Project

General

Profile

Activity

From 03/30/2021 to 04/28/2021

04/28/2021

07:21 PM Revision f381d8d8: Move protocol setup outside of foreach. It only needs to happen once
Steve Beaver
05:46 PM Revision 1622230a: Revise resolve_retry timing/action to avoid long delays in ipsec status results
Steve Beaver
05:09 PM Regression #11316: Unbound crashes with signal 11 when reloading
We're reverting to unbound 1.12 in order to restore stability. We have to backport at least one CVE for it, so it's ... Scott Long
04:13 PM Bug #11867 (Closed): Unquoted variable in ``dot.tcshrc`` can cause proxy password to be printed
https://github.com/pfsense/pfsense/blob/a7086b04cae21ca742fdeefd1019ee1401b6dded/src/etc/skel/dot.tcshrc#L71 causes u... John Runyon
02:05 PM Feature #11865 (Pull Request Review): Option to validate OpenVPN peer TLS certificate key usage
Jim Pingle
08:57 AM Feature #11865: Option to validate OpenVPN peer TLS certificate key usage
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/227 Viktor Gurov
08:31 AM Feature #11865 (Resolved): Option to validate OpenVPN peer TLS certificate key usage
As an additional security measure
https://openvpn.net/community-resources/reference-manual-for-openvpn-2-4/:
<pre... Viktor Gurov
12:10 PM Revision 3c8dcdf7: Add needed options to unbound112
Renato Botelho
11:26 AM Bug #11866: Update dnsmasq to 2.85 to fix CVE-2021-3448
pfSense 2.6.0 and pfSense Plus 21.05 appears to have 2.85,1 in the development builds. Kris Phillips
11:26 AM Bug #11866 (Closed): Update dnsmasq to 2.85 to fix CVE-2021-3448
dnsmasq has a new CVE for CVE-2021-3448. Not affected in 2.85 and beyond.
https://www.tenable.com/cve/CVE-2021-... Kris Phillips
09:14 AM Bug #11864: OpenVPN stays bound to previous IP address after interface changes
Currently only DHCP, SNMP, Gateways Monitoring, RRD Graphing and Syslog services are restarted on interface changes.
... Viktor Gurov
08:29 AM Bug #11864 (Resolved): OpenVPN stays bound to previous IP address after interface changes
Setup:
OpenVPN listening on UDP IPv4 on a VIP or physical interface.
Steps to recreate:
# While OpenVPN is runni... Marcos M
08:24 AM Regression #11775: State counters not updating and always show 0/0 since last few updates
I have the same issue on all 2.6.0 builds also. Tigger 2014
08:13 AM Bug #11863 (Resolved): Unable to create nested URL aliases
Adding an URL/URL Table (IPs/Ports) alias produces error:... Viktor Gurov
07:47 AM pfSense Docs New Content #11862 (Closed): Document High Availability IPSec
High Availability is a great feature, but lacks documentation/examples in a couple of areas. I tried to set up a VTI... Bill Somerville
07:40 AM Bug #11831 (Pull Request Review): Certificate Revocation tab does not list active users of CRL entries
Jim Pingle
01:23 AM Bug #11831: Certificate Revocation tab does not list active users of CRL entries
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/226 Viktor Gurov
07:28 AM Bug #6507: GRE and GIF tunnels on dynamic IPv6 interface are not brought up during boot
Updating subject to reflect that the PR corrects both GRE and GIF. Jim Pingle
07:27 AM Bug #11860 (Duplicate): GIF interfaces should be reconfigured when IPv6 address of a WAN-Interface changes
Thorsten Zitterell wrote:
> Viktor Gurov wrote:
> > should be fixed by https://gitlab.netgate.com/pfSense/pfSense/-... Jim Pingle
12:58 AM Bug #11860: GIF interfaces should be reconfigured when IPv6 address of a WAN-Interface changes
Viktor Gurov wrote:
> should be fixed by https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/63
> see #6507... Thorsten Zitterell
12:18 AM Bug #11860: GIF interfaces should be reconfigured when IPv6 address of a WAN-Interface changes
should be fixed by https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/63
see #6507 Viktor Gurov
07:27 AM Bug #11854: DNS resolver stopped by himself with fatal error
Jim Pingle wrote:
> Doesn't look exactly like #11316 but may be related. If not, it's a different Unbound bug that i... Yann Papouin
07:25 AM Bug #11829 (New): OpenVPN client certificate validation with OCSP always fails
Jim Pingle
02:18 AM Bug #11829: OpenVPN client certificate validation with OCSP always fails
Viktor Gurov wrote:
> Duplicate of #11830
Actually it is not duplicate, I've opened two of them as fixes have to ... Konstantin Panchenko

04/27/2021

11:59 PM Bug #11453: ``wpa_supplicant`` uses 100% of a CPU core at boot
MILO MEDIN wrote:
> @rom racer, thanks for doing the build.
>
> I loaded it in 2.5.1 and can confirm it fixes t... Greg Revelle
08:39 PM pfSense Plus Regression #11436: State matching problem with reponses to packets arriving on non-default WANs
This issue is for Plus only. The issue for CE is #11805
 Jim Pingle
08:26 PM Revision dcf96e88: Test for empty negated addrs in pf rules. Fixes #11861
(cherry picked from commit 5401382ae85e57cd475d9460cde5732b755525a0) Jim Pingle
08:25 PM Revision 5401382a: Test for empty negated addrs in pf rules. Fixes #11861
Jim Pingle
07:42 PM Revision b3b62e67: Do not read cert key details if parsing key failed. Fixes #11859
(cherry picked from commit 55dc00701011c2547a55dabf7716d2939cadc509) Jim Pingle
07:41 PM Revision 55dc0070: Do not read cert key details if parsing key failed. Fixes #11859
Jim Pingle
07:22 PM Revision 7a010ad2: Fix PHP error in upgrade code. Fixes #11801
Change upgrade_212_to_213() so it unsets variables individually after
first testing if they are set. This avoids an e... Jim Pingle
07:21 PM Revision a6edfe27: Fix PHP error in upgrade code. Fixes #11801
Change upgrade_212_to_213() so it unsets variables individually after
first testing if they are set. This avoids an e... Jim Pingle
03:39 PM Bug #11407 (Closed): Removing a WireGuard tunnel in a middle position can break Add button behavior
Jim Pingle
03:38 PM Feature #11576 (In Progress): IPsec GUI option to control Child SA ``start_action``
Jim Pingle
03:35 PM Bug #11861 (Feedback): Error loading rules in certain cases where an interface is temporarily without an address
Applied in changeset commit:5401382ae85e57cd475d9460cde5732b755525a0. Jim Pingle
03:33 PM Bug #11861: Error loading rules in certain cases where an interface is temporarily without an address
As luck would have it that WAN just failed again and I was able to confirm that the fix I checked in corrects the pro... Jim Pingle
03:22 PM Bug #11861 (Closed): Error loading rules in certain cases where an interface is temporarily without an address
Had an interface event on my edge firewall yesterday where one WAN lost its interface address and resulted in an inva... Jim Pingle
02:56 PM Bug #11860 (Duplicate): GIF interfaces should be reconfigured when IPv6 address of a WAN-Interface changes
I have successfully configured my router for DS-lite (NetCom BW, Germany) using PPPoE for initial WAN setup (IPv4 & I... Thorsten Zitterell
02:50 PM Bug #11859 (Feedback): PHP error on certificate list due to unreadable private key
Applied in changeset commit:55dc00701011c2547a55dabf7716d2939cadc509. Jim Pingle
02:41 PM Bug #11859 (Closed): PHP error on certificate list due to unreadable private key
If a certificate private key is present, but corrupted and cannot be read, it can result in the following PHP error:
... Jim Pingle
02:30 PM Bug #11801 (Feedback): PHP error in ``upgrade_212_to_213()`` when upgrading certain IPsec tunnels
Applied in changeset commit:a6edfe2763df01132d56199faf9ac1dc99471f1c. Jim Pingle
02:27 PM Regression #11524: Using SHA1 or SHA256 with AES-NI may fail if AES-NI attempts to accelerate hashing
Another fix [1] was imported from FreeBSD and will be present on tomorrow's snapshots
[1] https://cgit.freebsd.org... Renato Botelho
11:17 AM pfSense Packages Todo #11845 (Resolved): Update OpenVPN client export installers to 2.5.2
Jim Pingle
11:12 AM pfSense Packages Todo #11845: Update OpenVPN client export installers to 2.5.2
Jim Pingle wrote:
> Need to test that the Windows installer export buttons download a working executable installer w... Viktor Gurov
09:47 AM Bug #11858 (Rejected): OpenVPN Client Interface Change Requires Reboot to Take Effect
This site is not for support or diagnostic discussion, and reports of issues on obsolete versions are also invalid.
... Jim Pingle
09:29 AM Bug #11858 (Rejected): OpenVPN Client Interface Change Requires Reboot to Take Effect
2.4.5-RELEASE-p1, Netgate SG-5100
Just as the subject says. I tried restarting the service, and disabling the VPN... Web Dawg
09:29 AM Regression #11839: Panic on 21.05/2.6.0 snapshots when memory usage is high
This continues to be simple to hit and quite annoying. Installs that worked fine for years all of a sudden can't run ... Jim Pingle
09:21 AM Regression #11857 (Closed): Match rules cause pf error parsing rules
Having a match rule, either manually or from ALTQ traffic shaping, leads to a pfctl error loading the rules:... Jim Pingle
09:16 AM pfSense Packages Bug #10436: softflowd no longer sends flow data after upgrade (v0.9.9_1 -> v1.0.0)
see:
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=255206
https://github.com/irino/softflowd/issues/38
 Viktor Gurov
08:56 AM Regression #11805: Port forward rules only function through the default gateway interface, ``reply-to`` does not work for Multi-WAN (CE Only)
Jens Groh wrote:
> If you don't mind: if the fix was checked into RELENG_2_5_0, could you post the fix/patch ID so o... Jim Pingle
08:53 AM Regression #11805: Port forward rules only function through the default gateway interface, ``reply-to`` does not work for Multi-WAN (CE Only)
Jim Pingle wrote:
> 2.6.0 snapshots are currently working correctly, and the fix was checked into RELENG_2_5_0. What... Jens Groh
08:33 AM Bug #11855 (Pull Request Review): Error when changing MTU if the interface is used for both IPv4 and IPv6 default routes
Jim Pingle
06:23 AM Bug #11855: Error when changing MTU if the interface is used for both IPv4 and IPv6 default routes
fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/225 Viktor Gurov
05:59 AM Bug #11855 (Resolved): Error when changing MTU if the interface is used for both IPv4 and IPv6 default routes
How to reproduce:
1) Configure both IPv4 and IPv6 default gateways on interface
2) Change interface MTU
3) Result:... Viktor Gurov
08:32 AM pfSense Packages Bug #11756 (Pull Request Review): HaProxy does not transfer backend states during reload
Jim Pingle
05:19 AM pfSense Packages Bug #11756: HaProxy does not transfer backend states during reload
fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/82 Viktor Gurov
08:31 AM Bug #11854 (Closed): DNS resolver stopped by himself with fatal error
Doesn't look exactly like #11316 but may be related. If not, it's a different Unbound bug that is out of our control.... Jim Pingle
03:08 AM Bug #11854 (Closed): DNS resolver stopped by himself with fatal error
2.5.1-RELEASE (amd64)
built on Mon Apr 12 07:50:14 EDT 2021
Please note that nobody was editing pfsense settings... Yann Papouin
08:28 AM pfSense Packages Bug #11847 (Pull Request Review): Filters not applied to PEER Groups
Jim Pingle
02:44 AM pfSense Packages Bug #11847: Filters not applied to PEER Groups
fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/81 Viktor Gurov
08:26 AM Bug #11850 (Pull Request Review): NTP authentication input validation rejects valid keys
Jim Pingle
02:23 AM Bug #11850: NTP authentication input validation rejects valid keys
An MD5 key is a string of 20 random printable ASCII characters,
while a SHA key is a string of 40 random hex digits.... Viktor Gurov
08:01 AM pfSense Packages Bug #11853 (Duplicate): softflowd not sending flow data
Duplicate of #10436 Jim Pingle
08:01 AM Feature #11856: Replace/add Alias or DNS names for known LAN addresses in the State table
This is unlikely to be viable because it would scale very poorly. That said, if someone can come up with a way to do ... Jim Pingle
07:16 AM Feature #11856 (New): Replace/add Alias or DNS names for known LAN addresses in the State table
Looking at the State table it would be nice to have internal addresses shown as DNS names or aliases if it can be res... John Weithman

04/26/2021

10:53 PM Bug #11820: Backup restore problem with webConfigurator
Marcos Mendoza wrote:
> It may be that the webconfigurator needs to be restarted after the restore. Would you be abl... Marcelo Gondim
10:36 PM pfSense Packages Bug #11853 (Duplicate): softflowd not sending flow data
No flows being exported from the firewall (as reported by capture on the firewall) and hence no flows being collected... Nigel Smith
06:23 PM Bug #11453: ``wpa_supplicant`` uses 100% of a CPU core at boot
MILO MEDIN wrote:
> @rom racer, thanks for doing the build.
>
> I loaded it in 2.5.1 and can confirm it fixes t... Matt Johnson
06:15 PM Bug #11453: ``wpa_supplicant`` uses 100% of a CPU core at boot
@rom racer, thanks for doing the build.
I loaded it in 2.5.1 and can confirm it fixes the issue for me too.
MILO MEDIN
02:25 PM Regression #11795: Applying IPsec settings for more than ~30 tunnels times out PHP
I would add that it also takes a LONG time to pull ipsec status. Core Team
01:08 PM Bug #11852 (Resolved): State table content on ``diag_dump_states.php`` does not sort properly
Not sure if bug or regression. But Columns in the diag_dump_states.php will not sort
You can click on the column ... JohnPoz _
08:22 AM Bug #11678 (Resolved): Certificate Manager does not report Unbound as using a certificate
It works. It shows as in use when the certificate is active ("Enable SSL/TLS Service" checked), and it doesn't show i... Jim Pingle
08:07 AM pfSense Docs Todo #11849 (Rejected): CARP mode when upgrading HA clusters
This is all as expected.
If the button says "Enter ..." then it's not in maintenance mode. If the button says "Lea... Jim Pingle
07:53 AM pfSense Packages Todo #11845: Update OpenVPN client export installers to 2.5.2
Need to test that the Windows installer export buttons download a working executable installer which installs the exp... Jim Pingle
03:05 AM Bug #11851 (Closed): /etc/rc.start_packages double-starts some packages
During boot process, /etc/rc.start_packages double starts some packages, slowing down boot significantly in some case... Dave Tickem

