OPNsense action calls defguard but service is named defguard-gateway (and various other OPNsense issues) #123
Description
So far I've been unable to get the defguard plugin working in OPNsense 24.7.3
I've been unable to find what versions are supported, but these are some of my notes from debugging:
Followed the instructions at https://defguard.gitbook.io/defguard/admin-and-features/setting-up-your-instance/gateway#opnsense-plugin
- It doesn't mention this but you then need to restart the
configdservice for it to pick up the new action - this can be done byservice configd restartor restarting theconfigdservice in the webgui fromSystem -> Diagnostics -> Services- until you do this it gives an error "Action not allowed or missing" is displayed in the webgui when usingStart/restart - The service still doesn't start as the action tries to call
service defguard [start/stop/restart/status]as seen in opnsense/src/opnsense/service/conf/actions.d/actions_defguardgateway.conf however the service is calleddefguard-gatewaynotdefguard(the following error is returned: "defguard does not exist in /etc/rc.d or the local startup directories (/usr/local/etc/rc.d), or is not executable") - Starting the service manually using
service defguard-gateway startstill doesn't work (the following error is returned: "export: -gateway_env: bad variable name") - Starting the binary manually (
/usr/local/sbin/defguard-gateway --config /etc/defguard/gateway.toml) appears to work, but the webgui still doesn't appear to work - If the
Use WireGuard userspace kernel implementationis enabled the binary refuses to start with the errorError: WireguardError(ExecutableNotFound("wireguard-go")). To the best of my knowledge the userspace wireguard binary was removed from OPNsense a while ago and cannot be installed from the official plugin repo. - The defguard portion of the webgui always shows a
Endpoint not foundwarning - the developer console shows a (failed) attempt to send an http POST to/api/defguardgateway/service/statusthat returns a 404 with the body{"errorMessage":"Endpoint not found"} - It is unclear to me if I should be setting up a new wireguard interface for defguard to hook in to and use or if defguard should be spinning up it's own wireguard interface. I have
wg1andwg2existing already. Specifyingwg0(a non-existant interface) for theNetwork interfaceproduces the errorInterface configuration failed: WireGuard error BSD error: Write error ENXIO: No such device or addressin syslog. Specifyingwg1(an already existing wireguard interface) gives the error:Couldn't create network interface wg2: BSD error: Write error EEXIST: File exists. Proceeding anyway.
For reference this is what running sh -x /etc/rc.d/defguard-gateway start results in:
Collapsed for brevity:
+ . /etc/rc.subr
+ : 5937
+ export RC_PID
+ [ -n '' ]
