pfSense bugtracker: Issueshttps://redmine.pfsense.org/https://redmine.pfsense.org/favicon.ico?16780521162024-03-13T22:05:02ZpfSense bugtracker
Redmine pfSense Plus - Regression #15337 (Feedback): pfSense-boot pkg fails install in UFShttps://redmine.pfsense.org/issues/153372024-03-13T22:05:02ZSteve Wheeler
<p>Upgrading UFS installs to the current 24.03 snapshot fails when running the POST-INSTALL script inb the pfSense upgrade pkg:<br /><pre>
Installed packages to be UPGRADED:
pfSense-boot: 24.03.b.20240312.0600 -> 24.03.b.20240313.0600 [pfSense-core]
Number of packages to be upgraded: 1
[1/1] Upgrading pfSense-boot from 24.03.b.20240312.0600 to 24.03.b.20240313.0600...
[1/1] Extracting pfSense-boot-24.03.b.20240313.0600: .......... done
/bin/sh: Syntax error: end of file unexpected (expecting "fi")
pkg-static: POST-INSTALL script failed
failed.
Failed
</pre></p>
<p>This appears to be caused by the script truncating the UFS ID:<br /><pre>
+ mount -p
+ awk '$2 ~ /^\/$/ { match($1, "[[:alpha:]/]+[[:digit:]]+"); print substr($1, RSTART, RLENGTH); }'
+ bootdevs=/dev/ufsid/6023315
+ mount -p
+ awk '$2 ~/\/boot\/efi/'
+ [ -n '' ]
+ gpart show -p /dev/ufsid/6023315
+ awk '$4 ~ /efi/ {print $3}'
gpart: No such geom: /dev/ufsid/6023315.
</pre></p> pfSense Plus - Bug #15303 (New): dpinger service does not always switch from Pending to Onlinehttps://redmine.pfsense.org/issues/153032024-03-02T17:07:07ZKris Phillips
<p>There are several situations where dpinger will not detect a gateway that is available when it should, forcing a restart of the dpinger service to "trigger" it to recheck.</p>
<p>Known situations, but there may be more:</p>
<p>1. Adding a new VTI tunnel as an interface<br />2. A release/renew of an IPv6 gateway (IPv4 gateway will show up, but IPv6 will not until a dpinger restart)<br />3. Adding an OpenVPN client/server as an interface</p>
<p>Related documentation redmine: <a class="external" href="https://redmine.pfsense.org/issues/15230">https://redmine.pfsense.org/issues/15230</a></p> pfSense Plus - Feature #15280 (New): Boot Environments 2.0https://redmine.pfsense.org/issues/152802024-02-21T19:59:52ZChristian McDonaldcmcdonald@netgate.com
<p>Changes:</p>
<ul>
<li>Configuration History is now a separate page and is no longer part of Backup & Restore.</li>
<li>Configuration History is now aware of Boot Environments. Supports downloading, deleting and restoring across boot environment boundaries.</li>
<li>System updates are now installed in an offline clone of the running system and booted "temporarily" to facilitate automatic fallback to previous working environment.</li>
<li>Boot Verification is performed when booting temporary Boot Environments. System will automatically reboot into prior boot environment upon boot failure.</li>
</ul>
<p><img src="https://redmine.pfsense.org/attachments/download/5936/clipboard-202402211456-bdjnl.png" alt="" /><br /><img src="https://redmine.pfsense.org/attachments/download/5937/clipboard-202402211457-fegcy.png" alt="" /><br /><img src="https://redmine.pfsense.org/attachments/download/5938/clipboard-202402211457-rbjkq.png" alt="" /><br /><img src="https://redmine.pfsense.org/attachments/download/5939/clipboard-202402211457-fcvqv.png" alt="" /><br /><img src="https://redmine.pfsense.org/attachments/download/5940/clipboard-202402211458-ydyne.png" alt="" /></p> pfSense Plus - Todo #15266 (Feedback): Prevent usage of the default password in User Manager acco...https://redmine.pfsense.org/issues/152662024-02-16T18:53:24ZJim Pingle
