pfSense bugtracker: Issueshttps://redmine.pfsense.org/https://redmine.pfsense.org/favicon.ico?16780521162024-01-28T12:55:29ZpfSense bugtracker
Redmine pfSense - Feature #15207 (Incomplete): DynDNS - Missing update KEYhttps://redmine.pfsense.org/issues/152072024-01-28T12:55:29ZMatt Keys
<p>I apologize if this has already been reported, or already exists as a feature request. I did search previous to post, but I may have missed it as I'm unfamiliar with this interface.</p>
<p>Services - Dynamic DNS - Add DynDNS(*)</p>
<p>This page does not provide a means to enter an updater key.<br />!<br /><img src="https://redmine.pfsense.org/attachments/download/5879/clipboard-202401280753-egdtc.png" alt="" /><br />!</p> pfSense - Bug #15194 (Incomplete): PHP Fatal error in easyrule CLIhttps://redmine.pfsense.org/issues/151942024-01-26T14:31:35ZDavid Johnston
<p>Running "easyrule block wan 1.0.152.114" via ssh caused an error.<br />It looks like it's a problem in backup_config().<br />It's actually a permissions error; easyrule needs to be run as root.</p>
<p>Possible fixes:<br />1. chmod 700 /usr/local/bin/easyrule<br />2. Add a check to the PHP to report permissions errors.</p> pfSense - Bug #15185 (Incomplete): Problem with Widgets OpenVPN in Pfsense 2.7.2 after upgradehttps://redmine.pfsense.org/issues/151852024-01-24T10:46:57ZPrzemyslaw Przybyl
<p>After Upgrade with 2.7.0 to 2.7.1 next to 2.7.2.</p>
<p>Widgets OpenVPN - Servers, OpenVPN - Clients, OpenVPN - Client Exports and Dwnloading Packages OpenVpn in Widget Client Eports are loading very slow, about 1-2 minutes. In the shell Pfsense I can see only one process at 100% php-fpm. Tunning parameters in php-fpm "/usr/local/etc/php-fpm.conf" doesn't working.</p>
<p>386 root 1 133 0 163M 64M CPU15 15 2:16 100.00% php-fpm<br />41229 root 1 68 0 159M 63M accept 15 1:09 0.00% php-fpm<br />387 root 1 68 0 163M 65M accept 6 0:47 0.00% php-fpm<br />53332 root 1 68 0 159M 61M accept 3 0:34 0.00% php-fpm<br />385 root 1 20 0 107M 27M kqread 3 0:04 0.00% php-fpm</p> pfSense - Bug #15140 (Incomplete): Remote syslog servers on dynamically routed networks are being...https://redmine.pfsense.org/issues/151402024-01-04T16:48:42ZJames Blanton
<p>Syslogd is started before any packages are started, including the FRR package. If any remote syslog servers are on a network whose route is learned over BGP, then this traffic will be routed to the default gateway initially. This is expected behavior, since the FRR package hasn't been loaded and no BGP routes have been received.</p>
<p>The problem is that the traffic is NOT being redirected after BGP routes are established due to the state that was created initially by routing the traffic through the default GW.</p>
<p>In my specific case, I've got a remote site sending syslog traffic over an OpenVPN tunnel with BGP routing between sites. When the remote router reboots, the syslog messages are routed out of the WAN interface, creating a state with an "src-org" of the LAN IP and "src" of the WAN IP. After the FRR package starts and the BGP routes are received, these messages continue to go out of the WAN interface until the state is killed.</p>
<p>I originally reported this bug with <a class="issue tracker-1 status-12 priority-4 priority-default closed" title="Bug: Syslog Over OpenVPN Routed Out Default GW On Reboot (Not a Bug)" href="https://redmine.pfsense.org/issues/14403">#14403</a>, but was told:</p>
<pre><code><em>This is a configuration issue -- if traffic is taking a path you don't want when the VPN is down, you need to add rules to block it (e.g. reject it outbound on WAN via floating rules).</em></code></pre>
<p>However, this does not work either. While it does prevent the traffic from exiting the WAN interface, the syslog messages are still not being routed properly after the BGP routes are received. This began occurring for me originally on 23.01, but is still occurring in 23.09.1.</p>
