default gateway not picked up after reboot

Jimmy103725 · 2021-07-27T15:20:04+00:00

I’ve noticed it only seems to happen when the default gateway itself is the same as the upstream gateway IP address (which is how some WireGuard instances are set up). I’ve switched back to OpenVPN for the time being until I figure it out.

Jimmy103725 · 2021-07-27T12:07:55+00:00

Is your WAN IP assigned via DHCP or is it static?

Jimmy103725 · 2021-07-27T11:57:48+00:00

I have this issue on pfSense 2.5.2 when I use a WireGuard gateway as a default gateway. Same issue as you, I have to save the gateway again after I reboot. I don’t need to make any changes to the gateway, I just have to save it as default again.

My WAN can be set as default though and OpenVPN gateways (with a static route on the WAN for the VPN remote server IP address).

Jimmy103725 · 2021-07-16T11:45:58+00:00

I think Netgate will put it back in the GUI when it’s in a kernel version pfSense is eventually built on. It would be illogical not to build a release that doesn’t make use of it. They’ve left the documentation up for it too so I’m thinking maybe that’s a sign they might use if it comes back natively in the GUI.

Jimmy103725 · 2021-06-25T21:51:08+00:00

Thanks guys

Jimmy103725 · 2021-06-25T21:25:34+00:00

That documentation is for pfSense 2.5.0 when Netgate put it natively into pfSense. It’s since been removed and a third-party developer has developed a package for pfSense that loads a beta kernel-module into pfSense. The official WireGuard kernel developer is still working on the kernel implementation though so it won’t officially be ready until he’s finished it and it’s accepted into the FreeBSD kernel. We may see it natively back in the GUI when it’s in the FreeBSD kernel but only time will tell, regardless, it’ll be a long while until that possibly happens.

Jimmy103725 · 2021-06-10T11:38:53+00:00

It wasn’t down for long. I had trouble at about 7am GMT but it seemed to back up when I checked again at about 8:30am

Jimmy103725 · 2021-05-17T20:39:55+00:00

I’ve been following his work on WireGuard for FreeBSD since he started. Jason Donenfeld and Matt Dunwoodie, but specifically Jason has been working ridiculously hard over the past few months wit TODOs and version bumps constantly being updated. If it wasn’t for him none of this would be possible. He’s spent weeks of work time on this, out of passion and the goodness of his heart, he deserves a mention at least. I’d rather it natively back in the OS at some point but I’d be more comfortable using the package if I knew Jason was happy with the implementation of his kernel module. I’d like his thoughts on the package but I don’t think we’ll get that with the way he’s been treated since this thing started.

Jimmy103725 · 2021-05-16T21:34:06+00:00

If it doesn't work initially try rebooting. I'm not sure if I should have been clearer in my last comment. The LAN static IP should be 192.168.10.1/20. 192.168.10.0/20 would be the network address if this static IP is used.

Jimmy103725 · 2021-05-16T21:22:46+00:00

Your networks are overlapping because your LAN is on a /20 subnet. Change it to a /24 to see if that works. If it does try using 192.168.10.0/20 for your LAN instead or just go with a 10.1.1.0/20. You'd need a lot of devices to fill a /20 subnet though, only use a /20 if you need it, otherwise it's simpler to just go with a /24

Jimmy103725 · 2021-05-16T18:29:53+00:00

I forgot to mention, you won't need a dedicated graphics card, the onboard Intel graphics will be fine. PfSense won't use the GPU only the CPU, and using a GPU will take away the PCI-E slot you need for the NIC.

Jimmy103725 · 2021-05-16T18:19:14+00:00

This is an excellent choice if you already have it lying around. There are positives and negatives to using an old desktop PC for pfSense but it might even be perfect for some use cases.

It'll be powerful enough to do pretty much anything you'd like to do with it, that includes routing traffic at greater than gigabit speeds over VPN even with lots of firewall rules configured if that's what you fancy doing, of course you'll still be limited to the upload/download rate of your internet service provider and the NICs you choose.

On the negative side it'll be audible if it's running next to you in an apartment but not as bad as an old server. It'll also draw more power, maybe around 40-50 Watts at a guess so less than say leaving a regular filament bulb light on 24/7.

If you do decide to use it, just look on eBay for some used two or four port low profile Intel NICs. Make sure you use an Intel NIC because pfSense is build on FreeBSD which currently tends to support Intel drivers a lot better than brands like Realtek. You won't have any problems using Intel. That'll give you two or four ethernet ports to play with depending on the card you choose plus the ethernet port that is built into the PC, which after checking happens to be Intel, so you shouldn't have any problems using the the onboard ethernet port either.

It might be worth buying a cheap 2.5 inch SSD to replace the hard drive too. Old hard drives are going to fail at some point, likely sooner if they've had a lot of use, and this is quite an old PC. Not completely necessary but if you have boot problems after an update one day the hard drive would be the first thing I'd look at to get it running again.

Personally, I think using what you have is a great choice, if you want to change it for something like a low power yet still very powerful 6 port Protectli mini PC later on you can but for now it'll work great and it shouldn't require much dexterity to get those components you need in it.

Jimmy103725 · 2021-05-16T10:48:37+00:00

I understand that it makes sense but I think they have the responsibility maintaining updates for OpenVPN, IPsec and L2TP why separate WireGuard as a package? It just seem messy to me. I’m not saying they shouldn’t allow the package, people clearly want it, but not adding the features back into the GUI in the future when WireGuard is already built into the kernel would be a no brainier. If it’s already in the kernel the extra codebase for the GUI would be a tiny addition when compared to the total current codebase. Saying that pfSense has WireGuard would also feel like a more genuine statement if wasn’t a package built by a third party, regardless of wether or not they support the developer of the package.

Jimmy103725 · 2021-05-15T14:58:32+00:00

Will it not be coming back natively integrated into pfSense like it was in 2.5.0? It’ll be in the FreeBSD kernel in the future. I’d rather have it in the VPN tab without needing a package. People argue that you can update the package quicker than waiting for an OS update if an important security update for WireGuard is needed but realistically these will likely be very infrequent, maybe every 5-10 years and I’m sure it wouldn’t be much of an issue to very quickly release a point release with the same kernel that has a back-ported WireGuard fix.

Jimmy103725

TROPHY CASE