pfSense bugtracker: Issueshttps://redmine.pfsense.org/https://redmine.pfsense.org/favicon.ico?16780521162024-02-20T21:51:14ZpfSense bugtracker
Redmine pfSense Packages - Bug #15274 (Incomplete): HAProxy Configuration Changes Require pfSense Reboot ...https://redmine.pfsense.org/issues/152742024-02-20T21:51:14ZZachary Cohen
<p>As originally reported here (<a class="external" href="https://forum.netgate.com/topic/172972/haproxy-config-changes-not-loaded-pfsense-restart-needed">https://forum.netgate.com/topic/172972/haproxy-config-changes-not-loaded-pfsense-restart-needed</a>), changes made to the HAProxy configuration require a reboot to take effect.</p>
<p>I'm consistently able to reproduce this issue when adding new backends.</p>
<p>When browsing to the new backend, I receive a 503 - "no server is available to handle this request". After rebooting, it works as expected.</p>
<p>Other users have been able to validate that this issue was present starting with pfSense 2.6.0 and HAProxy version haproxy-devel 0.62.10.</p>
<p>While I was able to replicate that issue starting on that version, I'm currently replicating it in pfSense 2.7.2-RELEASE (amd64) and haproxy-devel 0.63_2.</p> pfSense Packages - Bug #15131 (Incomplete): OpenVPN client export issues with iPhone and IPV6 con...https://redmine.pfsense.org/issues/151312024-01-02T18:38:40ZJonathan Lee
<p>I have researched and found an issue within the OpenVPN's client export config file for iPhones (OpenVPN Connect (iOS/Android))</p>
<p>it exports with udp4 listed and this does not work with iPhones because of ipv6 in the config (.ovpn) file and must be changed to udp for iOS iPhones to work with OpenVPN and pfSense.</p>
<p>That is the only adaption needed to fix this issue.</p> pfSense - Bug #14651 (Incomplete): pfSense 2.7.0 Release has PPPoE bug. Unable to even make conne...https://redmine.pfsense.org/issues/146512023-08-05T09:22:36ZCin Lung Chen
<p>Sorry if this is wrong, I am frustrated and would love to be pointed to the right direction. I made a post in the forum with no one that can help as follow: <a class="external" href="https://forum.netgate.com/topic/181990/pppoe-connection-over-vlan-does-not-work-after-upgrade-to-2-7-0-tonight-please-help/3">https://forum.netgate.com/topic/181990/pppoe-connection-over-vlan-does-not-work-after-upgrade-to-2-7-0-tonight-please-help/3</a></p>
<p>TLDR:<br />PPPoE canoot start, not event trying to negotiate with the server. I am not sure what to do since version 2.6.0 works. I did clean reinstall with the image taken from the web for serial connection version and it was still failed the similar log as follow:</p>
<p>Aug 4 21:50:38 ppp 36066 [wan_link0] LCP: Down event --> After this, everyhing will be repeated for eternity from PPPoE: Connecting to XXXX to LCP: Down event.<br />Aug 4 21:50:38 ppp 36066 [wan_link0] Link: DOWN event<br />Aug 4 21:50:38 ppp 36066 [wan_link0] PPPoE connection timeout after 9 seconds<br />Aug 4 21:50:29 ppp 36066 [wan_link0] PPPoE: Connecting to 'XXXXX'<br />Aug 4 21:50:29 ppp 36066 [wan_link0] LCP: LayerStart<br />Aug 4 21:50:29 ppp 36066 [wan_link0] LCP: state change Initial --> Starting<br />Aug 4 21:50:29 ppp 36066 [wan_link0] LCP: Open event<br />Aug 4 21:50:29 ppp 36066 [wan_link0] Link: OPEN event<br />Aug 4 21:50:29 ppp 36066 [wan] Bundle: Interface ng0 created</p> pfSense Packages - Bug #14504 (Incomplete): FTP_Client_Proxy package doesn't create firewall rulehttps://redmine.pfsense.org/issues/145042023-06-23T08:23:53ZStefano Ceccherini