<p>Currently we detect in the GUI when the admin account is using the default password (<code>"pfsense"</code>) and print a warning message: source:src/usr/local/www/head.inc#L564</p>
<p>We should change that to check any account (not just <code>admin</code>) and force a password change during one or more of the user's initial interactions, for example:</p>
<ul>
<li>During the setup wizard</li>
<li>GUI login any time the password matches the default password</li>
<li>Shell (console or SSH) login any time the password matches the default password</li>
<li>Possibly during the installation process</li>
</ul>
<p>We should also not allow the user to change their password to any variation of "pfsense" in upper/lower/mixed case.</p> pfSense Plus - Feature #15022 (New): Package install/reinstall feature request.https://redmine.pfsense.org/issues/150222023-11-22T01:23:31ZJonathan Lee
<p>Hello fellow Redmine community members. I have noticed time and time again I have the ability to scroll during package installs to see the what package dependencies are installing and to check version numbers but I can't get it to stay still for longer than a split second before it auto scrolls back to the bottom. Can we make this stay where users are when the scroll and remove the auto scroll function?</p>
<p>We currently have no way to see the dependency information after it scrolls past because auto scroll takes us back to the bottom again.</p>
<p>See attached photo, I wanted to check what dependency versions were installed, Everytime you scroll it defaults to bottom again.</p> pfSense Plus - Bug #14862 (New): netstat nexthop queries fail on an arm32https://redmine.pfsense.org/issues/148622023-10-11T00:33:44ZSteve Wheeler
<p>Using the -o or -O switches with netstat to get nexthop data fails or shows bad data on arm32 devices.</p>
<pre>
[23.09-BETA][admin@fw1.stevew.lan]/root: netstat -4onW
Nexthop data
Protocol Family 0:
Idx Type IFA Gateway Flags Use Mtu Netif Addrif Refcnt Prepend
120 empty (0) ---/resolve HS 0 512 --- lo0 0 00000000000000000000000000
120 empty (0) ---/resolve H 0 512 --- lo0 0 000000000000000000
120 empty (0) ---/resolve 0 512 ---mvneta1.100 0 0000000000000000000000000000
120 empty (0) ---/resolve 0 512 --- ovpnc2 0 00000000000000000000000000000000
120 empty (0) ---/resolve H 0 512 --- lo0 0 00
120 empty (0) ---/resolve HS 0 512 --- lo0 0 0000
120 empty (0) ---/resolve HS 0 512 --- lo0 0 00
120 empty (0) ---/resolve H 0 512 --- lo0 0 00
120 empty (0) ---/resolve HS 0 512 --- lo0 0 0000000000000000
120 empty (0) ---/resolve GS 0 512 --- mvneta0 0 00
120 empty (0) ---/resolve 0 512 --- mvneta2 0 0000000000000000
120 empty (0) ---/resolve HS 0 512 --- lo0 0 00000000000000000000000000000000
120 empty (0) ---/resolve HS 0 512 --- lo0 0 000000000000000000000000000000
120 empty (0) ---/resolve HS 0 512 --- lo0 0 0000000000000000000000000000000000
120 empty (0) ---/resolve H 0 512 --- ovpnc3 0 000000000000000000000000000000
120 empty (0) ---/resolve 0 512 ---mvneta1.21 0 00000000000000000000000000
120 empty (0) ---/resolve GHS 0 512 --- mvneta2 0 0000000000000000
120 empty (0) ---/resolve 0 512 --- mvneta0 0 00
120 empty (0) ---/resolve GS 0 512 --- mvneta2 0 0000000000000000
120 empty (0) ---/resolve 0 512 --- mvneta1 0 0000
120 empty (0) ---/resolve 0 512 --- mvneta1 0 0000
120 empty (0) ---/resolve HS 0 512 --- lo0 0 0000000000000000000000000000
