pfSense bugtracker: Issueshttps://redmine.pfsense.org/https://redmine.pfsense.org/favicon.ico?16780521162024-01-28T12:55:29ZpfSense bugtracker
Redmine pfSense - Feature #15207 (Incomplete): DynDNS - Missing update KEYhttps://redmine.pfsense.org/issues/152072024-01-28T12:55:29ZMatt Keys
<p>I apologize if this has already been reported, or already exists as a feature request. I did search previous to post, but I may have missed it as I'm unfamiliar with this interface.</p>
<p>Services - Dynamic DNS - Add DynDNS(*)</p>
<p>This page does not provide a means to enter an updater key.<br />!<br /><img src="https://redmine.pfsense.org/attachments/download/5879/clipboard-202401280753-egdtc.png" alt="" /><br />!</p> pfSense - Bug #15194 (Incomplete): PHP Fatal error in easyrule CLIhttps://redmine.pfsense.org/issues/151942024-01-26T14:31:35ZDavid Johnston
<p>Running "easyrule block wan 1.0.152.114" via ssh caused an error.<br />It looks like it's a problem in backup_config().<br />It's actually a permissions error; easyrule needs to be run as root.</p>
<p>Possible fixes:<br />1. chmod 700 /usr/local/bin/easyrule<br />2. Add a check to the PHP to report permissions errors.</p> pfSense - Bug #15185 (Incomplete): Problem with Widgets OpenVPN in Pfsense 2.7.2 after upgradehttps://redmine.pfsense.org/issues/151852024-01-24T10:46:57ZPrzemyslaw Przybyl
<p>After Upgrade with 2.7.0 to 2.7.1 next to 2.7.2.</p>
<p>Widgets OpenVPN - Servers, OpenVPN - Clients, OpenVPN - Client Exports and Dwnloading Packages OpenVpn in Widget Client Eports are loading very slow, about 1-2 minutes. In the shell Pfsense I can see only one process at 100% php-fpm. Tunning parameters in php-fpm "/usr/local/etc/php-fpm.conf" doesn't working.</p>
<p>386 root 1 133 0 163M 64M CPU15 15 2:16 100.00% php-fpm<br />41229 root 1 68 0 159M 63M accept 15 1:09 0.00% php-fpm<br />387 root 1 68 0 163M 65M accept 6 0:47 0.00% php-fpm<br />53332 root 1 68 0 159M 61M accept 3 0:34 0.00% php-fpm<br />385 root 1 20 0 107M 27M kqread 3 0:04 0.00% php-fpm</p> pfSense Plus - Bug #15157 (Incomplete): Problem in Restore Backuphttps://redmine.pfsense.org/issues/151572024-01-12T23:35:22ZRamon Alonso Costa
<p>I am having the following issue when trying to update the DNS Resolver backup. Below is the file with the error.</p> pfSense - Bug #15140 (Incomplete): Remote syslog servers on dynamically routed networks are being...https://redmine.pfsense.org/issues/151402024-01-04T16:48:42ZJames Blanton
<p>Syslogd is started before any packages are started, including the FRR package. If any remote syslog servers are on a network whose route is learned over BGP, then this traffic will be routed to the default gateway initially. This is expected behavior, since the FRR package hasn't been loaded and no BGP routes have been received.</p>
<p>The problem is that the traffic is NOT being redirected after BGP routes are established due to the state that was created initially by routing the traffic through the default GW.</p>
<p>In my specific case, I've got a remote site sending syslog traffic over an OpenVPN tunnel with BGP routing between sites. When the remote router reboots, the syslog messages are routed out of the WAN interface, creating a state with an "src-org" of the LAN IP and "src" of the WAN IP. After the FRR package starts and the BGP routes are received, these messages continue to go out of the WAN interface until the state is killed.</p>
<p>I originally reported this bug with <a class="issue tracker-1 status-12 priority-4 priority-default closed" title="Bug: Syslog Over OpenVPN Routed Out Default GW On Reboot (Not a Bug)" href="https://redmine.pfsense.org/issues/14403">#14403</a>, but was told:</p>
<pre><code><em>This is a configuration issue -- if traffic is taking a path you don't want when the VPN is down, you need to add rules to block it (e.g. reject it outbound on WAN via floating rules).</em></code></pre>
