Activity

30 days up to

User

Subprojects

Activity

From 02/20/2021 to 03/21/2021

03/21/2021

05:58 PM pfSense Docs New Content #11714 (Closed): Add section about the correct addresses to use for failover peers when Troubleshooting High Availability DHCP Failover: *Page:* https://docs.netgate.com/pfsense/en/latest/troubleshooting/ha-dhcp-failover.html
*Feedback:*
I had acci... Benjamin Pettinen
12:08 PM Bug #11713 (Closed): Error when deleting IPv6 link-local routes: /system.php: The command '/sbin/route -q delete -host -inet6 2001:4860:4860::8844 'fe80::4e6d:58ff:fe4a:97d4'' return... Kristian Krautwald
11:18 AM Bug #11709: Crash in 2.5.1.r.20210320.0824: > Can you provide more information on your syslog config (if any) and any reproduction instructions if you have them?... Kristian Krautwald
10:36 AM Bug #11712 (Rejected): Interface can't be switched to an available network port igb3: I have a generic (QOTOM-Q355G4) pfSense box with 4 NICs and network assignment as the following:
WAN - igb0
LAN ... Yuri Weinstein
07:04 AM Regression #11316: Unbound crashes with signal 11 when reloading: Vaidotas, static DHCP should probably be used if you rely on hostnames so much. The feature in general has been the ... Chris Collins
12:37 AM Regression #11316: Unbound crashes with signal 11 when reloading: Chris Collins wrote:
> I hope the decision is not made to roll back unbound, as its just going back to old code, whe... Vaidotas Butkus

03/20/2021

09:52 PM Regression #11443: Disabling 'State Table Size' in the System Information widget prevents other data from being displayed: Tested on pfSense Plus 21.02p2 and this works on here again as well. Kris Phillips
09:18 PM pfSense Plus Bug #11630: WireGuard MultiWAN Not Failing Back to Tier 1: Since Wireguard is being removed from the next release, this bug report should be closed out as Rejected. Kris Phillips
09:14 PM pfSense Plus Bug #11673: Thermal Sensors Non-functional on SG-3100: Important to note that this seemed to work fine in the 2.4.5p1 images. Its just the newer release that has issues. Kris Phillips
08:32 PM Bug #11691: WireGuard MSS Clamping and TCP traffic issues after reboot.: Should this be closed out considering WireGuard is being pulled? Michael Spears
08:30 PM Bug #11709: Crash in 2.5.1.r.20210320.0824: Kristian Krautwald wrote:
> Crash report begins. Anonymous machine information:
> amd64
> 12.2-STABLE
> FreeBSD ... Michael Spears
02:10 PM Bug #11709 (Duplicate): Crash in 2.5.1.r.20210320.0824: Crash report begins. Anonymous machine information:
amd64
12.2-STABLE
FreeBSD 12.2-STABLE cb7f262d547(RELENG_2_5_... Kristian Krautwald
07:11 PM pfSense Packages Bug #11575: OpenVPN clients cannot pass traffic when reconnecting using the same source port: Yuran Yastreb wrote:
> Edgardo Rodriguez wrote:
> > Jim Pingle wrote:
> > > No, but since you compiled it on a dif... Edgardo Rodriguez
11:47 AM pfSense Packages Bug #11575: OpenVPN clients cannot pass traffic when reconnecting using the same source port: Edgardo Rodriguez wrote:
> Jim Pingle wrote:
> > No, but since you compiled it on a different system and nobody els... Yuran Yastreb
06:42 PM pfSense Packages Bug #11711 (Resolved): New Squid Status Page Non-Functional: Under Services --> Squid --> Status, the page does not load or work on 21.02 of 2.5 of pfSense and pfSense Plus. The... Kris Phillips
05:59 PM Regression #11710 (Resolved): PHP error when resetting log files: I got this error message after i press RESET LOG FILES under status.
Same error on 2.6.0 DEV too. (latest snapshot)
... B. B.
02:19 PM Bug #11454: Gateway value for DHCP6 interfaces missing after RA events triggered script without gateway information: All is good on my installation ...
Thank you to everyone for the help. Mike McV
12:49 PM Bug #11602: Delayed packet transmission in cxgbe driver can lead to latency and reduced performance: Wanted to provide feedback that this looks be resolved in the latest 2.5.1 snapshots:
*Before: 2.5.0-RELEASE*
<... Timo M
11:10 AM pfSense Packages Feature #11201 (Resolved): Show iTLD Allow IDN domains: Tested on pfBlockerNG-devel 3.0.0_15 version.
It looks fine, the Total TLD Count is included and works as expecte... Danilo Zrenjanin
10:50 AM Bug #11299 (Resolved): Unused L2TP VPN files are not removed when the service is disabled: Tested on the latest release.
The l2tp directory and the files have been deleted upon disabling the L2TP service.... Danilo Zrenjanin
10:44 AM Todo #11518: Move custom IPsec NAT-T port settings to Advanced Options: Tested on the latest release.
The custom IPSEC NAT-T port settings are located under VPN/IPsec/Advanced Settings.... Danilo Zrenjanin
10:35 AM pfSense Packages Feature #11520 (Resolved): Add 'explicit-exit-notify' option by default: Tested on the latest release.
OpenVPN - Client Export Utility adds explicit-exit-notify in the client configurati... Danilo Zrenjanin
09:07 AM Bug #11425 (Resolved): XMLRPC error with Captive Portal and CARP failover when GUI is on non-standard port: Tested in
2.5.1-RC (amd64)
built on Thu Mar 18 03:04:03 EDT 2021
FreeBSD 12.2-STABLE
It's fixed. The XMLRPC e... Max Leighton
08:55 AM Bug #11708 (Rejected): WOL wakes ALL devices when trying to wake up ONE device: Hi,
I've played with WOL a bit and found the following:
After waking up ALL devices ONCE, the URI changes to /s... Karl Fischer
08:52 AM Bug #11489 (Resolved): Invalid certificate data can cause a PHP error: Tested on
2.5.1-RC (amd64)
built on Thu Mar 18 03:04:03 EDT 2021
FreeBSD 12.2-STABLE
It works. The broken cer... Max Leighton
06:41 AM Bug #11707: IPv4 /8 or above Static routing uses aliases: test system version is:
2.6.0-DEVELOPMENT (amd64)
built on Fri Mar 19 01:04:20 EDT 2021
FreeBSD 12.2-STABLE yon Liu
06:38 AM Bug #11707 (Duplicate): IPv4 /8 or above Static routing uses aliases: When I delete the previously set static route using aliases 1.0.0.0/8 and 110.0.0.0/7 via wan,and also manually updat... yon Liu
03:04 AM Feature #9877: QEMU Guest Agent: Port was added to FreeBSD repository:
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=254105
https://svnweb.fre... Maciej Czech

03/19/2021

08:58 PM pfSense Packages Bug #11515: node_exporter 0.18.1_1 - Unable to interact or start the service from web ui: I note at least two issues remaining.
First, the config file is in @/usr/local/etc/rc.conf.d/@, but that directory... Joel Holveck
07:26 PM Revision 02f44d9c: Remove WireGuard support: Out of an abundance of caution while we investigate the claims about
WireGuard in public, we need to remove it from p... Renato Botelho
07:25 PM Revision 281dede0: Remove WireGuard support: Out of an abundance of caution while we investigate the claims about
WireGuard in public, we need to remove it from p... Renato Botelho
07:21 PM Feature #9260: ssh_tunnel_shell: Disable console message output: I just upgraded to 2.5.0. I had regular users configured with the "User - System: SSH tunneling" permission, accessin... Carlos Man
03:33 PM Revision 4af6e7f6: Fix cert type handling during renewal. Fixes #11706: (cherry picked from commit 009a3d4e16d2905e01fbc0a7b6f53985af3afd09) Jim Pingle
03:32 PM Revision 009a3d4e: Fix cert type handling during renewal. Fixes #11706: Jim Pingle
03:28 PM Revision 73d4ea07: Add missing word to help text: Steve Beaver
03:13 PM Revision 937dbcc1: Fix user cert parameters when creating user+cert. Fixes #11705: (cherry picked from commit 0aa7f5a7ee5e7b5fd2292669cfc2dd7c420e04f7) Jim Pingle
03:12 PM Revision 0aa7f5a7: Fix user cert parameters when creating user+cert. Fixes #11705: Jim Pingle
01:33 PM Bug #11454: Gateway value for DHCP6 interfaces missing after RA events triggered script without gateway information: I'll leave this open over the weekend to collect more feedback but I think at this point every problem scenario is so... Jim Pingle
01:27 PM Bug #11454: Gateway value for DHCP6 interfaces missing after RA events triggered script without gateway information: RC worked great for me! dpinger works, and I could re-enable my traffic limiters (codel) with great success.
Thank... Jesse Beauclaire
12:41 PM Bug #11454: Gateway value for DHCP6 interfaces missing after RA events triggered script without gateway information: Thank you Jim.
Moderator moved my original upgrade post on the forum to the snapshots section.
Updated to relea... Pete C
09:38 AM Bug #11454: Gateway value for DHCP6 interfaces missing after RA events triggered script without gateway information: Pete C wrote:
> Tried the above diff patch on my 2.5.1 build with the RA checkbox thing and it did not change anythi... Jim Pingle
09:09 AM Bug #11454: Gateway value for DHCP6 interfaces missing after RA events triggered script without gateway information: Thank you Renato.
f3488a18e3fc276b58ecc2aeb8f7471da9bd2088
Tried the above diff patch on my 2.5.1 build with th... Pete C
08:15 AM Bug #11454: Gateway value for DHCP6 interfaces missing after RA events triggered script without gateway information: Pete C wrote:
> Jim Pingle wrote:
> > Applied in changeset commit:f3488a18e3fc276b58ecc2aeb8f7471da9bd2088.
>
> ... Renato Botelho
08:02 AM Bug #11454: Gateway value for DHCP6 interfaces missing after RA events triggered script without gateway information: Jim Pingle wrote:
> Applied in changeset commit:f3488a18e3fc276b58ecc2aeb8f7471da9bd2088.
Will a different patch ... Pete C
07:25 AM Bug #11454 (Feedback): Gateway value for DHCP6 interfaces missing after RA events triggered script without gateway information: Applied in changeset commit:f3488a18e3fc276b58ecc2aeb8f7471da9bd2088. Jim Pingle
07:17 AM Bug #11454 (In Progress): Gateway value for DHCP6 interfaces missing after RA events triggered script without gateway information: OK I thought it was more subtle than that but you are right, I was able to replicate it by checking that box, and con... Jim Pingle
01:07 PM Revision ed16c6cf: Catch up with rename of Coreboot upgrade package to Firmware: (cherry picked from commit 99cef76e8e8f9d12ff0e0dfe1fba8f059b1806bd) Renato Botelho
12:19 PM Revision ec3fd7e5: Fix RA GW for "Do not wait for RA" path. Fixes #11454: (cherry picked from commit f3488a18e3fc276b58ecc2aeb8f7471da9bd2088) Jim Pingle
12:18 PM Revision f3488a18: Fix RA GW for "Do not wait for RA" path. Fixes #11454: Jim Pingle
11:01 AM Bug #11407 (Waiting on Merge): Removing a WireGuard tunnel in a middle position can break Add button behavior: Jim Pingle
10:55 AM Bug #11706: Renewing a certificate without a ``type`` value assumes a server certificate: To test:
* On a system without the fix, create test certificates:
* A user certificate with default settings ... Jim Pingle
10:40 AM Bug #11706 (Feedback): Renewing a certificate without a ``type`` value assumes a server certificate: Applied in changeset commit:009a3d4e16d2905e01fbc0a7b6f53985af3afd09. Jim Pingle
09:56 AM Bug #11706 (Closed): Renewing a certificate without a ``type`` value assumes a server certificate: When renewing a certificate, if the @type@ field is empty, the renewal process results in a certificate with its type... Jim Pingle
10:46 AM Bug #11705: Creating a certificate while creating a user does not fully configure the certificate properly: To test:
* Create a user + cert certificate in the same step on a system without the fix -- choose sha256 (default... Jim Pingle
10:20 AM Bug #11705 (Feedback): Creating a certificate while creating a user does not fully configure the certificate properly: Applied in changeset commit:0aa7f5a7ee5e7b5fd2292669cfc2dd7c420e04f7. Jim Pingle
09:55 AM Bug #11705 (Resolved): Creating a certificate while creating a user does not fully configure the certificate properly: When creating a certificate while creating a new user (not adding to an existing user), the resulting certificate is ... Jim Pingle
10:29 AM Feature #11556: Kill states using the pre-NAT address: I can confirm this is currently an issue. Marcos M
07:24 AM Bug #11704 (Pull Request Review): Stale hostname registration data for OpenVPN clients is not deleted from the DNS Resolver configuration at boot: Jim Pingle
02:25 AM Bug #11704: Stale hostname registration data for OpenVPN clients is not deleted from the DNS Resolver configuration at boot: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/198 Viktor Gurov
02:15 AM Bug #11704 (Resolved): Stale hostname registration data for OpenVPN clients is not deleted from the DNS Resolver configuration at boot: `/var/unbound/openvpn.*`files are not deleted after system reboot, resulting in incorrect/outdated DNS records Viktor Gurov
05:10 AM pfSense Packages Bug #11204 (Feedback): Fix net-snmp logging to syslog: Merged Viktor Gurov
05:09 AM pfSense Packages Bug #10990 (Feedback): net-snmp IPv6 listen address needs to be wrapped in square brackets: Merged Viktor Gurov
05:08 AM pfSense Packages Bug #11039 (Resolved): route-map not working if Address Family is enabled.: Viktor Gurov
04:14 AM Bug #11699: OpenVPN does not clean up parsed ``Cisco-AVPair`` rules on non-graceful disconnect: I think it is better to set the inactive timeout to the default value (like 300 seconds) for new instances
to cleanu... Viktor Gurov
01:53 AM Feature #11659: Support for UEFI HTTP Boot option in DHCPv4 Server: I would liek to see this feature introduced as I am running into issues with iPXE on my systems and I need to boot im... Nathan Revo

03/18/2021

10:32 PM Bug #11657: netmap_ring_reinit error: I'm on ESXi 7. I only noticed the following, though I'm thinking it's some Suricata setting I need to tune for the in... Marc 05
09:17 PM Bug #11454: Gateway value for DHCP6 interfaces missing after RA events triggered script without gateway information: Paul K wrote:
> I did look at line 5091 but there was nothing on that line related to rtsold. Anyway, I think you ar... Flole Systems
08:45 PM Bug #11454: Gateway value for DHCP6 interfaces missing after RA events triggered script without gateway information: Flole Systems wrote:
> I pointed out a possible cause for this 2 times now already and nobody seemed to care, so one... Paul K
08:32 PM Bug #11454: Gateway value for DHCP6 interfaces missing after RA events triggered script without gateway information: Tested with the new RC build and it is working fine for me know. Thanks for fixing it Jim and Renato! Paul K
03:48 PM Bug #11454: Gateway value for DHCP6 interfaces missing after RA events triggered script without gateway information: I pointed out a possible cause for this 2 times now already and nobody seemed to care, so one last time:
Flole S... Flole Systems
02:46 PM Bug #11454: Gateway value for DHCP6 interfaces missing after RA events triggered script without gateway information: That's probably a bit tougher to replicate then. Like you said that's one for a new forum thread and likely a differe... Jim Pingle
02:33 PM Bug #11454: Gateway value for DHCP6 interfaces missing after RA events triggered script without gateway information: After quite a bit of digging and capturing i think i have found the missing link to my scenario. I will also create t... Mike McV
11:56 AM Bug #11454: Gateway value for DHCP6 interfaces missing after RA events triggered script without gateway information: Got the syntax correct on the rtsold, and running this from the CLI resolves the issue, but it does not survive a reb... Mike McV
11:43 AM Bug #11454: Gateway value for DHCP6 interfaces missing after RA events triggered script without gateway information: Mike McV wrote:
> Is there a possibility the scripts are not happy with a Tagged LAGG interface.(Outside of my exper... Jim Pingle
10:56 AM Bug #11454: Gateway value for DHCP6 interfaces missing after RA events triggered script without gateway information: Jim Pingle wrote:
> If i remove my static IPV6 monitor address Gateway monitoring stops working, but the protocol ... Mike McV
10:48 AM Bug #11454: Gateway value for DHCP6 interfaces missing after RA events triggered script without gateway information: 2.5.1-RC-20210318-0300 resolved the IPv6 Gateway issue I was experiencing. Thanks for the fix! Greg Shaffer
10:13 AM Bug #11454: Gateway value for DHCP6 interfaces missing after RA events triggered script without gateway information: Flole Systems wrote:
> Also in line 5091 of the interfaces.inc the -M flag is missing entirely, I think it should be... Flole Systems
10:11 AM Bug #11454: Gateway value for DHCP6 interfaces missing after RA events triggered script without gateway information: Mike McV wrote:
> If i remove my static IPV6 monitor address Gateway monitoring stops working, but the protocol work... Jim Pingle
09:48 AM Bug #11454: Gateway value for DHCP6 interfaces missing after RA events triggered script without gateway information: This (2.5.1.r.20210318.0300) did not resolve it for me.
If i remove my static IPV6 monitor address Gateway monitor... Mike McV
08:32 AM Bug #11454: Gateway value for DHCP6 interfaces missing after RA events triggered script without gateway information: Jesse Beauclaire wrote:
> Hate to ask this here, but I am affected by this issue so it's sort of relevent... Can I u... Jim Pingle
08:31 AM Bug #11454: Gateway value for DHCP6 interfaces missing after RA events triggered script without gateway information: Hate to ask this here, but I am affected by this issue so it's sort of relevent... Can I update to the RC without kil... Jesse Beauclaire
08:17 AM Bug #11454: Gateway value for DHCP6 interfaces missing after RA events triggered script without gateway information: Working for me too now with 2.5.1.r.20210318.0300. Patrik Lundquist
08:08 AM Bug #11454: Gateway value for DHCP6 interfaces missing after RA events triggered script without gateway information: The complete set of fixes is in the current RC build, so it's ready for others to test. It works for me that's me and... Jim Pingle
07:47 PM pfSense Packages Feature #11703 (New): add Krill and Routinator support BGP RPKI: From the perspective of safety and reliability, deploying your own RPKI facilities is the best option, so can these f... yon Liu
07:28 PM Revision 02ff3b5a: Fixed #11702 by revising ramdisk code: Steve Beaver
07:17 PM pfSense Packages Bug #11693: IPv6 static routing fails: !https://i.imgur.com/vm8NKfi.jpg! yon Liu
03:58 PM Revision 100b5040: Add missing global declaration: Add missing global declaration BBcan177 .
02:35 PM Regression #11702: RAM Disk Settings shows Kernel Memory at ``0`` Kb and does not allow the user to create RAM disks: Applied in changeset pfsense:commit:02ff3b5a91b3062cd4116fdf18af6e2d95cef86a. Anonymous
02:28 PM Regression #11702 (Feedback): RAM Disk Settings shows Kernel Memory at ``0`` Kb and does not allow the user to create RAM disks: Anonymous
01:45 PM Regression #11702 (Closed): RAM Disk Settings shows Kernel Memory at ``0`` Kb and does not allow the user to create RAM disks: Anonymous
02:24 PM Feature #11576: IPsec GUI option to control Child SA ``start_action``: Marcos Mendoza wrote:
> Something that's somewhat confusing (even now with "Child SA Close Action") is what exactly ... Jim Pingle
02:20 PM Feature #11576: IPsec GUI option to control Child SA ``start_action``: Something that's somewhat confusing (even now with "Child SA Close Action") is what exactly the default is. This coul... Marcos M
12:07 PM Bug #11699: OpenVPN does not clean up parsed ``Cisco-AVPair`` rules on non-graceful disconnect: Jim Pingle wrote:
> According to the OpenVPN docs and other posts I see, the disconnect script should be run even on... Viktor Gurov
11:39 AM Bug #11699: OpenVPN does not clean up parsed ``Cisco-AVPair`` rules on non-graceful disconnect: According to the OpenVPN docs and other posts I see, the disconnect script should be run even on ping timeout / uncle... Jim Pingle
09:28 AM Bug #11699 (Closed): OpenVPN does not clean up parsed ``Cisco-AVPair`` rules on non-graceful disconnect: There is a difference between a graceful and not graceful disconnect. We tested it last night where I just turn off ... Viktor Gurov
11:51 AM Bug #11672: when setup Static Routes use aliases,cannot automatically learn that the aliases ip list has changed: This problem also exists in using aliases in firewall rules yon Liu
11:47 AM pfSense Packages Bug #11575: OpenVPN clients cannot pass traffic when reconnecting using the same source port: Jim Pingle wrote:
> No, but since you compiled it on a different system and nobody else had replicated it, it's unli... Edgardo Rodriguez
11:39 AM pfSense Packages Bug #11575: OpenVPN clients cannot pass traffic when reconnecting using the same source port: No, but since you compiled it on a different system and nobody else had replicated it, it's unlikely to be related wi... Jim Pingle
11:35 AM pfSense Packages Bug #11575: OpenVPN clients cannot pass traffic when reconnecting using the same source port: Jim Pingle wrote:
> We haven't evaluated that patch yet, but it's unlikely to make it into the next release this lat... Edgardo Rodriguez
08:00 AM pfSense Packages Bug #11575: OpenVPN clients cannot pass traffic when reconnecting using the same source port: We haven't evaluated that patch yet, but it's unlikely to make it into the next release this late in the process. If ... Jim Pingle
11:38 AM pfSense Packages Bug #11696 (Feedback): SquidGuard Disable "Groups ACL" no work: Merged Viktor Gurov
08:01 AM pfSense Packages Bug #11696 (Pull Request Review): SquidGuard Disable "Groups ACL" no work: Jim Pingle
06:57 AM pfSense Packages Bug #11696: SquidGuard Disable "Groups ACL" no work: fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/75 Viktor Gurov
06:47 AM pfSense Packages Bug #11696 (Resolved): SquidGuard Disable "Groups ACL" no work: https://forum.netgate.com/topic/162053/squidguard-disable-groups-acl-no-work-bug:
Pfsense 2.5.0
"Common ACL" is D... Viktor Gurov
11:03 AM Bug #11701: Missing global ``$g`` declaration in ``config.lib.inc`` function ``pfSense_clear_globals()``: PR: https://github.com/pfsense/pfsense/pull/4510 BBcan177 .
10:59 AM Bug #11701 (Resolved): Missing global ``$g`` declaration in ``config.lib.inc`` function ``pfSense_clear_globals()``: /etc/inc/config.lib.inc
Line: 1106
function pfSense_clear_globals() {
global $config, *$g,* $FilterIfList, $Gat... BBcan177 .
09:46 AM Bug #11700 (Pull Request Review): OpenVPN does not kill IPv6 client states on disconnect: Jim Pingle
09:44 AM Bug #11700: OpenVPN does not kill IPv6 client states on disconnect: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/197 Viktor Gurov
09:42 AM Bug #11700 (Closed): OpenVPN does not kill IPv6 client states on disconnect: openvpn.attributes.sh successfully kills all IPv4 states with:... Viktor Gurov
09:26 AM Bug #11698 (Pull Request Review): Incomplete PPPoE custom reset values lead to invalid cron entry: Jim Pingle
08:57 AM Bug #11698: Incomplete PPPoE custom reset values lead to invalid cron entry: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/196 Viktor Gurov
08:50 AM Bug #11698 (Closed): Incomplete PPPoE custom reset values lead to invalid cron entry: If you configure the "Custom Reset" option and only fill in the "Minutes" or "Hour" field, but not other fields,
an ... Viktor Gurov
08:13 AM Bug #11697 (Rejected): Status / System Logs doesn't show any logs after Upgrade 2.4.5 -> 2.5.0, works on fresh install: Unable to reproduce the problem here -- numerous systems have been upgraded from 2.4.5 to 2.5.0 and all have working ... Jim Pingle
08:10 AM Bug #11697 (Rejected): Status / System Logs doesn't show any logs after Upgrade 2.4.5 -> 2.5.0, works on fresh install: Dear all,
we've upgraded two pfSense VMs from 2.4.5 to 2.5.0. The upgrade worked, however, "Status / System Logs" ... Christian Strauf
07:52 AM Bug #11692: ``fixup_default_gateway()`` should not remove a default gateway managed by a dynamic routing daemon: Updating subject for release notes. Jim Pingle
07:47 AM Bug #11688 (Pull Request Review): Disabling all interfaces associated with a floating rule causes the firewall to generate an incorrect pf rule: Jim Pingle
07:38 AM pfSense Packages Bug #11695 (Feedback): PHP error in the last step of the wizard: Merged Renato Botelho
07:05 AM pfSense Packages Bug #11695: PHP error in the last step of the wizard: fix:
https://gitlab.netgate.com/pfSense/factory-ports/-/merge_requests/1 Viktor Gurov
06:06 AM pfSense Packages Bug #11695 (Resolved): PHP error in the last step of the wizard: I get the following error message when trying to create a VPN using the AWS wizard:... Viktor Gurov
06:03 AM Feature #11125: Kernel module for RTL8153 driver: Is there any chances that this modify will be insert into 2.5.1 release? Anonymous
05:49 AM Bug #11694: Upstream Gateway Not Being Set Repeatedly: Alasdair Corton wrote:
> The "Fix" link isn't working
>
> https://gitlab.netgate.com/pfSense/pfSense/-/merge_requ... Viktor Gurov
04:19 AM Bug #11694: Upstream Gateway Not Being Set Repeatedly: The "Fix" link isn't working
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/139 Alasdair Corton
04:08 AM Bug #11694 (Duplicate): Upstream Gateway Not Being Set Repeatedly: Duplicate of #11433 Viktor Gurov
03:39 AM Bug #11694 (Duplicate): Upstream Gateway Not Being Set Repeatedly: Hi all,
I have been experiencing a consistent issue with my pfSense virtual machine. My current set up is 2 ESXi h... Alasdair Corton
01:59 AM Regression #11433: Gateways with "Use non-local gateway" set are not added to routing table: Viktor Gurov wrote:
> works as expected on 2.5.1.r.20210314.2256:
> [...]
I tested this with 2.5.1.r.20210314.22... Andrew Murray
12:07 AM Revision c04b3a71: Skip floating rules with all interfaces disabled. Issue #11688: Prior to this change, if a floating rule had associated interfaces, but
they were all disabled, the rule would be gen... Jonathon Reinhart

03/17/2021

08:46 PM pfSense Packages Bug #11575: OpenVPN clients cannot pass traffic when reconnecting using the same source port: Pippin MMD wrote:
> Asked on #openvpn-devel, this patch should fix this ticket:
> https://patchwork.openvpn.net/pat... Wesley Lucio dos Santos
07:01 AM pfSense Packages Bug #11575: OpenVPN clients cannot pass traffic when reconnecting using the same source port: Pippin MMD wrote:
> Asked on #openvpn-devel, this patch should fix this ticket:
> https://patchwork.openvpn.net/pat... Edgardo Rodriguez
06:55 AM pfSense Packages Bug #11575: OpenVPN clients cannot pass traffic when reconnecting using the same source port: Asked on #openvpn-devel, this patch should fix this ticket:
https://patchwork.openvpn.net/patch/1550/
It is not r... Pippin MMD
07:38 PM pfSense Packages Bug #11693 (Resolved): IPv6 static routing fails: ipv6 static routing rules do not work, when I setup 240e::/20 via wan dhcpv6 interface, but
it still via frr bgp oth... yon Liu
07:34 PM Bug #11692 (Resolved): ``fixup_default_gateway()`` should not remove a default gateway managed by a dynamic routing daemon: so I using frr bgp router,so I need disable and setup Default gateway IPv6 to none, but I config Default gateway IPv6... yon Liu
05:04 PM Revision 73617c4b: Add MVC wrapper to various functions used by firewall_nat*: Steve Beaver
02:19 PM Feature #11374: WireGuard Status in GUI: Current snapshot builds have a bit more info, but it's still limited in its usefulness since WireGuard is connectionl... Jim Pingle
02:17 PM Feature #11374: WireGuard Status in GUI: Thanks - completely understandable - perhaps as more wg features get exposed over time, some way of visually gauging ... Jum Pers
02:05 PM Bug #11691 (Closed): WireGuard MSS Clamping and TCP traffic issues after reboot.: Testing the latest development code (2.6.0.a.20210317.0100), upon reboot even though the MTU (as reported by Status>I... Christian McDonald
01:29 PM Bug #11454: Gateway value for DHCP6 interfaces missing after RA events triggered script without gateway information: Adjusting subject again to reflect both problems that were fixed since they were close, potentially related, but not ... Jim Pingle
01:27 PM Bug #11454 (Feedback): Gateway value for DHCP6 interfaces missing after RA events triggered script without gateway information: I've pushed rtsold fix to FreeBSD-src repository for all branches. It should be fine on next snapshot. Renato Botelho
01:15 PM Bug #11454: Gateway value for DHCP6 interfaces missing after RA events triggered script without gateway information: OK I've tested with a patched rtsold on multiple systems and now I'm seeing the correct and expected behavior all aro... Jim Pingle
11:22 AM Bug #11454: Gateway value for DHCP6 interfaces missing after RA events triggered script without gateway information: Running rtsold manually, as Paul K (Thanks!) did, I see the same results. Greg Shaffer
10:35 AM Bug #11454: Gateway value for DHCP6 interfaces missing after RA events triggered script without gateway information: OK, so I did some sniffing and found that the systems I was observing had multiple devices on the segment responding ... Jim Pingle
12:10 AM Bug #11454: Gateway value for DHCP6 interfaces missing after RA events triggered script without gateway information: Yeah, I guess it was already described. The way I read that post though is that it was patched to pass second argumen... Paul K
12:01 AM Bug #11454: Gateway value for DHCP6 interfaces missing after RA events triggered script without gateway information: Exactly, and that was already described above. That's why I was wondering how this patch was supposed to fix it when ... Flole Systems
01:03 PM Regression #11316: Unbound crashes with signal 11 when reloading: Chris Collins wrote:
> I hope the decision is not made to roll back unbound, as its just going back to old code, whe... Jim Pingle
12:50 PM Regression #11316: Unbound crashes with signal 11 when reloading: I hope the decision is not made to roll back unbound, as its just going back to old code, when the better decision mi... Chris Collins
03:29 AM Regression #11316: Unbound crashes with signal 11 when reloading: Jim Pingle wrote:
> Updating subject for release notes.
>
> If Unbound doesn't find/fix the issue in 1.13.1 soon ... Vaidotas Butkus
12:11 PM Bug #11474 (Resolved): Broken help link on IPsec Advanced Settings tab: Thanks! Jim Pingle
12:09 PM Bug #11474: Broken help link on IPsec Advanced Settings tab: I can confirm this is working for me on a SG-5100 running 21.02.2 RC build 17 March 0300. Touching the help icon brin... Nick Goehring
11:55 AM Feature #11690: Add an option to rescan PCI buses to allow NIC hotplug: The probe order for >4 NICs is a well documented issue with ESX across multiple operating systems. It may not affect ... Jim Pingle
11:53 AM Feature #11690: Add an option to rescan PCI buses to allow NIC hotplug: Hi Jim, thanks for the explanation.
If I understand correctly, the problem would only occur if I add more than 4 NIC... Louis Sautier
11:47 AM Feature #11690 (Rejected): Add an option to rescan PCI buses to allow NIC hotplug: I don't think we'd ever recommend doing that. If you must, you can run the command manually, but there could be drast... Jim Pingle
11:18 AM Feature #11690 (Rejected): Add an option to rescan PCI buses to allow NIC hotplug: Hi,
Would it be possible to add an option to rescan PCI buses? Maybe just a playback command would be enough.
I a... Louis Sautier
10:44 AM Feature #7077 (Resolved): Display negotiated data encryption algorithm in OpenVPN connection status: Jim Pingle
10:25 AM pfSense Plus Regression #11689: LEDs do not indicate available upgrade status: Relevant commits:
https://gitlab.netgate.com/pfSense/factory/-/commit/2add5e3aaaa59a66b2de8789b39b61efff27dfb8
ht... Jim Pingle
10:07 AM pfSense Plus Regression #11689: LEDs do not indicate available upgrade status: I committed another change to use the middle LED for this rather than overloading the use of the ready LED, since the... Jim Pingle
09:41 AM pfSense Plus Regression #11689 (Feedback): LEDs do not indicate available upgrade status: Fix committed, should be in tomorrow's image Jim Pingle
08:44 AM pfSense Plus Regression #11689 (Resolved): LEDs do not indicate available upgrade status: LEDs are not being updated when a new upgrade is available.
Only affects Plus.
Variable in @etc/rc.update_pkg_m... Jim Pingle
02:52 AM Bug #11352: CTF types > 2^15 in the pfSense kernel config results in DTrace failing: With all SCSI and RAID drivers from GENERIC, this pulled back the number of types to 28890.
Perhaps a few modern SCS... Peter Grehan

