vchrizz / er-wizard-wireguard Goto Github PK

Hi
I had a hard time figuring out where to find the right information to connect with a Laptop and WireGuard app.
The wrong thought that I made was that I tried to use the shown information in your wonderful wizard.
But the config of the app needs not the public key but the private key and calculates the private key by itself.
Here is a screenshot:

After several attempts I found an issue explaining where to find the private key and using the private key was successful.
My recommendation would be to either display the private key in the wizard or update the documentation (Readme) with a line where to find it.
It's available in the webconfig of the ER under: Device Tree interface/wireguard/wg0/

Hi,

first of all thank you for this amazing wizard.

I established a wireguard connection between my mobile device and my edgerouter in under 10 minutes. The most difficult part was to transfer the public key to my phone. Because I done it manually, differentiate between lowercase "L" and uppercase "I" was impossible. Is it possible to use a different font for the keys?

But all in all nice work 👍

When I recently updated to EdgeRouter X v2.0.9-hotfix.6 (from hotfix.5) all my WireGuard config was gone. I had the same issue when I updated to hotfix.5, so I took a config-backup before and restored it after the update (when I saw all WireGuard was gone).

Just to know it was not related to a restart, I have restarted the device several times, ant the WireGuard config survives.

This is a big issue for me as I have to do the update on site and also I don't feel 100% secure with the solution. Can the config be blown away by any other action...

I'm happy to provide the information needed to find out why this happen, just let me know. Is it related to the wizard, can I just remove the wizard and have the config in the config-tree?

I had a few peers prior to applying an update via the wizard and it nuked a few of the peers on my list. I am not sure why it didn't nuke it all and only a few.

a solution for this would be to add a import / export for WG settings to prevent that from being an issue.

Clicking on the +QRcode button in the config section opens a QR code but it is only showing about 1/2 of it with the right side chopped off by the HTML template box.

Full Disclosure: it seems the .tar file for 1.7 still contains the 1.6 wizard-run file so I pulled the raw 1.7 wizard run and dumped it in the .tar. So maybe the html template hasn't been updated for 1.7's layout.

Hello,
I'm trying to generate a configuration but I'm unable to use it on an android phone: the QR code contains only:

[Interface]
PrivateKey = xxxxx

[Peer]
PublicKey = yyyyy
PresharedKey = zzzzz

To work I should have at least, I think:

[Interface]
PrivateKey = xxxxx
Address = aaaaa

[Peer]
PublicKey = yyyyy
PresharedKey = zzzzz
AllowedIPs = 192.168.0.0/24
Endpoint = addressofedgerouter:portofwireguard

I'm using Firefox 112 on Ubuntu 22.04 and EdgeRouter X v2.0.9-hotfix.6

If one hits "Generate config" for an existing entry, the keys and config are updated. However, this adds a new peer entry and does not remove the previous one. There exist then two entries with e.g. same allowed ip, which confuses the inferface.

Removal of the previous entry is tricky, see Issue #28.

Using 1.7-20230916-pre

I can check the box and hit apply but once I refresh the page the option is unticked. Upgrade Wizard and WireGuard from [GitHub](https://github.com/vchrizz/ER-wizard-WireGuard/) automatically remains checked though.

wireguard version: 1.0.20220627-1
wizard version: 1.6-20211226

I added 8 new Peers. I needed to generate new config for the third one in the list (from top) in wizard. The new keys and QR was shown. But when I have clicked Apply and reloaded the wizard I only have 3 peers. 1 and 2 are untouched and number 3 are the newly generated config. Peer 4-8 was removed.

I noticed the same thing happens if I try to add multiple peers without reloading the wizard, only the first newlyu generated peer are added, the following peers are not added at all. Maybe related to this bug.
Adding one peer at the time and reloading the wizard works fine.

Green stays, red deleted on Apply.

Also we can see the buttons for Generate config and Add IP are buggy...

But thanks for a good wizard and overview!

