Activity
From 03/22/2024 to 04/20/2024
Today
- 05:58 AM pfSense Packages Bug #15420 (New): Incorrect error pfBlockerNG MaxMind message.
- WHERE
In “ MaxMind GeoIP configuration” section
ISSUE
Wrong error alerting message:
“ *pfBlockerNG MaxMind - M... - 02:18 AM pfSense Plus Bug #15419 (New): pfBlockerNG - Issue with Adding or Changing Ipv4 Addresses
- Hi PFsense+ Community,
I am running the 24.03RC version and have run into an issue with updating IPv4 lists in PFB...
04/19/2024
- 06:22 PM pfSense Docs Correction #15403 (Closed): openvpn client speciffic overrides, local networks clarification
- Info added: https://gitlab.netgate.com/docs/pfSense-docs/-/commit/9011224272ea0934535d8530da838580f91c988b
- 02:39 PM pfSense Plus Regression #15407 (Resolved): pfSense-upgrade incorrectly creates 'unknown error' notice.
- Confirmed that this is no longer an issue on...
04/18/2024
- 10:19 PM pfSense Plus Bug #15418: Incorrect links to edit static mapping and WOL on DHCPv6 leases (status_dhcpv6_leases.php). URL parameter values missing.
- And just to clarify, the broken action links appear for a DHCPv6 lease with static mapping, the action links for a dy...
- 05:41 PM pfSense Plus Bug #15418 (New): Incorrect links to edit static mapping and WOL on DHCPv6 leases (status_dhcpv6_leases.php). URL parameter values missing.
On the DCHPv6 leases page (status_dhcpv6_leases.php), the links for editing the static mapping and WOL are incorrec...- 08:28 PM Bug #15066: PHP allocation failure in pfsense-utils.inc
- Once again, happened while I was out of the country and not interacting with pfSense at all:
Crash report begins. ... - 07:42 PM Bug #15417 (Not a Bug): static mappings for the ISC DHCP IPv4 server are ignored when the IP Address field is left blank
- Seems there is a bit of a misunderstanding. When you omit the IP address it's not a "static" mapping it's defining a ...
- 04:41 PM Bug #15417 (Not a Bug): static mappings for the ISC DHCP IPv4 server are ignored when the IP Address field is left blank
- If I make a static DHCP mapping configuration where leave the IP address box blank (I want the IP given out to be dyn...
- 01:28 PM Feature #14762: Support X25519 and X448 public key algorithms in certificates
- This looks like a regression – I've got some OpenVPN servers that are set up with ed25519 certificates, which pfSense...
- 12:12 PM Bug #15416 (Duplicate): Php Error when moving IPsec-Phase2 entries
- Duplicate of #15157 and #15384 -- Both already fixed.
- 11:53 AM Bug #15416 (Duplicate): Php Error when moving IPsec-Phase2 entries
- Greeting,
when trying to move phase 2 entries via the gui a php-error occurs.
PHP errors
PHP ERROR: Type: 1, ... - 01:19 AM pfSense Packages Bug #15365 (Pull Request Review): pfBlockerNG PHP error when editing a list
- https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/393
04/17/2024
- 10:18 PM pfSense Packages Bug #15365: pfBlockerNG PHP error when editing a list
- This is due to a change in behavior with the range function as of PHP 8.3.0 https://www.php.net/manual/en/function.ra...
- 04:28 PM Feature #15415: Enhance the firewall log action hover information view, show reason info
- For users hitting #15400 who want to see the reason code ("ip-options" in that problem case), this diff will add it t...
- 04:27 PM Feature #15415 (New): Enhance the firewall log action hover information view, show reason info
- Currently hovering over the action icon on a firewall log entry shows a small tooltip with the action text and the ru...
- 03:34 PM Feature #12190: Add ability to reference ipv6 prefix in firewall rules and aliases
- Same here.
pfSense is missing some kind of another dropdown for that @::@ feature in dynamic prefix cases to select ... - 03:33 PM Feature #6626: Support for IPv6 firewall entries with dynamic delegated prefix and static host address
- Anyone who searches the mentioned PR above: https://github.com/pfsense/pfsense/commit/7c4b3d3c8d2d15b1e59d1d262cc295a...
- 01:52 PM pfSense Packages Bug #15414 (New): Program Loops on invalid domains
- Was testing ACME package with one of my test domains registered with FREENOM.
FREENOM now does not resolve this doma... - 12:25 PM pfSense Plus Bug #15386 (Resolved): EULA Prompting Twice on Plus
- Tested against:...
- 11:59 AM Bug #15413 (New): Kernel panic in HA nodes when under high load
- Two 1541s running 23.09.1 in this example:...
- 11:36 AM pfSense Plus Bug #15395 (Resolved): install-boot trips on BIOS installs when an EFI partition is present.
- 03:55 AM pfSense Plus Bug #15401: 23.09.1 to 24.03b update fails EFI with ZFS mirror
- 24.03.r.20240416.0005 seems to resolve this.
Now still seeing "efibootmgr: efi_get_variable: Bad address" but it m...
04/16/2024
- 06:20 PM pfSense Plus Feature #15412 (New): Improve error feedback from pfSense-upgrade
- Recent versions of pfSense-upgrade include code for collecting handling errors in order to present it to the user as ...
- 03:53 PM Bug #15328: Kea DHCP corrupts existing leases when a new DHCP pool is added
- I can confirm this is happening to me as well. I added a new VLAN interface, new DHCP range, and now half of what is ...
- 03:01 PM Bug #15411: Hostname missing from logs in certain cases can cause the system log to display in an unexpected manner
- Dug more into this and the problem is that somehow at boot the hostname was not being printed in the system logs on j...
- 01:07 PM Bug #15411 (New): Hostname missing from logs in certain cases can cause the system log to display in an unexpected manner
- With the system log set to show ~500 lines the system log tab will also show most if not all of the kernel boot messa...
- 12:24 PM pfSense Plus Regression #15407 (Feedback): pfSense-upgrade incorrectly creates 'unknown error' notice.
- https://gitlab.netgate.com/pfSense/factory-ports/-/merge_requests/101
Fixed in pfSense-upgrade-1.2.20 - 01:10 AM pfSense Packages Bug #15410: cache_object://URL Scheme is removed in Squid-6
- Sorry This is the issue I am researching on how to resolve do to the cache_object change
I just have to find the ... - 01:08 AM pfSense Packages Bug #15410: cache_object://URL Scheme is removed in Squid-6
- !Screenshot%202024-04-15%20at%2018.07.13.png!
I can access the cachemgr.cgi if you are using it within the lightsq... - 12:59 AM pfSense Packages Bug #15410: cache_object://URL Scheme is removed in Squid-6
- !Screenshot%202024-04-15%20at%2017.58.36.png!
Testing - 12:57 AM pfSense Packages Bug #15410: cache_object://URL Scheme is removed in Squid-6
- Test failed it still says no access
!Screenshot%202024-04-15%20at%2017.57.24.png!
- 12:45 AM pfSense Packages Bug #15410: cache_object://URL Scheme is removed in Squid-6
- squidclient mgr:info
no longer works this should be changed to reflect the new use with
squidclient -h 127.0.0... - 12:40 AM pfSense Packages Bug #15410: cache_object://URL Scheme is removed in Squid-6
- @function squid_status() {
if (is_service_running('squid')) {
init_config_arr(array('installedpackages', 'squidc... - 12:31 AM pfSense Packages Bug #15410: cache_object://URL Scheme is removed in Squid-6
- this calls /usr/local/sbin/squidclient with the older URI scheme
to access mgr:info - 12:30 AM pfSense Packages Bug #15410: cache_object://URL Scheme is removed in Squid-6
- this is part of status_squid.php
- 12:18 AM pfSense Packages Bug #15410 (New): cache_object://URL Scheme is removed in Squid-6
- Hello fellow pfSense Squid Proxy Users can you please help?
I am so happy 6.6 is part of pfSense 24 however some s...
