pfSense bugtracker: Issueshttps://redmine.pfsense.org/https://redmine.pfsense.org/favicon.ico?16780521162024-03-20T20:52:08ZpfSense bugtracker
Redmine pfSense Docs - New Content #15352 (New): Mobile IPsec Group Virtual Address Poolshttps://redmine.pfsense.org/issues/153522024-03-20T20:52:08ZMarcos M
<p>Document the feature introduced with:<br /><a class="external" href="https://redmine.pfsense.org/issues/13227">https://redmine.pfsense.org/issues/13227</a></p>
<p>Note that strongswan's <code>eap-radius</code> plugin only supports specifying a single group for a user in the RADIUS reply (e.g. <code>Class := "vpnusers"</code>).</p>
<p>Related:<br /><a class="external" href="https://docs.netgate.com/pfsense/en/latest/usermanager/radius.html#radius-groups">https://docs.netgate.com/pfsense/en/latest/usermanager/radius.html#radius-groups</a><br /><a class="external" href="https://docs.strongswan.org/docs/5.9/plugins/eap-radius.html#_group_selection">https://docs.strongswan.org/docs/5.9/plugins/eap-radius.html#_group_selection</a></p> pfSense Docs - New Content #15325 (New): Tailscale documents https://redmine.pfsense.org/issues/153252024-03-09T03:08:14ZAlhusein Zawi
<p>adding documents to explain how to setup Tailscale.</p> pfSense Docs - New Content #15272 (New): Add information about Pushover group key behaviorhttps://redmine.pfsense.org/issues/152722024-02-20T07:35:32ZSergei Shablovsky
<p>in Note</p>
<p>from <br />Using the Pushover API requires a Pushover account user key and API key (Pushover Registration).</p>
<p>to<br />Using the Pushover API requires a Pushover account User Key (or Group Key) and Application API Token/Key (Pushover Registration).</p>
<p>in API Key (rename to Application API Token/Key)</p>
<p>from<br />Required. The Pushover API Key (Pushover Registration) the firewall will use to authenticate with Pushover API server.</p>
<p>to<br />Required. The Pushover’s Application API Token/Key (Pushover Registration) the firewall will use to authenticate with Pushover’s API servers.</p>
<p>in User Key (rename to User / Group Key)</p>
<p>from<br />Required. The User Key (Pushover Registration) of the Pushover account to which the API Key belongs.</p>
<p>to<br />Required. The User Key (to send notifications to particular Pushover User) or the Group Key (to broadcast notifications to all users in a particular group) of the Pushover (Pushover Registration).</p> pfSense Docs - New Content #15230 (Confirmed): Gateway status Pendinghttps://redmine.pfsense.org/issues/152302024-02-03T18:50:14ZDanilo Zrenjanin
<p><a class="external" href="https://docs.netgate.com/pfsense/en/latest/monitoring/status/gateways.html#gateways-tab">https://docs.netgate.com/pfsense/en/latest/monitoring/status/gateways.html#gateways-tab</a></p>
<p>Sometimes, the status of the gateway could be shown as Pending, in addition to the usual statuses of Online, Offline, or Warning.</p>
<p>I recommend including potential circumstances that could lead to a Pending gateway status.</p> pfSense Docs - New Content #15191 (Feedback): Document new Packet Flow Data functionality (Plus O...https://redmine.pfsense.org/issues/151912024-01-25T20:49:47ZJim Pingle
<p>Create documentation for the new pflow/Packet Flow Data functionality added to Plus for 24.03.</p>
<p>See <a class="issue tracker-2 status-5 priority-4 priority-default closed" title="Feature: GUI to configure Packet Flow Data (``pflow``) export (Closed)" href="https://redmine.pfsense.org/issues/15039">#15039</a> for details, along with the text added to the GUI pages which contains much of the info needed for the docs already.</p> pfSense Docs - New Content #15175 (New): add explicit license to pfSense documentationhttps://redmine.pfsense.org/issues/151752024-01-19T02:53:04ZHayden Mills
