Activity
From 04/04/2024 to 05/03/2024
Today
- 02:44 PM pfSense Packages Todo #15458: Convert Spamhaus DROP/eDROP to one list and JSON format
- https://forum.netgate.com/topic/187930/spamhaus-drop-edrop-list
- 02:42 PM pfSense Packages Todo #15458 (New): Convert Spamhaus DROP/eDROP to one list and JSON format
- The lists are combined and there is no eDROP list:
https://www.spamhaus.org/resource-hub/network-security/spamhaus-d... - 02:10 PM pfSense Packages Bug #15457 (New): HAproxy disable zero copy forwarding
- See more details here:
https://forum.netgate.com/topic/187757/haproxy-100-cpu-usage
https://github.com/haproxy/... - 11:23 AM pfSense Bug #15456 (New): KEA DHCP allows entering static mappings with no IP address defined
- After defining a static mapping without an IP address, the DHCP lease page will display two entries for that MAC addr...
- 05:17 AM pfSense Plus Bug #15303: dpinger service does not always switch from Pending to Online
- In my case I am on 2.7.2 CE.
- 05:16 AM pfSense Plus Bug #15303: dpinger service does not always switch from Pending to Online
- I just got this on a IPv4 gateway DHCP WAN. Usually it works, but on powering up pfSense on this occasion it was stu...
- 12:14 AM pfSense Bug #14977: Stale Kea control socket lock file can prevent Kea from starting
- I have experienced the same problem today 2 days after updating to 24.03-RELEASE
In addition to all described abov...
05/02/2024
- 06:40 PM pfSense Bug #14591: Restoring with different interfaces (partially?) applies changes before reboot
- I ran into this again today, restoring a 3100 config to a 2100, both running 23.09.1. I deleted the OPT1 interface d...
- 06:28 PM pfSense Bug #14977: Stale Kea control socket lock file can prevent Kea from starting
- This issue was occurring for me too, and I have found a resolution. It manifests itself as a "ghost" kea process whi...
- 12:13 PM pfSense Packages Feature #15375 (Resolved): Update ntopng package
- 07:48 AM pfSense Plus Bug #15446 (Feedback): Kernel panic while pflow configured to export IPFIX
- The relevant patch has been merged to our branches and will be part of the next build.
05/01/2024
- 11:32 PM pfSense Packages Feature #15393: Return to the ga version of NUT
- This is in PR 1368 (https://github.com/pfsense/FreeBSD-ports/pull/1368).
- 11:29 PM pfSense Packages Feature #15375: Update ntopng package
- This can be closed as complete. Thanks.
- 05:50 PM pfSense Bug #15454 (Resolved): Minor GUI inconsistency in Certificate Management tab
- 05:50 PM pfSense Bug #15454: Minor GUI inconsistency in Certificate Management tab
- tested, patch fixes the issue
- 01:00 PM pfSense Bug #15454 (Feedback): Minor GUI inconsistency in Certificate Management tab
- Applied in changeset commit:7cbbda697adeabca5eaad369099ea995a4c2cd42.
- 11:08 AM pfSense Bug #15454 (Resolved): Minor GUI inconsistency in Certificate Management tab
- Minor inconsistency in GUI sub-tab displayed naming:
in System -> Cetificate tab the sub-tab for "Revocation" change... - 03:48 PM pfSense Bug #15440 (Resolved): CA certificates are not added to the Trust Store
- 03:36 PM pfSense Bug #15440: CA certificates are not added to the Trust Store
- I stand corrected.
patch works, wait time around 3 mins after adding a cert to trusted - 12:47 PM pfSense Bug #15440: CA certificates are not added to the Trust Store
- Georgiy Tyutyunnik wrote in #note-3:
> tested the patch:
> seems like imported ca is correctly recognised post-imp... - 12:42 PM pfSense Bug #15440: CA certificates are not added to the Trust Store
- tested the patch:
seems like imported ca is correctly recognised post-import as trusted only if you manually re-run... - 03:34 PM pfSense Todo #15455 (New): Improve Package Manager behavior when the installed pfSense version differs from the selected update branch
- When a new version of pfSense is available, the "Current" branch version changes to match the new version. This cause...
- 12:58 PM pfSense Bug #15453 (Not a Bug): Assignment of OpenVPN port to an Interface shuts down OpenVPN access to Netgate 1100/2100
- After assigning an OpenVPN interface you must edit/save the OpenVPN instance to properly reinitialize the underlying ...
- 12:52 PM pfSense Revision 7cbbda69: Correct inconsistent CRL tab names. Fixes #15454
04/30/2024
- 11:43 PM pfSense Bug #15453 (Not a Bug): Assignment of OpenVPN port to an Interface shuts down OpenVPN access to Netgate 1100/2100
- I have a Netgate 2100 that is set up with an OpenVPN server. I can readily connect to it remotely with the SparkLabs ...
- 06:53 PM pfSense Docs Todo #15450 (Closed): Feedback on High Availability
- Info added.
https://gitlab.netgate.com/docs/pfSense-docs/-/commit/b83e51d63a71013f568e8f7314993fcde182fd49 - 04:32 PM pfSense Packages Bug #15451: Cannot remove package
- Jim Pingle wrote in #note-1:
> There isn't nearly enough information here to go on, and this isn't the correct platf... - 12:15 PM pfSense Packages Bug #15451 (Incomplete): Cannot remove package
- There isn't nearly enough information here to go on, and this isn't the correct platform to diagnose the issue. Pleas...
- 12:06 AM pfSense Packages Bug #15451 (Incomplete): Cannot remove package
- The earlier issue I noticed where it wasn't sending information, I tried restarting the service, no change, so I went...
- 01:18 PM pfSense Todo #15422 (Resolved): Add current boot method to System Information widget
- 11:48 AM pfSense Todo #15422: Add current boot method to System Information widget
- works as expected
- 08:45 AM pfSense Packages Bug #13444: zabbix_proxy : cannot open "/var/log/zabbix-proxy/zabbix_proxy.log": [13] Permission denied
- This problem still exists in the latest version of pfSense (2.7.2-RELEASE) with all Zabbix agent and proxy packages (...
- 12:33 AM pfSense Bug #13996: Limiters using the fq_pie scheduler no longer pass any traffic.
- Confirm the problem, it was working, I then adjusted the quantume, then traffic started going into blackhole, I chang...
- 12:15 AM pfSense Bug #15452: Unexpected/Undefined behaviour of disabled interfaces
- The first option there seems far more logical to me but I have always assumed that was the behaviour anyway. Anyone r...
- 12:14 AM pfSense Bug #15452 (New): Unexpected/Undefined behaviour of disabled interfaces
- Interfaces that are assigned but disabled can produce unexpected behaviour.
Setting an interface to disabled when ...
04/29/2024
- 10:22 PM pfSense Docs Todo #15450 (Closed): Feedback on High Availability
- *Page:* https://docs.netgate.com/pfsense/en/latest/highavailability/index.html
*Feedback:*
Somewhere in the docs ... - 05:26 PM pfSense Bug #9453 (Resolved): Reconfiguring a parent LAGG interface breaks its VLANs
- To reproduce the issue, the parent interface (@lagg0@) needs to be added to the configuration as disabled. When an in...
- 05:02 PM pfSense Bug #9453: Reconfiguring a parent LAGG interface breaks its VLANs
- I can't replicate that in 24.03. Setting the lagg0 interface MTU (after assigning it) in a 7100 results in a ~30s out...
- 05:22 PM pfSense Bug #15449: Delete disabled gateway prevents static routes being loaded on boot
- Additional information.
The gateway that is disabled was originally used with a fiber provider's ONT/router which ... - 03:37 PM pfSense Bug #15449 (New): Delete disabled gateway prevents static routes being loaded on boot
- I have a pair of 4200s which were running 23.09.1
Both have an old gateway in a disabled state (see Disabled gateway... - 05:01 PM pfSense Packages Bug #15229 (Resolved): ACME DNS-Selfhost verification issues
- Fixed in ACME pkg v0.8
- 03:43 PM pfSense Packages Bug #15229 (In Progress): ACME DNS-Selfhost verification issues
- 05:01 PM pfSense Packages Bug #15061 (Resolved): acme.sh nsupdate with challengealias is failing
- Fixed in ACME pkg v0.8
- 03:25 PM pfSense Packages Bug #15061 (In Progress): acme.sh nsupdate with challengealias is failing
- 05:01 PM pfSense Packages Bug #14815 (Resolved): ACME.sh ingnores Certificates in Trust Store
- Fixed in ACME pkg v0.8
- 03:22 PM pfSense Packages Bug #14815 (In Progress): ACME.sh ingnores Certificates in Trust Store
- 05:00 PM pfSense Packages Bug #14796 (Resolved): ACME for domain registrar INWX in Germany
- Fixed in ACME pkg version ACME pkg v0.8
- 03:20 PM pfSense Packages Bug #14796 (In Progress): ACME for domain registrar INWX in Germany
- 04:17 PM pfSense Plus Bug #15446: Kernel panic while pflow configured to export IPFIX
- Fix in https://cgit.freebsd.org/src/commit/?id=221d459fbc67e0c0565d6c6ea52fe8bbc5466fc7
I've not yet cherry-picked... - 04:10 PM pfSense Revision c0cacc1f: fix config.xml recovery
- Use bsddialog because dialog no longer exists.