+ _rc_subr_loaded=YES
+ SYSCTL=/sbin/sysctl
+ SYSCTL_N='/sbin/sysctl -n'
+ SYSCTL_W=/sbin/sysctl
+ PROTECT=/usr/bin/protect
+ ID=/usr/bin/id
+ IDCMD='if [ -x /usr/bin/id ]; then /usr/bin/id -un; fi'
+ PS='/bin/ps -ww'
+ JID=0
+ CPUSET=/bin/cpuset
+ rc_service=defguard-gateway
+ _rc_namevarlist='program chroot chdir env flags fib nice user group groups prepend setup'
+ kenv -q rc.debug
+ command -v boottrace
+ boottrace_cmd=/usr/sbin/boottrace
+ [ -n /usr/sbin/boottrace ]
+ /sbin/sysctl -n -q kern.boottrace.enabled
+ [ 0 '=' 1 ]
+ name=defguard-gateway
+ rcvar=defguard_gateway_enable
+ command=/usr/local/sbin/defguard-gateway
+ config=/etc/defguard/gateway.toml
+ start_cmd=defguard-gateway_start
+ load_rc_config defguard-gateway
+ local _name _rcvar_val _var _defval _v _msg _new _d
+ _name=defguard-gateway
+ false
+ [ -r /etc/defaults/rc.conf ]
+ debug 'Sourcing /etc/defaults/rc.conf'
+ . /etc/defaults/rc.conf
+ : /usr/local
+ rc_info=NO
+ rc_startmsgs=YES
+ rcshutdown_timeout=90
+ early_late_divider=FILESYSTEMS
+ always_force_depends=NO
+ apm_enable=NO
+ apmd_enable=NO
+ apmd_flags=''
+ ddb_enable=NO
+ ddb_config=/etc/ddb.conf
+ devd_enable=YES
+ devd_flags=''
+ devmatch_enable=YES
+ devmatch_blocklist=''
+ kldxref_enable=YES
+ kldxref_clobber=NO
+ kldxref_module_path=''
+ powerd_enable=NO
+ powerd_flags=''
+ tmpmfs=AUTO
+ tmpsize=20m
+ tmpmfs_flags=-S
+ utx_enable=YES
+ varmfs=AUTO
+ varsize=32m
+ varmfs_flags=-S
+ mfs_type=auto
+ populate_var=AUTO
+ cleanvar_enable=YES
+ var_run_enable=NO
+ var_run_autosave=NO
+ var_run_mtree=/var/db/mtree/BSD.var-run.mtree
+ local_startup=/usr/local/etc/rc.d
+ script_name_sep=' '
+ rc_conf_files='/etc/rc.conf /etc/rc.conf.local'
+ zfs_enable=NO
+ zfskeys_enable=NO
+ zfs_bootonce_activate=NO
+ zpool_reguid=''
+ zpool_upgrade=''
+ zfsd_enable=NO
+ gptboot_enable=YES
+ gbde_autoattach_all=NO
+ gbde_devices=NO
+ gbde_attach_attempts=3
+ gbde_lockdir=/etc
+ geli_devices=''
+ geli_groups=''
+ geli_tries=''
+ geli_default_flags=''
+ geli_autodetach=YES
+ root_rw_mount=YES
+ root_hold_delay=30
+ fsck_flags=-p
+ fsck_y_enable=NO
+ fsck_y_flags='-T ffs:-R -T ufs:-R'
+ background_fsck=YES
+ background_fsck_delay=60
+ growfs_enable=NO
+ growfs_swap_size=''
+ netfs_types='nfs:NFS smbfs:SMB'
+ extra_netfs_types=NO
+ hostname=''
+ hostid_enable=YES
+ hostid_file=/etc/hostid
+ hostid_uuidgen_flags=-r
+ machine_id_file=/etc/machine-id
+ nisdomainname=NO
+ dhclient_program=/sbin/dhclient
+ dhclient_flags=''
+ background_dhclient=NO
+ synchronous_dhclient=NO
+ defaultroute_delay=30
+ defaultroute_carrier_delay=5
+ netif_enable=YES
+ netif_ipexpand_max=2048
+ wpa_supplicant_program=/usr/sbin/wpa_supplicant
+ wpa_supplicant_flags=-s
+ wpa_supplicant_conf_file=/etc/wpa_supplicant.conf
+ firewall_enable=NO
+ firewall_script=/etc/rc.firewall
+ firewall_type=UNKNOWN
