Project

General

Profile

Activity

From 02/21/2021 to 03/22/2021

03/22/2021

10:48 PM pfSense Packages Feature #11719 (Rejected): ACME - Create script for DNSExit API
Link to tech docs.
https://www.dnsexit.com/dns/dns-api/
This is out of my wheelhouse so any assistance would be... Mike McV
04:43 PM pfSense Plus Regression #11436: State matching problem with reponses to packets arriving on non-default WANs
I am not using PPPOE. Both WANs are DHCP. My config attached. Rick Strangman
11:45 AM pfSense Plus Regression #11436: State matching problem with reponses to packets arriving on non-default WANs
Thanks. I've not immediately spotted anything suspect in there.
However, it appears that all reports of this issue... Kristof Provost
08:48 AM pfSense Plus Regression #11436: State matching problem with reponses to packets arriving on non-default WANs
I've so far been unable to reproduce this problem.
It's possible that I'm missing some relevant factor in my setup. ... Kristof Provost
02:26 PM Revision bc8dbe9e: Fix PHP error on Reset Log Files. Issue #11710
(cherry picked from commit 5800b750ef69db5dbf8c7a274ee297af6acc7d02) Viktor Gurov
02:26 PM Revision 5800b750: Fix PHP error on Reset Log Files. Issue #11710
Viktor Gurov
02:17 PM Bug #11718 (Resolved): XMLRPC Client does not honor its default timeout value
I have traced an XMLRPC problem where I got a systematic mysterious error when starting a sync between my firewalls (... Vincent Caron
12:54 PM Revision cc807fbf: route_add_or_change() add linklocal gateway scope. Fixes #11713
(cherry picked from commit cca31114b0ac041e41865c586d587558f82979d6) Viktor Gurov
10:21 AM Bug #11454 (Resolved): Gateway value for DHCP6 interfaces missing after RA events triggered script without gateway information
It seems to be resolved now. Renato Botelho
09:58 AM pfSense Plus Regression #11689 (Resolved): LEDs do not indicate available upgrade status
Confirmed working on latest snapshot Renato Botelho
09:52 AM Revision cca31114: route_add_or_change() add linklocal gateway scope. Fixes #11713
Viktor Gurov
09:32 AM Regression #11443 (Resolved): Disabling 'State Table Size' in the System Information widget prevents other data from being displayed
Renato Botelho
09:26 AM Regression #11710 (Feedback): PHP error when resetting log files
PR merged and cherry-picked to 2.5.1 Renato Botelho
01:38 AM Regression #11710: PHP error when resetting log files
fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/199 Viktor Gurov
09:25 AM Bug #11602 (Resolved): Delayed packet transmission in cxgbe driver can lead to latency and reduced performance
Renato Botelho
07:54 AM Bug #11713 (Feedback): Error when deleting IPv6 link-local routes
PR merged and cherry-picked to 2.5.1 Renato Botelho
05:04 AM Bug #11713: Error when deleting IPv6 link-local routes
route_add_or_change() doesn't add linklocal scope part to the `route` command:... Viktor Gurov
01:39 AM Bug #11713: Error when deleting IPv6 link-local routes
For similar questions
[[https://forum.netgate.com/topic/161375/pf2-6-report/13]]
[[https://redmine.pfsense.org/... yon Liu
06:06 AM Bug #11717 (New): Incorrect port forwarding rules if Destination port alias is not equal to Redirect target port alias
If Destination port alias and Redirect target port alias contains different ports,
incorrect port forwarding rules a... Viktor Gurov
05:13 AM Bug #11149 (New): DHCP relay won't start with DHCP server behind gateway
seems another issue
related to #9466 and #10416 Viktor Gurov
03:25 AM Bug #11149: DHCP relay won't start with DHCP server behind gateway
It seems that the "bug" has indeed something to do with Outgoing NAT & dhcrelay. When starting from commandline dhcre... Mark Lavrijsen
04:15 AM Regression #11524: Using SHA1 or SHA256 with AES-NI may fail if AES-NI attempts to accelerate hashing
We've hit this after upgrade from 2.4.5 to 2.5.0 on our two SG-5100 - was terribly difficult to figure it out, but th... Yury Zaytsev
02:53 AM pfSense Docs Todo #11716 (Resolved): Feedback on Network Address Translation — Port Forwards
*Page:* https://docs.netgate.com/pfsense/en/latest/nat/port-forwards.html
*Feedback:*
Add a note that if the re... Viktor Gurov
01:45 AM Bug #11708 (Rejected): WOL wakes ALL devices when trying to wake up ONE device
Fixed in 2.5.1/2.6 Viktor Gurov
01:40 AM Bug #11709 (Duplicate): Crash in 2.5.1.r.20210320.0824
Kristian Krautwald wrote:
> > Can you provide more information on your syslog config (if any) and any reproduction i... Viktor Gurov
01:35 AM Bug #11715 (New): OpenVPN MTU
when i setup openvpn config link-mtu 1500 and No matter you choose any Allow Compression, then openvpn interface mtu ... yon Liu
01:32 AM Bug #11105: IPv6 RA RDNSS lifetime is too short, not compliant with RFC 8106
works as expected,
but now shows warning in routing.log:... Viktor Gurov
01:15 AM Bug #11707 (Duplicate): IPv4 /8 or above Static routing uses aliases
Duplicate of #11599 Viktor Gurov

03/21/2021

05:58 PM pfSense Docs New Content #11714 (Closed): Add section about the correct addresses to use for failover peers when Troubleshooting High Availability DHCP Failover
*Page:* https://docs.netgate.com/pfsense/en/latest/troubleshooting/ha-dhcp-failover.html
*Feedback:*
I had acci... Benjamin Pettinen
12:08 PM Bug #11713 (Closed): Error when deleting IPv6 link-local routes
/system.php: The command '/sbin/route -q delete -host -inet6 2001:4860:4860::8844 'fe80::4e6d:58ff:fe4a:97d4'' return... Kristian Krautwald
11:18 AM Bug #11709: Crash in 2.5.1.r.20210320.0824
> Can you provide more information on your syslog config (if any) and any reproduction instructions if you have them?... Kristian Krautwald
10:36 AM Bug #11712 (Rejected): Interface can't be switched to an available network port igb3
I have a generic (QOTOM-Q355G4) pfSense box with 4 NICs and network assignment as the following:
WAN - igb0
LAN ... Yuri Weinstein
07:04 AM Regression #11316: Unbound crashes with signal 11 when reloading
Vaidotas, static DHCP should probably be used if you rely on hostnames so much. The feature in general has been the ... Chris Collins
12:37 AM Regression #11316: Unbound crashes with signal 11 when reloading
Chris Collins wrote:
> I hope the decision is not made to roll back unbound, as its just going back to old code, whe... Vaidotas Butkus

03/20/2021

09:52 PM Regression #11443: Disabling 'State Table Size' in the System Information widget prevents other data from being displayed
Tested on pfSense Plus 21.02p2 and this works on here again as well. Kris Phillips
09:18 PM pfSense Plus Bug #11630: WireGuard MultiWAN Not Failing Back to Tier 1
Since Wireguard is being removed from the next release, this bug report should be closed out as Rejected. Kris Phillips
09:14 PM pfSense Plus Bug #11673: Thermal Sensors Non-functional on SG-3100
Important to note that this seemed to work fine in the 2.4.5p1 images. Its just the newer release that has issues. Kris Phillips
08:32 PM Bug #11691: WireGuard MSS Clamping and TCP traffic issues after reboot.
Should this be closed out considering WireGuard is being pulled? Michael Spears
08:30 PM Bug #11709: Crash in 2.5.1.r.20210320.0824
Kristian Krautwald wrote:
> Crash report begins. Anonymous machine information:
> amd64
> 12.2-STABLE
> FreeBSD ... Michael Spears
02:10 PM Bug #11709 (Duplicate): Crash in 2.5.1.r.20210320.0824
Crash report begins. Anonymous machine information:
amd64
12.2-STABLE
FreeBSD 12.2-STABLE cb7f262d547(RELENG_2_5_... Kristian Krautwald
07:11 PM pfSense Packages Bug #11575: OpenVPN clients cannot pass traffic when reconnecting using the same source port
Yuran Yastreb wrote:
> Edgardo Rodriguez wrote:
> > Jim Pingle wrote:
> > > No, but since you compiled it on a dif... Edgardo Rodriguez
11:47 AM pfSense Packages Bug #11575: OpenVPN clients cannot pass traffic when reconnecting using the same source port
Edgardo Rodriguez wrote:
> Jim Pingle wrote:
> > No, but since you compiled it on a different system and nobody els... Yuran Yastreb
06:42 PM pfSense Packages Bug #11711 (Resolved): New Squid Status Page Non-Functional
Under Services --> Squid --> Status, the page does not load or work on 21.02 of 2.5 of pfSense and pfSense Plus. The... Kris Phillips
05:59 PM Regression #11710 (Resolved): PHP error when resetting log files
I got this error message after i press RESET LOG FILES under status.
Same error on 2.6.0 DEV too. (latest snapshot)
... B. B.
02:19 PM Bug #11454: Gateway value for DHCP6 interfaces missing after RA events triggered script without gateway information
All is good on my installation ...
Thank you to everyone for the help. Mike McV
12:49 PM Bug #11602: Delayed packet transmission in cxgbe driver can lead to latency and reduced performance
Wanted to provide feedback that this looks be resolved in the latest 2.5.1 snapshots:
*Before: 2.5.0-RELEASE*
<... Timo M
11:10 AM pfSense Packages Feature #11201 (Resolved): Show iTLD Allow IDN domains
Tested on pfBlockerNG-devel 3.0.0_15 version.
It looks fine, the Total TLD Count is included and works as expecte... Danilo Zrenjanin
10:50 AM Bug #11299 (Resolved): Unused L2TP VPN files are not removed when the service is disabled
Tested on the latest release.
The l2tp directory and the files have been deleted upon disabling the L2TP service.... Danilo Zrenjanin
10:44 AM Todo #11518: Move custom IPsec NAT-T port settings to Advanced Options
Tested on the latest release.
The custom IPSEC NAT-T port settings are located under VPN/IPsec/Advanced Settings.... Danilo Zrenjanin
10:35 AM pfSense Packages Feature #11520 (Resolved): Add 'explicit-exit-notify' option by default
Tested on the latest release.
OpenVPN - Client Export Utility adds explicit-exit-notify in the client configurati... Danilo Zrenjanin
09:07 AM Bug #11425 (Resolved): XMLRPC error with Captive Portal and CARP failover when GUI is on non-standard port
Tested in
2.5.1-RC (amd64)
built on Thu Mar 18 03:04:03 EDT 2021
FreeBSD 12.2-STABLE
It's fixed. The XMLRPC e... Max Leighton
08:55 AM Bug #11708 (Rejected): WOL wakes ALL devices when trying to wake up ONE device
Hi,
I've played with WOL a bit and found the following:
After waking up ALL devices ONCE, the URI changes to /s... Karl Fischer
08:52 AM Bug #11489 (Resolved): Invalid certificate data can cause a PHP error
Tested on
2.5.1-RC (amd64)
built on Thu Mar 18 03:04:03 EDT 2021
FreeBSD 12.2-STABLE
It works. The broken cer... Max Leighton
06:41 AM Bug #11707: IPv4 /8 or above Static routing uses aliases
test system version is:
2.6.0-DEVELOPMENT (amd64)
built on Fri Mar 19 01:04:20 EDT 2021
FreeBSD 12.2-STABLE yon Liu
06:38 AM Bug #11707 (Duplicate): IPv4 /8 or above Static routing uses aliases
When I delete the previously set static route using aliases 1.0.0.0/8 and 110.0.0.0/7 via wan,and also manually updat... yon Liu
03:04 AM Feature #9877: QEMU Guest Agent
Port was added to FreeBSD repository:
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=254105
https://svnweb.fre... Maciej Czech

03/19/2021

08:58 PM pfSense Packages Bug #11515: node_exporter 0.18.1_1 - Unable to interact or start the service from web ui
I note at least two issues remaining.
First, the config file is in @/usr/local/etc/rc.conf.d/@, but that directory... Joel Holveck
07:26 PM Revision 02f44d9c: Remove WireGuard support
Out of an abundance of caution while we investigate the claims about
WireGuard in public, we need to remove it from p... Renato Botelho
07:25 PM Revision 281dede0: Remove WireGuard support
Out of an abundance of caution while we investigate the claims about
WireGuard in public, we need to remove it from p... Renato Botelho
07:21 PM Feature #9260: ssh_tunnel_shell: Disable console message output
I just upgraded to 2.5.0. I had regular users configured with the "User - System: SSH tunneling" permission, accessin... Carlos Man
03:33 PM Revision 4af6e7f6: Fix cert type handling during renewal. Fixes #11706
(cherry picked from commit 009a3d4e16d2905e01fbc0a7b6f53985af3afd09) Jim Pingle
03:32 PM Revision 009a3d4e: Fix cert type handling during renewal. Fixes #11706
Jim Pingle
03:28 PM Revision 73d4ea07: Add missing word to help text
Steve Beaver
03:13 PM Revision 937dbcc1: Fix user cert parameters when creating user+cert. Fixes #11705
(cherry picked from commit 0aa7f5a7ee5e7b5fd2292669cfc2dd7c420e04f7) Jim Pingle
03:12 PM Revision 0aa7f5a7: Fix user cert parameters when creating user+cert. Fixes #11705
Jim Pingle
01:33 PM Bug #11454: Gateway value for DHCP6 interfaces missing after RA events triggered script without gateway information
I'll leave this open over the weekend to collect more feedback but I think at this point every problem scenario is so... Jim Pingle
01:27 PM Bug #11454: Gateway value for DHCP6 interfaces missing after RA events triggered script without gateway information
RC worked great for me! dpinger works, and I could re-enable my traffic limiters (codel) with great success.
Thank... Jesse Beauclaire
12:41 PM Bug #11454: Gateway value for DHCP6 interfaces missing after RA events triggered script without gateway information
Thank you Jim.
Moderator moved my original upgrade post on the forum to the snapshots section.
Updated to relea... Pete C
09:38 AM Bug #11454: Gateway value for DHCP6 interfaces missing after RA events triggered script without gateway information
Pete C wrote:
> Tried the above diff patch on my 2.5.1 build with the RA checkbox thing and it did not change anythi... Jim Pingle
09:09 AM Bug #11454: Gateway value for DHCP6 interfaces missing after RA events triggered script without gateway information
Thank you Renato.
f3488a18e3fc276b58ecc2aeb8f7471da9bd2088
Tried the above diff patch on my 2.5.1 build with th... Pete C
08:15 AM Bug #11454: Gateway value for DHCP6 interfaces missing after RA events triggered script without gateway information
Pete C wrote:
> Jim Pingle wrote:
> > Applied in changeset commit:f3488a18e3fc276b58ecc2aeb8f7471da9bd2088.
>
> ... Renato Botelho
08:02 AM Bug #11454: Gateway value for DHCP6 interfaces missing after RA events triggered script without gateway information
Jim Pingle wrote:
> Applied in changeset commit:f3488a18e3fc276b58ecc2aeb8f7471da9bd2088.
Will a different patch ... Pete C
07:25 AM Bug #11454 (Feedback): Gateway value for DHCP6 interfaces missing after RA events triggered script without gateway information
Applied in changeset commit:f3488a18e3fc276b58ecc2aeb8f7471da9bd2088. Jim Pingle
07:17 AM Bug #11454 (In Progress): Gateway value for DHCP6 interfaces missing after RA events triggered script without gateway information
OK I thought it was more subtle than that but you are right, I was able to replicate it by checking that box, and con... Jim Pingle
01:07 PM Revision ed16c6cf: Catch up with rename of Coreboot upgrade package to Firmware
(cherry picked from commit 99cef76e8e8f9d12ff0e0dfe1fba8f059b1806bd) Renato Botelho
12:19 PM Revision ec3fd7e5: Fix RA GW for "Do not wait for RA" path. Fixes #11454
(cherry picked from commit f3488a18e3fc276b58ecc2aeb8f7471da9bd2088) Jim Pingle
12:18 PM Revision f3488a18: Fix RA GW for "Do not wait for RA" path. Fixes #11454
Jim Pingle
11:01 AM Bug #11407 (Waiting on Merge): Removing a WireGuard tunnel in a middle position can break Add button behavior
Jim Pingle
10:55 AM Bug #11706: Renewing a certificate without a ``type`` value assumes a server certificate
To test:
* On a system without the fix, create test certificates:
* A user certificate with default settings ... Jim Pingle
10:40 AM Bug #11706 (Feedback): Renewing a certificate without a ``type`` value assumes a server certificate
Applied in changeset commit:009a3d4e16d2905e01fbc0a7b6f53985af3afd09. Jim Pingle
09:56 AM Bug #11706 (Closed): Renewing a certificate without a ``type`` value assumes a server certificate
When renewing a certificate, if the @type@ field is empty, the renewal process results in a certificate with its type... Jim Pingle
10:46 AM Bug #11705: Creating a certificate while creating a user does not fully configure the certificate properly
To test:
* Create a user + cert certificate in the same step on a system without the fix -- choose sha256 (default... Jim Pingle
10:20 AM Bug #11705 (Feedback): Creating a certificate while creating a user does not fully configure the certificate properly
Applied in changeset commit:0aa7f5a7ee5e7b5fd2292669cfc2dd7c420e04f7. Jim Pingle
09:55 AM Bug #11705 (Resolved): Creating a certificate while creating a user does not fully configure the certificate properly
When creating a certificate while creating a new user (not adding to an existing user), the resulting certificate is ... Jim Pingle
10:29 AM Feature #11556: Kill states using the pre-NAT address
I can confirm this is currently an issue. Marcos M
07:24 AM Bug #11704 (Pull Request Review): Stale hostname registration data for OpenVPN clients is not deleted from the DNS Resolver configuration at boot
Jim Pingle
02:25 AM Bug #11704: Stale hostname registration data for OpenVPN clients is not deleted from the DNS Resolver configuration at boot
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/198 Viktor Gurov
02:15 AM Bug #11704 (Resolved): Stale hostname registration data for OpenVPN clients is not deleted from the DNS Resolver configuration at boot
`/var/unbound/openvpn.*`files are not deleted after system reboot, resulting in incorrect/outdated DNS records Viktor Gurov
05:10 AM pfSense Packages Bug #11204 (Feedback): Fix net-snmp logging to syslog
Merged Viktor Gurov
05:09 AM pfSense Packages Bug #10990 (Feedback): net-snmp IPv6 listen address needs to be wrapped in square brackets
Merged Viktor Gurov
05:08 AM pfSense Packages Bug #11039 (Resolved): route-map not working if Address Family is enabled.
Viktor Gurov
04:14 AM Bug #11699: OpenVPN does not clean up parsed ``Cisco-AVPair`` rules on non-graceful disconnect
I think it is better to set the inactive timeout to the default value (like 300 seconds) for new instances
to cleanu... Viktor Gurov
01:53 AM Feature #11659: Support for UEFI HTTP Boot option in DHCPv4 Server
I would liek to see this feature introduced as I am running into issues with iPXE on my systems and I need to boot im... Nathan Revo

03/18/2021

10:32 PM Bug #11657: netmap_ring_reinit error
I'm on ESXi 7. I only noticed the following, though I'm thinking it's some Suricata setting I need to tune for the in... Marc 05
09:17 PM Bug #11454: Gateway value for DHCP6 interfaces missing after RA events triggered script without gateway information
Paul K wrote:
> I did look at line 5091 but there was nothing on that line related to rtsold. Anyway, I think you ar... Flole Systems
08:45 PM Bug #11454: Gateway value for DHCP6 interfaces missing after RA events triggered script without gateway information
Flole Systems wrote:
> I pointed out a possible cause for this 2 times now already and nobody seemed to care, so one... Paul K
08:32 PM Bug #11454: Gateway value for DHCP6 interfaces missing after RA events triggered script without gateway information
Tested with the new RC build and it is working fine for me know. Thanks for fixing it Jim and Renato! Paul K
03:48 PM Bug #11454: Gateway value for DHCP6 interfaces missing after RA events triggered script without gateway information
I pointed out a possible cause for this 2 times now already and nobody seemed to care, so one last time:
Flole S... Flole Systems
02:46 PM Bug #11454: Gateway value for DHCP6 interfaces missing after RA events triggered script without gateway information
That's probably a bit tougher to replicate then. Like you said that's one for a new forum thread and likely a differe... Jim Pingle
02:33 PM Bug #11454: Gateway value for DHCP6 interfaces missing after RA events triggered script without gateway information
After quite a bit of digging and capturing i think i have found the missing link to my scenario. I will also create t... Mike McV
11:56 AM Bug #11454: Gateway value for DHCP6 interfaces missing after RA events triggered script without gateway information
Got the syntax correct on the rtsold, and running this from the CLI resolves the issue, but it does not survive a reb... Mike McV
11:43 AM Bug #11454: Gateway value for DHCP6 interfaces missing after RA events triggered script without gateway information
Mike McV wrote:
> Is there a possibility the scripts are not happy with a Tagged LAGG interface.(Outside of my exper... Jim Pingle
10:56 AM Bug #11454: Gateway value for DHCP6 interfaces missing after RA events triggered script without gateway information
Jim Pingle wrote:
> If i remove my static IPV6 monitor address Gateway monitoring stops working, but the protocol ... Mike McV
10:48 AM Bug #11454: Gateway value for DHCP6 interfaces missing after RA events triggered script without gateway information
2.5.1-RC-20210318-0300 resolved the IPv6 Gateway issue I was experiencing. Thanks for the fix! Greg Shaffer
10:13 AM Bug #11454: Gateway value for DHCP6 interfaces missing after RA events triggered script without gateway information
Flole Systems wrote:
> Also in line 5091 of the interfaces.inc the -M flag is missing entirely, I think it should be... Flole Systems
10:11 AM Bug #11454: Gateway value for DHCP6 interfaces missing after RA events triggered script without gateway information
Mike McV wrote:
> If i remove my static IPV6 monitor address Gateway monitoring stops working, but the protocol work... Jim Pingle
09:48 AM Bug #11454: Gateway value for DHCP6 interfaces missing after RA events triggered script without gateway information
This (2.5.1.r.20210318.0300) did not resolve it for me.
If i remove my static IPV6 monitor address Gateway monitor... Mike McV
08:32 AM Bug #11454: Gateway value for DHCP6 interfaces missing after RA events triggered script without gateway information
Jesse Beauclaire wrote:
> Hate to ask this here, but I am affected by this issue so it's sort of relevent... Can I u... Jim Pingle
08:31 AM Bug #11454: Gateway value for DHCP6 interfaces missing after RA events triggered script without gateway information
Hate to ask this here, but I am affected by this issue so it's sort of relevent... Can I update to the RC without kil... Jesse Beauclaire
08:17 AM Bug #11454: Gateway value for DHCP6 interfaces missing after RA events triggered script without gateway information
Working for me too now with 2.5.1.r.20210318.0300. Patrik Lundquist
08:08 AM Bug #11454: Gateway value for DHCP6 interfaces missing after RA events triggered script without gateway information
The complete set of fixes is in the current RC build, so it's ready for others to test. It works for me that's me and... Jim Pingle
07:47 PM pfSense Packages Feature #11703 (New): add Krill and Routinator support BGP RPKI
From the perspective of safety and reliability, deploying your own RPKI facilities is the best option, so can these f... yon Liu
07:28 PM Revision 02ff3b5a: Fixed #11702 by revising ramdisk code
Steve Beaver
07:17 PM pfSense Packages Bug #11693: IPv6 static routing fails
!https://i.imgur.com/vm8NKfi.jpg! yon Liu
03:58 PM Revision 100b5040: Add missing global declaration
Add missing global declaration BBcan177 .
02:35 PM Regression #11702: RAM Disk Settings shows Kernel Memory at ``0`` Kb and does not allow the user to create RAM disks
Applied in changeset pfsense:commit:02ff3b5a91b3062cd4116fdf18af6e2d95cef86a. Anonymous
02:28 PM Regression #11702 (Feedback): RAM Disk Settings shows Kernel Memory at ``0`` Kb and does not allow the user to create RAM disks
Anonymous
01:45 PM Regression #11702 (Closed): RAM Disk Settings shows Kernel Memory at ``0`` Kb and does not allow the user to create RAM disks
Anonymous
02:24 PM Feature #11576: IPsec GUI option to control Child SA ``start_action``
Marcos Mendoza wrote:
> Something that's somewhat confusing (even now with "Child SA Close Action") is what exactly ... Jim Pingle
02:20 PM Feature #11576: IPsec GUI option to control Child SA ``start_action``
Something that's somewhat confusing (even now with "Child SA Close Action") is what exactly the default is. This coul... Marcos M
12:07 PM Bug #11699: OpenVPN does not clean up parsed ``Cisco-AVPair`` rules on non-graceful disconnect
Jim Pingle wrote:
> According to the OpenVPN docs and other posts I see, the disconnect script should be run even on... Viktor Gurov
11:39 AM Bug #11699: OpenVPN does not clean up parsed ``Cisco-AVPair`` rules on non-graceful disconnect
According to the OpenVPN docs and other posts I see, the disconnect script should be run even on ping timeout / uncle... Jim Pingle
09:28 AM Bug #11699 (Closed): OpenVPN does not clean up parsed ``Cisco-AVPair`` rules on non-graceful disconnect
There is a difference between a graceful and not graceful disconnect. We tested it last night where I just turn off ... Viktor Gurov
11:51 AM Bug #11672: when setup Static Routes use aliases,cannot automatically learn that the aliases ip list has changed
This problem also exists in using aliases in firewall rules yon Liu
11:47 AM pfSense Packages Bug #11575: OpenVPN clients cannot pass traffic when reconnecting using the same source port
Jim Pingle wrote:
> No, but since you compiled it on a different system and nobody else had replicated it, it's unli... Edgardo Rodriguez
11:39 AM pfSense Packages Bug #11575: OpenVPN clients cannot pass traffic when reconnecting using the same source port
No, but since you compiled it on a different system and nobody else had replicated it, it's unlikely to be related wi... Jim Pingle
11:35 AM pfSense Packages Bug #11575: OpenVPN clients cannot pass traffic when reconnecting using the same source port
Jim Pingle wrote:
> We haven't evaluated that patch yet, but it's unlikely to make it into the next release this lat... Edgardo Rodriguez
08:00 AM pfSense Packages Bug #11575: OpenVPN clients cannot pass traffic when reconnecting using the same source port
We haven't evaluated that patch yet, but it's unlikely to make it into the next release this late in the process. If ... Jim Pingle
11:38 AM pfSense Packages Bug #11696 (Feedback): SquidGuard Disable "Groups ACL" no work
Merged Viktor Gurov
08:01 AM pfSense Packages Bug #11696 (Pull Request Review): SquidGuard Disable "Groups ACL" no work
Jim Pingle
06:57 AM pfSense Packages Bug #11696: SquidGuard Disable "Groups ACL" no work
fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/75 Viktor Gurov
06:47 AM pfSense Packages Bug #11696 (Resolved): SquidGuard Disable "Groups ACL" no work
https://forum.netgate.com/topic/162053/squidguard-disable-groups-acl-no-work-bug:
Pfsense 2.5.0
"Common ACL" is D... Viktor Gurov
11:03 AM Bug #11701: Missing global ``$g`` declaration in ``config.lib.inc`` function ``pfSense_clear_globals()``
PR: https://github.com/pfsense/pfsense/pull/4510 BBcan177 .
10:59 AM Bug #11701 (Resolved): Missing global ``$g`` declaration in ``config.lib.inc`` function ``pfSense_clear_globals()``
/etc/inc/config.lib.inc
Line: 1106
function pfSense_clear_globals() {
global $config, *$g,* $FilterIfList, $Gat... BBcan177 .
09:46 AM Bug #11700 (Pull Request Review): OpenVPN does not kill IPv6 client states on disconnect
Jim Pingle
09:44 AM Bug #11700: OpenVPN does not kill IPv6 client states on disconnect
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/197 Viktor Gurov
09:42 AM Bug #11700 (Closed): OpenVPN does not kill IPv6 client states on disconnect
openvpn.attributes.sh successfully kills all IPv4 states with:... Viktor Gurov
09:26 AM Bug #11698 (Pull Request Review): Incomplete PPPoE custom reset values lead to invalid cron entry
Jim Pingle
08:57 AM Bug #11698: Incomplete PPPoE custom reset values lead to invalid cron entry
fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/196 Viktor Gurov
08:50 AM Bug #11698 (Closed): Incomplete PPPoE custom reset values lead to invalid cron entry
If you configure the "Custom Reset" option and only fill in the "Minutes" or "Hour" field, but not other fields,
an ... Viktor Gurov
08:13 AM Bug #11697 (Rejected): Status / System Logs doesn't show any logs after Upgrade 2.4.5 -> 2.5.0, works on fresh install
Unable to reproduce the problem here -- numerous systems have been upgraded from 2.4.5 to 2.5.0 and all have working ... Jim Pingle
08:10 AM Bug #11697 (Rejected): Status / System Logs doesn't show any logs after Upgrade 2.4.5 -> 2.5.0, works on fresh install
Dear all,
we've upgraded two pfSense VMs from 2.4.5 to 2.5.0. The upgrade worked, however, "Status / System Logs" ... Christian Strauf
07:52 AM Bug #11692: ``fixup_default_gateway()`` should not remove a default gateway managed by a dynamic routing daemon
Updating subject for release notes. Jim Pingle
07:47 AM Bug #11688 (Pull Request Review): Disabling all interfaces associated with a floating rule causes the firewall to generate an incorrect pf rule
Jim Pingle
07:38 AM pfSense Packages Bug #11695 (Feedback): PHP error in the last step of the wizard
Merged Renato Botelho
07:05 AM pfSense Packages Bug #11695: PHP error in the last step of the wizard
fix:
https://gitlab.netgate.com/pfSense/factory-ports/-/merge_requests/1 Viktor Gurov
06:06 AM pfSense Packages Bug #11695 (Resolved): PHP error in the last step of the wizard
I get the following error message when trying to create a VPN using the AWS wizard:... Viktor Gurov
06:03 AM Feature #11125: Kernel module for RTL8153 driver
Is there any chances that this modify will be insert into 2.5.1 release? Anonymous
05:49 AM Bug #11694: Upstream Gateway Not Being Set Repeatedly
Alasdair Corton wrote:
> The "Fix" link isn't working
>
> https://gitlab.netgate.com/pfSense/pfSense/-/merge_requ... Viktor Gurov
04:19 AM Bug #11694: Upstream Gateway Not Being Set Repeatedly
The "Fix" link isn't working
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/139 Alasdair Corton
04:08 AM Bug #11694 (Duplicate): Upstream Gateway Not Being Set Repeatedly
Duplicate of #11433 Viktor Gurov
03:39 AM Bug #11694 (Duplicate): Upstream Gateway Not Being Set Repeatedly
Hi all,
I have been experiencing a consistent issue with my pfSense virtual machine. My current set up is 2 ESXi h... Alasdair Corton
01:59 AM Regression #11433: Gateways with "Use non-local gateway" set are not added to routing table
Viktor Gurov wrote:
> works as expected on 2.5.1.r.20210314.2256:
> [...]
I tested this with 2.5.1.r.20210314.22... Andrew Murray
12:07 AM Revision c04b3a71: Skip floating rules with all interfaces disabled. Issue #11688
Prior to this change, if a floating rule had associated interfaces, but
they were all disabled, the rule would be gen... Jonathon Reinhart

03/17/2021

08:46 PM pfSense Packages Bug #11575: OpenVPN clients cannot pass traffic when reconnecting using the same source port
Pippin MMD wrote:
> Asked on #openvpn-devel, this patch should fix this ticket:
> https://patchwork.openvpn.net/pat... Wesley Lucio dos Santos
07:01 AM pfSense Packages Bug #11575: OpenVPN clients cannot pass traffic when reconnecting using the same source port
Pippin MMD wrote:
> Asked on #openvpn-devel, this patch should fix this ticket:
> https://patchwork.openvpn.net/pat... Edgardo Rodriguez
06:55 AM pfSense Packages Bug #11575: OpenVPN clients cannot pass traffic when reconnecting using the same source port
Asked on #openvpn-devel, this patch should fix this ticket:
https://patchwork.openvpn.net/patch/1550/
It is not r... Pippin MMD
07:38 PM pfSense Packages Bug #11693 (Resolved): IPv6 static routing fails
ipv6 static routing rules do not work, when I setup 240e::/20 via wan dhcpv6 interface, but
it still via frr bgp oth... yon Liu
07:34 PM Bug #11692 (Resolved): ``fixup_default_gateway()`` should not remove a default gateway managed by a dynamic routing daemon
so I using frr bgp router,so I need disable and setup Default gateway IPv6 to none, but I config Default gateway IPv6... yon Liu
05:04 PM Revision 73617c4b: Add MVC wrapper to various functions used by firewall_nat*
Steve Beaver
02:19 PM Feature #11374: WireGuard Status in GUI
Current snapshot builds have a bit more info, but it's still limited in its usefulness since WireGuard is connectionl... Jim Pingle
02:17 PM Feature #11374: WireGuard Status in GUI
Thanks - completely understandable - perhaps as more wg features get exposed over time, some way of visually gauging ... Jum Pers
02:05 PM Bug #11691 (Closed): WireGuard MSS Clamping and TCP traffic issues after reboot.
Testing the latest development code (2.6.0.a.20210317.0100), upon reboot even though the MTU (as reported by Status>I... Christian McDonald
01:29 PM Bug #11454: Gateway value for DHCP6 interfaces missing after RA events triggered script without gateway information
Adjusting subject again to reflect both problems that were fixed since they were close, potentially related, but not ... Jim Pingle
01:27 PM Bug #11454 (Feedback): Gateway value for DHCP6 interfaces missing after RA events triggered script without gateway information
I've pushed rtsold fix to FreeBSD-src repository for all branches. It should be fine on next snapshot. Renato Botelho
01:15 PM Bug #11454: Gateway value for DHCP6 interfaces missing after RA events triggered script without gateway information
OK I've tested with a patched rtsold on multiple systems and now I'm seeing the correct and expected behavior all aro... Jim Pingle
11:22 AM Bug #11454: Gateway value for DHCP6 interfaces missing after RA events triggered script without gateway information
Running rtsold manually, as Paul K (Thanks!) did, I see the same results. Greg Shaffer
10:35 AM Bug #11454: Gateway value for DHCP6 interfaces missing after RA events triggered script without gateway information
OK, so I did some sniffing and found that the systems I was observing had multiple devices on the segment responding ... Jim Pingle
12:10 AM Bug #11454: Gateway value for DHCP6 interfaces missing after RA events triggered script without gateway information
Yeah, I guess it was already described. The way I read that post though is that it was patched to pass second argumen... Paul K
12:01 AM Bug #11454: Gateway value for DHCP6 interfaces missing after RA events triggered script without gateway information
Exactly, and that was already described above. That's why I was wondering how this patch was supposed to fix it when ... Flole Systems
01:03 PM Regression #11316: Unbound crashes with signal 11 when reloading
Chris Collins wrote:
> I hope the decision is not made to roll back unbound, as its just going back to old code, whe... Jim Pingle
12:50 PM Regression #11316: Unbound crashes with signal 11 when reloading
I hope the decision is not made to roll back unbound, as its just going back to old code, when the better decision mi... Chris Collins
03:29 AM Regression #11316: Unbound crashes with signal 11 when reloading
Jim Pingle wrote:
> Updating subject for release notes.
>
> If Unbound doesn't find/fix the issue in 1.13.1 soon ... Vaidotas Butkus
12:11 PM Bug #11474 (Resolved): Broken help link on IPsec Advanced Settings tab
Thanks! Jim Pingle
12:09 PM Bug #11474: Broken help link on IPsec Advanced Settings tab
I can confirm this is working for me on a SG-5100 running 21.02.2 RC build 17 March 0300. Touching the help icon brin... Nick Goehring
11:55 AM Feature #11690: Add an option to rescan PCI buses to allow NIC hotplug
The probe order for >4 NICs is a well documented issue with ESX across multiple operating systems. It may not affect ... Jim Pingle
11:53 AM Feature #11690: Add an option to rescan PCI buses to allow NIC hotplug
Hi Jim, thanks for the explanation.
If I understand correctly, the problem would only occur if I add more than 4 NIC... Louis Sautier
11:47 AM Feature #11690 (Rejected): Add an option to rescan PCI buses to allow NIC hotplug
I don't think we'd ever recommend doing that. If you must, you can run the command manually, but there could be drast... Jim Pingle
11:18 AM Feature #11690 (Rejected): Add an option to rescan PCI buses to allow NIC hotplug
Hi,
Would it be possible to add an option to rescan PCI buses? Maybe just a playback command would be enough.
I a... Louis Sautier
10:44 AM Feature #7077 (Resolved): Display negotiated data encryption algorithm in OpenVPN connection status
Jim Pingle
10:25 AM pfSense Plus Regression #11689: LEDs do not indicate available upgrade status
Relevant commits:
https://gitlab.netgate.com/pfSense/factory/-/commit/2add5e3aaaa59a66b2de8789b39b61efff27dfb8
ht... Jim Pingle
10:07 AM pfSense Plus Regression #11689: LEDs do not indicate available upgrade status
I committed another change to use the middle LED for this rather than overloading the use of the ready LED, since the... Jim Pingle
09:41 AM pfSense Plus Regression #11689 (Feedback): LEDs do not indicate available upgrade status
Fix committed, should be in tomorrow's image Jim Pingle
08:44 AM pfSense Plus Regression #11689 (Resolved): LEDs do not indicate available upgrade status
LEDs are not being updated when a new upgrade is available.
Only affects Plus.
Variable in @etc/rc.update_pkg_m... Jim Pingle
02:52 AM Bug #11352: CTF types > 2^15 in the pfSense kernel config results in DTrace failing
With all SCSI and RAID drivers from GENERIC, this pulled back the number of types to 28890.
Perhaps a few modern SCS... Peter Grehan

