search

donaldzou / WGDashboard

Simple dashboard for WireGuard VPN written in Python w/ Flask
Apache License 2.0
1.23k stars 177 forks source link

WGDashboard freeze if Wireguard Network is set to /16 #283

Open arnolfoaquino opened 5 days ago

arnolfoaquino commented 5 days ago

Describe The Problem When I have the Wireguard configured to a network /24 I can create new Peers without issues via WGDashboard web console normally, but when I set the Wireguard Network to /16 it loose the Allowed IP information when creating a new Peer via WGDashboard web console and the web console get unresponsive everytime when I try to create a new Peer. But if I create the Peer via OS and Wireguard level, I can mamange it via WGDashboard web console without issues.

Expected Error / Traceback

The WGDashboard Web console get unresponsive, and I need to reopen it. The WGDashboard services are not affected, I do not need to restart anything, but I cannot create new Peers via WGDashboard Web console.

To Reproduce Access the WGDashboard web console. Click on "wg0" Click on "+" signal

OS Information:

Sample of your .conf file

[Interface]
Address = 10.0.0.1/16
SaveConfig = true
PostUp = iptables -A FORWARD -i eth0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -A FORWARD -i eth0 -j ACCEPT
PostUp = iptables -t nat -A POSTROUTING -o wg0 -j MASQUERADE
PostDown = iptables -D FORWARD -i eth0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
ListenPort = 51820
PrivateKey = ABCD

[Peer]
PublicKey = ABCD
AllowedIPs = 10.0.0.2/32
arnolfoaquino commented 5 days ago

image

donaldzou commented 4 days ago

I think the freeze is caused by the server is trying to generate all the IP address that is available under the subnet. In your case 10.0.0.1/16 will generate around 65,536 IP addresses.. I would recommend to change it to a higher CIDR, something like 10.0.0.1/24

You can reference this table: https://www.freecodecamp.org/news/subnet-cheat-sheet-24-subnet-mask-30-26-27-29-and-other-ip-address-cidr-network-references/

CIDR SUBNET MASK WILDCARD MASK # OF IP ADDRESSES # OF USABLE IP ADDRESSES
/32 255.255.255.255 0.0.0.0 1 1
/31 255.255.255.254 0.0.0.1 2 2*
/30 255.255.255.252 0.0.0.3 4 2
/29 255.255.255.248 0.0.0.7 8 6
/28 255.255.255.240 0.0.0.15 16 14
/27 255.255.255.224 0.0.0.31 32 30
/26 255.255.255.192 0.0.0.63 64 62
/25 255.255.255.128 0.0.0.127 128 126
/24 255.255.255.0 0.0.0.255 256 254
/23 255.255.254.0 0.0.1.255 512 510
/22 255.255.252.0 0.0.3.255 1,024 1,022
/21 255.255.248.0 0.0.7.255 2,048 2,046
/20 255.255.240.0 0.0.15.255 4,096 4,094
/19 255.255.224.0 0.0.31.255 8,192 8,190
/18 255.255.192.0 0.0.63.255 16,384 16,382
/17 255.255.128.0 0.0.127.255 32,768 32,766
/16 255.255.0.0 0.0.255.255 65,536 65,534
/15 255.254.0.0 0.1.255.255 131,072 131,070
/14 255.252.0.0 0.3.255.255 262,144 262,142
/13 255.248.0.0 0.7.255.255 524,288 524,286
/12 255.240.0.0 0.15.255.255 1,048,576 1,048,574
/11 255.224.0.0 0.31.255.255 2,097,152 2,097,150
/10 255.192.0.0 0.63.255.255 4,194,304 4,194,302
/9 255.128.0.0 0.127.255.255 8,388,608 8,388,606
/8 255.0.0.0 0.255.255.255 16,777,216 16,777,214
/7 254.0.0.0 1.255.255.255 33,554,432 33,554,430
/6 252.0.0.0 3.255.255.255 67,108,864 67,108,862
/5 248.0.0.0 7.255.255.255 134,217,728 134,217,726
/4 240.0.0.0 15.255.255.255 268,435,456 268,435,454
/3 224.0.0.0 31.255.255.255 536,870,912 536,870,910
/2 192.0.0.0 63.255.255.255 1,073,741,824 1,073,741,822
/1 128.0.0.0 127.255.255.255 2,147,483,648 2,147,483,646
/0 0.0.0.0 255.255.255.255 4,294,967,296 4,294,967,294
arnolfoaquino commented 4 days ago

Thank you so much @donaldzou I really appreciate it. In my case, if we decide to go with /24, I will need to deploy some Wireguards around our infra, and this kind of scenario can create a messi to our team. This why I am trying to go with /16. I can try to /19 or /20 and check if it will also happen or not. I am going to update this case soon about it.

donaldzou commented 4 days ago

Thank you so much @donaldzou I really appreciate it. In my case, if we decide to go with /24, I will need to deploy some Wireguards around our infra, and this kind of scenario can create a messi to our team. This why I am trying to go with /16. I can try to /19 or /20 and check if it will also happen or not. I am going to update this case soon about it.

No problem ;) If using /16 is really needed for your scenario, theoretically it won't crash in a machine/VM that has tons of ram (i.e 16gigs +.. I think lol) But yeah I do admit it is a design flaw of v3.x of the dashboard. I've already added this issue to my todo list of v4 and will fix it in the next release :)

arnolfoaquino commented 4 days ago

@donaldzou Perfect, just tested with /20 and it has worked, the web console has not freezed. Thank you so much. It should solve our case for now.

donaldzou commented 3 days ago

That's great! I'll keep this open to remind me to fix this issue in the next release ;)