Hi there.
We face an issue with the wireguard-go plugin: If the WAN port of the OPNsense-appliance comes up delayed (maybe 10-20secs), Wireguard does not manage to resolve the configured endpoint properly:
...
Name does not resolve: 'hostname.domain.tld:51820'
Configuration parsing error
[#] rm -f /var/run/wireguard/wg0.sock
When opening the webinterface and clicking on "Save" within the Wireguard configuration, the tunnel establishes just fine.
This issue is a bit critical as we're using the tunnel itself to manage the deployed gateways.
Any help is highly appreciated.
qdrop
Then you have to create a rc.late hook to restart again, or you just use IP address instead of DNS
I implemented another workaround: A static mapping within the unbound resolver.
Still, how can this rc.late hook be implemented exactly?
Go to /usr/local/etc/rc.syshook.d/start/, copy 50-wireguard to 99-wireguard and make the call
/usr/local/etc/rc.d/wireguard restart
Quote from: mimugmail on September 03, 2020, 04:35:13 PM
Go to /usr/local/etc/rc.syshook.d/start/, copy 50-wireguard to 99-wireguard and make the call
/usr/local/etc/rc.d/wireguard restart
Will this work even if the appliance gets online at a much later point in time? Like after couple of minutes?
Wireguard does not use a newwanip type event listener that would help recover from these scenarios...
See e.g.: https://github.com/opnsense/plugins/blob/ee487f15f6a1ebbc416c68b74c3397edc3aa404b/net/igmp-proxy/src/etc/inc/plugins.inc.d/igmpproxy.inc#L61
Cheers,
Franco