Project

General

Profile

Actions
Copy link

Bug #12251

open

Wireguard 0.1.5 - ignores "KeepAlive" parameter if empty (instead of disabling)

Added by → luckman212 9 months ago. Updated 4 months ago.

Status:
Feedback
Priority:
Normal
Assignee:
Christian McDonald
Category:
WireGuard
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Affected Version:
Affected Plus Version:
Affected Architecture:
All

Description

Wireguard pkg 0.1.5
pfSense+ 21.05.1

If "KeepAlive" is left empty, config is written as 30 seconds.

Description says "Interval (in seconds) for Keep Alive packets sent to this peer. Default is empty (disabled)."

Setting to "0" does not work either. So, no way to disable keepalives currently.

Actions
Copy link
 #1

Updated by Christian McDonald 9 months ago

  • Status changed from New to Confirmed
  • Assignee set to Christian McDonald
  • Target version set to Future
  • Affected Plus Version deleted (21.05.1)
  • Affected Architecture All added
  • Affected Architecture deleted (SG-3100)

Restarting the service will work around this in the mean time

Actions
Copy link
 #2

Updated by → luckman212 9 months ago

Thanks. I ended up setting it to a high value, e.g. 86400

Actions
Copy link
 #3

Updated by → luckman212 9 months ago

Hmm, seems like 86400 is not a valid value after all. It got silently accepted but eventually caused the tunnel to fail. Just noticed this! (status page was throwing up some wild values). I only saw the true error when dropping into the console:

# wg syncconf tun_wg0 /usr/local/etc/wireguard/tun_wg0.conf
Persistent keepalive interval is neither 0/off nor 1-65535: `86400'
Configuration parsing error

There ought to be some input validation to make sure this range is respected.

Actions
Copy link
 #4

Updated by Adam Cooper 7 months ago

→ luckman212 wrote in #note-3:

Hmm, seems like 86400 is not a valid value after all. It got silently accepted but eventually caused the tunnel to fail. Just noticed this! (status page was throwing up some wild values). I only saw the true error when dropping into the console:

[...]

There ought to be some input validation to make sure this range is respected.

I've raised PR 151 (https://github.com/theonemcdonald/pfSense-pkg-WireGuard/pull/151) to resolve these two issues.

Now the default empty value (or 0 if you wanted to be super explicit) will be written out to the configs instead of omitting them.
And the user will be informed if any value not in 0 - 65535 is supplied, preventing the silent accept and error

Actions
Copy link
 #5

Updated by Adam Cooper 7 months ago

PR has been merged, should be in the next release so ticket can be closed

Actions
Copy link
 #6

Updated by Viktor Gurov 4 months ago

  • Status changed from Confirmed to Feedback

Merged

Actions
Copy link
 #7

Updated by Viktor Gurov 4 months ago

  • Target version deleted (Future)
Actions
Copy link

Also available in: Atom PDF