Wireguard Plugin gestoppt nach Neustart

DasBrot

Hallo.

Ich habe mit der Pfsense V 2.7.2 ein Problem.
Wenn z.B nach einem Stromausfall oder Update die Firewall neu startet ist das Wireguard Plugin gestoppt. Woran kann das liegen ?
Als Zwischenlösung habe ich Watchdog installiert. Das startet Wireguard auch zuverlässig. Allerding werden die Routen deaktiviert wenn Wireguard gestoppt ist (direkt nach dem Neustart) und diese müssen dann händisch gestartet werden, sonst funktioniert der Datenaustausch im Tunnel nicht.

Ich habe einen recht alten Artikel gefunden, welcher das Problem beschreibt, und dpinger verantwortlich macht. Der Post ist jedoch schon sehr alt. Das müsste doch schon längst behoben sein.
Hat jemand die Lösung ?
lg
Bernd

Bob.Dig

@DasBrot said in Wireguard Plugin gestoppt nach Neustart:

Watchdog

Watchdog macht teilweise Probleme, würde ich nicht dafür einsetzen.

Hier generell keine Probleme und Stromausfälle vielleicht alle fünf Jahre?

NOCling

Hast du die mit ZFS oder UFS laufen?

Auf welcher Hardware?
Hast du eine Ram Disk?

DasBrot

@NOCling said in Wireguard Plugin gestoppt nach Neustart:

Hast du die mit ZFS oder UFS laufen?

Auf welcher Hardware?
Hast du eine Ram Disk?

Hallo. Danke für die Antwort.
Da war ich mir gerade garnicht so sicher.
Da ich aber etwas finde wie "Trying to mount root from zfs:pfSense/ROOT/default"
gehe ich von zfs aus.
Die Hardware ist ein 1 HE Gerät von Thomas Krenn.
Intel Atom D510

Hilft /var/run/dmesg.boot ?

