Project

General

Profile

Bug #8909

tinc package makes /rc.newwanip looping forever

Added by Andrew Hotlab 8 months ago. Updated 7 months ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
-
Target version:
-
Start date:
09/18/2018
Due date:
% Done:

0%

Estimated time:
Affected Version:
Affected Architecture:
All

Description

I just realizd that each time the tincd(8) daemon is started, pfSense detects the new IP address on its dedicated interface (in my case /dev/tap0), thus it recalls the script /rc.newwanip, which in turns calls the script /rc.start_packages, generating an infinite loop: in fact restarting the tinc service make the tap0 interface have its IP reassigned, and again and again... :S

I attached the first two occurrences of the loop, which I'm not able to stop but manually killing tincd(8).

I guess that this is a show-stopper issue affecting everyone who wants to run tinc on pfSense.

Maybe there is a way to tell the /rc.start_packages script not to act upon the tinc service?

tinc_loop.txt (4.1 KB) tinc_loop.txt extract from /var/log/system.log Andrew Hotlab, 09/18/2018 05:50 AM

History

#1 Updated by Andrew Hotlab 8 months ago

I temporary blocked the loop by disabling the OPT interface associated with tap0:

Sep 29 16:59:39 pfsense php-fpm[83677]: /rc.linkup: Linkup detected on disabled interface...Ignoring
But in this way I'm not able to use that interface for NAT and specific firewall rules any longer.

#2 Updated by Andrew Hotlab 7 months ago

I guess I found a workaround: define a static IP address into the interface, then enable it and use in firewall and outbound NAT rules. In this way rc.newwanip does not seems to try restarting all packages anymore:

Oct 21 17:05:12 pfsense check_reload_status: Linkup starting tap0
Oct 21 17:05:12 pfsense kernel: tap0: link state changed to UP
Oct 21 17:05:14 pfsense php-fpm[17333]: /rc.linkup: Hotplug event detected for VPN_TINC(opt4) static IP (10.1.2.1 )
Oct 21 17:05:14 pfsense check_reload_status: rc.newwanip starting tap0
Oct 21 17:05:14 pfsense check_reload_status: Reloading filter
Oct 21 17:05:15 pfsense php-fpm[17333]: /rc.newwanip: rc.newwanip: Info: starting on tap0.
Oct 21 17:05:15 pfsense php-fpm[17333]: /rc.newwanip: rc.newwanip: on (IP address: 10.1.2.1) (interface: VPN_TINC[opt4]) (real interface: tap0).
Oct 21 17:05:15 pfsense check_reload_status: Reloading filter

The solution seems pretty stable at this moment. Need more time to check it effectively.

Also available in: Atom PDF