Activity

30 days up to

User

Subprojects

Activity

From 02/15/2022 to 03/16/2022

03/16/2022

06:39 PM Regression #12949: The ruleset is not regenerated after assigning an interface: Also seeing this in:... Steve Wheeler
06:17 PM Regression #12949: The ruleset is not regenerated after assigning an interface: I was able to reproduce this on 2.6 with a default config. Marcos M
06:14 PM Regression #12949: The ruleset is not regenerated after assigning an interface: Logs from a 2.5.2 VM where I reassigned WAN from em0 to vtnet0 and am able to login at the new IP imediately:... Steve Wheeler
05:44 PM Regression #12949 (Resolved): The ruleset is not regenerated after assigning an interface: In some circumstances the ruleset is not reloaded or regenerated after re-assigning an interface.
For example afte... Steve Wheeler
06:32 PM Bug #12950 (New): OpenVPN as default gateway does not get set at boot time: I have an OpenVPN gateway configured as my default gateway with a static route in place to ensure the VPN connects vi... James Chambers
02:37 PM Bug #12947: Old IPv6 addresses may continue to be used after DHCP or RA changes: I tried altering the script so it would fire during a renew with mixed success. Though I found another odd behavior. ... Jim Pingle
07:58 AM Bug #12947: Old IPv6 addresses may continue to be used after DHCP or RA changes: For that to trigger the client would have to fire the script during an event when the change occurs. It may not, but ... Jim Pingle
07:39 AM Bug #12947 (Feedback): Old IPv6 addresses may continue to be used after DHCP or RA changes: I recently started using T-Mobile 5G Home Internet. The gateway device you're required to use is almost completely un... David Myers
12:13 PM Feature #6626: Support for IPv6 firewall entries with dynamic delegated prefix and static host address: Thilo Gass wrote in #note-39:
> In https://redmine.pfsense.org/issues/12190 you find the information:
>
> Forma... Thilo Gass
11:38 AM pfSense Packages Bug #12948 (Resolved): IPsec Profile Wizard/Windows: Script generated for IKEv2 VPN using GCM does not use an optimal Phase 2 hash configuration: When mixing AE ciphers in a P2 with AEAD ciphers (e.g. AES with AES128-GCM), the wizard will generate a script with t... Marcos M
07:41 AM Bug #12946 (Duplicate): Unbound will not resolve long CNAME chains: Duplicate of #11595
We can't take on the technical debt that would come with carrying custom patches for this fore... Jim Pingle

03/15/2022

08:16 PM Revision 719da3ee: Remember dyn GW when if is down. Issue #12931: * When a dynamic interface goes down, retain its old gateway address in
a place we can read if if necessary
* When ... Jim Pingle
06:06 PM Bug #12946 (Duplicate): Unbound will not resolve long CNAME chains: This is relates to Bug #11595. Also documented with the Unbound team, https://github.com/NLnetLabs/unbound/issues/43... Steve Boyle
03:42 PM Feature #12945 (Resolved): Implement missing ipfw equivalents in libpfctl necessary for captiveportal: As indicated by Viktor Gurov:
> pfSense_ipfw_*() functions have been rewritten to use shell scripts, which is slow, ... Reid Linnemann
03:28 PM Feature #12931 (Feedback): Retain knowledge of previous dynamic gateway IP address when interface is down: Changes merged. Jim Pingle
03:23 PM Bug #12942 (In Progress): Code to kill states for old gateway when reconnecting an interface is incorrect: While this does work, it can be harsh and should be made optional if possible. A global option similar to the option ... Jim Pingle
02:57 PM pfSense Docs Correction #12944 (Closed): Hashtab no longer avaliable: Replaced HashTab with OpenHashTab: https://gitlab.netgate.com/docs/pfSense-docs/-/commit/9246ff1a5ea5df1b56186f1e3133... Jim Pingle
02:50 PM pfSense Docs Correction #12944 (In Progress): Hashtab no longer avaliable: Jim Pingle
02:49 PM pfSense Docs Correction #12944 (Closed): Hashtab no longer avaliable: At the following link we recommend Hashtab for Windows users, but they went out of business and for now it isn't avai... Christopher Cope
02:38 PM Revision 2e326e19: Enable /etc/rc.d/zfsbe support in pfSense-rc: Christian McDonald
10:12 AM pfSense Docs Todo #12158 (Closed): Feedback on Installing and Upgrading — Prepare Installation Media — Prepare a USB Memstick: This was fixed a while back, the linked page is just Etcher now. The page linked at the end with alternate techniques... Jim Pingle
10:04 AM pfSense Docs Todo #12704 (Closed): Add more HA DHCP troubleshooting info: Jim Pingle
07:32 AM Bug #12829: Dummynet kernel module fails to load after upgrade.: Lewis Smith wrote in #note-14:
> Luca De Andreis wrote in #note-13:
> > Hello everybody,
> >
> > I can confirm t... Luca De Andreis
07:14 AM Bug #12829: Dummynet kernel module fails to load after upgrade.: Luca De Andreis wrote in #note-13:
> Hello everybody,
>
> I can confirm that there are problems with PfSense 2.6.... Lewis Smith
07:18 AM Bug #12922: Classless static routes received on DHCP WAN can override chosen default gateway: I think there's a similar issue "here":https://github.com/pfsense/pfsense/blob/07fe3d3d60a61621171fbc0a1a5e42c1462fb5... David Myers
07:17 AM Bug #12943 (Duplicate): Routing bad if rename Alias destination network: Duplicate of #12727 Jim Pingle
01:16 AM Bug #12943 (Duplicate): Routing bad if rename Alias destination network: pfsense 2.5.2
Routing bad if rename Alias destination network
Create Alias for network destination routing
Creat... Aleks Bug
03:14 AM Bug #12941: Captive Portal on specific VLAN prevents routing to other networks (since 22.01): @jimp The suggested system patch successfully fixed the issue! Thank you. Lorenzo Marroccoli
02:35 AM pfSense Plus Feature #11732: Add VXLAN Support to pfSense Plus: Understand that VXLAN was supported but removed some time ago for not being enterprise ready.
From my understanding ... Reine Hålldin

03/14/2022

04:33 PM Revision 4cd703e9: Add bhyve config package: Brad Davis
03:11 PM Revision d250c083: Revert "Skip gateway if interface is down. Fixes #12920": This breaks some gateway operations because the gateways disappear
entirely when the interface loses link.
This reve... Jim Pingle
02:24 PM Bug #12942 (Pull Request Review): Code to kill states for old gateway when reconnecting an interface is incorrect: MR: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/673
Might be too aggressive, also might need to cove... Jim Pingle
10:45 AM Bug #12942 (Resolved): Code to kill states for old gateway when reconnecting an interface is incorrect: There are a few places where we may want to clear states using an old gateway when it's no longer valid, and there is... Jim Pingle
01:07 PM Feature #12931 (Pull Request Review): Retain knowledge of previous dynamic gateway IP address when interface is down: MR: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/672
Jim Pingle
08:35 AM Feature #12931 (In Progress): Retain knowledge of previous dynamic gateway IP address when interface is down: Jim Pingle
10:22 AM Bug #12920 (New): Gateway behavior differs when the gateway does not exist in the configuration: Jim Pingle
10:20 AM Bug #12920 (Feedback): Gateway behavior differs when the gateway does not exist in the configuration: Applied in changeset commit:d250c083dffa1e1d429f871f2081644dfa9d2f62. Jim Pingle
10:19 AM Bug #12920 (New): Gateway behavior differs when the gateway does not exist in the configuration: With this in place it removes dynamic gateway entries for interfaces such as DHCP entirely when they are down, which ... Jim Pingle
08:55 AM pfSense Packages Bug #12808: Wireguard Gateways disabled when Wireguard Service is Manually Restarted: I have the same issue. One side of the Wireguard VPN is disabled after reboot. Both sides of the VPN appear to have t... B P
08:02 AM Bug #12941: Captive Portal on specific VLAN prevents routing to other networks (since 22.01): @jimp thank you for your quick reply.
That would explain why I can RDP into devices on other VLAN and load a page... Lorenzo Marroccoli
07:28 AM Bug #12941 (Duplicate): Captive Portal on specific VLAN prevents routing to other networks (since 22.01): This is almost certainly a duplicate of #12834 or at least the same root cause. First thing to try is the patch in th... Jim Pingle
06:08 AM Bug #12941 (Duplicate): Captive Portal on specific VLAN prevents routing to other networks (since 22.01): Hello there,
this weekend I updated my 1537 to 22.01-RELEASE from the previous latest stable version.
The update ... Lorenzo Marroccoli
07:54 AM pfSense Docs Correction #12936 (Closed): HAproxy current versions: I removed all of the version-specific information from the doc as there wasn't a good reason to keep it.
I also cl... Jim Pingle
07:38 AM Feature #12939 (Rejected): Extend DNS query log: A client would never tell the DNS server the whole URL it is querying, only the address of the server which is what g... Jim Pingle
07:33 AM Regression #12904 (Not a Bug): Intel X500 series interfaces (ixgbe) show incoming errors in 2.6/22.01, whereas they did not in 2.5.2: That's what I expected given the behavior. It's just more accurate than it was in the past, so there isn't a bug here... Jim Pingle
07:28 AM Bug #11764 (New): IPv6 link local gateway default status not indicated in GUI: Jim Pingle

03/13/2022

10:04 PM Bug #11764: IPv6 link local gateway default status not indicated in GUI: I was running 2.7.0-dev up to around mid-January, then I shut it down to test the 2.6.0 release candidate and release... Daryl Morse
08:17 PM pfSense Packages Feature #9833: ACME: add ability to use custom ACME server: +1 for this as well.
Just started looking into sorting out the self-signed cert and thought there would be a better ... David Kemp
07:50 PM Bug #12940 (Resolved): Deleting a user on the primary node does not delete its home directory on secondary node during XMLRPC sync: In an HA configuration, deleting a user (System / User Manager) will only delete the user home directory on the prima... Marcos M
12:53 PM pfSense Docs Correction #12400: NAT 1:1 documentation - multi-wan information: May be better to say
> All traffic originating from that private IPv4 address leaving the selected interface will be... Marcos M
12:42 PM pfSense Docs Correction #11085 (Closed): Feedback on System Monitoring — CARP Status: Documentation now includes details on each mode/button. Marcos M
12:17 PM Bug #9358 (Closed): Lost default gateway after recover from failover with CARP VIP and HA: Tested on 22.01. This is no longer an issue. Marcos M
11:46 AM pfSense Packages Bug #12912 (Resolved): ACME is failing to fully issue a new certificate: This works again on 0.7_4. Marcos M
11:33 AM Bug #12440: Zero-value prefix IPv6 addresses are mishandled: Tested on @22.05.a.20220311.0600@ with the patch.
The IP @::192.168.10.10@ and @::ffff:192.168.10.10@ is being con... Marcos M
03:41 AM Feature #8173: dhcp6c - RAW Options: Is there any workaround for this? I'm experiencing problems because this isn't implemented - with Orange in FR. I've ... Nigel Smith

03/12/2022

02:08 PM Bug #12877: Cloudflare DynDNS fails to update more than two addresses: As a follow-up, I changed my DNS servers and my dynamic control of the domain back to Google. I stopped using Cloudfl... Bob Carpenter
01:56 PM Bug #12902 (Resolved): DNS Forwarder creates a loop when "Use local DNS, ignore remote DNS servers" is selected: Tested against:... Danilo Zrenjanin
11:42 AM Bug #12536 (Resolved): Setting a default gateway of "None" does not remove the default gateway from the routing table: fixed
Mark Gateway as Down/Disable this gateway removes the default GW from the routing table.
22.05.a.202203... Alhusein Zawi
10:18 AM Feature #12939: Extend DNS query log: Note that the problem is related to the redirect with as consequence that everything is referring to 127.0.0.1 . So a... Louis B
10:01 AM Feature #12939 (Rejected): Extend DNS query log: Hello,
I would like to monitor which computer is trying to reach which URL. I also like to block certain URL's. Fo... Louis B
09:37 AM Bug #12938 (Resolved): Incorrect warning from ``radvd`` about ``AdvRDNSSLifetime`` value: Hello,
I now this is not the first time that this issue pops up, however never the less it is not ok. (refer to e.... Louis B
08:23 AM Regression #12904: Intel X500 series interfaces (ixgbe) show incoming errors in 2.6/22.01, whereas they did not in 2.5.2: This looks almost certainly because of a driver change in 22.01/2.6:
https://github.com/pfsense/FreeBSD-src/commit/5... Steve Wheeler
07:10 AM Regression #12937 (Resolved): Traffic Shaper wizard can produce an invalid ruleset when configured with an IPv4 upstream SIP server: After running the traffic shaper wizard and defining an Upstream SIP server IP address under the VOIP specific settin... Danilo Zrenjanin
03:33 AM pfSense Docs Correction #12936 (Closed): HAproxy current versions: ... Danilo Zrenjanin
02:55 AM pfSense Packages Bug #12898 (Resolved): Update HAProxy Backend to Latest LTS: Installed HAproxy on the:... Danilo Zrenjanin

03/11/2022

08:33 PM Regression #12904: Intel X500 series interfaces (ixgbe) show incoming errors in 2.6/22.01, whereas they did not in 2.5.2: That was in a lagg of ix0+1 but as a single interface it's no different:... Steve Wheeler
04:22 PM Regression #12904: Intel X500 series interfaces (ixgbe) show incoming errors in 2.6/22.01, whereas they did not in 2.5.2: I'm unable to replicate this using an x520 NIC in an XG-7100:... Steve Wheeler
07:14 PM pfSense Docs Todo #12935 (Duplicate): Update ClamAV to 0.104.2 or latest non-release candidate (CVE-2022-20698): Duplicate of #12933 Jim Pingle
07:11 PM pfSense Docs Todo #12935 (Duplicate): Update ClamAV to 0.104.2 or latest non-release candidate (CVE-2022-20698): Currently ClamAV 0.104.1 is packaged in 22.01/2.6 and contains this vulnerability which was fixed in version 0.104.2.... Chris W
07:13 PM Todo #12934: Update strongSwan: That vulnerability is not relevant to pfSense. It affects EAP clients, and pfSense can only act as an EAP server.
... Jim Pingle
07:11 PM Todo #12934 (Resolved): Update strongSwan: Currently StrongSwan 5.9.4 is packaged in 22.01/2.6, and contains this vulnerability which was fixed in version 5.9.5... Chris W
06:51 PM pfSense Packages Bug #12933 (Resolved): Vulnerability in ClamAV Engine Used by Squid: https://www.tenable.com/plugins/nessus/156698
pfSense CE 2.6 and pfSense Plus 22.01 use ClamAV 0.104.1,1, which is... Kris Phillips
03:59 PM Revision 64b2a187: Disable buttons on the firewall_rules.php page if no rules selected. Fixes #12871: Viktor Gurov
01:19 PM Revision c5d0d75d: New methods for killing states. Implements #12092: Jim Pingle
11:42 AM pfSense Packages Bug #12924: DNS Resolver WireGuard ACL Inconsistency: Christian McDonald wrote in #note-2:
> Hi Kevin,
>
> I am having a hard time replicating this based on your initi... Kevin Mychal Ong
09:20 AM pfSense Packages Bug #12924: DNS Resolver WireGuard ACL Inconsistency: Hi Kevin,
I am having a hard time replicating this based on your initial issue description. Can you please outline... Christian McDonald
11:08 AM pfSense Packages Feature #12932 (New): pfblockerng per user whitelist: Have the ability to not have DNS blocking applied to certain IPs. Right now this can be written into Unbound using cu... Mike Moore
10:42 AM pfSense Docs Todo #12910 (Closed): Add warning to VTI and OpenVPN assignment docs about automatic default gateway: Another place the warning was needed: https://docs.netgate.com/pfsense/en/latest/vpn/wireguard/assign.html#assign-a-w... Jim Pingle
10:15 AM pfSense Docs Todo #12908 (Closed): Add notes to e-mail notification docs about Gmail App Passwords: Note added & deployed
https://gitlab.netgate.com/docs/pfSense-docs/-/commit/45d235f0274f0686b00ea5a57975227e3b216066 Jim Pingle
10:05 AM Bug #12871 (Feedback): Some action buttons are always active for firewall rules, even if no rules are selected: Applied in changeset commit:64b2a18796fbdb36123c117bb2463f9501a43b36. Viktor Gurov
08:24 AM Feature #855: Ability to selectively kill states on gateway recovery: Updating subject. Many scenarios are now possible with #12092 and also some more will be covered by #12931 so this ca... Jim Pingle
08:14 AM Feature #12807 (Duplicate): Clear Active Secondary WAN Connections: Jim Pingle
08:13 AM Bug #8555 (Duplicate): Selectively killing states on WAN failure: Closing as this is solved by #12092 which ended up covering what is currently possible in this kind of case. Jim Pingle
08:11 AM Feature #12931 (Resolved): Retain knowledge of previous dynamic gateway IP address when interface is down: Our current methods for determining a gateway IP address only work while an interface with a dynamic address is up (e... Jim Pingle
08:00 AM Feature #12092: Utilize new ``pfctl`` abilities to kill states: These changes will be available in snapshots soon. It grew a little bit since the initial description but it ended up... Jim Pingle
07:25 AM Feature #12092 (Feedback): Utilize new ``pfctl`` abilities to kill states: Applied in changeset commit:c5d0d75dbdb11753fb95b3ffb933e546d49924ca. Jim Pingle
07:39 AM Bug #12925: FQDN in network alias is omitted from OpenVPN networks list: Thanks for the quick fix. Let me know when the patch is updated and I'll re-apply and verify. Adrien Carlyle
06:15 AM Bug #12925 (New): FQDN in network alias is omitted from OpenVPN networks list: Adrien Carlyle wrote in #note-9:
> I tracked this down, the FQDN entry isn't being resolved and passed to openvpn wit... Viktor Gurov

