Two issues I encountered in 3.203 and wanted to test if they are resolved in 3.211 beta4:
Pasting in a Wireguard client .conf
That has an MTU= line, it will parse it wrong and instead of filtering it out or using the value, it puts it into the DNS server field instead
If a Wireguard .conf has IPv6 GUA it will do bad input validation and claim the address is not valid.
These are valid, working profiles that are fine in Android, Linux, Windows, MacOS wg client.
Example config with documentation prefixes just for testing. Remove the IPv6 addresses to test the MTU issue I have described:
[Interface] PrivateKey = WMvbIrtDYzjTAC2j2y4vxs2Igic2/AaCtGJYwIbVXFo= Address = 2001:db8:caff:a::129/128, 203.0.113.10/32 DNS = 2620:fe::fe, 220.127.116.11 MTU = 1340 [Peer] PublicKey = kiSFu9964SBBUKpYQwc9ZlcDFol4zaIiB+85J/F83nE= PresharedKey = Cwjc+3xQtyIUQg8Fle17jIaZXGvGNfQO9Guj4Ly1+QI= AllowedIPs = 0.0.0.0/0, ::/0 Endpoint = office.mywork.org:53953
- The MTU = line should be either used and applied or filtered out and discarded.
- The MTU= line gets partially inserted into the DNS server field.
- If IPv6 was enabled and the device rebooted with IPv6 support on this wireguard client .conf should be validated and imported correctly. The wg interface should have the IPv6 GUA assigned to it and clients behind the device should be getting IPv6 access via the NATted ULA that the device provides.
- The config fails to import with an error message of “invalid IP address”