<p>I've installed FTP_Client_Proxy 0.3_8 on pfSense plus 23.05. I enabled the FTP client proxy services, but it doesn't create a firewall rule.</p>
<p>I had tested on pfSense plus 23.01 and it didn't work there, either.</p>
<p>When connecting from client, I got this in the firewall log:</p>
<p>#1 client command too long or not clean<br /><a class="issue tracker-1 status-3 priority-4 priority-default closed parent" title="Bug: Gateway not added when switching from DHCP to static (Resolved)" href="https://redmine.pfsense.org/issues/2">#2</a> client command too long or not clean</p> pfSense Packages - Bug #14284 (Incomplete): Wen changing frontend type, there will be invissible ...https://redmine.pfsense.org/issues/142842023-04-17T14:04:16ZLouis B
<p>During my trails to setup HA-proxy, I irregularly met a situation where I did not know which frontend type to use.<br />So I switch between types. And then there is a problem</p>
<p>Wen changing front-end type, there will be invisible leftovers, disturbing defining the new type.</p>
<p>So after defining the new chosen type the correct way, there were never the less errors due to now invisible settings from a version tried before.<br />The only way to fix that, is to delete the front-end and define it from the start.</p>
<p>This is not dramatic, but not ok as well :)</p> pfSense Packages - Bug #13886 (Incomplete): NUT Server Packagehttps://redmine.pfsense.org/issues/138862023-01-19T06:02:26ZAnonymous
<p>NUT server package (2.8.0_2) wont load in 23.01 Beta</p> pfSense Packages - Bug #13571 (Incomplete): Tailscale disconnection problemhttps://redmine.pfsense.org/issues/135712022-10-18T03:10:04Zfang xn
<p>pppoe dial-up network, Tailscale will fail to connect after redialing after disconnection, and needs to change the port to reconnect.</p> pfSense Packages - Bug #13444 (Incomplete): zabbix_proxy : cannot open "/var/log/zabbix-proxy/zab...https://redmine.pfsense.org/issues/134442022-08-25T08:05:31ZSteve Scotter
<p>Hi</p>
<p>I frequently come across this issue when trying to investigate why a Zabbix agent isn't communicating successfully with our Zabbix server.</p>
<p>When I navigate to <a class="external" href="https://pfsense-ip-address/status_logs_packages.php?pkg=Zabbix%20Proxy%205.0">https://pfsense-ip-address/status_logs_packages.php?pkg=Zabbix%20Proxy%205.0</a> I'm presented with the following (truncated) logs</p>
<pre>
Jul 15 03:09:00 queeg500 newsyslog[90148]: logfile turned over due to size>500K
zabbix_proxy [78631]: cannot open "/var/log/zabbix-proxy/zabbix_proxy.log": [13] Permission denied
zabbix_proxy [82116]: cannot open "/var/log/zabbix-proxy/zabbix_proxy.log": [13] Permission denied
*** Above lines repeated 50+ times ***
Jul 15 03:09:00 queeg500 newsyslog[90148]: logfile turned over due to size>500K
...
...
