-
-
Notifications
You must be signed in to change notification settings - Fork 82
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[feature] Added support for WireGuard #225 #226
base: master
Are you sure you want to change the base?
Conversation
60f9d37
to
b648337
Compare
b648337
to
8c36a0d
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please rebase on the latest master.
77f35ae
to
21976be
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The first commit message says: Added support for WireGuard and VXLAN
, is the VXLAN part true?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
In the wireguard container log I see the following warning repeated many times, which pollutes the log unnecessarily:
Warning: Using a password with '-a' or '-u' option on the command line interface may not be safe.
images/openwisp_celery/Dockerfile
Outdated
|
||
USER root:root | ||
RUN apt install --yes --no-install-recommends \ | ||
iproute2 iptables sudo |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
let's install also ping-utils which is useful
36c49f0
to
43e389e
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What happens if the configured VPN key or ID are wrong?
Let's make sure this is communicated explicitly in the logs.
43e389e
to
71b5784
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I see that the Wireguard VPN updater app is not working as expected (on linode), I get the following:
[pid: 106268|app: 0|req: 1296/19080] 10.2.2.78 () {38 vars in 627 bytes} [Mon Jul 4 16:07:11 2022] POST /trigger-update?key=************ => generated 0 bytes in 0 msecs (HTTP/1.1 400) 2 headers in 87 bytes (0 switches on core 0)
In the code I see that vpn_id
is a required parameter, but are you sure the current version of OpenWISP Controller sends this in the request?
https://github.com/openwisp/openwisp-controller/blob/c02d5279614935790b51863aff623d525c279f41/openwisp_controller/config/tasks.py#L92-L106
Moreover, the periodic update is also not working. I tried waiting for the cron period to pass but the peers are not updated.
cat /var/spool/cron/crontabs/openwisp
# DO NOT EDIT THIS FILE - edit the master and reinstall.
# (- installed on Mon Jul 4 09:36:32 2022)
# (Cron version -- $Id: crontab.c,v 2.13 1994/01/17 03:20:37 vixie Exp $)
*/5 * * * * bash /opt/openwisp/update_wireguard.sh check_config
I see the crontab there but it doesn't seems like it's working.
If I add a line * * * * * touch /opt/openwisp/testyo
it works (it creates the file), if I run the command manually it also works (updates the local wg peers), but the cronjob on its own is not working.
I am aware that openwisp-controller does not send I am double checking the cron job |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is it possible to disable the VPN wireguard updater on the public hostname and only use it internally, if not can you change it so that this is possible please?
Added two images: - wireguard: image that runs WireGuard and VXLAN server - wireguard_updater: image that runs a Flask app that is used for triggering configuration update for WireGuard and VXLAN server Closes #225
Added services.py and utils.py for wireguard-updater
2c46f33
to
bed94be
Compare
Added two images:
wireguard
: image that runs WireGuard serverwireguard_updater
: image that runs a Flask app that isused for triggering configuration update for WireGuard server.
Closes #225
TODO
sudo
access oncelery
andwireguard
images.