Hotplug event causes rc.start_packages: Restarting/Starting all packages
-
Hello i know that is not my threat but i think that i might have the same problem.
If i restart one of my pc (it is connected directly to pfsense) my wg tunnel will go down and only after rebooting my pfsense i am able to make it work again. Some one can give me a workaround for my Wg tunnel to come up without restarting my pfsense.
Thank you.Nov 10 14:25:35 php 50499 [pfBlockerNG] filterlog daemon started Nov 10 14:25:35 tail_pfb 50062 [pfBlockerNG] Firewall Filter Service started Nov 10 14:25:35 php_pfb 47352 [pfBlockerNG] filterlog daemon stopped Nov 10 14:25:35 tail_pfb 47026 [pfBlockerNG] Firewall Filter Service stopped Nov 10 14:25:35 lighttpd_pfb 44920 [pfBlockerNG] DNSBL Webserver started Nov 10 14:25:35 lighttpd_pfb 43815 [pfBlockerNG] DNSBL Webserver stopped Nov 10 14:25:35 php-fpm 60035 /rc.start_packages: Configuration Change: (system): [pfSense-pkg-WireGuard] Applied package default settings as necessary. Nov 10 14:25:35 php-fpm 60035 /rc.start_packages: Configuration Change: (system): [pfSense-pkg-WireGuard] Installed Unbound ACL group (WireGuard). Nov 10 14:25:35 php-fpm 60035 /rc.start_packages: Configuration Change: (system): [pfSense-pkg-WireGuard] De-installed Unbound ACL group (WireGuard). Nov 10 14:25:35 php-fpm 60035 /rc.start_packages: Configuration Change: (system): [pfSense-pkg-WireGuard] De-installed interface group (WireGuard). Nov 10 14:25:35 check_reload_status 411 Syncing firewall Nov 10 14:25:35 php-fpm 60035 /rc.start_packages: Configuration Change: (system): [pfSense-pkg-WireGuard] Installed earlyshellcmd(s). Nov 10 14:25:35 check_reload_status 411 Syncing firewall Nov 10 14:25:35 php-fpm 60035 /rc.start_packages: Configuration Change: (system): [pfSense-pkg-WireGuard] De-installed earlyshellcmd(s). Nov 10 14:25:32 upsd 24397 Startup successful Nov 10 14:25:32 upsd 24142 Connected to UPS [APC]: usbhid-ups-APC Nov 10 14:25:32 upsd 24142 listening on 127.0.0.1 port 3493 Nov 10 14:25:32 upsd 24142 listening on ::1 port 3493 Nov 10 14:25:32 upsd 24142 listening on 192.168.2.1 port 3493 Nov 10 14:25:32 upsd 24142 listening on 192.168.4.1 port 3493 Nov 10 14:25:32 usbhid-ups 22587 Startup successful Nov 10 14:25:31 upsmon 21917 Startup successful Nov 10 14:25:31 php-fpm 60035 /rc.start_packages: Starting service nut Nov 10 14:25:31 usbhid-ups 79003 Signal 15: exiting Nov 10 14:25:31 upsd 19203 Signal 15: exiting Nov 10 14:25:31 upsd 19203 mainloop: Interrupted system call Nov 10 14:25:31 upsd 19203 User local-monitor@127.0.0.1 logged out from UPS [APC] Nov 10 14:25:31 upsmon 77054 Signal 15: exiting Nov 10 14:25:31 php-fpm 60035 /rc.start_packages: Stopping service nut Nov 10 14:25:31 check_reload_status 411 Syncing firewall Nov 10 14:25:31 php-fpm 60035 /rc.start_packages: Configuration Change: (system): pfBlockerNG: saving Aliases Nov 10 14:25:31 php-fpm 60035 /rc.start_packages: Restarting/Starting all packages. Nov 10 14:25:30 check_reload_status 411 Starting packages Nov 10 14:25:30 php-fpm 60035 /rc.newwanip: Netgate pfSense Plus package system has detected an IP change or dynamic WAN reconnection - 192.168.4.1 -> 192.168.4.1 - Restarting packages. Nov 10 14:25:29 php-fpm 