From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-5.3 required=3.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,NICE_REPLY_A,SPF_HELO_NONE, SPF_PASS,URIBL_BLOCKED,USER_AGENT_SANE_1 autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7FB7AC41604 for ; Tue, 6 Oct 2020 13:33:36 +0000 (UTC) Received: from krantz.zx2c4.com (krantz.zx2c4.com [192.95.5.69]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 17E9220789 for ; Tue, 6 Oct 2020 13:33:34 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 17E9220789 Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=spam-free.eu Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=wireguard-bounces@lists.zx2c4.com Received: by krantz.zx2c4.com (ZX2C4 Mail Server) with ESMTP id 28044a1f; Tue, 6 Oct 2020 13:01:03 +0000 (UTC) Received: from s2.spam-free.eu (s2.spam-free.eu [195.5.121.125]) by krantz.zx2c4.com (ZX2C4 Mail Server) with ESMTPS id 44788c0f (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256:NO) for ; Tue, 6 Oct 2020 13:01:01 +0000 (UTC) Received: from [192.168.129.206] (dslb-002-204-084-239.002.204.pools.vodafone-ip.de [2.204.84.239]) by s2.spam-free.eu (Postfix) with ESMTPSA id 377F91C39A0 for ; Tue, 6 Oct 2020 15:33:30 +0200 (CEST) From: Chris Subject: Re: wg-quick up (on linux) fails in case of several default routes To: wireguard@lists.zx2c4.com References: Message-ID: <79a4e995-763c-9724-02b7-81da87c0f88a@spam-free.eu> Date: Tue, 6 Oct 2020 15:33:29 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.10.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit Content-Language: de-DE X-BeenThere: wireguard@lists.zx2c4.com X-Mailman-Version: 2.1.30rc1 Precedence: list List-Id: Development discussion of WireGuard List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: wireguard-bounces@lists.zx2c4.com Sender: "WireGuard" Hello Jason, setup is two default routes with diffenrent metrics (the second being the failover in case the lower metric connection goes down). For good reasons wg-quick will setup an individual route to the wg server (for the possibility of changing th default route afterwards). However wg-quick fails: ******log follows*********** wg-quick up wg_client [#] ip link add wg_client type wireguard [#] wg setconf wg_client /dev/fd/63 [#] ip -4 address add 10.0.129.200/24 dev wg_client [#] ip link set mtu 1420 up dev wg_client [#] GATEW=$(ip route list 0.0.0.0/0|sed -n 's/.* via \(.*\) dev.*/\1/p');route add s1.spam-free.eu gw $GATEW SIOCADDRT: No such device [#] ip link delete dev wg_client ******logĀ  endĀ  *********** The point is, that GATEW is NOT a single address but rather a list of ip addresses and the command setting the route fails. Instead one should always run through ALL default gateways and set individual routes to the server through ALL the default gateways with the same metric as the respective default route. This will then also work in case the failover route is in operation. Of course, tearing down the client should delete ALL individual routes to the server. Hope this clarifies is a bit. Cheers, Chris On 06/10/2020 14:20, Jason A. Donenfeld wrote: > On Mon, Oct 5, 2020 at 3:51 PM Chris wrote: >> wg-quick tries to set the route to the wg server through the default gateway. > On Linux? It shouldn't be iterating default gateways at all, but > rather using suppress_prefix. Can you provide more technical > information about what you're seeing and maybe a patch to fix the > issue? > > Jason