Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Gateway Monitoring Failure after Restart

    General pfSense Questions
    3
    8
    191
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      BrianBG
      last edited by

      Hello Everyone,
      I have an interesting problem and was hoping people here could help me. I am running 2.7.2 and it has been working fairly flawlessly. I have 4 Wireguard Tunnels for over two years with functioning interfaces, tunnels, etc. For over a year I have been using an external monitor IP for each gateway, like 1.1.1.1.

      Lately, upon reboot, all of my Wireguard gateways are down with 100% packet loss. The tunnels are up and working according to Wireguard status.

      However, If I go in to each of the gateways, delete the Monitor IPs, save, apply changes, then immediately go back in and add back the monitor IPs, then they work. This only seems to be a problem on reboot, and only recently. Any idea what the problem is or what I can do? While it sounds a little whiney, I want my router to be able to reboot without me always having to go in and manually reset the monitor ips. Thanks in advance.

      L 1 Reply Last reply Reply Quote 0
      • stephenw10S
        stephenw10 Netgate Administrator
        last edited by

        Do the WG tunnels have unique gateway IPs? Do you see any errors at boot?

        B 1 Reply Last reply Reply Quote 0
        • L
          lcbbcl @BrianBG
          last edited by

          @BrianBG I had the same problem. I don't know if it a bug but if i set as gw the wg interface ip and i don't use to external monitor. Also on the wg inferface CIDR is /32 is working.

          B 1 Reply Last reply Reply Quote 0
          • B
            BrianBG @lcbbcl
            last edited by

            @lcbbcl Thanks for this answer, but then it is pinging itself and sometimes the tunnel can be “up” but not permitting traffic. I like the external IP and it works well. You are right though, I will have to go this route if I can’t solve it.

            1 Reply Last reply Reply Quote 0
            • stephenw10S
              stephenw10 Netgate Administrator
              last edited by

              Hmm, I had assumed he meant the remote WG interface IP? If not then, yeah there's no point monitoring the local IP. You might as well just disable monitoring in that case.

              L 1 Reply Last reply Reply Quote 0
              • B
                BrianBG @stephenw10
                last edited by

                @stephenw10 Where do I see Wireguard logs? I don’t see them under System Logs.

                1 Reply Last reply Reply Quote 0
                • L
                  lcbbcl @stephenw10
                  last edited by

                  @stephenw10 Well i use wg this way because for rare circumstances i need to use wg tunel inside a tailscale tunel. And if i don't remove external monitoring for wg i will have a routing loop. Also for tailscale outbound is not a good idea to bind tailscale ip to localhost

                  1 Reply Last reply Reply Quote 0
                  • stephenw10S
                    stephenw10 Netgate Administrator
                    last edited by

                    Wireguard produces almost no logs which makes troubleshooting....interesting! So there are no WG specific logs. You can only see the interfaces connection in the system logs or check the states for passing traffic etc.

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.