VX DocsWireGuard
DeviceConfig and PeerConfig
Proto: protos/proto/vx/proxy/wireguard/config.proto
WireGuard is configured as an outbound DeviceConfig (no separate *ServerConfig in this proto).
DeviceConfig
| Field | Type | Description |
|---|---|---|
secretKey | string | Local private key |
endpoint | string[] | Endpoint host(s) |
peers | PeerConfig[] | Remote peers |
mtu | int32 | Interface MTU |
numWorkers | int32 | Worker count |
reserved | bytes | WireGuard reserved bytes (3) |
isClient | bool | Client mode |
noKernelTun | bool | Userspace tun only |
PeerConfig
| Field | Description |
|---|---|
publicKey | Peer public key |
preSharedKey | Optional PSK |
endpoint | Peer endpoint host:port |
keepAlive | Persistent keepalive (seconds) |
allowedIps | Allowed IP CIDRs for this peer |
{
"@type": "type.googleapis.com/vx.proxy.wireguard.DeviceConfig",
"secretKey": "...",
"isClient": true,
"peers": [
{
"publicKey": "...",
"endpoint": "vpn.example.com:51820",
"allowedIps": ["0.0.0.0/0", "::/0"]
}
]
}