04/15/2024
- 06:45 PM pfSense Plus Regression #15409 (New): AMD watchdog module is missing
- The amdsbwd kernel module is missing from recent versions resulting in errors on Netgate APU2/4 devices (PCEngines AP...
- 06:07 PM Bug #15405: leap seconds update server has changed
- For completeness, someone did open a case upstream: https://bugs.ntp.org/show_bug.cgi?id=3898
- 05:59 PM Bug #15405: leap seconds update server has changed
- Will report upstream. Thanks!
- 12:24 PM Bug #15405 (Needs Patch): leap seconds update server has changed
- That file is part of the NTP package (@ntp.org@), Netgate does not maintain that code. It should be reported upstream...
- 05:59 PM Todo #15408 (New): Reduce inconsistencies between Configuration History with/without ZFS Boot Environments
- The Configuration History page has diverged a bit between Plus w/Boot Environments and CE which is making it confusin...
- 05:53 PM pfSense Plus Regression #15407 (Resolved): pfSense-upgrade incorrectly creates 'unknown error' notice.
- The error reporting in pfSense-upgrade incorrectly creates an alert when it's run an an upgrade check and a new versi...
- 04:34 PM Feature #15406 (New): rules: make Virtual IPs selectable as destination
- In NAT port forwards it is possible to directly select a Virtual IP (IP Alias, CARP) address from the dropdown list a...
- 01:33 PM pfSense Docs New Content #15191 (Closed): Document new Packet Flow Data functionality (Plus Only)
- 12:29 PM Feature #15402: A new approach to rc.start_packages
- It might be viable but you have the logic a bit backward. The base system should not have specific knowledge of any p...
04/14/2024
- 06:21 AM Bug #15405 (Needs Patch): leap seconds update server has changed
- /usr/local/sbin/update-leap is attempting to use:
https://www.ietf.org/timezones/data/leap-seconds.list
Per the... - 03:09 AM pfSense Plus Bug #15303: dpinger service does not always switch from Pending to Online
- Tested on 24.03-RC and this issue is still present.
- 03:00 AM pfSense Plus Bug #15388: Serial/VGA console forces password reset on 24.03 but Setup Wizard still prompts during setup to change the password erroneously
- Jim Pingle wrote in #note-1:
> The wizard has always prompted to change the password, users like having the option. ... - 02:40 AM Bug #14261: Trim white space in a DHCP Leases page search field
- on 24.03.r.20240410.1729 adding a leading/trailing space to a search term returns no results
- 01:58 AM pfSense Plus Regression #15387: Boot failure detection tripping on config reset button during boot
- On the 4100 & 4200 as of...
- 12:34 AM pfSense Plus Bug #15404 (New): Captive Portal captiveportal-default-logo.png Missing from Post-authentication Page
- After signing into the Captive Portal, the default captive portal logo is not loading properly. The logo appears to ...
04/13/2024
- 10:12 PM pfSense Docs Correction #15403 (Closed): openvpn client speciffic overrides, local networks clarification
- URL: https://docs.netgate.com/pfsense/en/latest/vpn/openvpn/configure-overrides.html
sub heading: IPv4/IPv6 Local ... - 09:47 PM Regression #15074: ISO fails to boot UEFI
- This also occurs in the online upgrade process (in this case on PVE 8.1.10).
22.05 --> 23.01 (success)
23.01 --> 23... - 08:18 PM Feature #15402 (New): A new approach to rc.start_packages
- I have been facing some issues with NUT package due to rc.start_packages.
Once an interfaces goes down, NUT restarts... - 03:50 PM Regression #15400: IGMP packets are logged when the filter rule has logging disabled
- Kristof Provost wrote in #note-2:
> This is intentional, in the sense that it was always meant to log, but didn't du... - 08:50 AM Regression #15400 (Not a Bug): IGMP packets are logged when the filter rule has logging disabled
- This is intentional, in the sense that it was always meant to log, but didn't due to a bug that's now been fixed.
... - 12:18 PM pfSense Plus Bug #15401: 23.09.1 to 24.03b update fails EFI with ZFS mirror
System is using Coreboot (EFI only) and has a ZFS mirror:...- 12:17 PM pfSense Plus Bug #15401 (New): 23.09.1 to 24.03b update fails EFI with ZFS mirror
- System is using Coreboot (EFI only) and has a ZFS mirror:...
04/12/2024
- 09:42 PM pfSense Plus Feature #13227 (Resolved): Group-based Mobile IPsec Virtual Address Pool assignment via RADIUS
- 09:40 PM pfSense Plus Feature #13227: Group-based Mobile IPsec Virtual Address Pool assignment via RADIUS
- That worked perfectly. Thank you guys!
- 09:28 PM Regression #15400: IGMP packets are logged when the filter rule has logging disabled
- It may be this is intended behavior, though it's worth clarifying if so.
- 09:02 PM Regression #15400 (Not a Bug): IGMP packets are logged when the filter rule has logging disabled
- Example rules:...
- 05:58 PM Bug #15399 (Resolved): Local host gateways are shown in the default gateways list
- 05:56 PM Bug #15399: Local host gateways are shown in the default gateways list
- The patch looks good against 24.03-RC.
- 03:40 PM Bug #15399 (Feedback): Local host gateways are shown in the default gateways list
- Applied in changeset commit:15eb946bc19222df48318fd6f9c9cb9e88e54690.
- 03:30 PM Bug #15399 (Ready To Test): Local host gateways are shown in the default gateways list
- https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/1148
- 02:31 PM Bug #15399 (Resolved): Local host gateways are shown in the default gateways list
- In System > Routing > Gateways the default gateway drop-down selection should not contain localhost (null) gateways. ...
- 05:56 PM Revision 9fd4cb96: Update comment
- The updated comment matches the actual behavior. Albeit the
variable name is unintuitive, it follows the behavior bef... - 05:52 PM Bug #15082 (Closed): Upgrade fails due to unmounted EFI filesystem
- Closing this since it didn't turn out to be what we thought, and fixing problems caused by incorrect manual alteratio...
- 05:39 PM Bug #15081: Upgrade fails due to undersized EFI filesystem
- Moving this ahead as it still might be an issue though it's unclear how many affected systems may be left in the wild...
- 03:08 PM Revision 15eb946b: Correct bitwise check when getting a list of gateways. Fix #15399
- 12:47 PM pfSense Plus Bug #15395: install-boot trips on BIOS installs when an EFI partition is present.
- https://gitlab.netgate.com/pfSense/factory-ports/-/merge_requests/100
- 10:05 AM pfSense Plus Bug #15196: AWS ena interfaces can become unstable/stop responding
- Cpu load corresponds with NIC errors in #2598286486
!clipboard-202404121406-jhrkf.png!
- 08:16 AM pfSense Plus Bug #15196: AWS ena interfaces can become unstable/stop responding
- Another client hit this issue ticket #2598286486
- 08:12 AM pfSense Packages Feature #15398 (New): Fusioninventory Agent
- This tool already works well through the FreeBSD repo.
Fusioninventory is a collection of small tools to perform i... - 08:07 AM pfSense Packages Feature #15397 (New): Wazuh Agent
- This already works well through the FreeBSD repo.
Wazuh is a free and open source platform used for threat prevent... - 07:59 AM Bug #15171: Removing an IPsec Phase 1 entry can either remove the wrong Phase 2 entries or leave orphaned Phase 2 entries in the configuration
- DBACORP DBACORP wrote in #note-9:
> Reproduced the same issue in PLUS version 23.09.1 and the issue persisted.
> ... - 07:16 AM Bug #15178 (Confirmed): ACB (autoconfig backup) restore always returns could not decrypt despite proper password
- Yes, I was able to reproduce the described behavior.
Tested against the following versions:...
04/11/2024
- 09:15 PM pfSense Plus Feature #13227: Group-based Mobile IPsec Virtual Address Pool assignment via RADIUS
- Thanks for testing! Try it with this "patch":https://docs.netgate.com/pfsense/en/latest/development/system-patches.ht...
