Wireguard Site-to-Site Gateways disabled after reboot - service not starting
-
Hi,
it has been 7 months now.
Since the 22.05 release the is a bug in pfsense/wireguard.In 2.6.0 everything works perfekt
Tested today the 2.7.0 again. Same issue.
After the upgrade the service and gateway come up once.
After a reboot the gateways stay disabled and there service does not start.I do not want the go somewhere else, but there is no help for that problem anywhere.
Sebastian
On Reddit the discussion is about the PPPOE connection which might cause the problem.
link textHere is a post on Lawrence systems forums:
link textand another one:
link textHere is my closed bug report:
link textand here is the old bug report which did not workout for me:
link text -
@buzz2912 I had a PPPoE connection before and used 22.05 with WireGuard and had no problem.
-
I have no idea why there are not more people with this problem.
My site-to-site connections do not use NAT. I wanted to see the source IP address to filter traffic. Maybe that is a reason why this happens.
Anyone else on 22.05 or 2.7.0 using wireguard site-to-site without NAT and not having problems?S.
-
@buzz2912 I use s2s without NAT, probably many people are using it after that great video Christian McDonald did is my guess. But I only connect my pfSense to a windows server, not another Sense.
Still I think you should really show you config and let others have a look at it. "It is not working" is not doing anything. -
Here you go:
Installation was on 2.5. Initially with NAT, than without.
3 different site-to-site connections. All to pfsense 2.6.0
Update to 2.6.0, no problems. I am running this in production.
22.01 plus update, no problems
22.05. plus update:
First reboot, everything fine and up.
reboot, gateways hidden, service ist not starting, not even on click.
Reinstall package wireguard, everything up and running, reboot: dead again.
If I manually activate the gateways and after that start the service, it runs.
Gateway monitoring does not make a difference.
2.7.0 same behavior as on 22.05Internet connection:
When the problem occurred for the first time, I had two connections in Failover mode (cable+PPPOE). At the moment I have only one PPPOE connection.I did a fresh install and did a config restore. Same problems.
I gave up and used 2.6.0 since the 22.05 release without any problem.
I had hoped that this will be relsolved with the 2.7.0 release, but it seems not to.
Config:
Interface:
Gateway:
Route:
-
@buzz2912 So this screenshot is not 22.05 I guess.
And all other pfSense are 2.6.0... so this is not my setup.But no one had yet replied to your thread here. I would recreate all the tunnels from scratch. Or wait if someone else has the same problem and you find the cause together.
Make sure that the default gateways are not set to automatic but to your WAN or WAN failover group is some common error with WG. -
@bob-dig
This is my current 2.6.0 config prior the update.
Standard gateway is (and was) set correctly. -
Here is my upgrade to 22.05 for the screenshot and logs.
After the first boot 2/3 were marked online, one pending. In reality all remote networks were reachable.
wireguard service marked as down
service watchdog was trying every minute to start the service. No success.
I removed the package wireguard. After that I did a config restore.
After reboot, wireguard was reinstalled and started successfully. All tunnels und gateways up, service running.My config seems alright. How could this work otherwise?
And here we go again:
reboot of the running 22.05 system (all tunnels up before reboot)all gateways down
service down
and here is the system log
-
upgrade to 23.01 beta
after the first boot:
All gateways hidden
wireguard service deadadditional message:
reinstall wireguard package
all site to site connections and gateways up and running.reboot 23.01 beta (with running connections). Here we go again:
same entries in system log
-
@buzz2912 I have the same problem after reboot i get error of unknow gateway and is disabled.
Without adding gateway wireguard start. -
I have not found a solution.
I am using opnense now. It just works. -
@buzz2912
This is hilarious again after restart i got the GW disabled and i manually enabled the gateway, this made my tunnel work but the wireguard is not running.
But still on others threads they claim that is working as it should.
Well i will give a try also to open.
-
I do not understand what we do different.
-
@buzz2912
We don't do nothing different , i did try everything. 1/10 reboots wg is working as it should so it is clear to me that is not how i set up. Its is something different, pppoe could be a coincidence or not. without adding a gw to the tunnel wg is coming up. -
Hi,
I have the same problem with wireguard tunnels. I am on 22.05 and there this problem also exists. Every reboot itās a 50-50% chance my wireguard tunnels will come up.
I was briefly on 23.01 and there 100% of the time my wireguard tunnels would not come back after a reboot. Reinstalling the wireguard package did fix it for the next reboot after reinstalling the package but every following reboot would turn up the same problem. Gateways disabled and wireguard tunnels and service both down and not way of enabling or starting them. Definitely a bug. I have pppoe as well on WAN.
I returned to 22.05 because of a bug with igmp and for now this is ok. Hopefully some fixes will come for the next release. I read somewhere that on the other *sense firewall this problem does not exist. Wondering how they solved it š§
-
@vjizzle
Well i have this problem long time ago, i moved from 2.6 to 22.01 22.05 and now 23. I had always pppoe connection and it did work in the past but after last updates to wg i start to have problems. I might try to use openvpn just to see because that was working years without any problems and now i see posts about openvpn also with similar problems.
I don't expect bugs free, it is just that the bug was reported and they close saying that wg work as it should be.
