pfSense bugtracker: Issueshttps://redmine.pfsense.org/https://redmine.pfsense.org/favicon.ico?16780521162020-07-12T12:22:17ZpfSense bugtracker
Redmine pfSense Packages - Feature #10761 (Rejected): Multiple domains in one SAN entry would be very usefulhttps://redmine.pfsense.org/issues/107612020-07-12T12:22:17ZEduard Rozenbergeduardr@pobox.com
<p>In the Domain SAN list, I'm not currently able to add multiple domains in the 'Domainname' box, for ex. cannot use:</p>
<p><strong>Domainname</strong>: fw.mydomain.com fw1.mydomain.com fw1.lan.mydomain.com fw2.mydomain.com fw2.lan.mydomain.com</p>
<p>I could use wildcard (*.mydomain.com) but this is not ideal, as it opens a potential exploit if the cert is stolen from one of the firewalls.</p>
<p>Reason for needing multiple domain names: need domain names for each of multiple redundant firewalls. Also, each firewall can be addressed by multiple domain names (for ex. fw.mydomain.com, fw1.mydomain.com, fw1.lan.mydomain.com)</p>
<p>Currently have to create multiple SAN items which is redundant, and also requires more work over time if DNS API keys change etc, as we now have to manage multiple SAN entries.</p>
<p>Suggestion: allow entering multiple domain names in one SAN entry, either on multiple lines or separated by spaces, commas etc.</p> pfSense - Bug #10394 (Rejected): NAT Portmap: Source host/net field not editablehttps://redmine.pfsense.org/issues/103942020-03-30T17:44:16ZEduard Rozenbergeduardr@pobox.com
<p>Noticed since upgrading to 2.4.5:</p>
<p>Add new NAT Portmap item -> can't edit Advanced...Source field.</p>
<p>Workaround:</p>
<p>1. Sutmit page with missing field entries<br />2. When the page returns with "The following input errors were detected" the Source field will now be enabled for edit.</p> pfSense - Bug #9028 (Duplicate): Acme pkg upgrade caused pfSense to try upgrade 2.4.3 -> 2.4.4, f...https://redmine.pfsense.org/issues/90282018-10-09T07:38:55ZEduard Rozenbergeduardr@pobox.com
<p>I clicked on the update button next to the Acme package on the dashboard. This appears to have caused pfSense to try to upgrade many packages including php and the base pfSense package (pfSense-2.4.3.txz). It stopped during this process at: <pre>[6/113] Deleting files for pear-Cache_Lite-1.7.16,1.....</pre> and nothing further happened.</p>
<p>Currently the system is still running and routing traffic (yay!), but it is in a somewhat broken state with a few updated php packages and no ability to upgrade cleanly to 2.4.4.</p>
Things I thought to try:
<ul>
<li>Upgrade the system to 2.4.4. But I'm not able to click the upgrade button now because the system shows "The system is on a later version than official release.", "Latest Base System - Warning:", "Status - Running a newer version." </li>
<li>Download the 2.4.3 release and look for packages on the ISO, so I can restore the previous packages to the system. I couldn't find any packages on the ISO (pfSense-CE-2.4.3-RELEASE-amd64.iso.gz), only individual files in various directories. Also - was hard to even find the 2.4.3 release, only on a couple of outdated sites such as <a class="external" href="http://linorg.usp.br/pfsense/downloads/">http://linorg.usp.br/pfsense/downloads/</a> which I don't even know I can trust. The official download site does not provide any older versions.</li>
</ul>
<p>I can't figure out where I could download individual packages that were updated such as pfSense-2.4.3.txz and pear-Net_URL2-2.2.1.</p>
<p>Thanks in advance for any hints. At this point I only would know how to reinstall the whole system from scratch despite only needing a few older packages to get back to the previous state.</p>
<pre>
>>> Upgrading pfSense-pkg-acme...
Updating pfSense-core repository catalogue...
pfSense-core repository is up to date.
Updating pfSense repository catalogue...
pfSense repository is up to date.
All repositories are up to date.
