Hotplug event causes rc.start_packages: Restarting/Starting all packages
-
OPT4 is an internal interface and I set a static ip address. Did I do this incorrectly?
I use policy based routing so all non OPT4 net traffic goes out WAN_DHCP. To give you a better idea of my setup, I followed this guide - WireGuard VPN Client Configuration Example to setup WireGuard as my Default Gateway. So, that is why I'm defining WAN_DHCP as my gateway in my firewall rule. I kept the rules simple since this is a work laptop and I connect using a work provided vpn.
Let me know if you think there is anything I should change based on what I described.
Thank you!
-
I agree, not a huge issue for me, as I'm just a home user, who just enjoys the software and networking but I figured I would report it for anyone who might use it more for running a business, etc. Thanks again for looking over what I provided. I provided some details above of my setup. Appreciate your help!
-
Ok, so the OPT4 interface doesn't have gateway defined in it's config but you could still have a gateway that is in the OPT4 subnet. You would only do that though if you need static routes via that to some other subnet connected there. Is that possible?
-
I only have the one work laptop in that subnet. I just wanted it separate from my main LAN (Personal). It does not need to access another subnet.
Would you consider what I reported a bug in the software or is that how it is supposed to behave?
-
It seems unexpected but I probably call it a missing feature. Most installs don't see an interface go up/down except in a significant network event and it's safer for those to restart packages than to leave then potentially running with the wrong IP.
However running rc.newwanip on something that isn't a WAN seems unnecessary and I don't see that here. For example connecting to LAN on a 4100 in 22.05:Sep 16 00:32:08 check_reload_status 495 Linkup starting igc0 Sep 16 00:32:08 kernel igc0: link state changed to UP Sep 16 00:32:09 php-fpm 38757 /rc.linkup: DEVD Ethernet attached event for lan Sep 16 00:32:09 php-fpm 38757 /rc.linkup: HOTPLUG: Configuring interface lan Sep 16 00:32:10 php-fpm 38757 /rc.linkup: Gateway, NONE AVAILABLE Sep 16 00:32:10 check_reload_status 495 Restarting IPsec tunnels Sep 16 00:32:14 check_reload_status 495 updating dyndns lan Sep 16 00:32:14 check_reload_status 495 Reloading filterSomething is different about my config there though since it doesn't list the static IP even though it is configured with one. It really looks like your config has caused pfSense to think opt4 is a WAN.
Are you able to upload that for review? Or replicate it in a very basic config that you can share?Steve
-
Is there a way I can direct message you a link to download my config from my cloud provider?
Also, would it break the config if I pulled out my workstation information and it would also have my wireguard config in plain text. I guess, which backup areas would you need to take a look at?
-
You can upload something to me here:
https://nc.netgate.com/nextcloud/s/yPwaeQLsdK5rK9r
You can remove any details you need to.If you're able to upload the status_output diagnostic file that already has passwords and cert keys etc redacted:
https://docs.netgate.com/pfsense/en/latest/recipes/diagnostic-data.html#copying-the-diagnostic-data-archiveSteve
-
Files have been uploaded. Let me know if you need anything else. Thank you for your help!
-
Hmm, there's really nothing significantly different in your config there. At least not currently.
Are you able to reproduce the issue and then upload a new status file? I don't see any connections to em5 in the logs in the last few days.
Steve
-
Yes, however, it’s my work laptop so I won’t be able to do it at the moment. I will test it out after work and upload a new file for your review.
Currently, I have em5 attached to a switch so it doesn’t restart packages so that’s why you’re not seeing any information - I think.
-
Ah, yes, that would do it. Ok, let me know you're able to test it again.
Steve
-
I uploaded a new status_output.tgz file for your review.
Off Topic
On something completely unrelated, was something recently updated and pushed out? The following occurred today:Sep 16 18:53:37 pkg-static 86631 pfSense-repo upgraded: 22.05_2 -> 22.05_5 Sep 16 18:53:37 pkg-static 86631 pfSense-upgrade upgraded: 1.0_26 -> 1.0_27Now, I am unable to check for any packages and it thinks I do not have any packages installed when I do.
pkg-static -d updateDBG(1)[69590]> pkg initialized pkg-static: invalid url: /pfSense_plus-v22_05_amd64-core pkg-static: Cannot parse configuration file! -
@32g3liqxu8 I saw that error/issue also this afternoon.
-
Yup just hit it and found the cause. Working on it now...
-
Thank you!
-
The repo issue is still being worked on.
The package restart issue is odd. Seems like there's a logic error there. I managed to replicate it on a different interface and the only difference is that it doesn't have 'track-interface' set for IPv6.
You don't appear to have any v6 connectivity there so to test it you would need to enable dhcpv6 on something in order to set opt4 to track it. If you can test that and confirm that prevents rc.newwanip running then we'll need to dig into that deeper.
