Activity

30 days up to

User

Subprojects

Activity

From 04/04/2021 to 05/03/2021

05/03/2021

11:15 PM Bug #11883 (Closed): ``dhcp6withoutra_script.sh`` does not get executed when advanced options are set: In interfaces.inc:5274 (which gets executed if we have advanced options enabled) the "normal" script is used even whe... Flole Systems
07:55 PM Revision 5e264b0a: Enable build of pfSense-pkg-WireGuard: Renato Botelho
06:42 PM Revision 6a9fa747: Add spinning icon to IPsec status wait message: Steve Beaver
06:34 PM Bug #11882 (Needs Patch): NIC Passthrough in Virtualized pfSense 2.5.1 Crashes Hypervisor: Running pfSense 2.4.5 in Proxmox with Intel NIC passed through was stable for several months. After updating to 2.5.1... James Blanton
03:43 PM Bug #11881 (Not a Bug): Old Gateways show up: That is intentional. It errs on the side of not deleting historical data that someone may want to retain. Jim Pingle
03:31 PM Bug #11881 (Not a Bug): Old Gateways show up: Status -> Monitoring -> Quality -> Graph
There are old gateways listed that no longer exist Moritz Schwarz
01:03 PM Bug #11290: Package ``<plugins>`` and ``<tabs>`` content missing from configuration in some cases: Viktor Gurov wrote:
> Jeremy Utley wrote:
> > I am encountering this exact issue on 2.5.1 now. I have a pair of 2.... Jeremy Utley
11:27 AM Regression #11316: Unbound crashes with signal 11 when reloading: Had crash that even watchdog did not recover. tried manually restarting unbound via web GUI, status was showing as ok... Vaidotas Butkus
11:18 AM Regression #11316: Unbound crashes with signal 11 when reloading: Is there a release of the reverted unbound to try? I'm willing to try it.
I'm now crashing 3 or 4 times a day.
Mike Farmwald
11:12 AM Revision 35a52ca3: fix for missing 0 subnet when clone address entry, needed for vpn's that need two 0 subnets one for ipv4 and ipv6: Manojav Sridhar
09:22 AM Feature #10811: Randomize time of scheduled AutoConfigBackup runs: Applied patch to 21.02.2-RELEASE. Looks good there. Chris Linstruth
08:09 AM pfSense Packages Bug #11878 (Pull Request Review): squidguard dependencies missing: Jim Pingle
06:56 AM pfSense Packages Bug #11878: squidguard dependencies missing: fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/85 Danilo Zrenjanin
12:31 AM pfSense Packages Bug #11878 (Resolved): squidguard dependencies missing: pfSense-pkg-squidGuard must depend on pfSense-pkg-squid
https://forum.netgate.com/topic/158288/squidguard-dependen... Viktor Gurov
08:06 AM Bug #11877 (Pull Request Review): Labels and description disappear in firewall_schedule_edit.php: Jim Pingle
01:00 AM Bug #11877: Labels and description disappear in firewall_schedule_edit.php: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/233 Viktor Gurov
08:05 AM pfSense Packages Bug #11173 (Pull Request Review): Status>Monitoring parameters are hidden by the interactive graph: Jim Pingle
08:02 AM Feature #11876: OpenSSL does not use QAT acceleration on pfSense Plus 21.02-RELEASE-p1 or 21.05-DEVELOPMENT: It's not a bug per se, but a feature that does not yet exist (and which may not be as useful as you might expect):
... Jim Pingle
07:57 AM Bug #8013 (Pull Request Review): IPsec MSS clamping value shared for IPv4 and IPv6: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/230 Jim Pingle
07:48 AM pfSense Packages Bug #11874 (Not a Bug): Squid allows entering an invalid IP address into the Bypass Proxy for These Source IPs field: Jim Pingle
07:48 AM pfSense Packages Bug #11711 (Pull Request Review): New Squid Status Page Non-Functional: Jim Pingle
07:45 AM Bug #11873 (Pull Request Review): HTTP Referer error message text is incorrect: Jim Pingle
07:40 AM Feature #9877 (Pull Request Review): QEMU Guest Agent: Jim Pingle
07:40 AM Bug #11781 (Closed): Disable DNSSEC option for dnsmasq: This issue is not referring to an option in the GUI or CLI but a pkg build option:
On 2.5.1:... Jim Pingle
07:38 AM Bug #11815 (Rejected): NoIP.com Dynamic DNS update failure is not detected properly: Rejecting for now. If OP can provide more detail pointing to a potential cause or a reliable means of reproducing the... Jim Pingle
07:33 AM Bug #11820 (Rejected): Backup restore problem with webConfigurator: Rejecting for now since it cannot be reproduced. If someone can find a method capable of reproducing the problem reli... Jim Pingle
06:58 AM Bug #11880 (Closed): Missing ``/0`` subnet when cloning repeatable CIDR mask controls: PR : https://github.com/pfsense/pfsense/pull/4517 Christian McDonald
03:16 AM pfSense Packages Feature #11879 (Closed): Add support for SSL.com ACME server: Read more:
https://www.ssl.com/blogs/sslcom-supports-acme-protocol-ssl-tls-certificate-automation/
https://www.ssl.... Viktor Gurov
03:00 AM pfSense Docs Todo #11646 (Closed): Feedback on Virtual Private Networks — OpenVPN — OpenVPN and Multi-WAN: fixed Viktor Gurov

05/02/2021

06:41 PM pfSense Packages Bug #11173: Status>Monitoring parameters are hidden by the interactive graph: https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/84 Marcos M
03:57 PM Bug #11877 (Resolved): Labels and description disappear in firewall_schedule_edit.php: # Add a new entry under Firewall / Schedules
# Select a date
# Click "Add Time"
# The labels and description on th... Marcos M
02:08 PM Feature #11876 (New): OpenSSL does not use QAT acceleration on pfSense Plus 21.02-RELEASE-p1 or 21.05-DEVELOPMENT: QAT acceleration is not being utilized by OpenSSL.
The QAT driver is loaded... Adam Goldberg
08:52 AM pfSense Docs Todo #11875 (Closed): Feedback on Releases — 21.02/21.02-p1/2.5.0 New Features and Changes: *Page:* https://docs.netgate.com/pfsense/en/latest/releases/2-5-0.html
*Feedback:*
There is no know issue/errat... Viktor Gurov
05:48 AM Regression #11870: Setting MTU on VLAN does not set MTU on parent interface in 2.5.1: related to #9154 Viktor Gurov
05:14 AM Feature #9877: QEMU Guest Agent: build agent:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/232 Viktor Gurov
03:31 AM pfSense Packages Bug #11874: Squid allows entering an invalid IP address into the Bypass Proxy for These Source IPs field: works as expected -
192168.44.aa or 888.88.888.8 - is invalid IP, but valid hostname Viktor Gurov
02:08 AM pfSense Packages Bug #11711: New Squid Status Page Non-Functional: fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/83 Viktor Gurov
12:26 AM Bug #11873: HTTP Referer error message text is incorrect: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/231 Viktor Gurov
12:13 AM pfSense Packages Bug #11445 (Resolved): bgp as-path in wrong position: Viktor Gurov

05/01/2021

07:31 PM pfSense Packages Bug #11532 (Resolved): LCDproc service is not disabled: Tested on 0.10.8_9. Once LCDProc is disabled, the file at /usr/local/etc/rc.d/lcdproc.sh is removed as expected. Mark... Max Leighton
05:54 PM Bug #11453: ``wpa_supplicant`` uses 100% of a CPU core at boot: Greg Revelle wrote:
> MILO MEDIN wrote:
> > @rom racer, thanks for doing the build.
> >
> > I loaded it in 2.5... C HL
05:19 PM Regression #11805: Port forward rules only function through the default gateway interface, ``reply-to`` does not work for Multi-WAN (CE Only): > It is a kernel-level fix, not something that can be applied as a patch using that package.
Jim, thanks for the u... Rafael Possamai
04:52 PM Bug #11781: Disable DNSSEC option for dnsmasq: I couldn't find the DNSSEC option in the dnsmasq on 2.4.5-p1 and 2.5.1. Can you please provide more details on how to... Danilo Zrenjanin
04:41 PM pfSense Packages Bug #11874: Squid allows entering an invalid IP address into the Bypass Proxy for These Source IPs field: That field also accepts aliases and (though it's not recommended) hostnames, so it isn't quite that simple. Jim Pingle
04:40 PM pfSense Packages Bug #11874 (Not a Bug): Squid allows entering an invalid IP address into the Bypass Proxy for These Source IPs field: In Transparent Mode, Squid will allow entering an invalid IP address into the Bypass Proxy for These Source IPs field... Danilo Zrenjanin
04:07 PM Bug #11141 (Resolved): OpenVPN Wizard does not support gateway groups: OpenVPN Wizard shows GW group and GW group can be selected.
2.6.0.a.20210430.0100
Alhusein Zawi
03:58 PM Bug #11873 (Resolved): HTTP Referer error message text is incorrect: An HTTP Referer message gives not an accurate path to the location where it can be disabled.
"If not needed, this... Danilo Zrenjanin
03:02 PM pfSense Packages Bug #11763: Traffic graphs refresh issue: Unable to reproduce on 21.02.2 Michael Spears
03:00 PM pfSense Packages Bug #11445: bgp as-path in wrong position: fixed
router bgp 61000
no bgp network import-check
neighbor 192.168.1.99 remote-as 61000
neighbor 192.168.1.... Alhusein Zawi
02:01 PM Bug #11852: State table content on ``diag_dump_states.php`` does not sort properly: JohnPoz _ wrote:
> Not sure if bug or regression. But Columns in the diag_dump_states.php will not sort
>
> You ... Michael Spears
02:01 PM Bug #11815: NoIP.com Dynamic DNS update failure is not detected properly: I Ivanov wrote:
> DynDNS does not update IP address on service NoIP.com (paid), even though the address has changed,... Kris Phillips
01:55 PM Bug #11820: Backup restore problem with webConfigurator: Marcelo Gondim wrote:
> Hi all,
>
> A PFSense server that I have, had a disk problem and stopped working. For my ... Kris Phillips
01:17 PM Bug #11872: gif interfaces reporting incorrect traffic counters: This also affects packet counters too.
!https://i.imgur.com/6Cm2HNe.png! Dan Monaghan
01:14 PM Bug #11872 (New): gif interfaces reporting incorrect traffic counters: I've been running a gif tunnel on my pfSense box to Hurricane Electric's Tunnel Broker service for a number of years ... Dan Monaghan
11:07 AM pfSense Docs Correction #11871 (Resolved): SG-2100 must be manually power cycled after installation: The Reinstalling pfSense Plus Software document for the SG-2100 indicates that the unit will reboot automatically aft... Max Leighton

04/30/2021

03:24 PM pfSense Packages Bug #11543: SquidGuard 1.16.18_15 - returning wrong page: I´ve tested and when i try acess some page blocked , when i look to url is wrong
if i change this , its work.
So i´... Robson Ferreira
02:38 PM Regression #11870 (Not a Bug): Setting MTU on VLAN does not set MTU on parent interface in 2.5.1: When altering the MTU on a VLAN, the physical interface needs to follow. Currently it does not, and you have to assig... Carlos Montalvo J.
12:42 PM Regression #11795 (Feedback): Applying IPsec settings for more than ~30 tunnels times out PHP: This should be fixed on current snapshots by the following commits:
* commit:1622230a5ad99796c017d6da98520b67c15bb... Jim Pingle
12:00 AM Feature #11406 (Resolved): GUI option to set MTU for L2TP VPN server: "vpn MTU" option is added on 2.6.0.a.20210421.0100 Alhusein Zawi

