Project

General

Profile

Actions

Bug #12251

open

Wireguard 0.1.5 - ignores "KeepAlive" parameter if empty (instead of disabling)

Added by → luckman212 9 months ago. Updated 4 months ago.

Status:
Feedback
Priority:
Normal
Category:
WireGuard
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Affected Version:
Affected Plus Version:
Affected Architecture:
All

Description

Wireguard pkg 0.1.5
pfSense+ 21.05.1

If "KeepAlive" is left empty, config is written as 30 seconds.

Description says "Interval (in seconds) for Keep Alive packets sent to this peer. Default is empty (disabled)."

Setting to "0" does not work either. So, no way to disable keepalives currently.

Actions #1

Updated by Christian McDonald 9 months ago

  • Status changed from New to Confirmed
  • Assignee set to Christian McDonald
  • Target version set to Future
  • Affected Plus Version deleted (21.05.1)
  • Affected Architecture All added
  • Affected Architecture deleted (SG-3100)

Restarting the service will work around this in the mean time

Actions #2

Updated by → luckman212 9 months ago

Thanks. I ended up setting it to a high value, e.g. 86400

Actions #3

Updated by → luckman212 9 months ago

Hmm, seems like 86400 is not a valid value after all. It got silently accepted but eventually caused the tunnel to fail. Just noticed this! (status page was throwing up some wild values). I only saw the true error when dropping into the console:

# wg syncconf tun_wg0 /usr/local/etc/wireguard/tun_wg0.conf
Persistent keepalive interval is neither 0/off nor 1-65535: `86400'
Configuration parsing error

There ought to be some input validation to make sure this range is respected.

Actions #4

Updated by Adam Cooper 7 months ago

→ luckman212 wrote in #note-3:

Hmm, seems like 86400 is not a valid value after all. It got silently accepted but eventually caused the tunnel to fail. Just noticed this! (status page was throwing up some wild values). I only saw the true error when dropping into the console:

[...]

There ought to be some input validation to make sure this range is respected.

I've raised PR 151 (https://github.com/theonemcdonald/pfSense-pkg-WireGuard/pull/151) to resolve these two issues.

Now the default empty value (or 0 if you wanted to be super explicit) will be written out to the configs instead of omitting them.
And the user will be informed if any value not in 0 - 65535 is supplied, preventing the silent accept and error

Actions #5

Updated by Adam Cooper 7 months ago

PR has been merged, should be in the next release so ticket can be closed

Actions #6

Updated by Viktor Gurov 4 months ago

  • Status changed from Confirmed to Feedback

Merged

Actions #7

Updated by Viktor Gurov 4 months ago

  • Target version deleted (Future)
Actions

Also available in: Atom PDF