Error in WireGuard documentation Topic is solved

Having issues with your DietPi installation, or, found a bug? Post it here.
Post Reply
DarrenHill
Posts: 28
Joined: Wed May 08, 2019 3:00 pm

Error in WireGuard documentation

Post by DarrenHill »

Just wanted to report a small error in the Wireguard set-up documentation (this post).

In the client config details (the middle one of the three white code boxes) it says

Code: Select all

G_CONFIG_INJECT 'Address = ' 'Address = 10.9.0.3' wg0-client2.conf
but if you inject that IP address the config doesn't work. On my set-up (which is working) I had to tweak that to:

Code: Select all

G_CONFIG_INJECT 'Address = ' 'Address = 10.9.0.3/32' wg0-client2.conf
(of course replacing the .3 to whatever address you actually want to assign this particular client). I chose /32 to match the AllowedIPs entry in the lower code box and it works, but if there's a better or more secure choice I'm happy to be corrected.
User avatar
MichaIng
Site Admin
Posts: 2294
Joined: Sat Nov 18, 2017 6:21 pm

Re: Error in WireGuard documentation

Post by MichaIng »

@DarrenHill
Many thanks for your report. Jep indeed it should have been Address = 10.9.0.3/24, I just fixed it.

I am not 100% sure about the difference /32 and /24 (network mask) do here, because the AllowedIPs entries define which IPs the peers allow/use to connect to each other. All guides I found state to use /24 for the Address entries. It identifies itself as part of the 10.9.0.[1-255] address range network, but not sure about practical differences. However as long as /32 works for you, stay with it. In case stricter is better than wider here.
DarrenHill
Posts: 28
Joined: Wed May 08, 2019 3:00 pm

Re: Error in WireGuard documentation

Post by DarrenHill »

No problem, you're very welcome.

I wasn't sure if it should have been /24 or /32, hence why I mentioned it.

Edited to add - looking in the final config files the address line is set to /24 anyway. So it looks like even if you inject /32 it gets changed at some point to /24 by the set-up procedure.
User avatar
WarHawk
Posts: 610
Joined: Thu Jul 20, 2017 8:55 am

Re: Error in WireGuard documentation

Post by WarHawk »

CIDR addressing and all that

/32 would be good for say router to router (so only a single IP address can be used [hard to hack in], /24 gives 254 addresses, so for the networking aspect, it can support up to 254 connections/IP's into WireGuard remotely...a healthy "pool" of remote IP's

It get's confusing if you haven't really learned studied it (it's plays heavily in Cisco training)...it/s kinda a pain.
https://serverfault.com/questions/67677 ... 24-in-cidr
User avatar
MichaIng
Site Admin
Posts: 2294
Joined: Sat Nov 18, 2017 6:21 pm

Re: Error in WireGuard documentation

Post by MichaIng »

Generally netmask is clear to me, I am just wonder which affect is has for the Address entry. For AllowedIPs it is totally clear where it controls which requests are tunnelled through the VPN and which not, but no idea if the peer behaves any differently when you define him as part of a 255 address network or single IP network. Perhaps it somehow influences the request/connection marks, if it is marked as local or external request. Not not sure about any practical affects.
Post Reply