- 08:08 PM pfSense Plus Feature #13227 (In Progress): Group-based Mobile IPsec Virtual Address Pool assignment via RADIUS
- 01:34 PM pfSense Plus Feature #13227: Group-based Mobile IPsec Virtual Address Pool assignment via RADIUS
- I am having issues creating multiple groups. I just installed the plus 24.03 RC last night on my box at home so I can...
- 08:54 PM Regression #15391: Prior bug #9459 in 2.7.2: pfr_update_stats: assertion failed.
- Believe that the source of the issue was determined:
* set net.bpf.zerocopy_enable=1
* on the external interface co... - 08:19 PM pfSense Plus Bug #15396 (New): BE upgrade process deferred pkg install can cause significant delays
- Some package install scripts attempt to connect out to update lists/signatures/aliases. When run as part of the new B...
- 07:01 PM pfSense Packages Feature #15375: Update ntopng package
- Tested in 24.03 RC -- working as intended.
- 07:01 PM Regression #14970 (Resolved): Static ARP assignments lose ``permanent`` flag in ARP table
- 07:00 PM Regression #14970: Static ARP assignments lose ``permanent`` flag in ARP table
- Tested with 24.03 RC -- issue appears resolved.
- 04:50 PM pfSense Plus Bug #15395: install-boot trips on BIOS installs when an EFI partition is present.
- That is the scheme the Net Installer uses by default on a legacy booting device such as the 7100.
- 04:39 PM pfSense Plus Bug #15395 (Resolved): install-boot trips on BIOS installs when an EFI partition is present.
- As mentioned in the title install-boot tries to set a UEFI boot option but fails and exists:...
- 02:52 PM Bug #15178: ACB (autoconfig backup) restore always returns could not decrypt despite proper password
- I am unable to reproduce on either...
- 11:04 AM pfSense Plus Bug #15386 (Confirmed): EULA Prompting Twice on Plus
- 10:44 AM pfSense Plus Bug #15386: EULA Prompting Twice on Plus
- I can confirm the described behavior.
Tested against the following release:... - 06:39 AM pfSense Packages Feature #15394 (New): Azure VNet (VPC) Wizard
- Is is there any chance to create/develop Azure VPC (VNet) Wizard, which is similar to the existing AWS VPC Wizard in ...
04/10/2024
- 06:06 PM pfSense Packages Feature #15375: Update ntopng package
- The package has been tested by a couple of users on 23.09.1, and it works as intended.
- 05:55 PM pfSense Packages Feature #15393 (New): Return to the ga version of NUT
- With the release of 2.8.2, NUT is again stable. Move from the development version (nut-devel) back to the release ver...
- 12:59 PM pfSense Packages Bug #15392 (Rejected): Package Service Watchdog issue during reinstall
- The package system has no special knowledge of individual packages and adding that would create a significant amount ...
- 01:23 AM pfSense Packages Bug #15392 (Rejected): Package Service Watchdog issue during reinstall
- Hello fellow pfSense Redmine members,
Can we please migrate the last item to be reinstalled on package reinstall t...
04/09/2024
- 09:52 PM Regression #15391: Prior bug #9459 in 2.7.2: pfr_update_stats: assertion failed.
- Thank you. We'll need more info to review the issue further. You may generate a status report of the system by append...
- 07:15 PM Regression #15391: Prior bug #9459 in 2.7.2: pfr_update_stats: assertion failed.
- No for all three questions.
- 04:59 PM Regression #15391: Prior bug #9459 in 2.7.2: pfr_update_stats: assertion failed.
- Are there any crash reports showing on the dashboard? Or perhaps a crash/panic shown in the console? Does the system ...
- 04:11 PM Regression #15391: Prior bug #9459 in 2.7.2: pfr_update_stats: assertion failed.
- This was on a direct install (2.7.2) - no backup restored. Recalled this being present in an earlier version. Nothi...
- 03:18 PM Regression #15391: Prior bug #9459 in 2.7.2: pfr_update_stats: assertion failed.
- Are there any changes to the system or configuration that increases the verbosity? The code to silence that on the de...
- 08:51 AM Regression #15391 (New): Prior bug #9459 in 2.7.2: pfr_update_stats: assertion failed.
- 'pfr_update_stats: assertion failed" errors are surfacing in a voluminous quantity in the system log. NAT type = "Pur...
- 05:38 PM Bug #15157 (Resolved): PHP error when generating a notification after detecting a malformed configuration
- This seems to be solved now. Things that triggered it before no longer trigger it now.
- 01:14 PM Bug #15384 (Resolved): Reordering IPsec Phase 2 entries may result in a malformed configuration
- 01:28 AM Bug #15384: Reordering IPsec Phase 2 entries may result in a malformed configuration
- Confirmed on 2.7.2 change fixes the problem.
- 01:11 PM pfSense Plus Regression #15387 (Feedback): Boot failure detection tripping on config reset button during boot
- Fix committed: https://gitlab.netgate.com/pfSense/factory/-/commit/e2bdb91254b96c5d7caa9a1c26ea65be52d18fbb
- 01:09 PM pfSense Plus Regression #15387 (In Progress): Boot failure detection tripping on config reset button during boot
- Working with Steve, we have identified a method to work around this. Commit coming shortly.
- 11:06 AM Bug #15376: OpenVPN DHCP Range | Pool
- i used the following in custom option, which worked for me:
server 172.21.0.0 255.255.255.0 nopool;
ifconfig-pool...
04/08/2024
- 04:17 PM pfSense Plus Regression #15390 (New): Configs with incorrectly removed packages can create php errors.
- A config file that contains packages in the <installedpackages> section but not the actual <package> data can generat...
- 03:47 PM pfSense Plus Regression #15387: Boot failure detection tripping on config reset button during boot
- This prevents the hardware config reset working on anything that has multiple ZFS BE snapshots present to roll back to.
- 02:54 PM pfSense Plus Regression #15387: Boot failure detection tripping on config reset button during boot
- This applies to all devices that have a hardware config reset button. The 4200 can be reset at any time which means i...
- 03:15 PM Bug #15384 (Feedback): Reordering IPsec Phase 2 entries may result in a malformed configuration
- Applied in changeset commit:88670c6c167418e7d12b010c0ce8b7d06c2b757f.
- 02:12 PM Bug #15384: Reordering IPsec Phase 2 entries may result in a malformed configuration
- This only happens if you try to move something into the first position. If you move any P2 into any other place it wo...
- 03:08 PM Revision 88670c6c: Fix syntax when moving IPsec P2. Fixes #15384
- 02:29 PM Feature #15389: Allow changing network interface names via UI to make interface-bound states possible on HA firewalls with different NICs
- Thank you for looking at the request. Could you please name other workarounds and which you'd recommend?
- 02:18 PM Feature #15389 (Rejected): Allow changing network interface names via UI to make interface-bound states possible on HA firewalls with different NICs
- That would make things even more complex and isn't sustainable. There are already workarounds for that limitation (e....
- 02:05 PM Feature #15389 (Rejected): Allow changing network interface names via UI to make interface-bound states possible on HA firewalls with different NICs
- With interface-bound states being the default and more secure option in new pfSense versions, it would be nice if one...
- 01:05 PM pfSense Plus Bug #15388 (Rejected): Serial/VGA console forces password reset on 24.03 but Setup Wizard still prompts during setup to change the password erroneously
- The wizard has always prompted to change the password, users like having the option. That step can be skipped the sam...
- 01:00 PM pfSense Plus Feature #12534 (Closed): Generate a ISO Image for Remote Restore of pfSense Plus on the XG-1537 and 1541 units with IPMI
- 12:59 PM Regression #12549: Per-user Mobile IPsec settings are not applied to connecting mobile clients
- It's still marked as "New" and open so no, it has not been resolved.
- 12:56 PM pfSense Docs Todo #15383 (Rejected): Feedback on Virtual Private Networks — IPsec — IPsec Configuration — IPsec Pre-Shared Keys Tab
- That's due to a bug we've been chasing for a while, and there are potential workarounds, though it's unclear if it's ...
04/07/2024
- 10:47 PM pfSense Plus Regression #15320: XMLRPC Sync Trigger on CARP Maintenance Mode Causes webConfigurator Hangs on VIPs
- It'd be good to test this on 24.03 as there have been general efficiency improvements that may help here.
