wag: XDP eBPF firewall blocks register_mfa?

Hi

I’m trying to setup WAG on my local intranet but the eBPF firewall blocks the connection by returning XDP_DROP. This seems to be due to the Device having sessionExpiry = 0, as pasted below as output from kernel ring buffer.

Steps:

1. Add debug logs

• adapted the internal/router/xdp.c to print the checks done that result in XDP_DROP and also the values of each test branch.
• rebuilt the WAG executable

1. Test registration

• enable port-forward in router to VM that hosts the WAG server, for <Webserver.Public.ListenAddress>
• start WAG server
• from WAG Host, open Webadmin and add a Registration_Token
• from the Client device, open register_device url at http://<ExternalAddress>:<Public.ListenAddress>/register_device?key=<Registration_Token>. A WireGuard .conf file gets downloaded.
• configure the file in Client’s WireGuard
• start Client’s Wireguard and activate the config
• handshake works and Transfer begins for both received/sent which is OK
• register a WAG_DOMAIN.TLD with LetsEncrypt SSL
• open the https://<WAG_DOMAIN.TLD>:<Tunnel.Port>/
• the browser hangs and there’s below errors in kernel tracing:

> sudo cat  /sys/kernel/debug/tracing/trace_pipe

kworker/3:0-4612    [003] d.s1  8233.786962: bpf_trace_printk: conntrack(): *isAccountLocked || isTimedOut || current_device->
kworker/3:0-4612    [003] d.s1  8233.787763: bpf_trace_printk: current_device->sessionExpiry == 0
kworker/3:0-4612    [003] d.s1  8233.787770: bpf_trace_printk: currentTime > current_device->sessionExpiry
kworker/3:0-4612    [003] d.s1  8233.787771: bpf_trace_printk: xdp_wag_firewall() = XDP_DROP

Is there something I didn’t understand from the Usage guides or is this actually a bug in WAG? Thank you!