WireGuard Configuration

wireguard configuration wireguard configuration show wireguard status show wireguard status id \[command] show wireguard status id \[purpose] display wireguard status \[view] system view \[use cases] sonic# show wireguard status 1 interface wg1 public key yvzvppnpuu9hkc1yxh2oopsqm1hf6not0gayxsajdmo= private key (hidden) listening port 51820 peer ey1f+q49i6hpxgboqryuatqgcyg2cnjwpfzi3jyfnjy= endpoint 20 0 0 153 51820 >30 0 0 100 51820 allowed ips 10 0 0 0/24,90 0 0 0/24 show wireguard config show wireguard config id \[command] show wireguard config id \[purpose] display wireguard configuration \[view] system view \[use cases] sonic# show wireguard config 1 ip4 listen port 51820 private key ufntg/3vsdmc6qgimqisl66fzcbnv/4uisocot+gkgw= intf addr 10 0 0 1/24 peer ip4 public key yzkmpdljn+lflsvfxy9zkdhsdzn8j5bpwjjegokucj8= peer public key yzkmpdljn+lflsvfxy9zkdhsdzn8j5bpwjjegokucj8= allowed ip 0 0 0 0/0 genkey genkey \[command] genkey \[purpose] generate wireguard keys \[view] wireguard configuration view \[use cases] sonic(config wireguard 1)# genkey private key ufntg/3vsdmc6qgimqisl66fzcbnv/4uisocot+gkgw= public key yzkmpdljn+lflsvfxy9zkdhsdzn8j5bpwjjegokucj8= ip4 listen port ip4 listen port port private key string intf addr a b c d/m \[command] ip4 listen port port private key string intf addr a b c d/m no ip4 \[purpose] configure wireguard's listening port, private key, and ipv4 address \[view] wireguard configuration view \[parameter] true 143,367 left #4283c7 unhandled content type left #4283c7 unhandled content type left unhandled content type left unhandled content type left #d8e5f5 1 1 unhandled content type left #d8e5f5 1 1 unhandled content type left 1 1 unhandled content type left 1 1 unhandled content type \[use cases] sonic(config wireguard 1)# ip4 listen port 51820 private key ufntg/3vsdmc6qgimqisl66fzcbnv/4uisocot+gkgw= intf addr 10 0 0 1/24 ip6 listen port ip6 listen port port private key string intf addr a b/m \[command] ip6 listen port port private key string intf addr a b/m no ip6 \[purpose] ip6 listen port port private key string intf addr a b/m \[view] wireguard configuration view \[parameter] true 138,372 left #4283c7 unhandled content type left #4283c7 unhandled content type left unhandled content type left unhandled content type left #d8e5f5 1 1 unhandled content type left #d8e5f5 1 1 unhandled content type left 1 1 unhandled content type left 1 1 unhandled content type \[use cases] sonic(config wireguard 1)# ip6 listen port 51820 private key ufntg/3vsdmc6qgimqisl66fzcbnv/4uisocot+gkgw= intf addr 2000 1/64 mtu mtu value \[command] mtu value \[purpose] configuring the mtu for the wireguard tunnel \[view] wireguard configuration view \[use cases] sonic(config wireguard 1)# mtu 1000 nat zone nat zone id \[command] nat zone id no nat zone \[purpose] configuring nat traversal for wireguard tunnels \[view] wireguard configuration view \[parameter] true 91,419 left #4283c7 unhandled content type left #4283c7 unhandled content type left unhandled content type left unhandled content type \[use cases] sonic(config wireguard 1)# nat zone 1 peer {ip4|ip6} public key peer {ip4|ip6} public key key \[endpoint ip a b c d endpoint port port ] \[persistent keepalive int ] \[command] peer {ip4|ip6} public key key \[endpoint ip a b c d endpoint port port ] \[persistent keepalive int ] no peer {ip4|ip6} public key key \[purpose] configure the wireguard peer's public key and ip settings when the endpoint ip is not configured, it will passively receive peer requests and learn the peer's ip and port \[view] wireguard configuration view \[parameter] true 171,339 left #4283c7 unhandled content type left #4283c7 unhandled content type left unhandled content type left unhandled content type left #d8e5f5 1 1 unhandled content type left #d8e5f5 1 1 unhandled content type left 1 1 unhandled content type left 1 1 unhandled content type left #d8e5f5 1 1 unhandled content type left #d8e5f5 1 1 unhandled content type \[use cases] sonic(config wireguard 1)# peer ip4 public key yzkmpdljn+lflsvfxy9zkdhsdzn8j5bpwjjegokucj8= endpoint ip 1 1 1 1 endpoint port 51820 persistent keepalive 300 peer public key peer public key key allowed ip a b c d/m \[command] peer public key key allowed ip a b c d/m \[purpose] configure the wireguard peer's public key and allowed ip list \[view] wireguard configuration view \[parameter] true 146,364 left #4283c7 unhandled content type left #4283c7 unhandled content type left unhandled content type left unhandled content type left #d8e5f5 1 1 unhandled content type left #d8e5f5 1 1 unhandled content type \[use cases] sonic(config wireguard 1)# peer public key yzkmpdljn+lflsvfxy9zkdhsdzn8j5bpwjjegokucj8= allowed ip 10 0 0 0/24,20 0 0 0/24