Project

General

Profile

Activity

From 12/04/2021 to 01/02/2022

01/02/2022

03:56 PM pfSense Packages Feature #12658 (Closed): Adding prometheus metrics to darkstat
I wanted to get *darkstat* metrics in *prometheus* and it looks like a new commit (in 2017) has been created in the o... Karim Elatov
11:41 AM pfSense Packages Todo #12354 (Pull Request Review): Update haproxy-devel to mitigate CVE-2021-40346
This patch results in the following warning when starting @haproxy@:... Marcos M

01/01/2022

11:13 AM Bug #12657: "Skip rules when gateway is down" doesn't function on gateway down events until state is reset
The plot thickens:
When I kill the gateway and look at my firewall rules for matches, it's not actually matching o... Kris Phillips
10:47 AM Bug #12657 (Closed): "Skip rules when gateway is down" doesn't function on gateway down events until state is reset
Testing environment:
Inside subnet: 192.168.5.0/24
Host: 192.168.5.20
System --> Advanced --> Misc --> "Skip rul... Kris Phillips
12:31 AM Feature #7626: Add IPoE support for WAN
Does anyone know if selecting using DHCP will solve the need to select IPoE?
Or is there an IPoE option in the works... Anonymous

12/31/2021

06:02 PM Bug #9572: uPNP not working - miniupnpd needs an update, reporting "interface index not matching", which has been fixed upstream
pfSense Plus 21.05.2, which is our current stable release, runs the following version:
miniupnpd 2.2.1 Oct 20 2021... Kris Phillips
05:58 PM pfSense Packages Bug #8516: FreeRADIUS requires settings re-saved after pfSense upgrade
Is FreeRADIUS communicating on a VIP in your configuration or using the actual interface IP? There is a bug for VIPs... Kris Phillips
05:55 PM Bug #8113: MTU setting on bridge, openvpn clients ignored
OpenVPN's MTU is set by a command passed to the client/server, not on the interface itself.
As for bridge interfac... Kris Phillips
05:47 PM Bug #7400: Traffic Graphs show bad data on 2.3.3_1
I'm not able to reproduce any issues here in pfSense Plus 21.05.2 or pfSense CE 2.5.2. Graphs look normal to me. Kris Phillips
05:44 PM Bug #6993: OpenVPN status error during CARP state transition
If this is still relevant, you can likely work around this by setting the VIP that you're using for OpenVPN to also b... Kris Phillips
05:40 PM Bug #7113: Interface name in Traffic Graphs
Not sure this is a bug. This seems to be by design that the "friendly name" would be displayed. What purpose would h... Kris Phillips
05:36 PM Bug #6369: Config without mouse not possible
Tested in Firefox on pfSense Plus 21.05.2. I can select all of these fields with just the keyboard and change them wi... Kris Phillips
05:30 PM Bug #4345: Traffic Shaping doesn't work with Xen netfront driver
This should be retested. There is a lot of kernel changes and Xen improvements in the FreeBSD kernel in the last 6 ye... Kris Phillips
05:21 PM Bug #5629: Allow for IPsec configuration using certs without a CA
This is only necessary for self-signed certs. Not sure what the functional benefit of removing the CA requirements w... Kris Phillips
04:19 PM pfSense Packages Feature #11130: FRR RIP support
After performing the workaround in https://redmine.pfsense.org/issues/12653, I am able to successfully exchange route... Max Leighton
03:42 PM pfSense Packages Bug #11391 (Resolved): Zeek crashes on 2.5.0
Tested with Zeek 3.0.6_3
The service starts successfully without any crashes. Marking the ticket resolved. Max Leighton
01:20 PM Bug #12632: Changing an interface IP address and gateway at the console does not save the new gateway if one already exists for the interface
I tested again, against the same version:... Danilo Zrenjanin
10:35 AM Bug #12632 (Feedback): Changing an interface IP address and gateway at the console does not save the new gateway if one already exists for the interface
Danilo Zrenjanin
06:09 AM Bug #12632 (Resolved): Changing an interface IP address and gateway at the console does not save the new gateway if one already exists for the interface
Tested against:... Danilo Zrenjanin
01:06 PM pfSense Packages Bug #12423: Dashboard shows "SQLite database missing, Force Reload DNSBL to recover!"
So is this in pfBlockerNG-devel 3.1.0 or not yet released? Sean McBride
10:27 AM pfSense Packages Feature #12656 (New): NextDNS
NetDNS package and the the ability to change setting, especially the configuration file via the web gui.
 Abdul Khaliq
04:54 AM Bug #12637 (Resolved): Incorrect SSH key permission after restore
Tested against:... Danilo Zrenjanin

12/30/2021

05:51 PM pfSense Packages Bug #12655 (New): telegraf, wireguard plugin failing
Hi,
I'm trying to use the Wireguard plugin for telegraf, more info on the plugin here,
https://github.com/influxd... Russell Morris
02:51 PM pfSense Packages Bug #12443 (Feedback): DNSBL Category ```Enable All``` button not working
Merged Viktor Gurov
02:50 PM pfSense Packages Bug #12423 (Feedback): Dashboard shows "SQLite database missing, Force Reload DNSBL to recover!"
Merged Viktor Gurov
02:49 PM pfSense Packages Bug #12414 (Feedback): DNSBL SafeSearch page displays input validation error if DoH / DoT blocking is not enabled
Merged Viktor Gurov
02:33 PM pfSense Packages Feature #10818: UDP Broadcast Relay
MILO MEDIN wrote in #note-7:
> Is there any work going on to integrate this? I have a problem with chromecast audio... Axel Taferner
12:20 PM pfSense Packages Feature #10818: UDP Broadcast Relay
Is there any work going on to integrate this? I have a problem with chromecast audio groups that this would fix (tha... MILO MEDIN
02:25 PM Bug #12452 (Feedback): Port forward rules are not created for special networks (pppoe, openvpn)
Applied in changeset commit:7034ac0946c63f77708f28643f5efc8fb0fe96a1. Viktor Gurov
02:02 PM Bug #12452 (Pull Request Review): Port forward rules are not created for special networks (pppoe, openvpn)
Jim Pingle
12:12 PM Bug #12452: Port forward rules are not created for special networks (pppoe, openvpn)
extra fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/541 Viktor Gurov
01:26 PM Bug #12626: Router Advertisement DNS search domain from one interface may unintentionally be used by other interfaces
Updating subject for release notes. Jim Pingle
01:20 PM Feature #11750: Support for network interfaces using the ``qlnxe`` driver
Updating subject for release notes. Jim Pingle
01:19 PM Regression #12631: Dynamic DNS may not use the correct interface when updating during failover
Updating subject for release notes. Jim Pingle
01:06 PM pfSense Packages Bug #12482 (Resolved): Outdated doc links
Tested against:... Danilo Zrenjanin
12:43 PM Bug #12585 (Resolved): ``rc.notify_message`` only sends notifications via SMTP
Tested against:... Danilo Zrenjanin
11:40 AM Bug #12651: ``nginx`` logs an error that the port is already in use when restarting Captive Portal services
fixed in https://gitlab.netgate.com/pfSense/pfSense/-/commit/86b5382c97fd8cb965a7dc74cd12d94ab3a3af9c#a8c0c118e374175... Viktor Gurov
11:19 AM pfSense Packages Feature #12646 (Resolved): FRR: Feature request: Expose "nht resolve-via-default" in GUI
Tested against:... Danilo Zrenjanin
10:35 AM pfSense Docs Todo #12627 (Closed): Feedback on pfSense Configuration Recipes — WireGuard Site-to-Site VPN Configuration Example
Merged this a few days ago Jim Pingle
09:40 AM pfSense Packages Bug #12206 (Feedback): Certificate Manager page doesn't show Net-SNMP used certificates
Merged Viktor Gurov
08:57 AM pfSense Packages Bug #12206 (Pull Request Review): Certificate Manager page doesn't show Net-SNMP used certificates
Jim Pingle
09:37 AM Bug #12654: Nat issue after 20211220 version
This appears to affect any traffic using outbound NAT from an IP on the firewall itself. So, for example, localhost:
... Steve Wheeler
08:49 AM Bug #12654 (Resolved): Nat issue after 20211220 version
Upgrading to version 20211220+ results in loss of pfSense box internet connection *if Outbound NAT Source "any" is us... Viktor Gurov
09:10 AM pfSense Packages Bug #12623: acme.sh package | DNS-ISPConfig settings
upstream fix:
https://github.com/acmesh-official/acme.sh/pull/3868 Viktor Gurov
08:37 AM pfSense Packages Regression #12653 (Feedback): RIP related startup error
Merged Viktor Gurov
07:31 AM pfSense Packages Regression #12653 (Pull Request Review): RIP related startup error
Jim Pingle
04:35 AM pfSense Packages Regression #12653: RIP related startup error
workaround:... Viktor Gurov
04:23 AM pfSense Packages Regression #12653 (Resolved): RIP related startup error
... Viktor Gurov
07:36 AM Bug #11984 (Pull Request Review): Automatic Outbound NAT mode can create incorrect rules in some cases
Jim Pingle
06:22 AM Bug #11984: Automatic Outbound NAT mode can create incorrect rules in some cases
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/540 Viktor Gurov
07:31 AM Bug #12652 (Not a Bug): Firewall Alias: Fatal Error - Upgrade from 2.5.0 to 2.5.2
You have a problem with your installation, that isn't from a bug.
This site is not for support or diagnostic discu... Jim Pingle
03:58 AM Bug #12652 (Not a Bug): Firewall Alias: Fatal Error - Upgrade from 2.5.0 to 2.5.2
After upgrading, I saw some errors in the notifications (Attached screenshots).
I can no longer edit my existing A... Kyle Keagy
07:29 AM Regression #12183: Changing MAC address for PPP parent interface stopped working
That page doesn't mention spoofing the MAC now, and needing to spoof it with PPPoE is so rare I don't think that it's... Jim Pingle
03:55 AM Regression #12183: Changing MAC address for PPP parent interface stopped working
Jim Pingle wrote in #note-1:
> That was changed in #11387 to prevent the field from being set on interfaces which do... Viktor Gurov
04:45 AM Bug #12638: Telegram notification is broken
related to https://forum.netgate.com/topic/168768/nat-issue-after-20211220-version Viktor Gurov
04:17 AM Bug #6289: IPv6 address not given to track6 interfaces on create
dhcp6c needs to be restarted to add and a new track interface to dhcp6c.conf Viktor Gurov
04:06 AM Bug #9471 (Feedback): GIF tunnel not added to interface group after reboot
Could you test it on the latest development snapshot? Viktor Gurov
04:00 AM Bug #11872: gif interfaces reporting incorrect traffic counters
Maybe related to #11759 Viktor Gurov
04:00 AM Bug #11759: Traffic graphs on dashboard double upload on pppoe links
net blues wrote in #note-3:
> It happens when comparing pppoe traffic and physical interface. Physical shows correct... Viktor Gurov
03:44 AM pfSense Packages Regression #12643: Rule categories are cleared after clicking the save button on the Global Settings page
Marcos Mendoza wrote in #note-4:
> I still see the following issue noted in the related bug report:
> 1) The @Delet... Viktor Gurov

