pfSense

06/06/2018

09:27 PM Bug #8555 (Duplicate): Selectively killing states on WAN failure

The current options on a WAN failure is to kill all states, or none at all. In a scenario such as having a wireless ... Steven Brown

07:33 PM Bug #8554: /etc/rc.kill_states code not correctly parsing pfctl output

Sorry, I believe the patch should be:... Steven Brown

07:28 PM Bug #8554 (Resolved): /etc/rc.kill_states code not correctly parsing pfctl output

The patches added in Bug #2887 no longer works as expected because the output of pfctl -ss no longer matches the form... Steven Brown

03:38 PM Feature #8548: User creation is not logged correctly

Group error bug moved to #8553 Jim Pingle

03:30 PM Feature #8548 (Feedback): User creation is not logged correctly

Applied in changeset commit:3fa6d46229757e2316120a7160a806bb7d28a8ed. Jim Pingle

03:06 PM Feature #8548: User creation is not logged correctly

#1 Adding logging is a feature request, not a bug.
#2 is not a logging issue, it's a bug and it needs its own ticket... Jim Pingle

03:37 PM Bug #8553 (Resolved): Creating a user as a member of a group fails to add that group to the user

When creating a user, if a group is selected during account creation, the group is not added to the user at the OS le... Jim Pingle

02:17 PM Feature #8552 (Resolved): enable http2

http2 brings some improvements (single connection, multiplexing, etc.) and nginx supports it since version 1.9.5 (htt... Laurent QUILLEROU

01:46 PM Bug #8551 (Resolved): Routed IPsec/VTI is unable to communicate from the ipsecX interface address to a routed target

Breaking this away from #8544 since the feature in general works aside from this separate issue.
With routed IPsec... Jim Pingle

12:48 PM pfSense Packages Bug #8550 (Closed): OpenBGPd: bgpd is not started at boot

I have installed the OpenBGPd package on pfsense 2.4.2 and generally, it all works great.
However, after reboot, b... Christian Franke

11:09 AM Feature #7029: GRE interfaces not available as SPAN port

It's not that easy either, FreeBSD will not allow you to add a GRE interface as a span port:... Jim Pingle

03:52 AM Feature #7029: GRE interfaces not available as SPAN port

Jim Pingle wrote:
> As far as I can tell, FreeBSD doesn't support it. If you want ERSPAN support for FreeBSD GRE int... Idar Lund

10:45 AM Bug #6873: radvd - Too many addresses in RDNSS section when previously using DHCPv6

Since 2.4.3_p1 came out, I have been having a tremendous amount of trouble with IPv6 and RADVD specifically - address... Travis McMurry

09:30 AM Feature #8544 (Feedback): Routed IPsec using FreeBSD if_ipsec(4) VTI

Applied in changeset commit:aea2a0c333407c0d8b74a51a9dec0829dc78db72. Jim Pingle

03:24 AM Bug #8549 (Not a Bug): IPsec: Enable bypass for LAN interface IP has no effect when supernetting in IPSec P2

My current setup allows access to the LAN Interface IP (192.168.1.1/24) through the IPsec VPN connection no matter ho... Lars Wolos

06/05/2018

09:24 PM Feature #8544: Routed IPsec using FreeBSD if_ipsec(4) VTI

Interface numbering is fixed, VTI reqids work as expected and line up between strongswan and ipsecX numbering and use... Jim Pingle

09:11 AM Feature #8544 (Assigned): Routed IPsec using FreeBSD if_ipsec(4) VTI

There is a problem with how the interfaces are numbered, since with more tunnels and phase 2 entries around the ID us... Jim Pingle

06/04/2018

06:01 PM pfSense Packages Bug #5168: squid doesn't function during/after HA failover

Chris Buechler wrote:
> should be possible, and a good idea, to list VIPs in the binding list.
>
> As a workaroun... Adam Gibson

04:02 PM Feature #8548 (Resolved): User creation is not logged correctly

Two issues:
1. Creating a non-admin user via WebGUI does not show in log.
2. Creating a new user in admin group... Ivor Kreso

02:28 PM Feature #8544 (Feedback): Routed IPsec using FreeBSD if_ipsec(4) VTI

Changes pushed, next snapshots should be better for testing. Jim Pingle

01:10 PM Feature #8544 (Assigned): Routed IPsec using FreeBSD if_ipsec(4) VTI

Reopening as there are some issues with how the tunnel addresses are applied to the interface (local and remote shoul... Jim Pingle

06/03/2018

03:35 PM Feature #8546: Ability to download pfSense updates via another gateway

Understood, thank you very much. Stéphane Lapie

02:31 PM Feature #8546 (Duplicate): Ability to download pfSense updates via another gateway

This is already covered by other things here, and likely is already solved on 2.4.4 by the new feature where you can ... Jim Pingle

11:10 AM Feature #8544: Routed IPsec using FreeBSD if_ipsec(4) VTI

Jim Pingle wrote:
> Once a new snapshot is up with the later two commits it should be OK for testing.
Just tested... Michael OBrien

06/02/2018

09:13 AM Bug #8498 (Not a Bug): cloudflare Dynamic DNS is not working

Jim Pingle

09:00 AM Bug #8498: cloudflare Dynamic DNS is not working

This was an issue in your configuration and no bug oft pfsense.
You had no entry makkawi.win in cloudflare. So pf... Michael Geiger

