Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Hotplug event causes rc.start_packages: Restarting/Starting all packages

    General pfSense Questions
    9
    52
    7.5k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • L
      lcbbcl
      last edited by

      Hello i know that is not my threat but i think that i might have the same problem.
      If i restart one of my pc (it is connected directly to pfsense) my wg tunnel will go down and only after rebooting my pfsense i am able to make it work again. Some one can give me a workaround for my Wg tunnel to come up without restarting my pfsense.
      Thank you.

      Nov 10 14:25:35 	php 	50499 	[pfBlockerNG] filterlog daemon started
      Nov 10 14:25:35 	tail_pfb 	50062 	[pfBlockerNG] Firewall Filter Service started
      Nov 10 14:25:35 	php_pfb 	47352 	[pfBlockerNG] filterlog daemon stopped
      Nov 10 14:25:35 	tail_pfb 	47026 	[pfBlockerNG] Firewall Filter Service stopped
      Nov 10 14:25:35 	lighttpd_pfb 	44920 	[pfBlockerNG] DNSBL Webserver started
      Nov 10 14:25:35 	lighttpd_pfb 	43815 	[pfBlockerNG] DNSBL Webserver stopped
      Nov 10 14:25:35 	php-fpm 	60035 	/rc.start_packages: Configuration Change: (system): [pfSense-pkg-WireGuard] Applied package default settings as necessary.
      Nov 10 14:25:35 	php-fpm 	60035 	/rc.start_packages: Configuration Change: (system): [pfSense-pkg-WireGuard] Installed Unbound ACL group (WireGuard).
      Nov 10 14:25:35 	php-fpm 	60035 	/rc.start_packages: Configuration Change: (system): [pfSense-pkg-WireGuard] De-installed Unbound ACL group (WireGuard).
      Nov 10 14:25:35 	php-fpm 	60035 	/rc.start_packages: Configuration Change: (system): [pfSense-pkg-WireGuard] De-installed interface group (WireGuard).
      Nov 10 14:25:35 	check_reload_status 	411 	Syncing firewall
      Nov 10 14:25:35 	php-fpm 	60035 	/rc.start_packages: Configuration Change: (system): [pfSense-pkg-WireGuard] Installed earlyshellcmd(s).
      Nov 10 14:25:35 	check_reload_status 	411 	Syncing firewall
      Nov 10 14:25:35 	php-fpm 	60035 	/rc.start_packages: Configuration Change: (system): [pfSense-pkg-WireGuard] De-installed earlyshellcmd(s).
      Nov 10 14:25:32 	upsd 	24397 	Startup successful
      Nov 10 14:25:32 	upsd 	24142 	Connected to UPS [APC]: usbhid-ups-APC
      Nov 10 14:25:32 	upsd 	24142 	listening on 127.0.0.1 port 3493
      Nov 10 14:25:32 	upsd 	24142 	listening on ::1 port 3493
      Nov 10 14:25:32 	upsd 	24142 	listening on 192.168.2.1 port 3493
      Nov 10 14:25:32 	upsd 	24142 	listening on 192.168.4.1 port 3493
      Nov 10 14:25:32 	usbhid-ups 	22587 	Startup successful
      Nov 10 14:25:31 	upsmon 	21917 	Startup successful
      Nov 10 14:25:31 	php-fpm 	60035 	/rc.start_packages: Starting service nut
      Nov 10 14:25:31 	usbhid-ups 	79003 	Signal 15: exiting
      Nov 10 14:25:31 	upsd 	19203 	Signal 15: exiting
      Nov 10 14:25:31 	upsd 	19203 	mainloop: Interrupted system call
      Nov 10 14:25:31 	upsd 	19203 	User local-monitor@127.0.0.1 logged out from UPS [APC]
      Nov 10 14:25:31 	upsmon 	77054 	Signal 15: exiting
      Nov 10 14:25:31 	php-fpm 	60035 	/rc.start_packages: Stopping service nut
      Nov 10 14:25:31 	check_reload_status 	411 	Syncing firewall
      Nov 10 14:25:31 	php-fpm 	60035 	/rc.start_packages: Configuration Change: (system): pfBlockerNG: saving Aliases
      Nov 10 14:25:31 	php-fpm 	60035 	/rc.start_packages: Restarting/Starting all packages.
      Nov 10 14:25:30 	check_reload_status 	411 	Starting packages
