pfSense bugtracker: Issueshttps://redmine.pfsense.org/https://redmine.pfsense.org/favicon.ico?16780521162024-02-26T09:35:21ZpfSense bugtracker
Redmine pfSense - Bug #15291 (New): Error on Traffic Shaper 0% Bandwidthhttps://redmine.pfsense.org/issues/152912024-02-26T09:35:21ZPavan K
<p>Link to post on pfSense Forum: <br /><a class="external" href="https://forum.netgate.com/topic/186137/error-on-traffic-shaper-0-bandwidth?_=1708915183963">https://forum.netgate.com/topic/186137/error-on-traffic-shaper-0-bandwidth?_=1708915183963</a></p>
<p>Backstory:<br />recently we migrated from pfSense 2.4.x to 2.7.2 which was a direct update. Everything worked fine etc the traffic shaping feature.</p>
<p>Following is the error:<br />There were error(s) loading the rules: pfctl: the sum of the child<br />bandwidth (1200000000) higher than parent "root_igc4" (1000000000) -<br />The line in question reads [0]: @ 2024-01-31 16:45:05</p>
<p>Following is our configuration:<br />Name → FAIRQ_7<br />Priority→ 7<br />Scheduler Option → Random Early detection in and out<br />Bandwidth → None</p>
<p>Add new Queue(Default)<br />Enable<br />Name → qFAIRQ_2(Default)<br />Priority→ 2<br />Scheduler Option → Default<br />Bandwidth → None</p>
<p>Add new Queue(ACK)<br />Enable<br />Name → qACK_6<br />Priority→ 6<br />Scheduler Option → Random Early detection in and out<br />Bandwidth → None</p>
<p>According to the configuration the Bandwidth on Queue(ACK) should be 0% which was migrated off from 2.4.x but on 2.7.2 it's not letting us save 0% bandwidth for some reason.</p>
<p>And due to this new rules which are created are not taking effect it's only after we disable and enable the Traffic Shaper completely the rule is effective.</p> pfSense Packages - Feature #15227 (New): [Freeradius - 0.15.10_1] Enable Pagination on the user ...https://redmine.pfsense.org/issues/152272024-02-02T15:15:17Zrobert morann
<p>Hi,</p>
<p>I've created 15000 users in the /cf/conf/config.xml and this is working fine.</p>
<p>However the cheer amount of user causes the browser to crash, so would it be possible to implement pagination on the user page ?</p>
<p>thanks,</p> pfSense Packages - Regression #14850 (New): ($stream) must be of type resource, bool given Snort...https://redmine.pfsense.org/issues/148502023-10-07T01:01:46ZJonathan Lee
<p>Error:<br />Fatal error: Uncaught TypeError: fgetcsv(): Argument #1 ($stream) must be of type resource, bool given in /usr/local/www/snort/snort_alerts.php:858 Stack trace: #0 /usr/local/www/snort/snort_alerts.php(858): fgetcsv(false, 1000, ',', '"') #1 {main} thrown in /usr/local/www/snort/snort_alerts.php on line 858 PHP ERROR: Type: 1, File: /usr/local/www/snort/snort_alerts.php, Line: 858, Message: Uncaught TypeError: fgetcsv(): Argument #1 ($stream) must be of type resource, bool given in /usr/local/www/snort/snort_alerts.php:858 Stack trace: #0 /usr/local/www/snort/snort_alerts.php(858): fgetcsv(false, 1000, ',', '"') #1 {main} thrown</p> pfSense - Feature #14558 (New): Feature Request: GUI options to Unbound Resolver's new DoH abili...https://redmine.pfsense.org/issues/145582023-07-07T15:51:47ZJonathan Lee
<p>Hello fellow PfSense Redmine community members,</p>
<p>I was wondering if the DNS resolver could have GUI abilities to configure DoH with unbound resolver as unbound is now able to do resolve DoH. This would be an amazing addition to the PfSense software.</p>
<p>Please see url:</p>
<p><a class="external" href="https://unbound.docs.nlnetlabs.nl/en/latest/topics/privacy/dns-over-https.html">https://unbound.docs.nlnetlabs.nl/en/latest/topics/privacy/dns-over-https.html</a></p>
<p><a class="external" href="https://forum.netgate.com/topic/181338/feature-request-gui-options-to-unbound-resolver-s-new-doh-abilities/2">https://forum.netgate.com/topic/181338/feature-request-gui-options-to-unbound-resolver-s-new-doh-abilities/2</a></p> pfSense - Bug #14473 (Confirmed): Automatic gateway not updating after default deleted https://redmine.pfsense.org/issues/144732023-06-14T01:46:38ZMatthew Foran
