search

WireGuard / wireguard-vyatta-ubnt

WireGuard for Ubiquiti Devices
https://www.wireguard.com/
GNU General Public License v3.0
1.46k stars 68 forks source link

Unable to add WireGuard interface to OSPFv3 area. #86

Open giga1699 opened 3 years ago

giga1699 commented 3 years ago

I am unable to add a WireGuard interface to a OSPFv3 area. The error message states that no link-local address is assigned, as well as wg0 not matching any known interface name type, as shown below.

ubnt@RTR# set protocols ospfv3 area 0.0.0.0 interface wg0
[edit]
ubnt@RTR# commit
[ protocols ospfv3 area 0.0.0.0 interface wg0 ]
wg0 does not match any known interface name type
Link-Local address is not assigned to this interface

Commit failed

Interface config:

wireguard wg0 {
     address X.X.X.X/29
     address 2001:XXXX::2/64
     mtu 1420
     peer <pubkey> {
         allowed-ips 0.0.0.0/0
         allowed-ips ::/0
         endpoint <endpoint>
         preshared-key /config/auth/<key>
     }
     private-key /config/auth/<key>
     route-allowed-ips false
 }

EdgeRouter Version:

Version:      v2.0.9-hotfix.1
Build ID:     5371035
Build on:     01/22/21 10:15
Copyright:    2012-2020 Ubiquiti Networks, Inc.
HW model:     EdgeRouter 4

WireGuard version: ii wireguard 1.0.20210219-5 mips fast, modern, secure kernel VPN tunnel

giga1699 commented 3 years ago

Seems Ubiquiti also has quite the history of issues with OSPFv3.

Some reference links I've found, which I am showing similar issues over GRE and WireGuard.

https://community.ui.com/questions/Issues-with-OSPFv3-IPv6-over-GRE-and-SIT-Tunnels-/85f02527-211d-40ce-94f2-05bd1a7967a7

https://community.ui.com/questions/ERPro-8-cant-get-OSPFv3-to-work/e517b072-9501-4dec-aaa0-31834d8ebe28

giga1699 commented 3 years ago

Found another Ubiquiti posting specifically about WireGuard, and OSPFv3 not creating a neighbor relationship despite Hellos being seen via tcpdump.

https://community.ui.com/questions/ospfv3-over-wireguard-point-to-point-not-seeing-far-side-hellos-visible-in-tcpdump/3b6f9db6-737e-490a-a08c-022463f5e789

samip5 commented 3 years ago

The working solution is to use Bird for ospfv3, the interface types supported for the included OSPF daemon, does not have the template for wireguard interface type so that's why it complains.

samip5 commented 3 years ago

The error seems to come from: https://github.com/remfalc/vyt-vyatta-cfg-system/blob/master/scripts/vyatta-interfaces.pl, which is on the router at /opt/vyatta/sbin/vyatta-interfaces.pl