- 03:28 PM pfSense Packages Bug #15414 (Rejected): Program Loops on invalid domains
- Looks like it's looping inside acme.sh and not code we maintain, so you'd need to report that upstream.
- 03:26 PM pfSense Packages Bug #15292 (Duplicate): Certificate renewal with 'dns_inwx.sh' not working: Error add txt for domain:_acme-challenge.foo.bar
- Likely a duplicate of #14796
- 03:18 PM pfSense Packages Bug #12623 (Closed): acme.sh package | DNS-ISPConfig settings
- This has been fixed for a long time now.
- 03:16 PM pfSense Packages Bug #7453 (Closed): DNS-ovh need to save or display consumer key
- This field has been in the GUI for years.
- 03:15 PM pfSense Todo #15422 (Feedback): Add current boot method to System Information widget
- Applied in changeset commit:b891c3a33aff74f4ded6176a78b22ed84821036a.
- 03:07 PM pfSense Todo #15422 (In Progress): Add current boot method to System Information widget
- 03:06 PM pfSense Revision b891c3a3: Add boot method to sysinfo widget. Implements #15422
- 01:44 PM pfSense Plus Bug #15421: Netgate 3100 boot loader lacks Lua support but is trying to read loader.conf.lua
- Kris Phillips wrote in #note-2:
> Oddly, I'm getting a similar, but not the same error message on an x86 KVM VM. Se... - 01:35 PM pfSense Bug #15448: ``miniupnpd`` lacks IGDv2 support
- The choice between v1 and v2 is a compile-time option so we can't make it a GUI selection, however, given the age of ...
- 06:32 AM pfSense Bug #15448 (New): ``miniupnpd`` lacks IGDv2 support
- The pfSense documentation "here":https://docs.netgate.com/pfsense/en/latest/services/upnp.html claims that miniupnpd ...
- 12:49 PM pfSense Bug #15442 (Resolved): CLI password check exits with a write access error when checking is a read-only operation
04/28/2024
- 01:25 AM pfSense Packages Bug #15447 (Closed): Wireguard not sending keep-alives according to configuration
- Closing this redmine, per request.
- 01:22 AM pfSense Plus Bug #15421: Netgate 3100 boot loader lacks Lua support but is trying to read loader.conf.lua
- Oddly, I'm getting a similar, but not the same error message on an x86 KVM VM. See attached. Not sure if this is re...
04/27/2024
- 11:43 PM pfSense Bug #15411: Hostname missing from logs in certain cases can cause the system log to display in an unexpected manner
- I hit this a few days ago but have yet to see it happen again since rebooting after initially encountering
- 10:38 PM pfSense Bug #15442: CLI password check exits with a write access error when checking is a read-only operation
no errors
[2.8.0-DEVELOPMENT][test@pfSense.home.arpa]/home/test: usermgrpasswd -c
Current password is OK.
...- 10:24 PM pfSense Bug #9453 (Confirmed): Reconfiguring a parent LAGG interface breaks its VLANs
- changing anything regarding the parent interface stops all communication...
- 06:37 PM pfSense Bug #11192: Using Limiters causes out of order packets within one TCP or UDP flow
- I think I may have been affected by this.
I have used limiters in two scenario, one to make my home broadband not ... - 06:23 PM pfSense Packages Bug #15420 (Confirmed): Incorrect error pfBlockerNG MaxMind message.
- The message remains consistent whether you have entered only the MaxMind Account ID or only the MaxMind License Key o...
- 12:57 PM pfSense Packages Bug #15447: Wireguard not sending keep-alives according to configuration
- Sorry, having though about this a bit longer I realise the Keepalive is only sent when there's no Transport data sent...
- 09:49 AM pfSense Packages Bug #15447 (Closed): Wireguard not sending keep-alives according to configuration
I have configured my wireguard peers with a 30s keep-alive interval. As I was viewing a packet capture in Wireshark...- 10:17 AM pfSense Todo #15358: Correct description in “System Information” widget
- Jim Pingle wrote in #note-1:
> There is no need to use both forms everywhere. The string is already long enough as i...
04/26/2024
- 07:59 PM pfSense Bug #15434 (Resolved): DNS Forwarder ignores "Use remote DNS Servers, ignore local DNS" setting
- dylan mendez wrote in #note-6:
> This patch seems to work, however, I had to manually re-save the config on the Gene... - 07:19 PM pfSense Plus Bug #15446 (Feedback): Kernel panic while pflow configured to export IPFIX
- System: Netgate 4100
Version: 24.03-RELEASE
After switching the export protocol to Netflow v5, device is stable f... - 05:59 PM pfSense Packages Bug #15365 (Resolved): pfBlockerNG PHP error when editing a list
- PR merged, updated package should be available now on 24.03.
- 02:28 PM pfSense Packages Bug #15365: pfBlockerNG PHP error when editing a list
- ive added the fixes manually and confirmed all is well.
Any reason why this hasn't been pushed out via the repo? - 03:50 PM pfSense Docs Correction #15445 (New): Possible mistake in "WireGuard Site-to-Multisite VPN Configuration Example"
- Dear all,
i set up a Wireguard Site-to-Multisite VPN according to the pfSense configuration example.
Configurin... - 03:45 PM pfSense Plus Feature #15013: Speed Shift - Add Field to control lowest C-State
- Has been solved already and can be closed. Update 26.04: sry ignore my comment i confused it with another ticket - sry!
- 10:28 AM pfSense Packages Bug #15435: Long boot time when using wireguard VPN
- I bought a console cable and captured the reboot output (attached). It doesn't really show anything new. Most of the ...
- 04:01 AM pfSense Packages Bug #15444 (Duplicate): Since this update 24.03-RELEASE was installed, PFBlockerNG has not been functioning correctly.
- 02:41 AM pfSense Packages Bug #15444 (Duplicate): Since this update 24.03-RELEASE was installed, PFBlockerNG has not been functioning correctly.
- 24.03-RELEASE (amd64)
built on Wed Apr 24 10:38:00 PDT 2024
FreeBSD 15.0-CURRENT
Since this update was installed...
04/25/2024
- 11:50 PM pfSense Packages Bug #15443 (Duplicate): PHP Crash: pfBlockerNG/DNSBL/DNSBL Groups, attempt to add list
- 11:47 PM pfSense Packages Bug #15443: PHP Crash: pfBlockerNG/DNSBL/DNSBL Groups, attempt to add list
- Plus mark this as a dup of bug 15365 (and close I guess). I tried Christopher Cope's fix (two spots in the file) and...
- 11:12 PM pfSense Packages Bug #15443: PHP Crash: pfBlockerNG/DNSBL/DNSBL Groups, attempt to add list
- pfblockerng version 3.2.0_9. Same bug happens on a Netgate 1100 running 24.03_1 as well. Looks like duplicate of Bu...
- 09:34 PM pfSense Packages Bug #15443 (Duplicate): PHP Crash: pfBlockerNG/DNSBL/DNSBL Groups, attempt to add list
- Clicking Add to add a new list causes a PHP fatal error. Reproducible crash. Two copies of crash screenshots and PH...
- 08:35 PM pfSense Packages Feature #14706: Add Cloudflare tunnel pkg
- Vlad Saftoiu wrote:
> Could we get this added to the pfSense packages? This type of application is clearly meant to ... - 07:48 PM pfSense Docs Todo #15436 (Closed): Update notes for if-bound state policy
- I was thinking that but I wasn't certain if there was still some other issue hanging out there. I removed the note, i...
- 05:52 PM pfSense Regression #15439: Incorrect icon on collapsed dashboard widgets
- In source:src/usr/local/www/js/pfSenseHelpers.js#L486 the code that handles collapse/expand is adding/removing the fa...
- 12:36 PM pfSense Regression #15439 (New): Incorrect icon on collapsed dashboard widgets
- A collapsed widget on the dashboard shows the '+' icon where the wrench icon should be.
This is a regression since... - 05:40 PM pfSense Bug #15440 (Feedback): CA certificates are not added to the Trust Store
- Applied in changeset commit:27fc5a3020fe981b7a5bc98fc9b1660e8773fc7d.
- 05:32 PM pfSense Bug #15440 (In Progress): CA certificates are not added to the Trust Store
- Looks like the behavior of @certctl rehash@ changed and now it wipes out the contents of that directory when it did n...
- 04:25 PM pfSense Bug #15440 (Resolved): CA certificates are not added to the Trust Store
- stopped working after upgrade to 24.03
details in
https://forum.netgate.com/topic/187658/24-03-stuck-at-not-re... - 05:36 PM pfSense Docs Todo #15441 (Rejected): Update "Security Gateway Manual SG-2100", chapter 7
- The current docs are already saying most of that -- the only new bits are the driver, which already says "if needed" ...
