search

WireGuard / wireguard-vyatta-ubnt

WireGuard for Ubiquiti Devices
https://www.wireguard.com/
GNU General Public License v3.0
1.46k stars 68 forks source link

RTNETLINK answers: File exists #70

Closed mxmartins closed 3 years ago

mxmartins commented 3 years ago

After updating to the most recent version of WG, I am not able to get the configuration to reload. It fails with the error message: RTNETLINK answers: File exists

I ended up removing the wg0 interface, committing the changes, saving, and rebooted the ER8-XG without any WG configuration.

Then, I reloaded this configuration: `root@ER8-XG:~# configure [edit] root@ER8-XG# show interfaces wireguard Configuration under specified path is empty [edit] root@ER8-XG# set interfaces wireguard wg0 address 10.10.0.1/24 [edit] root@ER8-XG# set interfaces wireguard wg0 address 'xxxx:xxxx:xxxx:xxx9::1/64' [edit] root@ER8-XG# set interfaces wireguard wg0 description WireGuard-10 [edit] root@ER8-XG# set interfaces wireguard wg0 listen-port 9534 [edit] root@ER8-XG# set interfaces wireguard wg0 mtu 1420 [edit] root@ER8-XG# set interfaces wireguard wg0 peer key1= allowed-ips 10.10.0.41/32 [edit] root@ER8-XG# set interfaces wireguard wg0 peer key1= allowed-ips 'xxxx:xxxx:xxxx:xxx9::41/128' [edit] root@ER8-XG# set interfaces wireguard wg0 peer key1= description LD-iPad [edit] root@ER8-XG# set interfaces wireguard wg0 peer key1= persistent-keepalive 25 [edit] root@ER8-XG# set interfaces wireguard wg0 peer key1= preshared-key /config/wireguard/PreShared.key [edit] root@ER8-XG# set interfaces wireguard wg0 peer key2= allowed-ips 10.10.0.3/32 [edit] root@ER8-XG# set interfaces wireguard wg0 peer key2= allowed-ips 'xxxx:xxxx:xxxx:xxx9::3/128' [edit] root@ER8-XG# set interfaces wireguard wg0 peer key2= description M-iPhone [edit] root@ER8-XG# set interfaces wireguard wg0 peer key2= persistent-keepalive 25 [edit] root@ER8-XG# set interfaces wireguard wg0 peer key2= preshared-key /config/wireguard/PreShared.key [edit] root@ER8-XG# set interfaces wireguard wg0 peer key3= allowed-ips 10.10.0.31/32 [edit] root@ER8-XG# set interfaces wireguard wg0 peer key3= allowed-ips 'xxxx:xxxx:xxxx:xxx9::31/128' [edit] root@ER8-XG# set interfaces wireguard wg0 peer key3= description LM-iPad [edit] root@ER8-XG# set interfaces wireguard wg0 peer key3= persistent-keepalive 25 [edit] root@ER8-XG# set interfaces wireguard wg0 peer key3= preshared-key /config/wireguard/PreShared.key [edit] root@ER8-XG# set interfaces wireguard wg0 peer key4= allowed-ips 10.10.0.21/32 [edit] root@ER8-XG# set interfaces wireguard wg0 peer key4= allowed-ips 'xxxx:xxxx:xxxx:xxx9::21/128' [edit] root@ER8-XG# set interfaces wireguard wg0 peer key4= description X-iPhone [edit] root@ER8-XG# set interfaces wireguard wg0 peer key4= persistent-keepalive 25 [edit] root@ER8-XG# set interfaces wireguard wg0 peer key4= preshared-key /config/wireguard/PreShared.key [edit] root@ER8-XG# set interfaces wireguard wg0 peer key5= allowed-ips 10.10.0.42/32 [edit] root@ER8-XG# set interfaces wireguard wg0 peer key5= allowed-ips 'xxxx:xxxx:xxxx:xxx9::42/128' [edit] root@ER8-XG# set interfaces wireguard wg0 peer key5= description LD-iPhone [edit] root@ER8-XG# set interfaces wireguard wg0 peer key5= persistent-keepalive 25 [edit] root@ER8-XG# set interfaces wireguard wg0 peer key5= preshared-key /config/wireguard/PreShared.key [edit] root@ER8-XG# set interfaces wireguard wg0 peer key6= allowed-ips 10.10.0.2/32 [edit] root@ER8-XG# set interfaces wireguard wg0 peer key6= allowed-ips 'xxxx:xxxx:xxxx:xxx9::2/128' [edit] root@ER8-XG# set interfaces wireguard wg0 peer key6= description ASUS-Zenbook [edit] root@ER8-XG# set interfaces wireguard wg0 peer key6= persistent-keepalive 25 [edit] root@ER8-XG# set interfaces wireguard wg0 peer key6= preshared-key /config/wireguard/PreShared.key [edit] root@ER8-XG# set interfaces wireguard wg0 peer key7= allowed-ips 10.10.0.32/32 [edit] root@ER8-XG# set interfaces wireguard wg0 peer key7= allowed-ips 'xxxx:xxxx:xxxx:xxx9::32/128' [edit] root@ER8-XG# set interfaces wireguard wg0 peer key7= description LM-iPhone [edit] root@ER8-XG# set interfaces wireguard wg0 peer key7= persistent-keepalive 25 [edit] root@ER8-XG# set interfaces wireguard wg0 peer key7= preshared-key /config/wireguard/PreShared.key [edit] root@ER8-XG# set interfaces wireguard wg0 private-key /config/wireguard/wg-ER8-XG-Private.key [edit] root@ER8-XG# set interfaces wireguard wg0 route-allowed-ips true [edit] root@ER8-XG# commit [ interfaces wireguard wg0 peer key1= allowed-ips xxxx:xxxx:xxxx:xxx9::41/128 ] RTNETLINK answers: File exists

[ interfaces wireguard wg0 peer key7= allowed-ips 10.10.0.32/32 ] RTNETLINK answers: File exists

[ interfaces wireguard wg0 peer key6= allowed-ips 10.10.0.2/32 ] RTNETLINK answers: File exists

[ interfaces wireguard wg0 route-allowed-ips true ] RTNETLINK answers: File exists

[ interfaces wireguard wg0 peer key4= allowed-ips 10.10.0.21/32 ] RTNETLINK answers: File exists

[ interfaces wireguard wg0 peer key3= allowed-ips 10.10.0.31/32 ] RTNETLINK answers: File exists

[ interfaces wireguard wg0 peer key2= allowed-ips 10.10.0.3/32 ] RTNETLINK answers: File exists

[ interfaces wireguard wg0 peer key5= allowed-ips 10.10.0.42/32 ] RTNETLINK answers: File exists

Commit failed [edit] root@ER8-XG#

`

The only way to get it to accept the configuration is by changing the "route-allowed-ips" to false.

I did not have this issue in previous WG versions... Am I doing something wrong, or is this an issue with WG?

thanks.

