Project

General

Profile

Activity

From 12/20/2021 to 01/18/2022

01/18/2022

03:10 PM Bug #12694: PHP error when clicking Delete on Outbound NAT with no rules selected
Applied in changeset commit:f783d68bd1708f7845fc21f035b4f3232a6f435d. Jim Pingle
03:09 PM Bug #12694 (Feedback): PHP error when clicking Delete on Outbound NAT with no rules selected
Scott Long
02:40 PM Bug #12694 (Pull Request Review): PHP error when clicking Delete on Outbound NAT with no rules selected
MR with fix: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/569 Jim Pingle
02:31 PM Bug #12694 (In Progress): PHP error when clicking Delete on Outbound NAT with no rules selected
Jim Pingle
01:13 PM Bug #12694 (Resolved): PHP error when clicking Delete on Outbound NAT with no rules selected
After pressing Delete button without selecting any NAT rule I got a PHP crash as follow:... Renato Botelho
11:57 AM Feature #7416: DHCPv4 client does not support ``supersede`` statement for option 54
Fabian Kurtz wrote in #note-6:
> The patch fixed it in OPNSense in 2017. It has been running flawlessly ever since. ... Viktor Gurov
09:45 AM Feature #7416 (Feedback): DHCPv4 client does not support ``supersede`` statement for option 54
This is now available on 2.6/22.01 from upstream.
https://github.com/pfsense/FreeBSD-src/commit/663441de575dbdd382... Marcos M
09:58 AM Feature #12291 (Resolved): Support for Slack notifications
Viktor Gurov
09:57 AM Feature #12291: Support for Slack notifications
Tested with... Christopher Cope
09:13 AM pfSense Packages Bug #12692 (Feedback): Haproxy backend issue
Merged:
https://github.com/pfsense/FreeBSD-ports/commit/0ef44539d3e10f6839ea577873b97756131a92a5 Viktor Gurov
07:19 AM pfSense Packages Bug #12692 (Pull Request Review): Haproxy backend issue
Jim Pingle
04:35 AM pfSense Packages Bug #12692: Haproxy backend issue
fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/171 Viktor Gurov
04:16 AM pfSense Packages Bug #12692 (Resolved): Haproxy backend issue
https://forum.netgate.com/topic/168944/haproxy-backend-issue:
It seems that when not setting HSTS value to something... Viktor Gurov
08:59 AM Bug #12691: Support encrypted ``config.xml`` files when restoring during install
https://gitlab.netgate.com/pfSense/FreeBSD-src/-/merge_requests/51 Viktor Gurov
07:44 AM Regression #12660: High CPU usage due to incorrect gateway on some policy routed states
Not a problem in a release, excluding from release notes. Jim Pingle
07:19 AM pfSense Docs Correction #12693 (Closed): www.pfsense.org/snapshots still shows 2.6.0-DEVELOPMENT
Updated. Jim Pingle
06:07 AM pfSense Docs Correction #12693 (Closed): www.pfsense.org/snapshots still shows 2.6.0-DEVELOPMENT
Should be 2.7.0-DEVELOPMENT
https://www.pfsense.org/snapshots/ Viktor Gurov
06:28 AM pfSense Packages Bug #9500: HAproxy does not delete non-applicable action config
no such issue on pfSense-pkg-haproxy-devel 0.62_7
it may be related to the non-devel haproxy pkg Viktor Gurov
04:44 AM pfSense Packages Bug #9027 (Resolved): HAProxy: Unknown keyword lua-load
Viktor Gurov

01/17/2022

01:47 PM Regression #12622 (Feedback): Kernel panic when using ``fq_pie`` limiter scheduler
Scott Long
01:22 PM Regression #12622 (In Progress): Kernel panic when using ``fq_pie`` limiter scheduler
Scott Long
12:27 PM Bug #12686 (Feedback): Incorrect copyright year
Merged to devel/2.6/22.01 Viktor Gurov
12:22 PM Bug #12677: OpenVPN form validation issues
This has now been picked back to the RC branches for Plus and CE, and will be in the next RC build. Jim Pingle
12:21 PM Regression #12660 (Feedback): High CPU usage due to incorrect gateway on some policy routed states
This has been merged back to the RC branch now, the next RC build will have it included. Jim Pingle
12:07 PM Regression #12688 (Feedback): pppoe won’t connect after upgrade to 2.7.0.a.20220115.0600
Merged:
https://github.com/pfsense/FreeBSD-ports/commit/650a032444e99e9b27c4baf8f45174f757a426bd Viktor Gurov
10:44 AM Regression #12688 (Pull Request Review): pppoe won’t connect after upgrade to 2.7.0.a.20220115.0600
Jim Pingle
08:50 AM Regression #12688: pppoe won’t connect after upgrade to 2.7.0.a.20220115.0600
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/170 Viktor Gurov
08:01 AM Regression #12688: pppoe won’t connect after upgrade to 2.7.0.a.20220115.0600
That'd make sense, because I deliberately waited to merge https://github.com/pfsense/FreeBSD-src/commit/fdcdd81fb82df... Kristof Provost
07:21 AM Regression #12688: pppoe won’t connect after upgrade to 2.7.0.a.20220115.0600
Is this only on 2.7 snapshots and not 2.6-RC?
I have several systems with PPPoE and L2TP WANs in my lab on 2.6 RC ... Jim Pingle
04:26 AM Regression #12688: pppoe won’t connect after upgrade to 2.7.0.a.20220115.0600
seems related to https://github.com/pfsense/FreeBSD-src/commit/fdcdd81fb82dfd8778e2c239162a596a756f236f
https://gi... Viktor Gurov
11:57 AM Regression #11316: Unbound crashes with signal 11 when reloading
There are two problems here.
1. There is no watchdog restarting the unbound service
2. An invalid unbound configu... Ben Ito
09:43 AM pfSense Docs Correction #12689 (Closed): Link fails with 404
Fixed:
https://gitlab.netgate.com/docs/pfSense-docs/-/commit/dc520e089212cfadc4e1e522043efddcd1504612
That link... Jim Pingle
08:47 AM Bug #12614: Pushover notifications fail
this is 2.6 only fix Viktor Gurov
07:27 AM Feature #12687 (Pull Request Review): Option to disable auto-addition of static routes for ``dpinger``
Jim Pingle
06:50 AM Bug #12691 (Resolved): Support encrypted ``config.xml`` files when restoring during install
Add a password prompt to bsdinstall if config.xml is encrypted, and skip it on <ENTER>
see ECL encrypted config.xm... Viktor Gurov
06:48 AM pfSense Packages Bug #11398: pfBlocker upgrade hangs forever
for some reason unbound does not terminated in 30s:... Viktor Gurov
06:43 AM pfSense Packages Bug #11632 (Duplicate): unbound service not restarted on pfBlocker-devel install/reinstall
Viktor Gurov
04:17 AM Bug #12690 (Duplicate): 6RD PPPoE WAN Configuration Broken in 2.7.0-DEVELOPMENT
Duplicate of #12688 Viktor Gurov
04:17 AM Regression #12382: Certificate Depth checking creates OpenVPN micro-outages every time a user authenticates after 2.5.2 upgrade
Viktor Gurov wrote in #note-10:
> > We are also hit with that now and that's only with ~10 users in VPN but as our c... Jens Groh

01/16/2022

04:59 PM Bug #9296: Alias content is sometimes incomplete when an alias contains both FQDN and IP address entries
I use 2.5.2-RELEASE (amd64) - Jul, 02 15:33:00 EDT 2021 - with exactly the same problem.
After killing filterdns (pk... Artur Mitrosz
04:45 PM Bug #12690 (Duplicate): 6RD PPPoE WAN Configuration Broken in 2.7.0-DEVELOPMENT
As soon as I upgraded to 2.7.0-DEVELOPMENT, my WAN configuration (6RD / PPPoE) with CenturyLink fails to PPPoE authen... Eric Veum
10:34 AM Feature #12267 (Pull Request Review): OpenVPN option to limit concurrent connections per user
Marcos M
10:31 AM Feature #12267: OpenVPN option to limit concurrent connections per user
New MR including fix to client-specific configuration not applying (static address issue): https://gitlab.netgate.com... Marcos M
10:33 AM Feature #12407 (Pull Request Review): Use deferred client connections in OpenVPN
Marcos M
10:32 AM Feature #12407: Use deferred client connections in OpenVPN
New MR, see: https://redmine.pfsense.org/issues/12267#note-16 Marcos M
10:33 AM Bug #12332 (Pull Request Review): OpenVPN does not clear old Cisco-AVPair anchor rules in some cases
New MR, see: https://redmine.pfsense.org/issues/12267#note-16 Marcos M
10:22 AM pfSense Docs Correction #12659: Correct inaccuracies in configuring Flow Control for ``ix`` and ``ixl`` interfaces
Looks like this applies to ixl as well: https://www.intel.com/content/www/us/en/download/18331/intel-network-adapter-... Marcos M
09:26 AM Bug #2514: static routes for monitor IPs should be removed
related: https://redmine.pfsense.org/issues/12687 → luckman212
01:57 AM pfSense Packages Todo #12317 (Resolved): Suricata UI improvements
Viktor Gurov

01/15/2022

09:48 PM Regression #12688: pppoe won’t connect after upgrade to 2.7.0.a.20220115.0600
Kris Phillips wrote in #note-2:
> Can someone having this issue please provide their PPPoE system logs?
Jan 15 07... Dee D
08:19 PM Regression #12688: pppoe won’t connect after upgrade to 2.7.0.a.20220115.0600
Can someone having this issue please provide their PPPoE system logs? Kris Phillips
06:02 AM Regression #12688: pppoe won’t connect after upgrade to 2.7.0.a.20220115.0600
someone else had the same problem
https://www.reddit.com/r/PFSENSE/comments/s3x10p/cant_connect_to_internet_after_... Dee D
06:00 AM Regression #12688 (Resolved): pppoe won’t connect after upgrade to 2.7.0.a.20220115.0600
I was on a 2.7 build from a few days previous where it was working. Dee D
08:35 PM Bug #7329: DHCP Not Updating DNS
I've never run into this issue because the DHCP server in pfSense tries to hand the same IP to the host. Is your vir... Kris Phillips
08:33 PM Bug #2234: Status: Traffic Graph - only shows interface's subnet
Generally speaking, having multiple subnets on the same L2 broadcast domain is not common or best practice. Splittin... Kris Phillips
08:29 PM Bug #6926: Miniupnp advertising expired IPv6 address
The miniupnpd component is on version 2.2.1 in pfSense Plus 21.05.2. What version of pfSense was this tested on? Pl... Kris Phillips
06:56 PM pfSense Packages Todo #12317: Suricata UI improvements
Seeing the noted changes, fixes and additions on suricata-6.0.4 Jordan G
06:09 PM Bug #12651: ``nginx`` logs an error that the port is already in use when restarting Captive Portal services
possibly related to #10159 A FL
01:20 PM pfSense Docs Correction #12689 (Closed): Link fails with 404
This link seems to be dead on page;
Under "Verifying HTTP Load Balancing"
A page on the Netgate site is available... Daniel van der Wal
12:09 PM pfSense Packages Feature #12674 (Resolved): Redistribute RIP to BGP
Viktor Gurov
11:25 AM pfSense Packages Feature #12674: Redistribute RIP to BGP

"Redistribute RIP" option is added to OSPF and BGP GUI
2.6.0.r.20220113.1926
 Alhusein Zawi
11:29 AM Regression #12622: Kernel panic when using ``fq_pie`` limiter scheduler
I can confirm this is working in the latest 2.70 snapshot. Anonymous