- 04:47 PM pfSense Docs Todo #15441 (Rejected): Update "Security Gateway Manual SG-2100", chapter 7
- The writeup on how to connect to the console via a Mac is out of date. Sonoma MacOS has the driver built in, no driv...
- 05:32 PM pfSense Revision 27fc5a30: Fix CA trust store custom entries. Fixes #15440
- certctl rehash behavior changed, so we need to write the CA files out
differently now so it picks them up. - 05:30 PM pfSense Bug #15442 (Feedback): CLI password check exits with a write access error when checking is a read-only operation
- Applied in changeset commit:90c4a2fe6db1bafc8bb4bc038cf3e3664ac6db47.
- 05:23 PM pfSense Bug #15442 (Resolved): CLI password check exits with a write access error when checking is a read-only operation
- When running @usermgrpasswd -c@ to check the current user password it exits with an error message saying the user lac...
- 05:24 PM pfSense Revision 90c4a2fe: Fix usermgrpasswd check for non-privileged users. Fixes #15442
- 05:19 PM pfSense Bug #12393: Priority of qOthersLow higher than default queues
- Still the same in 23.09.1.
- 02:56 PM pfSense Packages Bug #15365: pfBlockerNG PHP error when editing a list
- i dont know how to add the patch from the screen shot.
I am hoping it can be available through the package manager. - 01:29 PM pfSense Packages Bug #15365: pfBlockerNG PHP error when editing a list
- There are actually 2 spots where this can cause an error. The pull request addresses both. The patch attached reflect...
- 12:37 PM pfSense Packages Bug #15365: pfBlockerNG PHP error when editing a list
- I've tested the patch against the:...
- 10:09 AM pfSense Packages Bug #15365: pfBlockerNG PHP error when editing a list
- you can try system patch
- 01:32 PM pfSense Packages Bug #15419 (Duplicate): pfBlockerNG - Issue with Adding or Changing Ipv4 Addresses
- 12:13 PM pfSense Packages Bug #15419: pfBlockerNG - Issue with Adding or Changing Ipv4 Addresses
- This seems to be a duplicate of #15365
- 09:13 AM pfSense Bug #15438 (New): NDP Table can be very slow
- The NDP table from diagnostics menu become really slow with many link-local entries.
The ndp_diag.php script get the... - 06:46 AM pfSense Feature #15437: Interfaces sorted alphabetically instead of naturally
- Opened a PR on GitHub: https://github.com/pfsense/pfsense/pull/4683
- 06:44 AM pfSense Feature #15437 (New): Interfaces sorted alphabetically instead of naturally
- When the option Interfaces Sort / Sort Alphabetically is enabled, Interfaces are sorted alphabetically instead of nat...
- 01:10 AM pfSense Bug #15434: DNS Forwarder ignores "Use remote DNS Servers, ignore local DNS" setting
- This patch seems to work, however, I had to manually re-save the config on the General Setup page for the changes to ...
04/24/2024
- 10:42 PM pfSense Regression #14773: Unable to boot pfSense after installation on Proxmox VE 8.x
- This is still an issue in 24.03. See: https://forum.netgate.com/topic/187667/uefi-vm-upgrade-failure
- 08:47 PM pfSense Feature #14483: Conditionally reconfigure IPsec VTI interfaces only when necessary while applying IPsec changes
- Hey Jim,
Is any hope in the fix coming to 24.07? - 08:38 PM pfSense Packages Bug #15365: pfBlockerNG PHP error when editing a list
- Any luck getting the PR merged?
I cant update any of my feeds without it. - 08:34 PM pfSense Packages Bug #15419: pfBlockerNG - Issue with Adding or Changing Ipv4 Addresses
- Ran into this today as well. Attempting to add a feed to aid in troubleshooting a download issue.
Crash repo... - 08:30 PM pfSense Docs Todo #15436 (Closed): Update notes for if-bound state policy
- https://docs.netgate.com/pfsense/en/latest/config/advanced-firewall-nat.html#interface-bound-states
> For systems wi... - 08:14 PM pfSense Packages Bug #15435: Long boot time when using wireguard VPN
- Just to document what I did, completely. To generate the first general timing trace of /etc/rc.bootup:
1. apply th... - 07:54 PM pfSense Packages Bug #15435 (New): Long boot time when using wireguard VPN
(Additional details in https://forum.netgate.com/post/1163707)
My reason for investigating this was boot times o...- 07:57 PM pfSense Regression #15430: Interface-bound state policy does not handle IPsec VTI traffic as expected when filtering on enc0
- I added notes about this to the docs about state policy in general (and in the release notes): https://docs.netgate.c...
- 07:53 PM pfSense Regression #15430: Interface-bound state policy does not handle IPsec VTI traffic as expected when filtering on enc0
- I have made the firewall a VTI/Routed IPsec gateway moving forward.
Considering this drawback is noted in the docum... - 01:43 PM pfSense Regression #15430: Interface-bound state policy does not handle IPsec VTI traffic as expected when filtering on enc0
- If you do not have **any** tunnel mode IPsec (no site to site tunnel mode P2s, no mobile IPsec) you could change the ...
- 01:38 PM pfSense Regression #15430: Interface-bound state policy does not handle IPsec VTI traffic as expected when filtering on enc0
- IPsec Filter Mode set to 'Filter IPsec Tunnel, Transport and VTI on IPsec tab'
- 01:31 PM pfSense Regression #15430: Interface-bound state policy does not handle IPsec VTI traffic as expected when filtering on enc0
- IPsec is fundamentally different in how it's handled compared to things like WireGuard/OpenVPN/OpenVPN+DCO. IPsec can...
- 01:15 PM pfSense Regression #15430: Interface-bound state policy does not handle IPsec VTI traffic as expected when filtering on enc0
- VTI mode for IPsec.
To reiterate, Wireguard VPN w/ BGP saw no issues. - 12:58 PM pfSense Regression #15430: Interface-bound state policy does not handle IPsec VTI traffic as expected when filtering on enc0
- What type of IPsec VPN, policy-based or VTI? Since you mention BGP, I'm guessing VTI, but it needs to be confirmed.
... - 07:50 PM pfSense Bug #15434 (Feedback): DNS Forwarder ignores "Use remote DNS Servers, ignore local DNS" setting
- Applied in changeset commit:247909ff5387200fb31c76f13e7702a8fbdc06f4.
- 07:43 PM pfSense Bug #15434 (In Progress): DNS Forwarder ignores "Use remote DNS Servers, ignore local DNS" setting
- OK, I can also reproduce this with the DNS Forwarder. I also have a fix coming. Looks like some parenthesis around th...
- 06:33 PM pfSense Bug #15434: DNS Forwarder ignores "Use remote DNS Servers, ignore local DNS" setting
- same behavior on my edge when switching to forwarder...
- 06:27 PM pfSense Bug #15434: DNS Forwarder ignores "Use remote DNS Servers, ignore local DNS" setting
- I can replicate this issue. It's present only when you disable unbound and enable the forwarder(dnsmasq).
*Use remo... - 05:31 PM pfSense Bug #15434 (Not a Bug): DNS Forwarder ignores "Use remote DNS Servers, ignore local DNS" setting
- I can't reproduce that here.
Before:... - 05:20 PM pfSense Bug #15434 (Resolved): DNS Forwarder ignores "Use remote DNS Servers, ignore local DNS" setting
- In General Setup if use option "Use remote DNS Servers, ignore local DNS" the DNS Forwarder still try to use local DN...
- 07:43 PM pfSense Revision 247909ff: Fix resolv.conf logic for DNS Forwarder. Fixes #15434
- 06:17 PM pfSense Docs Todo #15432 (Closed): Feedback on Installing and Upgrading — Online Network Installer
- This is corrected now, the document contains appropriate links to the relevant store pages.
- 04:02 PM pfSense Docs Todo #15432: Feedback on Installing and Upgrading — Online Network Installer
- Yes, that is due to be replaced. Things are still settling into their final places but I can put in the current locat...
- 03:25 PM pfSense Docs Todo #15432 (Closed): Feedback on Installing and Upgrading — Online Network Installer
- *Page:* https://docs.netgate.com/pfsense/en/latest/install/netinstaller.html
*Feedback:*
"insert URL here" should... - 06:16 PM pfSense Plus Regression #15433 (Resolved): ``smartmontools`` is not present on ARM builds (64 or 32 bit)
- Looks good here.
Users don't need to reinstall or re-upgrade, they can fix it a couple different ways:
Either t... - 05:53 PM pfSense Plus Regression #15433 (Feedback): ``smartmontools`` is not present on ARM builds (64 or 32 bit)
- 05:04 PM pfSense Plus Regression #15433 (Resolved): ``smartmontools`` is not present on ARM builds (64 or 32 bit)
- The @smartmontools@ package is not present on 64-bit ARM builds (1100, 2100) or 32-bit ARM builds (3100). It is still...