03/16/2021

11:50 PM Bug #11454: Gateway value for DHCP6 interfaces missing after RA events triggered script without gateway information: I think I might have found the problem.
First of all, I stated incorrectly in my previous post that "/var/etc/dhcp... Paul K
07:42 PM Bug #11454 (In Progress): Gateway value for DHCP6 interfaces missing after RA events triggered script without gateway information: Flole Systems wrote:
> No surprise that didn't fix it, where should that second argument be coming from? Its never p... Jim Pingle
07:38 PM Bug #11454: Gateway value for DHCP6 interfaces missing after RA events triggered script without gateway information: No surprise that didn't fix it, where should that second argument be coming from? Its never passed to the managedconf... Flole Systems
02:34 PM Bug #11454: Gateway value for DHCP6 interfaces missing after RA events triggered script without gateway information: The 2.5.1-RC did not resolve the gateway issue. Thread started on the forum. Greg Shaffer
12:39 PM Bug #11454: Gateway value for DHCP6 interfaces missing after RA events triggered script without gateway information: Please direct all feedback to threads on the forum category for Plus 21.02.2 / CE 2.5.1 at https://forum.netgate.com/... Jim Pingle
11:48 AM Bug #11454: Gateway value for DHCP6 interfaces missing after RA events triggered script without gateway information: I restored the original interfaces.inc, applied the patch and rebooted my system. Doesn't look like it fixed the issu... Greg Shaffer
11:36 AM Bug #11454: Gateway value for DHCP6 interfaces missing after RA events triggered script without gateway information: At a minimum you have to Edit/Save/Apply on the affected WAN interface after changing the gateway, otherwise it won't... Jim Pingle
11:34 AM Bug #11454: Gateway value for DHCP6 interfaces missing after RA events triggered script without gateway information: I tried applying this as a patch to my 2.5 box... the patch tested properly and applied without issue, but after remo... Anonymous
08:10 AM Bug #11454 (Feedback): Gateway value for DHCP6 interfaces missing after RA events triggered script without gateway information: Applied in changeset commit:78ca7d58c6cc706b5c6aeb8c00c6b4e2b5c841cd. Jim Pingle
08:06 AM Bug #11454: Gateway value for DHCP6 interfaces missing after RA events triggered script without gateway information: Updating subject for release notes and to more accurately reflect the nature of the problem. Jim Pingle
07:53 AM Bug #11454: Gateway value for DHCP6 interfaces missing after RA events triggered script without gateway information: To me, I have a fix. Jim Pingle
10:44 PM Bug #11688: Disabling all interfaces associated with a floating rule causes the firewall to generate an incorrect pf rule: I opened a GitHub pull request: https://github.com/pfsense/pfsense/pull/4509 Jonathon Reinhart
10:31 PM Bug #11688 (Closed): Disabling all interfaces associated with a floating rule causes the firewall to generate an incorrect pf rule: h1. TL;DR
If a floating rule is associated with interfaces, but none of them are enabled, the generated rule incor... Jonathon Reinhart
07:28 PM pfSense Packages Feature #11573: Custom Commands: Maybe web terminal is option here you wanted to ask, but pfsense already allow you run commands, not predefined one DRago_Angel [InV@DER]
07:11 PM pfSense Plus Regression #11436: State matching problem with reponses to packets arriving on non-default WANs: I have the same problem with 21.02. No VPN's just straight multi-wan. WAN2 (non-default) responds to a ping and works... Rick Strangman
03:27 PM pfSense Plus Regression #11436: State matching problem with reponses to packets arriving on non-default WANs: Sounds like it may be related to my issue as well (#11630). It was working normally on my daily build from January du... James Blanton
06:49 PM Revision 5effaab2: Merge pull request #4503 from nraven777/patch-1: Renato Botelho
06:49 PM Revision e04e15e4: Merge pull request #4508 from thomasloven/patch-1: Renato Botelho
06:47 PM Revision 1a7bff1d: Merge pull request #4502 from znerol-forks/fix/master/deprecate-prefix-of-when-ra-srcaddr-set: Renato Botelho
06:33 PM Revision 3c4fc240: Revert changes for issue #11091: Negatively impacts parent interfaces, needs more work. Jim Pingle
05:56 PM Revision 0a0a3e17: set_curlproxy() fixes. Issue #11476: (cherry picked from commit 75a3b0decc8e26e42cdc04f84d7a1a806c922f5a) Viktor Gurov
05:05 PM pfSense Packages Bug #11687: Fix download URLs for SecuriteInfo.com: A pull request fixing this bug can be found on "GitHub":https://github.com/pfsense/FreeBSD-ports/pull/1055. Markus *
04:55 PM pfSense Packages Bug #11687 (Resolved): Fix download URLs for SecuriteInfo.com: The download URLs for the SecuriteInfo.com databases in the freshclam configuration are missing the SecuriteInfo.com ID. Markus *
04:59 PM Feature #7077: Display negotiated data encryption algorithm in OpenVPN connection status: Can confirm this is working for me on a SG-5100 running 21.02.2 RC. When connected with my android device, I navigate... Nick Goehring
04:33 PM pfSense Packages Bug #11575: OpenVPN clients cannot pass traffic when reconnecting using the same source port: Well, confirmed what I stated before,
*enable_async_push=yes* breaks reconnect process when using server with UDP a... Edgardo Rodriguez
03:29 PM pfSense Packages Bug #11575: OpenVPN clients cannot pass traffic when reconnecting using the same source port: I found that, using tcp server mode reconnection works as expected (without needing to set lport 0, or nobind, or any... Edgardo Rodriguez
03:59 PM pfSense Packages Bug #11686 (Resolved): FRR generated ACCEPTFILTER permit statement broken: When the ACCEPTFILTER is generated all goes well except the last line which is ip prefix-list ACCEPTFILTER seq 10 per... Robert Sailer
03:19 PM Revision 75a3b0de: set_curlproxy() fixes. Issue #11476: Viktor Gurov
03:08 PM Regression #11570: Gateway monitoring services is not always restarted on interface events, which may prevent a WAN from recovering back to an online state: Viktor Gurov wrote:
> M L wrote:
> > *Failover back to main, not so great:*
> > # Plug in WAN1
> > # WAN1 interfa... James Blanton
01:54 PM pfSense Packages Bug #11680 (Feedback): Saving HAProxy FrontEnd description with umlauts causes configuration restore: PR has been merged. Thanks! Renato Botelho
10:48 AM pfSense Packages Bug #11680 (Pull Request Review): Saving HAProxy FrontEnd description with umlauts causes configuration restore: Jim Pingle
04:07 AM pfSense Packages Bug #11680: Saving HAProxy FrontEnd description with umlauts causes configuration restore: fix:
https://github.com/pfsense/FreeBSD-ports/pull/1054 Viktor Gurov
12:07 AM pfSense Packages Bug #11680: Saving HAProxy FrontEnd description with umlauts causes configuration restore: similar to #10442 Viktor Gurov
12:06 AM pfSense Packages Bug #11680 (Resolved): Saving HAProxy FrontEnd description with umlauts causes configuration restore: https://forum.netgate.com/topic/162010/saving-haproxy-config-causes-config-restore:
On pfSense 2.5.0, HAProxy, i t... Viktor Gurov
01:53 PM pfSense Packages Bug #11640 (Feedback): Ntopng configuration and data loss when shutting down Redis: PR has been merged. Thanks! Renato Botelho
01:50 PM Feature #11264 (Feedback): Redirect Captive Portal users to login page after they logout: PR has been merged. Thanks! Renato Botelho
01:50 PM Bug #11667 (Feedback): Automatic 25-day forced Dynamic DNS update removes wildcard domain: PR has been merged. Thanks! Renato Botelho
01:48 PM Feature #11103: Use virtual link local IP address as RA source address for HA environments: MErged. Thanks! Renato Botelho
01:34 PM Bug #11091: Interfaces set as disabled in the configuration have an UP status in the operating system at boot: I backed the change out of RELENG_2_5_1, moving target forward.
Jim Pingle
01:25 PM Bug #11091 (In Progress): Interfaces set as disabled in the configuration have an UP status in the operating system at boot: I think this may need some refinement as it could interfere with other things. If you have an interface assigned but ... Jim Pingle
01:13 PM Revision 919545c4: Finish refactoring firewall_NAT* for MVC: Steve Beaver
01:01 PM Revision 77abcd71: Only write DHCP6 gw when given a value. Fixes #11454: (cherry picked from commit 78ca7d58c6cc706b5c6aeb8c00c6b4e2b5c841cd) Jim Pingle
12:59 PM Revision 78ca7d58: Only write DHCP6 gw when given a value. Fixes #11454: Jim Pingle
12:56 PM Bug #11476 (Feedback): Telegram and Pushover notification API calls do not respect proxy configuration: Merged and cherry-picked to 2.5.1 Renato Botelho
11:33 AM Bug #11476 (Pull Request Review): Telegram and Pushover notification API calls do not respect proxy configuration: Jim Pingle
10:23 AM Bug #11476 (New): Telegram and Pushover notification API calls do not respect proxy configuration: some errors:... Viktor Gurov
12:42 PM Revision ad0c2928: Add 2.5.1-RC repository: Renato Botelho
12:42 PM Revision 11208036: Add 2.5.1-RC repository: Renato Botelho
12:39 PM Revision bc85c456: Add 2.5.1-RC repository: Renato Botelho
12:22 PM Revision ac37d85c: Set correct WireGuard interface MTU on boot/config changes. Fixes #11482: (cherry picked from commit 5b141e80eca7718043a83bb690dfe2d8db04ee87) Viktor Gurov
12:22 PM Revision 5b141e80: Set correct WireGuard interface MTU on boot/config changes. Fixes #11482: Viktor Gurov
12:22 PM Revision 6ba95044: Reject IPv4-mapped IPv6 addresses on Mobile IPsec DNS server input validation. Fixes #11446: (cherry picked from commit 90fd68c6d42a25db20147dd455fc2701599b9c7d) Viktor Gurov
12:21 PM Revision 90fd68c6: Reject IPv4-mapped IPv6 addresses on Mobile IPsec DNS server input validation. Fixes #11446: Viktor Gurov
11:46 AM Bug #11685: PHP error if ``PHP_error.log`` file is too large: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/195 Viktor Gurov
11:46 AM Bug #11685 (Pull Request Review): PHP error if ``PHP_error.log`` file is too large: Jim Pingle
11:35 AM Bug #11685 (Closed): PHP error if ``PHP_error.log`` file is too large: Unable to load crash dump files if PHP_error.log is too large:... Viktor Gurov
11:29 AM Todo #11684 (Pull Request Review): Set ``explicit-exit-notify`` option by default for new OpenVPN server instances: Jim Pingle
10:54 AM Todo #11684: Set ``explicit-exit-notify`` option by default for new OpenVPN server instances: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/194
see also #11520 and #11521
Viktor Gurov
10:50 AM Todo #11684 (Resolved): Set ``explicit-exit-notify`` option by default for new OpenVPN server instances: https://openvpn-users.narkive.com/bjhC5hVo/tls-error-local-remote-tls-keys-are-out-of-sync#post8:
Suppose you have a... Viktor Gurov
10:57 AM Regression #11433 (Resolved): Gateways with "Use non-local gateway" set are not added to routing table: works as expected on 2.5.1.r.20210314.2256:... Viktor Gurov
10:50 AM pfSense Packages Bug #11683 (Pull Request Review): Certificate Manager page doesn't show FreeRADIUS used certificates: Jim Pingle
06:26 AM pfSense Packages Bug #11683: Certificate Manager page doesn't show FreeRADIUS used certificates: fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/74 Viktor Gurov
05:39 AM pfSense Packages Bug #11683 (Resolved): Certificate Manager page doesn't show FreeRADIUS used certificates: On the system_certmanager.php page, you can see the "In Use" column which reflects the certificates used by IPsec/Ope... Viktor Gurov
10:49 AM pfSense Packages Bug #11682 (Pull Request Review): Certificate Manager page do not show STunnel used certificates: Jim Pingle
05:35 AM pfSense Packages Bug #11682: Certificate Manager page do not show STunnel used certificates: fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/73 Viktor Gurov
05:33 AM pfSense Packages Bug #11682 (Resolved): Certificate Manager page do not show STunnel used certificates: On the system_certmanager.php page, you can see the "In Use" column which reflects the certificates used by IPsec / O... Viktor Gurov
10:35 AM Bug #11403 (Resolved): DNS Resolver does not add a ``local-zone`` type for ``ip6.arpa`` domain override: works as expected on 2.5.1.r.20210314.2256:... Viktor Gurov
10:25 AM Bug #11624 (Resolved): Typo on Router Advertisements page: ok on 2.5.1.r.20210314.2256 Viktor Gurov
10:15 AM pfSense Packages Bug #11366 (Pull Request Review): Arpwatch Cron Notification every 15 minutes: Jim Pingle
02:07 AM pfSense Packages Bug #11366: Arpwatch Cron Notification every 15 minutes: fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/72 Viktor Gurov
10:15 AM Bug #11678 (Pull Request Review): Certificate Manager does not report Unbound as using a certificate: Jim Pingle
01:59 AM Bug #11678: Certificate Manager does not report Unbound as using a certificate: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/191 Viktor Gurov
10:13 AM pfSense Packages Bug #11681 (Pull Request Review): FRR generates invalid BFD configuration after removing interfaces: Jim Pingle
12:49 AM pfSense Packages Bug #11681: FRR generates invalid BFD configuration after removing interfaces: fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/71 Viktor Gurov
12:17 AM pfSense Packages Bug #11681 (Resolved): FRR generates invalid BFD configuration after removing interfaces: If you create a BFD peer configuration and set the Interface option to a value other than "Default",
and then remove... Viktor Gurov
10:08 AM Regression #11447: EAP-RADIUS Mobile IPsec clients with RADIUS-assigned addresses do not get additional configuration attributes: If it needs that kind of more involved work then we can look at it deeper for the next release after this. Jim Pingle
08:17 AM Regression #11447: EAP-RADIUS Mobile IPsec clients with RADIUS-assigned addresses do not get additional configuration attributes: Jim Pingle wrote:
> To test:
>
> * Setup mobile IPsec using IKEv2 and EAP-RADIUS against a RADIUS server
> * Lea... Viktor Gurov
09:54 AM Bug #11464 (Resolved): Requests to ``ews.netgate.com`` do not honor proxy configuration: works as expected on 2.5.1.r.20210314.2256:
I see ... Viktor Gurov
09:27 AM pfSense Packages Bug #11585: WireGuard kernel panic when changing peer port on assigned WireGuard interface: I can test whenever this hits the dev snaps. I assume this is incubating in 2.6 devl?
I'm not sure what you can di... Christian McDonald
08:10 AM pfSense Packages Bug #11585 (Feedback): WireGuard kernel panic when changing peer port on assigned WireGuard interface: Many wg fixes were cherry-picked from upstream. This must be tested again Renato Botelho
08:10 AM Bug #11538 (Feedback): WireGuard Panic: Many wg fixes were cherry-picked from upstream. This must be tested again Renato Botelho
08:10 AM Bug #11586 (Feedback): WireGuard panic when saving many times in a row: Many wg fixes were cherry-picked from upstream. This must be tested again Renato Botelho
07:42 AM pfSense Docs Correction #11647: Feedback on Virtual Private Networks — IPsec — Routed IPsec (VTI): https://gitlab.netgate.com/docs/pfSense-docs/-/merge_requests/10 Viktor Gurov
07:39 AM pfSense Docs Correction #11649 (Resolved): Feedback on System Monitoring — Routing Logs: PR merged and deployed Jim Pingle
07:35 AM pfSense Docs Correction #11649: Feedback on System Monitoring — Routing Logs: https://gitlab.netgate.com/docs/pfSense-docs/-/merge_requests/9 Viktor Gurov
07:30 AM Bug #11482: WireGuard interfaces do not always have proper MTU applied: Applied in changeset commit:5b141e80eca7718043a83bb690dfe2d8db04ee87. Viktor Gurov
07:23 AM Bug #11482 (Feedback): WireGuard interfaces do not always have proper MTU applied: Merged and cherry-picked to 2.5.1 Renato Botelho
07:30 AM Bug #11446: Mobile IPsec DNS server input validation does not reject unsupported IPv4-mapped IPv6 addresses: Applied in changeset commit:90fd68c6d42a25db20147dd455fc2701599b9c7d. Viktor Gurov
07:23 AM Bug #11446 (Feedback): Mobile IPsec DNS server input validation does not reject unsupported IPv4-mapped IPv6 addresses: Merged and cherry-picked to 2.5.1 Renato Botelho
06:13 AM pfSense Packages Bug #11610: NET-SNMP is not setting the correct permissions on AgentX: I *think* the issue is somewhere in here */usr/local/pkg/frr.inc*
in the segment as follows:... Yif Swery
05:58 AM pfSense Packages Bug #11610: NET-SNMP is not setting the correct permissions on AgentX: Viktor Gurov wrote:
> Unable to reproduce with FRR pkg 1.1.0_8 -
> frr starts successfully with the "Enable agentx"... Yif Swery

03/15/2021

10:29 PM pfSense Packages Bug #11575: OpenVPN clients cannot pass traffic when reconnecting using the same source port: Jim Pingle wrote:
> If an OpenVPN client reconnects immediately after disconnecting, in certain cases it cannot pass... Edgardo Rodriguez
04:08 PM Revision 8e4d80e1: Revise target port error message: Steve Beaver
01:57 PM Revision 188456d0: Do not delete disabled routes on boot. Fixes #3709: (cherry picked from commit 6336607d28a014a3de1b4e873a6ab97b9a635a7f) Viktor Gurov
01:56 PM Revision 6336607d: Do not delete disabled routes on boot. Fixes #3709: Viktor Gurov
01:54 PM Revision 58832005: Shell LDAP authentication fix. Issue #11644: (cherry picked from commit 0c0b3a3d15e36fbba28937e6f4f6a41c61c984b3) Viktor Gurov
01:54 PM Revision 0c0b3a3d: Shell LDAP authentication fix. Issue #11644: Viktor Gurov
01:52 PM Revision c9f3f96a: Correct local IPv6 address for OpenVPN on 6RD/6to4 interfaces. Fixes #11674: (cherry picked from commit 1b59af4f44927e41fbe0bd64b9f737fc8dd32d33) Viktor Gurov
01:51 PM Revision 1b59af4f: Correct local IPv6 address for OpenVPN on 6RD/6to4 interfaces. Fixes #11674: Viktor Gurov
12:24 PM Revision be444914: Change OpenVPN auth to php-cgi for the time being. Fixes #4521: (cherry picked from commit 1bfdb794cb2a06932da0029ca37f9727c3f74274) Jim Pingle
12:24 PM Revision 1bfdb794: Change OpenVPN auth to php-cgi for the time being. Fixes #4521: Jim Pingle
09:42 AM Bug #11679 (Closed): Policy-based Routing (outbound) and port forwarding (inbound) "selectively" working through WG tunnel: This is my main thread about this issue: https://forum.netgate.com/topic/161293/policy-based-routing-outbound-and-por... Kevin Mychal Ong
09:18 AM Bug #11502: WireGuard ``matchaddr failed`` kernel messages in system log: Jim Pingle wrote:
> Adam Esslinger wrote:
> > I noticed that there were additional "LAN" network that weren't defin... Kevin Mychal Ong
09:05 AM Bug #3709: Disabled static route entries trigger 'route delete' error at boot: Applied in changeset commit:6336607d28a014a3de1b4e873a6ab97b9a635a7f. Viktor Gurov
08:56 AM Bug #3709 (Feedback): Disabled static route entries trigger 'route delete' error at boot: Merged and cherry-picked to 2.5.1 Renato Botelho
06:36 AM Bug #3709 (Pull Request Review): Disabled static route entries trigger 'route delete' error at boot: Jim Pingle
09:00 AM Bug #11674: OpenVPN binds to all interfaces when configured on a 6RD interface: Applied in changeset commit:1b59af4f44927e41fbe0bd64b9f737fc8dd32d33. Viktor Gurov
08:53 AM Bug #11674 (Feedback): OpenVPN binds to all interfaces when configured on a 6RD interface: Merged and cherry-picked to 2.5.1 Renato Botelho
06:16 AM Bug #11674 (Pull Request Review): OpenVPN binds to all interfaces when configured on a 6RD interface: Jim Pingle
08:55 AM Bug #11644 (Feedback): Unreachable LDAP server for SSH auth causes boot process to stop at 'Synchronizing user settings' and no user can login over SSH: Renato Botelho
08:55 AM Bug #11644: Unreachable LDAP server for SSH auth causes boot process to stop at 'Synchronizing user settings' and no user can login over SSH: Merged and cherry-picked to 2.5.1 Renato Botelho
06:40 AM Bug #11644 (Pull Request Review): Unreachable LDAP server for SSH auth causes boot process to stop at 'Synchronizing user settings' and no user can login over SSH: Jim Pingle
07:43 AM Bug #11678: Certificate Manager does not report Unbound as using a certificate: Not so critical we need to rush it into this release, but the next one, sure. Jim Pingle
07:41 AM Bug #11678 (Resolved): Certificate Manager does not report Unbound as using a certificate: If you enable SSL/TLS Service for local clients in Unbound you can select a certificate to use for that.
In the Ce... Steve Wheeler
07:30 AM Bug #4521: OpenVPN authentication and certificate validation fail due to size of data passed through ``fcgicli``: Applied in changeset commit:1bfdb794cb2a06932da0029ca37f9727c3f74274. Jim Pingle
07:28 AM Bug #4521 (Feedback): OpenVPN authentication and certificate validation fail due to size of data passed through ``fcgicli``: I pushed a change for both @ovpn_auth_verify@ and @ovpn_auth_verify_async@ to use @php-cgi@ for the time being, the c... Jim Pingle
07:26 AM Bug #11677 (Rejected): MultiWAN issue after upgrade to 2.5.0 - gets external WANIP but link down: This site is not for support or diagnostic discussion.
For assistance in solving problems, please post on the "Net... Jim Pingle
07:22 AM Bug #11677 (Rejected): MultiWAN issue after upgrade to 2.5.0 - gets external WANIP but link down: Hi there,
We upgraded our office pfSense instance from 2.4.5 to 2.5.0 last night, and lost WAN2 as a result. We get ... Michael Knowles
06:33 AM Bug #11675 (Pull Request Review): VLAN and QinQ edit pages allows selecting incompatible OpenVPN ``tun`` interfaces: Jim Pingle
06:32 AM pfSense Plus Bug #11673: Thermal Sensors Non-functional on SG-3100: I can reproduce it here even on a 21.02.2 snapshot. It's specific to the Thermal Sensors widget and not the temperatu... Jim Pingle
06:08 AM Bug #11663 (Duplicate): XMLRPC does not sync MSS clamping value under IPsec Advanced Settings tab: That is a better path forward Jim Pingle
06:07 AM Bug #11658 (Resolved): Ambiguous text in help and input validation error for system domain name: Jim Pingle
06:04 AM Regression #11475 (Feedback): Route tables with many entries can lead to PHP errors and timeouts when looking up routes: Luiz merged the PR and cherry-picked but needs confirmation that the fix is in and working in snapshots. Jim Pingle
06:02 AM Bug #11676 (Rejected): Kernel Panic with APU2 and Pfsense 2.5.0: Each of those panics has a completely different backtrace, and combined with the errors in the message buffer, I'm in... Jim Pingle
03:24 AM Bug #11676 (Rejected): Kernel Panic with APU2 and Pfsense 2.5.0: Hi all
I receive after upgrading to 2.5.0 Kernel Panics on APU2
with PFSense 2.5.0.
Thx in advance
admins Stefan Bühler
12:07 AM Revision c9b7ffc3: Merge pull request #187 from viktor/route_get_fix: Supress route no found error. Issue #11475
(cherry picked from commit f5ff5cdc369b494499db3f7aca4426952add59e3) Luiz Souza
12:01 AM Revision f5ff5cdc: Merge pull request #187 from viktor/route_get_fix: Supress route no found error. Issue #11475 Luiz Souza

03/14/2021

03:14 PM Bug #11483 (Resolved): Installer does not add required module to loader.conf when using ZFS: Looks good now in current 21.02p2 snapshots. The following are added to /boot/loader.conf:... Steve Wheeler
12:15 PM Bug #10176: Multiple duplicate / overlapping phase 2 Child SAs on IPsec tunnels: Jim Pingle wrote:
> work around it
Well, at least this is the appropriate term. Metaphorically speaking: it's tr... Izaac Falken
11:11 AM Bug #11644: Unreachable LDAP server for SSH auth causes boot process to stop at 'Synchronizing user settings' and no user can login over SSH: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/190 Viktor Gurov
09:52 AM Bug #11542: Openvpn does not work correctly after updating to version 2.5.0: It is not a bug in pfSense, it is a bug in OpenVPN. See #11575 Jim Pingle
07:29 AM Bug #11542: Openvpn does not work correctly after updating to version 2.5.0: I confirm the problem, I have to wait approx 5mn before trying to reconnect
I did not see anything suspicious in log... Stéphane BARBARAY
05:25 AM Bug #11542: Openvpn does not work correctly after updating to version 2.5.0: and yet I insist that this is a problem
https://redmine.pfsense.org/issues/11634 itfabrica Tech
07:47 AM Regression #11570: Gateway monitoring services is not always restarted on interface events, which may prevent a WAN from recovering back to an online state: M L wrote:
> *Failover back to main, not so great:*
> # Plug in WAN1
> # WAN1 interface status shows link up with ... Viktor Gurov
07:38 AM Revision 46ff02ac: Supress route no found error. Issue #11475: Viktor Gurov
07:23 AM pfSense Packages Regression #11634: bind hangs when pfsense is reconnecting as an openvpn client to a TUN openvpn server: The problem is maybe not directly related, but I encountered this too, and if you wait 5mn before trying to reconnect... Stéphane BARBARAY
05:23 AM pfSense Packages Regression #11634: bind hangs when pfsense is reconnecting as an openvpn client to a TUN openvpn server: Good day! I confirm the problem, I created a ticket, but I was told that this is not an error
https://redmine.pfsens... itfabrica Tech
06:48 AM pfSense Packages Feature #10818: UDP Broadcast Relay: This is now a FreeBSD port: https://www.freshports.org/net/udpbroadcastrelay/ Steve Wheeler
06:15 AM Bug #4521: OpenVPN authentication and certificate validation fail due to size of data passed through ``fcgicli``: After re-reading the thread I interpreted Thomas' fix as potentially fixing my issue too. And it did. I can confirm t... Haraldinho D
06:04 AM Bug #4521: OpenVPN authentication and certificate validation fail due to size of data passed through ``fcgicli``: I use both certs and authentication in my setup. The 154.diff patch has solved the cert issue, but the next hurdle no... Haraldinho D
05:08 AM Bug #10706: Kernel route table entries are removed if they match disabled static route entries: see also #3709 Viktor Gurov
04:21 AM Bug #3709: Disabled static route entries trigger 'route delete' error at boot: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/189 Viktor Gurov
04:07 AM Bug #11599: Modifying static routes results in a logged error, changes are not reflected in routing table: see also #7547
we need to keep a cache of the currently applied static routes to compare against when editing/updating Viktor Gurov
04:04 AM Bug #11675: VLAN and QinQ edit pages allows selecting incompatible OpenVPN ``tun`` interfaces: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/188 Viktor Gurov
03:42 AM Bug #11675 (Resolved): VLAN and QinQ edit pages allows selecting incompatible OpenVPN ``tun`` interfaces: The VLAN and QinQ edit pages allow you to select the OpenVPN TUN interfaces,
which is incorrect, since only TAP inte... Viktor Gurov
01:40 AM Regression #11475 (New): Route tables with many entries can lead to PHP errors and timeouts when looking up routes: now I see many `route: route has not been found` messages on boot:... Viktor Gurov
12:40 AM Bug #11662: QinQ using OpenVPN ``ovpn`` interface as a parent is not configured at boot time: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/186 Viktor Gurov
12:22 AM Bug #11454: Gateway value for DHCP6 interfaces missing after RA events triggered script without gateway information: Paul K wrote:
> I can confirm this as an issue.
>
> This is however much larger issue than described in the origi... Car F
12:16 AM pfSense Packages Bug #11610 (Feedback): NET-SNMP is not setting the correct permissions on AgentX: Viktor Gurov

03/13/2021

11:45 PM Bug #11674: OpenVPN binds to all interfaces when configured on a 6RD interface: similar to #11643
fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/185 Viktor Gurov
11:34 PM Bug #11674 (Closed): OpenVPN binds to all interfaces when configured on a 6RD interface: If OpenVPN instance is configured on 6RD interface,
there is no `local` option in the `/var/etc/openvpn/<instance>/c... Viktor Gurov
11:18 PM pfSense Plus Bug #11673: Thermal Sensors Non-functional on SG-3100: Unable to reproduce
Could be related to #11443 Viktor Gurov
10:01 PM pfSense Plus Bug #11673: Thermal Sensors Non-functional on SG-3100: Kris Phillips wrote:
> The Dashboard Widget for the SG-3100 showing the thermal sensor information gets stuck on "Up... Michael Spears
06:20 PM pfSense Plus Bug #11673 (Duplicate): Thermal Sensors Non-functional on SG-3100: The Dashboard Widget for the SG-3100 showing the thermal sensor information gets stuck on "Updating...." in pfSense P... Kris Phillips
10:00 PM Regression #11524: Using SHA1 or SHA256 with AES-NI may fail if AES-NI attempts to accelerate hashing: Jim Pingle wrote:
> Based on at least one report, it appears AES-NI on Plus 21.02/2.5.0 has an issue with SHA-256 an... Michael Spears
05:46 PM pfSense Docs Correction #11399: SG-3100 M.2 Installation Guide Reinstall Corrections: It seems the installer should be updating the U-boot variables to point to the correct install media after you run th... Kris Phillips
05:44 PM Regression #11526: Mobile IPsec broken when using strict certificate revocation list checking: Applied this on a customer firewall and the issue went away for IPSec. Seems to be working, but should be further ve... Kris Phillips
05:31 PM Bug #11454: Gateway value for DHCP6 interfaces missing after RA events triggered script without gateway information: I can confirm this as an issue.
This is however much larger issue than described in the original post. This should... Paul K
02:32 PM Feature #855: Ability to selectively kill states on gateway recovery: I just hit this issue with a failover LTE connection (metered).
I have almost everything go out over a wireguard t... aptalca aptalca
02:22 PM Bug #11663: XMLRPC does not sync MSS clamping value under IPsec Advanced Settings tab: Jim Pingle wrote:
> We've considered moving that MSS option out of the IPsec Advanced tab for various reasons, since... Viktor Gurov
09:06 AM Bug #11658: Ambiguous text in help and input validation error for system domain name: Looks good so far. The patch fixes the text to "Alternative TLDs such as 'local.lan' or 'mylocal' are safe."
Max Leighton
08:43 AM Bug #11672 (Duplicate): when setup Static Routes use aliases,cannot automatically learn that the aliases ip list has changed: There are several problems with aliases and static routes and they are being tracked at #7547 already Jim Pingle
05:25 AM Bug #11672: when setup Static Routes use aliases,cannot automatically learn that the aliases ip list has changed: For example, increase or decrease the ip network segment in the alias list,There are dozens or hundreds of ips in the... yon Liu
05:21 AM Bug #11672 (Duplicate): when setup Static Routes use aliases,cannot automatically learn that the aliases ip list has changed: when setup Static Routes use aliases, if the aliases ip list changed, the Static routing cannot automatically learn t... yon Liu
05:05 AM Regression #11475: Route tables with many entries can lead to PHP errors and timeouts when looking up routes: when running frr bgp route with large full routes system, the gateways.php and system_routes.php edit and save chan... yon Liu

03/12/2021

10:31 PM pfSense Plus Regression #11436: State matching problem with reponses to packets arriving on non-default WANs: Sounds like this issue might be causing my problem but I can't tell 100% from the description.
One of our sites ha... Eduard Rozenberg
12:38 PM pfSense Plus Regression #11436: State matching problem with reponses to packets arriving on non-default WANs: Updating subject for release notes.
Also made it more general since this can affect more than port forwards. Jim Pingle
10:50 AM pfSense Plus Regression #11436: State matching problem with reponses to packets arriving on non-default WANs: Just to update. The nat rule on 2.4.5p1 for 1:1 Nat is... Greg Hulands
09:32 PM pfSense Packages Bug #11366 (New): Arpwatch Cron Notification every 15 minutes: Jim Pingle
07:55 PM pfSense Packages Bug #11366: Arpwatch Cron Notification every 15 minutes: Thanks, your fix seems to have done the job, I haven't received any useless emails so far.
Edward Thomas wrote:
... Abdul Khaliq
07:38 PM pfSense Packages Bug #11366: Arpwatch Cron Notification every 15 minutes: I found the bug in arpwatch.
The bug is in the file: /usr/local/arpwatch/sendmail_proxy.php
In the statement:
... Edward Thomas
03:19 PM Revision 591b3cba: Include wildcard setting in dyndns refresh: Every 25th day, my dyndns forcibly updates, and the wildcard entry is gone.
This should fix that, as far as I can te... Thomas Lovén
01:52 PM Bug #11667 (Closed): Automatic 25-day forced Dynamic DNS update removes wildcard domain: What I'm trying to do:
Use Dynamic DNS with a wildcard subdomain.
What I expect to happen:
DNS entry is refreshe... Thomas Lovén
12:57 PM Bug #11583: dashboard nginx 504 Gateway time-out error: Ultimately disabling bzip2 fixed the issue. Bzip2 is the new format in 2.5.0, prior versions were uncompressed. Adam Esslinger
12:53 PM Regression #11519: Incorrect DHCP failover IP address configured on peer after XMLRPC sync: Updating subject for release notes. Jim Pingle
12:52 PM Bug #11638: PHP error in logs from XMLRPC if no sections are selected to sync: Updating subject for release notes. Jim Pingle
12:49 PM pfSense Packages Bug #11465: Input validation does not prevent multiple conflicting WireGuard peers on a single tunnel from attempting to act as default route: Updating subject for release notes. Jim Pingle
12:45 PM Bug #11502: WireGuard ``matchaddr failed`` kernel messages in system log: Updating subject for release notes. Jim Pingle
12:41 PM Bug #11600: WireGuard interfaces should have MSS clamping enabled by default: Updating subject for release notes. Jim Pingle
12:39 PM Bug #11464: Requests to ``ews.netgate.com`` do not honor proxy configuration: Updating subject for release notes. Jim Pingle
12:36 PM Regression #11565: Saved state timeout values not loaded into GUI fields on system_advanced_firewall.php: Updating subject for release notes. Jim Pingle
12:31 PM Regression #11475: Route tables with many entries can lead to PHP errors and timeouts when looking up routes: Updating subject for release notes. Jim Pingle
12:29 PM Bug #11578: Error when removing automatic DNS server route: Updating subject for release notes. Jim Pingle
12:27 PM Regression #11594: IPv6 routes with a prefix length of 128 result in an invalid route table entry: Updating subject for release notes. Jim Pingle
12:25 PM Bug #11617: Unexpected Operator error on console at boot with ZFS and RAM Disks: Updating subject for release notes. Jim Pingle
11:25 AM Bug #11666 (New): GUI Firewall log search not parsing filter.log beyond hard coded limit: Currently the Safety belt limit is set to 10K for release v2.5
This is preventing the GUI search from parsing any lo... Nick Zee
11:07 AM Bug #4521: OpenVPN authentication and certificate validation fail due to size of data passed through ``fcgicli``: Updating subject for release notes. Jim Pingle
11:05 AM Feature #7077: Display negotiated data encryption algorithm in OpenVPN connection status: Updating subject for release notes. Jim Pingle
10:58 AM Bug #11104: OpenVPN does not start with several authentication sources selected: Updating subject for release notes. Jim Pingle
10:57 AM Bug #11382: OpenVPN client configuration page displays Shared Key option when set for SSL/TLS: Updating subject for release notes. Jim Pingle
10:56 AM Bug #11448: Incorrect order of ``route-nopull`` option in OpenVPN client-specific override configuration: Updating subject for release notes. Jim Pingle
10:54 AM Regression #11500: OpenVPN using the wrong OpenSSL command to list digest algorithms: Updating subject for release notes. Jim Pingle
10:51 AM Bug #11554: Selected Data Encryption Algorithms list items reset when an input validation error occurs: Updating subject for release notes. Jim Pingle
10:49 AM Bug #11559: OpenVPN does not start with a long list of Data Encryption Algorithms: Updating subject for release notes. Jim Pingle
10:48 AM Regression #11561: ACLs generated from RADIUS reply attributes do not parse ``{clientip}`` macro: Updating subject for release notes. Jim Pingle
10:48 AM Bug #11569: ACLs generated from RADIUS reply attributes have incorrect syntax: Updating subject for release notes. Jim Pingle
10:45 AM Bug #11476: Telegram and Pushover notification API calls do not respect proxy configuration: Updating subject for release notes. Jim Pingle
10:44 AM Bug #11639: Entries from rotated log files may be displayed out of order when log display includes contents from multiple files: Updating subject for release notes. Jim Pingle
10:41 AM Bug #11105: IPv6 RA RDNSS lifetime is too short, not compliant with RFC 8106: Updating subject for release notes. Jim Pingle
10:40 AM Regression #11442: Distinguished Name (FQDN) IPsec peer identifier type is not formatted properly in ``swanctl.conf`` secrets: Updating subject for release notes. Jim Pingle
10:36 AM Bug #11446: Mobile IPsec DNS server input validation does not reject unsupported IPv4-mapped IPv6 addresses: Updating subject for release notes. Jim Pingle
10:33 AM Bug #11474: Broken help link on IPsec Advanced Settings tab: Updating subject for release notes. Jim Pingle
10:33 AM Regression #11486: Connect and disconnect buttons on the IPsec status page do not work for all tunnels: Updating subject for release notes. Jim Pingle
10:32 AM Regression #11487: IPsec tunnels using expanded IKE connection numbers do not have proper child SA names in ``swanctl.conf``: Updating subject for release notes. Jim Pingle
10:31 AM Bug #11488: IPsec tunnel definitions have ``pools =`` entry in ``swanctl.conf`` with no value: Updating subject for release notes. Jim Pingle
10:30 AM Regression #11526: Mobile IPsec broken when using strict certificate revocation list checking: Updating subject for release notes. Jim Pingle
10:26 AM Regression #11555: IPsec peer ID of "Any" does not generate a proper remote definition or related secrets: Updating subject for release notes. Jim Pingle
10:21 AM Bug #11643: IPsec tunnel does not function when configured on a 6RD interface: Updating subject for release notes. Jim Pingle
10:20 AM pfSense Plus Feature #10804: Interface Status page information for switch uplinks may be replaced by switch port data when media state monitoring is set: Updating subject for release notes. Jim Pingle
10:19 AM Bug #11091: Interfaces set as disabled in the configuration have an UP status in the operating system at boot: Updating subject for release notes. Jim Pingle
09:23 AM Bug #11091 (Resolved): Interfaces set as disabled in the configuration have an UP status in the operating system at boot: Jim Pingle
10:18 AM Bug #11409: IPv4 MSS value is incorrectly applied to IPv6 packets: Updating subject for release notes. Jim Pingle
10:16 AM Bug #11602: Delayed packet transmission in cxgbe driver can lead to latency and reduced performance: Updating subject for release notes. Jim Pingle
10:14 AM Regression #11633: DHCP6 interfaces are reconfigured multiple times at boot when more than one interface is set to Track: Updating subject for release notes. Jim Pingle
10:12 AM Bug #11483: Installer does not add required module to loader.conf when using ZFS: Updating subject for release notes. Jim Pingle
10:00 AM Regression #11433: Gateways with "Use non-local gateway" set are not added to routing table: Updating subject for release notes. Jim Pingle
09:57 AM Regression #11316: Unbound crashes with signal 11 when reloading: Updating subject for release notes.
If Unbound doesn't find/fix the issue in 1.13.1 soon we may consider rolling U... Jim Pingle
09:45 AM Bug #11403: DNS Resolver does not add a ``local-zone`` type for ``ip6.arpa`` domain override: Updating subject for release notes. Jim Pingle
09:42 AM Bug #11547: DNS Resolver does not bind to an interface when it recovers from a down state: Updating subject for release notes. Jim Pingle
09:41 AM Bug #11428: CPU details are incorrect in the System Information widget after resetting log files: Updating subject for release notes. Jim Pingle
09:40 AM Regression #11443: Disabling 'State Table Size' in the System Information widget prevents other data from being displayed: Updating subject for release notes. Jim Pingle
09:38 AM Bug #11489: Invalid certificate data can cause a PHP error: Updating subject for release notes. Jim Pingle
09:36 AM pfSense Plus Regression #11504: CA and certificate validity end dates after 2038 are not handled properly on 32-bit ARM: Updating subject for release notes. Jim Pingle
09:16 AM pfSense Plus Regression #11504 (Resolved): CA and certificate validity end dates after 2038 are not handled properly on 32-bit ARM: Jim Pingle
09:35 AM Bug #11514: Renewing a self-signed CA or certificate does not update the serial number: Updating subject for release notes. Jim Pingle
07:59 AM Bug #11665 (Rejected): All interfaces going down / up on DHCP server change: I can't replicate this as stated, DHCP Server saving triggers a filter reload and restarts the DHCP daemon (and maybe... Jim Pingle
07:39 AM Bug #11665 (Rejected): All interfaces going down / up on DHCP server change: Changing anything related to DHCP server (including adding a static mapping) even on a different subnet is cycling al... Derek Wuelfrath
07:53 AM Bug #11663: XMLRPC does not sync MSS clamping value under IPsec Advanced Settings tab: Manuel M. wrote:
> So the only way is to set up this manually on both machines?
Correct
> Is there a overview ... Jim Pingle
07:41 AM Bug #11663: XMLRPC does not sync MSS clamping value under IPsec Advanced Settings tab: Jim Pingle wrote:
> That is specific to that option and not a general XMLRPC problem.
> The MSS options are @$confi... Manuel M.
07:37 AM Bug #11663: XMLRPC does not sync MSS clamping value under IPsec Advanced Settings tab: That is specific to that option and not a general XMLRPC problem.
The MSS options are @$config['system']['maxmss_e... Jim Pingle
05:28 AM Bug #11663 (Duplicate): XMLRPC does not sync MSS clamping value under IPsec Advanced Settings tab: High Availability Sync is not syncing all settings from for example the IPSec Configuration option.
Tested with t... Manuel M.
07:47 AM Bug #11661 (Not a Bug): OpenVPN L2 TAP tunnel mac routing table: That is up to OpenVPN to maintain/expire internally. I don't see any configuration options in the OpenVPN man page wh... Jim Pingle
01:46 AM Bug #11661 (Not a Bug): OpenVPN L2 TAP tunnel mac routing table: Scenario: OpenVPN: [sense1 client] -> [sense2 server] [sense2 client] -> [sense3 server]
- Servers and clients are... jo ko
07:28 AM Bug #11664 (Duplicate): Openvpn-Client (2.5) connected but not communicating with the remote network: Likely a duplicate of #11575
This site is not for support or diagnostic discussion.
For assistance in solving p... Jim Pingle
07:27 AM Bug #11664 (Duplicate): Openvpn-Client (2.5) connected but not communicating with the remote network: I have openvpn 2.5 clients that normally connect to the tunnel I created, however even with the green openvpn-gui con... Victor França Machado de Araújo
07:24 AM Regression #11524: Using SHA1 or SHA256 with AES-NI may fail if AES-NI attempts to accelerate hashing: There have been multiple additional confirmations of this from customers and forum users, and in each case thus far, ... Jim Pingle
01:52 AM Bug #11662 (Resolved): QinQ using OpenVPN ``ovpn`` interface as a parent is not configured at boot time: QinQ interfaces created on top of ovpns or ovpnc disappears after reboot.
(for example ovpns1.100.2000 or ovpnc2.100... jo ko

