Teleport

[churnd]

With Unifi releasing Teleport, which is basically Wireguard underneath, are there any concerns of conflict with using this project alongside Unifi's own wireguard implementation? Does this one overwrite the wireguard version that now ships by default on UnifiOS? If this version is set up, will Teleport continue to work?

[peacey]

Hi @churnd,

There shouldn't be any concerns using this project with the latest version that has Teleport.

Because of Teleport, the Unifi OS already comes with the wireguard module pre-installed. But it does not come with the wg-quick script (it only comes with wg binary and the kernel module). This project adds 2 things:

1. The wg-quick script + bash, which makes it easier to activate/bring down a wireguard configuration.
2. The latest kernel module for wireguard based on wireguard upstream, which can be loaded optionally if you prefer not to use Ubiquiti's older module version.

Clarifying point 2, Ubiquiti ships an older version of the wireguard module. By default, this script will load the built-in module that Ubiquiti ships. If you change the option LOAD_BUILTIN to 0 in the setup_wireguard.sh script, then the script will load the latest external module included in this project. Some people have found the newer module version is more robust and shouldn't interfere with Teleport working, so prefer to use that. But if you prefer to stick to the built-in module provided by Ubiquiti to be on the safe side, then don't change the default LOAD_BUILTIN option, which is set to 1.

[churnd]

I just set it up as usual. I'd been using this project before UnifiOS UDM 1.12, so I did have it working before. I'm getting errors when I try to use Teleport now. This is what shows up in the log:

Jun  3 08:42:13 UDM daemon.err /usr/bin/teleportd[3379]: [peer 192.168.3.1]: failed to create Wireguard tlprt0: link up failed: exit status 2
Jun  3 08:42:13 UDM user.err kernel: [  256.902158] wireguard: tlprt0: Could not create IPv4 socket

[peacey]

Thanks for the report, @churnd. I was able to recreate your problem by using the external module. The problem does not occur with the built-in module, so why don't you use that for now? Just make sure LOAD_BUILTIN is set to 1 in your /mnt/data/wireguard/setup_wireguard.sh. Then rmmod wireguard and run setup_wireguard.sh again.

As for the external module, I am still investigating and I don't really understand why it's not working well yet (I have a few ideas). Teleport is complaining it can't bring the interface up because there was a kernel error in the IPv6 stack, but I was successfully able to bring the teleport interface up manually and add the correct IP/routes to enable Teleport to work properly with the external module. So quite confusing. Let me do some more debugging to see what's happening. But as I said, just use the built-in module for now.

[churnd]

Thanks, reverting to the built-in module fixed it for me as well. Since you said it's IPv6 related, do we need to have IPv6 enabled on the Unifi device (UDM in my case)? IPv6 is not enabled on mine for neither my WAN interface nor local network.