14803 /rc.newwanip: dpinger: timeout while retrieving status for gateway WAN_EPORTS_PPPOE Nov 10 14:25:28 php-fpm 60035 /rc.newwanip: Creating rrd update script Nov 10 14:25:28 php-fpm 60035 /rc.newwanip: Resyncing OpenVPN instances for interface DMZ. Nov 10 14:25:27 check_reload_status 411 Reloading filter Nov 10 14:25:27 check_reload_status 411 Restarting OpenVPN tunnels/interfaces Nov 10 14:25:27 check_reload_status 411 Restarting IPsec tunnels Nov 10 14:25:27 check_reload_status 411 updating dyndns WG_mamaGW Nov 10 14:25:27 rc.gateway_alarm 76312 >>> Gateway alarm: WG_mamaGW (Addr:10.1.1.1 Alarm:1 RTT:0.000ms RTTsd:0.000ms Loss:100%) Nov 10 14:25:25 php-fpm 14803 /rc.newwanip: Removing static route for monitor xxx.xxx.xxx.242 and adding a new route through xxx.xxx.xxx.193 Nov 10 14:25:25 php-fpm 14803 /rc.newwanip: rc.newwanip: on (IP address: 192.168.4.1) (interface: DMZ[opt3]) (real interface: em3). Nov 10 14:25:25 php-fpm 14803 /rc.newwanip: rc.newwanip: Info: starting on em3. Nov 10 14:25:24 check_reload_status 411 Reloading filter Nov 10 14:25:24 check_reload_status 411 rc.newwanip starting em3 Nov 10 14:25:24 php-fpm 14803 /rc.linkup: Hotplug event detected for DMZ(opt3) static IP (192.168.4.1 ) Nov 10 14:25:23 kernel em3: link state changed to UP Nov 10 14:25:23 check_reload_status 411 Linkup starting em3 Nov 10 14:25:22 php-fpm 60035 /rc.newwanip: dpinger: timeout while retrieving status for gateway WAN_EPORTS_PPPOE Nov 10 14:25:21 check_reload_status 411 Reloading filter Nov 10 14:25:21 php-fpm 31658 /rc.linkup: Hotplug event detected for DMZ(opt3) static IP (192.168.4.1 ) Nov 10 14:25:21 check_reload_status 411 Reloading filter Nov 10 14:25:21 check_reload_status 411 Restarting OpenVPN tunnels/interfaces Nov 10 14:25:21 check_reload_status 411 Restarting IPsec tunnels Nov 10 14:25:21 check_reload_status 411 updating dyndns WG_mamaGW Nov 10 14:25:21 rc.gateway_alarm 56603 >>> Gateway alarm: WG_mamaGW (Addr:10.1.1.1 Alarm:1 RTT:0.000ms RTTsd:0.000ms Loss:100%) Nov 10 14:25:20 kernel em3: link state changed to DOWN Nov 10 14:25:20 check_reload_status 411 Linkup starting em3 Nov 10 14:25:19 php-fpm 60035 /rc.newwanip: Removing static route for monitor xxx.xxx.xxx.242 and adding a new route through xxx.xxx.xxx.193 Nov 10 14:25:18 php-fpm 60035 /rc.newwanip: rc.newwanip: on (IP address: 192.168.4.1) (interface: DMZ[opt3]) (real interface: em3). Nov 10 14:25:18 php-fpm 60035 /rc.newwanip: rc.newwanip: Info: starting on em3. Nov 10 14:25:17 check_reload_status 411 Reloading filter Nov 10 14:25:17 check_reload_status 411 rc.newwanip starting em3 Nov 10 14:25:17 php-fpm 60035 /rc.linkup: Hotplug event detected for DMZ(opt3) static IP (192.168.4.1 ) Nov 10 14:25:16 kernel em3: link state changed to UP Nov 10 14:25:16 check_reload_status 411 Linkup starting em3 Nov 10 14:25:15 check_reload_status 411 Reloading filter Nov 10 14:25:15 php-fpm 12840 /rc.linkup: Hotplug event detected for DMZ(opt3) static IP (192.168.4.1 ) Nov 10 14:25:14 check_reload_status 411 Linkup starting em3 Nov 10 14:25:14 kernel em3: link state changed to DOWN -
Well if you set DMZ to track WAN for v6 it will probably prevent it running rc.newwanip which in turn should prevent the WG tunnel restarting.
