Adding more Tunnel-side IPv4 network to use

Hello, I have a problem regarding Tunnel-side IPv4 network to use.

I tried updating WIREGUARD_IPV4_NETWORK in my .env file to get more IPv4 pool and re-ran docker compose down and docker compose up -d to restart and reconfigure firezone services, but after that it seems like the VPN client is not connected to the server even though there are packets received in wireguard client log.

Any help would be greatly appreciated, Thank you!

Hello @afif.fahreza
After you changed IPv4 Network, you have to regenerate a config file for the devices which are connected to the tunnel before with the old IPv4 Network spaces.

I did the same. regenerated config file for device and still no internet access when connected to it.

What’s the new network range? If IPv6 is enabled make sure to increase that range too. Make sure the WIREGUARD_ADDRESS variables are within the range.

I’d recommend going with CGNAT 100.64.0.0/10 for the range — this will be the default in new releases.

1 Like

How to do it Jamil? what to put in .env file?

@herbertrivera

Yes that’s correct, make sure to set these 2 variables in .env

WIREGUARD_IPV4_ADDRESS=
WIREGUARD_IPV4_NETWORK=

then recreate

docker-compose up -d <your firezone container name>

Once that is done, do as @elhanan has mentioned, re-generate new config from firezone GUI

Add these to your .env file.

added the parameters and im immediately getting this error on a fresh installed firezone;
ipv6 address pool is exhausted. Increase network size or remove some devices.ipv4 address pool is exhausted. Increase network size or remove some devices.

it worked by disabling ipv6. However its getting this error “IPv6 address pool is exhausted. Increase network size or remove some devices”. this server has set to disable ipv6 and is using 100.xx.xx.xx/10 CGNAT. Any thoughts Jamil?

Unfortunately the client configs are static and have to be re-generated when network settings change. The only way to fix will it is with custom clients.

noticed that when ipv4 changed to WIREGUARD_IPV4_NETWORK=100.64.0.0/10
WIREGUARD_IPV4_ADDRESS=100.64.0.1 users experienced intermittent connection. regenerated configs to work but connection is not stable. most of the time they get no internet connection when connected to the server.

Intermittent connection issues are usually caused by an MTU issue. Are the clients and server both set to 1280? That should rule out any MTU issue.

yes its set to 1280 to both client and server

still connection is intermittent even set to MTU 1280 both server and client. let me know what else can we look at to make connection stable.