03/16/2021

11:50 PM Bug #11454: Gateway value for DHCP6 interfaces missing after RA events triggered script without gateway information
I think I might have found the problem.
First of all, I stated incorrectly in my previous post that "/var/etc/dhcp... Paul K
07:42 PM Bug #11454 (In Progress): Gateway value for DHCP6 interfaces missing after RA events triggered script without gateway information
Flole Systems wrote:
> No surprise that didn't fix it, where should that second argument be coming from? Its never p... Jim Pingle
07:38 PM Bug #11454: Gateway value for DHCP6 interfaces missing after RA events triggered script without gateway information
No surprise that didn't fix it, where should that second argument be coming from? Its never passed to the managedconf... Flole Systems
02:34 PM Bug #11454: Gateway value for DHCP6 interfaces missing after RA events triggered script without gateway information
The 2.5.1-RC did not resolve the gateway issue. Thread started on the forum. Greg Shaffer
12:39 PM Bug #11454: Gateway value for DHCP6 interfaces missing after RA events triggered script without gateway information
Please direct all feedback to threads on the forum category for Plus 21.02.2 / CE 2.5.1 at https://forum.netgate.com/... Jim Pingle
11:48 AM Bug #11454: Gateway value for DHCP6 interfaces missing after RA events triggered script without gateway information
I restored the original interfaces.inc, applied the patch and rebooted my system. Doesn't look like it fixed the issu... Greg Shaffer
11:36 AM Bug #11454: Gateway value for DHCP6 interfaces missing after RA events triggered script without gateway information
At a minimum you have to Edit/Save/Apply on the affected WAN interface after changing the gateway, otherwise it won't... Jim Pingle
11:34 AM Bug #11454: Gateway value for DHCP6 interfaces missing after RA events triggered script without gateway information
I tried applying this as a patch to my 2.5 box... the patch tested properly and applied without issue, but after remo... Anonymous
08:10 AM Bug #11454 (Feedback): Gateway value for DHCP6 interfaces missing after RA events triggered script without gateway information
Applied in changeset commit:78ca7d58c6cc706b5c6aeb8c00c6b4e2b5c841cd. Jim Pingle
08:06 AM Bug #11454: Gateway value for DHCP6 interfaces missing after RA events triggered script without gateway information
Updating subject for release notes and to more accurately reflect the nature of the problem. Jim Pingle
07:53 AM Bug #11454: Gateway value for DHCP6 interfaces missing after RA events triggered script without gateway information
To me, I have a fix. Jim Pingle
10:44 PM Bug #11688: Disabling all interfaces associated with a floating rule causes the firewall to generate an incorrect pf rule
I opened a GitHub pull request: https://github.com/pfsense/pfsense/pull/4509 Jonathon Reinhart
10:31 PM Bug #11688 (Closed): Disabling all interfaces associated with a floating rule causes the firewall to generate an incorrect pf rule
h1. TL;DR
If a floating rule is associated with interfaces, but none of them are enabled, the generated rule incor... Jonathon Reinhart
07:28 PM pfSense Packages Feature #11573: Custom Commands
Maybe web terminal is option here you wanted to ask, but pfsense already allow you run commands, not predefined one DRago_Angel [InV@DER]
07:11 PM pfSense Plus Regression #11436: State matching problem with reponses to packets arriving on non-default WANs
I have the same problem with 21.02. No VPN's just straight multi-wan. WAN2 (non-default) responds to a ping and works... Rick Strangman
03:27 PM pfSense Plus Regression #11436: State matching problem with reponses to packets arriving on non-default WANs
Sounds like it may be related to my issue as well (#11630). It was working normally on my daily build from January du... James Blanton
06:49 PM Revision 5effaab2: Merge pull request #4503 from nraven777/patch-1
Renato Botelho
06:49 PM Revision e04e15e4: Merge pull request #4508 from thomasloven/patch-1
Renato Botelho
06:47 PM Revision 1a7bff1d: Merge pull request #4502 from znerol-forks/fix/master/deprecate-prefix-of-when-ra-srcaddr-set
Renato Botelho
06:33 PM Revision 3c4fc240: Revert changes for issue #11091
Negatively impacts parent interfaces, needs more work. Jim Pingle
05:56 PM Revision 0a0a3e17: set_curlproxy() fixes. Issue #11476
(cherry picked from commit 75a3b0decc8e26e42cdc04f84d7a1a806c922f5a) Viktor Gurov
05:05 PM pfSense Packages Bug #11687: Fix download URLs for SecuriteInfo.com
A pull request fixing this bug can be found on "GitHub":https://github.com/pfsense/FreeBSD-ports/pull/1055. Markus *
04:55 PM pfSense Packages Bug #11687 (Resolved): Fix download URLs for SecuriteInfo.com
The download URLs for the SecuriteInfo.com databases in the freshclam configuration are missing the SecuriteInfo.com ID. Markus *
04:59 PM Feature #7077: Display negotiated data encryption algorithm in OpenVPN connection status
Can confirm this is working for me on a SG-5100 running 21.02.2 RC. When connected with my android device, I navigate... Nick Goehring
04:33 PM pfSense Packages Bug #11575: OpenVPN clients cannot pass traffic when reconnecting using the same source port
Well, confirmed what I stated before,
*enable_async_push=yes* breaks reconnect process when using server with UDP a... Edgardo Rodriguez
03:29 PM pfSense Packages Bug #11575: OpenVPN clients cannot pass traffic when reconnecting using the same source port
I found that, using tcp server mode reconnection works as expected (without needing to set lport 0, or nobind, or any... Edgardo Rodriguez
03:59 PM pfSense Packages Bug #11686 (Resolved): FRR generated ACCEPTFILTER permit statement broken
When the ACCEPTFILTER is generated all goes well except the last line which is ip prefix-list ACCEPTFILTER seq 10 per... Robert Sailer
03:19 PM Revision 75a3b0de: set_curlproxy() fixes. Issue #11476
Viktor Gurov
03:08 PM Regression #11570: Gateway monitoring services is not always restarted on interface events, which may prevent a WAN from recovering back to an online state
Viktor Gurov wrote:
> M L wrote:
> > *Failover back to main, not so great:*
> > # Plug in WAN1
> > # WAN1 interfa... James Blanton
01:54 PM pfSense Packages Bug #11680 (Feedback): Saving HAProxy FrontEnd description with umlauts causes configuration restore
PR has been merged. Thanks! Renato Botelho
10:48 AM pfSense Packages Bug #11680 (Pull Request Review): Saving HAProxy FrontEnd description with umlauts causes configuration restore
Jim Pingle
04:07 AM pfSense Packages Bug #11680: Saving HAProxy FrontEnd description with umlauts causes configuration restore
fix:
https://github.com/pfsense/FreeBSD-ports/pull/1054 Viktor Gurov
12:07 AM pfSense Packages Bug #11680: Saving HAProxy FrontEnd description with umlauts causes configuration restore
similar to #10442 Viktor Gurov
12:06 AM pfSense Packages Bug #11680 (Resolved): Saving HAProxy FrontEnd description with umlauts causes configuration restore
https://forum.netgate.com/topic/162010/saving-haproxy-config-causes-config-restore:
On pfSense 2.5.0, HAProxy, i t... Viktor Gurov
01:53 PM pfSense Packages Bug #11640 (Feedback): Ntopng configuration and data loss when shutting down Redis
PR has been merged. Thanks! Renato Botelho
01:50 PM Feature #11264 (Feedback): Redirect Captive Portal users to login page after they logout
PR has been merged. Thanks! Renato Botelho
01:50 PM Bug #11667 (Feedback): Automatic 25-day forced Dynamic DNS update removes wildcard domain
PR has been merged. Thanks! Renato Botelho
01:48 PM Feature #11103: Use virtual link local IP address as RA source address for HA environments
MErged. Thanks! Renato Botelho
01:34 PM Bug #11091: Interfaces set as disabled in the configuration have an UP status in the operating system at boot
I backed the change out of RELENG_2_5_1, moving target forward.
 Jim Pingle
01:25 PM Bug #11091 (In Progress): Interfaces set as disabled in the configuration have an UP status in the operating system at boot
I think this may need some refinement as it could interfere with other things. If you have an interface assigned but ... Jim Pingle
01:13 PM Revision 919545c4: Finish refactoring firewall_NAT* for MVC
Steve Beaver
01:01 PM Revision 77abcd71: Only write DHCP6 gw when given a value. Fixes #11454
(cherry picked from commit 78ca7d58c6cc706b5c6aeb8c00c6b4e2b5c841cd) Jim Pingle
12:59 PM Revision 78ca7d58: Only write DHCP6 gw when given a value. Fixes #11454
Jim Pingle
12:56 PM Bug #11476 (Feedback): Telegram and Pushover notification API calls do not respect proxy configuration
Merged and cherry-picked to 2.5.1 Renato Botelho
11:33 AM Bug #11476 (Pull Request Review): Telegram and Pushover notification API calls do not respect proxy configuration
Jim Pingle
10:23 AM Bug #11476 (New): Telegram and Pushover notification API calls do not respect proxy configuration
some errors:... Viktor Gurov
12:42 PM Revision ad0c2928: Add 2.5.1-RC repository
Renato Botelho
12:42 PM Revision 11208036: Add 2.5.1-RC repository
Renato Botelho
12:39 PM Revision bc85c456: Add 2.5.1-RC repository
Renato Botelho
12:22 PM Revision ac37d85c: Set correct WireGuard interface MTU on boot/config changes. Fixes #11482
(cherry picked from commit 5b141e80eca7718043a83bb690dfe2d8db04ee87) Viktor Gurov
12:22 PM Revision 5b141e80: Set correct WireGuard interface MTU on boot/config changes. Fixes #11482
Viktor Gurov
12:22 PM Revision 6ba95044: Reject IPv4-mapped IPv6 addresses on Mobile IPsec DNS server input validation. Fixes #11446
(cherry picked from commit 90fd68c6d42a25db20147dd455fc2701599b9c7d) Viktor Gurov
12:21 PM Revision 90fd68c6: Reject IPv4-mapped IPv6 addresses on Mobile IPsec DNS server input validation. Fixes #11446
Viktor Gurov
11:46 AM Bug #11685: PHP error if ``PHP_error.log`` file is too large
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/195 Viktor Gurov
11:46 AM Bug #11685 (Pull Request Review): PHP error if ``PHP_error.log`` file is too large
Jim Pingle
11:35 AM Bug #11685 (Closed): PHP error if ``PHP_error.log`` file is too large
Unable to load crash dump files if PHP_error.log is too large:... Viktor Gurov
11:29 AM Todo #11684 (Pull Request Review): Set ``explicit-exit-notify`` option by default for new OpenVPN server instances
Jim Pingle
10:54 AM Todo #11684: Set ``explicit-exit-notify`` option by default for new OpenVPN server instances
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/194
see also #11520 and #11521
 Viktor Gurov
10:50 AM Todo #11684 (Resolved): Set ``explicit-exit-notify`` option by default for new OpenVPN server instances
https://openvpn-users.narkive.com/bjhC5hVo/tls-error-local-remote-tls-keys-are-out-of-sync#post8:
Suppose you have a... Viktor Gurov
10:57 AM Regression #11433 (Resolved): Gateways with "Use non-local gateway" set are not added to routing table
works as expected on 2.5.1.r.20210314.2256:... Viktor Gurov
10:50 AM pfSense Packages Bug #11683 (Pull Request Review): Certificate Manager page doesn't show FreeRADIUS used certificates
Jim Pingle
06:26 AM pfSense Packages Bug #11683: Certificate Manager page doesn't show FreeRADIUS used certificates
fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/74 Viktor Gurov
05:39 AM pfSense Packages Bug #11683 (Resolved): Certificate Manager page doesn't show FreeRADIUS used certificates
On the system_certmanager.php page, you can see the "In Use" column which reflects the certificates used by IPsec/Ope... Viktor Gurov
10:49 AM pfSense Packages Bug #11682 (Pull Request Review): Certificate Manager page do not show STunnel used certificates
Jim Pingle
05:35 AM pfSense Packages Bug #11682: Certificate Manager page do not show STunnel used certificates
fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/73 Viktor Gurov
05:33 AM pfSense Packages Bug #11682 (Resolved): Certificate Manager page do not show STunnel used certificates
On the system_certmanager.php page, you can see the "In Use" column which reflects the certificates used by IPsec / O... Viktor Gurov
10:35 AM Bug #11403 (Resolved): DNS Resolver does not add a ``local-zone`` type for ``ip6.arpa`` domain override
works as expected on 2.5.1.r.20210314.2256:... Viktor Gurov
10:25 AM Bug #11624 (Resolved): Typo on Router Advertisements page
ok on 2.5.1.r.20210314.2256 Viktor Gurov
10:15 AM pfSense Packages Bug #11366 (Pull Request Review): Arpwatch Cron Notification every 15 minutes
Jim Pingle
02:07 AM pfSense Packages Bug #11366: Arpwatch Cron Notification every 15 minutes
fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/72 Viktor Gurov
10:15 AM Bug #11678 (Pull Request Review): Certificate Manager does not report Unbound as using a certificate
Jim Pingle
01:59 AM Bug #11678: Certificate Manager does not report Unbound as using a certificate
fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/191 Viktor Gurov
10:13 AM pfSense Packages Bug #11681 (Pull Request Review): FRR generates invalid BFD configuration after removing interfaces
Jim Pingle
12:49 AM pfSense Packages Bug #11681: FRR generates invalid BFD configuration after removing interfaces
fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/71 Viktor Gurov
12:17 AM pfSense Packages Bug #11681 (Resolved): FRR generates invalid BFD configuration after removing interfaces
If you create a BFD peer configuration and set the Interface option to a value other than "Default",
and then remove... Viktor Gurov
10:08 AM Regression #11447: EAP-RADIUS Mobile IPsec clients with RADIUS-assigned addresses do not get additional configuration attributes
If it needs that kind of more involved work then we can look at it deeper for the next release after this. Jim Pingle
08:17 AM Regression #11447: EAP-RADIUS Mobile IPsec clients with RADIUS-assigned addresses do not get additional configuration attributes
Jim Pingle wrote:
> To test:
>
> * Setup mobile IPsec using IKEv2 and EAP-RADIUS against a RADIUS server
> * Lea... Viktor Gurov
09:54 AM Bug #11464 (Resolved): Requests to ``ews.netgate.com`` do not honor proxy configuration
works as expected on 2.5.1.r.20210314.2256:
I see ... Viktor Gurov
09:27 AM pfSense Packages Bug #11585: WireGuard kernel panic when changing peer port on assigned WireGuard interface
I can test whenever this hits the dev snaps. I assume this is incubating in 2.6 devl?
I'm not sure what you can di... Christian McDonald
08:10 AM pfSense Packages Bug #11585 (Feedback): WireGuard kernel panic when changing peer port on assigned WireGuard interface
Many wg fixes were cherry-picked from upstream. This must be tested again Renato Botelho
08:10 AM Bug #11538 (Feedback): WireGuard Panic
Many wg fixes were cherry-picked from upstream. This must be tested again Renato Botelho
08:10 AM Bug #11586 (Feedback): WireGuard panic when saving many times in a row
Many wg fixes were cherry-picked from upstream. This must be tested again Renato Botelho
07:42 AM pfSense Docs Correction #11647: Feedback on Virtual Private Networks — IPsec — Routed IPsec (VTI)
https://gitlab.netgate.com/docs/pfSense-docs/-/merge_requests/10 Viktor Gurov
07:39 AM pfSense Docs Correction #11649 (Resolved): Feedback on System Monitoring — Routing Logs
PR merged and deployed Jim Pingle
07:35 AM pfSense Docs Correction #11649: Feedback on System Monitoring — Routing Logs
https://gitlab.netgate.com/docs/pfSense-docs/-/merge_requests/9 Viktor Gurov
07:30 AM Bug #11482: WireGuard interfaces do not always have proper MTU applied
Applied in changeset commit:5b141e80eca7718043a83bb690dfe2d8db04ee87. Viktor Gurov
07:23 AM Bug #11482 (Feedback): WireGuard interfaces do not always have proper MTU applied
Merged and cherry-picked to 2.5.1 Renato Botelho
07:30 AM Bug #11446: Mobile IPsec DNS server input validation does not reject unsupported IPv4-mapped IPv6 addresses
Applied in changeset commit:90fd68c6d42a25db20147dd455fc2701599b9c7d. Viktor Gurov
07:23 AM Bug #11446 (Feedback): Mobile IPsec DNS server input validation does not reject unsupported IPv4-mapped IPv6 addresses
Merged and cherry-picked to 2.5.1 Renato Botelho
06:13 AM pfSense Packages Bug #11610: NET-SNMP is not setting the correct permissions on AgentX
I *think* the issue is somewhere in here */usr/local/pkg/frr.inc*
in the segment as follows:... Yif Swery
05:58 AM pfSense Packages Bug #11610: NET-SNMP is not setting the correct permissions on AgentX
Viktor Gurov wrote:
> Unable to reproduce with FRR pkg 1.1.0_8 -
> frr starts successfully with the "Enable agentx"... Yif Swery

03/15/2021

10:29 PM pfSense Packages Bug #11575: OpenVPN clients cannot pass traffic when reconnecting using the same source port
Jim Pingle wrote:
> If an OpenVPN client reconnects immediately after disconnecting, in certain cases it cannot pass... Edgardo Rodriguez
04:08 PM Revision 8e4d80e1: Revise target port error message
Steve Beaver
01:57 PM Revision 188456d0: Do not delete disabled routes on boot. Fixes #3709
(cherry picked from commit 6336607d28a014a3de1b4e873a6ab97b9a635a7f) Viktor Gurov
01:56 PM Revision 6336607d: Do not delete disabled routes on boot. Fixes #3709
Viktor Gurov
01:54 PM Revision 58832005: Shell LDAP authentication fix. Issue #11644
(cherry picked from commit 0c0b3a3d15e36fbba28937e6f4f6a41c61c984b3) Viktor Gurov
01:54 PM Revision 0c0b3a3d: Shell LDAP authentication fix. Issue #11644
Viktor Gurov
01:52 PM Revision c9f3f96a: Correct local IPv6 address for OpenVPN on 6RD/6to4 interfaces. Fixes #11674
(cherry picked from commit 1b59af4f44927e41fbe0bd64b9f737fc8dd32d33) Viktor Gurov
01:51 PM Revision 1b59af4f: Correct local IPv6 address for OpenVPN on 6RD/6to4 interfaces. Fixes #11674
Viktor Gurov
12:24 PM Revision be444914: Change OpenVPN auth to php-cgi for the time being. Fixes #4521
(cherry picked from commit 1bfdb794cb2a06932da0029ca37f9727c3f74274) Jim Pingle
12:24 PM Revision 1bfdb794: Change OpenVPN auth to php-cgi for the time being. Fixes #4521
Jim Pingle
09:42 AM Bug #11679 (Closed): Policy-based Routing (outbound) and port forwarding (inbound) "selectively" working through WG tunnel
This is my main thread about this issue: https://forum.netgate.com/topic/161293/policy-based-routing-outbound-and-por... Kevin Mychal Ong
09:18 AM Bug #11502: WireGuard ``matchaddr failed`` kernel messages in system log
Jim Pingle wrote:
> Adam Esslinger wrote:
> > I noticed that there were additional "LAN" network that weren't defin... Kevin Mychal Ong
09:05 AM Bug #3709: Disabled static route entries trigger 'route delete' error at boot
Applied in changeset commit:6336607d28a014a3de1b4e873a6ab97b9a635a7f. Viktor Gurov
08:56 AM Bug #3709 (Feedback): Disabled static route entries trigger 'route delete' error at boot
Merged and cherry-picked to 2.5.1 Renato Botelho
06:36 AM Bug #3709 (Pull Request Review): Disabled static route entries trigger 'route delete' error at boot
Jim Pingle
09:00 AM Bug #11674: OpenVPN binds to all interfaces when configured on a 6RD interface
Applied in changeset commit:1b59af4f44927e41fbe0bd64b9f737fc8dd32d33. Viktor Gurov
08:53 AM Bug #11674 (Feedback): OpenVPN binds to all interfaces when configured on a 6RD interface
Merged and cherry-picked to 2.5.1 Renato Botelho
06:16 AM Bug #11674 (Pull Request Review): OpenVPN binds to all interfaces when configured on a 6RD interface
Jim Pingle
08:55 AM Bug #11644 (Feedback): Unreachable LDAP server for SSH auth causes boot process to stop at 'Synchronizing user settings' and no user can login over SSH
Renato Botelho
08:55 AM Bug #11644: Unreachable LDAP server for SSH auth causes boot process to stop at 'Synchronizing user settings' and no user can login over SSH
Merged and cherry-picked to 2.5.1 Renato Botelho
06:40 AM Bug #11644 (Pull Request Review): Unreachable LDAP server for SSH auth causes boot process to stop at 'Synchronizing user settings' and no user can login over SSH
Jim Pingle
07:43 AM Bug #11678: Certificate Manager does not report Unbound as using a certificate
Not so critical we need to rush it into this release, but the next one, sure. Jim Pingle
07:41 AM Bug #11678 (Resolved): Certificate Manager does not report Unbound as using a certificate
If you enable SSL/TLS Service for local clients in Unbound you can select a certificate to use for that.
In the Ce... Steve Wheeler
07:30 AM Bug #4521: OpenVPN authentication and certificate validation fail due to size of data passed through ``fcgicli``
Applied in changeset commit:1bfdb794cb2a06932da0029ca37f9727c3f74274. Jim Pingle
07:28 AM Bug #4521 (Feedback): OpenVPN authentication and certificate validation fail due to size of data passed through ``fcgicli``
I pushed a change for both @ovpn_auth_verify@ and @ovpn_auth_verify_async@ to use @php-cgi@ for the time being, the c... Jim Pingle
07:26 AM Bug #11677 (Rejected): MultiWAN issue after upgrade to 2.5.0 - gets external WANIP but link down
This site is not for support or diagnostic discussion.
For assistance in solving problems, please post on the "Net... Jim Pingle
07:22 AM Bug #11677 (Rejected): MultiWAN issue after upgrade to 2.5.0 - gets external WANIP but link down
Hi there,
We upgraded our office pfSense instance from 2.4.5 to 2.5.0 last night, and lost WAN2 as a result. We get ... Michael Knowles
06:33 AM Bug #11675 (Pull Request Review): VLAN and QinQ edit pages allows selecting incompatible OpenVPN ``tun`` interfaces
Jim Pingle
06:32 AM pfSense Plus Bug #11673: Thermal Sensors Non-functional on SG-3100
I can reproduce it here even on a 21.02.2 snapshot. It's specific to the Thermal Sensors widget and not the temperatu... Jim Pingle
06:08 AM Bug #11663 (Duplicate): XMLRPC does not sync MSS clamping value under IPsec Advanced Settings tab
That is a better path forward Jim Pingle
06:07 AM Bug #11658 (Resolved): Ambiguous text in help and input validation error for system domain name
Jim Pingle
06:04 AM Regression #11475 (Feedback): Route tables with many entries can lead to PHP errors and timeouts when looking up routes
Luiz merged the PR and cherry-picked but needs confirmation that the fix is in and working in snapshots. Jim Pingle
06:02 AM Bug #11676 (Rejected): Kernel Panic with APU2 and Pfsense 2.5.0
Each of those panics has a completely different backtrace, and combined with the errors in the message buffer, I'm in... Jim Pingle
03:24 AM Bug #11676 (Rejected): Kernel Panic with APU2 and Pfsense 2.5.0
Hi all
I receive after upgrading to 2.5.0 Kernel Panics on APU2
with PFSense 2.5.0.
Thx in advance
admins Stefan Bühler
12:07 AM Revision c9b7ffc3: Merge pull request #187 from viktor/route_get_fix
Supress route no found error. Issue #11475
(cherry picked from commit f5ff5cdc369b494499db3f7aca4426952add59e3) Luiz Souza
12:01 AM Revision f5ff5cdc: Merge pull request #187 from viktor/route_get_fix
Supress route no found error. Issue #11475 Luiz Souza

03/14/2021

03:14 PM Bug #11483 (Resolved): Installer does not add required module to loader.conf when using ZFS
Looks good now in current 21.02p2 snapshots. The following are added to /boot/loader.conf:... Steve Wheeler
12:15 PM Bug #10176: Multiple duplicate / overlapping phase 2 Child SAs on IPsec tunnels
Jim Pingle wrote:
> work around it
Well, at least this is the appropriate term. Metaphorically speaking: it's tr... Izaac Falken
11:11 AM Bug #11644: Unreachable LDAP server for SSH auth causes boot process to stop at 'Synchronizing user settings' and no user can login over SSH
fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/190 Viktor Gurov
09:52 AM Bug #11542: Openvpn does not work correctly after updating to version 2.5.0
It is not a bug in pfSense, it is a bug in OpenVPN. See #11575 Jim Pingle
07:29 AM Bug #11542: Openvpn does not work correctly after updating to version 2.5.0
I confirm the problem, I have to wait approx 5mn before trying to reconnect
I did not see anything suspicious in log... Stéphane BARBARAY
05:25 AM Bug #11542: Openvpn does not work correctly after updating to version 2.5.0
and yet I insist that this is a problem
https://redmine.pfsense.org/issues/11634 itfabrica Tech
07:47 AM Regression #11570: Gateway monitoring services is not always restarted on interface events, which may prevent a WAN from recovering back to an online state
M L wrote:
> *Failover back to main, not so great:*
> # Plug in WAN1
> # WAN1 interface status shows link up with ... Viktor Gurov
07:38 AM Revision 46ff02ac: Supress route no found error. Issue #11475
Viktor Gurov
07:23 AM pfSense Packages Regression #11634: bind hangs when pfsense is reconnecting as an openvpn client to a TUN openvpn server
The problem is maybe not directly related, but I encountered this too, and if you wait 5mn before trying to reconnect... Stéphane BARBARAY
05:23 AM pfSense Packages Regression #11634: bind hangs when pfsense is reconnecting as an openvpn client to a TUN openvpn server
Good day! I confirm the problem, I created a ticket, but I was told that this is not an error
https://redmine.pfsens... itfabrica Tech
06:48 AM pfSense Packages Feature #10818: UDP Broadcast Relay
This is now a FreeBSD port: https://www.freshports.org/net/udpbroadcastrelay/ Steve Wheeler
06:15 AM Bug #4521: OpenVPN authentication and certificate validation fail due to size of data passed through ``fcgicli``
After re-reading the thread I interpreted Thomas' fix as potentially fixing my issue too. And it did. I can confirm t... Haraldinho D
06:04 AM Bug #4521: OpenVPN authentication and certificate validation fail due to size of data passed through ``fcgicli``
I use both certs and authentication in my setup. The 154.diff patch has solved the cert issue, but the next hurdle no... Haraldinho D
05:08 AM Bug #10706: Kernel route table entries are removed if they match disabled static route entries
see also #3709 Viktor Gurov
04:21 AM Bug #3709: Disabled static route entries trigger 'route delete' error at boot
fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/189 Viktor Gurov
04:07 AM Bug #11599: Modifying static routes results in a logged error, changes are not reflected in routing table
see also #7547
we need to keep a cache of the currently applied static routes to compare against when editing/updating Viktor Gurov
04:04 AM Bug #11675: VLAN and QinQ edit pages allows selecting incompatible OpenVPN ``tun`` interfaces
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/188 Viktor Gurov
03:42 AM Bug #11675 (Resolved): VLAN and QinQ edit pages allows selecting incompatible OpenVPN ``tun`` interfaces
The VLAN and QinQ edit pages allow you to select the OpenVPN TUN interfaces,
which is incorrect, since only TAP inte... Viktor Gurov
01:40 AM Regression #11475 (New): Route tables with many entries can lead to PHP errors and timeouts when looking up routes
now I see many `route: route has not been found` messages on boot:... Viktor Gurov
12:40 AM Bug #11662: QinQ using OpenVPN ``ovpn`` interface as a parent is not configured at boot time
fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/186 Viktor Gurov
12:22 AM Bug #11454: Gateway value for DHCP6 interfaces missing after RA events triggered script without gateway information
Paul K wrote:
> I can confirm this as an issue.
>
> This is however much larger issue than described in the origi... Car F
12:16 AM pfSense Packages Bug #11610 (Feedback): NET-SNMP is not setting the correct permissions on AgentX
Viktor Gurov

03/13/2021

11:45 PM Bug #11674: OpenVPN binds to all interfaces when configured on a 6RD interface
similar to #11643
fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/185 Viktor Gurov
11:34 PM Bug #11674 (Closed): OpenVPN binds to all interfaces when configured on a 6RD interface
If OpenVPN instance is configured on 6RD interface,
there is no `local` option in the `/var/etc/openvpn/<instance>/c... Viktor Gurov
11:18 PM pfSense Plus Bug #11673: Thermal Sensors Non-functional on SG-3100
Unable to reproduce
Could be related to #11443 Viktor Gurov
10:01 PM pfSense Plus Bug #11673: Thermal Sensors Non-functional on SG-3100
Kris Phillips wrote:
> The Dashboard Widget for the SG-3100 showing the thermal sensor information gets stuck on "Up... Michael Spears
06:20 PM pfSense Plus Bug #11673 (Duplicate): Thermal Sensors Non-functional on SG-3100
The Dashboard Widget for the SG-3100 showing the thermal sensor information gets stuck on "Updating...." in pfSense P... Kris Phillips
10:00 PM Regression #11524: Using SHA1 or SHA256 with AES-NI may fail if AES-NI attempts to accelerate hashing
Jim Pingle wrote:
> Based on at least one report, it appears AES-NI on Plus 21.02/2.5.0 has an issue with SHA-256 an... Michael Spears
05:46 PM pfSense Docs Correction #11399: SG-3100 M.2 Installation Guide Reinstall Corrections
It seems the installer should be updating the U-boot variables to point to the correct install media after you run th... Kris Phillips
05:44 PM Regression #11526: Mobile IPsec broken when using strict certificate revocation list checking
Applied this on a customer firewall and the issue went away for IPSec. Seems to be working, but should be further ve... Kris Phillips
05:31 PM Bug #11454: Gateway value for DHCP6 interfaces missing after RA events triggered script without gateway information
I can confirm this as an issue.
This is however much larger issue than described in the original post. This should... Paul K
02:32 PM Feature #855: Ability to selectively kill states on gateway recovery
I just hit this issue with a failover LTE connection (metered).
I have almost everything go out over a wireguard t... aptalca aptalca
02:22 PM Bug #11663: XMLRPC does not sync MSS clamping value under IPsec Advanced Settings tab
Jim Pingle wrote:
> We've considered moving that MSS option out of the IPsec Advanced tab for various reasons, since... Viktor Gurov
09:06 AM Bug #11658: Ambiguous text in help and input validation error for system domain name
Looks good so far. The patch fixes the text to "Alternative TLDs such as 'local.lan' or 'mylocal' are safe."
Max Leighton
08:43 AM Bug #11672 (Duplicate): when setup Static Routes use aliases,cannot automatically learn that the aliases ip list has changed
There are several problems with aliases and static routes and they are being tracked at #7547 already Jim Pingle
05:25 AM Bug #11672: when setup Static Routes use aliases,cannot automatically learn that the aliases ip list has changed
For example, increase or decrease the ip network segment in the alias list,There are dozens or hundreds of ips in the... yon Liu
05:21 AM Bug #11672 (Duplicate): when setup Static Routes use aliases,cannot automatically learn that the aliases ip list has changed
when setup Static Routes use aliases, if the aliases ip list changed, the Static routing cannot automatically learn t... yon Liu
05:05 AM Regression #11475: Route tables with many entries can lead to PHP errors and timeouts when looking up routes

when running frr bgp route with large full routes system, the gateways.php and system_routes.php edit and save chan... yon Liu

