Bug #15098: Wireguard crashes on boot if PPPoE is the default gateway - pfSense - pfSense bugtracker

Custom queries

2.4.5-p1 - Resolved/Closed
2.5.0 - Resolved/Closed
2.5.1 - Resolved/Closed
2.5.2 - Resolved/Closed
2.6.0 - Resolved/Closed
2.7.0 - Resolved/Closed
2.7.1 - All Open Issues
2.7.1 - Resolved/Closed
2.7.2 - Resolved/Closed
2.8.0 - All Open Bugs
2.8.0 - All Open Features
2.8.0 - All Open Issues
2.8.0 - All Open Regressions
2.8.0 - Feedback
2.8.0 - Needs Attention
2.8.0 - New/Confirmed
2.8.0 - Pull Requests
2.8.0 - Regressions affecting 2.7.0
2.8.0 - Resolved/Closed
21.02.2/2.5.1 - Resolved/Closed
21.05 Plus - All Closed Issues
21.05.1 Plus Target - All Closed Issues
21.05.1 Target - All Closed Issues
22.01 Plus - All Closed Issues
22.01 Target - All Closed Issues
22.05 Plus - All Closed Issues
22.05 Target - All Closed Issues
23.01 Plus - All Closed Issues
23.01 Target - All Closed Issues
23.05 Plus - All Closed Issues
23.05 Target - All Closed Issues
23.05.1 Plus - All Closed Issues
23.05.1 Target - All Closed Issues
23.09 Plus - All Closed Issues
23.09 Target - All Closed Issues
23.09.1 Plus - All Closed Issues
23.09.1 Target - All Closed Issues
24.03 Plus - All Closed Issues
24.03 Target - All Closed Issues
24.11 Plus - All Closed Issues
24.11 Plus - All Open Issues
24.11 Plus - Feedback Issues
24.11 Plus - Needs Attention/Work
24.11 Plus - New/Confirmed/In Progress Issues
24.11 Target - All Closed Issues
24.11 Target - All Open Issues
25.01 Plus - All Closed Issues
25.01 Plus - All Open Issues
25.01 Plus - Feedback Issues
25.01 Plus - Needs Attention/Work
25.01 Plus - New/Confirmed/In Progress Issues
25.01 Plus - Pull Request Review
25.01 Plus - Waiting on Merge
25.01 Target - All Closed Issues
25.01 Target - All Open Issues
All Open Issues assigned to Me
All Open Pull Requests
Any Target - All Open Regressions
Any Target - Feedback Issues
CE-Next - All Closed Issues (Move to specific target)
CE-Next - All Open Issues
CE-Next - Feedback (Likely needs target changed)
New Issues by Category - Future Target
New Issues by Category - No Target
New Issues by Category - No Target+Future
No Target - All Open Issues (Base Only)
No Target - New Issues (Base Only)
No Target - New Issues (Base and Packages)
Release Notes - Plus Target Version (DO NOT EDIT)
Release Notes - Target Version (DO NOT EDIT)

Actions

Copy link

Bug #15098

open

Wireguard crashes on boot if PPPoE is the default gateway

Added by Oskar Stroka 11 months ago. Updated about 2 months ago.

Status:

New

Priority:

Normal

Assignee:

Christian McDonald

Category:

WireGuard

Target version:

Start date:

Due date:

% Done:

Estimated time:

Plus Target Version:

Release Notes:

Default

Affected Version:

2.7.2

Affected Architecture:

amd64

Description

This only seems to happen after a fresh boot, and only if any PPPoE connection is the default gateway.
Even the service watchdog can't bring wireguard back up.
The workaround is to go to "Status" - "Interfaces", disconnect the PPPoE line and enable it again.
After that wireguard will start without a problem.
I've only noticed this issue after moving to newer / better hardware.

History
Notes

Actions

Copy link

Updated by Oskar Stroka 11 months ago

changing a static route, even disabling and re-enabling one, allows wireguard to be enabled again

Actions

Copy link

Updated by Oskar Stroka 11 months ago

restarting the gateway service also solves it.
Edit: Also happens with an DHCP interface as default gateway

Actions

Copy link

Updated by Danilo Zrenjanin 11 months ago

I couldn't replicate this behavior on the following system:

23.09.1-RELEASE (amd64)
built on Wed Dec 20 18:27:00 UTC 2023
FreeBSD 14.0-CURRENT

The WAN interface IPv4 Configuration Type is set to PPPoE. And the system has only one PPPoE gateway.

After a graceful reboot, the PPPoE connection and Wireguard service both go up with no issues. There is probably something else in your configuration that triggers this behavior.

Dec 23 12:19:08    reboot    22988    rebooted by root
.
.
.
.
Dec 23 12:19:57    kernel        tun_wg0: link state changed to UP
.
.

