Project

General

Profile

Actions

Bug #13916

closed

Interface config doesn't allow colliding IP addresses even if a wireguard interface is used

Added by Flole Systems almost 2 years ago. Updated almost 2 years ago.

Status:
Rejected
Priority:
Normal
Assignee:
-
Category:
Interfaces
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Default
Affected Version:
Affected Architecture:

Description

When using wireguard a config where the same IP address is used for multiple interfaces is perfectly valid. Pfsense doesn't allow such a configuration at the moment. Commenting out the check in /usr/local/www/interfaces.php makes it work perfectly fine. I propose adding a check there to see if the interface used is a wireguard interface.

Actions #1

Updated by Jim Pingle almost 2 years ago

While it may happen to work in some cases it's not valid in the underlying OS and can have unintended side effects. If the addresses were not on actual OS-level interfaces, I'd agree with you, but in this case you're asking for trouble trying to make the OS attempt to route that way reliably. It may happen to work for you by chance, but that isn't a universal guarantee.

Actions #2

Updated by Jim Pingle almost 2 years ago

  • Status changed from New to Rejected
Actions #3

Updated by Flole Systems almost 2 years ago

I'm not really sure if I understand what you mean. In my case I have the slightly odd config of having a Wireguard VPN with the IP 10.2.0.2/24. It doesn't matter which IP I use as gateway. Maybe if we limit it even more and say that having Wireguard and a /32 IP the behaviour is no longer undefined? In that case the only host reachable is the gateway and it does work perfectly fine.

Actions

Also available in: Atom PDF