Wireguard Setup: error when saving peer config

JeGr

/vpn_wg_edit.php: XML error: XML_ERR_NAME_REQUIRED at line 14425 in /conf/config.xml

On my test setup, I can create the tunnel and save it. That works. But adding a peer fails every time and creates XML errors with pfSense rolling back configuration like above.

Any hint what didn't get populated? I entered every field in the peer section (without peer routed networks) and entered 0.0.0.0/0 in allowed IPs like the new doc states.

dennis_s

@jegr Our guys were seeing the same in testing. The description there isn't the exact same, but the root cause is believed to be the same.

JeGr

@dennis_s said in Wireguard Setup: error when saving peer config:

@jegr Our guys were seeing the same in testing. The description there isn't the exact same, but the root cause is believed to be the same.

any possibility to cherry pick the changes via system patches? or do we have to wait for the next snapshot for peers to work? :)

dennis_s

@jegr Should already be fixed in the latest snap available now

JeGr

@dennis_s said in Wireguard Setup: error when saving peer config:

@jegr Should already be fixed in the latest snap available now

huh... let me check that. Pity the peer system is hard to reboot - patching would've been easier ;)

JeGr

@dennis_s said in Wireguard Setup: error when saving peer config:

@jegr Should already be fixed in the latest snap available now

just checked, no newer snapshot available currently then the one installed that has that problem.

dennis_s

@jegr checking

dennis_s

@dennis_s I was mistaken, not a snap yet. It's still being worked on.

JeGr

@dennis_s said in Wireguard Setup: error when saving peer config:

@dennis_s I was mistaken, not a snap yet. It's still being worked on.

Ah alright. Sad then but when ready perhaps I can test with the appropriate GIT commit via system patches. :)

stephenw10

Yeah you should be able to test that with this:
https://github.com/pfsense/pfsense/commit/55da9aef7c091141e29fdb74c36991dc92c56aa7

If you do be sure to also grab this:
https://github.com/pfsense/pfsense/commit/e564dbd64cc818bd5e751dbeaef8b00f1c0f9ed7
Otherwise it will not reboot correctly.

Or just wait for tomorrows snapshot.

Steve

JeGr

@stephenw10 the second one can't be applied or patched into that snapshot so I think no patching possible but waiting for the next snapshot

/usr/bin/patch --directory=/ -t -p2 -i /var/patches/6009707dd06f2.patch --check --forward --ignore-whitespace

Hmm...  Looks like a unified diff to me...
The text leading up to this was:
--------------------------
|From e564dbd64cc818bd5e751dbeaef8b00f1c0f9ed7 Mon Sep 17 00:00:00 2001
|From: Steve Beaver 
|Date: Wed, 20 Jan 2021 19:18:40 -0500
|Subject: [PATCH] Add ^wg to list of interface mimatch types
|
|---
| src/etc/inc/util.inc | 2 +-
| 1 file changed, 1 insertion(+), 1 deletion(-)
|
|diff --git a/src/etc/inc/util.inc b/src/etc/inc/util.inc
|index 6eafc760ad3..cd75becbeef 100644
|--- a/src/etc/inc/util.inc
|+++ b/src/etc/inc/util.inc
--------------------------
Patching file etc/inc/util.inc using Plan A...
Hunk #1 failed at 2360.
1 out of 1 hunks failed while patching etc/inc/util.inc
done

stephenw10

If you're just testing now (in the current snapshot) it should be in there already.

You can check /etc/inc/util.inc on line 2363. Should include ^wg.

Steve