FossoresLP commented 3 years ago

Thank you for the report. I don't see anything wrong with your configuration. In the latest release we changed the way we configure the interfaces. This might be the cause of the issue. The errors seem to suggest that the routes are already there. I'm not sure why that would be the case. When using route-allowed-ips = false, do the connections work? To diagnose this further, could you run ip route list before and after configuring with the problematic config?

mxmartins commented 3 years ago

I just started with the ER8-XG (2.0.9 Hotfix1) without any WG interfaces....

I then added just the basic WG interface without any peers... that worked.

Then I tried to add a peer... that failed right away with the same error message. The issue appears to be on the IPv6 side, not the IPv4 side...

It is all illustrated in the steps below...

EDIT: Just noticed I had left out the IPv4 WG interface address... I added it and re-ran the same steps... updated below.... But same result...

`root@ER8-XG:~# route Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 0.0.0.0 255.255.255.0 U 0 0 0 vtun1 default xxx.xxx.xxx.1 0.0.0.0 UG 0 0 0 eth0 10.8.0.0 0.0.0.0 255.255.255.0 U 0 0 0 vtun0 10.8.1.0 0.0.0.0 255.255.255.0 U 0 0 0 vtun1 xxx.xxx.xxx.0 0.0.0.0 255.255.254.0 U 0 0 0 eth0 172.20.0.0 0.0.0.0 255.255.255.0 U 0 0 0 vtun2 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1 192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth2 192.168.10.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1.10 192.168.19.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1.19 192.168.30.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1.30

root@ER8-XG:~# show ip route Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2

  • selected route, * - FIB route, p - stale info

IP Route Table for VRF "default" S > 0.0.0.0/0 [210/0] via xxx.xxx.xxx.1, eth0 C > 0.0.0.0/24 is directly connected, vtun1 C 0.0.0.0/24 is directly connected, vtun0 C 0.0.0.0/24 is directly connected, vtun2 C > 10.8.0.0/24 is directly connected, vtun0 C > 10.8.1.0/24 is directly connected, vtun1 C > xxx.xxx.xxx.0/23 is directly connected, eth0 C > 127.0.0.0/8 is directly connected, lo C > 172.20.0.0/24 is directly connected, vtun2 C > 192.168.1.0/24 is directly connected, eth1 C > 192.168.10.0/24 is directly connected, eth1.10 C > 192.168.19.0/24 is directly connected, eth1.19 C *> 192.168.30.0/24 is directly connected, eth1.30 root@ER8-XG:~#

root@ER8-XG:~# ip -6 route show 2xxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:81fe dev eth0 proto kernel metric 256 pref medium 2xxx:xxxx:xxxx:xxx1::/64 dev eth1 proto kernel metric 256 pref medium 2xxx:xxxx:xxxx:xxx2::/64 dev eth1.10 proto kernel metric 256 pref medium 2xxx:xxxx:xxxx:xxx3::/64 dev eth1.19 proto kernel metric 256 pref medium 2xxx:xxxx:xxxx:xxx4::/64 dev eth1.30 proto kernel metric 256 pref medium 2xxx:xxxx:xxxx:xxx5::/64 dev eth2 proto kernel metric 256 linkdown pref medium 2xxx:xxxx:xxxx:xxx6::/64 dev vtun0 proto kernel metric 256 pref medium 2xxx:xxxx:xxxx:xxx7::/64 dev vtun1 proto kernel metric 256 pref medium 2xxx:xxxx:xxxx:xxx8::/64 dev vtun2 proto kernel metric 256 pref medium fe80::/64 dev eth0 proto kernel metric 256 pref medium fe80::/64 dev eth1 proto kernel metric 256 pref medium fe80::/64 dev eth1.30 proto kernel metric 256 pref medium fe80::/64 dev eth1.19 proto kernel metric 256 pref medium fe80::/64 dev eth1.10 proto kernel metric 256 pref medium fe80::/64 dev vtun2 proto kernel metric 256 pref medium fe80::/64 dev vtun0 proto kernel metric 256 pref medium fe80::/64 dev vtun1 proto kernel metric 256 pref medium default via fe80::201:5cff:fe62:a646 dev eth0 proto ra metric 1024 expires 1797sec pref medium

root@ER8-XG:~# show interfaces wireguard Codes: S - State, L - Link, u - Up, D - Down, A - Admin Down Interface IP Address S/L Description

root@ER8-XG:~# configure [edit] root@ER8-XG# show interfaces wireguard Configuration under specified path is empty

[edit] root@ER8-XG# [edit] root@ER8-XG# set interfaces wireguard wg0 address 10.10.0.1/24 [edit] root@ER8-XG# set interfaces wireguard wg0 address '2xxx:xxxx:xxxx:xxx9::1/64' [edit] root@ER8-XG# set interfaces wireguard wg0 description WireGuard-10 [edit] root@ER8-XG# set interfaces wireguard wg0 listen-port 9534 [edit] root@ER8-XG# set interfaces wireguard wg0 mtu 1420 [edit] root@ER8-XG# set interfaces wireguard wg0 private-key /config/wireguard/wg-ER8-XG-Private.key [edit] root@ER8-XG# set interfaces wireguard wg0 route-allowed-ips true [edit] root@ER8-XG# commit [edit] root@ER8-XG# show interfaces wireguard wireguard wg0 { address 2xxx:xxxx:xxxx:xxx9::1/64 address 10.10.0.1/24 description WireGuard-10 listen-port 9534 mtu 1420 private-key /config/wireguard/wg-ER8-XG-Private.key route-allowed-ips true } [edit] root@ER8-XG# ip -6 route show 2xxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:81fe dev eth0 proto kernel metric 256 pref medium 2xxx:xxxx:xxxx:xxx1::/64 dev eth1 proto kernel metric 256 pref medium 2xxx:xxxx:xxxx:xxx2::/64 dev eth1.10 proto kernel metric 256 pref medium 2xxx:xxxx:xxxx:xxx3::/64 dev eth1.19 proto kernel metric 256 pref medium 2xxx:xxxx:xxxx:xxx4::/64 dev eth1.30 proto kernel metric 256 pref medium 2xxx:xxxx:xxxx:xxx5::/64 dev eth2 proto kernel metric 256 linkdown pref medium 2xxx:xxxx:xxxx:xxx6::/64 dev vtun0 proto kernel metric 256 pref medium 2xxx:xxxx:xxxx:xxx7::/64 dev vtun1 proto kernel metric 256 pref medium 2xxx:xxxx:xxxx:xxx8::/64 dev vtun2 proto kernel metric 256 pref medium 2xxx:xxxx:xxxx:xxx9::/64 dev wg0 proto kernel metric 256 pref medium fe80::/64 dev eth0 proto kernel metric 256 pref medium fe80::/64 dev eth1 proto kernel metric 256 pref medium fe80::/64 dev eth1.30 proto kernel metric 256 pref medium fe80::/64 dev eth1.19 proto kernel metric 256 pref medium fe80::/64 dev eth1.10 proto kernel metric 256 pref medium fe80::/64 dev vtun2 proto kernel metric 256 pref medium fe80::/64 dev vtun0 proto kernel metric 256 pref medium fe80::/64 dev vtun1 proto kernel metric 256 pref medium default via fe80::201:5cff:fe62:a646 dev eth0 proto ra metric 1024 expires 1799sec pref medium [edit] root@ER8-XG# root@ER8-XG# route Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 0.0.0.0 255.255.255.0 U 0 0 0 vtun1 default xxx.xxx.xxx.1 0.0.0.0 UG 0 0 0 eth0 10.8.0.0 0.0.0.0 255.255.255.0 U 0 0 0 vtun0 10.8.1.0 0.0.0.0 255.255.255.0 U 0 0 0 vtun1 10.10.0.0 0.0.0.0 255.255.255.0 U 0 0 0 wg0 xxx.xxx.xxx.0 0.0.0.0 255.255.254.0 U 0 0 0 eth0 172.20.0.0 0.0.0.0 255.255.255.0 U 0 0 0 vtun2 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1 192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth2 192.168.10.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1.10 192.168.19.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1.19 192.168.30.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1.30 [edit]

