Project

General

Profile

Activity

From 02/08/2022 to 03/09/2022

03/09/2022

11:40 PM Bug #12920 (Feedback): Gateway behavior differs when the gateway does not exist in the configuration
Applied in changeset commit:c07c5cf5f2387cb2b9efdf25545bafebfa414f00. Viktor Gurov
05:33 PM Bug #12920: Gateway behavior differs when the gateway does not exist in the configuration
Tested fixes on current 22.05 snap on an 1100 and 5100.
The gateway status / dpinger behavior is now the same:
Gatew... Marcos M
01:56 PM Bug #12920 (Pull Request Review): Gateway behavior differs when the gateway does not exist in the configuration
Jim Pingle
12:08 PM Bug #12920 (New): Gateway behavior differs when the gateway does not exist in the configuration
extra fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/666 Viktor Gurov
08:00 AM Bug #12920 (Feedback): Gateway behavior differs when the gateway does not exist in the configuration
Applied in changeset commit:e7954a79ce0d386706dcde2e039ef57875ecee0a. Viktor Gurov
07:34 AM Bug #12920 (Pull Request Review): Gateway behavior differs when the gateway does not exist in the configuration
Jim Pingle
06:21 AM Bug #12920: Gateway behavior differs when the gateway does not exist in the configuration
related to https://github.com/pfsense/pfsense/commit/da836151dbd6dff0f8759ef165b24e0e173b078e
improvement:
https:... Viktor Gurov
05:55 PM Bug #12926 (Duplicate): Changing LAGG type on CARP interfaces makes VIPs go to an "init" State
When changing a LAGG from any mode to another mode while it has child interfaces that are something like VLANs and CA... Kris Phillips
02:42 PM Bug #12925 (Resolved): FQDN in network alias is omitted from OpenVPN networks list
I implemented this new feature (https://redmine.pfsense.org/issues/2668) on our OpenVPN server but have noticed some ... Adrien Carlyle
12:38 PM pfSense Packages Bug #12869 (Feedback): Bind DNS Package AAAA filtering Broken on new ZFS Installs
Merged to devel and 22.01/2.6 Viktor Gurov
07:34 AM pfSense Packages Bug #12869 (Pull Request Review): Bind DNS Package AAAA filtering Broken on new ZFS Installs
Jim Pingle
07:10 AM pfSense Packages Bug #12869 (New): Bind DNS Package AAAA filtering Broken on new ZFS Installs
regression: https://forum.netgate.com/topic/170558/bind-package-9-16_12-reads-from-cf-named-but-changes-in-the-gui-ar... Viktor Gurov
10:59 AM pfSense Packages Bug #12924 (New): DNS Resolver WireGuard ACL Inconsistency
Initially, I had two pfsense nodes connected via the WireGuard package. My tunnel network was 10.0.3.0/30 for p2p. I ... Kevin Mychal Ong
10:57 AM pfSense Packages Bug #12898: Update HAProxy Backend to Latest LTS
FreeBSD-ports merge:
https://github.com/pfsense/FreeBSD-ports/commit/da9ed529f30212fd826aebc3b7e896fce7a15217 Viktor Gurov
08:05 AM pfSense Packages Bug #12898 (Feedback): Update HAProxy Backend to Latest LTS
Applied in changeset pfsense:commit:07fe3d3d60a61621171fbc0a1a5e42c1462fb5ed. Viktor Gurov
10:52 AM Bug #12922: Classless static routes received on DHCP WAN can override chosen default gateway
Rewording the subject to be more precise.
It's unusual to get classless static routes from DHCP in most cases so the... Jim Pingle
10:30 AM Bug #12922 (Confirmed): Classless static routes received on DHCP WAN can override chosen default gateway
Although I'm still running 2.5.2 I believe this bug is also in 2.6.0 based on a diff of the file in question.
I ha... David Myers
10:44 AM Feature #8861: Show SFP module details on ``status_interfaces.php``
I just applied this patch and it fixed the issue. Thanks! Glenn Hall
10:42 AM Feature #8861 (Feedback): Show SFP module details on ``status_interfaces.php``
Merged:
https://github.com/pfsense/pfsense/commit/e4b4c3d2f919621eb7c684c0ed5d7593f255349f Viktor Gurov
07:11 AM Feature #8861 (Pull Request Review): Show SFP module details on ``status_interfaces.php``
Jim Pingle
02:21 AM Feature #8861 (New): Show SFP module details on ``status_interfaces.php``
Glenn Hall wrote in #note-9:
> I am now receiving the following PHP errors when I view the Status-->Interfaces page ... Viktor Gurov
10:41 AM Regression #12884 (Feedback): OpenVPN status display for TAP mode services shows peer-to-peer instead of client list in certain cases
Merged:
https://github.com/pfsense/pfsense/commit/9be20fdf57fe9c9c17aa16542189854dbf1cbebd Viktor Gurov
07:37 AM Regression #12884 (Pull Request Review): OpenVPN status display for TAP mode services shows peer-to-peer instead of client list in certain cases
Jim Pingle
07:17 AM Regression #12884 (New): OpenVPN status display for TAP mode services shows peer-to-peer instead of client list in certain cases
Evan Pearce wrote in #note-9:
> The patch above resolves my issue -- once applied, the user remote access service di... Viktor Gurov
05:07 AM Regression #12884: OpenVPN status display for TAP mode services shows peer-to-peer instead of client list in certain cases
The patch above resolves my issue -- once applied, the user remote access service displays client connections.
How... Evan Pearce
10:40 AM Bug #12923 (Resolved): DHCP "Ignore denied clients" option with MAC Deny list set causes DHCP server to not start
Scenario:
* in DHCP server config, MAC Deny option is set with a MAC address
* user wants to not log that every few... Steve Y
10:36 AM Regression #11545: Primary interface address is not always used when VIPs are present
I have this exact issue on 22.01. It manifests on reboot with OpenVPN server start binding to wrong IP. Note that o... Jeff Quasarano
08:06 AM Feature #12092: Utilize new ``pfctl`` abilities to kill states
Updating subject as this has evolved a bit to encompass both killing by label for rule IDs and killing by gateway. Jim Pingle
07:15 AM pfSense Plus Bug #12919 (Not a Bug): Enabling gateway failover introduces latency increase and causes artificial failover scenario
The symptoms sound similar to #12827 -- it might be worth trying the workaround which is available in the recommended... Jim Pingle
03:25 AM pfSense Plus Bug #12919: Enabling gateway failover introduces latency increase and causes artificial failover scenario
The issue issue is resolved, or rather is not an issue / not an accurate description. The same latency increase to >1... Ash Morris
05:51 AM Bug #12921 (Not a Bug): Interface status shows DHCP down after bouncing interface
This is the correct behavior - if you manually execute @ifconfig eth0 up@, it will not restart DHCPd using the servic... Viktor Gurov

03/08/2022

09:36 PM Feature #8861: Show SFP module details on ``status_interfaces.php``
I am now receiving the following PHP errors when I view the Status-->Interfaces page while running 2.7.0.a.20220308.0... Glenn Hall
07:21 PM Bug #12921 (Not a Bug): Interface status shows DHCP down after bouncing interface
Tested on 22.01 and 21.05. Issue can be reproduced on ESXi with pass-through NIC, and on an @1100@; unable to reprodu... Marcos M
06:59 PM Bug #12920: Gateway behavior differs when the gateway does not exist in the configuration
Some notes:
It shouldn't be an issue for WAN failover on 22.05 given that @dpinger@ starts back up. However, it's ... Marcos M
06:56 PM Bug #12920 (Resolved): Gateway behavior differs when the gateway does not exist in the configuration
The gateway status and @dpinger@ behave differently when the respective gateway entry does not exist in the @config.x... Marcos M
03:24 PM pfSense Plus Bug #12919: Enabling gateway failover introduces latency increase and causes artificial failover scenario
Apologies, affected version should read 22.01. Ash Morris
11:53 AM pfSense Plus Bug #12919: Enabling gateway failover introduces latency increase and causes artificial failover scenario

Forum post: https://forum.netgate.com/topic/170595/sg-5100-wan-failover-at-gigabit-saturation?_=1646751316923
... Ash Morris
11:45 AM pfSense Plus Bug #12919 (Not a Bug): Enabling gateway failover introduces latency increase and causes artificial failover scenario
Forum post: https://forum.netgate.com/topic/170595/sg-5100-wan-failover-at-gigabit-saturation?_=1646751316923
Issu... Ash Morris
01:49 PM Regression #12897: Attempting to decrypt an encrypted backup with the wrong password makes the GUI timeout
Jim Pingle wrote in #note-10:
> I took a slightly different approach since I wasn't a fan of the repetition of the c... Phil Wardt
09:32 AM Feature #12092: Utilize new ``pfctl`` abilities to kill states
Kristof let me know that we do also have @pfctl -k gateway -k x.x.x.x@ which would fill the missing pieces in here. I... Jim Pingle
07:40 AM Feature #12092: Utilize new ``pfctl`` abilities to kill states
The more I consider how this might work the less sure I am that the gateway part would be useful in a way most users ... Jim Pingle

03/07/2022

03:51 PM pfSense Packages Bug #12907: PIMD: Nonexistent interfaces should be hidden/disabled in pimd.conf before bringing up the service
I faced an issue similar to this with the Snort and Suricata packages some time back. I handled it there by always ch... Bill Meeks
10:02 AM pfSense Packages Bug #12907: PIMD: Nonexistent interfaces should be hidden/disabled in pimd.conf before bringing up the service
The base system has no way to scan/inform packages about an interface being removed, it's up to the admin to maintain... Jim Pingle
09:30 AM pfSense Packages Bug #12907: PIMD: Nonexistent interfaces should be hidden/disabled in pimd.conf before bringing up the service
Jim Pingle wrote in #note-1:
> PIMD has options to not behave that way.
>
> Sounds like what you really want is t... Pete Holzmann
08:26 AM pfSense Packages Bug #12907 (Feedback): PIMD: Nonexistent interfaces should be hidden/disabled in pimd.conf before bringing up the service
PIMD has options to not behave that way.
Sounds like what you really want is to have PIMD set to "Bind to None" an... Jim Pingle
03:40 PM Regression #12897: Attempting to decrypt an encrypted backup with the wrong password makes the GUI timeout
I took a slightly different approach since I wasn't a fan of the repetition of the cleanup code.
I also added a PHP ... Jim Pingle
03:27 AM Regression #12897: Attempting to decrypt an encrypted backup with the wrong password makes the GUI timeout
the clean of temp files lines are also maybe excessive. This can only occur if at the end, the GUI times out
Maybe I... Phil Wardt
03:17 AM Regression #12897: Attempting to decrypt an encrypted backup with the wrong password makes the GUI timeout
Jim Pingle wrote in #note-5:
>
> I did, and it worked as expected. It failed in a timely manner with the correct e... Phil Wardt
02:34 PM Feature #12092 (In Progress): Utilize new ``pfctl`` abilities to kill states
Adding basic functions here is pretty straightforward. It's easy enough to add a means to kill states created by a ru... Jim Pingle
02:29 PM pfSense Packages Feature #12918 (New): pfBlockerNG-devel changes from xmlrpc sync do not take effect immediately
When pfBlockerNG-devel syncs its settings (e.g. custom IPv4 list) to a secondary firewall, the settings on the second... Marcos M
01:54 PM pfSense Packages Bug #12917 (Resolved): LoopiaAPI changed
Any users using LoopiaAPI can't issue or renew certificates. This has been fixed upstream at the below link.
https... Christopher Cope
01:34 PM pfSense Packages Bug #12916 (New): pfBlockerNG-devel cron job does not trigger xmlrpc sync
Tested on pfSense 2.6.0 and pfBlockerNG-devel 3.1.0_1
pfBlockerNG-devel option "Enable Sync" with "Sync to host(s) d... Marcos M
01:10 PM Regression #12884 (Feedback): OpenVPN status display for TAP mode services shows peer-to-peer instead of client list in certain cases
Applied in changeset commit:5f3aa9464e9b9b8062faa47e7552552ff3841d92. Viktor Gurov
11:05 AM Regression #12884 (Pull Request Review): OpenVPN status display for TAP mode services shows peer-to-peer instead of client list in certain cases
Jim Pingle
12:10 PM Regression #12915 (Feedback): ``diag_pftop.php`` does not fully encode output
Applied in changeset commit:0d1860181f0660704b3e749bbb0a4c207ad68925. Jim Pingle
11:58 AM Regression #12915 (Confirmed): ``diag_pftop.php`` does not fully encode output
Jim Pingle
11:54 AM Regression #12915 (Resolved): ``diag_pftop.php`` does not fully encode output
diag_pftop.php shows rules without quoting "<>".... Grischa Zengel
11:01 AM pfSense Packages Bug #12912 (Feedback): ACME is failing to fully issue a new certificate
Fix merged, will be in ACME pkg v 0.7_4.
In the meantime, check the debug option on a certificate and it should wo... Jim Pingle
10:44 AM pfSense Packages Bug #12912 (Resolved): ACME is failing to fully issue a new certificate
Creating a new certificate in ACME is not working properly. The GUI output only shows that it generates the private k... Jim Pingle
11:00 AM Bug #12902 (Feedback): DNS Forwarder creates a loop when "Use local DNS, ignore remote DNS servers" is selected
Applied in changeset commit:9a36d90138b5230abeacd80162fca7c4937263de. Viktor Gurov
07:42 AM Bug #12902 (Pull Request Review): DNS Forwarder creates a loop when "Use local DNS, ignore remote DNS servers" is selected
Jim Pingle
11:00 AM Feature #8861 (Feedback): Show SFP module details on ``status_interfaces.php``
Applied in changeset commit:fc455333eedb53ce6fcad1db01d5a736467c997b. Viktor Gurov
10:58 AM pfSense Packages Bug #12670: ACME package writes credentials to system log
If we try this again as a debug option we must test this better, at a minimum:
* Creating a new account key should... Jim Pingle
10:44 AM pfSense Packages Bug #12670 (New): ACME package writes credentials to system log
The debug option added broke several things. It broke the ability to create account keys, and it is breaking new ACME... Jim Pingle
10:21 AM Feature #12687: Option to disable auto-addition of static routes for ``dpinger``
Flole Systems wrote in #note-16:
> Uhm, this PR gets rid of the entries in the routing table. If that's a problem th... Jim Pingle
10:16 AM Feature #12687: Option to disable auto-addition of static routes for ``dpinger``
Uhm, this PR gets rid of the entries in the routing table. If that's a problem then this shouldn't have been merged.
... Flole Systems
09:01 AM Feature #12687: Option to disable auto-addition of static routes for ``dpinger``
Flole Systems wrote in #note-14:
> dpinger binds itself to an interface, the routing table is never used since dping... Jim Pingle
08:55 AM Feature #12687: Option to disable auto-addition of static routes for ``dpinger``
dpinger binds itself to an interface, the routing table is never used since dpinger makes that decision. I am sometim... Flole Systems
08:45 AM Feature #12687: Option to disable auto-addition of static routes for ``dpinger``
#1 should definitely be in its own separate PR with its own feature request. I'm not sure that's viable even without ... Jim Pingle
07:53 AM Feature #12687: Option to disable auto-addition of static routes for ``dpinger``
@jimp I was going to open a new PR for the additional 2 changes:
1) allow same monitor IP to be used across multi... → luckman212
07:41 AM Feature #12687 (Pull Request Review): Option to disable auto-addition of static routes for ``dpinger``
Adding cleanup for routes when activating the option should probably get filed under a separate request, since this i... Jim Pingle
10:10 AM pfSense Docs Todo #12910 (Closed): Add warning to VTI and OpenVPN assignment docs about automatic default gateway
The docs for assigning VTI and OpenVPN interfaces could use a warning about automatic default gateway behavior, simil... Jim Pingle
08:28 AM pfSense Packages Feature #12909 (New): Convert Suricata GeoIP Lookup feature on ALERTS tab to use local GeoIP2 database
Convert the GeoIP lookup feature available on the ALERTS tab in the Suricata package to use the local GeoIP2 database... Bill Meeks
08:13 AM Bug #12906 (Rejected): services_dyndns_edit.php - syntax error
That isn't invalid syntax. It's OK to have a trailing comma on an array entry, and in some cases encouraged as it mak... Jim Pingle
08:05 AM Bug #12905: Add VLAN Re-assignment to Import Interface Mismatch Wizard
There is no "interface mismatch wizard" all it does is present the existing interface assignment screen. So however t... Jim Pingle
07:56 AM pfSense Docs Todo #12908 (Closed): Add notes to e-mail notification docs about Gmail App Passwords
Google is shutting down access to e-mail services with traditional username/password authentication for security reas... Jim Pingle
07:52 AM Feature #12903: alternative authentication methods for email notifications?
I can add a note in the documentation but adding a provider-specific note in the GUI doesn't seem like a good trend t... Jim Pingle
07:49 AM Regression #12904: Intel X500 series interfaces (ixgbe) show incoming errors in 2.6/22.01, whereas they did not in 2.5.2
On the thread the person reporting it says the value of @dev.ix.0.mac_stats.checksum_errs@ correlates to the very low... Jim Pingle
07:35 AM pfSense Packages Bug #12898 (Pull Request Review): Update HAProxy Backend to Latest LTS
They are still putting out 2.2.x releases and it's a smaller and therefore safer jump. If that is OK then after a whi... Jim Pingle
07:32 AM Bug #12901 (Needs Patch): DNS Forwarder refuses valid retries from clients in certain cases
That does sound like a problem inside dnsmasq itself. When they put that into a release and that release gets into po... Jim Pingle

03/06/2022

08:14 PM Bug #7347 (Closed): Config Sync - Breaks on null value
Tested on 22.01 and could not reproduce issue - likely already resolved; closing due to lack of feedback and age. Marcos M
06:37 PM Bug #11864 (Resolved): OpenVPN stays bound to previous IP address after interface changes
Tested on @22.05.a.20220227.0100@; working correctly now. Marcos M
05:41 PM pfSense Packages Feature #9833: ACME: add ability to use custom ACME server
Manny Tew wrote in #note-5:
> + 1 for this as well. This is critical for proper security in a homelab in 2021+ Inval... Manny Tew
05:30 PM pfSense Packages Bug #12907 (Feedback): PIMD: Nonexistent interfaces should be hidden/disabled in pimd.conf before bringing up the service
At this point, pimd is unaware of nonexistent interfaces. This can lead to a kernel panic.
(My case: I removed newly... Pete Holzmann
05:18 PM Regression #12884 (Feedback): OpenVPN status display for TAP mode services shows peer-to-peer instead of client list in certain cases
Feel free to test the following patch and let us know if it resolves your issue:... Marcos M
01:03 PM Bug #12906 (Rejected): services_dyndns_edit.php - syntax error
Syntax error:
https://github.com/pfsense/pfsense/blob/master/src/usr/local/www/services_dyndns_edit.php#L505 BBcan177 .
04:31 AM pfSense Packages Feature #11827: Please include acme deploy folder/scripts
+1 for this as well. Note, the certs seem to be stored in a non-standard acme.sh way under /conf/acme, so more work m... Simon Cosyd
02:16 AM Bug #12895: pfSense single interface upload speed bug
After testing for few days, finally got what is wrong with it. I have to run "pfctl -d" to disable pfsense firewall f... pf bug
01:28 AM pfSense Packages Bug #12898: Update HAProxy Backend to Latest LTS
Kris Phillips wrote in #note-2:
> Viktor Gurov wrote in #note-1:
> > HAProxy-devel is already 2.4 (2026-Q2 (LTS))
... Viktor Gurov