<p>I was able to get this working by adding some code in to the "/etc/rc.state_packages" script in the foreach loop that starts that packages that checks to see if the FRR package was just started, then looks to see if any remote syslog servers were configured. If there were any servers configured, then it sleeps for 15 seconds (to give time for the BGP peering to start) before looping through the servers and checking for any existing states. If any states exists, it checks for a "src-org" field and compares it to the "src" field. If the "src" and "src-org" don't match, then it kills that state. I have tested this change with 23.09.1, and it has been working as expected.</p> pfSense - Bug #15134 (Incomplete): Post upgrade to 2.7.2 - Change in alias name stops all traffichttps://redmine.pfsense.org/issues/151342024-01-03T11:03:01ZRajko Bogdanovicrajko@itroom-a.com
<p>After installing the last 2.7.2 release, when we edited an Alias name - that rule stopped working, and all traffic was blocked from that point until a full reboot was done. <br />Once rebooted, old nat/access rules are working again using a new alias.</p> pfSense - Bug #15066 (Feedback): PHP allocation failure in pfsense-utils.inchttps://redmine.pfsense.org/issues/150662023-12-05T19:13:24ZAlex Rosenberg
<p>Plus 23.09 has been running without issue for some time until this crash report yesterday. No configuration changes of any kind had been made in weeks. Nobody tried to use the dashboard yesterday.</p>
<p>---<br />Crash report begins. Anonymous machine information:</p>
<p>amd64<br />14.0-CURRENT<br />FreeBSD 14.0-CURRENT amd64 1400094 #0 plus-RELENG_23_09-n256163-2763857e770: Wed Nov 1 21:18:24 UTC 2023 root@freebsd:/var/jenkins/workspace/pfSense-Plus-snapshots-23_09-main/obj/amd64/WrS3lKLo/var/jenkins/workspace/pfSense-Plus-snapshots-23_09-main/</p>
<p>Crash report details:</p>
<p>PHP Errors:<br />[04-Dec-2023 12:09:03 America/Los_Angeles] PHP Fatal error: Allowed memory size of 536870912 bytes exhausted (tried to allocate 8192 bytes) in /etc/inc/pfsense-utils.inc on line 1772</p>
<p>No FreeBSD crash data found.</p> pfSense - Bug #14840 (Incomplete): OpenVPN Uncaught Exception log error: Uncaught Exception: Can'...https://redmine.pfsense.org/issues/148402023-10-05T12:29:00ZPhil Wardt
<p>I received the below notification about an error when pfsense was booted:</p>
<pre><code class="shell syntaxhl">7:51:21 PHP ERROR: Type: 1, File: /usr/local/share/openssl_x509_crl/ASN1_GENERALTIME.php, Line: 73, Message: Uncaught Exception: Can<span class="s1">'t parse time from string '</span>211029094223Z<span class="s1">' in /usr/local/share/openssl_x509_crl/ASN1_GENERALTIME.php:73
Stack trace:
#0 /usr/local/share/openssl_x509_crl/ASN1.php(136): Ukrbublik\openssl_x509_crl\ASN1_GENERALTIME->decodeSimple('</span>0<span class="se">\x</span>82<span class="se">\x</span>06e0<span class="se">\x</span>82<span class="se">\x</span>04M<span class="se">\x</span>A0<span class="se">\x</span>03<span class="se">\x</span>02<span class="se">\x</span>01<span class="se">\x</span>02<span class="se">\x</span>02<span class="se">\x</span>08...<span class="s1">', 167, 13)
#1 /usr/local/share/openssl_x509_crl/ASN1.php(314): Ukrbublik\openssl_x509_crl\ASN1->decode('</span>0<span class="se">\x</span>82<span class="se">\x</span>06e0<span class="se">\x</span>82<span class="se">\x</span>04M<span class="se">\x</span>A0<span class="se">\x</span>03<span class="se">\x</span>02<span class="se">\x</span>01<span class="se">\x</span>02<span class="se">\x</span>02<span class="se">\x</span>08...<span class="s1">', 167, 13)
