Wireguard interface not coming up on reboot, error in logs

Started by jbattermann, November 13, 2023, 09:00:00 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
November 13, 2023, 09:00:00 PM
Good morning,

I just installed OPNsense again after a while on a test system, installed the os-wireguard plugin, configured and connected to the endpoint (Cloudflare warp in this case) just fine, but after a reboot the connection is always down.

Checked the System > Log Files > Audit logs and saw this entry:

Code Select
/usr/local/opnsense/scripts/Wireguard/wg-service-control.php: The command '/usr/bin/wg syncconf 'wg1' '/usr/local/etc/wireguard/wg1.conf'' returned exit code '1', the output was 'Name does not resolve: `engage.cloudflareclient.com:2408' Configuration parsing error'

Checked the mentioned '/usr/local/etc/wireguard/wg1.conf' file and its endpoint looks correct (as per wg.conf notation):

Code Select
####################################################
# Interface settings, not used by `wg`             #
# Only used for reference and detection of changes #
# in the configuration                             #
####################################################
# Address =  172.16.0.2/32
# DNS =
# MTU =
# disableroutes = 1
# gateway = 172.16.0.1

[Interface]
PrivateKey = NopeNopeNope
ListenPort = 56351

[Peer]
# friendly_name = Cloudflare
PublicKey = ShouldBeFineToPasteButMaybeRatherNope
Endpoint = engage.cloudflareclient.com:2408
AllowedIPs = 0.0.0.0/0,::/0

When restarting the wireguard service for this connection it works as expected so I was wondering if the one has anything to do with the other / how to make sure the connection IS up after reboot?
November 13, 2023, 09:04:57 PM #1
I'm assuming this is 23.7.8... is your WAN DHCP or PPPoE or static setup? If resolving fails for a long time during boot eventually the system has no way to come up gracefully. What sort of DNS resolution are you using? Root servers, forwarding or something fancy like DNS over TLS?


Cheers,
Franco
November 13, 2023, 09:33:53 PM #2 Last Edit: November 13, 2023, 10:56:12 PM by newsense
Things went sideways for me as well this morning Franco after applying this morning patches on 3.0.12, WG VPNs are both up and the RTT is ~70-90 on both, but no traffic is being routed there.

Yesterday when I reverted squid to go to 3.012 it was all good and reboots were fine.

I tried reverting os-wireguard but there's only os-wireguard-2.5_1 available which gets reinstalled but doesn't help.


Also, ddclient is down as well as of this morning on 2 FWs post updates and I can't see anything relevant in the logs.
November 13, 2023, 10:15:23 PM #3
Quote from: franco on November 13, 2023, 09:04:57 PM
I'm assuming this is 23.7.8... is your WAN DHCP or PPPoE or static setup? If resolving fails for a long time during boot eventually the system has no way to come up gracefully. What sort of DNS resolution are you using? Root servers, forwarding or something fancy like DNS over TLS?


Cheers,
Franco

Hi Franco,

the WAN interface is a static setup (double NAT / behind another FW actually for the time being) but the DNS server is local & that very same FW/Router and is accessible whenever the opnsense reboots... and nothing fancy at all.
November 13, 2023, 10:15:58 PM #4
Oh and it's 23.7.8_1 (already happened with 23.7.8 as well)
December 04, 2023, 08:38:02 PM #5
Hey jbattermann. Did you solve this issue?
Print
Go Up Pages1
User actions