root@ER8-XG# set interfaces wireguard wg0 peer key1= allowed-ips 10.10.0.41/32 [edit] root@ER8-XG# set interfaces wireguard wg0 peer key1= allowed-ips '2xxx:xxxx:xxxx:xxx9::41/128' [edit] root@ER8-XG# set interfaces wireguard wg0 peer key1= description LM-iPad [edit] root@ER8-XG# set interfaces wireguard wg0 peer key1= persistent-keepalive 25 [edit] root@ER8-XG# set interfaces wireguard wg0 peer key1= preshared-key /config/wireguard/PreShared.key [edit] root@ER8-XG# commit [ interfaces wireguard wg0 peer key1= allowed-ips 2xxx:xxxx:xxxx:xxx9::41/128 ] RTNETLINK answers: File exists

Commit failed [edit] root@ER8-XG#

`

mxmartins commented 3 years ago

It appears the commit is failing because of the IPv6 route.... To test that out, I removed all IPv6 route definitions and all the commits worked...

So, the issue is how you are handling IPv6 route assignments/additions...

` [edit]

root@ER8-XG# set interfaces wireguard wg0 peer key2E= allowed-ips 10.10.0.41/32 [edit] root@ER8-XG# set interfaces wireguard wg0 peer key2E= description LM-iPad [edit] root@ER8-XG# set interfaces wireguard wg0 peer key2E= persistent-keepalive 25 [edit] root@ER8-XG# set interfaces wireguard wg0 peer key2E= preshared-key /config/wireguard/PreShared.key [edit] root@ER8-XG# commit [edit] root@ER8-XG# set interfaces wireguard wg0 peer key3= allowed-ips 10.10.0.3/32 [edit] root@ER8-XG# set interfaces wireguard wg0 peer key3= description M-iPhone [edit] root@ER8-XG# set interfaces wireguard wg0 peer key3= persistent-keepalive 25 [edit] root@ER8-XG# set interfaces wireguard wg0 peer key3= preshared-key /config/wireguard/PreShared.key [edit] root@ER8-XG# commit [edit] root@ER8-XG#

`

FossoresLP commented 3 years ago

Thank you very much for testing. I will most likely not get around to reproducing and debugging this until the weekend.

@whiskerz007 Do you have an idea where this could be going wrong? I don't really see where the script could be adding routes twice, especially only for IPv6.

Until there is a fix available, I would recommend going back to 1.0.20210219-1 since it is the last release before the changes.

mxmartins commented 3 years ago

I'm digging into this issue and I found this online.... Wonder if it could be something similar to this....

https://unix.stackexchange.com/questions/306139/rtnetlink-answers-file-exists-after-adding-ipv6-address

Since it works when you comment out the gateway line, you suffer from an unfortunate race condition: As soon as the link of the interface is up, Linux starts doing Neighbor Discovery and accepting Router Advertisements, which can put IPv6 routes into your routing table although the interface is not fully configured yet. When the script later tries to add the default route you get

RTNETLINK answers: File exists To work around this, you can

either comment out the gateway line (which is the recommended way provided that routes get announced correctly in your network) or disable the acceptance of RAs via sysctl -w net.ipv6.conf.device.accept_ra=0 (device being an actual device, default or all).

whiskerz007 commented 3 years ago

@mxmartins Please report the exact version you are running. It helps with keeping track of where the problems are and allows other people to follow the thread better. You can do this by running dpkg -s wireguard | grep Version.

mxmartins commented 3 years ago

root@ER8-XG# dpkg -s wireguard | grep Version

Version: 1.0.20210219-3

From: whiskerz007 notifications@github.com Sent: Wednesday, March 3, 2021 2:08 PM To: WireGuard/wireguard-vyatta-ubnt wireguard-vyatta-ubnt@noreply.github.com Cc: mxmartins mmartins@aol.com; Mention mention@noreply.github.com Subject: Re: [WireGuard/wireguard-vyatta-ubnt] RTNETLINK answers: File exists (#70)

@mxmartins https://github.com/mxmartins Please report the exact version you are running. It helps with keeping track of where the problems are and allows other people to follow the thread better. You can do this by running dpkg -s wireguard | grep Version.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/WireGuard/wireguard-vyatta-ubnt/issues/70#issuecomment-790055455 , or unsubscribe https://github.com/notifications/unsubscribe-auth/AL7ZG76ONQB7JNDZUHCYRBLTB2QJRANCNFSM4YQQPKJA . https://github.com/notifications/beacon/AL7ZG77MMR2UIBO25PVMHFTTB2QJRA5CNFSM4YQQPKJKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOF4LUUHY.gif

mxmartins commented 3 years ago

I've been at this most of the day.... and from what I'm able to see, routes are being added for routes that already exist on the routing table. I'm seeing it on both the IPv4 and IPv6 side...

Let me know what you need me to try to get to the bottom of this...

whiskerz007 commented 3 years ago

The problem is the array that gets the list of routes isn't getting the IPv6 routes. I'm currently working on a patch.

mxmartins commented 3 years ago

OK... I've run this again from a clean state to the end, and what I've determined is that only the first IPv6 peer actually gets a route, all the other ones fail....

