pfSense bugtracker: Issueshttps://redmine.pfsense.org/https://redmine.pfsense.org/favicon.ico?16780521162024-03-06T17:08:29ZpfSense bugtracker
Redmine pfSense Plus - Bug #15316 (Confirmed): OpenVPN Clients with Gateway Group Interface on DHCP Exits...https://redmine.pfsense.org/issues/153162024-03-06T17:08:29ZKris Phillips
<p>By default with DHCP gateways, they are not populated into the config as <gateway_item>, but can be present in a <gateway_group>. Because of this, when assigning a gateway group to an OpenVPN client that has an interface go down in the current, active tier, OpenVPN will not properly fail over. Instead, it will hang for a long time, produce errors stating that it's "unable to bind" to the interface (because it's unplugged and the gateway disappears), give an error about being unable to delete a route, and then exits on "Error 1".</p>
<p>If you go into each gateway item under System --> Routing, edit the gateway items without making any changes, save, and apply, the gateways will become present in the config.xml, they'll show as "Pending" in gateway statuses (rather than disappearing entirely), and OpenVPN will fail over as expected.</p>
<p>Either we should be adding a <gateway_item> for each gateway that is present in a <gateway_group> or we should fix OpenVPN so that it doesn't bomb out when a gateway disappears rather than transitioning to Pending.</p> pfSense Plus - Todo #15266 (Feedback): Prevent usage of the default password in User Manager acco...https://redmine.pfsense.org/issues/152662024-02-16T18:53:24ZJim Pingle
<p>Currently we detect in the GUI when the admin account is using the default password (<code>"pfsense"</code>) and print a warning message: source:src/usr/local/www/head.inc#L564</p>
<p>We should change that to check any account (not just <code>admin</code>) and force a password change during one or more of the user's initial interactions, for example:</p>
<ul>
<li>During the setup wizard</li>
<li>GUI login any time the password matches the default password</li>
<li>Shell (console or SSH) login any time the password matches the default password</li>
<li>Possibly during the installation process</li>
</ul>
<p>We should also not allow the user to change their password to any variation of "pfsense" in upper/lower/mixed case.</p> pfSense Plus - Bug #15196 (Confirmed): AWS ena interfaces can become unstable/stop respondinghttps://redmine.pfsense.org/issues/151962024-01-27T01:01:22ZKris Phillips
<p>On AMD Epyc hardware in AWS, pfSense Plus ena interfaces can lose their IP addressing and then stop responding entirely.</p>
<p>The following log messages are present when this occurs:</p>
<p>Jan 16 18:34:35 np-aws-001 kernel: ena0: <ENA adapter> mem 0x80404000-0x80407fff at device 5.0 on pci0<br />Jan 16 18:34:35 np-aws-001 kernel: ena0: Elastic Network Adapter (ENA)ena v2.6.2<br />Jan 16 18:34:35 np-aws-001 kernel: ena0: Unable to allocate LLQ bar resource. LLQ mode won't be used.<br />Jan 16 18:34:35 np-aws-001 kernel: ena0: ena_com_validate_version() [TID:100000]: ENA device version: 0.10<br />Jan 16 18:34:35 np-aws-001 kernel: ena0: ena_com_validate_version() [TID:100000]: ENA controller version: 0.0.1 implementation version 1<br />Jan 16 18:34:35 np-aws-001 kernel: ena0: LLQ is not supported. Fallback to host mode policy.<br />Jan 16 18:34:35 np-aws-001 kernel: ena0: Ethernet address: 06:ba:32:98:fd:07<br />Jan 16 18:34:35 np-aws-001 kernel: ena0: [nm] netmap attach<br />Jan 16 18:34:35 np-aws-001 kernel: ena0: netmap queues/slots: TX 2/1024, RX 2/1024</p>
