IPv6 Addresses diappear from wg interface when committing a change

Question

IPv6 Addresses diappear from wg interface when committing a change

starcraft66 opened this issue 5 years ago · comments

In my config I have the following:

ubnt@235-gw# show interfaces wireguard wg0
 address 172.32.1.1/24
 address fe80::971a:99ff:fec6:43cb/64
 ip {
     ospf {
         dead-interval 40
         hello-interval 10
         network point-to-point
         priority 1
         retransmit-interval 5
         transmit-delay 1
     }
 }
 ipv6 {
     ospfv3 {
         cost 1
         dead-interval 40
         hello-interval 10
         instance-id 0
         priority 1
         retransmit-interval 5
         transmit-delay 1
     }
 }
 listen-port 51820
 mtu 1420
 [a bunch of peers]
}
 private-key /config/auth/wg0.private
 route-allowed-ips false
[edit]

If I make and commit any changes to the wireguard interface (for example, changing the mtu), all ipv6 addresses defined on the interface (it doesn't matter how many I add) are removed from the interface and I need to manually add them back to the interface using standard iproute2 commands.

whiskerz007 · Answer 1 · Fri Oct 25 2019 16:49:27 GMT+0800 (China Standard Time)

If you down the interface by running ip link set down wg0 you will also see IPv6 addresses removed. I wonder if this is a problem upstream.

madpsy · Answer 2 · Wed Oct 30 2019 00:00:33 GMT+0800 (China Standard Time)

I'm also seeing this issue.
I manually add the address back in with ip a a 2001::xxx/64 dev wg0

Routing doesn't stop for me so clients are still reachable but this is obviously still an issue.

Mike Beattie · Answer 3 · Mon Nov 18 2019 18:47:25 GMT+0800 (China Standard Time)

Definitely an upstream problem, with my testing.

I wrote this script to work around it:

#!/bin/bash

scriptname=$(basename $0)

confdir=/opt/vyatta/config/active/interfaces/wireguard
commithookdir=/etc/commit/post-hooks.d
scriptdir="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )"

if [ "${scriptdir}" != "${commithookdir}" ]; then
    if [ ! -h "${commithookdir}/${scriptname}" ]; then
        ln -s "${scriptdir}/${scriptname}" "${commithookdir}"
    fi
fi

shopt -s nullglob

for ifaceconf in ${confdir}/*;do
    dev="$(basename "${ifaceconf}")"

    conffile="${confdir}/${dev}/address/node.val"

    [ -f "${conffile}" ] || continue

    for addr in $(sed -ne '/^[0-9a-f:]\+\/[0-9]\+$/p' ${conffile});do

        ip addr show dev ${dev}                  | \
            grep -q "inet6 ${addr} scope global"   \
        || ip -6 addr add ${addr} dev ${dev}

    done
done

Install into /config/scripts/post-config.d. After boot (or if you run it manually), it will symlink itself into /etc/commit/post-hooks.d/, so that it's run after every commit. (/etc/commit/post-hooks.d/ is cleared on reboot)

Edit: I hereby grant unrestricted usage of the above script, including @Lochnair if they decide to use it, or a variation of it within the vyatta-wireguard package.