03/12/2021

10:31 PM pfSense Plus Regression #11436: State matching problem with reponses to packets arriving on non-default WANs
Sounds like this issue might be causing my problem but I can't tell 100% from the description.
One of our sites ha... Eduard Rozenberg
12:38 PM pfSense Plus Regression #11436: State matching problem with reponses to packets arriving on non-default WANs
Updating subject for release notes.
Also made it more general since this can affect more than port forwards. Jim Pingle
10:50 AM pfSense Plus Regression #11436: State matching problem with reponses to packets arriving on non-default WANs
Just to update. The nat rule on 2.4.5p1 for 1:1 Nat is... Greg Hulands
09:32 PM pfSense Packages Bug #11366 (New): Arpwatch Cron Notification every 15 minutes
Jim Pingle
07:55 PM pfSense Packages Bug #11366: Arpwatch Cron Notification every 15 minutes
Thanks, your fix seems to have done the job, I haven't received any useless emails so far.
Edward Thomas wrote:
... Abdul Khaliq
07:38 PM pfSense Packages Bug #11366: Arpwatch Cron Notification every 15 minutes
I found the bug in arpwatch.
The bug is in the file: /usr/local/arpwatch/sendmail_proxy.php
In the statement:
... Edward Thomas
03:19 PM Revision 591b3cba: Include wildcard setting in dyndns refresh
Every 25th day, my dyndns forcibly updates, and the wildcard entry is gone.
This should fix that, as far as I can te... Thomas Lovén
01:52 PM Bug #11667 (Closed): Automatic 25-day forced Dynamic DNS update removes wildcard domain
What I'm trying to do:
Use Dynamic DNS with a wildcard subdomain.
What I expect to happen:
DNS entry is refreshe... Thomas Lovén
12:57 PM Bug #11583: dashboard nginx 504 Gateway time-out error
Ultimately disabling bzip2 fixed the issue. Bzip2 is the new format in 2.5.0, prior versions were uncompressed. Adam Esslinger
12:53 PM Regression #11519: Incorrect DHCP failover IP address configured on peer after XMLRPC sync
Updating subject for release notes. Jim Pingle
12:52 PM Bug #11638: PHP error in logs from XMLRPC if no sections are selected to sync
Updating subject for release notes. Jim Pingle
12:49 PM pfSense Packages Bug #11465: Input validation does not prevent multiple conflicting WireGuard peers on a single tunnel from attempting to act as default route
Updating subject for release notes. Jim Pingle
12:45 PM Bug #11502: WireGuard ``matchaddr failed`` kernel messages in system log
Updating subject for release notes. Jim Pingle
12:41 PM Bug #11600: WireGuard interfaces should have MSS clamping enabled by default
Updating subject for release notes. Jim Pingle
12:39 PM Bug #11464: Requests to ``ews.netgate.com`` do not honor proxy configuration
Updating subject for release notes. Jim Pingle
12:36 PM Regression #11565: Saved state timeout values not loaded into GUI fields on system_advanced_firewall.php
Updating subject for release notes. Jim Pingle
12:31 PM Regression #11475: Route tables with many entries can lead to PHP errors and timeouts when looking up routes
Updating subject for release notes. Jim Pingle
12:29 PM Bug #11578: Error when removing automatic DNS server route
Updating subject for release notes. Jim Pingle
12:27 PM Regression #11594: IPv6 routes with a prefix length of 128 result in an invalid route table entry
Updating subject for release notes. Jim Pingle
12:25 PM Bug #11617: Unexpected Operator error on console at boot with ZFS and RAM Disks
Updating subject for release notes. Jim Pingle
11:25 AM Bug #11666 (New): GUI Firewall log search not parsing filter.log beyond hard coded limit
Currently the Safety belt limit is set to 10K for release v2.5
This is preventing the GUI search from parsing any lo... Nick Zee
11:07 AM Bug #4521: OpenVPN authentication and certificate validation fail due to size of data passed through ``fcgicli``
Updating subject for release notes. Jim Pingle
11:05 AM Feature #7077: Display negotiated data encryption algorithm in OpenVPN connection status
Updating subject for release notes. Jim Pingle
10:58 AM Bug #11104: OpenVPN does not start with several authentication sources selected
Updating subject for release notes. Jim Pingle
10:57 AM Bug #11382: OpenVPN client configuration page displays Shared Key option when set for SSL/TLS
Updating subject for release notes. Jim Pingle
10:56 AM Bug #11448: Incorrect order of ``route-nopull`` option in OpenVPN client-specific override configuration
Updating subject for release notes. Jim Pingle
10:54 AM Regression #11500: OpenVPN using the wrong OpenSSL command to list digest algorithms
Updating subject for release notes. Jim Pingle
10:51 AM Bug #11554: Selected Data Encryption Algorithms list items reset when an input validation error occurs
Updating subject for release notes. Jim Pingle
10:49 AM Bug #11559: OpenVPN does not start with a long list of Data Encryption Algorithms
Updating subject for release notes. Jim Pingle
10:48 AM Regression #11561: ACLs generated from RADIUS reply attributes do not parse ``{clientip}`` macro
Updating subject for release notes. Jim Pingle
10:48 AM Bug #11569: ACLs generated from RADIUS reply attributes have incorrect syntax
Updating subject for release notes. Jim Pingle
10:45 AM Bug #11476: Telegram and Pushover notification API calls do not respect proxy configuration
Updating subject for release notes. Jim Pingle
10:44 AM Bug #11639: Entries from rotated log files may be displayed out of order when log display includes contents from multiple files
Updating subject for release notes. Jim Pingle
10:41 AM Bug #11105: IPv6 RA RDNSS lifetime is too short, not compliant with RFC 8106
Updating subject for release notes. Jim Pingle
10:40 AM Regression #11442: Distinguished Name (FQDN) IPsec peer identifier type is not formatted properly in ``swanctl.conf`` secrets
Updating subject for release notes. Jim Pingle
10:36 AM Bug #11446: Mobile IPsec DNS server input validation does not reject unsupported IPv4-mapped IPv6 addresses
Updating subject for release notes. Jim Pingle
10:33 AM Bug #11474: Broken help link on IPsec Advanced Settings tab
Updating subject for release notes. Jim Pingle
10:33 AM Regression #11486: Connect and disconnect buttons on the IPsec status page do not work for all tunnels
Updating subject for release notes. Jim Pingle
10:32 AM Regression #11487: IPsec tunnels using expanded IKE connection numbers do not have proper child SA names in ``swanctl.conf``
Updating subject for release notes. Jim Pingle
10:31 AM Bug #11488: IPsec tunnel definitions have ``pools =`` entry in ``swanctl.conf`` with no value
Updating subject for release notes. Jim Pingle
10:30 AM Regression #11526: Mobile IPsec broken when using strict certificate revocation list checking
Updating subject for release notes. Jim Pingle
10:26 AM Regression #11555: IPsec peer ID of "Any" does not generate a proper remote definition or related secrets
Updating subject for release notes. Jim Pingle
10:21 AM Bug #11643: IPsec tunnel does not function when configured on a 6RD interface
Updating subject for release notes. Jim Pingle
10:20 AM pfSense Plus Feature #10804: Interface Status page information for switch uplinks may be replaced by switch port data when media state monitoring is set
Updating subject for release notes. Jim Pingle
10:19 AM Bug #11091: Interfaces set as disabled in the configuration have an UP status in the operating system at boot
Updating subject for release notes. Jim Pingle
09:23 AM Bug #11091 (Resolved): Interfaces set as disabled in the configuration have an UP status in the operating system at boot
Jim Pingle
10:18 AM Bug #11409: IPv4 MSS value is incorrectly applied to IPv6 packets
Updating subject for release notes. Jim Pingle
10:16 AM Bug #11602: Delayed packet transmission in cxgbe driver can lead to latency and reduced performance
Updating subject for release notes. Jim Pingle
10:14 AM Regression #11633: DHCP6 interfaces are reconfigured multiple times at boot when more than one interface is set to Track
Updating subject for release notes. Jim Pingle
10:12 AM Bug #11483: Installer does not add required module to loader.conf when using ZFS
Updating subject for release notes. Jim Pingle
10:00 AM Regression #11433: Gateways with "Use non-local gateway" set are not added to routing table
Updating subject for release notes. Jim Pingle
09:57 AM Regression #11316: Unbound crashes with signal 11 when reloading
Updating subject for release notes.
If Unbound doesn't find/fix the issue in 1.13.1 soon we may consider rolling U... Jim Pingle
09:45 AM Bug #11403: DNS Resolver does not add a ``local-zone`` type for ``ip6.arpa`` domain override
Updating subject for release notes. Jim Pingle
09:42 AM Bug #11547: DNS Resolver does not bind to an interface when it recovers from a down state
Updating subject for release notes. Jim Pingle
09:41 AM Bug #11428: CPU details are incorrect in the System Information widget after resetting log files
Updating subject for release notes. Jim Pingle
09:40 AM Regression #11443: Disabling 'State Table Size' in the System Information widget prevents other data from being displayed
Updating subject for release notes. Jim Pingle
09:38 AM Bug #11489: Invalid certificate data can cause a PHP error
Updating subject for release notes. Jim Pingle
09:36 AM pfSense Plus Regression #11504: CA and certificate validity end dates after 2038 are not handled properly on 32-bit ARM
Updating subject for release notes. Jim Pingle
09:16 AM pfSense Plus Regression #11504 (Resolved): CA and certificate validity end dates after 2038 are not handled properly on 32-bit ARM
Jim Pingle
09:35 AM Bug #11514: Renewing a self-signed CA or certificate does not update the serial number
Updating subject for release notes. Jim Pingle
07:59 AM Bug #11665 (Rejected): All interfaces going down / up on DHCP server change
I can't replicate this as stated, DHCP Server saving triggers a filter reload and restarts the DHCP daemon (and maybe... Jim Pingle
07:39 AM Bug #11665 (Rejected): All interfaces going down / up on DHCP server change
Changing anything related to DHCP server (including adding a static mapping) even on a different subnet is cycling al... Derek Wuelfrath
07:53 AM Bug #11663: XMLRPC does not sync MSS clamping value under IPsec Advanced Settings tab
Manuel M. wrote:
> So the only way is to set up this manually on both machines?
Correct
> Is there a overview ... Jim Pingle
07:41 AM Bug #11663: XMLRPC does not sync MSS clamping value under IPsec Advanced Settings tab
Jim Pingle wrote:
> That is specific to that option and not a general XMLRPC problem.
> The MSS options are @$confi... Manuel M.
07:37 AM Bug #11663: XMLRPC does not sync MSS clamping value under IPsec Advanced Settings tab
That is specific to that option and not a general XMLRPC problem.
The MSS options are @$config['system']['maxmss_e... Jim Pingle
05:28 AM Bug #11663 (Duplicate): XMLRPC does not sync MSS clamping value under IPsec Advanced Settings tab
High Availability Sync is not syncing all settings from for example the IPSec Configuration option.
Tested with t... Manuel M.
07:47 AM Bug #11661 (Not a Bug): OpenVPN L2 TAP tunnel mac routing table
That is up to OpenVPN to maintain/expire internally. I don't see any configuration options in the OpenVPN man page wh... Jim Pingle
01:46 AM Bug #11661 (Not a Bug): OpenVPN L2 TAP tunnel mac routing table
Scenario: OpenVPN: [sense1 client] -> [sense2 server] [sense2 client] -> [sense3 server]
- Servers and clients are... jo ko
07:28 AM Bug #11664 (Duplicate): Openvpn-Client (2.5) connected but not communicating with the remote network
Likely a duplicate of #11575
This site is not for support or diagnostic discussion.
For assistance in solving p... Jim Pingle
07:27 AM Bug #11664 (Duplicate): Openvpn-Client (2.5) connected but not communicating with the remote network
I have openvpn 2.5 clients that normally connect to the tunnel I created, however even with the green openvpn-gui con... Victor França Machado de Araújo
07:24 AM Regression #11524: Using SHA1 or SHA256 with AES-NI may fail if AES-NI attempts to accelerate hashing
There have been multiple additional confirmations of this from customers and forum users, and in each case thus far, ... Jim Pingle
01:52 AM Bug #11662 (Resolved): QinQ using OpenVPN ``ovpn`` interface as a parent is not configured at boot time
QinQ interfaces created on top of ovpns or ovpnc disappears after reboot.
(for example ovpns1.100.2000 or ovpnc2.100... jo ko

03/11/2021

08:20 PM Revision 8f5dbb0c: Show switch tagging ports on status_interfaces page. Implements #10804
(cherry picked from commit 4e5e99a61d422941e69b2caa11e948363409e48c) Viktor Gurov
08:18 PM Revision 77cc3108: DHCP6 interfaces bootup fix. Issue #11633
(cherry picked from commit 1a6189611f68eb6ed9a1aa803999de81287386af) Viktor Gurov
08:07 PM Revision c67222fc: OpenVPN auth sources strlen validation. Issue #11104
(cherry picked from commit 3006473268acfc7068ade04ad7e2befbd8af8f81) Viktor Gurov
08:07 PM Revision 035e7029: Do not clean dmesg.boot on Reset Log Files. Fixes #11428
(cherry picked from commit f3fd77ee3cbb6e547b6154d13eab5019f36025d6) Viktor Gurov
08:06 PM Revision 4e2d1ee8: WireGuard default route Allowed IPs validation. Issue #11465
(cherry picked from commit 29b2cdb4e1d0cd9c2be98819d0e07dbf5b696308) Viktor Gurov
08:04 PM Revision 6790dc8c: route_del() optimization. Issue #11475
(cherry picked from commit 07b780c84305142e2f3af8587b909bf004f11568) Viktor Gurov
08:04 PM Revision 7a42c5d0: route_get() optimization. Fixes #11475
(cherry picked from commit 7990de53bfc8267d1dd96636a175929a35cbe664) Viktor Gurov
08:03 PM Revision 8c0d54f3: Move interfaces_ipsec_vti_configure() to the end of interfaces_configure(). Issue #11537
(cherry picked from commit 9b39f8de4b2e7b3d9732080356382dce80a461fa) Viktor Gurov
08:03 PM Revision a85a5809: IPsec VTI interfaces bootup fix. Issue #11537
(cherry picked from commit cfff0f351c74599d61286ce0161e570e587e5aac) Viktor Gurov
08:02 PM Revision cabb3465: Fix removing automatic DNS server route. Issue #11578
(cherry picked from commit 11338b8701bf6185ba34c1a387b1e1318afe19e0) Viktor Gurov
08:01 PM Revision ce5c4d24: Static IPv6 /128 routes fix. Issue #11594
(cherry picked from commit d9818e01479718efa5e02d8b0d32a87cfcaabf5a) Viktor Gurov
08:01 PM Revision 0f432ac4: WireGuard default TCP MSS clampling. Issue #11600
(cherry picked from commit 6efc02a141106b0274e7e27320d5f0abc111378a) Viktor Gurov
08:00 PM Revision fad7873b: Unmount var and tmp ZFS on boot. Fixes #11617
(cherry picked from commit edff0a3cf010e5c251c4b1c8930b2d302de5a36f) Viktor Gurov
08:00 PM Revision b4843c48: XMLRPC no section fix. Issue #11638
(cherry picked from commit a35da2ea9157d1a032521a22e0b3eaeda1b35c32) Viktor Gurov
07:59 PM Revision 55965086: Correct source IP for IPsec on 6RD/6to4 interfaces. Fixes #11643
(cherry picked from commit f6f121a28b4be1457535a5120e978544e55330c3) Viktor Gurov
07:59 PM Revision d834e893: IPsec IKEv1 mixed Phase 2 IP protocols support. Issue #11643
(cherry picked from commit 81949bee72813bbd8b57b75563cd40b9cdaf68e0) Viktor Gurov
06:48 PM Bug #11091: Interfaces set as disabled in the configuration have an UP status in the operating system at boot

After reboot the interface is not UP in ipconfig
[2.5.1-RC][admin@pfSense.home.arpa]/root: ifconfig em2
em... Alhusein Zawi
05:59 PM Bug #11407 (Resolved): Removing a WireGuard tunnel in a middle position can break Add button behavior
fixed.
Adding/removing WireGuard tunnels have been done without any issue.
2.5.1-RC (amd64)
built on Thu Mar 1... Alhusein Zawi
03:30 PM Regression #11555: IPsec peer ID of "Any" does not generate a proper remote definition or related secrets
To reproduce the problem, restore the attached IPsec config section to a system without IPsec. Edit/save/apply on the... Jim Pingle
03:25 PM Regression #11442: Distinguished Name (FQDN) IPsec peer identifier type is not formatted properly in ``swanctl.conf`` secrets
To reproduce the problem, restore the attached IPsec config section to a system without IPsec. Edit/save/apply on the... Jim Pingle
03:19 PM Bug #11488: IPsec tunnel definitions have ``pools =`` entry in ``swanctl.conf`` with no value
To reproduce the problem, restore the "IPsec config section":https://redmine.pfsense.org/attachments/3503/ipsec-confi... Jim Pingle
03:17 PM Regression #11486: Connect and disconnect buttons on the IPsec status page do not work for all tunnels
To reproduce the problem, restore the "IPsec config section":https://redmine.pfsense.org/attachments/3503/ipsec-confi... Jim Pingle
03:15 PM Regression #11435: IPsec status incorrect for entries using expanded IKE connection numbers
To reproduce the problem, restore the "IPsec config section":https://redmine.pfsense.org/attachments/3503/ipsec-confi... Jim Pingle
03:09 PM Regression #11487: IPsec tunnels using expanded IKE connection numbers do not have proper child SA names in ``swanctl.conf``
To reproduce the problem, restore the attached IPsec config section to a system without IPsec. Edit/save/apply on the... Jim Pingle
02:32 PM pfSense Plus Bug #11630: WireGuard MultiWAN Not Failing Back to Tier 1
Christian,
Nope! I explored that line of thought as well. I did have it set up at one point, but then I removed i... James Blanton
07:57 AM pfSense Plus Bug #11630: WireGuard MultiWAN Not Failing Back to Tier 1
If anybody from Netgate would like to jump into a Zoom meeting so that they can observe this edge case, just reach ou... Christian McDonald
07:38 AM pfSense Plus Bug #11630: WireGuard MultiWAN Not Failing Back to Tier 1
Christian,
What I've found is that unless you do something to interfere with WireGuard, such as disabling and re-e... James Blanton
07:23 AM pfSense Plus Bug #11630: WireGuard MultiWAN Not Failing Back to Tier 1
I'm seeing this on 2.5.0 as well. I have a failover group set as default gateway IPv4. WAN1 dropped out and WG starte... Christian McDonald
02:20 PM pfSense Plus Feature #10804 (Feedback): Interface Status page information for switch uplinks may be replaced by switch port data when media state monitoring is set
Cherry-picked to RELENG_2_5_1 Renato Botelho
02:18 PM Regression #11633: DHCP6 interfaces are reconfigured multiple times at boot when more than one interface is set to Track
Cherry-picked to RELENG_2_5_1 Renato Botelho
02:00 PM Regression #11633: DHCP6 interfaces are reconfigured multiple times at boot when more than one interface is set to Track
Cherry-picked to RELENG_2_5_1 Renato Botelho
02:07 PM Bug #11428: CPU details are incorrect in the System Information widget after resetting log files
Cherry-picked to RELENG_2_5_1 Renato Botelho
02:07 PM Bug #11104: OpenVPN does not start with several authentication sources selected
Cherry-picked to RELENG_2_5_1 Renato Botelho
02:06 PM pfSense Packages Bug #11465: Input validation does not prevent multiple conflicting WireGuard peers on a single tunnel from attempting to act as default route
Cherry-picked to RELENG_2_5_1 Renato Botelho
02:05 PM pfSense Plus Bug #11466: PHP exits with signal 11 on SG-3100 when calling PCRE functions
Likely related #11605 and #11551 Marcos M
01:26 PM pfSense Plus Bug #11466: PHP exits with signal 11 on SG-3100 when calling PCRE functions
Updating bug report to focus on PHP issue, given that the snort sig 10 issue is unlikely related, and this seems to a... Marcos M
02:04 PM Regression #11475: Route tables with many entries can lead to PHP errors and timeouts when looking up routes
Cherry-picked to RELENG_2_5_1 Renato Botelho
02:03 PM Regression #11537: IPsec VTI tunnel between IPv6 peers may not configure correctly
Cherry-picked to RELENG_2_5_1 Renato Botelho
02:02 PM Bug #11578: Error when removing automatic DNS server route
Cherry-picked to RELENG_2_5_1 Renato Botelho
02:02 PM Regression #11594: IPv6 routes with a prefix length of 128 result in an invalid route table entry
Cherry-picked to RELENG_2_5_1 Renato Botelho
02:01 PM Revision 41e0d95f: Refine help/error text for system domain. Fixes #11658
Jim Pingle
02:01 PM Bug #11600: WireGuard interfaces should have MSS clamping enabled by default
Cherry-picked to RELENG_2_5_1 Renato Botelho
02:01 PM Bug #11617: Unexpected Operator error on console at boot with ZFS and RAM Disks
Cherry-picked to RELENG_2_5_1 Renato Botelho
02:00 PM Bug #11638: PHP error in logs from XMLRPC if no sections are selected to sync
Cherry-picked to RELENG_2_5_1 Renato Botelho
01:59 PM Bug #11643: IPsec tunnel does not function when configured on a 6RD interface
Cherry-picked to RELENG_2_5_1 Renato Botelho
01:58 PM pfSense Packages Bug #11605: Suricata can trigger PHP crash on SG-3100
Tested on [21.02.2 built on Thu Mar 11 09:10:56 EST 2021] with Suriata 4.1.9_5 on a fresh install.
# Enable ETOpen r... Marcos M
01:49 PM Bug #7721: NTPd stops using external peers if listening on one interface only in a muliwan setup
I've got this exact issue on 20.02-p1.
NTP is stuck in INIT if one or more interfaces are selected, in a dual wan en... Andrew Stuart
01:35 PM Regression #11568 (Resolved): Alias name change is not reflected in firewall rules
new alias name appears after changing the name.
targets are displayed
tested on IP & IP aliases.
2.5.1-RC ... Alhusein Zawi
01:12 PM pfSense Plus Regression #11504: CA and certificate validity end dates after 2038 are not handled properly on 32-bit ARM
Confirmed working on 21.02.2 Marcos M
10:40 AM pfSense Plus Regression #11504: CA and certificate validity end dates after 2038 are not handled properly on 32-bit ARM
Tested on 21.02p1 and it showed as invalid. After updating to latest dev build image (Mar 10), the cert no longer sho... Marcos M
10:55 AM Bug #11448: Incorrect order of ``route-nopull`` option in OpenVPN client-specific override configuration
This can be prevented by implementing https://redmine.pfsense.org/issues/10347 Pippin MMD
09:45 AM pfSense Packages Bug #10983: pfBlockerNG not cleaning everything behind it
Just stumbled upon this error message from dhcpd, took a while to figure out I had a virtual IP set on that IP that I... Bug Reporter
08:10 AM Bug #11658 (Feedback): Ambiguous text in help and input validation error for system domain name
Applied in changeset commit:41e0d95f274acbfe20064adfa224b8a1df334b4c. Jim Pingle
07:44 AM Feature #11660 (Rejected): no routing group in DNS Server Settings
The gateway option is on the page but only appears when the system has more than one available gateway of either IPv4... Jim Pingle
02:17 AM pfSense Packages Regression #11634: bind hangs when pfsense is reconnecting as an openvpn client to a TUN openvpn server
The problem seems worse than I thought : as soon as you restart an openvpn service, even as a server, or as soon as a... Stéphane BARBARAY