The following 6 package(s) will be affected (of 0 checked):
New packages to be INSTALLED:
php72-pecl-ssh2: 1.1.2 [pfSense]
php72: 7.2.10 [pfSense]
libargon2: 20171227 [pfSense]
php72-ftp: 7.2.10 [pfSense]
Installed packages to be UPGRADED:
pfSense-pkg-acme: 0.3.2 -> 0.3.2_4 [pfSense]
socat: 1.7.3.2_2 -> 1.7.3.2_3 [pfSense]
Number of packages to be installed: 4
Number of packages to be upgraded: 2
The process will require 25 MiB more space.
4 MiB to be downloaded.
[1/6] Fetching pfSense-pkg-acme-0.3.2_4.txz: .......... done
[2/6] Fetching php72-pecl-ssh2-1.1.2.txz: .... done
[3/6] Fetching php72-7.2.10.txz: .......... done
[4/6] Fetching libargon2-20171227.txz: ........ done
[5/6] Fetching socat-1.7.3.2_3.txz: .......... done
[6/6] Fetching php72-ftp-7.2.10.txz: ... done
Checking integrity... done (3 conflicting)
- php72-pecl-ssh2-1.1.2 [pfSense] conflicts with pecl-ssh2-0-0.13 [installed] on /usr/local/include/php/ext/ssh2/php_ssh2.h
- php72-7.2.10 [pfSense] conflicts with php56-5.6.34 [installed] on /usr/local/bin/php
- php72-ftp-7.2.10 [pfSense] conflicts with php56-ftp-5.6.34 [installed] on /usr/local/include/php/ext/ftp/config.h
Checking integrity... done (0 conflicting)
Conflicts with the existing packages have been found.
One more solver iteration is needed to resolve them.
The following 113 package(s) will be affected (of 0 checked):
Installed packages to be REMOVED:
pear-XML_RPC2-1.1.3
pear-Mail-1.4.1,1
pear-HTTP_Request2-2.3.0,1
pear-Net_SMTP-1.8.0
pear-Net_URL2-2.2.1
pear-Cache_Lite-1.7.16,1
pear-Crypt_CHAP-1.5.0
pear-Net_Socket-1.0.14
pear-Net_IPv6-1.3.0.b2_2
pear-Net_Growl-2.7.0
pear-Auth_RADIUS-1.1.0
php56-xmlreader-5.6.34
pear-1.10.5_1
php-suhosin-0.9.38_3
php56-xmlwriter-5.6.34
php56-dom-5.6.34
php56-xml-5.6.34
php56-pdo_sqlite-5.6.34
php56-simplexml-5.6.34
php56-session-5.6.34
php56-opcache-5.6.34
php56-zlib-5.6.34
php56-curl-5.6.34
pecl-zmq-1.1.3_2
php56-sqlite3-5.6.34
php56-pdo-5.6.34
php56-mcrypt-5.6.34
php56-hash-5.6.34
php56-pfSense-module-0.61
pecl-radius-1.4.0.b1
php56-ctype-5.6.34
php56-posix-5.6.34
php56-openssl-5.6.34
php56-filter-5.6.34
php56-sockets-5.6.34
php56-ldap-5.6.34
php56-bcmath-5.6.34
php56-tokenizer-5.6.34
php56-sysvshm-5.6.34
php56-sysvsem-5.6.34
php56-sysvmsg-5.6.34
php56-shmop-5.6.34
php56-readline-5.6.34
php56-pcntl-5.6.34
php56-json-5.6.34
php56-gettext-5.6.34
php56-mbstring-5.6.34
php56-bz2-5.6.34
php56-5.6.34
pecl-ssh2-0-0.13
