Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    some services show can't start

    Scheduled Pinned Locked Moved Plus 23.09 Development Snapshots (Retired)
    131 Posts 5 Posters 47.1k Views 4 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • yon 0Y Offline
      yon 0 @yon 0
      last edited by

      my wireguard config connect to DTLS tunnle local forward to remote server, pfsense service seem can't allow this. but wiregaurd allow this, only pfsense limited it.

      yon 0Y 1 Reply Last reply Reply Quote 0
      • yon 0Y Offline
        yon 0 @yon 0
        last edited by

        pfsense frr bgp session incorrectly monitors the wiregaurd service status according to pfsense and interrupts the connection of frr bgp sessions. In fact, all wiregaurd and frr bgp can be connected normally. The biggest problem at present is a series of errors caused by pfsense. In other words, if there is no pfsense Error limits, everything works fine.

        yon 0Y 1 Reply Last reply Reply Quote 0
        • yon 0Y Offline
          yon 0 @yon 0
          last edited by

          The previous pfsense versions frr bgp will not interrupt bgp sessions due to the wiregaurd service status. I don’t know what code pfsense has changed.

          1 Reply Last reply Reply Quote 0
          • stephenw10S Offline
            stephenw10 Netgate Administrator
            last edited by

            Does pkg update always succeed or did we just happen to see it succeed previously?

            Its very odd that pkg update succeeds and repoc succeeds but pfSense-upgrade fails. And that it fails with an error that implies it cannot find the file. pkg update clearly was able to find it. 🤔

            You should be seeing FRR 9 if you're on the latest beta build.

            yon 0Y 1 Reply Last reply Reply Quote 0
            • yon 0Y Offline
              yon 0 @stephenw10
              last edited by yon 0

              @stephenw10

              pkg update is ok. pfSense-upgrade not normal work.

              i have using frr9. Since frr8- frr9 requires that the fe80:: address must be configured. so wiregaurd need add this fe80:: address.

              How do I now change Pfsense's limit on wiregaurd service status errors? And how to cancel frr bgp sessions to establish a connection based on the wireguard service status?

              The main problem now is that wiregaurd has connected to the tunnel normally, and pfsense mistakenly believes that wiregaurd is not working properly and stops the service. At the same time, frr bgp sessions also stop working.

              i am using the version

              23.09-BETA (amd64)
              built on Fri Oct 13 14:00:00 CST 2023
              FreeBSD 14.0-CURRENT

              1 Reply Last reply Reply Quote 0
              • stephenw10S Offline
                stephenw10 Netgate Administrator
                last edited by

                Ok, as I stated previously, the service that pfSense is checking for is php_wg. So is that actually running? If it isn't is there an error logged when you try to start it?

                yon 0Y 3 Replies Last reply Reply Quote 0
                • yon 0Y Offline
                  yon 0 @stephenw10
                  last edited by

                  @stephenw10 said in some services show can't start:

                  Ok, as I stated previously, the service that pfSense is checking for is php_wg. So is that actually running? If it isn't is there an error logged when you try to start it?

                  how i check the php_wg run? When I use webgui, I can sometimes start the wiregaurd service. But after a while, it will automatically show that the wiregaurd service is stopped. But in fact, wiregaurd is running normally.

                  1 Reply Last reply Reply Quote 0
                  • yon 0Y Offline
                    yon 0 @stephenw10
                    last edited by

                    @stephenw10

                    750112eb-bc41-40ca-9072-863ba0e59a22-image.png

                    1 Reply Last reply Reply Quote 0
                    • yon 0Y Offline
                      yon 0 @stephenw10
                      last edited by

