Activity
From 02/13/2021 to 03/14/2021
03/13/2021
-
11:18 PM Bug #11673: Thermal Sensors Non-functional on SG-3100
- Unable to reproduce
Could be related to #11443 -
10:01 PM Bug #11673: Thermal Sensors Non-functional on SG-3100
- Kris Phillips wrote:
> The Dashboard Widget for the SG-3100 showing the thermal sensor information gets stuck on "Up... -
06:20 PM Bug #11673 (Duplicate): Thermal Sensors Non-functional on SG-3100
- The Dashboard Widget for the SG-3100 showing the thermal sensor information gets stuck on "Updating...." in pfSense P...
03/12/2021
-
10:31 PM Regression #11436: State matching problem with reponses to packets arriving on non-default WANs
- Sounds like this issue might be causing my problem but I can't tell 100% from the description.
One of our sites ha... -
12:38 PM Regression #11436: State matching problem with reponses to packets arriving on non-default WANs
- Updating subject for release notes.
Also made it more general since this can affect more than port forwards. -
10:50 AM Regression #11436: State matching problem with reponses to packets arriving on non-default WANs
- Just to update. The nat rule on 2.4.5p1 for 1:1 Nat is...
-
10:20 AM Feature #10804: Interface Status page information for switch uplinks may be replaced by switch port data when media state monitoring is set
- Updating subject for release notes.
-
09:36 AM Regression #11504: CA and certificate validity end dates after 2038 are not handled properly on 32-bit ARM
- Updating subject for release notes.
-
09:16 AM Regression #11504 (Resolved): CA and certificate validity end dates after 2038 are not handled properly on 32-bit ARM
03/11/2021
-
02:32 PM Bug #11630: WireGuard MultiWAN Not Failing Back to Tier 1
- Christian,
Nope! I explored that line of thought as well. I did have it set up at one point, but then I removed i... -
07:57 AM Bug #11630: WireGuard MultiWAN Not Failing Back to Tier 1
- If anybody from Netgate would like to jump into a Zoom meeting so that they can observe this edge case, just reach ou...
-
07:38 AM Bug #11630: WireGuard MultiWAN Not Failing Back to Tier 1
- Christian,
What I've found is that unless you do something to interfere with WireGuard, such as disabling and re-e... -
07:23 AM Bug #11630: WireGuard MultiWAN Not Failing Back to Tier 1
- I'm seeing this on 2.5.0 as well. I have a failover group set as default gateway IPv4. WAN1 dropped out and WG starte...
-
02:20 PM Feature #10804 (Feedback): Interface Status page information for switch uplinks may be replaced by switch port data when media state monitoring is set
- Cherry-picked to RELENG_2_5_1
-
02:05 PM Bug #11466: PHP exits with signal 11 on SG-3100 when calling PCRE functions
- Likely related #11605 and #11551
-
01:26 PM Bug #11466: PHP exits with signal 11 on SG-3100 when calling PCRE functions
- Updating bug report to focus on PHP issue, given that the snort sig 10 issue is unlikely related, and this seems to a...
-
01:12 PM Regression #11504: CA and certificate validity end dates after 2038 are not handled properly on 32-bit ARM
- Confirmed working on 21.02.2
-
10:40 AM Regression #11504: CA and certificate validity end dates after 2038 are not handled properly on 32-bit ARM
- Tested on 21.02p1 and it showed as invalid. After updating to latest dev build image (Mar 10), the cert no longer sho...
03/10/2021
-
02:37 PM Regression #11504: CA and certificate validity end dates after 2038 are not handled properly on 32-bit ARM
- Needs re-tested on snapshots.
If needed, I have a user-supplied certificate which can replicate the problem and ca... -
08:12 AM Bug #11626: Google LDAP connections fail due to lack of SNI for TLS 1.3
- Not that I like the idea of downgrading to a lower TLS version but I wonder if it would work if we forced off TLS 1.3...
-
05:45 AM Bug #11626: Google LDAP connections fail due to lack of SNI for TLS 1.3
- Using the STunnel package as a workaround helps:
https://docs.netgate.com/pfsense/en/latest/recipes/auth-google-gsui...
03/09/2021
-
03:00 PM Bug #11466: PHP exits with signal 11 on SG-3100 when calling PCRE functions
- Tested on:...
-
12:28 PM Bug #11466: PHP exits with signal 11 on SG-3100 when calling PCRE functions
- Has anyone tried this on a 21.05 snapshot with PHP 7.4.16? The release notes for PHP 7.4.16 mention they fixed a segf...
