Project

General

Profile

Activity

From 06/15/2022 to 07/14/2022

07/14/2022

09:12 PM Revision 970a364f: Build security/pfSense-pkg-Tailscale
(cherry picked from commit 54ab28a2f7d051c0fc251ab76900ffeddd5a2d68) Christian McDonald
09:12 PM Revision 54ab28a2: Build security/pfSense-pkg-Tailscale
Christian McDonald
06:27 PM Regression #13356 (Pull Request Review): RADIUS authentication attempts no longer send RADIUS NAS IP attribute
Thank you for your looking into it!
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/834
Marcos M
11:55 AM Regression #13356: RADIUS authentication attempts no longer send RADIUS NAS IP attribute
As requested, I added in the following (to ensure I could see the separation):... Alastair Burr
11:34 AM Regression #13356: RADIUS authentication attempts no longer send RADIUS NAS IP attribute
I'm curious what those contain - you can dump them to the system log by adding:... Marcos M
03:49 PM Bug #13289: Attempting to restore a 0 byte ``config.xml`` prints an error that the file cannot be read
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/833 Christopher Cope
03:42 PM pfSense Docs Todo #12461 (In Progress): Improve macOS Serial Command Instructions
I added some general info on finding the serial device.
Waiting on info from someone with both a Mac and a 2100 to...
Jim Pingle
11:36 AM pfSense Plus Regression #13355 (Feedback): OpenVPN crashes after reaching the configured concurrent connection limit
Marcos M
08:42 AM pfSense Packages Feature #12748: Suricata blocked page timestamp breakout to it's own sortable column
Thanks so much, Bill! Appreciate your efforts. tasty ratz
08:30 AM pfSense Packages Feature #12748: Suricata blocked page timestamp breakout to it's own sortable column
The pull request has been merged to correct this issue and it can be marked "Resolved". Bill Meeks
08:31 AM pfSense Packages Bug #12956: suricata fails to use pcre in SID management (e.g. dropsid.conf)
The pull request has been merged to correct this issue and it can be marked "Resolved". Bill Meeks
08:30 AM pfSense Packages Bug #13333: PHP error when saving Suricata rulesets
The pull request has been merged to correct this issue and it can be marked "Resolved". Bill Meeks
01:34 AM Bug #8435: DHCPv6 unusable in certain circumstances (US AT&T Fiber, etc.)
Can confirm; there is a workaround that was documented in the forums.... Nathan Ollerenshaw

07/13/2022

06:24 PM pfSense Packages Bug #12956: suricata fails to use pcre in SID management (e.g. dropsid.conf)
The logic has been changed back to the original behavior by removing the _preg_quote()_ wrapping of the PCRE keyword ... Bill Meeks
06:22 PM pfSense Packages Feature #12748: Suricata blocked page timestamp breakout to it's own sortable column
Sortable columns have been added to the BLOCKS tab in the latest _pfSense-pkg-suricata-6.0.6_ version of the GUI pack... Bill Meeks
06:20 PM pfSense Packages Bug #13333: PHP error when saving Suricata rulesets
This issue has been addressed in the new _pfSense-pkg-suricata-6.0.6_ update. Pull request posted here: https://githu... Bill Meeks
11:41 AM Regression #11545: Primary interface address is not always used when VIPs are present
I'll have a look, thanks! Reid Linnemann
07:44 AM Regression #11545 (In Progress): Primary interface address is not always used when VIPs are present
Since this went in my GIF interface doesn't seem to be working properly, and it might affect others. It was working p... Jim Pingle
06:03 AM pfSense Plus Regression #13355 (Pull Request Review): OpenVPN crashes after reaching the configured concurrent connection limit
MR: https://gitlab.netgate.com/pfSense/factory-ports/-/merge_requests/63 Kristof Provost

07/12/2022

06:23 PM Todo #13357 (Resolved): Spelling and typo corrections
Filing as a place to hang a PR.
The misspellings have been reported at https://github.com/jsoref/pfsense/commit/0b...
Josh Soref
06:15 PM Regression #13356 (Resolved): RADIUS authentication attempts no longer send RADIUS NAS IP attribute
After upgrading to pfSense Plus 22.05, the RADIUS NAS IP Attribute setting is no longer sent to the RADIUS server.
...
Alastair Burr
05:57 PM Bug #13282: Alias content is sometimes incomplete if the firewall cannot resolve an FQDN in the alias
I trust that it is definitely real and not a false or misinterpreted report. There's a reason for it and with enough ... Reid Linnemann
05:55 PM Bug #13282: Alias content is sometimes incomplete if the firewall cannot resolve an FQDN in the alias
This has been squirreley for a long time and has been very difficult to reliably duplicate but it is very real. #9296... Chris Linstruth
05:26 PM Bug #13282: Alias content is sometimes incomplete if the firewall cannot resolve an FQDN in the alias
No, none that I am aware of. I know that filterdns has been untouched for a few months now. I'll look for changes els... Reid Linnemann
01:33 PM pfSense Plus Regression #13355 (Resolved): OpenVPN crashes after reaching the configured concurrent connection limit
Tested on 22.05.
If @Concurrent connections@ is set and that limit is reached, the OpenVPN service will crash with...
Marcos M
01:12 PM Revision 9490042f: Build security/tailscale
Christian McDonald
07:30 AM pfSense Docs Todo #13352 (Resolved): Feedback on DNS — DNS Rebinding Protections
Fixed, thanks! Jim Pingle

07/11/2022

09:10 PM Bug #13353: DHCPv6 (still) doesn't work properly with multiple interfaces
We do test a variety of configurations but testing every possible iteration is not possible. Even with unit testing t... Jim Pingle
09:00 PM Bug #13353: DHCPv6 (still) doesn't work properly with multiple interfaces
If you would do proper testing (which means that at least multiple options that the GUI offers are tested, not just t... Flole Systems
07:47 PM Bug #13353: DHCPv6 (still) doesn't work properly with multiple interfaces
Unit tests are a concept that is easy to suggest but not at all easy to implement. It's something we are working towa... Jim Pingle
07:33 PM Bug #13353: DHCPv6 (still) doesn't work properly with multiple interfaces
I know exactly why it's working for you (and for some others aswell, not for all though), but it's not my job to fix ... Flole Systems
07:16 PM Bug #13353: DHCPv6 (still) doesn't work properly with multiple interfaces
I am actively using it on 22.05. It works, and does not behave as you describe.... Jim Pingle
07:10 PM Bug #13353: DHCPv6 (still) doesn't work properly with multiple interfaces
No it's not! I clearly wrote:
h3. That is on the latest pfSense plus version.
above which shouldn't leave any r...
Flole Systems
06:34 PM Bug #13353 (Duplicate): DHCPv6 (still) doesn't work properly with multiple interfaces
Duplicate of #6880 -- it does work on Plus 22.05 and 2.7.0 snapshots.
Jim Pingle
06:31 PM Bug #13353 (Duplicate): DHCPv6 (still) doesn't work properly with multiple interfaces
Another release, another stupid IPv6 bug that could have been detected with basic testing. I'm sure the users of the ... Flole Systems
07:18 PM Regression #12827: High latency and packet loss during a filter reload
There is still packet loss by the way and latency spikes up to 300ms on 22.05.... It becomes super obvious when the t... Flole Systems
06:49 PM pfSense Packages Bug #13354 (New): Tinc VPN causes constant gateway up/down events, packages restarts and filter reloads
The latest pfSense Plus version broke the tinc VPN: When tinc connects it generates an event:... Flole Systems
06:31 PM pfSense Packages Regression #13156: pfBlockerNG IP block stats do not work
luc Willems wrote in #note-15:
> found the issue why it was not working for me. the patch above, it was not "clear" ...
Adrian Hansraj
03:58 PM pfSense Docs Todo #13352 (Resolved): Feedback on DNS — DNS Rebinding Protections
*Page:* https://docs.netgate.com/pfsense/en/latest/services/dns/rebinding.html
*Feedback:*
Small suggestion: Th...
Jesse Sheidlower
02:13 PM Bug #9296: Alias content is sometimes incomplete when an alias contains both FQDN and IP address entries
There are several things I've noted about how aliases and filterdns work that - if they aren't directly related to th... Reid Linnemann
12:42 PM Revision 70dacbf3: Trim leading space from CSV vouchers. Fixes #13272
Jim Pingle
09:40 AM Feature #13351 (New): Improve Indicated Memory Usage in the Dashboard
Currently the value shown in the System Information widget is simply the system reported Free RAM value but that does... Steve Wheeler
08:18 AM Regression #13350: SSL/TLS OpenVPN Client fails with ``ifconfig`` error when the IPv4 Tunnel Network is defined
No, because there are valid cases where it should be set (e.g. to /30) at least for the time being. Since the client ... Jim Pingle
08:10 AM Regression #13350: SSL/TLS OpenVPN Client fails with ``ifconfig`` error when the IPv4 Tunnel Network is defined
Does it make sense to remove this GUI element from the options then? Erik Osterholm
07:59 AM Regression #13350: SSL/TLS OpenVPN Client fails with ``ifconfig`` error when the IPv4 Tunnel Network is defined
Normally in SSL/TLS with a client/server setup that has multiple clients the clients would never populate the tunnel ... Jim Pingle
08:08 AM Bug #9887 (Resolved): Rule separator positions change when deleting multiple rules
Looks good on the latest snapshot. Jim Pingle
07:54 AM Bug #13272 (Feedback): Voucher CSV output has leading space before voucher code
Merged. Jim Pingle
07:48 AM Bug #13014: Deadlock in Charon VICI interface
Hello, I have been working with technical support on this issue and was told to upgrade to version Pfsense Plus 22.05... Jesse Ortiz
07:47 AM pfSense Plus Bug #13348: Error when deleting ZFS Boot Environment created from duplicate of non-default entry
I can't reproduce this here so far. I can create a quick BE and then delete it without error. Though I haven't tried ... Jim Pingle
07:43 AM Bug #12875 (Resolved): Import zabbix-agent6 and zabbix-proxy6 from FreeBSD Ports
Jim Pingle
07:43 AM pfSense Packages Bug #10608 (Closed): Update squid port to 4.11-p2
Jim Pingle
03:59 AM pfSense Packages Bug #13209: Parsing Filter log by pfBlockerNG creates IP Block log with Source/Destination mixed up or wrong Direcion
Any news on a solution for this issue? Djerk Geurts