<p>Previous documentation hosted on GitHub repo was under a CC non-commercial license.</p>
<p>Since transitioning to the new unified documentation on netgate.com, no explicit license is present in the documentation.</p>
<p>Even though several blogposts say it is free to everyone:</p>
<p><a class="external" href="https://www.netgate.com/blog/pfsense-gold-free-starting-with-2-4-4">https://www.netgate.com/blog/pfsense-gold-free-starting-with-2-4-4</a><br /><a class="external" href="https://www.netgate.com/blog/pfSense-book-available-to-everyone">https://www.netgate.com/blog/pfSense-book-available-to-everyone</a></p>
<p>it seems to be ambiguous if it is under a non-commercial license or not.</p> pfSense Packages - Documentation #14842 (New): Update Squid troubleshootinghttps://redmine.pfsense.org/issues/148422023-10-05T14:22:20ZMike Moore
<p>The area where the update is needed: <br /><a class="external" href="https://docs.netgate.com/pfsense/en/latest/troubleshooting/squid.html#sites-not-loading-with-splice-error-409-in-access-log">https://docs.netgate.com/pfsense/en/latest/troubleshooting/squid.html#sites-not-loading-with-splice-error-409-in-access-log</a></p>
<p>Supporting forum conversations:<br /><a class="external" href="https://forum.netgate.com/topic/181796/infamous-409-issue/17?_=1696515335663">https://forum.netgate.com/topic/181796/infamous-409-issue/17?_=1696515335663</a></p>
<p>Supporting Redmine:<br /><a class="external" href="https://redmine.pfsense.org/issues/14390">https://redmine.pfsense.org/issues/14390</a></p>
<p>The update to the documentation just needs to point out that the way the modern Internet works today with CDNs especially, low TTL values for domain names will impact connectivity when using Squid. /409 errors are generated because clients for whatever reason (they may hold on to dns cache values longer) will use an IP to connect to a resource that the Proxy has a different resolved IP for.<br />Just having all clients point to pfsense is not a fix for this.</p>
<p>There are fixes to this but it has yet to be investigated when I checked the redmine today. Adding a note in the documentation will help admins that still use proxies in this way and can help those same admins identify why sites wont load or stop working suddenly.</p> pfSense Docs - New Content #14508 (New): Optimizing MTU for VPN Tunnelshttps://redmine.pfsense.org/issues/145082023-06-25T22:05:53ZMarcos M
Interfaces with suboptimal MTU values can degrade VPN performance; a document that provides examples/steps to optimize the MTU of different VPN types would help resolve the issue. The doc should contain information on common VPN types available in pfSense software:
<ul>
<li>OpenVPN</li>
<li>IPsec (routed/policy)</li>
<li>WireGuard</li>
</ul>
<p>The following assumes a WAN link MTU of <code>1500</code>. Further testing, e.g. using ping, can be done to optimize the value. Examples of this testing should be provided. The optimized value is set on the interface assignment configuration.</p>
<p><strong>OpenVPN</strong><br />Setting the MTU on the assigned interface (Interfaces > Assignments) will not work correctly since the OpenVPN daemon sets the MTU to 1500 explicitly. Instead, the value should be configured as a custom option in the server/client configuration. The suggested value is <code>tun-mtu 1428</code> to account for <code>IPv6</code> + <code>UDP</code> + <code>OpenVPN Data</code> headers.</p>
<p><strong>IPsec VTI</strong><br />A starting MTU value of <code>1400</code> is used by default which accounts for most tunnel configurations.</p>
<p><strong>WireGuard</strong><br />Similarly to IPsec VTI, a the starting MTU value of <code>1420</code> is used by default.</p> pfSense Docs - New Content #14239 (New): Feedback on Packages — Nut packagehttps://redmine.pfsense.org/issues/142392023-04-06T21:36:24ZJon Campbell