- 02:25 AM pfSense Plus Regression #15320: XMLRPC Sync Trigger on CARP Maintenance Mode Causes webConfigurator Hangs on VIPs
- Customer ticket 2575064585 is another example of this issue. They did not have webConfigurator hangs, but they did h...
- 02:37 PM Bug #7329: DHCP Not Updating DNS
- I am running into this issue with 2.7.2-RELEASE (amd64).
I did restart both unbound and DHCP (ICS) and the DNS stick... - 11:06 AM Feature #12746: IPoE feature for WAN interface
- While some Japanese ISPs may still offer PPPoE, the latency fluctuates quite a bit, especially during the evening.
... - 04:16 AM Bug #14261: Trim white space in a DHCP Leases page search field
- this seems to work as described with the dhcp lease search as tested on 24.03.b.20240405.1653, adding a leading or tr...
- 02:59 AM pfSense Plus Regression #15387: Boot failure detection tripping on config reset button during boot
- Testing multiple times on these units, they still will factory reset just fine, so this appears to not be a critical ...
- 02:58 AM pfSense Plus Regression #15387: Boot failure detection tripping on config reset button during boot
- This also affected the SG-2440. This appears to not be smbus related, but simply a result of the reset button causin...
- 02:38 AM pfSense Plus Regression #15387: Boot failure detection tripping on config reset button during boot
- Appears to have the same boot failure detection on the 4100. Likely not the only devices to have this issue.
Shor... - 02:15 AM pfSense Plus Regression #15387 (Feedback): Boot failure detection tripping on config reset button during boot
- When booting the 4200, if you follow the instructions outlined here to press the reset button when the appliance star...
- 02:53 AM pfSense Plus Bug #15388 (Rejected): Serial/VGA console forces password reset on 24.03 but Setup Wizard still prompts during setup to change the password erroneously
- During first boot, new in 24.03 is that the admin password is prompted to be changed from the serial console on first...
04/06/2024
- 09:27 PM pfSense Plus Bug #15386 (Resolved): EULA Prompting Twice on Plus
- When logging into pfSense Plus for the first time, the EULA and Thank You messages appear as you'd expect. However, ...
- 09:20 PM pfSense Packages Bug #15385 (New): PHP crash when exporting Apple profile, while IPsec P1 authentication method set to "Mutual Certificate"
- Version: 23.09.1-RELEASE (amd64)
Steps to reproduce:
1. Configure the Phase 1 authentication method to "Mutual ... - 08:07 PM Feature #15217: Log command being run in Diagnostics > Command Prompt
- I wanted to add my support for this. We recently had a ticket were an error was thrown from diag_command.php, but the...
- 07:41 PM Bug #13375: Mixing VTI and disabled Tunnel Mode phase 2 entries on the same phase 1 breaks VTI gateway monitoring
- Tested this on 23.09.1. This is still present.
- 07:38 PM pfSense Plus Feature #12534: Generate a ISO Image for Remote Restore of pfSense Plus on the XG-1537 and 1541 units with IPMI
- The netinstaller provides a mechanism for this. This can be closed as Resolved.
- 07:38 PM pfSense Packages Feature #10865 (Rejected): squidGuard lacks options to send traffic action logs to syslog server
- With the deprecation of squid, marking this as Rejected, since this package will be removed in a future release, so i...
- 05:37 PM pfSense Plus Feature #15380: During upgrade Process GUI timeouts still occur
- I agree that the timeout should be paused during or restarted after performing the upgrade.
- 02:55 PM pfSense Plus Feature #15380: During upgrade Process GUI timeouts still occur
- Thank you
- 02:29 PM pfSense Plus Feature #15380 (New): During upgrade Process GUI timeouts still occur
- Thanks for the clarification. I'll move it to a feature request.
- 01:54 PM pfSense Plus Feature #15380: During upgrade Process GUI timeouts still occur
- Sorry I forgot to include this is for users that changed the timeout to 5 mins or so. If I leave my desk the firewall...
- 01:44 PM pfSense Plus Feature #15380 (Not a Bug): During upgrade Process GUI timeouts still occur
- The default timeout is 4 hours, which should be enough time for any of those actions. It can be changed, or even disa...
- 07:07 AM Bug #15376 (Not a Bug): OpenVPN DHCP Range | Pool
- 06:52 AM pfSense Packages Bug #13409: Copy button for Optional pre-shared key for this tunnel works in HTTPS mode only
- I tested the patch against the 24.03 BETA release.
The patch fixes the issue.
It can be merged. - 05:22 AM Bug #15384: Reordering IPsec Phase 2 entries may result in a malformed configuration
- I can confirm this behavior on ...
04/05/2024
- 11:09 PM pfSense Packages Bug #13810: Squid options obsolete
- https://redmine.pfsense.org/issues/15381
- 11:09 PM pfSense Packages Bug #13810: Squid options obsolete
- https://github.com/pfsense/FreeBSD-ports/pull/1365
- 11:09 PM pfSense Packages Bug #13810: Squid options obsolete
- https://github.com/pfsense/FreeBSD-ports/pull/1366
- 11:09 PM pfSense Packages Bug #15381: Squid 6.6 Errors Attached for Review TLS requested in errors
- https://github.com/pfsense/FreeBSD-ports/pull/1366
Fix for
2024/04/05 07:58:24| ERROR: Unsupported TLS option ... - 10:44 PM pfSense Packages Bug #15381: Squid 6.6 Errors Attached for Review TLS requested in errors
- Notes:
FIX ME
line of code 1261 in /usr/local/pkg/squid.inc
FIX ME
line of code 1235-1241 in usr/local/pkg/s... - 10:38 PM pfSense Packages Bug #15381: Squid 6.6 Errors Attached for Review TLS requested in errors
- @
if (empty($settings['sslproxy_compatibility_mode']) || ($settings['sslproxy_compatibility_mode'] == 'modern')) {
... - 10:27 PM pfSense Packages Bug #15381: Squid 6.6 Errors Attached for Review TLS requested in errors
- https://github.com/pfsense/FreeBSD-ports/pull/1365
this fixed the issue inside my SG-2100
Working on this also ... - 10:25 PM pfSense Packages Bug #15381: Squid 6.6 Errors Attached for Review TLS requested in errors
- 2024/04/05 07:58:24| WARNING: UPGRADE: 'cafile=/usr/local/share/certs/ca-root-nss.crt' is deprecated in http_port. Us...
- 03:02 PM pfSense Packages Bug #15381: Squid 6.6 Errors Attached for Review TLS requested in errors
- @2024/04/05 07:58:24| Processing Configuration File: /usr/local/etc/squid/squid.conf (depth 0)
2024/04/05 07:58:24| ... - 07:23 PM Bug #15157: PHP error when generating a notification after detecting a malformed configuration
- Yes, with the notification error patched the real bugs generating a bad config should become apparent. Separate issue...
- 07:12 PM Bug #15157: PHP error when generating a notification after detecting a malformed configuration
- tested on:
24.03-BETA (amd64)
built on Fri Mar 22 17:08:00 UTC 2024
FreeBSD 15.0-CURRENT
patch fixes the actual c... - 07:16 PM Bug #15384 (Resolved): Reordering IPsec Phase 2 entries may result in a malformed configuration
- Changing the order of phase2 entries for the tunnels and saving produces bad config and results in "configuration res...
- 10:56 AM Regression #15019 (Resolved): pfSense Plus is always shown as an available upgrade for eligible CE devices.
- This has been fixed on the 2.7.2 release.
If you don't select *[Upgrade] - Latest pfSense Plus Stable Version (23... - 10:43 AM Regression #12549: Per-user Mobile IPsec settings are not applied to connecting mobile clients
- Just to check: Has then been resolved, or is it still pending resolution?