120 empty (0) ---/resolve 0 512 --- ovpnc1 0 0000000000000000000000000000000000
</pre>
<pre>
[23.09-BETA][admin@fw1.stevew.lan]/root: netstat -4OnW
Nexthop groups data
netstat: sysctl: net.route.0.2.nhgrpdump.0 estimate: Operation not supported
</pre>
<p>These commands are used to gather data for the status_output file and hence generate errors when it's run.</p> pfSense Plus - Feature #14810 (New): add Packet Too Big icmp type in firewallhttps://redmine.pfsense.org/issues/148102023-09-25T21:58:26Zyon Liuinfo@ipv6china.com
<p>I hope more ICMP type refinements can be added to the firewall options.<br />For example, add Type 2 - Packet Too Big and 4 Fragmentation Needed and Don't Fragment was Set</p>
<p>Because I have security blocking most ICMP and only allowing necessary ICMP.</p> pfSense Plus - Regression #14378 (Confirmed): Packages are not removed when using the hardware re...https://redmine.pfsense.org/issues/143782023-05-12T00:41:38ZSteve Wheeler
<p>More precisely it appears that packages are re-installed after rebooting into the new config.</p>
<p>This does not happen using the factory default options in the GUI or console menu.</p>
<p>Tested on 4100 and 6100 with 23.05.r.20230509.2241</p> pfSense Plus - Feature #14297 (New): Add Option for Vendor Class ID in DHCP Clienthttps://redmine.pfsense.org/issues/142972023-04-21T15:07:26ZKris Phillips
<p>Some ISPs require a Vendor Class ID be sent (option 60) when requesting DHCP. This can currently be accomplished in pfSense with vendor-class-identifier manually added to a dhcp config file, but adding this as a field would be helpful.</p> pfSense Plus - Bug #14106 (New): arc4random: WARNING: initial seeding bypassed the cryptographic ...https://redmine.pfsense.org/issues/141062023-03-14T10:41:28ZJonathan Lee
<p>23.01 is now showing this error after a fresh firmware install on a Netgate 2100-MAX system. It will continue to boot after. Is this of concern? I have not noticed this in the past. It has bypassed the cryptographic feature.</p>
<p>Mar 14 05:01:12 kernel arc4random: WARNING: initial seeding bypassed the cryptographic random device because it was not yet seeded and the knob 'bypass_before_seeding' was enabled.<br />Mar 14 05:01:12 kernel FreeBSD/SMP: Multiprocessor System Detected: 2 CPUs<br />Mar 14 05:01:12 kernel Starting CPU 1 (1)<br />Mar 14 05:01:12 kernel avail memory = 3464667136 (3304 MB)<br />Mar 14 05:01:12 kernel real memory = 3602862080 (3435 MB)<br />Mar 14 05:01:12 kernel module firmware already present!<br />Mar 14 05:01:12 kernel VT: init without driver.<br />Mar 14 05:01:12 kernel FreeBSD clang version 14.0.5 (<a class="external" href="https://github.com/llvm/llvm-project.git">https://github.com/llvm/llvm-project.git</a> llvmorg-14.0.5-0-gc12386ae247c)<br />Mar 14 05:01:12 kernel root@freebsd:/var/jenkins/workspace/pfSense-Plus-snapshots-23_01-main/obj/aarch64/Z3hsU8Fs/var/jenkins/workspace/pfSense-Plus-snapshots-23_01-main/sources/FreeBSD-src-plus-RELENG_23_01/arm64.aarch64/sys/pfSense arm64<br />Mar 14 05:01:12 kernel FreeBSD 14.0-CURRENT #0 plus-RELENG_23_01-n256037-6e914874a5e: Fri Feb 10 20:28:37 UTC 2023<br />Mar 14 05:01:12 kernel FreeBSD is a registered trademark of The FreeBSD Foundation.<br />Mar 14 05:01:12 kernel The Regents of the University of California. All rights reserved.<br />Mar 14 05:01:12 kernel Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994<br />Mar 14 05:01:12 kernel Copyright (c) 1992-2022 The FreeBSD Project.<br />Mar 14 05:01:12 kernel KDB: current backend: ddb<br />Mar 14 05:01:12 kernel KDB: debugger backends: ddb gdb<br />Mar 14 05:01:12 kernel GDB: current port: uart<br />Mar 14 05:01:12 kernel GDB: debug ports: uart<br />Mar 14 05:01:12 kernel ---<<BOOT>>---</p> pfSense Plus - Feature #13786 (New): ldap intergration for firewall ruleshttps://redmine.pfsense.org/issues/137862022-12-20T15:54:09ZMike Moore
