Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    some services show can't start

    Scheduled Pinned Locked Moved Plus 23.09 Development Snapshots (Retired)
    131 Posts 5 Posters 47.1k Views 4 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • yon 0Y Offline
      yon 0 @stephenw10
      last edited by

      @stephenw10

      The settings are brought over from the 23.05 configuration.

      Maybe I found the reason why starting wg service cannot be displayed.

      when setup wiregaurd endpoint address use pfsense LAN gateway ipv6 address, then pfsense show can't start wiregaurd service.

      Could you try test this?

      1 Reply Last reply Reply Quote 0
      • stephenw10S Offline
        stephenw10 Netgate Administrator
        last edited by

        So you were adding the IPv6 LL addresses as IPAliases VIPs in 23.05.1 also?

        Is the LAN IPv6 address not valid?

        yon 0Y 1 Reply Last reply Reply Quote 0
        • yon 0Y Offline
          yon 0 @stephenw10
          last edited by

          @stephenw10 said in some services show can't start:

          So you were adding the IPv6 LL addresses as IPAliases VIPs in 23.05.1 also?
          yes.

          Is the LAN IPv6 address not valid?
          when wireguard endpoint input Lan ip, then pfsense can't start wg service. but in fact wg is normal running.
          i have try deleted endpoint LAN ip, only use 127.0.0.1 ,then pfsense may start wg service.

          1 Reply Last reply Reply Quote 0
          • stephenw10S Offline
            stephenw10 Netgate Administrator
            last edited by

            Right but the LAN IPv6 address it's set to use is a valid address at the time WG tries to start?

            yon 0Y 1 Reply Last reply Reply Quote 0
            • yon 0Y Offline
              yon 0 @stephenw10
              last edited by

              @stephenw10 said in some services show can't start:

              Right but the LAN IPv6 address it's set to use is a valid address at the time WG tries to start?

              yes, it is public ipv6 valid address.

              yon 0Y 1 Reply Last reply Reply Quote 0
              • yon 0Y Offline
                yon 0 @yon 0
                last edited by

                use 127.0.0.1 wg endpoint address can't start service also now.

                23.09-BETA (amd64)
                built on Wed Oct 18 14:00:00 CST 2023
                FreeBSD 14.0-CURRENT

