Wireguard - No interface, No logging

Started by lagus, March 03, 2022, 09:55:07 PM

Previous topic - Next topic
Dear all,

Just updated to:
OPNsense 22.1.2_1-amd64
FreeBSD 13.0-STABLE
OpenSSL 1.1.1m 14 Dec 2021

And already previously I had troubles getting the Wireguard interface up.
Is it somehow colliding with the openVPN service (No openvpn configured but IPSec on my appliance ).
I am unfortunately unable to get any logs from the process.

$ wg showconf wg0
Unable to access interface: Device not configured
$ /usr/local/etc/rc.d/wireguard status
Unable to access interface: Device not configured
$


This is from SYSTEM: LOG FILES: GENERAL:
2022-03-03T21:47:48 Error opnsense /usr/local/etc/rc.bootup: Unable to configure non-existent interface opt4 (wg0)
2022-03-03T21:47:48 Error opnsense /usr/local/etc/rc.bootup: Executed inline creation of non-existent interface opt4 (wg0)
2022-03-03T21:47:48 Notice opnsense plugins_configure openvpn_prepare (execute task : openvpn_prepare(,wg0))
2022-03-03T21:47:48 Notice opnsense plugins_configure openvpn_prepare (,wg0)
2022-03-03T15:49:14 kernel wg0: link state changed to DOWN
2022-03-03T15:49:13 kernel tun0: changing name to 'wg0'
2022-03-03T15:17:24 kernel wg0: link state changed to DOWN
2022-03-03T15:17:24 kernel tun0: changing name to 'wg0'
2022-03-03T15:16:04 opnsense[34308] /usr/local/etc/rc.bootup: The command '/sbin/ifconfig 'wg0' -staticarp' returned exit code '1', the output was 'ifconfig: interface wg0 does not exist'
2022-03-03T15:16:04 opnsense[34308] /usr/local/etc/rc.bootup: The command '/sbin/ifconfig 'wg0' inet6 -accept_rtadv' returned exit code '1', the output was 'ifconfig: interface wg0 does not exist'
2022-03-03T15:16:04 opnsense[34308] plugins_configure openvpn_prepare (execute task : openvpn_prepare(,wg0))
2022-03-03T15:16:04 opnsense[34308] plugins_configure openvpn_prepare (,wg0)
2022-03-03T13:44:01 kernel wg0: link state changed to DOWN
2022-03-03T13:44:01 kernel tun0: changing name to 'wg0'
2022-03-03T13:43:51 kernel wg0: link state changed to DOWN
2022-03-03T13:43:51 kernel tun0: changing name to 'wg0'
2022-03-03T13:41:06 opnsense[33410] /interfaces.php: The command '/usr/sbin/arp -d -i 'wg0' -a > /dev/null 2>&1' returned exit code '1', the output was ''
2022-03-03T13:41:06 opnsense[33410] /interfaces.php: The command '/sbin/ifconfig 'wg0' -staticarp' returned exit code '1', the output was 'ifconfig: interface wg0 does not exist'
2022-03-03T13:41:04 opnsense[33410] /interfaces.php: The command '/sbin/ifconfig 'wg0' inet6 -accept_rtadv' returned exit code '1', the output was 'ifconfig: interface wg0 does not exist'
2022-03-03T13:41:04 opnsense[33410] plugins_configure openvpn_prepare (execute task : openvpn_prepare(,wg0))



What is wrong?
vmware Virtual Env & Netgate SG-4860


Local and Enpoints configurations attached.
Thanks for looking at it.
vmware Virtual Env & Netgate SG-4860

/usr/local/etc/rc.d/wireguard restart via console please

root@muminpappa:~ # /usr/local/etc/rc.d/wireguard restart
wg-quick: `wg0' is not a WireGuard interface
[#] ifconfig wg create name wg0
[!] Missing WireGuard kernel support (ifconfig: SIOCIFCREATE2: Invalid argument). Falling back to slow userspace implementation.
[#] wireguard-go wg0
┌──────────────────────────────────────────────────────┐
│                                                      │
│   Running wireguard-go is not required because this  │
│   kernel has first class support for WireGuard. For  │
│   information on installing the kernel module,       │
│   please visit:                                      │
│         https://www.wireguard.com/install/           │
│                                                      │
└──────────────────────────────────────────────────────┘
[#] wg setconf wg0 /dev/stdin
[#] ifconfig wg0 inet 192.168.19.16/28 alias
[#] ifconfig wg0 mtu 1420
[#] ifconfig wg0 up
[#] route -q -n add -inet 192.168.10.0/24 -interface wg0
[#] rm -f /var/run/wireguard/wg0.sock
root@muminpappa:~ #
vmware Virtual Env & Netgate SG-4860

Can you check your routing table about overlapping networks or ifconfig for overlapping IPs. Usually this happens when OpenVPN is using the same network. FreeBSD is a bit more of a diva

Quote from: mimugmail on March 06, 2022, 07:26:13 AM
FreeBSD is a bit more of a diva

No ***, yeah. that was the error.
No error message, no notification, just won't start.
This is unfortunately stuff that is pushing users (less experienced) to other solutions.

Thank you so very much for your help mimugmail!
This fixed it for both my appliances and it's now working correctly!
vmware Virtual Env & Netgate SG-4860

I'd always prefer IPsec and OpenVPN over WireGuard .. no matter if I wrote the plugin. :)

Okay..  :)

I had no better option as they don't play that nice with dynamic public IPs (4g connection.
Wireguard accept and run with a FQDN dynamically updated.

Many thanks 👍
vmware Virtual Env & Netgate SG-4860

thank you - was trying to configure wireguard along with the openvpn connection for side to side.
I wondered why I see neverever something coming up.
When I deselected the LAN addresses in the allow list, the tunnel was up pretty fast.