1
Virtual private networks / One Wireguard VPN tunnel does not start after upgrade to 22.1
« on: February 07, 2022, 03:09:08 am »
I wanted to do a fresh install of Opnsense to change to ZFS filesystem and thought this would be a good opportunity so made a backup of my config file and installed 22.1. I then uploaded the config file and thought everything went smoothly until I noticed 1 of the 2 tunnels I have was not active. I have not been able to figure out the problem as I checked to make sure no spaces might have been in the secrets from the reinstall of the config. I even deleted the vpn configuration and reentered and still did not resolve the problem. I also deleted the wg0.conf file as I thought that might remove any trace of the configuration before recreating the tunnel. After spending many hours trying to figure this out finally reinstalled 21.7 and upgraded to 21.7.8. I then reinstalled the config and rebooted and both tunnels were now active. I then attempted to upgrade in place from 21.7.8 to 22.1 and after the upgrade only1 tunnel is active. It is the same tunnel wg0 that is not active. I did run wireguard restart from the command line and this is the output while running 22.1.
I see for wg0 at the bottom this statement rm -f /var/run/wireguard/wg0.sock so it is deleting wg0 where normally should be my route to to an internal ip address of 192.168.0.0/24. I just don't know why it is breaking and the other VPN wg1 is working as the configurations are similar. When I look at the other Opnsense machine on the other side of the VPN it is showing the connection but no traffic is passing and the handshake time just keeps increasing until I restart the wireguard service.
I do have two other sites running Opnsense and upgraded to 22.1 without issue a couple weeks ago so I know it should work. I also noticed right before I'm posting this that the plugin for os-wireguard is showing misconfigured so don't know if that means anything as a couple other plugins also show misconfigured. It is showing installed on the two other sites I have Opnsense running and all running os-wireguard 1.10. Also the hardware at all three sites is identical.
I'm not going to be able to be on site at the location until next weekend but wanted to try and have some things ready to try to fix the problem and need to have this VPN active so any help to fix would be appreciated as I reinstalled 21.7.8 again to have he VPN's working.
Code: [Select]
root@turnstone:~ # /usr/local/etc/rc.d/wireguard restart
wg-quick: `wg0' is not a WireGuard interface
[#] rm -f /var/run/wireguard/wg1.sock
[#] ifconfig wg create name wg0
[!] Missing WireGuard kernel support (ifconfig: SIOCIFCREATE2: Invalid argument). Falling back to slow userspace implementation.
[#] wireguard-go wg0
┌──────────────────────────────────────────────────────┐
│ │
│ Running wireguard-go is not required because this │
│ kernel has first class support for WireGuard. For │
│ information on installing the kernel module, │
│ please visit: │
│ https://www.wireguard.com/install/ │
│ │
└──────────────────────────────────────────────────────┘
[#] wg setconf wg0 /dev/stdin
[#] ifconfig wg0 inet 10.11.0.2/24 alias
[#] ifconfig wg0 mtu 1420
[#] ifconfig wg0 up
[#] route -q -n add -inet 10.11.0.2/32 -interface wg0
[#] rm -f /var/run/wireguard/wg0.sock
[#] ifconfig wg create name wg1
[!] Missing WireGuard kernel support (ifconfig: SIOCIFCREATE2: Invalid argument). Falling back to slow userspace implementation.
[#] wireguard-go wg1
┌──────────────────────────────────────────────────────┐
│ │
│ Running wireguard-go is not required because this │
│ kernel has first class support for WireGuard. For │
│ information on installing the kernel module, │
│ please visit: │
│ https://www.wireguard.com/install/ │
│ │
└──────────────────────────────────────────────────────┘
[#] wg setconf wg1 /dev/stdin
[#] ifconfig wg1 inet 10.11.3.2/24 alias
[#] ifconfig wg1 mtu 1420
[#] ifconfig wg1 up
[#] route -q -n add -inet 10.11.3.1/32 -interface wg1
[#] route -q -n add -inet 192.168.60.0/24 -interface wg1
[+] Backgrounding route monitor
ifconfig: interface wg0 does not exist
I see for wg0 at the bottom this statement rm -f /var/run/wireguard/wg0.sock so it is deleting wg0 where normally should be my route to to an internal ip address of 192.168.0.0/24. I just don't know why it is breaking and the other VPN wg1 is working as the configurations are similar. When I look at the other Opnsense machine on the other side of the VPN it is showing the connection but no traffic is passing and the handshake time just keeps increasing until I restart the wireguard service.
I do have two other sites running Opnsense and upgraded to 22.1 without issue a couple weeks ago so I know it should work. I also noticed right before I'm posting this that the plugin for os-wireguard is showing misconfigured so don't know if that means anything as a couple other plugins also show misconfigured. It is showing installed on the two other sites I have Opnsense running and all running os-wireguard 1.10. Also the hardware at all three sites is identical.
I'm not going to be able to be on site at the location until next weekend but wanted to try and have some things ready to try to fix the problem and need to have this VPN active so any help to fix would be appreciated as I reinstalled 21.7.8 again to have he VPN's working.