some services show can't start

yon 0

I don't think having just one report currently counts as a bug, This is unreasonable.

For example, when someone reports an obviously wrong thing about a car, such as the car is running, and your system is showing that the car is stopped, we cannot wait until other people encounter it repeatedly before it can be considered a bug. I think no matter what, once someone reports this If something is obviously wrong, technical verification should be carried out.

If this kind of error can occur, it means there is a problem, whether it is a user setting error or something, because we design the system and should take measures to prevent errors from happening. Since this time there is no error problem in the Linux system used by wireguard on the opposite end of the server. , wiregaurd can actually run on pfsense. There is an error in our pfsense detection. I think that no matter what the situation, an already running service should not be detected as not running. In other words, whether it is caused by user settings or other reasons, we No detection system can mistakenly treat something that has happened as not happening. No matter who the error is attributed to. What I mean is that the car is driving, no matter who is driving, our system cannot show that the car is not driving. .

This is a question of whether it happened or not, not how to drive out. So what I mean is that whether it is a user setting problem or something else, since it has been run and the system has not detected it, there is an error in the system.

I think your whole concept of design is incorrect. Many things cannot wait for many people to report, and many people need to be willing to report at the same time. We should be rigorous from the beginning of the design, and should be open to keep up with the development of advanced technology. I found out about you There are many problems, many of which I have not reported. I am too tired. When designing a system, you must consider various possible situations and consider them in advance. You cannot wait for errors to occur and have to be reported repeatedly before they can be verified. This is incredible. If you follow your approach When designing cars and rocket equipment, do we have to wait until there is an accident and multiple people must be involved in the accident at the same time before we can consider it? This logic is completely incorrect.

yon 0

@stephenw10

The wiregaurd log cannot be found, and pfsense does not display the relevant log. I also want to provide the log to you, but I know where to get this log.

I tested that the tunnel established by wireguard is working normally and the network is open. Currently, the pfsense system detects that wiregaurd is not running, causing the wiregaurd sessions corresponding to frr's bgp to fail to start.

johnpoz

@yon-0 " the first step in locating a bug is to reproduce it reliably"

If nobody can "reproduce" your problem - how would they even begin to fix it?

If you tell your mechanic the car doesn't do X or does Y when you do Z... And you give it to the mechanic and the car does do X, or doesn't do Y when he does Z.. How could he even begin to try and fix it?

Before you put something into redmine - you need to either have multiple people reporting the issue, ie its being reproduced.. Or you need to provide steps to reproduce it, that the developers can do..

I don't see where you have done this - and per Jims comments in your redmine - he is not able to reproduce your issue.

So how would he even start to look into the cause? if he can not start to look into the problem - it serves no purpose having it in redmine.

Which is again why he stated to troubleshoot the problem in the forums.. Which hasn't happened..

Redmine is not a ticketing system where you request help.. It is a bug report and feature request system.. I would suggest you do a simple google on how to do a bug report.. Right near the top is "steps to reproduce" of any guide/instructions you find.

If you have support with netgate - and your having an issue, open a tac case with them.. If not then here in the forums is where the help happens.. If it can be reproduced, then is when you would open the issue in redmine.

Nobody is saying your not having any sort of issue - jim just clearly pointed out that it doesn't belong in redmine at this point in troubleshooting.

yon 0

For example, I am giving an example. In this pfsense version, when I enter the IP or alias of the firewall rule, the firewall cannot correctly display the correct value I set.

I think this kind of error should not happen. After the design and development is completed, we must repeat various checks and it is impossible to let such an obvious error happen. So what I mean is that there is a serious problem with our quality control. Ordinary users should not be expected to find problems, and users should be required to submit technical information to report. Many users do not understand any technical code at all. We should establish a strict quality control process and should not bring errors out of the factory.

23.09-BETA (amd64)
built on Thu Oct 12 14:00:00 CST 2023
FreeBSD 14.0-CURRENT

login-to-view

login-to-view

i setup alias is b1, but show is single/0

johnpoz

@yon-0

https://docs.netgate.com/pfsense/en/latest/development/bug-reports.html

And another thing - if your using "development" code there almost for sure going to be issues with it.. Which should be discussed in the specific forum section for that development version..

I don't know what else to tell you..

yon 0

@johnpoz

There are also many problems with the official version. I have been following you for many years and your quality control has always been problematic. I still have many problems that I have not reported. It is not that there are no problems. There are too many problems and I am too tired.. I use the development version to solve the official problem. A problem with the version, but new problems have arisen in development.

Let me give you a vivid example. I am driving a car. When my car is driving at high speed, your system shows that the car has not started driving, causing various brake failures. Do you mean to let this user repeat this danger again?

I use wiregaurd and all the tools show that they are running normally, but pfsense shows that it is not running. I don't know what detection pfsense relies on.

