Project

General

Profile

Activity

From 03/22/2024 to 04/20/2024

Today

05:58 AM pfSense Packages Bug #15420 (New): Incorrect error pfBlockerNG MaxMind message.
WHERE
In “ MaxMind GeoIP configuration” section
ISSUE
Wrong error alerting message:
“ *pfBlockerNG MaxMind - M... Sergei Shablovsky
02:18 AM pfSense Plus Bug #15419 (New): pfBlockerNG - Issue with Adding or Changing Ipv4 Addresses
Hi PFsense+ Community,
I am running the 24.03RC version and have run into an issue with updating IPv4 lists in PFB... Mathew Hepple

04/19/2024

06:22 PM pfSense Docs Correction #15403 (Closed): openvpn client speciffic overrides, local networks clarification
Info added: https://gitlab.netgate.com/docs/pfSense-docs/-/commit/9011224272ea0934535d8530da838580f91c988b Jim Pingle
02:39 PM pfSense Plus Regression #15407 (Resolved): pfSense-upgrade incorrectly creates 'unknown error' notice.
Confirmed that this is no longer an issue on... Christopher Cope

04/18/2024

10:19 PM pfSense Plus Bug #15418: Incorrect links to edit static mapping and WOL on DHCPv6 leases (status_dhcpv6_leases.php). URL parameter values missing.
And just to clarify, the broken action links appear for a DHCPv6 lease with static mapping, the action links for a dy... Patrik Stahlman
05:41 PM pfSense Plus Bug #15418 (New): Incorrect links to edit static mapping and WOL on DHCPv6 leases (status_dhcpv6_leases.php). URL parameter values missing.

On the DCHPv6 leases page (status_dhcpv6_leases.php), the links for editing the static mapping and WOL are incorrec... Patrik Stahlman
08:28 PM Bug #15066: PHP allocation failure in pfsense-utils.inc
Once again, happened while I was out of the country and not interacting with pfSense at all:
Crash report begins. ... Alex Rosenberg
07:42 PM Bug #15417 (Not a Bug): static mappings for the ISC DHCP IPv4 server are ignored when the IP Address field is left blank
Seems there is a bit of a misunderstanding. When you omit the IP address it's not a "static" mapping it's defining a ... Jim Pingle
04:41 PM Bug #15417 (Not a Bug): static mappings for the ISC DHCP IPv4 server are ignored when the IP Address field is left blank
If I make a static DHCP mapping configuration where leave the IP address box blank (I want the IP given out to be dyn... Grey Christoforo
01:28 PM Feature #14762: Support X25519 and X448 public key algorithms in certificates
This looks like a regression – I've got some OpenVPN servers that are set up with ed25519 certificates, which pfSense... Jernej Simončič
12:12 PM Bug #15416 (Duplicate): Php Error when moving IPsec-Phase2 entries
Duplicate of #15157 and #15384 -- Both already fixed. Jim Pingle
11:53 AM Bug #15416 (Duplicate): Php Error when moving IPsec-Phase2 entries
Greeting,
when trying to move phase 2 entries via the gui a php-error occurs.
PHP errors
PHP ERROR: Type: 1, ... John Doe
01:19 AM pfSense Packages Bug #15365 (Pull Request Review): pfBlockerNG PHP error when editing a list
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/393 Christopher Cope

04/17/2024

10:18 PM pfSense Packages Bug #15365: pfBlockerNG PHP error when editing a list
This is due to a change in behavior with the range function as of PHP 8.3.0 https://www.php.net/manual/en/function.ra... Christopher Cope
04:28 PM Feature #15415: Enhance the firewall log action hover information view, show reason info
For users hitting #15400 who want to see the reason code ("ip-options" in that problem case), this diff will add it t... Jim Pingle
04:27 PM Feature #15415 (New): Enhance the firewall log action hover information view, show reason info
Currently hovering over the action icon on a firewall log entry shows a small tooltip with the action text and the ru... Jim Pingle
03:34 PM Feature #12190: Add ability to reference ipv6 prefix in firewall rules and aliases
Same here.
pfSense is missing some kind of another dropdown for that @::@ feature in dynamic prefix cases to select ... Robin Kluth
03:33 PM Feature #6626: Support for IPv6 firewall entries with dynamic delegated prefix and static host address
Anyone who searches the mentioned PR above: https://github.com/pfsense/pfsense/commit/7c4b3d3c8d2d15b1e59d1d262cc295a... Robin Kluth
01:52 PM pfSense Packages Bug #15414 (New): Program Loops on invalid domains
Was testing ACME package with one of my test domains registered with FREENOM.
FREENOM now does not resolve this doma... Luke Shepherd
12:25 PM pfSense Plus Bug #15386 (Resolved): EULA Prompting Twice on Plus
Tested against:... Danilo Zrenjanin
11:59 AM Bug #15413 (New): Kernel panic in HA nodes when under high load
Two 1541s running 23.09.1 in this example:... Steve Wheeler
11:36 AM pfSense Plus Bug #15395 (Resolved): install-boot trips on BIOS installs when an EFI partition is present.
Steve Wheeler
03:55 AM pfSense Plus Bug #15401: 23.09.1 to 24.03b update fails EFI with ZFS mirror
24.03.r.20240416.0005 seems to resolve this.
Now still seeing "efibootmgr: efi_get_variable: Bad address" but it m... M Felden

04/16/2024

06:20 PM pfSense Plus Feature #15412 (New): Improve error feedback from pfSense-upgrade
Recent versions of pfSense-upgrade include code for collecting handling errors in order to present it to the user as ... Steve Wheeler
03:53 PM Bug #15328: Kea DHCP corrupts existing leases when a new DHCP pool is added
I can confirm this is happening to me as well. I added a new VLAN interface, new DHCP range, and now half of what is ... Chris Lawrence
03:01 PM Bug #15411: Hostname missing from logs in certain cases can cause the system log to display in an unexpected manner
Dug more into this and the problem is that somehow at boot the hostname was not being printed in the system logs on j... Jim Pingle
01:07 PM Bug #15411 (New): Hostname missing from logs in certain cases can cause the system log to display in an unexpected manner
With the system log set to show ~500 lines the system log tab will also show most if not all of the kernel boot messa... Jim Pingle
12:24 PM pfSense Plus Regression #15407 (Feedback): pfSense-upgrade incorrectly creates 'unknown error' notice.
https://gitlab.netgate.com/pfSense/factory-ports/-/merge_requests/101
Fixed in pfSense-upgrade-1.2.20 Steve Wheeler
01:10 AM pfSense Packages Bug #15410: cache_object://URL Scheme is removed in Squid-6
Sorry This is the issue I am researching on how to resolve do to the cache_object change
I just have to find the ... Jonathan Lee
01:08 AM pfSense Packages Bug #15410: cache_object://URL Scheme is removed in Squid-6
!Screenshot%202024-04-15%20at%2018.07.13.png!
I can access the cachemgr.cgi if you are using it within the lightsq... Jonathan Lee
12:59 AM pfSense Packages Bug #15410: cache_object://URL Scheme is removed in Squid-6
!Screenshot%202024-04-15%20at%2017.58.36.png!
Testing Jonathan Lee
12:57 AM pfSense Packages Bug #15410: cache_object://URL Scheme is removed in Squid-6
Test failed it still says no access
!Screenshot%202024-04-15%20at%2017.57.24.png!
 Jonathan Lee
12:45 AM pfSense Packages Bug #15410: cache_object://URL Scheme is removed in Squid-6
squidclient mgr:info
no longer works this should be changed to reflect the new use with
squidclient -h 127.0.0... Jonathan Lee
12:40 AM pfSense Packages Bug #15410: cache_object://URL Scheme is removed in Squid-6
@function squid_status() {
if (is_service_running('squid')) {
init_config_arr(array('installedpackages', 'squidc... Jonathan Lee
12:31 AM pfSense Packages Bug #15410: cache_object://URL Scheme is removed in Squid-6
this calls /usr/local/sbin/squidclient with the older URI scheme
to access mgr:info Jonathan Lee
12:30 AM pfSense Packages Bug #15410: cache_object://URL Scheme is removed in Squid-6
this is part of status_squid.php Jonathan Lee
12:18 AM pfSense Packages Bug #15410 (New): cache_object://URL Scheme is removed in Squid-6
Hello fellow pfSense Squid Proxy Users can you please help?
I am so happy 6.6 is part of pfSense 24 however some s... Jonathan Lee

