pfSense » pfSense Plus

03/25/2023

08:48 PM Bug #13967: aarch64 23.01 upgrade can fail to write the bootloader

This has been working for over a week now without issue. We can close this as Resolved. Kris Phillips

08:05 PM Regression #14181: ``mmcsd0`` controller timeout/system hang on 1100

Well I'm running on a completely different SG-1100 now so I'll wait and see if the problem reoccurs before the next v... Craig Leres

07:23 PM Regression #14181: ``mmcsd0`` controller timeout/system hang on 1100

I haven't seen this with any other firewalls or on my personal Netgate 1100. I suspect you might have a fault eMMC t... Kris Phillips

05:00 PM Regression #14181: ``mmcsd0`` controller timeout/system hang on 1100

Oops, I'm actually running 23.01. Craig Leres

02:26 PM Regression #14181: ``mmcsd0`` controller timeout/system hang on 1100

Craig Leres wrote:
> I've attached two serial console stack traces.
Here's one more crash from a few minutes ago,... Craig Leres

12:28 PM Regression #14181 (Closed): ``mmcsd0`` controller timeout/system hang on 1100

Several times since upgrading to 23.05 and later reinstalling to switch to zfs root I've had a SG-1100 glitch and los... Craig Leres

07:28 PM Bug #14104: Google LDAP connections still fail even after adding SNI for TLS 1.3

If the client certificate is chained into a single entry with the CA data, may be related to this: https://redmine.pf... Kris Phillips

06:30 PM Regression #13993: Switch ports on 7100/1100/2100 do not have Auto MDI-X support enabled

switch is not detected under interfaces menu with current build - 23.05.a.20230322.0600 Jordan G

12:24 PM Bug #14140 (Confirmed): OpenVPN Custom Options removes newline before push statements

Chris W

09:43 AM Bug #14140: OpenVPN Custom Options removes newline before push statements

I'm not able to reproduce this on the server settings, but can on the Client Specific Overrides page. After saving an... Chris W

09:19 AM Regression #14180 (Feedback): ConnectX-4 LX MCX4121A-ACAT - VT-d passthrough of both ports, virtualized pfSense fails to boot due to mlx5 driver errors

I've been running the following configuration for months now:
Hypervisor:
Linux Kernel 5.15
libvirt/qemu/kvm
... name name

03/24/2023

01:25 PM Bug #14175: LDAP authentication for SSH fails

Can confirm the issue.... Lev Prokofev

12:58 PM Bug #14175 (New): LDAP authentication for SSH fails

LDAP authentication fails for SSH user authentication via LDAP with error (Invalid credentials).
Same user successfu... Georgiy Tyutyunnik

10:20 AM Feature #14173 (Needs Patch): QAT driver does not attach to QAT virtual function devices passed through to VM on Xeon D-2146NT

pfSense is virtualized under Linux.
Hypervisor:
* qemu-kvm
* i440fx (q35 doesn't work either)
* kernel 5.15.9... name name

10:03 AM Regression #14102 (Feedback): Console menu incorrectly shows option ``99`` on some ARMv7/ARM64 installations

Fixed in 209cb8b1. Reid Linnemann

09:59 AM Regression #14102: Console menu incorrectly shows option ``99`` on some ARMv7/ARM64 installations

I've simplified and improved the EMMC/SATA rootdev check for aarch64 devices. The modified script is more specific ab... Reid Linnemann

09:51 AM Regression #14171: High Availability Setup with Gateway to secondary pfSense not working - No Internet

I forgot to add: All currently available patches were applied via the System Patches package, before any testing was ... name name

09:44 AM Regression #14171 (Not a Bug): High Availability Setup with Gateway to secondary pfSense not working - No Internet

Hi,
the following setup is working just fine on pfSense CE 2.6.0:
* High Availability/CARP
* Gateway group WAN... name name

03/23/2023

08:35 PM Bug #14168 (New): OpenVPN status GUI cannot display RADIUS ACL Generated Ruleset with usernames containing an ``@`` symbol