04/25/2021

05:58 PM Bug #11453: ``wpa_supplicant`` uses 100% of a CPU core at boot
Hayden Hill wrote:
> rom racer wrote:
> > @Milo Medin, great find! I've published some details on the pfatt issue ... Matt Johnson
03:33 PM Bug #10955: XMLRPC sync results in an error when a failover peer IP address is specified in DHCP server settings for an unconfigured interface
Same for me, bug is present again Manuel Trier

04/24/2021

08:09 PM Bug #11453: ``wpa_supplicant`` uses 100% of a CPU core at boot
rom racer wrote:
> @Milo Medin, great find! I've published some details on the pfatt issue here as well as a patche... Hayden Hill
07:50 PM Bug #11453: ``wpa_supplicant`` uses 100% of a CPU core at boot
@Milo Medin, great find! I've published some details on the pfatt issue here as well as a patched wpa_supplicant:
... rom racer
06:54 PM pfSense Packages Bug #11753 (Resolved): Enabling DNS over HTTPS/TLS Blocking in pfBlockerNG Causes Crash
Confirmed pfBlockerNG 3.0.0_16 fixes this issue. There is a form validation that pops up at the top with a message n... Kris Phillips
06:14 PM pfSense Packages Bug #11711: New Squid Status Page Non-Functional
Based on the error messages, it would seem it's something with TLS negotiation, which is odd since it works fine with... Kris Phillips
06:13 PM pfSense Packages Bug #11711: New Squid Status Page Non-Functional
Status page with squidGuard disabled:
Squid Object Cache: Version 4.13
Build Info:
Service Name: squid
Start Ti... Kris Phillips
06:12 PM pfSense Packages Bug #11711: New Squid Status Page Non-Functional
Error message that shows up in the Status page with squidGuard enabled:
HTTP/1.1 503 Service Unavailable
Server: ... Kris Phillips
06:08 PM pfSense Packages Bug #11711: New Squid Status Page Non-Functional
Confirmed. You only need to enable squidGuard for the issue to become present. If you have it installed, but disabl... Kris Phillips
05:19 PM pfSense Packages Todo #11845: Update OpenVPN client export installers to 2.5.2
21.02.2 reports the following versions while installing OvpnCE in package manager - openvpn-client-export-2.5.2/pfSen... Jordan G
03:50 PM Feature #11750: Support for network interfaces using the ``qlnxe`` driver
Viktor Gurov wrote:
> https://gitlab.netgate.com/pfSense/FreeBSD-src/-/merge_requests/11
That GitLab link seems b... Layla Mah
12:44 PM Bug #11850 (Closed): NTP authentication input validation rejects valid keys
I run into issues with the "Enable NTPv3 authentication (RFC 1305)" and more precisely whit entering a valit SHA-1 ke... Thomas Paetzold
12:11 PM Bug #11678: Certificate Manager does not report Unbound as using a certificate
Tested on the latest Development version.
It still doesn't show Unbound as a user of the certificate. I was able ... Danilo Zrenjanin
12:04 PM Feature #11790: Support hiding interface groups via special tag
Sure
https://github.com/theonemcdonald/pfSense-pkg-WireGuard
https://youtu.be/ljcJE7bZNWE
https://github.com... Christian McDonald
09:10 AM Feature #11790: Support hiding interface groups via special tag
Can you provide an example of how this would benefit a package? It'd be nice to have some context, thanks! Marcos M
10:25 AM pfSense Docs Todo #11849 (Rejected): CARP mode when upgrading HA clusters

The current documentation:
https://docs.netgate.com/pfsense/en/latest/install/upgrade-guide-ha.html
says to d... Nick Carr
09:00 AM Bug #11815: NoIP.com Dynamic DNS update failure is not detected properly
The logs make it sound less like it failed to update with the service, and more-so that the public IP at the time rem... Marcos M
08:48 AM Bug #11820: Backup restore problem with webConfigurator
It may be that the webconfigurator needs to be restarted after the restore. Would you be able to test again, and rest... Marcos M

04/23/2021

09:05 PM pfSense Packages Bug #11848 (New): Issue with squid cache download speed
I found a strange problem, when testing squid's cache using https://www.internode.on.net/support/tools/speed_test/
T... ageekhere ageekhere
01:33 PM Regression #11795: Applying IPsec settings for more than ~30 tunnels times out PHP
There must be more to it than just the number of tunnels. I generated a config with 40 dummy tunnels and it applies t... Jim Pingle
10:01 AM pfSense Packages Bug #11847 (Resolved): Filters not applied to PEER Groups
When creating a Peer group and adding an AS/Prefix filter or route map to the peer group, the generated configuration... Grant Gordon
07:18 AM Bug #11846 (Pull Request Review): Logging configuration added by a package is not removed on uninstall
Jim Pingle
12:51 AM Bug #11846: Logging configuration added by a package is not removed on uninstall
fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/223 Viktor Gurov
12:43 AM Bug #11846 (Resolved): Logging configuration added by a package is not removed on uninstall
How to reproduce:
1) Install HAProxy-devel;
2) Check /var/etc/syslog.d/haproxy.log.conf file;
3) Uninstall HAPro... Viktor Gurov
12:13 AM Regression #11751: Input validation prevents creating 1:1 NAT rules on IPsec
Fiden Galvez wrote:
> Hi Victor:
> Please could you share again the fix, cause he link looks like it is dead.
 Viktor Gurov

04/22/2021

06:10 PM Revision 697a99c1: Improve Captive Portal redirect URL handling.
* Fix handling of after auth redir URL value so it gets properly
respected as stated in the GUI. Fixes #11842
* Fix u... Jim Pingle
06:05 PM Revision de9ba32b: Improve Captive Portal redirect URL handling.
* Fix handling of after auth redir URL value so it gets properly
respected as stated in the GUI. Fixes #11842
* Fix u... Jim Pingle
03:12 PM pfSense Packages Todo #11845 (Feedback): Update OpenVPN client export installers to 2.5.2
Done. Available now in OpenVPN client export pkg version 1.6 on Plus 21.02.2 and CE 2.5.1.
Will be in snapshots fo... Jim Pingle
02:31 PM pfSense Packages Todo #11845 (Resolved): Update OpenVPN client export installers to 2.5.2
OpenVPN 2.5.2 fixes some bugs and a noteworthy CVE, "CVE-2020-15078":https://community.openvpn.net/openvpn/wiki/CVE-2... Jim Pingle
02:44 PM Regression #11751: Input validation prevents creating 1:1 NAT rules on IPsec
Hi Victor:
Please could you share again the fix, cause he link looks like it is dead.
Thank you Fiden Galvez
02:36 PM Todo #11844 (Feedback): Update OpenVPN to 2.5.2
Added to 2.6.0/21.05 Renato Botelho
02:28 PM Todo #11844 (Closed): Update OpenVPN to 2.5.2
OpenVPN 2.5.2 fixes some bugs and a noteworthy CVE, "CVE-2020-15078":https://community.openvpn.net/openvpn/wiki/CVE-2... Jim Pingle
01:20 PM Bug #11843 (Feedback): Potential XSS vulnerability in Captive Portal ``redirurl`` handling
Applied in changeset commit:de9ba32bd3531ccf74e143391deaacb77e085097. Jim Pingle
12:53 PM Bug #11843 (Closed): Potential XSS vulnerability in Captive Portal ``redirurl`` handling
The value of @redirurl@ is passed as-is from the client URL into a page result served to users in certain cases. If a... Jim Pingle
01:20 PM Bug #11842 (Feedback): Captive Portal post-auth redirect is not properly respected
Applied in changeset commit:de9ba32bd3531ccf74e143391deaacb77e085097. Jim Pingle
12:53 PM Bug #11842 (Closed): Captive Portal post-auth redirect is not properly respected
The value of "After authentication Redirection URL" in Captive Portal is supposed to override the automatically detec... Jim Pingle
10:11 AM Regression #11839: Panic on 21.05/2.6.0 snapshots when memory usage is high
Attaching another crash with a potentially more interesting backtrace. Jim Pingle
09:03 AM Regression #11839 (Closed): Panic on 21.05/2.6.0 snapshots when memory usage is high
On several systems (hardware and VMs) running Plus 21.05 and CE 2.6.0 snapshots I am seeing panics when the systems a... Jim Pingle
09:30 AM pfSense Packages Bug #11841 (New): FRR access lists default bahavior changed to permit by default
Free Range Routing's Access List behavior in pfSense 2.5.x has changed fundamentally from previous versions, changing... Gavin Owen
08:30 AM pfSense Packages Bug #11838 (Needs Patch): FRR ospf6d consumes all available memory+swap after an interface event
In certain cases ospf6d will consume all RAM and swap after an interface event. For me, the easiest way to reproduce ... Jim Pingle
07:11 AM Bug #11586 (Not a Bug): WireGuard panic when saving many times in a row
Jim Pingle
06:34 AM Bug #11586: WireGuard panic when saving many times in a row
Unable to reproduce this on the latest kmod code..and I've been quite aggressive at building and tearing down tunnels... Christian McDonald
07:08 AM pfSense Packages Feature #11837 (New): Increase field length of FRR Networks in Access Lists and Prefix Lists
The field lengths for the network statements within the Free Range Routing package's Access Control List and Prefix-L... Gavin Owen
06:40 AM pfSense Packages Bug #11836 (Confirmed): FRR ACCEPTFILTER shows out of order prefix-list
Adding entries to the ACCEPTFILTER prefix-list creates erratic behavior within the FRR running configuration.
Have... Gavin Owen
06:32 AM Bug #11587: WireGuard interfaces do not have data on traffic graphs
Bumping this so Renato sees it, since we are closing issues :) Christian McDonald
06:05 AM Bug #11600 (Not a Bug): WireGuard interfaces should have MSS clamping enabled by default
Renato Botelho
05:42 AM Bug #11600: WireGuard interfaces should have MSS clamping enabled by default
This seems to no longer be a requirement, as WireGuard by design should be able to pass larger MTUs within the tunnel... Christian McDonald
06:05 AM Bug #11339 (Not a Bug): Odd console output when WireGuard is running
Renato Botelho
05:41 AM Bug #11339: Odd console output when WireGuard is running
Not seeing this on the latest kmod code Christian McDonald
04:53 AM Bug #8618: 2.4.4 *possible bug* with Intel C3858 and Interface Auto-Detection on 10Gb interfaces
Sorry for reviving an old thread but the problem remains in 2021.
I just purchased a Supermicro A2SDi-TP8F and the... Alexandre Tatut
03:19 AM Bug #11830: Certificate validation with OCSP always fails in ``openvpn.tls-verify.php``
see also #11829 Viktor Gurov
03:19 AM Bug #11829 (Duplicate): OpenVPN client certificate validation with OCSP always fails
Duplicate of #11830 Viktor Gurov
03:02 AM pfSense Packages Bug #11835 (New): FRR OSPF redistributed connected routes disappearing
pfSense/FRR is flushing and repropagating certain OSPF routes unnecessarily, causing outages.
Scenario is two fire... Gavin Owen
01:52 AM Feature #11164 (Resolved): Input validation to prevent setting a load balancing gateway group as default
Viktor Gurov

