core icon indicating copy to clipboard operation
core copied to clipboard
verified publisher icon opnsense

Error on startup for Wireguard route add

Open 0xShkk opened this issue 1 year ago • 7 comments

Important notices

Before you add a new report, we ask you kindly to acknowledge the following:

  • [x] I have read the contributing guide lines at https://github.com/opnsense/core/blob/master/CONTRIBUTING.md
  • [x] I am convinced that my issue is new after having checked both open and closed issues at https://github.com/opnsense/core/issues?q=is%3Aissue

Describe the bug

I have configured OPNsense to use a Wireguard tunnel for accessing certain ressources on an internal network as described in this setup guide: https://docs.opnsense.org/manual/how-tos/wireguard-selective-routing.html. It explicitely mentions:

The IP you choose for the Gateway is essentially arbitrary; pretty much any unique IP will do. The suggestion here is for convenience and to avoid conflicts

So what I did, was not to use an IP 1 number below my Tunnel IP but an completely arbitrary one that is used nowhere else in my setup.

To Reproduce

  1. Setup Wireguard tunnel as described here: https://docs.opnsense.org/manual/how-tos/wireguard-selective-routing.html

  2. If your Wireguard Tunnel IP is 10.13.0.44/32 for example, use 192.168.252.1 as the Gateway address for the Wireguard Gateway.

  3. Observe errors on OPNsense startup in the Wireguard logs, because the IF address of the pseudo Gateway cannot be added.

Expected behavior

No errors in the logs.

Relevant log files

Following is not cut, the output is really empty. Even checked it in the lates.log file on disk.

Error | wireguard | /usr/local/opnsense/scripts/Wireguard/wg-service-control.php: The  command '/sbin/route -q -n add '-4' '192.168.252.1' -iface 'wg0''  returned exit code '1', the output was ''

Additional context

It is important to note that the selective routing through the Wireguard Tunnel works. Everything is fine out of a connectivity view. But I get those error messages on OPNsense startup constantly and I fear it might become a problem with future releases.

Environment

OPNsense 24.1.6 (amd64).

0xShkk avatar May 15 '24 07:05 0xShkk

A route probably already exists? Did you check "far gateway" ?

fichtner avatar May 15 '24 07:05 fichtner

Yes, far gateway is ticked :)

0xShkk avatar May 15 '24 09:05 0xShkk

Hmm, why? The route appears to be set by WireGuard itself.

fichtner avatar May 15 '24 10:05 fichtner

Because it is mentioned in the setup guide. I have disabled this now for testing purposes. Same errors on reboot occur.

0xShkk avatar May 16 '24 08:05 0xShkk

It's difficult to help here within community scope because the error is just a side effect and has no impact on the setup. I'm not sure what you expect or if everything is set up correctly either. I'd like to have a clear traceable operational issue?

fichtner avatar May 16 '24 08:05 fichtner

I totally understand and I am thankful for your fast responses. Just wanted to make aware of it as it really has no impact on the operational state currently. Just thought it may is a logic bug in OPNsense itself as I have done everything exactly as described in the setup guide.

0xShkk avatar May 16 '24 09:05 0xShkk

I can provide you with more details if needed.

0xShkk avatar May 16 '24 09:05 0xShkk

Is this still the case on 24.7.x?

fichtner avatar Sep 10 '24 06:09 fichtner

Need to check, upgraded just yesterday. I will report back

0xShkk avatar Oct 05 '24 09:10 0xShkk

Just checked. The errors are gone with 24.7.1

0xShkk avatar Oct 05 '24 12:10 0xShkk

Ok close then?

fichtner avatar Oct 05 '24 12:10 fichtner

Thanks for keeping up :)

0xShkk avatar Oct 07 '24 04:10 0xShkk