03/11/2021

08:20 PM Revision 8f5dbb0c: Show switch tagging ports on status_interfaces page. Implements #10804: (cherry picked from commit 4e5e99a61d422941e69b2caa11e948363409e48c) Viktor Gurov
08:18 PM Revision 77cc3108: DHCP6 interfaces bootup fix. Issue #11633: (cherry picked from commit 1a6189611f68eb6ed9a1aa803999de81287386af) Viktor Gurov
08:07 PM Revision c67222fc: OpenVPN auth sources strlen validation. Issue #11104: (cherry picked from commit 3006473268acfc7068ade04ad7e2befbd8af8f81) Viktor Gurov
08:07 PM Revision 035e7029: Do not clean dmesg.boot on Reset Log Files. Fixes #11428: (cherry picked from commit f3fd77ee3cbb6e547b6154d13eab5019f36025d6) Viktor Gurov
08:06 PM Revision 4e2d1ee8: WireGuard default route Allowed IPs validation. Issue #11465: (cherry picked from commit 29b2cdb4e1d0cd9c2be98819d0e07dbf5b696308) Viktor Gurov
08:04 PM Revision 6790dc8c: route_del() optimization. Issue #11475: (cherry picked from commit 07b780c84305142e2f3af8587b909bf004f11568) Viktor Gurov
08:04 PM Revision 7a42c5d0: route_get() optimization. Fixes #11475: (cherry picked from commit 7990de53bfc8267d1dd96636a175929a35cbe664) Viktor Gurov
08:03 PM Revision 8c0d54f3: Move interfaces_ipsec_vti_configure() to the end of interfaces_configure(). Issue #11537: (cherry picked from commit 9b39f8de4b2e7b3d9732080356382dce80a461fa) Viktor Gurov
08:03 PM Revision a85a5809: IPsec VTI interfaces bootup fix. Issue #11537: (cherry picked from commit cfff0f351c74599d61286ce0161e570e587e5aac) Viktor Gurov
08:02 PM Revision cabb3465: Fix removing automatic DNS server route. Issue #11578: (cherry picked from commit 11338b8701bf6185ba34c1a387b1e1318afe19e0) Viktor Gurov
08:01 PM Revision ce5c4d24: Static IPv6 /128 routes fix. Issue #11594: (cherry picked from commit d9818e01479718efa5e02d8b0d32a87cfcaabf5a) Viktor Gurov
08:01 PM Revision 0f432ac4: WireGuard default TCP MSS clampling. Issue #11600: (cherry picked from commit 6efc02a141106b0274e7e27320d5f0abc111378a) Viktor Gurov
08:00 PM Revision fad7873b: Unmount var and tmp ZFS on boot. Fixes #11617: (cherry picked from commit edff0a3cf010e5c251c4b1c8930b2d302de5a36f) Viktor Gurov
08:00 PM Revision b4843c48: XMLRPC no section fix. Issue #11638: (cherry picked from commit a35da2ea9157d1a032521a22e0b3eaeda1b35c32) Viktor Gurov
07:59 PM Revision 55965086: Correct source IP for IPsec on 6RD/6to4 interfaces. Fixes #11643: (cherry picked from commit f6f121a28b4be1457535a5120e978544e55330c3) Viktor Gurov
07:59 PM Revision d834e893: IPsec IKEv1 mixed Phase 2 IP protocols support. Issue #11643: (cherry picked from commit 81949bee72813bbd8b57b75563cd40b9cdaf68e0) Viktor Gurov
06:48 PM Bug #11091: Interfaces set as disabled in the configuration have an UP status in the operating system at boot: After reboot the interface is not UP in ipconfig
[2.5.1-RC][admin@pfSense.home.arpa]/root: ifconfig em2
em... Alhusein Zawi
05:59 PM Bug #11407 (Resolved): Removing a WireGuard tunnel in a middle position can break Add button behavior: fixed.
Adding/removing WireGuard tunnels have been done without any issue.
2.5.1-RC (amd64)
built on Thu Mar 1... Alhusein Zawi
03:30 PM Regression #11555: IPsec peer ID of "Any" does not generate a proper remote definition or related secrets: To reproduce the problem, restore the attached IPsec config section to a system without IPsec. Edit/save/apply on the... Jim Pingle
03:25 PM Regression #11442: Distinguished Name (FQDN) IPsec peer identifier type is not formatted properly in ``swanctl.conf`` secrets: To reproduce the problem, restore the attached IPsec config section to a system without IPsec. Edit/save/apply on the... Jim Pingle
03:19 PM Bug #11488: IPsec tunnel definitions have ``pools =`` entry in ``swanctl.conf`` with no value: To reproduce the problem, restore the "IPsec config section":https://redmine.pfsense.org/attachments/3503/ipsec-confi... Jim Pingle
03:17 PM Regression #11486: Connect and disconnect buttons on the IPsec status page do not work for all tunnels: To reproduce the problem, restore the "IPsec config section":https://redmine.pfsense.org/attachments/3503/ipsec-confi... Jim Pingle
03:15 PM Regression #11435: IPsec status incorrect for entries using expanded IKE connection numbers: To reproduce the problem, restore the "IPsec config section":https://redmine.pfsense.org/attachments/3503/ipsec-confi... Jim Pingle
03:09 PM Regression #11487: IPsec tunnels using expanded IKE connection numbers do not have proper child SA names in ``swanctl.conf``: To reproduce the problem, restore the attached IPsec config section to a system without IPsec. Edit/save/apply on the... Jim Pingle
02:32 PM pfSense Plus Bug #11630: WireGuard MultiWAN Not Failing Back to Tier 1: Christian,
Nope! I explored that line of thought as well. I did have it set up at one point, but then I removed i... James Blanton
07:57 AM pfSense Plus Bug #11630: WireGuard MultiWAN Not Failing Back to Tier 1: If anybody from Netgate would like to jump into a Zoom meeting so that they can observe this edge case, just reach ou... Christian McDonald
07:38 AM pfSense Plus Bug #11630: WireGuard MultiWAN Not Failing Back to Tier 1: Christian,
What I've found is that unless you do something to interfere with WireGuard, such as disabling and re-e... James Blanton
07:23 AM pfSense Plus Bug #11630: WireGuard MultiWAN Not Failing Back to Tier 1: I'm seeing this on 2.5.0 as well. I have a failover group set as default gateway IPv4. WAN1 dropped out and WG starte... Christian McDonald
02:20 PM pfSense Plus Feature #10804 (Feedback): Interface Status page information for switch uplinks may be replaced by switch port data when media state monitoring is set: Cherry-picked to RELENG_2_5_1 Renato Botelho
02:18 PM Regression #11633: DHCP6 interfaces are reconfigured multiple times at boot when more than one interface is set to Track: Cherry-picked to RELENG_2_5_1 Renato Botelho
02:00 PM Regression #11633: DHCP6 interfaces are reconfigured multiple times at boot when more than one interface is set to Track: Cherry-picked to RELENG_2_5_1 Renato Botelho
02:07 PM Bug #11428: CPU details are incorrect in the System Information widget after resetting log files: Cherry-picked to RELENG_2_5_1 Renato Botelho
02:07 PM Bug #11104: OpenVPN does not start with several authentication sources selected: Cherry-picked to RELENG_2_5_1 Renato Botelho
02:06 PM pfSense Packages Bug #11465: Input validation does not prevent multiple conflicting WireGuard peers on a single tunnel from attempting to act as default route: Cherry-picked to RELENG_2_5_1 Renato Botelho
02:05 PM pfSense Plus Bug #11466: PHP exits with signal 11 on SG-3100 when calling PCRE functions: Likely related #11605 and #11551 Marcos M
01:26 PM pfSense Plus Bug #11466: PHP exits with signal 11 on SG-3100 when calling PCRE functions: Updating bug report to focus on PHP issue, given that the snort sig 10 issue is unlikely related, and this seems to a... Marcos M
02:04 PM Regression #11475: Route tables with many entries can lead to PHP errors and timeouts when looking up routes: Cherry-picked to RELENG_2_5_1 Renato Botelho
02:03 PM Regression #11537: IPsec VTI tunnel between IPv6 peers may not configure correctly: Cherry-picked to RELENG_2_5_1 Renato Botelho
02:02 PM Bug #11578: Error when removing automatic DNS server route: Cherry-picked to RELENG_2_5_1 Renato Botelho
02:02 PM Regression #11594: IPv6 routes with a prefix length of 128 result in an invalid route table entry: Cherry-picked to RELENG_2_5_1 Renato Botelho
02:01 PM Revision 41e0d95f: Refine help/error text for system domain. Fixes #11658: Jim Pingle
02:01 PM Bug #11600: WireGuard interfaces should have MSS clamping enabled by default: Cherry-picked to RELENG_2_5_1 Renato Botelho
02:01 PM Bug #11617: Unexpected Operator error on console at boot with ZFS and RAM Disks: Cherry-picked to RELENG_2_5_1 Renato Botelho
02:00 PM Bug #11638: PHP error in logs from XMLRPC if no sections are selected to sync: Cherry-picked to RELENG_2_5_1 Renato Botelho
01:59 PM Bug #11643: IPsec tunnel does not function when configured on a 6RD interface: Cherry-picked to RELENG_2_5_1 Renato Botelho
01:58 PM pfSense Packages Bug #11605: Suricata can trigger PHP crash on SG-3100: Tested on [21.02.2 built on Thu Mar 11 09:10:56 EST 2021] with Suriata 4.1.9_5 on a fresh install.
# Enable ETOpen r... Marcos M
01:49 PM Bug #7721: NTPd stops using external peers if listening on one interface only in a muliwan setup: I've got this exact issue on 20.02-p1.
NTP is stuck in INIT if one or more interfaces are selected, in a dual wan en... Andrew Stuart
01:35 PM Regression #11568 (Resolved): Alias name change is not reflected in firewall rules: new alias name appears after changing the name.
targets are displayed
tested on IP & IP aliases.
2.5.1-RC ... Alhusein Zawi
01:12 PM pfSense Plus Regression #11504: CA and certificate validity end dates after 2038 are not handled properly on 32-bit ARM: Confirmed working on 21.02.2 Marcos M
10:40 AM pfSense Plus Regression #11504: CA and certificate validity end dates after 2038 are not handled properly on 32-bit ARM: Tested on 21.02p1 and it showed as invalid. After updating to latest dev build image (Mar 10), the cert no longer sho... Marcos M
10:55 AM Bug #11448: Incorrect order of ``route-nopull`` option in OpenVPN client-specific override configuration: This can be prevented by implementing https://redmine.pfsense.org/issues/10347 Pippin MMD
09:45 AM pfSense Packages Bug #10983: pfBlockerNG not cleaning everything behind it: Just stumbled upon this error message from dhcpd, took a while to figure out I had a virtual IP set on that IP that I... Bug Reporter
08:10 AM Bug #11658 (Feedback): Ambiguous text in help and input validation error for system domain name: Applied in changeset commit:41e0d95f274acbfe20064adfa224b8a1df334b4c. Jim Pingle
07:44 AM Feature #11660 (Rejected): no routing group in DNS Server Settings: The gateway option is on the page but only appears when the system has more than one available gateway of either IPv4... Jim Pingle
02:17 AM pfSense Packages Regression #11634: bind hangs when pfsense is reconnecting as an openvpn client to a TUN openvpn server: The problem seems worse than I thought : as soon as you restart an openvpn service, even as a server, or as soon as a... Stéphane BARBARAY

03/10/2021

08:15 PM Revision 81949bee: IPsec IKEv1 mixed Phase 2 IP protocols support. Issue #11643: Viktor Gurov
08:14 PM Revision 29b2cdb4: WireGuard default route Allowed IPs validation. Issue #11465: Viktor Gurov
07:18 PM Feature #11660 (Rejected): no routing group in DNS Server Settings: As of today, there isn't a way to choose a Gateway Group in DNS settings under General Setup, when you have a multiWA... Kristian Krautwald
07:15 PM Revision d7247886: Display negotiated cipher on Status / OpenVPN page. Implements #7077: (cherry picked from commit f5736d9827cf1997b648481c50993d69e3caedff) Viktor Gurov
07:14 PM Revision b0f77980: Down disabled interfaces on boot. Fixes #11091: (cherry picked from commit 9115501d6ab5197d9caf499e90779c020d711dca) Viktor Gurov
07:14 PM Revision e97c1e4a: RADVD set AdvRDNSSLifetime. Fixes #11105: (cherry picked from commit 54b3109f0b1978e22866117b6d93715eb8d78c29) Viktor Gurov
07:14 PM Revision 2c4ce8b1: Hide Shared Key field on OpenVPN client page in SSL/TLS mode. Fixes #11382: (cherry picked from commit f22b21557e6a745dbb447ea488b97424e595efd7) Viktor Gurov
07:13 PM Revision a16b4d53: Unbound ip6.arpa local-zone type. Fixes #11403: (cherry picked from commit 8673ae11ac96fbd2934133268d56829d6225b1c5) Viktor Gurov
07:13 PM Revision d49dd060: Set correct TCP MSS for IPv6. Fixes #11409: (cherry picked from commit 1d378c4ec6c440dabffba41bf5e4ef291acb9aa2) Viktor Gurov
07:12 PM Revision 36ef00b5: WireGuard interface friendly description. Fixes #11437: (cherry picked from commit 4fef1c109de562f9f97d7c04d4cf8f0f041811e0) Viktor Gurov
07:12 PM Revision 9d9cd873: System Information widget fix. Issue #11443: (cherry picked from commit 19866d78540d498f23b750ab02379b3c06333d96) Viktor Gurov
07:11 PM Revision b19bb324: IPsec Mobile EAP-RADIUS additional configuration fix. Issue #11447: (cherry picked from commit c03a2049b11304f592d0de78aa4bfb568e9a13ae) Viktor Gurov
07:10 PM Revision 97af9f20: Put OpenVPN route-nopull option after custom options. Fixes #11448: (cherry picked from commit 969574b6dbb124e98595ca537c0d176d908707d0) Viktor Gurov
07:09 PM Revision 523f931b: Use set_curlproxy() function for cURL proxy configuration. Issue #11476: (cherry picked from commit 8b424bca02372246210fba3cf36045a704c11ae3) Viktor Gurov
07:09 PM Revision 1fa63e8d: Fixed #11464 by adding proxy configuration to web service calls: (cherry picked from commit 2cb3c56db2366c9cadb04757bd3143ea0d7e7378) Steve Beaver
07:06 PM Revision b656061a: Fix openssl digest algorithm param in openvpn.inc: At least in OpenSSL 1.1.1i-freebsd, used by pfsense 2.5, there is no longer a "list-message-digest-algorithms" parame... mschiegl
07:06 PM Revision 82690894: Set correct DHCP failover peer IP on XMLRPC sync. Fixes #11519: (cherry picked from commit 490b5b480f1b46a6f93e0ba99fff578a61f3293c) Viktor Gurov
07:05 PM Revision 85799d56: Restart unbound on interface recover. Fixes #11547: (cherry picked from commit a1fe814421904ca00b6a04431d62ba18dcebf607) Viktor Gurov
07:04 PM Revision c68bc678: OpenVPN ncp_enable checkbox fix. Issue #11554: (cherry picked from commit f725132eac3d6dbada8b7bc48effdf768fccb341) Viktor Gurov
07:04 PM Revision f1864df6: IPsec peer ID Any fix. Issue #11555: (cherry picked from commit 4a51b9cd8fd58b26c5c30784b0736cc5757e86fc) Viktor Gurov
07:02 PM Revision 5b638980: OpenVPN data-ciphers option length validation. Issue #11559: (cherry picked from commit 44baf5a77b618f2c67587029c87b03887e2f35e9) Viktor Gurov
07:02 PM Revision 6cba83ab: Cisco AVPair parse {clientip}. Fixes #11561: (cherry picked from commit f4d883dadee6e339997b29f5b4623a88b190b840) Viktor Gurov
07:01 PM Revision 0b1fe66b: Show changed NAT timeouts on the system_advanced_firewall page. Issue #11565: (cherry picked from commit 95e599a115669cf336971bbf3720f4843d52107a) Viktor Gurov
07:01 PM Revision 3dc01871: Fixed bug parsing netmask cisco acl: (cherry picked from commit 321fbbdb5bffe5d331aea5330241d42b0ab8d250) Dmitry Bashkarev
07:00 PM Revision d76f5796: Use correct parameters when adding WG IPv6 tunnel addr. Fixes #11618: (cherry picked from commit 8579d26bfb0dea0386c61008ade222c0ea29aa98) Jim Pingle
06:59 PM Revision 15f2424f: Typo fix. Issue #11624: (cherry picked from commit 779daee9695bb5a2b3cde262da4619c29a8473a2) Danilo Zrenjanin
06:58 PM Revision 6140f34e: Correct rsort_log_filename() behavior. Fixes #11639: (cherry picked from commit b9c1679dae94fb2d406cfc386f667eed2378b6d2) Jim Pingle
06:57 PM Revision 644a5333: Fix handling of renewing cert w/o SAN. Fixes #11652: (cherry picked from commit 09d3fe621a56292817a85a54916e8b99e2b26c00) Jim Pingle
06:56 PM Revision ac135c6a: Reverse x509 escape cert subjects on renewal page. Fixes #11654: (cherry picked from commit a473d89738b03bf336d4d2591821062759b30dbe) Jim Pingle
06:16 PM Feature #11659 (Closed): Support for UEFI HTTP Boot option in DHCPv4 Server: PXE had an epic run, but it's deprecation has been planned by major silicon vendors and UEFI HTTPS boot is the replac... Ben Breard
06:15 PM Revision 30064732: OpenVPN auth sources strlen validation. Issue #11104: Viktor Gurov
06:13 PM Revision f3fd77ee: Do not clean dmesg.boot on Reset Log Files. Fixes #11428: Viktor Gurov
06:11 PM Revision 07b780c8: route_del() optimization. Issue #11475: Viktor Gurov
06:08 PM Revision 9b39f8de: Move interfaces_ipsec_vti_configure() to the end of interfaces_configure(). Issue #11537: Viktor Gurov
06:07 PM Revision 11338b87: Fix removing automatic DNS server route. Issue #11578: Viktor Gurov
06:05 PM Revision d9818e01: Static IPv6 /128 routes fix. Issue #11594: Viktor Gurov
06:04 PM Revision 6efc02a1: WireGuard default TCP MSS clampling. Issue #11600: Viktor Gurov
06:03 PM Revision edff0a3c: Unmount var and tmp ZFS on boot. Fixes #11617: Viktor Gurov
06:01 PM Revision 1a618961: DHCP6 interfaces bootup fix. Issue #11633: Viktor Gurov
05:58 PM Revision a35da2ea: XMLRPC no section fix. Issue #11638: Viktor Gurov
05:56 PM Revision f6f121a2: Correct source IP for IPsec on 6RD/6to4 interfaces. Fixes #11643: Viktor Gurov
05:20 PM Bug #11658 (Resolved): Ambiguous text in help and input validation error for system domain name: I'm really sorry if this is the wrong place to put this.
Setting up my first pfsense netgate box and going through... andy suarez
05:05 PM Revision a473d897: Reverse x509 escape cert subjects on renewal page. Fixes #11654: Jim Pingle
05:05 PM Revision 09d3fe62: Fix handling of renewing cert w/o SAN. Fixes #11652: Jim Pingle
04:30 PM Bug #11657 (New): netmap_ring_reinit error: These errors had appeared in the past and were solved. After upgrading to v2.5.0, they have reappeared. I receive... P L
03:48 PM Regression #11447: EAP-RADIUS Mobile IPsec clients with RADIUS-assigned addresses do not get additional configuration attributes: To test:
* Setup mobile IPsec using IKEv2 and EAP-RADIUS against a RADIUS server
* Leave the Virtual Address Pool... Jim Pingle
01:11 PM Regression #11447 (Feedback): EAP-RADIUS Mobile IPsec clients with RADIUS-assigned addresses do not get additional configuration attributes: Cherry-picked to RELENG_2_5_1 Renato Botelho
03:12 PM Revision 8579d26b: Use correct parameters when adding WG IPv6 tunnel addr. Fixes #11618: Jim Pingle
03:05 PM Bug #11428: CPU details are incorrect in the System Information widget after resetting log files: To test:
On a system without the fix:
* Check System Information Widget on the Dashboard for "AES-NI CPU Crypto... Jim Pingle
12:20 PM Bug #11428 (Feedback): CPU details are incorrect in the System Information widget after resetting log files: Applied in changeset commit:f3fd77ee3cbb6e547b6154d13eab5019f36025d6. Viktor Gurov
12:14 PM Bug #11428 (Waiting on Merge): CPU details are incorrect in the System Information widget after resetting log files: PR has been merged. Thanks! Renato Botelho
02:50 PM Bug #11514: Renewing a self-signed CA or certificate does not update the serial number: To test, on 2.5.0 or 21.02-p1:
* Generate a fresh self-signed GUI cert at an SSH or console shell prompt: @pfSsh.p... Jim Pingle
12:49 PM Bug #11514 (Feedback): Renewing a self-signed CA or certificate does not update the serial number: Needed to be tested on 2.5.1-RC Renato Botelho
02:37 PM pfSense Plus Regression #11504: CA and certificate validity end dates after 2038 are not handled properly on 32-bit ARM: Needs re-tested on snapshots.
If needed, I have a user-supplied certificate which can replicate the problem and ca... Jim Pingle
02:31 PM Regression #11568 (Feedback): Alias name change is not reflected in firewall rules: Needs re-tested on snapshots. Jim Pingle
02:29 PM Bug #11489 (Feedback): Invalid certificate data can cause a PHP error: Needs testing on snapshots.
To test, add an obviously broken/unparseable cert to the config:... Jim Pingle
02:22 PM Bug #11474 (Feedback): Broken help link on IPsec Advanced Settings tab: Needs tested again on snapshots.
Simple to test, load vpn_ipsec_settings.php click the ? icon in the breadcrumb ba... Jim Pingle
02:21 PM Revision 004cd054: Make repository description more generic: Renato Botelho
02:15 PM Bug #11651 (Feedback): Error when adding both IPv4 and IPv6 P2 under an IPv4 or IPv6 only IKEv1 P1: PR has been merged. Thanks! Renato Botelho
08:49 AM Bug #11651: Error when adding both IPv4 and IPv6 P2 under an IPv4 or IPv6 only IKEv1 P1: After the PR is merged this whole docs page can go away: https://docs.netgate.com/pfsense/en/latest/vpn/ipsec/ipv6.ht... Jim Pingle
08:47 AM Bug #11651 (Pull Request Review): Error when adding both IPv4 and IPv6 P2 under an IPv4 or IPv6 only IKEv1 P1: Jim Pingle
08:42 AM Bug #11651: Error when adding both IPv4 and IPv6 P2 under an IPv4 or IPv6 only IKEv1 P1: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/182 Viktor Gurov
08:41 AM Bug #11651 (Closed): Error when adding both IPv4 and IPv6 P2 under an IPv4 or IPv6 only IKEv1 P1: GUI complains when adding both IPv4 and IPv6 P2 under a IPv4 or IPv6 only IKEv1 P1 (There is a Phase 2 using IPv6, ca... Viktor Gurov
02:14 PM pfSense Packages Bug #11465 (Feedback): Input validation does not prevent multiple conflicting WireGuard peers on a single tunnel from attempting to act as default route: PR has been merged. Thanks! Renato Botelho
12:59 PM pfSense Packages Bug #11465: Input validation does not prevent multiple conflicting WireGuard peers on a single tunnel from attempting to act as default route: When testing, attempt these configurations in order without removing anything unless noted otherwise:
* Create a t... Jim Pingle
01:41 PM Revision 62a1cbc3: Keep using FreeBSD-src branch RELENG_2_5_0: Renato Botelho
01:22 PM Bug #11602 (Feedback): Delayed packet transmission in cxgbe driver can lead to latency and reduced performance: Fixes cherry-picked to 2.5.1 / 21.02.2 repositories Renato Botelho
01:16 PM Revision 73a1434a: Welcome pfSense CE 2.5.1-RELEASE: Renato Botelho
01:15 PM Feature #7077 (Feedback): Display negotiated data encryption algorithm in OpenVPN connection status: Cherry-picked to RELENG_2_5_1 Renato Botelho
01:15 PM Bug #11091 (Feedback): Interfaces set as disabled in the configuration have an UP status in the operating system at boot: Cherry-picked to RELENG_2_5_1 Renato Botelho
01:14 PM Bug #11105 (Feedback): IPv6 RA RDNSS lifetime is too short, not compliant with RFC 8106: Cherry-picked to RELENG_2_5_1 Renato Botelho
01:14 PM Bug #11382 (Feedback): OpenVPN client configuration page displays Shared Key option when set for SSL/TLS: Cherry-picked to RELENG_2_5_1 Renato Botelho
01:13 PM Bug #11403 (Feedback): DNS Resolver does not add a ``local-zone`` type for ``ip6.arpa`` domain override: Cherry-picked to RELENG_2_5_1 Renato Botelho
01:13 PM Bug #11409 (Feedback): IPv4 MSS value is incorrectly applied to IPv6 packets: Cherry-picked to RELENG_2_5_1 Renato Botelho
01:12 PM Bug #11437 (Feedback): WireGuard group is not printed in the interface column of the NAT rule list: Cherry-picked to RELENG_2_5_1 Renato Botelho
01:12 PM Regression #11443 (Feedback): Disabling 'State Table Size' in the System Information widget prevents other data from being displayed: Cherry-picked to RELENG_2_5_1 Renato Botelho
01:11 PM Bug #11448 (Feedback): Incorrect order of ``route-nopull`` option in OpenVPN client-specific override configuration: Cherry-picked to RELENG_2_5_1 Renato Botelho
01:10 PM Bug #11464 (Feedback): Requests to ``ews.netgate.com`` do not honor proxy configuration: Cherry-picked to RELENG_2_5_1 Renato Botelho
01:10 PM Bug #11476 (Feedback): Telegram and Pushover notification API calls do not respect proxy configuration: Cherry-picked to RELENG_2_5_1 Renato Botelho
01:08 PM Bug #11483 (Feedback): Installer does not add required module to loader.conf when using ZFS: Cherry-picked to FreeBSD-src RELENG_2_5_0 Renato Botelho
01:06 PM Regression #11500 (Feedback): OpenVPN using the wrong OpenSSL command to list digest algorithms: Cherry-picked to RELENG_2_5_1 Renato Botelho
01:06 PM Regression #11519 (Feedback): Incorrect DHCP failover IP address configured on peer after XMLRPC sync: Cherry-picked to RELENG_2_5_1 Renato Botelho
01:05 PM Bug #11547 (Feedback): DNS Resolver does not bind to an interface when it recovers from a down state: Cherry-picked to RELENG_2_5_1 Renato Botelho
01:04 PM Bug #11554 (Feedback): Selected Data Encryption Algorithms list items reset when an input validation error occurs: Cherry-picked to RELENG_2_5_1 Renato Botelho
01:04 PM Regression #11555 (Feedback): IPsec peer ID of "Any" does not generate a proper remote definition or related secrets: Cherry-picked to RELENG_2_5_1 Renato Botelho
01:03 PM Bug #11559 (Feedback): OpenVPN does not start with a long list of Data Encryption Algorithms: Cherry-picked to RELENG_2_5_1 Renato Botelho
01:02 PM Regression #11561 (Feedback): ACLs generated from RADIUS reply attributes do not parse ``{clientip}`` macro: Cherry-picked to RELENG_2_5_1 Renato Botelho
01:01 PM Regression #11565 (Feedback): Saved state timeout values not loaded into GUI fields on system_advanced_firewall.php: Cherry-picked to RELENG_2_5_1 Renato Botelho
01:01 PM Bug #11569 (Feedback): ACLs generated from RADIUS reply attributes have incorrect syntax: Cherry-picked to RELENG_2_5_1 Renato Botelho
01:00 PM pfSense Packages Bug #11618 (Feedback): WireGuard using incorrect IPv6 tunnel address prefix length: Cherry-picked to RELENG_2_5_1 Renato Botelho
09:21 AM pfSense Packages Bug #11618 (Waiting on Merge): WireGuard using incorrect IPv6 tunnel address prefix length: Jim Pingle
09:20 AM pfSense Packages Bug #11618 (Feedback): WireGuard using incorrect IPv6 tunnel address prefix length: Applied in changeset commit:8579d26bfb0dea0386c61008ade222c0ea29aa98. Jim Pingle
09:16 AM pfSense Packages Bug #11618: WireGuard using incorrect IPv6 tunnel address prefix length: That's easy enough to reproduce and check:
* Set WG instance tunnel address to include @2001:db8:1:ee71::1/64@ and... Jim Pingle
12:59 PM Bug #11624 (Feedback): Typo on Router Advertisements page: Cherry-picked to RELENG_2_5_1 Renato Botelho
12:58 PM Bug #11639 (Feedback): Entries from rotated log files may be displayed out of order when log display includes contents from multiple files: Cherry-picked to RELENG_2_5_1 Renato Botelho
12:57 PM Bug #11652 (Feedback): Unable to renew a certificate without a SAN: Cherry-picked to RELENG_2_5_1 Renato Botelho
11:18 AM Bug #11652 (Waiting on Merge): Unable to renew a certificate without a SAN: Small fix and very likely to be hit in the wild (See https://forum.netgate.com/post/971557 for one example), so good ... Jim Pingle
11:15 AM Bug #11652 (Feedback): Unable to renew a certificate without a SAN: Applied in changeset commit:09d3fe621a56292817a85a54916e8b99e2b26c00. Jim Pingle
11:00 AM Bug #11652: Unable to renew a certificate without a SAN: Narrowed it down further. The real problem is that a certificate without a SAN cannot be renewed.
Certificates wit... Jim Pingle
10:51 AM Bug #11652: Unable to renew a certificate without a SAN: This isn't exclusive to space, it also affects other characters which must be escaped for x509 such as "+". Jim Pingle
09:41 AM Bug #11652 (Resolved): Unable to renew a certificate without a SAN: If a certificate entry has a CN which contains a space, attempting to renew the certificate will result in an error:
... Jim Pingle
12:57 PM Bug #11654 (Feedback): Certificates with escaped x509 characters display the escaped version when renewing: Cherry-picked to RELENG_2_5_1 Renato Botelho
11:19 AM Bug #11654 (Waiting on Merge): Certificates with escaped x509 characters display the escaped version when renewing: Cosmetic only, safe, and easily tested/verified.
Jim Pingle
11:15 AM Bug #11654 (Feedback): Certificates with escaped x509 characters display the escaped version when renewing: Applied in changeset commit:a473d89738b03bf336d4d2591821062759b30dbe. Jim Pingle
11:04 AM Bug #11654 (Resolved): Certificates with escaped x509 characters display the escaped version when renewing: The certificate renewal page is displaying the x509 escaped version of certificate values when it should be removing ... Jim Pingle
12:30 PM Bug #11638 (Feedback): PHP error in logs from XMLRPC if no sections are selected to sync: Renato Botelho
12:00 PM Bug #11638 (Waiting on Merge): PHP error in logs from XMLRPC if no sections are selected to sync: PR has been merged. Thanks! Renato Botelho
12:30 PM Regression #11633 (Feedback): DHCP6 interfaces are reconfigured multiple times at boot when more than one interface is set to Track: Renato Botelho
12:01 PM Regression #11633 (Waiting on Merge): DHCP6 interfaces are reconfigured multiple times at boot when more than one interface is set to Track: PR has been merged. Thanks! Renato Botelho
12:29 PM Bug #11600 (Feedback): WireGuard interfaces should have MSS clamping enabled by default: Renato Botelho
12:05 PM Bug #11600 (Waiting on Merge): WireGuard interfaces should have MSS clamping enabled by default: PR has been merged. Thanks! Renato Botelho
12:29 PM Regression #11594 (Feedback): IPv6 routes with a prefix length of 128 result in an invalid route table entry: Renato Botelho
12:06 PM Regression #11594 (Waiting on Merge): IPv6 routes with a prefix length of 128 result in an invalid route table entry: PR has been merged. Thanks! Renato Botelho
12:29 PM Bug #11578 (Feedback): Error when removing automatic DNS server route: Renato Botelho
12:07 PM Bug #11578 (Waiting on Merge): Error when removing automatic DNS server route: PR has been merged. Thanks! Renato Botelho
12:29 PM Regression #11537 (Feedback): IPsec VTI tunnel between IPv6 peers may not configure correctly: Renato Botelho
12:09 PM Regression #11537 (Waiting on Merge): IPsec VTI tunnel between IPv6 peers may not configure correctly: PR has been merged. Thanks! Renato Botelho
12:29 PM Regression #11475 (Feedback): Route tables with many entries can lead to PHP errors and timeouts when looking up routes: Renato Botelho
12:11 PM Regression #11475 (Waiting on Merge): Route tables with many entries can lead to PHP errors and timeouts when looking up routes: PR has been merged. Thanks! Renato Botelho
12:28 PM Bug #11104 (Feedback): OpenVPN does not start with several authentication sources selected: Renato Botelho
12:16 PM Bug #11104 (Waiting on Merge): OpenVPN does not start with several authentication sources selected: PR has been merged. Thanks! Renato Botelho
12:10 PM Bug #11617 (Feedback): Unexpected Operator error on console at boot with ZFS and RAM Disks: Applied in changeset commit:edff0a3cf010e5c251c4b1c8930b2d302de5a36f. Viktor Gurov
12:03 PM Bug #11617 (Waiting on Merge): Unexpected Operator error on console at boot with ZFS and RAM Disks: PR has been merged. Thanks! Renato Botelho
11:24 AM Bug #11617 (Pull Request Review): Unexpected Operator error on console at boot with ZFS and RAM Disks: Jim Pingle
10:21 AM Bug #11617: Unexpected Operator error on console at boot with ZFS and RAM Disks: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/183 Viktor Gurov
12:05 PM Bug #11643 (Feedback): IPsec tunnel does not function when configured on a 6RD interface: Applied in changeset commit:f6f121a28b4be1457535a5120e978544e55330c3. Viktor Gurov
11:57 AM Bug #11643 (Waiting on Merge): IPsec tunnel does not function when configured on a 6RD interface: PR 181 was merged. Thanks!
Please open a separate redmine ticket to cover proposed changes on PR 182 Renato Botelho
08:46 AM Bug #11643: IPsec tunnel does not function when configured on a 6RD interface: That is our private/internal git, so it's expected. Jim Pingle
08:12 AM Bug #11643: IPsec tunnel does not function when configured on a 6RD interface: Viktor Gurov wrote:
> https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/182
gitlab.netgate.com resolves... Sietse van Zanen
07:58 AM Bug #11643 (Pull Request Review): IPsec tunnel does not function when configured on a 6RD interface: The first PR for the main issue is OK, the other part about mixing IPv4/IPv6 on IKEv1 needs its own separate Redmine ... Jim Pingle
04:57 AM Bug #11643: IPsec tunnel does not function when configured on a 6RD interface: Sietse van Zanen wrote:
> Another minor issue is that the GUI complains when adding both IPv4 and IPv6 P2 under a IP... Viktor Gurov
04:09 AM Bug #11643: IPsec tunnel does not function when configured on a 6RD interface: Sietse van Zanen wrote:
> pfSense does not generate a correct swanctl.conf when adding IPv6 or dual stack tunnels ov... Viktor Gurov
02:53 AM Bug #11643 (Closed): IPsec tunnel does not function when configured on a 6RD interface: pfSense does not generate a correct swanctl.conf when adding IPv6 or dual stack tunnels over a 6RD interface. The IPv... Sietse van Zanen
11:33 AM pfSense Docs Todo #11655: Feedback on Packages: s/stiff/still/ ahem. Chris Linstruth
11:33 AM pfSense Docs Todo #11655 (Closed): Feedback on Packages: *Page:* https://docs.netgate.com/pfsense/en/latest/packages/index.html
*Feedback:*
Receiving negative forum fee... Chris Linstruth
11:08 AM Bug #11653: Duplicate ``comconsole_port`` lines in ``/boot/loader.conf``: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/184 Viktor Gurov
10:51 AM Bug #11653 (Resolved): Duplicate ``comconsole_port`` lines in ``/boot/loader.conf``: In my loader.conf file there are several identical lines with
comconsole_port ="0x2F8"
and after each reboot a... Guido Glaus
09:11 AM pfSense Packages Bug #11640: Ntopng configuration and data loss when shutting down Redis: Jim Pingle wrote:
> There is also https://github.com/pfsense/FreeBSD-ports/pull/1053 for this -- not sure which way ... Viktor Gurov
08:14 AM pfSense Packages Bug #11640: Ntopng configuration and data loss when shutting down Redis: There is also https://github.com/pfsense/FreeBSD-ports/pull/1053 for this -- not sure which way is better in the end. Jim Pingle
07:28 AM pfSense Packages Bug #11640 (Pull Request Review): Ntopng configuration and data loss when shutting down Redis: Jim Pingle
06:10 AM pfSense Packages Bug #11640: Ntopng configuration and data loss when shutting down Redis: fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/70 Viktor Gurov
09:01 AM Bug #11642: IPSEC mode-cfg exchange refused because of invalid INTERNAL_IP4_NETMASK: Jim Pingle wrote:
> Yeah that seems like the same thing to me. Though it's redundant to send clients a network list ... Sietse van Zanen
07:47 AM Bug #11642 (Duplicate): IPSEC mode-cfg exchange refused because of invalid INTERNAL_IP4_NETMASK: Yeah that seems like the same thing to me. Though it's redundant to send clients a network list if that network list ... Jim Pingle
05:02 AM Bug #11642: IPSEC mode-cfg exchange refused because of invalid INTERNAL_IP4_NETMASK: #11539 seems related Viktor Gurov
02:41 AM Bug #11642 (Duplicate): IPSEC mode-cfg exchange refused because of invalid INTERNAL_IP4_NETMASK: Some clients, Forticlient is one, will reject the mode-cfg exchange as offered by pfSense.
This is because there is ... Sietse van Zanen
08:50 AM pfSense Packages Bug #11650: FRR configuration broken on restore of manually edited FRR config sections: Jim Pingle wrote:
> Unless you can replicate this without any sections there at all (Remove them, don't leave them t... Andrew Green
08:19 AM pfSense Packages Bug #11650: FRR configuration broken on restore of manually edited FRR config sections: Unless you can replicate this without any sections there at all (Remove them, don't leave them there but empty), I'm ... Jim Pingle
06:51 AM pfSense Packages Bug #11650 (New): FRR configuration broken on restore of manually edited FRR config sections: SG-3100
21.02-RELEASE-p1 (arm)
built on Mon Feb 22 09:38:52 EST 2021
FRR package version 1.1.0_8
I could not... Andrew Green
08:24 AM Bug #11644: Unreachable LDAP server for SSH auth causes boot process to stop at 'Synchronizing user settings' and no user can login over SSH: Rare enough case, and not in our code, that it's going to be a more long-term correction, if there is anything we can... Jim Pingle
06:56 AM Bug #11644 (Confirmed): Unreachable LDAP server for SSH auth causes boot process to stop at 'Synchronizing user settings' and no user can login over SSH: auth.inc is ok,
issue in pam_ldap module
related to #8698 Viktor Gurov
03:18 AM Bug #11644 (Closed): Unreachable LDAP server for SSH auth causes boot process to stop at 'Synchronizing user settings' and no user can login over SSH: When the configured LDAP server is unreachable pfSense will get stuck on 'synchronizing user settings' indefinitely d... Sietse van Zanen
08:21 AM pfSense Packages Bug #11377: FRR deinstall: That would likely cause more harm in the long run, very few people would ever need to completely purge the configurat... Jim Pingle
06:54 AM pfSense Packages Bug #11377: FRR deinstall: Jim Pingle wrote:
> Removing the leftover files is fine but I don't think this package needs the ability to reset/wi... Andrew Green
08:12 AM pfSense Plus Bug #11626: Google LDAP connections fail due to lack of SNI for TLS 1.3: Not that I like the idea of downgrading to a lower TLS version but I wonder if it would work if we forced off TLS 1.3... Jim Pingle
05:45 AM pfSense Plus Bug #11626: Google LDAP connections fail due to lack of SNI for TLS 1.3: Using the STunnel package as a workaround helps:
https://docs.netgate.com/pfsense/en/latest/recipes/auth-google-gsui... Viktor Gurov
08:01 AM Regression #11316: Unbound crashes with signal 11 when reloading: Christian Borchert wrote:
> Here's the logs from a second signal 11 crash a few hours later
>
> @Mar 10 03:44:09 ... Jim Pingle
05:08 AM Regression #11316: Unbound crashes with signal 11 when reloading: Here's the logs from a second signal 11 crash a few hours later
@Mar 10 03:44:09 router kernel: pid 87756 (unbound... Christian Borchert
07:42 AM pfSense Packages Bug #11620 (Resolved): OSPF Route Redistribution shows numbers instead of route map names: Jim Pingle
01:41 AM pfSense Packages Bug #11620: OSPF Route Redistribution shows numbers instead of route map names: Tested on the latest release. It looks good now. Ticket resolved. Danilo Zrenjanin
07:26 AM Feature #2358: NAT64 support: Even that is unlikely, it's just an estimate -- it's a major change that needs significant review and testing, and ul... Jim Pingle
07:13 AM pfSense Packages Bug #11185 (Feedback): Redis service stopping before NtopNg: merged to 2.5/Plus branch:
https://github.com/pfsense/FreeBSD-ports/commit/892ed4669268ee7392eb3132a5c4179126e8f6dc#... Viktor Gurov
06:32 AM pfSense Docs Correction #11649 (Resolved): Feedback on System Monitoring — Routing Logs: *Page:* https://docs.netgate.com/pfsense/en/latest/monitoring/logs/routing.html
*Feedback:*
This log contains e... Viktor Gurov
06:30 AM pfSense Docs Todo #11648 (Closed): Feedback on Packages — AWS VPC Wizard — pfSense Plus Configuration Details: *Page:* https://docs.netgate.com/pfsense/en/latest/packages/aws-vpc-wizard/pfsense-configuration-details.html
*Fee... Viktor Gurov
06:28 AM pfSense Docs Correction #11647 (Closed): Feedback on Virtual Private Networks — IPsec — Routed IPsec (VTI): *Page:* https://docs.netgate.com/pfsense/en/latest/vpn/ipsec/routed-vti.html
*Feedback:*
"The assigned IPsec in... Viktor Gurov
06:25 AM pfSense Docs Todo #11646 (Closed): Feedback on Virtual Private Networks — OpenVPN — OpenVPN and Multi-WAN: *Page:* https://docs.netgate.com/pfsense/en/latest/vpn/openvpn/multi-wan.html
*Feedback:*
Replace Quagga with F... Viktor Gurov
06:24 AM pfSense Docs Todo #11645 (Closed): Feedback on pfSense Configuration Recipes — Dynamic Routing Protocol Basics: *Page:* https://docs.netgate.com/pfsense/en/latest/recipes/dynamic-routing-basics.html
*Feedback:*
- Quagga and... Viktor Gurov

03/09/2021

08:56 PM Regression #11316: Unbound crashes with signal 11 when reloading: here's a Level 5 log (attached and forum link) from a signal 11 crash on unbound (1.13.1):
https://forum.netgate.c... Christian Borchert
12:48 PM Regression #11316: Unbound crashes with signal 11 when reloading: Assuming this is the same segfault others are hitting with Unbound they are still investigating it upstream: https://... Jim Pingle
07:21 PM Revision b6aec58f: Report full product version, including -pN: (cherry picked from commit feefcc31b78c1ef99ffd9deb509b05ccdb1e61ef) Renato Botelho
07:03 PM Revision 0d8a9270: Do not build node_exporter on armv7 since lang/go14 is broken: Renato Botelho
06:42 PM Bug #11641 (New): On xn based interfaces without the VLANMTU flag the first VLAN tag defined does not follow the parent interface MTU settings. All subsequent VLAN tags follow the parent interface's MTU.: With the recent release of pfSense 2.5 and the removal of the VLANMTU flag requirement per [[https://redmine.pfsense.... Andre Baugh
06:40 PM Feature #2358: NAT64 support: 2.6 now? Wow.. Might as well officially at least make a TAYGA package.. Seems to work well enough, because this will ... Brandon Jackson
06:37 PM pfSense Packages Bug #11640 (Closed): Ntopng configuration and data loss when shutting down Redis: In addition to monitoring information, ntopng stores configuration/customization performed using the ntopng GUI in th... Denny Page
06:03 PM Revision feefcc31: Report full product version, including -pN: Renato Botelho
03:26 PM Revision 2428d0a9: Revise firewall_nat_edit for MVC: Steve Beaver
03:00 PM pfSense Plus Bug #11466: PHP exits with signal 11 on SG-3100 when calling PCRE functions: Tested on:... Marcos M
12:28 PM pfSense Plus Bug #11466: PHP exits with signal 11 on SG-3100 when calling PCRE functions: Has anyone tried this on a 21.05 snapshot with PHP 7.4.16? The release notes for PHP 7.4.16 mention they fixed a segf... Jim Pingle
02:56 PM Revision b9c1679d: Correct rsort_log_filename() behavior. Fixes #11639: Jim Pingle
01:50 PM Regression #11545: Primary interface address is not always used when VIPs are present: Should at least take a stab at this to see if we can come up with a workaround for now. Jim Pingle
01:49 PM Bug #11502: WireGuard ``matchaddr failed`` kernel messages in system log: Would be nice to at least suppress this console message since it's not useful. Jim Pingle
01:48 PM pfSense Plus Regression #11436: State matching problem with reponses to packets arriving on non-default WANs: gnn is taking a look at this to see if he can track it down. Jim Pingle
01:33 PM Bug #11624 (Waiting on Merge): Typo on Router Advertisements page: Jim Pingle
01:32 PM Bug #11569 (Waiting on Merge): ACLs generated from RADIUS reply attributes have incorrect syntax: Jim Pingle
01:32 PM Regression #11565 (Waiting on Merge): Saved state timeout values not loaded into GUI fields on system_advanced_firewall.php: Jim Pingle
01:30 PM Regression #11561 (Waiting on Merge): ACLs generated from RADIUS reply attributes do not parse ``{clientip}`` macro: Jim Pingle
01:30 PM Regression #11555 (Waiting on Merge): IPsec peer ID of "Any" does not generate a proper remote definition or related secrets: Jim Pingle
01:30 PM Bug #11547 (Waiting on Merge): DNS Resolver does not bind to an interface when it recovers from a down state: Jim Pingle
01:29 PM Regression #11519 (Waiting on Merge): Incorrect DHCP failover IP address configured on peer after XMLRPC sync: Jim Pingle
01:29 PM Regression #11500 (Waiting on Merge): OpenVPN using the wrong OpenSSL command to list digest algorithms: Jim Pingle
01:28 PM Bug #11483 (Waiting on Merge): Installer does not add required module to loader.conf when using ZFS: Jim Pingle
01:28 PM Bug #11476 (Waiting on Merge): Telegram and Pushover notification API calls do not respect proxy configuration: Jim Pingle
01:27 PM Bug #11464 (Waiting on Merge): Requests to ``ews.netgate.com`` do not honor proxy configuration: Jim Pingle
01:27 PM Bug #11448 (Waiting on Merge): Incorrect order of ``route-nopull`` option in OpenVPN client-specific override configuration: Jim Pingle
01:27 PM Regression #11447 (Waiting on Merge): EAP-RADIUS Mobile IPsec clients with RADIUS-assigned addresses do not get additional configuration attributes: Jim Pingle
01:27 PM Regression #11443 (Waiting on Merge): Disabling 'State Table Size' in the System Information widget prevents other data from being displayed: Jim Pingle
01:26 PM Bug #11409 (Waiting on Merge): IPv4 MSS value is incorrectly applied to IPv6 packets: Jim Pingle
01:24 PM Bug #11403 (Waiting on Merge): DNS Resolver does not add a ``local-zone`` type for ``ip6.arpa`` domain override: Jim Pingle
01:19 PM Bug #11382 (Waiting on Merge): OpenVPN client configuration page displays Shared Key option when set for SSL/TLS: Jim Pingle
01:18 PM Bug #11105 (Waiting on Merge): IPv6 RA RDNSS lifetime is too short, not compliant with RFC 8106: Jim Pingle
01:17 PM Bug #11091 (Waiting on Merge): Interfaces set as disabled in the configuration have an UP status in the operating system at boot: Jim Pingle
01:16 PM pfSense Plus Feature #10804 (Waiting on Merge): Interface Status page information for switch uplinks may be replaced by switch port data when media state monitoring is set: Jim Pingle
01:14 PM Feature #7077 (Waiting on Merge): Display negotiated data encryption algorithm in OpenVPN connection status: Jim Pingle
01:06 PM Bug #11554 (Waiting on Merge): Selected Data Encryption Algorithms list items reset when an input validation error occurs: Jim Pingle
09:48 AM Bug #11554 (Resolved): Selected Data Encryption Algorithms list items reset when an input validation error occurs: Tested on the latest release. The issue is fixed.
Ticket resolved. Danilo Zrenjanin
01:05 PM Bug #11559 (Waiting on Merge): OpenVPN does not start with a long list of Data Encryption Algorithms: Jim Pingle
10:05 AM Bug #11559 (Resolved): OpenVPN does not start with a long list of Data Encryption Algorithms: Tested on the latest release. It doesn't allow selecting too many data ciphers.
Ticket resolved. Danilo Zrenjanin
01:02 PM Revision 99cef76e: Catch up with rename of Coreboot upgrade package to Firmware: Renato Botelho
11:49 AM Bug #11188: MultiWAN setup NAT issue: Possibly related to #11436 Marcos M
10:00 AM pfSense Packages Bug #11580 (Resolved): FTP client proxy - source and destination bypass limitation: Tested on the latest release. I was able to define an alias in both Proxy Bypass: Source and Proxy Bypass: Destinati... Danilo Zrenjanin
09:12 AM Bug #11639 (Waiting on Merge): Entries from rotated log files may be displayed out of order when log display includes contents from multiple files: With the commit applied the order is correct for both uncompressed and compressed log files:... Jim Pingle
09:05 AM Bug #11639 (Feedback): Entries from rotated log files may be displayed out of order when log display includes contents from multiple files: Applied in changeset commit:b9c1679dae94fb2d406cfc386f667eed2378b6d2. Jim Pingle
08:50 AM Bug #11639 (Closed): Entries from rotated log files may be displayed out of order when log display includes contents from multiple files: The code in @rsort_log_filename()@ is making faulty assumptions about the log filenames. It is not only testing the w... Jim Pingle
08:44 AM Bug #11383: pfSense Proxy Authentication not working: Michael Samer wrote:
> Jim Pingle wrote:
> > From a much older release, yes, but not from the last public release. ... Michael Samer
06:38 AM Bug #11638 (Pull Request Review): PHP error in logs from XMLRPC if no sections are selected to sync: Jim Pingle
03:32 AM Bug #11638: PHP error in logs from XMLRPC if no sections are selected to sync: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/180 Viktor Gurov
02:56 AM Bug #11638 (Closed): PHP error in logs from XMLRPC if no sections are selected to sync: if no sections is selected on the HA sync configuration page (used only for pkg xmlrpc sync, for example), php error ... Viktor Gurov
02:16 AM pfSense Packages Bug #11582: FreeRADIUS XML-RPC Sync doesn't sync all configuration sections: Alexis Mestag wrote:
> Viktor Gurov wrote:
> > fix:
> > https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_r... Viktor Gurov
01:54 AM pfSense Packages Bug #11582: FreeRADIUS XML-RPC Sync doesn't sync all configuration sections: Viktor Gurov wrote:
> fix:
> https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/69
If you can pro... Alexis Mestag

03/08/2021

09:02 PM pfSense Packages Bug #11637 (Resolved): Preprocs - possible to create two defaults: When creating a new server configuration, if you use the +Aliases button for the Bind-To Address and/or the Ports fie... Max Leighton
08:19 PM Revision beac9a1c: Remove obsolete vars for MVC: Steve Beaver
08:11 PM Revision ec0e144d: Revise firewall_nat.php for MVC: Steve Beaver
07:40 PM pfSense Plus Regression #11436: State matching problem with reponses to packets arriving on non-default WANs: Site to Site OpenVPN is broken for me in 2.5.0. The tunnel encryption is setup, but running openvpn at verbosity leve... Greg Hulands
09:46 AM pfSense Plus Regression #11436: State matching problem with reponses to packets arriving on non-default WANs: the last filter generating change is https://github.com/pfsense/pfsense/commit/fce8a99bffae47c965c692dbe763ae9732092f... Viktor Gurov
09:17 AM pfSense Plus Regression #11436: State matching problem with reponses to packets arriving on non-default WANs: Same issue here after upgrade to v21.02,
MultiWan wont NAT properly on both wan.
A new message to let you know this... R M
05:02 PM Feature #11395: Option to switch IPsec filtering modes to choose between ``enc`` and ``if_ipsec`` filtering: tested and working for me. Jeremy Mordkoff
01:46 PM pfSense Packages Bug #11135: HAproxy OCSP reponse crontab bug: Can this same fix be applied to the regular haproxy package as well as the -devel variant? Christopher Sutcliff
12:32 PM Bug #11636 (Pull Request Review): Unused Limiter entries with schedules create unnecessary cron jobs: Jim Pingle
11:29 AM Bug #11636: Unused Limiter entries with schedules create unnecessary cron jobs: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/179 Viktor Gurov
10:14 AM Bug #11636 (Resolved): Unused Limiter entries with schedules create unnecessary cron jobs: If you create a Limiter with a schedule but do not apply it to any firewall rules,
it will create a cron job: "0,15,... Viktor Gurov
12:31 PM pfSense Packages Bug #11582 (Pull Request Review): FreeRADIUS XML-RPC Sync doesn't sync all configuration sections: Jim Pingle
07:23 AM pfSense Packages Bug #11582 (New): FreeRADIUS XML-RPC Sync doesn't sync all configuration sections: Alexis Mestag wrote:
> Sorry, there are still some issues, even after I successfully applied the patch, using the <c... Viktor Gurov
04:25 AM pfSense Packages Bug #11582: FreeRADIUS XML-RPC Sync doesn't sync all configuration sections: Sorry, there are still some issues, even after I successfully applied the patch, using the ... Alexis Mestag
12:30 PM pfSense Packages Bug #11627 (Pull Request Review): rc file is not deleted: Jim Pingle
03:42 AM pfSense Packages Bug #11627: rc file is not deleted: https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/68 Viktor Gurov
12:30 PM pfSense Packages Bug #11628 (Pull Request Review): ftp-proxy error messages in logs: Jim Pingle
02:34 AM pfSense Packages Bug #11628: ftp-proxy error messages in logs: https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/67 Viktor Gurov
12:29 PM Regression #11537 (Pull Request Review): IPsec VTI tunnel between IPv6 peers may not configure correctly: Jim Pingle
12:50 AM Regression #11537: IPsec VTI tunnel between IPv6 peers may not configure correctly: improved:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/177 Viktor Gurov
12:28 PM Regression #11633 (Pull Request Review): DHCP6 interfaces are reconfigured multiple times at boot when more than one interface is set to Track: Jim Pingle
12:54 AM Regression #11633: DHCP6 interfaces are reconfigured multiple times at boot when more than one interface is set to Track: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/176 Viktor Gurov
12:04 AM Regression #11633: DHCP6 interfaces are reconfigured multiple times at boot when more than one interface is set to Track: correct example:... Viktor Gurov
11:29 AM pfSense Plus Bug #11630: WireGuard MultiWAN Not Failing Back to Tier 1: This also appears to be related to Bug #11613, where the user had to reboot pfSense to get WireGuard to follow the st... James Blanton
11:21 AM pfSense Plus Bug #11630: WireGuard MultiWAN Not Failing Back to Tier 1: FYI - The "nightly" build I was using during testing was 2.5.0.a.20210122.2350. James Blanton
10:58 AM Bug #11454: Gateway value for DHCP6 interfaces missing after RA events triggered script without gateway information: Victor- Any idea when this is going to get some attention? This issue really ripples thru out the system (e.g. Gatewa... Greg Shaffer
07:03 AM Bug #10708: ZFS bootpool boot symlink issue: I believe this is the root cause of the issue I hit when upgrading 2.4.5 to 2.5.0.
The original install was perfor... Boycee .
04:35 AM Bug #11635 (Duplicate): Changing alias resolves in broken rules: Duplicate of #11568 Viktor Gurov
03:56 AM Bug #11635 (Duplicate): Changing alias resolves in broken rules: After changing a alias's name from alias01 to alias02, all rules regarding this is broken. Also the source changes fr... Kristian Krautwald
01:04 AM pfSense Packages Regression #11634 (Resolved): bind hangs when pfsense is reconnecting as an openvpn client to a TUN openvpn server: I encounter a problem with bind since 2.5.0, it stops responding to queries each time an openvpn disconnection/connec... Stéphane BARBARAY

