pfSense bugtracker: Issueshttps://redmine.pfsense.org/https://redmine.pfsense.org/favicon.ico?16780521162024-01-28T12:55:29ZpfSense bugtracker
Redmine pfSense - Feature #15207 (Incomplete): DynDNS - Missing update KEYhttps://redmine.pfsense.org/issues/152072024-01-28T12:55:29ZMatt Keys
<p>I apologize if this has already been reported, or already exists as a feature request. I did search previous to post, but I may have missed it as I'm unfamiliar with this interface.</p>
<p>Services - Dynamic DNS - Add DynDNS(*)</p>
<p>This page does not provide a means to enter an updater key.<br />!<br /><img src="https://redmine.pfsense.org/attachments/download/5879/clipboard-202401280753-egdtc.png" alt="" /><br />!</p> pfSense - Bug #15194 (Incomplete): PHP Fatal error in easyrule CLIhttps://redmine.pfsense.org/issues/151942024-01-26T14:31:35ZDavid Johnston
<p>Running "easyrule block wan 1.0.152.114" via ssh caused an error.<br />It looks like it's a problem in backup_config().<br />It's actually a permissions error; easyrule needs to be run as root.</p>
<p>Possible fixes:<br />1. chmod 700 /usr/local/bin/easyrule<br />2. Add a check to the PHP to report permissions errors.</p> pfSense Plus - Bug #15157 (Incomplete): Problem in Restore Backuphttps://redmine.pfsense.org/issues/151572024-01-12T23:35:22ZRamon Alonso Costa
<p>I am having the following issue when trying to update the DNS Resolver backup. Below is the file with the error.</p> pfSense - Bug #15134 (Incomplete): Post upgrade to 2.7.2 - Change in alias name stops all traffichttps://redmine.pfsense.org/issues/151342024-01-03T11:03:01ZRajko Bogdanovicrajko@itroom-a.com
<p>After installing the last 2.7.2 release, when we edited an Alias name - that rule stopped working, and all traffic was blocked from that point until a full reboot was done. <br />Once rebooted, old nat/access rules are working again using a new alias.</p> pfSense Plus - Bug #15017 (Incomplete): DHCP relay CARP status VIP function is not working in pfs...https://redmine.pfsense.org/issues/150172023-11-20T19:51:25ZRobert Karsai
<p>Hello,<br />It seems that after 23.05.1->23.09 upgrade DHCP relay CARP status VIP function is not working properly, DHCP relay agent stays active all times (dhcrelay stays green on the dashboard widget, also pgrep dhcrelay<br />returns running processes in CLI), it will not be stopped when the chosen VIP is in BACKUP status. Not a big deal, there can be two active relay agents in the same network, but this is not how it supposed to work. Strangely this only affects our pfSense+ 23.09 clusters, in pfSense CE 2.7.1 this is not an issue.<br />--<br />BR<br />Robert</p> pfSense - Bug #14840 (Incomplete): OpenVPN Uncaught Exception log error: Uncaught Exception: Can'...https://redmine.pfsense.org/issues/148402023-10-05T12:29:00ZPhil Wardt
<p>I received the below notification about an error when pfsense was booted:</p>
<pre><code class="shell syntaxhl">7:51:21 PHP ERROR: Type: 1, File: /usr/local/share/openssl_x509_crl/ASN1_GENERALTIME.php, Line: 73, Message: Uncaught Exception: Can<span class="s1">'t parse time from string '</span>211029094223Z<span class="s1">' in /usr/local/share/openssl_x509_crl/ASN1_GENERALTIME.php:73
Stack trace:
#0 /usr/local/share/openssl_x509_crl/ASN1.php(136): Ukrbublik\openssl_x509_crl\ASN1_GENERALTIME->decodeSimple('</span>0<span class="se">\x</span>82<span class="se">\x</span>06e0<span class="se">\x</span>82<span class="se">\x</span>04M<span class="se">\x</span>A0<span class="se">\x</span>03<span class="se">\x</span>02<span class="se">\x</span>01<span class="se">\x</span>02<span class="se">\x</span>02<span class="se">\x</span>08...<span class="s1">', 167, 13)
#1 /usr/local/share/openssl_x509_crl/ASN1.php(314): Ukrbublik\openssl_x509_crl\ASN1->decode('</span>0<span class="se">\x</span>82<span class="se">\x</span>06e0<span class="se">\x</span>82<span class="se">\x</span>04M<span class="se">\x</span>A0<span class="se">\x</span>03<span class="se">\x</span>02<span class="se">\x</span>01<span class="se">\x</span>02<span class="se">\x</span>02<span class="se">\x</span>08...<span class="s1">', 167, 13)