04/21/2021

09:19 PM Feature #11164: Input validation to prevent setting a load balancing gateway group as default
note is added (attached)
2.6.0-DEVELOPMENT (amd64)
built on Wed Apr 21 01:03:55 EDT 2021
FreeBSD 12.2-STABLE Alhusein Zawi
04:05 PM Bug #11834 (Rejected): Default gateway unsets (world icon goes) & default route changes from IP to MAC address
This site is not for support or diagnostic discussion and there is not enough information here to suggest it is a bug... Jim Pingle
03:46 PM Bug #11834: Default gateway unsets (world icon goes) & default route changes from IP to MAC address
Ben Edmunds wrote:
> I have recently added a second WAN link and notice that around once every 8 or so hours my defa... Tigger 2014
03:42 PM Bug #11834 (Rejected): Default gateway unsets (world icon goes) & default route changes from IP to MAC address
I have recently added a second WAN link and notice that around once every 8 or so hours my default route is broken an... Tigger 2014
02:33 PM Bug #11502 (Not a Bug): WireGuard ``matchaddr failed`` kernel messages in system log
Renato Botelho
02:10 PM Bug #11502: WireGuard ``matchaddr failed`` kernel messages in system log
Unable to reproduce this now with latest kmod code. Christian McDonald
01:41 PM Regression #11795: Applying IPsec settings for more than ~30 tunnels times out PHP
Currently running on 21.02.2-RC code on zColo vpn concentrators, along with a patch to fix VTI creation issues after ... Core Team
11:48 AM Bug #11828: PPPOE not working VPN not workin Blocking internet and pfsense gui is blocked after upgrade 2.4.5 to 2.5.1
also Nord VPN is down will not connect or if it doesn no internet and then goes down
Site to Site OPENVPN does co... mike nah
11:19 AM Bug #11828: PPPOE not working VPN not workin Blocking internet and pfsense gui is blocked after upgrade 2.4.5 to 2.5.1
also packages dont import it sticks on Please wait while the update system initializes
does nothing i guess thats n... mike nah
08:06 AM Bug #11828: PPPOE not working VPN not workin Blocking internet and pfsense gui is blocked after upgrade 2.4.5 to 2.5.1
i seen the ppp on the 2.4.5 so your saying it gets deleted in 2.5.1. so i gotta re add it
PPPOe WAN OpenVPN ... mike nah
07:55 AM Bug #11828: PPPOE not working VPN not workin Blocking internet and pfsense gui is blocked after upgrade 2.4.5 to 2.5.1
Jim Pingle wrote:
> I can't reproduce anything like that here on PPPoE -- please keep the discussion going on your f... mike nah
07:40 AM Bug #11828 (Not a Bug): PPPOE not working VPN not workin Blocking internet and pfsense gui is blocked after upgrade 2.4.5 to 2.5.1
I can't reproduce anything like that here on PPPoE -- please keep the discussion going on your forum thread until a m... Jim Pingle
09:48 AM Regression #11805: Port forward rules only function through the default gateway interface, ``reply-to`` does not work for Multi-WAN (CE Only)
2.6.0 snapshots are currently working correctly, and the fix was checked into RELENG_2_5_0. Whatever release happens ... Jim Pingle
09:42 AM Regression #11805: Port forward rules only function through the default gateway interface, ``reply-to`` does not work for Multi-WAN (CE Only)
I don't know if this is substantial new information, especially if a fix is already under development. But what I fig... Emanuel Birkmann
07:16 AM Regression #11805 (Feedback): Port forward rules only function through the default gateway interface, ``reply-to`` does not work for Multi-WAN (CE Only)
I cleaned up the comments again. *Please do not comment unless you have substantial new information*. Otherwise, keep... Jim Pingle
01:05 AM Regression #11805: Port forward rules only function through the default gateway interface, ``reply-to`` does not work for Multi-WAN (CE Only)
Adam Kuklycz wrote:
> Now, with Jim removing a handful of comments saying they too have the issue, it gives the perc... Kristof Provost
09:45 AM Revision 91bdd4ef: Do not remove IPv6 link-local vips on secondary during hasync, refs: #11103
znerol
09:44 AM Revision 55b55478: Do not remove route upon radvd shutdown, refs: #11103
znerol
09:02 AM Bug #11188 (Resolved): MultiWAN setup NAT issue
Resolved in #11436 Viktor Gurov
08:03 AM Bug #11833 (Rejected): Bugg version 2.5.0 and 2.5.1
This site is not for support or diagnostic discussion.
For assistance in solving problems, please post on the "Net... Jim Pingle
07:59 AM Bug #11833 (Rejected): Bugg version 2.5.0 and 2.5.1
Hello,
Since I upgraded to version 2.5.0, my OPENVPN goes down and then the DHCP also goes down and I don't have acc... Francis TAISANERIE
08:00 AM Bug #11832 (Pull Request Review): ``ipsec_vti()`` does not skip disabled VTI entries
Jim Pingle
05:09 AM Bug #11832: ``ipsec_vti()`` does not skip disabled VTI entries
fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/222 Viktor Gurov
05:06 AM Bug #11832 (Closed): ``ipsec_vti()`` does not skip disabled VTI entries
https://github.com/pfsense/pfsense/blob/3af1961155caafb890cfb635d7278e1498ae7423/src/etc/inc/ipsec.inc#L959:... Viktor Gurov
07:49 AM Feature #11103 (Pull Request Review): Use virtual link local IP address as RA source address for HA environments
Jim Pingle
05:03 AM Feature #11103: Use virtual link local IP address as RA source address for HA environments
Found another thing I've missed before:
https://github.com/pfsense/pfsense/pull/4515 znerol znerol
07:43 AM Regression #11806 (Pull Request Review): IPv4 link-local (``169.254.x.x``) gateway does not function
Jim Pingle
05:16 AM Regression #11806: IPv4 link-local (``169.254.x.x``) gateway does not function
Viktor Gurov wrote:
> Jim Pingle wrote:
> > Limiting the change from #11713 to only IPv6 addresses partially solves... Viktor Gurov
01:13 AM Regression #11806: IPv4 link-local (``169.254.x.x``) gateway does not function
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/221
"route has not been found" - another issue and not... Viktor Gurov
07:11 AM Bug #11808 (Resolved): Ignore WireGuard configurations under ``<installedpackages></installedpackages>``
Renato Botelho
04:50 AM Bug #11808: Ignore WireGuard configurations under ``<installedpackages></installedpackages>``
This is working as expected! Christian McDonald
04:04 AM Bug #11662 (Pull Request Review): QinQ using OpenVPN ``ovpn`` interface as a parent is not configured at boot time
Viktor Gurov
03:43 AM Bug #11831 (Resolved): Certificate Revocation tab does not list active users of CRL entries
Unlike "CAs" and "Certificates" pages, "Certificate Revocation" doesn't show the services names in the "In Use" colum... Viktor Gurov
02:59 AM Bug #11290: Package ``<plugins>`` and ``<tabs>`` content missing from configuration in some cases
Jeremy Utley wrote:
> I am encountering this exact issue on 2.5.1 now. I have a pair of 2.5.1 PFSense CE installs w... Viktor Gurov

04/20/2021

09:53 PM Bug #11830 (Closed): Certificate validation with OCSP always fails in ``openvpn.tls-verify.php``
Certificate validation by the script will always fail:
1. exec function used to call "openssl ocsp" returns only the... Konstantin Panchenko
09:40 PM Bug #11829 (Closed): OpenVPN client certificate validation with OCSP always fails
Establishing OpenVPN tunnel will always fail if "Check client certificates with OCSP" enabled.
OpenVPN will call "ov... Konstantin Panchenko
08:58 PM Regression #11524 (Feedback): Using SHA1 or SHA256 with AES-NI may fail if AES-NI attempts to accelerate hashing
Regression fixed in 2.6 devel. Luiz Souza
12:53 PM Regression #11524: Using SHA1 or SHA256 with AES-NI may fail if AES-NI attempts to accelerate hashing
After inspecting the code, disabling the SHA functionality in AES-NI is the best course of action. Jim Pingle
07:53 PM Bug #11828 (Not a Bug): PPPOE not working VPN not workin Blocking internet and pfsense gui is blocked after upgrade 2.4.5 to 2.5.1
i not sure if i filled in the problems the in proper format you guys want from the page requirements.. hope its ok
... mike nah
06:41 PM Regression #11805: Port forward rules only function through the default gateway interface, ``reply-to`` does not work for Multi-WAN (CE Only)
I also have the same problem! Reinaldo Alves Feitosa
04:07 PM pfSense Packages Feature #11827 (New): Please include acme deploy folder/scripts
The acme project includes a @deploy@ folder with several dozen scripts available to the --deploy-hook switch.
pfSe... Pete Holzmann
02:02 PM pfSense Packages Feature #11826 (New): Preserve acme SAN Method parameters for new cert creations
In a given environment, it is very likely that SAN Method parameters (eg API Token) will be identical for every SAN c... Pete Holzmann
01:55 PM pfSense Plus Regression #11436: State matching problem with reponses to packets arriving on non-default WANs
Hi Kristof,
Sorry, my test was been incorrect, NPt actually works on 21.02.2-RELEASE (amd64).
My firewall rule wa... DRago_Angel [InV@DER]
01:23 PM pfSense Plus Regression #11436: State matching problem with reponses to packets arriving on non-default WANs
<removed> DRago_Angel [InV@DER]
06:49 AM pfSense Plus Regression #11436: State matching problem with reponses to packets arriving on non-default WANs
Please post your full configuration file (censor any passwords / keys) or e-mail it to me at kprovost@netgate.com.
Y... Kristof Provost
11:33 AM Bug #11678: Certificate Manager does not report Unbound as using a certificate
Jim Pingle wrote:
> Not so critical we need to rush it into this release, but the next one, sure.
Here's the real... Pete Holzmann
10:45 AM Feature #11825: Assign IPv6 address to WAN with PD-only ISP
Jim Pingle wrote:
> It's not viable to have addresses from the same subnet on two different interfaces. It places th... Jonathan Grande
10:22 AM Feature #11825 (Rejected): Assign IPv6 address to WAN with PD-only ISP
It's not viable to have addresses from the same subnet on two different interfaces. It places them into the same subn... Jim Pingle
10:09 AM Feature #11825 (Rejected): Assign IPv6 address to WAN with PD-only ISP
When the WAN interface is set to "request only an IPv6 prefix" (which is required by some ISPs), no IPv6 address is a... Jonathan Grande
08:41 AM Bug #11290: Package ``<plugins>`` and ``<tabs>`` content missing from configuration in some cases
I am encountering this exact issue on 2.5.1 now. I have a pair of 2.5.1 PFSense CE installs with IPSec connections t... Jeremy Utley
07:01 AM pfSense Packages Bug #11711: New Squid Status Page Non-Functional
it works fine after disabling SquidGuard Viktor Gurov
03:58 AM Feature #11406: GUI option to set MTU for L2TP VPN server
Alhusein Zawi wrote:
> There is no option to change MTU in L2TP VPN server
Please check on the latest 2.6 snapsho... Viktor Gurov
03:48 AM Regression #11806: IPv4 link-local (``169.254.x.x``) gateway does not function
Jim Pingle wrote:
> Limiting the change from #11713 to only IPv6 addresses partially solves the problem but also res... Viktor Gurov
01:50 AM Bug #11824 (Duplicate): pfSense 2.5.1 multi-WAN accepts inbound traffic only on default gatway
Duplicate of #11805 Viktor Gurov
12:29 AM Bug #11824 (Duplicate): pfSense 2.5.1 multi-WAN accepts inbound traffic only on default gatway
Before upgrade to 2.5.1, a dual-WAN device did accept inbound IPv4 traffic on both WAN connections according to NAT a... Michael Schefczyk
12:38 AM pfSense Plus Bug #11807: HA setup restarts all OpenVPN instances on the secondary after making any change on the primary
Edgar Escoboza wrote:
> PfSenseVersion.png demonstrates that we are on the latest version of the PfSense+
> CodeRev... Viktor Gurov

