Project

General

Profile

Activity

From 02/28/2021 to 03/29/2021

03/29/2021

10:12 AM Bug #11726 (Rejected): Network traffic stops with latest RC build.
Unable to reproduce and not enough information to determine if there is a bug, or anything which can be done.
If y...
Jim Pingle
03:16 AM Regression #11436: State matching problem with reponses to packets arriving on non-default WANs
Rick Strangman wrote:
> I attach a pfsense packet capture on the LAN side from the bad WAN2. You can see that the in...
Kristof Provost

03/28/2021

02:41 AM Bug #11741 (Closed): VLAN 1 description displays as "Default System VLANDefault System VLAN"
internal issue NG 5952 created Viktor Gurov
12:23 AM Regression #11436: State matching problem with reponses to packets arriving on non-default WANs
I believe I'm also encountering this issue, at least a google for "pfsense rdr not working after upgrade" brought me ... Craig Leres

03/27/2021

11:30 PM Regression #11436: State matching problem with reponses to packets arriving on non-default WANs
I attach a pfsense packet capture on the LAN side from the bad WAN2. You can see that the initial SMTP request comes ... Rick Strangman
04:28 AM Regression #11436: State matching problem with reponses to packets arriving on non-default WANs
Just wanted to add that this issue also impact IPv6 NPt with multiwan, please check this as well when fix will be at ... DRago_Angel [InV@DER]
03:33 PM Bug #11726: Network traffic stops with latest RC build.
This may be a dup of ticket 11540. Ian Mitchell
11:42 AM Bug #11741: VLAN 1 description displays as "Default System VLANDefault System VLAN"
Screenshot didn't make it. Here
!https://dsc.cloud/b854da/pb-A0SwdJGmBR/pb-A0SwdJGmBR.png!
→ luckman212
11:37 AM Bug #11741 (Closed): VLAN 1 description displays as "Default System VLANDefault System VLAN"
In the GUI, the description for the default VLAN is printed twice:
!https://cln.sh/dd93kN!
I made a simple fix ...
→ luckman212

03/26/2021

11:23 AM Feature #11732 (New): Add VXLAN Support to pfSense Plus
VXLAN Support would be useful for scalable cloud deployments of pfSense Plus Kris Phillips

03/25/2021

09:19 PM Regression #11436: State matching problem with reponses to packets arriving on non-default WANs
The issue is:
1. 2 x WAN, WAN1 & WAN 2, both DHCP
2. WAN1 set as default gateway
3. Both WANs have identical NAT r...
Rick Strangman
08:10 PM Regression #11436: State matching problem with reponses to packets arriving on non-default WANs
Kris Phillips wrote:
> Testing with the following on amd64:
>
> 1. Created Port Forward from WAN address to inter...
Kris Phillips
07:08 PM Regression #11436: State matching problem with reponses to packets arriving on non-default WANs
Kris,
I can reliably reproduce this bug on my systems. We are running 2 C2758s in a MultiWAN / HA config. We set...
David Socha
05:11 PM Regression #11436: State matching problem with reponses to packets arriving on non-default WANs
My setup is that I'm trying to do port forwarding on an openvpn client interface in order to forward a reserved port ... Jordan Bradley
05:01 PM Regression #11436: State matching problem with reponses to packets arriving on non-default WANs
Testing with the following on amd64:
1. Created Port Forward from WAN address to internal and WAN2 set as default ...
Kris Phillips

03/24/2021

09:17 PM Bug #11726 (Rejected): Network traffic stops with latest RC build.
After updating to the RC build 21.02.2.r.20210324.0300 network traffic ceased. No NAT traffic was passing, each inter... Ian Mitchell
01:59 PM Regression #11436: State matching problem with reponses to packets arriving on non-default WANs
Svein Wisnaes wrote:
> Grzegorz Krzystek wrote:
> > last known working version is 2.4.5p1
> >
> > No ETA on this...
Kris Phillips
07:32 AM Regression #11436: State matching problem with reponses to packets arriving on non-default WANs
Grzegorz Krzystek wrote:
> last known working version is 2.4.5p1
>
> No ETA on this, nor known workaround yet.
...
Svein Wisnaes

