Project

General

Profile

Actions

Bug #12251

open

Wireguard 0.1.5 - ignores "KeepAlive" parameter if empty (instead of disabling)

Added by → luckman212 2 months ago. Updated 5 days ago.

Status:
Confirmed
Priority:
Normal
Category:
WireGuard
Target version:
Start date:
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Affected Version:
Affected Plus Version:
Affected Architecture:
All

Description

Wireguard pkg 0.1.5
pfSense+ 21.05.1

If "KeepAlive" is left empty, config is written as 30 seconds.

Description says "Interval (in seconds) for Keep Alive packets sent to this peer. Default is empty (disabled)."

Setting to "0" does not work either. So, no way to disable keepalives currently.

Actions #1

Updated by Christian McDonald 2 months ago

  • Status changed from New to Confirmed
  • Assignee set to Christian McDonald
  • Target version set to Future
  • Affected Plus Version deleted (21.05.1)
  • Affected Architecture All added
  • Affected Architecture deleted (SG-3100)

Restarting the service will work around this in the mean time

Actions #2

Updated by → luckman212 2 months ago

Thanks. I ended up setting it to a high value, e.g. 86400

Actions #3

Updated by → luckman212 about 2 months ago

Hmm, seems like 86400 is not a valid value after all. It got silently accepted but eventually caused the tunnel to fail. Just noticed this! (status page was throwing up some wild values). I only saw the true error when dropping into the console:

# wg syncconf tun_wg0 /usr/local/etc/wireguard/tun_wg0.conf
Persistent keepalive interval is neither 0/off nor 1-65535: `86400'
Configuration parsing error

There ought to be some input validation to make sure this range is respected.

Actions #4

Updated by Adam Cooper 5 days ago

→ luckman212 wrote in #note-3:

Hmm, seems like 86400 is not a valid value after all. It got silently accepted but eventually caused the tunnel to fail. Just noticed this! (status page was throwing up some wild values). I only saw the true error when dropping into the console:

[...]

There ought to be some input validation to make sure this range is respected.

I've raised PR 151 (https://github.com/theonemcdonald/pfSense-pkg-WireGuard/pull/151) to resolve these two issues.

Now the default empty value (or 0 if you wanted to be super explicit) will be written out to the configs instead of omitting them.
And the user will be informed if any value not in 0 - 65535 is supplied, preventing the silent accept and error

Actions

Also available in: Atom PDF