routeros 1.83.0, Apr 16 25

routeros 1.83.0 published on Wednesday, Apr 16, 2025 by terraform-routeros

terraform-routeros/terraform-provider-routeros

routeros.InterfaceWireguardPeer

Explore with Pulumi AI

routeros 1.83.0 published on Wednesday, Apr 16, 2025 by terraform-routeros

terraform-routeros/terraform-provider-routeros

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as routeros from "@pulumi/routeros";

const testWgInterface = new routeros.InterfaceWireguard("testWgInterface", {listenPort: 13231});
const wgPeer = new routeros.InterfaceWireguardPeer("wgPeer", {
    "interface": testWgInterface.name,
    publicKey: "MY_BASE_64_PUBLIC_KEY",
    allowedAddresses: [
        "192.168.0.0/16",
        "172.16.0.0/12",
        "10.0.0.0/8",
    ],
});

import pulumi
import pulumi_routeros as routeros

test_wg_interface = routeros.InterfaceWireguard("testWgInterface", listen_port=13231)
wg_peer = routeros.InterfaceWireguardPeer("wgPeer",
    interface=test_wg_interface.name,
    public_key="MY_BASE_64_PUBLIC_KEY",
    allowed_addresses=[
        "192.168.0.0/16",
        "172.16.0.0/12",
        "10.0.0.0/8",
    ])

package main

import (
	"github.com/pulumi/pulumi-terraform-provider/sdks/go/routeros/routeros"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		testWgInterface, err := routeros.NewInterfaceWireguard(ctx, "testWgInterface", &routeros.InterfaceWireguardArgs{
			ListenPort: pulumi.Float64(13231),
		})
		if err != nil {
			return err
		}
		_, err = routeros.NewInterfaceWireguardPeer(ctx, "wgPeer", &routeros.InterfaceWireguardPeerArgs{
			Interface: testWgInterface.Name,
			PublicKey: pulumi.String("MY_BASE_64_PUBLIC_KEY"),
			AllowedAddresses: pulumi.StringArray{
				pulumi.String("192.168.0.0/16"),
				pulumi.String("172.16.0.0/12"),
				pulumi.String("10.0.0.0/8"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Routeros = Pulumi.Routeros;

return await Deployment.RunAsync(() => 
{
    var testWgInterface = new Routeros.InterfaceWireguard("testWgInterface", new()
    {
        ListenPort = 13231,
    });

    var wgPeer = new Routeros.InterfaceWireguardPeer("wgPeer", new()
    {
        Interface = testWgInterface.Name,
        PublicKey = "MY_BASE_64_PUBLIC_KEY",
        AllowedAddresses = new[]
        {
            "192.168.0.0/16",
            "172.16.0.0/12",
            "10.0.0.0/8",
        },
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.routeros.InterfaceWireguard;
import com.pulumi.routeros.InterfaceWireguardArgs;
import com.pulumi.routeros.InterfaceWireguardPeer;
import com.pulumi.routeros.InterfaceWireguardPeerArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var testWgInterface = new InterfaceWireguard("testWgInterface", InterfaceWireguardArgs.builder()
            .listenPort("13231")
            .build());

        var wgPeer = new InterfaceWireguardPeer("wgPeer", InterfaceWireguardPeerArgs.builder()
            .interface_(testWgInterface.name())
            .publicKey("MY_BASE_64_PUBLIC_KEY")
            .allowedAddresses(            
                "192.168.0.0/16",
                "172.16.0.0/12",
                "10.0.0.0/8")
            .build());

    }
}

resources:
  testWgInterface:
    type: routeros:InterfaceWireguard
    properties:
      listenPort: '13231'
  wgPeer:
    type: routeros:InterfaceWireguardPeer
    properties:
      interface: ${testWgInterface.name}
      publicKey: MY_BASE_64_PUBLIC_KEY
      allowedAddresses:
        - 192.168.0.0/16
        - 172.16.0.0/12
        - 10.0.0.0/8

Create InterfaceWireguardPeer Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new InterfaceWireguardPeer(name: string, args: InterfaceWireguardPeerArgs, opts?: CustomResourceOptions);

@overload
def InterfaceWireguardPeer(resource_name: str,
                           args: InterfaceWireguardPeerArgs,
                           opts: Optional[ResourceOptions] = None)

@overload
def InterfaceWireguardPeer(resource_name: str,
                           opts: Optional[ResourceOptions] = None,
                           interface: Optional[str] = None,
                           public_key: Optional[str] = None,
                           allowed_addresses: Optional[Sequence[str]] = None,
                           endpoint_address: Optional[str] = None,
                           client_address: Optional[str] = None,
                           client_endpoint: Optional[str] = None,
                           client_keepalive: Optional[str] = None,
                           client_listen_port: Optional[float] = None,
                           comment: Optional[str] = None,
                           disabled: Optional[bool] = None,
                           ___id_: Optional[float] = None,
                           endpoint_port: Optional[str] = None,
                           client_dns: Optional[str] = None,
                           interface_wireguard_peer_id: Optional[str] = None,
                           is_responder: Optional[bool] = None,
                           name: Optional[str] = None,
                           persistent_keepalive: Optional[str] = None,
                           preshared_key: Optional[str] = None,
                           private_key: Optional[str] = None,
                           ___path_: Optional[str] = None)