03/10/2021

08:15 PM Revision 81949bee: IPsec IKEv1 mixed Phase 2 IP protocols support. Issue #11643
Viktor Gurov
08:14 PM Revision 29b2cdb4: WireGuard default route Allowed IPs validation. Issue #11465
Viktor Gurov
07:18 PM Feature #11660 (Rejected): no routing group in DNS Server Settings
As of today, there isn't a way to choose a Gateway Group in DNS settings under General Setup, when you have a multiWA... Kristian Krautwald
07:15 PM Revision d7247886: Display negotiated cipher on Status / OpenVPN page. Implements #7077
(cherry picked from commit f5736d9827cf1997b648481c50993d69e3caedff) Viktor Gurov
07:14 PM Revision b0f77980: Down disabled interfaces on boot. Fixes #11091
(cherry picked from commit 9115501d6ab5197d9caf499e90779c020d711dca) Viktor Gurov
07:14 PM Revision e97c1e4a: RADVD set AdvRDNSSLifetime. Fixes #11105
(cherry picked from commit 54b3109f0b1978e22866117b6d93715eb8d78c29) Viktor Gurov
07:14 PM Revision 2c4ce8b1: Hide Shared Key field on OpenVPN client page in SSL/TLS mode. Fixes #11382
(cherry picked from commit f22b21557e6a745dbb447ea488b97424e595efd7) Viktor Gurov
07:13 PM Revision a16b4d53: Unbound ip6.arpa local-zone type. Fixes #11403
(cherry picked from commit 8673ae11ac96fbd2934133268d56829d6225b1c5) Viktor Gurov
07:13 PM Revision d49dd060: Set correct TCP MSS for IPv6. Fixes #11409
(cherry picked from commit 1d378c4ec6c440dabffba41bf5e4ef291acb9aa2) Viktor Gurov
07:12 PM Revision 36ef00b5: WireGuard interface friendly description. Fixes #11437
(cherry picked from commit 4fef1c109de562f9f97d7c04d4cf8f0f041811e0) Viktor Gurov
07:12 PM Revision 9d9cd873: System Information widget fix. Issue #11443
(cherry picked from commit 19866d78540d498f23b750ab02379b3c06333d96) Viktor Gurov
07:11 PM Revision b19bb324: IPsec Mobile EAP-RADIUS additional configuration fix. Issue #11447
(cherry picked from commit c03a2049b11304f592d0de78aa4bfb568e9a13ae) Viktor Gurov
07:10 PM Revision 97af9f20: Put OpenVPN route-nopull option after custom options. Fixes #11448
(cherry picked from commit 969574b6dbb124e98595ca537c0d176d908707d0) Viktor Gurov
07:09 PM Revision 523f931b: Use set_curlproxy() function for cURL proxy configuration. Issue #11476
(cherry picked from commit 8b424bca02372246210fba3cf36045a704c11ae3) Viktor Gurov
07:09 PM Revision 1fa63e8d: Fixed #11464 by adding proxy configuration to web service calls
(cherry picked from commit 2cb3c56db2366c9cadb04757bd3143ea0d7e7378) Steve Beaver
07:06 PM Revision b656061a: Fix openssl digest algorithm param in openvpn.inc
At least in OpenSSL 1.1.1i-freebsd, used by pfsense 2.5, there is no longer a "list-message-digest-algorithms" parame... mschiegl
07:06 PM Revision 82690894: Set correct DHCP failover peer IP on XMLRPC sync. Fixes #11519
(cherry picked from commit 490b5b480f1b46a6f93e0ba99fff578a61f3293c) Viktor Gurov
07:05 PM Revision 85799d56: Restart unbound on interface recover. Fixes #11547
(cherry picked from commit a1fe814421904ca00b6a04431d62ba18dcebf607) Viktor Gurov
07:04 PM Revision c68bc678: OpenVPN ncp_enable checkbox fix. Issue #11554
(cherry picked from commit f725132eac3d6dbada8b7bc48effdf768fccb341) Viktor Gurov
07:04 PM Revision f1864df6: IPsec peer ID Any fix. Issue #11555
(cherry picked from commit 4a51b9cd8fd58b26c5c30784b0736cc5757e86fc) Viktor Gurov
07:02 PM Revision 5b638980: OpenVPN data-ciphers option length validation. Issue #11559
(cherry picked from commit 44baf5a77b618f2c67587029c87b03887e2f35e9) Viktor Gurov
07:02 PM Revision 6cba83ab: Cisco AVPair parse {clientip}. Fixes #11561
(cherry picked from commit f4d883dadee6e339997b29f5b4623a88b190b840) Viktor Gurov
07:01 PM Revision 0b1fe66b: Show changed NAT timeouts on the system_advanced_firewall page. Issue #11565
(cherry picked from commit 95e599a115669cf336971bbf3720f4843d52107a) Viktor Gurov
07:01 PM Revision 3dc01871: Fixed bug parsing netmask cisco acl
(cherry picked from commit 321fbbdb5bffe5d331aea5330241d42b0ab8d250) Dmitry Bashkarev
07:00 PM Revision d76f5796: Use correct parameters when adding WG IPv6 tunnel addr. Fixes #11618
(cherry picked from commit 8579d26bfb0dea0386c61008ade222c0ea29aa98) Jim Pingle
06:59 PM Revision 15f2424f: Typo fix. Issue #11624
(cherry picked from commit 779daee9695bb5a2b3cde262da4619c29a8473a2) Danilo Zrenjanin
06:58 PM Revision 6140f34e: Correct rsort_log_filename() behavior. Fixes #11639
(cherry picked from commit b9c1679dae94fb2d406cfc386f667eed2378b6d2) Jim Pingle
06:57 PM Revision 644a5333: Fix handling of renewing cert w/o SAN. Fixes #11652
(cherry picked from commit 09d3fe621a56292817a85a54916e8b99e2b26c00) Jim Pingle
06:56 PM Revision ac135c6a: Reverse x509 escape cert subjects on renewal page. Fixes #11654
(cherry picked from commit a473d89738b03bf336d4d2591821062759b30dbe) Jim Pingle
06:16 PM Feature #11659 (Closed): Support for UEFI HTTP Boot option in DHCPv4 Server
PXE had an epic run, but it's deprecation has been planned by major silicon vendors and UEFI HTTPS boot is the replac... Ben Breard
06:15 PM Revision 30064732: OpenVPN auth sources strlen validation. Issue #11104
Viktor Gurov
06:13 PM Revision f3fd77ee: Do not clean dmesg.boot on Reset Log Files. Fixes #11428
Viktor Gurov
06:11 PM Revision 07b780c8: route_del() optimization. Issue #11475
Viktor Gurov
06:08 PM Revision 9b39f8de: Move interfaces_ipsec_vti_configure() to the end of interfaces_configure(). Issue #11537
Viktor Gurov
06:07 PM Revision 11338b87: Fix removing automatic DNS server route. Issue #11578
Viktor Gurov
06:05 PM Revision d9818e01: Static IPv6 /128 routes fix. Issue #11594
Viktor Gurov
06:04 PM Revision 6efc02a1: WireGuard default TCP MSS clampling. Issue #11600
Viktor Gurov
06:03 PM Revision edff0a3c: Unmount var and tmp ZFS on boot. Fixes #11617
Viktor Gurov
06:01 PM Revision 1a618961: DHCP6 interfaces bootup fix. Issue #11633
Viktor Gurov
05:58 PM Revision a35da2ea: XMLRPC no section fix. Issue #11638
Viktor Gurov
05:56 PM Revision f6f121a2: Correct source IP for IPsec on 6RD/6to4 interfaces. Fixes #11643
Viktor Gurov
05:20 PM Bug #11658 (Resolved): Ambiguous text in help and input validation error for system domain name
I'm really sorry if this is the wrong place to put this.
Setting up my first pfsense netgate box and going through... andy suarez
05:05 PM Revision a473d897: Reverse x509 escape cert subjects on renewal page. Fixes #11654
Jim Pingle
05:05 PM Revision 09d3fe62: Fix handling of renewing cert w/o SAN. Fixes #11652
Jim Pingle
04:30 PM Bug #11657 (New): netmap_ring_reinit error
These errors had appeared in the past and were solved. After upgrading to v2.5.0, they have reappeared. I receive... P L
03:48 PM Regression #11447: EAP-RADIUS Mobile IPsec clients with RADIUS-assigned addresses do not get additional configuration attributes
To test:
* Setup mobile IPsec using IKEv2 and EAP-RADIUS against a RADIUS server
* Leave the Virtual Address Pool... Jim Pingle
01:11 PM Regression #11447 (Feedback): EAP-RADIUS Mobile IPsec clients with RADIUS-assigned addresses do not get additional configuration attributes
Cherry-picked to RELENG_2_5_1 Renato Botelho
03:12 PM Revision 8579d26b: Use correct parameters when adding WG IPv6 tunnel addr. Fixes #11618
Jim Pingle
03:05 PM Bug #11428: CPU details are incorrect in the System Information widget after resetting log files
To test:
On a system without the fix:
* Check System Information Widget on the Dashboard for "AES-NI CPU Crypto... Jim Pingle
12:20 PM Bug #11428 (Feedback): CPU details are incorrect in the System Information widget after resetting log files
Applied in changeset commit:f3fd77ee3cbb6e547b6154d13eab5019f36025d6. Viktor Gurov
12:14 PM Bug #11428 (Waiting on Merge): CPU details are incorrect in the System Information widget after resetting log files
PR has been merged. Thanks! Renato Botelho
02:50 PM Bug #11514: Renewing a self-signed CA or certificate does not update the serial number
To test, on 2.5.0 or 21.02-p1:
* Generate a fresh self-signed GUI cert at an SSH or console shell prompt: @pfSsh.p... Jim Pingle
12:49 PM Bug #11514 (Feedback): Renewing a self-signed CA or certificate does not update the serial number
Needed to be tested on 2.5.1-RC Renato Botelho
02:37 PM pfSense Plus Regression #11504: CA and certificate validity end dates after 2038 are not handled properly on 32-bit ARM
Needs re-tested on snapshots.
If needed, I have a user-supplied certificate which can replicate the problem and ca... Jim Pingle
02:31 PM Regression #11568 (Feedback): Alias name change is not reflected in firewall rules
Needs re-tested on snapshots. Jim Pingle
02:29 PM Bug #11489 (Feedback): Invalid certificate data can cause a PHP error
Needs testing on snapshots.
To test, add an obviously broken/unparseable cert to the config:... Jim Pingle
02:22 PM Bug #11474 (Feedback): Broken help link on IPsec Advanced Settings tab
Needs tested again on snapshots.
Simple to test, load vpn_ipsec_settings.php click the ? icon in the breadcrumb ba... Jim Pingle
02:21 PM Revision 004cd054: Make repository description more generic
Renato Botelho
02:15 PM Bug #11651 (Feedback): Error when adding both IPv4 and IPv6 P2 under an IPv4 or IPv6 only IKEv1 P1
PR has been merged. Thanks! Renato Botelho
08:49 AM Bug #11651: Error when adding both IPv4 and IPv6 P2 under an IPv4 or IPv6 only IKEv1 P1
After the PR is merged this whole docs page can go away: https://docs.netgate.com/pfsense/en/latest/vpn/ipsec/ipv6.ht... Jim Pingle
08:47 AM Bug #11651 (Pull Request Review): Error when adding both IPv4 and IPv6 P2 under an IPv4 or IPv6 only IKEv1 P1
Jim Pingle
08:42 AM Bug #11651: Error when adding both IPv4 and IPv6 P2 under an IPv4 or IPv6 only IKEv1 P1
fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/182 Viktor Gurov
08:41 AM Bug #11651 (Closed): Error when adding both IPv4 and IPv6 P2 under an IPv4 or IPv6 only IKEv1 P1
GUI complains when adding both IPv4 and IPv6 P2 under a IPv4 or IPv6 only IKEv1 P1 (There is a Phase 2 using IPv6, ca... Viktor Gurov
02:14 PM pfSense Packages Bug #11465 (Feedback): Input validation does not prevent multiple conflicting WireGuard peers on a single tunnel from attempting to act as default route
PR has been merged. Thanks! Renato Botelho
12:59 PM pfSense Packages Bug #11465: Input validation does not prevent multiple conflicting WireGuard peers on a single tunnel from attempting to act as default route
When testing, attempt these configurations in order without removing anything unless noted otherwise:
* Create a t... Jim Pingle
01:41 PM Revision 62a1cbc3: Keep using FreeBSD-src branch RELENG_2_5_0
Renato Botelho
01:22 PM Bug #11602 (Feedback): Delayed packet transmission in cxgbe driver can lead to latency and reduced performance
Fixes cherry-picked to 2.5.1 / 21.02.2 repositories Renato Botelho
01:16 PM Revision 73a1434a: Welcome pfSense CE 2.5.1-RELEASE
Renato Botelho
01:15 PM Feature #7077 (Feedback): Display negotiated data encryption algorithm in OpenVPN connection status
Cherry-picked to RELENG_2_5_1 Renato Botelho
01:15 PM Bug #11091 (Feedback): Interfaces set as disabled in the configuration have an UP status in the operating system at boot
Cherry-picked to RELENG_2_5_1 Renato Botelho
01:14 PM Bug #11105 (Feedback): IPv6 RA RDNSS lifetime is too short, not compliant with RFC 8106
Cherry-picked to RELENG_2_5_1 Renato Botelho
01:14 PM Bug #11382 (Feedback): OpenVPN client configuration page displays Shared Key option when set for SSL/TLS
Cherry-picked to RELENG_2_5_1 Renato Botelho
01:13 PM Bug #11403 (Feedback): DNS Resolver does not add a ``local-zone`` type for ``ip6.arpa`` domain override
Cherry-picked to RELENG_2_5_1 Renato Botelho
01:13 PM Bug #11409 (Feedback): IPv4 MSS value is incorrectly applied to IPv6 packets
Cherry-picked to RELENG_2_5_1 Renato Botelho
01:12 PM Bug #11437 (Feedback): WireGuard group is not printed in the interface column of the NAT rule list
Cherry-picked to RELENG_2_5_1 Renato Botelho
01:12 PM Regression #11443 (Feedback): Disabling 'State Table Size' in the System Information widget prevents other data from being displayed
Cherry-picked to RELENG_2_5_1 Renato Botelho
01:11 PM Bug #11448 (Feedback): Incorrect order of ``route-nopull`` option in OpenVPN client-specific override configuration
Cherry-picked to RELENG_2_5_1 Renato Botelho
01:10 PM Bug #11464 (Feedback): Requests to ``ews.netgate.com`` do not honor proxy configuration
Cherry-picked to RELENG_2_5_1 Renato Botelho
01:10 PM Bug #11476 (Feedback): Telegram and Pushover notification API calls do not respect proxy configuration
Cherry-picked to RELENG_2_5_1 Renato Botelho
01:08 PM Bug #11483 (Feedback): Installer does not add required module to loader.conf when using ZFS
Cherry-picked to FreeBSD-src RELENG_2_5_0 Renato Botelho
01:06 PM Regression #11500 (Feedback): OpenVPN using the wrong OpenSSL command to list digest algorithms
Cherry-picked to RELENG_2_5_1 Renato Botelho
01:06 PM Regression #11519 (Feedback): Incorrect DHCP failover IP address configured on peer after XMLRPC sync
Cherry-picked to RELENG_2_5_1 Renato Botelho
01:05 PM Bug #11547 (Feedback): DNS Resolver does not bind to an interface when it recovers from a down state
Cherry-picked to RELENG_2_5_1 Renato Botelho
01:04 PM Bug #11554 (Feedback): Selected Data Encryption Algorithms list items reset when an input validation error occurs
Cherry-picked to RELENG_2_5_1 Renato Botelho
01:04 PM Regression #11555 (Feedback): IPsec peer ID of "Any" does not generate a proper remote definition or related secrets
Cherry-picked to RELENG_2_5_1 Renato Botelho
01:03 PM Bug #11559 (Feedback): OpenVPN does not start with a long list of Data Encryption Algorithms
Cherry-picked to RELENG_2_5_1 Renato Botelho
01:02 PM Regression #11561 (Feedback): ACLs generated from RADIUS reply attributes do not parse ``{clientip}`` macro
Cherry-picked to RELENG_2_5_1 Renato Botelho
01:01 PM Regression #11565 (Feedback): Saved state timeout values not loaded into GUI fields on system_advanced_firewall.php
Cherry-picked to RELENG_2_5_1 Renato Botelho
01:01 PM Bug #11569 (Feedback): ACLs generated from RADIUS reply attributes have incorrect syntax
Cherry-picked to RELENG_2_5_1 Renato Botelho
01:00 PM pfSense Packages Bug #11618 (Feedback): WireGuard using incorrect IPv6 tunnel address prefix length
Cherry-picked to RELENG_2_5_1 Renato Botelho
09:21 AM pfSense Packages Bug #11618 (Waiting on Merge): WireGuard using incorrect IPv6 tunnel address prefix length
Jim Pingle
09:20 AM pfSense Packages Bug #11618 (Feedback): WireGuard using incorrect IPv6 tunnel address prefix length
Applied in changeset commit:8579d26bfb0dea0386c61008ade222c0ea29aa98. Jim Pingle
09:16 AM pfSense Packages Bug #11618: WireGuard using incorrect IPv6 tunnel address prefix length
That's easy enough to reproduce and check:
* Set WG instance tunnel address to include @2001:db8:1:ee71::1/64@ and... Jim Pingle
12:59 PM Bug #11624 (Feedback): Typo on Router Advertisements page
Cherry-picked to RELENG_2_5_1 Renato Botelho
12:58 PM Bug #11639 (Feedback): Entries from rotated log files may be displayed out of order when log display includes contents from multiple files
Cherry-picked to RELENG_2_5_1 Renato Botelho
12:57 PM Bug #11652 (Feedback): Unable to renew a certificate without a SAN
Cherry-picked to RELENG_2_5_1 Renato Botelho
11:18 AM Bug #11652 (Waiting on Merge): Unable to renew a certificate without a SAN
Small fix and very likely to be hit in the wild (See https://forum.netgate.com/post/971557 for one example), so good ... Jim Pingle
11:15 AM Bug #11652 (Feedback): Unable to renew a certificate without a SAN
Applied in changeset commit:09d3fe621a56292817a85a54916e8b99e2b26c00. Jim Pingle
11:00 AM Bug #11652: Unable to renew a certificate without a SAN
Narrowed it down further. The real problem is that a certificate without a SAN cannot be renewed.
Certificates wit... Jim Pingle
10:51 AM Bug #11652: Unable to renew a certificate without a SAN
This isn't exclusive to space, it also affects other characters which must be escaped for x509 such as "+". Jim Pingle
09:41 AM Bug #11652 (Resolved): Unable to renew a certificate without a SAN
If a certificate entry has a CN which contains a space, attempting to renew the certificate will result in an error:
... Jim Pingle
12:57 PM Bug #11654 (Feedback): Certificates with escaped x509 characters display the escaped version when renewing
Cherry-picked to RELENG_2_5_1 Renato Botelho
11:19 AM Bug #11654 (Waiting on Merge): Certificates with escaped x509 characters display the escaped version when renewing
Cosmetic only, safe, and easily tested/verified.
 Jim Pingle
11:15 AM Bug #11654 (Feedback): Certificates with escaped x509 characters display the escaped version when renewing
Applied in changeset commit:a473d89738b03bf336d4d2591821062759b30dbe. Jim Pingle
11:04 AM Bug #11654 (Resolved): Certificates with escaped x509 characters display the escaped version when renewing
The certificate renewal page is displaying the x509 escaped version of certificate values when it should be removing ... Jim Pingle
12:30 PM Bug #11638 (Feedback): PHP error in logs from XMLRPC if no sections are selected to sync
Renato Botelho
12:00 PM Bug #11638 (Waiting on Merge): PHP error in logs from XMLRPC if no sections are selected to sync
PR has been merged. Thanks! Renato Botelho
12:30 PM Regression #11633 (Feedback): DHCP6 interfaces are reconfigured multiple times at boot when more than one interface is set to Track
Renato Botelho
12:01 PM Regression #11633 (Waiting on Merge): DHCP6 interfaces are reconfigured multiple times at boot when more than one interface is set to Track
PR has been merged. Thanks! Renato Botelho
12:29 PM Bug #11600 (Feedback): WireGuard interfaces should have MSS clamping enabled by default
Renato Botelho
12:05 PM Bug #11600 (Waiting on Merge): WireGuard interfaces should have MSS clamping enabled by default
PR has been merged. Thanks! Renato Botelho
12:29 PM Regression #11594 (Feedback): IPv6 routes with a prefix length of 128 result in an invalid route table entry
Renato Botelho
12:06 PM Regression #11594 (Waiting on Merge): IPv6 routes with a prefix length of 128 result in an invalid route table entry
PR has been merged. Thanks! Renato Botelho
12:29 PM Bug #11578 (Feedback): Error when removing automatic DNS server route
Renato Botelho
12:07 PM Bug #11578 (Waiting on Merge): Error when removing automatic DNS server route
PR has been merged. Thanks! Renato Botelho
12:29 PM Regression #11537 (Feedback): IPsec VTI tunnel between IPv6 peers may not configure correctly
Renato Botelho
12:09 PM Regression #11537 (Waiting on Merge): IPsec VTI tunnel between IPv6 peers may not configure correctly
PR has been merged. Thanks! Renato Botelho
12:29 PM Regression #11475 (Feedback): Route tables with many entries can lead to PHP errors and timeouts when looking up routes
Renato Botelho
12:11 PM Regression #11475 (Waiting on Merge): Route tables with many entries can lead to PHP errors and timeouts when looking up routes
PR has been merged. Thanks! Renato Botelho
12:28 PM Bug #11104 (Feedback): OpenVPN does not start with several authentication sources selected
Renato Botelho
12:16 PM Bug #11104 (Waiting on Merge): OpenVPN does not start with several authentication sources selected
PR has been merged. Thanks! Renato Botelho
12:10 PM Bug #11617 (Feedback): Unexpected Operator error on console at boot with ZFS and RAM Disks
Applied in changeset commit:edff0a3cf010e5c251c4b1c8930b2d302de5a36f. Viktor Gurov
12:03 PM Bug #11617 (Waiting on Merge): Unexpected Operator error on console at boot with ZFS and RAM Disks
PR has been merged. Thanks! Renato Botelho
11:24 AM Bug #11617 (Pull Request Review): Unexpected Operator error on console at boot with ZFS and RAM Disks
Jim Pingle
10:21 AM Bug #11617: Unexpected Operator error on console at boot with ZFS and RAM Disks
fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/183 Viktor Gurov
12:05 PM Bug #11643 (Feedback): IPsec tunnel does not function when configured on a 6RD interface
Applied in changeset commit:f6f121a28b4be1457535a5120e978544e55330c3. Viktor Gurov
11:57 AM Bug #11643 (Waiting on Merge): IPsec tunnel does not function when configured on a 6RD interface
PR 181 was merged. Thanks!
Please open a separate redmine ticket to cover proposed changes on PR 182 Renato Botelho
08:46 AM Bug #11643: IPsec tunnel does not function when configured on a 6RD interface
That is our private/internal git, so it's expected. Jim Pingle
08:12 AM Bug #11643: IPsec tunnel does not function when configured on a 6RD interface
Viktor Gurov wrote:
> https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/182
gitlab.netgate.com resolves... Sietse van Zanen
07:58 AM Bug #11643 (Pull Request Review): IPsec tunnel does not function when configured on a 6RD interface
The first PR for the main issue is OK, the other part about mixing IPv4/IPv6 on IKEv1 needs its own separate Redmine ... Jim Pingle
04:57 AM Bug #11643: IPsec tunnel does not function when configured on a 6RD interface
Sietse van Zanen wrote:
> Another minor issue is that the GUI complains when adding both IPv4 and IPv6 P2 under a IP... Viktor Gurov
04:09 AM Bug #11643: IPsec tunnel does not function when configured on a 6RD interface
Sietse van Zanen wrote:
> pfSense does not generate a correct swanctl.conf when adding IPv6 or dual stack tunnels ov... Viktor Gurov
02:53 AM Bug #11643 (Closed): IPsec tunnel does not function when configured on a 6RD interface
pfSense does not generate a correct swanctl.conf when adding IPv6 or dual stack tunnels over a 6RD interface. The IPv... Sietse van Zanen
11:33 AM pfSense Docs Todo #11655: Feedback on Packages
s/stiff/still/ ahem. Chris Linstruth
11:33 AM pfSense Docs Todo #11655 (Closed): Feedback on Packages
*Page:* https://docs.netgate.com/pfsense/en/latest/packages/index.html
*Feedback:*
Receiving negative forum fee... Chris Linstruth
11:08 AM Bug #11653: Duplicate ``comconsole_port`` lines in ``/boot/loader.conf``
fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/184 Viktor Gurov
10:51 AM Bug #11653 (Resolved): Duplicate ``comconsole_port`` lines in ``/boot/loader.conf``
In my loader.conf file there are several identical lines with
comconsole_port ="0x2F8"
and after each reboot a... Guido Glaus
09:11 AM pfSense Packages Bug #11640: Ntopng configuration and data loss when shutting down Redis
Jim Pingle wrote:
> There is also https://github.com/pfsense/FreeBSD-ports/pull/1053 for this -- not sure which way ... Viktor Gurov
08:14 AM pfSense Packages Bug #11640: Ntopng configuration and data loss when shutting down Redis
There is also https://github.com/pfsense/FreeBSD-ports/pull/1053 for this -- not sure which way is better in the end. Jim Pingle
07:28 AM pfSense Packages Bug #11640 (Pull Request Review): Ntopng configuration and data loss when shutting down Redis
Jim Pingle
06:10 AM pfSense Packages Bug #11640: Ntopng configuration and data loss when shutting down Redis
fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/70 Viktor Gurov
09:01 AM Bug #11642: IPSEC mode-cfg exchange refused because of invalid INTERNAL_IP4_NETMASK
Jim Pingle wrote:
> Yeah that seems like the same thing to me. Though it's redundant to send clients a network list ... Sietse van Zanen
07:47 AM Bug #11642 (Duplicate): IPSEC mode-cfg exchange refused because of invalid INTERNAL_IP4_NETMASK
Yeah that seems like the same thing to me. Though it's redundant to send clients a network list if that network list ... Jim Pingle
05:02 AM Bug #11642: IPSEC mode-cfg exchange refused because of invalid INTERNAL_IP4_NETMASK
#11539 seems related Viktor Gurov
02:41 AM Bug #11642 (Duplicate): IPSEC mode-cfg exchange refused because of invalid INTERNAL_IP4_NETMASK
Some clients, Forticlient is one, will reject the mode-cfg exchange as offered by pfSense.
This is because there is ... Sietse van Zanen
08:50 AM pfSense Packages Bug #11650: FRR configuration broken on restore of manually edited FRR config sections
Jim Pingle wrote:
> Unless you can replicate this without any sections there at all (Remove them, don't leave them t... Andrew Green
08:19 AM pfSense Packages Bug #11650: FRR configuration broken on restore of manually edited FRR config sections
Unless you can replicate this without any sections there at all (Remove them, don't leave them there but empty), I'm ... Jim Pingle
06:51 AM pfSense Packages Bug #11650 (New): FRR configuration broken on restore of manually edited FRR config sections
SG-3100
21.02-RELEASE-p1 (arm)
built on Mon Feb 22 09:38:52 EST 2021
FRR package version 1.1.0_8
I could not... Andrew Green
08:24 AM Bug #11644: Unreachable LDAP server for SSH auth causes boot process to stop at 'Synchronizing user settings' and no user can login over SSH
Rare enough case, and not in our code, that it's going to be a more long-term correction, if there is anything we can... Jim Pingle
06:56 AM Bug #11644 (Confirmed): Unreachable LDAP server for SSH auth causes boot process to stop at 'Synchronizing user settings' and no user can login over SSH
auth.inc is ok,
issue in pam_ldap module
related to #8698 Viktor Gurov
03:18 AM Bug #11644 (Closed): Unreachable LDAP server for SSH auth causes boot process to stop at 'Synchronizing user settings' and no user can login over SSH
When the configured LDAP server is unreachable pfSense will get stuck on 'synchronizing user settings' indefinitely d... Sietse van Zanen
08:21 AM pfSense Packages Bug #11377: FRR deinstall
That would likely cause more harm in the long run, very few people would ever need to completely purge the configurat... Jim Pingle
06:54 AM pfSense Packages Bug #11377: FRR deinstall
Jim Pingle wrote:
> Removing the leftover files is fine but I don't think this package needs the ability to reset/wi... Andrew Green
08:12 AM pfSense Plus Bug #11626: Google LDAP connections fail due to lack of SNI for TLS 1.3
Not that I like the idea of downgrading to a lower TLS version but I wonder if it would work if we forced off TLS 1.3... Jim Pingle
05:45 AM pfSense Plus Bug #11626: Google LDAP connections fail due to lack of SNI for TLS 1.3
Using the STunnel package as a workaround helps:
https://docs.netgate.com/pfsense/en/latest/recipes/auth-google-gsui... Viktor Gurov
08:01 AM Regression #11316: Unbound crashes with signal 11 when reloading
Christian Borchert wrote:
> Here's the logs from a second signal 11 crash a few hours later
>
> @Mar 10 03:44:09 ... Jim Pingle
05:08 AM Regression #11316: Unbound crashes with signal 11 when reloading
Here's the logs from a second signal 11 crash a few hours later
@Mar 10 03:44:09 router kernel: pid 87756 (unbound... Christian Borchert
07:42 AM pfSense Packages Bug #11620 (Resolved): OSPF Route Redistribution shows numbers instead of route map names
Jim Pingle
01:41 AM pfSense Packages Bug #11620: OSPF Route Redistribution shows numbers instead of route map names
Tested on the latest release. It looks good now. Ticket resolved. Danilo Zrenjanin
07:26 AM Feature #2358: NAT64 support
Even that is unlikely, it's just an estimate -- it's a major change that needs significant review and testing, and ul... Jim Pingle
07:13 AM pfSense Packages Bug #11185 (Feedback): Redis service stopping before NtopNg
merged to 2.5/Plus branch:
https://github.com/pfsense/FreeBSD-ports/commit/892ed4669268ee7392eb3132a5c4179126e8f6dc#... Viktor Gurov
06:32 AM pfSense Docs Correction #11649 (Resolved): Feedback on System Monitoring — Routing Logs
*Page:* https://docs.netgate.com/pfsense/en/latest/monitoring/logs/routing.html
*Feedback:*
This log contains e... Viktor Gurov
06:30 AM pfSense Docs Todo #11648 (Closed): Feedback on Packages — AWS VPC Wizard — pfSense Plus Configuration Details
*Page:* https://docs.netgate.com/pfsense/en/latest/packages/aws-vpc-wizard/pfsense-configuration-details.html
*Fee... Viktor Gurov
06:28 AM pfSense Docs Correction #11647 (Closed): Feedback on Virtual Private Networks — IPsec — Routed IPsec (VTI)
*Page:* https://docs.netgate.com/pfsense/en/latest/vpn/ipsec/routed-vti.html
*Feedback:*
"The assigned IPsec in... Viktor Gurov
06:25 AM pfSense Docs Todo #11646 (Closed): Feedback on Virtual Private Networks — OpenVPN — OpenVPN and Multi-WAN
*Page:* https://docs.netgate.com/pfsense/en/latest/vpn/openvpn/multi-wan.html
*Feedback:*
Replace Quagga with F... Viktor Gurov
06:24 AM pfSense Docs Todo #11645 (Closed): Feedback on pfSense Configuration Recipes — Dynamic Routing Protocol Basics
*Page:* https://docs.netgate.com/pfsense/en/latest/recipes/dynamic-routing-basics.html
*Feedback:*
- Quagga and... Viktor Gurov

03/09/2021

08:56 PM Regression #11316: Unbound crashes with signal 11 when reloading
here's a Level 5 log (attached and forum link) from a signal 11 crash on unbound (1.13.1):
https://forum.netgate.c... Christian Borchert
12:48 PM Regression #11316: Unbound crashes with signal 11 when reloading
Assuming this is the same segfault others are hitting with Unbound they are still investigating it upstream: https://... Jim Pingle
07:21 PM Revision b6aec58f: Report full product version, including -pN
(cherry picked from commit feefcc31b78c1ef99ffd9deb509b05ccdb1e61ef) Renato Botelho
07:03 PM Revision 0d8a9270: Do not build node_exporter on armv7 since lang/go14 is broken
Renato Botelho
06:42 PM Bug #11641 (New): On xn based interfaces without the VLANMTU flag the first VLAN tag defined does not follow the parent interface MTU settings. All subsequent VLAN tags follow the parent interface's MTU.
With the recent release of pfSense 2.5 and the removal of the VLANMTU flag requirement per [[https://redmine.pfsense.... Andre Baugh
06:40 PM Feature #2358: NAT64 support
2.6 now? Wow.. Might as well officially at least make a TAYGA package.. Seems to work well enough, because this will ... Brandon Jackson
06:37 PM pfSense Packages Bug #11640 (Closed): Ntopng configuration and data loss when shutting down Redis
In addition to monitoring information, ntopng stores configuration/customization performed using the ntopng GUI in th... Denny Page
06:03 PM Revision feefcc31: Report full product version, including -pN
Renato Botelho
03:26 PM Revision 2428d0a9: Revise firewall_nat_edit for MVC
Steve Beaver
03:00 PM pfSense Plus Bug #11466: PHP exits with signal 11 on SG-3100 when calling PCRE functions
Tested on:... Marcos M
12:28 PM pfSense Plus Bug #11466: PHP exits with signal 11 on SG-3100 when calling PCRE functions
Has anyone tried this on a 21.05 snapshot with PHP 7.4.16? The release notes for PHP 7.4.16 mention they fixed a segf... Jim Pingle
02:56 PM Revision b9c1679d: Correct rsort_log_filename() behavior. Fixes #11639
Jim Pingle
01:50 PM Regression #11545: Primary interface address is not always used when VIPs are present
Should at least take a stab at this to see if we can come up with a workaround for now. Jim Pingle
01:49 PM Bug #11502: WireGuard ``matchaddr failed`` kernel messages in system log
Would be nice to at least suppress this console message since it's not useful. Jim Pingle
01:48 PM pfSense Plus Regression #11436: State matching problem with reponses to packets arriving on non-default WANs
gnn is taking a look at this to see if he can track it down. Jim Pingle
01:33 PM Bug #11624 (Waiting on Merge): Typo on Router Advertisements page
Jim Pingle
01:32 PM Bug #11569 (Waiting on Merge): ACLs generated from RADIUS reply attributes have incorrect syntax
Jim Pingle
01:32 PM Regression #11565 (Waiting on Merge): Saved state timeout values not loaded into GUI fields on system_advanced_firewall.php
Jim Pingle
01:30 PM Regression #11561 (Waiting on Merge): ACLs generated from RADIUS reply attributes do not parse ``{clientip}`` macro
Jim Pingle
01:30 PM Regression #11555 (Waiting on Merge): IPsec peer ID of "Any" does not generate a proper remote definition or related secrets
Jim Pingle
01:30 PM Bug #11547 (Waiting on Merge): DNS Resolver does not bind to an interface when it recovers from a down state
Jim Pingle
01:29 PM Regression #11519 (Waiting on Merge): Incorrect DHCP failover IP address configured on peer after XMLRPC sync
Jim Pingle
01:29 PM Regression #11500 (Waiting on Merge): OpenVPN using the wrong OpenSSL command to list digest algorithms
Jim Pingle
01:28 PM Bug #11483 (Waiting on Merge): Installer does not add required module to loader.conf when using ZFS
Jim Pingle
01:28 PM Bug #11476 (Waiting on Merge): Telegram and Pushover notification API calls do not respect proxy configuration
Jim Pingle
01:27 PM Bug #11464 (Waiting on Merge): Requests to ``ews.netgate.com`` do not honor proxy configuration
Jim Pingle
01:27 PM Bug #11448 (Waiting on Merge): Incorrect order of ``route-nopull`` option in OpenVPN client-specific override configuration
Jim Pingle
01:27 PM Regression #11447 (Waiting on Merge): EAP-RADIUS Mobile IPsec clients with RADIUS-assigned addresses do not get additional configuration attributes
Jim Pingle
01:27 PM Regression #11443 (Waiting on Merge): Disabling 'State Table Size' in the System Information widget prevents other data from being displayed
Jim Pingle
01:26 PM Bug #11409 (Waiting on Merge): IPv4 MSS value is incorrectly applied to IPv6 packets
Jim Pingle
01:24 PM Bug #11403 (Waiting on Merge): DNS Resolver does not add a ``local-zone`` type for ``ip6.arpa`` domain override
Jim Pingle
01:19 PM Bug #11382 (Waiting on Merge): OpenVPN client configuration page displays Shared Key option when set for SSL/TLS
Jim Pingle
01:18 PM Bug #11105 (Waiting on Merge): IPv6 RA RDNSS lifetime is too short, not compliant with RFC 8106
Jim Pingle
01:17 PM Bug #11091 (Waiting on Merge): Interfaces set as disabled in the configuration have an UP status in the operating system at boot
Jim Pingle
01:16 PM pfSense Plus Feature #10804 (Waiting on Merge): Interface Status page information for switch uplinks may be replaced by switch port data when media state monitoring is set
Jim Pingle
01:14 PM Feature #7077 (Waiting on Merge): Display negotiated data encryption algorithm in OpenVPN connection status
Jim Pingle
01:06 PM Bug #11554 (Waiting on Merge): Selected Data Encryption Algorithms list items reset when an input validation error occurs
Jim Pingle
09:48 AM Bug #11554 (Resolved): Selected Data Encryption Algorithms list items reset when an input validation error occurs
Tested on the latest release. The issue is fixed.
Ticket resolved. Danilo Zrenjanin
01:05 PM Bug #11559 (Waiting on Merge): OpenVPN does not start with a long list of Data Encryption Algorithms
Jim Pingle
10:05 AM Bug #11559 (Resolved): OpenVPN does not start with a long list of Data Encryption Algorithms
Tested on the latest release. It doesn't allow selecting too many data ciphers.
Ticket resolved. Danilo Zrenjanin
01:02 PM Revision 99cef76e: Catch up with rename of Coreboot upgrade package to Firmware
Renato Botelho
11:49 AM Bug #11188: MultiWAN setup NAT issue
Possibly related to #11436 Marcos M
10:00 AM pfSense Packages Bug #11580 (Resolved): FTP client proxy - source and destination bypass limitation
Tested on the latest release. I was able to define an alias in both Proxy Bypass: Source and Proxy Bypass: Destinati... Danilo Zrenjanin
09:12 AM Bug #11639 (Waiting on Merge): Entries from rotated log files may be displayed out of order when log display includes contents from multiple files
With the commit applied the order is correct for both uncompressed and compressed log files:... Jim Pingle
09:05 AM Bug #11639 (Feedback): Entries from rotated log files may be displayed out of order when log display includes contents from multiple files
Applied in changeset commit:b9c1679dae94fb2d406cfc386f667eed2378b6d2. Jim Pingle
08:50 AM Bug #11639 (Closed): Entries from rotated log files may be displayed out of order when log display includes contents from multiple files
The code in @rsort_log_filename()@ is making faulty assumptions about the log filenames. It is not only testing the w... Jim Pingle
08:44 AM Bug #11383: pfSense Proxy Authentication not working
Michael Samer wrote:
> Jim Pingle wrote:
> > From a much older release, yes, but not from the last public release. ... Michael Samer
06:38 AM Bug #11638 (Pull Request Review): PHP error in logs from XMLRPC if no sections are selected to sync
Jim Pingle
03:32 AM Bug #11638: PHP error in logs from XMLRPC if no sections are selected to sync
fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/180 Viktor Gurov
02:56 AM Bug #11638 (Closed): PHP error in logs from XMLRPC if no sections are selected to sync
if no sections is selected on the HA sync configuration page (used only for pkg xmlrpc sync, for example), php error ... Viktor Gurov
02:16 AM pfSense Packages Bug #11582: FreeRADIUS XML-RPC Sync doesn't sync all configuration sections
Alexis Mestag wrote:
> Viktor Gurov wrote:
> > fix:
> > https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_r... Viktor Gurov
01:54 AM pfSense Packages Bug #11582: FreeRADIUS XML-RPC Sync doesn't sync all configuration sections
Viktor Gurov wrote:
> fix:
> https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/69
If you can pro... Alexis Mestag

03/08/2021

09:02 PM pfSense Packages Bug #11637 (Resolved): Preprocs - possible to create two defaults
When creating a new server configuration, if you use the +Aliases button for the Bind-To Address and/or the Ports fie... Max Leighton
08:19 PM Revision beac9a1c: Remove obsolete vars for MVC
Steve Beaver
08:11 PM Revision ec0e144d: Revise firewall_nat.php for MVC
Steve Beaver
07:40 PM pfSense Plus Regression #11436: State matching problem with reponses to packets arriving on non-default WANs
Site to Site OpenVPN is broken for me in 2.5.0. The tunnel encryption is setup, but running openvpn at verbosity leve... Greg Hulands
09:46 AM pfSense Plus Regression #11436: State matching problem with reponses to packets arriving on non-default WANs
the last filter generating change is https://github.com/pfsense/pfsense/commit/fce8a99bffae47c965c692dbe763ae9732092f... Viktor Gurov
09:17 AM pfSense Plus Regression #11436: State matching problem with reponses to packets arriving on non-default WANs
Same issue here after upgrade to v21.02,
MultiWan wont NAT properly on both wan.
A new message to let you know this... R M
05:02 PM Feature #11395: Option to switch IPsec filtering modes to choose between ``enc`` and ``if_ipsec`` filtering
tested and working for me. Jeremy Mordkoff
01:46 PM pfSense Packages Bug #11135: HAproxy OCSP reponse crontab bug
Can this same fix be applied to the regular haproxy package as well as the -devel variant? Christopher Sutcliff
12:32 PM Bug #11636 (Pull Request Review): Unused Limiter entries with schedules create unnecessary cron jobs
Jim Pingle
11:29 AM Bug #11636: Unused Limiter entries with schedules create unnecessary cron jobs
fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/179 Viktor Gurov
10:14 AM Bug #11636 (Resolved): Unused Limiter entries with schedules create unnecessary cron jobs
If you create a Limiter with a schedule but do not apply it to any firewall rules,
it will create a cron job: "0,15,... Viktor Gurov
12:31 PM pfSense Packages Bug #11582 (Pull Request Review): FreeRADIUS XML-RPC Sync doesn't sync all configuration sections
Jim Pingle
07:23 AM pfSense Packages Bug #11582 (New): FreeRADIUS XML-RPC Sync doesn't sync all configuration sections
Alexis Mestag wrote:
> Sorry, there are still some issues, even after I successfully applied the patch, using the <c... Viktor Gurov
04:25 AM pfSense Packages Bug #11582: FreeRADIUS XML-RPC Sync doesn't sync all configuration sections
Sorry, there are still some issues, even after I successfully applied the patch, using the ... Alexis Mestag
12:30 PM pfSense Packages Bug #11627 (Pull Request Review): rc file is not deleted
Jim Pingle
03:42 AM pfSense Packages Bug #11627: rc file is not deleted
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/68 Viktor Gurov
12:30 PM pfSense Packages Bug #11628 (Pull Request Review): ftp-proxy error messages in logs
Jim Pingle
02:34 AM pfSense Packages Bug #11628: ftp-proxy error messages in logs
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/67 Viktor Gurov
12:29 PM Regression #11537 (Pull Request Review): IPsec VTI tunnel between IPv6 peers may not configure correctly
Jim Pingle
12:50 AM Regression #11537: IPsec VTI tunnel between IPv6 peers may not configure correctly
improved:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/177 Viktor Gurov
12:28 PM Regression #11633 (Pull Request Review): DHCP6 interfaces are reconfigured multiple times at boot when more than one interface is set to Track
Jim Pingle
12:54 AM Regression #11633: DHCP6 interfaces are reconfigured multiple times at boot when more than one interface is set to Track
fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/176 Viktor Gurov
12:04 AM Regression #11633: DHCP6 interfaces are reconfigured multiple times at boot when more than one interface is set to Track
correct example:... Viktor Gurov
11:29 AM pfSense Plus Bug #11630: WireGuard MultiWAN Not Failing Back to Tier 1
This also appears to be related to Bug #11613, where the user had to reboot pfSense to get WireGuard to follow the st... James Blanton
11:21 AM pfSense Plus Bug #11630: WireGuard MultiWAN Not Failing Back to Tier 1
FYI - The "nightly" build I was using during testing was 2.5.0.a.20210122.2350. James Blanton
10:58 AM Bug #11454: Gateway value for DHCP6 interfaces missing after RA events triggered script without gateway information
Victor- Any idea when this is going to get some attention? This issue really ripples thru out the system (e.g. Gatewa... Greg Shaffer
07:03 AM Bug #10708: ZFS bootpool boot symlink issue
I believe this is the root cause of the issue I hit when upgrading 2.4.5 to 2.5.0.
The original install was perfor... Boycee .
04:35 AM Bug #11635 (Duplicate): Changing alias resolves in broken rules
Duplicate of #11568 Viktor Gurov
03:56 AM Bug #11635 (Duplicate): Changing alias resolves in broken rules
After changing a alias's name from alias01 to alias02, all rules regarding this is broken. Also the source changes fr... Kristian Krautwald
01:04 AM pfSense Packages Regression #11634 (Resolved): bind hangs when pfsense is reconnecting as an openvpn client to a TUN openvpn server
I encounter a problem with bind since 2.5.0, it stops responding to queries each time an openvpn disconnection/connec... Stéphane BARBARAY