03/07/2021

11:42 PM Regression #11633 (Closed): DHCP6 interfaces are reconfigured multiple times at boot when more than one interface is set to Track: DHCP6 interface is restarted multiple times on boot if there is > 1 track interfaces that use it:... Viktor Gurov
11:36 PM Bug #11454: Gateway value for DHCP6 interfaces missing after RA events triggered script without gateway information: see also #11187 Viktor Gurov
11:32 PM pfSense Plus Bug #11630: WireGuard MultiWAN Not Failing Back to Tier 1: see also #11570 and #6370 Viktor Gurov
11:11 PM pfSense Packages Bug #11511 (Resolved): OSPF distribute List always empty: Viktor Gurov
11:11 PM pfSense Packages Bug #11517 (Resolved): Zebra Access List Names don't prevent spaces, but a whitespace in the name will stop FRR from starting: Viktor Gurov
11:11 PM Bug #11547: DNS Resolver does not bind to an interface when it recovers from a down state: Stéphane BARBARAY wrote:
> I encounter a similar problem with bind which stop responding each time an openvpn discon... Viktor Gurov
05:08 PM Bug #11631: OpenVPN client "Custom options" field drop end of line: In that case I propose that it also tread newlines as a separator. It would be more consistent with other similar fie... Patrick Northon
09:52 AM Bug #11631 (Not a Bug): OpenVPN client "Custom options" field drop end of line: Newlines are not meant to be respected there -- read the description on the field. Jim Pingle
12:11 AM Bug #11631 (Not a Bug): OpenVPN client "Custom options" field drop end of line: Whenever I restart one of my OpenVPN client, the "Custom options" field changes.
For example:
```
remote-cert-... Patrick Northon
03:11 PM Todo #10464: Don't change the current update repo when new releases are available: Steve Yates wrote:
> Perhaps a note at the top of the package pages...could be quickly added with limited testing.
... Steve Y
10:56 AM Todo #10464: Don't change the current update repo when new releases are available: I had a similar issue, with even less of an input from me.
To test my backup process, I saved a config.xml locally... Dr. Phil
11:21 AM pfSense Plus Regression #11436: State matching problem with reponses to packets arriving on non-default WANs: It looks like the reply traffic is not matching the state created by the inbound connection on the WAN.
The firewa... Steve Wheeler
11:09 AM Bug #9190: host override for pfsense box DNS name does not override IP of LAN interface: Jim Pingle wrote:
> I understood it correctly, and it's behaving exactly as expected. The system adds an internal "o... Andrew Bobulsky
04:42 AM pfSense Packages Bug #11632 (Duplicate): unbound service not restarted on pfBlocker-devel install/reinstall: SG-3100 running 21.02_1 pfB-devel 3.0.0_15
I noticed on my upgrade from 2.5.4-p1 that unbound wasn't running after... Loh Phat

03/06/2021

07:12 PM pfSense Packages Bug #11511: OSPF distribute List always empty: ACLs are shown up in OSPF GUI
fixed Alhusein Zawi
04:29 PM pfSense Docs New Content #9608: Add note about disabling secure boot when configuring a Hyper-V Gen 2 VM: Fred Bergeron wrote:
> *Page:* https://docs.netgate.com/pfsense/en/latest/recipes/virtualize-hyper-v.html
>
> *Fe... Michael Spears
04:14 PM pfSense Docs Correction #11145: Screenshots in "Virtualizing pfSense with Hyper-V" recipe are incorrect and outdated: Michael Spears wrote:
> James Eisele wrote:
> > *Page:* https://docs.netgate.com/pfsense/en/latest/recipes/virtuali... Michael Spears
04:12 PM pfSense Docs Correction #11145: Screenshots in "Virtualizing pfSense with Hyper-V" recipe are incorrect and outdated: James Eisele wrote:
> *Page:* https://docs.netgate.com/pfsense/en/latest/recipes/virtualize-hyper-v.html
>
> *Fee... Michael Spears
04:05 PM pfSense Docs Correction #11399: SG-3100 M.2 Installation Guide Reinstall Corrections: Kris Phillips wrote:
> Marcos Mendoza wrote:
> > 1. I believe "run recovery" wipes emmc, so separate instructions h... Michael Spears
03:37 PM Bug #11187: WAN_DHCP6 down, but IPv6 actually works: I'm seeing this too. Unless I hardcode a monitoring address (I use my ISP's linklocal end of the connection) the IPV... Loh Phat
10:20 AM pfSense Plus Regression #11504: CA and certificate validity end dates after 2038 are not handled properly on 32-bit ARM: bdaa35dcf31def521ba8c60c0aa9c41bf5005311 is working when applied to 21.02p1 on an SG-3100. The change hasn't made it ... Max Leighton
07:55 AM Bug #11547: DNS Resolver does not bind to an interface when it recovers from a down state: I encounter a similar problem with bind which stop responding each time an openvpn disconnection/connection is made..... Stéphane BARBARAY

03/05/2021

10:59 PM Bug #11602: Delayed packet transmission in cxgbe driver can lead to latency and reduced performance: Navdeep wrote in
——
The bug was first fixed in these commits in FreeBSD 14-current and 13:
https://www.google.com... Jim Thompson
09:03 PM pfSense Packages Bug #11517: Zebra Access List Names don't prevent spaces, but a whitespace in the name will stop FRR from starting: Access list does not accept names with spaces
fixed
Alhusein Zawi
04:31 PM pfSense Plus Bug #11630 (Closed): WireGuard MultiWAN Not Failing Back to Tier 1: When using a GW group for WAN failover, WireGuard will fail to Tier2 when the Tier1 GW is down. However, when Tier1 i... James Blanton
02:18 PM pfSense Packages Bug #11614: ACME certificate renewal/creation fails with multiple DNS providers: Right, and there is also no solution yet, but it's all the same problem with multiple (different) credentials.
Dep... Jim Pingle
02:04 PM pfSense Packages Bug #11614: ACME certificate renewal/creation fails with multiple DNS providers: Workaround in #8560 does not reliably work for this scenario of the bug. So effectively, there is no workaround. Ben Tyger
12:43 PM Bug #11629: PPPoE WAN IP address different than expected when set static by ISP: Perhaps this is another variation of #11545 and not a unique issue Jim Pingle
12:35 PM Bug #11629: PPPoE WAN IP address different than expected when set static by ISP: It seems like the IPs are assigned to the interface in ascending order no matter what pppoe server gives
(reverse ... Marcos M
08:33 AM Bug #11629: PPPoE WAN IP address different than expected when set static by ISP: Requested info has been added to the support ticket. Dan Rice
08:17 AM Bug #11629: PPPoE WAN IP address different than expected when set static by ISP: Our IP block and router status output is aleady attached to the support ticket. I will also attached the other info t... Dan Rice
08:14 AM Bug #11629 (Feedback): PPPoE WAN IP address different than expected when set static by ISP: We will need a lot more information here since it isn't happening to others that we're aware of yet.
Things like P... Jim Pingle
08:03 AM Bug #11629 (Resolved): PPPoE WAN IP address different than expected when set static by ISP: As per support ticket: #INC-77927
Hi, we've had this box and a previous one connecting to our service provider for... Dan Rice
11:21 AM Revision 779daee9: Typo fix. Issue #11624: Danilo Zrenjanin
10:23 AM pfSense Plus Regression #11436: State matching problem with reponses to packets arriving on non-default WANs: Marcos Mendoza wrote:
[...]
>
> I noticed the PPPoE gateway that was automatically created was outside of the sub... Grzegorz Krzystek
09:59 AM pfSense Plus Regression #11436: State matching problem with reponses to packets arriving on non-default WANs: Another report:
Port forward and firewall rules are in place on a secondary PPPoE WAN interface. Traffic comes in,... Marcos M
08:36 AM Bug #11624 (Feedback): Typo on Router Advertisements page: PR has been merged. Thanks! Renato Botelho
08:09 AM Bug #11624 (Pull Request Review): Typo on Router Advertisements page: Jim Pingle
05:24 AM Bug #11624: Typo on Router Advertisements page: Fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/175 Danilo Zrenjanin
08:33 AM pfSense Packages Feature #11349 (Feedback): Allow to set minimum TLS version: PR has been merged. Thanks! Renato Botelho
08:33 AM pfSense Packages Bug #11582 (Feedback): FreeRADIUS XML-RPC Sync doesn't sync all configuration sections: PR has been merged. Thanks! Renato Botelho
08:29 AM pfSense Packages Bug #11580 (Feedback): FTP client proxy - source and destination bypass limitation: PR has been merged. Thanks! Renato Botelho
08:26 AM pfSense Packages Bug #8827 (Feedback): Squidguard: ACL redirect modes 'redirect' and 'err page' send unresolvable URLs to the client.: PR has been merged. Thanks! Renato Botelho
08:25 AM pfSense Packages Bug #11620 (Feedback): OSPF Route Redistribution shows numbers instead of route map names: PR has been merged. Thanks! Renato Botelho
08:08 AM Feature #11164 (Pull Request Review): Input validation to prevent setting a load balancing gateway group as default: Jim Pingle
05:11 AM Feature #11164: Input validation to prevent setting a load balancing gateway group as default: Fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/174 Danilo Zrenjanin
08:06 AM pfSense Plus Bug #11626: Google LDAP connections fail due to lack of SNI for TLS 1.3: If OpenLDAP ldapsearch fails directly it's unlikely to be related to #9417
All the references I see to SNI seem fa... Jim Pingle
02:07 AM pfSense Plus Bug #11626: Google LDAP connections fail due to lack of SNI for TLS 1.3: may be related to #9417 Viktor Gurov
02:02 AM pfSense Plus Bug #11626 (Resolved): Google LDAP connections fail due to lack of SNI for TLS 1.3: https://forum.netgate.com/topic/161725/google-ldap-connection-failed:
I have a problem after update my Netgate XG-... Viktor Gurov
08:00 AM Bug #11428 (Pull Request Review): CPU details are incorrect in the System Information widget after resetting log files: Jim Pingle
12:26 AM Bug #11428: CPU details are incorrect in the System Information widget after resetting log files: Jim Pingle wrote:
> The dmesg.boot file is the copy of the kernel message buffer for that purpose.
>
> Resetting ... Viktor Gurov
06:59 AM Regression #11570: Gateway monitoring services is not always restarted on interface events, which may prevent a WAN from recovering back to an online state: related to #10716 and #11298 (?) Viktor Gurov
06:31 AM pfSense Packages Bug #11628 (Resolved): ftp-proxy error messages in logs: Disabled ftp-proxy package causes errors in log:... Viktor Gurov
06:29 AM pfSense Packages Bug #11627 (Resolved): rc file is not deleted: After disabling the arpwatch service, `/usr/local/etc/rc.d/arpwatch.sh` still exists
and you can see errors in log:
... Viktor Gurov
04:52 AM pfSense Packages Feature #11405 (Resolved): add RPKI route map in GUI: frr 1.1.0_7 Viktor Gurov
04:51 AM pfSense Packages Feature #11405: add RPKI route map in GUI: already there ('Enable BGP RPKI' option)
works as expected:... Viktor Gurov
04:21 AM pfSense Packages Feature #11405 (New): add RPKI route map in GUI: "-M rpki" must be added to bgpd daemon command line,
see https://docs.frrouting.org/en/latest/bgp.html#enabling-rpki... Viktor Gurov
02:58 AM Bug #11619: Unable to upgrade 2.4.4-p3 to 2.5/21.02-p1: same issue with updating 2.3.5 to 2.4.4-p3/2.4.5-p1:... Viktor Gurov
02:38 AM pfSense Packages Feature #9315: Add Package: dnscrypt-proxy: According to "DNSCrypt Options" at https://nlnetlabs.nl/documentation/unbound/unbound.conf/ it seems the DNScrypt in ... Idar Lund
12:35 AM Feature #11625 (New): Cisco-AVPair aliases support: It would be very helpful to enable the use of aliases in the Cisco-AVPair parser.
This will allow to create quick an... Viktor Gurov

03/04/2021

11:47 PM Bug #11624 (Resolved): Typo on Router Advertisements page: Small typo on services_router_advertisements.php page. under "Router Lifetime" it says "The default is 3 * *Maximim* ... Mischa De Pol
11:03 PM pfSense Packages Bug #11546 (Resolved): incorrect 'set as-path' command: Viktor Gurov
09:08 PM pfSense Packages Bug #11546: incorrect 'set as-path' command: "Set" option is not in options list.
Alhusein Zawi
06:40 PM Regression #11316: Unbound crashes with signal 11 when reloading: I'm losing DNS every day or so with pfsense 2.5. I'm using the latest from "pkg update".
If there's anything I can d... Mike Farmwald
05:42 PM Feature #11164: Input validation to prevent setting a load balancing gateway group as default: Seems simple enough to fix (with the message) and the GUI is misleading. Jim Thompson
04:25 PM Revision 4f1eb41c: Do not run post-install during build: (cherry picked from commit 2524d5483f97c5b6594b623113056408291b1ae1) Renato Botelho
04:25 PM Revision 2524d548: Do not run post-install during build: Renato Botelho
03:05 PM Bug #11539 (Feedback): Mobile IPsec ``split_include`` value of ``0.0.0.0/0`` causes some clients to fail: Jim Pingle
03:05 PM Bug #11539: Mobile IPsec ``split_include`` value of ``0.0.0.0/0`` causes some clients to fail: I can't find a client that can reproduce this so I can't confirm a fix. Attached is a patch which will omit 0.0.0.0/0... Jim Pingle
02:19 PM Bug #11428: CPU details are incorrect in the System Information widget after resetting log files: The dmesg.boot file is the copy of the kernel message buffer for that purpose.
Resetting log files should not be n... Jim Pingle
01:44 PM Bug #11428: CPU details are incorrect in the System Information widget after resetting log files: Would it work to just copy the file to dmesg.boot.current or whatever, after each boot, and then parse that? It shou... Steve Y
09:52 AM pfSense Packages Bug #11449 (Resolved): BIND fails during/after upgrade to 21.02/2.50: Renato Botelho
09:16 AM pfSense Packages Bug #11449: BIND fails during/after upgrade to 21.02/2.50: It did fix the issue for me. Tchello Mello
08:47 AM pfSense Packages Bug #11449: BIND fails during/after upgrade to 21.02/2.50: Is this bug fixed with the new version of the bind package release for pfsense ? Stefan Andersson
09:35 AM pfSense Docs Todo #11623 (Duplicate): Update AWS VPC Wizard Documentation: Duplicate of #11622 Jim Pingle
09:31 AM pfSense Docs Todo #11623 (Duplicate): Update AWS VPC Wizard Documentation: The documentation for the AWS VPC wizard is out of date on its screenshots and missing information. See attached cur... Kris Phillips
09:23 AM pfSense Docs Todo #11597 (Closed): Feedback on Troubleshooting — Troubleshooting Upgrades: Fixed, will show up momentarily when the docs rebuild.
Jim Pingle
09:21 AM pfSense Docs Todo #11597 (In Progress): Feedback on Troubleshooting — Troubleshooting Upgrades: Yes, that should be updated to the new name. Thanks!
Jim Pingle
09:14 AM pfSense Packages Bug #11620 (Pull Request Review): OSPF Route Redistribution shows numbers instead of route map names: Jim Pingle
05:23 AM pfSense Packages Bug #11620: OSPF Route Redistribution shows numbers instead of route map names: fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/66 Viktor Gurov
05:09 AM pfSense Packages Bug #11620 (Resolved): OSPF Route Redistribution shows numbers instead of route map names: Routing using routing protocols has basically been broken to some extent. In my case I'm doing advanced routing with ... Viktor Gurov
09:12 AM pfSense Docs Correction #11154 (Closed): Feedback on Cellular Wireless — Known Working 3G-4G Modems: PR merged Jim Pingle
03:59 AM pfSense Docs Correction #11154: Feedback on Cellular Wireless — Known Working 3G-4G Modems: https://gitlab.netgate.com/docs/pfSense-docs/-/merge_requests/8 Viktor Gurov
09:11 AM pfSense Docs Todo #11622: Update pfSense VPC VPN Configuration Wizard docs: https://docs.netgate.com/pfsense/en/latest/packages/aws-vpc-wizard/using-the-wizard.html#using-the-wizard Danilo Zrenjanin
09:10 AM pfSense Docs Todo #11622 (New): Update pfSense VPC VPN Configuration Wizard docs: The screenshots are outdated.
There is a new field Assume Role ARN, which is not explained in our docs. Danilo Zrenjanin
08:11 AM Bug #4521: OpenVPN authentication and certificate validation fail due to size of data passed through ``fcgicli``: This patch should also take ovpn_auth_verify_async into consideration, right? i do have the issue, but not because of... Thomas Högemann
06:07 AM Bug #4521: OpenVPN authentication and certificate validation fail due to size of data passed through ``fcgicli``: Summer Sea wrote:
> Viktor Gurov wrote:
> > You need to install the System Patches package and paste the content of... Viktor Gurov
05:02 AM Bug #4521: OpenVPN authentication and certificate validation fail due to size of data passed through ``fcgicli``: Viktor Gurov wrote:
> You need to install the System Patches package and paste the content of 154.diff
> see https:... Summer Sea
04:36 AM Bug #4521: OpenVPN authentication and certificate validation fail due to size of data passed through ``fcgicli``: Summer Sea wrote:
> Viktor Gurov wrote:
> > Summer Sea wrote:
> > > In the pfsense FE 21.02 the issue is still pre... Viktor Gurov
04:20 AM Bug #4521: OpenVPN authentication and certificate validation fail due to size of data passed through ``fcgicli``: Viktor Gurov wrote:
> Summer Sea wrote:
> > In the pfsense FE 21.02 the issue is still present, but I don't get ho... Summer Sea
05:57 AM pfSense Docs Todo #11621 (Closed): Feedback on High Availability: already there Viktor Gurov
05:34 AM pfSense Docs Todo #11621 (Closed): Feedback on High Availability: *Page:* https://docs.netgate.com/pfsense/en/latest/highavailability/index.html
*Feedback:*
Add the https://do... Viktor Gurov
04:10 AM Bug #11619 (New): Unable to upgrade 2.4.4-p3 to 2.5/21.02-p1: issue with upgrading 2.4.4-p3 to 2.5/21.02-p1:... Viktor Gurov

03/03/2021

09:24 PM Revision 89b1338a: Fix typo: (cherry picked from commit 361ad87b85fdc0f97a2d7f3dcb6ec439e105e320) Jim Pingle
09:24 PM Revision 361ad87b: Fix typo: Jim Pingle
07:53 PM Revision e85c56b3: Add missing break: (cherry picked from commit f26a816b7080f0ef45a8cb3938cfd878dbaef71e) Renato Botelho
07:53 PM Revision f26a816b: Add missing break: Renato Botelho
07:15 PM Revision ae3d3397: Rework WOL page a bit. Fixes #11616: * Eliminate duplicate code
* Fix output encoding
* Additional validation
* Use POST when waking all devices
(cherry ... Jim Pingle
07:14 PM Revision 2e94828c: Rework WOL page a bit. Fixes #11616: * Eliminate duplicate code
* Fix output encoding
* Additional validation
* Use POST when waking all devices Jim Pingle
04:23 PM Bug #9460: OpenVPN local auth failing due to fcgicli output: Applying the patch from #4521 fixed the certificate verify before the AUTH_FAILED for me and applying ce76f299853dccb... Elon l
03:38 PM Bug #9460: OpenVPN local auth failing due to fcgicli output: Another report of this issue. Setup is pfSense 21.02p1 OpenVPN + RADIUS + Yubikey. Logs show:... Marcos M
04:17 PM pfSense Packages Bug #11618 (Closed): WireGuard using incorrect IPv6 tunnel address prefix length: Example; if I specify a tunnel with address fc00:bbbb:bbbb:bb01::9:xxxx/128, this is how it gets configured:... Reza Arbab
03:41 PM Bug #11609 (Pull Request Review): CLI interface configuration without IPv6 leaves RA enabled: Jim Pingle
07:51 AM Bug #11609: CLI interface configuration without IPv6 leaves RA enabled: related to #11367
fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/172 Viktor Gurov
04:40 AM Bug #11609 (Closed): CLI interface configuration without IPv6 leaves RA enabled: This occurred on a completely new install, version 2.5.0-RELEASE.
Specs:
Mainboard: ASUS ROG MAXIMUS IX FORMULA
... George Doe
03:39 PM pfSense Packages Bug #8827 (Pull Request Review): Squidguard: ACL redirect modes 'redirect' and 'err page' send unresolvable URLs to the client.: Jim Pingle
04:12 AM pfSense Packages Bug #8827: Squidguard: ACL redirect modes 'redirect' and 'err page' send unresolvable URLs to the client.: https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/65 Viktor Gurov
03:38 PM Bug #11600 (Pull Request Review): WireGuard interfaces should have MSS clamping enabled by default: Jim Pingle
03:21 AM Bug #11600: WireGuard interfaces should have MSS clamping enabled by default: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/171 Viktor Gurov
03:38 PM Bug #11104 (Pull Request Review): OpenVPN does not start with several authentication sources selected: Jim Pingle
02:51 AM Bug #11104: OpenVPN does not start with several authentication sources selected: input validation:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/170 Viktor Gurov
03:31 PM pfSense Packages Feature #11349 (Pull Request Review): Allow to set minimum TLS version: Jim Pingle
12:09 AM pfSense Packages Feature #11349: Allow to set minimum TLS version: https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/64 Viktor Gurov
03:17 PM Bug #11606 (Rejected): Wireguard AllowedIPs filtering issue: I can't replicate this as stated. I have a tunnel with multiple peers and the peers can only communicate with the add... Jim Pingle
02:52 PM pfSense Plus Bug #11615: OpenVPN + Ldap broken in 21.02-RELEASE-p1: Read all of the recent notes, it's a general problem with fcgicli that manifests in multiple ways, including validati... Jim Pingle
02:46 PM pfSense Plus Bug #11615: OpenVPN + Ldap broken in 21.02-RELEASE-p1: I do not believe this is a duplicate
here the longest cert
1) ST=CA, OU=XXXXXX, O=XXXXXX Technologies Inc, L=XXXX... Luc Suryo
11:22 AM pfSense Plus Bug #11615 (Duplicate): OpenVPN + Ldap broken in 21.02-RELEASE-p1: Almost certainly a duplicate of #4521 (See notes there with attached patches to try).
If that doesn't help, please... Jim Pingle
11:20 AM pfSense Plus Bug #11615 (Duplicate): OpenVPN + Ldap broken in 21.02-RELEASE-p1: We recently upgraded to 21.02-RELEASE-p1 (AWS)
And since we see an odd behavior that prevent user to login
OpenLD... Luc Suryo
02:39 PM Bug #11617 (Closed): Unexpected Operator error on console at boot with ZFS and RAM Disks: after mounting filesystems, the console returns the following error at boot:... Steve R
01:25 PM pfSense Packages Bug #10642 (Duplicate): ACME certificate renewal with DNS-Gandi method fails when using multiple Gandi keys: Same root problem as #8560 Jim Pingle
01:25 PM Bug #11616 (Feedback): Potential stored XSS vulnerability in services_wol.php: Applied in changeset commit:2e94828cd021a8f0fd1a89475f6e0f4bb2f5805f. Jim Pingle
12:21 PM Bug #11616 (Closed): Potential stored XSS vulnerability in services_wol.php: There is a potential stored XSS in services_wol.php.
When waking all devices (@services_wol.php?wakeall=true@) the... Jim Pingle
01:25 PM pfSense Packages Bug #11614 (Duplicate): ACME certificate renewal/creation fails with multiple DNS providers: Same root problem as #10642 and #8560 Jim Pingle
09:50 AM pfSense Packages Bug #11614 (Duplicate): ACME certificate renewal/creation fails with multiple DNS providers: When trying to issue/renew ACME certificates to multiple different DNS providers with the DNS verification method, th... Ben Tyger
11:57 AM Bug #2218: CARP VIPs can become master too early at boot time: Jim Pingle wrote:
> Read the text you quoted again. Eventually a better solution may come along. It's entirely mitig... Le Cygne
08:47 AM Bug #2218: CARP VIPs can become master too early at boot time: Read the text you quoted again. Eventually a better solution may come along. It's entirely mitigated by maintenance m... Jim Pingle
08:24 AM Bug #2218: CARP VIPs can become master too early at boot time: Jim Pingle wrote:
> I didn't close the ticket and say it wouldn't be addressed eventually. When this old ticket was ... Le Cygne
11:10 AM Bug #7138: Pfsense wide dhcpv6 client doesn't recognise ifid statement: Hello,
this would also fix a problem on the PPPoE interface. My provider only supports DHCPv6-IA_PD and not DHCPv6-I... Jost Schoenleben
08:37 AM Bug #11613 (Rejected): Pushing WireGuard traffic out a specific GW using static routes requires a reboot to revert.: I initially had my WireGuard traffic going out a secondary WAN using a static route with the remote wireguard endpoin... Christian McDonald
08:12 AM Bug #11612 (Duplicate): CARP-based master takes over before it fully syncs required data: Same root problem as #2218 Jim Pingle
08:04 AM Bug #11612 (Duplicate): CARP-based master takes over before it fully syncs required data: Hello there! I have two pfsense 2.4.5p1. They are set up for failover via CARP. Everything works fine including the f... Le Cygne
07:38 AM Bug #11611 (Duplicate): Multi WAN Static Routes & NAT failure on multiple interfaces: Likely the same root cause as #11436
Though that has a lot more information, so this isn't necessary. Jim Pingle
07:30 AM Bug #11611 (Duplicate): Multi WAN Static Routes & NAT failure on multiple interfaces: I just discovered that pFsense 2.6.0.a.20210302.0100
fails to route traffic on static routes configured on multiple... Shepherd Nhongo
07:13 AM Bug #11607 (Duplicate): Clicking Connect VPN on the IPsec Status page establish the tunnel: Duplicate of #11486 Jim Pingle
05:29 AM pfSense Packages Bug #11610: NET-SNMP is not setting the correct permissions on AgentX: Unable to reproduce with FRR pkg 1.1.0_8 -
frr starts successfully with the "Enable agentx" option:... Viktor Gurov
05:11 AM pfSense Packages Bug #11610 (New): NET-SNMP is not setting the correct permissions on AgentX: When we go to FRR -> Global Settings -> (Scroll down to "Modules" and tick the "Enable agentx support for accessing F... Yif Swery
03:01 AM Bug #4521: OpenVPN authentication and certificate validation fail due to size of data passed through ``fcgicli``: Thanks a lot for the patch! After updating to 21.02-RELEASE-p1, the OpenVPN failed to connect. I use an own CA with d... Foo Bar
02:57 AM Bug #6880: Multiple DHCP6 WAN connections leads to multiple dhcp6c clients: This issue still isn't fixed with 2.5.0. Car F
02:06 AM pfSense Docs New Content #11608 (Closed): Interfaces order of XG-7100 Quad-Port 10GbE Fiber SFP+ Installation Kit: It's not documented what would be the order of the interface once this card is deployed in XG-7100-1u.
https://doc... Danilo Zrenjanin

03/02/2021

10:48 PM Regression #11475: Route tables with many entries can lead to PHP errors and timeouts when looking up routes: With patch 7990de53bfc8267d1dd96636a175929a35cbe664
and patch 169.diff applied, the errors didn't show anymore.
T... Dirk Meyer
08:58 AM Regression #11475 (Pull Request Review): Route tables with many entries can lead to PHP errors and timeouts when looking up routes: Jim Pingle
06:57 AM Regression #11475: Route tables with many entries can lead to PHP errors and timeouts when looking up routes: Please try this patch
extra fix for route_get() and route_del():
https://gitlab.netgate.com/pfSense/pfSense/-/m... Viktor Gurov
06:00 AM Regression #11475: Route tables with many entries can lead to PHP errors and timeouts when looking up routes: Thanks, I can verify now the dashboard works again.
But while on system_gateways.php I pressed Save:... Dirk Meyer
05:01 AM Regression #11475: Route tables with many entries can lead to PHP errors and timeouts when looking up routes: Dirk Meyer wrote:
> note: The patch is an improvement, but it doesn't solve the issue.
You need to apply patch ID... Viktor Gurov
04:53 AM Regression #11475: Route tables with many entries can lead to PHP errors and timeouts when looking up routes: note: The patch is an improvement, but it doesn't solve the issue.
Dirk Meyer
08:49 PM Bug #4521: OpenVPN authentication and certificate validation fail due to size of data passed through ``fcgicli``: I'm having the same exact issue after updating aws pfsense appliance to 21.02_1. The only branches I see on the Syste... Alex P
04:46 AM Bug #4521: OpenVPN authentication and certificate validation fail due to size of data passed through ``fcgicli``: Summer Sea wrote:
> In the pfsense FE 21.02 the issue is still present, but I don't get how to fix it:
Please tr... Viktor Gurov
02:03 AM Bug #4521: OpenVPN authentication and certificate validation fail due to size of data passed through ``fcgicli``: In the pfsense FE 21.02 the issue is still present, but I don't get how to fix it:
```
[21.02-RELEASE]/root: /us... Summer Sea
08:36 PM pfSense Packages Bug #11590: pfBlocker Issue when IPv6 is disabled: Fixed in pfBlockerNG-devel v3.0.0_14 BBcan177 .
06:50 PM Bug #11607 (Duplicate): Clicking Connect VPN on the IPsec Status page establish the tunnel: In 21.02, interesting traffic has to be generated to bring up an IPsec tunnel. Regardless of whether pfSense itself c... Max Leighton
05:26 PM Feature #11589: Fix iftop experimental traffic fetcher, unify and improve output style: Rounding was fixed to display no decimals with bits or exactly one decimal when kilobits or larger units are used.
... Ashus CZ
04:20 PM Bug #11606 (Rejected): Wireguard AllowedIPs filtering issue: There is potential problem with filtering AllowedIPs in Wireguard server.
To demonstrate it is enough to setup basic... Sylwester Baranski
03:22 PM Bug #11595: Unbound responds with SERVFAIL when resolving DNS record through more than 8 CNAMEs due to hardcoded limit: Tyler Szabo wrote:
> Query Name Minimization was disabled for me and I just checked both states and it appears to st... Jim Pingle
03:19 PM Bug #11595: Unbound responds with SERVFAIL when resolving DNS record through more than 8 CNAMEs due to hardcoded limit: Query Name Minimization was disabled for me and I just checked both states and it appears to still occur. It's possib... Tyler Szabo
07:53 AM Bug #11595 (Not a Bug): Unbound responds with SERVFAIL when resolving DNS record through more than 8 CNAMEs due to hardcoded limit: Turn off "Query Name Minimization" in the Unbound advanced settings. With that off I can resolve the host you show, w... Jim Pingle
01:59 AM Bug #11595: Unbound responds with SERVFAIL when resolving DNS record through more than 8 CNAMEs due to hardcoded limit: Title should read "Unbound" not sure how I got "Unblound" in there. Tyler Szabo
01:58 AM Bug #11595 (Not a Bug): Unbound responds with SERVFAIL when resolving DNS record through more than 8 CNAMEs due to hardcoded limit: Query to pfSense:... Tyler Szabo
02:27 PM Bug #11541: OpenVPN status does not work properly when set to TCP and Concurrent Connections = 1: Jim Pingle wrote:
> Not that I'd expect that to cause a problem, but why would you set that to 1? It doesn't make mu... Ryan Fitton
01:59 PM Bug #11454: Gateway value for DHCP6 interfaces missing after RA events triggered script without gateway information: Greg Shaffer wrote:
> I noticed that both /tmp/em0_routerv6 and /tmp/em0_defaultgwv6 were empty while the ipv4 versi... Eric B
01:33 PM Bug #11454: Gateway value for DHCP6 interfaces missing after RA events triggered script without gateway information: Mike Loiterman wrote:
> When you reference /tmp/*_defaultgwv6 and /tmp/*_routerv6, or you actually creating a file c... Anonymous
12:07 PM Bug #11454: Gateway value for DHCP6 interfaces missing after RA events triggered script without gateway information: Dennis P wrote:
> Greg Shaffer wrote:
> > I believe both of these files will be rewritten if you make a change to y... Mike Loiterman
11:05 AM Bug #11454: Gateway value for DHCP6 interfaces missing after RA events triggered script without gateway information: Greg Shaffer wrote:
> I believe both of these files will be rewritten if you make a change to your WAN or you reboot... Anonymous
11:01 AM Bug #11454: Gateway value for DHCP6 interfaces missing after RA events triggered script without gateway information: Dennis P wrote:
> Greg Shaffer wrote:
> > #echo $2 > /tmp/em0_routerv6
> > echo "fe80::X:X:X:X" > /tmp/em0_routerv... Greg Shaffer
07:58 AM Bug #11454: Gateway value for DHCP6 interfaces missing after RA events triggered script without gateway information: Greg Shaffer wrote:
> UPDATE:
>
> Here is a diff of my changes to /etc/inc/interfaces.inc
Thank you Greg.
T... Pete C
12:57 PM Bug #11603 (Rejected): Pfsense 2.5.0 : MultiWan with rules default gateway not work: This site is not for support or diagnostic discussion.
For assistance in solving problems, please post on the "Net... Jim Pingle
12:23 PM Bug #11603 (Rejected): Pfsense 2.5.0 : MultiWan with rules default gateway not work: Hi,
I have a problem with updating pfsense. Everything works fine on version 2.4.X
I have a configured multiwan ... Lars Lars
12:30 PM Bug #11602: Delayed packet transmission in cxgbe driver can lead to latency and reduced performance: Also see: https://forum.netgate.com/topic/160974/upgraded-to-2-5-0-now-seeing-ping-spikes Steve Wheeler
11:44 AM Bug #11602 (Resolved): Delayed packet transmission in cxgbe driver can lead to latency and reduced performance: In some situations the cxgbe driver can introduce latency in 2.5.
It looks as though that is caused by a driver is... Steve Wheeler
12:27 PM pfSense Packages Bug #11605 (Closed): Suricata can trigger PHP crash on SG-3100: Suricata and SNORT won't start on 21.02p1 SG3100. Appears to be an issue related to PHP see the following post for mo... Justin P
12:26 PM Feature #11604 (New): WireGuard Dynamic Listen Port Randomization: In CGNAT situations, like failing over to an LTE WAN for instance, it can be problematic to have the listen address o... Christian McDonald
12:17 PM Bug #11502: WireGuard ``matchaddr failed`` kernel messages in system log: Jim Pingle wrote:
> Mark Howells wrote:
> > Maybe - I may be just conflating the matchaddr issue with my issue.
> ... Mark Howells
11:22 AM Bug #11502: WireGuard ``matchaddr failed`` kernel messages in system log: Mark Howells wrote:
> Maybe - I may be just conflating the matchaddr issue with my issue.
>
> Do you need me to r... Jim Pingle
11:18 AM Bug #11502: WireGuard ``matchaddr failed`` kernel messages in system log: Maybe - I may be just conflating the matchaddr issue with my issue.
Do you need me to raise a fresh issue?
Mark Howells
11:02 AM Bug #11502: WireGuard ``matchaddr failed`` kernel messages in system log: That looks unrelated to this issue. I can connect multiple clients and ping them, but with the remotes being dynamic ... Jim Pingle
10:28 AM Bug #11502: WireGuard ``matchaddr failed`` kernel messages in system log: Jim Pingle wrote:
> Adam Esslinger wrote:
> > I noticed that there were additional "LAN" network that weren't defin... Mark Howells
07:18 AM Bug #11502: WireGuard ``matchaddr failed`` kernel messages in system log: Adam Esslinger wrote:
> I noticed that there were additional "LAN" network that weren't defined in the WireGuard all... Jim Pingle
07:11 AM Bug #11502: WireGuard ``matchaddr failed`` kernel messages in system log: Kevin Mychal Ong wrote:
> This is not isolated to when using multiple peers. It also happens to many people with jus... Jim Pingle
07:10 AM Bug #11502: WireGuard ``matchaddr failed`` kernel messages in system log: I was able to resolve this issue however I'm not sure which thing I did that resolved it so here is what I changed.
... Adam Esslinger
11:19 AM pfSense Packages Bug #11449: BIND fails during/after upgrade to 21.02/2.50: Hello everybody,
I became aware of this bug report after finding this forum thread via googling: https://forum.net... Andreas Grommek
10:25 AM pfSense Packages Feature #11601: Ability to disable/stop Service Watchdog: There is no need for two separate issues for the same problem. Any work to solve the other issue should stay on that ... Jim Pingle
10:21 AM pfSense Packages Feature #11601: Ability to disable/stop Service Watchdog: Jim Pingle wrote:
> Duplicate of #11490
#11490 describes symptoms, this request suggest a solution. Yuri Weinstein
10:15 AM pfSense Packages Feature #11601 (Duplicate): Ability to disable/stop Service Watchdog: Duplicate of #11490 Jim Pingle
10:09 AM pfSense Packages Feature #11601 (Duplicate): Ability to disable/stop Service Watchdog: Use case: before upgrading a package like pfBlockerNG I remove `pfb_dnsbl`, `pfb_filter` and `unbound` from Service W... Yuri Weinstein
09:12 AM Bug #11600 (Not a Bug): WireGuard interfaces should have MSS clamping enabled by default: It would seem that there is an upstream bug with wireguard icmp and path discovery (?) : https://git.kernel.org/pub/s... Christian McDonald
09:12 AM Bug #11599 (Resolved): Modifying static routes results in a logged error, changes are not reflected in routing table: When modifying an existing static route, e.g. changing subnet to be routed, the modified route is added to the curren... Roland Volkmann
08:57 AM Feature #11596 (Pull Request Review): Support for Cisco AVPair ``{clientipv6}`` template in firewall rules returns by RADIUS: Jim Pingle
03:24 AM Feature #11596: Support for Cisco AVPair ``{clientipv6}`` template in firewall rules returns by RADIUS: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/168 Viktor Gurov
03:13 AM Feature #11596 (Closed): Support for Cisco AVPair ``{clientipv6}`` template in firewall rules returns by RADIUS: Currently it's possible to use template variable "{clientip}", that is replaced with the connecting clients VPN IP (#... Viktor Gurov
08:56 AM Regression #11594 (Pull Request Review): IPv6 routes with a prefix length of 128 result in an invalid route table entry: Jim Pingle
01:51 AM Regression #11594: IPv6 routes with a prefix length of 128 result in an invalid route table entry: Using `-net` argument with /128 netmask produces invalid routes, i.e.:... Viktor Gurov
12:58 AM Regression #11594 (Closed): IPv6 routes with a prefix length of 128 result in an invalid route table entry: After adding fc00:1234::1234/128 via fc00:129::bbbb route, I see an invalid route in the routing table:... Viktor Gurov
08:11 AM pfSense Packages Bug #11543 (Duplicate): SquidGuard 1.16.18_15 - returning wrong page: duplicate of #8827 Viktor Gurov
04:40 AM pfSense Packages Bug #11543: SquidGuard 1.16.18_15 - returning wrong page: I can reproduce this issue in SSL/MITM Mode = "Splice Whitelist, Bump Otherwise"
in "Splice All" mode returns the co... Viktor Gurov
08:10 AM Bug #11583: dashboard nginx 504 Gateway time-out error: 1. The log parser has no idea how far back it needs to go to find enough usable entries and it has to include rotated... Jim Pingle
07:00 AM Bug #11583: dashboard nginx 504 Gateway time-out error: I still believe this to be a bug, here is why:
1. When the firewall logs widget is on the dashboard its set to only ... Adam Esslinger
07:42 AM Regression #11550 (New): Segmentation fault when loading ALTQ traffic shaping rules using FAIRQ: OK, thanks for checking on that. I've updated the subject to reflect that it's specific to FAIRQ. Jim Pingle
01:07 AM Regression #11550: Segmentation fault when loading ALTQ traffic shaping rules using FAIRQ: Jim Pingle wrote:
> Have you tried only using FAIRQ instead of only using PRIQ? It's not clear from the symptom beha... Thorsten Zitterell
05:04 AM pfSense Packages Bug #11582: FreeRADIUS XML-RPC Sync doesn't sync all configuration sections: Alexis Mestag wrote:
> It seems I don't have access to https://gitlab.netgate.com/.
> Is there a way for me to see ... Viktor Gurov
03:40 AM pfSense Packages Bug #11582: FreeRADIUS XML-RPC Sync doesn't sync all configuration sections: It seems I don't have access to https://gitlab.netgate.com/.
Is there a way for me to see the patch (out of curiosit... Alexis Mestag
04:31 AM pfSense Docs Todo #11597 (Closed): Feedback on Troubleshooting — Troubleshooting Upgrades: *Page:* https://docs.netgate.com/pfsense/en/latest/troubleshooting/upgrades.html
*Feedback:*
I recently upgrade... Jamison Guyton
04:00 AM pfSense Packages Bug #10608 (Feedback): Update squid port to 4.11-p2: Squid version in pfSense 2.5/21.02 is 4.13:... Viktor Gurov
03:58 AM pfSense Packages Feature #11060 (Resolved): Block access to consumer Google accounts: works as expected on Squid pkg 0.4.45_3 - it blocks access to google accounts and adds youtube safesearch restrictions Viktor Gurov
02:56 AM Bug #11593 (Duplicate): NAT / Port Forward Stop Working: pfblocker php error - duplicate of #11590
port forwarding issue - duplicate of #11436 Viktor Gurov
12:16 AM Bug #11593 (Duplicate): NAT / Port Forward Stop Working: Good Morning,
Since upgrading to 2.5, which otherwise works very well, I have the issue that Port Forwarding stops... Martin Kusch