12/29/2021

01:50 PM Feature #11790 (Rejected): Support hiding interface groups via special tag
Closing in response to discussion in the github merge request. Christian McDonald
01:43 PM Bug #11494 (Rejected): Wireguard interface sends ICMP Redirect when routing between two peers
Unable to replicate.
We can revisit if someone can demonstrate that this issue is still valid. Christian McDonald
11:55 AM Bug #12651 (Closed): ``nginx`` logs an error that the port is already in use when restarting Captive Portal services
After restarting Captive Portal on the Status / Services page or via clicking the restart icon, an error occurs:
<pr... Viktor Gurov
10:21 AM pfSense Packages Feature #12646 (Feedback): FRR: Feature request: Expose "nht resolve-via-default" in GUI
Merged Viktor Gurov
09:36 AM pfSense Packages Bug #10937 (Feedback): HAProxy frontend and backend entry limit
Merged Viktor Gurov
07:51 AM pfSense Packages Bug #10937 (Pull Request Review): HAProxy frontend and backend entry limit
Jim Pingle
04:14 AM pfSense Packages Bug #10937: HAProxy frontend and backend entry limit
fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/159 Viktor Gurov
06:06 AM pfSense Packages Feature #11130 (Feedback): FRR RIP support
Merged Viktor Gurov
06:03 AM pfSense Packages Bug #12386 (Feedback): ```bgp as-path``` and ```bgp community-list``` are present in configuration even when BGP daemon is not enabled
Merged Viktor Gurov
04:57 AM pfSense Plus Bug #12607: Instability with Snort Inline with AWS Instances
Need to test with the latest 22.01/2.6 snapshot - ena(4) updated from 2.2.0 to 2.4.1 in FreeBSD 12.3
see https://www... Viktor Gurov
04:39 AM pfSense Packages Bug #12205 (Feedback): Certificate Manager page doesn't show Squid used certificates
Merged Viktor Gurov
04:33 AM pfSense Packages Bug #12339 (Feedback): SyslogNG PHP errors after starting the service
Merged Viktor Gurov
04:00 AM Bug #12637 (Feedback): Incorrect SSH key permission after restore
Applied in changeset commit:49eba6609d52d9fca416fd487937c37f1daf98dc. Viktor Gurov
03:54 AM Bug #12649: Allowed IP/Hostname "Direction" option is never used
fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/539 Viktor Gurov

12/28/2021

08:52 PM pfSense Packages Regression #12643: Rule categories are cleared after clicking the save button on the Global Settings page
Tested the patch and it works well; the categories no longer reset.
I still see the following issue noted in the r... Marcos M
01:17 PM Bug #12649 (Closed): Allowed IP/Hostname "Direction" option is never used
The "Direction" (@dir@ in config) is never used in the @captiveportal_allowedip_configure_entry()@:
https://github.c... Viktor Gurov
11:55 AM Bug #11285 (Closed): Kernel crash on ALTQ-enabled wg interfaces
The current validation logic in traffic shaper prevents enabling traffic shaping on tun_wgN interfaces built by the W... Christian McDonald
11:41 AM Bug #11613 (Rejected): Pushing WireGuard traffic out a specific GW using static routes requires a reboot to revert.
This is no longer an issue. Christian McDonald
11:41 AM Bug #11450 (Rejected): Problem with IPv6 netmask /128 in WireGuard
Unable to reproduce with current WireGuard implementation. Christian McDonald
10:44 AM Bug #12648: Undocumented variables 'listenporthttp' and 'listenporthttps'
another port overlap issue - #5786 Viktor Gurov
10:06 AM Bug #12648: Undocumented variables 'listenporthttp' and 'listenporthttps'
I seem to recall that was intentional, as it let people who really needed to adjust it do so by altering config.xml b... Jim Pingle
09:59 AM Bug #12648 (New): Undocumented variables 'listenporthttp' and 'listenporthttps'
It's not possible to set the variables 'listenporthttp' and 'listenporthttps' via WebGUI
and there is no mention in ... Viktor Gurov
07:28 AM pfSense Docs Correction #12647 (Rejected): Feedback on Virtual Private Networks — IPsec — IPsec Configuration
Already fixed in the staged docs a while ago.
http://stage-v22.01.docs.netgate.com/pfsense/en/latest/vpn/ipsec/con... Jim Pingle
03:49 AM pfSense Docs Correction #12647: Feedback on Virtual Private Networks — IPsec — IPsec Configuration
https://gitlab.netgate.com/docs/pfSense-docs/-/merge_requests/28 Viktor Gurov
03:40 AM pfSense Docs Correction #12647: Feedback on Virtual Private Networks — IPsec — IPsec Configuration
see https://redmine.pfsense.org/projects/pfsense/repository/1/revisions/81949bee72813bbd8b57b75563cd40b9cdaf68e0 Viktor Gurov
03:38 AM pfSense Docs Correction #12647 (Rejected): Feedback on Virtual Private Networks — IPsec — IPsec Configuration
*Page:* https://docs.netgate.com/pfsense/en/latest/vpn/ipsec/configure.html
*Feedback:*... Viktor Gurov
07:25 AM pfSense Packages Feature #12646 (Pull Request Review): FRR: Feature request: Expose "nht resolve-via-default" in GUI
Jim Pingle
04:19 AM pfSense Packages Feature #12646: FRR: Feature request: Expose "nht resolve-via-default" in GUI
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/158 Viktor Gurov
07:25 AM Regression #12617 (Feedback): Dynamic DNS client updates using a private IP address when it cannot determine the public IP address
Applied in changeset commit:1fa4c4731bca54652becfb6737bdc3ea8851d6b7. Viktor Gurov
07:11 AM Regression #12617 (Pull Request Review): Dynamic DNS client updates using a private IP address when it cannot determine the public IP address
Jim Pingle
06:52 AM Regression #12617: Dynamic DNS client updates using a private IP address when it cannot determine the public IP address
same fix for DynDNS (non-RFC2136):
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/538 Viktor Gurov
07:12 AM Todo #12624 (Pull Request Review): Reorganize UPnP options
Jim Pingle
05:58 AM Todo #12624: Reorganize UPnP options
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/537 Viktor Gurov

12/27/2021

11:40 PM pfSense Packages Feature #12646 (Resolved): FRR: Feature request: Expose "nht resolve-via-default" in GUI
Multiple scenarios exist where frr.conf needs to contain
@!
ip nht resolve-via-default
ipv6 nht resolve-via-def... M Felden
03:28 PM Bug #12645 (Pull Request Review): ``filterdns`` does not monitor remote IPsec gateways for IPv6 address changes
Jim Pingle
01:35 PM Bug #12645: ``filterdns`` does not monitor remote IPsec gateways for IPv6 address changes
fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/535 Viktor Gurov
01:18 PM Bug #12645 (Resolved): ``filterdns`` does not monitor remote IPsec gateways for IPv6 address changes
if Internet Protocol = IPv6 and Remote Gateway is FQDN, IPv6 address changes are not tracked
@add_hostname_to_watch(... Viktor Gurov
02:08 PM pfSense Docs Todo #12639 (Feedback): Feedback on System Monitoring — System Logs
I cleaned up quite a few outdated clog references and other related info, and updated things to refer to plain text l... Jim Pingle
12:23 PM pfSense Packages Bug #12424 (Resolved): OpenVPN silent install uses incorrect parameters
Works well - tested on Windows 10x64. Marcos M
12:16 PM pfSense Packages Bug #12642 (Feedback): suricata_get_vpns_list() does not include OpenVPN CSO
Merged Viktor Gurov
04:16 AM pfSense Packages Bug #12642: suricata_get_vpns_list() does not include OpenVPN CSO
https://github.com/pfsense/FreeBSD-ports/pull/1132 Viktor Gurov
03:49 AM pfSense Packages Bug #12642 (Resolved): suricata_get_vpns_list() does not include OpenVPN CSO
"Pass List -> Auto-Generated IP Addresses -> VPN Addresses" does not include OpenVPN Client Specific Override
sam... Viktor Gurov
12:16 PM pfSense Packages Regression #12643 (Feedback): Rule categories are cleared after clicking the save button on the Global Settings page
Merged Viktor Gurov
05:54 AM pfSense Packages Regression #12643: Rule categories are cleared after clicking the save button on the Global Settings page
fix:
https://github.com/pfsense/FreeBSD-ports/pull/1133 Viktor Gurov
04:25 AM pfSense Packages Regression #12643 (Resolved): Rule categories are cleared after clicking the save button on the Global Settings page
After clicking the save button on the Global Settings page all rule categories are removed from all interfaces
and I... Viktor Gurov
10:15 AM Regression #12631 (Feedback): Dynamic DNS may not use the correct interface when updating during failover
Applied in changeset commit:c3474eef834d4b77631e961c5569254a8094b12f. Viktor Gurov
08:14 AM Regression #12631 (Pull Request Review): Dynamic DNS may not use the correct interface when updating during failover
Jim Pingle
10:06 AM pfSense Docs Todo #12634 (Closed): Feedback on Services — DNS Resolver — Host Overrides
Fixed: https://gitlab.netgate.com/docs/pfSense-docs/-/commit/5e6d2a97ad2cf84ff4cbdef07da85799285572e7 Jim Pingle
09:32 AM pfSense Docs Correction #12540 (Duplicate): Feedback on pfSense Configuration Recipes — WireGuard Site-to-Site VPN Configuration Example
Will be tracking as https://redmine.pfsense.org/issues/12627
Closing as duplicate. Christian McDonald
09:28 AM pfSense Docs Todo #12627 (Pull Request Review): Feedback on pfSense Configuration Recipes — WireGuard Site-to-Site VPN Configuration Example
Christian McDonald
09:28 AM pfSense Docs Todo #12627: Feedback on pfSense Configuration Recipes — WireGuard Site-to-Site VPN Configuration Example
Fixed here: https://gitlab.netgate.com/docs/pfSense-docs/-/merge_requests/27
Also added some clarification in respon... Christian McDonald
08:49 AM pfSense Docs Todo #12627: Feedback on pfSense Configuration Recipes — WireGuard Site-to-Site VPN Configuration Example
That does appear to be a typo, thanks for letting us know! Jim Pingle
09:26 AM pfSense Docs Correction #12644 (Duplicate): WireGuard S2S Recipe Corrections
(Closed as duplicate of https://redmine.pfsense.org/issues/12627) Christian McDonald
09:11 AM pfSense Docs Correction #12644: WireGuard S2S Recipe Corrections
https://gitlab.netgate.com/docs/pfSense-docs/-/merge_requests/27 Christian McDonald
09:09 AM pfSense Docs Correction #12644 (Duplicate): WireGuard S2S Recipe Corrections
# Fixed some typos concerning the tunnel subnet.
# Added a few notes concerning RFC5737 addresses and routing. Christian McDonald
08:41 AM pfSense Plus Bug #12641 (Not a Bug): OpenVPN GUI Config Editor removes newlines of "Custom options" field in parsing
This is expected behavior and not a bug. As stated in the text under that field and in the documentation, directives ... Jim Pingle
08:29 AM Feature #12636 (Pull Request Review): Automatically create DNS Resolver ACLs for OpenVPN CSO entries
Jim Pingle
08:20 AM Bug #12637 (Pull Request Review): Incorrect SSH key permission after restore
Jim Pingle
08:18 AM Feature #12518 (Pull Request Review): Restore RRD and extra data from configuration backups when restoring during installation
Jim Pingle
08:17 AM Bug #12635 (Pull Request Review): PHP: Error generated when backing up a config file with SSH disabled
Jim Pingle
08:15 AM Bug #12633 (Pull Request Review): Gateway monitoring should mark gateway as "offline" on PPPoE parent interface disconnect
Jim Pingle
08:12 AM Bug #12630 (Not a Bug): States are always created on the default gateway interface.
This is the expected behavior. The outgoing interface is chosen by the operating system routing table and can't be in... Jim Pingle
08:00 AM Feature #9544: Enable ``ROUTE_MPATH`` multipath routing
If that is the case, then we'll pick it up naturally when we rebase onto 13.x or later and we can close this at that ... Jim Pingle
07:55 AM Bug #12628 (Pull Request Review): OpenVPN re-synchronization also synchronizes override entries unnecessarily in some cases
Jim Pingle
07:52 AM Feature #12392 (Pull Request Review): Allow the selection of "any" interface in floating rules
Jim Pingle
07:51 AM Bug #11864 (Pull Request Review): OpenVPN stays bound to previous IP address after interface changes
Jim Pingle
07:47 AM Feature #8861 (Pull Request Review): Show SFP module details on ``status_interfaces.php``
Jim Pingle
03:28 AM Bug #12640 (Duplicate): problem with ssh host key permissions after restore from backup, sshd fails to start
Duplicate of #12637 Viktor Gurov