03/07/2021

11:42 PM Regression #11633 (Closed): DHCP6 interfaces are reconfigured multiple times at boot when more than one interface is set to Track
DHCP6 interface is restarted multiple times on boot if there is > 1 track interfaces that use it:... Viktor Gurov
11:36 PM Bug #11454: Gateway value for DHCP6 interfaces missing after RA events triggered script without gateway information
see also #11187 Viktor Gurov
11:32 PM pfSense Plus Bug #11630: WireGuard MultiWAN Not Failing Back to Tier 1
see also #11570 and #6370 Viktor Gurov
11:11 PM pfSense Packages Bug #11511 (Resolved): OSPF distribute List always empty
Viktor Gurov
11:11 PM pfSense Packages Bug #11517 (Resolved): Zebra Access List Names don't prevent spaces, but a whitespace in the name will stop FRR from starting
Viktor Gurov
11:11 PM Bug #11547: DNS Resolver does not bind to an interface when it recovers from a down state
Stéphane BARBARAY wrote:
> I encounter a similar problem with bind which stop responding each time an openvpn discon... Viktor Gurov
05:08 PM Bug #11631: OpenVPN client "Custom options" field drop end of line
In that case I propose that it also tread newlines as a separator. It would be more consistent with other similar fie... Patrick Northon
09:52 AM Bug #11631 (Not a Bug): OpenVPN client "Custom options" field drop end of line
Newlines are not meant to be respected there -- read the description on the field. Jim Pingle
12:11 AM Bug #11631 (Not a Bug): OpenVPN client "Custom options" field drop end of line
Whenever I restart one of my OpenVPN client, the "Custom options" field changes.
For example:
```
remote-cert-... Patrick Northon
03:11 PM Todo #10464: Don't change the current update repo when new releases are available
Steve Yates wrote:
> Perhaps a note at the top of the package pages...could be quickly added with limited testing.
... Steve Y
10:56 AM Todo #10464: Don't change the current update repo when new releases are available
I had a similar issue, with even less of an input from me.
To test my backup process, I saved a config.xml locally... Dr. Phil
11:21 AM pfSense Plus Regression #11436: State matching problem with reponses to packets arriving on non-default WANs
It looks like the reply traffic is not matching the state created by the inbound connection on the WAN.
The firewa... Steve Wheeler
11:09 AM Bug #9190: host override for pfsense box DNS name does not override IP of LAN interface
Jim Pingle wrote:
> I understood it correctly, and it's behaving exactly as expected. The system adds an internal "o... Andrew Bobulsky
04:42 AM pfSense Packages Bug #11632 (Duplicate): unbound service not restarted on pfBlocker-devel install/reinstall
SG-3100 running 21.02_1 pfB-devel 3.0.0_15
I noticed on my upgrade from 2.5.4-p1 that unbound wasn't running after... Loh Phat

03/06/2021

07:12 PM pfSense Packages Bug #11511: OSPF distribute List always empty
ACLs are shown up in OSPF GUI
fixed Alhusein Zawi
04:29 PM pfSense Docs New Content #9608: Add note about disabling secure boot when configuring a Hyper-V Gen 2 VM
Fred Bergeron wrote:
> *Page:* https://docs.netgate.com/pfsense/en/latest/recipes/virtualize-hyper-v.html
>
> *Fe... Michael Spears
04:14 PM pfSense Docs Correction #11145: Screenshots in "Virtualizing pfSense with Hyper-V" recipe are incorrect and outdated
Michael Spears wrote:
> James Eisele wrote:
> > *Page:* https://docs.netgate.com/pfsense/en/latest/recipes/virtuali... Michael Spears
04:12 PM pfSense Docs Correction #11145: Screenshots in "Virtualizing pfSense with Hyper-V" recipe are incorrect and outdated
James Eisele wrote:
> *Page:* https://docs.netgate.com/pfsense/en/latest/recipes/virtualize-hyper-v.html
>
> *Fee... Michael Spears
04:05 PM pfSense Docs Correction #11399: SG-3100 M.2 Installation Guide Reinstall Corrections
Kris Phillips wrote:
> Marcos Mendoza wrote:
> > 1. I believe "run recovery" wipes emmc, so separate instructions h... Michael Spears
03:37 PM Bug #11187: WAN_DHCP6 down, but IPv6 actually works
I'm seeing this too. Unless I hardcode a monitoring address (I use my ISP's linklocal end of the connection) the IPV... Loh Phat
10:20 AM pfSense Plus Regression #11504: CA and certificate validity end dates after 2038 are not handled properly on 32-bit ARM
bdaa35dcf31def521ba8c60c0aa9c41bf5005311 is working when applied to 21.02p1 on an SG-3100. The change hasn't made it ... Max Leighton
07:55 AM Bug #11547: DNS Resolver does not bind to an interface when it recovers from a down state
I encounter a similar problem with bind which stop responding each time an openvpn disconnection/connection is made..... Stéphane BARBARAY

03/05/2021

10:59 PM Bug #11602: Delayed packet transmission in cxgbe driver can lead to latency and reduced performance
Navdeep wrote in
——
The bug was first fixed in these commits in FreeBSD 14-current and 13:
https://www.google.com... Jim Thompson
09:03 PM pfSense Packages Bug #11517: Zebra Access List Names don't prevent spaces, but a whitespace in the name will stop FRR from starting
Access list does not accept names with spaces
fixed
Alhusein Zawi
04:31 PM pfSense Plus Bug #11630 (Closed): WireGuard MultiWAN Not Failing Back to Tier 1
When using a GW group for WAN failover, WireGuard will fail to Tier2 when the Tier1 GW is down. However, when Tier1 i... James Blanton
02:18 PM pfSense Packages Bug #11614: ACME certificate renewal/creation fails with multiple DNS providers
Right, and there is also no solution yet, but it's all the same problem with multiple (different) credentials.
Dep... Jim Pingle
02:04 PM pfSense Packages Bug #11614: ACME certificate renewal/creation fails with multiple DNS providers
Workaround in #8560 does not reliably work for this scenario of the bug. So effectively, there is no workaround. Ben Tyger
12:43 PM Bug #11629: PPPoE WAN IP address different than expected when set static by ISP
Perhaps this is another variation of #11545 and not a unique issue Jim Pingle
12:35 PM Bug #11629: PPPoE WAN IP address different than expected when set static by ISP
It seems like the IPs are assigned to the interface in ascending order no matter what pppoe server gives
(reverse ... Marcos M
08:33 AM Bug #11629: PPPoE WAN IP address different than expected when set static by ISP
Requested info has been added to the support ticket. Dan Rice
08:17 AM Bug #11629: PPPoE WAN IP address different than expected when set static by ISP
Our IP block and router status output is aleady attached to the support ticket. I will also attached the other info t... Dan Rice
08:14 AM Bug #11629 (Feedback): PPPoE WAN IP address different than expected when set static by ISP
We will need a lot more information here since it isn't happening to others that we're aware of yet.
Things like P... Jim Pingle
08:03 AM Bug #11629 (Resolved): PPPoE WAN IP address different than expected when set static by ISP
As per support ticket: #INC-77927
Hi, we've had this box and a previous one connecting to our service provider for... Dan Rice
11:21 AM Revision 779daee9: Typo fix. Issue #11624
Danilo Zrenjanin
10:23 AM pfSense Plus Regression #11436: State matching problem with reponses to packets arriving on non-default WANs
Marcos Mendoza wrote:
[...]
>
> I noticed the PPPoE gateway that was automatically created was outside of the sub... Grzegorz Krzystek
09:59 AM pfSense Plus Regression #11436: State matching problem with reponses to packets arriving on non-default WANs
Another report:
Port forward and firewall rules are in place on a secondary PPPoE WAN interface. Traffic comes in,... Marcos M
08:36 AM Bug #11624 (Feedback): Typo on Router Advertisements page
PR has been merged. Thanks! Renato Botelho
08:09 AM Bug #11624 (Pull Request Review): Typo on Router Advertisements page
Jim Pingle
05:24 AM Bug #11624: Typo on Router Advertisements page
Fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/175 Danilo Zrenjanin
08:33 AM pfSense Packages Feature #11349 (Feedback): Allow to set minimum TLS version
PR has been merged. Thanks! Renato Botelho
08:33 AM pfSense Packages Bug #11582 (Feedback): FreeRADIUS XML-RPC Sync doesn't sync all configuration sections
PR has been merged. Thanks! Renato Botelho
08:29 AM pfSense Packages Bug #11580 (Feedback): FTP client proxy - source and destination bypass limitation
PR has been merged. Thanks! Renato Botelho
08:26 AM pfSense Packages Bug #8827 (Feedback): Squidguard: ACL redirect modes 'redirect' and 'err page' send unresolvable URLs to the client.
PR has been merged. Thanks! Renato Botelho
08:25 AM pfSense Packages Bug #11620 (Feedback): OSPF Route Redistribution shows numbers instead of route map names
PR has been merged. Thanks! Renato Botelho
08:08 AM Feature #11164 (Pull Request Review): Input validation to prevent setting a load balancing gateway group as default
Jim Pingle
05:11 AM Feature #11164: Input validation to prevent setting a load balancing gateway group as default
Fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/174 Danilo Zrenjanin
08:06 AM pfSense Plus Bug #11626: Google LDAP connections fail due to lack of SNI for TLS 1.3
If OpenLDAP ldapsearch fails directly it's unlikely to be related to #9417
All the references I see to SNI seem fa... Jim Pingle
02:07 AM pfSense Plus Bug #11626: Google LDAP connections fail due to lack of SNI for TLS 1.3
may be related to #9417 Viktor Gurov
02:02 AM pfSense Plus Bug #11626 (Resolved): Google LDAP connections fail due to lack of SNI for TLS 1.3
https://forum.netgate.com/topic/161725/google-ldap-connection-failed:
I have a problem after update my Netgate XG-... Viktor Gurov
08:00 AM Bug #11428 (Pull Request Review): CPU details are incorrect in the System Information widget after resetting log files
Jim Pingle
12:26 AM Bug #11428: CPU details are incorrect in the System Information widget after resetting log files
Jim Pingle wrote:
> The dmesg.boot file is the copy of the kernel message buffer for that purpose.
>
> Resetting ... Viktor Gurov
06:59 AM Regression #11570: Gateway monitoring services is not always restarted on interface events, which may prevent a WAN from recovering back to an online state
related to #10716 and #11298 (?) Viktor Gurov
06:31 AM pfSense Packages Bug #11628 (Resolved): ftp-proxy error messages in logs
Disabled ftp-proxy package causes errors in log:... Viktor Gurov
06:29 AM pfSense Packages Bug #11627 (Resolved): rc file is not deleted
After disabling the arpwatch service, `/usr/local/etc/rc.d/arpwatch.sh` still exists
and you can see errors in log:
... Viktor Gurov
04:52 AM pfSense Packages Feature #11405 (Resolved): add RPKI route map in GUI
frr 1.1.0_7 Viktor Gurov
04:51 AM pfSense Packages Feature #11405: add RPKI route map in GUI
already there ('Enable BGP RPKI' option)
works as expected:... Viktor Gurov
04:21 AM pfSense Packages Feature #11405 (New): add RPKI route map in GUI
"-M rpki" must be added to bgpd daemon command line,
see https://docs.frrouting.org/en/latest/bgp.html#enabling-rpki... Viktor Gurov
02:58 AM Bug #11619: Unable to upgrade 2.4.4-p3 to 2.5/21.02-p1
same issue with updating 2.3.5 to 2.4.4-p3/2.4.5-p1:... Viktor Gurov
02:38 AM pfSense Packages Feature #9315: Add Package: dnscrypt-proxy
According to "DNSCrypt Options" at https://nlnetlabs.nl/documentation/unbound/unbound.conf/ it seems the DNScrypt in ... Idar Lund
12:35 AM Feature #11625 (New): Cisco-AVPair aliases support
It would be very helpful to enable the use of aliases in the Cisco-AVPair parser.
This will allow to create quick an... Viktor Gurov

03/04/2021

11:47 PM Bug #11624 (Resolved): Typo on Router Advertisements page
Small typo on services_router_advertisements.php page. under "Router Lifetime" it says "The default is 3 * *Maximim* ... Mischa De Pol
11:03 PM pfSense Packages Bug #11546 (Resolved): incorrect 'set as-path' command
Viktor Gurov
09:08 PM pfSense Packages Bug #11546: incorrect 'set as-path' command
"Set" option is not in options list.
 Alhusein Zawi
06:40 PM Regression #11316: Unbound crashes with signal 11 when reloading
I'm losing DNS every day or so with pfsense 2.5. I'm using the latest from "pkg update".
If there's anything I can d... Mike Farmwald
05:42 PM Feature #11164: Input validation to prevent setting a load balancing gateway group as default
Seems simple enough to fix (with the message) and the GUI is misleading. Jim Thompson
04:25 PM Revision 4f1eb41c: Do not run post-install during build
(cherry picked from commit 2524d5483f97c5b6594b623113056408291b1ae1) Renato Botelho
04:25 PM Revision 2524d548: Do not run post-install during build
Renato Botelho
03:05 PM Bug #11539 (Feedback): Mobile IPsec ``split_include`` value of ``0.0.0.0/0`` causes some clients to fail
Jim Pingle
03:05 PM Bug #11539: Mobile IPsec ``split_include`` value of ``0.0.0.0/0`` causes some clients to fail
I can't find a client that can reproduce this so I can't confirm a fix. Attached is a patch which will omit 0.0.0.0/0... Jim Pingle
02:19 PM Bug #11428: CPU details are incorrect in the System Information widget after resetting log files
The dmesg.boot file is the copy of the kernel message buffer for that purpose.
Resetting log files should not be n... Jim Pingle
01:44 PM Bug #11428: CPU details are incorrect in the System Information widget after resetting log files
Would it work to just copy the file to dmesg.boot.current or whatever, after each boot, and then parse that? It shou... Steve Y
09:52 AM pfSense Packages Bug #11449 (Resolved): BIND fails during/after upgrade to 21.02/2.50
Renato Botelho
09:16 AM pfSense Packages Bug #11449: BIND fails during/after upgrade to 21.02/2.50
It did fix the issue for me. Tchello Mello
08:47 AM pfSense Packages Bug #11449: BIND fails during/after upgrade to 21.02/2.50
Is this bug fixed with the new version of the bind package release for pfsense ? Stefan Andersson
09:35 AM pfSense Docs Todo #11623 (Duplicate): Update AWS VPC Wizard Documentation
Duplicate of #11622 Jim Pingle
09:31 AM pfSense Docs Todo #11623 (Duplicate): Update AWS VPC Wizard Documentation
The documentation for the AWS VPC wizard is out of date on its screenshots and missing information. See attached cur... Kris Phillips
09:23 AM pfSense Docs Todo #11597 (Closed): Feedback on Troubleshooting — Troubleshooting Upgrades
Fixed, will show up momentarily when the docs rebuild.
 Jim Pingle
09:21 AM pfSense Docs Todo #11597 (In Progress): Feedback on Troubleshooting — Troubleshooting Upgrades
Yes, that should be updated to the new name. Thanks!
 Jim Pingle
09:14 AM pfSense Packages Bug #11620 (Pull Request Review): OSPF Route Redistribution shows numbers instead of route map names
Jim Pingle
05:23 AM pfSense Packages Bug #11620: OSPF Route Redistribution shows numbers instead of route map names
fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/66 Viktor Gurov
05:09 AM pfSense Packages Bug #11620 (Resolved): OSPF Route Redistribution shows numbers instead of route map names
Routing using routing protocols has basically been broken to some extent. In my case I'm doing advanced routing with ... Viktor Gurov
09:12 AM pfSense Docs Correction #11154 (Closed): Feedback on Cellular Wireless — Known Working 3G-4G Modems
PR merged Jim Pingle
03:59 AM pfSense Docs Correction #11154: Feedback on Cellular Wireless — Known Working 3G-4G Modems
https://gitlab.netgate.com/docs/pfSense-docs/-/merge_requests/8 Viktor Gurov
09:11 AM pfSense Docs Todo #11622: Update pfSense VPC VPN Configuration Wizard docs
https://docs.netgate.com/pfsense/en/latest/packages/aws-vpc-wizard/using-the-wizard.html#using-the-wizard Danilo Zrenjanin
09:10 AM pfSense Docs Todo #11622 (New): Update pfSense VPC VPN Configuration Wizard docs
The screenshots are outdated.
There is a new field Assume Role ARN, which is not explained in our docs. Danilo Zrenjanin
08:11 AM Bug #4521: OpenVPN authentication and certificate validation fail due to size of data passed through ``fcgicli``
This patch should also take ovpn_auth_verify_async into consideration, right? i do have the issue, but not because of... Thomas Högemann
06:07 AM Bug #4521: OpenVPN authentication and certificate validation fail due to size of data passed through ``fcgicli``
Summer Sea wrote:
> Viktor Gurov wrote:
> > You need to install the System Patches package and paste the content of... Viktor Gurov
05:02 AM Bug #4521: OpenVPN authentication and certificate validation fail due to size of data passed through ``fcgicli``
Viktor Gurov wrote:
> You need to install the System Patches package and paste the content of 154.diff
> see https:... Summer Sea
04:36 AM Bug #4521: OpenVPN authentication and certificate validation fail due to size of data passed through ``fcgicli``
Summer Sea wrote:
> Viktor Gurov wrote:
> > Summer Sea wrote:
> > > In the pfsense FE 21.02 the issue is still pre... Viktor Gurov
04:20 AM Bug #4521: OpenVPN authentication and certificate validation fail due to size of data passed through ``fcgicli``
Viktor Gurov wrote:
> Summer Sea wrote:
> > In the pfsense FE 21.02 the issue is still present, but I don't get ho... Summer Sea
05:57 AM pfSense Docs Todo #11621 (Closed): Feedback on High Availability
already there Viktor Gurov
05:34 AM pfSense Docs Todo #11621 (Closed): Feedback on High Availability
*Page:* https://docs.netgate.com/pfsense/en/latest/highavailability/index.html
*Feedback:*
Add the https://do... Viktor Gurov
04:10 AM Bug #11619 (New): Unable to upgrade 2.4.4-p3 to 2.5/21.02-p1
issue with upgrading 2.4.4-p3 to 2.5/21.02-p1:... Viktor Gurov

03/03/2021

09:24 PM Revision 89b1338a: Fix typo
(cherry picked from commit 361ad87b85fdc0f97a2d7f3dcb6ec439e105e320) Jim Pingle
09:24 PM Revision 361ad87b: Fix typo
Jim Pingle
07:53 PM Revision e85c56b3: Add missing break
(cherry picked from commit f26a816b7080f0ef45a8cb3938cfd878dbaef71e) Renato Botelho
07:53 PM Revision f26a816b: Add missing break
Renato Botelho
07:15 PM Revision ae3d3397: Rework WOL page a bit. Fixes #11616
* Eliminate duplicate code
* Fix output encoding
* Additional validation
* Use POST when waking all devices
(cherry ... Jim Pingle
07:14 PM Revision 2e94828c: Rework WOL page a bit. Fixes #11616
* Eliminate duplicate code
* Fix output encoding
* Additional validation
* Use POST when waking all devices Jim Pingle
04:23 PM Bug #9460: OpenVPN local auth failing due to fcgicli output
Applying the patch from #4521 fixed the certificate verify before the AUTH_FAILED for me and applying ce76f299853dccb... Elon l
03:38 PM Bug #9460: OpenVPN local auth failing due to fcgicli output
Another report of this issue. Setup is pfSense 21.02p1 OpenVPN + RADIUS + Yubikey. Logs show:... Marcos M
04:17 PM pfSense Packages Bug #11618 (Closed): WireGuard using incorrect IPv6 tunnel address prefix length
Example; if I specify a tunnel with address fc00:bbbb:bbbb:bb01::9:xxxx/128, this is how it gets configured:... Reza Arbab
03:41 PM Bug #11609 (Pull Request Review): CLI interface configuration without IPv6 leaves RA enabled
Jim Pingle
07:51 AM Bug #11609: CLI interface configuration without IPv6 leaves RA enabled
related to #11367
fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/172 Viktor Gurov
04:40 AM Bug #11609 (Closed): CLI interface configuration without IPv6 leaves RA enabled
This occurred on a completely new install, version 2.5.0-RELEASE.
Specs:
Mainboard: ASUS ROG MAXIMUS IX FORMULA
... George Doe
03:39 PM pfSense Packages Bug #8827 (Pull Request Review): Squidguard: ACL redirect modes 'redirect' and 'err page' send unresolvable URLs to the client.
Jim Pingle
04:12 AM pfSense Packages Bug #8827: Squidguard: ACL redirect modes 'redirect' and 'err page' send unresolvable URLs to the client.
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/65 Viktor Gurov
03:38 PM Bug #11600 (Pull Request Review): WireGuard interfaces should have MSS clamping enabled by default
Jim Pingle
03:21 AM Bug #11600: WireGuard interfaces should have MSS clamping enabled by default
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/171 Viktor Gurov
03:38 PM Bug #11104 (Pull Request Review): OpenVPN does not start with several authentication sources selected
Jim Pingle
02:51 AM Bug #11104: OpenVPN does not start with several authentication sources selected
input validation:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/170 Viktor Gurov
03:31 PM pfSense Packages Feature #11349 (Pull Request Review): Allow to set minimum TLS version
Jim Pingle
12:09 AM pfSense Packages Feature #11349: Allow to set minimum TLS version
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/64 Viktor Gurov
03:17 PM Bug #11606 (Rejected): Wireguard AllowedIPs filtering issue
I can't replicate this as stated. I have a tunnel with multiple peers and the peers can only communicate with the add... Jim Pingle
02:52 PM pfSense Plus Bug #11615: OpenVPN + Ldap broken in 21.02-RELEASE-p1
Read all of the recent notes, it's a general problem with fcgicli that manifests in multiple ways, including validati... Jim Pingle
02:46 PM pfSense Plus Bug #11615: OpenVPN + Ldap broken in 21.02-RELEASE-p1
I do not believe this is a duplicate
here the longest cert
1) ST=CA, OU=XXXXXX, O=XXXXXX Technologies Inc, L=XXXX... Luc Suryo
11:22 AM pfSense Plus Bug #11615 (Duplicate): OpenVPN + Ldap broken in 21.02-RELEASE-p1
Almost certainly a duplicate of #4521 (See notes there with attached patches to try).
If that doesn't help, please... Jim Pingle
11:20 AM pfSense Plus Bug #11615 (Duplicate): OpenVPN + Ldap broken in 21.02-RELEASE-p1
We recently upgraded to 21.02-RELEASE-p1 (AWS)
And since we see an odd behavior that prevent user to login
OpenLD... Luc Suryo
02:39 PM Bug #11617 (Closed): Unexpected Operator error on console at boot with ZFS and RAM Disks
after mounting filesystems, the console returns the following error at boot:... Steve R
01:25 PM pfSense Packages Bug #10642 (Duplicate): ACME certificate renewal with DNS-Gandi method fails when using multiple Gandi keys
Same root problem as #8560 Jim Pingle
01:25 PM Bug #11616 (Feedback): Potential stored XSS vulnerability in services_wol.php
Applied in changeset commit:2e94828cd021a8f0fd1a89475f6e0f4bb2f5805f. Jim Pingle
12:21 PM Bug #11616 (Closed): Potential stored XSS vulnerability in services_wol.php
There is a potential stored XSS in services_wol.php.
When waking all devices (@services_wol.php?wakeall=true@) the... Jim Pingle
01:25 PM pfSense Packages Bug #11614 (Duplicate): ACME certificate renewal/creation fails with multiple DNS providers
Same root problem as #10642 and #8560 Jim Pingle
09:50 AM pfSense Packages Bug #11614 (Duplicate): ACME certificate renewal/creation fails with multiple DNS providers
When trying to issue/renew ACME certificates to multiple different DNS providers with the DNS verification method, th... Ben Tyger
11:57 AM Bug #2218: CARP VIPs can become master too early at boot time
Jim Pingle wrote:
> Read the text you quoted again. Eventually a better solution may come along. It's entirely mitig... Le Cygne
08:47 AM Bug #2218: CARP VIPs can become master too early at boot time
Read the text you quoted again. Eventually a better solution may come along. It's entirely mitigated by maintenance m... Jim Pingle
08:24 AM Bug #2218: CARP VIPs can become master too early at boot time
Jim Pingle wrote:
> I didn't close the ticket and say it wouldn't be addressed eventually. When this old ticket was ... Le Cygne
11:10 AM Bug #7138: Pfsense wide dhcpv6 client doesn't recognise ifid statement
Hello,
this would also fix a problem on the PPPoE interface. My provider only supports DHCPv6-IA_PD and not DHCPv6-I... Jost Schoenleben
08:37 AM Bug #11613 (Rejected): Pushing WireGuard traffic out a specific GW using static routes requires a reboot to revert.
I initially had my WireGuard traffic going out a secondary WAN using a static route with the remote wireguard endpoin... Christian McDonald
08:12 AM Bug #11612 (Duplicate): CARP-based master takes over before it fully syncs required data
Same root problem as #2218 Jim Pingle
08:04 AM Bug #11612 (Duplicate): CARP-based master takes over before it fully syncs required data
Hello there! I have two pfsense 2.4.5p1. They are set up for failover via CARP. Everything works fine including the f... Le Cygne
07:38 AM Bug #11611 (Duplicate): Multi WAN Static Routes & NAT failure on multiple interfaces
Likely the same root cause as #11436
Though that has a lot more information, so this isn't necessary. Jim Pingle
07:30 AM Bug #11611 (Duplicate): Multi WAN Static Routes & NAT failure on multiple interfaces
I just discovered that pFsense 2.6.0.a.20210302.0100
fails to route traffic on static routes configured on multiple... Shepherd Nhongo
07:13 AM Bug #11607 (Duplicate): Clicking Connect VPN on the IPsec Status page establish the tunnel
Duplicate of #11486 Jim Pingle
05:29 AM pfSense Packages Bug #11610: NET-SNMP is not setting the correct permissions on AgentX
Unable to reproduce with FRR pkg 1.1.0_8 -
frr starts successfully with the "Enable agentx" option:... Viktor Gurov
05:11 AM pfSense Packages Bug #11610 (New): NET-SNMP is not setting the correct permissions on AgentX
When we go to FRR -> Global Settings -> (Scroll down to "Modules" and tick the "Enable agentx support for accessing F... Yif Swery
03:01 AM Bug #4521: OpenVPN authentication and certificate validation fail due to size of data passed through ``fcgicli``
Thanks a lot for the patch! After updating to 21.02-RELEASE-p1, the OpenVPN failed to connect. I use an own CA with d... Foo Bar
02:57 AM Bug #6880: Multiple DHCP6 WAN connections leads to multiple dhcp6c clients
This issue still isn't fixed with 2.5.0. Car F
02:06 AM pfSense Docs New Content #11608 (Closed): Interfaces order of XG-7100 Quad-Port 10GbE Fiber SFP+ Installation Kit
It's not documented what would be the order of the interface once this card is deployed in XG-7100-1u.
https://doc... Danilo Zrenjanin

03/02/2021

10:48 PM Regression #11475: Route tables with many entries can lead to PHP errors and timeouts when looking up routes
With patch 7990de53bfc8267d1dd96636a175929a35cbe664
and patch 169.diff applied, the errors didn't show anymore.
T... Dirk Meyer
08:58 AM Regression #11475 (Pull Request Review): Route tables with many entries can lead to PHP errors and timeouts when looking up routes
Jim Pingle
06:57 AM Regression #11475: Route tables with many entries can lead to PHP errors and timeouts when looking up routes
Please try this patch
extra fix for route_get() and route_del():
https://gitlab.netgate.com/pfSense/pfSense/-/m... Viktor Gurov
06:00 AM Regression #11475: Route tables with many entries can lead to PHP errors and timeouts when looking up routes
Thanks, I can verify now the dashboard works again.
But while on system_gateways.php I pressed Save:... Dirk Meyer
05:01 AM Regression #11475: Route tables with many entries can lead to PHP errors and timeouts when looking up routes
Dirk Meyer wrote:
> note: The patch is an improvement, but it doesn't solve the issue.
You need to apply patch ID... Viktor Gurov
04:53 AM Regression #11475: Route tables with many entries can lead to PHP errors and timeouts when looking up routes
note: The patch is an improvement, but it doesn't solve the issue.
 Dirk Meyer
08:49 PM Bug #4521: OpenVPN authentication and certificate validation fail due to size of data passed through ``fcgicli``
I'm having the same exact issue after updating aws pfsense appliance to 21.02_1. The only branches I see on the Syste... Alex P
04:46 AM Bug #4521: OpenVPN authentication and certificate validation fail due to size of data passed through ``fcgicli``
Summer Sea wrote:
> In the pfsense FE 21.02 the issue is still present, but I don't get how to fix it:
Please tr... Viktor Gurov
02:03 AM Bug #4521: OpenVPN authentication and certificate validation fail due to size of data passed through ``fcgicli``
In the pfsense FE 21.02 the issue is still present, but I don't get how to fix it:
```
[21.02-RELEASE]/root: /us... Summer Sea
08:36 PM pfSense Packages Bug #11590: pfBlocker Issue when IPv6 is disabled
Fixed in pfBlockerNG-devel v3.0.0_14 BBcan177 .
06:50 PM Bug #11607 (Duplicate): Clicking Connect VPN on the IPsec Status page establish the tunnel
In 21.02, interesting traffic has to be generated to bring up an IPsec tunnel. Regardless of whether pfSense itself c... Max Leighton
05:26 PM Feature #11589: Fix iftop experimental traffic fetcher, unify and improve output style
Rounding was fixed to display no decimals with bits or exactly one decimal when kilobits or larger units are used.
... Ashus CZ
04:20 PM Bug #11606 (Rejected): Wireguard AllowedIPs filtering issue
There is potential problem with filtering AllowedIPs in Wireguard server.
To demonstrate it is enough to setup basic... Sylwester Baranski
03:22 PM Bug #11595: Unbound responds with SERVFAIL when resolving DNS record through more than 8 CNAMEs due to hardcoded limit
Tyler Szabo wrote:
> Query Name Minimization was disabled for me and I just checked both states and it appears to st... Jim Pingle
03:19 PM Bug #11595: Unbound responds with SERVFAIL when resolving DNS record through more than 8 CNAMEs due to hardcoded limit
Query Name Minimization was disabled for me and I just checked both states and it appears to still occur. It's possib... Tyler Szabo
07:53 AM Bug #11595 (Not a Bug): Unbound responds with SERVFAIL when resolving DNS record through more than 8 CNAMEs due to hardcoded limit
Turn off "Query Name Minimization" in the Unbound advanced settings. With that off I can resolve the host you show, w... Jim Pingle
01:59 AM Bug #11595: Unbound responds with SERVFAIL when resolving DNS record through more than 8 CNAMEs due to hardcoded limit
Title should read "Unbound" not sure how I got "Unblound" in there. Tyler Szabo
01:58 AM Bug #11595 (Not a Bug): Unbound responds with SERVFAIL when resolving DNS record through more than 8 CNAMEs due to hardcoded limit
Query to pfSense:... Tyler Szabo
02:27 PM Bug #11541: OpenVPN status does not work properly when set to TCP and Concurrent Connections = 1
Jim Pingle wrote:
> Not that I'd expect that to cause a problem, but why would you set that to 1? It doesn't make mu... Ryan Fitton
01:59 PM Bug #11454: Gateway value for DHCP6 interfaces missing after RA events triggered script without gateway information
Greg Shaffer wrote:
> I noticed that both /tmp/em0_routerv6 and /tmp/em0_defaultgwv6 were empty while the ipv4 versi... Eric B
01:33 PM Bug #11454: Gateway value for DHCP6 interfaces missing after RA events triggered script without gateway information
Mike Loiterman wrote:
> When you reference /tmp/*_defaultgwv6 and /tmp/*_routerv6, or you actually creating a file c... Anonymous
12:07 PM Bug #11454: Gateway value for DHCP6 interfaces missing after RA events triggered script without gateway information
Dennis P wrote:
> Greg Shaffer wrote:
> > I believe both of these files will be rewritten if you make a change to y... Mike Loiterman
11:05 AM Bug #11454: Gateway value for DHCP6 interfaces missing after RA events triggered script without gateway information
Greg Shaffer wrote:
> I believe both of these files will be rewritten if you make a change to your WAN or you reboot... Anonymous
11:01 AM Bug #11454: Gateway value for DHCP6 interfaces missing after RA events triggered script without gateway information
Dennis P wrote:
> Greg Shaffer wrote:
> > #echo $2 > /tmp/em0_routerv6
> > echo "fe80::X:X:X:X" > /tmp/em0_routerv... Greg Shaffer
07:58 AM Bug #11454: Gateway value for DHCP6 interfaces missing after RA events triggered script without gateway information
Greg Shaffer wrote:
> UPDATE:
>
> Here is a diff of my changes to /etc/inc/interfaces.inc
Thank you Greg.
T... Pete C
12:57 PM Bug #11603 (Rejected): Pfsense 2.5.0 : MultiWan with rules default gateway not work
This site is not for support or diagnostic discussion.
For assistance in solving problems, please post on the "Net... Jim Pingle
12:23 PM Bug #11603 (Rejected): Pfsense 2.5.0 : MultiWan with rules default gateway not work
Hi,
I have a problem with updating pfsense. Everything works fine on version 2.4.X
I have a configured multiwan ... Lars Lars
12:30 PM Bug #11602: Delayed packet transmission in cxgbe driver can lead to latency and reduced performance
Also see: https://forum.netgate.com/topic/160974/upgraded-to-2-5-0-now-seeing-ping-spikes Steve Wheeler
11:44 AM Bug #11602 (Resolved): Delayed packet transmission in cxgbe driver can lead to latency and reduced performance
In some situations the cxgbe driver can introduce latency in 2.5.
It looks as though that is caused by a driver is... Steve Wheeler
12:27 PM pfSense Packages Bug #11605 (Closed): Suricata can trigger PHP crash on SG-3100
Suricata and SNORT won't start on 21.02p1 SG3100. Appears to be an issue related to PHP see the following post for mo... Justin P
12:26 PM Feature #11604 (New): WireGuard Dynamic Listen Port Randomization
In CGNAT situations, like failing over to an LTE WAN for instance, it can be problematic to have the listen address o... Christian McDonald
12:17 PM Bug #11502: WireGuard ``matchaddr failed`` kernel messages in system log
Jim Pingle wrote:
> Mark Howells wrote:
> > Maybe - I may be just conflating the matchaddr issue with my issue.
> ... Mark Howells
11:22 AM Bug #11502: WireGuard ``matchaddr failed`` kernel messages in system log
Mark Howells wrote:
> Maybe - I may be just conflating the matchaddr issue with my issue.
>
> Do you need me to r... Jim Pingle
11:18 AM Bug #11502: WireGuard ``matchaddr failed`` kernel messages in system log
Maybe - I may be just conflating the matchaddr issue with my issue.
Do you need me to raise a fresh issue?
 Mark Howells
11:02 AM Bug #11502: WireGuard ``matchaddr failed`` kernel messages in system log
That looks unrelated to this issue. I can connect multiple clients and ping them, but with the remotes being dynamic ... Jim Pingle
10:28 AM Bug #11502: WireGuard ``matchaddr failed`` kernel messages in system log
Jim Pingle wrote:
> Adam Esslinger wrote:
> > I noticed that there were additional "LAN" network that weren't defin... Mark Howells
07:18 AM Bug #11502: WireGuard ``matchaddr failed`` kernel messages in system log
Adam Esslinger wrote:
> I noticed that there were additional "LAN" network that weren't defined in the WireGuard all... Jim Pingle
07:11 AM Bug #11502: WireGuard ``matchaddr failed`` kernel messages in system log
Kevin Mychal Ong wrote:
> This is not isolated to when using multiple peers. It also happens to many people with jus... Jim Pingle
07:10 AM Bug #11502: WireGuard ``matchaddr failed`` kernel messages in system log
I was able to resolve this issue however I'm not sure which thing I did that resolved it so here is what I changed.
... Adam Esslinger
11:19 AM pfSense Packages Bug #11449: BIND fails during/after upgrade to 21.02/2.50
Hello everybody,
I became aware of this bug report after finding this forum thread via googling: https://forum.net... Andreas Grommek
10:25 AM pfSense Packages Feature #11601: Ability to disable/stop Service Watchdog
There is no need for two separate issues for the same problem. Any work to solve the other issue should stay on that ... Jim Pingle
10:21 AM pfSense Packages Feature #11601: Ability to disable/stop Service Watchdog
Jim Pingle wrote:
> Duplicate of #11490
#11490 describes symptoms, this request suggest a solution. Yuri Weinstein
10:15 AM pfSense Packages Feature #11601 (Duplicate): Ability to disable/stop Service Watchdog
Duplicate of #11490 Jim Pingle
10:09 AM pfSense Packages Feature #11601 (Duplicate): Ability to disable/stop Service Watchdog
Use case: before upgrading a package like pfBlockerNG I remove `pfb_dnsbl`, `pfb_filter` and `unbound` from Service W... Yuri Weinstein
09:12 AM Bug #11600 (Not a Bug): WireGuard interfaces should have MSS clamping enabled by default
It would seem that there is an upstream bug with wireguard icmp and path discovery (?) : https://git.kernel.org/pub/s... Christian McDonald
09:12 AM Bug #11599 (Resolved): Modifying static routes results in a logged error, changes are not reflected in routing table
When modifying an existing static route, e.g. changing subnet to be routed, the modified route is added to the curren... Roland Volkmann
08:57 AM Feature #11596 (Pull Request Review): Support for Cisco AVPair ``{clientipv6}`` template in firewall rules returns by RADIUS
Jim Pingle
03:24 AM Feature #11596: Support for Cisco AVPair ``{clientipv6}`` template in firewall rules returns by RADIUS
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/168 Viktor Gurov
03:13 AM Feature #11596 (Closed): Support for Cisco AVPair ``{clientipv6}`` template in firewall rules returns by RADIUS
Currently it's possible to use template variable "{clientip}", that is replaced with the connecting clients VPN IP (#... Viktor Gurov
08:56 AM Regression #11594 (Pull Request Review): IPv6 routes with a prefix length of 128 result in an invalid route table entry
Jim Pingle
01:51 AM Regression #11594: IPv6 routes with a prefix length of 128 result in an invalid route table entry
Using `-net` argument with /128 netmask produces invalid routes, i.e.:... Viktor Gurov
12:58 AM Regression #11594 (Closed): IPv6 routes with a prefix length of 128 result in an invalid route table entry
After adding fc00:1234::1234/128 via fc00:129::bbbb route, I see an invalid route in the routing table:... Viktor Gurov
08:11 AM pfSense Packages Bug #11543 (Duplicate): SquidGuard 1.16.18_15 - returning wrong page
duplicate of #8827 Viktor Gurov
04:40 AM pfSense Packages Bug #11543: SquidGuard 1.16.18_15 - returning wrong page
I can reproduce this issue in SSL/MITM Mode = "Splice Whitelist, Bump Otherwise"
in "Splice All" mode returns the co... Viktor Gurov
08:10 AM Bug #11583: dashboard nginx 504 Gateway time-out error
1. The log parser has no idea how far back it needs to go to find enough usable entries and it has to include rotated... Jim Pingle
07:00 AM Bug #11583: dashboard nginx 504 Gateway time-out error
I still believe this to be a bug, here is why:
1. When the firewall logs widget is on the dashboard its set to only ... Adam Esslinger
07:42 AM Regression #11550 (New): Segmentation fault when loading ALTQ traffic shaping rules using FAIRQ
OK, thanks for checking on that. I've updated the subject to reflect that it's specific to FAIRQ. Jim Pingle
01:07 AM Regression #11550: Segmentation fault when loading ALTQ traffic shaping rules using FAIRQ
Jim Pingle wrote:
> Have you tried only using FAIRQ instead of only using PRIQ? It's not clear from the symptom beha... Thorsten Zitterell
05:04 AM pfSense Packages Bug #11582: FreeRADIUS XML-RPC Sync doesn't sync all configuration sections
Alexis Mestag wrote:
> It seems I don't have access to https://gitlab.netgate.com/.
> Is there a way for me to see ... Viktor Gurov
03:40 AM pfSense Packages Bug #11582: FreeRADIUS XML-RPC Sync doesn't sync all configuration sections
It seems I don't have access to https://gitlab.netgate.com/.
Is there a way for me to see the patch (out of curiosit... Alexis Mestag
04:31 AM pfSense Docs Todo #11597 (Closed): Feedback on Troubleshooting — Troubleshooting Upgrades
*Page:* https://docs.netgate.com/pfsense/en/latest/troubleshooting/upgrades.html
*Feedback:*
I recently upgrade... Jamison Guyton
04:00 AM pfSense Packages Bug #10608 (Feedback): Update squid port to 4.11-p2
Squid version in pfSense 2.5/21.02 is 4.13:... Viktor Gurov
03:58 AM pfSense Packages Feature #11060 (Resolved): Block access to consumer Google accounts
works as expected on Squid pkg 0.4.45_3 - it blocks access to google accounts and adds youtube safesearch restrictions Viktor Gurov
02:56 AM Bug #11593 (Duplicate): NAT / Port Forward Stop Working
pfblocker php error - duplicate of #11590
port forwarding issue - duplicate of #11436 Viktor Gurov
12:16 AM Bug #11593 (Duplicate): NAT / Port Forward Stop Working
Good Morning,
Since upgrading to 2.5, which otherwise works very well, I have the issue that Port Forwarding stops... Martin Kusch

