Wireguard AllowedIPs/Allowed Subnet not accepting multiple addresses

Question

Wireguard AllowedIPs/Allowed Subnet not accepting multiple addresses

Opened this issue a month ago · 5 comments

Describe the bug
When trying to add multiple IPs under AllowedIPs, only 1 is accepted

Device information

{
  "network-config": {
    "wifiEnbl": false,
    "wifiSsid": "",
    "wifiPass": "",
    "wifiDhcp": true,
    "wifiIp": "::",
    "wifiMask": "255.255.255.0",
    "wifiGate": "::",
    "wifiDns1": "1.1.1.1",
    "wifiDns2": "8.8.8.8",
    "wifiPwr": 78,
    "wifiMode": 1,
    "ethEnbl": true,
    "ethDhcp": true,
    "ethIp": "::",
    "ethMask": "255.255.255.0",
    "ethGate": "::",
    "ethDns1": "1.1.1.1",
    "ethDns2": "8.8.8.8"
  },
  "vpn-config": {
    "wgEnable": true,
    "wgLocalIP": "10.99.99.90",
    "wgLocalSubnet": "255.255.255.255",
    "wgLocalPort": <removed>,
    "wgLocalGateway": "10.99.99.99",
    "wgLocalPrivKey": "<removed>",
    "wgEndAddr": "<removed>",
    "wgEndPubKey": "<removed>",
    "wgEndPort": <removed>,
    "wgAllowedIP": "10.99.99.99",
    "wgAllowedMask": "255.255.255.255",
    "wgMakeDefault": true,
    "wgPreSharedKey": "",
    "hnEnable": false,
    "hnJoinCode": "",
    "hnHostName": "XZG-FA65",
    "hnDashUrl": "default"
  },
  "mqtt-config": {
    "enable": true,
    "server": "<removed>",
    "port": <removed>,
    "user": "<removed>",
    "pass": "<removed>",
    "topic": "<removed>",
    "updateInt": 30,
    "discovery": true,
    "reconnectInt": 30
  },
  "system-config": {
    "disableWeb": false,
    "webAuth": true,
    "webUser": "<removed>",
    "webPass": "<removed>",
    "fwEnabled": true,
    "fwIp": "<removed>",
    "serialSpeed": 115200,
    "socketPort": <removed>,
    "tempOffset": 20,
    "disableLedUSB": false,
    "disableLedPwr": false,
    "refreshLogs": 1,
    "hostname": "<removed>",
    "timeZone": "Europe/Amsterdam",
    "ntpServ1": "pool.ntp.org",
    "ntpServ2": "time.google.com",
    "nightMode": false,
    "startHour": "23:00",
    "endHour": "07:00",
    "workMode": 0,
    "zbRole": 1,
    "zbFw": "20240710",
    "updHour": "01:00",
    "updDays": "*",
    "autoIns": false
  }
}

To Reproduce
Steps to reproduce the behavior:

Go to 'VPN'
Insert all details
Insert as AllowedIPs: 10.99.99.99,10.99.99.98
Insert as Allowed Subnet: 255.255.255.255,255.255.255.255
Press Save
Restart
See AllowedIPs being 10.99.99.99 and Subnet 255.255.255.255, the 2nd one is completely missing

Expected behavior
Expected to have access to multiple AllowedIPs, but can only have a single one.

Screenshots

Before save:
After save:

Additional context

None

Answer 1 · 2024-12-12T11:51:23.000Z

you must read about IP addres and network mask. using both of them allows you to define addresses pull.

Answer 2 · 2024-12-12T11:55:06.000Z

ex. https://www.calculator.net/ip-subnet-calculator.html?cclass=any&csubnet=30&cip=10.99.99.96&ctype=ipv4&x=Calculate

Answer 3 · 2024-12-12T12:12:20.000Z

Unfortunately I used the wrong examples and the addresses I am using are in different subnets and can therefore not be specified, since it only accepts 1 address as input.

Answer 4 · 2024-12-13T08:40:51.000Z

Ok. So it's impossible to make this using the current WireGuard library.

I think you could setup IP filtering on your WireGuard server, and on the client just allow 0.0.0.0

Answer 5 · 2024-12-13T08:43:54.000Z

Alright, I should be able to work my way around with that maybe, thank you for the clarification.
The configuration page should be modified though, as this currently states that a comma separated list is accepted; https://xzg.xyzroe.cc/VPN/#wireguard-interface-settings