Summary:
Pretty consistently i see the wireguard interfaces suddenly dropping their IPv6 address, with only the IPv4 address remaining.
So far i've seen it happen completely randomly, but today i had the same issue consistently when assigning a firewall to the wireguard interfaces on my two ER-4's (ex. set interfaces wireguard wg0 firewall local ipv6-name ipv6_in)
This happened on both ER's for all wireguard interfaces.
The configuration is still the same, but the interface must be deleted and re-created for ipv6 address to be assigned again.
Upon deleting the interface, RTNETLINK will complain about assigning the address (assign on delete? why?), but when configuring the interface again, no errors are seen and it gets up and running again asap.
There is no errors or indication of this from Wireguard in the log, other than BGP complaining about source interface not existing for IPv6, and IPv4 BGP session being reset
Mar 24 20:43:22 har-fw01 BGP[1068]: BGP-6%BGP-5-ADJCHANGE: neighbor Down Interface Flap
Mar 24 20:43:22 har-fw01 BGP[1068]: BGP-6%BGP-5-ADJCHANGE: neighbor Down Interface Flap
Mar 24 20:43:26 har-fw01 BGP[1068]: BGP-3fd01:f000:baaa:1001::1-Outgoing [NETWORK] Set Sock Opt: Update-source failed on Sock 13
Mar 24 20:43:26 har-fw01 BGP[1068]: BGP-6%BGP-5-ADJCHANGE: neighbor 192.168.250.130 Up
I have also noticed that in 'dmesg' the current hwoffload status will be printed, perhaps indicating for this to be a problem caused by hardware offloading?
[1021694.304509] IPV4 forwarding Enabled
[1021694.304596] IPV4 VLAN forwarding Enabled
[1021694.304665] IPV4 PPPOE forwarding Disabled
[1021694.304733] IPV4 GRE Tunnel forwarding Enabled
[1021694.304797] IPV4 Bonding forwding Enabled
[1021694.304860] IPV4 export Disabled
[1021694.331308] IPV4 dpi Disabled
[1021694.345256] IPV6 forwarding Enabled
[1021694.345346] IPV6 VLAN forwarding Enabled
[1021694.345414] IPV6 PPPOE forwarding Disabled
[1021694.345482] IPV6 Bonding forwarding Enabled
Example config:
_set interfaces wireguard wg10 address 10.255.10.1/30
set interfaces wireguard wg10 address 'fdb6:d1d9:7914:10::1/64'
set interfaces wireguard wg10 firewall local ipv6-name IPV6_LOCAL
set interfaces wireguard wg10 firewall local name IPV4LOCAL
set interfaces wireguard wg10 listen-port 51810
set interfaces wireguard wg10 mtu 1420
set interfaces wireguard wg10 peer xxxxxxx= allowed-ips 0.0.0.0/0
set interfaces wireguard wg10 peerxxxxx= allowed-ips '::/0'
set interfaces wireguard wg10 peer xxxxxx= endpoint 'xxxxx:51810'
set interfaces wireguard wg10 private-key xxxxxx
set interfaces wireguard wg10 route-allowed-ips false
After applying the firewall local ipv6-name and name:Interface IP Address S/L Description
wg10 10.255.10.1/30 u/u
Summary: Pretty consistently i see the wireguard interfaces suddenly dropping their IPv6 address, with only the IPv4 address remaining. So far i've seen it happen completely randomly, but today i had the same issue consistently when assigning a firewall to the wireguard interfaces on my two ER-4's (ex. set interfaces wireguard wg0 firewall local ipv6-name ipv6_in) This happened on both ER's for all wireguard interfaces.
The configuration is still the same, but the interface must be deleted and re-created for ipv6 address to be assigned again. Upon deleting the interface, RTNETLINK will complain about assigning the address (assign on delete? why?), but when configuring the interface again, no errors are seen and it gets up and running again asap.
There is no errors or indication of this from Wireguard in the log, other than BGP complaining about source interface not existing for IPv6, and IPv4 BGP session being reset Mar 24 20:43:22 har-fw01 BGP[1068]: BGP-6%BGP-5-ADJCHANGE: neighbor Down Interface Flap Mar 24 20:43:22 har-fw01 BGP[1068]: BGP-6%BGP-5-ADJCHANGE: neighbor Down Interface Flap Mar 24 20:43:26 har-fw01 BGP[1068]: BGP-3fd01:f000:baaa:1001::1-Outgoing [NETWORK] Set Sock Opt: Update-source failed on Sock 13 Mar 24 20:43:26 har-fw01 BGP[1068]: BGP-6%BGP-5-ADJCHANGE: neighbor 192.168.250.130 Up
I have also noticed that in 'dmesg' the current hwoffload status will be printed, perhaps indicating for this to be a problem caused by hardware offloading? [1021694.304509] IPV4 forwarding Enabled [1021694.304596] IPV4 VLAN forwarding Enabled [1021694.304665] IPV4 PPPOE forwarding Disabled [1021694.304733] IPV4 GRE Tunnel forwarding Enabled [1021694.304797] IPV4 Bonding forwding Enabled [1021694.304860] IPV4 export Disabled [1021694.331308] IPV4 dpi Disabled [1021694.345256] IPV6 forwarding Enabled [1021694.345346] IPV6 VLAN forwarding Enabled [1021694.345414] IPV6 PPPOE forwarding Disabled [1021694.345482] IPV6 Bonding forwarding Enabled
Example config: _set interfaces wireguard wg10 address 10.255.10.1/30 set interfaces wireguard wg10 address 'fdb6:d1d9:7914:10::1/64' set interfaces wireguard wg10 firewall local ipv6-name IPV6_LOCAL set interfaces wireguard wg10 firewall local name IPV4LOCAL set interfaces wireguard wg10 listen-port 51810 set interfaces wireguard wg10 mtu 1420 set interfaces wireguard wg10 peer xxxxxxx= allowed-ips 0.0.0.0/0 set interfaces wireguard wg10 peerxxxxx= allowed-ips '::/0' set interfaces wireguard wg10 peer xxxxxx= endpoint 'xxxxx:51810' set interfaces wireguard wg10 private-key xxxxxx set interfaces wireguard wg10 route-allowed-ips false
After applying the firewall local ipv6-name and name: Interface IP Address S/L Description wg10 10.255.10.1/30 u/u
When deleting the interface: _ubnt@har-fw01# delete interfaces wireguard wg10 [edit] ubnt@har-fw01# commit [ interfaces wireguard wg10 address fdb6:d1d9:7914:10::1/64 ] RTNETLINK answers: Cannot assign requested address
[edit]_
After commit _ubnt@har-fw01# set interfaces wireguard wg10 address 'fdb6:d1d9:7914:10::1/64' [edit] .......... snip ........ ubnt@har-fw01# set interfaces wireguard wg10 route-allowed-ips false [edit] ubnt@har-fw01# commit [edit] ubnt@har-fw01# exit exit
Interface IP Address S/L Description wg10 10.255.10.1/30 u/u Peering: GuiltySpark Bergen (AS211685) fdb6:d1d9:7914:10::1/64_
Hardware: Version: v2.0.9 Build ID: 5346345 Build on: 10/28/20 16:47 Copyright: 2012-2020 Ubiquiti Networks, Inc. HW model: EdgeRouter 4 Uptime: 21:01:59 up 11 days, 20:02, 1 user, load average: 0.18, 0.14, 0.17