Project

General

Profile

Activity

From 03/04/2021 to 04/02/2021

04/02/2021

11:57 AM Bug #11466: PHP exits with signal 11 on SG-3100 when calling PCRE functions
One of the issues identified in this ticket, the logging of "blank" interface names and the display of "Unknown" as t... Bill Meeks

04/01/2021

04:26 PM Feature #11772: Layer 2 Tunnel Bonding Capability
Bonus points on this one: A "wizard" which can be run on the "central office" end PF to create the configuration for... Clint Guillot
04:22 PM Feature #11772 (New): Layer 2 Tunnel Bonding Capability
Ability to tunnel traffic over multiple WAN connections back to another PF appliance at a central location in order t... Clint Guillot
11:28 AM Bug #11770 (New): Pantech UML295 USB Modem No Longer Functional
The Pantech UML295 modem in the USB port is caused pfSense to hang on reboot when upgrading to version 21.02 of the s... Kris Phillips

03/31/2021

12:47 PM Regression #11436: State matching problem with reponses to packets arriving on non-default WANs
I am trying to reproduce with CE my scenario in a virtual environment and was having issues, good to know it doesn't ... Grant Derhofer

03/30/2021

05:10 PM Regression #11436: State matching problem with reponses to packets arriving on non-default WANs
I can confirm that it does not occur in CE v5.0. I had the config operational before I migrated to Netgate x7100 with... Rick Strangman
04:10 PM Regression #11436: State matching problem with reponses to packets arriving on non-default WANs
Jordan Bradley wrote:
> I'm using community edition and this bug is affecting me.
Based on your description above...
Jim Pingle
04:08 PM Regression #11436: State matching problem with reponses to packets arriving on non-default WANs
I'm using community edition and this bug is affecting me. Jordan Bradley
04:00 PM Regression #11436: State matching problem with reponses to packets arriving on non-default WANs
A few notes:
* This only appears to affect pfSense Plus, not CE, which explains why some people cannot reproduce t...
Jim Pingle

03/29/2021

10:12 AM Bug #11726 (Rejected): Network traffic stops with latest RC build.
Unable to reproduce and not enough information to determine if there is a bug, or anything which can be done.
If y...
Jim Pingle
03:16 AM Regression #11436: State matching problem with reponses to packets arriving on non-default WANs
Rick Strangman wrote:
> I attach a pfsense packet capture on the LAN side from the bad WAN2. You can see that the in...
Kristof Provost

03/28/2021

02:41 AM Bug #11741 (Closed): VLAN 1 description displays as "Default System VLANDefault System VLAN"
internal issue NG 5952 created Viktor Gurov
12:23 AM Regression #11436: State matching problem with reponses to packets arriving on non-default WANs
I believe I'm also encountering this issue, at least a google for "pfsense rdr not working after upgrade" brought me ... Craig Leres

03/27/2021

11:30 PM Regression #11436: State matching problem with reponses to packets arriving on non-default WANs
I attach a pfsense packet capture on the LAN side from the bad WAN2. You can see that the initial SMTP request comes ... Rick Strangman
04:28 AM Regression #11436: State matching problem with reponses to packets arriving on non-default WANs
Just wanted to add that this issue also impact IPv6 NPt with multiwan, please check this as well when fix will be at ... DRago_Angel [InV@DER]
03:33 PM Bug #11726: Network traffic stops with latest RC build.
This may be a dup of ticket 11540. Ian Mitchell
11:42 AM Bug #11741: VLAN 1 description displays as "Default System VLANDefault System VLAN"
Screenshot didn't make it. Here
!https://dsc.cloud/b854da/pb-A0SwdJGmBR/pb-A0SwdJGmBR.png!
→ luckman212
11:37 AM Bug #11741 (Closed): VLAN 1 description displays as "Default System VLANDefault System VLAN"
In the GUI, the description for the default VLAN is printed twice:
!https://cln.sh/dd93kN!
I made a simple fix ...
→ luckman212

03/26/2021

11:23 AM Feature #11732 (New): Add VXLAN Support to pfSense Plus
VXLAN Support would be useful for scalable cloud deployments of pfSense Plus Kris Phillips

03/25/2021

09:19 PM Regression #11436: State matching problem with reponses to packets arriving on non-default WANs
The issue is:
1. 2 x WAN, WAN1 & WAN 2, both DHCP
2. WAN1 set as default gateway
3. Both WANs have identical NAT r...
Rick Strangman
08:10 PM Regression #11436: State matching problem with reponses to packets arriving on non-default WANs
Kris Phillips wrote:
> Testing with the following on amd64:
>
> 1. Created Port Forward from WAN address to inter...
Kris Phillips
07:08 PM Regression #11436: State matching problem with reponses to packets arriving on non-default WANs
Kris,
I can reliably reproduce this bug on my systems. We are running 2 C2758s in a MultiWAN / HA config. We set...
David Socha
05:11 PM Regression #11436: State matching problem with reponses to packets arriving on non-default WANs
My setup is that I'm trying to do port forwarding on an openvpn client interface in order to forward a reserved port ... Jordan Bradley
05:01 PM Regression #11436: State matching problem with reponses to packets arriving on non-default WANs
Testing with the following on amd64:
1. Created Port Forward from WAN address to internal and WAN2 set as default ...
Kris Phillips