                Oct 18 22:05:57	php_wg	48848	/usr/local/pkg/wireguard/includes/wg_service.inc: The command '/sbin/route -n6 get 'default' 2>/dev/null | /usr/bin/egrep 'flags: <.*PROTO.*>'' returned exit code '1', the output was ''
                Oct 18 22:05:57	php_wg	48848	/usr/local/pkg/wireguard/includes/wg_service.inc: Default gateway setting frwg0 as default.
                Oct 18 22:05:55	check_reload_status	1217	Syncing firewall
                Oct 18 22:05:54	php_wg	48848	/usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] Applied package default settings as necessary.
                Oct 18 22:05:53	php_wg	48848	/usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] Installed Unbound ACL group (WireGuard).
                Oct 18 22:05:52	php_wg	48848	/usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] De-installed Unbound ACL group (WireGuard).
                Oct 18 22:05:51	php_wg	48848	/usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] Installed interface group (WireGuard).
                Oct 18 22:05:50	php_wg	48848	/usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] De-installed interface group (WireGuard).
                Oct 18 22:05:49	php_wg	48848	/usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] Installed earlyshellcmd(s).
                Oct 18 22:05:48	check_reload_status	1217	Syncing firewall
                Oct 18 22:05:48	php_wg	48848	/usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] De-installed earlyshellcmd(s).
                Oct 18 22:05:40	php_wg	48848	/usr/local/pkg/wireguard/includes/wg_service.inc: Error starting gateway monitor for UKWG
                Oct 18 22:05:40	php_wg	48848	/usr/local/pkg/wireguard/includes/wg_service.inc: The command '/usr/local/bin/dpinger -S -r 0 -i UKWG -B 10.18.1.2 -p /var/run/dpinger_UKWG~10.18.1.2~10.18.1.1.pid -u /var/run/dpinger_UKWG~10.18.1.2~10.18.1.1.sock -C "/etc/rc.gateway_alarm" -d 1 -s 500 -l 2000 -t 60000 -A 1000 -D 600 -L 80 10.18.1.1 >/dev/null' returned exit code '1', the output was ''
                Oct 18 22:05:40	php-fpm	60021	/rc.filter_configure_sync: dpinger: No dpinger session running for gateway wg0GW
                Oct 18 22:05:39	php-fpm	60021	/rc.filter_configure_sync: dpinger: No dpinger session running for gateway FMTZHU
                Oct 18 22:05:39	php-fpm	60021	/rc.filter_configure_sync: dpinger: No dpinger session running for gateway DEwg
                Oct 18 22:05:37	check_reload_status	1217	Syncing firewall
                Oct 18 22:05:37	php_wg	48848	/usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] Applied package default settings as necessary.
                Oct 18 22:05:35	php_wg	48848	/usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] Installed Unbound ACL group (WireGuard).
                Oct 18 22:05:35	php_wg	48848	/usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] De-installed Unbound ACL group (WireGuard).
                Oct 18 22:05:33	php_wg	48848	/usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] Installed interface group (WireGuard).
                Oct 18 22:05:33	php_wg	48848	/usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] De-installed interface group (WireGuard).
                Oct 18 22:05:32	php_wg	48848	/usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] Installed earlyshellcmd(s).
                Oct 18 22:05:32	check_reload_status	1217	Syncing firewall
                Oct 18 22:05:32	php_wg	48848	/usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] De-installed earlyshellcmd(s).
                Oct 18 22:05:26	php_wg	48848	/usr/local/pkg/wireguard/includes/wg_service.inc: Error starting gateway monitor for OPT7GW
                Oct 18 22:05:26	php_wg	48848	/usr/local/pkg/wireguard/includes/wg_service.inc: The command '/usr/local/bin/dpinger -S -r 0 -i OPT7GW -B 10.17.2.2 -p /var/run/dpinger_OPT7GW~10.17.2.2~10.17.2.1.pid -u /var/run/dpinger_OPT7GW~10.17.2.2~10.17.2.1.sock -C "/etc/rc.gateway_alarm" -d 1 -s 500 -l 2000 -t 60000 -A 1000 -D 600 -L 80 10.17.2.1 >/dev/null' returned exit code '1', the output was ''
                Oct 18 22:05:26	php-fpm	60021	/rc.filter_configure_sync: dpinger: No dpinger session running for gateway wg0GW
                Oct 18 22:05:26	php-fpm	60021	/rc.filter_configure_sync: dpinger: No dpinger session running for gateway WAN_PPPOE
                Oct 18 22:05:24	php_wg	48848	/usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] Applied package default settings as necessary.
                Oct 18 22:05:23	php_wg	48848	/usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] Installed Unbound ACL group (WireGuard).
                Oct 18 22:05:22	php_wg	48848	/usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] De-installed Unbound ACL group (WireGuard).
                Oct 18 22:05:21	check_reload_status	1217	Syncing firewall
                Oct 18 22:05:21	php_wg	48848	/usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] Installed interface group (WireGuard).
                Oct 18 22:05:21	php_wg	48848	/usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] De-installed interface group (WireGuard).
                Oct 18 22:05:20	check_reload_status	1217	Syncing firewall
                Oct 18 22:05:20	php_wg	48848	/usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] Installed earlyshellcmd(s).
                Oct 18 22:05:20	check_reload_status	1217	Syncing firewall
                Oct 18 22:05:19	php_wg	48848	/usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] De-installed earlyshellcmd(s).
                Oct 18 22:05:12	php_wg	48848	/usr/local/pkg/wireguard/includes/wg_service.inc: Error starting gateway monitor for DEwgGW
                Oct 18 22:05:12	php_wg	48848	/usr/local/pkg/wireguard/includes/wg_service.inc: The command '/usr/local/bin/dpinger -S -r 0 -i DEwgGW -B 10.11.0.2 -p /var/run/dpinger_DEwgGW~10.11.0.2~10.11.0.1.pid -u /var/run/dpinger_DEwgGW~10.11.0.2~10.11.0.1.sock -C "/etc/rc.gateway_alarm" -d 1 -s 500 -l 2000 -t 60000 -A 1000 -D 600 -L 80 10.11.0.1 >/dev/null' returned exit code '1', the output was ''
                Oct 18 22:05:05	php_wg	48848	/usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] Applied package default settings as necessary.
                Oct 18 22:05:04	php_wg	48848	/usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] Installed Unbound ACL group (WireGuard).
                Oct 18 22:05:03	check_reload_status	1217	Syncing firewall
                Oct 18 22:05:03	php_wg	48848	/usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] De-installed Unbound ACL group (WireGuard).
                Oct 18 22:05:01	check_reload_status	1217	Syncing firewall
                Oct 18 22:05:01	php_wg	48848	/usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] Installed interface group (WireGuard).
                Oct 18 22:05:00	check_reload_status	1217	Syncing firewall
                Oct 18 22:04:59	php_wg	48848	/usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] De-installed interface group (WireGuard).
                Oct 18 22:04:58	check_reload_status	1217	Syncing firewall
                Oct 18 22:04:57	php_wg	48848	/usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] Installed earlyshellcmd(s).
                Oct 18 22:04:57	check_reload_status	1217	Syncing firewall
                Oct 18 22:04:57	php_wg	48848	/usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] De-installed earlyshellcmd(s).
                Oct 18 22:04:49	php_wg	48848	/usr/local/pkg/wireguard/includes/wg_service.inc: Error starting gateway monitor for wg3GW
                Oct 18 22:04:49	php_wg	48848	/usr/local/pkg/wireguard/includes/wg_service.inc: The command '/usr/local/bin/dpinger -S -r 0 -i wg3GW -B 10.15.1.2 -p /var/run/dpinger_wg3GW~10.15.1.2~10.15.1.1.pid -u /var/run/dpinger_wg3GW~10.15.1.2~10.15.1.1.sock -C "/etc/rc.gateway_alarm" -d 1 -s 500 -l 2000 -t 60000 -A 1000 -D 600 -L 80 10.15.1.1 >/dev/null' returned exit code '1', the output was ''
                Oct 18 22:04:48	php-fpm	60021	/rc.filter_configure_sync: dpinger: No dpinger session running for gateway wg3GW
                Oct 18 22:04:48	php-fpm	60021	/rc.filter_configure_sync: dpinger: No dpinger session running for gateway wg0
                Oct 18 22:04:48	php-fpm	60021	/rc.filter_configure_sync: dpinger: No dpinger session running for gateway wg0GW
                
