WireGuard not working ipv4 after update to opnsense 24.7.5

Started by RamSense, September 26, 2024, 02:18:07 PM

Previous topic - Next topic
Print
Go Down Pages1 2 3 4
User actions
September 26, 2024, 02:18:07 PM
I have just updated to OPNsense 24.7.5-amd64
FreeBSD 14.1-RELEASE-p5
OpenSSL 3.0.15

Now WireGuard does not work/does not get an ipv4 address, only showing ipv6 when https://www.whatismyip.com/

Others having this issue also? Is there a Quick fix?

Deciso DEC850v2
September 26, 2024, 02:35:35 PM #1
Both of my ip4 tunnels are working fine
Two different "providers"
September 26, 2024, 02:37:29 PM #2
Are you using only ipv4 or ipv4 and ipv6 also?
Deciso DEC850v2
September 26, 2024, 02:45:14 PM #3
Ip4 only
September 26, 2024, 02:48:22 PM #4 Last Edit: September 26, 2024, 08:51:37 PM by franco
Easiest way forward is to roll back core package and reassess:

# opnsense-revert -r 24.7.4 opnsense

(assuming the previous was 24.7.4)

In the general case the update isn't the problem anymore. It's mostly the reboot that "changes" behaviour.


Cheers,
Franco
September 26, 2024, 03:06:50 PM #5
Runs without problems here, IPv4 only though with a S2S-connection.
September 26, 2024, 05:25:28 PM #6
@Franco: I did a restore of my latest working config of 4 days ago and reboot, no difference.
Now I went to the console and run your command:
# opnsense-revert -r 24.7.4
#

but it did nothing? is the command missing something?
Deciso DEC850v2
September 26, 2024, 08:52:45 PM #7
Sorry, I should take more care when proposing such commands.

# opnsense-revert -r 24.7.4 opnsense

opnsense-revert needs a list of packages to revert. We want to revert the core package to test the update theory.


Cheers,
Franco
September 26, 2024, 09:47:44 PM #8 Last Edit: September 27, 2024, 07:40:09 AM by RamSense
@Franco thanks for the follow up. Just did the opnsense-revert -r 24.7.4 opnsense
rebooted opnsense. after that I had to do -interfaces WG -Enable Interface - disabled, and hit safe. and than Enable interface -> enable again and safe. Resulting Wireguard is back up and running getting ipv4 and ipv6 on https://www.whatismyip.com/

What could have caused 24.7.5 to break wireguard getting ipv4? How can I help to localize it?

p.s. the "trick" -interfaces WG -Enable Interface -> disabled, safe. and than enable again and safe, did not work on 24.7.5 as with 24.7.4_1
Deciso DEC850v2
September 27, 2024, 07:56:53 AM #9
> rebooted opnsense. after that I had to do -interfaces WG -Enable Interface - disabled, and hit safe. and than Enable interface -> enable again and safe. Resulting Wireguard is back up and running getting ipv4 and ipv6 on

That's a strange way of saying it works on 24.7.4. We may be looking at the same issue but with different timings. Can we agree your WireGuard isn't up on boot? Can we assume that is because you use FQDNs for the remote end?

That being said I'd much rather try to find the issue in 24.7.5 than trying to figure out why 24.7.4 worked "better".


Cheers,
Franco
September 27, 2024, 08:32:09 AM #10 Last Edit: September 27, 2024, 08:34:37 AM by RamSense
Agree, wild guess: maybe it has to do with my connection being PPPoE? A couple of versions back I had to do thie interface off and on trick with the WAN interface for getting ipv4 and ipv6, although connection being upp. This has been fixed a while back with further updates of opnsense.

Wireguard, road warrior where I have all connected devices traffic going through while away, uses an ipv4 ip as endpoint.
on 24.7.4_1 After a reboot Wireguard is running, and the device connected, but going to https://www.whatismyip.com/ only shows an ipv6 ip. This resulting in some websites to work and some don't. After interface wg off and on, this is corrected and https://www.whatismyip.com/ shows IPv4 and IPv6 and all is working again.
Being on 24.7.5 on reboot, wireguard is showing running, but only IPv6 shows on https://www.whatismyip.com/ whatever I try with interface off and on, or wireguard stopping and starting again.

I hope that helps explaining the setup
Deciso DEC850v2
September 27, 2024, 10:20:36 AM #11
If it's PPPoE it might be https://github.com/opnsense/core/commit/a40bc6ff9 but we did do an extensive call for testing on all of this ;)

# opnsense-patch a40bc6ff9

Not knowing if it reverts or forwards depending on you being on 24.7.4 or 24.7.5. Watch the command line output to see. If it applied correctly at the end it says "Have a nice day".


Cheers,
Franco
September 27, 2024, 11:35:43 AM #12
@Franco: I did the upgrade to core 24.7.5, than applied the opnsense-patch a40bc6ff9 ... have a nice day
- rebooted opnsense box
-> wireguard same problem.
-> I than did the opnsense-revert -r 24.7.4 opnsense back and rebooted opnsense box, wireguard with the off and on interface trick working as before. I do not know if the applied patch is still part of my system now.

So it must be something else I think.

 
Deciso DEC850v2
September 27, 2024, 02:40:13 PM #13
FWIW I have a PPPoE connection, and am using IPv4 Wireguard connections fine post upgrade.

One 'out', and also one back into the router from my mobile devices. All fine.

You haven't been tripped up by an earlier change, have you? What did you update from? I remember at some point if you were using FQDN as endpoints in your tunnels you had to change them to the IP, as they could no longer be resolved. Have you skipped a few upgrades and are perhaps affected by something like that?
September 27, 2024, 02:51:02 PM #14
I also don't have any issues on 24.7.5 with with PPPoE, Wireguard and IPv4/6.

@RamSense Have you tried your trick also on 24.7.5?
Print
Go Up Pages1 2 3 4
User actions