pfSense bugtracker: Issueshttps://redmine.pfsense.org/https://redmine.pfsense.org/favicon.ico?16780521162024-03-25T09:20:00ZpfSense bugtracker
Redmine pfSense Plus - Bug #15361 (New): Error in virtual IP aliases when using IPv6 "network" / "broadca...https://redmine.pfsense.org/issues/153612024-03-25T09:20:00ZMathis Cavalli
<p>There is no network address in IPv6, nor broadcasts like IPv4<br />When adding / editing an IP alias and putting there an address like fd00::/64 it shows the following error : "The network address cannot be used for this VIP" <br />It happened on my pfSense+ box but it seems the CE 2.7.2 is also affected.</p> pfSense Plus - Bug #15332 (New): Kea doesn't start without any logs when upload config with addit...https://redmine.pfsense.org/issues/153322024-03-12T13:17:13Zaleksei prokofiev
<p>If the config has additioan DHCP pool with extra parametrs configured, such default-lease-time or max-lease-time, then KEA won't start with out any logs. To fix that need delete from config those extra option. Or just resave affected pool without any changes, it will lead rewrite config without extra options. <br />For example <br /><pool><br /> <range><br /> <from>192.168.6.2</from><br /> <to>192.168.6.48</to><br /> </range><br /> <descr><![CDATA[NTP Server]]></descr><br /> <defaultleasetime>600</defaultleasetime><br /> <maxleasetime>3600</maxleasetime><br />After resave it will deleted<br /><pool><br /> <range><br /> <from>192.168.6.2</from><br /> <to>192.168.6.48</to><br /> </range><br /> <descr><![CDATA[NTP Server]]></descr><br /> <defaultleasetime></defaultleasetime><br /> <maxleasetime></maxleasetime></p> pfSense Plus - Bug #15303 (New): dpinger service does not always switch from Pending to Onlinehttps://redmine.pfsense.org/issues/153032024-03-02T17:07:07ZKris Phillips
<p>There are several situations where dpinger will not detect a gateway that is available when it should, forcing a restart of the dpinger service to "trigger" it to recheck.</p>
<p>Known situations, but there may be more:</p>
<p>1. Adding a new VTI tunnel as an interface<br />2. A release/renew of an IPv6 gateway (IPv4 gateway will show up, but IPv6 will not until a dpinger restart)<br />3. Adding an OpenVPN client/server as an interface</p>
<p>Related documentation redmine: <a class="external" href="https://redmine.pfsense.org/issues/15230">https://redmine.pfsense.org/issues/15230</a></p> pfSense Plus - Bug #15262 (New): Captive Portal Has High CPU Interrupts With Large Number of Usershttps://redmine.pfsense.org/issues/152622024-02-15T19:33:29ZKris Phillips
<p>When 700+ Captive Portal users are in use, CPU interrupts will cause high load averages to occur. This can lead to connectivity problems, such as packet loss on WAN uplinks, webConfigurator responsiveness issues, etc.</p>
<p>Tested with a customer who had load averages of 14-16 with Captive Portal on with 1400+ users. Once Captive Portal was turned off, load averages dropped to 0.5.</p>
<p>Load seems higher for Captive Portal when there is significant numbers of users since the transition to pf from ipfw.</p> pfSense Plus - Bug #15202 (New): Add Option for Network Portion of Subnet "Wildcard" for IPv6 Ruleshttps://redmine.pfsense.org/issues/152022024-01-27T22:28:27ZKris Phillips
<p>Filtering hosts with IPv6 is extremely difficult when utilizing an upstream provider that is providing a Prefix Delegation via DHCPv6 because the Prefix Delegation can change, which invalidates existing rules.</p>
<p>If there was a way to detect the interface PD for firewall rules, similar to how the DHCPv6 server currently detects the delegated prefix, users could assign rules based on only the host portion of the subnet and have the firewall filter rule automatically fill in the delegated prefix network ID portion before feeding it to pf.</p>
