Starting Interfaces order when booting up, can we change it?

[zan]

I setup a GRE6 tunnel to my office and after reboot I found the tunnel did not start automatically, I had to manually 'save and apply' to bring it up.
My /var/log/boot.log shows this:

Code Select Expand

2023-02-16T14:12:09+00:00 interfaces_hardware[369] Configuring hardware interfaces...
2023-02-16T14:12:09+00:00 interfaces_hardware[369] done.
2023-02-16T14:12:09+00:00 interfaces_loopback_configure[369] Configuring loopback interface...
2023-02-16T14:12:09+00:00 interfaces_loopback_configure[369] done.
2023-02-16T14:12:09+00:00 interfaces_lagg_configure[369] Configuring LAGG interfaces...
2023-02-16T14:12:09+00:00 interfaces_lagg_configure[369] done.
2023-02-16T14:12:09+00:00 interfaces_vlan_configure[369] Configuring VLAN interfaces...
2023-02-16T14:12:09+00:00 interfaces_vlan_configure[369] done.
2023-02-16T14:12:09+00:00 interface_configure[369] Configuring TRANSIT interface...
2023-02-16T14:12:09+00:00 interface_configure[369] done.
2023-02-16T14:12:09+00:00 interface_configure[369] Configuring VLAN10_VMS interface...
2023-02-16T14:12:09+00:00 interface_configure[369] done.
2023-02-16T14:12:09+00:00 interface_configure[369] Configuring VLAN20_GADGETS interface...
2023-02-16T14:12:09+00:00 interface_configure[369] done.
2023-02-16T14:12:09+00:00 interface_configure[369] Configuring VLAN30_GUESTS interface...
2023-02-16T14:12:09+00:00 interface_configure[369] done.
2023-02-16T14:12:09+00:00 interface_configure[369] Configuring GRE_OFFICE interface...
2023-02-16T14:12:09+00:00 interface_configure[369] done.
2023-02-16T14:12:09+00:00 system_routing_configure[369] Setting up routes...
2023-02-16T14:12:09+00:00 system_routing_configure[369] done.
2023-02-16T14:12:09+00:00 dpinger_configure_do[369] Setting up gateway monitor GRE_OFFICE_TUNNELV4...
2023-02-16T14:12:09+00:00 dpinger_configure_do[369] done.
2023-02-16T14:12:10+00:00 interface_configure[369] Configuring LAN interface...
2023-02-16T14:12:10+00:00 interface_configure[369] done.
2023-02-16T14:12:10+00:00 interface_configure[369] Configuring WAN interface...
2023-02-16T14:12:11+00:00 system_routing_configure[369] Setting up routes...
2023-02-16T14:12:11+00:00 system_routing_configure[369] done.

I found it strange the tunnel iface got configured earlier than the WAN whereas the tunnel itself depends on the WAN iface(parent) to be up first. I dont recall this behaviour on the 22.7 firmware.

I compared it to my office's OPNsense boot.log and found they started in the correct order (WAN first then the tunnel).
Both are running 23.1.1. The difference is my home's WAN is PPPOE + DHCP6 and my office has a static IPv6.

Is there a way to adjust the start order?

[franco]

Yes, DHCP6 requires this ordering, which may break more complex setups such as this one. In theory the problem fixes itself during boot, but not if DHCP comes up too late for the tunnel to be established in time. It also depends on the tunnel being over IPv4 or IPv6, the latter is probably more prone to this.


Cheers,
Franco

[zan]

Thanks franco for the explanation.

Any chance to wait for dependencies to be up before starting the tunnel iface?
I prefer not to create a Monit for this.
Beside no point of starting an iface if the underlying iface is not ready.

[franco]

Any chance you can share your configuration so we don't have to speculate?


Cheers,
Franco

[zan]

My config for WAN is PPPOE for IPv4; DHCPv6 for IPv6 with 64 prefix & IPv4 connectivity.
LAN has a static IPv4 and track interface(WAN) for IPv6.

I have 2 GRE tunnels, 1 GIF and 1 Wireguard. All tunnels are over IPv6.
Only Wireguard tunnel can start automatically after reboot.

Heres an excerpt of my interface config:

