Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Wireguard configuration backup

    Scheduled Pinned Locked Moved WireGuard
    6 Posts 4 Posters 2.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Dehumanizer77D
      Dehumanizer77
      last edited by Dehumanizer77

      Hello,
      I have several questions.
      First, how can I back up wireguard configuration along with peers that are set up? The regular pfSense backup function will not back it up so I'm trying to find out how can I back it up.

      Next, we are running pfSense in a HA mode, with one primary and one secondary node and I understand that wireguard can't fully use the HA mode etc., however I need to have the same wireguard configuration on both nodes, so that if the primary fails, the secondary will take over. I don't care about broken connections, but the wireguard on the secondary node should work when the user reconnects. I am only interested in outside connections so the fact that it will be running on a different internal IP does not bother me, users are still connecting to the same WAN IP. So I need a way how to copy the peer configuration from the primary to the secondary node. How can I do it? I have tried to copy /usr/local/etc/wireguard/tun_wg0.conf which contains all peers, but when I copied it to the secondary node the peers are still not showing there even after I have restarted wireguard. So what should I do to copy the peer configuration?

      C 1 Reply Last reply Reply Quote 0
      • C
        compsmith @Dehumanizer77
        last edited by

        @dehumanizer-0 Did you ever find a way to backup wireguard configuration?

        Dehumanizer77D 1 Reply Last reply Reply Quote 0
        • Dehumanizer77D
          Dehumanizer77 @compsmith
          last edited by

          @compsmith Unfortunatelly not yet. On the other hand I wasn't looking for it intensively. I suppose wireguard should be back to pfSense (not just as a package) in some of next releases and then there should be an option of transfering the configuration to the backup node, hopefully... But it would be still good to find a way how to do the backup before that happens. I'll try to look into it soon.

          thebabufrikT 1 Reply Last reply Reply Quote 0
          • thebabufrikT
            thebabufrik @Dehumanizer77
            last edited by

            @dehumanizer77 Pfsense backups my wireguard settings with all details:

            tunnel_backup.png

            peer_backup.png

            Dehumanizer77D 1 Reply Last reply Reply Quote 0
            • Dehumanizer77D
              Dehumanizer77 @thebabufrik
              last edited by

              @thebabufrik yes, it's included in the backup, which I haven't previously checked, but that's not what I am interested in. I want to sync wireguard settings (or at least peers) to the secondary pfsense in our HA configuration. I know that the HA will not work seamlessly and Wireguard connections will be broken when the primary goes down, but at least after reconnect I need the wireguard to be working on the secondary server exactly as on the primary one.

              cmcdonaldC 1 Reply Last reply Reply Quote 0
              • cmcdonaldC
                cmcdonald Netgate Developer @Dehumanizer77
                last edited by

                @dehumanizer77 HA syncing is not supported (yet). No timeline on this. But generally speaking, yes the entire package config is backed up as part of the package section backup for pfSense (make sure you check the Keep Configuration in WireGuard \ Settings page).

                Need help fast? https://www.netgate.com/support

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.