03/23/2021

11:15 AM Regression #11436: State matching problem with reponses to packets arriving on non-default WANs
I can concur that with 2 Wan Interfaces (different subnet in our case), with DMZ and LAN networks that traffic coming... Gerald Drouillard
09:57 AM Regression #11436: State matching problem with reponses to packets arriving on non-default WANs
Thanks for that.
The only progress I can report so far is that this demonstrates that the initial SYN arrives and ...
Kristof Provost
08:38 AM Regression #11436: State matching problem with reponses to packets arriving on non-default WANs
last known working version is 2.4.5p1
No ETA on this, nor known workaround yet.
Grzegorz Krzystek
08:34 AM Regression #11436: State matching problem with reponses to packets arriving on non-default WANs
Netgate XG-1537
21.02-RELEASE-p1 (amd64)
built on Mon Feb 22 09:39:51 EST 2021
FreeBSD 12.2-STABLE
2 x WAN wi...
Svein Wisnaes
07:49 AM Regression #11436: State matching problem with reponses to packets arriving on non-default WANs
please check your mailbox ;) Grzegorz Krzystek
07:44 AM Regression #11436: State matching problem with reponses to packets arriving on non-default WANs
Yes, that's the setup I have, and I'm unable to reproduce the problem. The port forwarding just work on both WAN and ... Kristof Provost
05:44 AM Regression #11436: State matching problem with reponses to packets arriving on non-default WANs
What is funny is it need to be related with routing.
reflection nat works. this is impacting only when connection ca...
Grzegorz Krzystek
05:33 AM Regression #11436: State matching problem with reponses to packets arriving on non-default WANs
Kristof Provost wrote:
> With a PPPoE setup I still can't reproduce the problem. Along with the latest report that's...
Grzegorz Krzystek
05:22 AM Regression #11436: State matching problem with reponses to packets arriving on non-default WANs
With a PPPoE setup I still can't reproduce the problem. Along with the latest report that's fairly strong evidence th... Kristof Provost

03/22/2021

04:43 PM Regression #11436: State matching problem with reponses to packets arriving on non-default WANs
I am not using PPPOE. Both WANs are DHCP. My config attached. Rick Strangman
11:45 AM Regression #11436: State matching problem with reponses to packets arriving on non-default WANs
Thanks. I've not immediately spotted anything suspect in there.
However, it appears that all reports of this issue...
Kristof Provost
08:48 AM Regression #11436: State matching problem with reponses to packets arriving on non-default WANs
I've so far been unable to reproduce this problem.
It's possible that I'm missing some relevant factor in my setup. ...
Kristof Provost
09:58 AM Regression #11689 (Resolved): LEDs do not indicate available upgrade status
Confirmed working on latest snapshot Renato Botelho

03/20/2021

09:18 PM Bug #11630: WireGuard MultiWAN Not Failing Back to Tier 1
Since Wireguard is being removed from the next release, this bug report should be closed out as Rejected. Kris Phillips
09:14 PM Bug #11673: Thermal Sensors Non-functional on SG-3100
Important to note that this seemed to work fine in the 2.4.5p1 images. Its just the newer release that has issues. Kris Phillips

03/17/2021

10:25 AM Regression #11689: LEDs do not indicate available upgrade status
Relevant commits:
https://gitlab.netgate.com/pfSense/factory/-/commit/2add5e3aaaa59a66b2de8789b39b61efff27dfb8
ht...
Jim Pingle
10:07 AM Regression #11689: LEDs do not indicate available upgrade status
I committed another change to use the middle LED for this rather than overloading the use of the ready LED, since the... Jim Pingle
09:41 AM Regression #11689 (Feedback): LEDs do not indicate available upgrade status
Fix committed, should be in tomorrow's image Jim Pingle
08:44 AM Regression #11689 (Resolved): LEDs do not indicate available upgrade status
LEDs are not being updated when a new upgrade is available.
Only affects Plus.
Variable in @etc/rc.update_pkg_m...
Jim Pingle

03/16/2021

07:11 PM Regression #11436: State matching problem with reponses to packets arriving on non-default WANs
I have the same problem with 21.02. No VPN's just straight multi-wan. WAN2 (non-default) responds to a ping and works... Rick Strangman
03:27 PM Regression #11436: State matching problem with reponses to packets arriving on non-default WANs
Sounds like it may be related to my issue as well (#11630). It was working normally on my daily build from January du... James Blanton

03/15/2021

06:32 AM Bug #11673: Thermal Sensors Non-functional on SG-3100
I can reproduce it here even on a 21.02.2 snapshot. It's specific to the Thermal Sensors widget and not the temperatu... Jim Pingle

03/13/2021

11:18 PM Bug #11673: Thermal Sensors Non-functional on SG-3100
Unable to reproduce
Could be related to #11443
Viktor Gurov
10:01 PM Bug #11673: Thermal Sensors Non-functional on SG-3100
Kris Phillips wrote:
> The Dashboard Widget for the SG-3100 showing the thermal sensor information gets stuck on "Up...
Michael Spears
06:20 PM Bug #11673 (Duplicate): Thermal Sensors Non-functional on SG-3100
The Dashboard Widget for the SG-3100 showing the thermal sensor information gets stuck on "Updating...." in pfSense P... Kris Phillips

