I tried to set up load balancing with two wireguard interfaces wg0 and wg1 for WAN egress.
I am on a fairly recent rolling build:
vyos@vyos# run show system image The system currently has the following image(s) installed: 1: 1.3-rolling-202101040217 (default boot)
This is the configuration I did (yes, the next hop is the same on both egress interfaces intentionally):
vyos@vyos# run sh conf com | grep load set load-balancing wan flush-connections set load-balancing wan interface-health wg0 nexthop '10.64.0.1' set load-balancing wan interface-health wg0 test 0 target '8.8.8.8' set load-balancing wan interface-health wg0 test 0 type 'ping' set load-balancing wan interface-health wg0 test 1 target '9.9.9.9' set load-balancing wan interface-health wg0 test 1 type 'ping' set load-balancing wan interface-health wg1 nexthop '10.64.0.1' set load-balancing wan interface-health wg1 test 0 target '8.8.8.8' set load-balancing wan interface-health wg1 test 0 type 'ping' set load-balancing wan interface-health wg1 test 1 target '9.9.9.9' set load-balancing wan interface-health wg1 test 1 type 'ping' set load-balancing wan rule 110 failover set load-balancing wan rule 110 inbound-interface 'wg110' set load-balancing wan rule 110 interface wg0 set load-balancing wan rule 110 interface wg1 set load-balancing wan sticky-connections inbound
The commit succeeds, but the default route is not replaced:
vyos@vyos# run sh log tail Jan 16 03:39:41 vyos wan_lb: failure to insert default route on active path with this command: ip route replace table 201 default dev wg0 via 10.64.0.1, resp: Jan 16 03:39:41 vyos wan_lb: failure to insert default route on active path with this command: ip route replace table 202 default dev wg1 via 10.64.0.1, resp: Jan 16 03:39:46 vyos wan_lb: failure to insert default route on active path with this command: ip route replace table 201 default dev wg0 via 10.64.0.1, resp: Jan 16 03:39:47 vyos wan_lb: failure to insert default route on active path with this command: ip route replace table 202 default dev wg1 via 10.64.0.1, resp: Jan 16 03:39:52 vyos wan_lb: failure to insert default route on active path with this command: ip route replace table 201 default dev wg0 via 10.64.0.1, resp: Jan 16 03:39:52 vyos wan_lb: failure to insert default route on active path with this command: ip route replace table 202 default dev wg1 via 10.64.0.1, resp: Jan 16 03:39:57 vyos wan_lb: failure to insert default route on active path with this command: ip route replace table 201 default dev wg0 via 10.64.0.1, resp: Jan 16 03:39:57 vyos wan_lb: failure to insert default route on active path with this command: ip route replace table 202 default dev wg1 via 10.64.0.1, resp: Jan 16 03:40:02 vyos wan_lb: failure to insert default route on active path with this command: ip route replace table 201 default dev wg0 via 10.64.0.1, resp: Jan 16 03:40:02 vyos wan_lb: failure to insert default route on active path with this command: ip route replace table 202 default dev wg1 via 10.64.0.1, resp:
Setting it manually (for troublehooting purposes only, of course) does not work either:
vyos@vyos# sudo ip route replace table 202 default dev wg1 via 10.64.0.1 Error: Nexthop has invalid gateway.
This issue may be related to T1380, which describes very similar behaviour on OpenVPN interfaces.