Duplicate Cient IP creating wireguard peers (and solution)

Found a small bug when creating new wireguard peers (and have the solution below).
I had 4 peers creaed (VPN → Wireguard Server → Profiles).
The Client IPs were 10.1.0.2, 10.1.0.3, 10.1.0.4, 10.1.0.5
The clients were working perfectly - so no issue.
However when I went to add in a 5th peer I expected a client IP of 10.1.0.6, but instead got 10.1.0.4 - which was the duplicate of an existing peer.

The bug seems to be in the Client IP generation script (not sure where that is). However the fix turned out to be very easy:
I looked at the file (had to ssh to the router - another story - and it too me a lot of hunting to find the file) /etc/config/wireguard_server
It turned out that the peer blocks in the file were in the order of the 10.1.0.2, 10.1.0.4, 10.1.0.3, 10.1.0.5 (not the .3 block was after the .4 block). No idea how this had happened (I had not touched the file before).
However reordering the peers so that the order was .2, .3,.4, .5 seemed to fix the issue.
Suspicion is that the script generating the Client IPs sees a gap between .3 and .5 and assume .4 is free (even though it exists before the .3) and uses it.

About which router & firmware do we talk here?

  • Model GL.iNet GL-MT2500
  • Architecture ARMv8 Processor rev 4
  • OpenWrt Version OpenWrt 21.02-SNAPSHOT r15812+885-46b6ee7ffc
  • Kernel Version 5.4.211

I have no idea of how this happened.

But if I change the order manually it does has this problem.

I am recording this as a bug.