pfSense bugtracker: Issueshttps://redmine.pfsense.org/https://redmine.pfsense.org/favicon.ico?16780521162024-01-26T14:31:35ZpfSense bugtracker
Redmine pfSense - Bug #15194 (Incomplete): PHP Fatal error in easyrule CLIhttps://redmine.pfsense.org/issues/151942024-01-26T14:31:35ZDavid Johnston
<p>Running "easyrule block wan 1.0.152.114" via ssh caused an error.<br />It looks like it's a problem in backup_config().<br />It's actually a permissions error; easyrule needs to be run as root.</p>
<p>Possible fixes:<br />1. chmod 700 /usr/local/bin/easyrule<br />2. Add a check to the PHP to report permissions errors.</p> pfSense Plus - Bug #15017 (Incomplete): DHCP relay CARP status VIP function is not working in pfs...https://redmine.pfsense.org/issues/150172023-11-20T19:51:25ZRobert Karsai
<p>Hello,<br />It seems that after 23.05.1->23.09 upgrade DHCP relay CARP status VIP function is not working properly, DHCP relay agent stays active all times (dhcrelay stays green on the dashboard widget, also pgrep dhcrelay<br />returns running processes in CLI), it will not be stopped when the chosen VIP is in BACKUP status. Not a big deal, there can be two active relay agents in the same network, but this is not how it supposed to work. Strangely this only affects our pfSense+ 23.09 clusters, in pfSense CE 2.7.1 this is not an issue.<br />--<br />BR<br />Robert</p> pfSense Packages - Bug #14861 (Incomplete): Telgraf package needs updating for for PHP 8.1 and hi...https://redmine.pfsense.org/issues/148612023-10-10T21:05:56ZDavid Bowen
<p>i was directed to report this issue here</p>
<p><a class="external" href="https://forum.netgate.com/topic/183151/telegraf-stopped-working-after-update-to-2-7/3">https://forum.netgate.com/topic/183151/telegraf-stopped-working-after-update-to-2-7/3</a></p>
<p>i believe the required file is attached but if any further information is required please let me know.</p>
<p>cheers</p> pfSense Packages - Bug #14805 (Incomplete): when I changed Endpoint ip via webgui, but wiregaurd ...https://redmine.pfsense.org/issues/148052023-09-23T06:33:08Zyon Liuinfo@ipv6china.com
<p>when I changed Endpoint ip via webgui, but the wiregaurd still using old Endpoint ip ruuning.</p> pfSense - Bug #14651 (Incomplete): pfSense 2.7.0 Release has PPPoE bug. Unable to even make conne...https://redmine.pfsense.org/issues/146512023-08-05T09:22:36ZCin Lung Chen
<p>Sorry if this is wrong, I am frustrated and would love to be pointed to the right direction. I made a post in the forum with no one that can help as follow: <a class="external" href="https://forum.netgate.com/topic/181990/pppoe-connection-over-vlan-does-not-work-after-upgrade-to-2-7-0-tonight-please-help/3">https://forum.netgate.com/topic/181990/pppoe-connection-over-vlan-does-not-work-after-upgrade-to-2-7-0-tonight-please-help/3</a></p>
<p>TLDR:<br />PPPoE canoot start, not event trying to negotiate with the server. I am not sure what to do since version 2.6.0 works. I did clean reinstall with the image taken from the web for serial connection version and it was still failed the similar log as follow:</p>
<p>Aug 4 21:50:38 ppp 36066 [wan_link0] LCP: Down event --> After this, everyhing will be repeated for eternity from PPPoE: Connecting to XXXX to LCP: Down event.<br />Aug 4 21:50:38 ppp 36066 [wan_link0] Link: DOWN event<br />Aug 4 21:50:38 ppp 36066 [wan_link0] PPPoE connection timeout after 9 seconds<br />Aug 4 21:50:29 ppp 36066 [wan_link0] PPPoE: Connecting to 'XXXXX'<br />Aug 4 21:50:29 ppp 36066 [wan_link0] LCP: LayerStart<br />Aug 4 21:50:29 ppp 36066 [wan_link0] LCP: state change Initial --> Starting<br />Aug 4 21:50:29 ppp 36066 [wan_link0] LCP: Open event<br />Aug 4 21:50:29 ppp 36066 [wan_link0] Link: OPEN event<br />Aug 4 21:50:29 ppp 36066 [wan] Bundle: Interface ng0 created</p> pfSense Packages - Bug #14284 (Incomplete): Wen changing frontend type, there will be invissible ...https://redmine.pfsense.org/issues/142842023-04-17T14:04:16ZLouis B
