some services show can't start

stephenw10 · Oct 28, 2023, 2:53 PM

What command? We just need to see what is on those lines in the rules.debug file.

yon 0 · Oct 28, 2023, 2:50 PM

yon 0 · Oct 28, 2023, 4:15 PM

@stephenw10

That is the result of running pfctl -v -f /tmp/rules.debug in the previous version.

stephenw10 · Nov 8, 2023, 4:11 PM

That looks like a screenshot of the boot logs.

We need to see what is on lines 194 and 593 in rules.debug. Since that is the error shown.

yon 0 · Nov 8, 2023, 4:11 PM

@stephenw10

no found lines 194 and 593 in rules.debug on that time.

yon 0 · Nov 8, 2023, 4:13 PM

v23.09 WAN route is null,WAN routing is not accessible at all from LAN

yon 0 · Nov 8, 2023, 4:39 PM

stephenw10 · Nov 8, 2023, 5:15 PM

No default IPv4 route?

yon 0 · Nov 9, 2023, 11:28 AM

@stephenw10

i have setup default ipv4 route via wg0, but some ips setup via ISP WAN. now it is can't via WAN route out.

stephenw10 · Nov 9, 2023, 2:44 PM

So you have added some static routes via WAN and traffic is not following those? How are you adding them?

Does it go out via the wg gateway incorrectly?

hannesclp · Nov 19, 2023, 4:44 PM

I am having similar issues on the 2.7.1 concerning wireguard. I am using as a lab environment at home. It is a fresh install in which I restored from a previous backup. The wireguard service does not start and I am unable to manually start it.

I am a bit concerned about updating our company firewalls which are currently running on 23.05.1 since we heavily rely on wireguard tunnels. Quite a few sites are quite far away to drive if we face a major failure.

The log includes the following errors:

Nov 19 17:30:28	php-cgi	467	rc.bootup: The command '/sbin/route -n6 get 'default' 2>/dev/null | /usr/bin/egrep 'flags: <.*PROTO.*>'' returned exit code '1', the output was ''
Nov 19 17:30:36	php_wg	82338	/usr/local/pkg/wireguard/includes/wg_service.inc: The command '/sbin/route -n6 get 'default' 2>/dev/null | /usr/bin/egrep 'flags: <.*PROTO.*>'' returned exit code '1', the output was ''
Nov 19 17:30:36	php_wg	82338	/usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] Applied package default settings as necessary.
Nov 19 17:30:35	php_wg	82338	/usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] Installed Unbound ACL group (WireGuard).
Nov 19 17:30:35	php_wg	82338	/usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] De-installed Unbound ACL group (WireGuard).
Nov 19 17:30:35	check_reload_status	432	Syncing firewall
Nov 19 17:30:35	php_wg	82338	/usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] Installed interface group (WireGuard).
Nov 19 17:30:35	check_reload_status	432	Syncing firewall
Nov 19 17:30:35	php_wg	82338	/usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] De-installed interface group (WireGuard).
Nov 19 17:30:35	php_wg	82338	/usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] Installed earlyshellcmd(s).
Nov 19 17:30:35	php_wg	82338	/usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] De-installed earlyshellcmd(s).
Nov 19 17:30:35	kernel		tun_wg0: link state changed to UP
Nov 19 17:30:35	kernel		wg1: changing name to 'tun_wg0'
Nov 19 17:30:35	php_wg	82338	/usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] Applied package default settings as necessary.
Nov 19 17:30:35	php_wg	82338	/usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] Installed Unbound ACL group (WireGuard).
Nov 19 17:30:35	php_wg	82338	/usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] De-installed Unbound ACL group (WireGuard).
Nov 19 17:30:35	php_wg	82338	/usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] Installed interface group (WireGuard).
Nov 19 17:30:35	php_wg	82338	/usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] De-installed interface group (WireGuard).
Nov 19 17:30:35	php_wg	82338	/usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] Installed earlyshellcmd(s).
Nov 19 17:30:35	php_wg	82338	/usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] De-installed earlyshellcmd(s).
Nov 19 17:30:35	kernel		wg0: changing name to 'tun_wg1'
Nov 19 17:30:35	php_wg	82338	/usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] Applied package default settings as necessary.
Nov 19 17:30:35	php_wg	82338	/usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] Installed Unbound ACL group (WireGuard).
Nov 19 17:30:35	php_wg	82338	/usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] De-installed Unbound ACL group (WireGuard).
Nov 19 17:30:35	php_wg	82338	/usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] Installed interface group (WireGuard).
Nov 19 17:30:35	php_wg	82338	/usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] De-installed interface group (WireGuard).
Nov 19 17:30:35	php_wg	82338	/usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] Installed earlyshellcmd(s).
Nov 19 17:30:35	php_wg	82338	/usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] De-installed earlyshellcmd(s).
Nov 19 17:30:35	kernel		tun_wg0: link state changed to DOWN
Nov 19 17:30:34	kernel		tun_wg1: link state changed to DOWN
Nov 19 17:30:34	php-fpm	18459	/rc.start_packages: Configuration Change: (system): [pfSense-pkg-WireGuard] Applied package default settings as necessary.
Nov 19 17:30:34	php-fpm	18459	/rc.start_packages: Configuration Change: (system): [pfSense-pkg-WireGuard] Installed Unbound ACL group (WireGuard).
Nov 19 17:30:34	php-fpm	18459	/rc.start_packages: Configuration Change: (system): [pfSense-pkg-WireGuard] De-installed Unbound ACL group (WireGuard).
Nov 19 17:30:34	php-fpm	18459	/rc.start_packages: Configuration Change: (system): [pfSense-pkg-WireGuard] Installed interface group (WireGuard).
Nov 19 17:30:34	php-fpm	18459	/rc.start_packages: Configuration Change: (system): [pfSense-pkg-WireGuard] De-installed interface group (WireGuard).
Nov 19 17:30:34	check_reload_status	432	Syncing firewall
Nov 19 17:30:34	php-fpm	18459	/rc.start_packages: Configuration Change: (system): [pfSense-pkg-WireGuard] Installed earlyshellcmd(s).
Nov 19 17:30:34	check_reload_status	432	Syncing firewall
Nov 19 17:30:34	php-fpm	18459	/rc.start_packages: Configuration Change: (system): [pfSense-pkg-WireGuard] De-installed earlyshellcmd(s).
Nov 19 17:30:34	php-fpm	18459	/rc.start_packages: Restarting/Starting all packages.
Nov 19 17:30:43	php-fpm	86806	/rc.start_packages: Configuration Change: (system): [pfSense-pkg-WireGuard] Applied package default settings as necessary.
Nov 19 17:30:43	php-fpm	86806	/rc.start_packages: Configuration Change: (system): [pfSense-pkg-WireGuard] Installed Unbound ACL group (WireGuard).
Nov 19 17:30:43	php-fpm	86806	/rc.start_packages: Configuration Change: (system): [pfSense-pkg-WireGuard] De-installed Unbound ACL group (WireGuard).
Nov 19 17:30:43	php-fpm	86806	/rc.start_packages: Configuration Change: (system): [pfSense-pkg-WireGuard] Installed interface group (WireGuard).
Nov 19 17:30:43	php-fpm	86806	/rc.start_packages: Configuration Change: (system): [pfSense-pkg-WireGuard] De-installed interface group (WireGuard).
Nov 19 17:30:43	check_reload_status	432	Syncing firewall
Nov 19 17:30:43	php-fpm	86806	/rc.start_packages: Configuration Change: (system): [pfSense-pkg-WireGuard] Installed earlyshellcmd(s).
Nov 19 17:30:43	check_reload_status	432	Syncing firewall
Nov 19 17:30:43	php-fpm	86806	/rc.start_packages: Configuration Change: (system): [pfSense-pkg-WireGuard] De-installed earlyshellcmd(s).
Nov 19 17:30:43	php-fpm	86806	/rc.start_packages: Restarting/Starting all packages.
Nov 19 17:30:42	syslogd		kernel boot file is /boot/kernel/kernel
Nov 19 17:30:42	syslogd		exiting on signal 15
Nov 19 17:30:42	kernel		done.

