Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Strange routes when using more than one wg interface #145

Open
WojtekWaga opened this issue Mar 15, 2023 · 2 comments
Open

Strange routes when using more than one wg interface #145

WojtekWaga opened this issue Mar 15, 2023 · 2 comments
Labels
bug/possible A possible bug that has not yet been confirmed

Comments

@WojtekWaga
Copy link

Package version

1.0.20220627-1

Firmware version

2.0.9-hotfix.6

Device

EdgeRouter Lite / PoE - e100

Issue description

When configuring more than one wgX interface I'm getting odd routes in the routing table:

image

Configuration and log output

interfaces {
     ethernet eth0 {
         description WAN
         duplex auto
         mtu 1500
         speed auto
         vif 35 {
             description FTTH
             pppoe 0 {
                 default-route auto
                 firewall {
                     local {
                         name WAN_LOCAL
                     }
                 }
                 mtu 1492
                 name-server auto
                 password xxxxxx
                 user-id xxxxxx
             }
         }
     }
     ethernet eth1 {
         address dhcp
         description "WAN 2"
         disable
         duplex auto
         firewall {
             in {
                 name WAN_IN
             }
             local {
             }
         }
         speed auto
     }
     ethernet eth2 {
         description Local
         duplex auto
         firewall {
             in {
                 modify balance
             }
         }
         speed auto
         vif 101 {
             address 192.168.xxxxxx/24
             description LAN
             mtu 1500
         }
         vif 102 {
             address 192.168.xxxxxx/24
             description CAM
             firewall {
                 in {
                     name CAM
                 }
             }
             mtu 1500
         }
         vif 104 {
             address 192.168.xxxxxx/24
             description Automatyka
         }
         vif 105 {
             address 192.168.xxxxxx/24
             description Drukarka
             mtu 1500
         }
         vif 106 {
             address 192.168.xxxxxx/24
             description IoT
             firewall {
                 in {
                     name IoT
                 }
             }
             mtu 1500
         }
         vif 200 {
             address 192.168.xxxxxx/24
             description GST
             firewall {
                 in {
                     name GST
                 }
             }
             mtu 1500
         }
     }
     loopback lo {
     }
     wireguard wg0 {
         address 192.168.xxxxxx/24
         firewall {
             in {
                 name vpn
             }
         }
         listen-port 32768
         mtu 1420
         peer xxxxxx {
             allowed-ips 192.168.xxxxxx/24
         }
         private-key /config/auth/wg.key
         route-allowed-ips true
     }
     wireguard wg1 {
         address 10.0.0.110/24
         firewall {
             in {
                 name Marcin
             }
         }
         listen-port 32769
         mtu 1420
         peer xxxxxx {
             allowed-ips 10.0.0.0/24
             endpoint xxxxxx
         }
         private-key /config/auth/wg.key
         route-allowed-ips true
     }
 }
@WojtekWaga WojtekWaga added the bug/possible A possible bug that has not yet been confirmed label Mar 15, 2023
@chri2
Copy link

chri2 commented Sep 28, 2023

Just stumbled over this or something very similar:

wireguard 1.0.20220627-1

Version:      v2.0.9-hotfix.7
Build ID:     5622762
Build on:     06/15/23 11:31
Copyright:    2012-2020 Ubiquiti Networks, Inc.
HW model:     EdgeRouter 4

I found a suspicious route for 0.0.0.0/24. After deleting that route i found that it reappeared after setting one of the wireguard interfaces down:

root@wand:~# ip li li | grep wg
29: wg0: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1420 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1
30: wg1: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1420 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1
root@wand:~# ip ro li | grep wg
0.0.0.0/24 dev wg1 proto kernel scope link 
10.10.0.0/24 dev wg1 proto kernel scope link src 10.10.0.3 
192.168.179.0/24 dev wg0 proto kernel scope link src 192.168.179.254 
root@wand:~# ip ro del 0.0.0.0/24
root@wand:~# ip ro li | grep wg
10.10.0.0/24 dev wg1 proto kernel scope link src 10.10.0.3 
192.168.179.0/24 dev wg0 proto kernel scope link src 192.168.179.254 
root@wand:~# ip li set wg1 down
root@wand:~# ip ro li | grep wg
0.0.0.0/24 dev wg0 proto kernel scope link 
192.168.179.0/24 dev wg0 proto kernel scope link src 192.168.179.254

Also re-enabling the interface does let the suspicious route re-appear.

@graelo
Copy link

graelo commented Nov 3, 2023

I have the same issue with the e300-v2 (ER-6P).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug/possible A possible bug that has not yet been confirmed
Milestone
No milestone
Development

No branches or pull requests
3 participants
@WojtekWaga @chri2 @graelo