<p>and</p>
<p>Jan 19 03:49:07 kernel ena0: Found a Tx that wasn't completed on time, qid 1, index 925. 180522704 usecs have passed since last cleanup. Missing Tx timeout value 5000 msecs.<br />Jan 19 03:49:07 kernel ena0: Found a Tx that wasn't completed on time, qid 1, index 924. 179482704 usecs have passed since last cleanup. Missing Tx timeout value 5000 msecs.<br />Jan 19 03:49:07 kernel ena0: Found a Tx that wasn't completed on time, qid 1, index 923. 178472704 usecs have passed since last cleanup. Missing Tx timeout value 5000 msecs.<br />Jan 19 03:48:54 kernel ena0: Found a Tx that wasn't completed on time, qid 1, index 922. 167002704 usecs have passed since last cleanup. Missing Tx timeout value 5000 msecs.</p> pfSense Plus - Bug #15157 (Incomplete): Problem in Restore Backuphttps://redmine.pfsense.org/issues/151572024-01-12T23:35:22ZRamon Alonso Costa
<p>I am having the following issue when trying to update the DNS Resolver backup. Below is the file with the error.</p> pfSense Plus - Bug #15017 (Incomplete): DHCP relay CARP status VIP function is not working in pfs...https://redmine.pfsense.org/issues/150172023-11-20T19:51:25ZRobert Karsai
<p>Hello,<br />It seems that after 23.05.1->23.09 upgrade DHCP relay CARP status VIP function is not working properly, DHCP relay agent stays active all times (dhcrelay stays green on the dashboard widget, also pgrep dhcrelay<br />returns running processes in CLI), it will not be stopped when the chosen VIP is in BACKUP status. Not a big deal, there can be two active relay agents in the same network, but this is not how it supposed to work. Strangely this only affects our pfSense+ 23.09 clusters, in pfSense CE 2.7.1 this is not an issue.<br />--<br />BR<br />Robert</p> pfSense Plus - Regression #14828 (Feedback): QAT is not being used by some daemonshttps://redmine.pfsense.org/issues/148282023-10-02T11:29:46ZRob A
<p>QAT not working. Issue identified on Netgate 6100 and subsequently confirmed on a 4100 unit. Issue confined to 23.09 dev, including latest at time of writing 23.09.a.20231002.0600.</p>
<p>QAT selection on GUI is as normal.</p>
<p>sysctl appears correct:</p>
<pre><code class="shell syntaxhl"><span class="o">[</span>23.09-DEVELOPMENT][admin@Router-8.redacted.me]/root: sysctl <span class="nt">-a</span> | <span class="nb">grep</span> <span class="s1">'qat'</span>
qat0: <Intel c3xxx QuickAssist> mem 0x81500000-0x8153ffff,0x81540000-0x8157ffff at device 0.0 on pci1
qat0: qat_dev0 started 6 acceleration engines
qat0: FW version: 4.18.0
qat0: Excessive clock measure delay
qat_ocf0: <QAT engine>
irq174: qat0:b0:351 @cpu0<span class="o">(</span>domain0<span class="o">)</span>: 0
irq175: qat0:b1:353 @cpu0<span class="o">(</span>domain0<span class="o">)</span>: 0
irq176: qat0:b2:355 @cpu0<span class="o">(</span>domain0<span class="o">)</span>: 0
irq177: qat0:b3:357 @cpu0<span class="o">(</span>domain0<span class="o">)</span>: 0
irq178: qat0:b4:359 @cpu0<span class="o">(</span>domain0<span class="o">)</span>: 0
irq179: qat0:b5:361 @cpu0<span class="o">(</span>domain0<span class="o">)</span>: 0
