pfSense bugtracker: Issueshttps://redmine.pfsense.org/https://redmine.pfsense.org/favicon.ico?16780521162024-01-13T23:54:32ZpfSense bugtracker
Redmine pfSense - Bug #15162 (Confirmed): Wrong string in “MAC address”https://redmine.pfsense.org/issues/151622024-01-13T23:54:32ZSergei Shablovsky
<p>Hi, brilliant pfSense stuff!</p>
<p>Wrong string in “ <strong>MAC address</strong> ” txt entry field in “ <strong>Services / Wake-on-LAN / Edit</strong> ” when press on “ <strong>+* ” in “ *Actions</strong> ” column in “ <strong>Diagnostics / ARP Table</strong> ” page in WebGUI.</p> pfSense - Bug #15067 (Feedback): Secondary node attempts to delete the ``admins`` group when sync...https://redmine.pfsense.org/issues/150672023-12-05T20:40:48ZCraig Coonrad
<p>Version: 23.09-RELEASE</p>
<p>Error message:</p>
<pre>
Dec 5 20:37:30 fw102.local php-fpm[77756]: /xmlrpc.php: The command '/usr/sbin/pw groupdel -g 'admins'' returned exit code '64', the output was 'pw: Bad id 'admins': invalid'
</pre> pfSense - Bug #14936 (Feedback): radvd service shows as stopped in services list when it should b...https://redmine.pfsense.org/issues/149362023-11-01T15:03:21ZJim Pingle
<p>The <code>is_radvd_enabled()</code> function in <code>pfsense-utils.inc</code> appears to incorrectly interpret the state of the radvd service in some cases.</p>
<p>For example I have a system with WAN DHCP6, LAN Track6 to WAN, but on LAN I have DHCPv6 disabled and RA disabled. When configured in this way, the radvd service is shown in the services list, but is listed as stopped. The <code>radvd.conf</code> file only contains the header, which is expected since there are no interfaces with RA enabled.</p> pfSense - Bug #14587 (New): Firewall Log Sort By Timehttps://redmine.pfsense.org/issues/145872023-07-18T15:14:08ZBrian Shell
<p>When viewing the System Logs > Firewall, and trying to sort by Time with newest first, it appears the sort is working alphabetically instead of chronologically. For example, this is the order I see when attempting to sort. Don't be concerned about the gaps of time between as this is simply due to to events being logged during those times and that is expected based on the logging I have enabled. Jun 30, Jun 28, Jun 27, Jun 26, Jun 25, Jun 24, Jun 23, Jun 22, Jun 21, Jul 6, Jul 4, Jul 18, Jul 13, Jul 10. Hopefully this will be something reproducible so a developer can see it because it is hard to explain in words. Attaching part of a screenshot so you can see the sorting. You won't see the issue from my screenshot I would have to scroll down and send many pages of screens.</p> pfSense Packages - Bug #14200 (New): WireGuard reply-to without NAThttps://redmine.pfsense.org/issues/142002023-03-29T10:02:59ZCarrnell Tech
<p>I have discovered that the WireGuard package requires the interface to have the gateway set for the reply-to rules to function as expected. However, this also creates an undesired auto NAT rules that need to be manually disabled in order to use the reply-to rules effectively.</p>
<p>I have posted all the detail and the road for my discovery on the forums and a great amount of detail along with it:<br /><a class="external" href="https://forum.netgate.com/topic/178908/wan-to-wireguard-to-lan-reply-to-bug">https://forum.netgate.com/topic/178908/wan-to-wireguard-to-lan-reply-to-bug</a></p>
My hope is that one of the following fix ideas could be implemented:
<ul>
<li>Could add verbiage on the interface or package GUI to indicate that these steps are required for true reply-to packets to function.</li>
<li>Add some sort of check box to prevent the auto added NAT rules for WireGuard interfaces, or, a check box that adds reply-to rules without the need for gateway to be filled.</li>
<li>Or, if possible, change the WireGuard package in such a way that it treats the WireGuard interface with reply-to rules with or without the gateway being set in the interface.</li>
</ul>
<p>To give you more of an idea of why I had more trouble with this particular part than anything previous is that I was migrating away from OpenVPN to WireGuard. Where OpenVPN functioned as desired without the gateway being set, I did not think to read the interface documentation mostly because the verbiage only mentions the need for it being set for internet access type scenarios, of which, I overlooked thinking it was unnecessary. On my testing environment, it was not until I started changing what I thought were unnecessary checkbox and dropdowns that I discovered the gateway was needed, I then started to read the documentation for it, which lead me to my final conclusion.</p>
<p>Appreciate your time!<br />Thank you!</p> pfSense Packages - Bug #14146 (New): Small Typo in 'Advanced Outbound firewall rule settings' war...https://redmine.pfsense.org/issues/141462023-03-22T07:36:44ZJon Brown
<p>When creating an IPv4 outbound permit rule (Firewall --> pfBlockerNG --> Ip --> IPv4) and you leave the <b>Custom Protocol</b> on any you get the following error:</p>
<pre>
Settings: Protocol setting cannot be set to 'Default' with Advanced Outbound firewall rule settings.