#2 /usr/local/share/openssl_x509_crl/ASN1.php(138): Ukrbublik\openssl_x509_crl\ASN1->decodeConstructed('</span>0<span class="se">\x</span>82<span class="se">\x</span>06e0<span class="se">\x</span>82<span class="se">\x</span>04M<span class="se">\x</span>A0<span class="se">\x</span>03<span class="se">\x</span>02<span class="se">\x</span>01<span class="se">\x</span>02<span class="se">\x</span>02<span class="se">\x</span>08...<span class="s1">', 165, 30)
#3 /usr/local/share/openssl_x509_crl/ASN1.php(314): Ukrbublik\openssl_x509_crl\ASN1->decode('</span>0<span class="se">\x</span>82<span class="se">\x</span>06e0<span class="se">\x</span>82<span class="se">\x</span>04M<span class="se">\x</span>A0<span class="se">\x</span>03<span class="se">\x</span>02<span class="se">\x</span>01<span class="se">\x</span>02<span class="se">\x</span>02<span class="se">\x</span>08...<span class="s1">', 165, 30)
#4 /usr/local/share/openssl_x509_crl/ASN1.php(138): Ukrbublik\openssl_x509_crl\ASN1->decodeConstructed('</span>0<span class="se">\x</span>82<span class="se">\x</span>06e0<span class="se">\x</span>82<span class="se">\x</span>04M<span class="se">\x</span>A0<span class="se">\x</span>03<span class="se">\x</span>02<span class="se">\x</span>01<span class="se">\x</span>02<span class="se">\x</span>02<span class="se">\x</span>08...<span class="s1">', 8, 1101)
#5 /usr/local/share/openssl_x509_crl/ASN1.php(314): Ukrbublik\openssl_x509_crl\ASN1->decode('</span>0<span class="se">\x</span>82<span class="se">\x</span>06e0<span class="se">\x</span>82<span class="se">\x</span>04M<span class="se">\x</span>A0<span class="se">\x</span>03<span class="se">\x</span>02<span class="se">\x</span>01<span class="se">\x</span>02<span class="se">\x</span>02<span class="se">\x</span>08...<span class="s1">', 8, 1101)
#6 /usr/local/share/openssl_x509_crl/ASN1.php(138): Ukrbublik\openssl_x509_crl\ASN1->decodeConstructed('</span>0<span class="se">\x</span>82<span class="se">\x</span>06e0<span class="se">\x</span>82<span class="se">\x</span>04M<span class="se">\x</span>A0<span class="se">\x</span>03<span class="se">\x</span>02<span class="se">\x</span>01<span class="se">\x</span>02<span class="se">\x</span>02<span class="se">\x</span>08...<span class="s1">', 4, 1637)
#7 /usr/local/share/openssl_x509_crl/ASN1.php(314): Ukrbublik\openssl_x509_crl\ASN1->decode('</span>0<span class="se">\x</span>82<span class="se">\x</span>06e0<span class="se">\x</span>82<span class="se">\x</span>04M<span class="se">\x</span>A0<span class="se">\x</span>03<span class="se">\x</span>02<span class="se">\x</span>01<span class="se">\x</span>02<span class="se">\x</span>02<span class="se">\x</span>08...<span class="s1">', 4, 1637)
#8 /usr/local/share/openssl_x509_crl/ASN1.php(138): Ukrbublik\openssl_x509_crl\ASN1->decodeConstructed('</span>0<span class="se">\x</span>82<span class="se">\x</span>06e0<span class="se">\x</span>82<span class="se">\x</span>04M<span class="se">\x</span>A0<span class="se">\x</span>03<span class="se">\x</span>02<span class="se">\x</span>01<span class="se">\x</span>02<span class="se">\x</span>02<span class="se">\x</span>08...<span class="s1">', 0, 1641)
#9 /usr/local/share/openssl_x509_crl/X509_CERT.php(44): Ukrbublik\openssl_x509_crl\ASN1->decode('</span>0<span class="se">\x</span>82<span class="se">\x</span>06e0<span class="se">\x</span>82<span class="se">\x</span>04M<span class="se">\x</span>A0<span class="se">\x</span>03<span class="se">\x</span>02<span class="se">\x</span>01<span class="se">\x</span>02<span class="se">\x</span>02<span class="se">\x</span>08...<span class="s1">', 0, 1641)
#10 /usr/local/share/openssl_x509_crl/X509_CRL.php(60): Ukrbublik\openssl_x509_crl\X509_CERT::decode('</span>0<span class="se">\x</span>82<span class="se">\x</span>06e0<span class="se">\x</span>82<span class="se">\x</span>04M<span class="se">\x</span>A0<span class="se">\x</span>03<span class="se">\x</span>02<span class="se">\x</span>01<span class="se">\x</span>02<span class="se">\x</span>02<span class="se">\x</span>08...<span class="s1">')