<p>Seeing as there are LDAP connectors in the software already for authentication, would it be possible to leverage that for firewall rules?<br />Creating a permit/deny rule based on source 'LDAP\User1". This feature alone would be "nextgen" for pf.</p>
<p>On other vendors, this does require an agent being installed on an AD server to get that updated directory list to map IP addr to username. But i think that would only be helpful for reporting/analytics. If we need to just validate the username and thats it, then i think this is possible. Other packages such as Squid can be leveraged if reporting is needed to see what sites were visited and when.</p> pfSense Plus - Feature #13740 (New): Feature Request: Mark Boot Environments with different prope...https://redmine.pfsense.org/issues/137402022-12-09T14:04:10ZJonas R
<p>Boot snapshots are awesome. However. I see huge potential for expanding the features on these. So here are a few suggestions</p>
<p>Mark a snapshot as forbidden to boot.<br />This comes from a weird situaton from my 6100. Where the first boot would work just perfectly. However, ever subsequent boot would result in a completely broken LAN. So I had to be suuuper careful not to boot the last remaining snapshot of my "working" system whilst trouble shooting. But if I had been able to mark it so it wasn't allowed to be booted. Then this would've been real handy.</p>
<p>Mark snapshot with Deletion Prevention:<br />This is basically an option to mark a specific snapshot so that it isn't allowed to be deleted, whilst the "Prevent from being deleted"-flag is set. Or something similar. Suggestion is to have it as a check box from within the edit-page. This could then disable the Trash-icon on the main paige.</p> pfSense Plus - Bug #13687 (New): firewall_shaper_vinterface.php cannot deal with a limiter named ...https://redmine.pfsense.org/issues/136872022-11-23T02:41:47ZKristof Provost
<p>When I create a limiter named 'new' via the Traffic Shaper page (firewall_shaper_vinterface.php) with the name 'new' it becomes impossible to create more limiters.<br />The 'new' limiter is created correctly, and I can add queues to it, but following the 'New Limiter' link (to firewall_shaper_vinterface.php?pipe=new&action=add") shows the new queue page, not the new limiter page.</p> pfSense Plus - Bug #13497 (Incomplete): unbound process looks like stuck periodicallyhttps://redmine.pfsense.org/issues/134972022-09-16T01:16:46ZYaroslav Semenenko
<p>Hello,</p>
<p>I have Netgate 2100.<br />Unbound service is needed to restart sometimes due to it could not resolve public domain name.</p>
<p>Thanks,<br />Yaroslav</p> pfSense Plus - Bug #12894 (New): duplicating freshly created certificates through refreshinghttps://redmine.pfsense.org/issues/128942022-03-03T14:30:26ZVan Quach
<p>Version 22.01-Release FreeBSD 12.3-Stable</p>
<p>Bug: After successfully creating a certificate. The certificate gets duplicated by refreshing the page (while the green success notification is shown)</p>
<p>This happend to me with different CA and it doesn't matter what type of certificate it is.</p>