Copyright (c) 1992-2023 The FreeBSD Project.
Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
	The Regents of the University of California. All rights reserved.
FreeBSD is a registered trademark of The FreeBSD Foundation.
FreeBSD 14.0-CURRENT amd64 1400094 #1 RELENG_2_7_2-n255948-8d2b56da39c: Wed Dec  6 20:45:47 UTC 2023
    root@freebsd:/var/jenkins/workspace/pfSense-CE-snapshots-2_7_2-main/obj/amd64/StdASW5b/var/jenkins/workspace/pfSense-CE-snapshots-2_7_2-main/sources/FreeBSD-src-RELENG_2_7_2/amd64.amd64/sys/pfSense amd64
FreeBSD clang version 16.0.6 (https://github.com/llvm/llvm-project.git llvmorg-16.0.6-0-g7cbf1a259152)
VT(vga): resolution 640x480
CPU: Intel(R) Atom(TM) CPU D510   @ 1.66GHz (1666.74-MHz K8-class CPU)
  Origin="GenuineIntel"  Id=0x106ca  Family=0x6  Model=0x1c  Stepping=10
  Features=0xbfebfbff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CLFLUSH,DTS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE>
  Features2=0x40e31d<SSE3,DTES64,MON,DS_CPL,TM2,SSSE3,CX16,xTPR,PDCM,MOVBE>
  AMD Features=0x20100800<SYSCALL,NX,LM>
  AMD Features2=0x1<LAHF>
  TSC: P-state invariant, performance statistics
real memory  = 2147483648 (2048 MB)
avail memory = 2016030720 (1922 MB)
Event timer "LAPIC" quality 100
ACPI APIC Table: <123110 APIC1623>
FreeBSD/SMP: Multiprocessor System Detected: 4 CPUs
FreeBSD/SMP: 1 package(s) x 2 core(s) x 2 hardware threads
random: unblocking device.
Firmware Warning (ACPI): 32/64X length mismatch in FADT/Gpe0Block: 128/64 (20221020/tbfadt-748)
ioapic0: MADT APIC ID 4 != hw id 1
ioapic0 <Version 2.0> irqs 0-23
Launching APs: 2 3 1
TCP_ratelimit: Is now initialized
wlan: mac acl policy registered
ipw_bss: You need to read the LICENSE file in /usr/share/doc/legal/intel_ipw.LICENSE.
ipw_bss: If you agree with the license, set legal.intel_ipw.license_ack=1 in /boot/loader.conf.
module_register_init: MOD_LOAD (ipw_bss_fw, 0xffffffff807475a0, 0) error 1
ipw_ibss: You need to read the LICENSE file in /usr/share/doc/legal/intel_ipw.LICENSE.
ipw_ibss: If you agree with the license, set legal.intel_ipw.license_ack=1 in /boot/loader.conf.
module_register_init: MOD_LOAD (ipw_ibss_fw, 0xffffffff80747650, 0) error 1
ipw_monitor: You need to read the LICENSE file in /usr/share/doc/legal/intel_ipw.LICENSE.
ipw_monitor: If you agree with the license, set legal.intel_ipw.license_ack=1 in /boot/loader.conf.
module_register_init: MOD_LOAD (ipw_monitor_fw, 0xffffffff80747700, 0) error 1
iwi_bss: You need to read the LICENSE file in /usr/share/doc/legal/intel_iwi.LICENSE.
iwi_bss: If you agree with the license, set legal.intel_iwi.license_ack=1 in /boot/loader.conf.
module_register_init: MOD_LOAD (iwi_bss_fw, 0xffffffff80765180, 0) error 1
iwi_ibss: You need to read the LICENSE file in /usr/share/doc/legal/intel_iwi.LICENSE.
iwi_ibss: If you agree with the license, set legal.intel_iwi.license_ack=1 in /boot/loader.conf.
module_register_init: MOD_LOAD (iwi_ibss_fw, 0xffffffff80765230, 0) error 1
iwi_monitor: You need to read the LICENSE file in /usr/share/doc/legal/intel_iwi.LICENSE.
iwi_monitor: If you agree with the license, set legal.intel_iwi.license_ack=1 in /boot/loader.conf.
module_register_init: MOD_LOAD (iwi_monitor_fw, 0xffffffff807652e0, 0) error 1
random: entropy device external interface
kbd1 at kbdmux0
WARNING: Device "spkr" is Giant locked and may be deleted before FreeBSD 14.0.
netgate0: <unknown hardware>
vtvga0: <VT VGA driver>
smbios0: <System Management BIOS> at iomem 0xfb540-0xfb55e
smbios0: Version: 2.6
acpi0: <SMCI >
acpi0: Power Button (fixed)
acpi0: _OSC failed: AE_BUFFER_OVERFLOW
cpu0: <ACPI CPU> on acpi0
attimer0: <AT timer> port 0x40-0x43 irq 0 on acpi0
Timecounter "i8254" frequency 1193182 Hz quality 0
Event timer "i8254" frequency 1193182 Hz quality 100
atrtc0: <AT realtime clock> port 0x70-0x71 irq 8 on acpi0
atrtc0: registered as a time-of-day clock, resolution 1.000000s
Event timer "RTC" frequency 32768 Hz quality 0
hpet0: <High Precision Event Timer> iomem 0xfed00000-0xfed003ff on acpi0
