WireGuard - Gateway Monitor v6 Service doesn't start automatically after reboot

[AES777GCM]

24.7.2: Dear OPNSense Community,

after switching from establish a permanent VPN Client Connection from OVPN (via OpenVPN) to Mullvad (Now via WireGuard) everything works fine; beside one small issue: IpV6 Gateway Monitoring Service doesn't start automatically after reboot.

When starting manually it takes a second and every works as expected.

Further Info:
- Mullvad given Gateway IPv6 Adress is an ULA Adress (fc00:xxx) and Monitor Adress is (for sure!) a GUA Adress

[AES777GCM]

I rebooted right now and it seems to be likely a widget problem?

Log of "Boot" says this:

Code: [Select]

2024-08-25T12:39:02 wireguard_configure_do[286] done.
2024-08-25T12:39:02 dpinger_configure_do[5305] done.
2024-08-25T12:39:02 dpinger_configure_do[5305] Setting up gateway monitor MullvadV4...
2024-08-25T12:39:02 dpinger_configure_do[5305] done.
2024-08-25T12:39:02 dpinger_configure_do[5305] Setting up gateway monitor MullvadV6...
2024-08-25T12:39:02 system_routing_configure[5305] done.
2024-08-25T12:39:02 system_routing_configure[5305] Setting up routes for opt1...
2024-08-25T12:39:02 interface_configure[5305] done.
2024-08-25T12:39:02 interface_configure[5305] Configuring WGMVFRA interface...
2024-08-25T12:39:01 wireguard_configure_do[286] Configuring WireGuard VPN...
But Dashboard shows ...
- "Services" / "Gateway Monitor v6 Mullvad" is still red and
- "Gateways" / "Mulvvad v6" also (abd consequently) a red dot.

When I press "Play Button" in "Services / Gateway Monitor v6 Mullvad" both are becoming green and work as expected.

[doktornotor]

Code: [Select]

ps auxw | grep pinger
There you can see which interfaces dpinger is monitoring.

[AES777GCM]

Okay - Now it becomes a litlle more clear...

1) Boot.log says (after fresh booting)

Code: [Select]

2024-08-25T13:30:16 wireguard_configure_do[287] done.
2024-08-25T13:30:16 dpinger_configure_do[61826] done.
2024-08-25T13:30:16 dpinger_configure_do[61826] Setting up gateway monitor MullvadV4...
2024-08-25T13:30:16 dpinger_configure_do[61826] done.
2024-08-25T13:30:16 dpinger_configure_do[61826] Setting up gateway monitor MullvadV6...
2024-08-25T13:30:16 system_routing_configure[61826] done.
2024-08-25T13:30:16 system_routing_configure[61826] Setting up routes for opt1...
2024-08-25T13:30:16 interface_configure[61826] done.
2024-08-25T13:30:16 interface_configure[61826] Configuring WGMVFRA interface...
2024-08-25T13:30:15 wireguard_configure_do[287] Configuring WireGuard VPN...
After connecting via ssh / root privileges and checking the services I see...

Code: [Select]

root@dragon:/home/udo # ps auxw | grep pinger
root    71574   0.0  0.0  13344   2540  -  Is   13:30   0:00.01 /usr/local/bin/dpinger -f -S -r 0 -i MullvadV4 -B 10.71.233.139 -p
root    62158   0.0  0.0  12716   2288  0  S+   13:31   0:00.00 grep pinger
root@dragon:/home/udo #
So the Monitor Gateway Service for IPV6 was not started automatically and the display of the widgets is "right" in Showing the red dotted Services.

[AES777GCM]

Under System / Log Files / Audit I saw this issue:

Code: [Select]

2024-08-25T13:30:16 Warning wireguard /usr/local/opnsense/scripts/Wireguard/wg-service-control.php: The required MullvadV6 IPv6 interface address could not be found, skipping.
But why can it be found without problems when I start it manually after?

And why does the log of System / Log Files / Boot suggest that dpinger Service is done properly.

Code: [Select]

2024-08-25T13:30:16 dpinger_configure_do[61826] done.
2024-08-25T13:30:16 dpinger_configure_do[61826] Setting up gateway monitor MullvadV6...

[doktornotor]

Dunno, I'd install a kernel that does not have IPv6 completely screwed by the upstream security improvements before debugging any other IPv6-related things. You cannot monitor non-existent interface and then it may take too long for IPv6 to start working.

Code: [Select]

# opnsense-update -zkr 24.7.2-nd
and reboot.

Reference: https://github.com/opnsense/src/issues/218

[AES777GCM]

Thx for your short reply and coding,

but unfortunately it didn't solve the problem.

System / Log Files / Boot...

Code: [Select]

2024-08-25T14:01:28 ntpd_configure_do[287] done.
2024-08-25T14:01:28 ntpd_configure_do[287] Starting NTP service...
2024-08-25T14:01:28 wireguard_configure_do[287] done.
2024-08-25T14:01:28 dpinger_configure_do[6519] done.
2024-08-25T14:01:28 dpinger_configure_do[6519] Setting up gateway monitor MullvadV4...
2024-08-25T14:01:28 dpinger_configure_do[6519] done.
2024-08-25T14:01:28 dpinger_configure_do[6519] Setting up gateway monitor MullvadV6...
2024-08-25T14:01:27 system_routing_configure[6519] done.
2024-08-25T14:01:27 system_routing_configure[6519] Setting up routes for opt1...
2024-08-25T14:01:27 interface_configure[6519] done.
2024-08-25T14:01:27 interface_configure[6519] Configuring WGMVFRA interface...
2024-08-25T14:01:27 wireguard_configure_do[287] Configuring WireGuard VPN...
So it still needs to start Gateway Ipv6 Monitoring manually after booting.

[DEC670airp414user]

are you using a ip6 only connection on your router?

if not just monitor ip4 and disabled ip6 dpinger/ monitoring..

[AES777GCM]

are you using a ip6 only connection on your router?
if not just monitor ip4 and disabled ip6 dpinger/ monitoring.

To disable a wanted feature can't be the solution.
Is there a possibilty to start the Monitoring services with a delay - so IPv4 / IPv6 Wireguard must be established first before establish the monitoring services?

[doktornotor]

Ok, perhaps if you stop messing with the GW monitoring setting up custom IPs that may be unavailable at that time, does that help?

[AES777GCM]

I don't get the point really.

Wouldn't it be possible to start the Monitor Gateway Services automatically when set as "Last thing" in the bootup sequence? I don't know how to achieve this, but I guess it couldn't be the biggest challenge for developers.

Maybe somebody could do so?

Thx in advance,
best regards,
Udo

[doktornotor]

Sure. Feel free to patch the order. Meanwhíle, I've suggested some debugging steps which could narrow down what's causing the problem. I don't get the point of pinging something else than the gateway unless that gateway blocks ping. Notably in case of a VPN.

[AES777GCM]

Why is IPv4 Monitoring no Problem for the System (automatically when start), but IPv6?

[doktornotor]

Here is your clue which you have already posted

Code: [Select]

The required MullvadV6 IPv6 interface address could not be found, skipping.

Happy hunting.

[AES777GCM]

Sorry, I just had the idea of show up a behaviour which could be better.
When it's not possible to improve it  - then I just have to start a service manually after rebooting.

Thx for answering.