Wireguard selective routing gateways loop detected

[phoropter]

Important notices

Before you add a new report, we ask you kindly to acknowledge the following:

• I have read the contributing guide lines at https://github.com/opnsense/core/blob/master/CONTRIBUTING.md
• I am convinced that my issue is new after having checked both open and closed issues at https://github.com/opnsense/core/issues?q=is%3Aissue

Describe the bug

Somewhat regularly, about once a day, one of the gateways I have set up for Mullvad will get 100% packet loss and General System Logs will show wgX: loop detected. If I manually disable then enable the gateways, things will be fine for a while.

I have created 3 tunnels to mullvad, put into a gateway group, following the mullvad roadwarrior and the selective routing guides to a tee.

To Reproduce

Steps to reproduce the behavior:

1. Create multiple mullvad tunnels and set up selective routing
2. Eventually one of the gateways will loop

Expected behavior

For the loops to not happen.

Describe alternatives you considered

Not sure of any viable alternatives.

Screenshots

Gateways if helpful:

Relevant log files

The logs show hundreds of lines of wgX: loop detected in the space of a few seconds. There are no consistent preceding events that I can find.

Additional context

I have opnsense sitting behind an AT&T fiber gateway in passthrough mode with the WAN gateway set to Far Gateway.

Separately, as a stopgap measure, is it possible to have monit restart the gateways? I was unable to find any commands that are capable of doing so.

Environment

Software version used and hardware type if relevant, e.g.:

OPNsense 23.7.7_3 (amd64, OpenSSL).
Intel i5-8600T 2.3Ghz 6 Core
Network Supermicro AOC-STGN-I2S

[fichtner]

Same here https://forum.opnsense.org/index.php?topic=35919.0 ... since this pertains Mullvad and the kernel module I'm not entirely sure we can do anything here. Marking upstream for now.

[phoropter]

Same here https://forum.opnsense.org/index.php?topic=35919.0 ... since this pertains Mullvad and the kernel module I'm not entirely sure we can do anything here. Marking upstream for now.

I guess that's not surprising. In the meantime, is it possible to have monit restart gateways when they go down? I have been unable to find any command to manipulate them.

[phoropter]

I was following the docs for creating a site-to-site and noticed it has a normalization section in setting up firewall rules that doesn't exist for the mullvad & selective routing docs. After setting up the site-to-site I haven't had any issues.

[OPNsense-bot]

This issue has been automatically timed-out (after 180 days of inactivity).

For more information about the policies for this repository,
please read https://github.com/opnsense/core/blob/master/CONTRIBUTING.md for further details.

If someone wants to step up and work on this issue,
just let us know, so we can reopen the issue and assign an owner to it.