Describe the problem
After rebooting pfsense, even though the setup key has no expiry, the system will not reconnect.
To Reproduce
Steps to reproduce the behavior:
- create none expiry key in the cloud dashboard
- in pfsense install the latest packages
- add the setup to the authentication page and connect
- reboot pfsense
- goto authentication page and connect (after seeing netbird interface not up)
Expected behavior
wt0 interface should be up.
Are you using NetBird Cloud?
NetBird Cloud
NetBird version
Daemon version: 0.73.2
CLI version: 0.73.2
Management: Disconnected
Signal: Disconnected
Relays: 0/0 Available
Nameservers: 0/0 Available
FQDN:
NetBird IP: N/A
Interface type: N/A
Quantum resistance: false
Lazy connection: false
Networks: -
Forwarding rules: 0
Peers count: 0/0 Connected
Is any other VPN software installed?
If yes, which one? OpenVPN
Debug output
To help us resolve the problem, please attach the following anonymized status output
netbird status -dA
Daemon status: LoginFailed
Run UP command to log in with SSO (interactive login):
netbird up
If you are running a self-hosted version and no SSO provider has been configured in y
our Management Server,
you can use a setup-key:
netbird up --management-url <YOUR_MANAGEMENT_URL> --setup-key <YOUR_SETUP_KEY>
More info: Automate Deployments and Onboard Machines at Scale with Setup Keys - NetBird Docs
Create and upload a debug bundle, and share the returned file key:
netbird debug for 1m -AS -U
Uploaded files are automatically deleted after 30 days.
Alternatively, create the file only and attach it here manually:
Netbird debug for 1m -AS -U
Failed to bring service up: up already in progress: current status LoginFailed
Log level set to trace.
netbird down
Screenshots
Jun 29 17:10:10 php-fpm 668 ERROR Invalid netbird configuration
Jun 29 17:09:42 php-cgi 777 NOTICE The command '/sbin/ifconfig 'wt0' description 'NETBIRD'' returned exit code '1', the output was 'ifconfig: interface wt0 does not exist'
Additional context
The Netbird (Alias) interface is not associated to wt0 (which does not exist).
Compared to Wireguard (which even when the interface / tunnel are disabled, they still exist). I guess, the interface should be created and should be enabled/disabled selectable rather than relying on the tunnel to be up first.
if i run the command from a shell
netbird up --management-url https:
//api.netbird.io:443 --setup-key F367D7B5-DCAA-4A69-9B1A-xxxxxxxx
Error: daemon up failed: login failed: rpc error: code = NotFound desc = couldn't add
peer: setup key is invalid
further: if you run the above with a new key, it works. you can also run netbird down and re-run the netbird up command and it will continue working.
but as soon as you reboot,you need a new key. even if the original key was created with unlimited usage and unlimited expires
\*\* another thing, when saving a change to the settings, pfsense is reporting
`WARNING: write_config() was called without description `*`@ 2026-06-29 21:05:24`*
coincides with this error in the syslog
| Jun 29 21:05:24 | php-fpm | 22005 | NOTICE \[Config\] Configuration Change: admin@192.168.xx.xx (Local Database): /pkg_edit.php made unknown change |
Have you tried these troubleshooting steps?**
- Reviewed client troubleshooting (if applicable)
- Checked for newer NetBird versions
- Searched for similar issues on GitHub (including closed ones)
- Restarted the NetBird client
- Disabled other VPN software
- Checked firewall settings