Wireguard Gateway not coming up after reboot.

GTR_991 · Aug 3, 2024, 6:39 PM

Hey guys,,

I have been having issue after i started using WG on my pfsense box, where the WG gateway wont come up after reboot.
i already tried using service watchdog, which helped partially getting the WG service to start but the gateway of the WG interface just shows red highlight as if its dead.
restarting the gateway manually make it work againt till next reboot.

the boot logs are shown below if helpfull

	22985	[wan] IPV6CP: LayerUp
Aug 3 18:05:35	ppp	22985	[wan] be24:11ff:fe79:97de -> 7a19:f7ff:fe0c:00f4
Aug 3 18:05:35	php	31146	/usr/local/sbin/ppp-ipv6: Accept router advertisements on interface pppoe0
Aug 3 18:05:35	php	31146	/usr/local/sbin/ppp-ipv6: Starting DHCP6 client for interfaces pppoe0 in DHCP6 without RA mode
Aug 3 18:05:35	php	31146	/usr/local/sbin/ppp-ipv6: Starting rtsold process on wan(pppoe0)
Aug 3 18:05:36	php-fpm	397	/rc.linkup: Ignoring link event during boot sequence.
Aug 3 18:05:36	php-fpm	398	/rc.linkup: Ignoring link event during boot sequence.
Aug 3 18:05:36	kernel		ng_pppoe[14]: no matching session
Aug 3 18:05:36	kernel		ng_pppoe[14]: no matching session
Aug 3 18:05:36	kernel		nd6_dad_timer: called with non-tentative address fe80:9::be24:11ff:fe79:97de(pppoe0)
Aug 3 18:05:36	php-fpm	397	/rc.newwanip: rc.newwanip: Info: starting on pppoe0.
Aug 3 18:05:36	php-fpm	397	/rc.newwanip: rc.newwanip: on (IP address: 37.104.198.61) (interface: WAN[wan]) (real interface: pppoe0).
Aug 3 18:05:36	kernel		pflog0: promiscuous mode enabled
Aug 3 18:05:36	php-fpm	397	/rc.newwanip: The gateway: WG_Gateway is invalid or unknown, not using it.
Aug 3 18:05:37	php-fpm	397	/rc.newwanip: Gateway, NONE AVAILABLE
Aug 3 18:05:37	php-fpm	397	/rc.newwanip: Default gateway setting Interface WAN_PPPOE Gateway as default.
Aug 3 18:05:37	php-fpm	397	/rc.newwanip: Gateway, none 'available' for inet6, use the first one configured. 'WAN_DHCP6'
Aug 3 18:05:37	php-fpm	397	/rc.newwanip: IP Address has changed, killing states on former IP Address 37.107.190.148.
Aug 3 18:05:38	php-fpm	397	/rc.newwanip: Resyncing OpenVPN instances for interface WAN.
Aug 3 18:05:38	check_reload_status	429	rc.newwanipv6 starting pppoe0
Aug 3 18:05:38	php-fpm	397	/rc.newwanip: Creating rrd update script
Aug 3 18:05:38	php-fpm	398	/rc.newwanipv6: rc.newwanipv6: Info: starting on pppoe0.
Aug 3 18:05:38	php-fpm	398	/rc.newwanipv6: rc.newwanipv6: No IPv6 address found for interface WAN [wan].
Aug 3 18:05:38	php-cgi	464	rc.bootup: calling interface_dhcpv6_configure.
Aug 3 18:05:38	check_reload_status	429	starting sshd
Aug 3 18:05:38	php-cgi	464	rc.bootup: Resyncing OpenVPN instances.
Aug 3 18:05:38	kernel		done.
Aug 3 18:05:38	php-cgi	464	rc.bootup: The gateway: WG_Gateway is invalid or unknown, not using it.
Aug 3 18:05:38	kernel		..
Aug 3 18:05:38	kernel		..
Aug 3 18:05:38	rtsold	43915	Received RA specifying route fe80::7a19:f7ff:fe0c:f4 for interface wan(pppoe0)
Aug 3 18:05:38	rtsold	44847	RTSOLD Lock in place - sending SIGHUP to dhcp6c
Aug 3 18:05:38	php-fpm	398	/rc.newwanipv6: rc.newwanipv6: Info: starting on pppoe0.
