• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Option to disable wireguard adding routes (Table = off)

Scheduled Pinned Locked Moved WireGuard
frrwireguardroutedefault routebgp
5 Posts 3 Posters 3.2k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • T
    trunet
    last edited by trunet Sep 26, 2022, 11:43 PM Sep 26, 2022, 11:42 PM

    I'm planning to replace a bunch of VTI IPsec VPNs with wireguard.

    I have bgp (iBGP) handling all my routes, therefore I have set AllowedIPs to 0.0.0.0/0 and ::/0. However this is causing issues with my default gateway and some routes.

    I found out that setting Table = off in /usr/local/etc/wireguard/tun_wg0.conf fixed the issue as wireguard doesn't set routes anymore and it's handled by frr.

    I have some opnsense boxes as well because of new hardware (freebsd 13) and this option is available there, I'm planning to replace those with pfsense 22.11 with freebsd 14 when available.

    Are there any plans to add disabled routes option on wireguard configuration to pfSense?

    C 1 Reply Last reply Sep 27, 2022, 7:59 PM Reply Quote 0
    • C
      cmcdonald Netgate Developer @trunet
      last edited by cmcdonald Sep 27, 2022, 7:59 PM Sep 27, 2022, 7:59 PM

      @trunet
      The Table = off option is only applicable to wg-quick which we are not using. So I'm not sure how adding this option is fixing the issue in your case. In the case of WireGuard on pfSense, the only routes that are managed by WireGuard are the on-link routes to the tunnel network. Setting the AllowedIPs should not be creating routes by design as this is left up to the administrator via static routes or via a dynamic routing protocol via FRR.

      Need help fast? https://www.netgate.com/support

      B T 2 Replies Last reply Sep 27, 2022, 8:09 PM Reply Quote 0
      • B
        Bob.Dig LAYER 8 @cmcdonald
        last edited by Sep 27, 2022, 8:09 PM

        @cmcdonald said in Option to disable wireguard adding routes (Table = off):

        as this is left up to the administrator via static routes

        Wouldn't mind if those routes are added automatically. Isn't this the case for some configs of OpenVPN anyway.

        C 1 Reply Last reply Sep 27, 2022, 8:38 PM Reply Quote 0
        • C
          cmcdonald Netgate Developer @Bob.Dig
          last edited by Sep 27, 2022, 8:38 PM

          @bob-dig Could certainly be an option to create these routes automatically, though would need a way to opt-out (or -in) to not step over FRR and the like.

          Need help fast? https://www.netgate.com/support

          1 Reply Last reply Reply Quote 1
          • T
            trunet @cmcdonald
            last edited by Sep 27, 2022, 10:02 PM

            @cmcdonald thank you for the explanation. indeed the problem was my frr configuration, all is working fine now.

            1 Reply Last reply Reply Quote 0
            5 out of 5
            • First post
              5/5
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
              This community forum collects and processes your personal information.
              consent.not_received