+ firewall_quiet=NO
+ firewall_logging=NO
+ firewall_logif=NO
+ firewall_flags=''
+ firewall_coscripts=''
+ firewall_client_net=x.x.x.x/x
+ firewall_simple_iif=em1
+ firewall_simple_inet=x.x.x.x/x
+ firewall_simple_oif=em0
+ firewall_simple_onet=x.x.x.x/x
+ firewall_myservices=''
+ firewall_allowservices=''
+ firewall_trusted=''
+ firewall_logdeny=NO
+ firewall_nologports='135-139,445 1026,1027 1433,1434'
+ firewall_nat_enable=NO
+ firewall_nat_interface=''
+ firewall_nat_flags=''
+ firewall_nat64_enable=NO
+ firewall_nptv6_enable=NO
+ firewall_pmod_enable=NO
+ dummynet_enable=NO
+ ipfw_netflow_enable=NO
+ ip_portrange_first=NO
+ ip_portrange_last=NO
+ ike_enable=NO
+ ike_program=/usr/local/sbin/isakmpd
+ ike_flags=''
+ ipsec_enable=NO
+ ipsec_file=/etc/ipsec.conf
+ natd_program=/sbin/natd
+ natd_enable=NO
+ natd_interface=''
+ natd_flags=''
+ ipfilter_enable=NO
+ ipfilter_program=/sbin/ipf
+ ipfilter_rules=/etc/ipf.rules
+ ipfilter_flags=''
+ ippool_enable=NO
+ ippool_program=/sbin/ippool
+ ippool_rules=/etc/ippool.tables
+ ippool_flags=''
+ ipnat_enable=NO
+ ipnat_program=/sbin/ipnat
+ ipnat_rules=/etc/ipnat.rules
+ ipnat_flags=''
+ ipmon_enable=NO
+ ipmon_program=/sbin/ipmon
+ ipmon_flags=-Ds
+ ipfs_enable=NO
+ ipfs_program=/sbin/ipfs
+ ipfs_flags=''
+ pf_enable=NO
+ pf_rules=/etc/pf.conf
+ pf_program=/sbin/pfctl
+ pf_flags=''
+ pf_fallback_rules_enable=NO
+ pf_fallback_rules='block drop log all'
+ pf_fallback_rules_file=/etc/pf-fallback.conf
+ pflog_enable=NO
+ pflog_logfile=/var/log/pflog
+ pflog_program=/sbin/pflogd
+ pflog_flags=''
+ dnctl_enable=NO
+ dnctl_program=/sbin/dnctl
+ dnctl_rules=/etc/dnctl.conf
+ ftpproxy_enable=NO
+ ftpproxy_flags=''
+ pfsync_enable=NO
+ pfsync_syncdev=''
+ pfsync_syncpeer=''
+ pfsync_ifconfig=''
+ tcp_extensions=YES
+ log_in_vain=0
+ tcp_keepalive=YES
+ tcp_drop_synfin=NO
+ icmp_drop_redirect=auto
+ icmp_log_redirect=NO
+ network_interfaces=auto
+ cloned_interfaces=''
+ ppp_enable=NO
+ ppp_program=/usr/sbin/ppp
+ ppp_mode=auto
+ ppp_nat=YES
+ ppp_profile=papchap
+ ppp_user=root
+ hostapd_program=/usr/sbin/hostapd
+ hostapd_enable=NO
+ syslogd_enable=YES
+ syslogd_program=/usr/sbin/syslogd
+ syslogd_flags=-s
+ syslogd_oomprotect=YES
+ altlog_proglist=''
+ inetd_enable=NO
+ inetd_program=/usr/sbin/inetd
+ inetd_flags='-wW -C 60'
+ iscsid_enable=NO
+ iscsictl_enable=NO
+ iscsictl_flags=-Aa
+ hastd_enable=NO
+ hastd_program=/sbin/hastd
+ hastd_flags=''
+ ggated_enable=NO
+ ggated_config=/etc/gg.exports
+ ggated_flags=''
+ ctld_enable=NO
+ local_unbound_enable=NO
+ local_unbound_tls=NO
+ blacklistd_enable=NO
+ blacklistd_flags=''
+ resolv_enable=YES
+ kdc_enable=NO
+ kdc_program=/usr/libexec/kdc
+ kdc_flags=''
+ kdc_restart=NO
+ kdc_restart_delay=''
+ kadmind_enable=NO
+ kadmind_program=/usr/libexec/kadmind
+ kpasswdd_enable=NO
+ kpasswdd_program=/usr/libexec/kpasswdd
