routeros 1.83.1, Apr 28 25

routeros 1.83.1 published on Monday, Apr 28, 2025 by terraform-routeros

terraform-routeros/terraform-provider-routeros

routeros.WireguardPeer

Explore with Pulumi AI

routeros 1.83.1 published on Monday, Apr 28, 2025 by terraform-routeros

terraform-routeros/terraform-provider-routeros

# routeros.WireguardPeer (Resource)

This is an alias for backwards compatibility between plugin versions.

Please see documentation for routeros.InterfaceWireguardPeer

Create WireguardPeer Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new WireguardPeer(name: string, args: WireguardPeerArgs, opts?: CustomResourceOptions);

@overload
def WireguardPeer(resource_name: str,
                  args: WireguardPeerArgs,
                  opts: Optional[ResourceOptions] = None)

@overload
def WireguardPeer(resource_name: str,
                  opts: Optional[ResourceOptions] = None,
                  interface: Optional[str] = None,
                  public_key: Optional[str] = None,
                  allowed_addresses: Optional[Sequence[str]] = None,
                  endpoint_address: Optional[str] = None,
                  client_address: Optional[str] = None,
                  client_endpoint: Optional[str] = None,
                  client_keepalive: Optional[str] = None,
                  client_listen_port: Optional[float] = None,
                  comment: Optional[str] = None,
                  disabled: Optional[bool] = None,
                  ___id_: Optional[float] = None,
                  endpoint_port: Optional[str] = None,
                  client_dns: Optional[str] = None,
                  is_responder: Optional[bool] = None,
                  name: Optional[str] = None,
                  persistent_keepalive: Optional[str] = None,
                  preshared_key: Optional[str] = None,
                  private_key: Optional[str] = None,
                  ___path_: Optional[str] = None,
                  wireguard_peer_id: Optional[str] = None)

func NewWireguardPeer(ctx *Context, name string, args WireguardPeerArgs, opts ...ResourceOption) (*WireguardPeer, error)

public WireguardPeer(string name, WireguardPeerArgs args, CustomResourceOptions? opts = null)

public WireguardPeer(String name, WireguardPeerArgs args)
public WireguardPeer(String name, WireguardPeerArgs args, CustomResourceOptions options)

type: routeros:WireguardPeer
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args WireguardPeerArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args WireguardPeerArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args WireguardPeerArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args WireguardPeerArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args WireguardPeerArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

WireguardPeer Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The WireguardPeer resource accepts the following input properties:

AllowedAddresses List<string>: List of IP (v4 or v6) addresses with CIDR masks from which incoming traffic for this peer is allowed and to which outgoing traffic for this peer is directed. The catch-all 0.0.0.0/0 may be specified for matching all IPv4 addresses, and ::/0 may be specified for matching all IPv6 addresses.
Interface string: Name of the interface.
PublicKey string: The remote peer's calculated public key.
ClientAddress string: When imported using a qr code for a client (for example, a phone), then this address for the wg interface is set on that device.
ClientDns string: Specify when using WireGuard Server as a VPN gateway for peer traffic.
ClientEndpoint string: The IP address and port number of the WireGuard Server.
ClientKeepalive string: Same as persistent-keepalive but from peer side.
ClientListenPort double: The local port upon which this WireGuard tunnel will listen for incoming traffic from peers, and the port from which it will source outgoing packets.
Comment string
Disabled bool
EndpointAddress string: An endpoint IP or hostname can be left blank to allow remote connection from any address.
EndpointPort string: An endpoint port can be left blank to allow remote connection from any port.
IsResponder bool: Specifies if peer is intended to be connection initiator or only responder. Should be used on WireGuard devices that are used as servers for other devices as clients to connect to. Otherwise router will all repeatedly try to connect endpoint-address or current-endpoint-address causing unnecessary system logs to be written.
Name string: Name of the tunnel.
PersistentKeepalive string: A seconds interval, between 1 and 65535 inclusive, of how often to send an authenticated empty packet to the peer for the purpose of keeping a stateful firewall or NAT mapping valid persistently. For example, if the interface very rarely sends traffic, but it might at anytime receive traffic from a peer, and it is behind NAT, the interface might benefit from having a persistent keepalive interval of 25 seconds.
PresharedKey string: A base64 preshared key. Optional, and may be omitted. This option adds an additional layer of symmetric-key cryptography to be mixed into the already existing public-key cryptography, for post-quantum resistance.
PrivateKey string: A base64 private key. If not specified, it will be automatically generated upon interface creation.
WireguardPeerId string
___id_ double: Resource ID type (.id / name). This is an internal service field, setting a value is not required.
___path_ string: Resource path for CRUD operations. This is an internal service field, setting a value is not required.