<p>This solves the following two scenarios:</p>
<p>1. A static DHCPv6 lease is assigned, but the delegated prefix changes<br />2. Clients configured via SLAAC typically will have the same host portion of an address, regardless of the network portion discovered by RAs, unless they are utilizing privacy extensions.</p>
<p>Obviously, this won't help in cases where SLAAC is used with RFC4941, but in many cases when creating rules like this it's possible to disable privacy extensions optionally in most operating systems.</p> pfSense Plus - Bug #15126 (New): SG-1100 pfSense+ recovery results in non aligned disk sliceshttps://redmine.pfsense.org/issues/151262023-12-29T03:11:42ZDavid Burnsdavid.burns@dugeem.net
<p>Currently preparing for an upgrade of SG-1100 remote worker fleet.</p>
<p>However after installing the latest SG-1100 recovery image (pfSense-plus-compat-recovery-23.09.1-RELEASE-aarch64.img.gz) it appears that the resulting image restore to SG-1100 eMMC is not aligned:<br />(reference <a class="external" href="https://docs.netgate.com/pfsense/en/latest/solutions/sg-1100/reinstall-pfsense.html">https://docs.netgate.com/pfsense/en/latest/solutions/sg-1100/reinstall-pfsense.html</a>)</p>
<pre>
gpart show mmcsd0
=> 1 15273599 mmcsd0 MBR (7.3G)
1 409600 1 efi (200M)
409601 131072 2 fat32 (64M)
540673 14732927 3 freebsd [active] (7.0G)
</pre>
<p>This is a UFS build. Clearly the FreeBSD slice (starting sector 540673) is not aligned with 4k / 32k / 1M boundary. Non aligned writes may have an impact on eMMC life (depends on write workload of course).</p>
<p>Within the slice the actual UFS partition is at least 8k aligned (although suboptimal given that the UFS2 default block size is 32kB):</p>
<pre>
gpart show mmcsd0s3
=> 0 14732927 mmcsd0s3 BSD (7.0G)
0 16 - free - (8.0K)
16 14732911 1 freebsd-ufs (7.0G)
</pre>
<p>Compare this to a Netgate 7100 (with ZFS):</p>
<pre>
gpart show mmcsd0
40 61071280 mmcsd0 GPT (29G)
40 1024 1 freebsd-boot (512K)
1064 984 - free - (492K)
2048 4194304 2 freebsd-swap (2.0G)
4196352 56872960 3 freebsd-zfs (27G)
61069312 2008 - free - (1.0M)
</pre>
<p>Hopefully image build can be corrected using appropriate <strong><code>gpart add -t freebsd -a 1M ... /dev/mmcsd0</code></strong> argument parameters.</p>
<p>Lastly is the SG-1100 (aarch64) recovery image also used for SG-2100? If so this issue may also impact SG-2100.</p> pfSense Plus - Bug #15104 (New): Layer 2 experimental Firewall/Rules/Ethernet: new broadcast doma...https://redmine.pfsense.org/issues/151042023-12-18T22:48:09ZJonathan Lee
<p>Layer 2 broadcast domain in 23.05.01 would separate compex card from the LAN RJ45 ports. It no longer separates the layer 2 broadcast domains in 23.09.01</p>
<p>Ref: <a class="external" href="https://forum.netgate.com/topic/184894/ethernet-rules-on-two-networks">https://forum.netgate.com/topic/184894/ethernet-rules-on-two-networks</a></p>
<p>23.09.01 requires intra interface communication for layer 2 and in 23.05.01 it did not. I run guest wifi on the compex card(OPT1) so the secure side or <abbr title="WLAN">LAN</abbr> now is prone to arp broadcast storms as it no longer has separate broadcast domains.</p>
<p>Both interfaces have NAT access outbound without talking to each other but in 23.09.01 it is now required for the layer 2 to have interface to interface traffic.</p> pfSense Plus - Bug #15006 (New): Upgrade Issue to 23.09 Results in Stuck Prompt Mid-upgradehttps://redmine.pfsense.org/issues/150062023-11-17T19:50:02ZKris Phillips
<p>Symptom: <br />Devices get stuck at a "Enter full pathname of the shell or RETURN for /bin/sh:" prompt mid-upgrade. Rebooting the appliance causes it to be stuck at a "-sh: /etc/rc.initial: not found" prompt after asking for credentials.</p>
<p>This does not appear to be an arch problem as amd64 and aarch64 are both seemingly affected.</p>