04/19/2021

08:30 PM pfSense Docs Todo #11812: Feedback on pfSense Configuration Recipes — Configuring IPv6 Through A Tunnel Broker Service
I disabled the GIF interface, DHCPv6, RA, IPv6 on LAN, and booted. I enabled them again and I could ping it as soon ... Steve Y
10:19 AM pfSense Docs Todo #11812: Feedback on pfSense Configuration Recipes — Configuring IPv6 Through A Tunnel Broker Service
I meant the actual pf ruleset not what was in the GUI -- /tmp/rules.debug or "pfctl -sr" output -- Since obviously wh... Jim Pingle
10:13 AM pfSense Docs Todo #11812: Feedback on pfSense Configuration Recipes — Configuring IPv6 Through A Tunnel Broker Service
Feel free to tell me to post in the forum, I thought a few times about where to suggest/report this. :)
The block:... Steve Y
09:58 AM pfSense Docs Todo #11812: Feedback on pfSense Configuration Recipes — Configuring IPv6 Through A Tunnel Broker Service
Ah, I misread that part and only caught that DNS wasn't working. Maybe a forced filter reload would have done it then... Jim Pingle
09:48 AM pfSense Docs Todo #11812: Feedback on pfSense Configuration Recipes — Configuring IPv6 Through A Tunnel Broker Service
DNS shouldn't affect pinging the IPv6 LAN IP though? Also why would the default block rule trigger? Could it be pfS... Steve Y
09:37 AM pfSense Docs Todo #11812: Feedback on pfSense Configuration Recipes — Configuring IPv6 Through A Tunnel Broker Service
Most likely the only thing you missed was restarting the DNS Resolver at the end of the process so that it could bind... Jim Pingle
06:23 PM pfSense Packages Feature #11823 (New): Route handling enhancements
In some cases, we have hundreds of routes from OSPF protocol and we only want to accept few of them in the local rout... Bruno Solal
03:06 PM Revision f91870d1: Load MAC OEM list when preparing ARP table. Fixes #11819
(cherry picked from commit 3af1961155caafb890cfb635d7278e1498ae7423) Jim Pingle
03:05 PM Revision 3af19611: Load MAC OEM list when preparing ARP table. Fixes #11819
Jim Pingle
02:55 PM pfSense Packages Bug #11822 (Resolved): Upgrade ClamAV to 0.103.2
To address https://www.tenable.com/plugins/nessus/148516 ClamAV should be upgraded to 0.103.2 Max Leighton
02:53 PM Bug #11821 (Rejected): Upgrade libcurl to version 7.76.0
To address CVE https://www.tenable.com/plugins/nessus/148517 libcurl should be upgraded to 7.76.0. Max Leighton
01:33 PM Bug #11820 (Rejected): Backup restore problem with webConfigurator
Hi all,
A PFSense server that I have, had a disk problem and stopped working. For my peace of mind I have regular ... Marcelo Gondim
01:15 PM Regression #11316: Unbound crashes with signal 11 when reloading
This really is a show stopper for us, I've upgraded from 2.4.5 2 days ago and now our unbound server is crashing cons... Christian Bourque
07:29 AM Regression #11316 (In Progress): Unbound crashes with signal 11 when reloading
Mike Farmwald wrote:
> Is there any hope for a fix? It's been quite a while and I don't see any progress.
> I'm hap... Jim Pingle
12:27 PM pfSense Plus Bug #11807: HA setup restarts all OpenVPN instances on the secondary after making any change on the primary
Marcos Mendoza wrote:
> This patch was applied to both pfSense Plus and CE. If you believe there is a regression or ... Edgar Escoboza
10:15 AM Regression #11819 (Feedback): MAC address OEM information missing from ARP table
Applied in changeset commit:3af1961155caafb890cfb635d7278e1498ae7423. Jim Pingle
10:05 AM Regression #11819 (Closed): MAC address OEM information missing from ARP table
The MAC OEM information usually displayed after MAC addresses is missing from the ARP table display on diag_arp.php. ... Jim Pingle
09:44 AM Bug #11816 (Pull Request Review): RFC 2136 Dynamic DNS client uses IPv6 alias VIP instead of Track IPv6 address for AAAA records
Jim Pingle
07:01 AM Bug #11816: RFC 2136 Dynamic DNS client uses IPv6 alias VIP instead of Track IPv6 address for AAAA records
fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/220 Viktor Gurov
06:08 AM Bug #11816 (Resolved): RFC 2136 Dynamic DNS client uses IPv6 alias VIP instead of Track IPv6 address for AAAA records
https://forum.netgate.com/topic/163023/ddns-rfc-2136-client-uses-ula-instead-of-gua-for-aaaa:
"I have an Interface w... Viktor Gurov
09:39 AM Bug #11793 (Pull Request Review): OpenVPN client starts when CARP VIP is in BACKUP status when bound to Virtual IP aliased to CARP VIP
Jim Pingle
04:47 AM Bug #11793: OpenVPN client starts when CARP VIP is in BACKUP status when bound to Virtual IP aliased to CARP VIP
fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/219 Viktor Gurov
09:38 AM Bug #11792 (Pull Request Review): Cannot disable IPsec P1 when related P2s are in VTI mode and enabled
Jim Pingle
02:34 AM Bug #11792: Cannot disable IPsec P1 when related P2s are in VTI mode and enabled
fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/218 Viktor Gurov
08:45 AM Bug #11818: Mixed use of aliases in a port range produces unloadable ruleset
I see PHP error when trying to reproduce the same fw rules (pfSense 2.6.0.a.20210416.0100):... Viktor Gurov
07:34 AM Bug #11818 (Resolved): Mixed use of aliases in a port range produces unloadable ruleset
Using a combination of port numbers or system aliases and user ports aliases in a port forward port range creates a r... Steve Wheeler
08:27 AM pfSense Packages Bug #11817: Enabling Firewall / pfBlockerNG / DNSBL / IPv6 DNSBL blocks radvd from starting
OK, I nuked my pfBLockerNG-devel config as other things were breaking. Please mark this as INVALID as I try again to... Loh Phat
07:31 AM pfSense Packages Bug #11817 (Closed): Enabling Firewall / pfBlockerNG / DNSBL / IPv6 DNSBL blocks radvd from starting
Enabling this checkbox adds a line into the radvd.conf file which causes it to choke on startup thus causing IPv6 tra... Loh Phat
08:26 AM Bug #11815: NoIP.com Dynamic DNS update failure is not detected properly
Could be related to #6638 Viktor Gurov
02:07 AM Bug #11815 (Closed): NoIP.com Dynamic DNS update failure is not detected properly
DynDNS does not update IP address on service NoIP.com (paid), even though the address has changed, in 2.5.0 CE and 2.... I Ivanov
07:34 AM Feature #11809 (Rejected): Provide the option of logging in CEF (Common Event Format) in addition to Syslog
Not viable for the built-in syslogd, what can be done is already possible in syslog-ng. Jim Pingle
02:38 AM Feature #11809: Provide the option of logging in CEF (Common Event Format) in addition to Syslog
The Syslog-NG package already supports this:
https://www.syslog-ng.com/technical-documents/doc/syslog-ng-open-source... Viktor Gurov
07:27 AM pfSense Plus Bug #11814 (Not a Bug): Unexpected pf round-robin for rdr
That's expected behavior. It isn't round-robin. They are separate rules which catch inbound traffic on the other inte... Jim Pingle
07:25 AM Bug #11813 (Duplicate): Active OpenVPN client disables Port Forwarding
It is the same as #11805 Jim Pingle
04:51 AM Bug #8831: Radvd causes latency spikes
Ronald Schellberg wrote:
> try my fix
yep make sense, radvd breaking since 2.6 upgrade lined up with a config cha... Daniel Cameron
04:33 AM pfSense Plus Regression #11436: State matching problem with reponses to packets arriving on non-default WANs
Don't know what details exactly you like, will provide that I can publicly, but if you need more details (e.g. status... DRago_Angel [InV@DER]

04/18/2021

11:22 PM Bug #8831: Radvd causes latency spikes
> Apr 19 12:33:01 radvd 71791 can't join ipv6-allrouters on em0.100
> Apr 19 12:33:01 radvd 71791 resuming normal op... Ronald Schellberg
10:07 PM Bug #8831: Radvd causes latency spikes
Daniel Cameron wrote:
> Daniel Cameron wrote:
> No more lag spikes, no more radvd CPU spikes.
A bit over an hour... Daniel Cameron
08:22 PM Bug #8831: Radvd causes latency spikes
Daniel Cameron wrote:
> Attempted to update to radvd 2.19_1 but that just results in the following log spam:
Look... Daniel Cameron
05:55 AM Bug #8831: Radvd causes latency spikes
Running radvd manually with -d5 with a ping running at the same time, it appears the latency spikes line up with the ... Daniel Cameron
07:47 PM Regression #11316: Unbound crashes with signal 11 when reloading
Is there any hope for a fix? It's been quite a while and I don't see any progress.
I'm happy to try to help, but not... Mike Farmwald
06:19 PM pfSense Plus Bug #11814: Unexpected pf round-robin for rdr
Ok, after playing with a spare box for a few hours I see now that round-robin for the extra interfaces are due to hav... Craig Leres
11:38 AM pfSense Plus Bug #11814 (Not a Bug): Unexpected pf round-robin for rdr
What causes the generation of multiple round-robin rdr rules, one for each interface when I have a straight forward f... Craig Leres
11:15 AM Feature #628: Ability to specify listen IP address of management services (SSH, web interface)
This has bothered me since I started using pfSense. Every instance of people asking about this was ignored or discour... Robert Hardy

04/17/2021

11:44 PM Bug #11813 (Duplicate): Active OpenVPN client disables Port Forwarding
Update to 2.5.1 killed self-hosted web services accesablity. Configuration worked on 2.5.0. All traffic/IPs route thr... Allen Sampsell
11:11 PM Bug #8831: Radvd causes latency spikes
Flole Systems wrote:
> Could you please provide information on what NIC you are using? To me it seems like an issue ... Jonathan Black
04:36 AM Bug #8831: Radvd causes latency spikes
Flole Systems wrote:
> Could you please provide information on what NIC you are using? To me it seems like an issue ... Daniel Cameron
10:00 PM pfSense Docs Todo #11812 (Closed): Feedback on pfSense Configuration Recipes — Configuring IPv6 Through A Tunnel Broker Service
*Page:* https://docs.netgate.com/pfsense/en/latest/recipes/ipv6-tunnel-broker.html
*Feedback:*
I set this up toni... Steve Y
09:34 PM pfSense Plus Bug #11630 (Closed): WireGuard MultiWAN Not Failing Back to Tier 1
Anonymous
09:30 PM pfSense Plus Bug #11673: Thermal Sensors Non-functional on SG-3100
This is still present on the SG-3100 for the 21.02.2 release. Kris Phillips
03:52 PM Feature #11406: GUI option to set MTU for L2TP VPN server
There is no option to change MTU in L2TP VPN server Alhusein Zawi
01:36 PM Bug #11786: SSH incomplete setup and startup fail while recovering XML backup in a fresh install of pfSense 2.5.0
I confirm this happened to me with a fresh install of pfsense 2.5.1 Many thanks for the workaround!
The xml backup f... Michele Zamboni
12:00 PM Regression #11805: Port forward rules only function through the default gateway interface, ``reply-to`` does not work for Multi-WAN (CE Only)
I would just like to add that on a multi gateway firewall (typically, in my case, wan and mpls) there is a loss of th... Luca De Andreis
09:18 AM Regression #11805: Port forward rules only function through the default gateway interface, ``reply-to`` does not work for Multi-WAN (CE Only)
We have more than enough confirmation that it's a problem at this point, please refrain from commenting to that effec... Jim Pingle
09:16 AM Bug #11810 (Duplicate): Multi wan routing not working 2.5.1
Duplicate of #11805 Jim Pingle
02:54 AM Bug #11810 (Duplicate): Multi wan routing not working 2.5.1
I have multiple WAN interfaces running in parallel, each with a number of static IP addresses.
WAN0 and WAN1. WAN... Guy Plunkett
09:10 AM pfSense Docs Correction #11811 (Rejected): Feedback on Releases — 21.02.2/2.5.1 New Features and Changes
This is not a documentation issue.
See #11805 Jim Pingle
04:38 AM pfSense Docs Correction #11811 (Rejected): Feedback on Releases — 21.02.2/2.5.1 New Features and Changes
*Page:* https://docs.netgate.com/pfsense/en/latest/releases/21-02-2_2-5-1.html
*Feedback:*
Hello
This version ... reza karimi
08:37 AM Feature #11521 (Resolved): Set Explicit Exit Notify to ``1`` by default for new OpenVPN client instances
Tested and it looks good. The --explicit-exit-notify option is added to the client config on UDP. It is not added on ... Max Leighton

04/16/2021

08:38 PM Feature #11809 (Rejected): Provide the option of logging in CEF (Common Event Format) in addition to Syslog
When sending to remote log sources, especially those that are used as logging solutions such as logstash, Graylog, Sp... Justin Andrusk
08:09 PM Revision 4e885411: Emable build of wireguard-tools and wireguard-kmod
Renato Botelho
06:09 PM Regression #11512: DHCP Leases page and ARP table page fail to load if DNS is not available
Parallel discussion thread, including steps to reproduce.
https://forum.netgate.com/topic/161424/dhcp-lease-screen-n... Karl Fife
03:42 PM pfSense Plus Bug #11807 (Rejected): HA setup restarts all OpenVPN instances on the secondary after making any change on the primary
This patch was applied to both pfSense Plus and CE. If you believe there is a regression or the issue is not fully fi... Marcos M
03:18 PM Bug #11808 (Feedback): Ignore WireGuard configurations under ``<installedpackages></installedpackages>``
pfSense-upgrade 0.98 should be good Renato Botelho
01:44 PM Bug #11808 (In Progress): Ignore WireGuard configurations under ``<installedpackages></installedpackages>``
Renato Botelho
01:48 PM Regression #11524: Using SHA1 or SHA256 with AES-NI may fail if AES-NI attempts to accelerate hashing
This hit me after migrating a pfSense CE firewall for a customer. The Atom C3000 series CPU in the new firewall has S... Jan de Groot
01:42 PM Bug #11789 (Rejected): Restore Nat Outbound Config Issue
Can't reproduce as stated.
I can backup a NAT section, wipe out the rules in the GUI, then restore, and they are a... Jim Pingle
01:11 PM Feature #7092: Kernel modules for alternate congestion control algorithms
Before version 2.5.0, I could use these modules, which I make from source code. But since version 2.5.0, this no long... Yuran Yastreb
12:45 PM Revision 0f03681f: List /etc/inc/web as obsolete, no longer all the files therein
Steve Beaver
12:36 PM Revision b73947ee: Moved web include files from /etc/inc/web to /usr/local/pfSense/include/www
Steve Beaver
10:37 AM pfSense Packages Bug #11392 (Closed): FRR - Advanced Routing Behavior - Network Import Check: Flag should be reversed
Jim Pingle
10:34 AM Bug #11587: WireGuard interfaces do not have data on traffic graphs
!screen7.PNG!
Boom Christian McDonald
10:18 AM pfSense Plus Regression #11436: State matching problem with reponses to packets arriving on non-default WANs
DRago_Angel [InV@DER] wrote:
> Updated to 21.02.2-RELEASE and NPt still not works on non-primary WAN so issue resolv... Kristof Provost
04:18 AM pfSense Plus Regression #11436: State matching problem with reponses to packets arriving on non-default WANs
Updated to 21.02.2-RELEASE and NPt still not works on non-primary WAN so issue resolved not fully. DRago_Angel [InV@DER]
09:54 AM Bug #11091: Interfaces set as disabled in the configuration have an UP status in the operating system at boot
Confirmed; this breaks sub-interfaces on anything that is assigned but disabled by removing the parent entirely. Steve Wheeler
09:32 AM Bug #11453: ``wpa_supplicant`` uses 100% of a CPU core at boot
MILO MEDIN wrote:
> I am having the same problem - 2.5.0 and 2.5.1 both have 100% CPU load on one core. I have 4 co... Matt Johnson
09:05 AM pfSense Packages Bug #6235: Snort sometimes crashes during rule update process (specifically related to VRT .so rule update?)
Thank you for the suggested patch, but I think the rules update logic is going to need additional changes due to the ... Bill Meeks
03:06 AM pfSense Packages Bug #6235: Snort sometimes crashes during rule update process (specifically related to VRT .so rule update?)
This issue still is still there. It happened last night to 2 of our PFSense boxes. Snort crashes due to the update pr... Sander Peterse