/root: wg
interface: tun_wg0
  public key: vA7WbNQBYfyMPaeI6hwt2XnO4w2mIDA=
  private key: (hidden)
  listening port: 51820

peer: 01Qz7+akq9Xj2YS7JdKABGI8m6v6C8ic=
  preshared key: (hidden)
  endpoint: 10.50.1.254:62115
  allowed ips: 0.0.0.0/0, ::/0
  latest handshake: 1 minute, 3 seconds ago
  transfer: 303.88 MiB received, 86.84 MiB sent
  persistent keepalive: every 20 seconds

interface: tun_wg1
  public key: MLxvaU4yhGRW4Ufwoa2UxlZpkyk=
  private key: (hidden)
  listening port: 56388

peer: Y2EP0vQL4vTozsCagl/LY0ADSNg3flU=
  preshared key: (hidden)
  endpoint: [2602:fed5:7020::1]:56280
  allowed ips: 0.0.0.0/0, ::/0
  latest handshake: 1 minute, 52 seconds ago
  transfer: 60.87 MiB received, 65.46 MiB sent
  persistent keepalive: every 36 seconds

johnpoz

@yon-0 said in some services show can't start:

and your quality control has always been problematic

My quality control? I have zero to do with the development or quality testing of pfsense - I am just a user..

If you have some specific issue with the development version, I suggest you create a thread in the dev section, with details and hopefully instructions on how to reproduce it.

yon 0

@johnpoz

I didn't specify you, I was saying that the pfsense development team needs to improve.

yon 0

login-to-view

yon 0

UPnP & NAT-PMP service can't start also. this my setup.

login-to-view

johnpoz

@yon-0 said in some services show can't start:

I didn't specify you

Maybe your not a native english speaker? But the use of "your" when you set the reply directed at me.. with the @johnpoz seems pretty directed at me ;)

Prob should of worded that more like this

I have been following pfsense for many years and Its quality control has always been problematic

Anywho - moving this to the development section. You are more likely to get others using 23.09 to chime in there, and maybe they have seen the same sort of issue your having..

stephenw10

Wireguard tunnels can be up but the servcie that manages them may not be running. Look for php_wg.

Unfortunately there is very little logging from wireguard. However when you start the service and it fails to start there should be something logged in the main system log.

You clearly have quite a complex and unusual config and some part of it is causing a problem. It's not simply that WG and UPnP don't work in 23.09. We need to know a lot more to try to replicate and fix it.

stephenw10

@yon-0 said in some services show can't start:

i setup alias is b1, but show is single/0

Ok, that is a bug I can easily replicate that.

yon 0

@johnpoz

Yes, my native language is not English.

I'm talking about things, not targeting anyone. I want pfsense to be better, that's why I say so much. I found that the development team may have different philosophies, so there may be differences in how to do things. My philosophy is to use the most advanced technology, but the development is suitable for strict technical quality control. Every change developed must be tested in different internal environments, especially some that may cause serious problems and cannot be taken outside at all.
I found that the current philosophy of the Pfsense team is that they are afraid to use advanced technologies, especially some new technologies that they dare not try and need to wait for a long time. Technology is advancing with the times, and many technologies are time-sensitive and cannot be used for a long time. We must be brave enough to try the latest Instead of avoiding things for fear of problems, it is best to control the quality of every detail is crucial. If you don’t try new technologies and find problems, users are likely to use them in conjunction with various new technologies or new equipment. If the team has not used new technologies, it will be difficult to integrate them with user needs. Computer technology relies heavily on innovation. The change in one year can be huge and it is impossible to wait until a year later to use it.

There is a difference between opnsense and pfsense in adopting new technologies. OP is more willing to try new technologies or new things. I am used to various settings of pfsense, so it is difficult for me to change.

yon 0

I recently used DTLS technology for udp tunnel, I contacted the developer directly to provide various suggestions and improvements were quickly implemented. He is a Ukrainian developer and I think he is very patient.

So if pfsense can consider adding new technology features, I recommend it.

The website of his works is this

https://github.com/Snawoot/dtlspipe

yon 0

@stephenw10

This is an example. These could have been discovered through internal review. It's too obvious. So why am I tired of reporting bugs? I'm not a technical developer and I don't know the specific details of the code. I can only report from the superficial phenomenon. Regarding the specific details, Technical issues require investigation and judgment by your technical staff. It is too difficult to leave it to ordinary users to investigate.

yon 0

I use DTLS to protect wireguard, Wiregaurd has obvious characteristic shortcomings. The handshake part of the data packet is too easy to be detected and blocked by DPI.

Tested using DTLS and the result is that there are obvious benefits. It is currently not blocked by DPI and reduces interference. I worked with this developer to improve it.

stephenw10

@stephenw10 said in some services show can't start:

Ok, that is a bug I can easily replicate that.

https://redmine.pfsense.org/issues/14870

yon 0

@stephenw10

when i input network 2602:fed6:7021::/48, it is show network/0 in firewall rule

login-to-view

stephenw10

This should actually be fixed in todays build (23.09.b.20231013.0600) are you testing that?

Existing rules will need to be resaved to populate the aliases correctly.

Steve