Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
22.1 Legacy Series
»
Slow boot IPSec VTI
« previous
next »
Print
Pages: [
1
]
Author
Topic: Slow boot IPSec VTI (Read 2437 times)
Lokutos
Newbie
Posts: 10
Karma: 0
Slow boot IPSec VTI
«
on:
July 03, 2022, 03:21:17 pm »
Hi, i have setup 2 IPSec VTI tunnels, since then a have issues with the boot time,
in the console, it stays at the interface log line for around 2 minutes...
The IPsec connections work fast if i restart the service or just stop and start the connection in VPN: IPsec: Status Overview.
Is there any hint?
Logged
Marin BERNARD
Newbie
Posts: 16
Karma: 2
Re: Slow boot IPSec VTI
«
Reply #1 on:
July 20, 2022, 02:37:57 pm »
Hi,
We experience the very same issue with several OPNsense instances. IPsec VTI configuration takes several minutes to complete. Did you find a solution to this problem ?
Thanks!
Logged
--
Marin BERNARD
System administrator
Lokutos
Newbie
Posts: 10
Karma: 0
Re: Slow boot IPSec VTI
«
Reply #2 on:
July 20, 2022, 02:52:10 pm »
Sorry, but unfortunately I can't offer or find a solution myself
Logged
Lokutos
Newbie
Posts: 10
Karma: 0
Re: Slow boot IPSec VTI
«
Reply #3 on:
September 28, 2022, 10:09:17 am »
Still exist in 22.7 and cant find a solution ... anyone?
Logged
Marin BERNARD
Newbie
Posts: 16
Karma: 2
Re: Slow boot IPSec VTI
«
Reply #4 on:
September 28, 2022, 10:16:01 am »
Unfortunately, nothing new on my side either. The boot delay has to do with the setup of the VTI interfaces: disabling the IPsec service has no effect as long as the VTI interfaces still exist. Maybe someone should open an issue on the GitHub tracker ?
Logged
--
Marin BERNARD
System administrator
Lokutos
Newbie
Posts: 10
Karma: 0
Re: Slow boot IPSec VTI
«
Reply #5 on:
September 28, 2022, 10:23:21 am »
if i check my log:
2022-09-28T10:13:26 Error php /usr/local/etc/rc.bootup: The command '/sbin/ifconfig 'ipsec5' 'inet' tunnel '136.243.195.58' 'fqdn.off.otherfirewall' up' returned exit code '1', the output was 'ifconfig: error in parsing address string: Name does not resolve'
2022-09-28T10:11:56 Error php /usr/local/etc/rc.bootup: Device ipsec5 required for ipsec5, configuring now
so it sounds for me that the issue is that dns not working in this state ...
after change it to a IP (Temporary becouse its not a solution for me)
(Change the Ipsec tunnel setting vpn gateway)
it is booting fast ...
Logged
Marin BERNARD
Newbie
Posts: 16
Karma: 2
Re: Slow boot IPSec VTI
«
Reply #6 on:
September 28, 2022, 10:34:53 am »
Thanks for this!
I suppose this happens because the local DNS daemon (unbound) is not yet available when ipsec interfaces are set up, as services are started later in the boot process.
One option would be to check the
Do not use the local DNS service as a nameserver for this system
check box in the System > Settings > General page, and provide at least one DNS resolver in the fields just above. This would allow the box to use a remote DNS resolver for its own needs, and remove the dependency on the local unbound service.
I'll try to implement this on my side too and report the results.
Logged
--
Marin BERNARD
System administrator
Lokutos
Newbie
Posts: 10
Karma: 0
Re: Slow boot IPSec VTI
«
Reply #7 on:
September 28, 2022, 10:38:43 am »
Report is already done...
https://github.com/opnsense/core/issues/6052
Do not use possible save the issue but it result for me in wrong resolutions of the overrides for local domains...
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
22.1 Legacy Series
»
Slow boot IPSec VTI