Closed jbauers closed 4 years ago
Can you share your code? I would be surprised if this library was broken in that way since the integration tests continue to pass.
https://github.com/WireGuard/wgctrl-go/blob/master/client_integration_test.go#L202
Check out the test here to see what I'm using. Perhaps you're not passing the appropriate "replace allowed IPs" or "replace peers" flags to the kernel?
Thanks for the quick reply. Sure, below are the relevant parts.
Here's the function to generate a peer configuration: https://github.com/jbauers/saml-wireguard/blob/lua/backend/src/wireguard.go#L25
Stitching them together: https://github.com/jbauers/saml-wireguard/blob/lua/backend/src/redis.go#L88
And finally updating the interface: https://github.com/jbauers/saml-wireguard/blob/lua/backend/src/wireguard.go#L44
Let me know if I can help with anything else.
Hi, just a quick update, it works as expected when my IPs are a /32
. If they're part of the same subnet, I see the described behaviour. This happens for both IPv6 and IPv4 as far as I can tell (just briefly tried IPv6).
Expected behaviour with IPv4 and /32
:
backend_1 | 2020/05/21 19:44:15 {Fr/KrjXdvl85DA49f2Ip9bo8M+oPTZoGiclZ5ySA1i0= false false /8a5jaKVU2EElUcpaP4PUpg1KCpQaFpwDQTc2fdZU9E= <nil> <nil> true [{10.100.0.118 ffffffff}]}
backend_1 | 2020/05/21 19:44:15 {X4HzTvvUY8KOsJtwjZk53fg1OklBDP4XK0Jflo88lmA= false false H4t3uMrGbpM9AGEZ7YzoM0bMW9QuUBbgFCzWJoAl2+E= <nil> <nil> true [{10.100.0.113 ffffffff}]}
backend_1 | 2020/05/21 19:44:15 [{Fr/KrjXdvl85DA49f2Ip9bo8M+oPTZoGiclZ5ySA1i0= false false /8a5jaKVU2EElUcpaP4PUpg1KCpQaFpwDQTc2fdZU9E= <nil> <nil> true [{10.100.0.118 ffffffff}]} {X4HzTvvUY8KOsJtwjZk53fg1OklBDP4XK0Jflo88lmA= false false H4t3uMrGbpM9AGEZ7YzoM0bMW9QuUBbgFCzWJoAl2+E= <nil> <nil> true [{10.100.0.113 ffffffff}]}]
backend_1 | 2020/05/21 19:44:15 [0xc000012e80]
backend_1 | 2020/05/21 19:44:15 wg0
backend_1 | 2020/05/21 19:44:15 Linux kernel
backend_1 | 2020/05/21 19:44:15 kPEgo1AYt8PW4GPa7I8i3U5d2yB5HLTcDnFPP9gTe0U=
backend_1 | 2020/05/21 19:44:15 fcizOLK6Yx1zc7WO5uaTaDtWNG6/xY41UqxvSEpp7kU=
backend_1 | 2020/05/21 19:44:15 51820
backend_1 | 2020/05/21 19:44:15 0
backend_1 | 2020/05/21 19:44:15 [{Fr/KrjXdvl85DA49f2Ip9bo8M+oPTZoGiclZ5ySA1i0= /8a5jaKVU2EElUcpaP4PUpg1KCpQaFpwDQTc2fdZU9E= <nil> 0s 0001-01-01 00:00:00 +0000 UTC 0 0 [{10.100.0.118 ffffffff}] 1} {X4HzTvvUY8KOsJtwjZk53fg1OklBDP4XK0Jflo88lmA= H4t3uMrGbpM9AGEZ7YzoM0bMW9QuUBbgFCzWJoAl2+E= <nil> 0s 0001-01-01 00:00:00 +0000 UTC 0 0 [{10.100.0.113 ffffffff}] 1}]
IPv6 example, 3 peers on the same network:
backend_1 | 2020/05/21 19:40:53 {fP2j74q/q/XpvjqRc9uNDPPaIF0tJEFs1ln+UHt7/2M= false false ErqY0SbOFrMbhKMA5B0xMyh9Gz0GOK/CdRMG0fFFDoM= <nil> <nil> true [{fc00:: fe000000000000000000000000000000}]}