03/05/2022

11:47 PM pfSense Packages Bug #12844 (Resolved): Invalid title link in the apcupsd package dashboard widget
Viktor Gurov
02:47 PM pfSense Packages Bug #12844: Invalid title link in the apcupsd package dashboard widget
Patch works to correct Apcupsd widget link to status page - applied to 22.01 and 22.05.a.20220305.0600 Jordan G
08:46 PM Bug #12871: Some action buttons are always active for firewall rules, even if no rules are selected
The delete button being always available even without selection is present in 2.6/22.01 and 21.05.X/2.5.X. It does t... Kris Phillips
08:38 PM Bug #12905: Add VLAN Re-assignment to Import Interface Mismatch Wizard
Also important to note that this would greatly improve the current situation with importing configs with discrete int... Kris Phillips
08:31 PM Bug #12905 (New): Add VLAN Re-assignment to Import Interface Mismatch Wizard
Currently if an interface is assigned to an interface in an imported config, there is no way to re-assign the interfa... Kris Phillips
08:35 PM pfSense Packages Bug #11530: ntopng 4.2 needs to be updated to 4.3, Bug when accessing a host for details
Sish Kitane wrote in #note-4:
> I can reproduce this in VMs for both 2.5.2 and 2.6. I don't think the new 5.0 packag... Kris Phillips
08:27 PM pfSense Packages Bug #12898: Update HAProxy Backend to Latest LTS
Viktor Gurov wrote in #note-1:
> HAProxy-devel is already 2.4 (2026-Q2 (LTS))
>
> HAProxy-stable update to 2.2 ve... Kris Phillips
01:10 AM pfSense Packages Bug #12898: Update HAProxy Backend to Latest LTS
HAProxy-devel is already 2.4 (2026-Q2 (LTS))
HAProxy-stable update to 2.2 version (2025-Q2 (LTS)):
https://gitlab... Viktor Gurov
04:11 PM Bug #10784 (Closed): HA-sync with ssh keys
Unable to reproduce - tested on 22.01 by checking @/home/<user>/.ssh@ after:
* using default admin account to sync
... Marcos M
03:25 PM Bug #7841 (Closed): CARP Sync Issue - when no internet on standby
Tested on 22.01 following the same steps (blocked secondary node's IP address on upstream firewall). Config sync work... Marcos M
01:34 PM Bug #12892 (Resolved): ``HTTPClient`` option not sent when using UEFI HTTP Boot
Tested against:... Danilo Zrenjanin
01:28 PM Feature #12392 (Resolved): Allow the selection of "any" interface in floating rules

tested 2.7.0.a.20220305.0600 (interface: any) no php error.
 Alhusein Zawi
12:50 PM Bug #12876 (Resolved): Changing RAM disk size does not prompt to reboot
Tested against:... Danilo Zrenjanin
11:50 AM Feature #12903: alternative authentication methods for email notifications?
Jim Pingle wrote in #note-2:
> We can look into other ways to authenticate, but in the Gmail case it should still wo... gavin penney
09:43 AM Feature #12903: alternative authentication methods for email notifications?
We can look into other ways to authenticate, but in the Gmail case it should still work with App Passwords: https://s... Jim Pingle
01:15 AM Feature #12903: alternative authentication methods for email notifications?
oops, i meant to add the email from google, not that it matters that much.... gavin penney
10:48 AM Regression #12904 (Not a Bug): Intel X500 series interfaces (ixgbe) show incoming errors in 2.6/22.01, whereas they did not in 2.5.2
Notes as of the time of filing:
- Errors are only on incoming packets, not outgoing.
- All users reporting so far a... Chris W
10:43 AM Bug #12902 (New): DNS Forwarder creates a loop when "Use local DNS, ignore remote DNS servers" is selected
Confirmed
fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/657 Viktor Gurov
09:17 AM Bug #12902: DNS Forwarder creates a loop when "Use local DNS, ignore remote DNS servers" is selected
No.... Can you please just leave issues that you don't understand for someone else to take care of? Thanks. Or at lea... Flole Systems
09:09 AM Bug #12902: DNS Forwarder creates a loop when "Use local DNS, ignore remote DNS servers" is selected
Flole Systems wrote in #note-2:
> Why should this be related to DNS rebind protection? It happens for any query. Also... Viktor Gurov
04:58 AM Bug #12902: DNS Forwarder creates a loop when "Use local DNS, ignore remote DNS servers" is selected
Why should this be related to DNS rebind protection? It happens for any query. Also on my system DNS rebind protectio... Flole Systems
03:40 AM Bug #12902 (Not a Bug): DNS Forwarder creates a loop when "Use local DNS, ignore remote DNS servers" is selected
Your issue is related to DNS rebind protection,
please read https://docs.netgate.com/pfsense/en/latest/services/dns/... Viktor Gurov
10:42 AM Feature #12687: Option to disable auto-addition of static routes for ``dpinger``
Wow thanks, that was a fast response! I think you simply need to check if the option is set for the current gateway o... Flole Systems
10:23 AM Feature #12687: Option to disable auto-addition of static routes for ``dpinger``
@Flole Systems you're right that in theory you should be able to use the same monitor IP for multiple gateways after ... → luckman212
10:11 AM Feature #12687: Option to disable auto-addition of static routes for ``dpinger``
Also I tried to enable this option for all my Gateways now but the static routes are still there. So it looks like th... Flole Systems
10:02 AM Feature #12687: Option to disable auto-addition of static routes for ``dpinger``
With this change it should be possible to set the same monitor IP on multiple different gateways, right? The GUI isn'... Flole Systems
09:13 AM Feature #12687: Option to disable auto-addition of static routes for ``dpinger``
→ luckman212 wrote in #note-5:
> Thanks Viktor! Ouch, I don't know how I missed that.
>
> I can't see the private... Viktor Gurov
09:03 AM Feature #12687: Option to disable auto-addition of static routes for ``dpinger``
Thanks Viktor! Ouch, I don't know how I missed that.
I can't see the private gitlab but I assume you just removed th... → luckman212
07:54 AM Feature #12687 (New): Option to disable auto-addition of static routes for ``dpinger``
after this merge, the "Gateway Edit Page" has double content
fix:
https://gitlab.netgate.com/pfSense/pfSense/-/me... Viktor Gurov
10:18 AM Bug #12852: Gateway which is forced as inactive does still trigger filter reloads
Maybe the UI is just misleading here: There is an option to disable the gateway monitoring action (which states that ... Flole Systems
09:52 AM Bug #12852: Gateway which is forced as inactive does still trigger filter reloads
I don't need support. I have fixed the issue for me by modifying /etc/rc.gateway_alarm (which by the way unconditiona... Flole Systems
09:07 AM Bug #12852 (Rejected): Gateway which is forced as inactive does still trigger filter reloads
Unable to reproduce this issue - "forced down" gate doesn't trigger filter reload (tested on 22.01/2.6/2.7)
Th... Viktor Gurov
08:19 AM Regression #12827: High latency and packet loss during a filter reload
Why is there any need for hashing? You want to compare rules if I understand that correctly, there's no need to hash ... Flole Systems
06:46 AM Regression #12827: High latency and packet loss during a filter reload
As a status update I added a red-black tree so that rules can be looked up cheaper. Pre-computed md5 hash is used as ... Mateusz Guzik
05:45 AM Feature #8365 (Resolved): Button to copy rules from one interface to another
Tested on the:... Danilo Zrenjanin
05:42 AM Regression #12897: Attempting to decrypt an encrypted backup with the wrong password makes the GUI timeout
And a full patch attached that I properly tested
It should be applied in place of https://redmine.pfsense.org/issues... Phil Wardt
03:50 AM Regression #12897: Attempting to decrypt an encrypted backup with the wrong password makes the GUI timeout
Jim Pingle wrote in #note-5:
> Phil Wardt wrote in #note-4:
> > please test it before merging, even if it looks prope... Phil Wardt
05:35 AM Bug #12896 (Resolved): ``HTTPClient`` option does not work for static mappings
Tested aginst:... Danilo Zrenjanin

03/04/2022

11:25 PM Feature #12903 (New): alternative authentication methods for email notifications?
i have been using gmail for years but they are disabling password only access to accounts.
since pfsense has only pa... gavin penney
08:40 PM Bug #12901: DNS Forwarder refuses valid retries from clients in certain cases
I believe the fix for this could be this patch which seems to be already merged upstream: https://thekelleys.org.uk/g... Flole Systems
06:44 PM Bug #12901 (Resolved): DNS Forwarder refuses valid retries from clients in certain cases
Since upgrading to 22.02 I noticed that some Windows clients are sometimes refusing to load websites. Looking at the ... Flole Systems
06:48 PM Bug #12902 (Resolved): DNS Forwarder creates a loop when "Use local DNS, ignore remote DNS servers" is selected
I am using the DNS Forwarder, I set up a few DNS Servers in System->General Settings. Also I selected "Use local DNS,... Flole Systems
02:46 PM Feature #2505 (Resolved): Toggle button to disable/enable multiple firewall rules
Tested successfully on... Christopher Cope
02:34 PM Regression #12897: Attempting to decrypt an encrypted backup with the wrong password makes the GUI timeout
Phil Wardt wrote in #note-4:
> please test it before merging, even if it looks proper to me
I did, and it worked ... Jim Pingle
02:20 PM Regression #12897: Attempting to decrypt an encrypted backup with the wrong password makes the GUI timeout
Jim Pingle wrote in #note-3:
> Yep, I see it now, too. Good catch, thanks! I merged your PR, it will be in the next ... Phil Wardt
02:18 PM Regression #12897 (Feedback): Attempting to decrypt an encrypted backup with the wrong password makes the GUI timeout
Yep, I see it now, too. Good catch, thanks! I merged your PR, it will be in the next snapshot. Jim Pingle
02:11 PM Regression #12897: Attempting to decrypt an encrypted backup with the wrong password makes the GUI timeout
Jim Pingle wrote:
> Following the changes in #12556 attempting to decrypt an encrypted backup with the wrong password... Phil Wardt
11:21 AM Regression #12897 (Resolved): Attempting to decrypt an encrypted backup with the wrong password makes the GUI timeout
Following the changes in #12556 attempting to decrypt an encrypted backup with the wrong password makes the GUI timeo... Jim Pingle
02:19 PM Bug #12900: Clicking Save & Force Update on a Dynamic DNS entry results in a GUI timeout
It's not just CloudFlare, I'm seeing this on Namecheap as well. Jim Pingle
02:12 PM Bug #12900 (Duplicate): Clicking Save & Force Update on a Dynamic DNS entry results in a GUI timeout
When creating a new Cloudflare Dynamic DNS entry or saving and forcing an update nginx will timeout with 504. The upd... Max Leighton
02:19 PM Todo #12556: Comply with current iteration standards when encrypting and decrypting configuration files
Jim Pingle wrote in #note-18:
> Seems to OK here as well for backup/restore in the regular GUI page and ACB. A negat... Phil Wardt
11:22 AM Todo #12556 (Resolved): Comply with current iteration standards when encrypting and decrypting configuration files
Jim Pingle
11:14 AM Todo #12556: Comply with current iteration standards when encrypting and decrypting configuration files
Seems to OK here as well for backup/restore in the regular GUI page and ACB. A negative side effect seems to be that ... Jim Pingle
09:36 AM Todo #12556: Comply with current iteration standards when encrypting and decrypting configuration files
Jim Pingle wrote in #note-15:
> Changes merged. See commit:dd9b24e95cf90bb5d1c61a693aea3b98b746d539 . Will be in sna... Phil Wardt
01:25 PM Bug #12895: pfSense single interface upload speed bug
Just had more tests, tried the same setup with opnsense, which is also freebsd based is also facing the same issue. H... pf bug
08:03 AM Bug #12895: pfSense single interface upload speed bug
Thanks. If you are confirming this is working for everyone then it is good to know, this is because I was doing this ... pf bug
07:51 AM Bug #12895: pfSense single interface upload speed bug
It's not happening to anyone else but you. It's working fine for thousands of other people. If it's not a configurati... Jim Pingle
07:46 AM Bug #12895: pfSense single interface upload speed bug
I can't confirm if this is configuration problem but I don't think it is, this is because I have tried to mess around... pf bug
07:21 AM Bug #12895 (Rejected): pfSense single interface upload speed bug
Sounds like you have a configuration problem (like needing a lower MTU on WAN).
This site is not for support or di... Jim Pingle
01:22 PM pfSense Packages Bug #12899 (Resolved): Suricata doesn't honor Pass List
It sometimes blocks the hosts defined in the selected Pass List. No matter whether you used IP subnet or Alias under ... Danilo Zrenjanin
01:19 PM pfSense Packages Bug #12898 (Resolved): Update HAProxy Backend to Latest LTS
The version of HAProxy in stable is very old and due to be unsupported at the end of the year. We should really move... Kris Phillips
12:20 PM pfSense Packages Todo #12865: RRD Summary improvements
cherry-picked to 22.01/2.6 Viktor Gurov
07:51 AM pfSense Packages Todo #12865 (Feedback): RRD Summary improvements
Merged to 2.7/22.05:
https://github.com/pfsense/FreeBSD-ports/commit/fb702643e590f7545cbbaf5bd4e5060f9ab293cc Viktor Gurov
12:20 PM pfSense Packages Bug #12869: Bind DNS Package AAAA filtering Broken on new ZFS Installs
cherry-picked to 22.01/2.6 Viktor Gurov
08:04 AM pfSense Packages Bug #12869 (Feedback): Bind DNS Package AAAA filtering Broken on new ZFS Installs
Merged to 2.7/22.05:
https://github.com/pfsense/FreeBSD-ports/commit/a6943737bb6b2df2dcc050bd0db5ebf127be2df4 Viktor Gurov
11:08 AM Feature #12842 (Resolved): Retain descriptions when exporting and importing aliases
Tested successfully on... Christopher Cope
10:56 AM Feature #12773 (Closed): Ability to sort AutoConfigBackup entries
That's not possible because by default the list is sorted "naturally" and no arrow would indicate a valid state since... Jim Pingle
10:51 AM Feature #12773: Ability to sort AutoConfigBackup entries
Tested on... Christopher Cope
08:48 AM Bug #12579 (New): Utilize ``dnctl(8)`` to apply limiter changes without a filter reload
PHP changes:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/654 Viktor Gurov
05:01 AM Bug #12579 (Feedback): Utilize ``dnctl(8)`` to apply limiter changes without a filter reload
https://gitlab.netgate.com/pfSense/FreeBSD-src/-/merge_requests/57 has been merged. Kristof Provost
08:27 AM Regression #11316: Unbound crashes with signal 11 when reloading
I hate to bring up a sore point especially in a closed ticket, but this is _still_ happening for me on two up-to-date... Kevin Grelling
07:55 AM Bug #12896 (Feedback): ``HTTPClient`` option does not work for static mappings
Applied in changeset commit:5c5a7bc874be8228aceffae0b2436a2358aea577. Viktor Gurov
07:37 AM Bug #12896 (Pull Request Review): ``HTTPClient`` option does not work for static mappings
Jim Pingle
01:37 AM Bug #12896: ``HTTPClient`` option does not work for static mappings
fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/652 Viktor Gurov
01:15 AM Bug #12896 (Resolved): ``HTTPClient`` option does not work for static mappings
The HTTPClient option works fine for interfaces and pools, but not for static mappings. Viktor Gurov
07:30 AM Feature #12687 (Feedback): Option to disable auto-addition of static routes for ``dpinger``
PR merged, thanks! Jim Pingle
07:30 AM Feature #12714 (Feedback): Show ``Inactive`` for Hardware Crypto output instead of empty field on System Information dashboard widget when nothing can be accelerated
PR merged, thanks! Jim Pingle

03/03/2022

11:16 PM pfSense Packages Bug #12706: pfBlockerNG and unbound does not work after switching /var to RAM disk
This bug causes a delay in boot processing when the ramdisk option is enabled. If the option is disabled, no delay i... Loh Phat
10:17 PM Bug #12895: pfSense single interface upload speed bug
One more thing to mention, if I run OpenVPN on my PC and connect with some vpn services provider. The upload speed be... pf bug
10:11 PM Bug #12895 (Rejected): pfSense single interface upload speed bug
Reporting a very straightforward bug and it is easy to reproduce.
Tested on 2.4.X 2.5.X 2.6.0, I believe it is also ... pf bug
04:19 PM Regression #12834: Only TCP traffic is passed outbound through IPFW
Excellent! I'm glad to know you are back up and running again. Thank you for the confirmation! Reid Linnemann
04:17 PM Regression #12834: Only TCP traffic is passed outbound through IPFW
Okay thats completely right. After rebooting everything works as expected. Thank you a lot for fixing this!
 B P
04:01 PM Regression #12834: Only TCP traffic is passed outbound through IPFW
You will need to reboot so that all of the ipfw rules are reloaded, have you done so? Reid Linnemann
03:56 PM Regression #12834: Only TCP traffic is passed outbound through IPFW
Maybe i miss something, but after applying the patch i have no connectivity (from captive portal enabled interfaces) ... B P
03:18 PM Regression #12834: Only TCP traffic is passed outbound through IPFW
You can install the "System Patches package":https://docs.netgate.com/pfsense/en/latest/development/system-patches.ht... Jim Pingle
02:35 PM Regression #12834 (Feedback): Only TCP traffic is passed outbound through IPFW
Applied in changeset commit:225f86af947822e6bd6f816f6b8fa926c34fe857. Reid Linnemann
04:19 PM Todo #12556: Comply with current iteration standards when encrypting and decrypting configuration files
Jim Pingle wrote in #note-15:
> Changes merged. See commit:dd9b24e95cf90bb5d1c61a693aea3b98b746d539 . Will be in sna... Phil Wardt
12:51 PM Todo #12556 (Feedback): Comply with current iteration standards when encrypting and decrypting configuration files
Changes merged. See commit:dd9b24e95cf90bb5d1c61a693aea3b98b746d539 . Will be in snapshots tomorrow for testing. Jim Pingle
03:10 PM Bug #12892 (Feedback): ``HTTPClient`` option not sent when using UEFI HTTP Boot
Applied in changeset commit:284878d7d0a82503cf34c6a8983eaecb9e742769. Viktor Gurov
02:41 PM Bug #12892 (Pull Request Review): ``HTTPClient`` option not sent when using UEFI HTTP Boot
Jim Pingle
01:27 PM Bug #12892: ``HTTPClient`` option not sent when using UEFI HTTP Boot
fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/650 Viktor Gurov
07:49 AM Bug #12892: ``HTTPClient`` option not sent when using UEFI HTTP Boot
Related forum thread: https://forum.netgate.com/post/1029319 Jim Pingle
07:47 AM Bug #12892 (Resolved): ``HTTPClient`` option not sent when using UEFI HTTP Boot
Hey thanks for adding support HTTP Boot from issue 11659. I couldn't make it work w/ my systems and notice from a pac... Ben Breard
02:35 PM pfSense Plus Bug #12894: duplicating freshly created certificates through refreshing
You have to force your browser to resubmit the form when in that state. I'm not sure I'd classify that as a bug since... Jim Pingle
02:30 PM pfSense Plus Bug #12894 (New): duplicating freshly created certificates through refreshing
Version 22.01-Release FreeBSD 12.3-Stable
Bug: After successfully creating a certificate. The certificate gets dup... Van Quach
02:29 PM pfSense Packages Feature #12882: Add the option to specify CURLOPT_INTERFACE in pfBlockerNG IPv4/IPv6 lists
>Thanks for the contribution! Its appreciated!
Sure thing! This solves a big problem for me :-)
Your revisions ... Charles Hamilton
02:03 PM pfSense Packages Feature #12882: Add the option to specify CURLOPT_INTERFACE in pfBlockerNG IPv4/IPv6 lists
Great Thanks.
I have done some limited testing and it seems to be ok.
I made some minor formatting changes in ... BBcan177 .
07:46 AM pfSense Packages Feature #12882: Add the option to specify CURLOPT_INTERFACE in pfBlockerNG IPv4/IPv6 lists
Ok, all done! https://github.com/pfsense/FreeBSD-ports/pull/1146 Charles Hamilton
12:25 PM Bug #12893 (Not a Bug): Invalid source address of Unbound
It's not a bug, that traffic is being blocked outbound. Unbound sent a RST+ACK packet after the state from a previous... Jim Pingle
11:56 AM Bug #12893 (Not a Bug): Invalid source address of Unbound
I have noticed some bad traffic leaving with invalid source IP address, which i think it belongs to Unbound traffic.
... Samuel Hanna
09:01 AM pfSense Packages Bug #12891: Trailing space in Acme Account Keys "name" breaks UI functions
Commit: https://github.com/pfsense/FreeBSD-ports/commit/29bab84437fcdde206f205610d341302093fa4f3
Package update is... Jim Pingle
08:47 AM pfSense Packages Bug #12891 (Feedback): Trailing space in Acme Account Keys "name" breaks UI functions
Fix merged. Jim Pingle
08:39 AM pfSense Packages Bug #12891 (Pull Request Review): Trailing space in Acme Account Keys "name" breaks UI functions
This approach is a more comprehensive fix: https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/193
 Jim Pingle
08:25 AM pfSense Packages Bug #12891 (In Progress): Trailing space in Acme Account Keys "name" breaks UI functions
Jim Pingle
12:50 AM pfSense Packages Bug #12891: Trailing space in Acme Account Keys "name" breaks UI functions
fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/192 Viktor Gurov
09:00 AM Feature #8365 (Feedback): Button to copy rules from one interface to another
Applied in changeset commit:15ae0ea0c037af7f2667fc004d2696352a2ad97c. Viktor Gurov
08:26 AM Feature #8365 (Pull Request Review): Button to copy rules from one interface to another
Jim Pingle
03:33 AM Feature #8365 (New): Button to copy rules from one interface to another
Danilo Zrenjanin wrote in #note-8:
> Tested on the:
> [...]
>
> I can confirm that the functionality works as ex... Viktor Gurov
08:30 AM Bug #12876 (Feedback): Changing RAM disk size does not prompt to reboot
Applied in changeset commit:60c2ff124e5e547d110a99a14b5c920c0310634a. Viktor Gurov
12:53 AM pfSense Packages Feature #11531 (Feedback): Show netmap compatible cards in IPS Mode note
Merged Viktor Gurov
12:52 AM Feature #9877: QEMU Guest Agent
There is a feature request for the QEMU package:
https://redmine.pfsense.org/issues/12179 Viktor Gurov

