some services show can't start
-
The settings are brought over from the 23.05 configuration.
Maybe I found the reason why starting wg service cannot be displayed.
when setup wiregaurd endpoint address use pfsense LAN gateway ipv6 address, then pfsense show can't start wiregaurd service.
Could you try test this?
-
So you were adding the IPv6 LL addresses as IPAliases VIPs in 23.05.1 also?
Is the LAN IPv6 address not valid?
-
@stephenw10 said in some services show can't start:
So you were adding the IPv6 LL addresses as IPAliases VIPs in 23.05.1 also?
yes.Is the LAN IPv6 address not valid?
when wireguard endpoint input Lan ip, then pfsense can't start wg service. but in fact wg is normal running.
i have try deleted endpoint LAN ip, only use 127.0.0.1 ,then pfsense may start wg service. -
Right but the LAN IPv6 address it's set to use is a valid address at the time WG tries to start?
-
@stephenw10 said in some services show can't start:
Right but the LAN IPv6 address it's set to use is a valid address at the time WG tries to start?
yes, it is public ipv6 valid address.
-
use 127.0.0.1 wg endpoint address can't start service also now.
23.09-BETA (amd64)
built on Wed Oct 18 14:00:00 CST 2023
FreeBSD 14.0-CURRENTOct 18 22:05:57 php_wg 48848 /usr/local/pkg/wireguard/includes/wg_service.inc: The command '/sbin/route -n6 get 'default' 2>/dev/null | /usr/bin/egrep 'flags: <.*PROTO.*>'' returned exit code '1', the output was '' Oct 18 22:05:57 php_wg 48848 /usr/local/pkg/wireguard/includes/wg_service.inc: Default gateway setting frwg0 as default. Oct 18 22:05:55 check_reload_status 1217 Syncing firewall Oct 18 22:05:54 php_wg 48848 /usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] Applied package default settings as necessary. Oct 18 22:05:53 php_wg 48848 /usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] Installed Unbound ACL group (WireGuard). Oct 18 22:05:52 php_wg 48848 /usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] De-installed Unbound ACL group (WireGuard). Oct 18 22:05:51 php_wg 48848 /usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] Installed interface group (WireGuard). Oct 18 22:05:50 php_wg 48848 /usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] De-installed interface group (WireGuard). Oct 18 22:05:49 php_wg 48848 /usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] Installed earlyshellcmd(s). Oct 18 22:05:48 check_reload_status 1217 Syncing firewall Oct 18 22:05:48 php_wg 48848 /usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] De-installed earlyshellcmd(s). Oct 18 22:05:40 php_wg 48848 /usr/local/pkg/wireguard/includes/wg_service.inc: Error starting gateway monitor for UKWG Oct 18 22:05:40 php_wg 48848 /usr/local/pkg/wireguard/includes/wg_service.inc: The command '/usr/local/bin/dpinger -S -r 0 -i UKWG -B 10.18.1.2 -p /var/run/dpinger_UKWG~10.18.1.2~10.18.1.1.pid -u /var/run/dpinger_UKWG~10.18.1.2~10.18.1.1.sock -C "/etc/rc.gateway_alarm" -d 1 -s 500 -l 2000 -t 60000 -A 1000 -D 600 -L 80 10.18.1.1 >/dev/null' returned exit code '1', the output was '' Oct 18 22:05:40 php-fpm 60021 /rc.filter_configure_sync: dpinger: No dpinger session running for gateway wg0GW Oct 18 22:05:39 php-fpm 60021 /rc.filter_configure_sync: dpinger: No dpinger session running for gateway FMTZHU Oct 18 22:05:39 php-fpm 60021 /rc.filter_configure_sync: dpinger: No dpinger session running for gateway DEwg Oct 18 22:05:37 check_reload_status 1217 Syncing firewall Oct 18 22:05:37 php_wg 48848 /usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] Applied package default settings as necessary. Oct 18 22:05:35 php_wg 48848 /usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] Installed Unbound ACL group (WireGuard). Oct 18 22:05:35 php_wg 48848 /usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] De-installed Unbound ACL group (WireGuard). Oct 18 22:05:33 php_wg 48848 /usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] Installed interface group (WireGuard). Oct 18 22:05:33 php_wg 48848 /usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] De-installed interface group (WireGuard). Oct 18 22:05:32 php_wg 48848 /usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] Installed earlyshellcmd(s). Oct 18 22:05:32 check_reload_status 1217 Syncing firewall Oct 18 22:05:32 php_wg 48848 /usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] De-installed earlyshellcmd(s). Oct 18 22:05:26 php_wg 48848 /usr/local/pkg/wireguard/includes/wg_service.inc: Error starting gateway monitor for OPT7GW Oct 18 22:05:26 php_wg 48848 /usr/local/pkg/wireguard/includes/wg_service.inc: The command '/usr/local/bin/dpinger -S -r 0 -i OPT7GW -B 10.17.2.2 -p /var/run/dpinger_OPT7GW~10.17.2.2~10.17.2.1.pid -u /var/run/dpinger_OPT7GW~10.17.2.2~10.17.2.1.sock -C "/etc/rc.gateway_alarm" -d 1 -s 500 -l 2000 -t 60000 -A 1000 -D 600 -L 80 10.17.2.1 >/dev/null' returned exit code '1', the output was '' Oct 18 22:05:26 php-fpm 60021 /rc.filter_configure_sync: dpinger: No dpinger session running for gateway wg0GW Oct 18 22:05:26 php-fpm 60021 /rc.filter_configure_sync: dpinger: No dpinger session running for gateway WAN_PPPOE Oct 18 22:05:24 php_wg 48848 /usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] Applied package default settings as necessary. Oct 18 22:05:23 php_wg 48848 /usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] Installed Unbound ACL group (WireGuard). Oct 18 22:05:22 php_wg 48848 /usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] De-installed Unbound ACL group (WireGuard). Oct 18 22:05:21 check_reload_status 1217 Syncing firewall Oct 18 22:05:21 php_wg 48848 /usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] Installed interface group (WireGuard). Oct 18 22:05:21 php_wg 48848 /usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] De-installed interface group (WireGuard). Oct 18 22:05:20 check_reload_status 1217 Syncing firewall Oct 18 22:05:20 php_wg 48848 /usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] Installed earlyshellcmd(s). Oct 18 22:05:20 check_reload_status 1217 Syncing firewall Oct 18 22:05:19 php_wg 48848 /usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] De-installed earlyshellcmd(s). Oct 18 22:05:12 php_wg 48848 /usr/local/pkg/wireguard/includes/wg_service.inc: Error starting gateway monitor for DEwgGW Oct 18 22:05:12 php_wg 48848 /usr/local/pkg/wireguard/includes/wg_service.inc: The command '/usr/local/bin/dpinger -S -r 0 -i DEwgGW -B 10.11.0.2 -p /var/run/dpinger_DEwgGW~10.11.0.2~10.11.0.1.pid -u /var/run/dpinger_DEwgGW~10.11.0.2~10.11.0.1.sock -C "/etc/rc.gateway_alarm" -d 1 -s 500 -l 2000 -t 60000 -A 1000 -D 600 -L 80 10.11.0.1 >/dev/null' returned exit code '1', the output was '' Oct 18 22:05:05 php_wg 48848 /usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] Applied package default settings as necessary. Oct 18 22:05:04 php_wg 48848 /usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] Installed Unbound ACL group (WireGuard). Oct 18 22:05:03 check_reload_status 1217 Syncing firewall Oct 18 22:05:03 php_wg 48848 /usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] De-installed Unbound ACL group (WireGuard). Oct 18 22:05:01 check_reload_status 1217 Syncing firewall Oct 18 22:05:01 php_wg 48848 /usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] Installed interface group (WireGuard). Oct 18 22:05:00 check_reload_status 1217 Syncing firewall Oct 18 22:04:59 php_wg 48848 /usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] De-installed interface group (WireGuard). Oct 18 22:04:58 check_reload_status 1217 Syncing firewall Oct 18 22:04:57 php_wg 48848 /usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] Installed earlyshellcmd(s). Oct 18 22:04:57 check_reload_status 1217 Syncing firewall Oct 18 22:04:57 php_wg 48848 /usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] De-installed earlyshellcmd(s). Oct 18 22:04:49 php_wg 48848 /usr/local/pkg/wireguard/includes/wg_service.inc: Error starting gateway monitor for wg3GW Oct 18 22:04:49 php_wg 48848 /usr/local/pkg/wireguard/includes/wg_service.inc: The command '/usr/local/bin/dpinger -S -r 0 -i wg3GW -B 10.15.1.2 -p /var/run/dpinger_wg3GW~10.15.1.2~10.15.1.1.pid -u /var/run/dpinger_wg3GW~10.15.1.2~10.15.1.1.sock -C "/etc/rc.gateway_alarm" -d 1 -s 500 -l 2000 -t 60000 -A 1000 -D 600 -L 80 10.15.1.1 >/dev/null' returned exit code '1', the output was '' Oct 18 22:04:48 php-fpm 60021 /rc.filter_configure_sync: dpinger: No dpinger session running for gateway wg3GW Oct 18 22:04:48 php-fpm 60021 /rc.filter_configure_sync: dpinger: No dpinger session running for gateway wg0 Oct 18 22:04:48 php-fpm 60021 /rc.filter_configure_sync: dpinger: No dpinger session running for gateway wg0GW -
Filter Reload
There were error(s) loading the rules: /tmp/rules.debug:198: syntax error - The line in question reads [198]: binat on pppoe2 inet from to any -> 10.1.7.12
@ 2023-10-24 00:11:20
There were error(s) loading the rules: /tmp/rules.debug:198: syntax error - The line in question reads [198]: binat on pppoe2 inet from to any -> 10.1.7.12
@ 2023-10-24 00:12:14
There were error(s) loading the rules: /tmp/rules.debug:198: syntax error - The line in question reads [198]: binat on pppoe2 inet from to any -> 10.1.7.12
@ 2023-10-24 00:13:08
There were error(s) loading the rules: /tmp/rules.debug:198: syntax error - The line in question reads [198]: binat on pppoe2 inet from to any -> 10.1.7.12 -
What address is that mapping supposed to be from?
