Hi!
Currently, Wireguard-Logging seems to be quite limited.
I can only see config-changes but no:
The only thing I found is getting debug data in /interface/wireguard/peers and filter on “last-handshake”, but I do not find any possibility to see e.g. brute-force attacks.
How do you work with WireGuard?
Is there any “extended” debugging?
Thank you and best wishes
Stril
add chain=input action=log dst-port=wireguard_listen-port log=yes log-prefix=Attemped_Connections
add chain=input action=accept dst-port=wireguard_listen-port
One can (monitor traffic on peer) at least I do to see if the keep alive from the client is working
Wireguard uses public key cryptography - there is nothing to brute force. Either a packet has a valid handshake or it is silently discarded without any state being allocated, making it DoS-resistant. No one can even tell that Wireguard is running unless they are an allowed peer. See https://www.wireguard.com/protocol/#:~:text=read%20the%20message.-,DoS%20Mitigation,-We%20require%20authentication for more info.