09:12 AM Feature #3652: OpenVPN - Dynamic IPv6 Tunnel Network

Feature #7281 is a duplicate of that
I would love to see this feature too. Unfortunatley it is not easy to implem... Michael Geiger

06/01/2018

06:38 AM pfSense Packages Feature #8547 (New): fwknop Port Knocking Package

"fwknop":http://www.cipherdyne.org/fwknop is a quite well established "next generation" advance on simple port knocki... Stilez y

05/31/2018

09:38 PM Feature #8546 (Duplicate): Ability to download pfSense updates via another gateway

I am mainly using pfSense in a CARP+HAproxy scenario (with a WAN and a LAN interface), and have to face a little conu... Stéphane Lapie

07:36 PM Bug #8489: DHCPv6 Client Failure to Initialize with "Do not wait for RA"

Jim Pingle wrote:
> I still can't replicate this here even by checking "Do not wait for RA", but I do not have a pro... Daryl Morse

09:59 AM Bug #8545: LACP can't be established on QLogic NetXtreme II BCM57810 NICs

That should probably be tested on FreeBSD directly to see if the problem happens there as well. It sounds like a driv... Jim Pingle

06:50 AM Bug #8545 (Rejected): LACP can't be established on QLogic NetXtreme II BCM57810 NICs

I created LAGG interface with two network cards (QLogic NetXtreme II BCM57810 10GbE (B0) BXE v:1.78.90) and assigned ... Alex Kolesnik

09:50 AM Feature #8544: Routed IPsec using FreeBSD if_ipsec(4) VTI

Once a new snapshot is up with the later two commits it should be OK for testing. Jim Pingle

09:50 AM Bug #8543 (Feedback): IKE Phase 1 configuration not working

Applied in changeset commit:ac976b7e061f19d108a6f60a57ce6866dd0a9499. Jim Pingle

09:41 AM Bug #8543 (Confirmed): IKE Phase 1 configuration not working

OK, I can replicate it in IE and confirm the fix. Pushing momentarily. Jim Pingle

12:41 AM Bug #8543: IKE Phase 1 configuration not working

I used chrome Version 57.0.2987.133 (64-bit) and MS-IE 11.431.162990 (32 and 64 bit) on Windows 10.
This depends o... Thomas Eckardt

09:35 AM Feature #7029 (Closed): GRE interfaces not available as SPAN port

As far as I can tell, FreeBSD doesn't support it. If you want ERSPAN support for FreeBSD GRE interfaces, the issue ne... Jim Pingle

05:45 AM Feature #7029: GRE interfaces not available as SPAN port

Any news on this one? In our virtualized world, it would be awesome to be able to forward copy of traffic over L3. Es... Idar Lund

05/30/2018

08:45 PM Bug #6974: radvd enabled on a disconnected interface kills RA completely on all interfaces

and... should be fixed by radvd-2.17_5. Check #8429 for the current bug. Luiz Souza

08:43 PM Bug #8429 (Feedback): radvd/IPv6 broken in 2.4.3 when using a LAN bridge

Should be fixed with radvd-2.17_5. Please check with the next 2.4.4 snapshot.
Sorry for the breakage. Luiz Souza

04:10 PM Feature #8544 (Feedback): Routed IPsec using FreeBSD if_ipsec(4) VTI

Applied in changeset commit:bd4c337c061f989c4be1bbeaf207447cd8af4989. Jim Pingle

03:53 PM Feature #8544 (Resolved): Routed IPsec using FreeBSD if_ipsec(4) VTI

Add routed IPsec using @if_ipsec(4)@ VTI (Virtual Tunnel Interfaces) from FreeBSD 11.1 and later with strongSwan.
... Jim Pingle

10:05 AM Bug #8543 (Feedback): IKE Phase 1 configuration not working

I can't replicate this problem here. I see what you mean about that variable not being populated, but the page still ... Jim Pingle

10:00 AM Bug #8540 (Feedback): Disable Rekey Checkbox Should be Disabled on New IPsec Tunnels

Applied in changeset commit:5f04221b2b4e448e7502a2e9f88f0d1295a67f03. Jim Pingle

09:30 AM Bug #8489 (New): DHCPv6 Client Failure to Initialize with "Do not wait for RA"

I still can't replicate this here even by checking "Do not wait for RA", but I do not have a provider that requires i... Jim Pingle

05/28/2018

11:56 PM Bug #8543 (Resolved): IKE Phase 1 configuration not working

issue:
strongSwan uses only AES 128, because keylen is empty in the pfsense config file.
... Thomas Eckardt

09:07 PM Bug #8542 (Closed): Web GUI did not prompt for NIC reassignment when config restore on hardware with different NICs was performed

Old system: SG-1000 pfsense 2.4.3
New system: amd64 mini-PC pfsense 2.4.3 freshly installed with two realtek NICs na... Jakub Osika

08:54 PM Bug #8541 (Rejected): pf blocking OpenVPN connection causing OpenVPN fail repeatedly and then connecting successfully when connection is no longer being blocked

Hey,
I recently switched to development snapshots and I have noticed that suricata and openvpn together give out s... rub man

08:26 PM pfSense Packages Todo #8433: Upgrade NRPE-SSL Package to NRPE3

The only valid test would be on 2.4.4 or 2.3.5-p2 (where it wasn't intended to be yet, but ended up after the last re... Jim Pingle

