Error on startup for Wireguard route add

[0xShkk]

Important notices

Before you add a new report, we ask you kindly to acknowledge the following:

• I have read the contributing guide lines at https://github.com/opnsense/core/blob/master/CONTRIBUTING.md
• I am convinced that my issue is new after having checked both open and closed issues at https://github.com/opnsense/core/issues?q=is%3Aissue

Describe the bug

I have configured OPNsense to use a Wireguard tunnel for accessing certain ressources on an internal network as described in this setup guide: https://docs.opnsense.org/manual/how-tos/wireguard-selective-routing.html. It explicitely mentions:

The IP you choose for the Gateway is essentially arbitrary; pretty much any unique IP will do. The suggestion here is for convenience and to avoid conflicts

So what I did, was not to use an IP 1 number below my Tunnel IP but an completely arbitrary one that is used nowhere else in my setup.

To Reproduce

1. Setup Wireguard tunnel as described here:
   https://docs.opnsense.org/manual/how-tos/wireguard-selective-routing.html

2. If your Wireguard Tunnel IP is 10.13.0.44/32 for example, use 192.168.252.1 as the Gateway address for the Wireguard Gateway.

3. Observe errors on OPNsense startup in the Wireguard logs, because the IF address of the pseudo Gateway cannot be added.

Expected behavior

No errors in the logs.

Relevant log files

Following is not cut, the output is really empty. Even checked it in the lates.log file on disk.

Error | wireguard | /usr/local/opnsense/scripts/Wireguard/wg-service-control.php: The  command '/sbin/route -q -n add '-4' '192.168.252.1' -iface 'wg0''  returned exit code '1', the output was ''

Additional context

It is important to note that the selective routing through the Wireguard Tunnel works. Everything is fine out of a connectivity view. But I get those error messages on OPNsense startup constantly and I fear it might become a problem with future releases.

Environment

OPNsense 24.1.6 (amd64).

[fichtner]

A route probably already exists? Did you check "far gateway" ?

[0xShkk]

Yes, far gateway is ticked :)

[fichtner]

Hmm, why? The route appears to be set by WireGuard itself.

[0xShkk]

Because it is mentioned in the setup guide. I have disabled this now for testing purposes. Same errors on reboot occur.

[fichtner]

It's difficult to help here within community scope because the error is just a side effect and has no impact on the setup. I'm not sure what you expect or if everything is set up correctly either. I'd like to have a clear traceable operational issue?

[0xShkk]

I totally understand and I am thankful for your fast responses. Just wanted to make aware of it as it really has no impact on the operational state currently. Just thought it may is a logic bug in OPNsense itself as I have done everything exactly as described in the setup guide.

[0xShkk]

I can provide you with more details if needed.