07/10/2022

12:31 PM Regression #13350 (Resolved): SSL/TLS OpenVPN Client fails with ``ifconfig`` error when the IPv4 Tunnel Network is defined
Filing this on behalf of a client.
When an IPv4 Tunnel Network is defined on an OpenVPN *Client* in pfSense, we ge...
Erik Osterholm
12:16 PM Bug #13325: System Information widget breaks with multiple instances
Kris Phillips wrote in #note-1:
> Larry,
>
> Have you tried a fresh install of pfSense Plus to verify this issue ...
Larry Bernardo
11:18 AM pfSense Packages Todo #13349 (Resolved): Add note in WireGuard GUI regarding routing behavior for Allowed IPs
As specified here:
https://docs.netgate.com/pfsense/en/latest/vpn/wireguard/settings.html#wireguard-settings-peer
...
Marcos M
11:13 AM pfSense Plus Bug #13348 (Resolved): Error when deleting ZFS Boot Environment created from duplicate of non-default entry
After attempting to delete a "quick" boot environment, the GUI displayed the following error:... Marcos M
04:05 AM pfSense Packages Regression #13156: pfBlockerNG IP block stats do not work
found the issue why it was not working for me. the patch above, it was not "clear" for me it had to be ' _<space>_ '... luc Willems

07/09/2022

09:06 PM Bug #12875: Import zabbix-agent6 and zabbix-proxy6 from FreeBSD Ports
This is present in the 22.05 RELEASE repos, so this redmine should be closed as Resolved. Kris Phillips
09:05 PM Bug #13276: IGMP Proxy Error Message for Logging Links to System Log Instead of Routing Log
This is present on 2.6 and 22.05. Kris Phillips
09:04 PM Bug #13277: IGMP Proxy webConfigurator Page Always Produces Error
This is present in the 22.05-RELEASE build as well (just tested). However, it does not appear to affect functionality. Kris Phillips
09:01 PM Bug #13325: System Information widget breaks with multiple instances
Larry,
Have you tried a fresh install of pfSense Plus to verify this issue is still present? That looks like someth...
Kris Phillips
08:57 PM Todo #10464: Don't change the current update repo when new releases are available
Internal Redmine 7479 I feel would be a better solution to this problem, rather than making PHP changes. If we split... Kris Phillips
08:55 PM pfSense Docs Todo #12461: Improve macOS Serial Command Instructions
This should be corrected as customers run into this all the time now, since the driver was updated for all platforms ... Kris Phillips
08:48 PM Bug #9296: Alias content is sometimes incomplete when an alias contains both FQDN and IP address entries
Reid Linnemann wrote in #note-101:
> I'm having a crack at this issue now. Is everyone experiencing this issue using...
Kris Phillips
06:50 PM pfSense Packages Bug #10900: /packages/backup/backup.php?a=download&t=backup HTTP 504, or Sends PHP Error Message as ASCII/Text file Named pfsense.bak.tgz
This is very similar to https://redmine.pfsense.org/issues/11098 - testing covered using both "/root" and "/" as back... Jordan G
02:11 PM pfSense Packages Bug #10608: Update squid port to 4.11-p2
[22.05-RELEASE][admin@pfSense.home.arpa]/root: pkg info squid
squid-5.4.1
Name : squid
Version ...
Alhusein Zawi
10:43 AM pfSense Packages Bug #13347: Setting BGP default-originate route map does not prepend the AS path
Side note I quickly tested setting a community using a route map on the default-originate statement and it worked. Se... Chris Linstruth
10:32 AM pfSense Packages Bug #13347 (New): Setting BGP default-originate route map does not prepend the AS path
Setting a route-map on the default-originate statement or outbound routes to a BGP peer does not properly prepend the... Chris Linstruth
01:43 AM Bug #13272: Voucher CSV output has leading space before voucher code
Tested, no more space before the code.
!clipboard-202207090942-zzonz.png!
Lev Prokofev
01:23 AM Bug #9887: Rule separator positions change when deleting multiple rules
Tested, and it works for me. Lev Prokofev

07/08/2022

06:15 PM Regression #13026: Limiters do not work
Not sure if fully related but having limiter issues on final 22.05 release with a netgate 6100.
2 limiters, each wit...
Jose Duarte
02:33 PM pfSense Plus Bug #13338: OpenVPN DCO panics with short UDP packets
Tested on 22.05, was able to reproduce
tested on
Version 22.09-DEVELOPMENT (amd64)
built on Fri Jul 08 06:14:3...
Georgiy Tyutyunnik
02:08 PM pfSense Plus Bug #13338 (Feedback): OpenVPN DCO panics with short UDP packets
This is now merged. Steve Wheeler
02:21 PM Revision 2dc23896: Fixed handling of single rule selected with multi-delete Issue #9887
Christopher Cope
02:15 PM pfSense Docs New Content #12791 (Feedback): Diagnostic Information for Support (pfSense)
I took a different approach than the MR did. It's up and live now:
https://gitlab.netgate.com/docs/pfSense-docs/-/...
Jim Pingle
10:16 AM Bug #9887 (Feedback): Rule separator positions change when deleting multiple rules
Fix merged Christopher Cope
09:22 AM Bug #9887: Rule separator positions change when deleting multiple rules
Latest patch tests OK for me. Jim Pingle
07:16 AM pfSense Plus Regression #13345 (Not a Bug): IPSEC tunnel loosing packets after upgrade to 22.05 between NG 1100 and NG 7100
There isn't enough information here to classify this as a bug, and we can't reproduce that in lab conditions. It's en... Jim Pingle
02:52 AM pfSense Plus Regression #13345 (Not a Bug): IPSEC tunnel loosing packets after upgrade to 22.05 between NG 1100 and NG 7100
After upgrading i noticed horrible performance over the tunnel to work.
ping gives loss and hundreds and thousands ...
Lars Lindley
05:59 AM pfSense Packages Regression #13156: pfBlockerNG IP block stats do not work
same for me
using
pfsense+ V22.05
pfblockerNG-devel V3.1.0_4
basic setup using wizard.
manually edit the pf...
luc Willems

07/07/2022

01:44 PM Bug #13014: Deadlock in Charon VICI interface
We suggested this bug may be the cause of what the customer is seeing in 945855019. His experience is that the tunnel... Chris W
12:19 PM Bug #9887: Rule separator positions change when deleting multiple rules
Here's a new patch with missing fixes. Seems to pass all tests this time. Christopher Cope
09:01 AM Bug #13344 (Duplicate): Vlan loses parent interface when changing LAGG mtu to jumbo frames
Hi,
Psense+ version: 22.01
When I try to add jumbo frames to lagg interface ( 9000 ) - main
When I change the...
Matthew Whittaker-Williams

07/06/2022

02:26 PM Regression #11512: DHCP Leases page and ARP table page fail to load if DNS is not available
I recently upgraded to 22.05 and am seeing this same issue. Possible regression again? The page used to load within a... Aaron Shaffer
02:01 PM Bug #5413: Reduce disruptions when changing DNS records from DHCP leases in Unbound
Netgate 3100 user here, running 22.05, upgraded from 22.01 - Same problem: DNS interruptions. Can this issue get some... Per-Arne Hellarvik
01:01 PM Bug #13327: Valid OpenVPN client connections rejected due to extraneous output to ovpn_auth_verify
I'm experiencing the exact same problem reported by Brian Martin.
Unfortunately I don't have enough knowledge of PHP...
Massimo Vannucci
11:03 AM pfSense Packages Bug #13343 (Resolved): HAproxy cookie protection syntax needs updated
A bug has been found after UPdate to pfSense plus 22.05: the generated code by HaProxy-GUI... Johannes Goldynia
08:05 AM pfSense Docs Todo #13342 (Feedback): Correct BGP last-as description
Merged. Jim Pingle
03:45 AM Regression #13323 (Feedback): Captive Portal breaks policy based routing for MAC address bypass clients
And that fix has landed: https://github.com/pfsense/pfsense/commit/add6447b9dc801144141bb24f8c264e03a0e7cae Kristof Provost