irq180: qat0:b6:363 @cpu0<span class="o">(</span>domain0<span class="o">)</span>: 0
irq181: qat0:b7:365 @cpu0<span class="o">(</span>domain0<span class="o">)</span>: 0
irq182: qat0:b8:367 @cpu0<span class="o">(</span>domain0<span class="o">)</span>: 0
irq183: qat0:b9:369 @cpu0<span class="o">(</span>domain0<span class="o">)</span>: 0
irq184: qat0:b10:371 @cpu0<span class="o">(</span>domain0<span class="o">)</span>: 0
irq185: qat0:b11:373 @cpu0<span class="o">(</span>domain0<span class="o">)</span>: 0
irq186: qat0:b12:375 @cpu0<span class="o">(</span>domain0<span class="o">)</span>: 0
irq187: qat0:b13:377 @cpu0<span class="o">(</span>domain0<span class="o">)</span>: 0
irq188: qat0:b14:379 @cpu0<span class="o">(</span>domain0<span class="o">)</span>: 0
irq189: qat0:b15:381 @cpu0<span class="o">(</span>domain0<span class="o">)</span>: 0
irq190: qat0:ae:383 @cpu0<span class="o">(</span>domain0<span class="o">)</span>: 0
dev.qat_ocf.0.enable: 1
dev.qat_ocf.0.%parent: nexus0
dev.qat_ocf.0.%pnpinfo:
dev.qat_ocf.0.%location:
dev.qat_ocf.0.%driver: qat_ocf
dev.qat_ocf.0.%desc: QAT engine
dev.qat_ocf.%parent:
dev.qat.0.frequency: 685000000
dev.qat.0.cnv_error:
dev.qat.0.fw_counters:
dev.qat.0.mmp_version: 6.0.0
dev.qat.0.hw_version: 17
dev.qat.0.fw_version: 4.18.0
dev.qat.0.heartbeat: 1
dev.qat.0.heartbeat_failed: 0
dev.qat.0.heartbeat_sent: 2
dev.qat.0.dev_cfg: <span class="o">[</span>GENERAL]
dev.qat.0.num_user_processes: 0
dev.qat.0.cfg_mode: ks
dev.qat.0.cfg_services: sym<span class="p">;</span>dc
dev.qat.0.state: up
dev.qat.0.%parent: pci1
dev.qat.0.%pnpinfo: <span class="nv">vendor</span><span class="o">=</span>0x8086 <span class="nv">device</span><span class="o">=</span>0x19e2 <span class="nv">subvendor</span><span class="o">=</span>0x8086 <span class="nv">subdevice</span><span class="o">=</span>0x19e2 <span class="nv">class</span><span class="o">=</span>0x0b4000
dev.qat.0.%location: <span class="nv">slot</span><span class="o">=</span>0 <span class="k">function</span><span class="o">=</span>0 <span class="nv">dbsf</span><span class="o">=</span>pci0:1:0:0 <span class="nv">handle</span><span class="o">=</span><span class="se">\_</span>SB_.PCI0.VRP2.PXSX
dev.qat.0.%driver: qat
dev.qat.0.%desc: Intel c3xxx QuickAssist
dev.qat.%parent:
<span class="o">[</span>23.09-DEVELOPMENT][admin@Router-8.redacted.me]/root:
</code></pre>
<p>Kernel looks ok:</p>
<pre><code class="shell syntaxhl"><span class="o">[</span>23.09-DEVELOPMENT][admin@Router-8.redacted.me]/root: kldstat <span class="nt">-v</span> | <span class="nb">grep </span>qat
11 1 0xffffffff84437000 4378 qat.ko <span class="o">(</span>/boot/kernel/qat.ko<span class="o">)</span>
699 nexus/qat
12 6 0xffffffff8443c000 14d60 qat_hw.ko <span class="o">(</span>/boot/kernel/qat_hw.ko<span class="o">)</span>
697 pci/qat_c4xxx
692 pci/qat_200xx
696 pci/qat_dh895xcc
693 pci/qat_4xxx
695 pci/qat_c3xxx
691 pci/qat_c62x
694 pci/qat_4xxxvf
13 9 0xffffffff84451000 2ff70 qat_common.ko <span class="o">(</span>/boot/kernel/qat_common.ko<span class="o">)</span>
689 qat_common
14 8 0xffffffff84481000 68cd8 qat_api.ko <span class="o">(</span>/boot/kernel/qat_api.ko<span class="o">)</span>
690 qat_api
15 1 0xffffffff844ea000 122c18 qat_c3xxx_fw.ko <span class="o">(</span>/boot/kernel/qat_c3xxx_fw.ko<span class="o">)</span>