04/15/2024

06:45 PM pfSense Plus Regression #15409 (New): AMD watchdog module is missing
The amdsbwd kernel module is missing from recent versions resulting in errors on Netgate APU2/4 devices (PCEngines AP... Steve Wheeler
06:07 PM Bug #15405: leap seconds update server has changed
For completeness, someone did open a case upstream: https://bugs.ntp.org/show_bug.cgi?id=3898
 A S
05:59 PM Bug #15405: leap seconds update server has changed
Will report upstream. Thanks! A S
12:24 PM Bug #15405 (Needs Patch): leap seconds update server has changed
That file is part of the NTP package (@ntp.org@), Netgate does not maintain that code. It should be reported upstream... Jim Pingle
05:59 PM Todo #15408 (New): Reduce inconsistencies between Configuration History with/without ZFS Boot Environments
The Configuration History page has diverged a bit between Plus w/Boot Environments and CE which is making it confusin... Jim Pingle
05:53 PM pfSense Plus Regression #15407 (Resolved): pfSense-upgrade incorrectly creates 'unknown error' notice.
The error reporting in pfSense-upgrade incorrectly creates an alert when it's run an an upgrade check and a new versi... Steve Wheeler
04:34 PM Feature #15406 (New): rules: make Virtual IPs selectable as destination
In NAT port forwards it is possible to directly select a Virtual IP (IP Alias, CARP) address from the dropdown list a... Dennis Neuhaeuser
01:33 PM pfSense Docs New Content #15191 (Closed): Document new Packet Flow Data functionality (Plus Only)
Jim Pingle
12:29 PM Feature #15402: A new approach to rc.start_packages
It might be viable but you have the logic a bit backward. The base system should not have specific knowledge of any p... Jim Pingle

04/14/2024

06:21 AM Bug #15405 (Needs Patch): leap seconds update server has changed
/usr/local/sbin/update-leap is attempting to use:
https://www.ietf.org/timezones/data/leap-seconds.list
Per the... A S
03:09 AM pfSense Plus Bug #15303: dpinger service does not always switch from Pending to Online
Tested on 24.03-RC and this issue is still present. Kris Phillips
03:00 AM pfSense Plus Bug #15388: Serial/VGA console forces password reset on 24.03 but Setup Wizard still prompts during setup to change the password erroneously
Jim Pingle wrote in #note-1:
> The wizard has always prompted to change the password, users like having the option. ... Kris Phillips
02:40 AM Bug #14261: Trim white space in a DHCP Leases page search field
on 24.03.r.20240410.1729 adding a leading/trailing space to a search term returns no results Jordan G
01:58 AM pfSense Plus Regression #15387: Boot failure detection tripping on config reset button during boot
On the 4100 & 4200 as of... Christopher Cope
12:34 AM pfSense Plus Bug #15404 (New): Captive Portal captiveportal-default-logo.png Missing from Post-authentication Page
After signing into the Captive Portal, the default captive portal logo is not loading properly. The logo appears to ... Kris Phillips

04/13/2024

10:12 PM pfSense Docs Correction #15403 (Closed): openvpn client speciffic overrides, local networks clarification
URL: https://docs.netgate.com/pfsense/en/latest/vpn/openvpn/configure-overrides.html
sub heading: IPv4/IPv6 Local ... Craig Coonrad
09:47 PM Regression #15074: ISO fails to boot UEFI
This also occurs in the online upgrade process (in this case on PVE 8.1.10).
22.05 --> 23.01 (success)
23.01 --> 23... Craig Coonrad
08:18 PM Feature #15402 (New): A new approach to rc.start_packages
I have been facing some issues with NUT package due to rc.start_packages.
Once an interfaces goes down, NUT restarts... Marcelo Cury
03:50 PM Regression #15400: IGMP packets are logged when the filter rule has logging disabled
Kristof Provost wrote in #note-2:
> This is intentional, in the sense that it was always meant to log, but didn't du... Denny Page
08:50 AM Regression #15400 (Not a Bug): IGMP packets are logged when the filter rule has logging disabled
This is intentional, in the sense that it was always meant to log, but didn't due to a bug that's now been fixed.
... Kristof Provost
12:18 PM pfSense Plus Bug #15401: 23.09.1 to 24.03b update fails EFI with ZFS mirror

System is using Coreboot (EFI only) and has a ZFS mirror:... M Felden
12:17 PM pfSense Plus Bug #15401 (New): 23.09.1 to 24.03b update fails EFI with ZFS mirror
System is using Coreboot (EFI only) and has a ZFS mirror:... M Felden

04/12/2024

09:42 PM pfSense Plus Feature #13227 (Resolved): Group-based Mobile IPsec Virtual Address Pool assignment via RADIUS
Marcos M
09:40 PM pfSense Plus Feature #13227: Group-based Mobile IPsec Virtual Address Pool assignment via RADIUS
That worked perfectly. Thank you guys! Jon McKinney
09:28 PM Regression #15400: IGMP packets are logged when the filter rule has logging disabled
It may be this is intended behavior, though it's worth clarifying if so. Marcos M
09:02 PM Regression #15400 (Not a Bug): IGMP packets are logged when the filter rule has logging disabled
Example rules:... Marcos M
05:58 PM Bug #15399 (Resolved): Local host gateways are shown in the default gateways list
Marcos M
05:56 PM Bug #15399: Local host gateways are shown in the default gateways list
The patch looks good against 24.03-RC. Steve Wheeler
03:40 PM Bug #15399 (Feedback): Local host gateways are shown in the default gateways list
Applied in changeset commit:15eb946bc19222df48318fd6f9c9cb9e88e54690. Marcos M
03:30 PM Bug #15399 (Ready To Test): Local host gateways are shown in the default gateways list
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/1148 Marcos M
02:31 PM Bug #15399 (Resolved): Local host gateways are shown in the default gateways list
In System > Routing > Gateways the default gateway drop-down selection should not contain localhost (null) gateways. ... Steve Wheeler
05:56 PM Revision 9fd4cb96: Update comment
The updated comment matches the actual behavior. Albeit the
variable name is unintuitive, it follows the behavior bef... Marcos M
05:52 PM Bug #15082 (Closed): Upgrade fails due to unmounted EFI filesystem
Closing this since it didn't turn out to be what we thought, and fixing problems caused by incorrect manual alteratio... Jim Pingle
05:39 PM Bug #15081: Upgrade fails due to undersized EFI filesystem
Moving this ahead as it still might be an issue though it's unclear how many affected systems may be left in the wild... Jim Pingle
03:08 PM Revision 15eb946b: Correct bitwise check when getting a list of gateways. Fix #15399
Marcos M
12:47 PM pfSense Plus Bug #15395: install-boot trips on BIOS installs when an EFI partition is present.
https://gitlab.netgate.com/pfSense/factory-ports/-/merge_requests/100 Steve Wheeler
10:05 AM pfSense Plus Bug #15196: AWS ena interfaces can become unstable/stop responding
Cpu load corresponds with NIC errors in #2598286486
!clipboard-202404121406-jhrkf.png!
 Lev Prokofev
08:16 AM pfSense Plus Bug #15196: AWS ena interfaces can become unstable/stop responding
Another client hit this issue ticket #2598286486 Lev Prokofev
08:12 AM pfSense Packages Feature #15398 (New): Fusioninventory Agent
This tool already works well through the FreeBSD repo.
Fusioninventory is a collection of small tools to perform i... Iván Viso
08:07 AM pfSense Packages Feature #15397 (New): Wazuh Agent
This already works well through the FreeBSD repo.
Wazuh is a free and open source platform used for threat prevent... Iván Viso
07:59 AM Bug #15171: Removing an IPsec Phase 1 entry can either remove the wrong Phase 2 entries or leave orphaned Phase 2 entries in the configuration
DBACORP DBACORP wrote in #note-9:
> Reproduced the same issue in PLUS version 23.09.1 ​​and the issue persisted.
> ... Danilo Zrenjanin
07:16 AM Bug #15178 (Confirmed): ACB (autoconfig backup) restore always returns could not decrypt despite proper password
Yes, I was able to reproduce the described behavior.
Tested against the following versions:... Danilo Zrenjanin

