Evidently, wireguard's (use of) fwmark is not well understood. In short,
it determines which routing table to use for a tunnel's packets.
Adding a fwmark to a roadwarrior client config won't do anything to the
actual packets sent to a peer: Packets do not get marked.
A QRCode with `FwMark = ...` in it is invalid.
FwMark is now excluded from client configs (but is written to the
server config /etc/wireguard/wgX.conf).
Potential breaking change of `WGUI_FORWARD_MARK` to `WGUI_FIREWALL_MARK`
But this has the effect of making users eventually notice that it
probably does not do what they want/think.
See:
https://ro-che.info/articles/2021-02-27-linux-routinghttps://casavant.org/2020/10/10/wireguard-fwmark.htmlhttps://www.blinkenlights.ch/ccms/posts/source-based-routing/
PresharedKey is now only set in the server and client config if the key
is set and not null (or empty).
I added this feature because I was importing old config files from
clients that did not have a preshared key set. Clients can be created
without preshared keys when editing db/client/ files manually. If the
field is not set, wireguard-ui creates invalid configs by producing:
PresharedKey =
This patch remvoes this behavior and just skips the preshared key if not
set.
Co-authored-by: Khanh Ngo <k@ndk.name>