func NewInterfaceWireguardPeer(ctx *Context, name string, args InterfaceWireguardPeerArgs, opts ...ResourceOption) (*InterfaceWireguardPeer, error)

public InterfaceWireguardPeer(string name, InterfaceWireguardPeerArgs args, CustomResourceOptions? opts = null)

public InterfaceWireguardPeer(String name, InterfaceWireguardPeerArgs args)
public InterfaceWireguardPeer(String name, InterfaceWireguardPeerArgs args, CustomResourceOptions options)

type: routeros:InterfaceWireguardPeer
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args InterfaceWireguardPeerArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args InterfaceWireguardPeerArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args InterfaceWireguardPeerArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args InterfaceWireguardPeerArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args InterfaceWireguardPeerArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

InterfaceWireguardPeer Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The InterfaceWireguardPeer resource accepts the following input properties:

AllowedAddresses List<string>: List of IP (v4 or v6) addresses with CIDR masks from which incoming traffic for this peer is allowed and to which outgoing traffic for this peer is directed. The catch-all 0.0.0.0/0 may be specified for matching all IPv4 addresses, and ::/0 may be specified for matching all IPv6 addresses.
Interface string: Name of the interface.
PublicKey string: The remote peer's calculated public key.
ClientAddress string: When imported using a qr code for a client (for example, a phone), then this address for the wg interface is set on that device.
ClientDns string: Specify when using WireGuard Server as a VPN gateway for peer traffic.
ClientEndpoint string: The IP address and port number of the WireGuard Server.
ClientKeepalive string: Same as persistent-keepalive but from peer side.
ClientListenPort double: The local port upon which this WireGuard tunnel will listen for incoming traffic from peers, and the port from which it will source outgoing packets.
Comment string
Disabled bool
EndpointAddress string: An endpoint IP or hostname can be left blank to allow remote connection from any address.
EndpointPort string: An endpoint port can be left blank to allow remote connection from any port.
InterfaceWireguardPeerId string: The ID of this resource.
IsResponder bool: Specifies if peer is intended to be connection initiator or only responder. Should be used on WireGuard devices that are used as servers for other devices as clients to connect to. Otherwise router will all repeatedly try to connect endpoint-address or current-endpoint-address causing unnecessary system logs to be written.
Name string: Name of the tunnel.
PersistentKeepalive string: A seconds interval, between 1 and 65535 inclusive, of how often to send an authenticated empty packet to the peer for the purpose of keeping a stateful firewall or NAT mapping valid persistently. For example, if the interface very rarely sends traffic, but it might at anytime receive traffic from a peer, and it is behind NAT, the interface might benefit from having a persistent keepalive interval of 25 seconds.
PresharedKey string: A base64 preshared key. Optional, and may be omitted. This option adds an additional layer of symmetric-key cryptography to be mixed into the already existing public-key cryptography, for post-quantum resistance.
PrivateKey string: A base64 private key. If not specified, it will be automatically generated upon interface creation.
___id_ double: Resource ID type (.id / name). This is an internal service field, setting a value is not required.
___path_ string: Resource path for CRUD operations. This is an internal service field, setting a value is not required.

AllowedAddresses []string: List of IP (v4 or v6) addresses with CIDR masks from which incoming traffic for this peer is allowed and to which outgoing traffic for this peer is directed. The catch-all 0.0.0.0/0 may be specified for matching all IPv4 addresses, and ::/0 may be specified for matching all IPv6 addresses.
Interface string: Name of the interface.
PublicKey string: The remote peer's calculated public key.
ClientAddress string: When imported using a qr code for a client (for example, a phone), then this address for the wg interface is set on that device.
ClientDns string: Specify when using WireGuard Server as a VPN gateway for peer traffic.
ClientEndpoint string: The IP address and port number of the WireGuard Server.
ClientKeepalive string: Same as persistent-keepalive but from peer side.
ClientListenPort float64: The local port upon which this WireGuard tunnel will listen for incoming traffic from peers, and the port from which it will source outgoing packets.
Comment string
Disabled bool
EndpointAddress string: An endpoint IP or hostname can be left blank to allow remote connection from any address.
EndpointPort string: An endpoint port can be left blank to allow remote connection from any port.
InterfaceWireguardPeerId string: The ID of this resource.
IsResponder bool: Specifies if peer is intended to be connection initiator or only responder. Should be used on WireGuard devices that are used as servers for other devices as clients to connect to. Otherwise router will all repeatedly try to connect endpoint-address or current-endpoint-address causing unnecessary system logs to be written.
Name string: Name of the tunnel.
PersistentKeepalive string: A seconds interval, between 1 and 65535 inclusive, of how often to send an authenticated empty packet to the peer for the purpose of keeping a stateful firewall or NAT mapping valid persistently. For example, if the interface very rarely sends traffic, but it might at anytime receive traffic from a peer, and it is behind NAT, the interface might benefit from having a persistent keepalive interval of 25 seconds.
PresharedKey string: A base64 preshared key. Optional, and may be omitted. This option adds an additional layer of symmetric-key cryptography to be mixed into the already existing public-key cryptography, for post-quantum resistance.
PrivateKey string: A base64 private key. If not specified, it will be automatically generated upon interface creation.
___id_ float64: Resource ID type (.id / name). This is an internal service field, setting a value is not required.
___path_ string: Resource path for CRUD operations. This is an internal service field, setting a value is not required.