Code Select Expand

<interfaces>
    <wan>
      <if>pppoe0</if>
      <descr/>
      <enable>1</enable>
      <lock>1</lock>
      <spoofmac/>
      <blockbogons>1</blockbogons>
      <ipaddr>pppoe</ipaddr>
      <ipaddrv6>dhcp6</ipaddrv6>
      <dhcp6-ia-pd-len>0</dhcp6-ia-pd-len>
      <dhcp6usev4iface>1</dhcp6usev4iface>
      <dhcp6vlanprio>3</dhcp6vlanprio>
      <adv_dhcp6_interface_statement_send_options/>
      <adv_dhcp6_interface_statement_request_options/>
      <adv_dhcp6_interface_statement_information_only_enable/>
      <adv_dhcp6_interface_statement_script/>
      <adv_dhcp6_id_assoc_statement_address_enable/>
      <adv_dhcp6_id_assoc_statement_address/>
      <adv_dhcp6_id_assoc_statement_address_id/>
      <adv_dhcp6_id_assoc_statement_address_pltime/>
      <adv_dhcp6_id_assoc_statement_address_vltime/>
      <adv_dhcp6_id_assoc_statement_prefix_enable/>
      <adv_dhcp6_id_assoc_statement_prefix/>
      <adv_dhcp6_id_assoc_statement_prefix_id/>
      <adv_dhcp6_id_assoc_statement_prefix_pltime/>
      <adv_dhcp6_id_assoc_statement_prefix_vltime/>
      <adv_dhcp6_prefix_interface_statement_sla_len/>
      <adv_dhcp6_authentication_statement_authname/>
      <adv_dhcp6_authentication_statement_protocol/>
      <adv_dhcp6_authentication_statement_algorithm/>
      <adv_dhcp6_authentication_statement_rdm/>
      <adv_dhcp6_key_info_statement_keyname/>
      <adv_dhcp6_key_info_statement_realm/>
      <adv_dhcp6_key_info_statement_keyid/>
      <adv_dhcp6_key_info_statement_secret/>
      <adv_dhcp6_key_info_statement_expire/>
      <adv_dhcp6_config_advanced/>
      <adv_dhcp6_config_file_override/>
      <adv_dhcp6_config_file_override_path/>
    </wan>
    <lan>
      <if>igc1</if>
      <descr/>
      <enable>1</enable>
      <lock>1</lock>
      <spoofmac/>
      <ipaddr>192.168.5.1</ipaddr>
      <subnet>24</subnet>
      <ipaddrv6>track6</ipaddrv6>
      <track6-interface>wan</track6-interface>
      <track6-prefix-id>0</track6-prefix-id>
      <dhcpd6track6allowoverride>1</dhcpd6track6allowoverride>
    </lan>
    <lo0>
      <internal_dynamic>1</internal_dynamic>
      <descr>Loopback</descr>
      <enable>1</enable>
      <if>lo0</if>
      <ipaddr>127.0.0.1</ipaddr>
      <ipaddrv6>::1</ipaddrv6>
      <subnet>8</subnet>
      <subnetv6>128</subnetv6>
      <type>none</type>
      <virtual>1</virtual>
    </lo0>
    <opt3>
      <if>vlan01</if>
      <descr>VLAN10_VMS</descr>
      <enable>1</enable>
      <spoofmac/>
      <ipaddr>192.168.10.1</ipaddr>
      <subnet>24</subnet>
    </opt3>
    <wireguard>
      <internal_dynamic>1</internal_dynamic>
      <enable>1</enable>
      <if>wireguard</if>
      <descr>WireGuard (Group)</descr>
      <type>group</type>
      <virtual>1</virtual>
      <networks/>
    </wireguard>
    <opt5>
      <if>vlan03</if>
      <descr>VLAN20_GADGETS</descr>
      <enable>1</enable>
      <spoofmac/>
      <ipaddr>192.168.20.1</ipaddr>
      <subnet>24</subnet>
    </opt5>
    <opt7>
      <if>vlan04</if>
      <descr>VLAN30_GUESTS</descr>
      <enable>1</enable>
      <spoofmac/>
      <ipaddr>192.168.30.1</ipaddr>
      <subnet>24</subnet>
    </opt7>
    <GROUP_VLAN>
      <internal_dynamic>1</internal_dynamic>
      <enable>1</enable>
      <if>GROUP_VLAN</if>
      <descr>GROUP_VLAN</descr>
      <virtual>1</virtual>
      <type>group</type>
      <networks/>
    </GROUP_VLAN>
    <opt8>
      <if>igc2</if>
      <descr>TRANSIT</descr>
      <enable>1</enable>
      <spoofmac/>
      <ipaddr>192.168.99.1</ipaddr>
      <subnet>24</subnet>
    </opt8>
    <opt11>
      <if>gif0</if>
      <descr>GIF_DEDI</descr>
      <enable>1</enable>
      <spoofmac/>
      <mtu>1452</mtu>
      <mss>1452</mss>
    </opt11>
    <opt10>
      <if>gre1</if>
      <descr>GRE_HETZNER</descr>
      <spoofmac/>
      <mtu>1448</mtu>
      <mss>1448</mss>
    </opt10>
    <opt2>
      <if>wg2</if>
      <descr>WG_WARP</descr>
      <enable>1</enable>
      <spoofmac/>
      <gateway_interface>1</gateway_interface>
      <mtu>1412</mtu>
      <mss>1412</mss>
      <ipaddr>172.16.0.2</ipaddr>
      <subnet>32</subnet>
    </opt2>
    <opt4>
      <if>gre0</if>
      <descr>GRE_OFFICE</descr>
      <enable>1</enable>
      <spoofmac/>
      <mtu>1448</mtu>
      <mss>1448</mss>
    </opt4>
  </interfaces>


Is that enough? Let me know if you need more.
Thanks in advance!