Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Hotplug event causes rc.start_packages: Restarting/Starting all packages

    Scheduled Pinned Locked Moved General pfSense Questions
    52 Posts 9 Posters 7.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • 3
      32G3LiQxu8 @stephenw10
      last edited by

      @stephenw10

      OPT4 is an internal interface and I set a static ip address. Did I do this incorrectly?

      OPT4_Interface.png

      I use policy based routing so all non OPT4 net traffic goes out WAN_DHCP. To give you a better idea of my setup, I followed this guide - WireGuard VPN Client Configuration Example to setup WireGuard as my Default Gateway. So, that is why I'm defining WAN_DHCP as my gateway in my firewall rule. I kept the rules simple since this is a work laptop and I connect using a work provided vpn.

      OPT4_Firewall_Rules.png

      Let me know if you think there is anything I should change based on what I described.

      Thank you!

      1 Reply Last reply Reply Quote 0
      • 3
        32G3LiQxu8 @Gertjan
        last edited by 32G3LiQxu8

        @gertjan

        I agree, not a huge issue for me, as I'm just a home user, who just enjoys the software and networking but I figured I would report it for anyone who might use it more for running a business, etc. Thanks again for looking over what I provided. I provided some details above of my setup. Appreciate your help!

        1 Reply Last reply Reply Quote 1
        • stephenw10S
          stephenw10 Netgate Administrator
          last edited by

          Ok, so the OPT4 interface doesn't have gateway defined in it's config but you could still have a gateway that is in the OPT4 subnet. You would only do that though if you need static routes via that to some other subnet connected there. Is that possible?

          3 1 Reply Last reply Reply Quote 0
          • 3
            32G3LiQxu8 @stephenw10
            last edited by

            @stephenw10

            I only have the one work laptop in that subnet. I just wanted it separate from my main LAN (Personal). It does not need to access another subnet.

            Would you consider what I reported a bug in the software or is that how it is supposed to behave?

            1 Reply Last reply Reply Quote 0
            • stephenw10S
              stephenw10 Netgate Administrator
              last edited by

              It seems unexpected but I probably call it a missing feature. Most installs don't see an interface go up/down except in a significant network event and it's safer for those to restart packages than to leave then potentially running with the wrong IP.
              However running rc.newwanip on something that isn't a WAN seems unnecessary and I don't see that here. For example connecting to LAN on a 4100 in 22.05:

              Sep 16 00:32:08 	check_reload_status 	495 	Linkup starting igc0
              Sep 16 00:32:08 	kernel 		igc0: link state changed to UP
              Sep 16 00:32:09 	php-fpm 	38757 	/rc.linkup: DEVD Ethernet attached event for lan
              Sep 16 00:32:09 	php-fpm 	38757 	/rc.linkup: HOTPLUG: Configuring interface lan
              Sep 16 00:32:10 	php-fpm 	38757 	/rc.linkup: Gateway, NONE AVAILABLE
              Sep 16 00:32:10 	check_reload_status 	495 	Restarting IPsec tunnels
              Sep 16 00:32:14 	check_reload_status 	495 	updating dyndns lan
              Sep 16 00:32:14 	check_reload_status 	495 	Reloading filter 
              

              Something is different about my config there though since it doesn't list the static IP even though it is configured with one. It really looks like your config has caused pfSense to think opt4 is a WAN.
              Are you able to upload that for review? Or replicate it in a very basic config that you can share?

              Steve

              3 1 Reply Last reply Reply Quote 0
              • 3
                32G3LiQxu8 @stephenw10
                last edited by

                @stephenw10

                Is there a way I can direct message you a link to download my config from my cloud provider?

                Also, would it break the config if I pulled out my workstation information and it would also have my wireguard config in plain text. I guess, which backup areas would you need to take a look at?

                1 Reply Last reply Reply Quote 0
                • stephenw10S
                  stephenw10 Netgate Administrator
                  last edited by

                  You can upload something to me here:
                  https://nc.netgate.com/nextcloud/s/yPwaeQLsdK5rK9r
                  You can remove any details you need to.

                  If you're able to upload the status_output diagnostic file that already has passwords and cert keys etc redacted:
                  https://docs.netgate.com/pfsense/en/latest/recipes/diagnostic-data.html#copying-the-diagnostic-data-archive

                  Steve

                  3 1 Reply Last reply Reply Quote 0
                  • 3
                    32G3LiQxu8 @stephenw10
                    last edited by

                    @stephenw10

                    Files have been uploaded. Let me know if you need anything else. Thank you for your help!