04/29/2021

04:14 PM Revision a8ccdf50: Add IPsec GUI control for Child SA Start Action. Implements #11576: Jim Pingle
02:20 PM Revision 6e363140: Skip expired DHCP leases for ARP table content. Fixes #11510: (cherry picked from commit 148c79da63eb1912fce81838af341b294bf60849) Jim Pingle
02:20 PM Revision 148c79da: Skip expired DHCP leases for ARP table content. Fixes #11510: Jim Pingle
01:49 PM Revision ef6524c7: Fix variable being used before assignment. Fixes #11842: (cherry picked from commit 48860631d02e7aea6c03cef043a58081a1fadbb8) Jim Pingle
01:49 PM Revision 48860631: Fix variable being used before assignment. Fixes #11842: Jim Pingle
01:26 PM Bug #7801 (Pull Request Review): UDP fragments received over IPsec tunnel are not properly reassembled and forwarded: Jim Pingle
11:50 AM Bug #7801: UDP fragments received over IPsec tunnel are not properly reassembled and forwarded: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/230 Viktor Gurov
06:23 AM Bug #7801: UDP fragments received over IPsec tunnel are not properly reassembled and forwarded: Franciszek Koltuniuk wrote:
> Hi,
> I have a similar issue with fragmented packets send/received over IPsec tunnel... Viktor Gurov
11:45 AM Revision f7163f44: Fix missing ';': Steve Beaver
11:20 AM Feature #11576 (Feedback): IPsec GUI option to control Child SA ``start_action``: Applied in changeset commit:a8ccdf506d95df855f9779e3bb090e740154cb7f. Jim Pingle
11:14 AM pfSense Packages Bug #11173: Status>Monitoring parameters are hidden by the interactive graph: Looks like it's due to the height property on `.svg.nvd3-svg`. Though some extra styling needs to be done to make it ... Marcos M
09:30 AM Regression #11510 (Feedback): ARP Table populates hostname values using expired DHCP lease data: Applied in changeset commit:148c79da63eb1912fce81838af341b294bf60849. Jim Pingle
09:21 AM Regression #11510 (In Progress): ARP Table populates hostname values using expired DHCP lease data: I was able to reproduce this. I used a slightly different fix. Jim Pingle
08:55 AM Bug #11842 (Feedback): Captive Portal post-auth redirect is not properly respected: Applied in changeset commit:48860631d02e7aea6c03cef043a58081a1fadbb8. Jim Pingle
08:22 AM Bug #11842 (In Progress): Captive Portal post-auth redirect is not properly respected: I'll look into that ASAP, thanks for testing! Jim Pingle
08:11 AM Bug #11842: Captive Portal post-auth redirect is not properly respected: A feedback :
I saw my browser sending 'plain http' to the https port.
File /etc/inc/captiveportal.inc line 2261... Gertjan KROEB
08:00 AM Bug #11869 (Pull Request Review): OpenVPN client startup error if IPv6 Tunnel Network is defined in TAP mode: Jim Pingle
05:53 AM Bug #11869: OpenVPN client startup error if IPv6 Tunnel Network is defined in TAP mode: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/229 Viktor Gurov
05:41 AM Bug #11869 (Resolved): OpenVPN client startup error if IPv6 Tunnel Network is defined in TAP mode: If you define any "IPv6 Tunnel Network" in TAP mode,
an invalid 'ifconfig-ipv6' option is created in the config file... Viktor Gurov
07:59 AM Bug #11867 (Pull Request Review): Unquoted variable in ``dot.tcshrc`` can cause proxy password to be printed: Jim Pingle
12:30 AM Bug #11867: Unquoted variable in ``dot.tcshrc`` can cause proxy password to be printed: this bug causes not only printing the password in the shell, but also not populating the HTTP_PROXY_AUTH env variable... Viktor Gurov
07:31 AM Regression #11868: PHP error from missing ';' in util.inc line 2036: Login from command line, then:... Jens Leinenbach
07:30 AM Regression #11868 (Resolved): PHP error from missing ';' in util.inc line 2036: Already fixed by commit:f7163f442b514df4a0bbb6c7f66ce55279bb05e7 Jim Pingle
07:25 AM Regression #11868: PHP error from missing ';' in util.inc line 2036: I normally upgraded to version 2.6.0.a.20210429.0100 but the system didn't boot properly.
I had to add missing ";" i... Jens Leinenbach
05:28 AM Regression #11868: PHP error from missing ';' in util.inc line 2036: I've tried to upgrade 2.4.5p1 to 2.5.1: OK
2.5.1 to 2.6.0 snapshot : failed Luca De Andreis
04:56 AM Regression #11868 (Resolved): PHP error from missing ';' in util.inc line 2036: I've tried on a test virtual machine running on PfSense 2.4.5p1, upgrade to 2.6.0 snapshot failed, any idea ?
Very... Luca De Andreis
12:03 AM pfSense Packages Feature #11295 (Pull Request Review): DNSBL IDN support: Viktor Gurov

04/28/2021

07:21 PM Revision f381d8d8: Move protocol setup outside of foreach. It only needs to happen once: Steve Beaver
05:46 PM Revision 1622230a: Revise resolve_retry timing/action to avoid long delays in ipsec status results: Steve Beaver
05:09 PM Regression #11316: Unbound crashes with signal 11 when reloading: We're reverting to unbound 1.12 in order to restore stability. We have to backport at least one CVE for it, so it's ... Scott Long
04:13 PM Bug #11867 (Closed): Unquoted variable in ``dot.tcshrc`` can cause proxy password to be printed: https://github.com/pfsense/pfsense/blob/a7086b04cae21ca742fdeefd1019ee1401b6dded/src/etc/skel/dot.tcshrc#L71 causes u... John Runyon
02:05 PM Feature #11865 (Pull Request Review): Option to validate OpenVPN peer TLS certificate key usage: Jim Pingle
08:57 AM Feature #11865: Option to validate OpenVPN peer TLS certificate key usage: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/227 Viktor Gurov
08:31 AM Feature #11865 (Resolved): Option to validate OpenVPN peer TLS certificate key usage: As an additional security measure
https://openvpn.net/community-resources/reference-manual-for-openvpn-2-4/:
<pre... Viktor Gurov
12:10 PM Revision 3c8dcdf7: Add needed options to unbound112: Renato Botelho
11:26 AM Bug #11866: Update dnsmasq to 2.85 to fix CVE-2021-3448: pfSense 2.6.0 and pfSense Plus 21.05 appears to have 2.85,1 in the development builds. Kris Phillips
11:26 AM Bug #11866 (Closed): Update dnsmasq to 2.85 to fix CVE-2021-3448: dnsmasq has a new CVE for CVE-2021-3448. Not affected in 2.85 and beyond.
https://www.tenable.com/cve/CVE-2021-... Kris Phillips
09:14 AM Bug #11864: OpenVPN stays bound to previous IP address after interface changes: Currently only DHCP, SNMP, Gateways Monitoring, RRD Graphing and Syslog services are restarted on interface changes.
... Viktor Gurov
08:29 AM Bug #11864 (Resolved): OpenVPN stays bound to previous IP address after interface changes: Setup:
OpenVPN listening on UDP IPv4 on a VIP or physical interface.
Steps to recreate:
# While OpenVPN is runni... Marcos M
08:24 AM Regression #11775: State counters not updating and always show 0/0 since last few updates: I have the same issue on all 2.6.0 builds also. Tigger 2014
08:13 AM Bug #11863 (Resolved): Unable to create nested URL aliases: Adding an URL/URL Table (IPs/Ports) alias produces error:... Viktor Gurov
07:47 AM pfSense Docs New Content #11862 (Closed): Document High Availability IPSec: High Availability is a great feature, but lacks documentation/examples in a couple of areas. I tried to set up a VTI... Bill Somerville
07:40 AM Bug #11831 (Pull Request Review): Certificate Revocation tab does not list active users of CRL entries: Jim Pingle
01:23 AM Bug #11831: Certificate Revocation tab does not list active users of CRL entries: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/226 Viktor Gurov
07:28 AM Bug #6507: GRE and GIF tunnels on dynamic IPv6 interface are not brought up during boot: Updating subject to reflect that the PR corrects both GRE and GIF. Jim Pingle
07:27 AM Bug #11860 (Duplicate): GIF interfaces should be reconfigured when IPv6 address of a WAN-Interface changes: Thorsten Zitterell wrote:
> Viktor Gurov wrote:
> > should be fixed by https://gitlab.netgate.com/pfSense/pfSense/-... Jim Pingle
12:58 AM Bug #11860: GIF interfaces should be reconfigured when IPv6 address of a WAN-Interface changes: Viktor Gurov wrote:
> should be fixed by https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/63
> see #6507... Thorsten Zitterell
12:18 AM Bug #11860: GIF interfaces should be reconfigured when IPv6 address of a WAN-Interface changes: should be fixed by https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/63
see #6507 Viktor Gurov
07:27 AM Bug #11854: DNS resolver stopped by himself with fatal error: Jim Pingle wrote:
> Doesn't look exactly like #11316 but may be related. If not, it's a different Unbound bug that i... Yann Papouin
07:25 AM Bug #11829 (New): OpenVPN client certificate validation with OCSP always fails: Jim Pingle
02:18 AM Bug #11829: OpenVPN client certificate validation with OCSP always fails: Viktor Gurov wrote:
> Duplicate of #11830
Actually it is not duplicate, I've opened two of them as fixes have to ... Konstantin Panchenko

04/27/2021

11:59 PM Bug #11453: ``wpa_supplicant`` uses 100% of a CPU core at boot: MILO MEDIN wrote:
> @rom racer, thanks for doing the build.
>
> I loaded it in 2.5.1 and can confirm it fixes t... Greg Revelle
08:39 PM pfSense Plus Regression #11436: State matching problem with reponses to packets arriving on non-default WANs: This issue is for Plus only. The issue for CE is #11805
Jim Pingle
08:26 PM Revision dcf96e88: Test for empty negated addrs in pf rules. Fixes #11861: (cherry picked from commit 5401382ae85e57cd475d9460cde5732b755525a0) Jim Pingle
08:25 PM Revision 5401382a: Test for empty negated addrs in pf rules. Fixes #11861: Jim Pingle
07:42 PM Revision b3b62e67: Do not read cert key details if parsing key failed. Fixes #11859: (cherry picked from commit 55dc00701011c2547a55dabf7716d2939cadc509) Jim Pingle
07:41 PM Revision 55dc0070: Do not read cert key details if parsing key failed. Fixes #11859: Jim Pingle
07:22 PM Revision 7a010ad2: Fix PHP error in upgrade code. Fixes #11801: Change upgrade_212_to_213() so it unsets variables individually after
first testing if they are set. This avoids an e... Jim Pingle
07:21 PM Revision a6edfe27: Fix PHP error in upgrade code. Fixes #11801: Change upgrade_212_to_213() so it unsets variables individually after
first testing if they are set. This avoids an e... Jim Pingle
03:39 PM Bug #11407 (Closed): Removing a WireGuard tunnel in a middle position can break Add button behavior: Jim Pingle
03:38 PM Feature #11576 (In Progress): IPsec GUI option to control Child SA ``start_action``: Jim Pingle
03:35 PM Bug #11861 (Feedback): Error loading rules in certain cases where an interface is temporarily without an address: Applied in changeset commit:5401382ae85e57cd475d9460cde5732b755525a0. Jim Pingle
03:33 PM Bug #11861: Error loading rules in certain cases where an interface is temporarily without an address: As luck would have it that WAN just failed again and I was able to confirm that the fix I checked in corrects the pro... Jim Pingle
03:22 PM Bug #11861 (Closed): Error loading rules in certain cases where an interface is temporarily without an address: Had an interface event on my edge firewall yesterday where one WAN lost its interface address and resulted in an inva... Jim Pingle
02:56 PM Bug #11860 (Duplicate): GIF interfaces should be reconfigured when IPv6 address of a WAN-Interface changes: I have successfully configured my router for DS-lite (NetCom BW, Germany) using PPPoE for initial WAN setup (IPv4 & I... Thorsten Zitterell
02:50 PM Bug #11859 (Feedback): PHP error on certificate list due to unreadable private key: Applied in changeset commit:55dc00701011c2547a55dabf7716d2939cadc509. Jim Pingle
02:41 PM Bug #11859 (Closed): PHP error on certificate list due to unreadable private key: If a certificate private key is present, but corrupted and cannot be read, it can result in the following PHP error:
... Jim Pingle
02:30 PM Bug #11801 (Feedback): PHP error in ``upgrade_212_to_213()`` when upgrading certain IPsec tunnels: Applied in changeset commit:a6edfe2763df01132d56199faf9ac1dc99471f1c. Jim Pingle
02:27 PM Regression #11524: Using SHA1 or SHA256 with AES-NI may fail if AES-NI attempts to accelerate hashing: Another fix [1] was imported from FreeBSD and will be present on tomorrow's snapshots
[1] https://cgit.freebsd.org... Renato Botelho
11:17 AM pfSense Packages Todo #11845 (Resolved): Update OpenVPN client export installers to 2.5.2: Jim Pingle
11:12 AM pfSense Packages Todo #11845: Update OpenVPN client export installers to 2.5.2: Jim Pingle wrote:
> Need to test that the Windows installer export buttons download a working executable installer w... Viktor Gurov
09:47 AM Bug #11858 (Rejected): OpenVPN Client Interface Change Requires Reboot to Take Effect: This site is not for support or diagnostic discussion, and reports of issues on obsolete versions are also invalid.
... Jim Pingle
09:29 AM Bug #11858 (Rejected): OpenVPN Client Interface Change Requires Reboot to Take Effect: 2.4.5-RELEASE-p1, Netgate SG-5100
Just as the subject says. I tried restarting the service, and disabling the VPN... Web Dawg
09:29 AM Regression #11839: Panic on 21.05/2.6.0 snapshots when memory usage is high: This continues to be simple to hit and quite annoying. Installs that worked fine for years all of a sudden can't run ... Jim Pingle
09:21 AM Regression #11857 (Closed): Match rules cause pf error parsing rules: Having a match rule, either manually or from ALTQ traffic shaping, leads to a pfctl error loading the rules:... Jim Pingle
09:16 AM pfSense Packages Bug #10436: softflowd no longer sends flow data after upgrade (v0.9.9_1 -> v1.0.0): see:
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=255206
https://github.com/irino/softflowd/issues/38
Viktor Gurov
08:56 AM Regression #11805: Port forward rules only function through the default gateway interface, ``reply-to`` does not work for Multi-WAN (CE Only): Jens Groh wrote:
> If you don't mind: if the fix was checked into RELENG_2_5_0, could you post the fix/patch ID so o... Jim Pingle
08:53 AM Regression #11805: Port forward rules only function through the default gateway interface, ``reply-to`` does not work for Multi-WAN (CE Only): Jim Pingle wrote:
> 2.6.0 snapshots are currently working correctly, and the fix was checked into RELENG_2_5_0. What... Jens Groh
08:33 AM Bug #11855 (Pull Request Review): Error when changing MTU if the interface is used for both IPv4 and IPv6 default routes: Jim Pingle
06:23 AM Bug #11855: Error when changing MTU if the interface is used for both IPv4 and IPv6 default routes: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/225 Viktor Gurov
05:59 AM Bug #11855 (Resolved): Error when changing MTU if the interface is used for both IPv4 and IPv6 default routes: How to reproduce:
1) Configure both IPv4 and IPv6 default gateways on interface
2) Change interface MTU
3) Result:... Viktor Gurov
08:32 AM pfSense Packages Bug #11756 (Pull Request Review): HaProxy does not transfer backend states during reload: Jim Pingle
05:19 AM pfSense Packages Bug #11756: HaProxy does not transfer backend states during reload: fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/82 Viktor Gurov
08:31 AM Bug #11854 (Closed): DNS resolver stopped by himself with fatal error: Doesn't look exactly like #11316 but may be related. If not, it's a different Unbound bug that is out of our control.... Jim Pingle
03:08 AM Bug #11854 (Closed): DNS resolver stopped by himself with fatal error: 2.5.1-RELEASE (amd64)
built on Mon Apr 12 07:50:14 EDT 2021
Please note that nobody was editing pfsense settings... Yann Papouin
08:28 AM pfSense Packages Bug #11847 (Pull Request Review): Filters not applied to PEER Groups: Jim Pingle
02:44 AM pfSense Packages Bug #11847: Filters not applied to PEER Groups: fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/81 Viktor Gurov
08:26 AM Bug #11850 (Pull Request Review): NTP authentication input validation rejects valid keys: Jim Pingle
02:23 AM Bug #11850: NTP authentication input validation rejects valid keys: An MD5 key is a string of 20 random printable ASCII characters,
while a SHA key is a string of 40 random hex digits.... Viktor Gurov
08:01 AM pfSense Packages Bug #11853 (Duplicate): softflowd not sending flow data: Duplicate of #10436 Jim Pingle
08:01 AM Feature #11856: Replace/add Alias or DNS names for known LAN addresses in the State table: This is unlikely to be viable because it would scale very poorly. That said, if someone can come up with a way to do ... Jim Pingle
07:16 AM Feature #11856 (New): Replace/add Alias or DNS names for known LAN addresses in the State table: Looking at the State table it would be nice to have internal addresses shown as DNS names or aliases if it can be res... John Weithman