07/05/2022

06:17 PM pfSense Docs Todo #13342 (Pull Request Review): Correct BGP last-as description
https://gitlab.netgate.com/docs/pfSense-docs/-/merge_requests/44 Marcos M
05:49 PM pfSense Docs Todo #13342 (Resolved): Correct BGP last-as description
The following is incorrect:
https://docs.netgate.com/pfsense/en/latest/packages/frr/global/routemaps.html#bgp-as-p...
Marcos M
04:45 PM Revision add6447b: Ensure we apply policy routing on whitelisted captive portal MAC addresses
We cannot simply 'pass in quick' for the _patthru tagged packets,
because that means we don't process any subsequent ...
Kristof Provost
02:56 PM Revision ad20a68b: Filter reload at end of rc.newwanip. Fixes #13228
Jim Pingle
01:51 PM pfSense Plus Bug #13338 (Pull Request Review): OpenVPN DCO panics with short UDP packets
Marcos M
12:59 PM pfSense Plus Bug #13338: OpenVPN DCO panics with short UDP packets
That looks to be the result of a short UDP packet. Short enough that it doesn't contain an openvpn header.
https:/...
Kristof Provost
10:31 AM pfSense Plus Bug #13338 (Resolved): OpenVPN DCO panics with short UDP packets
If a UDP packet directed towards an active OpenVPN socket is received which is too short to contain an OpenVPN header... Marcos M
01:46 PM pfSense Packages Bug #13332: HAProxy Broken after v22.05 and HAProxy v0.61_3
Johannes Goldynia
Please open a new bug report for the HSTS / Cookie protection issue.
Marcos M
07:59 AM pfSense Packages Bug #13332 (Rejected): HAProxy Broken after v22.05 and HAProxy v0.61_3
There is no way the package can possibly track and warn about custom configuration directives. By definition it does ... Jim Pingle
12:53 PM Bug #13341 (Not a Bug): IPSEC VTI Gateway Monitoring
That is most likely a problem in your configuration or environment, VTI gateway monitoring is working fine in general... Jim Pingle
12:14 PM Bug #13341 (Not a Bug): IPSEC VTI Gateway Monitoring
Hello,
Gateway monitoring does not work on VTI gateways altough the tunnel is UP and traffic is passing succesfull...
Marcus Oliveira
12:24 PM Bug #9296: Alias content is sometimes incomplete when an alias contains both FQDN and IP address entries
I'm having a crack at this issue now. Is everyone experiencing this issue using unbound as a resolver by chance? Reid Linnemann
11:25 AM Feature #13340 (New): Option to change QinQ ethertype to Service VLAN Tag
Currently, pfSense uses C-Tags (ethertype 0x8100) for QinQ interfaces. Ideally, it should keep C-Tags on existing con... Marcos M
10:46 AM Bug #13339 (Not a Bug): Randomly DHCP interface detaches and attach automatically in pfsense 2.6.0
This site is not for support or diagnostic discussion.
For assistance in solving problems, please post on the "Net...
Jim Pingle
10:44 AM Bug #13339 (Not a Bug): Randomly DHCP interface detaches and attach automatically in pfsense 2.6.0
I am facing issue on pfsense firewall CE 2.6.0 after upgrade on 2.5.0 to 2.6.0.., Honnesh Gowda
10:05 AM Bug #13228 (Feedback): Recovering interface gateway may not be added back into gateway groups and rules when expected
Applied in changeset commit:ad20a68bae86fff5660b02789a49618a6e71ae22. Jim Pingle
09:42 AM Bug #9887: Rule separator positions change when deleting multiple rules
This fails in a new/different way when applied. When attempting "test 2" from my original attachments, it puts the se... Jim Pingle
09:36 AM Bug #13327: Valid OpenVPN client connections rejected due to extraneous output to ovpn_auth_verify
I neglected to mention in the bug report and the forum thread that I'm on release 2.6.0, the current stable release. ... Brian Martin
07:35 AM Bug #13327 (Rejected): Valid OpenVPN client connections rejected due to extraneous output to ovpn_auth_verify
There isn't enough information to go on here. This is working for us in the lab and for most if not all users of the ... Jim Pingle
08:47 AM Regression #13323: Captive Portal breaks policy based routing for MAC address bypass clients
I've applied the patch and it fixed the problem for me. Thanks a bunch! Axel Taferner
08:11 AM Bug #13337 (Rejected): After upgrading from 22.01 to 22.05 unbound intermittently stops resolving until manually restarted
There isn't enough information to go on here and it's working fine for thousands of others. It's possible it's relate... Jim Pingle
03:37 AM Bug #13337 (Rejected): After upgrading from 22.01 to 22.05 unbound intermittently stops resolving until manually restarted
Config haven't changed from 22.01 but after upgrade started having problems with dns resolver just timing out on reso... Vaidotas Butkus
08:09 AM pfSense Packages Bug #13336 (Rejected): BGP packets not being sent to OpenVPN cloud connections
This is almost certainly a configuration problem with your OpenVPN setup and/or FRR settings. This site is not for su... Jim Pingle
08:07 AM pfSense Packages Bug #13328 (Not a Bug): Wireguard Site-to-Site broken after upgrade to 22.05
This is unlikely to be a bug, but something in your configuration or environment. It's working for many others in sim... Jim Pingle
08:05 AM pfSense Docs Todo #12770 (Resolved): Feedback on Firewall — Configuring firewall rules
Merged. Also fixed a couple small things I noticed after merging: https://gitlab.netgate.com/docs/pfSense-docs/-/comm... Jim Pingle
07:56 AM pfSense Docs New Content #13270 (Resolved): OpenVPN client gateway is incorrect when the server does not push routes
Merged.
I fixed a couple extra things I noticed after merging: https://gitlab.netgate.com/docs/pfSense-docs/-/comm...
Jim Pingle
07:43 AM pfSense Plus Bug #12607 (Closed): Instability with Snort Inline with AWS Instances
Jim Pingle
07:41 AM Bug #13330 (Rejected): Traffic Shaper Wizard is broken
Please open separate issues for each item, like you did for the second bullet point there ( #13329 )
The first bul...
Jim Pingle
07:41 AM Bug #12747: Restarting the logging daemon during rotation also restarts ``sshguard``, leading to frequent log messages
I'm having the same issue on 2.6.0 at every 1 minute:
Jul 5 09:33:00 sshguard 77002 Exiting on signal.
Jul 5 09:3...
Geovane Gonçalves
07:36 AM Bug #13318 (Resolved): Neighbor hostnames in the NDP Table on ``diag_ndp.php`` are always empty
Jim Pingle
03:26 AM Bug #5413: Reduce disruptions when changing DNS records from DHCP leases in Unbound
Any progress on this as it causes lots of other DNS resolver issues not just short interruptions.
22.01 dns resolver...
Vaidotas Butkus

07/04/2022

08:14 PM pfSense Packages Bug #13336 (Rejected): BGP packets not being sent to OpenVPN cloud connections
Scenario:
OpenVPN cloud is utilized to connect two pfsense routers behind CGNAT to allow for site to site connectivi...
Devan Bhagat
03:23 PM Feature #13293: Option to set auth-gen-token in OpenVPN GUI
It's unclear if the concerns mentioned on the following link have been addressed - best to keep this as a custom opti... Marcos M
02:07 PM Regression #13323: Captive Portal breaks policy based routing for MAC address bypass clients
If you'd like to test it and provide feedback, here's the patch - apply it with the System Patches package. Marcos M
01:30 PM Regression #13323: Captive Portal breaks policy based routing for MAC address bypass clients
Yes, that's internal. It'll turn up in the public tree once I find a victim to review it. That's going to take a day ... Kristof Provost
01:00 PM Regression #13323: Captive Portal breaks policy based routing for MAC address bypass clients
Kristof, the link you posted doesn't work. DNS_PROBE_FINISHED_NXDOMAIN
You probably linked to something internal tha...
Axel Taferner
11:07 AM Regression #13323: Captive Portal breaks policy based routing for MAC address bypass clients
The draft patch wouldn't work, but a similar fix does:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests...
Kristof Provost
11:15 AM pfSense Plus Bug #13334 (Not a Bug): Configuration Auto Backup broken after v22.05 fresh install
I was able to upload backups successfully. Likely a temporary service outage. If it continues to happen, I'd suggest ... Marcos M
11:04 AM pfSense Packages Bug #11098 (Resolved): Backup Files and Directories plugin crashes firewall if /root specified as backup location
I'll close this given that the original issue (crash) no longer happens. There's still the issue of the package locki... Marcos M
10:48 AM Feature #13335: Allow NAT reflection to be limited to specific interfaces
The NAT reflection mode default can be kept as @disabled@, while enabling it per NAT rule. I suppose having the featu... Marcos M
02:08 AM Feature #13335 (New): Allow NAT reflection to be limited to specific interfaces
I have a setup at home with a VLAN for guests, which doesn't have access to any internal resources. Because of this,... Chris Gelatt
10:32 AM pfSense Packages Bug #13333: PHP error when saving Suricata rulesets
Marcos Mendoza wrote in #note-2:
> It happened a while ago as you can tell from the timestamp, unfortunately I don't...
Bill Meeks