04/15/2021

09:49 PM pfSense Packages Bug #11392: FRR - Advanced Routing Behavior - Network Import Check: Flag should be reversed
fixed.
"bgp network import-check" is shown up in configuration by default.
router bgp 61000
no bgp network i... Alhusein Zawi
07:36 PM Bug #11453: ``wpa_supplicant`` uses 100% of a CPU core at boot
I am having the same problem - 2.5.0 and 2.5.1 both have 100% CPU load on one core. I have 4 cores assigned to the p... MILO MEDIN
12:49 PM Bug #11808 (Resolved): Ignore WireGuard configurations under ``<installedpackages></installedpackages>``
WireGuard related configurations should be ignored if found under <installedpackages></installedpackages> Christian McDonald
12:38 PM Bug #11778: OpenVPN uses 100% CPU after experiencing packet loss
Did a Router rebuild this morning requiring a complete re-install (2.5.1) and restored configuration from backup, the... Jason NA
11:59 AM Regression #11805: Port forward rules only function through the default gateway interface, ``reply-to`` does not work for Multi-WAN (CE Only)
@Kristof, will there be a point release to fix this, or can a patch be applied to 2.5.1?
I guess a point release w... Rajil Saraswat
11:56 AM Regression #11805: Port forward rules only function through the default gateway interface, ``reply-to`` does not work for Multi-WAN (CE Only)
Patrick Clara: I cannot tell from that post if this is the same problem or not. It could plausibly be.
2.6.0 work... Kristof Provost
10:37 AM pfSense Plus Bug #11807 (Rejected): HA setup restarts all OpenVPN instances on the secondary after making any change on the primary
This Plus project does not contemplate the issue reported in:
https://redmine.pfsense.org/issues/11082
We simpl... Edgar Escoboza
07:52 AM Regression #11570: Gateway monitoring services is not always restarted on interface events, which may prevent a WAN from recovering back to an online state
I can reproduce exactly the same behavior. If I loose connectivity to the ISP or disconect the coaxil cable from my m... Fred Latke
07:44 AM Feature #9092: Option to set interval of forced Dynamic DNS updates
That PR may set it for that one provider, but it's not a general solution. Jim Pingle

04/14/2021

03:58 PM Feature #9092: Option to set interval of forced Dynamic DNS updates
Fix / feature implementation: https://github.com/pfsense/pfsense/pull/4514 Jaakko Kantojärvi
03:49 PM pfSense Docs Todo #11788 (Duplicate): Feedback on pfSense Configuration Recipes — Dynamic Routing Protocol Basics
Duplicate of #11645 Jim Pingle
03:46 PM pfSense Docs Todo #11645 (Closed): Feedback on pfSense Configuration Recipes — Dynamic Routing Protocol Basics
Done. See #11796. Jim Pingle
03:39 PM pfSense Docs New Content #11796 (Feedback): Document the FRR Package
And now the rest of it is done.
https://gitlab.netgate.com/docs/pfSense-docs/-/commit/9cd9d2fb1a679d924a856732b14b... Jim Pingle
03:04 PM pfSense Docs New Content #11796: Document the FRR Package
The main FRR docs are now reasonably complete.
https://gitlab.netgate.com/docs/pfSense-docs/-/commit/da7d44be153db... Jim Pingle
03:32 PM Regression #11805: Port forward rules only function through the default gateway interface, ``reply-to`` does not work for Multi-WAN (CE Only)
I'm confident I have a fix ready. It's being reviewed & validated internally. Kristof Provost
08:37 AM Regression #11805: Port forward rules only function through the default gateway interface, ``reply-to`` does not work for Multi-WAN (CE Only)
Correction, I was testing it wrong, I can reproduce. I'd again forgotten to ensure my requests came from outside the ... Kristof Provost
08:16 AM Regression #11805: Port forward rules only function through the default gateway interface, ``reply-to`` does not work for Multi-WAN (CE Only)
I can't seem to reproduce this on my system, running 'pfSense 2.5.1-RELEASE (amd64) on pfSense'. Can you share your r... Kristof Provost
07:35 AM Regression #11805 (Resolved): Port forward rules only function through the default gateway interface, ``reply-to`` does not work for Multi-WAN (CE Only)
Port forwards coming into the firewall from a non-default WAN are not working properly on CE version 2.5.1. This is s... Jim Pingle
01:49 PM Feature #8794: NTP authentication support
Folks, I made a patch to the function _system_ntp_configure()_ in the file _/etc/inc/system.inc_ to get this working.... LamaZ .
12:00 PM Regression #11806 (Closed): IPv4 link-local (``169.254.x.x``) gateway does not function
On 2.5.1, there is a regression caused by the change in #11713 which ends up treating IPv4 link local addresses like ... Jim Pingle
11:46 AM pfSense Docs Correction #11804 (Closed): QAT support on XG-1541 BASE Secure Router with TNSR Software
This has been fixed. Jim Pingle
03:53 AM pfSense Docs Correction #11804 (Closed): QAT support on XG-1541 BASE Secure Router with TNSR Software
https://shop.netgate.com/products/1541-base-tnsr
The link above mentions QAT (Integrated Intel® QuickAssist Techno... Danilo Zrenjanin
09:38 AM Bug #11453: ``wpa_supplicant`` uses 100% of a CPU core at boot
Still seems to be an issue on 2.5.1 release, if there is any extended logging or debug mode required to help troubles... Matt Johnson
07:36 AM pfSense Plus Regression #11436: State matching problem with reponses to packets arriving on non-default WANs
Some reports that this is happening on CE now, but not Plus. See #11805
Keeping this one closed since it was speci... Jim Pingle

04/13/2021

01:19 PM Bug #11803 (Rejected): Network unavailability and crash report
This site is not for support or diagnostic discussion.
For assistance in solving problems, please post on the "Net... Jim Pingle
01:15 PM Bug #11803 (Rejected): Network unavailability and crash report
In an unpredictable way I'm loosing connectivity to the network routed bym pfSense. After a while network is back and... Maciej Czech
11:32 AM Revision a16e742c: Change stable version to 2.5.1
Renato Botelho
11:04 AM Revision 1af3f59b: Change stable version to 2.5.1
Renato Botelho
11:01 AM Revision 50d50d32: Change stable version to 2.5.1
Renato Botelho
10:52 AM Bug #11713 (Closed): Error when deleting IPv6 link-local routes
Jim Pingle
10:52 AM Bug #11674 (Closed): OpenVPN binds to all interfaces when configured on a 6RD interface
Jim Pingle
10:52 AM Bug #11644 (Closed): Unreachable LDAP server for SSH auth causes boot process to stop at 'Synchronizing user settings' and no user can login over SSH
Jim Pingle
10:52 AM Bug #11643 (Closed): IPsec tunnel does not function when configured on a 6RD interface
Jim Pingle
10:52 AM Bug #11638 (Closed): PHP error in logs from XMLRPC if no sections are selected to sync
Jim Pingle
10:52 AM Regression #11633 (Closed): DHCP6 interfaces are reconfigured multiple times at boot when more than one interface is set to Track
Jim Pingle
10:52 AM Bug #11617 (Closed): Unexpected Operator error on console at boot with ZFS and RAM Disks
Jim Pingle
10:52 AM Regression #11594 (Closed): IPv6 routes with a prefix length of 128 result in an invalid route table entry
Jim Pingle
10:52 AM Bug #11578 (Closed): Error when removing automatic DNS server route
Jim Pingle
10:52 AM Regression #11565 (Closed): Saved state timeout values not loaded into GUI fields on system_advanced_firewall.php
Jim Pingle
10:52 AM Regression #11561 (Closed): ACLs generated from RADIUS reply attributes do not parse ``{clientip}`` macro
Jim Pingle
10:52 AM Bug #11559 (Closed): OpenVPN does not start with a long list of Data Encryption Algorithms
Jim Pingle
10:52 AM Regression #11555 (Closed): IPsec peer ID of "Any" does not generate a proper remote definition or related secrets
Jim Pingle
10:51 AM Bug #11554 (Closed): Selected Data Encryption Algorithms list items reset when an input validation error occurs
Jim Pingle
10:51 AM Bug #11547 (Closed): DNS Resolver does not bind to an interface when it recovers from a down state
Jim Pingle
10:51 AM Regression #11537 (Closed): IPsec VTI tunnel between IPv6 peers may not configure correctly
Jim Pingle
10:51 AM Regression #11526 (Closed): Mobile IPsec broken when using strict certificate revocation list checking
Jim Pingle
10:51 AM Regression #11519 (Closed): Incorrect DHCP failover IP address configured on peer after XMLRPC sync
Jim Pingle
10:51 AM Bug #11514 (Closed): Renewing a self-signed CA or certificate does not update the serial number
Jim Pingle
10:51 AM Bug #11488 (Closed): IPsec tunnel definitions have ``pools =`` entry in ``swanctl.conf`` with no value
Jim Pingle
10:51 AM Regression #11487 (Closed): IPsec tunnels using expanded IKE connection numbers do not have proper child SA names in ``swanctl.conf``
Jim Pingle
10:51 AM Regression #11486 (Closed): Connect and disconnect buttons on the IPsec status page do not work for all tunnels
Jim Pingle
10:51 AM Bug #11476 (Closed): Telegram and Pushover notification API calls do not respect proxy configuration
Jim Pingle
10:51 AM Regression #11475 (Closed): Route tables with many entries can lead to PHP errors and timeouts when looking up routes
Jim Pingle
10:51 AM Bug #11448 (Closed): Incorrect order of ``route-nopull`` option in OpenVPN client-specific override configuration
Jim Pingle
10:51 AM Bug #11446 (Closed): Mobile IPsec DNS server input validation does not reject unsupported IPv4-mapped IPv6 addresses
Jim Pingle
10:51 AM Regression #11435 (Closed): IPsec status incorrect for entries using expanded IKE connection numbers
Jim Pingle
10:51 AM Bug #11409 (Closed): IPv4 MSS value is incorrectly applied to IPv6 packets
Jim Pingle
10:51 AM Bug #11383 (Closed): pfSense Proxy Authentication not working
Jim Pingle
10:51 AM Bug #11104 (Closed): OpenVPN does not start with several authentication sources selected
Jim Pingle
10:51 AM Bug #4521 (Closed): OpenVPN authentication and certificate validation fail due to size of data passed through ``fcgicli``
Jim Pingle
10:26 AM Bug #11639 (Closed): Entries from rotated log files may be displayed out of order when log display includes contents from multiple files
Fixed. Jim Pingle
10:25 AM Bug #11706 (Closed): Renewing a certificate without a ``type`` value assumes a server certificate
Tested again and this is working fine for me here. Can reopen or make a new issue if additional problem scenarios are... Jim Pingle
10:06 AM Regression #11500 (Closed): OpenVPN using the wrong OpenSSL command to list digest algorithms
Fixed. Jim Pingle
10:04 AM Regression #11760 (Closed): PHP error on package install
Fixed. Jim Pingle
09:06 AM Regression #11316: Unbound crashes with signal 11 when reloading
I'm experiencing this issue as well.
It seems to be preceded by unbound going 100% cpu for several minutes, during... Andrew Counterman
08:02 AM Bug #11616 (Closed): Potential stored XSS vulnerability in services_wol.php
Fixed and confirmed fixed multiple times. Jim Pingle
04:10 AM pfSense Packages Bug #11575: OpenVPN clients cannot pass traffic when reconnecting using the same source port
I can confirm that after upgrading our Netgate XG-7100 from 2.4.5p1 to 21.02.1 this issue began.
Neither the OpenV... Jason B

04/12/2021

08:54 PM Bug #11800: ipv6 DHCP can't push gataway address to LAN
Jim Pingle wrote:
> There aren't nearly enough details here for a proper bug report. Keep it on the forum until you ... yon Liu
07:19 AM Bug #11800 (Rejected): ipv6 DHCP can't push gataway address to LAN
There aren't nearly enough details here for a proper bug report. Keep it on the forum until you have more details tha... Jim Pingle
05:48 AM Bug #11800 (Rejected): ipv6 DHCP can't push gataway address to LAN
LAN's any devices has no get ipv6 network gateway.
Reported
https://forum.netgate.com/topic/162834/ipv6-dhcp-not-... yon Liu
08:39 PM pfSense Packages Bug #10436: softflowd no longer sends flow data after upgrade (v0.9.9_1 -> v1.0.0)
Same issue for me also. No flows being exported from the firewall as reported by capture on the firewall. Any ideas o... Nigel Smith
12:15 PM pfSense Packages Bug #11802 (New): FreeRADIUS sync
freeradius3 0.15.7_30 seems to have changed the XMLRPC Sync behavior in a recent update. This leads to the issue that... Michael Schefczyk
11:19 AM Revision 39da595a: Welcome pfSense 2.5.1-RELEASE
Renato Botelho
07:42 AM Bug #11801 (Closed): PHP error in ``upgrade_212_to_213()`` when upgrading certain IPsec tunnels
Certain IPsec tunnel configurations fail to upgrade cleanly with the following error:... Jim Pingle
07:24 AM Regression #11787 (Pull Request Review): Thermal sensors widget no longer shows values from certain hardware
Looks like a couple others are also missing from the output, not just Chelsio. See my notes on the PR. Jim Pingle
07:15 AM Bug #11799 (Duplicate): date sorting on system logs does alphabetical sort not numeric sort
Duplicate of #11639 Jim Pingle
04:55 AM Bug #11799 (Duplicate): date sorting on system logs does alphabetical sort not numeric sort
On the page Status System Logs System General, if you sort by date, the sorting is done by alphabetic order not numer... Robin Wood
06:49 AM pfSense Packages Bug #11491: haproxy-devel v0.62_2 - startup error 'httpchk'
More over now HAproxy 2.0 support alpn h2 on backend and from 2.2 it supported on http-check. Also default server par... DRago_Angel [InV@DER]

04/11/2021

05:48 PM Bug #8831: Radvd causes latency spikes
Could you please provide information on what NIC you are using? To me it seems like an issue with a certain kind of N... Flole Systems
05:21 PM Bug #8831: Radvd causes latency spikes
I'm having an issue with this on 2.5.0-Release . I'm not using LACP, but I do have multiple LANs on VLANs. Jonathan Black
09:56 AM Bug #11256: Cannot add alias with multiple URLs
I just upgraded to 21.02_1 and it does not work. I thought 21.02_1 would be the same as 2.5.0. Is it not?
*EDIT:* ... Andreas Lindhé
05:17 AM pfSense Packages Feature #11798 (Duplicate): HA Sync for FRR config
I'm using two pfSense firewalls in a cluster with CARP.
On both FRR is configured but there is no sync option from ... Robert Sailer