Steve
-
I turned on v6 connectivity on my WAN interface. I set OPT4 to track the interface gateway of WAN_DHCP6. I powered on my laptop, and I am not seeing the rc.newwanip for em5, but it does occur for WAN_DHCP6, and that's likely because the WAN_DHCP6 is offline. I'm not sure I set that part up correctly. I'm not very familiar with IPv6. Let me know if this is not a good enough test
Sep 17 12:35:36 pfSense check_reload_status[401]: Linkup starting em5 Sep 17 12:35:36 pfSense kernel: em5: link state changed to DOWN Sep 17 12:35:37 pfSense php-fpm[42065]: /rc.linkup: DEVD Ethernet detached event for opt4 Sep 17 12:35:37 pfSense check_reload_status[401]: Reloading filter Sep 17 12:35:38 pfSense check_reload_status[401]: Linkup starting em5 Sep 17 12:35:38 pfSense kernel: em5: link state changed to UP Sep 17 12:35:38 pfSense php-fpm[42065]: /rc.filter_configure_sync: GW States: One or more gateways is down, flushing all states: WAN_DHCP6 Sep 17 12:35:39 pfSense php-fpm[371]: /rc.linkup: DEVD Ethernet attached event for opt4 Sep 17 12:35:39 pfSense php-fpm[371]: /rc.linkup: HOTPLUG: Configuring interface opt4 Sep 17 12:35:39 pfSense php-fpm[371]: /rc.linkup: Gateway, none 'available' for inet6, use the first one configured. 'WAN_DHCP6' Sep 17 12:35:39 pfSense check_reload_status[401]: Restarting IPsec tunnels Sep 17 12:35:40 pfSense php-fpm[69043]: /rc.newwanipv6: rc.newwanipv6: Info: starting on em0. Sep 17 12:35:40 pfSense php-fpm[69043]: /rc.newwanipv6: rc.newwanipv6: on (IP address: 2603:900a:ff00:1b:596b:b440:d2fb:e381) (interface: wan) (real interface: em0). Sep 17 12:35:41 pfSense nginx: 2022/09/17 12:35:41 [crit] 71665#100551: *7384 SSL_write() failed (13: Permission denied) while processing HTTP/2 connection, client: 192.168.1.51, server: 0.0.0.0:443 Sep 17 12:35:42 pfSense php-fpm[371]: /rc.linkup: The command '/usr/local/sbin/unbound -c /var/unbound/unbound.conf' returned exit code '1', the output was '[1663432542] unbound[69211:0] error: bind: address already in use [1663432542] unbound[69211:0] fatal error: could not open ports' Sep 17 12:35:44 pfSense rc.gateway_alarm[18167]: >>> Gateway alarm: WAN_DHCP6 (Addr:fe80::2bc:60ff:fe93:419%em0 Alarm:1 RTT:0.000ms RTTsd:0.000ms Loss:100%) Sep 17 12:35:44 pfSense check_reload_status[401]: updating dyndns WAN_DHCP6 Sep 17 12:35:44 pfSense check_reload_status[401]: Restarting IPsec tunnels Sep 17 12:35:44 pfSense check_reload_status[401]: Restarting OpenVPN tunnels/interfaces Sep 17 12:35:44 pfSense check_reload_status[401]: Reloading filter Sep 17 12:35:44 pfSense php-fpm[69043]: /rc.newwanipv6: Gateway, none 'available' for inet6, use the first one configured. 'WAN_DHCP6' Sep 17 12:35:44 pfSense check_reload_status[401]: Reloading filter Sep 17 12:35:45 pfSense check_reload_status[401]: updating dyndns opt4 Sep 17 12:35:46 pfSense php-fpm[69043]: /rc.openvpn: Gateway, none 'available' for inet6, use the first one configured. 'WAN_DHCP6' Sep 17 12:35:46 pfSense php-fpm[42065]: /rc.filter_configure_sync: GW States: One or more gateways is down, flushing all states: WAN_DHCP6 Sep 17 12:35:47 pfSense php-fpm[39466]: /rc.filter_configure_sync: GW States: One or more gateways is down, flushing all states: WAN_DHCP6 Sep 17 12:36:00 pfSense sshguard[43717]: Exiting on signal. -
I there a redmine issue for this bug? I'd like to follow it and if there is a patch, apply it on one of my systems. Thanks.
-
Not yet.It's not clear which way the intended behaviour is but I'm pretty sure it should be the same for a link-up/down event regardless of whether it's tracking something else for v6.
What behaviour are you seeing?Steve
-
Thanks. I'm seeing behavior to that reported here. On a NetGate 6100 Max running pfSense 22.05-Release without ipv6. Whenever I connect to a LAN port, it runs rc.renewwanip and in some cases, whatever else it does affects other LAN segments connected to NICs on the 6100.
Given that the issue manifests when ipv6 is disabled, from your analysis, do you know the minimum ipv6 config that I would need to work around the issue?
