English Forums > High availability

WireGuard with kmod & CARP - configd_run 'wireguard start' issues with carp hook

(1/1)

nzkiwi68:
I've been tearing my hair out with wireguard, CARP, FRR and wireguard-kmod stability issues.

I know, not properly in the kernel, not yet supported, use at your own risk... etc.
It's just that wireguard is so good compared to IPSEC, it sets up so fast, it makes failover amazing.

The issue that keeps happening is wireguard is listed as started but no handshakes occur until you start wireguard again.


What I suspect
I believe the issue is the configd_run 'wireguard start' doesn't work until:

* you reboot the firewall once with wireguard running, even if handshakes were empty
* likely because the first time wireguard is started, if the interfaces are not present then the first start creates the wireguard interfaces but then fails to actually start wireguard
configd_run for wireguard needs to:
To check for wireguard interfaces and if missing, wait and start wireguard again properly.


Is anyone able to help look at the configd_run 'wireguard start" script?

franco:
In a nutshell it just calls

# /usr/local/etc/rc.d/wireguard start

and does whatever the RC system deems appropriate. No clue what's wrong in your cause, but I do know WireGuard doesn't make itself any easier to debug experimental or not. ;)


Cheers,
Franco

Navigation

[0] Message Index