If you look thru all this below, you will see that in the end, out of my 7 peers only 1 (2xxx:xxxx:xxxx:xxx9::41/128) ends up with an IPv6 address... All the other peers fail during the commit...

root@ER8-XG:/config/scripts# netstat -nr Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface 0.0.0.0 0.0.0.0 255.255.255.0 U 0 0 0 vtun1 0.0.0.0 xxx.xxx.xxx.1 0.0.0.0 UG 0 0 0 eth0 10.8.0.0 0.0.0.0 255.255.255.0 U 0 0 0 vtun0 10.8.1.0 0.0.0.0 255.255.255.0 U 0 0 0 vtun1 xxx.xxx.xxx.0 0.0.0.0 255.255.254.0 U 0 0 0 eth0 172.20.0.0 0.0.0.0 255.255.255.0 U 0 0 0 vtun2 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1 192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth2 192.168.10.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1.10 192.168.19.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1.19 192.168.30.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1.30

root@ER8-XG:/config/scripts# netstat -nr -A inet6 Kernel IPv6 routing table Destination Next Hop Flag Met Ref Use If 2xxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:81fe/128 :: U 256 0 0 eth0 2xxx:xxxx:xxxx:xxx1::/64 :: U 256 2 1933 eth1 2xxx:xxxx:xxxx:xxx2::/64 :: U 256 16147466 eth1.10 2xxx:xxxx:xxxx:xxx3::/64 :: U 256 3 58986 eth1.19 2xxx:xxxx:xxxx:xxx4::/64 :: U 256 0 0 eth1.30 2xxx:xxxx:xxxx:xxx5::/64 :: U 256 0 0 eth2 2xxx:xxxx:xxxx:xxx6::/64 :: U 256 0 0 vtun0 2xxx:xxxx:xxxx:xxx7::/64 :: U 256 0 0 vtun1 2xxx:xxxx:xxxx:xxx8::/64 :: U 256 0 0 vtun2 fe80::/64 :: U 256 1 2 eth0 fe80::/64 :: U 256 12 193 eth1 fe80::/64 :: U 256 3 34 eth1.30 fe80::/64 :: U 256 6 940 eth1.19 fe80::/64 :: U 256 14 1371 eth1.10 fe80::/64 :: U 256 0 0 vtun2 fe80::/64 :: U 256 0 0 vtun0 fe80::/64 :: U 256 0 0 vtun1 ::/0 fe80::201:5cff:fe62:a646 UGDAe 1024 16123176 eth0 ::/0 :: !n -1 1343632 lo ::1/128 :: Un 0 12 24 lo 2xxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:81fe/128 :: Un 0 2 76 lo 2xxx:xxxx:xxxx:xxx1::/128 :: Un 0 1 0 lo 2xxx:xxxx:xxxx:xxx1::1/128 :: Un 0 1 0 lo 2xxx:xxxx:xxxx:xxx2::/128 :: Un 0 1 0 lo 2xxx:xxxx:xxxx:xxx2::1/128 :: Un 0 2 1172 lo 2xxx:xxxx:xxxx:xxx3::/128 :: Un 0 1 0 lo 2xxx:xxxx:xxxx:xxx3::1/128 :: Un 0 1 0 lo 2xxx:xxxx:xxxx:xxx4::/128 :: Un 0 1 0 lo 2xxx:xxxx:xxxx:xxx4::1/128 :: Un 0 1 0 lo 2xxx:xxxx:xxxx:xxx6::/128 :: Un 0 1 0 lo 2xxx:xxxx:xxxx:xxx6::1/128 :: Un 0 1 0 lo 2xxx:xxxx:xxxx:xxx7::/128 :: Un 0 1 0 lo 2xxx:xxxx:xxxx:xxx7::1/128 :: Un 0 1 0 lo 2xxx:xxxx:xxxx:xxx8::/128 :: Un 0 1 0 lo 2xxx:xxxx:xxxx:xxx8::1/128 :: Un 0 1 0 lo fe80::/128 :: Un 0 1 0 lo fe80::/128 :: Un 0 1 0 lo fe80::/128 :: Un 0 1 0 lo fe80::/128 :: Un 0 1 0 lo fe80::/128 :: Un 0 1 0 lo fe80::/128 :: Un 0 1 0 lo fe80::/128 :: Un 0 1 0 lo fe80::/128 :: Un 0 1 0 lo fe80::2da:862b:d07a:d3f7/128 :: Un 0 1 0 lo fe80::29a3:1386:92f:899a/128 :: Un 0 1 0 lo fe80::7a8a:20ff:fe41:3aab/128 :: Un 0 2 2513 lo fe80::7a8a:20ff:fe41:3aab/128 :: Un 0 2 69 lo fe80::7a8a:20ff:fe41:3aab/128 :: Un 0 3 5659 lo fe80::7a8a:20ff:fe41:3aab/128 :: Un 0 3 11510 lo fe80::7a8a:20ff:fe41:3ab3/128 :: Un 0 2 104 lo fe80::7bb4:f9f0:c854:a71/128 :: Un 0 1 0 lo ff00::/8 :: U 256 5 25432 eth0 ff00::/8 :: U 256 11 407 eth1 ff00::/8 :: U 256 12 222 eth1.30 ff00::/8 :: U 256 13 32948 eth1.19 ff00::/8 :: U 256 12 20418 eth1.10 ff00::/8 :: U 256 12 149 vtun2 ff00::/8 :: U 256 11 144 vtun0 ff00::/8 :: U 256 12 159 vtun1 ff00::/8 :: U 256 0 0 eth2 ::/0 :: !n -1 1343632 lo

root@ER8-XG:/config/scripts# configure [edit] root@ER8-XG# show interfaces wireguard Configuration under specified path is empty [edit] root@ER8-XG# set interfaces wireguard wg0 address 10.10.0.1/24 set interfaces wireguard wg0 description WireGuard-10 set interfaces wireguard wg0 listen-port 9534 set interfaces wireguard wg0 mtu 1420 set interfaces wireguard wg0 private-key /config/wireguard/wg-ER8-XG-Private.key set interfaces wireguard wg0 route-allowed-ips true[edit] root@ER8-XG# set interfaces wireguard wg0 address '2xxx:xxxx:xxxx:xxx9::1/64' [edit] root@ER8-XG# set interfaces wireguard wg0 description WireGuard-10 [edit] root@ER8-XG# set interfaces wireguard wg0 listen-port 9534 [edit] root@ER8-XG# set interfaces wireguard wg0 mtu 1420 [edit] root@ER8-XG# set interfaces wireguard wg0 private-key /config/wireguard/wg-ER8-XG-Private.key [edit] root@ER8-XG# set interfaces wireguard wg0 route-allowed-ips true [edit] root@ER8-XG# commit [edit] root@ER8-XG#

root@ER8-XG:/config/scripts# netstat -nr Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface 0.0.0.0 0.0.0.0 255.255.255.0 U 0 0 0 wg0 0.0.0.0 xxx.xxx.xxx.1 0.0.0.0 UG 0 0 0 eth0 10.8.0.0 0.0.0.0 255.255.255.0 U 0 0 0 vtun0 10.8.1.0 0.0.0.0 255.255.255.0 U 0 0 0 vtun1 10.10.0.0 0.0.0.0 255.255.255.0 U 0 0 0 wg0 xxx.xxx.xxx.0 0.0.0.0 255.255.254.0 U 0 0 0 eth0 172.20.0.0 0.0.0.0 255.255.255.0 U 0 0 0 vtun2 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1 192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth2 192.168.10.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1.10 192.168.19.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1.19 192.168.30.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1.30

