Kernel Panic on 2/27 build with USG

[paulg1981]

Hello, I have been using these releases with great success for months. I installed the 2/27 build yesterday and upon restart I receive a kernel panic with the updated version. I reset the device to defaults and installed again and received the same issue. I downgraded to the previous release and everything works as expected. Anyone got any pointers to help troubleshoot? Is it just a bad build for the USG3P? Any advice or assistance would be appreciated!

[coreyhines]

Does it cause the ER to fail on boot? I just had to do a recovery and restored from UNMS. I will try again tomorrow when the production home streaming services are not critical.

On Mon, Apr 15, 2019 at 8:19 PM dc361 notifications@github.com wrote:

Corey -- try your configuration for the peer without the ipv6 default network. I've had a problem with this the last few versions and have had to use a script to add it after the link is up using the wg command directly. For some reason on the ER's if the ::/0 (or 0::/0) is present in the saved config it doesn't work.

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/Lochnair/vyatta-wireguard/issues/97#issuecomment-483474695, or mute the thread https://github.com/notifications/unsubscribe-auth/AH5-LbBs0Z5S8nTJaVRGAi8miKy-ge3Hks5vhSUxgaJpZM4bZoHe .

-- -Corey Hines (sent from mobile) 612-209-6550 chines@arista.com

[phillipmcmahon]

Corey, in addition to removing IPv6, also set route-allowed-ips to false.

You might want to try the Ubiquity forum for further assistance.

[coreyhines]

By the way, thanks for dropping the new build. I have been looking forward to building a wireguard VPN to retire my OpenVPN setup. I appreciate the work and hope to provide good news and testing feedback when I can test again later today. I can say that the kernel module did not cause instability while activating and deactivating the wireguard on the client and the Edgeos CLI works correctly setting up the wg0 interface.

Thanks for the replies!

-Corey

On Mon, Apr 15, 2019 at 10:31 PM Corey Hines chines@arista.com wrote:

Does it cause the ER to fail on boot? I just had to do a recovery and restored from UNMS. I will try again tomorrow when the production home streaming services are not critical.

On Mon, Apr 15, 2019 at 8:19 PM dc361 notifications@github.com wrote:

Corey -- try your configuration for the peer without the ipv6 default network. I've had a problem with this the last few versions and have had to use a script to add it after the link is up using the wg command directly. For some reason on the ER's if the ::/0 (or 0::/0) is present in the saved config it doesn't work.

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/Lochnair/vyatta-wireguard/issues/97#issuecomment-483474695, or mute the thread https://github.com/notifications/unsubscribe-auth/AH5-LbBs0Z5S8nTJaVRGAi8miKy-ge3Hks5vhSUxgaJpZM4bZoHe .

-- -Corey Hines (sent from mobile) 612-209-6550 chines@arista.com

-- -Corey Hines (sent from mobile) 612-209-6550 chines@arista.com

[dampfklon]

thanks for the update installed on E50 v1.10 works without problems

[coreyhines]

ok, I read that forum before (while researching), I see what I assume are your posts regarding this advice, thanks I am going to do some testing now and will reply in the ubnt forum.

Corey Hines Systems Engineer Arista Networks m 612-209-6550 o 408-547-8075 chines@arista.com TAC: support@arista.com www.arista.com Arista EOS: A Tale of Opposite Architectures https://www.youtube.com/watch?v=Hfwr6sY27hA&authuser=1 Download the EOS Configuration Manual https://www.arista.com/assets/data/docs/Manuals/EOS-4.15.4F-Manual.pdf Install vEOS-lab for testing & training https://eos.arista.com/running-veos-on-esxi-5-5/

On Mon, Apr 15, 2019 at 11:25 PM Phillip notifications@github.com wrote:

Corey, in addition to removing IPv6, also set route-allowed-ips to false.

You might want to try the Ubiquity forum for further assistance.

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/Lochnair/vyatta-wireguard/issues/97#issuecomment-483506228, or mute the thread https://github.com/notifications/unsubscribe-auth/AH5-LZSPZIGCkDf5f-odMaAYqk4IWzbiks5vhVDWgaJpZM4bZoHe .

[acejacek]

Report: version 406 installed on EdgeRouter Lite-3 (e100) few days ago and operates OK since.

[jmturner]

I've been running it for two days now on my ERL-3 and all looks good.