698 qat_c3xxx_fw_fw
<span class="o">[</span>23.09-DEVELOPMENT][admin@Router-8.redacted.me]/root:
</code></pre>
<p>But zero QAT activity:</p>
<pre><code class="shell syntaxhl"><span class="o">[</span>23.09-DEVELOPMENT][admin@Router-8.redacted.me]/root: vmstat <span class="nt">-i</span> | <span class="nb">grep </span>qat
<span class="o">[</span>23.09-DEVELOPMENT][admin@Router-8.redacted.me]/root:
</code></pre>
<p>Reversion to 23.05 removes the issue completely with QAT restored:</p>
<pre><code class="shell syntaxhl"><span class="o">[</span>23.05.1-RELEASE][admin@Router-8.redacted.me]/root: vmstat <span class="nt">-i</span> | <span class="nb">grep </span>qat
irq175: qat0:b1 176 0
irq176: qat0:b2 208 0
<span class="o">[</span>23.05.1-RELEASE][admin@Router-8.redacted.me]/root:
</code></pre>
<p>Contra-indication - JimP has reported that QAT is functioning correctly on his C3000-equipped unit:</p>
<pre><code class="shell syntaxhl">: dmesg | <span class="nb">grep </span>qat
qat0: <Intel c3xxx QuickAssist> mem 0xdfd00000-0xdfd3ffff,0xdfd40000-0xdfd7ffff irq 18 at device 0.0 on pci1
qat0: qat_dev0 started 6 acceleration engines
qat0: FW version: 4.18.0
qat0: Excessive clock measure delay
qat_ocf0: <QAT engine>
: vmstat <span class="nt">-i</span> | <span class="nb">grep </span>qat
irq62: qat0:b1 40210 6
irq63: qat0:b2 11846 2
</code></pre>
<p>Original thread:</p>
<p><a class="external" href="https://forum.netgate.com/topic/183123/23-09d-is-qat-broken/4?_=1696239799286">https://forum.netgate.com/topic/183123/23-09d-is-qat-broken/4?_=1696239799286</a>#</p>
<p>Issue may not be confined to the 6100 & 4100 and as you have to look for the problem it may be obscured to other users.</p>
<p>☕️</p> pfSense Plus - Bug #14818 (Confirmed): StatusTraffic Graph In/Out traffic misplaced in Graph but ...https://redmine.pfsense.org/issues/148182023-09-29T12:14:54ZIvaylo Velikovivaylo.velikov@gmail.com
<p>StatusTraffic Graph In/Out traffic misplaced in Graph but correct in text table<br />See attached picture</p> pfSense Plus - Feature #14789 (Pull Request Review): Captive Portal - Add OTP authentication opti...https://redmine.pfsense.org/issues/147892023-09-18T06:34:26ZBarry Schut
<p>I have created a small modification to the captive portal pages so it would be possible to use an OTP as login option for the portal.</p>
<p>This will allow for an ever changing password on the portal but also control over who gets to use it.</p>
<p>In my personal situation:</p>
<p>I have a guest wifi and I am using the captive portal to allow people to login. With a small hardware OTP generator (hand held device) I can grant visitors access. No fuss, no accounts, no risk of leaking details.</p>
<p>I will be creating a pull request soon.</p> pfSense Plus - Bug #14778 (Incomplete): /usr/local/www/csrf/csrf-magic.php on line 161 PH...https://redmine.pfsense.org/issues/147782023-09-13T16:04:10ZAndrew Rojek
<p>Got this error message when trying to view a small list of CIDR addresses in Firewall->Aliases.<br />It was followed by a white blank screen and I had to reload the console page to reveal the error message below...</p>
<p>Crash report begins. Anonymous machine information:</p>