- 01:02 PM pfSense Bug #15431 (Duplicate): Interface Bound Firewall State Policy Breaks IPsec VTI
- Usually states would only disappear like that if the traffic is not being matched in both directions and then times o...
- 05:51 AM pfSense Bug #15431 (Duplicate): Interface Bound Firewall State Policy Breaks IPsec VTI
- After upgrading to pfSense 24.03 IPsec VTI firewall states are broken. The scenario is:
A pfSense router A has a s... - 12:54 PM pfSense Plus Bug #15126 (Resolved): SG-1100 pfSense+ recovery results in non aligned disk slices
- This may not have been fixed specifically but happens to be handled better in the new installer from the start. The o...
- 10:04 AM pfSense Plus Bug #15126: SG-1100 pfSense+ recovery results in non aligned disk slices
- Quick update - it appears that the new pfSense+ 24.03 installer for SG-1100 (bundled in recovery image netgate-instal...
04/23/2024
- 10:36 PM pfSense Packages Bug #15419: pfBlockerNG - Issue with Adding or Changing Ipv4 Addresses
- I can replicate this easily on version 24.03 release.
- 10:22 PM pfSense Regression #15430 (New): Interface-bound state policy does not handle IPsec VTI traffic as expected when filtering on enc0
- https://forum.netgate.com/topic/187632/24-03-frr-has-flapping-bgp-neighbors/3
In my set up there are two VPN types... - 05:51 PM pfSense Feature #15426: Add the ability to configure dynamic gateways even when they are offline
- Marcos - thank you for pointing that out, it is exactly what I was looking for!
I would suggest adding a note to t... - 05:35 PM pfSense Feature #15426: Add the ability to configure dynamic gateways even when they are offline
- If it's created using the would-be name (use @dynamic@ as the address). For further discussion, if needed, please pos...
- 03:18 PM pfSense Feature #15426: Add the ability to configure dynamic gateways even when they are offline
- I have a unit with 24.03 installed. Both WAN and WAN2 are DHCP. WAN is connected and has a valid IP configuration inc...
- 02:53 AM pfSense Feature #15426 (Closed): Add the ability to configure dynamic gateways even when they are offline
- This is already the case in 24.03 (dynamic gateways are saved to the config).
- 05:40 PM pfSense Feature #15429 (New): Suggested wording improvements for gateway failure and recovery settings
- I'm excited about the new gateway recovery behavior that's available in 24.03. However, I found that the [blog post[h...
- 04:11 PM pfSense Bug #15299 (Resolved): Old auto-added MAC addresses are not pruned for non-concurrent Captive Portal sessions
- 04:11 PM pfSense Bug #15156 (Resolved): Fragmented packets delayed by limiters are lost
- 04:11 PM pfSense Regression #15076 (Resolved): DHCP leases may not be restored from older configuration backups
- 04:11 PM pfSense Bug #15032 (Resolved): Kea DHCP sends wrong bootloader file for UEFI
- 04:11 PM pfSense Feature #14728 (Resolved): Support for CD/DVD drives in the External Configuration Locator (ECL)
- 04:11 PM pfSense Regression #14431 (Resolved): Sending IPv6 traffic on a disabled interface can trigger a kernel panic
- 04:11 PM pfSense Bug #14312 (Resolved): MSS clamping on VPN traffic does not work on IPsec IPv6 mobile VPNs
- 04:11 PM pfSense Bug #14290 (Resolved): ICMPv6 Path MTU Discovery breaks with NPT
- 04:11 PM pfSense Todo #13263 (Resolved): Reduce log spam when deleting a static DHCP entry
- 04:11 PM pfSense Bug #13090 (Resolved): OpenVPN NetBIOS Node Type and Scope ID options are not pushed to clients
- 04:11 PM pfSense Feature #13085 (Resolved): OpenVPN NBDD server options
- 04:11 PM pfSense Bug #12947 (Resolved): DHCP6 client does not take any action if the interface IPv6 address changes during renewal
- 04:11 PM pfSense Bug #12920 (Resolved): Gateway behavior differs when the gateway does not exist in the configuration
- 04:11 PM pfSense Bug #12673 (Resolved): Firewall Logs Dashboard Widget is slow and may fail to update
- 04:11 PM pfSense Bug #9453 (Resolved): Reconfiguring a parent LAGG interface breaks its VLANs
- 04:10 PM pfSense Plus Regression #15387 (Resolved): Boot failure detection tripping on config reset button during boot
- 04:10 PM pfSense Plus Feature #15280 (Closed): Boot Environments 2.0
- Closing, it's in the release, any issues can be opened separately going forward.
- 12:30 PM pfSense Packages Feature #15427 (Duplicate): Create file that can be imported into the Wireguard Apps (on the Android, Windows etc)
- Duplicate of #13469
- 03:18 AM pfSense Packages Feature #15427 (Duplicate): Create file that can be imported into the Wireguard Apps (on the Android, Windows etc)
- When setting up new peer for connecting to Wireguard, there is an option to import a file to create the tunnel on the...
- 12:29 PM pfSense Bug #15428 (Not a Bug): UI appears to put incorrect CARP parameters into the low level NIC configurations
- A skew of 254 indicates a problem in your setup not a problem with how the settings were applied. Either they are in ...
- 11:22 AM pfSense Bug #15428: UI appears to put incorrect CARP parameters into the low level NIC configurations
- First check to see if you have you have both nodes in CARP maintenance mode. If so, take them out of that mode and ch...
- 06:43 AM pfSense Bug #15428 (Not a Bug): UI appears to put incorrect CARP parameters into the low level NIC configurations
- it appears that there is a bug with the UI and supporting code, for v2.7.2-RELEASE, in regard to the way that the UI ...
- 12:19 AM pfSense Feature #15425: Add a description field to interfaces
- I realized that interfaces already have a field called "Description", but it's actually more like a "Name" field, as ...
04/22/2024
- 11:59 PM pfSense Feature #15426 (Closed): Add the ability to configure dynamic gateways even when they are offline
- For WAN interfaces set to DHCP, no gateway is created under System > Routing if the interface does not have a valid g...
- 11:23 PM pfSense Feature #15425 (New): Add a description field to interfaces
- Many areas of pfSense have a "Description" field that is simply for adding reference notes. This would be very useful...
- 10:30 PM pfSense Plus Regression #15424 (New): Image label file is incorrect.
- In the 24.03 recovery images the image label file is shown as:...
- 05:47 PM pfSense Bug #11192: Using Limiters causes out of order packets within one TCP or UDP flow
- It may be that due to the way dummynet works, packets will inevitably arrive out of order. Dummynet will let packets ...
- 04:45 PM pfSense Bug #15423 (New): PHP error when applying interface settings if the ``/tmp/.interfaces.apply`` file is present but empty
- If the @/tmp/.interfaces.apply@ file is present but empty it can lead to a PHP error when applying interface settings...
- 03:34 PM pfSense Feature #10250: DHCP lease view by interface
- Jim Pingle wrote in #note-1:
> The leases are not tracked by interface, so this is not easily possible. Others have ... - 03:27 PM pfSense Todo #15422 (Resolved): Add current boot method to System Information widget
- It would be helpful to include the contents of the @machdep.bootmethod@ sysctl in the System Information widget most ...
- 02:02 PM pfSense Plus Bug #15421 (Confirmed): Netgate 3100 boot loader lacks Lua support but is trying to read loader.conf.lua
- Confirmed. Does not prevent booting though. Or have any noticable impact since loader.conf.lua does not contain any ...
04/21/2024
- 06:21 AM pfSense Plus Feature #15412: Improve error feedback from pfSense-upgrade
- I encountered this on clean install to 4100 with: pfSense-plus-memstick-serial-24.03-RELEASE-amd64.img.
The error wa... - 01:33 AM pfSense Plus Bug #15421 (Confirmed): Netgate 3100 boot loader lacks Lua support but is trying to read loader.conf.lua
- When booting the Netgate 3100, there appears to be a bootloader syntax error present:
Booting from disk1s2a:
Load... - 12:32 AM pfSense Bug #9453: Reconfiguring a parent LAGG interface breaks its VLANs
- I'm still seeing these connectivity issues following manipulating anything about the parent LAGG interface on 24.03. ...
- 12:25 AM pfSense Plus Bug #15401: 23.09.1 to 24.03b update fails EFI with ZFS mirror
- my system is not EFI (XG7100) but have not been experiencing any issues with my mirrors updating along with bootcode
... - 12:13 AM pfSense Bug #14261: Trim white space in a DHCP Leases page search field
- Tested on...
- 12:01 AM pfSense Bug #14261: Trim white space in a DHCP Leases page search field
- same behavior as above using 24.03.r.20240416.0005, adding a space on either side removes any results when searching
- 12:06 AM pfSense Todo #13263: Reduce log spam when deleting a static DHCP entry
- I see the following when removing a static DHCP entry running 24.03.r.20240416.0005...
04/20/2024
- 11:09 PM pfSense Plus Bug #15303: dpinger service does not always switch from Pending to Online
- Tested on 24.03-RELEASE and this issue is still present.
