Wireguard use existing wg1.conf and wg2.conf

Pre trying to setup lscr.io/linuxserver/wireguard, I have two wireguard networks.

wg1 (192.168.201.0/24, port 51821) is my “server” network. All of my servers and routers are on this network and can successfully communicate with each other. A client connected to a router on this network can communicate with any server on this network (because the router, not the client) is a part of this network.

[Interface]
# server 2
Address = 192.168.201.2/24 # note the '201'
ListenPort = 51821
PrivateKey = <server 2 private key>

PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth+ -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth+ -j MASQUERADE

[peer]
# router 3
PublicKey = <router 3 public key>
AllowedIPs = 192.168.201.3/32,192.168.131.0/24
EndPoint = router-3.my domain.com:51821

[peer]
# server 4
PublicKey = <server 4 public key>
AllowedIPs = 192.168.201.4/32
EndPoint = server-4.my domain.com:51821

wg2 (192.168.202.0/24) is my “client” network. All of my servers are on this network, but each server wg2.conf file only has clients as peers. Other servers are not included as peers of any one server. On the client side, all servers are listed as peers.

Interface]
# server 2
Address = 192.168.202.2/24 # note the '202'
ListenPort = 51822 # note this is 51282, not 51281
PrivateKey = <server 2 private key>

PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth+ -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth+ -j MASQUERADE

[peer]
# client 101
PublicKey = <client 101 public key>
AllowedIPs = 192.168.202.101/32

[peer]
# client 102
PublicKey = <client 102 public key>
AllowedIPs = 192.168.202.102/32

I am very happy with this setup. However, I would like to set up a new server using wireguard and docker compose (scr.io/linuxserver/wireguard). As near as I can tell, I cannot tell linuxserver/wireguard to simply use wg1.conf and wg2.conf, but wg1.conf and wg2.conf are autogenerated.

All of my public and private wireguard keys and my internal ip address are preexisting, and I do not want them recreated by linuxserver/wireguard. I would simply like linuxserver/wireguard to reuse this existing information, ideally by reading (and not recreating) wg1.conf and wg2.conf. I am guessing that this is possible, but have no idea on where to start.

When I place wg1.conf and wg2.conf in the config/wg_conf directory, I get the following:

**** Activating tunnel /config/wg_confs/wg1.conf ****
wireguard  | [#] ip link add wg1 type wireguard
wireguard  | [#] wg setconf wg1 /dev/fd/63
wireguard  | [#] ip -4 address add 192.168.201.9/24 dev wg1
wireguard  | [#] ip link set mtu 1420 up dev wg1
wireguard  | [#] ip -4 route add <public ip of the server running docker and wireguard>/32 dev wg1
wireguard  | [#] ip -4 route add 192.168.121.0/24 dev wg1 # one of my routers subnets
wireguard  | [#] ip -4 route add 192.168.111.0/24 dev wg1 # another of mt routers subnets
wireguard  | [#] iptables -A FORWARD -i wg1 -j ACCEPT; iptables -A FORWARD -o wg1 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth+ -j MASQUERADE
wireguard  | **** All tunnels are now active ****
wireguard  | [ls.io-init] done.

There is no reference to subnet 192.168.201.0/24 which is the wg1 internal subnet.

Any advice to hopefully point me in the right direction will be appreciated.

1 Like