pfSense bugtracker: Issueshttps://redmine.pfsense.org/https://redmine.pfsense.org/favicon.ico?16780521162024-03-25T09:20:00ZpfSense bugtracker
Redmine pfSense Plus - Bug #15361 (New): Error in virtual IP aliases when using IPv6 "network" / "broadca...https://redmine.pfsense.org/issues/153612024-03-25T09:20:00ZMathis Cavalli
<p>There is no network address in IPv6, nor broadcasts like IPv4<br />When adding / editing an IP alias and putting there an address like fd00::/64 it shows the following error : "The network address cannot be used for this VIP" <br />It happened on my pfSense+ box but it seems the CE 2.7.2 is also affected.</p> pfSense Plus - Feature #15295 (New): State Filter Rule ID needs clarificationhttps://redmine.pfsense.org/issues/152952024-02-28T23:38:28ZMike Moore
<p>Not sure if this is a feature request but this isn't a bug.</p>
<p>See the forum post for details - <a class="external" href="https://forum.netgate.com/topic/186429/no-states-show-up-when-filtering-by-trackerid/5?_=1709161373761">https://forum.netgate.com/topic/186429/no-states-show-up-when-filtering-by-trackerid/5?_=1709161373761</a></p>
<p>Searching for states under Diagnostics/States/States and if you filter by Rule ID I mistakingly thought this meant TrackerID. The RuleID shows up if you hover over the state's entry of the firewall rule in the GUI and look at the bottom of the WebUI url and it will show what the corresponding ruleID is.</p>
<p>This doesnt make much sense considering if I search the firewall log in the WebUI and if i filter by "Rule Tracker ID" I can submit the TrackerID there and im able to narrow down my search whereas if i filter in the states screen nothing matches Rule ID because it's specifically looking for a number that the system generates for the Rule but there is no place in the UI to even know what that rule number could or would be.</p>
<p>The solution would be to either:<br />1. Fix the State filter so that it can filter by tracker ID instead of Rule ID<br />2. OR update documentation to inform users of the best place to find the rule ID.</p> pfSense Plus - Feature #15280 (New): Boot Environments 2.0https://redmine.pfsense.org/issues/152802024-02-21T19:59:52ZChristian McDonaldcmcdonald@netgate.com
<p>Changes:</p>
<ul>
<li>Configuration History is now a separate page and is no longer part of Backup & Restore.</li>
<li>Configuration History is now aware of Boot Environments. Supports downloading, deleting and restoring across boot environment boundaries.</li>
<li>System updates are now installed in an offline clone of the running system and booted "temporarily" to facilitate automatic fallback to previous working environment.</li>
<li>Boot Verification is performed when booting temporary Boot Environments. System will automatically reboot into prior boot environment upon boot failure.</li>
</ul>
<p><img src="https://redmine.pfsense.org/attachments/download/5936/clipboard-202402211456-bdjnl.png" alt="" /><br /><img src="https://redmine.pfsense.org/attachments/download/5937/clipboard-202402211457-fegcy.png" alt="" /><br /><img src="https://redmine.pfsense.org/attachments/download/5938/clipboard-202402211457-rbjkq.png" alt="" /><br /><img src="https://redmine.pfsense.org/attachments/download/5939/clipboard-202402211457-fcvqv.png" alt="" /><br /><img src="https://redmine.pfsense.org/attachments/download/5940/clipboard-202402211458-ydyne.png" alt="" /></p> pfSense Plus - Todo #15266 (Feedback): Prevent usage of the default password in User Manager acco...https://redmine.pfsense.org/issues/152662024-02-16T18:53:24ZJim Pingle
<p>Currently we detect in the GUI when the admin account is using the default password (<code>"pfsense"</code>) and print a warning message: source:src/usr/local/www/head.inc#L564</p>
<p>We should change that to check any account (not just <code>admin</code>) and force a password change during one or more of the user's initial interactions, for example:</p>
<ul>
<li>During the setup wizard</li>
<li>GUI login any time the password matches the default password</li>
<li>Shell (console or SSH) login any time the password matches the default password</li>
