search

opnsense / core

OPNsense GUI, API and systems backend
https://opnsense.org/
BSD 2-Clause "Simplified" License
3.34k stars 748 forks source link

Wireguard: IPv6 only Wireguard tunnel with "Disable routes" incorrectly attempts to install IPv6 Gateway address as IPv4 route #7585

Closed salekseev closed 4 months ago

salekseev commented 4 months ago

Important notices

Before you add a new report, we ask you kindly to acknowledge the following:

Describe the bug

When attempting to create a Wireguard instance with IPv6 only tunnel address of fdd9:3d6d:5f1:0:169:254:23:34/128, checking the box for "Disable routes" and adding fdd9:3d6d:05f1:0:169:254:23:33 as Gateway I am getting the following error in the log:

/usr/local/opnsense/scripts/Wireguard/wg-service-control.php: The command '/sbin/route -q -n add '-4' 'fdd9:3d6d:05f1:0000:0169:0254:0023:0033' -iface 'wg2'' returned exit code '68', the output was 'route: bad address: fdd9:3d6d:05f1:0000:0169:0254:0023:0033'

Expected behavior

This should work by adding -6 per the logic at https://github.com/opnsense/core/blob/master/src/opnsense/scripts/Wireguard/wg-service-control.php#L133 as it works quite well with IPv4 addresses.

Describe alternatives you considered

I'm forced to not use "Disable routes" functionality with IPv6 Wireguard tunnels and instead set "AllowIPs".

Relevant log files

2024-06-28T22:35:51-04:00   Notice  wireguard    wireguard instance wg-site-nuxt-v6 (wg2) can not reconfigure without stopping it first.
2024-06-28T22:35:03-04:00   Notice  wireguard    wireguard instance wg-site-nuxt-v6 (wg2) started
2024-06-28T22:35:02-04:00   Notice  wireguard    /usr/local/opnsense/scripts/Wireguard/wg-service-control.php: plugins_configure monitor (execute task : dpinger_configure_do(,WireGuardNuxtV6))
2024-06-28T22:35:02-04:00   Notice  wireguard    /usr/local/opnsense/scripts/Wireguard/wg-service-control.php: plugins_configure monitor (,WireGuardNuxtV6)
2024-06-28T22:35:02-04:00   Notice  wireguard    /usr/local/opnsense/scripts/Wireguard/wg-service-control.php: ROUTING: entering configure using 'opt5'
2024-06-28T22:35:01-04:00   Error   wireguard    /usr/local/opnsense/scripts/Wireguard/wg-service-control.php: The command '/sbin/route -q -n add '-4' 'fdd9:3d6d:05f1:0000:0169:0254:0023:0033' -iface 'wg2'' returned exit code '68', the output was 'route: bad address: fdd9:3d6d:05f1:0000:0169:0254:0023:0033'

Environment

OPNsense 24.1.9_4 (amd64).

AdSchellevis commented 4 months ago

@salekseev can you try https://github.com/opnsense/core/commit/9318d7744de52f5084b3248db83661931e232d10 ?

opnsense-patch 9318d77 should likely do the trick.