pfSense » pfSense Plus

08/31/2023

06:39 AM Feature #11920: SAML Authentication for pfSense (VPN and webConfigurator)

Have been told in https://forum.netgate.com/topic/182512/login-security-phishing-resistant-mfa/ that this was discuss... jeffrey Smith

08/30/2023

04:53 PM Feature #12546: Add 2FA Support to pfSense Plus Local Database Authentication

Can we please add support for passkeys into default accounts for pfsense.
Apple and Microsoft are adding native su... jeffrey Smith

08/28/2023

12:24 PM Bug #14720 (Duplicate): Traffic Graph Does Not Update For OpenVPN Interface When DCO Is Enabled

Seems like a duplicate of #14531
It's known/expected that in some cases DCO can't get traffic stats. Jim Pingle

12:18 PM Bug #14721 (Rejected): disable / enable interface

There are very few details here and I don't see anything unexpected in that log, it's restarting things that use the ... Jim Pingle

11:39 AM Bug #14721 (Rejected): disable / enable interface

when disable / enable gre interface, flap all other interface. Evgeny Korostelev

08/27/2023

06:29 PM Bug #14720 (Duplicate): Traffic Graph Does Not Update For OpenVPN Interface When DCO Is Enabled

Related forum thread:
https://forum.netgate.com/topic/182465/traffic-from-openvpn-interface-not-updating-on-traffi... Timo M

08/26/2023

06:29 PM Bug #14682 (Resolved): DCO OpenVPN server bound to Localhost does not pass traffic as expected

Tested against:... Danilo Zrenjanin

08:08 AM Bug #14682: DCO OpenVPN server bound to Localhost does not pass traffic as expected

Tested on
... Lev Prokofev

08/23/2023

10:54 PM Bug #14705: Changes in Ethernet ruleset can lead to incorrect rule and separator order

I was not able to replicate it (including with Ethernet rules, etc). If you can replicate this on a default install/c... Marcos M

10:21 PM Bug #14705: Changes in Ethernet ruleset can lead to incorrect rule and separator order

Thanks for looking into this. I am not changing the firewall configuration only the firewall rule when this occurs. L... Jonathan Lee

10:00 PM Bug #14705 (Rejected): Changes in Ethernet ruleset can lead to incorrect rule and separator order

I can only replicate this if I change the config while editing a rule. This is known behavior that is due to the inde... Marcos M

05:28 PM Bug #14705: Changes in Ethernet ruleset can lead to incorrect rule and separator order

For mine the rules are randomizing. I have some rules that jump to the middle and or end of the rule list. Jonathan Lee

05:21 PM Bug #14705 (Duplicate): Changes in Ethernet ruleset can lead to incorrect rule and separator order

Most likely a duplicate of #14691 or #14619 Jim Pingle

05:16 PM Bug #14705 (Closed): Changes in Ethernet ruleset can lead to incorrect rule and separator order

Hello fellow pfSense Redmine community members,
I noticed after the recent software update to 23.05.1 that issues ... Jonathan Lee

08/22/2023

06:38 PM Bug #14682 (Feedback): DCO OpenVPN server bound to Localhost does not pass traffic as expected

Committed upstream in https://cgit.freebsd.org/src/commit/?id=949491f2a6397f2514f8fcde1c7dc61bd82f201a, and cherry-pi... Kristof Provost

03:45 PM Bug #14682 (In Progress): DCO OpenVPN server bound to Localhost does not pass traffic as expected

I've also been able to reproduce this.
The problem turns out to be that we pass through pf multiple times (which i... Kristof Provost

05:06 PM Feature #14348 (Resolved): Add unicast CARP indication and peer address to CARP status

This looks really good on Plus and CE both compared to before. Much more useful information and it all appears to be ... Jim Pingle

08/21/2023

10:38 PM Regression #14703: 2100 pcie wireless issues

https://redmine.pfsense.org/issues/5121
Also talks about the now degraded Wireless Antenna Selection GUI setting Jonathan Lee

10:36 PM Regression #14703: 2100 pcie wireless issues

Antenna tx and rx adjustments missing on 23.05.1
See attached is the new GUI settings showing changes Jonathan Lee

10:31 PM Regression #14703: 2100 pcie wireless issues

https://redmine.pfsense.org/issues/13
was the options removed for antenna adjustments? It use to display them in the... Jonathan Lee

10:16 PM Regression #14703: 2100 pcie wireless issues

even when removing dev.ath.0.tpc and dev.ath.0.tpcscale and setting tpack and tpcts to 99 it does not take the config... Jonathan Lee

07:00 PM Regression #14703: 2100 pcie wireless issues

When I would add a system tunable for tpcts and tpack and reboot or manually adjust they would never change and alway... Jonathan Lee

06:53 PM Regression #14703: 2100 pcie wireless issues

Compex WLE200NX Wireless A/B/G/N Network Mini PCIe Adapter (A4343) is the only card that works inside the 2100 Jonathan Lee

06:51 PM Regression #14703 (New): 2100 pcie wireless issues

Hello fellow pfSense Packages Redmine community members can you please help.
1. The SG-2100MAX the Compex WLE200NX... Jonathan Lee

02:12 PM Bug #14701: Regression #14374 new issue with active DHCP leases can no longer differentiate between online and offline system.