- 10:30 AM pfSense Docs Todo #15383 (Rejected): Feedback on Virtual Private Networks — IPsec — IPsec Configuration — IPsec Pre-Shared Keys Tab
- *Page:* https://docs.netgate.com/pfsense/en/latest/vpn/ipsec/psk.html
*Feedback:*
When an ipv4 address pool is ... - 08:36 AM pfSense Docs Correction #15382 (New): pfSense Plus Azure support plans
- The page explaining Support Resources for pfSense Plus instances in Azure does not include a note about the option to...
04/04/2024
- 10:42 PM pfSense Packages Bug #15381: Squid 6.6 Errors Attached for Review TLS requested in errors
- The errors show a request for cafile= to be tls-cafile, so Squid is looking for tls certificates over the SSL we used...
- 06:16 PM pfSense Packages Bug #15381: Squid 6.6 Errors Attached for Review TLS requested in errors
- Facebook Goals for me with the cache are related to
Ref:
https://research.facebook.com/blog/2016/4/the-evolution-o... - 06:02 PM pfSense Packages Bug #15381: Squid 6.6 Errors Attached for Review TLS requested in errors
Cachemgr.cgi ref:
https://forum.netgate.com/topic/187107/how-to-guide-for-accessing-squid-s-cachemgr-cgi-over-http...- 06:00 PM pfSense Packages Bug #15381 (New): Squid 6.6 Errors Attached for Review TLS requested in errors
- Squid runs however lists the following errors in 24.03.b.20240322.1708
@/status_services.php: The command '/usr/lo... - 05:54 PM pfSense Plus Bug #15103: Netgate Crypto ID missing in 23.09.01 after fresh firmware
- In 24 the crypto acceleration does not list any counters when VPN is running also. I thought it was able to enable an...
- 05:48 PM pfSense Plus Feature #15380: During upgrade Process GUI timeouts still occur
- If use of verify/commit boot environment users will not be able to commit or verify as GUI times out. Can updates be ...
- 03:55 PM pfSense Plus Feature #15380 (New): During upgrade Process GUI timeouts still occur
- Hello during my updates the GUI timeout is counting down still and will log me out of the update. Attached is the scr...
- 03:49 PM pfSense Packages Feature #15375 (Feedback): Update ntopng package
- PR merged, thanks!
- 03:14 PM Bug #15379: Diagnostic/Traceroute follows default gateway instead of IPsec interface for routing traffic
- I can confirm it, it seems the traceroute doesn't follow the IPsec policy
tested on ... - 02:49 PM Bug #15379 (Not a Bug): Diagnostic/Traceroute follows default gateway instead of IPsec interface for routing traffic
- You can't force something into policy-based IPsec in that way. Either it matches the traffic selectors and it will go...
- 02:28 PM Bug #15379 (Not a Bug): Diagnostic/Traceroute follows default gateway instead of IPsec interface for routing traffic
- If you define a specific Source Address in the Diagnostic/Traceroute page and that interface IP is within the IPsec t...
- 01:52 PM Bug #14933: Traffic Graph Widget only displays half of the real UL/DL bandwidth used under certain conditions
- https://github.com/pfsense/pfsense/pull/4677
04/03/2024
- 06:35 PM Bug #15157 (Feedback): PHP error when generating a notification after detecting a malformed configuration
- Applied in changeset commit:7b920960e5f38aedd35316c762c5b0b6dbc84c60.
- 04:19 PM Bug #15157 (In Progress): PHP error when generating a notification after detecting a malformed configuration
- https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/1147
- 02:11 PM Bug #15157: PHP error when generating a notification after detecting a malformed configuration
- The common PHP errors shown here are caused by trying to display a notification when the config file is unavailable. ...
- 11:43 AM Bug #15157: PHP error when generating a notification after detecting a malformed configuration
- Good afternoon, I have an update. I have noticed that if I don't use certain characters, such as Ñ and others, in bot...
- 08:14 AM Bug #15157: PHP error when generating a notification after detecting a malformed configuration
- David Cuadrado Sanchez wrote in #note-5:
> Robbe Van der Gucht wrote in #note-3:
> > I have a similar stack trace f... - 06:29 PM Revision 7b920960: Use only local notifications when config file cannot be read. Fixes #15157
- 03:29 PM Bug #15376: OpenVPN DHCP Range | Pool
- Hello Felix,
This doesn't sound like a pfSense bug.
To achieve your goal, simply add the following line to the... - 03:09 PM Bug #15378: XMLRPC Not Working as expected.
- No, the potential for problems/harm is too high. Each package that supports XMLRPC has its own options to control the...
- 03:00 PM Bug #15378: XMLRPC Not Working as expected.
- Can we have selection in HA setup for installed packages? Like we have for selection for configuration section (we ma...
- 12:14 PM Bug #15378 (Not a Bug): XMLRPC Not Working as expected.
- It's working as expected. Packages must handle their own synchronization. Some packages are not compatible with being...
- 07:00 AM Bug #15378 (Not a Bug): XMLRPC Not Working as expected.
- XMLRPC is not syncing the installed packages configurations sent by client.
XMLRPC.php file has this function me... - 03:06 PM pfSense Plus Regression #14378: Packages are not removed when using the hardware reset button
- The issue persisted on the 24.03 BETA today's release.
I tested it on the SG-2100 device. - 12:25 PM pfSense Plus Bug #15361 (Confirmed): Error in virtual IP aliases when using IPv6 "network" / "broadcast" addresses
- Tested against:...
- 05:21 AM pfSense Plus Feature #15377 (New): Offline Storage of Boot Environments onto USB MEDIA
- What I wish would happen:
Boot environments has an option to format an external drive/SSD/HDD/FLASH for use with off...
04/02/2024
- 07:35 PM Bug #15157: PHP error when generating a notification after detecting a malformed configuration
- Robbe Van der Gucht wrote in #note-3:
> I have a similar stack trace for an issue that is maybe not completely the s... - 07:22 PM Bug #15157: PHP error when generating a notification after detecting a malformed configuration
- Good afternoon,
When I try to add a host to synchronize pfBlocker with other appliances, upon saving, I encounter th... - 06:37 PM pfSense Plus Bug #15202: Add Option for Network Portion of Subnet "Wildcard" for IPv6 Rules
- Kris Phillips wrote:
> If there was a way to detect the interface PD for firewall rules, similar to how the DHCPv6 s... - 06:08 PM pfSense Packages Feature #15375: Update ntopng package
- Understood. Thank you Denny.
- 05:55 PM pfSense Packages Feature #15375: Update ntopng package
- Mike Moore wrote in #note-1:
> "Support the addition of configuration lines outside those directly supported by the ... - 04:22 PM pfSense Packages Feature #15375: Update ntopng package
- "Support the addition of configuration lines outside those directly supported by the pfSense ntop package UI. This al...
- 02:53 AM pfSense Packages Feature #15375 (Feedback): Update ntopng package
- This is a tracking issue for a significant number of changes to pfSense-pkg-ntopng.
The list of changes to the pac... - 09:12 AM Bug #15376 (Not a Bug): OpenVPN DHCP Range | Pool
- Ive had an issue with OpenVPN Server in PFSENSE, one Client couldnt connect to VPN. The solution was, reinstalling th...
04/01/2024
- 11:34 PM pfSense Packages Feature #14712: CrowdSec package
- I have been testing this for several months now and like it as another layer of security that uses very little resour...
- 11:25 PM pfSense Packages Bug #15365: pfBlockerNG PHP error when editing a list
- I can also confirm this behavior. I corrected it in my setup by editing line 391 of /usr/local/www/pfblockerng/pfbloc...
- 10:07 PM pfSense Packages Feature #15374: Use of cachemgr.cgi within secure lightsquid access
- Of course you can't access it with a GUI login session to light squid, is this something anyone wants to research at ...
- 10:05 PM pfSense Packages Feature #15374 (New): Use of cachemgr.cgi within secure lightsquid access
- Hello fellow pfSense redline members,
Can we please add Squid's cachemgr.cgi to the lightsquid package.
Please... - 07:12 PM Bug #15373 (New): Firewall Logs Dashboard Widget update interval does not behave as expected
- The update interval on the dashboard widget does not behave as expected. It appears to have a problem with any interv...