<li>Possibly during the installation process</li>
</ul>
<p>We should also not allow the user to change their password to any variation of "pfsense" in upper/lower/mixed case.</p> pfSense Plus - Bug #15202 (New): Add Option for Network Portion of Subnet "Wildcard" for IPv6 Ruleshttps://redmine.pfsense.org/issues/152022024-01-27T22:28:27ZKris Phillips
<p>Filtering hosts with IPv6 is extremely difficult when utilizing an upstream provider that is providing a Prefix Delegation via DHCPv6 because the Prefix Delegation can change, which invalidates existing rules.</p>
<p>If there was a way to detect the interface PD for firewall rules, similar to how the DHCPv6 server currently detects the delegated prefix, users could assign rules based on only the host portion of the subnet and have the firewall filter rule automatically fill in the delegated prefix network ID portion before feeding it to pf.</p>
<p>This solves the following two scenarios:</p>
<p>1. A static DHCPv6 lease is assigned, but the delegated prefix changes<br />2. Clients configured via SLAAC typically will have the same host portion of an address, regardless of the network portion discovered by RAs, unless they are utilizing privacy extensions.</p>
<p>Obviously, this won't help in cases where SLAAC is used with RFC4941, but in many cases when creating rules like this it's possible to disable privacy extensions optionally in most operating systems.</p> pfSense Plus - Bug #15006 (New): Upgrade Issue to 23.09 Results in Stuck Prompt Mid-upgradehttps://redmine.pfsense.org/issues/150062023-11-17T19:50:02ZKris Phillips
<p>Symptom: <br />Devices get stuck at a "Enter full pathname of the shell or RETURN for /bin/sh:" prompt mid-upgrade. Rebooting the appliance causes it to be stuck at a "-sh: /etc/rc.initial: not found" prompt after asking for credentials.</p>
<p>This does not appear to be an arch problem as amd64 and aarch64 are both seemingly affected.</p>
<p>Relevant errors during bootup captured from an 1100 that failed to upgrade properly:</p>
<p>[113/168] Extracting php82-pear-Net_URL2-2.2.1: .......... done</p>
<p>Warning: foreach() argument must be of type array|object, null given in Command.php on line 249</p>
<p>Warning: foreach() argument must be of type array|object, null given in Command.php on line 249</p>
<p>Warning: foreach() argument must be of type array|object, null given in Command.php on line 249</p>
<p>Warning: foreach() argument must be of type array|object, null given in Command.php on line 249</p>
<p>Warning: foreach() argument must be of type array|object, null given in Command.php on line 249</p>
<p>Warning: foreach() argument must be of type array|object, null given in Command.php on line 249</p>
<p>Warning: foreach() argument must be of type array|object, null given in Command.php on line 249</p>
<p>Warning: foreach() argument must be of type array|object, null given in Command.php on line 249</p>
<p>Warning: foreach() argument must be of type array|object, null given in Command.php on line 249</p>
<p>Warning: foreach() argument must be of type array|object, null given in Command.php on line 249</p>
<p>Warning: foreach() argument must be of type array|object, null given in Command.php on line 249</p>
<p>Warning: Trying to access array offset on value of type null in Role.php on line 250</p>
<p>Warning: Trying to access array offset on value of type null in Role.php on line 251</p>
<p>Warning: Trying to access array offset on value of type null in Role.php on line 250</p>
<p>Warning: Trying to access array offset on value of type null in Role.php on line 251</p>
<p>Warning: Trying to access array offset on value of type null in Role.php on line 250</p>
<p>Warning: Trying to access array offset on value of type null in Role.php on line 251</p>
<p>Warning: Trying to access array offset on value of type null in Role.php on line 250</p>
<p>Warning: Trying to access array offset on value of type null in Role.php on line 251</p>
<p>Warning: Trying to access array offset on value of type null in Role.php on line 250</p>
