Page MenuHomeVyOS Platform
Create Task
Maniphest T5329

Wireguard interface as GRE tunnel source causes configuration error on boot
Closed, ResolvedPublicBUG
Actions

Description

Having a wireguard interface as the source interface on a GRE tunnel causes a configuration error on boot. The tunnel interface is then left out from the running config, but can be added later by loading the saved config using the load command. This is observed in both 1.3 and rolling versions of 1.4.

My config for the interfaces are:

tunnel tun0 {
    address 10.68.1.17/30
    description "OSPF Encap"
    encapsulation gre
    ip {
        ospf {
            dead-interval 40
            hello-interval 10
            network point-to-point
            priority 1
            retransmit-interval 5
            transmit-delay 1
        }
    }
    mtu 1280
    remote 10.68.0.2
    source-address 10.68.0.9
    source-interface wg0
}
wireguard wg0 {
    address 10.68.0.9/30
    description "WG for OSPF"
    mtu 1420
    peer FR {
        address xx.xx.xx.xx
        allowed-ips 10.68.0.10/32
        allowed-ips 10.68.0.2/32
        persistent-keepalive 25
        port xxxxx
        preshared-key xxx
        pubkey xxxx
    }
    private-key xxx
}

The error outputted in the console:

image.png (208×1 px, 64 KB)

Details

Version
1.3-rolling-202304051608
Is it a breaking change?
Unspecified (possibly destroys the router)
Issue type
Bug (incorrect behavior)

Related Objects

Event Timeline

jlongendyke created this task.Jun 30 2023, 12:41 PM
pasik subscribed.Jun 30 2023, 1:47 PM
Viacheslav subscribed.Jun 30 2023, 4:00 PM

Wireguard is not yet exists in the system when tun is already exists due to priority

vyos@r14:~$ /opt/vyatta/sbin/priority.pl | match "tun|wireguard"
380 interfaces/tunnel
381 interfaces/wireguard

Try to change priority:

sudo nano -c +3 /opt/vyatta/share/vyatta-cfg/templates/interfaces/wireguard/node.def

replace priority: 381 to priority: 379
And reboot the reouter

jlongendyke added a comment.Jun 30 2023, 4:10 PM

That fixes it. It does seem like more of a band-aid solution though. I don't want to have to do that for every router I deploy using this setup

SrividyaA subscribed.Jun 30 2023, 6:26 PM

https://github.com/vyos/vyos-1x/pull/2063

Restricted Repository Identity mentioned this in rVYOSONEX881eee52bd11: Merge pull request #2063 from srividya0208/T5329.Jun 30 2023, 7:02 PM
SrividyaA mentioned this in rVYOSONEX3d5aba0775ff: T5329 : priority: tunnel config is committed before wireguard.Jun 30 2023, 7:02 PM
Viacheslav changed the task status from Open to In progress.Jul 1 2023, 6:31 AM
Viacheslav assigned this task to SrividyaA.
Viacheslav edited projects, added VyOS 1.4 Sagitta, VyOS 1.3 Equuleus (1.3.4); removed VyOS 1.3 Equuleus.
Viacheslav mentioned this in rVYOSONEX17fb1709aa1e: T5329 : priority: tunnel config is committed before wireguard.Aug 1 2023, 10:36 AM
Viacheslav mentioned this in rVYOSONEXdf982dabe3e4: T5329 : priority: tunnel config is committed before wireguard.
Viacheslav added a comment.Aug 1 2023, 10:40 AM

Cherry-pick https://github.com/vyos/vyos-1x/pull/2125

Viacheslav moved this task from Open to Finished on the VyOS 1.4 Sagitta board.Aug 1 2023, 10:40 AM
Restricted Repository Identity mentioned this in rVYOSONEX80465e2cb222: Merge pull request #2126 from sever-sever/T5329-eq.Aug 10 2023, 1:52 PM
Viacheslav mentioned this in rVYOSONEXe27f566f0f65: T5329 : priority: tunnel config is committed before wireguard.Aug 10 2023, 1:52 PM
Viacheslav closed this task as Resolved.Aug 10 2023, 1:56 PM
Viacheslav moved this task from Need Triage to Finished on the VyOS 1.3 Equuleus (1.3.4) board.
dmbaturin mentioned this in 1.3.4.Sep 14 2023, 1:07 PM