Loaded kmod-wireguard, wireguard-tools and luci-proto-wireguard.
Everything appears fine until it comes to the 'Allowed IPS' in the 'Peer' Section.
Via LuCI, having one entry e.g. '192.168.1.2/32' seems to cause no issue.
Using the '+' to add another e.g. '192.168.2.0/24' and on pressing 'apply and save', the whole system hangs - LuCI stops responsing, the open ssh terminal connection stops responding and the only way to recover is to do a hard reset of the router back to original setup !
Editing the /etc/config/network instead of using LuCI and adding the second entry that way, causes exactly the same when the interface is reloaded.
As the only way I have been able to recover is to do a reset, I am reluctant to try again as I have had to go through setting everything up again (although I have now created the basic recovery to allow getting back to basics much easier.
I am new to OpenWrt, so it may be the mistake is mine, but if it is, it can only be that the entry I am making via LuCI or /etc/config/network is incorrect as that is all I am doing when this total freeze happens.
Is it a bug do you think ? Thank you for any comments/assistance. Habs.
Do you mean making a duplicate to a route in the linux routing table on the openwrt router ?
As far as I understood, the 'allowed-ips' config of WireGuard is just about specifying the ip's that are allowed down the tunnel. Regarding the flag (in LuCI) of 'add routing' in the peer section, could it be (if I am duplicating something in the linux routing) that is trying to add a route to what is already there ?
In any case, openwrt router goes into meltdown instead of gracefully (perhaps) declining the action !
I'll try further and have a go with the 'add routing' un-ticked and or try completely different ip networks that I know are not present in 'allowed-ips'.
I'm just nervous as all I can do is do a complete reset if the same problem occurs.
This could be stupidity on my part, or maybe I did not understand the config of WireGuard too well.
I was using a network range in the 'allowed-ips' for a peer that was also the same as a setting for another interface on the router (nothing to do with the WG interface). That's the only thing I could see that would be a possible conflict.
My view was that I expected the peer to be making requests to addresses on that network (at some point when I'd got it working) and therefore that address range needed to be in the 'allowed-ips'. This is seemingly not correct.
Perhaps that is the problem as it seems to have no further issue as reported if I do not do this - although I am not going back to try it as I can not face another reset and reinstall just now.
I am trying to get to grips too with firewall settings and what needs to be opened for WG to work etc. I will start a different thread if I do not get anywhere.
Thank you for the comments and questions, it has drawn my attention to a few things I am getting wrong!
i am not sure how or if one marks topics as 'solved', but in any case this one is.
It was a case of my error and not carefully ensuring addresses and routes I had entered made sense...possibly my first foray into Wireguard too hasn't helped. Any way..all working now.