root@ER8-XG:/config/scripts# netstat -nr -A inet6 Kernel IPv6 routing table Destination Next Hop Flag Met Ref Use If 2xxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:81fe/128 :: U 256 0 0 eth0 2xxx:xxxx:xxxx:xxx1::/64 :: U 256 2 1939 eth1 2xxx:xxxx:xxxx:xxx2::/64 :: U 256 16147702 eth1.10 2xxx:xxxx:xxxx:xxx3::/64 :: U 256 3 59037 eth1.19 2xxx:xxxx:xxxx:xxx4::/64 :: U 256 0 0 eth1.30 2xxx:xxxx:xxxx:xxx5::/64 :: U 256 0 0 eth2 2xxx:xxxx:xxxx:xxx6::/64 :: U 256 0 0 vtun0 2xxx:xxxx:xxxx:xxx7::/64 :: U 256 0 0 vtun1 2xxx:xxxx:xxxx:xxx8::/64 :: U 256 0 0 vtun2 2xxx:xxxx:xxxx:xxx9::/64 :: U 256 0 0 wg0 fe80::/64 :: U 256 1 2 eth0 fe80::/64 :: U 256 12 193 eth1 fe80::/64 :: U 256 3 34 eth1.30 fe80::/64 :: U 256 7 944 eth1.19 fe80::/64 :: U 256 14 1376 eth1.10 fe80::/64 :: U 256 0 0 vtun2 fe80::/64 :: U 256 0 0 vtun0 fe80::/64 :: U 256 0 0 vtun1 ::/0 fe80::201:5cff:fe62:a646 UGDAe 1024 16123319 eth0 ::/0 :: !n -1 1344077 lo ::1/128 :: Un 0 12 25 lo 2xxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:81fe/128 :: Un 0 2 76 lo 2xxx:xxxx:xxxx:xxx1::/128 :: Un 0 1 0 lo 2xxx:xxxx:xxxx:xxx1::1/128 :: Un 0 1 0 lo 2xxx:xxxx:xxxx:xxx2::/128 :: Un 0 1 0 lo 2xxx:xxxx:xxxx:xxx2::1/128 :: Un 0 2 1174 lo 2xxx:xxxx:xxxx:xxx3::/128 :: Un 0 1 0 lo 2xxx:xxxx:xxxx:xxx3::1/128 :: Un 0 1 0 lo 2xxx:xxxx:xxxx:xxx4::/128 :: Un 0 1 0 lo 2xxx:xxxx:xxxx:xxx4::1/128 :: Un 0 1 0 lo 2xxx:xxxx:xxxx:xxx6::/128 :: Un 0 1 0 lo 2xxx:xxxx:xxxx:xxx6::1/128 :: Un 0 1 0 lo 2xxx:xxxx:xxxx:xxx7::/128 :: Un 0 1 0 lo 2xxx:xxxx:xxxx:xxx7::1/128 :: Un 0 1 0 lo 2xxx:xxxx:xxxx:xxx8::/128 :: Un 0 1 0 lo 2xxx:xxxx:xxxx:xxx8::1/128 :: Un 0 1 0 lo 2xxx:xxxx:xxxx:xxx9::/128 :: Un 0 1 0 lo 2xxx:xxxx:xxxx:xxx9::1/128 :: Un 0 1 0 lo fe80::/128 :: Un 0 1 0 lo fe80::/128 :: Un 0 1 0 lo fe80::/128 :: Un 0 1 0 lo fe80::/128 :: Un 0 1 0 lo fe80::/128 :: Un 0 1 0 lo fe80::/128 :: Un 0 1 0 lo fe80::/128 :: Un 0 1 0 lo fe80::/128 :: Un 0 1 0 lo fe80::2da:862b:d07a:d3f7/128 :: Un 0 1 0 lo fe80::29a3:1386:92f:899a/128 :: Un 0 1 0 lo fe80::7a8a:20ff:fe41:3aab/128 :: Un 0 2 2520 lo fe80::7a8a:20ff:fe41:3aab/128 :: Un 0 2 69 lo fe80::7a8a:20ff:fe41:3aab/128 :: Un 0 3 5670 lo fe80::7a8a:20ff:fe41:3aab/128 :: Un 0 3 11550 lo fe80::7a8a:20ff:fe41:3ab3/128 :: Un 0 2 104 lo fe80::7bb4:f9f0:c854:a71/128 :: Un 0 1 0 lo ff00::/8 :: U 256 5 25524 eth0 ff00::/8 :: U 256 11 408 eth1 ff00::/8 :: U 256 12 222 eth1.30 ff00::/8 :: U 256 13 32998 eth1.19 ff00::/8 :: U 256 12 20495 eth1.10 ff00::/8 :: U 256 12 150 vtun2 ff00::/8 :: U 256 11 145 vtun0 ff00::/8 :: U 256 12 159 vtun1 ff00::/8 :: U 256 0 0 eth2 ff00::/8 :: U 256 0 0 wg0 ::/0 :: !n -1 1344077 lo

root@ER8-XG:/config/scripts# configure [edit] root@ER8-XG# show interfaces wireguard wireguard wg0 { address 10.10.0.1/24 address 2xxx:xxxx:xxxx:xxx9::1/64 description WireGuard-10 listen-port 9534 mtu 1420 private-key /config/wireguard/wg-ER8-XG-Private.key route-allowed-ips true } [edit] root@ER8-XG#

