pfSense bugtracker: Issueshttps://redmine.pfsense.org/https://redmine.pfsense.org/favicon.ico?16780521162024-01-13T23:54:32ZpfSense bugtracker
Redmine pfSense - Bug #15162 (Confirmed): Wrong string in “MAC address”https://redmine.pfsense.org/issues/151622024-01-13T23:54:32ZSergei Shablovsky
<p>Hi, brilliant pfSense stuff!</p>
<p>Wrong string in “ <strong>MAC address</strong> ” txt entry field in “ <strong>Services / Wake-on-LAN / Edit</strong> ” when press on “ <strong>+* ” in “ *Actions</strong> ” column in “ <strong>Diagnostics / ARP Table</strong> ” page in WebGUI.</p> pfSense - Bug #15067 (Feedback): Secondary node attempts to delete the ``admins`` group when sync...https://redmine.pfsense.org/issues/150672023-12-05T20:40:48ZCraig Coonrad
<p>Version: 23.09-RELEASE</p>
<p>Error message:</p>
<pre>
Dec 5 20:37:30 fw102.local php-fpm[77756]: /xmlrpc.php: The command '/usr/sbin/pw groupdel -g 'admins'' returned exit code '64', the output was 'pw: Bad id 'admins': invalid'
</pre> pfSense - Bug #14936 (Feedback): radvd service shows as stopped in services list when it should b...https://redmine.pfsense.org/issues/149362023-11-01T15:03:21ZJim Pingle
<p>The <code>is_radvd_enabled()</code> function in <code>pfsense-utils.inc</code> appears to incorrectly interpret the state of the radvd service in some cases.</p>
<p>For example I have a system with WAN DHCP6, LAN Track6 to WAN, but on LAN I have DHCPv6 disabled and RA disabled. When configured in this way, the radvd service is shown in the services list, but is listed as stopped. The <code>radvd.conf</code> file only contains the header, which is expected since there are no interfaces with RA enabled.</p> pfSense - Bug #14587 (New): Firewall Log Sort By Timehttps://redmine.pfsense.org/issues/145872023-07-18T15:14:08ZBrian Shell
<p>When viewing the System Logs > Firewall, and trying to sort by Time with newest first, it appears the sort is working alphabetically instead of chronologically. For example, this is the order I see when attempting to sort. Don't be concerned about the gaps of time between as this is simply due to to events being logged during those times and that is expected based on the logging I have enabled. Jun 30, Jun 28, Jun 27, Jun 26, Jun 25, Jun 24, Jun 23, Jun 22, Jun 21, Jul 6, Jul 4, Jul 18, Jul 13, Jul 10. Hopefully this will be something reproducible so a developer can see it because it is hard to explain in words. Attaching part of a screenshot so you can see the sorting. You won't see the issue from my screenshot I would have to scroll down and send many pages of screens.</p> pfSense - Bug #13900 (Confirmed): Reply-to and route-to do not work on WAN2 when WAN interface is...https://redmine.pfsense.org/issues/139002023-01-24T19:42:54ZRenato Martinsrenato.martinsd@gmail.com
<p>Scenario and how to reproduce:</p>
<p><strong>Interfaces</strong><br /> WAN - 192.168.100.2/30 - GW 192.168.100.1<br /> LAN - 192.168.5.254/24<br /> WAN2 - 192.168.100.6/30 - GW 192.168.100.5<br /> VPN1 client - Use interface WAN as out interface<br /> VPN2 client - Use interface WAN2 as out interface</p>
<p><strong>Default GW:</strong> 192.168.100.1 (WAN interface). No gateway group configured.</p>
<p><strong>How to reproduce:</strong> WAN has no link detected (cable fault example).</p>
<p><strong>Problems detected:</strong> <br />- VPN client 2 using WAN2 as out interface down (but only WAN is unvaliable)<br />- Access from WAN2 unvaliable with https or ssh port (filter rule created correctly).</p> pfSense - Bug #13565 (New): LOR on Boot for Static Routes Startup Item in KVM environmenthttps://redmine.pfsense.org/issues/135652022-10-15T18:44:53ZKris Phillips
<p>When booting the following message is present in the boot list:</p>