12/26/2021

03:22 PM pfSense Plus Bug #12641 (Not a Bug): OpenVPN GUI Config Editor removes newlines of "Custom options" field in parsing
# Create an OpenVPN Server using the UI with multiple "custom options", e.g. two Push directives like... Sebastian Wagner
09:09 AM Bug #12640 (Duplicate): problem with ssh host key permissions after restore from backup, sshd fails to start
_figured this should be on redmine, so this is a xpost from https://forum.netgate.com/topic/168618/22-01-problem-with... → luckman212
08:46 AM pfSense Docs Todo #12639 (Closed): Feedback on System Monitoring — System Logs
*Page:* https://docs.netgate.com/pfsense/en/latest/monitoring/logs/index.html
*Feedback:*
The content of the 3r... Steve Tremayne

12/25/2021

02:42 PM pfSense Packages Feature #6651: Loopback interfaces

lo0/Loopback is added
https://redmine.pfsense.org/issues/11186 Alhusein Zawi
12:34 PM pfSense Docs Correction #12469 (Resolved): Automatic outbound NAT rules are applied to the WG interface
Tested against:... Danilo Zrenjanin
11:01 AM Feature #11750 (Resolved): Support for network interfaces using the ``qlnxe`` driver
Tested against:... Danilo Zrenjanin
07:16 AM Bug #12632: Changing an interface IP address and gateway at the console does not save the new gateway if one already exists for the interface
seems to be fixed in #11581
please test on the latest development snapshot Viktor Gurov

12/24/2021

12:38 PM Bug #12638 (Closed): Telegram notification is broken
not an issue, something wrong with my appliance Viktor Gurov
12:31 PM Bug #12638: Telegram notification is broken
fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/534 Viktor Gurov
12:27 PM Bug #12638 (Closed): Telegram notification is broken
Error message:... Viktor Gurov
11:11 AM Feature #12636: Automatically create DNS Resolver ACLs for OpenVPN CSO entries
fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/533 Viktor Gurov
10:27 AM Feature #12636 (Resolved): Automatically create DNS Resolver ACLs for OpenVPN CSO entries
DNS Resolver creates ACLs OpenVPN client/server IPv4/IPv6 tunnel networks entries,
but not for Client Specific Overr... Viktor Gurov
10:53 AM Bug #12637: Incorrect SSH key permission after restore
fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/532 Viktor Gurov
10:49 AM Bug #12637 (Resolved): Incorrect SSH key permission after restore
restore_sshdata() must set 600 permission mode for *_key files:... Viktor Gurov
09:24 AM pfSense Packages Feature #6651 (Feedback): Loopback interfaces
Merged Viktor Gurov
09:23 AM pfSense Packages Bug #12420 (Resolved): rc file is not deleted
Tested with PIMD 0.0.3_5
/usr/local/etc/rc.d/pimd.sh is removed when the service is disabled. Marking the ticket r... Max Leighton
08:49 AM Feature #12518: Restore RRD and extra data from configuration backups when restoring during installation
fix:
https://gitlab.netgate.com/pfSense/FreeBSD-src/-/merge_requests/43
https://gitlab.netgate.com/pfSense/pfSe... Viktor Gurov
07:03 AM Feature #12518: Restore RRD and extra data from configuration backups when restoring during installation
bsdinstaller does not create the '/cf/conf/trigger_restore_config_after_bsdinstall' file for some reason (https://git... Viktor Gurov
05:57 AM pfSense Packages Bug #12206: Certificate Manager page doesn't show Net-SNMP used certificates
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/157 Viktor Gurov

12/23/2021

04:57 PM Feature #12184 (Resolved): GUI options to configure IKE retransmission behavior
Tested with
2.6.0-BETA (amd64)
built on Thu Dec 23 06:20:23 UTC 2021
FreeBSD 12.3-STABLE
The retransmit setti... Max Leighton
04:31 PM Feature #12070: Support for VLAN ``0``
Jim Pingle wrote in #note-2:
> Anything that would potentially touch VLAN0 needs to be aware of potential security pr... C HL
10:59 AM pfSense Packages Bug #12424 (Feedback): OpenVPN silent install uses incorrect parameters
Merged Viktor Gurov
10:59 AM pfSense Packages Bug #12475 (Feedback): OpenVPN Client Export does not show certificate without private key
Merged Viktor Gurov
10:58 AM pfSense Packages Bug #11575 (Feedback): OpenVPN clients cannot pass traffic when reconnecting using the same source port
Merged Viktor Gurov
10:53 AM pfSense Packages Bug #12264 (Feedback): Stray <table> line in squid_monitor.php
Merged Viktor Gurov
10:46 AM pfSense Packages Feature #12281 (Feedback): Add support for Telegram/Pushover notifications
Merged Viktor Gurov
10:45 AM pfSense Packages Bug #12420 (Feedback): rc file is not deleted
Merged Viktor Gurov
10:45 AM pfSense Packages Bug #11098 (Feedback): Backup Files and Directories plugin crashes firewall if /root specified as backup location
Merged Viktor Gurov
10:44 AM pfSense Packages Feature #12246 (Feedback): Load a file into patch textarea
Merged Viktor Gurov
10:44 AM pfSense Packages Bug #12030 (Feedback): Startup Errors for Avahi Package
Merged Viktor Gurov
10:44 AM pfSense Packages Todo #12354 (Feedback): Update haproxy-devel to mitigate CVE-2021-40346
Merged Viktor Gurov
10:44 AM pfSense Packages Bug #12482 (Feedback): Outdated doc links
Merged Viktor Gurov
07:32 AM Bug #12635: PHP: Error generated when backing up a config file with SSH disabled
fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/529 Viktor Gurov
07:11 AM Bug #12635 (Resolved): PHP: Error generated when backing up a config file with SSH disabled
Error reads:... Steve Wheeler
07:28 AM Bug #12633: Gateway monitoring should mark gateway as "offline" on PPPoE parent interface disconnect
fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/528 Viktor Gurov
06:40 AM Bug #12633: Gateway monitoring should mark gateway as "offline" on PPPoE parent interface disconnect
partially implemented in https://github.com/pfsense/pfsense/commit/da836151dbd6dff0f8759ef165b24e0e173b078e,
but it ... Viktor Gurov
06:32 AM Bug #12633 (Resolved): Gateway monitoring should mark gateway as "offline" on PPPoE parent interface disconnect
Instead of waiting for a packet loss threshold, the gateway must be marked as 'offline' on link down event
/etc/rc... Viktor Gurov
06:38 AM pfSense Docs Todo #12634 (Closed): Feedback on Services — DNS Resolver — Host Overrides
*Page:* https://docs.netgate.com/pfsense/en/latest/services/dns/resolver-host-overrides.html
*Feedback:*
Typo i... Andy Kniveton
06:07 AM Regression #12631: Dynamic DNS may not use the correct interface when updating during failover
fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/527 Viktor Gurov
03:11 AM Regression #12631: Dynamic DNS may not use the correct interface when updating during failover
So an update....
I found that the Dynamic DNS option for "Custom" displays a drop down for "Interface to send upda... Neill Lawson-Smith
04:12 AM Bug #12632 (Feedback): Changing an interface IP address and gateway at the console does not save the new gateway if one already exists for the interface
Unable to reproduce:... Viktor Gurov
02:53 AM Bug #12632 (Resolved): Changing an interface IP address and gateway at the console does not save the new gateway if one already exists for the interface
First encoutnered two months ago. Assumed I had done a typo or something and moved on. Now notice this can be reprodu... M Felden
04:03 AM Bug #12629 (Closed): Incorrect sort order on ACB Restore page
not an issue Viktor Gurov
03:34 AM Feature #10732: Warning banner for secondary HA node
1) Using CARP does not mean configured High Availability (XMLRPC sync)
2) What if some interfaces are in MASTER stat... Viktor Gurov
03:30 AM Bug #10513: State issues with policy routing and HA failover
#8100 - maybe related Viktor Gurov

12/22/2021

08:40 PM pfSense Packages Feature #12513: WireGuard Utilization Status (Beyond Active Connection)
Just idea-wise, another representation option attached (which does not need to worry about thresholds) though impleme... Jum Pers
04:26 PM Regression #12631 (Closed): Dynamic DNS may not use the correct interface when updating during failover
Using 2.5.2-RELEASE
I have two interfaces - One WAN (gigabit) and a 4G Data Cell Link (150Mbps) as a secondary.
T... Neill Lawson-Smith
03:44 PM Bug #5476: Does not appear possible to use policy routing for traffic originating from the firewall (self)
Howdy,
just ran into the same problem. Is it on a todo list somewhere? Would be great to know.
Thanks :-) Clif Cox
03:08 PM Bug #12630: States are always created on the default gateway interface.
Maybe this is related? #10513 Marcos M
02:49 PM Bug #12630 (Not a Bug): States are always created on the default gateway interface.
Tested on @21.05@ and @22.01.b.20211220.0600@.
When a service (like OpenVPN) binds to a specific IP, the states al... Marcos M
02:48 PM Feature #9544: Enable ``ROUTE_MPATH`` multipath routing
Jim Pingle wrote in #note62:
> This was too unstable to keep for the time being. Retargeting to Future for now. Will... Alexander Chernikov
12:25 PM Bug #12626 (Feedback): Router Advertisement DNS search domain from one interface may unintentionally be used by other interfaces
Merged Viktor Gurov
01:03 AM Bug #12626: Router Advertisement DNS search domain from one interface may unintentionally be used by other interfaces
PR: https://github.com/pfsense/pfsense/pull/4550 znerol znerol
01:02 AM Bug #12626 (Resolved): Router Advertisement DNS search domain from one interface may unintentionally be used by other interfaces
When Router Advertisements are configured on multiple interfaces, a search string from an earlier interface bleeds ov... znerol znerol
12:25 PM pfSense Docs Correction #12469 (Feedback): Automatic outbound NAT rules are applied to the WG interface
https://github.com/pfsense/pfsense/pull/4541
Merged Viktor Gurov
12:00 PM Feature #12567 (Feedback): Add Dynamic DNS support for Name.com
Applied in changeset commit:6a9fe85fa28fd636949c791f0d1d3d1dd6a89427. Anonymous
11:48 AM Bug #12470 (Feedback): Thermal Sensors Dashboard widget filter for negative values refers to invalid variable
Merged Viktor Gurov
11:40 AM Bug #12629 (Closed): Incorrect sort order on ACB Restore page
First it is sorted by date, then by month
The same issue may be on other pages:... Viktor Gurov
11:02 AM Feature #11750 (Feedback): Support for network interfaces using the ``qlnxe`` driver
Merged Viktor Gurov
07:36 AM Bug #12628: OpenVPN re-synchronization also synchronizes override entries unnecessarily in some cases
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/524 Viktor Gurov
07:27 AM Bug #12628 (Resolved): OpenVPN re-synchronization also synchronizes override entries unnecessarily in some cases
There is no needs to execute it each time Viktor Gurov
07:10 AM Feature #12392: Allow the selection of "any" interface in floating rules
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/523 Viktor Gurov
06:26 AM Bug #11864: OpenVPN stays bound to previous IP address after interface changes
fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/522
we need to create a separate TODO to check/r... Viktor Gurov
05:59 AM Feature #12473: Allow user adjustment of IPsec Keep Alive periodic checks
It should be a global configuration parameter on the system_advanced_network.php page
see https://github.com/pfsen... Viktor Gurov
05:49 AM Regression #12215: OpenVPN does not resync when running on a gateway group
seems related #11570 and #12613 Viktor Gurov
04:36 AM Feature #8861: Show SFP module details on ``status_interfaces.php``
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/521 Viktor Gurov
03:55 AM Bug #12589: Dynamic DNS updates do not respect certificate authority trust store
Marcos Mendoza wrote in #note-5:
> Do we know if the path is replaced rather than appended to? Is it an issue?
It... Viktor Gurov
03:35 AM Feature #11588: Automatically suggest next IP address in Wireguard interface subnet when creating a peer
Hello all, am I able to get any feedback / comments on this pr? Its been sat for 3 months. I'd like to contribute mor... Adam Cooper
02:23 AM pfSense Docs Todo #12627 (Closed): Feedback on pfSense Configuration Recipes — WireGuard Site-to-Site VPN Configuration Example
*Page:* https://docs.netgate.com/pfsense/en/latest/recipes/wireguard-s2s.html
*Feedback:*
Hi I made WireGuard VPN... Robert Erzen