AllowedAddresses []string: List of IP (v4 or v6) addresses with CIDR masks from which incoming traffic for this peer is allowed and to which outgoing traffic for this peer is directed. The catch-all 0.0.0.0/0 may be specified for matching all IPv4 addresses, and ::/0 may be specified for matching all IPv6 addresses.
Interface string: Name of the interface.
PublicKey string: The remote peer's calculated public key.
ClientAddress string: When imported using a qr code for a client (for example, a phone), then this address for the wg interface is set on that device.
ClientDns string: Specify when using WireGuard Server as a VPN gateway for peer traffic.
ClientEndpoint string: The IP address and port number of the WireGuard Server.
ClientKeepalive string: Same as persistent-keepalive but from peer side.
ClientListenPort float64: The local port upon which this WireGuard tunnel will listen for incoming traffic from peers, and the port from which it will source outgoing packets.
Comment string
Disabled bool
EndpointAddress string: An endpoint IP or hostname can be left blank to allow remote connection from any address.
EndpointPort string: An endpoint port can be left blank to allow remote connection from any port.
IsResponder bool: Specifies if peer is intended to be connection initiator or only responder. Should be used on WireGuard devices that are used as servers for other devices as clients to connect to. Otherwise router will all repeatedly try to connect endpoint-address or current-endpoint-address causing unnecessary system logs to be written.
Name string: Name of the tunnel.
PersistentKeepalive string: A seconds interval, between 1 and 65535 inclusive, of how often to send an authenticated empty packet to the peer for the purpose of keeping a stateful firewall or NAT mapping valid persistently. For example, if the interface very rarely sends traffic, but it might at anytime receive traffic from a peer, and it is behind NAT, the interface might benefit from having a persistent keepalive interval of 25 seconds.
PresharedKey string: A base64 preshared key. Optional, and may be omitted. This option adds an additional layer of symmetric-key cryptography to be mixed into the already existing public-key cryptography, for post-quantum resistance.
PrivateKey string: A base64 private key. If not specified, it will be automatically generated upon interface creation.
WireguardPeerId string
___id_ float64: Resource ID type (.id / name). This is an internal service field, setting a value is not required.
___path_ string: Resource path for CRUD operations. This is an internal service field, setting a value is not required.

allowedAddresses List<String>: List of IP (v4 or v6) addresses with CIDR masks from which incoming traffic for this peer is allowed and to which outgoing traffic for this peer is directed. The catch-all 0.0.0.0/0 may be specified for matching all IPv4 addresses, and ::/0 may be specified for matching all IPv6 addresses.
interface_ String: Name of the interface.
publicKey String: The remote peer's calculated public key.
___id_ Double: Resource ID type (.id / name). This is an internal service field, setting a value is not required.
___path_ String: Resource path for CRUD operations. This is an internal service field, setting a value is not required.
clientAddress String: When imported using a qr code for a client (for example, a phone), then this address for the wg interface is set on that device.
clientDns String: Specify when using WireGuard Server as a VPN gateway for peer traffic.
clientEndpoint String: The IP address and port number of the WireGuard Server.
clientKeepalive String: Same as persistent-keepalive but from peer side.
clientListenPort Double: The local port upon which this WireGuard tunnel will listen for incoming traffic from peers, and the port from which it will source outgoing packets.
comment String
disabled Boolean
endpointAddress String: An endpoint IP or hostname can be left blank to allow remote connection from any address.
endpointPort String: An endpoint port can be left blank to allow remote connection from any port.
isResponder Boolean: Specifies if peer is intended to be connection initiator or only responder. Should be used on WireGuard devices that are used as servers for other devices as clients to connect to. Otherwise router will all repeatedly try to connect endpoint-address or current-endpoint-address causing unnecessary system logs to be written.
name String: Name of the tunnel.
persistentKeepalive String: A seconds interval, between 1 and 65535 inclusive, of how often to send an authenticated empty packet to the peer for the purpose of keeping a stateful firewall or NAT mapping valid persistently. For example, if the interface very rarely sends traffic, but it might at anytime receive traffic from a peer, and it is behind NAT, the interface might benefit from having a persistent keepalive interval of 25 seconds.
presharedKey String: A base64 preshared key. Optional, and may be omitted. This option adds an additional layer of symmetric-key cryptography to be mixed into the already existing public-key cryptography, for post-quantum resistance.
privateKey String: A base64 private key. If not specified, it will be automatically generated upon interface creation.
wireguardPeerId String