<p><strong>Page:</strong> <a class="external" href="https://docs.netgate.com/pfsense/en/latest/packages/nut.html">https://docs.netgate.com/pfsense/en/latest/packages/nut.html</a></p>
<p><strong>Feedback:</strong></p>
<p>A restart of pfsense after connecting and configuring the UPS service is a successful solution for many, when restarting the service is not working even though comm cable is connected and correct driver selected. My case had generic hardware and a CyberPower UPS (CST135UC2)</p> pfSense Docs - New Content #13331 (New): FRR: Add documentation for RIPhttps://redmine.pfsense.org/issues/133312022-07-02T14:28:04ZAlhusein Zawi
<p>RIP documents(configuration/example) need to be added under FRR package Docs.</p> pfSense Docs - New Content #13016 (New): Workaround for bandwith issues since 2.6 when installed ...https://redmine.pfsense.org/issues/130162022-04-01T12:52:01ZChristoph Obermoser
<p>Extremely slow upload speeds since 2.6 when installed in Hyper-V. A workaround for windows 10 machines is disabling both "Large Send Offloading V2" IPv4 & IPv6 in network adapter settings.</p> pfSense Docs - New Content #12787 (New): Convert "Routing Internet Traffic Through a Site-to-Site...https://redmine.pfsense.org/issues/127872022-02-11T23:28:21ZChristian Borchertccb056@gmail.com
<p><strong>Page:</strong> <a class="external" href="https://docs.netgate.com/pfsense/en/latest/recipes/ipsec-s2s-route-internet-traffic.html">https://docs.netgate.com/pfsense/en/latest/recipes/ipsec-s2s-route-internet-traffic.html</a></p>
<p><strong>Feedback:</strong></p>
<p>This could be updated for routed ipsec (vti)</p> pfSense Docs - New Content #12395 (New): FRR: Add information about the private use AS reservatio...https://redmine.pfsense.org/issues/123952021-09-21T16:32:54ZMarc Mapplebeck
<p><strong>Page:</strong> <a class="external" href="https://docs.netgate.com/pfsense/en/latest/packages/frr/bgp/required-info.html">https://docs.netgate.com/pfsense/en/latest/packages/frr/bgp/required-info.html</a></p>
<p><strong>Feedback:</strong></p>
<p>Would be helpful to include information re RFC6996 Autonomous System (AS) Reservation for Private Use:<br /><a class="external" href="https://datatracker.ietf.org/doc/html/rfc6996">https://datatracker.ietf.org/doc/html/rfc6996</a></p> pfSense Docs - New Content #12237 (New): Add information on ``ifqmaxlen`` to Hardware Tuning and ...https://redmine.pfsense.org/issues/122372021-08-10T03:13:35ZViktor Gurov
<p><strong>Page:</strong> <a class="external" href="https://docs.netgate.com/pfsense/en/latest/hardware/tune.html">https://docs.netgate.com/pfsense/en/latest/hardware/tune.html</a></p>
<p><strong>Feedback:</strong></p>
<p>Need to add optimization of interface queue length (net.link.ifqmaxlen), see <a class="issue tracker-6 status-1 priority-4 priority-default" title="New Content: Default net.link.ifqmaxlen value leads to packet loss under load in OpenVPN (New)" href="https://redmine.pfsense.org/issues/10311">#10311</a> for details</p> pfSense Docs - New Content #12098 (New): Using a static route for Accessing a CPE/Modem from Insi...https://redmine.pfsense.org/issues/120982021-07-02T02:30:27ZChris Cooter
<p><strong>Page:</strong> <a class="external" href="https://docs.netgate.com/pfsense/en/latest/recipes/modem-access.html">https://docs.netgate.com/pfsense/en/latest/recipes/modem-access.html</a></p>
<p><strong>Feedback:</strong></p>
<p>I found this article interesting, however, I was able to get this to work by only adding a static route to my cable modem. With no additional interfaces or nating I just added a route "192.168.100.1/32" to my WAN interface and it worked. I am running 2.5.1-RELEASE and my cable modem is bridged providing my WAN interface my public IP from my ISP.</p>