03/12/2021

10:31 PM Regression #11436: State matching problem with reponses to packets arriving on non-default WANs
Sounds like this issue might be causing my problem but I can't tell 100% from the description.
One of our sites ha...
Eduard Rozenberg
12:38 PM Regression #11436: State matching problem with reponses to packets arriving on non-default WANs
Updating subject for release notes.
Also made it more general since this can affect more than port forwards.
Jim Pingle
10:50 AM Regression #11436: State matching problem with reponses to packets arriving on non-default WANs
Just to update. The nat rule on 2.4.5p1 for 1:1 Nat is... Greg Hulands
10:20 AM Feature #10804: Interface Status page information for switch uplinks may be replaced by switch port data when media state monitoring is set
Updating subject for release notes. Jim Pingle
09:36 AM Regression #11504: CA and certificate validity end dates after 2038 are not handled properly on 32-bit ARM
Updating subject for release notes. Jim Pingle
09:16 AM Regression #11504 (Resolved): CA and certificate validity end dates after 2038 are not handled properly on 32-bit ARM
Jim Pingle

03/11/2021

02:32 PM Bug #11630: WireGuard MultiWAN Not Failing Back to Tier 1
Christian,
Nope! I explored that line of thought as well. I did have it set up at one point, but then I removed i...
James Blanton
07:57 AM Bug #11630: WireGuard MultiWAN Not Failing Back to Tier 1
If anybody from Netgate would like to jump into a Zoom meeting so that they can observe this edge case, just reach ou... Christian McDonald
07:38 AM Bug #11630: WireGuard MultiWAN Not Failing Back to Tier 1
Christian,
What I've found is that unless you do something to interfere with WireGuard, such as disabling and re-e...
James Blanton
07:23 AM Bug #11630: WireGuard MultiWAN Not Failing Back to Tier 1
I'm seeing this on 2.5.0 as well. I have a failover group set as default gateway IPv4. WAN1 dropped out and WG starte... Christian McDonald
02:20 PM Feature #10804 (Feedback): Interface Status page information for switch uplinks may be replaced by switch port data when media state monitoring is set
Cherry-picked to RELENG_2_5_1 Renato Botelho
02:05 PM Bug #11466: PHP exits with signal 11 on SG-3100 when calling PCRE functions
Likely related #11605 and #11551 Marcos M
01:26 PM Bug #11466: PHP exits with signal 11 on SG-3100 when calling PCRE functions
Updating bug report to focus on PHP issue, given that the snort sig 10 issue is unlikely related, and this seems to a... Marcos M
01:12 PM Regression #11504: CA and certificate validity end dates after 2038 are not handled properly on 32-bit ARM
Confirmed working on 21.02.2 Marcos M
10:40 AM Regression #11504: CA and certificate validity end dates after 2038 are not handled properly on 32-bit ARM
Tested on 21.02p1 and it showed as invalid. After updating to latest dev build image (Mar 10), the cert no longer sho... Marcos M

03/10/2021

02:37 PM Regression #11504: CA and certificate validity end dates after 2038 are not handled properly on 32-bit ARM
Needs re-tested on snapshots.
If needed, I have a user-supplied certificate which can replicate the problem and ca...
Jim Pingle
08:12 AM Bug #11626: Google LDAP connections fail due to lack of SNI for TLS 1.3
Not that I like the idea of downgrading to a lower TLS version but I wonder if it would work if we forced off TLS 1.3... Jim Pingle
05:45 AM Bug #11626: Google LDAP connections fail due to lack of SNI for TLS 1.3
Using the STunnel package as a workaround helps:
https://docs.netgate.com/pfsense/en/latest/recipes/auth-google-gsui...
Viktor Gurov

03/09/2021

03:00 PM Bug #11466: PHP exits with signal 11 on SG-3100 when calling PCRE functions
Tested on:... Marcos M
12:28 PM Bug #11466: PHP exits with signal 11 on SG-3100 when calling PCRE functions
Has anyone tried this on a 21.05 snapshot with PHP 7.4.16? The release notes for PHP 7.4.16 mention they fixed a segf... Jim Pingle
01:48 PM Regression #11436: State matching problem with reponses to packets arriving on non-default WANs
gnn is taking a look at this to see if he can track it down. Jim Pingle
01:16 PM Feature #10804 (Waiting on Merge): Interface Status page information for switch uplinks may be replaced by switch port data when media state monitoring is set
Jim Pingle

