Strange routes when using more than one wg interface
WojtekWaga opened this issue · 2 comments
WojtekWaga commented
Package version
1.0.20220627-1
Firmware version
2.0.9-hotfix.6
Device
EdgeRouter Lite / PoE - e100
Issue description
When configuring more than one wgX interface I'm getting odd routes in the routing table:
Configuration and log output
interfaces {
ethernet eth0 {
description WAN
duplex auto
mtu 1500
speed auto
vif 35 {
description FTTH
pppoe 0 {
default-route auto
firewall {
local {
name WAN_LOCAL
}
}
mtu 1492
name-server auto
password xxxxxx
user-id xxxxxx
}
}
}
ethernet eth1 {
address dhcp
description "WAN 2"
disable
duplex auto
firewall {
in {
name WAN_IN
}
local {
}
}
speed auto
}
ethernet eth2 {
description Local
duplex auto
firewall {
in {
modify balance
}
}
speed auto
vif 101 {
address 192.168.xxxxxx/24
description LAN
mtu 1500
}
vif 102 {
address 192.168.xxxxxx/24
description CAM
firewall {
in {
name CAM
}
}
mtu 1500
}
vif 104 {
address 192.168.xxxxxx/24
description Automatyka
}
vif 105 {
address 192.168.xxxxxx/24
description Drukarka
mtu 1500
}
vif 106 {
address 192.168.xxxxxx/24
description IoT
firewall {
in {
name IoT
}
}
mtu 1500
}
vif 200 {
address 192.168.xxxxxx/24
description GST
firewall {
in {
name GST
}
}
mtu 1500
}
}
loopback lo {
}
wireguard wg0 {
address 192.168.xxxxxx/24
firewall {
in {
name vpn
}
}
listen-port 32768
mtu 1420
peer xxxxxx {
allowed-ips 192.168.xxxxxx/24
}
private-key /config/auth/wg.key
route-allowed-ips true
}
wireguard wg1 {
address 10.0.0.110/24
firewall {
in {
name Marcin
}
}
listen-port 32769
mtu 1420
peer xxxxxx {
allowed-ips 10.0.0.0/24
endpoint xxxxxx
}
private-key /config/auth/wg.key
route-allowed-ips true
}
}chri2 commented
Just stumbled over this or something very similar:
wireguard 1.0.20220627-1
Version: v2.0.9-hotfix.7
Build ID: 5622762
Build on: 06/15/23 11:31
Copyright: 2012-2020 Ubiquiti Networks, Inc.
HW model: EdgeRouter 4
I found a suspicious route for 0.0.0.0/24. After deleting that route i found that it reappeared after setting one of the wireguard interfaces down:
root@wand:~# ip li li | grep wg
29: wg0: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1420 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1
30: wg1: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1420 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1
root@wand:~# ip ro li | grep wg
0.0.0.0/24 dev wg1 proto kernel scope link
10.10.0.0/24 dev wg1 proto kernel scope link src 10.10.0.3
192.168.179.0/24 dev wg0 proto kernel scope link src 192.168.179.254
root@wand:~# ip ro del 0.0.0.0/24
root@wand:~# ip ro li | grep wg
10.10.0.0/24 dev wg1 proto kernel scope link src 10.10.0.3
192.168.179.0/24 dev wg0 proto kernel scope link src 192.168.179.254
root@wand:~# ip li set wg1 down
root@wand:~# ip ro li | grep wg
0.0.0.0/24 dev wg0 proto kernel scope link
192.168.179.0/24 dev wg0 proto kernel scope link src 192.168.179.254
Also re-enabling the interface does let the suspicious route re-appear.
graelo commented
I have the same issue with the e300-v2 (ER-6P).