Date: Sat, 25 Nov 2023 21:55:23 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 275341] Cannot add a route to a wireguard interface without the device having an address. Message-ID: <bug-275341-227@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D275341 Bug ID: 275341 Summary: Cannot add a route to a wireguard interface without the device having an address. Product: Base System Version: 14.0-STABLE Hardware: Any OS: Any Status: New Severity: Affects Some People Priority: --- Component: kern Assignee: bugs@FreeBSD.org Reporter: sean@tinfoilhat.ca Created attachment 246568 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D246568&action= =3Dedit Change made to wg-quick to work around this problem. Hi there I've noticed a behavior change that breaks wireguard setups after upgrade from 13.2-p5 to 14-RELEASE.=20=20 After updating them from 13.2-p5 to 14-RELEASE the wireguard service just stopped working. I noticed that in FreeBSD 14 you are not able to add a rou= te to a wireguard interface that doesn't have an address assigned. Adding a wg interface with an IP address to /etc/rc.conf doesn't help becau= se the script notices the interface is there and doesn't configure it.=20=20 This is repeatable (tried on both my wireguard hosts, and firewalls and a service router that were all upgraded to 14.0 this evening) and the output looks like this (using wg1 to not interrupt existing traffic on wg0): # freebsd-version 14.0-RELEASE # ifconfig wg1 create # ifconfig wg1 up # route -n add 10.2.0.0/24 -interface wg1 add net 10.2.0.0: gateway wg1 fib 0: Invalid argument # ifconfig wg1 inet 10.0.0.3/32 # route -n add 10.2.0.0/24 -interface wg1 add net 10.2.0.0: gateway wg1 This behavior does not happen in 13.2 (a test VM): # freebsd-version 13.2-RELEASE-p1 # ifconfig wg1 create # ifconfig wg1 up # route -n add 10.2.0.0/24 -interface wg1 add net 10.2.0.0: gateway wg1 Notice if the device is created and up, the route command fails with 'inval= id argument.' Once I add an address (any address at all) the route command wo= rks but that doesn't fix the wireguard service. To fix it I added an address to the created interface in /usr/local/bin/wg-quick specifically after line 119 where I added: 'cmd ifconfig $INTERFACE inet 127.0.0.200/32' (added diff for better context). This is NOT a good fix at all, it just go= t me working and back into production again. This would impact anyone upgrading a system running wireguard using the wireguard tools from v13 to v14. It may also be repeatable on tunnel or ot= her devices but I've not seen that in this troubleshooting. Note when broaching this on discord, jlduran pointed out this link appears = to be very similar to this but I can't relate it 100% as I don't see any kernel logging in dmesg/syslog (probably because I need to increase verbosity): https://reviews.freebsd.org/D41330 --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-275341-227>