XZG icon indicating copy to clipboard operation
XZG copied to clipboard
verified publisher icon xyzroe

Wireguard AllowedIPs/Allowed Subnet not accepting multiple addresses

Open csprr opened this issue 1 year ago • 5 comments

Describe the bug When trying to add multiple IPs under AllowedIPs, only 1 is accepted

Device information

image

{
  "network-config": {
    "wifiEnbl": false,
    "wifiSsid": "",
    "wifiPass": "",
    "wifiDhcp": true,
    "wifiIp": "::",
    "wifiMask": "255.255.255.0",
    "wifiGate": "::",
    "wifiDns1": "1.1.1.1",
    "wifiDns2": "8.8.8.8",
    "wifiPwr": 78,
    "wifiMode": 1,
    "ethEnbl": true,
    "ethDhcp": true,
    "ethIp": "::",
    "ethMask": "255.255.255.0",
    "ethGate": "::",
    "ethDns1": "1.1.1.1",
    "ethDns2": "8.8.8.8"
  },
  "vpn-config": {
    "wgEnable": true,
    "wgLocalIP": "10.99.99.90",
    "wgLocalSubnet": "255.255.255.255",
    "wgLocalPort": <removed>,
    "wgLocalGateway": "10.99.99.99",
    "wgLocalPrivKey": "<removed>",
    "wgEndAddr": "<removed>",
    "wgEndPubKey": "<removed>",
    "wgEndPort": <removed>,
    "wgAllowedIP": "10.99.99.99",
    "wgAllowedMask": "255.255.255.255",
    "wgMakeDefault": true,
    "wgPreSharedKey": "",
    "hnEnable": false,
    "hnJoinCode": "",
    "hnHostName": "XZG-FA65",
    "hnDashUrl": "default"
  },
  "mqtt-config": {
    "enable": true,
    "server": "<removed>",
    "port": <removed>,
    "user": "<removed>",
    "pass": "<removed>",
    "topic": "<removed>",
    "updateInt": 30,
    "discovery": true,
    "reconnectInt": 30
  },
  "system-config": {
    "disableWeb": false,
    "webAuth": true,
    "webUser": "<removed>",
    "webPass": "<removed>",
    "fwEnabled": true,
    "fwIp": "<removed>",
    "serialSpeed": 115200,
    "socketPort": <removed>,
    "tempOffset": 20,
    "disableLedUSB": false,
    "disableLedPwr": false,
    "refreshLogs": 1,
    "hostname": "<removed>",
    "timeZone": "Europe/Amsterdam",
    "ntpServ1": "pool.ntp.org",
    "ntpServ2": "time.google.com",
    "nightMode": false,
    "startHour": "23:00",
    "endHour": "07:00",
    "workMode": 0,
    "zbRole": 1,
    "zbFw": "20240710",
    "updHour": "01:00",
    "updDays": "*",
    "autoIns": false
  }
}

To Reproduce Steps to reproduce the behavior:

  1. Go to 'VPN'
  2. Insert all details
  3. Insert as AllowedIPs: 10.99.99.99,10.99.99.98
  4. Insert as Allowed Subnet: 255.255.255.255,255.255.255.255
  5. Press Save
  6. Restart
  7. See AllowedIPs being 10.99.99.99 and Subnet 255.255.255.255, the 2nd one is completely missing

Expected behavior Expected to have access to multiple AllowedIPs, but can only have a single one.

Screenshots

  • Before save: image
  • After save: image

Additional context

  • None

csprr avatar Dec 12 '24 03:12 csprr

you must read about IP addres and network mask. using both of them allows you to define addresses pull.

xyzroe avatar Dec 12 '24 11:12 xyzroe

ex. https://www.calculator.net/ip-subnet-calculator.html?cclass=any&csubnet=30&cip=10.99.99.96&ctype=ipv4&x=Calculate

xyzroe avatar Dec 12 '24 11:12 xyzroe

Unfortunately I used the wrong examples and the addresses I am using are in different subnets and can therefore not be specified, since it only accepts 1 address as input.

csprr avatar Dec 12 '24 12:12 csprr

Ok. So it's impossible to make this using the current WireGuard library.

I think you could setup IP filtering on your WireGuard server, and on the client just allow 0.0.0.0

xyzroe avatar Dec 13 '24 08:12 xyzroe

Alright, I should be able to work my way around with that maybe, thank you for the clarification. The configuration page should be modified though, as this currently states that a comma separated list is accepted; https://xzg.xyzroe.cc/VPN/#wireguard-interface-settings

csprr avatar Dec 13 '24 08:12 csprr