Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

UBIOS_ADDRv4_eth8 seemingly renamed upstream #212

Open
pastly opened this issue Aug 28, 2024 · 1 comment
Open

UBIOS_ADDRv4_eth8 seemingly renamed upstream #212

pastly opened this issue Aug 28, 2024 · 1 comment

Comments

@pastly
Copy link

pastly commented Aug 28, 2024
edited
Loading

This issue grew from my comment in #211 because since making that comment I lost confidence that my issue is related to anybody else's.

Bottom line up front: I think UBIOS_ADDRv4_eth8 was renamed to UBIOS4ALL_ADDRv4_eth8.

I have a Dream Machine Pro UniFi OS 4.0.6.

I use mullvad and wireguard.

Further details are in my next comment.
@pastly pastly mentioned this issue Aug 28, 2024
Open
@pastly
Copy link
Author

pastly commented Aug 28, 2024

/etc/split-vpn/wireguard/mullvad/mullvad.conf

[Interface]
PrivateKey = [... censored ...]
Address = [ipv4]/32,[ipv6]/128
PostUp = sh /etc/split-vpn/vpn/updown.sh %i up
PreDown = sh /etc/split-vpn/vpn/updown.sh %i down
Table = 101

[Peer]
PublicKey = [... censored ...]
AllowedIPs = 0.0.0.0/1,128.0.0.0/1,::/1,8000::/1
Endpoint = something.something.mullvad.net:51820

/etc/split-vpn/wireguard/mullvad/vpn.conf, without comments or empty lines.

The option EXEMPT_IPSETS below used to be UBIOS_ADDRv4_eth8:dst which caused errors in the log.

root@DreamMachinePro:/etc/split-vpn/wireguard/mullvad# grep -v '^#' vpn.conf | grep -v '^$'
FORCED_SOURCE_INTERFACE=""
FORCED_SOURCE_IPV4="192.168.8.0/24 192.168.9.0/24"
FORCED_SOURCE_IPV6=""
FORCED_SOURCE_MAC=""
FORCED_SOURCE_IPV4_PORT=""
FORCED_SOURCE_IPV6_PORT=""
FORCED_SOURCE_MAC_PORT=""
FORCED_DESTINATIONS_IPV4=""
FORCED_DESTINATIONS_IPV6=""
FORCED_LOCAL_INTERFACE=""
EXEMPT_SOURCE_IPV4=""
EXEMPT_SOURCE_IPV6=""
EXEMPT_SOURCE_MAC=""
EXEMPT_SOURCE_IPV4_PORT="tcp-192.168.8.3-22 tcp-192.168.8.76-22"
EXEMPT_SOURCE_IPV6_PORT=""
EXEMPT_SOURCE_MAC_PORT=""
EXEMPT_DESTINATIONS_IPV4="192.168.0.3/32"
EXEMPT_DESTINATIONS_IPV6=""
FORCED_IPSETS=""
EXEMPT_IPSETS="UBIOS4ALL_ADDRv4_eth8:dst"
PORT_FORWARDS_IPV4=""
PORT_FORWARDS_IPV6=""
DNS_IPV4_IP="192.168.0.2"
DNS_IPV4_PORT=53
DNS_IPV4_INTERFACE=""
DNS_IPV6_IP=""
DNS_IPV6_PORT=53
DNS_IPV6_INTERFACE=""
BYPASS_MASQUERADE_IPV4=""
BYPASS_MASQUERADE_IPV6=""
KILLSWITCH=0
REMOVE_KILLSWITCH_ON_EXIT=1
REMOVE_STARTUP_BLACKHOLES=1
VPN_PROVIDER="external"
VPN_ENDPOINT_IPV4=""
VPN_ENDPOINT_IPV6=""
GATEWAY_TABLE="auto"
MSS_CLAMPING_IPV4=""
MSS_CLAMPING_IPV6=""
WATCHER_TIMER=1
ROUTE_TABLE=101
MARK=0x169
PREFIX="VPN_"
PREF=99
DEV=mullvad

To stop the VPN manually for testing, I run this stop-vpn.sh script

root@DreamMachinePro:/etc/split-vpn/wireguard/mullvad# cat stop-vpn.sh 
cd /data/split-vpn/wireguard/mullvad/
wg-quick down /data/split-vpn/wireguard/mullvad/mullvad.conf

And to start it, I run this run-vpn.sh

root@DreamMachinePro:/etc/split-vpn/wireguard/mullvad# cat run-vpn.sh 
#!/bin/sh

# Load configuration and run wireguard
cd /etc/split-vpn/wireguard/mullvad
. ./vpn.conf
# /etc/split-vpn/vpn/updown.sh ${DEV} pre-up >pre-up.log 2>&1
wg-quick up ./${DEV}.conf >wireguard.log 2>&1
cat wireguard.log

Here I switch back to the problematic EXEMPT_IPSETS option so I can get the error messages.

root@DreamMachinePro:/etc/split-vpn/wireguard/mullvad# ./stop-vpn.sh 
[#] sh /etc/split-vpn/vpn/updown.sh mullvad down
[Wed Aug 28 09:30:54 CDT 2024] split-vpn: mullvad down: Loading configuration from /data/split-vpn/wireguard/mullvad/vpn.conf.
[#] ip link delete dev mullvad
root@DreamMachinePro:/etc/split-vpn/wireguard/mullvad# vim vpn.conf 
root@DreamMachinePro:/etc/split-vpn/wireguard/mullvad# ./run-vpn.sh 
[#] ip link add mullvad type wireguard
[#] wg setconf mullvad /dev/fd/63
[#] ip -4 address add [ipv4]/32 dev mullvad
[#] ip -6 address add [ipv6]/128 dev mullvad
[#] ip link set mtu 1420 up dev mullvad
[#] ip -6 route add ::/1 dev mullvad table 101
[#] ip -6 route add 8000::/1 dev mullvad table 101
[#] ip -4 route add 128.0.0.0/1 dev mullvad table 101
[#] ip -4 route add 0.0.0.0/1 dev mullvad table 101
[#] sh /etc/split-vpn/vpn/updown.sh mullvad up
[Wed Aug 28 09:31:03 CDT 2024] split-vpn: mullvad up: Loading configuration from /etc/split-vpn/wireguard/mullvad/vpn.conf.
[Wed Aug 28 09:31:03 CDT 2024] split-vpn: Using IPv4 gateway from table 201: via [public home ipv4] dev eth8.
ipset v7.10: The set with the given name does not exist
ipset v7.10: The set with the given name does not exist
ERROR: Not adding UBIOS_ADDRv4_eth8 with unknown family: .

It's the ipset list "$ipset" commands in add_ipset_rule() in /etc/split-vpn/vpn/add-vpn-iptables-rules.sh that throw the 2nd and 3rd to last lines above.

I ran ipset list | less myself, narrowed the output down, and made a guess that one of the following is the correct replacement. Just a guess. The first one I tried (ALL, not KEY) worked. I don't know anything about what these are or where they come from.

root@DreamMachinePro:/etc/split-vpn/vpn# ipset list | grep -A 8 "Name.*4.*ADDRv4_eth8"
Name: UBIOS4ALL_ADDRv4_eth8
Type: hash:net
Revision: 6
Header: family inet hashsize 64 maxelem 10000
Size in memory: 408
References: 2
Number of entries: 1
Members:
[public home ipv4]
--
Name: UBIOS4KEY_ADDRv4_eth8
Type: hash:net
Revision: 6
Header: family inet hashsize 64 maxelem 10000
Size in memory: 408
References: 1
Number of entries: 1
Members:
[public home ipv4]

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@pastly