1
24.1 Production Series / Re: 24.1.5: Wiregard routing/masquerading issue? How to rollback?
« on: April 06, 2024, 04:10:55 am »
For people that have this issue: Check if you've assigned a static ip address to your wireguard interface. You would be able to see this under Interface->[Your wireguard interface].
If you go to this page and press save without making ANY changes, opnsense will yell at you with an error message. Make the fix (in my case, don't assign a static ip address), then press save, apply the changes, and then restart wireguard. The routes will now get propagated.
In my case, this is not the issue (at least not obviously); routes are not being propagated, as you pointed out, but, it's not due to an issue with the interface configuration.
My interface is set to "None" for the IPv4 and v6 configuration type -- all of my WG interfaces are -- and doing a "save" does not generate an error.
However, the UI *does* say that a change was made and now I need to apply it, even though no change was actually made, which may imply something else changed.
Certainly possible that it's something related to the Github issue mentioned. My list of AllowedIPs is quite extensive, 168 defined networks or /32 hosts. I'll go through that carefully and look for any overlaps - I did find a /24 which was also defined in a /16.
In my situation, though, manually restarting the interface in question from the UI allowed me to route traffic again, but it's still not clear what's "broken".