While setting up WireGuard Net-To-Net, I encountered the following issue:
When I edited the ‘Remark’ line again after setting up the Net-To-Net connection and entered more than 56 characters, the contents of the ‘Pre-Shared Key’, ‘Keepalive Interval’ and ‘Routing/Local Subnets’ fields were deleted.
At first, I thought I’d made a mistake when importing the config file.
However, out of curiosity, I gave it a second try and entered more than 56 characters into the ‘Remarks’ field again.
The result was the same: The ‘Pre-Shared Key’, ‘Keepalive Interval’ and ‘Routing/Local Subnets’ fields had been cleared again, and the ‘Remarks’ field was truncated after 56 characters.
There was no warning beforehand or a stop to input only 56 characters.
That is why I suspect I have encountered a bug here.
Maybe this will be of help to someone.
Looking up the IPFire WireGuard code and also the WireGuard documentation it states that the PSK must be 256 bit (32 byte). If one is not provided in the WUI (marked optional for entry) the a PSK is provided by IPFire and the code ensures that it is 32 bytes.
This PSK is the base64 encoded to ensure that any characters used are not going to create a problem elsewhere in the perl code.
It looks like the code for the manually entered PSK does not check that it is 32 bytes in size and that when it is different then this is obviously causing difficulties in the perl code for the WireGuard WUI page. I haven’t checked why this would be a problem and have not yet confirmed your finding. I will try and od this when I am able to.
Until a fix is created that will check that the manually entered PSK is the correct length, you should ensure to only use a 32 byte (character) PSK.
As far as I can see if you leave that entry blank then it adds a PSK anyway. I have not added a PSK in my met to met c onfiguration but the wireguard conf file contains a base64 encoded PSK.
It’s fine for me now that I know I need to be careful about this.
I reported it so that others don’t end up in the same situation as me, when the existing connection to the remote IPFire is cut off after editing the ‘Remarks’ field.
In my case, it didn’t add the PSK, so I have to wait until I’m back at the remote location to sort it out there.