<p>Relevant errors during bootup captured from an 1100 that failed to upgrade properly:</p>
<p>[113/168] Extracting php82-pear-Net_URL2-2.2.1: .......... done</p>
<p>Warning: foreach() argument must be of type array|object, null given in Command.php on line 249</p>
<p>Warning: foreach() argument must be of type array|object, null given in Command.php on line 249</p>
<p>Warning: foreach() argument must be of type array|object, null given in Command.php on line 249</p>
<p>Warning: foreach() argument must be of type array|object, null given in Command.php on line 249</p>
<p>Warning: foreach() argument must be of type array|object, null given in Command.php on line 249</p>
<p>Warning: foreach() argument must be of type array|object, null given in Command.php on line 249</p>
<p>Warning: foreach() argument must be of type array|object, null given in Command.php on line 249</p>
<p>Warning: foreach() argument must be of type array|object, null given in Command.php on line 249</p>
<p>Warning: foreach() argument must be of type array|object, null given in Command.php on line 249</p>
<p>Warning: foreach() argument must be of type array|object, null given in Command.php on line 249</p>
<p>Warning: foreach() argument must be of type array|object, null given in Command.php on line 249</p>
<p>Warning: Trying to access array offset on value of type null in Role.php on line 250</p>
<p>Warning: Trying to access array offset on value of type null in Role.php on line 251</p>
<p>Warning: Trying to access array offset on value of type null in Role.php on line 250</p>
<p>Warning: Trying to access array offset on value of type null in Role.php on line 251</p>
<p>Warning: Trying to access array offset on value of type null in Role.php on line 250</p>
<p>Warning: Trying to access array offset on value of type null in Role.php on line 251</p>
<p>Warning: Trying to access array offset on value of type null in Role.php on line 250</p>
<p>Warning: Trying to access array offset on value of type null in Role.php on line 251</p>
<p>Warning: Trying to access array offset on value of type null in Role.php on line 250</p>
<p>Warning: Trying to access array offset on value of type null in Role.php on line 251</p>
<p>Warning: Trying to access array offset on value of type null in Role.php on line 250</p>
<p>Warning: Trying to access array offset on value of type null in Role.php on line 251</p>
<p>Warning: Trying to access array offset on value of type null in Role.php on line 250</p>
<p>Warning: Trying to access array offset on value of type null in Role.php on line 251</p>
<p>Warning: Trying to access array offset on value of type null in Role.php on line 250</p>
<p>Warning: Trying to access array offset on value of type null in Role.php on line 251</p>
<p>Warning: Trying to access array offset on value of type null in Role.php on line 250</p>
<p>Warning: Trying to access array offset on value of type null in Role.php on line 251</p>
<p>Warning: Trying to access array offset on value of type null in Role.php on line 250</p>
<p>Warning: Trying to access array offset on value of type null in Role.php on line 251</p>
<p>Warning: Undefined array key "honorsbaseinstall" in Role.php on line 173</p>
<p>Warning: Undefined array key "honorsbaseinstall" in Role.php on line 173</p>
<p>Warning: Undefined array key "honorsbaseinstall" in Role.php on line 173</p>
<p>Warning: Undefined array key "honorsbaseinstall" in Role.php on line 173</p>
<p>Warning: Undefined array key "honorsbaseinstall" in Role.php on line 173</p>
<p>Warning: Undefined array key "honorsbaseinstall" in Role.php on line 173</p>
<p>Warning: Undefined array key "honorsbaseinstall" in Role.php on line 173</p>
<p>Warning: Undefined array key "honorsbaseinstall" in Role.php on line 173</p>