03/01/2021

11:44 PM Bug #11502: WireGuard ``matchaddr failed`` kernel messages in system log
This is not isolated to when using multiple peers. It also happens to many people with just 1 peer (site to site). Do... Kevin Mychal Ong
02:15 PM Bug #11502: WireGuard ``matchaddr failed`` kernel messages in system log
I have the same issue. Loads of "matchaddr failed" messages and any WG tunnel with more than a single peer fails.
I ... Mark Howells
11:20 PM pfSense Packages Bug #11591 (Duplicate): Could not install node exporter
duplicate of #11515
See fix in the next node_exporter version:
https://github.com/pfsense/FreeBSD-ports/commit/6e... Viktor Gurov
09:58 PM pfSense Packages Bug #11591 (Duplicate): Could not install node exporter
I tried to install node_exporter and whilst the install appeared to complete successfully, I noticed it did not appea... Mark De Souza
10:01 PM pfSense Packages Bug #11592 (New): Node exporter can not read system statistics
Each time I curl <ip of router>:9100 I receive the following log error:
level=error ts=2021-03-02T03:55:34.739Z ca... Mark De Souza
09:06 PM pfSense Packages Bug #11572: Auto created firewall rules have IPv4 as protocol only - even for IPv6 lists.
There are a couple items to iron out in devel, so don't think too long. BBcan177 .
04:02 PM pfSense Packages Bug #11572: Auto created firewall rules have IPv4 as protocol only - even for IPv6 lists.
Confirmed - created as an IPv6 rule in beta. Just means that all those out there using the "release" version are at r... Dave Tickem
09:01 PM pfSense Packages Bug #11590 (Closed): pfBlocker Issue when IPv6 is disabled
I noticed a crash report this morning when I logged into pfsense. I have ipv6 disabled on my pfsense box but it appea... Mark De Souza
06:52 PM Feature #11589 (Pull Request Review): Fix iftop experimental traffic fetcher, unify and improve output style
There were several problems with iftop fetcher.
Although it offered IPv6 unlike "rate" tool, its output is limited... Ashus CZ
06:34 PM pfSense Packages Bug #11585: WireGuard kernel panic when changing peer port on assigned WireGuard interface
Interestingly enough, I haven't had any panics on my cloud instances hosted on Vultr, though my instances hosted on-p... Christian McDonald
02:24 PM pfSense Packages Bug #11585: WireGuard kernel panic when changing peer port on assigned WireGuard interface
Parts of the backtrace are similar to #11586 but it's not an exact match. Jim Pingle
02:22 PM pfSense Packages Bug #11585 (New): WireGuard kernel panic when changing peer port on assigned WireGuard interface
Jim Pingle
02:22 PM pfSense Packages Bug #11585 (Closed): WireGuard kernel panic when changing peer port on assigned WireGuard interface
Jim Pingle
02:19 PM pfSense Packages Bug #11585: WireGuard kernel panic when changing peer port on assigned WireGuard interface
That does appear to be one we haven't seen yet:... Jim Pingle
02:06 PM pfSense Packages Bug #11585: WireGuard kernel panic when changing peer port on assigned WireGuard interface
Also hitting this when changing the port on the local wg interface...sometimes. Sometimes changing the port is fine, ... Christian McDonald
01:59 PM pfSense Packages Bug #11585 (Closed): WireGuard kernel panic when changing peer port on assigned WireGuard interface
All I did was change the port on peer 0. Christian McDonald
05:34 PM Regression #11316: Unbound crashes with signal 11 when reloading
I have the same issue, after updating two of my pfsense boxes I see abut 4 to 5 messages from each per hour
"Ser... Vöggur Guðmundsson
05:29 PM Bug #11454: Gateway value for DHCP6 interfaces missing after RA events triggered script without gateway information
Greg Shaffer wrote:
> #echo $2 > /tmp/em0_routerv6
> echo "fe80::X:X:X:X" > /tmp/em0_routerv6
> #echo $2 > /tmp/em... Anonymous
12:12 AM Bug #11454: Gateway value for DHCP6 interfaces missing after RA events triggered script without gateway information
Thank you @Greg Schaffer, that worked for me! Car F
02:49 PM Bug #11578 (Pull Request Review): Error when removing automatic DNS server route
Jim Pingle
02:30 PM Bug #11578: Error when removing automatic DNS server route
fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/166 Viktor Gurov
07:45 AM Bug #11578: Error when removing automatic DNS server route
Looks like that route command is missing @-inet6@ somehow.
Fixed up subject and category. Jim Pingle
02:25 AM Bug #11578 (Closed): Error when removing automatic DNS server route
The log stats:
/system.php: The command '/sbin/route -q delete -host 2001:4860:4860::8888 'dynamic'' returned exit... Kristian Krautwald
02:47 PM pfSense Packages Bug #11582 (Pull Request Review): FreeRADIUS XML-RPC Sync doesn't sync all configuration sections
Jim Pingle
02:13 PM pfSense Packages Bug #11582: FreeRADIUS XML-RPC Sync doesn't sync all configuration sections
fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/63 Viktor Gurov
09:25 AM pfSense Packages Bug #11582 (Resolved): FreeRADIUS XML-RPC Sync doesn't sync all configuration sections
Using the XML-RPC Sync feature of the FreeRADIUS package doesn't sync all configuration sections.
For example:
* ... Alexis Mestag
02:45 PM Bug #11581 (Pull Request Review): Cannot configure WAN IP address with ``/32`` CIDR mask via console menu
Jim Pingle
02:03 PM Bug #11581: Cannot configure WAN IP address with ``/32`` CIDR mask via console menu
Allow to enter /32 netmask and non-local gateway in the console menu:
https://gitlab.netgate.com/pfSense/pfSense/-/m... Viktor Gurov
09:21 AM Bug #11581 (Resolved): Cannot configure WAN IP address with ``/32`` CIDR mask via console menu
I logged in via the serial console and used the '2) Set interfaces(s) IP address' flow. That prompts for a WAN IP and... Ken Bass
02:37 PM Feature #11588 (New): Automatically suggest next IP address in Wireguard interface subnet when creating a peer
When creating a new WireGuard peer, we should suggest/pre-fill the AllowedIPs field with the next IP address in the W... Jim Pingle
02:28 PM Bug #11587 (Closed): WireGuard interfaces do not have data on traffic graphs
Moving over from NG 5522
Sending iperf3 traffic across a wireguard interface from a client on the LAN side to a se... Jim Pingle
02:25 PM Bug #11586: WireGuard panic when saving many times in a row
Textdump from one of the occurences Jim Pingle
02:24 PM Bug #11586: WireGuard panic when saving many times in a row
Parts of the backtrace are similar to #11585 but it's not an exact match. Jim Pingle
02:22 PM Bug #11586 (Not a Bug): WireGuard panic when saving many times in a row
Moving this over from NG 5538
There is still a lingering panic in WireGuard when saving on an interface, but it's ... Jim Pingle
02:25 PM Revision 7990de53: route_get() optimization. Fixes #11475
Viktor Gurov
02:24 PM Revision 490b5b48: Set correct DHCP failover peer IP on XMLRPC sync. Fixes #11519
Viktor Gurov
02:23 PM Revision e89e12e8: Move custom IPSEC NAT-T port settings to Advanced Options. Todo #11518
Viktor Gurov
02:23 PM Revision c08d270e: Set explicit-exit-notify to 1 for new OpenVPN Client instances. Implements #11521
Viktor Gurov
02:18 PM Revision 3939c0e3: IPsec Mobile users swanctl.conf fix. Issue #11564
Viktor Gurov
02:17 PM Revision 4a51b9cd: IPsec peer ID Any fix. Issue #11555
Viktor Gurov
02:17 PM Revision f4d883da: Cisco AVPair parse {clientip}. Fixes #11561
Viktor Gurov
02:16 PM Revision 44baf5a7: OpenVPN data-ciphers option length validation. Issue #11559
Viktor Gurov
02:15 PM Revision f725132e: OpenVPN ncp_enable checkbox fix. Issue #11554
Viktor Gurov
02:14 PM Revision a1fe8144: Restart unbound on interface recover. Fixes #11547
Viktor Gurov
02:13 PM Revision cfff0f35: IPsec VTI interfaces bootup fix. Issue #11537
Viktor Gurov
02:10 PM Revision 296c5881: WPA Enterprise PAP inner method support. Issue #2400
Viktor Gurov
02:06 PM pfSense Docs Correction #11584 (Resolved): Renaming Proxmox to Proxmox Virtual Environment or Proxmox VE
Fixed in https://gitlab.netgate.com/docs/pfSense-docs/-/commit/011d1208863cba0531065173fc63e93da09dcb2a Jim Pingle
01:58 PM pfSense Docs Correction #11584 (Resolved): Renaming Proxmox to Proxmox Virtual Environment or Proxmox VE
Received a request from Proxmox Marketing team to ensure we correctly use their mark in the documentation:
> May I... Jim Pingle
02:05 PM Revision 95e599a1: Show changed NAT timeouts on the system_advanced_firewall page. Issue #11565
Viktor Gurov
02:01 PM Revision 0e432655: Merge pull request #4504 from bashkarev/master
Renato Botelho
02:00 PM Revision f7e4e439: Merge pull request #4505 from woeperbe/patch-1
Renato Botelho
01:36 PM pfSense Packages Bug #11580 (Pull Request Review): FTP client proxy - source and destination bypass limitation
Jim Pingle
11:19 AM pfSense Packages Bug #11580: FTP client proxy - source and destination bypass limitation
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/62 Viktor Gurov
04:40 AM pfSense Packages Bug #11580 (Resolved): FTP client proxy - source and destination bypass limitation
Not able to use alias in Proxy Bypass: Source and Proxy Bypass: Destination.
I tried to manually add to config.xml a... Michal Kubin
01:24 PM Feature #7842 (Feedback): New Dynamic DNS Provider: Mythic-Beasts
Ronald Schellberg wrote:
> Viktor Gurov wrote:
> > Applied in changeset commit:fe6b125233f40f5919746b1cb90c39b459aa... Viktor Gurov
01:18 PM Bug #11583: dashboard nginx 504 Gateway time-out error
That could maybe happen with an excessively large log file size (downright huge if it's 59MB _compressed_) but ultima... Jim Pingle
12:26 PM Bug #11583: dashboard nginx 504 Gateway time-out error
I was finally able to login by deleting the filter.log.x.bz2 files in the /var/log directory. There were 6 of them an... Adam Esslinger
12:16 PM Bug #11583: dashboard nginx 504 Gateway time-out error
once I finally got logged in I see this in the system logs:
2021/03/01 13:12:17 [error] 88327#100711: *20 upstream... Adam Esslinger
12:15 PM Bug #11583 (Not a Bug): dashboard nginx 504 Gateway time-out error
There isn't enough information here to point to one specific issue and this site is not for support or diagnostic dis... Jim Pingle
11:59 AM Bug #11583 (Not a Bug): dashboard nginx 504 Gateway time-out error
Ever since upgrading to version 2.5 logging into the firewall takes a really long time. Once logged in and navigatin... Adam Esslinger
01:14 PM Bug #11187: WAN_DHCP6 down, but IPv6 actually works
Does pfSense track the changes to dhcp6c that are being made by Marjohn56 on the opn side? Not sure if this is direct... → luckman212
11:59 AM Revision 7b2bca91: Update services.inc
Corrects the error in the dynamic DNS widget
warning: array_combine(): both parameters should have an equal number of... Marc Buffet
11:22 AM Feature #11577: Syslog should not require binding to interface for remote logging
Ter Ted wrote:
> No, you have to bind to the port in order to receive events, not to send them. This is just a very ... Jim Pingle
11:14 AM Feature #11577: Syslog should not require binding to interface for remote logging
No, you have to bind to the port in order to receive events, not to send them. This is just a very basic concept for ... Ter Ted
07:36 AM Feature #11577 (Rejected): Syslog should not require binding to interface for remote logging
Binding to all interfaces is not binding to a specific interface ("All" is not "specific") and "All" is an option in ... Jim Pingle
10:21 AM pfSense Packages Bug #11575: OpenVPN clients cannot pass traffic when reconnecting using the same source port
adding _nobind_ fixes the problems with viscosity on mac big sur not reconnecting after a disconnect. It continues to... IT Support
09:58 AM Bug #11330: IGMP Proxy upgrade to latest version
I did experience the kernel panic/reboot/kernel panic continuous loop again during 2.5 DEV versions a few weeks ago, ... Patrick Monfette
04:58 AM Bug #11330: IGMP Proxy upgrade to latest version
I think that I am currently having the same issues with igmp proxy since upgrading to pfsense 2.5.0:
2.5.0-RELEASE... simon lock
08:35 AM Regression #11475: Route tables with many entries can lead to PHP errors and timeouts when looking up routes
Applied in changeset commit:7990de53bfc8267d1dd96636a175929a35cbe664. Viktor Gurov
08:25 AM Regression #11475 (Feedback): Route tables with many entries can lead to PHP errors and timeouts when looking up routes
PR has been merged. Thanks! Renato Botelho
08:30 AM Regression #11519: Incorrect DHCP failover IP address configured on peer after XMLRPC sync
Applied in changeset commit:490b5b480f1b46a6f93e0ba99fff578a61f3293c. Viktor Gurov
08:24 AM Regression #11519 (Feedback): Incorrect DHCP failover IP address configured on peer after XMLRPC sync
PR has been merged. Thanks! Renato Botelho
08:30 AM Feature #11521: Set Explicit Exit Notify to ``1`` by default for new OpenVPN client instances
Applied in changeset commit:c08d270edc1f7439de103a205cd2a4262c3eb22d. Viktor Gurov
08:23 AM Feature #11521 (Feedback): Set Explicit Exit Notify to ``1`` by default for new OpenVPN client instances
PR has been merged. Thanks! Renato Botelho
08:25 AM Regression #11561: ACLs generated from RADIUS reply attributes do not parse ``{clientip}`` macro
Applied in changeset commit:f4d883dadee6e339997b29f5b4623a88b190b840. Viktor Gurov
08:17 AM Regression #11561 (Feedback): ACLs generated from RADIUS reply attributes do not parse ``{clientip}`` macro
PR has been merged. Thanks! Renato Botelho
08:24 AM Todo #11518 (Feedback): Move custom IPsec NAT-T port settings to Advanced Options
PR has been merged. Thanks! Renato Botelho
08:20 AM Bug #11547: DNS Resolver does not bind to an interface when it recovers from a down state
Applied in changeset commit:a1fe814421904ca00b6a04431d62ba18dcebf607. Viktor Gurov
08:14 AM Bug #11547 (Feedback): DNS Resolver does not bind to an interface when it recovers from a down state
PR has been merged. Thanks! Renato Botelho
08:18 AM Regression #11564 (Feedback): strongSwan configuration always contains user EAP/PSK values
PR has been merged. Thanks! Renato Botelho
08:18 AM Regression #11555 (Feedback): IPsec peer ID of "Any" does not generate a proper remote definition or related secrets
PR has been merged. Thanks! Renato Botelho
08:16 AM Bug #11559 (Feedback): OpenVPN does not start with a long list of Data Encryption Algorithms
PR has been merged. Thanks! Renato Botelho
08:16 AM Bug #11554 (Feedback): Selected Data Encryption Algorithms list items reset when an input validation error occurs
PR has been merged. Thanks! Renato Botelho
08:14 AM Regression #11537 (Feedback): IPsec VTI tunnel between IPv6 peers may not configure correctly
PR has been merged. Thanks! Renato Botelho
08:11 AM Feature #2400 (Feedback): GUI options for WPA Enterprise with identity/password
PR has been merged. Thanks! Renato Botelho
08:07 AM Feature #11420 (Feedback): New Dynamic DNS Provider: Gandi LiveDNS IPv6
PR has been merged. Thanks! Renato Botelho
08:02 AM Feature #11420 (Pull Request Review): New Dynamic DNS Provider: Gandi LiveDNS IPv6
New PR to fix syntax error introduced by the previous PR:
https://github.com/pfsense/pfsense/pull/4505 Jim Pingle
08:00 AM Feature #11420: New Dynamic DNS Provider: Gandi LiveDNS IPv6
There is an error introduced by this change and fixed by https://github.com/pfsense/pfsense/pull/4505 Renato Botelho
08:07 AM Regression #11565 (Feedback): Saved state timeout values not loaded into GUI fields on system_advanced_firewall.php
PR has been merged. Thanks! Renato Botelho
08:01 AM Bug #11569 (Feedback): ACLs generated from RADIUS reply attributes have incorrect syntax
PR has been merged. Thanks! Renato Botelho
07:56 AM pfSense Packages Bug #11459 (Feedback): pfBlockerNG doesn't include WireGuard interface in outbound floating rules
PR has been merged. Thanks! Renato Botelho
07:52 AM pfSense Packages Feature #11560 (Feedback): add ena(4) to the list of INLINE mode (netmap) supported cards
PR has been merged. Thanks! Renato Botelho
07:51 AM pfSense Packages Feature #11533 (Feedback): add ena(4) to the list of INLINE mode (netmap) supported cards
PR has been merged to 2.6.0/21.05 snapshots and will be cherry-picked to stable branches together with last binary up... Renato Botelho
07:49 AM Regression #11550: Segmentation fault when loading ALTQ traffic shaping rules using FAIRQ
Have you tried only using FAIRQ instead of only using PRIQ? It's not clear from the symptom behavior if the problem i... Jim Pingle
01:13 AM Regression #11550: Segmentation fault when loading ALTQ traffic shaping rules using FAIRQ
Jim Pingle wrote:
> Not that it should cause a segfault, but why are you mixing FAIRQ, PRIQ, and HFSC?
I used PRI... Thorsten Zitterell
07:48 AM pfSense Packages Bug #11546 (Feedback): incorrect 'set as-path' command
PR has been merged. Thanks! Renato Botelho
07:48 AM pfSense Packages Bug #11517 (Feedback): Zebra Access List Names don't prevent spaces, but a whitespace in the name will stop FRR from starting
PR has been merged. Thanks! Renato Botelho
07:48 AM pfSense Packages Bug #11511 (Feedback): OSPF distribute List always empty
PR has been merged. Thanks! Renato Botelho
07:41 AM Feature #11562: Syslog should not require binding to interface for remote logging
It is true as worded ("Any" is not "a specific interface").
 Jim Pingle
12:02 AM Feature #11562: Syslog should not require binding to interface for remote logging
Jim Pingle wrote:
> It's to set the source address of the syslog traffic, not to bind the server. It's necessary for... Ter Ted
07:40 AM pfSense Packages Feature #10858 (Feedback): OpenVPN Client silent install
PR has been merged. Thanks! Renato Botelho
07:40 AM pfSense Packages Feature #11520 (Feedback): Add 'explicit-exit-notify' option by default
PR has been merged. Thanks! Renato Botelho
07:36 AM pfSense Packages Bug #11532 (Feedback): LCDproc service is not disabled
PR has been merged. Thanks! Renato Botelho
07:35 AM pfSense Packages Bug #11515 (Feedback): node_exporter 0.18.1_1 - Unable to interact or start the service from web ui
PR has been merged. Thanks! Renato Botelho
05:46 AM Bug #11464: Requests to ``ews.netgate.com`` do not honor proxy configuration
Steve Beaver wrote:
> Applied in changeset commit:2cb3c56db2366c9cadb04757bd3143ea0d7e7378.
I can confirm that th... Florian Apolloner
03:26 AM pfSense Packages Feature #11579 (New): Snort alerts or blocks trigger notifications
I use the default pfSense notifications under System -> Advanced -> Notifications, and I'd love to be able to receive... Offstage Roller
02:06 AM pfSense Plus Regression #11444: SG-3100 doesn't pass traffic after upgrade to 21.02
Let me share some of mny observartions in the last 3 days.
* hw.ncpu=unset, all non default Packages diabled = Sta... Marco Goetze

02/28/2021

11:58 PM Feature #11577 (Rejected): Syslog should not require binding to interface for remote logging
As of now, it is not possible to log to remote server without binding syslog to local interface. This shouldn't be re... Ter Ted
11:24 PM Bug #11454: Gateway value for DHCP6 interfaces missing after RA events triggered script without gateway information
UPDATE:
Here is a diff of my changes to /etc/inc/interfaces.inc
 Greg Shaffer
08:47 PM Bug #11454: Gateway value for DHCP6 interfaces missing after RA events triggered script without gateway information
I noticed that both /tmp/em0_routerv6 and /tmp/em0_defaultgwv6 were empty while the ipv4 versions had the valid route... Greg Shaffer
02:52 PM Bug #11454: Gateway value for DHCP6 interfaces missing after RA events triggered script without gateway information
If ManagedConfigFlag is set in rtsold, managedconf_script (-M) will execute instead of otherconf_script (-O)
pfsen... Tim Dunn
10:28 AM Bug #11454: Gateway value for DHCP6 interfaces missing after RA events triggered script without gateway information
Michael Virgilio wrote:
> but routing is working. Without specifying a monitoring address, the status on the dashbo... Steve Y
09:45 PM pfSense Packages Bug #11572: Auto created firewall rules have IPv4 as protocol only - even for IPv6 lists.
Please update to pfBlockerNG-devel, as pfBlockerNG is not receiving many updates. This issue is resolved in devel. BBcan177 .
04:19 AM pfSense Packages Bug #11572 (New): Auto created firewall rules have IPv4 as protocol only - even for IPv6 lists.
Using any IPv6 list in pfblocker-ng "IPv6 settings" tab results in a firewall rule with the protocol set to IPv4. Thi... Dave Tickem
04:17 PM pfSense Packages Bug #11575: OpenVPN clients cannot pass traffic when reconnecting using the same source port
OpenVPN 2.5.1 does not appear to make a difference for this. I built a package for FreeBSD and loaded it, as well as ... Jim Pingle
11:15 AM pfSense Packages Bug #11575 (Resolved): OpenVPN clients cannot pass traffic when reconnecting using the same source port
If an OpenVPN client reconnects immediately after disconnecting, in certain cases it cannot pass traffic.
This app... Jim Pingle
04:13 PM Bug #7801: UDP fragments received over IPsec tunnel are not properly reassembled and forwarded
I hit the same issue with EAP-TLS (Wireless authentication) UDP fragmented packages from AP to NPS (Radius) server no... Rai Wol
11:56 AM Feature #11576 (Closed): IPsec GUI option to control Child SA ``start_action``
Currently we set the child SA start option automatically depending on a few different factors, but it would be nice t... Jim Pingle
11:08 AM pfSense Packages Todo #11574 (Duplicate): Add "nobind" to exported OpenVPN configurations by default
Remote access OpenVPN clients should be using @nobind@ in their configurations so they use a random port and appropri... Jim Pingle
09:23 AM Bug #11541 (New): OpenVPN status does not work properly when set to TCP and Concurrent Connections = 1
I can replicate that here now even on Remote Access (not P2P) so it appears to be a limitation in OpenVPN itself when... Jim Pingle
09:10 AM Bug #11541: OpenVPN status does not work properly when set to TCP and Concurrent Connections = 1
Not that I'd expect that to cause a problem, but why would you set that to 1? It doesn't make much sense.
If you don... Jim Pingle
03:31 AM Bug #11541: OpenVPN status does not work properly when set to TCP and Concurrent Connections = 1
I've found that if I set the 'Concurrent connections' value to anything greater than 1, my client is now shown in the... Ryan Fitton
09:06 AM pfSense Packages Feature #11573: Custom Commands
That wouldn't be something we'd consider for the base system, but we might consider it if someone wanted to make a pa... Jim Pingle
07:17 AM pfSense Packages Feature #11573 (New): Custom Commands
Ability to store custom commands on pfsense, and able to run them from same page.
For example storing this command... Manjot Singh
06:49 AM Todo #10464: Don't change the current update repo when new releases are available
At least now I can't reproduce the spontaneous upgrade, which is good in this case, I suppose. I'm sorry if I was spr... Christian Ullrich

02/27/2021

09:21 PM Revision 321fbbdb: Fixed bug parsing netmask cisco acl
Dmitry Bashkarev
07:55 PM pfSense Packages Bug #10429: Status Traffic Total broken 2.4.5
The patch provided by me above with the instructions works to fix it on 2.4.5, or, you can also update to 2.5.0 which... Chris R
07:53 PM pfSense Packages Bug #10429: Status Traffic Total broken 2.4.5
hello guys.
has this been fixed in 4.5? Andres Mora
06:38 PM Feature #7842 (New): New Dynamic DNS Provider: Mythic-Beasts
Jim Pingle
06:24 PM Feature #7842: New Dynamic DNS Provider: Mythic-Beasts
Viktor Gurov wrote:
> Applied in changeset commit:fe6b125233f40f5919746b1cb90c39b459aa39fd.
The commit looks righ... Ronald Schellberg
05:00 PM Bug #11571 (Rejected): Spoofing MAC address on a WAN interface causes erratic behaviour when using an L2TP tunnel on the spoofed interface
The details here don't quite line up -- please start a forum thread to discuss and diagnose this problem in more deta... Jim Pingle
04:38 PM Bug #11571 (Rejected): Spoofing MAC address on a WAN interface causes erratic behaviour when using an L2TP tunnel on the spoofed interface
I use an L2TP tunnel by Andrews and Arnolds here in the UK, as allows for access to their network without being a ful... Aman Halai
04:49 PM Regression #11570: Gateway monitoring services is not always restarted on interface events, which may prevent a WAN from recovering back to an online state
I forgot to mention... this does problem only seems to occur when you fail the main by way of unplugging the WAN inte... M L
03:40 PM Regression #11570 (Closed): Gateway monitoring services is not always restarted on interface events, which may prevent a WAN from recovering back to an online state
Good evening. This seems to be a new bug in 2.5, and was not a problem in 2.4. In gateway group configured for main... M L
03:41 PM Regression #11565 (Pull Request Review): Saved state timeout values not loaded into GUI fields on system_advanced_firewall.php
Jim Pingle
09:05 AM Regression #11565: Saved state timeout values not loaded into GUI fields on system_advanced_firewall.php
fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/164 Viktor Gurov
08:50 AM Regression #11565 (Closed): Saved state timeout values not loaded into GUI fields on system_advanced_firewall.php
In system -> advanced -> Firewall & NAT
UDP timeouts are not saved. Sometimes after setting, they show up correctl... Viktor Gurov
03:40 PM Regression #11564 (Pull Request Review): strongSwan configuration always contains user EAP/PSK values
The pre-shared key tab entries have uses with site-to-site tunnels they aren't solely for mobile setups.
EAP entri... Jim Pingle
08:37 AM Regression #11564: strongSwan configuration always contains user EAP/PSK values
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/163 Viktor Gurov
08:07 AM Regression #11564 (Closed): strongSwan configuration always contains user EAP/PSK values
/var/etc/ipsec/swanctl.conf always contains users eap/psk keys:... Viktor Gurov
03:31 PM Regression #11555 (Pull Request Review): IPsec peer ID of "Any" does not generate a proper remote definition or related secrets
Jim Pingle
06:39 AM Regression #11555: IPsec peer ID of "Any" does not generate a proper remote definition or related secrets
fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/162 Viktor Gurov
03:18 PM Bug #11548 (New): "rule expands to no valid combination" error from port forward automatic rule mixing IPv4 and IPv6 elements
It could be a case where the invalid rule is generated when the interface doesn't have IPv4 configured yet. I thought... Jim Pingle
05:19 AM Bug #11548: "rule expands to no valid combination" error from port forward automatic rule mixing IPv4 and IPv6 elements
still unable to reproduce, works fine for me (pppoe0 is vtnet2 with DHCP6):... Viktor Gurov
03:39 AM Bug #11548: "rule expands to no valid combination" error from port forward automatic rule mixing IPv4 and IPv6 elements
Jonas Libbrecht wrote:
> When I look at the /tmp/rules.debug at this moment. I see the (recreated) rule in question ... Jonas Libbrecht
03:37 AM Bug #11548: "rule expands to no valid combination" error from port forward automatic rule mixing IPv4 and IPv6 elements
When I look at the /tmp/rules.debug at this moment. I see the (recreated) rule in question has been assigned a privat... Jonas Libbrecht
03:24 AM Bug #11548: "rule expands to no valid combination" error from port forward automatic rule mixing IPv4 and IPv6 elements
Jim Pingle wrote:
> It's not the port range or NAT reflection, it's the fact that the rule says @inet6@ and uses an ... Jonas Libbrecht
03:14 PM Bug #11569 (Pull Request Review): ACLs generated from RADIUS reply attributes have incorrect syntax
I thought this got fixed with #10803 but apparently not. Jim Pingle
03:07 PM Bug #11569: ACLs generated from RADIUS reply attributes have incorrect syntax
Ready for review: https://github.com/pfsense/pfsense/pull/4504 Dmitry Bashkarev
02:59 PM Bug #11569 (Resolved): ACLs generated from RADIUS reply attributes have incorrect syntax
FreeRADIUS ACLs:... Dmitry Bashkarev
03:05 PM Feature #11562 (Rejected): Syslog should not require binding to interface for remote logging
It's to set the source address of the syslog traffic, not to bind the server. It's necessary for things like tunnel m... Jim Pingle
03:27 AM Feature #11562 (Rejected): Syslog should not require binding to interface for remote logging
As of now, it is not possible to log to remote server without binding syslog to local interface. This shouldn't be re... Ter Ted
03:02 PM Regression #11561 (Pull Request Review): ACLs generated from RADIUS reply attributes do not parse ``{clientip}`` macro
Jim Pingle
02:00 AM Regression #11561: ACLs generated from RADIUS reply attributes do not parse ``{clientip}`` macro
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/161 Viktor Gurov
01:51 AM Regression #11561 (Closed): ACLs generated from RADIUS reply attributes do not parse ``{clientip}`` macro
Template variable "{clientip}" that is replaced with the connecting clients VPN IP (#9206) is not parsed:... Viktor Gurov
02:53 PM Bug #11541: OpenVPN status does not work properly when set to TCP and Concurrent Connections = 1
I don't see any significant differences in the status output contents other than the TCP version you printed has a lo... Jim Pingle
02:47 PM Bug #11541: OpenVPN status does not work properly when set to TCP and Concurrent Connections = 1
Yes, still the same result when the system has had a full reboot.
I've also installed a fresh copy of pfSense 2.5 ... Ryan Fitton
05:33 AM Bug #11541: OpenVPN status does not work properly when set to TCP and Concurrent Connections = 1
Ryan Fitton wrote:
> Also, I should mention when running 'nc -U /var/etc/openvpn/server2/sock' in TCP mode; it takes... Viktor Gurov
05:10 AM Bug #11541: OpenVPN status does not work properly when set to TCP and Concurrent Connections = 1
Also, I should mention when running 'nc -U /var/etc/openvpn/server2/sock' in TCP mode; it takes up to 1 minute for th... Ryan Fitton
05:07 AM Bug #11541: OpenVPN status does not work properly when set to TCP and Concurrent Connections = 1
I can confirm the system location for this server is, /var/etc/openvpn/server2/. Based on the commands you sent; the ... Ryan Fitton
02:48 PM Bug #11559 (Pull Request Review): OpenVPN does not start with a long list of Data Encryption Algorithms
Jim Pingle
12:20 AM Bug #11559: OpenVPN does not start with a long list of Data Encryption Algorithms
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/160 Viktor Gurov
12:03 AM Bug #11559 (Closed): OpenVPN does not start with a long list of Data Encryption Algorithms
If you select too many data ciphers OpenVPN won't start:... Viktor Gurov
02:45 PM Regression #11550: Segmentation fault when loading ALTQ traffic shaping rules using FAIRQ
Not that it should cause a segfault, but why are you mixing FAIRQ, PRIQ, and HFSC?
Does the crash happen if all yo... Jim Pingle
02:42 PM pfSense Packages Feature #11560 (Pull Request Review): add ena(4) to the list of INLINE mode (netmap) supported cards
Jim Pingle
12:30 AM pfSense Packages Feature #11560: add ena(4) to the list of INLINE mode (netmap) supported cards
https://github.com/pfsense/FreeBSD-ports/pull/1047 Viktor Gurov
12:22 AM pfSense Packages Feature #11560 (Resolved): add ena(4) to the list of INLINE mode (netmap) supported cards
add ena(4) to the list of INLINE mode (netmap) supported cards (pfSense 2.5/21.02)
see https://github.com/pfsense/... Viktor Gurov
02:38 PM Regression #11568 (Resolved): Alias name change is not reflected in firewall rules
Already fixed in NG 5685 and commit:6ecf793e0f4a5c3922c5c00a087a1adea104e50a (master) commit:585e7567d0e308ce440ff1b0... Jim Pingle
02:13 PM Regression #11568 (Resolved): Alias name change is not reflected in firewall rules
To reproduce the issue:
- Create an alias ( ip or port )
- Make a firewall rule containing the alias ( source or ... Vendel Cseh
01:55 PM Bug #4521: OpenVPN authentication and certificate validation fail due to size of data passed through ``fcgicli``
Replacing fcgicli with php-cgi works for me as well when using self generated cert, intermediate and root CA with len... Rick Frey
01:34 PM Todo #10464: Don't change the current update repo when new releases are available
[First off: This bug currently has priority "low". I suggest raising it to "RED ALERT!"]
Just a quick update: I wr... Christian Ullrich
12:30 PM pfSense Packages Feature #11567 (New): Email report add a note filed request
I think for the email reports it'd be highly useful to have a note filed added.
Here is a use case:
Say a user ... Yuri Weinstein
10:05 AM pfSense Packages Bug #11449: BIND fails during/after upgrade to 21.02/2.50
Hello team,
Any idea when this will be ported to armv7 arch (Netgate SG-3100)?
https://pkg.freebsd.org/FreeBSD... Tchello Mello
03:37 AM pfSense Packages Bug #11449: BIND fails during/after upgrade to 21.02/2.50
manual installation of the latest BIND version fixes the issue:... Viktor Gurov
10:01 AM Bug #11566 (Resolved): Firewall Maximum Table Entries "default size" is whatever is entered
On at least 2.4.5 and 2.5, Firewall Maximum Table Entries has text "On this system the default size is: 2000000." Wh... Steve Y
09:41 AM Feature #11125 (Resolved): Kernel module for RTL8153 driver
Looks good. Module is present and loads correctly:... Steve Wheeler
07:46 AM Bug #11387 (Resolved): Interfaces page displays MAC Address field for interfaces which do not support L2
Tested on the latest release. It looks fine. Ticket resolved. Danilo Zrenjanin
07:11 AM pfSense Packages Bug #11563 (Confirmed): BIND GUI writes TXT records > 255 characters
System: Netgate SG-3100, 2.4.5_1 (I checked the "git log":https://github.com/pfsense/FreeBSD-ports/commits/6209a37396... Bill McGonigle
06:40 AM Bug #11489 (Resolved): Invalid certificate data can cause a PHP error
Danilo Zrenjanin
06:35 AM Bug #11514 (Resolved): Renewing a self-signed CA or certificate does not update the serial number
Tested on the latest release.
Renewed certificate got a new serial number. It works as expected. Ticket resolved. Danilo Zrenjanin
03:01 AM pfSense Packages Bug #11182: NRPE in HA syncs the bind IP
I can confirm that behaviour as well as 2.4.5p1 and 2.5 Pim Pish
02:23 AM pfSense Packages Feature #10739: Update HAproxy-devel package to 2.2 and HAproxy to 2.0
And another point "Health Check Overhaul - now multiply healtchecks are possible for one backend so changes must be u... DRago_Angel [InV@DER]
02:22 AM pfSense Packages Bug #11491: haproxy-devel v0.62_2 - startup error 'httpchk'
Because now correct syntax is another:
https://cbonte.github.io/haproxy-dconv/2.2/configuration.html#4.2-http-check%... DRago_Angel [InV@DER]

