Activity
From 06/15/2022 to 07/14/2022
07/14/2022
-
09:12 PM Revision 970a364f: Build security/pfSense-pkg-Tailscale
- (cherry picked from commit 54ab28a2f7d051c0fc251ab76900ffeddd5a2d68)
-
09:12 PM Revision 54ab28a2: Build security/pfSense-pkg-Tailscale
-
06:27 PM Regression #13356 (Pull Request Review): RADIUS authentication attempts no longer send RADIUS NAS IP attribute
- Thank you for your looking into it!
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/834 -
11:55 AM Regression #13356: RADIUS authentication attempts no longer send RADIUS NAS IP attribute
- As requested, I added in the following (to ensure I could see the separation):...
-
11:34 AM Regression #13356: RADIUS authentication attempts no longer send RADIUS NAS IP attribute
- I'm curious what those contain - you can dump them to the system log by adding:...
-
03:49 PM Bug #13289: Attempting to restore a 0 byte ``config.xml`` prints an error that the file cannot be read
- https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/833
-
03:42 PM pfSense Docs Todo #12461 (In Progress): Improve macOS Serial Command Instructions
- I added some general info on finding the serial device.
Waiting on info from someone with both a Mac and a 2100 to... -
11:36 AM pfSense Plus Regression #13355 (Feedback): OpenVPN crashes after reaching the configured concurrent connection limit
-
08:42 AM pfSense Packages Feature #12748: Suricata blocked page timestamp breakout to it's own sortable column
- Thanks so much, Bill! Appreciate your efforts.
-
08:30 AM pfSense Packages Feature #12748: Suricata blocked page timestamp breakout to it's own sortable column
- The pull request has been merged to correct this issue and it can be marked "Resolved".
-
08:31 AM pfSense Packages Bug #12956: suricata fails to use pcre in SID management (e.g. dropsid.conf)
- The pull request has been merged to correct this issue and it can be marked "Resolved".
-
08:30 AM pfSense Packages Bug #13333: PHP error when saving Suricata rulesets
- The pull request has been merged to correct this issue and it can be marked "Resolved".
-
01:34 AM Bug #8435: DHCPv6 unusable in certain circumstances (US AT&T Fiber, etc.)
- Can confirm; there is a workaround that was documented in the forums....
07/13/2022
-
06:24 PM pfSense Packages Bug #12956: suricata fails to use pcre in SID management (e.g. dropsid.conf)
- The logic has been changed back to the original behavior by removing the _preg_quote()_ wrapping of the PCRE keyword ...
-
06:22 PM pfSense Packages Feature #12748: Suricata blocked page timestamp breakout to it's own sortable column
- Sortable columns have been added to the BLOCKS tab in the latest _pfSense-pkg-suricata-6.0.6_ version of the GUI pack...
-
06:20 PM pfSense Packages Bug #13333: PHP error when saving Suricata rulesets
- This issue has been addressed in the new _pfSense-pkg-suricata-6.0.6_ update. Pull request posted here: https://githu...
-
11:41 AM Regression #11545: Primary interface address is not always used when VIPs are present
- I'll have a look, thanks!
-
07:44 AM Regression #11545 (In Progress): Primary interface address is not always used when VIPs are present
- Since this went in my GIF interface doesn't seem to be working properly, and it might affect others. It was working p...
-
06:03 AM pfSense Plus Regression #13355 (Pull Request Review): OpenVPN crashes after reaching the configured concurrent connection limit
- MR: https://gitlab.netgate.com/pfSense/factory-ports/-/merge_requests/63
07/12/2022
-
06:23 PM Todo #13357 (Resolved): Spelling and typo corrections
- Filing as a place to hang a PR.
The misspellings have been reported at https://github.com/jsoref/pfsense/commit/0b... -
06:15 PM Regression #13356 (Resolved): RADIUS authentication attempts no longer send RADIUS NAS IP attribute
- After upgrading to pfSense Plus 22.05, the RADIUS NAS IP Attribute setting is no longer sent to the RADIUS server.
... -
05:57 PM Bug #13282: Alias content is sometimes incomplete if the firewall cannot resolve an FQDN in the alias
- I trust that it is definitely real and not a false or misinterpreted report. There's a reason for it and with enough ...
-
05:55 PM Bug #13282: Alias content is sometimes incomplete if the firewall cannot resolve an FQDN in the alias
- This has been squirreley for a long time and has been very difficult to reliably duplicate but it is very real. #9296...
-
05:26 PM Bug #13282: Alias content is sometimes incomplete if the firewall cannot resolve an FQDN in the alias
- No, none that I am aware of. I know that filterdns has been untouched for a few months now. I'll look for changes els...
-
01:33 PM pfSense Plus Regression #13355 (Resolved): OpenVPN crashes after reaching the configured concurrent connection limit
- Tested on 22.05.
