pfSense bugtracker: Issueshttps://redmine.pfsense.org/https://redmine.pfsense.org/favicon.ico?16780521162024-03-28T15:30:27ZpfSense bugtracker
Redmine pfSense Plus - Feature #15368 (New): Bulk import DHCP host reservationshttps://redmine.pfsense.org/issues/153682024-03-28T15:30:27ZChris W
<p>It'd be a huge time saver to import from a CSV or XML file into Kea, or even just pasting into a text field like Firewall > Alias > Bulk Import currently does.</p> pfSense Plus - Feature #15306 (New): Change Gateway Status from Pending to Unavailablehttps://redmine.pfsense.org/issues/153062024-03-03T01:25:28ZKris Phillips
<p>Per customer statement and request, gateway statuses of "Pending" are confusing as a state for gateways that do not exist yet due to dynamic allocation. Something like a state of "Unavailable" may be more appropriate wording.</p> pfSense Plus - Todo #15266 (Feedback): Prevent usage of the default password in User Manager acco...https://redmine.pfsense.org/issues/152662024-02-16T18:53:24ZJim Pingle
<p>Currently we detect in the GUI when the admin account is using the default password (<code>"pfsense"</code>) and print a warning message: source:src/usr/local/www/head.inc#L564</p>
<p>We should change that to check any account (not just <code>admin</code>) and force a password change during one or more of the user's initial interactions, for example:</p>
<ul>
<li>During the setup wizard</li>
<li>GUI login any time the password matches the default password</li>
<li>Shell (console or SSH) login any time the password matches the default password</li>
<li>Possibly during the installation process</li>
</ul>
<p>We should also not allow the user to change their password to any variation of "pfsense" in upper/lower/mixed case.</p> pfSense Plus - Feature #15186 (New): Test DNS over TLShttps://redmine.pfsense.org/issues/151862024-01-24T23:57:32ZJeff Kuehl
<p>The ability to readily confirm TLS DNS would be established once saved.</p> pfSense Plus - Feature #15070 (New): Script to fix: ld-elf.so.1: Shared object "libssl.so.30" not...https://redmine.pfsense.org/issues/150702023-12-06T05:14:20ZJonathan Lee
<p>When using boot environments to move system back a version to last stable version users can no longer check for updates. This version is displayed under GUI as a version to still use. Thus a boot environment should not contain this error for standard users it should default back also.</p>
<p>Error is:<br /><code>ld-elf.so.1: Shared object "libssl.so.30" not found, required by "pfSense-repoc"</code></p>
<p>stephenw10 fixed my issue with the linked library Boot Environment issue for plus</p>
<p><code>pkg-static upgrade -f pfSense-repoc</code></p>
<p>can we add a simple script that will auto run this command when users change to an older boot environment have a try catch error condition for this?</p>
<p>That way previous stable version boot environments do not see this error.</p> pfSense Plus - Feature #15013 (New): Speed Shift - Add Field to control lowest C-Statehttps://redmine.pfsense.org/issues/150132023-11-19T14:56:54ZDieter Kreuz
<p>Dear pfSense-team,</p>
<p>after updating to 2.7.1 i was curious how well the new speed shift GUI entries work.<br />In fact after adjusting it to per core and a value of 90, i can see my i3-7100U is able to clock somewhat lower and park the cores more often.</p>
<p>One thing in noticed with the command:<br />sysctl dev.cpu | grep cx_</p>
<p>is, that my CPU supports C1 and C2, but the lowest c-state setting was set to C1 by default:<br />dev.cpu.0.cx_method: C1/mwait/hwc C2/mwait/hwc<br />dev.cpu.0.cx_lowest: C1</p>
<p>By adding the following command to the tunables:<br />hw.acpi.cpu.cx_lowest = C2</p>
<p>I was able to get the CPU to use its C2-states too. Another XEON-pfsense setup was able to use its C3 states as well, by using the commands stated.<br />One is able to see the usage of c-states with the following command:<br />sysctl dev.cpu | grep cx_usage</p>
<p>dev.cpu.0.cx_usage_counters: 3717721 111658492<br />dev.cpu.0.cx_usage: 3.22% 96.77% last 294us</p>
<p>Would it be possible to add a new selection-field to the now existing speedshift-gui in order to be able to select the lowest c-state.<br />May the selectable values can be parsed from the cpus cabability, which is represented by the values of "dev.cpu.0.cx_method".</p>
<p>Thanks in advance.<br />Best regards<br />Dieter</p> pfSense Plus - Feature #14915 (New): MAC-aliasses / Lists with MAC-addresses would be very helpfullhttps://redmine.pfsense.org/issues/149152023-10-24T14:54:14ZLouis B
<p>I would like to create a MAC-filter using the Ethernet layer firewall and it is absolutely not practical / a good idea to define a rule for each mac-address to check. In general If you want to set a TAG in favor of policy filtering, it will almost certainly be related to a group of mac-addresses, not a single one.</p>
<p>So it would be very helpful if the firewall alias function would be extended for mac-addresses.</p> pfSense Plus - Feature #14789 (Pull Request Review): Captive Portal - Add OTP authentication opti...https://redmine.pfsense.org/issues/147892023-09-18T06:34:26ZBarry Schut