03/10/2022

09:12 PM Revision 87b9ecff: Add rule ID text input to state dump page. Issue #12616: Reid Linnemann
05:09 PM Regression #12884: OpenVPN status display for TAP mode services shows peer-to-peer instead of client list in certain cases: Thanks, the combination of @5f3aa9464e9b9b8062faa47e7552552ff3841d92@ then @9be20fdf57fe9c9c17aa16542189854dbf1cbebd@... Evan Pearce
03:42 PM pfSense Packages Bug #12623: acme.sh package | DNS-ISPConfig settings: This one fixes the issue: https://github.com/acmesh-official/acme.sh/commit/01ace11293f4cf27f8e761114f48148bbcbad063 Morten Trab
03:05 PM pfSense Packages Bug #12623: acme.sh package | DNS-ISPConfig settings: Leaving the Allow Insecure blank, results in a different error:... Morten Trab
02:37 PM pfSense Packages Bug #12623: acme.sh package | DNS-ISPConfig settings: I should add, I tested the script and it is placing the correct variables into the environment and the script does se... Jim Pingle
02:32 PM pfSense Packages Bug #12623 (New): acme.sh package | DNS-ISPConfig settings: The upstream code still has a problem. If you leave "Allow Insecure" blank now it should at least get past that part,... Jim Pingle
06:35 AM pfSense Packages Bug #12623: acme.sh package | DNS-ISPConfig settings: I'm on 0.7_4 now and still see the exact same error - so no, still not fixed Morten Trab
03:23 PM Feature #12616 (Feedback): Option to filter state table contents by rule ID: Reid Linnemann
03:20 PM Feature #12616 (Resolved): Option to filter state table contents by rule ID: Input field added in 87b9ecff572e364f58b36293981b4c9b9ae20683
Mapping states to rules by rule id to get descriptio... Reid Linnemann
02:55 PM Regression #12866 (Resolved): Disabled Captive Portal configuration prevents adding an interface to a bridge: Tested on... Christopher Cope
02:55 PM Revision 60c0b333: OpenVPN FQDN in alias support. Fixes #12925: Viktor Gurov
02:51 PM Revision 773902ef: DHCPD: deny MAC Deny entries instead of ignore. Fixes #12923: Viktor Gurov
01:34 PM Bug #12925: FQDN in network alias is omitted from OpenVPN networks list: I tracked this down, the FQDN entry isn't being resolved and passed to openvpn with a /32 mask
This is an FQDN/32 ... Adrien Carlyle
01:13 PM Bug #12925: FQDN in network alias is omitted from OpenVPN networks list: I just noticed that this now shows in my OpenVPN client log when I try to connect while an FQDN entry is present in t... Adrien Carlyle
12:25 PM Bug #12925: FQDN in network alias is omitted from OpenVPN networks list: Adrien Carlyle wrote in #note-6:
> I applied the patch and rebooted the system. There is no change in behavior.
>... Viktor Gurov
11:53 AM Bug #12925: FQDN in network alias is omitted from OpenVPN networks list: I applied the patch and rebooted the system. There is no change in behavior.
Is there anything I can run on the ap... Adrien Carlyle
09:31 AM Bug #12925: FQDN in network alias is omitted from OpenVPN networks list: Adrien Carlyle wrote in #note-3:
> Viktor Gurov wrote in #note-1:
> > fix:
> > https://gitlab.netgate.com/pfSense/... Viktor Gurov
09:05 AM Bug #12925 (Feedback): FQDN in network alias is omitted from OpenVPN networks list: Applied in changeset commit:60c0b333c7ee5b951ad659a42693a1070a762ec1. Viktor Gurov
07:16 AM Bug #12925: FQDN in network alias is omitted from OpenVPN networks list: Viktor Gurov wrote in #note-1:
> fix:
> https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/667
That was... Adrien Carlyle
07:04 AM Bug #12925 (Pull Request Review): FQDN in network alias is omitted from OpenVPN networks list: Jim Pingle
01:38 AM Bug #12925: FQDN in network alias is omitted from OpenVPN networks list: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/667 Viktor Gurov
12:55 PM Bug #12871 (Pull Request Review): Some action buttons are always active for firewall rules, even if no rules are selected: Jim Pingle
10:31 AM Bug #12871: Some action buttons are always active for firewall rules, even if no rules are selected: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/670 Viktor Gurov
12:52 PM pfSense Docs Todo #12930 (Closed): HA Proxy package support: Fixed and deployed. Jim Pingle
12:20 PM pfSense Docs Todo #12930 (Closed): HA Proxy package support: HA Proxy is not on the list of officially supported packages:
https://www.netgate.com/supported-pfsense-plus-package... Danilo Zrenjanin
11:58 AM Regression #12817 (Resolved): PHP error when terminating OpenVPN sessions via the dashboard widget: Tested on... Christopher Cope
11:52 AM Bug #12929 (Closed): pfSense Does Not Properly Boot on UEFI in KVM: No problems here with e1000 or virtio NICs, or virtio disk controller. Might be specific to that version of KVM/qemu ... Jim Pingle
11:48 AM Bug #12929: pfSense Does Not Properly Boot on UEFI in KVM: Jim Pingle wrote in #note-1:
> I can't reproduce this, at least with KVM through Proxmox. It boots the ISO fine UEFI... Kris Phillips
11:16 AM Bug #12929 (Feedback): pfSense Does Not Properly Boot on UEFI in KVM: I can't reproduce this, at least with KVM through Proxmox. It boots the ISO fine UEFI, installs fine, and boots up an... Jim Pingle
10:45 AM Bug #12929 (Closed): pfSense Does Not Properly Boot on UEFI in KVM: It appears that pfSense is unable to boot in KVM on UEFI. It will only boot with BIOS mode. When selecting the Free... Kris Phillips
10:52 AM Bug #12926: Changing LAGG type on CARP interfaces makes VIPs go to an "init" State: Viktor Gurov wrote in #note-1:
> Unable to reproduce:
> [...]
>
> after changing the LAGG mode from LACP to ROUN... Kris Phillips
02:02 AM Bug #12926 (Feedback): Changing LAGG type on CARP interfaces makes VIPs go to an "init" State: Unable to reproduce:... Viktor Gurov
10:07 AM Feature #12741 (Resolved): Eliminate duplicate shell commands from history file: Tested on... Christopher Cope
09:43 AM Bug #12892 (Feedback): ``HTTPClient`` option not sent when using UEFI HTTP Boot: Merged:
https://github.com/pfsense/pfsense/commit/b68d8fe695bb0b03bef9d4d8a0e70ca238303e35 Viktor Gurov
07:08 AM Bug #12892 (Pull Request Review): ``HTTPClient`` option not sent when using UEFI HTTP Boot: Jim Pingle
03:28 AM Bug #12892 (New): ``HTTPClient`` option not sent when using UEFI HTTP Boot: small fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/669 Viktor Gurov
09:26 AM Revision b68d8fe6: Do not add HTTPClient entries if netboot is disabled. Issue #12892: Viktor Gurov
09:18 AM Bug #12923: DHCP "Ignore denied clients" option with MAC Deny list set causes DHCP server to not start: Patch works for me, thanks! Steve Y
09:05 AM Bug #12923 (Feedback): DHCP "Ignore denied clients" option with MAC Deny list set causes DHCP server to not start: Applied in changeset commit:773902efa92299d35b4b77bd6af1cba24cb65dba. Viktor Gurov
07:07 AM Bug #12923 (Pull Request Review): DHCP "Ignore denied clients" option with MAC Deny list set causes DHCP server to not start: Jim Pingle
03:08 AM Bug #12923: DHCP "Ignore denied clients" option with MAC Deny list set causes DHCP server to not start: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/668 Viktor Gurov
06:45 AM pfSense Packages Bug #12917: LoopiaAPI changed: Viktor Gurov wrote in #note-1:
> acme.sh updated to v3.0.2 in #12886
>
> Looks like we need to update acme.sh mon... Jim Pingle
02:07 AM pfSense Packages Bug #12917: LoopiaAPI changed: acme.sh updated to v3.0.2 in #12886
Looks like we need to update acme.sh monthly/quarterly. Viktor Gurov
06:10 AM pfSense Packages Bug #12928 (Not a Bug): FRR When using vtysh to save the configuration, any changes to the webgui are invalid: This is correct behavior.
The "Raw Config" tab is used for custom configuration:
https://docs.netgate.com/pfsense... Viktor Gurov
05:45 AM pfSense Packages Bug #12928 (Not a Bug): FRR When using vtysh to save the configuration, any changes to the webgui are invalid: about FRR，When using vtysh to save the configuration, any changes to the webgui are invalid.
Because there are man... yon Liu
05:30 AM Revision c07c5cf5: Skip gateway if interface is down. Fixes #12920: Viktor Gurov
04:20 AM Bug #12927 (Incomplete): OpenVPN with OCSP enabled allows connections with revoked certificates: OpenVPN doesn't honor certificate validity status against the site listed in the OCSP URL field.
See:
https://red... Danilo Zrenjanin

03/09/2022

11:40 PM Bug #12920 (Feedback): Gateway behavior differs when the gateway does not exist in the configuration: Applied in changeset commit:c07c5cf5f2387cb2b9efdf25545bafebfa414f00. Viktor Gurov
05:33 PM Bug #12920: Gateway behavior differs when the gateway does not exist in the configuration: Tested fixes on current 22.05 snap on an 1100 and 5100.
The gateway status / dpinger behavior is now the same:
Gatew... Marcos M
01:56 PM Bug #12920 (Pull Request Review): Gateway behavior differs when the gateway does not exist in the configuration: Jim Pingle
12:08 PM Bug #12920 (New): Gateway behavior differs when the gateway does not exist in the configuration: extra fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/666 Viktor Gurov
08:00 AM Bug #12920 (Feedback): Gateway behavior differs when the gateway does not exist in the configuration: Applied in changeset commit:e7954a79ce0d386706dcde2e039ef57875ecee0a. Viktor Gurov
07:34 AM Bug #12920 (Pull Request Review): Gateway behavior differs when the gateway does not exist in the configuration: Jim Pingle
06:21 AM Bug #12920: Gateway behavior differs when the gateway does not exist in the configuration: related to https://github.com/pfsense/pfsense/commit/da836151dbd6dff0f8759ef165b24e0e173b078e
improvement:
https:... Viktor Gurov
05:55 PM Bug #12926 (Duplicate): Changing LAGG type on CARP interfaces makes VIPs go to an "init" State: When changing a LAGG from any mode to another mode while it has child interfaces that are something like VLANs and CA... Kris Phillips
02:42 PM Bug #12925 (Resolved): FQDN in network alias is omitted from OpenVPN networks list: I implemented this new feature (https://redmine.pfsense.org/issues/2668) on our OpenVPN server but have noticed some ... Adrien Carlyle
01:57 PM Revision 07fe3d3d: Update HAProxy-stable to version 2.2. Implements #12898: Viktor Gurov
01:54 PM Revision 9be20fdf: OpenVPN status TAP mode double entries fix. Issue #12884: Viktor Gurov
01:49 PM Revision e7954a79: Restart gateways monitor on dynamic interface down. Fixes #12920: Viktor Gurov
12:38 PM pfSense Packages Bug #12869 (Feedback): Bind DNS Package AAAA filtering Broken on new ZFS Installs: Merged to devel and 22.01/2.6 Viktor Gurov
07:34 AM pfSense Packages Bug #12869 (Pull Request Review): Bind DNS Package AAAA filtering Broken on new ZFS Installs: Jim Pingle
07:10 AM pfSense Packages Bug #12869 (New): Bind DNS Package AAAA filtering Broken on new ZFS Installs: regression: https://forum.netgate.com/topic/170558/bind-package-9-16_12-reads-from-cf-named-but-changes-in-the-gui-ar... Viktor Gurov
10:59 AM pfSense Packages Bug #12924 (New): DNS Resolver WireGuard ACL Inconsistency: Initially, I had two pfsense nodes connected via the WireGuard package. My tunnel network was 10.0.3.0/30 for p2p. I ... Kevin Mychal Ong
10:57 AM pfSense Packages Bug #12898: Update HAProxy Backend to Latest LTS: FreeBSD-ports merge:
https://github.com/pfsense/FreeBSD-ports/commit/da9ed529f30212fd826aebc3b7e896fce7a15217 Viktor Gurov
08:05 AM pfSense Packages Bug #12898 (Feedback): Update HAProxy Backend to Latest LTS: Applied in changeset pfsense:commit:07fe3d3d60a61621171fbc0a1a5e42c1462fb5ed. Viktor Gurov
10:52 AM Bug #12922: Classless static routes received on DHCP WAN can override chosen default gateway: Rewording the subject to be more precise.
It's unusual to get classless static routes from DHCP in most cases so the... Jim Pingle
10:30 AM Bug #12922 (Confirmed): Classless static routes received on DHCP WAN can override chosen default gateway: Although I'm still running 2.5.2 I believe this bug is also in 2.6.0 based on a diff of the file in question.
I ha... David Myers
10:44 AM Feature #8861: Show SFP module details on ``status_interfaces.php``: I just applied this patch and it fixed the issue. Thanks! Glenn Hall
10:42 AM Feature #8861 (Feedback): Show SFP module details on ``status_interfaces.php``: Merged:
https://github.com/pfsense/pfsense/commit/e4b4c3d2f919621eb7c684c0ed5d7593f255349f Viktor Gurov
07:11 AM Feature #8861 (Pull Request Review): Show SFP module details on ``status_interfaces.php``: Jim Pingle
02:21 AM Feature #8861 (New): Show SFP module details on ``status_interfaces.php``: Glenn Hall wrote in #note-9:
> I am now receiving the following PHP errors when I view the Status-->Interfaces page ... Viktor Gurov
10:41 AM Regression #12884 (Feedback): OpenVPN status display for TAP mode services shows peer-to-peer instead of client list in certain cases: Merged:
https://github.com/pfsense/pfsense/commit/9be20fdf57fe9c9c17aa16542189854dbf1cbebd Viktor Gurov
07:37 AM Regression #12884 (Pull Request Review): OpenVPN status display for TAP mode services shows peer-to-peer instead of client list in certain cases: Jim Pingle
07:17 AM Regression #12884 (New): OpenVPN status display for TAP mode services shows peer-to-peer instead of client list in certain cases: Evan Pearce wrote in #note-9:
> The patch above resolves my issue -- once applied, the user remote access service di... Viktor Gurov
05:07 AM Regression #12884: OpenVPN status display for TAP mode services shows peer-to-peer instead of client list in certain cases: The patch above resolves my issue -- once applied, the user remote access service displays client connections.
How... Evan Pearce
10:40 AM Bug #12923 (Resolved): DHCP "Ignore denied clients" option with MAC Deny list set causes DHCP server to not start: Scenario:
* in DHCP server config, MAC Deny option is set with a MAC address
* user wants to not log that every few... Steve Y
10:36 AM Regression #11545: Primary interface address is not always used when VIPs are present: I have this exact issue on 22.01. It manifests on reboot with OpenVPN server start binding to wrong IP. Note that o... Jeff Quasarano
08:20 AM Revision e4b4c3d2: Status Interfaces SPF details fix. Feature #8861: Viktor Gurov
08:06 AM Feature #12092: Utilize new ``pfctl`` abilities to kill states: Updating subject as this has evolved a bit to encompass both killing by label for rule IDs and killing by gateway. Jim Pingle
07:15 AM pfSense Plus Bug #12919 (Not a Bug): Enabling gateway failover introduces latency increase and causes artificial failover scenario: The symptoms sound similar to #12827 -- it might be worth trying the workaround which is available in the recommended... Jim Pingle
03:25 AM pfSense Plus Bug #12919: Enabling gateway failover introduces latency increase and causes artificial failover scenario: The issue issue is resolved, or rather is not an issue / not an accurate description. The same latency increase to >1... Ash Morris
05:51 AM Bug #12921 (Not a Bug): Interface status shows DHCP down after bouncing interface: This is the correct behavior - if you manually execute @ifconfig eth0 up@, it will not restart DHCPd using the servic... Viktor Gurov

03/08/2022

09:36 PM Feature #8861: Show SFP module details on ``status_interfaces.php``: I am now receiving the following PHP errors when I view the Status-->Interfaces page while running 2.7.0.a.20220308.0... Glenn Hall
07:21 PM Bug #12921 (Not a Bug): Interface status shows DHCP down after bouncing interface: Tested on 22.01 and 21.05. Issue can be reproduced on ESXi with pass-through NIC, and on an @1100@; unable to reprodu... Marcos M
06:59 PM Bug #12920: Gateway behavior differs when the gateway does not exist in the configuration: Some notes:
It shouldn't be an issue for WAN failover on 22.05 given that @dpinger@ starts back up. However, it's ... Marcos M
06:56 PM Bug #12920 (Resolved): Gateway behavior differs when the gateway does not exist in the configuration: The gateway status and @dpinger@ behave differently when the respective gateway entry does not exist in the @config.x... Marcos M
03:24 PM pfSense Plus Bug #12919: Enabling gateway failover introduces latency increase and causes artificial failover scenario: Apologies, affected version should read 22.01. Ash Morris
11:53 AM pfSense Plus Bug #12919: Enabling gateway failover introduces latency increase and causes artificial failover scenario: Forum post: https://forum.netgate.com/topic/170595/sg-5100-wan-failover-at-gigabit-saturation?_=1646751316923
... Ash Morris
11:45 AM pfSense Plus Bug #12919 (Not a Bug): Enabling gateway failover introduces latency increase and causes artificial failover scenario: Forum post: https://forum.netgate.com/topic/170595/sg-5100-wan-failover-at-gigabit-saturation?_=1646751316923
Issu... Ash Morris
01:49 PM Regression #12897: Attempting to decrypt an encrypted backup with the wrong password makes the GUI timeout: Jim Pingle wrote in #note-10:
> I took a slightly different approach since I wasn't a fan of the repetition of the c... Phil Wardt
09:32 AM Feature #12092: Utilize new ``pfctl`` abilities to kill states: Kristof let me know that we do also have @pfctl -k gateway -k x.x.x.x@ which would fill the missing pieces in here. I... Jim Pingle
07:40 AM Feature #12092: Utilize new ``pfctl`` abilities to kill states: The more I consider how this might work the less sure I am that the gateway part would be useful in a way most users ... Jim Pingle

03/07/2022

09:32 PM Revision 2404ca68: Encrypt/Decrypt Robustness & Testing. Issue #12897: * Move cleanup to separate function.
* Be more aggressive with cleanup when performing multiple crypto
attempts.
* ... Jim Pingle
07:03 PM Revision 5f3aa946: OpenVPN status incorrect TAP mode RA server+empty tunnel. Fixes #12884: Viktor Gurov
05:59 PM Revision 0d186018: Encode pftop output. Fixes #12915: Jim Pingle
04:50 PM Revision 9a36d901: Define dnsmasq upstream DNS via --server option. Fixes #12902: Viktor Gurov
04:49 PM Revision fc455333: Show SFP module details on status_interfaces.php. Implements #8861: Viktor Gurov
03:51 PM pfSense Packages Bug #12907: PIMD: Nonexistent interfaces should be hidden/disabled in pimd.conf before bringing up the service: I faced an issue similar to this with the Snort and Suricata packages some time back. I handled it there by always ch... Bill Meeks
10:02 AM pfSense Packages Bug #12907: PIMD: Nonexistent interfaces should be hidden/disabled in pimd.conf before bringing up the service: The base system has no way to scan/inform packages about an interface being removed, it's up to the admin to maintain... Jim Pingle
09:30 AM pfSense Packages Bug #12907: PIMD: Nonexistent interfaces should be hidden/disabled in pimd.conf before bringing up the service: Jim Pingle wrote in #note-1:
> PIMD has options to not behave that way.
>
> Sounds like what you really want is t... Pete Holzmann
08:26 AM pfSense Packages Bug #12907 (Feedback): PIMD: Nonexistent interfaces should be hidden/disabled in pimd.conf before bringing up the service: PIMD has options to not behave that way.
Sounds like what you really want is to have PIMD set to "Bind to None" an... Jim Pingle
03:40 PM Regression #12897: Attempting to decrypt an encrypted backup with the wrong password makes the GUI timeout: I took a slightly different approach since I wasn't a fan of the repetition of the cleanup code.
I also added a PHP ... Jim Pingle
03:27 AM Regression #12897: Attempting to decrypt an encrypted backup with the wrong password makes the GUI timeout: the clean of temp files lines are also maybe excessive. This can only occur if at the end, the GUI times out
Maybe I... Phil Wardt
03:17 AM Regression #12897: Attempting to decrypt an encrypted backup with the wrong password makes the GUI timeout: Jim Pingle wrote in #note-5:
>
> I did, and it worked as expected. It failed in a timely manner with the correct e... Phil Wardt
02:34 PM Feature #12092 (In Progress): Utilize new ``pfctl`` abilities to kill states: Adding basic functions here is pretty straightforward. It's easy enough to add a means to kill states created by a ru... Jim Pingle
02:29 PM pfSense Packages Feature #12918 (New): pfBlockerNG-devel changes from xmlrpc sync do not take effect immediately: When pfBlockerNG-devel syncs its settings (e.g. custom IPv4 list) to a secondary firewall, the settings on the second... Marcos M
01:54 PM pfSense Packages Bug #12917 (Resolved): LoopiaAPI changed: Any users using LoopiaAPI can't issue or renew certificates. This has been fixed upstream at the below link.
https... Christopher Cope
01:34 PM pfSense Packages Bug #12916 (New): pfBlockerNG-devel cron job does not trigger xmlrpc sync: Tested on pfSense 2.6.0 and pfBlockerNG-devel 3.1.0_1
pfBlockerNG-devel option "Enable Sync" with "Sync to host(s) d... Marcos M
01:10 PM Regression #12884 (Feedback): OpenVPN status display for TAP mode services shows peer-to-peer instead of client list in certain cases: Applied in changeset commit:5f3aa9464e9b9b8062faa47e7552552ff3841d92. Viktor Gurov
11:05 AM Regression #12884 (Pull Request Review): OpenVPN status display for TAP mode services shows peer-to-peer instead of client list in certain cases: Jim Pingle
12:10 PM Regression #12915 (Feedback): ``diag_pftop.php`` does not fully encode output: Applied in changeset commit:0d1860181f0660704b3e749bbb0a4c207ad68925. Jim Pingle
11:58 AM Regression #12915 (Confirmed): ``diag_pftop.php`` does not fully encode output: Jim Pingle
11:54 AM Regression #12915 (Resolved): ``diag_pftop.php`` does not fully encode output: diag_pftop.php shows rules without quoting "<>".... Grischa Zengel
11:01 AM pfSense Packages Bug #12912 (Feedback): ACME is failing to fully issue a new certificate: Fix merged, will be in ACME pkg v 0.7_4.
In the meantime, check the debug option on a certificate and it should wo... Jim Pingle
10:44 AM pfSense Packages Bug #12912 (Resolved): ACME is failing to fully issue a new certificate: Creating a new certificate in ACME is not working properly. The GUI output only shows that it generates the private k... Jim Pingle
11:00 AM Bug #12902 (Feedback): DNS Forwarder creates a loop when "Use local DNS, ignore remote DNS servers" is selected: Applied in changeset commit:9a36d90138b5230abeacd80162fca7c4937263de. Viktor Gurov
07:42 AM Bug #12902 (Pull Request Review): DNS Forwarder creates a loop when "Use local DNS, ignore remote DNS servers" is selected: Jim Pingle
11:00 AM Feature #8861 (Feedback): Show SFP module details on ``status_interfaces.php``: Applied in changeset commit:fc455333eedb53ce6fcad1db01d5a736467c997b. Viktor Gurov
10:58 AM pfSense Packages Bug #12670: ACME package writes credentials to system log: If we try this again as a debug option we must test this better, at a minimum:
* Creating a new account key should... Jim Pingle
10:44 AM pfSense Packages Bug #12670 (New): ACME package writes credentials to system log: The debug option added broke several things. It broke the ability to create account keys, and it is breaking new ACME... Jim Pingle
10:21 AM Feature #12687: Option to disable auto-addition of static routes for ``dpinger``: Flole Systems wrote in #note-16:
> Uhm, this PR gets rid of the entries in the routing table. If that's a problem th... Jim Pingle
10:16 AM Feature #12687: Option to disable auto-addition of static routes for ``dpinger``: Uhm, this PR gets rid of the entries in the routing table. If that's a problem then this shouldn't have been merged.
... Flole Systems
09:01 AM Feature #12687: Option to disable auto-addition of static routes for ``dpinger``: Flole Systems wrote in #note-14:
> dpinger binds itself to an interface, the routing table is never used since dping... Jim Pingle
08:55 AM Feature #12687: Option to disable auto-addition of static routes for ``dpinger``: dpinger binds itself to an interface, the routing table is never used since dpinger makes that decision. I am sometim... Flole Systems
08:45 AM Feature #12687: Option to disable auto-addition of static routes for ``dpinger``: #1 should definitely be in its own separate PR with its own feature request. I'm not sure that's viable even without ... Jim Pingle
07:53 AM Feature #12687: Option to disable auto-addition of static routes for ``dpinger``: @jimp I was going to open a new PR for the additional 2 changes:
1) allow same monitor IP to be used across multi... → luckman212
07:41 AM Feature #12687 (Pull Request Review): Option to disable auto-addition of static routes for ``dpinger``: Adding cleanup for routes when activating the option should probably get filed under a separate request, since this i... Jim Pingle
10:10 AM pfSense Docs Todo #12910 (Closed): Add warning to VTI and OpenVPN assignment docs about automatic default gateway: The docs for assigning VTI and OpenVPN interfaces could use a warning about automatic default gateway behavior, simil... Jim Pingle
08:28 AM pfSense Packages Feature #12909 (New): Convert Suricata GeoIP Lookup feature on ALERTS tab to use local GeoIP2 database: Convert the GeoIP lookup feature available on the ALERTS tab in the Suricata package to use the local GeoIP2 database... Bill Meeks
08:13 AM Bug #12906 (Rejected): services_dyndns_edit.php - syntax error: That isn't invalid syntax. It's OK to have a trailing comma on an array entry, and in some cases encouraged as it mak... Jim Pingle
08:05 AM Bug #12905: Add VLAN Re-assignment to Import Interface Mismatch Wizard: There is no "interface mismatch wizard" all it does is present the existing interface assignment screen. So however t... Jim Pingle
07:56 AM pfSense Docs Todo #12908 (Closed): Add notes to e-mail notification docs about Gmail App Passwords: Google is shutting down access to e-mail services with traditional username/password authentication for security reas... Jim Pingle
07:52 AM Feature #12903: alternative authentication methods for email notifications?: I can add a note in the documentation but adding a provider-specific note in the GUI doesn't seem like a good trend t... Jim Pingle
07:49 AM Regression #12904: Intel X500 series interfaces (ixgbe) show incoming errors in 2.6/22.01, whereas they did not in 2.5.2: On the thread the person reporting it says the value of @dev.ix.0.mac_stats.checksum_errs@ correlates to the very low... Jim Pingle
07:35 AM pfSense Packages Bug #12898 (Pull Request Review): Update HAProxy Backend to Latest LTS: They are still putting out 2.2.x releases and it's a smaller and therefore safer jump. If that is OK then after a whi... Jim Pingle
07:32 AM Bug #12901 (Needs Patch): DNS Forwarder refuses valid retries from clients in certain cases: That does sound like a problem inside dnsmasq itself. When they put that into a release and that release gets into po... Jim Pingle