03/02/2022

04:56 PM pfSense Packages Bug #12891 (Resolved): Trailing space in Acme Account Keys "name" breaks UI functions
If any ACME account key is entered into the UI with a trailing space in the name, the pfSense UI becomes unable to ha... Karl Fife
04:11 PM Regression #12834: Only TCP traffic is passed outbound through IPFW
ipfw is now active on layer 3 where it was not previously on 2.5.2. As a result, there are now additional passes of t... Reid Linnemann
02:05 PM pfSense Packages Bug #10656 (Closed): Acme letsencrypt doesn't change private key type
Jim Pingle
02:05 PM pfSense Packages Feature #11948 (Closed): ACME: Support specifying non-default port for nsupdate DNS validation method
Jim Pingle
02:03 PM pfSense Packages Feature #11879 (Feedback): Add support for SSL.com ACME server
The latest version of the ACME package now includes the new CAs.
 Jim Pingle
02:02 PM pfSense Packages Bug #12623 (Feedback): acme.sh package | DNS-ISPConfig settings
The fix for this is now in the latest ACME package. Please update and test it again to see if it works. Jim Pingle
02:01 PM pfSense Packages Todo #12886 (Closed): Update acme.sh from upstream
No problems I can find so far. I picked it back to 22.01/2.6.0 for wider testing. Can tackle new issues as they come. Jim Pingle
12:11 PM Feature #12890 (Rejected): Remove Alias FQDN Resolution
Jim Pingle
12:09 PM Feature #12890 (Rejected): Remove Alias FQDN Resolution
Allowing DNS resolution in aliases creates an unpredictable firewall.
This feature should be removed. Brendon Baumgartner
11:48 AM Feature #8365: Button to copy rules from one interface to another
Tested on the:... Danilo Zrenjanin
11:08 AM Bug #9296: Alias content is sometimes incomplete when an alias contains both FQDN and IP address entries
As a Sidenote: after updating to 2.6.0 a once working ruleset completely broke. I have now restored the backup and ag... Chris K
09:53 AM Bug #9296: Alias content is sometimes incomplete when an alias contains both FQDN and IP address entries
Can you guys try out below workaround for max threads per process? I have been suffering now for weeks with this issu... Chris K
08:37 AM pfSense Packages Feature #12882: Add the option to specify CURLOPT_INTERFACE in pfBlockerNG IPv4/IPv6 lists
Sure thing! I'll close the other pull request, thanks! Charles Hamilton
07:02 AM Bug #12579: Utilize ``dnctl(8)`` to apply limiter changes without a filter reload
With https://gitlab.netgate.com/pfSense/FreeBSD-src/-/merge_requests/57 (a cherry pick of an upstream main commit) dn... Kristof Provost
06:10 AM pfSense Packages Feature #12889 (New): FRR GUI add set ipv6 next-hop global
i need setup this. but frr webgui cant add
https://team-cymru.com/community-services/bogon-reference/bogon-refer... yon Liu
02:30 AM Bug #12887 (Feedback): GUI does not reject an invalid OpenVPN tap mode configuration with an empty tunnel network "Bridge DHCP" disabled
Applied in changeset commit:16acbb346bb4b92f02ca33120b99e5507fab60fa. Viktor Gurov

03/01/2022

09:50 PM Regression #12884: OpenVPN status display for TAP mode services shows peer-to-peer instead of client list in certain cases
I've been able to reproduce it with a configuration that only uses the GUI options and no custom options, attached.
... Evan Pearce
07:37 AM Regression #12884 (Not a Bug): OpenVPN status display for TAP mode services shows peer-to-peer instead of client list in certain cases
The status logic relies on the settings in the GUI fields to determine how to query the OpenVPN management interface.... Jim Pingle
04:49 AM Regression #12884: OpenVPN status display for TAP mode services shows peer-to-peer instead of client list in certain cases
fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/646 Viktor Gurov
12:28 AM Regression #12884 (Resolved): OpenVPN status display for TAP mode services shows peer-to-peer instead of client list in certain cases
Problem: The webConfigurator OpenVPN status shows our TAP-mode "Remote Access (SSL/TLS + User Auth)" VPNs as peer-to-... Evan Pearce
08:56 PM pfSense Packages Feature #12882: Add the option to specify CURLOPT_INTERFACE in pfBlockerNG IPv4/IPv6 lists
Thanks for the PR!
There isn't much development in "pfBlockerNG" as everything is taking place in "pfBlockerNG-devel... BBcan177 .
04:19 PM pfSense Packages Todo #12886 (Feedback): Update acme.sh from upstream
Merged to devel and plus-devel for testing in snapshots. If it's OK there, can pick back to 22.01/2.6.0 Jim Pingle
09:58 AM pfSense Packages Todo #12886 (Closed): Update acme.sh from upstream
It's been a while since the last upstream sync of acme.sh code and bringing in new providers. Need to sync up the for... Jim Pingle
03:13 PM Bug #12888 (New): pfSense sends un-NATed packets during OpenVPN startup
pfSense sometimes fails to NAT the LAN source address for packets sent to the WAN while an OpenVPN tunnel is initiali... b b
03:03 PM Bug #12887 (Pull Request Review): GUI does not reject an invalid OpenVPN tap mode configuration with an empty tunnel network "Bridge DHCP" disabled
Jim Pingle
12:33 PM Bug #12887: GUI does not reject an invalid OpenVPN tap mode configuration with an empty tunnel network "Bridge DHCP" disabled
fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/647 Viktor Gurov
10:42 AM Bug #12887 (Resolved): GUI does not reject an invalid OpenVPN tap mode configuration with an empty tunnel network "Bridge DHCP" disabled
If both "tunnel network" and "Bridge DHCP" options are disabled, an error occurs:... Viktor Gurov
12:45 PM pfSense Packages Bug #12742 (Feedback): freeRADIUS virtual-server-default: modules dailycounter, monthlycounter, noresetcounter, expire_on_login in authorize section prevent virtual server from loading
Thank You!
Merged:
https://github.com/pfsense/FreeBSD-ports/commit/4497706f404be238cdfc41dacc00678ab329e575
http... Viktor Gurov
07:20 AM pfSense Packages Bug #12742: freeRADIUS virtual-server-default: modules dailycounter, monthlycounter, noresetcounter, expire_on_login in authorize section prevent virtual server from loading
For future reference:
https://github.com/FreeRADIUS/freeradius-server/blob/master/doc/antora/modules/raddb/pages/m... Jim Pingle
07:42 AM pfSense Docs Todo #12885 (Closed): Feedback on pfSense® software Configuration Recipes — Virtualizing with Proxmox® VE
That method involves making changes that I wouldn't recommend making to a firewall, especially not in official docume... Jim Pingle
04:56 AM pfSense Docs Todo #12885 (Closed): Feedback on pfSense® software Configuration Recipes — Virtualizing with Proxmox® VE
*Page:* https://docs.netgate.com/pfsense/en/latest/recipes/virtualize-proxmox-ve.html
*Feedback:*
Greetings!
The... Lucky Green
07:39 AM Feature #9877: QEMU Guest Agent
This feature request was only for the binary -- making a pfSense package wrapper for it would be a separate feature r... Jim Pingle
05:54 AM Feature #9877: QEMU Guest Agent
Jim Pingle wrote in #note-9:
> Excluding from release notes since it's only being built and there is no package for ... Lucky Green
07:24 AM Feature #12879 (Pull Request Review): Toggle button to disable/enable multiple entries on NAT pages
Jim Pingle
01:53 AM Feature #12879: Toggle button to disable/enable multiple entries on NAT pages
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/645 Viktor Gurov
05:39 AM Feature #4632: Support for Multipath TCP (MPTCP)
I just increased the bounty for adding *OpenMPTCProuter -like Functionality* in pfSense to *$2,000* . Any takers?
ht... Lucky Green
02:42 AM pfSense Packages Bug #12844 (Feedback): Invalid title link in the apcupsd package dashboard widget
Merged:
https://github.com/pfsense/FreeBSD-ports/commit/086e17ae29cf61d1c09e88167ae73df7877fcae4 Viktor Gurov
02:05 AM Bug #12829: Dummynet kernel module fails to load after upgrade.
Hello everybody,
I can confirm that there are problems with PfSense 2.6.0 release.
I use more than 20 PfSense (some... Luca De Andreis

02/28/2022

07:54 PM pfSense Docs New Content #12883 (Resolved): Add note to DNS Resolver/Forwarder Host Overrides docs about client DNS bypassing the firewall (e.g. DoH)
*Page:* https://docs.netgate.com/pfsense/en/latest/services/dns/resolver-host-overrides.html
*Feedback:*
I have... Walt Stoneburner
02:23 PM Todo #12556: Comply with current iteration standards when encrypting and decrypting configuration files
I used the SG-1000 as a worst case as it's the slowest CPU I had on hand that might still be in general use. For that... Jim Pingle
01:41 PM Todo #12556: Comply with current iteration standards when encrypting and decrypting configuration files
Jim Pingle wrote in #note-11:
> Based on the information in the link I posted previously, I tested iteration values o... Phil Wardt
01:20 PM Todo #12556 (Pull Request Review): Comply with current iteration standards when encrypting and decrypting configuration files
MR: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/644
 Jim Pingle
01:14 PM Todo #12556: Comply with current iteration standards when encrypting and decrypting configuration files
Based on the information in the link I posted previously, I tested iteration values of 310000 and 500000. At 310000 i... Jim Pingle
10:58 AM Todo #12556 (In Progress): Comply with current iteration standards when encrypting and decrypting configuration files
Jim Pingle
01:53 PM pfSense Packages Feature #12882 (Resolved): Add the option to specify CURLOPT_INTERFACE in pfBlockerNG IPv4/IPv6 lists
Sometimes it is desirable to tell cURL to use a specific interface when downloading IPv4/IPv6 pass/block lists. For e... Charles Hamilton
01:31 PM Todo #12881 (Resolved): Update ``dpinger`` to 3.2
Done on both CE and Plus Renato Botelho
01:30 PM Todo #12881 (Resolved): Update ``dpinger`` to 3.2
Denny Page asked us to update dpinger to 3.2. This version adds some logging of the signal number on exit and would ... Renato Botelho
10:30 AM Bug #12536 (Feedback): Setting a default gateway of "None" does not remove the default gateway from the routing table
Applied in changeset commit:aa159178950af447aeb463a5159f4d7ed467eb18. Viktor Gurov
07:13 AM Bug #12536 (Pull Request Review): Setting a default gateway of "None" does not remove the default gateway from the routing table
Jim Pingle
03:58 AM Bug #12536 (New): Setting a default gateway of "None" does not remove the default gateway from the routing table
Alhusein Zawi wrote in #note-7:
> making default GW as "NONE" removes the default GW routing table.
>
> But Mark ... Viktor Gurov
10:18 AM pfSense Docs Todo #12880 (Closed): Update remote backup wget/curl examples to include new form fields
Added and deployed. Jim Pingle
08:41 AM pfSense Docs Todo #12880 (Closed): Update remote backup wget/curl examples to include new form fields
There have been recent additions to so the backup/restore page that are not mentioned on https://docs.netgate.com/pfs... Jim Pingle
07:38 AM Bug #11778: OpenVPN uses 100% CPU after experiencing packet loss
Troy Emmerson wrote in #note-8:
> OpenVPN is historically notorious for high CPU usage to the extent that it can clo... Gavin Owen
07:34 AM Feature #12879 (Resolved): Toggle button to disable/enable multiple entries on NAT pages
This is a request for a toggle button for the NAT rules (Port Forwards, 1:1, Outbound NAT, Npt) that functions the sa... Matthew Drury
07:15 AM Bug #12876 (Pull Request Review): Changing RAM disk size does not prompt to reboot
Jim Pingle
04:30 AM Bug #12876: Changing RAM disk size does not prompt to reboot
fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/643 Viktor Gurov
06:03 AM Feature #4881: Allow NPt to use dynamic IPv6 networks
Hi,
If you want to play with this further, I changed a the wide-dhcpv6 client a bit: https://github.com/csobankesmar... Csoban Kesmarki
03:10 AM Bug #12878 (Incomplete): Traffic shaping by interface, route queue bandwidth inbound, out by a large factor.
Since upgrading to pfSense Plus 22.01 from the latest community edition, my by interface priority queue bandwidth has... Blake Drayson
02:47 AM Bug #12633: Gateway monitoring should mark gateway as "offline" on PPPoE parent interface disconnect
Alhusein Zawi wrote in #note-8:
> GW is waiting for a packet loss threshold, it does not go to offline immediately.
... Viktor Gurov

02/27/2022

10:47 PM pfSense Packages Bug #11530: ntopng 4.2 needs to be updated to 4.3, Bug when accessing a host for details
I can reproduce this in VMs for both 2.5.2 and 2.6. I don't think the new 5.0 package for ntopng solved this and I th... Sish Kitane
07:41 PM Regression #12816: Namecheap Dynamic DNS responses are not parsed properly
Fixed for me thank you Sish Kitane
02:22 PM Bug #12877 (Closed): Cloudflare DynDNS fails to update more than two addresses
This issue may be related to [[https://redmine.pfsense.org/issues/12870]]
This issue also occurs on 2.6.0.
pfSens... Bob Carpenter
11:20 AM Bug #12857: Firewall gateway goes away when making changes to Bridge0 device
After re-saving bridge configuration, default gateway is removed from routing table:... Marcos M

02/26/2022

01:43 PM Feature #8365: Button to copy rules from one interface to another

copy option is shown up.
it will be better if "copy" is changed to be "Paste or apply" in pop up window (attache... Alhusein Zawi
01:04 PM Bug #12633: Gateway monitoring should mark gateway as "offline" on PPPoE parent interface disconnect

GW is waiting for a packet loss threshold, it does not go to offline immediately.
tested by disabling PPPoE serv... Alhusein Zawi
12:27 PM Bug #12536: Setting a default gateway of "None" does not remove the default gateway from the routing table

making default GW as "NONE" removes the default GW routing table.
But Mark Gateway as Down does not remove the... Alhusein Zawi
10:57 AM Bug #12876 (Resolved): Changing RAM disk size does not prompt to reboot
On 2.6 and 22.01 if one changes either RAM Disk Size setting, and saves, the page says "The changes have been applied... Steve Y

02/25/2022

09:28 PM Bug #12259: Intel em NICs Suffering Performance Degradation on FreeBSD12
This can safely be closed since TCP Offload should never be enabled on a Netgate appliance.
However, we should t... Kris Phillips
09:24 PM Regression #12821: Intel e1000 driver (``em``, ``igb``) cannot pass packets tagged with VLAN ``0``
I can confirm the iflib driver issue as well. I may spin up a FreeBSD 12.3 install to compile the newer driver as we... Kris Phillips
04:42 PM Regression #12827: High latency and packet loss during a filter reload
I don't even fully understand why there's hashing going on instead of comparing directly, that doesn't really make an... Flole Systems
10:05 AM Regression #12827: High latency and packet loss during a filter reload
I had a look at the issue with a profiler. While the loop you are mentioning is a problem to some extent, the real is... Mateusz Guzik
04:03 PM Bug #12875 (Resolved): Import zabbix-agent6 and zabbix-proxy6 from FreeBSD Ports
Zabbix 5.4 is being deprecated and Zabbix 6 has been released. We should pull these over from FreeBSD ports.
ht... Kris Phillips
03:55 PM Feature #12855 (Resolved): GUI option to select the user password hashing algorithm
This is working well. I've also added it as a recommended patch option in the new system patches package, so people o... Jim Pingle
03:43 PM Bug #12872: Firewall log tracker ID always returns "4294967295" regardless of rule triggered.
The pkg upgrade and restart resolved the issue.
Thank you Julian Kahumana
03:07 PM Bug #12872: Firewall log tracker ID always returns "4294967295" regardless of rule triggered.
Thank you Julian Kahumana
02:58 PM Bug #12872 (Not a Bug): Firewall log tracker ID always returns "4294967295" regardless of rule triggered.
From that pkg output I'm fairly certain your system was interrupted mid-upgrade and is not running a consistent state... Jim Pingle
02:54 PM Bug #12872: Firewall log tracker ID always returns "4294967295" regardless of rule triggered.
Sorry, I'm not familiar with the process. I was pointed here by BBcan177. I can move this all to the negate forum.
T... Julian Kahumana
02:21 PM Bug #12872 (Incomplete): Firewall log tracker ID always returns "4294967295" regardless of rule triggered.
We still need more information here since we have not yet been able to reproduce this behavior. I've checked over 20 ... Jim Pingle
02:02 PM Bug #12872 (Not a Bug): Firewall log tracker ID always returns "4294967295" regardless of rule triggered.
The issue only showed up after upgrading from 2.5 to to 2.6.
The following is an example from the firewall log. Lo... Julian Kahumana
02:24 PM Feature #12874 (New): OpenVPN RADIUS Framed-Pool
Allow group mappings within OpenVPN via RADIUS server. Each OpenVPN user group would have a unique subnet associated ... Ryan Whitlock
02:10 PM Regression #12873 (Resolved): Hyper-V RSC support in ``hn(4)`` driver is enabled by default and results in very low throughput
RSC support was added to FreeBSD in 12.3 and is included in pfSense 22.01/2.6.
When run in Hyper-V it can create v... Steve Wheeler
12:59 PM pfSense Packages Bug #12802 (Resolved): OpenVPN client imported using Client Import works until first time editing and saving settings (SHA1 replaced with SHA256)
Tested on the:... Danilo Zrenjanin
12:10 PM Bug #12871 (Resolved): Some action buttons are always active for firewall rules, even if no rules are selected
"Delete", "Toggle" (#2505), and "Copy rule" (#8365) buttons at the bottom of the rules page are always active.
All o... Viktor Gurov
10:49 AM pfSense Packages Feature #12246 (Closed): Load a file into patch textarea
Works well, closing. Jim Pingle
09:52 AM Bug #12868: Output from ``pfctl -vvsr`` does not include ``ridentifier`` value in the expected location
https://gitlab.netgate.com/pfSense/FreeBSD-src/-/merge_requests/55
https://gitlab.netgate.com/pfSense/pfSense/-/merg... Kristof Provost
09:47 AM Bug #12868: Output from ``pfctl -vvsr`` does not include ``ridentifier`` value in the expected location
That is unlikely to be related to this. The code that parses the rules for the GUI already catches the proper rtracke... Jim Pingle
09:44 AM Bug #12868: Output from ``pfctl -vvsr`` does not include ``ridentifier`` value in the expected location
There are some users who are experiencing issues with pfSense recording the Tracker ID as "4294967295" which accordin... BBcan177 .
07:16 AM Bug #12868: Output from ``pfctl -vvsr`` does not include ``ridentifier`` value in the expected location
If it's just a leftover remnant then I agree we should remove it. The ridentifier is already visible on the line and ... Jim Pingle
04:00 AM Bug #12868: Output from ``pfctl -vvsr`` does not include ``ridentifier`` value in the expected location
What depends on this?
It's trivial to fix this, but it deviates from upstream. In upstream the rule output always ... Kristof Provost
09:35 AM Feature #8365 (Feedback): Button to copy rules from one interface to another
Applied in changeset commit:2e3018c565c71b8ef44205e4f07080713a564af3. Viktor Gurov
08:58 AM Feature #2505: Toggle button to disable/enable multiple firewall rules
Matthew Drury wrote in #note-10:
> Could this feature also be added to the NAT config pages? (Port Forwards and Outb... Viktor Gurov
08:39 AM Feature #2505: Toggle button to disable/enable multiple firewall rules
Could this feature also be added to the NAT config pages? (Port Forwards and Outbound NAT) Matthew Drury
07:43 AM pfSense Packages Bug #12869 (Pull Request Review): Bind DNS Package AAAA filtering Broken on new ZFS Installs
Jim Pingle
05:52 AM pfSense Packages Bug #12869: Bind DNS Package AAAA filtering Broken on new ZFS Installs
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/188 Viktor Gurov
04:41 AM Bug #12870: Clicking Save & Force Update on a Dynamic DNS entry results in a GUI timeout
But when you disconnect the converter or renew the public IP, the IP was not updated to clodflare. It just only updat... Hong Duong Pham
04:36 AM Bug #12870: Clicking Save & Force Update on a Dynamic DNS entry results in a GUI timeout
Here are related logs:... Danilo Zrenjanin
04:18 AM Bug #12870 (New): Clicking Save & Force Update on a Dynamic DNS entry results in a GUI timeout
Danilo Zrenjanin
04:17 AM Bug #12870: Clicking Save & Force Update on a Dynamic DNS entry results in a GUI timeout
Tested on the:... Danilo Zrenjanin
03:07 AM Bug #12870 (Rejected): Clicking Save & Force Update on a Dynamic DNS entry results in a GUI timeout
This site is not for support or diagnostic discussion.
For assistance in solving problems, please post on the "Net... Viktor Gurov
01:48 AM Bug #12870 (Resolved): Clicking Save & Force Update on a Dynamic DNS entry results in a GUI timeout
The dynamic DNS on Pfsense was not automatically update the IP Address from the network to Cloudflare or any service ... Hong Duong Pham
03:06 AM Bug #12803 (Resolved): Error loading ruleset due to illegal TOS value
Replicated the issue on the:... Danilo Zrenjanin

