pfSense bugtracker: Issueshttps://redmine.pfsense.org/https://redmine.pfsense.org/favicon.ico?16780521162020-01-10T12:18:53ZpfSense bugtracker
Redmine pfSense - Bug #10177 (Not a Bug): OpenVPN Server Compression option missing (No compression)https://redmine.pfsense.org/issues/101772020-01-10T12:18:53ZCullen TreyCullen.Trey@web.de
<p>Hi,</p>
<p>I was just wondering why the deactivate compression option within the OpenVpn Server config does not disable compression at all?</p>
<p>If I'm not mistaken, there should be an option to totally avoid the "compression" statement in the OpenVPN Server config.</p>
<p>Why: If I controll all my clients and the server, I can totally disable compression by leaving the statement from my server and client config. This is under other options recommended by OpenVPN: <a class="external" href="https://community.openvpn.net/openvpn/wiki/VORACLE">https://community.openvpn.net/openvpn/wiki/VORACLE</a></p>
<p>Would be nice to incorporate this option.</p>
<p>Thanks for your great work</p> pfSense - Feature #7962 (Resolved): Support for Intel 553 network cardhttps://redmine.pfsense.org/issues/79622017-10-17T13:16:39ZCullen TreyCullen.Trey@web.de
<p>Hi,</p>
<p>just tried to get a Intel 553 network card running in pfsense 2.4, but it does not work.</p>
<p>Issue <a class="external" href="https://redmine.pfsense.org/issues/7763">https://redmine.pfsense.org/issues/7763</a> already states that freebsd 11.1 has old intel drivers.</p>
<p>Would it be possible to add support for Intel 553 by updating the intel drivers?</p>
<p>kind regards</p> pfSense Packages - Bug #6867 (Closed): Please update quagga to version 1.1https://redmine.pfsense.org/issues/68672016-10-20T08:09:28ZCullen TreyCullen.Trey@web.de
<p>Quagga 1.1 fixes a lot of bugs:</p>
<p><a class="external" href="http://mirror.yannic-bonenberger.com/nongnu/quagga/quagga-1.1.0.changelog.txt">http://mirror.yannic-bonenberger.com/nongnu/quagga/quagga-1.1.0.changelog.txt</a></p>
<p>New Version is here:</p>
<p><a class="external" href="https://www.freshports.org/net/quagga">https://www.freshports.org/net/quagga</a></p> pfSense Packages - Bug #4996 (Closed): Quagga not coming up after pfSense restart on OpenVPN tunnelshttps://redmine.pfsense.org/issues/49962015-08-24T15:04:27ZCullen TreyCullen.Trey@web.de
<p>As discussed in the forum <a class="external" href="https://forum.pfsense.org/index.php?topic=77285.0">https://forum.pfsense.org/index.php?topic=77285.0</a></p>
<p>on very fast setups (SSDs and fast CPUs) we encountered the problem again. With nanobsd, we don't have problems. Only with the full (installed) version of pfsense.</p>
<p>If we restart the quagga services over the web interface after a restart, everything works fine. So there seems to be the mentioned timing issue discussed in the forum again...</p>
<p>Any ideas?</p> pfSense - Bug #4995 (Duplicate): OpenVPN bound to gateway group using CARP IP doesn't stop with C...https://redmine.pfsense.org/issues/49952015-08-24T14:08:51ZCullen TreyCullen.Trey@web.de
<p>This Bug is related to the bugfix of Bug <a class="issue tracker-1 status-3 priority-4 priority-default closed" title="Bug: OpenVPN bound to gateway group using CARP IP doesn't start with CARP master status (Resolved)" href="https://redmine.pfsense.org/issues/4854">#4854</a></p>
<p>When CARP goes to backup on let say pfsense#1, it stops openvpn and it start the openvpn on the new master let it name pfsense#2. When i speak of openvpn it means a openvpn client.</p>
<p>However, when we go back to Master on pfsense#1, it starts the openvon on pfsense#1. But why is it restarted on pfsense#2??? This causes me a lot of Problems, because the openvpn Clients try to reconnect and throw out the newly started Clients on pfsense#1.</p>
<p>But what is strange, is that the openvpn Clients on pfsense#2 are shown as stoped in the Services Status. The logs say something different, the are restarting because of inactivity. Even ps -ax Shows that the Clients are still running...</p>
