New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Dream-Machine-SE wireguard: wgsts1000: possible loop detected, dropping skb of size 65216 #2178
Comments
Hello, |
It only happens with the latest OS update and ZT. Remove/Stop ZT and the error messages goes away. |
39499root@Dream-Machine-SE:/config/zerotier-one# sudo systemctl status zerotier-one.service Nov 17 10:31:46 Dream-Machine-SE systemd[1]: Started ZeroTier One. |
Just throwing a comment in here, seeing the same thing on a UDM-SE here when running the service. wireguard: wgsts1000: possible loop detected, dropping skb of size 65216 Would love to see a solution, or at least an acknowledgement from the ZT team, as running this inside a router would be much preferred to running it on some other device that needs to be monitored. |
This is not an error or warning message that is coming from ZeroTier, so I don't see much that can be done from this end. |
So the likely source of this error appears to be related to the custom kernel patches that Ubiquiti ships on the UDM firmware: tusc/wireguard-kmod#80. Beyond that issue, I've found quite a few Ubiquiti community discussions describing issues configuring normal Wireguard alongside the UDM "Teleport" feature (which also appears to use WG under the hood). Given that, I'm m curious if you have one or both of a generic Wireguard network or the Teleport feature enabled on your device(s)? Generally speaking, running multiple VPNs on a single device requires some pretty careful management of system and network configuration, and "one-click" tools like Teleport don't often give you the needed knobs and gauges to do that. Regardless, @glimberg is right that our ability to debug issues specific to Ubiquiti's custom Linux kernel is somewhat limited. We have some personal access to Ubiquiti hardware, but not any kind of direct line to their kernel team. |
Thanks for the acknowledgement and digging! Yes, I have SiteMagic enabled which, I believe, also uses WireGuard under the hood. I also have WireGuard enabled as a VPN Server on the controller which is used for a couple laptops. I'll try opening a case with Unifi, and will update the thread here as it progresses. |
Their first reply:
and my response:
|
And their reply, for what it's worth:
Anyone here know how to get through to a developer, or someone who knows more than scripted replies at Unifi? They replied with generic info about where to configure the WireGuard VPN in the GUI, and I replied with:
I don't have high hopes for their support on this. But I DO hope that someone from Unifi will stumble across this and realize what an incredible oppertunity awaits Unifi if they were to natively support ZeroTier. (or at the very least, remove the patch that mistakenly detects ZeroTier prior to any routes or network joins) |
interestingly enough, I get the exact same "possible loop detected" if I run a command like
wgsts1000 I think is the internal interface for the connecting default WireGuard VPN. |
I hope it somehow gets resolved. |
Great idea! I don't know what interfaces ZT makes, because I disable it instantly after creating it so WireGuard does not throw errors. I'll give that a shot soon. |
While it does look like wgsts1000 is the wireguard (Site Magic) interface, what OTHER interface would I put in the firewall rule? ZeroTier's interfaces follow the format of zt________, where _______ depends on the network being joined. Since the error message shows up PRIOR to any ZT network being joined, it follows to reason that there would not yet be any zerotier interface. I can still give it a shot after hours AFTER joining a ZT network, just to see if it cuts out the errors, but it seems illogical because the errors show up PRIOR to joining a ZT network. |
I’m assuming this is an incompatibility with Ubiquiti’s new Site Magic. ZT used to work just fine on my SE.
Dream-Machine-SE wireguard: wgsts1000: possible loop detected, dropping skb of size 65216
repeats in on the console....
I just removed ZT and all it's configuration and started over, with the currently available ZT package from: https://download.zerotier.com/dist/ubiquiti/zerotier-one_arm64.deb
Dream Machine SE running:
UniFi OS v3.1.16
Network v7.5.187
Protect 2.8.35
I sent a request back in September when this issue first appeared and did not receive even a single hint/suggestion or solution from the discussion forum.
So I’m posing it hear in hopes of finding a solution.
The text was updated successfully, but these errors were encountered: