the client config used by openwrt has something wrong
Closed this issue · 3 comments
root@racknerd-4afe10:~/wg# cat wgclient_wghub.uci.txt
# 10: wghub > wgclient_wghub.uci.txt
config interface 'wg0'
option proto 'wireguard'
option listen_port '28894' //this port should be in peer section! the server side's port
list addresses '10.x.x.x/24'
list addresses '2001:470:x:x:1::10/112'
list dns '1.1.1.1'
list dns '2606:4700:4700::1111'
option private_key ''
config wireguard_wg0
option allowed_ips '0.0.0.0/0' //this should be list allow_ips........
option route_allowed_ips '1'
option endpoint_host 'x.x.x.x'
option endpoint_port '28894' //this is correct
option persistent_keepalive '25'
option public_key ''
option preshared_key ''
option listen_port '28894' //this port should be in peer section! the server side's port
This makes the client listen on that port. It's perfectly fine in that part of the configuration. It doesn't belong to the pear configuration. Do you think it could be skipped?
option allowed_ips '0.0.0.0/0' //this should be list allow_ips
Yes, this is a bug and needs to be fixed. Thank you for catching that!
Looks like option listen_port
is not required for peers. I will remove it.
and another question, do you noticed the rout table's difference between wg-quick and openwrt?
the openwrt add ::/0 and 0.0.0.0/0 all to main table, unlike wg-quick ,which uses ip rule, create table 51820 and make label to ip package. this is clear for me.
so I am puzzled with openwrt, the original rout table
root@OpenWrt:~# ip -4 route show table main
default via 192.168.1.1 dev eth0.2 proto static src 192.168.1.181
172.16.0.0/16 dev br-lan proto kernel scope link src 172.16.0.1
192.168.1.0/24 dev eth0.2 proto kernel scope link src 192.168.1.181
if unlike wg-quick, ip rule label package, and ip route to using specific route, just add 0.0.0.0/0 to main table,
does "default via 192.168.1.1 dev eth0.2 proto static src 192.168.1.181" be replaced by "default dev wg0" after start wg0?because they are both in main table.
if replaced, the wireguard server's real ip will go through wg0, it is a cycle. so I'm confused:)