<p>Setting up static routes...Invoking IPv6 network device address event may sleep with the following non-sleepable locks held:<br />exclusive sleep mutex vtnet0-rx0 (vtnet0-rx0) r = 0 (0xfffff80005927480) locked <code> /var/jenkins/workspace/pfSense-CE-snapshots-master-main/sources/FreeBSD-src-devel-main/sys/dev/virtio/network/if_vtnet.c:2195<br />stack backtrace:<br />#0 0xffffffff80debac5 at witness_debugger+0x65<br />#1 0xffffffff80decc2a at witness_warn+0x3fa<br />#2 0xffffffff80fe02da at in6_update_ifa+0xbda<br />#3 0xffffffff8100fb85 at in6_ifadd+0x1d5<br />#4 0xffffffff8100c38c at nd6_ra_input+0xfbc<br />#5 0xffffffff80fdac0e at icmp6_input+0x77e<br />#6 0xffffffff80ff4ab3 at ip6_input+0xbc3<br />#7 0xffffffff80ee90a0 at netisr_dispatch_src+0x220<br />#8 0xffffffff80ec39ec at ether_demux+0x17c<br />#9 0xffffffff80ec5066 at ether_nh_input+0x3f6<br />#10 0xffffffff80ee8f2f at netisr_dispatch_src+0xaf<br />#11 0xffffffff80ec3ea9 at ether_input+0x99<br />#12 0xffffffff80b863e1 at vtnet_rxq_eof+0x791<br />#13 0xffffffff80b85ba7 at vtnet_rx_vq_process+0x97<br />#14 0xffffffff80d34b39 at ithread_loop+0x279<br />#15 0xffffffff80d30fd0 at fork_exit+0x80<br />#16 0xffffffff8130e3de at fork_trampoline+0xe<br />lock order reversal: (sleepable after non-sleepable)<br /> 1st 0xfffff80005927480 vtnet0-rx0 (vtnet0-rx0, sleep mutex) </code> /var/jenkins/workspace/pfSense-CE-snapshots-master-main/sources/FreeBSD-src-devel-main/sys/dev/virtio/network/if_vtnet.c:2195<br /> 2nd 0xffffffff8366fbd0 in6_multi_sx (in6_multi_sx, sx) @ /var/jenkins/workspace/pfSense-CE-snapshots-master-main/sources/FreeBSD-src-devel-main/sys/netinet6/in6_mcast.c:1193<br />lock order vtnet0-rx0 -> in6_multi_sx attempted at:<br />#0 0xffffffff80deb68d at witness_checkorder+0xbfd<br />#1 0xffffffff80d84783 at _sx_xlock+0x63<br /><a class="issue tracker-1 status-3 priority-4 priority-default closed parent" title="Bug: Gateway not added when switching from DHCP to static (Resolved)" href="https://redmine.pfsense.org/issues/2">#2</a> 0xffffffff80fe8a31 at in6_joingroup+0x31<br /><a class="issue tracker-1 status-3 priority-4 priority-default closed" title="Bug: VPN negation rules not added in 2.0 (Resolved)" href="https://redmine.pfsense.org/issues/3">#3</a> 0xffffffff80fe0682 at in6_update_ifa+0xf82<br /><a class="issue tracker-4 status-3 priority-4 priority-default closed" title="Todo: Remove hard coded VLAN supported interfaces list (Resolved)" href="https://redmine.pfsense.org/issues/4">#4</a> 0xffffffff8100fb85 at in6_ifadd+0x1d5<br /><a class="issue tracker-4 status-3 priority-4 priority-default closed" title="Todo: Don't sync on every filter reload (Resolved)" href="https://redmine.pfsense.org/issues/5">#5</a> 0xffffffff8100c38c at nd6_ra_input+0xfbc<br /><a class="issue tracker-1 status-3 priority-4 priority-default closed" title="Bug: Status -> Wireless display bugs (Resolved)" href="https://redmine.pfsense.org/issues/6">#6</a> 0xffffffff80fdac0e at icmp6_input+0x77e<br /><a class="issue tracker-4 status-5 priority-4 priority-default closed" title="Todo: [ Fit123 ] Captive Portal (Closed)" href="https://redmine.pfsense.org/issues/7">#7</a> 0xffffffff80ff4ab3 at ip6_input+0xbc3<br /><a class="issue tracker-2 status-3 priority-5 priority-high4 closed" title="Feature: Clear states after failover (Resolved)" href="https://redmine.pfsense.org/issues/8">#8</a> 0xffffffff80ee90a0 at netisr_dispatch_src+0x220<br /><a class="issue tracker-1 status-3 priority-4 priority-default closed" title="Bug: route-to forwards broadcast and multicast frames in some scenarios (Resolved)" href="https://redmine.pfsense.org/issues/9">#9</a> 0xffffffff80ec39ec at ether_demux+0x17c<br /><a class="issue tracker-1 status-3 priority-4 priority-default closed" title="Bug: Enable SSH console menu doesn't work on embedded (Resolved)" href="https://redmine.pfsense.org/issues/10">#10</a> 0xffffffff80ec5066 at ether_nh_input+0x3f6<br /><a class="issue tracker-2 status-3 priority-4 priority-default closed" title="Feature: Allow multiple syslog servers (Resolved)" href="https://redmine.pfsense.org/issues/11">#11</a> 0xffffffff80ee8f2f at netisr_dispatch_src+0xaf<br /><a class="issue tracker-1 status-3 priority-4 priority-default closed" title="Bug: Editing DNS forwarder overrides does not trigger sync to secondary (Resolved)" href="https://redmine.pfsense.org/issues/12">#12</a> 0xffffffff80ec3ea9 at ether_input+0x99<br /><a class="issue tracker-2 status-3 priority-4 priority-default closed" title="Feature: wireless page to have option to select transmit and receive antennas (Resolved)" href="https://redmine.pfsense.org/issues/13">#13</a> 0xffffffff80b863e1 at vtnet_rxq_eof+0x791<br /><a class="issue tracker-1 status-3 priority-4 priority-default closed" title="Bug: reply-to should not be added when bridging (Resolved)" href="https://redmine.pfsense.org/issues/14">#14</a> 0xffffffff80b85ba7 at vtnet_rx_vq_process+0x97<br /><a class="issue tracker-1 status-3 priority-4 priority-default closed" title="Bug: Package reinstall on configuration restore doesn't work (Resolved)" href="https://redmine.pfsense.org/issues/15">#15</a> 0xffffffff80d34b39 at ithread_loop+0x279<br /><a class="issue tracker-1 status-3 priority-4 priority-default closed" title="Bug: Deleting multiple OPT interfaces results in an invalid configuration (Resolved)" href="https://redmine.pfsense.org/issues/16">#16</a> 0xffffffff80d30fd0 at fork_exit+0x80<br /><a class="issue tracker-2 status-5 priority-10 priority-lowest closed" title="Feature: LED support on ALIX, WRAP, etc. (Closed)" href="https://redmine.pfsense.org/issues/17">#17</a> 0xffffffff8130e3de at fork_trampoline+0xe<br />done.</p> pfSense - Bug #13144 (New): Firewall rule entries can get out of sync when entries are deleted wh...https://redmine.pfsense.org/issues/131442022-05-10T01:27:57ZSilvan Ehemann
<p>tested versions:<br />2.4.5<br />2.6.0</p>
<p>Prereqs<br />Admin A logs in to Firewall<br />Admin B logs in to same Firewall</p>
<p>Intention<br />Admin A would like to create a firewall rule<br />Admin B would like to create a separator</p>
<p>Issue<br />If the two admins execute the changes at the same time, under certain conditions existing firewall rules will be deleted!</p>
<p>Steps to reproduce<br />- Admin A creates one additional firewall rule. (Admin A does NOT yet click on apply.) The rule is now visible at the top of the list.<br />- Admin B creates one separator. The separator is now visible at the bottom of the list.<br />- Admin B clicks "save" on his separator.<br />- Result: The firewall rule in the bottom position is deleted and is replaced by the new firewall rule.</p>
<p>Notice:<br />I have already created a forum post on <a class="external" href="https://forum.netgate.com/topic/171774/rule-disappears-when-multiple-admins-edit-rules-and-separators">https://forum.netgate.com/topic/171774/rule-disappears-when-multiple-admins-edit-rules-and-separators</a>. We think it is worth mentioning and improving</p>
<p>with regards</p>
<p>Emasi</p> pfSense - Bug #13110 (New): changing CARP VIP address does not update outbound NAT interface IPhttps://redmine.pfsense.org/issues/131102022-04-30T13:19:52Z→ luckman212luke.hamburg@gmail.com
<p>In my testing, on a 2 node HA cluster running 22.05.a.20220426.1313, if you change the Virtual IP, it is properly synced to the backup node, but the manual outbound NAT rule is not updated, so things break slightly. I am not sure if this is by design, but since you are selecting the IP by interface name, it seems like it would intuitively work the way other aliases work and "follow" changes to the chosen named VIP.</p> pfSense - Bug #12067 (New): DHCP Monitoring Statistics Errorhttps://redmine.pfsense.org/issues/120672021-06-21T08:39:05ZEvgeny Korostelev
<p>I have 2 DHCP pool (51 + 51 IP address) in one network (see attachments screen)<br />But monitoring DHCP show maximum dhcprange - 51 IP address</p> pfSense - Bug #11777 (New): Input validation prevents DNS Resolver from being disabledhttps://redmine.pfsense.org/issues/117772021-04-03T17:51:02ZMartin Thygesen
<p>When trying to disable unbound, the following error prevents the service from being turned off.</p>
<p>-----------------<br />The following input errors were detected:</p>
<pre><code>The generated config file cannot be parsed by unbound. Please correct the following errors:<br /> [1617488979] unbound-checkconf[18250:0] fatal error: outgoing-interface: fe80::20c:29ff:fec7:63f1%em0 present twice, cannot bind same ports twice.<br />-----------------</code></pre>
<p>taxonomy<br />user was operating with unbound dns resolver normally<br />system was setup for network interfaces LAN & DMZ & LOOPBACK (v4 & v6)<br />system was setup for outbound network interfaces WAN (v4 & v6)<br />user installed bind package to replace unbound but did not activate it.<br />user tried to disable unbound and was presented with this error message.<br />user stopped the unbound service from the dashboard and retried to disable the configuration, outcome failed</p>
