WireGuard - Gateway Monitor v6 Service doesn't start automatically after reboot

Started by AES777GCM, August 25, 2024, 10:41:36 AM

Previous topic - Next topic
Print
Go Down Pages1 2
User actions
August 25, 2024, 10:41:36 AM Last Edit: August 25, 2024, 11:56:42 AM by AES777GCM
24.7.2: Dear OPNSense Community,

after switching from establish a permanent VPN Client Connection from OVPN (via OpenVPN) to Mullvad (Now via WireGuard) everything works fine; beside one small issue: IpV6 Gateway Monitoring Service doesn't start automatically after reboot.

When starting manually it takes a second and every works as expected.

Further Info:
- Mullvad given Gateway IPv6 Adress is an ULA Adress (fc00:xxx) and Monitor Adress is (for sure!) a GUA Adress
August 25, 2024, 12:47:02 PM #1 Last Edit: August 25, 2024, 01:17:11 PM by AES777GCM
I rebooted right now and it seems to be likely a widget problem?

Log of "Boot" says this:
Code Select
2024-08-25T12:39:02 wireguard_configure_do[286] done.
2024-08-25T12:39:02 dpinger_configure_do[5305] done.
2024-08-25T12:39:02 dpinger_configure_do[5305] Setting up gateway monitor MullvadV4...
2024-08-25T12:39:02 dpinger_configure_do[5305] done.
2024-08-25T12:39:02 dpinger_configure_do[5305] Setting up gateway monitor MullvadV6...
2024-08-25T12:39:02 system_routing_configure[5305] done.
2024-08-25T12:39:02 system_routing_configure[5305] Setting up routes for opt1...
2024-08-25T12:39:02 interface_configure[5305] done.
2024-08-25T12:39:02 interface_configure[5305] Configuring WGMVFRA interface...
2024-08-25T12:39:01 wireguard_configure_do[286] Configuring WireGuard VPN...

But Dashboard shows ...
- "Services" / "Gateway Monitor v6 Mullvad" is still red and
- "Gateways" / "Mulvvad v6" also (abd consequently) a red dot.

When I press "Play Button" in "Services / Gateway Monitor v6 Mullvad" both are becoming green and work as expected.




August 25, 2024, 12:48:50 PM #2
Code Select
ps auxw | grep pinger

There you can see which interfaces dpinger is monitoring.
August 25, 2024, 01:35:26 PM #3
Okay - Now it becomes a litlle more clear...

1) Boot.log says (after fresh booting)
Code Select
2024-08-25T13:30:16 wireguard_configure_do[287] done.
2024-08-25T13:30:16 dpinger_configure_do[61826] done.
2024-08-25T13:30:16 dpinger_configure_do[61826] Setting up gateway monitor MullvadV4...
2024-08-25T13:30:16 dpinger_configure_do[61826] done.
2024-08-25T13:30:16 dpinger_configure_do[61826] Setting up gateway monitor MullvadV6...
2024-08-25T13:30:16 system_routing_configure[61826] done.
2024-08-25T13:30:16 system_routing_configure[61826] Setting up routes for opt1...
2024-08-25T13:30:16 interface_configure[61826] done.
2024-08-25T13:30:16 interface_configure[61826] Configuring WGMVFRA interface...
2024-08-25T13:30:15 wireguard_configure_do[287] Configuring WireGuard VPN...

After connecting via ssh / root privileges and checking the services I see...
Code Select
root@dragon:/home/udo # ps auxw | grep pinger
root    71574   0.0  0.0  13344   2540  -  Is   13:30   0:00.01 /usr/local/bin/dpinger -f -S -r 0 -i MullvadV4 -B 10.71.233.139 -p
root    62158   0.0  0.0  12716   2288  0  S+   13:31   0:00.00 grep pinger
root@dragon:/home/udo #

So the Monitor Gateway Service for IPV6 was not started automatically and the display of the widgets is "right" in Showing the red dotted Services.