                    1 Reply Last reply Reply Quote 0
                    • stephenw10S
                      stephenw10 Netgate Administrator
                      last edited by

                      Hmm, there's really nothing significantly different in your config there. At least not currently.

                      Are you able to reproduce the issue and then upload a new status file? I don't see any connections to em5 in the logs in the last few days.

                      Steve

                      3 1 Reply Last reply Reply Quote 0
                      • 3
                        32G3LiQxu8 @stephenw10
                        last edited by

                        @stephenw10

                        Yes, however, it’s my work laptop so I won’t be able to do it at the moment. I will test it out after work and upload a new file for your review.

                        Currently, I have em5 attached to a switch so it doesn’t restart packages so that’s why you’re not seeing any information - I think.

                        1 Reply Last reply Reply Quote 0
                        • stephenw10S
                          stephenw10 Netgate Administrator
                          last edited by

                          Ah, yes, that would do it. Ok, let me know you're able to test it again.

                          Steve

                          3 1 Reply Last reply Reply Quote 0
                          • 3
                            32G3LiQxu8 @stephenw10
                            last edited by

                            @stephenw10

                            I uploaded a new status_output.tgz file for your review.

                            Off Topic
                            On something completely unrelated, was something recently updated and pushed out? The following occurred today:

                            Sep 16 18:53:37 	pkg-static 	86631 	pfSense-repo upgraded: 22.05_2 -> 22.05_5
                            Sep 16 18:53:37 	pkg-static 	86631 	pfSense-upgrade upgraded: 1.0_26 -> 1.0_27
                            

                            Now, I am unable to check for any packages and it thinks I do not have any packages installed when I do.

                            pkg-static -d update
                            
                            DBG(1)[69590]> pkg initialized
                            pkg-static: invalid url: /pfSense_plus-v22_05_amd64-core
                            pkg-static: Cannot parse configuration file!
                            
                            S 1 Reply Last reply Reply Quote 0
                            • S
                              SteveITS Galactic Empire @32G3LiQxu8
                              last edited by

                              @32g3liqxu8 I saw that error/issue also this afternoon.

                              Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
                              When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
                              Upvote 👍 helpful posts!

                              1 Reply Last reply Reply Quote 1
                              • stephenw10S
                                stephenw10 Netgate Administrator
                                last edited by

                                Yup just hit it and found the cause. Working on it now...

                                3 1 Reply Last reply Reply Quote 1
                                • 3
                                  32G3LiQxu8 @stephenw10
                                  last edited by

                                  @stephenw10

                                  Thank you!

                                  1 Reply Last reply Reply Quote 0
                                  • stephenw10S
                                    stephenw10 Netgate Administrator
                                    last edited by

                                    The repo issue is still being worked on.

                                    The package restart issue is odd. Seems like there's a logic error there. I managed to replicate it on a different interface and the only difference is that it doesn't have 'track-interface' set for IPv6.

                                    You don't appear to have any v6 connectivity there so to test it you would need to enable dhcpv6 on something in order to set opt4 to track it. If you can test that and confirm that prevents rc.newwanip running then we'll need to dig into that deeper.

                                    Steve

                                    3 B 2 Replies Last reply Reply Quote 0
                                    • 3
                                      32G3LiQxu8 @stephenw10
                                      last edited by

                                      @stephenw10

                                      I turned on v6 connectivity on my WAN interface. I set OPT4 to track the interface gateway of WAN_DHCP6. I powered on my laptop, and I am not seeing the rc.newwanip for em5, but it does occur for WAN_DHCP6, and that's likely because the WAN_DHCP6 is offline. I'm not sure I set that part up correctly. I'm not very familiar with IPv6. Let me know if this is not a good enough test