<p>Warning: Undefined array key "honorsbaseinstall" in Role.php on line 173</p>
<p>Warning: Undefined array key "honorsbaseinstall" in Role.php on line 173</p>
<p>Warning: Undefined array key "installable" in Role.php on line 139</p>
<p>Warning: Undefined array key "installable" in Role.php on line 139</p>
<p>Warning: Undefined array key "installable" in Role.php on line 139</p>
<p>Warning: Undefined array key "installable" in Role.php on line 139</p>
<p>Warning: Undefined array key "installable" in Role.php on line 139</p>
<p>Warning: Undefined array key "installable" in Role.php on line 139</p>
<p>Warning: Undefined array key "installable" in Role.php on line 139</p>
<p>Warning: Undefined array key "installable" in Role.php on line 139</p>
<p>Warning: Undefined array key "installable" in Role.php on line 139</p>
<p>Warning: Undefined array key "installable" in Role.php on line 139</p>
<p>Warning: Undefined array key "phpfile" in Role.php on line 204</p>
<p>Warning: Undefined array key "phpfile" in Role.php on line 204</p>
<p>Warning: Undefined array key "phpfile" in Role.php on line 204</p>
<p>Warning: Undefined array key "phpfile" in Role.php on line 204</p>
<p>Warning: Undefined array key "phpfile" in Role.php on line 204</p>
<p>Warning: Undefined array key "phpfile" in Role.php on line 204</p>
<p>Warning: Undefined array key "phpfile" in Role.php on line 204</p>
<p>Warning: Undefined array key "phpfile" in Role.php on line 204</p>
<p>Warning: Undefined array key "phpfile" in Role.php on line 204</p>
<p>Warning: Undefined array key "phpfile" in Role.php on line 204</p>
<p>Warning: Undefined array key "config_vars" in Role.php on line 46</p>
<p>Warning: Undefined array key "config_vars" in Role.php on line 46</p>
<p>Warning: Undefined array key "config_vars" in Role.php on line 46</p>
<p>Warning: Undefined array key "config_vars" in Role.php on line 46</p>
<p>Warning: Undefined array key "config_vars" in Role.php on line 46</p>
<p>Warning: Undefined array key "config_vars" in Role.php on line 46</p>
<p>Warning: Undefined array key "config_vars" in Role.php on line 46</p>
<p>Warning: Undefined array key "config_vars" in Role.php on line 46</p>
<p>Warning: Undefined array key "config_vars" in Role.php on line 46</p>
<p>Warning: Undefined array key "config_vars" in Role.php on line 46<br />XML Extension not found<br />pkg-static: POST-INSTALL script failed<br />[114/168] Installing boost-libs-1.82.0_1...<br />[114/168] Extracting boost-libs-1.82.0_1: .......pid 518 (pkg-static), jid 0, uid 0, was killed: failed to reclaim memory<br />Child process pid=518 terminated abnormally: Killed</p>
<blockquote><blockquote><blockquote>
<p>Unlocking package pfSense-pkg-aws-wizard... done.<br />Unlocking package pfSense-pkg-ipsec-profile-wizard... done.</p>
</blockquote></blockquote></blockquote>
<p>Fatal error: Uncaught Error: Call to undefined function gettext() in /etc/inc/certs.inc:48<br />Stack trace:<br />#0 /etc/inc/functions.inc(34): require_once()<br />#1 /etc/rc.ecl(25): require_once('/etc/inc/functi...')<br /><a class="issue tracker-1 status-3 priority-4 priority-default closed parent" title="Bug: Gateway not added when switching from DHCP to static (Resolved)" href="https://redmine.pfsense.org/issues/2">#2</a> {main}<br /> thrown in /etc/inc/certs.inc on line 48<br />Launching the init system...<br />Fatal error: Uncaught Error: Failed opening required 'Net/IPv6.php' (include_path='.:/etc/inc:/usr/local/pfSense/include:/usr/local/pfSense/include/www:/usr/local/www:/usr/local/captiveportal:/usr/local/pkg:/usr/local/www/classes:/usr/local/www/classes/Form:/usr/local/share/pear:/usr/local/share/openssl_x509_crl/') in /etc/inc/util.inc:28<br />Stack trace:<br />#0 /etc/inc/config.lib.inc(29): require_once()<br />#1 /etc/inc/auth.inc(31): require_once('/etc/inc/config...')