</pre>
<p>Logging appears to have stopped ~40 days ago.</p>
<p>Restarting the Zabbix proxy service (via <a class="external" href="https://pfsense-ip-address/status_services.php#">https://pfsense-ip-address/status_services.php#</a>) gets logging working again, however its a pain because I generally speaking I wanted to see the logs for the past to investigate the problem I'm dealing with at that specific time.</p>
<p>I suspect the issue is related to log rotation and file permissions based on the Permission denied error and that newsyslog is mentioned before and after the logging stops working.</p>
<p>Today, before I restart the service I checked who owned the log file...</p>
<pre>
[2.6.0-RELEASE][root@pfsense-ip-address]/root: ls -l /var/log/zabbix-proxy/
total 106
-rw------- 1 root wheel 80 Jul 15 03:09 zabbix_proxy.log
-rw------- 1 root wheel 29744 Jul 15 03:09 zabbix_proxy.log.0.bz2
-rw------- 1 root wheel 33193 Jun 6 13:47 zabbix_proxy.log.1.bz2
-rw------- 1 root wheel 34871 May 4 09:48 zabbix_proxy.log.2.bz2
</pre>
<p>After I restarted the service I checked again...<br /><pre>
[2.6.0-RELEASE][root@fsense-ip-address]/root: ls -l /var/log/zabbix-proxy/
total 110
-rw------- 1 zabbix zabbix 3218 Aug 25 13:42 zabbix_proxy.log
-rw------- 1 zabbix zabbix 29744 Jul 15 03:09 zabbix_proxy.log.0.bz2
-rw------- 1 zabbix zabbix 33193 Jun 6 13:47 zabbix_proxy.log.1.bz2
-rw------- 1 zabbix zabbix 34871 May 4 09:48 zabbix_proxy.log.2.bz2
</pre></p>
<p>Investigating further I found the contents of `/var/etc/newsyslog.conf.d/zabbix_proxy.log.conf` does indeed set the owner to root</p>
<pre>
# Automatically generated for package Zabbix Proxy 5.0. Do not edit.
/var/log/zabbix-proxy/zabbix_proxy.log root:wheel 600 7 500 * JC
</pre>
<p>I'll try and remember to check tomorrow but I suspect the files will be owned by root again after the (presumably) daily log rotation occurs.</p>
I haven't made any customizations to the pfsense box. The only other plugins installed are
<ul>
<li>open-vm-tools v10.1.0_5,1</li>
<li>openvpn-client-export v1.6_4</li>
<li>zabbix-agent5 v1.0.4_12</li>
<li>zabbix-proxy5 v1.0.4_12</li>
</ul>
<p>I compared `/var/etc/newsyslog.conf.d/zabbix_ <strong>agentd</strong> .log.conf` with `/var/etc/newsyslog.conf.d/zabbix_ <strong>proxy</strong> .log.conf`, both set the owners to root</p>
<p>I then checked the ownership of the agent's log files, to my surprize they're owned by Zabbix. I have <strong>not</strong> restarted the Zabbix <strong>agent</strong> service today</p>
<pre>
ls -l /var/log/zabbix-agent/
total 5
-rw-rw-r-- 1 zabbix zabbix 11450 Aug 15 11:49 zabbix_agentd.log</pre> pfSense - Bug #13215 (Incomplete): Allowed MAC/IP/Hostname traffic counts for authorized usershttps://redmine.pfsense.org/issues/132152022-05-25T03:03:52ZViktor Gurov
<p>This is due to rewriting pf tags.<br />CP rules must check <code>tagged</code> value on all steps.</p> pfSense - Bug #12927 (Incomplete): OpenVPN with OCSP enabled allows connections with revoked cert...https://redmine.pfsense.org/issues/129272022-03-10T04:20:17ZDanilo Zrenjanin
<p>OpenVPN doesn't honor certificate validity status against the site listed in the OCSP URL field.</p>
<p>See:<br /><a class="external" href="https://redmine.pfsense.org/issues/11830">https://redmine.pfsense.org/issues/11830</a></p>
<pre>
Konstantin Panchenko wrote in #note-11:
This is still an issue in 2.5.2, validation code still checking only for the last line returned from "openssl", documentation for exec command states that output parameter must be used to get the full output and that would be array. Last line analysed in current code would look only "Next Update: May 11 11:29:54 2021 GMT", see above.
https://www.php.net/manual/en/function.exec.php
I see the issue was closed by adding "-resp_text" option, however without analysing the whole outpup of the EXEC / Openssl function this won't work. I've attached my edit for review.