02/24/2022

03:05 PM Regression #12866 (Feedback): Disabled Captive Portal configuration prevents adding an interface to a bridge
Merged:
https://github.com/pfsense/pfsense/commit/6739d0014695a1fdba77d8c36b6a89ba7252b021 Viktor Gurov
07:37 AM Regression #12866 (Pull Request Review): Disabled Captive Portal configuration prevents adding an interface to a bridge
Jim Pingle
03:33 AM Regression #12866: Disabled Captive Portal configuration prevents adding an interface to a bridge
fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/638 Viktor Gurov
03:26 AM Regression #12866 (Resolved): Disabled Captive Portal configuration prevents adding an interface to a bridge
How to reproduce:
1) Create a Captive Portal on the OPT1 interface
2) Disable Captive Portal
3) Try to create a br... Viktor Gurov
12:38 PM Todo #12556 (New): Comply with current iteration standards when encrypting and decrypting configuration files
Jim Pingle
12:33 PM Bug #12621 (Closed): Fix rare case where /getstats.php might be called without valid post data.
Jim Pingle
10:58 AM pfSense Packages Bug #12869: Bind DNS Package AAAA filtering Broken on new ZFS Installs
Thread that discusses this is here
https://forum.netgate.com/topic/169742/bind-dns-package-aaaa-filtering-problem
 JohnPoz _
10:06 AM pfSense Packages Bug #12869 (Resolved): Bind DNS Package AAAA filtering Broken on new ZFS Installs
Reference this older bug for some background (#10413)
This breaks again in newer installs with zfs file systems du... Dean Weimer
10:35 AM Bug #12800: Suboptimal Password Hashing
In #12863, I propose a (surprisingly simple) solution that dramatically increases the strength of the sha512crypt has... Royce Williams
10:30 AM Feature #12863: dynamically tune sha512crypt rounds
Jim Pingle wrote in #note-2:
> Dynamic tuning sounds like more trouble than it's worth, IMO. We'd have to test and ca... Royce Williams
09:27 AM Feature #12863: dynamically tune sha512crypt rounds
Dynamic tuning sounds like more trouble than it's worth, IMO. We'd have to test and cache the value or test each time... Jim Pingle
12:37 AM Feature #12863: dynamically tune sha512crypt rounds
> and to match the sha512crypt
*match the salts in the various sha512crypt @mkpasswd@ implementations. Royce Williams
12:16 AM Feature #12863 (New): dynamically tune sha512crypt rounds
As touched on in #12800 and #12855, sha512crypt's default number of rounds (5000) can be cracked relatively quickly b... Royce Williams
09:15 AM Bug #12868 (Resolved): Output from ``pfctl -vvsr`` does not include ``ridentifier`` value in the expected location
On 22.01/2.6.0 when looking at the ruleset with @pfctl -vvsr@ the tracker/ridentifier ID should be in parenthesis af... Jim Pingle
08:52 AM Bug #12867 (Not a Bug): In some cases, incorrect subnet settings prevent static routes from being set correctly after a system restart.
The primary use case for L2TP is for L3 connectivity to an ISP, not as an L2TP VPN. For those using it as an ISP auth... Jim Pingle
08:42 AM Bug #12867: In some cases, incorrect subnet settings prevent static routes from being set correctly after a system restart.
Jim Pingle wrote in #note-4:
> I tried to recreate the problem and could not. My subnet mask was always applied corr... RUI YUAN
08:09 AM Bug #12867: In some cases, incorrect subnet settings prevent static routes from being set correctly after a system restart.
I tried to recreate the problem and could not. My subnet mask was always applied correctly. There must be something e... Jim Pingle
07:55 AM Bug #12867: In some cases, incorrect subnet settings prevent static routes from being set correctly after a system restart.
Jim Pingle wrote in #note-1:
> There isn't enough information here. You haven't clearly defined the actual problem o... RUI YUAN
07:53 AM Bug #12867: In some cases, incorrect subnet settings prevent static routes from being set correctly after a system restart.
Jim Pingle wrote in #note-1:
> There isn't enough information here. You haven't clearly defined the actual problem o... RUI YUAN
07:32 AM Bug #12867 (Incomplete): In some cases, incorrect subnet settings prevent static routes from being set correctly after a system restart.
There isn't enough information here. You haven't clearly defined the actual problem or the steps to reproduce it, onl... Jim Pingle
07:28 AM Bug #12867 (Not a Bug): In some cases, incorrect subnet settings prevent static routes from being set correctly after a system restart.
After a simple analysis, it seems that the problem is in the following code range. I suspect it is pfSense_interface_... RUI YUAN
08:10 AM Regression #12862 (Feedback): Some ``sysctl`` OIDs in ``loader.conf.local`` are silently removed
Applied in changeset commit:c2bb95522780cbeffd1bca97c44c673ec7f973f1. Viktor Gurov
07:51 AM Regression #12862: Some ``sysctl`` OIDs in ``loader.conf.local`` are silently removed
> 2. In the case of kern.ipc.nmbclusters the default is too high for low end platforms such as uFW / SG-1100.
> (eg.... Jim Pingle
07:09 AM Regression #12862: Some ``sysctl`` OIDs in ``loader.conf.local`` are silently removed
David Burns wrote:
> 1. Removal of the oid net.link.ifqmaxlen (and resetting it to 128) is particularly problematic ... Viktor Gurov
08:06 AM Bug #12864: Interface mismatch after upgrade to 2.6.0, possibly due to old VLANs
Still, I'd expect if I set up new interface assignments at bootup, and then reboot the router, for pfSense to reboot ... Jernej Simončič
07:22 AM Bug #12864 (Not a Bug): Interface mismatch after upgrade to 2.6.0, possibly due to old VLANs
It's not a bug, it's intended behavior, see #12170
You had leftover configuration in your VLANs that referenced t... Jim Pingle
12:21 AM Bug #12864 (Not a Bug): Interface mismatch after upgrade to 2.6.0, possibly due to old VLANs
I migrated my pfSense config from a different computer around version 2.4.5. The old one had bge and em NICs, and I h... Jernej Simončič
07:34 AM pfSense Packages Todo #12865 (Pull Request Review): RRD Summary improvements
Jim Pingle
03:14 AM pfSense Packages Todo #12865: RRD Summary improvements
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/187 Viktor Gurov
03:01 AM pfSense Packages Todo #12865 (Resolved): RRD Summary improvements
1) Wrong period, mirror date displayed:... Viktor Gurov
07:18 AM pfSense Packages Feature #12860: add mmc-utils package to all images
We already build @mmc-utils@ for Plus and it can be installed manually from the CLI. Trying to build a GUI around it ... Jim Pingle
06:46 AM Regression #12827: High latency and packet loss during a filter reload
Flole Systems wrote in #note-8:
> To add to this: Removing the "set keepcounters" option from /etc/inc/filter.inc see... Michael Novotny
04:08 AM Bug #12857: Firewall gateway goes away when making changes to Bridge0 device
Can't reproduce this on pfSense CE 2.7.0 (2.7.0.a.20220224.0600)
Not tested on 22.01/2.6, but it may be related to h... Viktor Gurov

02/23/2022

07:19 PM Feature #4881: Allow NPt to use dynamic IPv6 networks
And maybe another problem: it seems to me that the states from the firewall are not recognized for NPT-conntections:
... L J
06:35 PM Feature #4881: Allow NPt to use dynamic IPv6 networks
Hi Viktor,
awesome, thank you for this patch. I've trired this on our test system:
From my understanding it is ... L J
06:20 PM Bug #12747: Restarting the logging daemon during rotation also restarts ``sshguard``, leading to frequent log messages
I am seeing this as well. In my case it seems to be every 2 minutes-- quite a lot of log noise! On pfSense 2.6.0.
... Todd Marimon
06:17 PM Regression #12862 (Resolved): Some ``sysctl`` OIDs in ``loader.conf.local`` are silently removed
It is common for advanced pfSense users to make use of FreeBSD /boot/loader.conf.local.
Since release of pfSense C... David Burns
05:35 PM pfSense Packages Feature #12860: add mmc-utils package to all images
This would be helpful/useful now that ZFS is the new default, and/or for folks who don't realize some packages are "r... Steve Y
04:44 PM pfSense Packages Feature #12860 (New): add mmc-utils package to all images
Both Netgate & 3rd party hardware integrators are increasingly using eMMC components.
SATA (& historically SCSI) d... David Burns
05:31 PM pfSense Docs Correction #12861 (Resolved): pfSense hardware tuning guide references obsolete interface loader variable & buffer limits
Some quick feedback on the online doc @https://docs.netgate.com/pfsense/en/latest/hardware/tune.html@
1. There is... David Burns
04:00 PM Regression #11316: Unbound crashes with signal 11 when reloading
@jimp, this is still an open issue. BBcan177 .
03:13 PM Regression #12827: High latency and packet loss during a filter reload
To add to this: Removing the "set keepcounters" option from /etc/inc/filter.inc seems to fix it. So if someone doesn'... Flole Systems
12:05 PM Regression #12827: High latency and packet loss during a filter reload
The current approach of the code mentioned by Kristof is bad in so many ways: There is a lock and within that lock th... Flole Systems
01:39 AM Regression #12827: High latency and packet loss during a filter reload
I can confirm that any rules roload introduces high latency. Even the shutdown of the sync interface (that as far as ... Fabio Giudici
12:15 PM Bug #12761 (Feedback): Input validation prevents configuring wildcard Dynamic DNS records on Google Domains
Applied in changeset commit:e92dded8cbe2e1eb8037b4156255bd603d82958e. Jim Pingle
12:09 PM Bug #12761: Input validation prevents configuring wildcard Dynamic DNS records on Google Domains
Looks like it was only the Namecheap username that was the problem. The definition in the new code was wrong. I pushe... Jim Pingle
10:30 AM Bug #12761 (New): Input validation prevents configuring wildcard Dynamic DNS records on Google Domains
Something in that commit has broken Namecheap DDNS and likely others. For Namecheap it fails to load the password pro... Jim Pingle
11:51 AM pfSense Packages Feature #12658: Adding prometheus metrics to darkstat
I see that the package made it to FreeBSD version 13:
https://freebsd.pkgs.org/13/freebsd-amd64/darkstat-3.0.721.p... Karim Elatov
11:04 AM Feature #12855: GUI option to select the user password hashing algorithm
This has been merged and will be in snapshots soon.
For those who would like to try it out, even on 22.01/2.6.0, i... Jim Pingle
11:00 AM Feature #12855 (Feedback): GUI option to select the user password hashing algorithm
Applied in changeset commit:8ddf2b5a999772754080825f07acf9b6326f1f04. Jim Pingle
10:35 AM Regression #12816 (Feedback): Namecheap Dynamic DNS responses are not parsed properly
Applied in changeset commit:4612721800a1b25bb1fb2d4d7c4ceea6f44f208e. Jim Pingle
10:27 AM Regression #12816: Namecheap Dynamic DNS responses are not parsed properly
The MR should be good enough for now, I've tested it on a few more Namecheap DDNS entries on multiple systems and it ... Jim Pingle
07:11 AM pfSense Packages Feature #12859 (Resolved): Add Zabbix 6.0 LTS (agent and proxy) packages
New LTS release from zabbix. Please add this new version.
https://www.zabbix.com/rn/rn6.0.0
Zabbix 3.0 is out of ... Pim Janssen
07:08 AM Bug #12858 (Duplicate): OpenVPN bug, close connection error
Duplicate of #12817 Jim Pingle
04:02 AM Bug #12858 (Duplicate): OpenVPN bug, close connection error
Dear, If I try to force and close an OpenVPN Client connection an error will be displayed. This happend in the Dashbo... Marco B
03:45 AM Bug #12831: Typo in in /etc/inc/interfaces.inc line 1107
A few remarks:
- I think this issue could have been detected relatively easy quality check, so a nightly build with ... Louis B

02/22/2022

09:13 PM Bug #12857 (New): Firewall gateway goes away when making changes to Bridge0 device
*PFSense* Plus Version: 22.01-RELEASE
*HW:* Netgate 6100
*BIOS:* CORDOBA-02.01.00.05t
*Summary:* When running PF... Bear Sloan
07:55 PM Bug #12840: Upgrade of openvpn-client-export package after 2.6.0 upgrade failed
I have removed the `openvpn` group, and proceeded to reinstall this package. That succeeded.
I'm continuing to tro... Todd Marimon
11:57 AM Bug #12840: Upgrade of openvpn-client-export package after 2.6.0 upgrade failed
Jim Pingle wrote in #note-1:
> Something must have interrupted your upgrade process. The actual upgrade did not full... Todd Marimon
07:45 AM Bug #12840 (Rejected): Upgrade of openvpn-client-export package after 2.6.0 upgrade failed
Something must have interrupted your upgrade process. The actual upgrade did not fully complete or your system couldn... Jim Pingle
03:34 PM Feature #12855 (Pull Request Review): GUI option to select the user password hashing algorithm
Internal MR for initial testing/review: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/636 Jim Pingle
02:05 PM Feature #12855: GUI option to select the user password hashing algorithm
Jim Pingle wrote:
> Though we could offer a higher number of rounds with SHA512, the number of rounds must be identi... Royce Williams
01:09 PM Feature #12855 (Resolved): GUI option to select the user password hashing algorithm
Different scenarios may call for different types of password hashing so it makes sense to give users the choice rathe... Jim Pingle
02:43 PM Todo #12854: Issue with virtual ips and Sync
The reason we are not using the default pfsense HA design is because you cannot use CARP virtual ip on AWS: https://f... Gerald Jimenez
10:44 AM Todo #12854: Issue with virtual ips and Sync
Gerald Jimenez wrote in #note-2:
> We are not using the virtual ips for HA, for HA we use external solution to redir... Jim Pingle
10:25 AM Todo #12854: Issue with virtual ips and Sync
Jim Pingle wrote in #note-1:
> That is not a valid or supported use case of XMLRPC sync. XMLRPC config sync is inten... Gerald Jimenez
10:11 AM Todo #12854 (Rejected): Issue with virtual ips and Sync
That is not a valid or supported use case of XMLRPC sync. XMLRPC config sync is intended for HA, and that isn't valid... Jim Pingle
09:33 AM Todo #12854 (Rejected): Issue with virtual ips and Sync
I have configured 2 pfsense instances with configuration sync between them. In the primary pfsense instance I added a... Gerald Jimenez
02:16 PM Feature #12856 (Duplicate): New Feature Request
Duplicate of #4591 Jim Pingle
01:19 PM Feature #12856 (Duplicate): New Feature Request
A pfsense technical support person named Ryan recommended I make a feature request on this forum. I am coming from a... Lee Barnes
02:05 PM Bug #12800: Suboptimal Password Hashing
As the original reporter, I'd like to echo Royce's words above and thank you for incorporating this into a feature re... Sam K
02:00 PM Bug #12800: Suboptimal Password Hashing
Really like the discussion here! Thank you @royce for all of your analysis which was very informative. I think giving... → luckman212
01:52 PM Bug #12800: Suboptimal Password Hashing
Sounds like a solid way forward - much appreciated!
I do want to point out that whether or not something is dire, vs... Royce Williams
01:13 PM Bug #12800 (Closed): Suboptimal Password Hashing
Moving this over to a feature request to give the user a choice between bcrypt and SHA-512: #12855
Also changing ... Jim Pingle
12:52 PM Feature #8365 (Pull Request Review): Button to copy rules from one interface to another
Jim Pingle
11:46 AM Feature #8365: Button to copy rules from one interface to another
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/635 Viktor Gurov
10:12 AM Feature #12842 (Feedback): Retain descriptions when exporting and importing aliases
Merged:
https://github.com/pfsense/pfsense/commit/538311766974863760762d7e22b8a3e9a8c53cfa Viktor Gurov
07:50 AM Feature #12842 (Pull Request Review): Retain descriptions when exporting and importing aliases
Jim Pingle
10:12 AM Bug #12829: Dummynet kernel module fails to load after upgrade.
Then your problem is different from the one on this issue. Post on the forum to discuss and diagnose your problem. Jim Pingle
10:11 AM Bug #12829: Dummynet kernel module fails to load after upgrade.

cat /var/log/system.log | grep -i dummy --> empty out Evgeny Korostelev
10:08 AM Bug #12829: Dummynet kernel module fails to load after upgrade.
Jim Pingle wrote in #note-9:
> Do you see the same error in the logs from note 1 above about the dummynet module not... Evgeny Korostelev
10:04 AM Bug #12829: Dummynet kernel module fails to load after upgrade.
Evgeny Korostelev wrote in #note-7:
> I have fresh install 2.6.0 and problem with limiter exists.
>
> The problem ap... Jim Pingle
08:50 AM Bug #12829: Dummynet kernel module fails to load after upgrade.
The problem is not relevant on all pfsense 2.6.0 installations
Some random.
how can i help to find the reason ?
No... Evgeny Korostelev
08:45 AM Bug #12829: Dummynet kernel module fails to load after upgrade.
I have fresh install 2.6.0 and problem with limiter exists.
The problem appeared after the upgrade from 2.5.2 -> 2... Evgeny Korostelev
08:34 AM Bug #12829: Dummynet kernel module fails to load after upgrade.
Lewis Smith wrote in #note-5:
> Thank you for getting back to me. A duplicate issue was posted here: https://redmine... Jim Pingle
08:29 AM Bug #12829: Dummynet kernel module fails to load after upgrade.
Jim Pingle wrote in #note-4:
> I can't reproduce this here on a fresh install or upgrade. Limiters are passing traff... Lewis Smith
07:30 AM Bug #12829 (Feedback): Dummynet kernel module fails to load after upgrade.
I can't reproduce this here on a fresh install or upgrade. Limiters are passing traffic as expected and there are no ... Jim Pingle
10:12 AM Bug #12847 (Feedback): On startup "No routing address with matching address" might appear
Merged:
https://github.com/pfsense/pfsense/commit/90f21a78c81778ccd9150ec0d6789efa19b66702 Viktor Gurov
07:51 AM Bug #12847 (Pull Request Review): On startup "No routing address with matching address" might appear
Jim Pingle
07:48 AM Bug #12847: On startup "No routing address with matching address" might appear
I am also seeing on reloading of the rules @all pool addresses must be in the same address family@, probably related/... Flole Systems
01:12 AM Bug #12847 (Confirmed): On startup "No routing address with matching address" might appear
incorrect dynamic resolution of IPv6 gateway address if IPv6 address is not obtained:... Viktor Gurov
10:07 AM Bug #12835: segfault after certificate issue, trying to update from 21.05.2-RELEASE to 22.01 on Netgate SG-1100
It's a hardware issue, not a bug. And there is already a workaround in 22.01 for it. Jim Pingle
09:52 AM Bug #12835: segfault after certificate issue, trying to update from 21.05.2-RELEASE to 22.01 on Netgate SG-1100
Jim, how is a segfault "not a bug"? Such crashes are sometimes even exploitable. Sean McBride
08:00 AM Bug #12835 (Not a Bug): segfault after certificate issue, trying to update from 21.05.2-RELEASE to 22.01 on Netgate SG-1100
Jim Pingle
02:15 AM Bug #12835: segfault after certificate issue, trying to update from 21.05.2-RELEASE to 22.01 on Netgate SG-1100
Actually, I rebooted with filesystem check and that resolved it and allowed the update to complete. Shaun Currier
01:42 AM Bug #12835: segfault after certificate issue, trying to update from 21.05.2-RELEASE to 22.01 on Netgate SG-1100
Also happening to me on Netgate SG-1100. Error message has the same line numbers and appears identical from a quick ... Shaun Currier
10:06 AM Bug #12833: GUI Service Log Filling Up with Cruft
That is a raw web server log, it's not meant to only show notable events, but every access of the web server. That's ... Jim Pingle
08:52 AM Bug #12833: GUI Service Log Filling Up with Cruft
OK. I'm certainly not an expert and it doesn't seem to be causing problems. But, from my point of view, I guess I'd... David Lessnau
07:54 AM Bug #12833 (Not a Bug): GUI Service Log Filling Up with Cruft
It's doing exactly what it's should be doing and logging every request. It's a security concern. If you have no idea ... Jim Pingle
01:34 AM Bug #12833: GUI Service Log Filling Up with Cruft
we can also use the nginx log filtering feature:... Viktor Gurov
08:47 AM Bug #12851: IPSEC Phase 2 - Different Size of Local Network and NAT Translation Network
Jim Pingle wrote in #note-1:
> The GUI may have allowed you to select it, but it wouldn't have been working properly... Michele D'Alessio
08:18 AM Bug #12851 (Not a Bug): IPSEC Phase 2 - Different Size of Local Network and NAT Translation Network
The GUI may have allowed you to select it, but it wouldn't have been working properly. The subnet sizes must be ident... Jim Pingle
07:49 AM Bug #12851 (Not a Bug): IPSEC Phase 2 - Different Size of Local Network and NAT Translation Network
Inside the section:
VPN / IPsec / Tunnels / Edit Phase 2
If I try to change the local network address, the follo... Michele D'Alessio
08:40 AM Bug #12853: Network Address Translation - Pure NAT pfsense freeze after reboot
Jim Pingle wrote in #note-2:
> That option alone does not cause a problem, there may be something in your ruleset co... Antonio Pesce
08:34 AM Bug #12853: Network Address Translation - Pure NAT pfsense freeze after reboot
Jim Pingle wrote in #note-2:
> That option alone does not cause a problem, there may be something in your ruleset co... Michele D'Alessio
08:25 AM Bug #12853 (Feedback): Network Address Translation - Pure NAT pfsense freeze after reboot
That option alone does not cause a problem, there may be something in your ruleset contributing but as stated there i... Jim Pingle
08:19 AM Bug #12853: Network Address Translation - Pure NAT pfsense freeze after reboot
Michele D'Alessio wrote:
> In the menu "System / Advanced / Firewall & NAT" (as shown in the image attached), if I a... Antonio Pesce
08:11 AM Bug #12853 (Closed): Network Address Translation - Pure NAT pfsense freeze after reboot
In the menu "System / Advanced / Firewall & NAT" (as shown in the image attached), if I apply the following changes t... Michele D'Alessio
08:39 AM pfSense Docs Correction #11998 (Closed): Feedback on Hardware — Hardware Tuning and Troubleshooting
Merged Jim Pingle
08:37 AM Feature #12392 (Feedback): Allow the selection of "any" interface in floating rules
Merged:
https://redmine.pfsense.org/projects/pfsense/repository/1/revisions/8a350814ea5748a5eba445e3a40b278164c3816d... Viktor Gurov
07:48 AM Feature #12392 (Pull Request Review): Allow the selection of "any" interface in floating rules
Jim Pingle
08:27 AM Bug #12850: Console error during boot: ``route: route has not been found``
Jim Pingle wrote in #note-1:
> I've seen this as well, though it appears to be harmless as there are no ill effects ... Michele D'Alessio
08:20 AM Bug #12850: Console error during boot: ``route: route has not been found``
Michele D'Alessio wrote:
> Similar to bug #8497,
>
> during boot, the console logs numerous identical errors:
> ... Antonio Pesce
08:16 AM Bug #12850: Console error during boot: ``route: route has not been found``
I've seen this as well, though it appears to be harmless as there are no ill effects I've noticed. Jim Pingle
07:33 AM Bug #12850 (New): Console error during boot: ``route: route has not been found``
Similar to bug #8497,
during boot, the console logs numerous identical errors:
route: route has not been found
... Michele D'Alessio
08:04 AM Bug #12852 (Rejected): Gateway which is forced as inactive does still trigger filter reloads
I have a flapping gateway at the moment so I have forced it as offline using the checkbox in the gateway options. I a... Flole Systems
07:50 AM Bug #12843 (Not a Bug): Port Forward Source Network Does Accept Alias
Jim Pingle
07:46 AM pfSense Packages Bug #12844 (Pull Request Review): Invalid title link in the apcupsd package dashboard widget
Jim Pingle
07:44 AM Todo #12838 (Rejected): Frontend updates and cleanup
I don't see this getting accepted as is. It is difficult to verify that the content of the files is unmodified compar... Jim Pingle
07:38 AM Bug #12837 (Rejected): ipv6 block Rule is set even after disabling
I can't reproduce this. If the "Allow IPv6" box is checked, the rule in question is not present in the ruleset and is... Jim Pingle
07:35 AM Bug #12836 (Rejected): pfSense ipv6 Only Update not possible
The package servers already have IPv6 addresses and connectivity. There may be a problem with the IPv6 path between y... Jim Pingle
07:27 AM Regression #12827: High latency and packet loss during a filter reload
FYI. This latency also occurs when any rules, traffic shaper, etc. (anything that reloads the rules) are applied/modi... Michael Novotny
06:46 AM Bug #12849 (New): pfsync kernel crash on reboot
pfSense Plus 22.01, Netgate 5100 appliance:... Viktor Gurov
02:01 AM Feature #12848 (New): Evaluation of the DynDNS "Result Match" string
Hi,
first of all - thanks for the great work.
In the DynDNS client you can use "Result Match" to check the succes... Stefan Heck