01/14/2022

04:52 PM Feature #12687 (Resolved): Option to disable auto-addition of static routes for ``dpinger``
*Summary*
* Currently, static routes are added for each gateway monitor IP, to force dpinger ICMP to leave via the g... → luckman212
02:27 PM Regression #12622: Kernel panic when using ``fq_pie`` limiter scheduler
I pushed the fix, should be available in the next snapshot. Mateusz Guzik
02:12 PM Regression #12622: Kernel panic when using ``fq_pie`` limiter scheduler
Ok, that's the same kind of problem, but it will have to be fixed differently. I'll try to do it today. Mateusz Guzik
01:46 PM Regression #12622: Kernel panic when using ``fq_pie`` limiter scheduler
Ok I'm uploading two text dumps.
The first one occured right when I applied the floating firewall rules to pipe the ... Anonymous
01:02 PM Regression #12622: Kernel panic when using ``fq_pie`` limiter scheduler
Can you attach a dump? Both already attached only show the fq pie crash. Mateusz Guzik
10:51 AM Regression #12622 (New): Kernel panic when using ``fq_pie`` limiter scheduler
Jim Pingle
10:01 AM Regression #12622: Kernel panic when using ``fq_pie`` limiter scheduler
I guess i should have checked a little better.
The limiter scheduler fq_pie is indeed fixed but you also need to pat... Anonymous
02:10 PM Bug #12677: OpenVPN form validation issues
Applied in changeset commit:ba815f3d219e5bdf404be859e723db2ff0c9258c. Jim Pingle
02:07 PM Bug #12677 (Feedback): OpenVPN form validation issues
Tested and Merged. Christian McDonald
11:40 AM Bug #12677 (Pull Request Review): OpenVPN form validation issues
MR for the remaining validation:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/564
Added validati... Jim Pingle
07:55 AM Bug #12677 (In Progress): OpenVPN form validation issues
This affects a few more fields: @allow_compression, protocol, dev_mode, digest, verbosity_level@
But validating th... Jim Pingle
09:53 AM Feature #12685 (Pull Request Review): Support encrypted ``config.xml`` files when restoring via ECL
Viktor Gurov
06:49 AM Feature #12685: Support encrypted ``config.xml`` files when restoring via ECL
Password prompt on encrypted ECL config.xml load:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/563 Viktor Gurov
06:49 AM Feature #12685 (Resolved): Support encrypted ``config.xml`` files when restoring via ECL
Add a password prompt if ECL config.xml is encrypted and skip on <ENTER>
 Viktor Gurov
09:38 AM Bug #12686: Incorrect copyright year
fix:
https://gitlab.netgate.com/pfSense/FreeBSD-src/-/merge_requests/50 Viktor Gurov
09:35 AM Bug #12686 (Resolved): Incorrect copyright year
Still 2021:
https://github.com/pfsense/FreeBSD-src/blob/RELENG_2_6_0/release/rc.local#L91 Viktor Gurov
06:36 AM Feature #12684: Automatic encryption/decryption of config files, for pfSense ECL configuration feature
Password prompt on encrypted ECL config.xml load:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/563
mo... Viktor Gurov
05:31 AM Feature #12684 (Rejected): Automatic encryption/decryption of config files, for pfSense ECL configuration feature
Using any predictable value as encryption/decryption key is not going to happen. It wouldn't be any better than handi... Jim Pingle
03:58 AM Feature #12684: Automatic encryption/decryption of config files, for pfSense ECL configuration feature
The whole idea is for this to run wo. any user interaction , using a Device derived key , for both encryption & decry... Bingo Bingo
03:22 AM Feature #12684: Automatic encryption/decryption of config files, for pfSense ECL configuration feature
I think it's better to add a password prompt to test_config() if "---- BEGIN config.xml ----" header is found:
https... Viktor Gurov
12:07 AM Feature #12684 (Rejected): Automatic encryption/decryption of config files, for pfSense ECL configuration feature
See
https://forum.netgate.com/topic/169077/improvement-idea-configuration-backup-restore-encryption-and-ecl
Readi... Bingo Bingo
03:35 AM Regression #12660: High CPU usage due to incorrect gateway on some policy routed states
Also merged upstream: https://cgit.freebsd.org/src/commit/?id=5f5e32f1b3945087a687c5962071d3f46e34e1ff Kristof Provost

01/13/2022

02:33 PM Regression #12057: 21.09/2.6.0 - High CPU usage and slowness with ``pfctl -ss``
Tested in
2.6.0-RC (amd64)
built on Wed Jan 12 20:10:43 UTC 2022
FreeBSD 12.3-STABLE
no High CPU usage or slo... Christopher Cope
12:50 PM Bug #12677 (Feedback): OpenVPN form validation issues
Applied in changeset commit:78ce96a9af3b2ab5159ef6623078bfc4b15f8a89. Jim Pingle
12:31 PM Feature #12518 (Feedback): Restore RRD and extra data from configuration backups when restoring during installation
Merged Viktor Gurov
08:23 AM Bug #12680 (Feedback): Typo in the warning text
Merged:
https://github.com/pfsense/pfsense/commit/9a51687d08bbb62e6a21fa9f0da4b8d79dcaa969 Viktor Gurov
07:55 AM Bug #12680 (Pull Request Review): Typo in the warning text
Viktor Gurov
08:12 AM pfSense Packages Todo #12354: Update haproxy-devel to mitigate CVE-2021-40346
Hi I want to ask is you implemented mentioned "Temporary workaround"?
> No need to add this if version of haproxy ... DRago_Angel [InV@DER]
08:02 AM pfSense Packages Bug #12670 (Feedback): ACME package writes credentials to system log
Merged:
https://github.com/pfsense/FreeBSD-ports/commit/deff5ad17b0809521d0c083ebbe619ebfd089d6f Viktor Gurov
07:20 AM pfSense Packages Bug #12670 (Pull Request Review): ACME package writes credentials to system log
Jim Pingle
06:23 AM pfSense Packages Bug #12670: ACME package writes credentials to system log
WebGUI debug option:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/169 Viktor Gurov
07:21 AM Feature #12682 (Duplicate): RADIUS authentication fallback for pfSense GUI
The other issue already covers "authentication servers" which would include both LDAP and RADIUS. No need for a secon... Jim Pingle
04:25 AM Feature #12682: RADIUS authentication fallback for pfSense GUI
same for LDAP - #10843 Viktor Gurov
05:13 AM Regression #12288: GRE and GIF tunnel inside addresses are missing at the OS level after applying changes on assigned interfaces
This is 2.6 only regression fix, related to #6507 changes Viktor Gurov
04:34 AM pfSense Packages Bug #12683: snort_get_vpns_list() does not include OpenVPN CSO
fix:
https://github.com/pfsense/FreeBSD-ports/pull/1135 Viktor Gurov
04:24 AM pfSense Packages Bug #12683 (Resolved): snort_get_vpns_list() does not include OpenVPN CSO
"Pass List -> Auto-Generated IP Addresses -> VPN Addresses" does not include OpenVPN Client Specific Override.
 Danilo Zrenjanin
04:23 AM pfSense Packages Feature #11879: Add support for SSL.com ACME server
SSL.com and ZeroSSL.com support added to acme.sh - https://github.com/acmesh-official/acme.sh/releases/tag/3.0.0:
"Z... Viktor Gurov
04:20 AM pfSense Packages Bug #12623: acme.sh package | DNS-ISPConfig settings
Fix is merged to the upstream acme.sh repository Viktor Gurov
04:13 AM pfSense Packages Bug #12642 (Resolved): suricata_get_vpns_list() does not include OpenVPN CSO
Tested against:... Danilo Zrenjanin
02:40 AM Regression #12660: High CPU usage due to incorrect gateway on some policy routed states
MR (devel-12): https://gitlab.netgate.com/pfSense/FreeBSD-src/-/merge_requests/46
MR (RELENG_2_6_0): https://gitlab.... Kristof Provost

01/12/2022

10:29 PM pfSense Packages Feature #12658: Adding prometheus metrics to darkstat
It looks like a commit had been made to the main branch: https://cgit.freebsd.org/ports/commit/?id=038bcb21cbd11930ab... Karim Elatov
08:17 PM Feature #12682 (Duplicate): RADIUS authentication fallback for pfSense GUI
Feature request to allow specifying multiple RADIUS servers with a fallback database for authentication when logging ... Chris W
03:39 PM Regression #12660: High CPU usage due to incorrect gateway on some policy routed states
I booted a kernel with the patch and ran for over 5 hours without any problems. Looks like that took care of the prob... Jim Pingle
03:37 PM pfSense Docs Todo #12639 (Closed): Feedback on System Monitoring — System Logs
Jim Pingle
03:37 PM pfSense Docs Correction #12598 (Closed): Alias use with static routes
Jim Pingle
03:37 PM pfSense Docs Todo #12596 (Closed): OpenVPN Site to Site configuration examples should note to change the inactive value
Jim Pingle
02:51 PM pfSense Docs New Content #12681 (Closed): WireGuard Site-to-Multisite Recipe
Reviewed, merged & deployed Jim Pingle
01:27 PM pfSense Docs New Content #12681 (Pull Request Review): WireGuard Site-to-Multisite Recipe
MR: https://gitlab.netgate.com/docs/pfSense-docs/-/merge_requests/29 Christian McDonald
01:20 PM pfSense Docs New Content #12681 (Closed): WireGuard Site-to-Multisite Recipe
Adds new recipe for WireGuard site-to-multisite configurations. Christian McDonald
02:44 PM Bug #5592 (Closed): fsck sometimes fails to repair filesystem automatically, resulting in Panic: ufs_dirbad bad dir ino ... mangled entry
Nothing we can really do for this. We have changed the default filesystem type to ZFS, and fsck is not relevant there... Jim Pingle
02:41 PM Bug #5383 (Closed): CODELQ Traffic Shaper Causes Panic and Reboot During Speed Test
Doesn't seem to be an issue anymore, and there is a lack of detail here (no details of the config, not even if it's A... Jim Pingle
02:31 PM Regression #12622 (Resolved): Kernel panic when using ``fq_pie`` limiter scheduler
Thanks for testing. I'll assume the issue is resolved, please reopen if the crash pops up again. Mateusz Guzik
12:21 PM Bug #12604 (Resolved): IPv6 interface prefix change not reflected in RADVD configuration
Danilo Zrenjanin
12:20 PM Bug #12604: IPv6 interface prefix change not reflected in RADVD configuration
Tested on:... Danilo Zrenjanin
07:34 AM Bug #12678 (Pull Request Review): Applying firewall rule changes does not clear dirty flag for aliases subsystem
Jim Pingle
02:59 AM Bug #12678: Applying firewall rule changes does not clear dirty flag for aliases subsystem
same issue with the NAT and Shaper pages
fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/553 Viktor Gurov
02:17 AM Bug #12678 (Resolved): Applying firewall rule changes does not clear dirty flag for aliases subsystem
How to reproduce:
1) Change Aliases
2) You'll see a message on top of the page:... Viktor Gurov
06:05 AM Bug #12680: Typo in the warning text
fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/555 Danilo Zrenjanin
05:48 AM Bug #12680 (Resolved): Typo in the warning text
If setting the DNS Resolver in forwarding mode and DNS servers were not previously defined under System>General, the ... Danilo Zrenjanin
04:37 AM Feature #12679: Remind user to update DHCPv6 range when changing interface IPv6 prefix
see also #12527 Viktor Gurov
04:17 AM Feature #12679 (New): Remind user to update DHCPv6 range when changing interface IPv6 prefix
Having a reminder to update the DHCPv6 range (address pool) after changing the IPv6 prefix under an interface with DH... Danilo Zrenjanin
02:21 AM Bug #12635 (Resolved): PHP: Error generated when backing up a config file with SSH disabled
Tested against:... Danilo Zrenjanin

