search

WireGuard / wireguard-vyatta-ubnt

WireGuard for Ubiquiti Devices
https://www.wireguard.com/
GNU General Public License v3.0
1.46k stars 69 forks source link

Wireguard config missing after reboot #38

Open skynw opened 4 years ago

skynw commented 4 years ago

Aloha,

Im new to EdgeOS and Wireguard. Today I configured my first EdgeOS router with Wireguard. Everything worked great, until reboot.

Then the Wireguard config disappeared. Is this a known bug?

So when I reboot, the complete wiregaurd config is missing.

:-(

Im using the EdgeOS Version 1.10.11with the EdgeRouter 6P and the Wireguard version

wireguard 1.0.20200611-1

show version

Version: v1.10.11

Build ID: 5274269

Build on: 02/21/20 10:29

Copyright: 2012-2018 Ubiquiti Networks, Inc.

HW model: EdgeRouter 6P

vbash-4.1# dpkg-query -l | grep wireguard

ii wireguard 1.0.20200611-1 mips fast, modern, secure kernel VPN tunnel

Anyone else experience the same problem?

Cheers

Marcel

BrianG61UK commented 4 years ago

Are you sure you saved your new configuration to config.boot after installing it?

skynw commented 4 years ago

Hi, yes, sorry to mention to, commit and save. If I look into the /config/config.boot file, the wg interface is there, but the wg interface part is not load after reboot. :-(

skynw commented 4 years ago

@router22:~$ sudo -s vbash-4.1# cd /config/ vbash-4.1# less config.boot | grep wireguard wireguard wg0 {

BrianG61UK commented 4 years ago

less ? cat would be safer when piping the output. download your saved configuration and see what's actually missing compared to what you saved before rebooting.

skynw commented 4 years ago

Aloha,

I found the reason my WireGuard config did load at boot-up.

I had static routes configured to the remote destinations behind WG endpoints.

But in my WG config was also the knob:

set wireguard wg0 route-allowed-ips true on.

This is not compatible together.

But I still dont know, what this know knob does, and why it was set to true.

Cheers

skynw commented 4 years ago

Probably similar to this issue: https://github.com/Lochnair/vyatta-wireguard/issues/137

whiskerz007 commented 3 years ago

route-allowed-ips will automatically create routes in the default routing table for all of the configured allowed-ips for each of the peers on the WireGuard interface. The implementation of this feature (in the current stable release) is flawed and there is active development in correcting this behavior. For now, you should either allow the WireGuard configuration to create and maintain the routes, or disable this feature and manually create static routes, until the new template system is adopted.

luisaraujoxx commented 3 years ago

Having exactly the same issue, with: route-allowed-ips true if i reboot the router, wireguard connection stops rx, but i can see some tx on dashboard.

im using the edgerouter poe as wg client. Tried do make static routes and set the config route-allowed-ips false, but no success. My config now is:

set interfaces wireguard wg0 address 10.9.0.2/24
set interfaces wireguard wg0 listen-port 51820
set interfaces wireguard wg0 route-allowed-ips false

set interfaces wireguard wg0 peer pLM4MmyEY= endpoint mysite.ddns.net:51820
set interfaces wireguard wg0 peer pLM4MmyEY= allowed-ips 192.168.1.0/24
set interfaces wireguard wg0 peer pLM4MmyEY= allowed-ips 10.9.0.0/24

set interfaces wireguard wg0 private-key /config/auth/wg.key

set firewall name WAN_LOCAL rule 20 action accept
set firewall name WAN_LOCAL rule 20 protocol udp
set firewall name WAN_LOCAL rule 20 description 'WireGuard'
set firewall name WAN_LOCAL rule 20 destination port 51820

set firewall name WAN_IN rule 20 action accept
set firewall name WAN_IN rule 20 protocol udp
set firewall name WAN_IN rule 20 description 'WireGuard'
set firewall name WAN_IN rule 20 destination port 51820

before was set interfaces wireguard wg0 route-allowed-ips true and a NAT masquerade all protocols to wg0, because i have the edgerouter (192.168.150.1) behind a LTE router with 192.168.8.1 address.

can you help?

runejuhl commented 3 years ago

@luisaraujoxx got a USG3 as a Wireguard client that suddenly stopped working right after a firmware upgrade. It took a few tries, but I got it fixed after a bit of trial and error by removing the config, saving, rebooting and re-adding the config. I think what worked was removing the interface completely:

delete interfaces wireguard wg0
commit
save
exit
reboot

If you get an error when trying to commit config changes see https://github.com/WireGuard/wireguard-vyatta-ubnt/issues/15

luisaraujoxx commented 3 years ago

runejuhl, i have done it several times, with no luck. It suddenly stops comunication with the peer. the commit issue i have it also but solved it editing the config file.

runejuhl commented 3 years ago

@luisaraujoxx I noticed that when it was broken it seemed to work when I committed changes but broke again when saving changes. Not sure if you see the save, but a temporary workaround might be to simply commit and not save.

I also upgraded the Wireguard package to 1.0.20210124 while trying to solve my issues, that's another unknown.

In any case good luck -- I hope you find a way to get it working again :)

FossoresLP commented 3 years ago

@runejuhl @luisaraujoxx As whiskerz007 said, there is a new configuration system that will hopefully be released this month. You can already try it by installing the latest pre-release package here. Please let me know if it helps with your issue in case you have some time to test.