If @Concurrent connections@ is set and that limit is reached, the OpenVPN service will crash with... -
01:12 PM Revision 9490042f: Build security/tailscale
-
07:30 AM pfSense Docs Todo #13352 (Resolved): Feedback on DNS — DNS Rebinding Protections
- Fixed, thanks!
07/11/2022
-
09:10 PM Bug #13353: DHCPv6 (still) doesn't work properly with multiple interfaces
- We do test a variety of configurations but testing every possible iteration is not possible. Even with unit testing t...
-
09:00 PM Bug #13353: DHCPv6 (still) doesn't work properly with multiple interfaces
- If you would do proper testing (which means that at least multiple options that the GUI offers are tested, not just t...
-
07:47 PM Bug #13353: DHCPv6 (still) doesn't work properly with multiple interfaces
- Unit tests are a concept that is easy to suggest but not at all easy to implement. It's something we are working towa...
-
07:33 PM Bug #13353: DHCPv6 (still) doesn't work properly with multiple interfaces
- I know exactly why it's working for you (and for some others aswell, not for all though), but it's not my job to fix ...
-
07:16 PM Bug #13353: DHCPv6 (still) doesn't work properly with multiple interfaces
- I am actively using it on 22.05. It works, and does not behave as you describe....
-
07:10 PM Bug #13353: DHCPv6 (still) doesn't work properly with multiple interfaces
- No it's not! I clearly wrote:
h3. That is on the latest pfSense plus version.
above which shouldn't leave any r... -
06:34 PM Bug #13353 (Duplicate): DHCPv6 (still) doesn't work properly with multiple interfaces
- Duplicate of #6880 -- it does work on Plus 22.05 and 2.7.0 snapshots.
-
06:31 PM Bug #13353 (Duplicate): DHCPv6 (still) doesn't work properly with multiple interfaces
- Another release, another stupid IPv6 bug that could have been detected with basic testing. I'm sure the users of the ...
-
07:18 PM Regression #12827: High latency and packet loss during a filter reload
- There is still packet loss by the way and latency spikes up to 300ms on 22.05.... It becomes super obvious when the t...
-
06:49 PM pfSense Packages Bug #13354 (New): Tinc VPN causes constant gateway up/down events, packages restarts and filter reloads
- The latest pfSense Plus version broke the tinc VPN: When tinc connects it generates an event:...
-
06:31 PM pfSense Packages Regression #13156: pfBlockerNG IP block stats do not work
- luc Willems wrote in #note-15:
> found the issue why it was not working for me. the patch above, it was not "clear" ... -
03:58 PM pfSense Docs Todo #13352 (Resolved): Feedback on DNS — DNS Rebinding Protections
- *Page:* https://docs.netgate.com/pfsense/en/latest/services/dns/rebinding.html
*Feedback:*
Small suggestion: Th... -
02:13 PM Bug #9296: Alias content is sometimes incomplete when an alias contains both FQDN and IP address entries
- There are several things I've noted about how aliases and filterdns work that - if they aren't directly related to th...
-
12:42 PM Revision 70dacbf3: Trim leading space from CSV vouchers. Fixes #13272
-
09:40 AM Feature #13351 (New): Improve Indicated Memory Usage in the Dashboard
- Currently the value shown in the System Information widget is simply the system reported Free RAM value but that does...
-
08:18 AM Regression #13350: SSL/TLS OpenVPN Client fails with ``ifconfig`` error when the IPv4 Tunnel Network is defined
- No, because there are valid cases where it should be set (e.g. to /30) at least for the time being. Since the client ...
-
08:10 AM Regression #13350: SSL/TLS OpenVPN Client fails with ``ifconfig`` error when the IPv4 Tunnel Network is defined
- Does it make sense to remove this GUI element from the options then?
-
07:59 AM Regression #13350: SSL/TLS OpenVPN Client fails with ``ifconfig`` error when the IPv4 Tunnel Network is defined
- Normally in SSL/TLS with a client/server setup that has multiple clients the clients would never populate the tunnel ...
-
08:08 AM Bug #9887 (Resolved): Rule separator positions change when deleting multiple rules
- Looks good on the latest snapshot.
-
07:54 AM Bug #13272 (Feedback): Voucher CSV output has leading space before voucher code
- Merged.
-
07:48 AM Bug #13014: Deadlock in Charon VICI interface
- Hello, I have been working with technical support on this issue and was told to upgrade to version Pfsense Plus 22.05...
-
07:47 AM pfSense Plus Bug #13348: Error when deleting ZFS Boot Environment created from duplicate of non-default entry
- I can't reproduce this here so far. I can create a quick BE and then delete it without error. Though I haven't tried ...
-
07:43 AM Bug #12875 (Resolved): Import zabbix-agent6 and zabbix-proxy6 from FreeBSD Ports
-
07:43 AM pfSense Packages Bug #10608 (Closed): Update squid port to 4.11-p2
-
03:59 AM pfSense Packages Bug #13209: Parsing Filter log by pfBlockerNG creates IP Block log with Source/Destination mixed up or wrong Direcion
- Any news on a solution for this issue?