When the wizard is run it would be nice to have a field that accepts IP address and subnet mask in CIDR format (ie 192.168.33.1/24) for the wg0 interface.

Please, how to execute the wireguard.js script correctly? I have node installed, but the script does not execute?

# node -v
v18.19.1

# node wireguard.js
/root/wireguard.js:174
        window.wireguard = {
        ^

ReferenceError: window is not defined
    at /root/wireguard.js:174:2
    at Object.<anonymous> (/root/wireguard.js:184:3)
    at Module._compile (node:internal/modules/cjs/loader:1356:14)
    at Module._extensions..js (node:internal/modules/cjs/loader:1414:10)
    at Module.load (node:internal/modules/cjs/loader:1197:32)
    at Module._load (node:internal/modules/cjs/loader:1013:12)
    at Function.executeUserEntryPoint [as runMain] (node:internal/modules/run_main:128:12)
    at node:internal/main/run_main_module:28:49

Node.js v18.19.1

Hi,

the "+ Add IP" button is not displayed correctly for additional peers. For the first "default" peer it displays fine. See the attached screenshot. I tested Firefox, Chrome and Edge, they are all the same. They are missing the text inside the HTML tag.

I see some pull requests that look to be beneficial, but the author is showing very little activity this year. This is a great package and would hate for it to fall by the wayside. Anyone?

Clicking "Remove Peer" deletes the peer from the Wizard, and clicking "Apply" seems implies that the peer is removed. But upon refresh, or "wg" in CLI, or viewing the config in the ER UI the peer is still there. Using the ER UI to remove the peer works and a refresh of the Wizard confirm it.

Version 1.7

When I add a new peer, my firewall policies that uses the wg0-interface, are changed (removed).

Before I add new peer:

After peer are added:

I manually have to assign interfaces to these rules after new peer are added.

Hi!

I'm sorry for my dumbness, but I'm completely unable to make Wireguard works on my EdgeRouter-X (v2.0.9-hotfix.5) by following this wizard...

By some reason the QR Code is invalid after the initial configuration:

Are there more specific instructions than the screenshot?

When removing a peer entry with the wizard, it first disappears from the list when hitting Apply. However, when reloading the page, it is there again.

This can also be approved by looking into the config tree. Actually, the entries have to be removed there, in the config tree.

1.7-20230916-pre

This is an interesting wizard. Thank you. I do have a question that does not appear to be addressed in the installation instructions. That is, what happens when "Setup Script" is enabled and you have multiple wireguard interfaces? I can see that the script configures wg0 according to the wgsettings.json file. What if there is another wg interface enabled when the setup script is run? Will those interface's configuration be the same as it was before the script executed? The instructions say wg1-wg999 are "untouched" so I expect that if for instance if wg1 is configured, it will still be configured the same way after the setup script runs?

Line 25 please change to:
if [[ "$($wireguardwizard load | jq -r .data.pkgstatus)" =~ .new\sversion\sfound. ]]; then

Line 34 please change to:
if [[ "$($wireguardwizard load | jq -r .data.wizstatus)" =~ .new\sversion\sfound. ]]; then

Notice how the space in the string comparison is replaced with \s in the logical expression comparison part. As it was the script bugs out with a syntax error on my ERL with the latest firmware (2.0.9-hotfix2).

I noticed the script deletes the wireguard interface $wgx node to "readd" the settings, the problem with this aproach is that it deletes the following config each time the wizard is applied:

description
down-command
fwmark
up-command

It would be better to modify existing settings instead of deleting the interface config, in case new settings are added to wireguard too.

First of all, thanks for the great tool!
I was wondering why I get "N/A" for the server's (not the peers) public key.
I think the problem is due to the combination of my configuration and the way ER-wizard-WireGuard tries to get the private key.
In the wizard-run file at line 312:
eval "privatekey=($($cli returnActiveValue interfaces wireguard ${interfaces[0]} private-key))"
returns not the private key itself but the path to the file which contains the key (e.g. /config/auth/wg.key).
Then also line 314 fails:
localpubkey=$(echo "$privatekey" | /usr/bin/wg pubkey)
Maybe something like
eval "privatekey=($($run show interfaces wireguard ${interfaces[0]} private-key))"
is more robust?

