delete interfaces wireguard not working / provisioning loop

[jollyjinx]

The package itself runs fine , but I run into a provisioning loop as soon as I set

route-allowed-ips true

on one interface. I also found out that I can't:

delete interfaces wireguard

when I have one interface set to route-allowed-ips true

Side note: I do NOT have the wireguard configuration inside a config.gateway.json.
I found out that having a wireguard in config.gateway I no longer can update the USG without running in a provisioning loop.

I have a script running on provisioning that installs wireguard (if needed) and setting and saving the wireguard configuration values after a provisioning, that way I can still upgrade my usg.

[thomas-baumeister]

You can have your configuration stored in config.gateway.json but once you upgrade the firmware on your USG to have to ssh and install wireguard again (before it reboots to reset the config).
Since this is quite a hassle, I found this useful: https://github.com/britannic/install-edgeos-packages.
Basically, you store the installation packages on the USG and they are installed whenever necessary.

Worked perfectly fine on my USG4 when upgrading to v4.4.51.

[jollyjinx]

I use a similar approach with my scripts on reinstalling the software. I try to keep the unifi system to itself and only run my changes after everything unifi provisions itself. So I can reset the usg to factory default and only have to copy my config sub directory to the machine.

The main problem here is, that it's running in a provisioning loop as it has a problem when wireguard interface is to set to allow routing.
Try to do a
delete interfaces wireguard
when one is set to allow routing to replicate the issue.

[jollyjinx]

I found a workaround last night, so that I can update and provision my USG from within the unifi webgui again - yeah. I do set the route-allowed-ips to false and use the route command to add routes to the distant network when the machine starts up. That way provisioning and updating works now seamless.

For reference for others - I have a a directory in /config which has a couple of scripts to install and runs everything I need which does not get wiped out on updating the usg.
To get the system up and running is to start the script once via config.gateway.json using system task-scheduler.

[FossoresLP]

I will look into disabling route allowed ips when removing Wireguard interfaces. Please note that I have no experience with vyatta though so it might take me some time to figure it out.