some services show can't start
-
That is the result of running pfctl -v -f /tmp/rules.debug in the previous version.
-
That looks like a screenshot of the boot logs.
We need to see what is on lines 194 and 593 in rules.debug. Since that is the error shown.
-
no found lines 194 and 593 in rules.debug on that time.
-
v23.09 WAN route is null,WAN routing is not accessible at all from LAN
-
-
No default IPv4 route?
-
i have setup default ipv4 route via wg0, but some ips setup via ISP WAN. now it is can't via WAN route out.
-
So you have added some static routes via WAN and traffic is not following those? How are you adding them?
Does it go out via the wg gateway incorrectly?
-
I am having similar issues on the 2.7.1 concerning wireguard. I am using as a lab environment at home. It is a fresh install in which I restored from a previous backup. The wireguard service does not start and I am unable to manually start it.
I am a bit concerned about updating our company firewalls which are currently running on 23.05.1 since we heavily rely on wireguard tunnels. Quite a few sites are quite far away to drive if we face a major failure.
The log includes the following errors:
Nov 19 17:30:28 php-cgi 467 rc.bootup: The command '/sbin/route -n6 get 'default' 2>/dev/null | /usr/bin/egrep 'flags: <.*PROTO.*>'' returned exit code '1', the output was '' Nov 19 17:30:36 php_wg 82338 /usr/local/pkg/wireguard/includes/wg_service.inc: The command '/sbin/route -n6 get 'default' 2>/dev/null | /usr/bin/egrep 'flags: <.*PROTO.*>'' returned exit code '1', the output was '' Nov 19 17:30:36 php_wg 82338 /usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] Applied package default settings as necessary. Nov 19 17:30:35 php_wg 82338 /usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] Installed Unbound ACL group (WireGuard). Nov 19 17:30:35 php_wg 82338 /usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] De-installed Unbound ACL group (WireGuard). Nov 19 17:30:35 check_reload_status 432 Syncing firewall Nov 19 17:30:35 php_wg 82338 /usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] Installed interface group (WireGuard). Nov 19 17:30:35 check_reload_status 432 Syncing firewall Nov 19 17:30:35 php_wg 82338 /usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] De-installed interface group (WireGuard). Nov 19 17:30:35 php_wg 82338 /usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] Installed earlyshellcmd(s). Nov 19 17:30:35 php_wg 82338 /usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] De-installed earlyshellcmd(s). Nov 19 17:30:35 kernel tun_wg0: link state changed to UP Nov 19 17:30:35 kernel wg1: changing name to 'tun_wg0' Nov 19 17:30:35 php_wg 82338 /usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] Applied package default settings as necessary. Nov 19 17:30:35 php_wg 82338 /usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] Installed Unbound ACL group (WireGuard). Nov 19 17:30:35 php_wg 82338 /usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] De-installed Unbound ACL group (WireGuard). Nov 19 17:30:35 php_wg 82338 /usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] Installed interface group (WireGuard). Nov 19 17:30:35 php_wg 82338 /usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] De-installed interface group (WireGuard). Nov 19 17:30:35 php_wg 82338 /usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] Installed earlyshellcmd(s). Nov 19 17:30:35 php_wg 82338 /usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] De-installed earlyshellcmd(s). Nov 19 17:30:35 kernel wg0: changing name to 'tun_wg1' Nov 19 17:30:35 php_wg 82338 /usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] Applied package default settings as necessary. Nov 19 17:30:35 php_wg 82338 /usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] Installed Unbound ACL group (WireGuard). Nov 19 17:30:35 php_wg 82338 /usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] De-installed Unbound ACL group (WireGuard). Nov 19 17:30:35 php_wg 82338 /usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] Installed interface group (WireGuard). Nov 19 17:30:35 php_wg 82338 /usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] De-installed interface group (WireGuard). Nov 19 17:30:35 php_wg 82338 /usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] Installed earlyshellcmd(s). Nov 19 17:30:35 php_wg 82338 /usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] De-installed earlyshellcmd(s). Nov 19 17:30:35 kernel tun_wg0: link state changed to DOWN Nov 19 17:30:34 kernel tun_wg1: link state changed to DOWN Nov 19 17:30:34 php-fpm 18459 /rc.start_packages: Configuration Change: (system): [pfSense-pkg-WireGuard] Applied package default settings as necessary. Nov 19 17:30:34 php-fpm 18459 /rc.start_packages: Configuration Change: (system): [pfSense-pkg-WireGuard] Installed Unbound ACL group (WireGuard). Nov 19 17:30:34 php-fpm 18459 /rc.start_packages: Configuration Change: (system): [pfSense-pkg-WireGuard] De-installed Unbound ACL group (WireGuard). Nov 19 17:30:34 php-fpm 18459 /rc.start_packages: Configuration Change: (system): [pfSense-pkg-WireGuard] Installed interface group (WireGuard). Nov 19 17:30:34 php-fpm 