#11 /etc/inc/certs.inc(1071): Ukrbublik\openssl_x509_crl\X509_CRL::create(Array, Object(OpenSSLAsymmetricKey), '</span>0<span class="se">\x</span>82<span class="se">\x</span>06e0<span class="se">\x</span>82<span class="se">\x</span>04M<span class="se">\x</span>A0<span class="se">\x</span>03<span class="se">\x</span>02<span class="se">\x</span>01<span class="se">\x</span>02<span class="se">\x</span>02<span class="se">\x</span>08...<span class="s1">')
#12 /etc/inc/openvpn.inc(1353): crl_update(Array)
#13 /etc/inc/openvpn.inc(1576): openvpn_reconfigure('</span>server<span class="s1">', Array)
#14 /etc/inc/openvpn.inc(1865): openvpn_restart('</span>server<span class="s1">', Array)
#15 /etc/inc/openvpn.inc(1907): openvpn_resync('</span>server<span class="s1">', Array)
#16 /etc/rc.newwanip(261): openvpn_resync_all('</span>wan<span class="s1">', '</span>inet<span class="s1">')
#17 {main}
thrown
</span></code></pre>
<p>It is the first time and never sent again !</p> pfSense Plus - Bug #14778 (Incomplete): /usr/local/www/csrf/csrf-magic.php on line 161 PH...https://redmine.pfsense.org/issues/147782023-09-13T16:04:10ZAndrew Rojek
<p>Got this error message when trying to view a small list of CIDR addresses in Firewall->Aliases.<br />It was followed by a white blank screen and I had to reload the console page to reveal the error message below...</p>
<p>Crash report begins. Anonymous machine information:</p>
<p>arm64<br />14.0-CURRENT<br />FreeBSD 14.0-CURRENT #1 plus-RELENG_23_05_1-n256108-459fc493a87: Wed Jun 28 04:25:15 UTC 2023 root@freebsd:/var/jenkins/workspace/pfSense-Plus-snapshots-23_05_1-main/obj/aarch64/0P4W6joa/var/jenkins/workspace/pfSense-Plus-snapshots-23_05_1-main/source</p>
<p>Crash report details:</p>
<p>PHP Errors:<br />[13-Sep-2023 10:08:16 Europe/London] PHP Fatal error: str_ireplace(): Cannot use output buffering in output buffering display handlers in /usr/local/www/csrf/csrf-magic.php on line 161<br />[13-Sep-2023 10:08:53 Europe/London] PHP Fatal error: str_ireplace(): Cannot use output buffering in output buffering display handlers in /usr/local/www/csrf/csrf-magic.php on line 161</p>
<p>No FreeBSD crash data found.</p>
<p>Thank you.</p> pfSense - Bug #14651 (Incomplete): pfSense 2.7.0 Release has PPPoE bug. Unable to even make conne...https://redmine.pfsense.org/issues/146512023-08-05T09:22:36ZCin Lung Chen
<p>Sorry if this is wrong, I am frustrated and would love to be pointed to the right direction. I made a post in the forum with no one that can help as follow: <a class="external" href="https://forum.netgate.com/topic/181990/pppoe-connection-over-vlan-does-not-work-after-upgrade-to-2-7-0-tonight-please-help/3">https://forum.netgate.com/topic/181990/pppoe-connection-over-vlan-does-not-work-after-upgrade-to-2-7-0-tonight-please-help/3</a></p>
<p>TLDR:<br />PPPoE canoot start, not event trying to negotiate with the server. I am not sure what to do since version 2.6.0 works. I did clean reinstall with the image taken from the web for serial connection version and it was still failed the similar log as follow:</p>
<p>Aug 4 21:50:38 ppp 36066 [wan_link0] LCP: Down event --> After this, everyhing will be repeated for eternity from PPPoE: Connecting to XXXX to LCP: Down event.<br />Aug 4 21:50:38 ppp 36066 [wan_link0] Link: DOWN event<br />Aug 4 21:50:38 ppp 36066 [wan_link0] PPPoE connection timeout after 9 seconds<br />Aug 4 21:50:29 ppp 36066 [wan_link0] PPPoE: Connecting to 'XXXXX'<br />Aug 4 21:50:29 ppp 36066 [wan_link0] LCP: LayerStart<br />Aug 4 21:50:29 ppp 36066 [wan_link0] LCP: state change Initial --> Starting<br />Aug 4 21:50:29 ppp 36066 [wan_link0] LCP: Open event<br />Aug 4 21:50:29 ppp 36066 [wan_link0] Link: OPEN event<br />Aug 4 21:50:29 ppp 36066 [wan] Bundle: Interface ng0 created</p> pfSense Packages - Bug #14504 (Incomplete): FTP_Client_Proxy package doesn't create firewall rulehttps://redmine.pfsense.org/issues/145042023-06-23T08:23:53ZStefano Ceccherini