When looking at the Status --> OpenVPN page and viewing a user's ACLs from RADIUS, if the user signed in with user@do... Kris Phillips

03/22/2023

12:55 PM Bug #14158: Unable to delete boot environment "X". Error 3

Duplicate of https://redmine.pfsense.org/issues/14074 Christopher Cope

12:55 PM Bug #14158 (Duplicate): Unable to delete boot environment "X". Error 3

Christopher Cope

12:38 PM Bug #14158 (Duplicate): Unable to delete boot environment "X". Error 3

Hi,
I was going to make a new backup recovery in the Boot Environments.
I name it with one number ie. 1, then save ... B. B.

08:35 AM Bug #14140: OpenVPN Custom Options removes newline before push statements

Sorry, i forgot to describe WHY this is a problem.
The issue is that the invalid formatting of the options will ca... Nick Maludy

03/21/2023

01:54 PM Bug #14140 (Not a Bug): OpenVPN Custom Options removes newline before push statements

Hello,
I'm setting up an OpenVPN server and need to pass in some additional option in two places:
1. VPN -> Ope... Nick Maludy

12:09 AM Regression #14137: pfSense Plus Upgrade repo data remains on the system after upgradng

Also, if package manager unavailable, may help next solution
Check and then uncheck dashboard auto update box in Sys... aleksei prokofiev

03/20/2023

07:21 PM Regression #14137 (Resolved): pfSense Plus Upgrade repo data remains on the system after upgradng

After upgrading from CE to pfSense Plus the repo data used for that should be removed from the firewall leaving it us... Steve Wheeler

04:38 AM Bug #14135: iOT Devices not reconnecting properly

I forgot to mention we also tested this with a Sony TV (1 year old and up to date Firmware) on an ethernet connection... Steven Cedrone

04:24 AM Bug #14135 (Rejected): iOT Devices not reconnecting properly

IOT Devices of different manufacturers all seem to have this problem and while the problem is being experienced I wou... Steven Cedrone

04:32 AM Bug #13497: unbound process looks like stuck periodically

Yaroslav Semenenko wrote:
> Hello,
>
> I have Netgate 2100.
> Unbound service is needed to restart sometimes due... Steven Cedrone

03:50 AM Feature #14134 (Rejected): Notifier on main dashboard for other updates availble: Packages / System Patches (if installed) Under the PfSense current Version.

A notifier on the Main Landing page under the Current PfSense Version number that lets you also know if your packages... Steven Cedrone

03:47 AM Feature #14133 (New): Exporting and Importing - Change Layout

Please change Backup & Restore to allow for choosing only what areas you want to import/export without having to do i... Steven Cedrone

03:39 AM Bug #14132 (Not a Bug): Aliases of the same name current as previously deleted will not be respected properly

This problem is hard to describe so I'll give as much information as possible as best as I can.
-Alias was created... Steven Cedrone

03:30 AM Feature #14131 (New): Add Dynamic DNS Service: DYNU

Please add Dynamic DNS provider DYNU
https://www.dynu.com/en-US/
It's working now but sometimes won't update an... Steven Cedrone

03/19/2023

10:52 PM Bug #14129 (Resolved): Chelsio T520 unable to route past 470Mbps

Chelsio T520-CR and T420-CR are unable to route speeds over 470mbps when updated to 23.01 code. Goes to full 1gb spee... Bruce Talbot

04:01 PM Bug #12974 (Closed): Typing anything into 1100/2100 recovery installer causes process to stop

This should be closed. Updating to reflect. Ryan Coleman

02:33 AM Feature #14125 (New): Add Cateogory field to Available Packages Tab like Installed Packages Tab

Under the Installed Packages the header fields have the following listed at the top Name Category Version Description... Scott Costa

03/18/2023

08:02 PM Bug #14074: Cannot edit or delete ZFS Boot Environment with a name containing only numbers

i installed the patch.
it renamed the two broken boot environments with the name i originally gave them, swapping ... Mark Grant