01/11/2022

07:17 PM Regression #12622: Kernel panic when using ``fq_pie`` limiter scheduler
I tested the latest community edition 2.6.0.b.20220111.0600 on two different machines and everything is working good.... Anonymous
03:46 PM Regression #12622: Kernel panic when using ``fq_pie`` limiter scheduler
Ok I don't have Netgate hardware so I won't be able to test any Pfsense plus versions. Anonymous
02:49 PM Regression #12622: Kernel panic when using ``fq_pie`` limiter scheduler
This snapshot contains the fix: https://firmware-nyi.netgate.com/beta/snapshots/installer/pfSense-plus-22.01-BETA-amd... Mateusz Guzik
10:44 AM pfSense Packages Feature #12658: Adding prometheus metrics to darkstat
FreeBSD ports bug created: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=261123 Karim Elatov
09:35 AM Bug #12677 (Pull Request Review): OpenVPN form validation issues
Jim Pingle
09:20 AM Bug #12677: OpenVPN form validation issues
MR: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/550 Jim Pingle
09:15 AM Bug #12677 (Closed): OpenVPN form validation issues
There are a few issues with how we currently handle the data cipher list in OpenVPN client and server pages, includin... Jim Pingle
05:52 AM Feature #12676 (New): Add the Tagged option on the Port Forward rules edit page
When editing the firewall rules, we can see the following note under the Tag option:
"A packet matching this rule ca... Viktor Gurov

01/10/2022

09:03 PM pfSense Plus Bug #12607: Instability with Snort Inline with AWS Instances
https://github.com/pfsense/FreeBSD-src/commit/7dbcef9536b410426e8b391e721e5800f5d503b5
@* Netmap support for ENAv3... Marcos M
06:34 PM Regression #12622: Kernel panic when using ``fq_pie`` limiter scheduler
Apologies for late reply, I somehow did not get notification of your response.
I pushed the patch to pfSense, shou... Mateusz Guzik
02:00 PM Feature #12267: OpenVPN option to limit concurrent connections per user
Jim Pingle wrote in #note-14:
> Phil Wardt wrote in #note-12:
> > Note: I have the option "Strict User-CN Matching"... Phil Wardt
07:41 AM Feature #12267: OpenVPN option to limit concurrent connections per user
Phil Wardt wrote in #note-12:
> Note: I have the option "Strict User-CN Matching" enabled, not sure if each certific... Jim Pingle
01:20 PM Regression #12660: High CPU usage due to incorrect gateway on some policy routed states
Can you test this patch? It should prevent simultaneous access in pf_map_addr(), hopefully (and expected) without maj... Kristof Provost
12:33 PM Regression #12660: High CPU usage due to incorrect gateway on some policy routed states
I already talked with Kristof about this on Slack, but so it's also on Redmine:
> Would you be able to test if the... Jim Pingle
08:30 AM Regression #12660: High CPU usage due to incorrect gateway on some policy routed states
I think I see where the problem happens and it's indeed in the PF_POOL_ROUDROBIN case of pf_map_addr().
In get_addr:... Kristof Provost
03:48 AM Regression #12660: High CPU usage due to incorrect gateway on some policy routed states
Would you be able to test if the problem occurs if the rule doesn't use round-robin but uses random or source-hash in... Kristof Provost
12:35 PM pfSense Plus Bug #12669 (Duplicate): Improvements to pkg update handling
Duplicate of #10464 which already had a similar planned solution in mind. Jim Pingle
10:42 AM pfSense Plus Bug #11626: Google LDAP connections fail due to lack of SNI for TLS 1.3
Nudge this ahead so we have more time to ensure there aren't any regressions from the change. Jim Pingle
10:06 AM Feature #12675 (Resolved): Move command line history to a GUI option stored in ``config.xml`` rather than a manual flag file
Currently the CLI history is retained if the file .keephistory is present.
It would be nice if that option was ret... Steve Wheeler
09:19 AM pfSense Packages Feature #12674 (Feedback): Redistribute RIP to BGP
Merged Viktor Gurov
08:11 AM pfSense Packages Feature #12674 (Pull Request Review): Redistribute RIP to BGP
Jim Pingle
04:48 AM pfSense Packages Feature #12674: Redistribute RIP to BGP
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/167 Viktor Gurov
04:19 AM pfSense Packages Feature #12674 (Resolved): Redistribute RIP to BGP
Current version only support redistributing OSPF to BGP, but not RIP Viktor Gurov
08:56 AM pfSense Packages Todo #12354 (Feedback): Update haproxy-devel to mitigate CVE-2021-40346
Marcos Mendoza wrote in #note-9:
> This patch results in the following warning when starting @haproxy@:
> [...]
> ... Viktor Gurov
08:51 AM Feature #12518 (Pull Request Review): Restore RRD and extra data from configuration backups when restoring during installation
Jim Pingle
08:34 AM Feature #12518: Restore RRD and extra data from configuration backups when restoring during installation
Improved:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/549
https://gitlab.netgate.com/pfSense/Fr... Viktor Gurov
08:15 AM Bug #12672 (Pull Request Review): GleSYS Dynamic DNS responses are not parsed properly
Jim Pingle
05:20 AM Bug #12672: GleSYS Dynamic DNS responses are not parsed properly
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/547 Viktor Gurov
08:14 AM Bug #12661 (Needs Patch): Increase Maximum Allowable Bandwidth on Limiters
Since this is blocked on an upstream limitation, there isn't anything we can do here at the moment. Once it's fixed i... Jim Pingle
04:55 AM Bug #12661: Increase Maximum Allowable Bandwidth on Limiters
current limiter maximums is 4Gb/s, see #7979
related FreeBSD issue: https://bugs.freebsd.org/bugzilla/show_bug.cgi?i... Viktor Gurov
08:10 AM Bug #1849: Traffic shaper - By Queue view needs to show/use friendly inerface names
It shows the friendly names these days but it doesn't show the root queues still, so this can remain open. Jim Pingle
08:03 AM Feature #9393 (Pull Request Review): Improved support for USB interfaces that may not always be present
Jim Pingle
04:08 AM Feature #9393: Improved support for USB interfaces that may not always be present
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/506 Viktor Gurov
07:55 AM pfSense Packages Bug #12668: Clear System OS Boot Log removes Cypto information on Status Page
Jim Pingle wrote in #note-4:
> This is normal and expected. That information is obtained by inspecting the OS boot l... Jim Middleton
07:34 AM pfSense Packages Bug #12668 (Not a Bug): Clear System OS Boot Log removes Cypto information on Status Page
This is normal and expected. That information is obtained by inspecting the OS boot log and if you clear it, there is... Jim Pingle
07:21 AM pfSense Packages Bug #12668: Clear System OS Boot Log removes Cypto information on Status Page
Local network with 3 users. Its not an office with a bazillion VLAN's, etc. Jim Middleton
07:20 AM pfSense Packages Bug #12668: Clear System OS Boot Log removes Cypto information on Status Page
Viktor Gurov wrote in #note-1:
> Please provide more information about your configuration -
>
> unable to reprod... Jim Middleton
05:49 AM pfSense Packages Bug #12668 (Feedback): Clear System OS Boot Log removes Cypto information on Status Page
Please provide more information about your configuration -
unable to reproduce on 2.6.0.b.20220109.0600
fixed ... Viktor Gurov
07:45 AM Regression #12666 (Resolved): Default password warning is not displayed for new installs
Jim Pingle
07:04 AM pfSense Packages Bug #11836 (Feedback): FRR ACCEPTFILTER shows out of order prefix-list
Unable to reproduce on FRR 1.1.1_2:... Viktor Gurov
05:55 AM pfSense Packages Feature #10818: UDP Broadcast Relay
build pkg:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/548 Viktor Gurov
05:39 AM Bug #12654 (Resolved): Nat issue after 20211220 version
works as expected on 22.01.b.20220109.0600 Viktor Gurov
05:01 AM Bug #12671 (Rejected): Load balancing stop working...
This site is not for support or diagnostic discussion.
For assistance in solving problems, please post on the "Net... Viktor Gurov
04:15 AM Bug #12497 (Duplicate): OpenVPN Server assignes random IPv4 addresses to active clients even if FreeRadius has configured Framed-IP for all these remote clients
Duplicate of #12076 Viktor Gurov
04:11 AM pfSense Packages Bug #12443 (Resolved): DNSBL Category ```Enable All``` button not working
Viktor Gurov
04:11 AM Bug #12452 (Resolved): Port forward rules are not created for special networks (pppoe, openvpn)
Viktor Gurov
01:26 AM Bug #12673: Firewall Logs Dashboard Widget is slow and may fail to update
This is being discussed here
https://forum.netgate.com/topic/168895/please-help-firewall-logs-dashboard-widget-not... JohnPoz _

01/09/2022

06:16 PM Bug #12095: Memory leak in pcscd
Not sure there's a lot of value in my post, if this service has now been set to disabled by default..
I just wante... Simon Quigley
04:28 PM Bug #12673: Firewall Logs Dashboard Widget is slow and may fail to update
Tested:... Steve Wheeler
04:28 PM Bug #12673 (Resolved): Firewall Logs Dashboard Widget is slow and may fail to update
As stated the firewall logs dashboard widget fails to update at all if you set an update interval below 5 seconds.
... Steve Wheeler
07:22 AM Bug #12672 (Resolved): GleSYS Dynamic DNS responses are not parsed properly
Expected response from GLeSYS is wrong in _checkStatus
pfsense/src/etc/inc/dyndns.class
if (preg_match('/Recor... Martin Pegler
06:59 AM Bug #12671 (Rejected): Load balancing stop working...
Hello,
I have this issue since long time ago but never put so much effort into it... I mostly use Failover but now... Atanas Paunoff
06:31 AM pfSense Packages Bug #12670: ACME package writes credentials to system log
It is probably due to https://github.com/pfsense/FreeBSD-ports/blob/94457075a991331b9c0bcee44ea7d4fd9427ab36/security... Florian Apolloner
06:26 AM pfSense Packages Bug #12670 (New): ACME package writes credentials to system log
The acme renewal cron currently dumps the config into the system log:... Florian Apolloner

01/08/2022

06:21 PM Feature #12267: OpenVPN option to limit concurrent connections per user
There could be additional code to address the behavior with certs differently, however it wouldn't be "instead of" si... Marcos M
01:25 PM Feature #12267: OpenVPN option to limit concurrent connections per user
Jim Pingle wrote in #note-11:
> Commit reverted. We can revisit this in the next release.
Instead of this shell h... Phil Wardt
05:21 PM pfSense Packages Bug #12443: DNSBL Category ```Enable All``` button not working
Enable All and Disable All buttons appear to function as desired (compared to 21.05.2) for these blacklists on 22.01.... Jordan G
05:02 PM Bug #5253: 3gstats.php 100% CPU
Unable to reproduce this issue. The Status --> Interfaces tab shows proper data and the CPU usage does not hit 100% ... Kris Phillips
04:56 PM Bug #1849: Traffic shaper - By Queue view needs to show/use friendly inerface names
Not sure what this bug report is for as the friendly name for interfaces is shown for traffic shapers and for the que... Kris Phillips
04:35 PM Regression #12666: Default password warning is not displayed for new installs
The default password banner is present on 22.01.b.20220108.0600 Jordan G
04:25 PM Bug #12661: Increase Maximum Allowable Bandwidth on Limiters
I can confirm that setting a limiter of 5 gigabit produces the following error in the system logs:
/rc.filter_con... Kris Phillips
04:17 PM pfSense Plus Bug #12669 (Duplicate): Improvements to pkg update handling
Currently when a new pfSense release comes out pkg updates the repo files immediately so that the current stable rele... Kris Phillips
01:03 PM Feature #12567 (Resolved): Add Dynamic DNS support for Name.com

Name.com is listed in Dynamic DNS
2.6.0.b.20220107.0600
 Alhusein Zawi
06:24 AM pfSense Packages Bug #12668 (Not a Bug): Clear System OS Boot Log removes Cypto information on Status Page
When I clear the System Log OS Boot and return to the System Status page Crypto information changes from "AES-NI CPU ... Jim Middleton
05:53 AM pfSense Packages Bug #12260: Update popup and version missmatch?
Possible workaround: Use a web-browser plugin like 'uBlock Origin' to select this 'popup' (it's a div actually) eleme... R. B.