#2 /usr/local/share/openssl_x509_crl/ASN1.php(138): Ukrbublik\openssl_x509_crl\ASN1->decodeConstructed('</span>0<span class="se">\x</span>82<span class="se">\x</span>06e0<span class="se">\x</span>82<span class="se">\x</span>04M<span class="se">\x</span>A0<span class="se">\x</span>03<span class="se">\x</span>02<span class="se">\x</span>01<span class="se">\x</span>02<span class="se">\x</span>02<span class="se">\x</span>08...<span class="s1">', 165, 30)
#3 /usr/local/share/openssl_x509_crl/ASN1.php(314): Ukrbublik\openssl_x509_crl\ASN1->decode('</span>0<span class="se">\x</span>82<span class="se">\x</span>06e0<span class="se">\x</span>82<span class="se">\x</span>04M<span class="se">\x</span>A0<span class="se">\x</span>03<span class="se">\x</span>02<span class="se">\x</span>01<span class="se">\x</span>02<span class="se">\x</span>02<span class="se">\x</span>08...<span class="s1">', 165, 30)
#4 /usr/local/share/openssl_x509_crl/ASN1.php(138): Ukrbublik\openssl_x509_crl\ASN1->decodeConstructed('</span>0<span class="se">\x</span>82<span class="se">\x</span>06e0<span class="se">\x</span>82<span class="se">\x</span>04M<span class="se">\x</span>A0<span class="se">\x</span>03<span class="se">\x</span>02<span class="se">\x</span>01<span class="se">\x</span>02<span class="se">\x</span>02<span class="se">\x</span>08...<span class="s1">', 8, 1101)
#5 /usr/local/share/openssl_x509_crl/ASN1.php(314): Ukrbublik\openssl_x509_crl\ASN1->decode('</span>0<span class="se">\x</span>82<span class="se">\x</span>06e0<span class="se">\x</span>82<span class="se">\x</span>04M<span class="se">\x</span>A0<span class="se">\x</span>03<span class="se">\x</span>02<span class="se">\x</span>01<span class="se">\x</span>02<span class="se">\x</span>02<span class="se">\x</span>08...<span class="s1">', 8, 1101)
#6 /usr/local/share/openssl_x509_crl/ASN1.php(138): Ukrbublik\openssl_x509_crl\ASN1->decodeConstructed('</span>0<span class="se">\x</span>82<span class="se">\x</span>06e0<span class="se">\x</span>82<span class="se">\x</span>04M<span class="se">\x</span>A0<span class="se">\x</span>03<span class="se">\x</span>02<span class="se">\x</span>01<span class="se">\x</span>02<span class="se">\x</span>02<span class="se">\x</span>08...<span class="s1">', 4, 1637)
#7 /usr/local/share/openssl_x509_crl/ASN1.php(314): Ukrbublik\openssl_x509_crl\ASN1->decode('</span>0<span class="se">\x</span>82<span class="se">\x</span>06e0<span class="se">\x</span>82<span class="se">\x</span>04M<span class="se">\x</span>A0<span class="se">\x</span>03<span class="se">\x</span>02<span class="se">\x</span>01<span class="se">\x</span>02<span class="se">\x</span>02<span class="se">\x</span>08...<span class="s1">', 4, 1637)
#8 /usr/local/share/openssl_x509_crl/ASN1.php(138): Ukrbublik\openssl_x509_crl\ASN1->decodeConstructed('</span>0<span class="se">\x</span>82<span class="se">\x</span>06e0<span class="se">\x</span>82<span class="se">\x</span>04M<span class="se">\x</span>A0<span class="se">\x</span>03<span class="se">\x</span>02<span class="se">\x</span>01<span class="se">\x</span>02<span class="se">\x</span>02<span class="se">\x</span>08...<span class="s1">', 0, 1641)
#9 /usr/local/share/openssl_x509_crl/X509_CERT.php(44): Ukrbublik\openssl_x509_crl\ASN1->decode('</span>0<span class="se">\x</span>82<span class="se">\x</span>06e0<span class="se">\x</span>82<span class="se">\x</span>04M<span class="se">\x</span>A0<span class="se">\x</span>03<span class="se">\x</span>02<span class="se">\x</span>01<span class="se">\x</span>02<span class="se">\x</span>02<span class="se">\x</span>08...<span class="s1">', 0, 1641)
#10 /usr/local/share/openssl_x509_crl/X509_CRL.php(60): Ukrbublik\openssl_x509_crl\X509_CERT::decode('</span>0<span class="se">\x</span>82<span class="se">\x</span>06e0<span class="se">\x</span>82<span class="se">\x</span>04M<span class="se">\x</span>A0<span class="se">\x</span>03<span class="se">\x</span>02<span class="se">\x</span>01<span class="se">\x</span>02<span class="se">\x</span>02<span class="se">\x</span>08...<span class="s1">')