                      @stephenw10

                      Oct 15 03:35:24	check_reload_status	507	Syncing firewall
                      Oct 15 03:35:24	php-fpm	78457	/pkg_edit.php: Configuration Change:
                      Oct 15 03:32:00	sshguard	44701	Now monitoring attacks.
                      Oct 15 03:32:00	sshguard	39046	Exiting on signal.
                      Oct 15 03:25:11	xinetd	6828	Reconfigured: new=0 old=10 dropped=0 (services)
                      Oct 15 03:25:11	xinetd	6828	readjusting service 19007-tcp
                      Oct 15 03:25:11	xinetd	6828	readjusting service 19006-tcp
                      Oct 15 03:25:11	xinetd	6828	readjusting service 19005-udp
                      Oct 15 03:25:11	xinetd	6828	readjusting service 19005-tcp
                      Oct 15 03:25:11	xinetd	6828	readjusting service 19004-udp
                      Oct 15 03:25:11	xinetd	6828	readjusting service 19004-tcp
                      Oct 15 03:25:11	xinetd	6828	readjusting service 19003-tcp
                      Oct 15 03:25:11	xinetd	6828	readjusting service 19002-tcp
                      Oct 15 03:25:11	xinetd	6828	readjusting service 19001-tcp
                      Oct 15 03:25:11	xinetd	6828	readjusting service 19000-tcp
                      Oct 15 03:25:11	xinetd	6828	Swapping defaults
                      Oct 15 03:25:11	xinetd	6828	Starting reconfiguration
                      Oct 15 03:24:53	php-fpm	91277	/rc.dyndns.update: phpDynDNS: Not updating wg A record because the public IP address cannot be determined.
                      Oct 15 03:24:38	php_wg	22802	/usr/local/pkg/wireguard/includes/wg_service.inc: The command '/sbin/route -n6 get 'default' 2>/dev/null | /usr/bin/egrep 'flags: <.*PROTO.*>'' returned exit code '1', the output was ''
                      Oct 15 03:24:38	php_wg	22802	/usr/local/pkg/wireguard/includes/wg_service.inc: Default gateway setting frwg0 as default.
                      Oct 15 03:24:37	php_wg	22802	/usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] Applied package default settings as necessary.
                      Oct 15 03:24:36	check_reload_status	507	Syncing firewall
                      Oct 15 03:24:36	php_wg	22802	/usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] Installed Unbound ACL group (WireGuard).
                      Oct 15 03:24:36	check_reload_status	507	Syncing firewall
                      Oct 15 03:24:36	php_wg	22802	/usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] De-installed Unbound ACL group (WireGuard).
                      Oct 15 03:24:35	check_reload_status	507	Syncing firewall
                      Oct 15 03:24:35	php_wg	22802	/usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] Installed interface group (WireGuard).
                      Oct 15 03:24:34	php_wg	22802	/usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] De-installed interface group (WireGuard).
                      Oct 15 03:24:34	check_reload_status	507	Syncing firewall
                      Oct 15 03:24:34	php_wg	22802	/usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] Installed earlyshellcmd(s).
                      Oct 15 03:24:34	check_reload_status	507	Syncing firewall
                      Oct 15 03:24:33	php_wg	22802	/usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] De-installed earlyshellcmd(s).
                      Oct 15 03:24:30	php_wg	22802	/usr/local/pkg/wireguard/includes/wg_service.inc: Error starting gateway monitor for UKWG
                      Oct 15 03:24:30	php_wg	22802	/usr/local/pkg/wireguard/includes/wg_service.inc: The command '/usr/local/bin/dpinger -S -r 0 -i UKWG -B 10.18.1.2 -p /var/run/dpinger_UKWG~10.18.1.2~10.18.1.1.pid -u /var/run/dpinger_UKWG~10.18.1.2~10.18.1.1.sock -C "/etc/rc.gateway_alarm" -d 1 -s 500 -l 2000 -t 60000 -A 1000 -D 600 -L 80 10.18.1.1 >/dev/null' returned exit code '1', the output was ''
                      Oct 15 03:24:29	php-fpm	8018	/rc.filter_configure_sync: dpinger: No dpinger session running for gateway FRVPN_VPNV4
                      Oct 15 03:24:29	php_wg	22802	/usr/local/pkg/wireguard/includes/wg_service.inc: The command '/sbin/ifconfig tun_wg3 inet6 'fe80::32ed:b7ff:fe85:93d3' -alias' returned exit code '1', the output was 'ifconfig: ioctl (SIOCDIFADDR): Can't assign requested address'
                      Oct 15 03:24:28	php_wg	22802	/usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] Applied package default settings as necessary.
                      Oct 15 03:24:27	check_reload_status	507	Syncing firewall
                      Oct 15 03:24:27	php_wg	22802	/usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] Installed Unbound ACL group (WireGuard).
