Project

General

Profile

Activity

From 06/05/2021 to 07/04/2021

07/04/2021

05:59 PM Bug #12106 (Duplicate): Multi WAN not functioning on CE 2.51
This is the same as #11805. It is fixed in 2.5.2, which will be out shortly. Jim Pingle
05:50 PM Bug #12106 (Duplicate): Multi WAN not functioning on CE 2.51
Similar to pfsense+ #11436 and CE #11805. Upgraded customer from 2.4.5p1 to CE 2.5.1. Network has 2 x WAN and 2 x LAN... Rick Strangman
02:32 PM Bug #12095: Memory leak in pcscd
Additional note:
Stopping the service while IPsec is in use leads to the following log spam:... Marcos M
01:26 PM Bug #12095: Memory leak in pcscd
Here are some stats on various 21.05 VMs:
* Uptime: 6d2h
* RAM: 1G
* pcscd usage: 326M
* 2 VTI IPsec tunnels
... Marcos M
02:31 PM Bug #12105: Packages are not automatically reinstalled when restoring configuration using the installer
Actually, the documentation mentions automatic package reinstallation only for the ECL method, and that is what works... Christian Ullrich
01:58 PM Bug #12105 (Resolved): Packages are not automatically reinstalled when restoring configuration using the installer
pfSense does not install the configured packages during the first boot after installation if the first documented met... Christian Ullrich
09:30 AM Feature #12104 (Needs Patch): Advertise Speed autonegotiation
Now don't have mechanism to select/modify array modes to advertise speed autonegotiation
eg to choise:
10 half dupl... Evgeny Korostelev
09:13 AM Feature #12103: L2TP VPN Clients show on dashboard
Ok, yes sorry.
Thank you Evgeny Korostelev
09:10 AM Feature #12103: L2TP VPN Clients show on dashboard
This is a duplicate of part of what the other issue would implement.
There is no way to get the status for L2TP ri... Jim Pingle
09:05 AM Feature #12103: L2TP VPN Clients show on dashboard
Jim Pingle wrote:
> Duplicate of #9633
It is not Duplicate...
pfSense have no widget for dashboard now Evgeny Korostelev
08:59 AM Feature #12103 (Duplicate): L2TP VPN Clients show on dashboard
Duplicate of #9633 Jim Pingle
08:26 AM Feature #12103: L2TP VPN Clients show on dashboard
i mean widget for dashboard Evgeny Korostelev
08:12 AM Feature #12103 (Duplicate): L2TP VPN Clients show on dashboard
Please make dashboard, which can show online L2TP clients online connect status Evgeny Korostelev

07/03/2021

03:52 PM Bug #12102 (Resolved): Prevent using OpenVPN "Exit Notify" option with point-to-point modes
When establishing an OpenVPN client/server site to site in 21.05, if the OpenVPN client (on another box) makes any ch... Kris Phillips
03:36 PM Bug #11863 (Resolved): Unable to create nested URL aliases
Danilo Zrenjanin
03:35 PM Bug #11863: Unable to create nested URL aliases
Tested on the:... Danilo Zrenjanin
03:20 PM Regression #12100: Recent 2.6.0 development installers don't actually install
Note that the latest pfSense 2.5.2RC installer works fine.
 Mike Farmwald
03:12 PM pfSense Packages Bug #12031 (Resolved): Wireguard Package Produces Crash in 2.5.2
Confirmed fixed in 2.5.2 latest builds on 0.1.3_1. Crash is no longer present. Kris Phillips
03:09 PM pfSense Plus Bug #12053: PRF Algorithm is Always Set to SHA256 on New Tunnel Creations
I've only been able to reproduce this after further testing on the one user's install. Not sure how this was trigger... Kris Phillips
01:50 PM Feature #11935: Log external IP address of OpenVPN clients on connect and disconnect
IP address is not added to openvpn log yet
Alhusein Zawi
12:12 PM pfSense Packages Bug #12054 (Resolved): "succesfully" misspelled
Tested with System Patches 1.2_6. I see the correct spelling now. Marking the ticket resolved. Max Leighton

07/02/2021

07:06 PM pfSense Packages Bug #12031: Wireguard Package Produces Crash in 2.5.2
Looks good here, will we get this cherry picked for 21.05? Christian McDonald
08:00 AM pfSense Packages Bug #12031 (Feedback): Wireguard Package Produces Crash in 2.5.2
I've bumped package version so it is reinstalled during upgrade process. It was needed because we changed FreeBSD-sr... Renato Botelho
06:42 PM pfSense Packages Bug #12101 (Assigned): ArpWatch Suppression Mac for "flip-flop" not suppressing
I have working notifications with ArpWatch on my pfsense running on an XG-7100.
I get notifications the way I shou... Shaun Gause
01:49 PM Todo #7689 (Closed): bsdinstall does not automatically copy config.xml from USB drive like the previous installer
Scott Long
11:44 AM Regression #12100 (Resolved): Recent 2.6.0 development installers don't actually install
I've tried most of the recent installers (e.g., https://snapshots.netgate.com/amd64/pfSense_master/installer/pfSense-... Mike Farmwald
08:15 AM Regression #12048 (Closed): Error during XMLRPC synchronization due to changes in ``pear-HTTP_Request2``
Looks good with that version.
On snapshot @2.6.0.a.20210701.0100@ with @php74-pear-HTTP_Request2-2.4.2_1,1@ and i... Jim Pingle
07:59 AM pfSense Packages Bug #12085 (Resolved): OpenVM Tools vmware-kmod service won't start in 2.5.2 RC on ESXi 6.0
Yeah, since we moved FreeBSD src to an earlier version to remove some pf changes that was causing issues, it rebuilt ... Renato Botelho
02:30 AM pfSense Docs New Content #12098 (New): Using a static route for Accessing a CPE/Modem from Inside the Firewall
*Page:* https://docs.netgate.com/pfsense/en/latest/recipes/modem-access.html
*Feedback:*
I found this article i... Chris Cooter

07/01/2021

08:01 PM pfSense Packages Bug #12085: OpenVM Tools vmware-kmod service won't start in 2.5.2 RC on ESXi 6.0
Now I can't reproduce this on 2.5.2.r.20210629.1350. The service starts/restarts without issues on upgraded systems s... Max Leighton
07:26 PM pfSense Packages Bug #12085: OpenVM Tools vmware-kmod service won't start in 2.5.2 RC on ESXi 6.0
Kris saw smiliar (if not the same) errors related to the WireGuard kernel module recently. Might check with Renato. Christian McDonald
01:39 PM Regression #11316: Unbound crashes with signal 11 when reloading
I take that back. no sooner do I say it's working then.. BANG..
No crash in the log but completely hung DNS and rest... Remo Wylliams
01:15 PM Regression #11316: Unbound crashes with signal 11 when reloading
No I'm not seeing any crashes on unbound. Didn't know about the DHCP leases.
Thanks again. Remo Wylliams
09:46 AM Regression #11316: Unbound crashes with signal 11 when reloading
Remo Wylliams wrote:
> I updated to CE 2.6.xx and the unbound failures seem to be fewer but still a problem.
Ar... Jim Pingle
09:31 AM Regression #11316: Unbound crashes with signal 11 when reloading
Jim Pingle wrote:
> There is no change since the last updates already covered above in previous comments:
>
> * U... Remo Wylliams
12:39 PM pfSense Packages Feature #12097: Add dnsbl and geoip logs to system log
FYI I have implemented it locally already. Sil Schouten
12:37 PM pfSense Packages Feature #12097 (New): Add dnsbl and geoip logs to system log
Functionality similar to how snort has a setting to enable syslog. Sil Schouten
12:19 PM Feature #12096 (Feedback): Refactor DNS forwarder (dnsmasq) for MVC
Updates complete and ready to be tested. Anonymous
10:21 AM Feature #12096 (Resolved): Refactor DNS forwarder (dnsmasq) for MVC
Move the get/apply/update/delete logic out of the display file and into an include file.
Support JSON data format
E... Anonymous
10:10 AM Bug #11734: NAT rule overlap detection is inconsistent
Applied in changeset commit:3736da7f0ffd73c0cd25b7118b3c4be2e1f0eab9. Marcos M
10:02 AM Bug #11734 (Feedback): NAT rule overlap detection is inconsistent
PR has been merged. Thanks! Renato Botelho
10:10 AM Feature #11957: XMLRPC synchronization for DHCP relay settings
Applied in changeset commit:30169caa4cf9c5fac1751e756cc8dab84eec0b29. Viktor Gurov
10:01 AM Feature #11957 (Feedback): XMLRPC synchronization for DHCP relay settings
PR has been merged. Thanks! Renato Botelho
10:10 AM Bug #12075: Changes to an existing IPsec configuration are not applied on HA secondary after XMLRPC sync
Applied in changeset commit:6ae26227e1ce622ff9bec0999bb829cec92373e8. Viktor Gurov
10:00 AM Bug #12075 (Feedback): Changes to an existing IPsec configuration are not applied on HA secondary after XMLRPC sync
PR has been merged. Thanks! Renato Botelho
10:00 AM Bug #12072: FQDN L2TP server address is only resolved at boot
Applied in changeset commit:ce04d03ff8c74e50585522dcd7b0deed46138be9. Viktor Gurov
09:51 AM Bug #12072 (Feedback): FQDN L2TP server address is only resolved at boot
PR has been merged. Thanks! Renato Botelho
09:57 AM Bug #12049 (Feedback): Input validation incorrectly rejects a second IPv4-only GRE tunnel
Renato Botelho
09:57 AM Bug #12049: Input validation incorrectly rejects a second IPv4-only GRE tunnel
PR has been merged. Thanks! Renato Botelho
09:50 AM Bug #11940 (Not a Bug): Fix return logic on sigkillbypid
Renato Botelho
08:40 AM Feature #11935: Log external IP address of OpenVPN clients on connect and disconnect
Applied in changeset commit:1e9e12c2180110ef556eee48516cfde0065d4f1a. Viktor Gurov
08:34 AM Feature #11935 (Feedback): Log external IP address of OpenVPN clients on connect and disconnect
PR has been merged. Thanks! Renato Botelho
08:40 AM Bug #11818: Mixed use of aliases in a port range produces unloadable ruleset
Applied in changeset commit:234fbf04cbb6ab2cf64f2e7491b135e9de31af07. Viktor Gurov
08:30 AM Bug #11818 (Feedback): Mixed use of aliases in a port range produces unloadable ruleset
PR has been merged. Thanks! Renato Botelho
08:35 AM Bug #11969 (Feedback): PHP error if no DHCPv6 Relay interfaces are selected
PR has been merged. Thanks! Renato Botelho
08:35 AM Regression #11938: DNS Resolver does not add PTR record for OpenVPN clients
Applied in changeset commit:c7a23ab9400a69b49e6fb09f78d342c972e0d202. Viktor Gurov
08:28 AM Regression #11938 (Feedback): DNS Resolver does not add PTR record for OpenVPN clients
PR has been merged. Thanks! Renato Botelho
08:30 AM Bug #12002: Boot messages contain entries about configuring LAGG/VLAN/QinQ interfaces even when no entries of those types are configured
Applied in changeset commit:c0cbbf0b23bd2bb787ace397758b82999784f3ac. Viktor Gurov
08:21 AM Bug #12002 (Feedback): Boot messages contain entries about configuring LAGG/VLAN/QinQ interfaces even when no entries of those types are configured
PR has been merged. Thanks! Renato Botelho
08:20 AM Bug #6507 (Feedback): GRE and GIF tunnels on dynamic IPv6 interface are not brought up during boot
PR has been merged. Thanks! Renato Botelho
08:20 AM Bug #11922: Certificate manager reports CA as in use by an LDAP server when LDAP is not configured for TLS
Applied in changeset commit:d74bd05275490d30ccd6e607fd58c4e0bd73746e. Viktor Gurov
08:12 AM Bug #11922 (Feedback): Certificate manager reports CA as in use by an LDAP server when LDAP is not configured for TLS
PR has been merged. Thanks! Renato Botelho
08:20 AM Bug #11863: Unable to create nested URL aliases
Applied in changeset commit:8e6cfbc4b58ab19827add586e95098e1700b8069. Viktor Gurov
08:11 AM Bug #11863 (Feedback): Unable to create nested URL aliases
PR has been merged. Thanks! Renato Botelho
08:17 AM Feature #10587 (Feedback): UPnP/NAT-PMP STUN configuration options
PR has been merged. Thanks! Renato Botelho
08:15 AM Bug #4893: Error loading rules when URL Table Ports content is empty
Applied in changeset commit:3ee90a3ee2a00f02a3254a138d05e800fffdaf3e. Viktor Gurov
08:05 AM Bug #4893 (Feedback): Error loading rules when URL Table Ports content is empty
PR has been merged. Thanks! Renato Botelho
08:00 AM Feature #11865: Option to validate OpenVPN peer TLS certificate key usage
Applied in changeset commit:810adc14df07be380eba2a48ed8ff416cacad31e. Viktor Gurov
07:54 AM Feature #11865 (Feedback): Option to validate OpenVPN peer TLS certificate key usage
PR has been merged. Thanks! Renato Botelho
07:53 AM Bug #11905 (Feedback): DHCPv4 server configuration does not include ARM TFTP filenames
PR has been merged. Thanks! Renato Botelho
07:52 AM Bug #11902 (Feedback): Incorrect variable substitution in captive portal error page
PR has been merged. Thanks! Renato Botelho
07:50 AM Bug #7801: UDP fragments received over IPsec tunnel are not properly reassembled and forwarded
Applied in changeset commit:a8e97945b4fdaa9c5228bddf2964d95fb505ee4b. Viktor Gurov
07:41 AM Bug #7801 (Feedback): UDP fragments received over IPsec tunnel are not properly reassembled and forwarded
PR has been merged. Thanks! Renato Botelho
07:45 AM Bug #11829 (Feedback): OpenVPN client certificate validation with OCSP always fails
PR has been merged. Thanks! Renato Botelho
07:45 AM Bug #11816: RFC 2136 Dynamic DNS client uses IPv6 alias VIP instead of Track IPv6 address for AAAA records
Applied in changeset commit:5bb49d3e388717cfb83e138724ba22fd4534eb62. Viktor Gurov
07:35 AM Bug #11816 (Feedback): RFC 2136 Dynamic DNS client uses IPv6 alias VIP instead of Track IPv6 address for AAAA records
PR has been merged. Thanks! Renato Botelho