allowedAddresses string[]: List of IP (v4 or v6) addresses with CIDR masks from which incoming traffic for this peer is allowed and to which outgoing traffic for this peer is directed. The catch-all 0.0.0.0/0 may be specified for matching all IPv4 addresses, and ::/0 may be specified for matching all IPv6 addresses.
interface string: Name of the interface.
publicKey string: The remote peer's calculated public key.
___id_ number: Resource ID type (.id / name). This is an internal service field, setting a value is not required.
___path_ string: Resource path for CRUD operations. This is an internal service field, setting a value is not required.
clientAddress string: When imported using a qr code for a client (for example, a phone), then this address for the wg interface is set on that device.
clientDns string: Specify when using WireGuard Server as a VPN gateway for peer traffic.
clientEndpoint string: The IP address and port number of the WireGuard Server.
clientKeepalive string: Same as persistent-keepalive but from peer side.
clientListenPort number: The local port upon which this WireGuard tunnel will listen for incoming traffic from peers, and the port from which it will source outgoing packets.
comment string
disabled boolean
endpointAddress string: An endpoint IP or hostname can be left blank to allow remote connection from any address.
endpointPort string: An endpoint port can be left blank to allow remote connection from any port.
isResponder boolean: Specifies if peer is intended to be connection initiator or only responder. Should be used on WireGuard devices that are used as servers for other devices as clients to connect to. Otherwise router will all repeatedly try to connect endpoint-address or current-endpoint-address causing unnecessary system logs to be written.
name string: Name of the tunnel.
persistentKeepalive string: A seconds interval, between 1 and 65535 inclusive, of how often to send an authenticated empty packet to the peer for the purpose of keeping a stateful firewall or NAT mapping valid persistently. For example, if the interface very rarely sends traffic, but it might at anytime receive traffic from a peer, and it is behind NAT, the interface might benefit from having a persistent keepalive interval of 25 seconds.
presharedKey string: A base64 preshared key. Optional, and may be omitted. This option adds an additional layer of symmetric-key cryptography to be mixed into the already existing public-key cryptography, for post-quantum resistance.
privateKey string: A base64 private key. If not specified, it will be automatically generated upon interface creation.
wireguardPeerId string

allowed_addresses Sequence[str]: List of IP (v4 or v6) addresses with CIDR masks from which incoming traffic for this peer is allowed and to which outgoing traffic for this peer is directed. The catch-all 0.0.0.0/0 may be specified for matching all IPv4 addresses, and ::/0 may be specified for matching all IPv6 addresses.
interface str: Name of the interface.
public_key str: The remote peer's calculated public key.
___id_ float: Resource ID type (.id / name). This is an internal service field, setting a value is not required.
___path_ str: Resource path for CRUD operations. This is an internal service field, setting a value is not required.
client_address str: When imported using a qr code for a client (for example, a phone), then this address for the wg interface is set on that device.
client_dns str: Specify when using WireGuard Server as a VPN gateway for peer traffic.
client_endpoint str: The IP address and port number of the WireGuard Server.
client_keepalive str: Same as persistent-keepalive but from peer side.
client_listen_port float: The local port upon which this WireGuard tunnel will listen for incoming traffic from peers, and the port from which it will source outgoing packets.
comment str
disabled bool
endpoint_address str: An endpoint IP or hostname can be left blank to allow remote connection from any address.
endpoint_port str: An endpoint port can be left blank to allow remote connection from any port.
is_responder bool: Specifies if peer is intended to be connection initiator or only responder. Should be used on WireGuard devices that are used as servers for other devices as clients to connect to. Otherwise router will all repeatedly try to connect endpoint-address or current-endpoint-address causing unnecessary system logs to be written.
name str: Name of the tunnel.
persistent_keepalive str: A seconds interval, between 1 and 65535 inclusive, of how often to send an authenticated empty packet to the peer for the purpose of keeping a stateful firewall or NAT mapping valid persistently. For example, if the interface very rarely sends traffic, but it might at anytime receive traffic from a peer, and it is behind NAT, the interface might benefit from having a persistent keepalive interval of 25 seconds.
preshared_key str: A base64 preshared key. Optional, and may be omitted. This option adds an additional layer of symmetric-key cryptography to be mixed into the already existing public-key cryptography, for post-quantum resistance.
private_key str: A base64 private key. If not specified, it will be automatically generated upon interface creation.
wireguard_peer_id str