root@ER8-XG# ^C [edit] root@ER8-XG# set interfaces wireguard wg0 peer key1= allowed-ips 10.10.0.41/32 set interfaces wireguard wg0 peer key5= allowed-ips 10.10.0.42/32 set interfaces wireguard wg0 peer key5= description LM-iPhone set interfaces wireguard wg0 peer key5= persistent-keepalive 25 set interfaces wireguard wg0 peer key5= preshared-key /config/wireguard/PreShared.key set interfaces wireguard wg0 peer key6= allowed-ips 10.10.0.2/32 set interfaces wireguard wg0 peer key6= description ASUS-Zenbook set interfaces wireguard wg0 peer key6= persistent-keepalive 25 set interfaces wireguard wg0 peer key6= preshared-key /config/wireguard/PreShared.key set interfaces wireguard wg0 peer key7= allowed-ips 10.10.0.32/32 set interfaces wireguard wg0 peer key7= description LM-iPhone set interfaces wireguard wg0 peer key7= persistent-keepalive 25 set interfaces wireguard wg0 peer key7= preshared-key /config/wireguard/PreShared.key[edit] root@ER8-XG# set interfaces wireguard wg0 peer key1= description LM-iPad [edit] root@ER8-XG# set interfaces wireguard wg0 peer key1= persistent-keepalive 25 [edit] root@ER8-XG# set interfaces wireguard wg0 peer key1= preshared-key /config/wireguard/PreShared.key [edit] root@ER8-XG# set interfaces wireguard wg0 peer key2= allowed-ips 10.10.0.3/32 [edit] root@ER8-XG# set interfaces wireguard wg0 peer key2= description M-iPhone [edit] root@ER8-XG# set interfaces wireguard wg0 peer key2= persistent-keepalive 25 [edit] root@ER8-XG# set interfaces wireguard wg0 peer key2= preshared-key /config/wireguard/PreShared.key [edit] root@ER8-XG# set interfaces wireguard wg0 peer key3= allowed-ips 10.10.0.31/32 [edit] root@ER8-XG# set interfaces wireguard wg0 peer key3= description LM-iPad [edit] root@ER8-XG# set interfaces wireguard wg0 peer key3= persistent-keepalive 25 [edit] root@ER8-XG# set interfaces wireguard wg0 peer key3= preshared-key /config/wireguard/PreShared.key [edit] root@ER8-XG# set interfaces wireguard wg0 peer key4= allowed-ips 10.10.0.21/32 [edit] root@ER8-XG# set interfaces wireguard wg0 peer key4= description X-iPhone [edit] root@ER8-XG# set interfaces wireguard wg0 peer key4= persistent-keepalive 25 [edit] root@ER8-XG# set interfaces wireguard wg0 peer key4= preshared-key /config/wireguard/PreShared.key [edit] root@ER8-XG# set interfaces wireguard wg0 peer key5= allowed-ips 10.10.0.42/32 [edit] root@ER8-XG# set interfaces wireguard wg0 peer key5= description LM-iPhone [edit] root@ER8-XG# set interfaces wireguard wg0 peer key5= persistent-keepalive 25 [edit] root@ER8-XG# set interfaces wireguard wg0 peer key5= preshared-key /config/wireguard/PreShared.key [edit] root@ER8-XG# set interfaces wireguard wg0 peer key6= allowed-ips 10.10.0.2/32 [edit] root@ER8-XG# set interfaces wireguard wg0 peer key6= description ASUS-Zenbook [edit] root@ER8-XG# set interfaces wireguard wg0 peer key6= persistent-keepalive 25 [edit] root@ER8-XG# set interfaces wireguard wg0 peer key6= preshared-key /config/wireguard/PreShared.key [edit] root@ER8-XG# set interfaces wireguard wg0 peer key7= allowed-ips 10.10.0.32/32 [edit] root@ER8-XG# set interfaces wireguard wg0 peer key7= description LM-iPhone [edit] root@ER8-XG# set interfaces wireguard wg0 peer key7= persistent-keepalive 25 [edit] root@ER8-XG# set interfaces wireguard wg0 peer key7= preshared-key /config/wireguard/PreShared.key [edit] root@ER8-XG# commit [edit] root@ER8-XG# save Saving configuration to '/config/config.boot'... Done [edit] root@ER8-XG#

root@ER8-XG# netstat -nr Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface 0.0.0.0 0.0.0.0 255.255.255.0 U 0 0 0 wg0 0.0.0.0 xxx.xxx.xxx.1 0.0.0.0 UG 0 0 0 eth0 10.8.0.0 0.0.0.0 255.255.255.0 U 0 0 0 vtun0 10.8.1.0 0.0.0.0 255.255.255.0 U 0 0 0 vtun1 10.10.0.0 0.0.0.0 255.255.255.0 U 0 0 0 wg0 10.10.0.2 0.0.0.0 255.255.255.255 UH 0 0 0 wg0 10.10.0.3 0.0.0.0 255.255.255.255 UH 0 0 0 wg0 10.10.0.21 0.0.0.0 255.255.255.255 UH 0 0 0 wg0 10.10.0.31 0.0.0.0 255.255.255.255 UH 0 0 0 wg0 10.10.0.32 0.0.0.0 255.255.255.255 UH 0 0 0 wg0 10.10.0.41 0.0.0.0 255.255.255.255 UH 0 0 0 wg0 10.10.0.42 0.0.0.0 255.255.255.255 UH 0 0 0 wg0 xxx.xxx.xxx.0 0.0.0.0 255.255.254.0 U 0 0 0 eth0 172.20.0.0 0.0.0.0 255.255.255.0 U 0 0 0 vtun2 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1 192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth2 192.168.10.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1.10 192.168.19.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1.19 192.168.30.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1.30 [edit] root@ER8-XG#

root@ER8-XG# netstat -nr -A inet6 Kernel IPv6 routing table Destination Next Hop Flag Met Ref Use If 2xxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:81fe/128 :: U 256 0 0 eth0 2xxx:xxxx:xxxx:xxx1::/64 :: U 256 2 1954 eth1 2xxx:xxxx:xxxx:xxx2::/64 :: U 256 16149057 eth1.10 2xxx:xxxx:xxxx:xxx3::/64 :: U 256 3 59091 eth1.19 2xxx:xxxx:xxxx:xxx4::/64 :: U 256 0 0 eth1.30 2xxx:xxxx:xxxx:xxx5::/64 :: U 256 0 0 eth2 2xxx:xxxx:xxxx:xxx6::/64 :: U 256 0 0 vtun0 2xxx:xxxx:xxxx:xxx7::/64 :: U 256 0 0 vtun1 2xxx:xxxx:xxxx:xxx8::/64 :: U 256 0 0 vtun2 2xxx:xxxx:xxxx:xxx9::/64 :: U 256 0 0 wg0 fe80::/64 :: U 256 1 2 eth0 fe80::/64 :: U 256 12 195 eth1 fe80::/64 :: U 256 3 34 eth1.30 fe80::/64 :: U 256 7 956 eth1.19 fe80::/64 :: U 256 14 1386 eth1.10 fe80::/64 :: U 256 0 0 vtun2 fe80::/64 :: U 256 0 0 vtun0 fe80::/64 :: U 256 0 0 vtun1 ::/0 fe80::201:5cff:fe62:a646 UGDAe 1024 16123542 eth0 ::/0 :: !n -1 1345748 lo ::1/128 :: Un 0 12 25 lo 2xxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:81fe/128 :: Un 0 2 76 lo 2xxx:xxxx:xxxx:xxx1::/128 :: Un 0 1 0 lo 2xxx:xxxx:xxxx:xxx1::1/128 :: Un 0 1 0 lo 2xxx:xxxx:xxxx:xxx2::/128 :: Un 0 1 0 lo 2xxx:xxxx:xxxx:xxx2::1/128 :: Un 0 2 1179 lo 2xxx:xxxx:xxxx:xxx3::/128 :: Un 0 1 0 lo 2xxx:xxxx:xxxx:xxx3::1/128 :: Un 0 1 0 lo 2xxx:xxxx:xxxx:xxx4::/128 :: Un 0 1 0 lo 2xxx:xxxx:xxxx:xxx4::1/128 :: Un 0 1 0 lo 2xxx:xxxx:xxxx:xxx6::/128 :: Un 0 1 0 lo 2xxx:xxxx:xxxx:xxx6::1/128 :: Un 0 1 0 lo 2xxx:xxxx:xxxx:xxx7::/128 :: Un 0 1 0 lo 2xxx:xxxx:xxxx:xxx7::1/128 :: Un 0 1 0 lo 2xxx:xxxx:xxxx:xxx8::/128 :: Un 0 1 0 lo 2xxx:xxxx:xxxx:xxx8::1/128 :: Un 0 1 0 lo 2xxx:xxxx:xxxx:xxx9::/128 :: Un 0 1 0 lo 2xxx:xxxx:xxxx:xxx9::1/128 :: Un 0 1 0 lo fe80::/128 :: Un 0 1 0 lo fe80::/128 :: Un 0 1 0 lo fe80::/128 :: Un 0 1 0 lo fe80::/128 :: Un 0 1 0 lo fe80::/128 :: Un 0 1 0 lo fe80::/128 :: Un 0 1 0 lo fe80::/128 :: Un 0 1 0 lo fe80::/128 :: Un 0 1 0 lo fe80::2da:862b:d07a:d3f7/128 :: Un 0 1 0 lo fe80::29a3:1386:92f:899a/128 :: Un 0 1 0 lo fe80::7a8a:20ff:fe41:3aab/128 :: Un 0 2 2537 lo fe80::7a8a:20ff:fe41:3aab/128 :: Un 0 2 69 lo fe80::7a8a:20ff:fe41:3aab/128 :: Un 0 3 5677 lo fe80::7a8a:20ff:fe41:3aab/128 :: Un 0 3 11650 lo fe80::7a8a:20ff:fe41:3ab3/128 :: Un 0 2 104 lo fe80::7bb4:f9f0:c854:a71/128 :: Un 0 1 0 lo ff00::/8 :: U 256 5 25647 eth0 ff00::/8 :: U 256 11 410 eth1 ff00::/8 :: U 256 12 223 eth1.30 ff00::/8 :: U 256 13 33049 eth1.19 ff00::/8 :: U 256 12 20748 eth1.10 ff00::/8 :: U 256 12 151 vtun2 ff00::/8 :: U 256 11 145 vtun0 ff00::/8 :: U 256 12 160 vtun1 ff00::/8 :: U 256 0 0 eth2 ff00::/8 :: U 256 0 0 wg0 ::/0 :: !n -1 1345748 lo [edit] root@ER8-XG#