<p>Warning: Trying to access array offset on value of type null in Role.php on line 251</p>
<p>Warning: Trying to access array offset on value of type null in Role.php on line 250</p>
<p>Warning: Trying to access array offset on value of type null in Role.php on line 251</p>
<p>Warning: Trying to access array offset on value of type null in Role.php on line 250</p>
<p>Warning: Trying to access array offset on value of type null in Role.php on line 251</p>
<p>Warning: Trying to access array offset on value of type null in Role.php on line 250</p>
<p>Warning: Trying to access array offset on value of type null in Role.php on line 251</p>
<p>Warning: Trying to access array offset on value of type null in Role.php on line 250</p>
<p>Warning: Trying to access array offset on value of type null in Role.php on line 251</p>
<p>Warning: Trying to access array offset on value of type null in Role.php on line 250</p>
<p>Warning: Trying to access array offset on value of type null in Role.php on line 251</p>
<p>Warning: Undefined array key "honorsbaseinstall" in Role.php on line 173</p>
<p>Warning: Undefined array key "honorsbaseinstall" in Role.php on line 173</p>
<p>Warning: Undefined array key "honorsbaseinstall" in Role.php on line 173</p>
<p>Warning: Undefined array key "honorsbaseinstall" in Role.php on line 173</p>
<p>Warning: Undefined array key "honorsbaseinstall" in Role.php on line 173</p>
<p>Warning: Undefined array key "honorsbaseinstall" in Role.php on line 173</p>
<p>Warning: Undefined array key "honorsbaseinstall" in Role.php on line 173</p>
<p>Warning: Undefined array key "honorsbaseinstall" in Role.php on line 173</p>
<p>Warning: Undefined array key "honorsbaseinstall" in Role.php on line 173</p>
<p>Warning: Undefined array key "honorsbaseinstall" in Role.php on line 173</p>
<p>Warning: Undefined array key "installable" in Role.php on line 139</p>
<p>Warning: Undefined array key "installable" in Role.php on line 139</p>
<p>Warning: Undefined array key "installable" in Role.php on line 139</p>
<p>Warning: Undefined array key "installable" in Role.php on line 139</p>
<p>Warning: Undefined array key "installable" in Role.php on line 139</p>
<p>Warning: Undefined array key "installable" in Role.php on line 139</p>
<p>Warning: Undefined array key "installable" in Role.php on line 139</p>
<p>Warning: Undefined array key "installable" in Role.php on line 139</p>
<p>Warning: Undefined array key "installable" in Role.php on line 139</p>
<p>Warning: Undefined array key "installable" in Role.php on line 139</p>
<p>Warning: Undefined array key "phpfile" in Role.php on line 204</p>
<p>Warning: Undefined array key "phpfile" in Role.php on line 204</p>
<p>Warning: Undefined array key "phpfile" in Role.php on line 204</p>
<p>Warning: Undefined array key "phpfile" in Role.php on line 204</p>
<p>Warning: Undefined array key "phpfile" in Role.php on line 204</p>
<p>Warning: Undefined array key "phpfile" in Role.php on line 204</p>
<p>Warning: Undefined array key "phpfile" in Role.php on line 204</p>
<p>Warning: Undefined array key "phpfile" in Role.php on line 204</p>
<p>Warning: Undefined array key "phpfile" in Role.php on line 204</p>
<p>Warning: Undefined array key "phpfile" in Role.php on line 204</p>
<p>Warning: Undefined array key "config_vars" in Role.php on line 46</p>
<p>Warning: Undefined array key "config_vars" in Role.php on line 46</p>
<p>Warning: Undefined array key "config_vars" in Role.php on line 46</p>
<p>Warning: Undefined array key "config_vars" in Role.php on line 46</p>
<p>Warning: Undefined array key "config_vars" in Role.php on line 46</p>
<p>Warning: Undefined array key "config_vars" in Role.php on line 46</p>
<p>Warning: Undefined array key "config_vars" in Role.php on line 46</p>
<p>Warning: Undefined array key "config_vars" in Role.php on line 46</p>
<p>Warning: Undefined array key "config_vars" in Role.php on line 46</p>
<p>Warning: Undefined array key "config_vars" in Role.php on line 46<br />XML Extension not found<br />pkg-static: POST-INSTALL script failed<br />[114/168] Installing boost-libs-1.82.0_1...<br />[114/168] Extracting boost-libs-1.82.0_1: .......pid 518 (pkg-static), jid 0, uid 0, was killed: failed to reclaim memory<br />Child process pid=518 terminated abnormally: Killed</p>