- 11:08 PM pfSense Plus Bug #15404: Captive Portal captiveportal-default-logo.png Missing from Post-authentication Page
- Tested in 24.03-RELEASE and this issue is still present.
- 05:58 AM pfSense Packages Bug #15420 (Confirmed): Incorrect error pfBlockerNG MaxMind message.
- WHERE
In “ MaxMind GeoIP configuration” section
ISSUE
Wrong error alerting message:
“ *pfBlockerNG MaxMind - M... - 02:18 AM pfSense Packages Bug #15419 (Duplicate): pfBlockerNG - Issue with Adding or Changing Ipv4 Addresses
- Hi PFsense+ Community,
I am running the 24.03RC version and have run into an issue with updating IPv4 lists in PFB...
04/19/2024
- 06:22 PM pfSense Docs Correction #15403 (Closed): openvpn client speciffic overrides, local networks clarification
- Info added: https://gitlab.netgate.com/docs/pfSense-docs/-/commit/9011224272ea0934535d8530da838580f91c988b
- 02:39 PM pfSense Plus Regression #15407 (Resolved): pfSense-upgrade incorrectly creates 'unknown error' notice.
- Confirmed that this is no longer an issue on...
04/18/2024
- 10:19 PM pfSense Plus Bug #15418: Incorrect links to edit static mapping and WOL on DHCPv6 leases (status_dhcpv6_leases.php). URL parameter values missing.
- And just to clarify, the broken action links appear for a DHCPv6 lease with static mapping, the action links for a dy...
- 05:41 PM pfSense Plus Bug #15418 (New): Incorrect links to edit static mapping and WOL on DHCPv6 leases (status_dhcpv6_leases.php). URL parameter values missing.
On the DCHPv6 leases page (status_dhcpv6_leases.php), the links for editing the static mapping and WOL are incorrec...- 08:28 PM pfSense Bug #15066: PHP allocation failure in pfsense-utils.inc
- Once again, happened while I was out of the country and not interacting with pfSense at all:
Crash report begins. ... - 07:42 PM pfSense Bug #15417 (Not a Bug): static mappings for the ISC DHCP IPv4 server are ignored when the IP Address field is left blank
- Seems there is a bit of a misunderstanding. When you omit the IP address it's not a "static" mapping it's defining a ...
- 04:41 PM pfSense Bug #15417 (Not a Bug): static mappings for the ISC DHCP IPv4 server are ignored when the IP Address field is left blank
- If I make a static DHCP mapping configuration where leave the IP address box blank (I want the IP given out to be dyn...
- 01:28 PM pfSense Feature #14762: Support X25519 and X448 public key algorithms in certificates
- This looks like a regression – I've got some OpenVPN servers that are set up with ed25519 certificates, which pfSense...
- 12:12 PM pfSense Bug #15416 (Duplicate): Php Error when moving IPsec-Phase2 entries
- Duplicate of #15157 and #15384 -- Both already fixed.
- 11:53 AM pfSense Bug #15416 (Duplicate): Php Error when moving IPsec-Phase2 entries
- Greeting,
when trying to move phase 2 entries via the gui a php-error occurs.
PHP errors
PHP ERROR: Type: 1, ... - 01:19 AM pfSense Packages Bug #15365 (Pull Request Review): pfBlockerNG PHP error when editing a list
- https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/393
04/17/2024
- 10:18 PM pfSense Packages Bug #15365: pfBlockerNG PHP error when editing a list
- This is due to a change in behavior with the range function as of PHP 8.3.0 https://www.php.net/manual/en/function.ra...
- 04:28 PM pfSense Feature #15415: Enhance the firewall log action hover information view, show reason info
- For users hitting #15400 who want to see the reason code ("ip-options" in that problem case), this diff will add it t...
- 04:27 PM pfSense Feature #15415 (New): Enhance the firewall log action hover information view, show reason info
- Currently hovering over the action icon on a firewall log entry shows a small tooltip with the action text and the ru...
- 03:34 PM pfSense Feature #12190: Add ability to reference ipv6 prefix in firewall rules and aliases
- Same here.
pfSense is missing some kind of another dropdown for that @::@ feature in dynamic prefix cases to select ... - 03:33 PM pfSense Feature #6626: Support for IPv6 firewall entries with dynamic delegated prefix and static host address
- Anyone who searches the mentioned PR above: https://github.com/pfsense/pfsense/commit/7c4b3d3c8d2d15b1e59d1d262cc295a...
- 01:52 PM pfSense Packages Bug #15414 (Rejected): Program Loops on invalid domains
- Was testing ACME package with one of my test domains registered with FREENOM.
FREENOM now does not resolve this doma... - 12:25 PM pfSense Plus Bug #15386 (Resolved): EULA Prompting Twice on Plus
- Tested against:...
- 11:59 AM pfSense Bug #15413 (New): Kernel panic in HA nodes when under high load
- Two 1541s running 23.09.1 in this example:...
- 11:36 AM pfSense Plus Bug #15395 (Resolved): install-boot trips on BIOS installs when an EFI partition is present.
- 03:55 AM pfSense Plus Bug #15401: 23.09.1 to 24.03b update fails EFI with ZFS mirror
- 24.03.r.20240416.0005 seems to resolve this.
Now still seeing "efibootmgr: efi_get_variable: Bad address" but it m...
04/16/2024
- 06:20 PM pfSense Plus Feature #15412 (New): Improve error feedback from pfSense-upgrade
- Recent versions of pfSense-upgrade include code for collecting handling errors in order to present it to the user as ...
- 03:53 PM pfSense Bug #15328: Kea DHCP corrupts existing leases when a new DHCP pool is added
- I can confirm this is happening to me as well. I added a new VLAN interface, new DHCP range, and now half of what is ...
- 03:01 PM pfSense Bug #15411: Hostname missing from logs in certain cases can cause the system log to display in an unexpected manner
- Dug more into this and the problem is that somehow at boot the hostname was not being printed in the system logs on j...
- 01:07 PM pfSense Bug #15411 (New): Hostname missing from logs in certain cases can cause the system log to display in an unexpected manner
- With the system log set to show ~500 lines the system log tab will also show most if not all of the kernel boot messa...
- 12:24 PM pfSense Plus Regression #15407 (Feedback): pfSense-upgrade incorrectly creates 'unknown error' notice.
- https://gitlab.netgate.com/pfSense/factory-ports/-/merge_requests/101
Fixed in pfSense-upgrade-1.2.20 - 01:10 AM pfSense Packages Bug #15410: cache_object://URL Scheme is removed in Squid-6
- Sorry This is the issue I am researching on how to resolve do to the cache_object change
I just have to find the ... - 01:08 AM pfSense Packages Bug #15410: cache_object://URL Scheme is removed in Squid-6
- !Screenshot%202024-04-15%20at%2018.07.13.png!
I can access the cachemgr.cgi if you are using it within the lightsq... - 12:59 AM pfSense Packages Bug #15410: cache_object://URL Scheme is removed in Squid-6
- !Screenshot%202024-04-15%20at%2017.58.36.png!
Testing - 12:57 AM pfSense Packages Bug #15410: cache_object://URL Scheme is removed in Squid-6
- Test failed it still says no access
!Screenshot%202024-04-15%20at%2017.57.24.png!
- 12:45 AM pfSense Packages Bug #15410: cache_object://URL Scheme is removed in Squid-6
- squidclient mgr:info
no longer works this should be changed to reflect the new use with
squidclient -h 127.0.0... - 12:40 AM pfSense Packages Bug #15410: cache_object://URL Scheme is removed in Squid-6
- @function squid_status() {
if (is_service_running('squid')) {
init_config_arr(array('installedpackages', 'squidc... - 12:31 AM pfSense Packages Bug #15410: cache_object://URL Scheme is removed in Squid-6
- this calls /usr/local/sbin/squidclient with the older URI scheme
to access mgr:info - 12:30 AM pfSense Packages Bug #15410: cache_object://URL Scheme is removed in Squid-6
- this is part of status_squid.php
- 12:18 AM pfSense Packages Bug #15410 (New): cache_object://URL Scheme is removed in Squid-6
- Hello fellow pfSense Squid Proxy Users can you please help?
I am so happy 6.6 is part of pfSense 24 however some s...
04/15/2024
- 06:45 PM pfSense Plus Regression #15409 (New): AMD watchdog module is missing
- The amdsbwd kernel module is missing from recent versions resulting in errors on Netgate APU2/4 devices (PCEngines AP...
- 06:07 PM pfSense Bug #15405: leap seconds update server has changed
- For completeness, someone did open a case upstream: https://bugs.ntp.org/show_bug.cgi?id=3898
- 05:59 PM pfSense Bug #15405: leap seconds update server has changed
- Will report upstream. Thanks!
- 12:24 PM pfSense Bug #15405 (Needs Patch): leap seconds update server has changed
- That file is part of the NTP package (@ntp.org@), Netgate does not maintain that code. It should be reported upstream...