<p>What Comes to my mind, is that openvpn_restart('client', $Settings) does not really stop / terminate the openvpn Clients. So in the rc.carpbackup the command openvpn_restart only tiggers the restart of openvpn Clients, because they are currently running. How can you stop them? Something like</p>
<p>+openvpn_stop('client', $settings);<br />-openvpn_restart('client', $settings);</p> pfSense - Bug #4802 (Duplicate): OpenVPN Client wont start after reboot, when set to a Gateway Gr...https://redmine.pfsense.org/issues/48022015-06-29T13:52:40ZCullen TreyCullen.Trey@web.de
<p>An OpenVPN Client won't start after reboot of the primary node, when set to a Gateway Group specifing a VIP.</p> pfSense - Bug #4792 (Resolved): IPSec ASN.1 DN needs double quotes in config filehttps://redmine.pfsense.org/issues/47922015-06-27T03:03:41ZCullen TreyCullen.Trey@web.de
<p>This is a bug <a class="issue tracker-1 status-3 priority-4 priority-default closed" title="Bug: ASN.1 DN needs double quotes in config file (Resolved)" href="https://redmine.pfsense.org/issues/4275">#4275</a> reintroduced in 2.2.3:</p>
<p>Upon upgrade of 2.2.2 to 2.2.3 strongswan did not start and quit with the following message:</p>
<p>I ONLY adapted these lines of the old bug:</p>
<p>ipsec_starter<sup><a href="#fn73005">73005</a></sup>: unable to start strongSwan -- fatal errors in config<br />ipsec_starter<sup><a href="#fn73005">73005</a></sup>: invalid config file '/var/etc/ipsec/ipsec.conf'<br />ipsec_starter<sup><a href="#fn73005">73005</a></sup>: /var/etc/ipsec/ipsec.conf:19: syntax error, unexpected EQ [=]<br />ipsec_starter<sup><a href="#fn73005">73005</a></sup>: Starting strongSwan 5.2.3 IPsec [starter]...</p>
<p>Line 19 of ipsec.conf is:<br /> leftid = asn1dn:C=CH/ST=Aargau/L=Baden/O=TechFreak/emailAddress=XXX/CN=vpn.example.com</p>
<p>I got StrongSwan only to accept it by changing leftif|rightid to (ommiting asn1dn)</p>
<p>leftid = "C=CH/ST=Aargau/L=Baden/O=TechFreak/emailAddress=XXX/CN=vpn.example.com"</p>
<p>this started to work again, and strongswan bootet up.</p>
<p>This should be checked in the GUI and automatically added to the value saved in the config file.</p>
<p>As the ipsec.conf is generated by the vpn.inc I adapted it the following way. Sorry for having no diff etc... Spot it by the comment line!</p>
<p>list ($myid_type, $myid_data) = ipsec_find_id($ph1ent, 'local');</p>
<p><strong>if ($myid_type = 'asn1dn')<br />$myid_data = "\"{$myid_data}\"";<br />else</strong> if ($myid_type != 'address')<br />$myid_data = "{$myid_type}:{$myid_data}";</p>
<p>/* Only specify peer ID if we are not dealing with a mobile PSK-only tunnel <strong>/<br />$peerid_spec = '';<br />if (!isset($ph1ent['mobile'])) {<br /> list ($peerid_type, $peerid_data) = ipsec_find_id($ph1ent, 'peer', $rgmap);<br />*if ($peerid_type = 'asn1dn')<br /> $peerid_spec = "\"{$peerid_data}\"";<br />else</strong> if ($peerid_type != 'address')<br /> $peerid_spec = "{$peerid_type}:{$peerid_data}";<br />else<br /> $peerid_spec = $peerid_data;<br />}</p>
<p>Kind regards</p> pfSense - Feature #4776 (New): Add 802.1x dynamic vlan supporthttps://redmine.pfsense.org/issues/47762015-06-19T11:08:57ZCullen TreyCullen.Trey@web.de
<p>Hi,</p>
<p>as I was creating a WLAN for our company based on pfsense APs, I run into the problem, that pfsense has no option to enable dynamic vlan support of hostapd. What I needed was something like: <a class="external" href="https://dev.openwrt.org/ticket/15259">https://dev.openwrt.org/ticket/15259</a> . In short i need this options:</p>
<p>dynamic_vlan=2<br />vlan_naming=1<br />vlan_tagged_interface=vr2</p>
<p>added to the /var/etc/hostapd_ath0xxxx.conf. However, this conf file is overwritten each time, the interface is adjusted.</p>
<p>Is it possible to add a freely configurable field where it is possible to add advanced options as it is existing for OpenVPN?</p>
<p>Or even better can you add options to the wireless interface configuration to enable dynamic vlan assginment?</p> pfSense - Feature #4632 (New): Support for Multipath TCP (MPTCP)https://redmine.pfsense.org/issues/46322015-04-18T08:17:23ZCullen TreyCullen.Trey@web.de
<p>Hi,</p>
<p>i have read a lot of articles about MPTCP recently. So I wondered why the best router OS pfsense is not supporting it. Perhaps none of the developers knows about it? Or FreeBSD is not supporting it? However, for FreeBSD there seems to be some kind of support:</p>
<p><a class="external" href="https://www.freebsd.org/news/status/report-2012-04-2012-06.html#Multipath-TCP-%28MPTCP%29-for-FreeBSD">https://www.freebsd.org/news/status/report-2012-04-2012-06.html#Multipath-TCP-%28MPTCP%29-for-FreeBSD</a></p>
<p>But what does MPTCP: It bundles diffent network connections of the tcp layer, so the application can use multiple (internet) connections without even knowing it.</p>
<p><a class="external" href="https://tools.ietf.org/html/rfc6182">https://tools.ietf.org/html/rfc6182</a><br /><a class="external" href="https://tools.ietf.org/html/rfc6824">https://tools.ietf.org/html/rfc6824</a></p>
<p>Why is it so important for me: Well it supports some scenarios which pfsense tries to support i.e. with apinger etc. in a much "better" way: Gateway failover, utilising multiple internet connections in the <img src="same" alt="" /> tcp session!</p>
<p>IF YOU COULD ADD THIS FEATURE, IT IS POSSIBLE TO BUILD SYSTEMS LIKE THESE: <a class="external" href="http://www.viprinet.com">http://www.viprinet.com</a></p>
<p>Even IOS supports it for Siri!</p>
<p>Kind regards and i would love to see this feature!</p> pfSense - Bug #4474 (Confirmed): IP address change triggers reload of all packageshttps://redmine.pfsense.org/issues/44742015-02-25T14:43:25ZCullen TreyCullen.Trey@web.de
<p>Hey!</p>
<p>When OpenVPN restarts and the clients or servers are assigned to interfaces, the packages are reloaded. They are even reloaded when the ip has not been changed at all...<br />Here the log showing two things. First, the real interface: ovpnc1 is known the the newwanip "process". Secound, the ip change of 10.40.91.2 -> 10.40.91.2 restarts packages.</p>
<p>Feb 25 21:27:28 php-fpm<sup><a href="#fn66452">66452</a></sup>: /rc.newwanip: Creating rrd update script<br />Feb 25 21:27:29 php-fpm<sup><a href="#fn37734">37734</a></sup>: /rc.linkup: Ignoring link event for ovpn interface<br />Feb 25 21:27:29 php-fpm<sup><a href="#fn37734">37734</a></sup>: /rc.newwanip: rc.newwanip: Info: starting on ovpnc1.<br />Feb 25 21:27:29 php-fpm<sup><a href="#fn37734">37734</a></sup>: /rc.newwanip: rc.newwanip: on (IP address: 10.0.8.xx) (interface: OVPNxxx1[opt2]) (real interface: ovpnc1).<br />Feb 25 21:27:29 check_reload_status: Reloading filter<br />Feb 25 21:27:30 php-fpm<sup><a href="#fn66452">66452</a></sup>: /rc.newwanip: pfSense package system has detected an IP change or dynamic WAN reconnection - 10.40.91.2 -> 10.40.91.2 - Restarting packages.<br />Feb 25 21:27:30 check_reload_status: Starting packages</p> pfSense - Bug #3554 (Closed): apinger and OpenVPN: Gateway down after OpenVPN client service restarthttps://redmine.pfsense.org/issues/35542014-03-28T07:48:45ZCullen TreyCullen.Trey@web.de
<p>Hi,</p>
<p>when i restart the OpenVPN client service, which has an interface assigned, the correspondig gateway is going down and never comes up again. The same holds true, if the openVPN server is restartet and the clients reconnect.</p>
<p>In both cases the openVPN client reconnects, however the gateway stays down.</p>
<p>The gateway for the OpenVPN client has a manuelly set monitoring IP. This works on startup, after a reboot of the server. Another way to get the gateway up again is to restart apinger.</p>
<p>In combination with Gateway Groups, the failover or load balancing options are not working as the gateway is still down.</p>
<p>This behavour has version 2.1 and the newest 2.1.1-PRERELEASE (i386) built on Wed Mar 26 13:50:29 EDT 2014.</p>