<blockquote><blockquote><blockquote>
<p>Unlocking package pfSense-pkg-aws-wizard... done.<br />Unlocking package pfSense-pkg-ipsec-profile-wizard... done.</p>
</blockquote></blockquote></blockquote>
<p>Fatal error: Uncaught Error: Call to undefined function gettext() in /etc/inc/certs.inc:48<br />Stack trace:<br />#0 /etc/inc/functions.inc(34): require_once()<br />#1 /etc/rc.ecl(25): require_once('/etc/inc/functi...')<br /><a class="issue tracker-1 status-3 priority-4 priority-default closed parent" title="Bug: Gateway not added when switching from DHCP to static (Resolved)" href="https://redmine.pfsense.org/issues/2">#2</a> {main}<br /> thrown in /etc/inc/certs.inc on line 48<br />Launching the init system...<br />Fatal error: Uncaught Error: Failed opening required 'Net/IPv6.php' (include_path='.:/etc/inc:/usr/local/pfSense/include:/usr/local/pfSense/include/www:/usr/local/www:/usr/local/captiveportal:/usr/local/pkg:/usr/local/www/classes:/usr/local/www/classes/Form:/usr/local/share/pear:/usr/local/share/openssl_x509_crl/') in /etc/inc/util.inc:28<br />Stack trace:<br />#0 /etc/inc/config.lib.inc(29): require_once()<br />#1 /etc/inc/auth.inc(31): require_once('/etc/inc/config...')<br /><a class="issue tracker-1 status-3 priority-4 priority-default closed parent" title="Bug: Gateway not added when switching from DHCP to static (Resolved)" href="https://redmine.pfsense.org/issues/2">#2</a> /etc/inc/captiveportal.inc(29): require_once('/etc/inc/auth.i...')<br /><a class="issue tracker-1 status-3 priority-4 priority-default closed" title="Bug: VPN negation rules not added in 2.0 (Resolved)" href="https://redmine.pfsense.org/issues/3">#3</a> /etc/inc/service-utils.inc(25): require_once('/etc/inc/captiv...')<br /><a class="issue tracker-4 status-3 priority-4 priority-default closed" title="Todo: Remove hard coded VLAN supported interfaces list (Resolved)" href="https://redmine.pfsense.org/issues/4">#4</a> /etc/inc/pkg-utils.inc(26): require_once('/etc/inc/servic...')<br /><a class="issue tracker-4 status-3 priority-4 priority-default closed" title="Todo: Don't sync on every filter reload (Resolved)" href="https://redmine.pfsense.org/issues/5">#5</a> /etc/rc.bootup(27): require_once('/etc/inc/pkg-ut...')<br /><a class="issue tracker-1 status-3 priority-4 priority-default closed" title="Bug: Status -> Wireless display bugs (Resolved)" href="https://redmine.pfsense.org/issues/6">#6</a> {main}<br /> thrown in /etc/inc/util.inc on line 28<br />Starting CRON... done.</p>
<p>Fatal error: Uncaught Error: Call to undefined function gettext() in /etc/inc/certs.inc:48<br />Stack trace:<br />#0 /etc/inc/functions.inc(34): require_once()<br />#1 /etc/inc/notices.inc(26): require_once('/etc/inc/functi...')<br /><a class="issue tracker-1 status-3 priority-4 priority-default closed parent" title="Bug: Gateway not added when switching from DHCP to static (Resolved)" href="https://redmine.pfsense.org/issues/2">#2</a> /etc/inc/config.inc(51): require_once('/etc/inc/notice...')<br /><a class="issue tracker-1 status-3 priority-4 priority-default closed" title="Bug: VPN negation rules not added in 2.0 (Resolved)" href="https://redmine.pfsense.org/issues/3">#3</a> /etc/rc.start_packages(25): require_once('/etc/inc/config...')<br /><a class="issue tracker-4 status-3 priority-4 priority-default closed" title="Todo: Remove hard coded VLAN supported interfaces list (Resolved)" href="https://redmine.pfsense.org/issues/4">#4</a> {main}<br /> thrown in /etc/inc/certs.inc on line 48<br />.: cannot open /etc/rc.be_functions.sh: No such file or directory<br />Enter full pathname of shell or RETURN for /bin/sh:</p> pfSense Plus - Feature #14928 (New): FEATURE REQUEST: Wireless ath0 and MAC address controlshttps://redmine.pfsense.org/issues/149282023-10-27T18:48:30ZJonathan Lee
<p><code>ifconfig ath0_wlan0 list mac</code></p>
<p>This has the ability to have a ACL lists added. Can we please have the ability to migrate the ACL or static assigned MAC addresses into the Wireless settings?</p>