01/07/2022

08:15 PM pfSense Packages Bug #12260: Update popup and version missmatch?
+1 for this, if only to get rid of the unavoidable notification on every page load. Matt D
02:52 PM Regression #12605: ``diag_dump_states.php`` no longer filters by rule ID
Updating subject for release notes. Jim Pingle
01:04 PM Bug #12452: Port forward rules are not created for special networks (pppoe, openvpn)

Input validation prevented me to create a port forward with destination ANY on all interfaces( WAN,LAN....) and all... Alhusein Zawi
09:30 AM Feature #12665: Ability to add custom pf rules from the GUI
... Having thought further, I'm not sure merely appending the custom rules would give users the versality they need. ... Andrew -
05:01 AM Feature #12665 (New): Ability to add custom pf rules from the GUI
I'd be grateful if you could please consider adding the ability to specify custom pf rules from the GUI.
I'm envis... Andrew -
09:18 AM pfSense Packages Bug #12667 (Bogus): Firewall Crashed After Upgrading Wireguard
Upgraded wireguard from 0.1.5 to 0.1.5_3 and after the upgrade was complete firewall crashed. Kyle Sampson
09:15 AM Regression #12666 (Feedback): Default password warning is not displayed for new installs
Applied in changeset commit:5165bfa5e5e029c75239204b8cffff8d9d5ab6c5. Jim Pingle
09:05 AM Regression #12666: Default password warning is not displayed for new installs
Not a problem in a release, so exclude from release notes. Jim Pingle
08:57 AM Regression #12666 (In Progress): Default password warning is not displayed for new installs
Jim Pingle
08:56 AM Regression #12666 (Resolved): Default password warning is not displayed for new installs
Since the change to SHA-512 hash passwords in #10298 the warning banner that alerts the user they are using the defau... Jim Pingle
07:35 AM Bug #12664 (Rejected): URL table never updates
There isn't enough detail here to say what might be happening, and this site is not for support or diagnostic discuss... Jim Pingle
04:25 AM Bug #12664 (Rejected): URL table never updates
Hello,
I waited over 48 hours but my URL tables don't update anymore. When I manually click save without editing a... Bas de Vet

01/06/2022

06:56 PM Regression #12660: High CPU usage due to incorrect gateway on some policy routed states
To confirm the NAT hypothesis I added a NAT rule on that interface and the problem disappeared. So this appears to on... Jim Pingle
12:00 PM Regression #12660: High CPU usage due to incorrect gateway on some policy routed states
Further testing with Load Balancing showed the problem happens at a 3:2 and even a 1:1 ratio of weights for load bala... Jim Pingle
11:14 AM Regression #12660: High CPU usage due to incorrect gateway on some policy routed states
I made a commit which should make this a non-issue for failover groups (one gateway per tier) but it does still happe... Jim Pingle
03:02 PM Bug #12663 (Rejected): IPV6 Neighbor Solicitation not answered => No IPV6 possilbe ! TrueNas or pfSense?
This site is not for support or diagnostic discussion.
For assistance in solving problems, please post on the "Net... Jim Pingle
02:54 PM Bug #12663 (Rejected): IPV6 Neighbor Solicitation not answered => No IPV6 possilbe ! TrueNas or pfSense?
Hello,
I have multiple vlans between an TrueNAS-core system and pfSense. IPV6 does not work, due to a failing Neig... Louis B
02:42 PM pfSense Docs Correction #12662 (Closed): Interface Types and Configuration -> Limitations | Grammar
Fixed: https://gitlab.netgate.com/docs/pfSense-docs/-/commit/2b2dfe70d64391b4331d1d9552645450c8766b93 Jim Pingle
12:46 PM pfSense Docs Correction #12662: Interface Types and Configuration -> Limitations | Grammar
https://docs.netgate.com/pfsense/en/latest/interfaces/index.html Christopher Cope
12:44 PM pfSense Docs Correction #12662 (Closed): Interface Types and Configuration -> Limitations | Grammar
The following sentence should have the bold section added.
"For example, the firewall may take much longer *to* c... Christopher Cope

01/05/2022

03:47 PM Regression #12605 (Resolved): ``diag_dump_states.php`` no longer filters by rule ID
This looks good in the current snapshots. The link(s) works. The states are filtered as expected.
Tested:... Steve Wheeler
08:31 AM Regression #12605: ``diag_dump_states.php`` no longer filters by rule ID
For interested parties, the issue was caused by network byte order backpedaling being moved into libpfctl for state e... Christian McDonald
08:19 AM Regression #12605 (Feedback): ``diag_dump_states.php`` no longer filters by rule ID
Christian McDonald
02:14 PM pfSense Plus Bug #11626: Google LDAP connections fail due to lack of SNI for TLS 1.3
Looks like the ports tree is setup to where we can define the version to use without much fuss. It _may_ be as simple... Jim Pingle
02:09 PM Bug #12604: IPv6 interface prefix change not reflected in RADVD configuration
I couldn't replicate the issue on:... Danilo Zrenjanin
10:51 AM pfSense Plus Bug #12545 (Not a Bug): /etc/inc/led.inc functions are not doing the right thing on 6100
The LEDs on the 6100 and several other models are diven by GPIO and adjusted via a special script. They do not use th... Jim Pingle
08:53 AM Feature #12518 (New): Restore RRD and extra data from configuration backups when restoring during installation
This can be activated unintentionally on upgrade the way it is now. It looks like the installer made @/conf/installer... Jim Pingle
08:21 AM Regression #12660: High CPU usage due to incorrect gateway on some policy routed states
This appears to be related to the gateway "weight" advanced parameter. When the problem happens, the gateway in quest... Jim Pingle

01/04/2022

09:13 PM Bug #12661 (Needs Patch): Increase Maximum Allowable Bandwidth on Limiters
This is a continuation from the topic discussed on the forum here:
https://forum.netgate.com/topic/168866/maximum-... Timo M
06:20 PM Bug #9277 (Feedback): MBT-4220/2220: pfSense hangs when running sysctl -a
Tested this against 2.6 beta:... Steve Wheeler
03:23 PM Bug #9277 (Resolved): MBT-4220/2220: pfSense hangs when running sysctl -a
I committed a patch to hide the problematic sysctls when running sysctl -a, which should be good enough for the time ... Mateusz Guzik
05:44 PM Regression #12605: ``diag_dump_states.php`` no longer filters by rule ID
MR: https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/165 Christian McDonald
04:56 PM pfSense Packages Feature #12658: Adding prometheus metrics to darkstat
Are you referring to following this process to submit a patch:
https://docs.freebsd.org/en/books/porters-handbook/... Karim Elatov
03:11 PM Bug #12548 (Resolved): Kernel panic in ``nd6_dad_timer()``
Pushed to devel-12 and plus-devel-12. Mateusz Guzik
03:06 PM Bug #12548: Kernel panic in ``nd6_dad_timer()``
I applied the change on top of devel-12 (needed minor editing because patch somehow failed to apply some of it).
h... Mateusz Guzik
02:48 PM Regression #12660 (Resolved): High CPU usage due to incorrect gateway on some policy routed states
It's not clear why, but sometimes pf is putting the interface address as the gateway on a state instead of the actual... Jim Pingle
02:20 PM Bug #12657 (Closed): "Skip rules when gateway is down" doesn't function on gateway down events until state is reset
Yes, that's still as expected. Once a state is established the state passes the traffic. Rules are not consulted agai... Jim Pingle
01:24 PM Bug #12657: "Skip rules when gateway is down" doesn't function on gateway down events until state is reset
Jim Pingle wrote in #note-2:
> This is almost certainly expected behavior. States are not touched when events happen... Kris Phillips
12:07 PM Feature #4242: Two Factor or OTP Authentication for Admin Interface
That can be accomplished using the FreeRadius package.
# Install the FreeRADIUS package and configure it for OT... Danilo Zrenjanin
11:48 AM Bug #12584 (Resolved): ``rc.carpmaster`` only sends notifications via SMTP
Tested:... Danilo Zrenjanin
03:31 AM Bug #12588 (Resolved): Automatic rule tracker IDs incorrect after multiple filter reloads
Tested:... Danilo Zrenjanin
02:04 AM pfSense Packages Bug #11696 (Resolved): SquidGuard Disable "Groups ACL" no work
Tested on 21.05.2
I've created 10 different Group ACLs for 3 VM PCs I had (Ubuntu, Windows10 and Xubuntu).
After ... Azamat Khakimyanov

01/03/2022

04:17 PM Feature #11927 (Feedback): Allow DHCP not to serve a gateway - small fix
This appears to be complete in 2.5.2.
A new feature request should be opened for similar function in Static Mappin... Steve Wheeler
02:11 PM Regression #12622: Kernel panic when using ``fq_pie`` limiter scheduler
Never done it before but I should be able to. I have a test setup I can run it on. Anonymous
12:32 PM Regression #12622: Kernel panic when using ``fq_pie`` limiter scheduler
I diagnosed the problem and wrote a patch for it, but don't heavy easy means to test:... Mateusz Guzik
12:50 PM Bug #12460: Unbound falls back to using all outgoing network interfaces if manually selected outgoing interface(s) are unavailable
Applied in changeset commit:283f9e8cbe7274db84aeb31e0c6166608c2ff087. Jim Pingle
12:45 PM Bug #12460 (Feedback): Unbound falls back to using all outgoing network interfaces if manually selected outgoing interface(s) are unavailable
New MR: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/544
Merged. Jim Pingle
12:49 PM Feature #12407 (New): Use deferred client connections in OpenVPN
Jim Pingle
12:45 PM Feature #12407 (Feedback): Use deferred client connections in OpenVPN
Applied in changeset commit:1f3baf61c1647ffcfbc6b6e26132d3ce56abeb96. Jim Pingle
12:36 PM Feature #12407: Use deferred client connections in OpenVPN
Commit reverted. We can revisit this in the next release. Jim Pingle
12:23 PM Feature #12407 (New): Use deferred client connections in OpenVPN
The commit for this, commit:7aaa20d95a345c4688e8786c755c7d0433451688 , broke static IP address assignments from RADIUS. Jim Pingle
12:37 PM Bug #12076 (Feedback): OpenVPN RADIUS-based firewall rules do not use expected value for RADIUS-assigned IP addresses
The above commit has been reverted. Please test this issue again on the next new snapshot, or on a snapshot with that... Jim Pingle
12:23 PM Bug #12076: OpenVPN RADIUS-based firewall rules do not use expected value for RADIUS-assigned IP addresses
The static addresses were broken by commit:7aaa20d95a345c4688e8786c755c7d0433451688 which is related to #12407 / #123... Jim Pingle
12:36 PM Bug #12332: OpenVPN does not clear old Cisco-AVPair anchor rules in some cases
Commit reverted. We can revisit this in the next release. Jim Pingle
12:22 PM Bug #12332 (New): OpenVPN does not clear old Cisco-AVPair anchor rules in some cases
The commit for this, commit:7aaa20d95a345c4688e8786c755c7d0433451688 , broke static IP address assignments from RADIUS. Jim Pingle
12:36 PM Feature #12267: OpenVPN option to limit concurrent connections per user
Commit reverted. We can revisit this in the next release. Jim Pingle
12:22 PM Feature #12267 (New): OpenVPN option to limit concurrent connections per user
The commit for this, commit:7aaa20d95a345c4688e8786c755c7d0433451688 , broke static IP address assignments from RADIUS. Jim Pingle
12:00 PM Bug #12383: Typos in interfaces_assign.php configuration change description strings
Applied in changeset commit:fc53bed4c086866394771950b4e5b51ad953d59e. Jim Pingle
11:52 AM Bug #12383 (Feedback): Typos in interfaces_assign.php configuration change description strings
Fixed in a new PR: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/542
 Jim Pingle
11:58 AM Regression #12549: Per-user Mobile IPsec settings are not applied to connecting mobile clients
A user testing this patch mentioned that after some days, the client received a different IP assigned reserved for a ... Marcos M
11:58 AM Todo #12431: GUI pages should use ``POST`` for AJAX calls, not ``GET``
Need more comprehensive testing. Jim Pingle
11:41 AM Feature #12518 (Feedback): Restore RRD and extra data from configuration backups when restoring during installation
Already merged. Jim Pingle
11:40 AM Bug #12635 (Feedback): PHP: Error generated when backing up a config file with SSH disabled
Already merged. Jim Pingle
09:31 AM Regression #12605: ``diag_dump_states.php`` no longer filters by rule ID
Looks like we are passing in the ruleid to the @pfSense_get_pf_states();@ function in the pfSense module correctly, b... Jim Pingle
08:28 AM pfSense Docs Correction #12659 (Resolved): Correct inaccuracies in configuring Flow Control for ``ix`` and ``ixl`` interfaces
*Page:* https://docs.netgate.com/pfsense/en/latest/hardware/tune.html
*Feedback:*
The entry for Flow Control for ... Andreas Gunnarsson
07:54 AM pfSense Packages Feature #12658: Adding prometheus metrics to darkstat
If the FreeBSD port for Darkstat is out of date, the proper procedure is to ask the FreeBSD port maintainer to update... Jim Pingle
07:50 AM Bug #12657 (Feedback): "Skip rules when gateway is down" doesn't function on gateway down events until state is reset
This is almost certainly expected behavior. States are not touched when events happen unless the user has enabled the... Jim Pingle
07:47 AM Bug #9572 (Closed): uPNP not working - miniupnpd needs an update, reporting "interface index not matching", which has been fixed upstream
Jim Pingle
07:47 AM Bug #6369 (Closed): Config without mouse not possible
Jim Pingle
07:05 AM Bug #12654 (Feedback): Nat issue after 20211220 version
This looks to have been an edge case caused by enabling RSS. Possibly a race condition.
RSS is now disabled in curre... Steve Wheeler