-
01:48 PM Regression #11436: State matching problem with reponses to packets arriving on non-default WANs
- gnn is taking a look at this to see if he can track it down.
-
01:16 PM Feature #10804 (Waiting on Merge): Interface Status page information for switch uplinks may be replaced by switch port data when media state monitoring is set
03/08/2021
-
07:40 PM Regression #11436: State matching problem with reponses to packets arriving on non-default WANs
- Site to Site OpenVPN is broken for me in 2.5.0. The tunnel encryption is setup, but running openvpn at verbosity leve...
-
09:46 AM Regression #11436: State matching problem with reponses to packets arriving on non-default WANs
- the last filter generating change is https://github.com/pfsense/pfsense/commit/fce8a99bffae47c965c692dbe763ae9732092f...
-
09:17 AM Regression #11436: State matching problem with reponses to packets arriving on non-default WANs
- Same issue here after upgrade to v21.02,
MultiWan wont NAT properly on both wan.
A new message to let you know this... -
11:29 AM Bug #11630: WireGuard MultiWAN Not Failing Back to Tier 1
- This also appears to be related to Bug #11613, where the user had to reboot pfSense to get WireGuard to follow the st...
-
11:21 AM Bug #11630: WireGuard MultiWAN Not Failing Back to Tier 1
- FYI - The "nightly" build I was using during testing was 2.5.0.a.20210122.2350.
03/07/2021
-
11:32 PM Bug #11630: WireGuard MultiWAN Not Failing Back to Tier 1
- see also #11570 and #6370
-
11:21 AM Regression #11436: State matching problem with reponses to packets arriving on non-default WANs
- It looks like the reply traffic is not matching the state created by the inbound connection on the WAN.
The firewa...
03/06/2021
-
10:20 AM Regression #11504: CA and certificate validity end dates after 2038 are not handled properly on 32-bit ARM
- bdaa35dcf31def521ba8c60c0aa9c41bf5005311 is working when applied to 21.02p1 on an SG-3100. The change hasn't made it ...
03/05/2021
-
04:31 PM Bug #11630 (Closed): WireGuard MultiWAN Not Failing Back to Tier 1
- When using a GW group for WAN failover, WireGuard will fail to Tier2 when the Tier1 GW is down. However, when Tier1 i...
-
10:23 AM Regression #11436: State matching problem with reponses to packets arriving on non-default WANs
- Marcos Mendoza wrote:
[...]
>
> I noticed the PPPoE gateway that was automatically created was outside of the sub... -
09:59 AM Regression #11436: State matching problem with reponses to packets arriving on non-default WANs
- Another report:
Port forward and firewall rules are in place on a secondary PPPoE WAN interface. Traffic comes in,... -
08:06 AM Bug #11626: Google LDAP connections fail due to lack of SNI for TLS 1.3
- If OpenLDAP ldapsearch fails directly it's unlikely to be related to #9417
All the references I see to SNI seem fa... -
02:07 AM Bug #11626: Google LDAP connections fail due to lack of SNI for TLS 1.3
- may be related to #9417
-
02:02 AM Bug #11626 (Resolved): Google LDAP connections fail due to lack of SNI for TLS 1.3
- https://forum.netgate.com/topic/161725/google-ldap-connection-failed:
I have a problem after update my Netgate XG-...
03/03/2021
-
02:52 PM Bug #11615: OpenVPN + Ldap broken in 21.02-RELEASE-p1
- Read all of the recent notes, it's a general problem with fcgicli that manifests in multiple ways, including validati...
-
02:46 PM Bug #11615: OpenVPN + Ldap broken in 21.02-RELEASE-p1
- I do not believe this is a duplicate
here the longest cert
1) ST=CA, OU=XXXXXX, O=XXXXXX Technologies Inc, L=XXXX... -
11:22 AM Bug #11615 (Duplicate): OpenVPN + Ldap broken in 21.02-RELEASE-p1
- Almost certainly a duplicate of #4521 (See notes there with attached patches to try).
If that doesn't help, please... -
11:20 AM Bug #11615 (Duplicate): OpenVPN + Ldap broken in 21.02-RELEASE-p1
- We recently upgraded to 21.02-RELEASE-p1 (AWS)
And since we see an odd behavior that prevent user to login
OpenLD...