Aug 3 18:05:38	php-fpm	398	/rc.newwanipv6: rc.newwanipv6: on (IP address: 2001:16a2:5:a795:be24:11ff:fe79:97de) (interface: wan) (real interface: pppoe0).
Aug 3 18:05:39	kernel		.
Aug 3 18:05:39	kernel		done.
Aug 3 18:05:39	php-fpm	69215	/rc.newwanipv6: rc.newwanipv6: Info: starting on pppoe0.
Aug 3 18:05:39	php-fpm	69215	/rc.newwanipv6: rc.newwanipv6: on (IP address: 2001:16a2:5:a795:be24:11ff:fe79:97de) (interface: wan) (real interface: pppoe0).
Aug 3 18:05:40	php-fpm	397	/rc.newwanip: pfSense package system has detected an IP change or dynamic WAN reconnection - 37.107.190.148 -> 37.104.198.61 - Restarting packages.
Aug 3 18:05:40	check_reload_status	429	Starting packages
Aug 3 18:05:40	sshd	89242	Server listening on :: port 22.
Aug 3 18:05:40	sshd	89242	Server listening on 0.0.0.0 port 22.
Aug 3 18:05:40	sshguard	89949	Now monitoring attacks.
Aug 3 18:05:41	php-fpm	397	/rc.start_packages: Restarting/Starting all packages.
Aug 3 18:05:41	php-fpm	397	/rc.start_packages: Configuration Change: (system): [pfSense-pkg-WireGuard] De-installed earlyshellcmd(s).
Aug 3 18:05:41	check_reload_status	429	Syncing firewall
Aug 3 18:05:41	php-fpm	397	/rc.start_packages: Configuration Change: (system): [pfSense-pkg-WireGuard] Installed earlyshellcmd(s).
Aug 3 18:05:41	check_reload_status	429	Syncing firewall
Aug 3 18:05:41	php-fpm	397	/rc.start_packages: Configuration Change: (system): [pfSense-pkg-WireGuard] De-installed interface group (WireGuard).
Aug 3 18:05:41	php-fpm	397	/rc.start_packages: Configuration Change: (system): [pfSense-pkg-WireGuard] Installed interface group (WireGuard).
Aug 3 18:05:41	php-fpm	397	/rc.start_packages: Configuration Change: (system): [pfSense-pkg-WireGuard] De-installed Unbound ACL group (WireGuard).
Aug 3 18:05:41	php-fpm	397	/rc.start_packages: Configuration Change: (system): [pfSense-pkg-WireGuard] Installed Unbound ACL group (WireGuard).
Aug 3 18:05:41	php-fpm	397	/rc.start_packages: Configuration Change: (system): [pfSense-pkg-WireGuard] Applied package default settings as necessary.
Aug 3 18:05:41	php-fpm	398	/rc.newwanipv6: Gateway, NONE AVAILABLE
Aug 3 18:05:41	kernel		tun_wg0: link state changed to DOWN
Aug 3 18:05:41	php-fpm	398	/rc.newwanipv6: Gateway, NONE AVAILABLE
Aug 3 18:05:41	php-cgi	464	rc.bootup: The command '/usr/local/bin/dpinger -S -r 0 -i WAN_DHCP6 -B fe80::be24:11ff:fe79:97de%pppoe0 -p /var/run/dpinger_WAN_DHCP6~fe80::be24:11ff:fe79:97de%pppoe0~fe80::7a19:f7ff:fe0c:f4%pppoe0.pid -u /var/run/dpinger_WAN_DHCP6~fe80::be24:11ff:fe79:97de%pppoe0~fe80::7a19:f7ff:fe0c:f4%pppoe0.sock -C "/etc/rc.gateway_alarm" -d 1 -s 500 -l 2000 -t 60000 -A 1000 -D 500 -L 20 fe80::7a19:f7ff:fe0c:f4%pppoe0 >/dev/null' returned exit code '1', the output was ''
Aug 3 18:05:41	php-cgi	464	rc.bootup: Error starting gateway monitor for WAN_DHCP6
Aug 3 18:05:41	php-fpm	69215	/rc.newwanipv6: The command '/usr/local/bin/dpinger -S -r 0 -i WAN_DHCP6 -B fe80::be24:11ff:fe79:97de%pppoe0 -p /var/run/dpinger_WAN_DHCP6~fe80::be24:11ff:fe79:97de%pppoe0~fe80::7a19:f7ff:fe0c:f4%pppoe0.pid -u /var/run/dpinger_WAN_DHCP6~fe80::be24:11ff:fe79:97de%pppoe0~fe80::7a19:f7ff:fe0c:f4%pppoe0.sock -C "/etc/rc.gateway_alarm" -d 1 -s 500 -l 2000 -t 60000 -A 1000 -D 500 -L 20 fe80::7a19:f7ff:fe0c:f4%pppoe0 >/dev/null' returned exit code '1', the output was ''