04:57 PM Bug #14074: Cannot edit or delete ZFS Boot Environment with a name containing only numbers

The patch works well. I'm not hitting any of the problems I encountered previously. *It only applies to the currently... Chris W

01:57 PM Bug #14074 (Pull Request Review): Cannot edit or delete ZFS Boot Environment with a name containing only numbers

https://gitlab.netgate.com/pfSense/factory/-/merge_requests/94 Christopher Cope

01:01 PM Bug #14074 (Confirmed): Cannot edit or delete ZFS Boot Environment with a name containing only numbers

I was able to reproduce this by cloning the default environment, naming it 20230318 (today's date), no description. C... Chris W

03/17/2023

06:16 PM Bug #13967 (Feedback): aarch64 23.01 upgrade can fail to write the bootloader

Fix has been released to the world this week. Reid Linnemann

03/15/2023

02:40 PM Feature #14112 (Duplicate): Allow user to trigger license re-sync and/or reset in system_register.php

We already have an internal issue for this.
Jim Pingle

01:57 PM Bug #14104: Google LDAP connections still fail even after adding SNI for TLS 1.3

LDAP client certs are only available on Plus. Jim Pingle

03/14/2023

08:44 PM Feature #14112 (Duplicate): Allow user to trigger license re-sync and/or reset in system_register.php

There may be a case for adding some buttons in system_register.php that allow the user to 1) Force the existing pfSen... M Felden

10:41 AM Bug #14106 (New): arc4random: WARNING: initial seeding bypassed the cryptographic random device because it was not yet seeded and the knob 'bypass_before_seeding' was enabled.

23.01 is now showing this error after a fresh firmware install on a Netgate 2100-MAX system. It will continue to boot... Jonathan Lee

08:08 AM Regression #13895: Early boot hangs on Hyper-V with Gen2 VMs

Thanks Chris.
While this doesn't solve your immediate situation, it looks like repro is possible with Windows Serv... Leon Dang

03:11 AM Bug #14104 (New): Google LDAP connections still fail even after adding SNI for TLS 1.3

tested on 23.01 and with IPv6
After fixing https://redmine.pfsense.org/issues/11626 I see that the LDAP client is ... Azamat Khakimyanov

03/13/2023

09:17 PM Regression #13895: Early boot hangs on Hyper-V with Gen2 VMs

Here is a screenshot of the memmap command on an affect VM. This machine is on Windows Server 2022. The Pfsense VM ... Chris Poillion

05:54 PM Regression #14102 (Resolved): Console menu incorrectly shows option ``99`` on some ARMv7/ARM64 installations

The console menu is intended to only show menu option 99 'Install to device' if pfSense is not running from eMMC or S... Steve Wheeler

01:10 PM Regression #13824: CPU/Crypto Detection for the 3100 is not functioning properly

Bill McGonigle wrote in #note-4:
> Is the patch world-readable anywhere? I have affected hardware and the System Pa... Jim Pingle

01:08 PM Regression #13824: CPU/Crypto Detection for the 3100 is not functioning properly

Is the patch world-readable anywhere? I have affected hardware and the System Patches feature can't resolve this com... Bill McGonigle

09:28 AM Regression #14099 (Duplicate): snmpd SIOCGIFDESCR (e6000sw0port1): Device not configured

Duplicate of #13976 Jim Pingle

09:26 AM Regression #14099 (Duplicate): snmpd SIOCGIFDESCR (e6000sw0port1): Device not configured

See bug #8600 Björn Bylander

09:18 AM Bug #8600: "snmpd SIOCGIFDESCR (e6000sw0port1): Device not configured"

This bug seems to have popped up again on my SG-3100 after upgrading to 23.01. Björn Bylander

03/11/2023

09:37 PM Feature #13786: ldap intergration for firewall rules

Mike Moore wrote in #note-4:
> So there is no way in the future to create a LAN rule stating
> Src: AD/mmoore
> Ds... Kris Phillips