allowedAddresses List<String>: List of IP (v4 or v6) addresses with CIDR masks from which incoming traffic for this peer is allowed and to which outgoing traffic for this peer is directed. The catch-all 0.0.0.0/0 may be specified for matching all IPv4 addresses, and ::/0 may be specified for matching all IPv6 addresses.
interface String: Name of the interface.
publicKey String: The remote peer's calculated public key.
___id_ Number: Resource ID type (.id / name). This is an internal service field, setting a value is not required.
___path_ String: Resource path for CRUD operations. This is an internal service field, setting a value is not required.
clientAddress String: When imported using a qr code for a client (for example, a phone), then this address for the wg interface is set on that device.
clientDns String: Specify when using WireGuard Server as a VPN gateway for peer traffic.
clientEndpoint String: The IP address and port number of the WireGuard Server.
clientKeepalive String: Same as persistent-keepalive but from peer side.
clientListenPort Number: The local port upon which this WireGuard tunnel will listen for incoming traffic from peers, and the port from which it will source outgoing packets.
comment String
disabled Boolean
endpointAddress String: An endpoint IP or hostname can be left blank to allow remote connection from any address.
endpointPort String: An endpoint port can be left blank to allow remote connection from any port.
isResponder Boolean: Specifies if peer is intended to be connection initiator or only responder. Should be used on WireGuard devices that are used as servers for other devices as clients to connect to. Otherwise router will all repeatedly try to connect endpoint-address or current-endpoint-address causing unnecessary system logs to be written.
name String: Name of the tunnel.
persistentKeepalive String: A seconds interval, between 1 and 65535 inclusive, of how often to send an authenticated empty packet to the peer for the purpose of keeping a stateful firewall or NAT mapping valid persistently. For example, if the interface very rarely sends traffic, but it might at anytime receive traffic from a peer, and it is behind NAT, the interface might benefit from having a persistent keepalive interval of 25 seconds.
presharedKey String: A base64 preshared key. Optional, and may be omitted. This option adds an additional layer of symmetric-key cryptography to be mixed into the already existing public-key cryptography, for post-quantum resistance.
privateKey String: A base64 private key. If not specified, it will be automatically generated upon interface creation.
wireguardPeerId String

Outputs

All input properties are implicitly available as output properties. Additionally, the WireguardPeer resource produces the following output properties:

CurrentEndpointAddress string: The most recent source IP address of correctly authenticated packets from the peer.
CurrentEndpointPort double: The most recent source IP port of correctly authenticated packets from the peer.
Dynamic bool: Configuration item created by software, not by management interface. It is not exported, and cannot be directly modified.
Id string: The provider-assigned unique ID for this managed resource.
LastHandshake string: Time in seconds after the last successful handshake.
Rx string: The total amount of bytes received from the peer.
Tx string: The total amount of bytes transmitted to the peer.

CurrentEndpointAddress string: The most recent source IP address of correctly authenticated packets from the peer.
CurrentEndpointPort float64: The most recent source IP port of correctly authenticated packets from the peer.
Dynamic bool: Configuration item created by software, not by management interface. It is not exported, and cannot be directly modified.
Id string: The provider-assigned unique ID for this managed resource.
LastHandshake string: Time in seconds after the last successful handshake.
Rx string: The total amount of bytes received from the peer.
Tx string: The total amount of bytes transmitted to the peer.

currentEndpointAddress String: The most recent source IP address of correctly authenticated packets from the peer.
currentEndpointPort Double: The most recent source IP port of correctly authenticated packets from the peer.
dynamic Boolean: Configuration item created by software, not by management interface. It is not exported, and cannot be directly modified.
id String: The provider-assigned unique ID for this managed resource.
lastHandshake String: Time in seconds after the last successful handshake.
rx String: The total amount of bytes received from the peer.
tx String: The total amount of bytes transmitted to the peer.

currentEndpointAddress string: The most recent source IP address of correctly authenticated packets from the peer.
currentEndpointPort number: The most recent source IP port of correctly authenticated packets from the peer.
dynamic boolean: Configuration item created by software, not by management interface. It is not exported, and cannot be directly modified.
id string: The provider-assigned unique ID for this managed resource.
lastHandshake string: Time in seconds after the last successful handshake.
rx string: The total amount of bytes received from the peer.
tx string: The total amount of bytes transmitted to the peer.

current_endpoint_address str: The most recent source IP address of correctly authenticated packets from the peer.
current_endpoint_port float: The most recent source IP port of correctly authenticated packets from the peer.
dynamic bool: Configuration item created by software, not by management interface. It is not exported, and cannot be directly modified.
id str: The provider-assigned unique ID for this managed resource.
last_handshake str: Time in seconds after the last successful handshake.
rx str: The total amount of bytes received from the peer.
tx str: The total amount of bytes transmitted to the peer.

currentEndpointAddress String: The most recent source IP address of correctly authenticated packets from the peer.
currentEndpointPort Number: The most recent source IP port of correctly authenticated packets from the peer.
dynamic Boolean: Configuration item created by software, not by management interface. It is not exported, and cannot be directly modified.
id String: The provider-assigned unique ID for this managed resource.
lastHandshake String: Time in seconds after the last successful handshake.
rx String: The total amount of bytes received from the peer.
tx String: The total amount of bytes transmitted to the peer.

