pfSense bugtracker: Issueshttps://redmine.pfsense.org/https://redmine.pfsense.org/favicon.ico?16780521162024-02-21T19:59:52ZpfSense bugtracker
Redmine pfSense Plus - Feature #15280 (New): Boot Environments 2.0https://redmine.pfsense.org/issues/152802024-02-21T19:59:52ZChristian McDonaldcmcdonald@netgate.com
<p>Changes:</p>
<ul>
<li>Configuration History is now a separate page and is no longer part of Backup & Restore.</li>
<li>Configuration History is now aware of Boot Environments. Supports downloading, deleting and restoring across boot environment boundaries.</li>
<li>System updates are now installed in an offline clone of the running system and booted "temporarily" to facilitate automatic fallback to previous working environment.</li>
<li>Boot Verification is performed when booting temporary Boot Environments. System will automatically reboot into prior boot environment upon boot failure.</li>
</ul>
<p><img src="https://redmine.pfsense.org/attachments/download/5936/clipboard-202402211456-bdjnl.png" alt="" /><br /><img src="https://redmine.pfsense.org/attachments/download/5937/clipboard-202402211457-fegcy.png" alt="" /><br /><img src="https://redmine.pfsense.org/attachments/download/5938/clipboard-202402211457-rbjkq.png" alt="" /><br /><img src="https://redmine.pfsense.org/attachments/download/5939/clipboard-202402211457-fcvqv.png" alt="" /><br /><img src="https://redmine.pfsense.org/attachments/download/5940/clipboard-202402211458-ydyne.png" alt="" /></p> pfSense Plus - Feature #15022 (New): Package install/reinstall feature request.https://redmine.pfsense.org/issues/150222023-11-22T01:23:31ZJonathan Lee
<p>Hello fellow Redmine community members. I have noticed time and time again I have the ability to scroll during package installs to see the what package dependencies are installing and to check version numbers but I can't get it to stay still for longer than a split second before it auto scrolls back to the bottom. Can we make this stay where users are when the scroll and remove the auto scroll function?</p>
<p>We currently have no way to see the dependency information after it scrolls past because auto scroll takes us back to the bottom again.</p>
<p>See attached photo, I wanted to check what dependency versions were installed, Everytime you scroll it defaults to bottom again.</p> pfSense Packages - Feature #14863 (New): WireGuard suppport for aliaseshttps://redmine.pfsense.org/issues/148632023-10-11T07:53:52ZBob Dig
<p>Allow to use aliases in "Allowed IPs" in the WireGuard Peer config. That would match with the general ability to use aliases for static routes in pfSense, see <a class="external" href="https://forum.netgate.com/topic/183339/feature-request-support-for-aliases">https://forum.netgate.com/topic/183339/feature-request-support-for-aliases</a>.</p> pfSense Packages - Todo #14333 (New): Reduce config writeshttps://redmine.pfsense.org/issues/143332023-05-01T15:28:11ZMarcos M
<p>When the service is started, multiple config writes are performed. System logs (reversed) show:<br /><pre>
May 1 09:12:32 check_reload_status 1213 Reloading filter
May 1 09:12:31 check_reload_status 1213 Syncing firewall
May 1 09:12:31 php_wg 15988 /usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] Applied package default settings as necessary.
May 1 09:12:31 php_wg 15988 /usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] Installed Unbound ACL group (WireGuard).
May 1 09:12:30 php_wg 15988 /usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] De-installed Unbound ACL group (WireGuard).
May 1 09:12:30 php_wg 15988 /usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] Installed interface group (WireGuard).
May 1 09:12:30 php_wg 15988 /usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] De-installed interface group (WireGuard).
May 1 09:12:30 check_reload_status 1213 Syncing firewall
May 1 09:12:30 php_wg 15988 /usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] Installed earlyshellcmd(s).