03/01/2021

11:44 PM Bug #11502: WireGuard ``matchaddr failed`` kernel messages in system log: This is not isolated to when using multiple peers. It also happens to many people with just 1 peer (site to site). Do... Kevin Mychal Ong
02:15 PM Bug #11502: WireGuard ``matchaddr failed`` kernel messages in system log: I have the same issue. Loads of "matchaddr failed" messages and any WG tunnel with more than a single peer fails.
I ... Mark Howells
11:20 PM pfSense Packages Bug #11591 (Duplicate): Could not install node exporter: duplicate of #11515
See fix in the next node_exporter version:
https://github.com/pfsense/FreeBSD-ports/commit/6e... Viktor Gurov
09:58 PM pfSense Packages Bug #11591 (Duplicate): Could not install node exporter: I tried to install node_exporter and whilst the install appeared to complete successfully, I noticed it did not appea... Mark De Souza
10:01 PM pfSense Packages Bug #11592 (New): Node exporter can not read system statistics: Each time I curl <ip of router>:9100 I receive the following log error:
level=error ts=2021-03-02T03:55:34.739Z ca... Mark De Souza
09:06 PM pfSense Packages Bug #11572: Auto created firewall rules have IPv4 as protocol only - even for IPv6 lists.: There are a couple items to iron out in devel, so don't think too long. BBcan177 .
04:02 PM pfSense Packages Bug #11572: Auto created firewall rules have IPv4 as protocol only - even for IPv6 lists.: Confirmed - created as an IPv6 rule in beta. Just means that all those out there using the "release" version are at r... Dave Tickem
09:01 PM pfSense Packages Bug #11590 (Closed): pfBlocker Issue when IPv6 is disabled: I noticed a crash report this morning when I logged into pfsense. I have ipv6 disabled on my pfsense box but it appea... Mark De Souza
06:52 PM Feature #11589 (Pull Request Review): Fix iftop experimental traffic fetcher, unify and improve output style: There were several problems with iftop fetcher.
Although it offered IPv6 unlike "rate" tool, its output is limited... Ashus CZ
06:34 PM pfSense Packages Bug #11585: WireGuard kernel panic when changing peer port on assigned WireGuard interface: Interestingly enough, I haven't had any panics on my cloud instances hosted on Vultr, though my instances hosted on-p... Christian McDonald
02:24 PM pfSense Packages Bug #11585: WireGuard kernel panic when changing peer port on assigned WireGuard interface: Parts of the backtrace are similar to #11586 but it's not an exact match. Jim Pingle
02:22 PM pfSense Packages Bug #11585 (New): WireGuard kernel panic when changing peer port on assigned WireGuard interface: Jim Pingle
02:22 PM pfSense Packages Bug #11585 (Closed): WireGuard kernel panic when changing peer port on assigned WireGuard interface: Jim Pingle
02:19 PM pfSense Packages Bug #11585: WireGuard kernel panic when changing peer port on assigned WireGuard interface: That does appear to be one we haven't seen yet:... Jim Pingle
02:06 PM pfSense Packages Bug #11585: WireGuard kernel panic when changing peer port on assigned WireGuard interface: Also hitting this when changing the port on the local wg interface...sometimes. Sometimes changing the port is fine, ... Christian McDonald
01:59 PM pfSense Packages Bug #11585 (Closed): WireGuard kernel panic when changing peer port on assigned WireGuard interface: All I did was change the port on peer 0. Christian McDonald
05:34 PM Regression #11316: Unbound crashes with signal 11 when reloading: I have the same issue, after updating two of my pfsense boxes I see abut 4 to 5 messages from each per hour
"Ser... Vöggur Guðmundsson
05:29 PM Bug #11454: Gateway value for DHCP6 interfaces missing after RA events triggered script without gateway information: Greg Shaffer wrote:
> #echo $2 > /tmp/em0_routerv6
> echo "fe80::X:X:X:X" > /tmp/em0_routerv6
> #echo $2 > /tmp/em... Anonymous
12:12 AM Bug #11454: Gateway value for DHCP6 interfaces missing after RA events triggered script without gateway information: Thank you @Greg Schaffer, that worked for me! Car F
02:49 PM Bug #11578 (Pull Request Review): Error when removing automatic DNS server route: Jim Pingle
02:30 PM Bug #11578: Error when removing automatic DNS server route: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/166 Viktor Gurov
07:45 AM Bug #11578: Error when removing automatic DNS server route: Looks like that route command is missing @-inet6@ somehow.
Fixed up subject and category. Jim Pingle
02:25 AM Bug #11578 (Closed): Error when removing automatic DNS server route: The log stats:
/system.php: The command '/sbin/route -q delete -host 2001:4860:4860::8888 'dynamic'' returned exit... Kristian Krautwald
02:47 PM pfSense Packages Bug #11582 (Pull Request Review): FreeRADIUS XML-RPC Sync doesn't sync all configuration sections: Jim Pingle
02:13 PM pfSense Packages Bug #11582: FreeRADIUS XML-RPC Sync doesn't sync all configuration sections: fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/63 Viktor Gurov
09:25 AM pfSense Packages Bug #11582 (Resolved): FreeRADIUS XML-RPC Sync doesn't sync all configuration sections: Using the XML-RPC Sync feature of the FreeRADIUS package doesn't sync all configuration sections.
For example:
* ... Alexis Mestag
02:45 PM Bug #11581 (Pull Request Review): Cannot configure WAN IP address with ``/32`` CIDR mask via console menu: Jim Pingle
02:03 PM Bug #11581: Cannot configure WAN IP address with ``/32`` CIDR mask via console menu: Allow to enter /32 netmask and non-local gateway in the console menu:
https://gitlab.netgate.com/pfSense/pfSense/-/m... Viktor Gurov
09:21 AM Bug #11581 (Resolved): Cannot configure WAN IP address with ``/32`` CIDR mask via console menu: I logged in via the serial console and used the '2) Set interfaces(s) IP address' flow. That prompts for a WAN IP and... Ken Bass
02:37 PM Feature #11588 (New): Automatically suggest next IP address in Wireguard interface subnet when creating a peer: When creating a new WireGuard peer, we should suggest/pre-fill the AllowedIPs field with the next IP address in the W... Jim Pingle
02:28 PM Bug #11587 (Closed): WireGuard interfaces do not have data on traffic graphs: Moving over from NG 5522
Sending iperf3 traffic across a wireguard interface from a client on the LAN side to a se... Jim Pingle
02:25 PM Bug #11586: WireGuard panic when saving many times in a row: Textdump from one of the occurences Jim Pingle
02:24 PM Bug #11586: WireGuard panic when saving many times in a row: Parts of the backtrace are similar to #11585 but it's not an exact match. Jim Pingle
02:22 PM Bug #11586 (Not a Bug): WireGuard panic when saving many times in a row: Moving this over from NG 5538
There is still a lingering panic in WireGuard when saving on an interface, but it's ... Jim Pingle
02:25 PM Revision 7990de53: route_get() optimization. Fixes #11475: Viktor Gurov
02:24 PM Revision 490b5b48: Set correct DHCP failover peer IP on XMLRPC sync. Fixes #11519: Viktor Gurov
02:23 PM Revision e89e12e8: Move custom IPSEC NAT-T port settings to Advanced Options. Todo #11518: Viktor Gurov
02:23 PM Revision c08d270e: Set explicit-exit-notify to 1 for new OpenVPN Client instances. Implements #11521: Viktor Gurov
02:18 PM Revision 3939c0e3: IPsec Mobile users swanctl.conf fix. Issue #11564: Viktor Gurov
02:17 PM Revision 4a51b9cd: IPsec peer ID Any fix. Issue #11555: Viktor Gurov
02:17 PM Revision f4d883da: Cisco AVPair parse {clientip}. Fixes #11561: Viktor Gurov
02:16 PM Revision 44baf5a7: OpenVPN data-ciphers option length validation. Issue #11559: Viktor Gurov
02:15 PM Revision f725132e: OpenVPN ncp_enable checkbox fix. Issue #11554: Viktor Gurov
02:14 PM Revision a1fe8144: Restart unbound on interface recover. Fixes #11547: Viktor Gurov
02:13 PM Revision cfff0f35: IPsec VTI interfaces bootup fix. Issue #11537: Viktor Gurov
02:10 PM Revision 296c5881: WPA Enterprise PAP inner method support. Issue #2400: Viktor Gurov
02:06 PM pfSense Docs Correction #11584 (Resolved): Renaming Proxmox to Proxmox Virtual Environment or Proxmox VE: Fixed in https://gitlab.netgate.com/docs/pfSense-docs/-/commit/011d1208863cba0531065173fc63e93da09dcb2a Jim Pingle
01:58 PM pfSense Docs Correction #11584 (Resolved): Renaming Proxmox to Proxmox Virtual Environment or Proxmox VE: Received a request from Proxmox Marketing team to ensure we correctly use their mark in the documentation:
> May I... Jim Pingle
02:05 PM Revision 95e599a1: Show changed NAT timeouts on the system_advanced_firewall page. Issue #11565: Viktor Gurov
02:01 PM Revision 0e432655: Merge pull request #4504 from bashkarev/master: Renato Botelho
02:00 PM Revision f7e4e439: Merge pull request #4505 from woeperbe/patch-1: Renato Botelho
01:36 PM pfSense Packages Bug #11580 (Pull Request Review): FTP client proxy - source and destination bypass limitation: Jim Pingle
11:19 AM pfSense Packages Bug #11580: FTP client proxy - source and destination bypass limitation: https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/62 Viktor Gurov
04:40 AM pfSense Packages Bug #11580 (Resolved): FTP client proxy - source and destination bypass limitation: Not able to use alias in Proxy Bypass: Source and Proxy Bypass: Destination.
I tried to manually add to config.xml a... Michal Kubin
01:24 PM Feature #7842 (Feedback): New Dynamic DNS Provider: Mythic-Beasts: Ronald Schellberg wrote:
> Viktor Gurov wrote:
> > Applied in changeset commit:fe6b125233f40f5919746b1cb90c39b459aa... Viktor Gurov
01:18 PM Bug #11583: dashboard nginx 504 Gateway time-out error: That could maybe happen with an excessively large log file size (downright huge if it's 59MB _compressed_) but ultima... Jim Pingle
12:26 PM Bug #11583: dashboard nginx 504 Gateway time-out error: I was finally able to login by deleting the filter.log.x.bz2 files in the /var/log directory. There were 6 of them an... Adam Esslinger
12:16 PM Bug #11583: dashboard nginx 504 Gateway time-out error: once I finally got logged in I see this in the system logs:
2021/03/01 13:12:17 [error] 88327#100711: *20 upstream... Adam Esslinger
12:15 PM Bug #11583 (Not a Bug): dashboard nginx 504 Gateway time-out error: There isn't enough information here to point to one specific issue and this site is not for support or diagnostic dis... Jim Pingle
11:59 AM Bug #11583 (Not a Bug): dashboard nginx 504 Gateway time-out error: Ever since upgrading to version 2.5 logging into the firewall takes a really long time. Once logged in and navigatin... Adam Esslinger
01:14 PM Bug #11187: WAN_DHCP6 down, but IPv6 actually works: Does pfSense track the changes to dhcp6c that are being made by Marjohn56 on the opn side? Not sure if this is direct... → luckman212
11:59 AM Revision 7b2bca91: Update services.inc: Corrects the error in the dynamic DNS widget
warning: array_combine(): both parameters should have an equal number of... Marc Buffet
11:22 AM Feature #11577: Syslog should not require binding to interface for remote logging: Ter Ted wrote:
> No, you have to bind to the port in order to receive events, not to send them. This is just a very ... Jim Pingle
11:14 AM Feature #11577: Syslog should not require binding to interface for remote logging: No, you have to bind to the port in order to receive events, not to send them. This is just a very basic concept for ... Ter Ted
07:36 AM Feature #11577 (Rejected): Syslog should not require binding to interface for remote logging: Binding to all interfaces is not binding to a specific interface ("All" is not "specific") and "All" is an option in ... Jim Pingle
10:21 AM pfSense Packages Bug #11575: OpenVPN clients cannot pass traffic when reconnecting using the same source port: adding _nobind_ fixes the problems with viscosity on mac big sur not reconnecting after a disconnect. It continues to... IT Support
09:58 AM Bug #11330: IGMP Proxy upgrade to latest version: I did experience the kernel panic/reboot/kernel panic continuous loop again during 2.5 DEV versions a few weeks ago, ... Patrick Monfette
04:58 AM Bug #11330: IGMP Proxy upgrade to latest version: I think that I am currently having the same issues with igmp proxy since upgrading to pfsense 2.5.0:
2.5.0-RELEASE... simon lock
08:35 AM Regression #11475: Route tables with many entries can lead to PHP errors and timeouts when looking up routes: Applied in changeset commit:7990de53bfc8267d1dd96636a175929a35cbe664. Viktor Gurov
08:25 AM Regression #11475 (Feedback): Route tables with many entries can lead to PHP errors and timeouts when looking up routes: PR has been merged. Thanks! Renato Botelho
08:30 AM Regression #11519: Incorrect DHCP failover IP address configured on peer after XMLRPC sync: Applied in changeset commit:490b5b480f1b46a6f93e0ba99fff578a61f3293c. Viktor Gurov
08:24 AM Regression #11519 (Feedback): Incorrect DHCP failover IP address configured on peer after XMLRPC sync: PR has been merged. Thanks! Renato Botelho
08:30 AM Feature #11521: Set Explicit Exit Notify to ``1`` by default for new OpenVPN client instances: Applied in changeset commit:c08d270edc1f7439de103a205cd2a4262c3eb22d. Viktor Gurov
08:23 AM Feature #11521 (Feedback): Set Explicit Exit Notify to ``1`` by default for new OpenVPN client instances: PR has been merged. Thanks! Renato Botelho
08:25 AM Regression #11561: ACLs generated from RADIUS reply attributes do not parse ``{clientip}`` macro: Applied in changeset commit:f4d883dadee6e339997b29f5b4623a88b190b840. Viktor Gurov
08:17 AM Regression #11561 (Feedback): ACLs generated from RADIUS reply attributes do not parse ``{clientip}`` macro: PR has been merged. Thanks! Renato Botelho
08:24 AM Todo #11518 (Feedback): Move custom IPsec NAT-T port settings to Advanced Options: PR has been merged. Thanks! Renato Botelho
08:20 AM Bug #11547: DNS Resolver does not bind to an interface when it recovers from a down state: Applied in changeset commit:a1fe814421904ca00b6a04431d62ba18dcebf607. Viktor Gurov
08:14 AM Bug #11547 (Feedback): DNS Resolver does not bind to an interface when it recovers from a down state: PR has been merged. Thanks! Renato Botelho
08:18 AM Regression #11564 (Feedback): strongSwan configuration always contains user EAP/PSK values: PR has been merged. Thanks! Renato Botelho
08:18 AM Regression #11555 (Feedback): IPsec peer ID of "Any" does not generate a proper remote definition or related secrets: PR has been merged. Thanks! Renato Botelho
08:16 AM Bug #11559 (Feedback): OpenVPN does not start with a long list of Data Encryption Algorithms: PR has been merged. Thanks! Renato Botelho
08:16 AM Bug #11554 (Feedback): Selected Data Encryption Algorithms list items reset when an input validation error occurs: PR has been merged. Thanks! Renato Botelho
08:14 AM Regression #11537 (Feedback): IPsec VTI tunnel between IPv6 peers may not configure correctly: PR has been merged. Thanks! Renato Botelho
08:11 AM Feature #2400 (Feedback): GUI options for WPA Enterprise with identity/password: PR has been merged. Thanks! Renato Botelho
08:07 AM Feature #11420 (Feedback): New Dynamic DNS Provider: Gandi LiveDNS IPv6: PR has been merged. Thanks! Renato Botelho
08:02 AM Feature #11420 (Pull Request Review): New Dynamic DNS Provider: Gandi LiveDNS IPv6: New PR to fix syntax error introduced by the previous PR:
https://github.com/pfsense/pfsense/pull/4505 Jim Pingle
08:00 AM Feature #11420: New Dynamic DNS Provider: Gandi LiveDNS IPv6: There is an error introduced by this change and fixed by https://github.com/pfsense/pfsense/pull/4505 Renato Botelho
08:07 AM Regression #11565 (Feedback): Saved state timeout values not loaded into GUI fields on system_advanced_firewall.php: PR has been merged. Thanks! Renato Botelho
08:01 AM Bug #11569 (Feedback): ACLs generated from RADIUS reply attributes have incorrect syntax: PR has been merged. Thanks! Renato Botelho
07:56 AM pfSense Packages Bug #11459 (Feedback): pfBlockerNG doesn't include WireGuard interface in outbound floating rules: PR has been merged. Thanks! Renato Botelho
07:52 AM pfSense Packages Feature #11560 (Feedback): add ena(4) to the list of INLINE mode (netmap) supported cards: PR has been merged. Thanks! Renato Botelho
07:51 AM pfSense Packages Feature #11533 (Feedback): add ena(4) to the list of INLINE mode (netmap) supported cards: PR has been merged to 2.6.0/21.05 snapshots and will be cherry-picked to stable branches together with last binary up... Renato Botelho
07:49 AM Regression #11550: Segmentation fault when loading ALTQ traffic shaping rules using FAIRQ: Have you tried only using FAIRQ instead of only using PRIQ? It's not clear from the symptom behavior if the problem i... Jim Pingle
01:13 AM Regression #11550: Segmentation fault when loading ALTQ traffic shaping rules using FAIRQ: Jim Pingle wrote:
> Not that it should cause a segfault, but why are you mixing FAIRQ, PRIQ, and HFSC?
I used PRI... Thorsten Zitterell
07:48 AM pfSense Packages Bug #11546 (Feedback): incorrect 'set as-path' command: PR has been merged. Thanks! Renato Botelho
07:48 AM pfSense Packages Bug #11517 (Feedback): Zebra Access List Names don't prevent spaces, but a whitespace in the name will stop FRR from starting: PR has been merged. Thanks! Renato Botelho
07:48 AM pfSense Packages Bug #11511 (Feedback): OSPF distribute List always empty: PR has been merged. Thanks! Renato Botelho
07:41 AM Feature #11562: Syslog should not require binding to interface for remote logging: It is true as worded ("Any" is not "a specific interface").
Jim Pingle
12:02 AM Feature #11562: Syslog should not require binding to interface for remote logging: Jim Pingle wrote:
> It's to set the source address of the syslog traffic, not to bind the server. It's necessary for... Ter Ted
07:40 AM pfSense Packages Feature #10858 (Feedback): OpenVPN Client silent install: PR has been merged. Thanks! Renato Botelho
07:40 AM pfSense Packages Feature #11520 (Feedback): Add 'explicit-exit-notify' option by default: PR has been merged. Thanks! Renato Botelho
07:36 AM pfSense Packages Bug #11532 (Feedback): LCDproc service is not disabled: PR has been merged. Thanks! Renato Botelho
07:35 AM pfSense Packages Bug #11515 (Feedback): node_exporter 0.18.1_1 - Unable to interact or start the service from web ui: PR has been merged. Thanks! Renato Botelho
05:46 AM Bug #11464: Requests to ``ews.netgate.com`` do not honor proxy configuration: Steve Beaver wrote:
> Applied in changeset commit:2cb3c56db2366c9cadb04757bd3143ea0d7e7378.
I can confirm that th... Florian Apolloner
03:26 AM pfSense Packages Feature #11579 (New): Snort alerts or blocks trigger notifications: I use the default pfSense notifications under System -> Advanced -> Notifications, and I'd love to be able to receive... Offstage Roller
02:06 AM pfSense Plus Regression #11444: SG-3100 doesn't pass traffic after upgrade to 21.02: Let me share some of mny observartions in the last 3 days.
* hw.ncpu=unset, all non default Packages diabled = Sta... Marco Goetze

02/28/2021

11:58 PM Feature #11577 (Rejected): Syslog should not require binding to interface for remote logging: As of now, it is not possible to log to remote server without binding syslog to local interface. This shouldn't be re... Ter Ted
11:24 PM Bug #11454: Gateway value for DHCP6 interfaces missing after RA events triggered script without gateway information: UPDATE:
Here is a diff of my changes to /etc/inc/interfaces.inc
Greg Shaffer
08:47 PM Bug #11454: Gateway value for DHCP6 interfaces missing after RA events triggered script without gateway information: I noticed that both /tmp/em0_routerv6 and /tmp/em0_defaultgwv6 were empty while the ipv4 versions had the valid route... Greg Shaffer
02:52 PM Bug #11454: Gateway value for DHCP6 interfaces missing after RA events triggered script without gateway information: If ManagedConfigFlag is set in rtsold, managedconf_script (-M) will execute instead of otherconf_script (-O)
pfsen... Tim Dunn
10:28 AM Bug #11454: Gateway value for DHCP6 interfaces missing after RA events triggered script without gateway information: Michael Virgilio wrote:
> but routing is working. Without specifying a monitoring address, the status on the dashbo... Steve Y
09:45 PM pfSense Packages Bug #11572: Auto created firewall rules have IPv4 as protocol only - even for IPv6 lists.: Please update to pfBlockerNG-devel, as pfBlockerNG is not receiving many updates. This issue is resolved in devel. BBcan177 .
04:19 AM pfSense Packages Bug #11572 (New): Auto created firewall rules have IPv4 as protocol only - even for IPv6 lists.: Using any IPv6 list in pfblocker-ng "IPv6 settings" tab results in a firewall rule with the protocol set to IPv4. Thi... Dave Tickem
04:17 PM pfSense Packages Bug #11575: OpenVPN clients cannot pass traffic when reconnecting using the same source port: OpenVPN 2.5.1 does not appear to make a difference for this. I built a package for FreeBSD and loaded it, as well as ... Jim Pingle
11:15 AM pfSense Packages Bug #11575 (Resolved): OpenVPN clients cannot pass traffic when reconnecting using the same source port: If an OpenVPN client reconnects immediately after disconnecting, in certain cases it cannot pass traffic.
This app... Jim Pingle
04:13 PM Bug #7801: UDP fragments received over IPsec tunnel are not properly reassembled and forwarded: I hit the same issue with EAP-TLS (Wireless authentication) UDP fragmented packages from AP to NPS (Radius) server no... Rai Wol
11:56 AM Feature #11576 (Closed): IPsec GUI option to control Child SA ``start_action``: Currently we set the child SA start option automatically depending on a few different factors, but it would be nice t... Jim Pingle
11:08 AM pfSense Packages Todo #11574 (Duplicate): Add "nobind" to exported OpenVPN configurations by default: Remote access OpenVPN clients should be using @nobind@ in their configurations so they use a random port and appropri... Jim Pingle
09:23 AM Bug #11541 (New): OpenVPN status does not work properly when set to TCP and Concurrent Connections = 1: I can replicate that here now even on Remote Access (not P2P) so it appears to be a limitation in OpenVPN itself when... Jim Pingle
09:10 AM Bug #11541: OpenVPN status does not work properly when set to TCP and Concurrent Connections = 1: Not that I'd expect that to cause a problem, but why would you set that to 1? It doesn't make much sense.
If you don... Jim Pingle
03:31 AM Bug #11541: OpenVPN status does not work properly when set to TCP and Concurrent Connections = 1: I've found that if I set the 'Concurrent connections' value to anything greater than 1, my client is now shown in the... Ryan Fitton
09:06 AM pfSense Packages Feature #11573: Custom Commands: That wouldn't be something we'd consider for the base system, but we might consider it if someone wanted to make a pa... Jim Pingle
07:17 AM pfSense Packages Feature #11573 (New): Custom Commands: Ability to store custom commands on pfsense, and able to run them from same page.
For example storing this command... Manjot Singh
06:49 AM Todo #10464: Don't change the current update repo when new releases are available: At least now I can't reproduce the spontaneous upgrade, which is good in this case, I suppose. I'm sorry if I was spr... Christian Ullrich

02/27/2021

09:21 PM Revision 321fbbdb: Fixed bug parsing netmask cisco acl: Dmitry Bashkarev
07:55 PM pfSense Packages Bug #10429: Status Traffic Total broken 2.4.5: The patch provided by me above with the instructions works to fix it on 2.4.5, or, you can also update to 2.5.0 which... Chris R
07:53 PM pfSense Packages Bug #10429: Status Traffic Total broken 2.4.5: hello guys.
has this been fixed in 4.5? Andres Mora
06:38 PM Feature #7842 (New): New Dynamic DNS Provider: Mythic-Beasts: Jim Pingle
06:24 PM Feature #7842: New Dynamic DNS Provider: Mythic-Beasts: Viktor Gurov wrote:
> Applied in changeset commit:fe6b125233f40f5919746b1cb90c39b459aa39fd.
The commit looks righ... Ronald Schellberg
05:00 PM Bug #11571 (Rejected): Spoofing MAC address on a WAN interface causes erratic behaviour when using an L2TP tunnel on the spoofed interface: The details here don't quite line up -- please start a forum thread to discuss and diagnose this problem in more deta... Jim Pingle
04:38 PM Bug #11571 (Rejected): Spoofing MAC address on a WAN interface causes erratic behaviour when using an L2TP tunnel on the spoofed interface: I use an L2TP tunnel by Andrews and Arnolds here in the UK, as allows for access to their network without being a ful... Aman Halai
04:49 PM Regression #11570: Gateway monitoring services is not always restarted on interface events, which may prevent a WAN from recovering back to an online state: I forgot to mention... this does problem only seems to occur when you fail the main by way of unplugging the WAN inte... M L
03:40 PM Regression #11570 (Closed): Gateway monitoring services is not always restarted on interface events, which may prevent a WAN from recovering back to an online state: Good evening. This seems to be a new bug in 2.5, and was not a problem in 2.4. In gateway group configured for main... M L
03:41 PM Regression #11565 (Pull Request Review): Saved state timeout values not loaded into GUI fields on system_advanced_firewall.php: Jim Pingle
09:05 AM Regression #11565: Saved state timeout values not loaded into GUI fields on system_advanced_firewall.php: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/164 Viktor Gurov
08:50 AM Regression #11565 (Closed): Saved state timeout values not loaded into GUI fields on system_advanced_firewall.php: In system -> advanced -> Firewall & NAT
UDP timeouts are not saved. Sometimes after setting, they show up correctl... Viktor Gurov
03:40 PM Regression #11564 (Pull Request Review): strongSwan configuration always contains user EAP/PSK values: The pre-shared key tab entries have uses with site-to-site tunnels they aren't solely for mobile setups.
EAP entri... Jim Pingle
08:37 AM Regression #11564: strongSwan configuration always contains user EAP/PSK values: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/163 Viktor Gurov
08:07 AM Regression #11564 (Closed): strongSwan configuration always contains user EAP/PSK values: /var/etc/ipsec/swanctl.conf always contains users eap/psk keys:... Viktor Gurov
03:31 PM Regression #11555 (Pull Request Review): IPsec peer ID of "Any" does not generate a proper remote definition or related secrets: Jim Pingle
06:39 AM Regression #11555: IPsec peer ID of "Any" does not generate a proper remote definition or related secrets: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/162 Viktor Gurov
03:18 PM Bug #11548 (New): "rule expands to no valid combination" error from port forward automatic rule mixing IPv4 and IPv6 elements: It could be a case where the invalid rule is generated when the interface doesn't have IPv4 configured yet. I thought... Jim Pingle
05:19 AM Bug #11548: "rule expands to no valid combination" error from port forward automatic rule mixing IPv4 and IPv6 elements: still unable to reproduce, works fine for me (pppoe0 is vtnet2 with DHCP6):... Viktor Gurov
03:39 AM Bug #11548: "rule expands to no valid combination" error from port forward automatic rule mixing IPv4 and IPv6 elements: Jonas Libbrecht wrote:
> When I look at the /tmp/rules.debug at this moment. I see the (recreated) rule in question ... Jonas Libbrecht
03:37 AM Bug #11548: "rule expands to no valid combination" error from port forward automatic rule mixing IPv4 and IPv6 elements: When I look at the /tmp/rules.debug at this moment. I see the (recreated) rule in question has been assigned a privat... Jonas Libbrecht
03:24 AM Bug #11548: "rule expands to no valid combination" error from port forward automatic rule mixing IPv4 and IPv6 elements: Jim Pingle wrote:
> It's not the port range or NAT reflection, it's the fact that the rule says @inet6@ and uses an ... Jonas Libbrecht
03:14 PM Bug #11569 (Pull Request Review): ACLs generated from RADIUS reply attributes have incorrect syntax: I thought this got fixed with #10803 but apparently not. Jim Pingle
03:07 PM Bug #11569: ACLs generated from RADIUS reply attributes have incorrect syntax: Ready for review: https://github.com/pfsense/pfsense/pull/4504 Dmitry Bashkarev
02:59 PM Bug #11569 (Resolved): ACLs generated from RADIUS reply attributes have incorrect syntax: FreeRADIUS ACLs:... Dmitry Bashkarev
03:05 PM Feature #11562 (Rejected): Syslog should not require binding to interface for remote logging: It's to set the source address of the syslog traffic, not to bind the server. It's necessary for things like tunnel m... Jim Pingle
03:27 AM Feature #11562 (Rejected): Syslog should not require binding to interface for remote logging: As of now, it is not possible to log to remote server without binding syslog to local interface. This shouldn't be re... Ter Ted
03:02 PM Regression #11561 (Pull Request Review): ACLs generated from RADIUS reply attributes do not parse ``{clientip}`` macro: Jim Pingle
02:00 AM Regression #11561: ACLs generated from RADIUS reply attributes do not parse ``{clientip}`` macro: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/161 Viktor Gurov
01:51 AM Regression #11561 (Closed): ACLs generated from RADIUS reply attributes do not parse ``{clientip}`` macro: Template variable "{clientip}" that is replaced with the connecting clients VPN IP (#9206) is not parsed:... Viktor Gurov
02:53 PM Bug #11541: OpenVPN status does not work properly when set to TCP and Concurrent Connections = 1: I don't see any significant differences in the status output contents other than the TCP version you printed has a lo... Jim Pingle
02:47 PM Bug #11541: OpenVPN status does not work properly when set to TCP and Concurrent Connections = 1: Yes, still the same result when the system has had a full reboot.
I've also installed a fresh copy of pfSense 2.5 ... Ryan Fitton
05:33 AM Bug #11541: OpenVPN status does not work properly when set to TCP and Concurrent Connections = 1: Ryan Fitton wrote:
> Also, I should mention when running 'nc -U /var/etc/openvpn/server2/sock' in TCP mode; it takes... Viktor Gurov
05:10 AM Bug #11541: OpenVPN status does not work properly when set to TCP and Concurrent Connections = 1: Also, I should mention when running 'nc -U /var/etc/openvpn/server2/sock' in TCP mode; it takes up to 1 minute for th... Ryan Fitton
05:07 AM Bug #11541: OpenVPN status does not work properly when set to TCP and Concurrent Connections = 1: I can confirm the system location for this server is, /var/etc/openvpn/server2/. Based on the commands you sent; the ... Ryan Fitton
02:48 PM Bug #11559 (Pull Request Review): OpenVPN does not start with a long list of Data Encryption Algorithms: Jim Pingle
12:20 AM Bug #11559: OpenVPN does not start with a long list of Data Encryption Algorithms: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/160 Viktor Gurov
12:03 AM Bug #11559 (Closed): OpenVPN does not start with a long list of Data Encryption Algorithms: If you select too many data ciphers OpenVPN won't start:... Viktor Gurov
02:45 PM Regression #11550: Segmentation fault when loading ALTQ traffic shaping rules using FAIRQ: Not that it should cause a segfault, but why are you mixing FAIRQ, PRIQ, and HFSC?
Does the crash happen if all yo... Jim Pingle
02:42 PM pfSense Packages Feature #11560 (Pull Request Review): add ena(4) to the list of INLINE mode (netmap) supported cards: Jim Pingle
12:30 AM pfSense Packages Feature #11560: add ena(4) to the list of INLINE mode (netmap) supported cards: https://github.com/pfsense/FreeBSD-ports/pull/1047 Viktor Gurov
12:22 AM pfSense Packages Feature #11560 (Resolved): add ena(4) to the list of INLINE mode (netmap) supported cards: add ena(4) to the list of INLINE mode (netmap) supported cards (pfSense 2.5/21.02)
see https://github.com/pfsense/... Viktor Gurov
02:38 PM Regression #11568 (Resolved): Alias name change is not reflected in firewall rules: Already fixed in NG 5685 and commit:6ecf793e0f4a5c3922c5c00a087a1adea104e50a (master) commit:585e7567d0e308ce440ff1b0... Jim Pingle
02:13 PM Regression #11568 (Resolved): Alias name change is not reflected in firewall rules: To reproduce the issue:
- Create an alias ( ip or port )
- Make a firewall rule containing the alias ( source or ... Vendel Cseh
01:55 PM Bug #4521: OpenVPN authentication and certificate validation fail due to size of data passed through ``fcgicli``: Replacing fcgicli with php-cgi works for me as well when using self generated cert, intermediate and root CA with len... Rick Frey
01:34 PM Todo #10464: Don't change the current update repo when new releases are available: [First off: This bug currently has priority "low". I suggest raising it to "RED ALERT!"]
Just a quick update: I wr... Christian Ullrich
12:30 PM pfSense Packages Feature #11567 (New): Email report add a note filed request: I think for the email reports it'd be highly useful to have a note filed added.
Here is a use case:
Say a user ... Yuri Weinstein
10:05 AM pfSense Packages Bug #11449: BIND fails during/after upgrade to 21.02/2.50: Hello team,
Any idea when this will be ported to armv7 arch (Netgate SG-3100)?
https://pkg.freebsd.org/FreeBSD... Tchello Mello
03:37 AM pfSense Packages Bug #11449: BIND fails during/after upgrade to 21.02/2.50: manual installation of the latest BIND version fixes the issue:... Viktor Gurov
10:01 AM Bug #11566 (Resolved): Firewall Maximum Table Entries "default size" is whatever is entered: On at least 2.4.5 and 2.5, Firewall Maximum Table Entries has text "On this system the default size is: 2000000." Wh... Steve Y
09:41 AM Feature #11125 (Resolved): Kernel module for RTL8153 driver: Looks good. Module is present and loads correctly:... Steve Wheeler
07:46 AM Bug #11387 (Resolved): Interfaces page displays MAC Address field for interfaces which do not support L2: Tested on the latest release. It looks fine. Ticket resolved. Danilo Zrenjanin
07:11 AM pfSense Packages Bug #11563 (Confirmed): BIND GUI writes TXT records > 255 characters: System: Netgate SG-3100, 2.4.5_1 (I checked the "git log":https://github.com/pfsense/FreeBSD-ports/commits/6209a37396... Bill McGonigle
06:40 AM Bug #11489 (Resolved): Invalid certificate data can cause a PHP error: Danilo Zrenjanin
06:35 AM Bug #11514 (Resolved): Renewing a self-signed CA or certificate does not update the serial number: Tested on the latest release.
Renewed certificate got a new serial number. It works as expected. Ticket resolved. Danilo Zrenjanin
03:01 AM pfSense Packages Bug #11182: NRPE in HA syncs the bind IP: I can confirm that behaviour as well as 2.4.5p1 and 2.5 Pim Pish
02:23 AM pfSense Packages Feature #10739: Update HAproxy-devel package to 2.2 and HAproxy to 2.0: And another point "Health Check Overhaul - now multiply healtchecks are possible for one backend so changes must be u... DRago_Angel [InV@DER]
02:22 AM pfSense Packages Bug #11491: haproxy-devel v0.62_2 - startup error 'httpchk': Because now correct syntax is another:
https://cbonte.github.io/haproxy-dconv/2.2/configuration.html#4.2-http-check%... DRago_Angel [InV@DER]

02/26/2021

10:52 PM pfSense Packages Bug #11477: FRR does not recognize some BFD options: looks ,FRR 7.5 does not have "default" and "label' options
pfSense.home.arpa(config-bfd-peer)#
detect-multiplie... Alhusein Zawi
05:18 PM Bug #11557: OpenVPN fails in tls-validate after upgrading to PfSense 2.5: It's not the cert subject per se but the underlying issue of the data from OpenVPN not passing through fcgicli to PHP... Jim Pingle
05:02 PM Bug #11557: OpenVPN fails in tls-validate after upgrading to PfSense 2.5: I had the error fixed by setting a fixed "Certificate Depth" (check_depth=2) instead of looping over the sequence. I ... Fold right
01:24 PM Bug #11557 (Duplicate): OpenVPN fails in tls-validate after upgrading to PfSense 2.5: Same root cause as #4521 (and a couple other similar issues that already exist)
Jim Pingle
01:23 PM Bug #11557 (Duplicate): OpenVPN fails in tls-validate after upgrading to PfSense 2.5: If OpenVPN server is configured with a "Certificate Depth" higher than 1, the _/usr/local/sbin/ovpn_auth_verify_ will... Fold right
05:10 PM Bug #4521: OpenVPN authentication and certificate validation fail due to size of data passed through ``fcgicli``: Nice! Thank you! Worked for me :)
// RESULT=$(/usr/local/sbin/fcgicli -f /etc/inc/openvpn.tls-verify.php -d "se... Robert Rumold
08:42 AM Bug #4521: OpenVPN authentication and certificate validation fail due to size of data passed through ``fcgicli``: Rick Frey wrote:
> Ran into this issue after updating pfsense (+) to 21.02 so appears problem still exists in latest... Viktor Gurov
03:10 PM Bug #11558 (Duplicate): WireGuard Panic: Same backtrace as #11538 Jim Pingle
02:43 PM Bug #11558 (Duplicate): WireGuard Panic: Hello,
While working today, my router randomly crashed and generated a crash report.
During this crash the web inte... Nick M
01:08 PM pfSense Packages Bug #11546: incorrect 'set as-path' command: No need for that, just pick "Set prepend" in the drop-down instead of "Set". The "Set" option is not in FRR now, but ... Jim Pingle
01:05 PM pfSense Packages Bug #11546: incorrect 'set as-path' command: work around:
- Copy commands: "set as-path 65001"
- add "prepend" : set as-path prepend 65001
- go to Service... Alhusein Zawi
07:33 AM pfSense Packages Bug #11546 (Pull Request Review): incorrect 'set as-path' command: Jim Pingle
12:55 AM pfSense Packages Bug #11546: incorrect 'set as-path' command: https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/61 Viktor Gurov
12:18 AM pfSense Packages Bug #11546 (Resolved): incorrect 'set as-path' command: If you create a route map with AS Path Option = Set, an error will occur:... Viktor Gurov
01:05 PM Feature #11556: Kill states using the pre-NAT address: Correcting the category and subject
The ask here is for a way to kill based on the NAT address in the state instea... Jim Pingle
01:01 PM Feature #11556 (Resolved): Kill states using the pre-NAT address: Assume you have an external IP XXX
And an OpenVPN net 192.168.200.0/0
After OpenVPN client connects it gets a... Yuri Weinstein
12:50 PM Bug #9270: "Remove all states to and from the filtered address" does not remove all states: That's a different problem since it's a NAT address and not the final source or destination. Unrelated to this. I'm ... Jim Pingle
12:48 PM Bug #9270: "Remove all states to and from the filtered address" does not remove all states: Not sure if this should be added as a new issue
Assume you have an external IP XXX
And an OpenVPN net 192.168.200... Yuri Weinstein
12:33 PM Regression #11555 (Closed): IPsec peer ID of "Any" does not generate a proper remote definition or related secrets: When a peer identifier is set to "Any" the resulting swanctl.conf @remote@ block does not contain an @id@ line. Accor... Jim Pingle
11:47 AM Bug #11553: Unbound does not restart properly sometimes when DHCP Registration is enabled: Some additional info:
To work around the issue in this case this was reported from, one can do either of the follo... Marcos M
10:26 AM Bug #11553 (Duplicate): Unbound does not restart properly sometimes when DHCP Registration is enabled: Not specific to Plus.
The core of this is already covered by #5413 -- there may be some other Unbound bug beyond t... Jim Pingle
09:17 AM Bug #11553 (Duplicate): Unbound does not restart properly sometimes when DHCP Registration is enabled: Running the latest unbound (1.13.1) with the DHCP Registration setting enabled where DHCP entries get inserted in the... Kris Phillips
11:10 AM pfSense Packages Bug #11375 (New): UPS Type <BLANK> for USB APC: Viktor Gurov
11:07 AM Bug #11554 (Pull Request Review): Selected Data Encryption Algorithms list items reset when an input validation error occurs: Jim Pingle
11:01 AM Bug #11554: Selected Data Encryption Algorithms list items reset when an input validation error occurs: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/159 Viktor Gurov
10:34 AM Bug #11554 (Closed): Selected Data Encryption Algorithms list items reset when an input validation error occurs: How to reproduce:
1) Open OpenVPN instance for editing
2) Make any input error
3) Fix it and save
Now Data Ci... Viktor Gurov
10:57 AM Bug #11552 (Confirmed): Incorrect phase 2 entry removed when deleting multiple items consecutively: Confirmed here.
Test 1:
Made 6 P2 entries: 0 1 2 3 4 5
Deleted "1" P2: 0 2 3 4 5
Deleted "3" P2: 0 2 3 5
T... Jim Pingle
08:40 AM Bug #11552 (Resolved): Incorrect phase 2 entry removed when deleting multiple items consecutively: I had a phase1 entry with 6 phase2 entries. 3 of the phase2 entries were for tunnels to LAN and the other 3 were for... Dave Roberts
10:47 AM Bug #11547 (Pull Request Review): DNS Resolver does not bind to an interface when it recovers from a down state: Jim Pingle
10:02 AM Bug #11547: DNS Resolver does not bind to an interface when it recovers from a down state: rare issue, but could be fixed:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/158 Viktor Gurov
08:05 AM Bug #11547: DNS Resolver does not bind to an interface when it recovers from a down state: Ok thanks. Looks like setting it to "All" works for now. This behavior is new with the latest pfsense update. Never h... Frank Gouton
07:55 AM Bug #11547: DNS Resolver does not bind to an interface when it recovers from a down state: It's not a significant concern or it wouldn't be the default behavior. Both the firewall rules AND unbound ACLs preve... Jim Pingle
07:46 AM Bug #11547: DNS Resolver does not bind to an interface when it recovers from a down state: The option "All" includes the WAN interface too. Wouldn't it be a security risk to open the unbound port on the wan i... Frank Gouton
07:21 AM Bug #11547 (New): DNS Resolver does not bind to an interface when it recovers from a down state: Jim Pingle
07:21 AM Bug #11547 (Not a Bug): DNS Resolver does not bind to an interface when it recovers from a down state: This is very similar to #11087 -- Seems like you have specific interfaces selected for the resolver to use, and unbou... Jim Pingle
12:40 AM Bug #11547: DNS Resolver does not bind to an interface when it recovers from a down state: I'm made a mistake selecting the version. It's the latest stable version 2.5. Can you fix that please? Frank Gouton
12:38 AM Bug #11547 (Closed): DNS Resolver does not bind to an interface when it recovers from a down state: Unbound doesn't open a listening socket for an interface that has no active device. If you connect a device later it ... Frank Gouton
10:46 AM Bug #11541: OpenVPN status does not work properly when set to TCP and Concurrent Connections = 1: There may be some specific value in your OpenVPN status output tripping it up but debugging that is a little trickier... Jim Pingle
10:38 AM Bug #11541: OpenVPN status does not work properly when set to TCP and Concurrent Connections = 1: Hello,
Thankyou for both your quick replies.
In regards to your questions:
* "Are there any custom options def... Ryan Fitton
01:14 AM Bug #11541: OpenVPN status does not work properly when set to TCP and Concurrent Connections = 1: Unable to reproduce
TCP/UDP modes, Shared Key / SSL/TLS - I can always see the client connection on the Status / Op... Viktor Gurov
10:27 AM Bug #10624: Memory leak in Unbound with Python module and DHCP lease registration active: This would likely be fixed by also solving #5413 since it wouldn't restart in this case. Though the actual memory lea... Jim Pingle
09:33 AM pfSense Packages Feature #9238: Add support for Zerotier: @Netgate - Any chance this could be added to 2.5 ? Corey Boyle
09:07 AM Todo #11426 (Resolved): Deprecate old cryptographic accelerator hardware which is not viable on modern systems: Removed from 2.6.0
pfSense 2.4.5-p1:... Viktor Gurov
08:51 AM pfSense Packages Bug #11551: SG-3100 with pfBlockerNG doesn't pass traffic: Jim Pingle wrote:
> The PHP segfault may be similar to, or the same as, #11466
I definitely agree. Something weir... Bill Meeks
08:28 AM pfSense Packages Bug #11551: SG-3100 with pfBlockerNG doesn't pass traffic: The PHP segfault may be similar to, or the same as, #11466 Jim Pingle
08:15 AM pfSense Packages Bug #11551 (Closed): SG-3100 with pfBlockerNG doesn't pass traffic: SG-3100 appliance doesn't pass traffic on boot and I see error messages in `dmesg`:... Viktor Gurov
08:09 AM Regression #11550: Segmentation fault when loading ALTQ traffic shaping rules using FAIRQ: Jim Pingle wrote:
> Can you attach the config.xml entries for the shaper? It would help to see the queue settings an... Thorsten Zitterell
07:52 AM Regression #11550 (Feedback): Segmentation fault when loading ALTQ traffic shaping rules using FAIRQ: Unlikely that this is specific to Plus.
Can you attach the config.xml entries for the shaper? It would help to see... Jim Pingle
07:31 AM Regression #11550 (Resolved): Segmentation fault when loading ALTQ traffic shaping rules using FAIRQ: I have upgraded from 2.4.5p1 to 21.02/21.02p1 on my SG-4860.
Following traffic shaper rule causes an segmentation ... Thorsten Zitterell
08:01 AM Regression #11537 (Pull Request Review): IPsec VTI tunnel between IPv6 peers may not configure correctly: Jim Pingle
07:50 AM Regression #11537: IPsec VTI tunnel between IPv6 peers may not configure correctly: same issue with IPv4 VTI:... Viktor Gurov
07:48 AM Bug #11549 (Duplicate): DHCP relay not work behind gateway: Duplicate of #11523 Jim Pingle
07:31 AM Bug #11549 (Duplicate): DHCP relay not work behind gateway: Hello,
We have 2 XG-7100 and DHCP relay is working on multiple interfaces. Before upgrade (2.4.5_1), all worked fi... Anonymous
07:47 AM Bug #11548: "rule expands to no valid combination" error from port forward automatic rule mixing IPv4 and IPv6 elements: It's not the port range or NAT reflection, it's the fact that the rule says @inet6@ and uses an IPv6 gateway in reply... Jim Pingle
06:28 AM Bug #11548 (Feedback): "rule expands to no valid combination" error from port forward automatic rule mixing IPv4 and IPv6 elements: Jonas Libbrecht wrote:
> There were error(s) loading the rules: /tmp/rules.debug:245: rule expands to no valid combi... Viktor Gurov
01:49 AM Bug #11548: "rule expands to no valid combination" error from port forward automatic rule mixing IPv4 and IPv6 elements: Reddit post: https://www.reddit.com/r/PFSENSE/comments/loir4n/bug_pfsense_goes_in_denyall_after_upgrade_from/ Jonas Libbrecht
01:48 AM Bug #11548 (Closed): "rule expands to no valid combination" error from port forward automatic rule mixing IPv4 and IPv6 elements: After a upgrade from 2.4.5 (pfsense FE) to 21.02 (the new pfsense+), the router (Netgate SG-4860) goes on all network... Jonas Libbrecht
07:41 AM Regression #11545: Primary interface address is not always used when VIPs are present: Sounds more like a new variation or regression of #3997
Doubtful that this is specific to Plus, so moving to pfSense. Jim Pingle
01:00 AM Regression #11545: Primary interface address is not always used when VIPs are present: Could be the same issue as #5999 (service takes the first IP address on the interface, instead of a non-VIP address) Viktor Gurov
07:36 AM pfSense Plus Regression #11444: SG-3100 doesn't pass traffic after upgrade to 21.02: Marco Goetze wrote:
> Question: Was 21.02.p1 just a quick fix addind a cpu limit to laoder.conf or was the membar al... Jim Pingle
05:42 AM pfSense Plus Regression #11444: SG-3100 doesn't pass traffic after upgrade to 21.02: What Viktor mentioned could be a reason. In my tested and still failing SG-3100 it also used the pfBlockerNG-dev pack... Marco Goetze
04:18 AM pfSense Plus Regression #11444: SG-3100 doesn't pass traffic after upgrade to 21.02: same issue after upgrading to 21.02-p1:... Viktor Gurov
02:41 AM pfSense Plus Regression #11444: SG-3100 doesn't pass traffic after upgrade to 21.02: After the Problem occurred first time I applied the quick fix setting to 1 CPU in the loader.conf > hw.ncpu=1
Now ... Marco Goetze
05:24 AM Bug #11149: DHCP relay won't start with DHCP server behind gateway: John Cinuy wrote:
> I have the same problem after an upgrade with our XG 7100 with 21.02-RELEASE-p1
> The DHCP ser... Mark Lavrijsen
01:04 AM Bug #11149 (Duplicate): DHCP relay won't start with DHCP server behind gateway: see #11523 Viktor Gurov

