Im using unbound as dns server and ipsec tunnel with a dns remote gateway. after rebooting the firewall, ipsec seems to be started before unbound and is not able to resolve the host. it stops after 3 retrys, even though keyretries is set to 0 in the ipsec config which should mean unlimited retries.
is there a way to start ipsec delayed after unbound, or configure ipsec service not to stop?
Does the Firewall itself use Unbound as resolver for its own DNS requests?
What configured in System: Settings: General?
Maybe use the resolvers of your ISP or Cloudflare/Google here instead and see if that fixes the problem.
general is 127.0.0.1 configured, with google it works but is not a option since Im using encrypted dns and blocklists with unbound.
Hmm, you should open an issue on github and explain your case there.
https://github.com/opnsense/core/issues
Maybe also attach the ipsec logs of the permanent failure thats happening.
Quote from: dstr on August 09, 2024, 11:08:57 AM
is there a way to start ipsec delayed after unbound, or configure ipsec service not to stop?
Generally it's not needed. IPsec connections start automatically if properly configured. Check the CHILD_SAs:
- Start action should be set to "trap" or "trap+start"
- DPD action should be set to "trap" (if used)