FYI: systemd's networkd (v242) incorrectly setting listen-port on wg interface

[David Anderson <dave@natulte.net>]

Posting here for posterity, in case someone else encounters this problem.

In systemd v242, networkd has a bug
(https://github.com/systemd/systemd/issues/12377), in which it ignores
the `ListenPort` directive in its config files for wireguard
interfaces. The results is that even if you specify ListenPort=51820,
when you restart networkd it'll assign a random listening port to the
wg interface.

This can lead to some frustrating debugging where your VPN
mysteriously doesn't come up, and it turns out to be because your
wireguard server is listening on entirely the wrong port. You fix it
with `wg set wg0 listen-port 51820` after networkd has started.

Because of systemd's "no patch releases" release cycle, this seems to
have been broken since 11 Apr for any distro using an unmodified v242
systemd. I discovered this on Debian Buster (the newest "stable").
Looks like the fix was pulled into at least NixOS and Gentoo, not sure
about other distros. v243 has the fix, and should be releasing Any
Time Now.

I'm going to file a Debian bug to request a backport of this patch,
since I'm guessing they're not going to be upgrading systemd routinely
on the stable track. Hopefully it won't bite too many people though,
since networkd isn't the default for network configuration on Buster
(I'm just an enthusiastic early adopter).

- Dave
_______________________________________________
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard