Hi everyone,
I've recently run into an issue with the latest OPNsense version, where WireGuard is included by default.
When I start the VPN tunnel manually, everything works as expected using the domain name. However, after rebooting the device, I noticed that the WireGuard tunnel appears to be enabled (everything is green), but no traffic passes through it. The only way to get it working again is to restart the tunnel manually.
I already tested it with a cron job, but the "stale connections" one only restarts it if there was an existing connection that got updated—like when the IP changes on one side or something similar. When I reboot, though, there was never any connection in the first place, which is why the DNS assumes nothing has changed and never updates the VPN/DNS.
I suspect this is related to the boot order. My guess is that WireGuard tries to establish the tunnel before the DNS service is fully available, so the domain name can't be resolved during startup. This theory seems to be supported by the fact that everything works perfectly if I configure the tunnel to use the public IP address instead of the domain name.
I'm looking for a solution that doesn't require creating custom shell scripts or modifying system files, as those kinds of workarounds can easily be forgotten or overwritten by future updates. I'm also not looking for the suggestion to "just use the IP address."
Has anyone encountered this issue before or found a script-free solution? If you need any additional information, feel free to ask.
Thanks in advance!
There is a cron job called "Restart Wireguard on stale connections" - try enabling that.
Hey, thank you for your response.
As I mentioned before, I have already tried the cron job you suggested. The issue is that it only restarts WireGuard if it was previously connected. However, my connection is not online at all, so the cron job never triggers a restart because it doesn't detect any changes.
In other words, the cron job only reacts to state changes, not to initialization failures.
You are correct, see: https://github.com/opnsense/plugins/issues/3565#issuecomment-4834448169