                yon 0Y 1 Reply Last reply Reply Quote 0
                • yon 0Y Offline
                  yon 0 @yon 0
                  last edited by

                  Filter Reload
                  There were error(s) loading the rules: /tmp/rules.debug:198: syntax error - The line in question reads [198]: binat on pppoe2 inet from to any -> 10.1.7.12
                  @ 2023-10-24 00:11:20
                  There were error(s) loading the rules: /tmp/rules.debug:198: syntax error - The line in question reads [198]: binat on pppoe2 inet from to any -> 10.1.7.12
                  @ 2023-10-24 00:12:14
                  There were error(s) loading the rules: /tmp/rules.debug:198: syntax error - The line in question reads [198]: binat on pppoe2 inet from to any -> 10.1.7.12
                  @ 2023-10-24 00:13:08
                  There were error(s) loading the rules: /tmp/rules.debug:198: syntax error - The line in question reads [198]: binat on pppoe2 inet from to any -> 10.1.7.12

                  M 1 Reply Last reply Reply Quote 0
                  • stephenw10S Offline
                    stephenw10 Netgate Administrator
                    last edited by

                    What address is that mapping supposed to be from?

                    yon 0Y 1 Reply Last reply Reply Quote 0
                    • yon 0Y Offline
                      yon 0 @stephenw10
                      last edited by

                      @stephenw10

                      no setup Port Forward for pppoe2. I don't know where this comes from either.

                      1 Reply Last reply Reply Quote 0
                      • stephenw10S Offline
                        stephenw10 Netgate Administrator
                        last edited by

                        It's a 1:1 NAT rule.

                        Do you have any 1:1 NAT rules? Perhaps the interface got switched out somehow.

                        1 Reply Last reply Reply Quote 0
                        • M Offline
                          marcosm Netgate @yon 0
                          last edited by marcosm

                          @yon-0 said in some services show can't start:

                          Filter Reload
                          There were error(s) loading the rules: /tmp/rules.debug:198: syntax error - The line in question reads [198]: binat on pppoe2 inet from to any -> 10.1.7.12
                          @ 2023-10-24 00:11:20
                          There were error(s) loading the rules: /tmp/rules.debug:198: syntax error - The line in question reads [198]: binat on pppoe2 inet from to any -> 10.1.7.12
                          @ 2023-10-24 00:12:14
                          There were error(s) loading the rules: /tmp/rules.debug:198: syntax error - The line in question reads [198]: binat on pppoe2 inet from to any -> 10.1.7.12
                          @ 2023-10-24 00:13:08
                          There were error(s) loading the rules: /tmp/rules.debug:198: syntax error - The line in question reads [198]: binat on pppoe2 inet from to any -> 10.1.7.12

                          Thank you for reporting this. The fix should be in the next snapshot. See https://redmine.pfsense.org/issues/14918

                          If that fixes it for you, please let us know here or on the redmine report.

                          yon 0Y 2 Replies Last reply Reply Quote 0
                          • yon 0Y Offline
                            yon 0 @marcosm
                            last edited by

                            Services: Shellcmd

                            I added 6 shellcmd configurations, but when the system restarts, the 5th-6th shellcmd configurations cannot be executed.