+ kfd_enable=NO
+ kfd_program=/usr/libexec/kfd
+ kfd_flags=''
+ ipropd_master_enable=NO
+ ipropd_master_program=/usr/libexec/ipropd-master
+ ipropd_master_flags=''
+ ipropd_master_keytab=/etc/krb5.keytab
+ ipropd_master_slaves=''
+ ipropd_slave_enable=NO
+ ipropd_slave_program=/usr/libexec/ipropd-slave
+ ipropd_slave_flags=''
+ ipropd_slave_keytab=/etc/krb5.keytab
+ ipropd_slave_master=''
+ gssd_enable=NO
+ gssd_program=/usr/sbin/gssd
+ gssd_flags=''
+ rwhod_enable=NO
+ rwhod_flags=''
+ rarpd_enable=NO
+ rarpd_flags=-a
+ bootparamd_enable=NO
+ bootparamd_flags=''
+ pppoed_enable=NO
+ pppoed_provider='*'
+ pppoed_flags='-P /var/run/pppoed.pid'
+ pppoed_interface=em0
+ sshd_enable=NO
+ sshd_program=/usr/sbin/sshd
+ sshd_flags=''
+ ftpd_enable=NO
+ ftpd_program=/usr/libexec/ftpd
+ ftpd_flags=''
+ autofs_enable=NO
+ automount_flags=''
+ automountd_flags=''
+ autounmountd_flags=''
+ nfs_client_enable=NO
+ nfs_access_cache=60
+ nfs_server_enable=NO
+ nfs_server_flags='-u -t'
+ nfs_server_managegids=NO
+ nfs_server_maxio=131072
+ mountd_enable=NO
+ mountd_flags='-r -S'
+ weak_mountd_authentication=NO
+ nfs_reserved_port_only=NO
+ nfs_bufpackets=''
+ rpc_lockd_enable=NO
+ rpc_lockd_flags=''
+ rpc_statd_enable=NO
+ rpc_statd_flags=''
+ rpcbind_enable=NO
+ rpcbind_program=/usr/sbin/rpcbind
+ rpcbind_flags=''
+ rpc_ypupdated_enable=NO
+ keyserv_enable=NO
+ keyserv_flags=''
+ nfsv4_server_enable=NO
+ nfsv4_server_only=NO
+ nfscbd_enable=NO
+ nfscbd_flags=''
+ nfsuserd_enable=NO
+ nfsuserd_flags=''
+ tlsclntd_enable=NO
+ tlsclntd_flags=''
+ tlsservd_enable=NO
+ tlsservd_flags=''
+ ntpdate_enable=NO
+ ntpdate_program=/usr/sbin/ntpdate
+ ntpdate_flags=-b
+ ntpdate_config=/etc/ntp.conf
+ ntpdate_hosts=''
+ ntpd_enable=NO
+ ntpd_program=/usr/sbin/ntpd
+ ntpd_config=/etc/ntp.conf
+ ntpd_sync_on_start=NO
+ ntpd_flags=''
+ ntp_src_leapfile=/etc/ntp/leap-seconds
+ ntp_db_leapfile=/var/db/ntpd.leap-seconds.list
+ ntp_leapfile_sources=https://hpiers.obspm.fr/iers/bul/bulc/ntp/leap-seconds.list
+ ntp_leapfile_fetch_opts=-mq
+ ntp_leapfile_expiry_days=30
+ ntp_leapfile_fetch_verbose=NO
+ nis_client_enable=NO
+ nis_client_flags=''
+ nis_ypset_enable=NO
+ nis_ypset_flags=''
+ nis_server_enable=NO
+ nis_server_flags=''
+ nis_ypxfrd_enable=NO
+ nis_ypxfrd_flags=''
+ nis_yppasswdd_enable=NO
+ nis_yppasswdd_flags=''
+ nis_ypldap_enable=NO
+ nis_ypldap_flags=''
+ bsnmpd_enable=NO
+ bsnmpd_flags=''
+ defaultrouter=NO
+ static_arp_pairs=''
+ static_ndp_pairs=''
+ static_routes=''
+ gateway_enable=NO
+ routed_enable=NO
+ routed_program=/sbin/routed
+ routed_flags=-q
+ arpproxy_all=NO
+ forward_sourceroute=NO
+ accept_sourceroute=NO
+ hcsecd_enable=NO
+ hcsecd_config=/etc/bluetooth/hcsecd.conf
+ sdpd_enable=NO
+ sdpd_control=/var/run/sdp
+ sdpd_groupname=nobody
+ sdpd_username=nobody
+ bthidd_enable=NO