01/02/2022

03:56 PM pfSense Packages Feature #12658 (Closed): Adding prometheus metrics to darkstat
I wanted to get *darkstat* metrics in *prometheus* and it looks like a new commit (in 2017) has been created in the o... Karim Elatov
11:41 AM pfSense Packages Todo #12354 (Pull Request Review): Update haproxy-devel to mitigate CVE-2021-40346
This patch results in the following warning when starting @haproxy@:... Marcos M

01/01/2022

11:13 AM Bug #12657: "Skip rules when gateway is down" doesn't function on gateway down events until state is reset
The plot thickens:
When I kill the gateway and look at my firewall rules for matches, it's not actually matching o... Kris Phillips
10:47 AM Bug #12657 (Closed): "Skip rules when gateway is down" doesn't function on gateway down events until state is reset
Testing environment:
Inside subnet: 192.168.5.0/24
Host: 192.168.5.20
System --> Advanced --> Misc --> "Skip rul... Kris Phillips
12:31 AM Feature #7626: Add IPoE support for WAN
Does anyone know if selecting using DHCP will solve the need to select IPoE?
Or is there an IPoE option in the works... Anonymous

12/31/2021

06:02 PM Bug #9572: uPNP not working - miniupnpd needs an update, reporting "interface index not matching", which has been fixed upstream
pfSense Plus 21.05.2, which is our current stable release, runs the following version:
miniupnpd 2.2.1 Oct 20 2021... Kris Phillips
05:58 PM pfSense Packages Bug #8516: FreeRADIUS requires settings re-saved after pfSense upgrade
Is FreeRADIUS communicating on a VIP in your configuration or using the actual interface IP? There is a bug for VIPs... Kris Phillips
05:55 PM Bug #8113: MTU setting on bridge, openvpn clients ignored
OpenVPN's MTU is set by a command passed to the client/server, not on the interface itself.
As for bridge interfac... Kris Phillips
05:47 PM Bug #7400: Traffic Graphs show bad data on 2.3.3_1
I'm not able to reproduce any issues here in pfSense Plus 21.05.2 or pfSense CE 2.5.2. Graphs look normal to me. Kris Phillips
05:44 PM Bug #6993: OpenVPN status error during CARP state transition
If this is still relevant, you can likely work around this by setting the VIP that you're using for OpenVPN to also b... Kris Phillips
05:40 PM Bug #7113: Interface name in Traffic Graphs
Not sure this is a bug. This seems to be by design that the "friendly name" would be displayed. What purpose would h... Kris Phillips
05:36 PM Bug #6369: Config without mouse not possible
Tested in Firefox on pfSense Plus 21.05.2. I can select all of these fields with just the keyboard and change them wi... Kris Phillips
05:30 PM Bug #4345: Traffic Shaping doesn't work with Xen netfront driver
This should be retested. There is a lot of kernel changes and Xen improvements in the FreeBSD kernel in the last 6 ye... Kris Phillips
05:21 PM Bug #5629: Allow for IPsec configuration using certs without a CA
This is only necessary for self-signed certs. Not sure what the functional benefit of removing the CA requirements w... Kris Phillips
04:19 PM pfSense Packages Feature #11130: FRR RIP support
After performing the workaround in https://redmine.pfsense.org/issues/12653, I am able to successfully exchange route... Max Leighton
03:42 PM pfSense Packages Bug #11391 (Resolved): Zeek crashes on 2.5.0
Tested with Zeek 3.0.6_3
The service starts successfully without any crashes. Marking the ticket resolved. Max Leighton
01:20 PM Bug #12632: Changing an interface IP address and gateway at the console does not save the new gateway if one already exists for the interface
I tested again, against the same version:... Danilo Zrenjanin
10:35 AM Bug #12632 (Feedback): Changing an interface IP address and gateway at the console does not save the new gateway if one already exists for the interface
Danilo Zrenjanin
06:09 AM Bug #12632 (Resolved): Changing an interface IP address and gateway at the console does not save the new gateway if one already exists for the interface
Tested against:... Danilo Zrenjanin
01:06 PM pfSense Packages Bug #12423: Dashboard shows "SQLite database missing, Force Reload DNSBL to recover!"
So is this in pfBlockerNG-devel 3.1.0 or not yet released? Sean McBride
10:27 AM pfSense Packages Feature #12656 (New): NextDNS
NetDNS package and the the ability to change setting, especially the configuration file via the web gui.
 Abdul Khaliq
04:54 AM Bug #12637 (Resolved): Incorrect SSH key permission after restore
Tested against:... Danilo Zrenjanin

12/30/2021

05:51 PM pfSense Packages Bug #12655 (New): telegraf, wireguard plugin failing
Hi,
I'm trying to use the Wireguard plugin for telegraf, more info on the plugin here,
https://github.com/influxd... Russell Morris
02:51 PM pfSense Packages Bug #12443 (Feedback): DNSBL Category ```Enable All``` button not working
Merged Viktor Gurov
02:50 PM pfSense Packages Bug #12423 (Feedback): Dashboard shows "SQLite database missing, Force Reload DNSBL to recover!"
Merged Viktor Gurov
02:49 PM pfSense Packages Bug #12414 (Feedback): DNSBL SafeSearch page displays input validation error if DoH / DoT blocking is not enabled
Merged Viktor Gurov
02:33 PM pfSense Packages Feature #10818: UDP Broadcast Relay
MILO MEDIN wrote in #note-7:
> Is there any work going on to integrate this? I have a problem with chromecast audio... Axel Taferner
12:20 PM pfSense Packages Feature #10818: UDP Broadcast Relay
Is there any work going on to integrate this? I have a problem with chromecast audio groups that this would fix (tha... MILO MEDIN
02:25 PM Bug #12452 (Feedback): Port forward rules are not created for special networks (pppoe, openvpn)
Applied in changeset commit:7034ac0946c63f77708f28643f5efc8fb0fe96a1. Viktor Gurov
02:02 PM Bug #12452 (Pull Request Review): Port forward rules are not created for special networks (pppoe, openvpn)
Jim Pingle
12:12 PM Bug #12452: Port forward rules are not created for special networks (pppoe, openvpn)
extra fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/541 Viktor Gurov
01:26 PM Bug #12626: Router Advertisement DNS search domain from one interface may unintentionally be used by other interfaces
Updating subject for release notes. Jim Pingle
01:20 PM Feature #11750: Support for network interfaces using the ``qlnxe`` driver
Updating subject for release notes. Jim Pingle
01:19 PM Regression #12631: Dynamic DNS may not use the correct interface when updating during failover
Updating subject for release notes. Jim Pingle
01:06 PM pfSense Packages Bug #12482 (Resolved): Outdated doc links
Tested against:... Danilo Zrenjanin
12:43 PM Bug #12585 (Resolved): ``rc.notify_message`` only sends notifications via SMTP
Tested against:... Danilo Zrenjanin
11:40 AM Bug #12651: ``nginx`` logs an error that the port is already in use when restarting Captive Portal services
fixed in https://gitlab.netgate.com/pfSense/pfSense/-/commit/86b5382c97fd8cb965a7dc74cd12d94ab3a3af9c#a8c0c118e374175... Viktor Gurov
11:19 AM pfSense Packages Feature #12646 (Resolved): FRR: Feature request: Expose "nht resolve-via-default" in GUI
Tested against:... Danilo Zrenjanin
10:35 AM pfSense Docs Todo #12627 (Closed): Feedback on pfSense Configuration Recipes — WireGuard Site-to-Site VPN Configuration Example
Merged this a few days ago Jim Pingle
09:40 AM pfSense Packages Bug #12206 (Feedback): Certificate Manager page doesn't show Net-SNMP used certificates
Merged Viktor Gurov
08:57 AM pfSense Packages Bug #12206 (Pull Request Review): Certificate Manager page doesn't show Net-SNMP used certificates
Jim Pingle
09:37 AM Bug #12654: Nat issue after 20211220 version
This appears to affect any traffic using outbound NAT from an IP on the firewall itself. So, for example, localhost:
... Steve Wheeler
08:49 AM Bug #12654 (Resolved): Nat issue after 20211220 version
Upgrading to version 20211220+ results in loss of pfSense box internet connection *if Outbound NAT Source "any" is us... Viktor Gurov
09:10 AM pfSense Packages Bug #12623: acme.sh package | DNS-ISPConfig settings
upstream fix:
https://github.com/acmesh-official/acme.sh/pull/3868 Viktor Gurov
08:37 AM pfSense Packages Regression #12653 (Feedback): RIP related startup error
Merged Viktor Gurov
07:31 AM pfSense Packages Regression #12653 (Pull Request Review): RIP related startup error
Jim Pingle
04:35 AM pfSense Packages Regression #12653: RIP related startup error
workaround:... Viktor Gurov
04:23 AM pfSense Packages Regression #12653 (Resolved): RIP related startup error
... Viktor Gurov
07:36 AM Bug #11984 (Pull Request Review): Automatic Outbound NAT mode can create incorrect rules in some cases
Jim Pingle
06:22 AM Bug #11984: Automatic Outbound NAT mode can create incorrect rules in some cases
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/540 Viktor Gurov
07:31 AM Bug #12652 (Not a Bug): Firewall Alias: Fatal Error - Upgrade from 2.5.0 to 2.5.2
You have a problem with your installation, that isn't from a bug.
This site is not for support or diagnostic discu... Jim Pingle
03:58 AM Bug #12652 (Not a Bug): Firewall Alias: Fatal Error - Upgrade from 2.5.0 to 2.5.2
After upgrading, I saw some errors in the notifications (Attached screenshots).
I can no longer edit my existing A... Kyle Keagy
07:29 AM Regression #12183: Changing MAC address for PPP parent interface stopped working
That page doesn't mention spoofing the MAC now, and needing to spoof it with PPPoE is so rare I don't think that it's... Jim Pingle
03:55 AM Regression #12183: Changing MAC address for PPP parent interface stopped working
Jim Pingle wrote in #note-1:
> That was changed in #11387 to prevent the field from being set on interfaces which do... Viktor Gurov
04:45 AM Bug #12638: Telegram notification is broken
related to https://forum.netgate.com/topic/168768/nat-issue-after-20211220-version Viktor Gurov
04:17 AM Bug #6289: IPv6 address not given to track6 interfaces on create
dhcp6c needs to be restarted to add and a new track interface to dhcp6c.conf Viktor Gurov
04:06 AM Bug #9471 (Feedback): GIF tunnel not added to interface group after reboot
Could you test it on the latest development snapshot? Viktor Gurov
04:00 AM Bug #11872: gif interfaces reporting incorrect traffic counters
Maybe related to #11759 Viktor Gurov
04:00 AM Bug #11759: Traffic graphs on dashboard double upload on pppoe links
net blues wrote in #note-3:
> It happens when comparing pppoe traffic and physical interface. Physical shows correct... Viktor Gurov
03:44 AM pfSense Packages Regression #12643: Rule categories are cleared after clicking the save button on the Global Settings page
Marcos Mendoza wrote in #note-4:
> I still see the following issue noted in the related bug report:
> 1) The @Delet... Viktor Gurov

