Wireguard Site-to-Site Gateways disabled after reboot - service not starting

lcbbcl

@buzz2912
This is hilarious again after restart i got the GW disabled and i manually enabled the gateway, this made my tunnel work but the wireguard is not running.
But still on others threads they claim that is working as it should.
Well i will give a try also to open.

buzz2912

I do not understand what we do different.

lcbbcl

@buzz2912
We don't do nothing different , i did try everything. 1/10 reboots wg is working as it should so it is clear to me that is not how i set up. Its is something different, pppoe could be a coincidence or not. without adding a gw to the tunnel wg is coming up.

vjizzle

Hi,

I have the same problem with wireguard tunnels. I am on 22.05 and there this problem also exists. Every reboot it’s a 50-50% chance my wireguard tunnels will come up.

I was briefly on 23.01 and there 100% of the time my wireguard tunnels would not come back after a reboot. Reinstalling the wireguard package did fix it for the next reboot after reinstalling the package but every following reboot would turn up the same problem. Gateways disabled and wireguard tunnels and service both down and not way of enabling or starting them. Definitely a bug. I have pppoe as well on WAN.

I returned to 22.05 because of a bug with igmp and for now this is ok. Hopefully some fixes will come for the next release. I read somewhere that on the other *sense firewall this problem does not exist. Wondering how they solved it 🧐

lcbbcl

@vjizzle
Well i have this problem long time ago, i moved from 2.6 to 22.01 22.05 and now 23. I had always pppoe connection and it did work in the past but after last updates to wg i start to have problems. I might try to use openvpn just to see because that was working years without any problems and now i see posts about openvpn also with similar problems.
I don't expect bugs free, it is just that the bug was reported and they close saying that wg work as it should be.

buzz2912

Here is a workaround:

Install package cron
Add cron job

Minute: @reboot
user: root
Command:
sleep 60 && /usr/local/sbin/pkg install -f -y pfsense-pkg-WireGuard

After reboot the wireguard pkg is force reinstalled. After that the service and the tunnels and the gateways come up. Takes some time.

Hope that helps, Sebastian

Misterb

I've had this same problem since almost the start of the 2.7.0 dev releases appearing. The wireguard tunnel always comes up but the gateway reports as down and the wireguard service says it's down. I can return things to normal by going to Status->Services and restarting dpinger followed by starting wireguard. The service starts and the gateway on the front page comes back online.

buzz2912

@misterb
do you have a cron command for that?

I can not understand why this is not fixed after all this time.
It seems, that no one cares.

Sebastian

moelassus

@buzz2912 Ugh, this is a good solution to a bad problem. It's a shame that Wireguard behaves like this. I didn't know I was experiencing this until I rebooted prior to upgrading and my peer would not handshake. I rebooted again and it came back. I thought I was out of the woods so I upgraded to 22.05 and Wireguard hasn't worked since. I just tried the uninstall reinstall and it did eventually work. It took awhile for the peer to handshake but it eventually did. I hadn't rebooted since the last update so hopefully I won't run into this again for a long time.

Gektor

Have same issue on pfSense + 23.05, after Save + Apply WG Gateways, it's start wotking.

Seeking Sense

@Gektor are you referring to the WireGuard INTERFACE that you created for your WireGuard tunnel found in the pfSense Interfaces list?

If so then I have also found that to be my only solution to reestablish my WireGuard tunnel.

I am required to DISABLE, SAVE and APPLY and then ENABLE, SAVE and APPLY the WireGuard Interface to reestablish my WireGuard tunnel.

Is there a fix for this?

Has anyone written a script to check if a WireGuard Gateway is down, offline, etc... to DISABLE and then ENABLE its associated interface?

michmoor

@Seeking-Sense I would say to open a redmine if you believe this is a bug or a regression but the odds of that getting actioned by a dev are extremely low.
Have you tried disabling gateway monitoring?

Seeking Sense

@michmoor said in Wireguard Site-to-Site Gateways disabled after reboot - service not starting:

Have you tried disabling gateway monitoring?

Sure have. Not only that but disabled take action as well.

And just to be clear the WireGuard Interface fails to come online after reboot.

buzz2912

@Seeking-Sense
The Solution is restarting dpinger after reboot.
Search for my post in the solution for site to site gateway down after Reboot

Misterb

What Buzz said, restart dpinger and then start Wireguard.

Seeking Sense

Thanks for the reply @buzz2912 I may have tried that in the past not exactly sure and just stumbled across the DISABLE & ENABLE Interface solution.

I will reboot pfSense later and try your solution.

Never the less I need an unattended automated method to implement your or my solution for the times that my internet connect flakes out or there is a power outage and yes I have pfSense on a UPS.

Also WireGuard "is running" just not functioning when I DISABLE and ENABLE it's Interface.

buzz2912

@Seeking-Sense
install cron and service watchdog. Add wireguard to service watchdog. Create a cron job @reboot && sleep 30 for designer restart Here is the link

Seeking Sense

@buzz2912 are you saying to reinstall the WireGuard each time this happens? If so that is bonkers Or are you saying restart dpinger utilizing CRON and WATCHDOG?

buzz2912

@Seeking-Sense
At First i reinstalled. Now I am using dpinger restart

Misterb

I've just installed 2.7.0-RELEASE and the same issue and fix exists.