Wishlist for Improvements

Question

Wishlist for Improvements

Gill-Bates opened this issue 8 months ago · comments

Enclosed is a wish list with suggestions for improving wgadmin:

Installing the Deb-File should check if wireguard is already installed and ask for installation
apt install wireguard wireguard-tools openresolv -y
Installing the Deb-File on a System on the first time throws an error (because the services are not installed at that moment). This message is confusing.
```
Failed to stop wgadmin.service: Unit wgadmin.service not loaded.
Failed to disable unit: Unit file wgadmin.service does not exist.
```
If you set a different port on the server, this port is not used for the peer. The default port is always 51820.
PostUp and PostDown Options are missing
PreSharedKey is unused
The Listening-Port inside the Peer-Settings are not the same from the Server
Traffic per User is only shown per Session not in Total
Network Device should show the Source IP-address

The section with the Readme for IP Forwarding is wrong. Here the correct Commands:

echo 'net.ipv4.ip_forward = 1' > /etc/sysctl.d/98-wgadmin.conf # Make the change persistent
echo 'net.ipv6.conf.all.forwarding= 1' >> /etc/sysctl.d/98-wgadmin.conf # Make the change persistent
sysctl -p /etc/sysctl.d/98-wgadmin.conf

And I saw a panic error:

Nov 24 17:13:35 sv2 wgadmin[908]: 2023/11/24 17:13:35 ip link show dev wg0
Nov 24 17:13:35 sv2 wgadmin[908]: 2023/11/24 17:13:35 ip link set mtu 1420 up dev wg0
Nov 24 17:13:35 sv2 wgadmin[908]: 2023/11/24 17:13:35 ip address add dev wg0 10.20.0.1
Nov 24 17:13:35 sv2 wgadmin[908]: 2023/11/24 17:13:35 ip link show dev wg0
Nov 24 17:13:35 sv2 wgadmin[908]: 2023/11/24 17:13:35 Starting wgAdmin v0.1.1 (prod)
Nov 24 17:13:35 sv2 systemd[1]: Started wgadmin.service - WireGuard Administration Server.
Nov 24 17:13:35 sv2 systemd[1]: Stopped wgadmin.service - WireGuard Administration Server.
Nov 24 17:13:35 sv2 systemd[1]: wgadmin.service: Scheduled restart job, restart counter is at 1.
Nov 24 17:13:30 sv2 systemd[1]: wgadmin.service: Failed with result 'exit-code'.
Nov 24 17:13:30 sv2 systemd[1]: wgadmin.service: Main process exited, code=exited, status=2/INVALIDARGUMENT
Nov 24 17:13:30 sv2 wgadmin[432]:         /home/pcarroll/Development/Golang/wgadmin/cmd/wgadmin/main.go:46 +0x2b8
Nov 24 17:13:30 sv2 wgadmin[432]: main.main()
Nov 24 17:13:30 sv2 wgadmin[432]:         /home/pcarroll/Development/Golang/wgadmin/internal/tools/wg-tools.go:19 +0x78
Nov 24 17:13:30 sv2 wgadmin[432]: bluefriday.ca/wgadmin/internal/tools.WgStart({{0xc0000a70e8, 0x5}, {0xc0000c2600, 0x3c}, {0x0, 0x0}, 0x1, {0x0, 0x0}, {0x0, ...}, ...})
Nov 24 17:13:30 sv2 wgadmin[432]:         /home/pcarroll/Development/Golang/wgadmin/internal/tools/wg-tools.go:278 +0x85
Nov 24 17:13:30 sv2 wgadmin[432]: bluefriday.ca/wgadmin/internal/tools.WgIfSetup({0xc0000a710c, 0x3}, {{0xc0000b8240, 0x14}, {0xc0000a7120, 0x9}, 0x1, {0xc0000a7129, 0x3}, {0xc0000b8258, ...}, ...})
Nov 24 17:13:30 sv2 wgadmin[432]:         /home/pcarroll/Development/Golang/wgadmin/internal/tools/wg-tools.go:137 +0x2d
Nov 24 17:13:30 sv2 wgadmin[432]: bluefriday.ca/wgadmin/internal/tools.WgSetMTU({0xc0000a710c, 0x3})
Nov 24 17:13:30 sv2 wgadmin[432]:         /home/pcarroll/Development/Golang/wgadmin/internal/tools/iptools.go:72 +0x1d
Nov 24 17:13:30 sv2 wgadmin[432]: bluefriday.ca/wgadmin/internal/tools.GetDefaultMTU()
Nov 24 17:13:30 sv2 wgadmin[432]:         /home/pcarroll/Development/Golang/wgadmin/internal/tools/iptools.go:68 +0x6e
Nov 24 17:13:30 sv2 wgadmin[432]: bluefriday.ca/wgadmin/internal/tools.GetDefaultDevice()
Nov 24 17:13:30 sv2 wgadmin[432]: goroutine 1 [running]:
Nov 24 17:13:30 sv2 wgadmin[432]: panic: runtime error: index out of range [4] with length 1