12/29/2021

01:50 PM Feature #11790 (Rejected): Support hiding interface groups via special tag
Closing in response to discussion in the github merge request. Christian McDonald
01:43 PM Bug #11494 (Rejected): Wireguard interface sends ICMP Redirect when routing between two peers
Unable to replicate.
We can revisit if someone can demonstrate that this issue is still valid. Christian McDonald
11:55 AM Bug #12651 (Closed): ``nginx`` logs an error that the port is already in use when restarting Captive Portal services
After restarting Captive Portal on the Status / Services page or via clicking the restart icon, an error occurs:
<pr... Viktor Gurov
10:21 AM pfSense Packages Feature #12646 (Feedback): FRR: Feature request: Expose "nht resolve-via-default" in GUI
Merged Viktor Gurov
09:36 AM pfSense Packages Bug #10937 (Feedback): HAProxy frontend and backend entry limit
Merged Viktor Gurov
07:51 AM pfSense Packages Bug #10937 (Pull Request Review): HAProxy frontend and backend entry limit
Jim Pingle
04:14 AM pfSense Packages Bug #10937: HAProxy frontend and backend entry limit
fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/159 Viktor Gurov
06:06 AM pfSense Packages Feature #11130 (Feedback): FRR RIP support
Merged Viktor Gurov
06:03 AM pfSense Packages Bug #12386 (Feedback): ```bgp as-path``` and ```bgp community-list``` are present in configuration even when BGP daemon is not enabled
Merged Viktor Gurov
04:57 AM pfSense Plus Bug #12607: Instability with Snort Inline with AWS Instances
Need to test with the latest 22.01/2.6 snapshot - ena(4) updated from 2.2.0 to 2.4.1 in FreeBSD 12.3
see https://www... Viktor Gurov
04:39 AM pfSense Packages Bug #12205 (Feedback): Certificate Manager page doesn't show Squid used certificates
Merged Viktor Gurov
04:33 AM pfSense Packages Bug #12339 (Feedback): SyslogNG PHP errors after starting the service
Merged Viktor Gurov
04:00 AM Bug #12637 (Feedback): Incorrect SSH key permission after restore
Applied in changeset commit:49eba6609d52d9fca416fd487937c37f1daf98dc. Viktor Gurov
03:54 AM Bug #12649: Allowed IP/Hostname "Direction" option is never used
fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/539 Viktor Gurov

12/28/2021

08:52 PM pfSense Packages Regression #12643: Rule categories are cleared after clicking the save button on the Global Settings page
Tested the patch and it works well; the categories no longer reset.
I still see the following issue noted in the r... Marcos M
01:17 PM Bug #12649 (Closed): Allowed IP/Hostname "Direction" option is never used
The "Direction" (@dir@ in config) is never used in the @captiveportal_allowedip_configure_entry()@:
https://github.c... Viktor Gurov
11:55 AM Bug #11285 (Closed): Kernel crash on ALTQ-enabled wg interfaces
The current validation logic in traffic shaper prevents enabling traffic shaping on tun_wgN interfaces built by the W... Christian McDonald
11:41 AM Bug #11613 (Rejected): Pushing WireGuard traffic out a specific GW using static routes requires a reboot to revert.
This is no longer an issue. Christian McDonald
11:41 AM Bug #11450 (Rejected): Problem with IPv6 netmask /128 in WireGuard
Unable to reproduce with current WireGuard implementation. Christian McDonald
10:44 AM Bug #12648: Undocumented variables 'listenporthttp' and 'listenporthttps'
another port overlap issue - #5786 Viktor Gurov
10:06 AM Bug #12648: Undocumented variables 'listenporthttp' and 'listenporthttps'
I seem to recall that was intentional, as it let people who really needed to adjust it do so by altering config.xml b... Jim Pingle
09:59 AM Bug #12648 (New): Undocumented variables 'listenporthttp' and 'listenporthttps'
It's not possible to set the variables 'listenporthttp' and 'listenporthttps' via WebGUI
and there is no mention in ... Viktor Gurov
07:28 AM pfSense Docs Correction #12647 (Rejected): Feedback on Virtual Private Networks — IPsec — IPsec Configuration
Already fixed in the staged docs a while ago.
http://stage-v22.01.docs.netgate.com/pfsense/en/latest/vpn/ipsec/con... Jim Pingle
03:49 AM pfSense Docs Correction #12647: Feedback on Virtual Private Networks — IPsec — IPsec Configuration
https://gitlab.netgate.com/docs/pfSense-docs/-/merge_requests/28 Viktor Gurov
03:40 AM pfSense Docs Correction #12647: Feedback on Virtual Private Networks — IPsec — IPsec Configuration
see https://redmine.pfsense.org/projects/pfsense/repository/1/revisions/81949bee72813bbd8b57b75563cd40b9cdaf68e0 Viktor Gurov
03:38 AM pfSense Docs Correction #12647 (Rejected): Feedback on Virtual Private Networks — IPsec — IPsec Configuration
*Page:* https://docs.netgate.com/pfsense/en/latest/vpn/ipsec/configure.html
*Feedback:*... Viktor Gurov
07:25 AM pfSense Packages Feature #12646 (Pull Request Review): FRR: Feature request: Expose "nht resolve-via-default" in GUI
Jim Pingle
04:19 AM pfSense Packages Feature #12646: FRR: Feature request: Expose "nht resolve-via-default" in GUI
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/158 Viktor Gurov
07:25 AM Regression #12617 (Feedback): Dynamic DNS client updates using a private IP address when it cannot determine the public IP address
Applied in changeset commit:1fa4c4731bca54652becfb6737bdc3ea8851d6b7. Viktor Gurov
07:11 AM Regression #12617 (Pull Request Review): Dynamic DNS client updates using a private IP address when it cannot determine the public IP address
Jim Pingle
06:52 AM Regression #12617: Dynamic DNS client updates using a private IP address when it cannot determine the public IP address
same fix for DynDNS (non-RFC2136):
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/538 Viktor Gurov
07:12 AM Todo #12624 (Pull Request Review): Reorganize UPnP options
Jim Pingle
05:58 AM Todo #12624: Reorganize UPnP options
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/537 Viktor Gurov

12/27/2021

11:40 PM pfSense Packages Feature #12646 (Resolved): FRR: Feature request: Expose "nht resolve-via-default" in GUI
Multiple scenarios exist where frr.conf needs to contain
@!
ip nht resolve-via-default
ipv6 nht resolve-via-def... M Felden
03:28 PM Bug #12645 (Pull Request Review): ``filterdns`` does not monitor remote IPsec gateways for IPv6 address changes
Jim Pingle
01:35 PM Bug #12645: ``filterdns`` does not monitor remote IPsec gateways for IPv6 address changes
fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/535 Viktor Gurov
01:18 PM Bug #12645 (Resolved): ``filterdns`` does not monitor remote IPsec gateways for IPv6 address changes
if Internet Protocol = IPv6 and Remote Gateway is FQDN, IPv6 address changes are not tracked
@add_hostname_to_watch(... Viktor Gurov
02:08 PM pfSense Docs Todo #12639 (Feedback): Feedback on System Monitoring — System Logs
I cleaned up quite a few outdated clog references and other related info, and updated things to refer to plain text l... Jim Pingle
12:23 PM pfSense Packages Bug #12424 (Resolved): OpenVPN silent install uses incorrect parameters
Works well - tested on Windows 10x64. Marcos M
12:16 PM pfSense Packages Bug #12642 (Feedback): suricata_get_vpns_list() does not include OpenVPN CSO
Merged Viktor Gurov
04:16 AM pfSense Packages Bug #12642: suricata_get_vpns_list() does not include OpenVPN CSO
https://github.com/pfsense/FreeBSD-ports/pull/1132 Viktor Gurov
03:49 AM pfSense Packages Bug #12642 (Resolved): suricata_get_vpns_list() does not include OpenVPN CSO
"Pass List -> Auto-Generated IP Addresses -> VPN Addresses" does not include OpenVPN Client Specific Override
sam... Viktor Gurov
12:16 PM pfSense Packages Regression #12643 (Feedback): Rule categories are cleared after clicking the save button on the Global Settings page
Merged Viktor Gurov
05:54 AM pfSense Packages Regression #12643: Rule categories are cleared after clicking the save button on the Global Settings page
fix:
https://github.com/pfsense/FreeBSD-ports/pull/1133 Viktor Gurov
04:25 AM pfSense Packages Regression #12643 (Resolved): Rule categories are cleared after clicking the save button on the Global Settings page
After clicking the save button on the Global Settings page all rule categories are removed from all interfaces
and I... Viktor Gurov
10:15 AM Regression #12631 (Feedback): Dynamic DNS may not use the correct interface when updating during failover
Applied in changeset commit:c3474eef834d4b77631e961c5569254a8094b12f. Viktor Gurov
08:14 AM Regression #12631 (Pull Request Review): Dynamic DNS may not use the correct interface when updating during failover
Jim Pingle
10:06 AM pfSense Docs Todo #12634 (Closed): Feedback on Services — DNS Resolver — Host Overrides
Fixed: https://gitlab.netgate.com/docs/pfSense-docs/-/commit/5e6d2a97ad2cf84ff4cbdef07da85799285572e7 Jim Pingle
09:32 AM pfSense Docs Correction #12540 (Duplicate): Feedback on pfSense Configuration Recipes — WireGuard Site-to-Site VPN Configuration Example
Will be tracking as https://redmine.pfsense.org/issues/12627
Closing as duplicate. Christian McDonald
09:28 AM pfSense Docs Todo #12627 (Pull Request Review): Feedback on pfSense Configuration Recipes — WireGuard Site-to-Site VPN Configuration Example
Christian McDonald
09:28 AM pfSense Docs Todo #12627: Feedback on pfSense Configuration Recipes — WireGuard Site-to-Site VPN Configuration Example
Fixed here: https://gitlab.netgate.com/docs/pfSense-docs/-/merge_requests/27
Also added some clarification in respon... Christian McDonald
08:49 AM pfSense Docs Todo #12627: Feedback on pfSense Configuration Recipes — WireGuard Site-to-Site VPN Configuration Example
That does appear to be a typo, thanks for letting us know! Jim Pingle
09:26 AM pfSense Docs Correction #12644 (Duplicate): WireGuard S2S Recipe Corrections
(Closed as duplicate of https://redmine.pfsense.org/issues/12627) Christian McDonald
09:11 AM pfSense Docs Correction #12644: WireGuard S2S Recipe Corrections
https://gitlab.netgate.com/docs/pfSense-docs/-/merge_requests/27 Christian McDonald
09:09 AM pfSense Docs Correction #12644 (Duplicate): WireGuard S2S Recipe Corrections
# Fixed some typos concerning the tunnel subnet.
# Added a few notes concerning RFC5737 addresses and routing. Christian McDonald
08:41 AM pfSense Plus Bug #12641 (Not a Bug): OpenVPN GUI Config Editor removes newlines of "Custom options" field in parsing
This is expected behavior and not a bug. As stated in the text under that field and in the documentation, directives ... Jim Pingle
08:29 AM Feature #12636 (Pull Request Review): Automatically create DNS Resolver ACLs for OpenVPN CSO entries
Jim Pingle
08:20 AM Bug #12637 (Pull Request Review): Incorrect SSH key permission after restore
Jim Pingle
08:18 AM Feature #12518 (Pull Request Review): Restore RRD and extra data from configuration backups when restoring during installation
Jim Pingle
08:17 AM Bug #12635 (Pull Request Review): PHP: Error generated when backing up a config file with SSH disabled
Jim Pingle
08:15 AM Bug #12633 (Pull Request Review): Gateway monitoring should mark gateway as "offline" on PPPoE parent interface disconnect
Jim Pingle
08:12 AM Bug #12630 (Not a Bug): States are always created on the default gateway interface.
This is the expected behavior. The outgoing interface is chosen by the operating system routing table and can't be in... Jim Pingle
08:00 AM Feature #9544: Enable ``ROUTE_MPATH`` multipath routing
If that is the case, then we'll pick it up naturally when we rebase onto 13.x or later and we can close this at that ... Jim Pingle
07:55 AM Bug #12628 (Pull Request Review): OpenVPN re-synchronization also synchronizes override entries unnecessarily in some cases
Jim Pingle
07:52 AM Feature #12392 (Pull Request Review): Allow the selection of "any" interface in floating rules
Jim Pingle
07:51 AM Bug #11864 (Pull Request Review): OpenVPN stays bound to previous IP address after interface changes
Jim Pingle
07:47 AM Feature #8861 (Pull Request Review): Show SFP module details on ``status_interfaces.php``
Jim Pingle
03:28 AM Bug #12640 (Duplicate): problem with ssh host key permissions after restore from backup, sshd fails to start
Duplicate of #12637 Viktor Gurov