<p>During my trails to setup HA-proxy, I irregularly met a situation where I did not know which frontend type to use.<br />So I switch between types. And then there is a problem</p>
<p>Wen changing front-end type, there will be invisible leftovers, disturbing defining the new type.</p>
<p>So after defining the new chosen type the correct way, there were never the less errors due to now invisible settings from a version tried before.<br />The only way to fix that, is to delete the front-end and define it from the start.</p>
<p>This is not dramatic, but not ok as well :)</p> pfSense Packages - Feature #14196 (Incomplete): permitted firewall rules - additional texthttps://redmine.pfsense.org/issues/141962023-03-28T13:50:09ZJon Brown
<p>Firewall --> pfBlockerNG --> DNSBL --> DNSBL Configuration --> Permit Firewall Rules</p>
<p>Can you add some additional information here for the end user to explain lan segment and some possible scenarios when you would use this option.</p>
<p><a class="external" href="https://networkencyclopedia.com/lan-segment/">https://networkencyclopedia.com/lan-segment/</a> - Lan Segment is a physical portion of a local area network (LAN) that is separated from other portions by bridges or routers.</p>
<p><a class="external" href="https://www.reddit.com/r/pfBlockerNG/comments/p9te6f/should_permit_firewall_rules_be_enabled_i_was/">https://www.reddit.com/r/pfBlockerNG/comments/p9te6f/should_permit_firewall_rules_be_enabled_i_was/</a> - This thread mentions that you do not need this option unless you have VLANs</p>
<p><img src="https://redmine.pfsense.org/attachments/download/4864/permitted-firewall-rules.png" alt="" /></p> pfSense Packages - Bug #13571 (Incomplete): Tailscale disconnection problemhttps://redmine.pfsense.org/issues/135712022-10-18T03:10:04Zfang xn
<p>pppoe dial-up network, Tailscale will fail to connect after redialing after disconnection, and needs to change the port to reconnect.</p> pfSense Plus - Bug #13497 (Incomplete): unbound process looks like stuck periodicallyhttps://redmine.pfsense.org/issues/134972022-09-16T01:16:46ZYaroslav Semenenko
<p>Hello,</p>
<p>I have Netgate 2100.<br />Unbound service is needed to restart sometimes due to it could not resolve public domain name.</p>
<p>Thanks,<br />Yaroslav</p> pfSense Packages - Bug #13444 (Incomplete): zabbix_proxy : cannot open "/var/log/zabbix-proxy/zab...https://redmine.pfsense.org/issues/134442022-08-25T08:05:31ZSteve Scotter
<p>Hi</p>
<p>I frequently come across this issue when trying to investigate why a Zabbix agent isn't communicating successfully with our Zabbix server.</p>
<p>When I navigate to <a class="external" href="https://pfsense-ip-address/status_logs_packages.php?pkg=Zabbix%20Proxy%205.0">https://pfsense-ip-address/status_logs_packages.php?pkg=Zabbix%20Proxy%205.0</a> I'm presented with the following (truncated) logs</p>
<pre>
Jul 15 03:09:00 queeg500 newsyslog[90148]: logfile turned over due to size>500K
zabbix_proxy [78631]: cannot open "/var/log/zabbix-proxy/zabbix_proxy.log": [13] Permission denied
zabbix_proxy [82116]: cannot open "/var/log/zabbix-proxy/zabbix_proxy.log": [13] Permission denied
*** Above lines repeated 50+ times ***
Jul 15 03:09:00 queeg500 newsyslog[90148]: logfile turned over due to size>500K
...
