FYI: systemd's networkd (v242) incorrectly setting listen-port on wg interface
David Anderson
dave at natulte.net
Tue Sep 3 01:25:36 CEST 2019
One more correction: this only affects Debian testing and unstable.
Buster was released with systemd v241, which does not have the
regression. I got confused because I got one of my machines into a
borked state that's halfway between stable and testing, and it
included systemd v242.
- Dave
On Mon, Sep 2, 2019 at 12:42 PM David Anderson <dave at natulte.net> wrote:
>
> Seems to be known to Debian:
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=936198 . I'm not
> super familiar with Debian's development process, but I _think_, from
> that bug + the systemd debian repo's state, that the fix is now
> submitted and pending upload to unstable, after which it should flow
> backwards over time into Buster.
>
> - Dave
>
> On Mon, Sep 2, 2019 at 12:26 PM David Anderson <dave at natulte.net> wrote:
> >
> > Posting here for posterity, in case someone else encounters this problem.
> >
> > In systemd v242, networkd has a bug
> > (https://github.com/systemd/systemd/issues/12377), in which it ignores
> > the `ListenPort` directive in its config files for wireguard
> > interfaces. The results is that even if you specify ListenPort=51820,
> > when you restart networkd it'll assign a random listening port to the
> > wg interface.
> >
> > This can lead to some frustrating debugging where your VPN
> > mysteriously doesn't come up, and it turns out to be because your
> > wireguard server is listening on entirely the wrong port. You fix it
> > with `wg set wg0 listen-port 51820` after networkd has started.
> >
> > Because of systemd's "no patch releases" release cycle, this seems to
> > have been broken since 11 Apr for any distro using an unmodified v242
> > systemd. I discovered this on Debian Buster (the newest "stable").
> > Looks like the fix was pulled into at least NixOS and Gentoo, not sure
> > about other distros. v243 has the fix, and should be releasing Any
> > Time Now.
> >
> > I'm going to file a Debian bug to request a backport of this patch,
> > since I'm guessing they're not going to be upgrading systemd routinely
> > on the stable track. Hopefully it won't bite too many people though,
> > since networkd isn't the default for network configuration on Buster
> > (I'm just an enthusiastic early adopter).
> >
> > - Dave
More information about the WireGuard
mailing list