07/03/2022

11:35 PM pfSense Packages Bug #11098: Backup Files and Directories plugin crashes firewall if /root specified as backup location
my apologies, I did misunderstand the initial report
in case of specifying "/root/" as path, the backup button produ...
Jordan G
07:25 PM Regression #13290: Error ``dummynet: bad switch 21!`` when using Captive Portal with Limiters
For reference:
There's a redmine report for the policy routing issue here https://redmine.pfsense.org/issues/13323...
Marcos M
07:23 PM Regression #13323: Captive Portal breaks policy based routing for MAC address bypass clients
Potential fix here: https://redmine.pfsense.org/issues/13290#note-6 Marcos M
06:42 PM pfSense Packages Bug #13333: PHP error when saving Suricata rulesets
It happened a while ago as you can tell from the timestamp, unfortunately I don't remember the exact details to repro... Marcos M
04:14 PM pfSense Packages Bug #13333: PHP error when saving Suricata rulesets
Can you add a little more detail for this statement: " _This was triggered when existing rules were auto-enabled by ... Bill Meeks
12:59 PM pfSense Packages Bug #13333 (Resolved): PHP error when saving Suricata rulesets
In some cases, @$enabled_rulesets_array@ in @suricata_rulesets.php@ may not be an array which results in the followin... Marcos M
06:06 PM pfSense Plus Bug #13334 (Not a Bug): Configuration Auto Backup broken after v22.05 fresh install
Multiple errors (30) generated with the same message:
3:33:24 An error occurred while uploading the encrypted confi...
Rick Strangman
12:20 PM pfSense Packages Bug #13332: HAProxy Broken after v22.05 and HAProxy v0.61_3
Hello,
updating the pass-trough rules to...
Johannes Goldynia
02:58 AM pfSense Packages Bug #13328: Wireguard Site-to-Site broken after upgrade to 22.05
After reading through here, I think this might be related to this
https://redmine.pfsense.org/issues/12808
I never h...
Sebastian Schmid

07/02/2022

11:34 PM pfSense Packages Bug #13332 (Rejected): HAProxy Broken after v22.05 and HAProxy v0.61_3
If you are using HAProxy deprecated rspidel directive on your frontends or the option option httpchk on backends, HAP... Rick Strangman
09:05 PM pfSense Plus Bug #12607: Instability with Snort Inline with AWS Instances
This can likely be closed as I've seen zero complaints on newer Plus releases for Snort Inline in AWS. Likely these ... Kris Phillips
09:01 PM Regression #12821: Intel e1000 driver (``em``, ``igb``) cannot pass packets tagged with VLAN ``0``
FYI using the manually compiled, out-of-band driver still works fine on 22.05-RELEASE (as expected since the FreeBSD ... Kris Phillips
08:50 PM Bug #13282: Alias content is sometimes incomplete if the firewall cannot resolve an FQDN in the alias
Reid Linnemann wrote in #note-2:
> There must be something else to this than just the unresolvable host, I've tried ...
Kris Phillips
08:41 PM pfSense Packages Bug #11098: Backup Files and Directories plugin crashes firewall if /root specified as backup location
Jordan Greene wrote in #note-11:
> attempted creation of backup for "/" - after creating the entry and using the back...
Kris Phillips
05:14 PM pfSense Packages Bug #11098: Backup Files and Directories plugin crashes firewall if /root specified as backup location
attempted creation of backup for "/" - after creating the entry and using the backup button, I'm eventually given 504... Jordan G
02:28 PM pfSense Docs New Content #13331 (New): FRR: Add documentation for RIP

RIP documents(configuration/example) need to be added under FRR package Docs.
Alhusein Zawi
02:10 PM Feature #11927 (Resolved): Allow DHCP not to serve a gateway - small fix

resolved
22.05-RELEASE (amd64)
built on Wed Jun 22 18:56:13 UTC 2022
FreeBSD 12.3-STABLE
Alhusein Zawi
11:33 AM Bug #13330 (Rejected): Traffic Shaper Wizard is broken
I noticed multiple issues with the Traffic Shaper wizard using ALTQ Scheduler - HFSC type.
* Values defined in wiz...
Danilo Zrenjanin
10:58 AM pfSense Packages Regression #13156: pfBlockerNG IP block stats do not work
This fix doesn't work for me, I still can't get any logging of IP blocks, even though the dashboard counter shows it ... Adrian Hansraj
09:11 AM Bug #13329 (New): Traffic shaping Wizard sets invalid values for qVoip queue
No matter what I set in the Voice Over IP wizard step, when I finish the wizard the qVoip is set to 32Kb.

!clip...
Danilo Zrenjanin
04:02 AM pfSense Packages Bug #13328 (Not a Bug): Wireguard Site-to-Site broken after upgrade to 22.05
Hi,
I upgraded from 22.01 to 22.05. Everything went fine.
Plus home license on virtualized system
On Upgrade the...
Sebastian Schmid
02:57 AM Bug #13318: Neighbor hostnames in the NDP Table on ``diag_ndp.php`` are always empty
Seems it works.
!clipboard-202207021056-wabip.png!
Lev Prokofev

07/01/2022

06:12 PM Bug #13327 (Resolved): Valid OpenVPN client connections rejected due to extraneous output to ovpn_auth_verify
OpenVPN was observed rejecting client connections that were previously accepted and had not expired. Research lead to... Brian Martin
02:25 PM Bug #9887 (Pull Request Review): Rule separator positions change when deleting multiple rules
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/830
All tests in the original ticket worked as expecte...
Christopher Cope
09:10 AM Bug #12959: dhcplease process wrongly update host file if client-hostname is empty
Also unable to reproduce.
Tested on:
22.05-RELEASE (amd64)
built on Wed Jun 22 18:56:13 UTC 2022
FreeBSD 12.3-STABLE
Georgiy Tyutyunnik
04:53 AM Regression #13290: Error ``dummynet: bad switch 21!`` when using Captive Portal with Limiters
I believe the failure to apply policy routing on whitelisted mac addresses is due to rules like `pass in quick all fl... Kristof Provost

06/30/2022

05:04 PM Bug #13282: Alias content is sometimes incomplete if the firewall cannot resolve an FQDN in the alias
There must be something else to this than just the unresolvable host, I've tried several times to replicate this and ... Reid Linnemann
12:52 PM pfSense Packages Bug #13309 (Resolved): Cron validation prevents special strings such as @reboot
Tested against the Cron package version 0.3.8_1
It works as expected.
I am marking this ticket resolved.
Danilo Zrenjanin
12:35 PM pfSense Packages Bug #13261 (Resolved): Input validation rejects empty ``sudo`` command list, but GUI text says it can be empty
Tested on 22.05, package version 0.3_7.
It works as expected. I am marking this ticket closed.
Danilo Zrenjanin
12:00 PM Bug #13325 (Confirmed): System Information widget breaks with multiple instances
I currently have 2 System Information widget displayed on a 3 Column Dashboard (First and 3rd Column). First System ... Larry Bernardo
11:46 AM Bug #13317: ``array_filter`` PHP Errors in ``interfaces.inc``
I did indeed fix this in CE devel, I need to get the change merged into plus-devel today, if it hasn't already been m... Reid Linnemann
10:21 AM pfSense Docs Todo #13324 (Rejected): Remove Deprecated IPSec Remote Access VPN Guides
L2TP is not insecure (it's protected by IPsec) it's just not well supported by clients.
They are all still valid j...
Jim Pingle
10:18 AM pfSense Docs Todo #13324 (Rejected): Remove Deprecated IPSec Remote Access VPN Guides
Several Configuration Recipes are often find by customers that are no longer recommended. While these guides had use... Kris Phillips
09:21 AM Regression #13323 (Resolved): Captive Portal breaks policy based routing for MAC address bypass clients
Relevant information about my network
LAN segment
VLAN for IoT and wifi devices
WAN1 is used as the default gate...
Axel Taferner
08:41 AM Todo #10464: Don't change the current update repo when new releases are available
Also worth noting, however this is handled, it should not suppress the list of packages and it *must* still allow the... Jim Pingle
07:42 AM Regression #13290: Error ``dummynet: bad switch 21!`` when using Captive Portal with Limiters
The 'bad switch' message originates in dummynet_send(), and the '21' is decimal, so 0x15. Representing PROTO_IPV6 | P... Kristof Provost
07:06 AM Bug #13321 (Pull Request Review): dhcpleases handles duplicate hostnames incorrectly
Jim Pingle
06:45 AM Feature #13322: Define Packet Capture Protocol
And EtherType Andy Kniveton
06:10 AM Feature #13322 (Closed): Define Packet Capture Protocol
Any chance of adding the ability of allowing a user defined protocol to the Packet Capture.
I was trying to debug ...
Andy Kniveton
05:21 AM Bug #12747: Restarting the logging daemon during rotation also restarts ``sshguard``, leading to frequent log messages
same here on 22.05
!clipboard-202206300621-7gjov.png!
Franck Ck
03:18 AM Bug #12811: Services are not restarted when PPP interfaces connect
ec73bb89489d830ec21c4e04ffa3ec401791b55d and c467ca2f35c102aae897424a2fda08e9b2ace673 actually solve the issue that t... Oskar Stroka

