wg gateway shows the status as offline after upgrade (24.1 -> 24.7)

Started by tessus, January 20, 2025, 11:20:18 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
January 20, 2025, 11:20:18 PM
I setup WireGuard Selective Routing to External VPN Endpoint about 2-3 years ago and it's been working splendidly ever since.

After upgrading from 24.1 to 24.7 the Wireguard gateway shows the status as offline.

I've tried to debug the issue, but couldn't figure out what the problem is. However, when checking the wireguard status on the VPN server the peer created in OPNsense is online (handshakes are always recent). On the OPNsense box I can ping the Wirguard gateway IP, but the IP used for monitoring has 100% packet loss. I checked the logs and ICMP to that IP is allowed and not blocked/rejected.
So for some reason pinging that peer no longer works after the upgrade and thus the pinger detects the gateway as down/offline.
I've also searched this forum, but couldn't find anything (or I missed it).
January 22, 2025, 05:47:09 PM #1
Shall I also open an issue in github for this?
January 23, 2025, 10:17:37 AM #2
I believe I have the same issue.  To fix (traffic at least), enable Dynamic Gateway Policy in the Interface settings for the VPN.  The gateway will still show as offline (some sort of new bug), but at least traffic will work. 
February 02, 2025, 07:14:17 PM #3
Thanks for the reply. I only saw it now, because for some reason I did not receive a notification for it.

If I activate dynamic gateway policy, an additional gateway is created, with the suffix _GW. You are correct that it shows as active, but I would have to change all my rules to use that new gateway. Thus it is probably easier to disable monitoring on the original gateway.

Either way, I hope this is fixed in 25.1. I haven't upgraded yet, because I will wait for .1 or .2
February 05, 2025, 10:34:07 PM #4
Still not fixed in 25.1 :(
February 06, 2025, 10:43:47 AM #5
I am not sure whether I am even in the correct board. Should this be in the "Virtual private networks" board or (since it isn't fixed) in the "25.1 Production Series" board?

Maybe @franco can chime in.
February 06, 2025, 11:33:22 AM #6
Okay, after much troubleshooting I have fixed mine.  Two potential causes; I'd changed the management port for the OPNsense UI and needed to update in the FingerlessGlov3s config, and also updated the FingerlessGlov3s script itself to the latest version. 

The FingerlessGlov3s script has config which includes the management UI and since I'd change the UI port, the script will have been unable to update settings like static routes as necessary.  But whilst fixing this I've also updated to latest FingerlessGlov3s script, which may have also done it. 

Also in case it's of use, when implementing the FingerlessGlov3s script I also came across a 'bug' which required me to delete the VPN Gateways, Routes, WG Instances and WG Peers before re-running the script. 

I hope this helps you in your scenario.
Print
Go Up Pages1
User actions