WireGuard not starting correctly after reboot

Started by cds, March 22, 2026, 10:11:47 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
March 22, 2026, 10:11:47 PM
Hi there,

since some time I noticed a strange behaviour:

On every reboot WireGuard does not start up correctly - even the log claims it does. None of the Tunnels are working. 100% reproducible.

When I then have to dis-activate and re-activate Wireguard once -> working stable until next reboot.

The WireGuard log does not give any clue, everything looks usual.

Any hints?

March 22, 2026, 11:13:04 PM #1
Are you using WG to establish outbound tunnels from OPNsense or is OPNsense providing WG for other systens to "dial in"?

If the former, are you using host names (FQDNs) for the peers? Can you use IP addresses instead?
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
April 18, 2026, 05:28:23 PM #2
It is configured both ways. Which ever side is first establishes the tunnel.

Using the IP for the clients is not an option sue to dynamic IPs.

April 18, 2026, 05:38:51 PM #3
Have some WG tunnels on OPNsense, only one install, one tunnel does not come back after reboot since some weeks.

Mostly I have to obtain a fresh WAN IP to make this tunnel come back. Yesterday this tunnel went down at 14:08 without any obvious reason, Only wayto make it re-connect was to obtain a fresh IP for WAN.

Makes no sense at all. Devs will say: Wrong config, will break some day. But worked fine for years, have other tunnels configured same way, rock-solid and comming back after each and every reboot.
kind regards
chemlud
____
"The price of reliability is the pursuit of the utmost simplicity."
C.A.R. Hoare

felix eichhorns premium katzenfutter mit der extraportion energie

A router is not a switch - A router is not a switch - A router is not a switch - A rou....
April 18, 2026, 11:18:34 PM #4 Last Edit: April 18, 2026, 11:21:33 PM by cds
Did some more testing:
changing from FDQN to IP does not change anything.

But I made one additional observation:

After reboot, I get log-entries like

/usr/local/opnsense/scripts/wireguard/wg-service-control.php: The command </usr/bin/wg syncconf 'wg3' '/usr/local/etc/wireguard/wg3.conf'> returned exit code 1 and the output was "Name does not resolve: `xx.yyy.de:51820' Configuration parsing error"


I would be fine with a comment like "wrong config" if someone could tell me what is wrong all the sudden and how to correct ...
Print
Go Up Pages1
User actions