07/10/2022
-
12:31 PM Regression #13350 (Resolved): SSL/TLS OpenVPN Client fails with ``ifconfig`` error when the IPv4 Tunnel Network is defined
- Filing this on behalf of a client.
When an IPv4 Tunnel Network is defined on an OpenVPN *Client* in pfSense, we ge... -
12:16 PM Bug #13325: System Information widget breaks with multiple instances
- Kris Phillips wrote in #note-1:
> Larry,
>
> Have you tried a fresh install of pfSense Plus to verify this issue ... -
11:18 AM pfSense Packages Todo #13349 (Resolved): Add note in WireGuard GUI regarding routing behavior for Allowed IPs
- As specified here:
https://docs.netgate.com/pfsense/en/latest/vpn/wireguard/settings.html#wireguard-settings-peer
... -
11:13 AM pfSense Plus Bug #13348 (Resolved): Error when deleting ZFS Boot Environment created from duplicate of non-default entry
- After attempting to delete a "quick" boot environment, the GUI displayed the following error:...
-
04:05 AM pfSense Packages Regression #13156: pfBlockerNG IP block stats do not work
- found the issue why it was not working for me. the patch above, it was not "clear" for me it had to be ' _<space>_ '...
07/09/2022
-
09:06 PM Bug #12875: Import zabbix-agent6 and zabbix-proxy6 from FreeBSD Ports
- This is present in the 22.05 RELEASE repos, so this redmine should be closed as Resolved.
-
09:05 PM Bug #13276: IGMP Proxy Error Message for Logging Links to System Log Instead of Routing Log
- This is present on 2.6 and 22.05.
-
09:04 PM Bug #13277: IGMP Proxy webConfigurator Page Always Produces Error
- This is present in the 22.05-RELEASE build as well (just tested). However, it does not appear to affect functionality.
-
09:01 PM Bug #13325: System Information widget breaks with multiple instances
- Larry,
Have you tried a fresh install of pfSense Plus to verify this issue is still present? That looks like someth... -
08:57 PM Todo #10464: Don't change the current update repo when new releases are available
- Internal Redmine 7479 I feel would be a better solution to this problem, rather than making PHP changes. If we split...
-
08:55 PM pfSense Docs Todo #12461: Improve macOS Serial Command Instructions
- This should be corrected as customers run into this all the time now, since the driver was updated for all platforms ...
-
08:48 PM Bug #9296: Alias content is sometimes incomplete when an alias contains both FQDN and IP address entries
- Reid Linnemann wrote in #note-101:
> I'm having a crack at this issue now. Is everyone experiencing this issue using... -
06:50 PM pfSense Packages Bug #10900: /packages/backup/backup.php?a=download&t=backup HTTP 504, or Sends PHP Error Message as ASCII/Text file Named pfsense.bak.tgz
- This is very similar to https://redmine.pfsense.org/issues/11098 - testing covered using both "/root" and "/" as back...
-
02:11 PM pfSense Packages Bug #10608: Update squid port to 4.11-p2
- [22.05-RELEASE][admin@pfSense.home.arpa]/root: pkg info squid
squid-5.4.1
Name : squid
Version ... -
10:43 AM pfSense Packages Bug #13347: Setting BGP default-originate route map does not prepend the AS path
- Side note I quickly tested setting a community using a route map on the default-originate statement and it worked. Se...
-
10:32 AM pfSense Packages Bug #13347 (New): Setting BGP default-originate route map does not prepend the AS path
- Setting a route-map on the default-originate statement or outbound routes to a BGP peer does not properly prepend the...
-
01:43 AM Bug #13272: Voucher CSV output has leading space before voucher code
- Tested, no more space before the code.
!clipboard-202207090942-zzonz.png!
-
01:23 AM Bug #9887: Rule separator positions change when deleting multiple rules
- Tested, and it works for me.
07/08/2022
-
06:15 PM Regression #13026: Limiters do not work
- Not sure if fully related but having limiter issues on final 22.05 release with a netgate 6100.
2 limiters, each wit... -
02:33 PM pfSense Plus Bug #13338: OpenVPN DCO panics with short UDP packets
- Tested on 22.05, was able to reproduce
tested on
Version 22.09-DEVELOPMENT (amd64)
built on Fri Jul 08 06:14:3... -
02:08 PM pfSense Plus Bug #13338 (Feedback): OpenVPN DCO panics with short UDP packets
- This is now merged.
-
02:21 PM Revision 2dc23896: Fixed handling of single rule selected with multi-delete Issue #9887
-
02:15 PM pfSense Docs New Content #12791 (Feedback): Diagnostic Information for Support (pfSense)
- I took a different approach than the MR did. It's up and live now:
https://gitlab.netgate.com/docs/pfSense-docs/-/... -
10:16 AM Bug #9887 (Feedback): Rule separator positions change when deleting multiple rules
- Fix merged
-
09:22 AM Bug #9887: Rule separator positions change when deleting multiple rules
- Latest patch tests OK for me.
