Closed TheRealVira closed 2 years ago
I believe that "/24" in address line is the reason
Johanna Rührig notifications@github.com 6 марта 2021 г. 18:50:29 написал:
This is happening when trying to load the following config file by using sudo wg setconf wg0 wireguard.conf: [Interface] Address = 10.10.10.10/24 SaveConfig = true ListenPort = 51820 PrivateKey = xxx [Peer] PublicKey = xxx AllowedIPs = 10.10.10.11/24 Endpoint = xxx
Output: Line unrecognized: `Address=10.10.10.10/24' Configuration parsing error
— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub, or unsubscribe.
It does not work with /32
or without any /*
either.
I am generally unable to get any connection when using wireguard-vyatta-ubnt
. My config based on the configuration commands:
set interfaces wireguard wg0 address 10.10.10.10/32
set interfaces wireguard wg0 listen-port 51820
set interfaces wireguard wg0 mtu 1420
set interfaces wireguard wg0 peer xxx allowed-ips 10.10.10.11/32
set interfaces wireguard wg0 peer xxx endpoint 'xxx:51820'
set interfaces wireguard wg0 private-key /config/auth/wg.key
set interfaces wireguard wg0 route-allowed-ips true
(show configuration commands | grep wg0
)
xxx@xxx# show interfaces wireguard
wireguard wg0 {
address 10.10.10.10/32
firewall {
out {
name Wireguard
}
}
listen-port 51820
mtu 1420
peer xxx {
allowed-ips 10.10.10.11/32
endpoint xxx:51820
}
private-key /config/auth/wg.key
route-allowed-ips true
}
Couple of items. I've still trying to learn how to make this route, and my site to site is still not working in my environment, but here's one thing I see:
Use a different network for the wireguard address, I think you're supposed to do that..
so make config look like this, perhaps:
set interfaces wireguard wg0 address 10.100.100.10/32 set interfaces wireguard wg0 listen-port 51820 set interfaces wireguard wg0 mtu 1420 set interfaces wireguard wg0 peer xxx allowed-ips 10.100.100.0/24 set interfaces wireguard wg0 peer xxx allowed-ips 10.10.10.0/24 set interfaces wireguard wg0 peer xxx endpoint 'xxx:51820' set interfaces wireguard wg0 private-key /config/auth/wg.key set interfaces wireguard wg0 route-allowed-ips true
This way - the wireguard connection will be a network of 10.100.100.0/24.
The WireGuard address CIDR needs to encompass the addresses of the remote connections. The peer allowed-ips
needs to have at least the remote WireGuard connection's address with /32
and any additional CIDR networks you want to routes.
So, in other words, it should look like this?:
set interfaces wireguard wg0 address 10.100.100.10/24 set interfaces wireguard wg0 listen-port 51820 set interfaces wireguard wg0 mtu 1420 set interfaces wireguard wg0 peer xxx allowed-ips 10.100.100.0/24 set interfaces wireguard wg0 peer xxx allowed-ips 10.10.10.0/24 set interfaces wireguard wg0 peer xxx endpoint 'xxx:51820' set interfaces wireguard wg0 private-key /config/auth/wg.key set interfaces wireguard wg0 route-allowed-ips true
This way the 10.100.100.0/24 network is "visible" by the WG interfaces as being local, allowing routes to traverse the connection.
Correct?
@inzi Please refer to the documentation in the readme for this repo. Pay close attention to the CIDR notation. Your configuration should be modeled after that example. Let us know if you need further assistance.
You can use wg-quick
which support the Address config. wg-quick up /etc/wireguard/wg0.conf
. I guess the wg
and wg-quick
support different config file.
This is happening when trying to load the following config file by using
sudo wg setconf wg0 wireguard.conf
:Output: