pfSense bugtracker: Issueshttps://redmine.pfsense.org/https://redmine.pfsense.org/favicon.ico?16780521162024-02-20T21:51:14ZpfSense bugtracker
Redmine pfSense Packages - Bug #15274 (Incomplete): HAProxy Configuration Changes Require pfSense Reboot ...https://redmine.pfsense.org/issues/152742024-02-20T21:51:14ZZachary Cohen
<p>As originally reported here (<a class="external" href="https://forum.netgate.com/topic/172972/haproxy-config-changes-not-loaded-pfsense-restart-needed">https://forum.netgate.com/topic/172972/haproxy-config-changes-not-loaded-pfsense-restart-needed</a>), changes made to the HAProxy configuration require a reboot to take effect.</p>
<p>I'm consistently able to reproduce this issue when adding new backends.</p>
<p>When browsing to the new backend, I receive a 503 - "no server is available to handle this request". After rebooting, it works as expected.</p>
<p>Other users have been able to validate that this issue was present starting with pfSense 2.6.0 and HAProxy version haproxy-devel 0.62.10.</p>
<p>While I was able to replicate that issue starting on that version, I'm currently replicating it in pfSense 2.7.2-RELEASE (amd64) and haproxy-devel 0.63_2.</p> pfSense - Feature #15207 (Incomplete): DynDNS - Missing update KEYhttps://redmine.pfsense.org/issues/152072024-01-28T12:55:29ZMatt Keys
<p>I apologize if this has already been reported, or already exists as a feature request. I did search previous to post, but I may have missed it as I'm unfamiliar with this interface.</p>
<p>Services - Dynamic DNS - Add DynDNS(*)</p>
<p>This page does not provide a means to enter an updater key.<br />!<br /><img src="https://redmine.pfsense.org/attachments/download/5879/clipboard-202401280753-egdtc.png" alt="" /><br />!</p> pfSense - Bug #15194 (Incomplete): PHP Fatal error in easyrule CLIhttps://redmine.pfsense.org/issues/151942024-01-26T14:31:35ZDavid Johnston
<p>Running "easyrule block wan 1.0.152.114" via ssh caused an error.<br />It looks like it's a problem in backup_config().<br />It's actually a permissions error; easyrule needs to be run as root.</p>
<p>Possible fixes:<br />1. chmod 700 /usr/local/bin/easyrule<br />2. Add a check to the PHP to report permissions errors.</p> pfSense - Bug #15185 (Incomplete): Problem with Widgets OpenVPN in Pfsense 2.7.2 after upgradehttps://redmine.pfsense.org/issues/151852024-01-24T10:46:57ZPrzemyslaw Przybyl
<p>After Upgrade with 2.7.0 to 2.7.1 next to 2.7.2.</p>
<p>Widgets OpenVPN - Servers, OpenVPN - Clients, OpenVPN - Client Exports and Dwnloading Packages OpenVpn in Widget Client Eports are loading very slow, about 1-2 minutes. In the shell Pfsense I can see only one process at 100% php-fpm. Tunning parameters in php-fpm "/usr/local/etc/php-fpm.conf" doesn't working.</p>
<p>386 root 1 133 0 163M 64M CPU15 15 2:16 100.00% php-fpm<br />41229 root 1 68 0 159M 63M accept 15 1:09 0.00% php-fpm<br />387 root 1 68 0 163M 65M accept 6 0:47 0.00% php-fpm<br />53332 root 1 68 0 159M 61M accept 3 0:34 0.00% php-fpm<br />385 root 1 20 0 107M 27M kqread 3 0:04 0.00% php-fpm</p> pfSense Packages - Bug #14861 (Incomplete): Telgraf package needs updating for for PHP 8.1 and hi...https://redmine.pfsense.org/issues/148612023-10-10T21:05:56ZDavid Bowen
<p>i was directed to report this issue here</p>
<p><a class="external" href="https://forum.netgate.com/topic/183151/telegraf-stopped-working-after-update-to-2-7/3">https://forum.netgate.com/topic/183151/telegraf-stopped-working-after-update-to-2-7/3</a></p>
<p>i believe the required file is attached but if any further information is required please let me know.</p>
<p>cheers</p> pfSense - Bug #14839 (Incomplete): PHP Parse error: syntax errorhttps://redmine.pfsense.org/issues/148392023-10-05T09:43:54ZSam Vanchanna
<p>[05-Oct-2023 12:18:36 Asia/Phnom_Penh] PHP Parse error: syntax error, unexpected end of file in /usr/local/sbin/pfSsh.php(374) : eval()'d code on line 6</p> pfSense Packages - Bug #14805 (Incomplete): when I changed Endpoint ip via webgui, but wiregaurd ...https://redmine.pfsense.org/issues/148052023-09-23T06:33:08Zyon Liuinfo@ipv6china.com
<p>when I changed Endpoint ip via webgui, but the wiregaurd still using old Endpoint ip ruuning.</p> pfSense Plus - Bug #14752 (Incomplete): PHP Request Shutdown: Cannot use output buffering in outp...https://redmine.pfsense.org/issues/147522023-09-06T10:19:53Zyon Liuinfo@ipv6china.com
<p>amd64<br />14.0-ALPHA2<br />FreeBSD 14.0-ALPHA2 amd64 1400094 #1 plus-devel-main-n256133-bef8dca4536: Tue Sep 5 06:26:19 UTC 2023 root@freebsd:/var/jenkins/workspace/pfSense-Plus-snapshots-master-main/obj/amd64/fWgcJpOQ/var/jenkins/workspace/pfSense-Plus-snapshots-master-main/s</p>
<p>Crash report details:</p>
<p>PHP Errors:<br />[06-Sep-2023 03:38:27 Asia/Shanghai] PHP Fatal error: PHP Request Shutdown: Cannot use output buffering in output buffering display handlers in Unknown on line 0</p>
<p>No FreeBSD crash data found.</p> pfSense Packages - Bug #14284 (Incomplete): Wen changing frontend type, there will be invissible ...https://redmine.pfsense.org/issues/142842023-04-17T14:04:16ZLouis B
<p>During my trails to setup HA-proxy, I irregularly met a situation where I did not know which frontend type to use.<br />So I switch between types. And then there is a problem</p>
<p>Wen changing front-end type, there will be invisible leftovers, disturbing defining the new type.</p>
<p>So after defining the new chosen type the correct way, there were never the less errors due to now invisible settings from a version tried before.<br />The only way to fix that, is to delete the front-end and define it from the start.</p>
<p>This is not dramatic, but not ok as well :)</p> pfSense Packages - Feature #14196 (Incomplete): permitted firewall rules - additional texthttps://redmine.pfsense.org/issues/141962023-03-28T13:50:09ZJon Brown
<p>Firewall --> pfBlockerNG --> DNSBL --> DNSBL Configuration --> Permit Firewall Rules</p>
<p>Can you add some additional information here for the end user to explain lan segment and some possible scenarios when you would use this option.</p>
<p><a class="external" href="https://networkencyclopedia.com/lan-segment/">https://networkencyclopedia.com/lan-segment/</a> - Lan Segment is a physical portion of a local area network (LAN) that is separated from other portions by bridges or routers.</p>
<p><a class="external" href="https://www.reddit.com/r/pfBlockerNG/comments/p9te6f/should_permit_firewall_rules_be_enabled_i_was/">https://www.reddit.com/r/pfBlockerNG/comments/p9te6f/should_permit_firewall_rules_be_enabled_i_was/</a> - This thread mentions that you do not need this option unless you have VLANs</p>
<p><img src="https://redmine.pfsense.org/attachments/download/4864/permitted-firewall-rules.png" alt="" /></p> pfSense Packages - Bug #13571 (Incomplete): Tailscale disconnection problemhttps://redmine.pfsense.org/issues/135712022-10-18T03:10:04Zfang xn
<p>pppoe dial-up network, Tailscale will fail to connect after redialing after disconnection, and needs to change the port to reconnect.</p> pfSense Packages - Bug #13444 (Incomplete): zabbix_proxy : cannot open "/var/log/zabbix-proxy/zab...https://redmine.pfsense.org/issues/134442022-08-25T08:05:31ZSteve Scotter
<p>Hi</p>
<p>I frequently come across this issue when trying to investigate why a Zabbix agent isn't communicating successfully with our Zabbix server.</p>
<p>When I navigate to <a class="external" href="https://pfsense-ip-address/status_logs_packages.php?pkg=Zabbix%20Proxy%205.0">https://pfsense-ip-address/status_logs_packages.php?pkg=Zabbix%20Proxy%205.0</a> I'm presented with the following (truncated) logs</p>
<pre>
Jul 15 03:09:00 queeg500 newsyslog[90148]: logfile turned over due to size>500K
zabbix_proxy [78631]: cannot open "/var/log/zabbix-proxy/zabbix_proxy.log": [13] Permission denied
zabbix_proxy [82116]: cannot open "/var/log/zabbix-proxy/zabbix_proxy.log": [13] Permission denied
*** Above lines repeated 50+ times ***
Jul 15 03:09:00 queeg500 newsyslog[90148]: logfile turned over due to size>500K
...
...