Aug 3 18:05:41	php-fpm	69215	/rc.newwanipv6: Error starting gateway monitor for WAN_DHCP6
Aug 3 18:05:41	php-cgi	464	rc.bootup: Gateway, NONE AVAILABLE
Aug 3 18:05:41	php-cgi	464	rc.bootup: Gateway, NONE AVAILABLE
Aug 3 18:05:41	php_wg	11182	/usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] De-installed earlyshellcmd(s).
Aug 3 18:05:41	kernel		done.
Aug 3 18:05:41	php_wg	11182	/usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] Installed earlyshellcmd(s).
Aug 3 18:05:41	php_wg	11182	/usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] De-installed interface group (WireGuard).
Aug 3 18:05:41	php-fpm	69215	/rc.newwanipv6: Gateway, NONE AVAILABLE
Aug 3 18:05:41	php_wg	11182	/usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] Installed interface group (WireGuard).
Aug 3 18:05:41	php-fpm	69215	/rc.newwanipv6: Gateway, NONE AVAILABLE
Aug 3 18:05:41	php_wg	11182	/usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] De-installed Unbound ACL group (WireGuard).
Aug 3 18:05:41	php_wg	11182	/usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] Installed Unbound ACL group (WireGuard).
Aug 3 18:05:41	php_wg	11182	/usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] Applied package default settings as necessary.
Aug 3 18:05:41	kernel		done.
Aug 3 18:05:41	kernel		wg0: changing name to 'tun_wg0'
Aug 3 18:05:41	kernel		tun_wg0: link state changed to UP
Aug 3 18:05:41	php_wg	11182	/usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] De-installed earlyshellcmd(s).
Aug 3 18:05:41	php_wg	11182	/usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] Installed earlyshellcmd(s).
Aug 3 18:05:41	php_wg	11182	/usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] De-installed interface group (WireGuard).
Aug 3 18:05:41	php_wg	11182	/usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] Installed interface group (WireGuard).
Aug 3 18:05:41	php_wg	11182	/usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] De-installed Unbound ACL group (WireGuard).
Aug 3 18:05:41	php_wg	11182	/usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] Installed Unbound ACL group (WireGuard).
Aug 3 18:05:41	php_wg	11182	/usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] Applied package default settings as necessary.
Aug 3 18:05:42	php_wg	11182	/usr/local/pkg/wireguard/includes/wg_service.inc: Gateway, NONE AVAILABLE
Aug 3 18:05:42	php_wg	11182	/usr/local/pkg/wireguard/includes/wg_service.inc: Gateway, NONE AVAILABLE
Aug 3 18:05:42	php-fpm	69215	/rc.newwanipv6: rc.newwanipv6: Info: starting on pppoe0.
Aug 3 18:05:42	php-fpm	69215	/rc.newwanipv6: rc.newwanipv6: on (IP address: 2001:16a2:5:a795:be24:11ff:fe79:97de) (interface: wan) (real interface: pppoe0).
Aug 3 18:05:43	php-fpm	69215	/rc.newwanipv6: Gateway, NONE AVAILABLE
Aug 3 18:05:43	php-fpm	69215	/rc.newwanipv6: Gateway, NONE AVAILABLE
Aug 3 18:05:48	php-cgi	464	rc.bootup: NTPD is starting up.
Aug 3 18:05:48	kernel		done.
Aug 3 18:05:49	kernel		done.
Aug 3 18:05:49	kernel		done.
Aug 3 18:05:49	check_reload_status	429	Updating all dyndns
Aug 3 18:05:50	php-cgi	464	rc.bootup: The gateway: WG_Gateway is invalid or unknown, not using it.