04/11/2024

09:15 PM pfSense Plus Feature #13227: Group-based Mobile IPsec Virtual Address Pool assignment via RADIUS
Thanks for testing! Try it with this "patch":https://docs.netgate.com/pfsense/en/latest/development/system-patches.ht... Marcos M
08:08 PM pfSense Plus Feature #13227 (In Progress): Group-based Mobile IPsec Virtual Address Pool assignment via RADIUS
Marcos M
01:34 PM pfSense Plus Feature #13227: Group-based Mobile IPsec Virtual Address Pool assignment via RADIUS
I am having issues creating multiple groups. I just installed the plus 24.03 RC last night on my box at home so I can... Jon McKinney
08:54 PM Regression #15391: Prior bug #9459 in 2.7.2: pfr_update_stats: assertion failed.
Believe that the source of the issue was determined:
* set net.bpf.zerocopy_enable=1
* on the external interface co... A S
08:19 PM pfSense Plus Bug #15396 (New): BE upgrade process deferred pkg install can cause significant delays
Some package install scripts attempt to connect out to update lists/signatures/aliases. When run as part of the new B... Steve Wheeler
07:01 PM pfSense Packages Feature #15375: Update ntopng package
Tested in 24.03 RC -- working as intended. Denny Page
07:01 PM Regression #14970 (Resolved): Static ARP assignments lose ``permanent`` flag in ARP table
Jim Pingle
07:00 PM Regression #14970: Static ARP assignments lose ``permanent`` flag in ARP table
Tested with 24.03 RC -- issue appears resolved. Denny Page
04:50 PM pfSense Plus Bug #15395: install-boot trips on BIOS installs when an EFI partition is present.
That is the scheme the Net Installer uses by default on a legacy booting device such as the 7100. Steve Wheeler
04:39 PM pfSense Plus Bug #15395 (Resolved): install-boot trips on BIOS installs when an EFI partition is present.
As mentioned in the title install-boot tries to set a UEFI boot option but fails and exists:... Steve Wheeler
02:52 PM Bug #15178: ACB (autoconfig backup) restore always returns could not decrypt despite proper password
I am unable to reproduce on either... Christopher Cope
11:04 AM pfSense Plus Bug #15386 (Confirmed): EULA Prompting Twice on Plus
Danilo Zrenjanin
10:44 AM pfSense Plus Bug #15386: EULA Prompting Twice on Plus
I can confirm the described behavior.
Tested against the following release:... Danilo Zrenjanin
06:39 AM pfSense Packages Feature #15394 (New): Azure VNet (VPC) Wizard
Is is there any chance to create/develop Azure VPC (VNet) Wizard, which is similar to the existing AWS VPC Wizard in ... Ákos Kovács

04/10/2024

06:06 PM pfSense Packages Feature #15375: Update ntopng package
The package has been tested by a couple of users on 23.09.1, and it works as intended. Denny Page
05:55 PM pfSense Packages Feature #15393 (New): Return to the ga version of NUT
With the release of 2.8.2, NUT is again stable. Move from the development version (nut-devel) back to the release ver... Denny Page
12:59 PM pfSense Packages Bug #15392 (Rejected): Package Service Watchdog issue during reinstall
The package system has no special knowledge of individual packages and adding that would create a significant amount ... Jim Pingle
01:23 AM pfSense Packages Bug #15392 (Rejected): Package Service Watchdog issue during reinstall
Hello fellow pfSense Redmine members,
Can we please migrate the last item to be reinstalled on package reinstall t... Jonathan Lee

04/09/2024

09:52 PM Regression #15391: Prior bug #9459 in 2.7.2: pfr_update_stats: assertion failed.
Thank you. We'll need more info to review the issue further. You may generate a status report of the system by append... Marcos M
07:15 PM Regression #15391: Prior bug #9459 in 2.7.2: pfr_update_stats: assertion failed.
No for all three questions. A S
04:59 PM Regression #15391: Prior bug #9459 in 2.7.2: pfr_update_stats: assertion failed.
Are there any crash reports showing on the dashboard? Or perhaps a crash/panic shown in the console? Does the system ... Marcos M
04:11 PM Regression #15391: Prior bug #9459 in 2.7.2: pfr_update_stats: assertion failed.
This was on a direct install (2.7.2) - no backup restored. Recalled this being present in an earlier version. Nothi... A S
03:18 PM Regression #15391: Prior bug #9459 in 2.7.2: pfr_update_stats: assertion failed.
Are there any changes to the system or configuration that increases the verbosity? The code to silence that on the de... Marcos M
08:51 AM Regression #15391 (New): Prior bug #9459 in 2.7.2: pfr_update_stats: assertion failed.
'pfr_update_stats: assertion failed" errors are surfacing in a voluminous quantity in the system log. NAT type = "Pur... A S
05:38 PM Bug #15157 (Resolved): PHP error when generating a notification after detecting a malformed configuration
This seems to be solved now. Things that triggered it before no longer trigger it now. Jim Pingle
01:14 PM Bug #15384 (Resolved): Reordering IPsec Phase 2 entries may result in a malformed configuration
Jim Pingle
01:28 AM Bug #15384: Reordering IPsec Phase 2 entries may result in a malformed configuration
Confirmed on 2.7.2 change fixes the problem. dylan mendez
01:11 PM pfSense Plus Regression #15387 (Feedback): Boot failure detection tripping on config reset button during boot
Fix committed: https://gitlab.netgate.com/pfSense/factory/-/commit/e2bdb91254b96c5d7caa9a1c26ea65be52d18fbb Jim Pingle
01:09 PM pfSense Plus Regression #15387 (In Progress): Boot failure detection tripping on config reset button during boot
Working with Steve, we have identified a method to work around this. Commit coming shortly.
 Jim Pingle
11:06 AM Bug #15376: OpenVPN DHCP Range | Pool
i used the following in custom option, which worked for me:
server 172.21.0.0 255.255.255.0 nopool;
ifconfig-pool... Felix Wurzacher

04/08/2024

04:17 PM pfSense Plus Regression #15390 (New): Configs with incorrectly removed packages can create php errors.
A config file that contains packages in the <installedpackages> section but not the actual <package> data can generat... Steve Wheeler
03:47 PM pfSense Plus Regression #15387: Boot failure detection tripping on config reset button during boot
This prevents the hardware config reset working on anything that has multiple ZFS BE snapshots present to roll back to. Steve Wheeler
02:54 PM pfSense Plus Regression #15387: Boot failure detection tripping on config reset button during boot
This applies to all devices that have a hardware config reset button. The 4200 can be reset at any time which means i... Steve Wheeler
03:15 PM Bug #15384 (Feedback): Reordering IPsec Phase 2 entries may result in a malformed configuration
Applied in changeset commit:88670c6c167418e7d12b010c0ce8b7d06c2b757f. Jim Pingle
02:12 PM Bug #15384: Reordering IPsec Phase 2 entries may result in a malformed configuration
This only happens if you try to move something into the first position. If you move any P2 into any other place it wo... Jim Pingle
03:08 PM Revision 88670c6c: Fix syntax when moving IPsec P2. Fixes #15384
Jim Pingle
02:29 PM Feature #15389: Allow changing network interface names via UI to make interface-bound states possible on HA firewalls with different NICs
Thank you for looking at the request. Could you please name other workarounds and which you'd recommend? name name
02:18 PM Feature #15389 (Rejected): Allow changing network interface names via UI to make interface-bound states possible on HA firewalls with different NICs
That would make things even more complex and isn't sustainable. There are already workarounds for that limitation (e.... Jim Pingle
02:05 PM Feature #15389 (Rejected): Allow changing network interface names via UI to make interface-bound states possible on HA firewalls with different NICs
With interface-bound states being the default and more secure option in new pfSense versions, it would be nice if one... name name
01:05 PM pfSense Plus Bug #15388 (Rejected): Serial/VGA console forces password reset on 24.03 but Setup Wizard still prompts during setup to change the password erroneously
The wizard has always prompted to change the password, users like having the option. That step can be skipped the sam... Jim Pingle
01:00 PM pfSense Plus Feature #12534 (Closed): Generate a ISO Image for Remote Restore of pfSense Plus on the XG-1537 and 1541 units with IPMI
Jim Pingle
12:59 PM Regression #12549: Per-user Mobile IPsec settings are not applied to connecting mobile clients
It's still marked as "New" and open so no, it has not been resolved. Jim Pingle
12:56 PM pfSense Docs Todo #15383 (Rejected): Feedback on Virtual Private Networks — IPsec — IPsec Configuration — IPsec Pre-Shared Keys Tab
That's due to a bug we've been chasing for a while, and there are potential workarounds, though it's unclear if it's ... Jim Pingle