May 1 09:12:30 check_reload_status 1213 Syncing firewall
May 1 09:12:30 php_wg 15988 /usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] De-installed earlyshellcmd(s).
May 1 09:12:29 kernel tun_wg0: link state changed to UP
May 1 09:12:29 kernel wg0: changing name to 'tun_wg0'
May 1 09:12:28 check_reload_status 1213 Syncing firewall
May 1 09:12:28 php_wg 15988 /usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] Applied package default settings as necessary.
May 1 09:12:28 php_wg 15988 /usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] Installed Unbound ACL group (WireGuard).
May 1 09:12:28 php_wg 15988 /usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] De-installed Unbound ACL group (WireGuard).
May 1 09:12:28 php_wg 15988 /usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] Installed interface group (WireGuard).
May 1 09:12:28 php_wg 15988 /usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] De-installed interface group (WireGuard).
May 1 09:12:27 check_reload_status 1213 Syncing firewall
May 1 09:12:27 php_wg 15988 /usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] Installed earlyshellcmd(s).
May 1 09:12:27 check_reload_status 1213 Syncing firewall
May 1 09:12:27 php_wg 15988 /usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] De-installed earlyshellcmd(s).
May 1 09:12:26 php-fpm 4806 /status_services.php: The command '/usr/local/etc/rc.d/wireguardd stop' returned exit code '1', the output was ''
May 1 09:12:17 kernel tun_wg0: link state changed to DOWN
</pre></p>
<p>This leads to 4 new config history entries. Since this happens any time packages are restarted (e.g. due to WAN events), it adds up quickly. The issue is compounded when ACB is enabled and set to back up on config changes rather than a schedule.</p>
<p>Additionally, it seems there may be an error here:</p>
<blockquote>
<p>May 1 09:12:26 php-fpm 4806 /status_services.php: The command '/usr/local/etc/rc.d/wireguardd stop' returned exit code '1', the output was ''</p>
</blockquote> pfSense Plus - Feature #14297 (New): Add Option for Vendor Class ID in DHCP Clienthttps://redmine.pfsense.org/issues/142972023-04-21T15:07:26ZKris Phillips
<p>Some ISPs require a Vendor Class ID be sent (option 60) when requesting DHCP. This can currently be accomplished in pfSense with vendor-class-identifier manually added to a dhcp config file, but adding this as a field would be helpful.</p> pfSense Plus - Feature #13740 (New): Feature Request: Mark Boot Environments with different prope...https://redmine.pfsense.org/issues/137402022-12-09T14:04:10ZJonas R
<p>Boot snapshots are awesome. However. I see huge potential for expanding the features on these. So here are a few suggestions</p>
<p>Mark a snapshot as forbidden to boot.<br />This comes from a weird situaton from my 6100. Where the first boot would work just perfectly. However, ever subsequent boot would result in a completely broken LAN. So I had to be suuuper careful not to boot the last remaining snapshot of my "working" system whilst trouble shooting. But if I had been able to mark it so it wasn't allowed to be booted. Then this would've been real handy.</p>
<p>Mark snapshot with Deletion Prevention:<br />This is basically an option to mark a specific snapshot so that it isn't allowed to be deleted, whilst the "Prevent from being deleted"-flag is set. Or something similar. Suggestion is to have it as a check box from within the edit-page. This could then disable the Trash-icon on the main paige.</p> pfSense Packages - Feature #13474 (New): Don't set ListenPort in wireguardhttps://redmine.pfsense.org/issues/134742022-09-06T19:08:51ZFlole Systems
<p>Currently it is not possible to not set the ListenPort setting for wireguard. I suggest to use the special value 0 as a port and then mentioning that setting it to 0 disables this.</p> pfSense Packages - Bug #13405 (New): Wireguard: The webgui becomes excessively slow to respond wi...https://redmine.pfsense.org/issues/134052022-08-11T09:12:04ZSteve Wheeler
