Page MenuHomeVyOS Platform
Create Task
Maniphest T3763

wireguard checks if port already binding
Closed, ResolvedPublicBUG
Actions

Description

As I understand there are should be checks if the port is already used by any process.
To reproduce in 1.3:

set interfaces wireguard wg0 address 10.77.77.1/24
set interfaces wireguard wg0 description 'VPN-to-wg-PEER01-192.168.122.11'
set interfaces wireguard wg0 peer PEER01 allowed-ips 10.22.1.0/24
set interfaces wireguard wg0 peer PEER01 address 192.168.122.11
set interfaces wireguard wg0 peer PEER01 port 54321
set interfaces wireguard wg0 peer PEER01 pubkey 'l+U1Rz38RW11ClMYYtXqEneRNu3oLn2yvI5B+jBESyY='
set interfaces wireguard wg0 port 12345

set interfaces wireguard wg1 address 10.88.88.1/24
set interfaces wireguard wg1 description 'VPN-to-wg-PEER02-192.168.122.12'
set interfaces wireguard wg1 peer PEER02 allowed-ips 10.33.3.0/24
set interfaces wireguard wg1 peer PEER02 address 192.168.122.12
set interfaces wireguard wg1 peer PEER02 port 55555
set interfaces wireguard wg1 peer PEER02 pubkey 'l+U1Rz38RW11ClMYYtXqEneRNu3oLn2yvI5B+jBESyY='
set interfaces wireguard wg1 port 12345

Commit

[email protected]# commit
[ interfaces wireguard wg1 ]
VyOS had an issue completing a command.

Report Time:      2021-08-18 13:02:15
Image Version:    VyOS 1.3-beta-202108151336
Release Train:    equuleus

Built by:         [email protected]
Built on:         Mon 16 Aug 2021 03:42 UTC
Build UUID:       9b63bb49-29c8-421e-ba25-72b83600d513
Build Commit ID:  bc4c54605b5c2c

Architecture:     x86_64
Boot via:         installed image
System type:      KVM guest

Hardware vendor:  QEMU
Hardware model:   Standard PC (Q35 + ICH9, 2009)
Hardware S/N:     
Hardware UUID:    710e3d5f-968a-4d51-a408-5167c8cdd1f6

Traceback (most recent call last):
  File "/usr/libexec/vyos/conf_mode/interfaces-wireguard.py", line 108, in <module>
    apply(c)
  File "/usr/libexec/vyos/conf_mode/interfaces-wireguard.py", line 100, in apply
    tmp.update(wireguard)
  File "/usr/lib/python3/dist-packages/vyos/ifconfig/wireguard.py", line 253, in update
    super().update(config)
  File "/usr/lib/python3/dist-packages/vyos/ifconfig/interface.py", line 1263, in update
    self.set_admin_state(state)
  File "/usr/lib/python3/dist-packages/vyos/ifconfig/interface.py", line 670, in set_admin_state
    return self.set_interface('admin_state', state)
  File "/usr/lib/python3/dist-packages/vyos/ifconfig/control.py", line 184, in set_interface
    return self._set_command(self.config, name, value)
  File "/usr/lib/python3/dist-packages/vyos/ifconfig/control.py", line 109, in _set_command
    return self._command_set[name].get('format', lambda _: _)(self._cmd(cmd))
  File "/usr/lib/python3/dist-packages/vyos/ifconfig/control.py", line 51, in _cmd
    return cmd(command, self.debug)
  File "/usr/lib/python3/dist-packages/vyos/util.py", line 161, in cmd
    raise OSError(code, feedback)
FileNotFoundError: [Errno 2] failed to run command: ip link set dev wg1 up
returned: 
exit code: 2

noteworthy:
cmd 'ip link set dev wg1 up'
returned (out):

returned (err):
RTNETLINK answers: Address already in use

[[interfaces wireguard wg1]] failed
Commit failed
[edit]
[email protected]#

To reproduce in 1.4:

