peer endpoint goes missing from the active configuration after reboot with no internet

[KSebion]

Package version

1.0.20220627-1

Firmware version

2.0.9-hotfix.7

Device

EdgeRouter X (SFP, 10 X, EP-R6) - e50

Issue description

Hi,
I've had a few cases where the peer endpoint goes missing after a reboot with no internet.
This was very problematic because the missing endpoint setting propagated to the boot configuration without me knowing.

This seems similar to GH-124.
Using set interfaces wireguard wg0 route-allowed-ips false was mentioned at GH-124 but didn't help.
I ended up doing a cron script that checks if the endpoint is missing from the active configuration and adds it back.

Thanks.

Configuration and log output

set interfaces wireguard wg0 address 10.99.1.2/32
set interfaces wireguard wg0 mtu 1420
set interfaces wireguard wg0 peer X5uDAzbQ/sm0gmYPSkQVzRYG3A4pUExZbZKTEt+BrnA= allowed-ips 10.99.0.0/16
set interfaces wireguard wg0 peer X5uDAzbQ/sm0gmYPSkQVzRYG3A4pUExZbZKTEt+BrnA= endpoint '<redacted>:20525'
set interfaces wireguard wg0 peer X5uDAzbQ/sm0gmYPSkQVzRYG3A4pUExZbZKTEt+BrnA= persistent-keepalive 10
set interfaces wireguard wg0 private-key <redacted>
set interfaces wireguard wg0 route-allowed-ips true

[azagramac]

The same thing happens to me, although the configuration is saved on reboot, it is lost.
The only thing that is kept are the rules. The rest, the interface and the peers, are lost after the reboot.

My hardware:

• EdgeRouter 4, firmware v2.0.9-hotfix.7
• Package version wireguard: 1.0.20220627

Steps:

curl -OL https://github.com/WireGuard/wireguard-vyatta-ubnt/releases/download/1.0.20220627-1/e300-v2-v1.0.20220627-v1.0.20210914.deb
sudo dpkg -i e300-v2-v1.0.20220627-v1.0.20210914.deb
sudo wg --version
wireguard-tools v1.0.20210914 - https://git.zx2c4.com/wireguard-tools/

wg genkey | tee /config/auth/wg.key | wg pubkey >  /config/auth/wg.pub
wg genpsk | tee /config/auth/wg.psk

configure
set firewall name WAN_LOCAL rule 20 description 'Allow WireGuard'
set firewall name WAN_LOCAL rule 20 action accept
set firewall name WAN_LOCAL rule 20 protocol udp
set firewall name WAN_LOCAL rule 20 destination port 51820
commit

set interfaces wireguard wg0 description "WireGuard"
set interfaces wireguard wg0 private-key /config/auth/wg.key
set interfaces wireguard wg0 address 10.5.1.1/24
set interfaces wireguard wg0 listen-port 51820
set interfaces wireguard wg0 route-allowed-ips false
commit

set interfaces wireguard wg0 peer {peer key pub} description "Android"
set interfaces wireguard wg0 peer {peer key pub} allowed-ips 192.168.1.0/24
set interfaces wireguard wg0 peer {peer key pub} endpoint {sub.domain.com}:51820
set interfaces wireguard wg0 peer {peer key pub} persistent-keepalive 15
set interfaces wireguard wg0 peer {peer key pub} preshared-key /config/auth/wg.psk
commit ;save

If the router is not rebooted, the configuration is maintained, but after rebooting... you have to reconfigure the interface and peers.