- 05:59 PM pfSense Todo #15408 (New): Reduce inconsistencies between Configuration History with/without ZFS Boot Environments
- The Configuration History page has diverged a bit between Plus w/Boot Environments and CE which is making it confusin...
- 05:53 PM pfSense Plus Regression #15407 (Resolved): pfSense-upgrade incorrectly creates 'unknown error' notice.
- The error reporting in pfSense-upgrade incorrectly creates an alert when it's run an an upgrade check and a new versi...
- 04:34 PM pfSense Feature #15406 (New): rules: make Virtual IPs selectable as destination
- In NAT port forwards it is possible to directly select a Virtual IP (IP Alias, CARP) address from the dropdown list a...
- 01:33 PM pfSense Docs New Content #15191 (Closed): Document new Packet Flow Data functionality (Plus Only)
- 12:29 PM pfSense Feature #15402: A new approach to rc.start_packages
- It might be viable but you have the logic a bit backward. The base system should not have specific knowledge of any p...
04/14/2024
- 06:21 AM pfSense Bug #15405 (Needs Patch): leap seconds update server has changed
- /usr/local/sbin/update-leap is attempting to use:
https://www.ietf.org/timezones/data/leap-seconds.list
Per the... - 03:09 AM pfSense Plus Bug #15303: dpinger service does not always switch from Pending to Online
- Tested on 24.03-RC and this issue is still present.
- 03:00 AM pfSense Plus Bug #15388: Serial/VGA console forces password reset on 24.03 but Setup Wizard still prompts during setup to change the password erroneously
- Jim Pingle wrote in #note-1:
> The wizard has always prompted to change the password, users like having the option. ... - 02:40 AM pfSense Bug #14261: Trim white space in a DHCP Leases page search field
- on 24.03.r.20240410.1729 adding a leading/trailing space to a search term returns no results
- 01:58 AM pfSense Plus Regression #15387: Boot failure detection tripping on config reset button during boot
- On the 4100 & 4200 as of...
- 12:34 AM pfSense Plus Bug #15404 (New): Captive Portal captiveportal-default-logo.png Missing from Post-authentication Page
- After signing into the Captive Portal, the default captive portal logo is not loading properly. The logo appears to ...
04/13/2024
- 10:12 PM pfSense Docs Correction #15403 (Closed): openvpn client speciffic overrides, local networks clarification
- URL: https://docs.netgate.com/pfsense/en/latest/vpn/openvpn/configure-overrides.html
sub heading: IPv4/IPv6 Local ... - 09:47 PM pfSense Regression #15074: ISO fails to boot UEFI
- This also occurs in the online upgrade process (in this case on PVE 8.1.10).
22.05 --> 23.01 (success)
23.01 --> 23... - 08:18 PM pfSense Feature #15402 (New): A new approach to rc.start_packages
- I have been facing some issues with NUT package due to rc.start_packages.
Once an interfaces goes down, NUT restarts... - 03:50 PM pfSense Regression #15400: IGMP packets are logged when the filter rule has logging disabled
- Kristof Provost wrote in #note-2:
> This is intentional, in the sense that it was always meant to log, but didn't du... - 08:50 AM pfSense Regression #15400 (Not a Bug): IGMP packets are logged when the filter rule has logging disabled
- This is intentional, in the sense that it was always meant to log, but didn't due to a bug that's now been fixed.
... - 12:18 PM pfSense Plus Bug #15401: 23.09.1 to 24.03b update fails EFI with ZFS mirror
System is using Coreboot (EFI only) and has a ZFS mirror:...- 12:17 PM pfSense Plus Bug #15401 (New): 23.09.1 to 24.03b update fails EFI with ZFS mirror
- System is using Coreboot (EFI only) and has a ZFS mirror:...
04/12/2024
- 09:42 PM pfSense Plus Feature #13227 (Resolved): Group-based Mobile IPsec Virtual Address Pool assignment via RADIUS
- 09:40 PM pfSense Plus Feature #13227: Group-based Mobile IPsec Virtual Address Pool assignment via RADIUS
- That worked perfectly. Thank you guys!
- 09:28 PM pfSense Regression #15400: IGMP packets are logged when the filter rule has logging disabled
- It may be this is intended behavior, though it's worth clarifying if so.
- 09:02 PM pfSense Regression #15400 (Not a Bug): IGMP packets are logged when the filter rule has logging disabled
- Example rules:...
- 05:58 PM pfSense Bug #15399 (Resolved): Local host gateways are shown in the default gateways list
- 05:56 PM pfSense Bug #15399: Local host gateways are shown in the default gateways list
- The patch looks good against 24.03-RC.
- 03:40 PM pfSense Bug #15399 (Feedback): Local host gateways are shown in the default gateways list
- Applied in changeset commit:15eb946bc19222df48318fd6f9c9cb9e88e54690.
- 03:30 PM pfSense Bug #15399 (Ready To Test): Local host gateways are shown in the default gateways list
- https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/1148
- 02:31 PM pfSense Bug #15399 (Resolved): Local host gateways are shown in the default gateways list
- In System > Routing > Gateways the default gateway drop-down selection should not contain localhost (null) gateways. ...
- 05:56 PM pfSense Revision 9fd4cb96: Update comment
- The updated comment matches the actual behavior. Albeit the
variable name is unintuitive, it follows the behavior bef... - 05:52 PM pfSense Bug #15082 (Closed): Upgrade fails due to unmounted EFI filesystem
- Closing this since it didn't turn out to be what we thought, and fixing problems caused by incorrect manual alteratio...
- 05:39 PM pfSense Bug #15081: Upgrade fails due to undersized EFI filesystem
- Moving this ahead as it still might be an issue though it's unclear how many affected systems may be left in the wild...
- 03:08 PM pfSense Revision 15eb946b: Correct bitwise check when getting a list of gateways. Fix #15399
- 12:47 PM pfSense Plus Bug #15395: install-boot trips on BIOS installs when an EFI partition is present.
- https://gitlab.netgate.com/pfSense/factory-ports/-/merge_requests/100
- 10:05 AM pfSense Plus Bug #15196: AWS ena interfaces can become unstable/stop responding
- Cpu load corresponds with NIC errors in #2598286486
!clipboard-202404121406-jhrkf.png!
- 08:16 AM pfSense Plus Bug #15196: AWS ena interfaces can become unstable/stop responding
- Another client hit this issue ticket #2598286486
- 08:12 AM pfSense Packages Feature #15398 (New): Fusioninventory Agent
- This tool already works well through the FreeBSD repo.
Fusioninventory is a collection of small tools to perform i... - 08:07 AM pfSense Packages Feature #15397 (New): Wazuh Agent
- This already works well through the FreeBSD repo.
Wazuh is a free and open source platform used for threat prevent... - 07:59 AM pfSense Bug #15171: Removing an IPsec Phase 1 entry can either remove the wrong Phase 2 entries or leave orphaned Phase 2 entries in the configuration
- DBACORP DBACORP wrote in #note-9:
> Reproduced the same issue in PLUS version 23.09.1 and the issue persisted.
> ... - 07:16 AM pfSense Bug #15178 (Confirmed): ACB (autoconfig backup) restore always returns could not decrypt despite proper password
- Yes, I was able to reproduce the described behavior.
Tested against the following versions:...
04/11/2024
- 09:15 PM pfSense Plus Feature #13227: Group-based Mobile IPsec Virtual Address Pool assignment via RADIUS
- Thanks for testing! Try it with this "patch":https://docs.netgate.com/pfsense/en/latest/development/system-patches.ht...
- 08:08 PM pfSense Plus Feature #13227 (In Progress): Group-based Mobile IPsec Virtual Address Pool assignment via RADIUS
- 01:34 PM pfSense Plus Feature #13227: Group-based Mobile IPsec Virtual Address Pool assignment via RADIUS
- I am having issues creating multiple groups. I just installed the plus 24.03 RC last night on my box at home so I can...
- 08:54 PM pfSense Regression #15391: Prior bug #9459 in 2.7.2: pfr_update_stats: assertion failed.
- Believe that the source of the issue was determined:
* set net.bpf.zerocopy_enable=1
* on the external interface co... - 08:19 PM pfSense Plus Bug #15396 (New): BE upgrade process deferred pkg install can cause significant delays
- Some package install scripts attempt to connect out to update lists/signatures/aliases. When run as part of the new B...
- 07:01 PM pfSense Packages Feature #15375: Update ntopng package
- Tested in 24.03 RC -- working as intended.
- 07:01 PM pfSense Regression #14970 (Resolved): Static ARP assignments lose ``permanent`` flag in ARP table
- 07:00 PM pfSense Regression #14970: Static ARP assignments lose ``permanent`` flag in ARP table
- Tested with 24.03 RC -- issue appears resolved.
- 04:50 PM pfSense Plus Bug #15395: install-boot trips on BIOS installs when an EFI partition is present.
- That is the scheme the Net Installer uses by default on a legacy booting device such as the 7100.
- 04:39 PM pfSense Plus Bug #15395 (Resolved): install-boot trips on BIOS installs when an EFI partition is present.
