Open juniorz opened 3 years ago
FossoresLP
commented
3 years ago @juniorz Thank you for the request.
Could you let me know which version you are using?
There is currently a pre-release of an update to the configuration system that has been downloaded by some auto-update scripts. Could you specifically check for the file /opt/wireguard/interface.sh?
If you are not using the pre-release and are able to test, it might be worth giving it a try.
whiskerz007
commented
3 years ago This error is being generated by /opt/vyatta/sbin/vyatta-check-allowed-ips.pl (which is maintained by this repo).
@FossoresLP I wonder if this file has some overlap with /opt/wireguard/update_routes.sh.
FossoresLP
commented
3 years ago @whiskerz007 I would say they overlap a lot. The only difference is that perl script prints nice error messages while your checks lead to commit errors. But the perl script causes issues like this. It should either be updated or removed - of course only after validating your script catches everything.
whiskerz007
commented
3 years ago @FossoresLP Generating a clear error for a specified scenario is easy to implement. When the template system calls a script, any output from that script is printed below the full node path.
From a cursory look, it seems the only thing the Perl script does is checks to see if any allowed-ips CIDR is configured on multiple peers on a given interface.
I expected being able to keep multiple peers configured with duplicated allowed IPs as long as they are not enabled at the same time. However, even in that case, I receive an error message
Allowed IP 0.0.0.0/0 assigned to multiple peers on interface wg0when I try to enable the interface.This would be useful to allow keeping configured multiple VPN servers and quickly alternate between them by just manipulating their
disabledproperty.