allowedAddresses List<String>: List of IP (v4 or v6) addresses with CIDR masks from which incoming traffic for this peer is allowed and to which outgoing traffic for this peer is directed. The catch-all 0.0.0.0/0 may be specified for matching all IPv4 addresses, and ::/0 may be specified for matching all IPv6 addresses.
interface_ String: Name of the interface.
publicKey String: The remote peer's calculated public key.
___id_ Double: Resource ID type (.id / name). This is an internal service field, setting a value is not required.
___path_ String: Resource path for CRUD operations. This is an internal service field, setting a value is not required.
clientAddress String: When imported using a qr code for a client (for example, a phone), then this address for the wg interface is set on that device.
clientDns String: Specify when using WireGuard Server as a VPN gateway for peer traffic.
clientEndpoint String: The IP address and port number of the WireGuard Server.
clientKeepalive String: Same as persistent-keepalive but from peer side.
clientListenPort Double: The local port upon which this WireGuard tunnel will listen for incoming traffic from peers, and the port from which it will source outgoing packets.
comment String
disabled Boolean
endpointAddress String: An endpoint IP or hostname can be left blank to allow remote connection from any address.
endpointPort String: An endpoint port can be left blank to allow remote connection from any port.
interfaceWireguardPeerId String: The ID of this resource.
isResponder Boolean: Specifies if peer is intended to be connection initiator or only responder. Should be used on WireGuard devices that are used as servers for other devices as clients to connect to. Otherwise router will all repeatedly try to connect endpoint-address or current-endpoint-address causing unnecessary system logs to be written.
name String: Name of the tunnel.
persistentKeepalive String: A seconds interval, between 1 and 65535 inclusive, of how often to send an authenticated empty packet to the peer for the purpose of keeping a stateful firewall or NAT mapping valid persistently. For example, if the interface very rarely sends traffic, but it might at anytime receive traffic from a peer, and it is behind NAT, the interface might benefit from having a persistent keepalive interval of 25 seconds.
presharedKey String: A base64 preshared key. Optional, and may be omitted. This option adds an additional layer of symmetric-key cryptography to be mixed into the already existing public-key cryptography, for post-quantum resistance.
privateKey String: A base64 private key. If not specified, it will be automatically generated upon interface creation.

allowedAddresses string[]: List of IP (v4 or v6) addresses with CIDR masks from which incoming traffic for this peer is allowed and to which outgoing traffic for this peer is directed. The catch-all 0.0.0.0/0 may be specified for matching all IPv4 addresses, and ::/0 may be specified for matching all IPv6 addresses.
interface string: Name of the interface.
publicKey string: The remote peer's calculated public key.
___id_ number: Resource ID type (.id / name). This is an internal service field, setting a value is not required.
___path_ string: Resource path for CRUD operations. This is an internal service field, setting a value is not required.
clientAddress string: When imported using a qr code for a client (for example, a phone), then this address for the wg interface is set on that device.
clientDns string: Specify when using WireGuard Server as a VPN gateway for peer traffic.
clientEndpoint string: The IP address and port number of the WireGuard Server.
clientKeepalive string: Same as persistent-keepalive but from peer side.
clientListenPort number: The local port upon which this WireGuard tunnel will listen for incoming traffic from peers, and the port from which it will source outgoing packets.
comment string
disabled boolean
endpointAddress string: An endpoint IP or hostname can be left blank to allow remote connection from any address.
endpointPort string: An endpoint port can be left blank to allow remote connection from any port.
interfaceWireguardPeerId string: The ID of this resource.
isResponder boolean: Specifies if peer is intended to be connection initiator or only responder. Should be used on WireGuard devices that are used as servers for other devices as clients to connect to. Otherwise router will all repeatedly try to connect endpoint-address or current-endpoint-address causing unnecessary system logs to be written.
name string: Name of the tunnel.
persistentKeepalive string: A seconds interval, between 1 and 65535 inclusive, of how often to send an authenticated empty packet to the peer for the purpose of keeping a stateful firewall or NAT mapping valid persistently. For example, if the interface very rarely sends traffic, but it might at anytime receive traffic from a peer, and it is behind NAT, the interface might benefit from having a persistent keepalive interval of 25 seconds.
presharedKey string: A base64 preshared key. Optional, and may be omitted. This option adds an additional layer of symmetric-key cryptography to be mixed into the already existing public-key cryptography, for post-quantum resistance.
privateKey string: A base64 private key. If not specified, it will be automatically generated upon interface creation.