August 25, 2024, 01:40:55 PM #4
Under System / Log Files / Audit I saw this issue:

Code Select
2024-08-25T13:30:16 Warning wireguard /usr/local/opnsense/scripts/Wireguard/wg-service-control.php: The required MullvadV6 IPv6 interface address could not be found, skipping.

But why can it be found without problems when I start it manually after?

And why does the log of System / Log Files / Boot suggest that dpinger Service is done properly.
Code Select
2024-08-25T13:30:16 dpinger_configure_do[61826] done.
2024-08-25T13:30:16 dpinger_configure_do[61826] Setting up gateway monitor MullvadV6...
August 25, 2024, 01:45:18 PM #5 Last Edit: August 25, 2024, 01:46:57 PM by doktornotor
Dunno, I'd install a kernel that does not have IPv6 completely screwed by the upstream security improvements before debugging any other IPv6-related things. You cannot monitor non-existent interface and then it may take too long for IPv6 to start working.

Code Select
# opnsense-update -zkr 24.7.2-nd

and reboot.

Reference: https://github.com/opnsense/src/issues/218
August 25, 2024, 02:06:05 PM #6
Thx for your short reply and coding,

but unfortunately it didn't solve the problem.

System / Log Files / Boot...
Code Select
2024-08-25T14:01:28 ntpd_configure_do[287] done.
2024-08-25T14:01:28 ntpd_configure_do[287] Starting NTP service...
2024-08-25T14:01:28 wireguard_configure_do[287] done.
2024-08-25T14:01:28 dpinger_configure_do[6519] done.
2024-08-25T14:01:28 dpinger_configure_do[6519] Setting up gateway monitor MullvadV4...
2024-08-25T14:01:28 dpinger_configure_do[6519] done.
2024-08-25T14:01:28 dpinger_configure_do[6519] Setting up gateway monitor MullvadV6...
2024-08-25T14:01:27 system_routing_configure[6519] done.
2024-08-25T14:01:27 system_routing_configure[6519] Setting up routes for opt1...
2024-08-25T14:01:27 interface_configure[6519] done.
2024-08-25T14:01:27 interface_configure[6519] Configuring WGMVFRA interface...
2024-08-25T14:01:27 wireguard_configure_do[287] Configuring WireGuard VPN...

So it still needs to start Gateway Ipv6 Monitoring manually after booting.

August 25, 2024, 02:13:57 PM #7
are you using a ip6 only connection on your router?

if not just monitor ip4 and disabled ip6 dpinger/ monitoring..
August 25, 2024, 02:34:13 PM #8
Quoteare you using a ip6 only connection on your router?
if not just monitor ip4 and disabled ip6 dpinger/ monitoring.

To disable a wanted feature can't be the solution.
Is there a possibilty to start the Monitoring services with a delay - so IPv4 / IPv6 Wireguard must be established first before establish the monitoring services?

August 25, 2024, 02:49:18 PM #9
Ok, perhaps if you stop messing with the GW monitoring setting up custom IPs that may be unavailable at that time, does that help?
August 25, 2024, 04:42:37 PM #10
I don't get the point really.

Wouldn't it be possible to start the Monitor Gateway Services automatically when set as "Last thing" in the bootup sequence? I don't know how to achieve this, but I guess it couldn't be the biggest challenge for developers.

Maybe somebody could do so?

Thx in advance,
best regards,
Udo
August 25, 2024, 06:42:16 PM #11
Sure. Feel free to patch the order. MeanwhĂ­le, I've suggested some debugging steps which could narrow down what's causing the problem. I don't get the point of pinging something else than the gateway unless that gateway blocks ping. Notably in case of a VPN.
August 25, 2024, 07:58:06 PM #12
Why is IPv4 Monitoring no Problem for the System (automatically when start), but IPv6?
August 25, 2024, 08:02:49 PM #13
Here is your clue which you have already posted

Code Select

The required MullvadV6 IPv6 interface address could not be found, skipping.


Happy hunting.
August 26, 2024, 12:06:00 AM #14
Sorry, I just had the idea of show up a behaviour which could be better.
When it's not possible to improve it  - then I just have to start a service manually after rebooting.

Thx for answering.
Print
Go Up Pages1 2
User actions