12/21/2021

06:39 PM Feature #12625 (New): Granular logging options for default firewall rules.
Allow the user to control which default firewall rules get logged. Currently, there are checkboxes for:
* default bl... Marcos M
03:35 PM Bug #12589: Dynamic DNS updates do not respect certificate authority trust store
Do we know if the path is replaced rather than appended to? Is it an issue? Marcos M
12:51 PM Todo #12624 (Resolved): Reorganize UPnP options
The UPnP options *Custom presentation URL* and *Custom model number* are in the section for UPnP Access Control Lists... Jim Pingle
12:02 PM pfSense Packages Bug #11575 (Pull Request Review): OpenVPN clients cannot pass traffic when reconnecting using the same source port
Since this is a client problem, and clients on pfSense already get @nobind@ or @lport 0@ at appropriate times, moving... Jim Pingle
11:27 AM pfSense Packages Bug #11575: OpenVPN clients cannot pass traffic when reconnecting using the same source port
bind mode switch feature:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/154 Viktor Gurov
11:38 AM Bug #12621 (Feedback): Fix rare case where /getstats.php might be called without valid post data.
Merged Christian McDonald
11:29 AM Regression #12622: Kernel panic when using ``fq_pie`` limiter scheduler
Ok the reason Viktor Gurov setup didn't page fault is he didn't add child queue to the scheduler(Tested).
The proble... Anonymous
10:52 AM Regression #12622: Kernel panic when using ``fq_pie`` limiter scheduler
This is the configuration I have it set to.
I also tried with noecn still page faulted.
The very same configuration... Anonymous
05:25 AM Regression #12622 (Feedback): Kernel panic when using ``fq_pie`` limiter scheduler
Viktor Gurov
05:25 AM Regression #12622: Kernel panic when using ``fq_pie`` limiter scheduler
Unable to reproduce on 2.6.0.b.20211220.0600
/tmp/rules.limiter:... Viktor Gurov
11:25 AM Regression #12615 (Feedback): MAC passthrough does not work on the latest snapshot
Applied in changeset commit:2fe32b3b168a1a2a3f96e1419eee958e6c10c20b. Viktor Gurov
10:53 AM Regression #12615 (Pull Request Review): MAC passthrough does not work on the latest snapshot
Jim Pingle
09:33 AM Regression #12615: MAC passthrough does not work on the latest snapshot
fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/520 Viktor Gurov
07:27 AM Bug #12614: Pushover notifications fail
Updating subject for release notes. Jim Pingle
07:24 AM Regression #12617: Dynamic DNS client updates using a private IP address when it cannot determine the public IP address
Updating subject for release notes. Jim Pingle
07:16 AM Bug #12527 (Pull Request Review): DHCPv6 server does not skip interfaces configured with invalid ranges
Jim Pingle
05:05 AM Bug #12527: DHCPv6 server does not skip interfaces configured with invalid ranges
fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/519 Viktor Gurov
07:15 AM Bug #6880 (Pull Request Review): Multiple DHCP6 WAN connections leads to multiple dhcp6c clients
Jim Pingle
07:13 AM Bug #12606: ``devd`` is not configured to act on USB interface attach/detach events
That may be the case, but until #9393 is done that is not supported and I don't think we should encourage it. Jim Pingle
05:12 AM Bug #12606: ``devd`` is not configured to act on USB interface attach/detach events
Jim Pingle wrote in #note-3:
> A WAN connectivity failure shouldn't cause the ue0 interface to disappear and reappea... Viktor Gurov
05:48 AM pfSense Packages Bug #8827 (New): Squidguard: ACL redirect modes 'redirect' and 'err page' send unresolvable URLs to the client.
This bugfix is reverted in #11738 Viktor Gurov
05:10 AM pfSense Packages Bug #8827 (Assigned): Squidguard: ACL redirect modes 'redirect' and 'err page' send unresolvable URLs to the client.
Tested on 21.05_p2
With redirect mode 'ext url redirect' I still got
_The following error was encountered while try... Azamat Khakimyanov
04:43 AM pfSense Packages Bug #12623 (Closed): acme.sh package | DNS-ISPConfig settings
We are running a pfSense 2.5.2 on a qemu based virtual machine.
The acme.sh package is used to generate LetsEncryp... Karsten Deubert
04:11 AM pfSense Packages Bug #6339 (Resolved): OpenVPN Client Export package option for "Use Microsoft Certificate Storage" does not specify which certificate to use
Tested on 21.05_2 and on 22.01-BETA (built on Mon Dec 20 06:23:28 UTC 2021
I see that OpenVPN Client Export packa... Azamat Khakimyanov

12/20/2021

04:39 PM Regression #12622 (Resolved): Kernel panic when using ``fq_pie`` limiter scheduler
When ever i try and use the limiter scheduler fq_pie pfsense crashes with a page fault.
I can recover by disabling t... Anonymous
02:39 PM Bug #12621 (Closed): Fix rare case where /getstats.php might be called without valid post data.
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/518 Christian McDonald
02:18 PM pfSense Docs Todo #12596 (Feedback): OpenVPN Site to Site configuration examples should note to change the inactive value
Done: https://gitlab.netgate.com/docs/pfSense-docs/-/commit/ab5d1d7e91350e9ddeb1c8c18fc359f67b1bb84d
Note that I d... Jim Pingle
01:14 PM Bug #12620 (Not a Bug): OpenVPN client custom config options: Stripped newlines corrupt config file
Newlines can't be preserved in that field.
Use a semicolon (@;@) anywhere you need a newline. Jim Pingle
12:55 PM Bug #12620 (Not a Bug): OpenVPN client custom config options: Stripped newlines corrupt config file
In the OpenVPN client config, in order to use tls-crypt-v2,
I uncheck "Leave TLS Key":
Cryptographic Settings -> ... Doobie Brother
12:14 PM Regression #12615: MAC passthrough does not work on the latest snapshot
maybe related to https://github.com/pfsense/pfsense/commit/9dac41af43a5b977a604098688776987c4f76722 Viktor Gurov
10:47 AM pfSense Docs Correction #12598 (Feedback): Alias use with static routes
Updated:
https://gitlab.netgate.com/docs/pfSense-docs/-/commit/51f70a82f9338da60dc485ac03da9c8ca5e143e3 Jim Pingle
10:37 AM Todo #12619 (Resolved): Restart services on interface changes
In addition to https://github.com/pfsense/pfsense/commit/da836151dbd6dff0f8759ef165b24e0e173b078e
@interface_bring_d... Viktor Gurov
09:35 AM Regression #12617 (Feedback): Dynamic DNS client updates using a private IP address when it cannot determine the public IP address
Applied in changeset commit:070fb1a8868bdb780952d2d3532a6059c97bd677. Viktor Gurov
09:25 AM Regression #12617 (Pull Request Review): Dynamic DNS client updates using a private IP address when it cannot determine the public IP address
Jim Pingle
06:01 AM Regression #12617: Dynamic DNS client updates using a private IP address when it cannot determine the public IP address
fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/517 Viktor Gurov
09:23 AM Regression #11570 (Pull Request Review): Gateway monitoring services is not always restarted on interface events, which may prevent a WAN from recovering back to an online state
Jim Pingle
04:37 AM Regression #11570: Gateway monitoring services is not always restarted on interface events, which may prevent a WAN from recovering back to an online state
Partially fixed in https://github.com/pfsense/pfsense/commit/da836151dbd6dff0f8759ef165b24e0e173b078e
+ fix:
http... Viktor Gurov
09:19 AM Bug #12003 (Pull Request Review): Pie and ``fq_pie`` are missing options and do not handle floating point number input correctly
Jim Pingle
07:41 AM pfSense Packages Bug #12475: OpenVPN Client Export does not show certificate without private key
Jim Pingle wrote in #note-5:
> Denis Grilli wrote in #note-4:
> > Can I ask why this fix is not on the public git r... Denis Grilli
07:38 AM pfSense Packages Bug #12475: OpenVPN Client Export does not show certificate without private key
Denis Grilli wrote in #note-4:
> Can I ask why this fix is not on the public git repository?
It hasn't been merge... Jim Pingle
07:28 AM pfSense Packages Bug #12475: OpenVPN Client Export does not show certificate without private key
Can I ask why this fix is not on the public git repository? Denis Grilli
05:43 AM Bug #11960: Gateway Monitoring Traffic Goes Out Default Gateway
Should be fixed in https://github.com/pfsense/pfsense/commit/da836151dbd6dff0f8759ef165b24e0e173b078e Viktor Gurov
03:49 AM pfSense Packages Feature #11022 (Resolved): Add feeds from Firebog.net to pfBlockerNG
pfBlockerNG-devel is the current active branch, there is no needs to test pfBlockerNG Viktor Gurov

12/19/2021

09:27 PM Bug #12003: Pie and ``fq_pie`` are missing options and do not handle floating point number input correctly
https://github.com/pfsense/pfsense/pull/4549 Anonymous
09:24 PM Bug #12003: Pie and ``fq_pie`` are missing options and do not handle floating point number input correctly
Latest patch fixes some fq_pie setting showing up in none fq_pie limiters. Anonymous
02:58 PM Feature #12618 (Duplicate): Support for Network Time Security for NTP (RFC 8915)
Duplicate of #8149 Viktor Gurov
09:47 AM Feature #12618 (Duplicate): Support for Network Time Security for NTP (RFC 8915)
Please add support for NTS, the Network Time Security for the Network Time Protocol, RFC 8915.
NTPSec, a hardened ... Adrian Zaugg