allowed_addresses Sequence[str]: List of IP (v4 or v6) addresses with CIDR masks from which incoming traffic for this peer is allowed and to which outgoing traffic for this peer is directed. The catch-all 0.0.0.0/0 may be specified for matching all IPv4 addresses, and ::/0 may be specified for matching all IPv6 addresses.
interface str: Name of the interface.
public_key str: The remote peer's calculated public key.
___id_ float: Resource ID type (.id / name). This is an internal service field, setting a value is not required.
___path_ str: Resource path for CRUD operations. This is an internal service field, setting a value is not required.
client_address str: When imported using a qr code for a client (for example, a phone), then this address for the wg interface is set on that device.
client_dns str: Specify when using WireGuard Server as a VPN gateway for peer traffic.
client_endpoint str: The IP address and port number of the WireGuard Server.
client_keepalive str: Same as persistent-keepalive but from peer side.
client_listen_port float: The local port upon which this WireGuard tunnel will listen for incoming traffic from peers, and the port from which it will source outgoing packets.
comment str
disabled bool
endpoint_address str: An endpoint IP or hostname can be left blank to allow remote connection from any address.
endpoint_port str: An endpoint port can be left blank to allow remote connection from any port.
interface_wireguard_peer_id str: The ID of this resource.
is_responder bool: Specifies if peer is intended to be connection initiator or only responder. Should be used on WireGuard devices that are used as servers for other devices as clients to connect to. Otherwise router will all repeatedly try to connect endpoint-address or current-endpoint-address causing unnecessary system logs to be written.
name str: Name of the tunnel.
persistent_keepalive str: A seconds interval, between 1 and 65535 inclusive, of how often to send an authenticated empty packet to the peer for the purpose of keeping a stateful firewall or NAT mapping valid persistently. For example, if the interface very rarely sends traffic, but it might at anytime receive traffic from a peer, and it is behind NAT, the interface might benefit from having a persistent keepalive interval of 25 seconds.
preshared_key str: A base64 preshared key. Optional, and may be omitted. This option adds an additional layer of symmetric-key cryptography to be mixed into the already existing public-key cryptography, for post-quantum resistance.
private_key str: A base64 private key. If not specified, it will be automatically generated upon interface creation.

allowedAddresses List<String>: List of IP (v4 or v6) addresses with CIDR masks from which incoming traffic for this peer is allowed and to which outgoing traffic for this peer is directed. The catch-all 0.0.0.0/0 may be specified for matching all IPv4 addresses, and ::/0 may be specified for matching all IPv6 addresses.
interface String: Name of the interface.
publicKey String: The remote peer's calculated public key.
___id_ Number: Resource ID type (.id / name). This is an internal service field, setting a value is not required.
___path_ String: Resource path for CRUD operations. This is an internal service field, setting a value is not required.
clientAddress String: When imported using a qr code for a client (for example, a phone), then this address for the wg interface is set on that device.
clientDns String: Specify when using WireGuard Server as a VPN gateway for peer traffic.
clientEndpoint String: The IP address and port number of the WireGuard Server.
clientKeepalive String: Same as persistent-keepalive but from peer side.
clientListenPort Number: The local port upon which this WireGuard tunnel will listen for incoming traffic from peers, and the port from which it will source outgoing packets.
comment String
disabled Boolean
endpointAddress String: An endpoint IP or hostname can be left blank to allow remote connection from any address.
endpointPort String: An endpoint port can be left blank to allow remote connection from any port.
interfaceWireguardPeerId String: The ID of this resource.
isResponder Boolean: Specifies if peer is intended to be connection initiator or only responder. Should be used on WireGuard devices that are used as servers for other devices as clients to connect to. Otherwise router will all repeatedly try to connect endpoint-address or current-endpoint-address causing unnecessary system logs to be written.
name String: Name of the tunnel.
persistentKeepalive String: A seconds interval, between 1 and 65535 inclusive, of how often to send an authenticated empty packet to the peer for the purpose of keeping a stateful firewall or NAT mapping valid persistently. For example, if the interface very rarely sends traffic, but it might at anytime receive traffic from a peer, and it is behind NAT, the interface might benefit from having a persistent keepalive interval of 25 seconds.
presharedKey String: A base64 preshared key. Optional, and may be omitted. This option adds an additional layer of symmetric-key cryptography to be mixed into the already existing public-key cryptography, for post-quantum resistance.
privateKey String: A base64 private key. If not specified, it will be automatically generated upon interface creation.

Outputs

All input properties are implicitly available as output properties. Additionally, the InterfaceWireguardPeer resource produces the following output properties:

CurrentEndpointAddress string: The most recent source IP address of correctly authenticated packets from the peer.
CurrentEndpointPort double: The most recent source IP port of correctly authenticated packets from the peer.
Dynamic bool: Configuration item created by software, not by management interface. It is not exported, and cannot be directly modified.
Id string: The provider-assigned unique ID for this managed resource.
LastHandshake string: Time in seconds after the last successful handshake.
Rx string: The total amount of bytes received from the peer.
Tx string: The total amount of bytes transmitted to the peer.