- 07:04 PM Bug #12673: Firewall Logs Dashboard Widget is slow and may fail to update
- Somewhere along the way this changed from the initial issue (updates fail if < 5 seconds) and became about the speed ...
- 06:57 PM Revision 017cdba2: Set FW log widget min interval to 5. Fixes #12673
- 06:56 PM Revision 6b7b059a: Fix syntax error (short open tag)
- 06:51 PM Revision 0263ca21: Fix log widget callback filename. Issue #12673
- 06:11 PM Bug #14936 (Resolved): ``radvd`` service shows as stopped in services list when it should be disabled and hidden from that list
- Looks good on a current snapshot.
- 06:09 PM Bug #14386 (Resolved): ``openvpn.auth-user.php`` gets stuck at 100% CPU usage when RADIUS authentication times out
- No reports of failures since this went in. Can always reopen it if someone can reproduce the problem on current builds.
- 06:08 PM Regression #14970: Static ARP assignments lose ``permanent`` flag in ARP table
- This fix requires new binaries and cannot be patched on older releases, the only way to get the fix will be by upgrad...
- 06:03 PM Todo #13537 (Resolved): Update vendor files
- There haven't been any noticeable issues with these updated libraries/files in some time now. If any new issues are i...
- 05:42 PM pfSense Plus Todo #15372 (New): Adjust LED patterns for Boot Environments 2.0
- With the new Boot Environments code the "upgrade in progress" LED pattern does not display for much time since the bu...
- 05:29 PM pfSense Packages Bug #15313: Zabbix server 6.4.12 requires Zabbix proxies to be version 6.4.12
- Zabbix server 6.4.13 is out now and I have confirmed that it works correctly with older proxies, including 6.4.1 that...
- 12:56 PM pfSense Plus Todo #15266 (Resolved): Prevent usage of the default password in User Manager accounts
- Jordan G wrote in #note-18:
> on 20240329-0600 build after restoring a backup with default password, both console an... - 12:55 PM pfSense Plus Todo #15266: Prevent usage of the default password in User Manager accounts
- Danilo Zrenjanin wrote in #note-17:
> Another inconsistency is that when performing a clean install in the console, ... - 12:54 PM pfSense Plus Bug #15369 (Rejected): Update Virtual IP Messages to Say "Network ID/Prefix ID" in the Error
- This is not true for IPv6. There is nothing special about the prefix ID address like there is in IPv4. In IPv6 every ...
- 12:53 PM pfSense Plus Bug #15361: Error in virtual IP aliases when using IPv6 "network" / "broadcast" addresses
- Kris Phillips wrote in #note-3:
> In IPv6 there is a prefix ID followed by an interface, which replaces the network ... - 12:51 PM Bug #14942: DNS Resolver host overrides ignore all aliases if first entry has a domain set but no hostname
- Lev Prokofev wrote in #note-9:
> I think it should be re-opened, I noticed that after the patch you can't add host o... - 12:48 PM Feature #15367 (Rejected): pfSense throughput would probably seriously benefit from jumbo frames. Please support that!
- pfSense already supports Jumbo frames if they are supported by the hardware and drivers. If the hardware and drivers ...
- 08:47 AM pfSense Packages Feature #8547: fwknop Port Knocking Package
- Also upvote.
Because *bruteforcing by thousands of IoT devices* (fridges, smart bulbs, smart locks, smart tvs, Al...
03/31/2024
- 04:56 PM Bug #15370 (Rejected): GUI Randomly Shows WAN IPv6 Address as DHCPv6 or SLAAC but not both
- The first IPv6 GUA to be configured on the interface gets used. The order of what gets configured first is determined...
- 11:39 AM Bug #15370: GUI Randomly Shows WAN IPv6 Address as DHCPv6 or SLAAC but not both
- After making a change to WAN interface and hitting save (just unchecked and rechecked a box):
I also noticed the cha... - 11:28 AM Bug #15370 (Rejected): GUI Randomly Shows WAN IPv6 Address as DHCPv6 or SLAAC but not both
- When the WAN interface gets a DHCPv6 and a SLAAC address it will only show one or the other pretty much at random for...
- 12:41 PM Feature #15371 (New): Add MAP-E support
- I wonder if this could be considered.
It was originally requested here: https://redmine.pfsense.org/issues/11901
... - 06:59 AM pfSense Packages Bug #15131: OpenVPN client export issues with iPhone and IPV6 connections
- https://forum.netgate.com/topic/185475/new-bogon-hitting-the-openvpn-port-1194
- 06:59 AM pfSense Packages Bug #15131: OpenVPN client export issues with iPhone and IPV6 connections
- Unrelated but if you’re not logging and locking down your VPN use make sure you do.
- 06:53 AM pfSense Packages Bug #15131: OpenVPN client export issues with iPhone and IPV6 connections
- remote f.q.d.n 1194 udp4
to
remote f.q.d.n 1194 udp
I am opening a redmine for this as the iPhone uses ipv6 an... - 06:48 AM pfSense Packages Bug #15131: OpenVPN client export issues with iPhone and IPV6 connections
- My original test was from a cellphone iOS iPhone SE latest SE from cell network remote connection to DSL IPv4 only IS...
- 04:00 AM pfSense Packages Bug #12907: PIMD: Nonexistent interfaces should be hidden/disabled in pimd.conf before bringing up the service
- 0.0.3_6 pimd on 24.03 beta seems to function correctly with regards to bindings and interface selection and the statu...
- 01:08 AM pfSense Plus Todo #15266: Prevent usage of the default password in User Manager accounts
- on 20240329-0600 build after restoring a backup with default password, both console and gui requested changing the pa...
03/30/2024
- 11:32 PM pfSense Packages Bug #15131: OpenVPN client export issues with iPhone and IPV6 connections
- Just tested a config with udp4 in the remote host line on OpenVPN Connect on Android. The config imported just fine....
- 11:31 PM pfSense Packages Bug #15131: OpenVPN client export issues with iPhone and IPV6 connections
- I tested this on 24.03 and am unable to reproduce this. The config file on a new multihome config spits out with udp...
- 11:23 PM Regression #14930 (Resolved): Clean installation using Auto (ZFS) + MBR (BIOS) does not boot
- MBR (BIOS) is working as expected on...
- 11:20 PM pfSense Packages Bug #15313: Zabbix server 6.4.12 requires Zabbix proxies to be version 6.4.12
- Checked on the latest 24.03 BETA builds. This is still on the older version: zabbix64-proxy-6.4.10_1
- 11:15 PM pfSense Plus Bug #15303: dpinger service does not always switch from Pending to Online
- Tested this on the 24.03 BETA and this issue is present on that version as well.
- 11:14 PM pfSense Plus Bug #15369 (Rejected): Update Virtual IP Messages to Say "Network ID/Prefix ID" in the Error
- When adding a Virtual IP, pfSense Plus will complain that you can't use the Network ID or Broadcast Address if you tr...
- 11:09 PM pfSense Plus Bug #15361: Error in virtual IP aliases when using IPv6 "network" / "broadcast" addresses
- In IPv6 there is a prefix ID followed by an interface, which replaces the network ID in IPv6. Assigning the prefix I...
- 10:40 PM Bug #15067 (Resolved): Secondary node attempts to delete the ``admins`` group when synchronizing accounts via XMLRPC
- 10:39 PM Bug #15067 (Closed): Secondary node attempts to delete the ``admins`` group when synchronizing accounts via XMLRPC
- No more errors on...
- 02:22 PM Bug #14942: DNS Resolver host overrides ignore all aliases if first entry has a domain set but no hostname
- Tested on the latest 23.04 build, the error did not occur.
24.03-BETA (amd64)
built on Fri Mar 29 6:00:00 UTC 202... - 02:05 PM Bug #14942: DNS Resolver host overrides ignore all aliases if first entry has a domain set but no hostname
- I couldn't replicate the issue on 24.09 - BETA
- 01:49 PM Bug #14942: DNS Resolver host overrides ignore all aliases if first entry has a domain set but no hostname
- I think it should be re-opened, I noticed that after the patch you can't add host override without setting the alias ...