09:29 PM Feature #14017: Ability to remove all packages before upgardes with saved configuration

There is already an option to reinstall packages from Diagnostics --> Backup and Restore. It would be beneficial for... Kris Phillips

09:25 PM Regression #14080: Installer fails to install to a geom mirror

Typically right now we also have issues with the installer converting from gmirror to ZFS. Haven't tested since 22.0... Kris Phillips

12:30 PM Bug #13981 (Resolved): PHP Error on ``status_interfaces.php`` with empty switch VLAN group configuration and assigned VLAN interfaces

Replicated the issue on SG-2100.... Danilo Zrenjanin

03/10/2023

10:29 AM Bug #14068 (Closed): Importing Chained Cert Data into the System --> Cert Manager --> Certificates Breaks Authentication

Kris Phillips wrote in #note-2:
> The message of "Unknown CA" is what pfSense is sending to the remote host. This w... Jim Pingle

10:16 AM Bug #14068: Importing Chained Cert Data into the System --> Cert Manager --> Certificates Breaks Authentication

Jim Pingle wrote in #note-1:
> Allowing multiple CAs in a single entry was always a hackish workaround for things th... Kris Phillips

03/09/2023

02:45 PM Bug #14090 (New): Significant State Creation Causes LACP, BGP, and Possibly Other Components to Temporarily Fail

When testing with a customer, when a remote host has a large number of new states being created, then transitioning t... Kris Phillips

07:02 AM Bug #14085 (New): QAT not working / same speed as AES-NI with CPIC-8955!

My post on the netgate forum, still no unanswer:
https://forum.netgate.com/topic/175096/ipsec-with-qat-low-performan... Alexandru Racovita

03/08/2023

06:57 PM Regression #13895: Early boot hangs on Hyper-V with Gen2 VMs

I can't repro it in Win-11 Hyper-V. 4GB, ZFS, 3 NICs, ISO still attached.
In the loader prompt (option 3), can you... Leon Dang

07:54 AM Regression #14080: Installer fails to install to a geom mirror

Reid Linnemann wrote in #note-2:
> Do we want to cut the cord on UFS and just be done with it?
UFS is OK and not ... Jim Pingle

03/07/2023

11:02 PM Regression #14080: Installer fails to install to a geom mirror

Do we want to cut the cord on UFS and just be done with it? Reid Linnemann

07:44 PM Regression #14080: Installer fails to install to a geom mirror

You can get past that point by manually setting the UFS slice on the mirror to mount at @/@ though it still fails eve... Jim Pingle

06:12 PM Regression #14080 (New): Installer fails to install to a geom mirror

The 23.01 installer fails to create the expected mount points when trying to reinstall UFS to an existing gmirror.
... Steve Wheeler

12:21 PM Bug #14074: Cannot edit or delete ZFS Boot Environment with a name containing only numbers

more experimentation
if i create a new environment with the same name as the old damaged ones (now 0 or 1) it create... Mark Grant

03/06/2023

04:33 PM Bug #13967: aarch64 23.01 upgrade can fail to write the bootloader

Fix for this is introduced into pfSense-updgrade at revision 2c4bf3c in plus packages only at this time. pfSense-upgr... Reid Linnemann

03:46 PM Bug #14074: Cannot edit or delete ZFS Boot Environment with a name containing only numbers

did some more trials, and found if i just use the date as 20230306 it does it.
named it 20230306, the other day i na... Mark Grant

09:38 AM Bug #14074: Cannot edit or delete ZFS Boot Environment with a name containing only numbers

to get the initial issue;
what i did; i didnt read the limitation of what characters could be used, and used a "-"... Mark Grant

07:17 AM Bug #14074 (Feedback): Cannot edit or delete ZFS Boot Environment with a name containing only numbers

There must be some additional steps needed to replicate the problem. I tried a 23.01 system here and I could create a... Jim Pingle

02:53 AM Bug #14074: Cannot edit or delete ZFS Boot Environment with a name containing only numbers

now that it has this new boot environment '0' if i try to edit it, it makes a new boot environment. Each time.
ho... Mark Grant