CurrentEndpointAddress string: The most recent source IP address of correctly authenticated packets from the peer.
CurrentEndpointPort float64: The most recent source IP port of correctly authenticated packets from the peer.
Dynamic bool: Configuration item created by software, not by management interface. It is not exported, and cannot be directly modified.
Id string: The provider-assigned unique ID for this managed resource.
LastHandshake string: Time in seconds after the last successful handshake.
Rx string: The total amount of bytes received from the peer.
Tx string: The total amount of bytes transmitted to the peer.

currentEndpointAddress String: The most recent source IP address of correctly authenticated packets from the peer.
currentEndpointPort Double: The most recent source IP port of correctly authenticated packets from the peer.
dynamic Boolean: Configuration item created by software, not by management interface. It is not exported, and cannot be directly modified.
id String: The provider-assigned unique ID for this managed resource.
lastHandshake String: Time in seconds after the last successful handshake.
rx String: The total amount of bytes received from the peer.
tx String: The total amount of bytes transmitted to the peer.

currentEndpointAddress string: The most recent source IP address of correctly authenticated packets from the peer.
currentEndpointPort number: The most recent source IP port of correctly authenticated packets from the peer.
dynamic boolean: Configuration item created by software, not by management interface. It is not exported, and cannot be directly modified.
id string: The provider-assigned unique ID for this managed resource.
lastHandshake string: Time in seconds after the last successful handshake.
rx string: The total amount of bytes received from the peer.
tx string: The total amount of bytes transmitted to the peer.

current_endpoint_address str: The most recent source IP address of correctly authenticated packets from the peer.
current_endpoint_port float: The most recent source IP port of correctly authenticated packets from the peer.
dynamic bool: Configuration item created by software, not by management interface. It is not exported, and cannot be directly modified.
id str: The provider-assigned unique ID for this managed resource.
last_handshake str: Time in seconds after the last successful handshake.
rx str: The total amount of bytes received from the peer.
tx str: The total amount of bytes transmitted to the peer.

currentEndpointAddress String: The most recent source IP address of correctly authenticated packets from the peer.
currentEndpointPort Number: The most recent source IP port of correctly authenticated packets from the peer.
dynamic Boolean: Configuration item created by software, not by management interface. It is not exported, and cannot be directly modified.
id String: The provider-assigned unique ID for this managed resource.
lastHandshake String: Time in seconds after the last successful handshake.
rx String: The total amount of bytes received from the peer.
tx String: The total amount of bytes transmitted to the peer.

Look up Existing InterfaceWireguardPeer Resource

Get an existing InterfaceWireguardPeer resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: InterfaceWireguardPeerState, opts?: CustomResourceOptions): InterfaceWireguardPeer

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        ___id_: Optional[float] = None,
        ___path_: Optional[str] = None,
        allowed_addresses: Optional[Sequence[str]] = None,
        client_address: Optional[str] = None,
        client_dns: Optional[str] = None,
        client_endpoint: Optional[str] = None,
        client_keepalive: Optional[str] = None,
        client_listen_port: Optional[float] = None,
        comment: Optional[str] = None,
        current_endpoint_address: Optional[str] = None,
        current_endpoint_port: Optional[float] = None,
        disabled: Optional[bool] = None,
        dynamic: Optional[bool] = None,
        endpoint_address: Optional[str] = None,
        endpoint_port: Optional[str] = None,
        interface: Optional[str] = None,
        interface_wireguard_peer_id: Optional[str] = None,
        is_responder: Optional[bool] = None,
        last_handshake: Optional[str] = None,
        name: Optional[str] = None,
        persistent_keepalive: Optional[str] = None,
        preshared_key: Optional[str] = None,
        private_key: Optional[str] = None,
        public_key: Optional[str] = None,
        rx: Optional[str] = None,
        tx: Optional[str] = None) -> InterfaceWireguardPeer

func GetInterfaceWireguardPeer(ctx *Context, name string, id IDInput, state *InterfaceWireguardPeerState, opts ...ResourceOption) (*InterfaceWireguardPeer, error)

public static InterfaceWireguardPeer Get(string name, Input<string> id, InterfaceWireguardPeerState? state, CustomResourceOptions? opts = null)

public static InterfaceWireguardPeer get(String name, Output<String> id, InterfaceWireguardPeerState state, CustomResourceOptions options)

resources:  _:    type: routeros:InterfaceWireguardPeer    get:      id: ${id}

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

AllowedAddresses List<string>: List of IP (v4 or v6) addresses with CIDR masks from which incoming traffic for this peer is allowed and to which outgoing traffic for this peer is directed. The catch-all 0.0.0.0/0 may be specified for matching all IPv4 addresses, and ::/0 may be specified for matching all IPv6 addresses.
ClientAddress string: When imported using a qr code for a client (for example, a phone), then this address for the wg interface is set on that device.
ClientDns string: Specify when using WireGuard Server as a VPN gateway for peer traffic.
ClientEndpoint string: The IP address and port number of the WireGuard Server.
ClientKeepalive string: Same as persistent-keepalive but from peer side.
ClientListenPort double: The local port upon which this WireGuard tunnel will listen for incoming traffic from peers, and the port from which it will source outgoing packets.
Comment string
CurrentEndpointAddress string: The most recent source IP address of correctly authenticated packets from the peer.
CurrentEndpointPort double: The most recent source IP port of correctly authenticated packets from the peer.
Disabled bool
Dynamic bool: Configuration item created by software, not by management interface. It is not exported, and cannot be directly modified.
EndpointAddress string: An endpoint IP or hostname can be left blank to allow remote connection from any address.
EndpointPort string: An endpoint port can be left blank to allow remote connection from any port.
Interface string: Name of the interface.
InterfaceWireguardPeerId string: The ID of this resource.
IsResponder bool: Specifies if peer is intended to be connection initiator or only responder. Should be used on WireGuard devices that are used as servers for other devices as clients to connect to. Otherwise router will all repeatedly try to connect endpoint-address or current-endpoint-address causing unnecessary system logs to be written.
LastHandshake string: Time in seconds after the last successful handshake.
Name string: Name of the tunnel.
PersistentKeepalive string: A seconds interval, between 1 and 65535 inclusive, of how often to send an authenticated empty packet to the peer for the purpose of keeping a stateful firewall or NAT mapping valid persistently. For example, if the interface very rarely sends traffic, but it might at anytime receive traffic from a peer, and it is behind NAT, the interface might benefit from having a persistent keepalive interval of 25 seconds.
PresharedKey string: A base64 preshared key. Optional, and may be omitted. This option adds an additional layer of symmetric-key cryptography to be mixed into the already existing public-key cryptography, for post-quantum resistance.
PrivateKey string: A base64 private key. If not specified, it will be automatically generated upon interface creation.
PublicKey string: The remote peer's calculated public key.
Rx string: The total amount of bytes received from the peer.
Tx string: The total amount of bytes transmitted to the peer.
___id_ double: Resource ID type (.id / name). This is an internal service field, setting a value is not required.
___path_ string: Resource path for CRUD operations. This is an internal service field, setting a value is not required.