Interesting is that everything runs fine as soon as I dis- and re-enable one of the wireguard interfaces. Maybe that is some kind of help?

stephenw10 · Nov 19, 2023, 6:27 PM

Hmm, the only thing that actually looks like an error there is that route command and that could be because it's run at boot.

What new errors do you see if you try to start the service after boot?

What if you manually run: /sbin/route -n6 get 'default'

Steve

hannesclp · Nov 19, 2023, 8:09 PM

@stephenw10
First of all thanks for your almost instant reply :-)

@stephenw10 said in some services show can't start:

What if you manually run: /sbin/route -n6 get 'default'

route: route has not been found: No error: 0

We do not have a default gateway IPv6 set though - we solely use IPv4 for our uplinks.

@stephenw10 said in some services show can't start:

What new errors do you see if you try to start the service after boot?
Actually none in the logs at least and none in the gui as well. Do you want me to check out a certain log?

Interesting enough is that wireguard is actually working and I can ping the wg host on the other side. Pfsense just doesn't bring up the gateway for the static routes since the wireguard service is down.

[2.7.1-RELEASE][admin@labgate]/root: ps aux | grep php_wg
root    63787   0.0  0.1  12752   2388  0  S+   21:07     0:00.00 grep php_wg
[2.7.1-RELEASE][admin@labgate]/root:

hannesclp · Nov 19, 2023, 8:52 PM

Update on the wirguard issue:

I am pretty sure I hit bug #14613 (https://redmine.pfsense.org/issues/14613).

The wireguard gui part is not responsive and cannot be started.

[2.7.1-RELEASE][admin@labgate]/root: fstat /var/run/wireguardd.pid
USER     CMD          PID   FD MOUNT      INUM MODE         SZ|DV R/W NAME
root     dpinger    59313   10 /var/run     57 -rw-r--r--       5 rw  /var/run/wireguardd.pid
root     dpinger    58892   10 /var/run     57 -rw-r--r--       5 rw  /var/run/wireguardd.pid
root     dpinger    58557   10 /var/run     57 -rw-r--r--       5 rw  /var/run/wireguardd.pid

As soon as I do a

[2.7.1-RELEASE][admin@labgate]/root: /usr/local/bin/php_wg -f /usr/local/pkg/wireguard/includes/wg_service.inc stop

I can start the wireguard gui through the webinterface and php_wg is running:

[2.7.1-RELEASE][admin@labgate]/root: ps aux | grep php_wg
root    61681   0.0  2.3  68272  46144  -  Ss   21:47    0:00.06 php_wg: WireGuard service (php_wg)
root    23988   0.0  0.1  12752   2392  0  S+   21:51    0:00.00 grep php_wg

stephenw10 · Nov 20, 2023, 1:16 PM

Ah, interesting. But you only saw this after upgrading to 2.7.1?

This should probably be in a new thread.

hannesclp · Nov 20, 2023, 2:02 PM

@stephenw10
Actually it is a fresh install of 2.7.0 and I restored from a backup. Since I immediately updated to 2.7.1 I cannot really tell. Everything worked until the first reboot…

stephenw10 · Nov 20, 2023, 2:48 PM

Ah, well it would be interesting to test that if you can. If this is a new issue in 2.7.1 it's probably not the same as the one you linked to.

hannesclp · Nov 20, 2023, 2:52 PM

@stephenw10
I will give it a try and reinstall the machine. Maybe its the same bug in 2.7.0 and 2.7.1…

stephenw10 · Nov 20, 2023, 3:06 PM

It probably is. In which case we have somewhere to start digging and more data points to pin it down. Otherwise if it's a regression in 2.7.1 we need to know about it.

hannesclp · Nov 20, 2023, 4:19 PM

@stephenw10
I just checked the 2.7.0 as well. The same error occurs after it's first restart. php-wg is offline but wireguard itself seems to be working.