core icon indicating copy to clipboard operation
core copied to clipboard
verified publisher icon opnsense

After reboot unbound service starts after IPsec service wich causes permanent connection error when the ipsec remote gateway is a DNS name

Open dstr-wpd opened this issue 1 year ago • 4 comments

Important notices

Our forum is located at https://forum.opnsense.org , please consider joining discussions there in stead of using GitHub for these matters.

Before you ask a new question, we ask you kindly to acknowledge the following:

  • [ x] I have read the contributing guide lines at https://github.com/opnsense/core/blob/master/CONTRIBUTING.md
  • [x ] I am convinced that my issue is new after having checked both open and closed issues at https://github.com/opnsense/core/issues?q=is%3Aissue

After reboot unbound service starts after IPsec service wich causes permanent connection error when the ipsec remote gateway is a DNS name

This is a behaivor since upgrade to 24.7 major relase. logs attached:

system.log Screenshot 2024-08-13 093922 image keyretries is set to 0, so it should try infinite times

image

is there a way to delay ipsec service or priorize unbound?

dstr-wpd avatar Aug 13 '24 07:08 dstr-wpd

Ok, I'll bite:

https://github.com/opnsense/core/blob/10aa7878cf5e49c2125d8752c20ca6dea048c1de/src/etc/rc.bootup#L98

https://github.com/opnsense/core/blob/10aa7878cf5e49c2125d8752c20ca6dea048c1de/src/etc/rc.bootup#L102

fichtner avatar Aug 13 '24 08:08 fichtner

Do I have to change these values?

dstr-wpd avatar Aug 14 '24 07:08 dstr-wpd

No. DNS is started before IPsec. I'm not sure what your issue is.

fichtner avatar Aug 14 '24 07:08 fichtner

2024-08-12T14:53:06 Informational unbound [62342:0] info: start of service (unbound 1.20.0). 2024-08-12T14:53:06 Notice unbound [62342:0] notice: init module 2: iterator 2024-08-12T14:53:06 Notice unbound [62342:0] notice: init module 1: validator 2024-08-12T14:53:06 Notice unbound [62342:0] notice: init module 0: python 2024-08-12T14:53:03 Informational unbound [44853:0] info: server stats for thread 3: requestlist max 0 avg 0 exceeded 0 jostled 0 2024-08-12T14:53:03 Informational unbound [44853:0] info: server stats for thread 3: 0 queries, 0 answers from cache, 0 recursions, 0 prefetch, 0 rejected by ip ratelimiting 2024-08-12T14:53:03 Informational unbound [44853:0] info: server stats for thread 2: requestlist max 0 avg 0 exceeded 0 jostled 0 2024-08-12T14:53:03 Informational unbound [44853:0] info: server stats for thread 2: 0 queries, 0 answers from cache, 0 recursions, 0 prefetch, 0 rejected by ip ratelimiting 2024-08-12T14:53:03 Informational unbound [44853:0] info: server stats for thread 1: requestlist max 0 avg 0 exceeded 0 jostled 0 2024-08-12T14:53:03 Informational unbound [44853:0] info: server stats for thread 1: 0 queries, 0 answers from cache, 0 recursions, 0 prefetch, 0 rejected by ip ratelimiting 2024-08-12T14:53:03 Informational unbound [44853:0] info: server stats for thread 0: requestlist max 0 avg 0 exceeded 0 jostled 0 2024-08-12T14:53:03 Informational unbound [44853:0] info: server stats for thread 0: 0 queries, 0 answers from cache, 0 recursions, 0 prefetch, 0 rejected by ip ratelimiting 2024-08-12T14:53:03 Informational unbound [44853:0] info: service stopped (unbound 1.20.0). 2024-08-12T14:53:01 Informational unbound [44853:0] info: start of service (unbound 1.20.0).

looks like its been started twice will try another log level

dstr-wpd avatar Aug 14 '24 07:08 dstr-wpd

This issue has been automatically timed-out (after 180 days of inactivity).

For more information about the policies for this repository, please read https://github.com/opnsense/core/blob/master/CONTRIBUTING.md for further details.

If someone wants to step up and work on this issue, just let us know, so we can reopen the issue and assign an owner to it.

OPNsense-bot avatar Feb 09 '25 07:02 OPNsense-bot