pfSense bugtracker: Issueshttps://redmine.pfsense.org/https://redmine.pfsense.org/favicon.ico?16780521162024-03-20T20:52:08ZpfSense bugtracker
Redmine pfSense Docs - New Content #15352 (New): Mobile IPsec Group Virtual Address Poolshttps://redmine.pfsense.org/issues/153522024-03-20T20:52:08ZMarcos M
<p>Document the feature introduced with:<br /><a class="external" href="https://redmine.pfsense.org/issues/13227">https://redmine.pfsense.org/issues/13227</a></p>
<p>Note that strongswan's <code>eap-radius</code> plugin only supports specifying a single group for a user in the RADIUS reply (e.g. <code>Class := "vpnusers"</code>).</p>
<p>Related:<br /><a class="external" href="https://docs.netgate.com/pfsense/en/latest/usermanager/radius.html#radius-groups">https://docs.netgate.com/pfsense/en/latest/usermanager/radius.html#radius-groups</a><br /><a class="external" href="https://docs.strongswan.org/docs/5.9/plugins/eap-radius.html#_group_selection">https://docs.strongswan.org/docs/5.9/plugins/eap-radius.html#_group_selection</a></p> pfSense Docs - New Content #15325 (New): Tailscale documents https://redmine.pfsense.org/issues/153252024-03-09T03:08:14ZAlhusein Zawi
<p>adding documents to explain how to setup Tailscale.</p> pfSense Docs - New Content #15230 (Confirmed): Gateway status Pendinghttps://redmine.pfsense.org/issues/152302024-02-03T18:50:14ZDanilo Zrenjanin
<p><a class="external" href="https://docs.netgate.com/pfsense/en/latest/monitoring/status/gateways.html#gateways-tab">https://docs.netgate.com/pfsense/en/latest/monitoring/status/gateways.html#gateways-tab</a></p>
<p>Sometimes, the status of the gateway could be shown as Pending, in addition to the usual statuses of Online, Offline, or Warning.</p>
<p>I recommend including potential circumstances that could lead to a Pending gateway status.</p> pfSense Docs - New Content #15191 (Feedback): Document new Packet Flow Data functionality (Plus O...https://redmine.pfsense.org/issues/151912024-01-25T20:49:47ZJim Pingle
<p>Create documentation for the new pflow/Packet Flow Data functionality added to Plus for 24.03.</p>
<p>See <a class="issue tracker-2 status-5 priority-4 priority-default closed" title="Feature: GUI to configure Packet Flow Data (``pflow``) export (Closed)" href="https://redmine.pfsense.org/issues/15039">#15039</a> for details, along with the text added to the GUI pages which contains much of the info needed for the docs already.</p> pfSense Docs - New Content #15175 (New): add explicit license to pfSense documentationhttps://redmine.pfsense.org/issues/151752024-01-19T02:53:04ZHayden Mills
<p>Previous documentation hosted on GitHub repo was under a CC non-commercial license.</p>
<p>Since transitioning to the new unified documentation on netgate.com, no explicit license is present in the documentation.</p>
<p>Even though several blogposts say it is free to everyone:</p>
<p><a class="external" href="https://www.netgate.com/blog/pfsense-gold-free-starting-with-2-4-4">https://www.netgate.com/blog/pfsense-gold-free-starting-with-2-4-4</a><br /><a class="external" href="https://www.netgate.com/blog/pfSense-book-available-to-everyone">https://www.netgate.com/blog/pfSense-book-available-to-everyone</a></p>
<p>it seems to be ambiguous if it is under a non-commercial license or not.</p> pfSense Packages - Documentation #14842 (New): Update Squid troubleshootinghttps://redmine.pfsense.org/issues/148422023-10-05T14:22:20ZMike Moore
<p>The area where the update is needed: <br /><a class="external" href="https://docs.netgate.com/pfsense/en/latest/troubleshooting/squid.html#sites-not-loading-with-splice-error-409-in-access-log">https://docs.netgate.com/pfsense/en/latest/troubleshooting/squid.html#sites-not-loading-with-splice-error-409-in-access-log</a></p>
<p>Supporting forum conversations:<br /><a class="external" href="https://forum.netgate.com/topic/181796/infamous-409-issue/17?_=1696515335663">https://forum.netgate.com/topic/181796/infamous-409-issue/17?_=1696515335663</a></p>
<p>Supporting Redmine:<br /><a class="external" href="https://redmine.pfsense.org/issues/14390">https://redmine.pfsense.org/issues/14390</a></p>
<p>The update to the documentation just needs to point out that the way the modern Internet works today with CDNs especially, low TTL values for domain names will impact connectivity when using Squid. /409 errors are generated because clients for whatever reason (they may hold on to dns cache values longer) will use an IP to connect to a resource that the Proxy has a different resolved IP for.<br />Just having all clients point to pfsense is not a fix for this.</p>