pecl-rrd1-1.1.3
php56-ftp-5.6.34
New packages to be INSTALLED:
libargon2: 20171227 [pfSense]
php72: 7.2.10 [pfSense]
php72-xml: 7.2.10 [pfSense]
php72-zlib: 7.2.10 [pfSense]
php72-pear: 1.10.5_1 [pfSense]
oniguruma: 6.8.1 [pfSense]
php72-pear-Net_URL2: 2.2.1 [pfSense]
php72-pear-Net_Socket: 1.0.14 [pfSense]
php72-pecl-rrd: 2.0.1_1 [pfSense]
php72-curl: 7.2.10 [pfSense]
php72-tokenizer: 7.2.10 [pfSense]
php72-mbstring: 7.2.10 [pfSense]
php72-dom: 7.2.10 [pfSense]
php72-openssl: 7.2.10 [pfSense]
php72-hash: 7.2.10 [pfSense]
php72-bcmath: 7.2.10 [pfSense]
php72-pecl-mcrypt: 1.0.1 [pfSense]
php72-pecl-radius: 1.4.0.b1 [pfSense]
php72-pear-HTTP_Request2: 2.3.0,1 [pfSense]
php72-pear-Cache_Lite: 1.7.16,1 [pfSense]
php72-pear-Net_SMTP: 1.8.0 [pfSense]
php72-pdo: 7.2.10 [pfSense]
php72-pecl-ssh2: 1.1.2 [pfSense]
php72-simplepie: 1.5.1_1 [pfSense]
php72-session: 7.2.10 [pfSense]
php72-opcache: 7.2.10 [pfSense]
php72-xmlwriter: 7.2.10 [pfSense]
php72-xmlreader: 7.2.10 [pfSense]
php72-simplexml: 7.2.10 [pfSense]
php72-ctype: 7.2.10 [pfSense]
php72-posix: 7.2.10 [pfSense]
sshguard: 2.2.0_4 [pfSense]
php72-filter: 7.2.10 [pfSense]
php72-openssl_x509_crl: 1.2 [pfSense]
php72-pear-Crypt_CHAP: 1.5.0 [pfSense]
openvpn-auth-script: 1.0.0.3 [pfSense]
php72-sockets: 7.2.10 [pfSense]
php72-ldap: 7.2.10 [pfSense]
php72-pecl-zmq: 1.1.3_2 [pfSense]
php72-pear-XML_RPC2: 1.1.3_1 [pfSense]
php72-pear-Net_IPv6: 1.3.0.b2_2 [pfSense]
php72-pear-Net_Growl: 2.7.0 [pfSense]
php72-pear-Auth_RADIUS: 1.1.0_4 [pfSense]
php72-pear-Mail: 1.4.1,1 [pfSense]
php72-sysvshm: 7.2.10 [pfSense]
php72-sysvsem: 7.2.10 [pfSense]
php72-sysvmsg: 7.2.10 [pfSense]
php72-shmop: 7.2.10 [pfSense]
php72-readline: 7.2.10 [pfSense]
php72-pcntl: 7.2.10 [pfSense]
php72-json: 7.2.10 [pfSense]
php72-gettext: 7.2.10 [pfSense]
php72-pfSense-module: 0.64_6 [pfSense]
php72-sqlite3: 7.2.10 [pfSense]
php72-pdo_sqlite: 7.2.10 [pfSense]
php72-bz2: 7.2.10 [pfSense]
php72-ftp: 7.2.10 [pfSense]
Installed packages to be UPGRADED:
socat: 1.7.3.2_2 -> 1.7.3.2_3 [pfSense]
pfSense-pkg-acme: 0.3.2 -> 0.3.2_4 [pfSense]
pfSense: 2.4.3_1 -> 2.4.4 [pfSense]
Installed packages to be REINSTALLED:
pfSense-Status_Monitoring-1.7.6 [pfSense] (direct dependency changed: php72)
Number of packages to be removed: 52
Number of packages to be installed: 57
Number of packages to be upgraded: 3
Number of packages to be reinstalled: 1
The process will require 10 MiB more space.