set interfaces wireguard wg0 address 10.77.77.1/24
set interfaces wireguard wg0 description 'VPN-to-wg-PEER01-192.168.122.11'
set interfaces wireguard wg0 peer PEER01 allowed-ips 10.22.1.0/24
set interfaces wireguard wg0 peer PEER01 address 192.168.122.11
set interfaces wireguard wg0 peer PEER01 port 54321
set interfaces wireguard wg0 peer PEER01 public-key 'l+U1Rz38RW11ClMYYtXqEneRNu3oLn2yvI5B+jBESyY='
set interfaces wireguard wg0 private-key 'IMAGzmcQOHDTN70fyJ04uiWx0+wc/BKPj4aNKYAZRXA='
set interfaces wireguard wg0 port 12345

set interfaces wireguard wg1 address 10.88.88.1/24
set interfaces wireguard wg1 description 'VPN-to-wg-PEER02-192.168.122.12'
set interfaces wireguard wg1 peer PEER02 allowed-ips 10.33.3.0/24
set interfaces wireguard wg1 peer PEER02 address 192.168.122.12
set interfaces wireguard wg1 peer PEER02 port 55555
set interfaces wireguard wg1 peer PEER02 public-key 'l+U1Rz38RW11ClMYYtXqEneRNu3oLn2yvI5B+jBESyY='
set interfaces wireguard wg1 private-key 'IMAGzmcQOHDTN70fyJ04uiWx0+wc/BKPj4aNKYAZRXA='
set interfaces wireguard wg1 port 12345

Commit 1.4:

vyos@r1-roll# commit
[ interfaces wireguard wg1 ]
VyOS had an issue completing a command.

Report Time:      2021-08-18 13:12:53
Image Version:    VyOS 1.4-rolling-202108130117
Release Train:    sagitta

Built by:         [email protected]
Built on:         Fri 13 Aug 2021 10:41 UTC
Build UUID:       d80d691e-95b0-4835-be37-d4167b8b1cbf
Build Commit ID:  0f8a2d5e61c739

Architecture:     x86_64
Boot via:         installed image
System type:      KVM guest

Hardware vendor:  QEMU
Hardware model:   Standard PC (Q35 + ICH9, 2009)
Hardware S/N:     
Hardware UUID:    08227416-e73c-46f1-984b-937def82b485

Traceback (most recent call last):
  File "/usr/libexec/vyos/conf_mode/interfaces-wireguard.py", line 104, in <module>
    apply(c)
  File "/usr/libexec/vyos/conf_mode/interfaces-wireguard.py", line 96, in apply
    tmp.update(wireguard)
  File "/usr/lib/python3/dist-packages/vyos/ifconfig/wireguard.py", line 253, in update
    super().update(config)
  File "/usr/lib/python3/dist-packages/vyos/ifconfig/interface.py", line 1316, in update
    self.set_admin_state(state)
  File "/usr/lib/python3/dist-packages/vyos/ifconfig/interface.py", line 693, in set_admin_state
    return self.set_interface('admin_state', state)
  File "/usr/lib/python3/dist-packages/vyos/ifconfig/control.py", line 184, in set_interface
    return self._set_command(self.config, name, value)
  File "/usr/lib/python3/dist-packages/vyos/ifconfig/control.py", line 109, in _set_command
    return self._command_set[name].get('format', lambda _: _)(self._cmd(cmd))
  File "/usr/lib/python3/dist-packages/vyos/ifconfig/control.py", line 51, in _cmd
    return cmd(command, self.debug)
  File "/usr/lib/python3/dist-packages/vyos/util.py", line 161, in cmd
    raise OSError(code, feedback)
FileNotFoundError: [Errno 2] failed to run command: ip link set dev wg1 up
returned: 
exit code: 2

noteworthy:
cmd 'nft -c delete element inet vrf_zones ct_iface_map { "wg1" }'
returned (out):

returned (err):
Error: No such file or directory
delete element inet vrf_zones ct_iface_map { wg1 }
                    ^^^^^^^^^
cmd 'ip link set dev wg1 up'
returned (out):

returned (err):
RTNETLINK answers: Address already in use

[[interfaces wireguard wg1]] failed
Commit failed
[edit]
vyos@r1-roll#

Details

Difficulty level
Normal (likely a few hours)
Version
1.3-beta-202108151336
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Unspecified (possibly destroys the router)
Issue type
Unspecified (please specify)