</pre>
<p>Logging appears to have stopped ~40 days ago.</p>
<p>Restarting the Zabbix proxy service (via <a class="external" href="https://pfsense-ip-address/status_services.php#">https://pfsense-ip-address/status_services.php#</a>) gets logging working again, however its a pain because I generally speaking I wanted to see the logs for the past to investigate the problem I'm dealing with at that specific time.</p>
<p>I suspect the issue is related to log rotation and file permissions based on the Permission denied error and that newsyslog is mentioned before and after the logging stops working.</p>
<p>Today, before I restart the service I checked who owned the log file...</p>
<pre>
[2.6.0-RELEASE][root@pfsense-ip-address]/root: ls -l /var/log/zabbix-proxy/
total 106
-rw------- 1 root wheel 80 Jul 15 03:09 zabbix_proxy.log
-rw------- 1 root wheel 29744 Jul 15 03:09 zabbix_proxy.log.0.bz2
-rw------- 1 root wheel 33193 Jun 6 13:47 zabbix_proxy.log.1.bz2
-rw------- 1 root wheel 34871 May 4 09:48 zabbix_proxy.log.2.bz2
</pre>
<p>After I restarted the service I checked again...<br /><pre>
[2.6.0-RELEASE][root@fsense-ip-address]/root: ls -l /var/log/zabbix-proxy/
total 110
-rw------- 1 zabbix zabbix 3218 Aug 25 13:42 zabbix_proxy.log
-rw------- 1 zabbix zabbix 29744 Jul 15 03:09 zabbix_proxy.log.0.bz2
-rw------- 1 zabbix zabbix 33193 Jun 6 13:47 zabbix_proxy.log.1.bz2
-rw------- 1 zabbix zabbix 34871 May 4 09:48 zabbix_proxy.log.2.bz2
</pre></p>
<p>Investigating further I found the contents of `/var/etc/newsyslog.conf.d/zabbix_proxy.log.conf` does indeed set the owner to root</p>
<pre>
# Automatically generated for package Zabbix Proxy 5.0. Do not edit.
/var/log/zabbix-proxy/zabbix_proxy.log root:wheel 600 7 500 * JC
</pre>
<p>I'll try and remember to check tomorrow but I suspect the files will be owned by root again after the (presumably) daily log rotation occurs.</p>
I haven't made any customizations to the pfsense box. The only other plugins installed are
<ul>
<li>open-vm-tools v10.1.0_5,1</li>
<li>openvpn-client-export v1.6_4</li>
<li>zabbix-agent5 v1.0.4_12</li>
<li>zabbix-proxy5 v1.0.4_12</li>
</ul>
<p>I compared `/var/etc/newsyslog.conf.d/zabbix_ <strong>agentd</strong> .log.conf` with `/var/etc/newsyslog.conf.d/zabbix_ <strong>proxy</strong> .log.conf`, both set the owners to root</p>
<p>I then checked the ownership of the agent's log files, to my surprize they're owned by Zabbix. I have <strong>not</strong> restarted the Zabbix <strong>agent</strong> service today</p>
<pre>
ls -l /var/log/zabbix-agent/
total 5
-rw-rw-r-- 1 zabbix zabbix 11450 Aug 15 11:49 zabbix_agentd.log</pre> pfSense - Bug #12878 (Incomplete): Traffic shaping by interface, route queue bandwidth inbound, o...https://redmine.pfsense.org/issues/128782022-02-28T03:10:25ZBlake Drayson
<p>Since upgrading to pfSense Plus 22.01 from the latest community edition, my by interface priority queue bandwidth has an odd bug. Link is 200 Mbit/s and is set to 190 to give appropriate overhead. However when the queue is active it limits the connection to around 100 Mbit/s disable the queue it works fine. Work around so far has been to add 100 Mbit/s to the bandwidth value of the root queue (so it is now set to 290). The downlink queue is working without issue and as expected. For additional info the link that is being shapped is a L2TP link over the top of the WAN link.</p> pfSense - Bug #12734 (Incomplete): Long hostname breaks DHCP leases layouthttps://redmine.pfsense.org/issues/127342022-01-26T13:11:38ZJuri Oo
<p>It appears, that long hostnames will kind of break the dhcp leases status page. <br />With Nmap package and MAC vendors, the right part is cut off almost completely and horizontal scrollbar is added at the bottom. <br />Is this normal? I can see long MAC vendors are being cut to 3 rows. Shouldn't the hostname line also be cut at some point (in such rare cases)?</p>
<p>Tested with 2.5.2-RELEASE (amd64). Hostname is 40 characters long.</p> pfSense Packages - Bug #11530 (Incomplete): ntopng 4.2 needs to be updated to 4.3, Bug when acces...https://redmine.pfsense.org/issues/115302021-02-24T22:17:00ZMax D
<p>On pfsense 2.5, installing ntopng from package manager ntop 0.8.13_9 which is 4.2 version of ntopng, after logging into ntopng, results in a corrupt web page when clicking on a host for details, this has been fixed in 4.3 by ntopng team.</p>
<p>I installed 4.3 manually from ntopng pfsense doc, and confirmed this resolves the issue.</p>