04/10/2021

06:27 PM pfSense Packages Bug #11797 (Confirmed): Traffic Totals lost upon reboot when using a ramdisk for /var and /tmp
When using a ramdisk for /var and /tmp, RRD Data and log files are saved from the ramdisk to disk on a regular basis ... John Cornwell
10:17 AM Regression #11787: Thermal sensors widget no longer shows values from certain hardware
This should add that: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/217 Steve Wheeler
09:21 AM pfSense Packages Bug #11637: Preprocs - possible to create two defaults
Tested in 2.6.0, and the original behavior is fixed. The GUI still has a slight issue:
When creating a new server ... Max Leighton
08:51 AM Regression #11442 (Resolved): Distinguished Name (FQDN) IPsec peer identifier type is not formatted properly in ``swanctl.conf`` secrets
Tested and it looks good. This can be resolved. Max Leighton
04:36 AM Bug #3849: Compex WLE200NX wireless card stops responding
I have a similar issue with an "APU3 C2" board since upgrading pfSense from v2.4.5p1 (FreeBSD 11.3-STABLE) to v2.5.0 ... Guillaume J

04/09/2021

08:24 PM pfSense Packages Bug #11753: Enabling DNS over HTTPS/TLS Blocking in pfBlockerNG Causes Crash
Resolved in pfBlockerNG v3.0.0_16 BBcan177 .
02:51 PM pfSense Docs New Content #11796: Document the FRR Package
A good chunk of the documentation is up now, but it is still very much a work in progress:
https://gitlab.netgate.... Jim Pingle
02:29 PM pfSense Docs New Content #11796 (In Progress): Document the FRR Package
Jim Pingle
02:29 PM pfSense Docs New Content #11796 (Resolved): Document the FRR Package
Add documentation for the FRR Package.
Adapt any existing Quagga and OpenBGPd documents to use FRR instead.
 Jim Pingle
10:10 AM Regression #11795 (Resolved): Applying IPsec settings for more than ~30 tunnels times out PHP
When attempting to apply IPsec changes on a system with more than around 30 tunnels, the apply process causes a timeo... Jim Pingle
10:03 AM Regression #11794 (Closed): IPsec VTI interface names are not properly formed for more than 32 interfaces
IPsec VTI interfaces names are not properly formed for more than 32 interfaces. For example a tunnel with a reqid of ... Jim Pingle
09:32 AM Regression #11524: Using SHA1 or SHA256 with AES-NI may fail if AES-NI attempts to accelerate hashing
Updating subject.
Note that this problem only affects CPUs which report the ability to accelerate SHA1 and SHA256.... Jim Pingle
08:55 AM Bug #11793 (Closed): OpenVPN client starts when CARP VIP is in BACKUP status when bound to Virtual IP aliased to CARP VIP
If an OpenVPN client is bound to a _virtual IP_ which is an _IP Alias_ for a _CARP IP_, the OpenVPN client (e.g. ovpn... monotype tattoo
07:48 AM Regression #11785: OpenSSL "Operation not supported" error with cryptodev in certain cases
Exclude from release notes since it regressed after the previous release. Jim Pingle
07:28 AM Regression #11316: Unbound crashes with signal 11 when reloading
There is a "new commit on Unbound which may help":https://github.com/NLnetLabs/unbound/commit/7396eff7af10eb85bee277a... Jim Pingle
07:24 AM pfSense Packages Bug #11392: FRR - Advanced Routing Behavior - Network Import Check: Flag should be reversed
That's what I fixed yesterday but there isn't a new package yet. Wait for pfSense-pkg-frr version 1.1.0_10. Jim Pingle
04:46 AM Bug #10955 (Pull Request Review): XMLRPC sync results in an error when a failover peer IP address is specified in DHCP server settings for an unconfigured interface
According to https://github.com/pfsense/pfsense/pull/4479/commits/64431f257bb831a8aa121c356bbef3ab28d0ddc1 function *... Azamat Khakimyanov

04/08/2021

11:44 PM pfSense Packages Bug #11392: FRR - Advanced Routing Behavior - Network Import Check: Flag should be reversed
"bgp network import-check" will not be shown up in configuration if I did not enable it once.
if I enabled it it w... Alhusein Zawi
11:18 AM pfSense Packages Bug #11392 (Feedback): FRR - Advanced Routing Behavior - Network Import Check: Flag should be reversed
Fixed committed and merged everywhere it is relevant. Jim Pingle
09:44 AM pfSense Packages Bug #11392 (In Progress): FRR - Advanced Routing Behavior - Network Import Check: Flag should be reversed
This doesn't add the option when there is no @frrbgpadvanced@ config present, and it should since we want it to be th... Jim Pingle
09:07 PM Revision 53b87a4c: VTI: Fix interface number limit
Code introduced by commit 3b85b43bb4b tried to keep the old way used to
decided VTI interface number using reqid and ... Renato Botelho
05:49 PM pfSense Plus Regression #11436: State matching problem with reponses to packets arriving on non-default WANs
Working fine for me now after update to 21.02.2.r.20210406.1302
Now once again able to connect to the network from t... Eduard Rozenberg
02:41 PM Bug #11782 (Closed): Sanitize status ouput for ACME AWS DynDNS key ID
Key itself is already sanitized through #10569
There should be no need to sanitize the ID. Marcos M
02:06 PM Bug #10190: can't disable Phase 1 when Phase 2 is VTI
This fixes the issue where a P1 can't be disabled if it has an inactive P2 in VTI mode.
An issue remains if the P2... Marcos M
02:05 PM Bug #11792 (Closed): Cannot disable IPsec P1 when related P2s are in VTI mode and enabled
Setup:
IPsec Phase 1 with one or more Phase 2 entries in VTI mode. No IPsec interfaces assigned.
Issue:
While bo... Marcos M
11:06 AM pfSense Packages Bug #11791 (Duplicate): comp-lzo in Client export is still used when Allow Compression set to "Refuse"
Duplicate of #11745 Jim Pingle
10:09 AM pfSense Packages Bug #11791 (Duplicate): comp-lzo in Client export is still used when Allow Compression set to "Refuse"
I noticed that the field "Compression" is still being used in client export even when "Refuse any non-stub compressio... chiel chiel
07:26 AM Regression #11747 (Resolved): Firewall rule schedule cannot be changed
Jim Pingle
07:21 AM pfSense Plus Bug #11466: PHP exits with signal 11 on SG-3100 when calling PCRE functions
Bill Meeks wrote:
> One of the issues identified in this ticket, the logging of "blank" interface names and the disp... Renato Botelho
07:20 AM pfSense Packages Bug #11637 (Feedback): Preprocs - possible to create two defaults
PR merged on 2.6.0 / 2.5.1. It will be cherry-picked to stable after tests Renato Botelho
03:55 AM Regression #11316: Unbound crashes with signal 11 when reloading
Can confirm the same happening on my system. Unbound crashed with an interval of one week and always at night. And it... S P

04/07/2021

11:13 PM Regression #11747: Firewall rule schedule cannot be changed
I was able to modify Schedules when it is applied to FW rule (added/deleted)
2.5.1-RC (amd64)
built on Tue Apr... Alhusein Zawi
03:31 PM Feature #11790: Support hiding interface groups via special tag
Clarification: This doesn't hide the group from being used or having rules configured on it, it just hides it from be... Christian McDonald
03:19 PM Feature #11790 (Rejected): Support hiding interface groups via special tag
PR: https://github.com/pfsense/pfsense/pull/4513
This will be useful for packages needing to create (protected) in... Christian McDonald
01:34 PM Feature #6362: Allow specifying the client identifier hardware type
In pfSense, just pre-pending... Carlo Tognetti
12:49 PM Revision 39d83c73: Show Unbound used certificate on the Certificate Manager page. Fixes #11678
Viktor Gurov
12:49 PM Revision 5cbb0a7f: Reload NAT config before testing
Steve Beaver
12:37 PM Revision 246a8832: Add cronjob only for limiters applied to firewall rules. Fixes #11636
Viktor Gurov
12:37 PM Revision 15f716d8: Note says that gateway or failover gatewaygroup are valid options #11164
Danilo Zrenjanin
12:34 PM Revision 1e1a9918: Disable RA mode in rc.initial.setlanip. Fixes #11609
Viktor Gurov
12:32 PM Revision 6bb8cdd4: OpenVPN Cisco AVPair {clientipv6} template. Implements #11596
Viktor Gurov
10:58 AM Regression #11785 (Resolved): OpenSSL "Operation not supported" error with cryptodev in certain cases
Fixed according feedbacks Renato Botelho
10:48 AM Regression #11785: OpenSSL "Operation not supported" error with cryptodev in certain cases
2.5.1.r.20210406.1302 resolved the issues I was seeing as report above (#3). Thanks! Greg Shaffer
07:24 AM Regression #11785: OpenSSL "Operation not supported" error with cryptodev in certain cases
Latest snapshot is working fine here. Same VM before which could reproduce the OpenVPN and Unbound errors with crypto... Jim Pingle
08:53 AM Bug #11789 (Rejected): Restore Nat Outbound Config Issue
Hi all,
I'm reporting a bug about the Restore from config file of NAT Config.
The Outbound config is "Manual Outbou... Daniele Ciribifera
08:03 AM pfSense Plus Regression #11436 (Resolved): State matching problem with reponses to packets arriving on non-default WANs
Renato Botelho
05:10 AM pfSense Plus Regression #11436: State matching problem with reponses to packets arriving on non-default WANs
@Rick Strangman
> Updated by Renato Botelho 1 day ago
>...
>Fix was pushed to FreeBSD and cherry-picked to FreeBSD... Grzegorz Krzystek
05:07 AM pfSense Plus Regression #11436: State matching problem with reponses to packets arriving on non-default WANs
I can confirm the issue has been resolved. Explanation please. Rick Strangman
07:55 AM Bug #11678: Certificate Manager does not report Unbound as using a certificate
Applied in changeset commit:39d83c73ce8b1b5d99540ccfc6734b3ad4d23107. Viktor Gurov
07:49 AM Bug #11678 (Feedback): Certificate Manager does not report Unbound as using a certificate
PR has been merged. Thanks! Renato Botelho
07:45 AM Bug #11636: Unused Limiter entries with schedules create unnecessary cron jobs
Applied in changeset commit:246a8832c1928dc4cfcf40bd2bde4fbda0af191e. Viktor Gurov
07:40 AM Bug #11636 (Feedback): Unused Limiter entries with schedules create unnecessary cron jobs
PR has been merged. Thanks! Renato Botelho
07:45 AM Bug #11609: CLI interface configuration without IPv6 leaves RA enabled
Applied in changeset commit:1e1a9918cfd77626442b84bffdf32a7876a30e6f. Viktor Gurov
07:36 AM Bug #11609 (Feedback): CLI interface configuration without IPv6 leaves RA enabled
PR has been merged. Thanks! Renato Botelho
07:40 AM Feature #11596: Support for Cisco AVPair ``{clientipv6}`` template in firewall rules returns by RADIUS
Applied in changeset commit:6bb8cdd4d8b892bcb77163c02902d83c26cbe2f2. Viktor Gurov
07:34 AM Feature #11596 (Feedback): Support for Cisco AVPair ``{clientipv6}`` template in firewall rules returns by RADIUS
PR has been merged. Thanks! Renato Botelho
07:37 AM Bug #11778: OpenVPN uses 100% CPU after experiencing packet loss
According to my email VPN1_WAN/client1 was suffering packet loss at Apr 6, 2021, 10:11 PM, then not soon after VPN2_W... Jason NA
07:37 AM Feature #11164 (Feedback): Input validation to prevent setting a load balancing gateway group as default
PR has been merged. Thanks! Renato Botelho

04/06/2021

11:45 PM pfSense Packages Feature #11749: Option to disable NAT rule creation
I don't want to use the VIP Webservice in general, but the NAT rules are the biggest problem. I can't delete them and... Frank Gouton
05:30 PM pfSense Plus Regression #11436: State matching problem with reponses to packets arriving on non-default WANs
I tested it on RC update channel
currently running 21.02.2.r.20210406.1302
and port forward works as expected. on b... Grzegorz Krzystek
05:24 PM pfSense Plus Regression #11436: State matching problem with reponses to packets arriving on non-default WANs
So is this build different that what shows up in System->Updates? Rick Strangman
05:17 PM pfSense Plus Regression #11436: State matching problem with reponses to packets arriving on non-default WANs
to be more precise tested on build 21.02.2.r.20210405.1121
on booth wans port forward works now as expected.
Good... Grzegorz Krzystek
05:05 PM pfSense Plus Regression #11436: State matching problem with reponses to packets arriving on non-default WANs
Renato Botelho wrote:
> Fix was pushed to FreeBSD and cherry-picked to FreeBSD-src on commit 4fd4e2b70189
works o... Grzegorz Krzystek
03:57 PM pfSense Docs Todo #11788 (Duplicate): Feedback on pfSense Configuration Recipes — Dynamic Routing Protocol Basics
*Page:* https://docs.netgate.com/pfsense/en/latest/recipes/dynamic-routing-basics.html
*Feedback:*
https://docs.n... Paighton Bisconer
03:36 PM Revision 2dacd7fe: Accommodate 'after' property when creating a NAT rule
Steve Beaver
01:06 PM Regression #11787 (Closed): Thermal sensors widget no longer shows values from certain hardware
The changes made for this bug: https://redmine.pfsense.org/issues/10963 excluded the Chelsio sysctl temperature value... Steve Wheeler
12:47 PM Regression #11785 (Feedback): OpenSSL "Operation not supported" error with cryptodev in certain cases
Luiz reverted changes that introduced this issue on both devel and RC branches Renato Botelho
12:45 PM Regression #11785: OpenSSL "Operation not supported" error with cryptodev in certain cases
I couldn't reproduce that one before but it's entirely possible I didn't test it on this particular setting. It doesn... Jim Pingle
12:28 PM Regression #11785: OpenSSL "Operation not supported" error with cryptodev in certain cases
This effects more than just OpenVPN. With cryptographic device set to both AES-NI and Crypto Dev I was seeing errors... Greg Shaffer
10:06 AM Regression #11785: OpenSSL "Operation not supported" error with cryptodev in certain cases
It appears to be tied to cryptodev and not AES-NI. I can have aesni.ko loaded and it works OK, but fails when loading... Jim Pingle
09:19 AM Regression #11785 (Resolved): OpenSSL "Operation not supported" error with cryptodev in certain cases
It's not clear what specifically is triggering this, but with AES-NI+cryptodev loaded, I have a VM which is failing t... Jim Pingle
12:46 PM Bug #11774 (Duplicate): unbound control shows SSL error
Looks like this is a duplicate of #11785 (which has better info, even though it came after) Jim Pingle
11:49 AM Bug #11786 (New): SSH incomplete setup and startup fail while recovering XML backup in a fresh install of pfSense 2.5.0
Recovering a XML exported with RDD data and extra package data (about 8,2MB of data) causes SSH service configuration... Bruno Andrade da Silva
11:41 AM Bug #11778: OpenVPN uses 100% CPU after experiencing packet loss
I changed verbosity on client1, waited a couple of minutes then changed the verbosity on client2 and when I hit save ... Jason NA
10:42 AM Bug #11778: OpenVPN uses 100% CPU after experiencing packet loss
> since the upgrade whenever one or both clients start experiencing packet loss they start using 100% CPU
A OpenVP... Pippin MMD
07:41 AM pfSense Packages Bug #11783 (Not a Bug): /usr/local/pkg/acme/acme_command.sh : Uncaught RuntimeException: Couldn't create directory
Looks like a settings issue, it's got an entry set to need a web root folder but the value is empty. Jim Pingle
06:44 AM Regression #11433: Gateways with "Use non-local gateway" set are not added to routing table
Hi Renato,
the only patch (pfSense-pkg-System_Patches: 1.2_5) shown in the UI does not correct the problem. It seems... Frank Soyer
01:53 AM pfSense Packages Feature #11784 (New): squidguard auto update blacklist option
Would be nice to have an auto update blacklist option with a drop down menu for none, daily, weekly, fortnightly or m... ageekhere ageekhere