<p>I have created a small modification to the captive portal pages so it would be possible to use an OTP as login option for the portal.</p>
<p>This will allow for an ever changing password on the portal but also control over who gets to use it.</p>
<p>In my personal situation:</p>
<p>I have a guest wifi and I am using the captive portal to allow people to login. With a small hardware OTP generator (hand held device) I can grant visitors access. No fuss, no accounts, no risk of leaking details.</p>
<p>I will be creating a pull request soon.</p> pfSense Plus - Feature #14297 (New): Add Option for Vendor Class ID in DHCP Clienthttps://redmine.pfsense.org/issues/142972023-04-21T15:07:26ZKris Phillips
<p>Some ISPs require a Vendor Class ID be sent (option 60) when requesting DHCP. This can currently be accomplished in pfSense with vendor-class-identifier manually added to a dhcp config file, but adding this as a field would be helpful.</p> pfSense Plus - Feature #14252 (New): Optimization for 10GB-Connection/Throughputhttps://redmine.pfsense.org/issues/142522023-04-09T02:50:12ZDieter Kreuz
<p>Tuning a 10GB Connection, i´ve spent many days to get the most performance out of pfSense.</p>
<p>I´ve found the following commands, which drastically improved the throughput - peak-wise and providing a consistent throughput without dips:</p>
<p>This binds one core/Thread to a queue - i´ve found this is also present in the pSense-documentation, but as a non professional i had to search quite long to find how to set it up - maybe a more concrete example with what it means would be helpful:<br />net.isr.maxthreads="-1" <br />net.isr.bindthreads="1"</p>
<p>Allow interrupts on hyperthreaded cores:<br />machdep.hyperthreading_intr_allowed="1"</p>
<p>These can be added to the loader.conf.local.<br />Maybe this helps if someone can´t consistent and good 10GB performance.<br />Would it be possible to extend the pfSense-documentation or even add these options as checkboxes<br />e.g. under the Tab "Networking" Section "Network Interfaces" - like "Optimize Thread-/Queue usage" and "Make logical cores available for interrupt handling" - both with a litte explanation?</p>
<p>Thanks in advance.<br />Puni</p> pfSense Plus - Feature #14205 (New): Allow for maximum concurrent users, per user, in captive portalhttps://redmine.pfsense.org/issues/142052023-03-30T07:05:21ZAlex Rubenstein
<p>We have several schools who wish to impose how many devices are allowed to have access via the Captive Portal, per user.</p> pfSense Plus - Feature #14133 (New): Exporting and Importing - Change Layouthttps://redmine.pfsense.org/issues/141332023-03-20T03:47:01ZSteven Cedrone
<p>Please change Backup & Restore to allow for choosing only what areas you want to import/export without having to do it one area at a time.</p>
<p>The drop down-style boxes for "Backup Area" and "Restore Area" should allow you to hold CTRL and choose multiple areas at a time. Or change the drop-down boxes to scrolling boxes similar to other Areas of PfSense when you select Multiple WAN or LAN connections in PfBlocker for example.</p>
<p>This would be quite handy for exporting partial settings for new setup-up's without having to do it area by area.</p> pfSense Plus - Feature #14131 (New): Add Dynamic DNS Service: DYNUhttps://redmine.pfsense.org/issues/141312023-03-20T03:30:05ZSteven Cedrone
<p>Please add Dynamic DNS provider DYNU</p>
<p><a class="external" href="https://www.dynu.com/en-US/">https://www.dynu.com/en-US/</a></p>
<p>It's working now but sometimes won't update and it appears it's PfSense causing it because other non PfSense routers that update on the same connection will update all the time without fail.</p>
<p>Update URL:<br /><a class="external" href="https://api.dynu.com/nic/update?hostname=XXXXXX.ddnsfree.com&password=999999">https://api.dynu.com/nic/update?hostname=XXXXXX.ddnsfree.com&password=999999</a> (EXAMPLE)</p>
<p>Result Match:<br />good|nochg|good <span>IP</span></p> pfSense Plus - Feature #12546 (New): Add 2FA Support to pfSense Plus Local Database Authenticationhttps://redmine.pfsense.org/issues/125462021-11-27T17:36:40ZKris Phillips
<p>To eliminate the reliance on unsupported packages like freeRADIUS for making this work, we should add the capability to the built-in user database in pfSense for time-based tokens. This could be "bolted on" to the end of passwords similar to how other options accomplish this for OpenVPN or IPSec VPNs, but we may be able to add a field to the webConfigurator login for 2FA.</p> pfSense Plus - Feature #11920 (New): SAML Authentication for pfSense (VPN and webConfigurator)https://redmine.pfsense.org/issues/119202021-05-13T14:27:23ZKris Phillips
<p>A customer has requested SAML authentication support for things like Azure as an alternative to LDAP and RADIUS. Please reference internal ticket number 84890 for more details.</p>
<p>There are some projects that exist for making the webConfigurator work with SAML for authentication. See here:<br /><a class="external" href="https://github.com/jaredhendrickson13/pfsense-saml2-auth">https://github.com/jaredhendrickson13/pfsense-saml2-auth</a></p>
<p>Additionally, it seems that OpenVPN has support for this as an authentication method.</p>