02/26/2021

10:52 PM pfSense Packages Bug #11477: FRR does not recognize some BFD options
looks ,FRR 7.5 does not have "default" and "label' options
pfSense.home.arpa(config-bfd-peer)#
detect-multiplie... Alhusein Zawi
05:18 PM Bug #11557: OpenVPN fails in tls-validate after upgrading to PfSense 2.5
It's not the cert subject per se but the underlying issue of the data from OpenVPN not passing through fcgicli to PHP... Jim Pingle
05:02 PM Bug #11557: OpenVPN fails in tls-validate after upgrading to PfSense 2.5
I had the error fixed by setting a fixed "Certificate Depth" (check_depth=2) instead of looping over the sequence. I ... Fold right
01:24 PM Bug #11557 (Duplicate): OpenVPN fails in tls-validate after upgrading to PfSense 2.5
Same root cause as #4521 (and a couple other similar issues that already exist)
 Jim Pingle
01:23 PM Bug #11557 (Duplicate): OpenVPN fails in tls-validate after upgrading to PfSense 2.5
If OpenVPN server is configured with a "Certificate Depth" higher than 1, the _/usr/local/sbin/ovpn_auth_verify_ will... Fold right
05:10 PM Bug #4521: OpenVPN authentication and certificate validation fail due to size of data passed through ``fcgicli``
Nice! Thank you! Worked for me :)
// RESULT=$(/usr/local/sbin/fcgicli -f /etc/inc/openvpn.tls-verify.php -d "se... Robert Rumold
08:42 AM Bug #4521: OpenVPN authentication and certificate validation fail due to size of data passed through ``fcgicli``
Rick Frey wrote:
> Ran into this issue after updating pfsense (+) to 21.02 so appears problem still exists in latest... Viktor Gurov
03:10 PM Bug #11558 (Duplicate): WireGuard Panic
Same backtrace as #11538 Jim Pingle
02:43 PM Bug #11558 (Duplicate): WireGuard Panic
Hello,
While working today, my router randomly crashed and generated a crash report.
During this crash the web inte... Nick M
01:08 PM pfSense Packages Bug #11546: incorrect 'set as-path' command
No need for that, just pick "Set prepend" in the drop-down instead of "Set". The "Set" option is not in FRR now, but ... Jim Pingle
01:05 PM pfSense Packages Bug #11546: incorrect 'set as-path' command
work around:
- Copy commands: "set as-path 65001"
- add "prepend" : set as-path prepend 65001
- go to Service... Alhusein Zawi
07:33 AM pfSense Packages Bug #11546 (Pull Request Review): incorrect 'set as-path' command
Jim Pingle
12:55 AM pfSense Packages Bug #11546: incorrect 'set as-path' command
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/61 Viktor Gurov
12:18 AM pfSense Packages Bug #11546 (Resolved): incorrect 'set as-path' command
If you create a route map with AS Path Option = Set, an error will occur:... Viktor Gurov
01:05 PM Feature #11556: Kill states using the pre-NAT address
Correcting the category and subject
The ask here is for a way to kill based on the NAT address in the state instea... Jim Pingle
01:01 PM Feature #11556 (Resolved): Kill states using the pre-NAT address

Assume you have an external IP XXX
And an OpenVPN net 192.168.200.0/0
After OpenVPN client connects it gets a... Yuri Weinstein
12:50 PM Bug #9270: "Remove all states to and from the filtered address" does not remove all states
That's a different problem since it's a NAT address and not the final source or destination. Unrelated to this. I'm ... Jim Pingle
12:48 PM Bug #9270: "Remove all states to and from the filtered address" does not remove all states
Not sure if this should be added as a new issue
Assume you have an external IP XXX
And an OpenVPN net 192.168.200... Yuri Weinstein
12:33 PM Regression #11555 (Closed): IPsec peer ID of "Any" does not generate a proper remote definition or related secrets
When a peer identifier is set to "Any" the resulting swanctl.conf @remote@ block does not contain an @id@ line. Accor... Jim Pingle
11:47 AM Bug #11553: Unbound does not restart properly sometimes when DHCP Registration is enabled
Some additional info:
To work around the issue in this case this was reported from, one can do either of the follo... Marcos M
10:26 AM Bug #11553 (Duplicate): Unbound does not restart properly sometimes when DHCP Registration is enabled
Not specific to Plus.
The core of this is already covered by #5413 -- there may be some other Unbound bug beyond t... Jim Pingle
09:17 AM Bug #11553 (Duplicate): Unbound does not restart properly sometimes when DHCP Registration is enabled
Running the latest unbound (1.13.1) with the DHCP Registration setting enabled where DHCP entries get inserted in the... Kris Phillips
11:10 AM pfSense Packages Bug #11375 (New): UPS Type <BLANK> for USB APC
Viktor Gurov
11:07 AM Bug #11554 (Pull Request Review): Selected Data Encryption Algorithms list items reset when an input validation error occurs
Jim Pingle
11:01 AM Bug #11554: Selected Data Encryption Algorithms list items reset when an input validation error occurs
fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/159 Viktor Gurov
10:34 AM Bug #11554 (Closed): Selected Data Encryption Algorithms list items reset when an input validation error occurs
How to reproduce:
1) Open OpenVPN instance for editing
2) Make any input error
3) Fix it and save
Now Data Ci... Viktor Gurov
10:57 AM Bug #11552 (Confirmed): Incorrect phase 2 entry removed when deleting multiple items consecutively
Confirmed here.
Test 1:
Made 6 P2 entries: 0 1 2 3 4 5
Deleted "1" P2: 0 2 3 4 5
Deleted "3" P2: 0 2 3 5
T... Jim Pingle
08:40 AM Bug #11552 (Resolved): Incorrect phase 2 entry removed when deleting multiple items consecutively
I had a phase1 entry with 6 phase2 entries. 3 of the phase2 entries were for tunnels to LAN and the other 3 were for... Dave Roberts
10:47 AM Bug #11547 (Pull Request Review): DNS Resolver does not bind to an interface when it recovers from a down state
Jim Pingle
10:02 AM Bug #11547: DNS Resolver does not bind to an interface when it recovers from a down state
rare issue, but could be fixed:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/158 Viktor Gurov
08:05 AM Bug #11547: DNS Resolver does not bind to an interface when it recovers from a down state
Ok thanks. Looks like setting it to "All" works for now. This behavior is new with the latest pfsense update. Never h... Frank Gouton
07:55 AM Bug #11547: DNS Resolver does not bind to an interface when it recovers from a down state
It's not a significant concern or it wouldn't be the default behavior. Both the firewall rules AND unbound ACLs preve... Jim Pingle
07:46 AM Bug #11547: DNS Resolver does not bind to an interface when it recovers from a down state
The option "All" includes the WAN interface too. Wouldn't it be a security risk to open the unbound port on the wan i... Frank Gouton
07:21 AM Bug #11547 (New): DNS Resolver does not bind to an interface when it recovers from a down state
Jim Pingle
07:21 AM Bug #11547 (Not a Bug): DNS Resolver does not bind to an interface when it recovers from a down state
This is very similar to #11087 -- Seems like you have specific interfaces selected for the resolver to use, and unbou... Jim Pingle
12:40 AM Bug #11547: DNS Resolver does not bind to an interface when it recovers from a down state
I'm made a mistake selecting the version. It's the latest stable version 2.5. Can you fix that please? Frank Gouton
12:38 AM Bug #11547 (Closed): DNS Resolver does not bind to an interface when it recovers from a down state
Unbound doesn't open a listening socket for an interface that has no active device. If you connect a device later it ... Frank Gouton
10:46 AM Bug #11541: OpenVPN status does not work properly when set to TCP and Concurrent Connections = 1
There may be some specific value in your OpenVPN status output tripping it up but debugging that is a little trickier... Jim Pingle
10:38 AM Bug #11541: OpenVPN status does not work properly when set to TCP and Concurrent Connections = 1
Hello,
Thankyou for both your quick replies.
In regards to your questions:
* "Are there any custom options def... Ryan Fitton
01:14 AM Bug #11541: OpenVPN status does not work properly when set to TCP and Concurrent Connections = 1
Unable to reproduce
TCP/UDP modes, Shared Key / SSL/TLS - I can always see the client connection on the Status / Op... Viktor Gurov
10:27 AM Bug #10624: Memory leak in Unbound with Python module and DHCP lease registration active
This would likely be fixed by also solving #5413 since it wouldn't restart in this case. Though the actual memory lea... Jim Pingle
09:33 AM pfSense Packages Feature #9238: Add support for Zerotier
@Netgate - Any chance this could be added to 2.5 ? Corey Boyle
09:07 AM Todo #11426 (Resolved): Deprecate old cryptographic accelerator hardware which is not viable on modern systems
Removed from 2.6.0
pfSense 2.4.5-p1:... Viktor Gurov
08:51 AM pfSense Packages Bug #11551: SG-3100 with pfBlockerNG doesn't pass traffic
Jim Pingle wrote:
> The PHP segfault may be similar to, or the same as, #11466
I definitely agree. Something weir... Bill Meeks
08:28 AM pfSense Packages Bug #11551: SG-3100 with pfBlockerNG doesn't pass traffic
The PHP segfault may be similar to, or the same as, #11466 Jim Pingle
08:15 AM pfSense Packages Bug #11551 (Closed): SG-3100 with pfBlockerNG doesn't pass traffic
SG-3100 appliance doesn't pass traffic on boot and I see error messages in `dmesg`:... Viktor Gurov
08:09 AM Regression #11550: Segmentation fault when loading ALTQ traffic shaping rules using FAIRQ
Jim Pingle wrote:
> Can you attach the config.xml entries for the shaper? It would help to see the queue settings an... Thorsten Zitterell
07:52 AM Regression #11550 (Feedback): Segmentation fault when loading ALTQ traffic shaping rules using FAIRQ
Unlikely that this is specific to Plus.
Can you attach the config.xml entries for the shaper? It would help to see... Jim Pingle
07:31 AM Regression #11550 (Resolved): Segmentation fault when loading ALTQ traffic shaping rules using FAIRQ
I have upgraded from 2.4.5p1 to 21.02/21.02p1 on my SG-4860.
Following traffic shaper rule causes an segmentation ... Thorsten Zitterell
08:01 AM Regression #11537 (Pull Request Review): IPsec VTI tunnel between IPv6 peers may not configure correctly
Jim Pingle
07:50 AM Regression #11537: IPsec VTI tunnel between IPv6 peers may not configure correctly
same issue with IPv4 VTI:... Viktor Gurov
07:48 AM Bug #11549 (Duplicate): DHCP relay not work behind gateway
Duplicate of #11523 Jim Pingle
07:31 AM Bug #11549 (Duplicate): DHCP relay not work behind gateway
Hello,
We have 2 XG-7100 and DHCP relay is working on multiple interfaces. Before upgrade (2.4.5_1), all worked fi... Anonymous
07:47 AM Bug #11548: "rule expands to no valid combination" error from port forward automatic rule mixing IPv4 and IPv6 elements
It's not the port range or NAT reflection, it's the fact that the rule says @inet6@ and uses an IPv6 gateway in reply... Jim Pingle
06:28 AM Bug #11548 (Feedback): "rule expands to no valid combination" error from port forward automatic rule mixing IPv4 and IPv6 elements
Jonas Libbrecht wrote:
> There were error(s) loading the rules: /tmp/rules.debug:245: rule expands to no valid combi... Viktor Gurov
01:49 AM Bug #11548: "rule expands to no valid combination" error from port forward automatic rule mixing IPv4 and IPv6 elements
Reddit post: https://www.reddit.com/r/PFSENSE/comments/loir4n/bug_pfsense_goes_in_denyall_after_upgrade_from/ Jonas Libbrecht
01:48 AM Bug #11548 (Closed): "rule expands to no valid combination" error from port forward automatic rule mixing IPv4 and IPv6 elements
After a upgrade from 2.4.5 (pfsense FE) to 21.02 (the new pfsense+), the router (Netgate SG-4860) goes on all network... Jonas Libbrecht
07:41 AM Regression #11545: Primary interface address is not always used when VIPs are present
Sounds more like a new variation or regression of #3997
Doubtful that this is specific to Plus, so moving to pfSense. Jim Pingle
01:00 AM Regression #11545: Primary interface address is not always used when VIPs are present
Could be the same issue as #5999 (service takes the first IP address on the interface, instead of a non-VIP address) Viktor Gurov
07:36 AM pfSense Plus Regression #11444: SG-3100 doesn't pass traffic after upgrade to 21.02
Marco Goetze wrote:
> Question: Was 21.02.p1 just a quick fix addind a cpu limit to laoder.conf or was the membar al... Jim Pingle
05:42 AM pfSense Plus Regression #11444: SG-3100 doesn't pass traffic after upgrade to 21.02
What Viktor mentioned could be a reason. In my tested and still failing SG-3100 it also used the pfBlockerNG-dev pack... Marco Goetze
04:18 AM pfSense Plus Regression #11444: SG-3100 doesn't pass traffic after upgrade to 21.02
same issue after upgrading to 21.02-p1:... Viktor Gurov
02:41 AM pfSense Plus Regression #11444: SG-3100 doesn't pass traffic after upgrade to 21.02
After the Problem occurred first time I applied the quick fix setting to 1 CPU in the loader.conf > hw.ncpu=1
Now ... Marco Goetze
05:24 AM Bug #11149: DHCP relay won't start with DHCP server behind gateway
John Cinuy wrote:
> I have the same problem after an upgrade with our XG 7100 with 21.02-RELEASE-p1
> The DHCP ser... Mark Lavrijsen
01:04 AM Bug #11149 (Duplicate): DHCP relay won't start with DHCP server behind gateway
see #11523 Viktor Gurov

02/25/2021

11:32 PM Bug #9643: Limiters do not function properly on 2.5 snapshots
I believe I have the same issue, I just upgraded from 2.4.5 to 2.5.0 and upload queues are empty.
I also use multi-W... Ashus CZ
11:20 PM pfSense Docs Todo #11536: Feedback on Virtual Private Networks — OpenVPN — Controlling Client Parameters via RADIUS
+ add info about '{clientip}' template variable (#9206) Viktor Gurov
09:57 AM pfSense Docs Todo #11536 (Closed): Feedback on Virtual Private Networks — OpenVPN — Controlling Client Parameters via RADIUS
*Page:* https://docs.netgate.com/pfsense/en/latest/vpn/openvpn/client-parameters-radius.html
*Feedback:*
Parame... Viktor Gurov
09:20 PM Regression #11545: Primary interface address is not always used when VIPs are present
This appears to be a more general issue that can affect IPSec.
In some situations the interface can start to use a... Steve Wheeler
09:15 PM Regression #11545 (Resolved): Primary interface address is not always used when VIPs are present
If you have IP Aliases on a WAN interface that a Site to Site IPSec tunnel is riding over and upgrade from 2.4.5p1 to... Kris Phillips
08:34 PM Regression #11524: Using SHA1 or SHA256 with AES-NI may fail if AES-NI attempts to accelerate hashing
To addto the above: looks like TAC had one that was Plus 21.02 on an XG-7100 on one side and Azure VPN on the other. ... Chris Linstruth
08:31 PM Regression #11524: Using SHA1 or SHA256 with AES-NI may fail if AES-NI attempts to accelerate hashing
Interesting point to mention related to IPSec: If you lower the subnet size to something like a /30 this issue takes ... Kris Phillips
08:26 PM Regression #11524: Using SHA1 or SHA256 with AES-NI may fail if AES-NI attempts to accelerate hashing
This also affects Site to Site VPN tunnels. Please reference internal ticket 76224 for another example of this bug c... Kris Phillips
07:43 PM Regression #11316: Unbound crashes with signal 11 when reloading
Having segfault crashes on 1.13.1:
https://forum.netgate.com/topic/161372/2-5-0-unbound-1-13-1-exited-on-signal-8-... Christian Borchert
07:04 PM Regression #11316: Unbound crashes with signal 11 when reloading
It is normal for Unbound to restart often when DHCP hostname registration is on. This bug is only for the actual cras... Jim Pingle
07:03 PM Regression #11316: Unbound crashes with signal 11 when reloading
Registered just to add to this as DNS is quite important part of the network and needs to be fixed.
I am too having ... Vaidotas Butkus
04:47 PM Regression #11316: Unbound crashes with signal 11 when reloading
I was seeing unbound simply die about once a day since upgrading to 2.5.0-RELEASE. No info as to why in the service's... Scott B
11:46 AM Regression #11316: Unbound crashes with signal 11 when reloading
No need for that now, it's live in the 21.02 repository now that 21.02-p1 has been released to address SG-3100 stabil... Jim Pingle
10:29 AM Regression #11316: Unbound crashes with signal 11 when reloading
On 21.02, in the meantime, the following will upgrade unbound:... Marcos M
06:50 PM Bug #11542 (Rejected): Openvpn does not work correctly after updating to version 2.5.0
There isn't enough information here to suggest it's a bug in pfSense. Please post on the forum to discuss and diagnos... Jim Pingle
04:37 PM Bug #11542: Openvpn does not work correctly after updating to version 2.5.0
openvpn log in atach itfabrica Tech
04:05 PM Bug #11542 (Rejected): Openvpn does not work correctly after updating to version 2.5.0
Good day!
After updating from version 2.4.5-RELEASE-p1 to version 2.5.0, openvpn does not work correctly.
The first... itfabrica Tech
06:49 PM Bug #11544 (Rejected): DHCP relay won't start after upgrade 21.02
There isn't enough information here to classify it as a bug. Post on the forum to diagnose the issue and ensure it is... Jim Pingle
05:49 PM Bug #11544 (Rejected): DHCP relay won't start after upgrade 21.02
I have a problem after an upgrade with our XG 7100 with 21.02-RELEASE-p1
The DHCP server is in another subnet and th... John Cinuy
06:47 PM Revision 2169112c: Basic fiurewall_NAT MVC conversion
Steve Beaver
06:36 PM Bug #11365: dhcpv6 cannot push ipv6 gateway address
pf2.4.5 setup /48 lan is work, and setup in linux is work too. pf2.5 seems is can't work /48.
bgp can only be bro... yon Liu
12:32 PM Bug #11365 (Not a Bug): dhcpv6 cannot push ipv6 gateway address
You would never use a /48 _on an interface_. You can advertise a /48 in BGP without putting a /48 directly on an inte... Jim Pingle
12:08 PM Bug #11365: dhcpv6 cannot push ipv6 gateway address
RDVD log show not allow use /48 ipv6 in LAN interface, but i running bgp must use /48 or above prefixes in LAN interf... yon Liu
11:57 AM Bug #11365: dhcpv6 cannot push ipv6 gateway address
Jim Pingle wrote:
> I can't reproduce this here. radvd is running, clients on LAN get an IPv6 gateway and full conne... yon Liu
11:46 AM Bug #11365: dhcpv6 cannot push ipv6 gateway address

sometime, my devices get ipv6 getways address, but ipv6 still can't normal go to internet, use traceroute show ipv6... yon Liu
05:45 PM Bug #11149: DHCP relay won't start with DHCP server behind gateway
I have the same problem after an upgrade with our XG 7100 with 21.02-RELEASE-p1
The DHCP server is in another subne... John Cinuy
05:12 PM pfSense Packages Bug #11543 (Duplicate): SquidGuard 1.16.18_15 - returning wrong page
I have configurate squid+ squidguard, with autentication ldap, after Renato fixed problem with ldap filter.
So anoth... Robson Ferreira
04:01 PM pfSense Plus Bug #11466: PHP exits with signal 11 on SG-3100 when calling PCRE functions
Another day of frustrating, but ultimately not too productive, testing leads me to conclude this is something with 32... Bill Meeks
08:40 AM pfSense Plus Bug #11466: PHP exits with signal 11 on SG-3100 when calling PCRE functions
Steve Yates wrote:
> Simply out of curiosity I did a quick search and found this "not a bug" from 2008: https://bugs... Bill Meeks
03:53 PM Bug #11541 (Feedback): OpenVPN status does not work properly when set to TCP and Concurrent Connections = 1
Last time something like this happened the status output changed formats slightly for one reason or another.
It's ... Jim Pingle
03:44 PM Bug #11541: OpenVPN status does not work properly when set to TCP and Concurrent Connections = 1
Sorry, mistyped the screenshots.
Screenshot 1: OpenVPN Peer to Peer config settings
Screenshot 2: List of openvpn... Ryan Fitton
03:42 PM Bug #11541 (New): OpenVPN status does not work properly when set to TCP and Concurrent Connections = 1
Since updating from 2.4.5 to 2.5 I am having an issue with OpenVPN when using "Peer to Peer (SSL/TLS)" mode.
Netwo... Ryan Fitton
03:42 PM pfSense Plus Bug #11540 (Not a Bug): Nat not working
There isn't nearly enough information there to classify it as a bug, and this site is not for support or diagnostic d... Jim Pingle
03:29 PM pfSense Plus Bug #11540 (Not a Bug): Nat not working
Hello,
After updating to version 21.02 on SG-4860 nat stopped working.
What can we do to make nat work again?
... Alex Adati
02:30 PM Bug #11539 (Rejected): Mobile IPsec ``split_include`` value of ``0.0.0.0/0`` causes some clients to fail
Currently for mobile IPsec the code sets up @subnet@ and @split_include@ entries for IPv4/IPv6 pools based on the GUI... Jim Pingle
02:07 PM Bug #11482 (Pull Request Review): WireGuard interfaces do not always have proper MTU applied
Jim Pingle
11:16 AM Bug #11482: WireGuard interfaces do not always have proper MTU applied
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/156 Viktor Gurov
01:44 PM Bug #11538 (Closed): WireGuard Panic
A "forum user is hitting a panic on several systems when using WireGuard":https://forum.netgate.com/topic/161378/pfse... Jim Pingle
01:31 PM Regression #11537 (Closed): IPsec VTI tunnel between IPv6 peers may not configure correctly
The error in https://forum.netgate.com/post/965928 implies that an IPsec tunnel using VTI between two IPv6 peers may ... Jim Pingle
12:29 PM pfSense Packages Bug #11501: Daily acme "expiring soon" warnings about a test Let's Encrypt certificate that expired > 300 days ago
You delete the entry from the certificate manager, which is where the warning was generated. Not ACME.
Any further... Jim Pingle
11:40 AM pfSense Packages Bug #11501: Daily acme "expiring soon" warnings about a test Let's Encrypt certificate that expired > 300 days ago
When you said, "Delete it" I thought deleting the acme config in the gui would fix it. But no, I did that and still g... Craig Leres
11:11 AM pfSense Plus Regression #11444 (Resolved): SG-3100 doesn't pass traffic after upgrade to 21.02
Jim Pingle
10:52 AM Feature #11439 (Pull Request Review): IPv6 support in ``easyrule`` CLI script
Viktor Gurov
09:26 AM Regression #11535 (Duplicate): Integer Overflow in Certificate Expiration Dates
Duplicate of #11504 which already has a fix checked in. Jim Pingle
09:17 AM Regression #11535 (Duplicate): Integer Overflow in Certificate Expiration Dates
Certificates with very long expiration times displayed correctly before I upgraded to 21.02. In this version, the da... Russell Selph
08:39 AM pfSense Packages Regression #11534 (New): FreeRADIUS EAP anonymous connection forbidden out-of-tunnel
With an LDAP backend but no SQL backend, the virtual server configuration ends up as follows:... Didier Raboud
07:43 AM Feature #11521 (Pull Request Review): Set Explicit Exit Notify to ``1`` by default for new OpenVPN client instances
Jim Pingle
07:40 AM Feature #2400 (Pull Request Review): GUI options for WPA Enterprise with identity/password
Jim Pingle
07:39 AM pfSense Packages Bug #11532 (Pull Request Review): LCDproc service is not disabled
Jim Pingle
03:04 AM pfSense Packages Bug #11532: LCDproc service is not disabled
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/60 Viktor Gurov
03:02 AM pfSense Packages Bug #11532 (Resolved): LCDproc service is not disabled
LCDproc service is not disabled if you uncheck "Enable LCDproc at startup" checkbox
/usr/local/etc/rc.d/lcdproc.sh i... Viktor Gurov
06:36 AM pfSense Packages Feature #11533: add ena(4) to the list of INLINE mode (netmap) supported cards
https://github.com/pfsense/FreeBSD-ports/pull/1046 Viktor Gurov
03:58 AM pfSense Packages Feature #11533 (Resolved): add ena(4) to the list of INLINE mode (netmap) supported cards
add ena(4) to the list of INLINE mode (netmap) supported cards (pfSense 2.5/21.02)
see https://github.com/pfsense/... Viktor Gurov
04:16 AM pfSense Packages Bug #11449: BIND fails during/after upgrade to 21.02/2.50
related to named ACL
see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=980786 Viktor Gurov
04:00 AM pfSense Packages Feature #11531: Show netmap compatible cards in IPS Mode note
+ add ena(4) to the list of netmap-compatible cards (#11533) Viktor Gurov
03:13 AM pfSense Packages Feature #11531: Show netmap compatible cards in IPS Mode note
see also #10950 Viktor Gurov
02:51 AM pfSense Packages Feature #11531 (Resolved): Show netmap compatible cards in IPS Mode note
https://www.freebsd.org/cgi/man.cgi?query=netmap&sektion=4 ... Danilo Zrenjanin
02:55 AM pfSense Packages Bug #11529 (Rejected): zeek leaves traces after uninstall
fixed in #11381
now it correctly removes `/usr/local/etc/rc.d/zeek.sh`
see https://github.com/pfsense/FreeBSD-por... Viktor Gurov

02/24/2021

11:46 PM Feature #2400: GUI options for WPA Enterprise with identity/password
Tim Cappalli wrote:
> The PAP inner method is missing from EAP-TTLS in the pull request. PAP and MSCHAPv2 are the tw... Viktor Gurov
08:33 PM Feature #2400: GUI options for WPA Enterprise with identity/password
The PAP inner method is missing from EAP-TTLS in the pull request. PAP and MSCHAPv2 are the two most common inner met... Tim Cappalli
10:35 PM pfSense Plus Bug #11466: PHP exits with signal 11 on SG-3100 when calling PCRE functions
Simply out of curiosity I did a quick search and found this "not a bug" from 2008: https://bugs.php.net/bug.php?id=45... Steve Y
09:57 PM pfSense Plus Bug #11466: PHP exits with signal 11 on SG-3100 when calling PCRE functions
*Update on this issue*
The problem is somewhere within the PHP base function _preg_match()_.
Here is a PHP code... Bill Meeks
10:17 PM pfSense Packages Bug #11530 (Closed): ntopng 4.2 needs to be updated to 4.3, Bug when accessing a host for details
On pfsense 2.5, installing ntopng from package manager ntop 0.8.13_9 which is 4.2 version of ntopng, after logging in... Max D
10:11 PM pfSense Packages Bug #11529 (Rejected): zeek leaves traces after uninstall
Running latest 2.5 release of pfsense, I installed zeek to test out, but after removing the package, services still s... Max D
07:23 PM Revision f731957f: Correct location and config for Strict CRLs in IPsec. Fixes #11526
(cherry picked from commit 9a5bde87ce9fd0fad3a7f41750782b2dccce38d8) Jim Pingle
07:23 PM Revision 9a5bde87: Correct location and config for Strict CRLs in IPsec. Fixes #11526
Jim Pingle
06:04 PM Bug #11528 (Duplicate): IPsec tunnel status shows wrong status or hangs or doesn't bring up tunnels
Duplicate of #11435 and/or other existing issues that have already been solved for IPsec. Check the forum, there are ... Jim Pingle
06:01 PM Bug #11528 (Duplicate): IPsec tunnel status shows wrong status or hangs or doesn't bring up tunnels
Hi,
I've updated two pfSense instances so far from 2.4.5 to 2.5.0 and both have exhibited the same issues. The fi... Michael Knowles
05:47 PM Bug #11527 (Rejected): Bugs on pfsense 2.5.0
This site is not for support or diagnostic discussion, please post on the "Netgate Forum":https://forum.netgate.com t... Jim Pingle
05:37 PM Bug #11527 (Rejected): Bugs on pfsense 2.5.0
Good day everyone, so I currently have my pfsense running as an appliance in an old ASUS Laptop I have. It was runnin... Julius Caesar Dumaguing
01:30 PM Regression #11526 (Feedback): Mobile IPsec broken when using strict certificate revocation list checking
Applied in changeset commit:9a5bde87ce9fd0fad3a7f41750782b2dccce38d8. Jim Pingle
01:03 PM Regression #11526: Mobile IPsec broken when using strict certificate revocation list checking
This isn't specific to plus, and is a regression from 2.4.5.
Looks like the "parameter format changed":https://wik... Jim Pingle
12:39 PM Regression #11526 (Closed): Mobile IPsec broken when using strict certificate revocation list checking
Enabling Strict CRL Checking under Advanced Settings in IPSec produces the following error:
"loading connection 'c... Kris Phillips
10:53 AM pfSense Packages Bug #11525 (Closed): pfsense 2.5.0 release version for vlan issue to suricata
I have found that pfsense vlans have issues on suricata after updated to 2.5.0 release in esxi 7.0.1 virtual machine.... Ahmed Mohamed
10:49 AM Bug #4521 (Pull Request Review): OpenVPN authentication and certificate validation fail due to size of data passed through ``fcgicli``
Jim Pingle
10:05 AM Bug #4521: OpenVPN authentication and certificate validation fail due to size of data passed through ``fcgicli``
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/154 Viktor Gurov
10:37 AM Todo #11518 (Pull Request Review): Move custom IPsec NAT-T port settings to Advanced Options
Jim Pingle
04:16 AM Todo #11518: Move custom IPsec NAT-T port settings to Advanced Options
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/152 Viktor Gurov
03:20 AM Todo #11518 (Closed): Move custom IPsec NAT-T port settings to Advanced Options
custom IPsec NAT-T port settings (#10870) are very rarely used and in most cases can only confuse users
better to mo... Viktor Gurov
10:32 AM Regression #11523: Incorrect upstream interface
Feels to me like @guess_interface_from_ip()@ if it keeps using the full routing table would need to be changed so it ... Jim Pingle
09:48 AM Regression #11523: Incorrect upstream interface
Jim Pingle wrote:
> Does the patch from #11519 also solve this? If so, this can be closed and combined with it. Seem... Viktor Gurov
09:40 AM Regression #11523: Incorrect upstream interface
Does the patch from #11519 also solve this? If so, this can be closed and combined with it. Seems like the same root ... Jim Pingle
08:09 AM Regression #11523: Incorrect upstream interface
https://forum.netgate.com/topic/161063/update-to-2-5-0-broke-dhcp-relay Viktor Gurov
08:09 AM Regression #11523 (Duplicate): Incorrect upstream interface
another issue with `guess_interface_from_ip()` (see also #11519):
`services_dhcrelay_configure()` uses `guess_inte... Viktor Gurov
10:29 AM Regression #11519 (Pull Request Review): Incorrect DHCP failover IP address configured on peer after XMLRPC sync
Jim Pingle
04:06 AM Regression #11519: Incorrect DHCP failover IP address configured on peer after XMLRPC sync
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/151 Viktor Gurov
03:44 AM Regression #11519 (Closed): Incorrect DHCP failover IP address configured on peer after XMLRPC sync
`/etc/rc.filter_synchronize` uses `guess_interface_from_ip()` which returns only first (top-down) interface from the ... Viktor Gurov
10:20 AM pfSense Packages Bug #11515 (Pull Request Review): node_exporter 0.18.1_1 - Unable to interact or start the service from web ui
Jim Pingle
12:25 AM pfSense Packages Bug #11515: node_exporter 0.18.1_1 - Unable to interact or start the service from web ui
fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/58 Viktor Gurov
10:19 AM pfSense Packages Bug #11517 (Pull Request Review): Zebra Access List Names don't prevent spaces, but a whitespace in the name will stop FRR from starting
Jim Pingle
09:56 AM pfSense Packages Bug #11511 (Pull Request Review): OSPF distribute List always empty
Jim Pingle
09:48 AM pfSense Packages Feature #11520 (Pull Request Review): Add 'explicit-exit-notify' option by default
Jim Pingle
06:50 AM pfSense Packages Feature #11520: Add 'explicit-exit-notify' option by default
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/59 Viktor Gurov
06:04 AM pfSense Packages Feature #11520: Add 'explicit-exit-notify' option by default
Also see:
https://redmine.pfsense.org/issues/9085
 Pippin MMD
04:36 AM pfSense Packages Feature #11520 (Resolved): Add 'explicit-exit-notify' option by default
https://build.openvpn.net/man/openvpn-2.5/openvpn.8.html:... Viktor Gurov
09:46 AM Feature #11521: Set Explicit Exit Notify to ``1`` by default for new OpenVPN client instances
We already have a GUI option for this. It only works with UDP, so enabling it unilaterally is not viable. At most we ... Jim Pingle
07:06 AM Feature #11521: Set Explicit Exit Notify to ``1`` by default for new OpenVPN client instances
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/153 Viktor Gurov
07:00 AM Feature #11521 (Resolved): Set Explicit Exit Notify to ``1`` by default for new OpenVPN client instances
https://build.openvpn.net/man/openvpn-2.5/openvpn.8.html:... Viktor Gurov
09:42 AM Regression #11524: Using SHA1 or SHA256 with AES-NI may fail if AES-NI attempts to accelerate hashing
Another potential report at https://forum.netgate.com/topic/161354/ipsec-packet-loss-routing-issue-with-21-02-release... Jim Pingle
08:11 AM Regression #11524: Using SHA1 or SHA256 with AES-NI may fail if AES-NI attempts to accelerate hashing
Specifically, the hardware from the thread above is a Netgate 5100 running pfSense Plus, but this likely affects both... Jim Pingle
08:09 AM Regression #11524 (Closed): Using SHA1 or SHA256 with AES-NI may fail if AES-NI attempts to accelerate hashing
Based on at least one report, it appears AES-NI on Plus 21.02/2.5.0 has an issue with SHA-256 and some clients, notab... Jim Pingle
07:13 AM pfSense Packages Bug #11522 (New): fping6 error
we have a XG7100 (not updated to 2.5) with a running zabbix proxy. Now we discovered many entrys in the logfile with:... Viktor Gurov
02:43 AM Revision a33e8b1c: CaptivePortal: Redirect back to Login Page on Logout
Currently (i.e when a custom logout page is present) when a user clicks on logout , a window with the logout message ... nraven777 consec