12/26/2021

03:22 PM pfSense Plus Bug #12641 (Not a Bug): OpenVPN GUI Config Editor removes newlines of "Custom options" field in parsing
# Create an OpenVPN Server using the UI with multiple "custom options", e.g. two Push directives like... Sebastian Wagner
09:09 AM Bug #12640 (Duplicate): problem with ssh host key permissions after restore from backup, sshd fails to start
_figured this should be on redmine, so this is a xpost from https://forum.netgate.com/topic/168618/22-01-problem-with... → luckman212
08:46 AM pfSense Docs Todo #12639 (Closed): Feedback on System Monitoring — System Logs
*Page:* https://docs.netgate.com/pfsense/en/latest/monitoring/logs/index.html
*Feedback:*
The content of the 3r... Steve Tremayne

12/25/2021

02:42 PM pfSense Packages Feature #6651: Loopback interfaces

lo0/Loopback is added
https://redmine.pfsense.org/issues/11186 Alhusein Zawi
12:34 PM pfSense Docs Correction #12469 (Resolved): Automatic outbound NAT rules are applied to the WG interface
Tested against:... Danilo Zrenjanin
11:01 AM Feature #11750 (Resolved): Support for network interfaces using the ``qlnxe`` driver
Tested against:... Danilo Zrenjanin
07:16 AM Bug #12632: Changing an interface IP address and gateway at the console does not save the new gateway if one already exists for the interface
seems to be fixed in #11581
please test on the latest development snapshot Viktor Gurov

12/24/2021

12:38 PM Bug #12638 (Closed): Telegram notification is broken
not an issue, something wrong with my appliance Viktor Gurov
12:31 PM Bug #12638: Telegram notification is broken
fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/534 Viktor Gurov
12:27 PM Bug #12638 (Closed): Telegram notification is broken
Error message:... Viktor Gurov
11:11 AM Feature #12636: Automatically create DNS Resolver ACLs for OpenVPN CSO entries
fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/533 Viktor Gurov
10:27 AM Feature #12636 (Resolved): Automatically create DNS Resolver ACLs for OpenVPN CSO entries
DNS Resolver creates ACLs OpenVPN client/server IPv4/IPv6 tunnel networks entries,
but not for Client Specific Overr... Viktor Gurov
10:53 AM Bug #12637: Incorrect SSH key permission after restore
fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/532 Viktor Gurov
10:49 AM Bug #12637 (Resolved): Incorrect SSH key permission after restore
restore_sshdata() must set 600 permission mode for *_key files:... Viktor Gurov
09:24 AM pfSense Packages Feature #6651 (Feedback): Loopback interfaces
Merged Viktor Gurov
09:23 AM pfSense Packages Bug #12420 (Resolved): rc file is not deleted
Tested with PIMD 0.0.3_5
/usr/local/etc/rc.d/pimd.sh is removed when the service is disabled. Marking the ticket r... Max Leighton
08:49 AM Feature #12518: Restore RRD and extra data from configuration backups when restoring during installation
fix:
https://gitlab.netgate.com/pfSense/FreeBSD-src/-/merge_requests/43
https://gitlab.netgate.com/pfSense/pfSe... Viktor Gurov
07:03 AM Feature #12518: Restore RRD and extra data from configuration backups when restoring during installation
bsdinstaller does not create the '/cf/conf/trigger_restore_config_after_bsdinstall' file for some reason (https://git... Viktor Gurov
05:57 AM pfSense Packages Bug #12206: Certificate Manager page doesn't show Net-SNMP used certificates
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/157 Viktor Gurov

12/23/2021

04:57 PM Feature #12184 (Resolved): GUI options to configure IKE retransmission behavior
Tested with
2.6.0-BETA (amd64)
built on Thu Dec 23 06:20:23 UTC 2021
FreeBSD 12.3-STABLE
The retransmit setti... Max Leighton
04:31 PM Feature #12070: Support for VLAN ``0``
Jim Pingle wrote in #note-2:
> Anything that would potentially touch VLAN0 needs to be aware of potential security pr... C HL
10:59 AM pfSense Packages Bug #12424 (Feedback): OpenVPN silent install uses incorrect parameters
Merged Viktor Gurov
10:59 AM pfSense Packages Bug #12475 (Feedback): OpenVPN Client Export does not show certificate without private key
Merged Viktor Gurov
10:58 AM pfSense Packages Bug #11575 (Feedback): OpenVPN clients cannot pass traffic when reconnecting using the same source port
Merged Viktor Gurov
10:53 AM pfSense Packages Bug #12264 (Feedback): Stray <table> line in squid_monitor.php
Merged Viktor Gurov
10:46 AM pfSense Packages Feature #12281 (Feedback): Add support for Telegram/Pushover notifications
Merged Viktor Gurov
10:45 AM pfSense Packages Bug #12420 (Feedback): rc file is not deleted
Merged Viktor Gurov
10:45 AM pfSense Packages Bug #11098 (Feedback): Backup Files and Directories plugin crashes firewall if /root specified as backup location
Merged Viktor Gurov
10:44 AM pfSense Packages Feature #12246 (Feedback): Load a file into patch textarea
Merged Viktor Gurov
10:44 AM pfSense Packages Bug #12030 (Feedback): Startup Errors for Avahi Package
Merged Viktor Gurov
10:44 AM pfSense Packages Todo #12354 (Feedback): Update haproxy-devel to mitigate CVE-2021-40346
Merged Viktor Gurov
10:44 AM pfSense Packages Bug #12482 (Feedback): Outdated doc links
Merged Viktor Gurov
07:32 AM Bug #12635: PHP: Error generated when backing up a config file with SSH disabled
fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/529 Viktor Gurov
07:11 AM Bug #12635 (Resolved): PHP: Error generated when backing up a config file with SSH disabled
Error reads:... Steve Wheeler
07:28 AM Bug #12633: Gateway monitoring should mark gateway as "offline" on PPPoE parent interface disconnect
fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/528 Viktor Gurov
06:40 AM Bug #12633: Gateway monitoring should mark gateway as "offline" on PPPoE parent interface disconnect
partially implemented in https://github.com/pfsense/pfsense/commit/da836151dbd6dff0f8759ef165b24e0e173b078e,
but it ... Viktor Gurov
06:32 AM Bug #12633 (Resolved): Gateway monitoring should mark gateway as "offline" on PPPoE parent interface disconnect
Instead of waiting for a packet loss threshold, the gateway must be marked as 'offline' on link down event
/etc/rc... Viktor Gurov
06:38 AM pfSense Docs Todo #12634 (Closed): Feedback on Services — DNS Resolver — Host Overrides
*Page:* https://docs.netgate.com/pfsense/en/latest/services/dns/resolver-host-overrides.html
*Feedback:*
Typo i... Andy Kniveton
06:07 AM Regression #12631: Dynamic DNS may not use the correct interface when updating during failover
fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/527 Viktor Gurov
03:11 AM Regression #12631: Dynamic DNS may not use the correct interface when updating during failover
So an update....
I found that the Dynamic DNS option for "Custom" displays a drop down for "Interface to send upda... Neill Lawson-Smith
04:12 AM Bug #12632 (Feedback): Changing an interface IP address and gateway at the console does not save the new gateway if one already exists for the interface
Unable to reproduce:... Viktor Gurov
02:53 AM Bug #12632 (Resolved): Changing an interface IP address and gateway at the console does not save the new gateway if one already exists for the interface
First encoutnered two months ago. Assumed I had done a typo or something and moved on. Now notice this can be reprodu... M Felden
04:03 AM Bug #12629 (Closed): Incorrect sort order on ACB Restore page
not an issue Viktor Gurov
03:34 AM Feature #10732: Warning banner for secondary HA node
1) Using CARP does not mean configured High Availability (XMLRPC sync)
2) What if some interfaces are in MASTER stat... Viktor Gurov
03:30 AM Bug #10513: State issues with policy routing and HA failover
#8100 - maybe related Viktor Gurov