06/30/2021

03:46 PM Feature #12094 (Feedback): Suppress kernel messages for ``lo0`` configuration during boot
PR has been merged. Thanks! Renato Botelho
03:15 PM Feature #12094 (Resolved): Suppress kernel messages for ``lo0`` configuration during boot
PR : https://github.com/pfsense/pfsense/pull/4529 Christian McDonald
03:45 PM Feature #12086 (Feedback): New Dynamic DNS Provider: deSEC
PR has been merged. Thanks! Renato Botelho
03:32 PM Bug #12095: Memory leak in pcscd
Could be partially mitigated by #11933 -- That daemon should be made optional and off by default except for the few p... Jim Pingle
03:27 PM Bug #12095 (New): Memory leak in pcscd
The PCSC daemon looks to have a memory leak even when it's not in use. Or even when there are no IPSec tunnels define... Steve Wheeler
02:22 PM Bug #12076 (Feedback): OpenVPN RADIUS-based firewall rules do not use expected value for RADIUS-assigned IP addresses
PR has been merged. Thanks! Renato Botelho
02:20 PM Feature #11978: New Dynamic DNS Provider: Strato
Applied in changeset commit:dc6eb05f2373c8e72019aa7be40a2a10c8b9edae. Anonymous
02:17 PM Feature #11978 (Feedback): New Dynamic DNS Provider: Strato
PR has been merged. Thanks! Renato Botelho
02:10 PM Feature #9092 (Feedback): Option to set interval of forced Dynamic DNS updates
PR has been merged. Thanks! Renato Botelho
02:03 PM pfSense Packages Bug #11391 (Feedback): Zeek crashes on 2.5.0
PR has been merged to 2.5.1, 2.5.2-RC and 2.6.0-DEVELOPMENT. Thanks! Renato Botelho
02:03 PM pfSense Packages Bug #11461 (Feedback): zeek package - Web Interface does not display any log content Package/Zeek/Alerts/Real Time Inspection
PR has been merged to 2.5.1, 2.5.2-RC and 2.6.0-DEVELOPMENT. Thanks! Renato Botelho
01:59 PM Todo #12093: Make AutoConfigBackup menu entry point to the settings tab so it loads faster when there is no WAN connectivity
It used to be a package, we decided to integrate it into base when it was made free to all. I don't see it moving bac... Jim Pingle
01:48 PM Todo #12093: Make AutoConfigBackup menu entry point to the settings tab so it loads faster when there is no WAN connectivity
This is something that I've actually been looking into as well over the past few days in response to work on the Wire... Christian McDonald
12:57 PM Bug #11453: ``wpa_supplicant`` uses 100% of a CPU core at boot
Jim Pingle wrote:
> Due to changes in the freebsd-src branch used to build 2.5.2 snapshots, this needs re-tested on ... Hayden Hill
10:16 AM Feature #12092: Utilize new ``pfctl`` abilities to kill states
Note on "That also assumes the rule has an ID in its configuration, which we may need to check is always true."
Th... Marcos M
02:21 AM Regression #11545: Primary interface address is not always used when VIPs are present

> Per my previous redmine reply, you only need to resave the VIP and interface. There is no need to remove it, alt... M Felden

06/29/2021

07:01 PM Regression #11545: Primary interface address is not always used when VIPs are present
M Felden wrote:
> I believe I am seeing this now after upgrading 2.4.5-p1 -> 2.5.1-CE with FRR BGP where FRR is told... Kris Phillips
04:35 PM Feature #12092: Utilize new ``pfctl`` abilities to kill states
→ luckman212 wrote:
> @Jim yes that would be a godsend for multiwan if it works out. I always dreamed of being able ... Jim Pingle
04:14 PM Feature #12092: Utilize new ``pfctl`` abilities to kill states
@Jim yes that would be a godsend for multiwan if it works out. I always dreamed of being able to kill specific states... → luckman212
09:23 AM Feature #12092: Utilize new ``pfctl`` abilities to kill states
Another random thought, it _might_ be possible to leverage this to help with multi-wan (like #8555) since we could ki... Jim Pingle
09:18 AM Feature #12092 (Closed): Utilize new ``pfctl`` abilities to kill states
In the latest pf changes present on 2.6.0, @pfctl@ now supports killing states by label. We are using this to kill sc... Jim Pingle
03:41 PM Regression #12069: Panic in ``pfctl`` with large numbers of states
Excluding from release notes since it's not going to be a problem in any release (introduced in snapshots and fixed t... Jim Pingle
03:36 PM Regression #12069: Panic in ``pfctl`` with large numbers of states
@2.5.2.r.20210629.1350@ looks good to me. @pfctl -ss@ is fast and I'm not seeing any slow down or memory pressure lik... Jim Pingle
08:15 AM Regression #12069 (Feedback): Panic in ``pfctl`` with large numbers of states
We'll have a new RC build soon with the pf changes rolled back so we're closer to the previous version in that area. ... Jim Pingle
03:40 PM Regression #12028 (New): SNMP daemon issues with pf nvlist changes
The changes here have been backed out of 2.5.2 so we'll need to check/test 2.6.0 once it has been synchronized with u... Jim Pingle
03:25 PM pfSense Docs Correction #11096 (Closed): Feedback on pfSense Configuration Recipes — IPsec Site-to-Site VPN Example with Pre-Shared Keys
This recipe has been updated with current recommendations for encryption and also in other ways, such as using settin... Jim Pingle
12:55 PM Bug #12003: Pie and ``fq_pie`` are missing options and do not handle floating point number input correctly

Patch version 4.
shaper-full-v4.patch
Broken up into seperate patches.
shaper-pie-001.patch
Necessary to ge... Anonymous
12:48 PM Bug #10956 (Feedback): Panic configuring LAGG+VLAN interfaces when using a kernel with ``INVARIANTS``.
The relevant commit for this should be present on a build dated *after* this comment.
Given the barrier to testing... Jim Pingle
12:46 PM Bug #11913 (Feedback): RADVD breaks on SIGHUP
Due to changes in the freebsd-src branch used to build 2.5.2 snapshots, this needs re-tested on a build dated *after*... Jim Pingle
12:46 PM Bug #11453 (Feedback): ``wpa_supplicant`` uses 100% of a CPU core at boot
Due to changes in the freebsd-src branch used to build 2.5.2 snapshots, this needs re-tested on a build dated *after*... Jim Pingle
12:46 PM Regression #11524 (Feedback): Using SHA1 or SHA256 with AES-NI may fail if AES-NI attempts to accelerate hashing
Due to changes in the freebsd-src branch used to build 2.5.2 snapshots, this needs re-tested on a build dated *after*... Jim Pingle
12:16 PM Todo #12093 (Resolved): Make AutoConfigBackup menu entry point to the settings tab so it loads faster when there is no WAN connectivity
When @Backup Frequency@ is set to backup on change, changing/saving settings is delayed. This can range from only a s... Marcos M
09:32 AM Bug #8555: Selectively killing states on WAN failure
We _might_ be able to use the new mutli-label and kill-states-by-label support in pf to come up with a solution here ... Jim Pingle
07:58 AM Bug #12079: Kernel panic when running IGMP Proxy: Sleeping thread owns a non-sleepable lock
Re-targeting this to 2.6.0/21.09 Jim Pingle
07:20 AM Regression #12048 (Feedback): Error during XMLRPC synchronization due to changes in ``pear-HTTP_Request2``
I've added a patch from upstream [1] to devel/pear-HTTP_Request2, version 2.4.2_1,1
[1] https://github.com/pear/HT... Renato Botelho
06:51 AM pfSense Packages Bug #12031: Wireguard Package Produces Crash in 2.5.2
Kris Phillips wrote:
> Correction: Wireguard is available in the internal test repo. It is not available on the pub... Renato Botelho
06:46 AM pfSense Packages Bug #12031: Wireguard Package Produces Crash in 2.5.2
Did some sleuthing into Kris's error. This looks like something wrong with the build, not something specific in the p... Christian McDonald

06/28/2021

01:38 PM pfSense Packages Bug #11605 (Closed): Suricata can trigger PHP crash on SG-3100
Closing this as it appears to be the same root cause as #11466 which has a workaround applied as #12004 -- Users can ... Jim Pingle
01:36 PM pfSense Packages Bug #11551 (Closed): SG-3100 with pfBlockerNG doesn't pass traffic
Closing this as it appears to be the same root cause as #11466 which has a workaround applied as #12004 -- Users can ... Jim Pingle
01:24 PM Regression #11316: Unbound crashes with signal 11 when reloading
There is no change since the last updates already covered above in previous comments:
* Unbound still hasn't put o... Jim Pingle
01:17 PM Regression #11316: Unbound crashes with signal 11 when reloading
This problem is very much interfering with my network operations. I have watchdog restarting unbound but
it can take... Remo Wylliams
01:04 PM Regression #11316: Unbound crashes with signal 11 when reloading
For those commenting about restarting the service - that didn't help me. Had to restart the firewalls.
This 5 mont... Eduard Rozenberg
01:00 PM Bug #12079: Kernel panic when running IGMP Proxy: Sleeping thread owns a non-sleepable lock
First a note that to my understanding the bug is not easy to run into. However, booting a kernel with debug options e... Mateusz Guzik
12:46 PM Feature #12091 (New): RFE: Add support for sssd authentication
I'm making use of sssd authentication on pfSense 2.5+, but I keep having to add "sss" to nsswitch.conf because it is ... Orion Poplawski
10:15 AM pfSense Plus Bug #11466: PHP exits with signal 11 on SG-3100 when calling PCRE functions
If anyone is still having issues with PHP crashing on the 3100 after applying "the PCRE JIT patch from comment 32":ht... Jim Pingle
09:10 AM Feature #12086: New Dynamic DNS Provider: deSEC
My bad. I had not noticed that I still were under *pfSense Packages* when creating the issue from my previous issue. ... Markus *
07:59 AM Feature #12086 (Pull Request Review): New Dynamic DNS Provider: deSEC
PR: https://github.com/pfsense/pfsense/pull/4528 Jim Pingle
07:56 AM Feature #12086: New Dynamic DNS Provider: deSEC
Category is there, but this was filed under packages and not base. Jim Pingle
08:14 AM Feature #12090 (Pull Request Review): Add new Dynamic DNS provider: dy.fi
Jim Pingle
08:12 AM pfSense Packages Bug #11461 (Pull Request Review): zeek package - Web Interface does not display any log content Package/Zeek/Alerts/Real Time Inspection
Jim Pingle
08:12 AM pfSense Packages Bug #11391 (Pull Request Review): Zeek crashes on 2.5.0
Jim Pingle
08:11 AM Bug #12089 (Not a Bug): pfSense has detected a crash report or programming bug. Click here for more information.
That is almost certainly a hardware problem, not a bug.... Jim Pingle
08:03 AM pfSense Packages Bug #12088 (Pull Request Review): Setting Advertise Capability to ORF leads to invalid configuration preventing frr from starting
Jim Pingle
08:02 AM Bug #12087 (Not a Bug): Aliase
Unable to reproduce. There must be some other invalid input in the field or similar issue, I can enter that hostname ... Jim Pingle
07:54 AM pfSense Packages Bug #11610 (New): NET-SNMP is not setting the correct permissions on AgentX
Updating issue to reflect that it's really a problem in NET-SNMP.
Setting the permissions to 777/777 seems less th... Jim Pingle
07:49 AM pfSense Packages Bug #12083 (Pull Request Review): Lack of OSPF network input validation causes service startup error
Jim Pingle
07:40 AM pfSense Docs Todo #12082 (Rejected): Freenode IRC
Not a documentation issue. If any decisions are made in this area, we'll update the site as needed. Jim Pingle
07:39 AM Bug #12081 (Not a Bug): Limiters do not work when running pfsense in ESXI
Limiters are not hardware or platform specific. I've recently tested limiters in ESXi, Proxmox, and on bare metal har... Jim Pingle
07:37 AM pfSense Packages Bug #12080 (Pull Request Review): Setting a route-map to redistribute in BGP leads to invalid configuration preventing frr from starting
Jim Pingle
06:55 AM pfSense Packages Bug #12031: Wireguard Package Produces Crash in 2.5.2
I'm not seeing that on both my 2.5.2 and 2.6.0 boxes (both x86 obviously).
I have seen similar output from kld* wh... Christian McDonald
03:49 AM pfSense Packages Feature #12042: Add Zabbix 5.4 agent and proxy packages
Hello, packages still unavailable ? Nox Inmortus

06/27/2021

04:06 PM Feature #12090 (Resolved): Add new Dynamic DNS provider: dy.fi
Dy.fi is a small dynamic service provider exclusive to Finland (i.e., the service requires that the client IP locates... Jaakko Kantojärvi
03:57 PM Feature #9092: Option to set interval of forced Dynamic DNS updates
Fix aka. the PR in review: https://github.com/pfsense/pfsense/pull/4527 Jaakko Kantojärvi
11:46 AM pfSense Packages Bug #11461: zeek package - Web Interface does not display any log content Package/Zeek/Alerts/Real Time Inspection
Fixed in this PR: https://github.com/pfsense/FreeBSD-ports/pull/1077 Prosper Doko
11:45 AM pfSense Packages Bug #11391: Zeek crashes on 2.5.0
Fixed in this PR: https://github.com/pfsense/FreeBSD-ports/pull/1077 Prosper Doko
07:38 AM Bug #12089 (Not a Bug): pfSense has detected a crash report or programming bug. Click here for more information.
Pfsense se rompe y se reinicia. Ricardo Adolfo Sánchez Arboleda

06/26/2021

09:48 PM pfSense Packages Bug #12088: Setting Advertise Capability to ORF leads to invalid configuration preventing frr from starting
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/100
This accomplishes the following:
* Allow th... Marcos M
08:09 PM pfSense Packages Bug #12088 (Resolved): Setting Advertise Capability to ORF leads to invalid configuration preventing frr from starting
Selecting @ORF@ under @Services / FRR BGP / Neighbors // Advanced Options / Advertise Capability@ results in an inval... Marcos M
09:28 PM pfSense Packages Bug #11711 (Resolved): New Squid Status Page Non-Functional
Confirmed on 2.5.2 June 26th build of Community Edition that this issue is resolved. I have enabled both services an... Kris Phillips
09:17 PM pfSense Packages Bug #12030: Startup Errors for Avahi Package
Confirmed this is the case. We may want to consider making this a "more friendly" error, as it looks like a bug unti... Kris Phillips
07:14 PM Bug #12087 (Not a Bug): Aliase
Boa noite!
Gostaria de reportar algo que eu acredito ser um bug na última versão (2.5.1) do pfsense community editio... Gustavo Carvalho
06:04 PM Feature #12086 (Resolved): New Dynamic DNS Provider: deSEC
Even though deSEC can currently be used with the "custom":https://docs.netgate.com/pfsense/en/latest/services/dyndns/... Markus *
04:21 PM Bug #11959 (Resolved): PPP interfaces lose the description field in ``ifconfig`` output when restarted
pppoe0: flags=8890<POINTOPOINT,NOARP,SIMPLEX,MULTICAST> metric 0 mtu 1500
description: OPT1
nd6 opt... Alhusein Zawi
03:28 PM pfSense Packages Bug #12031 (Assigned): Wireguard Package Produces Crash in 2.5.2
Correction: Wireguard is available in the internal test repo. It is not available on the public-facing repo. I was ... Kris Phillips
02:28 PM pfSense Packages Bug #12031: Wireguard Package Produces Crash in 2.5.2
Checked on 2.5.2 June 26th build. The updated Wireguard package is not merged into the branch repo currently it woul... Kris Phillips
02:35 PM pfSense Packages Bug #12085 (Resolved): OpenVM Tools vmware-kmod service won't start in 2.5.2 RC on ESXi 6.0
Tetsed with OpenVM Tools version 10.1.0_5,1
Since upgrading to 2.5.2.r.20210626.0300 the vmware-kmod service fails... Max Leighton
12:55 PM pfSense Packages Bug #11610: NET-SNMP is not setting the correct permissions on AgentX
Found the issue,
net-snmp is the issue since it sets the agentx file with permissions that could not be accessed b... Yif Swery
12:47 PM Bug #11727 (Resolved): Cannot enter persistent CARP maintenance mode when CARP is disabled
Tested in
2.6.0-DEVELOPMENT (amd64)
built on Sat Jun 26 01:04:01 EDT 2021
FreeBSD 12.2-STABLE
It doesn't tell... Max Leighton
09:25 AM pfSense Packages Bug #12065 (Resolved): PHP crash when creating a new report in mailreport 3.6.3_2
Tetsted in 3.6.3_3. The PHP crash is no longer present. Marking the ticket resolved. Max Leighton
09:00 AM pfSense Packages Bug #12083: Lack of OSPF network input validation causes service startup error
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/99 Viktor Gurov
08:20 AM pfSense Packages Bug #12083 (Resolved): Lack of OSPF network input validation causes service startup error
There is no input validation in the @OSPF Networks@ fields on the frr_ospf.xml page and this allows incorrect network... Viktor Gurov
08:22 AM pfSense Packages Bug #12084 (New): libfrr.so.0 error on SG-1100
harmless error on SG-1100 while starting FRR service:... Viktor Gurov
04:03 AM pfSense Docs Todo #12082 (Rejected): Freenode IRC
Lot of projects are moving there IRC away from Freenode due to owner / policy changes.
Please review the use of Fre... Pim Janssen
03:05 AM Bug #12081 (Not a Bug): Limiters do not work when running pfsense in ESXI
I have been running pfsense for years, both on metal and in esxi. When running on metal, I use bufferbloat exactly as... Mark Vos

