Luci-app-wireguard + QR generation

Am I right that QR code generation is somewhat broken in current stable release (all updated installed so far)? Allowed IPs are missing in generated QR, like those IPs from simplest config bellow ( and fd00:10::128/128). In order to finish client configuration in official Android client I have to fill in those manually.

config interface 'vpn'
	option proto 'wireguard'
	option listen_port '51820'
	option private_key 'longkeygoeshere='
	list addresses ''
	list addresses 'fd00:10::1/64'

config wireguard_vpn 'wgclient'
	option preshared_key 'longkeygoeshere='
	option private_key 'longkeygoeshere='
	option public_key 'longkeygoeshere='
	list allowed_ips ''
	list allowed_ips 'fd00:10::128/128'

Any chance to fix it?

There's a long discussion on this:

Do you mean they're not being added to the peer (i.e. on the android device) as addresses? They shouldn't be allowed IPs on both end of the tunnel.

1 Like

The Allowed IPs on the "server" side are different from the allowed IPs on the "client".

On the "server" side they are e.g. while on the client side they are e.g.: , ::/0

You can argue that the QR code should contain the default Allowed IPs: , ::/0 or perhaps the LAN subnet of the router?

1 Like

I'm just saying that QR code is useless (from user's standpoint) if it requires additional manipulation like entering client IP address or DNS-server.

1 Like

Yep - one valid use case is transferring a Wireguard config from an OpenWrt to another device via QR Code:

How would you programmatically determine the correct IP address or DNS server that should be used on the client device? What do you do in cases where the allowed IPs in the peer config is more than a single /32 address?

You either need to add further information prior to generating the QR code or after scanning it on the client device. What the QR code does do, however, is allow the transfer of the 'complex' data like the keys.

1 Like

There is no need to debate about showing or not showing private key (or any other optional information). Let user decide what he wants to encode - one (or several) check boxes will make many happier.

I assume it is the main use case.

That's not a debate - as the private key should never be shown, unless it's to move the account, hence my posting a discussion about why there's a misconception about what the QR Code is for. :bulb: It seems you're under that misconception.

I don't understand this statement. Are you making a Feature Request?

Is wireguard already compatible DHCP? I doubt. Wonder why Wireguard client denies working without providing IP address?

Wireguard is a Layer 3 protocol, so Layer 2 protocols like DHCP are not compatible.


Wireguard for Android is under the same misconception?

I don't understand your question. Additionally, this is an OpenWrt discussion forum.

The misconception is that the QR Code is to make a new peer. It doesn't. It moves an already existing peer config.

If you are a developer :slight_smile:

I'm not sure what you're asking here? If the generated QR code were to include an IP address and DNS server for the client device then that information needs to come from somewhere. Either you derive it programmatically from other information (hence my query about how you think that could work in practice) or you manually add it. And if you're doing the latter then does it matter whether you do that before you generate the QR code or after you create the config on the client?

1 Like

This is exactly why I questioned statement about "How would you programmatically determine the correct IP address or DNS server".

That's the question we asked you. I think there's a logical circle forming here...

You seem to want OpenWrt to guess a DNS server for a Wireguard config and add it to a generated QR Code, correct?

Also note, we already discussed that the QR Code doesn't do what you're describing - so you're asking for a Feature Request too?

My idea is that QR code generated by OpenWRT should provide enough information to configure peers by using official WIreguard client for Android.