Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Bug in wireguard Package Addon config found, when generating wireguard config

    Scheduled Pinned Locked Moved pfSense Packages
    2 Posts 1 Posters 1.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • 4
      4920441 0
      last edited by

      Hi,

      I am not sure if it is a bug or a feature...

      When I configure an individual "AllowedIPs" directive on each wireguard peer,
      everything works as expected and a "wg showconf tun_wg0" shows me the correct Allowed IPs are correctly configured:

      wg showconf tun_wg0

[Interface]
ListenPort = 51820
PrivateKey = xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx=

[Peer]
PublicKey = xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx=
AllowedIPs = 192.168.0.0/16
Endpoint = 12.34.22.22:24135
PersistentKeepalive = 3

[Peer]
PublicKey = 22222222222222222222222222222222222222222222
AllowedIPs = 10.2.3.0/24
PersistentKeepalive = 4

[Peer]
PublicKey = 33333333333333333333333333333333333333333333
AllowedIPs = 0.0.0.0/0
PersistentKeepalive = 5

      BUT, when I allow 0.0.0.0/0 on EVERY peer or on more than one peer the same AllowedIPs
      Only the last peer in the config gets the right AllowedIPs config...

      wg showconf tun_wg0
[Interface]
ListenPort = 51820
PrivateKey = xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

[Peer]
PublicKey = xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Endpoint = 12.123.123.12:15235
PersistentKeepalive = 3

[Peer]
PublicKey = xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
PersistentKeepalive = 4

[Peer]
PublicKey = xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
AllowedIPs = 10.0.0.0/8, 192.168.0.0/16, 0.0.0.0/0
PersistentKeepalive = 5

      All AllowedIPs are only on the LAST peer and not (also) on the first and second peer....

      Seems to be a bug, I think.

      needless to say that only one peer is working flawlessly with this config..

      Cheers

      4920441

      4 1 Reply Last reply Reply Quote 0
      • 4
        4920441 0 @4920441 0
        last edited by

        @4920441-0

        If anyone is asking why this is a problem:

        I try to configure three tunnels which should connect 4 OSPF routers with each other....

        For the first tunnel I could allow 224.0.0.0/6 but what should I do with the other tunnels?

        Thanks a lot..

        Cheers

        4920441

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.