03/06/2022

08:14 PM Bug #7347 (Closed): Config Sync - Breaks on null value: Tested on 22.01 and could not reproduce issue - likely already resolved; closing due to lack of feedback and age. Marcos M
06:37 PM Bug #11864 (Resolved): OpenVPN stays bound to previous IP address after interface changes: Tested on @22.05.a.20220227.0100@; working correctly now. Marcos M
05:41 PM pfSense Packages Feature #9833: ACME: add ability to use custom ACME server: Manny Tew wrote in #note-5:
> + 1 for this as well. This is critical for proper security in a homelab in 2021+ Inval... Manny Tew
05:30 PM pfSense Packages Bug #12907 (Feedback): PIMD: Nonexistent interfaces should be hidden/disabled in pimd.conf before bringing up the service: At this point, pimd is unaware of nonexistent interfaces. This can lead to a kernel panic.
(My case: I removed newly... Pete Holzmann
05:18 PM Regression #12884 (Feedback): OpenVPN status display for TAP mode services shows peer-to-peer instead of client list in certain cases: Feel free to test the following patch and let us know if it resolves your issue:... Marcos M
01:03 PM Bug #12906 (Rejected): services_dyndns_edit.php - syntax error: Syntax error:
https://github.com/pfsense/pfsense/blob/master/src/usr/local/www/services_dyndns_edit.php#L505 BBcan177 .
04:31 AM pfSense Packages Feature #11827: Please include acme deploy folder/scripts: +1 for this as well. Note, the certs seem to be stored in a non-standard acme.sh way under /conf/acme, so more work m... Simon Cosyd
02:16 AM Bug #12895: pfSense single interface upload speed bug: After testing for few days, finally got what is wrong with it. I have to run "pfctl -d" to disable pfsense firewall f... pf bug
01:28 AM pfSense Packages Bug #12898: Update HAProxy Backend to Latest LTS: Kris Phillips wrote in #note-2:
> Viktor Gurov wrote in #note-1:
> > HAProxy-devel is already 2.4 (2026-Q2 (LTS))
... Viktor Gurov

03/05/2022

11:47 PM pfSense Packages Bug #12844 (Resolved): Invalid title link in the apcupsd package dashboard widget: Viktor Gurov
02:47 PM pfSense Packages Bug #12844: Invalid title link in the apcupsd package dashboard widget: Patch works to correct Apcupsd widget link to status page - applied to 22.01 and 22.05.a.20220305.0600 Jordan G
08:46 PM Bug #12871: Some action buttons are always active for firewall rules, even if no rules are selected: The delete button being always available even without selection is present in 2.6/22.01 and 21.05.X/2.5.X. It does t... Kris Phillips
08:38 PM Bug #12905: Add VLAN Re-assignment to Import Interface Mismatch Wizard: Also important to note that this would greatly improve the current situation with importing configs with discrete int... Kris Phillips
08:31 PM Bug #12905 (New): Add VLAN Re-assignment to Import Interface Mismatch Wizard: Currently if an interface is assigned to an interface in an imported config, there is no way to re-assign the interfa... Kris Phillips
08:35 PM pfSense Packages Bug #11530: ntopng 4.2 needs to be updated to 4.3, Bug when accessing a host for details: Sish Kitane wrote in #note-4:
> I can reproduce this in VMs for both 2.5.2 and 2.6. I don't think the new 5.0 packag... Kris Phillips
08:27 PM pfSense Packages Bug #12898: Update HAProxy Backend to Latest LTS: Viktor Gurov wrote in #note-1:
> HAProxy-devel is already 2.4 (2026-Q2 (LTS))
>
> HAProxy-stable update to 2.2 ve... Kris Phillips
01:10 AM pfSense Packages Bug #12898: Update HAProxy Backend to Latest LTS: HAProxy-devel is already 2.4 (2026-Q2 (LTS))
HAProxy-stable update to 2.2 version (2025-Q2 (LTS)):
https://gitlab... Viktor Gurov
04:11 PM Bug #10784 (Closed): HA-sync with ssh keys: Unable to reproduce - tested on 22.01 by checking @/home/<user>/.ssh@ after:
* using default admin account to sync
... Marcos M
03:25 PM Bug #7841 (Closed): CARP Sync Issue - when no internet on standby: Tested on 22.01 following the same steps (blocked secondary node's IP address on upstream firewall). Config sync work... Marcos M
01:51 PM Revision 99196f13: Gateways edit page double content fix. Issue #12687: Viktor Gurov
01:34 PM Bug #12892 (Resolved): ``HTTPClient`` option not sent when using UEFI HTTP Boot: Tested against:... Danilo Zrenjanin
01:28 PM Feature #12392 (Resolved): Allow the selection of "any" interface in floating rules: tested 2.7.0.a.20220305.0600 (interface: any) no php error.
Alhusein Zawi
12:50 PM Bug #12876 (Resolved): Changing RAM disk size does not prompt to reboot: Tested against:... Danilo Zrenjanin
11:50 AM Feature #12903: alternative authentication methods for email notifications?: Jim Pingle wrote in #note-2:
> We can look into other ways to authenticate, but in the Gmail case it should still wo... gavin penney
09:43 AM Feature #12903: alternative authentication methods for email notifications?: We can look into other ways to authenticate, but in the Gmail case it should still work with App Passwords: https://s... Jim Pingle
01:15 AM Feature #12903: alternative authentication methods for email notifications?: oops, i meant to add the email from google, not that it matters that much.... gavin penney
10:48 AM Regression #12904 (Not a Bug): Intel X500 series interfaces (ixgbe) show incoming errors in 2.6/22.01, whereas they did not in 2.5.2: Notes as of the time of filing:
- Errors are only on incoming packets, not outgoing.
- All users reporting so far a... Chris W
10:43 AM Bug #12902 (New): DNS Forwarder creates a loop when "Use local DNS, ignore remote DNS servers" is selected: Confirmed
fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/657 Viktor Gurov
09:17 AM Bug #12902: DNS Forwarder creates a loop when "Use local DNS, ignore remote DNS servers" is selected: No.... Can you please just leave issues that you don't understand for someone else to take care of? Thanks. Or at lea... Flole Systems
09:09 AM Bug #12902: DNS Forwarder creates a loop when "Use local DNS, ignore remote DNS servers" is selected: Flole Systems wrote in #note-2:
> Why should this be related to DNS rebind protection? It happens for any query. Also... Viktor Gurov
04:58 AM Bug #12902: DNS Forwarder creates a loop when "Use local DNS, ignore remote DNS servers" is selected: Why should this be related to DNS rebind protection? It happens for any query. Also on my system DNS rebind protectio... Flole Systems
03:40 AM Bug #12902 (Not a Bug): DNS Forwarder creates a loop when "Use local DNS, ignore remote DNS servers" is selected: Your issue is related to DNS rebind protection,
please read https://docs.netgate.com/pfsense/en/latest/services/dns/... Viktor Gurov
10:42 AM Feature #12687: Option to disable auto-addition of static routes for ``dpinger``: Wow thanks, that was a fast response! I think you simply need to check if the option is set for the current gateway o... Flole Systems
10:23 AM Feature #12687: Option to disable auto-addition of static routes for ``dpinger``: @Flole Systems you're right that in theory you should be able to use the same monitor IP for multiple gateways after ... → luckman212
10:11 AM Feature #12687: Option to disable auto-addition of static routes for ``dpinger``: Also I tried to enable this option for all my Gateways now but the static routes are still there. So it looks like th... Flole Systems
10:02 AM Feature #12687: Option to disable auto-addition of static routes for ``dpinger``: With this change it should be possible to set the same monitor IP on multiple different gateways, right? The GUI isn'... Flole Systems
09:13 AM Feature #12687: Option to disable auto-addition of static routes for ``dpinger``: → luckman212 wrote in #note-5:
> Thanks Viktor! Ouch, I don't know how I missed that.
>
> I can't see the private... Viktor Gurov
09:03 AM Feature #12687: Option to disable auto-addition of static routes for ``dpinger``: Thanks Viktor! Ouch, I don't know how I missed that.
I can't see the private gitlab but I assume you just removed th... → luckman212
07:54 AM Feature #12687 (New): Option to disable auto-addition of static routes for ``dpinger``: after this merge, the "Gateway Edit Page" has double content
fix:
https://gitlab.netgate.com/pfSense/pfSense/-/me... Viktor Gurov
10:18 AM Bug #12852: Gateway which is forced as inactive does still trigger filter reloads: Maybe the UI is just misleading here: There is an option to disable the gateway monitoring action (which states that ... Flole Systems
09:52 AM Bug #12852: Gateway which is forced as inactive does still trigger filter reloads: I don't need support. I have fixed the issue for me by modifying /etc/rc.gateway_alarm (which by the way unconditiona... Flole Systems
09:07 AM Bug #12852 (Rejected): Gateway which is forced as inactive does still trigger filter reloads: Unable to reproduce this issue - "forced down" gate doesn't trigger filter reload (tested on 22.01/2.6/2.7)
Th... Viktor Gurov
08:19 AM Regression #12827: High latency and packet loss during a filter reload: Why is there any need for hashing? You want to compare rules if I understand that correctly, there's no need to hash ... Flole Systems
06:46 AM Regression #12827: High latency and packet loss during a filter reload: As a status update I added a red-black tree so that rules can be looked up cheaper. Pre-computed md5 hash is used as ... Mateusz Guzik
05:45 AM Feature #8365 (Resolved): Button to copy rules from one interface to another: Tested on the:... Danilo Zrenjanin
05:42 AM Regression #12897: Attempting to decrypt an encrypted backup with the wrong password makes the GUI timeout: And a full patch attached that I properly tested
It should be applied in place of https://redmine.pfsense.org/issues... Phil Wardt
03:50 AM Regression #12897: Attempting to decrypt an encrypted backup with the wrong password makes the GUI timeout: Jim Pingle wrote in #note-5:
> Phil Wardt wrote in #note-4:
> > please test it before merging, even if it looks prope... Phil Wardt
05:35 AM Bug #12896 (Resolved): ``HTTPClient`` option does not work for static mappings: Tested aginst:... Danilo Zrenjanin

03/04/2022

11:25 PM Feature #12903 (New): alternative authentication methods for email notifications?: i have been using gmail for years but they are disabling password only access to accounts.
since pfsense has only pa... gavin penney
08:40 PM Bug #12901: DNS Forwarder refuses valid retries from clients in certain cases: I believe the fix for this could be this patch which seems to be already merged upstream: https://thekelleys.org.uk/g... Flole Systems
06:44 PM Bug #12901 (Resolved): DNS Forwarder refuses valid retries from clients in certain cases: Since upgrading to 22.02 I noticed that some Windows clients are sometimes refusing to load websites. Looking at the ... Flole Systems
08:17 PM Revision dde642ca: Fix infinite CPU loop on failed restore: When restoring a backup with wrong password or a user custom iterations count different than 10k or 500k, GUI timed o... Phil Wardt
06:48 PM Bug #12902 (Resolved): DNS Forwarder creates a loop when "Use local DNS, ignore remote DNS servers" is selected: I am using the DNS Forwarder, I set up a few DNS Servers in System->General Settings. Also I selected "Use local DNS,... Flole Systems
02:46 PM Feature #2505 (Resolved): Toggle button to disable/enable multiple firewall rules: Tested successfully on... Christopher Cope
02:37 PM Revision bf9d32bf: Revert "captiveportal: fix ipfw rules": This reverts commit 9dac41af43a5b977a604098688776987c4f76722. Kristof Provost
02:34 PM Regression #12897: Attempting to decrypt an encrypted backup with the wrong password makes the GUI timeout: Phil Wardt wrote in #note-4:
> please test it before merging, even if it looks proper to me
I did, and it worked ... Jim Pingle
02:20 PM Regression #12897: Attempting to decrypt an encrypted backup with the wrong password makes the GUI timeout: Jim Pingle wrote in #note-3:
> Yep, I see it now, too. Good catch, thanks! I merged your PR, it will be in the next ... Phil Wardt
02:18 PM Regression #12897 (Feedback): Attempting to decrypt an encrypted backup with the wrong password makes the GUI timeout: Yep, I see it now, too. Good catch, thanks! I merged your PR, it will be in the next snapshot. Jim Pingle
02:11 PM Regression #12897: Attempting to decrypt an encrypted backup with the wrong password makes the GUI timeout: Jim Pingle wrote:
> Following the changes in #12556 attempting to decrypt an encrypted backup with the wrong password... Phil Wardt
11:21 AM Regression #12897 (Resolved): Attempting to decrypt an encrypted backup with the wrong password makes the GUI timeout: Following the changes in #12556 attempting to decrypt an encrypted backup with the wrong password makes the GUI timeo... Jim Pingle
02:19 PM Bug #12900: Clicking Save & Force Update on a Dynamic DNS entry results in a GUI timeout: It's not just CloudFlare, I'm seeing this on Namecheap as well. Jim Pingle
02:12 PM Bug #12900 (Duplicate): Clicking Save & Force Update on a Dynamic DNS entry results in a GUI timeout: When creating a new Cloudflare Dynamic DNS entry or saving and forcing an update nginx will timeout with 504. The upd... Max Leighton
02:19 PM Todo #12556: Comply with current iteration standards when encrypting and decrypting configuration files: Jim Pingle wrote in #note-18:
> Seems to OK here as well for backup/restore in the regular GUI page and ACB. A negat... Phil Wardt
11:22 AM Todo #12556 (Resolved): Comply with current iteration standards when encrypting and decrypting configuration files: Jim Pingle
11:14 AM Todo #12556: Comply with current iteration standards when encrypting and decrypting configuration files: Seems to OK here as well for backup/restore in the regular GUI page and ACB. A negative side effect seems to be that ... Jim Pingle
09:36 AM Todo #12556: Comply with current iteration standards when encrypting and decrypting configuration files: Jim Pingle wrote in #note-15:
> Changes merged. See commit:dd9b24e95cf90bb5d1c61a693aea3b98b746d539 . Will be in sna... Phil Wardt
01:46 PM Revision 5c5a7bc8: DHCPD HTTPClient option for static mappings. Fixes #12896: Viktor Gurov
01:29 PM Revision ed58094b: Merge pull request #4551 from luckman212/dpinger_dont_add_static_routes: Jim Pingle
01:28 PM Revision be33dc43: Merge pull request #4553 from luckman212/dashboard-hw-crypto-patch-1: Jim Pingle
01:25 PM Bug #12895: pfSense single interface upload speed bug: Just had more tests, tried the same setup with opnsense, which is also freebsd based is also facing the same issue. H... pf bug
08:03 AM Bug #12895: pfSense single interface upload speed bug: Thanks. If you are confirming this is working for everyone then it is good to know, this is because I was doing this ... pf bug
07:51 AM Bug #12895: pfSense single interface upload speed bug: It's not happening to anyone else but you. It's working fine for thousands of other people. If it's not a configurati... Jim Pingle
07:46 AM Bug #12895: pfSense single interface upload speed bug: I can't confirm if this is configuration problem but I don't think it is, this is because I have tried to mess around... pf bug
07:21 AM Bug #12895 (Rejected): pfSense single interface upload speed bug: Sounds like you have a configuration problem (like needing a lower MTU on WAN).
This site is not for support or di... Jim Pingle
01:22 PM pfSense Packages Bug #12899 (Resolved): Suricata doesn't honor Pass List: It sometimes blocks the hosts defined in the selected Pass List. No matter whether you used IP subnet or Alias under ... Danilo Zrenjanin
01:19 PM pfSense Packages Bug #12898 (Resolved): Update HAProxy Backend to Latest LTS: The version of HAProxy in stable is very old and due to be unsupported at the end of the year. We should really move... Kris Phillips
12:20 PM pfSense Packages Todo #12865: RRD Summary improvements: cherry-picked to 22.01/2.6 Viktor Gurov
07:51 AM pfSense Packages Todo #12865 (Feedback): RRD Summary improvements: Merged to 2.7/22.05:
https://github.com/pfsense/FreeBSD-ports/commit/fb702643e590f7545cbbaf5bd4e5060f9ab293cc Viktor Gurov
12:20 PM pfSense Packages Bug #12869: Bind DNS Package AAAA filtering Broken on new ZFS Installs: cherry-picked to 22.01/2.6 Viktor Gurov
08:04 AM pfSense Packages Bug #12869 (Feedback): Bind DNS Package AAAA filtering Broken on new ZFS Installs: Merged to 2.7/22.05:
https://github.com/pfsense/FreeBSD-ports/commit/a6943737bb6b2df2dcc050bd0db5ebf127be2df4 Viktor Gurov
11:08 AM Feature #12842 (Resolved): Retain descriptions when exporting and importing aliases: Tested successfully on... Christopher Cope
10:56 AM Feature #12773 (Closed): Ability to sort AutoConfigBackup entries: That's not possible because by default the list is sorted "naturally" and no arrow would indicate a valid state since... Jim Pingle
10:51 AM Feature #12773: Ability to sort AutoConfigBackup entries: Tested on... Christopher Cope
08:48 AM Bug #12579 (New): Utilize ``dnctl(8)`` to apply limiter changes without a filter reload: PHP changes:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/654 Viktor Gurov
05:01 AM Bug #12579 (Feedback): Utilize ``dnctl(8)`` to apply limiter changes without a filter reload: https://gitlab.netgate.com/pfSense/FreeBSD-src/-/merge_requests/57 has been merged. Kristof Provost
08:27 AM Regression #11316: Unbound crashes with signal 11 when reloading: I hate to bring up a sore point especially in a closed ticket, but this is _still_ happening for me on two up-to-date... Kevin Grelling
07:55 AM Bug #12896 (Feedback): ``HTTPClient`` option does not work for static mappings: Applied in changeset commit:5c5a7bc874be8228aceffae0b2436a2358aea577. Viktor Gurov
07:37 AM Bug #12896 (Pull Request Review): ``HTTPClient`` option does not work for static mappings: Jim Pingle
01:37 AM Bug #12896: ``HTTPClient`` option does not work for static mappings: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/652 Viktor Gurov
01:15 AM Bug #12896 (Resolved): ``HTTPClient`` option does not work for static mappings: The HTTPClient option works fine for interfaces and pools, but not for static mappings. Viktor Gurov
07:30 AM Feature #12687 (Feedback): Option to disable auto-addition of static routes for ``dpinger``: PR merged, thanks! Jim Pingle
07:30 AM Feature #12714 (Feedback): Show ``Inactive`` for Hardware Crypto output instead of empty field on System Information dashboard widget when nothing can be accelerated: PR merged, thanks! Jim Pingle
03:40 AM Revision dd965531: adds option to not auto-create static routes for dpinger (squashed): → luckman212
02:55 AM Revision 5cc9c9ed: minor display change, redmine #12714 (updated & squashed): → luckman212