However the WG tunnel should just come back up when it's restarted. It looks like you might have some other issue there that should probably be addressed in a new thread.Steve
-
@stephenw10 just checking to see if anything came of the internal discussions. If you guys opened a redmine issue, please provide the id here so I can watch it. Thanks.
-
Not yet, let me re-raise it...
-
@stephenw10 any movement on this yet?
-
Not yet. I ran it past a few developers and the consensus was that restarting packages on a link state change is probably expected. However that doesn't explain the interaction with track6. And it seems completely unnecessary in many cases, such as this one.
Fixing this correctly may involve a lot more work than we have time for in 23.01. I suspect a complete review of the service start scripts is in order.
I'll try to get something opened. There's definitely a bug there somewhere, one of those behaviours is wrong.Steve
-
S SteveITS referenced this topic on
-
S SteveITS referenced this topic on
-
@stephenw10 just curious if any additional discussions have been had since your last post?
Thanks!
-
Actually this was discussed recently here: https://forum.netgate.com/topic/180783/23-05-pf-was-wedged-busy-and-has-been-reset
I'll be opening a bug for this shortly.
-
@stephenw10 Thank you!
-
Hi,
I have the same thing happening on my side, when something change, it restart packages. And of course my Wireguard tunnel is going down ... i absolutely have no clue on why it does that (wireguard not going back up).Did you figure this out yet ?
-
Does it eventually reconnect? Does it reconnect manually? What do you do to recover?
-
Navigate to Interfaces > WAN
Even if you do not use IPv6 environment, set IPv6 Configuration Type to DHCP6
Navigate to the Interface that is causing the restart of packages (you may have to do this on more than one interface)
Set IPv6 Configuration Type to Track Interface
Scroll down under Track IPv6 Interface section and set IPv6 Interface to WAN
This will keep Wireguard from restarting. It will, however, restart IPSec tunnels so if you have those it won't be of any help.
Another workaround is to setup a switch on that interface so it thinks it is always up
I believe a bug is going to be /has been opened up for this issue
Hope this helps!
-
@stephenw10 hi,
My Wireguard tunnel isn't restarting, unless i restart manually Wireguard service on PfSense ... which is a little bit complicated when i don't have acces to Pfsense -
@32G3LiQxu8
That would be cool for my Wireguard tunnel, but if i destroy my colleague IPsec tunnel ... he won't be happy -
You only need to set that one time to prevent it restating packages if an internal interface bounces.
-
@stephenw10
Hey, my tunnel went down ... again
This time to restart it i had to remove port configuration for my tunnel under VPN > Wireguard > Tunnel > Edit Tunnel > Listen Port.
If that help anyone or for any debugging.
I´l have a look at your workaround -
Any errors logged? Did it not even try to come back up?
The trackv6 thing might prevent it restarting due to that particular interface bouncing but it should still restart. So you have two issues happening here I'd suggest.
Steve
-
@stephenw10 i'll have a look at logs when having physical access to my Pfsense box .. because yet again my tunnel is down ...
Note that i have yet to try what you say. -
Just curious, was a redmine opened for this or does it not meet the threshold?
-
Not for the trackv6 issue. Yet. I'm going to revisit it for 23.09 though because to me it seems like there must be a bug there.