08:25 PM pfSense Packages Todo #8433: Upgrade NRPE-SSL Package to NRPE3

How can I go about testing it on 2.4.3-p1 to help out? I currently just have the nrpe3 package installed from the Fre... Ken Sim

07:51 PM pfSense Packages Todo #8433: Upgrade NRPE-SSL Package to NRPE3

I haven't had any feedback on how well (if at all) that it works. If it can get some testing, at least on 2.4.4, then... Jim Pingle

07:34 PM pfSense Packages Todo #8433: Upgrade NRPE-SSL Package to NRPE3

Jim,
Is it possible to get it back ported to 2.4.3-p1 or is there still some issues that need to be worked out?
... Ken Sim

05:07 PM Bug #8540 (Resolved): Disable Rekey Checkbox Should be Disabled on New IPsec Tunnels

When a new IPsec Phase 1 tunnel is created the Disable Rekey checkbox is checked by default.
I would argue that th... Chris Linstruth

05/27/2018

08:12 PM pfSense Packages Todo #8433: Upgrade NRPE-SSL Package to NRPE3

Good timing. Ubuntu 18.04 ships with a new version of OpenSSL that stops @check_nrpe@ from contacting old versions be... Yehuda Katz

03:45 PM Bug #8539 (Resolved): ACLs not configurable in German Language UI

Webinterface does not save ACL entries or changes to existing ones when WebUI is set to German language. Works fine w... Marcus Scholz

12:22 PM Bug #8489: DHCPv6 Client Failure to Initialize with "Do not wait for RA"

Is this error: May 21 14:51:51 dhcp6c 49073 transmit failed: Input/output error generated by pfsense or freebsd? I no... Daryl Morse

07:04 AM Bug #7600: Unable to save DNS Resolver settings

I can agree that is in the 2.4.3-RELEASE-p1 (amd64) as well!!
My solution was to deactivate and deinstall "pfBlock... E P

05/26/2018

01:15 PM Bug #8489: DHCPv6 Client Failure to Initialize with "Do not wait for RA"

Jim Pingle wrote:
> I can't reproduce this here on any hardware I have, real or virtual.
>
> It might be in that ... Daryl Morse

08:21 AM Bug #8489 (Not a Bug): DHCPv6 Client Failure to Initialize with "Do not wait for RA"

I can't reproduce this here on any hardware I have, real or virtual.
It might be in that NIC driver, or some other... Jim Pingle

05/25/2018

02:50 PM Bug #8070: IKEv2 IPSec tunnel under load crashes pfSense when AES-NI is enabled

Jan Jurkus wrote:
> I want to refer you to this forumpost: https://forum.pfsense.org/index.php?topic=139146.0
>
>... Paul Youngberg

11:18 AM Bug #8537: Update from 2.3.5_1 to 2.3.5_2 on nanobsd failed

I cannot confirm this.
Update from 2.3.5_1 to 2.3.5_2 on nanobsd successful here. Chris Palmer

09:03 AM Bug #8537: Update from 2.3.5_1 to 2.3.5_2 on nanobsd failed

Jim Pingle wrote:
> "Secondary partition (/dev/ufs/pfsense1), used for upgrade not found" reads like you didn't writ... Laurent BONNIN

07:46 AM Bug #8537 (Not a Bug): Update from 2.3.5_1 to 2.3.5_2 on nanobsd failed

"Secondary partition (/dev/ufs/pfsense1), used for upgrade not found" reads like you didn't write a full NanoBSD imag... Jim Pingle

06:46 AM Bug #8537 (Not a Bug): Update from 2.3.5_1 to 2.3.5_2 on nanobsd failed

Update process from GUI failed due to Duplicate slice missing.
See below detailled informations from GUI textare
... Laurent BONNIN

10:03 AM pfSense Packages Bug #8538: arpwatch missing ethercodes.dat

actually, this is syntax error -- single-quote vs double-quote issue on line 149 of the .inc
changing it to ARPWAT... ROB VANHOOREN

09:35 AM pfSense Packages Bug #8538 (Closed): arpwatch missing ethercodes.dat

attached script will pull down the current mac address data from IEEE and parse it for arpwatch (and nmap, fwiw)
i... ROB VANHOOREN

05/24/2018

04:12 PM Feature #2358: NAT64 support

I would like to see this added as well. Large companies such as Microsoft are using NAT64 and going IPv6 only because... Isaac McDonald

01:12 PM pfSense Packages Bug #8438: haproxy: can't use ACL for cert with http-response actions

Thanks for checking.
- Inconsistent method of reordering list entries
I thought i removed those up/down arrows. T... Pi Ba

08:24 AM pfSense Packages Bug #8438: haproxy: can't use ACL for cert with http-response actions

Done some quick test and it seems mostly fine, even the configuration was "migrated" successfully.
Just few things I... Petr H

08:37 AM Bug #8536 (Duplicate): Logout not working as intended

Appears to be a duplicate of #8441
Try on 2.4.3-p1, not 2.4.3. Jim Pingle

08:29 AM Bug #8536 (Duplicate): Logout not working as intended

Hi,
On 2.4.3, we using multiple CP with multiple virtual interface (vlan tagging).
When a user disconnect (or an ... Nymous Ano

05/23/2018

09:16 PM Bug #8535 (Duplicate): SMTP fails to work with STARTTLS and TLS

Problems:
1) I read on the pfSense forums that the new Pear-Mail should automatically use STARTTLS if the server off... Jeremy  99

06:08 PM pfSense Packages Bug #8438: haproxy: can't use ACL for cert with http-response actions

Ive added a set of commits to this branche for now..: https://github.com/PiBa-NL/FreeBSD-ports/tree/20180521-haproxy-... Pi Ba

03:42 PM Bug #8534: Invalid DHCP options can be added

See https://github.com/pfsense/pfsense/pull/3943 Michael Newton

03:37 PM Bug #8534 (Resolved): Invalid DHCP options can be added

Had a user who wanted to temporarily "disable" a DHCP option so he set it to zero. This corrupted the DHCP response. ... Michael Newton

03:03 AM Bug #8498: cloudflare Dynamic DNS is not working

Now it is working with 2.4.3 p1
Also I added dynamic in cloudflare and in the host name
See attached picture Mohammad Makkawi

05/22/2018

08:59 PM Bug #8533: OpenVPN with 2 site to site tunnels adds routes to first OpenVPN interface only

My apologies, the update information on the firewall was telling me I was already on the latest version, will investi... Jonathan Trott

08:53 PM Bug #8533 (Rejected): OpenVPN with 2 site to site tunnels adds routes to first OpenVPN interface only

Highly unlikely there is a bug here, it's most likely a configuration issue. Please post on the forum (when it comes ... Jim Pingle

08:32 PM Bug #8533 (Rejected): OpenVPN with 2 site to site tunnels adds routes to first OpenVPN interface only

We had setup a single OpenVPN site to site connection to a remote Sophos XG firewall with no issues. pfSense being th... Jonathan Trott

08:40 AM Feature #8525 (Feedback): add to status.php

Applied in changeset commit:03ce110725129b5f35c62f4985f631a1e3b5d046. Jim Pingle

07:45 AM Feature #8532 (New): Ability to add metric to pushed routes

By default GUI for OpenVPN server creates line as:... Pawel Szafer

12:17 AM Feature #336: Option to create lagg under assign interfaces

If you only needed the LAGG, VLANs and the interfaces :... Stéphane Lapie

05/21/2018

11:02 PM Feature #336: Option to create lagg under assign interfaces

I decided to go the very nasty route, and use PHP Shell :... Stéphane Lapie

05:23 PM Bug #8531: URL Table aliases don't support FQDNs or names that return >1 IP

I added timeout values to the dig command, but rather than 2 separate commits for this tiny patch, I made a new branc... → luckman212

03:08 PM Bug #8531 (Resolved): URL Table aliases don't support FQDNs or names that return >1 IP

In my testing (pfSense 2.4.3-p1 as well as 'master') the only Alias type that supports FQDNs is "Host". This is limit... → luckman212

05:03 PM Bug #8489: DHCPv6 Client Failure to Initialize with "Do not wait for RA"

I performed a clean installation from the latest snapshot (May 21st). The problem is still present.
These DHCP log... Daryl Morse

03:54 PM Bug #6481: loading EAP_RADIUS method failed

I can confirm the bug is still on 2.4.3. Friedrich Schnabel

09:35 AM Bug #8530 (Resolved): Delete allowed hostname/ip doesn't work if captive portal is not enabled.

I noticed in a captive portal zone you can add new allowed hostnames and allowed IP's while the captive portal zone i... Anonymous

07:49 AM Bug #8528: IPsec does not start at boot

That is a topic for a discussion platform (forum, reddit, list) not a bug tracking system. Jim Pingle

07:46 AM Bug #8528: IPsec does not start at boot

Hi,
But there is no any logs in system. 2 times ipsec starts ok, and third fail. How to at least track it? There i... Dmitriy Stark

07:18 AM Bug #8528 (Not a Bug): IPsec does not start at boot

You appear to have something unrelated happening on your system causing some startup tasks to fail. There is no confi... Jim Pingle

05:29 AM Bug #8528 (Not a Bug): IPsec does not start at boot

Hi,
I setup reboot pfSense everynight to avoid memory leak. I understand that this is not really good idea, but be... Dmitriy Stark

07:41 AM pfSense Packages Bug #8514: Captiveportal save or update

Jim Pingle wrote:
> Try on a 2.4.4 snapshot, there were changes recently which may have improved situations where lo... Mehmet Ali Gökbaş

07:27 AM Bug #8429: radvd/IPv6 broken in 2.4.3 when using a LAN bridge

Same here Nicolas Vollmar

07:26 AM Bug #6974: radvd enabled on a disconnected interface kills RA completely on all interfaces

Spencer Hakim wrote:
> Hi, the fix to this bug breaks radvd for bridge interfaces, which subsequently breaks IPv6 ro... Nicolas Vollmar

07:19 AM Bug #8529 (Not a Bug): shellcmd does not run service

You appear to have something unrelated happening on your system causing some startup tasks to fail. There is no confi... Jim Pingle

05:38 AM Bug #8529 (Not a Bug): shellcmd does not run service

Hi,
I'm trying to collect statistic from pfSense with Prometheus node_exporter. node_exporter installed from with:... Dmitriy Stark

03:52 AM Bug #8527 (Resolved): VLANs losing parent interface on LAGG change

Hi, I am using 2.4.3_1 and seem to be experiencing a regression of Issue 3976 https://redmine.pfsense.org/issues/3976... Thomas Spaziani