06/25/2021

04:25 PM pfSense Packages Bug #11459 (Resolved): pfBlockerNG doesn't include WireGuard interface in outbound floating rules
After enabling the Wireguard service, the system automatically creates an interface group with the name WireGuard (Fi... Danilo Zrenjanin
04:03 PM pfSense Packages Bug #11878 (Resolved): squidguard dependencies missing
Tested on:... Danilo Zrenjanin
03:55 PM pfSense Packages Bug #12073: ``netsnmptrapd.conf`` syntax for ``snmpTrapdAddr`` is wrong
Tested on :... Danilo Zrenjanin
03:19 PM pfSense Packages Bug #12080: Setting a route-map to redistribute in BGP leads to invalid configuration preventing frr from starting
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/98 Marcos M
03:14 PM pfSense Packages Bug #12080 (Resolved): Setting a route-map to redistribute in BGP leads to invalid configuration preventing frr from starting
Selecting a route map under @Services / FRR BGP // Network Distribution / Redistribute Local@ results in an invalid @... Marcos M
02:52 PM Bug #12079 (Closed): Kernel panic when running IGMP Proxy: Sleeping thread owns a non-sleepable lock
IGMPProxy can trigger a kernel panic in 2.5.2-RC.... Steve Wheeler
01:57 PM Bug #10956: Panic configuring LAGG+VLAN interfaces when using a kernel with ``INVARIANTS``.
Updating subject but excluding from release notes since it wouldn't affect any potential release, only debugging kern... Jim Pingle
01:54 PM Bug #10956 (New): Panic configuring LAGG+VLAN interfaces when using a kernel with ``INVARIANTS``.
A fix has been committed to FreeBSD, we will make sure it gets into 2.5.2.... Jim Pingle
12:55 PM Regression #11910: IPsec status tunnel descriptions are incorrect
Also in another setup, just having two VTI tunnels seems to do the same thing. See image attached. Marcos M
12:04 PM Bug #11960: Gateway Monitoring Traffic Goes Out Default Gateway
UPDATE! Bug only exists upon "link down"
+SETUP:+
# Dual WAN connections
# GW group configured as
## failover... James Blanton
10:03 AM Feature #9092 (Pull Request Review): Option to set interval of forced Dynamic DNS updates
Jim Pingle
07:38 AM Bug #12075: Changes to an existing IPsec configuration are not applied on HA secondary after XMLRPC sync
Copied from my comments on the PR:
Skipping entries negates the entire point of doing the configure during XMLRPC ... Jim Pingle
07:38 AM Bug #12075 (Pull Request Review): Changes to an existing IPsec configuration are not applied on HA secondary after XMLRPC sync
Jim Pingle
03:21 AM Bug #12075: Changes to an existing IPsec configuration are not applied on HA secondary after XMLRPC sync
PH1 entries with BACKUP VIP or VIPs aliased to BACKUP CARP must be skipped in `ipsec_get_phase1_src()` (see also http... Viktor Gurov
03:12 AM Bug #12075: Changes to an existing IPsec configuration are not applied on HA secondary after XMLRPC sync
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/292 Viktor Gurov
07:33 AM Bug #12078 (Not a Bug): DNS Resolution Behavior does not consider named when setting localhost
Since named is a package, it doesn't integrate into base in that way by design. If someone wants to set that up and u... Jim Pingle
01:49 AM Bug #12072: FQDN L2TP server address is only resolved at boot
works as expected as reported on the forum:
https://forum.netgate.com/topic/164614/pfsense-2-4-5-p1-l2tp-server-ip-r... Viktor Gurov

06/24/2021

11:52 PM pfSense Packages Bug #12031: Wireguard Package Produces Crash in 2.5.2

no crash report after installing WireGuard .
2.6.0.a.20210624.0100
WireGuard ver. 0.1.3 Alhusein Zawi
04:19 PM Bug #12078 (Not a Bug): DNS Resolution Behavior does not consider named when setting localhost
With dnsmasq and unbound disabled, and instead using Bind/named, the setting @DNS Resolution Behavior@ under @System ... Marcos M
02:53 PM Regression #11910: IPsec status tunnel descriptions are incorrect
Another scenario which may be related to whatever root cause this is:
While DPD is happening, i.e. waiting for the... Marcos M
02:23 PM Bug #12071: Responder Only IPsec tunnel tries to connect on secondary node when a failover happens in HA
Yes, DPD does have to timeout (which can take several minutes), unfortunately by the time the primary goes into BACKU... Jim Pingle
02:10 PM Bug #12071 (Closed): Responder Only IPsec tunnel tries to connect on secondary node when a failover happens in HA
Marcos M
02:09 PM Bug #12071: Responder Only IPsec tunnel tries to connect on secondary node when a failover happens in HA
I re-tested this and indeed the issue is the "apply-after-sync" behavior.
Further testing explained the following ... Marcos M
02:15 PM Bug #12075: Changes to an existing IPsec configuration are not applied on HA secondary after XMLRPC sync
Perhaps it could be treated similarly to FRR and OpenVPN where the secondary checks whether its interface is CARP, an... Marcos M
12:05 PM pfSense Packages Bug #11887 (Feedback): Squid service starts twice by /etc/rc.start_packages
PR has been merged. Thanks! Renato Botelho
12:05 PM pfSense Packages Bug #11711 (Feedback): New Squid Status Page Non-Functional
PR has been merged. Thanks! Renato Botelho
12:03 PM pfSense Packages Bug #11878 (Feedback): squidguard dependencies missing
PR merged on 2.6.0 CE. Thanks Renato Botelho
08:45 AM Feature #12077 (New): Allow stick-connections per gateway group
Currently the Sticky Connections option for load-balance gateway groups is globally applied.
However it's actually... Steve Wheeler
07:30 AM Bug #6507 (Pull Request Review): GRE and GIF tunnels on dynamic IPv6 interface are not brought up during boot
Jim Pingle
06:56 AM Bug #6507: GRE and GIF tunnels on dynamic IPv6 interface are not brought up during boot
small fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/291 Viktor Gurov
07:29 AM Bug #12072 (Pull Request Review): FQDN L2TP server address is only resolved at boot
Jim Pingle
06:51 AM Bug #12072: FQDN L2TP server address is only resolved at boot
fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/290 Viktor Gurov
07:22 AM pfSense Packages Bug #12065 (Feedback): PHP crash when creating a new report in mailreport 3.6.3_2
PR has been merged. Thanks! Renato Botelho
06:43 AM Regression #12069: Panic in ``pfctl`` with large numbers of states
This issue doesn't have anything to do with Unbound directly. The screenshots I added above were from a system which ... Jim Pingle
05:34 AM Regression #12069: Panic in ``pfctl`` with large numbers of states
Issue unlikely to be limited to or related to Unbound. Unbound was mentioned originally in the context that it is a g... M Felden
05:22 AM Regression #12069: Panic in ``pfctl`` with large numbers of states
I have more details...
I unplug LAN and WAN cable and wait 4-5 minutes.... Then I plug them both in. After few sec... Greg M
12:18 AM Bug #12076: OpenVPN RADIUS-based firewall rules do not use expected value for RADIUS-assigned IP addresses
https://github.com/pfsense/pfsense/pull/4526 Viktor Gurov

06/23/2021

04:24 PM Bug #12076 (Resolved): OpenVPN RADIUS-based firewall rules do not use expected value for RADIUS-assigned IP addresses
Current OpenVPN script implemented to trigger Cisco-AVPair ACL in PF chains allows the ... Florian Lourdault
03:40 PM Regression #12069: Panic in ``pfctl`` with large numbers of states
Retested on pfSense+ 21.05. Found the systems still pass traffic, even with 7.1M states.
pfSenseCE 2.5.2 did no... Patrick Sanderson
03:11 PM Regression #12069: Panic in ``pfctl`` with large numbers of states
Additional panic output from a system in the test lab with >1M states Jim Pingle
01:08 PM Regression #12069: Panic in ``pfctl`` with large numbers of states
I can reproduce this now but it took a few tries.
Here is what I did:
First, set the firewall to conservative m... Jim Pingle
03:35 PM Bug #12071: Responder Only IPsec tunnel tries to connect on secondary node when a failover happens in HA
Since the apply-after-sync thing seems to be its own legitimate issue, I created #12075 for it. If this turns out to ... Jim Pingle
03:17 PM Bug #12071 (Feedback): Responder Only IPsec tunnel tries to connect on secondary node when a failover happens in HA
I can't reproduce this as stated, at least on 2.5.2. I set the HA pair as responder only and set the far side to alwa... Jim Pingle
03:34 PM Bug #12075 (Resolved): Changes to an existing IPsec configuration are not applied on HA secondary after XMLRPC sync
When synchronizing settings over XMLRPC, the secondary only reconfigures the IPsec daemon if IPsec is enabled or disa... Jim Pingle
02:34 PM pfSense Packages Bug #12074: Freeradius: Additional Information field descriptions swapped
https://gitlab.netgate.com/pfSense/factory-ports/-/merge_requests/6 Steve Wheeler
02:00 PM pfSense Packages Bug #12074 (Resolved): Freeradius: Additional Information field descriptions swapped
In Freeradius > Settings > Logging Configuration the field descriptions for 'Additional Information for Bad Attempts'... Steve Wheeler
01:12 PM pfSense Packages Bug #12031 (Feedback): Wireguard Package Produces Crash in 2.5.2
WireGuard package version 1.1.3 was merged into 2.6.0 and 2.5.2 Renato Botelho
01:12 PM pfSense Packages Bug #11950 (Feedback): Wireguard Package Errors and DNS problem
WireGuard package version 1.1.3 was merged into 2.6.0 and 2.5.2 Renato Botelho
12:23 PM Bug #11701 (Feedback): Missing global ``$g`` declaration in ``config.lib.inc`` function ``pfSense_clear_globals()``
PR has been merged. Thanks! Renato Botelho
12:23 PM Bug #12007 (Feedback): Dynamic DNS cache expiration time check calculation method may cause update to happen on the wrong day
PR has been merged. Thanks! Renato Botelho
12:23 PM Bug #12020 (Feedback): OpenVPN RADIUS-based firewall rules use incorrect port ranges
PR has been merged. Thanks! Renato Botelho
12:09 PM Todo #11976 (Feedback): Compliance with pfSense style guide in Dynamic DNS service code
PR has been merged. Thanks! Renato Botelho
10:10 AM pfSense Packages Bug #11687 (Feedback): Fix download URLs for SecuriteInfo.com
PR has been merged. Thanks! Renato Botelho
10:09 AM pfSense Packages Bug #12073 (Feedback): ``netsnmptrapd.conf`` syntax for ``snmpTrapdAddr`` is wrong
PR has been merged. Thanks! Renato Botelho
10:07 AM pfSense Packages Bug #12073 (New): ``netsnmptrapd.conf`` syntax for ``snmpTrapdAddr`` is wrong
The snmptrapd configuration uses the keyword "snmpTrapdAddr" instead of
"agentaddress". This is probably a copy-past... Renato Botelho
10:03 AM pfSense Packages Feature #11310 (Feedback): Adding a widget to apcupsd plug-in
PR has been merged to CE 2.6.0 so we can get it tested and then cherry-pick to stable branches Renato Botelho
09:50 AM pfSense Packages Feature #11948 (Feedback): ACME: Support specifying non-default port for nsupdate DNS validation method
PR has been merged. Thanks! Renato Botelho
09:41 AM Bug #9362: rc.dyndns.update: Cloudflare DDNS with proxy enabled doesn't work at all
thx for the patch Robert R. :)
 Jason Hodgdon
09:22 AM Bug #12072: FQDN L2TP server address is only resolved at boot
we need to restart the L2TP/PPTP interfaces that use WAN as parent on /etc/rc.newwanip event
like GRE/GIF: https://g... Viktor Gurov
05:45 AM Bug #12072 (Resolved): FQDN L2TP server address is only resolved at boot
Hello!
Im using "russian vpn" scheme to connect with ISP - WAN interface with DHCP (actually internal ISP network)... Alex BJ
08:01 AM pfSense Packages Bug #9895: snort reinstallation failed
Viktor Gurov wrote:
> same issue on 2.6.0.a.20210622.0100:
> [...]
>
> Another solution: https://forum.netgate.c... Bill Meeks
06:18 AM pfSense Packages Bug #9895: snort reinstallation failed
same issue on 2.6.0.a.20210622.0100:... Viktor Gurov
07:05 AM pfSense Docs Correction #11735 (Closed): Feedback on Hardware — Hardware Tuning and Troubleshooting
Jim Pingle
07:01 AM pfSense Packages Feature #11210: 3rd party rulesets
>
> For example https://sslbl.abuse.ch/blacklist/#ssl-certificates-suricata
- added to 6.0.0_11
see https://for... Viktor Gurov
05:44 AM pfSense Packages Bug #11459: pfBlockerNG doesn't include WireGuard interface in outbound floating rules
You will need to assign the WireGuard tunnel to a pfSense interface. pfBlocker can't 'see' unassigned WireGuard tunnels. Christian McDonald

