Project

General

Profile

Actions
Copy link

Bug #13043

open

OSPF over Wireguard interface doesn't populate neighbors after reboot

Added by Adam Goldberg over 2 years ago. Updated 4 months ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
WireGuard
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Affected Version:
Affected Plus Version:
Affected Architecture:

Description

Running pfSense Plus 22.02 and the latest Wireguard (0.1.6_1) and FRR (1.1.1_6 / 7.5.1_3) packages. OSPF works as expected when a Wireguard peer over a transit network is specified in non-broadcast mode.

However after a reboot, OSPF does not start on the Wireguard tun interface and no neighbors are populated. Restarting FRR ospfd and FRR zebra does not resolve.

The only resolution is making a change to the interface in configuration (example: checking or unchecking Accept Filter "Prevent routes for this interface subnet or IP address from being distributed by OSPF (Suggested for Multi-WAN environments" and clicking save). Making a change to any interface appears to reload the configuration in a way that all neighbors populate.

Actions
Copy link
 #1

Updated by Jim Pingle over 2 years ago

  • Project changed from pfSense to pfSense Packages
  • Category changed from Routing to WireGuard
  • Priority changed from High to Normal
  • Target version deleted (22.05)
  • Plus Target Version deleted (22.05)
  • Release Notes deleted (Default)
Actions
Copy link
 #2

Updated by Johann Lohberger over 1 year ago

Hi,

just wanted to confirm. I can reproduce this issue on all of my installations so far. Mostly PFsense CE 2.6.0 with Wireguard 0.1.6_2 and FRR 1.1.1_7
I did not test this on my Netgate devices as they are in production and i prefer to test things in my lab before making changes to the production environment.

For me it is sufficient to klick "Force Service Restart" on the FRR global settings page. I do not need to make any changes to the settings.

Any combination to restart the services via the services tab or command line did not resolve the issue. Could this be some kind of race condition where the wireguard interfaces are not jet there while frr is starting its daemons?

Actions
Copy link
 #3

Updated by Tjabo T. 4 months ago

Hi,

i want to confirm the issue, too. I can reproduce the bug within both installations of my HA setup... Using WireGuard VPN together with FRR package and enabled + working OSPF.

The WG Interfaces won't get recognized after reboot. I have to kick "Force Service Restart" on the FRR global settings in order to get it working. No changes or anything else needed.

Config:
  • 2x PfSense CE 2.7.2-RELEASE (amd64)
  • Packages: frr, version 2.0.2_1 and WireGuard, version 0.2.1

All updates are applied, everything works like expected as long as there is no reboot of the fws.

Johann Lohberger wrote in #note-2:

Hi,

...
Any combination to restart the services via the services tab or command line did not resolve the issue. Could this be some kind of race condition where the wireguard interfaces are not jet there while frr is starting its daemons?

As far as my research goes until now, I'd confirm this theory.

Actions
Copy link

Also available in: Atom PDF