03/01/2021
-
02:06 AM Regression #11444: SG-3100 doesn't pass traffic after upgrade to 21.02
- Let me share some of mny observartions in the last 3 days.
* hw.ncpu=unset, all non default Packages diabled = Sta...
02/26/2021
-
07:36 AM Regression #11444: SG-3100 doesn't pass traffic after upgrade to 21.02
- Marco Goetze wrote:
> Question: Was 21.02.p1 just a quick fix addind a cpu limit to laoder.conf or was the membar al... -
05:42 AM Regression #11444: SG-3100 doesn't pass traffic after upgrade to 21.02
- What Viktor mentioned could be a reason. In my tested and still failing SG-3100 it also used the pfBlockerNG-dev pack...
-
04:18 AM Regression #11444: SG-3100 doesn't pass traffic after upgrade to 21.02
- same issue after upgrading to 21.02-p1:...
-
02:41 AM Regression #11444: SG-3100 doesn't pass traffic after upgrade to 21.02
- After the Problem occurred first time I applied the quick fix setting to 1 CPU in the loader.conf > hw.ncpu=1
Now ...
02/25/2021
-
04:01 PM Bug #11466: PHP exits with signal 11 on SG-3100 when calling PCRE functions
- Another day of frustrating, but ultimately not too productive, testing leads me to conclude this is something with 32...
-
08:40 AM Bug #11466: PHP exits with signal 11 on SG-3100 when calling PCRE functions
- Steve Yates wrote:
> Simply out of curiosity I did a quick search and found this "not a bug" from 2008: https://bugs... -
03:42 PM Bug #11540 (Not a Bug): Nat not working
- There isn't nearly enough information there to classify it as a bug, and this site is not for support or diagnostic d...
-
03:29 PM Bug #11540 (Not a Bug): Nat not working
- Hello,
After updating to version 21.02 on SG-4860 nat stopped working.
What can we do to make nat work again?
... -
11:11 AM Regression #11444 (Resolved): SG-3100 doesn't pass traffic after upgrade to 21.02
02/24/2021
-
10:35 PM Bug #11466: PHP exits with signal 11 on SG-3100 when calling PCRE functions
- Simply out of curiosity I did a quick search and found this "not a bug" from 2008: https://bugs.php.net/bug.php?id=45...
-
09:57 PM Bug #11466: PHP exits with signal 11 on SG-3100 when calling PCRE functions
- *Update on this issue*
The problem is somewhere within the PHP base function _preg_match()_.
Here is a PHP code...
02/23/2021
-
11:50 PM Regression #11444: SG-3100 doesn't pass traffic after upgrade to 21.02
- Scott Lang, that tracks along the same lines with the issues I was having back in Sep 2020: https://forum.netgate.com...
-
03:35 PM Regression #11504 (Feedback): CA and certificate validity end dates after 2038 are not handled properly on 32-bit ARM
- Applied in changeset pfsense:commit:bdaa35dcf31def521ba8c60c0aa9c41bf5005311.
-
03:26 PM Regression #11504: CA and certificate validity end dates after 2038 are not handled properly on 32-bit ARM
- When applying the patch for this, you will probably need to apply @cb17faca3b07197db4b1eb1502a876873ddc222c@ first an...
-
03:25 PM Regression #11504: CA and certificate validity end dates after 2038 are not handled properly on 32-bit ARM
- Looks like this is from the @validTo@ date in the parsed details using a four digit date and the code assumed a two d...
-
03:10 PM Bug #11466: PHP exits with signal 11 on SG-3100 when calling PCRE functions
- *Another Update*
None of the conditions described in this bug report occur on an SG-1100 (64-bit ARM CPU), and nei... -
11:40 AM Bug #11466: PHP exits with signal 11 on SG-3100 when calling PCRE functions
- Marcos:
-I'm running into difficulty updating my SG-1100 to the latest version. It is still on the 2.4.4 factory i... -
08:07 AM Bug #11466: PHP exits with signal 11 on SG-3100 when calling PCRE functions
- Thanks for the additional info. I will investigate further. The Signal 10 from the Snort binary I am not really surpr...
-
01:21 AM Bug #11466: PHP exits with signal 11 on SG-3100 when calling PCRE functions
- The behavior with both Snort and Suricata installed was definitely strange and didn't make sense to me. I did a fresh...
02/22/2021
-
10:20 PM Bug #11466: PHP exits with signal 11 on SG-3100 when calling PCRE functions
- So to make sure I understand, this only happens on an SG-3100 and you can't reproduce on x86 hardware.