06/22/2021

07:58 PM Bug #12071 (Closed): Responder Only IPsec tunnel tries to connect on secondary node when a failover happens in HA
Normally with an IPsec tunnel on a pfSense HA setup, failing over to the secondary makes the IPsec start on the new m... Marcos M
04:24 PM pfSense Docs Correction #11735: Feedback on Hardware — Hardware Tuning and Troubleshooting
Looks good. Marcos M
02:35 PM pfSense Docs Correction #11735: Feedback on Hardware — Hardware Tuning and Troubleshooting
Check the doc again now.
Should be better.
https://gitlab.netgate.com/docs/pfSense-docs/-/commit/1a8fd83fbc4bc389... Jim Pingle
02:59 PM Feature #12070 (Resolved): Support for VLAN ``0``
Hello, I'm not sure if this should be a bug or feature request. Internet fiber providers in the USA and abroad tag th... Michael LaCroix
12:45 PM Bug #12061 (Closed): Update NGINX to address CVE-2021-23017
@nginx-1.20.1,2@ is in the latest test build. GUI, XMLRPC, and captive portal are all working as expected.
While I... Jim Pingle
12:07 PM pfSense Packages Bug #12065 (Pull Request Review): PHP crash when creating a new report in mailreport 3.6.3_2
Jim Pingle
10:50 AM pfSense Packages Bug #12065: PHP crash when creating a new report in mailreport 3.6.3_2
fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/96 Viktor Gurov
08:48 AM pfSense Packages Bug #11766 (Feedback): Certificate no more pointed "in use" by haproxy
PR has been merged. Thanks! Renato Botelho
08:48 AM pfSense Packages Bug #11937 (Feedback): HAproxy "Use Client-IP" option breaks Captive Portal
PR has been merged. Thanks! Renato Botelho
08:47 AM pfSense Packages Feature #10779 (Feedback): HAProxy SSL/TLS Compatibility Mode
PR has been merged. Thanks! Renato Botelho
08:46 AM pfSense Packages Bug #11491 (Feedback): haproxy-devel v0.62_2 - startup error 'httpchk'
PR has been merged. Thanks! Renato Botelho
08:46 AM pfSense Packages Feature #10739 (Feedback): Update HAproxy-devel package to 2.2 and HAproxy to 2.0
PR has been merged. Thanks! Renato Botelho
08:44 AM pfSense Packages Bug #11993 (Feedback): PHP error after disabling HAProxy
PR has been merged. Thanks! Renato Botelho
08:39 AM pfSense Packages Bug #6235 (Resolved): Snort sometimes crashes during rule update process (specifically related to VRT .so rule update?)
PR has been merged Renato Botelho
08:38 AM pfSense Packages Bug #11637 (Resolved): Preprocs - possible to create two defaults
PR has been merged Renato Botelho
08:20 AM pfSense Plus Bug #12068 (Not a Bug): Upgrade to 21.05 fails with seg fault
There is not enough information here to classify that as a bug, and there are numerous others who have upgraded succe... Jim Pingle
01:44 AM pfSense Plus Bug #12068 (Not a Bug): Upgrade to 21.05 fails with seg fault
When trying to upgrade the sg3100 to 21.05 (from 21.02.2). The upgrade fails during the system reload during the "con... Daniel Ramirez
07:29 AM Regression #12069 (Resolved): Panic in ``pfctl`` with large numbers of states
Only "one report of this so far":https://forum.netgate.com/post/988755, so it's unclear how many it may affect. User ... Jim Pingle

06/21/2021

09:31 PM pfSense Docs Correction #11735: Feedback on Hardware — Hardware Tuning and Troubleshooting
Of note, @hw.ix.flow_control=0@ in @loader.conf.local@ can still be used, though it's probably best to keep it as dev... Marcos M
03:43 PM pfSense Docs Correction #11735 (Feedback): Feedback on Hardware — Hardware Tuning and Troubleshooting
Updated as a part of https://gitlab.netgate.com/docs/pfSense-docs/-/commit/35e2d56cc2f1021b58ee71135d99d371e332af1e
 Jim Pingle
12:53 PM pfSense Docs Correction #11735 (In Progress): Feedback on Hardware — Hardware Tuning and Troubleshooting
Jim Pingle
06:37 PM Bug #12061 (Feedback): Update NGINX to address CVE-2021-23017
I've cherry-picked commits to upgrade it to 1.20.1,2 on RELENG_2_5_2. Development branches will get it on next round... Renato Botelho
03:43 PM pfSense Docs Correction #9228 (Feedback): Feedback on Hardware — Hardware Sizing Guidance
Updated as a part of https://gitlab.netgate.com/docs/pfSense-docs/-/commit/35e2d56cc2f1021b58ee71135d99d371e332af1e
... Jim Pingle
01:06 PM pfSense Docs Correction #9228 (In Progress): Feedback on Hardware — Hardware Sizing Guidance
Jim Pingle
03:43 PM pfSense Docs New Content #10225 (Feedback): Add cryptographic hardware info to the SG-3100 manual
Not in the manual, but updated related info as a part of https://gitlab.netgate.com/docs/pfSense-docs/-/commit/35e2d5... Jim Pingle
03:35 PM pfSense Docs New Content #10225 (In Progress): Add cryptographic hardware info to the SG-3100 manual
Jim Pingle
03:10 PM Bug #11960: Gateway Monitoring Traffic Goes Out Default Gateway
Jim, Sorry for the delay but I've been out of the office a good bit the past month.
I've updated the SG-3100 to 21... James Blanton
10:29 AM pfSense Packages Bug #12031: Wireguard Package Produces Crash in 2.5.2
Christian McDonald wrote:
> Hi all,
>
> Yes this fix (along with a ton of other fixes) are in the current PR.
... Marcello Marques
09:53 AM pfSense Packages Bug #12031: Wireguard Package Produces Crash in 2.5.2
Hi all,
Yes this fix (along with a ton of other fixes) are in the current PR. Christian McDonald
09:12 AM pfSense Packages Bug #12031: Wireguard Package Produces Crash in 2.5.2
Renato Botelho wrote:
> I'll take care of this one
FWIW, I've been running 0.1.2 _(over several minor revisions)_... Marcello Marques
08:53 AM pfSense Packages Bug #12031: Wireguard Package Produces Crash in 2.5.2
I'll take care of this one Renato Botelho
08:34 AM pfSense Packages Bug #12031: Wireguard Package Produces Crash in 2.5.2
Kris Phillips wrote:
> Issue continues to be present in June 17th 2.5.2 RC build
It's already fixed in the latest... Marcello Marques
08:39 AM Bug #12067 (New): DHCP Monitoring Statistics Error
I have 2 DHCP pool (51 + 51 IP address) in one network (see attachments screen)
But monitoring DHCP show maximum dhc... Evgeny Korostelev
08:00 AM Bug #12049 (Pull Request Review): Input validation incorrectly rejects a second IPv4-only GRE tunnel
Jim Pingle
07:57 AM pfSense Packages Bug #12064 (Duplicate): Navbar not responsive when running iperf
Duplicate of #8502 Jim Pingle
07:44 AM Feature #12066: Include man and man pages for all core programs and packages
Currently we deliberately remove them to save on space, though these days space isn't at as much of a premium as it w... Jim Pingle
06:46 AM Regression #11316: Unbound crashes with signal 11 when reloading
As an ugly workaround, I'm using "Service Watchdog" package to restart *unbound* when it crashes. This happens every... Akom Benevolent
05:44 AM pfSense Packages Feature #12042: Add Zabbix 5.4 agent and proxy packages
Hello, thanks for the work, how long until available ? Nox Inmortus

06/20/2021

07:41 AM pfSense Packages Bug #12030: Startup Errors for Avahi Package
The service warnings are expected if you don't have publishing enabled. It's disabled by default.
See: https://forum... Steve Wheeler

06/19/2021

09:59 PM pfSense Packages Bug #12031: Wireguard Package Produces Crash in 2.5.2
Issue continues to be present in June 17th 2.5.2 RC build Kris Phillips
08:03 PM Bug #12050: "GoTo line #" function does not work on ``diag_edit.php``
seems working -- tested on 21.09.a.20210619.0100 Jordan G
04:44 PM Feature #12066 (New): Include man and man pages for all core programs and packages
Having the man pages - where available - for all out-of-the-box binaries would improve scenarios where there are no o... e 1/1
01:45 PM pfSense Packages Bug #12065 (Resolved): PHP crash when creating a new report in mailreport 3.6.3_2
When creating a new report in mail report 3.6.3_2 a PHP crash is generated. This is triggered as soon as you save the... Max Leighton
12:54 PM pfSense Packages Bug #12030: Startup Errors for Avahi Package
This issue is still present in the June 17th build. Kris Phillips
12:14 PM Bug #12039: Gateway alarm always triggers IPsec restart
fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/289
https://gitlab.netgate.com/pfSense/FreeBSD-por... Viktor Gurov
12:13 PM pfSense Packages Bug #12064 (Duplicate): Navbar not responsive when running iperf
In iperf 3.0.2_5, after starting iperf client or server, the navbar is visible but clicking any of the dropdown menus... Max Leighton
02:51 AM Regression #12040 (Resolved): Scheduled firewall rules failing to load
works as expected on 2.5.2.r.20210617.1709:... Viktor Gurov
12:27 AM Bug #12049: Input validation incorrectly rejects a second IPv4-only GRE tunnel
fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/288 Viktor Gurov