04/26/2021

10:53 PM Bug #11820: Backup restore problem with webConfigurator: Marcos Mendoza wrote:
> It may be that the webconfigurator needs to be restarted after the restore. Would you be abl... Marcelo Gondim
10:36 PM pfSense Packages Bug #11853 (Duplicate): softflowd not sending flow data: No flows being exported from the firewall (as reported by capture on the firewall) and hence no flows being collected... Nigel Smith
06:23 PM Bug #11453: ``wpa_supplicant`` uses 100% of a CPU core at boot: MILO MEDIN wrote:
> @rom racer, thanks for doing the build.
>
> I loaded it in 2.5.1 and can confirm it fixes t... Matt Johnson
06:15 PM Bug #11453: ``wpa_supplicant`` uses 100% of a CPU core at boot: @rom racer, thanks for doing the build.
I loaded it in 2.5.1 and can confirm it fixes the issue for me too.
MILO MEDIN
02:25 PM Regression #11795: Applying IPsec settings for more than ~30 tunnels times out PHP: I would add that it also takes a LONG time to pull ipsec status. Core Team
01:08 PM Bug #11852 (Resolved): State table content on ``diag_dump_states.php`` does not sort properly: Not sure if bug or regression. But Columns in the diag_dump_states.php will not sort
You can click on the column ... JohnPoz _
08:22 AM Bug #11678 (Resolved): Certificate Manager does not report Unbound as using a certificate: It works. It shows as in use when the certificate is active ("Enable SSL/TLS Service" checked), and it doesn't show i... Jim Pingle
08:07 AM pfSense Docs Todo #11849 (Rejected): CARP mode when upgrading HA clusters: This is all as expected.
If the button says "Enter ..." then it's not in maintenance mode. If the button says "Lea... Jim Pingle
07:53 AM pfSense Packages Todo #11845: Update OpenVPN client export installers to 2.5.2: Need to test that the Windows installer export buttons download a working executable installer which installs the exp... Jim Pingle
03:05 AM Bug #11851 (Closed): /etc/rc.start_packages double-starts some packages: During boot process, /etc/rc.start_packages double starts some packages, slowing down boot significantly in some case... Dave Tickem

04/25/2021

05:58 PM Bug #11453: ``wpa_supplicant`` uses 100% of a CPU core at boot: Hayden Hill wrote:
> rom racer wrote:
> > @Milo Medin, great find! I've published some details on the pfatt issue ... Matt Johnson
03:33 PM Bug #10955: XMLRPC sync results in an error when a failover peer IP address is specified in DHCP server settings for an unconfigured interface: Same for me, bug is present again Manuel Trier

04/24/2021

08:09 PM Bug #11453: ``wpa_supplicant`` uses 100% of a CPU core at boot: rom racer wrote:
> @Milo Medin, great find! I've published some details on the pfatt issue here as well as a patche... Hayden Hill
07:50 PM Bug #11453: ``wpa_supplicant`` uses 100% of a CPU core at boot: @Milo Medin, great find! I've published some details on the pfatt issue here as well as a patched wpa_supplicant:
... rom racer
06:54 PM pfSense Packages Bug #11753 (Resolved): Enabling DNS over HTTPS/TLS Blocking in pfBlockerNG Causes Crash: Confirmed pfBlockerNG 3.0.0_16 fixes this issue. There is a form validation that pops up at the top with a message n... Kris Phillips
06:14 PM pfSense Packages Bug #11711: New Squid Status Page Non-Functional: Based on the error messages, it would seem it's something with TLS negotiation, which is odd since it works fine with... Kris Phillips
06:13 PM pfSense Packages Bug #11711: New Squid Status Page Non-Functional: Status page with squidGuard disabled:
Squid Object Cache: Version 4.13
Build Info:
Service Name: squid
Start Ti... Kris Phillips
06:12 PM pfSense Packages Bug #11711: New Squid Status Page Non-Functional: Error message that shows up in the Status page with squidGuard enabled:
HTTP/1.1 503 Service Unavailable
Server: ... Kris Phillips
06:08 PM pfSense Packages Bug #11711: New Squid Status Page Non-Functional: Confirmed. You only need to enable squidGuard for the issue to become present. If you have it installed, but disabl... Kris Phillips
05:19 PM pfSense Packages Todo #11845: Update OpenVPN client export installers to 2.5.2: 21.02.2 reports the following versions while installing OvpnCE in package manager - openvpn-client-export-2.5.2/pfSen... Jordan G
03:50 PM Feature #11750: Support for network interfaces using the ``qlnxe`` driver: Viktor Gurov wrote:
> https://gitlab.netgate.com/pfSense/FreeBSD-src/-/merge_requests/11
That GitLab link seems b... Layla Mah
12:44 PM Bug #11850 (Closed): NTP authentication input validation rejects valid keys: I run into issues with the "Enable NTPv3 authentication (RFC 1305)" and more precisely whit entering a valit SHA-1 ke... Thomas Paetzold
12:11 PM Bug #11678: Certificate Manager does not report Unbound as using a certificate: Tested on the latest Development version.
It still doesn't show Unbound as a user of the certificate. I was able ... Danilo Zrenjanin
12:04 PM Feature #11790: Support hiding interface groups via special tag: Sure
https://github.com/theonemcdonald/pfSense-pkg-WireGuard
https://youtu.be/ljcJE7bZNWE
https://github.com... Christian McDonald
09:10 AM Feature #11790: Support hiding interface groups via special tag: Can you provide an example of how this would benefit a package? It'd be nice to have some context, thanks! Marcos M
10:25 AM pfSense Docs Todo #11849 (Rejected): CARP mode when upgrading HA clusters: The current documentation:
https://docs.netgate.com/pfsense/en/latest/install/upgrade-guide-ha.html
says to d... Nick Carr
09:00 AM Bug #11815: NoIP.com Dynamic DNS update failure is not detected properly: The logs make it sound less like it failed to update with the service, and more-so that the public IP at the time rem... Marcos M
08:48 AM Bug #11820: Backup restore problem with webConfigurator: It may be that the webconfigurator needs to be restarted after the restore. Would you be able to test again, and rest... Marcos M

04/23/2021

09:05 PM pfSense Packages Bug #11848 (New): Issue with squid cache download speed: I found a strange problem, when testing squid's cache using https://www.internode.on.net/support/tools/speed_test/
T... ageekhere ageekhere
01:33 PM Regression #11795: Applying IPsec settings for more than ~30 tunnels times out PHP: There must be more to it than just the number of tunnels. I generated a config with 40 dummy tunnels and it applies t... Jim Pingle
10:01 AM pfSense Packages Bug #11847 (Resolved): Filters not applied to PEER Groups: When creating a Peer group and adding an AS/Prefix filter or route map to the peer group, the generated configuration... Grant Gordon
07:18 AM Bug #11846 (Pull Request Review): Logging configuration added by a package is not removed on uninstall: Jim Pingle
12:51 AM Bug #11846: Logging configuration added by a package is not removed on uninstall: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/223 Viktor Gurov
12:43 AM Bug #11846 (Resolved): Logging configuration added by a package is not removed on uninstall: How to reproduce:
1) Install HAProxy-devel;
2) Check /var/etc/syslog.d/haproxy.log.conf file;
3) Uninstall HAPro... Viktor Gurov
12:13 AM Regression #11751: Input validation prevents creating 1:1 NAT rules on IPsec: Fiden Galvez wrote:
> Hi Victor:
> Please could you share again the fix, cause he link looks like it is dead.
Viktor Gurov

04/22/2021

06:10 PM Revision 697a99c1: Improve Captive Portal redirect URL handling.: * Fix handling of after auth redir URL value so it gets properly
respected as stated in the GUI. Fixes #11842
* Fix u... Jim Pingle
06:05 PM Revision de9ba32b: Improve Captive Portal redirect URL handling.: * Fix handling of after auth redir URL value so it gets properly
respected as stated in the GUI. Fixes #11842
* Fix u... Jim Pingle
03:12 PM pfSense Packages Todo #11845 (Feedback): Update OpenVPN client export installers to 2.5.2: Done. Available now in OpenVPN client export pkg version 1.6 on Plus 21.02.2 and CE 2.5.1.
Will be in snapshots fo... Jim Pingle
02:31 PM pfSense Packages Todo #11845 (Resolved): Update OpenVPN client export installers to 2.5.2: OpenVPN 2.5.2 fixes some bugs and a noteworthy CVE, "CVE-2020-15078":https://community.openvpn.net/openvpn/wiki/CVE-2... Jim Pingle
02:44 PM Regression #11751: Input validation prevents creating 1:1 NAT rules on IPsec: Hi Victor:
Please could you share again the fix, cause he link looks like it is dead.
Thank you Fiden Galvez
02:36 PM Todo #11844 (Feedback): Update OpenVPN to 2.5.2: Added to 2.6.0/21.05 Renato Botelho
02:28 PM Todo #11844 (Closed): Update OpenVPN to 2.5.2: OpenVPN 2.5.2 fixes some bugs and a noteworthy CVE, "CVE-2020-15078":https://community.openvpn.net/openvpn/wiki/CVE-2... Jim Pingle
01:20 PM Bug #11843 (Feedback): Potential XSS vulnerability in Captive Portal ``redirurl`` handling: Applied in changeset commit:de9ba32bd3531ccf74e143391deaacb77e085097. Jim Pingle
12:53 PM Bug #11843 (Closed): Potential XSS vulnerability in Captive Portal ``redirurl`` handling: The value of @redirurl@ is passed as-is from the client URL into a page result served to users in certain cases. If a... Jim Pingle
01:20 PM Bug #11842 (Feedback): Captive Portal post-auth redirect is not properly respected: Applied in changeset commit:de9ba32bd3531ccf74e143391deaacb77e085097. Jim Pingle
12:53 PM Bug #11842 (Closed): Captive Portal post-auth redirect is not properly respected: The value of "After authentication Redirection URL" in Captive Portal is supposed to override the automatically detec... Jim Pingle
10:11 AM Regression #11839: Panic on 21.05/2.6.0 snapshots when memory usage is high: Attaching another crash with a potentially more interesting backtrace. Jim Pingle
09:03 AM Regression #11839 (Closed): Panic on 21.05/2.6.0 snapshots when memory usage is high: On several systems (hardware and VMs) running Plus 21.05 and CE 2.6.0 snapshots I am seeing panics when the systems a... Jim Pingle
09:30 AM pfSense Packages Bug #11841 (New): FRR access lists default bahavior changed to permit by default: Free Range Routing's Access List behavior in pfSense 2.5.x has changed fundamentally from previous versions, changing... Gavin Owen
08:30 AM pfSense Packages Bug #11838 (Needs Patch): FRR ospf6d consumes all available memory+swap after an interface event: In certain cases ospf6d will consume all RAM and swap after an interface event. For me, the easiest way to reproduce ... Jim Pingle
07:11 AM Bug #11586 (Not a Bug): WireGuard panic when saving many times in a row: Jim Pingle
06:34 AM Bug #11586: WireGuard panic when saving many times in a row: Unable to reproduce this on the latest kmod code..and I've been quite aggressive at building and tearing down tunnels... Christian McDonald
07:08 AM pfSense Packages Feature #11837 (New): Increase field length of FRR Networks in Access Lists and Prefix Lists: The field lengths for the network statements within the Free Range Routing package's Access Control List and Prefix-L... Gavin Owen
06:40 AM pfSense Packages Bug #11836 (Confirmed): FRR ACCEPTFILTER shows out of order prefix-list: Adding entries to the ACCEPTFILTER prefix-list creates erratic behavior within the FRR running configuration.
Have... Gavin Owen
06:32 AM Bug #11587: WireGuard interfaces do not have data on traffic graphs: Bumping this so Renato sees it, since we are closing issues :) Christian McDonald
06:05 AM Bug #11600 (Not a Bug): WireGuard interfaces should have MSS clamping enabled by default: Renato Botelho
05:42 AM Bug #11600: WireGuard interfaces should have MSS clamping enabled by default: This seems to no longer be a requirement, as WireGuard by design should be able to pass larger MTUs within the tunnel... Christian McDonald
06:05 AM Bug #11339 (Not a Bug): Odd console output when WireGuard is running: Renato Botelho
05:41 AM Bug #11339: Odd console output when WireGuard is running: Not seeing this on the latest kmod code Christian McDonald
04:53 AM Bug #8618: 2.4.4 *possible bug* with Intel C3858 and Interface Auto-Detection on 10Gb interfaces: Sorry for reviving an old thread but the problem remains in 2021.
I just purchased a Supermicro A2SDi-TP8F and the... Alexandre Tatut
03:19 AM Bug #11830: Certificate validation with OCSP always fails in ``openvpn.tls-verify.php``: see also #11829 Viktor Gurov
03:19 AM Bug #11829 (Duplicate): OpenVPN client certificate validation with OCSP always fails: Duplicate of #11830 Viktor Gurov
03:02 AM pfSense Packages Bug #11835 (New): FRR OSPF redistributed connected routes disappearing: pfSense/FRR is flushing and repropagating certain OSPF routes unnecessarily, causing outages.
Scenario is two fire... Gavin Owen
01:52 AM Feature #11164 (Resolved): Input validation to prevent setting a load balancing gateway group as default: Viktor Gurov