-
07:16 AM pfSense Plus Regression #13345 (Not a Bug): IPSEC tunnel loosing packets after upgrade to 22.05 between NG 1100 and NG 7100
- There isn't enough information here to classify this as a bug, and we can't reproduce that in lab conditions. It's en...
-
02:52 AM pfSense Plus Regression #13345 (Not a Bug): IPSEC tunnel loosing packets after upgrade to 22.05 between NG 1100 and NG 7100
- After upgrading i noticed horrible performance over the tunnel to work.
ping gives loss and hundreds and thousands ... -
05:59 AM pfSense Packages Regression #13156: pfBlockerNG IP block stats do not work
- same for me
using
pfsense+ V22.05
pfblockerNG-devel V3.1.0_4
basic setup using wizard.
manually edit the pf...
07/07/2022
-
01:44 PM Bug #13014: Deadlock in Charon VICI interface
- We suggested this bug may be the cause of what the customer is seeing in 945855019. His experience is that the tunnel...
-
12:19 PM Bug #9887: Rule separator positions change when deleting multiple rules
- Here's a new patch with missing fixes. Seems to pass all tests this time.
-
09:01 AM Bug #13344 (Duplicate): Vlan loses parent interface when changing LAGG mtu to jumbo frames
- Hi,
Psense+ version: 22.01
When I try to add jumbo frames to lagg interface ( 9000 ) - main
When I change the...
07/06/2022
-
02:26 PM Regression #11512: DHCP Leases page and ARP table page fail to load if DNS is not available
- I recently upgraded to 22.05 and am seeing this same issue. Possible regression again? The page used to load within a...
-
02:01 PM Bug #5413: Reduce disruptions when changing DNS records from DHCP leases in Unbound
- Netgate 3100 user here, running 22.05, upgraded from 22.01 - Same problem: DNS interruptions. Can this issue get some...
-
01:01 PM Bug #13327: Valid OpenVPN client connections rejected due to extraneous output to ovpn_auth_verify
- I'm experiencing the exact same problem reported by Brian Martin.
Unfortunately I don't have enough knowledge of PHP... -
11:03 AM pfSense Packages Bug #13343 (Resolved): HAproxy cookie protection syntax needs updated
- A bug has been found after UPdate to pfSense plus 22.05: the generated code by HaProxy-GUI...
-
08:05 AM pfSense Docs Todo #13342 (Feedback): Correct BGP last-as description
- Merged.
-
03:45 AM Regression #13323 (Feedback): Captive Portal breaks policy based routing for MAC address bypass clients
- And that fix has landed: https://github.com/pfsense/pfsense/commit/add6447b9dc801144141bb24f8c264e03a0e7cae
07/05/2022
-
06:17 PM pfSense Docs Todo #13342 (Pull Request Review): Correct BGP last-as description
- https://gitlab.netgate.com/docs/pfSense-docs/-/merge_requests/44
-
05:49 PM pfSense Docs Todo #13342 (Resolved): Correct BGP last-as description
- The following is incorrect:
https://docs.netgate.com/pfsense/en/latest/packages/frr/global/routemaps.html#bgp-as-p... - 04:45 PM Revision add6447b: Ensure we apply policy routing on whitelisted captive portal MAC addresses
- We cannot simply 'pass in quick' for the _patthru tagged packets,
because that means we don't process any subsequent ... -
02:56 PM Revision ad20a68b: Filter reload at end of rc.newwanip. Fixes #13228
-
01:51 PM pfSense Plus Bug #13338 (Pull Request Review): OpenVPN DCO panics with short UDP packets
-
12:59 PM pfSense Plus Bug #13338: OpenVPN DCO panics with short UDP packets
- That looks to be the result of a short UDP packet. Short enough that it doesn't contain an openvpn header.
https:/... -
10:31 AM pfSense Plus Bug #13338 (Resolved): OpenVPN DCO panics with short UDP packets
- If a UDP packet directed towards an active OpenVPN socket is received which is too short to contain an OpenVPN header...
-
01:46 PM pfSense Packages Bug #13332: HAProxy Broken after v22.05 and HAProxy v0.61_3
- Johannes Goldynia
Please open a new bug report for the HSTS / Cookie protection issue. -
07:59 AM pfSense Packages Bug #13332 (Rejected): HAProxy Broken after v22.05 and HAProxy v0.61_3
- There is no way the package can possibly track and warn about custom configuration directives. By definition it does ...
-
12:53 PM Bug #13341 (Not a Bug): IPSEC VTI Gateway Monitoring
- That is most likely a problem in your configuration or environment, VTI gateway monitoring is working fine in general...
-
12:14 PM Bug #13341 (Not a Bug): IPSEC VTI Gateway Monitoring
- Hello,
Gateway monitoring does not work on VTI gateways altough the tunnel is UP and traffic is passing succesfull... -
12:24 PM Bug #9296: Alias content is sometimes incomplete when an alias contains both FQDN and IP address entries
- I'm having a crack at this issue now. Is everyone experiencing this issue using unbound as a resolver by chance?
