WireGuard not working ipv4 after update to opnsense 24.7.5

[RamSense]

I have just updated to OPNsense 24.7.5-amd64
FreeBSD 14.1-RELEASE-p5
OpenSSL 3.0.15

Now WireGuard does not work/does not get an ipv4 address, only showing ipv6 when https://www.whatismyip.com/

Others having this issue also? Is there a Quick fix?

[DEC670airp414user]

Both of my ip4 tunnels are working fine
Two different “providers”

[RamSense]

Are you using only ipv4 or ipv4 and ipv6 also?

[DEC670airp414user]

Ip4 only

[franco]

Easiest way forward is to roll back core package and reassess:

# opnsense-revert -r 24.7.4 opnsense

(assuming the previous was 24.7.4)

In the general case the update isn't the problem anymore. It's mostly the reboot that "changes" behaviour.


Cheers,
Franco

[Bob.Dig]

Runs without problems here, IPv4 only though with a S2S-connection.

[RamSense]

@Franco: I did a restore of my latest working config of 4 days ago and reboot, no difference.
Now I went to the console and run your command:
# opnsense-revert -r 24.7.4
#

but it did nothing? is the command missing something?

[franco]

Sorry, I should take more care when proposing such commands.

# opnsense-revert -r 24.7.4 opnsense

opnsense-revert needs a list of packages to revert. We want to revert the core package to test the update theory.


Cheers,
Franco

[RamSense]

@Franco thanks for the follow up. Just did the opnsense-revert -r 24.7.4 opnsense
rebooted opnsense. after that I had to do -interfaces WG -Enable Interface - disabled, and hit safe. and than Enable interface -> enable again and safe. Resulting Wireguard is back up and running getting ipv4 and ipv6 on https://www.whatismyip.com/

What could have caused 24.7.5 to break wireguard getting ipv4? How can I help to localize it?

p.s. the "trick" -interfaces WG -Enable Interface -> disabled, safe. and than enable again and safe, did not work on 24.7.5 as with 24.7.4_1

[franco]

> rebooted opnsense. after that I had to do -interfaces WG -Enable Interface - disabled, and hit safe. and than Enable interface -> enable again and safe. Resulting Wireguard is back up and running getting ipv4 and ipv6 on

That's a strange way of saying it works on 24.7.4. We may be looking at the same issue but with different timings. Can we agree your WireGuard isn't up on boot? Can we assume that is because you use FQDNs for the remote end?

That being said I'd much rather try to find the issue in 24.7.5 than trying to figure out why 24.7.4 worked "better".


Cheers,
Franco

[RamSense]

Agree, wild guess: maybe it has to do with my connection being PPPoE? A couple of versions back I had to do thie interface off and on trick with the WAN interface for getting ipv4 and ipv6, although connection being upp. This has been fixed a while back with further updates of opnsense.

Wireguard, road warrior where I have all connected devices traffic going through while away, uses an ipv4 ip as endpoint.
on 24.7.4_1 After a reboot Wireguard is running, and the device connected, but going to https://www.whatismyip.com/ only shows an ipv6 ip. This resulting in some websites to work and some don't. After interface wg off and on, this is corrected and https://www.whatismyip.com/ shows IPv4 and IPv6 and all is working again.
Being on 24.7.5 on reboot, wireguard is showing running, but only IPv6 shows on https://www.whatismyip.com/ whatever I try with interface off and on, or wireguard stopping and starting again.

I hope that helps explaining the setup

[franco]

If it's PPPoE it might be https://github.com/opnsense/core/commit/a40bc6ff9 but we did do an extensive call for testing on all of this

# opnsense-patch a40bc6ff9

Not knowing if it reverts or forwards depending on you being on 24.7.4 or 24.7.5. Watch the command line output to see. If it applied correctly at the end it says "Have a nice day".


Cheers,
Franco

[RamSense]

@Franco: I did the upgrade to core 24.7.5, than applied the opnsense-patch a40bc6ff9 ... have a nice day
- rebooted opnsense box
-> wireguard same problem.
-> I than did the opnsense-revert -r 24.7.4 opnsense back and rebooted opnsense box, wireguard with the off and on interface trick working as before. I do not know if the applied patch is still part of my system now.

So it must be something else I think.

 

[Taunt9930]

FWIW I have a PPPoE connection, and am using IPv4 Wireguard connections fine post upgrade.

One 'out', and also one back into the router from my mobile devices. All fine.

You haven't been tripped up by an earlier change, have you? What did you update from? I remember at some point if you were using FQDN as endpoints in your tunnels you had to change them to the IP, as they could no longer be resolved. Have you skipped a few upgrades and are perhaps affected by something like that?

[iam]

I also don't have any issues on 24.7.5 with with PPPoE, Wireguard and IPv4/6.

@RamSense Have you tried your trick also on 24.7.5?