pfSense bugtracker: Issueshttps://redmine.pfsense.org/https://redmine.pfsense.org/favicon.ico?16780521162024-03-28T15:30:27ZpfSense bugtracker
Redmine pfSense Plus - Feature #15368 (New): Bulk import DHCP host reservationshttps://redmine.pfsense.org/issues/153682024-03-28T15:30:27ZChris W
<p>It'd be a huge time saver to import from a CSV or XML file into Kea, or even just pasting into a text field like Firewall > Alias > Bulk Import currently does.</p> pfSense Plus - Bug #15361 (New): Error in virtual IP aliases when using IPv6 "network" / "broadca...https://redmine.pfsense.org/issues/153612024-03-25T09:20:00ZMathis Cavalli
<p>There is no network address in IPv6, nor broadcasts like IPv4<br />When adding / editing an IP alias and putting there an address like fd00::/64 it shows the following error : "The network address cannot be used for this VIP" <br />It happened on my pfSense+ box but it seems the CE 2.7.2 is also affected.</p> pfSense Plus - Bug #15332 (New): Kea doesn't start without any logs when upload config with addit...https://redmine.pfsense.org/issues/153322024-03-12T13:17:13Zaleksei prokofiev
<p>If the config has additioan DHCP pool with extra parametrs configured, such default-lease-time or max-lease-time, then KEA won't start with out any logs. To fix that need delete from config those extra option. Or just resave affected pool without any changes, it will lead rewrite config without extra options. <br />For example <br /><pool><br /> <range><br /> <from>192.168.6.2</from><br /> <to>192.168.6.48</to><br /> </range><br /> <descr><![CDATA[NTP Server]]></descr><br /> <defaultleasetime>600</defaultleasetime><br /> <maxleasetime>3600</maxleasetime><br />After resave it will deleted<br /><pool><br /> <range><br /> <from>192.168.6.2</from><br /> <to>192.168.6.48</to><br /> </range><br /> <descr><![CDATA[NTP Server]]></descr><br /> <defaultleasetime></defaultleasetime><br /> <maxleasetime></maxleasetime></p> pfSense Plus - Regression #15320 (New): XMLRPC Sync Trigger on CARP Maintenance Mode Causes webCo...https://redmine.pfsense.org/issues/153202024-03-08T03:13:23ZKris Phillips
<p>When syncing a large configuration file with a large number of Virtual IPs, XMLRPC Sync can cause the webConfigurator to completely hang on a secondary unit in an HA pair for several minutes. This can also lead to 504 Timeout messages. The webConfigurator will typically recover on it's own, but this will often take several minutes.</p>
<p>Disabling the Virtual IP portion of the XMLRPC sync resolves this issue and the failover is nearly instantaneous, along with complete responsiveness from the webConfigurator.</p>
<p>Likely improvements can be made to the PHP code to not just blindly copy and rebuild the entire Virtual IP configuration on the secondary unit, as these hangs can lead to high CPU load and responsiveness issues for the secondary firewall that you just failed over to. This is obviously less than ideal since that unit is supposed to be taking over traffic in a manual failover scenario.</p> pfSense Plus - Feature #15306 (New): Change Gateway Status from Pending to Unavailablehttps://redmine.pfsense.org/issues/153062024-03-03T01:25:28ZKris Phillips
<p>Per customer statement and request, gateway statuses of "Pending" are confusing as a state for gateways that do not exist yet due to dynamic allocation. Something like a state of "Unavailable" may be more appropriate wording.</p> pfSense Plus - Feature #15186 (New): Test DNS over TLShttps://redmine.pfsense.org/issues/151862024-01-24T23:57:32ZJeff Kuehl
<p>The ability to readily confirm TLS DNS would be established once saved.</p> pfSense Plus - Regression #14703 (New): 2100 pcie wireless issueshttps://redmine.pfsense.org/issues/147032023-08-21T18:51:41ZJonathan Lee
<p>Hello fellow pfSense Packages Redmine community members can you please help.</p>
<p>1. The SG-2100MAX the Compex WLE200NX Wireless A/B/G/N Network Mini PCIe Adapter is the only card that will work with the 2100. Other appliances have support for other cards that is missing inside the 2100.</p>
<p>2. The pfSense GUI has removed all antenna port options that are in the prior versions of pfSense.</p>
<p>3. The pfSense software will not allow any dev.ath.0.tpack, or dev.ath.0.tpcts adjustments. When changed they default back to the original settings when adjustments are made. However per Netgate docs users should be able to change them.</p>
<p>4. The antenna diversity does not enable within the 2100 when multiple antena are in use.</p>
<p>As listed in Netgate docs we should have options for antenna adjustments and transmit power adjustments as seen here:</p>
<p><em>"If the signal is weak even when nearby the access point antenna, check the antenna again. For mini-PCI or mini-PCIe cards, if only one pigtail in use and there are two internal connectors, try hooking the pigtail up to the other internal connector on the card. Also try changing the Channel or adjusting the Transmit Power, or the Antenna Settings on the wireless interface configuration. For mini-PCI and mini-PCIe cards, check for broken ends on the fragile pigtail connectors where they plug into the card. If the Regulatory Domain settings have not been configured, set them before testing again."</em></p>
<p>Users can not adjust antenna settings or transmit power as the gui options are no longer listed.</p>
<p>I have also purchased and tested the Apple AR5BXB112 607-7211-A 661-5946 Network Mini PCIe card as it is known to work with other member's appliances. However, the 2100 does not detect any other pcie hardware. Per other forum members the AR5BXB112 card does work within other Netgate appliances. I have recently learned from member stephenw10 that the Compex card is the only card that he has seen work inside the 2100.</p>
<p>If other hardware such as the AR5BXB112 work inside other official Netgate appliances does the arm architecture that is inside the 2100 cause some lack of software support?</p>
<p>Secondly:<br />I was hoping to test the following options as the AR5BXB112 card contains 3 antenna ports, 0, 1, and 2.</p>
<p>per stephenw10<br /><em>"I have always used the defaults there:</em></p>
<p><em>dev.ath.0.rxantenna: 1</em><br /><em>dev.ath.0.txantenna: 0" <br /></em><br />I have also confirmed this is also the case for my system default values.</p>
<p>As PfSense uses freeBSD I researched this and found.</p>
<p><em>"Options 0,1,2 (antenna port 1 or 2, both=0) dev.ath.0.diversity: options 0,1(0=disable 1=enable)"</em></p>
<p>Leading to the third software issue I found I can not enable diversity within the 2100 manually when the two antenna are populated.</p>
<p>Finally, If there is cards that are supported within other systems that have 3 antenna ports there is no options for aux antenna to get configured for dev.at.0.rx</p>
<p>The pfSense GUI has sense removed the antenna port options that are in the prior pfSense versions.</p>
<p>See my short research inside of netgate docs ran to find the issues:<br /><a class="external" href="https://forum.netgate.com/topic/181597/pfsense-as-wireless-ap-transmit-power-adjustments">https://forum.netgate.com/topic/181597/pfsense-as-wireless-ap-transmit-power-adjustments</a></p>
<p>While researching this I found some information that 0: is for both, 1: is for main, 2: is for aux. Again my card lists port 0, and 1. Furthermore another mini pcie card had three ports that can be used with PfSense I am told the mini pcie AR5BXB112 comes with 0, 1, 2 antenna ports.</p>
<p>Ref:<br /><a class="external" href="https://lists.freebsd.org/pipermail/freebsd-wireless/2011-September/000682.html">https://lists.freebsd.org/pipermail/freebsd-wireless/2011-September/000682.html</a></p>
<p>Per Netgate Docs:<br />"Interesting sysctls from shell that cannot be controlled from GUI" section it lists items you can control manually however when they are changed inside the 2100 they do not stay or take the config changes particularly, the transmit power adjustments and diversity settings will never stay set.</p>
<p><a class="external" href="https://docs.netgate.com/pfsense/en/latest/wireless/configuration-ap.html">https://docs.netgate.com/pfsense/en/latest/wireless/configuration-ap.html</a></p> pfSense Plus - Bug #14401 (New): Changing from Switchport to Discrete Interface in VGA/Serial Con...https://redmine.pfsense.org/issues/144012023-05-21T02:29:00ZKris Phillips
<p>If you have an interface on a switchport device, like the 7100, and reassign the interface to a discrete interface like an igb interface using the VGA or Serial console, the Status --> Dashboard and Status --> Interfaces pages will continue to use the old switchport monitor setting until you save and apply the interface, thus always showing the port as down after moving the cable. Since the Interfaces --> WAN/LAN/OPT/etc selection does not show a port monitor setting if it's using a discrete interface, there is no way to eliminate it without just saving the interface and applying.</p> pfSense Plus - Feature #14252 (New): Optimization for 10GB-Connection/Throughputhttps://redmine.pfsense.org/issues/142522023-04-09T02:50:12ZDieter Kreuz