06/18/2021

10:02 PM Bug #11581 (Resolved): Cannot configure WAN IP address with ``/32`` CIDR mask via console menu
I was able to assign IP address with/32 via console
*** Welcome to pfSense 2.6.0-DEVELOPMENT (amd64) on pfSense *... Alhusein Zawi
08:46 PM Bug #6055: Menu items may remain from packages no longer installed
Chris Buechler wrote:
> Adrien Carlyle wrote:
> > Is there any way to manually correct this?
>
> Edit the <menu>... Jeff Strand
06:24 PM pfSense Docs New Content #12063 (Closed): Document recently added options for Configuring RFC 2136 Dynamic DNS updates
*Page:* https://docs.netgate.com/pfsense/en/latest/services/dyndns/rfc2136.html
*Feedback:*
# @Zone@: Field not o... Marcos M
05:21 PM pfSense Docs Correction #12062 (Closed): Add Netgate 2100 and 6100 to Throughput Considerations table
That whole page is going to go away: #9228
Once there is a static page we can link to with the numbers from the si... Jim Pingle
05:19 PM pfSense Docs Correction #12062 (Closed): Add Netgate 2100 and 6100 to Throughput Considerations table
h2. Please add the Netgate 2100 and Netgate 6100 to the table on the "Throughput Considerations page":https://docs.ne... Audian Paxson
03:36 PM pfSense Packages Bug #6235: Snort sometimes crashes during rule update process (specifically related to VRT .so rule update?)
The Snort GUI package now has additional logic to ensure running Snort interfaces at the start of a rules update cycl... Bill Meeks
03:33 PM pfSense Packages Bug #11637: Preprocs - possible to create two defaults
The remaining GUI bug reported in this issue is fixed in this Snort GUI package Pull Request: https://github.com/pfs... Bill Meeks
03:16 PM Bug #12022 (Resolved): Incorrect OpenVPN Client Export help link
fixed
openvpn help points to https://docs.netgate.com/pfsense/en/latest/packages/openvpn-client-export.html
2.6... Alhusein Zawi
08:00 AM Bug #12022 (Feedback): Incorrect OpenVPN Client Export help link
Applied in changeset commit:62c8a02a9cc6585579fda1e5ec68a1fdbfb0d129. Jim Pingle
07:46 AM Bug #12022 (In Progress): Incorrect OpenVPN Client Export help link
Looks like the help.php line is referencing the wrong file. I'll fix it. Jim Pingle
02:44 AM Bug #12022: Incorrect OpenVPN Client Export help link
Tested on:... Danilo Zrenjanin
01:57 PM Feature #12011: Disable log compression on new installations when ``/var/log`` is a ZFS dataset with compression enabled
I thought perhaps I could have the default be assumed as 'none' with ZFS but in practice that didn't go as well as I'... Jim Pingle
01:55 PM Bug #11959: PPP interfaces lose the description field in ``ifconfig`` output when restarted
Applied in changeset commit:56ad99b3989f0d6bcf1f16ac3eaf727ec6b6c901. Viktor Gurov
01:48 PM Bug #11959 (Feedback): PPP interfaces lose the description field in ``ifconfig`` output when restarted
PR has been merged. Thanks! Renato Botelho
01:55 PM Bug #12000: Remote log server input validation allows invalid values
Applied in changeset commit:c2c11dcf6dd2b71d554d2870a39373e75c70e624. Viktor Gurov
01:45 PM Bug #12000 (Feedback): Remote log server input validation allows invalid values
PR has been merged. Thanks! Renato Botelho
01:45 PM Bug #12023: Mobile IPsec NAT/BINAT entries missing from firewall rules
Applied in changeset commit:99f957fe21d514f9b2bb945fb07c0277df210d03. Viktor Gurov
01:39 PM Bug #12023 (Feedback): Mobile IPsec NAT/BINAT entries missing from firewall rules
PR has been merged. Thanks! Renato Botelho
01:45 PM Bug #12041: Certificate Manager shows incorrect DN for imported entries with UTF-8 encoding
Applied in changeset commit:8abff49b82f6a8ee143cf10f939ed6ca2ad3d4d7. Viktor Gurov
01:38 PM Bug #12041 (Feedback): Certificate Manager shows incorrect DN for imported entries with UTF-8 encoding
PR has been merged. Thanks! Renato Botelho
01:15 PM Todo #12060 (Feedback): Remove deprecated ``libzmq`` code and references
Applied in changeset commit:afab96d6b3bcc47e8fb5b2cd8cbe49d4aefe1a55. Renato Botelho
01:00 PM Todo #12060 (Resolved): Remove deprecated ``libzmq`` code and references
Once upon a time ZMQ was intended to be a potential logging or notification type, but that hasn't been touched in qui... Jim Pingle
01:09 PM Bug #12061: Update NGINX to address CVE-2021-23017
http://nginx.org/en/CHANGES shows it's fixed in 1.20.1, but 1.20.1 is not yet in the ports tree: https://github.com/f... Jim Pingle
01:06 PM Bug #12061 (Closed): Update NGINX to address CVE-2021-23017
https://vuxml.freebsd.org/freebsd/0882f019-bd60-11eb-9bdd-8c164567ca3c.html
NGINX needs to be updated to resolve t... Kris Phillips
12:11 PM Bug #12059 (Rejected): After about an hour DNSSEC lookups start to fail
There isn't enough information to definitively identify this as a bug, and this site is not for support or diagnostic... Jim Pingle
12:07 PM Bug #12059 (Rejected): After about an hour DNSSEC lookups start to fail
After a fresh restart of the server or just unbound everything works great, in the below log paste I used idrive.com.... Keith Owen
11:38 AM pfSense Packages Bug #12058 (Duplicate): pfBlockerNG / "Cannot allocate memory" from Geo blocking IP list
My pfsense emailed me an error yesterday:
```
Notifications in this message: 1
================================
... Sean McBride
09:50 AM Todo #11985: Ensure ``/usr/local/sbin/`` scripts use full path to executable files
Applied in changeset commit:68d8e58c9efd5d43aa0331fa72c4140161972e36. Viktor Gurov
09:41 AM Todo #11985 (Feedback): Ensure ``/usr/local/sbin/`` scripts use full path to executable files
PR has been merged. Thanks! Renato Botelho
09:45 AM Bug #12034: Certificate Manager performs redundant escaping of special characters in certificate DN fields
Applied in changeset commit:692510f22097bc6100fde467d2f6b3aea8cd51bc. Viktor Gurov
09:39 AM Bug #12034 (Feedback): Certificate Manager performs redundant escaping of special characters in certificate DN fields
PR has been merged. Thanks! Renato Botelho
07:12 AM Bug #12034 (Pull Request Review): Certificate Manager performs redundant escaping of special characters in certificate DN fields
Jim Pingle
09:05 AM Feature #12055: Option to disable XMLRPC Sync for Loopback Virtual IPs
Changing the sync default behavior would be a POLA violation as it would break users who rely on that behavior now.
... Jim Pingle
08:49 AM Feature #12055: Option to disable XMLRPC Sync for Loopback Virtual IPs
That seems unnecessarily complex and counter-intuitive. If I go that route then I have a routable IP address on two d... Chris Myles
08:39 AM Feature #12055: Option to disable XMLRPC Sync for Loopback Virtual IPs
Then set FRR differently on each node so it only advertises the addresses you want from each node. FRR does not suppo... Jim Pingle
08:35 AM Feature #12055: Option to disable XMLRPC Sync for Loopback Virtual IPs
They should be advertised though as the loopbacks serve as the primary management addresses for their corresponding n... Chris Myles
08:26 AM Feature #12055: Option to disable XMLRPC Sync for Loopback Virtual IPs
Use the features built into the dynamic routing protocols to prevent those addresses from being advertised. That's th... Jim Pingle
08:20 AM Feature #12055: Option to disable XMLRPC Sync for Loopback Virtual IPs
The problem is that when you configure a loopback address, it's considered a directly connected network and will be a... Chris Myles
07:43 AM Feature #12055 (Feedback): Option to disable XMLRPC Sync for Loopback Virtual IPs
While it is capable of receiving traffic from another host, nothing could ARP for it, so it can't "conflict" as other... Jim Pingle
08:34 AM Regression #12057: 21.09/2.6.0 - High CPU usage and slowness with ``pfctl -ss``
As I mentioned on #12045 we are aware and it will be automatically addressed during the next upstream sync. 2.6.0 is ... Jim Pingle
08:28 AM Regression #12057 (Resolved): 21.09/2.6.0 - High CPU usage and slowness with ``pfctl -ss``
pfctl -ss is taking consuming large amounts of CPU and taking much longer than it should to output data on 2.6:
ht... RED SKULL
08:27 AM Regression #12045: High CPU usage and slowness with ``pfctl -ss``
Yes, we are aware, but 2.6.0 will get the fix when we do a full sync with FreeBSD sources next, which wasn't an optio... Jim Pingle
08:23 AM Regression #12045: High CPU usage and slowness with ``pfctl -ss``
2.6 has the same problem. This fix needs to be applied there too.
https://www.reddit.com/r/PFSENSE/comments/nz8fm... RED SKULL
07:37 AM pfSense Packages Bug #12054 (Feedback): "succesfully" misspelled
Pushed a fix. The typo was repeated a total of three times in there, actually. Jim Pingle
07:28 AM pfSense Plus Bug #12053 (Feedback): PRF Algorithm is Always Set to SHA256 on New Tunnel Creations
I can't reproduce this here. I see the config.xml tag @<prf-algorithm>sha256</prf-algorithm>@ but it does not get put... Jim Pingle
06:25 AM Bug #11846: Logging configuration added by a package is not removed on uninstall
Applied in changeset commit:71024ca1064fe21145d7402ec5abc05360558f5e. Viktor Gurov
06:15 AM Bug #11846 (Feedback): Logging configuration added by a package is not removed on uninstall
PR has been merged. Thanks! Renato Botelho
06:20 AM Todo #11983: Hide "Reboot and run a filesystem check" for ZFS systems
Applied in changeset commit:44144b377d3282f8e95c676e8fae1d343ba3f8b7. Viktor Gurov
06:13 AM Todo #11983 (Feedback): Hide "Reboot and run a filesystem check" for ZFS systems
PR has been merged. Thanks! Renato Botelho
06:17 AM Feature #9297 (Feedback): Graph for hardware temperature readings
PR has been merged. Thanks! Renato Botelho
06:12 AM Bug #12038 (Feedback): System attempts to start inactive services at boot
PR has been merged. Thanks! Renato Botelho
06:10 AM Bug #12001: System attempts to stop inactive services at shutdown
Applied in changeset commit:4d934cc48211f4b746da6de57e6e888104694f22. Viktor Gurov
06:04 AM Bug #12001 (Feedback): System attempts to stop inactive services at shutdown
PR has been merged. Thanks! Renato Botelho
05:51 AM Bug #12056 (Pull Request Review): Filterlog says "Unknown Option %u"
I see the following messages in my filter logs:... Florian Apolloner
05:09 AM Regression #12048: Error during XMLRPC synchronization due to changes in ``pear-HTTP_Request2``
I've created an upstream issue at https://github.com/pear/HTTP_Request2/issues/23 Renato Botelho
04:59 AM Regression #11910: IPsec status tunnel descriptions are incorrect
Kris Phillips wrote:
> Saw this yesterday. Customer has the following:
>
> 3 P1s, 2 were IKEv1 and 1 was IKEv2
... Renato Botelho
04:34 AM Bug #11926 (Resolved): Advanced DHCP client configuration "Protocol timing" help text is in the wrong location
Tested on:... Danilo Zrenjanin

06/17/2021

10:47 PM Feature #12055: Option to disable XMLRPC Sync for Loopback Virtual IPs
Forgot the doc link - here it is: https://docs.netgate.com/pfsense/en/latest/firewall/virtual-ip-addresses.html Chris Myles
10:46 PM Feature #12055 (Closed): Option to disable XMLRPC Sync for Loopback Virtual IPs
According to this pfSense doc, Loopback IPs are synchronized via XMLRPC because they are only ever active on the loca... Chris Myles
08:53 PM pfSense Packages Bug #12054 (Resolved): "succesfully" misspelled
When fetching a patch, the message "Patch fetched succesfully" is missing an S. Steve Y
07:55 PM pfSense Plus Bug #12053: PRF Algorithm is Always Set to SHA256 on New Tunnel Creations
Selection feature was introduced in changeset f5ddbec114b3b9ecce14761d173381556422061b Kris Phillips
07:52 PM pfSense Plus Bug #12053: PRF Algorithm is Always Set to SHA256 on New Tunnel Creations
Reference internal ticket INC-87329 for troubleshooting steps with customer that experienced this. Kris Phillips
07:51 PM pfSense Plus Bug #12053 (Closed): PRF Algorithm is Always Set to SHA256 on New Tunnel Creations
When creating new P1s regardless of what the hash algorithm is set to the variable in config.xml is always set to <pr... Kris Phillips
07:28 PM Regression #12048 (New): Error during XMLRPC synchronization due to changes in ``pear-HTTP_Request2``
Latest 2.5.2 build looks good with pear-HTTP_Request2 2.3.0,1.
Moving this ahead to 2.6.0 for (hopefully) a long t... Jim Pingle
04:29 PM Regression #12048 (Feedback): Error during XMLRPC synchronization due to changes in ``pear-HTTP_Request2``
pear-HTTP_Request2 downgraded to 2.3.0,1 Renato Botelho
01:56 PM Regression #12048: Error during XMLRPC synchronization due to changes in ``pear-HTTP_Request2``
Jim Pingle wrote:
> I have been able to narrow this down further to this change:
>
> [...]
>
> If I go back to... Luca De Andreis
01:16 PM Regression #12048: Error during XMLRPC synchronization due to changes in ``pear-HTTP_Request2``
I have been able to narrow this down further to this change:... Jim Pingle
12:50 PM Regression #12048: Error during XMLRPC synchronization due to changes in ``pear-HTTP_Request2``
After checking many, many different things (SSL, crypto settings, nginx settings, and more) I went back and tried old... Jim Pingle
06:04 PM pfSense Plus Bug #11466: PHP exits with signal 11 on SG-3100 when calling PCRE functions
I can confirm that applying the PCRE_JIT patch fixed this problem for me on 21.05. Clinton Cory
03:02 PM Regression #12052 (Resolved): IPsec status IKE disconnect button drops all connections for the IKE ID, not a specific IKE SA ID
*Plataform:*
Version 2.5.1-RELEASE (amd64) on VMWare
built on Mon Apr 12 07:50:14 EDT 2021
FreeBSD 12.2-STABLE
... Geovane Gonçalves
02:10 PM Todo #12051 (Feedback): XMLRPC client improvements
Applied in changeset commit:9455c6ef8fa512b9341885c2186f7a79ac59cf2b. Jim Pingle
01:52 PM Todo #12051 (Resolved): XMLRPC client improvements
There are a few changes that could be beneficial for the XMLRPC sync client:
* The same client can be reused for m... Jim Pingle
12:44 PM Bug #11926 (Feedback): Advanced DHCP client configuration "Protocol timing" help text is in the wrong location
PR has been merged. Thanks! Renato Botelho
12:35 PM Feature #9877 (Feedback): QEMU Guest Agent
PR has been merged. Thanks! Renato Botelho
12:20 PM Bug #11727: Cannot enter persistent CARP maintenance mode when CARP is disabled
Applied in changeset commit:cf11a8a5b5752cdf3b4739b1ae1ed56e197705c3. Viktor Gurov
12:12 PM Bug #11727 (Feedback): Cannot enter persistent CARP maintenance mode when CARP is disabled
PR has been merged. Thanks! Renato Botelho
12:09 PM pfSense Packages Feature #12042 (Feedback): Add Zabbix 5.4 agent and proxy packages
PRs merged. Thanks!
I also enabled the build on poudriere_bulk for CE 2.6.0 Renato Botelho
11:15 AM Bug #12050: "GoTo line #" function does not work on ``diag_edit.php``
Applied in changeset commit:1b9104637f304697ec714d8b6ceb8f95466b52b1. Anonymous
11:08 AM Bug #12050 (Feedback): "GoTo line #" function does not work on ``diag_edit.php``
Functionality provided via new JS function jumpToLine() called when requesting GoTo line Anonymous
11:05 AM Bug #12050 (Resolved): "GoTo line #" function does not work on ``diag_edit.php``
When entering a value in the GoTo line # field, the requested line is highlighted, but the textarea does not scroll t... Anonymous
10:59 AM Regression #11910: IPsec status tunnel descriptions are incorrect
Saw this yesterday. Customer has the following:
3 P1s, 2 were IKEv1 and 1 was IKEv2
3 P2s, the 2 for the IKEv1 w... Kris Phillips
10:29 AM Bug #12049: Input validation incorrectly rejects a second IPv4-only GRE tunnel
This is not a regression. Too late for 2.5.2 Renato Botelho
04:20 AM Bug #12049 (Resolved): Input validation incorrectly rejects a second IPv4-only GRE tunnel
More info:
-> This only occurs when creating A 2ND SUCH TUNNEL FOR THE SAME "Parent Interface"
-> The "GRE-tu... Peter Van Overveldt
08:02 AM Bug #11850: NTP authentication input validation rejects valid keys
Thanks the effort made.
Just want to confirm: in *21.05-RELEASE* it works now as expected. Thomas Paetzold