<br /><a class="issue tracker-1 status-3 priority-4 priority-default closed parent" title="Bug: Gateway not added when switching from DHCP to static (Resolved)" href="https://redmine.pfsense.org/issues/2">#2</a> /etc/inc/captiveportal.inc(29): require_once('/etc/inc/auth.i...')<br /><a class="issue tracker-1 status-3 priority-4 priority-default closed" title="Bug: VPN negation rules not added in 2.0 (Resolved)" href="https://redmine.pfsense.org/issues/3">#3</a> /etc/inc/service-utils.inc(25): require_once('/etc/inc/captiv...')<br /><a class="issue tracker-4 status-3 priority-4 priority-default closed" title="Todo: Remove hard coded VLAN supported interfaces list (Resolved)" href="https://redmine.pfsense.org/issues/4">#4</a> /etc/inc/pkg-utils.inc(26): require_once('/etc/inc/servic...')<br /><a class="issue tracker-4 status-3 priority-4 priority-default closed" title="Todo: Don't sync on every filter reload (Resolved)" href="https://redmine.pfsense.org/issues/5">#5</a> /etc/rc.bootup(27): require_once('/etc/inc/pkg-ut...')<br /><a class="issue tracker-1 status-3 priority-4 priority-default closed" title="Bug: Status -> Wireless display bugs (Resolved)" href="https://redmine.pfsense.org/issues/6">#6</a> {main}<br /> thrown in /etc/inc/util.inc on line 28<br />Starting CRON... done.</p>
<p>Fatal error: Uncaught Error: Call to undefined function gettext() in /etc/inc/certs.inc:48<br />Stack trace:<br />#0 /etc/inc/functions.inc(34): require_once()<br />#1 /etc/inc/notices.inc(26): require_once('/etc/inc/functi...')<br /><a class="issue tracker-1 status-3 priority-4 priority-default closed parent" title="Bug: Gateway not added when switching from DHCP to static (Resolved)" href="https://redmine.pfsense.org/issues/2">#2</a> /etc/inc/config.inc(51): require_once('/etc/inc/notice...')<br /><a class="issue tracker-1 status-3 priority-4 priority-default closed" title="Bug: VPN negation rules not added in 2.0 (Resolved)" href="https://redmine.pfsense.org/issues/3">#3</a> /etc/rc.start_packages(25): require_once('/etc/inc/config...')<br /><a class="issue tracker-4 status-3 priority-4 priority-default closed" title="Todo: Remove hard coded VLAN supported interfaces list (Resolved)" href="https://redmine.pfsense.org/issues/4">#4</a> {main}<br /> thrown in /etc/inc/certs.inc on line 48<br />.: cannot open /etc/rc.be_functions.sh: No such file or directory<br />Enter full pathname of shell or RETURN for /bin/sh:</p> pfSense Plus - Bug #14968 (New): Google LDAP fail to bindhttps://redmine.pfsense.org/issues/149682023-11-11T13:11:11ZLev Prokofev
<p>Even with a freshly created cert and Bind user login/pass it fails to bind with the message:</p>
<p><em>/system_authservers.php: ERROR! ldap_get_user_ous() could not bind to server.</em></p>
<p>It seems the TLS talk between the client and server went smoothly (packet capture attached)</p>
<p>Ticket for reference #2067635022</p> pfSense Plus - Bug #14894 (New): Password protected console login prompt does not render properly...https://redmine.pfsense.org/issues/148942023-10-18T19:47:24ZJim Pingle
<p>After resolving other console issues with the 4100/6100/8200 in <a class="issue tracker-1 status-3 priority-4 priority-default closed" title="Bug: Serial console output fails to render properly in certain cases on 4100, 6100, and 8200. (Resolved)" href="https://redmine.pfsense.org/issues/13455">#13455</a> a problem remains with the login prompt.</p>
<p>It is not printing a newline before the FreeBSD version string nor is it printing a newline before the password prompt:</p>
<pre>
[...])FreeBSD/amd64 (pfsense.home.arpa) (ttyu0)
login: rootPassword:
Netgate 4100 [...]
</pre>
<p>It should look like this:</p>
<pre>
FreeBSD/amd64 (pfsense.home.arpa) (ttyu0)
login: root
Password:
Netgate 4100 [...]