- As mentioned in the title install-boot tries to set a UEFI boot option but fails and exists:...
- 02:52 PM pfSense Bug #15178: ACB (autoconfig backup) restore always returns could not decrypt despite proper password
- I am unable to reproduce on either...
- 11:04 AM pfSense Plus Bug #15386 (Confirmed): EULA Prompting Twice on Plus
- 10:44 AM pfSense Plus Bug #15386: EULA Prompting Twice on Plus
- I can confirm the described behavior.
Tested against the following release:... - 06:39 AM pfSense Packages Feature #15394 (New): Azure VNet (VPC) Wizard
- Is is there any chance to create/develop Azure VPC (VNet) Wizard, which is similar to the existing AWS VPC Wizard in ...
04/10/2024
- 06:06 PM pfSense Packages Feature #15375: Update ntopng package
- The package has been tested by a couple of users on 23.09.1, and it works as intended.
- 05:55 PM pfSense Packages Feature #15393 (New): Return to the ga version of NUT
- With the release of 2.8.2, NUT is again stable. Move from the development version (nut-devel) back to the release ver...
- 12:59 PM pfSense Packages Bug #15392 (Rejected): Package Service Watchdog issue during reinstall
- The package system has no special knowledge of individual packages and adding that would create a significant amount ...
- 01:23 AM pfSense Packages Bug #15392 (Rejected): Package Service Watchdog issue during reinstall
- Hello fellow pfSense Redmine members,
Can we please migrate the last item to be reinstalled on package reinstall t...
04/09/2024
- 09:52 PM pfSense Regression #15391: Prior bug #9459 in 2.7.2: pfr_update_stats: assertion failed.
- Thank you. We'll need more info to review the issue further. You may generate a status report of the system by append...
- 07:15 PM pfSense Regression #15391: Prior bug #9459 in 2.7.2: pfr_update_stats: assertion failed.
- No for all three questions.
- 04:59 PM pfSense Regression #15391: Prior bug #9459 in 2.7.2: pfr_update_stats: assertion failed.
- Are there any crash reports showing on the dashboard? Or perhaps a crash/panic shown in the console? Does the system ...
- 04:11 PM pfSense Regression #15391: Prior bug #9459 in 2.7.2: pfr_update_stats: assertion failed.
- This was on a direct install (2.7.2) - no backup restored. Recalled this being present in an earlier version. Nothi...
- 03:18 PM pfSense Regression #15391: Prior bug #9459 in 2.7.2: pfr_update_stats: assertion failed.
- Are there any changes to the system or configuration that increases the verbosity? The code to silence that on the de...
- 08:51 AM pfSense Regression #15391 (New): Prior bug #9459 in 2.7.2: pfr_update_stats: assertion failed.
- 'pfr_update_stats: assertion failed" errors are surfacing in a voluminous quantity in the system log. NAT type = "Pur...
- 05:38 PM pfSense Bug #15157 (Resolved): PHP error when generating a notification after detecting a malformed configuration
- This seems to be solved now. Things that triggered it before no longer trigger it now.
- 01:14 PM pfSense Bug #15384 (Resolved): Reordering IPsec Phase 2 entries may result in a malformed configuration
- 01:28 AM pfSense Bug #15384: Reordering IPsec Phase 2 entries may result in a malformed configuration
- Confirmed on 2.7.2 change fixes the problem.
- 01:11 PM pfSense Plus Regression #15387 (Feedback): Boot failure detection tripping on config reset button during boot
- Fix committed: https://gitlab.netgate.com/pfSense/factory/-/commit/e2bdb91254b96c5d7caa9a1c26ea65be52d18fbb
- 01:09 PM pfSense Plus Regression #15387 (In Progress): Boot failure detection tripping on config reset button during boot
- Working with Steve, we have identified a method to work around this. Commit coming shortly.
- 11:06 AM pfSense Bug #15376: OpenVPN DHCP Range | Pool
- i used the following in custom option, which worked for me:
server 172.21.0.0 255.255.255.0 nopool;
ifconfig-pool...
04/08/2024
- 04:17 PM pfSense Plus Regression #15390 (New): Configs with incorrectly removed packages can create php errors.
- A config file that contains packages in the <installedpackages> section but not the actual <package> data can generat...
- 03:47 PM pfSense Plus Regression #15387: Boot failure detection tripping on config reset button during boot
- This prevents the hardware config reset working on anything that has multiple ZFS BE snapshots present to roll back to.
- 02:54 PM pfSense Plus Regression #15387: Boot failure detection tripping on config reset button during boot
- This applies to all devices that have a hardware config reset button. The 4200 can be reset at any time which means i...
- 03:15 PM pfSense Bug #15384 (Feedback): Reordering IPsec Phase 2 entries may result in a malformed configuration
- Applied in changeset commit:88670c6c167418e7d12b010c0ce8b7d06c2b757f.
- 02:12 PM pfSense Bug #15384: Reordering IPsec Phase 2 entries may result in a malformed configuration
- This only happens if you try to move something into the first position. If you move any P2 into any other place it wo...
- 03:08 PM pfSense Revision 88670c6c: Fix syntax when moving IPsec P2. Fixes #15384
- 02:29 PM pfSense Feature #15389: Allow changing network interface names via UI to make interface-bound states possible on HA firewalls with different NICs
- Thank you for looking at the request. Could you please name other workarounds and which you'd recommend?
- 02:18 PM pfSense Feature #15389 (Rejected): Allow changing network interface names via UI to make interface-bound states possible on HA firewalls with different NICs
- That would make things even more complex and isn't sustainable. There are already workarounds for that limitation (e....
- 02:05 PM pfSense Feature #15389 (Rejected): Allow changing network interface names via UI to make interface-bound states possible on HA firewalls with different NICs
- With interface-bound states being the default and more secure option in new pfSense versions, it would be nice if one...
- 01:05 PM pfSense Plus Bug #15388 (Rejected): Serial/VGA console forces password reset on 24.03 but Setup Wizard still prompts during setup to change the password erroneously
- The wizard has always prompted to change the password, users like having the option. That step can be skipped the sam...
- 01:00 PM pfSense Plus Feature #12534 (Closed): Generate a ISO Image for Remote Restore of pfSense Plus on the XG-1537 and 1541 units with IPMI
- 12:59 PM pfSense Regression #12549: Per-user Mobile IPsec settings are not applied to connecting mobile clients
- It's still marked as "New" and open so no, it has not been resolved.
- 12:56 PM pfSense Docs Todo #15383 (Rejected): Feedback on Virtual Private Networks — IPsec — IPsec Configuration — IPsec Pre-Shared Keys Tab
- That's due to a bug we've been chasing for a while, and there are potential workarounds, though it's unclear if it's ...
04/07/2024
- 10:47 PM pfSense Plus Regression #15320: XMLRPC Sync Trigger on CARP Maintenance Mode Causes webConfigurator Hangs on VIPs
- It'd be good to test this on 24.03 as there have been general efficiency improvements that may help here.
- 02:25 AM pfSense Plus Regression #15320: XMLRPC Sync Trigger on CARP Maintenance Mode Causes webConfigurator Hangs on VIPs
- Customer ticket 2575064585 is another example of this issue. They did not have webConfigurator hangs, but they did h...
- 02:37 PM pfSense Bug #7329: DHCP Not Updating DNS
- I am running into this issue with 2.7.2-RELEASE (amd64).
I did restart both unbound and DHCP (ICS) and the DNS stick... - 11:06 AM pfSense Feature #12746: IPoE feature for WAN interface
- While some Japanese ISPs may still offer PPPoE, the latency fluctuates quite a bit, especially during the evening.
... - 04:16 AM pfSense Bug #14261: Trim white space in a DHCP Leases page search field
- this seems to work as described with the dhcp lease search as tested on 24.03.b.20240405.1653, adding a leading or tr...
- 02:59 AM pfSense Plus Regression #15387: Boot failure detection tripping on config reset button during boot
- Testing multiple times on these units, they still will factory reset just fine, so this appears to not be a critical ...
- 02:58 AM pfSense Plus Regression #15387: Boot failure detection tripping on config reset button during boot
- This also affected the SG-2440. This appears to not be smbus related, but simply a result of the reset button causin...
- 02:38 AM pfSense Plus Regression #15387: Boot failure detection tripping on config reset button during boot
- Appears to have the same boot failure detection on the 4100. Likely not the only devices to have this issue.
Shor... - 02:15 AM pfSense Plus Regression #15387 (Resolved): Boot failure detection tripping on config reset button during boot
- When booting the 4200, if you follow the instructions outlined here to press the reset button when the appliance star...
- 02:53 AM pfSense Plus Bug #15388 (Rejected): Serial/VGA console forces password reset on 24.03 but Setup Wizard still prompts during setup to change the password erroneously
- During first boot, new in 24.03 is that the admin password is prompted to be changed from the serial console on first...
