pfSense bugtracker: Issueshttps://redmine.pfsense.org/https://redmine.pfsense.org/favicon.ico?16780521162024-02-21T20:49:15ZpfSense bugtracker
Redmine pfSense Packages - Todo #15281 (Confirmed): Upgrade Tailscale to 1.6.0https://redmine.pfsense.org/issues/152812024-02-21T20:49:15ZChris W
<p>Plus 24.03 has tailscale-1.56.1 available in the Package Manager. Would be great to pull in 1.6.0 if possible.</p> pfSense Packages - Feature #15177 (New): Add an option to choose an interface that the Tailscale ...https://redmine.pfsense.org/issues/151772024-01-20T15:30:19ZDanilo Zrenjanin
<p>Currently, it is not possible to specify the interface that the Tailscale service will use to connect to the Login Server. In a situation where there are multiple WANs, and you want to make changes on the primary WAN, doing so will disconnect you from the VPN.</p> pfSense Packages - Feature #14863 (New): WireGuard suppport for aliaseshttps://redmine.pfsense.org/issues/148632023-10-11T07:53:52ZBob Dig
<p>Allow to use aliases in "Allowed IPs" in the WireGuard Peer config. That would match with the general ability to use aliases for static routes in pfSense, see <a class="external" href="https://forum.netgate.com/topic/183339/feature-request-support-for-aliases">https://forum.netgate.com/topic/183339/feature-request-support-for-aliases</a>.</p> pfSense - Feature #14620 (Assigned): Support running DHCPv4 Server and DHCPv4 Relay at the same t...https://redmine.pfsense.org/issues/146202023-07-27T20:27:59ZChristian McDonaldcmcdonald@netgate.compfSense Packages - Todo #14333 (New): Reduce config writeshttps://redmine.pfsense.org/issues/143332023-05-01T15:28:11ZMarcos M
<p>When the service is started, multiple config writes are performed. System logs (reversed) show:<br /><pre>
May 1 09:12:32 check_reload_status 1213 Reloading filter
May 1 09:12:31 check_reload_status 1213 Syncing firewall
May 1 09:12:31 php_wg 15988 /usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] Applied package default settings as necessary.
May 1 09:12:31 php_wg 15988 /usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] Installed Unbound ACL group (WireGuard).
May 1 09:12:30 php_wg 15988 /usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] De-installed Unbound ACL group (WireGuard).
May 1 09:12:30 php_wg 15988 /usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] Installed interface group (WireGuard).
May 1 09:12:30 php_wg 15988 /usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] De-installed interface group (WireGuard).
May 1 09:12:30 check_reload_status 1213 Syncing firewall
May 1 09:12:30 php_wg 15988 /usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] Installed earlyshellcmd(s).
May 1 09:12:30 check_reload_status 1213 Syncing firewall
May 1 09:12:30 php_wg 15988 /usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] De-installed earlyshellcmd(s).
May 1 09:12:29 kernel tun_wg0: link state changed to UP
May 1 09:12:29 kernel wg0: changing name to 'tun_wg0'
May 1 09:12:28 check_reload_status 1213 Syncing firewall
May 1 09:12:28 php_wg 15988 /usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] Applied package default settings as necessary.
May 1 09:12:28 php_wg 15988 /usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] Installed Unbound ACL group (WireGuard).
May 1 09:12:28 php_wg 15988 /usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] De-installed Unbound ACL group (WireGuard).
May 1 09:12:28 php_wg 15988 /usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] Installed interface group (WireGuard).
May 1 09:12:28 php_wg 15988 /usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] De-installed interface group (WireGuard).
May 1 09:12:27 check_reload_status 1213 Syncing firewall
May 1 09:12:27 php_wg 15988 /usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] Installed earlyshellcmd(s).
May 1 09:12:27 check_reload_status 1213 Syncing firewall
May 1 09:12:27 php_wg 15988 /usr/local/pkg/wireguard/includes/wg_service.inc: Configuration Change: (system): [pfSense-pkg-WireGuard] De-installed earlyshellcmd(s).