04/21/2021

09:19 PM Feature #11164: Input validation to prevent setting a load balancing gateway group as default: note is added (attached)
2.6.0-DEVELOPMENT (amd64)
built on Wed Apr 21 01:03:55 EDT 2021
FreeBSD 12.2-STABLE Alhusein Zawi
04:05 PM Bug #11834 (Rejected): Default gateway unsets (world icon goes) & default route changes from IP to MAC address: This site is not for support or diagnostic discussion and there is not enough information here to suggest it is a bug... Jim Pingle
03:46 PM Bug #11834: Default gateway unsets (world icon goes) & default route changes from IP to MAC address: Ben Edmunds wrote:
> I have recently added a second WAN link and notice that around once every 8 or so hours my defa... Tigger 2014
03:42 PM Bug #11834 (Rejected): Default gateway unsets (world icon goes) & default route changes from IP to MAC address: I have recently added a second WAN link and notice that around once every 8 or so hours my default route is broken an... Tigger 2014
02:33 PM Bug #11502 (Not a Bug): WireGuard ``matchaddr failed`` kernel messages in system log: Renato Botelho
02:10 PM Bug #11502: WireGuard ``matchaddr failed`` kernel messages in system log: Unable to reproduce this now with latest kmod code. Christian McDonald
01:41 PM Regression #11795: Applying IPsec settings for more than ~30 tunnels times out PHP: Currently running on 21.02.2-RC code on zColo vpn concentrators, along with a patch to fix VTI creation issues after ... Core Team
11:48 AM Bug #11828: PPPOE not working VPN not workin Blocking internet and pfsense gui is blocked after upgrade 2.4.5 to 2.5.1: also Nord VPN is down will not connect or if it doesn no internet and then goes down
Site to Site OPENVPN does co... mike nah
11:19 AM Bug #11828: PPPOE not working VPN not workin Blocking internet and pfsense gui is blocked after upgrade 2.4.5 to 2.5.1: also packages dont import it sticks on Please wait while the update system initializes
does nothing i guess thats n... mike nah
08:06 AM Bug #11828: PPPOE not working VPN not workin Blocking internet and pfsense gui is blocked after upgrade 2.4.5 to 2.5.1: i seen the ppp on the 2.4.5 so your saying it gets deleted in 2.5.1. so i gotta re add it
PPPOe WAN OpenVPN ... mike nah
07:55 AM Bug #11828: PPPOE not working VPN not workin Blocking internet and pfsense gui is blocked after upgrade 2.4.5 to 2.5.1: Jim Pingle wrote:
> I can't reproduce anything like that here on PPPoE -- please keep the discussion going on your f... mike nah
07:40 AM Bug #11828 (Not a Bug): PPPOE not working VPN not workin Blocking internet and pfsense gui is blocked after upgrade 2.4.5 to 2.5.1: I can't reproduce anything like that here on PPPoE -- please keep the discussion going on your forum thread until a m... Jim Pingle
09:48 AM Regression #11805: Port forward rules only function through the default gateway interface, ``reply-to`` does not work for Multi-WAN (CE Only): 2.6.0 snapshots are currently working correctly, and the fix was checked into RELENG_2_5_0. Whatever release happens ... Jim Pingle
09:42 AM Regression #11805: Port forward rules only function through the default gateway interface, ``reply-to`` does not work for Multi-WAN (CE Only): I don't know if this is substantial new information, especially if a fix is already under development. But what I fig... Emanuel Birkmann
07:16 AM Regression #11805 (Feedback): Port forward rules only function through the default gateway interface, ``reply-to`` does not work for Multi-WAN (CE Only): I cleaned up the comments again. *Please do not comment unless you have substantial new information*. Otherwise, keep... Jim Pingle
01:05 AM Regression #11805: Port forward rules only function through the default gateway interface, ``reply-to`` does not work for Multi-WAN (CE Only): Adam Kuklycz wrote:
> Now, with Jim removing a handful of comments saying they too have the issue, it gives the perc... Kristof Provost
09:45 AM Revision 91bdd4ef: Do not remove IPv6 link-local vips on secondary during hasync, refs: #11103: znerol
09:44 AM Revision 55b55478: Do not remove route upon radvd shutdown, refs: #11103: znerol
09:02 AM Bug #11188 (Resolved): MultiWAN setup NAT issue: Resolved in #11436 Viktor Gurov
08:03 AM Bug #11833 (Rejected): Bugg version 2.5.0 and 2.5.1: This site is not for support or diagnostic discussion.
For assistance in solving problems, please post on the "Net... Jim Pingle
07:59 AM Bug #11833 (Rejected): Bugg version 2.5.0 and 2.5.1: Hello,
Since I upgraded to version 2.5.0, my OPENVPN goes down and then the DHCP also goes down and I don't have acc... Francis TAISANERIE
08:00 AM Bug #11832 (Pull Request Review): ``ipsec_vti()`` does not skip disabled VTI entries: Jim Pingle
05:09 AM Bug #11832: ``ipsec_vti()`` does not skip disabled VTI entries: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/222 Viktor Gurov
05:06 AM Bug #11832 (Closed): ``ipsec_vti()`` does not skip disabled VTI entries: https://github.com/pfsense/pfsense/blob/3af1961155caafb890cfb635d7278e1498ae7423/src/etc/inc/ipsec.inc#L959:... Viktor Gurov
07:49 AM Feature #11103 (Pull Request Review): Use virtual link local IP address as RA source address for HA environments: Jim Pingle
05:03 AM Feature #11103: Use virtual link local IP address as RA source address for HA environments: Found another thing I've missed before:
https://github.com/pfsense/pfsense/pull/4515 znerol znerol
07:43 AM Regression #11806 (Pull Request Review): IPv4 link-local (``169.254.x.x``) gateway does not function: Jim Pingle
05:16 AM Regression #11806: IPv4 link-local (``169.254.x.x``) gateway does not function: Viktor Gurov wrote:
> Jim Pingle wrote:
> > Limiting the change from #11713 to only IPv6 addresses partially solves... Viktor Gurov
01:13 AM Regression #11806: IPv4 link-local (``169.254.x.x``) gateway does not function: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/221
"route has not been found" - another issue and not... Viktor Gurov
07:11 AM Bug #11808 (Resolved): Ignore WireGuard configurations under ``<installedpackages></installedpackages>``: Renato Botelho
04:50 AM Bug #11808: Ignore WireGuard configurations under ``<installedpackages></installedpackages>``: This is working as expected! Christian McDonald
04:04 AM Bug #11662 (Pull Request Review): QinQ using OpenVPN ``ovpn`` interface as a parent is not configured at boot time: Viktor Gurov
03:43 AM Bug #11831 (Resolved): Certificate Revocation tab does not list active users of CRL entries: Unlike "CAs" and "Certificates" pages, "Certificate Revocation" doesn't show the services names in the "In Use" colum... Viktor Gurov
02:59 AM Bug #11290: Package ``<plugins>`` and ``<tabs>`` content missing from configuration in some cases: Jeremy Utley wrote:
> I am encountering this exact issue on 2.5.1 now. I have a pair of 2.5.1 PFSense CE installs w... Viktor Gurov

04/20/2021

09:53 PM Bug #11830 (Closed): Certificate validation with OCSP always fails in ``openvpn.tls-verify.php``: Certificate validation by the script will always fail:
1. exec function used to call "openssl ocsp" returns only the... Konstantin Panchenko
09:40 PM Bug #11829 (Closed): OpenVPN client certificate validation with OCSP always fails: Establishing OpenVPN tunnel will always fail if "Check client certificates with OCSP" enabled.
OpenVPN will call "ov... Konstantin Panchenko
08:58 PM Regression #11524 (Feedback): Using SHA1 or SHA256 with AES-NI may fail if AES-NI attempts to accelerate hashing: Regression fixed in 2.6 devel. Luiz Souza
12:53 PM Regression #11524: Using SHA1 or SHA256 with AES-NI may fail if AES-NI attempts to accelerate hashing: After inspecting the code, disabling the SHA functionality in AES-NI is the best course of action. Jim Pingle
07:53 PM Bug #11828 (Not a Bug): PPPOE not working VPN not workin Blocking internet and pfsense gui is blocked after upgrade 2.4.5 to 2.5.1: i not sure if i filled in the problems the in proper format you guys want from the page requirements.. hope its ok
... mike nah
06:41 PM Regression #11805: Port forward rules only function through the default gateway interface, ``reply-to`` does not work for Multi-WAN (CE Only): I also have the same problem! Reinaldo Alves Feitosa
04:07 PM pfSense Packages Feature #11827 (New): Please include acme deploy folder/scripts: The acme project includes a @deploy@ folder with several dozen scripts available to the --deploy-hook switch.
pfSe... Pete Holzmann
02:02 PM pfSense Packages Feature #11826 (New): Preserve acme SAN Method parameters for new cert creations: In a given environment, it is very likely that SAN Method parameters (eg API Token) will be identical for every SAN c... Pete Holzmann
01:55 PM pfSense Plus Regression #11436: State matching problem with reponses to packets arriving on non-default WANs: Hi Kristof,
Sorry, my test was been incorrect, NPt actually works on 21.02.2-RELEASE (amd64).
My firewall rule wa... DRago_Angel [InV@DER]
01:23 PM pfSense Plus Regression #11436: State matching problem with reponses to packets arriving on non-default WANs: <removed> DRago_Angel [InV@DER]
06:49 AM pfSense Plus Regression #11436: State matching problem with reponses to packets arriving on non-default WANs: Please post your full configuration file (censor any passwords / keys) or e-mail it to me at kprovost@netgate.com.
Y... Kristof Provost
11:33 AM Bug #11678: Certificate Manager does not report Unbound as using a certificate: Jim Pingle wrote:
> Not so critical we need to rush it into this release, but the next one, sure.
Here's the real... Pete Holzmann
10:45 AM Feature #11825: Assign IPv6 address to WAN with PD-only ISP: Jim Pingle wrote:
> It's not viable to have addresses from the same subnet on two different interfaces. It places th... Jonathan Grande
10:22 AM Feature #11825 (Rejected): Assign IPv6 address to WAN with PD-only ISP: It's not viable to have addresses from the same subnet on two different interfaces. It places them into the same subn... Jim Pingle
10:09 AM Feature #11825 (Rejected): Assign IPv6 address to WAN with PD-only ISP: When the WAN interface is set to "request only an IPv6 prefix" (which is required by some ISPs), no IPv6 address is a... Jonathan Grande
08:41 AM Bug #11290: Package ``<plugins>`` and ``<tabs>`` content missing from configuration in some cases: I am encountering this exact issue on 2.5.1 now. I have a pair of 2.5.1 PFSense CE installs with IPSec connections t... Jeremy Utley
07:01 AM pfSense Packages Bug #11711: New Squid Status Page Non-Functional: it works fine after disabling SquidGuard Viktor Gurov
03:58 AM Feature #11406: GUI option to set MTU for L2TP VPN server: Alhusein Zawi wrote:
> There is no option to change MTU in L2TP VPN server
Please check on the latest 2.6 snapsho... Viktor Gurov
03:48 AM Regression #11806: IPv4 link-local (``169.254.x.x``) gateway does not function: Jim Pingle wrote:
> Limiting the change from #11713 to only IPv6 addresses partially solves the problem but also res... Viktor Gurov
01:50 AM Bug #11824 (Duplicate): pfSense 2.5.1 multi-WAN accepts inbound traffic only on default gatway: Duplicate of #11805 Viktor Gurov
12:29 AM Bug #11824 (Duplicate): pfSense 2.5.1 multi-WAN accepts inbound traffic only on default gatway: Before upgrade to 2.5.1, a dual-WAN device did accept inbound IPv4 traffic on both WAN connections according to NAT a... Michael Schefczyk
12:38 AM pfSense Plus Bug #11807: HA setup restarts all OpenVPN instances on the secondary after making any change on the primary: Edgar Escoboza wrote:
> PfSenseVersion.png demonstrates that we are on the latest version of the PfSense+
> CodeRev... Viktor Gurov