<p>There are fixes to this but it has yet to be investigated when I checked the redmine today. Adding a note in the documentation will help admins that still use proxies in this way and can help those same admins identify why sites wont load or stop working suddenly.</p> pfSense Docs - New Content #14508 (New): Optimizing MTU for VPN Tunnelshttps://redmine.pfsense.org/issues/145082023-06-25T22:05:53ZMarcos M
Interfaces with suboptimal MTU values can degrade VPN performance; a document that provides examples/steps to optimize the MTU of different VPN types would help resolve the issue. The doc should contain information on common VPN types available in pfSense software:
<ul>
<li>OpenVPN</li>
<li>IPsec (routed/policy)</li>
<li>WireGuard</li>
</ul>
<p>The following assumes a WAN link MTU of <code>1500</code>. Further testing, e.g. using ping, can be done to optimize the value. Examples of this testing should be provided. The optimized value is set on the interface assignment configuration.</p>
<p><strong>OpenVPN</strong><br />Setting the MTU on the assigned interface (Interfaces > Assignments) will not work correctly since the OpenVPN daemon sets the MTU to 1500 explicitly. Instead, the value should be configured as a custom option in the server/client configuration. The suggested value is <code>tun-mtu 1428</code> to account for <code>IPv6</code> + <code>UDP</code> + <code>OpenVPN Data</code> headers.</p>
<p><strong>IPsec VTI</strong><br />A starting MTU value of <code>1400</code> is used by default which accounts for most tunnel configurations.</p>
<p><strong>WireGuard</strong><br />Similarly to IPsec VTI, a the starting MTU value of <code>1420</code> is used by default.</p> pfSense Docs - New Content #14239 (New): Feedback on Packages — Nut packagehttps://redmine.pfsense.org/issues/142392023-04-06T21:36:24ZJon Campbell
<p><strong>Page:</strong> <a class="external" href="https://docs.netgate.com/pfsense/en/latest/packages/nut.html">https://docs.netgate.com/pfsense/en/latest/packages/nut.html</a></p>
<p><strong>Feedback:</strong></p>
<p>A restart of pfsense after connecting and configuring the UPS service is a successful solution for many, when restarting the service is not working even though comm cable is connected and correct driver selected. My case had generic hardware and a CyberPower UPS (CST135UC2)</p> pfSense Docs - New Content #13331 (New): FRR: Add documentation for RIPhttps://redmine.pfsense.org/issues/133312022-07-02T14:28:04ZAlhusein Zawi
<p>RIP documents(configuration/example) need to be added under FRR package Docs.</p> pfSense Docs - New Content #13016 (New): Workaround for bandwith issues since 2.6 when installed ...https://redmine.pfsense.org/issues/130162022-04-01T12:52:01ZChristoph Obermoser
<p>Extremely slow upload speeds since 2.6 when installed in Hyper-V. A workaround for windows 10 machines is disabling both "Large Send Offloading V2" IPv4 & IPv6 in network adapter settings.</p> pfSense Docs - New Content #12395 (New): FRR: Add information about the private use AS reservatio...https://redmine.pfsense.org/issues/123952021-09-21T16:32:54ZMarc Mapplebeck
<p><strong>Page:</strong> <a class="external" href="https://docs.netgate.com/pfsense/en/latest/packages/frr/bgp/required-info.html">https://docs.netgate.com/pfsense/en/latest/packages/frr/bgp/required-info.html</a></p>
<p><strong>Feedback:</strong></p>
<p>Would be helpful to include information re RFC6996 Autonomous System (AS) Reservation for Private Use:<br /><a class="external" href="https://datatracker.ietf.org/doc/html/rfc6996">https://datatracker.ietf.org/doc/html/rfc6996</a></p> pfSense Docs - New Content #12098 (New): Using a static route for Accessing a CPE/Modem from Insi...https://redmine.pfsense.org/issues/120982021-07-02T02:30:27ZChris Cooter
<p><strong>Page:</strong> <a class="external" href="https://docs.netgate.com/pfsense/en/latest/recipes/modem-access.html">https://docs.netgate.com/pfsense/en/latest/recipes/modem-access.html</a></p>
<p><strong>Feedback:</strong></p>
<p>I found this article interesting, however, I was able to get this to work by only adding a static route to my cable modem. With no additional interfaces or nating I just added a route "192.168.100.1/32" to my WAN interface and it worked. I am running 2.5.1-RELEASE and my cable modem is bridged providing my WAN interface my public IP from my ISP.</p> pfSense Docs - New Content #11195 (New): Using a VIP instead of an Interface when Accessing a CPE...https://redmine.pfsense.org/issues/111952020-12-30T02:09:01ZCharles Harvey