12/18/2021

04:59 PM Bug #7152: Unbound / DNS Resolver issue if "Register DHCP static mappings in the DNS Resolver" set before wildcard DNS custom options
Tested this on 2.5.2. Unable to reproduce issue any longer. This was likely resolved in a previous unbound update. Kris Phillips
04:41 PM Bug #5849: Routing fail on CARP IPsec
I haven't been able to reproduce this on the latest pfSense versions. Perhaps this functionality was improved in new... Kris Phillips
04:38 PM pfSense Packages Bug #12260: Update popup and version missmatch?
Freshports has 5.0 available in it. We should update ntop to the new version. Kris Phillips
04:32 PM Bug #7235: 4860 has not got significant IPsec performance rising with enabled HW acceleration
Sean McBride wrote in #note-2:
> I have a 4860 running newest pfsense, and I use IPSec. How could I do performance ... Kris Phillips
04:15 PM pfSense Packages Feature #11022: Add feeds from Firebog.net to pfBlockerNG
pfBlockerNG does not have a feeds section, but pfBlockerNG-devel 3.1.0 has a feeds list which now include firebog - S... Jordan G
02:58 PM Feature #12316 (Resolved): Include firewall rules generated from OpenVPN RADIUS ACL entries in status output
Tested on
2.6.0-BETA (amd64)
built on Fri Dec 17 17:03:58 UTC 2021
FreeBSD 12.3-STABLE
I see the OpenVPN-Gene... Max Leighton
02:56 PM Feature #12321 (Resolved): Pop-up window to view firewall rules generated from RADIUS ACL entries on the OpenVPN status page
Tested on
2.6.0-BETA (amd64)
built on Fri Dec 17 17:03:58 UTC 2021
FreeBSD 12.3-STABLE
I can see the RADIUS A... Max Leighton
11:12 AM Bug #12614 (Resolved): Pushover notifications fail
Tested against the:... Danilo Zrenjanin

12/17/2021

09:33 PM Feature #12342 (Resolved): Dynamic DNS client proxy support

check box is shown up if Proxy URL is added in Proxy Support.
2.6.0.b.20211217.1435
 Alhusein Zawi
01:44 PM Bug #12374 (Resolved): Update python to address vulnerabilities < 3.8.12
22.01.b.20211216.1427 and 2.6.0.b.20211217.1435 uses python38-3.8.12_1 Viktor Gurov
01:42 PM Bug #12434 (Resolved): Multiple cURL Vulnerabilities
Viktor Gurov
01:32 PM Bug #12614 (Feedback): Pushover notifications fail
Merged Viktor Gurov
08:22 AM Bug #12614 (Pull Request Review): Pushover notifications fail
Jim Pingle
08:00 AM Bug #12614: Pushover notifications fail
fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/514 Viktor Gurov
07:41 AM Bug #12614 (Resolved): Pushover notifications fail
https://forum.netgate.com/topic/168178/pushover-notifications-fail-to-work:... Viktor Gurov
12:24 PM Regression #12617 (Closed): Dynamic DNS client updates using a private IP address when it cannot determine the public IP address
Under some conditions the dyndns up client can send a private IP address even though 'Use public IP' is set.
For e... Steve Wheeler
11:28 AM Feature #12616: Option to filter state table contents by rule ID
See also: https://redmine.pfsense.org/issues/12092 Utilize new ``pfctl`` ability to kill states by label Steve Wheeler
11:28 AM Feature #12616 (Resolved): Option to filter state table contents by rule ID
The Diag > States page can already filter by ruleid but only when the page is called with that via the firewall rules... Steve Wheeler
10:49 AM Bug #12585: ``rc.notify_message`` only sends notifications via SMTP
Updating subject for release notes. Jim Pingle
10:48 AM Bug #12589: Dynamic DNS updates do not respect certificate authority trust store
Updating subject for release notes. Jim Pingle
10:47 AM Bug #12352: Update Dynamic DNS code for one.com to use their new login process
Updating subject for release notes. Jim Pingle
09:36 AM Regression #12615: MAC passthrough does not work on the latest snapshot
ipfw show output:... Viktor Gurov
09:01 AM Regression #12615 (Resolved): MAC passthrough does not work on the latest snapshot
CP login page always appears
config.xml is ok:... Viktor Gurov
08:46 AM Bug #11142: rc.newwanip restarts VPN services when the IP matches
original user issue:
"We've noticed every X hours that services restart on our pfSense FW and this results in people... Viktor Gurov
08:31 AM Bug #12590 (Pull Request Review): Dynamic DNS custom IPv6 service fails on 6rd tunnels
Jim Pingle
08:25 AM Bug #12590: Dynamic DNS custom IPv6 service fails on 6rd tunnels
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/515 Viktor Gurov
07:37 AM Bug #12612 (Pull Request Review): DNS Resolver is restarted during every ``rc.newwanip`` event even for interfaces not used in the resolver
Jim Pingle
06:46 AM Bug #12612: DNS Resolver is restarted during every ``rc.newwanip`` event even for interfaces not used in the resolver
fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/513 Viktor Gurov
06:33 AM Bug #12612 (Resolved): DNS Resolver is restarted during every ``rc.newwanip`` event even for interfaces not used in the resolver
Regardless of the use of the interface in the DNS Resolver configuration, it's restarted at every rc.newwanip event
... Viktor Gurov
07:36 AM Bug #12611 (Pull Request Review): SNMP daemon is restarted during every ``rc.newwanip`` event
Jim Pingle
06:29 AM Bug #12611: SNMP daemon is restarted during every ``rc.newwanip`` event
fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/512 Viktor Gurov
05:41 AM Bug #12611 (Resolved): SNMP daemon is restarted during every ``rc.newwanip`` event
Regardless of the use of the interface in the SNMP daemon configuration, it's restarted at every rc.newwanip event
... Viktor Gurov
07:35 AM Bug #12610 (Pull Request Review): Dynamic DNS services are restarted at every rc.newwanip event, regardless of whether the IP is changed or not
Jim Pingle
05:34 AM Bug #12610: Dynamic DNS services are restarted at every rc.newwanip event, regardless of whether the IP is changed or not
fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/511 Viktor Gurov
05:27 AM Bug #12610 (Duplicate): Dynamic DNS services are restarted at every rc.newwanip event, regardless of whether the IP is changed or not
They should only run on the new/changed IP address Viktor Gurov
07:32 AM Bug #12609 (Pull Request Review): IGMP Proxy server is restarted during every ``rc.newwanip`` event
Jim Pingle
05:25 AM Bug #12609: IGMP Proxy server is restarted during every ``rc.newwanip`` event
fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/510 Viktor Gurov
03:51 AM Bug #12609 (Resolved): IGMP Proxy server is restarted during every ``rc.newwanip`` event
Regardless of the use of the interface in the IGMP Proxy configuration, it's restarted at every rc.newwanip event
... Viktor Gurov
07:25 AM Bug #12613 (Resolved): DNS Resolver does not restart during link up/down events on a static IP address interface
How to reproduce:
1) Configure the interface with Static IPv4
2) Select this interface in the "Network Interfaces... Viktor Gurov

12/16/2021

03:46 PM Bug #11142: rc.newwanip restarts VPN services when the IP matches
Pretty sure this breaks gateway monitoring when the WAN comes back on the same IP.
See https://redmine.pfsense.org... Scott Silver
03:46 PM Regression #11570: Gateway monitoring services is not always restarted on interface events, which may prevent a WAN from recovering back to an online state
Note that https://redmine.pfsense.org/issues/11142 was the bug that someone fixed that tries to solve some other prob... Scott Silver
01:03 PM Regression #11570: Gateway monitoring services is not always restarted on interface events, which may prevent a WAN from recovering back to an online state
I think I may have tracked down one of the problems here. It seems that pfSense is forgetting to reset the gateway mo... Scott Silver
03:14 PM pfSense Packages Bug #12608 (New): WireGuard tunnels monitored by dpinger causing system to stop routing completely in certain situations
Current workaround is to disable gateway monitoring on WireGuard tunnel gateways.
(I will be noting observations h... Christian McDonald
02:34 PM Regression #12581: Non Link-Local IPv6 CARP address does not get advertised to endpoints with RADVD
Please note: RFC compliant clients *must not* accept a router unless it is a link-local address (see "RFC4861 section... znerol znerol
01:15 PM pfSense Plus Bug #12607 (Closed): Instability with Snort Inline with AWS Instances
The ena driver seems to have instability when enabling inline snort. Because AWS is behind NAT Legacy mode is not vi... Kris Phillips
01:15 PM Bug #12589 (Feedback): Dynamic DNS updates do not respect certificate authority trust store
Applied in changeset commit:7054b63fc56fec307577c978d10f88e552141e53. Viktor Gurov
12:35 PM Bug #12589 (Pull Request Review): Dynamic DNS updates do not respect certificate authority trust store
Jim Pingle
12:31 PM Bug #12589: Dynamic DNS updates do not respect certificate authority trust store
fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/509 Viktor Gurov
12:42 PM Bug #11416: OpenVPN IPv4 Tunnel Network incorrectly allows hostnames
Yes, I can confirm it's not fixed yet.
Tested against:... Danilo Zrenjanin
12:33 PM Feature #12325 (Resolved): IPv6 support for base system SNMP service
Tested against:... Danilo Zrenjanin
12:07 PM Bug #11764 (Pull Request Review): IPv6 link local gateway default status not indicated in GUI
Jim Pingle
11:58 AM Bug #11764: IPv6 link local gateway default status not indicated in GUI
it's better to have a separate fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/508 Viktor Gurov
05:01 AM Bug #11764: IPv6 link local gateway default status not indicated in GUI
fix in https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/336#note_46591 Viktor Gurov
11:20 AM Bug #12604 (Feedback): IPv6 interface prefix change not reflected in RADVD configuration
Applied in changeset commit:fc31c0dd22d5212c22696ec24f8ab174f22279bb. Viktor Gurov
10:30 AM Bug #12604 (Pull Request Review): IPv6 interface prefix change not reflected in RADVD configuration
Jim Pingle
06:06 AM Bug #12604: IPv6 interface prefix change not reflected in RADVD configuration
fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/505 Viktor Gurov
05:23 AM Bug #12604 (Resolved): IPv6 interface prefix change not reflected in RADVD configuration
https://forum.netgate.com/topic/168410/ipv6-prefix-change-not-reflected-in-ra-messages:
"This may pre-date 20211210,... Viktor Gurov
11:18 AM Bug #11960: Gateway Monitoring Traffic Goes Out Default Gateway
James Blanton wrote in #note-3:
> UPDATE! Bug only exists upon "link down"
Unable to reproduce on 22.01.b.2021121... Viktor Gurov
10:10 AM Bug #12606: ``devd`` is not configured to act on USB interface attach/detach events
A WAN connectivity failure shouldn't cause the ue0 interface to disappear and reappear, though. Unless that's a new m... Jim Pingle
09:24 AM Bug #12606: ``devd`` is not configured to act on USB interface attach/detach events
Jim Pingle wrote in #note-1:
> Since we do not support hotplugging interfaces and a USB interface couldn't be assign... Viktor Gurov
08:25 AM Bug #12606: ``devd`` is not configured to act on USB interface attach/detach events
Since we do not support hotplugging interfaces and a USB interface couldn't be assigned and unplug/replug like that, ... Jim Pingle
08:20 AM Bug #12606 (Resolved): ``devd`` is not configured to act on USB interface attach/detach events
There us no rc.linkup events on USB modem attach/detach:
Detach:... Viktor Gurov
08:24 AM pfSense Plus Feature #12546: Add 2FA Support to pfSense Plus Local Database Authentication
Yes please! Eyvind Baadnes
08:23 AM Feature #4242: Two Factor or OTP Authentication for Admin Interface
We would like to see this implemented. This year we have seen a big increase from companies requiring this feature. A... Eyvind Baadnes
07:47 AM Regression #12605 (Resolved): ``diag_dump_states.php`` no longer filters by rule ID
The webgui state table output can be filtered by rule ID by calling it directly, for example:
https://26dev.stevew.l... Steve Wheeler
05:11 AM Feature #12416 (Resolved): Support OpenVPN ``client-kill`` to terminate remote clients instead of clearing their session
Tested again. This time against:... Danilo Zrenjanin
04:36 AM Bug #11662 (Resolved): QinQ using OpenVPN ``ovpn`` interface as a parent is not configured at boot time
I have overseen the fact that OpenVPN must be in TAP mode.
Tested QinQ with OpenVPN in TAP mode as a parent interf... Danilo Zrenjanin
03:17 AM Bug #11662: QinQ using OpenVPN ``ovpn`` interface as a parent is not configured at boot time
I replicated the issue on the following:... Danilo Zrenjanin
03:27 AM Feature #11496 (Resolved): Support for NTP Peer mode
Tested against:... Danilo Zrenjanin
02:50 AM Bug #10513: State issues with policy routing and HA failover
Tested in 2.5.2. This seems to still be a big issue.
pfSync is basically useless on a Multi-WAN setup, all states fr... Jose Duarte

