WireGuard Client configuration only accepts max. 15 "Allowed IPs"

I need to set up a WireGuard Client with more than 15 “Allowed IPs” (using Firmware version 4.2.3).
But the input mask only allows entering max. 15 IPs.
When I directly add more than 15 IPs into the configuration file and press “Apply”, the configuration file disappears, and I get an error message “Unknown error occurred. Please check the network environment or reboot the device”. Rebooting doesn’t help.
The only thing I can do then is to delete the complete WireGuard Client configuration and set it up newly again (with max. 15 IPs).
How can I create a WireGuard Client configuration file with more than 15 IPs - which is usually easily possible?

1 Like

It’s a feature under development.

But… you really need more than 15 subnets in there? You can use CIDR notation.

Thank you for your prompt response @Cal . More than 15 subnets are indeed necessary, and CIDR won’t help in this case.
When it’s a feature under development, we’ll have to wait and have to see to find a workaround for it. Hopefully, it’s going to be implemented soon, as my team was especially equipped with GL.iNet routers for using WireGuard efficiently and never experienced this kind of restriction with WireGuard outside the GL.iNet environment.

This is a bug, we have reproduced it and are working on a fix.

2 Likes

How many IPs will be suitable for your use case? Say is 240 enough?
We need to enlarge the buffer array to fix this.
By the way, see if you can merge some IPs for subnet.

Sorry for the late reply, I saw your message just now. In the meantime, I found a workaround to set the IP addresses via CLI in the router /etc/config/wireguard — there doesn’t seem to be a limitation.

Currently, I’m using 30 individual IP addresses, therefore 240 would probably be enough.

Another smaller issue with the /etc/config/wireguard file is that all IPs need to be listed in one single line option allowed_ips, which makes handling such many IP addresses confusing.
In older firmware versions, it was possible to list one IP per line with list allowed_ips, but that breaks the whole wireguard config.

Thanks, we already enlarged the buffer to allow 240 IP addresses.

Exactly when there are many.

Thanks as well! But the configuration via the UI hasn’t been adjusted yet, has it?

This I don’t get completely. Should

list allowed_ips 'IP1'
list allowed_ips 'IP2'
list allowed_ips 'IP3'

be possible in /etc/config/wireguard? So far, it broke the whole config for me.

Sorry forgot to mention it’s firmware 4.5 has merged the changes.

Possible but it’s a bit troublesome. We need to take care of sysuprade with keeping settings.
Does it only make the config file hard to read?

Good to know :+1:

Yes, it’s the readability and administration. Therefore a smaller issue. I was just wondering as with other routers using firmware version 3.x it is easily possible.
Thank you!

Okay, we’ll change it later.

1 Like