Event Timeline

Viacheslav created this task.Aug 18 2021, 10:10 AM
Viacheslav updated the task description. (Show Details)Aug 18 2021, 10:15 AM
Viacheslav added a project: VyOS 1.4 Sagitta.
Viacheslav updated the task description. (Show Details)
Viacheslav updated the task description. (Show Details)Aug 18 2021, 10:26 AM
c-po added a subscriber: c-po.Aug 18 2021, 3:03 PM

+1

c-po moved this task from Need Triage to Backlog on the VyOS 1.3 Equuleus board.Aug 19 2021, 10:42 AM
Viacheslav assigned this task to zsdc.Aug 29 2021, 3:07 PM
syncer edited projects, added VyOS 1.3 Equuleus (1.3.0-epa1); removed test, VyOS 1.3 Equuleus.Sep 5 2021, 7:06 AM
Viacheslav moved this task from Need Triage to Finished on the VyOS 1.4 Sagitta board.Oct 14 2021, 9:07 AM
syncer edited projects, added VyOS 1.3 Equuleus (1.3.0); removed VyOS 1.3 Equuleus (1.3.0-epa1).Nov 1 2021, 10:09 PM
syncer edited projects, added VyOS 1.3 Equuleus (1.3.3); removed VyOS 1.3 Equuleus (1.3.0).Aug 29 2022, 7:04 AM
syncer edited projects, added VyOS 1.3 Equuleus (1.3.4); removed VyOS 1.3 Equuleus (1.3.3).Jul 12 2023, 9:39 PM
syncer edited projects, added VyOS 1.3 Equuleus (1.3.5); removed VyOS 1.3 Equuleus (1.3.4).Aug 25 2023, 9:29 PM
a.hajiyev added a subscriber: a.hajiyev.EditedNov 16 2023, 8:15 AM

I tested in VyOS 1.4-rolling-202311100309

These are the configurations:

set interfaces wireguard wg0 address 10.77.77.1/24
set interfaces wireguard wg0 description 'VPN-to-wg-PEER01-192.168.122.11'
set interfaces wireguard wg0 peer PEER01 allowed-ips 10.22.1.0/24
set interfaces wireguard wg0 peer PEER01 address 192.168.122.11
set interfaces wireguard wg0 peer PEER01 port 54321
set interfaces wireguard wg0 peer PEER01 public-key 'l+U1Rz38RW11ClMYYtXqEneRNu3oLn2yvI5B+jBESyY='
set interfaces wireguard wg0 private-key 'IMAGzmcQOHDTN70fyJ04uiWx0+wc/BKPj4aNKYAZRXA='
set interfaces wireguard wg0 port 12345

set interfaces wireguard wg1 address 10.88.88.1/24
set interfaces wireguard wg1 description 'VPN-to-wg-PEER02-192.168.122.12'
set interfaces wireguard wg1 peer PEER02 allowed-ips 10.33.3.0/24
set interfaces wireguard wg1 peer PEER02 address 192.168.122.12
set interfaces wireguard wg1 peer PEER02 port 55555
set interfaces wireguard wg1 peer PEER02 public-key 'l+U1Rz38RW11ClMYYtXqEneRNu3oLn2yvI5B+jBESyY='
set interfaces wireguard wg1 private-key 'IMAGzmcQOHDTN70fyJ04uiWx0+wc/BKPj4aNKYAZRXA='
set interfaces wireguard wg1 port 12345

Commit

UDP port 12345 is busy or unavailable and cannot be used for the
interface!

[interfaces wireguard wg1] failed
Commit failed
[edit]
vyos@vyos# sh ver

  Configuration path: [ver] is not valid

[edit]

I can observe the check which controls the port number.
Works well.

a.hajiyev added a comment.Nov 16 2023, 8:50 AM

In VyOS 1.3.4
Configs:

set interfaces wireguard wg0 address 10.77.77.1/24
set interfaces wireguard wg0 description 'VPN-to-wg-PEER01-192.168.122.11'
set interfaces wireguard wg0 peer PEER01 allowed-ips 10.22.1.0/24
set interfaces wireguard wg0 peer PEER01 address 192.168.122.11
set interfaces wireguard wg0 peer PEER01 port 54321
set interfaces wireguard wg0 peer PEER01 pubkey 'l+U1Rz38RW11ClMYYtXqEneRNu3oLn2yvI5B+jBESyY='
set interfaces wireguard wg0 port 12345