03/03/2022

11:16 PM pfSense Packages Bug #12706: pfBlockerNG and unbound does not work after switching /var to RAM disk: This bug causes a delay in boot processing when the ramdisk option is enabled. If the option is disabled, no delay i... Loh Phat
10:17 PM Bug #12895: pfSense single interface upload speed bug: One more thing to mention, if I run OpenVPN on my PC and connect with some vpn services provider. The upload speed be... pf bug
10:11 PM Bug #12895 (Rejected): pfSense single interface upload speed bug: Reporting a very straightforward bug and it is easy to reproduce.
Tested on 2.4.X 2.5.X 2.6.0, I believe it is also ... pf bug
09:04 PM Revision 284878d7: DHCPD HTTPClient custom option. Fixes #12892: Viktor Gurov
08:27 PM Revision 225f86af: Modify CP rules to work on 22.01/2.6.0. Fixes #12834: Reid Linnemann
06:38 PM Revision dd9b24e9: Increase OpenSSL iterations. Issue #12556: When encrypting and decrypting content such as config.xml backups,
increase the default number of iterations used by ... Jim Pingle
04:19 PM Regression #12834: Only TCP traffic is passed outbound through IPFW: Excellent! I'm glad to know you are back up and running again. Thank you for the confirmation! Reid Linnemann
04:17 PM Regression #12834: Only TCP traffic is passed outbound through IPFW: Okay thats completely right. After rebooting everything works as expected. Thank you a lot for fixing this!
B P
04:01 PM Regression #12834: Only TCP traffic is passed outbound through IPFW: You will need to reboot so that all of the ipfw rules are reloaded, have you done so? Reid Linnemann
03:56 PM Regression #12834: Only TCP traffic is passed outbound through IPFW: Maybe i miss something, but after applying the patch i have no connectivity (from captive portal enabled interfaces) ... B P
03:18 PM Regression #12834: Only TCP traffic is passed outbound through IPFW: You can install the "System Patches package":https://docs.netgate.com/pfsense/en/latest/development/system-patches.ht... Jim Pingle
02:35 PM Regression #12834 (Feedback): Only TCP traffic is passed outbound through IPFW: Applied in changeset commit:225f86af947822e6bd6f816f6b8fa926c34fe857. Reid Linnemann
04:19 PM Todo #12556: Comply with current iteration standards when encrypting and decrypting configuration files: Jim Pingle wrote in #note-15:
> Changes merged. See commit:dd9b24e95cf90bb5d1c61a693aea3b98b746d539 . Will be in sna... Phil Wardt
12:51 PM Todo #12556 (Feedback): Comply with current iteration standards when encrypting and decrypting configuration files: Changes merged. See commit:dd9b24e95cf90bb5d1c61a693aea3b98b746d539 . Will be in snapshots tomorrow for testing. Jim Pingle
03:10 PM Bug #12892 (Feedback): ``HTTPClient`` option not sent when using UEFI HTTP Boot: Applied in changeset commit:284878d7d0a82503cf34c6a8983eaecb9e742769. Viktor Gurov
02:41 PM Bug #12892 (Pull Request Review): ``HTTPClient`` option not sent when using UEFI HTTP Boot: Jim Pingle
01:27 PM Bug #12892: ``HTTPClient`` option not sent when using UEFI HTTP Boot: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/650 Viktor Gurov
07:49 AM Bug #12892: ``HTTPClient`` option not sent when using UEFI HTTP Boot: Related forum thread: https://forum.netgate.com/post/1029319 Jim Pingle
07:47 AM Bug #12892 (Resolved): ``HTTPClient`` option not sent when using UEFI HTTP Boot: Hey thanks for adding support HTTP Boot from issue 11659. I couldn't make it work w/ my systems and notice from a pac... Ben Breard
02:51 PM Revision 15ae0ea0: Rename Copy to Paste. Implements #8365: Viktor Gurov
02:35 PM pfSense Plus Bug #12894: duplicating freshly created certificates through refreshing: You have to force your browser to resubmit the form when in that state. I'm not sure I'd classify that as a bug since... Jim Pingle
02:30 PM pfSense Plus Bug #12894 (New): duplicating freshly created certificates through refreshing: Version 22.01-Release FreeBSD 12.3-Stable
Bug: After successfully creating a certificate. The certificate gets dup... Van Quach
02:29 PM pfSense Packages Feature #12882: Add the option to specify CURLOPT_INTERFACE in pfBlockerNG IPv4/IPv6 lists: >Thanks for the contribution! Its appreciated!
Sure thing! This solves a big problem for me :-)
Your revisions ... Charles Hamilton
02:03 PM pfSense Packages Feature #12882: Add the option to specify CURLOPT_INTERFACE in pfBlockerNG IPv4/IPv6 lists: Great Thanks.
I have done some limited testing and it seems to be ok.
I made some minor formatting changes in ... BBcan177 .
07:46 AM pfSense Packages Feature #12882: Add the option to specify CURLOPT_INTERFACE in pfBlockerNG IPv4/IPv6 lists: Ok, all done! https://github.com/pfsense/FreeBSD-ports/pull/1146 Charles Hamilton
02:24 PM Revision 60c2ff12: Reboot prompt on RAM disk size change. Fixes #12876: Viktor Gurov
12:25 PM Bug #12893 (Not a Bug): Invalid source address of Unbound: It's not a bug, that traffic is being blocked outbound. Unbound sent a RST+ACK packet after the state from a previous... Jim Pingle
11:56 AM Bug #12893 (Not a Bug): Invalid source address of Unbound: I have noticed some bad traffic leaving with invalid source IP address, which i think it belongs to Unbound traffic.
... Samuel Hanna
09:01 AM pfSense Packages Bug #12891: Trailing space in Acme Account Keys "name" breaks UI functions: Commit: https://github.com/pfsense/FreeBSD-ports/commit/29bab84437fcdde206f205610d341302093fa4f3
Package update is... Jim Pingle
08:47 AM pfSense Packages Bug #12891 (Feedback): Trailing space in Acme Account Keys "name" breaks UI functions: Fix merged. Jim Pingle
08:39 AM pfSense Packages Bug #12891 (Pull Request Review): Trailing space in Acme Account Keys "name" breaks UI functions: This approach is a more comprehensive fix: https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/193
Jim Pingle
08:25 AM pfSense Packages Bug #12891 (In Progress): Trailing space in Acme Account Keys "name" breaks UI functions: Jim Pingle
12:50 AM pfSense Packages Bug #12891: Trailing space in Acme Account Keys "name" breaks UI functions: fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/192 Viktor Gurov
09:00 AM Feature #8365 (Feedback): Button to copy rules from one interface to another: Applied in changeset commit:15ae0ea0c037af7f2667fc004d2696352a2ad97c. Viktor Gurov
08:26 AM Feature #8365 (Pull Request Review): Button to copy rules from one interface to another: Jim Pingle
03:33 AM Feature #8365 (New): Button to copy rules from one interface to another: Danilo Zrenjanin wrote in #note-8:
> Tested on the:
> [...]
>
> I can confirm that the functionality works as ex... Viktor Gurov
08:30 AM Bug #12876 (Feedback): Changing RAM disk size does not prompt to reboot: Applied in changeset commit:60c2ff124e5e547d110a99a14b5c920c0310634a. Viktor Gurov
12:53 AM pfSense Packages Feature #11531 (Feedback): Show netmap compatible cards in IPS Mode note: Merged Viktor Gurov
12:52 AM Feature #9877: QEMU Guest Agent: There is a feature request for the QEMU package:
https://redmine.pfsense.org/issues/12179 Viktor Gurov

03/02/2022

04:56 PM pfSense Packages Bug #12891 (Resolved): Trailing space in Acme Account Keys "name" breaks UI functions: If any ACME account key is entered into the UI with a trailing space in the name, the pfSense UI becomes unable to ha... Karl Fife
04:11 PM Regression #12834: Only TCP traffic is passed outbound through IPFW: ipfw is now active on layer 3 where it was not previously on 2.5.2. As a result, there are now additional passes of t... Reid Linnemann
02:05 PM pfSense Packages Bug #10656 (Closed): Acme letsencrypt doesn't change private key type: Jim Pingle
02:05 PM pfSense Packages Feature #11948 (Closed): ACME: Support specifying non-default port for nsupdate DNS validation method: Jim Pingle
02:03 PM pfSense Packages Feature #11879 (Feedback): Add support for SSL.com ACME server: The latest version of the ACME package now includes the new CAs.
Jim Pingle
02:02 PM pfSense Packages Bug #12623 (Feedback): acme.sh package | DNS-ISPConfig settings: The fix for this is now in the latest ACME package. Please update and test it again to see if it works. Jim Pingle
02:01 PM pfSense Packages Todo #12886 (Closed): Update acme.sh from upstream: No problems I can find so far. I picked it back to 22.01/2.6.0 for wider testing. Can tackle new issues as they come. Jim Pingle
12:11 PM Feature #12890 (Rejected): Remove Alias FQDN Resolution: Jim Pingle
12:09 PM Feature #12890 (Rejected): Remove Alias FQDN Resolution: Allowing DNS resolution in aliases creates an unpredictable firewall.
This feature should be removed. Brendon Baumgartner
11:48 AM Feature #8365: Button to copy rules from one interface to another: Tested on the:... Danilo Zrenjanin
11:08 AM Bug #9296: Alias content is sometimes incomplete when an alias contains both FQDN and IP address entries: As a Sidenote: after updating to 2.6.0 a once working ruleset completely broke. I have now restored the backup and ag... Chris K
09:53 AM Bug #9296: Alias content is sometimes incomplete when an alias contains both FQDN and IP address entries: Can you guys try out below workaround for max threads per process? I have been suffering now for weeks with this issu... Chris K
08:37 AM pfSense Packages Feature #12882: Add the option to specify CURLOPT_INTERFACE in pfBlockerNG IPv4/IPv6 lists: Sure thing! I'll close the other pull request, thanks! Charles Hamilton
07:02 AM Bug #12579: Utilize ``dnctl(8)`` to apply limiter changes without a filter reload: With https://gitlab.netgate.com/pfSense/FreeBSD-src/-/merge_requests/57 (a cherry pick of an upstream main commit) dn... Kristof Provost
06:10 AM pfSense Packages Feature #12889 (New): FRR GUI add set ipv6 next-hop global: i need setup this. but frr webgui cant add
https://team-cymru.com/community-services/bogon-reference/bogon-refer... yon Liu
02:30 AM Bug #12887 (Feedback): GUI does not reject an invalid OpenVPN tap mode configuration with an empty tunnel network "Bridge DHCP" disabled: Applied in changeset commit:16acbb346bb4b92f02ca33120b99e5507fab60fa. Viktor Gurov

03/01/2022

09:50 PM Regression #12884: OpenVPN status display for TAP mode services shows peer-to-peer instead of client list in certain cases: I've been able to reproduce it with a configuration that only uses the GUI options and no custom options, attached.
... Evan Pearce
07:37 AM Regression #12884 (Not a Bug): OpenVPN status display for TAP mode services shows peer-to-peer instead of client list in certain cases: The status logic relies on the settings in the GUI fields to determine how to query the OpenVPN management interface.... Jim Pingle
04:49 AM Regression #12884: OpenVPN status display for TAP mode services shows peer-to-peer instead of client list in certain cases: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/646 Viktor Gurov
12:28 AM Regression #12884 (Resolved): OpenVPN status display for TAP mode services shows peer-to-peer instead of client list in certain cases: Problem: The webConfigurator OpenVPN status shows our TAP-mode "Remote Access (SSL/TLS + User Auth)" VPNs as peer-to-... Evan Pearce
08:56 PM pfSense Packages Feature #12882: Add the option to specify CURLOPT_INTERFACE in pfBlockerNG IPv4/IPv6 lists: Thanks for the PR!
There isn't much development in "pfBlockerNG" as everything is taking place in "pfBlockerNG-devel... BBcan177 .
06:31 PM Revision 16acbb34: OpenVPN TAP mode tunnel network / bridge interface check. Fixes #12887: Viktor Gurov
04:19 PM pfSense Packages Todo #12886 (Feedback): Update acme.sh from upstream: Merged to devel and plus-devel for testing in snapshots. If it's OK there, can pick back to 22.01/2.6.0 Jim Pingle
09:58 AM pfSense Packages Todo #12886 (Closed): Update acme.sh from upstream: It's been a while since the last upstream sync of acme.sh code and bringing in new providers. Need to sync up the for... Jim Pingle
03:13 PM Bug #12888 (New): pfSense sends un-NATed packets during OpenVPN startup: pfSense sometimes fails to NAT the LAN source address for packets sent to the WAN while an OpenVPN tunnel is initiali... b b
03:03 PM Bug #12887 (Pull Request Review): GUI does not reject an invalid OpenVPN tap mode configuration with an empty tunnel network "Bridge DHCP" disabled: Jim Pingle
12:33 PM Bug #12887: GUI does not reject an invalid OpenVPN tap mode configuration with an empty tunnel network "Bridge DHCP" disabled: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/647 Viktor Gurov
10:42 AM Bug #12887 (Resolved): GUI does not reject an invalid OpenVPN tap mode configuration with an empty tunnel network "Bridge DHCP" disabled: If both "tunnel network" and "Bridge DHCP" options are disabled, an error occurs:... Viktor Gurov
12:45 PM pfSense Packages Bug #12742 (Feedback): freeRADIUS virtual-server-default: modules dailycounter, monthlycounter, noresetcounter, expire_on_login in authorize section prevent virtual server from loading: Thank You!
Merged:
https://github.com/pfsense/FreeBSD-ports/commit/4497706f404be238cdfc41dacc00678ab329e575
http... Viktor Gurov
07:20 AM pfSense Packages Bug #12742: freeRADIUS virtual-server-default: modules dailycounter, monthlycounter, noresetcounter, expire_on_login in authorize section prevent virtual server from loading: For future reference:
https://github.com/FreeRADIUS/freeradius-server/blob/master/doc/antora/modules/raddb/pages/m... Jim Pingle
07:42 AM pfSense Docs Todo #12885 (Closed): Feedback on pfSense® software Configuration Recipes — Virtualizing with Proxmox® VE: That method involves making changes that I wouldn't recommend making to a firewall, especially not in official docume... Jim Pingle
04:56 AM pfSense Docs Todo #12885 (Closed): Feedback on pfSense® software Configuration Recipes — Virtualizing with Proxmox® VE: *Page:* https://docs.netgate.com/pfsense/en/latest/recipes/virtualize-proxmox-ve.html
*Feedback:*
Greetings!
The... Lucky Green
07:39 AM Feature #9877: QEMU Guest Agent: This feature request was only for the binary -- making a pfSense package wrapper for it would be a separate feature r... Jim Pingle
05:54 AM Feature #9877: QEMU Guest Agent: Jim Pingle wrote in #note-9:
> Excluding from release notes since it's only being built and there is no package for ... Lucky Green
07:24 AM Feature #12879 (Pull Request Review): Toggle button to disable/enable multiple entries on NAT pages: Jim Pingle
01:53 AM Feature #12879: Toggle button to disable/enable multiple entries on NAT pages: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/645 Viktor Gurov
05:39 AM Feature #4632: Support for Multipath TCP (MPTCP): I just increased the bounty for adding *OpenMPTCProuter -like Functionality* in pfSense to *$2,000* . Any takers?
ht... Lucky Green
02:42 AM pfSense Packages Bug #12844 (Feedback): Invalid title link in the apcupsd package dashboard widget: Merged:
https://github.com/pfsense/FreeBSD-ports/commit/086e17ae29cf61d1c09e88167ae73df7877fcae4 Viktor Gurov
02:05 AM Bug #12829: Dummynet kernel module fails to load after upgrade.: Hello everybody,
I can confirm that there are problems with PfSense 2.6.0 release.
I use more than 20 PfSense (some... Luca De Andreis

02/28/2022

07:54 PM pfSense Docs New Content #12883 (Resolved): Add note to DNS Resolver/Forwarder Host Overrides docs about client DNS bypassing the firewall (e.g. DoH): *Page:* https://docs.netgate.com/pfsense/en/latest/services/dns/resolver-host-overrides.html
*Feedback:*
I have... Walt Stoneburner
05:46 PM Revision 7692bda6: syslog: Update filters now that the rule format has changed: We no longer have '@1(0)' but '@1' at the start of rules. This used to
be where we kept the trackerid, but that's now... Kristof Provost
02:23 PM Todo #12556: Comply with current iteration standards when encrypting and decrypting configuration files: I used the SG-1000 as a worst case as it's the slowest CPU I had on hand that might still be in general use. For that... Jim Pingle
01:41 PM Todo #12556: Comply with current iteration standards when encrypting and decrypting configuration files: Jim Pingle wrote in #note-11:
> Based on the information in the link I posted previously, I tested iteration values o... Phil Wardt
01:20 PM Todo #12556 (Pull Request Review): Comply with current iteration standards when encrypting and decrypting configuration files: MR: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/644
Jim Pingle
01:14 PM Todo #12556: Comply with current iteration standards when encrypting and decrypting configuration files: Based on the information in the link I posted previously, I tested iteration values of 310000 and 500000. At 310000 i... Jim Pingle
10:58 AM Todo #12556 (In Progress): Comply with current iteration standards when encrypting and decrypting configuration files: Jim Pingle
01:53 PM pfSense Packages Feature #12882 (Resolved): Add the option to specify CURLOPT_INTERFACE in pfBlockerNG IPv4/IPv6 lists: Sometimes it is desirable to tell cURL to use a specific interface when downloading IPv4/IPv6 pass/block lists. For e... Charles Hamilton
01:31 PM Todo #12881 (Resolved): Update ``dpinger`` to 3.2: Done on both CE and Plus Renato Botelho
01:30 PM Todo #12881 (Resolved): Update ``dpinger`` to 3.2: Denny Page asked us to update dpinger to 3.2. This version adds some logging of the signal number on exit and would ... Renato Botelho
10:30 AM Bug #12536 (Feedback): Setting a default gateway of "None" does not remove the default gateway from the routing table: Applied in changeset commit:aa159178950af447aeb463a5159f4d7ed467eb18. Viktor Gurov
07:13 AM Bug #12536 (Pull Request Review): Setting a default gateway of "None" does not remove the default gateway from the routing table: Jim Pingle
03:58 AM Bug #12536 (New): Setting a default gateway of "None" does not remove the default gateway from the routing table: Alhusein Zawi wrote in #note-7:
> making default GW as "NONE" removes the default GW routing table.
>
> But Mark ... Viktor Gurov
10:18 AM pfSense Docs Todo #12880 (Closed): Update remote backup wget/curl examples to include new form fields: Added and deployed. Jim Pingle
08:41 AM pfSense Docs Todo #12880 (Closed): Update remote backup wget/curl examples to include new form fields: There have been recent additions to so the backup/restore page that are not mentioned on https://docs.netgate.com/pfs... Jim Pingle
09:56 AM Revision aa159178: Remove default gateway if Mark Gateway is set. Fixes #12536: Viktor Gurov
07:38 AM Bug #11778: OpenVPN uses 100% CPU after experiencing packet loss: Troy Emmerson wrote in #note-8:
> OpenVPN is historically notorious for high CPU usage to the extent that it can clo... Gavin Owen
07:34 AM Feature #12879 (Resolved): Toggle button to disable/enable multiple entries on NAT pages: This is a request for a toggle button for the NAT rules (Port Forwards, 1:1, Outbound NAT, Npt) that functions the sa... Matthew Drury
07:15 AM Bug #12876 (Pull Request Review): Changing RAM disk size does not prompt to reboot: Jim Pingle
04:30 AM Bug #12876: Changing RAM disk size does not prompt to reboot: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/643 Viktor Gurov
06:03 AM Feature #4881: Allow NPt to use dynamic IPv6 networks: Hi,
If you want to play with this further, I changed a the wide-dhcpv6 client a bit: https://github.com/csobankesmar... Csoban Kesmarki
03:10 AM Bug #12878 (Incomplete): Traffic shaping by interface, route queue bandwidth inbound, out by a large factor.: Since upgrading to pfSense Plus 22.01 from the latest community edition, my by interface priority queue bandwidth has... Blake Drayson
02:47 AM Bug #12633: Gateway monitoring should mark gateway as "offline" on PPPoE parent interface disconnect: Alhusein Zawi wrote in #note-8:
> GW is waiting for a packet loss threshold, it does not go to offline immediately.
... Viktor Gurov

02/27/2022

10:47 PM pfSense Packages Bug #11530: ntopng 4.2 needs to be updated to 4.3, Bug when accessing a host for details: I can reproduce this in VMs for both 2.5.2 and 2.6. I don't think the new 5.0 package for ntopng solved this and I th... Sish Kitane
07:41 PM Regression #12816: Namecheap Dynamic DNS responses are not parsed properly: Fixed for me thank you Sish Kitane
02:22 PM Bug #12877 (Closed): Cloudflare DynDNS fails to update more than two addresses: This issue may be related to [[https://redmine.pfsense.org/issues/12870]]
This issue also occurs on 2.6.0.
pfSens... Bob Carpenter
11:20 AM Bug #12857: Firewall gateway goes away when making changes to Bridge0 device: After re-saving bridge configuration, default gateway is removed from routing table:... Marcos M
01:50 AM Revision 662693da: Attempt to clear the ZFS label off the end of the disk before expanding: This prevents hangs when importing the pool due to garbage on the end of
the disk Brad Davis