                            554fac3a-c7af-4af4-b13a-dca0860e727b-image.png

                            1 Reply Last reply Reply Quote 0
                            • yon 0Y Offline
                              yon 0 @marcosm
                              last edited by

                              @marcosm said in some services show can't start:

                              @yon-0 said in some services show can't start:

                              Filter Reload
                              There were error(s) loading the rules: /tmp/rules.debug:198: syntax error - The line in question reads [198]: binat on pppoe2 inet from to any -> 10.1.7.12
                              @ 2023-10-24 00:11:20
                              There were error(s) loading the rules: /tmp/rules.debug:198: syntax error - The line in question reads [198]: binat on pppoe2 inet from to any -> 10.1.7.12
                              @ 2023-10-24 00:12:14
                              There were error(s) loading the rules: /tmp/rules.debug:198: syntax error - The line in question reads [198]: binat on pppoe2 inet from to any -> 10.1.7.12
                              @ 2023-10-24 00:13:08
                              There were error(s) loading the rules: /tmp/rules.debug:198: syntax error - The line in question reads [198]: binat on pppoe2 inet from to any -> 10.1.7.12

                              Thank you for reporting this. The fix should be in the next snapshot. See https://redmine.pfsense.org/issues/14918

                              If that fixes it for you, please let us know here or on the redmine report.

                              ok. Let me observe.

                              yon 0Y 1 Reply Last reply Reply Quote 0
                              • yon 0Y Offline
                                yon 0 @yon 0
                                last edited by

                                System startup can't be completed in this version, but it does not affect the use of webgui.

                                23.09-BETA (amd64)
                                built on Tue Oct 24 1:01:00 CST 2023
                                FreeBSD 14.0-CURRENT

                                882ba54c-6478-4812-bea3-3f1c823146fa-image.png

                                yon 0Y 2 Replies Last reply Reply Quote 0
                                • yon 0Y Offline
                                  yon 0 @yon 0
                                  last edited by

                                  23.09-BETA (amd64)
                                  built on Tue Oct 24 1:01:00 CST 2023
                                  FreeBSD 14.0-CURRENT

                                  Unable to route over WAN

                                  73bdc247-59e8-437b-88d2-a8dda088d4ae-image.png

                                  1 Reply Last reply Reply Quote 0
                                  • yon 0Y Offline
                                    yon 0 @yon 0
                                    last edited by yon 0

                                    firewall bug

                                    When I change the firewall to go out from the designated gateway, the firewall does not actually take effect.

                                    eg: LAN via vpn route out, but some 10.50.2.50 via WAN, the via wan can't work.

                                    The reload page always gets stuck
                                    44c19ea0-a000-4865-a2a6-3accc2c0c629-image.png

                                    1 Reply Last reply Reply Quote 0
                                    • stephenw10S Offline
                                      stephenw10 Netgate Administrator
                                      last edited by

                                      What happens if you try to reload it at the CLI:
                                      pfctl -v -f /tmp/rules.debug

                                      If it's gets stuck where does it stick?

                                      yon 0Y 2 Replies Last reply Reply Quote 0
                                      • yon 0Y Offline
                                        yon 0 @stephenw10
                                        last edited by yon 0

                                        @stephenw10 said in some services show can't start:

                                        pfctl -v -f /tmp/rules.debug

                                        GWZHUVP_VPNV4 = " route-to ( ovpnc5 10.15.0.1 ) "
                                        GWSEAVPN_VPNV6 = " "
                                        GWSEAVPN_VPNV4 = " "
                                        GWUKWG = " route-to ( tun_wg3 10.18.1.1 ) "

                                        GWvp = " route-to { ( ovpnc12 10.16.0.1 ) ( ovpnc5 10.15.0.1 ) } round-robin "
                                        GWFRVP = " route-to { ( ovpnc12 10.16.0.1 ) } "
                                        GWEUv4 = " route-to { ( ovpnc12 10.16.0.1 ) } "
                                        GWUSv4 = " route-to { ( ovpnc5 10.15.0.1 ) } "
                                        set loginterface vtnet1
                                        set skip on { pfsync0 }
                                        /tmp/rules.debug:194: syntax error
                                        tonatsubnets = "{ 127.0.0.0/8 ::1/128 10.50.0.0/16 }"
                                        /tmp/rules.debug:593: syntax error
                                        pfctl: Syntax error in config file: pf rules not loaded

                                        1 Reply Last reply Reply Quote 0
                                        • yon 0Y Offline
                                          yon 0 @stephenw10
                                          last edited by

                                          @stephenw10 said in some services show can't start:

                                          What happens if you try to reload it at the CLI:
                                          pfctl -v -f /tmp/rules.debug

                                          If it's gets stuck where does it stick?

                                          When I change the firewall to go out from the designated gateway and saved, then show that.

                                          1 Reply Last reply Reply Quote 0
                                          • stephenw10S Offline
                                            stephenw10 Netgate Administrator
                                            last edited by

                                            Ok what's on lines 194 and 593 in the file?

                                            yon 0Y 1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.