Project

General

Profile

Actions

Bug #14613

open

Incorrect wireguard control panel status management

Added by hao zhang over 1 year ago. Updated 11 months ago.

Status:
New
Priority:
Normal
Category:
WireGuard
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Default
Affected Version:
2.7.0
Affected Architecture:

Description


Wireguard can still be clicked on to start while in the boot state and is unresponsive when clicked on, making wireguard uncontrollable.
pfsense2.7
pfSense-pkg-WireGuard 0.2.0_2


Files

Actions #1

Updated by hao zhang over 1 year ago

Meanwhile, in this state, although it shows that the peer is connected, it is not actually able to communicate

Actions #2

Updated by hao zhang over 1 year ago

I reinstalled pfsense and ran into this problem again
I have 3 tunnel, 5 peers and each tunnel is assigned interface
When using wireguard, I installed it once and uninstalled it once, and after completing the wireguard configuration, restarting pfsense gives me this problem
Reinstalling wireguard in the plugin manager restores it

Actions #3

Updated by hao zhang over 1 year ago

I do it manually with ssh
/usr/local/bin/php_wg -f /usr/local/pkg/wireguard/includes/wg_service.inc stop
then web UI can be controlled

Actions #4

Updated by hao zhang about 1 year ago

I checked /var/run/wireguardd.pid before rebooting and it was 22536.
After that I rebooted the pfsense.
After reboot /var/run/wireguardd.pid changed to 52579 but the pid is not found in top.
And the process php_wg is not found.
But running /usr/local/bin/php_wg -f /usr/local/pkg/wireguard/includes/wg_service.inc start
The WireGuard service is already running.
So I'm assuming that wireguard is already running, but for some reason it crashed and the wireguard control program didn't recognize the state of wireguard correctly.
I checked wg_is_service_running() in /usr/local/pkg/wireguard/includes/wg_service.inc, and the $wouldblock of this function returns true when php_wg doesn't exist, and I found out that it's dpinger after fstat. The /var/run/wireguardd.pid is occupied.

But I can't find the reason why php_wg crashes on startup
I can't find any logs in the system logs, how do I turn on the wireguard logs?

Actions #5

Updated by hao zhang about 1 year ago

After running
/usr/local/bin/php_wg -f /usr/local/pkg/wireguard/includes/wg_service.inc stop
fstat shows that /var/run/wireguardd.pid has been unoccupied

Actions #6

Updated by hao zhang about 1 year ago

You can only enable wiregtuard by starting it in the web gui.
After starting with the script /usr/local/bin/php_wg -f /usr/local/pkg/wireguard/includes/wg_service.inc
Symptoms are the same as at startup, but I don't know php very well, so I can't find the actual call from web gui to start the wireguard process.
I'm guessing this is why the problem occurs.

Actions #7

Updated by Johannes Rohde about 1 year ago

I can second this bug on pfsense ce 2.7.1. It seems to have something to do with a missing ipv6 gateway. Please refer to https://forum.netgate.com/topic/183372/some-services-show-can-t-start/117?_=1700424014535

Actions #8

Updated by Johannes Rohde about 1 year ago

I can get php_wg to work again as well as soon as I make a change to an interface within the gui. That fixes the wireguard gui as well. I can second that there is not much in the logs to shed any light on why php_wg is not starting even when triggered through the gui.

All our wireguard tunnels are associated with an interface as well. As soon as I remove the interfaces the error is gone as well. Unfortunately we need them in production though.

The error might affect 23.09 as well (refer to forum post).

Actions #9

Updated by hao zhang about 1 year ago

Johannes Rohde wrote in #note-7:

I can second this bug on pfsense ce 2.7.1. It seems to have something to do with a missing ipv6 gateway. Please refer to https://forum.netgate.com/topic/183372/some-services-show-can-t-start/117?_=1700424014535



My ipv6 address should be normal and I can use ipv6, although pfsense doesn't seem to recognize the prefix correctly, making npt unusable

Actions #10

Updated by hao zhang 11 months ago

The 2.7.2 bug seems to have been fixed. I upgraded from 2.7 to 2.7.2 and restarted. The bug did not recur. I will continue to observe this issue.

Actions

Also available in: Atom PDF