02/25/2021

11:32 PM Bug #9643: Limiters do not function properly on 2.5 snapshots: I believe I have the same issue, I just upgraded from 2.4.5 to 2.5.0 and upload queues are empty.
I also use multi-W... Ashus CZ
11:20 PM pfSense Docs Todo #11536: Feedback on Virtual Private Networks — OpenVPN — Controlling Client Parameters via RADIUS: + add info about '{clientip}' template variable (#9206) Viktor Gurov
09:57 AM pfSense Docs Todo #11536 (Closed): Feedback on Virtual Private Networks — OpenVPN — Controlling Client Parameters via RADIUS: *Page:* https://docs.netgate.com/pfsense/en/latest/vpn/openvpn/client-parameters-radius.html
*Feedback:*
Parame... Viktor Gurov
09:20 PM Regression #11545: Primary interface address is not always used when VIPs are present: This appears to be a more general issue that can affect IPSec.
In some situations the interface can start to use a... Steve Wheeler
09:15 PM Regression #11545 (Resolved): Primary interface address is not always used when VIPs are present: If you have IP Aliases on a WAN interface that a Site to Site IPSec tunnel is riding over and upgrade from 2.4.5p1 to... Kris Phillips
08:34 PM Regression #11524: Using SHA1 or SHA256 with AES-NI may fail if AES-NI attempts to accelerate hashing: To addto the above: looks like TAC had one that was Plus 21.02 on an XG-7100 on one side and Azure VPN on the other. ... Chris Linstruth
08:31 PM Regression #11524: Using SHA1 or SHA256 with AES-NI may fail if AES-NI attempts to accelerate hashing: Interesting point to mention related to IPSec: If you lower the subnet size to something like a /30 this issue takes ... Kris Phillips
08:26 PM Regression #11524: Using SHA1 or SHA256 with AES-NI may fail if AES-NI attempts to accelerate hashing: This also affects Site to Site VPN tunnels. Please reference internal ticket 76224 for another example of this bug c... Kris Phillips
07:43 PM Regression #11316: Unbound crashes with signal 11 when reloading: Having segfault crashes on 1.13.1:
https://forum.netgate.com/topic/161372/2-5-0-unbound-1-13-1-exited-on-signal-8-... Christian Borchert
07:04 PM Regression #11316: Unbound crashes with signal 11 when reloading: It is normal for Unbound to restart often when DHCP hostname registration is on. This bug is only for the actual cras... Jim Pingle
07:03 PM Regression #11316: Unbound crashes with signal 11 when reloading: Registered just to add to this as DNS is quite important part of the network and needs to be fixed.
I am too having ... Vaidotas Butkus
04:47 PM Regression #11316: Unbound crashes with signal 11 when reloading: I was seeing unbound simply die about once a day since upgrading to 2.5.0-RELEASE. No info as to why in the service's... Scott B
11:46 AM Regression #11316: Unbound crashes with signal 11 when reloading: No need for that now, it's live in the 21.02 repository now that 21.02-p1 has been released to address SG-3100 stabil... Jim Pingle
10:29 AM Regression #11316: Unbound crashes with signal 11 when reloading: On 21.02, in the meantime, the following will upgrade unbound:... Marcos M
06:50 PM Bug #11542 (Rejected): Openvpn does not work correctly after updating to version 2.5.0: There isn't enough information here to suggest it's a bug in pfSense. Please post on the forum to discuss and diagnos... Jim Pingle
04:37 PM Bug #11542: Openvpn does not work correctly after updating to version 2.5.0: openvpn log in atach itfabrica Tech
04:05 PM Bug #11542 (Rejected): Openvpn does not work correctly after updating to version 2.5.0: Good day!
After updating from version 2.4.5-RELEASE-p1 to version 2.5.0, openvpn does not work correctly.
The first... itfabrica Tech
06:49 PM Bug #11544 (Rejected): DHCP relay won't start after upgrade 21.02: There isn't enough information here to classify it as a bug. Post on the forum to diagnose the issue and ensure it is... Jim Pingle
05:49 PM Bug #11544 (Rejected): DHCP relay won't start after upgrade 21.02: I have a problem after an upgrade with our XG 7100 with 21.02-RELEASE-p1
The DHCP server is in another subnet and th... John Cinuy
06:47 PM Revision 2169112c: Basic fiurewall_NAT MVC conversion: Steve Beaver
06:36 PM Bug #11365: dhcpv6 cannot push ipv6 gateway address: pf2.4.5 setup /48 lan is work, and setup in linux is work too. pf2.5 seems is can't work /48.
bgp can only be bro... yon Liu
12:32 PM Bug #11365 (Not a Bug): dhcpv6 cannot push ipv6 gateway address: You would never use a /48 _on an interface_. You can advertise a /48 in BGP without putting a /48 directly on an inte... Jim Pingle
12:08 PM Bug #11365: dhcpv6 cannot push ipv6 gateway address: RDVD log show not allow use /48 ipv6 in LAN interface, but i running bgp must use /48 or above prefixes in LAN interf... yon Liu
11:57 AM Bug #11365: dhcpv6 cannot push ipv6 gateway address: Jim Pingle wrote:
> I can't reproduce this here. radvd is running, clients on LAN get an IPv6 gateway and full conne... yon Liu
11:46 AM Bug #11365: dhcpv6 cannot push ipv6 gateway address: sometime, my devices get ipv6 getways address, but ipv6 still can't normal go to internet, use traceroute show ipv6... yon Liu
05:45 PM Bug #11149: DHCP relay won't start with DHCP server behind gateway: I have the same problem after an upgrade with our XG 7100 with 21.02-RELEASE-p1
The DHCP server is in another subne... John Cinuy
05:12 PM pfSense Packages Bug #11543 (Duplicate): SquidGuard 1.16.18_15 - returning wrong page: I have configurate squid+ squidguard, with autentication ldap, after Renato fixed problem with ldap filter.
So anoth... Robson Ferreira
04:01 PM pfSense Plus Bug #11466: PHP exits with signal 11 on SG-3100 when calling PCRE functions: Another day of frustrating, but ultimately not too productive, testing leads me to conclude this is something with 32... Bill Meeks
08:40 AM pfSense Plus Bug #11466: PHP exits with signal 11 on SG-3100 when calling PCRE functions: Steve Yates wrote:
> Simply out of curiosity I did a quick search and found this "not a bug" from 2008: https://bugs... Bill Meeks
03:53 PM Bug #11541 (Feedback): OpenVPN status does not work properly when set to TCP and Concurrent Connections = 1: Last time something like this happened the status output changed formats slightly for one reason or another.
It's ... Jim Pingle
03:44 PM Bug #11541: OpenVPN status does not work properly when set to TCP and Concurrent Connections = 1: Sorry, mistyped the screenshots.
Screenshot 1: OpenVPN Peer to Peer config settings
Screenshot 2: List of openvpn... Ryan Fitton
03:42 PM Bug #11541 (New): OpenVPN status does not work properly when set to TCP and Concurrent Connections = 1: Since updating from 2.4.5 to 2.5 I am having an issue with OpenVPN when using "Peer to Peer (SSL/TLS)" mode.
Netwo... Ryan Fitton
03:42 PM pfSense Plus Bug #11540 (Not a Bug): Nat not working: There isn't nearly enough information there to classify it as a bug, and this site is not for support or diagnostic d... Jim Pingle
03:29 PM pfSense Plus Bug #11540 (Not a Bug): Nat not working: Hello,
After updating to version 21.02 on SG-4860 nat stopped working.
What can we do to make nat work again?
... Alex Adati
02:30 PM Bug #11539 (Rejected): Mobile IPsec ``split_include`` value of ``0.0.0.0/0`` causes some clients to fail: Currently for mobile IPsec the code sets up @subnet@ and @split_include@ entries for IPv4/IPv6 pools based on the GUI... Jim Pingle
02:07 PM Bug #11482 (Pull Request Review): WireGuard interfaces do not always have proper MTU applied: Jim Pingle
11:16 AM Bug #11482: WireGuard interfaces do not always have proper MTU applied: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/156 Viktor Gurov
01:44 PM Bug #11538 (Closed): WireGuard Panic: A "forum user is hitting a panic on several systems when using WireGuard":https://forum.netgate.com/topic/161378/pfse... Jim Pingle
01:31 PM Regression #11537 (Closed): IPsec VTI tunnel between IPv6 peers may not configure correctly: The error in https://forum.netgate.com/post/965928 implies that an IPsec tunnel using VTI between two IPv6 peers may ... Jim Pingle
12:29 PM pfSense Packages Bug #11501: Daily acme "expiring soon" warnings about a test Let's Encrypt certificate that expired > 300 days ago: You delete the entry from the certificate manager, which is where the warning was generated. Not ACME.
Any further... Jim Pingle
11:40 AM pfSense Packages Bug #11501: Daily acme "expiring soon" warnings about a test Let's Encrypt certificate that expired > 300 days ago: When you said, "Delete it" I thought deleting the acme config in the gui would fix it. But no, I did that and still g... Craig Leres
11:11 AM pfSense Plus Regression #11444 (Resolved): SG-3100 doesn't pass traffic after upgrade to 21.02: Jim Pingle
10:52 AM Feature #11439 (Pull Request Review): IPv6 support in ``easyrule`` CLI script: Viktor Gurov
09:26 AM Regression #11535 (Duplicate): Integer Overflow in Certificate Expiration Dates: Duplicate of #11504 which already has a fix checked in. Jim Pingle
09:17 AM Regression #11535 (Duplicate): Integer Overflow in Certificate Expiration Dates: Certificates with very long expiration times displayed correctly before I upgraded to 21.02. In this version, the da... Russell Selph
08:39 AM pfSense Packages Regression #11534 (New): FreeRADIUS EAP anonymous connection forbidden out-of-tunnel: With an LDAP backend but no SQL backend, the virtual server configuration ends up as follows:... Didier Raboud
07:43 AM Feature #11521 (Pull Request Review): Set Explicit Exit Notify to ``1`` by default for new OpenVPN client instances: Jim Pingle
07:40 AM Feature #2400 (Pull Request Review): GUI options for WPA Enterprise with identity/password: Jim Pingle
07:39 AM pfSense Packages Bug #11532 (Pull Request Review): LCDproc service is not disabled: Jim Pingle
03:04 AM pfSense Packages Bug #11532: LCDproc service is not disabled: https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/60 Viktor Gurov
03:02 AM pfSense Packages Bug #11532 (Resolved): LCDproc service is not disabled: LCDproc service is not disabled if you uncheck "Enable LCDproc at startup" checkbox
/usr/local/etc/rc.d/lcdproc.sh i... Viktor Gurov
06:36 AM pfSense Packages Feature #11533: add ena(4) to the list of INLINE mode (netmap) supported cards: https://github.com/pfsense/FreeBSD-ports/pull/1046 Viktor Gurov
03:58 AM pfSense Packages Feature #11533 (Resolved): add ena(4) to the list of INLINE mode (netmap) supported cards: add ena(4) to the list of INLINE mode (netmap) supported cards (pfSense 2.5/21.02)
see https://github.com/pfsense/... Viktor Gurov
04:16 AM pfSense Packages Bug #11449: BIND fails during/after upgrade to 21.02/2.50: related to named ACL
see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=980786 Viktor Gurov
04:00 AM pfSense Packages Feature #11531: Show netmap compatible cards in IPS Mode note: + add ena(4) to the list of netmap-compatible cards (#11533) Viktor Gurov
03:13 AM pfSense Packages Feature #11531: Show netmap compatible cards in IPS Mode note: see also #10950 Viktor Gurov
02:51 AM pfSense Packages Feature #11531 (Resolved): Show netmap compatible cards in IPS Mode note: https://www.freebsd.org/cgi/man.cgi?query=netmap&sektion=4 ... Danilo Zrenjanin
02:55 AM pfSense Packages Bug #11529 (Rejected): zeek leaves traces after uninstall: fixed in #11381
now it correctly removes `/usr/local/etc/rc.d/zeek.sh`
see https://github.com/pfsense/FreeBSD-por... Viktor Gurov

02/24/2021

11:46 PM Feature #2400: GUI options for WPA Enterprise with identity/password: Tim Cappalli wrote:
> The PAP inner method is missing from EAP-TTLS in the pull request. PAP and MSCHAPv2 are the tw... Viktor Gurov
08:33 PM Feature #2400: GUI options for WPA Enterprise with identity/password: The PAP inner method is missing from EAP-TTLS in the pull request. PAP and MSCHAPv2 are the two most common inner met... Tim Cappalli
10:35 PM pfSense Plus Bug #11466: PHP exits with signal 11 on SG-3100 when calling PCRE functions: Simply out of curiosity I did a quick search and found this "not a bug" from 2008: https://bugs.php.net/bug.php?id=45... Steve Y
09:57 PM pfSense Plus Bug #11466: PHP exits with signal 11 on SG-3100 when calling PCRE functions: *Update on this issue*
The problem is somewhere within the PHP base function _preg_match()_.
Here is a PHP code... Bill Meeks
10:17 PM pfSense Packages Bug #11530 (Closed): ntopng 4.2 needs to be updated to 4.3, Bug when accessing a host for details: On pfsense 2.5, installing ntopng from package manager ntop 0.8.13_9 which is 4.2 version of ntopng, after logging in... Max D
10:11 PM pfSense Packages Bug #11529 (Rejected): zeek leaves traces after uninstall: Running latest 2.5 release of pfsense, I installed zeek to test out, but after removing the package, services still s... Max D
07:23 PM Revision f731957f: Correct location and config for Strict CRLs in IPsec. Fixes #11526: (cherry picked from commit 9a5bde87ce9fd0fad3a7f41750782b2dccce38d8) Jim Pingle
07:23 PM Revision 9a5bde87: Correct location and config for Strict CRLs in IPsec. Fixes #11526: Jim Pingle
06:04 PM Bug #11528 (Duplicate): IPsec tunnel status shows wrong status or hangs or doesn't bring up tunnels: Duplicate of #11435 and/or other existing issues that have already been solved for IPsec. Check the forum, there are ... Jim Pingle
06:01 PM Bug #11528 (Duplicate): IPsec tunnel status shows wrong status or hangs or doesn't bring up tunnels: Hi,
I've updated two pfSense instances so far from 2.4.5 to 2.5.0 and both have exhibited the same issues. The fi... Michael Knowles
05:47 PM Bug #11527 (Rejected): Bugs on pfsense 2.5.0: This site is not for support or diagnostic discussion, please post on the "Netgate Forum":https://forum.netgate.com t... Jim Pingle
05:37 PM Bug #11527 (Rejected): Bugs on pfsense 2.5.0: Good day everyone, so I currently have my pfsense running as an appliance in an old ASUS Laptop I have. It was runnin... Julius Caesar Dumaguing
01:30 PM Regression #11526 (Feedback): Mobile IPsec broken when using strict certificate revocation list checking: Applied in changeset commit:9a5bde87ce9fd0fad3a7f41750782b2dccce38d8. Jim Pingle
01:03 PM Regression #11526: Mobile IPsec broken when using strict certificate revocation list checking: This isn't specific to plus, and is a regression from 2.4.5.
Looks like the "parameter format changed":https://wik... Jim Pingle
12:39 PM Regression #11526 (Closed): Mobile IPsec broken when using strict certificate revocation list checking: Enabling Strict CRL Checking under Advanced Settings in IPSec produces the following error:
"loading connection 'c... Kris Phillips
10:53 AM pfSense Packages Bug #11525 (Closed): pfsense 2.5.0 release version for vlan issue to suricata: I have found that pfsense vlans have issues on suricata after updated to 2.5.0 release in esxi 7.0.1 virtual machine.... Ahmed Mohamed
10:49 AM Bug #4521 (Pull Request Review): OpenVPN authentication and certificate validation fail due to size of data passed through ``fcgicli``: Jim Pingle
10:05 AM Bug #4521: OpenVPN authentication and certificate validation fail due to size of data passed through ``fcgicli``: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/154 Viktor Gurov
10:37 AM Todo #11518 (Pull Request Review): Move custom IPsec NAT-T port settings to Advanced Options: Jim Pingle
04:16 AM Todo #11518: Move custom IPsec NAT-T port settings to Advanced Options: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/152 Viktor Gurov
03:20 AM Todo #11518 (Closed): Move custom IPsec NAT-T port settings to Advanced Options: custom IPsec NAT-T port settings (#10870) are very rarely used and in most cases can only confuse users
better to mo... Viktor Gurov
10:32 AM Regression #11523: Incorrect upstream interface: Feels to me like @guess_interface_from_ip()@ if it keeps using the full routing table would need to be changed so it ... Jim Pingle
09:48 AM Regression #11523: Incorrect upstream interface: Jim Pingle wrote:
> Does the patch from #11519 also solve this? If so, this can be closed and combined with it. Seem... Viktor Gurov
09:40 AM Regression #11523: Incorrect upstream interface: Does the patch from #11519 also solve this? If so, this can be closed and combined with it. Seems like the same root ... Jim Pingle
08:09 AM Regression #11523: Incorrect upstream interface: https://forum.netgate.com/topic/161063/update-to-2-5-0-broke-dhcp-relay Viktor Gurov
08:09 AM Regression #11523 (Duplicate): Incorrect upstream interface: another issue with `guess_interface_from_ip()` (see also #11519):
`services_dhcrelay_configure()` uses `guess_inte... Viktor Gurov
10:29 AM Regression #11519 (Pull Request Review): Incorrect DHCP failover IP address configured on peer after XMLRPC sync: Jim Pingle
04:06 AM Regression #11519: Incorrect DHCP failover IP address configured on peer after XMLRPC sync: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/151 Viktor Gurov
03:44 AM Regression #11519 (Closed): Incorrect DHCP failover IP address configured on peer after XMLRPC sync: `/etc/rc.filter_synchronize` uses `guess_interface_from_ip()` which returns only first (top-down) interface from the ... Viktor Gurov
10:20 AM pfSense Packages Bug #11515 (Pull Request Review): node_exporter 0.18.1_1 - Unable to interact or start the service from web ui: Jim Pingle
12:25 AM pfSense Packages Bug #11515: node_exporter 0.18.1_1 - Unable to interact or start the service from web ui: fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/58 Viktor Gurov
10:19 AM pfSense Packages Bug #11517 (Pull Request Review): Zebra Access List Names don't prevent spaces, but a whitespace in the name will stop FRR from starting: Jim Pingle
09:56 AM pfSense Packages Bug #11511 (Pull Request Review): OSPF distribute List always empty: Jim Pingle
09:48 AM pfSense Packages Feature #11520 (Pull Request Review): Add 'explicit-exit-notify' option by default: Jim Pingle
06:50 AM pfSense Packages Feature #11520: Add 'explicit-exit-notify' option by default: https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/59 Viktor Gurov
06:04 AM pfSense Packages Feature #11520: Add 'explicit-exit-notify' option by default: Also see:
https://redmine.pfsense.org/issues/9085
Pippin MMD
04:36 AM pfSense Packages Feature #11520 (Resolved): Add 'explicit-exit-notify' option by default: https://build.openvpn.net/man/openvpn-2.5/openvpn.8.html:... Viktor Gurov
09:46 AM Feature #11521: Set Explicit Exit Notify to ``1`` by default for new OpenVPN client instances: We already have a GUI option for this. It only works with UDP, so enabling it unilaterally is not viable. At most we ... Jim Pingle
07:06 AM Feature #11521: Set Explicit Exit Notify to ``1`` by default for new OpenVPN client instances: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/153 Viktor Gurov
07:00 AM Feature #11521 (Resolved): Set Explicit Exit Notify to ``1`` by default for new OpenVPN client instances: https://build.openvpn.net/man/openvpn-2.5/openvpn.8.html:... Viktor Gurov
09:42 AM Regression #11524: Using SHA1 or SHA256 with AES-NI may fail if AES-NI attempts to accelerate hashing: Another potential report at https://forum.netgate.com/topic/161354/ipsec-packet-loss-routing-issue-with-21-02-release... Jim Pingle
08:11 AM Regression #11524: Using SHA1 or SHA256 with AES-NI may fail if AES-NI attempts to accelerate hashing: Specifically, the hardware from the thread above is a Netgate 5100 running pfSense Plus, but this likely affects both... Jim Pingle
08:09 AM Regression #11524 (Closed): Using SHA1 or SHA256 with AES-NI may fail if AES-NI attempts to accelerate hashing: Based on at least one report, it appears AES-NI on Plus 21.02/2.5.0 has an issue with SHA-256 and some clients, notab... Jim Pingle
07:13 AM pfSense Packages Bug #11522 (New): fping6 error: we have a XG7100 (not updated to 2.5) with a running zabbix proxy. Now we discovered many entrys in the logfile with:... Viktor Gurov
02:43 AM Revision a33e8b1c: CaptivePortal: Redirect back to Login Page on Logout: Currently (i.e when a custom logout page is present) when a user clicks on logout , a window with the logout message ... nraven777 consec

02/23/2021

11:50 PM pfSense Plus Regression #11444: SG-3100 doesn't pass traffic after upgrade to 21.02: Scott Lang, that tracks along the same lines with the issues I was having back in Sep 2020: https://forum.netgate.com... Daniel Gordon
11:37 PM pfSense Packages Bug #11517: Zebra Access List Names don't prevent spaces, but a whitespace in the name will stop FRR from starting: fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/57 Viktor Gurov
02:32 PM pfSense Packages Bug #11517 (Resolved): Zebra Access List Names don't prevent spaces, but a whitespace in the name will stop FRR from starting: Services/FRR/Global Settings/Edit/Access Lists allows saving the settings with a whitespace in the name, but this cau... Lennart dV
10:04 PM Revision 3987c45b: Improve CA/Self-Signed serial handling. Fixes #11514: (cherry picked from commit 4aa7c7aefc273464b8e66e6176a860b0246f8ee9) Jim Pingle
10:04 PM Revision 4aa7c7ae: Improve CA/Self-Signed serial handling. Fixes #11514: Jim Pingle
09:25 PM Revision 16c1d390: Try parsing four digit years in cert timestamps. Fixes #11504: (cherry picked from commit bdaa35dcf31def521ba8c60c0aa9c41bf5005311) Jim Pingle
09:24 PM Revision bdaa35dc: Try parsing four digit years in cert timestamps. Fixes #11504: Jim Pingle
09:12 PM Revision ad27159f: Do not deprecate prefix if AdvRASrcAddress is specified, refs: #11103: znerol
08:07 PM pfSense Packages Bug #11449: BIND fails during/after upgrade to 21.02/2.50: I also have this issue after upgrading to pfsense 2.5. I've noticed that if you reboot the named process doesn't seem... Stefan Andersson
07:22 PM Revision cb17faca: Improve handling of broken/invalid certs. Fixes #11489: (cherry picked from commit 29804b9e6ff07d0224d9396b063f88f486f0d231) Jim Pingle
07:21 PM Revision 29804b9e: Improve handling of broken/invalid certs. Fixes #11489: Jim Pingle
06:22 PM pfSense Packages Bug #11501: Daily acme "expiring soon" warnings about a test Let's Encrypt certificate that expired > 300 days ago: Jim Pingle wrote:
> Craig Leres wrote:
> > How was I able to go 390+ days before upgrading to 21.02 without getting... Craig Leres
04:10 PM Bug #11514 (Feedback): Renewing a self-signed CA or certificate does not update the serial number: Applied in changeset commit:4aa7c7aefc273464b8e66e6176a860b0246f8ee9. Jim Pingle
12:23 PM Bug #11514 (Closed): Renewing a self-signed CA or certificate does not update the serial number: When renewing a self-signed CA entry or self-signed certificate in the GUI the serial number is not replaced with a n... Jim Pingle
03:35 PM pfSense Plus Regression #11504 (Feedback): CA and certificate validity end dates after 2038 are not handled properly on 32-bit ARM: Applied in changeset pfsense:commit:bdaa35dcf31def521ba8c60c0aa9c41bf5005311. Jim Pingle
03:26 PM pfSense Plus Regression #11504: CA and certificate validity end dates after 2038 are not handled properly on 32-bit ARM: When applying the patch for this, you will probably need to apply @cb17faca3b07197db4b1eb1502a876873ddc222c@ first an... Jim Pingle
03:25 PM pfSense Plus Regression #11504: CA and certificate validity end dates after 2038 are not handled properly on 32-bit ARM: Looks like this is from the @validTo@ date in the parsed details using a four digit date and the code assumed a two d... Jim Pingle
03:25 PM Bug #11489: Invalid certificate data can cause a PHP error: I have applied the patch and the problem is fixed. I have deleted the offending cert. Thanks. Simon Brezovnik
01:30 PM Bug #11489: Invalid certificate data can cause a PHP error: Applied in changeset commit:29804b9e6ff07d0224d9396b063f88f486f0d231. Jim Pingle
01:29 PM Bug #11489: Invalid certificate data can cause a PHP error: You can use the "system patches package":https://docs.netgate.com/pfsense/en/latest/development/system-patches.html t... Jim Pingle
01:25 PM Bug #11489: Invalid certificate data can cause a PHP error: OK, with the cert you sent I can reproduce the error. The problem is that the certificate data in that snippet is cor... Jim Pingle
07:22 AM Bug #11489: Invalid certificate data can cause a PHP error: You can send the certificate to @jimp@ (a.t.) @netgate@ (d|o|t) @com@
Once I can reproduce the problem and work up... Jim Pingle
06:14 AM Bug #11489: Invalid certificate data can cause a PHP error: I get the following error in the GUI with know way to delete the offending cert, screen shot attached. Is reloading t... Simon Brezovnik
06:08 AM Bug #11489: Invalid certificate data can cause a PHP error: I have identified the certificate causing the problem. How would you like me to send it to you? The crt was created i... Simon Brezovnik
03:16 PM Feature #11103: Use virtual link local IP address as RA source address for HA environments: Thanks for merging. I just opened a PR for a small followup:
https://github.com/pfsense/pfsense/pull/4502
Sorry... znerol znerol
03:10 PM pfSense Plus Bug #11466: PHP exits with signal 11 on SG-3100 when calling PCRE functions: *Another Update*
None of the conditions described in this bug report occur on an SG-1100 (64-bit ARM CPU), and nei... Bill Meeks
11:40 AM pfSense Plus Bug #11466: PHP exits with signal 11 on SG-3100 when calling PCRE functions: Marcos:
-I'm running into difficulty updating my SG-1100 to the latest version. It is still on the 2.4.4 factory i... Bill Meeks
08:07 AM pfSense Plus Bug #11466: PHP exits with signal 11 on SG-3100 when calling PCRE functions: Thanks for the additional info. I will investigate further. The Signal 10 from the Snort binary I am not really surpr... Bill Meeks
01:21 AM pfSense Plus Bug #11466: PHP exits with signal 11 on SG-3100 when calling PCRE functions: The behavior with both Snort and Suricata installed was definitely strange and didn't make sense to me. I did a fresh... Marcos M
02:56 PM Revision 6f84dd13: On save return virtual IP id: Steve Beaver
01:44 PM Revision a397f9a8: Merge pull request #4501 from mschiegl/patch-1: Renato Botelho
01:43 PM Regression #11316: Unbound crashes with signal 11 when reloading: Will the update be made available to 21.02 soon? My 2.5.0 box finds it, but my 21.02 box does not.
Thanks! Tim Gagnon
01:05 PM Bug #11516 (Rejected): pfsync Synchronize Peer IP lost when upgrading from 2.4.5 to 2.5.0: There is not enough information to classify this as a bug. It sounds more like a configuration issue led to that, not... Jim Pingle
01:01 PM Bug #11516 (Rejected): pfsync Synchronize Peer IP lost when upgrading from 2.4.5 to 2.5.0: Having a an HA installation, upgrade the backup node from 2.4.5 to 2.5.0 with no problems, then upgraded the master n... Pablo Trincavelli
12:46 PM Revision 8b424bca: Use set_curlproxy() function for cURL proxy configuration. Issue #11476: Viktor Gurov
12:44 PM Revision c03a2049: IPsec Mobile EAP-RADIUS additional configuration fix. Issue #11447: Viktor Gurov
12:41 PM Revision 969574b6: Put OpenVPN route-nopull option after custom options. Fixes #11448: Viktor Gurov
12:36 PM pfSense Packages Bug #11515 (Feedback): node_exporter 0.18.1_1 - Unable to interact or start the service from web ui: This bug can be reproduced on my Netgate XG-7100 running 21.02-RELEASE
After installing the package for the first... dff dff
12:34 PM pfSense Packages Bug #11513: FFR won't show Access-List on Distribute List (OSPF): Can't access gitlab.netgate.com :/ F. M.
12:21 PM pfSense Packages Bug #11513 (Duplicate): FFR won't show Access-List on Distribute List (OSPF): Duplicate of #11511 Viktor Gurov
12:20 PM pfSense Packages Bug #11513 (Duplicate): FFR won't show Access-List on Distribute List (OSPF): Pfsense 2.5 and FRR 1.1.0_5.
You create an access list and expect to set it on OSPF "Distribute List".
However ... F. M.
12:30 PM Revision 19866d78: System Information widget fix. Issue #11443: Viktor Gurov
12:29 PM Revision 4fef1c10: WireGuard interface friendly description. Fixes #11437: Viktor Gurov
12:29 PM Revision ee712bbb: Allow to use OpenVPN provided DNS servers. Implements #11140: Viktor Gurov
12:27 PM Revision 5f120301: WPA Enterprise (PEAP/TLS/TTLS) client mode. Feature #2400: Viktor Gurov
12:23 PM Bug #11503: Using multiple authentication backends on an OpenVPN server fails: seems related to #9460 Viktor Gurov
12:18 PM pfSense Packages Bug #11511: OSPF distribute List always empty: fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/56 Viktor Gurov
12:05 PM pfSense Packages Bug #11511 (Resolved): OSPF distribute List always empty: from https://forum.netgate.com/topic/161176/filter-some-routes:
The GUI does not find the configured ACL Lists any m... Viktor Gurov
12:12 PM Bug #11437 (Waiting on Merge): WireGuard group is not printed in the interface column of the NAT rule list: Jim Pingle
10:20 AM Bug #11437: WireGuard group is not printed in the interface column of the NAT rule list: Hi all,
Patch applied and bug fixed. Marcelo Gondim
06:35 AM Bug #11437: WireGuard group is not printed in the interface column of the NAT rule list: Applied in changeset commit:4fef1c109de562f9f97d7c04d4cf8f0f041811e0. Viktor Gurov
06:30 AM Bug #11437 (Feedback): WireGuard group is not printed in the interface column of the NAT rule list: PR has been merged. Thanks! Renato Botelho
12:08 PM Regression #11512 (Closed): DHCP Leases page and ARP table page fail to load if DNS is not available: From jimp: "Once upon a time it used to test for DNS on those pages and skip it if DNS didn't respond. Maybe that got... Brad Lavis
11:50 AM Regression #11510 (Closed): ARP Table populates hostname values using expired DHCP lease data: Description based on discussion from https://forum.netgate.com/topic/161139/arp-bug-pfsense-2-5-0
In *Diagnostic -... Tomasz K.
10:47 AM pfSense Packages Bug #11509 (Closed): LCD package - not starting at boot - stop and start in Status Window not possible: Hi all,
I'm using pfSense 2.5 on a WatchGuard XTM 510 on which I started using the built in LCD display. Got it work... The Cycler63
08:01 AM Regression #11443: Disabling 'State Table Size' in the System Information widget prevents other data from being displayed: Jim Pingle wrote:
> https://docs.netgate.com/pfsense/en/latest/development/system-patches.html
>
> Create an entr... Jason Hodgdon
07:44 AM Regression #11443: Disabling 'State Table Size' in the System Information widget prevents other data from being displayed: never mind I figured it out! thx :) Jason Hodgdon
07:40 AM Regression #11443: Disabling 'State Table Size' in the System Information widget prevents other data from being displayed: https://docs.netgate.com/pfsense/en/latest/development/system-patches.html
Create an entry for @19866d78540d498f23... Jim Pingle
07:33 AM Regression #11443: Disabling 'State Table Size' in the System Information widget prevents other data from being displayed: Renato Botelho wrote:
> Jason Hodgdon wrote:
> > Viktor Gurov wrote:
> > > fix:
> > > https://gitlab.netgate.com/... Jason Hodgdon
07:18 AM Regression #11443: Disabling 'State Table Size' in the System Information widget prevents other data from being displayed: Jason Hodgdon wrote:
> Viktor Gurov wrote:
> > fix:
> > https://gitlab.netgate.com/pfSense/pfSense/-/merge_request... Renato Botelho
07:08 AM Regression #11443: Disabling 'State Table Size' in the System Information widget prevents other data from being displayed: It's not down, that's our internal development git, not the public one which is on github. Jim Pingle
06:36 AM Regression #11443: Disabling 'State Table Size' in the System Information widget prevents other data from being displayed: Viktor Gurov wrote:
> fix:
> https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/141
anyone know why git... Jason Hodgdon
06:30 AM Regression #11443 (Feedback): Disabling 'State Table Size' in the System Information widget prevents other data from being displayed: PR has been merged. Thanks! Renato Botelho
07:45 AM Regression #11500 (Feedback): OpenVPN using the wrong OpenSSL command to list digest algorithms: PR has been merged. Thanks! Renato Botelho
07:42 AM Bug #11505 (Duplicate): PPPoE daemon selects wrong interface: The bug you reference is not fixed -- it's still open in a "New" state and nothing was done yet to correct it.
No ... Jim Pingle
07:26 AM Bug #10465 (Resolved): possible routing performance regression due to non use of ip_tryforward: Yes, this is fixed in 21.02/2.5.0 Jim Pingle
07:25 AM Bug #11506 (Duplicate): traffic graph dont show traffic for Wireguard interface: We're already tracking this internally (NG 5522). See also #11315 Jim Pingle
12:41 AM Bug #11506 (Duplicate): traffic graph dont show traffic for Wireguard interface: The traffic graph don´t register any traffic. The table show traffic correct but nothing in the graph. johan carlsson
06:52 AM pfSense Packages Bug #11477 (Feedback): FRR does not recognize some BFD options: PR has been merged. Thanks! Renato Botelho
06:52 AM pfSense Packages Bug #11392 (Feedback): FRR - Advanced Routing Behavior - Network Import Check: Flag should be reversed: PR has been merged. Thanks! Renato Botelho
06:52 AM pfSense Packages Bug #11445 (Feedback): bgp as-path in wrong position: PR has been merged. Thanks! Renato Botelho
06:50 AM Bug #11448: Incorrect order of ``route-nopull`` option in OpenVPN client-specific override configuration: Applied in changeset commit:969574b6dbb124e98595ca537c0d176d908707d0. Viktor Gurov
06:41 AM Bug #11448 (Feedback): Incorrect order of ``route-nopull`` option in OpenVPN client-specific override configuration: PR has been merged. Thanks! Renato Botelho
06:46 AM Bug #11476 (Feedback): Telegram and Pushover notification API calls do not respect proxy configuration: PR has been merged. Thanks! Renato Botelho
06:44 AM Regression #11447 (Feedback): EAP-RADIUS Mobile IPsec clients with RADIUS-assigned addresses do not get additional configuration attributes: PR has been merged. Thanks! Renato Botelho
06:35 AM Feature #11140: Allow the firewall to use DNS servers provided to an OpenVPN client instance: Applied in changeset commit:ee712bbb11bd04d442c545ab151a4df9e083edb6. Viktor Gurov
06:28 AM Feature #11140 (Feedback): Allow the firewall to use DNS servers provided to an OpenVPN client instance: PR has been merged. Thanks! Renato Botelho
06:27 AM Feature #2400 (Feedback): GUI options for WPA Enterprise with identity/password: PR has been merged. Thanks! Renato Botelho
02:58 AM Todo #11508 (Pull Request Review): Update SimplePie to to v1.5.6: Mostly bug and issue fixes, some new features. One micro-performance optimisation.
PR: https://github.com/pfsense/... GChuf 6
02:27 AM Todo #11507 (Resolved): Update font formats to WOFF2: Currently, the web fonts are stored in .ttf format. Since then, woff and woff2 formats have been invented, which don'... GChuf 6

