Bug 254795

Summary:	Removing 'net/wireguard-kmod' also removes 'wireguard' even when 'net/wireguard-go' is desired
Product:	Base System	Reporter:	Jonathan Vasquez <jon>
Component:	bin	Assignee:	Bernhard Froehlich <decke>
Status:	New ---
Severity:	Affects Only Me	CC:	chris, decke, emaste, jason
Priority:	---
Version:	12.2-RELEASE
Hardware:	Any
OS:	Any

Description Jonathan Vasquez 2021-04-05 15:22:01 UTC

Hello all,

I'm currently running FreeBSD 12.2-RELEASE-p4 and have been keeping tabs on the whole wireguard situation in FreeBSD. Today I ran an update and received the following message:

Message from wireguard-2,1:

--
For FreeBSD < 12.1 only the userland implementation wireguard-go is
available.

For FreeBSD >= 12.1 we default to use the kernel module if_wg(4).

If you experience problems with it you can switch back to wireguard-go
by removing net/wireguard-kmod and making sure net/wireguard-go is
installed.
The userland tools wg-quick(8) and wg(8) try to use kernel support if
the kernel module is available and otherwise fall back to wireguard-go
automatically. Config files are fully compatible.


This makes sense, at the moment I don't feel comfortable running the kmod implementation until it has become more stable (Maybe I'll try it again in 6 months to 12 months). However, following the instructions above of removing the 'net/wireguard-kmod' and making sure 'net/wireguard-go' is installed still attempts to remove the main 'wireguard' package, thus I won't be able to start/stop my existing wireguard services because of it (Unless I'm misunderstanding something).

The example output from a clean slate is below:

[root@octopus ~]# pkg install wireguard
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
Checking integrity... done (0 conflicting)
The following 3 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
        wireguard: 2,1
        wireguard-kmod: 0.0.20210323
        wireguard-tools: 1.0.20210315_3

Number of packages to be installed: 3

Proceed with this action? [y/N]: y
[1/3] Installing wireguard-tools-1.0.20210315_3...
[1/3] Extracting wireguard-tools-1.0.20210315_3: 100%
[2/3] Installing wireguard-kmod-0.0.20210323...
[2/3] Extracting wireguard-kmod-0.0.20210323: 100%
[3/3] Installing wireguard-2,1...
=====
Message from wireguard-kmod-0.0.20210323:

--
At this time this code is new, unvetted, possibly buggy, and should be
considered "experimental". It might contain security issues. We gladly
welcome your testing and bug reports, but do keep in mind that this code
is new, so some caution should be exercised at the moment for using it
in mission critical environments.
=====
Message from wireguard-2,1:

--
For FreeBSD < 12.1 only the userland implementation wireguard-go is
available.

For FreeBSD >= 12.1 we default to use the kernel module if_wg(4).

If you experience problems with it you can switch back to wireguard-go
by removing net/wireguard-kmod and making sure net/wireguard-go is
installed.
The userland tools wg-quick(8) and wg(8) try to use kernel support if
the kernel module is available and otherwise fall back to wireguard-go
automatically. Config files are fully compatible.


[root@octopus ~]# pkg install net/wireguard-go
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
Checking integrity... done (0 conflicting)
The following 1 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
        wireguard-go: 0.0.20210323,1

Number of packages to be installed: 1

The process will require 3 MiB more space.

Proceed with this action? [y/N]: y
[1/1] Installing wireguard-go-0.0.20210323,1...
[1/1] Extracting wireguard-go-0.0.20210323,1: 100%
[root@octopus ~]# pkg remove net/wireguard-kmod
Checking integrity... done (0 conflicting)
Deinstallation has been requested for the following 2 packages (of 0 packages in the universe):

Installed packages to be REMOVED:
        wireguard: 2,1
        wireguard-kmod: 0.0.20210323

Number of packages to be removed: 2

Proceed with deinstalling packages? [y/N]: y
[1/2] Deinstalling wireguard-2,1...
[2/2] Deinstalling wireguard-kmod-0.0.20210323...
[2/2] Deleting files for wireguard-kmod-0.0.20210323: 100%
[root@octopus ~]# service wireguard stop
wg-quick: `wg0' is not a WireGuard interface
[root@octopus ~]#

Thank you!

Comment 1 Jason A. Donenfeld 2021-04-17 23:49:58 UTC

Adding decke@, as this seems to be a packaging issue.

