wireguard multiple peers problem: information ignored

Sat, 27 Sep 2025 13:18:33 -0700 

Dear list,


I am trying to set up a wireguard interface for 2 peers and I do not
understand why, although I specify AllowedIPs for both, it gets ignored
for the 1st:

odin# cat /etc/wireguard/wg0.conf 
        [Interface]
        PrivateKey = XXXXXX (removed)
        ListenPort = 51820

        [Peer]
        PublicKey = LJNRAWz8cUS7sO/8PUlc3erIhJw8dkHr9VaDMu2DDzM=
        AllowedIPs = 192.168.23.0/24

        [Peer]
        PublicKey = Bevi0lbafrShca6QruEBw0H2DnlWw7XGHWdgJM1mkn8=
        AllowedIPs = 192.168.23.0/24

odin# cat /etc/hostname.wg0 
        inet 192.168.23.1 255.255.255.0 NONE
        up

        !/usr/local/bin/wg setconf wg0 /etc/wireguard/wg0.conf

odin# sh /etc/netstart wg0 
odin# wg
        interface: wg0
          public key: P4UVRsck8CjEkZUMS14Nphu3hgf7zI2IotJ2sit5U2A=
          private key: (hidden)
          listening port: 51820

        peer: LJNRAWz8cUS7sO/8PUlc3erIhJw8dkHr9VaDMu2DDzM=
          allowed ips: (none)

        peer: Bevi0lbafrShca6QruEBw0H2DnlWw7XGHWdgJM1mkn8=
          allowed ips: 192.168.23.0/24

So there are no allowed ips for the 1st peer.
Furthermore, if I try:

odin# ifconfig wg0 wgpeer LJNRAWz8cUS7sO/8PUlc3erIhJw8dkHr9VaDMu2DDzM= wgaip 
192.168.23.0/24
odin# wg
        interface: wg0
          public key: P4UVRsck8CjEkZUMS14Nphu3hgf7zI2IotJ2sit5U2A=
          private key: (hidden)
          listening port: 51820

        peer: LJNRAWz8cUS7sO/8PUlc3erIhJw8dkHr9VaDMu2DDzM=
          allowed ips: 192.168.23.0/24

        peer: Bevi0lbafrShca6QruEBw0H2DnlWw7XGHWdgJM1mkn8=
          allowed ips: (none)

So the 1st now has it while the second does not. Finally:

odin# ifconfig wg0 wgpeer Bevi0lbafrShca6QruEBw0H2DnlWw7XGHWdgJM1mkn8= wgaip 
192.168.23.0/24 
odin# wg                                                                        
             
        interface: wg0
          public key: P4UVRsck8CjEkZUMS14Nphu3hgf7zI2IotJ2sit5U2A=
          private key: (hidden)
          listening port: 51820

        peer: LJNRAWz8cUS7sO/8PUlc3erIhJw8dkHr9VaDMu2DDzM=
          allowed ips: (none)

        peer: Bevi0lbafrShca6QruEBw0H2DnlWw7XGHWdgJM1mkn8=
          allowed ips: 192.168.23.0/24
odin# 

As if only one peer can have the given allowed ips range,
while I would understand that it should be possible to set
it for both peers...

Can somebody give me some hint about what I am doing wrong,
please?

(I am also puzzled by the fact that some people only use
ifconfig together with wireguard-related wgpkey, wgpeer
etc., while others use wg setconf; I hope both ways should
be ok...)


Thanks a lot!
Ruda

Reply via email to