12/15/2021

01:08 PM Bug #12352 (Feedback): Update Dynamic DNS code for one.com to use their new login process
Merged Viktor Gurov
12:28 PM Todo #12601 (Pull Request Review): Optimize fw rules load on boot
Jim Pingle
12:20 PM Todo #12601: Optimize fw rules load on boot
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/504 Viktor Gurov
10:53 AM Todo #12601: Optimize fw rules load on boot
see also #12335 Viktor Gurov
10:53 AM Todo #12601 (Closed): Optimize fw rules load on boot
https://github.com/pfsense/pfsense/blob/master/src/etc/rc.bootup#L268-L274:... Viktor Gurov
11:00 AM Feature #12602 (New): DHCPv6 should allow DDNS Client updates for hosts
There is already a DDNS Option in the DHCPv6-Server but it can't be used together with the DDNS Client(s) in services... Bob Dig
10:45 AM Feature #12600 (New): allow custom mask for a network alias created from a FQDN
This is not IPv6 specific:
It would be nice if a network alias created from a FQDN could have a mask other then /128... Bob Dig
06:23 AM Bug #12003: Pie and ``fq_pie`` are missing options and do not handle floating point number input correctly
https://github.com/pfsense/pfsense/pull/4548 Viktor Gurov
06:23 AM Bug #12579: Utilize ``dnctl(8)`` to apply limiter changes without a filter reload
1) #12003 should be merged first
2) Converting ipfw -> dnctl is not that difficult, but @dnctl(8)@ needs the "-f" op... Viktor Gurov

12/14/2021

07:20 PM pfSense Docs Correction #12598 (Closed): Alias use with static routes
The warning about using aliases for static routes no longer applies after the fixes in 22.01. There is still somethin... Marcos M
06:53 PM pfSense Docs New Content #12597: How to reset IPMI settings and password for Netgate appliances
General steps:
Load kernel module
# kldload ipmi
Reset password
# ipmitool user list
# ipmitool user set passw... Marcos M
06:50 PM pfSense Docs New Content #12597 (Resolved): How to reset IPMI settings and password for Netgate appliances
For cases in which the password is lost (e.g. label is worn out) or settings need to be reset to something specific, ... Marcos M
06:42 PM pfSense Docs Todo #12596 (Closed): OpenVPN Site to Site configuration examples should note to change the inactive value
For site to site OpenVPN configurations, the expectation is that the VPN will stay established. Since the default val... Marcos M
10:25 AM Bug #12588: Automatic rule tracker IDs incorrect after multiple filter reloads
Updating subject for release notes. Jim Pingle
08:19 AM Bug #12588: Automatic rule tracker IDs incorrect after multiple filter reloads
Looks good. Systems that were coming up incorrectly numbered at boot every time are no longer doing so with that patc... Steve Wheeler
08:00 AM Bug #12588 (Feedback): Automatic rule tracker IDs incorrect after multiple filter reloads
Applied in changeset commit:2fbbd1642e23c6c27ca27b73a556e25919d9c490. Jim Pingle
07:44 AM Bug #12588: Automatic rule tracker IDs incorrect after multiple filter reloads
The easiest way to replicate is to run:... Jim Pingle
07:43 AM Bug #12588: Automatic rule tracker IDs incorrect after multiple filter reloads
This can happen if @filter_configure_sync()@ runs twice and @filter.inc@ is only loaded once. The tracker variables a... Jim Pingle
09:07 AM Todo #12556: Comply with current iteration standards when encrypting and decrypting configuration files
Jim Pingle wrote in #note-7:
> Old backups can be restored what would fail is new backups made with different iterat... Phil Wardt
07:22 AM pfSense Packages Bug #11054 (Assigned): Check Client Certificate CN not working as described
Tested on 21.05_2 and on 22.01-DEVELOPMENT (built on Tue Dec 14 06:23:27 UTC 2021)
I can't make EAP-TLS working fo... Azamat Khakimyanov

12/13/2021

07:29 PM Bug #12590 (Resolved): Dynamic DNS custom IPv6 service fails on 6rd tunnels
I use a "Custom" DDNS service to register my dynamic home IP address as a subdomain of my dedicated server domain. T... Daniel Engel
06:53 PM Bug #12589 (Closed): Dynamic DNS updates do not respect certificate authority trust store
I use a "Custom" DDNS service to register my dynamic home IP address as a subdomain of my dedicated server domain (st... Daniel Engel
06:02 PM Bug #12588 (Resolved): Automatic rule tracker IDs incorrect after multiple filter reloads
In some circumstances the generated ruleset is created with unexpected tracker ID values at boot.
The values seen ... Steve Wheeler
01:20 PM Bug #12584 (Feedback): ``rc.carpmaster`` only sends notifications via SMTP
Applied in changeset commit:02fcba75a005621591fe420d1301922109f70d1d. Viktor Gurov
08:02 AM Bug #12584 (Pull Request Review): ``rc.carpmaster`` only sends notifications via SMTP
Jim Pingle
01:20 PM Bug #12585 (Feedback): ``rc.notify_message`` only sends notifications via SMTP
Applied in changeset commit:61a326a45e72fc17fd84e103964f257fe176056f. Viktor Gurov
08:06 AM Bug #12585 (Pull Request Review): ``rc.notify_message`` only sends notifications via SMTP
Jim Pingle
11:36 AM Bug #12587 (Rejected): Ipsec lost trafic and status failed
There is not enough information here to classify this as a bug, though many IPsec issues have already been addressed ... Jim Pingle
11:32 AM Bug #12587: Ipsec lost trafic and status failed
ADMIN Please remove the image IPs Ricardo ot
11:19 AM Bug #12587 (Rejected): Ipsec lost trafic and status failed
I have a problem with an Ipsec tunnel.
I have a tunnel established between a Pfsense 2.5.2 and a Checkpoint and when... Ricardo ot
09:02 AM pfSense Packages Bug #12258 (Feedback): Copy key buttons only work in HTTPS mode
Christian McDonald
08:00 AM Todo #12556: Comply with current iteration standards when encrypting and decrypting configuration files
Old backups can be restored what would fail is new backups made with different iteration counts. A backup made on a c... Jim Pingle
07:52 AM Bug #12583 (Rejected): Static route overlap validation check
Overlapping routes of different sizes are valid. The more specific route will be chosen when possible. Jim Pingle
07:42 AM Regression #12582 (Pull Request Review): RADVD can be started on both HA nodes when configured with an IPv6 link-local address
Jim Pingle
07:38 AM Feature #12586 (Rejected): New widget for States
There is a reason we haven't done this already, it doesn't scale and is likely to cause problems.
Reading the stat... Jim Pingle
05:48 AM pfSense Packages Bug #12260: Update popup and version missmatch?
Maybe of interest to let you know that this is also experienced on pfSense+ 21.05.2-RELEASE (arm) R. B.

12/11/2021

08:14 PM Bug #7235: 4860 has not got significant IPsec performance rising with enabled HW acceleration
I have a 4860 running newest pfsense, and I use IPSec. How could I do performance measurements? Sean McBride
08:10 PM Bug #7235: 4860 has not got significant IPsec performance rising with enabled HW acceleration
The 4860 is end of sale and end of support, so may be time to put this one to bed regardless. We should re-run perfo... Kris Phillips
08:14 PM Bug #7387: New Traffic Graph in dashboard resets inverted view to normal view
Tested in 21.05.2:
Opened two tabs, one on Status --> Monitoring and one in Status --> Dashboard with the Traffic ... Kris Phillips
08:03 PM Bug #3796: States summary fails and is very slow with large state tables
Probably a better solution to this would be to limit the number of states displayed and have a multi-page view or hav... Kris Phillips
07:59 PM Bug #4604: NTP time server entries may or may not work, depending upon interfaces selected when configuring NTP service
I'm not able to recreate this issue on the latest versions of pfSense Plus. I suspect similar on CE. Likely this bu... Kris Phillips
07:51 PM Bug #1738: Restore fails when username in backup is not matching
In what situation would this issue present itself? If you're restoring a config file from a previous install to a fr... Kris Phillips
07:46 PM Bug #4451: Status DHCP Leases shows double entries for static entries without IP address
This is still the case today in pfSense Plus 21.05.2 and likely in pfSense CE 2.5.2. See attached screenshot. Kris Phillips
07:43 PM Bug #1667: L2TP server does not respond properly from a CARP VIP
Since we don't recommend L2TP for new IPSec VPN setups, this can likely be closed as Rejected. No point in keeping i... Kris Phillips
05:17 PM Bug #12543: Deleteing a Outbound NAT rule gave me an empty rule and displayed php error in UI.
I also was not able to reproduce this. This bug report should be marked as Feedback until we can determine the steps... Kris Phillips
07:51 AM Bug #12543: Deleteing a Outbound NAT rule gave me an empty rule and displayed php error in UI.
I couldn't replicate it either.
I created/deleted duplicate entries with no issues in Manual/Hybrid mode.
We w... Danilo Zrenjanin
05:13 PM Feature #12466: Option to Disable Renegotiation timer in OpenVPN Server
Kris Phillips wrote in #note-3:
> Viktor Gurov wrote in #note-2:
> > openvpn(8):
> > [...]
>
> Since the option... Kris Phillips
05:08 PM pfSense Packages Bug #8258 (Resolved): BIND responds with SERVFAIL when adding/changing records if 'allow-update' is configured for a zone
I tested this with BIND 9.16_11. I can add or change records without issues while allow-updates is set to localnets. ... Max Leighton
04:03 PM pfSense Packages Bug #12533 (Resolved): extra rules incorrect input validation
Tested with Suricata 6.0.3_4. I was able to download and use extra ruleset with and without MD5 check selected. Marki... Max Leighton
03:25 PM Feature #12586: New widget for States
ToDo: Documentation would also need new Widget entry.
https://docs.netgate.com/pfsense/en/latest/monitoring/dashboard... Patrick Mueller
03:22 PM Feature #12586: New widget for States
Added PR: https://github.com/pfsense/pfsense/pull/4547 Patrick Mueller
03:19 PM Feature #12586 (Rejected): New widget for States
Allow to display current states on Dashboard via a small widget.
Common settings which are also available in diag_... Patrick Mueller
08:40 AM Bug #12585: ``rc.notify_message`` only sends notifications via SMTP
fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/498 Viktor Gurov
08:39 AM Bug #12585 (Resolved): ``rc.notify_message`` only sends notifications via SMTP
/etc/rc.notify_message should use @notify_all_remote()@ to send messages via telegram/pushover/slack too Viktor Gurov
08:23 AM Bug #12584: ``rc.carpmaster`` only sends notifications via SMTP
fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/497 Viktor Gurov
08:20 AM Bug #12584 (Resolved): ``rc.carpmaster`` only sends notifications via SMTP
/etc/rc.carpmaster uses @notify_via_smtp()@ to send the 'HA cluster member "(<iface>): (<iface_descr>)" has resumed C... Viktor Gurov
07:38 AM Todo #12556: Comply with current iteration standards when encrypting and decrypting configuration files
Viktor Gurov wrote in #note-3:
> Phil Wardt wrote in #note-2:
> > I added a note in github
> > Obviously, the curr... Phil Wardt
07:30 AM Todo #12556: Comply with current iteration standards when encrypting and decrypting configuration files
Viktor Gurov wrote in #note-3:
> Phil Wardt wrote in #note-2:
> > I added a note in github
> > Obviously, the curr... Phil Wardt
02:21 AM Todo #12556: Comply with current iteration standards when encrypting and decrypting configuration files
Viktor Gurov wrote in #note-3:
> Phil Wardt wrote in #note-2:
> > I added a note in github
> > Obviously, the current... Phil Wardt
07:26 AM Bug #12583 (Rejected): Static route overlap validation check
It's allowed to add a static route to a network's subnet/supernet used in the existing static route.
e.g.,
... Danilo Zrenjanin
07:05 AM Bug #12554 (Resolved): Route overlap input validation does not work properly
Tested against:... Danilo Zrenjanin
06:32 AM Feature #12290 (Resolved): Add ``librdkafka`` package to the pfSense package repository
Tested against:... Danilo Zrenjanin
06:18 AM Regression #12582: RADVD can be started on both HA nodes when configured with an IPv6 link-local address
Upstream issue: https://github.com/radvd-project/radvd/issues/162 znerol znerol
06:03 AM Regression #12582: RADVD can be started on both HA nodes when configured with an IPv6 link-local address
h3. Theory
It is in fact expected behavior that @radvd@ is starting on both hosts. @radvd@ is supposed to send RAs... znerol znerol
05:48 AM Regression #12582: RADVD can be started on both HA nodes when configured with an IPv6 link-local address
fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/496 Viktor Gurov
05:33 AM Regression #12582 (Resolved): RADVD can be started on both HA nodes when configured with an IPv6 link-local address
If IPv6 link-local address is used as `rainterface`, the status of the CARP VIP is not checked (@get_carp_interfaces_... Viktor Gurov
05:47 AM Bug #12575 (Resolved): IPsec Mobile Client RADIUS Advanced parameters are not reset to default values when disabled
Tested against:... Danilo Zrenjanin
04:05 AM Bug #12572 (Resolved): Log entries from ``acbupload.php`` are missing the upload URL
I couldn't replicate the issue on the 2.5.2 release.
Here are the logs:... Danilo Zrenjanin
03:45 AM Regression #12581: Non Link-Local IPv6 CARP address does not get advertised to endpoints with RADVD
Just forgot the traceroute...
Command: tracert -d -6 www.google.com
Tracing route to www.google.com [2a00:1450:... Patrick U
03:38 AM Regression #12581: Non Link-Local IPv6 CARP address does not get advertised to endpoints with RADVD
Hi Viktor,
It did work with the previous version 2.5.0 as designed.
Just like with 2.5.0 and earlier version, I... Patrick U
02:17 AM Regression #12581: Non Link-Local IPv6 CARP address does not get advertised to endpoints with RADVD
Patrick U wrote:
> With feature #11103 a fix is made to exclude "AdvRASrcAddress" section in the RADVD.CONF file and... Viktor Gurov
03:08 AM Feature #12035 (Resolved): Input validation to prevent unsupported UTF-8 characters from being used in certificate subject components
Tested against:... Danilo Zrenjanin