Comment 2 Bernhard Froehlich freebsd_committer

2021-04-18 05:06:49 UTC

The net/wireguard port is only a meta port now. The userland tools and rc.d script are in net/wireguard-tools now.

If "service wireguard stop" is your problem you can also check "ifconfig wg0" and if a wireguard-go process is still running. If yes kill the process and start the service from a clean state.

Comment 3 Jonathan Vasquez 2021-04-18 15:30:26 UTC

Thanks for that Jason and Bernhard. I did some more testing and yea `net/wireguard-tools` seems to be the package. However it seems we may need to do a slight tweak to the `net/wireguard-go` package so that it pulls in the `net/wireguard-tools` if it isn't installed. If you check the output below, a fresh installation of `net/wireguard-go` will not pull in these tools. The user would need to know to explicitly install it.

Assuming I have the following in my `/etc/rc.conf`:

wireguard_enable="YES"
wireguard_interfaces="wg0"

This is the output from a clean install till a service is up and running:

---------------------

[root@octopus ~]# pkg remove net/wireguard-tools net/wireguard-go net/wireguard-kmod net/wireguard
No packages matched for pattern 'net/wireguard-tools'

No packages matched for pattern 'net/wireguard-go'

No packages matched for pattern 'net/wireguard-kmod'

No packages matched for pattern 'net/wireguard'

Checking integrity... done (0 conflicting)
4 packages requested for removal: 0 locked, 4 missing
[root@octopus ~]# pkg install wireguard-go
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
Checking integrity... done (0 conflicting)
The following 1 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
        wireguard-go: 0.0.20210323,1

Number of packages to be installed: 1

The process will require 3 MiB more space.

Proceed with this action? [y/N]: y
[1/1] Installing wireguard-go-0.0.20210323,1...
[1/1] Extracting wireguard-go-0.0.20210323,1: 100%
[root@octopus ~]# pkg install wireguard-tools
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
Checking integrity... done (0 conflicting)
The following 1 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
        wireguard-tools: 1.0.20210315_4

Number of packages to be installed: 1

Proceed with this action? [y/N]: y
[1/1] Installing wireguard-tools-1.0.20210315_4...
[1/1] Extracting wireguard-tools-1.0.20210315_4: 100%
[root@octopus ~]# ifconfig
re0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=8209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC,LINKSTATE>
        ether 94:de:80:27:65:df
        inet 192.168.1.100 netmask 0xffffff00 broadcast 192.168.1.255
        media: Ethernet autoselect (1000baseT <full-duplex>)
        status: active
        nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
        options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
        inet6 ::1 prefixlen 128
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x2
        inet 127.0.0.1 netmask 0xff000000
        groups: lo
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
[root@octopus ~]# service wireguard start
[#] ifconfig wg create name wg0
[!] Missing WireGuard kernel support (ifconfig: SIOCIFCREATE2: Invalid argument). Falling back to slow userspace implementation.
[#] wireguard-go wg0
[#] wg setconf wg0 /dev/stdin
[#] ifconfig wg0 inet 10.0.0.1/24 alias
[#] ifconfig wg0 mtu 1420
[#] ifconfig wg0 up
[#] route -q -n add -inet 10.0.0.2/32 -interface wg0
[+] Backgrounding route monitor
[root@octopus ~]# ifconfig
re0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=8209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC,LINKSTATE>
        ether 94:de:80:27:65:df
        inet 192.168.1.100 netmask 0xffffff00 broadcast 192.168.1.255
        media: Ethernet autoselect (1000baseT <full-duplex>)
        status: active
        nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
        options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
        inet6 ::1 prefixlen 128
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x2
        inet 127.0.0.1 netmask 0xff000000
        groups: lo
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
wg0: flags=43<UP,BROADCAST,RUNNING> metric 0 mtu 1420
        options=80000<LINKSTATE>
        inet 10.0.0.1 netmask 0xffffff00 broadcast 10.0.0.255
        groups: tun
        nd6 options=101<PERFORMNUD,NO_DAD>
        Opened by PID 23996

Comment 4 Jason A. Donenfeld 2021-05-03 08:16:17 UTC

Seems like the way to get what you want is simply:

# pkg install wireguard-tools wireguard-go

Right?

Comment 5 Jonathan Vasquez 2021-05-03 09:34:55 UTC

Hey Jason,

(This is fearedbliss).

The expected behavior should be to install one package and the package should
bring in what it needs to function, particularly if this was a Gentoo ebuild then I would add the wireguard-tools to wireguard-go’s RDEPENDS.

- Jonathan