search

tusc / wireguard-kmod

WireGuard for UDM series routers
https://www.wireguard.com/
352 stars 19 forks source link

After starting vpn UDM pro reboots #56

Closed aleksandryants closed 2 years ago

aleksandryants commented 2 years ago

Hi, After I start VPN the udm reboots

[#] ip link add wg0 type wireguard [#] wg setconf wg0 /dev/fd/63 [#] ip -4 address add 10.50.0.3/32 dev wg0 [#] ip link set mtu 1412 up dev wg0 [#] resolvconf -a wg0 -m 0 -x [#] ip -6 route add ::/1 dev wg0 [#] ip -6 route add 8000::/1 dev wg0 [#] ip -4 route add 128.0.0.0/1 dev wg0 [#] ip -4 route add 0.0.0.0/1 dev wg0

client_loop: send disconnect: Connection reset

peacey commented 2 years ago

Hi @aleksandryants,

You seem to be using wireguard in client mode and are forcing all traffic to the VPN. That means when the tunnel is activated, the UDM might lose connection to the LAN. Are you sure the UDM is restarting and not just losing LAN access?

What are you trying to accomplish with this configuration? Did you intend to push your entire internet through the VPN and not just specific subnets?

aleksandryants commented 2 years ago

Hi, I am shore that it is restarting, it is showing on udm screen that it is rebooting. I actually want to push VPN just through specific subnet but i dont know how. Sorry for beeing stupid I am new to this.

tusc commented 2 years ago

Is there a panic in /sys/fs/pstore?

grep -H "" /sys/fs/pstore/*

On Sun, Mar 20, 2022 at 3:45 PM aleksandryants @.***> wrote:

Hi, I am shore that it is restarting, it is showing on udm screen that it is rebooting. I actually want to push VPN just through specific subnet.

— Reply to this email directly, view it on GitHub https://github.com/tusc/wireguard-kmod/issues/56#issuecomment-1073345247, or unsubscribe https://github.com/notifications/unsubscribe-auth/ACIAGQNQODBFVVGEIW7KI43VA6E65ANCNFSM5RF7LRTQ . Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub.

You are receiving this because you are subscribed to this thread.Message ID: @.***>