02/26/2022

01:43 PM Feature #8365: Button to copy rules from one interface to another: copy option is shown up.
it will be better if "copy" is changed to be "Paste or apply" in pop up window (attache... Alhusein Zawi
01:04 PM Bug #12633: Gateway monitoring should mark gateway as "offline" on PPPoE parent interface disconnect: GW is waiting for a packet loss threshold, it does not go to offline immediately.
tested by disabling PPPoE serv... Alhusein Zawi
12:27 PM Bug #12536: Setting a default gateway of "None" does not remove the default gateway from the routing table: making default GW as "NONE" removes the default GW routing table.
But Mark Gateway as Down does not remove the... Alhusein Zawi
10:57 AM Bug #12876 (Resolved): Changing RAM disk size does not prompt to reboot: On 2.6 and 22.01 if one changes either RAM Disk Size setting, and saves, the page says "The changes have been applied... Steve Y

02/25/2022

09:28 PM Bug #12259: Intel em NICs Suffering Performance Degradation on FreeBSD12: This can safely be closed since TCP Offload should never be enabled on a Netgate appliance.
However, we should t... Kris Phillips
09:24 PM Regression #12821: Intel e1000 driver (``em``, ``igb``) cannot pass packets tagged with VLAN ``0``: I can confirm the iflib driver issue as well. I may spin up a FreeBSD 12.3 install to compile the newer driver as we... Kris Phillips
07:13 PM Revision f53fe980: Use http_build_query() for Google Domains DDNS post data. Fixes #12754: Viktor Gurov
04:42 PM Regression #12827: High latency and packet loss during a filter reload: I don't even fully understand why there's hashing going on instead of comparing directly, that doesn't really make an... Flole Systems
10:05 AM Regression #12827: High latency and packet loss during a filter reload: I had a look at the issue with a profiler. While the loop you are mentioning is a problem to some extent, the real is... Mateusz Guzik
04:03 PM Bug #12875 (Resolved): Import zabbix-agent6 and zabbix-proxy6 from FreeBSD Ports: Zabbix 5.4 is being deprecated and Zabbix 6 has been released. We should pull these over from FreeBSD ports.
ht... Kris Phillips
03:55 PM Feature #12855 (Resolved): GUI option to select the user password hashing algorithm: This is working well. I've also added it as a recommended patch option in the new system patches package, so people o... Jim Pingle
03:43 PM Bug #12872: Firewall log tracker ID always returns "4294967295" regardless of rule triggered.: The pkg upgrade and restart resolved the issue.
Thank you Julian Kahumana
03:07 PM Bug #12872: Firewall log tracker ID always returns "4294967295" regardless of rule triggered.: Thank you Julian Kahumana
02:58 PM Bug #12872 (Not a Bug): Firewall log tracker ID always returns "4294967295" regardless of rule triggered.: From that pkg output I'm fairly certain your system was interrupted mid-upgrade and is not running a consistent state... Jim Pingle
02:54 PM Bug #12872: Firewall log tracker ID always returns "4294967295" regardless of rule triggered.: Sorry, I'm not familiar with the process. I was pointed here by BBcan177. I can move this all to the negate forum.
T... Julian Kahumana
02:21 PM Bug #12872 (Incomplete): Firewall log tracker ID always returns "4294967295" regardless of rule triggered.: We still need more information here since we have not yet been able to reproduce this behavior. I've checked over 20 ... Jim Pingle
02:02 PM Bug #12872 (Not a Bug): Firewall log tracker ID always returns "4294967295" regardless of rule triggered.: The issue only showed up after upgrading from 2.5 to to 2.6.
The following is an example from the firewall log. Lo... Julian Kahumana
03:24 PM Revision 2e3018c5: Rules copy feature. Implements #8365: Viktor Gurov
02:24 PM Feature #12874 (New): OpenVPN RADIUS Framed-Pool: Allow group mappings within OpenVPN via RADIUS server. Each OpenVPN user group would have a unique subnet associated ... Ryan Whitlock
02:10 PM Regression #12873 (Resolved): Hyper-V RSC support in ``hn(4)`` driver is enabled by default and results in very low throughput: RSC support was added to FreeBSD in 12.3 and is included in pfSense 22.01/2.6.
When run in Hyper-V it can create v... Steve Wheeler
12:59 PM pfSense Packages Bug #12802 (Resolved): OpenVPN client imported using Client Import works until first time editing and saving settings (SHA1 replaced with SHA256): Tested on the:... Danilo Zrenjanin
12:10 PM Bug #12871 (Resolved): Some action buttons are always active for firewall rules, even if no rules are selected: "Delete", "Toggle" (#2505), and "Copy rule" (#8365) buttons at the bottom of the rules page are always active.
All o... Viktor Gurov
10:49 AM pfSense Packages Feature #12246 (Closed): Load a file into patch textarea: Works well, closing. Jim Pingle
09:52 AM Bug #12868: Output from ``pfctl -vvsr`` does not include ``ridentifier`` value in the expected location: https://gitlab.netgate.com/pfSense/FreeBSD-src/-/merge_requests/55
https://gitlab.netgate.com/pfSense/pfSense/-/merg... Kristof Provost
09:47 AM Bug #12868: Output from ``pfctl -vvsr`` does not include ``ridentifier`` value in the expected location: That is unlikely to be related to this. The code that parses the rules for the GUI already catches the proper rtracke... Jim Pingle
09:44 AM Bug #12868: Output from ``pfctl -vvsr`` does not include ``ridentifier`` value in the expected location: There are some users who are experiencing issues with pfSense recording the Tracker ID as "4294967295" which accordin... BBcan177 .
07:16 AM Bug #12868: Output from ``pfctl -vvsr`` does not include ``ridentifier`` value in the expected location: If it's just a leftover remnant then I agree we should remove it. The ridentifier is already visible on the line and ... Jim Pingle
04:00 AM Bug #12868: Output from ``pfctl -vvsr`` does not include ``ridentifier`` value in the expected location: What depends on this?
It's trivial to fix this, but it deviates from upstream. In upstream the rule output always ... Kristof Provost
09:35 AM Feature #8365 (Feedback): Button to copy rules from one interface to another: Applied in changeset commit:2e3018c565c71b8ef44205e4f07080713a564af3. Viktor Gurov
08:58 AM Feature #2505: Toggle button to disable/enable multiple firewall rules: Matthew Drury wrote in #note-10:
> Could this feature also be added to the NAT config pages? (Port Forwards and Outb... Viktor Gurov
08:39 AM Feature #2505: Toggle button to disable/enable multiple firewall rules: Could this feature also be added to the NAT config pages? (Port Forwards and Outbound NAT) Matthew Drury
07:43 AM pfSense Packages Bug #12869 (Pull Request Review): Bind DNS Package AAAA filtering Broken on new ZFS Installs: Jim Pingle
05:52 AM pfSense Packages Bug #12869: Bind DNS Package AAAA filtering Broken on new ZFS Installs: https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/188 Viktor Gurov
04:41 AM Bug #12870: Clicking Save & Force Update on a Dynamic DNS entry results in a GUI timeout: But when you disconnect the converter or renew the public IP, the IP was not updated to clodflare. It just only updat... Hong Duong Pham
04:36 AM Bug #12870: Clicking Save & Force Update on a Dynamic DNS entry results in a GUI timeout: Here are related logs:... Danilo Zrenjanin
04:18 AM Bug #12870 (New): Clicking Save & Force Update on a Dynamic DNS entry results in a GUI timeout: Danilo Zrenjanin
04:17 AM Bug #12870: Clicking Save & Force Update on a Dynamic DNS entry results in a GUI timeout: Tested on the:... Danilo Zrenjanin
03:07 AM Bug #12870 (Rejected): Clicking Save & Force Update on a Dynamic DNS entry results in a GUI timeout: This site is not for support or diagnostic discussion.
For assistance in solving problems, please post on the "Net... Viktor Gurov
01:48 AM Bug #12870 (Resolved): Clicking Save & Force Update on a Dynamic DNS entry results in a GUI timeout: The dynamic DNS on Pfsense was not automatically update the IP Address from the network to Cloudflare or any service ... Hong Duong Pham
03:06 AM Bug #12803 (Resolved): Error loading ruleset due to illegal TOS value: Replicated the issue on the:... Danilo Zrenjanin

02/24/2022

08:03 PM Revision 6739d001: Bridge interface input validation fix. Issue #12866: Viktor Gurov
03:05 PM Regression #12866 (Feedback): Disabled Captive Portal configuration prevents adding an interface to a bridge: Merged:
https://github.com/pfsense/pfsense/commit/6739d0014695a1fdba77d8c36b6a89ba7252b021 Viktor Gurov
07:37 AM Regression #12866 (Pull Request Review): Disabled Captive Portal configuration prevents adding an interface to a bridge: Jim Pingle
03:33 AM Regression #12866: Disabled Captive Portal configuration prevents adding an interface to a bridge: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/638 Viktor Gurov
03:26 AM Regression #12866 (Resolved): Disabled Captive Portal configuration prevents adding an interface to a bridge: How to reproduce:
1) Create a Captive Portal on the OPT1 interface
2) Disable Captive Portal
3) Try to create a br... Viktor Gurov
01:04 PM Revision c2bb9552: Do not remove net.link.ifqmaxlen from /boot/loader.conf.local. Fixes #12862: Viktor Gurov
12:38 PM Todo #12556 (New): Comply with current iteration standards when encrypting and decrypting configuration files: Jim Pingle
12:33 PM Bug #12621 (Closed): Fix rare case where /getstats.php might be called without valid post data.: Jim Pingle
10:58 AM pfSense Packages Bug #12869: Bind DNS Package AAAA filtering Broken on new ZFS Installs: Thread that discusses this is here
https://forum.netgate.com/topic/169742/bind-dns-package-aaaa-filtering-problem
JohnPoz _
10:06 AM pfSense Packages Bug #12869 (Resolved): Bind DNS Package AAAA filtering Broken on new ZFS Installs: Reference this older bug for some background (#10413)
This breaks again in newer installs with zfs file systems du... Dean Weimer
10:35 AM Bug #12800: Suboptimal Password Hashing: In #12863, I propose a (surprisingly simple) solution that dramatically increases the strength of the sha512crypt has... Royce Williams
10:30 AM Feature #12863: dynamically tune sha512crypt rounds: Jim Pingle wrote in #note-2:
> Dynamic tuning sounds like more trouble than it's worth, IMO. We'd have to test and ca... Royce Williams
09:27 AM Feature #12863: dynamically tune sha512crypt rounds: Dynamic tuning sounds like more trouble than it's worth, IMO. We'd have to test and cache the value or test each time... Jim Pingle
12:37 AM Feature #12863: dynamically tune sha512crypt rounds: > and to match the sha512crypt
*match the salts in the various sha512crypt @mkpasswd@ implementations. Royce Williams
12:16 AM Feature #12863 (New): dynamically tune sha512crypt rounds: As touched on in #12800 and #12855, sha512crypt's default number of rounds (5000) can be cracked relatively quickly b... Royce Williams
09:15 AM Bug #12868 (Resolved): Output from ``pfctl -vvsr`` does not include ``ridentifier`` value in the expected location: On 22.01/2.6.0 when looking at the ruleset with @pfctl -vvsr@ the tracker/ridentifier ID should be in parenthesis af... Jim Pingle
08:52 AM Bug #12867 (Not a Bug): In some cases, incorrect subnet settings prevent static routes from being set correctly after a system restart.: The primary use case for L2TP is for L3 connectivity to an ISP, not as an L2TP VPN. For those using it as an ISP auth... Jim Pingle
08:42 AM Bug #12867: In some cases, incorrect subnet settings prevent static routes from being set correctly after a system restart.: Jim Pingle wrote in #note-4:
> I tried to recreate the problem and could not. My subnet mask was always applied corr... RUI YUAN
08:09 AM Bug #12867: In some cases, incorrect subnet settings prevent static routes from being set correctly after a system restart.: I tried to recreate the problem and could not. My subnet mask was always applied correctly. There must be something e... Jim Pingle
07:55 AM Bug #12867: In some cases, incorrect subnet settings prevent static routes from being set correctly after a system restart.: Jim Pingle wrote in #note-1:
> There isn't enough information here. You haven't clearly defined the actual problem o... RUI YUAN
07:53 AM Bug #12867: In some cases, incorrect subnet settings prevent static routes from being set correctly after a system restart.: Jim Pingle wrote in #note-1:
> There isn't enough information here. You haven't clearly defined the actual problem o... RUI YUAN
07:32 AM Bug #12867 (Incomplete): In some cases, incorrect subnet settings prevent static routes from being set correctly after a system restart.: There isn't enough information here. You haven't clearly defined the actual problem or the steps to reproduce it, onl... Jim Pingle
07:28 AM Bug #12867 (Not a Bug): In some cases, incorrect subnet settings prevent static routes from being set correctly after a system restart.: After a simple analysis, it seems that the problem is in the following code range. I suspect it is pfSense_interface_... RUI YUAN
08:10 AM Regression #12862 (Feedback): Some ``sysctl`` OIDs in ``loader.conf.local`` are silently removed: Applied in changeset commit:c2bb95522780cbeffd1bca97c44c673ec7f973f1. Viktor Gurov
07:51 AM Regression #12862: Some ``sysctl`` OIDs in ``loader.conf.local`` are silently removed: > 2. In the case of kern.ipc.nmbclusters the default is too high for low end platforms such as uFW / SG-1100.
> (eg.... Jim Pingle
07:09 AM Regression #12862: Some ``sysctl`` OIDs in ``loader.conf.local`` are silently removed: David Burns wrote:
> 1. Removal of the oid net.link.ifqmaxlen (and resetting it to 128) is particularly problematic ... Viktor Gurov
08:06 AM Bug #12864: Interface mismatch after upgrade to 2.6.0, possibly due to old VLANs: Still, I'd expect if I set up new interface assignments at bootup, and then reboot the router, for pfSense to reboot ... Jernej Simončič
07:22 AM Bug #12864 (Not a Bug): Interface mismatch after upgrade to 2.6.0, possibly due to old VLANs: It's not a bug, it's intended behavior, see #12170
You had leftover configuration in your VLANs that referenced t... Jim Pingle
12:21 AM Bug #12864 (Not a Bug): Interface mismatch after upgrade to 2.6.0, possibly due to old VLANs: I migrated my pfSense config from a different computer around version 2.4.5. The old one had bge and em NICs, and I h... Jernej Simončič
07:34 AM pfSense Packages Todo #12865 (Pull Request Review): RRD Summary improvements: Jim Pingle
03:14 AM pfSense Packages Todo #12865: RRD Summary improvements: https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/187 Viktor Gurov
03:01 AM pfSense Packages Todo #12865 (Resolved): RRD Summary improvements: 1) Wrong period, mirror date displayed:... Viktor Gurov
07:18 AM pfSense Packages Feature #12860: add mmc-utils package to all images: We already build @mmc-utils@ for Plus and it can be installed manually from the CLI. Trying to build a GUI around it ... Jim Pingle
06:51 AM Revision 52bdee22: fix issues with updating firewall rules: Trevor Kerr
06:46 AM Regression #12827: High latency and packet loss during a filter reload: Flole Systems wrote in #note-8:
> To add to this: Removing the "set keepcounters" option from /etc/inc/filter.inc see... Michael Novotny
04:08 AM Bug #12857: Firewall gateway goes away when making changes to Bridge0 device: Can't reproduce this on pfSense CE 2.7.0 (2.7.0.a.20220224.0600)
Not tested on 22.01/2.6, but it may be related to h... Viktor Gurov

02/23/2022

07:19 PM Feature #4881: Allow NPt to use dynamic IPv6 networks: And maybe another problem: it seems to me that the states from the firewall are not recognized for NPT-conntections:
... L J
06:35 PM Feature #4881: Allow NPt to use dynamic IPv6 networks: Hi Viktor,
awesome, thank you for this patch. I've trired this on our test system:
From my understanding it is ... L J
06:20 PM Bug #12747: Restarting the logging daemon during rotation also restarts ``sshguard``, leading to frequent log messages: I am seeing this as well. In my case it seems to be every 2 minutes-- quite a lot of log noise! On pfSense 2.6.0.
... Todd Marimon
06:17 PM Regression #12862 (Resolved): Some ``sysctl`` OIDs in ``loader.conf.local`` are silently removed: It is common for advanced pfSense users to make use of FreeBSD /boot/loader.conf.local.
Since release of pfSense C... David Burns
06:08 PM Revision e92dded8: Correct Namecheap username handling. Fixes #12761: Jim Pingle
05:35 PM pfSense Packages Feature #12860: add mmc-utils package to all images: This would be helpful/useful now that ZFS is the new default, and/or for folks who don't realize some packages are "r... Steve Y
04:44 PM pfSense Packages Feature #12860 (New): add mmc-utils package to all images: Both Netgate & 3rd party hardware integrators are increasingly using eMMC components.
SATA (& historically SCSI) d... David Burns
05:31 PM pfSense Docs Correction #12861 (Resolved): pfSense hardware tuning guide references obsolete interface loader variable & buffer limits: Some quick feedback on the online doc @https://docs.netgate.com/pfsense/en/latest/hardware/tune.html@
1. There is... David Burns
04:50 PM Revision 8ddf2b5a: Add option for pw hash algo. Implements #12855: Jim Pingle
04:25 PM Revision 46127218: Namecheap DDNS response parse change. Fixes #12816: If the first attempt to parse the response fails, try again without the
XML declaration. The server may not be sendin... Jim Pingle
04:00 PM Regression #11316: Unbound crashes with signal 11 when reloading: @jimp, this is still an open issue. BBcan177 .
03:13 PM Regression #12827: High latency and packet loss during a filter reload: To add to this: Removing the "set keepcounters" option from /etc/inc/filter.inc seems to fix it. So if someone doesn'... Flole Systems
12:05 PM Regression #12827: High latency and packet loss during a filter reload: The current approach of the code mentioned by Kristof is bad in so many ways: There is a lock and within that lock th... Flole Systems
01:39 AM Regression #12827: High latency and packet loss during a filter reload: I can confirm that any rules roload introduces high latency. Even the shutdown of the sync interface (that as far as ... Fabio Giudici
12:15 PM Bug #12761 (Feedback): Input validation prevents configuring wildcard Dynamic DNS records on Google Domains: Applied in changeset commit:e92dded8cbe2e1eb8037b4156255bd603d82958e. Jim Pingle
12:09 PM Bug #12761: Input validation prevents configuring wildcard Dynamic DNS records on Google Domains: Looks like it was only the Namecheap username that was the problem. The definition in the new code was wrong. I pushe... Jim Pingle
10:30 AM Bug #12761 (New): Input validation prevents configuring wildcard Dynamic DNS records on Google Domains: Something in that commit has broken Namecheap DDNS and likely others. For Namecheap it fails to load the password pro... Jim Pingle
11:51 AM pfSense Packages Feature #12658: Adding prometheus metrics to darkstat: I see that the package made it to FreeBSD version 13:
https://freebsd.pkgs.org/13/freebsd-amd64/darkstat-3.0.721.p... Karim Elatov
11:04 AM Feature #12855: GUI option to select the user password hashing algorithm: This has been merged and will be in snapshots soon.
For those who would like to try it out, even on 22.01/2.6.0, i... Jim Pingle
11:00 AM Feature #12855 (Feedback): GUI option to select the user password hashing algorithm: Applied in changeset commit:8ddf2b5a999772754080825f07acf9b6326f1f04. Jim Pingle
10:35 AM Regression #12816 (Feedback): Namecheap Dynamic DNS responses are not parsed properly: Applied in changeset commit:4612721800a1b25bb1fb2d4d7c4ceea6f44f208e. Jim Pingle
10:27 AM Regression #12816: Namecheap Dynamic DNS responses are not parsed properly: The MR should be good enough for now, I've tested it on a few more Namecheap DDNS entries on multiple systems and it ... Jim Pingle
07:11 AM pfSense Packages Feature #12859 (Resolved): Add Zabbix 6.0 LTS (agent and proxy) packages: New LTS release from zabbix. Please add this new version.
https://www.zabbix.com/rn/rn6.0.0
Zabbix 3.0 is out of ... Pim Janssen
07:08 AM Bug #12858 (Duplicate): OpenVPN bug, close connection error: Duplicate of #12817 Jim Pingle
04:02 AM Bug #12858 (Duplicate): OpenVPN bug, close connection error: Dear, If I try to force and close an OpenVPN Client connection an error will be displayed. This happend in the Dashbo... Marco B
03:45 AM Bug #12831: Typo in in /etc/inc/interfaces.inc line 1107: A few remarks:
- I think this issue could have been detected relatively easy quality check, so a nightly build with ... Louis B