02/21/2022

11:42 PM Bug #12846 (Duplicate): Illegal tos value for certain diffserv values
Duplicate of #12803 Viktor Gurov
07:42 PM Bug #12846: Illegal tos value for certain diffserv values
Reverting it does not fix the issue, probably the patch for pf is missing. Flole Systems
07:40 PM Bug #12846 (Duplicate): Illegal tos value for certain diffserv values
After upgrading to 2.6.0 I am getting for one of my rules:
@illegal tos value 24 - The line in question reads [704... Flole Systems
09:53 PM pfSense Docs Correction #11998 (Waiting on Merge): Feedback on Hardware — Hardware Tuning and Troubleshooting
Marcos M
09:52 PM pfSense Docs Correction #11998: Feedback on Hardware — Hardware Tuning and Troubleshooting
https://gitlab.netgate.com/docs/pfSense-docs/-/merge_requests/32
Queue count is set automatically according to vCP... Marcos M
08:24 PM Feature #12392: Allow the selection of "any" interface in floating rules
I hit that php error once on 22.05, but I can't seem to reproduce it now to test the patch.
Edit: I was able to repr... Marcos M
12:58 AM Feature #12392 (New): Allow the selection of "any" interface in floating rules
PHP error after editing rules on a non-floating page:... Viktor Gurov
08:22 PM Bug #12847 (Resolved): On startup "No routing address with matching address" might appear
I have a Gateway group named Main_V6 for IPv6 and after a reboot I am seeing
@no routing address with matching add... Flole Systems
01:21 PM Bug #12678 (Resolved): Applying firewall rule changes does not clear dirty flag for aliases subsystem
Tested and working correctly on... Christopher Cope
10:40 AM pfSense Packages Bug #12845: softflowd wrong vlan tag
similar to #9486 Viktor Gurov
10:13 AM pfSense Packages Bug #12845 (New): softflowd wrong vlan tag
When I try to send information about the vlan through IPFIX or Netflow v9, the vlan tag is incorrectly entered in the... Semyon Poklad
10:33 AM Bug #12833: GUI Service Log Filling Up with Cruft
Currently, pfSense syslog uses the "-c -c" option to disable the compression of repeated instances of the same line ... Viktor Gurov
10:27 AM Bug #12843: Port Forward Source Network Does Accept Alias
You are correct. I can now get it to work. I'm not sure what happened yesterday to prevent it. It may have been that ... Steve Matos
01:12 AM Bug #12843 (Feedback): Port Forward Source Network Does Accept Alias
Unable to reproduce - I can successfully use aliases as a source network address by selecting "Single host or alias"
... Viktor Gurov
10:15 AM Bug #12747: Restarting the logging daemon during rotation also restarts ``sshguard``, leading to frequent log messages
it seems to be related to #12833 Viktor Gurov
10:13 AM Feature #12839 (Rejected): fail2ban
The fail2ban functionality is already implemented in Login Protection (sshguard):
https://docs.netgate.com/pfsense/e... Viktor Gurov
09:30 AM Bug #12831 (Resolved): Typo in in /etc/inc/interfaces.inc line 1107
fixed Viktor Gurov
07:23 AM Bug #12828: pfSense keeps crashing (Fatal trap 12: page fault while in kernel mode)
Apparently I can sometimes use the 5GHz when I change the config from 2.4 Ghz to 5Ghz however as soon as I reboot and... hugo s
03:37 AM Regression #12827: High latency and packet loss during a filter reload
I strongly suspect https://github.com/pfsense/FreeBSD-src/commit/a5a03901798c76f1f7c77535a2282a60f54b0ec2 is the main... Kristof Provost
03:03 AM pfSense Packages Bug #12623: acme.sh package | DNS-ISPConfig settings
Still an issue after updating to Acme 0.6.10_1 Morten Trab
01:37 AM Feature #12842: Retain descriptions when exporting and importing aliases
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/633 Viktor Gurov
12:11 AM pfSense Packages Bug #12844: Invalid title link in the apcupsd package dashboard widget
fix:
https://github.com/pfsense/FreeBSD-ports/pull/1110 Viktor Gurov
12:11 AM pfSense Packages Bug #12844 (Resolved): Invalid title link in the apcupsd package dashboard widget
clicking on the widget title results in an error:
https://192.168.1.1/apcupsd.widget.php - 404 not found
 Viktor Gurov

02/20/2022

06:16 PM Regression #11545: Primary interface address is not always used when VIPs are present
I also have not seen this post install of 22.01. Denny Page
03:49 PM Bug #12843 (Not a Bug): Port Forward Source Network Does Accept Alias
When creating a new NAT Port Forward (or editing an existing one) and configuring a Source network, the interface wil... Steve Matos
03:45 PM Feature #12842 (Resolved): Retain descriptions when exporting and importing aliases
When using the "Export to File" button when editing an alias under Firewall -> Aliases, only the networks/hosts that ... Steve Matos
11:21 AM Bug #12840 (Rejected): Upgrade of openvpn-client-export package after 2.6.0 upgrade failed
I just upgraded from pfsense 2.5.2 to 2.6.0. Several packages did not auto upgrade (I don't know if they should have)... Todd Marimon
10:47 AM Feature #12839 (Rejected): fail2ban
Ability to protect GUI (192.168.1.1) with fail2ban package Evgeny Litvinov
04:57 AM Todo #12838 (Rejected): Frontend updates and cleanup
Currently, there are a lots of non-minified files (/js/vendor folder), reducing front-end performance. I've minified ... GChuf 6
02:16 AM Bug #12837 (Rejected): ipv6 block Rule is set even after disabling
Good Day,
When disabling ipv6 block rule under System - Advanced - Networking even ipv6 is not possible (without p... Peter Lustig
02:12 AM Bug #12836 (Rejected): pfSense ipv6 Only Update not possible
Good Day,
on pfSense 2.5.2 and also 2.6.0 it seems impossible to get updates by ipv6 connection only. Update and G... Peter Lustig

02/19/2022

09:59 PM Bug #12835: segfault after certificate issue, trying to update from 21.05.2-RELEASE to 22.01 on Netgate SG-1100
Thanks for your reply, I'll give that a try.
But I don't think I can agree with "this isn't a bug with software". ... Sean McBride
09:47 PM Bug #12835: segfault after certificate issue, trying to update from 21.05.2-RELEASE to 22.01 on Netgate SG-1100
This isn't a bug with software, but is an issue with the chip that handles authentication to the repo. If you go to ... Kris Phillips
07:21 PM Bug #12835 (Not a Bug): segfault after certificate issue, trying to update from 21.05.2-RELEASE to 22.01 on Netgate SG-1100
On my Netgate SG-1100 I used the GUI to update from 21.05.2-RELEASE to 22.01. It failed, ending with the following:
... Sean McBride
09:41 PM Regression #11545: Primary interface address is not always used when VIPs are present
I haven't seen this occur at all in 22.01/2.6. Kris Phillips
08:21 PM Regression #12834: Only TCP traffic is passed outbound through IPFW
This doesn't actually appear to be a NAT issue, the NAT pf states are all created as expected.
Rather it appears t... Steve Wheeler
03:56 PM Regression #12834 (Resolved): Only TCP traffic is passed outbound through IPFW
As already described in forum the outbound nat is not working for udp packets since upgrading to 2.6.
https://fo... B P
06:34 PM Bug #12829: Dummynet kernel module fails to load after upgrade.
Have had to downgrade for now as the internet connection can become quite unusable without the queues. Happy to set u... Lewis Smith
07:45 AM Bug #12829: Dummynet kernel module fails to load after upgrade.
I have tried only applying a limiter in the upload direction, as that was a proposed workaround for the 2.5.0 issue, ... Lewis Smith
05:17 PM Bug #12831: Typo in in /etc/inc/interfaces.inc line 1107
Lewis Smith wrote in #note-1:
> Just to confirm, this only appeared after creating a LAGG interface?
I see it's alre... Jason Foley
09:25 AM Bug #12831 (Feedback): Typo in in /etc/inc/interfaces.inc line 1107
Applied in changeset commit:cc920eb3b3ebd37c0a905264518e5cbf836ff55e. Jim Pingle
07:47 AM Bug #12831: Typo in in /etc/inc/interfaces.inc line 1107
Just to confirm, this only appeared after creating a LAGG interface? Lewis Smith
03:24 AM Bug #12831 (Resolved): Typo in in /etc/inc/interfaces.inc line 1107
This typo caused a crash on boot. (attached)
mwexec("/sbin/ifconfig " escapeshellarg($laggif) . " laggproto " . es... Jason Foley
04:54 PM Feature #12392: Allow the selection of "any" interface in floating rules
Any selection is present when creating a floating rule in 22.05.a.20220219.0600, wasn't fully sure how to validate th... Jordan G
01:37 PM Bug #12833: GUI Service Log Filling Up with Cruft
Sorry. Filling up with nginx messages. Here's a link to the forum thread:
https://forum.netgate.com/topic/170081... David Lessnau
01:31 PM Bug #12833 (Not a Bug): GUI Service Log Filling Up with Cruft
Starting with 2.6.0 (but I've updated to 22.1 and it's still happening), the GUI Service log at:
Status > System L... David Lessnau
12:07 PM Bug #12800: Suboptimal Password Hashing
If this change is for potential compliance purposes, such as FIPS, a good compromise might be:
* Expose a UI eleme... Royce Williams
11:56 AM pfSense Plus Feature #12832 (New): 6100 configurable Blinking Blue LED
The blinking blue like for "normal operation status" feels like an "everything is ok ALARM!!!!"
I'd like to see an... shawn butts
11:25 AM Bug #9296: Alias content is sometimes incomplete when an alias contains both FQDN and IP address entries
!clipboard-202202191221-tmdxs.png!
Should this really be a low priority?
Seems like improper alias tables could p... → luckman212
08:02 AM Bug #9296: Alias content is sometimes incomplete when an alias contains both FQDN and IP address entries
I thought this would have been fixed with 2.6. I had to reenable the cron workaround. Oh well. D D
09:28 AM Bug #12830 (Duplicate): Traffic Shaper (Limiters) broken
Duplicate of #12829 Jim Pingle
07:49 AM Bug #12830: Traffic Shaper (Limiters) broken
My hardware configuration is 4 nic
vendor = 'Intel Corporation'
device = 'I211 Gigabit Network Connection'
 Evgeny Korostelev
04:55 AM Bug #12830: Traffic Shaper (Limiters) broken
Evgeny Korostelev wrote:
> pfSense CE 2.6.0 Stable
> If the Firewall rule is used Traffic Shaper (Limiters), then t... Mikael 86
04:33 AM Bug #12830: Traffic Shaper (Limiters) broken
Evgeny Korostelev wrote in #note-1:
> After update from CE 2.5.2 to 2.6.0 -> stop working traffic limiters
Duplic... Lewis Smith
03:27 AM Bug #12830: Traffic Shaper (Limiters) broken
After update from CE 2.5.2 to 2.6.0 -> stop working traffic limiters Evgeny Korostelev
01:15 AM Bug #12830 (Closed): Traffic Shaper (Limiters) broken
pfSense CE 2.6.0 Stable
If the Firewall rule is used Traffic Shaper (Limiters), then the traffic stops going. Evgeny Korostelev
04:42 AM Feature #12819: GUI option to configure layers for LACP hash
I am getting a syntax error in interfaces.inc at 1107 on boot up that drops pfsense to login prompt.
Are we missin... Ronald Schellberg

02/18/2022

09:26 PM Bug #12723 (Resolved): Disallow remote gateway of ``0.0.0.0`` for VTI mode

it is not allowed to add 0.0.0.0 as remote GW if there is a VTI as P2 and it is not allowed to add VTI if the ... Alhusein Zawi
08:12 PM Bug #12829: Dummynet kernel module fails to load after upgrade.
I get the following errors in the System Logs:
@Feb 19 01:58:37 php 420 rc.bootup: The command '/sbin/kldload d... Lewis Smith
07:52 PM Bug #12829 (Closed): Dummynet kernel module fails to load after upgrade.
pfSense 2.6.0 - Fresh upgrade.
When creating a limiter and assigning it in a floating rule, all traffic stops from... Lewis Smith
04:58 PM Bug #12828 (New): pfSense keeps crashing (Fatal trap 12: page fault while in kernel mode)
Description
pfSense 2.6.0 keeps rebooting and crashing after I created more than one wireless interface in 5ghz.
... hugo s
03:13 PM Regression #12827: High latency and packet loss during a filter reload
I have replicated this with a generated ruleset between 21.05.2 and 22.01:... Steve Wheeler
02:35 PM Regression #12827 (Resolved): High latency and packet loss during a filter reload
Every 15 minutes I am seeing 2 seconds latency that disrupts VPN, VoIP between sites, video conferencing, etc.
I h... Michael Novotny
02:40 PM Feature #12819 (Feedback): GUI option to configure layers for LACP hash
Applied in changeset commit:47eecb1666078d8183543c13a2bf9c2e77838838. Viktor Gurov
07:57 AM Feature #12819 (Pull Request Review): GUI option to configure layers for LACP hash
Jim Pingle
04:04 AM Feature #12819: GUI option to configure layers for LACP hash
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/630 Viktor Gurov
02:38 PM Bug #12826 (Not a Bug): After update to 2.6.0 OpenVPN status don't show TUN server info in Remote Access mode
Your GUI options and custom options combined are putting OpenVPN into a mode the status doesn't expect and has no way... Jim Pingle
02:13 PM Bug #12826 (Not a Bug): After update to 2.6.0 OpenVPN status don't show TUN server info in Remote Access mode
After update to 2.6.0 OpenVPN status don't show TUN server info in Remote Access mode
Looks like this issue https://... alexey kalachev
02:18 PM Bug #12811: Services are not restarted when PPP interfaces connect
Sadly, after applying those patches, the problem still persists.
Is there any way I could help you to narrow it down? Oskar Stroka
03:36 AM Bug #12811: Services are not restarted when PPP interfaces connect
Oskar Stroka wrote in #note-6:
> Thanks a lot guys :)
> Is there an easy way for me to implement this change?
Y... Viktor Gurov
01:29 AM Bug #12811: Services are not restarted when PPP interfaces connect
Thanks a lot guys :)
Is there an easy way for me to implement this change? Oskar Stroka
12:23 PM Bug #12825 (Duplicate): PHP Fatal error when attempting to kill an established OVPN connection via the dashboard widget
Duplicate of #12817 Jim Pingle
11:13 AM Bug #12825: PHP Fatal error when attempting to kill an established OVPN connection via the dashboard widget
Issue occurred using 22.01 on a 5100. Nick Goehring
11:12 AM Bug #12825 (Duplicate): PHP Fatal error when attempting to kill an established OVPN connection via the dashboard widget
Had an issue this evening when trying to manually kill an OVPN connection via the widget on the dashboard. Widget dis... Nick Goehring
12:13 PM Bug #12781 (Resolved): DNS Resolver help text for **System Domain Local Zone Type** option refers users to ``unbound.conf(5)`` man page instead of pfSense docs
Tested on:... Danilo Zrenjanin
10:47 AM pfSense Packages Bug #12822: IPv4 Source ASN format not working
Thanks for the report.
I think the issue is prefixing the input selection with with "AS" or "as".
The ASN list... BBcan177 .
04:09 AM pfSense Packages Bug #12822 (Confirmed): IPv4 Source ASN format not working
On the new pfSense release 2.6 / 22.01 pfBlockerNG devel (3.1.0_1), the web page hangs when defining ASN with the cho... Danilo Zrenjanin
10:25 AM pfSense Packages Bug #12815 (Resolved): invalid IPv6 ACCEPTFILTER prefix-list
Viktor Gurov
10:18 AM pfSense Packages Bug #12815: invalid IPv6 ACCEPTFILTER prefix-list
Will do when/if i need it, for now I consider the issue resolved =) beermount beermount
10:12 AM pfSense Packages Bug #12815: invalid IPv6 ACCEPTFILTER prefix-list
beermount beermount wrote in #note-9:
> This patch works for me, mainly because it removes the ipv6 protocol lines. ... Viktor Gurov
10:02 AM pfSense Packages Bug #12815: invalid IPv6 ACCEPTFILTER prefix-list
This patch works for me, mainly because it removes the ipv6 protocol lines. The commit does seem to cover if Accept F... beermount beermount
08:27 AM pfSense Packages Bug #12815 (Feedback): invalid IPv6 ACCEPTFILTER prefix-list
Merged:
https://github.com/pfsense/FreeBSD-ports/commit/57918af9a19a9bec4ea8ca080f46c16517eeda7a Viktor Gurov
07:48 AM pfSense Packages Bug #12815 (Pull Request Review): invalid IPv6 ACCEPTFILTER prefix-list
Jim Pingle
10:25 AM Feature #4881 (Feedback): Allow NPt to use dynamic IPv6 networks
Applied in changeset commit:27ad5abafc9040f1745cb7862a11d0f86277385c. Viktor Gurov
10:08 AM pfSense Packages Bug #12820 (Resolved): Global Route Handling should use ipv6 route
Viktor Gurov
09:55 AM pfSense Packages Bug #12820: Global Route Handling should use ipv6 route
Verified frr now produces the expected configuration. beermount beermount
08:27 AM pfSense Packages Bug #12820 (Feedback): Global Route Handling should use ipv6 route
Merged:
https://github.com/pfsense/FreeBSD-ports/commit/1bc9946a6ceb2430bf28d141fd98f20dd46a979a Viktor Gurov
07:49 AM pfSense Packages Bug #12820 (Pull Request Review): Global Route Handling should use ipv6 route
Jim Pingle
06:29 AM Bug #12824 (Rejected): Firewall Alias not working as intended - Stack Trace (2.6.0)
Unable to reproduce on pfSense Plus 22.01 and pfSense CE 2.6.0
Please try to reimage the appliance from scratch
... Viktor Gurov
06:19 AM Bug #12824 (Rejected): Firewall Alias not working as intended - Stack Trace (2.6.0)
*pfsense version:*
Recent inplace upgrade to 2.6.0-RELEASE
*Architecture:*
Only tested against amd64
*Issue*
... Mark Fenwick
05:39 AM Bug #12823 (New): Multiple DHCP6 WAN connections PPPoE interface 'defached' status
from https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/336:
If Wan is PPPoE and is not default gateway, ... Viktor Gurov
04:39 AM Bug #12810 (Resolved): Sanitize SHA-512 user password hashes in ``status.php`` output
Tested:... Danilo Zrenjanin