12/22/2021

08:40 PM pfSense Packages Feature #12513: WireGuard Utilization Status (Beyond Active Connection)
Just idea-wise, another representation option attached (which does not need to worry about thresholds) though impleme... Jum Pers
04:26 PM Regression #12631 (Closed): Dynamic DNS may not use the correct interface when updating during failover
Using 2.5.2-RELEASE
I have two interfaces - One WAN (gigabit) and a 4G Data Cell Link (150Mbps) as a secondary.
T... Neill Lawson-Smith
03:44 PM Bug #5476: Does not appear possible to use policy routing for traffic originating from the firewall (self)
Howdy,
just ran into the same problem. Is it on a todo list somewhere? Would be great to know.
Thanks :-) Clif Cox
03:08 PM Bug #12630: States are always created on the default gateway interface.
Maybe this is related? #10513 Marcos M
02:49 PM Bug #12630 (Not a Bug): States are always created on the default gateway interface.
Tested on @21.05@ and @22.01.b.20211220.0600@.
When a service (like OpenVPN) binds to a specific IP, the states al... Marcos M
02:48 PM Feature #9544: Enable ``ROUTE_MPATH`` multipath routing
Jim Pingle wrote in #note62:
> This was too unstable to keep for the time being. Retargeting to Future for now. Will... Alexander Chernikov
12:25 PM Bug #12626 (Feedback): Router Advertisement DNS search domain from one interface may unintentionally be used by other interfaces
Merged Viktor Gurov
01:03 AM Bug #12626: Router Advertisement DNS search domain from one interface may unintentionally be used by other interfaces
PR: https://github.com/pfsense/pfsense/pull/4550 znerol znerol
01:02 AM Bug #12626 (Resolved): Router Advertisement DNS search domain from one interface may unintentionally be used by other interfaces
When Router Advertisements are configured on multiple interfaces, a search string from an earlier interface bleeds ov... znerol znerol
12:25 PM pfSense Docs Correction #12469 (Feedback): Automatic outbound NAT rules are applied to the WG interface
https://github.com/pfsense/pfsense/pull/4541
Merged Viktor Gurov
12:00 PM Feature #12567 (Feedback): Add Dynamic DNS support for Name.com
Applied in changeset commit:6a9fe85fa28fd636949c791f0d1d3d1dd6a89427. Anonymous
11:48 AM Bug #12470 (Feedback): Thermal Sensors Dashboard widget filter for negative values refers to invalid variable
Merged Viktor Gurov
11:40 AM Bug #12629 (Closed): Incorrect sort order on ACB Restore page
First it is sorted by date, then by month
The same issue may be on other pages:... Viktor Gurov
11:02 AM Feature #11750 (Feedback): Support for network interfaces using the ``qlnxe`` driver
Merged Viktor Gurov
07:36 AM Bug #12628: OpenVPN re-synchronization also synchronizes override entries unnecessarily in some cases
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/524 Viktor Gurov
07:27 AM Bug #12628 (Resolved): OpenVPN re-synchronization also synchronizes override entries unnecessarily in some cases
There is no needs to execute it each time Viktor Gurov
07:10 AM Feature #12392: Allow the selection of "any" interface in floating rules
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/523 Viktor Gurov
06:26 AM Bug #11864: OpenVPN stays bound to previous IP address after interface changes
fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/522
we need to create a separate TODO to check/r... Viktor Gurov
05:59 AM Feature #12473: Allow user adjustment of IPsec Keep Alive periodic checks
It should be a global configuration parameter on the system_advanced_network.php page
see https://github.com/pfsen... Viktor Gurov
05:49 AM Regression #12215: OpenVPN does not resync when running on a gateway group
seems related #11570 and #12613 Viktor Gurov
04:36 AM Feature #8861: Show SFP module details on ``status_interfaces.php``
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/521 Viktor Gurov
03:55 AM Bug #12589: Dynamic DNS updates do not respect certificate authority trust store
Marcos Mendoza wrote in #note-5:
> Do we know if the path is replaced rather than appended to? Is it an issue?
It... Viktor Gurov
03:35 AM Feature #11588: Automatically suggest next IP address in Wireguard interface subnet when creating a peer
Hello all, am I able to get any feedback / comments on this pr? Its been sat for 3 months. I'd like to contribute mor... Adam Cooper
02:23 AM pfSense Docs Todo #12627 (Closed): Feedback on pfSense Configuration Recipes — WireGuard Site-to-Site VPN Configuration Example
*Page:* https://docs.netgate.com/pfsense/en/latest/recipes/wireguard-s2s.html
*Feedback:*
Hi I made WireGuard VPN... Robert Erzen

12/21/2021

06:39 PM Feature #12625 (New): Granular logging options for default firewall rules.
Allow the user to control which default firewall rules get logged. Currently, there are checkboxes for:
* default bl... Marcos M
03:35 PM Bug #12589: Dynamic DNS updates do not respect certificate authority trust store
Do we know if the path is replaced rather than appended to? Is it an issue? Marcos M
12:51 PM Todo #12624 (Resolved): Reorganize UPnP options
The UPnP options *Custom presentation URL* and *Custom model number* are in the section for UPnP Access Control Lists... Jim Pingle
12:02 PM pfSense Packages Bug #11575 (Pull Request Review): OpenVPN clients cannot pass traffic when reconnecting using the same source port
Since this is a client problem, and clients on pfSense already get @nobind@ or @lport 0@ at appropriate times, moving... Jim Pingle
11:27 AM pfSense Packages Bug #11575: OpenVPN clients cannot pass traffic when reconnecting using the same source port
bind mode switch feature:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/154 Viktor Gurov
11:38 AM Bug #12621 (Feedback): Fix rare case where /getstats.php might be called without valid post data.
Merged Christian McDonald
11:29 AM Regression #12622: Kernel panic when using ``fq_pie`` limiter scheduler
Ok the reason Viktor Gurov setup didn't page fault is he didn't add child queue to the scheduler(Tested).
The proble... Anonymous
10:52 AM Regression #12622: Kernel panic when using ``fq_pie`` limiter scheduler
This is the configuration I have it set to.
I also tried with noecn still page faulted.
The very same configuration... Anonymous
05:25 AM Regression #12622 (Feedback): Kernel panic when using ``fq_pie`` limiter scheduler
Viktor Gurov
05:25 AM Regression #12622: Kernel panic when using ``fq_pie`` limiter scheduler
Unable to reproduce on 2.6.0.b.20211220.0600
/tmp/rules.limiter:... Viktor Gurov
11:25 AM Regression #12615 (Feedback): MAC passthrough does not work on the latest snapshot
Applied in changeset commit:2fe32b3b168a1a2a3f96e1419eee958e6c10c20b. Viktor Gurov
10:53 AM Regression #12615 (Pull Request Review): MAC passthrough does not work on the latest snapshot
Jim Pingle
09:33 AM Regression #12615: MAC passthrough does not work on the latest snapshot
fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/520 Viktor Gurov
07:27 AM Bug #12614: Pushover notifications fail
Updating subject for release notes. Jim Pingle
07:24 AM Regression #12617: Dynamic DNS client updates using a private IP address when it cannot determine the public IP address
Updating subject for release notes. Jim Pingle
07:16 AM Bug #12527 (Pull Request Review): DHCPv6 server does not skip interfaces configured with invalid ranges
Jim Pingle
05:05 AM Bug #12527: DHCPv6 server does not skip interfaces configured with invalid ranges
fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/519 Viktor Gurov
07:15 AM Bug #6880 (Pull Request Review): Multiple DHCP6 WAN connections leads to multiple dhcp6c clients
Jim Pingle
07:13 AM Bug #12606: ``devd`` is not configured to act on USB interface attach/detach events
That may be the case, but until #9393 is done that is not supported and I don't think we should encourage it. Jim Pingle
05:12 AM Bug #12606: ``devd`` is not configured to act on USB interface attach/detach events
Jim Pingle wrote in #note-3:
> A WAN connectivity failure shouldn't cause the ue0 interface to disappear and reappea... Viktor Gurov
05:48 AM pfSense Packages Bug #8827 (New): Squidguard: ACL redirect modes 'redirect' and 'err page' send unresolvable URLs to the client.
This bugfix is reverted in #11738 Viktor Gurov
05:10 AM pfSense Packages Bug #8827 (Assigned): Squidguard: ACL redirect modes 'redirect' and 'err page' send unresolvable URLs to the client.
Tested on 21.05_p2
With redirect mode 'ext url redirect' I still got
_The following error was encountered while try... Azamat Khakimyanov
04:43 AM pfSense Packages Bug #12623 (Closed): acme.sh package | DNS-ISPConfig settings
We are running a pfSense 2.5.2 on a qemu based virtual machine.
The acme.sh package is used to generate LetsEncryp... Karsten Deubert
04:11 AM pfSense Packages Bug #6339 (Resolved): OpenVPN Client Export package option for "Use Microsoft Certificate Storage" does not specify which certificate to use
Tested on 21.05_2 and on 22.01-BETA (built on Mon Dec 20 06:23:28 UTC 2021
I see that OpenVPN Client Export packa... Azamat Khakimyanov

12/20/2021

04:39 PM Regression #12622 (Resolved): Kernel panic when using ``fq_pie`` limiter scheduler
When ever i try and use the limiter scheduler fq_pie pfsense crashes with a page fault.
I can recover by disabling t... Anonymous
02:39 PM Bug #12621 (Closed): Fix rare case where /getstats.php might be called without valid post data.
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/518 Christian McDonald
02:18 PM pfSense Docs Todo #12596 (Feedback): OpenVPN Site to Site configuration examples should note to change the inactive value
Done: https://gitlab.netgate.com/docs/pfSense-docs/-/commit/ab5d1d7e91350e9ddeb1c8c18fc359f67b1bb84d
Note that I d... Jim Pingle
01:14 PM Bug #12620 (Not a Bug): OpenVPN client custom config options: Stripped newlines corrupt config file
Newlines can't be preserved in that field.
Use a semicolon (@;@) anywhere you need a newline. Jim Pingle
12:55 PM Bug #12620 (Not a Bug): OpenVPN client custom config options: Stripped newlines corrupt config file
In the OpenVPN client config, in order to use tls-crypt-v2,
I uncheck "Leave TLS Key":
Cryptographic Settings -> ... Doobie Brother
12:14 PM Regression #12615: MAC passthrough does not work on the latest snapshot
maybe related to https://github.com/pfsense/pfsense/commit/9dac41af43a5b977a604098688776987c4f76722 Viktor Gurov
10:47 AM pfSense Docs Correction #12598 (Feedback): Alias use with static routes
Updated:
https://gitlab.netgate.com/docs/pfSense-docs/-/commit/51f70a82f9338da60dc485ac03da9c8ca5e143e3 Jim Pingle
10:37 AM Todo #12619 (Resolved): Restart services on interface changes
In addition to https://github.com/pfsense/pfsense/commit/da836151dbd6dff0f8759ef165b24e0e173b078e
@interface_bring_d... Viktor Gurov
09:35 AM Regression #12617 (Feedback): Dynamic DNS client updates using a private IP address when it cannot determine the public IP address
Applied in changeset commit:070fb1a8868bdb780952d2d3532a6059c97bd677. Viktor Gurov
09:25 AM Regression #12617 (Pull Request Review): Dynamic DNS client updates using a private IP address when it cannot determine the public IP address
Jim Pingle
06:01 AM Regression #12617: Dynamic DNS client updates using a private IP address when it cannot determine the public IP address
fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/517 Viktor Gurov
09:23 AM Regression #11570 (Pull Request Review): Gateway monitoring services is not always restarted on interface events, which may prevent a WAN from recovering back to an online state
Jim Pingle
04:37 AM Regression #11570: Gateway monitoring services is not always restarted on interface events, which may prevent a WAN from recovering back to an online state
Partially fixed in https://github.com/pfsense/pfsense/commit/da836151dbd6dff0f8759ef165b24e0e173b078e
+ fix:
http... Viktor Gurov
09:19 AM Bug #12003 (Pull Request Review): Pie and ``fq_pie`` are missing options and do not handle floating point number input correctly
Jim Pingle
07:41 AM pfSense Packages Bug #12475: OpenVPN Client Export does not show certificate without private key
Jim Pingle wrote in #note-5:
> Denis Grilli wrote in #note-4:
> > Can I ask why this fix is not on the public git r... Denis Grilli
07:38 AM pfSense Packages Bug #12475: OpenVPN Client Export does not show certificate without private key
Denis Grilli wrote in #note-4:
> Can I ask why this fix is not on the public git repository?
It hasn't been merge... Jim Pingle
07:28 AM pfSense Packages Bug #12475: OpenVPN Client Export does not show certificate without private key
Can I ask why this fix is not on the public git repository? Denis Grilli
05:43 AM Bug #11960: Gateway Monitoring Traffic Goes Out Default Gateway
Should be fixed in https://github.com/pfsense/pfsense/commit/da836151dbd6dff0f8759ef165b24e0e173b078e Viktor Gurov
03:49 AM pfSense Packages Feature #11022 (Resolved): Add feeds from Firebog.net to pfBlockerNG
pfBlockerNG-devel is the current active branch, there is no needs to test pfBlockerNG Viktor Gurov
 

Also available in: Atom