Wireguard [23.7.8_1] '/sbin/route -q -n add -'inet' '10.1.1.0/24' error

[voiping]

Hi,

I am currently facing an issue with Wireguard and a site2site connection to a FritzBox.

The wireguard connection is established, but I cannot reach the other network from any device BUT the opnsense.

Firewall rules and interface are all properly setup. It seems like a routing issue

Currently version 23.7.8_1 of OPNsense throws following error:

Code Select Expand

2023-11-21T09:07:38 Warning wireguard /usr/local/opnsense/scripts/Wireguard/wg-service-control.php: Skipping gateway WG_VPN_GW due to empty 'gateway' property.
2023-11-21T09:07:38 Notice wireguard /usr/local/opnsense/scripts/Wireguard/wg-service-control.php: plugins_configure monitor (execute task : dpinger_configure_do(,WG_VPN_GW))
2023-11-21T09:07:38 Notice wireguard /usr/local/opnsense/scripts/Wireguard/wg-service-control.php: plugins_configure monitor (,WG_VPN_GW)
2023-11-21T09:07:38 Error wireguard /usr/local/opnsense/scripts/Wireguard/wg-service-control.php: ROUTING: not a valid interface gateway address: ''
2023-11-21T09:07:38 Notice wireguard /usr/local/opnsense/scripts/Wireguard/wg-service-control.php: ROUTING: entering configure using 'opt5'
2023-11-21T09:07:38 Notice wireguard wireguard instance wgopn-site-a (wg2) started
2023-11-21T09:07:38 Error wireguard /usr/local/opnsense/scripts/Wireguard/wg-service-control.php: The command '/sbin/route -q -n add -'inet' '10.1.1.0/24' -interface 'wg2'' returned exit code '1', the output was ''
2023-11-21T09:07:38 Notice wireguard wireguard instance wgopn-site-a (wg2) stopped

I have tried removing and setting up the wireguard tunnel on the OPNsense.

The error is not thrown when I remove the 10.1.1.0/24 from the allowed addresses. When I remove the tunnel address, the error is also not thrown.

What I noticed is that when I remove the 10.1.1.0/24 from the allowed addresses, under System > Routes > Status there is still a route to 10.1.1.0/24

[rollspulpfiction]

Hi voiping,

Did you ever figure out how to fix this error? I started getting the same error message since updating to 24.1.8. Wireguard had been working fine since January with previous versions of Opnsense. It would be great to learn how you solved the issue.

Thank you!

[hyp]

Hi i am on latest update. My WG connection was just fine for over 1 1/2 years and now it drops after ~1 hour.
Temp fix is to reload wan interface (sadly fix is working only for ~1 hour too). Live log is showing thats it blocks the vpn connection but cant find any rule that block the connection


EDIT: will try the fix found on an other sub forum with

Code Select Expand

pkg add -f https://pkg.opnsense.org/FreeBSD:13:amd64/snapshots/misc/dhcp6c-20240607_1.pkg

[cookiemonster]

Coincidentally I logged a request for assistance in github for a very similar error https://github.com/opnsense/core/issues/7554
I am on OPNsense 23.7.12_5-amd64
Errors take the form of:

Code Select Expand

/usr/local/opnsense/scripts/Wireguard/wg-service-control.php: The command '/sbin/route -q -n add -'inet' '192.168.5.0/24' -interface 'wg1'' returned exit code '1', the output was ''
or

Code Select Expand

/usr/local/opnsense/scripts/Wireguard/wg-service-control.php: The command '/sbin/route -q -n add -'inet' '0.0.0.0' -interface 'wg1'' returned exit code '1', the output was ''
I have tried stopping the wireguard service first before modifying it but it is the same behaviour.

Those are the errors when changing or adding those networks to an already configured peer.
Clearly I have a setting somewhere that creates a bigger problem because when I change the allowed ips to 0.0.0.0/0, all my LAN clients start failing DNS queries. I'm nowhere near getting a handle on the problem.
Hopefully someone will give us a hint.

[trevs]

Anyone solve this? I just started having the issue too.

[cookiemonster]

In my case it was misconfiguration. Search for my thread for it on the forum. Found it https://forum.opnsense.org/index.php?topic=41260.msg202333#msg202333
There's info there.