Messages

An error message about the server names not being unique would have been helpful.

[unique]

3. In the servers section you will want to  add a new server, Type in a unique name for the the server and then paste the SDNS ID (you do not need the sdns://) then Save it.  Repeat this for each server you wish to use. Make sure you note the names of the servers since you will need it for the next step

You nailed it! I had a bunch of servers listed on the server tab...but not all of them were unique! I removed all of them... and just left 1 server and added that name to the server list section on the general tab...and bam! The service started!

Thank you so much @mpoldphone191!!!

I don't have mdns installed, but tried changing the port anyway... I tried 5354 and 53153 and there's no difference. The service still won't start.

I am running version OPNsense 25.7.10 (which is the latest as of this post). I decide to try DNSCrypt version 1.16 for the first time. The service simply won't start. I've made sure the port is not in use. I am using port 5353. I have enabled DNSCrypt ... and when I try to start the service... the "please wait" bar just flashes and the service does not start.

The log/General, log/Queries and log/NX are empty.

System/Log files/General does not show any DNSCrypt error and neither does "backend".

The /var/log/dnscrypt-proxy directory is empty.

I am at a loss here.. maybe this plugin is not compatible with 25.7.10?

Any help or guidenance would be most appreciated!

@Fright You nailed it! Once I added a DNS (1.1.1.1) to the SYSTEM: SETTINGS: GENERAL -> Networking section, HA Proxy was happy and started nicely.

I remember taking that out... because it broke something else.

I'll leave it in for now and see how it goes.

Thanks so much for your help!

I'll assume that you didn't specify the DNS server addresses at SYSTEM: SETTINGS: GENERAL ->Networking

That's correct. It's empty.

can you share the Config Diff?

Sure:

-- /usr/local/etc/haproxy.conf   2024-03-16 19:02:46.607322000 -0400
+++ /usr/local/etc/haproxy.conf.staging   2024-03-17 11:10:00.222676000 -0400
@@ -3,6 +3,9 @@
# Do not edit this file manually.
#

+#
+# NOTE: HAProxy is currently DISABLED
+#
global
     uid                         80
     gid                         80

syncCerts.py and socketCommand.py errors are not the cause, but a consequence of the HAProxy does not work (and it is not possible to establish a control connection)
can you try to make some config of real/backend servers and apply it?

I added some quick info to the real server section and when I applied it, I get this error messages:

The HAProxy service may not be able to start due to critical errors. Run syntax check for further details or review the changes in the Configuration Diff.

It appears that I am missing the

haproxy.socket

in /var/run. I guess its not being created? for some reason.

/usr/local/opnsense/scripts/OPNsense/HAProxy/socketCommand.py show-servers --output bootstrap --page-rows '10' --page '1' --search '' --sort-col '' --sort-dir ''
While talking to /var/run/haproxy.socket: [Errno 2] No such file or directory
Traceback (most recent call last):
  File "/usr/local/opnsense/scripts/OPNsense/HAProxy/socketCommand.py", line 146, in <module>
    con = HaPConn(SOCKET)
  File "/usr/local/lib/python3.9/site-packages/haproxy/conn.py", line 51, in __init__
    self.open()
  File "/usr/local/lib/python3.9/site-packages/haproxy/conn.py", line 60, in open
    self.sock.connect(sfile)
FileNotFoundError: [Errno 2] No such file or directory

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/local/opnsense/scripts/OPNsense/HAProxy/socketCommand.py", line 156, in <module>
    if args['debug']:
TypeError: 'Namespace' object is not subscriptable

I did notice that if I try to execute the commands from the CLI, I get these messages:

/usr/local/opnsense/scripts/OPNsense/HAProxy/syncCerts.py actions --output bootgrid --page-rows '10' --page '1' --search '' --sort-col '' --sort-dir ''
Traceback (most recent call last):
  File "/usr/local/opnsense/scripts/OPNsense/HAProxy/syncCerts.py", line 723, in <module>
    diff = Diff(crt_lists=crt_lists, **vars(args))
  File "/usr/local/opnsense/scripts/OPNsense/HAProxy/syncCerts.py", line 49, in __init__
    self._transactions = self._get_transactions()
  File "/usr/local/opnsense/scripts/OPNsense/HAProxy/syncCerts.py", line 142, in _get_transactions
    return self._execute_remote_cmd(cmds.showSslCerts)['transaction']
  File "/usr/local/opnsense/scripts/OPNsense/HAProxy/syncCerts.py", line 23, in _execute_remote_cmd
    con = HaPConn(self.socket)
  File "/usr/local/lib/python3.9/site-packages/haproxy/conn.py", line 51, in __init__
    self.open()
  File "/usr/local/lib/python3.9/site-packages/haproxy/conn.py", line 60, in open
    self.sock.connect(sfile)
FileNotFoundError: [Errno 2] No such file or directory

Sure... but there's not much to it.