      Nov 10 14:25:30 	php-fpm 	60035 	/rc.newwanip: Netgate pfSense Plus package system has detected an IP change or dynamic WAN reconnection - 192.168.4.1 -> 192.168.4.1 - Restarting packages.
      Nov 10 14:25:29 	php-fpm 	14803 	/rc.newwanip: dpinger: timeout while retrieving status for gateway WAN_EPORTS_PPPOE
      Nov 10 14:25:28 	php-fpm 	60035 	/rc.newwanip: Creating rrd update script
      Nov 10 14:25:28 	php-fpm 	60035 	/rc.newwanip: Resyncing OpenVPN instances for interface DMZ.
      Nov 10 14:25:27 	check_reload_status 	411 	Reloading filter
      Nov 10 14:25:27 	check_reload_status 	411 	Restarting OpenVPN tunnels/interfaces
      Nov 10 14:25:27 	check_reload_status 	411 	Restarting IPsec tunnels
      Nov 10 14:25:27 	check_reload_status 	411 	updating dyndns WG_mamaGW 
      Nov 10 14:25:27 	rc.gateway_alarm 	76312 	>>> Gateway alarm: WG_mamaGW (Addr:10.1.1.1 Alarm:1 RTT:0.000ms RTTsd:0.000ms Loss:100%)
      Nov 10 14:25:25 	php-fpm 	14803 	/rc.newwanip: Removing static route for monitor xxx.xxx.xxx.242 and adding a new route through xxx.xxx.xxx.193
      Nov 10 14:25:25 	php-fpm 	14803 	/rc.newwanip: rc.newwanip: on (IP address: 192.168.4.1) (interface: DMZ[opt3]) (real interface: em3).
      Nov 10 14:25:25 	php-fpm 	14803 	/rc.newwanip: rc.newwanip: Info: starting on em3.
      Nov 10 14:25:24 	check_reload_status 	411 	Reloading filter
      Nov 10 14:25:24 	check_reload_status 	411 	rc.newwanip starting em3
      Nov 10 14:25:24 	php-fpm 	14803 	/rc.linkup: Hotplug event detected for DMZ(opt3) static IP (192.168.4.1 )
      Nov 10 14:25:23 	kernel 		em3: link state changed to UP
      Nov 10 14:25:23 	check_reload_status 	411 	Linkup starting em3
      Nov 10 14:25:22 	php-fpm 	60035 	/rc.newwanip: dpinger: timeout while retrieving status for gateway WAN_EPORTS_PPPOE
      Nov 10 14:25:21 	check_reload_status 	411 	Reloading filter
      Nov 10 14:25:21 	php-fpm 	31658 	/rc.linkup: Hotplug event detected for DMZ(opt3) static IP (192.168.4.1 )
      Nov 10 14:25:21 	check_reload_status 	411 	Reloading filter
      Nov 10 14:25:21 	check_reload_status 	411 	Restarting OpenVPN tunnels/interfaces
      Nov 10 14:25:21 	check_reload_status 	411 	Restarting IPsec tunnels
      Nov 10 14:25:21 	check_reload_status 	411 	updating dyndns WG_mamaGW
      Nov 10 14:25:21 	rc.gateway_alarm 	56603 	>>> Gateway alarm: WG_mamaGW (Addr:10.1.1.1 Alarm:1 RTT:0.000ms RTTsd:0.000ms Loss:100%)
      Nov 10 14:25:20 	kernel 		em3: link state changed to DOWN
      Nov 10 14:25:20 	check_reload_status 	411 	Linkup starting em3
      Nov 10 14:25:19 	php-fpm 	60035 	/rc.newwanip: Removing static route for monitor xxx.xxx.xxx.242 and adding a new route through xxx.xxx.xxx.193
      Nov 10 14:25:18 	php-fpm 	60035 	/rc.newwanip: rc.newwanip: on (IP address: 192.168.4.1) (interface: DMZ[opt3]) (real interface: em3).
      Nov 10 14:25:18 	php-fpm 	60035 	/rc.newwanip: rc.newwanip: Info: starting on em3.
      Nov 10 14:25:17 	check_reload_status 	411 	Reloading filter
      Nov 10 14:25:17 	check_reload_status 	411 	rc.newwanip starting em3
      Nov 10 14:25:17 	php-fpm 	60035 	/rc.linkup: Hotplug event detected for DMZ(opt3) static IP (192.168.4.1 )
      Nov 10 14:25:16 	kernel 		em3: link state changed to UP
      Nov 10 14:25:16 	check_reload_status 	411 	Linkup starting em3
      Nov 10 14:25:15 	check_reload_status 	411 	Reloading filter
      Nov 10 14:25:15 	php-fpm 	12840 	/rc.linkup: Hotplug event detected for DMZ(opt3) static IP (192.168.4.1 )
      Nov 10 14:25:14 	check_reload_status 	411 	Linkup starting em3
      Nov 10 14:25:14 	kernel 		em3: link state changed to DOWN 
      