<p>Copied from forum post: <a class="external" href="https://forum.netgate.com/topic/177395/automatic-gateway-not-updating-after-default-deleted">https://forum.netgate.com/topic/177395/automatic-gateway-not-updating-after-default-deleted</a></p>
<p>At System/Routing/Gateways in the web UI, I created a new gateway and set it to be the default gateway. It was not working (my fault, not pfsense issue) so I deleted it and returned the "Default gateway IPv4" field to the "Automatic" setting. After hours of frustration I realized this "Automatic" setting had not switched back to the original gateway (received via DHCP). The original gateway was online according to the Status/Gateways page, but was not the default and thus no default route was defined. Manually resetting the default ipv4 gateway solved the problem.</p>
<p>I am on pfSense 2.6.0-RELEASE. I do have ipv6 enabled so there are two gateways on Status/Gateways, one for ipv4 and one for v6 (there should be a default gateway for each).</p>
<p>I found this somewhat similar issue (<a class="external" href="https://redmine.pfsense.org/issues/11570">https://redmine.pfsense.org/issues/11570</a>), but mine seems to be more related to config saving/parsing. While attempting to replicate the issue with the ipv6 gateway I found that even worse, I could not change the default gateway back manually. All my configuration is done in the web UI but I will show how the config file gets messed up:</p>
<p>Default configuration:<br /><pre><code class="xml syntaxhl"><span class="nt"><gateways></span>
<span class="nt"><defaultgw4></span>WANGW<span class="nt"></defaultgw4></span>
<span class="nt"><defaultgw6></span>WANGWv6<span class="nt"></defaultgw6></span>
<span class="nt"></gateways></span>
</code></pre></p>
<p>Added a new default ipv6 gateway "test6" and disabled the original:<br /><pre><code class="xml syntaxhl">
<span class="nt"><gateways></span>
<span class="nt"><defaultgw4></defaultgw4></span>
<span class="nt"><defaultgw6></defaultgw6></span>
<span class="nt"><gateway_item></span>
<span class="nt"><interface></span>wan<span class="nt"></interface></span>
<span class="nt"><gateway></span>dynamic<span class="nt"></gateway></span>
<span class="nt"><name></span>WAN_DHCP6<span class="nt"></name></span>
<span class="nt"><weight></span>1<span class="nt"></weight></span>
<span class="nt"><ipprotocol></span>inet6<span class="nt"></ipprotocol></span>
<span class="nt"><descr></span><span class="cp"><![CDATA[Interface WAN_DHCP6Gateway]]></span><span class="nt"></descr></span>
<span class="nt"><disabled></disabled></span>
<span class="nt"></gateway_item></span>
<span class="nt"><gateway_item></span>
<span class="nt"><interface></span>wan<span class="nt"></interface></span>
<span class="nt"><gateway></span>**garbage ipv6**<span class="nt"></gateway></span>
<span class="nt"><name></span>test6<span class="nt"></name></span>
<span class="nt"><weight></span>1<span class="nt"></weight></span>
<span class="nt"><ipprotocol></span>inet6<span class="nt"></ipprotocol></span>
<span class="nt"><descr></descr></span>
<span class="nt"></gateway_item></span>
<span class="nt"></gateways></span>
</code></pre></p>
<p>Removed the new gateway and manually restored the default gateway:<br /><pre><code class="xml syntaxhl">
<span class="nt"><gateways></span>
<span class="nt"><defaultgw4></defaultgw4></span>
<span class="nt"><defaultgw6></defaultgw6></span>
<span class="nt"><gateway_item></span>
<span class="nt"><interface></span>wan<span class="nt"></interface></span>
<span class="nt"><gateway></span>dynamic<span class="nt"></gateway></span>
<span class="nt"><name></span>WAN_DHCP6<span class="nt"></name></span>
<span class="nt"><weight></span>1<span class="nt"></weight></span>
<span class="nt"><ipprotocol></span>inet6<span class="nt"></ipprotocol></span>
<span class="nt"><descr></span><span class="cp"><![CDATA[Interface WAN_DHCP6 Gateway]]></span><span class="nt"></descr></span>
<span class="nt"></gateway_item></span>
