Changing address, casues any static routes not related to be erased

WireGuard / wireguard-vyatta-ubnt

WireGuard for Ubiquiti Devices

https://www.wireguard.com/

GNU General Public License v3.0

1.46k stars 69 forks source link

Changing address, casues any static routes not related to be erased #37

Open danielschonfeld opened 4 years ago

danielschonfeld commented 4 years ago

On version e50-v2-v1.0.20200520-v1.0.20200513, if you attempt to change the address of the device, any static routes will be erased. To reproduce, set up a static route in its own table, e.g:

(assuming an existing wireguard set up, already in the config)

configure
set protocols static table 20 interface-route 0.0.0.0/0 next-hop-interface wg0
commit; save; exit

Then go ahead and change the address of wireguard, e.g:

configure 
delete interfaces wireguard wg0 address
set interfaces wireguard wg0 address 172.250.0.1/16
commit; save; exit

Then check for the old route

show ip route table 20

It's empty. The only way to bring it back is to erase that static rule or all static rules, commit, then configure again and set the static rules from scratch.

danielschonfeld commented 3 years ago

~~And.. I just had a case of not doing anything to the configuration and the static route disappearing/being cleared on it's own. Not sure how this would happen~~

~~Maybe this is related: https://community.ui.com/questions/Static-interface-route-is-sometimes-missing/b38fd00f-4476-4f00-833e-9bb149e880e1#answer/bcc8a0d6-394f-406a-8b59-82f34e152499~~

Checking my configuration logs, this again happened because of a configuration change relating to the wireguard interface block. In this case, through the GUI, I added the WG0 interface to a firewall ruleset, which causes the route to drop. Then if I reinstate it as described originally, and try deleting the interface+direction from the firewall ruleset, again the static route is dropped.

This all leads me to believe this is def a mistake in the wireguard script by blank deleting all routes in the non default route table.

EDIT: Perhaps the ip link dev down initially is what causes the kernel to erase any static links associated with that device. And then since protocols is not a wireguard related block, nothing causes it to be run again, recreating that static link?

digger64 commented 3 years ago

Hi, on v1.0.20200712-v1.0.20200513 I experience a similar issue. I redirect all traffic from one subnet by a firewall modify rule. set protocols static table 8 interface-route 0.0.0.0/0 next-hop-interface wg8 After changing something on the configuration of the interface (like port) the route is broken leadig to no internet for the subnet. Replacing the above interface with something different and back is solving the problem. I mostly use config tree for this. Took me hours to find the problem (two times). Kind regards

whiskerz007 commented 3 years ago

Does this problem exist with rewrite-3? There are a number of problems that have been resolved with the new template system. If the problem still exists with rewrite-3, I'll take a look at it and see if I can come up with a resolution.