Comments (9)
Hi @bryane50 this is the Wireguard Client add-on. Peer field (one and only one) specifies the host machine that acts as a gateway for your VPN network. Please take a look at Wireguard documentation: https://www.wireguard.com/
from addon-wireguard-client.
Wireguard has not concept of "servers" or "clients", just a list of peers that are connected and used. They can be configured to simulate a server/client setup (if you like), or a full mesh, or some hybrid. This is a small schematic of one of my wg networks that my home assistant is part of (with the help of this addon)
My laptop connect to both Blue and Red for redundancy and performance (when I'm at Red's network there is no point to sent files via Blue). I have connected HA to Green but I would love to have the option to connect it to Blue as well for redundancy (like my laptop).
This network has no gateway, it's not intended to be used for that purpose. I use it as a internal network for services (like HA) to connect components together. I had to be a little creative to solve this with this addon, I added for example
post_up: /bin/true
post_down: /bin/true
to "disable" the post_up/down configuration. The validation required me to have them. The DNS also made no sense for me, so I just added my normal DNS again to get past the validation.
I'm fine if you like to keep this addon like it is now, Wireguard is a tool that you can use for many various ways to build interesting networks. I just want to make sure it's an active choice of your part and not a misunderstanding.
from addon-wireguard-client.
Hi @nsg thank you for your idea. Yes I know the Wireguard networking concept under that. Regarding your configuration, has your client two different network interfaces?
from addon-wireguard-client.
@bigmoby Yes, my HA has two interfaces, and wg0 is the third virtual network on that machine.
from addon-wireguard-client.
Ok thank you @nsg , please could you post here your wireguard (client / peer) configuration, obfuscated of course? so I could try to reproduce it by the add-on configuration.
DISCLAIMER: I created this add-on with raspberry in mind and with only one net interface so I could not promise it works in other environments...I could try
from addon-wireguard-client.
Sure, this is the configuration file I use with WireGuard Client
interface:
private_key: sEcrEtpRIvatEkey=
address: 10.0.0.2/24
dns:
- 10.0.1.1
post_up: /bin/true
post_down: /bin/true
peer:
public_key: pUBlickey=
pre_shared_key: ''
endpoint: myserver.example.com:1234
allowed_ips:
- 10.0.0.0/24
persistent_keep_alive: '25'
This generates this actual config (wg0.conf) inside the container:
[Interface]
PrivateKey = sEcrEtpRIvatEkey=
Address = 10.0.0.2/24
DNS = 10.0.0.1
PostUp = /bin/true
PostDown = /bin/true
[Peer]
PublicKey = pUBlickey=
Endpoint = myserver.example.com:1234
AllowedIPs = 10.0.0.0/24
PersistentKeepalive = 25
DNS, PostUP and PostDown are required so I tried to disable then with /bin/true
and my normal DNS. The following config would have be preferred for me:
[Interface]
PrivateKey = sEcrEtpRIvatEkey=
Address = 10.0.0.2/24
[Peer]
PublicKey = pUBlickey=
Endpoint = myserver.example.com:1234
AllowedIPs = 10.0.0.0/24
PersistentKeepalive = 25
My WG network is 10.0.0.0/24
, and the two physical interfaces uses 10.0.1.0/24
and 10.0.2.0/24
. 10.0.1.0/24
is the default route with the gateway.
Here is my configuration on my laptop with multiple peers
[Interface]
ListenPort = 1234
PrivateKey = sEcrEtpRIvatEkey=
Address = 10.0.0.4/24
[Peer]
PublicKey = pUBlickey=
Endpoint = myserver.example.com:1234
AllowedIPs = 10.0.0.0/24
[Peer]
PublicKey = pUBlickey2=
Endpoint = myserver2.example.com:1234
AllowedIPs = 10.0.0.3/24
Multiple peers would of course be even more preferred, with a list instead of a single peer:
peers:
- public_key: pUBlickey=
pre_shared_key: ''
endpoint: myserver.example.com:1234
allowed_ips:
- 10.0.0.0/24
persistent_keep_alive: '25'
- public_key: pUBlickey2=
pre_shared_key: ''
endpoint: myserver2.example.com:1234
allowed_ips:
- 10.0.0.3/24
If you like, I can make a PR and/or code suggestions :)
from addon-wireguard-client.
After my request for multiple peers was closed with no discussion other than to rtfm, I decided to fork the wireguard client addon and make the changes to handle this. If this feature is going to be added to the existing wireguard client please post that information here so that I don't spend any more time on these changes. I also would like to see the requirement for dns, postup and postdown fields removed (but still allowed) since these are optional in the wireguard system and not needed in all situations.
And thank you to @bigmoby for creating this addon from the server oriented version in the home assistant library, since that model is not what I needed to create my vpn connection.
from addon-wireguard-client.
Yes as already I wrote I'll try to implement it. Of course you're welcome to write a PR 👍
from addon-wireguard-client.
Hi guys, I want to thank You for your suggestions 🙏
I've created the version 0.1.9 of this add-on, I hope could be useful for your needs!
Please give me a feedback 👍
from addon-wireguard-client.
Related Issues (20)
- problems installing Wireguard client on HACS HOT 1
- It won't hold the connection to wireguard. HOT 4
- connecting to non-default wg port not possible HOT 4
- Remote HomeAssistant Break after update to 0.2.0 HOT 11
- no local connect HOT 1
- After adding the reposity and refreshing the add-on store I cannot find the wireguard client HOT 4
- Problem connecting to wireguard server HOT 3
- no handshake over IPv6 HOT 1
- set MTU size HOT 1
- Extremely slow connection between server and client HOT 2
- [TUN] [wg_server] No valid endpoint has been configured or discovered for peer 3 HOT 7
- Unable to connect domain.duckdns.org, connection not made between client and server HOT 7
- JSON format HOT 2
- Connecting to HomeAssistant UI via WireGuard Client HOT 4
- Home-Assistant working as a NAT Server for VPN client connection HOT 1
- HA seems not accessible from inside vpn HOT 2
- IP masquerading not working correctly HOT 3
- Core updates will fail -- Solution: disable WireGuard HOT 1
- WireGuard client status API - change port HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from addon-wireguard-client.