04/19/2021

08:30 PM pfSense Docs Todo #11812: Feedback on pfSense Configuration Recipes — Configuring IPv6 Through A Tunnel Broker Service: I disabled the GIF interface, DHCPv6, RA, IPv6 on LAN, and booted. I enabled them again and I could ping it as soon ... Steve Y
10:19 AM pfSense Docs Todo #11812: Feedback on pfSense Configuration Recipes — Configuring IPv6 Through A Tunnel Broker Service: I meant the actual pf ruleset not what was in the GUI -- /tmp/rules.debug or "pfctl -sr" output -- Since obviously wh... Jim Pingle
10:13 AM pfSense Docs Todo #11812: Feedback on pfSense Configuration Recipes — Configuring IPv6 Through A Tunnel Broker Service: Feel free to tell me to post in the forum, I thought a few times about where to suggest/report this. :)
The block:... Steve Y
09:58 AM pfSense Docs Todo #11812: Feedback on pfSense Configuration Recipes — Configuring IPv6 Through A Tunnel Broker Service: Ah, I misread that part and only caught that DNS wasn't working. Maybe a forced filter reload would have done it then... Jim Pingle
09:48 AM pfSense Docs Todo #11812: Feedback on pfSense Configuration Recipes — Configuring IPv6 Through A Tunnel Broker Service: DNS shouldn't affect pinging the IPv6 LAN IP though? Also why would the default block rule trigger? Could it be pfS... Steve Y
09:37 AM pfSense Docs Todo #11812: Feedback on pfSense Configuration Recipes — Configuring IPv6 Through A Tunnel Broker Service: Most likely the only thing you missed was restarting the DNS Resolver at the end of the process so that it could bind... Jim Pingle
06:23 PM pfSense Packages Feature #11823 (New): Route handling enhancements: In some cases, we have hundreds of routes from OSPF protocol and we only want to accept few of them in the local rout... Bruno Solal
03:06 PM Revision f91870d1: Load MAC OEM list when preparing ARP table. Fixes #11819: (cherry picked from commit 3af1961155caafb890cfb635d7278e1498ae7423) Jim Pingle
03:05 PM Revision 3af19611: Load MAC OEM list when preparing ARP table. Fixes #11819: Jim Pingle
02:55 PM pfSense Packages Bug #11822 (Resolved): Upgrade ClamAV to 0.103.2: To address https://www.tenable.com/plugins/nessus/148516 ClamAV should be upgraded to 0.103.2 Max Leighton
02:53 PM Bug #11821 (Rejected): Upgrade libcurl to version 7.76.0: To address CVE https://www.tenable.com/plugins/nessus/148517 libcurl should be upgraded to 7.76.0. Max Leighton
01:33 PM Bug #11820 (Rejected): Backup restore problem with webConfigurator: Hi all,
A PFSense server that I have, had a disk problem and stopped working. For my peace of mind I have regular ... Marcelo Gondim
01:15 PM Regression #11316: Unbound crashes with signal 11 when reloading: This really is a show stopper for us, I've upgraded from 2.4.5 2 days ago and now our unbound server is crashing cons... Christian Bourque
07:29 AM Regression #11316 (In Progress): Unbound crashes with signal 11 when reloading: Mike Farmwald wrote:
> Is there any hope for a fix? It's been quite a while and I don't see any progress.
> I'm hap... Jim Pingle
12:27 PM pfSense Plus Bug #11807: HA setup restarts all OpenVPN instances on the secondary after making any change on the primary: Marcos Mendoza wrote:
> This patch was applied to both pfSense Plus and CE. If you believe there is a regression or ... Edgar Escoboza
10:15 AM Regression #11819 (Feedback): MAC address OEM information missing from ARP table: Applied in changeset commit:3af1961155caafb890cfb635d7278e1498ae7423. Jim Pingle
10:05 AM Regression #11819 (Closed): MAC address OEM information missing from ARP table: The MAC OEM information usually displayed after MAC addresses is missing from the ARP table display on diag_arp.php. ... Jim Pingle
09:44 AM Bug #11816 (Pull Request Review): RFC 2136 Dynamic DNS client uses IPv6 alias VIP instead of Track IPv6 address for AAAA records: Jim Pingle
07:01 AM Bug #11816: RFC 2136 Dynamic DNS client uses IPv6 alias VIP instead of Track IPv6 address for AAAA records: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/220 Viktor Gurov
06:08 AM Bug #11816 (Resolved): RFC 2136 Dynamic DNS client uses IPv6 alias VIP instead of Track IPv6 address for AAAA records: https://forum.netgate.com/topic/163023/ddns-rfc-2136-client-uses-ula-instead-of-gua-for-aaaa:
"I have an Interface w... Viktor Gurov
09:39 AM Bug #11793 (Pull Request Review): OpenVPN client starts when CARP VIP is in BACKUP status when bound to Virtual IP aliased to CARP VIP: Jim Pingle
04:47 AM Bug #11793: OpenVPN client starts when CARP VIP is in BACKUP status when bound to Virtual IP aliased to CARP VIP: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/219 Viktor Gurov
09:38 AM Bug #11792 (Pull Request Review): Cannot disable IPsec P1 when related P2s are in VTI mode and enabled: Jim Pingle
02:34 AM Bug #11792: Cannot disable IPsec P1 when related P2s are in VTI mode and enabled: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/218 Viktor Gurov
08:45 AM Bug #11818: Mixed use of aliases in a port range produces unloadable ruleset: I see PHP error when trying to reproduce the same fw rules (pfSense 2.6.0.a.20210416.0100):... Viktor Gurov
07:34 AM Bug #11818 (Resolved): Mixed use of aliases in a port range produces unloadable ruleset: Using a combination of port numbers or system aliases and user ports aliases in a port forward port range creates a r... Steve Wheeler
08:27 AM pfSense Packages Bug #11817: Enabling Firewall / pfBlockerNG / DNSBL / IPv6 DNSBL blocks radvd from starting: OK, I nuked my pfBLockerNG-devel config as other things were breaking. Please mark this as INVALID as I try again to... Loh Phat
07:31 AM pfSense Packages Bug #11817 (Closed): Enabling Firewall / pfBlockerNG / DNSBL / IPv6 DNSBL blocks radvd from starting: Enabling this checkbox adds a line into the radvd.conf file which causes it to choke on startup thus causing IPv6 tra... Loh Phat
08:26 AM Bug #11815: NoIP.com Dynamic DNS update failure is not detected properly: Could be related to #6638 Viktor Gurov
02:07 AM Bug #11815 (Closed): NoIP.com Dynamic DNS update failure is not detected properly: DynDNS does not update IP address on service NoIP.com (paid), even though the address has changed, in 2.5.0 CE and 2.... I Ivanov
07:34 AM Feature #11809 (Rejected): Provide the option of logging in CEF (Common Event Format) in addition to Syslog: Not viable for the built-in syslogd, what can be done is already possible in syslog-ng. Jim Pingle
02:38 AM Feature #11809: Provide the option of logging in CEF (Common Event Format) in addition to Syslog: The Syslog-NG package already supports this:
https://www.syslog-ng.com/technical-documents/doc/syslog-ng-open-source... Viktor Gurov
07:27 AM pfSense Plus Bug #11814 (Not a Bug): Unexpected pf round-robin for rdr: That's expected behavior. It isn't round-robin. They are separate rules which catch inbound traffic on the other inte... Jim Pingle
07:25 AM Bug #11813 (Duplicate): Active OpenVPN client disables Port Forwarding: It is the same as #11805 Jim Pingle
04:51 AM Bug #8831: Radvd causes latency spikes: Ronald Schellberg wrote:
> try my fix
yep make sense, radvd breaking since 2.6 upgrade lined up with a config cha... Daniel Cameron
04:33 AM pfSense Plus Regression #11436: State matching problem with reponses to packets arriving on non-default WANs: Don't know what details exactly you like, will provide that I can publicly, but if you need more details (e.g. status... DRago_Angel [InV@DER]

04/18/2021

11:22 PM Bug #8831: Radvd causes latency spikes: > Apr 19 12:33:01 radvd 71791 can't join ipv6-allrouters on em0.100
> Apr 19 12:33:01 radvd 71791 resuming normal op... Ronald Schellberg
10:07 PM Bug #8831: Radvd causes latency spikes: Daniel Cameron wrote:
> Daniel Cameron wrote:
> No more lag spikes, no more radvd CPU spikes.
A bit over an hour... Daniel Cameron
08:22 PM Bug #8831: Radvd causes latency spikes: Daniel Cameron wrote:
> Attempted to update to radvd 2.19_1 but that just results in the following log spam:
Look... Daniel Cameron
05:55 AM Bug #8831: Radvd causes latency spikes: Running radvd manually with -d5 with a ping running at the same time, it appears the latency spikes line up with the ... Daniel Cameron
07:47 PM Regression #11316: Unbound crashes with signal 11 when reloading: Is there any hope for a fix? It's been quite a while and I don't see any progress.
I'm happy to try to help, but not... Mike Farmwald
06:19 PM pfSense Plus Bug #11814: Unexpected pf round-robin for rdr: Ok, after playing with a spare box for a few hours I see now that round-robin for the extra interfaces are due to hav... Craig Leres
11:38 AM pfSense Plus Bug #11814 (Not a Bug): Unexpected pf round-robin for rdr: What causes the generation of multiple round-robin rdr rules, one for each interface when I have a straight forward f... Craig Leres
11:15 AM Feature #628: Ability to specify listen IP address of management services (SSH, web interface): This has bothered me since I started using pfSense. Every instance of people asking about this was ignored or discour... Robert Hardy

04/17/2021

11:44 PM Bug #11813 (Duplicate): Active OpenVPN client disables Port Forwarding: Update to 2.5.1 killed self-hosted web services accesablity. Configuration worked on 2.5.0. All traffic/IPs route thr... Allen Sampsell
11:11 PM Bug #8831: Radvd causes latency spikes: Flole Systems wrote:
> Could you please provide information on what NIC you are using? To me it seems like an issue ... Jonathan Black
04:36 AM Bug #8831: Radvd causes latency spikes: Flole Systems wrote:
> Could you please provide information on what NIC you are using? To me it seems like an issue ... Daniel Cameron
10:00 PM pfSense Docs Todo #11812 (Closed): Feedback on pfSense Configuration Recipes — Configuring IPv6 Through A Tunnel Broker Service: *Page:* https://docs.netgate.com/pfsense/en/latest/recipes/ipv6-tunnel-broker.html
*Feedback:*
I set this up toni... Steve Y
09:34 PM pfSense Plus Bug #11630 (Closed): WireGuard MultiWAN Not Failing Back to Tier 1: Anonymous
09:30 PM pfSense Plus Bug #11673: Thermal Sensors Non-functional on SG-3100: This is still present on the SG-3100 for the 21.02.2 release. Kris Phillips
03:52 PM Feature #11406: GUI option to set MTU for L2TP VPN server: There is no option to change MTU in L2TP VPN server Alhusein Zawi
01:36 PM Bug #11786: SSH incomplete setup and startup fail while recovering XML backup in a fresh install of pfSense 2.5.0: I confirm this happened to me with a fresh install of pfsense 2.5.1 Many thanks for the workaround!
The xml backup f... Michele Zamboni
12:00 PM Regression #11805: Port forward rules only function through the default gateway interface, ``reply-to`` does not work for Multi-WAN (CE Only): I would just like to add that on a multi gateway firewall (typically, in my case, wan and mpls) there is a loss of th... Luca De Andreis
09:18 AM Regression #11805: Port forward rules only function through the default gateway interface, ``reply-to`` does not work for Multi-WAN (CE Only): We have more than enough confirmation that it's a problem at this point, please refrain from commenting to that effec... Jim Pingle
09:16 AM Bug #11810 (Duplicate): Multi wan routing not working 2.5.1: Duplicate of #11805 Jim Pingle
02:54 AM Bug #11810 (Duplicate): Multi wan routing not working 2.5.1: I have multiple WAN interfaces running in parallel, each with a number of static IP addresses.
WAN0 and WAN1. WAN... Guy Plunkett
09:10 AM pfSense Docs Correction #11811 (Rejected): Feedback on Releases — 21.02.2/2.5.1 New Features and Changes: This is not a documentation issue.
See #11805 Jim Pingle
04:38 AM pfSense Docs Correction #11811 (Rejected): Feedback on Releases — 21.02.2/2.5.1 New Features and Changes: *Page:* https://docs.netgate.com/pfsense/en/latest/releases/21-02-2_2-5-1.html
*Feedback:*
Hello
This version ... reza karimi
08:37 AM Feature #11521 (Resolved): Set Explicit Exit Notify to ``1`` by default for new OpenVPN client instances: Tested and it looks good. The --explicit-exit-notify option is added to the client config on UDP. It is not added on ... Max Leighton

