Fix for fwmark

Evidently, wireguard's (use of) fwmark is not well understood. In short, it determines which routing table to use for a tunnel's packets. Adding a fwmark to a roadwarrior client config won't do anything to the actual packets sent to a peer: Packets do not get marked. A QRCode with `FwMark = ...` in it is invalid. FwMark is now excluded from client configs (but is written to the server config /etc/wireguard/wgX.conf). Potential breaking change of `WGUI_FORWARD_MARK` to `WGUI_FIREWALL_MARK` But this has the effect of making users eventually notice that it probably does not do what they want/think. See: https://ro-che.info/articles/2021-02-27-linux-routing https://casavant.org/2020/10/10/wireguard-fwmark.html https://www.blinkenlights.ch/ccms/posts/source-based-routing/
2025-07-22 19:33:32 +03:00 · 2022-12-21 00:46:59 +00:00 · 2022-12-21 00:46:59 +00:00 · 101b5564c2
commit 101b5564c2
parent aadf099f50
7 changed files with 17 additions and 37 deletions
--- a/templates/clients.html
+++ b/templates/clients.html
@ -70,17 +70,8 @@ Wireguard Clients
            </div>
            <div class="modal-body">
                <input type="hidden" id="qr_client_id" name="qr_client_id">
-                <a href="" download="" id="qr_code_a">
-                    <img id="qr_code" class="w-100" style="image-rendering: pixelated;" src="" alt="QR code" />
-                </a>
-                <div class="form-group">
-                    <div class="icheck-primary d-inline">
-                        <input type="checkbox" id="qr_include_fwmark" onchange="regenerateQRCode()">
-                        <label for="qr_include_fwmark">
-                            Include FwMark
-                        </label>
-                    </div>
-                </div>
+                <img id="qr_code" class="w-100" style="image-rendering: pixelated;" src="" alt="QR code" />
+                <!-- do not include FwMark in any client configs: it is INVALID. -->
            </div>
        </div>
        <!-- /.modal-content -->
@ -425,9 +416,7 @@ Wireguard Clients
                cache: false,
                method: 'GET',
                url: '{{.basePath}}/api/client/' + client_id,
-                data: { 
-                    qrCodeIncludeFwMark: include_fwmark
-                },
+                data: JSON.stringify(data),
                dataType: 'json',
                contentType: "application/json",
                success: function (resp) {