05/20/2018

05:50 AM Bug #8429: radvd/IPv6 broken in 2.4.3 when using a LAN bridge

Same here:... Michael Duller

05/19/2018

10:09 PM Bug #6406: Web process becomes unresponsive producing 502 Bad Gateway nginx

Chris Collins wrote:
> As an experiment I manually adjusted the php-fpm server configuration so there is more childr... Serrjo Downe

09:53 PM Bug #8526: DHCP client ignores server replies when 802.1q tagging is used

PR: https://github.com/pfsense/FreeBSD-src/pull/9
Nuno Subtil

09:52 PM Bug #8526 (New): DHCP client ignores server replies when 802.1q tagging is used

Some ISPs (notably AT&T Gigapower) will send 802.1q-encapsulated DHCP replies, which get filtered out by the BPF filt... Nuno Subtil

02:12 PM Bug #8515: ts wizard syntax error (as of 2.4.4.a.20180514.0905)

No "PHP Warning: Invalid argument supplied for foreach() in /usr/local/www/wizards/traffic_shaper_wizard_dedicated.in... Anonymous

01:41 PM Bug #8507: FreeBSD 11.2-BETA dhclient always uses server MTU value

The patch looks good. Setting a supersede of 0 in the dhclient config now allows the MTU change to be ignored. The te... Jim Pingle

01:39 PM Bug #8506 (Duplicate): Constant link cycling on some DHCP interfaces causes connectivity problems and other issues

Closing this as a duplicate of #8506 -- they had the same root cause, and the information on #8507 is closer to the r... Jim Pingle

05/18/2018

03:07 PM Feature #8525 (Resolved): add to status.php

Can we add etherswitchcfg output to the status.php file. Chris Macmahon

02:16 PM Bug #8506 (Feedback): Constant link cycling on some DHCP interfaces causes connectivity problems and other issues

Working under the assumption this is related to #8507, a patch was added to help address the issue. If it's still bro... Jim Pingle

02:16 PM Bug #8507 (Feedback): FreeBSD 11.2-BETA dhclient always uses server MTU value

Renato committed a patch that was added to the FreeBSD PR that should let supesede work, next snapshots should be bet... Jim Pingle

10:25 AM Bug #8507: FreeBSD 11.2-BETA dhclient always uses server MTU value

Updated the subject to be more accurate.
I also dropped a note on https://bugs.freebsd.org/bugzilla/show_bug.cgi?i... Jim Pingle

10:18 AM Bug #8507: FreeBSD 11.2-BETA dhclient always uses server MTU value

I tried setting an explicit request list in the generated dhclient configuration which does not send a request for th... Jim Pingle

11:28 AM pfSense Packages Todo #8433 (Feedback): Upgrade NRPE-SSL Package to NRPE3

This should be up and ready for testing now. Jim Pingle

08:25 AM pfSense Packages Todo #8433 (Assigned): Upgrade NRPE-SSL Package to NRPE3

Looks like this does need some changes in the package to function. I've got it working here, will push shortly.
nr... Jim Pingle

10:53 AM Bug #8273: IPv6 GRE tunnel over PPPoE fails on startup

I've stumbled onto a similar problem in my unrelenting quest to get IPv6 to work (but in DHCPv6+PD on WAN + VIP): the... Mickaël FALCK

05/17/2018

03:40 PM Bug #8524 (Feedback): HTTP_REFERER issue if changing the LAN IP in setup wizard

Applied in changeset commit:21f630def08b5505f5504606958ead93dbb9358d. Jim Pingle

03:25 PM Bug #8524: HTTP_REFERER issue if changing the LAN IP in setup wizard

I can replicate this now, not sure why it didn't happen to me before. It happens in the wizard when run from the LAN ... Jim Pingle

08:57 AM Bug #8524 (Resolved): HTTP_REFERER issue if changing the LAN IP in setup wizard

In the setup wizard if you change the LAN IP address, you get to the next page to set a password, but when continuing... Arthur Wiebe

02:29 PM Bug #8506: Constant link cycling on some DHCP interfaces causes connectivity problems and other issues

This may end up being the same root cause as #8507, dhclient in FreeBSD gained support for MTU, but setting MTU on e1... Jim Pingle

02:27 PM Bug #8507: FreeBSD 11.2-BETA dhclient always uses server MTU value

Looks like this is a recent change in FreeBSD dhclient to add support for the MTU:
https://bugs.freebsd.org/bugzil... Jim Pingle

01:54 PM Bug #8507: FreeBSD 11.2-BETA dhclient always uses server MTU value

Same thing happens on a factory default configuration, so looking deeper at packet captures of the DHCP packets the I... Jim Pingle

12:56 PM Bug #6529: dhcp6c fails to start with track6 on a bridge interface

still present on 2.4.3-RELEASE-p1.
after a restart dhcp6c starts before the bridge is configured and fails. Ipv6 w... Sven Kirschbaum

07:07 AM Bug #8518 (Resolved): Rule Error On Upgrade 2.4.3 -> 2.4.3-p1

The CARP status issue could not be related to this, so it's not relevant. This bug only affected that one firewall ru... Jim Pingle

02:58 AM Bug #8518: Rule Error On Upgrade 2.4.3 -> 2.4.3-p1

I'm affected as well. This is on a HA cluster with a couple of VIPs (mostly IPv4 and IPv6 CARPs and some IP aliases).... znerol znerol