[phillipmcmahon]

Looks like this might be good to formally push to a release.

Thanks again for the work done to get the fix in and the packages out.

[coreyhines]

I ran some traffic through it while at a coffee shop yesterday and it has been fine for over 24 hours. I also have my IOS device using it for On-Demand when I leave my SSID. Things appear to be fine.

If there are any specific logs or details to review, happy to look them over.

Thanks, I spent time reading the Wireguard site's "interworkings" and thank all of you for working on packages for ER users.

Corey Hines Systems Engineer Arista Networks m 612-209-6550 o 408-547-8075 chines@arista.com TAC: support@arista.com www.arista.com Arista EOS: A Tale of Opposite Architectures https://www.youtube.com/watch?v=Hfwr6sY27hA&authuser=1 Download the EOS Configuration Manual https://www.arista.com/assets/data/docs/Manuals/EOS-4.15.4F-Manual.pdf Install vEOS-lab for testing & training https://eos.arista.com/running-veos-on-esxi-5-5/

On Tue, Apr 16, 2019 at 6:49 PM Corey Hines chines@arista.com wrote:

ok, I read that forum before (while researching), I see what I assume are your posts regarding this advice, thanks I am going to do some testing now and will reply in the ubnt forum.

Corey Hines Systems Engineer Arista Networks m 612-209-6550 o 408-547-8075 chines@arista.com TAC: support@arista.com www.arista.com Arista EOS: A Tale of Opposite Architectures https://www.youtube.com/watch?v=Hfwr6sY27hA&authuser=1 Download the EOS Configuration Manual https://www.arista.com/assets/data/docs/Manuals/EOS-4.15.4F-Manual.pdf Install vEOS-lab for testing & training https://eos.arista.com/running-veos-on-esxi-5-5/

On Mon, Apr 15, 2019 at 11:25 PM Phillip notifications@github.com wrote:

Corey, in addition to removing IPv6, also set route-allowed-ips to false.

You might want to try the Ubiquity forum for further assistance.

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/Lochnair/vyatta-wireguard/issues/97#issuecomment-483506228, or mute the thread https://github.com/notifications/unsubscribe-auth/AH5-LZSPZIGCkDf5f-odMaAYqk4IWzbiks5vhVDWgaJpZM4bZoHe .

[benklop]

I have an ER-X and an ER-Lite that are currently just sitting in a box. would this hardware be helpful for testing so this sort of thing doesn't occur again? If so, I'm more than happy to either donate them make them available in some other way.

[coreyhines]

Nils,

Is there a chance you are able to put out a build for EdgeOS 2.0.3 of Wireguard? The last stable build produces an error on insmod:

root@gw:/lib/modules/4.9.79-UBNT/kernel/net# insmod wireguard.ko insmod: ERROR: could not insert module wireguard.ko: Unknown symbol in module

Are there others that can build these binaries? Some say you may not be using UBNT gear now. I need additional skills to understand how to setup a build environment.

Thanks!

Corey Hines Systems Engineer Arista Networks

612-209-6550chines@arista.com chines@arista.com TAC: support@arista.com support@arista.com www.arista.com

Register NOW! for Arista Cloud Builders 2019 in Minneapolis! https://events.arista.com/2019-q2-acb-minnesota Arista EOS: A Tale of Opposite Architectures https://www.youtube.com/watch?v=Hfwr6sY27hA&authuser=1 Download the EOS Configuration Manual https://www.arista.com/assets/data/docs/Manuals/EOS-4.15.4F-Manual.pdf Install vEOS-lab for testing & training https://eos.arista.com/running-veos-on-esxi-5-5/

On Fri, Apr 19, 2019 at 11:53 AM Corey Hines chines@arista.com wrote:

I ran some traffic through it while at a coffee shop yesterday and it has been fine for over 24 hours. I also have my IOS device using it for On-Demand when I leave my SSID. Things appear to be fine.

If there are any specific logs or details to review, happy to look them over.

Thanks, I spent time reading the Wireguard site's "interworkings" and thank all of you for working on packages for ER users.

