireguard 1)# peer public key yzkmpdljn+lflsvfxy9zkdhsdzn8j5bpwjjegokucj8= allowed ip 10 0 0 0/24,20 0 0 0/24