set interfaces wireguard wg1 address 10.88.88.1/24
set interfaces wireguard wg1 description 'VPN-to-wg-PEER02-192.168.122.12'
set interfaces wireguard wg1 peer PEER02 allowed-ips 10.33.3.0/24
set interfaces wireguard wg1 peer PEER02 address 192.168.122.12
set interfaces wireguard wg1 peer PEER02 port 55555
set interfaces wireguard wg1 peer PEER02 pubkey 'l+U1Rz38RW11ClMYYtXqEneRNu3oLn2yvI5B+jBESyY='
set interfaces wireguard wg1 port 12345

Commit:

[  834.439191] wireguard: wg1: Could not create IPv4 socket
[ interfaces wireguard wg1 ]
VyOS had an issue completing a command.

We are sorry that you encountered a problem while using VyOS.
There are a few things you can do to help us (and yourself):
- Contact us using the online help desk if you have a subscription:
  https://support.vyos.io/
- Make sure you are running the latest version of VyOS available at:
  https://vyos.net/get/
- Consult the community forum to see how to handle this issue:
  https://forum.vyos.io
- Join us on Slack where our users exchange help and advice:
  https://vyos.slack.com

When reporting problems, please include as much information as possible:
- do not obfuscate any data (feel free to contact us privately if your
  business policy requires it)
- and include all the information presented below

Report time:      2023-11-16 08:47:28
Image version:    VyOS 1.3.4
Release train:    equuleus

Built by:         Sentrium S.L.
Built on:         Fri 13 Oct 2023 12:10 UTC
Build UUID:       0b20543f-d1b6-49e5-b36b-95a069c63788
Build commit ID:  986c77ac08c552

Architecture:     x86_64
Boot via:         installed image
System type:      KVM guest

Hardware vendor:  QEMU
Hardware model:   Standard PC (i440FX + PIIX, 1996)
Hardware S/N:
Hardware UUID:    fa6ca1f8-1d09-4f24-b705-c0f8cc52b68f

Traceback (most recent call last):
  File "/usr/libexec/vyos/conf_mode/interfaces-wireguard.py", line 111, in <module>
    apply(c)
  File "/usr/libexec/vyos/conf_mode/interfaces-wireguard.py", line 103, in apply
    tmp.update(wireguard)
  File "/usr/lib/python3/dist-packages/vyos/ifconfig/wireguard.py", line 231, in update
    super().update(config)
  File "/usr/lib/python3/dist-packages/vyos/ifconfig/interface.py", line 1441, in update
    self.set_admin_state(state)
  File "/usr/lib/python3/dist-packages/vyos/ifconfig/interface.py", line 816, in set_admin_state
    return self.set_interface('admin_state', state)
  File "/usr/lib/python3/dist-packages/vyos/ifconfig/control.py", line 183, in set_interface
    return self._set_command(self.config, name, value)
  File "/usr/lib/python3/dist-packages/vyos/ifconfig/control.py", line 110, in _set_command
    return self._command_set[name].get('format', lambda _: _)(self._cmd(cmd))
  File "/usr/lib/python3/dist-packages/vyos/ifconfig/control.py", line 52, in _cmd
    return cmd(command, self.debug)
  File "/usr/lib/python3/dist-packages/vyos/util.py", line 161, in cmd
    raise OSError(code, feedback)
FileNotFoundError: [Errno 2] failed to run command: ip link set dev wg1 up
returned:
exit code: 2

noteworthy:
cmd 'ip link set dev wg1 up'
returned (out):

returned (err):
RTNETLINK answers: Address already in use

[[interfaces wireguard wg1]] failed
Commit failed
[edit]
a.hajiyev removed a project: VyOS 1.4 Sagitta.Nov 16 2023, 8:50 AM
a.hajiyev set Issue type to Unspecified (please specify).
syncer edited projects, added VyOS 1.3 Equuleus (1.3.6); removed VyOS 1.3 Equuleus (1.3.5).Dec 17 2023, 11:37 PM
dmbaturin closed this task as Resolved.Jan 9 2024, 8:54 PM
dmbaturin added a project: VyOS 1.4 Sagitta.
dmbaturin removed a project: VyOS 1.3 Equuleus (1.3.6).