Timecounter "HPET" frequency 14318180 Hz quality 950
Event timer "HPET" frequency 14318180 Hz quality 450
Event timer "HPET1" frequency 14318180 Hz quality 440
Event timer "HPET2" frequency 14318180 Hz quality 440
Event timer "HPET3" frequency 14318180 Hz quality 440
Timecounter "ACPI-fast" frequency 3579545 Hz quality 900
acpi_timer0: <24-bit timer at 3.579545MHz> port 0x808-0x80b on acpi0
pcib0: <ACPI Host-PCI bridge> port 0xcf8-0xcff on acpi0
pci0: <ACPI PCI bus> on pcib0
uhci0: <Intel 82801I (ICH9) USB controller> port 0xbc00-0xbc1f irq 16 at device 26.0 on pci0
usbus0 on uhci0
usbus0: 12Mbps Full Speed USB v1.0
uhci1: <Intel 82801I (ICH9) USB controller> port 0xb880-0xb89f irq 21 at device 26.1 on pci0
usbus1 on uhci1
usbus1: 12Mbps Full Speed USB v1.0
uhci2: <Intel 82801I (ICH9) USB controller> port 0xb800-0xb81f irq 19 at device 26.2 on pci0
usbus2 on uhci2
usbus2: 12Mbps Full Speed USB v1.0
ehci0: <Intel 82801I (ICH9) USB 2.0 controller> mem 0xfebfbc00-0xfebfbfff irq 18 at device 26.7 on pci0
usbus3: EHCI version 1.0
usbus3 on ehci0
usbus3: 480Mbps High Speed USB v2.0
pcib1: <ACPI PCI-PCI bridge> irq 17 at device 28.0 on pci0
pci1: <ACPI PCI bus> on pcib1
em0: <Intel(R) Gigabit CT 82574L> port 0xcc00-0xcc1f mem 0xfe820000-0xfe83ffff,0xfe880000-0xfe8fffff,0xfe81c000-0xfe81ffff irq 16 at device 0.0 on pci1
em0: EEPROM V1.8-0
em0: Using 1024 TX descriptors and 1024 RX descriptors
em0: Using 2 RX queues 2 TX queues
em0: Using MSI-X interrupts with 3 vectors
em0: Ethernet address: 68:05:ca:1b:65:18
em0: netmap queues/slots: TX 2/1024, RX 2/1024
pcib2: <ACPI PCI-PCI bridge> irq 17 at device 28.4 on pci0
pci2: <ACPI PCI bus> on pcib2
em1: <Intel(R) Gigabit CT 82574L> port 0xdc00-0xdc1f mem 0xfe9e0000-0xfe9fffff,0xfe9dc000-0xfe9dffff irq 16 at device 0.0 on pci2
em1: EEPROM V1.9-0
em1: Using 1024 TX descriptors and 1024 RX descriptors
em1: Using 2 RX queues 2 TX queues
em1: Using MSI-X interrupts with 3 vectors
em1: Ethernet address: 00:25:90:61:a7:b4
em1: netmap queues/slots: TX 2/1024, RX 2/1024
pcib3: <ACPI PCI-PCI bridge> irq 16 at device 28.5 on pci0
pci3: <ACPI PCI bus> on pcib3
em2: <Intel(R) Gigabit CT 82574L> port 0xec00-0xec1f mem 0xfeae0000-0xfeafffff,0xfeadc000-0xfeadffff irq 17 at device 0.0 on pci3
em2: EEPROM V1.9-0
em2: Using 1024 TX descriptors and 1024 RX descriptors
em2: Using 2 RX queues 2 TX queues
em2: Using MSI-X interrupts with 3 vectors
em2: Ethernet address: 00:25:90:61:a7:b5
em2: netmap queues/slots: TX 2/1024, RX 2/1024
uhci3: <Intel 82801I (ICH9) USB controller> port 0xb480-0xb49f irq 23 at device 29.0 on pci0
usbus4 on uhci3
usbus4: 12Mbps Full Speed USB v1.0
uhci4: <Intel 82801I (ICH9) USB controller> port 0xb400-0xb41f irq 19 at device 29.1 on pci0
usbus5 on uhci4
usbus5: 12Mbps Full Speed USB v1.0
uhci5: <Intel 82801I (ICH9) USB controller> port 0xb080-0xb09f irq 18 at device 29.2 on pci0
usbus6 on uhci5
usbus6: 12Mbps Full Speed USB v1.0
ehci1: <Intel 82801I (ICH9) USB 2.0 controller> mem 0xfebfb800-0xfebfbbff irq 23 at device 29.7 on pci0
usbus7: EHCI version 1.0
usbus7 on ehci1
usbus7: 480Mbps High Speed USB v2.0
pcib4: <ACPI PCI-PCI bridge> at device 30.0 on pci0
pci4: <ACPI PCI bus> on pcib4
vgapci0: <VGA-compatible display> mem 0xfc000000-0xfcffffff,0xfdffc000-0xfdffffff,0xfe000000-0xfe7fffff irq 17 at device 4.0 on pci4
vgapci0: Boot video device
isab0: <PCI-ISA bridge> at device 31.0 on pci0
isa0: <ISA bus> on isab0
ahci0: <Intel ICH9 AHCI SATA controller> port 0xa480-0xa487,0xb000-0xb003,0xac00-0xac07,0xa880-0xa883,0xa800-0xa81f mem 0xfebfb000-0xfebfb7ff irq 19 at device 31.2 on pci0
ahci0: AHCI v1.20 with 6 3Gbps ports, Port Multiplier not supported
ahcich0: <AHCI channel> at channel 0 on ahci0
ahcich1: <AHCI channel> at channel 1 on ahci0
ahcich2: <AHCI channel> at channel 2 on ahci0
ahcich3: <AHCI channel> at channel 3 on ahci0
ahcich4: <AHCI channel> at channel 4 on ahci0
ahcich5: <AHCI channel> at channel 5 on ahci0
ahciem0: <AHCI enclosure management bridge> on ahci0