Actions

Copy link

Updated by Oskar Stroka 11 months ago

checked the logs and this seems to be repeating endlessly:
Dec 24 09:17:01 php_wg 89853 /usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] De-installed interface group (WireGuard).
Dec 24 09:17:01 php_wg 89853 /usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] Installed interface group (WireGuard).
Dec 24 09:17:01 php_wg 89853 /usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] De-installed Unbound ACL group (WireGuard).
Dec 24 09:17:01 php_wg 89853 /usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] Installed Unbound ACL group (WireGuard).
Dec 24 09:17:01 php_wg 89853 /usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] Applied package default settings as necessary.
Dec 24 09:17:02 php_wg 89853 /usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] De-installed earlyshellcmd(s).
Dec 24 09:17:02 check_reload_status 511 Syncing firewall
Dec 24 09:17:02 php_wg 89853 /usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] Installed earlyshellcmd(s).
Dec 24 09:17:02 check_reload_status 511 Syncing firewall

but after restarting the gateway service:
Dec 24 09:17:09 check_reload_status 511 Reloading filter
Dec 24 09:17:09 php_wg 31908 /usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] Enabled all WireGuard gateways.
Dec 24 09:17:09 check_reload_status 511 Reloading filter
Dec 24 09:17:09 php_wg 31908 /usr/local/pkg/wireguard/includes/wg_service.inc: Removing static route for monitor 62.55.197.9 and adding a new route through 80.146.128.16
Dec 24 09:17:09 php_wg 31908 /usr/local/pkg/wireguard/includes/wg_service.inc: Removing static route for monitor 142.250.184.227 and adding a new route through 192.168.8.1
Dec 24 09:17:09 php_wg 31908 /usr/local/pkg/wireguard/includes/wg_service.inc: Removing static route for monitor 82.149.64.17 and adding a new route through 192.168.6.1
Dec 24 09:17:09 php_wg 31908 /usr/local/pkg/wireguard/includes/wg_service.inc: Removing static route for monitor 217.17.34.10 and adding a new route through 10.65.234.147
Dec 24 09:17:09 php_wg 31908 /usr/local/pkg/wireguard/includes/wg_service.inc: Removing static route for monitor 213.209.99.163 and adding a new route through 10.66.179.102
Dec 24 09:17:09 php_wg 31908 /usr/local/pkg/wireguard/includes/wg_service.inc: Removing static route for monitor 109.199.77.76 and adding a new route through 10.65.82.101

is there anything I could do to narrow this down?

Actions

Copy link

Updated by Kris Phillips 10 months ago

Danilo Zrenjanin wrote in #note-3:

I couldn't replicate this behavior on the following system:
[...]

The WAN interface IPv4 Configuration Type is set to PPPoE. And the system has only one PPPoE gateway.

After a graceful reboot, the PPPoE connection and Wireguard service both go up with no issues. There is probably something else in your configuration that triggers this behavior.

[...]

Important to note that this was reported with 2.7.2 and you're testing on 23.09.1. While there shouldn't be any difference, we should test this on 2.7.2 to confirm.

Actions

Copy link

Updated by dylan mendez 6 months ago

Tested in 2.7.2

single WAN with PPPoE Gateway and a Wireguard Tunnel.

Tunnel came up without issues, PPPoE session came up without issues.

Actions

Copy link

Updated by Oskar Stroka 5 months ago

Tested it with a fresh install, sadly it still keeps happening to me, but only after a reboot.
Wireguard will start and immediately crash, not even the service watchdog helps.
I've found a workaround: Restarting the gateway service.
Is there some info I could provide to help narrow this down?

Actions

Copy link

Updated by Claudio Scavazza 5 months ago

I have the same issue, which I think is related to PPPoE.
At the moment, I created a bash script that is running every 3 minutes.
So, if the WG process is not running, restart the WG interface and then the WG process.
For me is working.
I know it isn't a solution but it's a working workaround.

if ! pgrep -x "php_wg" > /dev/null
then
    ifconfig tun_wg0 down
    sleep 10
    ifconfig tun_wg0 up
    sleep 10
    /usr/local/bin/php_wg -f /usr/local/pkg/wireguard/includes/wg_service.inc stop
    sleep 10
    /usr/local/bin/php_wg -f /usr/local/pkg/wireguard/includes/wg_service.inc start
fi

Best

Actions

Copy link

Updated by Remi Roy about 2 months ago

Can confirm that I also have this issue

System :
2.7.2-RELEASE (amd64)
built on Fri Dec 8 15:55:00 EST 2023
FreeBSD 14.0-CURRENT

Setup :
WAN_PPPoE gateway + 3 gateway for wireguard, after a clean reboot, only the WAN_PPPoE gateway show up in the main dashbord (instead of all 4) - wireguard tunels are not connecting. To fix it I just go to any of the 3 wireguard gateway, change nothing, it "save", "apply changes" and voila. The 3 missings gateway reappear in the dashboard, and the tunels are connecting.

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

pfSense

Custom queries

Bug #15098

Wireguard crashes on boot if PPPoE is the default gateway

Updated by Oskar Stroka 11 months ago

Updated by Oskar Stroka 11 months ago

Updated by Danilo Zrenjanin 11 months ago

Updated by Oskar Stroka 11 months ago

Updated by Kris Phillips 10 months ago

Updated by dylan mendez 6 months ago

Updated by Oskar Stroka 5 months ago

Updated by Claudio Scavazza 5 months ago

Updated by Remi Roy about 2 months ago