<p>arm64<br />14.0-CURRENT<br />FreeBSD 14.0-CURRENT #1 plus-RELENG_23_05_1-n256108-459fc493a87: Wed Jun 28 04:25:15 UTC 2023 root@freebsd:/var/jenkins/workspace/pfSense-Plus-snapshots-23_05_1-main/obj/aarch64/0P4W6joa/var/jenkins/workspace/pfSense-Plus-snapshots-23_05_1-main/source</p>
<p>Crash report details:</p>
<p>PHP Errors:<br />[13-Sep-2023 10:08:16 Europe/London] PHP Fatal error: str_ireplace(): Cannot use output buffering in output buffering display handlers in /usr/local/www/csrf/csrf-magic.php on line 161<br />[13-Sep-2023 10:08:53 Europe/London] PHP Fatal error: str_ireplace(): Cannot use output buffering in output buffering display handlers in /usr/local/www/csrf/csrf-magic.php on line 161</p>
<p>No FreeBSD crash data found.</p>
<p>Thank you.</p> pfSense Plus - Bug #14752 (Incomplete): PHP Request Shutdown: Cannot use output buffering in outp...https://redmine.pfsense.org/issues/147522023-09-06T10:19:53Zyon Liuinfo@ipv6china.com
<p>amd64<br />14.0-ALPHA2<br />FreeBSD 14.0-ALPHA2 amd64 1400094 #1 plus-devel-main-n256133-bef8dca4536: Tue Sep 5 06:26:19 UTC 2023 root@freebsd:/var/jenkins/workspace/pfSense-Plus-snapshots-master-main/obj/amd64/fWgcJpOQ/var/jenkins/workspace/pfSense-Plus-snapshots-master-main/s</p>
<p>Crash report details:</p>
<p>PHP Errors:<br />[06-Sep-2023 03:38:27 Asia/Shanghai] PHP Fatal error: PHP Request Shutdown: Cannot use output buffering in output buffering display handlers in Unknown on line 0</p>
<p>No FreeBSD crash data found.</p> pfSense Plus - Regression #14378 (Confirmed): Packages are not removed when using the hardware re...https://redmine.pfsense.org/issues/143782023-05-12T00:41:38ZSteve Wheeler
<p>More precisely it appears that packages are re-installed after rebooting into the new config.</p>
<p>This does not happen using the factory default options in the GUI or console menu.</p>
<p>Tested on 4100 and 6100 with 23.05.r.20230509.2241</p> pfSense Plus - Regression #14180 (Feedback): ConnectX-4 LX MCX4121A-ACAT - VT-d passthrough of bo...https://redmine.pfsense.org/issues/141802023-03-25T09:19:42Zname name
<p>I've been running the following configuration for months now:</p>
<p>Hypervisor:</p>
<p>Linux Kernel 5.15<br />libvirt/qemu/kvm</p>
<p>pfSense VM:<br />i440fx<br />VT-d passthrough of both ports of MCX4121A-ACAT<br />IOMMU/ACS are all fine on the Supermicro server mainboard X11SPL-F</p>
<p>After updating from CE 2.6.0 to Plus 23.01 it's not working anymore.</p>
<p>Libvirt successfully starts the VM with the PCI devices (both ports of the network adapter) passed through (VT-d).</p>
<p>At kernel bootup I see these error messages:</p>
<pre><code class="shell syntaxhl">mlx5_core1: WARN: wait_func:967:<span class="o">(</span>pid 0<span class="o">)</span>: MANAGE_PAGES<span class="o">(</span>0x108<span class="o">)</span> timeout. Will cause a leak of a <span class="nb">command </span>resource
mlx5_core1: WARN: give_pages:354:<span class="o">(</span>pid 0<span class="o">)</span>: func_id 0x0, npages 1241, err <span class="nt">-60</span>
mlx5_core1: WARN: wait_func:967:<span class="o">(</span>pid 0<span class="o">)</span>: CREATE_EQ<span class="o">(</span>0x301<span class="o">)</span> timeout. Will cause a leak of a <span class="nb">command </span>resource
mlx5_core1: WARN: wait_func:967:<span class="o">(</span>pid 0<span class="o">)</span>: DESTROY_EQ<span class="o">(</span>0x302<span class="o">)</span> timeout. Will cause a leak of a <span class="nb">command </span>resource
mlx5_core1: WARN: mlx5_destroy_unmap_eq:523:<span class="o">(</span>pid 0<span class="o">)</span>: failed to destroy a previously created eq: eqn 7
mlx5_core1: WARN: wait_func:967:<span class="o">(</span>pid 0<span class="o">)</span>: MANAGE_PAGES<span class="o">(</span>0x108<span class="o">)</span> timeout. Will cause a leak of a <span class="nb">command </span>resource
mlx5_core1: WARN: give_pages:375:<span class="o">(</span>pid 0<span class="o">)</span>: page notify failed
mlx5_core1: WARN: free_comp_eqs:671:<span class="o">(</span>pid 0<span class="o">)</span>: failed to destroy EQ 0x7
mlx5_core1: WARN: pages_work_handler:475:<span class="o">(</span>pid 0<span class="o">)</span>: give fail <span class="nt">-60</span>
mlx5_core1: WARN: wait_func:967:<span class="o">(</span>pid 0<span class="o">)</span>: MANAGE_PAGES<span class="o">(</span>0x108<span class="o">)</span> timeout. Will cause a leak of a <span class="nb">command </span>resource
mlx5_core1: ERR: reclaim_pages:444:<span class="o">(</span>pid 0<span class="o">)</span>: failed reclaiming pages
mlx5_core1: WARN: pages_work_handler:475:<span class="o">(</span>pid 0<span class="o">)</span>: reclaim fail <span class="nt">-60</span>
mlx5_core1: WARN: wait_func:967:<span class="o">(</span>pid 0<span class="o">)</span>: DESTROY_EQ<span class="o">(</span>0x302<span class="o">)</span> timeout. Will cause a leak of a <span class="nb">command </span>resource
mlx5_core1: WARN: mlx5_destroy_unmap_eq:523:<span class="o">(</span>pid 0<span class="o">)</span>: failed to destroy a previously created eq: eqn 8
mlx5_core1: WARN: free_comp_eqs:671:<span class="o">(</span>pid 0<span class="o">)</span>: failed to destroy EQ 0x8
mlx5_core1: WARN: wait_func:967:<span class="o">(</span>pid 0<span class="o">)</span>: MANAGE_PAGES<span class="o">(</span>0x108<span class="o">)</span> timeout. Will cause a leak of a <span class="nb">command </span>resource
mlx5_core1: ERR: reclaim_pages:444:<span class="o">(</span>pid 0<span class="o">)</span>: failed reclaiming pages
mlx5_core1: WARN: pages_work_handler:475:<span class="o">(</span>pid 0<span class="o">)</span>: reclaim fail <span class="nt">-60</span>
mlx5_core1: WARN: wait_func:967:<span class="o">(</span>pid 0<span class="o">)</span>: DESTROY_EQ<span class="o">(</span>0x302<span class="o">)</span> timeout. Will cause a leak of a <span class="nb">command </span>resource
mlx5_core1: WARN: mlx5_destroy_unmap_eq:523:<span class="o">(</span>pid 0<span class="o">)</span>: failed to destroy a previously created eq: eqn 9
mlx5_core1: WARN: free_comp_eqs:671:<span class="o">(</span>pid 0<span class="o">)</span>: failed to destroy EQ 0x9
mlx5_core1: WARN: wait_func:967:<span class="o">(</span>pid 0<span class="o">)</span>: DEALLOC_UAR<span class="o">(</span>0x803<span class="o">)</span> timeout. Will cause a leak of a <span class="nb">command </span>resource
mlx5_core1: WARN: up_rel_func:89:<span class="o">(</span>pid 0<span class="o">)</span>: failed to free uar index 16
</code></pre>
<p>Sometimes it boots fine, sometimes the error messages appear and it never progresses to the part where the actual OS starts, and sometimes it reaches the part where pfSense starts, but then the network interfaces aren't available and it asks me to manually reassign the configuration interfaces.</p>
