Option to disable wireguard adding routes (Table = off)
-
I'm planning to replace a bunch of VTI IPsec VPNs with wireguard.
I have bgp (iBGP) handling all my routes, therefore I have set AllowedIPs to 0.0.0.0/0 and ::/0. However this is causing issues with my default gateway and some routes.
I found out that setting
Table = offin/usr/local/etc/wireguard/tun_wg0.conffixed the issue as wireguard doesn't set routes anymore and it's handled by frr.I have some opnsense boxes as well because of new hardware (freebsd 13) and this option is available there, I'm planning to replace those with pfsense 22.11 with freebsd 14 when available.
Are there any plans to add disabled routes option on wireguard configuration to pfSense?
-
@trunet
TheTable = offoption is only applicable towg-quickwhich we are not using. So I'm not sure how adding this option is fixing the issue in your case. In the case of WireGuard on pfSense, the only routes that are managed by WireGuard are the on-link routes to the tunnel network. Setting theAllowedIPsshould not be creating routes by design as this is left up to the administrator via static routes or via a dynamic routing protocol via FRR.Need help fast? https://www.netgate.com/support
-
@cmcdonald said in Option to disable wireguard adding routes (Table = off):
as this is left up to the administrator via static routes
Wouldn't mind if those routes are added automatically. Isn't this the case for some configs of OpenVPN anyway.
-
@bob-dig Could certainly be an option to create these routes automatically, though would need a way to opt-out (or -in) to not step over FRR and the like.
-
@cmcdonald thank you for the explanation. indeed the problem was my frr configuration, all is working fine now.