06:32 AM Feature #7727: uPnP fails to properly give out subsequent reservations when multiple gaming systems are playing the same game/using the same port
Charles Jackson wrote:
> I've managed to get two XBoX's and a gaming PC on my network and one Xbox and the PC to con... T S

06/16/2021

01:57 PM Feature #7727: uPnP fails to properly give out subsequent reservations when multiple gaming systems are playing the same game/using the same port
Charles Jackson wrote:
> I've managed to get two XBoX's and a gaming PC on my network and one Xbox and the PC to con... Polar Nerd
01:46 PM Feature #7727: uPnP fails to properly give out subsequent reservations when multiple gaming systems are playing the same game/using the same port
I've managed to get two XBoX's and a gaming PC on my network and one Xbox and the PC to connect to and play the same ... Charles Jackson
12:04 PM pfSense Packages Feature #12042: Add Zabbix 5.4 agent and proxy packages
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/287
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-... Viktor Gurov
09:58 AM Regression #12048 (Confirmed): Error during XMLRPC synchronization due to changes in ``pear-HTTP_Request2``
At first I couldn't reproduce it, but now I can every time. Not sure what changed. It didn't show up in the logs or n... Jim Pingle
07:20 AM Regression #12048 (Rejected): Error during XMLRPC synchronization due to changes in ``pear-HTTP_Request2``
I cannot replicate the problem as stated and nothing changed between the previous builds which would have impacted XM... Jim Pingle
03:08 AM Regression #12048 (Closed): Error during XMLRPC synchronization due to changes in ``pear-HTTP_Request2``
I've just update the test PfSense cluster to release
2.5.2.r.20210615.1851
On the immediately preceding release ... Luca De Andreis
09:11 AM Regression #12037 (Closed): Built-in SNMP daemon does not return values for BEGEMOT-PF-MIB::pfLabels on latest build
SNMP daemon is returning correct responses now Jim Pingle
09:10 AM Regression #12040 (Feedback): Scheduled firewall rules failing to load
Applied in changeset commit:2afcd4527d4b245c7968bf7ac6b6c505259fe6c9. Jim Pingle
09:00 AM Regression #12040 (In Progress): Scheduled firewall rules failing to load
The scheduled rules are loading, but commit:765277ba6d873847c6c5b5657877e9fb0cec4357 needs another fix to correct the... Jim Pingle
09:07 AM Regression #12045 (Resolved): High CPU usage and slowness with ``pfctl -ss``
The latest build includes the fixes for this and it's working properly now. Dumping the states is fast no matter how ... Jim Pingle
07:57 AM Bug #12034: Certificate Manager performs redundant escaping of special characters in certificate DN fields
fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/286 Viktor Gurov
07:17 AM Bug #12034: Certificate Manager performs redundant escaping of special characters in certificate DN fields
it looks like `cert_escape_x509_chars()` is not needed - `openssl_csr_new()` automatically adds double quotes in case... Viktor Gurov

06/15/2021

06:38 PM pfSense Plus Bug #11942: Disconnecting WAN Interface Kills OpenVPN Servers on Other Interfaces
I lied about the static. Still no dice. Web Dawg
06:37 PM pfSense Plus Bug #11942: Disconnecting WAN Interface Kills OpenVPN Servers on Other Interfaces
UDP ipv4
It seems to work better if their is a static assigned to WAN, but not scientific test. Will test here so... Web Dawg
05:21 PM Regression #12045 (Feedback): High CPU usage and slowness with ``pfctl -ss``
I've cherry-picked commits from upstream/main to pfsense/RELENG_2_5_2 that should help this case:
b5d787d93b3d83f2... Renato Botelho
01:55 PM Regression #12045 (Resolved): High CPU usage and slowness with ``pfctl -ss``
Some users have found that @pfctl -ss@ is taking consuming large amounts of CPU and taking much longer than it should... Jim Pingle
05:20 PM Todo #12047 (Closed): Make sure libnv fixes are on devel-12 branch
Following commits were cherry-picked directly from upstream/main to pfsense/RELENG_2_5_2 in order to fix #12045.
b... Renato Botelho
04:53 PM Bug #12034: Certificate Manager performs redundant escaping of special characters in certificate DN fields
Here's some more details when examining certificates generated from different sources:
# Cert from third-party app... Marcos M
02:49 PM pfSense Docs Todo #12046 (Rejected): Feedback on Troubleshooting — Troubleshooting Duplicate IPsec SA Entries
That's expected at the moment, but already being worked on.
I'm in the process of updating the other documentation... Jim Pingle
02:43 PM pfSense Docs Todo #12046 (Rejected): Feedback on Troubleshooting — Troubleshooting Duplicate IPsec SA Entries
The confusion is around how to "disable". The way to disable seems to be conflicting?
*Page:* https://docs.netgate... Brendon Baumgartner
11:04 AM Bug #12041 (Pull Request Review): Certificate Manager shows incorrect DN for imported entries with UTF-8 encoding
Jim Pingle
10:52 AM Bug #12041: Certificate Manager shows incorrect DN for imported entries with UTF-8 encoding
fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/285 Viktor Gurov
09:28 AM Bug #12041 (Resolved): Certificate Manager shows incorrect DN for imported entries with UTF-8 encoding
If you import a certificate containing UTF8 encoding into certificate manager,
it shows escaped unicode characters i... Viktor Gurov
10:56 AM Todo #12044 (Resolved): Improve IPsec identifier settings
We expose several IPsec identifier types in the GUI. strongSwan supports a few more, plus an automatic type. Addition... Jim Pingle
09:37 AM pfSense Packages Feature #12042 (Resolved): Add Zabbix 5.4 agent and proxy packages
New release from Zabbix, please add this new version : https://www.zabbix.com/rn/rn5.4.0 Nox Inmortus
09:21 AM pfSense Packages Bug #11605: Suricata can trigger PHP crash on SG-3100
Justin P wrote:
> Bill Meeks wrote:
> > Jim Pingle wrote:
> > > Bill Meeks wrote:
> > > > Does this function call... Justin P
09:20 AM Bug #6507: GRE and GIF tunnels on dynamic IPv6 interface are not brought up during boot
Applied in changeset commit:474b0fed67a9e2682526a230d410a4339ec7972d. Viktor Gurov
09:10 AM Bug #6507 (Feedback): GRE and GIF tunnels on dynamic IPv6 interface are not brought up during boot
PR has been merged. Thanks! Renato Botelho
08:49 AM Feature #11439 (Feedback): IPv6 support in ``easyrule`` CLI script
PR has been merged. Thanks! Renato Botelho
08:06 AM Regression #12040 (Feedback): Scheduled firewall rules failing to load
There were some commits for the latest pf changes which were not included in the last 2.5.2 build, but will be in the... Jim Pingle
08:03 AM Regression #12040 (Resolved): Scheduled firewall rules failing to load
In 2.5.2-RC firewall rules with a schedule fail to load generating an error.
Tested using this config:... Steve Wheeler
07:27 AM Regression #12037 (Feedback): Built-in SNMP daemon does not return values for BEGEMOT-PF-MIB::pfLabels on latest build
Merged into devel-12 and cherry-picked to RELENG_2_5_2. Kristof Provost
07:14 AM Regression #12037 (Pull Request Review): Built-in SNMP daemon does not return values for BEGEMOT-PF-MIB::pfLabels on latest build
Jim Pingle
07:06 AM Regression #12037 (Waiting on Merge): Built-in SNMP daemon does not return values for BEGEMOT-PF-MIB::pfLabels on latest build
This was the result of an incorrect conversion to libpfctl (a DIOICGETRULE ioctl call was replaced by pfctl_add_rule(... Kristof Provost
07:18 AM Bug #12038 (Pull Request Review): System attempts to start inactive services at boot
Jim Pingle
04:56 AM Bug #12038: System attempts to start inactive services at boot
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/284 Viktor Gurov
03:43 AM Bug #12038 (Resolved): System attempts to start inactive services at boot
... Viktor Gurov
04:04 AM Bug #12039 (Resolved): Gateway alarm always triggers IPsec restart
There are several issues:
1) '/etc/rc.gateway_alarm' trigger '/etc/rc.newipsecdns' which generate an invalid log m... Viktor Gurov

06/14/2021

03:29 PM Regression #12037 (Closed): Built-in SNMP daemon does not return values for BEGEMOT-PF-MIB::pfLabels on latest build
On the current RC builds of 2.5.2 with the new pf code, the bsnmp daemon no longer returns rule label data from the p... Jim Pingle
02:20 PM Bug #11675: VLAN and QinQ edit pages allows selecting incompatible OpenVPN ``tun`` interfaces
Applied in changeset commit:de248d0f6de7bcbca65aa94a37ac2a855b302580. Viktor Gurov
02:15 PM Bug #11675 (Feedback): VLAN and QinQ edit pages allows selecting incompatible OpenVPN ``tun`` interfaces
PR has been merged. Thanks! Renato Botelho
02:20 PM Bug #11662: QinQ using OpenVPN ``ovpn`` interface as a parent is not configured at boot time
Applied in changeset commit:3f0e9812fea8672c2842d5f3f7a103518965af7f. Viktor Gurov
02:13 PM Bug #11662 (Feedback): QinQ using OpenVPN ``ovpn`` interface as a parent is not configured at boot time
PR has been merged. Thanks! Renato Botelho
01:40 PM Bug #11653: Duplicate ``comconsole_port`` lines in ``/boot/loader.conf``
Applied in changeset commit:23922057504c253f1ddd0b6269e7ce85e94ac61e. Viktor Gurov
01:35 PM Bug #11653 (Feedback): Duplicate ``comconsole_port`` lines in ``/boot/loader.conf``
PR has been merged. Thanks! Renato Botelho
01:31 PM Bug #11581 (Feedback): Cannot configure WAN IP address with ``/32`` CIDR mask via console menu
PR has been merged. Thanks! Renato Botelho
01:17 PM pfSense Packages Bug #12036 (Pull Request Review): Certificate Manager page do not show Zabbix used certificates
Jim Pingle
11:39 AM pfSense Packages Bug #12036: Certificate Manager page do not show Zabbix used certificates
fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/94 Viktor Gurov
06:03 AM pfSense Packages Bug #12036 (Resolved): Certificate Manager page do not show Zabbix used certificates
On the system_certmanager.php page, you can see the "In Use" column which reflects the certificates used by IPsec / O... Viktor Gurov
11:48 AM Bug #12034: Certificate Manager performs redundant escaping of special characters in certificate DN fields
Interesting. Looks like the output varies by platform or OpenSSL version. Where I initially checked that was on an ol... Jim Pingle
11:33 AM Bug #12034: Certificate Manager performs redundant escaping of special characters in certificate DN fields
Jim Pingle wrote:
> I can't reproduce this here. The code is already doing the escaping so the user doesn't need to ... Viktor Gurov
07:41 AM Bug #12034 (Feedback): Certificate Manager performs redundant escaping of special characters in certificate DN fields
I can't reproduce this here. The code is already doing the escaping so the user doesn't need to worry about it. If I ... Jim Pingle
05:03 AM Bug #12034: Certificate Manager performs redundant escaping of special characters in certificate DN fields
according to https://datatracker.ietf.org/doc/html/rfc4514 "," (comma) must be escaped:... Viktor Gurov
04:53 AM Bug #12034 (Resolved): Certificate Manager performs redundant escaping of special characters in certificate DN fields
We are facing issue while generating Cert/CSR form Cert. Manager whenever there is comma (,) in Organization same.
T... Viktor Gurov
09:30 AM Regression #12021: NoIP.com incorrectly encodes Dynamic DNS update credentials
Marcos Mendoza wrote:
> Maybe the username:password syntax can be avoided altogether and instead the @Authorization@... Viktor Gurov
07:45 AM Regression #12028: SNMP daemon issues with pf nvlist changes
I no longer get the original error on startup, and I am able to see data from the PF MIB:... Jim Pingle
06:01 AM Regression #12028 (Resolved): SNMP daemon issues with pf nvlist changes
libpfctl is now linked to libnv... Renato Botelho
07:44 AM pfSense Docs Correction #12032 (Closed): TP-LINK M7350 modem works as an ethernet devices
PR Merged. Jim Pingle
05:38 AM pfSense Docs Correction #12032: TP-LINK M7350 modem works as an ethernet devices
https://gitlab.netgate.com/docs/pfSense-docs/-/merge_requests/18 Viktor Gurov
07:38 AM Bug #9277: MBT-4220/2220: pfSense hangs when running sysctl -a
No. Those OIDs don't exist to be read if the i915 module is not loaded:... Steve Wheeler
07:33 AM Bug #9277: MBT-4220/2220: pfSense hangs when running sysctl -a
Does it still crash if you don't load the i915 module? Jim Pingle
07:35 AM Bug #12023 (Pull Request Review): Mobile IPsec NAT/BINAT entries missing from firewall rules
Jim Pingle
04:01 AM Bug #12023: Mobile IPsec NAT/BINAT entries missing from firewall rules
fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/283 Viktor Gurov
07:30 AM pfSense Packages Bug #12027 (Closed): FreeRADIUS 3.0.22 removed LEAP, package fails to start
Works now Jim Pingle
06:02 AM Regression #12017 (Resolved): FreeBSD-SA-21:12.libradius breaks mpd5 when using MS-CHAPv2
Renato Botelho
05:32 AM Feature #12035 (Resolved): Input validation to prevent unsupported UTF-8 characters from being used in certificate subject components
If you try to use any UTF8 characters in State or Province/City/Organization/Organizational Unit fields, an error occ... Viktor Gurov
02:17 AM pfSense Packages Bug #12033 (New): maxmindb and _sqlite3 modules not found
https://forum.netgate.com/topic/164305/py_error-log-errors-maxmindb-and-_sqlite3-modules-not-found
I am using pfbl... Viktor Gurov

06/13/2021

02:54 PM Regression #12021: NoIP.com incorrectly encodes Dynamic DNS update credentials
Maybe the username:password syntax can be avoided altogether and instead the @Authorization@ header can be used as sp... Marcos M
11:59 AM pfSense Packages Bug #11459: pfBlockerNG doesn't include WireGuard interface in outbound floating rules
Tested on the latest RC release.
pfBlockerNG-devel 3.0.0_16
After enabling a Wireguard tunnel the interface stil... Danilo Zrenjanin
09:56 AM Regression #11910: IPsec status tunnel descriptions are incorrect
I saw this behaviour when adding a VTI phase 2 to a system which already had a mobile IPSec tunnel defined.
Both con... Steve Wheeler
06:47 AM Bug #9277: MBT-4220/2220: pfSense hangs when running sysctl -a
There appear to be two specific sysctls that cause the system to stop responding:... Steve Wheeler
05:48 AM pfSense Docs Correction #12032 (Closed): TP-LINK M7350 modem works as an ethernet devices
In the docs page entitled "Known Working 3G-4G Modems":https://docs.netgate.com/pfsense/en/latest/cellular/hardware.h... abel callejo

06/12/2021

08:17 PM pfSense Packages Bug #12031 (Resolved): Wireguard Package Produces Crash in 2.5.2
The Wireguard package produces a crash report in the dashboard in 2.5.2 after install. Here is the data:
Crash re... Kris Phillips
07:13 PM Bug #9277: MBT-4220/2220: pfSense hangs when running sysctl -a
This was difficult to pin-down because it only stops responding if the HDMI console is not connected at the time the ... Steve Wheeler
05:54 PM pfSense Packages Bug #12030 (Resolved): Startup Errors for Avahi Package
The avahi package is complaining about NSS support being missing and dependency errors on startup in 2.5.2.
WARN... Kris Phillips
03:16 PM pfSense Packages Feature #10858 (Resolved): OpenVPN Client silent install
Tested OpenVPN Client Export 1.6_1 in 2.5.2.r.20210611.0300 and the silent installer option is getting saved as defau... Max Leighton
01:57 PM Bug #12022: Incorrect OpenVPN Client Export help link
2.6.0.a.20210612.0100 Client Export help is still pointing to https://docs.netgate.com/pfsense/en/latest/vpn/openvp... Alhusein Zawi
01:13 PM Bug #11296 (New): Static route targets may still reachable via default route when the gateway they should route through is down
Jim Pingle
01:00 PM Bug #11296 (Feedback): Static route targets may still reachable via default route when the gateway they should route through is down
Applied in changeset commit:25b839d4990bd5e3f55b2eccbdea74d1d2b92d5d. Jim Pingle