<p>However, this does not work either. While it does prevent the traffic from exiting the WAN interface, the syslog messages are still not being routed properly after the BGP routes are received. This began occurring for me originally on 23.01, but is still occurring in 23.09.1.</p>
<p>I was able to get this working by adding some code in to the "/etc/rc.state_packages" script in the foreach loop that starts that packages that checks to see if the FRR package was just started, then looks to see if any remote syslog servers were configured. If there were any servers configured, then it sleeps for 15 seconds (to give time for the BGP peering to start) before looping through the servers and checking for any existing states. If any states exists, it checks for a "src-org" field and compares it to the "src" field. If the "src" and "src-org" don't match, then it kills that state. I have tested this change with 23.09.1, and it has been working as expected.</p> pfSense - Bug #15134 (Incomplete): Post upgrade to 2.7.2 - Change in alias name stops all traffichttps://redmine.pfsense.org/issues/151342024-01-03T11:03:01ZRajko Bogdanovicrajko@itroom-a.com
<p>After installing the last 2.7.2 release, when we edited an Alias name - that rule stopped working, and all traffic was blocked from that point until a full reboot was done. <br />Once rebooted, old nat/access rules are working again using a new alias.</p> pfSense Plus - Bug #15017 (Incomplete): DHCP relay CARP status VIP function is not working in pfs...https://redmine.pfsense.org/issues/150172023-11-20T19:51:25ZRobert Karsai
<p>Hello,<br />It seems that after 23.05.1->23.09 upgrade DHCP relay CARP status VIP function is not working properly, DHCP relay agent stays active all times (dhcrelay stays green on the dashboard widget, also pgrep dhcrelay<br />returns running processes in CLI), it will not be stopped when the chosen VIP is in BACKUP status. Not a big deal, there can be two active relay agents in the same network, but this is not how it supposed to work. Strangely this only affects our pfSense+ 23.09 clusters, in pfSense CE 2.7.1 this is not an issue.<br />--<br />BR<br />Robert</p> pfSense Packages - Bug #14861 (Incomplete): Telgraf package needs updating for for PHP 8.1 and hi...https://redmine.pfsense.org/issues/148612023-10-10T21:05:56ZDavid Bowen
<p>i was directed to report this issue here</p>
<p><a class="external" href="https://forum.netgate.com/topic/183151/telegraf-stopped-working-after-update-to-2-7/3">https://forum.netgate.com/topic/183151/telegraf-stopped-working-after-update-to-2-7/3</a></p>
<p>i believe the required file is attached but if any further information is required please let me know.</p>
<p>cheers</p> pfSense - Bug #14840 (Incomplete): OpenVPN Uncaught Exception log error: Uncaught Exception: Can'...https://redmine.pfsense.org/issues/148402023-10-05T12:29:00ZPhil Wardt
<p>I received the below notification about an error when pfsense was booted:</p>
<pre><code class="shell syntaxhl">7:51:21 PHP ERROR: Type: 1, File: /usr/local/share/openssl_x509_crl/ASN1_GENERALTIME.php, Line: 73, Message: Uncaught Exception: Can<span class="s1">'t parse time from string '</span>211029094223Z<span class="s1">' in /usr/local/share/openssl_x509_crl/ASN1_GENERALTIME.php:73
Stack trace:
#0 /usr/local/share/openssl_x509_crl/ASN1.php(136): Ukrbublik\openssl_x509_crl\ASN1_GENERALTIME->decodeSimple('</span>0<span class="se">\x</span>82<span class="se">\x</span>06e0<span class="se">\x</span>82<span class="se">\x</span>04M<span class="se">\x</span>A0<span class="se">\x</span>03<span class="se">\x</span>02<span class="se">\x</span>01<span class="se">\x</span>02<span class="se">\x</span>02<span class="se">\x</span>08...<span class="s1">', 167, 13)
#1 /usr/local/share/openssl_x509_crl/ASN1.php(314): Ukrbublik\openssl_x509_crl\ASN1->decode('</span>0<span class="se">\x</span>82<span class="se">\x</span>06e0<span class="se">\x</span>82<span class="se">\x</span>04M<span class="se">\x</span>A0<span class="se">\x</span>03<span class="se">\x</span>02<span class="se">\x</span>01<span class="se">\x</span>02<span class="se">\x</span>02<span class="se">\x</span>08...<span class="s1">', 167, 13)
