Wireguard Site-to-Site Gateways disabled after reboot - service not starting
-
@vjizzle
Well i have this problem long time ago, i moved from 2.6 to 22.01 22.05 and now 23. I had always pppoe connection and it did work in the past but after last updates to wg i start to have problems. I might try to use openvpn just to see because that was working years without any problems and now i see posts about openvpn also with similar problems.
I don't expect bugs free, it is just that the bug was reported and they close saying that wg work as it should be. -
B buzz2912 referenced this topic on
-
Here is a workaround:
Install package cron
Add cron jobMinute: @reboot
user: root
Command:
sleep 60 && /usr/local/sbin/pkg install -f -y pfsense-pkg-WireGuardAfter reboot the wireguard pkg is force reinstalled. After that the service and the tunnels and the gateways come up. Takes some time.
Hope that helps, Sebastian
-
I've had this same problem since almost the start of the 2.7.0 dev releases appearing. The wireguard tunnel always comes up but the gateway reports as down and the wireguard service says it's down. I can return things to normal by going to Status->Services and restarting dpinger followed by starting wireguard. The service starts and the gateway on the front page comes back online.
-
@misterb
do you have a cron command for that?I can not understand why this is not fixed after all this time.
It seems, that no one cares.Sebastian
-
@buzz2912 Ugh, this is a good solution to a bad problem. It's a shame that Wireguard behaves like this. I didn't know I was experiencing this until I rebooted prior to upgrading and my peer would not handshake. I rebooted again and it came back. I thought I was out of the woods so I upgraded to 22.05 and Wireguard hasn't worked since. I just tried the uninstall reinstall and it did eventually work. It took awhile for the peer to handshake but it eventually did. I hadn't rebooted since the last update so hopefully I won't run into this again for a long time.
-
Have same issue on pfSense + 23.05, after Save + Apply WG Gateways, it's start wotking.
-
@Gektor are you referring to the WireGuard INTERFACE that you created for your WireGuard tunnel found in the pfSense Interfaces list?
If so then I have also found that to be my only solution to reestablish my WireGuard tunnel.
I am required to DISABLE, SAVE and APPLY and then ENABLE, SAVE and APPLY the WireGuard Interface to reestablish my WireGuard tunnel.
Is there a fix for this?
Has anyone written a script to check if a WireGuard Gateway is down, offline, etc... to DISABLE and then ENABLE its associated interface?
-
@Seeking-Sense I would say to open a redmine if you believe this is a bug or a regression but the odds of that getting actioned by a dev are extremely low.
Have you tried disabling gateway monitoring? -
@michmoor said in Wireguard Site-to-Site Gateways disabled after reboot - service not starting:
Have you tried disabling gateway monitoring?
Sure have. Not only that but disabled take action as well.
And just to be clear the WireGuard Interface fails to come online after reboot.
-
@Seeking-Sense
The Solution is restarting dpinger after reboot.
Search for my post in the solution for site to site gateway down after Reboot -
What Buzz said, restart dpinger and then start Wireguard.
-
Thanks for the reply @buzz2912 I may have tried that in the past not exactly sure and just stumbled across the DISABLE & ENABLE Interface solution.
I will reboot pfSense later and try your solution.
Never the less I need an unattended automated method to implement your or my solution for the times that my internet connect flakes out or there is a power outage and yes I have pfSense on a UPS.
Also WireGuard "is running" just not functioning when I DISABLE and ENABLE it's Interface.
-
@Seeking-Sense
install cron and service watchdog. Add wireguard to service watchdog. Create a cron job @reboot && sleep 30 for designer restart Here is the link -
@buzz2912 are you saying to reinstall the WireGuard each time this happens? If so that is bonkers Or are you saying restart dpinger utilizing CRON and WATCHDOG?
-
@Seeking-Sense
At First i reinstalled. Now I am using dpinger restart -
I've just installed 2.7.0-RELEASE and the same issue and fix exists.
-
@Misterb wow really? The problem still exist? omg i won't even bother to install the new version.I just need to find a pfb replace and i am out.
Thanks you just save me some time, i had in mind a clean install. -
@Misterb thanks for being the guinea pig.
-
Tried it too. 2.7.0 and the problem is still the same.
-
Well i think that i might solved the problem after reboot. If someone can test and see if its working, i did several reboots and now my wg is coming up without the error for unknown gateway.
What i did is check the box Disable Negate rules under System/Advanced/Firewall & NAT.
But i still have the problem if my wan goes offline when it is coming back my wg connection will remain offline until i reboot the box.
This is a clean 2.7 install without restoring backup just to discard any errors. -
R rpotter28 referenced this topic on