Menu
What's new
By:
Filters Better Search

Bugs in WireGuard config UI

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Wallifur

Wallifur

New Around Here
I set up WireGuard VPN server on the router but encountered a few issues that I thought @RMerlin might care about:
  • I changed the VPN subnet to a /24 in the 172.16.0.0/12 range, as it's visually distinct from those I typically connect to in 10.0.0.0/8 and 192.168.0.0/16. However, when adding a client peer, the suggested settings for addresses use values from the default 10.6.0.0/24 range, which are both incorrect and hidden in that expando. It would be great if the values were derived from the main subnet setting.
  • When adding a client peer, I saw no option to enter my own public key. I assume this means peers' private keys are always stored on the router, which somewhat defeats the purpose of public key cryptography. I understand the convenience, but ideally it would generate peer keys only if not provided, and remain editable after that anyway.
  • Under the server's Advanced Settings, the text of the server's public key is unselectable. The private key is, too, but that's usually not needed. On desktop it can at least be copied using a browser's dev tools, on mobile it's basically impossible.
I didn't think these would be specific to my device (AX56U).

Thanks for all your good work. It's breathed a bit more life into my aging hardware, and it was great not having to reconfigure everything when switching to your firmware.
 
The WireGuard implementation comes from Asus. Due to the size of this project and being the sole developer, I have to prioritize things. VPN-wise my focus is solely on OpenVPN, so any implementation change in WireGuard would have to come from Asus or a contributed patch. The fact that client keys can only be auto-generated by the router is a known limitation of their implementation, but I simply lack the time to look at possibly improving on this - it's been on my list of things to look into for over two years now...

I can take a look at why the webui doesn't let copy/paste the key. Copy/paste is currently blocked through the entire panel, I will need to check if it's possible to change that or if it's inherent to Asus' design of that panel.
 
Wallifur said:
  • When adding a client peer, I saw no option to enter my own public key. I assume this means peers' private keys are always stored on the router, which somewhat defeats the purpose of public key cryptography. I understand the convenience, but ideally it would generate peer keys only if not provided, and remain editable after that anyway.
  • Under the server's Advanced Settings, the text of the server's public key is unselectable. The private key is, too, but that's usually not needed. On desktop it can at least be copied using a browser's dev tools, on mobile it's basically impossible.
Click to expand...
Even though the GUI has some limitations, it's still possible to change the keys via SSH: https://www.snbforums.com/threads/wireguard-server-tweaks.85758/post-852124
 
You must log in or register to reply here.

Similar threads

H
WireGuard Server Clients Allowed IPs Not Getting Set
Replies
2
Views
893
ZebMcKayhan
Z
Z
Tutorial Wireguard server tweaks
2 3
Replies
51
Views
6K
doczenith1
doczenith1
gil80
Setting up a cloud instance with WireGuard VPN & Pihole (help)
Replies
0
Views
3K
gil80
gil80
1
OpenVPN iOS: Server poll timeout / Strange connection behavior
Replies
13
Views
4K
1h0dl3r
1
C
Set Up L2TP Ipsec VPN client for asus RT-AC86U in Ubuntu
Replies
0
Views
4K
camulodunum
C
Similar threads
Thread starter Title Forum Replies Date
K RT-AX-88U asus-merlin 388.6_2 bugs on static IP and custom DDNS Asuswrt-Merlin 5
U High CPU usage after turning off Wireguard/VPN Asuswrt-Merlin 2
Márton Bacsó Solved AX86U & 2 wireguard connections Asuswrt-Merlin 2
fanasus Wireguard leaking IP Asuswrt-Merlin 2
L Wireguard with vpn director rules disable hardware acceleration? Asuswrt-Merlin 10
A Upgraded Ac86u to 386.13_2 and cannot find wireguard Asuswrt-Merlin 2
T Wireguard VPN Disable IPV6 Asuswrt-Merlin 0
S Guide Wireguard-portforwarding Asuswrt-Merlin 13
D Solved Samba, LACP & WireGuard. Question. Asuswrt-Merlin 5
P Question on Wireguard tunnel configuration. Asuswrt-Merlin 9

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 540 (members: 20, guests: 520)
Top