#11 /etc/inc/certs.inc(1071): Ukrbublik\openssl_x509_crl\X509_CRL::create(Array, Object(OpenSSLAsymmetricKey), '</span>0<span class="se">\x</span>82<span class="se">\x</span>06e0<span class="se">\x</span>82<span class="se">\x</span>04M<span class="se">\x</span>A0<span class="se">\x</span>03<span class="se">\x</span>02<span class="se">\x</span>01<span class="se">\x</span>02<span class="se">\x</span>02<span class="se">\x</span>08...<span class="s1">')
#12 /etc/inc/openvpn.inc(1353): crl_update(Array)
#13 /etc/inc/openvpn.inc(1576): openvpn_reconfigure('</span>server<span class="s1">', Array)
#14 /etc/inc/openvpn.inc(1865): openvpn_restart('</span>server<span class="s1">', Array)
#15 /etc/inc/openvpn.inc(1907): openvpn_resync('</span>server<span class="s1">', Array)
#16 /etc/rc.newwanip(261): openvpn_resync_all('</span>wan<span class="s1">', '</span>inet<span class="s1">')
#17 {main}
thrown
</span></code></pre>
<p>It is the first time and never sent again !</p> pfSense - Bug #14839 (Incomplete): PHP Parse error: syntax errorhttps://redmine.pfsense.org/issues/148392023-10-05T09:43:54ZSam Vanchanna
<p>[05-Oct-2023 12:18:36 Asia/Phnom_Penh] PHP Parse error: syntax error, unexpected end of file in /usr/local/sbin/pfSsh.php(374) : eval()'d code on line 6</p> pfSense - Bug #14651 (Incomplete): pfSense 2.7.0 Release has PPPoE bug. Unable to even make conne...https://redmine.pfsense.org/issues/146512023-08-05T09:22:36ZCin Lung Chen
<p>Sorry if this is wrong, I am frustrated and would love to be pointed to the right direction. I made a post in the forum with no one that can help as follow: <a class="external" href="https://forum.netgate.com/topic/181990/pppoe-connection-over-vlan-does-not-work-after-upgrade-to-2-7-0-tonight-please-help/3">https://forum.netgate.com/topic/181990/pppoe-connection-over-vlan-does-not-work-after-upgrade-to-2-7-0-tonight-please-help/3</a></p>
<p>TLDR:<br />PPPoE canoot start, not event trying to negotiate with the server. I am not sure what to do since version 2.6.0 works. I did clean reinstall with the image taken from the web for serial connection version and it was still failed the similar log as follow:</p>
<p>Aug 4 21:50:38 ppp 36066 [wan_link0] LCP: Down event --> After this, everyhing will be repeated for eternity from PPPoE: Connecting to XXXX to LCP: Down event.<br />Aug 4 21:50:38 ppp 36066 [wan_link0] Link: DOWN event<br />Aug 4 21:50:38 ppp 36066 [wan_link0] PPPoE connection timeout after 9 seconds<br />Aug 4 21:50:29 ppp 36066 [wan_link0] PPPoE: Connecting to 'XXXXX'<br />Aug 4 21:50:29 ppp 36066 [wan_link0] LCP: LayerStart<br />Aug 4 21:50:29 ppp 36066 [wan_link0] LCP: state change Initial --> Starting<br />Aug 4 21:50:29 ppp 36066 [wan_link0] LCP: Open event<br />Aug 4 21:50:29 ppp 36066 [wan_link0] Link: OPEN event<br />Aug 4 21:50:29 ppp 36066 [wan] Bundle: Interface ng0 created</p> pfSense - Bug #12927 (Incomplete): OpenVPN with OCSP enabled allows connections with revoked cert...https://redmine.pfsense.org/issues/129272022-03-10T04:20:17ZDanilo Zrenjanin
<p>OpenVPN doesn't honor certificate validity status against the site listed in the OCSP URL field.</p>
<p>See:<br /><a class="external" href="https://redmine.pfsense.org/issues/11830">https://redmine.pfsense.org/issues/11830</a></p>
<pre>
Konstantin Panchenko wrote in #note-11:
This is still an issue in 2.5.2, validation code still checking only for the last line returned from "openssl", documentation for exec command states that output parameter must be used to get the full output and that would be array. Last line analysed in current code would look only "Next Update: May 11 11:29:54 2021 GMT", see above.
https://www.php.net/manual/en/function.exec.php
I see the issue was closed by adding "-resp_text" option, however without analysing the whole outpup of the EXEC / Openssl function this won't work. I've attached my edit for review.