Look up Existing WireguardPeer Resource

Get an existing WireguardPeer resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: WireguardPeerState, opts?: CustomResourceOptions): WireguardPeer

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        ___id_: Optional[float] = None,
        ___path_: Optional[str] = None,
        allowed_addresses: Optional[Sequence[str]] = None,
        client_address: Optional[str] = None,
        client_dns: Optional[str] = None,
        client_endpoint: Optional[str] = None,
        client_keepalive: Optional[str] = None,
        client_listen_port: Optional[float] = None,
        comment: Optional[str] = None,
        current_endpoint_address: Optional[str] = None,
        current_endpoint_port: Optional[float] = None,
        disabled: Optional[bool] = None,
        dynamic: Optional[bool] = None,
        endpoint_address: Optional[str] = None,
        endpoint_port: Optional[str] = None,
        interface: Optional[str] = None,
        is_responder: Optional[bool] = None,
        last_handshake: Optional[str] = None,
        name: Optional[str] = None,
        persistent_keepalive: Optional[str] = None,
        preshared_key: Optional[str] = None,
        private_key: Optional[str] = None,
        public_key: Optional[str] = None,
        rx: Optional[str] = None,
        tx: Optional[str] = None,
        wireguard_peer_id: Optional[str] = None) -> WireguardPeer

func GetWireguardPeer(ctx *Context, name string, id IDInput, state *WireguardPeerState, opts ...ResourceOption) (*WireguardPeer, error)

public static WireguardPeer Get(string name, Input<string> id, WireguardPeerState? state, CustomResourceOptions? opts = null)

public static WireguardPeer get(String name, Output<String> id, WireguardPeerState state, CustomResourceOptions options)

resources:  _:    type: routeros:WireguardPeer    get:      id: ${id}

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

AllowedAddresses List<string>: List of IP (v4 or v6) addresses with CIDR masks from which incoming traffic for this peer is allowed and to which outgoing traffic for this peer is directed. The catch-all 0.0.0.0/0 may be specified for matching all IPv4 addresses, and ::/0 may be specified for matching all IPv6 addresses.
ClientAddress string: When imported using a qr code for a client (for example, a phone), then this address for the wg interface is set on that device.
ClientDns string: Specify when using WireGuard Server as a VPN gateway for peer traffic.
ClientEndpoint string: The IP address and port number of the WireGuard Server.
ClientKeepalive string: Same as persistent-keepalive but from peer side.
ClientListenPort double: The local port upon which this WireGuard tunnel will listen for incoming traffic from peers, and the port from which it will source outgoing packets.
Comment string
CurrentEndpointAddress string: The most recent source IP address of correctly authenticated packets from the peer.
CurrentEndpointPort double: The most recent source IP port of correctly authenticated packets from the peer.
Disabled bool
Dynamic bool: Configuration item created by software, not by management interface. It is not exported, and cannot be directly modified.
EndpointAddress string: An endpoint IP or hostname can be left blank to allow remote connection from any address.
EndpointPort string: An endpoint port can be left blank to allow remote connection from any port.
Interface string: Name of the interface.
IsResponder bool: Specifies if peer is intended to be connection initiator or only responder. Should be used on WireGuard devices that are used as servers for other devices as clients to connect to. Otherwise router will all repeatedly try to connect endpoint-address or current-endpoint-address causing unnecessary system logs to be written.
LastHandshake string: Time in seconds after the last successful handshake.
Name string: Name of the tunnel.
PersistentKeepalive string: A seconds interval, between 1 and 65535 inclusive, of how often to send an authenticated empty packet to the peer for the purpose of keeping a stateful firewall or NAT mapping valid persistently. For example, if the interface very rarely sends traffic, but it might at anytime receive traffic from a peer, and it is behind NAT, the interface might benefit from having a persistent keepalive interval of 25 seconds.
PresharedKey string: A base64 preshared key. Optional, and may be omitted. This option adds an additional layer of symmetric-key cryptography to be mixed into the already existing public-key cryptography, for post-quantum resistance.
PrivateKey string: A base64 private key. If not specified, it will be automatically generated upon interface creation.
PublicKey string: The remote peer's calculated public key.
Rx string: The total amount of bytes received from the peer.
Tx string: The total amount of bytes transmitted to the peer.
WireguardPeerId string
___id_ double: Resource ID type (.id / name). This is an internal service field, setting a value is not required.
___path_ string: Resource path for CRUD operations. This is an internal service field, setting a value is not required.

