Multiple interfaces and servers?

[tromlet]

Hi!

So it looks like we've got our configuration now running very stably, very swimmingly - but it LOOKS like, from the interface, I can create AND manage multiple WireGuard servers/interfaces. Trouble is, it doesn't seem like I can do that - I've created wg1 and wg2 interfaces with the intent of segregating users and their access to our internal resources, but I don't get any kind of a management UI below the wg0 one. I just get an error: "The server interface or ip wg1 already exists in the database".

EDIT 2019 on 12 February 2021:

When I try, I get nothing in the Gunicorn error log, and the following in the access log: 192.168.1.254:0 - "POST /api/v1/server/add HTTP/1.1" 400

[tromlet]

I (sort of) figured this out:

I don't exactly know what was going on, but I figured that since @perara never mentioned the ELRepo's pre-built Wireguard binary (kmod-wireguard in CentOS 7-speak) in the README, that I'd give either wireguard-dkms or the kernel module a try.

I opted for the kernel module, blew up my database (rm -rf /opt/wg-manager/wg_dashboard_backend/database.db), restarted my wg-manager service, and gave it a whirl. It now seems to work great, at the very least, multiple server interfaces do appear to be showing up. I will be doing some further testing on this, and I plan to add some comments later on as to some good iptables rules.

Shout-out to @perara - you've definitely got the lead contender for web-based WireGuard management interfaces thus far. It's a little finicky to set up, and if I could ask for one thing, it'd be some more verbose logging of what's going on on the inside of the backend there, but otherwise this is excellent. I would be delighted to help the community in any way that I can - I'm not much of a Python coder, but I can learn, but my real talent is in documentation! I'd be happy to draw up another bare-metal install guide! By golly we'll get this thing up and working for our obtuse network yet!

EDIT: It DOES seem to have some trouble doing it on the fly, if I don't refresh the page I can't easily add, delete, and then re-add consecutive wgX interfaces.

[tromlet]

Hmm. I seem to be having trouble creating a third interface.

EDIT:

I'm able to create TWO interfaces, but not a third or a fourth. I get that same HTTP 400 error in the logs, and the same "The server interface or ip wg2 already exists in the database" error message - but when I check the database, there is no wg2 interface in the server table, nor is there a wg3 interface listed when I perform a wg showcommand on the terminal. This issue persists through a restart of the service, as well.

EDIT AGAIN:

I went ahead and manually added a row with my desired settings to the database, and restarted the server. That seems to have worked, but shoot is that cumbersome, and it seems like something the UI should do natively, so I'm leaving this open. I will test with live clients tomorrow.

EDIT "TOMORROW":

Live clients connect via this method. Again, cumbersome, but works - I can verify connectivity between the VPN server and clients via the wg show command, and tunnels are being established. Now, I can't actually CONNECT to anything through most of those tunnels, but my troubleshooting suggests that this is a firewall / routing issue on our end, and not a problem with WG-Manager.

[alexlii1971]

Same issue.

I imported server wg0.conf configuration of other servers, and also add keys, the "add server" button is active, but there is no response after click, and it will show the name of new server is already exit no matter what is the name.

[tromlet]

I will update this to add that, yes, updating the database manually via the command line or through a database manager such as DBeaver (I was actually doing it via the command line which was needlessly arduous but I guess I'm a sucker for punishment) works just fine, and we've cleaned up our iptables and hardware firewall issues enough to allow connectivity to most all of our production environment through WireGuard.

This DOES work, but it is pretty unclean, and is clearly a bug with the web-facing side of the application (which is... the point of the application).

[perara]

Hi, Sorry for being on the inactive side of things these days. Im up to my ears in finishing up my PhD thesis so hobby projects like this gets, lets say down priorized..

However i keep an eye out for any contributions. I agree on the point of logging, currently theres is very little of that going around.

Ill see if i manage to reproduce the bug with multiple interfaces. Generally i have not seen this behavior, but surely this is probably something ive missed.

In general, i hope to get up unit tests to keep stuff like this working. Some of the stuff internally is, to put it nicely, garbage, so eventually I hope to better integrate with the wg api

[mvargasevans]

Hi everyone, First off, congratulations @perara for such a great project - really the leading Wireguard UI out there. Investigating this issue, I found out that the problem ocurrs when trying to create an endpoint that uses already existing data. Try using completely new interface name, port and IP addresses (IPv4 and IPv6). If you look in detail to the database implementation, you will see that all these fields are marked as unique, thus the reason for the system to reject new endpoints.

[tromlet]

Very cool find, @mvargasevans, I should've caught that in my DBeavering around the database, but I absolutely never did. Been running this for a little over a year in production, though, and it's been very stable and has handled updates exceptionally well, and it does a really nice job for us. I'm working on a million other projects but, hopefully, as things cool down at work, maybe I could get my hands dirty and look at some of the code - this seems like a fun and educational project!

[perara]

Hi, im actually working on improving some of these issues that had been reported recently.

The largest change is towards better Wg integration with creating devices manually and setting up iptwbles manually.

Also fixing quirks like this..

Ill push the update to dev when its ready, however, i need to ensure that i dont break everything:)

[PizzaProgram]

Is this multi-interface handling fixed?

I would need to create 100+ of them, and +1 master-group for myself to reach all clients of all the sub-groups. (to reach small organisations = pizzerias)

• Is this manager suitable for that ?

Thanks!