</pre> pfSense - Bug #12878 (Incomplete): Traffic shaping by interface, route queue bandwidth inbound, o...https://redmine.pfsense.org/issues/128782022-02-28T03:10:25ZBlake Drayson
<p>Since upgrading to pfSense Plus 22.01 from the latest community edition, my by interface priority queue bandwidth has an odd bug. Link is 200 Mbit/s and is set to 190 to give appropriate overhead. However when the queue is active it limits the connection to around 100 Mbit/s disable the queue it works fine. Work around so far has been to add 100 Mbit/s to the bandwidth value of the root queue (so it is now set to 290). The downlink queue is working without issue and as expected. For additional info the link that is being shapped is a L2TP link over the top of the WAN link.</p> pfSense - Bug #12740 (Incomplete): panic: esp_input_cb: Unexpected address familyhttps://redmine.pfsense.org/issues/127402022-01-27T12:38:51ZJuraj Lutter
<p>On pfSense 21.05.02 I've started to get a panic with panic string:</p>
<pre>
esp_input_cb: Unexpected address family: xxx
</pre>
<p>Where xxx varies (248, 255, 127, 0, ...)</p>
<p>Hardware is Netgate 7100.</p>
<p>If crashdump is needed, it's available upon request.</p> pfSense - Bug #12734 (Incomplete): Long hostname breaks DHCP leases layouthttps://redmine.pfsense.org/issues/127342022-01-26T13:11:38ZJuri Oo
<p>It appears, that long hostnames will kind of break the dhcp leases status page. <br />With Nmap package and MAC vendors, the right part is cut off almost completely and horizontal scrollbar is added at the bottom. <br />Is this normal? I can see long MAC vendors are being cut to 3 rows. Shouldn't the hostname line also be cut at some point (in such rare cases)?</p>
<p>Tested with 2.5.2-RELEASE (amd64). Hostname is 40 characters long.</p> pfSense - Bug #8882 (Incomplete): Interface assignments lost on reboothttps://redmine.pfsense.org/issues/88822018-09-10T20:31:24ZJaime Geiger
<p>I'm running pfsense in AWS and I'm trying to route out of xn1 (second interface) instead of xn0 (using it as a sync interface). <br />LAN is xn0, WAN is xn1 in the interface assignment page. <br />Both interface assignments (LAN and WAN) get set to xn0 after a reboot, which causes everything to break.</p>
<p>This should not happen. If I set xn0 to WAN and xn1 to LAN then it does not lose the configuration on reboot. <br />Is WAN required to be the first interface (xn0)?</p>
<p>Let me know if you need other details.</p> pfSense - Bug #7286 (Incomplete): OpenVPN client is unreliable when you have multiple tunnelshttps://redmine.pfsense.org/issues/72862017-02-20T17:58:20ZViktor Petersson
<p>I've installed a new pfSense router to route my (Gigabit) WAN connection. My goal was to have it setup such that it both bridges two networks (site-to-site w/ two pfSense boxes) as well as route all outbound traffic over a VPN to anonymize the traffic. To accomplish this, I use two independent VPN providers to avoid SPoF in a gateway group</p>
<p>I was able to establish the connections just fine and was able to establish the VPN connections to all three VPN end-points and have traffic flowing through trough the two public VPN providers.</p>
<p>For a few days, things work fine, but later the connections randomly to dies. The WAN works fine and there's nothing wrong with the VPN end-points.</p>
<p>My expectation is that pfSense would automatically respawn the connections, which it appears to be doing to some degree. At some point, however, it appears to stop retrying and you end up like as the attached screenshot shows.</p>
<p>The strange thing is that even if the system indicates that the link is down, I can still see the ovpncX interface being up and running.</p>
<p>However, since all outbound traffic from the LAN is routed over the <abbr title="s">VPN</abbr>, the connection for the clients goes down.</p>
<p>My theory is that it is some internal health checker inside pfSense that is failing, which makes the system think the VPN links are down.</p>
<p>What's also worth noting is that even if I have two VPN links in the gateway group, if one VPN connection goes down, so does the full internet connectivity for the entire LAN (unless the VPN link is manually disabled).</p>
<p>I'm happy to provide logs, but I haven't spotted anything of significant interest.</p>