...
</pre>
<p>Logging appears to have stopped ~40 days ago.</p>
<p>Restarting the Zabbix proxy service (via <a class="external" href="https://pfsense-ip-address/status_services.php#">https://pfsense-ip-address/status_services.php#</a>) gets logging working again, however its a pain because I generally speaking I wanted to see the logs for the past to investigate the problem I'm dealing with at that specific time.</p>
<p>I suspect the issue is related to log rotation and file permissions based on the Permission denied error and that newsyslog is mentioned before and after the logging stops working.</p>
<p>Today, before I restart the service I checked who owned the log file...</p>
<pre>
[2.6.0-RELEASE][root@pfsense-ip-address]/root: ls -l /var/log/zabbix-proxy/
total 106
-rw------- 1 root wheel 80 Jul 15 03:09 zabbix_proxy.log
-rw------- 1 root wheel 29744 Jul 15 03:09 zabbix_proxy.log.0.bz2
-rw------- 1 root wheel 33193 Jun 6 13:47 zabbix_proxy.log.1.bz2
-rw------- 1 root wheel 34871 May 4 09:48 zabbix_proxy.log.2.bz2
</pre>
<p>After I restarted the service I checked again...<br /><pre>
[2.6.0-RELEASE][root@fsense-ip-address]/root: ls -l /var/log/zabbix-proxy/
total 110
-rw------- 1 zabbix zabbix 3218 Aug 25 13:42 zabbix_proxy.log
-rw------- 1 zabbix zabbix 29744 Jul 15 03:09 zabbix_proxy.log.0.bz2
-rw------- 1 zabbix zabbix 33193 Jun 6 13:47 zabbix_proxy.log.1.bz2
-rw------- 1 zabbix zabbix 34871 May 4 09:48 zabbix_proxy.log.2.bz2
</pre></p>
<p>Investigating further I found the contents of `/var/etc/newsyslog.conf.d/zabbix_proxy.log.conf` does indeed set the owner to root</p>
<pre>
# Automatically generated for package Zabbix Proxy 5.0. Do not edit.
/var/log/zabbix-proxy/zabbix_proxy.log root:wheel 600 7 500 * JC
</pre>
<p>I'll try and remember to check tomorrow but I suspect the files will be owned by root again after the (presumably) daily log rotation occurs.</p>
I haven't made any customizations to the pfsense box. The only other plugins installed are
<ul>
<li>open-vm-tools v10.1.0_5,1</li>
<li>openvpn-client-export v1.6_4</li>
<li>zabbix-agent5 v1.0.4_12</li>
<li>zabbix-proxy5 v1.0.4_12</li>
</ul>
<p>I compared `/var/etc/newsyslog.conf.d/zabbix_ <strong>agentd</strong> .log.conf` with `/var/etc/newsyslog.conf.d/zabbix_ <strong>proxy</strong> .log.conf`, both set the owners to root</p>
<p>I then checked the ownership of the agent's log files, to my surprize they're owned by Zabbix. I have <strong>not</strong> restarted the Zabbix <strong>agent</strong> service today</p>
<pre>
ls -l /var/log/zabbix-agent/
total 5
-rw-rw-r-- 1 zabbix zabbix 11450 Aug 15 11:49 zabbix_agentd.log</pre> pfSense Packages - Bug #13432 (Incomplete): ups driver will not starthttps://redmine.pfsense.org/issues/134322022-08-19T14:43:00ZScott Lampertscott@lampert.org
<p>I cannot get a USB-connected UPS to be recognized unless the nut usb driver is started with the "-u root" option.</p>
<p>Without the option:<br /><pre><code class="shell syntaxhl"><span class="nv">$ </span>/usr/local/sbin/upsdrvctl start
Network UPS Tools - UPS driver controller 2.7.4
Network UPS Tools - Generic HID driver 0.41 <span class="o">(</span>2.7.4<span class="o">)</span>