+ bthidd_config=/etc/bluetooth/bthidd.conf
+ bthidd_hids=/var/db/bthidd.hids
+ bthidd_evdev_support=AUTO
+ rfcomm_pppd_server_enable=NO
+ rfcomm_pppd_server_profile='one two'
+ rfcomm_pppd_server_one_channel=1
+ rfcomm_pppd_server_two_channel=3
+ ubthidhci_enable=NO
+ netwait_enable=NO
+ netwait_timeout=60
+ netwait_if_timeout=30
+ icmp_bmcastecho=NO
+ ipv6_network_interfaces=auto
+ ipv6_activate_all_interfaces=NO
+ ipv6_defaultrouter=NO
+ ipv6_static_routes=''
+ ipv6_gateway_enable=NO
+ ipv6_cpe_wanif=NO
+ ipv6_privacy=NO
+ route6d_enable=NO
+ route6d_program=/usr/sbin/route6d
+ route6d_flags=''
+ ipv6_default_interface=NO
+ rtsol_flags=-i
+ rtsold_enable=NO
+ rtsold_flags='-a -i'
+ rtadvd_enable=NO
+ rtadvd_interfaces=''
+ stf_interface_ipv4addr=''
+ stf_interface_ipv4plen=0
+ stf_interface_ipv6_ifid=0:0:0:1
+ stf_interface_ipv6_slaid=0000
+ ipv6_ipv4mapping=NO
+ ip6addrctl_enable=YES
+ ip6addrctl_verbose=NO
+ ip6addrctl_policy=AUTO
+ keyboard=''
+ keymap=NO
+ keyrate=NO
+ keybell=NO
+ keychange=NO
+ cursor=NO
+ scrnmap=NO
+ font8x16=NO
+ font8x14=NO
+ font8x8=NO
+ blanktime=300
+ saver=NO
+ moused_nondefault_enable=YES
+ moused_enable=NO
+ moused_type=auto
+ moused_port=/dev/psm0
+ moused_flags=''
+ mousechar_start=NO
+ allscreens_flags=''
+ allscreens_kbdflags=''
+ sendmail_enable=NONE
+ sendmail_pidfile=/var/run/sendmail.pid
+ sendmail_procname=/usr/sbin/sendmail
+ sendmail_flags='-L sm-mta -bd -q30m'
+ sendmail_cert_create=YES
+ sendmail_submit_enable=YES
+ sendmail_submit_flags='-L sm-mta -bd -q30m -ODaemonPortOptions=Addr=localhost'
+ sendmail_outbound_enable=YES
+ sendmail_outbound_flags='-L sm-queue -q30m'
+ sendmail_msp_queue_enable=YES
+ sendmail_msp_queue_flags='-L sm-msp-queue -Ac -q30m'
+ sendmail_rebuild_aliases=NO
+ auditd_enable=NO
+ auditd_program=/usr/sbin/auditd
+ auditd_flags=''
+ auditdistd_enable=NO
+ auditdistd_program=/usr/sbin/auditdistd
+ auditdistd_flags=''
+ cron_enable=YES
+ cron_program=/usr/sbin/cron
+ cron_dst=YES
+ cron_flags=''
+ cfumass_enable=NO
+ cfumass_dir=/var/cfumass
+ cfumass_image=/var/tmp/cfumass.img
+ lpd_enable=NO
+ lpd_program=/usr/sbin/lpd
+ lpd_flags=''
+ nscd_enable=NO
+ chkprintcap_enable=NO
+ chkprintcap_flags=-d
+ dumpdev=NO
+ dumpon_flags=''
+ dumpdir=/var/crash
+ savecore_enable=YES
+ savecore_flags='-m 10'
+ service_delete_empty=NO
+ crashinfo_enable=YES
+ crashinfo_program=/usr/sbin/crashinfo
+ quota_enable=NO
+ check_quotas=YES
+ quotaon_flags=-a
+ quotaoff_flags=-a
+ quotacheck_flags=-a
+ accounting_enable=NO
+ firstboot_sentinel=/firstboot
+ sysvipc_enable=NO
+ linux_enable=NO
+ linux_mounts_enable=YES
+ clear_tmp_enable=NO
+ clear_tmp_X=YES
+ ldconfig_insecure=NO
+ ldconfig_paths='/usr/lib/compat /usr/local/lib /usr/local/lib/compat/pkg'
+ ldconfig32_paths='/usr/lib32 /usr/lib32/compat'
+ ldconfig_local_dirs=/usr/local/libdata/ldconfig
