pfSense » pfSense Plus

06/28/2023

03:04 PM Bug #14515: Ethernet rule Action field hint text lists "reject" option which is not compatible with Ethernet rules

Updating subject and fixing project/target. Jim Pingle

02:17 PM Bug #14515 (Feedback): Ethernet rule Action field hint text lists "reject" option which is not compatible with Ethernet rules

Thanks.
pf(4) only supports pass/block action semantics for L2 rule processing, reject/match are not supported.
I h... Christian McDonald

06/27/2023

10:25 PM Bug #14515 (Resolved): Ethernet rule Action field hint text lists "reject" option which is not compatible with Ethernet rules

Hello fellow pfsense redmine members,
I wanted to post this under the experimental layer 2 access control list are... Jonathan Lee

06/26/2023

12:26 PM Bug #14507 (Not a Bug): CPU hog with 23.05

Given that the thread in question is from iflib this seems more like busy hardware or an upstream driver issue and no... Jim Pingle

06/25/2023

04:15 PM Bug #14507: CPU hog with 23.05

If there is a bug, it's more likely to be upstream. FWIW a debug kernel is available in the pfSense repo:... Marcos M

07:49 AM Bug #14507: CPU hog with 23.05

Kris Phillips wrote in #note-1:
> I'm unable to reproduce this on 23.05 on an amd64 system.
>
> kernel{if_io_tq... Juraj Lutter

01:55 AM Bug #14507: CPU hog with 23.05

I'm unable to reproduce this on 23.05 on an amd64 system.
kernel{if_io_tqg_1} would be interface processing from... Kris Phillips

06/24/2023

07:32 AM Bug #14507 (Not a Bug): CPU hog with 23.05

I’ve started to observe a CPU hog of one CPU core on APU2 box running pfSense 23.05.
dtrace showed:... Juraj Lutter

06/23/2023

02:32 PM Bug #14385 (Resolved): Unicast CARP VIPs do not communicate using IPv6 Link Local Addresses

Confirmed fixed here as well. I can set an LL on the VIP peer and it communicates as expected and reflects the proper... Jim Pingle

12:54 PM Bug #14385: Unicast CARP VIPs do not communicate using IPv6 Link Local Addresses

23.05.1 fixes the issue
tested on:
Version 23.05.1-RC (amd64)
built on Wed Jun 21 19:31:48 UTC 2023
FreeBSD 14.0-... Georgiy Tyutyunnik

06/20/2023

08:42 AM Bug #13569: Restarting an OpenVPN server running on a CARP VIP in an HA cluster can disrupt unrelated TCP states

I don't think those two are related. Florian Apolloner

06/19/2023

10:36 PM Bug #13569: Restarting an OpenVPN server running on a CARP VIP in an HA cluster can disrupt unrelated TCP states

Potentially related to https://redmine.pfsense.org/issues/11556 Marcos M

04:57 PM Bug #14478: Ethernet rules using ``(self)`` as a source or destination make the ruleset fail to load

The issue here is that pfctl is not correctly parsing the case where the L3 host spec is a dynamic host, that is @(se... Christian McDonald

07:59 AM Bug #14385: Unicast CARP VIPs do not communicate using IPv6 Link Local Addresses

So the fix was already in 2.7 BETA, and was also cherry-picked to the plus-RELENG_23_05 branch in case of future poin... Kristof Provost

06/18/2023

02:51 AM Regression #14436: Upgrades from 23.05-RC/beta/dev fail server authentication

Still unable to hit this again when switching update branch or add/removing packages. Lets verify what branches shoul... Jordan G

06/17/2023

03:48 PM Bug #14385: Unicast CARP VIPs do not communicate using IPv6 Link Local Addresses

I tested against the latest Plus DEVELOPMENT built.
The behavior is consistent with the explanation provided. It a... Danilo Zrenjanin

06/16/2023

06:43 PM Bug #14478 (In Progress): Ethernet rules using ``(self)`` as a source or destination make the ruleset fail to load

