[Freedombox-discuss] Should wireguard have the internal networks in AllowedIPs?
A. F. Cano
afc54 at comcast.net
Sun Jan 5 21:33:22 GMT 2025
I'm getting "required key not available" as described in a posting to
the list a while back. Since the whole point of wireguard is to access
the internal networks, it seems to make sense to me that the IPs of the
internal networks (I have 2 internal interfaces) would be in the
allowedIPs, but the FreedomBox only reports 10.84.0.2 in "allowed ips":
$ sudo wg show
interface: wg0
public key: <public key>
private key: (hidden)
listening port: 51820
peer: <public key>
allowed ips: 10.84.0.2/32
persistent keepalive: every 25 seconds
10.84.0.2 is the IP of the client that connects to the FreedomBox.
10.84.0.1 is the IP of the wg0 interface of the FreedomBox:
$ ip addr
...
8: wg0: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1420 qdisc noqueue state UNKNOWN group default qlen 1000
link/none
inet 10.84.0.1/24 brd 10.84.0.255 scope global noprefixroute wg0
valid_lft forever preferred_lft forever
I have tried to add the local IP range (192.168.200.0) to
allowed-ips=10.84.0.2; in
/etc/NetworkManager/system-connections/WireGuard-Server-wg0.nmconnection
but it gets overwritten with the obove every time the wg0 interface is
brought up and I'm unable to find where Network Manager finds the
allowed ips in order to set this file.
Or am I misunderstanding how wireguard works and it's only necessary to
have 10.84.0.2 in "allowed ips". In that case, how do I get rid of the
"required key not available"? Help please. Thanks.
Augustine
More information about the Freedombox-discuss
mailing list