-
no setup Port Forward for pppoe2. I don't know where this comes from either.
-
It's a 1:1 NAT rule.
Do you have any 1:1 NAT rules? Perhaps the interface got switched out somehow.
-
@yon-0 said in some services show can't start:
Filter Reload
There were error(s) loading the rules: /tmp/rules.debug:198: syntax error - The line in question reads [198]: binat on pppoe2 inet from to any -> 10.1.7.12
@ 2023-10-24 00:11:20
There were error(s) loading the rules: /tmp/rules.debug:198: syntax error - The line in question reads [198]: binat on pppoe2 inet from to any -> 10.1.7.12
@ 2023-10-24 00:12:14
There were error(s) loading the rules: /tmp/rules.debug:198: syntax error - The line in question reads [198]: binat on pppoe2 inet from to any -> 10.1.7.12
@ 2023-10-24 00:13:08
There were error(s) loading the rules: /tmp/rules.debug:198: syntax error - The line in question reads [198]: binat on pppoe2 inet from to any -> 10.1.7.12Thank you for reporting this. The fix should be in the next snapshot. See https://redmine.pfsense.org/issues/14918
If that fixes it for you, please let us know here or on the redmine report.
-
Services: Shellcmd
I added 6 shellcmd configurations, but when the system restarts, the 5th-6th shellcmd configurations cannot be executed.
-
@marcosm said in some services show can't start:
@yon-0 said in some services show can't start:
Filter Reload
There were error(s) loading the rules: /tmp/rules.debug:198: syntax error - The line in question reads [198]: binat on pppoe2 inet from to any -> 10.1.7.12
@ 2023-10-24 00:11:20
There were error(s) loading the rules: /tmp/rules.debug:198: syntax error - The line in question reads [198]: binat on pppoe2 inet from to any -> 10.1.7.12
@ 2023-10-24 00:12:14
There were error(s) loading the rules: /tmp/rules.debug:198: syntax error - The line in question reads [198]: binat on pppoe2 inet from to any -> 10.1.7.12
@ 2023-10-24 00:13:08
There were error(s) loading the rules: /tmp/rules.debug:198: syntax error - The line in question reads [198]: binat on pppoe2 inet from to any -> 10.1.7.12Thank you for reporting this. The fix should be in the next snapshot. See https://redmine.pfsense.org/issues/14918
If that fixes it for you, please let us know here or on the redmine report.
ok. Let me observe.
-
System startup can't be completed in this version, but it does not affect the use of webgui.
23.09-BETA (amd64)
built on Tue Oct 24 1:01:00 CST 2023
FreeBSD 14.0-CURRENT
-
23.09-BETA (amd64)
built on Tue Oct 24 1:01:00 CST 2023
FreeBSD 14.0-CURRENTUnable to route over WAN
-
firewall bug
When I change the firewall to go out from the designated gateway, the firewall does not actually take effect.
eg: LAN via vpn route out, but some 10.50.2.50 via WAN, the via wan can't work.
The reload page always gets stuck
-
What happens if you try to reload it at the CLI:
pfctl -v -f /tmp/rules.debugIf it's gets stuck where does it stick?
-
@stephenw10 said in some services show can't start:
pfctl -v -f /tmp/rules.debug
GWZHUVP_VPNV4 = " route-to ( ovpnc5 10.15.0.1 ) "
GWSEAVPN_VPNV6 = " "
GWSEAVPN_VPNV4 = " "
GWUKWG = " route-to ( tun_wg3 10.18.1.1 ) "GWvp = " route-to { ( ovpnc12 10.16.0.1 ) ( ovpnc5 10.15.0.1 ) } round-robin "
GWFRVP = " route-to { ( ovpnc12 10.16.0.1 ) } "
GWEUv4 = " route-to { ( ovpnc12 10.16.0.1 ) } "
GWUSv4 = " route-to { ( ovpnc5 10.15.0.1 ) } "
set loginterface vtnet1
set skip on { pfsync0 }
/tmp/rules.debug:194: syntax error
tonatsubnets = "{ 127.0.0.0/8 ::1/128 10.50.0.0/16 }"
/tmp/rules.debug:593: syntax error
pfctl: Syntax error in config file: pf rules not loaded -
@stephenw10 said in some services show can't start:
What happens if you try to reload it at the CLI:
pfctl -v -f /tmp/rules.debugIf it's gets stuck where does it stick?
When I change the firewall to go out from the designated gateway and saved, then show that.
-
Ok what's on lines 194 and 593 in the file?