Christian McDonald

06:43 PM Bug #14478: Ethernet rules using ``(self)`` as a source or destination make the ruleset fail to load

Tracked this down. Fix in progress. Christian McDonald

05:03 PM Bug #14478 (Resolved): Ethernet rules using ``(self)`` as a source or destination make the ruleset fail to load

Specific Ethernet rule configuration produces rules loading error. Seems to be linked with "Destination IP" set as "O... Georgiy Tyutyunnik

06/14/2023

02:26 PM Feature #13786: ldap intergration for firewall rules

Appreciate the feedback Kris! Mike Moore

06/13/2023

01:56 PM Bug #13569: Restarting an OpenVPN server running on a CARP VIP in an HA cluster can disrupt unrelated TCP states

Debugging even further this seems to be timing sensitive. If I run @pfctl -i ovpns1 -Fs && pfSctl -c 'filter reload a... Florian Apolloner

01:38 PM Bug #13569: Restarting an OpenVPN server running on a CARP VIP in an HA cluster can disrupt unrelated TCP states

I am able to reproduce the issue and I can also confirm that the issue is gone if I comment out @/sbin/pfctl -i $1 -F... Florian Apolloner

08:48 AM Bug #13569: Restarting an OpenVPN server running on a CARP VIP in an HA cluster can disrupt unrelated TCP states

Marcos M wrote in #note-5:
> Additional notes while working with cjl:
> Commenting out the line @/sbin/pfctl -i $1 ... Florian Apolloner

08:43 AM Bug #13569: Restarting an OpenVPN server running on a CARP VIP in an HA cluster can disrupt unrelated TCP states

Hi there, I think I am seeing the same issue (on 23.05). I also do have OpenVPN on CARP IPs as of now (though openvpn... Florian Apolloner

06/11/2023

10:50 PM Bug #14467: Temperature sensor reading is abnormally high on some systems

This is not true for all pchtherm devices though. For example:... Steve Wheeler

04:52 PM Bug #14467 (New): Temperature sensor reading is abnormally high on some systems

The temperature reading @dev.pchtherm.0.temperature@ was introduced in 23.01 and it seems to be incorrect. It fluctua... Marcos M

06:57 PM Regression #14436: Upgrades from 23.05-RC/beta/dev fail server authentication

this may have been from logging in as someone other than admin? don't seem to be able to replicate what I saw previou... Jordan G

06/10/2023

08:18 PM Regression #14436: Upgrades from 23.05-RC/beta/dev fail server authentication

Following a reboot on 8200 (which previously had gotten the latest pfSense-repoc, pfSense-upgrade; could pull, instal... Jordan G

06/08/2023

02:34 PM Bug #14461: Uncaught TypeError after import alias

This site is not for support or diagnostic discussion.
For assistance in solving problems, please post on the "Net... Jim Pingle

02:22 PM Bug #14461: Uncaught TypeError after import alias

Jim Pingle wrote in #note-1:
> Duplicate of #14412
>
> Already fixed and in system patches.
Oké but it complet... Marc Hagen

02:04 PM Bug #14461 (Duplicate): Uncaught TypeError after import alias

Duplicate of #14412
Already fixed and in system patches. Jim Pingle

01:49 PM Bug #14461 (Duplicate): Uncaught TypeError after import alias

/firewall_aliases_import.php?tab=ip
After importing a alias with the following info:
Name: RFC5771_Multicast
D... Marc Hagen

12:37 PM Bug #14329: DDNS IPv6 update PHP error

The solution might be as simple as : https://forum.netgate.com/topic/180552/23-05-uncaught-error-attempt-to-assign-pr... Gertjan KROEB

03:14 AM Todo #14456 (Resolved): Update Ethernet rules Description field help text

Looks good. Marcos M

06/07/2023

12:50 PM Feature #14459 (Not a Bug): SNMP obsolete 32bit counters

If you use the appropriate high capacity (HC) OIDs for 64-bit counters they are there:... Jim Pingle

