-
Notifications
You must be signed in to change notification settings - Fork 2.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
luci-proto-wireguard: Wrong generated AllowedIPs #5956
Comments
Please provide the relevant UCI settings of /etc/config/network as well as the generated peer configuration and the peer configuration as it should look like. Your description is not clear enough to me. |
Those are the relevant settings including my LAN interface configuration to better understand where some of those IPs are coming from in my modified configuration. I can't say if it is a good default to include all lan IP ranges in the UCI settings
Generated configuration that doesn't connect correctly for me
Modified configuration that works for me
|
Is the However using given allowed IPs of a peer section and adding them verbatim as Address entries for the peer does not seem right to me. Not all allowed IP entries are local peer interface IPs, there might also be address ranges referring to remote subnets available on the remote end of the tunnel etc. Could you confirm that the following configuration also works for you?
|
True. That was an oversight.
This doesn't work for me (at least I can't reach any peers or they can't reach me). I don't know if there is some server side configuration that makes this work, but for me it doesn't. I don't really understand how it is supposed to work either - if you don't set an IP address to the interface, how is it supposed to communicate? Does this require an active DHCP server? Edit: I have been looking at multiple examples and official documentation for wg-quick, and I have yet to find an example that doesn't set a peer IP for any peer. wg-quick doesn't run dhclient, dhclient actually refuses to work with the wireguard interface when run manually. |
This corrects the option `AllowedIPs` in generated peer configurations, and allows to customize it via a dropdown list. Fixes: #5956 Signed-off-by: Julien Cassette <julien.cassette@gmail.com> [correct fixes tag, slightly adjust option description] Signed-off-by: Jo-Philipp Wich <jo@mein.io> (cherry picked from commit 73aca68)
This corrects the option `AllowedIPs` in generated peer configurations, and allows to customize it via a dropdown list. Fixes: openwrt#5956 Signed-off-by: Julien Cassette <julien.cassette@gmail.com> [correct fixes tag, slightly adjust option description] Signed-off-by: Jo-Philipp Wich <jo@mein.io> (cherry picked from commit 73aca68) (cherry picked from commit 14403fe)
Steps to reproduce:
The generated peer configuration in luci-proto-wireguard will put the peer IPs in
AllowedIPs
. As this is meant to be the configuration for the peer, those IPs should be configured withAddress
in the[Interface]
section instead. TheAllowedIPs
configuration should instead include the configured host IP addresses of the interface.Actual behavior:
AllowedIPs
are set to the peer IPs, not the host IPsAddress
in the[Interface]
section is not set at allExpected behavior:
AllowedIPs
should contain the host (openwrt) IPs set in the interface configurationAddress
should be set to the peer IPsAdditional Information:
OpenWrt version information from system
/etc/openwrt_release
The text was updated successfully, but these errors were encountered: