Bug 244330 - net/wireguard wg-quick remote IP address assignment is incorrect
Summary: net/wireguard wg-quick remote IP address assignment is incorrect
Status: New
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Only Me
Assignee: Bernhard Froehlich
Depends on:
Reported: 2020-02-23 07:03 UTC by Peter Libassi
Modified: 2020-09-04 15:50 UTC (History)
1 user (show)

See Also:
bugzilla: maintainer-feedback? (decke)


Note You need to log in before you can comment on or make changes to this bug.
Description Peter Libassi 2020-02-23 07:03:53 UTC
local wg interface does not respond due to the wg-quick script sets up the interface by reusing the local address as the remote address in the ifconfig command:

root@bsd2:~ # wg-quick up wg0
[#] wireguard-go wg0
INFO: (wg0) 2020/02/20 09:45:16 Starting wireguard-go version 0.0.20200121
[#] wg setconf wg0 /tmp/tmp.87viEAsK/sh-np.YdRfI6
[#] ifconfig wg0 inet alias

On linux setting up an IP address on a tun interface does not require a remote address:
[root@vpn2 wireguard]# wg-quick up wg0
[#] ip link add wg0 type wireguard
[#] wg setconf wg0 /dev/fd/63
[#] ip -4 address add dev wg0

In the wg-quick script function add_addr() is where the assignment is made:
 cmd ifconfig "$INTERFACE" inet "$1" "${1%%/*}" alias

I verifed this by replacing remote address with localhost:

 cmd ifconfig "$INTERFACE" inet "$1" "" alias

Now local ping works. You can give any address I suppose since the ”remote address” of the ifconfig of a tun interface is not really used by wireguard.
Comment 1 Bernhard Froehlich freebsd_committer 2020-02-23 07:11:00 UTC
Please send this upstream first. It's not clear to me which side effects this would have.
Comment 2 Peter Libassi 2020-02-23 15:29:12 UTC
from Jason@zx2c4.com:
We tried this already and it didn't work. See the below commit.
Perhaps you can update that bug report you filed?

commit 2c6cabd73dfb23990c245250ef2e502bdb33d189
Author: Jason A. Donenfeld <Jason@zx2c4.com>
Date:   Thu Feb 28 19:03:11 2019 +0100

  wg-quick: freebsd: rebreak interface loopback, while fixing localhost

  The commit 7c833642 ("wg-quick: freebsd: allow loopback to work") was
  supposed to make things better, but actually it just started sending
  legitimate localhost traffic over the WireGuard interface, which is
  really quite bad.

  This reverts commit 7c833642dfa342218602ab18e7091e86408d2982.

  Reported-by: Matt Smith <matt.xtaz@gmail.com>
  Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

diff --git a/src/wg-quick/freebsd.bash b/src/wg-quick/freebsd.bash
index 93f1a3b7..e83dbef0 100755
--- a/src/wg-quick/freebsd.bash
+++ b/src/wg-quick/freebsd.bash
@@ -158,7 +158,7 @@ add_addr() {
      if [[ $1 == *:* ]]; then
              cmd ifconfig "$INTERFACE" inet6 "$1" alias
-               cmd ifconfig "$INTERFACE" inet "$1" alias
+               cmd ifconfig "$INTERFACE" inet "$1" "${1%%/*}" alias
Comment 3 Peter Libassi 2020-02-23 15:47:29 UTC
Ok, so my proposed solution was already tried and gave unwanted side effects. 

This bug is still valid and needs to be addressed somehow.