<p>This makes it unusable for me at the moment.</p> pfSense Plus - Bug #13530 (Incomplete): Remote Logging strange behaviorhttps://redmine.pfsense.org/issues/135302022-09-29T18:43:21ZMarcelo Cury
<p>My SG-3100 (22.05) is configured to send logs to a remote syslog server in my LAN on port 1514.</p>
pfsense remote logs configuration:
<ul>
<li>System Events</li>
<li>Firewall Events</li>
<li>DNS Events</li>
<li>DHCP Events</li>
<li>General Authentication Events</li>
<li>VPN Events</li>
<li>Gateway Monitor Events</li>
<li>Network Time Protocol Events</li>
</ul>
<p>It has been working fine for several days but today I noticed that the Firewall Events stopped ( <strong>filterlog</strong> ).<br />The problem didn't happen with other events such as <strong>dhcpd, dpinger, filterdns, php-fpm, dhclient, unbound</strong>...</p>
<p>I'm not sure what could have triggered the issue, but I fixed by going in <em>Status > System > Logs > Settings > Remote Logging Options</em> and clicked in <strong>Save</strong> .</p>
<p><code>2022-09-29T18:36:09.000-03:00 filterlog[41290]: 4,,,1000000103,mvneta2,match,block,in,4,0x0,,239,35008,0,none,6,tcp,40,91.191.209.198,x.x.x.x,47587,3474,0,S,1457975303,,1024,,<br />2022-09-29T18:36:18.000-03:00 filterlog[41290]: 4,,,1000000103,mvneta2,match,block,in,4,0x0,,45,28891,0,DF,6,tcp,52,123.160.221.63,x.x.x.x,48931,8410,0,S,1759706956,,65535,,mss;nop;wscale;nop;nop;sackOK<br />2022-09-29T18:36:26.000-03:00 filterlog[41290]: 4,,,1000000103,mvneta0,match,block,in,4,0x0,,241,43257,0,none,6,tcp,44,198.199.107.80,y.y.y.y,41585,46738,0,S,2466400818,,1024,,mss<br />2022-09-29T18:36:35.000-03:00 filterlog[41290]: 4,,,1000000103,mvneta0,match,block,in,4,0x0,,245,25298,0,none,6,tcp,44,78.128.113.158,y.y.y.y,45686,29828,0,S,1291403791,,1024,,mss<br />2022-09-29T18:36:42.000-03:00 filterlog[41290]: 4,,,1000000103,mvneta2,match,block,in,4,0x0,,238,19919,0,none,6,tcp,40,5.188.206.38,x.x.x.x,46182,19202,0,S,1628533656,,1024,,<br />2022-09-29T18:36:43.000-03:00 filterlog[41290]: 158,,,1644897877,mvneta1.10,match,pass,in,4,0x0,,64,1756,0,DF,6,tcp,60,192.168.10.4,50.17.133.142,45699,443,0,S,2029797087,,29200,,mss;sackOK;TS;nop;wscale<br />2022-09-29T18:36:47.000-03:00 filterlog[41290]: 158,,,1644897877,mvneta1.10,match,pass,in,4,0x0,,64,5909,0,DF,6,tcp,60,192.168.10.4,50.17.133.142,45700,443,0,S,405679345,,29200,,mss;sackOK;TS;nop;wscale<br />h1. *LAST FIREWALL EVENT ABOVE*<br />2022-09-29T18:36:49.000-03:00 dhcpd[49200]: Wrote 0 class decls to leases file.<br />2022-09-29T18:36:49.000-03:00 dhcpd[49200]: Server starting service.<br />2022-09-29T18:36:49.000-03:00 dhcpd[49200]: Sending on Socket/fallback/fallback-net<br />2022-09-29T18:36:49.000-03:00 dhcpd[49200]: Sending on BPF/mvneta1.100/00:08:a2:0c:c4:1c/192.168.255.248/29<br />2022-09-29T18:36:49.000-03:00 dhcpd[49200]: Listening on BPF/mvneta1.100/00:08:a2:0c:c4:1c/192.168.255.248/29<br />2022-09-29T18:36:49.000-03:00 dhcpd[49200]: Sending on BPF/mvneta1.10/00:08:a2:0c:c4:1c/192.168.10.0/27<br />2022-09-29T18:36:49.000-03:00 dhcpd[49200]: Listening on BPF/mvneta1.10/00:08:a2:0c:c4:1c/192.168.10.0/27<br />2022-09-29T18:36:49.000-03:00 dhcpd[49200]: Sending on BPF/mvneta1.20/00:08:a2:0c:c4:1c/192.168.20.0/24<br />2022-09-29T18:36:49.000-03:00 dhcpd[49200]: Listening on BPF/mvneta1.20/00:08:a2:0c:c4:1c/192.168.20.0/24<br />2022-09-29T18:36:49.000-03:00 dhcpd[49200]: Wrote 0 leases to leases file.