                      Oct 15 03:24:27	check_reload_status	507	Syncing firewall
                      Oct 15 03:24:27	php_wg	22802	/usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] De-installed Unbound ACL group (WireGuard).
                      Oct 15 03:24:26	check_reload_status	507	Syncing firewall
                      Oct 15 03:24:26	php_wg	22802	/usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] Installed interface group (WireGuard).
                      Oct 15 03:24:25	php_wg	22802	/usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] De-installed interface group (WireGuard).
                      Oct 15 03:24:25	check_reload_status	507	Syncing firewall
                      Oct 15 03:24:25	php_wg	22802	/usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] Installed earlyshellcmd(s).
                      Oct 15 03:24:25	check_reload_status	507	Syncing firewall
                      Oct 15 03:24:24	php_wg	22802	/usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] De-installed earlyshellcmd(s).
                      Oct 15 03:24:22	check_reload_status	507	Reloading filter
                      Oct 15 03:24:22	check_reload_status	507	Restarting OpenVPN tunnels/interfaces
                      Oct 15 03:24:22	check_reload_status	507	Restarting IPsec tunnels
                      Oct 15 03:24:22	check_reload_status	507	updating dyndns WAN_PPPOE
                      Oct 15 03:24:22	rc.gateway_alarm	74567	>>> Gateway alarm: WAN_PPPOE (Addr:10.1.8.1 Alarm:1 RTT:2.320ms RTTsd:.061ms Loss:33%)
                      Oct 15 03:24:21	php_wg	22802	/usr/local/pkg/wireguard/includes/wg_service.inc: Error starting gateway monitor for OPT7GW
                      Oct 15 03:24:21	php_wg	22802	/usr/local/pkg/wireguard/includes/wg_service.inc: The command '/usr/local/bin/dpinger -S -r 0 -i OPT7GW -B 10.17.2.2 -p /var/run/dpinger_OPT7GW~10.17.2.2~10.17.2.1.pid -u /var/run/dpinger_OPT7GW~10.17.2.2~10.17.2.1.sock -C "/etc/rc.gateway_alarm" -d 1 -s 500 -l 2000 -t 60000 -A 1000 -D 600 -L 80 10.17.2.1 >/dev/null' returned exit code '1', the output was ''
                      Oct 15 03:24:21	php_wg	22802	/usr/local/pkg/wireguard/includes/wg_service.inc: The command '/sbin/ifconfig tun_wg5 inet6 'fe80::f291:32ff:fe07:db47' -alias' returned exit code '1', the output was 'ifconfig: ioctl (SIOCDIFADDR): Can't assign requested address'
                      Oct 15 03:24:19	php_wg	22802	/usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] Applied package default settings as necessary.
                      Oct 15 03:24:19	check_reload_status	507	Syncing firewall
                      Oct 15 03:24:18	php_wg	22802	/usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] Installed Unbound ACL group (WireGuard).
                      Oct 15 03:24:18	check_reload_status	507	Syncing firewall
                      Oct 15 03:24:18	php_wg	22802	/usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] De-installed Unbound ACL group (WireGuard).
                      Oct 15 03:24:17	php_wg	22802	/usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] Installed interface group (WireGuard).
                      Oct 15 03:24:17	php_wg	22802	/usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] De-installed interface group (WireGuard).
                      Oct 15 03:24:17	check_reload_status	507	Syncing firewall
                      Oct 15 03:24:16	php_wg	22802	/usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] Installed earlyshellcmd(s).
                      Oct 15 03:24:16	check_reload_status	507	Syncing firewall
                      Oct 15 03:24:16	php_wg	22802	/usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] De-installed earlyshellcmd(s).
                      Oct 15 03:24:13	php_wg	22802	/usr/local/pkg/wireguard/includes/wg_service.inc: Error starting gateway monitor for DEwgGW
                      Oct 15 03:24:13	php_wg	22802	/usr/local/pkg/wireguard/includes/wg_service.inc: The command '/usr/local/bin/dpinger -S -r 0 -i DEwgGW -B 10.11.0.2 -p /var/run/dpinger_DEwgGW~10.11.0.2~10.11.0.1.pid -u /var/run/dpinger_DEwgGW~10.11.0.2~10.11.0.1.sock -C "/etc/rc.gateway_alarm" -d 1 -s 500 -l 2000 -t 60000 -A 1000 -D 600 -L 80 10.11.0.1 >/dev/null' returned exit code '1', the output was ''
                      Oct 15 03:24:13	php_wg	22802	/usr/local/pkg/wireguard/includes/wg_service.inc: The command '/sbin/ifconfig tun_wg4 inet6 'fe80::a9b3:3fff:febe:d75a' -alias' returned exit code '1', the output was 'ifconfig: ioctl (SIOCDIFADDR): Can't assign requested address'
                      Oct 15 03:24:11	php_wg	22802	/usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] Applied package default settings as necessary.
                      