04/05/2021

07:43 PM Bug #11774: unbound control shows SSL error
I'm seeing similar SSL type errors in 2.5.1.r.20210405.0300. When I run the command "/usr/local/www: /usr/local/sbin/... Greg Shaffer
06:05 PM Revision 1346823f: Fix #11781: Disable DNSSEC option for dnsmasq
Renato Botelho
05:51 PM Bug #11777: Input validation prevents DNS Resolver from being disabled
Jim Pingle wrote:
> This is kind of a tricky situation since someone may want to work on their DNS Resolver configur... Martin Thygesen
08:21 AM Bug #11777: Input validation prevents DNS Resolver from being disabled
This is kind of a tricky situation since someone may want to work on their DNS Resolver configuration while it's alre... Jim Pingle
05:44 PM pfSense Packages Bug #11783: /usr/local/pkg/acme/acme_command.sh : Uncaught RuntimeException: Couldn't create directory
user was admin during setup process so permissions to create a director should not have been an issue. Martin Thygesen
05:44 PM pfSense Packages Bug #11783 (Not a Bug): /usr/local/pkg/acme/acme_command.sh : Uncaught RuntimeException: Couldn't create directory
Tried to setup acme on new firewall instance using old Key & ID from previous installation
Failed to write directory... Martin Thygesen
04:26 PM Bug #11712: Interface can't be switched to an available network port igb3
This is not a support issue and I suspect is a generic case.
That's unfortunate you can't reproduce it. Yuri Weinstein
01:39 PM Bug #11782 (Closed): Sanitize status ouput for ACME AWS DynDNS key ID
Currently, the following is not sanitized when downloading the file from /status.php.
* dns_awsaws_access_key_id
... Marcos M
01:31 PM pfSense Plus Regression #11436 (Feedback): State matching problem with reponses to packets arriving on non-default WANs
Fix was pushed to FreeBSD and cherry-picked to FreeBSD-src on commit 4fd4e2b70189 Renato Botelho
01:10 PM Bug #11781 (Feedback): Disable DNSSEC option for dnsmasq
Applied in changeset commit:1346823fd42cea2f633cc16f6b106ea4e4ce2311. Renato Botelho
01:05 PM Bug #11781 (Closed): Disable DNSSEC option for dnsmasq
We never provided support for DNSSEC on dnsmasq and it brings unnecessary dependencies Renato Botelho
12:19 PM pfSense Packages Bug #11780 (Rejected): Suricata package fails to prune suricata.log
The suricata package does not prune suricata.log. As a result, suricata.log grows without bound eventually resulting ... Kushdeep Chabba
11:22 AM Revision c12f206d: Support services like AWS and validate returned IP
Johan van der Vyver
10:27 AM Bug #11778: OpenVPN uses 100% CPU after experiencing packet loss
When I updated to 2.5 I changed a few more things from these VPN guides <https://nguvu.org/pfsense/pfsense-baseline-s... Jason NA
08:32 AM Bug #11778: OpenVPN uses 100% CPU after experiencing packet loss
I'm not sure there is anything pfSense could do about that. If OpenVPN itself is using the CPU, it's likely a problem... Jim Pingle
09:54 AM Bug #11706: Renewing a certificate without a ``type`` value assumes a server certificate
Right, on 2.5.0 (or a 2.5.1 snapshot from before this fix), removing @<type>user</type>@ will result in a server cert... Jim Pingle
09:20 AM pfSense Packages Bug #11766 (Pull Request Review): Certificate no more pointed "in use" by haproxy
Jim Pingle
08:46 AM pfSense Docs Todo #11779 (Rejected): Feedback on Configuration — Advanced Configuration Options — Admin Access Tab
> - make sure that the SSH-server is only listening to explicitly defined IPV4 and/or IPV6 addresses
Not possible ... Jim Pingle
05:47 AM pfSense Docs Todo #11779 (Rejected): Feedback on Configuration — Advanced Configuration Options — Admin Access Tab
*Page:* https://docs.netgate.com/pfsense/en/latest/config/advanced-admin.html
*Feedback:*
When trying to access m... Louis B
08:25 AM Bug #11776: Overwrite /boot.config and /boot/loader.conf when you use a serial console pfsense installation.
I tried to make my own customizations in the boot/loader.conf.local, but doesn't work because it blocks when you have... André Cirne
07:50 AM Bug #11776 (Rejected): Overwrite /boot.config and /boot/loader.conf when you use a serial console pfsense installation.
That is normal and expected.
Use /boot/loader.conf.local for your own customizations. Jim Pingle
07:49 AM Bug #11773 (Rejected): Using SSL/TLS for outgoing DNS Queries in forwarding mode can cause DNS to hang following the restoration of WAN connectivity
Those would be issues in unbound itself -- we don't have that kind of control over Unbound code. What you should do i... Jim Pingle
06:17 AM Regression #11433: Gateways with "Use non-local gateway" set are not added to routing table
Frank Soyer wrote:
> Hi guys,
> I'm just facing this bug after an update to 2.5.0. Unfortunatly, gitlab.netgate.com... Renato Botelho
06:15 AM Bug #3709 (Resolved): Disabled static route entries trigger 'route delete' error at boot
Renato Botelho

04/04/2021

10:32 AM pfSense Packages Bug #11766: Certificate no more pointed "in use" by haproxy
fix:
https://github.com/pfsense/FreeBSD-ports/pull/1059 Viktor Gurov
02:45 AM Bug #11774 (Rejected): unbound control shows SSL error
Unable to reproduce this issue on 2.5.1.r.20210403.0300 and 2.6.0.a.20210403.0100:... Viktor Gurov
12:05 AM pfSense Plus Feature #10804 (Resolved): Interface Status page information for switch uplinks may be replaced by switch port data when media state monitoring is set
Viktor Gurov

04/03/2021

07:48 PM Bug #11778 (New): OpenVPN uses 100% CPU after experiencing packet loss
I have two OpenVPN clients set up in a gateway group and when I was running 2.4.5p1 this was fine I had zero problems... Jason NA
06:16 PM pfSense Plus Feature #10804: Interface Status page information for switch uplinks may be replaced by switch port data when media state monitoring is set
Status>Interfaces shows tagged ports
Netgate XG-7100
21.02.2-RC (amd64)
built on Sat Apr 03 03:04:06 EDT 2021... Alhusein Zawi
05:57 PM Bug #11777: Input validation prevents DNS Resolver from being disabled
sorry noob mistake name= services_unbound.php : unbound dns resolver error on disable
affected architecture is amd64... Martin Thygesen
05:51 PM Bug #11777 (New): Input validation prevents DNS Resolver from being disabled
When trying to disable unbound, the following error prevents the service from being turned off.
-----------------
... Martin Thygesen
05:41 PM Regression #11702: RAM Disk Settings shows Kernel Memory at ``0`` Kb and does not allow the user to create RAM disks
Created RAM Disks on SG-2100 on 21.05.a.20210403.0100 - reports correctly on dashboard following apply/reboot Jordan G
11:49 AM Bug #11706: Renewing a certificate without a ``type`` value assumes a server certificate
I've done the test again on 2.5.0-RELEASE. The outcome is the same.
Initially, I created TestUserCert(User Type)... Danilo Zrenjanin
07:24 AM pfSense Plus Regression #11436: State matching problem with reponses to packets arriving on non-default WANs
I've reproduced the issue, and believe I have a fix.
I'm still trying to work out why it didn't happen on CE though. Kristof Provost
07:02 AM Bug #11776 (Rejected): Overwrite /boot.config and /boot/loader.conf when you use a serial console pfsense installation.
Function setup_loader_settings (https://github.com/pfsense/pfsense/blob/8b424bca02372246210fba3cf36045a704c11ae3/src/... André Cirne
04:02 AM Regression #11775 (Resolved): State counters not updating and always show 0/0 since last few updates
Not exactly sure which update caused this but it is within the last few weeks. When looking at my firewall rules ever... Craig Weber
03:21 AM Regression #11433: Gateways with "Use non-local gateway" set are not added to routing table
Hi guys,
I'm just facing this bug after an update to 2.5.0. Unfortunatly, gitlab.netgate.com is actually OFF, I can'... Frank Soyer
12:07 AM Bug #3709: Disabled static route entries trigger 'route delete' error at boot
after creating the same openvpn route as static, the route table will add static route Gateway(not openvpn GW)
afte... Alhusein Zawi

04/02/2021

12:44 PM Bug #11774: unbound control shows SSL error
Also, I get no stats under Status > DNS Resolver Nitin Gupta
11:56 AM Bug #11774 (Duplicate): unbound control shows SSL error
When executing the following command:... Nitin Gupta
11:58 AM pfSense Packages Bug #11637: Preprocs - possible to create two defaults
This problem is corrected by Pull Request 1058 here: https://github.com/pfsense/FreeBSD-ports/pull/1058. This issue ... Bill Meeks
11:57 AM pfSense Plus Bug #11466: PHP exits with signal 11 on SG-3100 when calling PCRE functions
One of the issues identified in this ticket, the logging of "blank" interface names and the display of "Unknown" as t... Bill Meeks
09:04 AM Bug #11773 (Rejected): Using SSL/TLS for outgoing DNS Queries in forwarding mode can cause DNS to hang following the restoration of WAN connectivity
I have unbound setup in forwarding mode to use "SSL/TLS for outgoing DNS Queries to Forwarding Servers". Unfortunatel... Richard Yao