</pre>
<p><img src="https://redmine.pfsense.org/attachments/download/4819/pfblocker-with-any-error-message.jpg" alt="" /></p>
<p>There is a typo where it is saying it cannot be left on 'Default', there is not default protocol. This should read as follows:</p>
<pre>
Settings: Protocol setting cannot be set to 'Any' with Advanced Outbound firewall rule settings.
</pre>
<p>I have swapped <strong>default</strong> for <strong>any</strong></p> pfSense Plus - Bug #12759 (New): Proprietary packages link to non-existant or non-public github p...https://redmine.pfsense.org/issues/127592022-02-05T19:22:11ZKris Phillips
<p>When clicking on the version number to view the code for packages like openvpn-import and aws-wizard, these link to a non-existant Github page (or one that is private). We should probably add a way to just remove these links on proprietary packages for pfSense Plus.</p>
<p>For example, aws-wizard links to <a class="external" href="https://github.com/pfsense/FreeBSD-ports/commits/devel/net/pfSense-pkg-aws-wizard">https://github.com/pfsense/FreeBSD-ports/commits/devel/net/pfSense-pkg-aws-wizard</a> which is an invalid path.</p> pfSense Packages - Bug #11650 (New): FRR configuration broken on restore of manually edited FRR c...https://redmine.pfsense.org/issues/116502021-03-10T06:51:58ZAndrew Green
<p>SG-3100<br />21.02-RELEASE-p1 (arm)<br />built on Mon Feb 22 09:38:52 EST 2021</p>
<p>FRR package version 1.1.0_8</p>
<p>I could not find any instructions to remove all of a package's configuration so I did this:</p>
<p>- Made a config backup<br />- Edited the config xml and remove the FRR config references but left the package sections in place with empty <config></config> sections inside.<br />- Restored the config<br />- Router rebooted and reinstalled packages<br />- Went to reconfigure FRR and it broke sometimes when saving the settings.<br />- I managed to make the error go away after adding and deleting a prefix list.<br />- Here is the PHP error:<br /><pre>
arm
12.2-STABLE
FreeBSD 12.2-STABLE 0e42b7d7eac(HEAD) pfSense-SG-3100
Crash report details:
PHP Errors:
[09-Mar-2021 21:46:49 America/St_Johns] PHP Fatal error: Uncaught Error: Only variables can be passed by reference in /usr/local/pkg/frr/inc/frr_zebra.inc:295
Stack trace:
#0 /usr/local/pkg/frr/inc/frr_zebra.inc(758): frr_zebra_generate_prefixlists(true, false)
#1 /usr/local/pkg/frr.inc(683): frr_generate_config_zebra()
#2 /usr/local/www/pkg_edit.php(245) : eval()'d code(1): frr_generate_config()
#3 /usr/local/www/pkg_edit.php(245): eval()
#4 {main}
thrown in /usr/local/pkg/frr/inc/frr_zebra.inc on line 295
[09-Mar-2021 21:47:15 America/St_Johns] PHP Fatal error: Uncaught Error: Only variables can be passed by reference in /usr/local/pkg/frr/inc/frr_zebra.inc:295
Stack trace:
#0 /usr/local/pkg/frr/inc/frr_zebra.inc(758): frr_zebra_generate_prefixlists(true, false)
#1 /usr/local/pkg/frr.inc(683): frr_generate_config_zebra()
#2 /usr/local/www/pkg_edit.php(245) : eval()'d code(1): frr_generate_config()
#3 /usr/local/www/pkg_edit.php(245): eval()
#4 {main}
thrown in /usr/local/pkg/frr/inc/frr_zebra.inc on line 295
[09-Mar-2021 21:47:30 America/St_Johns] PHP Fatal error: Uncaught Error: Only variables can be passed by reference in /usr/local/pkg/frr/inc/frr_zebra.inc:295
Stack trace:
#0 /usr/local/pkg/frr/inc/frr_zebra.inc(758): frr_zebra_generate_prefixlists(true, false)
#1 /usr/local/pkg/frr.inc(683): frr_generate_config_zebra()
#2 /usr/local/www/pkg_edit.php(245) : eval()'d code(1): frr_generate_config()
#3 /usr/local/www/pkg_edit.php(245): eval()
#4 {main}
thrown in /usr/local/pkg/frr/inc/frr_zebra.inc on line 295
[09-Mar-2021 21:47:36 America/St_Johns] PHP Fatal error: Uncaught Error: Only variables can be passed by reference in /usr/local/pkg/frr/inc/frr_zebra.inc:295
Stack trace:
#0 /usr/local/pkg/frr/inc/frr_zebra.inc(758): frr_zebra_generate_prefixlists(true, false)
#1 /usr/local/pkg/frr.inc(683): frr_generate_config_zebra()
#2 /usr/local/www/pkg_edit.php(245) : eval()'d code(1): frr_generate_config()
#3 /usr/local/www/pkg_edit.php(245): eval()
#4 {main}
thrown in /usr/local/pkg/frr/inc/frr_zebra.inc on line 295
[09-Mar-2021 21:49:51 America/St_Johns] PHP Fatal error: Uncaught Error: Only variables can be passed by reference in /usr/local/pkg/frr/inc/frr_zebra.inc:262
Stack trace:
#0 /usr/local/pkg/frr/inc/frr_zebra.inc(764): frr_zebra_generate_aspaths()
#1 /usr/local/pkg/frr.inc(683): frr_generate_config_zebra()
#2 /usr/local/www/pkg_edit.php(245) : eval()'d code(1): frr_generate_config()
#3 /usr/local/www/pkg_edit.php(245): eval()
#4 {main}
thrown in /usr/local/pkg/frr/inc/frr_zebra.inc on line 262
[09-Mar-2021 21:49:55 America/St_Johns] PHP Fatal error: Uncaught Error: Only variables can be passed by reference in /usr/local/pkg/frr/inc/frr_zebra.inc:262
Stack trace:
#0 /usr/local/pkg/frr/inc/frr_zebra.inc(764): frr_zebra_generate_aspaths()
#1 /usr/local/pkg/frr.inc(683): frr_generate_config_zebra()
#2 /usr/local/www/pkg_edit.php(245) : eval()'d code(1): frr_generate_config()
#3 /usr/local/www/pkg_edit.php(245): eval()
#4 {main}
thrown in /usr/local/pkg/frr/inc/frr_zebra.inc on line 262
[09-Mar-2021 21:50:03 America/St_Johns] PHP Fatal error: Uncaught Error: Only variables can be passed by reference in /usr/local/pkg/frr/inc/frr_zebra.inc:262
Stack trace:
#0 /usr/local/pkg/frr/inc/frr_zebra.inc(764): frr_zebra_generate_aspaths()
#1 /usr/local/pkg/frr.inc(683): frr_generate_config_zebra()
#2 /usr/local/www/pkg.php(140) : eval()'d code(1): frr_generate_config()
#3 /usr/local/www/pkg.php(140): eval()
#4 {main}
thrown in /usr/local/pkg/frr/inc/frr_zebra.inc on line 262
No FreeBSD crash data found.