Device ER-4 v2.0.9hf2
WG Wizard 1.5
Installed WG : 1.0.20210424-1

Wizard properly detected older version needing update.
info: wireguard 1.0.20210424-1 installed. new version found: 1.0.20210606-3

Settings missed/skipped:

Route allowed IPs - I have it disabled and the wizard properly detected it by not checking it, but when I clicked apply - it still shows unchecked - but when you refresh the browser or check the CLI - the setting is checked/true. Had to manually revert to false via CLI.

WG IP Address
As mentioned in another post - the
"set interfaces wireguard wg0 address" entry is blank.
Appears to be no entry in Wizard, so put it back via CLI

Descriptions
All of my descriptions disappeared.
This is helpful when the only identifier is the public peer key.
Can you add this field back?

Almost forgot - even with those unexpected changes - the update itself worked great once I clicked "Apply" - which was easily restored via CLI.

Thanks!

The "Latest handshake" time will always show a time less than 59 minutes and 59 seconds, regardless if the latest handshake took place hours ago or on an entirely different day.

To fix this, the difference in days can be computed as $latesthandshakeago/86400 and %H can be added to the existing time format string to account for hours.

When setting up the wizard for the first time, it fails to download WireGuard. The following is from /config/user-data/wireguard/wireguard-wizard.log:

2023-02-18/19:38:47.073770259 [wizard] WireGuard wizard found at /config/wizard/feature/WireGuard/wizard-rundpkg-query: no packages found matching wireguard
2023-02-18/19:38:47.138133883 [wizard] wireguard package not installed! need to install packages.
2023-02-18/19:38:47.142840585 [installer] Starting installation of WireGuard from /config/user-data/wireguard/ ...
2023-02-18/19:38:47.149796244 [installer] check if we are online (if we can reach github.com) ...
2023-02-18/19:38:47.409827086 [installer] online-check succeeded ...
2023-02-18/19:38:47.413813929 [installer] Check system where we are running ...
2023-02-18/19:38:47.429347466 [installer] Detected EdgeRouter e300 system ...
2023-02-18/19:38:47.455051436 [installer] Detected EdgeOS version v1 ...
2023-02-18/19:38:47.459176829 [installer] Checking for e300-v1 deb-file in /config/user-data/wireguard ...
2023-02-18/19:38:47.475038506 [installer] WireGuard deb-file not found, need to download from latest release ...
error: test is not defined
.assets[].browser_download_url | select(test("e300-v1"))
                                        ^^^^
1 compile error
2023-02-18/19:38:47.799898809 [installer] Download of WireGuard starting from  ...
curl: no URL specified!
curl: try 'curl --help' or 'curl --manual' for more information
2023-02-18/19:38:47.849050086 [installer] download done.
2023-02-18/19:38:47.853040301 [installer] Installing WireGuard for e300-v1 ...
dpkg: error processing e300-v1*.deb (--install):
 cannot access archive: No such file or directory
Errors were encountered while processing:
 e300-v1*.deb

I was able to work around this issue by manually downloading the .deb package to the /config/user-data/wireguard directory.

Hi - first I want to say that this is brilliant. I lost my wireguard config after a firmware upgrade (didn't realize that would happen!) and while reinstalling found this. So much easier than the command line, I appreciate it.

Because I was coming from a previous installation, I had a private key for wg0 that I wanted to import so that I didn't have to reconfigure the half-dozen clients already set up. Looking through the code I realized that the private key is in the HTML source, so I hit F12, edited the value of the private key, clicked Apply and ... it worked!?

I think it would be brilliant if that could be a supported feature. Allow the web UI to show & edit the private key for scenarios such as mine, where the user is coming from an existing setup.