Public bug reported:
Hey there,
we found that in noble on kernel 6.8.0-38.38 the WireGuard module
sometimes does not use the correct source address for returning packets.
Our router has two IPs attached, one internal and one external. Since
this is a HA router the external address moves between our two routers.
But when clients connect they of course connect to the external IP and
the packets therefore need to be returned with the same external IP.
This does not happen in many cases. Sometimes it does work and the
connection gets tracked correctly, but more times than not it uses it's
internal IP, resulting in broken handshakes.
```
root@net-router2:~# ip r l | grep default -A2
default nhid 12 proto bgp metric 20
nexthop via inet6 fe80::920a:84ff:fe6e:eed4 dev enp1s0f1np1 weight 1
nexthop via inet6 fe80::920a:84ff:fe6e:f054 dev enp1s0f0np0 weight 1
root@net-router2:~# ip r get 1.1.1.1
1.1.1.1 via inet6 fe80::920a:84ff:fe6e:f054 dev enp1s0f0np0 src 10.77.2.109 uid
0
cache
```
** Affects: linux (Ubuntu)
Importance: Undecided
Status: New
** Tags: wireguard
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2073220
Title:
WireGuard does not use right return address
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2073220/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