03/24/2021

09:17 PM Bug #11726 (Rejected): Network traffic stops with latest RC build.
After updating to the RC build 21.02.2.r.20210324.0300 network traffic ceased. No NAT traffic was passing, each inter... Ian Mitchell
01:59 PM Regression #11436: State matching problem with reponses to packets arriving on non-default WANs
Svein Wisnaes wrote:
> Grzegorz Krzystek wrote:
> > last known working version is 2.4.5p1
> >
> > No ETA on this...
Kris Phillips
07:32 AM Regression #11436: State matching problem with reponses to packets arriving on non-default WANs
Grzegorz Krzystek wrote:
> last known working version is 2.4.5p1
>
> No ETA on this, nor known workaround yet.
...
Svein Wisnaes

03/23/2021

11:15 AM Regression #11436: State matching problem with reponses to packets arriving on non-default WANs
I can concur that with 2 Wan Interfaces (different subnet in our case), with DMZ and LAN networks that traffic coming... Gerald Drouillard
09:57 AM Regression #11436: State matching problem with reponses to packets arriving on non-default WANs
Thanks for that.
The only progress I can report so far is that this demonstrates that the initial SYN arrives and ...
Kristof Provost
08:38 AM Regression #11436: State matching problem with reponses to packets arriving on non-default WANs
last known working version is 2.4.5p1
No ETA on this, nor known workaround yet.
Grzegorz Krzystek
08:34 AM Regression #11436: State matching problem with reponses to packets arriving on non-default WANs
Netgate XG-1537
21.02-RELEASE-p1 (amd64)
built on Mon Feb 22 09:39:51 EST 2021
FreeBSD 12.2-STABLE
2 x WAN wi...
Svein Wisnaes
07:49 AM Regression #11436: State matching problem with reponses to packets arriving on non-default WANs
please check your mailbox ;) Grzegorz Krzystek
07:44 AM Regression #11436: State matching problem with reponses to packets arriving on non-default WANs
Yes, that's the setup I have, and I'm unable to reproduce the problem. The port forwarding just work on both WAN and ... Kristof Provost
05:44 AM Regression #11436: State matching problem with reponses to packets arriving on non-default WANs
What is funny is it need to be related with routing.
reflection nat works. this is impacting only when connection ca...
Grzegorz Krzystek
05:33 AM Regression #11436: State matching problem with reponses to packets arriving on non-default WANs
Kristof Provost wrote:
> With a PPPoE setup I still can't reproduce the problem. Along with the latest report that's...
Grzegorz Krzystek
05:22 AM Regression #11436: State matching problem with reponses to packets arriving on non-default WANs
With a PPPoE setup I still can't reproduce the problem. Along with the latest report that's fairly strong evidence th... Kristof Provost

03/22/2021

04:43 PM Regression #11436: State matching problem with reponses to packets arriving on non-default WANs
I am not using PPPOE. Both WANs are DHCP. My config attached. Rick Strangman
11:45 AM Regression #11436: State matching problem with reponses to packets arriving on non-default WANs
Thanks. I've not immediately spotted anything suspect in there.
However, it appears that all reports of this issue...
Kristof Provost
08:48 AM Regression #11436: State matching problem with reponses to packets arriving on non-default WANs
I've so far been unable to reproduce this problem.
It's possible that I'm missing some relevant factor in my setup. ...
Kristof Provost
09:58 AM Regression #11689 (Resolved): LEDs do not indicate available upgrade status
Confirmed working on latest snapshot Renato Botelho

03/20/2021

09:18 PM Bug #11630: WireGuard MultiWAN Not Failing Back to Tier 1
Since Wireguard is being removed from the next release, this bug report should be closed out as Rejected. Kris Phillips
09:14 PM Bug #11673: Thermal Sensors Non-functional on SG-3100
Important to note that this seemed to work fine in the 2.4.5p1 images. Its just the newer release that has issues. Kris Phillips