12/10/2021

04:55 PM Feature #12091: RFE: Add support for sssd authentication
I was very disappointed to see that sssd disappeared from the pfSense repository. Is there any chance it could be ad... Orion Poplawski
12:57 PM pfSense Docs Correction #12578 (Closed): Invalid video links
I fixed it manually in the releng/v22.01 branch first then picked back to avoid potential merge conflicts. Jim Pingle
11:10 AM Regression #12581 (Resolved): Non Link-Local IPv6 CARP address does not get advertised to endpoints with RADVD
With feature #11103 a fix is made to exclude "AdvRASrcAddress" section in the RADVD.CONF file and use the IPv6 link-l... Patrick U
10:22 AM Feature #12184: GUI options to configure IKE retransmission behavior
Updating subject for release notes. Jim Pingle
10:21 AM Bug #12572: Log entries from ``acbupload.php`` are missing the upload URL
Updating subject for release notes. Jim Pingle
10:12 AM Bug #12572: Log entries from ``acbupload.php`` are missing the upload URL
Updating subject for release notes. Jim Pingle
10:20 AM Feature #12290: Add ``librdkafka`` package to the pfSense package repository
Updating subject for release notes. Jim Pingle
10:19 AM Feature #12518: Restore RRD and extra data from configuration backups when restoring during installation
Updating subject for release notes. Jim Pingle
10:18 AM Bug #12575: IPsec Mobile Client RADIUS Advanced parameters are not reset to default values when disabled
Updating subject for release notes. Jim Pingle
10:13 AM Bug #12566: IPsec initiates on HA backup node when a tunnel interface is set to a gateway group
Updating subject for release notes. Jim Pingle
09:54 AM Todo #12556: Comply with current iteration standards when encrypting and decrypting configuration files
Phil Wardt wrote in #note-2:
> I added a note in github
> Obviously, the current GUI will not be able to decode old... Viktor Gurov
09:07 AM Bug #11960: Gateway Monitoring Traffic Goes Out Default Gateway
Looks like a duplicate of #11570 Viktor Gurov
09:00 AM Bug #11692 (Pull Request Review): ``fixup_default_gateway()`` should not remove a default gateway managed by a dynamic routing daemon
Viktor Gurov
07:17 AM pfSense Docs Todo #12577 (Rejected): Feedback on pfSense Configuration Recipes — Virtualizing with Proxmox® VE
> - "Apply Configuration" after adding vmbr1 and vmbr2. You mention a reboot might be necessary, but in my experience... Jim Pingle
04:27 AM pfSense Plus Bug #12580 (Duplicate): IPsec Status - incorrect match
Duplicate of #11910 Viktor Gurov
04:08 AM pfSense Plus Bug #12580 (Duplicate): IPsec Status - incorrect match
Netgate XG-7100
Serial: 1916200092
Version: 21.05.2-RELEASE (amd64)
If you are using mutliple Routed IPsec tunne... Georgian Matei
01:28 AM Bug #12579 (Resolved): Utilize ``dnctl(8)`` to apply limiter changes without a filter reload
FreeBSD 12.3 introduced a new @dnctl(8)@ utility, which can be used to change limiter parameters without reloading fi... Viktor Gurov
01:21 AM Bug #12003: Pie and ``fq_pie`` are missing options and do not handle floating point number input correctly
Please create a pull request:
https://docs.netgate.com/pfsense/en/latest/development/pull-request.html Viktor Gurov

12/09/2021

11:35 PM pfSense Docs Correction #12578: Invalid video links
fix:
https://gitlab.netgate.com/docs/pfSense-docs/-/merge_requests/26 Viktor Gurov
11:31 PM pfSense Docs Correction #12578 (Closed): Invalid video links
... Viktor Gurov
06:47 PM pfSense Docs Todo #12577 (Rejected): Feedback on pfSense Configuration Recipes — Virtualizing with Proxmox® VE
*Page:* https://docs.netgate.com/pfsense/en/latest/recipes/virtualize-proxmox-ve.html
*Feedback:
Three main thi... David Reitz
06:39 PM Feature #12555 (Resolved): Change Gateway/Group name in firewall rule list to clickable link to edit page for the entry
fixed
link is working if GW is from DHCP
22.01.a.20211209.0600
2.6.0.a.20211209.0600
 Alhusein Zawi

12/08/2021

11:32 PM Bug #11759: Traffic graphs on dashboard double upload on pppoe links
It happens when comparing pppoe traffic and physical interface. Physical shows correct values.
 net blues
11:29 PM Bug #11759: Traffic graphs on dashboard double upload on pppoe links
Viktor Gurov wrote in #note-1:
> no such issue on 22.01.a.20211130.0600
> Traffic graphs show the correct speed
... net blues
12:17 PM pfSense Packages Bug #12487 (Closed): Netgate Firmware Upgrade 0.41.1 offers to upgrade FW version 01.00.00.11 to itself
Luiz Souza
10:57 AM Bug #11226 (Pull Request Review): IPsec VTI phase 2 traffic selectors default to address when defined as a network
Marcos M
09:05 AM Bug #12575 (Feedback): IPsec Mobile Client RADIUS Advanced parameters are not reset to default values when disabled
Merged Viktor Gurov
07:44 AM Bug #12575 (Pull Request Review): IPsec Mobile Client RADIUS Advanced parameters are not reset to default values when disabled
Jim Pingle
03:18 AM Bug #12575: IPsec Mobile Client RADIUS Advanced parameters are not reset to default values when disabled
fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/492 Viktor Gurov
02:24 AM Bug #12575 (Resolved): IPsec Mobile Client RADIUS Advanced parameters are not reset to default values when disabled
The setting Show Advanced RADIUS parameters parameters is not practical. If you enable, set custom values, Save, disa... Viktor Gurov
08:45 AM Bug #12552: "Pull DNS" option within OpenVPN client does not cause pfSense to use DNS servers assigned by remote OpenVPN server
@Viktor Is there anything I can do to further debug this and find a work around? I'd love to help. John Williams

12/07/2021

09:16 PM Bug #11226: IPsec VTI phase 2 traffic selectors default to address when defined as a network
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/493 Marcos M
07:13 PM Bug #5413: Reduce disruptions when changing DNS records from DHCP leases in Unbound
Howdy. Netgate customer here. Hoping that this 'high priority' 6 year old bug gets some love from Netgate-employed de... Jesse Adelman
01:30 PM Feature #12184 (Feedback): GUI options to configure IKE retransmission behavior
Applied in changeset commit:2b6a3712391c681b42d91155459801e28cf33c67. Viktor Gurov
11:59 AM Bug #12574 (Rejected): Intel X710-T2L drivers > 1.12.16 causes error /rc.filter_configure_sync: An error occurred while trying to find the interface ${LINK_LOCAL}
Manually changing drivers isn't supported, thus bug reports based on manual driver changes are not valid.
If it wo... Jim Pingle
11:53 AM Bug #12574 (Rejected): Intel X710-T2L drivers > 1.12.16 causes error /rc.filter_configure_sync: An error occurred while trying to find the interface ${LINK_LOCAL}
When using Intel X710-t2l driver versions greater than 1.12.16, I got the following error:
php-fpm[31639]: /rc.fil... Mike Loiterman
08:28 AM Feature #12555 (Feedback): Change Gateway/Group name in firewall rule list to clickable link to edit page for the entry
Merged Viktor Gurov
07:18 AM Feature #12555 (Pull Request Review): Change Gateway/Group name in firewall rule list to clickable link to edit page for the entry
Jim Pingle
07:50 AM Feature #12518 (Feedback): Restore RRD and extra data from configuration backups when restoring during installation
Applied in changeset commit:7b6a63312ff25e513463f9a429295974b95b4af9. Viktor Gurov
07:35 AM Feature #12518 (Pull Request Review): Restore RRD and extra data from configuration backups when restoring during installation
Jim Pingle
04:33 AM Feature #12518: Restore RRD and extra data from configuration backups when restoring during installation
https://gitlab.netgate.com/pfSense/FreeBSD-src/-/merge_requests/33
https://gitlab.netgate.com/pfSense/pfSense/-/me... Viktor Gurov
07:40 AM Bug #12572 (Feedback): Log entries from ``acbupload.php`` are missing the upload URL
Applied in changeset commit:77b54274202df9a3f1f34781851f794d10ad3f99. Viktor Gurov
07:16 AM Bug #12572 (Pull Request Review): Log entries from ``acbupload.php`` are missing the upload URL
Jim Pingle
07:40 AM Bug #12566 (Feedback): IPsec initiates on HA backup node when a tunnel interface is set to a gateway group
Applied in changeset commit:af9fb2654b22b73b0100b502ab094576b317ba43. Viktor Gurov
07:28 AM Bug #12566 (Pull Request Review): IPsec initiates on HA backup node when a tunnel interface is set to a gateway group
Jim Pingle
02:47 AM Bug #12566: IPsec initiates on HA backup node when a tunnel interface is set to a gateway group
fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/487 Viktor Gurov
07:32 AM Bug #12536 (Pull Request Review): Setting a default gateway of "None" does not remove the default gateway from the routing table
Jim Pingle
03:59 AM Bug #12536: Setting a default gateway of "None" does not remove the default gateway from the routing table
fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/488 Viktor Gurov
07:29 AM pfSense Packages Bug #11366 (Resolved): Arpwatch Cron Notification every 15 minutes
Jim Pingle
03:55 AM pfSense Packages Bug #11366: Arpwatch Cron Notification every 15 minutes
I've checked on 2.5.2 and I see correct value 'disable cron' in /usr/local/arpwatch/sendmail_proxy.php