<span class="nt"></gateways></span>
</code></pre></p>
<p>But now the web UI does not show wan_dhcp6 as a default gateway!</p>
<p>The gateway itself works as it should, but whatever determines the default gateway is not choosing the only one remaining after "test6" was deleted.</p> pfSense - Regression #14078 (Confirmed): Traffic graph shows half actual throughput when switchi...https://redmine.pfsense.org/issues/140782023-03-06T10:08:44ZSteve Y
<p>When switching back to the traffic graph page, the graph restarts as designed but the data shown is now half actual.</p>
<p>Using a new window or a different browser for the download works as expected because the original graph is still showing in the foreground of the original browser window.</p>
<p>To reproduce:</p>
<ul>
<li>open the traffic graph page</li>
<li>open another tab in the <em>same</em> browser to start a download</li>
<li>switch back to the traffic graph tab, speed is half</li>
<li>(Shift+) reload the page in the browser, and it doubles to the expected speed</li>
</ul>
<p>and</p>
<ul>
<li>open the traffic graph page</li>
<li>open <em>another browser or new browser window</em> to start a download, leaving the traffic page open</li>
<li>in the traffic graph window, speed remains as expected</li>
</ul>
<p>It's more obvious if one opens a remote and local traffic graph at the same time, only the one will show the lower speed.</p>
<p>Reproduced on 2.6 and 23.01, with and without traffic shaping, per thread : <a class="external" href="https://forum.netgate.com/topic/178542/traffic-graph-shows-half-actual-throughput-in-some-scenarios">https://forum.netgate.com/topic/178542/traffic-graph-shows-half-actual-throughput-in-some-scenarios</a></p> pfSense - Bug #12552 (New): "Pull DNS" option within OpenVPN client does not cause pfSense to use...https://redmine.pfsense.org/issues/125522021-12-01T11:19:15ZJohn Williams
<p>I have an OpenVPN client setup to connect to ExpressVPN. ExpressVPN does not provide static DNS servers for use with their VPN traffic; DNS servers are assigned dynamically. If the "Pull DNS" checkbox is checked within the OpenVPN client settings, I'd expect my DNS Resolver to use the Express VPN assigned DNS servers</p>
<p>Instead, the DNS Resolver still uses the DNS servers that are configured via System -> General Setup. I have my DNS Resolver in forwarding mode ("Enable Forwarding Mode" is checked). If I put the DNS Resolver in resolver mode, then DNS queries are forwarded to my ISP (Comcast).</p> pfSense - Feature #11956 (New): "add" button in the top of pages with many user-added itemshttps://redmine.pfsense.org/issues/119562021-05-24T17:03:48ZGuillaume LUCAS
<p>In Interfaces > Assignments | VLANs, Firewall > Aliases | NAT | Rules | Virtual IPs, it's possible to add the "Add" button in the top of the page?<br />I have many items so I need to scroll before "Add". It's tiring when I add several items at once.<br />I have given some examples of pages, but my request applies to all pages where there may be many items added by the user.</p>
<p>Yes, I know the "end" key of my keyboard, but its location on some laptop keyboard is unpleasant.<br />In addition, team leaders don't care about this tech detail, they just want to click, click, and click again (user-firendly). How do you convince them to use pfSense when other firewalls interface have these kinds of little details they like?</p>
<p>This feature request enlarges feature <a class="issue tracker-2 status-1 priority-10 priority-lowest" title="Feature: Firewall Aliases Add button on top of list (New)" href="https://redmine.pfsense.org/issues/10290">#10290</a> / <a class="external" href="https://redmine.pfsense.org/issues/10290">https://redmine.pfsense.org/issues/10290</a> .</p> pfSense Packages - Feature #10909 (New): #define MAXVIFS 32 to 64https://redmine.pfsense.org/issues/109092020-09-17T08:55:29Zxavier Lemairexavier@amassi-network.com