3 MiB to be downloaded.
[1/55] Fetching php72-xml-7.2.10.txz: ... done
[2/55] Fetching php72-zlib-7.2.10.txz: ... done
[3/55] Fetching php72-pear-1.10.5_1.txz: .......... done
[4/55] Fetching oniguruma-6.8.1.txz: .......... done
[5/55] Fetching php72-pear-Net_URL2-2.2.1.txz: ... done
[6/55] Fetching php72-pear-Net_Socket-1.0.14.txz: . done
[7/55] Fetching php72-pecl-rrd-2.0.1_1.txz: .. done
[8/55] Fetching php72-curl-7.2.10.txz: .... done
[9/55] Fetching php72-tokenizer-7.2.10.txz: .. done
[10/55] Fetching php72-mbstring-7.2.10.txz: .......... done
[11/55] Fetching php72-dom-7.2.10.txz: ....... done
[12/55] Fetching php72-openssl-7.2.10.txz: ....... done
[13/55] Fetching php72-hash-7.2.10.txz: .......... done
[14/55] Fetching php72-bcmath-7.2.10.txz: ... done
[15/55] Fetching php72-pecl-mcrypt-1.0.1.txz: .. done
[16/55] Fetching php72-pecl-radius-1.4.0.b1.txz: ... done
[17/55] Fetching php72-pear-HTTP_Request2-2.3.0,1.txz: .......... done
[18/55] Fetching php72-pear-Cache_Lite-1.7.16,1.txz: .... done
[19/55] Fetching php72-pear-Net_SMTP-1.8.0.txz: .. done
[20/55] Fetching php72-pdo-7.2.10.txz: ...... done
[21/55] Fetching pfSense-Status_Monitoring-1.7.6.txz: ... done
[22/55] Fetching php72-simplepie-1.5.1_1.txz: ......... done
[23/55] Fetching php72-session-7.2.10.txz: ..... done
[24/55] Fetching php72-opcache-7.2.10.txz: .......... done
[25/55] Fetching php72-xmlwriter-7.2.10.txz: .. done
[26/55] Fetching php72-xmlreader-7.2.10.txz: .. done
[27/55] Fetching php72-simplexml-7.2.10.txz: ... done
[28/55] Fetching php72-ctype-7.2.10.txz: . done
[29/55] Fetching php72-posix-7.2.10.txz: .. done
[30/55] Fetching sshguard-2.2.0_4.txz: .......... done
[31/55] Fetching php72-filter-7.2.10.txz: ... done
[32/55] Fetching php72-openssl_x509_crl-1.2.txz: .. done
[33/55] Fetching php72-pear-Crypt_CHAP-1.5.0.txz: . done
[34/55] Fetching openvpn-auth-script-1.0.0.3.txz: . done
[35/55] Fetching php72-sockets-7.2.10.txz: ..... done
[36/55] Fetching php72-ldap-7.2.10.txz: ... done
[37/55] Fetching php72-pecl-zmq-1.1.3_2.txz: .... done
[38/55] Fetching php72-pear-XML_RPC2-1.1.3_1.txz: ........ done
[39/55] Fetching php72-pear-Net_IPv6-1.3.0.b2_2.txz: .. done
[40/55] Fetching php72-pear-Net_Growl-2.7.0.txz: .......... done
[41/55] Fetching php72-pear-Auth_RADIUS-1.1.0_4.txz: .. done
[42/55] Fetching php72-pear-Mail-1.4.1,1.txz: ... done
[43/55] Fetching php72-sysvshm-7.2.10.txz: . done
[44/55] Fetching php72-sysvsem-7.2.10.txz: . done
[45/55] Fetching php72-sysvmsg-7.2.10.txz: . done
[46/55] Fetching php72-shmop-7.2.10.txz: . done
[47/55] Fetching php72-readline-7.2.10.txz: .. done
[48/55] Fetching php72-pcntl-7.2.10.txz: .. done
[49/55] Fetching php72-json-7.2.10.txz: ... done
[50/55] Fetching php72-gettext-7.2.10.txz: . done
[51/55] Fetching php72-pfSense-module-0.64_6.txz: ...... done
[52/55] Fetching php72-sqlite3-7.2.10.txz: ... done
[53/55] Fetching php72-pdo_sqlite-7.2.10.txz: .. done
[54/55] Fetching php72-bz2-7.2.10.txz: .. done
[55/55] Fetching pfSense-2.4.4.txz: . done
[1/113] Deinstalling pear-XML_RPC2-1.1.3...
uninstall ok: channel://pear.php.net/XML_RPC2-1.1.3
[1/113] Deleting files for pear-XML_RPC2-1.1.3:
pear-XML_RPC2-1.1.3: missing file /usr/local/share/doc/pear/XML_RPC2/docs/Makefile
[1/113] Deleting files for pear-XML_RPC2-1.1.3...