Aug 3 18:05:50	kernel		..
Aug 3 18:05:50	kernel		..
Aug 3 18:05:50	php-cgi	464	rc.bootup: The command '/usr/local/sbin/strongswanrc stop' returned exit code '1', the output was 'strongswan not running? (check /var/run/daemon-charon.pid).'
Aug 3 18:05:50	kernel		.done.
Aug 3 18:05:53	php-fpm	398	/index.php: Successful login for user 'admin' from: 192.168.1.34 (Local Database)
Aug 3 18:05:54	php-cgi	464	rc.bootup: Creating rrd update script
Aug 3 18:05:54	php-cgi	464	rc.bootup: miniupnpd: Starting service on interface: lan
Aug 3 18:05:54	kernel		done.
Aug 3 18:05:54	kernel		done.
Aug 3 18:05:54	check_reload_status	429	Reloading filter
Aug 3 18:05:55	syslogd		exiting on signal 15
Aug 3 18:05:55	syslogd		kernel boot file is /boot/kernel/kernel
Aug 3 18:05:55	php-fpm	397	/rc.start_packages: Restarting/Starting all packages.
Aug 3 18:05:55	php-fpm	397	/rc.start_packages: Configuration Change: (system): [pfSense-pkg-WireGuard] De-installed earlyshellcmd(s).
Aug 3 18:05:55	check_reload_status	429	Syncing firewall
Aug 3 18:05:55	php-fpm	397	/rc.start_packages: Configuration Change: (system): [pfSense-pkg-WireGuard] Installed earlyshellcmd(s).
Aug 3 18:05:55	check_reload_status	429	Syncing firewall
Aug 3 18:05:55	php-fpm	397	/rc.start_packages: Configuration Change: (system): [pfSense-pkg-WireGuard] De-installed interface group (WireGuard).
Aug 3 18:05:55	php-fpm	397	/rc.start_packages: Configuration Change: (system): [pfSense-pkg-WireGuard] Installed interface group (WireGuard).
Aug 3 18:05:55	php-fpm	397	/rc.start_packages: Configuration Change: (system): [pfSense-pkg-WireGuard] De-installed Unbound ACL group (WireGuard).
Aug 3 18:05:55	php-fpm	397	/rc.start_packages: Configuration Change: (system): [pfSense-pkg-WireGuard] Installed Unbound ACL group (WireGuard).
Aug 3 18:05:55	php-fpm	397	/rc.start_packages: Configuration Change: (system): [pfSense-pkg-WireGuard] Applied package default settings as necessary.
Aug 3 18:05:55	root	85252	Bootup complete
Aug 3 18:05:55	kernel		tun_wg0: link state changed to DOWN
Aug 3 18:05:55	php_wg	82172	/usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] De-installed earlyshellcmd(s).
Aug 3 18:05:55	php_wg	82172	/usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] Installed earlyshellcmd(s).
Aug 3 18:05:55	php_wg	82172	/usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] De-installed interface group (WireGuard).
Aug 3 18:05:55	php_wg	82172	/usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] Installed interface group (WireGuard).
Aug 3 18:05:56	php_wg	82172	/usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] De-installed Unbound ACL group (WireGuard).
Aug 3 18:05:56	php_wg	82172	/usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] Installed Unbound ACL group (WireGuard).
Aug 3 18:05:56	php_wg	82172	/usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] Applied package default settings as necessary.
Aug 3 18:05:56	kernel		wg0: changing name to 'tun_wg0'
Aug 3 18:05:56	php-fpm	398	/rc.filter_configure_sync: dpinger: No dpinger session running for gateway WAN_DHCP6
Aug 3 18:05:56	kernel		tun_wg0: link state changed to UP