<p><code>ifconfig ath0_wlan0 mac:add</code></p>
<p><a class="external" href="https://man.freebsd.org/cgi/man.cgi?ifconfig">https://man.freebsd.org/cgi/man.cgi?ifconfig</a></p>
<pre><code>@ MAC-Based Access Control List Parameters<br /> The following parameters support an optional access control list fea-<br /> ture available with some adapters when operating in ap mode; see<br /> wlan_acl(4). This facility allows an access point to accept/deny asso-<br /> ciation requests based on the MAC address of the station. Note that<br /> this feature does not significantly enhance security as MAC address<br /> spoofing is easy to do.</code></pre>
<pre><code>mac:add address<br /> Add the specified MAC address to the database. Depending on<br /> the policy setting association requests from the specified sta-<br /> tion will be allowed or denied.</code></pre>
<pre><code>mac:allow<br /> Set the ACL policy to permit association only by stations reg-<br /> istered in the database.</code></pre>
<pre><code>mac:del address<br /> Delete the specified MAC address from the database.</code></pre>
<pre><code>mac:deny<br /> Set the ACL policy to deny association only by stations regis-<br /> tered in the database.</code></pre>
<pre><code>mac:kick address<br /> Force the specified station to be deauthenticated. This typi-<br /> cally is done to block a station after updating the address<br /> database.</code></pre>
<pre><code>mac:open<br /> Set the ACL policy to allow all stations to associate.</code></pre>
<pre><code>mac:flush<br /> Delete all entries in the database.</code></pre>
<pre><code>mac:radius<br /> Set the ACL policy to permit association only by stations ap-<br /> proved by a RADIUS server. Note that this feature requires the<br /> hostapd(8) program be configured to do the right thing as it<br /> handles the RADIUS processing (and marks stations as autho-<br /> rized).</code></pre>
<p>@</p>
<p>This ability is already part of FreeBSD and can be accessed in pfSense from command line. This would provide greater security into the pcie mini card also.</p>
<p>If we have items statically assigned in DHCP it would be easy to migrate that into auto added MAC adds</p> pfSense Plus - Feature #14743 (New): Add Passkey/Certificate-based Authenticationhttps://redmine.pfsense.org/issues/147432023-09-03T04:21:49ZKris Phillips
<p>pfSense Plus's webConfigurator is currently limited in authentication for local auth, requiring third party implementations to add 2FA or other authentication means.</p>
<p>There is already redmine 12546 for adding 2FA to pfSense Plus natively, but it would also be beneficial to add passkey/cert-based authentication to pfSense Plus' webConfigurator and other functions.</p> pfSense Plus - Feature #14555 (New): Display Overridden Interface Names On Interface and VLAN Set...https://redmine.pfsense.org/issues/145552023-07-06T18:01:25ZJohn Uplink
<p>Please reference overridden interface names in various places in the pfSense web management UI. It seems that in some places such as the, "Interface Assignments" and "VLAN Setup" page, the interface internal config name is displayed instead of the user friendly overridden name (if configured). This makes it somewhat confusing when trying to view which interface an existing VLAN is assigned to (see screenshot 1) or when creating a VLAN (see screenshot 2).</p>
<p>Negate Forum Discussion: <a class="external" href="https://forum.netgate.com/topic/181251/renamed-interface-still-showing-old-name?_=1688492198971">https://forum.netgate.com/topic/181251/renamed-interface-still-showing-old-name?_=1688492198971</a></p>
<p><img src="https://redmine.pfsense.org/attachments/download/5164/screenshot1.jpg" alt="" /></p>
<p><img src="https://redmine.pfsense.org/attachments/download/5165/screenshot2.jpg" alt="" /></p> pfSense Plus - Bug #14531 (Confirmed): Traffic Graph widget doesn't show traffic counts for OpenV...https://redmine.pfsense.org/issues/145312023-06-30T16:48:06ZLev Prokofev
<p>The Traffic Graph widget doesn't show the in\out traffic for the OpenVPN interfaces.</p>
