[Bug 275341] Cannot add a route to a wireguard interface without the device having an address.
- Reply: bugzilla-noreply_a_freebsd.org: "[Bug 275341] Cannot add a route to a wireguard interface without the device having an address."
- Reply: bugzilla-noreply_a_freebsd.org: "[Bug 275341] Cannot add a route to a wireguard interface without the device having an address."
- Reply: bugzilla-noreply_a_freebsd.org: "[Bug 275341] Cannot add a route to a wireguard interface without the device having an address."
- Reply: bugzilla-noreply_a_freebsd.org: "[Bug 275341] Cannot add a route to a wireguard interface without the device having an address."
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Sat, 25 Nov 2023 21:55:23 UTC
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=275341
Bug ID: 275341
Summary: Cannot add a route to a wireguard interface without
the device having an address.
Product: Base System
Version: 14.0-STABLE
Hardware: Any
OS: Any
Status: New
Severity: Affects Some People
Priority: ---
Component: kern
Assignee: bugs@FreeBSD.org
Reporter: sean@tinfoilhat.ca
Created attachment 246568
--> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=246568&action=edit
Change made to wg-quick to work around this problem.
Hi there I've noticed a behavior change that breaks wireguard setups after
upgrade from 13.2-p5 to 14-RELEASE.
After updating them from 13.2-p5 to 14-RELEASE the wireguard service just
stopped working. I noticed that in FreeBSD 14 you are not able to add a route
to a wireguard interface that doesn't have an address assigned.
Adding a wg interface with an IP address to /etc/rc.conf doesn't help because
the script notices the interface is there and doesn't configure it.
This is repeatable (tried on both my wireguard hosts, and firewalls and a
service router that were all upgraded to 14.0 this evening) and the output
looks like this (using wg1 to not interrupt existing traffic on wg0):
# freebsd-version
14.0-RELEASE
# ifconfig wg1 create
# ifconfig wg1 up
# route -n add 10.2.0.0/24 -interface wg1
add net 10.2.0.0: gateway wg1 fib 0: Invalid argument
# ifconfig wg1 inet 10.0.0.3/32
# route -n add 10.2.0.0/24 -interface wg1
add net 10.2.0.0: gateway wg1
This behavior does not happen in 13.2 (a test VM):
# freebsd-version
13.2-RELEASE-p1
# ifconfig wg1 create
# ifconfig wg1 up
# route -n add 10.2.0.0/24 -interface wg1
add net 10.2.0.0: gateway wg1
Notice if the device is created and up, the route command fails with 'invalid
argument.' Once I add an address (any address at all) the route command works
but that doesn't fix the wireguard service.
To fix it I added an address to the created interface in
/usr/local/bin/wg-quick specifically after line 119 where I added:
'cmd ifconfig $INTERFACE inet 127.0.0.200/32'
(added diff for better context). This is NOT a good fix at all, it just got me
working and back into production again.
This would impact anyone upgrading a system running wireguard using the
wireguard tools from v13 to v14. It may also be repeatable on tunnel or other
devices but I've not seen that in this troubleshooting.
Note when broaching this on discord, jlduran pointed out this link appears to
be very similar to this but I can't relate it 100% as I don't see any kernel
logging in dmesg/syslog (probably because I need to increase verbosity):
https://reviews.freebsd.org/D41330
--
You are receiving this mail because:
You are the assignee for the bug.