root@ER8-XG# show interfaces wireguard wireguard wg0 { address 10.10.0.1/24 address 2xxx:xxxx:xxxx:xxx9::1/64 description WireGuard-10 listen-port 9534 mtu 1420 peer key1= { allowed-ips 10.10.0.41/32 description LM-iPad persistent-keepalive 25 preshared-key /config/wireguard/PreShared.key } peer key2= { allowed-ips 10.10.0.3/32 description M-iPhone persistent-keepalive 25 preshared-key /config/wireguard/PreShared.key } peer key3= { allowed-ips 10.10.0.31/32 description LM-iPad persistent-keepalive 25 preshared-key /config/wireguard/PreShared.key } peer key4= { allowed-ips 10.10.0.21/32 description X-iPhone persistent-keepalive 25 preshared-key /config/wireguard/PreShared.key } peer key5= { allowed-ips 10.10.0.42/32 description LM-iPhone persistent-keepalive 25 preshared-key /config/wireguard/PreShared.key } peer key6= { allowed-ips 10.10.0.2/32 description ASUS-Zenbook persistent-keepalive 25 preshared-key /config/wireguard/PreShared.key } peer key7= { allowed-ips 10.10.0.32/32 description LM-iPhone persistent-keepalive 25 preshared-key /config/wireguard/PreShared.key } private-key /config/wireguard/wg-ER8-XG-Private.key route-allowed-ips true } [edit] root@ER8-XG#

root@ER8-XG# ^C [edit] root@ER8-XG# set interfaces wireguard wg0 peer key1= allowed-ips '2xxx:xxxx:xxxx:xxx9::41/128' set interfaces wireguard wg0 peer key5= allowed-ips '2xxx:xxxx:xxxx:xxx9::42/128' set interfaces wireguard wg0 peer key6= allowed-ips '2xxx:xxxx:xxxx:xxx9::2/128' set interfaces wireguard wg0 peer key7= allowed-ips '2xxx:xxxx:xxxx:xxx9::32/128'[edit] root@ER8-XG# set interfaces wireguard wg0 peer key2= allowed-ips '2xxx:xxxx:xxxx:xxx9::3/128' [edit] root@ER8-XG# set interfaces wireguard wg0 peer key3= allowed-ips '2xxx:xxxx:xxxx:xxx9::31/128' [edit] root@ER8-XG# set interfaces wireguard wg0 peer key4= allowed-ips '2xxx:xxxx:xxxx:xxx9::21/128' [edit] root@ER8-XG# set interfaces wireguard wg0 peer key5= allowed-ips '2xxx:xxxx:xxxx:xxx9::42/128' [edit] root@ER8-XG# set interfaces wireguard wg0 peer key6= allowed-ips '2xxx:xxxx:xxxx:xxx9::2/128' [edit] root@ER8-XG# set interfaces wireguard wg0 peer key7= allowed-ips '2xxx:xxxx:xxxx:xxx9::32/128' [edit] root@ER8-XG# commit [ interfaces wireguard wg0 peer key5= allowed-ips 2xxx:xxxx:xxxx:xxx9::42/128 ] RTNETLINK answers: File exists

[ interfaces wireguard wg0 peer key4= allowed-ips 2xxx:xxxx:xxxx:xxx9::21/128 ] RTNETLINK answers: File exists

[ interfaces wireguard wg0 peer key6= allowed-ips 2xxx:xxxx:xxxx:xxx9::2/128 ] RTNETLINK answers: File exists

[ interfaces wireguard wg0 peer key7= allowed-ips 2xxx:xxxx:xxxx:xxx9::32/128 ] RTNETLINK answers: File exists

[ interfaces wireguard wg0 peer key3= allowed-ips 2xxx:xxxx:xxxx:xxx9::31/128 ] RTNETLINK answers: File exists

[ interfaces wireguard wg0 peer key2= allowed-ips 2xxx:xxxx:xxxx:xxx9::3/128 ] RTNETLINK answers: File exists

Commit failed [edit] root@ER8-XG#

root@ER8-XG# netstat -nr Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface 0.0.0.0 0.0.0.0 255.255.255.0 U 0 0 0 wg0 0.0.0.0 xxx.xxx.xxx.1 0.0.0.0 UG 0 0 0 eth0 10.8.0.0 0.0.0.0 255.255.255.0 U 0 0 0 vtun0 10.8.1.0 0.0.0.0 255.255.255.0 U 0 0 0 vtun1 10.10.0.0 0.0.0.0 255.255.255.0 U 0 0 0 wg0 xxx.xxx.xxx.0 0.0.0.0 255.255.254.0 U 0 0 0 eth0 172.20.0.0 0.0.0.0 255.255.255.0 U 0 0 0 vtun2 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1 192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth2 192.168.10.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1.10 192.168.19.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1.19 192.168.30.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1.30 [edit]

