RUTX11 07.11.3 wireguard firewall section

flebourse · January 14, 2025, 9:59pm

Hello,

Stopping and restarting a wireguard interface creates a firewall zone named wireguard if it isn’t already present and containing the wg interface name in the list of covered networks, and masquerade enabled.
This zone is created even if another one containing the same interface in the covered networks list exists and has masquerading disabled and different inter-zone forwarding configurations.
Of course routing will then fail if the local wg network isn’t in the Allowed IPs list of all the other routers in the network.

Workaround: keep this zone present, remove the wg interface name from the list of covered networks and it will not interfere with the expected flows.

Fix: don’t create this zone if another one with the same covered interface already exists.

Regards,

Daumantas · January 15, 2025, 6:22am

Hello @flebourse ,

Thank you for notifying us of the issue! I’ve replicated it and reported it to our RnD team for further consideration.

Best regards,

system · March 15, 2025, 10:00pm

This topic was automatically closed after 60 days. New replies are no longer allowed.

Daumantas · April 9, 2025, 4:38am

Hi @flebourse,

I was informed, that this issue is planned to be addressed in RutOS 07.15.

flebourse · April 9, 2025, 5:09pm

Perfect thank you.

Daumantas · April 12, 2025, 5:10am

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.