Reply
Established Member
Posts: 1,667
Registered: ‎05-03-2016
Kudos: 576
Solutions: 158

Re: Release: WireGuard for EdgeRouter

@viviandarkbloom 

 

You could carefully text edit /config/config.boot to be what you actually want and then simply reboot the router.

New Member
Posts: 6
Registered: ‎08-24-2017
Kudos: 5

Re: Release: WireGuard for EdgeRouter

[ Edited ]

@karog 

 

from the wg-quick documentation:

Table — Controls the routing table to which routes are added. There are two special values: ‘off’ disables the creation of routes altogether, and ‘auto’ (the default) adds routes to the default table and enables special handling of default routes.

But this configuration node is not available for wireguard for edgerouter.

 

route-allowed-ip = false, disables the routing between the peers. it still writes to the main routing table for the wireguard interface and inserts a 0.0.0.0/8 or /16 or /24.

 

I have table = off on my linux setup and works as intented but edgerouter port seems to be missing this confiration option.

 

show ip route for the edgerouter

C    *> 0.0.0.0/8 is directly connected, wg0

C    *> 10.0.0.0/8 is directly connected, wg0

 

i do not want the wireguard interface to write 0.0.0.0/8 to the main routing table. it creates confusion if i have multiple wireguard interfaces definited.

 

Emerging Member
Posts: 45
Registered: ‎02-11-2018
Kudos: 6
Solutions: 1

Re: Release: WireGuard for EdgeRouter

@Charlie_P It's probably the same bug as this: https://community.ubnt.com/t5/EdgeRouter/Routing-Table-Entry-0-0-0-0-24/m-p/2669560#M240292
I too asked about it as I'm getting a 0.0.0.0/24 route.
New Member
Posts: 6
Registered: ‎08-24-2017
Kudos: 5

Re: Release: WireGuard for EdgeRouter

thanks for the headup... didn't realised it a long standing bug. probably will never get fixed.

 

will uninstall the wireguard tunnels from edgerouter and use a standalone linux machine.

pitty.... the speed for wireguard was FAST on ER4

Member
Posts: 724
Registered: ‎09-13-2018
Kudos: 137
Solutions: 48

Re: Release: WireGuard for EdgeRouter

What problem was the 0.0.0.0/24 route causing?  I don't use wireguard (yet), but that route doesn't cause problems.  That is probably one of the reasons it has never been fixed.  Just ignore it, it isn't going to route any useful traffic.

Emerging Member
Posts: 45
Registered: ‎02-11-2018
Kudos: 6
Solutions: 1

Re: Release: WireGuard for EdgeRouter


@BuckeyeNet wrote:

What problem was the 0.0.0.0/24 route causing?  I don't use wireguard (yet), but that route doesn't cause problems.  That is probably one of the reasons it has never been fixed.  Just ignore it, it isn't going to route any useful traffic.


Or one could add a script to /config/scripts/post-config.d to clean up these routes if they are causing any problems, but I don't think they do, they are just confusing if not paying close attention to the mask, that's all.

Highlighted
Emerging Member
Posts: 85
Registered: ‎04-13-2017
Kudos: 17
Solutions: 1

Re: Release: WireGuard for EdgeRouter

[ Edited ]

if it ain't broke, then don't fix it...

New Member
Posts: 4
Registered: ‎06-02-2018

Re: Release: WireGuard for EdgeRouter

[ Edited ]

Hoping someone can point out why my WireGuard configuration allows IPv4 access to LAN and WAN but only IPv6 access to LAN through the tunnel. I am trying to setup as Road Warrier as described here but when testing the connection I cannot access IPv6 on the internet.

 

I am reasonably confident that my WireGuard server and client configurations are correct but would appreciate if anyone could point out whether additional router settings are required to get this working or whether it cannot be done. The client config is using AllowedIPs = 0.0.0.0/0, ::/0.

 

I have a feeling that the reason it works for IPv4 is this section of my configuration, but is there an IPv6 equivalent?

    nat {
        rule 5010 {
            description "masquerade for WAN"
            outbound-interface pppoe0
            type masquerade
        }
    }

Has anyone got IPv6 to the internet working through a WireGuard tunnel on EdgeOS using a built-in function or maybe something like:

sudo /sbin/ip6tables -t nat -A POSTROUTING -s fd00::/64 -o pppoe0 -j MASQUERADE

Thanks for any advice!

Reply