                                      Sep 17 12:35:36 pfSense check_reload_status[401]: Linkup starting em5
                                      Sep 17 12:35:36 pfSense kernel: em5: link state changed to DOWN
                                      Sep 17 12:35:37 pfSense php-fpm[42065]: /rc.linkup: DEVD Ethernet detached event for opt4
                                      Sep 17 12:35:37 pfSense check_reload_status[401]: Reloading filter
                                      Sep 17 12:35:38 pfSense check_reload_status[401]: Linkup starting em5
                                      Sep 17 12:35:38 pfSense kernel: em5: link state changed to UP
                                      Sep 17 12:35:38 pfSense php-fpm[42065]: /rc.filter_configure_sync: GW States: One or more gateways is down, flushing all states: WAN_DHCP6 
                                      Sep 17 12:35:39 pfSense php-fpm[371]: /rc.linkup: DEVD Ethernet attached event for opt4
                                      Sep 17 12:35:39 pfSense php-fpm[371]: /rc.linkup: HOTPLUG: Configuring interface opt4
                                      Sep 17 12:35:39 pfSense php-fpm[371]: /rc.linkup: Gateway, none 'available' for inet6, use the first one configured. 'WAN_DHCP6'
                                      Sep 17 12:35:39 pfSense check_reload_status[401]: Restarting IPsec tunnels
                                      Sep 17 12:35:40 pfSense php-fpm[69043]: /rc.newwanipv6: rc.newwanipv6: Info: starting on em0.
                                      Sep 17 12:35:40 pfSense php-fpm[69043]: /rc.newwanipv6: rc.newwanipv6: on (IP address: 2603:900a:ff00:1b:596b:b440:d2fb:e381) (interface: wan) (real interface: em0).
                                      Sep 17 12:35:41 pfSense nginx: 2022/09/17 12:35:41 [crit] 71665#100551: *7384 SSL_write() failed (13: Permission denied) while processing HTTP/2 connection, client: 192.168.1.51, server: 0.0.0.0:443
                                      Sep 17 12:35:42 pfSense php-fpm[371]: /rc.linkup: The command '/usr/local/sbin/unbound -c /var/unbound/unbound.conf' returned exit code '1', the output was '[1663432542] unbound[69211:0] error: bind: address already in use [1663432542] unbound[69211:0] fatal error: could not open ports' 
                                      Sep 17 12:35:44 pfSense rc.gateway_alarm[18167]: >>> Gateway alarm: WAN_DHCP6 (Addr:fe80::2bc:60ff:fe93:419%em0 Alarm:1 RTT:0.000ms RTTsd:0.000ms Loss:100%)
                                      Sep 17 12:35:44 pfSense check_reload_status[401]: updating dyndns WAN_DHCP6
                                      Sep 17 12:35:44 pfSense check_reload_status[401]: Restarting IPsec tunnels
                                      Sep 17 12:35:44 pfSense check_reload_status[401]: Restarting OpenVPN tunnels/interfaces
                                      Sep 17 12:35:44 pfSense check_reload_status[401]: Reloading filter
                                      Sep 17 12:35:44 pfSense php-fpm[69043]: /rc.newwanipv6: Gateway, none 'available' for inet6, use the first one configured. 'WAN_DHCP6'
                                      Sep 17 12:35:44 pfSense check_reload_status[401]: Reloading filter
                                      Sep 17 12:35:45 pfSense check_reload_status[401]: updating dyndns opt4
                                      Sep 17 12:35:46 pfSense php-fpm[69043]: /rc.openvpn: Gateway, none 'available' for inet6, use the first one configured. 'WAN_DHCP6'
                                      Sep 17 12:35:46 pfSense php-fpm[42065]: /rc.filter_configure_sync: GW States: One or more gateways is down, flushing all states: WAN_DHCP6 
                                      Sep 17 12:35:47 pfSense php-fpm[39466]: /rc.filter_configure_sync: GW States: One or more gateways is down, flushing all states: WAN_DHCP6 
                                      Sep 17 12:36:00 pfSense sshguard[43717]: Exiting on signal.
                                      
                                      1 Reply Last reply Reply Quote 0
                                      • B
                                        bblacey @stephenw10
                                        last edited by

                                        @stephenw10

                                        I there a redmine issue for this bug? I'd like to follow it and if there is a patch, apply it on one of my systems. Thanks.

                                        1 Reply Last reply Reply Quote 0
                                        • stephenw10S
                                          stephenw10 Netgate Administrator
                                          last edited by

                                          Not yet.It's not clear which way the intended behaviour is but I'm pretty sure it should be the same for a link-up/down event regardless of whether it's tracking something else for v6.
                                          What behaviour are you seeing?

                                          Steve

                                          B 1 Reply Last reply Reply Quote 0
                                          • B
                                            bblacey @stephenw10
                                            last edited by

                                            @stephenw10

                                            Thanks. I'm seeing behavior to that reported here. On a NetGate 6100 Max running pfSense 22.05-Release without ipv6. Whenever I connect to a LAN port, it runs rc.renewwanip and in some cases, whatever else it does affects other LAN segments connected to NICs on the 6100.

                                            Given that the issue manifests when ipv6 is disabled, from your analysis, do you know the minimum ipv6 config that I would need to work around the issue?

                                            1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.