Bug #12251
openWireguard 0.1.5 - ignores "KeepAlive" parameter if empty (instead of disabling)
0%
Description
Wireguard pkg 0.1.5
pfSense+ 21.05.1
If "KeepAlive" is left empty, config is written as 30 seconds.
Description says "Interval (in seconds) for Keep Alive packets sent to this peer. Default is empty (disabled)."
Setting to "0" does not work either. So, no way to disable keepalives currently.
Updated by Christian McDonald 9 months ago
- Status changed from New to Confirmed
- Assignee set to Christian McDonald
- Target version set to Future
- Affected Plus Version deleted (
21.05.1) - Affected Architecture All added
- Affected Architecture deleted (
SG-3100)
Restarting the service will work around this in the mean time
Updated by → luckman212 9 months ago
Thanks. I ended up setting it to a high value, e.g. 86400
Updated by → luckman212 9 months ago
Hmm, seems like 86400 is not a valid value after all. It got silently accepted but eventually caused the tunnel to fail. Just noticed this! (status page was throwing up some wild values). I only saw the true error when dropping into the console:
# wg syncconf tun_wg0 /usr/local/etc/wireguard/tun_wg0.conf Persistent keepalive interval is neither 0/off nor 1-65535: `86400' Configuration parsing error
There ought to be some input validation to make sure this range is respected.
Updated by Adam Cooper 7 months ago
→ luckman212 wrote in #note-3:
Hmm, seems like 86400 is not a valid value after all. It got silently accepted but eventually caused the tunnel to fail. Just noticed this! (status page was throwing up some wild values). I only saw the true error when dropping into the console:
[...]
There ought to be some input validation to make sure this range is respected.
I've raised PR 151 (https://github.com/theonemcdonald/pfSense-pkg-WireGuard/pull/151) to resolve these two issues.
Now the default empty value (or 0 if you wanted to be super explicit) will be written out to the configs instead of omitting them.
And the user will be informed if any value not in 0 - 65535 is supplied, preventing the silent accept and error
Updated by Adam Cooper 7 months ago
PR has been merged, should be in the next release so ticket can be closed