06/29/2022

11:57 PM Bug #13321: dhcpleases handles duplicate hostnames incorrectly
Added pull request: https://github.com/pfsense/FreeBSD-ports/pull/1176 Adrian Fonseca
11:10 PM Bug #13321 (Pull Request Review): dhcpleases handles duplicate hostnames incorrectly
--- Problem ---
If the 'dhcpd.leases' file parsed by dhcpleases contains an expired lease and non-expired lease for ...
Adrian Fonseca
04:31 PM Bug #13228: Recovering interface gateway may not be added back into gateway groups and rules when expected
I have this issue. Adding the filter_configure(); to the end, (while not removing the else block) does resolve this f... Lee Brown
02:03 PM pfSense Plus Bug #13320: IP aliases with a CARP VIP parent are not available as VIP choices for gateway groups
Looks like it's because the group drop-downs filter based on the VIP interface and it sees the CARP VIP as the interf... Jim Pingle
01:47 PM pfSense Plus Bug #13320 (Resolved): IP aliases with a CARP VIP parent are not available as VIP choices for gateway groups
Configuration is an HA pair of 6100's with a failover gateway group, one ISP per gateway.
The intention is for IPs...
Chris W
12:59 PM Revision 8c9ab20e: Don't force DNS to use 4/6 here. Fixes #13318
It's not trying to force communication with a
specific address family DNS server.
Jim Pingle
12:16 PM Bug #13318: Neighbor hostnames in the NDP Table on ``diag_ndp.php`` are always empty
Jim - just to let you know, applied this and seems to be working now. Thanks for such a quick response!
JohnPoz _
08:10 AM Bug #13318 (Feedback): Neighbor hostnames in the NDP Table on ``diag_ndp.php`` are always empty
Applied in changeset commit:8c9ab20efe61161e30fe215166d8573c801b947d. Jim Pingle
07:57 AM Bug #13318: Neighbor hostnames in the NDP Table on ``diag_ndp.php`` are always empty
Looking at #11512 and commit:aa1936eefc251b5330e7392f3b1fbc23a006a400 where that was added, it isn't necessary. There... Jim Pingle
07:50 AM Bug #13318: Neighbor hostnames in the NDP Table on ``diag_ndp.php`` are always empty
Looks like for some reason @_getHostName()@ is forcing the DNS lookup to use @-6@ when it shouldn't, as that controls... Jim Pingle
07:32 AM Bug #13318 (Resolved): Neighbor hostnames in the NDP Table on ``diag_ndp.php`` are always empty
The NDP Table in the gui is not listing the hostname, while ndp -a from cmd line does.
See this thread.
https:/...
JohnPoz _
10:01 AM Regression #13316 (Feedback): ``vmstat -m`` value for ``temp`` is accounted for incorrectly, resulting in underflows
Looks like this happens as the value for @nvlist@ increases. Apparently already fixed in FreeBSD: https://cgit.freebs... Jim Pingle
08:46 AM Regression #13316: ``vmstat -m`` value for ``temp`` is accounted for incorrectly, resulting in underflows
Looks like the value of that entry is unsigned and trying to go negative, which results in an underflow (hits 0 then ... Jim Pingle
09:20 AM Regression #13319: OpenVPN site2site with SSL/TLS doesn't apply the remote network route
Jim Pingle wrote in #note-1:
> That is most likely a configuration problem. More likely related to how you changed t...
Pietro Cesana
09:15 AM Regression #13319 (Not a Bug): OpenVPN site2site with SSL/TLS doesn't apply the remote network route
That is most likely a configuration problem. More likely related to how you changed the settings when moving from sha... Jim Pingle
09:12 AM Regression #13319 (Not a Bug): OpenVPN site2site with SSL/TLS doesn't apply the remote network route
I'm testing 2.7 DEV snapshot and I have two OpenVPN site2site client connections.
One (ovpnc1) uses sharedkey and th...
Pietro Cesana
08:06 AM Bug #13317 (Feedback): ``array_filter`` PHP Errors in ``interfaces.inc``
Looks like Reid already fix this one. See commit:c5d786359cc4a15c81e1c4773ab271b3d49ed594
Jim Pingle
06:40 AM Bug #13317: ``array_filter`` PHP Errors in ``interfaces.inc``
Do you have any more information about what was going on when the errors happened? Were you making a change in the GU... Jim Pingle
02:16 AM Bug #13317 (Resolved): ``array_filter`` PHP Errors in ``interfaces.inc``
Crash report begins. Anonymous machine information:
amd64
12.3-STABLE
FreeBSD 12.3-STABLE devel-12-n227385-38ca...
Vorname Nachname
07:53 AM Bug #13132 (New): Multiple ``<sshdata>`` or ``<rrddata>`` sections in ``config.xml`` lead to an XML parsing error during restore
There is still some issue here as users are hitting this on 22.05 when restoring backups with two sections. Jim Pingle
07:00 AM pfSense Packages Regression #13156: pfBlockerNG IP block stats do not work
I just tested and your patch also works on the latest 2.7.0-DEVELOPMENT. Glenn Hall

06/28/2022

09:01 PM Regression #13316: ``vmstat -m`` value for ``temp`` is accounted for incorrectly, resulting in underflows
Just after a reboot the value is sane and the script works, so there is something else going on there.
I'd say the...
Jim Pingle
08:43 PM Regression #13316: ``vmstat -m`` value for ``temp`` is accounted for incorrectly, resulting in underflows
There is a line in @vmstat -m@ for @temp@ that is throwing off the output, it's gigantic... Jim Pingle
08:29 PM Regression #13316 (Resolved): ``vmstat -m`` value for ``temp`` is accounted for incorrectly, resulting in underflows
It works on 22.01, running it on 22.05 produces the following output:... Marcos M
08:32 PM Revision c5d78635: get_interface_addresses: Silence array_filter warnings
Reid Linnemann
06:09 PM Bug #13093: LDAP authentication fails with extended query and RFC2307 group lookups enabled
@(&(DN_RETURNED_BY_INITIAL_SEARCH)(memberOf=cn=nextcloud,cn=groups,cn=accounts,dc=example,dc=com))@
That doesn't w...
Chris Linstruth
05:21 PM Bug #13093: LDAP authentication fails with extended query and RFC2307 group lookups enabled
OK. It looks like it is combining the RFC2307 query and the extended query into something that cannot match when both... Chris Linstruth
02:20 PM Revision d9ff4a76: Clean up old repo files that are not needed any longer since we just template the one
Brad Davis
01:14 PM pfSense Packages Bug #13154: pfBlocker causing excessive CPU load
For reference, the patch to fix it is as follows:... Marcos M
12:44 PM Revision 2a9f6b40: Clarify delegated IPv6 prefix source. Fixes #13310
Indicates the tracked interface and prefix ID, which is more important
now that delegation works from multiple upstre...
Jim Pingle
12:04 PM pfSense Plus Todo #13189 (Resolved): Input validation should reject the combination of DCO and P2P mode
Jim Pingle
12:04 PM pfSense Plus Regression #13183 (Resolved): ZFS module is loaded on systems without ZFS
Jim Pingle
10:28 AM pfSense Docs New Content #13311 (Resolved): Add troubleshooting tips for multiple disk boot issues
https://docs.netgate.com/pfsense/en/latest/troubleshooting/boot-issues.html
It's possible that pfSense may mount a...
Marcos M
08:22 AM pfSense Packages Bug #13309 (Feedback): Cron validation prevents special strings such as @reboot
Fixed: https://github.com/pfsense/FreeBSD-ports/commit/68b6508b0454c6113e03c1fd84e20279310d0bef Jim Pingle
07:55 AM Bug #13310 (Feedback): Each line in the NPt destination IPv6 prefix list also contains the network of the previous line when multiple choices are present
Applied in changeset commit:2a9f6b409bdde67c065a0fa6b13296bbad6c6794. Jim Pingle
07:16 AM Bug #13310: Each line in the NPt destination IPv6 prefix list also contains the network of the previous line when multiple choices are present
This is also mentioned on #13240 but in the interest of only having one problem per issue we can keep this one and ch... Jim Pingle
07:18 AM Bug #13240: User is forced to pick an NPt destination IPv6 prefix length even when choosing a drop-down entry which contains a defined prefix length
Moving first point to #13310 - keeping this one for point 2.
Jim Pingle

