OPNsense Forum
English Forums => Virtual private networks => Topic started by: kraksna on July 02, 2022, 08:03:59 am
-
Hello,
I wonder if anyone has the same problem as me. The thing is, that after a reboot, VPN interfaces don't really come up. This is how it looks like after reboot in the GUI : https://imgur.com/a/SV3gvNu (https://imgur.com/a/SV3gvNu). No Obvious issues, all is up, IP exists. Now, down there on the console it looks like this : https://imgur.com/W4OE1JM (https://imgur.com/W4OE1JM). No IP on the interface.
I tried to cycle the inteface like this using configctl, but that has no effect.
/usr/local/sbin/configctl interface linkup stop <interface> && /usr/local/sbin/configctl interface reconfigure <interface> && /usr/local/sbin/configctl interface linkup start <interface>
I found out, that it can be fixed by clicking something meaningless in the GUI, like "prevent interface removal" checkbox off and back on (causing no changes), then save, apply and voila, VPN is back up.
I would assume it's some sort of interface bring up sequence issue, as zerotier in this case needs WAN, which might not be completely available at that moment when it's needed. Same issue affects wireguard.
The real fix that would very well suffice for me would be a cronjob that simply tests for IP existence via ping and restarts the interface as the GUI does it. Unfortunately, the command above is not it..
What is the opnsense right way to cycle the interface from CLI ?
Thank you.
-
Apparently, defining a cronjob to do an interface reset is a solution. I have it reset every half hour, using opt1 as cronjob parameter.
In zerotier case (i haven't tested with anything else), it produces no noticeable outage on ping.
Testing with an open TCP connection between 2 servers via the VPN to find out if the connection gets interrupted or not is tbd.
It is sub-optimal, because the reset is happening all the time and i would only like to reset when pings fail, but meh..