IPv6 Addresses diappear from wg interface when committing a change
starcraft66 opened this issue · comments
In my config I have the following:
ubnt@235-gw# show interfaces wireguard wg0
address 172.32.1.1/24
address fe80::971a:99ff:fec6:43cb/64
ip {
ospf {
dead-interval 40
hello-interval 10
network point-to-point
priority 1
retransmit-interval 5
transmit-delay 1
}
}
ipv6 {
ospfv3 {
cost 1
dead-interval 40
hello-interval 10
instance-id 0
priority 1
retransmit-interval 5
transmit-delay 1
}
}
listen-port 51820
mtu 1420
[a bunch of peers]
}
private-key /config/auth/wg0.private
route-allowed-ips false
[edit]
If I make and commit any changes to the wireguard interface (for example, changing the mtu), all ipv6 addresses defined on the interface (it doesn't matter how many I add) are removed from the interface and I need to manually add them back to the interface using standard iproute2
commands.
If you down the interface by running ip link set down wg0
you will also see IPv6 addresses removed. I wonder if this is a problem upstream.
I'm also seeing this issue.
I manually add the address back in with ip a a 2001::xxx/64 dev wg0
Routing doesn't stop for me so clients are still reachable but this is obviously still an issue.
Definitely an upstream problem, with my testing.
I wrote this script to work around it:
#!/bin/bash
scriptname=$(basename $0)
confdir=/opt/vyatta/config/active/interfaces/wireguard
commithookdir=/etc/commit/post-hooks.d
scriptdir="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )"
if [ "${scriptdir}" != "${commithookdir}" ]; then
if [ ! -h "${commithookdir}/${scriptname}" ]; then
ln -s "${scriptdir}/${scriptname}" "${commithookdir}"
fi
fi
shopt -s nullglob
for ifaceconf in ${confdir}/*;do
dev="$(basename "${ifaceconf}")"
conffile="${confdir}/${dev}/address/node.val"
[ -f "${conffile}" ] || continue
for addr in $(sed -ne '/^[0-9a-f:]\+\/[0-9]\+$/p' ${conffile});do
ip addr show dev ${dev} | \
grep -q "inet6 ${addr} scope global" \
|| ip -6 addr add ${addr} dev ${dev}
done
done
Install into /config/scripts/post-config.d
. After boot (or if you run it manually), it will symlink itself into /etc/commit/post-hooks.d/
, so that it's run after every commit. (/etc/commit/post-hooks.d/
is cleared on reboot)
Edit: I hereby grant unrestricted usage of the above script, including @Lochnair if they decide to use it, or a variation of it within the vyatta-wireguard package.