<p>Webgui pages that include data from Wireguard can become very slow to respond with a large number of elements present (peers/tunnels).</p>
<p>Code that parses the output of 'wg show all dump' creates a delay.</p>
<p>For example we see delays of ~10s opening the Wireguard status page with 80 peers defined on a 6100.</p>
<p>This affects the peers, tunnels and status pages. And to a lesser extent the dashboard when the Wireguard widget is disaplayed.</p> pfSense Packages - Feature #13096 (Feedback): Improve robustness of Snort Rules Update Log size l...https://redmine.pfsense.org/issues/130962022-04-25T09:47:09ZBill Meeks
<p>Change the code for truncating the Snort Rules Update Log file when it exceeds the maximum configured size to be more robust by dropping the use of <em>unlink()</em> and use the method used in the Suricata package instead.</p> pfSense Packages - Bug #13095 (Feedback): Snort VRT change in Shared Object Rules path name resul...https://redmine.pfsense.org/issues/130952022-04-25T09:43:25ZBill Meeks
<p>Apparently the Snort Vulnerability Research Team recently altered part of the path name inside the Snort Rules Update archive. This results in failure of the Snort package code to properly extract and copy the Shared Object (SO) rules when performing the periodic rules update. A portion of the long directory path in the archive was changed from "x86_64" to "x86-64" (replaced the underscore with a dash).</p> pfSense Packages - Bug #12979 (Pull Request Review): Snort Rules Update Process Using Deprecated ...https://redmine.pfsense.org/issues/129792022-03-23T14:23:01ZBill Meeks
<p>Beginning around the first of March 2022, the Snort rules update package from the Snort VRT changed the subdirectory name for the precompiled Shared Object (SO) rules, in the archive, from "FreeBSD-12" to "FreeBSD-13". The Snort rules update code in the GUI parses the current FreeBSD version from the operating system, so since pfSense is still on FreeBSD 12.3, this results in the rules update code searching for a non-existent "FreeBSD-12" subdirectory in the archive when unpacking it. Until such time as pfSense moves to FreeBSD-13, this logic needs to be changed and the subdirectory name hard-coded to "FreeBSD-13".</p> pfSense Packages - Bug #12924 (New): DNS Resolver WireGuard ACL Inconsistencyhttps://redmine.pfsense.org/issues/129242022-03-09T10:59:57ZKevin Mychal Ong
<p>Initially, I had two pfsense nodes connected via the WireGuard package. My tunnel network was 10.0.3.0/30 for p2p. I then added another pfsense node to make the topology hub and spoke. Naturally, I had to make my tunnel network larger, so I changed the WG interface subnets to /29 instead and proceeded with adding the third node. Everything is working properly except for the fact that the Unbound ACL that's created by WireGuard on the first two nodes did not change from /30 to /29. It says in the description not to touch those but I manually changed them to /29 instead just to make things consistent. However, after restarting the pfsense box, it just goes back to /30.</p> pfSense Packages - Bug #12760 (New): Link-local addresses disallowed on Wireguard interfaceshttps://redmine.pfsense.org/issues/127602022-02-06T00:46:58ZAlex Chang-Lam
<p>Wireguard supports link-local IPv6, however adding a static link-local to interfaces is not allowed, even for interfaces of type tun_wg.</p>
<p>This is particularly necessary for dn42.</p> pfSense Packages - Bug #12608 (New): WireGuard tunnels monitored by dpinger causing system to sto...https://redmine.pfsense.org/issues/126082021-12-16T15:14:54ZChristian McDonaldcmcdonald@netgate.com
<p>Current workaround is to disable gateway monitoring on WireGuard tunnel gateways.</p>
<p>(I will be noting observations here as I unpack this)</p> pfSense - Todo #10199 (New): Improve Spanish translation interfacehttps://redmine.pfsense.org/issues/101992020-01-22T09:20:34ZAluisco Miguel Ricardo Mastrapa