04/16/2021

08:38 PM Feature #11809 (Rejected): Provide the option of logging in CEF (Common Event Format) in addition to Syslog: When sending to remote log sources, especially those that are used as logging solutions such as logstash, Graylog, Sp... Justin Andrusk
08:09 PM Revision 4e885411: Emable build of wireguard-tools and wireguard-kmod: Renato Botelho
06:09 PM Regression #11512: DHCP Leases page and ARP table page fail to load if DNS is not available: Parallel discussion thread, including steps to reproduce.
https://forum.netgate.com/topic/161424/dhcp-lease-screen-n... Karl Fife
03:42 PM pfSense Plus Bug #11807 (Rejected): HA setup restarts all OpenVPN instances on the secondary after making any change on the primary: This patch was applied to both pfSense Plus and CE. If you believe there is a regression or the issue is not fully fi... Marcos M
03:18 PM Bug #11808 (Feedback): Ignore WireGuard configurations under ``<installedpackages></installedpackages>``: pfSense-upgrade 0.98 should be good Renato Botelho
01:44 PM Bug #11808 (In Progress): Ignore WireGuard configurations under ``<installedpackages></installedpackages>``: Renato Botelho
01:48 PM Regression #11524: Using SHA1 or SHA256 with AES-NI may fail if AES-NI attempts to accelerate hashing: This hit me after migrating a pfSense CE firewall for a customer. The Atom C3000 series CPU in the new firewall has S... Jan de Groot
01:42 PM Bug #11789 (Rejected): Restore Nat Outbound Config Issue: Can't reproduce as stated.
I can backup a NAT section, wipe out the rules in the GUI, then restore, and they are a... Jim Pingle
01:11 PM Feature #7092: Kernel modules for alternate congestion control algorithms: Before version 2.5.0, I could use these modules, which I make from source code. But since version 2.5.0, this no long... Yuran Yastreb
12:45 PM Revision 0f03681f: List /etc/inc/web as obsolete, no longer all the files therein: Steve Beaver
12:36 PM Revision b73947ee: Moved web include files from /etc/inc/web to /usr/local/pfSense/include/www: Steve Beaver
10:37 AM pfSense Packages Bug #11392 (Closed): FRR - Advanced Routing Behavior - Network Import Check: Flag should be reversed: Jim Pingle
10:34 AM Bug #11587: WireGuard interfaces do not have data on traffic graphs: !screen7.PNG!
Boom Christian McDonald
10:18 AM pfSense Plus Regression #11436: State matching problem with reponses to packets arriving on non-default WANs: DRago_Angel [InV@DER] wrote:
> Updated to 21.02.2-RELEASE and NPt still not works on non-primary WAN so issue resolv... Kristof Provost
04:18 AM pfSense Plus Regression #11436: State matching problem with reponses to packets arriving on non-default WANs: Updated to 21.02.2-RELEASE and NPt still not works on non-primary WAN so issue resolved not fully. DRago_Angel [InV@DER]
09:54 AM Bug #11091: Interfaces set as disabled in the configuration have an UP status in the operating system at boot: Confirmed; this breaks sub-interfaces on anything that is assigned but disabled by removing the parent entirely. Steve Wheeler
09:32 AM Bug #11453: ``wpa_supplicant`` uses 100% of a CPU core at boot: MILO MEDIN wrote:
> I am having the same problem - 2.5.0 and 2.5.1 both have 100% CPU load on one core. I have 4 co... Matt Johnson
09:05 AM pfSense Packages Bug #6235: Snort sometimes crashes during rule update process (specifically related to VRT .so rule update?): Thank you for the suggested patch, but I think the rules update logic is going to need additional changes due to the ... Bill Meeks
03:06 AM pfSense Packages Bug #6235: Snort sometimes crashes during rule update process (specifically related to VRT .so rule update?): This issue still is still there. It happened last night to 2 of our PFSense boxes. Snort crashes due to the update pr... Sander Peterse

04/15/2021

09:49 PM pfSense Packages Bug #11392: FRR - Advanced Routing Behavior - Network Import Check: Flag should be reversed: fixed.
"bgp network import-check" is shown up in configuration by default.
router bgp 61000
no bgp network i... Alhusein Zawi
07:36 PM Bug #11453: ``wpa_supplicant`` uses 100% of a CPU core at boot: I am having the same problem - 2.5.0 and 2.5.1 both have 100% CPU load on one core. I have 4 cores assigned to the p... MILO MEDIN
12:49 PM Bug #11808 (Resolved): Ignore WireGuard configurations under ``<installedpackages></installedpackages>``: WireGuard related configurations should be ignored if found under <installedpackages></installedpackages> Christian McDonald
12:38 PM Bug #11778: OpenVPN uses 100% CPU after experiencing packet loss: Did a Router rebuild this morning requiring a complete re-install (2.5.1) and restored configuration from backup, the... Jason NA
11:59 AM Regression #11805: Port forward rules only function through the default gateway interface, ``reply-to`` does not work for Multi-WAN (CE Only): @Kristof, will there be a point release to fix this, or can a patch be applied to 2.5.1?
I guess a point release w... Rajil Saraswat
11:56 AM Regression #11805: Port forward rules only function through the default gateway interface, ``reply-to`` does not work for Multi-WAN (CE Only): Patrick Clara: I cannot tell from that post if this is the same problem or not. It could plausibly be.
2.6.0 work... Kristof Provost
10:37 AM pfSense Plus Bug #11807 (Rejected): HA setup restarts all OpenVPN instances on the secondary after making any change on the primary: This Plus project does not contemplate the issue reported in:
https://redmine.pfsense.org/issues/11082
We simpl... Edgar Escoboza
07:52 AM Regression #11570: Gateway monitoring services is not always restarted on interface events, which may prevent a WAN from recovering back to an online state: I can reproduce exactly the same behavior. If I loose connectivity to the ISP or disconect the coaxil cable from my m... Fred Latke
07:44 AM Feature #9092: Option to set interval of forced Dynamic DNS updates: That PR may set it for that one provider, but it's not a general solution. Jim Pingle

04/14/2021

03:58 PM Feature #9092: Option to set interval of forced Dynamic DNS updates: Fix / feature implementation: https://github.com/pfsense/pfsense/pull/4514 Jaakko Kantojärvi
03:49 PM pfSense Docs Todo #11788 (Duplicate): Feedback on pfSense Configuration Recipes — Dynamic Routing Protocol Basics: Duplicate of #11645 Jim Pingle
03:46 PM pfSense Docs Todo #11645 (Closed): Feedback on pfSense Configuration Recipes — Dynamic Routing Protocol Basics: Done. See #11796. Jim Pingle
03:39 PM pfSense Docs New Content #11796 (Feedback): Document the FRR Package: And now the rest of it is done.
https://gitlab.netgate.com/docs/pfSense-docs/-/commit/9cd9d2fb1a679d924a856732b14b... Jim Pingle
03:04 PM pfSense Docs New Content #11796: Document the FRR Package: The main FRR docs are now reasonably complete.
https://gitlab.netgate.com/docs/pfSense-docs/-/commit/da7d44be153db... Jim Pingle
03:32 PM Regression #11805: Port forward rules only function through the default gateway interface, ``reply-to`` does not work for Multi-WAN (CE Only): I'm confident I have a fix ready. It's being reviewed & validated internally. Kristof Provost
08:37 AM Regression #11805: Port forward rules only function through the default gateway interface, ``reply-to`` does not work for Multi-WAN (CE Only): Correction, I was testing it wrong, I can reproduce. I'd again forgotten to ensure my requests came from outside the ... Kristof Provost
08:16 AM Regression #11805: Port forward rules only function through the default gateway interface, ``reply-to`` does not work for Multi-WAN (CE Only): I can't seem to reproduce this on my system, running 'pfSense 2.5.1-RELEASE (amd64) on pfSense'. Can you share your r... Kristof Provost
07:35 AM Regression #11805 (Resolved): Port forward rules only function through the default gateway interface, ``reply-to`` does not work for Multi-WAN (CE Only): Port forwards coming into the firewall from a non-default WAN are not working properly on CE version 2.5.1. This is s... Jim Pingle
01:49 PM Feature #8794: NTP authentication support: Folks, I made a patch to the function _system_ntp_configure()_ in the file _/etc/inc/system.inc_ to get this working.... LamaZ .
12:00 PM Regression #11806 (Closed): IPv4 link-local (``169.254.x.x``) gateway does not function: On 2.5.1, there is a regression caused by the change in #11713 which ends up treating IPv4 link local addresses like ... Jim Pingle
11:46 AM pfSense Docs Correction #11804 (Closed): QAT support on XG-1541 BASE Secure Router with TNSR Software: This has been fixed. Jim Pingle
03:53 AM pfSense Docs Correction #11804 (Closed): QAT support on XG-1541 BASE Secure Router with TNSR Software: https://shop.netgate.com/products/1541-base-tnsr
The link above mentions QAT (Integrated Intel® QuickAssist Techno... Danilo Zrenjanin
09:38 AM Bug #11453: ``wpa_supplicant`` uses 100% of a CPU core at boot: Still seems to be an issue on 2.5.1 release, if there is any extended logging or debug mode required to help troubles... Matt Johnson
07:36 AM pfSense Plus Regression #11436: State matching problem with reponses to packets arriving on non-default WANs: Some reports that this is happening on CE now, but not Plus. See #11805
Keeping this one closed since it was speci... Jim Pingle

04/13/2021

01:19 PM Bug #11803 (Rejected): Network unavailability and crash report: This site is not for support or diagnostic discussion.
For assistance in solving problems, please post on the "Net... Jim Pingle
01:15 PM Bug #11803 (Rejected): Network unavailability and crash report: In an unpredictable way I'm loosing connectivity to the network routed bym pfSense. After a while network is back and... Maciej Czech
11:32 AM Revision a16e742c: Change stable version to 2.5.1: Renato Botelho
11:04 AM Revision 1af3f59b: Change stable version to 2.5.1: Renato Botelho
11:01 AM Revision 50d50d32: Change stable version to 2.5.1: Renato Botelho
10:52 AM Bug #11713 (Closed): Error when deleting IPv6 link-local routes: Jim Pingle
10:52 AM Bug #11674 (Closed): OpenVPN binds to all interfaces when configured on a 6RD interface: Jim Pingle
10:52 AM Bug #11644 (Closed): Unreachable LDAP server for SSH auth causes boot process to stop at 'Synchronizing user settings' and no user can login over SSH: Jim Pingle
10:52 AM Bug #11643 (Closed): IPsec tunnel does not function when configured on a 6RD interface: Jim Pingle
10:52 AM Bug #11638 (Closed): PHP error in logs from XMLRPC if no sections are selected to sync: Jim Pingle
10:52 AM Regression #11633 (Closed): DHCP6 interfaces are reconfigured multiple times at boot when more than one interface is set to Track: Jim Pingle
10:52 AM Bug #11617 (Closed): Unexpected Operator error on console at boot with ZFS and RAM Disks: Jim Pingle
10:52 AM Regression #11594 (Closed): IPv6 routes with a prefix length of 128 result in an invalid route table entry: Jim Pingle
10:52 AM Bug #11578 (Closed): Error when removing automatic DNS server route: Jim Pingle
10:52 AM Regression #11565 (Closed): Saved state timeout values not loaded into GUI fields on system_advanced_firewall.php: Jim Pingle
10:52 AM Regression #11561 (Closed): ACLs generated from RADIUS reply attributes do not parse ``{clientip}`` macro: Jim Pingle
10:52 AM Bug #11559 (Closed): OpenVPN does not start with a long list of Data Encryption Algorithms: Jim Pingle
10:52 AM Regression #11555 (Closed): IPsec peer ID of "Any" does not generate a proper remote definition or related secrets: Jim Pingle
10:51 AM Bug #11554 (Closed): Selected Data Encryption Algorithms list items reset when an input validation error occurs: Jim Pingle
10:51 AM Bug #11547 (Closed): DNS Resolver does not bind to an interface when it recovers from a down state: Jim Pingle
10:51 AM Regression #11537 (Closed): IPsec VTI tunnel between IPv6 peers may not configure correctly: Jim Pingle
10:51 AM Regression #11526 (Closed): Mobile IPsec broken when using strict certificate revocation list checking: Jim Pingle
10:51 AM Regression #11519 (Closed): Incorrect DHCP failover IP address configured on peer after XMLRPC sync: Jim Pingle
10:51 AM Bug #11514 (Closed): Renewing a self-signed CA or certificate does not update the serial number: Jim Pingle
10:51 AM Bug #11488 (Closed): IPsec tunnel definitions have ``pools =`` entry in ``swanctl.conf`` with no value: Jim Pingle
10:51 AM Regression #11487 (Closed): IPsec tunnels using expanded IKE connection numbers do not have proper child SA names in ``swanctl.conf``: Jim Pingle
10:51 AM Regression #11486 (Closed): Connect and disconnect buttons on the IPsec status page do not work for all tunnels: Jim Pingle
10:51 AM Bug #11476 (Closed): Telegram and Pushover notification API calls do not respect proxy configuration: Jim Pingle
10:51 AM Regression #11475 (Closed): Route tables with many entries can lead to PHP errors and timeouts when looking up routes: Jim Pingle
10:51 AM Bug #11448 (Closed): Incorrect order of ``route-nopull`` option in OpenVPN client-specific override configuration: Jim Pingle
10:51 AM Bug #11446 (Closed): Mobile IPsec DNS server input validation does not reject unsupported IPv4-mapped IPv6 addresses: Jim Pingle
10:51 AM Regression #11435 (Closed): IPsec status incorrect for entries using expanded IKE connection numbers: Jim Pingle
10:51 AM Bug #11409 (Closed): IPv4 MSS value is incorrectly applied to IPv6 packets: Jim Pingle
10:51 AM Bug #11383 (Closed): pfSense Proxy Authentication not working: Jim Pingle
10:51 AM Bug #11104 (Closed): OpenVPN does not start with several authentication sources selected: Jim Pingle
10:51 AM Bug #4521 (Closed): OpenVPN authentication and certificate validation fail due to size of data passed through ``fcgicli``: Jim Pingle
10:26 AM Bug #11639 (Closed): Entries from rotated log files may be displayed out of order when log display includes contents from multiple files: Fixed. Jim Pingle
10:25 AM Bug #11706 (Closed): Renewing a certificate without a ``type`` value assumes a server certificate: Tested again and this is working fine for me here. Can reopen or make a new issue if additional problem scenarios are... Jim Pingle
10:06 AM Regression #11500 (Closed): OpenVPN using the wrong OpenSSL command to list digest algorithms: Fixed. Jim Pingle
10:04 AM Regression #11760 (Closed): PHP error on package install: Fixed. Jim Pingle
09:06 AM Regression #11316: Unbound crashes with signal 11 when reloading: I'm experiencing this issue as well.
It seems to be preceded by unbound going 100% cpu for several minutes, during... Andrew Counterman
08:02 AM Bug #11616 (Closed): Potential stored XSS vulnerability in services_wol.php: Fixed and confirmed fixed multiple times. Jim Pingle
04:10 AM pfSense Packages Bug #11575: OpenVPN clients cannot pass traffic when reconnecting using the same source port: I can confirm that after upgrading our Netgate XG-7100 from 2.4.5p1 to 21.02.1 this issue began.
Neither the OpenV... Jason B