AllowedAddresses []string: List of IP (v4 or v6) addresses with CIDR masks from which incoming traffic for this peer is allowed and to which outgoing traffic for this peer is directed. The catch-all 0.0.0.0/0 may be specified for matching all IPv4 addresses, and ::/0 may be specified for matching all IPv6 addresses.
ClientAddress string: When imported using a qr code for a client (for example, a phone), then this address for the wg interface is set on that device.
ClientDns string: Specify when using WireGuard Server as a VPN gateway for peer traffic.
ClientEndpoint string: The IP address and port number of the WireGuard Server.
ClientKeepalive string: Same as persistent-keepalive but from peer side.
ClientListenPort float64: The local port upon which this WireGuard tunnel will listen for incoming traffic from peers, and the port from which it will source outgoing packets.
Comment string
CurrentEndpointAddress string: The most recent source IP address of correctly authenticated packets from the peer.
CurrentEndpointPort float64: The most recent source IP port of correctly authenticated packets from the peer.
Disabled bool
Dynamic bool: Configuration item created by software, not by management interface. It is not exported, and cannot be directly modified.
EndpointAddress string: An endpoint IP or hostname can be left blank to allow remote connection from any address.
EndpointPort string: An endpoint port can be left blank to allow remote connection from any port.
Interface string: Name of the interface.
InterfaceWireguardPeerId string: The ID of this resource.
IsResponder bool: Specifies if peer is intended to be connection initiator or only responder. Should be used on WireGuard devices that are used as servers for other devices as clients to connect to. Otherwise router will all repeatedly try to connect endpoint-address or current-endpoint-address causing unnecessary system logs to be written.
LastHandshake string: Time in seconds after the last successful handshake.
Name string: Name of the tunnel.
PersistentKeepalive string: A seconds interval, between 1 and 65535 inclusive, of how often to send an authenticated empty packet to the peer for the purpose of keeping a stateful firewall or NAT mapping valid persistently. For example, if the interface very rarely sends traffic, but it might at anytime receive traffic from a peer, and it is behind NAT, the interface might benefit from having a persistent keepalive interval of 25 seconds.
PresharedKey string: A base64 preshared key. Optional, and may be omitted. This option adds an additional layer of symmetric-key cryptography to be mixed into the already existing public-key cryptography, for post-quantum resistance.
PrivateKey string: A base64 private key. If not specified, it will be automatically generated upon interface creation.
PublicKey string: The remote peer's calculated public key.
Rx string: The total amount of bytes received from the peer.
Tx string: The total amount of bytes transmitted to the peer.
___id_ float64: Resource ID type (.id / name). This is an internal service field, setting a value is not required.
___path_ string: Resource path for CRUD operations. This is an internal service field, setting a value is not required.