AllowedAddresses []string: List of IP (v4 or v6) addresses with CIDR masks from which incoming traffic for this peer is allowed and to which outgoing traffic for this peer is directed. The catch-all 0.0.0.0/0 may be specified for matching all IPv4 addresses, and ::/0 may be specified for matching all IPv6 addresses.
ClientAddress string: When imported using a qr code for a client (for example, a phone), then this address for the wg interface is set on that device.
ClientDns string: Specify when using WireGuard Server as a VPN gateway for peer traffic.
ClientEndpoint string: The IP address and port number of the WireGuard Server.
ClientKeepalive string: Same as persistent-keepalive but from peer side.
ClientListenPort float64: The local port upon which this WireGuard tunnel will listen for incoming traffic from peers, and the port from which it will source outgoing packets.
Comment string
CurrentEndpointAddress string: The most recent source IP address of correctly authenticated packets from the peer.
CurrentEndpointPort float64: The most recent source IP port of correctly authenticated packets from the peer.
Disabled bool
Dynamic bool: Configuration item created by software, not by management interface. It is not exported, and cannot be directly modified.
EndpointAddress string: An endpoint IP or hostname can be left blank to allow remote connection from any address.
EndpointPort string: An endpoint port can be left blank to allow remote connection from any port.
Interface string: Name of the interface.
IsResponder bool: Specifies if peer is intended to be connection initiator or only responder. Should be used on WireGuard devices that are used as servers for other devices as clients to connect to. Otherwise router will all repeatedly try to connect endpoint-address or current-endpoint-address causing unnecessary system logs to be written.
LastHandshake string: Time in seconds after the last successful handshake.
Name string: Name of the tunnel.
PersistentKeepalive string: A seconds interval, between 1 and 65535 inclusive, of how often to send an authenticated empty packet to the peer for the purpose of keeping a stateful firewall or NAT mapping valid persistently. For example, if the interface very rarely sends traffic, but it might at anytime receive traffic from a peer, and it is behind NAT, the interface might benefit from having a persistent keepalive interval of 25 seconds.
PresharedKey string: A base64 preshared key. Optional, and may be omitted. This option adds an additional layer of symmetric-key cryptography to be mixed into the already existing public-key cryptography, for post-quantum resistance.
PrivateKey string: A base64 private key. If not specified, it will be automatically generated upon interface creation.
PublicKey string: The remote peer's calculated public key.
Rx string: The total amount of bytes received from the peer.
Tx string: The total amount of bytes transmitted to the peer.
WireguardPeerId string
___id_ float64: Resource ID type (.id / name). This is an internal service field, setting a value is not required.
___path_ string: Resource path for CRUD operations. This is an internal service field, setting a value is not required.

___id_ Double: Resource ID type (.id / name). This is an internal service field, setting a value is not required.
___path_ String: Resource path for CRUD operations. This is an internal service field, setting a value is not required.
allowedAddresses List<String>: List of IP (v4 or v6) addresses with CIDR masks from which incoming traffic for this peer is allowed and to which outgoing traffic for this peer is directed. The catch-all 0.0.0.0/0 may be specified for matching all IPv4 addresses, and ::/0 may be specified for matching all IPv6 addresses.
clientAddress String: When imported using a qr code for a client (for example, a phone), then this address for the wg interface is set on that device.
clientDns String: Specify when using WireGuard Server as a VPN gateway for peer traffic.
clientEndpoint String: The IP address and port number of the WireGuard Server.
clientKeepalive String: Same as persistent-keepalive but from peer side.
clientListenPort Double: The local port upon which this WireGuard tunnel will listen for incoming traffic from peers, and the port from which it will source outgoing packets.
comment String
currentEndpointAddress String: The most recent source IP address of correctly authenticated packets from the peer.
currentEndpointPort Double: The most recent source IP port of correctly authenticated packets from the peer.
disabled Boolean
dynamic Boolean: Configuration item created by software, not by management interface. It is not exported, and cannot be directly modified.
endpointAddress String: An endpoint IP or hostname can be left blank to allow remote connection from any address.
endpointPort String: An endpoint port can be left blank to allow remote connection from any port.
interface_ String: Name of the interface.
isResponder Boolean: Specifies if peer is intended to be connection initiator or only responder. Should be used on WireGuard devices that are used as servers for other devices as clients to connect to. Otherwise router will all repeatedly try to connect endpoint-address or current-endpoint-address causing unnecessary system logs to be written.
lastHandshake String: Time in seconds after the last successful handshake.
name String: Name of the tunnel.
persistentKeepalive String: A seconds interval, between 1 and 65535 inclusive, of how often to send an authenticated empty packet to the peer for the purpose of keeping a stateful firewall or NAT mapping valid persistently. For example, if the interface very rarely sends traffic, but it might at anytime receive traffic from a peer, and it is behind NAT, the interface might benefit from having a persistent keepalive interval of 25 seconds.
presharedKey String: A base64 preshared key. Optional, and may be omitted. This option adds an additional layer of symmetric-key cryptography to be mixed into the already existing public-key cryptography, for post-quantum resistance.
privateKey String: A base64 private key. If not specified, it will be automatically generated upon interface creation.
publicKey String: The remote peer's calculated public key.
rx String: The total amount of bytes received from the peer.
tx String: The total amount of bytes transmitted to the peer.
wireguardPeerId String

