nemesifier
commented
1 year ago What is the resulting config after having applied the template?
Closed momothefox closed 1 year ago
nemesifier
commented
1 year ago What is the resulting config after having applied the template?
momothefox
commented
1 year ago What is the resulting config after having applied the template?
network.wgpeer_wg0=wireguard_wg0
network.wgpeer_wg0.endpoint_host='domain.com'
network.wgpeer_wg0.persistent_keepalive='25'
network.wgpeer_wg0.public_key='key'
network.wgpeer_wg0.route_allowed_ips='1'
network.wgpeer_wg0.endpoint_port='51820'
network.wgpeer_wg0.allowed_ips='10.20.0.1/16'
network.wg0=interface
network.wg0.dns='1.1.1.1'
network.wg0.force_link='1'
network.wg0.listen_port='51821'
network.wg0.mtu='1280'
network.wg0.nohostroute='0'
network.wg0.private_key='key'
network.wg0.proto='wireguard'
network.wg0.addresses='10.20.0.22/32'
network.wg0.addresses='10.20.0.22/32' is the culprit, what's in OpenWISP?
momothefox
commented
1 year ago
network.wg0.addresses='10.20.0.22/32'is the culprit, what's in OpenWISP?
JSON
"address": "{{ip_address_xxxxxxxxxxxxxxxxxxxxxxx}}",
Preview Configurations
list addresses '{{ip_address_xxxxxxxxxxxc650b358903}}/16'
nemesifier
commented
1 year ago Does the entire interface JSON look like:
{
"interfaces": [
{
"name": "wg0"
"type": "wireguard",
"private_key": "{{pvt_key_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx}}",
"port": 51821,
"mtu": 1280,
"nohostroute": false,
"fwmark": "",
"ip6prefix": [],
"addresses": [
{
"proto": "static",
"family": "ipv4",
"address": "{{ip_address_xxxxxxxxxxxxxxxxxxxxxxx}}",
"mask": 16
}
]
}
]
}This looks good to me! If this doesn't work double check the OpenWrt logs.
However, this config should generate network.wg0.addresses='10.20.0.22/16', if it doesn't there's a problem somewhere, however, I cannot replicate this in OpenWISP, for example, I have the following in an instance:
{
"interfaces": [
{
"type": "wireguard",
"private_key": "{{pvt_key_<UUID>}}",
"port": 51820,
"mtu": 1420,
"nohostroute": false,
"fwmark": "",
"ip6prefix": [],
"addresses": [
{
"proto": "static",
"family": "ipv4",
"address": "{{ip_address_<UUID>}}",
"mask": 16
}
],
"name": "wg0",
"network": ""
}
],
"wireguard_peers": [
{
"interface": "wg0",
"public_key": "{{public_key_<UUID>}}",
"allowed_ips": [
"{{server_ip_address_<UUID>}}/16"
],
"endpoint_host": "{{vpn_host_<UUID>}}",
"endpoint_port": 51820,
"preshared_key": "",
"persistent_keepalive": 60,
"route_allowed_ips": true
}
]
}Which generates:
package network
config interface 'wg0'
list addresses '172.16.0.2/16'
option listen_port '51820'
option mtu '1420'
option nohostroute '0'
option private_key '*********'
option proto 'wireguard'
config wireguard_wg0 'wgpeer_wg0'
list allowed_ips '172.16.0.1/16'
option endpoint_host '******************'
option endpoint_port '51820'
option persistent_keepalive '60'
option public_key '*************'
option route_allowed_ips '1'Which is fine. At this point I first would try to ensure OpenWISP generates the expected conf, then look whether once the conf is applied matches what OpenWISP generates and then I would look at the system logs (logread).
momothefox
commented
1 year ago let us talk about this > '{{ip_address_xxxxxxxxxxxc650b358903}}/16'
i think openwisp is pushing the configuration like this
"address": "{{ip_address_xxxxxxxxxxxxxxxxxxxxxxx}}", /16
While the ip address value is already 10.20.0.22/32 so when it puts/16 after /32 therefor, it does make sense,
and somehow it is sent to openwrt like that 10.20.0.22/32
nemesifier
commented
1 year ago @momothefox I am not understanding your last message very well. I recommend sharing a full interface configuration (JSON and generated UCI).
momothefox
commented
1 year ago @nemesisdesign it is already here
{
"interfaces": [
{
"type": "wireguard",
"private_key": "{{pvt_key_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx}}",
"port": 51821,
"mtu": 1280,
"nohostroute": false,
"fwmark": "",
"ip6prefix": [],
"addresses": [
{
"proto": "static",
"family": "ipv4",
"address": "{{ip_address_xxxxxxxxxxxxxxxxxxxxxxx}}",
"mask": 16
}
],
"name": "wg0",
"network": "",
"dns": "1.1.1.1",
"force_link": true
}
],
"wireguard_peers": [
{
"interface": "wg0",
"public_key": "{{public_key_xxxxxxxxxxxxxxxxxxxxxxxxx}}",
"allowed_ips": [
"10.20.0.0/16"
],
"endpoint_host": "{{vpn_host_xxxxxxxxxxxxxxxxxxxxxxx}}",
"endpoint_port": 51820,
"preshared_key": "",
"persistent_keepalive": 25,
"route_allowed_ips": true
}
]
}{
"interfaces": [
{
"type": "wireguard",
"private_key": "{{pvt_key_<UUID>}}",
"port": 51820,
"mtu": 1420,
"nohostroute": false,
"fwmark": "",
"ip6prefix": [],
"addresses": [
{
"proto": "static",
"family": "ipv4",
"address": "{{ip_address_<UUID>}}",
"mask": 16
}
],
"name": "wg0",
"network": ""
}
],
"wireguard_peers": [
{
"interface": "wg0",
"public_key": "{{public_key_<UUID>}}",
"allowed_ips": [
"{{server_ip_address_<UUID>}}/16"
],
"endpoint_host": "{{vpn_host_<UUID>}}",
"endpoint_port": 51820,
"preshared_key": "",
"persistent_keepalive": 60,
"route_allowed_ips": true
}
]
}
for the past 2 weeks i have been trying to setup wireguard to work. as this is my 1st experience with setting up vpn and dealing with iptables, i took my time.
for openwisp the idea of auto provisioning is realy great.
but i had several issues with applying configuration. so i will try to post them clearly in separated issues reports.
long story short,
raw JSON
this is the setting for the template. client should get ip with 255.255.0.0 subnet.
but this is the current client config
checking preview config option on openwisp shows
network.wg0.addresses='10.20.0.22/32'should be"mask": 16checking out other clients found out that some clients got the the correct mask and other got /32 mask.
so there is some thing there.
i think it is related to system defined variables server_ip_address_10.20.0.1 server_ipnetwork 10.20.0.1/32
on the server cli