pfSense bugtracker: Issueshttps://redmine.pfsense.org/https://redmine.pfsense.org/favicon.ico?16780521162020-02-22T23:50:35ZpfSense bugtracker
Redmine pfSense - Bug #10281 (Not a Bug): I can unassign interface even if it is used in FRR OSPFhttps://redmine.pfsense.org/issues/102812020-02-22T23:50:35ZConstantine Kormashev
<p>There was IPsec VTI tunnel with assigned interface. The interface was used in FRR OSPF settings as OSPF interface. If I remove interface from assigned it still exists in FRR OSPF settings. No warnings during unassigning, I could only find the issue when tried to disable IPsec VTI entry, I got warning: <code>Cannot disable a Phase 1 with a child Phase 2 while the interface is assigned. Remove the interface assignment before disabling this P2</code>. But there was not assigned interface related to this IPsec entry, interface was deleted, excepting previously assigned interface is still in FRR OSPF settings.<br />The warning is not easy to figure out if you do not know/remember where else related interface was used. I guess we need warning for unassigning interface if one is used in FRR, or delete it from FRR config.</p> pfSense - Bug #10184 (Resolved): Shaper Add Child Scheduler options Codel wrong description linkhttps://redmine.pfsense.org/issues/101842020-01-13T23:28:44ZConstantine Kormashev
<p>In Add Child web-page of Shaper interface Scheduler options checkbox Codel Active Queue leads to page which does not contain any information about Controlled Delay Active Queue Management.</p> pfSense - Bug #9867 (Resolved): Packet Capture IPv6 rejects all packets if CARP type is set in Pr...https://redmine.pfsense.org/issues/98672019-10-31T07:53:14ZConstantine Kormashev
<p>Packet Capture IPv6 rejects all packets if <strong>CARP</strong> type is set in <strong>Protocol</strong> field.<br />It might be an upstream issue.</p>
<pre>
tcpdump -i vmx0 ip6 and carp
tcpdump: expression rejects all packets
</pre> pfSense - Bug #9151 (Not a Bug): Console menu entry (14 SSH) is not updated properly after perfor...https://redmine.pfsense.org/issues/91512018-11-26T05:32:26ZConstantine Kormashev
<p>If SSH is disabled from menu, the menu might entry still show Disable Secure Shell. And vice versa if SSH is enabled from menu, the menu might entry still show Enable Secure Shell.</p>
<pre>
0) Logout (SSH only) 9) pfTop
1) Assign Interfaces 10) Filter Logs
2) Set interface(s) IP address 11) Restart webConfigurator
3) Reset webConfigurator password 12) PHP shell + pfSense tools
4) Reset to factory defaults 13) Update from console
5) Reboot system 14) Enable Secure Shell (sshd)
6) Halt system 15) Restore recent configuration
7) Ping host 16) Restart PHP-FPM
8) Shell
Enter an option: 14
SSHD is currently disabled. Would you like to enable? [y/n]? y
Writing configuration... done.
Enabling SSHD...
Reloading firewall rules. done.
0) Logout (SSH only) 9) pfTop
1) Assign Interfaces 10) Filter Logs
2) Set interface(s) IP address 11) Restart webConfigurator
3) Reset webConfigurator password 12) PHP shell + pfSense tools
4) Reset to factory defaults 13) Update from console
5) Reboot system 14) Enable Secure Shell (sshd)
6) Halt system 15) Restore recent configuration
7) Ping host 16) Restart PHP-FPM
8) Shell
</pre><br />Here it shows Enable Secure Shell instead Disable Secure Shell. But sometimes it works without the issue pfSense - Bug #8880 (Resolved): [PHP7] warning on system_gateways.php and extra item in gateways ...https://redmine.pfsense.org/issues/88802018-09-10T06:24:45ZConstantine Kormashev
<p>244-RC<br /><pre>
FreeBSD pf5100v.lab 11.2-RELEASE-p2 FreeBSD 11.2-RELEASE-p2 #1 d792717682e(factory-RELENG_2_4_4): Thu Sep 6 00:07:43 EDT 2018 root@buildbot3:/crossbuild/244/obj/amd64/as0Ifpf7/crossbuild/244/pfSense/tmp/FreeBSD-src/sys/pfSense amd64
</pre></p>
<p>I got a php warning after deleting gateway group and switching to gateways<br /><pre>
Warning: Illegal string offset 'inactive' in /etc/inc/gwlb.inc on line 601
Warning: Illegal string offset 'monitor' in /etc/inc/gwlb.inc on line 646
Warning: Illegal string offset 'friendlyiface' in /etc/inc/gwlb.inc on line 653
Warning: Illegal string offset 'interface' in /etc/inc/gwlb.inc on line 659
Warning: Cannot assign an empty string to a string offset in /etc/inc/gwlb.inc on line 659
Warning: Illegal string offset 'attribute' in /etc/inc/gwlb.inc on line 672
</pre><br />Also I can see extra object 0</p>
<p><img src="https://redmine.pfsense.org/attachments/download/2569/err.png" alt="" /></p>
<p>There is difference between old and current config:<br /><pre>
--- /conf/backup/config-1536577702.xml 2018-09-10 14:08:31.633812000 +0300
+++ /conf/config.xml 2018-09-10 14:08:31.646044000 +0300
@@ -1947,8 +1947,8 @@
</domainoverrides>
</unbound>
<revision>
- <time>1536577702</time>
- <description><![CDATA[admin@192.168.129.2 (Local Database): System - Gateways: save default gateway]]></description>
+ <time>1536577711</time>
+ <description><![CDATA[admin@192.168.129.2 (Local Database): Gateway Groups: removed gateway group 0]]></description>
<username>admin@192.168.129.2 (Local Database)</username>
</revision>
<cert>
@@ -2261,15 +2261,9 @@
</ppp>
</ppps>
<gateways>
- <gateway_group>
- <name>GWGR</name>
- <item>LAN_DHCP|1|address</item>
- <item>WAN_DHCP|1|address</item>
- <trigger>down</trigger>
- <descr></descr>
- </gateway_group>
<defaultgw4>WAN_DHCP</defaultgw4>
<defaultgw6>-</defaultgw6>
+ <gateway_item></gateway_item>
</gateways>
<dnsupdates>
<dnsupdate>
</pre></p> pfSense - Bug #8842 (Not a Bug): pfSense-pkg-aws-wizard-php72 sticks during installhttps://redmine.pfsense.org/issues/88422018-08-27T08:12:28ZConstantine Kormashev
<p>I tried to install pfSense-pkg-aws-wizard-php72 for 244 factory built on Wed May 30 14:47:02 EDT 2018 FreeBSD 11.2-BETA3 and install just stuck on <code>[10/109] Deinstalling php56-pear-Crypt_CHAP-1.5.0...</code> I waited for hour but it changed nothing.<br />Interesting I can see pkg in installed, but nothing in menu:<br /><pre>
pkg info | grep aws
aws-sdk-php72-3.61.8 PHP interface for Amazon Web Services (AWS)
pfSense-pkg-aws-wizard-php72-0.7_1 PfSense package AWS VPC VPN Connection Wizard
</pre><br />Log and crash are in attachment</p> pfSense - Bug #8728 (Resolved): Can not create VIP after deleting existed onehttps://redmine.pfsense.org/issues/87282018-08-01T05:01:02ZConstantine Kormashev
<p>I deleted VIP and tried to create new one on latest and got the error:</p>
<pre>
Warning: Illegal string offset 'vip' in /usr/local/www/firewall_virtual_ip_edit.php on line 39
Warning: Illegal string offset 'vip' in /usr/local/www/firewall_virtual_ip_edit.php on line 42
Fatal error: Uncaught Error: Cannot create references to/from string offsets in /usr/local/www/firewall_virtual_ip_edit.php:42
Stack trace: #0 {main} thrown in /usr/local/www/firewall_virtual_ip_edit.php on line 42
PHP ERROR: Type: 1, File: /usr/local/www/firewall_virtual_ip_edit.php,Line: 42,
Message: Uncaught Error: Cannot create references to/from string offsets in /usr/local/www/firewall_virtual_ip_edit.php:42 Stack trace: #0 {main} thrown
</pre> pfSense - Bug #8714 (Resolved): error in services_dhcpv6.php after clicking on Save button in cas...https://redmine.pfsense.org/issues/87142018-07-29T01:02:26ZConstantine Kormashev
<p>Error occurs only in case RA was not setup before enabling DHCPv6</p>
<pre>
Warning: Illegal string offset 'lan' in /usr/local/www/services_dhcpv6.php on line 416
Warning: Illegal string offset 'lan' in /usr/local/www/services_dhcpv6.php on line 419
Fatal error: Uncaught Error: Cannot use string offset as an array in /usr/local/www/services_dhcpv6.php:419
Stack trace: #0 {main} thrown in /usr/local/www/services_dhcpv6.php on line 419
PHP ERROR: Type: 1, File: /usr/local/www/services_dhcpv6.php, Line: 419,
Message: Uncaught Error: Cannot use string offset as an array in /usr/local/www/services_dhcpv6.php:419 Stack trace: #0 {main} thrown
</pre>
<p>This is hard to reproduce, if RA was enabled even once on device and disabled after, the issue does not occur.<br />Related <a class="external" href="https://redmine.pfsense.org/issues/8679">https://redmine.pfsense.org/issues/8679</a></p> pfSense - Bug #8679 (Resolved): error in services_router_advertisements.php after clicking on Sav...https://redmine.pfsense.org/issues/86792018-07-23T04:53:09ZConstantine Kormashev
<p>The error occurs in services_router_advertisements.php after clicking on Save button<br /><pre>
Warning: Illegal string offset 'lan' in /usr/local/www/services_router_advertisements.php on line 209
Warning: Illegal string offset 'lan' in /usr/local/www/services_router_advertisements.php on line 212
Fatal error: Uncaught Error: Cannot use string offset as an array in /usr/local/www/services_router_advertisements.php:212
Stack trace: #0 {main} thrown in /usr/local/www/services_router_advertisements.php on line 212
PHP ERROR: Type: 1, File: /usr/local/www/services_router_advertisements.php,
Line: 212, Message: Uncaught Error: Cannot use string offset as an array in /usr/local/www/services_router_advertisements.php:212
Stack trace: #0 {main} thrown
</pre></p> pfSense - Bug #8678 (Resolved): unexpected error string on web page services_dhcpv6.phphttps://redmine.pfsense.org/issues/86782018-07-23T04:50:37ZConstantine Kormashev
<p>In case any actions are performed on services_dhcpv6.php error string appears at the page's frame:<br /><pre>
Warning: Illegal string offset 'item' in /usr/local/www/services_dhcpv6.php on line 959
</pre></p> pfSense - Bug #8630 (Resolved): Web-GUI PHP error in brige after removing all interfaces were in ...https://redmine.pfsense.org/issues/86302018-07-10T02:02:38ZConstantine Kormashev
<p>If device has several interfaces in bridge and all those interfaces are deleted, Web-GUI shows error in <a class="external" href="https://&lt;addr&gt;/interfaces_bridge.php">https://&lt;addr&gt;/interfaces_bridge.php</a><br /><pre>
Warning: Illegal string offset 'bridged' in /usr/local/www/interfaces_bridge.php on line 32 Warning:
Illegal string offset 'bridged' in /usr/local/www/interfaces_bridge.php on line 35
Fatal error: Uncaught Error: Cannot create references to/from string offsets in /usr/local/www/interfaces_bridge.php: 35
Stack trace: #0 {main} thrown in /usr/local/www/interfaces_bridge.php on line 35
PHP ERROR: Type: 1, File: /usr/local/www/interfaces_bridge.php, Line: 35, Message:
Uncaught Error: Cannot create references to/from string offsets in /usr/local/www/interfaces_bridge.php:35 Stack trace: #0 {main} thrown
</pre><br />Looks like this is reaction on empty <code><bridge></bridge></code> section of config. <br />Before deleting interfaces:<br /><pre>
<bridged>
<members>lan,opt1,opt2</members>
<descr><![CDATA[BRIDGE]]></descr>
<maxaddr></maxaddr>
<timeout></timeout>
<maxage></maxage>
<fwdelay></fwdelay>
<hellotime></hellotime>
<priority></priority>
<proto>rstp</proto>
<holdcnt></holdcnt>
<ip6linklocal></ip6linklocal>
<ifpriority></ifpriority>
<ifpathcost></ifpathcost>
<edge>lan,opt1,opt2</edge>
<bridgeif>bridge0</bridgeif>
</bridged>
</pre><br />After deleting interfaces:<br /><pre>
<bridges>
</bridges>
</pre><br />Config without bridges does not have this section at all. Maybe it would be better to delete bridge in case all interfaces composed bridge are not available.</p> pfSense - Bug #8567 (New): Using IPv6 VIP alias for services may affect CARP IPv6 VIP workhttps://redmine.pfsense.org/issues/85672018-06-12T13:26:37ZConstantine Kormashev
<p>During investigation of customer request found IPv6 VIP alias for services may affect CARP IPv6 VIP work. CARP IPv6 VIPs may stops their work until device reboot.<br />For some unknown reason CARP IPv6 VIP stops working even in L2 segments in case IPv6 alias which was bound with service. It produces error during ping <em>Can't assign requested address</em> E.g. some alias was IPsec interface. In that case the alias still works tunnel established and keep-alive work, traffic forwarded via tunnel, but CARP IPv6 VIPs stop their work. Just changing service address does not help, device needs reboot.<br />May be related <a class="external" href="https://redmine.pfsense.org/issues/8566">https://redmine.pfsense.org/issues/8566</a></p> pfSense - Bug #8566 (New): Wrong IPv6 source in NS request in case using of IPv6 aliashttps://redmine.pfsense.org/issues/85662018-06-12T13:26:08ZConstantine Kormashev
<p>During investigation of customer request found system uses wrong IPv6 sources for NS requests therefore they never be completed. For unknown reason system tries to send NS from other IPv6 address which is defined on the same interface. This address is bound with service that tries to establish connection, in this case this is IPsec.<br />Lab example:<br />1st device pf3 has primary IPv6 2003::10/64 and additional alias 2001::2/64<br />2nd device pf4 has primary IPv6 2002::11/64 and additional alias 2001::1/64</p>
<p>2001::0/64 serves for connection between devices. Each of them has a route via this network to primary IPv6 address of another. IPsec setup on these primary IPv6 addresses.</p>
<p>2003::10/64 and 2002::11/64 try to get MAC of 2001::1/64 and 2001::2/64 that are in another network:<br />21 10.557327 <strong>2003::10</strong> ff02::1:ff00:1 ICMPv6 86 Neighbor Solicitation for <strong>2001::1</strong> from 00:0c:29:8e:58:2e<br />22 10.618536 <strong>2002::11</strong> ff02::1:ff00:2 ICMPv6 86 Neighbor Solicitation for * 2001::2* from 00:0c:29:82:01:e2</p>
<p>Valid request from device with 2003::10/64 and 2001::2/64. I made one with ping6 -S 2001::2 2001::1<br />27 13.699943 <strong>2001::2</strong> ff02::1:ff00:1 ICMPv6 86 Neighbor Solicitation for <strong>2001::1</strong> from 00:0c:29:8e:58:2e<br />29 13.700148 2001::1 2001::2 ICMPv6 86 Neighbor Advertisement 2001::1 (rtr, sol, ovr) is at 00:00:5e:00:01:2c</p>
<p>After valid NS/NA 2003::10/64 can ping 2001::1/64<br />41 14.819118 2003::10 2001::1 ICMPv6 62 Echo (ping) request id=0x4b40, seq=9843, hop limit=64 (reply in 42)<br />42 14.819166 2001::1 2003::10 ICMPv6 62 Echo (ping) reply id=0x4b40, seq=9843, hop limit=64 (request in 41)</p>
<p>VM configs and pcaps are in attachment</p> pfSense - Bug #8502 (Confirmed): main (top) menu items do not drop down in some cases https://redmine.pfsense.org/issues/85022018-05-09T08:26:31ZConstantine Kormashev
<p>During testing php7 found main (top) menu items do not drop down on final pages of some pkgs, e.g. arpping, mtr. These pkgs do not have a problem themselves, stat page, processing and result page are well, this is only web-gui menu issue.<br />Stephen Beaver confirmed this is not php7 related issue.</p> pfSense - Bug #8494 (Resolved): pressing Enter in pftop filter field redirects to another pagehttps://redmine.pfsense.org/issues/84942018-05-03T04:40:52ZConstantine Kormashev
<p>If I press Enter in pftop filter field system redirects me to another page instead showing result in Output frame.</p>
<p>E.g.<br />for <code>host 1.1.1.1</code> it shows<br /><pre>
pfTop: Up State no entries (8), View: default, Order: bytes PR DIR SRC DEST STATE AGE EXP PKTS BYTES
</pre><br /><img src="https://redmine.pfsense.org/attachments/download/2411/1111.png" title="1.1.1.1" alt="1.1.1.1" /></p>
<p>for <code>host 172.21.41.127</code> it shows<br /><pre>
pfTop: Up State 1-2/2 (9), View: default, Order: bytes PR DIR SRC DEST STATE AGE EXP PKTS BYTES udp In 172.21.41.127:1194 172.21.41.138:1194 MULTIPLE:MULTIPLE 01:21:35 00:00:58 1285 169271 udp In 172.21.41.127:17500 172.21.41.255:17500 NO_TRAFFIC:SINGLE 00:16:39 00:00:22 34 6664
</pre><br /><img src="https://redmine.pfsense.org/attachments/download/2412/1722141127.png" title="172.21.41.127" alt="172.21.41.127" /></p>
<p>And for any wrong syntax request it shows<br /><pre>
Invalid filter, check syntax
</pre><br /><img src="https://redmine.pfsense.org/attachments/download/2413/err.png" title="syntax error" alt="syntax error" /></p>
<p>Video demonstrates the issue:<br /><a class="external" href="https://youtu.be/TWqdtVJSO_8?t=3m9s">https://youtu.be/TWqdtVJSO_8?t=3m9s</a></p>