acpi_button0: <Power Button> on acpi0
ns8250: UART FCR is broken
ns8250: UART FCR is broken
uart0: <16550 or compatible> port 0x3f8-0x3ff irq 4 flags 0x10 on acpi0
ns8250: UART FCR is broken
ns8250: UART FCR is broken
uart1: <16550 or compatible> port 0x2f8-0x2ff irq 3 on acpi0
uart2: <16550 or compatible> port 0x3e8-0x3ef irq 5 on acpi0
orm0: <ISA Option ROMs> at iomem 0xc0000-0xc7fff,0xc8000-0xc8fff pnpid ORM0000 on isa0
atkbdc0: <Keyboard controller (i8042)> at port 0x60,0x64 on isa0
atkbd0: <AT Keyboard> irq 1 on atkbdc0
kbd0 at atkbd0
atkbd0: [GIANT-LOCKED]
Timecounter "TSC" frequency 1666666421 Hz quality 1000
Timecounters tick every 1.000 msec
ZFS filesystem version: 5
ZFS storage pool version: features support (5000)
ugen2.1: <Intel UHCI root HUB> at usbus2
ugen3.1: <Intel EHCI root HUB> at usbus3
ugen0.1: <Intel UHCI root HUB> at usbus0
ugen1.1: <Intel UHCI root HUB> at usbus1
uhub0 on usbus2
uhub1 on usbus0
uhub1: <Intel UHCI root HUB, class 9/0, rev 1.00/1.00, addr 1> on usbus0
uhub2 on usbus3
uhub2: <Intel EHCI root HUB, class 9/0, rev 2.00/1.00, addr 1> on usbus3
uhub0: <Intel UHCI root HUB, class 9/0, rev 1.00/1.00, addr 1> on usbus2
ugen5.1: <Intel UHCI root HUB> at usbus5
uhub3 on usbus1
uhub3: <Intel UHCI root HUB, class 9/0, rev 1.00/1.00, addr 1> on usbus1
ugen6.1: <Intel UHCI root HUB> at usbus6
ugen4.1: <Intel UHCI root HUB> at usbus4
ugen7.1: <Intel EHCI root HUB> at usbus7
uhub4 on usbus5
uhub4: <Intel UHCI root HUB, class 9/0, rev 1.00/1.00, addr 1> on usbus5
uhub5 on usbus4
uhub5: <Intel UHCI root HUB, class 9/0, rev 1.00/1.00, addr 1> on usbus4
uhub6 on usbus7
uhub6: <Intel EHCI root HUB, class 9/0, rev 2.00/1.00, addr 1> on usbus7
uhub7 on usbus6
uhub7: <Intel UHCI root HUB, class 9/0, rev 1.00/1.00, addr 1> on usbus6
Trying to mount root from zfs:pfSense/ROOT/default []...
uhub0: 2 ports with 2 removable, self powered
uhub1: 2 ports with 2 removable, self powered
uhub3: 2 ports with 2 removable, self powered
uhub4: 2 ports with 2 removable, self powered
uhub5: 2 ports with 2 removable, self powered
uhub7: 2 ports with 2 removable, self powered
Root mount waiting for: usbus3 usbus7 CAM
uhub2: 6 ports with 6 removable, self powered
Root mount waiting for: usbus3 usbus7 CAM
uhub6: 6 ports with 6 removable, self powered
Root mount waiting for: CAM
ugen2.2: <Winbond Electronics Corp Hermon USB hidmouse Device> at usbus2
ukbd0 on uhub0
ukbd0: <Winbond Electronics Corp Hermon USB hidmouse Device, class 0/0, rev 1.10/0.01, addr 2> on usbus2
kbd2 at ukbd0
Root mount waiting for: CAM
Root mount waiting for: CAM
Root mount waiting for: CAM
Root mount waiting for: CAM
Root mount waiting for: CAM
ses0 at ahciem0 bus 0 scbus6 target 0 lun 0
ses0: <AHCI SGPIO Enclosure 2.00 0001> SEMB S-E-S 2.00 device
ses0: SEMB SES Device
ses0: pass0 in 'Slot 00', SATA Slot: scbus0 target 0
ada0 at ahcich0 bus 0 scbus0 target 0 lun 0
ada0: <Samsung SSD 840 EVO 120GB EXT0BB6Q> ACS-2 ATA SATA 3.x device
ada0: Serial Number S1D5NSAF199554L
ada0: 300.000MB/s transfers (SATA 2.x, UDMA6, PIO 512bytes)
ada0: Command Queueing enabled
ada0: 114473MB (234441648 512 byte sectors)
ada0: quirks=0x3<4K,NCQ_TRIM_BROKEN>
CPU: Intel(R) Atom(TM) CPU D510   @ 1.66GHz (1666.67-MHz K8-class CPU)
  Origin="GenuineIntel"  Id=0x106ca  Family=0x6  Model=0x1c  Stepping=10
  Features=0xbfebfbff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CLFLUSH,DTS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE>
  Features2=0x40e31d<SSE3,DTES64,MON,DS_CPL,TM2,SSSE3,CX16,xTPR,PDCM,MOVBE>
  AMD Features=0x20100800<SYSCALL,NX,LM>
  AMD Features2=0x1<LAHF>
  TSC: P-state invariant, performance statistics

JeGr

@DasBrot Kann ich ohne weitere Punkte schlecht nachvollziehen. Haben hier aber zum Test auch im Lab mehrere Kisten und die updaten und neustarten sich ohne Problem auch mit Wireguard neu, daher wäre es seltsam dass das jetzt alle betreffen würde. Dann gäbe es aktuellere Meldungen dazu. Das klingt eher nach einer seltsamen Konfiguration?

Cheers