var img = document.createElement('img'); img.src = "https://matomo.0l.de/piwik.php?idsite=5&rec=1&url=https://cunicu.li" + location.pathname; img.style = "border:0"; img.alt = "tracker"; var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(img,s);
Skip to main content

Auto-configuration

The auto-configuration feature assigns link-local IP addresses to WireGuard interfaces as well as configures several other common settings such as MTU, IP addresses or DNS settings.

This feature automatically assigns each interface link-local IPv4 and IPv6 addresses derived from the interface's public key.

This enables peer-to-peer communication when no site-local or global addresses are assigned yet.

Address calculation

Addresses are generated by concatenating a well-known network prefix (fe80::/64, 169.254.0.0/16) with an host part derived from the public key PKPK of the peer/interface using the 64-bit SipHash64\mathrm{SipHash}_{64} hashing function:

H = SipHash64(PK)Hfold = (H0xFFFF)(H16)IPv6linklocal = {fe80:  H }/64IPv4linklocal = {169.254.  Hfold }/16\begin{align} H~=&~\mathrm{SipHash}_{64}(PK) \\ H_{fold}~=&~(H \land \mathrm{0xFFFF}) \barwedge (H \gg 16) \\ \mathrm{IPv6}_{link-local}~=&~\{ \mathrm{fe80:}~||~H~\} /64 \\ \mathrm{IPv4}_{link-local}~=&~\{ \mathrm{169.254.}~||~H_{fold}~\}/16 \\ \end{align}

This addresses calculation can be performed with the cunicu addresses sub-command.

Missing settings

The following settings are automatically assigned if they have not been set before:

  • Private Key: a new random private key will be generated.
  • Listen port: the next free port in the configured listen port range is used (see wireguard.listen_port_range setting).
  • MTU: is automatically determined from the endpoint addresses or the system default route.

Configuration

The following settings can be used in the main section of the configuration file or with-in the interfaces section to customize settings of an individual interface.

mtu
number (MTU)

The Maximum Transmission Unit (MTU) of the WireGuard interface. If not specified, the MTU is automatically determined from the endpoint addresses or the system default route, which is usually a sane choice. However, to manually specify an MTU to override this automatic discovery, this value may be specified explicitly.

addresses
Array of strings (Addresses)

A list of IP (v4 or v6) addresses (optionally with CIDR masks) to be assigned to the interface.

prefixes
Array of strings (Prefixes)

A list of prefixes which cunīcu uses to derive local addresses from the interfaces public key.

Array of IP Address (any) or IP Address (any) (DNS Servers)

A list of IP (v4 or v6) addresses to be set as the interface's DNS servers, or non-IP hostnames to be set as the interface's DNS search domains. Upon bringing the interface up, this runs resolvconf -a tun.INTERFACE -m 0 -x and upon bringing it down, this runs resolvconf -d tun.INTERFACE. If these particular invocations of resolvconf(8) are undesirable, custom hooks can be used instead.

{
  • "mtu": 1420,
  • "addresses": [
    ],
  • "prefixes": [
    ],
  • "dns": [
    ]
}