06/27/2022

10:19 PM Regression #13290: Error ``dummynet: bad switch 21!`` when using Captive Portal with Limiters
I've posted some additional info on the forums here: https://forum.netgate.com/topic/173061/captive-portal-broken-aft... Axel Taferner
07:26 PM Regression #13290: Error ``dummynet: bad switch 21!`` when using Captive Portal with Limiters
I've updated to pfSense+ 22.05 today and I'm seeing the same thing on the console when activating a captive portal. Axel Taferner
06:32 PM Revision 60a2fa6b: Remove incorrectly restored code. Fixes #13308
Jim Pingle
06:28 PM Revision 2bf4167c: Set PKG_REPO_BRANCH_DEVEL to match the branch name
Brad Davis
04:08 PM Bug #13310: Each line in the NPt destination IPv6 prefix list also contains the network of the previous line when multiple choices are present
PR here: https://github.com/pfsense/pfsense/pull/4608 Seyfidin Hamraoui
04:07 PM Bug #13310 (Resolved): Each line in the NPt destination IPv6 prefix list also contains the network of the previous line when multiple choices are present
Destination IPv6 prefix list is not built properly due to wrongly placed string operator Seyfidin Hamraoui
03:52 PM pfSense Packages Bug #13309 (Resolved): Cron validation prevents special strings such as @reboot
A recent change to the Cron package introduced field validation. Although the UI specifies time examples, some users ... Grant Henderson
03:09 PM Bug #13308 (Resolved): The ``negate_networks`` table is duplicated in ``rules.debug``
Tested patch on 22.05. The table is no longer duplicated. Marcos M
01:50 PM Bug #13308 (Feedback): The ``negate_networks`` table is duplicated in ``rules.debug``
Applied in changeset commit:60a2fa6b6f1a59f3f86933265fbb48e25f652bfc. Jim Pingle
01:30 PM Bug #13308 (Resolved): The ``negate_networks`` table is duplicated in ``rules.debug``
In #13049 the logic to generate the @negate_networks@ table changed ( commit:415a1b2083228030f200c8ea0eac3a8fc91f7142... Jim Pingle
11:20 AM Bug #13307 (Resolved): PPP interface custom reset date/time Hour and Minute fields do not properly handle ``0`` value
When configuring a custom PPP interface reset time on @/interfaces_ppps_edit.php@ *or* @interfaces.php@ the page mish... Jim Pingle
10:56 AM Regression #13303 (Pull Request Review): DNSExit Dynamic DNS updates no longer work
Jim Pingle
10:45 AM pfSense Packages Todo #13306 (Resolved): Update NUT to version 2.8.0 to match FreeBSD Packages
NUT in the FreeBSD repo has been updated to 2.8.0. Make a corresponding update in the pfSense Packages repo. Denny Page
10:26 AM Feature #13305: Certificate Revocation page should show expiration date
This would only be valid for imported CRLs, as internal CRLs are regenerated every time they are refreshed (e.g. Open... Jim Pingle
10:07 AM Feature #13305 (New): Certificate Revocation page should show expiration date
For external CAs, it would be helpful if the Certificate Revovation page showed the valid dates for the CRLs as is do... Orion Poplawski
09:50 AM Bug #11629: PPPoE WAN IP address different than expected when set static by ISP
Dan Rice wrote in #note-23:
> We've installed 22.05 on our Netgate 2100 appliance and it's still assigning the wrong...
Marcos M
07:42 AM pfSense Docs Todo #12770 (Pull Request Review): Feedback on Firewall — Configuring firewall rules
Jim Pingle
07:31 AM Bug #12947 (Pull Request Review): Old IPv6 addresses may continue to be used after DHCP or RA changes
Jim Pingle
07:27 AM pfSense Docs Correction #11223: Azure Marketplace links are invalid
Looks like they were fixed in #13130 (2 months ago) and https://gitlab.netgate.com/docs/pfsense-platforms/-/commit/c3... Jim Pingle
07:23 AM pfSense Plus Bug #11626: Google LDAP connections fail due to lack of SNI for TLS 1.3
Not up to me, it'll need to be handled by Luiz or Brad once things start moving for 22.09 but it's already on the radar. Jim Pingle
07:22 AM Feature #12466: Option to Disable Renegotiation timer in OpenVPN Server
Kris Phillips wrote in #note-10:
> The problem is that renegotiating the data channel key, in the default operation ...
Jim Pingle
07:20 AM Bug #13301 (Duplicate): Bug #13239 = (?) = #12645 appease not fixed - ipv6 based ipsec vpn tunnel bug found with fqdn remote host
I reopened the previous issue, no need for a new one. Jim Pingle
07:20 AM Bug #12645 (New): ``filterdns`` does not monitor remote IPsec gateways for IPv6 address changes
Jim Pingle
07:19 AM pfSense Packages Bug #13261: Input validation rejects empty ``sudo`` command list, but GUI text says it can be empty
Picked back to release branches. Jim Pingle
12:09 AM Revision 17f81cb6: Fixing broken DNSExit implementation
Koen Zomers

06/26/2022

11:31 PM Feature #13304 (Resolved): ALTQ GUI support for Broadcom Netextreme II (``bxe``) interfaces
Original support commit "freebsd-src: 4e40076":https://github.com/freebsd/freebsd-src/commit/4e4007688cf99b61408f5b60... Robert Contreras
07:44 PM Bug #12947: Old IPv6 addresses may continue to be used after DHCP or RA changes
I posted on the PR that since @rlinnemann has just deprecated pfSense_getall_interface_addresses(), this should proba... → luckman212
07:18 PM Regression #13303 (Resolved): DNSExit Dynamic DNS updates no longer work
The current implementation of DNSExit under DynDNS doesn't work anymore. In the logs it will show:
!clipboard-2022...
Koen Zomers
02:47 PM Bug #7996 (Pull Request Review): Unnecessary link tag in login page
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/825 Marcos M
02:35 PM Bug #12544 (Closed): OpenSSH vulnerabilities
Marcos M
02:14 PM Regression #11870 (Not a Bug): Setting MTU on VLAN does not set MTU on parent interface in 2.5.1
VLAN MTU _should_ be allowed to be set at the same or lower MTU as the parent. This issue can be re-opened if a case ... Marcos M
12:54 PM pfSense Docs New Content #13270 (Pull Request Review): OpenVPN client gateway is incorrect when the server does not push routes
https://gitlab.netgate.com/docs/pfSense-docs/-/merge_requests/41 Marcos M

06/25/2022

07:01 PM pfSense Docs Correction #11223 (Resolved): Azure Marketplace links are invalid
Chris W
07:01 PM pfSense Docs Correction #11223: Azure Marketplace links are invalid
Looks like this was fixed. The corrected links point to https://azuremarketplace.microsoft.com/en-us/marketplace/apps... Chris W
05:47 PM Bug #12544: OpenSSH vulnerabilities
This bug report can be closed. pfSense Plus 22.05 comes with OpenSSH 8.8p1, which is not vulnerable to any of these ... Kris Phillips
05:42 PM Bug #8207: 2.4 cannot boot as a Xen VM with more than 7 NICs
Due to lack of confirmation, this bug report should be rejected unless it can be verified that there is a problem on ... Kris Phillips
05:41 PM Bug #9626: When deny write permission is assigned to a user, there is no error feedback if the user tries to write something
Can confirm this is still an issue in 22.05 of pfSense Plus. There is no visual feedback or an error notification du... Kris Phillips
05:39 PM Bug #7996: Unnecessary link tag in login page
This is still present in pfSense Plus 22.05. Kris Phillips
05:38 PM pfSense Packages Bug #10602 (Resolved): Dashboard->Traffic Graphs bandwidth designations on hover pop-ups
Tested this on pfSense Plus 22.05. Not sure when this was fixed, but this looks to be resolved. Closing out this bu... Kris Phillips
05:34 PM pfSense Plus Bug #11626: Google LDAP connections fail due to lack of SNI for TLS 1.3
Jim Pingle wrote in #note-15:
> Nudge this ahead so we have more time to ensure there aren't any regressions from th...
Kris Phillips
05:30 PM pfSense Plus Feature #12546: Add 2FA Support to pfSense Plus Local Database Authentication
Further expounding on this, it appears that Viscosity has native capability to add prompts in the client config.
...
Kris Phillips
05:03 PM Feature #12466: Option to Disable Renegotiation timer in OpenVPN Server
Jim Pingle wrote in #note-9:
> Marcos Mendoza wrote in #note-7:
> > I created https://redmine.pfsense.org/issues/13...
Kris Phillips
05:00 PM Bug #13003: Malicious Driver Detection event on ``ixl(4)`` driver
Christoph Vieten wrote in #note-5:
> Kris Phillips wrote in #note-3:
> > Christoph Vieten wrote in #note-2:
> > > ...
Kris Phillips
03:25 PM pfSense Docs Todo #12770: Feedback on Firewall — Configuring firewall rules
Merge request:
https://gitlab.netgate.com/docs/pfSense-docs/-/merge_requests/42
Chris W
10:59 AM pfSense Packages Bug #11572: Auto created firewall rules have IPv4 as protocol only - even for IPv6 lists.
Still an issue in 2.6.0
Why not remove pfblockerNG from Repo if it's no more fixed and maintained anyway? Saves ti...
Beat Siegenthaler
05:41 AM Bug #13301 (Duplicate): Bug #13239 = (?) = #12645 appease not fixed - ipv6 based ipsec vpn tunnel bug found with fqdn remote host
Hi,
I reported the bug earlier : https://redmine.pfsense.org/issues/13239#change-61632
ipv6 based ipsec vpn tun...
Alex Zaykov
05:33 AM Bug #12645: ``filterdns`` does not monitor remote IPsec gateways for IPv6 address changes
tested on the latest built 22.05-RC (amd64) built on Fri Jun 17 06:34:36 UTC 2022
the bug is not fixed, Ipsec tunnel...
Alex Zaykov