18459 /rc.start_packages: Configuration Change: (system): [pfSense-pkg-WireGuard] De-installed interface group (WireGuard). Nov 19 17:30:34 check_reload_status 432 Syncing firewall Nov 19 17:30:34 php-fpm 18459 /rc.start_packages: Configuration Change: (system): [pfSense-pkg-WireGuard] Installed earlyshellcmd(s). Nov 19 17:30:34 check_reload_status 432 Syncing firewall Nov 19 17:30:34 php-fpm 18459 /rc.start_packages: Configuration Change: (system): [pfSense-pkg-WireGuard] De-installed earlyshellcmd(s). Nov 19 17:30:34 php-fpm 18459 /rc.start_packages: Restarting/Starting all packages. Nov 19 17:30:43 php-fpm 86806 /rc.start_packages: Configuration Change: (system): [pfSense-pkg-WireGuard] Applied package default settings as necessary. Nov 19 17:30:43 php-fpm 86806 /rc.start_packages: Configuration Change: (system): [pfSense-pkg-WireGuard] Installed Unbound ACL group (WireGuard). Nov 19 17:30:43 php-fpm 86806 /rc.start_packages: Configuration Change: (system): [pfSense-pkg-WireGuard] De-installed Unbound ACL group (WireGuard). Nov 19 17:30:43 php-fpm 86806 /rc.start_packages: Configuration Change: (system): [pfSense-pkg-WireGuard] Installed interface group (WireGuard). Nov 19 17:30:43 php-fpm 86806 /rc.start_packages: Configuration Change: (system): [pfSense-pkg-WireGuard] De-installed interface group (WireGuard). Nov 19 17:30:43 check_reload_status 432 Syncing firewall Nov 19 17:30:43 php-fpm 86806 /rc.start_packages: Configuration Change: (system): [pfSense-pkg-WireGuard] Installed earlyshellcmd(s). Nov 19 17:30:43 check_reload_status 432 Syncing firewall Nov 19 17:30:43 php-fpm 86806 /rc.start_packages: Configuration Change: (system): [pfSense-pkg-WireGuard] De-installed earlyshellcmd(s). Nov 19 17:30:43 php-fpm 86806 /rc.start_packages: Restarting/Starting all packages. Nov 19 17:30:42 syslogd kernel boot file is /boot/kernel/kernel Nov 19 17:30:42 syslogd exiting on signal 15 Nov 19 17:30:42 kernel done.
Interesting is that everything runs fine as soon as I dis- and re-enable one of the wireguard interfaces. Maybe that is some kind of help?
-
Hmm, the only thing that actually looks like an error there is that route command and that could be because it's run at boot.
What new errors do you see if you try to start the service after boot?
What if you manually run:
/sbin/route -n6 get 'default'
Steve
-
@stephenw10
First of all thanks for your almost instant reply :-)@stephenw10 said in some services show can't start:
What if you manually run: /sbin/route -n6 get 'default'
route: route has not been found: No error: 0
We do not have a default gateway IPv6 set though - we solely use IPv4 for our uplinks.
@stephenw10 said in some services show can't start:
What new errors do you see if you try to start the service after boot?
Actually none in the logs at least and none in the gui as well. Do you want me to check out a certain log?Interesting enough is that wireguard is actually working and I can ping the wg host on the other side. Pfsense just doesn't bring up the gateway for the static routes since the wireguard service is down.
[2.7.1-RELEASE][admin@labgate]/root: ps aux | grep php_wg root 63787 0.0 0.1 12752 2388 0 S+ 21:07 0:00.00 grep php_wg [2.7.1-RELEASE][admin@labgate]/root:
-
Update on the wirguard issue:
I am pretty sure I hit bug #14613 (https://redmine.pfsense.org/issues/14613).
The wireguard gui part is not responsive and cannot be started.
[2.7.1-RELEASE][admin@labgate]/root: fstat /var/run/wireguardd.pid USER CMD PID FD MOUNT INUM MODE SZ|DV R/W NAME root dpinger 59313 10 /var/run 57 -rw-r--r-- 5 rw /var/run/wireguardd.pid root dpinger 58892 10 /var/run 57 -rw-r--r-- 5 rw /var/run/wireguardd.pid root dpinger 58557 10 /var/run 57 -rw-r--r-- 5 rw /var/run/wireguardd.pid
As soon as I do a
[2.7.1-RELEASE][admin@labgate]/root: /usr/local/bin/php_wg -f /usr/local/pkg/wireguard/includes/wg_service.inc stop
I can start the wireguard gui through the webinterface and php_wg is running:
[2.7.1-RELEASE][admin@labgate]/root: ps aux | grep php_wg root 61681 0.0 2.3 68272 46144 - Ss 21:47 0:00.06 php_wg: WireGuard service (php_wg) root 23988 0.0 0.1 12752 2392 0 S+ 21:51 0:00.00 grep php_wg
-
Ah, interesting. But you only saw this after upgrading to 2.7.1?
This should probably be in a new thread.
-
@stephenw10
Actually it is a fresh install of 2.7.0 and I restored from a backup. Since I immediately updated to 2.7.1 I cannot really tell. Everything worked until the first reboot… -
Ah, well it would be interesting to test that if you can. If this is a new issue in 2.7.1 it's probably not the same as the one you linked to.
-
@stephenw10
I will give it a try and reinstall the machine. Maybe its the same bug in 2.7.0 and 2.7.1… -
It probably is. In which case we have somewhere to start digging and more data points to pin it down. Otherwise if it's a regression in 2.7.1 we need to know about it.
-
@stephenw10
I just checked the 2.7.0 as well. The same error occurs after it's first restart. php-wg is offline but wireguard itself seems to be working. -
Ok so it likely is that same issue. You should add any notes you have there.
-
@stephenw10
Unfortunately I don't have much more to offer. If you want to have a look at the machine just pm me ;-)