03/29/2024
- 05:14 PM pfSense Plus Todo #15266: Prevent usage of the default password in User Manager accounts
- Another inconsistency is that when performing a clean install in the console, you will be prompted to change the defa...
- 01:08 AM pfSense Packages Feature #14032: Neighbor Discovery Proxy (NDproxy)
- Bump! ndproxy has been patched and now builds on FreeBSD 14 - see commit history:
https://www.freshports.org/net/ndp...
03/28/2024
- 09:32 PM Bug #15363 (Resolved): Reply traffic on a secondary WAN may be dropped when passed through dummynet
- Tested - working.
- 04:49 PM Bug #15363 (Feedback): Reply traffic on a secondary WAN may be dropped when passed through dummynet
- 04:49 PM Bug #15363: Reply traffic on a secondary WAN may be dropped when passed through dummynet
- Fixed in https://cgit.freebsd.org/src/commit/?id=a983cea4e9a8dcd52cfd6a3141d7aa03306b057b (and cherry-picked to plus-...
- 08:36 PM Feature #8695: make AdvLinkMTU configurable
- Dear Jim Pingle,
in cases where v6 tunnels are active, the v4 MTU differs from the v6 MTU as a v6 tunnel adds addi... - 06:57 PM Bug #14996 (Resolved): Kea DHCP PHP error from WINS server value
- Tested against:...
- 06:35 PM pfSense Plus Bug #15361: Error in virtual IP aliases when using IPv6 "network" / "broadcast" addresses
- I need to add a secondary IPv6 address (fd00:0:0:1::/64) on my tun_wg0 interface and it works using the VIPs
If i pu... - 04:51 PM pfSense Plus Bug #15361: Error in virtual IP aliases when using IPv6 "network" / "broadcast" addresses
- What's the end goal you're looking for here?
An IP alias should take a single address you want to add to a specifi... - 05:21 PM Revision d0a6b799: Improve the messaging used when the upgrade system is busy.
- Replace the generic 'error' message by a correct and more clear message.
- 03:30 PM pfSense Plus Feature #15368 (New): Bulk import DHCP host reservations
- It'd be a huge time saver to import from a CSV or XML file into Kea, or even just pasting into a text field like Fire...
- 03:15 PM pfSense Plus Regression #15337 (Resolved): pfSense-boot pkg fails install in UFS
- 01:00 PM pfSense Plus Regression #15337: pfSense-boot pkg fails install in UFS
- tested on:
24.03-BETA (amd64)
built on Fri Mar 22 17:08:00 UTC 2024
FreeBSD 15.0-CURRENT
upgraded from 23.09.1 on... - 02:41 PM Feature #15367 (Rejected): pfSense throughput would probably seriously benefit from jumbo frames. Please support that!
- pfSense throughput would probably seriously benefit from jumbo frames. Please support that!
I described this in mo... - 09:28 AM Bug #15366: Ethernet rules are not blocking the ARP inside the bridge
- The same behavior if you filter on the bridge
net.link.bridge.pfil_member=0
net.link.bridge.pfil_bridge=1
and... - 09:25 AM Bug #15366 (New): Ethernet rules are not blocking the ARP inside the bridge
- Configuration:
1)IX2 and DMZ interfaces are bridged (192.168.168.0/24)
2)Filtering enabled on members of the brid... - 08:51 AM pfSense Packages Bug #15365 (Confirmed): pfBlockerNG PHP error when editing a list
- I can confirm this behavior.
!clipboard-202403280951-tqfxp.png!...
03/27/2024
- 09:45 PM pfSense Packages Regression #14189: pfBlocker-NG: HA-Sync is not working
- Linking in https://forum.netgate.com/topic/179060/pfblockerng-sync-not-working/54 which says in part:
"All you nee... - 07:20 PM Bug #10980 (Resolved): ``/etc/rc.local`` script content is executed at login instead of during boot sequence
- This is working as expected on the latest Plus snapshot.
- 03:47 PM pfSense Packages Bug #15365 (Pull Request Review): pfBlockerNG PHP error when editing a list
- When editing an IPv4 list item I hit:...
- 02:45 PM pfSense Plus Bug #15364 (Not a Bug): Netgate XG-7100-1U OS drive timeout / system hang / no access to WebUI nor SSH
- There are no issues of that nature with the 7100 hardware on 23.09.1. Most likely that is a hardware problem. Contact...
- 01:56 PM pfSense Plus Bug #15364 (Not a Bug): Netgate XG-7100-1U OS drive timeout / system hang / no access to WebUI nor SSH
- Bug seems to be similar as #14181 and #14300.
*Contexte* : Upgrade PfSense+ from 23.05.1 to 23.09.1 on Netgate XG... - 02:17 PM Bug #15291: Error on Traffic Shaper 0% Bandwidth
- dylan mendez wrote in #note-3:
> Pavan, please let us know what the result or rebuilding is since this upgrade was f... - 02:43 AM Bug #15363: Reply traffic on a secondary WAN may be dropped when passed through dummynet
- I'll try to reproduce this.
First thoughts:
The state being created as floating (i.e. 'all') is expected for rep...
03/26/2024
- 11:18 PM Bug #15362: Config upgrade error with empty gateway interval tags.
- Specifically this was config version 8.0 I hit this on though I'd expect anything that hits upgrade_130_to_131() woul...
- 07:12 PM Bug #15362 (New): Config upgrade error with empty gateway interval tags.
- Upgrading an old config that has set but empty gateway interval tags throws a php error.
For example a config contai... - 07:24 PM Bug #14893 (Resolved): Large number of IPsec tunnels causes long filter reload times
- 07:22 PM Bug #13413 (Resolved): Some messages presented to users contain relative links to pages which may be invalid when triggered from certain packages
- 07:15 PM Bug #15363 (Resolved): Reply traffic on a secondary WAN may be dropped when passed through dummynet
- When a dummynet pipe with a delay is applied to traffic on a secondary WAN, reply traffic is dropped. It seems that t...
- 07:14 PM Feature #15322 (Resolved): 50x and 404 error handling to GUI web server configuration
- Appears to be working as expected.
- 07:13 PM Todo #15302 (Resolved): Error handling in the Setup Wizard is very user-unfriendly
- Errors are all nicely displayed and the user has the opportunity to correct them. No more blank pages with error mess...
- 07:09 PM Bug #10980: ``/etc/rc.local`` script content is executed at login instead of during boot sequence
- Somehow the change didn't get carried over into rc.initial on Plus. I just made the equivalent commit there that remo...
- 07:02 PM Feature #15233 (Resolved): Recognize QAT 4xxx devices in System Information Widget
- 07:01 PM Bug #15118 (Resolved): DHCPv6 settings page "DDNS Reverse" check box not showing current state
- Checkbox is being respected and is displaying its value properly.
- 06:57 PM Bug #14991 (Resolved): Kea does not allow FQDNs for NTP servers but input validation does not prevent them from being added
- Validation is working, as is the backend filtering. Kea starts properly every time now.
- 05:56 PM pfSense Plus Todo #15266: Prevent usage of the default password in User Manager accounts
- I think I was able to reproduce that issue finally. Starting from a fresh install or factory reset the user was being...
03/25/2024
- 08:54 PM Revision 2f30e7a9: register_all_installed_packages: introduce option
- 08:54 PM Bug #15341 (Closed): PHP errors in ``xmlrpc.php`` during configuration synchronization concerning OpenVPN
- This is part of a general change currently in progress.
- 06:50 PM Bug #15118 (Feedback): DHCPv6 settings page "DDNS Reverse" check box not showing current state
- Applied in changeset commit:31742a256444b808f646ab805b53987ff95d9207.
- 06:41 PM Revision 31742a25: Reflect config value of ddnsreverse for DHCPv6. Fixes #15118
- 06:28 PM Bug #14977 (Closed): Stale Kea control socket lock file can prevent Kea from starting
- I can't reproduce this at all on current snapshots. I've killed the process and left the old file in place, killed it...
- 06:25 PM Bug #14991 (Feedback): Kea does not allow FQDNs for NTP servers but input validation does not prevent them from being added
- Applied in changeset commit:216df8ac250e2fe705c90f07c2a5e1811e7011e9.