02/22/2022

09:13 PM Bug #12857 (New): Firewall gateway goes away when making changes to Bridge0 device: *PFSense* Plus Version: 22.01-RELEASE
*HW:* Netgate 6100
*BIOS:* CORDOBA-02.01.00.05t
*Summary:* When running PF... Bear Sloan
07:55 PM Bug #12840: Upgrade of openvpn-client-export package after 2.6.0 upgrade failed: I have removed the `openvpn` group, and proceeded to reinstall this package. That succeeded.
I'm continuing to tro... Todd Marimon
11:57 AM Bug #12840: Upgrade of openvpn-client-export package after 2.6.0 upgrade failed: Jim Pingle wrote in #note-1:
> Something must have interrupted your upgrade process. The actual upgrade did not full... Todd Marimon
07:45 AM Bug #12840 (Rejected): Upgrade of openvpn-client-export package after 2.6.0 upgrade failed: Something must have interrupted your upgrade process. The actual upgrade did not fully complete or your system couldn... Jim Pingle
03:34 PM Feature #12855 (Pull Request Review): GUI option to select the user password hashing algorithm: Internal MR for initial testing/review: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/636 Jim Pingle
02:05 PM Feature #12855: GUI option to select the user password hashing algorithm: Jim Pingle wrote:
> Though we could offer a higher number of rounds with SHA512, the number of rounds must be identi... Royce Williams
01:09 PM Feature #12855 (Resolved): GUI option to select the user password hashing algorithm: Different scenarios may call for different types of password hashing so it makes sense to give users the choice rathe... Jim Pingle
02:43 PM Todo #12854: Issue with virtual ips and Sync: The reason we are not using the default pfsense HA design is because you cannot use CARP virtual ip on AWS: https://f... Gerald Jimenez
10:44 AM Todo #12854: Issue with virtual ips and Sync: Gerald Jimenez wrote in #note-2:
> We are not using the virtual ips for HA, for HA we use external solution to redir... Jim Pingle
10:25 AM Todo #12854: Issue with virtual ips and Sync: Jim Pingle wrote in #note-1:
> That is not a valid or supported use case of XMLRPC sync. XMLRPC config sync is inten... Gerald Jimenez
10:11 AM Todo #12854 (Rejected): Issue with virtual ips and Sync: That is not a valid or supported use case of XMLRPC sync. XMLRPC config sync is intended for HA, and that isn't valid... Jim Pingle
09:33 AM Todo #12854 (Rejected): Issue with virtual ips and Sync: I have configured 2 pfsense instances with configuration sync between them. In the primary pfsense instance I added a... Gerald Jimenez
02:22 PM Revision 90f21a78: Fix dynamic IPv6 gateway address resolution. Issue #12847: Viktor Gurov
02:21 PM Revision 53831176: Alias Export description support. Issue #12842: Viktor Gurov
02:16 PM Feature #12856 (Duplicate): New Feature Request: Duplicate of #4591 Jim Pingle
01:19 PM Feature #12856 (Duplicate): New Feature Request: A pfsense technical support person named Ryan recommended I make a feature request on this forum. I am coming from a... Lee Barnes
02:05 PM Bug #12800: Suboptimal Password Hashing: As the original reporter, I'd like to echo Royce's words above and thank you for incorporating this into a feature re... Sam K
02:00 PM Bug #12800: Suboptimal Password Hashing: Really like the discussion here! Thank you @royce for all of your analysis which was very informative. I think giving... → luckman212
01:52 PM Bug #12800: Suboptimal Password Hashing: Sounds like a solid way forward - much appreciated!
I do want to point out that whether or not something is dire, vs... Royce Williams
01:13 PM Bug #12800 (Closed): Suboptimal Password Hashing: Moving this over to a feature request to give the user a choice between bcrypt and SHA-512: #12855
Also changing ... Jim Pingle
12:52 PM Feature #8365 (Pull Request Review): Button to copy rules from one interface to another: Jim Pingle
11:46 AM Feature #8365: Button to copy rules from one interface to another: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/635 Viktor Gurov
10:12 AM Feature #12842 (Feedback): Retain descriptions when exporting and importing aliases: Merged:
https://github.com/pfsense/pfsense/commit/538311766974863760762d7e22b8a3e9a8c53cfa Viktor Gurov
07:50 AM Feature #12842 (Pull Request Review): Retain descriptions when exporting and importing aliases: Jim Pingle
10:12 AM Bug #12829: Dummynet kernel module fails to load after upgrade.: Then your problem is different from the one on this issue. Post on the forum to discuss and diagnose your problem. Jim Pingle
10:11 AM Bug #12829: Dummynet kernel module fails to load after upgrade.: cat /var/log/system.log | grep -i dummy --> empty out Evgeny Korostelev
10:08 AM Bug #12829: Dummynet kernel module fails to load after upgrade.: Jim Pingle wrote in #note-9:
> Do you see the same error in the logs from note 1 above about the dummynet module not... Evgeny Korostelev
10:04 AM Bug #12829: Dummynet kernel module fails to load after upgrade.: Evgeny Korostelev wrote in #note-7:
> I have fresh install 2.6.0 and problem with limiter exists.
>
> The problem ap... Jim Pingle
08:50 AM Bug #12829: Dummynet kernel module fails to load after upgrade.: The problem is not relevant on all pfsense 2.6.0 installations
Some random.
how can i help to find the reason ?
No... Evgeny Korostelev
08:45 AM Bug #12829: Dummynet kernel module fails to load after upgrade.: I have fresh install 2.6.0 and problem with limiter exists.
The problem appeared after the upgrade from 2.5.2 -> 2... Evgeny Korostelev
08:34 AM Bug #12829: Dummynet kernel module fails to load after upgrade.: Lewis Smith wrote in #note-5:
> Thank you for getting back to me. A duplicate issue was posted here: https://redmine... Jim Pingle
08:29 AM Bug #12829: Dummynet kernel module fails to load after upgrade.: Jim Pingle wrote in #note-4:
> I can't reproduce this here on a fresh install or upgrade. Limiters are passing traff... Lewis Smith
07:30 AM Bug #12829 (Feedback): Dummynet kernel module fails to load after upgrade.: I can't reproduce this here on a fresh install or upgrade. Limiters are passing traffic as expected and there are no ... Jim Pingle
10:12 AM Bug #12847 (Feedback): On startup "No routing address with matching address" might appear: Merged:
https://github.com/pfsense/pfsense/commit/90f21a78c81778ccd9150ec0d6789efa19b66702 Viktor Gurov
07:51 AM Bug #12847 (Pull Request Review): On startup "No routing address with matching address" might appear: Jim Pingle
07:48 AM Bug #12847: On startup "No routing address with matching address" might appear: I am also seeing on reloading of the rules @all pool addresses must be in the same address family@, probably related/... Flole Systems
01:12 AM Bug #12847 (Confirmed): On startup "No routing address with matching address" might appear: incorrect dynamic resolution of IPv6 gateway address if IPv6 address is not obtained:... Viktor Gurov
10:07 AM Bug #12835: segfault after certificate issue, trying to update from 21.05.2-RELEASE to 22.01 on Netgate SG-1100: It's a hardware issue, not a bug. And there is already a workaround in 22.01 for it. Jim Pingle
09:52 AM Bug #12835: segfault after certificate issue, trying to update from 21.05.2-RELEASE to 22.01 on Netgate SG-1100: Jim, how is a segfault "not a bug"? Such crashes are sometimes even exploitable. Sean McBride
08:00 AM Bug #12835 (Not a Bug): segfault after certificate issue, trying to update from 21.05.2-RELEASE to 22.01 on Netgate SG-1100: Jim Pingle
02:15 AM Bug #12835: segfault after certificate issue, trying to update from 21.05.2-RELEASE to 22.01 on Netgate SG-1100: Actually, I rebooted with filesystem check and that resolved it and allowed the update to complete. Shaun Currier
01:42 AM Bug #12835: segfault after certificate issue, trying to update from 21.05.2-RELEASE to 22.01 on Netgate SG-1100: Also happening to me on Netgate SG-1100. Error message has the same line numbers and appears identical from a quick ... Shaun Currier
10:06 AM Bug #12833: GUI Service Log Filling Up with Cruft: That is a raw web server log, it's not meant to only show notable events, but every access of the web server. That's ... Jim Pingle
08:52 AM Bug #12833: GUI Service Log Filling Up with Cruft: OK. I'm certainly not an expert and it doesn't seem to be causing problems. But, from my point of view, I guess I'd... David Lessnau
07:54 AM Bug #12833 (Not a Bug): GUI Service Log Filling Up with Cruft: It's doing exactly what it's should be doing and logging every request. It's a security concern. If you have no idea ... Jim Pingle
01:34 AM Bug #12833: GUI Service Log Filling Up with Cruft: we can also use the nginx log filtering feature:... Viktor Gurov
08:47 AM Bug #12851: IPSEC Phase 2 - Different Size of Local Network and NAT Translation Network: Jim Pingle wrote in #note-1:
> The GUI may have allowed you to select it, but it wouldn't have been working properly... Michele D'Alessio
08:18 AM Bug #12851 (Not a Bug): IPSEC Phase 2 - Different Size of Local Network and NAT Translation Network: The GUI may have allowed you to select it, but it wouldn't have been working properly. The subnet sizes must be ident... Jim Pingle
07:49 AM Bug #12851 (Not a Bug): IPSEC Phase 2 - Different Size of Local Network and NAT Translation Network: Inside the section:
VPN / IPsec / Tunnels / Edit Phase 2
If I try to change the local network address, the follo... Michele D'Alessio
08:40 AM Bug #12853: Network Address Translation - Pure NAT pfsense freeze after reboot: Jim Pingle wrote in #note-2:
> That option alone does not cause a problem, there may be something in your ruleset co... Antonio Pesce
08:34 AM Bug #12853: Network Address Translation - Pure NAT pfsense freeze after reboot: Jim Pingle wrote in #note-2:
> That option alone does not cause a problem, there may be something in your ruleset co... Michele D'Alessio
08:25 AM Bug #12853 (Feedback): Network Address Translation - Pure NAT pfsense freeze after reboot: That option alone does not cause a problem, there may be something in your ruleset contributing but as stated there i... Jim Pingle
08:19 AM Bug #12853: Network Address Translation - Pure NAT pfsense freeze after reboot: Michele D'Alessio wrote:
> In the menu "System / Advanced / Firewall & NAT" (as shown in the image attached), if I a... Antonio Pesce
08:11 AM Bug #12853 (Closed): Network Address Translation - Pure NAT pfsense freeze after reboot: In the menu "System / Advanced / Firewall & NAT" (as shown in the image attached), if I apply the following changes t... Michele D'Alessio
08:39 AM pfSense Docs Correction #11998 (Closed): Feedback on Hardware — Hardware Tuning and Troubleshooting: Merged Jim Pingle
08:37 AM Feature #12392 (Feedback): Allow the selection of "any" interface in floating rules: Merged:
https://redmine.pfsense.org/projects/pfsense/repository/1/revisions/8a350814ea5748a5eba445e3a40b278164c3816d... Viktor Gurov
07:48 AM Feature #12392 (Pull Request Review): Allow the selection of "any" interface in floating rules: Jim Pingle
08:27 AM Bug #12850: Console error during boot: ``route: route has not been found``: Jim Pingle wrote in #note-1:
> I've seen this as well, though it appears to be harmless as there are no ill effects ... Michele D'Alessio
08:20 AM Bug #12850: Console error during boot: ``route: route has not been found``: Michele D'Alessio wrote:
> Similar to bug #8497,
>
> during boot, the console logs numerous identical errors:
> ... Antonio Pesce
08:16 AM Bug #12850: Console error during boot: ``route: route has not been found``: I've seen this as well, though it appears to be harmless as there are no ill effects I've noticed. Jim Pingle
07:33 AM Bug #12850 (New): Console error during boot: ``route: route has not been found``: Similar to bug #8497,
during boot, the console logs numerous identical errors:
route: route has not been found
... Michele D'Alessio
08:04 AM Bug #12852 (Rejected): Gateway which is forced as inactive does still trigger filter reloads: I have a flapping gateway at the moment so I have forced it as offline using the checkbox in the gateway options. I a... Flole Systems
07:50 AM Bug #12843 (Not a Bug): Port Forward Source Network Does Accept Alias: Jim Pingle
07:46 AM pfSense Packages Bug #12844 (Pull Request Review): Invalid title link in the apcupsd package dashboard widget: Jim Pingle
07:44 AM Todo #12838 (Rejected): Frontend updates and cleanup: I don't see this getting accepted as is. It is difficult to verify that the content of the files is unmodified compar... Jim Pingle
07:38 AM Bug #12837 (Rejected): ipv6 block Rule is set even after disabling: I can't reproduce this. If the "Allow IPv6" box is checked, the rule in question is not present in the ruleset and is... Jim Pingle
07:35 AM Bug #12836 (Rejected): pfSense ipv6 Only Update not possible: The package servers already have IPv6 addresses and connectivity. There may be a problem with the IPv6 path between y... Jim Pingle
07:27 AM Regression #12827: High latency and packet loss during a filter reload: FYI. This latency also occurs when any rules, traffic shaper, etc. (anything that reloads the rules) are applied/modi... Michael Novotny
06:46 AM Bug #12849 (New): pfsync kernel crash on reboot: pfSense Plus 22.01, Netgate 5100 appliance:... Viktor Gurov
02:01 AM Feature #12848 (New): Evaluation of the DynDNS "Result Match" string: Hi,
first of all - thanks for the great work.
In the DynDNS client you can use "Result Match" to check the succes... Stefan Heck

02/21/2022

11:42 PM Bug #12846 (Duplicate): Illegal tos value for certain diffserv values: Duplicate of #12803 Viktor Gurov
07:42 PM Bug #12846: Illegal tos value for certain diffserv values: Reverting it does not fix the issue, probably the patch for pf is missing. Flole Systems
07:40 PM Bug #12846 (Duplicate): Illegal tos value for certain diffserv values: After upgrading to 2.6.0 I am getting for one of my rules:
@illegal tos value 24 - The line in question reads [704... Flole Systems
09:53 PM pfSense Docs Correction #11998 (Waiting on Merge): Feedback on Hardware — Hardware Tuning and Troubleshooting: Marcos M
09:52 PM pfSense Docs Correction #11998: Feedback on Hardware — Hardware Tuning and Troubleshooting: https://gitlab.netgate.com/docs/pfSense-docs/-/merge_requests/32
Queue count is set automatically according to vCP... Marcos M
08:24 PM Feature #12392: Allow the selection of "any" interface in floating rules: I hit that php error once on 22.05, but I can't seem to reproduce it now to test the patch.
Edit: I was able to repr... Marcos M
12:58 AM Feature #12392 (New): Allow the selection of "any" interface in floating rules: PHP error after editing rules on a non-floating page:... Viktor Gurov
08:22 PM Bug #12847 (Resolved): On startup "No routing address with matching address" might appear: I have a Gateway group named Main_V6 for IPv6 and after a reboot I am seeing
@no routing address with matching add... Flole Systems
01:21 PM Bug #12678 (Resolved): Applying firewall rule changes does not clear dirty flag for aliases subsystem: Tested and working correctly on... Christopher Cope
10:40 AM pfSense Packages Bug #12845: softflowd wrong vlan tag: similar to #9486 Viktor Gurov
10:13 AM pfSense Packages Bug #12845 (New): softflowd wrong vlan tag: When I try to send information about the vlan through IPFIX or Netflow v9, the vlan tag is incorrectly entered in the... Semyon Poklad
10:33 AM Bug #12833: GUI Service Log Filling Up with Cruft: Currently, pfSense syslog uses the "-c -c" option to disable the compression of repeated instances of the same line ... Viktor Gurov
10:27 AM Bug #12843: Port Forward Source Network Does Accept Alias: You are correct. I can now get it to work. I'm not sure what happened yesterday to prevent it. It may have been that ... Steve Matos
01:12 AM Bug #12843 (Feedback): Port Forward Source Network Does Accept Alias: Unable to reproduce - I can successfully use aliases as a source network address by selecting "Single host or alias"
... Viktor Gurov
10:15 AM Bug #12747: Restarting the logging daemon during rotation also restarts ``sshguard``, leading to frequent log messages: it seems to be related to #12833 Viktor Gurov
10:13 AM Feature #12839 (Rejected): fail2ban: The fail2ban functionality is already implemented in Login Protection (sshguard):
https://docs.netgate.com/pfsense/e... Viktor Gurov
09:30 AM Bug #12831 (Resolved): Typo in in /etc/inc/interfaces.inc line 1107: fixed Viktor Gurov
07:23 AM Bug #12828: pfSense keeps crashing (Fatal trap 12: page fault while in kernel mode): Apparently I can sometimes use the 5GHz when I change the config from 2.4 Ghz to 5Ghz however as soon as I reboot and... hugo s
06:57 AM Revision 8a350814: Fix PHP error on firewall_rules_edit.php. Issue #12392: Viktor Gurov
03:37 AM Regression #12827: High latency and packet loss during a filter reload: I strongly suspect https://github.com/pfsense/FreeBSD-src/commit/a5a03901798c76f1f7c77535a2282a60f54b0ec2 is the main... Kristof Provost
03:03 AM pfSense Packages Bug #12623: acme.sh package | DNS-ISPConfig settings: Still an issue after updating to Acme 0.6.10_1 Morten Trab
01:37 AM Feature #12842: Retain descriptions when exporting and importing aliases: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/633 Viktor Gurov
12:11 AM pfSense Packages Bug #12844: Invalid title link in the apcupsd package dashboard widget: fix:
https://github.com/pfsense/FreeBSD-ports/pull/1110 Viktor Gurov
12:11 AM pfSense Packages Bug #12844 (Resolved): Invalid title link in the apcupsd package dashboard widget: clicking on the widget title results in an error:
https://192.168.1.1/apcupsd.widget.php - 404 not found
Viktor Gurov

02/20/2022

06:16 PM Regression #11545: Primary interface address is not always used when VIPs are present: I also have not seen this post install of 22.01. Denny Page
03:49 PM Bug #12843 (Not a Bug): Port Forward Source Network Does Accept Alias: When creating a new NAT Port Forward (or editing an existing one) and configuring a Source network, the interface wil... Steve Matos
03:45 PM Feature #12842 (Resolved): Retain descriptions when exporting and importing aliases: When using the "Export to File" button when editing an alias under Firewall -> Aliases, only the networks/hosts that ... Steve Matos
11:21 AM Bug #12840 (Rejected): Upgrade of openvpn-client-export package after 2.6.0 upgrade failed: I just upgraded from pfsense 2.5.2 to 2.6.0. Several packages did not auto upgrade (I don't know if they should have)... Todd Marimon
10:47 AM Feature #12839 (Rejected): fail2ban: Ability to protect GUI (192.168.1.1) with fail2ban package Evgeny Litvinov
04:57 AM Todo #12838 (Rejected): Frontend updates and cleanup: Currently, there are a lots of non-minified files (/js/vendor folder), reducing front-end performance. I've minified ... GChuf 6
02:16 AM Bug #12837 (Rejected): ipv6 block Rule is set even after disabling: Good Day,
When disabling ipv6 block rule under System - Advanced - Networking even ipv6 is not possible (without p... Peter Lustig
02:12 AM Bug #12836 (Rejected): pfSense ipv6 Only Update not possible: Good Day,
on pfSense 2.5.2 and also 2.6.0 it seems impossible to get updates by ipv6 connection only. Update and G... Peter Lustig