06/24/2022

10:10 PM Feature #13296: Add support for DHCP6 OPTION_PD_EXCLUDE (RFC 6603)
It's where the bug entries are for FreeBSD ports are, and where a feature request can be submitted. Marcos M
04:16 PM Bug #9471 (Resolved): GIF tunnel not added to interface group after reboot

added GIF,LAN,PPPoE and GRE to the group of interfaces, GIF is added to the interface group after reboot
ifconfi...
Alhusein Zawi
03:09 PM Revision 3222c70a: Omit VIPs from interface address selection. Fixes #11545
Add function get_interface_addresses() which wraps around pfSense_get_ifaddrs() and
filters VIPs before selecting an ...
Reid Linnemann
02:50 PM pfSense Packages Bug #13261 (Feedback): Input validation rejects empty ``sudo`` command list, but GUI text says it can be empty
Merged: https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/commit/a056c1984a174248da0a0f8c541d9441678a2339 Christopher Cope
01:23 PM pfSense Packages Bug #13261 (Pull Request Review): Input validation rejects empty ``sudo`` command list, but GUI text says it can be empty
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/251 Christopher Cope
11:31 AM pfSense Docs Correction #13300 (Resolved): Corrected Silabs driver URL
Jim Pingle
11:20 AM pfSense Docs Correction #13300 (Resolved): Corrected Silabs driver URL
Current link in the Windows tab of the Connecting to the Console Port pages for Netgate firewalls (excluding 1100 and... Chris W
11:21 AM pfSense Packages Bug #13299 (Resolved): Cron package needs basic input validation and output encoding
Tested and working as expected on... Christopher Cope
10:18 AM pfSense Packages Bug #13299 (Feedback): Cron package needs basic input validation and output encoding
Fixed: https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/commit/1a8a2f338592428dd46e543a884b1758b68198c9 Jim Pingle
10:09 AM pfSense Packages Bug #13299 (Resolved): Cron package needs basic input validation and output encoding
The cron package does not validate its inputs nor does it encode its output. This can lead to a potential stored XSS.... Jim Pingle
10:25 AM Regression #11545: Primary interface address is not always used when VIPs are present
I believe I have a fix for this issue. I created a variation on pfSense_get_interface_addresses() named pfSense_get_i... Reid Linnemann
10:15 AM Regression #11545 (Feedback): Primary interface address is not always used when VIPs are present
Applied in changeset commit:3222c70aaf783336901f7b1225727b5973ba865a. Reid Linnemann
07:47 AM Bug #13298: Dynv6 Dynamic DNS client does not check the response code when updating
PR: https://github.com/pfsense/pfsense/pull/4605 Jim Pingle
07:16 AM Feature #12466: Option to Disable Renegotiation timer in OpenVPN Server
Marcos Mendoza wrote in #note-7:
> I created https://redmine.pfsense.org/issues/13293 for that. Given that @auth-gen...
Jim Pingle

06/23/2022

08:49 PM Revision adfb1d2b: fix: Dynv6 checkIP
Check return of update to release check IP Tiago d'Avila
07:49 PM pfSense Packages Bug #8454: Arpwatch package break email notifications from other sources
Is this still current as of 22.05? I just started playing with Arpwatch. What exactly does the "Disable Cron emails" ... → luckman212
04:01 PM Bug #13298: Dynv6 Dynamic DNS client does not check the response code when updating
*Testing*
Tested with https://dynv6.com
Tiago Beling d'Avila
03:58 PM Bug #13298 (Resolved): Dynv6 Dynamic DNS client does not check the response code when updating
Check return of update to release check IP Tiago Beling d'Avila
12:04 PM Feature #13297 (New): Support for Gateway Groups as Static Route destinations
It could be interesting to have the possibility to use a group of gateways with static routes in a failover scenario.... Vincent D.
07:06 AM Regression #11316: Unbound crashes with signal 11 when reloading
Why is this closed ??
All was ok for my pfsense until a power outage.
I have pfsense 2.6 up to date and it has been...
mururoa mururoa
01:31 AM Bug #13003: Malicious Driver Detection event on ``ixl(4)`` driver
Kris Phillips wrote in #note-3:
> Christoph Vieten wrote in #note-2:
> > Same happened on 2.6.0 with Intel x710-T4 ...
Christoph Vieten

06/22/2022

09:31 PM Feature #13296: Add support for DHCP6 OPTION_PD_EXCLUDE (RFC 6603)
@mmendoza was that last link you posted supposed to show something related? for me it just appears to be a list of ev... → luckman212
05:54 PM Feature #13296: Add support for DHCP6 OPTION_PD_EXCLUDE (RFC 6603)
It's http://wide-dhcpv6.sourceforge.net/
See:
https://github.com/pfsense/FreeBSD-ports/tree/devel/net/dhcp6
http...
Marcos M
04:47 PM Feature #13296: Add support for DHCP6 OPTION_PD_EXCLUDE (RFC 6603)
I'm still hazy on exactly which dhcp6c implementation is currently shipping. I _thought_ it was the "hrs-allbsd/wide-... → luckman212
04:01 PM Feature #13296 (New): Add support for DHCP6 OPTION_PD_EXCLUDE (RFC 6603)
Some ISPs are rolling out IPv6 and not directly providing a globally routable WAN address via DHCPv6. Instead, they a... Anonymous
09:04 PM Regression #11570: Gateway monitoring services is not always restarted on interface events, which may prevent a WAN from recovering back to an online state
hello guys
Configurator (Scope):
Interfaces: WAN-DHCP4|WAN2-DHCP4
Gateway Group: Failover (WAN_DHCP Gateway: 192...
Alefe Ortiz
06:06 PM Feature #13294: Change gateway name
There's no functionality to rename the gateway/group and update all of the places where it could be used. That could ... Marcos M
10:27 AM Feature #13294 (New): Change gateway name
After clicking on a gateway on system_gateways_edit.php, which takes the user to e.g., system_gateways_edit.php?id=0,... Kay Avila
05:19 PM Revision d55e0d4b: fix func params for get_dpinger_status() call in gwlb.inc
→ luckman212
04:15 PM Revision 7e9a12e9: Centralize the branches into builder_defaults.sh to simplify and eliminate overwriting the variables
Brad Davis
12:26 PM Bug #13295 (Resolved): Incorrect function parameters for ``get_dpinger_status()`` call in ``gwlb.inc``
There seems to be an error in @gwlb.inc@ around line 479. The call to @get_dpinger_status()@ has the @$action_disable... → luckman212
02:12 AM Revision 5ecee3d7: scrubing -> scrubbing
→ luckman212

06/21/2022

03:47 PM Revision 098cdb61: Add version config for use by pfSense-repo
Brad Davis
02:37 PM Feature #12466: Option to Disable Renegotiation timer in OpenVPN Server
I created https://redmine.pfsense.org/issues/13293 for that. Given that @auth-gen-token@ handles the issue with frequ... Marcos M
02:35 PM Feature #13293 (New): Option to set auth-gen-token in OpenVPN GUI
This option is useful to avoid having to frequently manually re-authenticate when using MFA.
> --auth-gen-token [lif...
Marcos M
12:06 PM pfSense Packages Feature #13292 (New): Separator
It'd be really nice if there was a way to add a separator to the certificates list in the ACME package. Nothing fanc... Marc Mapplebeck
10:22 AM pfSense Docs Todo #13291 (Duplicate): Notification documentation
I know there is documentation here on how to setup notification
https://docs.netgate.com/pfsense/en/latest/config/...
Meme meme
01:00 AM Bug #13210: PPPoE server panics with multiple client connections
Sorry, wanted to add it here for documentation purpose but forgot to make it yesterday:... Jens Groh

06/20/2022

06:01 PM Regression #13290 (Feedback): Error ``dummynet: bad switch 21!`` when using Captive Portal with Limiters
There's not enough info here to troubleshoot this. Discussion of the issue may be continued on the forums: https://fo... Marcos M
02:25 PM Regression #13290 (Resolved): Error ``dummynet: bad switch 21!`` when using Captive Portal with Limiters
After upgrading from 2.6.0 to 2.7.0, my Captives Portal users are dropped randomly, having to re-authenticate... Ther... Rafael Ferreira
04:20 PM Bug #13210 (Resolved): PPPoE server panics with multiple client connections
Customer which was previously frequently hitting this issue reports it's been resolved after updating to the RC. Marcos M
04:04 PM Bug #10352: RADIUS authentication fails with MSCHAPv1 or MSCHAPv2 when passwords contain international characters
The issue is still present on 22.01-RELEASE
Any foreseen planning to fix this issue ?
Is someone working on it ? ma...
Patrick Vander Linden
01:03 PM Feature #13286: webConfigurator does not redirect to requested page after login
I understand.
To be honest, one of my main reasons for wanting this merged was because my dashboard takes so darn l...
→ luckman212
12:52 PM Feature #13286: webConfigurator does not redirect to requested page after login
Some pages require parameters to load the right view, so stripping the parameters isn't helpful.
It is not going t...
Jim Pingle
10:18 AM Feature #13286: webConfigurator does not redirect to requested page after login
But, again- nothing prevents a logged in user from bookmarking a page or recalling one from history that actions some... → luckman212
10:15 AM Feature #13286: webConfigurator does not redirect to requested page after login
Doesn't have to be an attack, they could also do it unintentionally by bookmarking or hitting a page from their histo... Jim Pingle
10:07 AM Feature #13286: webConfigurator does not redirect to requested page after login
Not sure I follow how this makes it any less secure than it already is. If a user is logged in already, they can stil... → luckman212
08:49 AM Feature #13286 (Rejected): webConfigurator does not redirect to requested page after login
This is done on purpose for security reasons. Until the entire GUI is purged of any page that takes action on GET, th... Jim Pingle
08:34 AM Feature #13286: webConfigurator does not redirect to requested page after login
PR: https://github.com/pfsense/pfsense/pull/4599 → luckman212
08:33 AM Feature #13286 (Rejected): webConfigurator does not redirect to requested page after login
Something that has bugged me for a while now is that if you are logged out of pfSense, and request a "deep" page e.g.... → luckman212
10:46 AM Bug #13289 (Resolved): Attempting to restore a 0 byte ``config.xml`` prints an error that the file cannot be read
When attempting to restore an empty config.xml file (0 bytes) the GUI prints an error saying the file cannot be read ... Jim Pingle
10:36 AM Bug #13288 (New): Encode FreeRADIUS Custom Options
Currently, fields in the FreeRADIUS package such as @varusersreplyitemsadditionaloptions@ are not encoded in config.x... Marcos M
10:33 AM Feature #13287 (New): Encode OpenVPN Custom Options
The @custom_options@ field for OpenVPN configurations is currently not encoded. This should be encoded in base64. Marcos M
07:46 AM Feature #12466: Option to Disable Renegotiation timer in OpenVPN Server
Both @auth-gen-token@ and @reneg-sec@ are useful in different ways, we should expose and (optionally) use both. Thoug... Jim Pingle
07:21 AM Bug #13285: Uncaught ArgumentCountError to function openvpn_kill_client()
Okay, thank you Jim for test and quick feedback. DRago_Angel [InV@DER]
07:20 AM Bug #13285 (Duplicate): Uncaught ArgumentCountError to function openvpn_kill_client()
There are no errors when terminating clients on the status page or widget on 22.05/2.7.0 snapshots. Jim Pingle
07:11 AM Bug #13285: Uncaught ArgumentCountError to function openvpn_kill_client()
Sorry, found https://redmine.pfsense.org/issues/12817 but it not mention status page, not sure 12817 also resolve Ope... DRago_Angel [InV@DER]
07:09 AM Bug #13285 (Duplicate): Uncaught ArgumentCountError to function openvpn_kill_client()
Killing session for user using OpenVPN Dashboard Widget or using OpenVPN Status page do not works.
On Widget next er...
DRago_Angel [InV@DER]