      1 Reply Last reply Reply Quote 0
      • stephenw10S
        stephenw10 Netgate Administrator
        last edited by

        Well if you set DMZ to track WAN for v6 it will probably prevent it running rc.newwanip which in turn should prevent the WG tunnel restarting.
        However the WG tunnel should just come back up when it's restarted. It looks like you might have some other issue there that should probably be addressed in a new thread.

        Steve

        1 Reply Last reply Reply Quote 0
        • B
          bblacey @stephenw10
          last edited by

          @stephenw10 just checking to see if anything came of the internal discussions. If you guys opened a redmine issue, please provide the id here so I can watch it. Thanks.

          1 Reply Last reply Reply Quote 0
          • stephenw10S
            stephenw10 Netgate Administrator
            last edited by

            Not yet, let me re-raise it...

            B 1 Reply Last reply Reply Quote 0
            • B
              bblacey @stephenw10
              last edited by

              @stephenw10 any movement on this yet?

              1 Reply Last reply Reply Quote 0
              • stephenw10S
                stephenw10 Netgate Administrator
                last edited by

                Not yet. I ran it past a few developers and the consensus was that restarting packages on a link state change is probably expected. However that doesn't explain the interaction with track6. And it seems completely unnecessary in many cases, such as this one.
                Fixing this correctly may involve a lot more work than we have time for in 23.01. I suspect a complete review of the service start scripts is in order.
                I'll try to get something opened. There's definitely a bug there somewhere, one of those behaviours is wrong.

                Steve

                3 1 Reply Last reply Reply Quote 1
                • S SteveITS referenced this topic on
                • S SteveITS referenced this topic on
                • 3
                  32G3LiQxu8 @stephenw10
                  last edited by

                  @stephenw10 just curious if any additional discussions have been had since your last post?

                  Thanks!

                  1 Reply Last reply Reply Quote 0
                  • stephenw10S
                    stephenw10 Netgate Administrator
                    last edited by

                    Actually this was discussed recently here: https://forum.netgate.com/topic/180783/23-05-pf-was-wedged-busy-and-has-been-reset

                    I'll be opening a bug for this shortly.

                    3 1 Reply Last reply Reply Quote 1
                    • 3
                      32G3LiQxu8 @stephenw10
                      last edited by

                      @stephenw10 Thank you!