#
# Automatically generated configuration.
# Do not edit this file manually.
#

#
# NOTE: HAProxy is currently DISABLED
#
global
    uid                         80
    gid                         80
    chroot                      /var/haproxy
    daemon
    stats                       socket /var/run/haproxy.socket group proxy mode 775 level admin
    nbthread                    1
    hard-stop-after             60s
    no strict-limits
    httpclient.resolvers.prefer   ipv4
    tune.ssl.default-dh-param   2048
    spread-checks               2
    tune.bufsize                16384
    tune.lua.maxmem             0
    log                         /var/run/log local0 info
    lua-prepend-path            /tmp/haproxy/lua/?.lua

defaults
    log     global
    option redispatch -1
    timeout client 30s
    timeout connect 30s
    timeout server 30s
    retries 3
    default-server init-addr last,libc

# autogenerated entries for ACLs


# autogenerated entries for config in backends/frontends

# autogenerated entries for stats






# statistics are DISABLED

I found some of these error messages in the OPNsense log:

cript action failed with Command '/usr/local/opnsense/scripts/OPNsense/HAProxy/syncCerts.py actions --output bootgrid --page-rows '10' --page '1' --search '' --sort-col '' --sort-dir ''' returned non-zero exit status 1. at Traceback (most recent call last): File "/usr/local/opnsense/service/modules/actions/script_output.py", line 44, in execute subprocess.check_call(script_command, env=self.config_environment, shell=True, File "/usr/local/lib/python3.9/subprocess.py", line 373, in check_call raise CalledProcessError(retcode, cmd) subprocess.CalledProcessError: Command '/usr/local/opnsense/scripts/OPNsense/HAProxy/syncCerts.py actions --output bootgrid --page-rows '10' --page '1' --search '' --sort-col '' --sort-dir ''' returned non-zero exit status 1.

cript action failed with Command '/usr/local/opnsense/scripts/OPNsense/HAProxy/socketCommand.py show-servers --output bootstrap --page-rows '10' --page '1' --search '' --sort-col '' --sort-dir ''' returned non-zero exit status 1. at Traceback (most recent call last): File "/usr/local/opnsense/service/modules/actions/script_output.py", line 44, in execute subprocess.check_call(script_command, env=self.config_environment, shell=True, File "/usr/local/lib/python3.9/subprocess.py", line 373, in check_call raise CalledProcessError(retcode, cmd) subprocess.CalledProcessError: Command '/usr/local/opnsense/scripts/OPNsense/HAProxy/socketCommand.py show-servers --output bootstrap --page-rows '10' --page '1' --search '' --sort-col '' --sort-dir ''' returned non-zero exit status 1.

Looks like I have some kind of python problem?

Hi All,

I wanted to start playing around with HAProxy...but I can't get it to start. I haven't created anything yet.

When I enable the service and hit apply, I get this message:

The HAProxy service may not be able to start due to critical errors. Try anyway?


So, I try "Save & Test syntax" and get this error message:

[NOTICE] (78455) : haproxy version is 2.8.7-1a82cdf
[NOTICE] (78455) : path to executable is /usr/local/sbin/haproxy
[ALERT] (78455) : config : Proxy '<OCSP-UPDATE>': Can't find resolvers section 'default' for do-resolve action.
[ALERT] (78455) : config : Proxy '<HTTPCLIENT>': Can't find resolvers section 'default' for do-resolve action.
[ALERT] (78455) : config : Fatal errors found in configuration.

I may have played around the haproxy years ago... but there nothing in my current config... maybe something file/setting has hung around from years ago?

Googling doesn't seem to help me with this.

Any idea what is going on here?

So, the free servers go up to #158 for NL.

I was able to find a stable server for about 12 hours...so, that gave me a good chance to test and correct. The "stable" server has now gone to 100% packet loss overnight. Was at 0% packet loss yesterday. Anyway...

DNS resolution was causing an issue yesterday for a bit... I tried a couple of firewall rules...but couldn't get that working. So, as long, I manually insert a DNS server (1.1.1.1 or 9.9.9.9 or 10.2.0.1) on the workstation, then resolution is fine. If I add a DNS server (incluing 10.2.0.1) to the static DHCP lease... then it also works.

If leave it defaulted to the router's IP for DNS resolution...then it fails.

Couldn't spend anymore time yesterday to figure it out...but I am sure, I am just missing a small something in the firewall rules.