06/19/2022

11:11 PM Bug #5413: Reduce disruptions when changing DNS records from DHCP leases in Unbound
Hey Netgate - I get the feeling this affects far more customers than you think.
Can this be assigned to someone to a...
O E
09:34 PM Bug #12947: Old IPv6 addresses may continue to be used after DHCP or RA changes
Just updated "PR #4595":https://github.com/pfsense/pfsense/pull/4595 with the new mitigation changes. Testers & feedb... → luckman212
12:20 PM Bug #12947: Old IPv6 addresses may continue to be used after DHCP or RA changes
It appears we are out of luck on having @devd@ fire events for IP address changes. There is a commit: https://reviews... → luckman212
06:42 PM pfSense Plus Bug #13283 (Not a Bug): PBR forcing traffic out one WAN and back into another WAN with NAT Reflection Fails
Tested this.
With that PBR in place, even traffic that is being NAT'ed from the NAT Reflection rule will be caught...
Marcos M
05:53 PM Bug #13243 (Pull Request Review): OpenVPN status for multi-user VPN shows info icon to display RADIUS rules when there are none to display
Marcos M
02:18 PM Bug #13243: OpenVPN status for multi-user VPN shows info icon to display RADIUS rules when there are none to display
This fixes the original issue:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/821
Reiner Keller wr...
Marcos M
05:52 PM Feature #12466: Option to Disable Renegotiation timer in OpenVPN Server
It's better to implement @--auth-gen-token [lifetime]@
> --auth-gen-token [lifetime]
> After successful user/passwo...
Marcos M
05:38 PM Feature #12982: Add support for RFC7499 in RADIUS library.
So are you saying that pfsense/freeRadius will not be able to go more then 68 rules? any software you know would be ... Frank Lee
03:58 PM Feature #12982: Add support for RFC7499 in RADIUS library.
I was able to replicate this with a simpler setup by adding a custom option to the @Additional RADIUS Attributes (REP... Marcos M
12:10 PM pfSense Packages Feature #13284 (New): Option to define "Issuer" in OPT configuration.
All QR codes are presently identifying as "FreeRADIUS(username).
Please add an optional variable in user->One-Time...
Jakob Nordgarden
11:11 AM Bug #13280: Entries for ``net.link.ifqmaxlen`` duplicated in ``/boot/loader.conf``
I'm seeing this as well on a VM with @22.05.r.20220609.1919@.... Marcos M

06/18/2022

05:48 PM pfSense Plus Bug #13283 (Not a Bug): PBR forcing traffic out one WAN and back into another WAN with NAT Reflection Fails
Assuming the following configuration:
2 WAN interfaces WAN1 and WAN2
One LAN interface with Host A and Host B.
H...
Kris Phillips
02:34 PM Bug #9296: Alias content is sometimes incomplete when an alias contains both FQDN and IP address entries
It seems this issue has gotten worse somewhere along the line similar to how others are describing it. Tables now lo... Kris Phillips
02:25 PM Bug #13282 (Resolved): Alias content is sometimes incomplete if the firewall cannot resolve an FQDN in the alias
If an invalid FQDN is present in an alias before a valid one, the entire table will be empty.
For an example, if...
Kris Phillips

06/17/2022

07:24 PM Bug #13281 (Duplicate): Crash Reporter
Duplicate, and already fixed: #12817 Jim Pingle
06:49 PM Bug #13281 (Duplicate): Crash Reporter
Crash report begins. Anonymous machine information:
amd64
12.3-STABLE
FreeBSD 12.3-STABLE plus-RELENG_22_01-n20...
Ilan Birman
04:10 PM Revision 3f4ee315: Template the versions as well
Brad Davis
03:31 PM Bug #13280 (Resolved): Entries for ``net.link.ifqmaxlen`` duplicated in ``/boot/loader.conf``

Using 22.05-RC 22.05.r.20220617.0613 Duplicate entries appear in /boot/loader.conf
Here are the contents of my loa...
Keith Townsend
08:36 AM Bug #13243: OpenVPN status for multi-user VPN shows info icon to display RADIUS rules when there are none to display
Additional to this "informal" bug the ruleset given by Radius parameter isn't stored and when the renegiotion is done... Reiner Keller
07:34 AM Bug #13278 (Needs Patch): OpenVPN dynamic gateway created incorrectly when not pulling routes or server pushes no routes
We're aware of this, but it's an OpenVPN bug, not a bug in our code. As you see, the variables are unpopulated even w... Jim Pingle
01:10 AM Bug #13278: OpenVPN dynamic gateway created incorrectly when not pulling routes or server pushes no routes
This appears to be happening because OpenVPN doesn't populate these environment variables when either option is selec... Adrien Carlyle
07:09 AM Bug #13279 (New): DHCP config override affects Gateway installation.
If you check Configuration Override on the interface in the DHCP Client Configuration section, then open Status => In... Lev Prokofev
07:02 AM Regression #13274 (Resolved): OpenVPN override IPv4 tunnel network field changing value improperly
Working as expected on the latest build. The exact tunnel network address and mask remain, and the resulting @ifconfi... Jim Pingle

06/16/2022

11:54 PM Bug #12947: Old IPv6 addresses may continue to be used after DHCP or RA changes
@dem I believe I'm facing this exact issue, take a look at https://forum.netgate.com/topic/172849/rtsold-not-running-... → luckman212
10:31 PM Bug #13278 (Needs Patch): OpenVPN dynamic gateway created incorrectly when not pulling routes or server pushes no routes
IF: I configure OpenVPN client and set the "Don't pull routes" check box
OR
IF: I include the advanced option: pull...
Adrien Carlyle
09:30 PM Regression #13167: DigitalOcean Dynamic DNS update fails with a "bad request" error
+1 Also having this problem : 2.6.0-RELEASE (amd64) Emmanuel Rosado
07:50 PM Bug #13277 (Duplicate): IGMP Proxy webConfigurator Page Always Produces Error
Whether your IGMP Proxy settings are correct or not, there is always an error stating "There was a problem applying t... Kris Phillips
07:48 PM Bug #13276 (New): IGMP Proxy Error Message for Logging Links to System Log Instead of Routing Log
If you try to apply a setting that won't apply in IGMP Proxy, it will state "There was a problem applying the changes... Kris Phillips

06/15/2022

03:16 PM Revision 230b2303: Fix OpenVPN override TN handling. Fixes #13274
Jim Pingle
10:42 AM pfSense Docs New Content #13211: OpenVPN DCO Documentation
Updates: https://gitlab.netgate.com/docs/pfSense-docs/-/commit/989cfa8946010d913fddeebc8d8fe740ba409390 Jim Pingle
10:25 AM Regression #13274 (Feedback): OpenVPN override IPv4 tunnel network field changing value improperly
Applied in changeset commit:230b23033a898633681ef0dde4df8f63a2b7258c. Jim Pingle
10:13 AM Regression #13274 (Resolved): OpenVPN override IPv4 tunnel network field changing value improperly
For an override on a subnet topology VPN, the mask on the tunnel network in the override has to reflect the subnet ma... Jim Pingle
03:44 AM Bug #11629: PPPoE WAN IP address different than expected when set static by ISP
We've installed 22.05 on our Netgate 2100 appliance and it's still assigning the wrong IP address to the WAN interfac... Dan Rice
 

Also available in: Atom