<p>Tuning a 10GB Connection, i´ve spent many days to get the most performance out of pfSense.</p>
<p>I´ve found the following commands, which drastically improved the throughput - peak-wise and providing a consistent throughput without dips:</p>
<p>This binds one core/Thread to a queue - i´ve found this is also present in the pSense-documentation, but as a non professional i had to search quite long to find how to set it up - maybe a more concrete example with what it means would be helpful:<br />net.isr.maxthreads="-1" <br />net.isr.bindthreads="1"</p>
<p>Allow interrupts on hyperthreaded cores:<br />machdep.hyperthreading_intr_allowed="1"</p>
<p>These can be added to the loader.conf.local.<br />Maybe this helps if someone can´t consistent and good 10GB performance.<br />Would it be possible to extend the pfSense-documentation or even add these options as checkboxes<br />e.g. under the Tab "Networking" Section "Network Interfaces" - like "Optimize Thread-/Queue usage" and "Make logical cores available for interrupt handling" - both with a litte explanation?</p>
<p>Thanks in advance.<br />Puni</p> pfSense Plus - Feature #14133 (New): Exporting and Importing - Change Layouthttps://redmine.pfsense.org/issues/141332023-03-20T03:47:01ZSteven Cedrone
<p>Please change Backup & Restore to allow for choosing only what areas you want to import/export without having to do it one area at a time.</p>
<p>The drop down-style boxes for "Backup Area" and "Restore Area" should allow you to hold CTRL and choose multiple areas at a time. Or change the drop-down boxes to scrolling boxes similar to other Areas of PfSense when you select Multiple WAN or LAN connections in PfBlocker for example.</p>
<p>This would be quite handy for exporting partial settings for new setup-up's without having to do it area by area.</p> pfSense Plus - Feature #14131 (New): Add Dynamic DNS Service: DYNUhttps://redmine.pfsense.org/issues/141312023-03-20T03:30:05ZSteven Cedrone
<p>Please add Dynamic DNS provider DYNU</p>
<p><a class="external" href="https://www.dynu.com/en-US/">https://www.dynu.com/en-US/</a></p>
<p>It's working now but sometimes won't update and it appears it's PfSense causing it because other non PfSense routers that update on the same connection will update all the time without fail.</p>
<p>Update URL:<br /><a class="external" href="https://api.dynu.com/nic/update?hostname=XXXXXX.ddnsfree.com&password=999999">https://api.dynu.com/nic/update?hostname=XXXXXX.ddnsfree.com&password=999999</a> (EXAMPLE)</p>
<p>Result Match:<br />good|nochg|good <span>IP</span></p> pfSense Plus - Regression #14080 (New): Installer fails to install to a geom mirrorhttps://redmine.pfsense.org/issues/140802023-03-07T18:12:14ZSteve Wheeler
<p>The 23.01 installer fails to create the expected mount points when trying to reinstall UFS to an existing gmirror.</p>
<p>It also cannot create the expected partitions using 'auto' to a new geom mirror.</p> pfSense Plus - Bug #12894 (New): duplicating freshly created certificates through refreshinghttps://redmine.pfsense.org/issues/128942022-03-03T14:30:26ZVan Quach
<p>Version 22.01-Release FreeBSD 12.3-Stable</p>
<p>Bug: After successfully creating a certificate. The certificate gets duplicated by refreshing the page (while the green success notification is shown)</p>
<p>This happend to me with different CA and it doesn't matter what type of certificate it is.</p> pfSense Plus - Feature #12832 (New): 6100 configurable Blinking Blue LED https://redmine.pfsense.org/issues/128322022-02-19T11:56:10Zshawn butts
<p>The blinking blue like for "normal operation status" feels like an "everything is ok ALARM!!!!"</p>
<p>I'd like to see an option to either make it solid blue for "normal" or disable the LED altogether.</p> pfSense Plus - Bug #12759 (New): Proprietary packages link to non-existant or non-public github p...https://redmine.pfsense.org/issues/127592022-02-05T19:22:11ZKris Phillips
<p>When clicking on the version number to view the code for packages like openvpn-import and aws-wizard, these link to a non-existant Github page (or one that is private). We should probably add a way to just remove these links on proprietary packages for pfSense Plus.</p>
<p>For example, aws-wizard links to <a class="external" href="https://github.com/pfsense/FreeBSD-ports/commits/devel/net/pfSense-pkg-aws-wizard">https://github.com/pfsense/FreeBSD-ports/commits/devel/net/pfSense-pkg-aws-wizard</a> which is an invalid path.</p>