SOLVED Wireguard-kmod since 22.7.6 with multi WAN & HA - wg starts on backup fw

[nzkiwi68]

• I have WAN & WAN2 and clustered firewalls.
• I am using Wireguard plus the kmod option
• FRR with BGP for multi WAN failover
• Plus the  jprenken/10-wireguard wireguard CARP script to start and stop wireguard-kmod based on CARP https://gist.github.com/jprenken/18ca7bf14ddae547ae0fdf6f56d72573

This all used to work flawlessly. Super fast failover for WAN to WAN2 and super fast transition from fw1 to fw2 - like losing 2 pings only. Amazing!

However, since upgrading to 22.7.6

• If you sync the primary firewall to the backup, wireguard starts on the backup firewall causing all sorts of issues. The nighly sync CRON job causes chaos
• I can't pin it down, but now, FRR sometimes fails to startup too, yet FRR is set to follow CARP. e.g. restart the primary fw, it restarts, takes over as the CARP master and FRR fails to start sometimes!

I have resorted to "unticking" wireguard sync in the HA settings to prevent wireguard form starting on the backup firewall and adding another CRON job to run every minute  to enable or disable wireguard based on the CARP status https://gist.github.com/taxilian/eecdc1fb17cf70e8080118cf6d8af412

Any ideas what changed with 22.7.6?

[nzkiwi68]

I'd like to report for anyone interested...

22.7.7_1 has completely solved all the funny problems.


No longer is any of the following needed:

I have resorted to "unticking" wireguard sync in the HA settings to prevent wireguard from starting on the backup firewall and adding another CRON job to run every minute  to enable or disable wireguard based on the CARP status https://gist.github.com/taxilian/eecdc1fb17cf70e8080118cf6d8af412

[nzkiwi68]

I'm back to super fast 2-3 pings failover from primary to backup firewall.

Yah!