<p><img src="https://redmine.pfsense.org/attachments/download/5133/clipboard-202306302045-mzwyk.png" alt="" /><br /><img src="https://redmine.pfsense.org/attachments/download/5134/clipboard-202306302045-zsncd.png" alt="" /></p> pfSense Plus - Feature #14387 (New): Offline config modehttps://redmine.pfsense.org/issues/143872023-05-15T23:25:14ZMike Leone
<p>From a forum discussion. Steve deserves credit.<br />[[<a class="external" href="https://forum.netgate.com/topic/180107">https://forum.netgate.com/topic/180107</a>]]</p>
<h1>Offline Config Mode
<ul>
<li>Provide ability to set configurations while no internet or DNS is available. This is pursuant to bug <a class="issue tracker-1 status-3 priority-4 priority-default closed" title="Bug: Lack of DNS or Internet connectivity causes GUI to be slow (Resolved)" href="https://redmine.pfsense.org/issues/12141">#12141</a></li>
<li>23.01 seems to have reverted a little when no WAN is present, while certainly better than 2.6.0 is still quite frustrating</li>
<li>There are use-cases where not having any internet but wanting to even generate a config to load on another firewall with say a static WAN IP to make onsite install easier</li>
<li>When diagnosing a firewall where possibly the internet is down, and even the resolved issue is a bit too much wait especially under a stressful condition</li>
<li>Have an option that shows in the wizard as a checkbox</li>
<li>Have an option in the CLI, like hit "15 for Offline Config mode" before you log in. (Steve W notes "a simple php shell script in the CLI")</li>
<li>Have an option under the Diagnostic tab, to allow you to fix a wan or other routing issue without the web interface tripping allover itself</li>
</ul></h1> pfSense Plus - Regression #14378 (Confirmed): Packages are not removed when using the hardware re...https://redmine.pfsense.org/issues/143782023-05-12T00:41:38ZSteve Wheeler
<p>More precisely it appears that packages are re-installed after rebooting into the new config.</p>
<p>This does not happen using the factory default options in the GUI or console menu.</p>
<p>Tested on 4100 and 6100 with 23.05.r.20230509.2241</p> pfSense Plus - Bug #14175 (New): LDAP authentication for SSH failshttps://redmine.pfsense.org/issues/141752023-03-24T12:58:35ZGeorgiy Tyutyunnik
<p>LDAP authentication fails for SSH user authentication via LDAP with error (Invalid credentials).<br />Same user successfully authenticates to GUI.<br />User group with shell access is defined on pfSense and recognized at LDAP login, Shell Authentication Group DN is defined. <br />Logs for successful gui and failed ssh logins are attached.</p> pfSense Plus - Feature #14066 (New): Add line number to rules and insert optionhttps://redmine.pfsense.org/issues/140662023-03-03T09:20:22ZMike Moore
<p>From a rule management perspective, is it possible to do the following:<br />1. Add line numbers in the GUI. So an admin can say 'Line 30' needs to be modified instead of having to relay the rule to the team and everyone hunting for that specific rule. Of course the line numbers will need to be adjusted each time a rule is added or deleted. Makes administration easier.</p>
<p>2. Insert a rule within the rule set. Currently, the only options are to add a rule at the top or at the bottom or maybe copy an existing rule which would place it underneath what you are copying - which is a good step. Having a large rule set it makes sense to create a rule and have the option presented to 'place after line 15' for example.</p>
<p>This is all about better rule administration and management.</p> pfSense Plus - Bug #13687 (New): firewall_shaper_vinterface.php cannot deal with a limiter named ...https://redmine.pfsense.org/issues/136872022-11-23T02:41:47ZKristof Provost
<p>When I create a limiter named 'new' via the Traffic Shaper page (firewall_shaper_vinterface.php) with the name 'new' it becomes impossible to create more limiters.<br />The 'new' limiter is created correctly, and I can add queues to it, but following the 'New Limiter' link (to firewall_shaper_vinterface.php?pipe=new&action=add") shows the new queue page, not the new limiter page.</p>