02/17/2022

11:58 PM pfSense Packages Bug #12820: Global Route Handling should use ipv6 route
fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/185 Viktor Gurov
01:25 PM pfSense Packages Bug #12820 (Resolved): Global Route Handling should use ipv6 route
When adding static routes in Global Settings -> Route Handling. IPv6 routes are added with "ip route" I believe this ... beermount beermount
11:43 PM pfSense Packages Bug #12815: invalid IPv6 ACCEPTFILTER prefix-list
beermount beermount wrote in #note-5:
> Viktor Gurov wrote in #note-4:
> > Merged:
> > https://github.com/pfsense/... Viktor Gurov
02:01 PM pfSense Packages Bug #12815: invalid IPv6 ACCEPTFILTER prefix-list
Viktor Gurov wrote in #note-4:
> Merged:
> https://github.com/pfsense/FreeBSD-ports/commit/a787a92965fb73f4d9625182... beermount beermount
10:00 AM pfSense Packages Bug #12815 (Feedback): invalid IPv6 ACCEPTFILTER prefix-list
Merged:
https://github.com/pfsense/FreeBSD-ports/commit/a787a92965fb73f4d9625182238f79cd960b06c2 Viktor Gurov
07:56 AM pfSense Packages Bug #12815 (Pull Request Review): invalid IPv6 ACCEPTFILTER prefix-list
Jim Pingle
07:04 AM pfSense Packages Bug #12815: invalid IPv6 ACCEPTFILTER prefix-list
fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/182 Viktor Gurov
06:41 AM pfSense Packages Bug #12815 (Resolved): invalid IPv6 ACCEPTFILTER prefix-list
frr code does not create correct IPv6 prefix-list for IPv6 ACCEPTFILTER entries and does not have explicit 'permit an... Viktor Gurov
05:16 PM Regression #12817: PHP error when terminating OpenVPN sessions via the dashboard widget
Retested again and applied the patch successfully and it fixed the issue, thank you! Yuri Weinstein
03:20 PM Regression #12817: PHP error when terminating OpenVPN sessions via the dashboard widget
Ref: https://github.com/pfsense/pfsense/commit/3ade222beb2cae2c0681ed69d4e5a0c82c6303f9.patch Yuri Weinstein
03:19 PM Regression #12817: PHP error when terminating OpenVPN sessions via the dashboard widget
@Viktor
Thx a million!
But I could not apply it:
Patch Test Output apply:... Yuri Weinstein
12:00 PM Regression #12817: PHP error when terminating OpenVPN sessions via the dashboard widget
Yuri Weinstein wrote in #note-4:
> Viktor Gurov wrote in #note-3:
> > fix:
> > https://gitlab.netgate.com/pfSense/... Viktor Gurov
11:20 AM Regression #12817 (Feedback): PHP error when terminating OpenVPN sessions via the dashboard widget
Applied in changeset commit:3ade222beb2cae2c0681ed69d4e5a0c82c6303f9. Viktor Gurov
10:57 AM Regression #12817 (Pull Request Review): PHP error when terminating OpenVPN sessions via the dashboard widget
Jim Pingle
10:01 AM Regression #12817: PHP error when terminating OpenVPN sessions via the dashboard widget
Viktor Gurov wrote in #note-3:
> fix:
> https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/628
Thx for the ... Yuri Weinstein
09:50 AM Regression #12817: PHP error when terminating OpenVPN sessions via the dashboard widget
fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/628 Viktor Gurov
09:21 AM Regression #12817 (Resolved): PHP error when terminating OpenVPN sessions via the dashboard widget
If a user clicks on x next to the session on the OpenVPN dashboard widget as here
!clipboard-202202170719-kvzt7.pn... Yuri Weinstein
04:35 PM Regression #12821: Intel e1000 driver (``em``, ``igb``) cannot pass packets tagged with VLAN ``0``
Steve Wheeler wrote in #note-3:
> It looks likely that bug would cause this since it requires VLAN 0. That's fixed h... Hayden Hill
04:31 PM Regression #12821: Intel e1000 driver (``em``, ``igb``) cannot pass packets tagged with VLAN ``0``
It looks likely that bug would cause this since it requires VLAN 0. That's fixed here but isn't yet in the dev branch... Steve Wheeler
03:22 PM Regression #12821: Intel e1000 driver (``em``, ``igb``) cannot pass packets tagged with VLAN ``0``
User @lnxsrt over on GitHub may have found the related FreeBSD Bug. https://bugs.freebsd.org/bugzilla/show_bug.cgi?id... Hayden Hill
02:16 PM Regression #12821: Intel e1000 driver (``em``, ``igb``) cannot pass packets tagged with VLAN ``0``
Also, some related discussion towards the end of this post https://forum.netgate.com/topic/99190/att-uverse-rg-bypass... Hayden Hill
02:11 PM Regression #12821 (Resolved): Intel e1000 driver (``em``, ``igb``) cannot pass packets tagged with VLAN ``0``
Hello!
There are a few of us that have noticed a possible issue with the igb driver in the latest pfSense releases... Hayden Hill
03:45 PM Bug #12771: Automatic filter reload with OpenVPN client gateway uplink happens too soon or not at all
Thanks! Seems like it's all working properly with the patches applied. Jon8RFC .
03:20 PM Todo #12624 (Resolved): Reorganize UPnP options
Jim Pingle
03:10 PM Todo #12624: Reorganize UPnP options
Tested on... Christopher Cope
02:41 PM Bug #12710 (Resolved): Disabling DHCP Server RRD statistics does not work
Tested and working successfully on ... Christopher Cope
02:24 PM Bug #8882: Interface assignments lost on reboot
Jaime Geiger wrote:
> I'm running pfsense in AWS and I'm trying to route out of xn1 (second interface) instead of xn0... Aaron Gilbert
11:15 AM Bug #6880 (Feedback): Multiple DHCP6 WAN connections leads to multiple dhcp6c clients
Applied in changeset commit:dd3d48af87c892a070210f0064e589157868e7c2. Viktor Gurov
11:05 AM Bug #12003 (Feedback): Pie and ``fq_pie`` are missing options and do not handle floating point number input correctly
Merged:
https://github.com/pfsense/pfsense/commit/35731eb2415ba160e5c41be816aaae227e8fb370
Thank You! Viktor Gurov
11:04 AM Feature #12744 (Feedback): IPv6 support for DNSimple Dynamic DNS
Merged:
https://github.com/pfsense/pfsense/commit/2a9ee4d2b5cc472df867ed96f88a95e84d646e41
Thank You! Viktor Gurov
11:04 AM Bug #12721 (Feedback): IPv6 gateway group using link local addresses incorrectly logs a gateway change because it not including interface scope properly
Merged:
https://github.com/pfsense/pfsense/commit/f2ae911a6b1e986e1b729a38a2b83a03b57efecd
Thank You! Viktor Gurov
10:57 AM Feature #12809: Recover existing SSH keys during installation
also: https://github.com/pfsense/FreeBSD-src/commit/3202a3afac1c5632f9be7898f257801c55f30e9a Viktor Gurov
10:50 AM Feature #12809 (Feedback): Recover existing SSH keys during installation
Applied in changeset commit:4ebb9c8d9f9799cb82593bed675e428accc1c63d. Viktor Gurov
07:49 AM Feature #12809 (Pull Request Review): Recover existing SSH keys during installation
Jim Pingle
10:50 AM Bug #12811 (Feedback): Services are not restarted when PPP interfaces connect
Applied in changeset commit:c467ca2f35c102aae897424a2fda08e9b2ace673. Viktor Gurov
07:52 AM Bug #12811 (Pull Request Review): Services are not restarted when PPP interfaces connect
Jim Pingle
01:27 AM Bug #12811: Services are not restarted when PPP interfaces connect
fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/625 Viktor Gurov
01:21 AM Bug #12811: Services are not restarted when PPP interfaces connect
Related to #11570
similar issue with OpenVPN - #12771 Viktor Gurov
10:50 AM Bug #12801 (Feedback): User password hashes pseudo-random number generator may return insecure salt value
Applied in changeset commit:961f240c18f8421b0a28ee192ffa041e754e8f8e. Viktor Gurov
07:54 AM Bug #12801 (Pull Request Review): User password hashes pseudo-random number generator may return insecure salt value
Jim Pingle
04:28 AM Bug #12801: User password hashes pseudo-random number generator may return insecure salt value
fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/626 Viktor Gurov
10:45 AM Bug #12810 (Feedback): Sanitize SHA-512 user password hashes in ``status.php`` output
Applied in changeset commit:c7dd367324cf1cdc5fe518482515f0605471c702. Viktor Gurov
10:38 AM Feature #12819 (Resolved): GUI option to configure layers for LACP hash
Currently when creating an LACP LAG interface it gets created with the hashing "lacp lagghash l2,l3,l4" not all switc... Mat Clarke
10:01 AM pfSense Packages Bug #12818 (Resolved): IP block logging not working
On the new pfSense release 2.6 / 22.01 pfBlockerNG isn't logging.
The developer has released a patch below
https:... Christopher Cope
09:17 AM Regression #12816: Namecheap Dynamic DNS responses are not parsed properly
MR for the above change, but only use it if we can't come up with a better solution:
https://gitlab.netgate.com/pf... Jim Pingle
09:14 AM Regression #12816 (Resolved): Namecheap Dynamic DNS responses are not parsed properly
Namecheap dynamic DNS updates are succeeding on the server side but the dynamic DNS code can't interpret the response... Jim Pingle
08:24 AM pfSense Packages Bug #12475: OpenVPN Client Export does not show certificate without private key
This change has caused yet another problem with exporting certificates from server_tls_user mode.
Two things I not... Jonathan Herlin
07:56 AM pfSense Packages Bug #12814 (Pull Request Review): OpenVPN Client Import does not populate 'remote_cert_tls' option
Jim Pingle
06:01 AM pfSense Packages Bug #12814: OpenVPN Client Import does not populate 'remote_cert_tls' option
fix:
https://gitlab.netgate.com/pfSense/factory-ports/-/merge_requests/48 Viktor Gurov
05:50 AM pfSense Packages Bug #12814 (Resolved): OpenVPN Client Import does not populate 'remote_cert_tls' option
https://redmine.pfsense.org/issues/11865 introduced 'remote_cert_tls' option,
and if the imported .ovpn file contain... Viktor Gurov
07:52 AM Feature #12813: Recover extra data in the installer
We may run into problems trying to do this much. There is limited room on the RAM disk that is available for recovery... Jim Pingle
12:35 AM Feature #12813 (New): Recover extra data in the installer
In addition to #12809, it would be nice to recover extra data from an existing installation
This would make reinstal... Viktor Gurov
07:40 AM Bug #12803 (Feedback): Error loading ruleset due to illegal TOS value
Applied in changeset commit:b7b78ea1b14555972efaf7e6c47e48709ad1c199. Jim Pingle
01:02 AM Feature #10395: Add Dashboard System Information support for more PC Engines APU boards
We have a growing selection of these boards (together with Netgate hardware). Any chance of a generic fix in the next... David Burns
12:36 AM Bug #12691 (Feedback): Support encrypted ``config.xml`` files when restoring during install
Merged:
https://github.com/pfsense/FreeBSD-src/commit/e0653a3050d4e6bb2d21723fbe01e0df3cc25425 Viktor Gurov

02/16/2022

07:08 PM Feature #12807: Clear Active Secondary WAN Connections
@jimp here's an 11+ year old one that's at least mildly related: https://redmine.pfsense.org/issues/855 → luckman212
07:30 AM Feature #12807: Clear Active Secondary WAN Connections
I thought there was already an open Redmine for this exactly but I can't find it at the moment.
This will likely t... Jim Pingle
06:09 AM Feature #12807: Clear Active Secondary WAN Connections
Adam Di Vizio wrote in #note-3:
> On version 2.5.2 release, the only check box option I have available is:
>
> Fl... Viktor Gurov
05:39 AM Feature #12807: Clear Active Secondary WAN Connections
On version 2.5.2 release, the only check box option I have available is:
Flush all states when a gateway goes down... Adam Di Vizio
03:28 AM Feature #12807: Clear Active Secondary WAN Connections
The "State Killing on Gateway Failure" option on the System / Advanced / Miscellaneous should be changed to the follo... Viktor Gurov
03:22 AM Feature #12807: Clear Active Secondary WAN Connections
looks like a duplicate of #11556 Viktor Gurov
06:09 PM pfSense Packages Feature #12812 (New): Would it be helpful if the FreeBSD net-mgmt/arpwatch port had an option to use mail/dma for mail delivery?
Currently arpwatch under pfsense uses a php script to emulate /usr/sbin/sendmail. If I added a port option to use mai... Craig Leres
01:17 PM Bug #12811 (Resolved): Services are not restarted when PPP interfaces connect
Hi there, I've got a Gateway Group containing my WAN (VDSL with PPPoE) on Tier 1 and my 2nd WAN (LTE Modem) on Tier 2... Oskar Stroka
11:52 AM Feature #12809: Recover existing SSH keys during installation
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/624
https://gitlab.netgate.com/pfSense/FreeBSD-src/-/m... Viktor Gurov
07:44 AM Feature #12809 (Resolved): Recover existing SSH keys during installation
It would be nice if the installer had a way to recover the SSH host keys off the drive the same way it handles the "R... Jim Pingle
09:40 AM Bug #12810 (Pull Request Review): Sanitize SHA-512 user password hashes in ``status.php`` output
Jim Pingle
08:54 AM Bug #12810: Sanitize SHA-512 user password hashes in ``status.php`` output
fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/623 Viktor Gurov
08:40 AM Bug #12810 (Resolved): Sanitize SHA-512 user password hashes in ``status.php`` output
config-sanitized.xml sample:... Viktor Gurov
09:28 AM pfSense Packages Bug #12808: Wireguard Gateways disabled when Wireguard Service is Manually Restarted
I'm not able to reproduce this either. Can you post some redacted screenshots of your exact configuration? Christian McDonald
08:55 AM pfSense Packages Bug #12808: Wireguard Gateways disabled when Wireguard Service is Manually Restarted
was testing done with multiple WG gateway groups like in aforementioned setup? Just FYI, WG tunnels had monitor IPs t... RED SKULL
08:51 AM pfSense Packages Bug #12808 (Feedback): Wireguard Gateways disabled when Wireguard Service is Manually Restarted
Viktor Gurov
08:51 AM pfSense Packages Bug #12808: Wireguard Gateways disabled when Wireguard Service is Manually Restarted
Unable to reproduce -
wireguard gateways works as expected after:
1) Restarting the Wireguard service on the Status... Viktor Gurov
04:46 AM pfSense Packages Bug #12808: Wireguard Gateways disabled when Wireguard Service is Manually Restarted
This issue specifically occurs on PfSense 2.6 CE final release.
Once gateways are manually re-enabled, you can see t... RED SKULL
04:45 AM pfSense Packages Bug #12808 (Resolved): Wireguard Gateways disabled when Wireguard Service is Manually Restarted
If the wireguard service is manually restarted at any time after boot, Wireguard gateways are automatically disabled ... RED SKULL
08:32 AM pfSense Packages Bug #12802 (Feedback): OpenVPN client imported using Client Import works until first time editing and saving settings (SHA1 replaced with SHA256)
Merged
fixed in OpenVPN Client Export 1.0 Viktor Gurov
07:21 AM pfSense Packages Bug #12802 (Pull Request Review): OpenVPN client imported using Client Import works until first time editing and saving settings (SHA1 replaced with SHA256)
MR: https://gitlab.netgate.com/pfSense/factory-ports/-/merge_requests/47 Jim Pingle
12:54 AM pfSense Packages Bug #12802: OpenVPN client imported using Client Import works until first time editing and saving settings (SHA1 replaced with SHA256)
from man openvpn(5):... Viktor Gurov
07:58 AM Bug #12803 (Pull Request Review): Error loading ruleset due to illegal TOS value
Changing the config.xml from @<dcsp>@ to @<tos>@ didn't fix the rule, it made the filter rule generation skip the val... Jim Pingle
12:31 AM Bug #12803: Error loading ruleset due to illegal TOS value
Related to https://github.com/pfsense/pfsense/commit/3d259e5e9457bc7e9d5b654366f839eaa2d52369 Viktor Gurov
06:51 AM pfSense Packages Bug #12758 (Resolved): Route Handling Subnet field Input check
Tested on:... Danilo Zrenjanin
06:39 AM Bug #12319 (Resolved): NAT reflection does not work for IPv6 port forwarding rules when configured for NAT+Proxy mode
Tested:... Danilo Zrenjanin
06:23 AM Bug #12775 (Resolved): NTP service is not listed on ``status_services.php`` unless ``config.xml`` contains NTP configuration data
Tested:... Danilo Zrenjanin

02/15/2022

10:57 PM Feature #12807 (Duplicate): Clear Active Secondary WAN Connections
Hello There,
There are many people who may have a secondary WAN connection that is utilized on a wireless pay as g... Adam Di Vizio
08:15 PM pfSense Packages Bug #12802: OpenVPN client imported using Client Import works until first time editing and saving settings (SHA1 replaced with SHA256)
Jim Pingle wrote in #note-1:
> Without seeing the configuration you imported it's hard to say what might have happene... cromo cromo
02:43 PM pfSense Packages Bug #12802: OpenVPN client imported using Client Import works until first time editing and saving settings (SHA1 replaced with SHA256)
If you go to Diagnostics > Backup/Restore on the Config History tab and do a diff on the config entries before/after ... Jim Pingle
01:34 PM pfSense Packages Bug #12802 (Resolved): OpenVPN client imported using Client Import works until first time editing and saving settings (SHA1 replaced with SHA256)
_*Disclaimer: You don't have a "OpenVPN Client Importer" category in your tracker, so I used OpenVPN Client Export*_
... cromo cromo
05:26 PM pfSense Packages Todo #12806 (Closed): Update node_exporter to 1.3.1
Sorry if this isn't the right place to ask. I wasn't sure if pfSense published package updates separate from their ba... Logan Marchione
05:15 PM Bug #12800: Suboptimal Password Hashing
Steve's benchmark information is more representative of real-world attack than the earlier examples, because GPU atta... Royce Williams
12:57 PM Bug #12800: Suboptimal Password Hashing
sha512crypt introduces a DoS because it runs in O(pwLen^2+pwLen*cost) time. On a i5-6500, a 14000 character password ... Steve Thomas
08:01 AM Bug #12800: Suboptimal Password Hashing
Gaige Lama wrote in #note-1:
> It's using CRYPT_SHA512 instead of plain SHA512 which has a default of 5000 rounds.... Sam K
03:37 AM Bug #12800: Suboptimal Password Hashing
Sam Kirkman wrote:
> This bug relates to Todo #10298: https://redmine.pfsense.org/issues/10298
>
> The default passw... Gaige Lama
02:42 AM Bug #12800 (Closed): Suboptimal Password Hashing
This bug relates to Todo #10298: https://redmine.pfsense.org/issues/10298
The default password hashing algorithm h... Sam K
05:10 PM pfSense Docs New Content #12805 (New): Add documentation about what triggers a notfication
I just setup notifications in pfSense and can't find any documentation on the page below to show what sort of actions... Logan Marchione
04:59 PM pfSense Docs New Content #12804 (Closed): Add documentation for Slack notifications
I saw in the issue below that support for notifications via Slack was added to 2.6.0.
https://redmine.pfsense.org/... Logan Marchione
02:45 PM Bug #12803 (Resolved): Error loading ruleset due to illegal TOS value
I updated my Pfsense CE installation from 2.5.2 to 2.6.0 today. After the update I was getting errors showing that t... Michael Berry
01:01 PM Bug #12797: UPnP+STUN forms invalid outbound NAT rules using the external address discovered from STUN
For inbound connections (@rdr@), STUN is working and a client can open and successfully test a port with a private WA... Jim Pingle
12:07 PM Bug #12796 (Feedback): 2.5.2 -> 2.6.0 upgrade segfaults if certain packages are installed.
I merged the above fix. We can re-test this after the next package sets get built. Jim Pingle
11:28 AM Bug #12801: User password hashes pseudo-random number generator may return insecure salt value
That is likely the better choice overall. Jim Pingle
11:23 AM Bug #12801: User password hashes pseudo-random number generator may return insecure salt value
Jim Pingle wrote in #note-1:
> That second command needs to be a variable -- it's not a flag telling it to use a sec... Viktor Gurov
11:14 AM Bug #12801: User password hashes pseudo-random number generator may return insecure salt value
That second parameter needs to be a variable -- it's not a flag telling it to use a secure method, it's a variable wh... Jim Pingle
10:30 AM Bug #12801 (Resolved): User password hashes pseudo-random number generator may return insecure salt value
https://github.com/pfsense/pfsense/blob/master/src/etc/inc/auth.inc#L819:... Viktor Gurov
10:55 AM Bug #12771: Automatic filter reload with OpenVPN client gateway uplink happens too soon or not at all
to test this fix you need to install the system patches pkg:
https://docs.netgate.com/pfsense/en/latest/development/... Viktor Gurov
10:19 AM Bug #12771: Automatic filter reload with OpenVPN client gateway uplink happens too soon or not at all
I can't say "fixed" for this issue since I have new problems in 2.6.0, so I can't give it a solid test. I also don't... Jon8RFC .
08:25 AM Bug #12771 (Feedback): Automatic filter reload with OpenVPN client gateway uplink happens too soon or not at all
Applied in changeset commit:324bff6498bbd8e04d735195348d8b78b3e9a4a8. Viktor Gurov
07:58 AM Bug #12771 (Pull Request Review): Automatic filter reload with OpenVPN client gateway uplink happens too soon or not at all
Jim Pingle
02:08 AM Bug #12771: Automatic filter reload with OpenVPN client gateway uplink happens too soon or not at all
fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/616 Viktor Gurov
10:48 AM pfSense Packages Feature #12718 (Feedback): add igc(4) to the list of INLINE mode (iflib/netmap) supported cards
Merged:
https://github.com/pfsense/FreeBSD-ports/commit/e2470a23ca412103588c3c969d843311e0ef522a Viktor Gurov
10:47 AM pfSense Packages Feature #12719 (Feedback): add igc(4) to the list of INLINE mode (iflib/netmap) supported cards
Merged:
https://github.com/pfsense/FreeBSD-ports/commit/eaec5586b141176f90836135899eac5fb95e6013 Viktor Gurov
10:47 AM pfSense Packages Bug #12739 (Feedback): Passlist generates invalid Virtual IP subnets
Merged:
https://github.com/pfsense/FreeBSD-ports/commit/fec9c89964c53672bc930479209a8fdb24beeff9 Viktor Gurov
10:47 AM pfSense Packages Bug #12683 (Feedback): snort_get_vpns_list() does not include OpenVPN CSO
Merged:
https://github.com/pfsense/FreeBSD-ports/commit/bf49577abfb4dac2d3bd73e0371ded9341ce1b93 Viktor Gurov
09:55 AM Feature #7727: uPnP fails to properly give out subsequent reservations when multiple gaming systems are playing the same game/using the same port
Also there is a new forum thread for general feedback on this issue:
https://forum.netgate.com/topic/169837/upnp-f... Jim Pingle
09:54 AM Feature #7727: uPnP fails to properly give out subsequent reservations when multiple gaming systems are playing the same game/using the same port
For those who still have issues, please start a new forum thread in the "gaming category of the forum":https://forum.... Jim Pingle
08:42 AM Feature #12752 (Feedback): Support wildcard Dynamic DNS records on DigitalOcean
Merged:
https://github.com/pfsense/pfsense/commit/728608824e8fa11acadaac35e46b0d7e2a865870 Viktor Gurov
08:01 AM Feature #12752 (Pull Request Review): Support wildcard Dynamic DNS records on DigitalOcean
Jim Pingle
07:15 AM Feature #12752: Support wildcard Dynamic DNS records on DigitalOcean
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/617 Viktor Gurov
08:41 AM Bug #12761 (Feedback): Input validation prevents configuring wildcard Dynamic DNS records on Google Domains
Merged:
https://github.com/pfsense/pfsense/commit/728608824e8fa11acadaac35e46b0d7e2a865870 Viktor Gurov
08:01 AM Bug #12761 (Pull Request Review): Input validation prevents configuring wildcard Dynamic DNS records on Google Domains
Jim Pingle
07:14 AM Bug #12761: Input validation prevents configuring wildcard Dynamic DNS records on Google Domains
fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/617 Viktor Gurov
08:30 AM Feature #12685 (Feedback): Support encrypted ``config.xml`` files when restoring via ECL
Merged Viktor Gurov
08:30 AM Bug #12766 (Feedback): Packages with custom ``internal_name`` values do not reinstall properly when restoring a backup
Applied in changeset commit:468cd92bfaf77a326d5221dd9fd65328e15b297a. Viktor Gurov
07:56 AM Bug #12766 (Pull Request Review): Packages with custom ``internal_name`` values do not reinstall properly when restoring a backup
Jim Pingle
08:30 AM Bug #12781 (Feedback): DNS Resolver help text for **System Domain Local Zone Type** option refers users to ``unbound.conf(5)`` man page instead of pfSense docs
Merged Viktor Gurov
07:57 AM Bug #12781 (Pull Request Review): DNS Resolver help text for **System Domain Local Zone Type** option refers users to ``unbound.conf(5)`` man page instead of pfSense docs
Jim Pingle
01:44 AM Bug #12781: DNS Resolver help text for **System Domain Local Zone Type** option refers users to ``unbound.conf(5)`` man page instead of pfSense docs
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/615 Viktor Gurov
08:03 AM Feature #2505: Toggle button to disable/enable multiple firewall rules
Awesome, thank you! Jon8RFC .
03:18 AM pfSense Packages Feature #11931 (New): Add support for validating a domain's ownership via Google Cloud Cloud DNS
Viktor Gurov
03:10 AM pfSense Packages Feature #11931 (Duplicate): Add support for validating a domain's ownership via Google Cloud Cloud DNS
see also #9200 Viktor Gurov
03:16 AM pfSense Packages Todo #9200: Add DNS support for Google domain to Acme manager
Kyle Klouzal wrote in #note-6:
> Google DNS is different from Google Domains. +1 for Google Domain support here..
se... Viktor Gurov
03:10 AM pfSense Packages Bug #12799 (Duplicate): Missing ACME DNS Providers
Duplicate of #11931 Viktor Gurov
03:00 AM pfSense Packages Feature #12795: Add *.pfsense.org and *.netgate.com to the default DNSBL whitelist
https://github.com/pfsense/FreeBSD-ports/pull/1143 Viktor Gurov
02:25 AM Bug #12633 (Feedback): Gateway monitoring should mark gateway as "offline" on PPPoE parent interface disconnect
Applied in changeset commit:13720b183efaf5697454978db93a5b4815227149. Viktor Gurov
02:15 AM Todo #12093 (Feedback): Make AutoConfigBackup menu entry point to the settings tab so it loads faster when there is no WAN connectivity
Merged Viktor Gurov
02:15 AM Feature #12741 (Feedback): Eliminate duplicate shell commands from history file
Merged Viktor Gurov
02:14 AM Feature #12724 (Feedback): Notify user if AutoConfigBackup is unable to successfully upload a backup
Merged Viktor Gurov
02:14 AM Feature #2456 (Feedback): Option to choose default tab in IPsec status Dashboard widget
Merged Viktor Gurov
01:25 AM Feature #12392 (Feedback): Allow the selection of "any" interface in floating rules
Applied in changeset commit:af3320b2d52f0296e3977e652de2b290c98bbf66. Viktor Gurov
12:40 AM Bug #12611 (Feedback): SNMP daemon is restarted during every ``rc.newwanip`` event
Applied in changeset commit:dc6a9ddcfaa25dda8928d4b2bdc72a117fec3315. Viktor Gurov
12:40 AM Bug #12609 (Feedback): IGMP Proxy server is restarted during every ``rc.newwanip`` event
Applied in changeset commit:1098cb94070574a98a44b4ab160e2a4d1785925a. Viktor Gurov

