Closed SwimGeek closed 2 years ago
After manually editing the config.boot file things also did not work. If I boot the ER-X with only the endpoint defined, and then add the allowed-ips after boot - things work. So basically the VPN config cant survive a reboot.
Was just looking at this: https://github.com/Lochnair/vyatta-wireguard/issues/6 .
One thing stood out to me: your wording in the sentence "after I disable route-allowed-ips true." I would have expected you to say, "after I set route-allowed-ips false."
What does show interfaces wireguard wg0 route-allowed-ips
print?
If it prints "false" and you still think the allowed IPs are being routed, maybe instrument /opt/wireguard/update-routes.sh
to see if routes are being attempted to be added there?
My latest theory is that 'route-allowed-ips' is not the problem - even though it gets enabled by default.
I suspect what happens after a reboot is that the endpoint/tunnel is not connected when it attempts to add the routes defined by the allowed-ips config. Maybe it needs to wait a few seconds before it adds the routes.
To disable 'route-allowed-ips' I used:
delete interfaces wireguard wg0 route-allowed-ips true
which seems to remove it from the running config
At the moment it shows:
show interfaces wireguard wg0 route-allowed-ips route-allowed-ips true
Yeah, deleting true is not how to set false.
set interfaces wireguard wg0 route-allowed-ips false
Not sure this will solve your problem but start there.
I suspect my initial guess about route-allowed-ips was wrong.
I'll open another ticket / issue.
Hi
It seems that after I disable 'route-allowed-ips true' and do a commit and save, the feature is still enabled in startup config file: /config/config.boot
For my use, it seems that I need route-allowed-ips to be off, else I get an RTNETLINK error when trying to add allowed-ips configs. So currently when I reboot my ER-X things break pretty badly.
I'm using: EdgeRouter X 5-Port with OS: v2.0.9-hotfix.2 and Wireguard: e50-v2-v1.0.20210606-v1.0.20210424.deb