                      1 Reply Last reply Reply Quote 0
                      • I
                        Ienien77
                        last edited by

                        Hi,
                        I have the same thing happening on my side, when something change, it restart packages. And of course my Wireguard tunnel is going down ... i absolutely have no clue on why it does that (wireguard not going back up).

                        Did you figure this out yet ?

                        1 Reply Last reply Reply Quote 0
                        • stephenw10S
                          stephenw10 Netgate Administrator
                          last edited by

                          Does it eventually reconnect? Does it reconnect manually? What do you do to recover?

                          3 I 2 Replies Last reply Reply Quote 0
                          • 3
                            32G3LiQxu8 @stephenw10
                            last edited by

                            @stephenw10 @Ienien77

                            Navigate to Interfaces > WAN
                            Even if you do not use IPv6 environment, set IPv6 Configuration Type to DHCP6

                            firefox_FOZVeAfuVH.png

                            Navigate to the Interface that is causing the restart of packages (you may have to do this on more than one interface)
                            Set IPv6 Configuration Type to Track Interface

                            firefox_vey0KHKWfK.png

                            Scroll down under Track IPv6 Interface section and set IPv6 Interface to WAN

                            firefox_n30REhnLcJ.png

                            This will keep Wireguard from restarting. It will, however, restart IPSec tunnels so if you have those it won't be of any help.

                            Another workaround is to setup a switch on that interface so it thinks it is always up

                            I believe a bug is going to be /has been opened up for this issue

                            Hope this helps!

                            I 1 Reply Last reply Reply Quote 1
                            • I
                              Ienien77 @stephenw10
                              last edited by

                              @stephenw10 hi,
                              My Wireguard tunnel isn't restarting, unless i restart manually Wireguard service on PfSense ... which is a little bit complicated when i don't have acces to Pfsense

                              1 Reply Last reply Reply Quote 0
                              • I
                                Ienien77 @32G3LiQxu8
                                last edited by

                                @32G3LiQxu8
                                That would be cool for my Wireguard tunnel, but if i destroy my colleague IPsec tunnel ... he won't be happy

                                1 Reply Last reply Reply Quote 0
                                • stephenw10S
                                  stephenw10 Netgate Administrator
                                  last edited by

                                  You only need to set that one time to prevent it restating packages if an internal interface bounces.

                                  I 1 Reply Last reply Reply Quote 0
                                  • I
                                    Ienien77 @stephenw10
                                    last edited by

                                    @stephenw10
                                    Hey, my tunnel went down ... again
                                    This time to restart it i had to remove port configuration for my tunnel under VPN > Wireguard > Tunnel > Edit Tunnel > Listen Port.
                                    If that help anyone or for any debugging.
                                    I´l have a look at your workaround

                                    1 Reply Last reply Reply Quote 0
                                    • stephenw10S
                                      stephenw10 Netgate Administrator
                                      last edited by

                                      Any errors logged? Did it not even try to come back up?

                                      The trackv6 thing might prevent it restarting due to that particular interface bouncing but it should still restart. So you have two issues happening here I'd suggest.

                                      Steve

                                      I 1 Reply Last reply Reply Quote 0
                                      • I
                                        Ienien77 @stephenw10
                                        last edited by

                                        @stephenw10 i'll have a look at logs when having physical access to my Pfsense box .. because yet again my tunnel is down ...
                                        Note that i have yet to try what you say.

                                        3 1 Reply Last reply Reply Quote 1
                                        • 3
                                          32G3LiQxu8 @Ienien77
                                          last edited by

                                          @stephenw10

                                          Just curious, was a redmine opened for this or does it not meet the threshold?

                                          1 Reply Last reply Reply Quote 0
                                          • stephenw10S
                                            stephenw10 Netgate Administrator
                                            last edited by

                                            Not for the trackv6 issue. Yet. I'm going to revisit it for 23.09 though because to me it seems like there must be a bug there.

                                            3 1 Reply Last reply Reply Quote 1
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.