kernel: disable WireGuard support to bring back wireguard-go use
kuya1284 opened this issue · 4 comments
Important notices
Before you add a new report, we ask you kindly to acknowledge the following:
- I have read the contributing guide lines at https://github.com/opnsense/plugins/blob/master/CONTRIBUTING.md
- I have searched the existing issues, open and closed, and I'm convinced that mine is new.
- The title contains the plugin to which this issue belongs
Describe the bug
After upgrading to OPNsense 23.7, any UDP Broadcast Relay that includes a WireGuard interface will no longer start. Prior to this release, there were issues with including a WireGuard interface with the kmod version. The workaround was to use the go version instead, as mentioned in the comments in opnsense/plugins#3303. Unfortunately, os-wireguard-go is no longer a viable workaround because it results in the following error:
ioctl(SIOCGIFBRDADDR): Invalid argument
To Reproduce
Steps to reproduce the behavior:
- If they aren't already installed, install both the
os-wireguard-goandos-udpbroadcastrelayplugins - Ensure that a WireGuard interface is configured (i.e. following the Road Warrior Guide)
- Go to
Services > UDP Broadcast Relay - Add a new relay or edit an existing relay. The following is an example (assuming the WireGuard interface is called WG1):
| Enabled | Checked |
| Relay Port | 1900 |
| Relay Interfaces | LAN, WG1 |
| Broadcast Address | 239.255.255.250 |
| Instance ID | 1 |
| Description | Test |
- Click Save, then confirm that the row highlights in yellow
- Alternatively, SSH to the firewall
- Execute the following command:
$ ifconfig
# Take note of the name of the WireGuard interface. For this example, wg1 will be assumed.
$ sudo /usr/local/sbin/udpbroadcastrelay -f --id 1 --port 1900 --multicast 239.255.255.250 --dev wg1
- The following error will appear:
ioctl(SIOCGIFBRDADDR): Invalid argument
Expected behavior
When starting the relay from the GUI, the row must highlight in green to confirm that the relay was configured properly and that the service started. When attempting to start the relay via command-line, it must execute without an error message appearing.
Screenshots
See opnsense/plugins#3303 for examples.
Relevant log files
Available upon request.
Additional context
N/A
Environment
OPNsense 23.7.1_3 (amd64)
UDP Broadcast Relay 1.0_3
Intel Celeron J4125
To be frank this needs to stop. If WireGuard maintainers don't consider WireGuard to be a broadcast-capable interface you simply cannot run a broadcast daemon on it.
One observation that I just noticed is that /var/run/wireguard/wg1.sock is no longer getting created once the process starts. This could be relevant.
To be frank this needs to stop. If WireGuard maintainers don't consider WireGuard to be a broadcast-capable interface you simply cannot run a broadcast daemon on it.
As already explained: os-udpbroadcastrelay worked with os-wireguard-go in OpnSense versions <23.7. So this does not look to be a problem like "WireGuard is not broadcast-capable"
The issue here is that FreeBSD 13.2 added WireGuard to the kernel and wg-quick will use it:
https://github.com/WireGuard/wireguard-tools/blob/master/src/wg-quick/freebsd.bash#L117-L129
Maybe we have to remove WireGuard from the kernel then to get this fixed. I prefer the wireguard-kmod package anyway.