Static ARP entries must always be in the table. Prior to that patch, static ARP was broken, which is why the DHCP sta... Jim Pingle

02:08 PM Bug #14701: Regression #14374 new issue with active DHCP leases can no longer differentiate between online and offline system.

Thanks for looking into this, prior to this PfSense patch I was able to see if a device was on or offline in the stat... Jonathan Lee

01:09 PM Bug #14701 (Not a Bug): Regression #14374 new issue with active DHCP leases can no longer differentiate between online and offline system.

The online/offline status is solely based off the presence of the client MAC address in the ARP table. With static AR... Jim Pingle

08/20/2023

11:42 PM Bug #14701 (Not a Bug): Regression #14374 new issue with active DHCP leases can no longer differentiate between online and offline system.

Hello fellow pfSense Redmine community members,
I wanted to add a note about a new issue showing. The active stati... Jonathan Lee

08/19/2023

12:48 PM Bug #14129 (Resolved): Chelsio T520 unable to route past 470Mbps

This is resolved by https://redmine.pfsense.org/issues/14207 Steve Wheeler

10:37 AM Bug #14175: LDAP authentication for SSH fails

Marcos M wrote in #note-6:
> With @Use Authentication Server for Shell Authentication@ checked, this issue can preve... Emre K

07:09 AM Bug #14531: Traffic Graph widget doesn't show traffic counts for OpenVPN interfaces since 23.05.1 upgrade.

The same behavior on ... Lev Prokofev

08/16/2023

07:40 PM Feature #14348 (Feedback): Add unicast CARP indication and peer address to CARP status

Implemented in:
* https://gitlab.netgate.com/pfSense/pfSense/-/commit/d02e9664d251f54d99e5738808ea25b018421754 (CE... Jim Pingle

08/15/2023

02:06 PM Bug #14586: Adding an IP Alias VIP using a unicast CARP VIP as its parent changes the CARP VIP to multicast at the OS level

Ok, cool. Thanks for letting me know. I'll await 23.09. :) James George

01:29 PM Bug #14586: Adding an IP Alias VIP using a unicast CARP VIP as its parent changes the CARP VIP to multicast at the OS level

Oh shoot, I apologize. I created the patch from a previous aborted MR, which I had closed before I saw and corrected ... Reid Linnemann

03:17 AM Bug #14586: Adding an IP Alias VIP using a unicast CARP VIP as its parent changes the CARP VIP to multicast at the OS level

Thanks Reid.
Unfortunately, this seems to only be a partial fix (for me at least) - it does not work at bootup. I ... James George

02:54 AM Bug #14682: DCO OpenVPN server bound to Localhost does not pass traffic as expected

I was able to confirm this bug on 2100 w/23.05.1. Craig Coonrad

08/14/2023

10:19 PM Bug #14586: Adding an IP Alias VIP using a unicast CARP VIP as its parent changes the CARP VIP to multicast at the OS level

James George wrote in #note-9:
> I'm happy to test the fix in my environment if you'd like; I'd just need a diff/pat... Reid Linnemann

02:30 PM Bug #14682: DCO OpenVPN server bound to Localhost does not pass traffic as expected

I can confirm this (even on 23.09 snaps) but it doesn't seem to be a routing issue. I see all the same interface conf... Jim Pingle

12:32 PM Bug #14685 (Not a Bug): Kernel panic on reroot

The crash looks like it could potentially be a problem with the filesystem or disk. While there is a possibility it's... Jim Pingle

08/13/2023

08:28 PM Bug #14685 (Feedback): Kernel panic on reroot

When running a reroot on my firewall (Dell R220) it starts to stop services just fine then kernel panics and does a w... Ed McLain

08/12/2023

09:27 PM Bug #14682 (Resolved): DCO OpenVPN server bound to Localhost does not pass traffic as expected

When connected to an OpenVPN server that has DCO enabled and the OpenVPN server is bound to Localhost with Port Forwa... Kris Phillips

08/10/2023

12:05 PM Bug #14586 (Resolved): Adding an IP Alias VIP using a unicast CARP VIP as its parent changes the CARP VIP to multicast at the OS level

Jim Pingle

07:36 AM Bug #14586: Adding an IP Alias VIP using a unicast CARP VIP as its parent changes the CARP VIP to multicast at the OS level

Tested on Dev build... Lev Prokofev

08/08/2023

11:42 PM Bug #14586: Adding an IP Alias VIP using a unicast CARP VIP as its parent changes the CARP VIP to multicast at the OS level

I'm happy to test the fix in my environment if you'd like; I'd just need a diff/patch to apply if the official fix is... James George

04:13 PM Bug #14586: Adding an IP Alias VIP using a unicast CARP VIP as its parent changes the CARP VIP to multicast at the OS level

Updating subject for release notes. Jim Pingle

04:09 PM Bug #14586 (Feedback): Adding an IP Alias VIP using a unicast CARP VIP as its parent changes the CARP VIP to multicast at the OS level

Fixed in eab8453f Reid Linnemann

02:17 PM Bug #13348: Error when deleting ZFS Boot Environment created from duplicate of non-default entry

Updating subject for release notes. Jim Pingle

08/07/2023

04:48 PM Bug #14586: Adding an IP Alias VIP using a unicast CARP VIP as its parent changes the CARP VIP to multicast at the OS level

I've got a similar patch incoming, and this should be included in the System Patches as well I think. Reid Linnemann