aleksandryants commented 2 years ago

@tusc /sys/fs/pstore/console-ramoops-0:[ 0.552098] pci-pf-stub 0000:00:04.0: writing to VF config space /sys/fs/pstore/console-ramoops-0:[ 0.552158] pci-pf-stub 0000:00:05.0: writing to VF config space /sys/fs/pstore/console-ramoops-0:[ 0.570765] ahci 0001:00:00.0: writing to VF config space /sys/fs/pstore/console-ramoops-0:[ 0.578410] al_eth 0000:00:00.0: writing to VF config space /sys/fs/pstore/console-ramoops-0:[ 0.590113] al_eth 0000:00:01.0: writing to VF config space /sys/fs/pstore/console-ramoops-0:[ 2.273101] al_eth 0000:00:02.0: writing to VF config space /sys/fs/pstore/console-ramoops-0:[ 2.284805] al_eth 0000:00:03.0: writing to VF config space /sys/fs/pstore/console-ramoops-0:[1055773.221845] Internal error: Oops - BUG: 0 [#1] SMP /sys/fs/pstore/console-ramoops-0:[1055773.226844] Modules linked in: wireguard ip6_udp_tunnel udp_tunnel xt_conntrack nf_nat_tftp nf_conntrack_tftp nf_nat_pptp nf_conntrack_pptp nf_nat_h323 nf_conntrack_h323 nf_nat_proto_gre nf_conntrack_proto_gre nf_nat_ftp nf_conntrack_ftp nf_app(PO) t_miner(PO) tdts(PO) pppoe pppox xt_TCPMSS xt_dpi(O) ifb sch_htb ppp_generic slhc lzo lzo_compress zram gpiodev(PO) ubnthal(PO) ubnt_common(PO) /sys/fs/pstore/console-ramoops-0:[1055773.261639] Process kworker/1:2 (pid: 26655, stack limit = 0x0000000034229667) /sys/fs/pstore/console-ramoops-0:[1055773.269057] CPU: 1 PID: 26655 Comm: kworker/1:2 Tainted: P O 4.19.152-al-linux-v10.2.0-v1.11.4.3940-e66d85f #1 /sys/fs/pstore/console-ramoops-0:[1055773.280575] Hardware name: Annapurna Labs Alpine V2 UBNT (DT) /sys/fs/pstore/console-ramoops-0:[1055773.286549] Workqueue: wg-crypt-wg0 wg_packet_tx_worker [wireguard] /sys/fs/pstore/console-ramoops-0:[1055773.293012] pstate: 40000005 (nZcv daif -PAN -UAO) /sys/fs/pstore/console-ramoops-0:[1055773.298028] pc : kfree+0xd8/0x120 /sys/fs/pstore/console-ramoops-0:[1055773.301544] lr : skb_free_head+0x18/0x30 /sys/fs/pstore/console-ramoops-0:[1055773.305662] sp : ffffff80120f38c0 /sys/fs/pstore/console-ramoops-0:[1055773.309199] x29: ffffff80120f38c0 x28: ffffffc007331e28 /sys/fs/pstore/console-ramoops-0:[1055773.314705] x27: 0000000000000040 x26: 0000000000000011 /sys/fs/pstore/console-ramoops-0:[1055773.320240] x25: ffffffc00c7afec0 x24: ffffffc22fe38000 /sys/fs/pstore/console-ramoops-0:[1055773.325746] x23: 0000000000000001 x22: ffffffc014889000 /sys/fs/pstore/console-ramoops-0:[1055773.331279] x21: ffffffc007331e00 x20: ffffffc00c7afec0 /sys/fs/pstore/console-ramoops-0:[1055773.336786] x19: 0000000000000000 x18: ffffff8008bc9d88 /sys/fs/pstore/console-ramoops-0:[1055773.342325] x17: 0000000000000001 x16: 0000000000000000 /sys/fs/pstore/console-ramoops-0:[1055773.347835] x15: 0000000000020000 x14: 00000000fffffff0 /sys/fs/pstore/console-ramoops-0:[1055773.353375] x13: ffffff8008be01c8 x12: 0000000000000000 /sys/fs/pstore/console-ramoops-0:[1055773.358885] x11: 0000000000000285 x10: 0000000000000002 /sys/fs/pstore/console-ramoops-0:[1055773.364421] x9 : 0000000000000000 x8 : ffffff8008c741a8 /sys/fs/pstore/console-ramoops-0:[1055773.369928] x7 : ffffffc00c7a0000 x6 : ffffffbf0031e800 /sys/fs/pstore/console-ramoops-0:[1055773.375463] x5 : ffffff80086659b8 x4 : ffffffc23ff8c868 /sys/fs/pstore/console-ramoops-0:[1055773.380971] x3 : ffffffc23ff8c868 x2 : 0000000000000000 /sys/fs/pstore/console-ramoops-0:[1055773.386506] x1 : 0000000000000000 x0 : ffffffbf00216c08 /sys/fs/pstore/console-ramoops-0:[1055773.392015] Call trace: /sys/fs/pstore/console-ramoops-0:[1055773.394662] kfree+0xd8/0x120 /sys/fs/pstore/console-ramoops-0:[1055773.397829] skb_free_head+0x18/0x30 /sys/fs/pstore/console-ramoops-0:[1055773.401606] skb_release_data+0x128/0x150 /sys/fs/pstore/console-ramoops-0:[1055773.405812] skb_release_all+0x24/0x30 /sys/fs/pstore/console-ramoops-0:[1055773.409789] kfree_skb+0x2c/0x60 /sys/fs/pstore/console-ramoops-0:[1055773.413215] kfree_skb_list+0x18/0x30 /sys/fs/pstore/console-ramoops-0:[1055773.417075] __dev_queue_xmit+0x3b0/0x890 /sys/fs/pstore/console-ramoops-0:[1055773.421316] dev_queue_xmit+0x10/0x20 /sys/fs/pstore/console-ramoops-0:[1055773.425180] neigh_direct_output+0x10/0x20 /sys/fs/pstore/console-ramoops-0:[1055773.429480] ip_finish_output2+0x1f0/0x3d0 /sys/fs/pstore/console-ramoops-0:[1055773.433807] ip_finish_output+0x170/0x220 /sys/fs/pstore/console-ramoops-0:[1055773.438016] ip_output+0x110/0x120 /sys/fs/pstore/console-ramoops-0:[1055773.441616] ip_local_out+0x44/0x60 /sys/fs/pstore/console-ramoops-0:[1055773.445333] iptunnel_xmit+0x134/0x1e0 /sys/fs/pstore/console-ramoops-0:[1055773.449280] udp_tunnel_xmit_skb+0xdc/0x100 [udp_tunnel] /sys/fs/pstore/console-ramoops-0:[1055773.454790] send4+0x118/0x290 [wireguard] /sys/fs/pstore/console-ramoops-0:[1055773.459112] wg_socket_send_skb_to_peer+0xe4/0x120 [wireguard] /sys/fs/pstore/console-ramoops-0:[1055773.465142] wg_packet_tx_worker+0xd0/0x290 [wireguard] /sys/fs/pstore/console-ramoops-0:[1055773.470590] process_one_work+0x200/0x360 /sys/fs/pstore/console-ramoops-0:[1055773.474795] worker_thread+0x48/0x480 /sys/fs/pstore/console-ramoops-0:[1055773.478681] kthread+0xf8/0x130 /sys/fs/pstore/console-ramoops-0:[1055773.482020] ret_from_fork+0x10/0x1c /sys/fs/pstore/console-ramoops-0:[1055773.485794] Code: f94000c0 377800a0 f94004c0 37000060 (d4210000) /sys/fs/pstore/console-ramoops-0:[1055773.492109] ---[ end trace eb31e8fd6aeee2ef ]--- /sys/fs/pstore/console-ramoops-0:[1055773.500673] Kernel panic - not syncing: Fatal exception in interrupt /sys/fs/pstore/console-ramoops-0:[1055773.507249] SMP: stopping secondary CPUs /sys/fs/pstore/console-ramoops-0:[1055773.511373] Kernel Offset: disabled /sys/fs/pstore/console-ramoops-0:[1055773.515060] CPU features: 0x0,20006008 /sys/fs/pstore/console-ramoops-0:[1055773.519031] Memory Limit: none /sys/fs/pstore/console-ramoops-0:[1055773.526010] Rebooting in 3 seconds.. /sys/fs/pstore/console-ramoops-0: /sys/fs/pstore/console-ramoops-0:No errors detected

peacey commented 2 years ago

@aleksandryants, when you say you want to push a specific subnet through the VPN, do you mean (1) you want to be able to access a specific remote subnet from UDMP clients, or (2) you want to route all traffic from a UDMP subnet to go through the VPN?

aleksandryants commented 2 years ago

@peacey I what to route all traffic from a UDMP subnet to go through the VPN

peacey commented 2 years ago

@aleksandryants if you want to only route a specific UDMP subnet's internet to go through the VPN, you should setup wireguard with split-vpn for policy based routing. Follow the instructions on the split-vpn readme to setup wireguard and force a specific subnet through it.

Also as @tusc suspected, you are also having a kernel panic which is not something that usually happens. If you setup wireguard with split-vpn and continue to have kernel panics, you should modify /mnt/data/wireguard/setup_wireguard.sh and set LOAD_BUILTIN=0 to load the external module instead of the built in but outdated one. The newer external module might fix the kernel panic.

aleksandryants commented 2 years ago

Thank you it is now working