- 06:15 PM Revision 216df8ac: Disallow hostnames in Kea NTP. Fixes #14991
- * If they are in the config.xml data already, do not write them into
the Kea configuration.
* Do not allow the user... - 06:00 PM Bug #15032 (Feedback): Kea DHCP sends wrong bootloader file for UEFI
- Applied in changeset commit:d027f903cfad356af6cad7a3cf49253a5e5dbc31.
- 05:50 PM Bug #14996 (Feedback): Kea DHCP PHP error from WINS server value
- Applied in changeset commit:faf9f096448c3d18ba291901e391270036ab47c7.
- 05:45 PM Bug #14936 (Feedback): ``radvd`` service shows as stopped in services list when it should be disabled and hidden from that list
- Applied in changeset commit:0cd692b7265415410fcaf79575089da58f49739c.
- 05:44 PM Revision d027f903: Fix order of Kea boot files. Fixes #15032
- 05:43 PM Revision faf9f096: Fix variable typo. Fixes #14996
- 05:34 PM Revision 0cd692b7: Fix an radvd service status edge case. Fixes #14936
- 04:13 PM pfSense Plus Regression #15337 (Feedback): pfSense-boot pkg fails install in UFS
- IIRC this is fixed now, or at least needs re-tested on current snaps.
- 01:07 PM pfSense Plus Todo #15266: Prevent usage of the default password in User Manager accounts
- Danilo Zrenjanin wrote in #note-14:
> > * Plus: Setup wizard requires the user to change the password and will no... - 01:03 PM pfSense Docs Correction #15359 (Closed): Wireguard Overview: remove word
- Fixed, thanks!
- 01:00 PM Regression #14930 (Feedback): Clean installation using Auto (ZFS) + MBR (BIOS) does not boot
- 12:24 PM Todo #15358 (Rejected): Correct description in “System Information” widget
- There is no need to use both forms everywhere. The string is already long enough as it is without adding to it.
- 12:18 PM Bug #14942 (Resolved): DNS Resolver host overrides ignore all aliases if first entry has a domain set but no hostname
- 11:56 AM Bug #13624: Only one alias in local network of OpenVPN Server works in 2.6.0
- Kris Phillips wrote in #note-8:
> Reproduced this with a customer. The root of the issue appears to be that OpenVPN... - 04:48 AM Bug #13624: Only one alias in local network of OpenVPN Server works in 2.6.0
- Re-upload of image provided by Kris with additional information redacted.
- 09:20 AM pfSense Plus Bug #15361 (Confirmed): Error in virtual IP aliases when using IPv6 "network" / "broadcast" addresses
- There is no network address in IPv6, nor broadcasts like IPv4
When adding / editing an IP alias and putting there an...
03/24/2024
- 11:55 PM Regression #14930: Clean installation using Auto (ZFS) + MBR (BIOS) does not boot
- This fix is in pfSense Plus currently, and will be in the next release of CE. Upstream will likely be deprecating and...
- 07:14 PM Bug #14942: DNS Resolver host overrides ignore all aliases if first entry has a domain set but no hostname
- Can confirm the patch is working correctly on 23.09.1
- 12:41 PM Bug #14977: Stale Kea control socket lock file can prevent Kea from starting
- I just experienced exactly this same problem:
DHCP4_CONFIG_LOAD_FAIL configuration error using file: /usr/local/et... - 02:18 AM pfSense Plus Bug #15303: dpinger service does not always switch from Pending to Online
- Just tested this on 24.03. Added a new VTI, added the interface, and checked the Status --> Gateways page. Gateway ...
- 02:07 AM Bug #15346: Port Forward Add Unassociated Filter Rule Not Working
- I can also confirm this behavior on the March 22nd builds of 24.03. Associated and None work fine.
- 02:06 AM Bug #15360 (Duplicate): pcap & Tailscale interface
- https://redmine.pfsense.org/issues/15145
- 01:41 AM Bug #15360 (Duplicate): pcap & Tailscale interface
Tailscale is listed in PCAP as unassigned interface.
when I click on start it works for a sec then stop.- 02:01 AM Bug #15341 (Pull Request Review): PHP errors in ``xmlrpc.php`` during configuration synchronization concerning OpenVPN
- https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/1146
03/23/2024
- 08:03 PM Bug #15147 (Closed): Cannot configure dual stack IPsec tunnel to accept connections from any remote address on both address families
- note was added
24.03.b.20240322.1708
- 07:55 PM pfSense Packages Bug #13654: Wireguard does not fail back failover WAN setup.
- Tested/confirmed on 4100 hardware, pfSense Plus 23.09.1.
Dual ISP in gateway group with tier 1/2.
Wireguard traffic... - 07:38 PM pfSense Docs Correction #15359 (Closed): Wireguard Overview: remove word
- URL: https://docs.netgate.com/pfsense/en/latest/vpn/wireguard/index.html#wireguard-overview
> WireGuard instances ... - 06:04 PM Todo #15358 (Rejected): Correct description in “System Information” widget
- Brilliant pfSense DevTeam!
WHERE
“ *System Information”* widget
in block “*System*”
ISSUE
change
“*Netgate ... - 05:42 PM pfSense Plus Bug #13320 (Resolved): IP aliases with a CARP VIP parent are not available as VIP choices for gateway groups
- Tested against 23.09.1.
It works as expected. I was able to choose Alias VIP (nested under CARP VIP IP) in the Vir... - 05:40 PM Bug #13624: Only one alias in local network of OpenVPN Server works in 2.6.0
- Reproduced this with a customer. The root of the issue appears to be that OpenVPN is sometimes passing the NAME of t...
- 03:42 PM pfSense Packages Bug #11614: ACME certificate renewal/creation fails with multiple DNS providers
- 3 years later and I ran into the same issue and the fix is actually extremely simple.
The logic in the function <c... - 03:09 PM Bug #14933: Traffic Graph Widget only displays half of the real UL/DL bandwidth used under certain conditions
- To apply the patch successfully, the *path strip = 0* must be set.
- 01:14 PM pfSense Plus Todo #15266: Prevent usage of the default password in User Manager accounts
- Jim Pingle wrote in #note-10:
> This is now in and complete.
>
> tl;dr: Passwords are now a little more strict on bo... - 06:27 AM Bug #14942: DNS Resolver host overrides ignore all aliases if first entry has a domain set but no hostname
- The patch fixed the behavior. I think the issue can be marked as resolved.
tested on ... - 06:12 AM Bug #15032: Kea DHCP sends wrong bootloader file for UEFI
- I can confirm this behavior on 23.09.1.
The patch makes it work for both legacy and UEFI boot. - 05:41 AM Bug #15346: Port Forward Add Unassociated Filter Rule Not Working
- Can confirm this behavior on 24.03 BETA...
- 12:08 AM pfSense Packages Todo #15270 (Closed): ENUMER STUN
- That feed isn't enabled by default and we don't maintain it. The pfBlockerNG developer includes the ability to one-cl...
03/22/2024
- 10:35 PM Bug #14371: Firewall does not respond to UDP traceroute requests over IPsec
- I am seeing a similar behavior on wireguard tunnels as well. You can see the incoming request in the pcap but no answ...
- 10:05 PM Bug #15357 (Not a Bug): Password policy script remains running after it succeeds in another shell session
- It's not a bug. It isn't constantly checking to see if it's changed in the background. User can hit ^C to break out o...
- 09:21 PM Bug #15357 (Not a Bug): Password policy script remains running after it succeeds in another shell session
- After upgrading/install, @/usr/local/bin/usermgrpasswd@ is triggered, prompting a password change on the serial conso...
- 03:30 PM pfSense Packages Todo #15281 (Confirmed): Upgrade Tailscale to 1.6.0
- This is not currently available in the 24.03-BETA. We're still on 1.56.
- 02:50 PM Bug #14933: Traffic Graph Widget only displays half of the real UL/DL bandwidth used under certain conditions
- I can confirm that the patch works fine on 23.09.1.
Also available in: Atom