How easy would it be to import a wg-quick config into this?

Hey all. I’m supporting an existing VPN server based on wg-quick; which requires users to supply public keys for me to load into a wg0.conf file on the server end. I figure something like this would remove that task; and I used Subspace on a different setup, but it had its own weird way of handling user keys. Anyone try this migration, or would I need to start from scratch? Thanks!

Hi,

Possibly this feature request is related:

I had a look at doing this manually a little while ago (migrating from Subspace) and came to the conclusion it’s not possible to import the configs at a level that would keep the existing client configurations working. In my case it was just easier to recreate the clients as there wasn’t a large number rather than spending further time trying to get them imported.

1 Like

Confirm this message

Confirm? Sorry I didn’t reply sooner to this @gbe0 & @vadym_p . I need to check with the folks I setup VPN for, to see if they want to change over to this or not.

@unquietwiki Could you post an example snippet of your WireGuard config (keys redacted)? I should be able to whip up a script or something for ya.

In theory something like this should work:

  1. Install Firezone 0.4.5
  2. Override private key:
echo -n $WG_PRIVATE_KEY > /var/opt/firezone/cache/wg_private_key
firezone-ctl reconfigure
  1. Assuming you’re fine have all devices under your admin user:
# Alias the Firezone binary
alias fz='/opt/firezone/embedded/service/firezone/bin/firezone'

# Create device for each peer in your config. Use your admin user id for `user_id`
fz rpc 'FzHttp.Devices.create_device(%{"user_id" => ADMIN_USER_ID, "public_key" => "PEER PUBLIC KEY", "preshared_key" => "PEER PSK", "name" => "Sample Device Name"})'

If you have MTU, DNS, PersistentKeepalive, etc configured you’ll need to configure the equivalent settings in Firezone as well.

Sure thing @jamil ; thanks!

### IPv4: the hosts should be /32, but the network is /22
### After editing: systemctl reload wg-quick@wg0

# KEEP THIS
[Interface]
Address = 172.31.155.3/22,fd68:6561:7274:b33f::155:3/64,fd68:6561:7274:b33f::ffff/64
MTU = 1280
PrivateKey = REDACTED
ListenPort = 51820

# Own public key
[Peer]
PublicKey = REDACTED
AllowedIPs = fd68:6561:7274:b33f::/64,172.31.152.0/22,fd68:6561:7274:dead::/64,192.168.152.0/23

# ====== Users ======

# USER 1
[Peer]
PublicKey = REDACTED
AllowedIPs = 172.31.152.2/32,fd68:6561:7274:b33f::152:2/128

# USER 2
[Peer]
PublicKey = REDACTED
AllowedIPs = 172.31.152.3/32,fd68:6561:7274:b33f::152:3/128

# USER 3
[Peer]
PublicKey = REDACTED
AllowedIPs = 172.31.152.4/32,fd68:6561:7274:b33f::152:4/128

# Site Router
[Peer]
PublicKey = REDACTED
AllowedIPs = 172.31.152.1/32,fd68:6561:7274:b33f::152:1/128,fd68:6561:7274:b33f::d/128,fd68:6561:7274:dead::/64,192.168.152.0/23