02/14/2022

09:31 PM pfSense Packages Bug #12799 (Duplicate): Missing ACME DNS Providers
Looking through the source I noticed there is support for some DNS providers that don't appear in the UI.
For exam... Robert Accettura
09:00 PM Feature #7727: uPnP fails to properly give out subsequent reservations when multiple gaming systems are playing the same game/using the same port
No fix here.
playing COLD WAR or VANGURD. Both PC players. Applied the patch and restarted pfsense box. Shows open ... Michael Clews
05:05 PM Feature #7727: uPnP fails to properly give out subsequent reservations when multiple gaming systems are playing the same game/using the same port

This patch worked on our configuration here as well.
UPnP seems to be fully functioning now. Thank you!!
 Polar Nerd
08:45 AM Feature #7727 (Feedback): uPnP fails to properly give out subsequent reservations when multiple gaming systems are playing the same game/using the same port
Applied in changeset commit:3b50f7656967fbb4daa869a7ae6d18bc5ab6eec3. Jim Pingle
03:01 PM Regression #11570: Gateway monitoring services is not always restarted on interface events, which may prevent a WAN from recovering back to an online state
Did this make it into 2.6 / 22.01 or do we need to use System Patches to get it? - *edit* nevermind, I see it's targe... → luckman212
01:35 PM Regression #11570 (Feedback): Gateway monitoring services is not always restarted on interface events, which may prevent a WAN from recovering back to an online state
Applied in changeset commit:ec73bb89489d830ec21c4e04ffa3ec401791b55d. Viktor Gurov
02:28 PM Bug #12613 (Feedback): DNS Resolver does not restart during link up/down events on a static IP address interface
should be fixed in #11570 Viktor Gurov
01:49 PM Bug #12798: Web UI allows IP Aliases and 1:1 NAT to share IP on same interface - ends in routing issues
It's possible it's specifically related to your use of a non-local gateway (which is not a typical use case) and not ... Jim Pingle
01:44 PM Bug #12798: Web UI allows IP Aliases and 1:1 NAT to share IP on same interface - ends in routing issues
This isn't a request for support... I've already specified what the symptoms are, the cause and how to fix it. :)
... Paul Parkin
01:00 PM Bug #12798 (Not a Bug): Web UI allows IP Aliases and 1:1 NAT to share IP on same interface - ends in routing issues
I have a few systems here with that kind of configuration and none have the problems you describe, and that is a very... Jim Pingle
12:35 PM Bug #12798: Web UI allows IP Aliases and 1:1 NAT to share IP on same interface - ends in routing issues
This is also an issue in 2.5.2, but I hadn't figured out what caused the issue until today having upgraded to 2.6/22.01. Paul Parkin
12:34 PM Bug #12798 (Not a Bug): Web UI allows IP Aliases and 1:1 NAT to share IP on same interface - ends in routing issues
I've found an issue where if you configure an IP Alias and use that same external IP for a static (1:1) NAT then issu... Paul Parkin
01:30 PM Bug #12678 (Feedback): Applying firewall rule changes does not clear dirty flag for aliases subsystem
Applied in changeset commit:c04144d193bbd6583a5000e409ec4692729bc89e. Viktor Gurov
01:20 PM Bug #12612 (Feedback): DNS Resolver is restarted during every ``rc.newwanip`` event even for interfaces not used in the resolver
Applied in changeset commit:6ac625e8af602df3e70f41f17bd60631cd50e86a. Viktor Gurov
01:09 PM Bug #12797: UPnP+STUN forms invalid outbound NAT rules using the external address discovered from STUN
This may be the same issue already being discussed in this forum thread: https://forum.netgate.com/topic/169773/miniu... Jim Pingle
12:32 PM Bug #12797 (New): UPnP+STUN forms invalid outbound NAT rules using the external address discovered from STUN
With the new release of 22.01 pfSense should be able to use Mini-UPnP, even if it is behind another router as an expo... Bob Dig
12:40 PM Bug #12723 (Feedback): Disallow remote gateway of ``0.0.0.0`` for VTI mode
Merged Viktor Gurov
12:40 PM Bug #11864 (Feedback): OpenVPN stays bound to previous IP address after interface changes
Applied in changeset commit:9bb98111d2e216462e67abbc7513e4204ad7123e. Viktor Gurov
12:40 PM Bug #11941 (Feedback): Many ``exec()`` functions do not use full path to executable files
Merged Viktor Gurov
12:35 PM Feature #12675 (Feedback): Move command line history to a GUI option stored in ``config.xml`` rather than a manual flag file
Applied in changeset commit:52f152e19ad847b8a3b95a1721ce685d637ded9a. Viktor Gurov
12:35 PM Bug #12750 (Feedback): Input validation prevents configuring wildcard Dynamic DNS records on GoDaddy
Applied in changeset commit:c80e6c148af81af4e0126a3ca4d3585fef9fcefc. Viktor Gurov
12:23 PM Bug #6253 (Feedback): Firewall log widget action icon features stop working when new log entries are added dynamically
Merged Viktor Gurov
12:23 PM Bug #11416 (Feedback): OpenVPN IPv4 Tunnel Network incorrectly allows hostnames
Merged Viktor Gurov
12:22 PM Bug #12319 (Feedback): NAT reflection does not work for IPv6 port forwarding rules when configured for NAT+Proxy mode
Merged Viktor Gurov
12:22 PM Bug #12728 (Feedback): Cannot remove IPv6 static routes
Merged Viktor Gurov
12:13 PM Bug #12796: 2.5.2 -> 2.6.0 upgrade segfaults if certain packages are installed.
Possible fix (if the lack of MOVED entry is contributing): https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_r... Jim Pingle
10:50 AM Bug #12796 (Confirmed): 2.5.2 -> 2.6.0 upgrade segfaults if certain packages are installed.
If a 2.5.2 install has zabbix-agent52 installed and tries to upgrade to 2.6.0 from console or GUI it will segfault.
... M Felden
11:26 AM Bug #12590 (Feedback): Dynamic DNS custom IPv6 service fails on 6rd tunnels
Merged Viktor Gurov
11:25 AM Todo #12624 (Feedback): Reorganize UPnP options
Merged Viktor Gurov
11:25 AM Bug #12710 (Feedback): Disabling DHCP Server RRD statistics does not work
Merged Viktor Gurov
11:24 AM Bug #12672 (Feedback): GleSYS Dynamic DNS responses are not parsed properly
Merged Viktor Gurov
10:45 AM Bug #12628 (Feedback): OpenVPN re-synchronization also synchronizes override entries unnecessarily in some cases
Applied in changeset commit:15713a56871e7f000002c98217b289a447d4b472. Viktor Gurov
10:40 AM Bug #11692 (Feedback): ``fixup_default_gateway()`` should not remove a default gateway managed by a dynamic routing daemon
Applied in changeset commit:de7393765b213e376a90e7d6631363fb6640e400. Viktor Gurov
10:40 AM Bug #12536 (Feedback): Setting a default gateway of "None" does not remove the default gateway from the routing table
Applied in changeset commit:de7393765b213e376a90e7d6631363fb6640e400. Viktor Gurov
10:40 AM Regression #12582 (Feedback): RADVD can be started on both HA nodes when configured with an IPv6 link-local address
Applied in changeset commit:abc7b3056fafb57e8941103f2565b5b113edd177. Viktor Gurov
10:40 AM Bug #11984 (Feedback): Automatic Outbound NAT mode can create incorrect rules in some cases
Applied in changeset commit:a336100560f4dcd556a03234a08588f60dd04550. Viktor Gurov
10:39 AM pfSense Packages Bug #12777 (Feedback): STunnel writes config.xml on each start
Merged to devel:
https://github.com/pfsense/FreeBSD-ports/commit/f27121710f8e501abe88e18bd3d59093b7b8d99b Viktor Gurov
10:39 AM pfSense Packages Bug #12772 (Feedback): Syslog-ng writes config.xml on each start
Merged to devel:
https://github.com/pfsense/FreeBSD-ports/commit/b3ed6fd6dfff4033f72b23894f9d700cb21ff08e Viktor Gurov
10:39 AM pfSense Packages Bug #12765 (Feedback): AutoConfigBackup should ignore Lightsquid/lightparser cron changes
Merged to devel:
https://github.com/pfsense/FreeBSD-ports/commit/f8656656e3971935fb69f09813574f4aa2fd0537 Viktor Gurov
10:38 AM pfSense Packages Bug #12758 (Feedback): Route Handling Subnet field Input check
Merged to devel:
https://github.com/pfsense/FreeBSD-ports/commit/d9e9265677cc33267a889452ef3bd6e8ac5dd960 Viktor Gurov
10:38 AM pfSense Packages Bug #11686: FRR generated ACCEPTFILTER permit statement broken
Merged to devel:
https://github.com/pfsense/FreeBSD-ports/commit/220928e87798109137caee263c4cb60338298576 Viktor Gurov
03:07 AM pfSense Packages Bug #11686 (Resolved): FRR generated ACCEPTFILTER permit statement broken
Tested on 22.01-RELEASE (built on Mon Feb 07 16:37:59 UTC 2022) with patch applied.
I see correct ACL sequence now... Azamat Khakimyanov
10:36 AM Bug #12141 (Feedback): Lack of DNS or Internet connectivity causes GUI to be slow
Merged:
https://github.com/pfsense/pfsense/commit/8cb0120e0207a14ca303c7258567f4df835f904b Viktor Gurov
09:59 AM Bug #12141 (Pull Request Review): Lack of DNS or Internet connectivity causes GUI to be slow
Jim Pingle
10:35 AM Bug #11764 (Feedback): IPv6 link local gateway default status not indicated in GUI
Applied in changeset commit:fd5c12bceb2e958ef6d0305be61587c457aecb7d. Viktor Gurov
10:30 AM Bug #12527 (Feedback): DHCPv6 server does not skip interfaces configured with invalid ranges
Applied in changeset commit:0c5cf0df3e2cba772482ad2ee5739725bd33e76f. Viktor Gurov
10:30 AM Feature #12636 (Feedback): Automatically create DNS Resolver ACLs for OpenVPN CSO entries
Applied in changeset commit:9ca90ee8b52c350bb41cabb0b496e7793ace88d2. Viktor Gurov
10:20 AM Bug #12749 (Feedback): Uninitialized array in ``array_remove_duplicates()``
Applied in changeset commit:5e53a7b57d1dfb4da98b1119dd2dd2eda50f2587. Viktor Gurov
10:15 AM Bug #12727 (Feedback): Renaming an alias does not update the alias names in static routes and OpenVPN instances
Applied in changeset commit:b979719fb69df26161302f889dc56d92021d3646. Viktor Gurov
10:15 AM Bug #12754 (Feedback): Google Domains Dynamic DNS responses are not parsed properly
Applied in changeset commit:b5360f49fb3c1fdc36ebf13c20b68d4ff1e15fe6. Viktor Gurov
10:10 AM Feature #2505 (Feedback): Toggle button to disable/enable multiple firewall rules
Applied in changeset commit:7e2889650a9eab525dc300185ec4a596e8c123b4. Viktor Gurov
10:05 AM Bug #12735 (Feedback): Interface status "Total Interrupts" display is non-functional
Applied in changeset commit:e638072cf258c60f069058f67e842bdd0bf353a4. Viktor Gurov
10:05 AM Feature #12773 (Feedback): Ability to sort AutoConfigBackup entries
Applied in changeset commit:21cd4a8ba143673f622313df4092be5b5b96cda6. Viktor Gurov
10:05 AM Bug #12780 (Feedback): L2TP/PPTP interface assignment page loses some values after input validation error
Applied in changeset commit:7e38cc2c736f6250991c1f6f043162bbf17aba65. Viktor Gurov
10:05 AM Bug #12792 (Feedback): Automatic Outbound NAT rules do not include OpenVPN CSO entries
Applied in changeset commit:5462da2a3e3e2a7a04d2efec66a66820145f7808. Viktor Gurov
09:23 AM Bug #12792 (Pull Request Review): Automatic Outbound NAT rules do not include OpenVPN CSO entries
Jim Pingle
05:41 AM Bug #12792: Automatic Outbound NAT rules do not include OpenVPN CSO entries
fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/612 Viktor Gurov
04:35 AM Bug #12792 (Resolved): Automatic Outbound NAT rules do not include OpenVPN CSO entries
@filter_nat_rules_automatic_tonathosts()@ generate NAT rules only for OpenVPN Client and Server tunnel networks:
htt... Viktor Gurov
09:37 AM pfSense Packages Feature #12795 (Resolved): Add *.pfsense.org and *.netgate.com to the default DNSBL whitelist
To prevent blocking the system update/pkg install if for some reason these domains are in DNSBL feeds Viktor Gurov
09:24 AM Bug #12794 (Pull Request Review): Link-local address does not reset after removing MAC address spoofing
Jim Pingle
09:17 AM Bug #12794: Link-local address does not reset after removing MAC address spoofing
fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/613 Viktor Gurov
06:48 AM Bug #12794 (Resolved): Link-local address does not reset after removing MAC address spoofing
How to reproduce:
1) Check the link-local address on the interface:... Viktor Gurov
09:20 AM pfSense Packages Feature #12789: Show expiration date of certificates in the ACME package list
The GUI shows the expiration date in the cert manager but the ACME package always shows the last renewal time which i... Jim Pingle
09:18 AM Bug #12790: Link-Local IPv6 address on WAN with MAC spoofing changes if there is an IP Alias on WAN
should be fixed with https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/613 Viktor Gurov
09:14 AM Bug #12788 (Rejected): pfSense keeps crashing (Fatal trap 12: page fault while in kernel mode)
You might try again on 2.6.0 but that is likely a problem with that specific card or chipset and its VAP support, or ... Jim Pingle
09:10 AM pfSense Docs Correction #12783 (Closed): Feedback on Backup and Recovery --- Using the AutoConfigBackup Service
Fix committed Jim Pingle
08:45 AM Bug #12775 (Feedback): NTP service is not listed on ``status_services.php`` unless ``config.xml`` contains NTP configuration data
Applied in changeset commit:5dcaa2af2b23a953157b075ac1c05b2658b2b22a. Jim Pingle
07:20 AM pfSense Packages Bug #11836: FRR ACCEPTFILTER shows out of order prefix-list
It looks to me like, with the patch, the "seq xx" numbering has been corrected so that the "permit any" is always the... Matthew D
06:11 AM pfSense Packages Bug #11836 (Assigned): FRR ACCEPTFILTER shows out of order prefix-list
Tested on 22.01-RELEASE (built on Mon Feb 07 16:37:59 UTC 2022) with patch from Bug #11686 applied.
I still see th... Azamat Khakimyanov
07:09 AM Bug #12725 (Closed): Potential XSS in ``pkg.php`` via ``pkg_filter``
Jim Pingle
07:09 AM Regression #12699 (Closed): ldap_get_groups() must return an array value
Jim Pingle
07:09 AM Bug #12677 (Closed): OpenVPN form validation issues
Jim Pingle
07:09 AM Regression #12631 (Closed): Dynamic DNS may not use the correct interface when updating during failover
Jim Pingle
07:09 AM Regression #12617 (Closed): Dynamic DNS client updates using a private IP address when it cannot determine the public IP address
Jim Pingle
07:09 AM Bug #12589 (Closed): Dynamic DNS updates do not respect certificate authority trust store
Jim Pingle
07:09 AM Bug #12566 (Closed): IPsec initiates on HA backup node when a tunnel interface is set to a gateway group
Jim Pingle
07:09 AM Feature #12518 (Closed): Restore RRD and extra data from configuration backups when restoring during installation
Jim Pingle
07:09 AM Bug #12500 (Closed): Automatic outbound NAT for reflection does not support IPv6
Jim Pingle
07:09 AM Bug #12481 (Closed): Temporary files for firewall rules generated from RADIUS ACL entries are not deleted on unclean shutdown
Jim Pingle
07:09 AM Bug #12355 (Closed): Captive Portal database and ``ipfw`` rules are out of sync after unclean shutdown
Jim Pingle
07:09 AM Bug #12282 (Closed): Default IPv4 gateway may be set to IPv6 gateway value in certain cases
Jim Pingle
07:09 AM Bug #12164 (Closed): IPv6 policy routing does not work if an IPsec tunnel phase 2 remote network is configured for ``::/0``
Jim Pingle
07:09 AM Bug #11905 (Closed): DHCPv4 server configuration does not include ARM TFTP filenames
Jim Pingle
07:09 AM Bug #11894 (Closed): Vouchers may expire too early when using RAM disks
Jim Pingle
07:09 AM Bug #11829 (Closed): OpenVPN client certificate validation with OCSP always fails
Jim Pingle
07:09 AM Feature #11659 (Closed): Support for UEFI HTTP Boot option in DHCPv4 Server
Jim Pingle
07:09 AM Regression #11512 (Closed): DHCP Leases page and ARP table page fail to load if DNS is not available
Jim Pingle
07:09 AM Regression #11447 (Closed): EAP-RADIUS Mobile IPsec clients with RADIUS-assigned addresses do not get additional configuration attributes
Jim Pingle
07:09 AM Bug #7801 (Closed): UDP fragments received over IPsec tunnel are not properly reassembled and forwarded
Jim Pingle
07:09 AM Feature #7416 (Closed): DHCPv4 client does not support ``supersede`` statement for option 54
Jim Pingle
07:09 AM Bug #6507 (Closed): GRE and GIF tunnels on dynamic IPv6 interface are not brought up during boot
Jim Pingle
05:29 AM Bug #12793 (Closed): Automatic Outbound NAT rules does not include Static Routes entries with aliases
get_staticroutes() correctly returns expanded aliases Viktor Gurov
04:40 AM Bug #12793 (Closed): Automatic Outbound NAT rules does not include Static Routes entries with aliases
@filter_nat_rules_automatic_tonathosts()@ only does not parse static routes with aliases:
https://github.com/pfsense... Viktor Gurov
04:36 AM Bug #12543 (Feedback): Deleteing a Outbound NAT rule gave me an empty rule and displayed php error in UI.
Viktor Gurov

