pfSense bugtracker: Issueshttps://redmine.pfsense.org/https://redmine.pfsense.org/favicon.ico?16780521162024-01-28T12:55:29ZpfSense bugtracker
Redmine pfSense - Feature #15207 (Incomplete): DynDNS - Missing update KEYhttps://redmine.pfsense.org/issues/152072024-01-28T12:55:29ZMatt Keys
<p>I apologize if this has already been reported, or already exists as a feature request. I did search previous to post, but I may have missed it as I'm unfamiliar with this interface.</p>
<p>Services - Dynamic DNS - Add DynDNS(*)</p>
<p>This page does not provide a means to enter an updater key.<br />!<br /><img src="https://redmine.pfsense.org/attachments/download/5879/clipboard-202401280753-egdtc.png" alt="" /><br />!</p> pfSense Plus - Bug #15157 (Incomplete): Problem in Restore Backuphttps://redmine.pfsense.org/issues/151572024-01-12T23:35:22ZRamon Alonso Costa
<p>I am having the following issue when trying to update the DNS Resolver backup. Below is the file with the error.</p> pfSense - Bug #15140 (Incomplete): Remote syslog servers on dynamically routed networks are being...https://redmine.pfsense.org/issues/151402024-01-04T16:48:42ZJames Blanton
<p>Syslogd is started before any packages are started, including the FRR package. If any remote syslog servers are on a network whose route is learned over BGP, then this traffic will be routed to the default gateway initially. This is expected behavior, since the FRR package hasn't been loaded and no BGP routes have been received.</p>
<p>The problem is that the traffic is NOT being redirected after BGP routes are established due to the state that was created initially by routing the traffic through the default GW.</p>
<p>In my specific case, I've got a remote site sending syslog traffic over an OpenVPN tunnel with BGP routing between sites. When the remote router reboots, the syslog messages are routed out of the WAN interface, creating a state with an "src-org" of the LAN IP and "src" of the WAN IP. After the FRR package starts and the BGP routes are received, these messages continue to go out of the WAN interface until the state is killed.</p>
<p>I originally reported this bug with <a class="issue tracker-1 status-12 priority-4 priority-default closed" title="Bug: Syslog Over OpenVPN Routed Out Default GW On Reboot (Not a Bug)" href="https://redmine.pfsense.org/issues/14403">#14403</a>, but was told:</p>
<pre><code><em>This is a configuration issue -- if traffic is taking a path you don't want when the VPN is down, you need to add rules to block it (e.g. reject it outbound on WAN via floating rules).</em></code></pre>
<p>However, this does not work either. While it does prevent the traffic from exiting the WAN interface, the syslog messages are still not being routed properly after the BGP routes are received. This began occurring for me originally on 23.01, but is still occurring in 23.09.1.</p>
<p>I was able to get this working by adding some code in to the "/etc/rc.state_packages" script in the foreach loop that starts that packages that checks to see if the FRR package was just started, then looks to see if any remote syslog servers were configured. If there were any servers configured, then it sleeps for 15 seconds (to give time for the BGP peering to start) before looping through the servers and checking for any existing states. If any states exists, it checks for a "src-org" field and compares it to the "src" field. If the "src" and "src-org" don't match, then it kills that state. I have tested this change with 23.09.1, and it has been working as expected.</p> pfSense - Bug #15134 (Incomplete): Post upgrade to 2.7.2 - Change in alias name stops all traffichttps://redmine.pfsense.org/issues/151342024-01-03T11:03:01ZRajko Bogdanovicrajko@itroom-a.com
<p>After installing the last 2.7.2 release, when we edited an Alias name - that rule stopped working, and all traffic was blocked from that point until a full reboot was done. <br />Once rebooted, old nat/access rules are working again using a new alias.</p> pfSense Plus - Bug #15017 (Incomplete): DHCP relay CARP status VIP function is not working in pfs...https://redmine.pfsense.org/issues/150172023-11-20T19:51:25ZRobert Karsai
<p>Hello,<br />It seems that after 23.05.1->23.09 upgrade DHCP relay CARP status VIP function is not working properly, DHCP relay agent stays active all times (dhcrelay stays green on the dashboard widget, also pgrep dhcrelay<br />returns running processes in CLI), it will not be stopped when the chosen VIP is in BACKUP status. Not a big deal, there can be two active relay agents in the same network, but this is not how it supposed to work. Strangely this only affects our pfSense+ 23.09 clusters, in pfSense CE 2.7.1 this is not an issue.<br />--<br />BR<br />Robert</p> pfSense - Bug #14840 (Incomplete): OpenVPN Uncaught Exception log error: Uncaught Exception: Can'...https://redmine.pfsense.org/issues/148402023-10-05T12:29:00ZPhil Wardt
<p>I received the below notification about an error when pfsense was booted:</p>
<pre><code class="shell syntaxhl">7:51:21 PHP ERROR: Type: 1, File: /usr/local/share/openssl_x509_crl/ASN1_GENERALTIME.php, Line: 73, Message: Uncaught Exception: Can<span class="s1">'t parse time from string '</span>211029094223Z<span class="s1">' in /usr/local/share/openssl_x509_crl/ASN1_GENERALTIME.php:73
Stack trace:
#0 /usr/local/share/openssl_x509_crl/ASN1.php(136): Ukrbublik\openssl_x509_crl\ASN1_GENERALTIME->decodeSimple('</span>0<span class="se">\x</span>82<span class="se">\x</span>06e0<span class="se">\x</span>82<span class="se">\x</span>04M<span class="se">\x</span>A0<span class="se">\x</span>03<span class="se">\x</span>02<span class="se">\x</span>01<span class="se">\x</span>02<span class="se">\x</span>02<span class="se">\x</span>08...<span class="s1">', 167, 13)
#1 /usr/local/share/openssl_x509_crl/ASN1.php(314): Ukrbublik\openssl_x509_crl\ASN1->decode('</span>0<span class="se">\x</span>82<span class="se">\x</span>06e0<span class="se">\x</span>82<span class="se">\x</span>04M<span class="se">\x</span>A0<span class="se">\x</span>03<span class="se">\x</span>02<span class="se">\x</span>01<span class="se">\x</span>02<span class="se">\x</span>02<span class="se">\x</span>08...<span class="s1">', 167, 13)
#2 /usr/local/share/openssl_x509_crl/ASN1.php(138): Ukrbublik\openssl_x509_crl\ASN1->decodeConstructed('</span>0<span class="se">\x</span>82<span class="se">\x</span>06e0<span class="se">\x</span>82<span class="se">\x</span>04M<span class="se">\x</span>A0<span class="se">\x</span>03<span class="se">\x</span>02<span class="se">\x</span>01<span class="se">\x</span>02<span class="se">\x</span>02<span class="se">\x</span>08...<span class="s1">', 165, 30)
#3 /usr/local/share/openssl_x509_crl/ASN1.php(314): Ukrbublik\openssl_x509_crl\ASN1->decode('</span>0<span class="se">\x</span>82<span class="se">\x</span>06e0<span class="se">\x</span>82<span class="se">\x</span>04M<span class="se">\x</span>A0<span class="se">\x</span>03<span class="se">\x</span>02<span class="se">\x</span>01<span class="se">\x</span>02<span class="se">\x</span>02<span class="se">\x</span>08...<span class="s1">', 165, 30)
#4 /usr/local/share/openssl_x509_crl/ASN1.php(138): Ukrbublik\openssl_x509_crl\ASN1->decodeConstructed('</span>0<span class="se">\x</span>82<span class="se">\x</span>06e0<span class="se">\x</span>82<span class="se">\x</span>04M<span class="se">\x</span>A0<span class="se">\x</span>03<span class="se">\x</span>02<span class="se">\x</span>01<span class="se">\x</span>02<span class="se">\x</span>02<span class="se">\x</span>08...<span class="s1">', 8, 1101)
#5 /usr/local/share/openssl_x509_crl/ASN1.php(314): Ukrbublik\openssl_x509_crl\ASN1->decode('</span>0<span class="se">\x</span>82<span class="se">\x</span>06e0<span class="se">\x</span>82<span class="se">\x</span>04M<span class="se">\x</span>A0<span class="se">\x</span>03<span class="se">\x</span>02<span class="se">\x</span>01<span class="se">\x</span>02<span class="se">\x</span>02<span class="se">\x</span>08...<span class="s1">', 8, 1101)
#6 /usr/local/share/openssl_x509_crl/ASN1.php(138): Ukrbublik\openssl_x509_crl\ASN1->decodeConstructed('</span>0<span class="se">\x</span>82<span class="se">\x</span>06e0<span class="se">\x</span>82<span class="se">\x</span>04M<span class="se">\x</span>A0<span class="se">\x</span>03<span class="se">\x</span>02<span class="se">\x</span>01<span class="se">\x</span>02<span class="se">\x</span>02<span class="se">\x</span>08...<span class="s1">', 4, 1637)
#7 /usr/local/share/openssl_x509_crl/ASN1.php(314): Ukrbublik\openssl_x509_crl\ASN1->decode('</span>0<span class="se">\x</span>82<span class="se">\x</span>06e0<span class="se">\x</span>82<span class="se">\x</span>04M<span class="se">\x</span>A0<span class="se">\x</span>03<span class="se">\x</span>02<span class="se">\x</span>01<span class="se">\x</span>02<span class="se">\x</span>02<span class="se">\x</span>08...<span class="s1">', 4, 1637)
#8 /usr/local/share/openssl_x509_crl/ASN1.php(138): Ukrbublik\openssl_x509_crl\ASN1->decodeConstructed('</span>0<span class="se">\x</span>82<span class="se">\x</span>06e0<span class="se">\x</span>82<span class="se">\x</span>04M<span class="se">\x</span>A0<span class="se">\x</span>03<span class="se">\x</span>02<span class="se">\x</span>01<span class="se">\x</span>02<span class="se">\x</span>02<span class="se">\x</span>08...<span class="s1">', 0, 1641)
#9 /usr/local/share/openssl_x509_crl/X509_CERT.php(44): Ukrbublik\openssl_x509_crl\ASN1->decode('</span>0<span class="se">\x</span>82<span class="se">\x</span>06e0<span class="se">\x</span>82<span class="se">\x</span>04M<span class="se">\x</span>A0<span class="se">\x</span>03<span class="se">\x</span>02<span class="se">\x</span>01<span class="se">\x</span>02<span class="se">\x</span>02<span class="se">\x</span>08...<span class="s1">', 0, 1641)
#10 /usr/local/share/openssl_x509_crl/X509_CRL.php(60): Ukrbublik\openssl_x509_crl\X509_CERT::decode('</span>0<span class="se">\x</span>82<span class="se">\x</span>06e0<span class="se">\x</span>82<span class="se">\x</span>04M<span class="se">\x</span>A0<span class="se">\x</span>03<span class="se">\x</span>02<span class="se">\x</span>01<span class="se">\x</span>02<span class="se">\x</span>02<span class="se">\x</span>08...<span class="s1">')
#11 /etc/inc/certs.inc(1071): Ukrbublik\openssl_x509_crl\X509_CRL::create(Array, Object(OpenSSLAsymmetricKey), '</span>0<span class="se">\x</span>82<span class="se">\x</span>06e0<span class="se">\x</span>82<span class="se">\x</span>04M<span class="se">\x</span>A0<span class="se">\x</span>03<span class="se">\x</span>02<span class="se">\x</span>01<span class="se">\x</span>02<span class="se">\x</span>02<span class="se">\x</span>08...<span class="s1">')
#12 /etc/inc/openvpn.inc(1353): crl_update(Array)
#13 /etc/inc/openvpn.inc(1576): openvpn_reconfigure('</span>server<span class="s1">', Array)
#14 /etc/inc/openvpn.inc(1865): openvpn_restart('</span>server<span class="s1">', Array)
#15 /etc/inc/openvpn.inc(1907): openvpn_resync('</span>server<span class="s1">', Array)
#16 /etc/rc.newwanip(261): openvpn_resync_all('</span>wan<span class="s1">', '</span>inet<span class="s1">')
#17 {main}
thrown
</span></code></pre>
<p>It is the first time and never sent again !</p> pfSense Plus - Bug #14778 (Incomplete): /usr/local/www/csrf/csrf-magic.php on line 161 PH...https://redmine.pfsense.org/issues/147782023-09-13T16:04:10ZAndrew Rojek
<p>Got this error message when trying to view a small list of CIDR addresses in Firewall->Aliases.<br />It was followed by a white blank screen and I had to reload the console page to reveal the error message below...</p>
<p>Crash report begins. Anonymous machine information:</p>
<p>arm64<br />14.0-CURRENT<br />FreeBSD 14.0-CURRENT #1 plus-RELENG_23_05_1-n256108-459fc493a87: Wed Jun 28 04:25:15 UTC 2023 root@freebsd:/var/jenkins/workspace/pfSense-Plus-snapshots-23_05_1-main/obj/aarch64/0P4W6joa/var/jenkins/workspace/pfSense-Plus-snapshots-23_05_1-main/source</p>
<p>Crash report details:</p>
<p>PHP Errors:<br />[13-Sep-2023 10:08:16 Europe/London] PHP Fatal error: str_ireplace(): Cannot use output buffering in output buffering display handlers in /usr/local/www/csrf/csrf-magic.php on line 161<br />[13-Sep-2023 10:08:53 Europe/London] PHP Fatal error: str_ireplace(): Cannot use output buffering in output buffering display handlers in /usr/local/www/csrf/csrf-magic.php on line 161</p>
<p>No FreeBSD crash data found.</p>
<p>Thank you.</p> pfSense - Bug #14651 (Incomplete): pfSense 2.7.0 Release has PPPoE bug. Unable to even make conne...https://redmine.pfsense.org/issues/146512023-08-05T09:22:36ZCin Lung Chen
<p>Sorry if this is wrong, I am frustrated and would love to be pointed to the right direction. I made a post in the forum with no one that can help as follow: <a class="external" href="https://forum.netgate.com/topic/181990/pppoe-connection-over-vlan-does-not-work-after-upgrade-to-2-7-0-tonight-please-help/3">https://forum.netgate.com/topic/181990/pppoe-connection-over-vlan-does-not-work-after-upgrade-to-2-7-0-tonight-please-help/3</a></p>
<p>TLDR:<br />PPPoE canoot start, not event trying to negotiate with the server. I am not sure what to do since version 2.6.0 works. I did clean reinstall with the image taken from the web for serial connection version and it was still failed the similar log as follow:</p>
<p>Aug 4 21:50:38 ppp 36066 [wan_link0] LCP: Down event --> After this, everyhing will be repeated for eternity from PPPoE: Connecting to XXXX to LCP: Down event.<br />Aug 4 21:50:38 ppp 36066 [wan_link0] Link: DOWN event<br />Aug 4 21:50:38 ppp 36066 [wan_link0] PPPoE connection timeout after 9 seconds<br />Aug 4 21:50:29 ppp 36066 [wan_link0] PPPoE: Connecting to 'XXXXX'<br />Aug 4 21:50:29 ppp 36066 [wan_link0] LCP: LayerStart<br />Aug 4 21:50:29 ppp 36066 [wan_link0] LCP: state change Initial --> Starting<br />Aug 4 21:50:29 ppp 36066 [wan_link0] LCP: Open event<br />Aug 4 21:50:29 ppp 36066 [wan_link0] Link: OPEN event<br />Aug 4 21:50:29 ppp 36066 [wan] Bundle: Interface ng0 created</p> pfSense Packages - Bug #14504 (Incomplete): FTP_Client_Proxy package doesn't create firewall rulehttps://redmine.pfsense.org/issues/145042023-06-23T08:23:53ZStefano Ceccherini
<p>I've installed FTP_Client_Proxy 0.3_8 on pfSense plus 23.05. I enabled the FTP client proxy services, but it doesn't create a firewall rule.</p>
<p>I had tested on pfSense plus 23.01 and it didn't work there, either.</p>
<p>When connecting from client, I got this in the firewall log:</p>
<p>#1 client command too long or not clean<br /><a class="issue tracker-1 status-3 priority-4 priority-default closed parent" title="Bug: Gateway not added when switching from DHCP to static (Resolved)" href="https://redmine.pfsense.org/issues/2">#2</a> client command too long or not clean</p> pfSense Packages - Feature #14196 (Incomplete): permitted firewall rules - additional texthttps://redmine.pfsense.org/issues/141962023-03-28T13:50:09ZJon Brown
<p>Firewall --> pfBlockerNG --> DNSBL --> DNSBL Configuration --> Permit Firewall Rules</p>
<p>Can you add some additional information here for the end user to explain lan segment and some possible scenarios when you would use this option.</p>
<p><a class="external" href="https://networkencyclopedia.com/lan-segment/">https://networkencyclopedia.com/lan-segment/</a> - Lan Segment is a physical portion of a local area network (LAN) that is separated from other portions by bridges or routers.</p>
<p><a class="external" href="https://www.reddit.com/r/pfBlockerNG/comments/p9te6f/should_permit_firewall_rules_be_enabled_i_was/">https://www.reddit.com/r/pfBlockerNG/comments/p9te6f/should_permit_firewall_rules_be_enabled_i_was/</a> - This thread mentions that you do not need this option unless you have VLANs</p>
<p><img src="https://redmine.pfsense.org/attachments/download/4864/permitted-firewall-rules.png" alt="" /></p> pfSense Plus - Bug #13497 (Incomplete): unbound process looks like stuck periodicallyhttps://redmine.pfsense.org/issues/134972022-09-16T01:16:46ZYaroslav Semenenko
<p>Hello,</p>
<p>I have Netgate 2100.<br />Unbound service is needed to restart sometimes due to it could not resolve public domain name.</p>
<p>Thanks,<br />Yaroslav</p> pfSense - Bug #13215 (Incomplete): Allowed MAC/IP/Hostname traffic counts for authorized usershttps://redmine.pfsense.org/issues/132152022-05-25T03:03:52ZViktor Gurov
<p>This is due to rewriting pf tags.<br />CP rules must check <code>tagged</code> value on all steps.</p> pfSense - Bug #12740 (Incomplete): panic: esp_input_cb: Unexpected address familyhttps://redmine.pfsense.org/issues/127402022-01-27T12:38:51ZJuraj Lutter
<p>On pfSense 21.05.02 I've started to get a panic with panic string:</p>
<pre>
esp_input_cb: Unexpected address family: xxx
</pre>
<p>Where xxx varies (248, 255, 127, 0, ...)</p>
<p>Hardware is Netgate 7100.</p>
<p>If crashdump is needed, it's available upon request.</p> pfSense Packages - Bug #11936 (Incomplete): FRR does not connect BGP when using passwordhttps://redmine.pfsense.org/issues/119362021-05-19T08:09:21ZClint Guillot
<p>Unsecured BGP sessions work fine, however password protected BGP sessions which previously worked fine no longer work in FRR.</p>
<p>Neighbor remains in "Active" state, never reaches "Established."</p> pfSense - Bug #8882 (Incomplete): Interface assignments lost on reboothttps://redmine.pfsense.org/issues/88822018-09-10T20:31:24ZJaime Geiger
<p>I'm running pfsense in AWS and I'm trying to route out of xn1 (second interface) instead of xn0 (using it as a sync interface). <br />LAN is xn0, WAN is xn1 in the interface assignment page. <br />Both interface assignments (LAN and WAN) get set to xn0 after a reboot, which causes everything to break.</p>
<p>This should not happen. If I set xn0 to WAN and xn1 to LAN then it does not lose the configuration on reboot. <br />Is WAN required to be the first interface (xn0)?</p>
<p>Let me know if you need other details.</p>