</pre> pfSense - Bug #12878 (Incomplete): Traffic shaping by interface, route queue bandwidth inbound, o...https://redmine.pfsense.org/issues/128782022-02-28T03:10:25ZBlake Drayson
<p>Since upgrading to pfSense Plus 22.01 from the latest community edition, my by interface priority queue bandwidth has an odd bug. Link is 200 Mbit/s and is set to 190 to give appropriate overhead. However when the queue is active it limits the connection to around 100 Mbit/s disable the queue it works fine. Work around so far has been to add 100 Mbit/s to the bandwidth value of the root queue (so it is now set to 290). The downlink queue is working without issue and as expected. For additional info the link that is being shapped is a L2TP link over the top of the WAN link.</p> pfSense - Bug #12740 (Incomplete): panic: esp_input_cb: Unexpected address familyhttps://redmine.pfsense.org/issues/127402022-01-27T12:38:51ZJuraj Lutter
<p>On pfSense 21.05.02 I've started to get a panic with panic string:</p>
<pre>
esp_input_cb: Unexpected address family: xxx
</pre>
<p>Where xxx varies (248, 255, 127, 0, ...)</p>
<p>Hardware is Netgate 7100.</p>
<p>If crashdump is needed, it's available upon request.</p> pfSense Packages - Bug #11936 (Incomplete): FRR does not connect BGP when using passwordhttps://redmine.pfsense.org/issues/119362021-05-19T08:09:21ZClint Guillot
<p>Unsecured BGP sessions work fine, however password protected BGP sessions which previously worked fine no longer work in FRR.</p>
<p>Neighbor remains in "Active" state, never reaches "Established."</p> pfSense - Bug #8882 (Incomplete): Interface assignments lost on reboothttps://redmine.pfsense.org/issues/88822018-09-10T20:31:24ZJaime Geiger
<p>I'm running pfsense in AWS and I'm trying to route out of xn1 (second interface) instead of xn0 (using it as a sync interface). <br />LAN is xn0, WAN is xn1 in the interface assignment page. <br />Both interface assignments (LAN and WAN) get set to xn0 after a reboot, which causes everything to break.</p>
<p>This should not happen. If I set xn0 to WAN and xn1 to LAN then it does not lose the configuration on reboot. <br />Is WAN required to be the first interface (xn0)?</p>
<p>Let me know if you need other details.</p> pfSense - Bug #7286 (Incomplete): OpenVPN client is unreliable when you have multiple tunnelshttps://redmine.pfsense.org/issues/72862017-02-20T17:58:20ZViktor Petersson
<p>I've installed a new pfSense router to route my (Gigabit) WAN connection. My goal was to have it setup such that it both bridges two networks (site-to-site w/ two pfSense boxes) as well as route all outbound traffic over a VPN to anonymize the traffic. To accomplish this, I use two independent VPN providers to avoid SPoF in a gateway group</p>
<p>I was able to establish the connections just fine and was able to establish the VPN connections to all three VPN end-points and have traffic flowing through trough the two public VPN providers.</p>
<p>For a few days, things work fine, but later the connections randomly to dies. The WAN works fine and there's nothing wrong with the VPN end-points.</p>
<p>My expectation is that pfSense would automatically respawn the connections, which it appears to be doing to some degree. At some point, however, it appears to stop retrying and you end up like as the attached screenshot shows.</p>
<p>The strange thing is that even if the system indicates that the link is down, I can still see the ovpncX interface being up and running.</p>
<p>However, since all outbound traffic from the LAN is routed over the <abbr title="s">VPN</abbr>, the connection for the clients goes down.</p>
<p>My theory is that it is some internal health checker inside pfSense that is failing, which makes the system think the VPN links are down.</p>
<p>What's also worth noting is that even if I have two VPN links in the gateway group, if one VPN connection goes down, so does the full internet connectivity for the entire LAN (unless the VPN link is manually disabled).</p>
<p>I'm happy to provide logs, but I haven't spotted anything of significant interest.</p>