Aug 3 18:05:56	php-fpm	398	/rc.filter_configure_sync: The gateway: WG_Gateway is invalid or unknown, not using it.
Aug 3 18:05:56	php_wg	82172	/usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] De-installed earlyshellcmd(s).
Aug 3 18:05:56	php_wg	82172	/usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] Installed earlyshellcmd(s).
Aug 3 18:05:56	php_wg	82172	/usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] De-installed interface group (WireGuard).
Aug 3 18:05:56	php_wg	82172	/usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] Installed interface group (WireGuard).
Aug 3 18:05:56	php_wg	82172	/usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] De-installed Unbound ACL group (WireGuard).
Aug 3 18:05:56	php_wg	82172	/usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] Installed Unbound ACL group (WireGuard).
Aug 3 18:05:56	php_wg	82172	/usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] Applied package default settings as necessary.
Aug 3 18:05:56	php_wg	82172	/usr/local/pkg/wireguard/includes/wg_service.inc: Gateway, NONE AVAILABLE
Aug 3 18:05:56	php_wg	82172	/usr/local/pkg/wireguard/includes/wg_service.inc: Gateway, NONE AVAILABLE
Aug 3 18:05:56	check_reload_status	429	Reloading filter
Aug 3 18:05:56	php_wg	66726	/usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] Enabled all WireGuard gateways.
Aug 3 18:05:56	check_reload_status	429	Syncing firewall
Aug 3 18:05:56	php_wg	66726	/usr/local/pkg/wireguard/includes/wg_service.inc: Removing static route for monitor 1.1.1.1 and adding a new route through 10.255.255.1
Aug 3 18:05:57	login	89018	login on ttyv0 as root
Aug 3 18:05:57	sshguard	92505	Now monitoring attacks.
Aug 3 18:05:59	rc.gateway_alarm	31008	>>> Gateway alarm: WG_Gateway (Addr:1.1.1.1 Alarm:1 RTT:0ms RTTsd:0ms Loss:100%)
Aug 3 18:05:59	check_reload_status	429	updating dyndns WG_Gateway
Aug 3 18:05:59	check_reload_status	429	Restarting IPsec tunnels
Aug 3 18:05:59	check_reload_status	429	Restarting OpenVPN tunnels/interfaces
Aug 3 18:05:59	check_reload_status	429	Reloading filter
Aug 3 18:06:00	sshguard	92505	Exiting on signal.
Aug 3 18:06:00	sshguard	72932	Now monitoring attacks.
Aug 3 18:06:00	php-fpm	398	/rc.openvpn: Gateway, NONE AVAILABLE
Aug 3 18:06:00	php-fpm	398	/rc.openvpn: Gateway, NONE AVAILABLE
Aug 3 18:06:01	nginx		2024/08/03 18:06:01 [error] 73079#100543: send() failed (54: Connection reset by peer) while logging to syslog, server: unix:/var/run/log
Aug 3 18:07:37	kernel		cannot forward src fe80:1::84e6:8dff:fe95:1c99, dst 2001:16a2:979:ba00:be24:11ff:fe79:97de, nxt 58, rcvif vtnet0, outif pppoe0
Aug 3 18:07:37	kernel		cannot forward src fe80:1::84e6:8dff:fe95:1c99, dst 2001:16a2:979:ba00:be24:11ff:fe79:97de, nxt 58, rcvif vtnet0, outif pppoe0
Aug 3 18:07:38	kernel		cannot forward src fe80:1::84e6:8dff:fe95:1c99, dst 2001:16a2:979:ba00:be24:11ff:fe79:97de, nxt 58, rcvif vtnet0, outif pppoe0
Aug 3 18:07:39	kernel		cannot forward src fe80:1::84e6:8dff:fe95:1c99, dst 2001:16a2:979:ba00:be24:11ff:fe79:97de, nxt 58, rcvif vtnet0, outif pppoe0
Aug 3 18:07:40	kernel		cannot forward src fe80:1::84e6:8dff:fe95:1c99, dst 2001:16a2:979:ba00:be24:11ff:fe79:97de, nxt 58, rcvif vtnet0, outif pppoe0