if ((fals... aleksei prokofiev
07:27 AM Bug #11941 (Pull Request Review): Many ``exec()`` functions do not use full path to executable files
Jim Pingle
01:08 AM Bug #11941: Many ``exec()`` functions do not use full path to executable files
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/486 Viktor Gurov
07:24 AM Bug #11416: OpenVPN IPv4 Tunnel Network incorrectly allows hostnames
I'm not seeing any change in behavior from before here. On a 2.6.0 snapshot I can still enter a host IP address insid... Jim Pingle
12:26 AM Bug #11416: OpenVPN IPv4 Tunnel Network incorrectly allows hostnames
@openvpn_validate_tunnel_network()@ implemented in #2668 do not allow to enter IP addresses
I think this issue can... Viktor Gurov
04:44 AM pfSense Packages Feature #12573: Dashboard widget with external connection map
aleksei prokofiev wrote:
Just download test.html and open in browser.
 aleksei prokofiev
04:34 AM pfSense Packages Feature #12573 (New): Dashboard widget with external connection map
I am working on a code to create a map with all external connections. Now I have a prototype, probably someone will b... aleksei prokofiev
03:59 AM Bug #11692: ``fixup_default_gateway()`` should not remove a default gateway managed by a dynamic routing daemon
fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/488 Viktor Gurov

12/06/2021

11:50 PM Feature #12555 (New): Change Gateway/Group name in firewall rule list to clickable link to edit page for the entry
Gateway link is not always correct if DHCP is used
fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_reques... Viktor Gurov
11:28 PM Bug #12572: Log entries from ``acbupload.php`` are missing the upload URL
fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/484 Viktor Gurov
11:19 PM Bug #12572 (Resolved): Log entries from ``acbupload.php`` are missing the upload URL
... Viktor Gurov
03:41 PM Regression #11570: Gateway monitoring services is not always restarted on interface events, which may prevent a WAN from recovering back to an online state
Does anyone have a good automated workaround? I have Starlink (DHCP) as primary WAN and LTE modem w/ethernet as backu... dave wilson
03:36 PM pfSense Docs Correction #12571 (Closed): 6100 Product Page link lands on 7100 store page
Corrected the link. Doug McIntire
11:43 AM pfSense Docs Correction #12571 (Closed): 6100 Product Page link lands on 7100 store page
On:
https://docs.netgate.com/pfsense/en/latest/solutions/netgate-6100/index.html
The link "Netgate® 6100 Deskto... Patrick Sanderson
12:19 PM pfSense Docs Todo #12569 (Closed): Link to Missing Page/Content
Fixed: https://gitlab.netgate.com/docs/pfSense-docs/-/commit/207dae3168393f5a4e2f837255d923afdb287549
Also updated... Jim Pingle
09:27 AM pfSense Docs Todo #12569 (Closed): Link to Missing Page/Content
Hello folks,
In the pfSense documentation, there is a link to the FreeBSD wiki where the previous page's content i... Andrew Roehm
12:06 PM Bug #12391 (Feedback): Uninitialized config variable in ```interface_assign.php```
Merged:
https://github.com/pfsense/pfsense/commit/71f503d26b11f4f73699ccb47102939368e8967d Viktor Gurov
12:04 PM Feature #12342 (Feedback): Dynamic DNS client proxy support
Merged Viktor Gurov
12:04 PM Feature #12290 (Feedback): Add ``librdkafka`` package to the pfSense package repository
Merged Viktor Gurov
11:41 AM pfSense Docs Correction #12570 (Closed): Active appliance list missing 6100
https://docs.netgate.com/pfsense/en/latest/product-manuals.html
The Netgate 6100 is not listed on the list of acti... Patrick Sanderson
08:17 AM pfSense Packages Bug #11628 (Resolved): ftp-proxy error messages in logs
Jim Pingle
04:15 AM pfSense Packages Bug #11628: ftp-proxy error messages in logs
Checked on 2.5.2 no errors messages when enable/disable ftp-proxy aleksei prokofiev
08:07 AM pfSense Docs New Content #12565: Document new "Duplicate Connection Limit" option on OpenVPN server instances
FYI- Always check the staged version of docs for pending releases to see if new things have already been handled or i... Jim Pingle
08:03 AM Todo #12296 (Resolved): Explicitly state where AutoConfigBackup stores encrypted backup data
Jim Pingle
08:02 AM pfSense Packages Feature #8574 (Resolved): Enable AgentX-support in lldpd using GUI
Jim Pingle
07:53 AM Bug #11599: Modifying static routes results in a logged error, changes are not reflected in routing table
Updating subject for release notes and fixing targets. Jim Pingle
07:52 AM Bug #7547: Static routes using aliases are not automatically updated when alias content changes
Updating subject for release notes and fixing targets. Jim Pingle
07:50 AM Feature #11895: Require user to manually apply changes after altering static route entries
Updating subject for release notes and fixing targets. Jim Pingle
07:48 AM Bug #8390: Input validation does not prevent removing a gateway used by a DNS server
Updating subject for release notes and fixing targets. Jim Pingle
03:17 AM Feature #12567: Add Dynamic DNS support for Name.com
https://github.com/pfsense/pfsense/pull/4546 Viktor Gurov
12:58 AM pfSense Packages Bug #11964 (Resolved): pfBlocker XMLRPC sync CARP interface advskew
Tested on 21.05.2 and on 22.01-DEVELOPMENT (built on Sat Dec 04 06:21:33 UTC 2021)
With 'Enable Sync: Sync to host... Azamat Khakimyanov

12/05/2021

07:53 PM Feature #12567 (Resolved): Add Dynamic DNS support for Name.com
This feature adds the ability to use Name.com DNS as a dynamic DNS service. Oleh S.
05:29 PM Bug #12566 (Closed): IPsec initiates on HA backup node when a tunnel interface is set to a gateway group
On a BACKUP node, when the IPsec deamon is started, any Phase1 configuration which is set to a gateway group will res... Marcos M
05:08 PM Bug #12472 (Resolved): IPsec Keep Alive does not work correctly with gateway groups in HA
Marcos M
05:07 PM Bug #12472: IPsec Keep Alive does not work correctly with gateway groups in HA
FWIW this works correctly now - tested on @22.01.a.20211204.0600@. Marcos M
09:03 AM pfSense Packages Bug #11582 (Resolved): FreeRADIUS XML-RPC Sync doesn't sync all configuration sections
Tested on 21.05.2 and on 22.01-DEVELOPMENT (built on Sat Dec 04 06:21:33 UTC 2021)
With 'Enable Sync: Sync to host... Azamat Khakimyanov

12/04/2021

07:36 PM pfSense Packages Feature #10859 (Resolved): Add avahi filtering feature to pfSense
Can confirm this is now in Avahi in the 2.5.2 repo. Closing as resolved. Kris Phillips
07:36 AM pfSense Packages Feature #10859: Add avahi filtering feature to pfSense
Avahi v2.2 when enabled with enable reflection selected provides text entry box for reflection filtering services and... Jordan G
07:25 PM Feature #12564: add column to show that an Alias is in use by or not
Yes
thats what i meant
 khaled osama
06:13 PM Feature #12564: add column to show that an Alias is in use by or not
Can you clarify this please? Are you referring to an alias under Firewall --> Aliases? If so, these are just lists ... Kris Phillips
08:14 AM Feature #12564 (New): add column to show that an Alias is in use by or not
can you add column to show that an Alias is in used or not
and it is clickable to show where it is used ?
is it a... khaled osama
06:07 PM pfSense Packages Bug #11530 (Feedback): ntopng 4.2 needs to be updated to 4.3, Bug when accessing a host for details
Tested on pfSense CE 2.5.2. Unable to reproduce. I installed, enabled, and went to the ntopng web interface. After... Kris Phillips
04:50 PM pfSense Packages Bug #11530: ntopng 4.2 needs to be updated to 4.3, Bug when accessing a host for details
I'll have to spin up a 2.5.2 install of CE to test this, but pfSense CE 2.6.0 includes ntopng-5.0.d20210923,1, so sho... Kris Phillips
05:51 PM Bug #12543: Deleteing a Outbound NAT rule gave me an empty rule and displayed php error in UI.

what are steps to produce the issue?
I was not able to produce it , deleted duplicated outbound NAT rules withou... Alhusein Zawi
04:36 PM Bug #12544: OpenSSH vulnerabilities
Jim Pingle wrote in #note-2:
> You cannot go by version number alone. FreeBSD typically carries patches for known vu... Kris Phillips
02:37 PM pfSense Docs New Content #12565 (Closed): Document new "Duplicate Connection Limit" option on OpenVPN server instances
Feature from:
https://redmine.pfsense.org/issues/12267
Update:
https://docs.netgate.com/pfsense/en/latest/vpn/pe... Marcos M
02:34 PM Bug #12332: OpenVPN does not clear old Cisco-AVPair anchor rules in some cases
This is much better than what it was previously. There still exists a rare case in which stale anchor rules will pers... Marcos M
01:51 PM Feature #12555 (Resolved): Change Gateway/Group name in firewall rule list to clickable link to edit page for the entry
Tested in
22.01-DEVELOPMENT (amd64)
built on Sat Dec 04 06:21:33 UTC 2021
FreeBSD 12.3-PRERELEASE
The gateway... Max Leighton
01:38 PM Regression #12559 (Resolved): Firewall rule direction indicator is displayed on all interfaces
Tested on
2.6.0-DEVELOPMENT (amd64)
built on Sat Dec 04 06:23:51 UTC 2021
FreeBSD 12.3-PRERELEASE
The arrows ... Max Leighton
10:17 AM Todo #12296: Explicitly state where AutoConfigBackup stores encrypted backup data
Tested against:... Danilo Zrenjanin
08:18 AM pfSense Packages Feature #8574: Enable AgentX-support in lldpd using GUI
with lldpd v0.9.11 and net-snmp v0.1.5_9 installed, lldpd settings offers enable agentx option Jordan G
05:52 AM Feature #11118 (Resolved): Backup and restore SSH host key(s)
Tested against today's release.
It works as expected.
Ticket resolved. Danilo Zrenjanin
04:44 AM Bug #12554 (Feedback): Route overlap input validation does not work properly
Merged Viktor Gurov
02:34 AM Bug #8390 (Resolved): Input validation does not prevent removing a gateway used by a DNS server
I tested against today's development release.
I got an error message and couldn't remove a gateway that was define... Danilo Zrenjanin
 

Also available in: Atom