04/07/2024

10:47 PM pfSense Plus Regression #15320: XMLRPC Sync Trigger on CARP Maintenance Mode Causes webConfigurator Hangs on VIPs
It'd be good to test this on 24.03 as there have been general efficiency improvements that may help here. Marcos M
02:25 AM pfSense Plus Regression #15320: XMLRPC Sync Trigger on CARP Maintenance Mode Causes webConfigurator Hangs on VIPs
Customer ticket 2575064585 is another example of this issue. They did not have webConfigurator hangs, but they did h... Kris Phillips
02:37 PM Bug #7329: DHCP Not Updating DNS
I am running into this issue with 2.7.2-RELEASE (amd64).
I did restart both unbound and DHCP (ICS) and the DNS stick... Will Chevdor
11:06 AM Feature #12746: IPoE feature for WAN interface
While some Japanese ISPs may still offer PPPoE, the latency fluctuates quite a bit, especially during the evening.
... Ryan H
04:16 AM Bug #14261: Trim white space in a DHCP Leases page search field
this seems to work as described with the dhcp lease search as tested on 24.03.b.20240405.1653, adding a leading or tr... Jordan G
02:59 AM pfSense Plus Regression #15387: Boot failure detection tripping on config reset button during boot
Testing multiple times on these units, they still will factory reset just fine, so this appears to not be a critical ... Kris Phillips
02:58 AM pfSense Plus Regression #15387: Boot failure detection tripping on config reset button during boot
This also affected the SG-2440. This appears to not be smbus related, but simply a result of the reset button causin... Kris Phillips
02:38 AM pfSense Plus Regression #15387: Boot failure detection tripping on config reset button during boot
Appears to have the same boot failure detection on the 4100. Likely not the only devices to have this issue.
Shor... Kris Phillips
02:15 AM pfSense Plus Regression #15387 (Feedback): Boot failure detection tripping on config reset button during boot
When booting the 4200, if you follow the instructions outlined here to press the reset button when the appliance star... Kris Phillips
02:53 AM pfSense Plus Bug #15388 (Rejected): Serial/VGA console forces password reset on 24.03 but Setup Wizard still prompts during setup to change the password erroneously
During first boot, new in 24.03 is that the admin password is prompted to be changed from the serial console on first... Kris Phillips

04/06/2024

09:27 PM pfSense Plus Bug #15386 (Resolved): EULA Prompting Twice on Plus
When logging into pfSense Plus for the first time, the EULA and Thank You messages appear as you'd expect. However, ... Kris Phillips
09:20 PM pfSense Packages Bug #15385 (New): PHP crash when exporting Apple profile, while IPsec P1 authentication method set to "Mutual Certificate"
Version: 23.09.1-RELEASE (amd64)
Steps to reproduce:
1. Configure the Phase 1 authentication method to "Mutual ... Craig Coonrad
08:07 PM Feature #15217: Log command being run in Diagnostics > Command Prompt
I wanted to add my support for this. We recently had a ticket were an error was thrown from diag_command.php, but the... Christopher Cope
07:41 PM Bug #13375: Mixing VTI and disabled Tunnel Mode phase 2 entries on the same phase 1 breaks VTI gateway monitoring
Tested this on 23.09.1. This is still present. Kris Phillips
07:38 PM pfSense Plus Feature #12534: Generate a ISO Image for Remote Restore of pfSense Plus on the XG-1537 and 1541 units with IPMI
The netinstaller provides a mechanism for this. This can be closed as Resolved. Kris Phillips
07:38 PM pfSense Packages Feature #10865 (Rejected): squidGuard lacks options to send traffic action logs to syslog server
With the deprecation of squid, marking this as Rejected, since this package will be removed in a future release, so i... Kris Phillips
05:37 PM pfSense Plus Feature #15380: During upgrade Process GUI timeouts still occur
I agree that the timeout should be paused during or restarted after performing the upgrade. Christian McDonald
02:55 PM pfSense Plus Feature #15380: During upgrade Process GUI timeouts still occur
Thank you Jonathan Lee
02:29 PM pfSense Plus Feature #15380 (New): During upgrade Process GUI timeouts still occur
Thanks for the clarification. I'll move it to a feature request. Christopher Cope
01:54 PM pfSense Plus Feature #15380: During upgrade Process GUI timeouts still occur
Sorry I forgot to include this is for users that changed the timeout to 5 mins or so. If I leave my desk the firewall... Jonathan Lee
01:44 PM pfSense Plus Feature #15380 (Not a Bug): During upgrade Process GUI timeouts still occur
The default timeout is 4 hours, which should be enough time for any of those actions. It can be changed, or even disa... Christopher Cope
07:07 AM Bug #15376 (Not a Bug): OpenVPN DHCP Range | Pool
Danilo Zrenjanin
06:52 AM pfSense Packages Bug #13409: Copy button for Optional pre-shared key for this tunnel works in HTTPS mode only
I tested the patch against the 24.03 BETA release.
The patch fixes the issue.
It can be merged. Danilo Zrenjanin
05:22 AM Bug #15384: Reordering IPsec Phase 2 entries may result in a malformed configuration
I can confirm this behavior on ... Lev Prokofev

04/05/2024

11:09 PM pfSense Packages Bug #13810: Squid options obsolete
https://redmine.pfsense.org/issues/15381 Jonathan Lee
11:09 PM pfSense Packages Bug #13810: Squid options obsolete
https://github.com/pfsense/FreeBSD-ports/pull/1365 Jonathan Lee
11:09 PM pfSense Packages Bug #13810: Squid options obsolete
https://github.com/pfsense/FreeBSD-ports/pull/1366 Jonathan Lee
11:09 PM pfSense Packages Bug #15381: Squid 6.6 Errors Attached for Review TLS requested in errors
https://github.com/pfsense/FreeBSD-ports/pull/1366
Fix for
2024/04/05 07:58:24| ERROR: Unsupported TLS option ... Jonathan Lee
10:44 PM pfSense Packages Bug #15381: Squid 6.6 Errors Attached for Review TLS requested in errors
Notes:
FIX ME
line of code 1261 in /usr/local/pkg/squid.inc
FIX ME
line of code 1235-1241 in usr/local/pkg/s... Jonathan Lee
10:38 PM pfSense Packages Bug #15381: Squid 6.6 Errors Attached for Review TLS requested in errors
@
if (empty($settings['sslproxy_compatibility_mode']) || ($settings['sslproxy_compatibility_mode'] == 'modern')) {
... Jonathan Lee
10:27 PM pfSense Packages Bug #15381: Squid 6.6 Errors Attached for Review TLS requested in errors
https://github.com/pfsense/FreeBSD-ports/pull/1365
this fixed the issue inside my SG-2100
Working on this also ... Jonathan Lee
10:25 PM pfSense Packages Bug #15381: Squid 6.6 Errors Attached for Review TLS requested in errors
2024/04/05 07:58:24| WARNING: UPGRADE: 'cafile=/usr/local/share/certs/ca-root-nss.crt' is deprecated in http_port. Us... Jonathan Lee
03:02 PM pfSense Packages Bug #15381: Squid 6.6 Errors Attached for Review TLS requested in errors
@2024/04/05 07:58:24| Processing Configuration File: /usr/local/etc/squid/squid.conf (depth 0)
2024/04/05 07:58:24| ... Jonathan Lee
07:23 PM Bug #15157: PHP error when generating a notification after detecting a malformed configuration
Yes, with the notification error patched the real bugs generating a bad config should become apparent. Separate issue... Steve Wheeler
07:12 PM Bug #15157: PHP error when generating a notification after detecting a malformed configuration
tested on:
24.03-BETA (amd64)
built on Fri Mar 22 17:08:00 UTC 2024
FreeBSD 15.0-CURRENT
patch fixes the actual c... Georgiy Tyutyunnik
07:16 PM Bug #15384 (Resolved): Reordering IPsec Phase 2 entries may result in a malformed configuration
Changing the order of phase2 entries for the tunnels and saving produces bad config and results in "configuration res... Georgiy Tyutyunnik
10:56 AM Regression #15019 (Resolved): pfSense Plus is always shown as an available upgrade for eligible CE devices.
This has been fixed on the 2.7.2 release.
If you don't select *[Upgrade] - Latest pfSense Plus Stable Version (23... Danilo Zrenjanin
10:43 AM Regression #12549: Per-user Mobile IPsec settings are not applied to connecting mobile clients
Just to check: Has then been resolved, or is it still pending resolution? Roland Giesler
10:30 AM pfSense Docs Todo #15383 (Rejected): Feedback on Virtual Private Networks — IPsec — IPsec Configuration — IPsec Pre-Shared Keys Tab
*Page:* https://docs.netgate.com/pfsense/en/latest/vpn/ipsec/psk.html
*Feedback:*
When an ipv4 address pool is ... Roland Giesler
08:36 AM pfSense Docs Correction #15382 (New): pfSense Plus Azure support plans
The page explaining Support Resources for pfSense Plus instances in Azure does not include a note about the option to... Danilo Zrenjanin