04/12/2021

08:54 PM Bug #11800: ipv6 DHCP can't push gataway address to LAN: Jim Pingle wrote:
> There aren't nearly enough details here for a proper bug report. Keep it on the forum until you ... yon Liu
07:19 AM Bug #11800 (Rejected): ipv6 DHCP can't push gataway address to LAN: There aren't nearly enough details here for a proper bug report. Keep it on the forum until you have more details tha... Jim Pingle
05:48 AM Bug #11800 (Rejected): ipv6 DHCP can't push gataway address to LAN: LAN's any devices has no get ipv6 network gateway.
Reported
https://forum.netgate.com/topic/162834/ipv6-dhcp-not-... yon Liu
08:39 PM pfSense Packages Bug #10436: softflowd no longer sends flow data after upgrade (v0.9.9_1 -> v1.0.0): Same issue for me also. No flows being exported from the firewall as reported by capture on the firewall. Any ideas o... Nigel Smith
12:15 PM pfSense Packages Bug #11802 (New): FreeRADIUS sync: freeradius3 0.15.7_30 seems to have changed the XMLRPC Sync behavior in a recent update. This leads to the issue that... Michael Schefczyk
11:19 AM Revision 39da595a: Welcome pfSense 2.5.1-RELEASE: Renato Botelho
07:42 AM Bug #11801 (Closed): PHP error in ``upgrade_212_to_213()`` when upgrading certain IPsec tunnels: Certain IPsec tunnel configurations fail to upgrade cleanly with the following error:... Jim Pingle
07:24 AM Regression #11787 (Pull Request Review): Thermal sensors widget no longer shows values from certain hardware: Looks like a couple others are also missing from the output, not just Chelsio. See my notes on the PR. Jim Pingle
07:15 AM Bug #11799 (Duplicate): date sorting on system logs does alphabetical sort not numeric sort: Duplicate of #11639 Jim Pingle
04:55 AM Bug #11799 (Duplicate): date sorting on system logs does alphabetical sort not numeric sort: On the page Status System Logs System General, if you sort by date, the sorting is done by alphabetic order not numer... Robin Wood
06:49 AM pfSense Packages Bug #11491: haproxy-devel v0.62_2 - startup error 'httpchk': More over now HAproxy 2.0 support alpn h2 on backend and from 2.2 it supported on http-check. Also default server par... DRago_Angel [InV@DER]

04/11/2021

05:48 PM Bug #8831: Radvd causes latency spikes: Could you please provide information on what NIC you are using? To me it seems like an issue with a certain kind of N... Flole Systems
05:21 PM Bug #8831: Radvd causes latency spikes: I'm having an issue with this on 2.5.0-Release . I'm not using LACP, but I do have multiple LANs on VLANs. Jonathan Black
09:56 AM Bug #11256: Cannot add alias with multiple URLs: I just upgraded to 21.02_1 and it does not work. I thought 21.02_1 would be the same as 2.5.0. Is it not?
*EDIT:* ... Andreas Lindhé
05:17 AM pfSense Packages Feature #11798 (Duplicate): HA Sync for FRR config: I'm using two pfSense firewalls in a cluster with CARP.
On both FRR is configured but there is no sync option from ... Robert Sailer

04/10/2021

06:27 PM pfSense Packages Bug #11797 (Confirmed): Traffic Totals lost upon reboot when using a ramdisk for /var and /tmp: When using a ramdisk for /var and /tmp, RRD Data and log files are saved from the ramdisk to disk on a regular basis ... John Cornwell
10:17 AM Regression #11787: Thermal sensors widget no longer shows values from certain hardware: This should add that: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/217 Steve Wheeler
09:21 AM pfSense Packages Bug #11637: Preprocs - possible to create two defaults: Tested in 2.6.0, and the original behavior is fixed. The GUI still has a slight issue:
When creating a new server ... Max Leighton
08:51 AM Regression #11442 (Resolved): Distinguished Name (FQDN) IPsec peer identifier type is not formatted properly in ``swanctl.conf`` secrets: Tested and it looks good. This can be resolved. Max Leighton
04:36 AM Bug #3849: Compex WLE200NX wireless card stops responding: I have a similar issue with an "APU3 C2" board since upgrading pfSense from v2.4.5p1 (FreeBSD 11.3-STABLE) to v2.5.0 ... Guillaume J

04/09/2021

08:24 PM pfSense Packages Bug #11753: Enabling DNS over HTTPS/TLS Blocking in pfBlockerNG Causes Crash: Resolved in pfBlockerNG v3.0.0_16 BBcan177 .
02:51 PM pfSense Docs New Content #11796: Document the FRR Package: A good chunk of the documentation is up now, but it is still very much a work in progress:
https://gitlab.netgate.... Jim Pingle
02:29 PM pfSense Docs New Content #11796 (In Progress): Document the FRR Package: Jim Pingle
02:29 PM pfSense Docs New Content #11796 (Resolved): Document the FRR Package: Add documentation for the FRR Package.
Adapt any existing Quagga and OpenBGPd documents to use FRR instead.
Jim Pingle
10:10 AM Regression #11795 (Resolved): Applying IPsec settings for more than ~30 tunnels times out PHP: When attempting to apply IPsec changes on a system with more than around 30 tunnels, the apply process causes a timeo... Jim Pingle
10:03 AM Regression #11794 (Closed): IPsec VTI interface names are not properly formed for more than 32 interfaces: IPsec VTI interfaces names are not properly formed for more than 32 interfaces. For example a tunnel with a reqid of ... Jim Pingle
09:32 AM Regression #11524: Using SHA1 or SHA256 with AES-NI may fail if AES-NI attempts to accelerate hashing: Updating subject.
Note that this problem only affects CPUs which report the ability to accelerate SHA1 and SHA256.... Jim Pingle
08:55 AM Bug #11793 (Closed): OpenVPN client starts when CARP VIP is in BACKUP status when bound to Virtual IP aliased to CARP VIP: If an OpenVPN client is bound to a _virtual IP_ which is an _IP Alias_ for a _CARP IP_, the OpenVPN client (e.g. ovpn... monotype tattoo
07:48 AM Regression #11785: OpenSSL "Operation not supported" error with cryptodev in certain cases: Exclude from release notes since it regressed after the previous release. Jim Pingle
07:28 AM Regression #11316: Unbound crashes with signal 11 when reloading: There is a "new commit on Unbound which may help":https://github.com/NLnetLabs/unbound/commit/7396eff7af10eb85bee277a... Jim Pingle
07:24 AM pfSense Packages Bug #11392: FRR - Advanced Routing Behavior - Network Import Check: Flag should be reversed: That's what I fixed yesterday but there isn't a new package yet. Wait for pfSense-pkg-frr version 1.1.0_10. Jim Pingle
04:46 AM Bug #10955 (Pull Request Review): XMLRPC sync results in an error when a failover peer IP address is specified in DHCP server settings for an unconfigured interface: According to https://github.com/pfsense/pfsense/pull/4479/commits/64431f257bb831a8aa121c356bbef3ab28d0ddc1 function *... Azamat Khakimyanov

04/08/2021

11:44 PM pfSense Packages Bug #11392: FRR - Advanced Routing Behavior - Network Import Check: Flag should be reversed: "bgp network import-check" will not be shown up in configuration if I did not enable it once.
if I enabled it it w... Alhusein Zawi
11:18 AM pfSense Packages Bug #11392 (Feedback): FRR - Advanced Routing Behavior - Network Import Check: Flag should be reversed: Fixed committed and merged everywhere it is relevant. Jim Pingle
09:44 AM pfSense Packages Bug #11392 (In Progress): FRR - Advanced Routing Behavior - Network Import Check: Flag should be reversed: This doesn't add the option when there is no @frrbgpadvanced@ config present, and it should since we want it to be th... Jim Pingle
09:07 PM Revision 53b87a4c: VTI: Fix interface number limit: Code introduced by commit 3b85b43bb4b tried to keep the old way used to
decided VTI interface number using reqid and ... Renato Botelho
05:49 PM pfSense Plus Regression #11436: State matching problem with reponses to packets arriving on non-default WANs: Working fine for me now after update to 21.02.2.r.20210406.1302
Now once again able to connect to the network from t... Eduard Rozenberg
02:41 PM Bug #11782 (Closed): Sanitize status ouput for ACME AWS DynDNS key ID: Key itself is already sanitized through #10569
There should be no need to sanitize the ID. Marcos M
02:06 PM Bug #10190: can't disable Phase 1 when Phase 2 is VTI: This fixes the issue where a P1 can't be disabled if it has an inactive P2 in VTI mode.
An issue remains if the P2... Marcos M
02:05 PM Bug #11792 (Closed): Cannot disable IPsec P1 when related P2s are in VTI mode and enabled: Setup:
IPsec Phase 1 with one or more Phase 2 entries in VTI mode. No IPsec interfaces assigned.
Issue:
While bo... Marcos M
11:06 AM pfSense Packages Bug #11791 (Duplicate): comp-lzo in Client export is still used when Allow Compression set to "Refuse": Duplicate of #11745 Jim Pingle
10:09 AM pfSense Packages Bug #11791 (Duplicate): comp-lzo in Client export is still used when Allow Compression set to "Refuse": I noticed that the field "Compression" is still being used in client export even when "Refuse any non-stub compressio... chiel chiel
07:26 AM Regression #11747 (Resolved): Firewall rule schedule cannot be changed: Jim Pingle
07:21 AM pfSense Plus Bug #11466: PHP exits with signal 11 on SG-3100 when calling PCRE functions: Bill Meeks wrote:
> One of the issues identified in this ticket, the logging of "blank" interface names and the disp... Renato Botelho
07:20 AM pfSense Packages Bug #11637 (Feedback): Preprocs - possible to create two defaults: PR merged on 2.6.0 / 2.5.1. It will be cherry-picked to stable after tests Renato Botelho
03:55 AM Regression #11316: Unbound crashes with signal 11 when reloading: Can confirm the same happening on my system. Unbound crashed with an interval of one week and always at night. And it... S P