___id_ Double: Resource ID type (.id / name). This is an internal service field, setting a value is not required.
___path_ String: Resource path for CRUD operations. This is an internal service field, setting a value is not required.
allowedAddresses List<String>: List of IP (v4 or v6) addresses with CIDR masks from which incoming traffic for this peer is allowed and to which outgoing traffic for this peer is directed. The catch-all 0.0.0.0/0 may be specified for matching all IPv4 addresses, and ::/0 may be specified for matching all IPv6 addresses.
clientAddress String: When imported using a qr code for a client (for example, a phone), then this address for the wg interface is set on that device.
clientDns String: Specify when using WireGuard Server as a VPN gateway for peer traffic.
clientEndpoint String: The IP address and port number of the WireGuard Server.
clientKeepalive String: Same as persistent-keepalive but from peer side.
clientListenPort Double: The local port upon which this WireGuard tunnel will listen for incoming traffic from peers, and the port from which it will source outgoing packets.
comment String
currentEndpointAddress String: The most recent source IP address of correctly authenticated packets from the peer.
currentEndpointPort Double: The most recent source IP port of correctly authenticated packets from the peer.
disabled Boolean
dynamic Boolean: Configuration item created by software, not by management interface. It is not exported, and cannot be directly modified.
endpointAddress String: An endpoint IP or hostname can be left blank to allow remote connection from any address.
endpointPort String: An endpoint port can be left blank to allow remote connection from any port.
interfaceWireguardPeerId String: The ID of this resource.
interface_ String: Name of the interface.
isResponder Boolean: Specifies if peer is intended to be connection initiator or only responder. Should be used on WireGuard devices that are used as servers for other devices as clients to connect to. Otherwise router will all repeatedly try to connect endpoint-address or current-endpoint-address causing unnecessary system logs to be written.
lastHandshake String: Time in seconds after the last successful handshake.
name String: Name of the tunnel.
persistentKeepalive String: A seconds interval, between 1 and 65535 inclusive, of how often to send an authenticated empty packet to the peer for the purpose of keeping a stateful firewall or NAT mapping valid persistently. For example, if the interface very rarely sends traffic, but it might at anytime receive traffic from a peer, and it is behind NAT, the interface might benefit from having a persistent keepalive interval of 25 seconds.
presharedKey String: A base64 preshared key. Optional, and may be omitted. This option adds an additional layer of symmetric-key cryptography to be mixed into the already existing public-key cryptography, for post-quantum resistance.
privateKey String: A base64 private key. If not specified, it will be automatically generated upon interface creation.
publicKey String: The remote peer's calculated public key.
rx String: The total amount of bytes received from the peer.
tx String: The total amount of bytes transmitted to the peer.

___id_ number: Resource ID type (.id / name). This is an internal service field, setting a value is not required.
___path_ string: Resource path for CRUD operations. This is an internal service field, setting a value is not required.
allowedAddresses string[]: List of IP (v4 or v6) addresses with CIDR masks from which incoming traffic for this peer is allowed and to which outgoing traffic for this peer is directed. The catch-all 0.0.0.0/0 may be specified for matching all IPv4 addresses, and ::/0 may be specified for matching all IPv6 addresses.
clientAddress string: When imported using a qr code for a client (for example, a phone), then this address for the wg interface is set on that device.
clientDns string: Specify when using WireGuard Server as a VPN gateway for peer traffic.
clientEndpoint string: The IP address and port number of the WireGuard Server.
clientKeepalive string: Same as persistent-keepalive but from peer side.
clientListenPort number: The local port upon which this WireGuard tunnel will listen for incoming traffic from peers, and the port from which it will source outgoing packets.
comment string
currentEndpointAddress string: The most recent source IP address of correctly authenticated packets from the peer.
currentEndpointPort number: The most recent source IP port of correctly authenticated packets from the peer.
disabled boolean
dynamic boolean: Configuration item created by software, not by management interface. It is not exported, and cannot be directly modified.
endpointAddress string: An endpoint IP or hostname can be left blank to allow remote connection from any address.
endpointPort string: An endpoint port can be left blank to allow remote connection from any port.
interface string: Name of the interface.
interfaceWireguardPeerId string: The ID of this resource.
isResponder boolean: Specifies if peer is intended to be connection initiator or only responder. Should be used on WireGuard devices that are used as servers for other devices as clients to connect to. Otherwise router will all repeatedly try to connect endpoint-address or current-endpoint-address causing unnecessary system logs to be written.
lastHandshake string: Time in seconds after the last successful handshake.
name string: Name of the tunnel.
persistentKeepalive string: A seconds interval, between 1 and 65535 inclusive, of how often to send an authenticated empty packet to the peer for the purpose of keeping a stateful firewall or NAT mapping valid persistently. For example, if the interface very rarely sends traffic, but it might at anytime receive traffic from a peer, and it is behind NAT, the interface might benefit from having a persistent keepalive interval of 25 seconds.
presharedKey string: A base64 preshared key. Optional, and may be omitted. This option adds an additional layer of symmetric-key cryptography to be mixed into the already existing public-key cryptography, for post-quantum resistance.
privateKey string: A base64 private key. If not specified, it will be automatically generated upon interface creation.
publicKey string: The remote peer's calculated public key.
rx string: The total amount of bytes received from the peer.
tx string: The total amount of bytes transmitted to the peer.

