luci icon indicating copy to clipboard operation
luci copied to clipboard
verified publisher icon openwrt

Feature request: luci-proto-wireguard to add wireguard peer names to /etc/hosts

Open jxs opened this issue 10 months ago • 4 comments

What would you like to see in luci?

Hi, and thank you for all the work on openwrt! Would it be possible/make sense to add the Wireguard Peer's Endpoint Host to etc/hosts so that dnsmasq would be able resolve reverse queries for the wireguard addresses?

jxs avatar May 02 '25 15:05 jxs

Can you walk me through an example?

systemcrash avatar May 05 '25 18:05 systemcrash

Let me guess :)

Let's assume that Local domain option is set to myworld.abc. If we have a Wireguard interface with a peer named warehouse and the peer Allowed IP is set to 10.10.10.123 then FQDN warehouse.myworld.abc should be resolved as 10.10.10.123. Did I guess it right?

What if a peer name contains spaces or other non-compliant symbols? In this case the peer's name should be converted to Punycode and this scenario need additional testing.

What if a peer has more than one IP defined?

this-username-has-been-taken avatar May 06 '25 08:05 this-username-has-been-taken

Reverse queries require a PTR record. dnsmasq supports these via --host-record and --ptr-record, so in theory tweaking the proto/init scripts to ask dnsmasq to add a 'forward' record should invoke the creation of a reverse (PTR) record. So you don't even need to touch /etc/hosts.

The drawbacks of this approach are that once created, any changes on the wg side might not automatically propagate to the DHCP host entries (which is where the records should be set). The most logical placement of some autoconfig would be in hotplug. The last few efforts to handle automatic interface management for wireguard have stalled.

In any case, luci isn't the place where this kind of config should be done.

systemcrash avatar May 06 '25 11:05 systemcrash

Thanks for the responses folks!

Let's assume that Local domain option is set to myworld.abc. If we have a Wireguard interface with a peer named warehouse and the peer Allowed IP is set to 10.10.10.123 then FQDN warehouse.myworld.abc should be resolved as 10.10.10.123. Did I guess it right?

yeah exactly, I suggested the Endpoint Host in the first post but noticed it can't be used for that, same as the interface name this would need to be an extra field used specially for that. It did not even need to append to the Local domain it'd just need to be a FQDN so that it would be reachable.

In any case, luci isn't the place where this kind of config should be done.

What if this field and feature was entirely managed by Luci? Thou I can understand this may be to complicated to manage.

jxs avatar May 18 '25 08:05 jxs