-
11:25 AM Feature #13340 (New): Option to change QinQ ethertype to Service VLAN Tag
- Currently, pfSense uses C-Tags (ethertype 0x8100) for QinQ interfaces. Ideally, it should keep C-Tags on existing con...
-
10:46 AM Bug #13339 (Not a Bug): Randomly DHCP interface detaches and attach automatically in pfsense 2.6.0
- This site is not for support or diagnostic discussion.
For assistance in solving problems, please post on the "Net... -
10:44 AM Bug #13339 (Not a Bug): Randomly DHCP interface detaches and attach automatically in pfsense 2.6.0
- I am facing issue on pfsense firewall CE 2.6.0 after upgrade on 2.5.0 to 2.6.0..,
-
10:05 AM Bug #13228 (Feedback): Recovering interface gateway may not be added back into gateway groups and rules when expected
- Applied in changeset commit:ad20a68bae86fff5660b02789a49618a6e71ae22.
-
09:42 AM Bug #9887: Rule separator positions change when deleting multiple rules
- This fails in a new/different way when applied. When attempting "test 2" from my original attachments, it puts the se...
-
09:36 AM Bug #13327: Valid OpenVPN client connections rejected due to extraneous output to ovpn_auth_verify
- I neglected to mention in the bug report and the forum thread that I'm on release 2.6.0, the current stable release. ...
-
07:35 AM Bug #13327 (Rejected): Valid OpenVPN client connections rejected due to extraneous output to ovpn_auth_verify
- There isn't enough information to go on here. This is working for us in the lab and for most if not all users of the ...
-
08:47 AM Regression #13323: Captive Portal breaks policy based routing for MAC address bypass clients
- I've applied the patch and it fixed the problem for me. Thanks a bunch!
-
08:11 AM Bug #13337 (Rejected): After upgrading from 22.01 to 22.05 unbound intermittently stops resolving until manually restarted
- There isn't enough information to go on here and it's working fine for thousands of others. It's possible it's relate...
-
03:37 AM Bug #13337 (Rejected): After upgrading from 22.01 to 22.05 unbound intermittently stops resolving until manually restarted
- Config haven't changed from 22.01 but after upgrade started having problems with dns resolver just timing out on reso...
-
08:09 AM pfSense Packages Bug #13336 (Rejected): BGP packets not being sent to OpenVPN cloud connections
- This is almost certainly a configuration problem with your OpenVPN setup and/or FRR settings. This site is not for su...
-
08:07 AM pfSense Packages Bug #13328 (Not a Bug): Wireguard Site-to-Site broken after upgrade to 22.05
- This is unlikely to be a bug, but something in your configuration or environment. It's working for many others in sim...
-
08:05 AM pfSense Docs Todo #12770 (Resolved): Feedback on Firewall — Configuring firewall rules
- Merged. Also fixed a couple small things I noticed after merging: https://gitlab.netgate.com/docs/pfSense-docs/-/comm...
-
07:56 AM pfSense Docs New Content #13270 (Resolved): OpenVPN client gateway is incorrect when the server does not push routes
- Merged.
I fixed a couple extra things I noticed after merging: https://gitlab.netgate.com/docs/pfSense-docs/-/comm... -
07:43 AM pfSense Plus Bug #12607 (Closed): Instability with Snort Inline with AWS Instances
-
07:41 AM Bug #13330 (Rejected): Traffic Shaper Wizard is broken
- Please open separate issues for each item, like you did for the second bullet point there ( #13329 )
The first bul... -
07:41 AM Bug #12747: Restarting the logging daemon during rotation also restarts ``sshguard``, leading to frequent log messages
- I'm having the same issue on 2.6.0 at every 1 minute:
Jul 5 09:33:00 sshguard 77002 Exiting on signal.
Jul 5 09:3... -
07:36 AM Bug #13318 (Resolved): Neighbor hostnames in the NDP Table on ``diag_ndp.php`` are always empty
-
03:26 AM Bug #5413: Reduce disruptions when changing DNS records from DHCP leases in Unbound
- Any progress on this as it causes lots of other DNS resolver issues not just short interruptions.
22.01 dns resolver...
07/04/2022
-
08:14 PM pfSense Packages Bug #13336 (Rejected): BGP packets not being sent to OpenVPN cloud connections
- Scenario:
OpenVPN cloud is utilized to connect two pfsense routers behind CGNAT to allow for site to site connectivi... -
03:23 PM Feature #13293: Option to set auth-gen-token in OpenVPN GUI
- It's unclear if the concerns mentioned on the following link have been addressed - best to keep this as a custom opti...
-
02:07 PM Regression #13323: Captive Portal breaks policy based routing for MAC address bypass clients
- If you'd like to test it and provide feedback, here's the patch - apply it with the System Patches package.