The first t... -
07:04 PM Bug #11466: PHP exits with signal 11 on SG-3100 when calling PCRE functions
- They were not scrubbed. Here are the steps to reproduce it (was not able to reproduce on a x86 system).
Only Snort... -
06:43 PM Bug #11466: PHP exits with signal 11 on SG-3100 when calling PCRE functions
- Marcos Mendoza wrote:
> The ARM patch for snort is still there:
> https://github.com/pfsense/FreeBSD-ports/blob/dev... -
02:08 PM Bug #11466: PHP exits with signal 11 on SG-3100 when calling PCRE functions
- The ARM patch for snort is still there:
https://github.com/pfsense/FreeBSD-ports/blob/devel/security/snort/files/pat... -
04:52 PM Regression #11504 (Resolved): CA and certificate validity end dates after 2038 are not handled properly on 32-bit ARM
- The expiry date rolls over and is shown as some time in that past. pfSense see it as expired/invalid. See attachment....
02/20/2021
-
08:28 PM Bug #11466: PHP exits with signal 11 on SG-3100 when calling PCRE functions
- Scott Long wrote:
> I don't think that this is related to https://redmine.pfsense.org/issues/11444.
I agree. The ... -
05:57 PM Bug #11466: PHP exits with signal 11 on SG-3100 when calling PCRE functions
- I don't think that this is related to https://redmine.pfsense.org/issues/11444.
-
05:59 PM Regression #11444 (In Progress): SG-3100 doesn't pass traffic after upgrade to 21.02
-
05:56 PM Regression #11444: SG-3100 doesn't pass traffic after upgrade to 21.02
- There is a fix that passes my testing here:
https://reviews.freebsd.org/D28821
The above patch is for FreeBSD H...
02/19/2021
-
03:36 PM Bug #11466: PHP exits with signal 11 on SG-3100 when calling PCRE functions
- The Signal 10 error occurs when an executable attempts to access a memory address on a non-word aligned boundary in A...
-
03:19 PM Bug #11466: PHP exits with signal 11 on SG-3100 when calling PCRE functions
- Marcos Mendoza wrote:
> After installing Snort and starting the service on an interface, fails to start and the foll... -
12:02 PM Bug #11466 (Closed): PHP exits with signal 11 on SG-3100 when calling PCRE functions
- After installing Snort and starting the service on an interface, fails to start and the following is reported on the ...
-
07:53 AM Regression #11444: SG-3100 doesn't pass traffic after upgrade to 21.02
- If you can re-enable those and test again, monitor the CPU usage, CPU temp, and so on to see if they are unusually hi...
-
03:36 AM Regression #11444: SG-3100 doesn't pass traffic after upgrade to 21.02
- after uninstalling Snort and Suricata packages everything works fine
pfSense Plus 21.02 + pfBlockerNG-devel 3.0.0_10
02/18/2021
-
02:45 PM Regression #11436: State matching problem with reponses to packets arriving on non-default WANs
- I can reproduce this here as well. It was working not too long ago, though. It doesn't seem to affect everything, how...
-
06:16 AM Regression #11436: State matching problem with reponses to packets arriving on non-default WANs
- Have same issue, started on devel 2.5. Posted some details at https://forum.netgate.com/topic/159354/pfsense-2-5-0-a-...
-
10:35 AM Feature #10804: Interface Status page information for switch uplinks may be replaced by switch port data when media state monitoring is set
- Applied in changeset commit:4e5e99a61d422941e69b2caa11e948363409e48c.
-
10:29 AM Feature #10804 (Feedback): Interface Status page information for switch uplinks may be replaced by switch port data when media state monitoring is set
- PR has been merged. Thanks!
-
09:33 AM Regression #11444: SG-3100 doesn't pass traffic after upgrade to 21.02
- could be related: #11436 #11418
-
09:30 AM Regression #11444 (Resolved): SG-3100 doesn't pass traffic after upgrade to 21.02
- After upgrading SG-3100 to pfSense Plus 21.02 NAT stopped working.
Test:
LAN PC (192.168.10.132):...
02/17/2021
-
04:28 PM Regression #11436 (Resolved): State matching problem with reponses to packets arriving on non-default WANs
- I have quite specific multiwan setup
WAN (symmetric pppoe) port forward for ssh to lan (rpi)
WAN2 (symmetric comm...
Also available in: Atom