pear-XML_RPC2-1.1.3: missing file /usr/local/share/doc/pear/XML_RPC2/docs/tutorials/XML_RPC2.lyx
[1/113] Deleting files for pear-XML_RPC2-1.1.3............. done
[2/113] Deinstalling pear-Mail-1.4.1,1...
uninstall ok: channel://pear.php.net/Mail-1.4.1
[2/113] Deleting files for pear-Mail-1.4.1,1:
pear-Mail-1.4.1,1: missing file /usr/local/share/doc/pear/Mail/LICENSE
[2/113] Deleting files for pear-Mail-1.4.1,1............. done
[3/113] Deinstalling pear-HTTP_Request2-2.3.0,1...
uninstall ok: channel://pear.php.net/HTTP_Request2-2.3.0
[3/113] Deleting files for pear-HTTP_Request2-2.3.0,1:
pear-HTTP_Request2-2.3.0,1: missing file /usr/local/share/doc/pear/HTTP_Request2/LICENSE
[3/113] Deleting files for pear-HTTP_Request2-2.3.0,1...
pear-HTTP_Request2-2.3.0,1: missing file /usr/local/share/doc/pear/HTTP_Request2/examples/upload-rapidshare.php
[3/113] Deleting files for pear-HTTP_Request2-2.3.0,1............. done
[4/113] Deinstalling pear-Net_SMTP-1.8.0...
uninstall ok: channel://pear.php.net/Net_SMTP-1.8.0
[4/113] Deleting files for pear-Net_SMTP-1.8.0:
pear-Net_SMTP-1.8.0: missing file /usr/local/share/doc/pear/Net_SMTP/LICENSE
[4/113] Deleting files for pear-Net_SMTP-1.8.0...
pear-Net_SMTP-1.8.0: missing file /usr/local/share/doc/pear/Net_SMTP/docs/guide.txt
[4/113] Deleting files for pear-Net_SMTP-1.8.0...
pear-Net_SMTP-1.8.0: missing file /usr/local/share/doc/pear/Net_SMTP/examples/basic.php
[4/113] Deleting files for pear-Net_SMTP-1.8.0........... done
[5/113] Deinstalling pear-Net_URL2-2.2.1...
uninstall ok: channel://pear.php.net/Net_URL2-2.2.1
[5/113] Deleting files for pear-Net_URL2-2.2.1:
pear-Net_URL2-2.2.1: missing file /usr/local/share/doc/pear/Net_URL2/docs/6470.php
[5/113] Deleting files for pear-Net_URL2-2.2.1...
pear-Net_URL2-2.2.1: missing file /usr/local/share/doc/pear/Net_URL2/docs/BSD-3-CLAUSE-Heyes
[5/113] Deleting files for pear-Net_URL2-2.2.1...
pear-Net_URL2-2.2.1: missing file /usr/local/share/doc/pear/Net_URL2/docs/example.php
[5/113] Deleting files for pear-Net_URL2-2.2.1.......... done
[6/113] Deinstalling pear-Cache_Lite-1.7.16,1...
uninstall ok: channel://pear.php.net/Cache_Lite-1.7.16
[6/113] Deleting files for pear-Cache_Lite-1.7.16,1:
pear-Cache_Lite-1.7.16,1: missing file /usr/local/share/doc/pear/Cache_Lite/LICENSE
[6/113] Deleting files for pear-Cache_Lite-1.7.16,1...
pear-Cache_Lite-1.7.16,1: missing file /usr/local/share/doc/pear/Cache_Lite/README.md
[6/113] Deleting files for pear-Cache_Lite-1.7.16,1...
pear-Cache_Lite-1.7.16,1: missing file /usr/local/share/doc/pear/Cache_Lite/TODO
[6/113] Deleting files for pear-Cache_Lite-1.7.16,1...
pear-Cache_Lite-1.7.16,1: missing file /usr/local/share/doc/pear/Cache_Lite/docs/examples
[6/113] Deleting files for pear-Cache_Lite-1.7.16,1...
pear-Cache_Lite-1.7.16,1: missing file /usr/local/share/doc/pear/Cache_Lite/docs/technical
[6/113] Deleting files for pear-Cache_Lite-1.7.16,1.....