04/01/2021

10:19 PM Regression #11729 (Resolved): Automatic default gateway mode does not select expected entries
Alhusein Zawi
10:19 PM Regression #11729: Automatic default gateway mode does not select expected entries
fixed
creating a LAN GW is not switching default GW.
2.5.1-RC (amd64)
built on Thu Apr 01 11:53:55 EDT 2021... Alhusein Zawi
09:08 PM Bug #11428: CPU details are incorrect in the System Information widget after resetting log files
Bearny B. wrote:
> Bearny B. wrote:
> > Some CPU Type information disappear after reset the log files under Status.... Michael Spears
09:03 PM Bug #11469: Pfsense 2.5.0 not working with Generation 2 Hyper-V VM
Marcos Mendoza wrote:
> Given the ZFS error, this actually may be the following issue:
> https://redmine.pfsense.or... Michael Spears
04:26 PM pfSense Plus Feature #11772: Layer 2 Tunnel Bonding Capability
Bonus points on this one: A "wizard" which can be run on the "central office" end PF to create the configuration for... Clint Guillot
04:22 PM pfSense Plus Feature #11772 (New): Layer 2 Tunnel Bonding Capability
Ability to tunnel traffic over multiple WAN connections back to another PF appliance at a central location in order t... Clint Guillot
02:48 PM Bug #11734 (Pull Request Review): NAT rule overlap detection is inconsistent
Jim Pingle
01:15 PM pfSense Docs Correction #11258 (Closed): Feedback on Installing and Upgrading — Prepare Installation Media — Prepare a USB Memstick
Jim Pingle
01:15 PM pfSense Docs Correction #9378 (Closed): Feedback on Virtualization — Virtualizing pfSense with Proxmox
Jim Pingle
01:15 PM pfSense Docs Correction #9951 (Closed): Feedback on VPN — OpenVPN — Configuring a Single Multi-Purpose OpenVPN Instance
Jim Pingle
01:14 PM pfSense Docs New Content #11150 (Closed): vpn_ipsec_export_win.php missing from help.php
Jim Pingle
01:14 PM pfSense Docs New Content #11238 (Closed): LAGG (Link Aggregation)
Jim Pingle
01:13 PM pfSense Docs Correction #11162: Feedback on Backup and Recovery — Making Backups in the GUI
I added a section on backup compatibility with explains in more detail about what can/cannot be restored between vers... Jim Pingle
12:21 PM pfSense Packages Bug #11771: Darkstat WebGUI Cannot be accessed when Pfsense is accessed via a DNS name
Nevermind, it's the SSL business. The "Access Darkstat" button tries to use SSL and the browser is complaining and n... Jon V
12:10 PM pfSense Packages Bug #11771 (Rejected): Darkstat WebGUI Cannot be accessed when Pfsense is accessed via a DNS name
There must be something wrong in your testing. The firewall can't tell if it's being accessed by IP address or hostna... Jim Pingle
12:01 PM pfSense Packages Bug #11771 (Rejected): Darkstat WebGUI Cannot be accessed when Pfsense is accessed via a DNS name
Lets say you have a DNS entry "pfsense-local" the configuration of Darkstat only works when you navigate to 192.168.1... Jon V
12:00 PM pfSense Packages Bug #11768 (Pull Request Review): FRR OSPF - Comment field within the ospf interfaces gets longer and longer
Jim Pingle
11:29 AM pfSense Packages Bug #11768: FRR OSPF - Comment field within the ospf interfaces gets longer and longer
fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/80 Viktor Gurov
08:56 AM pfSense Packages Bug #11768 (Resolved): FRR OSPF - Comment field within the ospf interfaces gets longer and longer
The comment field in the assigned ospf interfaces gets longer e.g.
interface ovpns1
description "ospfd: vpn230 D... Robert Sailer
11:28 AM pfSense Plus Bug #11770 (New): Pantech UML295 USB Modem No Longer Functional
The Pantech UML295 modem in the USB port is caused pfSense to hang on reboot when upgrading to version 21.02 of the s... Kris Phillips
10:51 AM Bug #11769 (Pull Request Review): Sanitize Captive Portal RADIUS MAC secret in status output
Jim Pingle
09:25 AM Bug #11769: Sanitize Captive Portal RADIUS MAC secret in status output
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/216 Viktor Gurov
09:06 AM Bug #11769 (Resolved): Sanitize Captive Portal RADIUS MAC secret in status output
RADIUS MAC Secret (`<radmac_secret>`) is not sanitized:... Viktor Gurov
10:50 AM Bug #11767 (Pull Request Review): Sanitize OpenVPN Client Export certificate password in status output
Jim Pingle
09:25 AM Bug #11767: Sanitize OpenVPN Client Export certificate password in status output
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/216 Viktor Gurov
09:04 AM Bug #11767: Sanitize OpenVPN Client Export certificate password in status output
example:... Viktor Gurov
08:37 AM Bug #11767 (Closed): Sanitize OpenVPN Client Export certificate password in status output
Certificate Password (Password used to protect the certificate file contents) `<pass>` is not sanitized from status_o... Viktor Gurov
08:47 AM Regression #11758 (Closed): Broadcom NetXtreme and QLogic 10 Gigabit Ethernet adapters are not available in 2.5.1 / 2.6
all there:... Viktor Gurov
07:44 AM Bug #11765 (Pull Request Review): Invalid HTML encoding in modal Notices window
Jim Pingle
01:49 AM Bug #11765: Invalid HTML encoding in modal Notices window
fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/215 Viktor Gurov
01:15 AM Bug #11765 (Closed): Invalid HTML encoding in modal Notices window
In some cases it shows "&amp;lt;head&amp;gt" instead of "<head>":... Viktor Gurov
03:54 AM pfSense Packages Bug #11766: Certificate no more pointed "in use" by haproxy
Also seeing this - see my comments in linked thread JohnPoz _
03:37 AM pfSense Packages Bug #11766 (Resolved): Certificate no more pointed "in use" by haproxy
https://forum.netgate.com/topic/162606/certificate-no-more-pointed-in-use-by-haproxy:
I've seen in version 2.5 that ... Viktor Gurov

03/31/2021

01:39 PM Revision 3bf54e0d: Firewall Schedules edit fix. Issue #11747
(cherry picked from commit 18f7c1cb378cbfc8109c4aff3eb734048a4bc299) Viktor Gurov
01:39 PM Bug #11651: Error when adding both IPv4 and IPv6 P2 under an IPv4 or IPv6 only IKEv1 P1
Jim Pingle wrote:
> After the PR is merged this whole docs page can go away: https://docs.netgate.com/pfsense/en/lat... Jim Pingle
01:24 PM Revision 68f7d49e: Fix #11760: Make sure log file exist
Prevent PHP complaining about log file not found and create an empty
file when it doesn't exist. In this case return... Renato Botelho
01:24 PM Revision a7086b04: Fix #11760: Make sure log file exist
Prevent PHP complaining about log file not found and create an empty
file when it doesn't exist. In this case return... Renato Botelho
01:16 PM Bug #11383 (Feedback): pfSense Proxy Authentication not working
Fix pushed on FreeBSD-src repository.
Upstream ticket - https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=220468 Renato Botelho
12:47 PM pfSense Plus Regression #11436: State matching problem with reponses to packets arriving on non-default WANs
I am trying to reproduce with CE my scenario in a virtual environment and was having issues, good to know it doesn't ... Grant Derhofer
11:03 AM Bug #11764: IPv6 link local gateway default status not indicated in GUI
In this case, the gateway is from the WAN interface which is set to DHCPv6. Jim Pingle
11:01 AM Bug #11764 (Resolved): IPv6 link local gateway default status not indicated in GUI
In certain cases an IPv6 link-local gateway is not marked as default in the Dashboard widget or on status_gateways.ph... Jim Pingle
08:42 AM Bug #11652 (Resolved): Unable to renew a certificate without a SAN
works as expected on 2.5.1.r.20210330.1803 Viktor Gurov
08:40 AM Regression #11747: Firewall rule schedule cannot be changed
Patch works for me when I test it, picked back so it doesn't get missed. Jim Pingle
08:30 AM Regression #11760 (Feedback): PHP error on package install
Applied in changeset commit:a7086b04cae21ca742fdeefd1019ee1401b6dded. Renato Botelho
04:55 AM Regression #11760: PHP error on package install
I'll fix it Renato Botelho
02:29 AM Regression #11760 (Closed): PHP error on package install
https://github.com/pfsense/pfsense/commit/8e2960cc32c25f34d0bf8f122429df8edae58a94
and
https://github.com/pfsense/p... Viktor Gurov
08:11 AM Bug #11762 (Pull Request Review): Invalid combinations of TCP flag matching options cause ``pfctl`` parser error
Jim Pingle
07:57 AM Bug #11762: Invalid combinations of TCP flag matching options cause ``pfctl`` parser error
extra input validation:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/214 Viktor Gurov
07:46 AM Bug #11762: Invalid combinations of TCP flag matching options cause ``pfctl`` parser error
Updating subject for release notes Jim Pingle
07:25 AM Bug #11762 (Resolved): Invalid combinations of TCP flag matching options cause ``pfctl`` parser error
... Viktor Gurov
08:06 AM Bug #11748 (Pull Request Review): Automated corruption recovery from cached ``config.xml`` backup files should check multiple backups
Jim Pingle
06:16 AM Bug #11748: Automated corruption recovery from cached ``config.xml`` backup files should check multiple backups
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/213 Viktor Gurov
07:58 AM pfSense Packages Bug #11763 (New): Traffic graphs refresh issue
Using Windows 10 20H2 and Chrome 89.
If Main page of pfsense is opened with traffic graphs displayed for a while (... Laurent BONNIN
07:30 AM Bug #11754 (Pull Request Review): Digital Ocean Dynamic DNS help text is incorrect
Jim Pingle
06:52 AM pfSense Packages Bug #11753: Enabling DNS over HTTPS/TLS Blocking in pfBlockerNG Causes Crash
Thanks @BBcan177, that was exactly it. Leave it to us dumb users to break stuff. lol. Jeff Strand
04:52 AM Bug #11761 (New): L2TP/IPsec VPN : PPP LCP negotiation occurs before user authentication
We are using pfSense to provide a l2tp/ipsec VPN connectivity to our users.
Users are using the Windows 10 (20h2) na... Chris Sibers
03:39 AM pfSense Packages Bug #11756: HaProxy does not transfer backend states during reload
Hi Viktor, I do not think that the ticket you linked is correct. I am specifically talking about the config option "l... Florian Apolloner
03:11 AM pfSense Packages Bug #11756: HaProxy does not transfer backend states during reload
fixed in haproxy-devel: #10599 Viktor Gurov
01:28 AM Bug #11759 (New): Traffic graphs on dashboard double upload on pppoe links
This is a long standing issue, also existing on previous versions
When looking at graphs, upload traffic appears at ... net blues
01:13 AM Regression #11758: Broadcom NetXtreme and QLogic 10 Gigabit Ethernet adapters are not available in 2.5.1 / 2.6
https://gitlab.netgate.com/pfSense/FreeBSD-src/-/merge_requests/5 Viktor Gurov
12:58 AM Regression #11758: Broadcom NetXtreme and QLogic 10 Gigabit Ethernet adapters are not available in 2.5.1 / 2.6
qlxgb - #9891 Viktor Gurov
12:56 AM Regression #11758 (Closed): Broadcom NetXtreme and QLogic 10 Gigabit Ethernet adapters are not available in 2.5.1 / 2.6
QLogic 10 Gigabit Ethernet (qlxgb) #11750
Broadcom NetXtreme (bnxt) #9155
missed from 2.5.1/2.6:... Viktor Gurov
01:06 AM Feature #11750: Support for network interfaces using the ``qlnxe`` driver
https://gitlab.netgate.com/pfSense/FreeBSD-src/-/merge_requests/11 Viktor Gurov

03/30/2021

11:59 PM Bug #11105 (Resolved): IPv6 RA RDNSS lifetime is too short, not compliant with RFC 8106
Viktor Gurov
08:47 PM pfSense Packages Bug #11753: Enabling DNS over HTTPS/TLS Blocking in pfBlockerNG Causes Crash
When you enable Doh/DoT Blocking, you must select atleast one of the lists below. I will add some input validation an... BBcan177 .
08:24 PM Revision c5b0f351: Revise MVC provision
Steve Beaver
07:47 PM Revision 8b7f7e66: Automatic default gateway set fix. Issue #11729
(cherry picked from commit f511939a42fbf9002d58f53f4d61e71dca20a4a6) Viktor Gurov
07:46 PM Revision f511939a: Automatic default gateway set fix. Issue #11729
Viktor Gurov
07:28 PM Revision d5ed3d86: Remove Wireguard reference in header
Steve Beaver
06:55 PM Revision 3abbccc9: Allow general access to create_interface_list() for MVC
Steve Beaver
06:24 PM Revision d670e31a: Updates the help text for DigitalOcean client setup. Issue #11754
Danilo Zrenjanin
05:10 PM pfSense Plus Regression #11436: State matching problem with reponses to packets arriving on non-default WANs
I can confirm that it does not occur in CE v5.0. I had the config operational before I migrated to Netgate x7100 with... Rick Strangman
04:10 PM pfSense Plus Regression #11436: State matching problem with reponses to packets arriving on non-default WANs
Jordan Bradley wrote:
> I'm using community edition and this bug is affecting me.
Based on your description above... Jim Pingle
04:08 PM pfSense Plus Regression #11436: State matching problem with reponses to packets arriving on non-default WANs
I'm using community edition and this bug is affecting me. Jordan Bradley
04:00 PM pfSense Plus Regression #11436: State matching problem with reponses to packets arriving on non-default WANs
A few notes:
* This only appears to affect pfSense Plus, not CE, which explains why some people cannot reproduce t... Jim Pingle
04:58 PM Regression #11751: Input validation prevents creating 1:1 NAT rules on IPsec
This bug quite ruined our environment.
Will be very greatfull for hotfix. Alex Lost
07:39 AM Regression #11751: Input validation prevents creating 1:1 NAT rules on IPsec
Tested here against 21.02 snapshot. Works as expected. Steve Wheeler
07:38 AM Regression #11751 (Pull Request Review): Input validation prevents creating 1:1 NAT rules on IPsec
Jim Pingle
05:14 AM Regression #11751: Input validation prevents creating 1:1 NAT rules on IPsec
fix also includes OpenVPN and L2TP VPN input validation:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests... Viktor Gurov
03:18 PM Feature #11757 (New): Allow XMLRPC sync to bypass default auth server in favor of local database
Some organizations with multiple firewall admins are using an external auth server as the system default for authenti... Max Leighton
02:48 PM Regression #11729 (Feedback): Automatic default gateway mode does not select expected entries
Merged and cherry-picked to 2.5.1 Renato Botelho
02:46 PM Regression #11524: Using SHA1 or SHA256 with AES-NI may fail if AES-NI attempts to accelerate hashing
Not enough time for 2.5.1 Renato Botelho
02:46 PM Regression #11545: Primary interface address is not always used when VIPs are present
Not enough time for 2.5.1 Renato Botelho
01:35 PM Bug #11754: Digital Ocean Dynamic DNS help text is incorrect
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/212 Danilo Zrenjanin
07:51 AM Todo #11755 (Closed): Upgrade OpenSSL to 1.1.1k
We already have an internal issue tracking this (NG 5939), and it was pulled into the tree yesterday.... Jim Pingle
02:19 AM Todo #11755 (Closed): Upgrade OpenSSL to 1.1.1k
https://www.openssl.org/news/vulnerabilities.html Luca De Andreis
04:33 AM pfSense Packages Bug #11756 (Feedback): HaProxy does not transfer backend states during reload
When reloading Haproxy (due to config changes for instance) the newly started process does not seem to remember the e... Florian Apolloner
04:32 AM Bug #11731: Missing support for Realtek USB NICs
Vincent Bentley wrote:
> Ase Karlsson wrote:
> > Hi,
> > Just made a support ticket to Netgate #80195 and was prom... Ase Karlsson
04:17 AM Bug #11731: Missing support for Realtek USB NICs
Ase Karlsson wrote:
> Hi,
> Just made a support ticket to Netgate #80195 and was prompted to summit a bug report he... Vincent Bentley
 

Also available in: Atom