Package: systemd Version: 250.2-3 Severity: critical Justification: completely breaks network connectivity in certain setups X-Debbugs-Cc: none, Tollef Fog Heen <tfh...@err.no>
(Feel free to downgrade, but this completely broke network on my testing system, which weren't it my laptop and sat in front of me, it'd be really hard to debug.) It seems like systemd-networkd between 249.7-1 and 250.2-3 started adding IPs specified in AllowedIPs in WireGuardPeer stanzas in netdev units to the routing table. The documentation in systemd.netdev states: Note that this only affects routing inside the network interface itself, i.e. the packets that pass through the tunnel itself. To cause packets to be sent via the tunnel in the first place, an appropriate route needs to be added as well — either in the "[Routes]" section on the ".network" matching the wireguard interface, or externally to systemd-networkd. This is the historic behaviour, and this behaviour can be had by using RouteTable=off in the WireGuardPeer section. The reason it broke is I have a multi-peer wireguard setup where I direct traffic to the different peers a machine can talk to using BGP and bird, and therefore has AllowedIPs=0.0.0.0/0 for the netdevs. After the upgrade, systemd-networkd proceeded to make my default route point at the tunnels (which are not suitable as default routes) in addition to my regular default route, causing most of the traffic to end up on the floor. It might be possible to detect this in a postinst, but it's probably brittle, so I'd consider changing the default RouteTable setting to off. -- System Information: Init: systemd (via /run/systemd/system) Versions of packages systemd depends on: ii adduser 3.118 ii libacl1 2.3.1-1 ii libapparmor1 3.0.3-6 ii libaudit1 1:3.0.6-1+b1 ii libblkid1 2.37.2-6 ii libc6 2.33-2 ii libcap2 1:2.44-1 ii libcrypt1 1:4.4.27-1 ii libcryptsetup12 2:2.4.3-1 ii libfdisk1 2.37.2-6 ii libgcrypt20 1.9.4-5 ii libgnutls30 3.7.2-5 ii libgpg-error0 1.43-1 ii libip4tc2 1.8.7-1 ii libkmod2 29-1 ii liblz4-1 1.9.3-2 ii liblzma5 5.2.5-2 ii libmount1 2.37.2-6 ii libpam0g 1.4.0-11 ii libseccomp2 2.5.3-2 ii libselinux1 3.3-1+b1 ii libsystemd0 250.2-3 ii libzstd1 1.4.8+dfsg-3 ii mount 2.37.2-6 ii util-linux 2.37.2-6 Versions of packages systemd recommends: ii dbus [default-dbus-system-bus] 1.12.20-3 ii ntp [time-daemon] 1:4.2.8p15+dfsg-1 Versions of packages systemd suggests: ii libfido2-1 1.9.0-1 ii libtss2-esys-3.0.2-0 3.1.0-3 ii libtss2-mu0 3.1.0-3 ii libtss2-rc0 3.1.0-3 ii policykit-1 0.105-31 ii systemd-container 250.2-3 Versions of packages systemd is related to: pn dracut <none> ii initramfs-tools 0.140 ii libnss-systemd 250.2-3 ii libpam-systemd 250.2-3 ii udev 250.2-3 -- no debconf information -- Tollef Fog Heen UNIX is user friendly, it's just picky about who its friends are