04/04/2024

10:42 PM pfSense Packages Bug #15381: Squid 6.6 Errors Attached for Review TLS requested in errors
The errors show a request for cafile= to be tls-cafile, so Squid is looking for tls certificates over the SSL we used... Jonathan Lee
06:16 PM pfSense Packages Bug #15381: Squid 6.6 Errors Attached for Review TLS requested in errors
Facebook Goals for me with the cache are related to
Ref:
https://research.facebook.com/blog/2016/4/the-evolution-o... Jonathan Lee
06:02 PM pfSense Packages Bug #15381: Squid 6.6 Errors Attached for Review TLS requested in errors

Cachemgr.cgi ref:
https://forum.netgate.com/topic/187107/how-to-guide-for-accessing-squid-s-cachemgr-cgi-over-http... Jonathan Lee
06:00 PM pfSense Packages Bug #15381 (New): Squid 6.6 Errors Attached for Review TLS requested in errors
Squid runs however lists the following errors in 24.03.b.20240322.1708
@/status_services.php: The command '/usr/lo... Jonathan Lee
05:54 PM pfSense Plus Bug #15103: Netgate Crypto ID missing in 23.09.01 after fresh firmware
In 24 the crypto acceleration does not list any counters when VPN is running also. I thought it was able to enable an... Jonathan Lee
05:48 PM pfSense Plus Feature #15380: During upgrade Process GUI timeouts still occur
If use of verify/commit boot environment users will not be able to commit or verify as GUI times out. Can updates be ... Jonathan Lee
03:55 PM pfSense Plus Feature #15380 (New): During upgrade Process GUI timeouts still occur
Hello during my updates the GUI timeout is counting down still and will log me out of the update. Attached is the scr... Jonathan Lee
03:49 PM pfSense Packages Feature #15375 (Feedback): Update ntopng package
PR merged, thanks! Jim Pingle
03:14 PM Bug #15379: Diagnostic/Traceroute follows default gateway instead of IPsec interface for routing traffic
I can confirm it, it seems the traceroute doesn't follow the IPsec policy
tested on ... Lev Prokofev
02:49 PM Bug #15379 (Not a Bug): Diagnostic/Traceroute follows default gateway instead of IPsec interface for routing traffic
You can't force something into policy-based IPsec in that way. Either it matches the traffic selectors and it will go... Jim Pingle
02:28 PM Bug #15379 (Not a Bug): Diagnostic/Traceroute follows default gateway instead of IPsec interface for routing traffic
If you define a specific Source Address in the Diagnostic/Traceroute page and that interface IP is within the IPsec t... Danilo Zrenjanin
01:52 PM Bug #14933: Traffic Graph Widget only displays half of the real UL/DL bandwidth used under certain conditions
https://github.com/pfsense/pfsense/pull/4677 Steve Wheeler

04/03/2024

06:35 PM Bug #15157 (Feedback): PHP error when generating a notification after detecting a malformed configuration
Applied in changeset commit:7b920960e5f38aedd35316c762c5b0b6dbc84c60. Anonymous
04:19 PM Bug #15157 (In Progress): PHP error when generating a notification after detecting a malformed configuration
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/1147 Steve Wheeler
02:11 PM Bug #15157: PHP error when generating a notification after detecting a malformed configuration
The common PHP errors shown here are caused by trying to display a notification when the config file is unavailable. ... Steve Wheeler
11:43 AM Bug #15157: PHP error when generating a notification after detecting a malformed configuration
Good afternoon, I have an update. I have noticed that if I don't use certain characters, such as Ñ and others, in bot... David Cuadrado Sanchez
08:14 AM Bug #15157: PHP error when generating a notification after detecting a malformed configuration
David Cuadrado Sanchez wrote in #note-5:
> Robbe Van der Gucht wrote in #note-3:
> > I have a similar stack trace f... Robbe Van der Gucht
06:29 PM Revision 7b920960: Use only local notifications when config file cannot be read. Fixes #15157
Steve Wheeler
03:29 PM Bug #15376: OpenVPN DHCP Range | Pool
Hello Felix,
This doesn't sound like a pfSense bug.
To achieve your goal, simply add the following line to the... Danilo Zrenjanin
03:09 PM Bug #15378: XMLRPC Not Working as expected.
No, the potential for problems/harm is too high. Each package that supports XMLRPC has its own options to control the... Jim Pingle
03:00 PM Bug #15378: XMLRPC Not Working as expected.
Can we have selection in HA setup for installed packages? Like we have for selection for configuration section (we ma... Qadeer Ahmed
12:14 PM Bug #15378 (Not a Bug): XMLRPC Not Working as expected.
It's working as expected. Packages must handle their own synchronization. Some packages are not compatible with being... Jim Pingle
07:00 AM Bug #15378 (Not a Bug): XMLRPC Not Working as expected.
XMLRPC is not syncing the installed packages configurations sent by client.
XMLRPC.php file has this function me... Qadeer Ahmed
03:06 PM pfSense Plus Regression #14378: Packages are not removed when using the hardware reset button
The issue persisted on the 24.03 BETA today's release.
I tested it on the SG-2100 device. Danilo Zrenjanin
12:25 PM pfSense Plus Bug #15361 (Confirmed): Error in virtual IP aliases when using IPv6 "network" / "broadcast" addresses
Tested against:... Danilo Zrenjanin
05:21 AM pfSense Plus Feature #15377 (New): Offline Storage of Boot Environments onto USB MEDIA
What I wish would happen:
Boot environments has an option to format an external drive/SSD/HDD/FLASH for use with off... Jonathan Lee

04/02/2024

07:35 PM Bug #15157: PHP error when generating a notification after detecting a malformed configuration
Robbe Van der Gucht wrote in #note-3:
> I have a similar stack trace for an issue that is maybe not completely the s... David Cuadrado Sanchez
07:22 PM Bug #15157: PHP error when generating a notification after detecting a malformed configuration
Good afternoon,
When I try to add a host to synchronize pfBlocker with other appliances, upon saving, I encounter th... David Cuadrado Sanchez
06:37 PM pfSense Plus Bug #15202: Add Option for Network Portion of Subnet "Wildcard" for IPv6 Rules
Kris Phillips wrote:
> If there was a way to detect the interface PD for firewall rules, similar to how the DHCPv6 s... Sevi A
06:08 PM pfSense Packages Feature #15375: Update ntopng package
Understood. Thank you Denny. Mike Moore
05:55 PM pfSense Packages Feature #15375: Update ntopng package
Mike Moore wrote in #note-1:
> "Support the addition of configuration lines outside those directly supported by the ... Denny Page
04:22 PM pfSense Packages Feature #15375: Update ntopng package
"Support the addition of configuration lines outside those directly supported by the pfSense ntop package UI. This al... Mike Moore
02:53 AM pfSense Packages Feature #15375 (Feedback): Update ntopng package
This is a tracking issue for a significant number of changes to pfSense-pkg-ntopng.
The list of changes to the pac... Denny Page
09:12 AM Bug #15376 (Not a Bug): OpenVPN DHCP Range | Pool
Ive had an issue with OpenVPN Server in PFSENSE, one Client couldnt connect to VPN. The solution was, reinstalling th... Felix Wurzacher

