search

WireGuard / wireguard-vyatta-ubnt

WireGuard for Ubiquiti Devices
https://www.wireguard.com/
GNU General Public License v3.0
1.46k stars 69 forks source link

Upgrade instructions don't work when IPv6 is configured #35

Closed BrianG61UK closed 1 year ago

BrianG61UK commented 4 years ago 
Linux ubnt 4.14.54-UBNT #1 SMP Thu Mar 5 16:54:37 UTC 2020 mips
Welcome to EdgeOS
Last login: Sun Jun 14 21:00:00 2020 from 192.168.13.101
ubnt@ubnt:~$
ubnt@ubnt:~$ configure
[edit]
ubnt@ubnt# set interfaces wireguard wg0 route-allowed-ips false
[edit]
ubnt@ubnt# commit
[edit]
ubnt@ubnt# delete interfaces wireguard
[edit]
ubnt@ubnt# commit
[ interfaces wireguard wg0 address 2001:db8:1234:3030::1/64 ]
RTNETLINK answers: Cannot assign requested address

Commit failed
[edit]
ubnt@ubnt#

My sanitized config.boot is here: https://pastebin.com/XBnD09ht

t0xa commented 4 years ago

Hi @BrianG61UK

I've recently (1 week ago) updated two different EdgeRouter X's using same instructions - no issues. It may be silly but the only difference I can spot is the ipv6 address on wg0 interface. I don't have one configured, can you try to remove/disable it and try to upgrade?

BR

camaz commented 4 years ago

I just recently upgraded my ER-X 2.0.8 from the Lochnair 0.0.20191219 to 1.0.20200520 in this repo and it was successful using the upgrade instructions listed here. I do recall having to attempt twice due to a failed commit or save, but is up and running now without reboot.

FossoresLP commented 4 years ago

This sounds like it could be an issue with IPv6 addresses just like t0xa mentioned. Would you mind trying to remove the address manually before upgrading? If that does not work either the easiest option is to update the package and reboot afterwards. I will try to reproduce the issue when I have time.

BrianG61UK commented 4 years ago

Either I'm dong something really stupidly wrong (very possible) or it won't let me delete the IPv6 addresses and weird stuff happens afterwards.

login as: ubnt
Pre-authentication banner message from server:
| Welcome to EdgeOS
|
| By logging in, accessing, or using the Ubiquiti product, you
| acknowledge that you have read and understood the Ubiquiti
| License Agreement (available in the Web UI at, by default,
| http://192.168.1.1) and agree to be bound by its terms.
|
End of banner message from server
ubnt@srouter.lan's password:
Linux ubnt 4.14.54-UBNT #1 SMP Thu Mar 5 16:54:37 UTC 2020 mips
Welcome to EdgeOS
ubnt@ubnt:~$
ubnt@ubnt:~$
ubnt@ubnt:~$ configure
[edit]
ubnt@ubnt# delete interfaces wireguard wg0 peer 1111111111111111111111111111111111111111111= allowed-ips '2001:db8:1234:3030:3d7b:ef02:6520:201/128'
[edit]
ubnt@ubnt# delete interfaces wireguard wg0 peer 2222222222222222222222222222222222222222222= allowed-ips '2001:db8:1234:3030:3d7b:ef02:6520:202/128'
[edit]
ubnt@ubnt# delete interfaces wireguard wg0 peer 3333333333333333333333333333333333333333333= allowed-ips '2001:db8:1234:3030:3d7b:ef02:6520:203/128'
[edit]
ubnt@ubnt# delete interfaces wireguard wg0 address '2001:db8:1234:3030::1/64'
[edit]
ubnt@ubnt# commit
[ interfaces wireguard wg0 address 2001:db8:1234:3030::1/64 ]
RTNETLINK answers: Cannot assign requested address

Commit failed
[edit]
ubnt@ubnt# set interfaces wireguard wg0 route-allowed-ips false
[edit]
ubnt@ubnt# commit
[ interfaces wireguard wg0 address 2001:db8:1234:3030::1/64 ]
RTNETLINK answers: Cannot assign requested address

