Re: [Shorewall-devel] [Shorewall-users] shorewall-init fails & 1 provider (vpn) interface unusable on boot -- but sys ends up fully up & running after boot anyway. why?

[PGNd <de...@pg...>]

After upgrade to Shorewall 4.6.3.4 pkgs

	rpm -qa | grep -i shorewall
		shorewall-core-4.6.3.4-157.1.noarch
		shorewall-init-4.6.3.4-157.1.noarch
		shorewall-lite-4.6.3.4-157.1.noarch
		shorewall6-lite-4.6.3.4-157.1.noarch

on boot, shorewall-init no longer fails

	journalctl -xb | grep -i shorewall-init
		-- Subject: Unit shorewall-init.service has begun with start-up
		-- Unit shorewall-init.service has begun starting up.
		Sep 23 12:21:56 core shorewall-init[934]: Initializing "Shorewall-based firewalls": Stopping Shorewall Lite....
		Sep 23 12:21:56 core shorewall-init[934]: done.
		Sep 23 12:21:57 core shorewall-init[934]: Stopping Shorewall6 Lite....
		Sep 23 12:21:57 core shorewall-init[934]: done.

but, my vpn tun interface specifically does not come up during boot now.  And there's additional inconsistent behavior on stop/start/restart after boot, from shell,

	/usr/sbin/shorewall-lite restart
		Restarting Shorewall Lite....
		  OK ping @ INTFC=eth0
		  BAD ping @ INTFC=tun1
		Initializing...
		Processing init user exit ...
		Processing tcclear user exit ...
		Setting up Route Filtering...
		Setting up Martian Logging...
		Setting up Accept Source Routing...
		Setting up Proxy ARP...
		Adding Providers...
		   WARNING: Interface tun1 is not usable -- Provider prov2 (2) not Started
		Preparing iptables-restore input...
		Running /usr/sbin/iptables-restore...
		IPv4 Forwarding Enabled
		Processing start user exit ...
		Processing started user exit ...
		started - nada
		done.
	/usr/sbin/shorewall-lite restart
		Restarting Shorewall Lite....
		  OK ping @ INTFC=eth0
		  BAD ping @ INTFC=tun1
		Initializing...
		Processing init user exit ...
		Processing tcclear user exit ...
		Setting up Route Filtering...
		Setting up Martian Logging...
		Setting up Accept Source Routing...
		Setting up Proxy ARP...
		Adding Providers...
		   WARNING: Interface tun1 is not usable -- Provider prov2 (2) not Started
		Preparing iptables-restore input...
		Running /usr/sbin/iptables-restore...
		IPv4 Forwarding Enabled
		Processing start user exit ...
		Processing started user exit ...
		started - nada
		done.

	/usr/sbin/shorewall-lite stop
		Stopping Shorewall Lite....
		  OK ping @ INTFC=eth0
		  BAD ping @ INTFC=tun1
		Processing stop user exit ...
		Processing tcclear user exit ...
		Running /usr/sbin/iptables-restore...
		IPv4 Forwarding Enabled
		Processing stopped user exit ...
		done.

	/usr/sbin/shorewall-lite start
		Starting Shorewall Lite....
		  BAD ping @ INTFC=eth0
		  BAD ping @ INTFC=tun1
		Initializing...
		Processing init user exit ...
		Processing tcclear user exit ...
		Setting up Route Filtering...
		Setting up Martian Logging...
		Setting up Accept Source Routing...
		Setting up Proxy ARP...
		Adding Providers...
		   WARNING: Interface eth0 is not usable -- Provider prov1 (1) not Started
		   WARNING: Interface tun1 is not usable -- Provider prov2 (2) not Started
		   WARNING: No Default route added (all 'balance' providers are down)
		   NOTICE: Default route restored
		Preparing iptables-restore input...
		Running /usr/sbin/iptables-restore...
		IPv4 Forwarding Enabled
		Processing start user exit ...
		Processing started user exit ...
		started - nada
		done.


	/usr/sbin/shorewall-lite stop
		Stopping Shorewall Lite....
		  OK ping @ INTFC=eth0
		  BAD ping @ INTFC=tun1
		Processing stop user exit ...
		Processing tcclear user exit ...
		Running /usr/sbin/iptables-restore...
		IPv4 Forwarding Enabled
		Processing stopped user exit ...
		done.

	/usr/sbin/shorewall-lite start
		Starting Shorewall Lite....
		  BAD ping @ INTFC=eth0
		  BAD ping @ INTFC=tun1
		Initializing...
		Processing init user exit ...
		Processing tcclear user exit ...
		Setting up Route Filtering...
		Setting up Martian Logging...
		Setting up Accept Source Routing...
		Setting up Proxy ARP...
		Adding Providers...
		   WARNING: Interface eth0 is not usable -- Provider prov1 (1) not Started
		   WARNING: Interface tun1 is not usable -- Provider prov2 (2) not Started
		   WARNING: No Default route added (all 'balance' providers are down)
		   NOTICE: Default route restored
		Preparing iptables-restore input...
		Running /usr/sbin/iptables-restore...
		IPv4 Forwarding Enabled
		Processing start user exit ...
		Processing started user exit ...
		started - nada
		done.

	/usr/sbin/shorewall-lite restart
		Restarting Shorewall Lite....
		  OK ping @ INTFC=eth0
		  BAD ping @ INTFC=tun1
		Initializing...
		Processing init user exit ...
		Processing tcclear user exit ...
		Setting up Route Filtering...
		Setting up Martian Logging...
		Setting up Accept Source Routing...
		Setting up Proxy ARP...
		Adding Providers...
		   WARNING: Interface tun1 is not usable -- Provider prov2 (2) not Started
		Preparing iptables-restore input...
		Running /usr/sbin/iptables-restore...
		IPv4 Forwarding Enabled
		Processing start user exit ...
		Processing started user exit ...
		started - nada
		done.


Starting to hunt this down now ...