<p><strong>Page:</strong> <a class="external" href="https://docs.netgate.com/pfsense/en/latest/recipes/modem-access.html">https://docs.netgate.com/pfsense/en/latest/recipes/modem-access.html</a></p>
<p><strong>Feedback:</strong></p>
<p>This doc seems to say to add an "OPT" interface, but i had to add a virtual IP. It's also specific to PPPoE WANs, it seems? So perhaps I had the wrong Recipe... but if so, a link to the right one (non-PPPoE -- in my case a MOFI4500 in bridge mode) would be nice. If I didn't have the wrong doc, it would be nice to add a comment/procedure to use a Virtual IP for non-PPPoE situations.</p> pfSense Docs - New Content #10311 (New): Default net.link.ifqmaxlen value leads to packet loss un...https://redmine.pfsense.org/issues/103112020-03-02T21:04:03ZAlexey Ab
<p>Default value for net.link.ifqmaxlen is 128.</p>
<p>When OpenVPN is under load and transfer speed reaches 20-30 MBit, we have following errors count increasing:</p>
<p>VPN1_BRIDGE Interface: <br /> In/out errors: 0/4623</p>
<p>netstat -idb -I bridge0 -> OERRS=4623 <br />netstat -idb -I ovpnc6 -> DROP=4623</p>
<p>(Drops are important errors, but are not shown on status_interfaces.php page, please consider showing them too)</p>
<p>Increasing net.link.ifqmaxlen to 2048 eliminates these errors, and gives significant OpenVPN throughput increase (5x).</p>
<p>Also it was observed that packet drops may depend on system power management, setting CPU to high performance mode also eliminates<br />packet drops and gives significant OpenVPN performance increase.</p> pfSense Docs - New Content #9369 (New): Document remaining packageshttps://redmine.pfsense.org/issues/93692019-03-06T11:32:09ZJared Dillardjdillard@netgate.com
<p>Create pages for the currently undocumented packages in the Package List, <a class="external" href="https://docs.netgate.com/pfsense/en/latest/packages/list.html">https://docs.netgate.com/pfsense/en/latest/packages/list.html</a>.</p>
<p>- [ ] <b>apcupsd</b> - Package can be used for controlling all APC UPS models...<br />- [ ] <b>Backup</b> - Tool to Backup and Restore files and directories...<br />- [ ] <b>BIND</b> - pfSense GUI for BIND DNS server...<br />- [ ] <b>blinkled</b> - Allows you to use LEDs for monitoring network activity...<br />- [ ] <b>cellular</b> - pfSense GUI for Cellular Cards Currently it supports...<br />- [ ] <b>Cron</b> - The cron utility is used to manage commands on a schedule....<br />- [ ] <b>Darkstat</b> - darkstat is a network statistics gatherer. It's a...<br />- [ ] <b>frr</b> - FRR routing daemon for BGP, OSPF, and OSPF6...<br />- [ ] <b>FTP Client Proxy</b> - Basic FTP Client Proxy using ftp-proxy from...<br />- [ ] <b>gwled</b> - Allows you to use LEDs for monitoring gateway status on...<br />- [ ] <b>iftop</b> - Realtime interface monitor (console/shell only)....<br />- [ ] <b>LCDproc</b> - LCD display driver...<br />- [ ] <b>Lightsquid</b> - LightSquid is a high performance web proxy reporting...<br />- [ ] <b>Mailreport</b> - Allows you to setup periodic e-mail reports...<br />- [ ] <b>MTR</b> - Enhanced traceroute replacement. mtr combines the...<br />- [ ] <b>Netgate Coreboot Upgrade</b> - Provide a mechanism to update Coreboot...<br />- [ ] <b>Notes</b> - Track things you want to note for this system...<br />- [ ] <b>NRPE</b> - pfSense GUI for Nagios NRPE nrpe is used to execute Nagios...<br />- [ ] <b>ntopNG</b> - ntopng (replaces ntop) is a network probe that shows...<br />- [ ] <b>Quagga_OSPF</b> - OSPF routing protocol using Quagga. Conflicts with...<br />- [ ] <b>Routed</b> - RIP v1 and v2 daemon....<br />- [ ] <b>RRD Summary</b> - RRD Summary Page, which will give a total amount of...<br />- [ ] <b>Service Watchdog</b> - Monitors for stopped services and restarts...<br />- [ ] <b>Shellcmd</b> - The shellcmd utility is used to manage commands on...<br />- [ ] <b>Status Traffic Totals</b> - Traffic Totals page under the Status...<br />- [ ] <b>Suricata</b> - High Performance Network IDS, IPS and Security...<br />- [ ] <b>Syslog-ng</b> - Syslog-ng syslog server. This service is not intended...<br />- [ ] <b>Squid</b> - High performance web proxy cache (3.5 branch). It...<br />- [ ] <b>TFTPD</b> - tftpd installs and runs a TFTP server. We use the...<br />- [ ] <b>Tinc</b> - tinc is a Virtual Private Network (VPN) daemon that uses...<br />- [ ] <b>Zabbix-agent</b> - LTS (Long Term Support) release of Zabbix...<br />- [ ] <b>Zabbix-proxy</b> - LTS (Long Term Support) release of Zabbix Agent...</p>