                      yon 0Y 1 Reply Last reply Reply Quote 0
                      • yon 0Y Offline
                        yon 0 @yon 0
                        last edited by

                        Force pfsense to start wiregaurd, but it will stop automatically after a while

                        9f397db1-3469-490f-8d8a-98054d454afb-image.png

                        1 Reply Last reply Reply Quote 0
                        • stephenw10S Offline
                          stephenw10 Netgate Administrator
                          last edited by

                          I would use:

                          [23.09-BETA][admin@6100-3.stevew.lan]/root: ps aux | grep php_wg
                          root    24313   0.0  0.5  69316 44980  -  Ss   21:45     0:00.03 php_wg: WireGuard service (php_wg)
                          root    59822   0.0  0.0  12752  2364  0  S+   21:46     0:00.00 grep php_wg
                          

                          But it looks like you have an actual errors there.

                          It's unable to add the linklocal IPv6 address:

                          Oct 15 03:24:13	php_wg	22802	/usr/local/pkg/wireguard/includes/wg_service.inc: The command '/sbin/ifconfig tun_wg4 inet6 'fe80::a9b3:3fff:febe:d75a' -alias' returned exit code '1', the output was 'ifconfig: ioctl (SIOCDIFADDR): Can't assign requested address'
                          

                          So that likely explains the issues you were seeing with FRR.
                          But also:

                          Oct 15 03:24:38	php_wg	22802	/usr/local/pkg/wireguard/includes/wg_service.inc: The command '/sbin/route -n6 get 'default' 2>/dev/null | /usr/bin/egrep 'flags: <.*PROTO.*>'' returned exit code '1', the output was ''
                          

                          If you run /sbin/route -n6 get 'default' dircetly does it return a valid default route?

                          Is that the last thing logged by the php_wg process before it stops?

                          Steve

                          yon 0Y 3 Replies Last reply Reply Quote 0
                          • yon 0Y Offline
                            yon 0 @stephenw10
                            last edited by

                            @stephenw10

                            I will provide you with the latest php_wg log that I can see. I have tried to delete all fe80: address settings, but the wg service still cannot be started.