04/01/2024

11:34 PM pfSense Packages Feature #14712: CrowdSec package
I have been testing this for several months now and like it as another layer of security that uses very little resour... Glenn Hall
11:25 PM pfSense Packages Bug #15365: pfBlockerNG PHP error when editing a list
I can also confirm this behavior. I corrected it in my setup by editing line 391 of /usr/local/www/pfblockerng/pfbloc... Glenn Hall
10:07 PM pfSense Packages Feature #15374: Use of cachemgr.cgi within secure lightsquid access
Of course you can't access it with a GUI login session to light squid, is this something anyone wants to research at ... Jonathan Lee
10:05 PM pfSense Packages Feature #15374 (New): Use of cachemgr.cgi within secure lightsquid access
Hello fellow pfSense redline members,
Can we please add Squid's cachemgr.cgi to the lightsquid package.
Please... Jonathan Lee
07:12 PM Bug #15373 (New): Firewall Logs Dashboard Widget update interval does not behave as expected
The update interval on the dashboard widget does not behave as expected. It appears to have a problem with any interv... Jim Pingle
07:04 PM Bug #12673: Firewall Logs Dashboard Widget is slow and may fail to update
Somewhere along the way this changed from the initial issue (updates fail if < 5 seconds) and became about the speed ... Jim Pingle
06:57 PM Revision 017cdba2: Set FW log widget min interval to 5. Fixes #12673
Jim Pingle
06:56 PM Revision 6b7b059a: Fix syntax error (short open tag)
Jim Pingle
06:51 PM Revision 0263ca21: Fix log widget callback filename. Issue #12673
Jim Pingle
06:11 PM Bug #14936 (Resolved): ``radvd`` service shows as stopped in services list when it should be disabled and hidden from that list
Looks good on a current snapshot. Jim Pingle
06:09 PM Bug #14386 (Resolved): ``openvpn.auth-user.php`` gets stuck at 100% CPU usage when RADIUS authentication times out
No reports of failures since this went in. Can always reopen it if someone can reproduce the problem on current builds. Jim Pingle
06:08 PM Regression #14970: Static ARP assignments lose ``permanent`` flag in ARP table
This fix requires new binaries and cannot be patched on older releases, the only way to get the fix will be by upgrad... Jim Pingle
06:03 PM Todo #13537 (Resolved): Update vendor files
There haven't been any noticeable issues with these updated libraries/files in some time now. If any new issues are i... Jim Pingle
05:42 PM pfSense Plus Todo #15372 (New): Adjust LED patterns for Boot Environments 2.0
With the new Boot Environments code the "upgrade in progress" LED pattern does not display for much time since the bu... Jim Pingle
05:29 PM pfSense Packages Bug #15313: Zabbix server 6.4.12 requires Zabbix proxies to be version 6.4.12
Zabbix server 6.4.13 is out now and I have confirmed that it works correctly with older proxies, including 6.4.1 that... Andrew Almond
12:56 PM pfSense Plus Todo #15266 (Resolved): Prevent usage of the default password in User Manager accounts
Jordan G wrote in #note-18:
> on 20240329-0600 build after restoring a backup with default password, both console an... Jim Pingle
12:55 PM pfSense Plus Todo #15266: Prevent usage of the default password in User Manager accounts
Danilo Zrenjanin wrote in #note-17:
> Another inconsistency is that when performing a clean install in the console, ... Jim Pingle
12:54 PM pfSense Plus Bug #15369 (Rejected): Update Virtual IP Messages to Say "Network ID/Prefix ID" in the Error
This is not true for IPv6. There is nothing special about the prefix ID address like there is in IPv4. In IPv6 every ... Jim Pingle
12:53 PM pfSense Plus Bug #15361: Error in virtual IP aliases when using IPv6 "network" / "broadcast" addresses
Kris Phillips wrote in #note-3:
> In IPv6 there is a prefix ID followed by an interface, which replaces the network ... Jim Pingle
12:51 PM Bug #14942: DNS Resolver host overrides ignore all aliases if first entry has a domain set but no hostname
Lev Prokofev wrote in #note-9:
> I think it should be re-opened, I noticed that after the patch you can't add host o... Jim Pingle
12:48 PM Feature #15367 (Rejected): pfSense throughput would probably seriously benefit from jumbo frames. Please support that!
pfSense already supports Jumbo frames if they are supported by the hardware and drivers. If the hardware and drivers ... Jim Pingle
08:47 AM pfSense Packages Feature #8547: fwknop Port Knocking Package
Also upvote.
Because *bruteforcing by thousands of IoT devices* (fridges, smart bulbs, smart locks, smart tvs, Al... Sergei Shablovsky

03/31/2024

04:56 PM Bug #15370 (Rejected): GUI Randomly Shows WAN IPv6 Address as DHCPv6 or SLAAC but not both
The first IPv6 GUA to be configured on the interface gets used. The order of what gets configured first is determined... Marcos M
11:39 AM Bug #15370: GUI Randomly Shows WAN IPv6 Address as DHCPv6 or SLAAC but not both
After making a change to WAN interface and hitting save (just unchecked and rechecked a box):
I also noticed the cha... Brian Dahlquist
11:28 AM Bug #15370 (Rejected): GUI Randomly Shows WAN IPv6 Address as DHCPv6 or SLAAC but not both
When the WAN interface gets a DHCPv6 and a SLAAC address it will only show one or the other pretty much at random for... Brian Dahlquist
12:41 PM Feature #15371 (New): Add MAP-E support
I wonder if this could be considered.
It was originally requested here: https://redmine.pfsense.org/issues/11901
... Token Frenchboy
06:59 AM pfSense Packages Bug #15131: OpenVPN client export issues with iPhone and IPV6 connections
https://forum.netgate.com/topic/185475/new-bogon-hitting-the-openvpn-port-1194 Jonathan Lee
06:59 AM pfSense Packages Bug #15131: OpenVPN client export issues with iPhone and IPV6 connections
Unrelated but if you’re not logging and locking down your VPN use make sure you do. Jonathan Lee
06:53 AM pfSense Packages Bug #15131: OpenVPN client export issues with iPhone and IPV6 connections
remote f.q.d.n 1194 udp4
to
remote f.q.d.n 1194 udp
I am opening a redmine for this as the iPhone uses ipv6 an... Jonathan Lee
06:48 AM pfSense Packages Bug #15131: OpenVPN client export issues with iPhone and IPV6 connections
My original test was from a cellphone iOS iPhone SE latest SE from cell network remote connection to DSL IPv4 only IS... Jonathan Lee
04:00 AM pfSense Packages Bug #12907: PIMD: Nonexistent interfaces should be hidden/disabled in pimd.conf before bringing up the service
0.0.3_6 pimd on 24.03 beta seems to function correctly with regards to bindings and interface selection and the statu... Jordan G
01:08 AM pfSense Plus Todo #15266: Prevent usage of the default password in User Manager accounts
on 20240329-0600 build after restoring a backup with default password, both console and gui requested changing the pa... Jordan G

03/30/2024

11:32 PM pfSense Packages Bug #15131: OpenVPN client export issues with iPhone and IPV6 connections
Just tested a config with udp4 in the remote host line on OpenVPN Connect on Android. The config imported just fine.... Kris Phillips
11:31 PM pfSense Packages Bug #15131: OpenVPN client export issues with iPhone and IPV6 connections
I tested this on 24.03 and am unable to reproduce this. The config file on a new multihome config spits out with udp... Kris Phillips
11:23 PM Regression #14930 (Resolved): Clean installation using Auto (ZFS) + MBR (BIOS) does not boot
MBR (BIOS) is working as expected on... Christopher Cope
11:20 PM pfSense Packages Bug #15313: Zabbix server 6.4.12 requires Zabbix proxies to be version 6.4.12
Checked on the latest 24.03 BETA builds. This is still on the older version: zabbix64-proxy-6.4.10_1  Kris Phillips
11:15 PM pfSense Plus Bug #15303: dpinger service does not always switch from Pending to Online
Tested this on the 24.03 BETA and this issue is present on that version as well. Kris Phillips
11:14 PM pfSense Plus Bug #15369 (Rejected): Update Virtual IP Messages to Say "Network ID/Prefix ID" in the Error
When adding a Virtual IP, pfSense Plus will complain that you can't use the Network ID or Broadcast Address if you tr... Kris Phillips
11:09 PM pfSense Plus Bug #15361: Error in virtual IP aliases when using IPv6 "network" / "broadcast" addresses
In IPv6 there is a prefix ID followed by an interface, which replaces the network ID in IPv6. Assigning the prefix I... Kris Phillips
10:40 PM Bug #15067 (Resolved): Secondary node attempts to delete the ``admins`` group when synchronizing accounts via XMLRPC
Christopher Cope
10:39 PM Bug #15067 (Closed): Secondary node attempts to delete the ``admins`` group when synchronizing accounts via XMLRPC
No more errors on... Christopher Cope
02:22 PM Bug #14942: DNS Resolver host overrides ignore all aliases if first entry has a domain set but no hostname
Tested on the latest 23.04 build, the error did not occur.
24.03-BETA (amd64)
built on Fri Mar 29 6:00:00 UTC 202... Lev Prokofev
02:05 PM Bug #14942: DNS Resolver host overrides ignore all aliases if first entry has a domain set but no hostname
I couldn't replicate the issue on 24.09 - BETA Danilo Zrenjanin
01:49 PM Bug #14942: DNS Resolver host overrides ignore all aliases if first entry has a domain set but no hostname
I think it should be re-opened, I noticed that after the patch you can't add host override without setting the alias ... Lev Prokofev