02/19/2022

09:59 PM Bug #12835: segfault after certificate issue, trying to update from 21.05.2-RELEASE to 22.01 on Netgate SG-1100: Thanks for your reply, I'll give that a try.
But I don't think I can agree with "this isn't a bug with software". ... Sean McBride
09:47 PM Bug #12835: segfault after certificate issue, trying to update from 21.05.2-RELEASE to 22.01 on Netgate SG-1100: This isn't a bug with software, but is an issue with the chip that handles authentication to the repo. If you go to ... Kris Phillips
07:21 PM Bug #12835 (Not a Bug): segfault after certificate issue, trying to update from 21.05.2-RELEASE to 22.01 on Netgate SG-1100: On my Netgate SG-1100 I used the GUI to update from 21.05.2-RELEASE to 22.01. It failed, ending with the following:
... Sean McBride
09:41 PM Regression #11545: Primary interface address is not always used when VIPs are present: I haven't seen this occur at all in 22.01/2.6. Kris Phillips
08:21 PM Regression #12834: Only TCP traffic is passed outbound through IPFW: This doesn't actually appear to be a NAT issue, the NAT pf states are all created as expected.
Rather it appears t... Steve Wheeler
03:56 PM Regression #12834 (Resolved): Only TCP traffic is passed outbound through IPFW: As already described in forum the outbound nat is not working for udp packets since upgrading to 2.6.
https://fo... B P
06:34 PM Bug #12829: Dummynet kernel module fails to load after upgrade.: Have had to downgrade for now as the internet connection can become quite unusable without the queues. Happy to set u... Lewis Smith
07:45 AM Bug #12829: Dummynet kernel module fails to load after upgrade.: I have tried only applying a limiter in the upload direction, as that was a proposed workaround for the 2.5.0 issue, ... Lewis Smith
05:17 PM Bug #12831: Typo in in /etc/inc/interfaces.inc line 1107: Lewis Smith wrote in #note-1:
> Just to confirm, this only appeared after creating a LAGG interface?
I see it's alre... Jason Foley
09:25 AM Bug #12831 (Feedback): Typo in in /etc/inc/interfaces.inc line 1107: Applied in changeset commit:cc920eb3b3ebd37c0a905264518e5cbf836ff55e. Jim Pingle
07:47 AM Bug #12831: Typo in in /etc/inc/interfaces.inc line 1107: Just to confirm, this only appeared after creating a LAGG interface? Lewis Smith
03:24 AM Bug #12831 (Resolved): Typo in in /etc/inc/interfaces.inc line 1107: This typo caused a crash on boot. (attached)
mwexec("/sbin/ifconfig " escapeshellarg($laggif) . " laggproto " . es... Jason Foley
04:54 PM Feature #12392: Allow the selection of "any" interface in floating rules: Any selection is present when creating a floating rule in 22.05.a.20220219.0600, wasn't fully sure how to validate th... Jordan G
03:17 PM Revision cc920eb3: Fix php syntax. Fixes #12831: Jim Pingle
01:37 PM Bug #12833: GUI Service Log Filling Up with Cruft: Sorry. Filling up with nginx messages. Here's a link to the forum thread:
https://forum.netgate.com/topic/170081... David Lessnau
01:31 PM Bug #12833 (Not a Bug): GUI Service Log Filling Up with Cruft: Starting with 2.6.0 (but I've updated to 22.1 and it's still happening), the GUI Service log at:
Status > System L... David Lessnau
12:07 PM Bug #12800: Suboptimal Password Hashing: If this change is for potential compliance purposes, such as FIPS, a good compromise might be:
* Expose a UI eleme... Royce Williams
11:56 AM pfSense Plus Feature #12832 (New): 6100 configurable Blinking Blue LED: The blinking blue like for "normal operation status" feels like an "everything is ok ALARM!!!!"
I'd like to see an... shawn butts
11:25 AM Bug #9296: Alias content is sometimes incomplete when an alias contains both FQDN and IP address entries: !clipboard-202202191221-tmdxs.png!
Should this really be a low priority?
Seems like improper alias tables could p... → luckman212
08:02 AM Bug #9296: Alias content is sometimes incomplete when an alias contains both FQDN and IP address entries: I thought this would have been fixed with 2.6. I had to reenable the cron workaround. Oh well. D D
09:28 AM Bug #12830 (Duplicate): Traffic Shaper (Limiters) broken: Duplicate of #12829 Jim Pingle
07:49 AM Bug #12830: Traffic Shaper (Limiters) broken: My hardware configuration is 4 nic
vendor = 'Intel Corporation'
device = 'I211 Gigabit Network Connection'
Evgeny Korostelev
04:55 AM Bug #12830: Traffic Shaper (Limiters) broken: Evgeny Korostelev wrote:
> pfSense CE 2.6.0 Stable
> If the Firewall rule is used Traffic Shaper (Limiters), then t... Mikael 86
04:33 AM Bug #12830: Traffic Shaper (Limiters) broken: Evgeny Korostelev wrote in #note-1:
> After update from CE 2.5.2 to 2.6.0 -> stop working traffic limiters
Duplic... Lewis Smith
03:27 AM Bug #12830: Traffic Shaper (Limiters) broken: After update from CE 2.5.2 to 2.6.0 -> stop working traffic limiters Evgeny Korostelev
01:15 AM Bug #12830 (Closed): Traffic Shaper (Limiters) broken: pfSense CE 2.6.0 Stable
If the Firewall rule is used Traffic Shaper (Limiters), then the traffic stops going. Evgeny Korostelev
04:42 AM Feature #12819: GUI option to configure layers for LACP hash: I am getting a syntax error in interfaces.inc at 1107 on boot up that drops pfsense to login prompt.
Are we missin... Ronald Schellberg

02/18/2022

09:26 PM Bug #12723 (Resolved): Disallow remote gateway of ``0.0.0.0`` for VTI mode: it is not allowed to add 0.0.0.0 as remote GW if there is a VTI as P2 and it is not allowed to add VTI if the ... Alhusein Zawi
08:31 PM Revision 47eecb16: LAGG hashing option. Implements #12819: Viktor Gurov
08:12 PM Bug #12829: Dummynet kernel module fails to load after upgrade.: I get the following errors in the System Logs:
@Feb 19 01:58:37 php 420 rc.bootup: The command '/sbin/kldload d... Lewis Smith
07:52 PM Bug #12829 (Closed): Dummynet kernel module fails to load after upgrade.: pfSense 2.6.0 - Fresh upgrade.
When creating a limiter and assigning it in a floating rule, all traffic stops from... Lewis Smith
04:58 PM Bug #12828 (New): pfSense keeps crashing (Fatal trap 12: page fault while in kernel mode): Description
pfSense 2.6.0 keeps rebooting and crashing after I created more than one wireless interface in 5ghz.
... hugo s
04:27 PM Revision 1ab21051: Revert "Add telegraf back to the build on armv7": Go builds, but telegraf fails with:
/usr/local/go/pkg/tool/freebsd_arm/link: mapping output file failed:
cannot allo... Brad Davis
04:01 PM Revision 27ad5aba: Dynamic NPT support. Implements #4881: Viktor Gurov
03:13 PM Regression #12827: High latency and packet loss during a filter reload: I have replicated this with a generated ruleset between 21.05.2 and 22.01:... Steve Wheeler
02:35 PM Regression #12827 (Resolved): High latency and packet loss during a filter reload: Every 15 minutes I am seeing 2 seconds latency that disrupts VPN, VoIP between sites, video conferencing, etc.
I h... Michael Novotny
02:40 PM Feature #12819 (Feedback): GUI option to configure layers for LACP hash: Applied in changeset commit:47eecb1666078d8183543c13a2bf9c2e77838838. Viktor Gurov
07:57 AM Feature #12819 (Pull Request Review): GUI option to configure layers for LACP hash: Jim Pingle
04:04 AM Feature #12819: GUI option to configure layers for LACP hash: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/630 Viktor Gurov
02:38 PM Bug #12826 (Not a Bug): After update to 2.6.0 OpenVPN status don't show TUN server info in Remote Access mode: Your GUI options and custom options combined are putting OpenVPN into a mode the status doesn't expect and has no way... Jim Pingle
02:13 PM Bug #12826 (Not a Bug): After update to 2.6.0 OpenVPN status don't show TUN server info in Remote Access mode: After update to 2.6.0 OpenVPN status don't show TUN server info in Remote Access mode
Looks like this issue https://... alexey kalachev
02:18 PM Bug #12811: Services are not restarted when PPP interfaces connect: Sadly, after applying those patches, the problem still persists.
Is there any way I could help you to narrow it down? Oskar Stroka
03:36 AM Bug #12811: Services are not restarted when PPP interfaces connect: Oskar Stroka wrote in #note-6:
> Thanks a lot guys :)
> Is there an easy way for me to implement this change?
Y... Viktor Gurov
01:29 AM Bug #12811: Services are not restarted when PPP interfaces connect: Thanks a lot guys :)
Is there an easy way for me to implement this change? Oskar Stroka
12:23 PM Bug #12825 (Duplicate): PHP Fatal error when attempting to kill an established OVPN connection via the dashboard widget: Duplicate of #12817 Jim Pingle
11:13 AM Bug #12825: PHP Fatal error when attempting to kill an established OVPN connection via the dashboard widget: Issue occurred using 22.01 on a 5100. Nick Goehring
11:12 AM Bug #12825 (Duplicate): PHP Fatal error when attempting to kill an established OVPN connection via the dashboard widget: Had an issue this evening when trying to manually kill an OVPN connection via the widget on the dashboard. Widget dis... Nick Goehring
12:13 PM Bug #12781 (Resolved): DNS Resolver help text for **System Domain Local Zone Type** option refers users to ``unbound.conf(5)`` man page instead of pfSense docs: Tested on:... Danilo Zrenjanin
10:47 AM pfSense Packages Bug #12822: IPv4 Source ASN format not working: Thanks for the report.
I think the issue is prefixing the input selection with with "AS" or "as".
The ASN list... BBcan177 .
04:09 AM pfSense Packages Bug #12822 (Confirmed): IPv4 Source ASN format not working: On the new pfSense release 2.6 / 22.01 pfBlockerNG devel (3.1.0_1), the web page hangs when defining ASN with the cho... Danilo Zrenjanin
10:25 AM pfSense Packages Bug #12815 (Resolved): invalid IPv6 ACCEPTFILTER prefix-list: Viktor Gurov
10:18 AM pfSense Packages Bug #12815: invalid IPv6 ACCEPTFILTER prefix-list: Will do when/if i need it, for now I consider the issue resolved =) beermount beermount
10:12 AM pfSense Packages Bug #12815: invalid IPv6 ACCEPTFILTER prefix-list: beermount beermount wrote in #note-9:
> This patch works for me, mainly because it removes the ipv6 protocol lines. ... Viktor Gurov
10:02 AM pfSense Packages Bug #12815: invalid IPv6 ACCEPTFILTER prefix-list: This patch works for me, mainly because it removes the ipv6 protocol lines. The commit does seem to cover if Accept F... beermount beermount
08:27 AM pfSense Packages Bug #12815 (Feedback): invalid IPv6 ACCEPTFILTER prefix-list: Merged:
https://github.com/pfsense/FreeBSD-ports/commit/57918af9a19a9bec4ea8ca080f46c16517eeda7a Viktor Gurov
07:48 AM pfSense Packages Bug #12815 (Pull Request Review): invalid IPv6 ACCEPTFILTER prefix-list: Jim Pingle
10:25 AM Feature #4881 (Feedback): Allow NPt to use dynamic IPv6 networks: Applied in changeset commit:27ad5abafc9040f1745cb7862a11d0f86277385c. Viktor Gurov
10:08 AM pfSense Packages Bug #12820 (Resolved): Global Route Handling should use ipv6 route: Viktor Gurov
09:55 AM pfSense Packages Bug #12820: Global Route Handling should use ipv6 route: Verified frr now produces the expected configuration. beermount beermount
08:27 AM pfSense Packages Bug #12820 (Feedback): Global Route Handling should use ipv6 route: Merged:
https://github.com/pfsense/FreeBSD-ports/commit/1bc9946a6ceb2430bf28d141fd98f20dd46a979a Viktor Gurov
07:49 AM pfSense Packages Bug #12820 (Pull Request Review): Global Route Handling should use ipv6 route: Jim Pingle
06:29 AM Bug #12824 (Rejected): Firewall Alias not working as intended - Stack Trace (2.6.0): Unable to reproduce on pfSense Plus 22.01 and pfSense CE 2.6.0
Please try to reimage the appliance from scratch
... Viktor Gurov
06:19 AM Bug #12824 (Rejected): Firewall Alias not working as intended - Stack Trace (2.6.0): *pfsense version:*
Recent inplace upgrade to 2.6.0-RELEASE
*Architecture:*
Only tested against amd64
*Issue*
... Mark Fenwick
05:39 AM Bug #12823 (New): Multiple DHCP6 WAN connections PPPoE interface 'defached' status: from https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/336:
If Wan is PPPoE and is not default gateway, ... Viktor Gurov
04:39 AM Bug #12810 (Resolved): Sanitize SHA-512 user password hashes in ``status.php`` output: Tested:... Danilo Zrenjanin

02/17/2022

11:58 PM pfSense Packages Bug #12820: Global Route Handling should use ipv6 route: fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/185 Viktor Gurov
01:25 PM pfSense Packages Bug #12820 (Resolved): Global Route Handling should use ipv6 route: When adding static routes in Global Settings -> Route Handling. IPv6 routes are added with "ip route" I believe this ... beermount beermount
11:43 PM pfSense Packages Bug #12815: invalid IPv6 ACCEPTFILTER prefix-list: beermount beermount wrote in #note-5:
> Viktor Gurov wrote in #note-4:
> > Merged:
> > https://github.com/pfsense/... Viktor Gurov
02:01 PM pfSense Packages Bug #12815: invalid IPv6 ACCEPTFILTER prefix-list: Viktor Gurov wrote in #note-4:
> Merged:
> https://github.com/pfsense/FreeBSD-ports/commit/a787a92965fb73f4d9625182... beermount beermount
10:00 AM pfSense Packages Bug #12815 (Feedback): invalid IPv6 ACCEPTFILTER prefix-list: Merged:
https://github.com/pfsense/FreeBSD-ports/commit/a787a92965fb73f4d9625182238f79cd960b06c2 Viktor Gurov
07:56 AM pfSense Packages Bug #12815 (Pull Request Review): invalid IPv6 ACCEPTFILTER prefix-list: Jim Pingle
07:04 AM pfSense Packages Bug #12815: invalid IPv6 ACCEPTFILTER prefix-list: fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/182 Viktor Gurov
06:41 AM pfSense Packages Bug #12815 (Resolved): invalid IPv6 ACCEPTFILTER prefix-list: frr code does not create correct IPv6 prefix-list for IPv6 ACCEPTFILTER entries and does not have explicit 'permit an... Viktor Gurov
05:45 PM Revision af8d80fa: Add telegraf back to the build on armv7: Now that we are running the builds on newer FreeBSD this should work Brad Davis
05:16 PM Regression #12817: PHP error when terminating OpenVPN sessions via the dashboard widget: Retested again and applied the patch successfully and it fixed the issue, thank you! Yuri Weinstein
03:20 PM Regression #12817: PHP error when terminating OpenVPN sessions via the dashboard widget: Ref: https://github.com/pfsense/pfsense/commit/3ade222beb2cae2c0681ed69d4e5a0c82c6303f9.patch Yuri Weinstein
03:19 PM Regression #12817: PHP error when terminating OpenVPN sessions via the dashboard widget: @Viktor
Thx a million!
But I could not apply it:
Patch Test Output apply:... Yuri Weinstein
12:00 PM Regression #12817: PHP error when terminating OpenVPN sessions via the dashboard widget: Yuri Weinstein wrote in #note-4:
> Viktor Gurov wrote in #note-3:
> > fix:
> > https://gitlab.netgate.com/pfSense/... Viktor Gurov
11:20 AM Regression #12817 (Feedback): PHP error when terminating OpenVPN sessions via the dashboard widget: Applied in changeset commit:3ade222beb2cae2c0681ed69d4e5a0c82c6303f9. Viktor Gurov
10:57 AM Regression #12817 (Pull Request Review): PHP error when terminating OpenVPN sessions via the dashboard widget: Jim Pingle
10:01 AM Regression #12817: PHP error when terminating OpenVPN sessions via the dashboard widget: Viktor Gurov wrote in #note-3:
> fix:
> https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/628
Thx for the ... Yuri Weinstein
09:50 AM Regression #12817: PHP error when terminating OpenVPN sessions via the dashboard widget: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/628 Viktor Gurov
09:21 AM Regression #12817 (Resolved): PHP error when terminating OpenVPN sessions via the dashboard widget: If a user clicks on x next to the session on the OpenVPN dashboard widget as here
!clipboard-202202170719-kvzt7.pn... Yuri Weinstein
05:14 PM Revision 3ade222b: Update OpenVPN widget to support client halt function. Fixes #12817: Viktor Gurov
04:55 PM Revision dd3d48af: Multiple DHCP6 WAN connections. Fixes #6880: Viktor Gurov
04:41 PM Revision 4ebb9c8d: Recover SSH Keys option in the installer. Implements #12809: Viktor Gurov
04:41 PM Revision c467ca2f: Restart services on PPP client connect. Fixes #12811: Viktor Gurov
04:40 PM Revision 961f240c: Use random_bytes() to generate salt for SHA512 password hashing. Fixes #12801: Viktor Gurov
04:39 PM Revision c7dd3673: Sanitize SHA512 hashed passwords from status_output. Fixes #12810: Viktor Gurov
04:38 PM Revision 2a9ee4d2: Merge pull request #4555 from zacwest/dnsimple-v6: Viktor Gurov
04:37 PM Revision f2ae911a: Merge pull request #4554 from lmcquade/master: Viktor Gurov
04:37 PM Revision 35731eb2: Merge pull request #4549 from hpeters/master: Viktor Gurov
04:35 PM Regression #12821: Intel e1000 driver (``em``, ``igb``) cannot pass packets tagged with VLAN ``0``: Steve Wheeler wrote in #note-3:
> It looks likely that bug would cause this since it requires VLAN 0. That's fixed h... Hayden Hill
04:31 PM Regression #12821: Intel e1000 driver (``em``, ``igb``) cannot pass packets tagged with VLAN ``0``: It looks likely that bug would cause this since it requires VLAN 0. That's fixed here but isn't yet in the dev branch... Steve Wheeler
03:22 PM Regression #12821: Intel e1000 driver (``em``, ``igb``) cannot pass packets tagged with VLAN ``0``: User @lnxsrt over on GitHub may have found the related FreeBSD Bug. https://bugs.freebsd.org/bugzilla/show_bug.cgi?id... Hayden Hill
02:16 PM Regression #12821: Intel e1000 driver (``em``, ``igb``) cannot pass packets tagged with VLAN ``0``: Also, some related discussion towards the end of this post https://forum.netgate.com/topic/99190/att-uverse-rg-bypass... Hayden Hill
02:11 PM Regression #12821 (Resolved): Intel e1000 driver (``em``, ``igb``) cannot pass packets tagged with VLAN ``0``: Hello!
There are a few of us that have noticed a possible issue with the igb driver in the latest pfSense releases... Hayden Hill
03:45 PM Bug #12771: Automatic filter reload with OpenVPN client gateway uplink happens too soon or not at all: Thanks! Seems like it's all working properly with the patches applied. Jon8RFC .
03:20 PM Todo #12624 (Resolved): Reorganize UPnP options: Jim Pingle
03:10 PM Todo #12624: Reorganize UPnP options: Tested on... Christopher Cope
02:41 PM Bug #12710 (Resolved): Disabling DHCP Server RRD statistics does not work: Tested and working successfully on ... Christopher Cope
02:24 PM Bug #8882: Interface assignments lost on reboot: Jaime Geiger wrote:
> I'm running pfsense in AWS and I'm trying to route out of xn1 (second interface) instead of xn0... Aaron Gilbert
11:15 AM Bug #6880 (Feedback): Multiple DHCP6 WAN connections leads to multiple dhcp6c clients: Applied in changeset commit:dd3d48af87c892a070210f0064e589157868e7c2. Viktor Gurov
11:05 AM Bug #12003 (Feedback): Pie and ``fq_pie`` are missing options and do not handle floating point number input correctly: Merged:
https://github.com/pfsense/pfsense/commit/35731eb2415ba160e5c41be816aaae227e8fb370
Thank You! Viktor Gurov
11:04 AM Feature #12744 (Feedback): IPv6 support for DNSimple Dynamic DNS: Merged:
https://github.com/pfsense/pfsense/commit/2a9ee4d2b5cc472df867ed96f88a95e84d646e41
Thank You! Viktor Gurov
11:04 AM Bug #12721 (Feedback): IPv6 gateway group using link local addresses incorrectly logs a gateway change because it not including interface scope properly: Merged:
https://github.com/pfsense/pfsense/commit/f2ae911a6b1e986e1b729a38a2b83a03b57efecd
Thank You! Viktor Gurov
10:57 AM Feature #12809: Recover existing SSH keys during installation: also: https://github.com/pfsense/FreeBSD-src/commit/3202a3afac1c5632f9be7898f257801c55f30e9a Viktor Gurov
10:50 AM Feature #12809 (Feedback): Recover existing SSH keys during installation: Applied in changeset commit:4ebb9c8d9f9799cb82593bed675e428accc1c63d. Viktor Gurov
07:49 AM Feature #12809 (Pull Request Review): Recover existing SSH keys during installation: Jim Pingle
10:50 AM Bug #12811 (Feedback): Services are not restarted when PPP interfaces connect: Applied in changeset commit:c467ca2f35c102aae897424a2fda08e9b2ace673. Viktor Gurov
07:52 AM Bug #12811 (Pull Request Review): Services are not restarted when PPP interfaces connect: Jim Pingle
01:27 AM Bug #12811: Services are not restarted when PPP interfaces connect: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/625 Viktor Gurov
01:21 AM Bug #12811: Services are not restarted when PPP interfaces connect: Related to #11570
similar issue with OpenVPN - #12771 Viktor Gurov
10:50 AM Bug #12801 (Feedback): User password hashes pseudo-random number generator may return insecure salt value: Applied in changeset commit:961f240c18f8421b0a28ee192ffa041e754e8f8e. Viktor Gurov
07:54 AM Bug #12801 (Pull Request Review): User password hashes pseudo-random number generator may return insecure salt value: Jim Pingle
04:28 AM Bug #12801: User password hashes pseudo-random number generator may return insecure salt value: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/626 Viktor Gurov
10:45 AM Bug #12810 (Feedback): Sanitize SHA-512 user password hashes in ``status.php`` output: Applied in changeset commit:c7dd367324cf1cdc5fe518482515f0605471c702. Viktor Gurov
10:38 AM Feature #12819 (Resolved): GUI option to configure layers for LACP hash: Currently when creating an LACP LAG interface it gets created with the hashing "lacp lagghash l2,l3,l4" not all switc... Mat Clarke
10:01 AM pfSense Packages Bug #12818 (Resolved): IP block logging not working: On the new pfSense release 2.6 / 22.01 pfBlockerNG isn't logging.
The developer has released a patch below
https:... Christopher Cope
09:17 AM Regression #12816: Namecheap Dynamic DNS responses are not parsed properly: MR for the above change, but only use it if we can't come up with a better solution:
https://gitlab.netgate.com/pf... Jim Pingle
09:14 AM Regression #12816 (Resolved): Namecheap Dynamic DNS responses are not parsed properly: Namecheap dynamic DNS updates are succeeding on the server side but the dynamic DNS code can't interpret the response... Jim Pingle
08:24 AM pfSense Packages Bug #12475: OpenVPN Client Export does not show certificate without private key: This change has caused yet another problem with exporting certificates from server_tls_user mode.
Two things I not... Jonathan Herlin
07:56 AM pfSense Packages Bug #12814 (Pull Request Review): OpenVPN Client Import does not populate 'remote_cert_tls' option: Jim Pingle
06:01 AM pfSense Packages Bug #12814: OpenVPN Client Import does not populate 'remote_cert_tls' option: fix:
https://gitlab.netgate.com/pfSense/factory-ports/-/merge_requests/48 Viktor Gurov
05:50 AM pfSense Packages Bug #12814 (Resolved): OpenVPN Client Import does not populate 'remote_cert_tls' option: https://redmine.pfsense.org/issues/11865 introduced 'remote_cert_tls' option,
and if the imported .ovpn file contain... Viktor Gurov
07:52 AM Feature #12813: Recover extra data in the installer: We may run into problems trying to do this much. There is limited room on the RAM disk that is available for recovery... Jim Pingle
12:35 AM Feature #12813 (New): Recover extra data in the installer: In addition to #12809, it would be nice to recover extra data from an existing installation
This would make reinstal... Viktor Gurov
07:40 AM Bug #12803 (Feedback): Error loading ruleset due to illegal TOS value: Applied in changeset commit:b7b78ea1b14555972efaf7e6c47e48709ad1c199. Jim Pingle
01:02 AM Feature #10395: Add Dashboard System Information support for more PC Engines APU boards: We have a growing selection of these boards (together with Netgate hardware). Any chance of a generic fix in the next... David Burns
12:36 AM Bug #12691 (Feedback): Support encrypted ``config.xml`` files when restoring during install: Merged:
https://github.com/pfsense/FreeBSD-src/commit/e0653a3050d4e6bb2d21723fbe01e0df3cc25425 Viktor Gurov