                            Oct 15 12:41:33	php_wg	46096	/usr/local/pkg/wireguard/includes/wg_service.inc: The command '/sbin/route -n6 get 'default' 2>/dev/null | /usr/bin/egrep 'flags: <.*PROTO.*>'' returned exit code '1', the output was ''
                            Oct 15 12:41:33	php_wg	46096	/usr/local/pkg/wireguard/includes/wg_service.inc: Default gateway setting frwg0 as default.
                            Oct 15 12:41:32	php_wg	46096	/usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] Applied package default settings as necessary.
                            Oct 15 12:41:31	check_reload_status	1217	Syncing firewall
                            Oct 15 12:41:31	php_wg	46096	/usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] Installed Unbound ACL group (WireGuard).
                            Oct 15 12:41:30	check_reload_status	1217	Syncing firewall
                            Oct 15 12:41:30	php_wg	46096	/usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] De-installed Unbound ACL group (WireGuard).
                            Oct 15 12:41:30	check_reload_status	1217	Syncing firewall
                            Oct 15 12:41:29	php_wg	46096	/usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] Installed interface group (WireGuard).
                            Oct 15 12:41:29	php_wg	46096	/usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] De-installed interface group (WireGuard).
                            Oct 15 12:41:28	check_reload_status	1217	Syncing firewall
                            Oct 15 12:41:28	php_wg	46096	/usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] Installed earlyshellcmd(s).
                            Oct 15 12:41:28	check_reload_status	1217	Syncing firewall
                            Oct 15 12:41:28	php_wg	46096	/usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] De-installed earlyshellcmd(s).
                            Oct 15 12:41:24	php_wg	46096	/usr/local/pkg/wireguard/includes/wg_service.inc: Error starting gateway monitor for UKWG
                            Oct 15 12:41:24	php_wg	46096	/usr/local/pkg/wireguard/includes/wg_service.inc: The command '/usr/local/bin/dpinger -S -r 0 -i UKWG -B 10.18.1.2 -p /var/run/dpinger_UKWG~10.18.1.2~10.18.1.1.pid -u /var/run/dpinger_UKWG~10.18.1.2~10.18.1.1.sock -C "/etc/rc.gateway_alarm" -d 1 -s 500 -l 2000 -t 60000 -A 1000 -D 600 -L 80 10.18.1.1 >/dev/null' returned exit code '1', the output was ''
                            Oct 15 12:41:23	php_wg	46096	/usr/local/pkg/wireguard/includes/wg_service.inc: The command '/sbin/ifconfig tun_wg3 inet6 'fe80::32ed:b7ff:fe85:93d3' -alias' returned exit code '1', the output was 'ifconfig: ioctl (SIOCDIFADDR): Can't assign requested address'
                            Oct 15 12:41:21	check_reload_status	1217	Syncing firewall
                            Oct 15 12:41:21	php_wg	46096	/usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] Applied package default settings as necessary.
                            Oct 15 12:41:20	check_reload_status	1217	Syncing firewall
                            Oct 15 12:41:20	php_wg	46096	/usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] Installed Unbound ACL group (WireGuard).
                            Oct 15 12:41:20	check_reload_status	1217	Syncing firewall
                            Oct 15 12:41:19	php_wg	46096	/usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] De-installed Unbound ACL group (WireGuard).
                            Oct 15 12:41:18	php_wg	46096	/usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] Installed interface group (WireGuard).
                            Oct 15 12:41:18	php_wg	46096	/usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] De-installed interface group (WireGuard).
                            Oct 15 12:41:17	php_wg	46096	/usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] Installed earlyshellcmd(s).
                            Oct 15 12:41:17	check_reload_status	1217	Syncing firewall
                            Oct 15 12:41:17	php_wg	46096	/usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] De-installed earlyshellcmd(s).
                            Oct 15 12:41:12	php_wg	46096	/usr/local/pkg/wireguard/includes/wg_service.inc: Error starting gateway monitor for OPT7GW
                            Oct 15 12:41:12	php_wg	46096	/usr/local/pkg/wireguard/includes/wg_service.inc: The command '/usr/local/bin/dpinger -S -r 0 -i OPT7GW -B 10.17.2.2 -p /var/run/dpinger_OPT7GW~10.17.2.2~10.17.2.1.pid -u /var/run/dpinger_OPT7GW~10.17.2.2~10.17.2.1.sock -C "/etc/rc.gateway_alarm" -d 1 -s 500 -l 2000 -t 60000 -A 1000 -D 600 -L 80 10.17.2.1 >/dev/null' returned exit code '1', the output was ''
                            Oct 15 12:41:12	php_wg	46096	/usr/local/pkg/wireguard/includes/wg_service.inc: The command '/sbin/ifconfig tun_wg5 inet6 'fe80::f291:32ff:fe07:db47' -alias' returned exit code '1', the output was 'ifconfig: ioctl (SIOCDIFADDR): Can't assign requested address'