</pre></p> pfSense Packages - Bug #11493 (New): After upgrade zabbix proxy wont starthttps://redmine.pfsense.org/issues/114932021-02-21T05:31:00ZPim Janssen
<p>Due to database changes between zabbix-proxy versions. The proxy database needs to be removed after upgrading else the proxy service won't start.</p>
<p>Workaround <br />manual remove database /var/db/zabbix-proxy/proxy.db</p> pfSense Packages - Bug #11490 (New): Service Watchdog - Impacts Reboots and Package Updateshttps://redmine.pfsense.org/issues/114902021-02-21T01:11:28ZA S
<p>All - wasn't quite sure which to attribute this to as its a package, but is impacting standard operation.</p>
Synopsis:
<ul>
<li>When upgrading a package where the upgrade must stop the service, the Service Watchdog is restarting the service before the upgrade of the package completes. Appears to completely stall some updates where the update process takes some time to run with the service stopped.</li>
<li>Upon reboot, while reviewing syslog - the Service Watchdog is starting services <b>before</b> pfSense [itself] normally starts a given service. Suspect that this could cause services to start in an abnormal order and potentially create dependency issues.</li>
</ul>
<p>Noticed this upon trying to assess a recent issue and watching syslog information where virtually every process upon reboot was started <strong>first</strong> by the Service Watchdog and when the system starting of that same process occurred - the system initiated startup failed.</p> pfSense Packages - Bug #11000 (New): haproxy deprecated trick suggestedhttps://redmine.pfsense.org/issues/110002020-10-22T17:51:10ZManuel Piovan
<p>haproxy-devel<br />under backend<br />the description for "Http check version" say:<br /><pre><code class="php syntaxhl"><span class="nc">Defaults</span> <span class="n">to</span> <span class="s2">"HTTP/1.0"</span> <span class="k">if</span> <span class="n">left</span> <span class="n">blank</span><span class="mf">.</span> <span class="nc">Note</span> <span class="n">that</span> <span class="n">the</span> <span class="nc">Host</span> <span class="n">field</span> <span class="n">is</span> <span class="n">mandatory</span> <span class="n">in</span> <span class="no">HTTP</span><span class="o">/</span><span class="mf">1.1</span><span class="p">,</span> <span class="k">and</span> <span class="k">as</span> <span class="n">a</span> <span class="n">trick</span><span class="p">,</span> <span class="n">it</span> <span class="n">is</span> <span class="n">possible</span> <span class="n">to</span> <span class="n">pass</span> <span class="n">it</span> <span class="n">after</span> <span class="s2">"</span><span class="se">\r\n</span><span class="s2">"</span> <span class="n">following</span> <span class="n">the</span> <span class="n">version</span> <span class="n">string</span> <span class="n">like</span> <span class="n">this</span><span class="o">:</span>
<span class="no">HTTP</span><span class="o">/</span><span class="mf">1.1</span><span class="err">\</span><span class="n">r\nHost</span><span class="o">:</span><span class="err">\</span> <span class="n">www</span>
</code></pre><br />but this lead to a Warning</p>
<pre><code class="php syntaxhl"><span class="p">[</span><span class="no">WARNING</span><span class="p">]</span> <span class="mi">296</span><span class="o">/</span><span class="mo">00442</span><span class="mi">8</span> <span class="p">(</span><span class="mi">78254</span><span class="p">)</span> <span class="o">:</span> <span class="n">parsing</span> <span class="p">[</span><span class="o">/</span><span class="k">var</span><span class="o">/</span><span class="n">etc</span><span class="o">/</span><span class="n">haproxy</span><span class="o">/</span><span class="n">haproxy</span><span class="mf">.</span><span class="n">cfg</span><span class="o">:</span><span class="mi">67</span><span class="p">]</span><span class="o">:</span> <span class="s1">'option httpchk'</span> <span class="o">:</span> <span class="n">hiding</span> <span class="n">headers</span> <span class="k">or</span> <span class="n">body</span> <span class="n">at</span> <span class="n">the</span> <span class="n">end</span> <span class="n">of</span> <span class="n">the</span> <span class="n">version</span> <span class="n">string</span> <span class="n">is</span> <span class="n">deprecated</span><span class="mf">.</span> <span class="nc">Please</span><span class="p">,</span> <span class="n">consider</span> <span class="n">to</span> <span class="kn">use</span> <span class="s1">'http-check send'</span> <span class="n">directive</span> <span class="n">instead</span><span class="mf">.</span>