<br />2022-09-29T18:36:49.000-03:00 dhcpd[49200]: Wrote 0 new dynamic host decls to leases file.<br />2022-09-29T18:36:49.000-03:00 dhcpd[49200]: Wrote 0 deleted host decls to leases file.<br />2022-09-29T18:36:49.000-03:00 dhcpd[49200]: All rights reserved.<br />2022-09-29T18:36:49.000-03:00 dhcpd[49200]: For info, please visit https://www.isc.org/software/dhcp/<br />2022-09-29T18:36:49.000-03:00 dhcpd[49200]: Database file: /var/db/dhcpd.leases<br />2022-09-29T18:36:49.000-03:00 dhcpd[49200]: Copyright 2004-2021 Internet Systems Consortium.<br />2022-09-29T18:36:49.000-03:00 dhcpd[49200]: Config file: /etc/dhcpd.conf<br />2022-09-29T18:36:49.000-03:00 dhcpd[49200]: Internet Systems Consortium DHCP Server 4.4.2-P1<br />2022-09-29T18:36:49.000-03:00 dhcpd[49200]: PID file: /var/run/dhcpd.pid<br />2022-09-29T18:36:49.000-03:00 dhcpd[49200]: For info, please visit https://www.isc.org/software/dhcp/<br />2022-09-29T18:36:49.000-03:00 dhcpd[49200]: All rights reserved.<br />2022-09-29T18:36:49.000-03:00 dhcpd[49200]: Copyright 2004-2021 Internet Systems Consortium.<br />2022-09-29T18:36:49.000-03:00 dhcpd[49200]: Internet Systems Consortium DHCP Server 4.4.2-P1<br />2022-09-29T18:38:54.000-03:00 dhcpd[49200]: DHCPACK on 192.168.10.13 to 08:00:23:f2:fa:1c via mvneta1.10<br />2022-09-29T18:38:54.000-03:00 dhcpd[49200]: DHCPREQUEST for 192.168.10.13 from 08:00:23:f2:fa:1c via mvneta1.10<br />2022-09-29T18:50:05.000-03:00 dpinger[58536]: NET_DHCP z.z.z.z: Alarm latency 10631us stddev 1319us loss 22%<br />2022-09-29T18:50:10.000-03:00 filterdns[55605]: Adding Action: pf table: plex_wans_ip host: a.a.a.a<br />2022-09-29T18:50:10.000-03:00 filterdns[55605]: merge_config: configuration reload<br />2022-09-29T18:50:24.000-03:00 php-fpm[447]: /index.php: Successful login for user 'admin_user' from: 192.168.255.254 (LDAP/rpi3)<br />2022-09-29T18:57:03.000-03:00 dhcpd[49200]: DHCPACK on 192.168.10.8 to a8:db:03:51:f4:fe via mvneta1.10<br />2022-09-29T18:57:03.000-03:00 dhcpd[49200]: DHCPREQUEST for 192.168.10.8 from a8:db:03:51:f4:fe via mvneta1.10</code></p> pfSense Plus - Bug #13497 (Incomplete): unbound process looks like stuck periodicallyhttps://redmine.pfsense.org/issues/134972022-09-16T01:16:46ZYaroslav Semenenko
<p>Hello,</p>
<p>I have Netgate 2100.<br />Unbound service is needed to restart sometimes due to it could not resolve public domain name.</p>
<p>Thanks,<br />Yaroslav</p> pfSense Plus - Bug #13233 (Feedback): OpenVPN DCO connection fails with Auth Digest Algorithm set...https://redmine.pfsense.org/issues/132332022-05-28T19:16:49ZSteve Wilson
<p>OpenVPN DCO configurations specifying an auth digest algorithm of SHA512 fail to connect. Changing the algorithm to SHA256 resolves the issue. See <a class="external" href="https://forum.netgate.com/topic/172479/openvpn-with-dco/6">https://forum.netgate.com/topic/172479/openvpn-with-dco/6</a>. It's not clear to me if this is intended (but as yet undocumented) behavior or a true bug. If DCO currently requires the auth digest algorithm to be SHA256 it should probably be flagged in the comments on the OpenVPN Server and Client set-up pages.</p>