root@ER8-XG# netstat -nr -A inet6 Kernel IPv6 routing table Destination Next Hop Flag Met Ref Use If 2xxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:81fe/128 :: U 256 0 0 eth0 2xxx:xxxx:xxxx:xxx1::/64 :: U 256 2 1959 eth1 2xxx:xxxx:xxxx:xxx2::/64 :: U 256 16149174 eth1.10 2xxx:xxxx:xxxx:xxx3::/64 :: U 256 3 59102 eth1.19 2xxx:xxxx:xxxx:xxx4::/64 :: U 256 0 0 eth1.30 2xxx:xxxx:xxxx:xxx5::/64 :: U 256 0 0 eth2 2xxx:xxxx:xxxx:xxx6::/64 :: U 256 0 0 vtun0 2xxx:xxxx:xxxx:xxx7::/64 :: U 256 0 0 vtun1 2xxx:xxxx:xxxx:xxx8::/64 :: U 256 0 0 vtun2 2xxx:xxxx:xxxx:xxx9::41/128 :: U 1024 0 0 wg0 2xxx:xxxx:xxxx:xxx9::42/128 :: U 1024 0 0 wg0 2xxx:xxxx:xxxx:xxx9::/64 :: U 256 0 0 wg0 fe80::/64 :: U 256 1 2 eth0 fe80::/64 :: U 256 12 195 eth1 fe80::/64 :: U 256 3 34 eth1.30 fe80::/64 :: U 256 7 956 eth1.19 fe80::/64 :: U 256 14 1387 eth1.10 fe80::/64 :: U 256 0 0 vtun2 fe80::/64 :: U 256 0 0 vtun0 fe80::/64 :: U 256 0 0 vtun1 ::/0 fe80::201:5cff:fe62:a646 UGDAe 1024 16123595 eth0 ::/0 :: !n -1 1345935 lo ::1/128 :: Un 0 12 25 lo 2xxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:81fe/128 :: Un 0 2 76 lo 2xxx:xxxx:xxxx:xxx1::/128 :: Un 0 1 0 lo 2xxx:xxxx:xxxx:xxx1::1/128 :: Un 0 1 0 lo 2xxx:xxxx:xxxx:xxx2::/128 :: Un 0 1 0 lo 2xxx:xxxx:xxxx:xxx2::1/128 :: Un 0 2 1181 lo 2xxx:xxxx:xxxx:xxx3::/128 :: Un 0 1 0 lo 2xxx:xxxx:xxxx:xxx3::1/128 :: Un 0 1 0 lo 2xxx:xxxx:xxxx:xxx4::/128 :: Un 0 1 0 lo 2xxx:xxxx:xxxx:xxx4::1/128 :: Un 0 1 0 lo 2xxx:xxxx:xxxx:xxx6::/128 :: Un 0 1 0 lo 2xxx:xxxx:xxxx:xxx6::1/128 :: Un 0 1 0 lo 2xxx:xxxx:xxxx:xxx7::/128 :: Un 0 1 0 lo 2xxx:xxxx:xxxx:xxx7::1/128 :: Un 0 1 0 lo 2xxx:xxxx:xxxx:xxx8::/128 :: Un 0 1 0 lo 2xxx:xxxx:xxxx:xxx8::1/128 :: Un 0 1 0 lo 2xxx:xxxx:xxxx:xxx9::/128 :: Un 0 1 0 lo 2xxx:xxxx:xxxx:xxx9::1/128 :: Un 0 1 0 lo fe80::/128 :: Un 0 1 0 lo fe80::/128 :: Un 0 1 0 lo fe80::/128 :: Un 0 1 0 lo fe80::/128 :: Un 0 1 0 lo fe80::/128 :: Un 0 1 0 lo fe80::/128 :: Un 0 1 0 lo fe80::/128 :: Un 0 1 0 lo fe80::/128 :: Un 0 1 0 lo fe80::2da:862b:d07a:d3f7/128 :: Un 0 1 0 lo fe80::29a3:1386:92f:899a/128 :: Un 0 1 0 lo fe80::7a8a:20ff:fe41:3aab/128 :: Un 0 2 2545 lo fe80::7a8a:20ff:fe41:3aab/128 :: Un 0 2 69 lo fe80::7a8a:20ff:fe41:3aab/128 :: Un 0 3 5683 lo fe80::7a8a:20ff:fe41:3aab/128 :: Un 0 3 11676 lo fe80::7a8a:20ff:fe41:3ab3/128 :: Un 0 2 104 lo fe80::7bb4:f9f0:c854:a71/128 :: Un 0 1 0 lo ff00::/8 :: U 256 5 25697 eth0 ff00::/8 :: U 256 11 411 eth1 ff00::/8 :: U 256 12 223 eth1.30 ff00::/8 :: U 256 13 33081 eth1.19 ff00::/8 :: U 256 12 20765 eth1.10 ff00::/8 :: U 256 12 151 vtun2 ff00::/8 :: U 256 11 146 vtun0 ff00::/8 :: U 256 12 160 vtun1 ff00::/8 :: U 256 0 0 eth2 ff00::/8 :: U 256 0 0 wg0 ::/0 :: !n -1 1345935 lo [edit] root@ER8-XG# ^C

root@ER8-XG:/config/scripts# configure [edit] root@ER8-XG# show interfaces wireguard wireguard wg0 { address 10.10.0.1/24 address 2xxx:xxxx:xxxx:xxx9::1/64 description WireGuard-10 listen-port 9534 mtu 1420 peer key1= { allowed-ips 10.10.0.41/32 allowed-ips 2xxx:xxxx:xxxx:xxx9::41/128 description LM-iPad persistent-keepalive 25 preshared-key /config/wireguard/PreShared.key } peer key2= { allowed-ips 10.10.0.3/32 description M-iPhone persistent-keepalive 25 preshared-key /config/wireguard/PreShared.key } peer key3= { allowed-ips 10.10.0.31/32 description LM-iPad persistent-keepalive 25 preshared-key /config/wireguard/PreShared.key } peer key4= { allowed-ips 10.10.0.21/32 description X-iPhone persistent-keepalive 25 preshared-key /config/wireguard/PreShared.key } peer key5= { allowed-ips 10.10.0.42/32 description LM-iPhone persistent-keepalive 25 preshared-key /config/wireguard/PreShared.key } peer key6= { allowed-ips 10.10.0.2/32 description ASUS-Zenbook persistent-keepalive 25 preshared-key /config/wireguard/PreShared.key } peer key7= { allowed-ips 10.10.0.32/32 description LM-iPhone persistent-keepalive 25 preshared-key /config/wireguard/PreShared.key } private-key /config/wireguard/wg-ER8-XG-Private.key route-allowed-ips true } [edit] root@ER8-XG#

mxmartins commented 3 years ago

The problem is the array that gets the list of routes isn't getting the IPv6 routes. I'm currently working on a patch.

Awesome.... Let me know when you have the package and I can test it ....

whiskerz007 commented 3 years ago

@mxmartins You can try the changes that I've pushed (#71) by downloading the package artifact for your device. If you do, please share your experience.

FossoresLP commented 3 years ago

Thank you for the quick fix. I hope I'll be able to merge the fix and release a new version this weekend. @mxmartins It would be great to hear whether everything works with the changes. You can find the package for your device here

mxmartins commented 3 years ago

Yes, everything works fine.. The only thing I noticed was that the internal module version was not incremented, which is problematic for the upgrade script...

Thank you so much for the quick resolution. Please close this issue once the fix is merged....

FossoresLP commented 3 years ago

New release should be out later today. Package version has been incremented correctly now.