Commit failed
[edit]
ubnt@ubnt# discard
Changes have been discarded
[edit]
ubnt@ubnt# commit
No configuration changes to commit
[edit]
ubnt@ubnt# set interfaces wireguard wg0 route-allowed-ips false
set interfaces wireguard wg0 route-allowed-ips false
The specified configuration node already exists
[edit]
ubnt@ubnt# delete interfaces wireguard wg0 peer 1111111111111111111111111111111111111111111= allowed-ips '2001:db8:1234:3030:3d7b:ef02:6520:201/128'
Nothing to delete (the specified value does not exist)
[edit]
ubnt@ubnt# delete interfaces wireguard wg0 peer 2222222222222222222222222222222222222222222= allowed-ips '2001:db8:1234:3030:3d7b:ef02:6520:202/128'
Nothing to delete (the specified value does not exist)
[edit]
ubnt@ubnt# delete interfaces wireguard wg0 peer 3333333333333333333333333333333333333333333= allowed-ips '2001:db8:1234:3030:3d7b:ef02:6520:203/128'
Nothing to delete (the specified value does not exist)
[edit]
ubnt@ubnt# delete interfaces wireguard wg0 address '2001:db8:1234:3030::1/64'
[edit]
ubnt@ubnt# set interfaces wireguard wg0 route-allowed-ips false
The specified configuration node already exists
[edit]
ubnt@ubnt# commit
[ interfaces wireguard wg0 address 2001:db8:1234:3030::1/64 ]
RTNETLINK answers: Cannot assign requested address

Commit failed
[edit]
ubnt@ubnt# discard
Changes have been discarded
[edit]
ubnt@ubnt# exit
exit
ubnt@ubnt:~$
rkone commented 4 years ago

I'm having the same issue on my ugw4, with the last two upgrades. I'm also using ipv6. My current workaround is to ignore the error, remove the old version and dpkg -i the new version, then reboot. After that dpkg -l wireguard shows the new version is installed and my clients connect.

BrianG61UK commented 4 years ago

@rkone:

I'm having the same issue on my ugw4, with the last two upgrades. I'm also using ipv6. My current workaround is to ignore the error, remove the old version and dpkg -i the new version, then reboot. After that dpkg -l wireguard shows the new version is installed and my clients connect.

Are you saying that with older versions of wireguard you could upgrade wireguard without rebooting even with IPv6 address(es) assigned to your wireguard interface(s)?

rkone commented 4 years ago

Sorry no, I just added ipv6 3 versions ago.

BrianG61UK commented 4 years ago

@rkone: No problem. Thanks.

danielschonfeld commented 3 years ago

Can confirm this for ER-X firmware 2.0.8-hotfix.1 adding an ipv6 address makes it really difficult to get rid of with the same errors as mentioned above

EDIT: Workaround for those battling it, if you're not trying to upgrade and just working with it everyday is to go use ip addr add WHICHEVER_IP_YOU_CURRENTLY_HAVE_IN_RUNING_CONFIGURE dev wgX same goes for the ipv4 you currently have in the running/operational configuration. Then you should be able to go into configure and remove the ipv6 address and commit and save it

whiskerz007 commented 3 years ago

I've dealt with this problem when creating ubnt_get_wireguard. You can use the script to update, or try the following.

sg vyattacfg "$(curl -sL https://github.com/whiskerz007/ubnt_get_wireguard/raw/master/uninstall_wireguard.sh)"
sudo dpkg -i /path/to/wireguard-${BOARD}-${RELEASE}.deb
sudo modprobe wireguard
configure
load
commit
exit
BrianG61UK commented 3 years ago

@whiskerz007: Excellent, seems to work well. Thank you. Looks complicated though.

whiskerz007 commented 3 years ago

It's not really complicated. The problem seems to be when you set route-allowed-ips false somewhere in the scripts, that the template uses, messes with the IP address of the interface. Afterwards, when you delete the interface the script tries to delete all of the configured IP addresses before deleting the interface. The error comes from the interface not having one or more of the configured IP addresses.