07:05 AM Bug #8505 (Resolved): adding 2nd limiter overwrites the first one (as of 2.4.4.a.20180510.1452)

Appears to be resolved by commit:8f2cc9bd8679f9f686ca89bdd1d9923aed170de7 Jim Pingle

06:15 AM Bug #8505: adding 2nd limiter overwrites the first one (as of 2.4.4.a.20180510.1452)

this appears to have been fixed by the 8f2cc9bd commit. thanks! ROB VANHOOREN

04:33 AM pfSense Packages Feature #8523 (Resolved): make cookie inserted by haproxy secure

I didn't find a way to set "secure; HttpOnly" to a cookie inserted by haproxy. The docs outline specific keywords for... Alex Kolesnik

05/16/2018

03:51 PM Bug #8518: Rule Error On Upgrade 2.4.3 -> 2.4.3-p1

Jim Pingle wrote:
> Only if the commits on this ticket do not solve the problem, notably commit:c9159949
OK. I'l... Adam Thompson

03:10 PM Bug #8518: Rule Error On Upgrade 2.4.3 -> 2.4.3-p1

I applied the patch and it has resolved the issue for me. Ken Sim

03:06 PM Bug #8518: Rule Error On Upgrade 2.4.3 -> 2.4.3-p1

Only if the commits on this ticket do not solve the problem, notably commit:c9159949 Jim Pingle

03:05 PM Bug #8518: Rule Error On Upgrade 2.4.3 -> 2.4.3-p1

Jim, do you still need/want (100% reproducible) test cases for this? I can send the running config from a customer e... Adam Thompson

12:40 PM Bug #8518 (Feedback): Rule Error On Upgrade 2.4.3 -> 2.4.3-p1

Applied in changeset commit:c9159949e06cc91f6931bf2326672df7cad706f4. Jim Pingle

11:28 AM Bug #8518: Rule Error On Upgrade 2.4.3 -> 2.4.3-p1

3 IPv4 ProxyARP VIP's
3 IPv4 IP Alias VIP's
6 IPv4 Static Gateway's
1 IPv6 Static Gateway's
When I try and add ... Ken Sim

11:18 AM Bug #8518: Rule Error On Upgrade 2.4.3 -> 2.4.3-p1

here is the same content I PM'd to you on the forum.
Thank you. Eric Machabert

10:49 AM Bug #8518: Rule Error On Upgrade 2.4.3 -> 2.4.3-p1

Attached is a patch which adds a safety belt to ensure that line can't possibly be blank. But it isn't fixing the pro... Jim Pingle

07:19 AM Bug #8518: Rule Error On Upgrade 2.4.3 -> 2.4.3-p1

Looks related to #8408 but I can't reproduce it here yet.
Please provide some information about your configuration... Jim Pingle

03:02 PM Bug #8360: pf rules occasionally contain "!/" where the WAN network/netmask should be

Ah! I had not found that bug. Thank you. Adam Thompson

11:41 AM Bug #8360: pf rules occasionally contain "!/" where the WAN network/netmask should be

This bug is not that same issue. See #8518 and keep comments there. Jim Pingle

11:13 AM Bug #8360: pf rules occasionally contain "!/" where the WAN network/netmask should be

Just got bitten by this, too, during a 2.4.0 -> 2.4.3_p1 upgrade. Problem did not exist prior to upgrade. In my cas... Adam Thompson

11:41 AM Bug #8408: invalid rule written due to ipv6 ipalias being present

Anyone else hitting what they believe is this bug is probably hitting #8518 instead. Put comments there. Jim Pingle

03:04 AM Bug #8408: invalid rule written due to ipv6 ipalias being present

After upgrade from 2.4.2_P1 to 2.4.3_P1, having a cluster configuration with a WAN interface holding an IPV4 CARP AND... Eric Machabert

02:55 AM Bug #8408: invalid rule written due to ipv6 ipalias being present

I've started seeing this behaviour after upgrading the slave node of my cluster setup to 2.4.3_1
Thankfully the pri... Rudolf Mayerhofer

10:19 AM pfSense Packages Bug #8491: ACME: DNS-Luadns not working

Issue still exists in Version 0.3_1. Anonymous

05/15/2018

03:16 PM Bug #8505: adding 2nd limiter overwrites the first one (as of 2.4.4.a.20180510.1452)

bump.
QoS is still hosed as of 2.4.4.a.20180515.1145
do you need any other information?
:'-(
ROB VANHOOREN

03:12 PM Bug #8515: ts wizard syntax error (as of 2.4.4.a.20180514.0905)

whoops, that broke something else.
wizard> (steps) -> apply ... makes the floating rules but does not create any q... ROB VANHOOREN

12:00 PM Bug #8519 (Feedback): pfSense update from the webGUI fails

Applied in changeset commit:dea792c210f62e1876e11523f4c9157c3531e1ba. Anonymous

08:12 AM Bug #8519: pfSense update from the webGUI fails

Based on the message that we can see on the GUI it seems that a ‘pfSense-upgrade -c’ call happened to check if there ... Anonymous

08:01 AM Bug #8519: pfSense update from the webGUI fails

CHris Linstruth can reproduce the “fails once then succeeds” issue by simply installing 2.4.3 CE and attempting a GUI... Anonymous

