-
Notifications
You must be signed in to change notification settings - Fork 727
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Wireguard | Lost peer allowed ips config after upgrade 23.7.6 #6934
Comments
Can you confirm that the settings were not dropped from the config.xml? Did you reboot? Which was the version being used before? |
Yes i rebooted after the upgrade from 23.7.5, i see the correct data in config.xml see:
My bet it's because some renaming was introduced from clients -> peers ? |
The renaming should only affect the GUI. If it's still displayed then it's fine. wg.conf creation in particular has not been changed. Does it work if you manually restart it? |
OK, I manually restarted via UI and it comes online with proper |
It may be related to this change then 70df688a9 particularly src/opnsense/scripts/Wireguard/wg-service-control.php |
Do you have virtual IPs set for this one or assigned the wg interface and added an IPv4 configuration? |
mullvad I supposed? Then same issue as described here: https://forum.opnsense.org/index.php?topic=36403.0 |
No mullvad, just my remote wg server, I deleted ipv4 static config for WG interface and after the reboot |
Ok, sicne 23.7.6 configuring an IPv4 or IPv6 mode is not possible anymore. Then I'm switching this back to "support" and I hope we can close? :) |
My colleague says you should change:
to:
Cheers, |
Maybe some workaround?
Now i got this. |
As I understand since there is no ipv4 config for WG intreface, I should update firewall rules and other settings to allow things to work? For example UI is not accessible via WG ip, before with ipv4 static ip it was working fine. |
That's probably #6934 (comment) (no other changes necessary as far as I can tell) |
Did the change already to /24, via tcpdump I got
but no, ssh, https acces, icmp is working. That's the reason I added ipv4 static ip for WG at first place, without it, nothing going trough from the WG server |
Can you post the ifconfig output of wg1 or send it privately to franco AT opnsense DOT org ? Thanks, |
|
It looks correct. Try to reload the firewall rules:
|
I see something strange here
there are olny unbound and ntpd running open on WG ip, no sshd or lighttpd Update: |
|
Yes, configctl webgui restart helps and lighttpd started on the WG ip, so what should I do make it reloaded after reboot? |
To be frank the listening behaviour and its problems is explained here: https://docs.opnsense.org/manual/settingsmenu.html#listen-interfaces The behaviour depends on a number of factors... I think a static WAN setup might not do what you want in this case. How is your WAN IPv4/IPv6 mode configured? |
Thank you for pointing to the right place in docs, since from now there is no ipv4 config possible for wg, I will switch to listen on all interface for webgui and ssh and make firewall do the things. I tested it now and it works perfectly.
|
Ok, close then? :) |
Important notices
Before you add a new report, we ask you kindly to acknowledge the following:
Describe the bug
After performing latest upgrade and restart I lost wg connectivity and noticed that via
wg show
I haveallowed ips : (none)
while my/usr/local/etc/wireguard/wg1.conf
is perfectly fine.To Reproduce
Steps to reproduce the behavior:
Expected behavior
Should be working fine after upgrade
Environment
Software version used and hardware type if relevant, e.g.:
OPNsense 23.7.6
The text was updated successfully, but these errors were encountered: