pfSense bugtracker: Issueshttps://redmine.pfsense.org/https://redmine.pfsense.org/favicon.ico?16780521162023-10-22T17:24:02ZpfSense bugtracker
Redmine pfSense - Feature #14907 (New): DNS Resolution on Diagnostics > States Summaryhttps://redmine.pfsense.org/issues/149072023-10-22T17:24:02ZWolfgang Thegreat
<p>Hello,</p>
<p>In version 2.7.0, the page of Diagnostics > States Summary shows numeric IPs, which are sometimes hard to understand / remember their meaning, so I ask to have a checkbox at this page to add their matching name next to the numeric IP value - either, as first option, their local pfSense alias name and if non exists, then do a reverse DNS lookup to find their DNS name.</p>
<p>Thank you.</p> pfSense - Feature #14860 (New): Column consistancy between DHCP Static mapping and ARPhttps://redmine.pfsense.org/issues/148602023-10-10T20:05:01ZJohn Weithman
<p>Just a suggestion that the column IP and MAC be swapped in the table for Diagnostics / ARP. This would be consistant in showing MAC, IP, Hostname (at least these 3 columns) in the same.</p>
<p>I was copy/pasting from both tables to do some comparison and noticed the difference and thought it would be better.</p> pfSense - Feature #13805 (New): A way to reliably determine if system is the primary or secondary...https://redmine.pfsense.org/issues/138052022-12-26T15:29:16ZChristopher Cope
<p>There is no current way, as far as I can tell, to reliably determine if the current system is the primary or secondary.</p>
A few of the current ways include:
<ul>
<li>"Synchronize Config to IP" isn't set it's likely secondary, but isn't certain.</li>
<li>Checking the advskew is a good way, but these are sometimes changed, so it isn't 100% either.</li>
</ul>
<p>My thoughts are to add a setting to System > High Avail. Sync for Primary/Secondary.</p>
This would allow behavior specific to that to be implemented. Such as:
<ul>
<li>Disabling the ability to toggle CARP maintenance mode on the Secondary, to avoid confusion.</li>
<li>Auto filling advskew when creating new VIPs</li>
<li>etc.</li>
</ul>
<p>I could write the code and submit a merge request for this, but would appreciate any thoughts / comments on anything I may be missing before I do that.</p> pfSense - Feature #13732 (New): Allow the use of macros within aliaseshttps://redmine.pfsense.org/issues/137322022-12-07T11:33:09ZLuc Courville
<p>Because of limitation of IPv6 at the current way. (Traffic is allow between Vlan) I found a solution but this will be better if we can have more flexibility.</p>
<p>Can you make the option to create an Alias with Interface net and interface address.(drop down list) (same as when we create rules in destination drop down list) (ex: This Firewall, any, Alias or host, interface_name net....)<br />That way when we create a alias we choose Lan net, dmz net....<br />After that we can create a any rules with that alias.</p>
<p>There is my workaround about ipv6 traffic. <br /><img src="https://redmine.pfsense.org/attachments/download/4558/clipboard-202212071225-g4pv3.png" alt="" /><br />I create an interface group and add all local net. (Dynamic ipv6 from ISP)<br />Then create all rules for my need and it seem to work.</p>
<p>All other tab is reserved to IPv4 only.</p>
<p>If we can have alias as request the correct rules could be in tab interface instead of having lots of deny rules.</p>
<p>Best way to have the same behavior as we have in ipv4 (block all communication between vlan).</p> pfSense - Feature #12521 (New): Add the BBR2, QUIC, RACK Congestion Control (CC) protocolshttps://redmine.pfsense.org/issues/125212021-11-12T21:11:13ZSergei Shablovsky
<p>Changing character of traffic in last 5-7 years powered extremely by the fact that <br />- 80%+ of users using mobile devices (smartphones and tablets);<br />- IoT and SmartHome technologies become widely using</p>
<p>create request for modern, more effective Congestion Control (CC) technologies.</p>
<p>And this is the time where BBR2, QUIC, RACK protocols come in. Some of them already integrated in most popular nix base distributives.</p>
<p>Some of proofs are here <a class="external" href="https://forum.netgate.com/post/1009051">https://forum.netgate.com/post/1009051</a> and in this tread <a class="external" href="https://forum.netgate.com/topic/163744/any-chances-to-get-netflix-s-open-connect-appliance-oca-tcp-code-rack-and-bbr-into-pfsense">https://forum.netgate.com/topic/163744/any-chances-to-get-netflix-s-open-connect-appliance-oca-tcp-code-rack-and-bbr-into-pfsense</a>