#2 /usr/local/share/openssl_x509_crl/ASN1.php(138): Ukrbublik\openssl_x509_crl\ASN1->decodeConstructed('</span>0<span class="se">\x</span>82<span class="se">\x</span>06e0<span class="se">\x</span>82<span class="se">\x</span>04M<span class="se">\x</span>A0<span class="se">\x</span>03<span class="se">\x</span>02<span class="se">\x</span>01<span class="se">\x</span>02<span class="se">\x</span>02<span class="se">\x</span>08...<span class="s1">', 165, 30)
#3 /usr/local/share/openssl_x509_crl/ASN1.php(314): Ukrbublik\openssl_x509_crl\ASN1->decode('</span>0<span class="se">\x</span>82<span class="se">\x</span>06e0<span class="se">\x</span>82<span class="se">\x</span>04M<span class="se">\x</span>A0<span class="se">\x</span>03<span class="se">\x</span>02<span class="se">\x</span>01<span class="se">\x</span>02<span class="se">\x</span>02<span class="se">\x</span>08...<span class="s1">', 165, 30)
#4 /usr/local/share/openssl_x509_crl/ASN1.php(138): Ukrbublik\openssl_x509_crl\ASN1->decodeConstructed('</span>0<span class="se">\x</span>82<span class="se">\x</span>06e0<span class="se">\x</span>82<span class="se">\x</span>04M<span class="se">\x</span>A0<span class="se">\x</span>03<span class="se">\x</span>02<span class="se">\x</span>01<span class="se">\x</span>02<span class="se">\x</span>02<span class="se">\x</span>08...<span class="s1">', 8, 1101)
#5 /usr/local/share/openssl_x509_crl/ASN1.php(314): Ukrbublik\openssl_x509_crl\ASN1->decode('</span>0<span class="se">\x</span>82<span class="se">\x</span>06e0<span class="se">\x</span>82<span class="se">\x</span>04M<span class="se">\x</span>A0<span class="se">\x</span>03<span class="se">\x</span>02<span class="se">\x</span>01<span class="se">\x</span>02<span class="se">\x</span>02<span class="se">\x</span>08...<span class="s1">', 8, 1101)
#6 /usr/local/share/openssl_x509_crl/ASN1.php(138): Ukrbublik\openssl_x509_crl\ASN1->decodeConstructed('</span>0<span class="se">\x</span>82<span class="se">\x</span>06e0<span class="se">\x</span>82<span class="se">\x</span>04M<span class="se">\x</span>A0<span class="se">\x</span>03<span class="se">\x</span>02<span class="se">\x</span>01<span class="se">\x</span>02<span class="se">\x</span>02<span class="se">\x</span>08...<span class="s1">', 4, 1637)
#7 /usr/local/share/openssl_x509_crl/ASN1.php(314): Ukrbublik\openssl_x509_crl\ASN1->decode('</span>0<span class="se">\x</span>82<span class="se">\x</span>06e0<span class="se">\x</span>82<span class="se">\x</span>04M<span class="se">\x</span>A0<span class="se">\x</span>03<span class="se">\x</span>02<span class="se">\x</span>01<span class="se">\x</span>02<span class="se">\x</span>02<span class="se">\x</span>08...<span class="s1">', 4, 1637)
#8 /usr/local/share/openssl_x509_crl/ASN1.php(138): Ukrbublik\openssl_x509_crl\ASN1->decodeConstructed('</span>0<span class="se">\x</span>82<span class="se">\x</span>06e0<span class="se">\x</span>82<span class="se">\x</span>04M<span class="se">\x</span>A0<span class="se">\x</span>03<span class="se">\x</span>02<span class="se">\x</span>01<span class="se">\x</span>02<span class="se">\x</span>02<span class="se">\x</span>08...<span class="s1">', 0, 1641)
#9 /usr/local/share/openssl_x509_crl/X509_CERT.php(44): Ukrbublik\openssl_x509_crl\ASN1->decode('</span>0<span class="se">\x</span>82<span class="se">\x</span>06e0<span class="se">\x</span>82<span class="se">\x</span>04M<span class="se">\x</span>A0<span class="se">\x</span>03<span class="se">\x</span>02<span class="se">\x</span>01<span class="se">\x</span>02<span class="se">\x</span>02<span class="se">\x</span>08...<span class="s1">', 0, 1641)
#10 /usr/local/share/openssl_x509_crl/X509_CRL.php(60): Ukrbublik\openssl_x509_crl\X509_CERT::decode('</span>0<span class="se">\x</span>82<span class="se">\x</span>06e0<span class="se">\x</span>82<span class="se">\x</span>04M<span class="se">\x</span>A0<span class="se">\x</span>03<span class="se">\x</span>02<span class="se">\x</span>01<span class="se">\x</span>02<span class="se">\x</span>02<span class="se">\x</span>08...<span class="s1">')