</pre> pfSense - Bug #8481 (Duplicate): Editing multiple entries in multiple browser tabs causes problem...https://redmine.pfsense.org/issues/84812018-04-24T10:17:28ZEduard Rozenbergeduardr@pobox.com
<p>In various places in the web interface, trying to edit multiple entries in browser tabs and saving them one by one doesn't work.</p>
<p>For example, I open to edit multiple alias entries in multiple browser tabs. Then I make changes and click Save in each browser tab. This causes bad side effects such as aliases being deleted without intending to. One of my aliases was deleted for example as a result, even though it was referenced in a firewall rule.</p>
<p>In other places in the UI, trying to edit multiple entries in several browser tabs returns an error.</p>
<p>It appears sometime in the recent past, the way entries are internally ID'd (unique ID's) may have changed, and that ID's may be reassigned after entries are saved. I'm pretty sure I was able to edit multiple entries in multiple browser tabs in older pfSense releases.</p>
This may be how things are currently intended to work, but it has at least a couple of unfortunate aspects:
<ul>
<li>Users may not realize the issue, and have entries corrupted or deleted without realizing it.</li>
<li>Not being able to edit multiple entries in multiple tabs makes changing many entries much more tedious - have to Edit - wait - Save - wait for each entry now.</li>
</ul> pfSense - Bug #8462 (Not a Bug): UI - small gear icon/animation not centeredhttps://redmine.pfsense.org/issues/84622018-04-16T11:04:27ZEduard Rozenbergeduardr@pobox.com
<p>The small gear icon/animation that appears in the dashboard update widget is not centered, so the animation is a bit "lopsided" as the gear spins. The same animated gear may appear in other places in the UI, can't recall.</p>
<p>I've noticed this for some years now. A very <strong>minor</strong> issue.</p> pfSense - Feature #8246 (Bogus): Allow reordering of interfaces/stats on the dashboardhttps://redmine.pfsense.org/issues/82462017-12-30T12:25:56ZEduard Rozenbergeduardr@pobox.com
<p>It would be really great to be able to change the order of the interfaces showing in dashboard widgets "Interfaces" and "Interface Statistics"</p>
<p>Because of the default WAN/LAN/OPT naming and ordering, it is hard or impossible to get the interface names to be grouped in the most logical way.</p>
<p>For example, I currently have the order:</p>
<p>WAN1 LAN WAN2 SYNC WAN3</p>
<p>Would be much nicer and more easy to scan the information if the widget ordering could be changed:</p>
<pre><code>WAN1 WAN2 WAN3 LAN SYNC</code></pre>
<p>I know I can hide certain interfaces but don't want to hide any of these.</p> pfSense - Bug #8130 (New): Status - Monitoring - Area chart displays traffic data differently tha...https://redmine.pfsense.org/issues/81302017-11-26T13:40:32ZEduard Rozenbergeduardr@pobox.com
<p>When setting a traffic chart to Area, portions of the chart where +Y (inpass) values are relatively high show 0 value for -Y (outpass) even though that's not correct compared to viewing the same chart using line or bar chart display.</p>
<p>Attaching comparison image showing the problem. I've circled a couple of the chart areas where the problem is visible.</p>
<p>Another issue with the area chart (maybe I need to file a separate bug?) is the inpass and outpass totals show as being double the value of inpass and outpass.<br />And also, the outpass total values on the area chart are shown as double the values in the line and bar chart (area chart shows peaks of outpass around 60M, line and bar charts show peaks as 30M).</p>
<p>I think I've seen the problem in 2.3 also, not certain.</p>
<p>Have not tested area v. line v. bar for CPU or other types of data. Just traffic.</p>
