Open MichelGreijmans opened 2 years ago
Hi,
I think I opened an issue with an similar bug. #116
In my case I use two Tunnels to different IPs. The second one uses the Tunnel Endpoint from the first tunnel. On the other side is a Debian Server with two IPs. I have added two static routes at my ER-12 to redirect traffic over 2 Different DSL Connections.
ubnt@ER-12:~$ sudo wg show wg222
interface: wg222
public key: xxx
private key: (hidden)
listening port: 45063
peer: xxx
endpoint: 10.0.0.1:59222
allowed ips: 0.0.0.0/0, ::/0
latest handshake: 49 seconds ago
transfer: 204.93 KiB received, 167.17 KiB sent
persistent keepalive: every 10 seconds
ubnt@ER-12:~$ sudo wg showconf wg222
[Interface]
ListenPort = 45063
PrivateKey = xxx
[Peer]
PublicKey = xxx
AllowedIPs = 0.0.0.0/0, ::/0
Endpoint = 10.0.0.1:59222
PersistentKeepalive = 10
ubnt@ER-12# show interfaces wireguard wg222
address 10.0.0.6/30
address 2001:xx:xx:xx:6/64
ip {
ospf {
cost 15
dead-interval 40
hello-interval 10
priority 1
retransmit-interval 5
transmit-delay 1
}
}
mtu 1420
peer xxx {
allowed-ips 0.0.0.0/0
allowed-ips ::/0
endpoint 54.xx.xx.42:59222
persistent-keepalive 10
}
private-key xxx
route-allowed-ips false
I hope you could help here.
@MichelGreijmans I did some further research on the matter. Unfortunately, the wireguard is generally not that talkative. However, I was able to determine that the problem only occurs when the OSPF connection is established. If I leave OSPF disabled, this problem does not occur.
Can you confirm it?
May very well be, I'm not in the position to test/prove this at this moment.
I did swap out the router for this client from an ER-X to an ER-4, this also solved a bunch of wg-related issues. I believe the ER-X is way under-powered. As of now, with the above configuration the router is still connected with the IP. We also swapped out the router on the other side from an ER-4 to an Mikrotik CHR, this might also have played a role.
I have this problem on my laptop, seems it's fixed after restarting my router. Will try change port for second wireguard network.
Package version
1.0.20211208
Firmware version
1.10.10
Device
EdgeRouter 4 / 6P / 12 - e300
Issue description
The Primary router has two public IP's : .29 and .30. This is on purpose as we want to force the "client" routers to force wireguard traffic to IP .30 through an alternative route.
This works fine, but for some reason after some time the clients would to the "bad" ip at .29. (see below example). It appears the wireguard configuration just suddenly changes by itself to the wrong IP (which was never configured on the client router!).
I've tried disabling, commiting, and re-enabling the wg interface, but it keeps going back to the wrong IP. I even deleted, committed, and re-loaded and commited the saved (correct working) config, but it keeps going back to the wrong IP. Rebooting the router solves this, until it magically goes back to the wrong IP again...
Aside from the fact that this appears to me as a bug, this could be solved by forcing the wireguard process on the primary router to only listen on the .29 IP (not port!). But as far as I can see wg can only be configured to listen to a port and not a specific IP, which I find really strange.
Configuration and log output