Wireguard-Go not able to start tunnel if WAN not available on boot

Started by qdrop, September 03, 2020, 02:19:18 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
September 03, 2020, 02:19:18 PM
Hi there.

We face an issue with the wireguard-go plugin: If the WAN port of the OPNsense-appliance comes up delayed (maybe 10-20secs), Wireguard does not manage to resolve the configured endpoint properly:

Code Select

...
Name does not resolve: 'hostname.domain.tld:51820'
Configuration parsing error
[#] rm -f /var/run/wireguard/wg0.sock


When opening the webinterface and clicking on "Save" within the Wireguard configuration, the tunnel establishes just fine.
This issue is a bit critical as we're using the tunnel itself to manage the deployed gateways.

Any help is highly appreciated.

qdrop
September 03, 2020, 02:38:19 PM #1
Then you have to create a rc.late hook to restart again, or you just use IP address instead of DNS
September 03, 2020, 04:32:55 PM #2
I implemented another workaround: A static mapping within the unbound resolver.

Still, how can this rc.late hook be implemented exactly?
September 03, 2020, 04:35:13 PM #3
Go to /usr/local/etc/rc.syshook.d/start/, copy 50-wireguard to 99-wireguard and make the call
/usr/local/etc/rc.d/wireguard restart
September 04, 2020, 11:19:55 AM #4
Quote from: mimugmail on September 03, 2020, 04:35:13 PM
Go to /usr/local/etc/rc.syshook.d/start/, copy 50-wireguard to 99-wireguard and make the call
/usr/local/etc/rc.d/wireguard restart

Will this work even if the appliance gets online at a much later point in time? Like after couple of minutes?
September 04, 2020, 12:00:13 PM #5
Wireguard does not use a newwanip type event listener that would help recover from these scenarios...

See e.g.: https://github.com/opnsense/plugins/blob/ee487f15f6a1ebbc416c68b74c3397edc3aa404b/net/igmp-proxy/src/etc/inc/plugins.inc.d/igmpproxy.inc#L61


Cheers,
Franco
Print
Go Up Pages1
User actions