04/06/2024
- 09:27 PM pfSense Plus Bug #15386 (Resolved): EULA Prompting Twice on Plus
- When logging into pfSense Plus for the first time, the EULA and Thank You messages appear as you'd expect. However, ...
- 09:20 PM pfSense Packages Bug #15385 (New): PHP crash when exporting Apple profile, while IPsec P1 authentication method set to "Mutual Certificate"
- Version: 23.09.1-RELEASE (amd64)
Steps to reproduce:
1. Configure the Phase 1 authentication method to "Mutual ... - 08:07 PM pfSense Feature #15217: Log command being run in Diagnostics > Command Prompt
- I wanted to add my support for this. We recently had a ticket were an error was thrown from diag_command.php, but the...
- 07:41 PM pfSense Bug #13375: Mixing VTI and disabled Tunnel Mode phase 2 entries on the same phase 1 breaks VTI gateway monitoring
- Tested this on 23.09.1. This is still present.
- 07:38 PM pfSense Plus Feature #12534: Generate a ISO Image for Remote Restore of pfSense Plus on the XG-1537 and 1541 units with IPMI
- The netinstaller provides a mechanism for this. This can be closed as Resolved.
- 07:38 PM pfSense Packages Feature #10865 (Rejected): squidGuard lacks options to send traffic action logs to syslog server
- With the deprecation of squid, marking this as Rejected, since this package will be removed in a future release, so i...
- 05:37 PM pfSense Plus Feature #15380: During upgrade Process GUI timeouts still occur
- I agree that the timeout should be paused during or restarted after performing the upgrade.
- 02:55 PM pfSense Plus Feature #15380: During upgrade Process GUI timeouts still occur
- Thank you
- 02:29 PM pfSense Plus Feature #15380 (New): During upgrade Process GUI timeouts still occur
- Thanks for the clarification. I'll move it to a feature request.
- 01:54 PM pfSense Plus Feature #15380: During upgrade Process GUI timeouts still occur
- Sorry I forgot to include this is for users that changed the timeout to 5 mins or so. If I leave my desk the firewall...
- 01:44 PM pfSense Plus Feature #15380 (Not a Bug): During upgrade Process GUI timeouts still occur
- The default timeout is 4 hours, which should be enough time for any of those actions. It can be changed, or even disa...
- 07:07 AM pfSense Bug #15376 (Not a Bug): OpenVPN DHCP Range | Pool
- 06:52 AM pfSense Packages Bug #13409: Copy button for Optional pre-shared key for this tunnel works in HTTPS mode only
- I tested the patch against the 24.03 BETA release.
The patch fixes the issue.
It can be merged. - 05:22 AM pfSense Bug #15384: Reordering IPsec Phase 2 entries may result in a malformed configuration
- I can confirm this behavior on ...
04/05/2024
- 11:09 PM pfSense Packages Bug #13810: Squid options obsolete
- https://redmine.pfsense.org/issues/15381
- 11:09 PM pfSense Packages Bug #13810: Squid options obsolete
- https://github.com/pfsense/FreeBSD-ports/pull/1365
- 11:09 PM pfSense Packages Bug #13810: Squid options obsolete
- https://github.com/pfsense/FreeBSD-ports/pull/1366
- 11:09 PM pfSense Packages Bug #15381: Squid 6.6 Errors Attached for Review TLS requested in errors
- https://github.com/pfsense/FreeBSD-ports/pull/1366
Fix for
2024/04/05 07:58:24| ERROR: Unsupported TLS option ... - 10:44 PM pfSense Packages Bug #15381: Squid 6.6 Errors Attached for Review TLS requested in errors
- Notes:
FIX ME
line of code 1261 in /usr/local/pkg/squid.inc
FIX ME
line of code 1235-1241 in usr/local/pkg/s... - 10:38 PM pfSense Packages Bug #15381: Squid 6.6 Errors Attached for Review TLS requested in errors
- @
if (empty($settings['sslproxy_compatibility_mode']) || ($settings['sslproxy_compatibility_mode'] == 'modern')) {
... - 10:27 PM pfSense Packages Bug #15381: Squid 6.6 Errors Attached for Review TLS requested in errors
- https://github.com/pfsense/FreeBSD-ports/pull/1365
this fixed the issue inside my SG-2100
Working on this also ... - 10:25 PM pfSense Packages Bug #15381: Squid 6.6 Errors Attached for Review TLS requested in errors
- 2024/04/05 07:58:24| WARNING: UPGRADE: 'cafile=/usr/local/share/certs/ca-root-nss.crt' is deprecated in http_port. Us...
- 03:02 PM pfSense Packages Bug #15381: Squid 6.6 Errors Attached for Review TLS requested in errors
- @2024/04/05 07:58:24| Processing Configuration File: /usr/local/etc/squid/squid.conf (depth 0)
2024/04/05 07:58:24| ... - 07:23 PM pfSense Bug #15157: PHP error when generating a notification after detecting a malformed configuration
- Yes, with the notification error patched the real bugs generating a bad config should become apparent. Separate issue...
- 07:12 PM pfSense Bug #15157: PHP error when generating a notification after detecting a malformed configuration
- tested on:
24.03-BETA (amd64)
built on Fri Mar 22 17:08:00 UTC 2024
FreeBSD 15.0-CURRENT
patch fixes the actual c... - 07:16 PM pfSense Bug #15384 (Resolved): Reordering IPsec Phase 2 entries may result in a malformed configuration
- Changing the order of phase2 entries for the tunnels and saving produces bad config and results in "configuration res...
- 10:56 AM pfSense Regression #15019 (Resolved): pfSense Plus is always shown as an available upgrade for eligible CE devices.
- This has been fixed on the 2.7.2 release.
If you don't select *[Upgrade] - Latest pfSense Plus Stable Version (23... - 10:43 AM pfSense Regression #12549: Per-user Mobile IPsec settings are not applied to connecting mobile clients
- Just to check: Has then been resolved, or is it still pending resolution?
- 10:30 AM pfSense Docs Todo #15383 (Rejected): Feedback on Virtual Private Networks — IPsec — IPsec Configuration — IPsec Pre-Shared Keys Tab
- *Page:* https://docs.netgate.com/pfsense/en/latest/vpn/ipsec/psk.html
*Feedback:*
When an ipv4 address pool is ... - 08:36 AM pfSense Docs Correction #15382 (New): pfSense Plus Azure support plans
- The page explaining Support Resources for pfSense Plus instances in Azure does not include a note about the option to...
04/04/2024
- 10:42 PM pfSense Packages Bug #15381: Squid 6.6 Errors Attached for Review TLS requested in errors
- The errors show a request for cafile= to be tls-cafile, so Squid is looking for tls certificates over the SSL we used...
- 06:16 PM pfSense Packages Bug #15381: Squid 6.6 Errors Attached for Review TLS requested in errors
- Facebook Goals for me with the cache are related to
Ref:
https://research.facebook.com/blog/2016/4/the-evolution-o... - 06:02 PM pfSense Packages Bug #15381: Squid 6.6 Errors Attached for Review TLS requested in errors
Cachemgr.cgi ref:
https://forum.netgate.com/topic/187107/how-to-guide-for-accessing-squid-s-cachemgr-cgi-over-http...- 06:00 PM pfSense Packages Bug #15381 (New): Squid 6.6 Errors Attached for Review TLS requested in errors
- Squid runs however lists the following errors in 24.03.b.20240322.1708
@/status_services.php: The command '/usr/lo... - 05:54 PM pfSense Plus Bug #15103: Netgate Crypto ID missing in 23.09.01 after fresh firmware
- In 24 the crypto acceleration does not list any counters when VPN is running also. I thought it was able to enable an...
- 05:48 PM pfSense Plus Feature #15380: During upgrade Process GUI timeouts still occur
- If use of verify/commit boot environment users will not be able to commit or verify as GUI times out. Can updates be ...
- 03:55 PM pfSense Plus Feature #15380 (New): During upgrade Process GUI timeouts still occur
- Hello during my updates the GUI timeout is counting down still and will log me out of the update. Attached is the scr...
- 03:49 PM pfSense Packages Feature #15375 (Feedback): Update ntopng package
- PR merged, thanks!
- 03:14 PM pfSense Bug #15379: Diagnostic/Traceroute follows default gateway instead of IPsec interface for routing traffic
- I can confirm it, it seems the traceroute doesn't follow the IPsec policy
tested on ... - 02:49 PM pfSense Bug #15379 (Not a Bug): Diagnostic/Traceroute follows default gateway instead of IPsec interface for routing traffic
- You can't force something into policy-based IPsec in that way. Either it matches the traffic selectors and it will go...
- 02:28 PM pfSense Bug #15379 (Not a Bug): Diagnostic/Traceroute follows default gateway instead of IPsec interface for routing traffic
- If you define a specific Source Address in the Diagnostic/Traceroute page and that interface IP is within the IPsec t...
- 01:52 PM pfSense Bug #14933: Traffic Graph Widget only displays half of the real UL/DL bandwidth used under certain conditions
- https://github.com/pfsense/pfsense/pull/4677
Also available in: Atom