06:32 AM Bug #8519 (Resolved): pfSense update from the webGUI fails

When running an update from the web interface it can appear to fail and reports "System update failed".
In that si... Steve Wheeler

10:23 AM Bug #8522 (Resolved): SMTP test says success when actually fails

Bug:
When I clicked the "Test SMTP Settings" button, I got a green message "SMTP testing e-mail successfully sent" b... Jeremy  99

09:30 AM Bug #8521 (Rejected): Fails to get WAN IP after rebooting for update

On one of my remote pfSense boxes, I saw an update was available. I clicked the update button in the GUI. The GUI s... Jeremy  99

09:05 AM Feature #8520 (New): Option to auto-renew DHCP on interface with an offline gateway or marked as down

Request:
If pfSense detects an interface is down (plugged in but has no IP), I would like for it to automatically tr... Jeremy  99

05:05 AM Bug #6949: username/password not used by proxy support

... Y N

05:04 AM Bug #6949: username/password not used by proxy support

i have same problem.
on System/Advanced/Miscellaneous i've added proxy info with username and password, and pfsens... Y N

05/14/2018

10:16 PM Bug #8518 (Resolved): Rule Error On Upgrade 2.4.3 -> 2.4.3-p1

After upgrading to 2.4.3-p1, I got a rule error that stopped some rules from loading and causing issues with the fire... Ken Sim

06:17 PM pfSense Packages Feature #8517 (New): OpenConnect client

Is it possible to add the OpenConnect client to pfsense so one could connect to a remote Cisco Anyconnect VPN server?... Zachary McGibbon

03:59 PM pfSense Packages Feature #7449: feature request for openvpn-client-export package, add the support for openvpn up and down script, for mapping network drive

This seems like not so good idea to me.
One could setup a "Free VPN service" and execute scripts on clients.....
Pippin MMD

01:30 PM pfSense Packages Bug #8516 (New): FreeRADIUS requires settings re-saved after pfSense upgrade

This has happened previously, however I don't remember it occuring with major updates, only _1 or _2.
After the l... Ivor Kreso

11:15 AM pfSense Packages Bug #8438: haproxy: can't use ACL for cert with http-response actions

One more UI glitch:
*Frontends* - if I use the *On* toggle to enable/disable the frontend and save the config, the f... Petr H

10:40 AM Bug #8515: ts wizard syntax error (as of 2.4.4.a.20180514.0905)

Applied in changeset commit:962c8cce48bc503301857037f0533d7a3b81f31d. Anonymous

10:26 AM Bug #8515 (Feedback): ts wizard syntax error (as of 2.4.4.a.20180514.0905)

Fixed in next snapshot. Thanks! Anonymous

10:06 AM Bug #8515 (Resolved): ts wizard syntax error (as of 2.4.4.a.20180514.0905)

gui> fw> shaper> wizard> dedicated>
result?
Parse error: syntax error, unexpected 'else' (T_ELSE) in /usr/local... ROB VANHOOREN

07:32 AM pfSense Packages Bug #8514 (Feedback): Captiveportal save or update

Try on a 2.4.4 snapshot, there were changes recently which may have improved situations where logins/rules were out o... Jim Pingle

02:52 AM pfSense Packages Bug #8514 (Duplicate): Captiveportal save or update

Active on the captive portal when you change anything or only save it, all users are hanging and bounced back to the ... Mehmet Ali Gökbaş

02:42 AM pfSense Packages Bug #8513 (New): Freeradius 3.x ldap problem

With the same settings as FreeRadius2, FreeRadius 3 ldap (active directory) don't work. when activate ldap is did not... Mehmet Ali Gökbaş

05/13/2018

08:05 PM Bug #8512 (New): PPPoE reconnect fails after interface flap

It seems there is a race condition where pfSense loses track of the PPPoE connection following an interface flap. It ... Anonymous

03:04 PM Bug #8498: cloudflare Dynamic DNS is not working

the error from the logs:
is
May 13 22:31:28 php-fpm 312 /services_dyndns_edit.php: phpDynDNS (@): (Error) Zone or H... Mohammad Makkawi

10:26 AM Bug #8498: cloudflare Dynamic DNS is not working

DynamicDNS with Cloudflare works for me with 2.4.3-RELEASE (amd64)
Updates for IPv6 and IPv4 are sucessfull
Coul... Michael Geiger

10:40 AM Feature #8511 (Resolved): Dynamic DNS: Cloudflare Add TTL option

If pfsense triggers an Dynamic DNS Update on Cloudflare, the TTL of the entry is set to "Automatic TTL".
Automati... Michael Geiger

07:54 AM Bug #8060 (Closed): Incorrect translation to Russian language

Vladimir is correct. Fix the language strings in Zanata and then we'll pick them up next time they are synchronized f... Jim Pingle

07:53 AM Bug #8510 (Duplicate): Loopback virtual IP does not survive a reboot.

Duplicate of #8393 Jim Pingle

06:20 AM Bug #8510 (Duplicate): Loopback virtual IP does not survive a reboot.