+ ldconfig_local32_dirs=/usr/local/libdata/ldconfig32
+ kern_securelevel_enable=NO
+ kern_securelevel=-1
+ update_motd=YES
+ entropy_boot_file=/boot/entropy
+ entropy_file=/entropy
+ entropy_dir=/var/db/entropy
+ entropy_save_sz=4096
+ entropy_save_num=8
+ harvest_mask=511
+ osrelease_enable=YES
+ osrelease_file=/var/run/os-release
+ osrelease_perms=444
+ dmesg_enable=YES
+ watchdogd_enable=NO
+ watchdogd_flags=''
+ watchdogd_timeout=''
+ watchdogd_shutdown_timeout=''
+ devfs_rulesets='/etc/defaults/devfs.rules /etc/devfs.rules'
+ devfs_system_ruleset=''
+ devfs_set_rulesets=''
+ devfs_load_rulesets=YES
+ performance_cx_lowest=NONE
+ performance_cpu_freq=NONE
+ economy_cx_lowest=Cmax
+ economy_cpu_freq=NONE
+ virecover_enable=YES
+ ugidfw_enable=NO
+ bsdextended_script=/etc/rc.bsdextended
+ newsyslog_enable=YES
+ newsyslog_flags=-CN
+ mixer_enable=YES
+ opensm_enable=NO
+ nuageinit_enable=NO
+ rctl_enable=YES
+ rctl_rules=/etc/rctl.conf
+ iovctl_files=''
+ jail_enable=NO
+ jail_conf=/etc/jail.conf
+ jail_confwarn=YES
+ jail_parallel_start=NO
+ jail_list=''
+ jail_reverse_stop=NO
+ [ -z '' ]
+ source_rc_confs_defined=yes
+ [ -r /etc/defaults/vendor.conf ]
+ source_rc_confs
+ local i sourced_files
+ sourced_files=:/etc/rc.conf:
+ [ -r /etc/rc.conf ]
+ . /etc/rc.conf
+ keymap=uk.kbd
+ sourced_files=:/etc/rc.conf::/etc/rc.conf.local:
+ [ -r /etc/rc.conf.local ]
+ _rc_conf_loaded=true
+ [ -n defguard-gateway ]
+ _d=/etc
+ [ -f /etc/rc.conf.d/defguard-gateway ]
+ debug 'Sourcing /etc/rc.conf.d/defguard-gateway'
+ . /etc/rc.conf.d/defguard-gateway
+ defguard_gateway_enable=YES
+ _d=/usr/local/etc
+ [ -f /usr/local/etc/rc.conf.d/defguard-gateway ]
+ [ -d /usr/local/etc/rc.conf.d/defguard-gateway ]
+ eval '_defval=$defguard_gateway_enable_defval'
+ _defval=''
+ [ -n '' ]
+ run_rc_command start
+ _return=0
+ rc_arg=start
+ [ -z defguard-gateway ]
+ shift 1
+ rc_extra_args=''
+ _rc_prefix=''
+ eval '_override_command=$defguard-gateway_program'
+ _override_command=-gateway_program
+ command=-gateway_program
+ _keywords='start stop restart rcvar enable disable delete enabled describe extracommands '
+ rc_pid=''
+ _pidcmd=''
+ _procname=-gateway_program
+ eval '_cpuset=$defguard-gateway_cpuset'
+ _cpuset=-gateway_cpuset
+ _cpuset=''
+ _cpusetcmd=''
+ [ -n '' ]
+ [ -n -gateway_program ]
+ [ -n '' ]
+ _pidcmd='rc_pid=$(check_process -gateway_program )'
+ _keywords='start stop restart rcvar enable disable delete enabled describe extracommands status poll'
+ [ -z start ]
+ [ start '=' enabled ]
+ [ -n '' ]
+ eval 'rc_flags=$defguard-gateway_flags'
+ rc_flags=-gateway_flags