07:08 AM Bug #14068 (Feedback): Importing Chained Cert Data into the System --> Cert Manager --> Certificates Breaks Authentication

Allowing multiple CAs in a single entry was always a hackish workaround for things that didn't support chains. Import... Jim Pingle

03/05/2023

03:43 PM Regression #13895: Early boot hangs on Hyper-V with Gen2 VMs

This can be replicated on Azure as well. Deploy a new pfSense+ 23.01 Gen 2 VM on Azure with a size which allows addin... Marcos M

03:38 PM Bug #14074: Cannot edit or delete ZFS Boot Environment with a name containing only numbers

Are you able to replicate this reliably? If so, please detail the steps to do so. Marcos M

03:18 PM Bug #14074 (Resolved): Cannot edit or delete ZFS Boot Environment with a name containing only numbers

i just created a new boot environment, but it apparently didnt like the name i gave it and set it to '0'
It cann... Mark Grant

03/03/2023

08:44 PM Bug #14068 (Closed): Importing Chained Cert Data into the System --> Cert Manager --> Certificates Breaks Authentication

Previously, including the entire CA chain as well as the client certificate in the certificate under System --> Cert ... Kris Phillips

09:20 AM Feature #14066 (New): Add line number to rules and insert option

From a rule management perspective, is it possible to do the following:
1. Add line numbers in the GUI. So an admin ... Mike Moore

02/28/2023

11:15 AM Regression #13993: Switch ports on 7100/1100/2100 do not have Auto MDI-X support enabled

Ryan Coleman wrote in #note-5:
> Ok so it is not available to 23.01 -- it would have to be a point release then?
... Jim Pingle

10:33 AM Bug #14044 (Not a Bug): After upgrade to 23.01, firewall will not route traffic anymore to the Internet

This behavior has existed for as long as I can remember. For example, the "Getting Started" guides for all appliances... Marcos M

02/27/2023

04:02 PM Bug #14044 (Not a Bug): After upgrade to 23.01, firewall will not route traffic anymore to the Internet

After upgrading to 23.01, if the WAN interface receives an IP address from the same range of addresses as configured ... Martin Kusch

03:05 PM Regression #13993: Switch ports on 7100/1100/2100 do not have Auto MDI-X support enabled

Jim Pingle wrote in #note-4:
> Ryan Coleman wrote in #note-3:
> > Luiz Souza wrote in #note-1:
> > > Fixed in 23.... Ryan Coleman

07:31 AM Regression #13993: Switch ports on 7100/1100/2100 do not have Auto MDI-X support enabled

Ryan Coleman wrote in #note-3:
> Luiz Souza wrote in #note-1:
> > Fixed in 23.05 and also in the 23.01 branch.
> ... Jim Pingle

07:52 AM Bug #13976: SNMP logs "Device not configured" error message when queries involve built-in switch port interfaces

This appears to be the same as #8600 and to fix it then, we suppressed that error.
Jim Pingle

07:44 AM Bug #13976: SNMP logs "Device not configured" error message when queries involve built-in switch port interfaces

Ditto. Same here after upgrading HA 7100's from 22.05 to 23.01.... Michael Novotny

02/26/2023

09:30 PM Regression #13993: Switch ports on 7100/1100/2100 do not have Auto MDI-X support enabled

Luiz Souza wrote in #note-1:
> Fixed in 23.05 and also in the 23.01 branch.
I don't see any recommended patches -... Ryan Coleman

02/25/2023

07:13 PM Regression #13993: Switch ports on 7100/1100/2100 do not have Auto MDI-X support enabled

running version 23.05.a.20230224.0600 on 7100 I am again able to successfully connect with 1100, this was not working... Jordan G

02/24/2023

05:47 PM Feature #14012: ZFS memory usage graphs

This feature request is probably related: zfs GUI functionality - alerts https://redmine.pfsense.org/issues/9226 but ... Patch Public