PF Enabling pfno IP address found for wg0:network

Del.Mar

Del.Mar

Hi mates!
During the boot my FreeBSD box start PF earlier than wg0 interface creates.

Code: 
Enabling pfno IP address found for wg0:network
/etc/pf.conf:5: could not parse host specification
pfctl: Syntax error in config file: pf rules not loaded
/etc/rc: WARNING: Unable to load /etc/pf.conf.
.
[#] ifconfig wg create name wg0
[#] wg setconf wg0 /dev/stdin
[#] ifconfig wg0 inet 10.0.1.1/24 alias
[#] ifconfig wg0 mtu 1420
[#] ifconfig wg0 up
wg0: link state changed to UP
[#] route -q -n add -inet 10.0.1.4/32 -interface wg0
[#] route -q -n add -inet 10.0.1.3/32 -interface wg0
[#] route -q -n add -inet 10.0.1.2/32 -interface wg0
[+] Backgrounding route monitor
How to change priority of the boot?
 
Look at netwait rc.d
Have pf wait for wg0

Here is an example but uses IP instead of interface:

Netwait on FreeBSD – The Blog

blog.danielisz.org blog.danielisz.org

cat /etc/defaults/rc.conf|grep netwait
Code: 
netwait_enable="NO"        # Enable rc.d/netwait (or NO)
#netwait_ip=""            # Wait for ping response from any IP in this list.
netwait_timeout="60"        # Total number of seconds to perform pings.
#netwait_if=""            # Wait for active link on each intf in this list.
netwait_if_timeout="30"        # Total number of seconds to monitor link state.
 
Phishfry said:
Here is an example but uses IP instead of interface:
Click to expand...
Tried with interface and ip. Output the same
Code: 
/etc/pf.conf:5: could not parse host specification
pfctl: Syntax error in config file: pf rules not loaded
/etc/rc: WARNING: Unable to load /etc/pf.conf.
.
Waiting for 10.0.1.1 to respond to ICMP ping, failed: No response from host.
/etc/rc: WARNING: Exhausted IP list.  Continuing with startup, but be aware you may
/etc/rc: WARNING: not have a fully functional networking layer at this point.
[#] ifconfig wg create name wg0
[#] wg setconf wg0 /dev/stdin
[#] ifconfig wg0 inet 10.0.1.1/24 alias
[#] ifconfig wg0 mtu 1420
[#] ifconfig wg0 up
wg0: link state changed to UP
My /etc/rc.conf
Code: 
ifconfig_vtnet0="inet x.x.x.x netmask 255.255.255.0"
defaultrouter="x.x.x.x"
sshd_enable="YES"
# Set dumpdev to "AUTO" to enable crash dumps, "NO" to disable
dumpdev="AUTO"
gateway_enable="YES"
netwait_enable="YES"
netwait_timeout="30"
netwait_ip="10.0.1.1"
wireguard_enable="YES"
wireguard_interfaces="wg0"
pf_enable="YES"
pflog_enable="YES"
pf_rules="/etc/pf.conf"
 
Vovas said:
Tried with interface and ip. Output the same
Code: 
/etc/pf.conf:5: could not parse host specification
pfctl: Syntax error in config file: pf rules not loaded
/etc/rc: WARNING: Unable to load /etc/pf.conf.
.
Waiting for 10.0.1.1 to respond to ICMP ping, failed: No response from host.
/etc/rc: WARNING: Exhausted IP list.  Continuing with startup, but be aware you may
/etc/rc: WARNING: not have a fully functional networking layer at this point.
[#] ifconfig wg create name wg0
[#] wg setconf wg0 /dev/stdin
[#] ifconfig wg0 inet 10.0.1.1/24 alias
[#] ifconfig wg0 mtu 1420
[#] ifconfig wg0 up
wg0: link state changed to UP
My /etc/rc.conf
Code: 
ifconfig_vtnet0="inet x.x.x.x netmask 255.255.255.0"
defaultrouter="x.x.x.x"
sshd_enable="YES"
# Set dumpdev to "AUTO" to enable crash dumps, "NO" to disable
dumpdev="AUTO"
gateway_enable="YES"
netwait_enable="YES"
netwait_timeout="30"
netwait_ip="10.0.1.1"
wireguard_enable="YES"
wireguard_interfaces="wg0"
pf_enable="YES"
pflog_enable="YES"
pf_rules="/etc/pf.conf"
Click to expand...
in my case, the above setup sent me to single user mode. error msg was...netwait_enable="YES". i use the wireguard ip for the netwait_ip.
 
I am unfamiliar with WireGuard interface and will need to deflect.
Brute force you can edit rc.d scripts to use BEFORE: settings but it is a dirty hack that will not survive updates.
 
It looks like pf daemon already waits for netif.

Code: 
# PROVIDE: pf
# REQUIRE: FILESYSTEMS netif pflog pfsync
# BEFORE:  routing
# KEYWORD: nojailvnet
 
mr8ash said:
i use the wireguard ip for the netwait_ip.
Click to expand...
Doesn't work for me. PF started before wg0 interface is up and set ip for it.
Phishfry said:
Brute force you can edit rc.d scripts to use BEFORE: settings but it is a dirty hack that will not survive updates.
Click to expand...
Yeah, after update package this hack will rewrite.
Phishfry said:
It looks like pf daemon already waits for netif.
Click to expand...
Judging by the booting, it is not waiting.
 
You must log in or register to reply here.
Back
Top