+ eval '_chdir=$defguard-gateway_chdir' '_chroot=$defguard-gateway_chroot' '_nice=$defguard-gateway_nice' '_user=$defguard-gateway_user' '_group=$defguard-gateway_group' '_groups=$defguard-gateway_groups' '_fib=$defguard-gateway_fib' '_env=$defguard-gateway_env' '_prepend=$defguard-gateway_prepend' '_login_class=${defguard-gateway_login_class:-daemon}' '_limits=$defguard-gateway_limits' '_oomprotect=$defguard-gateway_oomprotect' '_setup=$defguard-gateway_setup' '_env_file=$defguard-gateway_env_file' '_umask=$defguard-gateway_umask'
+ _chdir=-gateway_chdir _chroot=-gateway_chroot _nice=-gateway_nice _user=-gateway_user _group=-gateway_group _groups=-gateway_groups _fib=-gateway_fib _env=-gateway_env _prepend=-gateway_prepend _login_class=gateway_login_class:-daemon _limits=-gateway_limits _oomprotect=-gateway_oomprotect _setup=-gateway_setup _env_file=-gateway_env_file _umask=-gateway_umask
+ [ -n -gateway_env_file ]
+ [ -r -gateway_env_file ]
+ [ -n -gateway_user ]
+ eval if [ -x /usr/bin/id '];' then /usr/bin/id '-un;' fi
+ [ -x /usr/bin/id ]
+ /usr/bin/id -un
+ [ -gateway_user '=' root ]
+ [ -z '' ]
+ eval 'rc_pid=$(check_process' -gateway_program ')'
+ check_process -gateway_program
+ _procname=-gateway_program
+ _interpreter=''
+ [ -z -gateway_program ]
+ _find_processes -gateway_program . -ax
+ [ 3 -ne 3 ]
+ _procname=-gateway_program
+ _interpreter=.
+ _psargs=-ax
+ _pref=''
+ [ . '!=' . ]
+ _procnamebn=-gateway_program
+ _fp_args='_arg0 _argv'
+ _fp_match=$'case "$_arg0" in
\t\t $_procname|$_procnamebn|${_procnamebn}:|"(${_procnamebn})"|"[${_procnamebn}]")'
+ _proccheck=$'\t\t/bin/ps -ww 2>/dev/null -o pid= -o jid= -o command= -ax |
\t\twhile read _npid _jid _arg0 _argv; do
\t\t\tcase "$_arg0" in
\t\t $_procname|$_procnamebn|${_procnamebn}:|"(${_procnamebn})"|"[${_procnamebn}]")
\t\t\t\tif [ "$JID" -eq "$_jid" ];
\t\t\t\tthen echo -n "$_pref$_npid";
\t\t\t\t_pref=" ";
\t\t\t\tfi
\t\t\t\t;;
\t\t\tesac
\t\tdone'
+ eval /bin/ps -ww '2>/dev/null' -o 'pid=' -o 'jid=' -o 'command=' -ax '|' while read _npid _jid _arg0 '_argv;' do case '"$_arg0"' in '$_procname|$_procnamebn|${_procnamebn}:|"(${_procnamebn})"|"[${_procnamebn}]")' if [ '"$JID"' -eq '"$_jid"' '];' then echo -n '"$_pref$_npid";' '_pref="' '";' fi ';;' esac done
+ /bin/ps -ww -o 'pid=' -o 'jid=' -o 'command=' -ax
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ rc_pid=''
+ [ start '!=' start ]
+ [ -n defguard_gateway_enable -a start '!=' rcvar -a start '!=' stop -a start '!=' delete -a start '!=' enable -a start '!=' describe -a start '!=' status ]
+ checkyesno defguard_gateway_enable
+ eval '_value=$defguard_gateway_enable'
+ _value=YES
+ debug 'checkyesno: defguard_gateway_enable is set to YES.'
+ return 0
+ [ start '=' start -a -z '' -a -n '' ]
+ eval '_cmd=$start_cmd' '_precmd=$start_precmd' '_postcmd=$start_postcmd'
+ _cmd=defguard-gateway_start _precmd='' _postcmd=''
+ [ -n defguard-gateway_start ]
+ [ -n -gateway_env ]
+ eval 'export -- -gateway_env'
+ export -- -gateway_env
export: -gateway_env: bad variable name