wireguard-ui icon indicating copy to clipboard operation
wireguard-ui copied to clipboard

Published 20 hours ago verified publisher icon ngoduykhanh

wireguard more wg servers

Open xgusto opened this issue 1 year ago • 10 comments

I need to create more wireguard network. Each network will have its own config e.g.

Network 10.10.0.0/24 wg0.conf
Network 10.10.1.0/24 wg1.conf
Network 10.10.2.0/24 wg2.conf

etc It is possible ?

xgusto avatar Jan 24 '24 20:01 xgusto

Please read #481, this feature is already implemented. All subnets will be configured in one configuration file, wg0.conf

nebulosa2007 avatar Jan 25 '24 06:01 nebulosa2007

Please read #481, this feature is already implemented. All subnets will be configured in one configuration file, wg0.conf

I think that you are wrong. SR is a subdivision of a large address space assigned to a single interface (usually wg0). While OP asks for multiple interfaces support.

0xCA avatar Jan 25 '24 06:01 0xCA

Yes, I need more isolated networks

Network 10.10.0.0/24 wg0.conf - on port 51820
Network 10.10.1.0/24 wg1.conf - on port 51821
Network 10.10.2.0/24 wg2.conf - on port 51822

xgusto avatar Jan 25 '24 06:01 xgusto

Yes, I need more isolated networks

For now you can use SR with iptables, implementing multiple interfaces is not an easy thing. I thought about it, but no concrete plans atm.

0xCA avatar Jan 25 '24 06:01 0xCA

The WG UI just might generate wg*.conf for you if you run three instances. But you also need three: tunnels, default gateways, interfaces - to really isolate users. All this WG UI can't do, you should realize that.

Anyway, for my configuration, I use these iptables rules to work and I can enable user isolation. Maybe that would be an option for you?

nebulosa2007 avatar Jan 25 '24 07:01 nebulosa2007

I also use wireguard outside of docker. There it is possible to create more instances of wg0.conf, wg1.conf, etc... I didn't know it would be complicated for wireguard-ui. The only thought that comes to mind is to install more wireguard-ui + wireguard in dockers. Or use wireguard (wg-quick) and configure everything via cli.

xgusto avatar Jan 25 '24 08:01 xgusto

I also don't use docker, but that's not the issue. Again, the problem is not the WG UI, it's the complex iptables rules you have to write. The WG UI doesn't provide anything about this, it just helps generate wg.conf

Or use wireguard (wg-quick) and configure everything via cli.

That would be the preferred option, IMO

nebulosa2007 avatar Jan 25 '24 09:01 nebulosa2007

install more wireguard-ui + wireguard in dockers

You don't have to do this. Use one wg service installed on the host, and three wg-ui in containers (write one compose file for three services, with the same image, and a slightly different configurations) This way you will have three wg*.conf files (each managed by one wg-ui instance), all used by one wireguard service, it will create three networks for you.

0xCA avatar Jan 25 '24 09:01 0xCA

I am currently using wireguard in LXC (without docker) and it works fine. But I wanted to try wireguard-ui, because one can make mistakes when using cli. Does this mean that if I already run wireguard in LXC, I would not need docker, but only wireguard-ui (3x for 3 networks)?

xgusto avatar Jan 25 '24 10:01 xgusto

It was also written about here https://github.com/ngoduykhanh/wireguard-ui/issues/180

xgusto avatar Jan 28 '24 17:01 xgusto