-
01:30 PM Regression #13323: Captive Portal breaks policy based routing for MAC address bypass clients
- Yes, that's internal. It'll turn up in the public tree once I find a victim to review it. That's going to take a day ...
-
01:00 PM Regression #13323: Captive Portal breaks policy based routing for MAC address bypass clients
- Kristof, the link you posted doesn't work. DNS_PROBE_FINISHED_NXDOMAIN
You probably linked to something internal tha... -
11:07 AM Regression #13323: Captive Portal breaks policy based routing for MAC address bypass clients
- The draft patch wouldn't work, but a similar fix does:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests... -
11:15 AM pfSense Plus Bug #13334 (Not a Bug): Configuration Auto Backup broken after v22.05 fresh install
- I was able to upload backups successfully. Likely a temporary service outage. If it continues to happen, I'd suggest ...
-
11:04 AM pfSense Packages Bug #11098 (Resolved): Backup Files and Directories plugin crashes firewall if /root specified as backup location
- I'll close this given that the original issue (crash) no longer happens. There's still the issue of the package locki...
-
10:48 AM Feature #13335: Allow NAT reflection to be limited to specific interfaces
- The NAT reflection mode default can be kept as @disabled@, while enabling it per NAT rule. I suppose having the featu...
-
02:08 AM Feature #13335 (New): Allow NAT reflection to be limited to specific interfaces
- I have a setup at home with a VLAN for guests, which doesn't have access to any internal resources. Because of this,...
-
10:32 AM pfSense Packages Bug #13333: PHP error when saving Suricata rulesets
- Marcos Mendoza wrote in #note-2:
> It happened a while ago as you can tell from the timestamp, unfortunately I don't...
07/03/2022
-
11:35 PM pfSense Packages Bug #11098: Backup Files and Directories plugin crashes firewall if /root specified as backup location
- my apologies, I did misunderstand the initial report
in case of specifying "/root/" as path, the backup button produ... -
07:25 PM Regression #13290: Error ``dummynet: bad switch 21!`` when using Captive Portal with Limiters
- For reference:
There's a redmine report for the policy routing issue here https://redmine.pfsense.org/issues/13323... -
07:23 PM Regression #13323: Captive Portal breaks policy based routing for MAC address bypass clients
- Potential fix here: https://redmine.pfsense.org/issues/13290#note-6
-
06:42 PM pfSense Packages Bug #13333: PHP error when saving Suricata rulesets
- It happened a while ago as you can tell from the timestamp, unfortunately I don't remember the exact details to repro...
-
04:14 PM pfSense Packages Bug #13333: PHP error when saving Suricata rulesets
- Can you add a little more detail for this statement: " _This was triggered when existing rules were auto-enabled by ...
-
12:59 PM pfSense Packages Bug #13333 (Resolved): PHP error when saving Suricata rulesets
- In some cases, @$enabled_rulesets_array@ in @suricata_rulesets.php@ may not be an array which results in the followin...
-
06:06 PM pfSense Plus Bug #13334 (Not a Bug): Configuration Auto Backup broken after v22.05 fresh install
- Multiple errors (30) generated with the same message:
3:33:24 An error occurred while uploading the encrypted confi... -
12:20 PM pfSense Packages Bug #13332: HAProxy Broken after v22.05 and HAProxy v0.61_3
- Hello,
updating the pass-trough rules to... -
02:58 AM pfSense Packages Bug #13328: Wireguard Site-to-Site broken after upgrade to 22.05
- After reading through here, I think this might be related to this
https://redmine.pfsense.org/issues/12808
I never h...
07/02/2022
-
11:34 PM pfSense Packages Bug #13332 (Rejected): HAProxy Broken after v22.05 and HAProxy v0.61_3
- If you are using HAProxy deprecated rspidel directive on your frontends or the option option httpchk on backends, HAP...
-
09:05 PM pfSense Plus Bug #12607: Instability with Snort Inline with AWS Instances
- This can likely be closed as I've seen zero complaints on newer Plus releases for Snort Inline in AWS. Likely these ...
-
09:01 PM Regression #12821: Intel e1000 driver (``em``, ``igb``) cannot pass packets tagged with VLAN ``0``
- FYI using the manually compiled, out-of-band driver still works fine on 22.05-RELEASE (as expected since the FreeBSD ...
-
08:50 PM Bug #13282: Alias content is sometimes incomplete if the firewall cannot resolve an FQDN in the alias
- Reid Linnemann wrote in #note-2:
> There must be something else to this than just the unresolvable host, I've tried ... -
08:41 PM pfSense Packages Bug #11098: Backup Files and Directories plugin crashes firewall if /root specified as backup location
- Jordan Greene wrote in #note-11:
> attempted creation of backup for "/" - after creating the entry and using the back... -
05:14 PM pfSense Packages Bug #11098: Backup Files and Directories plugin crashes firewall if /root specified as backup location
- attempted creation of backup for "/" - after creating the entry and using the backup button, I'm eventually given 504...