04/07/2021

11:13 PM Regression #11747: Firewall rule schedule cannot be changed: I was able to modify Schedules when it is applied to FW rule (added/deleted)
2.5.1-RC (amd64)
built on Tue Apr... Alhusein Zawi
03:31 PM Feature #11790: Support hiding interface groups via special tag: Clarification: This doesn't hide the group from being used or having rules configured on it, it just hides it from be... Christian McDonald
03:19 PM Feature #11790 (Rejected): Support hiding interface groups via special tag: PR: https://github.com/pfsense/pfsense/pull/4513
This will be useful for packages needing to create (protected) in... Christian McDonald
01:34 PM Feature #6362: Allow specifying the client identifier hardware type: In pfSense, just pre-pending... Carlo Tognetti
12:49 PM Revision 39d83c73: Show Unbound used certificate on the Certificate Manager page. Fixes #11678: Viktor Gurov
12:49 PM Revision 5cbb0a7f: Reload NAT config before testing: Steve Beaver
12:37 PM Revision 246a8832: Add cronjob only for limiters applied to firewall rules. Fixes #11636: Viktor Gurov
12:37 PM Revision 15f716d8: Note says that gateway or failover gatewaygroup are valid options #11164: Danilo Zrenjanin
12:34 PM Revision 1e1a9918: Disable RA mode in rc.initial.setlanip. Fixes #11609: Viktor Gurov
12:32 PM Revision 6bb8cdd4: OpenVPN Cisco AVPair {clientipv6} template. Implements #11596: Viktor Gurov
10:58 AM Regression #11785 (Resolved): OpenSSL "Operation not supported" error with cryptodev in certain cases: Fixed according feedbacks Renato Botelho
10:48 AM Regression #11785: OpenSSL "Operation not supported" error with cryptodev in certain cases: 2.5.1.r.20210406.1302 resolved the issues I was seeing as report above (#3). Thanks! Greg Shaffer
07:24 AM Regression #11785: OpenSSL "Operation not supported" error with cryptodev in certain cases: Latest snapshot is working fine here. Same VM before which could reproduce the OpenVPN and Unbound errors with crypto... Jim Pingle
08:53 AM Bug #11789 (Rejected): Restore Nat Outbound Config Issue: Hi all,
I'm reporting a bug about the Restore from config file of NAT Config.
The Outbound config is "Manual Outbou... Daniele Ciribifera
08:03 AM pfSense Plus Regression #11436 (Resolved): State matching problem with reponses to packets arriving on non-default WANs: Renato Botelho
05:10 AM pfSense Plus Regression #11436: State matching problem with reponses to packets arriving on non-default WANs: @Rick Strangman
> Updated by Renato Botelho 1 day ago
>...
>Fix was pushed to FreeBSD and cherry-picked to FreeBSD... Grzegorz Krzystek
05:07 AM pfSense Plus Regression #11436: State matching problem with reponses to packets arriving on non-default WANs: I can confirm the issue has been resolved. Explanation please. Rick Strangman
07:55 AM Bug #11678: Certificate Manager does not report Unbound as using a certificate: Applied in changeset commit:39d83c73ce8b1b5d99540ccfc6734b3ad4d23107. Viktor Gurov
07:49 AM Bug #11678 (Feedback): Certificate Manager does not report Unbound as using a certificate: PR has been merged. Thanks! Renato Botelho
07:45 AM Bug #11636: Unused Limiter entries with schedules create unnecessary cron jobs: Applied in changeset commit:246a8832c1928dc4cfcf40bd2bde4fbda0af191e. Viktor Gurov
07:40 AM Bug #11636 (Feedback): Unused Limiter entries with schedules create unnecessary cron jobs: PR has been merged. Thanks! Renato Botelho
07:45 AM Bug #11609: CLI interface configuration without IPv6 leaves RA enabled: Applied in changeset commit:1e1a9918cfd77626442b84bffdf32a7876a30e6f. Viktor Gurov
07:36 AM Bug #11609 (Feedback): CLI interface configuration without IPv6 leaves RA enabled: PR has been merged. Thanks! Renato Botelho
07:40 AM Feature #11596: Support for Cisco AVPair ``{clientipv6}`` template in firewall rules returns by RADIUS: Applied in changeset commit:6bb8cdd4d8b892bcb77163c02902d83c26cbe2f2. Viktor Gurov
07:34 AM Feature #11596 (Feedback): Support for Cisco AVPair ``{clientipv6}`` template in firewall rules returns by RADIUS: PR has been merged. Thanks! Renato Botelho
07:37 AM Bug #11778: OpenVPN uses 100% CPU after experiencing packet loss: According to my email VPN1_WAN/client1 was suffering packet loss at Apr 6, 2021, 10:11 PM, then not soon after VPN2_W... Jason NA
07:37 AM Feature #11164 (Feedback): Input validation to prevent setting a load balancing gateway group as default: PR has been merged. Thanks! Renato Botelho

04/06/2021

11:45 PM pfSense Packages Feature #11749: Option to disable NAT rule creation: I don't want to use the VIP Webservice in general, but the NAT rules are the biggest problem. I can't delete them and... Frank Gouton
05:30 PM pfSense Plus Regression #11436: State matching problem with reponses to packets arriving on non-default WANs: I tested it on RC update channel
currently running 21.02.2.r.20210406.1302
and port forward works as expected. on b... Grzegorz Krzystek
05:24 PM pfSense Plus Regression #11436: State matching problem with reponses to packets arriving on non-default WANs: So is this build different that what shows up in System->Updates? Rick Strangman
05:17 PM pfSense Plus Regression #11436: State matching problem with reponses to packets arriving on non-default WANs: to be more precise tested on build 21.02.2.r.20210405.1121
on booth wans port forward works now as expected.
Good... Grzegorz Krzystek
05:05 PM pfSense Plus Regression #11436: State matching problem with reponses to packets arriving on non-default WANs: Renato Botelho wrote:
> Fix was pushed to FreeBSD and cherry-picked to FreeBSD-src on commit 4fd4e2b70189
works o... Grzegorz Krzystek
03:57 PM pfSense Docs Todo #11788 (Duplicate): Feedback on pfSense Configuration Recipes — Dynamic Routing Protocol Basics: *Page:* https://docs.netgate.com/pfsense/en/latest/recipes/dynamic-routing-basics.html
*Feedback:*
https://docs.n... Paighton Bisconer
03:36 PM Revision 2dacd7fe: Accommodate 'after' property when creating a NAT rule: Steve Beaver
01:06 PM Regression #11787 (Closed): Thermal sensors widget no longer shows values from certain hardware: The changes made for this bug: https://redmine.pfsense.org/issues/10963 excluded the Chelsio sysctl temperature value... Steve Wheeler
12:47 PM Regression #11785 (Feedback): OpenSSL "Operation not supported" error with cryptodev in certain cases: Luiz reverted changes that introduced this issue on both devel and RC branches Renato Botelho
12:45 PM Regression #11785: OpenSSL "Operation not supported" error with cryptodev in certain cases: I couldn't reproduce that one before but it's entirely possible I didn't test it on this particular setting. It doesn... Jim Pingle
12:28 PM Regression #11785: OpenSSL "Operation not supported" error with cryptodev in certain cases: This effects more than just OpenVPN. With cryptographic device set to both AES-NI and Crypto Dev I was seeing errors... Greg Shaffer
10:06 AM Regression #11785: OpenSSL "Operation not supported" error with cryptodev in certain cases: It appears to be tied to cryptodev and not AES-NI. I can have aesni.ko loaded and it works OK, but fails when loading... Jim Pingle
09:19 AM Regression #11785 (Resolved): OpenSSL "Operation not supported" error with cryptodev in certain cases: It's not clear what specifically is triggering this, but with AES-NI+cryptodev loaded, I have a VM which is failing t... Jim Pingle
12:46 PM Bug #11774 (Duplicate): unbound control shows SSL error: Looks like this is a duplicate of #11785 (which has better info, even though it came after) Jim Pingle
11:49 AM Bug #11786 (New): SSH incomplete setup and startup fail while recovering XML backup in a fresh install of pfSense 2.5.0: Recovering a XML exported with RDD data and extra package data (about 8,2MB of data) causes SSH service configuration... Bruno Andrade da Silva
11:41 AM Bug #11778: OpenVPN uses 100% CPU after experiencing packet loss: I changed verbosity on client1, waited a couple of minutes then changed the verbosity on client2 and when I hit save ... Jason NA
10:42 AM Bug #11778: OpenVPN uses 100% CPU after experiencing packet loss: > since the upgrade whenever one or both clients start experiencing packet loss they start using 100% CPU
A OpenVP... Pippin MMD
07:41 AM pfSense Packages Bug #11783 (Not a Bug): /usr/local/pkg/acme/acme_command.sh : Uncaught RuntimeException: Couldn't create directory: Looks like a settings issue, it's got an entry set to need a web root folder but the value is empty. Jim Pingle
06:44 AM Regression #11433: Gateways with "Use non-local gateway" set are not added to routing table: Hi Renato,
the only patch (pfSense-pkg-System_Patches: 1.2_5) shown in the UI does not correct the problem. It seems... Frank Soyer
01:53 AM pfSense Packages Feature #11784 (New): squidguard auto update blacklist option: Would be nice to have an auto update blacklist option with a drop down menu for none, daily, weekly, fortnightly or m... ageekhere ageekhere

04/05/2021

07:43 PM Bug #11774: unbound control shows SSL error: I'm seeing similar SSL type errors in 2.5.1.r.20210405.0300. When I run the command "/usr/local/www: /usr/local/sbin/... Greg Shaffer
06:05 PM Revision 1346823f: Fix #11781: Disable DNSSEC option for dnsmasq: Renato Botelho
05:51 PM Bug #11777: Input validation prevents DNS Resolver from being disabled: Jim Pingle wrote:
> This is kind of a tricky situation since someone may want to work on their DNS Resolver configur... Martin Thygesen
08:21 AM Bug #11777: Input validation prevents DNS Resolver from being disabled: This is kind of a tricky situation since someone may want to work on their DNS Resolver configuration while it's alre... Jim Pingle
05:44 PM pfSense Packages Bug #11783: /usr/local/pkg/acme/acme_command.sh : Uncaught RuntimeException: Couldn't create directory: user was admin during setup process so permissions to create a director should not have been an issue. Martin Thygesen
05:44 PM pfSense Packages Bug #11783 (Not a Bug): /usr/local/pkg/acme/acme_command.sh : Uncaught RuntimeException: Couldn't create directory: Tried to setup acme on new firewall instance using old Key & ID from previous installation
Failed to write directory... Martin Thygesen
04:26 PM Bug #11712: Interface can't be switched to an available network port igb3: This is not a support issue and I suspect is a generic case.
That's unfortunate you can't reproduce it. Yuri Weinstein
01:39 PM Bug #11782 (Closed): Sanitize status ouput for ACME AWS DynDNS key ID: Currently, the following is not sanitized when downloading the file from /status.php.
* dns_awsaws_access_key_id
... Marcos M
01:31 PM pfSense Plus Regression #11436 (Feedback): State matching problem with reponses to packets arriving on non-default WANs: Fix was pushed to FreeBSD and cherry-picked to FreeBSD-src on commit 4fd4e2b70189 Renato Botelho
01:10 PM Bug #11781 (Feedback): Disable DNSSEC option for dnsmasq: Applied in changeset commit:1346823fd42cea2f633cc16f6b106ea4e4ce2311. Renato Botelho
01:05 PM Bug #11781 (Closed): Disable DNSSEC option for dnsmasq: We never provided support for DNSSEC on dnsmasq and it brings unnecessary dependencies Renato Botelho
12:19 PM pfSense Packages Bug #11780 (Rejected): Suricata package fails to prune suricata.log: The suricata package does not prune suricata.log. As a result, suricata.log grows without bound eventually resulting ... Kushdeep Chabba
11:22 AM Revision c12f206d: Support services like AWS and validate returned IP: Johan van der Vyver
10:27 AM Bug #11778: OpenVPN uses 100% CPU after experiencing packet loss: When I updated to 2.5 I changed a few more things from these VPN guides <https://nguvu.org/pfsense/pfsense-baseline-s... Jason NA
08:32 AM Bug #11778: OpenVPN uses 100% CPU after experiencing packet loss: I'm not sure there is anything pfSense could do about that. If OpenVPN itself is using the CPU, it's likely a problem... Jim Pingle
09:54 AM Bug #11706: Renewing a certificate without a ``type`` value assumes a server certificate: Right, on 2.5.0 (or a 2.5.1 snapshot from before this fix), removing @<type>user</type>@ will result in a server cert... Jim Pingle
09:20 AM pfSense Packages Bug #11766 (Pull Request Review): Certificate no more pointed "in use" by haproxy: Jim Pingle
08:46 AM pfSense Docs Todo #11779 (Rejected): Feedback on Configuration — Advanced Configuration Options — Admin Access Tab: > - make sure that the SSH-server is only listening to explicitly defined IPV4 and/or IPV6 addresses
Not possible ... Jim Pingle
05:47 AM pfSense Docs Todo #11779 (Rejected): Feedback on Configuration — Advanced Configuration Options — Admin Access Tab: *Page:* https://docs.netgate.com/pfsense/en/latest/config/advanced-admin.html
*Feedback:*
When trying to access m... Louis B
08:25 AM Bug #11776: Overwrite /boot.config and /boot/loader.conf when you use a serial console pfsense installation.: I tried to make my own customizations in the boot/loader.conf.local, but doesn't work because it blocks when you have... André Cirne
07:50 AM Bug #11776 (Rejected): Overwrite /boot.config and /boot/loader.conf when you use a serial console pfsense installation.: That is normal and expected.
Use /boot/loader.conf.local for your own customizations. Jim Pingle
07:49 AM Bug #11773 (Rejected): Using SSL/TLS for outgoing DNS Queries in forwarding mode can cause DNS to hang following the restoration of WAN connectivity: Those would be issues in unbound itself -- we don't have that kind of control over Unbound code. What you should do i... Jim Pingle
06:17 AM Regression #11433: Gateways with "Use non-local gateway" set are not added to routing table: Frank Soyer wrote:
> Hi guys,
> I'm just facing this bug after an update to 2.5.0. Unfortunatly, gitlab.netgate.com... Renato Botelho
06:15 AM Bug #3709 (Resolved): Disabled static route entries trigger 'route delete' error at boot: Renato Botelho

04/04/2021

10:32 AM pfSense Packages Bug #11766: Certificate no more pointed "in use" by haproxy: fix:
https://github.com/pfsense/FreeBSD-ports/pull/1059 Viktor Gurov
02:45 AM Bug #11774 (Rejected): unbound control shows SSL error: Unable to reproduce this issue on 2.5.1.r.20210403.0300 and 2.6.0.a.20210403.0100:... Viktor Gurov
12:05 AM pfSense Plus Feature #10804 (Resolved): Interface Status page information for switch uplinks may be replaced by switch port data when media state monitoring is set: Viktor Gurov

Also available in: Atom

Project

General

Profile

pfSense

Activity

Activity

05/03/2021

05/02/2021

05/01/2021

04/30/2021

04/29/2021

04/28/2021

04/27/2021

04/26/2021

04/25/2021

04/24/2021

04/23/2021

04/22/2021

04/21/2021

04/20/2021

04/19/2021

04/18/2021

04/17/2021

04/16/2021

04/15/2021

04/14/2021

04/13/2021

04/12/2021

04/11/2021

04/10/2021

04/09/2021

04/08/2021

04/07/2021

04/06/2021

04/05/2021

04/04/2021