<p>I've installed FTP_Client_Proxy 0.3_8 on pfSense plus 23.05. I enabled the FTP client proxy services, but it doesn't create a firewall rule.</p>
<p>I had tested on pfSense plus 23.01 and it didn't work there, either.</p>
<p>When connecting from client, I got this in the firewall log:</p>
<p>#1 client command too long or not clean<br /><a class="issue tracker-1 status-3 priority-4 priority-default closed parent" title="Bug: Gateway not added when switching from DHCP to static (Resolved)" href="https://redmine.pfsense.org/issues/2">#2</a> client command too long or not clean</p> pfSense Packages - Feature #14196 (Incomplete): permitted firewall rules - additional texthttps://redmine.pfsense.org/issues/141962023-03-28T13:50:09ZJon Brown
<p>Firewall --> pfBlockerNG --> DNSBL --> DNSBL Configuration --> Permit Firewall Rules</p>
<p>Can you add some additional information here for the end user to explain lan segment and some possible scenarios when you would use this option.</p>
<p><a class="external" href="https://networkencyclopedia.com/lan-segment/">https://networkencyclopedia.com/lan-segment/</a> - Lan Segment is a physical portion of a local area network (LAN) that is separated from other portions by bridges or routers.</p>
<p><a class="external" href="https://www.reddit.com/r/pfBlockerNG/comments/p9te6f/should_permit_firewall_rules_be_enabled_i_was/">https://www.reddit.com/r/pfBlockerNG/comments/p9te6f/should_permit_firewall_rules_be_enabled_i_was/</a> - This thread mentions that you do not need this option unless you have VLANs</p>
<p><img src="https://redmine.pfsense.org/attachments/download/4864/permitted-firewall-rules.png" alt="" /></p> pfSense Plus - Bug #13497 (Incomplete): unbound process looks like stuck periodicallyhttps://redmine.pfsense.org/issues/134972022-09-16T01:16:46ZYaroslav Semenenko
<p>Hello,</p>
<p>I have Netgate 2100.<br />Unbound service is needed to restart sometimes due to it could not resolve public domain name.</p>
<p>Thanks,<br />Yaroslav</p> pfSense - Bug #13215 (Incomplete): Allowed MAC/IP/Hostname traffic counts for authorized usershttps://redmine.pfsense.org/issues/132152022-05-25T03:03:52ZViktor Gurov
<p>This is due to rewriting pf tags.<br />CP rules must check <code>tagged</code> value on all steps.</p> pfSense - Bug #12740 (Incomplete): panic: esp_input_cb: Unexpected address familyhttps://redmine.pfsense.org/issues/127402022-01-27T12:38:51ZJuraj Lutter
<p>On pfSense 21.05.02 I've started to get a panic with panic string:</p>
<pre>
esp_input_cb: Unexpected address family: xxx
</pre>
<p>Where xxx varies (248, 255, 127, 0, ...)</p>
<p>Hardware is Netgate 7100.</p>
<p>If crashdump is needed, it's available upon request.</p> pfSense - Bug #12734 (Incomplete): Long hostname breaks DHCP leases layouthttps://redmine.pfsense.org/issues/127342022-01-26T13:11:38ZJuri Oo
<p>It appears, that long hostnames will kind of break the dhcp leases status page. <br />With Nmap package and MAC vendors, the right part is cut off almost completely and horizontal scrollbar is added at the bottom. <br />Is this normal? I can see long MAC vendors are being cut to 3 rows. Shouldn't the hostname line also be cut at some point (in such rare cases)?</p>
<p>Tested with 2.5.2-RELEASE (amd64). Hostname is 40 characters long.</p> pfSense Packages - Bug #11530 (Incomplete): ntopng 4.2 needs to be updated to 4.3, Bug when acces...https://redmine.pfsense.org/issues/115302021-02-24T22:17:00ZMax D
<p>On pfsense 2.5, installing ntopng from package manager ntop 0.8.13_9 which is 4.2 version of ntopng, after logging into ntopng, results in a corrupt web page when clicking on a host for details, this has been fixed in 4.3 by ntopng team.</p>
<p>I installed 4.3 manually from ntopng pfsense doc, and confirmed this resolves the issue.</p>