I compile my own builds, but I wanted to change some WireGuard default values for my own builds e.g. changing route_allowed_ips
Where can I find those default values in the source code?
aren't they stored in some config file ?
That is what I am trying to find out, I have a feeling I need to do this to change it ( see attached patch) but am not sure
diff --git a/package/network/utils/wireguard-tools/files/wireguard.sh b/package/network/utils/wireguard-tools/files/wireguard.sh
index f6ad967b40..b1ec8125be 100644
--- a/package/network/utils/wireguard-tools/files/wireguard.sh
+++ b/package/network/utils/wireguard-tools/files/wireguard.sh
@@ -39,7 +39,7 @@ proto_wireguard_setup_peer() {
config_get public_key "${peer_config}" "public_key"
config_get preshared_key "${peer_config}" "preshared_key"
config_get allowed_ips "${peer_config}" "allowed_ips"
- config_get_bool route_allowed_ips "${peer_config}" "route_allowed_ips" 0
+ config_get_bool route_allowed_ips "${peer_config}" "route_allowed_ips" 1
config_get endpoint_host "${peer_config}" "endpoint_host"
config_get endpoint_port "${peer_config}" "endpoint_port"
config_get persistent_keepalive "${peer_config}" "persistent_keepalive"
What exactly are you trying to change? It'd probably be easier to advise if we had some understanding of the intended purpose/outcome.
check on OS level ? is there a file with those values somewhere in /etc ? or /etc/config ?
In peer config route_allowed_ips is defaulting to 0.
That means not routing the allowed ips
On many Clients (Android / Windows) this is not even an option and the allowed IPs are always routed, I know one other firmware where it is an option but it defaults to 1, e.g. always routing the allowed ips.
So I want to set this option default to 1
Then the above change should be sufficient. Afaik the wireguard.sh script is what takes the values from the UCI network config and create the wireguard config used by the kernel.
Although you might then need to make additional changes to the luci files (if you use Luci) as that may well be coded to assume if the route allowed ips line is missing then it defaults to off (and therefore the relevant tick box would be unticked).
Tbh it seems a lot of hassle when you can get the same result by adding one line to the relevant peer config (which then never needs touching again), but if it works better for you then fair enough.
Isn't https://openwrt.org/faq/include_tailored_custom_configuration_files what you want ?
I don't think so. If I've understood correctly then @egc wants OpenWRT to assume that if a peer config doesn't include a option route_allowed_ips line then it'll default to the options being enabled, rather than disabled (as is the current default). That can't be done just through a config file.
1 Like
This is as far as I am now:
There does not seem to be a config file in the source or if it is I could not find it.
The default is if there is no setting in the config file (option route_allowed_ips)
The script responsible for this package/network/utils/wireguard-tools/files/wireguard.sh which is installed in lib/netifd/proto/ treats no option set (default) as not enabled (line 43: config_get_bool route_allowed_ips "${peer_config}" "route_allowed_ips" 0).
This can easily be changed but then all existing configurations will be invalid so this is a no-go.
Next I have been looking into Luci trying to enable the setting there by default.
The js script responsible seem:
feeds/luci/protocols/luci-proto-wireguard/ht-docs/luci-static/resources/protocol/wireguard.js
line 653:
`o = ss.option(form.Flag, 'route_allowed_ips', _('Route Allowed IPs'), _('Optional. Create routes for Allowed IPs for this peer.'));`
Looking at another thread where @jow commented with advice
I added:
o.default = o.enabled;
o.forcewrite = true;
This result in the option in Luci indeed as being ticked (enabled) however nothing is written in the config, it looks like the default option is not written to the config file, because if I disable the option in LuCi then the option is written en is disabled (option route_allowed_ips '0')
So how to get this default option written to the config file, I had hoped that forcewrite should do that but apparently not.
If anybody has any advice it is welcome.
What is preventing you from simply setting option route_allowed_ips 1 in the config? I mean you're modifying it after all to add the peer, so why not just add that extra option too?
1 Like
Thanks for chiming in, but how can I do that so it is incorporated in my source so that when I compile it is already there?
The same way you compile your wireguard config into the build?
I do not compile my config in my build , the goal is that if a new WG interface is setup the default value is to route the allowed IPs.
It is one of the problems a lot of new users struggle with when setting up a simple WG tunnel, I know it and always tick the box 
I am just searching for a way if and how this default behaviour can be altered but lacking the necessary javascript skills
You would need to override LuCI TypedSection.handleAdd() method to prepopulate the route_allowed_ips setting with 1 and tweak the various import code paths as well, something along these lines:
diff --git a/protocols/luci-proto-wireguard/htdocs/luci-static/resources/protocol/wireguard.js b/protocols/luci-proto-wireguard/htdocs/luci-static/resources/protocol/wireguard.js
index d05acfbe79..2fbe72af4e 100644
--- a/protocols/luci-proto-wireguard/htdocs/luci-static/resources/protocol/wireguard.js
+++ b/protocols/luci-proto-wireguard/htdocs/luci-static/resources/protocol/wireguard.js
@@ -375,6 +375,7 @@ return network.registerProtocol('wireguard', {
uci.set('network', sid, 'preshared_key', pconf.peer_presharedkey);
uci.set('network', sid, 'allowed_ips', pconf.peer_allowedips);
uci.set('network', sid, 'persistent_keepalive', pconf.peer_persistentkeepalive);
+ uci.set('network', sid, 'route_allowed_ips', '1');
if (pconf.peer_endpoint) {
uci.set('network', sid, 'endpoint_host', pconf.peer_endpoint[0]);
@@ -408,6 +409,7 @@ return network.registerProtocol('wireguard', {
uci.set('network', sid, 'preshared_key', pconf.peer_presharedkey);
uci.set('network', sid, 'allowed_ips', pconf.peer_allowedips);
uci.set('network', sid, 'persistent_keepalive', pconf.peer_persistentkeepalive);
+ uci.set('network', sid, 'route_allowed_ips', '1');
break;
}
}
@@ -507,6 +509,19 @@ return network.registerProtocol('wireguard', {
return E('em', _('No peers defined yet.'));
};
+ ss.handleAdd = function(ev, name) {
+ var config_name = this.uciconfig || this.map.config,
+ section_id = this.map.data.add(config_name, this.sectiontype, name),
+ mapNode = this.getPreviousModalMap(),
+ prevMap = mapNode ? dom.findClassInstance(mapNode) : this.map;
+
+ prevMap.addedSection = section_id;
+
+ this.map.data.set(config_name, section_id, 'route_allowed_ips', '1');
+
+ return this.renderMoreOptionsModal(section_id);
+ };
+
o = ss.option(form.Flag, 'disabled', _('Peer disabled'), _('Enable / Disable peer. Restart wireguard interface to apply changes.'));
o.modalonly = true;
o.optional = true;
2 Likes
Great, I knew I needed your expertise Thanks!
Will start working on it, thanks again
Patched, compiled and tested.
Working as intended, Thanks again
This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.