___id_ float: Resource ID type (.id / name). This is an internal service field, setting a value is not required.
___path_ str: Resource path for CRUD operations. This is an internal service field, setting a value is not required.
allowed_addresses Sequence[str]: List of IP (v4 or v6) addresses with CIDR masks from which incoming traffic for this peer is allowed and to which outgoing traffic for this peer is directed. The catch-all 0.0.0.0/0 may be specified for matching all IPv4 addresses, and ::/0 may be specified for matching all IPv6 addresses.
client_address str: When imported using a qr code for a client (for example, a phone), then this address for the wg interface is set on that device.
client_dns str: Specify when using WireGuard Server as a VPN gateway for peer traffic.
client_endpoint str: The IP address and port number of the WireGuard Server.
client_keepalive str: Same as persistent-keepalive but from peer side.
client_listen_port float: The local port upon which this WireGuard tunnel will listen for incoming traffic from peers, and the port from which it will source outgoing packets.
comment str
current_endpoint_address str: The most recent source IP address of correctly authenticated packets from the peer.
current_endpoint_port float: The most recent source IP port of correctly authenticated packets from the peer.
disabled bool
dynamic bool: Configuration item created by software, not by management interface. It is not exported, and cannot be directly modified.
endpoint_address str: An endpoint IP or hostname can be left blank to allow remote connection from any address.
endpoint_port str: An endpoint port can be left blank to allow remote connection from any port.
interface str: Name of the interface.
interface_wireguard_peer_id str: The ID of this resource.
is_responder bool: Specifies if peer is intended to be connection initiator or only responder. Should be used on WireGuard devices that are used as servers for other devices as clients to connect to. Otherwise router will all repeatedly try to connect endpoint-address or current-endpoint-address causing unnecessary system logs to be written.
last_handshake str: Time in seconds after the last successful handshake.
name str: Name of the tunnel.
persistent_keepalive str: A seconds interval, between 1 and 65535 inclusive, of how often to send an authenticated empty packet to the peer for the purpose of keeping a stateful firewall or NAT mapping valid persistently. For example, if the interface very rarely sends traffic, but it might at anytime receive traffic from a peer, and it is behind NAT, the interface might benefit from having a persistent keepalive interval of 25 seconds.
preshared_key str: A base64 preshared key. Optional, and may be omitted. This option adds an additional layer of symmetric-key cryptography to be mixed into the already existing public-key cryptography, for post-quantum resistance.
private_key str: A base64 private key. If not specified, it will be automatically generated upon interface creation.
public_key str: The remote peer's calculated public key.
rx str: The total amount of bytes received from the peer.
tx str: The total amount of bytes transmitted to the peer.

___id_ Number: Resource ID type (.id / name). This is an internal service field, setting a value is not required.
___path_ String: Resource path for CRUD operations. This is an internal service field, setting a value is not required.
allowedAddresses List<String>: List of IP (v4 or v6) addresses with CIDR masks from which incoming traffic for this peer is allowed and to which outgoing traffic for this peer is directed. The catch-all 0.0.0.0/0 may be specified for matching all IPv4 addresses, and ::/0 may be specified for matching all IPv6 addresses.
clientAddress String: When imported using a qr code for a client (for example, a phone), then this address for the wg interface is set on that device.
clientDns String: Specify when using WireGuard Server as a VPN gateway for peer traffic.
clientEndpoint String: The IP address and port number of the WireGuard Server.
clientKeepalive String: Same as persistent-keepalive but from peer side.
clientListenPort Number: The local port upon which this WireGuard tunnel will listen for incoming traffic from peers, and the port from which it will source outgoing packets.
comment String
currentEndpointAddress String: The most recent source IP address of correctly authenticated packets from the peer.
currentEndpointPort Number: The most recent source IP port of correctly authenticated packets from the peer.
disabled Boolean
dynamic Boolean: Configuration item created by software, not by management interface. It is not exported, and cannot be directly modified.
endpointAddress String: An endpoint IP or hostname can be left blank to allow remote connection from any address.
endpointPort String: An endpoint port can be left blank to allow remote connection from any port.
interface String: Name of the interface.
interfaceWireguardPeerId String: The ID of this resource.
isResponder Boolean: Specifies if peer is intended to be connection initiator or only responder. Should be used on WireGuard devices that are used as servers for other devices as clients to connect to. Otherwise router will all repeatedly try to connect endpoint-address or current-endpoint-address causing unnecessary system logs to be written.
lastHandshake String: Time in seconds after the last successful handshake.
name String: Name of the tunnel.
persistentKeepalive String: A seconds interval, between 1 and 65535 inclusive, of how often to send an authenticated empty packet to the peer for the purpose of keeping a stateful firewall or NAT mapping valid persistently. For example, if the interface very rarely sends traffic, but it might at anytime receive traffic from a peer, and it is behind NAT, the interface might benefit from having a persistent keepalive interval of 25 seconds.
presharedKey String: A base64 preshared key. Optional, and may be omitted. This option adds an additional layer of symmetric-key cryptography to be mixed into the already existing public-key cryptography, for post-quantum resistance.
privateKey String: A base64 private key. If not specified, it will be automatically generated upon interface creation.
publicKey String: The remote peer's calculated public key.
rx String: The total amount of bytes received from the peer.
tx String: The total amount of bytes transmitted to the peer.

Import

#The ID can be found via API or the terminal

#The command for the terminal is -> :put [/interface/wireguard/peers get [print show-ids]]

$ pulumi import routeros:index/interfaceWireguardPeer:InterfaceWireguardPeer wg_peer "*0"

To learn more about importing existing cloud resources, see Importing resources.

Package Details

Repository: routeros terraform-routeros/terraform-provider-routeros
License
Notes: This Pulumi package is based on the routeros Terraform Provider.

routeros 1.83.0 published on Wednesday, Apr 16, 2025 by terraform-routeros

terraform-routeros/terraform-provider-routeros

routeros.InterfaceWireguardPeer

On this page

On this page

Example Usage

Create InterfaceWireguardPeer Resource

Constructor syntax

Parameters

InterfaceWireguardPeer Resource Properties

Inputs

Outputs

Look up Existing InterfaceWireguardPeer Resource

Import

Package Details

On this page

On this page