02/22/2021

11:06 PM Bug #10465: possible routing performance regression due to non use of ip_tryforward: The 21.02 / 2.5 Release Notes lists this fix (in the Operating System section):
* Fixed a network performance regres... David Burns
09:49 PM Bug #10465: possible routing performance regression due to non use of ip_tryforward: Is this issue still applicable with 2.5 or should I re-enable ICMP redirect? Kevin Mychal Ong
10:20 PM pfSense Plus Bug #11466: PHP exits with signal 11 on SG-3100 when calling PCRE functions: So to make sure I understand, this only happens on an SG-3100 and you can't reproduce on x86 hardware.
The first t... Bill Meeks
07:04 PM pfSense Plus Bug #11466: PHP exits with signal 11 on SG-3100 when calling PCRE functions: They were not scrubbed. Here are the steps to reproduce it (was not able to reproduce on a x86 system).
Only Snort... Marcos M
06:43 PM pfSense Plus Bug #11466: PHP exits with signal 11 on SG-3100 when calling PCRE functions: Marcos Mendoza wrote:
> The ARM patch for snort is still there:
> https://github.com/pfsense/FreeBSD-ports/blob/dev... Bill Meeks
02:08 PM pfSense Plus Bug #11466: PHP exits with signal 11 on SG-3100 when calling PCRE functions: The ARM patch for snort is still there:
https://github.com/pfsense/FreeBSD-ports/blob/devel/security/snort/files/pat... Marcos M
06:56 PM pfSense Packages Bug #9204: ospfd: GRE tunnels became unnumbered since 2.4.4: ...I mean, this is not a proper test, I need to bring up a live tunnel and get some LSAs going first.
But when thi... Firstname Surname
03:56 PM pfSense Packages Bug #9204: ospfd: GRE tunnels became unnumbered since 2.4.4: OK - I just tested that fix.... Firstname Surname
03:37 PM pfSense Packages Bug #9204: ospfd: GRE tunnels became unnumbered since 2.4.4: Typically we would wait until it's in an official release. Jim Pingle
02:37 PM pfSense Packages Bug #9204: ospfd: GRE tunnels became unnumbered since 2.4.4: FRR have been silent, but it looks like the person who raised this has a patch. What's your policy here, do you apply... Firstname Surname
06:50 PM Bug #11505 (Duplicate): PPPoE daemon selects wrong interface: The defect was not properly addressed and assigned leading up to the 2.5.0 release.
The functionality is still bro... Kristopher Kolpin
06:38 PM Bug #9270: "Remove all states to and from the filtered address" does not remove all states: looks great in 2.5.0 thanks a million ! Yuri Weinstein
05:33 PM Revision 00995e1e: Fix a typo.: No functional changes. Luiz Souza
04:52 PM pfSense Plus Regression #11504 (Resolved): CA and certificate validity end dates after 2038 are not handled properly on 32-bit ARM: The expiry date rolls over and is shown as some time in that past. pfSense see it as expired/invalid. See attachment.... Steve Wheeler
04:01 PM Regression #11316: Unbound crashes with signal 11 when reloading: This is now in the 2.5.0 repository. To upgrade manually, run the following from an ssh or console shell prompt (not ... Jim Pingle
10:18 AM Regression #11316: Unbound crashes with signal 11 when reloading: The forum thread linked above has instructions for installing the updated version manually from the snapshot reposito... Jim Pingle
03:51 PM Bug #11503 (New): Using multiple authentication backends on an OpenVPN server fails: We did update our pfSense Cluster to 2.5.0. On our OpenVPN connection we do have multiple backends. Our main one (RAD... Silvano Giacomello
03:45 PM Revision dc572d38: Merge pull request #4491 from dsmackie/issue-9887: Renato Botelho
03:17 PM Bug #11502: WireGuard ``matchaddr failed`` kernel messages in system log: Peter fixed a similar error before the release, this may be similar. Jim Pingle
02:35 PM Bug #11502 (Not a Bug): WireGuard ``matchaddr failed`` kernel messages in system log: When I setup 1 wireguard interface things work normally with 1 peer. Once I add a second peer to the same interface I... Adam Esslinger
02:21 PM Bug #9541: Non-admin user with admin rights is given the wrong URL for the user manager: The code in 2.5.0 is the same as the post-patch code there. Perhaps you accidentally reverted that patch after being ... Jim Pingle
02:13 PM Bug #9541: Non-admin user with admin rights is given the wrong URL for the user manager: Testing this on 2.5.0-RELEASE, it looks like the bug is either still present or there's been a regression—screen capt... Michael Alden
02:16 PM Regression #11442: Distinguished Name (FQDN) IPsec peer identifier type is not formatted properly in ``swanctl.conf`` secrets: Patch 10eb04259fd139c62e08df8de877b71fdd0eedc8 is much appreciated, looking forward to P1 release in order to be able... e 1/1
02:15 PM Bug #9887: Rule separator positions change when deleting multiple rules: Applied in changeset commit:3e7a04be6ce4530bbb37b3c312fd2239a61967db. Dan Mackie
09:45 AM Bug #9887 (Feedback): Rule separator positions change when deleting multiple rules: PR has been merged. Thanks! Renato Botelho
01:32 PM Revision e81512fa: Revert "Welcome pfSense CE 2.5.0-RELEASE-p1": This reverts commit 57296da03385ccdc0d07ac8b6bd8f110f8d0314f. Renato Botelho
01:20 PM Bug #11494: Wireguard interface sends ICMP Redirect when routing between two peers: I was able to confirm that there does not appear to be any rate limiting, the overhead isn't terrible though as the I... Blaine Palmer
11:37 AM Bug #11494: Wireguard interface sends ICMP Redirect when routing between two peers: Another workaround is to do one peer per tunnel and a dynamic routing protocol like BGP, or routes using the remote p... Jim Pingle
11:28 AM Bug #11494: Wireguard interface sends ICMP Redirect when routing between two peers: I've disabled redirect via the sysctl/tunable as suggested already.
Just to clarify this is for every incoming pac... Blaine Palmer
10:21 AM Bug #11494: Wireguard interface sends ICMP Redirect when routing between two peers: This is likely a (mostly?) harmless side effect of how the routes in the routing table are added for WireGuard. Becau... Jim Pingle
01:00 PM pfSense Packages Bug #11501: Daily acme "expiring soon" warnings about a test Let's Encrypt certificate that expired > 300 days ago: Craig Leres wrote:
> How was I able to go 390+ days before upgrading to 21.02 without getting daily expiring message... Jim Pingle
12:40 PM pfSense Packages Bug #11501: Daily acme "expiring soon" warnings about a test Let's Encrypt certificate that expired > 300 days ago: And I should ask is there a way to delete the certificate but keep the test config in case I need to test in the futu... Craig Leres
12:38 PM pfSense Packages Bug #11501: Daily acme "expiring soon" warnings about a test Let's Encrypt certificate that expired > 300 days ago: Jim Pingle wrote:
> Delete it, it's not needed. It's a leftover from previous ACME certificates.
>
> Entries are ... Craig Leres
12:35 PM pfSense Packages Bug #11501 (Not a Bug): Daily acme "expiring soon" warnings about a test Let's Encrypt certificate that expired > 300 days ago: Delete it, it's not needed. It's a leftover from previous ACME certificates.
Entries are never removed automatical... Jim Pingle
12:25 PM pfSense Packages Bug #11501 (Not a Bug): Daily acme "expiring soon" warnings about a test Let's Encrypt certificate that expired > 300 days ago: When I setup acme on my pfsense box I used the same procedure as I would with a FreeBSD host; I created a test cert w... Craig Leres
12:35 PM Regression #11475: Route tables with many entries can lead to PHP errors and timeouts when looking up routes: Dirk Meyer wrote:
> Renato Botelho wrote:
> > Dirk,
> >
> > Can you try attached patch and let me know if it hel... Renato Botelho
12:26 PM Regression #11475: Route tables with many entries can lead to PHP errors and timeouts when looking up routes: Renato Botelho wrote:
> Dirk,
>
> Can you try attached patch and let me know if it helps?
The patch looks like... Dirk Meyer
09:36 AM Regression #11475 (In Progress): Route tables with many entries can lead to PHP errors and timeouts when looking up routes: Renato Botelho
09:36 AM Regression #11475: Route tables with many entries can lead to PHP errors and timeouts when looking up routes: Dirk,
Can you try attached patch and let me know if it helps? Renato Botelho
08:58 AM Regression #11475 (Pull Request Review): Route tables with many entries can lead to PHP errors and timeouts when looking up routes: Jim Pingle
12:33 PM Bug #4521: OpenVPN authentication and certificate validation fail due to size of data passed through ``fcgicli``: Ran into this issue after updating pfsense (+) to 21.02 so appears problem still exists in latest version. Have a se... Rick Frey
10:08 AM Bug #4521: OpenVPN authentication and certificate validation fail due to size of data passed through ``fcgicli``: That other issue is old/closed, not likely to be the same. Even so, if it came up again, it needs a fresh issue with ... Jim Pingle
12:07 PM pfSense Packages Bug #11490: Service Watchdog - Impacts Reboots and Package Updates: All fair points.
Have run into a couple occasions where something 'died' (such as Snort, Suricata, lldpd, haproxy)... A S
10:11 AM pfSense Packages Bug #11490: Service Watchdog - Impacts Reboots and Package Updates: This is a problem only with the package and also not likely one that will be solvable in an easy way.
The package ... Jim Pingle
11:25 AM Regression #11500 (Pull Request Review): OpenVPN using the wrong OpenSSL command to list digest algorithms: Jim Pingle
11:15 AM Regression #11500 (Closed): OpenVPN using the wrong OpenSSL command to list digest algorithms: At least in OpenSSL version 1.1.1i-freebsd, used by pfsense 2.5, there is no longer a "list-message-digest-algorithms... Markus Schiegl
11:14 AM Revision f37660de: Merge pull request #4500 from bitscher/master: Renato Botelho
11:06 AM Revision 50ae67cd: Merge pull request #4487 from znerol-forks/feature/master/radvd-linklocal-vip: Renato Botelho
10:46 AM Bug #11427 (Duplicate): IPSEC Status page shows Connections twice (connected and disconnected): This has been fixed already, see #11435 Jim Pingle
10:22 AM Bug #11427: IPSEC Status page shows Connections twice (connected and disconnected): We are having the same exact issue and despite I cannot provide any configuration at the moment I can provide some in... Denis Grilli
10:24 AM Regression #11495 (Pull Request Review): NTP widget displays incorrect status: Jim Pingle
10:19 AM pfSense Docs Todo #11499 (Closed): Feedback on Services — DHCPv4 Server: *Page:* https://docs.netgate.com/pfsense/en/latest/services/dhcp/ipv4.html
*Feedback:*
For "Failover Peer IP", ... Marcos M
10:12 AM pfSense Packages Feature #11492 (Duplicate): there is an Freebsd version available for a splunk universal forwarder: Duplicate of #7683 Jim Pingle
10:07 AM Bug #11482: WireGuard interfaces do not always have proper MTU applied: If you edit the assigned interface and save/apply, it does get the correct MTU applied. However, if you edit/save the... Jim Pingle
10:07 AM Bug #11484: Adding static routed subnets destroys the route at routing table: Sorry, yes you gave me the missing hint. To reach a static routed subnet via wireguard you just need to add the gatew... Dirk Steingäßer
09:56 AM Bug #11484 (Not a Bug): Adding static routed subnets destroys the route at routing table: By doing that you have added two static routes (since Allowed IPs entries get route table entries), so naturally one ... Jim Pingle
10:00 AM Bug #11489 (Feedback): Invalid certificate data can cause a PHP error: One or more of your certificate entries has an invalid or a date field that cannot be read. The code could handle thi... Jim Pingle
09:53 AM Bug #11481 (Rejected): NAT Reflection does not work when "NAT Reflection mode for port forwards" is set to "pure nat": There isn't nearly enough information here and this site is not for support or diagnostic discussion.
For assistan... Jim Pingle
09:51 AM pfSense Packages Bug #11465 (Pull Request Review): Input validation does not prevent multiple conflicting WireGuard peers on a single tunnel from attempting to act as default route: Jim Pingle
09:47 AM Bug #11480 (Duplicate): mDNS repeater (Avahi) over WireGuard not working at all: This is due to WireGuard on FreeBSD not passing multicast or broadcast traffic. We had an issue open on our internal ... Jim Pingle
09:46 AM Feature #11498 (New): WireGuard does not pass multicast traffic to peer: Moving this over from the internal Redmine (NG 5521)
From reports I've seen on other platforms, WireGuard should b... Jim Pingle
09:42 AM pfSense Packages Bug #11477 (Pull Request Review): FRR does not recognize some BFD options: Jim Pingle
09:40 AM Todo #10464: Don't change the current update repo when new releases are available: > What's keeping the dashboard from discovering new update branches on its own?
There is no mechanism to check it ... Jim Pingle
09:39 AM Bug #11478 (Duplicate): Restoring a backup on 2.4.5-p1 triggers an incomplete upgrade to 2.5.0: At it's core, it's a duplicate of #10464 -- solving that will also solve this. Jim Pingle
09:38 AM pfSense Packages Bug #11392 (Pull Request Review): FRR - Advanced Routing Behavior - Network Import Check: Flag should be reversed: Jim Pingle
09:38 AM pfSense Packages Bug #11445 (Pull Request Review): bgp as-path in wrong position: Jim Pingle
09:36 AM Bug #11476 (Pull Request Review): Telegram and Pushover notification API calls do not respect proxy configuration: Jim Pingle
09:33 AM Regression #11447 (Pull Request Review): EAP-RADIUS Mobile IPsec clients with RADIUS-assigned addresses do not get additional configuration attributes: Jim Pingle
08:51 AM Bug #11285: Kernel crash on ALTQ-enabled wg interfaces: That doesn't look like the same issue, the backtrace is a quite a bit different despite both mentioning CBQ. They cou... Jim Pingle
08:50 AM Regression #11470: Panic when using CBQ traffic shaping: That doesn't look like the same issue, the backtrace is a quite a bit different despite both mentioning CBQ. They cou... Jim Pingle
08:45 AM pfSense Docs Correction #11472 (Closed): Typo in https://docs.netgate.com/pfsense/en/latest/vpn/selection.html: Fixed. Just one missing word: "choices" Jim Pingle
08:05 AM Bug #11432: status_dhcp_leases.php doesn't load: We have the same problem after Upgrade to 21.02. A restart of the dhcpd helps for a short while but the problem comes... Christian Naumer
07:55 AM Bug #11497 (Duplicate): Dashboard: CPU Usage Meter Infinite Load: Jim Pingle
05:37 AM Bug #11497: Dashboard: CPU Usage Meter Infinite Load: Constantine Kormashev wrote:
> Probably related to https://redmine.pfsense.org/issues/11443
Can confirm. Re-enabl... Andy Dormire
05:30 AM Bug #11497: Dashboard: CPU Usage Meter Infinite Load: Probably related to https://redmine.pfsense.org/issues/11443 Constantine Kormashev
03:42 AM Bug #11497 (Duplicate): Dashboard: CPU Usage Meter Infinite Load: Howdy!
I worked with Netgate Support (ticket #76291) on an issue with my SG-5100 after upgrading to pfSense Plus 2... Andy Dormire
05:44 AM pfSense Packages Feature #11386 (Feedback): Add WireGuard tunneled networks to vpnaddresses list: PR has been merged. Thanks! Renato Botelho
05:42 AM pfSense Packages Feature #11385 (Feedback): Add WireGuard tunneled networks to vpnaddresses list: PR has been merged. Thanks! Renato Botelho
05:14 AM Feature #11420 (Feedback): New Dynamic DNS Provider: Gandi LiveDNS IPv6: PR has been merged. Thanks! Renato Botelho
05:09 AM Feature #11264 (Pull Request Review): Redirect Captive Portal users to login page after they logout: Renato Botelho
05:07 AM Feature #11103 (Feedback): Use virtual link local IP address as RA source address for HA environments: PR has been merged. Thanks! Renato Botelho
04:40 AM Bug #11483 (Feedback): Installer does not add required module to loader.conf when using ZFS: Fixed by commit de3efe409ae on FreeBSD-src... Renato Botelho
03:23 AM Bug #11483: Installer does not add required module to loader.conf when using ZFS: zfs_load="YES" to /boot/loader.conf workaround seems pretty good. Have one more fixed 21.02 ZFS device. Constantine Kormashev
02:57 AM Bug #10959: Traffic graph stopped on interface used via netmap: Can confirm this same behavior exists with Suricata with netmap enabled as well.
However, it appears to be an issu... Scott Morrison

02/21/2021

10:50 PM Feature #11496 (Resolved): Support for NTP Peer mode: If operating two pfSense machines, both of the same Stratum (for example both with GPS and stratum 1), it would be ni... Christian Borchert
07:49 PM Bug #11483: Installer does not add required module to loader.conf when using ZFS: Did a bit more testing and debugging.
The issue is not related to fstab or the drive order recognition.
The i... Sven Gruenitz
02:35 PM Revision 57296da0: Welcome pfSense CE 2.5.0-RELEASE-p1: Renato Botelho
02:28 PM Revision a97987a5: Non local gateways fix. Issue #11433: (cherry picked from commit 087d28fa3f5cfebfd4af7f4a4479b0fac053e062) Viktor Gurov
01:21 PM Regression #11495: NTP widget displays incorrect status: #3567 regression
fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/150 Viktor Gurov
01:12 PM Regression #11495 (Closed): NTP widget displays incorrect status: https://forum.netgate.com/topic/160971/ntp-status:
On my dashboard GUI, I have a widget for NTP Status displayed. In... Viktor Gurov
12:44 PM Bug #11454: Gateway value for DHCP6 interfaces missing after RA events triggered script without gateway information: I'm also having the same problem. Manually setting the monitor address to the link-local address has worked around th... Nick B
12:29 PM Bug #11494: Wireguard interface sends ICMP Redirect when routing between two peers: One last interesting tidbit, similar assumptions causing issues with p2p interfaces in ipv6 which caused issues for W... Blaine Palmer
12:22 PM Bug #11494: Wireguard interface sends ICMP Redirect when routing between two peers: It would appear this may need to be corrected in the FreeBSD upstream.
Possibly relevant:
https://github.com/free... Blaine Palmer
11:25 AM Bug #11494: Wireguard interface sends ICMP Redirect when routing between two peers: Just for reference, it appears a similar issue was observed early in WireGuard's original development.
https://git... Blaine Palmer
10:45 AM Bug #11494 (Rejected): Wireguard interface sends ICMP Redirect when routing between two peers: When PFSense is used to route traffic between two WireGuard peers, it send ICMP Redirect when both peers are on the s... Blaine Palmer
11:24 AM Regression #11316: Unbound crashes with signal 11 when reloading: Pim Janssen wrote:
> I never had any problem with the core system of pfSense on production. Today my unbound died. (... Renato Botelho
10:57 AM Regression #11316: Unbound crashes with signal 11 when reloading: I never had any problem with the core system of pfSense on production. Today my unbound died. (about 5 hours after up... Pim Janssen
08:27 AM Regression #11316 (Feedback): Unbound crashes with signal 11 when reloading: Renato Botelho
08:27 AM Regression #11316: Unbound crashes with signal 11 when reloading: 1.13.1 cherry-picked to 2.5.0 branch Renato Botelho
09:31 AM Bug #11453: ``wpa_supplicant`` uses 100% of a CPU core at boot: Jordan Greene wrote:
> I'm using this currently as well but have not encountered any issues with CPU usage on 21.02 ... Matt Johnson
12:10 AM Bug #11453: ``wpa_supplicant`` uses 100% of a CPU core at boot: Jordan Greene wrote:
> I'm using this currently as well but have not encountered any issues with CPU usage on 21.02 ... Hayden Hill
08:28 AM Regression #11433 (Feedback): Gateways with "Use non-local gateway" set are not added to routing table: Cherry picked to 2.5.0 Renato Botelho
05:31 AM pfSense Packages Bug #11493 (New): After upgrade zabbix proxy wont start: Due to database changes between zabbix-proxy versions. The proxy database needs to be removed after upgrading else th... Pim Janssen
03:37 AM Bug #11485 (Duplicate): Second WAN DHCPv6 does affect the first WAN DHCPv6 to not work: duplicate of #6880 Viktor Gurov
01:08 AM Bug #11485: Second WAN DHCPv6 does affect the first WAN DHCPv6 to not work: For sure no. There where too many bugs with IPv6 in general in the past on the WAN side. But with 2.5.0 a lot of them... Dirk Steingäßer
12:12 AM Bug #11485: Second WAN DHCPv6 does affect the first WAN DHCPv6 to not work: Dirk Steingäßer wrote:
> Adding a second DHCPv6 WAN affect the first DHCPv6 WAN to not work anymore. It just stays o... Hayden Hill
03:08 AM pfSense Packages Feature #11492 (Duplicate): there is an Freebsd version available for a splunk universal forwarder: Splunk is great log analyzer. As well there is a free version available.
I my opinion it might be a good idea to u... thiamata thiamata
03:01 AM Feature #11228 (Resolved): Replace HTTP links with HTTPS in the GUI: Viktor Gurov
01:19 AM Bug #9460: OpenVPN local auth failing due to fcgicli output: similar issue: #4521 Viktor Gurov
12:02 AM Bug #9460: OpenVPN local auth failing due to fcgicli output: I am also having the same issue using "Local Database".
The error in the OpenVPN server log is "Connection reset, ... Elon l
01:18 AM pfSense Packages Bug #11491 (Feedback): haproxy-devel v0.62_2 - startup error 'httpchk': Seeing this error message upon startup (under 2.5.0):
haproxy: startup error output!: [WARNING] 051/015053 (57019)... A S
01:18 AM Bug #4521: OpenVPN authentication and certificate validation fail due to size of data passed through ``fcgicli``: another php-cgi issue: #9460 Viktor Gurov
01:11 AM pfSense Packages Bug #11490 (New): Service Watchdog - Impacts Reboots and Package Updates: All - wasn't quite sure which to attribute this to as its a package, but is impacting standard operation.
Synopsis... A S

02/20/2021

11:06 PM Bug #11489 (Resolved): Invalid certificate data can cause a PHP error: I get the following message on the main admin page.
pfSense has detected a crash report or programming bug. Click ... Simon Brezovnik
10:28 PM Revision 2fe5cc52: Don't add empty pools line. Fixes #11488: (cherry picked from commit bb3a6eb44958841df4257ae7936e6714d1ed99a8) Jim Pingle
10:28 PM Revision bb3a6eb4: Don't add empty pools line. Fixes #11488: Jim Pingle
10:20 PM Revision afffe759: Fix child SA name generation. Fixes #11487: (cherry picked from commit eb5bd64face47422285cb883ad44fc5d77c361fa) Jim Pingle
10:20 PM Revision eb5bd64f: Fix child SA name generation. Fixes #11487: Jim Pingle
10:18 PM Revision ded7970b: Fix IPsec connect/disconnect for all tunnels. Fixes #11486: (cherry picked from commit 50c2b3f9586090593bf45a7c5c6d5873f7fd4cdf) Jim Pingle
10:16 PM Revision 50c2b3f9: Fix IPsec connect/disconnect for all tunnels. Fixes #11486: Jim Pingle
09:18 PM Bug #11453: ``wpa_supplicant`` uses 100% of a CPU core at boot: I'm using this currently as well but have not encountered any issues with CPU usage on 21.02 --- additional informati... Jordan G
08:28 PM pfSense Plus Bug #11466: PHP exits with signal 11 on SG-3100 when calling PCRE functions: Scott Long wrote:
> I don't think that this is related to https://redmine.pfsense.org/issues/11444.
I agree. The ... Bill Meeks
05:57 PM pfSense Plus Bug #11466: PHP exits with signal 11 on SG-3100 when calling PCRE functions: I don't think that this is related to https://redmine.pfsense.org/issues/11444. Scott Long
07:39 PM Bug #11483: Installer does not add required module to loader.conf when using ZFS: I am also running into this with the 21.02 recovery image on the SG-5100.
No issue with prior builds and no issue wh... Sven Gruenitz
12:49 PM Bug #11483: Installer does not add required module to loader.conf when using ZFS: I ran into this.. Trying to switch sg-4860 8GB/32GB eMMC model from UFS to ZFS doing clean install from USB boot.. JohnPoz _
12:46 PM Bug #11483: Installer does not add required module to loader.conf when using ZFS: The ZFS case fails in the same way whether installing to eMMC or mSATA.
See also: https://redmine.pfsense.org/issues... Steve Wheeler
12:44 PM Bug #11483 (Resolved): Installer does not add required module to loader.conf when using ZFS: The ADI installer image correctly installs to eMMC or mSATA creating a bootable install on RCC-VE with the default in... Steve Wheeler
06:43 PM Bug #11454: Gateway value for DHCP6 interfaces missing after RA events triggered script without gateway information: Same issues as noted above.
I was able to get IP6 working after configuring IP6 gateway monitoring to IP6 addres... Pete C
05:59 PM pfSense Plus Regression #11444 (In Progress): SG-3100 doesn't pass traffic after upgrade to 21.02: Scott Long
05:56 PM pfSense Plus Regression #11444: SG-3100 doesn't pass traffic after upgrade to 21.02: There is a fix that passes my testing here:
https://reviews.freebsd.org/D28821
The above patch is for FreeBSD H... Scott Long
05:54 PM Regression #11433: Gateways with "Use non-local gateway" set are not added to routing table: I am facing the same problem at OVH. After the migration some pfSense stopped the gateway.
I found it strange beca... Tácio Andrade
04:35 PM Bug #11488 (Feedback): IPsec tunnel definitions have ``pools =`` entry in ``swanctl.conf`` with no value: Applied in changeset commit:bb3a6eb44958841df4257ae7936e6714d1ed99a8. Jim Pingle
04:26 PM Bug #11488 (Closed): IPsec tunnel definitions have ``pools =`` entry in ``swanctl.conf`` with no value: Some IPsec connections have "pools =" with no value. The line should be omitted in this case rather than being presen... Jim Pingle
04:30 PM Regression #11487 (Feedback): IPsec tunnels using expanded IKE connection numbers do not have proper child SA names in ``swanctl.conf``: Applied in changeset commit:eb5bd64face47422285cb883ad44fc5d77c361fa. Jim Pingle
04:10 PM Regression #11487 (Closed): IPsec tunnels using expanded IKE connection numbers do not have proper child SA names in ``swanctl.conf``: Tunnels with expanded IKE connection numbers (e.g. "con100000") are not forming proper child SA con numbers. The nume... Jim Pingle
04:25 PM Regression #11486 (Feedback): Connect and disconnect buttons on the IPsec status page do not work for all tunnels: Applied in changeset commit:50c2b3f9586090593bf45a7c5c6d5873f7fd4cdf. Jim Pingle
04:07 PM Regression #11486 (Closed): Connect and disconnect buttons on the IPsec status page do not work for all tunnels: The connect and disconnect buttons on IPsec status are not working for all tunnels. When they don't work, there appea... Jim Pingle
04:23 PM Regression #11455 (Not a Bug): The ipsec configuration migrated from 2.4.x to 2.5 fails in certain cases.: There is no problem with having 0 for those. It will still work properly and assume sane defaults as if they are blan... Jim Pingle
04:05 PM Bug #11485 (Duplicate): Second WAN DHCPv6 does affect the first WAN DHCPv6 to not work: Adding a second DHCPv6 WAN affect the first DHCPv6 WAN to not work anymore. It just stays on "pending" and does not r... Dirk Steingäßer
04:00 PM Bug #11484 (Not a Bug): Adding static routed subnets destroys the route at routing table: Adding static routed subnets to wireguard allowed subnets destroys the static route.
The subnet is then just added... Dirk Steingäßer
12:33 PM pfSense Packages Bug #8466 (Resolved): radiusd crash: Tested on the latest release.
It works as expected. Ticket resolved. Danilo Zrenjanin
12:18 PM Bug #11482 (Closed): WireGuard interfaces do not always have proper MTU applied: When you set the mtu of an assigned wg interface, that value is not honoured. The mtu of the interface is always 142... Derek Battams
11:44 AM Bug #11481 (Closed): NAT Reflection does not work when "NAT Reflection mode for port forwards" is set to "pure nat": Description:
i notice that when using nat+proxy then nat reflection works but when using pure nat then it does not. ... aniel arias
11:03 AM Feature #11228: Replace HTTP links with HTTPS in the GUI: Checked in:
2.6.0-DEVELOPMENT (amd64)
built on Sat Feb 20 01:03:44 EST 2021
FreeBSD 12.2-STABLE
These which a... Max Leighton
10:56 AM pfSense Packages Bug #11465: Input validation does not prevent multiple conflicting WireGuard peers on a single tunnel from attempting to act as default route: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/149 Viktor Gurov
10:06 AM Feature #11390 (Resolved): Copy button for Authentication Server entries: Tested in
2.6.0-DEVELOPMENT (amd64)
built on Sat Feb 20 01:03:44 EST 2021
FreeBSD 12.2-STABLE
It works well.... Max Leighton
09:35 AM Bug #11464: Requests to ``ews.netgate.com`` do not honor proxy configuration: Thank you for the quick turnaround Steve; I'll be back in office starting February and will verify it then. Florian Apolloner
07:48 AM Bug #9460: OpenVPN local auth failing due to fcgicli output: Aurelian Rau wrote:
> Hello, as Joakim Gilje mentioned, this issue is still present in the release version of pfSens... Viktor Gurov
06:23 AM Bug #9460: OpenVPN local auth failing due to fcgicli output: Hello, as Joakim Gilje mentioned, this issue is still present in the release version of pfSense 2.5. We had our OpenV... Aurelian Rau
06:04 AM Bug #11480 (Duplicate): mDNS repeater (Avahi) over WireGuard not working at all: Hi,
I've been enjoying WireGuard so far with the nightly builds of pfSense 2.5 and am happy to see the full releas... Michael .
05:57 AM pfSense Packages Bug #11477: FRR does not recognize some BFD options: https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/55 Viktor Gurov
04:20 AM pfSense Packages Bug #11477 (Feedback): FRR does not recognize some BFD options: BFD daemon failed to start due to using incorrect command syntax:... Viktor Gurov
05:55 AM Revision bd5d33d8: Fix openssl digest algorithm param in openvpn.inc: At least in OpenSSL 1.1.1i-freebsd, used by pfsense 2.5, there is no longer a "list-message-digest-algorithms" parame... mschiegl
05:53 AM pfSense Packages Bug #11479 (New): snmptt 1.4.2 does not work in daemon mode: There is a bug in snmptt 1.4.2 that prevents it from starting up in daemon mode.
Upstream bug report: https://sour... Christian Ullrich
05:45 AM Todo #10464: Don't change the current update repo when new releases are available: > If you don't automatically offer the upgrade then the update check on the dashboard and so on is not useful.
Why... Christian Ullrich
05:26 AM Bug #11478 (Duplicate): Restoring a backup on 2.4.5-p1 triggers an incomplete upgrade to 2.5.0: After running in to some regressions on 2.5.0 covered by other bugs on the tracker, I decided to re-install pfSense 2... King J
03:05 AM pfSense Packages Bug #11392: FRR - Advanced Routing Behavior - Network Import Check: Flag should be reversed: add "no bgp network import-check" if unchecked:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/54 Viktor Gurov
02:41 AM Bug #11476: Telegram and Pushover notification API calls do not respect proxy configuration: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/148 Viktor Gurov
02:12 AM Bug #11476 (Closed): Telegram and Pushover notification API calls do not respect proxy configuration: Telegram and Pushover notifications ingore proxy configuration on "System -> Advanced -> Miscellaneous"
see also #... Viktor Gurov
01:13 AM Regression #11447: EAP-RADIUS Mobile IPsec clients with RADIUS-assigned addresses do not get additional configuration attributes: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/147 Viktor Gurov
12:34 AM Regression #11475: Route tables with many entries can lead to PHP errors and timeouts when looking up routes: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/146 Viktor Gurov

Also available in: Atom

Project

General

Profile

pfSense

Activity

Activity

03/21/2021

03/20/2021

03/19/2021

03/18/2021

03/17/2021

03/16/2021

03/15/2021

03/14/2021

03/13/2021

03/12/2021

03/11/2021

03/10/2021

03/09/2021

03/08/2021

03/07/2021

03/06/2021

03/05/2021

03/04/2021

03/03/2021

03/02/2021

03/01/2021

02/28/2021

02/27/2021

02/26/2021

02/25/2021

02/24/2021

02/23/2021

02/22/2021

02/21/2021

02/20/2021