03/29/2024

05:14 PM pfSense Plus Todo #15266: Prevent usage of the default password in User Manager accounts
Another inconsistency is that when performing a clean install in the console, you will be prompted to change the defa... Danilo Zrenjanin
01:08 AM pfSense Packages Feature #14032: Neighbor Discovery Proxy (NDproxy)
Bump! ndproxy has been patched and now builds on FreeBSD 14 - see commit history:
https://www.freshports.org/net/ndp... Firstname Surname

03/28/2024

09:32 PM Bug #15363 (Resolved): Reply traffic on a secondary WAN may be dropped when passed through dummynet
Tested - working. Marcos M
04:49 PM Bug #15363 (Feedback): Reply traffic on a secondary WAN may be dropped when passed through dummynet
Kristof Provost
04:49 PM Bug #15363: Reply traffic on a secondary WAN may be dropped when passed through dummynet
Fixed in https://cgit.freebsd.org/src/commit/?id=a983cea4e9a8dcd52cfd6a3141d7aa03306b057b (and cherry-picked to plus-... Kristof Provost
08:36 PM Feature #8695: make AdvLinkMTU configurable
Dear Jim Pingle,
in cases where v6 tunnels are active, the v4 MTU differs from the v6 MTU as a v6 tunnel adds addi... Stefan Bauer
06:57 PM Bug #14996 (Resolved): Kea DHCP PHP error from WINS server value
Tested against:... Danilo Zrenjanin
06:35 PM pfSense Plus Bug #15361: Error in virtual IP aliases when using IPv6 "network" / "broadcast" addresses
I need to add a secondary IPv6 address (fd00:0:0:1::/64) on my tun_wg0 interface and it works using the VIPs
If i pu... Mathis Cavalli
04:51 PM pfSense Plus Bug #15361: Error in virtual IP aliases when using IPv6 "network" / "broadcast" addresses
What's the end goal you're looking for here?
An IP alias should take a single address you want to add to a specifi... Chris W
05:21 PM Revision d0a6b799: Improve the messaging used when the upgrade system is busy.
Replace the generic 'error' message by a correct and more clear message. Luiz Souza
03:30 PM pfSense Plus Feature #15368 (New): Bulk import DHCP host reservations
It'd be a huge time saver to import from a CSV or XML file into Kea, or even just pasting into a text field like Fire... Chris W
03:15 PM pfSense Plus Regression #15337 (Resolved): pfSense-boot pkg fails install in UFS
Marcos M
01:00 PM pfSense Plus Regression #15337: pfSense-boot pkg fails install in UFS
tested on:
24.03-BETA (amd64)
built on Fri Mar 22 17:08:00 UTC 2024
FreeBSD 15.0-CURRENT
upgraded from 23.09.1 on... Georgiy Tyutyunnik
02:41 PM Feature #15367 (Rejected): pfSense throughput would probably seriously benefit from jumbo frames. Please support that!
pfSense throughput would probably seriously benefit from jumbo frames. Please support that!
I described this in mo... Louis B
09:28 AM Bug #15366: Ethernet rules are not blocking the ARP inside the bridge
The same behavior if you filter on the bridge
net.link.bridge.pfil_member=0
net.link.bridge.pfil_bridge=1
and... Lev Prokofev
09:25 AM Bug #15366 (New): Ethernet rules are not blocking the ARP inside the bridge
Configuration:
1)IX2 and DMZ interfaces are bridged (192.168.168.0/24)
2)Filtering enabled on members of the brid... Lev Prokofev
08:51 AM pfSense Packages Bug #15365 (Confirmed): pfBlockerNG PHP error when editing a list
I can confirm this behavior.
!clipboard-202403280951-tqfxp.png!... Danilo Zrenjanin

03/27/2024

09:45 PM pfSense Packages Regression #14189: pfBlocker-NG: HA-Sync is not working
Linking in https://forum.netgate.com/topic/179060/pfblockerng-sync-not-working/54 which says in part:
"All you nee... Steve Y
07:20 PM Bug #10980 (Resolved): ``/etc/rc.local`` script content is executed at login instead of during boot sequence
This is working as expected on the latest Plus snapshot. Jim Pingle
03:47 PM pfSense Packages Bug #15365 (Pull Request Review): pfBlockerNG PHP error when editing a list
When editing an IPv4 list item I hit:... Steve Wheeler
02:45 PM pfSense Plus Bug #15364 (Not a Bug): Netgate XG-7100-1U OS drive timeout / system hang / no access to WebUI nor SSH
There are no issues of that nature with the 7100 hardware on 23.09.1. Most likely that is a hardware problem. Contact... Jim Pingle
01:56 PM pfSense Plus Bug #15364 (Not a Bug): Netgate XG-7100-1U OS drive timeout / system hang / no access to WebUI nor SSH
Bug seems to be similar as #14181 and #14300.
*Contexte* : Upgrade PfSense+ from 23.05.1 to 23.09.1 on Netgate XG... Pf Sensitive
02:17 PM Bug #15291: Error on Traffic Shaper 0% Bandwidth
dylan mendez wrote in #note-3:
> Pavan, please let us know what the result or rebuilding is since this upgrade was f... Pavan K
02:43 AM Bug #15363: Reply traffic on a secondary WAN may be dropped when passed through dummynet
I'll try to reproduce this.
First thoughts:
The state being created as floating (i.e. 'all') is expected for rep... Kristof Provost

03/26/2024

11:18 PM Bug #15362: Config upgrade error with empty gateway interval tags.
Specifically this was config version 8.0 I hit this on though I'd expect anything that hits upgrade_130_to_131() woul... Steve Wheeler
07:12 PM Bug #15362 (New): Config upgrade error with empty gateway interval tags.
Upgrading an old config that has set but empty gateway interval tags throws a php error.
For example a config contai... Steve Wheeler
07:24 PM Bug #14893 (Resolved): Large number of IPsec tunnels causes long filter reload times
Jim Pingle
07:22 PM Bug #13413 (Resolved): Some messages presented to users contain relative links to pages which may be invalid when triggered from certain packages
Jim Pingle
07:15 PM Bug #15363 (Resolved): Reply traffic on a secondary WAN may be dropped when passed through dummynet
When a dummynet pipe with a delay is applied to traffic on a secondary WAN, reply traffic is dropped. It seems that t... Marcos M
07:14 PM Feature #15322 (Resolved): 50x and 404 error handling to GUI web server configuration
Appears to be working as expected. Jim Pingle
07:13 PM Todo #15302 (Resolved): Error handling in the Setup Wizard is very user-unfriendly
Errors are all nicely displayed and the user has the opportunity to correct them. No more blank pages with error mess... Jim Pingle
07:09 PM Bug #10980: ``/etc/rc.local`` script content is executed at login instead of during boot sequence
Somehow the change didn't get carried over into rc.initial on Plus. I just made the equivalent commit there that remo... Jim Pingle
07:02 PM Feature #15233 (Resolved): Recognize QAT 4xxx devices in System Information Widget
Jim Pingle
07:01 PM Bug #15118 (Resolved): DHCPv6 settings page "DDNS Reverse" check box not showing current state
Checkbox is being respected and is displaying its value properly. Jim Pingle
06:57 PM Bug #14991 (Resolved): Kea does not allow FQDNs for NTP servers but input validation does not prevent them from being added
Validation is working, as is the backend filtering. Kea starts properly every time now. Jim Pingle
05:56 PM pfSense Plus Todo #15266: Prevent usage of the default password in User Manager accounts
I think I was able to reproduce that issue finally. Starting from a fresh install or factory reset the user was being... Jim Pingle