03/08/2021

07:40 PM Regression #11436: State matching problem with reponses to packets arriving on non-default WANs
Site to Site OpenVPN is broken for me in 2.5.0. The tunnel encryption is setup, but running openvpn at verbosity leve... Greg Hulands
09:46 AM Regression #11436: State matching problem with reponses to packets arriving on non-default WANs
the last filter generating change is https://github.com/pfsense/pfsense/commit/fce8a99bffae47c965c692dbe763ae9732092f... Viktor Gurov
09:17 AM Regression #11436: State matching problem with reponses to packets arriving on non-default WANs
Same issue here after upgrade to v21.02,
MultiWan wont NAT properly on both wan.
A new message to let you know this...
R M
11:29 AM Bug #11630: WireGuard MultiWAN Not Failing Back to Tier 1
This also appears to be related to Bug #11613, where the user had to reboot pfSense to get WireGuard to follow the st... James Blanton
11:21 AM Bug #11630: WireGuard MultiWAN Not Failing Back to Tier 1
FYI - The "nightly" build I was using during testing was 2.5.0.a.20210122.2350. James Blanton

03/07/2021

11:32 PM Bug #11630: WireGuard MultiWAN Not Failing Back to Tier 1
see also #11570 and #6370 Viktor Gurov
11:21 AM Regression #11436: State matching problem with reponses to packets arriving on non-default WANs
It looks like the reply traffic is not matching the state created by the inbound connection on the WAN.
The firewa...
Steve Wheeler

03/06/2021

10:20 AM Regression #11504: CA and certificate validity end dates after 2038 are not handled properly on 32-bit ARM
bdaa35dcf31def521ba8c60c0aa9c41bf5005311 is working when applied to 21.02p1 on an SG-3100. The change hasn't made it ... Max Leighton

03/05/2021

04:31 PM Bug #11630 (Closed): WireGuard MultiWAN Not Failing Back to Tier 1
When using a GW group for WAN failover, WireGuard will fail to Tier2 when the Tier1 GW is down. However, when Tier1 i... James Blanton
10:23 AM Regression #11436: State matching problem with reponses to packets arriving on non-default WANs
Marcos Mendoza wrote:
[...]
>
> I noticed the PPPoE gateway that was automatically created was outside of the sub...
Grzegorz Krzystek
09:59 AM Regression #11436: State matching problem with reponses to packets arriving on non-default WANs
Another report:
Port forward and firewall rules are in place on a secondary PPPoE WAN interface. Traffic comes in,...
Marcos M
08:06 AM Bug #11626: Google LDAP connections fail due to lack of SNI for TLS 1.3
If OpenLDAP ldapsearch fails directly it's unlikely to be related to #9417
All the references I see to SNI seem fa...
Jim Pingle
02:07 AM Bug #11626: Google LDAP connections fail due to lack of SNI for TLS 1.3
may be related to #9417 Viktor Gurov
02:02 AM Bug #11626 (Resolved): Google LDAP connections fail due to lack of SNI for TLS 1.3
https://forum.netgate.com/topic/161725/google-ldap-connection-failed:
I have a problem after update my Netgate XG-...
Viktor Gurov

03/03/2021

02:52 PM Bug #11615: OpenVPN + Ldap broken in 21.02-RELEASE-p1
Read all of the recent notes, it's a general problem with fcgicli that manifests in multiple ways, including validati... Jim Pingle
02:46 PM Bug #11615: OpenVPN + Ldap broken in 21.02-RELEASE-p1
I do not believe this is a duplicate
here the longest cert
1) ST=CA, OU=XXXXXX, O=XXXXXX Technologies Inc, L=XXXX...
Luc Suryo
11:22 AM Bug #11615 (Duplicate): OpenVPN + Ldap broken in 21.02-RELEASE-p1
Almost certainly a duplicate of #4521 (See notes there with attached patches to try).
If that doesn't help, please...
Jim Pingle
11:20 AM Bug #11615 (Duplicate): OpenVPN + Ldap broken in 21.02-RELEASE-p1
We recently upgraded to 21.02-RELEASE-p1 (AWS)
And since we see an odd behavior that prevent user to login
OpenLD...
Luc Suryo

03/01/2021

02:06 AM Regression #11444: SG-3100 doesn't pass traffic after upgrade to 21.02
Let me share some of mny observartions in the last 3 days.
* hw.ncpu=unset, all non default Packages diabled = Sta...
Marco Goetze
 

Also available in: Atom