I now believe the dmesg complaint in my last comment to be a separate issue. A fix for it was backported to systemd v238 in this commit:
https://github.com/systemd/systemd- stable/commit/7db3fe08c5eb83584f3a3d356876b4acaa797585#diff- f29d1bfc98e548dc0eb497c3d17cbefa It was not backported to systemd v237: https://github.com/systemd/systemd- stable/commits/v237-stable/src/network/netdev/wireguard.c -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to systemd in Ubuntu. https://bugs.launchpad.net/bugs/1853956 Title: 34 wireguard peers result in invalid peer configuration Status in systemd package in Ubuntu: New Bug description: ubuntu server 18.04.3 LTS systemd 237-3ubuntu10.31 wireguard 0.0.20191012-wg1~bionic from PPA. We're using systemd-networkd to configure wireguard via wireguard.netdev and wireguard.network files in /etc/systemd/network/. All endpoints have IPv4 addresses. When we include 34, 35, or 36 [WireGuardPeer] entries in the netdev file some peers are configured incorrectly. The affected peers seem to be related to the total number of peers (counting from 0 here): 33 peers: No issue 34 peers: Peer 1 and 2 fail 35 peers: Peer 2 and 3 fail 36 peers: Peer 3 and 4 fail 37 peers: No issue In all cases peer 0 is functional. For an affected pair of peers A and B, peer A ends up with the allowed IP address range of peer B. Peer B ends up with no allowed IP addresses. This can be seen in the output of wg. The connections to both peers fail because of incorrect address range assignments. We first encountered this issue in a production environment when we moved from 33 to 34 unique peers on each server. The issue was reproduced on 3 different physical servers with similar configuration by adding and removing peer 34. The [WireGuardPeer] entries do not need to be unique to reproduce the issue. In my testing I used 6 distinct peers and then used 28 or more identical copies of a 7th peer. The results were the same. In January 2019 a bug was reported that was also related to the number of wireguard peers, but the description seems sufficiently different from our case that I felt I should file a distinct bug report. Here's a link to that report in case I'm wrong about that: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1811149 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1853956/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