-
02:28 PM pfSense Docs New Content #13331 (New): FRR: Add documentation for RIP
RIP documents(configuration/example) need to be added under FRR package Docs.-
02:10 PM Feature #11927 (Resolved): Allow DHCP not to serve a gateway - small fix
resolved
22.05-RELEASE (amd64)
built on Wed Jun 22 18:56:13 UTC 2022
FreeBSD 12.3-STABLE-
11:33 AM Bug #13330 (Rejected): Traffic Shaper Wizard is broken
- I noticed multiple issues with the Traffic Shaper wizard using ALTQ Scheduler - HFSC type.
* Values defined in wiz... -
10:58 AM pfSense Packages Regression #13156: pfBlockerNG IP block stats do not work
- This fix doesn't work for me, I still can't get any logging of IP blocks, even though the dashboard counter shows it ...
-
09:11 AM Bug #13329 (New): Traffic shaping Wizard sets invalid values for qVoip queue
- No matter what I set in the Voice Over IP wizard step, when I finish the wizard the qVoip is set to 32Kb.
!clip... -
04:02 AM pfSense Packages Bug #13328 (Not a Bug): Wireguard Site-to-Site broken after upgrade to 22.05
- Hi,
I upgraded from 22.01 to 22.05. Everything went fine.
Plus home license on virtualized system
On Upgrade the... -
02:57 AM Bug #13318: Neighbor hostnames in the NDP Table on ``diag_ndp.php`` are always empty
- Seems it works.
!clipboard-202207021056-wabip.png!
07/01/2022
-
06:12 PM Bug #13327 (Resolved): Valid OpenVPN client connections rejected due to extraneous output to ovpn_auth_verify
- OpenVPN was observed rejecting client connections that were previously accepted and had not expired. Research lead to...
-
02:25 PM Bug #9887 (Pull Request Review): Rule separator positions change when deleting multiple rules
- https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/830
All tests in the original ticket worked as expecte... -
09:10 AM Bug #12959: dhcplease process wrongly update host file if client-hostname is empty
- Also unable to reproduce.
Tested on:
22.05-RELEASE (amd64)
built on Wed Jun 22 18:56:13 UTC 2022
FreeBSD 12.3-STABLE -
04:53 AM Regression #13290: Error ``dummynet: bad switch 21!`` when using Captive Portal with Limiters
- I believe the failure to apply policy routing on whitelisted mac addresses is due to rules like `pass in quick all fl...
06/30/2022
-
05:04 PM Bug #13282: Alias content is sometimes incomplete if the firewall cannot resolve an FQDN in the alias
- There must be something else to this than just the unresolvable host, I've tried several times to replicate this and ...
-
12:52 PM pfSense Packages Bug #13309 (Resolved): Cron validation prevents special strings such as @reboot
- Tested against the Cron package version 0.3.8_1
It works as expected.
I am marking this ticket resolved. -
12:35 PM pfSense Packages Bug #13261 (Resolved): Input validation rejects empty ``sudo`` command list, but GUI text says it can be empty
- Tested on 22.05, package version 0.3_7.
It works as expected. I am marking this ticket closed. -
12:00 PM Bug #13325 (Confirmed): System Information widget breaks with multiple instances
- I currently have 2 System Information widget displayed on a 3 Column Dashboard (First and 3rd Column). First System ...
-
11:46 AM Bug #13317: ``array_filter`` PHP Errors in ``interfaces.inc``
- I did indeed fix this in CE devel, I need to get the change merged into plus-devel today, if it hasn't already been m...
-
10:21 AM pfSense Docs Todo #13324 (Rejected): Remove Deprecated IPSec Remote Access VPN Guides
- L2TP is not insecure (it's protected by IPsec) it's just not well supported by clients.
They are all still valid j... -
10:18 AM pfSense Docs Todo #13324 (Rejected): Remove Deprecated IPSec Remote Access VPN Guides
- Several Configuration Recipes are often find by customers that are no longer recommended. While these guides had use...
-
09:21 AM Regression #13323 (Resolved): Captive Portal breaks policy based routing for MAC address bypass clients
- Relevant information about my network
LAN segment
VLAN for IoT and wifi devices
WAN1 is used as the default gate... -
08:41 AM Todo #10464: Don't change the current update repo when new releases are available
- Also worth noting, however this is handled, it should not suppress the list of packages and it *must* still allow the...
-
07:42 AM Regression #13290: Error ``dummynet: bad switch 21!`` when using Captive Portal with Limiters
- The 'bad switch' message originates in dummynet_send(), and the '21' is decimal, so 0x15. Representing PROTO_IPV6 | P...
-
07:06 AM Bug #13321 (Pull Request Review): dhcpleases handles duplicate hostnames incorrectly
-
06:45 AM Feature #13322: Define Packet Capture Protocol
- And EtherType
-
06:10 AM Feature #13322 (Closed): Define Packet Capture Protocol
- Any chance of adding the ability of allowing a user defined protocol to the Packet Capture.
