OPNsense Forum

English Forums => High availability => Topic started by: nzkiwi68 on January 19, 2023, 06:41:23 am

Title: WireGuard with kmod & CARP - configd_run 'wireguard start' issues with carp hook
Post by: nzkiwi68 on January 19, 2023, 06:41:23 am

I've been tearing my hair out with wireguard, CARP, FRR and wireguard-kmod stability issues.

I know, not properly in the kernel, not yet supported, use at your own risk... etc.
It's just that wireguard is so good compared to IPSEC, it sets up so fast, it makes failover amazing.

The issue that keeps happening is wireguard is listed as started but no handshakes occur until you start wireguard again.


What I suspect
I believe the issue is the configd_run 'wireguard start' doesn't work until:

• you reboot the firewall once with wireguard running, even if handshakes were empty
• likely because the first time wireguard is started, if the interfaces are not present then the first start creates the wireguard interfaces but then fails to actually start wireguard

configd_run for wireguard needs to:
To check for wireguard interfaces and if missing, wait and start wireguard again properly.


Is anyone able to help look at the configd_run 'wireguard start" script?

Title: Re: WireGuard with kmod & CARP - configd_run 'wireguard start' issues with carp hook
Post by: franco on January 19, 2023, 09:17:16 am

In a nutshell it just calls

# /usr/local/etc/rc.d/wireguard start

and does whatever the RC system deems appropriate. No clue what's wrong in your cause, but I do know WireGuard doesn't make itself any easier to debug experimental or not. ;)


Cheers,
Franco