03/17/2021

10:25 AM Regression #11689: LEDs do not indicate available upgrade status
Relevant commits:
https://gitlab.netgate.com/pfSense/factory/-/commit/2add5e3aaaa59a66b2de8789b39b61efff27dfb8
ht...
Jim Pingle
10:07 AM Regression #11689: LEDs do not indicate available upgrade status
I committed another change to use the middle LED for this rather than overloading the use of the ready LED, since the... Jim Pingle
09:41 AM Regression #11689 (Feedback): LEDs do not indicate available upgrade status
Fix committed, should be in tomorrow's image Jim Pingle
08:44 AM Regression #11689 (Resolved): LEDs do not indicate available upgrade status
LEDs are not being updated when a new upgrade is available.
Only affects Plus.
Variable in @etc/rc.update_pkg_m...
Jim Pingle

03/16/2021

07:11 PM Regression #11436: State matching problem with reponses to packets arriving on non-default WANs
I have the same problem with 21.02. No VPN's just straight multi-wan. WAN2 (non-default) responds to a ping and works... Rick Strangman
03:27 PM Regression #11436: State matching problem with reponses to packets arriving on non-default WANs
Sounds like it may be related to my issue as well (#11630). It was working normally on my daily build from January du... James Blanton

03/15/2021

06:32 AM Bug #11673: Thermal Sensors Non-functional on SG-3100
I can reproduce it here even on a 21.02.2 snapshot. It's specific to the Thermal Sensors widget and not the temperatu... Jim Pingle

03/13/2021

11:18 PM Bug #11673: Thermal Sensors Non-functional on SG-3100
Unable to reproduce
Could be related to #11443
Viktor Gurov
10:01 PM Bug #11673: Thermal Sensors Non-functional on SG-3100
Kris Phillips wrote:
> The Dashboard Widget for the SG-3100 showing the thermal sensor information gets stuck on "Up...
Michael Spears
06:20 PM Bug #11673 (Duplicate): Thermal Sensors Non-functional on SG-3100
The Dashboard Widget for the SG-3100 showing the thermal sensor information gets stuck on "Updating...." in pfSense P... Kris Phillips

03/12/2021

10:31 PM Regression #11436: State matching problem with reponses to packets arriving on non-default WANs
Sounds like this issue might be causing my problem but I can't tell 100% from the description.
One of our sites ha...
Eduard Rozenberg
12:38 PM Regression #11436: State matching problem with reponses to packets arriving on non-default WANs
Updating subject for release notes.
Also made it more general since this can affect more than port forwards.
Jim Pingle
10:50 AM Regression #11436: State matching problem with reponses to packets arriving on non-default WANs
Just to update. The nat rule on 2.4.5p1 for 1:1 Nat is... Greg Hulands
10:20 AM Feature #10804: Interface Status page information for switch uplinks may be replaced by switch port data when media state monitoring is set
Updating subject for release notes. Jim Pingle
09:36 AM Regression #11504: CA and certificate validity end dates after 2038 are not handled properly on 32-bit ARM
Updating subject for release notes. Jim Pingle
09:16 AM Regression #11504 (Resolved): CA and certificate validity end dates after 2038 are not handled properly on 32-bit ARM
Jim Pingle

03/11/2021

02:32 PM Bug #11630: WireGuard MultiWAN Not Failing Back to Tier 1
Christian,
Nope! I explored that line of thought as well. I did have it set up at one point, but then I removed i...
James Blanton
07:57 AM Bug #11630: WireGuard MultiWAN Not Failing Back to Tier 1
If anybody from Netgate would like to jump into a Zoom meeting so that they can observe this edge case, just reach ou... Christian McDonald
07:38 AM Bug #11630: WireGuard MultiWAN Not Failing Back to Tier 1
Christian,
What I've found is that unless you do something to interfere with WireGuard, such as disabling and re-e...
James Blanton
07:23 AM Bug #11630: WireGuard MultiWAN Not Failing Back to Tier 1
I'm seeing this on 2.5.0 as well. I have a failover group set as default gateway IPv4. WAN1 dropped out and WG starte... Christian McDonald
02:20 PM Feature #10804 (Feedback): Interface Status page information for switch uplinks may be replaced by switch port data when media state monitoring is set
Cherry-picked to RELENG_2_5_1 Renato Botelho
02:05 PM Bug #11466: PHP exits with signal 11 on SG-3100 when calling PCRE functions
Likely related #11605 and #11551 Marcos M
01:26 PM Bug #11466: PHP exits with signal 11 on SG-3100 when calling PCRE functions
Updating bug report to focus on PHP issue, given that the snort sig 10 issue is unlikely related, and this seems to a... Marcos M
01:12 PM Regression #11504: CA and certificate validity end dates after 2038 are not handled properly on 32-bit ARM
Confirmed working on 21.02.2 Marcos M
10:40 AM Regression #11504: CA and certificate validity end dates after 2038 are not handled properly on 32-bit ARM
Tested on 21.02p1 and it showed as invalid. After updating to latest dev build image (Mar 10), the cert no longer sho... Marcos M

