I’m assuming this is an incompatibility with Ubiquiti’s new Site Magic.
Dream-Machine-SE wireguard: wgsts1000: possible loop detected, dropping skb of size 65216
over and over in the CLI.
Dream Machine SE running:
UniFi OS v3.1.16
I sent a request back in September when this issue first appeared and did not receive even a single hint/suggestion or solution.
So I’m posing it again.
Thanks for opening this. I get identical issues when Zerotier is running, even before joining a network. Happens instantly when starting Zerotier.
(Date & Time) (Machine name) wireguard: wgsts1000: possible loop detected, dropping skb of size 65216
- UnifFi OS v3.1.16
- Network v8.0.7
- Protect v2.9.42, but not in use.
- Wireguard/SiteMagic setup and in use
I’d love to have it installed and actually used IN PLACE OF the built-in wireguard/site magic., so that it can bridge networks with the same network space and VLAN ID (something site magic is loath to do).
Does seem to be an incompatibility with Site Magic.
This could be a tunnel recursion issue. If it is, the order of operations causing it would be something like this:
- Site Magic comes up
- ZeroTier is built over the Site Magic VPN
- Site Magic seeing a better path between devices rebuilds it’s VPN over ZeroTier, which is essentially trying to build over itself like a snake eating its tail
If this is what is happening, you can mitigate that by blacklisting the Site Magic path from ZeroTier. You can modify the local.conf file with either of the following 2 options (replacing either the subnet or interface Site Magic is using in your setup):
You’ll have to see if there’s any mechanism to prevent Site Magic from building over the ZeroTier path to prevent that if desired.
Thank you for this detailed reply!
I forgot to mention that this error pops up in the log prior to ZeroTier joining any network. It literally shows up as soon as ZeroTier is installed.
That’s a great point you make about prohibiting the VPN (SiteMagic/WireGuard) from trying to route over ZeroTier, as eventually it might think that it could do just that. I’ll keep it in mind and try it out if WireGuard tries to do that.