wireguard-vyatta-ubnt icon indicating copy to clipboard operation
wireguard-vyatta-ubnt copied to clipboard

Published 20 hours ago verified publisher icon WireGuard

Wireguard config missing after reboot

Open skynw opened this issue 4 years ago • 12 comments

Aloha,

Im new to EdgeOS and Wireguard. Today I configured my first EdgeOS router with Wireguard. Everything worked great, until reboot.

Then the Wireguard config disappeared. Is this a known bug?

So when I reboot, the complete wiregaurd config is missing.

:-(

Im using the EdgeOS Version 1.10.11with the EdgeRouter 6P and the Wireguard version

wireguard 1.0.20200611-1

show version

Version: v1.10.11

Build ID: 5274269

Build on: 02/21/20 10:29

Copyright: 2012-2018 Ubiquiti Networks, Inc.

HW model: EdgeRouter 6P

vbash-4.1# dpkg-query -l | grep wireguard

ii wireguard 1.0.20200611-1 mips fast, modern, secure kernel VPN tunnel

Anyone else experience the same problem?

Cheers

Marcel

skynw avatar Jun 21 '20 18:06 skynw

Are you sure you saved your new configuration to config.boot after installing it?

BrianG61UK avatar Jun 21 '20 19:06 BrianG61UK

Hi, yes, sorry to mention to, commit and save. If I look into the /config/config.boot file, the wg interface is there, but the wg interface part is not load after reboot. :-(

skynw avatar Jun 21 '20 19:06 skynw

@router22:~$ sudo -s vbash-4.1# cd /config/ vbash-4.1# less config.boot | grep wireguard wireguard wg0 {

skynw avatar Jun 21 '20 19:06 skynw

less ? cat would be safer when piping the output. download your saved configuration and see what's actually missing compared to what you saved before rebooting.

BrianG61UK avatar Jun 21 '20 19:06 BrianG61UK

Aloha,

I found the reason my WireGuard config did load at boot-up.

I had static routes configured to the remote destinations behind WG endpoints.

But in my WG config was also the knob:

set wireguard wg0 route-allowed-ips true on.

This is not compatible together.

But I still dont know, what this know knob does, and why it was set to true.

Cheers

skynw avatar Jun 22 '20 21:06 skynw

Probably similar to this issue: https://github.com/Lochnair/vyatta-wireguard/issues/137

skynw avatar Jun 22 '20 21:06 skynw

route-allowed-ips will automatically create routes in the default routing table for all of the configured allowed-ips for each of the peers on the WireGuard interface. The implementation of this feature (in the current stable release) is flawed and there is active development in correcting this behavior. For now, you should either allow the WireGuard configuration to create and maintain the routes, or disable this feature and manually create static routes, until the new template system is adopted.

whiskerz007 avatar Jan 19 '21 07:01 whiskerz007

Having exactly the same issue, with: route-allowed-ips true if i reboot the router, wireguard connection stops rx, but i can see some tx on dashboard.

im using the edgerouter poe as wg client. Tried do make static routes and set the config route-allowed-ips false, but no success. My config now is:

set interfaces wireguard wg0 address 10.9.0.2/24
set interfaces wireguard wg0 listen-port 51820
set interfaces wireguard wg0 route-allowed-ips false

set interfaces wireguard wg0 peer pLM4MmyEY= endpoint mysite.ddns.net:51820
set interfaces wireguard wg0 peer pLM4MmyEY= allowed-ips 192.168.1.0/24
set interfaces wireguard wg0 peer pLM4MmyEY= allowed-ips 10.9.0.0/24

set interfaces wireguard wg0 private-key /config/auth/wg.key

set firewall name WAN_LOCAL rule 20 action accept
set firewall name WAN_LOCAL rule 20 protocol udp
set firewall name WAN_LOCAL rule 20 description 'WireGuard'
set firewall name WAN_LOCAL rule 20 destination port 51820

set firewall name WAN_IN rule 20 action accept
set firewall name WAN_IN rule 20 protocol udp
set firewall name WAN_IN rule 20 description 'WireGuard'
set firewall name WAN_IN rule 20 destination port 51820

before was set interfaces wireguard wg0 route-allowed-ips true and a NAT masquerade all protocols to wg0, because i have the edgerouter (192.168.150.1) behind a LTE router with 192.168.8.1 address.

can you help?

luisaraujoxx avatar Jan 31 '21 21:01 luisaraujoxx

@luisaraujoxx got a USG3 as a Wireguard client that suddenly stopped working right after a firmware upgrade. It took a few tries, but I got it fixed after a bit of trial and error by removing the config, saving, rebooting and re-adding the config. I think what worked was removing the interface completely:

delete interfaces wireguard wg0
commit
save
exit
reboot

If you get an error when trying to commit config changes see https://github.com/WireGuard/wireguard-vyatta-ubnt/issues/15

runejuhl avatar Feb 01 '21 09:02 runejuhl

runejuhl, i have done it several times, with no luck. It suddenly stops comunication with the peer. the commit issue i have it also but solved it editing the config file.

luisaraujoxx avatar Feb 01 '21 16:02 luisaraujoxx

@luisaraujoxx I noticed that when it was broken it seemed to work when I committed changes but broke again when saving changes. Not sure if you see the save, but a temporary workaround might be to simply commit and not save.

I also upgraded the Wireguard package to 1.0.20210124 while trying to solve my issues, that's another unknown.

In any case good luck -- I hope you find a way to get it working again :)

runejuhl avatar Feb 01 '21 16:02 runejuhl

@runejuhl @luisaraujoxx As whiskerz007 said, there is a new configuration system that will hopefully be released this month. You can already try it by installing the latest pre-release package here. Please let me know if it helps with your issue in case you have some time to test.

FossoresLP avatar Feb 02 '21 10:02 FossoresLP