Setting vpn.cidr in configuration has no effect
PeeterTomusk opened this issue · 1 comments
Setting the WireGuard CIDR via the configuration file is not possible / ignored.
1. The happy path - setting the WG_VPN_CIDR environment variable:
tail -4 config.yml
loglevel: debug
vpn.allowedIPs: "0.0.0.0/0"
docker run --rm --net=host --cap-add NET_ADMIN --device /dev/net/tun:/dev/net/tun -v `pwd`:/data -e "WG_CONFIG=/data/config.yml" -e "WG_VPN_CIDR=10.9.8.0/24" place1/wg-access-server:latest
time="2021-04-06T12:01:12Z" level=info msg="starting wireguard server on 0.0.0.0:51820" file="main.go:85"
time="2021-04-06T12:01:12Z" level=debug msg="set interface up" file="iface_linux.go:25"
time="2021-04-06T12:01:12Z" level=info msg="wireguard VPN network is 10.9.8.0/24" file="main.go:99"
time="2021-04-06T12:01:12Z" level=info msg="starting dns server on 0.0.0.0:53 with upstreams: 10.9.0.2" file="server.go:33"
time="2021-04-06T12:01:12Z" level=info msg="storing data in SQL backend sqlite3" file="contracts.go:73"
time="2021-04-06T12:01:12Z" level=debug msg="SELECT * FROM \"devices\" " file="sql.go:32" module=gorm rows=1 src_ref="/code/internal/storage/sql.go:156" type=sql values="[]"
time="2021-04-06T12:01:12Z" level=debug msg="found 1 device(s)" file="sql.go:159"
time="2021-04-06T12:01:12Z" level=debug msg="metadata sync executing" file="metadata.go:18"
time="2021-04-06T12:01:13Z" level=info msg="serving website from ./website/build" file="website_router.go:37"
time="2021-04-06T12:01:13Z" level=info msg="web ui listening on 0.0.0.0:8000" file="main.go:180"
2. Failure with full configuration item path in config:
tail -4 config.yml
loglevel: debug
vpn.allowedIPs: "0.0.0.0/0"
vpn.cidr: "10.9.8.0/24"
docker run --rm --net=host --cap-add NET_ADMIN --device /dev/net/tun:/dev/net/tun -v `pwd`:/data -e "WG_CONFIG=/data/config.yml" place1/wg-access-server:latest
time="2021-04-06T12:04:14Z" level=info msg="starting wireguard server on 0.0.0.0:51820" file="main.go:85"
time="2021-04-06T12:04:14Z" level=debug msg="set interface up" file="iface_linux.go:25"
time="2021-04-06T12:04:14Z" level=info msg="wireguard VPN network is 10.44.0.0/24" file="main.go:99"
time="2021-04-06T12:04:14Z" level=info msg="starting dns server on 0.0.0.0:53 with upstreams: 10.9.0.2" file="server.go:33"
time="2021-04-06T12:04:14Z" level=info msg="storing data in SQL backend sqlite3" file="contracts.go:73"
time="2021-04-06T12:04:14Z" level=debug msg="SELECT * FROM \"devices\" " file="sql.go:32" module=gorm rows=1 src_ref="/code/internal/storage/sql.go:156" type=sql values="[]"
time="2021-04-06T12:04:14Z" level=debug msg="found 1 device(s)" file="sql.go:159"
time="2021-04-06T12:04:14Z" level=debug msg="metadata sync executing" file="metadata.go:18"
time="2021-04-06T12:04:15Z" level=info msg="serving website from ./website/build" file="website_router.go:37"
time="2021-04-06T12:04:15Z" level=info msg="web ui listening on 0.0.0.0:8000" file="main.go:180"
Note the 'wireguard VPN network is 10.44.0.0/24' in the log vs the 'vpn.cidr: "10.9.8.0/24"' in config.yml
(doesn't matter if the value is quoted or not in the config)
3. Nested configuration in config:
tail -4 config.yml
loglevel: debug
vpn:
allowedIPs: "0.0.0.0/0"
cidr: "10.9.8.0/24"
docker run --rm --net=host --cap-add NET_ADMIN --device /dev/net/tun:/dev/net/tun -v `pwd`:/data -e "WG_CONFIG=/data/config.yml" place1/wg-access-server:latest
time="2021-04-06T12:10:38Z" level=fatal msg="failed to bind configuration file: yaml: unmarshal errors:\n line 29: cannot unmarshal !!str `0.0.0.0/0` into []string" file="main.go:190"
(doesn't matter if either of the values is quoted or in which order)
- Failure with full configuration item path in config:
vpn.allowedIPs: ...is not the same as
vpn:
allowedIPs: ...The first one configures a key with the name dns.upstream, the second one configures a key upstream which is child of another key dns. Only the second one is correct.
- Nested configuration in config:
allowedIPs is supposed to be an array., the config documentation is misleading there.
Try:
loglevel: debug
vpn:
allowedIPs:
- 0.0.0.0/0
cidr: "10.9.8.0/24"