May 1 09:12:26 php-fpm 4806 /status_services.php: The command '/usr/local/etc/rc.d/wireguardd stop' returned exit code '1', the output was ''
May 1 09:12:17 kernel tun_wg0: link state changed to DOWN
</pre></p>
<p>This leads to 4 new config history entries. Since this happens any time packages are restarted (e.g. due to WAN events), it adds up quickly. The issue is compounded when ACB is enabled and set to back up on config changes rather than a schedule.</p>
<p>Additionally, it seems there may be an error here:</p>
<blockquote>
<p>May 1 09:12:26 php-fpm 4806 /status_services.php: The command '/usr/local/etc/rc.d/wireguardd stop' returned exit code '1', the output was ''</p>
</blockquote> pfSense Plus - Feature #13740 (New): Feature Request: Mark Boot Environments with different prope...https://redmine.pfsense.org/issues/137402022-12-09T14:04:10ZJonas R
<p>Boot snapshots are awesome. However. I see huge potential for expanding the features on these. So here are a few suggestions</p>
<p>Mark a snapshot as forbidden to boot.<br />This comes from a weird situaton from my 6100. Where the first boot would work just perfectly. However, ever subsequent boot would result in a completely broken LAN. So I had to be suuuper careful not to boot the last remaining snapshot of my "working" system whilst trouble shooting. But if I had been able to mark it so it wasn't allowed to be booted. Then this would've been real handy.</p>
<p>Mark snapshot with Deletion Prevention:<br />This is basically an option to mark a specific snapshot so that it isn't allowed to be deleted, whilst the "Prevent from being deleted"-flag is set. Or something similar. Suggestion is to have it as a check box from within the edit-page. This could then disable the Trash-icon on the main paige.</p> pfSense Packages - Feature #13474 (New): Don't set ListenPort in wireguardhttps://redmine.pfsense.org/issues/134742022-09-06T19:08:51ZFlole Systems
<p>Currently it is not possible to not set the ListenPort setting for wireguard. I suggest to use the special value 0 as a port and then mentioning that setting it to 0 disables this.</p> pfSense Packages - Feature #13096 (Feedback): Improve robustness of Snort Rules Update Log size l...https://redmine.pfsense.org/issues/130962022-04-25T09:47:09ZBill Meeks
<p>Change the code for truncating the Snort Rules Update Log file when it exceeds the maximum configured size to be more robust by dropping the use of <em>unlink()</em> and use the method used in the Suricata package instead.</p> pfSense Packages - Bug #13095 (Feedback): Snort VRT change in Shared Object Rules path name resul...https://redmine.pfsense.org/issues/130952022-04-25T09:43:25ZBill Meeks
<p>Apparently the Snort Vulnerability Research Team recently altered part of the path name inside the Snort Rules Update archive. This results in failure of the Snort package code to properly extract and copy the Shared Object (SO) rules when performing the periodic rules update. A portion of the long directory path in the archive was changed from "x86_64" to "x86-64" (replaced the underscore with a dash).</p> pfSense Packages - Bug #12979 (Pull Request Review): Snort Rules Update Process Using Deprecated ...https://redmine.pfsense.org/issues/129792022-03-23T14:23:01ZBill Meeks
<p>Beginning around the first of March 2022, the Snort rules update package from the Snort VRT changed the subdirectory name for the precompiled Shared Object (SO) rules, in the archive, from "FreeBSD-12" to "FreeBSD-13". The Snort rules update code in the GUI parses the current FreeBSD version from the operating system, so since pfSense is still on FreeBSD 12.3, this results in the rules update code searching for a non-existent "FreeBSD-12" subdirectory in the archive when unpacking it. Until such time as pfSense moves to FreeBSD-13, this logic needs to be changed and the subdirectory name hard-coded to "FreeBSD-13".</p> pfSense Docs - Todo #12756 (New): Add information on correct MTU to use with WireGuardhttps://redmine.pfsense.org/issues/127562022-02-04T08:51:57ZViktor Gurov
<p><strong>Page:</strong> <a class="external" href="https://docs.netgate.com/pfsense/en/latest/recipes/wireguard-ra.html">https://docs.netgate.com/pfsense/en/latest/recipes/wireguard-ra.html</a></p>
<p><strong>Feedback:</strong></p>
<p>In all four Wireguard configuration recepies, there is no mention of changing the MTU and MSS values</p> pfSense Packages - Feature #12526 (New): WireGuard Widgethttps://redmine.pfsense.org/issues/125262021-11-16T14:48:56ZB. B.
<p>Hellow,</p>
<p>I want to request a feature to the WireGuard widget, probably not so important for many others.<br />Do you think it is possible to add a "Widget title" to the WireGuard widget?<br />So we can change the name of the widget :)</p> pfSense Packages - Feature #12525 (New): WireGuard Tunnel restore configurationhttps://redmine.pfsense.org/issues/125252021-11-16T14:45:43ZB. B.
<p>Hi,</p>
<p>I see the function for downloading the configuration "files" in the WireGuard - Tunnels (nice to backup the config files)<br />But it would also be nice if it was possible to restore it.<br />It would save you a lot of time if we're unlucky and messed up the tunnel/peers. :)</p> pfSense Packages - Feature #12513 (New): WireGuard Utilization Status (Beyond Active Connection)https://redmine.pfsense.org/issues/125132021-11-09T15:46:45ZJum Pers
<p>WG and pfSense are working very well together these days - thank you for the continued code and UI updates.</p>
<p>A feature that would be quite helpful on the SysAdmin side (for knowing when one can perform some client systems maintenance in scenarios where users can work whenever) is if, for both the WG Status page and (ideally) WG Widget (also), there was a set-able level (transfer threshold) that would indicate that a WG connection was actually being used rather than merely connected.</p>
<p>Perhaps this could be achieved by polling the transfer rates (RX, TX) every so many seconds (30s?) and subtracting the previous values from the present values (to see if they are above the threshold). In this way, setting a threshold for common RDP activity would provide a way of knowing whether the remote user was actively using their remote system.</p>
<p>Suggestion-wise, a colorized (green, yellow [optional: could be used for when close to threshold], red) icon, perhaps even just a small-to-medium sized (not-too-distracting) dot, to the right of the Peer name (or to the immediate right of the handshake icon if preferable) would do the trick. Or any such visual indicator.</p>
<p>Presently, it takes a lot of memorization ;) and page reloads to try to gauge which WG connections are actually being used.</p> pfSense - Todo #10199 (New): Improve Spanish translation interfacehttps://redmine.pfsense.org/issues/101992020-01-22T09:20:34ZAluisco Miguel Ricardo Mastrapa