0

I've setup two wireguard peer servers and can connect sucessfully to each one independetly.

But when I try to connect to two peers at same time and split tunnels, It does fails to hand shake with second server. I think thats because two peers private keys are different, and In multi peer client I can only enter one server's private key.

I don't know how can these two peers work together with one private key?

My main goal is to setup two peer servers and split tunnel for specific range ip.

Here I've pasted two servers and peers config and also multi peer client. Would appreciate any help.

Server 1:
[Interface] 
Address = 10.7.0.1/24 
PrivateKey = EKSCFdQiAgXsL4Wm40z63fdXL7q4PCgyB4XhNqkq+1A= 
ListenPort = 51820

[Peer]
PublicKey = G5ZurqtqfiMCgkImUfA+R17r3IaYhAh/jWZpNtB/4iI=
PresharedKey = mekE11iavS70vbJ/mLunFxRDEzYwXuGX2wdCZw8FFyc=
AllowedIPs = 10.7.0.2/32

Server 2:
[Interface]
Address = 10.7.0.1/24
PrivateKey = +IapZjrB8UfiTdsJNUWIFntK00z2v6MTpeYqHVMMTmI=
ListenPort = 51820

[Peer]
PublicKey = l7YElLKnNWLUmohKpR+rQDORLmXm5geAivz9AzbbvkE=
PresharedKey = J+kdful8xJW1uMdVGfrDM+D2v/dyl/Y8SYp+0/rS/mM=
AllowedIPs = 10.7.0.2/32
  • Note that I've tried and managed to get same range ip (10.7.0.2) on both servers. don't know is it necessary or causing problem or not.

Peer 1 config:
[Interface] 
Address = 10.7.0.2/24 
DNS = 8.8.8.8, 8.8.4.4 
PrivateKey = WMrHIjr71kv7Cl3zw9mx72d8uCTmLJPDk6K0j7FWjmg=

[Peer]
PublicKey = gu78igdrkMzlowf8988zYt58ciI0DTmz4QMzZ1QgfCs=
PresharedKey = mekE11iavS70vbJ/mLunFxRDEzYwXuGX2wdCZw8FFyc=
AllowedIPs = 0.0.0.0/0, ::/0
Endpoint = SERVER_A:51820
PersistentKeepalive = 25

Peer 2 config:
[Interface]
Address = 10.7.0.2/24
DNS = 8.8.8.8, 8.8.4.4
PrivateKey = yNGP/MbTAjyADyTLuv19PwL5rCj6Q8j/hJGVz+Cafko=

[Peer]
PublicKey = HdYcIUebtkxiXWwcvaef8Z+/wrEqV7ArzL4Jbknus3A=
PresharedKey = J+kdful8xJW1uMdVGfrDM+D2v/dyl/Y8SYp+0/rS/mM=
AllowedIPs = 0.0.0.0/0, ::/0
Endpoint = SERVER_2:51820
PersistentKeepalive = 25

And finally, the multi peer config i'm trying to use but fail: Client config:

[Interface]
Address = 10.7.0.2/32
DNS = 8.8.8.8, 8.8.4.4
PrivateKey = yNGP/MbTAjyADyTLuv19PwL5rCj6Q8j/hJGVz+Cafko=

[Peer]
PublicKey = HdYcIUebtkxiXWwcvaef8Z+/wrEqV7ArzL4Jbknus3A=
PresharedKey = J+kdful8xJW1uMdVGfrDM+D2v/dyl/Y8SYp+0/rS/mM=
AllowedIPs = 8.0.0.0/8
Endpoint = SERVER_2:51820
PersistentKeepalive = 25

[Peer]
PublicKey = gu78igdrkMzlowf8988zYt58ciI0DTmz4QMzZ1QgfCs=
PresharedKey = mekE11iavS70vbJ/mLunFxRDEzYwXuGX2wdCZw8FFyc=
AllowedIPs = 45.0.0.0/8
Endpoint = SERVER_A:51820
PersistentKeepalive = 25

Wireguard logs from second server which fails to handshake as private key issue:

kernel: [70290.070053] wireguard: wg0: Invalid handshake initiation from MY_IP:64230

kernel: [70295.369403] wireguard: wg0: Invalid handshake initiation from MY_IP:64230

kernel: [70300.569581] wireguard: wg0: Invalid handshake initiation from MY_IP:64230

Can anybody help me how can I achieve split tunnel using two peers and fixing this private key issue? Thanks.

user3411911
  • 11
  • 1
  • 5
  • 1
    Why is your client using the same private key as one of its peers? – user1686 Jul 12 '21 at 14:55
  • 1
    @user1686 I thought I might use first peer's Interface as base and then append second peer to it. Am I did it wrong? If so, which private key should I put in the client? Thanks. – user3411911 Jul 12 '21 at 15:03
  • 1
    @user1686 Also please note those configs that have same private keys are both client configs and not server. I just tried to merge both peer clients so I reach the goal of multi peer splitting. – user3411911 Jul 12 '21 at 15:07

1 Answers1

0

Thanks to wireguard's IRC channel #wireguard members, finally the problem has been solved.

To fix it, the public key in two server's [Peer] must be same.

In my example, I had to put "l7YElLKnNWLUmohKpR+rQDORLmXm5geAivz9AzbbvkE=" in server 1 [Peer] PublicKey field.

This fixed the problem.

user3411911
  • 11
  • 1
  • 5