Page MenuHomeVyOS Platform
Create Task
Maniphest T5329

Wireguard interface as GRE tunnel source causes configuration error on boot
Closed, ResolvedPublicBUG
Actions

Description

Having a wireguard interface as the source interface on a GRE tunnel causes a configuration error on boot. The tunnel interface is then left out from the running config, but can be added later by loading the saved config using the load command. This is observed in both 1.3 and rolling versions of 1.4.

My config for the interfaces are:

tunnel tun0 {
    address 10.68.1.17/30
    description "OSPF Encap"
    encapsulation gre
    ip {
        ospf {
            dead-interval 40
            hello-interval 10
            network point-to-point
            priority 1
            retransmit-interval 5
            transmit-delay 1
        }
    }
    mtu 1280
    remote 10.68.0.2
    source-address 10.68.0.9
    source-interface wg0
}
wireguard wg0 {
    address 10.68.0.9/30
    description "WG for OSPF"
    mtu 1420
    peer FR {
        address xx.xx.xx.xx
        allowed-ips 10.68.0.10/32
        allowed-ips 10.68.0.2/32
        persistent-keepalive 25
        port xxxxx
        preshared-key xxx
        pubkey xxxx
    }
    private-key xxx
}

The error outputted in the console:

image.png (208×1 px, 64 KB)

Details

Difficulty level
Unknown (require assessment)
Version
1.3-rolling-202304051608
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Unspecified (possibly destroys the router)
Issue type
Bug (incorrect behavior)

Related Objects

Mentioned In
1.3.4

Event Timeline

jlongendyke created this task.Jun 30 2023, 12:41 PM
pasik added a subscriber: pasik.Jun 30 2023, 1:47 PM
Viacheslav added a subscriber: Viacheslav.Jun 30 2023, 4:00 PM

Wireguard is not yet exists in the system when tun is already exists due to priority

vyos@r14:~$ /opt/vyatta/sbin/priority.pl | match "tun|wireguard"
380 interfaces/tunnel
381 interfaces/wireguard

Try to change priority:

sudo nano -c +3 /opt/vyatta/share/vyatta-cfg/templates/interfaces/wireguard/node.def

replace priority: 381 to priority: 379
And reboot the reouter

jlongendyke added a comment.Jun 30 2023, 4:10 PM

That fixes it. It does seem like more of a band-aid solution though. I don't want to have to do that for every router I deploy using this setup

SrividyaA added a subscriber: SrividyaA.Jun 30 2023, 6:26 PM

https://github.com/vyos/vyos-1x/pull/2063

Viacheslav changed the task status from Open to In progress.Jul 1 2023, 6:31 AM
Viacheslav assigned this task to SrividyaA.
Viacheslav edited projects, added VyOS 1.4 Sagitta, VyOS 1.3 Equuleus (1.3.4); removed VyOS 1.3 Equuleus.
Viacheslav added a comment.Aug 1 2023, 10:40 AM

Cherry-pick https://github.com/vyos/vyos-1x/pull/2125

Viacheslav moved this task from Need Triage to Finished on the VyOS 1.4 Sagitta board.Aug 1 2023, 10:40 AM
Viacheslav closed this task as Resolved.Aug 10 2023, 1:56 PM
Viacheslav moved this task from Need Triage to Finished on the VyOS 1.3 Equuleus (1.3.4) board.
dmbaturin mentioned this in 1.3.4.Sep 14 2023, 1:07 PM