LogoLogo
Island Router CLI Reference Guide 2.3.2
Island Documentation IntroductionIsland Router CLI Reference Guide 2.3.2
Island Router CLI Reference Guide 2.3.2
Island Documentation IntroductionIsland Router CLI Reference Guide 2.3.2
  • Overview
  • Context Sensitive Help
  • URL Format
  • Password Encryption and Public Key Authentication
  • Command Scheduler
  • Commands
    • auto-update
      • auto-update days
      • auto-update time
    • backup
      • backup interval
      • backup url
    • clear connections
    • clear dhcp-client
    • clear dump
    • clear everything
    • clear log
    • clear network
    • clear package
    • clear pin
    • clear ssh client-keys
    • clear ssh host-keys
    • clear ssh known-hosts
    • clear syslog
    • clear update
    • clear vpn-keys
    • compact
    • configure authorized-keys
    • configure known-hosts
    • configure network
    • configure terminal
    • description
    • duplex
    • end
    • ethernet polling
    • exit
    • help
    • history
      • history empty
      • history filter
      • history interval
      • history output-format
      • history rename
      • history url
      • history utc
    • hostname
    • interface
    • ip (interface context)
      • ip address
      • ip autoconfig
      • ip autovlan
      • ip arp-scan
      • ip arp-spoof
      • ip priority
      • ip dhcp6-client
      • ip dhcp6-server
      • ip dhcp-client
      • ip dhcp-lease
      • ip dhcp-monitor
      • ip dhcp-scope
      • ip dhcp-server
      • ip ident4
      • ip ident6
      • ip mtu
      • ip nat4
      • ip nat6
      • ip router-advertise
      • ip router-solicit
    • ip (global context)
      • ip ddns name
      • ip ddns ipv6
      • ip dhcp-reserve
      • ip dns local-only
      • ip dns mode
      • ip firewall
      • ip ipv6
      • ip load-sharing
      • ip max-clients
      • ip port-forward
      • ip route
    • led level
    • login confirm
    • login console
    • login remote
    • login support
    • mac output-format
    • ntp
    • package
    • packet level
    • parent
    • password
    • ping
    • reload
    • rollback
    • show clock
    • show config authorized-keys
    • show config known-hosts
    • show dumps
    • show free-space
    • show hardware
    • show history
    • show interface
    • show interface summary
    • show interface transceivers
    • show ip dhcp-reservations
    • show ip interface
    • show ip neighbors
    • show ip recommendations
    • show ip routes
    • show ip sockets
    • show log
    • show ntp
    • show packages
    • show public-key
    • show running-config
    • show ssh-client-keys
    • show startup-config
    • show stats
    • show syslog
    • show users
    • show vpns
    • show version
    • speed
    • ssh
    • stats
    • syslog
      • syslog level
      • syslog protocol
      • syslog server
    • telnet
    • terminal
      • terminal length
      • terminal terminal-type
      • terminal width
    • timezone
    • update
    • vpn key-exchange
    • vpn peer
      • vpn peer generate client
      • vpn peer host
      • vpn peer local-ip
      • vpn peer mac
      • vpn peer name
      • vpn peer public-key
      • vpn peer remote-ip
      • vpn peer route
      • vpn peer shutdown
      • vpn peer unapproved
      • vpn peer visible
    • vpn port
    • vpn renumber
    • vpn route
    • vpn server
      • vpn server auto-trust
      • vpn server auto-visible
      • vpn server no-local
      • vpn server pool
      • vpn server secret
    • vpn sort
    • write
      • write dump
      • write memory
      • write network
      • write syslog
      • write terminal
Powered by GitBook
On this page
  • Syntax
  • Syntax Description
  • Defaults
  • Usage Guidelines
  • Examples
  • Related Commands
Export as PDF
  1. Commands
  2. vpn peer

vpn peer generate client

Creates a VPN and generates a configuration suitable for import into a WireGuard VPN client.

Syntax

vpn peer <id> generate client [local-only] [name <name>] [public-key <key>]

Syntax Description

Keyword
Description

id

The VPN identifier. Must be a number in the range 0-1022 or the string "auto".

local-only

(Optional) If specified, only local routes on the Island are included in the client configuration file; otherwise, a default route is included.

name

(Optional) A descriptive name for the VPN.

key

(Optional) If specified, the VPN is created using the specified public key for the remote host; otherwise, a public/private key pair is generated.

Defaults

By default, the generated client configuration contains a default route through the VPN, and a public/private key pair is generated for the client.

Usage Guidelines

This command is used to create a VPN on the Island, and to generatate an associated configuration suitable for import directly into a WireGuard client. The generated configuration is displayed in the CLI where it can be copied and pasted into the WireGuard client, or pasted into a file that can be imported into the client.

The VPN ID must be a number between 0 and 1022 that does not already exist on the Island, or the string "auto", which will automatically assign the next available VPN ID.

By default, the command will generate a public/private key pair for the client to use, and will include the private key in the "[Interface]" section of the client configuration. This makes client VPN configuration very easy since the generated configuration can be loaded into the client, and no other steps are necessary. However, because the configuration contains the private key for the client, the configuration should be kept secure, and should be permanently deleted as soon as it has been loaded into the client.

Alternately, the public/private key pair can first be configured on the client, and the resulting public key included in the vpn peer generate client command using the public-key option. This requires extra steps to configure the VPN, but is more secure because the private key does not have to be communcated to the client.

By default, a default IPv4 and a default IPv6 route is specified in the "AllowedIPs" directive in the "[Peer]" section of the generated client configuration, so that all Internet traffic will be routed through the Island. If the local-only option is specified, only routes for local interfaces on the Island will be included in the client configuration.

The name parameter is optional, but is useful to identify the client associated with the VPN.

If a DDNS name has been set on the Island using the ip ddns name command, the DDNS name will be used in the "EndPoint" directive in the "[Peer]" section of the client configuration. A DDNS name is recommended in most cases because it islolates the client from changes in the Island's public IP address. If no DDNS name has been configured, the IP address of the highest priority WAN interface will be used instead. Likewise, the UDP port number in for the endpoint will be set to the value configured with the vpn port command, or to the default port if a custom port number has not been configured.

Examples

vpn peer auto generate client name terry-laptop local-only

Related Commands

Previousvpn peerNextvpn peer host

Last updated 2 months ago