Wireguard in 21.1.8 fresh install won't run

Started by mrEss, July 10, 2021, 01:41:51 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
July 10, 2021, 01:41:51 PM
Hi

I've run into a strange configuration issue. I have my home gateway / Wireguard access server since a few years back and now I'm doing a fresh install on a secondary location. I've followed all the steps in the Howto-Site-to-Site at https://docs.opnsense.org/manual/how-tos/wireguard-s2s.html and keep getting no connection on the new system.

A
Code Select
wg-quick up wg0 on the access server sees all my peers and sets all routes as expected.
Code Select
# wg-quick up wg0
[#] ifconfig wg create name wg0
[!] Missing WireGuard kernel support (ifconfig: SIOCIFCREATE2: Invalid argument). Falling back to slow userspace implementation.
[#] wireguard-go wg0
┌──────────────────────────────────────────────────────┐
│                                                      │
│   Running wireguard-go is not required because this  │
│   kernel has first class support for WireGuard. For  │
│   information on installing the kernel module,       │
│   please visit:                                      │
│         https://www.wireguard.com/install/           │
│                                                      │
└──────────────────────────────────────────────────────┘
[#] wg setconf wg0 /dev/stdin
[#] ifconfig wg0 inet 172.16.15.5/24 alias
[#] ifconfig wg0 mtu 1420
[#] ifconfig wg0 up
[#] resolvconf -a wg0 -x
[#] route -q -n add -inet 172.16.15.100/32 -interface wg0
[#] route -q -n add -inet 192.168.20.0/24 -interface wg0
[+] Backgrounding route monitor

The same is true of the
Code Select
wg show

But on the fresh install there is a final line in the
Code Select
wg-quick up wg0 command that is different.
Code Select
# wg-quick up wg0
[#] ifconfig wg create name wg0
[!] Missing WireGuard kernel support (ifconfig: SIOCIFCREATE2: Invalid argument). Falling back to slow userspace implementation.
[#] wireguard-go wg0
┌──────────────────────────────────────────────────────┐
│                                                      │
│   Running wireguard-go is not required because this  │
│   kernel has first class support for WireGuard. For  │
│   information on installing the kernel module,       │
│   please visit:                                      │
│         https://www.wireguard.com/install/           │
│                                                      │
└──────────────────────────────────────────────────────┘
[#] wg setconf wg0 /dev/stdin
[#] ifconfig wg0 inet 172.16.15.100/24 alias
[#] ifconfig wg0 mtu 1420
[#] ifconfig wg0 up
[#] route -q -n add -inet 172.16.15.5/32 -interface wg0
[#] route -q -n add -inet 172.16.10.0/24 -interface wg0
[#] rm -f /var/run/wireguard/wg0.sock


Where is this last command run?
Code Select

[#] route -q -n add -inet 172.16.10.0/24 -interface wg0
[#] rm -f /var/run/wireguard/wg0.sock

and why is it not
Code Select

[#] route -q -n add -inet 192.168.20.0/24 -interface wg0
[+] Backgrounding route monitor


Does anyone know?
July 11, 2021, 07:39:18 PM #1
To make it clear:

Why does wg-quick up wg0 run an ifconfig wg0 destroy?
July 12, 2021, 07:11:14 AM #2 Last Edit: July 12, 2021, 07:23:52 AM by oupsman
I have the same problem, but after upgrading to 21.1.8.

I tried to uninstall the wireguard plugin and install it back, but still no luck.

I tried to activate Wireguard from cli but no luck :

