Bug? WireGuard PSK in web interface

babelmonk · August 15, 2024, 10:43am

I think this is a bug, but I’ve seen it in v7.15 and 7.16rc2 as well.

For Wireguard pre-shared keys, if you select ‘auto’ in the web interface for Wireguard, no key is returned. Similarly if you paste a pre-existing / pre-created key into the PSK box in the web interface, no key is saved and the connection does not complete.

anav · August 15, 2024, 11:33am

No one I know uses preshared key with wireguard?? Perhaps thats why its not working?

m4rk3J · August 15, 2024, 12:43pm

Everyone in my area uses it - it’s safer.
But the auto-generation works for me from winbox.

anav · August 15, 2024, 1:54pm

Why is it safer? If its just plain text password, I am not sure it offers extra security. If it was encrypted, then yes definitely.
So the question is the pre-shared key encrypted in some fashion, OR only shared after the handshake is established (and thus checked after the tunnel is made and thus through an encrypted tunnel) or is sent in plain text with the initial handshake??

I dont know, just asking the wider audience!!

maert · August 15, 2024, 3:31pm

Seems to be overkill. But yes, it adds a layer. There is more in Wireguard document https://www.wireguard.com/papers/wireguard.pdf.

In lieu of using a completely post-quantum crypto system, which as of writing are not practical for use here, this optional hybrid approach of a pre-shared symmetric key to complement the elliptic curve cryptography provides a sound and acceptable trade-off for the extremely paranoid. -