Project

General

Profile

Actions
Copy link

Bug #12251

closed

Wireguard 0.1.5 - ignores "KeepAlive" parameter if empty (instead of disabling)

Added by → luckman212 almost 4 years ago. Updated about 3 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
Christian McDonald
Category:
WireGuard
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Affected Version:
Affected Plus Version:
Affected Architecture:
All

Description

Wireguard pkg 0.1.5
pfSense+ 21.05.1

If "KeepAlive" is left empty, config is written as 30 seconds.

Description says "Interval (in seconds) for Keep Alive packets sent to this peer. Default is empty (disabled)."

Setting to "0" does not work either. So, no way to disable keepalives currently.

Actions
Copy link
 #1

Updated by Christian McDonald almost 4 years ago

  • Status changed from New to Confirmed
  • Assignee set to Christian McDonald
  • Target version set to Future
  • Affected Plus Version deleted (21.05.1)
  • Affected Architecture All added
  • Affected Architecture deleted (SG-3100)

Restarting the service will work around this in the mean time

Actions
Copy link
 #2

Updated by → luckman212 almost 4 years ago

Thanks. I ended up setting it to a high value, e.g. 86400

Actions
Copy link
 #3

Updated by → luckman212 almost 4 years ago

Hmm, seems like 86400 is not a valid value after all. It got silently accepted but eventually caused the tunnel to fail. Just noticed this! (status page was throwing up some wild values). I only saw the true error when dropping into the console:

# wg syncconf tun_wg0 /usr/local/etc/wireguard/tun_wg0.conf
Persistent keepalive interval is neither 0/off nor 1-65535: `86400'
Configuration parsing error

There ought to be some input validation to make sure this range is respected.

Actions
Copy link
 #4

Updated by Adam Cooper over 3 years ago

→ luckman212 wrote in #note-3:

Hmm, seems like 86400 is not a valid value after all. It got silently accepted but eventually caused the tunnel to fail. Just noticed this! (status page was throwing up some wild values). I only saw the true error when dropping into the console:

[...]

There ought to be some input validation to make sure this range is respected.

I've raised PR 151 (https://github.com/theonemcdonald/pfSense-pkg-WireGuard/pull/151) to resolve these two issues.

Now the default empty value (or 0 if you wanted to be super explicit) will be written out to the configs instead of omitting them.
And the user will be informed if any value not in 0 - 65535 is supplied, preventing the silent accept and error

Actions
Copy link
 #5

Updated by Adam Cooper over 3 years ago

PR has been merged, should be in the next release so ticket can be closed

Actions
Copy link
 #6

Updated by Viktor Gurov over 3 years ago

  • Status changed from Confirmed to Feedback

Merged

Actions
Copy link
 #7

Updated by Viktor Gurov over 3 years ago

  • Target version deleted (Future)
Actions
Copy link
 #8

Updated by Azamat Khakimyanov about 3 years ago

  • Status changed from Feedback to Resolved

Tested on 22.01

When I used empty 'Keep Alive' field, I got in config: PersistentKeepalive = 0

When I tried to use 'Keep Alive: 86400' I got: "The following input errors were detected: Keep alive interval must be in range 0-65535 (86400)."

I marked this Bug as resolved

Actions
Copy link

Also available in: Atom PDF