12:56 PM Bug #11296 (New): Static route targets may still reachable via default route when the gateway they should route through is down
Per Jim T, reverted this from 2.6.0 and 2.5.2. It appears to be causing some unintended side effects.
Can revisit ... Jim Pingle
08:37 AM pfSense Packages Bug #11605: Suricata can trigger PHP crash on SG-3100
Bill Meeks wrote:
> Jim Pingle wrote:
> > Bill Meeks wrote:
> > > Does this function call work without restarting ... Justin P
06:39 AM Regression #12028 (Feedback): SNMP daemon issues with pf nvlist changes
Look to be fixed by Luiz's a8c3d8e344a7d7e015b78fa4935fcdbd4aec97df.
We were missing the libnv dependency in the l... Kristof Provost

06/11/2021

07:07 PM pfSense Packages Bug #11950: Wireguard Package Errors and DNS problem
No more DNS issue at boot after using MSS Clamp so disregard the DNS portion of this ticket RED SKULL
04:19 PM Feature #12029 (Duplicate): Please add MAC OUI lookup results (e.g. DHCP Leases table) to the ARP table
It's already in the code, but had a bug recently: #11819 Jim Pingle
04:06 PM Feature #12029 (Duplicate): Please add MAC OUI lookup results (e.g. DHCP Leases table) to the ARP table
In the DHCP Leases table, we see the assigned manufacturer displayed beside each MAC address.
This would be extremel... Adam Thompson
12:36 PM Bug #12003: Pie and ``fq_pie`` are missing options and do not handle floating point number input correctly
Patch version 3.
Added the ability to set the AQM & Scheduler parameters to zero.
Before php would interpet a zer... Anonymous
12:01 PM Regression #12017 (Feedback): FreeBSD-SA-21:12.libradius breaks mpd5 when using MS-CHAPv2
Renato Botelho
12:01 PM Regression #12017: FreeBSD-SA-21:12.libradius breaks mpd5 when using MS-CHAPv2
Jim Pingle wrote:
> I do see the initial broken commit (@83280d17fccff2db7d79c7f38e80ec29078ef35e@) in 2.5.2 as well... Renato Botelho
10:36 AM Regression #12017: FreeBSD-SA-21:12.libradius breaks mpd5 when using MS-CHAPv2
I do see the initial broken commit (@83280d17fccff2db7d79c7f38e80ec29078ef35e@) in 2.5.2 as well, so we need to bring... Jim Pingle
10:18 AM Regression #12017: FreeBSD-SA-21:12.libradius breaks mpd5 when using MS-CHAPv2
After several attempts I confirm that the bug is on libradius.so.4
I've replaced the library with the patched versio... Michele Rento
11:28 AM Regression #12028 (Resolved): SNMP daemon issues with pf nvlist changes
On @2.5.2.r.20210611.0300@ and @2.6.0.a.20210611.0100@, the built-in SNMP (bsnmp) logs the following at startup:
<... Jim Pingle
11:00 AM pfSense Packages Bug #12027 (Feedback): FreeRADIUS 3.0.22 removed LEAP, package fails to start
Fix pushed as pkg version 0.15.7_31 Jim Pingle
10:59 AM pfSense Packages Bug #12027 (Closed): FreeRADIUS 3.0.22 removed LEAP, package fails to start
Systems which pick up FreeRADIUS 3.0.22 (e.g. 2.5.2, 2.6.0 after latest ports merge) won't start because the package ... Jim Pingle
11:00 AM Regression #12021: NoIP.com incorrectly encodes Dynamic DNS update credentials
Applied in changeset commit:4aab19d4ade5d164c22bd63b2833d54bab740d59. Viktor Gurov
10:53 AM Regression #12021 (Feedback): NoIP.com incorrectly encodes Dynamic DNS update credentials
PR has been merged. Thanks! Renato Botelho
10:51 AM Bug #12022 (Feedback): Incorrect OpenVPN Client Export help link
Merged Renato Botelho
12:17 AM Bug #12022: Incorrect OpenVPN Client Export help link
fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/282 Viktor Gurov
10:05 AM Todo #12025: Add 1:1 Validation to Notify Someone They are 1:1 NAT'ing an Interface Address
We used to prevent that in the past and had numerous complaints. There are many ways someone can shoot themselves in ... Jim Pingle
09:57 AM Regression #12024 (Closed): State table data in GUI does not show the expected interface after latest pf merge
This looks good on @2.5.2.r.20210611.0300@ and @2.6.0.a.20210611.0100@, both with @php74-pfSense-module-0.71@
* St... Jim Pingle
05:06 AM Regression #11910: IPsec status tunnel descriptions are incorrect
I can replicate the active tunnel count being incorrect, as well as incorrect status, by using P1s with the option "G... Marcos M
12:43 AM Bug #12026: Applying IPsec settings for many tunnels is slow or times out
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/279 Viktor Gurov
12:42 AM Bug #12026 (Resolved): Applying IPsec settings for many tunnels is slow or times out
This is an additional optimization for #11795:
1. `ipsec_get_phase1_src()` - always executes `get_interface_ip/ipv... Viktor Gurov

06/10/2021

09:43 PM Bug #11934: IPSEC stops working on 2.5.1 running on Watchguard XTM 5
Tried altering and saving then applying but no IPSEC status, still unable to stop or start service... Paul Kennedy
05:34 PM Todo #12025 (New): Add 1:1 Validation to Notify Someone They are 1:1 NAT'ing an Interface Address
Although it is VERY rarely necessary, we should add a banner to the top of the 1:1 NAT page notifying end users that ... Kris Phillips
03:04 PM Bug #12023: Mobile IPsec NAT/BINAT entries missing from firewall rules
Documenting a possible workaround:
If you have the following Mobile IPsec configuration:
Mobile Virtual Address... Chris Linstruth
11:25 AM Bug #12023: Mobile IPsec NAT/BINAT entries missing from firewall rules
Noting here what I mentioned on Slack:
* This is likely due to the fact that the "remote" network on mobile P2s is... Jim Pingle
11:18 AM Bug #12023 (Resolved): Mobile IPsec NAT/BINAT entries missing from firewall rules
Adding a NAT or BINAT to a mobile IPsec configuration does not work.
The nat rules are not added to the pf configu... Chris Linstruth
01:11 PM Bug #11852: State table content on ``diag_dump_states.php`` does not sort properly
Typo Jim Pingle
12:54 PM Bug #11852: State table content on ``diag_dump_states.php`` does not sort properly
Updating subject for release notes. Jim Pingle
12:29 PM Bug #11852 (Resolved): State table content on ``diag_dump_states.php`` does not sort properly
Confirmed fix Renato Botelho
09:44 AM Bug #11852: State table content on ``diag_dump_states.php`` does not sort properly
Picked back to RELENG_2_5_2 as well. Jim Pingle
09:35 AM Bug #11852 (Feedback): State table content on ``diag_dump_states.php`` does not sort properly
Applied in changeset commit:5d48880b48039967f3b2b5acfb1432ee30953140. Jim Pingle
09:29 AM Bug #11852: State table content on ``diag_dump_states.php`` does not sort properly
Simple fix, commit pending. Jim Pingle
12:55 PM Regression #12005: ``Recover config.xml`` installer option does not work after default ZFS pool name change
Excluding from release notes since it was a regression which happened after the last release. Jim Pingle
09:41 AM Regression #12005 (Closed): ``Recover config.xml`` installer option does not work after default ZFS pool name change
I've tried this a few times now with RC iso installs and it works fine with the new pool name and old pool name for m... Jim Pingle
12:35 PM Regression #12024 (In Progress): State table data in GUI does not show the expected interface after latest pf merge
Jim Pingle
12:35 PM Regression #12024 (Closed): State table data in GUI does not show the expected interface after latest pf merge
Adding for tracking purposes, it's a known issue but I don't see it in Redmine.
After the latest pf merge, the int... Jim Pingle
12:27 PM Todo #11684 (Resolved): Set ``explicit-exit-notify`` option by default for new OpenVPN server instances
Confirmed fix on wizard Renato Botelho
12:05 PM Bug #11290 (Feedback): Package ``<plugins>`` and ``<tabs>`` content missing from configuration in some cases
Applied in changeset commit:99b3a5cb0ef4586222a331045df3cee17bb25d31. Jim Pingle
12:02 PM Bug #11290: Package ``<plugins>`` and ``<tabs>`` content missing from configuration in some cases
For whatever reason, PHP was failing to copy certain values into @$pkg_data@ which was a reference to the pkg configu... Jim Pingle
09:56 AM Bug #11290 (New): Package ``<plugins>`` and ``<tabs>`` content missing from configuration in some cases
There is still a bug here somewhere. Installing FRR on a complete fresh installation still doesn't get the proper @<p... Jim Pingle
11:01 AM Bug #11453: ``wpa_supplicant`` uses 100% of a CPU core at boot
Renato Botelho wrote:
> Hayden Hill wrote:
> > rom racer wrote:
> > > I don't know what interfaces.inc is but if y... Hayden Hill
06:17 AM Bug #11453: ``wpa_supplicant`` uses 100% of a CPU core at boot
Hayden Hill wrote:
> rom racer wrote:
> > I don't know what interfaces.inc is but if you read the original descript... Renato Botelho
10:17 AM Regression #11981 (Closed): Duplicating Outbound NAT rule does not carry over contents of the source rule
Works with the latest RELENG_2_5_2 code in place. Jim Pingle
10:16 AM Bug #11946 (Closed): Custom value for AutoConfigBackup schedule Hours is not shown when loading the settings page
Works with the latest RELENG_2_5_2 code in place. Jim Pingle
10:12 AM Bug #11967 (Closed): Mobile IPsec advanced RADIUS parameters do not allow numeric values with a decimal point
Works on 2.5.2 RC image 2.5.2.r.20210609.0300 -- the *Retransmit Base* and *Retransmit Timeout* fields allowed values... Jim Pingle
10:04 AM Regression #11994 (Closed): Firewall rule usage counters showing 0/0 after latest pf merge
All good now on 2.5.2 and 2.6.0 Jim Pingle
09:57 AM Bug #12022 (Resolved): Incorrect OpenVPN Client Export help link
The help icon on the vpn_openvpn_export.php page points to
https://docs.netgate.com/pfsense/en/latest/vpn/openvpn/i... Viktor Gurov
07:36 AM Regression #11805 (Resolved): Port forward rules only function through the default gateway interface, ``reply-to`` does not work for Multi-WAN (CE Only)
Bouke Henstra wrote:
> Jim Pingle wrote:
> > Adam Kuklycz wrote:
> > > Question, does this affect virtual IP's tha... Renato Botelho
07:33 AM Regression #11982 (Resolved): Outbound NAT does not create automatic equivalent rules when switching from Automatic to Manual mode
Confirmed fix. It will reach 21.09 on next round of merges. Renato Botelho
07:24 AM Regression #12021 (Pull Request Review): NoIP.com incorrectly encodes Dynamic DNS update credentials
Jim Pingle
05:07 AM Regression #12021: NoIP.com incorrectly encodes Dynamic DNS update credentials
fix:
https://redmine.pfsense.org/issues/12021 Viktor Gurov
05:04 AM Regression #12021 (Resolved): NoIP.com incorrectly encodes Dynamic DNS update credentials
There is no need to `urlencode` user credentials (CURLOPT_USERPWD already encode them):... Viktor Gurov
07:21 AM Bug #12020 (Pull Request Review): OpenVPN RADIUS-based firewall rules use incorrect port ranges
Jim Pingle
03:47 AM Bug #12020: OpenVPN RADIUS-based firewall rules use incorrect port ranges
https://github.com/pfsense/pfsense/pull/4522 Viktor Gurov
03:47 AM Bug #12020 (Resolved): OpenVPN RADIUS-based firewall rules use incorrect port ranges
Previous operator ( `><` ) prevented inserting port range with min/max port.
Ex.... Viktor Gurov
04:23 AM pfSense Packages Bug #11575: OpenVPN clients cannot pass traffic when reconnecting using the same source port
I had the same problem.
To replicate I connect a client, then kill the openvpn.exe process.
On the pfsense the user... Marco Conca
04:17 AM Bug #11699: OpenVPN does not clean up parsed ``Cisco-AVPair`` rules on non-graceful disconnect
This is not enabled for new servers created by the Remote Access Wizard.
fix:
https://gitlab.netgate.com/pfSense/... Viktor Gurov
04:07 AM Regression #11795: Applying IPsec settings for more than ~30 tunnels times out PHP
extra improvements:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/279 Viktor Gurov

06/09/2021

04:48 PM Bug #12003: Pie and ``fq_pie`` are missing options and do not handle floating point number input correctly
Patch version 2.
Fixed a spelling problem with the derand setting. Anonymous
03:58 PM Todo #11684: Set ``explicit-exit-notify`` option by default for new OpenVPN server instances
Chris Linstruth wrote:
> This is _not_ enabled for new servers created by the Remote Access Wizard.
>
> Reconnect... Renato Botelho
12:19 PM Todo #11684: Set ``explicit-exit-notify`` option by default for new OpenVPN server instances
This is _not_ enabled for new servers created by the Remote Access Wizard.
Reconnect to this server / Retry once i... Chris Linstruth
01:45 PM Bug #11453: ``wpa_supplicant`` uses 100% of a CPU core at boot
rom racer wrote:
> I don't know what interfaces.inc is but if you read the original description of this bug, this wa... Hayden Hill
01:25 PM Bug #11453: ``wpa_supplicant`` uses 100% of a CPU core at boot
I don't know what interfaces.inc is but if you read the original description of this bug, this was encountered in an ... rom racer
12:49 PM Bug #11453: ``wpa_supplicant`` uses 100% of a CPU core at boot
rom racer wrote:
> @Renato please re-open this bug.
>
> There's two versions of wpa_supplicant included in pfSesn... Renato Botelho
12:44 PM Bug #11453: ``wpa_supplicant`` uses 100% of a CPU core at boot
rom racer wrote:
> @Renato please re-open this bug.
>
> There's two versions of wpa_supplicant included in pfSesn... Renato Botelho
08:23 AM Bug #11453: ``wpa_supplicant`` uses 100% of a CPU core at boot
@Renato please re-open this bug.
There's two versions of wpa_supplicant included in pfSesnse. Both the version in... rom racer
07:49 AM Bug #11453 (Resolved): ``wpa_supplicant`` uses 100% of a CPU core at boot
This fix was committed on ports on wpa_supplicant version 2.9_3. We are now using 2.9_10. Renato Botelho
12:46 PM Regression #12017: FreeBSD-SA-21:12.libradius breaks mpd5 when using MS-CHAPv2
I am unable to reproduce this on 2.6.0.a.20210609.0100 or 2.5.2.r.20210609.0300
In either case, the authentication... Jim Pingle
02:18 AM Regression #12017 (Resolved): FreeBSD-SA-21:12.libradius breaks mpd5 when using MS-CHAPv2
[[https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=256283]] Bug 256283
l2tp authentication using radius is broken a... Michele Rento
10:15 AM Regression #11805: Port forward rules only function through the default gateway interface, ``reply-to`` does not work for Multi-WAN (CE Only)
Jim Pingle wrote:
> Adam Kuklycz wrote:
> > Question, does this affect virtual IP's that are setup on the same inte... Bouke Henstra
10:09 AM pfSense Docs Todo #12018 (Pull Request Review): Feedback on Firewall — Configuring firewall rules
Jim Pingle
03:14 AM pfSense Docs Todo #12018: Feedback on Firewall — Configuring firewall rules
from https://www.freebsd.org/cgi/man.cgi?query=pf.conf&apropos=0&sektion=0&manpath=FreeBSD+13.0-RELEASE+and+Ports&arc... Viktor Gurov
03:04 AM pfSense Docs Todo #12018 (Closed): Feedback on Firewall — Configuring firewall rules
*Page:* https://docs.netgate.com/pfsense/en/latest/firewall/configure.html
*Feedback:*
There is no description ... Viktor Gurov
09:49 AM Regression #11981 (Feedback): Duplicating Outbound NAT rule does not carry over contents of the source rule
Fix pushed to 2.6.0 and 2.5.2 Renato Botelho
09:04 AM Regression #11981: Duplicating Outbound NAT rule does not carry over contents of the source rule
Renato Botelho wrote:
> It actually broke duplication and is now acting like rule is being edited instead of creatin... Renato Botelho
08:43 AM Regression #11981 (In Progress): Duplicating Outbound NAT rule does not carry over contents of the source rule
It actually broke duplication and is now acting like rule is being edited instead of creating a new one Renato Botelho
09:36 AM pfSense Docs Todo #12016 (Closed): Feedback on Cellular Wireless — Known Working 3G-4G Modems
Merged. I fixed the formatting (Should be @::@ not @:::@) but it was wrong on multiple entries so I fixed them all in... Jim Pingle
12:36 AM pfSense Docs Todo #12016: Feedback on Cellular Wireless — Known Working 3G-4G Modems
https://gitlab.netgate.com/docs/pfSense-docs/-/merge_requests/16 Viktor Gurov
12:26 AM pfSense Docs Todo #12016 (Closed): Feedback on Cellular Wireless — Known Working 3G-4G Modems