02/23/2021

11:50 PM pfSense Plus Regression #11444: SG-3100 doesn't pass traffic after upgrade to 21.02
Scott Lang, that tracks along the same lines with the issues I was having back in Sep 2020: https://forum.netgate.com... Daniel Gordon
11:37 PM pfSense Packages Bug #11517: Zebra Access List Names don't prevent spaces, but a whitespace in the name will stop FRR from starting
fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/57 Viktor Gurov
02:32 PM pfSense Packages Bug #11517 (Resolved): Zebra Access List Names don't prevent spaces, but a whitespace in the name will stop FRR from starting
Services/FRR/Global Settings/Edit/Access Lists allows saving the settings with a whitespace in the name, but this cau... Lennart dV
10:04 PM Revision 3987c45b: Improve CA/Self-Signed serial handling. Fixes #11514
(cherry picked from commit 4aa7c7aefc273464b8e66e6176a860b0246f8ee9) Jim Pingle
10:04 PM Revision 4aa7c7ae: Improve CA/Self-Signed serial handling. Fixes #11514
Jim Pingle
09:25 PM Revision 16c1d390: Try parsing four digit years in cert timestamps. Fixes #11504
(cherry picked from commit bdaa35dcf31def521ba8c60c0aa9c41bf5005311) Jim Pingle
09:24 PM Revision bdaa35dc: Try parsing four digit years in cert timestamps. Fixes #11504
Jim Pingle
09:12 PM Revision ad27159f: Do not deprecate prefix if AdvRASrcAddress is specified, refs: #11103
znerol
08:07 PM pfSense Packages Bug #11449: BIND fails during/after upgrade to 21.02/2.50
I also have this issue after upgrading to pfsense 2.5. I've noticed that if you reboot the named process doesn't seem... Stefan Andersson
07:22 PM Revision cb17faca: Improve handling of broken/invalid certs. Fixes #11489
(cherry picked from commit 29804b9e6ff07d0224d9396b063f88f486f0d231) Jim Pingle
07:21 PM Revision 29804b9e: Improve handling of broken/invalid certs. Fixes #11489
Jim Pingle
06:22 PM pfSense Packages Bug #11501: Daily acme "expiring soon" warnings about a test Let's Encrypt certificate that expired > 300 days ago
Jim Pingle wrote:
> Craig Leres wrote:
> > How was I able to go 390+ days before upgrading to 21.02 without getting... Craig Leres
04:10 PM Bug #11514 (Feedback): Renewing a self-signed CA or certificate does not update the serial number
Applied in changeset commit:4aa7c7aefc273464b8e66e6176a860b0246f8ee9. Jim Pingle
12:23 PM Bug #11514 (Closed): Renewing a self-signed CA or certificate does not update the serial number
When renewing a self-signed CA entry or self-signed certificate in the GUI the serial number is not replaced with a n... Jim Pingle
03:35 PM pfSense Plus Regression #11504 (Feedback): CA and certificate validity end dates after 2038 are not handled properly on 32-bit ARM
Applied in changeset pfsense:commit:bdaa35dcf31def521ba8c60c0aa9c41bf5005311. Jim Pingle
03:26 PM pfSense Plus Regression #11504: CA and certificate validity end dates after 2038 are not handled properly on 32-bit ARM
When applying the patch for this, you will probably need to apply @cb17faca3b07197db4b1eb1502a876873ddc222c@ first an... Jim Pingle
03:25 PM pfSense Plus Regression #11504: CA and certificate validity end dates after 2038 are not handled properly on 32-bit ARM
Looks like this is from the @validTo@ date in the parsed details using a four digit date and the code assumed a two d... Jim Pingle
03:25 PM Bug #11489: Invalid certificate data can cause a PHP error
I have applied the patch and the problem is fixed. I have deleted the offending cert. Thanks. Simon Brezovnik
01:30 PM Bug #11489: Invalid certificate data can cause a PHP error
Applied in changeset commit:29804b9e6ff07d0224d9396b063f88f486f0d231. Jim Pingle
01:29 PM Bug #11489: Invalid certificate data can cause a PHP error
You can use the "system patches package":https://docs.netgate.com/pfsense/en/latest/development/system-patches.html t... Jim Pingle
01:25 PM Bug #11489: Invalid certificate data can cause a PHP error
OK, with the cert you sent I can reproduce the error. The problem is that the certificate data in that snippet is cor... Jim Pingle
07:22 AM Bug #11489: Invalid certificate data can cause a PHP error
You can send the certificate to @jimp@ (a.t.) @netgate@ (d|o|t) @com@
Once I can reproduce the problem and work up... Jim Pingle
06:14 AM Bug #11489: Invalid certificate data can cause a PHP error
I get the following error in the GUI with know way to delete the offending cert, screen shot attached. Is reloading t... Simon Brezovnik
06:08 AM Bug #11489: Invalid certificate data can cause a PHP error
I have identified the certificate causing the problem. How would you like me to send it to you? The crt was created i... Simon Brezovnik
03:16 PM Feature #11103: Use virtual link local IP address as RA source address for HA environments
Thanks for merging. I just opened a PR for a small followup:
https://github.com/pfsense/pfsense/pull/4502
Sorry... znerol znerol
03:10 PM pfSense Plus Bug #11466: PHP exits with signal 11 on SG-3100 when calling PCRE functions
*Another Update*
None of the conditions described in this bug report occur on an SG-1100 (64-bit ARM CPU), and nei... Bill Meeks
11:40 AM pfSense Plus Bug #11466: PHP exits with signal 11 on SG-3100 when calling PCRE functions
Marcos:
-I'm running into difficulty updating my SG-1100 to the latest version. It is still on the 2.4.4 factory i... Bill Meeks
08:07 AM pfSense Plus Bug #11466: PHP exits with signal 11 on SG-3100 when calling PCRE functions
Thanks for the additional info. I will investigate further. The Signal 10 from the Snort binary I am not really surpr... Bill Meeks
01:21 AM pfSense Plus Bug #11466: PHP exits with signal 11 on SG-3100 when calling PCRE functions
The behavior with both Snort and Suricata installed was definitely strange and didn't make sense to me. I did a fresh... Marcos M
02:56 PM Revision 6f84dd13: On save return virtual IP id
Steve Beaver
01:44 PM Revision a397f9a8: Merge pull request #4501 from mschiegl/patch-1
Renato Botelho
01:43 PM Regression #11316: Unbound crashes with signal 11 when reloading
Will the update be made available to 21.02 soon? My 2.5.0 box finds it, but my 21.02 box does not.
Thanks! Tim Gagnon
01:05 PM Bug #11516 (Rejected): pfsync Synchronize Peer IP lost when upgrading from 2.4.5 to 2.5.0
There is not enough information to classify this as a bug. It sounds more like a configuration issue led to that, not... Jim Pingle
01:01 PM Bug #11516 (Rejected): pfsync Synchronize Peer IP lost when upgrading from 2.4.5 to 2.5.0
Having a an HA installation, upgrade the backup node from 2.4.5 to 2.5.0 with no problems, then upgraded the master n... Pablo Trincavelli
12:46 PM Revision 8b424bca: Use set_curlproxy() function for cURL proxy configuration. Issue #11476
Viktor Gurov
12:44 PM Revision c03a2049: IPsec Mobile EAP-RADIUS additional configuration fix. Issue #11447
Viktor Gurov
12:41 PM Revision 969574b6: Put OpenVPN route-nopull option after custom options. Fixes #11448
Viktor Gurov
12:36 PM pfSense Packages Bug #11515 (Feedback): node_exporter 0.18.1_1 - Unable to interact or start the service from web ui
This bug can be reproduced on my Netgate XG-7100 running 21.02-RELEASE
After installing the package for the first... dff dff
12:34 PM pfSense Packages Bug #11513: FFR won't show Access-List on Distribute List (OSPF)
Can't access gitlab.netgate.com :/ F. M.
12:21 PM pfSense Packages Bug #11513 (Duplicate): FFR won't show Access-List on Distribute List (OSPF)
Duplicate of #11511 Viktor Gurov
12:20 PM pfSense Packages Bug #11513 (Duplicate): FFR won't show Access-List on Distribute List (OSPF)
Pfsense 2.5 and FRR 1.1.0_5.
You create an access list and expect to set it on OSPF "Distribute List".
However ... F. M.
12:30 PM Revision 19866d78: System Information widget fix. Issue #11443
Viktor Gurov
12:29 PM Revision 4fef1c10: WireGuard interface friendly description. Fixes #11437
Viktor Gurov
12:29 PM Revision ee712bbb: Allow to use OpenVPN provided DNS servers. Implements #11140
Viktor Gurov
12:27 PM Revision 5f120301: WPA Enterprise (PEAP/TLS/TTLS) client mode. Feature #2400
Viktor Gurov
12:23 PM Bug #11503: Using multiple authentication backends on an OpenVPN server fails
seems related to #9460 Viktor Gurov
12:18 PM pfSense Packages Bug #11511: OSPF distribute List always empty
fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/56 Viktor Gurov
12:05 PM pfSense Packages Bug #11511 (Resolved): OSPF distribute List always empty
from https://forum.netgate.com/topic/161176/filter-some-routes:
The GUI does not find the configured ACL Lists any m... Viktor Gurov
12:12 PM Bug #11437 (Waiting on Merge): WireGuard group is not printed in the interface column of the NAT rule list
Jim Pingle
10:20 AM Bug #11437: WireGuard group is not printed in the interface column of the NAT rule list
Hi all,
Patch applied and bug fixed. Marcelo Gondim
06:35 AM Bug #11437: WireGuard group is not printed in the interface column of the NAT rule list
Applied in changeset commit:4fef1c109de562f9f97d7c04d4cf8f0f041811e0. Viktor Gurov
06:30 AM Bug #11437 (Feedback): WireGuard group is not printed in the interface column of the NAT rule list
PR has been merged. Thanks! Renato Botelho
12:08 PM Regression #11512 (Closed): DHCP Leases page and ARP table page fail to load if DNS is not available
From jimp: "Once upon a time it used to test for DNS on those pages and skip it if DNS didn't respond. Maybe that got... Brad Lavis
11:50 AM Regression #11510 (Closed): ARP Table populates hostname values using expired DHCP lease data
Description based on discussion from https://forum.netgate.com/topic/161139/arp-bug-pfsense-2-5-0
In *Diagnostic -... Tomasz K.
10:47 AM pfSense Packages Bug #11509 (Closed): LCD package - not starting at boot - stop and start in Status Window not possible
Hi all,
I'm using pfSense 2.5 on a WatchGuard XTM 510 on which I started using the built in LCD display. Got it work... The Cycler63
08:01 AM Regression #11443: Disabling 'State Table Size' in the System Information widget prevents other data from being displayed
Jim Pingle wrote:
> https://docs.netgate.com/pfsense/en/latest/development/system-patches.html
>
> Create an entr... Jason Hodgdon
07:44 AM Regression #11443: Disabling 'State Table Size' in the System Information widget prevents other data from being displayed
never mind I figured it out! thx :) Jason Hodgdon
07:40 AM Regression #11443: Disabling 'State Table Size' in the System Information widget prevents other data from being displayed
https://docs.netgate.com/pfsense/en/latest/development/system-patches.html
Create an entry for @19866d78540d498f23... Jim Pingle
07:33 AM Regression #11443: Disabling 'State Table Size' in the System Information widget prevents other data from being displayed
Renato Botelho wrote:
> Jason Hodgdon wrote:
> > Viktor Gurov wrote:
> > > fix:
> > > https://gitlab.netgate.com/... Jason Hodgdon
07:18 AM Regression #11443: Disabling 'State Table Size' in the System Information widget prevents other data from being displayed
Jason Hodgdon wrote:
> Viktor Gurov wrote:
> > fix:
> > https://gitlab.netgate.com/pfSense/pfSense/-/merge_request... Renato Botelho
07:08 AM Regression #11443: Disabling 'State Table Size' in the System Information widget prevents other data from being displayed
It's not down, that's our internal development git, not the public one which is on github. Jim Pingle
06:36 AM Regression #11443: Disabling 'State Table Size' in the System Information widget prevents other data from being displayed
Viktor Gurov wrote:
> fix:
> https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/141
anyone know why git... Jason Hodgdon
06:30 AM Regression #11443 (Feedback): Disabling 'State Table Size' in the System Information widget prevents other data from being displayed
PR has been merged. Thanks! Renato Botelho
07:45 AM Regression #11500 (Feedback): OpenVPN using the wrong OpenSSL command to list digest algorithms
PR has been merged. Thanks! Renato Botelho
07:42 AM Bug #11505 (Duplicate): PPPoE daemon selects wrong interface
The bug you reference is not fixed -- it's still open in a "New" state and nothing was done yet to correct it.
No ... Jim Pingle
07:26 AM Bug #10465 (Resolved): possible routing performance regression due to non use of ip_tryforward
Yes, this is fixed in 21.02/2.5.0 Jim Pingle
07:25 AM Bug #11506 (Duplicate): traffic graph dont show traffic for Wireguard interface
We're already tracking this internally (NG 5522). See also #11315 Jim Pingle
12:41 AM Bug #11506 (Duplicate): traffic graph dont show traffic for Wireguard interface
The traffic graph don´t register any traffic. The table show traffic correct but nothing in the graph. johan carlsson
06:52 AM pfSense Packages Bug #11477 (Feedback): FRR does not recognize some BFD options
PR has been merged. Thanks! Renato Botelho
06:52 AM pfSense Packages Bug #11392 (Feedback): FRR - Advanced Routing Behavior - Network Import Check: Flag should be reversed
PR has been merged. Thanks! Renato Botelho
06:52 AM pfSense Packages Bug #11445 (Feedback): bgp as-path in wrong position
PR has been merged. Thanks! Renato Botelho
06:50 AM Bug #11448: Incorrect order of ``route-nopull`` option in OpenVPN client-specific override configuration
Applied in changeset commit:969574b6dbb124e98595ca537c0d176d908707d0. Viktor Gurov
06:41 AM Bug #11448 (Feedback): Incorrect order of ``route-nopull`` option in OpenVPN client-specific override configuration
PR has been merged. Thanks! Renato Botelho
06:46 AM Bug #11476 (Feedback): Telegram and Pushover notification API calls do not respect proxy configuration
PR has been merged. Thanks! Renato Botelho
06:44 AM Regression #11447 (Feedback): EAP-RADIUS Mobile IPsec clients with RADIUS-assigned addresses do not get additional configuration attributes
PR has been merged. Thanks! Renato Botelho
06:35 AM Feature #11140: Allow the firewall to use DNS servers provided to an OpenVPN client instance
Applied in changeset commit:ee712bbb11bd04d442c545ab151a4df9e083edb6. Viktor Gurov
06:28 AM Feature #11140 (Feedback): Allow the firewall to use DNS servers provided to an OpenVPN client instance
PR has been merged. Thanks! Renato Botelho
06:27 AM Feature #2400 (Feedback): GUI options for WPA Enterprise with identity/password
PR has been merged. Thanks! Renato Botelho
02:58 AM Todo #11508 (Pull Request Review): Update SimplePie to to v1.5.6
Mostly bug and issue fixes, some new features. One micro-performance optimisation.
PR: https://github.com/pfsense/... GChuf 6
02:27 AM Todo #11507 (Resolved): Update font formats to WOFF2
Currently, the web fonts are stored in .ttf format. Since then, woff and woff2 formats have been invented, which don'... GChuf 6

02/22/2021

11:06 PM Bug #10465: possible routing performance regression due to non use of ip_tryforward
The 21.02 / 2.5 Release Notes lists this fix (in the Operating System section):
* Fixed a network performance regres... David Burns
09:49 PM Bug #10465: possible routing performance regression due to non use of ip_tryforward
Is this issue still applicable with 2.5 or should I re-enable ICMP redirect? Kevin Mychal Ong
10:20 PM pfSense Plus Bug #11466: PHP exits with signal 11 on SG-3100 when calling PCRE functions
So to make sure I understand, this only happens on an SG-3100 and you can't reproduce on x86 hardware.
The first t... Bill Meeks
07:04 PM pfSense Plus Bug #11466: PHP exits with signal 11 on SG-3100 when calling PCRE functions
They were not scrubbed. Here are the steps to reproduce it (was not able to reproduce on a x86 system).
Only Snort... Marcos M
06:43 PM pfSense Plus Bug #11466: PHP exits with signal 11 on SG-3100 when calling PCRE functions
Marcos Mendoza wrote:
> The ARM patch for snort is still there:
> https://github.com/pfsense/FreeBSD-ports/blob/dev... Bill Meeks
02:08 PM pfSense Plus Bug #11466: PHP exits with signal 11 on SG-3100 when calling PCRE functions
The ARM patch for snort is still there:
https://github.com/pfsense/FreeBSD-ports/blob/devel/security/snort/files/pat... Marcos M
06:56 PM pfSense Packages Bug #9204: ospfd: GRE tunnels became unnumbered since 2.4.4
...I mean, this is not a proper test, I need to bring up a live tunnel and get some LSAs going first.
But when thi... Firstname Surname
03:56 PM pfSense Packages Bug #9204: ospfd: GRE tunnels became unnumbered since 2.4.4
OK - I just tested that fix.... Firstname Surname
03:37 PM pfSense Packages Bug #9204: ospfd: GRE tunnels became unnumbered since 2.4.4
Typically we would wait until it's in an official release. Jim Pingle
02:37 PM pfSense Packages Bug #9204: ospfd: GRE tunnels became unnumbered since 2.4.4
FRR have been silent, but it looks like the person who raised this has a patch. What's your policy here, do you apply... Firstname Surname
06:50 PM Bug #11505 (Duplicate): PPPoE daemon selects wrong interface
The defect was not properly addressed and assigned leading up to the 2.5.0 release.
The functionality is still bro... Kristopher Kolpin
06:38 PM Bug #9270: "Remove all states to and from the filtered address" does not remove all states
looks great in 2.5.0 thanks a million ! Yuri Weinstein
05:33 PM Revision 00995e1e: Fix a typo.
No functional changes. Luiz Souza
04:52 PM pfSense Plus Regression #11504 (Resolved): CA and certificate validity end dates after 2038 are not handled properly on 32-bit ARM
The expiry date rolls over and is shown as some time in that past. pfSense see it as expired/invalid. See attachment.... Steve Wheeler
04:01 PM Regression #11316: Unbound crashes with signal 11 when reloading
This is now in the 2.5.0 repository. To upgrade manually, run the following from an ssh or console shell prompt (not ... Jim Pingle
10:18 AM Regression #11316: Unbound crashes with signal 11 when reloading
The forum thread linked above has instructions for installing the updated version manually from the snapshot reposito... Jim Pingle
03:51 PM Bug #11503 (New): Using multiple authentication backends on an OpenVPN server fails
We did update our pfSense Cluster to 2.5.0. On our OpenVPN connection we do have multiple backends. Our main one (RAD... Silvano Giacomello
03:45 PM Revision dc572d38: Merge pull request #4491 from dsmackie/issue-9887
Renato Botelho
03:17 PM Bug #11502: WireGuard ``matchaddr failed`` kernel messages in system log
Peter fixed a similar error before the release, this may be similar. Jim Pingle
02:35 PM Bug #11502 (Not a Bug): WireGuard ``matchaddr failed`` kernel messages in system log
When I setup 1 wireguard interface things work normally with 1 peer. Once I add a second peer to the same interface I... Adam Esslinger
02:21 PM Bug #9541: Non-admin user with admin rights is given the wrong URL for the user manager
The code in 2.5.0 is the same as the post-patch code there. Perhaps you accidentally reverted that patch after being ... Jim Pingle
02:13 PM Bug #9541: Non-admin user with admin rights is given the wrong URL for the user manager
Testing this on 2.5.0-RELEASE, it looks like the bug is either still present or there's been a regression—screen capt... Michael Alden
02:16 PM Regression #11442: Distinguished Name (FQDN) IPsec peer identifier type is not formatted properly in ``swanctl.conf`` secrets
Patch 10eb04259fd139c62e08df8de877b71fdd0eedc8 is much appreciated, looking forward to P1 release in order to be able... e 1/1
02:15 PM Bug #9887: Rule separator positions change when deleting multiple rules
Applied in changeset commit:3e7a04be6ce4530bbb37b3c312fd2239a61967db. Dan Mackie
09:45 AM Bug #9887 (Feedback): Rule separator positions change when deleting multiple rules
PR has been merged. Thanks! Renato Botelho
01:32 PM Revision e81512fa: Revert "Welcome pfSense CE 2.5.0-RELEASE-p1"
This reverts commit 57296da03385ccdc0d07ac8b6bd8f110f8d0314f. Renato Botelho
01:20 PM Bug #11494: Wireguard interface sends ICMP Redirect when routing between two peers
I was able to confirm that there does not appear to be any rate limiting, the overhead isn't terrible though as the I... Blaine Palmer
11:37 AM Bug #11494: Wireguard interface sends ICMP Redirect when routing between two peers
Another workaround is to do one peer per tunnel and a dynamic routing protocol like BGP, or routes using the remote p... Jim Pingle
11:28 AM Bug #11494: Wireguard interface sends ICMP Redirect when routing between two peers
I've disabled redirect via the sysctl/tunable as suggested already.
Just to clarify this is for every incoming pac... Blaine Palmer
10:21 AM Bug #11494: Wireguard interface sends ICMP Redirect when routing between two peers
This is likely a (mostly?) harmless side effect of how the routes in the routing table are added for WireGuard. Becau... Jim Pingle
01:00 PM pfSense Packages Bug #11501: Daily acme "expiring soon" warnings about a test Let's Encrypt certificate that expired > 300 days ago
Craig Leres wrote:
> How was I able to go 390+ days before upgrading to 21.02 without getting daily expiring message... Jim Pingle
12:40 PM pfSense Packages Bug #11501: Daily acme "expiring soon" warnings about a test Let's Encrypt certificate that expired > 300 days ago
And I should ask is there a way to delete the certificate but keep the test config in case I need to test in the futu... Craig Leres
12:38 PM pfSense Packages Bug #11501: Daily acme "expiring soon" warnings about a test Let's Encrypt certificate that expired > 300 days ago
Jim Pingle wrote:
> Delete it, it's not needed. It's a leftover from previous ACME certificates.
>
> Entries are ... Craig Leres
12:35 PM pfSense Packages Bug #11501 (Not a Bug): Daily acme "expiring soon" warnings about a test Let's Encrypt certificate that expired > 300 days ago
Delete it, it's not needed. It's a leftover from previous ACME certificates.
Entries are never removed automatical... Jim Pingle
12:25 PM pfSense Packages Bug #11501 (Not a Bug): Daily acme "expiring soon" warnings about a test Let's Encrypt certificate that expired > 300 days ago
When I setup acme on my pfsense box I used the same procedure as I would with a FreeBSD host; I created a test cert w... Craig Leres
12:35 PM Regression #11475: Route tables with many entries can lead to PHP errors and timeouts when looking up routes
Dirk Meyer wrote:
> Renato Botelho wrote:
> > Dirk,
> >
> > Can you try attached patch and let me know if it hel... Renato Botelho
12:26 PM Regression #11475: Route tables with many entries can lead to PHP errors and timeouts when looking up routes
Renato Botelho wrote:
> Dirk,
>
> Can you try attached patch and let me know if it helps?
The patch looks like... Dirk Meyer
09:36 AM Regression #11475 (In Progress): Route tables with many entries can lead to PHP errors and timeouts when looking up routes
Renato Botelho
09:36 AM Regression #11475: Route tables with many entries can lead to PHP errors and timeouts when looking up routes
Dirk,
Can you try attached patch and let me know if it helps? Renato Botelho
08:58 AM Regression #11475 (Pull Request Review): Route tables with many entries can lead to PHP errors and timeouts when looking up routes
Jim Pingle
12:33 PM Bug #4521: OpenVPN authentication and certificate validation fail due to size of data passed through ``fcgicli``
Ran into this issue after updating pfsense (+) to 21.02 so appears problem still exists in latest version. Have a se... Rick Frey
10:08 AM Bug #4521: OpenVPN authentication and certificate validation fail due to size of data passed through ``fcgicli``
That other issue is old/closed, not likely to be the same. Even so, if it came up again, it needs a fresh issue with ... Jim Pingle
12:07 PM pfSense Packages Bug #11490: Service Watchdog - Impacts Reboots and Package Updates
All fair points.
Have run into a couple occasions where something 'died' (such as Snort, Suricata, lldpd, haproxy)... A S
10:11 AM pfSense Packages Bug #11490: Service Watchdog - Impacts Reboots and Package Updates
This is a problem only with the package and also not likely one that will be solvable in an easy way.
The package ... Jim Pingle
11:25 AM Regression #11500 (Pull Request Review): OpenVPN using the wrong OpenSSL command to list digest algorithms
Jim Pingle
11:15 AM Regression #11500 (Closed): OpenVPN using the wrong OpenSSL command to list digest algorithms
At least in OpenSSL version 1.1.1i-freebsd, used by pfsense 2.5, there is no longer a "list-message-digest-algorithms... Markus Schiegl
11:14 AM Revision f37660de: Merge pull request #4500 from bitscher/master
Renato Botelho
11:06 AM Revision 50ae67cd: Merge pull request #4487 from znerol-forks/feature/master/radvd-linklocal-vip
Renato Botelho
10:46 AM Bug #11427 (Duplicate): IPSEC Status page shows Connections twice (connected and disconnected)
This has been fixed already, see #11435 Jim Pingle
10:22 AM Bug #11427: IPSEC Status page shows Connections twice (connected and disconnected)
We are having the same exact issue and despite I cannot provide any configuration at the moment I can provide some in... Denis Grilli
10:24 AM Regression #11495 (Pull Request Review): NTP widget displays incorrect status
Jim Pingle
10:19 AM pfSense Docs Todo #11499 (Closed): Feedback on Services — DHCPv4 Server
*Page:* https://docs.netgate.com/pfsense/en/latest/services/dhcp/ipv4.html
*Feedback:*
For "Failover Peer IP", ... Marcos M
10:12 AM pfSense Packages Feature #11492 (Duplicate): there is an Freebsd version available for a splunk universal forwarder
Duplicate of #7683 Jim Pingle
10:07 AM Bug #11482: WireGuard interfaces do not always have proper MTU applied
If you edit the assigned interface and save/apply, it does get the correct MTU applied. However, if you edit/save the... Jim Pingle
10:07 AM Bug #11484: Adding static routed subnets destroys the route at routing table
Sorry, yes you gave me the missing hint. To reach a static routed subnet via wireguard you just need to add the gatew... Dirk Steingäßer
09:56 AM Bug #11484 (Not a Bug): Adding static routed subnets destroys the route at routing table
By doing that you have added two static routes (since Allowed IPs entries get route table entries), so naturally one ... Jim Pingle
10:00 AM Bug #11489 (Feedback): Invalid certificate data can cause a PHP error
One or more of your certificate entries has an invalid or a date field that cannot be read. The code could handle thi... Jim Pingle
09:53 AM Bug #11481 (Rejected): NAT Reflection does not work when "NAT Reflection mode for port forwards" is set to "pure nat"
There isn't nearly enough information here and this site is not for support or diagnostic discussion.
For assistan... Jim Pingle
09:51 AM pfSense Packages Bug #11465 (Pull Request Review): Input validation does not prevent multiple conflicting WireGuard peers on a single tunnel from attempting to act as default route
Jim Pingle
09:47 AM Bug #11480 (Duplicate): mDNS repeater (Avahi) over WireGuard not working at all
This is due to WireGuard on FreeBSD not passing multicast or broadcast traffic. We had an issue open on our internal ... Jim Pingle
09:46 AM Feature #11498 (New): WireGuard does not pass multicast traffic to peer
Moving this over from the internal Redmine (NG 5521)
From reports I've seen on other platforms, WireGuard should b... Jim Pingle
09:42 AM pfSense Packages Bug #11477 (Pull Request Review): FRR does not recognize some BFD options
Jim Pingle
09:40 AM Todo #10464: Don't change the current update repo when new releases are available
> What's keeping the dashboard from discovering new update branches on its own?
There is no mechanism to check it ... Jim Pingle
09:39 AM Bug #11478 (Duplicate): Restoring a backup on 2.4.5-p1 triggers an incomplete upgrade to 2.5.0
At it's core, it's a duplicate of #10464 -- solving that will also solve this. Jim Pingle
09:38 AM pfSense Packages Bug #11392 (Pull Request Review): FRR - Advanced Routing Behavior - Network Import Check: Flag should be reversed
Jim Pingle
09:38 AM pfSense Packages Bug #11445 (Pull Request Review): bgp as-path in wrong position
Jim Pingle
09:36 AM Bug #11476 (Pull Request Review): Telegram and Pushover notification API calls do not respect proxy configuration
Jim Pingle
09:33 AM Regression #11447 (Pull Request Review): EAP-RADIUS Mobile IPsec clients with RADIUS-assigned addresses do not get additional configuration attributes
Jim Pingle
08:51 AM Bug #11285: Kernel crash on ALTQ-enabled wg interfaces
That doesn't look like the same issue, the backtrace is a quite a bit different despite both mentioning CBQ. They cou... Jim Pingle
08:50 AM Regression #11470: Panic when using CBQ traffic shaping
That doesn't look like the same issue, the backtrace is a quite a bit different despite both mentioning CBQ. They cou... Jim Pingle
08:45 AM pfSense Docs Correction #11472 (Closed): Typo in https://docs.netgate.com/pfsense/en/latest/vpn/selection.html
Fixed. Just one missing word: "choices" Jim Pingle
08:05 AM Bug #11432: status_dhcp_leases.php doesn't load
We have the same problem after Upgrade to 21.02. A restart of the dhcpd helps for a short while but the problem comes... Christian Naumer
07:55 AM Bug #11497 (Duplicate): Dashboard: CPU Usage Meter Infinite Load
Jim Pingle
05:37 AM Bug #11497: Dashboard: CPU Usage Meter Infinite Load
Constantine Kormashev wrote:
> Probably related to https://redmine.pfsense.org/issues/11443
Can confirm. Re-enabl... Andy Dormire
05:30 AM Bug #11497: Dashboard: CPU Usage Meter Infinite Load
Probably related to https://redmine.pfsense.org/issues/11443 Constantine Kormashev
03:42 AM Bug #11497 (Duplicate): Dashboard: CPU Usage Meter Infinite Load
Howdy!
I worked with Netgate Support (ticket #76291) on an issue with my SG-5100 after upgrading to pfSense Plus 2... Andy Dormire
05:44 AM pfSense Packages Feature #11386 (Feedback): Add WireGuard tunneled networks to vpnaddresses list
PR has been merged. Thanks! Renato Botelho
05:42 AM pfSense Packages Feature #11385 (Feedback): Add WireGuard tunneled networks to vpnaddresses list
PR has been merged. Thanks! Renato Botelho
05:14 AM Feature #11420 (Feedback): New Dynamic DNS Provider: Gandi LiveDNS IPv6
PR has been merged. Thanks! Renato Botelho
05:09 AM Feature #11264 (Pull Request Review): Redirect Captive Portal users to login page after they logout
Renato Botelho
05:07 AM Feature #11103 (Feedback): Use virtual link local IP address as RA source address for HA environments
PR has been merged. Thanks! Renato Botelho
04:40 AM Bug #11483 (Feedback): Installer does not add required module to loader.conf when using ZFS
Fixed by commit de3efe409ae on FreeBSD-src... Renato Botelho
03:23 AM Bug #11483: Installer does not add required module to loader.conf when using ZFS
zfs_load="YES" to /boot/loader.conf workaround seems pretty good. Have one more fixed 21.02 ZFS device. Constantine Kormashev
02:57 AM Bug #10959: Traffic graph stopped on interface used via netmap
Can confirm this same behavior exists with Suricata with netmap enabled as well.
However, it appears to be an issu... Scott Morrison

02/21/2021

10:50 PM Feature #11496 (Resolved): Support for NTP Peer mode
If operating two pfSense machines, both of the same Stratum (for example both with GPS and stratum 1), it would be ni... Christian Borchert
07:49 PM Bug #11483: Installer does not add required module to loader.conf when using ZFS
Did a bit more testing and debugging.
The issue is not related to fstab or the drive order recognition.
The i... Sven Gruenitz
02:35 PM Revision 57296da0: Welcome pfSense CE 2.5.0-RELEASE-p1
Renato Botelho
02:28 PM Revision a97987a5: Non local gateways fix. Issue #11433
(cherry picked from commit 087d28fa3f5cfebfd4af7f4a4479b0fac053e062) Viktor Gurov
01:21 PM Regression #11495: NTP widget displays incorrect status
#3567 regression
fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/150 Viktor Gurov
01:12 PM Regression #11495 (Closed): NTP widget displays incorrect status
https://forum.netgate.com/topic/160971/ntp-status:
On my dashboard GUI, I have a widget for NTP Status displayed. In... Viktor Gurov
12:44 PM Bug #11454: Gateway value for DHCP6 interfaces missing after RA events triggered script without gateway information
I'm also having the same problem. Manually setting the monitor address to the link-local address has worked around th... Nick B
12:29 PM Bug #11494: Wireguard interface sends ICMP Redirect when routing between two peers
One last interesting tidbit, similar assumptions causing issues with p2p interfaces in ipv6 which caused issues for W... Blaine Palmer
12:22 PM Bug #11494: Wireguard interface sends ICMP Redirect when routing between two peers
It would appear this may need to be corrected in the FreeBSD upstream.
Possibly relevant:
https://github.com/free... Blaine Palmer
11:25 AM Bug #11494: Wireguard interface sends ICMP Redirect when routing between two peers
Just for reference, it appears a similar issue was observed early in WireGuard's original development.
https://git... Blaine Palmer
10:45 AM Bug #11494 (Rejected): Wireguard interface sends ICMP Redirect when routing between two peers
When PFSense is used to route traffic between two WireGuard peers, it send ICMP Redirect when both peers are on the s... Blaine Palmer
11:24 AM Regression #11316: Unbound crashes with signal 11 when reloading
Pim Janssen wrote:
> I never had any problem with the core system of pfSense on production. Today my unbound died. (... Renato Botelho
10:57 AM Regression #11316: Unbound crashes with signal 11 when reloading
I never had any problem with the core system of pfSense on production. Today my unbound died. (about 5 hours after up... Pim Janssen
08:27 AM Regression #11316 (Feedback): Unbound crashes with signal 11 when reloading
Renato Botelho
08:27 AM Regression #11316: Unbound crashes with signal 11 when reloading
1.13.1 cherry-picked to 2.5.0 branch Renato Botelho
09:31 AM Bug #11453: ``wpa_supplicant`` uses 100% of a CPU core at boot
Jordan Greene wrote:
> I'm using this currently as well but have not encountered any issues with CPU usage on 21.02 ... Matt Johnson
12:10 AM Bug #11453: ``wpa_supplicant`` uses 100% of a CPU core at boot
Jordan Greene wrote:
> I'm using this currently as well but have not encountered any issues with CPU usage on 21.02 ... Hayden Hill
08:28 AM Regression #11433 (Feedback): Gateways with "Use non-local gateway" set are not added to routing table
Cherry picked to 2.5.0 Renato Botelho
05:31 AM pfSense Packages Bug #11493 (New): After upgrade zabbix proxy wont start
Due to database changes between zabbix-proxy versions. The proxy database needs to be removed after upgrading else th... Pim Janssen
03:37 AM Bug #11485 (Duplicate): Second WAN DHCPv6 does affect the first WAN DHCPv6 to not work
duplicate of #6880 Viktor Gurov
01:08 AM Bug #11485: Second WAN DHCPv6 does affect the first WAN DHCPv6 to not work
For sure no. There where too many bugs with IPv6 in general in the past on the WAN side. But with 2.5.0 a lot of them... Dirk Steingäßer
12:12 AM Bug #11485: Second WAN DHCPv6 does affect the first WAN DHCPv6 to not work
Dirk Steingäßer wrote:
> Adding a second DHCPv6 WAN affect the first DHCPv6 WAN to not work anymore. It just stays o... Hayden Hill
03:08 AM pfSense Packages Feature #11492 (Duplicate): there is an Freebsd version available for a splunk universal forwarder
Splunk is great log analyzer. As well there is a free version available.
I my opinion it might be a good idea to u... thiamata thiamata
03:01 AM Feature #11228 (Resolved): Replace HTTP links with HTTPS in the GUI
Viktor Gurov
01:19 AM Bug #9460: OpenVPN local auth failing due to fcgicli output
similar issue: #4521 Viktor Gurov
12:02 AM Bug #9460: OpenVPN local auth failing due to fcgicli output
I am also having the same issue using "Local Database".
The error in the OpenVPN server log is "Connection reset, ... Elon l
01:18 AM pfSense Packages Bug #11491 (Feedback): haproxy-devel v0.62_2 - startup error 'httpchk'
Seeing this error message upon startup (under 2.5.0):
haproxy: startup error output!: [WARNING] 051/015053 (57019)... A S
01:18 AM Bug #4521: OpenVPN authentication and certificate validation fail due to size of data passed through ``fcgicli``
another php-cgi issue: #9460 Viktor Gurov
01:11 AM pfSense Packages Bug #11490 (New): Service Watchdog - Impacts Reboots and Package Updates
All - wasn't quite sure which to attribute this to as its a package, but is impacting standard operation.
Synopsis... A S
 

Also available in: Atom