Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Endpoint IP randomly changes to incorrect IP #113

Open
MichelGreijmans opened this issue Feb 7, 2022 · 4 comments
Open

Endpoint IP randomly changes to incorrect IP #113

MichelGreijmans opened this issue Feb 7, 2022 · 4 comments
Labels
bug/possible A possible bug that has not yet been confirmed

Comments

@MichelGreijmans
Copy link

Package version

1.0.20211208

Firmware version

1.10.10

Device

EdgeRouter 4 / 6P / 12 - e300

Issue description

The Primary router has two public IP's : .29 and .30. This is on purpose as we want to force the "client" routers to force wireguard traffic to IP .30 through an alternative route.

This works fine, but for some reason after some time the clients would to the "bad" ip at .29. (see below example). It appears the wireguard configuration just suddenly changes by itself to the wrong IP (which was never configured on the client router!).

I've tried disabling, commiting, and re-enabling the wg interface, but it keeps going back to the wrong IP. I even deleted, committed, and re-loaded and commited the saved (correct working) config, but it keeps going back to the wrong IP. Rebooting the router solves this, until it magically goes back to the wrong IP again...

Aside from the fact that this appears to me as a bug, this could be solved by forcing the wireguard process on the primary router to only listen on the .29 IP (not port!). But as far as I can see wg can only be configured to listen to a port and not a specific IP, which I find really strange.

Configuration and log output

$ sudo wg show
interface: wg5
  public key: xx
  private key: (hidden)
  listening port: xx

peer: xx
  endpoint: a.b.c.29:xx
  allowed ips: 0.0.0.0/0
  transfer: 60.99 KiB received, 46.44 KiB sent
$ sudo wg showconf wg5
[Interface]
ListenPort = xx
PrivateKey = xxx

[Peer]
PublicKey = xxx
AllowedIPs = 0.0.0.0/0
Endpoint = a.b.c.29:10005
$ configure     
# show interfaces wireguard 
 wireguard wg5 {
     address 10.254.5.2/30
     ip {
         ospf {
             cost 20
             dead-interval 10
             hello-interval 2
             network point-to-point
             priority 1
             retransmit-interval 5
             transmit-delay 1
         }
     }
     listen-port xx
     mtu 1420
     peer xx {
         allowed-ips 0.0.0.0/0
         endpoint a.b.c.30:xx
     }
     private-key /config/auth/wg.key
     route-allowed-ips false
 }
@MichelGreijmans MichelGreijmans added the bug/possible A possible bug that has not yet been confirmed label Feb 7, 2022
@pr0j3ctx
Copy link
Contributor

pr0j3ctx commented Apr 8, 2022

Hi,

I think I opened an issue with an similar bug. #116

In my case I use two Tunnels to different IPs. The second one uses the Tunnel Endpoint from the first tunnel. On the other side is a Debian Server with two IPs. I have added two static routes at my ER-12 to redirect traffic over 2 Different DSL Connections.

ubnt@ER-12:~$ sudo wg show wg222
interface: wg222
  public key: xxx
  private key: (hidden)
  listening port: 45063

peer: xxx
  endpoint: 10.0.0.1:59222
  allowed ips: 0.0.0.0/0, ::/0
  latest handshake: 49 seconds ago
  transfer: 204.93 KiB received, 167.17 KiB sent
  persistent keepalive: every 10 seconds
  
ubnt@ER-12:~$ sudo wg showconf wg222
[Interface]
ListenPort = 45063
PrivateKey = xxx

[Peer]
PublicKey = xxx
AllowedIPs = 0.0.0.0/0, ::/0
Endpoint = 10.0.0.1:59222
PersistentKeepalive = 10

ubnt@ER-12# show interfaces wireguard wg222
 address 10.0.0.6/30
 address 2001:xx:xx:xx:6/64
 ip {
     ospf {
         cost 15
         dead-interval 40
         hello-interval 10
         priority 1
         retransmit-interval 5
         transmit-delay 1
     }
 }
 mtu 1420
 peer xxx {
     allowed-ips 0.0.0.0/0
     allowed-ips ::/0
     endpoint 54.xx.xx.42:59222
     persistent-keepalive 10
 }
 private-key xxx
 route-allowed-ips false

I hope you could help here.

@pr0j3ctx
Copy link
Contributor

pr0j3ctx commented Apr 8, 2022
edited

@MichelGreijmans I did some further research on the matter.
Unfortunately, the wireguard is generally not that talkative.
However, I was able to determine that the problem only occurs when the OSPF connection is established. If I leave OSPF disabled, this problem does not occur.

Can you confirm it?

@MichelGreijmans
Copy link
Author

May very well be, I'm not in the position to test/prove this at this moment.

I did swap out the router for this client from an ER-X to an ER-4, this also solved a bunch of wg-related issues. I believe the ER-X is way under-powered. As of now, with the above configuration the router is still connected with the IP. We also swapped out the router on the other side from an ER-4 to an Mikrotik CHR, this might also have played a role.

@MrFoxPro
Copy link

I have this problem on my laptop, seems it's fixed after restarting my router.
Will try change port for second wireguard network.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug/possible A possible bug that has not yet been confirmed
Milestone
No milestone
Development

No branches or pull requests
3 participants
@pr0j3ctx @MrFoxPro @MichelGreijmans