backend_1 | 2020/05/21 19:40:53 {N1CHua5VguZvKSdvsn745BOknmHSseKLg8InNneKBQE= false false q9CSdz+nobXrMmwG0OYGHV7d85yUH4NiY7rX0fn40r8= <nil> <nil> true [{fc00:: fe000000000000000000000000000000}]}
backend_1 | 2020/05/21 19:40:53 {P08VPorvEbOY7SOqKsYfkRBWqawIro6rcVZAEjPr8SY= false false ytljwFLuxzjO/1YlPSfaVmwpJc/jJjFoMGGR9yLzqSk= <nil> <nil> true [{fc00:: fe000000000000000000000000000000}]}
backend_1 | 2020/05/21 19:40:53 [{fP2j74q/q/XpvjqRc9uNDPPaIF0tJEFs1ln+UHt7/2M= false false ErqY0SbOFrMbhKMA5B0xMyh9Gz0GOK/CdRMG0fFFDoM= <nil> <nil> true [{fc00:: fe000000000000000000000000000000}]} {N1CHua5VguZvKSdvsn745BOknmHSseKLg8InNneKBQE= false false q9CSdz+nobXrMmwG0OYGHV7d85yUH4NiY7rX0fn40r8= <nil> <nil> true [{fc00:: fe000000000000000000000000000000}]} {P08VPorvEbOY7SOqKsYfkRBWqawIro6rcVZAEjPr8SY= false false ytljwFLuxzjO/1YlPSfaVmwpJc/jJjFoMGGR9yLzqSk= <nil> <nil> true [{fc00:: fe000000000000000000000000000000}]}]
backend_1 | 2020/05/21 19:40:53 [0xc000013e80]
backend_1 | 2020/05/21 19:40:53 wg0
backend_1 | 2020/05/21 19:40:53 Linux kernel
backend_1 | 2020/05/21 19:40:53 oIeu6HtyvOpnfKP48jhJ1DfAC2d7GTjVl59lfW4dZUU=
backend_1 | 2020/05/21 19:40:53 i6kOuDTh3dCictmGbc6LKVVbpSVVW5pSBNzdr4+Ucyw=
backend_1 | 2020/05/21 19:40:53 51820
backend_1 | 2020/05/21 19:40:53 0
backend_1 | 2020/05/21 19:40:53 [{fP2j74q/q/XpvjqRc9uNDPPaIF0tJEFs1ln+UHt7/2M= ErqY0SbOFrMbhKMA5B0xMyh9Gz0GOK/CdRMG0fFFDoM= <nil> 0s 0001-01-01 00:00:00 +0000 UTC 0 0 [] 1} {N1CHua5VguZvKSdvsn745BOknmHSseKLg8InNneKBQE= q9CSdz+nobXrMmwG0OYGHV7d85yUH4NiY7rX0fn40r8= <nil> 0s 0001-01-01 00:00:00 +0000 UTC 0 0 [] 1} {P08VPorvEbOY7SOqKsYfkRBWqawIro6rcVZAEjPr8SY= ytljwFLuxzjO/1YlPSfaVmwpJc/jJjFoMGGR9yLzqSk= <nil> 0s 0001-01-01 00:00:00 +0000 UTC 0 0 [{fc00:: fe000000000000000000000000000000}] 1}]
I had a quick look at the code, and this struck me as odd: https://github.com/WireGuard/wgctrl-go/blob/master/internal/wglinux/configure_linux.go#L109
Could there be an issue here? Sorry, I'm not super experienced with Go, just trying to figure things out.
Just realised, it should only work when they're a /32
on the server side. Sorry for the the noise :sweat_smile: Just wondering if there should be an error, but oh well - will close.
Hi, thanks for this package! I've been playing around with it, and it seems like
AllowedIPs
as part ofwgtypes.PeerConfig
when passed towgctrl.ConfigureDevice()
isn't applied properly:AllowedIPs
for Peer A end up as[]
, and Peer B gets[{10.100.0.0 ffffff00}]
. I'd expect[{10.100.0.80 ffffff00}]
and[{10.100.0.116 ffffff00}]
respectively. Inspecting withwg
:Not sure if I'm holding it wrong of if there's a bug somewhere. Any help would be appreciated. Thanks :)