Aug 3 18:07:40	kernel		cannot forward src fe80:1::84e6:8dff:fe95:1c99, dst 2001:16a2:979:ba00:be24:11ff:fe79:97de, nxt 58, rcvif vtnet0, outif pppoe0
Aug 3 18:07:41	kernel		cannot forward src fe80:1::84e6:8dff:fe95:1c99, dst 2001:16a2:979:ba00:be24:11ff:fe79:97de, nxt 58, rcvif vtnet0, outif pppoe0
Aug 3 18:07:42	kernel		cannot forward src fe80:1::84e6:8dff:fe95:1c99, dst 2001:16a2:979:ba00:be24:11ff:fe79:97de, nxt 58, rcvif vtnet0, outif pppoe0
Aug 3 18:07:43	kernel		cannot forward src fe80:1::84e6:8dff:fe95:1c99, dst 2001:16a2:979:ba00:be24:11ff:fe79:97de, nxt 58, rcvif vtnet0, outif pppoe0
Aug 3 18:07:44	kernel		cannot forward src fe80:1::84e6:8dff:fe95:1c99, dst 2001:16a2:979:ba00:be24:11ff:fe79:97de, nxt 58, rcvif vtnet0, outif pppoe0
Aug 3 18:12:00	sshguard	72932	Exiting on signal.
Aug 3 18:12:00	sshguard	9739	Now monitoring attacks.
Aug 3 18:14:35	kernel		cannot forward src fe80:1::833:56ff:fe44:6284, dst 2001:16a2:979:ba00:be24:11ff:fe79:97de, nxt 58, rcvif vtnet0, outif pppoe0
Aug 3 18:14:36	kernel		cannot forward src fe80:1::833:56ff:fe44:6284, dst 2001:16a2:979:ba00:be24:11ff:fe79:97de, nxt 58, rcvif vtnet0, outif pppoe0
Aug 3 18:14:37	kernel		cannot forward src fe80:1::833:56ff:fe44:6284, dst 2001:16a2:979:ba00:be24:11ff:fe79:97de, nxt 58, rcvif vtnet0, outif pppoe0
Aug 3 18:14:38	kernel		cannot forward src fe80:1::833:56ff:fe44:6284, dst 2001:16a2:979:ba00:be24:11ff:fe79:97de, nxt 58, rcvif vtnet0, outif pppoe0
Aug 3 18:14:39	kernel		cannot forward src fe80:1::833:56ff:fe44:6284, dst 2001:16a2:979:ba00:be24:11ff:fe79:97de, nxt 58, rcvif vtnet0, outif pppoe0
Aug 3 18:24:59	php-fpm	69215	/wg/vpn_wg_settings.php: Configuration Change: admin@192.168.20.2 (Local Database): [pfSense-pkg-WireGuard] Applied package default settings as necessary.
Aug 3 18:24:59	check_reload_status	429	Syncing firewall
Aug 3 18:25:39	php-fpm	69215	/wg/vpn_wg_settings.php: Configuration Change: admin@192.168.20.2 (Local Database): [pfSense-pkg-WireGuard] Applied package default settings as necessary.
Aug 3 18:25:39	check_reload_status	429	Syncing firewall
Aug 3 18:25:44	php-fpm	397	/wg/vpn_wg_settings.php: Configuration Change: admin@192.168.20.2 (Local Database): [pfSense-pkg-WireGuard] Applied package default settings as necessary.
Aug 3 18:25:44	check_reload_status	429	Syncing firewall
Aug 3 18:25:55	php-fpm	69215	/wg/vpn_wg_settings.php: Configuration Change: admin@192.168.20.2 (Local Database): [pfSense-pkg-WireGuard] Applied package default settings as necessary.
Aug 3 18:25:55	check_reload_status	429	Syncing firewall
Aug 3 18:26:27	php-fpm	398	/system_gateways_edit.php: Configuration Change: admin@192.168.20.2 (Local Database): Gateway settings changed
Aug 3 18:26:27	check_reload_status	429	Syncing firewall
Aug 3 18:26:28	php-fpm	397	/system_gateways.php: Removing static route for monitor 1.1.1.1 and adding a new route through 10.255.255.1
Aug 3 18:26:29	php-fpm	397	/system_gateways.php: Gateway, NONE AVAILABLE
Aug 3 18:26:29	php-fpm	397	/system_gateways.php: Gateway, NONE AVAILABLE
Aug 3 18:26:29	check_reload_status	429	Reloading filter
Aug 3 18:26:29	check_reload_status	429	Updating all dyndns