USB communication driver 0.33
No matching HID UPS found
Driver failed to start <span class="o">(</span><span class="nb">exit </span><span class="nv">status</span><span class="o">=</span>1<span class="o">)</span>
</code></pre><br />With the option:<br /><pre><code class="shell syntaxhl"><span class="nv">$ </span>/usr/local/sbin/upsdrvctl <span class="nt">-u</span> root start
Network UPS Tools - UPS driver controller 2.7.4
Network UPS Tools - Generic HID driver 0.41 <span class="o">(</span>2.7.4<span class="o">)</span>
USB communication driver 0.33
Using subdriver: CyberPower HID 0.4
</code></pre></p>
<p>The service script for nut at /usr/local/etc/rc.d/nut.sh does not include the "-u root" option and so it fails to detect any usb connected ups and simple outputs:<br /><pre>
Broadcast Message from root@pfsense
(no tty) at 15:12 EDT...
UPS UPS_NAME_HERE is unavailable
</pre><br />over and over.</p> pfSense - Bug #12878 (Incomplete): Traffic shaping by interface, route queue bandwidth inbound, o...https://redmine.pfsense.org/issues/128782022-02-28T03:10:25ZBlake Drayson
<p>Since upgrading to pfSense Plus 22.01 from the latest community edition, my by interface priority queue bandwidth has an odd bug. Link is 200 Mbit/s and is set to 190 to give appropriate overhead. However when the queue is active it limits the connection to around 100 Mbit/s disable the queue it works fine. Work around so far has been to add 100 Mbit/s to the bandwidth value of the root queue (so it is now set to 290). The downlink queue is working without issue and as expected. For additional info the link that is being shapped is a L2TP link over the top of the WAN link.</p> pfSense - Bug #12740 (Incomplete): panic: esp_input_cb: Unexpected address familyhttps://redmine.pfsense.org/issues/127402022-01-27T12:38:51ZJuraj Lutter
<p>On pfSense 21.05.02 I've started to get a panic with panic string:</p>
<pre>
esp_input_cb: Unexpected address family: xxx
</pre>
<p>Where xxx varies (248, 255, 127, 0, ...)</p>
<p>Hardware is Netgate 7100.</p>
<p>If crashdump is needed, it's available upon request.</p> pfSense - Bug #12734 (Incomplete): Long hostname breaks DHCP leases layouthttps://redmine.pfsense.org/issues/127342022-01-26T13:11:38ZJuri Oo
<p>It appears, that long hostnames will kind of break the dhcp leases status page. <br />With Nmap package and MAC vendors, the right part is cut off almost completely and horizontal scrollbar is added at the bottom. <br />Is this normal? I can see long MAC vendors are being cut to 3 rows. Shouldn't the hostname line also be cut at some point (in such rare cases)?</p>
<p>Tested with 2.5.2-RELEASE (amd64). Hostname is 40 characters long.</p> pfSense Packages - Bug #11530 (Incomplete): ntopng 4.2 needs to be updated to 4.3, Bug when acces...https://redmine.pfsense.org/issues/115302021-02-24T22:17:00ZMax D
<p>On pfsense 2.5, installing ntopng from package manager ntop 0.8.13_9 which is 4.2 version of ntopng, after logging into ntopng, results in a corrupt web page when clicking on a host for details, this has been fixed in 4.3 by ntopng team.</p>
<p>I installed 4.3 manually from ntopng pfsense doc, and confirmed this resolves the issue.</p>