02/13/2022

08:49 PM pfSense Docs New Content #12791: Diagnostic Information for Support (pfSense)
https://gitlab.netgate.com/docs/pfSense-docs/-/merge_requests/30 Marcos M
05:56 PM pfSense Docs New Content #12791 (Resolved): Diagnostic Information for Support (pfSense)
Similar to the TNSR documentation page (https://docs.netgate.com/tnsr/en/latest/troubleshooting/diagnostics.html), it... Marcos M
06:13 AM Feature #7727: uPnP fails to properly give out subsequent reservations when multiple gaming systems are playing the same game/using the same port
T S wrote in #note-82:
> Just to make sure, you need "static port" outbound nat rules, for this to work? I applied th... Jon8RFC .
04:25 AM Bug #12790 (Resolved): Link-Local IPv6 address on WAN with MAC spoofing changes if there is an IP Alias on WAN
Created based on https://forum.netgate.com/topic/169727/link-local-address-behavior-when-spoofing-wan-interface-mac-a... Azamat Khakimyanov

02/12/2022

06:01 PM Feature #10388: Upgrade to Python 3.8
It appears that the default in 2.5.2 is python 3.8. Not sure what it was in 2.5.1. Orion Poplawski
05:14 PM pfSense Packages Feature #12789 (Resolved): Show expiration date of certificates in the ACME package list
Acme certificates shows when a cert was issued. It would be far more useful if it displayed when a cert is going to ... adam felson
04:43 PM Bug #12788 (Rejected): pfSense keeps crashing (Fatal trap 12: page fault while in kernel mode)
pfSense keeps rebooting and crashing after I created more than one wireless interface. This might have been the reaso... hugo s
02:12 PM Bug #8818 (Resolved): Thermal Sensor
Thermal Sensor is working. Alhusein Zawi
01:27 PM Feature #6626: Support for IPv6 firewall entries with dynamic delegated prefix and static host address
Thilo Gass wrote in #note-39:
> My workaround with alias is to setup an alias with a fqdn and let the server update ... xpxp2002 xpxp2002
12:04 PM Feature #6626: Support for IPv6 firewall entries with dynamic delegated prefix and static host address
My workaround with alias is to setup an alias with a fqdn and let the server update this fqdn with his new ipv6 Adres... Thilo Gass
11:40 AM Feature #6626: Support for IPv6 firewall entries with dynamic delegated prefix and static host address
Thilo Gass wrote in #note-37:
> May someone provide me a link to documentation of this long awaited feature…
>
> ... Nathan Stansell
11:14 AM Feature #6626: Support for IPv6 firewall entries with dynamic delegated prefix and static host address
May someone provide me a link to documentation of this long awaited feature…
I‘ve searched the hole day how to set... Thilo Gass
11:26 AM pfSense Packages Bug #12386 (Resolved): ```bgp as-path``` and ```bgp community-list``` are present in configuration even when BGP daemon is not enabled
Tested:... Danilo Zrenjanin
05:01 AM Bug #12468 (Resolved): Stopping IPsec daemon on the Status / Services page lead to log files flooding if pcscd daemon is enabled
Tested:... Danilo Zrenjanin
02:30 AM Feature #7727: uPnP fails to properly give out subsequent reservations when multiple gaming systems are playing the same game/using the same port
Just to make sure, you need "static port" outbound nat rules, for this to work? I applied the patch but i get "strict... T S
01:57 AM pfSense Packages Bug #12670 (Resolved): ACME package writes credentials to system log
Tested against:... Danilo Zrenjanin

02/11/2022

11:28 PM pfSense Docs New Content #12787 (New): Convert "Routing Internet Traffic Through a Site-to-Site IPsec Tunnel" recipe to VTI or add VTI as an alternate strategy
*Page:* https://docs.netgate.com/pfsense/en/latest/recipes/ipsec-s2s-route-internet-traffic.html
*Feedback:*
Th... Christian Borchert
04:23 PM Regression #12615 (Resolved): MAC passthrough does not work on the latest snapshot
Tested successfully on... Christopher Cope
03:30 PM pfSense Packages Bug #12786: MFA auth allows reveal of other admins PIN and INIT-SECRET
I guess we'll just have to agree to disagree. I don't think it should be there and I don't think there is a way to co... Aaron Shaffer
03:20 PM pfSense Packages Bug #12786: MFA auth allows reveal of other admins PIN and INIT-SECRET
It's there because for most use cases of the package users cannot login to the GUI to set their own MFA information. ... Jim Pingle
03:11 PM pfSense Packages Bug #12786: MFA auth allows reveal of other admins PIN and INIT-SECRET
Security by obscurity is not security. I totally agree with you and I read the link before replying to you.
What ... Aaron Shaffer
02:57 PM pfSense Packages Bug #12786: MFA auth allows reveal of other admins PIN and INIT-SECRET
Security by obscurity is not security. See my previous link. Jim Pingle
02:53 PM pfSense Packages Bug #12786: MFA auth allows reveal of other admins PIN and INIT-SECRET
I think you're missing the point. I am not concerned with config.xml nor with password fields, nor did I mention them... Aaron Shaffer
02:18 PM pfSense Packages Bug #12786 (Not a Bug): MFA auth allows reveal of other admins PIN and INIT-SECRET
Password field content is already hidden from the GUI when the fields are defined as a password type, but if the admi... Jim Pingle
02:05 PM pfSense Packages Bug #12786: MFA auth allows reveal of other admins PIN and INIT-SECRET
Relevant: https://forum.netgate.com/topic/135424/solved-two-factor-authentication-for-admin-login/6 Aaron Shaffer
02:00 PM pfSense Packages Bug #12786 (Not a Bug): MFA auth allows reveal of other admins PIN and INIT-SECRET
I have MFA working in pfSense with Google Authenticator but I just noticed what I consider to me a major security fla... Aaron Shaffer
11:27 AM pfSense Packages Bug #11036: HAproxy ACL
related to https://github.com/pfsense/FreeBSD-ports/blob/devel/net/pfSense-pkg-haproxy-devel/files/usr/local/www/hapr... Viktor Gurov
11:09 AM pfSense Docs Correction #12783 (Closed): Feedback on Backup and Recovery --- Using the AutoConfigBackup Service
Minor grammatical error.
https://docs.netgate.com/pfsense/en/latest/backup/autoconfigbackup.html#device-key
<... Christopher Cope
11:04 AM Feature #7727: uPnP fails to properly give out subsequent reservations when multiple gaming systems are playing the same game/using the same port
It is too late to include the fix in Plus 22.01 or CE 2.6.0, so you will need to re-apply the fix after upgrading. Jim Pingle
10:00 AM Feature #7727: uPnP fails to properly give out subsequent reservations when multiple gaming systems are playing the same game/using the same port
Pleased to say this has resolved the issue for me also! I can finally play warzone with my son, so happy thank you so... riva geeza
08:29 AM Feature #7727: uPnP fails to properly give out subsequent reservations when multiple gaming systems are playing the same game/using the same port
Perfect thank you and sorry for the noob question, I'm just really keen to see this resolved. Will report back later ... riva geeza
08:26 AM Feature #7727: uPnP fails to properly give out subsequent reservations when multiple gaming systems are playing the same game/using the same port
That is normal. It's telling you that it can apply the patch but it can't revert it. This means that the patch has no... Jim Pingle
08:22 AM Feature #7727: uPnP fails to properly give out subsequent reservations when multiple gaming systems are playing the same game/using the same port
Would like to test this but I'm not a developer, I've copied the diff text into the Patch Contents, left everything e... riva geeza
08:30 AM Bug #12781: DNS Resolver help text for **System Domain Local Zone Type** option refers users to ``unbound.conf(5)`` man page instead of pfSense docs
The larger debate over offline docs/man pages isn't relevant to this case, though. I believe there is already an open... Jim Pingle
08:26 AM Bug #12781: DNS Resolver help text for **System Domain Local Zone Type** option refers users to ``unbound.conf(5)`` man page instead of pfSense docs
Jim Pingle wrote in #note-1:
> If you hit the help link on the page (The "(?)" icon in the breadcrumb bar) the items... alzee bum
08:21 AM Bug #12781: DNS Resolver help text for **System Domain Local Zone Type** option refers users to ``unbound.conf(5)`` man page instead of pfSense docs
If you hit the help link on the page (The "(?)" icon in the breadcrumb bar) the items in question are documented in t... Jim Pingle
08:13 AM Bug #12319 (Pull Request Review): NAT reflection does not work for IPv6 port forwarding rules when configured for NAT+Proxy mode
Jim Pingle
08:11 AM Bug #12780 (Pull Request Review): L2TP/PPTP interface assignment page loses some values after input validation error
Jim Pingle
08:09 AM pfSense Packages Bug #12777 (Pull Request Review): STunnel writes config.xml on each start
Jim Pingle
08:07 AM Bug #12673 (Pull Request Review): Firewall Logs Dashboard Widget is slow and may fail to update
Jim Pingle
07:58 AM Bug #6253 (Pull Request Review): Firewall log widget action icon features stop working when new log entries are added dynamically
Since the first item is on a completely separate page and using different code it should be moved to a separate redmi... Jim Pingle
03:33 AM Bug #12750: Input validation prevents configuring wildcard Dynamic DNS records on GoDaddy
Any update on this and is it possible to make this change earlier as these are very important updates. Abdulaziz Al-Marwani

02/10/2022

12:05 PM Todo #12782 (Resolved): Disable ``pkg`` compatibility flag which creates ``txz`` file extension symbolic links
When pkg changed extension from .txz to .pkg we enabled a flag on poudriere to create a symlink with old extension fo... Renato Botelho
09:37 AM Bug #12781 (Resolved): DNS Resolver help text for **System Domain Local Zone Type** option refers users to ``unbound.conf(5)`` man page instead of pfSense docs
The /services_unbound.php page refers you to unbound.conf(5) man page for the meaning of the options for "System Doma... alzee bum
08:48 AM Bug #12319: NAT reflection does not work for IPv6 port forwarding rules when configured for NAT+Proxy mode
Danilo Zrenjanin wrote in #note-7:
> Tested on the:
> [...]
>
> It works only if you choose NAT + Proxy on the p... Viktor Gurov
06:02 AM Bug #12319 (New): NAT reflection does not work for IPv6 port forwarding rules when configured for NAT+Proxy mode
Viktor Gurov
05:55 AM Bug #12319: NAT reflection does not work for IPv6 port forwarding rules when configured for NAT+Proxy mode
Tested on the:... Danilo Zrenjanin
08:43 AM Bug #12626 (Resolved): Router Advertisement DNS search domain from one interface may unintentionally be used by other interfaces
Marking this ticket resolved. Danilo Zrenjanin
06:33 AM Bug #12626: Router Advertisement DNS search domain from one interface may unintentionally be used by other interfaces
Tested against:... Danilo Zrenjanin
05:32 AM pfSense Packages Bug #10436: softflowd no longer sends flow data after upgrade (v0.9.9_1 -> v1.0.0)
Tested on the SG-3100 (21.05.2). I got the same results.... Danilo Zrenjanin
03:31 AM Bug #12780: L2TP/PPTP interface assignment page loses some values after input validation error
fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/610 Viktor Gurov
03:13 AM Bug #12780 (Resolved): L2TP/PPTP interface assignment page loses some values after input validation error
How to reproduce:
1) Add L2TP/PPTP interface on the Interfaces / PPPs page
2) Assign interface L2TP/PPTP
3) After ... Viktor Gurov
03:01 AM pfSense Packages Bug #12777: STunnel writes config.xml on each start
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/180 Viktor Gurov
02:00 AM Bug #12673: Firewall Logs Dashboard Widget is slow and may fail to update
fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/609 Viktor Gurov
01:32 AM Bug #6253: Firewall log widget action icon features stop working when new log entries are added dynamically
2 & 3 fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/608 Viktor Gurov

02/09/2022

11:17 PM Bug #8179: Incorrect reverse DNS zone in DHCP server config for non-octet-aligned subnet mask
OMG for 4 years they cannot add custom block to DHCP config. Unbelievable level of support! Vyacheslav Kononenko
10:29 PM Bug #12779 (Duplicate): Bogus domain generated for reverse DDNS when network mask is custom (not 24 16 or 8)
Duplicate of #8179 Jim Pingle
06:43 PM Bug #12779 (New): Bogus domain generated for reverse DDNS when network mask is custom (not 24 16 or 8)
I have network with 192.168.100.0/23 which would include hosts from 192.168.100 and 192.168.101. In such configuratio... Vyacheslav Kononenko
05:52 PM pfSense Packages Feature #10818: UDP Broadcast Relay
Hello Viktor Gurov, is there any ETA for this package to be merged into pfSense? It seems the GitLab linked does not ... James M
04:43 PM pfSense Packages Feature #12329: Add optional floating firewall rules for IPv4 and IPv6
Offstage Roller wrote in #note-1:
> Update to the original description, the destination for IPv4 would be better if ... Alan Wilson
03:19 PM Regression #12745 (Resolved): AutoConfigBackup does not delete temporary encrypted configuration files from ``/tmp``
Tested on... Christopher Cope
02:55 PM Bug #12778 (Rejected): OpenVPN Widget doesn't show logged in users
Logged-in users are correctly displayed on the dashboard here. There isn't nearly enough information to determine why... Jim Pingle
02:52 PM Bug #12778 (Rejected): OpenVPN Widget doesn't show logged in users
Version: 2.6.0-RC (amd64) built on Mon Jan 24 18:44:12 UTC 2022
Expected behaviour:
Users logged into VPN are sh... Peter Pain
12:26 PM pfSense Packages Bug #12777 (Resolved): STunnel writes config.xml on each start
This can flood ACB:... Viktor Gurov
12:09 PM Feature #12776 (Duplicate): Allow Multiple Subnets for DHCP Server
Duplicate of #2323 and some overlap with #2774
 Jim Pingle
11:59 AM Feature #12776 (Duplicate): Allow Multiple Subnets for DHCP Server
Customer requested feature:
To be able to have pfSense handle multiple subnets on the same interface for the DHCP ... Kris Phillips
10:49 AM Bug #12774: Picture widget image is not saved in backup
But we can only backup image data if the "Include extra data" option is checked. Viktor Gurov
10:17 AM Bug #12774: Picture widget image is not saved in backup
That was an intentional change. See commit:1f0bbb13abd34ad06aa9272516b13a5c17a1dc08
Maybe we could suppress the pi... Jim Pingle
10:03 AM Bug #12774 (New): Picture widget image is not saved in backup
After restoring from a backup, the dashboard "picture widget" image is blank Viktor Gurov
10:43 AM pfSense Plus Bug #12759: Proprietary packages link to non-existant or non-public github pages
The other issue isn't really related. They are two distinct problems that wouldn't have a common solution.
This on... Jim Pingle
10:19 AM pfSense Plus Bug #12759: Proprietary packages link to non-existant or non-public github pages
Viktor Gurov wrote in #note-1:
> See also #9755
I understand Jim's comments on that redmine, but it seems since w... Kris Phillips
10:15 AM Bug #12775 (Pull Request Review): NTP service is not listed on ``status_services.php`` unless ``config.xml`` contains NTP configuration data
MR: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/607 Jim Pingle
10:14 AM Bug #12775 (Resolved): NTP service is not listed on ``status_services.php`` unless ``config.xml`` contains NTP configuration data
The NTP service is active by default and is running even on a fresh installation before the user configures NTP, whic... Jim Pingle
09:59 AM Feature #12773 (Pull Request Review): Ability to sort AutoConfigBackup entries
Jim Pingle
09:57 AM Feature #12773: Ability to sort AutoConfigBackup entries
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/606 Viktor Gurov
09:55 AM Feature #12773 (Closed): Ability to sort AutoConfigBackup entries
It would be useful to allow ACB columns to be sorted to quickly check the latest/first backup. Viktor Gurov
09:34 AM pfSense Packages Bug #12772 (Pull Request Review): Syslog-ng writes config.xml on each start
Jim Pingle
09:30 AM pfSense Packages Bug #12772: Syslog-ng writes config.xml on each start
fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/179 Viktor Gurov
08:20 AM pfSense Packages Bug #12772 (Resolved): Syslog-ng writes config.xml on each start
This can flood ACB:... Viktor Gurov
07:46 AM Bug #12771: Automatic filter reload with OpenVPN client gateway uplink happens too soon or not at all
after merging https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/516
`/usr/bin/touch /tmp/${1}_upstart4 (up... Viktor Gurov
02:31 AM Bug #12771 (Resolved): Automatic filter reload with OpenVPN client gateway uplink happens too soon or not at all
Not sure if this is strictly an OpenVPN client gateway issue or a gateway up/down issue in other scenarios as well, r... Jon8RFC .
07:46 AM Bug #12735 (Pull Request Review): Interface status "Total Interrupts" display is non-functional
Jim Pingle
07:18 AM Bug #12735: Interface status "Total Interrupts" display is non-functional
fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/605 Viktor Gurov
07:36 AM Feature #2505 (Pull Request Review): Toggle button to disable/enable multiple firewall rules
The link is internal and only available to Netgate developers, the changes will be visible in the public repository a... Jim Pingle
04:23 AM Feature #2505: Toggle button to disable/enable multiple firewall rules
Viktor Gurov wrote in #note-5:
> https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/604
not working link Ameelien Niko
04:20 AM Feature #2505: Toggle button to disable/enable multiple firewall rules
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/604 Viktor Gurov
01:19 AM Feature #2505: Toggle button to disable/enable multiple firewall rules
This would be excellent!
I guess when it needs to be done, people just resign themselves to "I'll just do them all... Jon8RFC .
07:34 AM Todo #12701 (Pull Request Review): Reorganize CARP status page
Jim Pingle
04:00 AM Todo #12701: Reorganize CARP status page
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/603 Viktor Gurov
02:01 AM Feature #7727: uPnP fails to properly give out subsequent reservations when multiple gaming systems are playing the same game/using the same port
Fixed for me. Thank you! Jon8RFC .

02/08/2022

09:16 PM Bug #12754: Google Domains Dynamic DNS responses are not parsed properly
Thank you for this. I edited my /etc/inc/dyndns.class file with your code snippet and that resolved my same issue. Dakota Hourie
04:02 PM pfSense Packages Bug #11836: FRR ACCEPTFILTER shows out of order prefix-list
Regarding ACCEPTFILTER, you can test the patch here listed on #11686 Marcos M
04:01 PM pfSense Packages Bug #11686: FRR generated ACCEPTFILTER permit statement broken
This can be applied using the System Patches package. Marcos M
12:59 PM Bug #8100: pfsync Initially Deletes States on Primary for Connections Established through Secondary
See #12702 Viktor Gurov
12:56 PM pfSense Packages Todo #11574 (Duplicate): Add "nobind" to exported OpenVPN configurations by default
Duplicate of #11575 Viktor Gurov
10:50 AM Feature #7727 (Pull Request Review): uPnP fails to properly give out subsequent reservations when multiple gaming systems are playing the same game/using the same port
MR: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/602
Diff for those wanting to test using the "Syst... Jim Pingle
10:48 AM Feature #7727: uPnP fails to properly give out subsequent reservations when multiple gaming systems are playing the same game/using the same port
Found a potential issue with the order of outbound NAT rule processing that seems to indicate that the new outbound N... Jim Pingle
07:35 AM pfSense Packages Bug #12758 (Pull Request Review): Route Handling Subnet field Input check
Jim Pingle
04:16 AM pfSense Packages Bug #12758: Route Handling Subnet field Input check
fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/178 Viktor Gurov
07:32 AM Bug #11416 (Pull Request Review): OpenVPN IPv4 Tunnel Network incorrectly allows hostnames
Jim Pingle
07:25 AM Bug #11416: OpenVPN IPv4 Tunnel Network incorrectly allows hostnames
fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/601 Viktor Gurov
 

Also available in: Atom