<p>Maybe I don't know how to read the area chart properly. Entirely possible. :)</p> pfSense - Bug #8129 (Resolved): NTP Status -> Server time value incorrect for timezone Asia/Kolkatahttps://redmine.pfsense.org/issues/81292017-11-26T13:14:48ZEduard Rozenbergeduardr@pobox.com
<p>When using timezone set to Asia/Kolkata (a timezone on the 1/2 hour), the time showing in the dashboard widget NTP Status -> Server time is incorrect.</p>
<p>System info is correct:<br />Dashboard System Information -> Current date/time Mon Nov 27 0:41:35 IST 2017</p>
<p>NTP server time is INCORRECT:<br />Dashboard NTP Status -> Server Time 0:11:35 IST</p>
<p>The NTP server value is incorrect by 30 minutes, so it is not dealing properly with the 1/2 hour timezone.</p>
<p>Believe the problem has been present for some time in pfSense, but don't have older versions running to check ATM.</p> pfSense - Bug #8016 (Closed): 1 pfsense out of several shows 2.4.0 available, not 2.4.1https://redmine.pfsense.org/issues/80162017-10-26T19:57:35ZEduard Rozenbergeduardr@pobox.com
<p>1 firewall out of several shows 2.4.0 update available, not 2.4.1.<br />I tried changing update setting to Next Major Version then back to Stable.<br />I verified the firewall has network connectivity, for ex. auto backups work.</p>
<p>2.3.4-RELEASE-p1 (amd64) <br />built on Fri Jul 14 14:52:43 CDT 2017 <br />FreeBSD 10.3-RELEASE-p19</p>
<p>Version 2.4.0 is available.</p>
<p>The other firewalls show as expected:</p>
<p>2.3.4-RELEASE-p1 (amd64) <br />built on Fri Jul 14 14:52:43 CDT 2017 <br />FreeBSD 10.3-RELEASE-p19</p>
<p>Version 2.4.1 is available.</p> pfSense Packages - Bug #5614 (Resolved): mailreport - emails are going out when manually triggere...https://redmine.pfsense.org/issues/56142015-12-08T10:04:02ZEduard Rozenbergeduardr@pobox.com
<p>I've got notification settings properly configured, and added 3 reports in Email Reports, a daily, weekly, montly.</p>
<p>Manually triggering a report to go out works fine, either from gui or cli "/usr/local/bin/mail_reports_generate.php 0"</p>
<p>But reports are not being sent automatically for some reason, have not received a single one. Anything obvious I can check or might be missing?</p>
<p>Preferences:</p>
<p>Here you can define a list of reports to be sent by email.<br />Description Schedule Commands Logs Graphs <br />Daily Summary Daily at 00:00 1 1 4 <br />Weekly Summary Weekly, on Sunday at 00:00 1 1 4 <br />Monthly Summary Monthly, on day 1 at 00:00 1 1 4</p>
Crontab:<br />...<br />0 * * * root /usr/local/bin/mail_reports_generate.php 0 &<br />0 * * 0 root /usr/local/bin/mail_reports_generate.php 1 &<br />0 1 * * root /usr/local/bin/mail_reports_generate.php 2 &
#
<ol>
<li>If possible do not add items to this file manually.</li>
<li>If you do so, this file must be terminated with a blank line (e.g. new line)
#</li>
</ol> pfSense - Todo #5553 (Resolved): Suggestion: higher default MBUF valueshttps://redmine.pfsense.org/issues/55532015-11-30T06:41:48ZEduard Rozenbergeduardr@pobox.com
<p>At our main location we recently hit 100% MBUF usage of the default 26584, on our firewall master. The backup firewall was at 60%.</p>
<p>I increased the value to 1,000,000 based on advice from the tuning page for 64bit multi-GB systems:<br /><a class="external" href="https://doc.pfsense.org/index.php/Tuning_and_Troubleshooting_Network_Cards#mbuf_.2F_nmbclusters">https://doc.pfsense.org/index.php/Tuning_and_Troubleshooting_Network_Cards#mbuf_.2F_nmbclusters</a></p>
Suggestions:
<ul>
<li>Even for 32 bit systems seems to make sense to have a higher default value shipped out-of-the-box</li>
<li>If installer detects a 64-bit system with decent RAM, installer should set a higher value for this tunable</li>
</ul> pfSense - Bug #5552 (Resolved): Top menu sometimes blinks/reloads when selecting items on 2.3https://redmine.pfsense.org/issues/55522015-11-28T05:34:26ZEduard Rozenbergeduardr@pobox.com