08:21 AM Feature #14459 (Not a Bug): SNMP obsolete 32bit counters

Hi,
We have 10G interfaces and we are trying to monitor speed on them with SNMP. Values are stored in 32-bit count... Tomas Vecko

06/06/2023

04:47 PM Regression #14436 (Feedback): Upgrades from 23.05-RC/beta/dev fail server authentication

Fixed in the latest pfSense-upgrade package (1.0_67 for 23.05). Luiz Souza

10:55 AM Regression #14454: Im Captive-Portal funktionieren erlaubte IP-Adressen und erlaubte Hostnamen seit Update von CE auf PFSense+ nicht mehr

I've been using PFSense for years. It runs on Netgate APU. Updates etc. have not been a problem so far. I have now up... Volker Lohs

10:54 AM Regression #14454: Im Captive-Portal funktionieren erlaubte IP-Adressen und erlaubte Hostnamen seit Update von CE auf PFSense+ nicht mehr

Jim Pingle wrote in #note-1:
> This site is not for support or diagnostic discussion, and submissions must also be i... Volker Lohs

06/05/2023

07:34 PM Todo #14456 (Feedback): Update Ethernet rules Description field help text

Fixed
https://gitlab.netgate.com/pfSense/factory/-/commit/b8d60d33bdb6d7d9f4b2676cefa8fec6e389e132
https://gitlab.ne... Christian McDonald

07:08 PM Todo #14456 (Resolved): Update Ethernet rules Description field help text

Ethernet rules do not support logging. The Description help text for ethernet rules currently shows:
> A description... Marcos M

03:58 PM Regression #14454 (Rejected): Im Captive-Portal funktionieren erlaubte IP-Adressen und erlaubte Hostnamen seit Update von CE auf PFSense+ nicht mehr

This site is not for support or diagnostic discussion, and submissions must also be in English.
Looking at a trans... Jim Pingle

03:48 PM Regression #14454 (Rejected): Im Captive-Portal funktionieren erlaubte IP-Adressen und erlaubte Hostnamen seit Update von CE auf PFSense+ nicht mehr

ich habe PFSense seit Jahren im Einsatz. Es läuft auf Netgate APU. Updates etc. stellten bisher keine Probleme dar. I... Volker Lohs

12:34 PM Regression #14451 (Duplicate): Not create static ARP when have additional DHCP pool

Duplicate of #14374 Jim Pingle

05:06 AM Regression #14451: Not create static ARP when have additional DHCP pool

Important detail !!!
When make it manual - ARP record normal create, but after reboot - ARP record is not static :(
Evgeny Korostelev

04:59 AM Regression #14451 (Duplicate): Not create static ARP when have additional DHCP pool

Not create static ARP when have additional DHCP pool
Screenshots in attachments Evgeny Korostelev

06/04/2023

05:00 PM Regression #14137 (Resolved): pfSense Plus Upgrade repo data remains on the system after upgradng

Marcos M

05/31/2023

10:59 PM Bug #14440 (Closed): Firewall rule traffic counters show invalid values on 32bit platforms

The traffic counters shown on firewall rules on the 3100 are limited to the 32bit integer maximum of 2,147,483,647 by... Steve Wheeler

12:22 PM Bug #14439 (Not a Bug): Upgrade from 23.01 > 23.05 throws Undefined Constant IFF_PPROMISC

That constant is registered by the pfSense PHP module. If it's not there, some component(s) of your system did not up... Jim Pingle

09:33 AM Bug #14439 (Not a Bug): Upgrade from 23.01 > 23.05 throws Undefined Constant IFF_PPROMISC

Running N5105 Topton router w/ i226v interfaces.
I just rebuilt my PFSense box from running Proxmox to a bare meta... Ryan Meskill

05/30/2023

04:26 PM Regression #14436 (Closed): Upgrades from 23.05-RC/beta/dev fail server authentication

Upgrades from earlier 23.05 versions can fail due to the configured branch no longer existing and server cert from th... Steve Wheeler