Page MenuHomePhabricator

validation logic in `interfaces wireguard wgX address x.x.x.x broken
Closed, ResolvedPublicBUG


The validation logic in interfaces wireguard wgX address x.x.x.x is broken for /31 networks where it doesn't accept the "broadcast address", which is valid in this case.

# set interfaces wireguard wg0 address

  Invalid value
  Value validation failed
  Set failed


Difficulty level
Unknown (require assessment)
`1.2.0-rc1` and `1.2.0-rolling+201810090337`
Why the issue appeared?
Will be filled on close
afics created this task.Oct 9 2018, 7:15 PM
afics updated the task description. (Show Details)
syncer triaged this task as Normal priority.
hagbard claimed this task.Oct 10 2018, 3:24 PM

Was this by any chance merged to RC3 or will it first arrive in RC4 ?

syncer added a subscriber: syncer.Oct 16 2018, 5:53 PM

should be in rc3

This is still not added to rc3 and rc4 same error

fma@pe2# set interfaces wireguard wg0 address 
fma@pe2# set interfaces wireguard wg0 peer skywall pubkey '*********************************='
fma@pe2# set interfaces wireguard wg0 peer skywall endpoint 85.*.*.*:12345
fma@pe2# set interfaces wireguard wg0 peer skywall persistent-keepalive 1500
fma@pe2# set interfaces wireguard wg0 peer skywall allowed-ips
fma@pe2# comp
[edit interfaces]
+wireguard wg0 {
+    address
+    peer skywall {
+        allowed-ips
+        endpoint 85.*.*.*:12345
+        persistent-keepalive 1500
+        pubkey *********************************=
+    }
fma@pe2# commit
[ interfaces wireguard wg0 ]
Can't set IP on wg0

[[interfaces wireguard wg0]] failed
Commit failed
fma@pe2# run show ver
Version:          VyOS 1.2.0-rc4
Built by:
Built on:         Thu 25 Oct 2018 12:11 UTC
Build ID:         fc6f1379-a062-4381-b9fe-30ba45ee22bd

Architecture:     x86_64
Boot via:         installed image
System type:      KVM guest

Hardware vendor:  QEMU
Hardware model:   Standard PC (i440FX + PIIX, 1996)
Hardware S/N:     Unknown
Hardware UUID:    Unknown

Copyright:        VyOS maintainers and contributors
hagbard added a comment.EditedOct 26 2018, 9:57 PM

I'll remove the ip-host validator from the wireguard tree, it causes a few issues if the network name is picked as address. e.g.

Thanks hagbard!
I was litterally pulling my hair out over the error cause i have seen wireguard work in all its glory.
If i want to apply the patch on my own are there any resources i should use or is it simply a dpkg install ?

You can download it to your route and the just do a dpkg -i wireguard....deb.