Any help would be appreciated.

Bob.Dig · Aug 3, 2024, 8:29 PM

@GTR_991 Don't use Service Watchdog for WireGuard. What gateway? And have you set your Default gateway as WAN?

GTR_991 · Aug 9, 2024, 6:45 AM

@Bob-Dig

Actually I use wireguard as client only, my goal to route only vlan20 through vpn gateway, while the main lan going through wan gateway.

Therefore I created a second non local gateway based on the configuration file provided by windscribe.

After setting up the WireGuard interface, instance and peer. I created a nat rule for WireGuard interface then,
I created a rule to route all traffic from vlan20 through Wireguard Gateway.

It’s all working and dandy till I reboot-> wireguard connection shows red -> wireguard gateway not up.
And only way to make it work by resetting the gateway or reinstalling wireguard.

Btw my main wan connection is PPPOE if makes any difference.

boyan1 · Aug 21, 2024, 4:53 PM

In my case i had the same problem. Configured wireguard for site to site vpn where Site A had to route and use internet traffic from Site B. Everything was working fine except when i restart the pfsense at Site A, the WG gateway does not always come back online after reboot so the connection is stuck and there is no internet at all because the default gateway is set to WG-GW.

So i tried solving this problem first with firewall rules and force traffic from Site A lan to always pass through WG, however it wasn't an elegant solution. Then i tested a couple of things at the next reboot while the WG gateway was "stuck" and found out the firewall had some "bad" states which were holding up the WG GW traffic.

After flushing the states, the gateway started getting traffic and Site A was back online. So finally i thought about either writing a shell script to reset the states at boot time or via cron.

I ended up installing the cron package and adding the following cron job to the table:

@reboot root sleep 30 && ping -c4 8.8.8.8 || pfctl -F state

So basically, after pfsense reboots, it will wait for 30 seconds, then try to ping google 4 times and if that fails then it will flush firewall states so the wireguard gateway comes back online.

This solved my problem as i moved away from OpenVPN in favor of WireGuard.

The cron table last line should look like this:

minute: @reboot
hour, day, month, week (leave empty)
user: root
command: sleep 30 && ping -c4 8.8.8.8 || pfctl -F state

McMurphy · Aug 26, 2024, 7:02 AM

@GTR_991
https://redmine.pfsense.org/issues/15098

yonion · Nov 21, 2024, 4:06 PM

@GTR_991 Hi guys,

I have the same issue. I'm running pfsense CE 2.7.2 and after restart I have to enable the wireguard gateway, then start the wireguard service.
I was thinking to do a script and add it to a cron job, but I couldn't find the right command that can enable the wireguard gateway. Any help is much appreciated. thanks.