Bug #13916
closedInterface config doesn't allow colliding IP addresses even if a wireguard interface is used
0%
Description
When using wireguard a config where the same IP address is used for multiple interfaces is perfectly valid. Pfsense doesn't allow such a configuration at the moment. Commenting out the check in /usr/local/www/interfaces.php makes it work perfectly fine. I propose adding a check there to see if the interface used is a wireguard interface.
Updated by Jim Pingle almost 2 years ago
While it may happen to work in some cases it's not valid in the underlying OS and can have unintended side effects. If the addresses were not on actual OS-level interfaces, I'd agree with you, but in this case you're asking for trouble trying to make the OS attempt to route that way reliably. It may happen to work for you by chance, but that isn't a universal guarantee.
Updated by Flole Systems almost 2 years ago
I'm not really sure if I understand what you mean. In my case I have the slightly odd config of having a Wireguard VPN with the IP 10.2.0.2/24. It doesn't matter which IP I use as gateway. Maybe if we limit it even more and say that having Wireguard and a /32 IP the behaviour is no longer undefined? In that case the only host reachable is the gateway and it does work perfectly fine.