Completely broke Wireguard because I made my own Pre-shared key

[madh]

Hi,
 I will start by saying Wireguard stopped working because I did something I shouldn't. Reason I am posting is because I would like to recommend or help make the UI better at type checking.


For some reason, after creating a few clients, I decided to add a pre shared key for extra security. Only, I created my own, same length, key without thinking. Then I force rebooted the OPNSense Machine to move plugs around. When it came back up Wireguard stopped working. I immediately thought it was because I just pulled the power cord like a dumbass. So, began panicking because Wireguard no longer functioned. Under status, My instance looked broken. I first did a restore from latest backup. Same problem. Next day, I decided to rebuild OPNSense completely, restore from backup.  Same problem.  I googled everything I could think of.  Finally, finally, finally I read the logs close enough and read "your Peer Preshared key is invalid". Then I went, OHHHHH! I created that key myself!!!  Dumb ass!!!. Deleted the key, used the generate button. Boom. Everything worked again like it should.

So I realize I created this issue myself, just would like the see the UI help a little more and stop dumbasses like myself from inintentially / unknowingly screwing things up that the service won't even run.

[newsense]

You can absolutely create your own key if you wish, just use the proper syntax

Code Select Expand

  wg genpsk

[dseven]

I suppose the OPNsense UI could validate admin-supplied keys before accepting them (should be a base64-encoded blob of 32 bytes in the case of the PSK). It does seem a bit sub-optimal if it accepts invalid data and then renders the service b0rked on boot.

Side note: please don't reboot your firewall by yanking the power cable. That's just wrong (unless as a very-last resort). Use Power -> Reboot if you feel the need. Not sure what the UI could do to prevent you from getting this wrong, though :)