Wireguard service not starting at boot

[mlazzarotto]

I have Wireguard installed on my OPNsense, it's working fine, but the service is not starting up automatically at boot.

Looking at the logs I've found this:

Code Select Expand

Jan 30 16:21:58 OPNsense.mlazzarotto.local opnsense[32132]: plugins_configure openvpn_prepare (,wg0)
Jan 30 16:21:58 OPNsense.mlazzarotto.local opnsense[32132]: plugins_configure openvpn_prepare (execute task : openvpn_prepare(,wg0))
Jan 30 16:21:58 OPNsense.mlazzarotto.local opnsense[32132]: /usr/local/etc/rc.bootup: The command '/sbin/ifconfig 'wg0' inet '10.6.0.4'/'24'' returned exit code '1', the output was 'ifconfig: interface wg0 does not exist'
Jan 30 16:21:58 OPNsense.mlazzarotto.local opnsense[32132]: /usr/local/etc/rc.bootup: The command '/sbin/ifconfig 'wg0' inet6 -accept_rtadv' returned exit code '1', the output was 'ifconfig: interface wg0 does not exist'
Jan 30 16:21:58 OPNsense.mlazzarotto.local opnsense[32132]: /usr/local/etc/rc.bootup: The command '/sbin/ifconfig 'wg0' -staticarp' returned exit code '1', the output was 'ifconfig: interface wg0 does not exist'

And on dmesg, the following

Code Select Expand


tun0: link state changed to UP
tun0: changing name to 'wg0'
wg0: link state changed to DOWN
WARNING: attempt to domain_add(netgraph) after domainfinalize()
tun0: link state changed to UP
tun0: changing name to 'wg0'
arp: 192.168.1.99 moved from 5c:3a:45:b0:b0:1f to 54:a0:50:58:62:24 on vtnet0
arp: 192.168.1.99 moved from 54:a0:50:58:62:24 to 5c:3a:45:b0:b0:1f on vtnet0
arp: 192.168.1.99 moved from 5c:3a:45:b0:b0:1f to 54:a0:50:58:62:24 on vtnet0
arp: 192.168.1.99 moved from 54:a0:50:58:62:24 to 5c:3a:45:b0:b0:1f on vtnet0
pid 87946 (syslog-ng), jid 0, uid 0: exited on signal 6 (core dumped)
pid 7483 (syslog-ng), jid 0, uid 0: exited on signal 6 (core dumped)
pid 55579 (syslog-ng), jid 0, uid 0: exited on signal 6 (core dumped)
pid 5568 (syslog-ng), jid 0, uid 0: exited on signal 6 (core dumped)
pid 39078 (syslog-ng), jid 0, uid 0: exited on signal 6 (core dumped)
[HBSD SEGVGUARD] [syslog-ng (39078)] Suspending execution for 600 seconds after 5 crashes.
-> pid: 39078 ppid: 52292 p_pax: 0xa50<SEGVGUARD,ASLR,NOSHLIBRANDOM,NODISALLOWMAP32BIT>
[HBSD SEGVGUARD] [syslog-ng (52292)] Preventing execution due to repeated segfaults.
-> pid: 52292 ppid: 1 p_pax: 0xa50<SEGVGUARD,ASLR,NOSHLIBRANDOM,NODISALLOWMAP32BIT>
wg0: link state changed to DOWN
Waiting (max 60 seconds) for system process `vnlru' to stop... done
Waiting (max 60 seconds) for system process `syncer' to stop... fsync: giving up on dirty (error = 35) 0xfffff80003b21000: tag devfs, type VCHR
    usecount 1, writecount 0, refcount 130 rdev 0xfffff80003c5c200
    flags (VI_ACTIVE)
    v_object 0xfffff80003a8c800 ref 0 pages 4066 cleanbuf 127 dirtybuf 1
    lock type devfs: EXCL by thread 0xfffff80003abe5e0 (pid 95591, syncer, tid 100126)
        dev gpt/rootfs



os-wireguard: version 1.10
opnsense version: 21.7.8
When I start it manually, it works.

[mlazzarotto]

bump
my idea is that the wireguard service should be started later during the boot
in the meantime I scheduled a cronjob to start the service every 30 minutes  :-\

[scramatte]

Hi,

I've got similar issue here.

I've setup  site to site wireguard with wg0 interface and gateway to be able to route back from servers to office .  In the office router I've got various static routes to reach different servers segment through the Wireguard gateway.

It works as expected but if I reboot OPNsense traffic is not passing through tunnel until  I toggle on/off wg0 interface manually.

[mimugmail]

Can you have a look at the console during startup?

[mlazzarotto]

Can you have a look at the console during startup?

This is what I've found (see attached pic).

[mimugmail]

So you dont have to use fqdn if resolver cant start to work

[mlazzarotto]

So you dont have to use fqdn if resolver cant start to work

I guess so, if there's no solution...