<p>Workaround:<br />user adjusted the network interfaces to loopback<br />user adjusted the outbound network interface setting to loopback<br />user saved the config<br />user disabled unbound, and was successful in disabling the service.</p>
<p>Recommendation:<br />remove some of the check conditions that prevent the service config from being disabled<br />the service can clearly be stopped without the configuration process being impacted.<br />the parse of the configuration is too restrictive in this case.</p> pfSense - Bug #10701 (New): Firewall Log too wide with Rule Description Columnhttps://redmine.pfsense.org/issues/107012020-06-25T05:41:01ZLouis B
<p>Hello,</p>
<p>I just noticed that at least with systemlog firewall the layout does not fit inside the page any more. May be there are layout issues at other places as well. I did not check.</p>
<p>I noticed it with version </p>
<pre><code>2.5.0-DEVELOPMENT (amd64)<br />built on Tue Jun 23 01:04:03 EDT 2020<br />FreeBSD 12.1-STABLE</code></pre>
<p>And I tried with multiple browsers (all the same)</p>
<p>Louis</p> pfSense - Bug #10352 (New): RADIUS authentication fails with MSCHAPv1 or MSCHAPv2 when passwords ...https://redmine.pfsense.org/issues/103522020-03-17T09:27:26ZJim Pingle
<p>RADIUS authentication fails with the authentication server entry set to use MSCHAPv1 or MSCHAPv2 when passwords contain international characters. Authentication with the same password succeeds when set to PAP or MD5-CHAP.</p>
<p>I've tried running through a few different encodings (UTF-8, UTF-16, and the chap module's own unicode conversion function) without success.</p>
<p>It works when using <code>radtest</code> at the CLI regardless of type passed to that program. Packet captures of similar requests don't show significant differences between PHP and radtest.</p>
<p>Could be a limitation of Crypt_CHAP_MSv1 / Crypt_CHAP_MSv2 / Auth_RADIUS_*, but we should at least eliminate possible local code causes first.</p>
<p>Low priority since there are ways to make it work (PAP, MD5-CHAP), and users could choose to use other compatible passwords.</p> pfSense - Bug #9837 (New): ipv6 is not completely disabled on the interfaceshttps://redmine.pfsense.org/issues/98372019-10-20T14:04:36ZViktor Gurov
<p>When IPv6 Configuration Type is None on Interfaces configuration page, IPv6 link-local addresses still uses<br />You can see OSPFv3 hello packets, can use ipv6 from these interfaces,<br />or, if rules like "IPv4+IPv6" used, can connect to services</p>
<p>to completely disable IPv6 on interfaces, option <strong>ifdisabled</strong> must be used, i.e. "ifconfig vtnet0 inet6 ifdisabled" <br />from ifconfig (8):<br /><pre>
ifdisabled
Set a flag to disable all of IPv6 network communications on the
specified interface. Note that if there are already configured
IPv6 addresses on that interface, all of them are marked as
"tentative" and DAD will be performed when this flag is cleared.
</pre></p>
<p>pfSense 2.5.0.a.20191018.2017</p> pfSense - Bug #9755 (New): package description wrong link https://www.freshports.org/security/ope...https://redmine.pfsense.org/issues/97552019-09-13T05:20:05ZViktor Gurov
<p>Package Dependencies:<br /> openvpn-client-export-2.4.7 - wrong link</p>
<p><a class="external" href="https://www.freshports.org/security/openvpn-client-export">https://www.freshports.org/security/openvpn-client-export</a>:<br />FreshPorts -- Document not found<br />Sorry, but I don't know anything about that.</p>
<p>/security/openvpn-client-export</p>
<p>Perhaps a list of categories or the search page might be helpful.</p> pfSense - Bug #9183 (New): OpenVPN Lagg Interface not working after restart or new starthttps://redmine.pfsense.org/issues/91832018-12-08T03:10:03ZAlexander H.alexander.hailfinger@gmail.com
<p>I configured a LAGG Interface with 4 openvpn tap connections with round robin mode.</p>
<p>After a reboot or if i start the pfsense first time the interface is not working well.<br />But if i go to the configuration page and change nothing but press save its working great immediately.</p>
<p>does someone have i workaround how i could press the save button with a cron script until the problem is fixed ?</p>
<p>Regards<br />Alex</p>