Applied wireguard configuration have same IPv4 endpoint for all peers

Hello!

I found pretty odd behavior on one of my OpenWRT VM's. Initially when I didn't found what is going on it looked exactly like described in the title - while I obviously configured luci-app-wireguard with different IPv4 endpoints for each peer (and I also verified /etc/config/network content to confirm that) for some reason both of wg utility and OpenWRT WebUI showed me that WireGuard try to establish connection with all peers via same IPv4. Just to be clear - WireGuard IPv4 endpoints in /etc/config/network is different for each peer, however in wg output all endpoints is the same - exactly same IPv4 address in each peer Endpoint: field.

I tried to reset configuration and re-configure this VM several times and found that issue is not reproducible until I add one specific peer to WireGuard peers list (let's call this peer as "peer33"). Until I do that everything is fine. But as soon as I add this specific peer33 - endopints of other peers in wg output change to this peer IPv4 address.

So it's seems like something about this peer public key and IPv4 endpoint address somehow break luci-app-wireguard (ot some other component underneath). How I can help with debugging this issue?

1 Like

By providing your configs both both sides of all connections (I honestly think it's a misconfiguration).

Also...what version of OpenWrt are you running?

Wireguard was in beta testing in version 17.

Just in case, this is not point-to-point, it's a mesh of VMs running either OpenWRT or Ubuntu, that configured to connect each other via WireGuard. I guess if all other machines is fine, it's necessary to provide configs only from one problematic VM?

config interface 'wg0'
	option proto 'wireguard'
	option private_key 'removed'
	option listen_port '51820'
	list addresses '5.5.5.1/32'

config wireguard_wg0
	option public_key 'skrFUVaLzrzlqNFryL3uBcA9Mqb7ZiLiK/qVKdB4ESA='
	list allowed_ips '0.0.0.0/0'
	option route_allowed_ips '1'
	option endpoint_host 'removed'
	option endpoint_port '51820'
	option persistent_keepalive '25'

config wireguard_wg0
	option public_key '/2V+L8VptxX01MMwKS/b5Ry8u8c6mQhK7HuZv1hjpCU='
	list allowed_ips '5.5.5.3/32'
	list allowed_ips '10.33.0.0/24'
	option route_allowed_ips '1'
	option endpoint_host 'removed'
	option endpoint_port '51820'
	option persistent_keepalive '25'

config wireguard_wg0
	option public_key 'SUSPhCdpYXcQqw+5fPZx7ffdgqUL4nmtXpyTaBDjMx8='
	list allowed_ips '5.5.5.4/32'
	list allowed_ips '10.34.0.0/24'
	option route_allowed_ips '1'
	option endpoint_host 'removed'
	option endpoint_port '51820'
	option persistent_keepalive '25'

5.5.5.3 is problematic one. OpenWRT version is 19.07.3, but it was reproducible on 18.06 too (I upgraded this particular VM to 19.07.3 just a couple of days ago).