Open juniorz opened 3 years ago
@juniorz Thank you for the request.
Could you let me know which version you are using?
There is currently a pre-release of an update to the configuration system that has been downloaded by some auto-update scripts. Could you specifically check for the file /opt/wireguard/interface.sh
?
If you are not using the pre-release and are able to test, it might be worth giving it a try.
This error is being generated by /opt/vyatta/sbin/vyatta-check-allowed-ips.pl
(which is maintained by this repo).
@FossoresLP I wonder if this file has some overlap with /opt/wireguard/update_routes.sh
.
@whiskerz007 I would say they overlap a lot. The only difference is that perl script prints nice error messages while your checks lead to commit errors. But the perl script causes issues like this. It should either be updated or removed - of course only after validating your script catches everything.
@FossoresLP Generating a clear error for a specified scenario is easy to implement. When the template system calls a script, any output from that script is printed below the full node path.
From a cursory look, it seems the only thing the Perl script does is checks to see if any allowed-ips CIDR is configured on multiple peers on a given interface.
I expected being able to keep multiple peers configured with duplicated allowed IPs as long as they are not enabled at the same time. However, even in that case, I receive an error message
Allowed IP 0.0.0.0/0 assigned to multiple peers on interface wg0
when I try to enable the interface.This would be useful to allow keeping configured multiple VPN servers and quickly alternate between them by just manipulating their
disabled
property.