FreeBSD wireguard wg-quick remote IP address assignment is incorrect

Jason A. Donenfeld Jason at zx2c4.com
Sun Feb 23 16:32:50 CET 2020


On Sun, Feb 23, 2020 at 2:25 PM Peter Libassi <peter at libassi.se> wrote:
>
> Ok, Well even if using another local IP in range 127.0.0.0/8 we can’t be certain we will clash with something else.
>
> How about adding a directive for the remote interface address in wg.conf? Like this:
>
> # cat /usr/local/etc/wireguard/wg0.conf
> [Interface]
> PrivateKey = <->
> ListenPort = 7777
> Address = 192.168.2.1/32
> RemoteAddress = 192.168.2.2
>
> [Peer]
> PublicKey = <->
> AllowedIPs = 192.168.2.0/24
> Endpoint = 172.16.0.23:7777
>
> # diff /usr/local/bin/wg-quick.org ./wg-quick
> 17a18
> > REMOTE_ADDRESS=""
> 86a88
> > RemoteAddress) REMOTEADDRESS="$value"; continue ;;
> 175c177,181
> < cmd ifconfig "$INTERFACE" inet "$1" "${1%%/*}" alias
> ---
> >     if [[ -n $REMOTEADDRESS ]]; then
> > cmd ifconfig "$INTERFACE" inet "$1" "$REMOTEADDRESS" alias
> >     else
> >                 cmd ifconfig "$INTERFACE" inet "$1" "${1%%/*}" alias
> >     fi

This is not a correct fix; we're not going to add a configuration nob
to work around FreeBSD network stack gotchas.

Rather, I'd prefer to see all the FreeBSD wg-quick semantics redone
around multiple routing tables and marks, much like on Linux, though I
don't know if that's possible. Barring that, a proper solution
probably involves re-reading the ifconfig man page a few dozen times
to find out how to have interface addresses as we need them.


More information about the WireGuard mailing list