Code Select

root@OPNsense:~ # wg-quick up /usr/local/etc/wireguard/wg0.conf
[#] ifconfig wg create name wg0
[!] Missing WireGuard kernel support (ifconfig: SIOCIFCREATE2: Invalid argument). Falling back to slow userspace implementation.
[#] wireguard-go wg0
┌──────────────────────────────────────────────────────┐
│                                                      │
│   Running wireguard-go is not required because this  │
│   kernel has first class support for WireGuard. For  │
│   information on installing the kernel module,       │
│   please visit:                                      │
│         https://www.wireguard.com/install/           │
│                                                      │
└──────────────────────────────────────────────────────┘
[#] wg setconf wg0 /dev/stdin
[#] ifconfig wg0 inet 10.112.0.1/24 alias
[#] ifconfig wg0 mtu 1420
[#] ifconfig wg0 up
[#] resolvconf -a wg0 -x
[#] route -q -n add -inet 10.112.0.9/32 -interface wg0
[#] route -q -n add -inet 10.112.0.8/32 -interface wg0
[#] route -q -n add -inet 10.112.0.7/32 -interface wg0
[#] route -q -n add -inet 10.112.0.5/32 -interface wg0
[#] route -q -n add -inet 10.112.0.4/32 -interface wg0
[#] route -q -n add -inet 10.112.0.3/32 -interface wg0
[#] route -q -n add -inet 10.112.0.2/32 -interface wg0
[#] route -q -n add -inet 10.112.0.10/32 -interface wg0
[#] route -q -n add -inet 192.168.1.0/24 -interface wg0
[#] resolvconf -d wg0
[#] rm -f /var/run/wireguard/wg0.sock


More over, Wireguard interface is DOWN in the dashboard and does not appear anymore in the assignments part of the interface.

July 12, 2021, 09:53:14 AM #3
Hmmm, without info on config hard to debug. I have a S2S wireguard between 2x 21.1.8 working fine before and after updating to 21.1.8.
kind regards
chemlud
____
"The price of reliability is the pursuit of the utmost simplicity."
C.A.R. Hoare

felix eichhorns premium katzenfutter mit der extraportion energie

A router is not a switch - A router is not a switch - A router is not a switch - A rou....
July 12, 2021, 07:02:34 PM #4
Quote from: oupsman on July 12, 2021, 07:11:14 AM
I have the same problem, but after upgrading to 21.1.8.

I tried to uninstall the wireguard plugin and install it back, but still no luck.

I tried to activate Wireguard from cli but no luck :

Code Select

root@OPNsense:~ # wg-quick up /usr/local/etc/wireguard/wg0.conf
[#] ifconfig wg create name wg0
[!] Missing WireGuard kernel support (ifconfig: SIOCIFCREATE2: Invalid argument). Falling back to slow userspace implementation.
[#] wireguard-go wg0
┌──────────────────────────────────────────────────────┐
│                                                      │
│   Running wireguard-go is not required because this  │
│   kernel has first class support for WireGuard. For  │
│   information on installing the kernel module,       │
│   please visit:                                      │
│         https://www.wireguard.com/install/           │
│                                                      │
└──────────────────────────────────────────────────────┘
[#] wg setconf wg0 /dev/stdin
[#] ifconfig wg0 inet 10.112.0.1/24 alias
[#] ifconfig wg0 mtu 1420
[#] ifconfig wg0 up
[#] resolvconf -a wg0 -x
[#] route -q -n add -inet 10.112.0.9/32 -interface wg0
[#] route -q -n add -inet 10.112.0.8/32 -interface wg0
[#] route -q -n add -inet 10.112.0.7/32 -interface wg0
[#] route -q -n add -inet 10.112.0.5/32 -interface wg0
[#] route -q -n add -inet 10.112.0.4/32 -interface wg0
[#] route -q -n add -inet 10.112.0.3/32 -interface wg0
[#] route -q -n add -inet 10.112.0.2/32 -interface wg0
[#] route -q -n add -inet 10.112.0.10/32 -interface wg0
[#] route -q -n add -inet 192.168.1.0/24 -interface wg0
[#] resolvconf -d wg0
[#] rm -f /var/run/wireguard/wg0.sock


More over, Wireguard interface is DOWN in the dashboard and does not appear anymore in the assignments part of the interface.

After a bit of diging, I found something : I removed all the clients but my iPhone and tried to activate the wireguard service : it worked. I then added back all the clients and it still works. I tried to find some debug logs but did not found anything, where are they ?
July 12, 2021, 07:46:41 PM #5
Quote from: chemlud on July 12, 2021, 09:53:14 AM
Hmmm, without info on config hard to debug. I have a S2S wireguard between 2x 21.1.8 working fine before and after updating to 21.1.8.

