Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Wireguard Peer Generator: Field "Allowed IPs" always errors with "A value is required." #7470

Closed
1 of 2 tasks
tuxmainy opened this issue May 19, 2024 · 9 comments
Closed
1 of 2 tasks

Wireguard Peer Generator: Field "Allowed IPs" always errors with "A value is required." #7470

tuxmainy opened this issue May 19, 2024 · 9 comments
Assignees
@AdSchellevis
Labels
bug Production bug
Milestone
24.7

Comments

@tuxmainy
Copy link

Important notices

Before you add a new report, we ask you kindly to acknowledge the following:

Describe the bug
When using the WireGuard Peer Generator I am unable to use "Store and generate next" because the field "Allowed IPs" always shows the error "A value is required." no matter what I enter. If the field requires a special value / notation the error message should be changed.

grafik

To Reproduce

Steps to reproduce the behavior:

  1. Go to 'VPN -> WireGuard -> Peer Generator'
  2. type network (e.g. 10.0.0.0/24) in 'Allowed IPs'
  3. Click on the check button 'Store and generate next'
  4. Allowed IPs gets a red box and the error message "A value is required."

Expected behavior

Store and generate next

Describe alternatives you considered

No way found

Screenshots

See above

Relevant log files
This shows in log files everytime trying to click 'Store and generate next':

2024-05-19T19:53:11 Error config [OPNsense\Wireguard\Server:servers.server.a6d636b1-XXX.peers] Choose a peer.{01cd3b71-YYY}

Additional context

First time using WireGuard. Don't know if this error happens in prior versions, too.

Environment

OPNsense 24.1.7-amd64
@tuxmainy
Copy link
Author

On a second server I discovered that Proxy Auto Configuration is not working anymore. Looking at the generated rules I see:

if (((isInNet(dstip, "", "255.255.255.0")))) {
return "DIRECT";
}

This should be a rule matching a network. Please notice the second parameter of isInNet which should be a network address but is "" instead.

I think there is currently something wrong with parsing networks generally. So this issue is not related to wireguard but all configurations using network textboxes?

regards
Daniel

AdSchellevis added a commit that referenced this issue May 20, 2024
@AdSchellevis
mvc: model silence spurious validation message when explitly asked to…
611ee6a 
… ignore validations. (#7470)
@AdSchellevis
Copy link
Member

can't reproduce on a clean install, but looking at the message in the log, the spurious message would better be omitted as referential integrity checks are not possible yet at that point. 611ee6a silences the message.

It might be a good idea to do a firmware health check and perhaps check any browser plugins installed (if any).

@AdSchellevis AdSchellevis added the support Community support label May 20, 2024
@tuxmainy
Copy link
Author

I got this on two separate boxes with two different clients. Both installations where updated from an older version to 24.1.7

Anyway, I tried the peer generator in a chromium without any plugins (at least I haven't installed any ;)) with the same result:
grafik
BTW: the initial view of the peer generator page looks like this:
grafik
As you can see, the Allowed IPs field is already not shown as it should, right?

I will look into the firmware health check and come back with the results. Thanks so far :)

@tuxmainy
Copy link
Author

No errors in Health Check:

***GOT REQUEST TO AUDIT HEALTH***
Currently running OPNsense 24.1.7 at Mon May 20 20:54:03 CEST 2024
>>> Root file system: /dev/gpt/rootfs
>>> Check installed kernel version
Version 24.1.5 is correct.
>>> Check for missing or altered kernel files
No problems detected.
>>> Check installed base version
Version 24.1.5 is correct.
>>> Check for missing or altered base files
No problems detected.
>>> Check installed repositories
OPNsense
>>> Check installed plugins
os-ddclient 1.21_2
os-squid 1.0_1
os-zabbix64-agent 1.13_2
os-zabbix64-proxy 1.10_1
>>> Check locked packages
No locks found.
>>> Check for missing package dependencies
Checking all packages: .......... done
>>> Check for missing or altered package files
Checking all packages: .......... done
>>> Check for core packages consistency
Core package "opnsense" has 68 dependencies to check.
Checking packages: ..................................................................... done
***DONE***

@tuxmainy
Copy link
Author

tuxmainy commented May 20, 2024
edited
Loading

Checked all request on reloading page (ignoring cache), but all files are getting loaded with HTTP 200. Two issues regarding "img-src self" in the console but I think they don't matter here.

@tuxmainy
Copy link
Author

can't reproduce on a clean install, [...]

Did a clean install of 24.1 by myself. As peer generator is not available I updated to 24.1.7 and the result is:

grafik

Double checked this with chromium. Same result.

@tuxmainy
Copy link
Author

On a second server I discovered that Proxy Auto Configuration is not working anymore. [...]

This is broken because of the commit 67f6aee which changed the returning object class of the helper function. I don't know if this is related to the WireGuard Peer Generator issue described here. So I will create a new issue on opnsense/plugins for squid proxy.

@tuxmainy tuxmainy mentioned this issue May 20, 2024
Closed
3 tasks
@fichtner fichtner removed the support Community support label May 21, 2024
@fichtner fichtner added this to the 24.7 milestone May 21, 2024
@fichtner fichtner added the bug Production bug label May 21, 2024
@fichtner
Copy link
Member

fichtner commented May 21, 2024
edited
Loading

The error you see is when there is no tunnel address set in the instance. We're working on a fix.

@AdSchellevis
Copy link
Member

right error, wrong field indeed. 4e16134 should fix this

fichtner pushed a commit that referenced this issue May 21, 2024
@AdSchellevis @fichtner
VPN: WireGuard: Peer generator - when we are not able to generate an …
4cae8a1 
…address for the client and none has been provided, make sure we signal the error at the correct field. The new clients address is(are) the address(es) being allowed and optionally routed by this peer. closes #7470

(cherry picked from commit 4e16134)
fichtner pushed a commit that referenced this issue May 29, 2024
@AdSchellevis @fichtner
mvc: model silence spurious validation message when explitly asked to…
3f54a9b 
… ignore validations. (#7470)

(cherry picked from commit 611ee6a)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@AdSchellevis AdSchellevis

Labels
bug Production bug
Milestone
24.7
Development

No branches or pull requests
3 participants
@fichtner @AdSchellevis @tuxmainy