</pre>
<p>Changing the console type doesn't have any effect, nor does changing various aspects of the TTY (e.g. setting it to <code>xterm</code> or <code>cons25w</code> instead of <code>vt100</code>, or using <code>std</code> instead of <code>3wire</code>).</p> pfSense Plus - Bug #14879 (New): Disabling DNS Rebinding Checks deletes private domains from unbo...https://redmine.pfsense.org/issues/148792023-10-14T12:37:45ZBob Dig
<p>This will make Domain Overrides not work anymore, at least with split DNS. <br />More Details are described here: <a class="external" href="https://forum.netgate.com/topic/183401/disabling-dns-rebinding-checks-does-alter-domain-overrides">https://forum.netgate.com/topic/183401/disabling-dns-rebinding-checks-does-alter-domain-overrides</a> .</p>
<p>Only tested with 23.05.1</p> pfSense Plus - Bug #14862 (New): netstat nexthop queries fail on an arm32https://redmine.pfsense.org/issues/148622023-10-11T00:33:44ZSteve Wheeler
<p>Using the -o or -O switches with netstat to get nexthop data fails or shows bad data on arm32 devices.</p>
<pre>
[23.09-BETA][admin@fw1.stevew.lan]/root: netstat -4onW
Nexthop data
Protocol Family 0:
Idx Type IFA Gateway Flags Use Mtu Netif Addrif Refcnt Prepend
120 empty (0) ---/resolve HS 0 512 --- lo0 0 00000000000000000000000000
120 empty (0) ---/resolve H 0 512 --- lo0 0 000000000000000000
120 empty (0) ---/resolve 0 512 ---mvneta1.100 0 0000000000000000000000000000
120 empty (0) ---/resolve 0 512 --- ovpnc2 0 00000000000000000000000000000000
120 empty (0) ---/resolve H 0 512 --- lo0 0 00
120 empty (0) ---/resolve HS 0 512 --- lo0 0 0000
120 empty (0) ---/resolve HS 0 512 --- lo0 0 00
120 empty (0) ---/resolve H 0 512 --- lo0 0 00
120 empty (0) ---/resolve HS 0 512 --- lo0 0 0000000000000000
120 empty (0) ---/resolve GS 0 512 --- mvneta0 0 00
120 empty (0) ---/resolve 0 512 --- mvneta2 0 0000000000000000
120 empty (0) ---/resolve HS 0 512 --- lo0 0 00000000000000000000000000000000
120 empty (0) ---/resolve HS 0 512 --- lo0 0 000000000000000000000000000000
120 empty (0) ---/resolve HS 0 512 --- lo0 0 0000000000000000000000000000000000
120 empty (0) ---/resolve H 0 512 --- ovpnc3 0 000000000000000000000000000000
120 empty (0) ---/resolve 0 512 ---mvneta1.21 0 00000000000000000000000000
120 empty (0) ---/resolve GHS 0 512 --- mvneta2 0 0000000000000000
120 empty (0) ---/resolve 0 512 --- mvneta0 0 00
120 empty (0) ---/resolve GS 0 512 --- mvneta2 0 0000000000000000
120 empty (0) ---/resolve 0 512 --- mvneta1 0 0000
120 empty (0) ---/resolve 0 512 --- mvneta1 0 0000
120 empty (0) ---/resolve HS 0 512 --- lo0 0 0000000000000000000000000000
120 empty (0) ---/resolve 0 512 --- ovpnc1 0 0000000000000000000000000000000000
</pre>
<pre>
[23.09-BETA][admin@fw1.stevew.lan]/root: netstat -4OnW
Nexthop groups data
netstat: sysctl: net.route.0.2.nhgrpdump.0 estimate: Operation not supported
</pre>
<p>These commands are used to gather data for the status_output file and hence generate errors when it's run.</p> pfSense Plus - Bug #14824 (New): OpenVPN instance on IPv6 PPPoE interface does not always start a...https://redmine.pfsense.org/issues/148242023-09-30T01:13:08Zyon Liuinfo@ipv6china.com
<p>openvpn use ipv6 WAN, When pfsense restarts the system, openvpn ipv6 can't autostart. It must be started manually. After successful startup, the gateway corresponding to pfsense is not restored. The gateway must be manually resaved to restore it.</p> pfSense Plus - Bug #14772 (New): PFsense Plus doesn't work with AWS new Instance Metadata Service...https://redmine.pfsense.org/issues/147722023-09-11T18:51:03ZCameron Epp
<p>AWS has an updated version of their metadata service (IMDS) that is designed to add some defense-in-depth (see <a class="external" href="https://aws.amazon.com/blogs/security/defense-in-depth-open-firewalls-reverse-proxies-ssrf-vulnerabilities-ec2-instance-metadata-service/">https://aws.amazon.com/blogs/security/defense-in-depth-open-firewalls-reverse-proxies-ssrf-vulnerabilities-ec2-instance-metadata-service/</a> for details).</p>