03/25/2024

08:54 PM Revision 2f30e7a9: register_all_installed_packages: introduce option
Christian McDonald
08:54 PM Bug #15341 (Closed): PHP errors in ``xmlrpc.php`` during configuration synchronization concerning OpenVPN
This is part of a general change currently in progress. Marcos M
06:50 PM Bug #15118 (Feedback): DHCPv6 settings page "DDNS Reverse" check box not showing current state
Applied in changeset commit:31742a256444b808f646ab805b53987ff95d9207. Jim Pingle
06:41 PM Revision 31742a25: Reflect config value of ddnsreverse for DHCPv6. Fixes #15118
Jim Pingle
06:28 PM Bug #14977 (Closed): Stale Kea control socket lock file can prevent Kea from starting
I can't reproduce this at all on current snapshots. I've killed the process and left the old file in place, killed it... Jim Pingle
06:25 PM Bug #14991 (Feedback): Kea does not allow FQDNs for NTP servers but input validation does not prevent them from being added
Applied in changeset commit:216df8ac250e2fe705c90f07c2a5e1811e7011e9. Jim Pingle
06:15 PM Revision 216df8ac: Disallow hostnames in Kea NTP. Fixes #14991
* If they are in the config.xml data already, do not write them into
the Kea configuration.
* Do not allow the user... Jim Pingle
06:00 PM Bug #15032 (Feedback): Kea DHCP sends wrong bootloader file for UEFI
Applied in changeset commit:d027f903cfad356af6cad7a3cf49253a5e5dbc31. Jim Pingle
05:50 PM Bug #14996 (Feedback): Kea DHCP PHP error from WINS server value
Applied in changeset commit:faf9f096448c3d18ba291901e391270036ab47c7. Jim Pingle
05:45 PM Bug #14936 (Feedback): ``radvd`` service shows as stopped in services list when it should be disabled and hidden from that list
Applied in changeset commit:0cd692b7265415410fcaf79575089da58f49739c. Jim Pingle
05:44 PM Revision d027f903: Fix order of Kea boot files. Fixes #15032
Jim Pingle
05:43 PM Revision faf9f096: Fix variable typo. Fixes #14996
Jim Pingle
05:34 PM Revision 0cd692b7: Fix an radvd service status edge case. Fixes #14936
Jim Pingle
04:13 PM pfSense Plus Regression #15337 (Feedback): pfSense-boot pkg fails install in UFS
IIRC this is fixed now, or at least needs re-tested on current snaps. Jim Pingle
01:07 PM pfSense Plus Todo #15266: Prevent usage of the default password in User Manager accounts
Danilo Zrenjanin wrote in #note-14:
> > * Plus: Setup wizard requires the user to change the password and will no... Jim Pingle
01:03 PM pfSense Docs Correction #15359 (Closed): Wireguard Overview: remove word
Fixed, thanks! Jim Pingle
01:00 PM Regression #14930 (Feedback): Clean installation using Auto (ZFS) + MBR (BIOS) does not boot
Jim Pingle
12:24 PM Todo #15358 (Rejected): Correct description in “System Information” widget
There is no need to use both forms everywhere. The string is already long enough as it is without adding to it. Jim Pingle
12:18 PM Bug #14942 (Resolved): DNS Resolver host overrides ignore all aliases if first entry has a domain set but no hostname
Jim Pingle
11:56 AM Bug #13624: Only one alias in local network of OpenVPN Server works in 2.6.0
Kris Phillips wrote in #note-8:
> Reproduced this with a customer. The root of the issue appears to be that OpenVPN... Sean Huggans
04:48 AM Bug #13624: Only one alias in local network of OpenVPN Server works in 2.6.0
Re-upload of image provided by Kris with additional information redacted. Craig Coonrad
09:20 AM pfSense Plus Bug #15361 (Confirmed): Error in virtual IP aliases when using IPv6 "network" / "broadcast" addresses
There is no network address in IPv6, nor broadcasts like IPv4
When adding / editing an IP alias and putting there an... Mathis Cavalli

03/24/2024

11:55 PM Regression #14930: Clean installation using Auto (ZFS) + MBR (BIOS) does not boot
This fix is in pfSense Plus currently, and will be in the next release of CE. Upstream will likely be deprecating and... Christian McDonald
07:14 PM Bug #14942: DNS Resolver host overrides ignore all aliases if first entry has a domain set but no hostname
Can confirm the patch is working correctly on 23.09.1 dylan mendez
12:41 PM Bug #14977: Stale Kea control socket lock file can prevent Kea from starting
I just experienced exactly this same problem:
DHCP4_CONFIG_LOAD_FAIL configuration error using file: /usr/local/et... Suriname Clubcard
02:18 AM pfSense Plus Bug #15303: dpinger service does not always switch from Pending to Online
Just tested this on 24.03. Added a new VTI, added the interface, and checked the Status --> Gateways page. Gateway ... Kris Phillips
02:07 AM Bug #15346: Port Forward Add Unassociated Filter Rule Not Working
I can also confirm this behavior on the March 22nd builds of 24.03. Associated and None work fine. Kris Phillips
02:06 AM Bug #15360 (Duplicate): pcap & Tailscale interface
https://redmine.pfsense.org/issues/15145 Christopher Cope
01:41 AM Bug #15360 (Duplicate): pcap & Tailscale interface

Tailscale is listed in PCAP as unassigned interface.
when I click on start it works for a sec then stop. Alhusein Zawi
02:01 AM Bug #15341 (Pull Request Review): PHP errors in ``xmlrpc.php`` during configuration synchronization concerning OpenVPN
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/1146 Christopher Cope

03/23/2024

08:03 PM Bug #15147 (Closed): Cannot configure dual stack IPsec tunnel to accept connections from any remote address on both address families
note was added
24.03.b.20240322.1708
 Alhusein Zawi
07:55 PM pfSense Packages Bug #13654: Wireguard does not fail back failover WAN setup.
Tested/confirmed on 4100 hardware, pfSense Plus 23.09.1.
Dual ISP in gateway group with tier 1/2.
Wireguard traffic... Craig Coonrad
07:38 PM pfSense Docs Correction #15359 (Closed): Wireguard Overview: remove word
URL: https://docs.netgate.com/pfsense/en/latest/vpn/wireguard/index.html#wireguard-overview
> WireGuard instances ... Craig Coonrad
06:04 PM Todo #15358 (Rejected): Correct description in “System Information” widget
Brilliant pfSense DevTeam!
WHERE
“ *System Information”* widget
in block “*System*”
ISSUE
change
“*Netgate ... Sergei Shablovsky
05:42 PM pfSense Plus Bug #13320 (Resolved): IP aliases with a CARP VIP parent are not available as VIP choices for gateway groups
Tested against 23.09.1.
It works as expected. I was able to choose Alias VIP (nested under CARP VIP IP) in the Vir... Danilo Zrenjanin
05:40 PM Bug #13624: Only one alias in local network of OpenVPN Server works in 2.6.0
Reproduced this with a customer. The root of the issue appears to be that OpenVPN is sometimes passing the NAME of t... Kris Phillips
03:42 PM pfSense Packages Bug #11614: ACME certificate renewal/creation fails with multiple DNS providers
3 years later and I ran into the same issue and the fix is actually extremely simple.
The logic in the function <c... Sherif Fanous
03:09 PM Bug #14933: Traffic Graph Widget only displays half of the real UL/DL bandwidth used under certain conditions
To apply the patch successfully, the *path strip = 0* must be set. Danilo Zrenjanin
01:14 PM pfSense Plus Todo #15266: Prevent usage of the default password in User Manager accounts
Jim Pingle wrote in #note-10:
> This is now in and complete.
>
> tl;dr: Passwords are now a little more strict on bo... Danilo Zrenjanin
06:27 AM Bug #14942: DNS Resolver host overrides ignore all aliases if first entry has a domain set but no hostname
The patch fixed the behavior. I think the issue can be marked as resolved.
tested on ... Lev Prokofev
06:12 AM Bug #15032: Kea DHCP sends wrong bootloader file for UEFI
I can confirm this behavior on 23.09.1.
The patch makes it work for both legacy and UEFI boot. Lev Prokofev
05:41 AM Bug #15346: Port Forward Add Unassociated Filter Rule Not Working
Can confirm this behavior on 24.03 BETA... Lev Prokofev
12:08 AM pfSense Packages Todo #15270 (Closed): ENUMER STUN
That feed isn't enabled by default and we don't maintain it. The pfBlockerNG developer includes the ability to one-cl... Chris W

03/22/2024

10:35 PM Bug #14371: Firewall does not respond to UDP traceroute requests over IPsec
I am seeing a similar behavior on wireguard tunnels as well. You can see the incoming request in the pcap but no answ... Johannes Rohde
10:05 PM Bug #15357 (Not a Bug): Password policy script remains running after it succeeds in another shell session
It's not a bug. It isn't constantly checking to see if it's changed in the background. User can hit ^C to break out o... Jim Pingle
09:21 PM Bug #15357 (Not a Bug): Password policy script remains running after it succeeds in another shell session
After upgrading/install, @/usr/local/bin/usermgrpasswd@ is triggered, prompting a password change on the serial conso... Marcos M
03:30 PM pfSense Packages Todo #15281 (Confirmed): Upgrade Tailscale to 1.6.0
This is not currently available in the 24.03-BETA. We're still on 1.56. Kris Phillips
02:50 PM Bug #14933: Traffic Graph Widget only displays half of the real UL/DL bandwidth used under certain conditions
I can confirm that the patch works fine on 23.09.1. Danilo Zrenjanin
 

Also available in: Atom