<p>as discussed in this thread <a class="external" href="https://forum.netgate.com/topic/156398/deploy-disk-images-with-inter-vlans-mulicast/7">https://forum.netgate.com/topic/156398/deploy-disk-images-with-inter-vlans-mulicast/7</a><br />Is it possible to pass MAXVIFS from 32 to 64 in the kernel and in pimd ?</p> pfSense - Bug #10712 (New): "default allow LAN IPv6 to any" rule does not work right after boot w...https://redmine.pfsense.org/issues/107122020-06-29T04:54:35ZViktor Gurov
<p><a class="external" href="https://forum.netgate.com/topic/154856/multiple-ipv6-bugs-quirks-in-pfsense">https://forum.netgate.com/topic/154856/multiple-ipv6-bugs-quirks-in-pfsense</a>:<br />Quite simply, you boot, you get an IPv6 PD and give it out through SLAAC on your LAN interface, machines get an IP but aren't able to connect to the internet over IPv6. If you check the firewall logs, you'll see the traffic gets dropped due to the default drop all rule.</p>
<p>Workaround : disable and enable any firewall rule to force a reload of the rules. After that, connectivity works.</p>
<p>My assumption for the root cause: the "LAN net" source does not get updated correctly when the PD gets assigned, since it does take a while to get the PD and assign it to all the needed interfaced. Because of this, the traffic from the PDd IPs is not recognised and dropped. Reloading the rules forced a reload of the "LAN net" source and thus makes it work.</p> pfSense - Bug #8177 (New): "../xsl/package.xsl" is referenced in package XML files but not on the...https://redmine.pfsense.org/issues/81772017-12-09T18:58:49ZHarry Coinhcoin@quietfountain.compfSense - Feature #7459 (New): "Refresh" button for Diagnostics/Tables displayhttps://redmine.pfsense.org/issues/74592017-04-09T02:32:18ZPhil Biggs
<p>When viewing a table, using the browser refresh produces a resend/resubmit dialog.<br />The only other way to refresh the displayed table is to navigate to another table then back to the original.<br />A Refresh button (perhaps next to the "Empty table" button) or a Refresh icon would be very useful.</p> pfSense - Todo #6727 (New): Missing file apple-touch-icon-precomposed.png ?https://redmine.pfsense.org/issues/67272016-08-18T14:10:11ZAndy Kniveton
<p>I notice this occasionally in my log files after logging in via the web browser :-</p>
<p>Aug 18 19:50:38 pfsense.localdomain nginx: 2016/08/18 19:50:38 [error] 36942#100114: *10595 open() "/usr/local/www/apple-touch-icon-precomposed.png" failed (2: No such file or directory), client: 172.16.1.20, server: , request: "GET /apple-touch-icon-precomposed.png HTTP/1.1", host: "172.16.1.1"</p>
<p>[2.3.2-RELEASE][<a class="email" href="mailto:admin@pfsense.localdomain">admin@pfsense.localdomain</a>]/root: ls /usr/local/www/apple-touch-icon-precomposed.png<br />ls: /usr/local/www/apple-touch-icon-precomposed.png: No such file or directory</p>
<p>[2.3.2-RELEASE][<a class="email" href="mailto:admin@pfsense.localdomain">admin@pfsense.localdomain</a>]/root: ls /usr/local/www/*.png<br />/usr/local/www/apple-touch-icon.png/usr/local/www/logo.png<br />/usr/local/www/logo-black.png /usr/local/www/pfs-mini.png<br />[2.3.2-RELEASE][<a class="email" href="mailto:admin@pfsense.localdomain">admin@pfsense.localdomain</a>]/root:</p>
<p>Maybe its just worth doing a symbolic link in the next pfSense build.</p> pfSense - Feature #5850 (New): Limit "WebCfg - System: User Manager page" privilege to non-admin...https://redmine.pfsense.org/issues/58502016-02-07T12:35:35ZTimon Esserme@timonster.com
<p>A user with the "WebCfg - System: User Manager page" privileges can asign himself and others to the admin group and gain admin rights this way. It would be nice to limit the "WebCfg - System: User Manager page" to privilege to manage only non-admins and certain groups. While having the ability to add himself to the admin group this privilege makes no sense, if im not wrong.</p> pfSense - Feature #2358 (New): NAT64 Supporthttps://redmine.pfsense.org/issues/23582012-04-08T16:48:12ZSeth Mosseth.mos@dds.nl
<p>example <a class="external" href="http://ecdysis.viagenie.ca/">http://ecdysis.viagenie.ca/</a></p>