==============================================================</p>
<p>Because the pfSense are a “heart” of any business or private network, better to add ability to be able using BBR2, QUIC, RACK protocols in a pfSense-tuned version of FreeBSD.</p>
<p>==============================================================<br />Useful Links<br />BBR - <a class="external" href="https://github.com/Netflix/tcplog_dumper">https://github.com/Netflix/tcplog_dumper</a><br />RACK / SACK - <a class="external" href="https://forums.freebsd.org/threads/tcp-rack-and-sack.80633/">https://forums.freebsd.org/threads/tcp-rack-and-sack.80633/</a><br />QUIC - <a class="external" href="https://www.reddit.com/r/PFSENSE/comments/ajs0qy/quic_protocol/">https://www.reddit.com/r/PFSENSE/comments/ajs0qy/quic_protocol/</a></p> pfSense - Bug #12067 (New): DHCP Monitoring Statistics Errorhttps://redmine.pfsense.org/issues/120672021-06-21T08:39:05ZEvgeny Korostelev
<p>I have 2 DHCP pool (51 + 51 IP address) in one network (see attachments screen)<br />But monitoring DHCP show maximum dhcprange - 51 IP address</p> pfSense - Todo #12025 (New): Add 1:1 Validation to Notify Someone They are 1:1 NAT'ing an Interfa...https://redmine.pfsense.org/issues/120252021-06-10T17:34:03ZKris Phillips
<p>Although it is VERY rarely necessary, we should add a banner to the top of the 1:1 NAT page notifying end users that they have just 1:1 NAT'ed the WAN interface address and this is usually not recommended due to connectivity issues for dpinger, IPSec, etc. that may occur. Often we see users 1:1 NAT their WAN address out of lack of experience/understanding. Additionally, this should be useful if there was a way to verify against an HA member as well or CARP VIP as it can sometimes be easy to forget that your secondary unit is using the 1:1 NAT address you just configured on the primary and pushed it to the secondary (which then causes gateway monitoring to fail on that interface).</p> pfSense - Feature #11169 (New): Changing interface index orderhttps://redmine.pfsense.org/issues/111692020-12-17T05:44:26ZConstantine Kormashev
Current configuration operates interface indexes instead of real interfaces, e.g.<br />wan->igb0<br />lan->igb1<br />opt1->igb2<br />opt2->igb3<br />opt3->igb1.10<br />opt4->igb1.20<br />opt5->ovpn1<br />opt6->igb1.30<br />and so on. That makes configuring more smooth and flexible. But in the current implementation if some interfaces were deleted indexes are not rearranged and this might lead to some issues especially in config sync. E.g. in the example above if opt5 is deleted opt6 will not become opt5. Moreover, if a new interface assigned it acquires the lowest free index in the case above opt5. This situation can easily lead to errors in the HA cluster configuration. E.g. 3 interfaces add on primary and 2nd was deleted due to it was added by mistake. E.g. opt1, opt2, opt3 were added, opt2 was deleted, so final it is opt1, opt3. But during configuring secondary final picture is different it is opt1, opt2 because of no mistake. That leads to a config sync issue. And this is totally unclear for people who do not know what really happens under the hood. The only way to fix it on secondary is setup from scratch or manual config editing. Sometimes even setup from scratch becomes tricky. See 1st example, it is not possible to create opt5 without making a fake OpenVPN.<br />It would be good to solve this issue. There are some ways for that:
<ul>
<li>allow rearranging index manually from indexes list</li>
<li>make indexes totally unique and set indexes manually during assigning interface</li>
<li>sync interface settings from primary to secondary with auto assigning IP/mask from the predefined network</li>
</ul>
<p>Also for escaping making fake VPN instances during initial secondary setup, change index enumeration and use increased numbers from 0 for physical interface and decreased from uint32 max for software interfaces like VPN, etc, e.g.<br /> opt1->igb2<br /> opt2->igb3<br /> opt4294967295->ovpn1<br /> opt4294967294->ovpn2</p> pfSense - Feature #10645 (New): Choosing active repo after restoring config but before starting p...https://redmine.pfsense.org/issues/106452020-06-09T11:17:55ZConstantine Kormashev
