253790 – if_wg(4) lacks persistent keepalive

Bug 253790 - if_wg(4) lacks persistent keepalive

Summary: if_wg(4) lacks persistent keepalive

Status:	New

Alias:	None

Product:	Base System
Classification:	Unclassified
Component:	kern (show other bugs)
Version:	13.0-STABLE
Hardware:	Any Any

Importance:	--- Affects Some People
Assignee:	freebsd-net (Nobody)

URL:
Keywords:

Depends on:
Blocks:

Reported:	2021-02-23 10:31 UTC by crest
Modified:	2021-02-25 12:18 UTC (History)
CC List:	2 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description crest 2021-02-23 10:31:58 UTC

I have to run a WireGuard tunnel through a NAT and the tunnel is used for bursty traffic and without the keepalives supported by wireguard-go, OpenBSD and Linux the NAT state times out between bursts.

I've found no way to configure a persistent keepalive interval on FreeBSD 13.0-BETA3 and from a quick glance at the ifconfig and if_wg sources it appears this feature is missing. If I configure a keepalive interval at the other end of the tunnel the key exchange fails.

The only workaround for this is to generate traffic at all times to keep the tunnel open e.g. while true; ping -c1 $peer_internal; sleep 10; done

One of the really nice things about WireGuard is the interoperability between all existing implementations. This limitation is the first incompatibility between implementations I've encountered.