02/16/2022

07:08 PM Feature #12807: Clear Active Secondary WAN Connections: @jimp here's an 11+ year old one that's at least mildly related: https://redmine.pfsense.org/issues/855 → luckman212
07:30 AM Feature #12807: Clear Active Secondary WAN Connections: I thought there was already an open Redmine for this exactly but I can't find it at the moment.
This will likely t... Jim Pingle
06:09 AM Feature #12807: Clear Active Secondary WAN Connections: Adam Di Vizio wrote in #note-3:
> On version 2.5.2 release, the only check box option I have available is:
>
> Fl... Viktor Gurov
05:39 AM Feature #12807: Clear Active Secondary WAN Connections: On version 2.5.2 release, the only check box option I have available is:
Flush all states when a gateway goes down... Adam Di Vizio
03:28 AM Feature #12807: Clear Active Secondary WAN Connections: The "State Killing on Gateway Failure" option on the System / Advanced / Miscellaneous should be changed to the follo... Viktor Gurov
03:22 AM Feature #12807: Clear Active Secondary WAN Connections: looks like a duplicate of #11556 Viktor Gurov
06:09 PM pfSense Packages Feature #12812 (New): Would it be helpful if the FreeBSD net-mgmt/arpwatch port had an option to use mail/dma for mail delivery?: Currently arpwatch under pfsense uses a php script to emulate /usr/sbin/sendmail. If I added a port option to use mai... Craig Leres
01:56 PM Revision b7b78ea1: Remove quotes from TOS values. Fixes #12803: The quotes are no longer required by pf.
See also: #4302 Jim Pingle
01:17 PM Bug #12811 (Resolved): Services are not restarted when PPP interfaces connect: Hi there, I've got a Gateway Group containing my WAN (VDSL with PPPoE) on Tier 1 and my 2nd WAN (LTE Modem) on Tier 2... Oskar Stroka
11:52 AM Feature #12809: Recover existing SSH keys during installation: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/624
https://gitlab.netgate.com/pfSense/FreeBSD-src/-/m... Viktor Gurov
07:44 AM Feature #12809 (Resolved): Recover existing SSH keys during installation: It would be nice if the installer had a way to recover the SSH host keys off the drive the same way it handles the "R... Jim Pingle
09:40 AM Bug #12810 (Pull Request Review): Sanitize SHA-512 user password hashes in ``status.php`` output: Jim Pingle
08:54 AM Bug #12810: Sanitize SHA-512 user password hashes in ``status.php`` output: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/623 Viktor Gurov
08:40 AM Bug #12810 (Resolved): Sanitize SHA-512 user password hashes in ``status.php`` output: config-sanitized.xml sample:... Viktor Gurov
09:28 AM pfSense Packages Bug #12808: Wireguard Gateways disabled when Wireguard Service is Manually Restarted: I'm not able to reproduce this either. Can you post some redacted screenshots of your exact configuration? Christian McDonald
08:55 AM pfSense Packages Bug #12808: Wireguard Gateways disabled when Wireguard Service is Manually Restarted: was testing done with multiple WG gateway groups like in aforementioned setup? Just FYI, WG tunnels had monitor IPs t... RED SKULL
08:51 AM pfSense Packages Bug #12808 (Feedback): Wireguard Gateways disabled when Wireguard Service is Manually Restarted: Viktor Gurov
08:51 AM pfSense Packages Bug #12808: Wireguard Gateways disabled when Wireguard Service is Manually Restarted: Unable to reproduce -
wireguard gateways works as expected after:
1) Restarting the Wireguard service on the Status... Viktor Gurov
04:46 AM pfSense Packages Bug #12808: Wireguard Gateways disabled when Wireguard Service is Manually Restarted: This issue specifically occurs on PfSense 2.6 CE final release.
Once gateways are manually re-enabled, you can see t... RED SKULL
04:45 AM pfSense Packages Bug #12808 (Resolved): Wireguard Gateways disabled when Wireguard Service is Manually Restarted: If the wireguard service is manually restarted at any time after boot, Wireguard gateways are automatically disabled ... RED SKULL
08:32 AM pfSense Packages Bug #12802 (Feedback): OpenVPN client imported using Client Import works until first time editing and saving settings (SHA1 replaced with SHA256): Merged
fixed in OpenVPN Client Export 1.0 Viktor Gurov
07:21 AM pfSense Packages Bug #12802 (Pull Request Review): OpenVPN client imported using Client Import works until first time editing and saving settings (SHA1 replaced with SHA256): MR: https://gitlab.netgate.com/pfSense/factory-ports/-/merge_requests/47 Jim Pingle
12:54 AM pfSense Packages Bug #12802: OpenVPN client imported using Client Import works until first time editing and saving settings (SHA1 replaced with SHA256): from man openvpn(5):... Viktor Gurov
07:58 AM Bug #12803 (Pull Request Review): Error loading ruleset due to illegal TOS value: Changing the config.xml from @<dcsp>@ to @<tos>@ didn't fix the rule, it made the filter rule generation skip the val... Jim Pingle
12:31 AM Bug #12803: Error loading ruleset due to illegal TOS value: Related to https://github.com/pfsense/pfsense/commit/3d259e5e9457bc7e9d5b654366f839eaa2d52369 Viktor Gurov
06:51 AM pfSense Packages Bug #12758 (Resolved): Route Handling Subnet field Input check: Tested on:... Danilo Zrenjanin
06:39 AM Bug #12319 (Resolved): NAT reflection does not work for IPv6 port forwarding rules when configured for NAT+Proxy mode: Tested:... Danilo Zrenjanin
06:23 AM Bug #12775 (Resolved): NTP service is not listed on ``status_services.php`` unless ``config.xml`` contains NTP configuration data: Tested:... Danilo Zrenjanin

02/15/2022

10:57 PM Feature #12807 (Duplicate): Clear Active Secondary WAN Connections: Hello There,
There are many people who may have a secondary WAN connection that is utilized on a wireless pay as g... Adam Di Vizio
08:15 PM pfSense Packages Bug #12802: OpenVPN client imported using Client Import works until first time editing and saving settings (SHA1 replaced with SHA256): Jim Pingle wrote in #note-1:
> Without seeing the configuration you imported it's hard to say what might have happene... cromo cromo
02:43 PM pfSense Packages Bug #12802: OpenVPN client imported using Client Import works until first time editing and saving settings (SHA1 replaced with SHA256): If you go to Diagnostics > Backup/Restore on the Config History tab and do a diff on the config entries before/after ... Jim Pingle
01:34 PM pfSense Packages Bug #12802 (Resolved): OpenVPN client imported using Client Import works until first time editing and saving settings (SHA1 replaced with SHA256): _*Disclaimer: You don't have a "OpenVPN Client Importer" category in your tracker, so I used OpenVPN Client Export*_
... cromo cromo
05:43 PM Revision dd92362d: Add support for multiple sites for syncing packages to: Brad Davis
05:26 PM pfSense Packages Todo #12806 (Closed): Update node_exporter to 1.3.1: Sorry if this isn't the right place to ask. I wasn't sure if pfSense published package updates separate from their ba... Logan Marchione
05:15 PM Bug #12800: Suboptimal Password Hashing: Steve's benchmark information is more representative of real-world attack than the earlier examples, because GPU atta... Royce Williams
12:57 PM Bug #12800: Suboptimal Password Hashing: sha512crypt introduces a DoS because it runs in O(pwLen^2+pwLen*cost) time. On a i5-6500, a 14000 character password ... Steve Thomas
08:01 AM Bug #12800: Suboptimal Password Hashing: Gaige Lama wrote in #note-1:
> It's using CRYPT_SHA512 instead of plain SHA512 which has a default of 5000 rounds.... Sam K
03:37 AM Bug #12800: Suboptimal Password Hashing: Sam Kirkman wrote:
> This bug relates to Todo #10298: https://redmine.pfsense.org/issues/10298
>
> The default passw... Gaige Lama
02:42 AM Bug #12800 (Closed): Suboptimal Password Hashing: This bug relates to Todo #10298: https://redmine.pfsense.org/issues/10298
The default password hashing algorithm h... Sam K
05:10 PM pfSense Docs New Content #12805 (New): Add documentation about what triggers a notfication: I just setup notifications in pfSense and can't find any documentation on the page below to show what sort of actions... Logan Marchione
04:59 PM pfSense Docs New Content #12804 (Closed): Add documentation for Slack notifications: I saw in the issue below that support for notifications via Slack was added to 2.6.0.
https://redmine.pfsense.org/... Logan Marchione
04:00 PM Revision 50ef7d15: Oops, add missing underscore preventing the expansion from working: Brad Davis
03:21 PM Revision af7b55fc: Check each host in PKG_RSYNC_HOSTS to make sure it is set before a build: Brad Davis
02:59 PM Revision 038705c0: Fix for the missing variable check in cafd9f976f4a0eae5ef46fec85510e8a846754bb: Brad Davis
02:45 PM Bug #12803 (Resolved): Error loading ruleset due to illegal TOS value: I updated my Pfsense CE installation from 2.5.2 to 2.6.0 today. After the update I was getting errors showing that t... Michael Berry
02:20 PM Revision 468cd92b: Fallback to package \"name\" during package reinstall on restore. Fixes #12766: Viktor Gurov
02:19 PM Revision 324bff64: Restart services on OpenVPN client connect. Fixes #12771: Viktor Gurov
02:19 PM Revision 72860882: DDNS edit page refactor + DigitalOcean and Google Domains wildcard support. Issues #12752 #12761: Viktor Gurov
02:18 PM Revision f976cb6a: Password prompt on encrypted ECL config.xml. Feature #12685: Viktor Gurov
02:12 PM Revision e18a693e: Remove the reference unbound.conf(5) from the DNS Resolver page. Issue #12781: Viktor Gurov
01:01 PM Bug #12797: UPnP+STUN forms invalid outbound NAT rules using the external address discovered from STUN: For inbound connections (@rdr@), STUN is working and a client can open and successfully test a port with a private WA... Jim Pingle
12:07 PM Bug #12796 (Feedback): 2.5.2 -> 2.6.0 upgrade segfaults if certain packages are installed.: I merged the above fix. We can re-test this after the next package sets get built. Jim Pingle
11:28 AM Bug #12801: User password hashes pseudo-random number generator may return insecure salt value: That is likely the better choice overall. Jim Pingle
11:23 AM Bug #12801: User password hashes pseudo-random number generator may return insecure salt value: Jim Pingle wrote in #note-1:
> That second command needs to be a variable -- it's not a flag telling it to use a sec... Viktor Gurov
11:14 AM Bug #12801: User password hashes pseudo-random number generator may return insecure salt value: That second parameter needs to be a variable -- it's not a flag telling it to use a secure method, it's a variable wh... Jim Pingle
10:30 AM Bug #12801 (Resolved): User password hashes pseudo-random number generator may return insecure salt value: https://github.com/pfsense/pfsense/blob/master/src/etc/inc/auth.inc#L819:... Viktor Gurov
10:55 AM Bug #12771: Automatic filter reload with OpenVPN client gateway uplink happens too soon or not at all: to test this fix you need to install the system patches pkg:
https://docs.netgate.com/pfsense/en/latest/development/... Viktor Gurov
10:19 AM Bug #12771: Automatic filter reload with OpenVPN client gateway uplink happens too soon or not at all: I can't say "fixed" for this issue since I have new problems in 2.6.0, so I can't give it a solid test. I also don't... Jon8RFC .
08:25 AM Bug #12771 (Feedback): Automatic filter reload with OpenVPN client gateway uplink happens too soon or not at all: Applied in changeset commit:324bff6498bbd8e04d735195348d8b78b3e9a4a8. Viktor Gurov
07:58 AM Bug #12771 (Pull Request Review): Automatic filter reload with OpenVPN client gateway uplink happens too soon or not at all: Jim Pingle
02:08 AM Bug #12771: Automatic filter reload with OpenVPN client gateway uplink happens too soon or not at all: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/616 Viktor Gurov
10:48 AM pfSense Packages Feature #12718 (Feedback): add igc(4) to the list of INLINE mode (iflib/netmap) supported cards: Merged:
https://github.com/pfsense/FreeBSD-ports/commit/e2470a23ca412103588c3c969d843311e0ef522a Viktor Gurov
10:47 AM pfSense Packages Feature #12719 (Feedback): add igc(4) to the list of INLINE mode (iflib/netmap) supported cards: Merged:
https://github.com/pfsense/FreeBSD-ports/commit/eaec5586b141176f90836135899eac5fb95e6013 Viktor Gurov
10:47 AM pfSense Packages Bug #12739 (Feedback): Passlist generates invalid Virtual IP subnets: Merged:
https://github.com/pfsense/FreeBSD-ports/commit/fec9c89964c53672bc930479209a8fdb24beeff9 Viktor Gurov
10:47 AM pfSense Packages Bug #12683 (Feedback): snort_get_vpns_list() does not include OpenVPN CSO: Merged:
https://github.com/pfsense/FreeBSD-ports/commit/bf49577abfb4dac2d3bd73e0371ded9341ce1b93 Viktor Gurov
09:55 AM Feature #7727: uPnP fails to properly give out subsequent reservations when multiple gaming systems are playing the same game/using the same port: Also there is a new forum thread for general feedback on this issue:
https://forum.netgate.com/topic/169837/upnp-f... Jim Pingle
09:54 AM Feature #7727: uPnP fails to properly give out subsequent reservations when multiple gaming systems are playing the same game/using the same port: For those who still have issues, please start a new forum thread in the "gaming category of the forum":https://forum.... Jim Pingle
08:42 AM Feature #12752 (Feedback): Support wildcard Dynamic DNS records on DigitalOcean: Merged:
https://github.com/pfsense/pfsense/commit/728608824e8fa11acadaac35e46b0d7e2a865870 Viktor Gurov
08:01 AM Feature #12752 (Pull Request Review): Support wildcard Dynamic DNS records on DigitalOcean: Jim Pingle
07:15 AM Feature #12752: Support wildcard Dynamic DNS records on DigitalOcean: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/617 Viktor Gurov
08:41 AM Bug #12761 (Feedback): Input validation prevents configuring wildcard Dynamic DNS records on Google Domains: Merged:
https://github.com/pfsense/pfsense/commit/728608824e8fa11acadaac35e46b0d7e2a865870 Viktor Gurov
08:01 AM Bug #12761 (Pull Request Review): Input validation prevents configuring wildcard Dynamic DNS records on Google Domains: Jim Pingle
07:14 AM Bug #12761: Input validation prevents configuring wildcard Dynamic DNS records on Google Domains: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/617 Viktor Gurov
08:30 AM Feature #12685 (Feedback): Support encrypted ``config.xml`` files when restoring via ECL: Merged Viktor Gurov
08:30 AM Bug #12766 (Feedback): Packages with custom ``internal_name`` values do not reinstall properly when restoring a backup: Applied in changeset commit:468cd92bfaf77a326d5221dd9fd65328e15b297a. Viktor Gurov
07:56 AM Bug #12766 (Pull Request Review): Packages with custom ``internal_name`` values do not reinstall properly when restoring a backup: Jim Pingle
08:30 AM Bug #12781 (Feedback): DNS Resolver help text for **System Domain Local Zone Type** option refers users to ``unbound.conf(5)`` man page instead of pfSense docs: Merged Viktor Gurov
07:57 AM Bug #12781 (Pull Request Review): DNS Resolver help text for **System Domain Local Zone Type** option refers users to ``unbound.conf(5)`` man page instead of pfSense docs: Jim Pingle
01:44 AM Bug #12781: DNS Resolver help text for **System Domain Local Zone Type** option refers users to ``unbound.conf(5)`` man page instead of pfSense docs: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/615 Viktor Gurov
08:15 AM Revision 13720b18: Start/stop PPPoE interface on parent interface events. Fixes #12633: Viktor Gurov
08:03 AM Feature #2505: Toggle button to disable/enable multiple firewall rules: Awesome, thank you! Jon8RFC .
07:17 AM Revision af3320b2: Allow the selection of "any" interface in floating rules. Implements #12392: Viktor Gurov
06:33 AM Revision dc6a9ddc: SNMP service restart improvements. Fixes #12611: Viktor Gurov
06:31 AM Revision 1098cb94: IGMP Proxy service improvements. Fixes #12609: Viktor Gurov
03:18 AM pfSense Packages Feature #11931 (New): Add support for validating a domain's ownership via Google Cloud Cloud DNS: Viktor Gurov
03:10 AM pfSense Packages Feature #11931 (Duplicate): Add support for validating a domain's ownership via Google Cloud Cloud DNS: see also #9200 Viktor Gurov
03:16 AM pfSense Packages Todo #9200: Add DNS support for Google domain to Acme manager: Kyle Klouzal wrote in #note-6:
> Google DNS is different from Google Domains. +1 for Google Domain support here..
se... Viktor Gurov
03:10 AM pfSense Packages Bug #12799 (Duplicate): Missing ACME DNS Providers: Duplicate of #11931 Viktor Gurov
03:00 AM pfSense Packages Feature #12795: Add *.pfsense.org and *.netgate.com to the default DNSBL whitelist: https://github.com/pfsense/FreeBSD-ports/pull/1143 Viktor Gurov
02:25 AM Bug #12633 (Feedback): Gateway monitoring should mark gateway as "offline" on PPPoE parent interface disconnect: Applied in changeset commit:13720b183efaf5697454978db93a5b4815227149. Viktor Gurov
02:15 AM Todo #12093 (Feedback): Make AutoConfigBackup menu entry point to the settings tab so it loads faster when there is no WAN connectivity: Merged Viktor Gurov
02:15 AM Feature #12741 (Feedback): Eliminate duplicate shell commands from history file: Merged Viktor Gurov
02:14 AM Feature #12724 (Feedback): Notify user if AutoConfigBackup is unable to successfully upload a backup: Merged Viktor Gurov
02:14 AM Feature #2456 (Feedback): Option to choose default tab in IPsec status Dashboard widget: Merged Viktor Gurov
01:25 AM Feature #12392 (Feedback): Allow the selection of "any" interface in floating rules: Applied in changeset commit:af3320b2d52f0296e3977e652de2b290c98bbf66. Viktor Gurov
12:40 AM Bug #12611 (Feedback): SNMP daemon is restarted during every ``rc.newwanip`` event: Applied in changeset commit:dc6a9ddcfaa25dda8928d4b2bdc72a117fec3315. Viktor Gurov
12:40 AM Bug #12609 (Feedback): IGMP Proxy server is restarted during every ``rc.newwanip`` event: Applied in changeset commit:1098cb94070574a98a44b4ab160e2a4d1785925a. Viktor Gurov

Also available in: Atom

Project

General

Profile

pfSense

Activity

Activity

03/16/2022

03/15/2022

03/14/2022

03/13/2022

03/12/2022

03/11/2022

03/10/2022

03/09/2022

03/08/2022

03/07/2022

03/06/2022

03/05/2022

03/04/2022

03/03/2022

03/02/2022

03/01/2022

02/28/2022

02/27/2022

02/26/2022

02/25/2022

02/24/2022

02/23/2022

02/22/2022

02/21/2022

02/20/2022

02/19/2022

02/18/2022

02/17/2022

02/16/2022

02/15/2022