03/10/2021

02:37 PM Regression #11504: CA and certificate validity end dates after 2038 are not handled properly on 32-bit ARM
Needs re-tested on snapshots.
If needed, I have a user-supplied certificate which can replicate the problem and ca...
Jim Pingle
08:12 AM Bug #11626: Google LDAP connections fail due to lack of SNI for TLS 1.3
Not that I like the idea of downgrading to a lower TLS version but I wonder if it would work if we forced off TLS 1.3... Jim Pingle
05:45 AM Bug #11626: Google LDAP connections fail due to lack of SNI for TLS 1.3
Using the STunnel package as a workaround helps:
https://docs.netgate.com/pfsense/en/latest/recipes/auth-google-gsui...
Viktor Gurov

03/09/2021

03:00 PM Bug #11466: PHP exits with signal 11 on SG-3100 when calling PCRE functions
Tested on:... Marcos M
12:28 PM Bug #11466: PHP exits with signal 11 on SG-3100 when calling PCRE functions
Has anyone tried this on a 21.05 snapshot with PHP 7.4.16? The release notes for PHP 7.4.16 mention they fixed a segf... Jim Pingle
01:48 PM Regression #11436: State matching problem with reponses to packets arriving on non-default WANs
gnn is taking a look at this to see if he can track it down. Jim Pingle
01:16 PM Feature #10804 (Waiting on Merge): Interface Status page information for switch uplinks may be replaced by switch port data when media state monitoring is set
Jim Pingle

03/08/2021

07:40 PM Regression #11436: State matching problem with reponses to packets arriving on non-default WANs
Site to Site OpenVPN is broken for me in 2.5.0. The tunnel encryption is setup, but running openvpn at verbosity leve... Greg Hulands
09:46 AM Regression #11436: State matching problem with reponses to packets arriving on non-default WANs
the last filter generating change is https://github.com/pfsense/pfsense/commit/fce8a99bffae47c965c692dbe763ae9732092f... Viktor Gurov
09:17 AM Regression #11436: State matching problem with reponses to packets arriving on non-default WANs
Same issue here after upgrade to v21.02,
MultiWan wont NAT properly on both wan.
A new message to let you know this...
R M
11:29 AM Bug #11630: WireGuard MultiWAN Not Failing Back to Tier 1
This also appears to be related to Bug #11613, where the user had to reboot pfSense to get WireGuard to follow the st... James Blanton
11:21 AM Bug #11630: WireGuard MultiWAN Not Failing Back to Tier 1
FYI - The "nightly" build I was using during testing was 2.5.0.a.20210122.2350. James Blanton

03/07/2021

11:32 PM Bug #11630: WireGuard MultiWAN Not Failing Back to Tier 1
see also #11570 and #6370 Viktor Gurov
11:21 AM Regression #11436: State matching problem with reponses to packets arriving on non-default WANs
It looks like the reply traffic is not matching the state created by the inbound connection on the WAN.
The firewa...
Steve Wheeler

03/06/2021

10:20 AM Regression #11504: CA and certificate validity end dates after 2038 are not handled properly on 32-bit ARM
bdaa35dcf31def521ba8c60c0aa9c41bf5005311 is working when applied to 21.02p1 on an SG-3100. The change hasn't made it ... Max Leighton

03/05/2021

04:31 PM Bug #11630 (Closed): WireGuard MultiWAN Not Failing Back to Tier 1
When using a GW group for WAN failover, WireGuard will fail to Tier2 when the Tier1 GW is down. However, when Tier1 i... James Blanton
10:23 AM Regression #11436: State matching problem with reponses to packets arriving on non-default WANs
Marcos Mendoza wrote:
[...]
>
> I noticed the PPPoE gateway that was automatically created was outside of the sub...
Grzegorz Krzystek
09:59 AM Regression #11436: State matching problem with reponses to packets arriving on non-default WANs
Another report:
Port forward and firewall rules are in place on a secondary PPPoE WAN interface. Traffic comes in,...
Marcos M
08:06 AM Bug #11626: Google LDAP connections fail due to lack of SNI for TLS 1.3
If OpenLDAP ldapsearch fails directly it's unlikely to be related to #9417
All the references I see to SNI seem fa...
Jim Pingle
02:07 AM Bug #11626: Google LDAP connections fail due to lack of SNI for TLS 1.3
may be related to #9417 Viktor Gurov
02:02 AM Bug #11626 (Resolved): Google LDAP connections fail due to lack of SNI for TLS 1.3
https://forum.netgate.com/topic/161725/google-ldap-connection-failed:
I have a problem after update my Netgate XG-...
Viktor Gurov
 

Also available in: Atom