Ok, so what would help?

screenshots of the wireguard setup?

wg0.conf from the remote server:
Code Select
[Interface]
PrivateKey = Edited =
Address = 172.16.15.100/24
ListenPort = 51820

[Peer]
PublicKey = 9mpcKwmI0CeNs9RTlow3i/TV3Amu1gF7nvMmdgHfMAM=
Endpoint = DNS Name of access server:51805
AllowedIPs = 172.16.10.0/24,172.16.15.5/32


Log from the startup:
Code Select
wg-quick up wg0
[#] ifconfig wg create name wg0
[#] wg setconf wg0 /dev/stdin
[#] ifconfig wg0 inet 172.16.15.100/24 alias
[#] ifconfig wg0 mtu 1420
[#] ifconfig wg0 up
[#] route -q -n add -inet 172.16.15.5/32 -interface wg0
[#] route -q -n add -inet 172.16.10.0/24 -interface wg0
[#] ifconfig wg0 destroy

I have installed the wireguard-kmod, hence the difference from the previous post.

The only thing I see differing from the working server is the final ifconfig wg0 destroy
July 12, 2021, 07:48:32 PM #6
Quote from: oupsman on July 12, 2021, 07:02:34 PM
Quote from: oupsman on July 12, 2021, 07:11:14 AM
I have the same problem, but after upgrading to 21.1.8.

I tried to uninstall the wireguard plugin and install it back, but still no luck.

I tried to activate Wireguard from cli but no luck :

Code Select

root@OPNsense:~ # wg-quick up /usr/local/etc/wireguard/wg0.conf
[#] ifconfig wg create name wg0
[!] Missing WireGuard kernel support (ifconfig: SIOCIFCREATE2: Invalid argument). Falling back to slow userspace implementation.
[#] wireguard-go wg0
┌──────────────────────────────────────────────────────┐
│                                                      │
│   Running wireguard-go is not required because this  │
│   kernel has first class support for WireGuard. For  │
│   information on installing the kernel module,       │
│   please visit:                                      │
│         https://www.wireguard.com/install/           │
│                                                      │
└──────────────────────────────────────────────────────┘
[#] wg setconf wg0 /dev/stdin
[#] ifconfig wg0 inet 10.112.0.1/24 alias
[#] ifconfig wg0 mtu 1420
[#] ifconfig wg0 up
[#] resolvconf -a wg0 -x
[#] route -q -n add -inet 10.112.0.9/32 -interface wg0
[#] route -q -n add -inet 10.112.0.8/32 -interface wg0
[#] route -q -n add -inet 10.112.0.7/32 -interface wg0
[#] route -q -n add -inet 10.112.0.5/32 -interface wg0
[#] route -q -n add -inet 10.112.0.4/32 -interface wg0
[#] route -q -n add -inet 10.112.0.3/32 -interface wg0
[#] route -q -n add -inet 10.112.0.2/32 -interface wg0
[#] route -q -n add -inet 10.112.0.10/32 -interface wg0
[#] route -q -n add -inet 192.168.1.0/24 -interface wg0
[#] resolvconf -d wg0
[#] rm -f /var/run/wireguard/wg0.sock


More over, Wireguard interface is DOWN in the dashboard and does not appear anymore in the assignments part of the interface.

After a bit of diging, I found something : I removed all the clients but my iPhone and tried to activate the wireguard service : it worked. I then added back all the clients and it still works. I tried to find some debug logs but did not found anything, where are they ?

I have a single peer configured and it still won't start.
July 14, 2021, 07:59:15 AM #7
the ip address you try to add are not in the same subnet, I wonder if somehow that's not an issue for Wireguard since 21.1.8.
July 14, 2021, 03:43:03 PM #8
Hi,

This is just for anyone stumbling on the same problem.

Problem:
wg-quick up wg0 exits with a ifconfig destroy wg0 ie the tunnel started just previous is killed.

Reason:
WAN is on the same LAN as I want to add a route to from the remote location.

Why is it?
I temporarily connected the remote location router to my home LAN for setup.
Print
Go Up Pages1
User actions