*Page:* https://docs.netgate.com/pfsense/en/latest/cellular/hardware.html
*Feedback:*
Add Huawei E5573 to the... Viktor Gurov
08:36 AM Todo #11943 (Resolved): Add FRR package documentation links
Confirmed fix Renato Botelho
08:33 AM Bug #11946: Custom value for AutoConfigBackup schedule Hours is not shown when loading the settings page
Cherry-picked to 2.5.2-RC Renato Botelho
07:56 AM pfSense Packages Bug #11605: Suricata can trigger PHP crash on SG-3100
Jim Pingle wrote:
> Bill Meeks wrote:
> > Does this function call work without restarting PHP? I don't have hardwar... Bill Meeks
07:47 AM pfSense Packages Bug #12019 (Not a Bug): Right Axis always shows `None -`
That's not what it's indicating. You can graph two separate items, in the settings they are labeled to match (Left Ax... Jim Pingle
07:34 AM pfSense Packages Bug #12019 (Not a Bug): Right Axis always shows `None -`
It should show something like "Right Axis: Time" Viktor Gurov
07:45 AM Bug #11966 (Resolved): Incorrect RADVD log message on HA event
Confirmed fix Renato Botelho
07:42 AM Bug #3132: Gateway events for IPv6 affect IPv4 services and vice versa
see #11864#note-3 Viktor Gurov
07:41 AM Bug #11864: OpenVPN stays bound to previous IP address after interface changes
We have to create a function `restart_interface_services($interface, $ipproto)` to restart all interface and IPv4/IPv... Viktor Gurov

06/08/2021

10:10 PM pfSense Plus Bug #11466: PHP exits with signal 11 on SG-3100 when calling PCRE functions
I don't use either Snort or Suricata in operation but I do use pfBLockerNG-devel and the patch has solved the stabili... Loh Phat
09:15 PM pfSense Plus Bug #11466: PHP exits with signal 11 on SG-3100 when calling PCRE functions
Jim Pingle wrote:
> Each package maintainer would need to handle changes to their own code, should they choose to ta... Bill Meeks
09:28 AM pfSense Plus Bug #11466: PHP exits with signal 11 on SG-3100 when calling PCRE functions
Darin May wrote:
> How is the cat-herding addressed so that the work-around isn't duplicated across packages?
It ... Jim Pingle
09:24 AM pfSense Plus Bug #11466: PHP exits with signal 11 on SG-3100 when calling PCRE functions
How is the cat-herding addressed so that the work-around isn't duplicated across packages? I've noticed chit-chat in... Loh Phat
08:35 AM pfSense Plus Bug #11466: PHP exits with signal 11 on SG-3100 when calling PCRE functions
Darin May wrote:
> I'm not familiar with the criteria for bugs to be listed in the target fix list of open issues, b... Jim Pingle
02:24 AM pfSense Plus Bug #11466: PHP exits with signal 11 on SG-3100 when calling PCRE functions
Kris Phillips wrote:
> Tested in 21.09 Jun 5th build. This patch is present and no longer needs to be applied manual... Loh Phat
09:52 PM Bug #12015 (Not a Bug): When using VMware Fusion/Workstation NAT, with pfsense IPSEC, no routes are going thru the tunnel
No evidence that this is a bug and not a config/environment issue. Post on the forum to discuss it in more detail. Jim Pingle
07:53 PM Bug #12015 (Not a Bug): When using VMware Fusion/Workstation NAT, with pfsense IPSEC, no routes are going thru the tunnel
So I have a virtualized lab setup that has to connect to a corporate development lab. I have a layered setup where I ... Jeremy Cejka
09:51 PM pfSense Packages Bug #11605: Suricata can trigger PHP crash on SG-3100
Bill Meeks wrote:
> Does this function call work without restarting PHP? I don't have hardware at the moment to test... Jim Pingle
09:20 PM pfSense Packages Bug #11605: Suricata can trigger PHP crash on SG-3100
Jim Pingle wrote:
> The patch should fix the behavior, but the package could also implement the fix on its own using... Bill Meeks
02:52 PM Bug #12014 (Duplicate): Invalid arguments passed in services_dhcpv6_relay.php on line 116
This appears to be a duplicate of #11969 Jim Pingle
02:25 PM Bug #12014 (Duplicate): Invalid arguments passed in services_dhcpv6_relay.php on line 116
Just got this error while saving DHCPv6 relay settings on the 2.5.2-BETA.
pfSense asked me to upload the log. Dan W
09:23 AM Bug #12008 (Not a Bug): IPsec - mutual certificate - can't find priv key
The identifiers must match and be present in the certificate. As you see, it's not always exactly the same in each ca... Jim Pingle
05:27 AM Bug #12008: IPsec - mutual certificate - can't find priv key
it seems working setting my identifer as asn.1, but using as DN the output of the command:
ipsec listcerts
that o... Fabio V
12:42 AM Bug #12008 (Not a Bug): IPsec - mutual certificate - can't find priv key
IPsec with mutual certificate
Jun 8 07:35:28 charon 95058 16[IKE] <con400000|35> IKE_SA con400000[35] state chang... Fabio V
07:35 AM Bug #12013 (New): Reading log data is inefficient in certain cases
When reading log files, the functions are set to fetch a specific number of lines (e.g. 50, 250, 500) but to get thos... Jim Pingle
07:29 AM Bug #11934: IPSEC stops working on 2.5.1 running on Watchguard XTM 5
I cannot tell if the same issue but with 2.5.1 I am experiencing a similar problem with VPN and not with the watchgua... Denis Grilli
07:24 AM Todo #12012 (Resolved): Improve log settings help text for file size, compression, and retention count
The fields in log settings for file size and compression lack information that users need to make properly informed d... Jim Pingle
07:14 AM Feature #12011 (Closed): Disable log compression on new installations when ``/var/log`` is a ZFS dataset with compression enabled
The default setting for log compression is currently bzip2 for all cases, which isn't ideal for every case. If /var/l... Jim Pingle
06:40 AM Bug #12010 (Closed): System default gateway doesn't automatically switch from an inactive gateway if a specific gateway is selected
from https://forum.netgate.com/topic/161065/%D0%B2%D0%BE%D0%BF%D1%80%D0%BE%D1%81%D1%8B-%D0%BF%D0%BE-pfsense-2-5-plus/... Viktor Gurov
05:26 AM Regression #11982: Outbound NAT does not create automatic equivalent rules when switching from Automatic to Manual mode
Max Leighton wrote:
> Tested in 2.6 it is working.
>
> It doesn't seem to have made it to 21.09 current build b... Viktor Gurov
01:35 AM pfSense Packages Bug #12009 (New): Zabbix Agent starts twice by /etc/rc.start_packages
... Viktor Gurov
12:46 AM Regression #11994 (Feedback): Firewall rule usage counters showing 0/0 after latest pf merge
Fixed in 2.6.0 and 2.5.2.
The tracker ID wasn't being saved rendering the counters useless. Luiz Souza

06/07/2021

03:30 PM Bug #12007 (Resolved): Dynamic DNS cache expiration time check calculation method may cause update to happen on the wrong day
Dynamic DNS update is executed if a) no update has been done for the provider yet, b) the IP address has changed afte... Jaakko Kantojärvi
03:09 PM Regression #12005 (Feedback): ``Recover config.xml`` installer option does not work after default ZFS pool name change
Renato Botelho
09:19 AM Regression #12005 (Closed): ``Recover config.xml`` installer option does not work after default ZFS pool name change
On current 2.5.2, 2.6.0, and 21.09 snapshots the default ZFS pool name changed from "zroot" to "pfSense" and there is... Jim Pingle
12:50 PM Bug #11967: Mobile IPsec advanced RADIUS parameters do not allow numeric values with a decimal point
Tested on:... Danilo Zrenjanin
09:46 AM Feature #9297 (Pull Request Review): Graph for hardware temperature readings
Jim Pingle
05:16 AM Feature #9297: Graph for hardware temperature readings
rrd update:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/278
Status Monitoring pkg update:
https:... Viktor Gurov
09:41 AM pfSense Packages Bug #11993 (Pull Request Review): PHP error after disabling HAProxy
Jim Pingle
04:01 AM pfSense Packages Bug #11993: PHP error after disabling HAProxy
fix:
https://github.com/pfsense/FreeBSD-ports/pull/1072 Viktor Gurov
09:40 AM Bug #12002 (Pull Request Review): Boot messages contain entries about configuring LAGG/VLAN/QinQ interfaces even when no entries of those types are configured
Jim Pingle
02:10 AM Bug #12002: Boot messages contain entries about configuring LAGG/VLAN/QinQ interfaces even when no entries of those types are configured
fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/277 Viktor Gurov
01:46 AM Bug #12002 (Resolved): Boot messages contain entries about configuring LAGG/VLAN/QinQ interfaces even when no entries of those types are configured
... Viktor Gurov
09:40 AM Bug #12006 (Duplicate): CARP IP sometimes doesn't apply to CARP member
I noticed this when a CARP member had no CARP status. I was told that this can happen if the VIP address isn't appli... Andrew Waranowski
09:37 AM Bug #12001 (Pull Request Review): System attempts to stop inactive services at shutdown
Jim Pingle
01:27 AM Bug #12001: System attempts to stop inactive services at shutdown
fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/276 Viktor Gurov
01:09 AM Bug #12001 (Resolved): System attempts to stop inactive services at shutdown
/etc/rc.stop_packages tries to stop disabled services:... Viktor Gurov
09:34 AM Bug #12000 (Pull Request Review): Remote log server input validation allows invalid values
Jim Pingle
01:01 AM Bug #12000: Remote log server input validation allows invalid values
OS interprets numeric-only value as decimal IP address:... Viktor Gurov
08:14 AM pfSense Packages Bug #11551: SG-3100 with pfBlockerNG doesn't pass traffic
See also: #12004 Jim Pingle
07:34 AM pfSense Packages Bug #11551: SG-3100 with pfBlockerNG doesn't pass traffic
The patch should fix the behavior, but the package could also implement the fix on its own using @ini_set("pcre.jit",... Jim Pingle
08:14 AM pfSense Packages Bug #11605: Suricata can trigger PHP crash on SG-3100
See also: #12004 Jim Pingle
07:19 AM pfSense Packages Bug #11605: Suricata can trigger PHP crash on SG-3100
The patch should fix the behavior, but the package could also implement the fix on its own using @ini_set("pcre.jit",... Jim Pingle
08:14 AM pfSense Plus Todo #12004: Disable PCRE JIT to work around PHP PCRE crashes on multi-core 32-bit ARM systems
Packages and other scripts could use @ini_set("pcre.jit", "0");@ to disable PCRE JIT on systems without the patch to ... Jim Pingle
08:08 AM pfSense Plus Todo #12004 (Resolved): Disable PCRE JIT to work around PHP PCRE crashes on multi-core 32-bit ARM systems
Currently, PHP crashes on multi-core 32-bit ARM systems (SG-3100) with certain PCRE calls, as documented on #11466, #... Jim Pingle
08:12 AM pfSense Plus Bug #11466: PHP exits with signal 11 on SG-3100 when calling PCRE functions
I created #12004 for the temporary workaround via disabling PCRE JIT. This issue can remain open while we investigate... Jim Pingle
07:50 AM Bug #12003 (Resolved): Pie and ``fq_pie`` are missing options and do not handle floating point number input correctly
Example:
"alpha" => array("name" => "alpha", "type" => "number", "default" => get_single_sysctl("net.inet.ip.dummyne... Anonymous
07:41 AM Regression #11805: Port forward rules only function through the default gateway interface, ``reply-to`` does not work for Multi-WAN (CE Only)
Adam Kuklycz wrote:
> Question, does this affect virtual IP's that are setup on the same interface as the default ga... Jim Pingle
07:33 AM Todo #11983: Hide "Reboot and run a filesystem check" for ZFS systems
Darin May wrote:
> I'm running 21.05 on an sg-3100 and I don't have the fsck option on my reboot menu; should I?
... Jim Pingle
06:59 AM Feature #8794: NTP authentication support
The ntp client auth is yet to be implemented. Steve Wheeler
12:20 AM pfSense Packages Bug #11711: New Squid Status Page Non-Functional
Kris Phillips wrote:
> Can someone provide the patch once this is merged so we can test?
See the attachment
 Viktor Gurov
12:05 AM pfSense Packages Feature #11349 (Resolved): Allow to set minimum TLS version
Viktor Gurov

06/06/2021

11:24 PM pfSense Packages Bug #11551: SG-3100 with pfBlockerNG doesn't pass traffic
The patch contained at https://redmine.pfsense.org/issues/11466#note-32 has stopped the PHP crashes. So this bug coul... Loh Phat
11:10 PM Regression #11805: Port forward rules only function through the default gateway interface, ``reply-to`` does not work for Multi-WAN (CE Only)
Question, does this affect virtual IP's that are setup on the same interface as the default gateway IP, or does the I... Adam Kuklycz
09:41 AM Bug #12000 (Resolved): Remote log server input validation allows invalid values
When configuring remote syslog servers in status_logs_settings.php each server is entered as IP[:port]. Port 514 is a... Steve Wheeler
08:07 AM pfSense Packages Bug #11605: Suricata can trigger PHP crash on SG-3100
Does the PHP temp workaround patch fix this one too?
https://redmine.pfsense.org/issues/11466#note-32
 Loh Phat

06/05/2021

03:42 PM Bug #11999 (Resolved): OpenVPN IPv6 tunnel network is not validated properly
If you enter an IPv6 address without a subnet mask, the configuration will be accepted, but the OpenVPN service will ... Danilo Zrenjanin
03:41 PM Regression #11316: Unbound crashes with signal 11 when reloading
The DHCP service doesn't appear to be reliably updating the DNS server either. Tested on 21.09 Jun 5th build, I did ... Kris Phillips
03:27 PM pfSense Plus Feature #11772: Layer 2 Tunnel Bonding Capability
I understand your concern about the requirement for an "upstream device on a big pipe," however this is exactly the s... Clint Guillot
01:57 PM pfSense Plus Feature #11772: Layer 2 Tunnel Bonding Capability
Not certain how this would be possible. Fundamentally internet connectivity doesn't work this way. You would need ... Kris Phillips
03:20 PM pfSense Plus Bug #11466: PHP exits with signal 11 on SG-3100 when calling PCRE functions
Tested in 21.09 Jun 5th build. This patch is present and no longer needs to be applied manually in the development ch... Kris Phillips
03:13 PM pfSense Plus Bug #11466: PHP exits with signal 11 on SG-3100 when calling PCRE functions
Reporting that the patch in #32 solved my 21.02.2 --> 21.05 upgrade w/pfBLockerNG-devel causing the firewall service ... Loh Phat
01:37 PM pfSense Plus Bug #11466: PHP exits with signal 11 on SG-3100 when calling PCRE functions
Decided to go through some performance testing and stress testing. I loaded the CPU to maximum with iPerf3 traffic a... Kris Phillips
03:04 PM Todo #11983: Hide "Reboot and run a filesystem check" for ZFS systems
I'm running 21.05 on an sg-3100 and I don't have the fsck option on my reboot menu; should I? Loh Phat
03:01 PM Regression #11982: Outbound NAT does not create automatic equivalent rules when switching from Automatic to Manual mode
Verified problem exists on Jun 5th build of 21.09.
Build Info:
21.09-DEVELOPMENT (arm)
built on Sat Jun 05 01:... Kris Phillips
01:26 PM Regression #11982: Outbound NAT does not create automatic equivalent rules when switching from Automatic to Manual mode
Tested in 2.6 it is working.
It doesn't seem to have made it to 21.09 current build because when I test in
21... Max Leighton
02:07 PM pfSense Packages Feature #11349: Allow to set minimum TLS version
Minimum TLS version option are: 1.0/1.1/1.2
2.5.1-RELEASE (amd64)
built on Mon Apr 12 07:50:14 EDT 2021 Alhusein Zawi
01:49 PM pfSense Packages Bug #11711: New Squid Status Page Non-Functional
Can someone provide the patch once this is merged so we can test? Kris Phillips
01:43 PM Bug #11946: Custom value for AutoConfigBackup schedule Hours is not shown when loading the settings page
Tested in 2.6.0. The specified hour will now stay on the page when after navigating away and navigating back.
Howe... Max Leighton
09:45 AM pfSense Docs Correction #11998 (Closed): Feedback on Hardware — Hardware Tuning and Troubleshooting
*Page:* https://docs.netgate.com/pfsense/en/latest/hardware/tune.html
*Feedback:*
Section "VMware vmx(4) Interfac... Michael Huck
 

Also available in: Atom