#11 /etc/inc/certs.inc(1071): Ukrbublik\openssl_x509_crl\X509_CRL::create(Array, Object(OpenSSLAsymmetricKey), '</span>0<span class="se">\x</span>82<span class="se">\x</span>06e0<span class="se">\x</span>82<span class="se">\x</span>04M<span class="se">\x</span>A0<span class="se">\x</span>03<span class="se">\x</span>02<span class="se">\x</span>01<span class="se">\x</span>02<span class="se">\x</span>02<span class="se">\x</span>08...<span class="s1">')
#12 /etc/inc/openvpn.inc(1353): crl_update(Array)
#13 /etc/inc/openvpn.inc(1576): openvpn_reconfigure('</span>server<span class="s1">', Array)
#14 /etc/inc/openvpn.inc(1865): openvpn_restart('</span>server<span class="s1">', Array)
#15 /etc/inc/openvpn.inc(1907): openvpn_resync('</span>server<span class="s1">', Array)
#16 /etc/rc.newwanip(261): openvpn_resync_all('</span>wan<span class="s1">', '</span>inet<span class="s1">')
#17 {main}
thrown
</span></code></pre>
<p>It is the first time and never sent again !</p> pfSense - Bug #14839 (Incomplete): PHP Parse error: syntax errorhttps://redmine.pfsense.org/issues/148392023-10-05T09:43:54ZSam Vanchanna
<p>[05-Oct-2023 12:18:36 Asia/Phnom_Penh] PHP Parse error: syntax error, unexpected end of file in /usr/local/sbin/pfSsh.php(374) : eval()'d code on line 6</p> pfSense Packages - Bug #14805 (Incomplete): when I changed Endpoint ip via webgui, but wiregaurd ...https://redmine.pfsense.org/issues/148052023-09-23T06:33:08Zyon Liuinfo@ipv6china.com
<p>when I changed Endpoint ip via webgui, but the wiregaurd still using old Endpoint ip ruuning.</p> pfSense Packages - Feature #14196 (Incomplete): permitted firewall rules - additional texthttps://redmine.pfsense.org/issues/141962023-03-28T13:50:09ZJon Brown
<p>Firewall --> pfBlockerNG --> DNSBL --> DNSBL Configuration --> Permit Firewall Rules</p>
<p>Can you add some additional information here for the end user to explain lan segment and some possible scenarios when you would use this option.</p>
<p><a class="external" href="https://networkencyclopedia.com/lan-segment/">https://networkencyclopedia.com/lan-segment/</a> - Lan Segment is a physical portion of a local area network (LAN) that is separated from other portions by bridges or routers.</p>
<p><a class="external" href="https://www.reddit.com/r/pfBlockerNG/comments/p9te6f/should_permit_firewall_rules_be_enabled_i_was/">https://www.reddit.com/r/pfBlockerNG/comments/p9te6f/should_permit_firewall_rules_be_enabled_i_was/</a> - This thread mentions that you do not need this option unless you have VLANs</p>
<p><img src="https://redmine.pfsense.org/attachments/download/4864/permitted-firewall-rules.png" alt="" /></p> pfSense - Bug #13215 (Incomplete): Allowed MAC/IP/Hostname traffic counts for authorized usershttps://redmine.pfsense.org/issues/132152022-05-25T03:03:52ZViktor Gurov
<p>This is due to rewriting pf tags.<br />CP rules must check <code>tagged</code> value on all steps.</p> pfSense - Bug #12734 (Incomplete): Long hostname breaks DHCP leases layouthttps://redmine.pfsense.org/issues/127342022-01-26T13:11:38ZJuri Oo
<p>It appears, that long hostnames will kind of break the dhcp leases status page. <br />With Nmap package and MAC vendors, the right part is cut off almost completely and horizontal scrollbar is added at the bottom. <br />Is this normal? I can see long MAC vendors are being cut to 3 rows. Shouldn't the hostname line also be cut at some point (in such rare cases)?</p>
<p>Tested with 2.5.2-RELEASE (amd64). Hostname is 40 characters long.</p> pfSense Packages - Bug #11530 (Incomplete): ntopng 4.2 needs to be updated to 4.3, Bug when acces...https://redmine.pfsense.org/issues/115302021-02-24T22:17:00ZMax D
<p>On pfsense 2.5, installing ntopng from package manager ntop 0.8.13_9 which is 4.2 version of ntopng, after logging into ntopng, results in a corrupt web page when clicking on a host for details, this has been fixed in 4.3 by ntopng team.</p>
<p>I installed 4.3 manually from ntopng pfsense doc, and confirmed this resolves the issue.</p>