Bird OSPF + Wireguard + Jessie w/kernel 4.8.7-1
Hi, I just had an interesting case, and I'm not sure it's related to the kernel, bird, or the wireguard tool I'm trying. I'm using wireguard as tunnel device, and asking bird to listen ospf on the related interface (wg2 in this case). My kernel is the following : Linux XXXX 4.8.0-1-amd64 #1 SMP Debian 4.8.7-1 (2016-11-13) x86_64 GNU/Linux I tried two release (1.4.5 and 1.6.2) of Bird, with no change. Here is what I got from the log, without additional debug information from Bird : Dec 4 22:56:18 apu02 bird: ospf1: Socket error on wg2: Required key not available This case doesn't happen with a previous release of kernel : Linux YYYY 4.8.0-1-amd64 #1 SMP Debian 4.8.5-1 (2016-10-28) x86_64 GNU/Linux I have to admit I didn't check the change-log between the two version of kernels. Anyone stumbled on that one ? Cheers, Will
On 4 Dec 2016, at 22:23, Will van Gulik <mailing-porcus@porcus.ch> wrote:
Here is what I got from the log, without additional debug information from Bird : Dec 4 22:56:18 apu02 bird: ospf1: Socket error on wg2: Required key not available
EFI Secure Boot? http://askubuntu.com/questions/762254/why-do-i-get-required-key-not-availabl... -- Alex Bligh
Hi, On Sun, Dec 04, 2016 at 11:23:03PM +0100, Will van Gulik wrote:
Hi,
[ ... ]
Here is what I got from the log, without additional debug information from Bird : Dec 4 22:56:18 apu02 bird: ospf1: Socket error on wg2: Required key not available
[ ... ]
Anyone stumbled on that one ?
Yes, i know the error, and i think it was due to my fault of not set allowed ips in wireguard correctly ... but i'm not 100% sure if it was. I try to figure out on which machine i had the problem and search for logs ... regards, tim -- Tim Weippert http://weiti.org - weiti@weiti.org GPG Fingerprint - E704 7303 6FF0 8393 ADB1 398E 67F2 94AE 5995 7DD8
HI, just tested it: On Mon, Dec 05, 2016 at 04:17:22PM +0100, Tim Weippert wrote:
Hi,
On Sun, Dec 04, 2016 at 11:23:03PM +0100, Will van Gulik wrote:
Hi,
[ ... ]
Here is what I got from the log, without additional debug information from Bird : Dec 4 22:56:18 apu02 bird: ospf1: Socket error on wg2: Required key not available
[ ... ]
Anyone stumbled on that one ?
Yes, i know the error, and i think it was due to my fault of not set allowed ips in wireguard correctly ... but i'm not 100% sure if it was.
Remove IPv4 allowed ips from wg interface: wg set wg-ibgp-de01 peer WgGSv+UbYFbOQ/L9XAmdbmLECt8rKrU84M5QElnEoyk= allowed-ips ::/0 and i see in log: Dec 05 16:21:42 dn42-svc bird[31900]: O_OSPF: Socket error on wg-ibgp-de01: Required key not available Version BIRD 1.6.2 HTH, tim -- Tim Weippert http://weiti.org - weiti@weiti.org GPG Fingerprint - E704 7303 6FF0 8393 ADB1 398E 67F2 94AE 5995 7DD8
Hi Tim, Indeed, so this one was totally related to my misconfiguration of wireguard, I forgot the multicast IP needed by OSPF. It was working on some hosts because I was allowing 0.0.0.0/0, which obviously includes multicast. So Bird doesn't have an issue there. Thanks Tim and Alex for the comments and advices, and the Bird team for the marvellous software :) Cheers, Will
On 05 Dec 2016, at 16:23, Tim Weippert <weiti@weiti.org> wrote:
HI,
just tested it:
On Mon, Dec 05, 2016 at 04:17:22PM +0100, Tim Weippert wrote:
Hi,
On Sun, Dec 04, 2016 at 11:23:03PM +0100, Will van Gulik wrote:
Hi,
[ ... ]
Here is what I got from the log, without additional debug information from Bird : Dec 4 22:56:18 apu02 bird: ospf1: Socket error on wg2: Required key not available
[ ... ]
Anyone stumbled on that one ?
Yes, i know the error, and i think it was due to my fault of not set allowed ips in wireguard correctly ... but i'm not 100% sure if it was.
Remove IPv4 allowed ips from wg interface:
wg set wg-ibgp-de01 peer WgGSv+UbYFbOQ/L9XAmdbmLECt8rKrU84M5QElnEoyk= allowed-ips ::/0
and i see in log:
Dec 05 16:21:42 dn42-svc bird[31900]: O_OSPF: Socket error on wg-ibgp-de01: Required key not available
Version BIRD 1.6.2
HTH, tim
-- Tim Weippert http://weiti.org - weiti@weiti.org GPG Fingerprint - E704 7303 6FF0 8393 ADB1 398E 67F2 94AE 5995 7DD8
participants (3)
-
Alex Bligh -
Tim Weippert -
Will van Gulik