<p>PFsense Plus is using the older IMDSv1 instead of IMDSv2. See <a class="external" href="https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instancedata-add-user-data.html">https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instancedata-add-user-data.html</a> for more details on how to make the call to get userdata using IMDSv2</p>
<p>I think that you could add support for IMDSv2 by updating the <code>retrieveMetaData</code> function in <code>/usr/local/sbin/ec2_setup.php</code>. If you retrieve the token first, you can then use that token to get the requested info. Here is what I think the function should be:<br /><pre><code class="php syntaxhl"><span class="k">function</span> <span class="n">retrieveMetaData</span><span class="p">(</span><span class="nv">$url</span><span class="p">)</span> <span class="p">{</span>
<span class="k">if</span> <span class="p">(</span><span class="o">!</span><span class="nv">$url</span><span class="p">)</span>
<span class="k">return</span><span class="p">;</span>
<span class="nv">$curl</span> <span class="o">=</span> <span class="nb">curl_init</span><span class="p">();</span>
<span class="cm">/* first get the instance token which we will use to
authenticate the subsequent call */</span>
<span class="nv">$token_url</span> <span class="o">=</span> <span class="s2">"http://169.254.169.254/latest/api/token"</span><span class="p">;</span>
<span class="nv">$headers</span> <span class="o">=</span> <span class="k">array</span> <span class="p">(</span>
<span class="s1">'X-aws-ec2-metadata-token-ttl-seconds: 10'</span> <span class="p">);</span>
<span class="nb">curl_setopt</span><span class="p">(</span><span class="nv">$curl</span><span class="p">,</span> <span class="no">CURLOPT_URL</span><span class="p">,</span> <span class="nv">$token_url</span><span class="p">);</span>
<span class="nb">curl_setopt</span><span class="p">(</span><span class="nv">$curl</span><span class="p">,</span> <span class="no">CURLOPT_HTTPHEADER</span><span class="p">,</span> <span class="nv">$headers</span> <span class="p">);</span>
<span class="nb">curl_setopt</span><span class="p">(</span><span class="nv">$curl</span><span class="p">,</span> <span class="no">CURLOPT_RETURNTRANSFER</span><span class="p">,</span> <span class="kc">true</span> <span class="p">);</span>
<span class="nb">curl_setopt</span><span class="p">(</span><span class="nv">$curl</span><span class="p">,</span> <span class="no">CURLOPT_CUSTOMREQUEST</span><span class="p">,</span> <span class="s2">"PUT"</span> <span class="p">);</span>
<span class="nb">curl_setopt</span><span class="p">(</span><span class="nv">$curl</span><span class="p">,</span> <span class="no">CURLOPT_FAILONERROR</span><span class="p">,</span> <span class="kc">true</span><span class="p">);</span>
<span class="nb">curl_setopt</span><span class="p">(</span><span class="nv">$curl</span><span class="p">,</span> <span class="no">CURLOPT_CONNECTTIMEOUT</span><span class="p">,</span> <span class="mi">15</span><span class="p">);</span>
<span class="nb">curl_setopt</span><span class="p">(</span><span class="nv">$curl</span><span class="p">,</span> <span class="no">CURLOPT_TIMEOUT</span><span class="p">,</span> <span class="mi">30</span><span class="p">);</span>
<span class="nv">$token</span> <span class="o">=</span> <span class="nb">curl_exec</span><span class="p">(</span><span class="nv">$curl</span><span class="p">);</span>
<span class="cm">/* now build the 'real' request and send it along with the
token for authentication */</span>
<span class="nv">$headers</span> <span class="o">=</span> <span class="k">array</span> <span class="p">(</span>
<span class="s1">'X-aws-ec2-metadata-token: '</span><span class="mf">.</span><span class="nv">$token</span> <span class="p">);</span>
<span class="nb">curl_setopt</span><span class="p">(</span><span class="nv">$curl</span><span class="p">,</span> <span class="no">CURLOPT_URL</span><span class="p">,</span> <span class="nv">$url</span><span class="p">);</span>
<span class="nb">curl_setopt</span><span class="p">(</span><span class="nv">$curl</span><span class="p">,</span> <span class="no">CURLOPT_HTTPHEADER</span><span class="p">,</span> <span class="nv">$headers</span> <span class="p">);</span>
