Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    pfSense 2.4 wont reboot after interface removal - route cannot be added, network unreachable

    Scheduled Pinned Locked Moved General pfSense Questions
    12 Posts 3 Posters 3.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • stephenw10S
      stephenw10 Netgate Administrator
      last edited by

      By far the most likely issue there is that you have something still configured to run on the interface you removed, I would guess an IPSec tunnel. I would search your config for references to either the removed interface or the subnet.

      Steve

      1 Reply Last reply Reply Quote 0
      • M
        mix_room
        last edited by mix_room

        I removed all Phase 2 entries that might have been affected. The only ones that were present were disabled, but they were removed nonetheless.
        That didn't make a difference.

        I started looking around where else there might have been an issue. Next two were Unbound DNSmasq and NTP portions of the XML. These two were supposed to bind to the inactivated interface. Now it boots, but there are still error messages in the start-up log.

        1 Reply Last reply Reply Quote 0
        • stephenw10S
          stephenw10 Netgate Administrator
          last edited by

          Can we see those errors?

          1 Reply Last reply Reply Quote 0
          • M
            mix_room
            last edited by

            See for example the last bootup log:

            Sep 8 14:13:03	php-cgi		rc.bootup: Default gateway setting Interface wan Gateway as default.
Sep 8 14:13:03	php-cgi		rc.bootup: The command '/sbin/ifconfig 'ipsec5000' inet tunnel '85.XX.XX.XX' 'vpn.example2.com' up' returned exit code '1', the output was 'ifconfig: error in parsing address string: hostname nor servname provided, or not known'
Sep 8 14:13:03	php-cgi		rc.bootup: The command '/sbin/ifconfig 'ipsec5000' destroy' returned exit code '1', the output was 'ifconfig: interface ipsec5000 does not exist'
Sep 8 14:13:03	php-cgi		rc.bootup: Default gateway setting Interface wan Gateway as default.
Sep 8 14:13:03	php-cgi		rc.bootup: The command '/sbin/ifconfig 'ipsec4000' inet tunnel '85.XX.XX.XX' 'vpn.example.com' up' returned exit code '1', the output was 'ifconfig: error in parsing address string: hostname nor servname provided, or not known'
Sep 8 14:13:03	php-cgi		rc.bootup: The command '/sbin/ifconfig 'ipsec4000' destroy' returned exit code '1', the output was 'ifconfig: interface ipsec4000 does not exist'
Sep 8 14:13:03	php-cgi		rc.bootup: Default gateway setting Interface wan Gateway as default.
Sep 8 14:13:03	php-cgi		rc.bootup: The command '/sbin/ifconfig 'ipsec3000' inet tunnel '85.XX.XX.XX' 'vpn.example3.com' up' returned exit code '1', the output was 'ifconfig: error in parsing address string: hostname nor servname provided, or not known'
**Sep 8 14:13:03	kernel		route: writing to routing socket: Network is unreachable**
Sep 8 14:13:03	php-cgi		rc.bootup: The command '/sbin/ifconfig 'ipsec3000' destroy' returned exit code '1', the output was 'ifconfig: interface ipsec3000 does not exist'
Sep 8 14:13:03	php-cgi		rc.bootup: Default gateway setting Interface wan Gateway as default.
Sep 8 14:13:03	kernel		vlan2: changing name to 'igb1.3646'
Sep 8 14:13:03	php-cgi		rc.bootup: The command '/sbin/ifconfig 'ipsec2000' destroy' returned exit code '1', the output was 'ifconfig: interface ipsec2000 does not exist'
Sep 8 14:13:02	kernel		vlan1: changing name to 'igb7.466'
Sep 8 14:13:02	kernel		vlan0: changing name to 'igb7.1052'
Sep 8 14:13:02	kernel		aesni0: <AES-CBC,AES-XTS,AES-GCM,AES-ICM> on motherboard

            The rest of the messages do not seem to make it into the log, and I do not feel like manually transcribing a video of the boot process.

            1 Reply Last reply Reply Quote 0
            • M
              mix_room
              last edited by

              The ** are not actually in the log, but I get flagged as SPAM when trying to post the log.

              1 Reply Last reply Reply Quote 0
              • kiokomanK
                kiokoman LAYER 8
                last edited by

                are that ipsec configured or pfSense is "remembering" some old configuration ?

                ̿' ̿'\̵͇̿̿\з=(◕_◕)=ε/̵͇̿̿/'̿'̿ ̿
                Please do not use chat/PM to ask for help
                we must focus on silencing this @guest character. we must make up lies and alter the copyrights !
                Don't forget to Upvote with the 👍 button for any post you find to be helpful.

                1 Reply Last reply Reply Quote 0
                • stephenw10S
                  stephenw10 Netgate Administrator
                  last edited by

                  Mmm, you removed all the P2s but are any of those P1s on the removed interface?

                  I assume vpn.example3.com etc are substitutes for the real fqdns there? Are the real values resolvable?

                  Steve

                  M 1 Reply Last reply Reply Quote 0
                  • M
                    mix_room @stephenw10
                    last edited by stephenw10

                    @kiokoman said in pfSense 2.4 wont reboot after interface removal - route cannot be added, network unreachable:

                    are that ipsec configured or pfSense is "remembering" some old configuration ?

                    They are configured. I have about 8 tunnels that are configured and active.

                    @stephenw10 said in pfSense 2.4 wont reboot after interface removal - route cannot be added, network unreachable:

                    Mmm, you removed all the P2s but are any of those P1s on the removed interface?

                    I assume vpn.example3.com etc are substitutes for the real fqdns there? Are the real values resolvable?

                    The removed interface was internal, there were no P1s configured on it. I checked the full config XML just to be sure.
                    Yes. They are substitutes. The real values are normally resolvable, they just do not seem to be resolvable during this step.

                    1 Reply Last reply Reply Quote 0
                    • stephenw10S
                      stephenw10 Netgate Administrator
                      last edited by

                      Do those tunnels come up correctly after bootup is complete? If so that might just have to be considered log spam if those fqdns actually need to be resolved.
                      Otherwise you could just use IPs there or maybe add static entries for them.

                      Steve

                      M 1 Reply Last reply Reply Quote 0
                      • M
                        mix_room @stephenw10
                        last edited by

                        @stephenw10 said in pfSense 2.4 wont reboot after interface removal - route cannot be added, network unreachable:

                        Do those tunnels come up correctly after bootup is complete? If so that might just have to be considered log spam if those fqdns actually need to be resolved.
                        Otherwise you could just use IPs there or maybe add static entries for them.

                        The endpoints are on dynamic IPs, hence the need for hostnames. They resolve to dynamic ones.
                        The tunnels come up, I would consider it log spam.

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.