<p>I can't pin down a pattern - the same menu item will sometimes cause a menubar blink/reload when selected, and sometimes not.<br />Would be nice to never see this menubar reloading - would make the interface feel more solid.</p>
<p>Running alpha 2.3 latest iso x64 on VMWare Fusion Mac 8.0.2.</p>
<p>Video attached.</p> pfSense - Bug #5550 (Resolved): Viewing NTP service info (/services_ntpd.php) triggers lots of em...https://redmine.pfsense.org/issues/55502015-11-27T09:28:10ZEduard Rozenbergeduardr@pobox.com
<p>One firewall has a couple of unplugged gateway cables, so email alerts go out whenever we make any changes to the firewall config. This is fine and expected.</p>
<p>What is not expected and looks like a bug is that just viewing the NTP service config page (/services_ntpd.php) triggers many alert emails to be sent. <br />This happens when accessing this page without making any changes. 7 sets of alerts were sent out by my count.</p>
<p>It also causes a long delay when accessing this page because it first sends out the 7 sets of alerts before finally displaying the page.</p> pfSense - Feature #5549 (Resolved): Additional DNS entries in General Setup would be good for 3 o...https://redmine.pfsense.org/issues/55492015-11-27T09:20:48ZEduard Rozenbergeduardr@pobox.com
<p>For multi-wan with 3 or more WAN's, it would be good to have additional DNS server fields in General Setup.</p>
<p>Currently there are 4 possible entries.</p>
<p>With 3 WAN's for example, assigning 2 different DNS servers to each of the WAN gateways would require 6 total entries in General Setup<br />because pfSense recommends that each gateway be assigned its own unique DNS servers.</p> pfSense - Bug #5548 (Not a Bug): NTP "Unreach/Pending" on backup carp firewall with 2 LAN interfa...https://redmine.pfsense.org/issues/55482015-11-27T07:48:46ZEduard Rozenbergeduardr@pobox.com
<p>At our two sites running firewall carp pairs - on the second (backup) firewall ntp doesn't peer to any outside servers.<br />One of our sites is running multi-wan, the other site running single wan - so don't believe wan setup is relevant to the problem.</p>
<p>NOTE: if I add the WAN interface to the NTP config on the second firewall, then NTP peers OK. But I don't want to run<br />with WAN interface bound because security wise I understand it's a bad idea for NTP to answer to queries from WAN.</p>
<p>I found the closed bug <a class="external" href="https://redmine.pfsense.org/issues/3317">https://redmine.pfsense.org/issues/3317</a> which sounds maybe related but doesn't mention CARP.</p>
NTP Service Config ( /services_ntpd.php )<br />------------------------------------------<br />Interfaces selected:
<ul>
<li>LAN</li>
<li>10.1.1.70 (LAN CARP IP)</li>
</ul>
Time servers:
<ul>
<li>0.pool.ntp.org</li>
<li>1.pool.ntp.org</li>
<li>2.pool.ntp.org</li>
<li>3.pool.ntp.org</li>
</ul>
<p>NTP Status ( /status_ntpd.php )<br />-------------------------------</p>
<p>[[ FIREWALL 1 (MASTER) ]]<br />Status Server Ref ID Stratum Type When Poll Reach Delay Offset Jitter<br />Outlier 104.131.53.252 209.51.161.238 2 u 15 64 377 77.164 -4.674 0.352<br />Candidate 74.117.238.11 4.108.167.254 4 u 13 64 377 55.299 1.778 0.397<br />Active Peer 66.96.99.10 204.9.54.119 2 u 16 64 377 64.408 -1.284 1.680<br />Candidate 108.61.73.243 200.98.196.212 2 u 18 64 377 72.394 2.821 4.107</p>
<p>[[ FIREWALL 2 (BACKUP) ]]<br />Status Server Ref ID Stratum Type When Poll Reach Delay Offset Jitter<br />Unreach/Pending 199.15.252.34 .INIT. 16 u - 64 0 0.000 0.000 0.000<br />Unreach/Pending 96.126.105.86 .INIT. 16 u - 64 0 0.000 0.000 0.000<br />Unreach/Pending 173.255.246.13 .INIT. 16 u - 64 0 0.000 0.000 0.000<br />Unreach/Pending 173.230.144.109 .INIT. 16 u - 64 0 0.000 0.000 0.000</p>