Peter Carroll · Answer 1 · Sat Nov 25 2023 01:57:44 GMT+0800 (China Standard Time)

What os and architecture are you using?
i.e. cat /etc/os-release

Gill Bates · Answer 2 · Sat Nov 25 2023 04:55:58 GMT+0800 (China Standard Time)

PRETTY_NAME="Debian GNU/Linux 12 (bookworm)"
NAME="Debian GNU/Linux"
VERSION_ID="12"
VERSION="12 (bookworm)"
VERSION_CODENAME=bookworm
ID=debian
HOME_URL="https://www.debian.org/"
SUPPORT_URL="https://www.debian.org/support"
BUG_REPORT_URL="https://bugs.debian.org/"

Peter Carroll · Answer 3 · Sat Nov 25 2023 09:41:17 GMT+0800 (China Standard Time)

Interesting... I had not tested on Debian 12 as 11 was current when I first wrote this... I think I should test. The original target was RaspberryPiOS.

The Debian control file contains e.g.:

Version: 0.1.2-231124.1857
Architecture: amd64
Depends: wireguard, wireguard-tools, nftables
Maintainer: info@bluefriday.ca
Description: WireGuard Administration App
Homepage: https://netrinos.com/wgtools/wireguard-admin-app
Section: base
Priority: optional

I have not included openresolv as I had not encountered a system yet that did not have something running already. And if that's not openresolv, I don't want to make a mess. Although Debian can be a bit stripped down compared to others.

The ports for the server and peers are meant to be independent. If you leave it blank it will end up being a random high port as per wireguard norms. But, specifying it makes things a little easier to understand imho. If you change the server port and look in the client, you will see the server endpoint has the right port.

For the traffic per user, I am just relying on what wireguard give me. Wireguard resets the counters when the connections drop.

On the IP Forwarding commands... I don't see the difference. I'm pretty sure I just cut and pasted these from a terminal when I wrote it. And the quotes do not make a difference as far as I can tell. At least not on Debian 11... What am I missing? I did not include IPv6 as I am not dealing with IPv6 otherwise.

When I wrote it, the PostUp, PostDown, and PresharedKey seemed beyond what I considered "keep it simple". But maybe they should be added anyway. What specific use cases do you have in mind?

On the panic... Did it do this every time? Or was it a one-time event? I will do some testing on Debian 12 and see if I can reproduce it...

If it does it on the build I uploaded tonight, can you send me the panic again? After making my changes, the line numbers have changed.

You are in Debian 11. What architecture? i.e. uname -a. What scenario is this? Is it a PC, virtual server, single-board computer?

Thanks

Peter Carroll · Answer 4 · Fri Dec 29 2023 10:11:34 GMT+0800 (China Standard Time)

I just uploaded v0.1.3 with the PostUp and PreDown added.

The error on Debian 12 is related to some permissions specific to that distro. It should be good now.

Please let me know if you have any more issues.

Peter

Simon Oakes · Answer 5 · Fri Apr 26 2024 07:57:05 GMT+0800 (China Standard Time)

@Gill-Bates as for packages, you actually only need wireguard-tools as most modern distros these days has wireguard compiled into the kernel.

@precisionpete increment doesn't apear to be working.

Say you have 10.23.10.1/32 as your server node, the second peer you add should automaticly be 10.23.10.2/32 but it will give you 10.23.10.1 instead even though its in use.