Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Virtual private networks
»
wireguard tunnel don't come up after restart
« previous
next »
Print
Pages: [
1
]
Author
Topic: wireguard tunnel don't come up after restart (Read 2237 times)
DL-KK
Newbie
Posts: 2
Karma: 0
wireguard tunnel don't come up after restart
«
on:
June 24, 2022, 11:43:29 am »
Hi Guys
we have a test setup of 2 x opnsense 22.1.9 firewalls
the first one is public available unit , and the other is behind a NAT firewall (but I dont think the problem is related to this)
the problem is that we can set up Wireguard vpn, and we have a fine stable connection, but when we reboot the firewall, the plugin says that it start handshake, and add it as a peer interface, but we dont see any traffic
going through the tunnel.
the tunnel running great until we reboot the unit. after the reboot the tunnel cant get online but if we try to run
/usr/local/etc/rc.d/wireguard stop
then wait some seconds and then run
/usr/local/etc/rc.d/wireguard start
then it seems to bring up the tunnel (in 1 out for 20 times, just keep rerun the same commands)
the output below is from after a reboot of the unit, but before it is working
did anyone have a idea what is happining here ? and any ideas to a solution ??
system info (both ends):
OPNsense 22.1.9-amd64 (it was same problem with 22.1.
plugin: os-wireguard 1.11 (also tried with 1.10)
packages: wireguard-kmod 0.0.20220615 (tried with and without this package)
behind NAT unit conf:
interface: wg0
public key: 1oFHvZGtjWyaz+u/0CjxcCFLZvsDPdrxxxxxxxxxxxxx
private key: (hidden)
listening port: 51113
peer: yD1Dq6WCu8w1lAvpE365pBq9h4Axxxxxxxxxxxxx
endpoint: x.x.x.x:51113
allowed ips: 10.4.113.0/24, 172.20.113.0/24
latest handshake: 10 seconds ago
transfer: 252 B received, 340 B sent
persistent keepalive: every 2 seconds
public unit conf:
interface: wg0
public key: yD1Dq6WCu8w1lAvpE365pBqxxxxxxxxxxxxx
private key: (hidden)
listening port: 51113
peer: 1oFHvZGtjWyaz+u/0Cjxcxxxxxxxxxxxxx
endpoint: y.y.y.y:51113
allowed ips: 172.20.113.0/24, 10.20.113.0/24
latest handshake: 1 second ago
transfer: 13.72 KiB received, 31.25 KiB sent
persistent keepalive: every 2 seconds
Logged
alh
Full Member
Posts: 123
Karma: 6
Re: wireguard tunnel don't come up after restart
«
Reply #1 on:
July 19, 2022, 08:46:31 am »
I have the same problem with the latest Business Edition 22.4.2. After reboot only wg0 kind of comes up, meaning handshake is established but zero traffic through the tunnel. After manually restarting the service both the interfaces wg0 and wg1 come up and start working.
Logged
mallox
Newbie
Posts: 1
Karma: 0
Re: wireguard tunnel don't come up after restart
«
Reply #2 on:
July 21, 2022, 02:14:51 pm »
Had this exact same problem. Wg0 didn't come up but wg1 did. Had to drive over to reset the wireguard tunnel. Disappointing... Haven't had this issue previously
Logged
franco
Administrator
Hero Member
Posts: 17661
Karma: 1611
Re: wireguard tunnel don't come up after restart
«
Reply #3 on:
July 21, 2022, 02:18:21 pm »
Also have OpenVPN running?
Cheers,
Franco
Logged
alh
Full Member
Posts: 123
Karma: 6
Re: wireguard tunnel don't come up after restart
«
Reply #4 on:
December 27, 2022, 09:44:54 pm »
I still have this issue after the recent upgrade to OPNsense 22.10-amd64. Now wg0 did not come up but wg1 did. I thought I was clever by setting up a cronjob to restart WireGuard daily. But apparently this didn't help. So I had to manually restart the service in the dashboard to have wg0 up and running.
This is quite weird, because I do not have this issue on any community installation.
And to answer to Franco: no, no OpenVPN running.
Logged
newsense
Hero Member
Posts: 1037
Karma: 77
Re: wireguard tunnel don't come up after restart
«
Reply #5 on:
December 31, 2022, 08:07:11 pm »
Quote from: alh on December 27, 2022, 09:44:54 pm
manually restart the service in the dashboard to have wg0 up and running.
There's little to no justification to still use wireguard-go. The kmod-wireguard works perfectly fine with multiple WG instances alongside OpenVPN or without it.
Side note - once the kmod is installed the Dashboard is not usable anymore and it shows the service being down, which is technically accurate since it pertains to the Go implementation.
Code:
[Select]
pkg install wireguard-kmod
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Virtual private networks
»
wireguard tunnel don't come up after restart