253790 – if_wg(4) lacks persistent keepalive

Bug 253790 - if_wg(4) lacks persistent keepalive

Summary: if_wg(4) lacks persistent keepalive

Status:	Closed Overcome By Events

Alias:	None

Product:	Base System
Classification:	Unclassified
Component:	kern (show other bugs)
Version:	13.0-STABLE
Hardware:	Any Any

Importance:	--- Affects Some People
Assignee:	Kyle Evans

URL:
Keywords:

Depends on:
Blocks:

Reported:	2021-02-23 10:31 UTC by crest
Modified:	2021-03-22 10:33 UTC (History)
CC List:	6 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description crest 2021-02-23 10:31:58 UTC

I have to run a WireGuard tunnel through a NAT and the tunnel is used for bursty traffic and without the keepalives supported by wireguard-go, OpenBSD and Linux the NAT state times out between bursts.

I've found no way to configure a persistent keepalive interval on FreeBSD 13.0-BETA3 and from a quick glance at the ifconfig and if_wg sources it appears this feature is missing. If I configure a keepalive interval at the other end of the tunnel the key exchange fails.

The only workaround for this is to generate traffic at all times to keep the tunnel open e.g. while true; ping -c1 $peer_internal; sleep 10; done

One of the really nice things about WireGuard is the interoperability between all existing implementations. This limitation is the first incompatibility between implementations I've encountered.

Comment 1 Kyle Evans freebsd_committer

2021-03-09 03:08:28 UTC

This is, funnily enough, basically there; it just needed a little bit of plumbing. I had it ready to go because I'm also in need, I'll go ahead and tag this PR in the commit.

Comment 2 commit-hook freebsd_committer

2021-03-09 11:18:31 UTC

A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/src/commit/?id=b3dac3913dc90fbc6f909ee5c4a876097cd90791

commit b3dac3913dc90fbc6f909ee5c4a876097cd90791
Author:     Kyle Evans <kevans@FreeBSD.org>
AuthorDate: 2021-03-08 01:00:58 +0000
Commit:     Kyle Evans <kevans@FreeBSD.org>
CommitDate: 2021-03-09 11:16:42 +0000

    ifconfig: allow displaying/setting persistent-keepalive

    The kernel-side already accepted a persistent-keepalive-interval, so
    just add a verb to ifconfig(8) for it and start exporting it so that
    ifconfig(8) can view it.

    PR:             253790
    MFC after:      3 days
    Discussed with: decke

 sbin/ifconfig/ifwg.c          | 28 +++++++++++++++++++++++++++-
 sys/dev/if_wg/module/module.c |  8 ++++++++
 2 files changed, 35 insertions(+), 1 deletion(-)

Comment 3 crest 2021-03-14 20:06:05 UTC

Will this be merged into FreeBSD 13.0 before RC3 (it's missing in the 13.0-RC3)?

Comment 4 Kyle Evans freebsd_committer

2021-03-14 20:07:57 UTC

(In reply to crest from comment #3)

My current hope is to be able to merge a pile of WireGuard fixes in time for -RC3.

Comment 5 crest 2021-03-22 09:40:31 UTC

This PR has been overcome by events (depending on your point of view). For now WireGuard has been pulled from FreeBSD base. Development will continue out of tree for now.

Comment 6 Bernhard Froehlich freebsd_committer

2021-03-22 10:33:17 UTC

The port net/wireguard-kmod is available now. Persistent keepalive is working there.