OpenWrt/LEDE Project

  • Status Unconfirmed
  • Percent Complete
    0%
  • Task Type Bug Report
  • Category Base system
  • Assigned To No-one
  • Operating System All
  • Severity Low
  • Priority Very Low
  • Reported Version openwrt-18.06
  • Due in Version Undecided
  • Due Date Undecided
  • Private
Attached to Project: OpenWrt/LEDE Project
Opened by Alex - 12.01.2020

FS#2731 - Wireguard interface mask settings

Wireguard interface by default start with equal IP addresses on both ends of PvP connection and mask 255.255.255.255

That’s prevent from routing and some package working. Even static routes don’t resolve this issue totally.

I have to manually set network mask option in /etc/config/network to make bird4 work with this.

Mainteiners of luci said, protocols need to accept configuration in address/cidr or address/mask format from web configuration utility. So netmask field in luci is unavailable.

But wireguard oblivious don’t.

Alex commented on 12.01.2020 22:42

You can see dialogue here

Admin
Jo-Philipp Wich commented on 12.01.2020 22:43

So what is wrong with `option addresses a.b.c.d/24` ? What configuration did you try, what was wrong about it? What was the expected outcome instead? How did you add the netmask parameter and where? The wireguard.sh proto handler does not implement `option netmask` so you surely must have done something different then.

Alex commented on 12.01.2020 23:04

This is standard configuration of WG interface:

WG0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 inet addr:192.168.160.2 P-t-P:192.168.160.2 Mask:255.255.255.255 UP POINTOPOINT RUNNING NOARP MTU:1420 Metric:1 RX packets:620 errors:0 dropped:0 overruns:0 frame:0 TX packets:683 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:350740 (342.5 KiB) TX bytes:77324 (75.5 KiB)

It's working, but not for all cases.

Maybe it is problem of bird4, but until I don't change interface mask to 255.255.255.0 manually, a new dynamic routes through 192.168.160.1 on other side of tunnel can't be created over this interface.

Any static routes don't change the problem. Not to mention that static routes for VPN connections are not a good idea.

Alex commented on 13.01.2020 22:20

OK. I will describe it again in sequence.

1. For ipv4 protocol mask /32 (or 255.255.255.255) means exactly one address. if it is an interface mask, then only one interface IP is available on this interface, and no other IP are available. That thing, any dynamic routing system purely arithmetically relates to the topic.

2. If I specify CIDR with the address of the interface in the network configuration file or in the web form, this does not change the properties of the created interface. It's start with mask /32 anyway. I can change the interface mask only by directly setting a parameter

option netmask '255.255.255.0'

in the /etc/config/network configuration file. It follows that it is impossible to configure an interface in accordance with the standard requirements by the LuCI form.

3. In the dialogue referenced above, the person told me that in the LuCI form there should not be a separate IP mask field for configuring the protocol. According to the internal rules accepted for openwrt.

4. From what has been said follows that it is necessary to change the way that configuration data is interpreted on initializing the WG interface. That CIDR from the configuration of the interface must turned into an IP address and interface mask. And not just an address with a fixed mask of 255.255.255.255, as it goes now.

Loading...

Available keyboard shortcuts

Tasklist

Task Details

Task Editing