___id_ number: Resource ID type (.id / name). This is an internal service field, setting a value is not required.
___path_ string: Resource path for CRUD operations. This is an internal service field, setting a value is not required.
allowedAddresses string[]: List of IP (v4 or v6) addresses with CIDR masks from which incoming traffic for this peer is allowed and to which outgoing traffic for this peer is directed. The catch-all 0.0.0.0/0 may be specified for matching all IPv4 addresses, and ::/0 may be specified for matching all IPv6 addresses.
clientAddress string: When imported using a qr code for a client (for example, a phone), then this address for the wg interface is set on that device.
clientDns string: Specify when using WireGuard Server as a VPN gateway for peer traffic.
clientEndpoint string: The IP address and port number of the WireGuard Server.
clientKeepalive string: Same as persistent-keepalive but from peer side.
clientListenPort number: The local port upon which this WireGuard tunnel will listen for incoming traffic from peers, and the port from which it will source outgoing packets.
comment string
currentEndpointAddress string: The most recent source IP address of correctly authenticated packets from the peer.
currentEndpointPort number: The most recent source IP port of correctly authenticated packets from the peer.
disabled boolean
dynamic boolean: Configuration item created by software, not by management interface. It is not exported, and cannot be directly modified.
endpointAddress string: An endpoint IP or hostname can be left blank to allow remote connection from any address.
endpointPort string: An endpoint port can be left blank to allow remote connection from any port.
interface string: Name of the interface.
isResponder boolean: Specifies if peer is intended to be connection initiator or only responder. Should be used on WireGuard devices that are used as servers for other devices as clients to connect to. Otherwise router will all repeatedly try to connect endpoint-address or current-endpoint-address causing unnecessary system logs to be written.
lastHandshake string: Time in seconds after the last successful handshake.
name string: Name of the tunnel.
persistentKeepalive string: A seconds interval, between 1 and 65535 inclusive, of how often to send an authenticated empty packet to the peer for the purpose of keeping a stateful firewall or NAT mapping valid persistently. For example, if the interface very rarely sends traffic, but it might at anytime receive traffic from a peer, and it is behind NAT, the interface might benefit from having a persistent keepalive interval of 25 seconds.
presharedKey string: A base64 preshared key. Optional, and may be omitted. This option adds an additional layer of symmetric-key cryptography to be mixed into the already existing public-key cryptography, for post-quantum resistance.
privateKey string: A base64 private key. If not specified, it will be automatically generated upon interface creation.
publicKey string: The remote peer's calculated public key.
rx string: The total amount of bytes received from the peer.
tx string: The total amount of bytes transmitted to the peer.
wireguardPeerId string

___id_ float: Resource ID type (.id / name). This is an internal service field, setting a value is not required.
___path_ str: Resource path for CRUD operations. This is an internal service field, setting a value is not required.
allowed_addresses Sequence[str]: List of IP (v4 or v6) addresses with CIDR masks from which incoming traffic for this peer is allowed and to which outgoing traffic for this peer is directed. The catch-all 0.0.0.0/0 may be specified for matching all IPv4 addresses, and ::/0 may be specified for matching all IPv6 addresses.
client_address str: When imported using a qr code for a client (for example, a phone), then this address for the wg interface is set on that device.
client_dns str: Specify when using WireGuard Server as a VPN gateway for peer traffic.
client_endpoint str: The IP address and port number of the WireGuard Server.
client_keepalive str: Same as persistent-keepalive but from peer side.
client_listen_port float: The local port upon which this WireGuard tunnel will listen for incoming traffic from peers, and the port from which it will source outgoing packets.
comment str
current_endpoint_address str: The most recent source IP address of correctly authenticated packets from the peer.
current_endpoint_port float: The most recent source IP port of correctly authenticated packets from the peer.
disabled bool
dynamic bool: Configuration item created by software, not by management interface. It is not exported, and cannot be directly modified.
endpoint_address str: An endpoint IP or hostname can be left blank to allow remote connection from any address.
endpoint_port str: An endpoint port can be left blank to allow remote connection from any port.
interface str: Name of the interface.
is_responder bool: Specifies if peer is intended to be connection initiator or only responder. Should be used on WireGuard devices that are used as servers for other devices as clients to connect to. Otherwise router will all repeatedly try to connect endpoint-address or current-endpoint-address causing unnecessary system logs to be written.
last_handshake str: Time in seconds after the last successful handshake.
name str: Name of the tunnel.
persistent_keepalive str: A seconds interval, between 1 and 65535 inclusive, of how often to send an authenticated empty packet to the peer for the purpose of keeping a stateful firewall or NAT mapping valid persistently. For example, if the interface very rarely sends traffic, but it might at anytime receive traffic from a peer, and it is behind NAT, the interface might benefit from having a persistent keepalive interval of 25 seconds.
preshared_key str: A base64 preshared key. Optional, and may be omitted. This option adds an additional layer of symmetric-key cryptography to be mixed into the already existing public-key cryptography, for post-quantum resistance.
private_key str: A base64 private key. If not specified, it will be automatically generated upon interface creation.
public_key str: The remote peer's calculated public key.
rx str: The total amount of bytes received from the peer.
tx str: The total amount of bytes transmitted to the peer.
wireguard_peer_id str

___id_ Number: Resource ID type (.id / name). This is an internal service field, setting a value is not required.
___path_ String: Resource path for CRUD operations. This is an internal service field, setting a value is not required.
allowedAddresses List<String>: List of IP (v4 or v6) addresses with CIDR masks from which incoming traffic for this peer is allowed and to which outgoing traffic for this peer is directed. The catch-all 0.0.0.0/0 may be specified for matching all IPv4 addresses, and ::/0 may be specified for matching all IPv6 addresses.
clientAddress String: When imported using a qr code for a client (for example, a phone), then this address for the wg interface is set on that device.
clientDns String: Specify when using WireGuard Server as a VPN gateway for peer traffic.
clientEndpoint String: The IP address and port number of the WireGuard Server.
clientKeepalive String: Same as persistent-keepalive but from peer side.
clientListenPort Number: The local port upon which this WireGuard tunnel will listen for incoming traffic from peers, and the port from which it will source outgoing packets.
comment String
currentEndpointAddress String: The most recent source IP address of correctly authenticated packets from the peer.
currentEndpointPort Number: The most recent source IP port of correctly authenticated packets from the peer.
disabled Boolean
dynamic Boolean: Configuration item created by software, not by management interface. It is not exported, and cannot be directly modified.
endpointAddress String: An endpoint IP or hostname can be left blank to allow remote connection from any address.
endpointPort String: An endpoint port can be left blank to allow remote connection from any port.
interface String: Name of the interface.
isResponder Boolean: Specifies if peer is intended to be connection initiator or only responder. Should be used on WireGuard devices that are used as servers for other devices as clients to connect to. Otherwise router will all repeatedly try to connect endpoint-address or current-endpoint-address causing unnecessary system logs to be written.
lastHandshake String: Time in seconds after the last successful handshake.
name String: Name of the tunnel.
persistentKeepalive String: A seconds interval, between 1 and 65535 inclusive, of how often to send an authenticated empty packet to the peer for the purpose of keeping a stateful firewall or NAT mapping valid persistently. For example, if the interface very rarely sends traffic, but it might at anytime receive traffic from a peer, and it is behind NAT, the interface might benefit from having a persistent keepalive interval of 25 seconds.
presharedKey String: A base64 preshared key. Optional, and may be omitted. This option adds an additional layer of symmetric-key cryptography to be mixed into the already existing public-key cryptography, for post-quantum resistance.
privateKey String: A base64 private key. If not specified, it will be automatically generated upon interface creation.
publicKey String: The remote peer's calculated public key.
rx String: The total amount of bytes received from the peer.
tx String: The total amount of bytes transmitted to the peer.
wireguardPeerId String

Package Details

Repository: routeros terraform-routeros/terraform-provider-routeros
License
Notes: This Pulumi package is based on the routeros Terraform Provider.

routeros 1.83.1 published on Monday, Apr 28, 2025 by terraform-routeros

terraform-routeros/terraform-provider-routeros

routeros.WireguardPeer

On this page

On this page

# routeros.WireguardPeer (Resource)

This is an alias for backwards compatibility between plugin versions.

Create WireguardPeer Resource

Constructor syntax

Parameters

WireguardPeer Resource Properties

Inputs

Outputs

Look up Existing WireguardPeer Resource

Package Details

On this page

On this page