                            Oct 15 12:41:10	php_wg	46096	/usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] Applied package default settings as necessary.
                            Oct 15 12:41:10	php_wg	46096	/usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] Installed Unbound ACL group (WireGuard).
                            Oct 15 12:41:09	php_wg	46096	/usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] De-installed Unbound ACL group (WireGuard).
                            Oct 15 12:41:08	check_reload_status	1217	Syncing firewall
                            Oct 15 12:41:08	php_wg	46096	/usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] Installed interface group (WireGuard).
                            Oct 15 12:41:08	php_wg	46096	/usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] De-installed interface group (WireGuard).
                            Oct 15 12:41:07	check_reload_status	1217	Syncing firewall
                            Oct 15 12:41:07	php_wg	46096	/usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] Installed earlyshellcmd(s).
                            Oct 15 12:41:07	check_reload_status	1217	Syncing firewall
                            Oct 15 12:41:07	php_wg	46096	/usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] De-installed earlyshellcmd(s).
                            Oct 15 12:41:03	php_wg	46096	/usr/local/pkg/wireguard/includes/wg_service.inc: Error starting gateway monitor for DEwgGW
                            Oct 15 12:41:03	php_wg	46096	/usr/local/pkg/wireguard/includes/wg_service.inc: The command '/usr/local/bin/dpinger -S -r 0 -i DEwgGW -B 10.11.0.2 -p /var/run/dpinger_DEwgGW~10.11.0.2~10.11.0.1.pid -u /var/run/dpinger_DEwgGW~10.11.0.2~10.11.0.1.sock -C "/etc/rc.gateway_alarm" -d 1 -s 500 -l 2000 -t 60000 -A 1000 -D 600 -L 80 10.11.0.1 >/dev/null' returned exit code '1', the output was ''
                            Oct 15 12:41:03	php_wg	46096	/usr/local/pkg/wireguard/includes/wg_service.inc: The command '/sbin/ifconfig tun_wg4 inet6 'fe80::a9b3:3fff:febe:d75a' -alias' returned exit code '1', the output was 'ifconfig: ioctl (SIOCDIFADDR): Can't assign requested address'
                            Oct 15 12:41:01	php_wg	46096	/usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] Applied package default settings as necessary.
                            Oct 15 12:41:00	check_reload_status	1217	Syncing firewall
                            Oct 15 12:41:00	php_wg	46096	/usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] Installed Unbound ACL group (WireGuard).
                            Oct 15 12:41:00	check_reload_status	1217	Syncing firewall
                            Oct 15 12:41:00	php_wg	46096	/usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] De-installed Unbound ACL group (WireGuard).
                            Oct 15 12:40:59	check_reload_status	1217	Syncing firewall
                            Oct 15 12:40:59	php_wg	46096	/usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] Installed interface group (WireGuard).
                            Oct 15 12:40:59	php_wg	46096	/usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] De-installed interface group (WireGuard).
                            Oct 15 12:40:58	check_reload_status	1217	Syncing firewall
                            Oct 15 12:40:58	php_wg	46096	/usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] Installed earlyshellcmd(s).
                            Oct 15 12:40:58	check_reload_status	1217	Syncing firewall
                            Oct 15 12:40:58	php_wg	46096	/usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] De-installed earlyshellcmd(s).
                            Oct 15 12:40:54	php_wg	46096	/usr/local/pkg/wireguard/includes/wg_service.inc: Error starting gateway monitor for wg3GW
                            Oct 15 12:40:54	php_wg	46096	/usr/local/pkg/wireguard/includes/wg_service.inc: The command '/usr/local/bin/dpinger -S -r 0 -i wg3GW -B 10.15.1.2 -p /var/run/dpinger_wg3GW~10.15.1.2~10.15.1.1.pid -u /var/run/dpinger_wg3GW~10.15.1.2~10.15.1.1.sock -C "/etc/rc.gateway_alarm" -d 1 -s 500 -l 2000 -t 60000 -A 1000 -D 600 -L 80 10.15.1.1 >/dev/null' returned exit code '1', the output was ''
                            Oct 15 12:40:53	php_wg	46096	/usr/local/pkg/wireguard/includes/wg_service.inc: The command '/sbin/ifconfig tun_wg2 inet6 'fe80::a833:6fff:fe6c:4985' -alias' returned exit code '1', the output was 'ifconfig: ioctl (SIOCDIFADDR): Can't assign requested address'
                            Oct 15 12:40:52	check_reload_status	1217	Syncing firewall
                            Oct 15 12:40:52	php_wg	46096	/usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] Applied package default settings as necessary.
                            Oct 15 12:40:51	php_wg	46096	/usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] Installed Unbound ACL group (WireGuard).
                            Oct 15 12:40:50	check_reload_status	1217	Syncing firewall
                            Oct 15 12:40:50	php_wg	46096	/usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] De-installed Unbound ACL group (WireGuard).