Impact:
* Monitoring and remote administration via loopback virtual IP is broken after a reboot. With services like ... Ryan H

05/12/2018

02:17 PM Feature #8509 (Closed): Notify user that crash report was not successfully submitted if connection times out

When a crash report is generated and a user tried to submit it, if there is no connectivity to crashreporter.pfsense.... Anonymous

07:35 AM pfSense Packages Bug #8438: haproxy: can't use ACL for cert with http-response actions

And about *http-request deny* - it has an optional argument *deny_status <status>*
Currently if I want to specify it... Petr H

05:29 AM pfSense Packages Bug #8438: haproxy: can't use ACL for cert with http-response actions

> 0 - Should it be part of the list items themselves, or become a separate item like the 'separator' in firewall/rule... Petr H

07:27 AM pfSense Packages Bug #8508 (Resolved): Haproxy: Selecting mode tcp with SSL in backend does not activate SSL in the server config

Choosing _mode tcp_ and checking the ssl checkbox in the backend only generates _check-ssl_ in the server line and no... Florian Apolloner

04:21 AM Bug #8060: Incorrect translation to Russian language

Corrected these typos in Zanata. Vladimir Lind

01:24 AM Bug #8060: Incorrect translation to Russian language

Диагностика/Командная строка: должно быть "Возможности представленные...." вместо "Возможность представленные...."
А... Casper O

01:17 AM Bug #8060: Incorrect translation to Russian language

Диагностика/pfTop секция должна быть "Сортировать по" вместо "Сорптировать по" Casper O

01:01 AM Bug #8060: Incorrect translation to Russian language

In Firewall/Rules/Floating section should be "Плавающие" instead of "Павающие". Casper O

05/11/2018

10:12 PM Feature #701: Interface groups with NAT

I was evaluating pfsense to replace my homebrew Linux router/firewall. I have 3 internet facing interfaces and a lar... Jason Tackaberry

05:14 PM pfSense Packages Bug #8438: haproxy: can't use ACL for cert with http-response actions

I havn't forgotten, but as you might have seen (on haproxy mailinglist) i've been busy with some bugs bugging me in t... Pi Ba

03:19 PM Bug #8506: Constant link cycling on some DHCP interfaces causes connectivity problems and other issues

May or may not be related but even on the non-igb hardware I can set this into a link cycle/wan reconfigure loop by d... Jim Pingle

10:07 AM Bug #8506: Constant link cycling on some DHCP interfaces causes connectivity problems and other issues

So far I haven't found any relevant common elements between the two systems that can replicate the problem.
That N... Jim Pingle

03:15 PM Bug #8507 (Resolved): FreeBSD 11.2-BETA dhclient always uses server MTU value

I hit this while looking into #8506, it may not be related since it happens on other hardware. It also started around... Jim Pingle

09:52 AM Bug #8504 (Feedback): Default gateway missing after upgrade

The other case appears to be separate, see #8506 -- I think this case has been solved. Jim Pingle

05/10/2018

07:32 PM Bug #8506 (Duplicate): Constant link cycling on some DHCP interfaces causes connectivity problems and other issues

Since the switch to 11-stable on 2.4.4 snapshots, it appears that in some cases a DHCP WAN interface will constantly ... Jim Pingle

03:52 PM Bug #8505 (Resolved): adding 2nd limiter overwrites the first one (as of 2.4.4.a.20180510.1452)

this broke in the April 25th build.
(e.g. see shinzo's forum post "limiters took a hit")
would have thought the M... ROB VANHOOREN

03:48 PM Bug #8457 (Resolved): Packages do not remove on factory default

Jim Pingle

03:46 PM Bug #8457: Packages do not remove on factory default

Tested and reset now removes packages. Anonymous

02:38 PM Bug #8457 (Feedback): Packages do not remove on factory default

Fixed in pfSense-upgrade 0.44 (pfSense-2.4.x) and 0.27_11 (pfSense-2.3.x) Renato Botelho

01:53 PM Bug #8457: Packages do not remove on factory default

Somehow pkg_delete_all() in pfSense upgrade is not getting any packages to iterate. The query looks OK and works when... Jim Pingle

01:34 PM Bug #8457: Packages do not remove on factory default

Just tried this on 2.4.3 Factory running on a SG-2440, using the hardware reset button the packages did not remove. Anonymous

12:10 PM Bug #8504: Default gateway missing after upgrade

At least part of this is related to the new GWG as default code. The upgrade code failed to handle several potential ... Jim Pingle

08:55 AM Bug #8504 (Closed): Default gateway missing after upgrade

Make a fresh install of 2.4.3 via USB
Update to latest snapshot
Firewall has no default gateway and is non-functi... Anonymous

09:20 AM Bug #8497 (Feedback): route errors ("route has not been found") on current 2.4.4 snapshots

Applied in changeset commit:fecb8603984d96f6d73e469c55573f7e0b45e55c. Jim Pingle

07:28 AM Bug #8503 (Not a Bug): DHCP Server replicating statically inserted IPs

It was an intentional change, see #8220
Jim Pingle

07:19 AM Bug #8503 (Not a Bug): DHCP Server replicating statically inserted IPs

Version 2.4.3-RELEASE (amd64)
built on Mon Mar 26 18:02:04 CDT 2018
FreeBSD 11.1-RELEASE-p7
I use the dchp ser... Julio Cesar Pereira

05/09/2018

08:26 AM Bug #8502 (Confirmed): main (top) menu items do not drop down in some cases

During testing php7 found main (top) menu items do not drop down on final pages of some pkgs, e.g. arpping, mtr. Thes... Constantine Kormashev

07:22 AM Bug #8480 (Resolved): common/user name not expaned in openvpn.attributes.php (when doing per-user fw rules)

Jim Pingle