<span class="nb">curl_setopt</span><span class="p">(</span><span class="nv">$curl</span><span class="p">,</span> <span class="no">CURLOPT_RETURNTRANSFER</span><span class="p">,</span> <span class="kc">true</span> <span class="p">);</span>
<span class="nb">curl_setopt</span><span class="p">(</span><span class="nv">$curl</span><span class="p">,</span> <span class="no">CURLOPT_CUSTOMREQUEST</span><span class="p">,</span> <span class="s2">"GET"</span> <span class="p">);</span>
<span class="nb">curl_setopt</span><span class="p">(</span><span class="nv">$curl</span><span class="p">,</span> <span class="no">CURLOPT_FAILONERROR</span><span class="p">,</span> <span class="kc">true</span><span class="p">);</span>
<span class="nb">curl_setopt</span><span class="p">(</span><span class="nv">$curl</span><span class="p">,</span> <span class="no">CURLOPT_CONNECTTIMEOUT</span><span class="p">,</span> <span class="mi">15</span><span class="p">);</span>
<span class="nb">curl_setopt</span><span class="p">(</span><span class="nv">$curl</span><span class="p">,</span> <span class="no">CURLOPT_TIMEOUT</span><span class="p">,</span> <span class="mi">30</span><span class="p">);</span>
<span class="nv">$metadata</span> <span class="o">=</span> <span class="nb">curl_exec</span><span class="p">(</span><span class="nv">$curl</span><span class="p">);</span>
<span class="nb">curl_close</span><span class="p">(</span><span class="nv">$curl</span><span class="p">);</span>
<span class="k">return</span><span class="p">(</span><span class="nv">$metadata</span><span class="p">);</span>
<span class="p">}</span>
</code></pre></p>
<p>n.b. I haven't taken the time to try and build a fresh ami in AWS, so I may have some syntax wrong!</p> pfSense Plus - Bug #14708 (New): Uncaught TypeError: pfSense_interface_rename() when enabling a s...https://redmine.pfsense.org/issues/147082023-08-24T23:35:12ZDiana Moore
<p>When enabling 6rd while 6to4 is enabled on another interface the web ui will throw an error of <code>Uncaught TypeError: pfSense_interface_rename()</code>.</p>
<p>This can also occur when enabling 6to4 with 6rd already enabled.</p>
<p>UI error shows the following when trying to enable 6to4 on wan with 6rd enabled on opt1 (Full trace attached to bug report):</p>
<blockquote>
<p>Fatal error: Uncaught TypeError: pfSense_interface_rename(): Argument #1 ($ifname) must be of type string, array given in /etc/inc/interfaces.inc:4745 Stack trace: #0 /etc/inc/interfaces.inc(4745): pfSense_interface_rename(Array, 'wan_stf') #1 /etc/inc/interfaces.inc(4289): interface_6to4_configure('wan', Array) <a class="issue tracker-1 status-3 priority-4 priority-default closed parent" title="Bug: Gateway not added when switching from DHCP to static (Resolved)" href="https://redmine.pfsense.org/issues/2">#2</a> /usr/local/www/interfaces.php(476): interface_configure('wan', true) <a class="issue tracker-1 status-3 priority-4 priority-default closed" title="Bug: VPN negation rules not added in 2.0 (Resolved)" href="https://redmine.pfsense.org/issues/3">#3</a> {main} thrown in /etc/inc/interfaces.inc on line 4745 PHP ERROR: Type: 1, File: /etc/inc/interfaces.inc, Line: 4745, Message: Uncaught TypeError: pfSense_interface_rename(): Argument #1 ($ifname) must be of type string, array given in /etc/inc/interfaces.inc:4745 Stack trace: #0 /etc/inc/interfaces.inc(4745): pfSense_interface_rename(Array, 'wan_stf') #1 /etc/inc/interfaces.inc(4289): interface_6to4_configure('wan', Array) <a class="issue tracker-1 status-3 priority-4 priority-default closed parent" title="Bug: Gateway not added when switching from DHCP to static (Resolved)" href="https://redmine.pfsense.org/issues/2">#2</a> /usr/local/www/interfaces.php(476): interface_configure('wan', true) <a class="issue tracker-1 status-3 priority-4 priority-default closed" title="Bug: VPN negation rules not added in 2.0 (Resolved)" href="https://redmine.pfsense.org/issues/3">#3</a> {main} thrown</p>
</blockquote>
<p>Static IPv6, SLAAC, and DHCPv6 are unaffected.</p>
Interfaces involved:
<ul>
<li>wan - igb0 - Requires 6to4 for IPv6</li>
<li>opt1 - VLAN 201 on igb1 - Requires 6rd for IPv6</li>
</ul>
<p>System is a Super Micro a1sri-2758f</p>