                            Oct 15 12:40:49	check_reload_status	1217	Syncing firewall
                            Oct 15 12:40:49	php_wg	46096	/usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] Installed interface group (WireGuard).
                            Oct 15 12:40:49	check_reload_status	1217	Syncing firewall
                            Oct 15 12:40:48	php_wg	46096	/usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] De-installed interface group (WireGuard).
                            Oct 15 12:40:48	check_reload_status	1217	Syncing firewall
                            Oct 15 12:40:47	php_wg	46096	/usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] Installed earlyshellcmd(s).
                            Oct 15 12:40:47	check_reload_status	1217	Syncing firewall
                            Oct 15 12:40:47	php_wg	46096	/usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] De-installed earlyshellcmd(s).
                            Oct 15 12:40:43	php_wg	46096	/usr/local/pkg/wireguard/includes/wg_service.inc: Error starting gateway monitor for FMTv
                            Oct 15 12:40:43	php_wg	46096	/usr/local/pkg/wireguard/includes/wg_service.inc: The command '/usr/local/bin/dpinger -S -r 0 -i FMTv -B 10.10.2.2 -p /var/run/dpinger_FMTv~10.10.2.2~10.10.2.1.pid -u /var/run/dpinger_FMTv~10.10.2.2~10.10.2.1.sock -C "/etc/rc.gateway_alarm" -d 1 -s 500 -l 2000 -t 60000 -A 1000 -D 600 -L 80 10.10.2.1 >/dev/null' returned exit code '1', the output was ''
                            Oct 15 12:40:42	php_wg	46096	/usr/local/pkg/wireguard/includes/wg_service.inc: The command '/sbin/ifconfig tun_wg1 inet6 'fe80::32ed:b7ff:fe83:93d3' -alias' returned exit code '1', the output was 'ifconfig: ioctl (SIOCDIFADDR): Can't assign requested address'
                            Oct 15 12:40:41	check_reload_status	1217	Syncing firewall
                            Oct 15 12:40:41	php_wg	46096	/usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] Applied package default settings as necessary.
                            Oct 15 12:40:40	php_wg	46096	/usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] Installed Unbound ACL group (WireGuard).
                            Oct 15 12:40:40	check_reload_status	1217	Syncing firewall
                            Oct 15 12:40:39	php_wg	46096	/usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] De-installed Unbound ACL group (WireGuard).
                            Oct 15 12:40:39	check_reload_status	1217	Syncing firewall
                            Oct 15 12:40:38	php_wg	46096	/usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] Installed interface group (WireGuard).
                            Oct 15 12:40:38	php_wg	46096	/usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] De-installed interface group (WireGuard).
                            Oct 15 12:40:37	check_reload_status	1217	Syncing firewall
                            Oct 15 12:40:37	php_wg	46096	/usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] Installed earlyshellcmd(s).
                            Oct 15 12:40:37	check_reload_status	1217	Syncing firewall
                            Oct 15 12:40:36	php_wg	46096	/usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] De-installed earlyshellcmd(s).
                            Oct 15 12:40:31	php_wg	46096	/usr/local/pkg/wireguard/includes/wg_service.inc: The command '/sbin/ifconfig tun_wg0 inet6 'fe80::981f:60ff:fee9:56d3' -alias' returned exit code '1', the output was 'ifconfig: ioctl (SIOCDIFADDR): Can't assign requested address'
                            Oct 15 12:40:30	php_wg	46096	/usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] Applied package default settings as necessary.
                            Oct 15 12:40:29	check_reload_status	1217	Syncing firewall
                            Oct 15 12:40:29	php_wg	46096	/usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] Installed Unbound ACL group (WireGuard).
                            Oct 15 12:40:28	check_reload_status	1217	Syncing firewall
                            Oct 15 12:40:28	php_wg	46096	/usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] De-installed Unbound ACL group (WireGuard).
                            Oct 15 12:40:27	php_wg	46096	/usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] Installed interface group (WireGuard).
                            Oct 15 12:40:27	php_wg	46096	/usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] De-installed interface group (WireGuard).
                            Oct 15 12:40:27	check_reload_status	1217	Syncing firewall
                            Oct 15 12:40:26	php_wg	46096	/usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] Installed earlyshellcmd(s).
                            Oct 15 12:40:26	check_reload_status	1217	Syncing firewall
                            Oct 15 12:40:26	php_wg	46096	/usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] De-installed earlyshellcmd(s).
                            