<p>The current behavior is if a certain repo is set, config contains an entry for this, like <code><pkg_repo_conf_path>/usr/local/share/pfSense/pkg/repos/pfSense-repo-xxx.conf</pkg_repo_conf_path></code> and device has different firmware version from config original, but also has the same repo set. Then, if the config is restored on that device pkgs anyway will be installed from default repo for current firmware version installed on the device. E.g. config from 2.4.5 has a <em>2.4.4-deprecated repo</em> set, the device has 2.4.4-p3, and uses the same <em>2.4.4-deprecated repo</em>. Then after restoring config pkgs will be installed from default <em>2.4.x-stable repo</em>, it looks like the preferred repo was not set anywhere. This might lead to a problem with the wrong pkgs versions.</p>
<p>It would be good if after restoring config, but before auto-installing pkgs, the user can choose that repo has to be used on the device.</p> pfSense - Feature #10250 (New): DHCP lease view by interfacehttps://redmine.pfsense.org/issues/102502020-02-11T06:11:30ZCiro Maretto
<p>Improve view: Group customers by interface.</p> pfSense - Feature #8879 (New): DHCP options ADD force optionshttps://redmine.pfsense.org/issues/88792018-09-07T09:11:16Zjonathan MANTOVANI
<p>DHCP server offer the possiblilty to add DHCP options.<br />Maybe add for options the possibility to force the options (with a checkbox).<br />exemple on dnsmasq conf : --dhcp-option-force=208,f1:00:74:7e INSTEADOF --dhcp-option=208,f1:00:74:7e</p> pfSense - Feature #8694 (New): Client CA Auth for PFSense WebGuihttps://redmine.pfsense.org/issues/86942018-07-26T07:13:47ZStefan Bühler
<p>Hi all<br />Could you add the possibility to authentificate with a client certificate for accessing the pfsense webgui</p>
<p>Stefan</p> pfSense - Feature #6804 (New): Add row counter into Diagnostics -> Edit Filehttps://redmine.pfsense.org/issues/68042016-09-21T21:23:13ZTCI User
<p>Will be extremely helpful if the rows in the Diagnostics -> Edit File window are presented with a number.</p>
<p>In this case you cannot get lost while scrolling up and down into a file.</p>
<p>NOTE: As a work around at the moment I copy the file into my external text editor (Notepad++), make the necessary changes and then copy it back.</p> pfSense - Todo #6727 (New): Missing file apple-touch-icon-precomposed.png ?https://redmine.pfsense.org/issues/67272016-08-18T14:10:11ZAndy Kniveton
<p>I notice this occasionally in my log files after logging in via the web browser :-</p>
<p>Aug 18 19:50:38 pfsense.localdomain nginx: 2016/08/18 19:50:38 [error] 36942#100114: *10595 open() "/usr/local/www/apple-touch-icon-precomposed.png" failed (2: No such file or directory), client: 172.16.1.20, server: , request: "GET /apple-touch-icon-precomposed.png HTTP/1.1", host: "172.16.1.1"</p>
<p>[2.3.2-RELEASE][<a class="email" href="mailto:admin@pfsense.localdomain">admin@pfsense.localdomain</a>]/root: ls /usr/local/www/apple-touch-icon-precomposed.png<br />ls: /usr/local/www/apple-touch-icon-precomposed.png: No such file or directory</p>
<p>[2.3.2-RELEASE][<a class="email" href="mailto:admin@pfsense.localdomain">admin@pfsense.localdomain</a>]/root: ls /usr/local/www/*.png<br />/usr/local/www/apple-touch-icon.png/usr/local/www/logo.png<br />/usr/local/www/logo-black.png /usr/local/www/pfs-mini.png<br />[2.3.2-RELEASE][<a class="email" href="mailto:admin@pfsense.localdomain">admin@pfsense.localdomain</a>]/root:</p>
<p>Maybe its just worth doing a symbolic link in the next pfSense build.</p> pfSense - Feature #5735 (New): Automaticaly add DHCP leases to alias list or make it readable in ...https://redmine.pfsense.org/issues/57352016-01-05T05:21:42ZA Bdaywalker@eth0.io
<p>Hi<br />Last week I had a bigger Setup to deploy with some static DHCP Leases and a few Port forwarding's. I Just want to ask if it would be possible to automate the Process of creating (and linking of course) an Alias that belongs to a DHCP Lease.<br />Something like a system wide network object. Also Maybe fpr Subnets, and Ports of course.<br />But for now i struggled with having to enter everything twice (static DHCP leases and Aliases for the Firewall Rules)</p>
<p>Best regards</p>