</code></pre> pfSense Packages - Bug #10265 (New): Adding a Note with malformed title will force system restorehttps://redmine.pfsense.org/issues/102652020-02-17T14:27:22ZYuri Weinstein
<p>This is related to using Notes package.</p>
<p>Add a new note with title</p>
<p>"Add/Change/Set the custom resolution of your display using xrandr on Ubuntu 18.04 — {In a minute}"</p>
<p>(I am not sure why this particular string causes a problem, but it does) and anything in the notes body</p>
<p>Click on Save => notice that the note was not added and pfSense System Notices show a new warning:</p>
<p>"pfSenseConfigurator<br />pfSense is restoring the configuration /cf/conf/backup/config-1581970855.xml @ 2020-02-17 12:21:23"</p> pfSense Packages - Bug #9486 (New): ifindex values used for softflowd are incorrecthttps://redmine.pfsense.org/issues/94862019-04-26T13:16:29ZJesse White
<p>With this patch, we now pass ifIndex values to softflowd for inclusion in the flow packets:<br /> <a class="external" href="https://github.com/pfsense/FreeBSD-ports/pull/501/files#diff-451c93a8b870e13a749022e7ecf64cd6R52">https://github.com/pfsense/FreeBSD-ports/pull/501/files#diff-451c93a8b870e13a749022e7ecf64cd6R52</a></p>
<p>However, the values used are arbitrary and do not line up with the values used by other services on the system such as snmpd:<br /><pre>
ps ax | grep soft
91600 - Ss 0:00.64 /usr/local/sbin/softflowd -i 1:igb1 -n 127.0.0.1:8877 -v 5 -T full -t general=60 -p /var/run/softflowd.igb1.pid -c /var/r
91913 - Is 0:00.00 /usr/local/sbin/softflowd -i 2:igb1.2 -n 127.0.0.1:8877 -v 5 -T full -t general=60 -p /var/run/softflowd.igb1.2.pid -c /v
92156 - Is 0:00.00 /usr/local/sbin/softflowd -i 3:igb1.3 -n 127.0.0.1:8877 -v 5 -T full -t general=60 -p /var/run/softflowd.igb1.3.pid -c /v
92774 - Is 0:00.00 /usr/local/sbin/softflowd -i 4:ovpnc2 -n 127.0.0.1:8877 -v 5 -T full -t general=60 -p /var/run/softflowd.ovpnc2.pid -c /v
93644 - Ss 0:00.69 /usr/local/sbin/softflowd -i 5:igb0 -n 127.0.0.1:8877 -v 5 -T full -t general=60 -p /var/run/softflowd.igb0.pid -c /var/r
93969 - Is 0:00.00 /usr/local/sbin/softflowd -i 6:lo0 -n 127.0.0.1:8877 -v 5 -T full -t general=60 -p /var/run/softflowd.lo0.pid -c /var/run
</pre></p>
<pre>
$ snmpwalk -c public -v 2c 10.1.1.1 IF-MIB::ifDescr
IF-MIB::ifDescr.1 = STRING: igb0
IF-MIB::ifDescr.2 = STRING: igb1
IF-MIB::ifDescr.3 = STRING: enc0
IF-MIB::ifDescr.4 = STRING: lo0
IF-MIB::ifDescr.5 = STRING: pflog0
IF-MIB::ifDescr.6 = STRING: pfsync0
IF-MIB::ifDescr.7 = STRING: igb1.2
IF-MIB::ifDescr.8 = STRING: igb1.3
IF-MIB::ifDescr.9 = STRING: ovpnc2
</pre>
<p>For example igb1.2 is set to ifIndex 2, but it should really be 7.</p>
<p>The proper ifIndex can be retrieved using:<br /> <a class="external" href="https://www.freebsd.org/cgi/man.cgi?query=if_nametoindex&apropos=0&sektion=3&manpath=FreeBSD+11.0-RELEASE&arch=default&format=html">https://www.freebsd.org/cgi/man.cgi?query=if_nametoindex&apropos=0&sektion=3&manpath=FreeBSD+11.0-RELEASE&arch=default&format=html</a></p> pfSense Packages - Bug #9012 (New): Captive Portal authentication in Squid Proxy Server does not ...https://redmine.pfsense.org/issues/90122018-10-05T11:25:32ZKevin Chou
<p>Version pfsense 2.4.4-RELEASE (amd64)<br />I have configured Authentication Method to "Captive Portal" in Squid Proxy Server -> Authentication<br />But it does not work, squid cannot get current user and deny access.</p> pfSense Packages - Bug #8454 (New): Arpwatch package break email notifications from other sourceshttps://redmine.pfsense.org/issues/84542018-04-12T07:18:20ZYehuda Katz
<p>Arpwatch replaces /usr/sbin/sendmail with a symlink to a PHP script that specifically mentioned Arpwatch in the message subject:<br /><a class="external" href="https://github.com/pfsense/FreeBSD-ports/blob/015971be238550a1f9aa060fe5ed93849c01572e/net-mgmt/pfSense-pkg-arpwatch/files/usr/local/pkg/arpwatch.inc#L217">https://github.com/pfsense/FreeBSD-ports/blob/015971be238550a1f9aa060fe5ed93849c01572e/net-mgmt/pfSense-pkg-arpwatch/files/usr/local/pkg/arpwatch.inc#L217</a></p>
<p>This causes notifications from ACME (run by CRON) to come with subjects like this:</p>
<blockquote>
<p>wall.example.com - Arpwatch Notification : Cron <root@wall> /usr/local/pkg/acme/acme_command.sh "renewall"</p>
</blockquote>