                            1 Reply Last reply Reply Quote 0
                            • yon 0Y Offline
                              yon 0 @stephenw10
                              last edited by yon 0

                              @stephenw10 said in some services show can't start:

                              /sbin/route -n6 get 'default'

                              [23.09-BETA][admin@]/root: /sbin/route -n6 get 'default'
                              route: route has not been found: No error: 0
                              [23.09-BETA][admin@]/root:
                              

                              i have upgrade pfsense to new version:

                              23.09-BETA (amd64)
                              built on Sun Oct 15 0:18:00 CST 2023
                              FreeBSD 14.0-CURRENT

                              yon 0Y 1 Reply Last reply Reply Quote 0
                              • yon 0Y Offline
                                yon 0 @yon 0
                                last edited by

                                i can via ssh cli command add fe80 address, why pfsense can't add it?

                                /sbin/ifconfig tun_wg4 inet6 fe80::a9b3:3fff:febe:d75a
                                
                                tun_wg4: flags=10080c1<UP,RUNNING,NOARP,MULTICAST,LOWER_UP> metric 0 mtu 1350
                                	description: DEwg
                                	options=80000<LINKSTATE>
                                	inet 10.11.0.2 netmask 0xffffff00
                                	inet6 2602:fed:7022:b::11 prefixlen 127
                                	inet6 fe80::a9b3:3fff:febe:d75a%tun_wg4 prefixlen 64 scopeid 0xc
                                	groups: wg WireGuard
                                	nd6 options=101<PERFORMNUD,NO_DAD>
                                
                                stephenw10S 1 Reply Last reply Reply Quote 0
                                • yon 0Y Offline
                                  yon 0 @stephenw10
                                  last edited by yon 0

                                  @stephenw10

                                  One of the causes of the problem was found. When I manually added the fe80:: address to the wiregaurd interface using the command, frr bgp sessions resumed working. The reason was that the new version of pfsenese restricted the addition of fe80 addresses.

                                  from frr8 start, must use linklocal IPv6 address for each interface.

                                  yon 0Y 1 Reply Last reply Reply Quote 0
                                  • yon 0Y Offline
                                    yon 0 @yon 0
                                    last edited by

                                    Screenshot of 504 Gateway Time-out.jpg

                                    bd509e7d-2fc7-4fb6-97e7-e634fe444198-image.png

                                    1 Reply Last reply Reply Quote 0
                                    • yon 0Y Offline
                                      yon 0 @stephenw10
                                      last edited by

                                      @stephenw10 said in some services show can't start:

                                      @stephenw10 said in some services show can't start:

                                      Ok, that is a bug I can easily replicate that.

                                      https://redmine.pfsense.org/issues/14870

                                      Changing the firewall gateway cannot take effect.

                                      12633560-705b-40df-8db1-0d29a5c28a21-image.png

                                      johnpozJ 1 Reply Last reply Reply Quote 0
                                      • johnpozJ Offline
                                        johnpoz LAYER 8 Global Moderator @yon 0
                                        last edited by

                                        @yon-0 504 timeout.. The box has a load of 10 on it.. That for sure can not be normal - if it is this box is so undersized for what your wanting to do with it its pretty much useless..

                                        An intelligent man is sometimes forced to be drunk to spend time with his fools
                                        If you get confused: Listen to the Music Play
                                        Please don't Chat/PM me for help, unless mod related
                                        SG-4860 25.07.1 | Lab VMs 2.8.1, 25.07.1

                                        yon 0Y 1 Reply Last reply Reply Quote 0
                                        • stephenw10S Offline
                                          stephenw10 Netgate Administrator @yon 0
                                          last edited by

                                          @yon-0 said in some services show can't start:

                                          i can via ssh cli command add fe80 address, why pfsense can't add it?

                                          /sbin/ifconfig tun_wg4 inet6 fe80::a9b3:3fff:febe:d75a

                                          Can you add it as an alias like the wg script tries to? -alias

                                          When there is no v6 IP on the interface already.

                                          yon 0Y 1 Reply Last reply Reply Quote 0
                                          • yon 0Y Offline
                                            yon 0 @johnpoz
                                            last edited by

                                            @johnpoz said in some services show can't start:

                                            @yon-0 504 timeout.. The box has a load of 10 on it.. That for sure can not be normal - if it is this box is so undersized for what your wanting to do with it its pretty much useless..

                                            It is a dedicated server ,with enough spare resources . opnsense running normal now, only pfsense timeout

                                            johnpozJ 1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.