Corey Hines Systems Engineer Arista Networks m 612-209-6550 o 408-547-8075 chines@arista.com TAC: support@arista.com www.arista.com Arista EOS: A Tale of Opposite Architectures https://www.youtube.com/watch?v=Hfwr6sY27hA&authuser=1 Download the EOS Configuration Manual https://www.arista.com/assets/data/docs/Manuals/EOS-4.15.4F-Manual.pdf Install vEOS-lab for testing & training https://eos.arista.com/running-veos-on-esxi-5-5/

On Tue, Apr 16, 2019 at 6:49 PM Corey Hines chines@arista.com wrote:

ok, I read that forum before (while researching), I see what I assume are your posts regarding this advice, thanks I am going to do some testing now and will reply in the ubnt forum.

Corey Hines Systems Engineer Arista Networks m 612-209-6550 o 408-547-8075 chines@arista.com TAC: support@arista.com www.arista.com Arista EOS: A Tale of Opposite Architectures https://www.youtube.com/watch?v=Hfwr6sY27hA&authuser=1 Download the EOS Configuration Manual https://www.arista.com/assets/data/docs/Manuals/EOS-4.15.4F-Manual.pdf Install vEOS-lab for testing & training https://eos.arista.com/running-veos-on-esxi-5-5/

On Mon, Apr 15, 2019 at 11:25 PM Phillip notifications@github.com wrote:

Corey, in addition to removing IPv6, also set route-allowed-ips to false.

You might want to try the Ubiquity forum for further assistance.

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/Lochnair/vyatta-wireguard/issues/97#issuecomment-483506228, or mute the thread https://github.com/notifications/unsubscribe-auth/AH5-LZSPZIGCkDf5f-odMaAYqk4IWzbiks5vhVDWgaJpZM4bZoHe .

[aswild]

Hi Corey, It's probably best not to hijack this (already very long) issue thread with unrelated questions about releases and builds, but we're here now so I'll help anyway.

UBNT hasn't released the GPL archive for v2.0.3, but the kernel hasn't changed enough since v2.0.1 to matter; the same WireGuard binaries/packages will work on v2.0.1 and v2.0.3, at least for my e300 ER-4.

The "unknown symbol" error is due to the wireguard module's dependencies on udp_tunnel and ip6_udp_tunnel. The best solution is to use modprobe wireguard instead of insmod /path/to/wireguard.ko (since modprobe handles module dependencies). Alternatively, modprobe udp_tunnel and ip6_udp_tunnel before insmod-ing wireguard.

For anyone wanting to build their own packages, I finally published and documented my build scripts: https://github.com/aswild/vyatta-wireguard-build. Only e300 v2.0.x is supported right now since that's what I use, but it should be straightforward to add other platforms.

[coreyhines]

Sorry for the hijack, and thanks for the help despite. I am working on a build environment, thanks for the build script docs and will modprobe instead. Thanks again!

On Sun, Jun 9, 2019 at 5:53 PM Allen Wild notifications@github.com wrote:

Hi Corey, It's probably best not to hijack this (already very long) issue thread with unrelated questions about releases and builds, but we're here now so I'll help anyway.

UBNT hasn't released the GPL archive for v2.0.3, but the kernel hasn't changed enough since v2.0.1 to matter; the same WireGuard binaries/packages will work on v2.0.1 and v2.0.3, at least for my e300 ER-4.

The "unknown symbol" error is due to the wireguard module's dependencies on udp_tunnel and ip6_udp_tunnel. The best solution is to use modprobe wireguard instead of insmod /path/to/wireguard.ko (since modprobe handles module dependencies). Alternatively, modprobe udp_tunnel and ip6_udp_tunnel before insmod-ing wireguard.

For anyone wanting to build their own packages, I finally published and documented my build scripts: https://github.com/aswild/vyatta-wireguard-build. Only e300 v2.0.x is supported right now since that's what I use, but it should be straightforward to add other platforms.

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/Lochnair/vyatta-wireguard/issues/97?email_source=notifications&email_token=AB7H4LL5Y7AHU3H5USV7VJ3PZWCWJA5CNFSM4G3GQHPKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGODXIT3ZI#issuecomment-500252133, or mute the thread https://github.com/notifications/unsubscribe-auth/AB7H4LIP4ADVRKEFA5YQZBDPZWCWJANCNFSM4G3GQHPA .

-- -Corey Hines (sent from mobile) 612-209-6550 chines@arista.com

[zx2c4]

Please don't hijack this. I'm going to look into this eventually, but there's already way too much noise to keep straight in documenting what's going on.