I was trying to debug ... -
05:21 AM Bug #12747: Restarting the logging daemon during rotation also restarts ``sshguard``, leading to frequent log messages
- same here on 22.05
!clipboard-202206300621-7gjov.png!
-
03:18 AM Bug #12811: Services are not restarted when PPP interfaces connect
- ec73bb89489d830ec21c4e04ffa3ec401791b55d and c467ca2f35c102aae897424a2fda08e9b2ace673 actually solve the issue that t...
06/29/2022
-
11:57 PM Bug #13321: dhcpleases handles duplicate hostnames incorrectly
- Added pull request: https://github.com/pfsense/FreeBSD-ports/pull/1176
-
11:10 PM Bug #13321 (Pull Request Review): dhcpleases handles duplicate hostnames incorrectly
- --- Problem ---
If the 'dhcpd.leases' file parsed by dhcpleases contains an expired lease and non-expired lease for ... -
04:31 PM Bug #13228: Recovering interface gateway may not be added back into gateway groups and rules when expected
- I have this issue. Adding the filter_configure(); to the end, (while not removing the else block) does resolve this f...
-
02:03 PM pfSense Plus Bug #13320: IP aliases with a CARP VIP parent are not available as VIP choices for gateway groups
- Looks like it's because the group drop-downs filter based on the VIP interface and it sees the CARP VIP as the interf...
-
01:47 PM pfSense Plus Bug #13320 (Resolved): IP aliases with a CARP VIP parent are not available as VIP choices for gateway groups
- Configuration is an HA pair of 6100's with a failover gateway group, one ISP per gateway.
The intention is for IPs... -
12:59 PM Revision 8c9ab20e: Don't force DNS to use 4/6 here. Fixes #13318
- It's not trying to force communication with a
specific address family DNS server. -
12:16 PM Bug #13318: Neighbor hostnames in the NDP Table on ``diag_ndp.php`` are always empty
- Jim - just to let you know, applied this and seems to be working now. Thanks for such a quick response!
-
08:10 AM Bug #13318 (Feedback): Neighbor hostnames in the NDP Table on ``diag_ndp.php`` are always empty
- Applied in changeset commit:8c9ab20efe61161e30fe215166d8573c801b947d.
-
07:57 AM Bug #13318: Neighbor hostnames in the NDP Table on ``diag_ndp.php`` are always empty
- Looking at #11512 and commit:aa1936eefc251b5330e7392f3b1fbc23a006a400 where that was added, it isn't necessary. There...
-
07:50 AM Bug #13318: Neighbor hostnames in the NDP Table on ``diag_ndp.php`` are always empty
- Looks like for some reason @_getHostName()@ is forcing the DNS lookup to use @-6@ when it shouldn't, as that controls...
-
07:32 AM Bug #13318 (Resolved): Neighbor hostnames in the NDP Table on ``diag_ndp.php`` are always empty
- The NDP Table in the gui is not listing the hostname, while ndp -a from cmd line does.
See this thread.
https:/... -
10:01 AM Regression #13316 (Feedback): ``vmstat -m`` value for ``temp`` is accounted for incorrectly, resulting in underflows
- Looks like this happens as the value for @nvlist@ increases. Apparently already fixed in FreeBSD: https://cgit.freebs...
-
08:46 AM Regression #13316: ``vmstat -m`` value for ``temp`` is accounted for incorrectly, resulting in underflows
- Looks like the value of that entry is unsigned and trying to go negative, which results in an underflow (hits 0 then ...
-
09:20 AM Regression #13319: OpenVPN site2site with SSL/TLS doesn't apply the remote network route
- Jim Pingle wrote in #note-1:
> That is most likely a configuration problem. More likely related to how you changed t... -
09:15 AM Regression #13319 (Not a Bug): OpenVPN site2site with SSL/TLS doesn't apply the remote network route
- That is most likely a configuration problem. More likely related to how you changed the settings when moving from sha...
-
09:12 AM Regression #13319 (Not a Bug): OpenVPN site2site with SSL/TLS doesn't apply the remote network route
- I'm testing 2.7 DEV snapshot and I have two OpenVPN site2site client connections.
One (ovpnc1) uses sharedkey and th... -
08:06 AM Bug #13317 (Feedback): ``array_filter`` PHP Errors in ``interfaces.inc``
- Looks like Reid already fix this one. See commit:c5d786359cc4a15c81e1c4773ab271b3d49ed594
-
06:40 AM Bug #13317: ``array_filter`` PHP Errors in ``interfaces.inc``
- Do you have any more information about what was going on when the errors happened? Were you making a change in the GU...
-
02:16 AM Bug #13317 (Resolved): ``array_filter`` PHP Errors in ``interfaces.inc``
- Crash report begins. Anonymous machine information:
amd64
12.3-STABLE
FreeBSD 12.3-STABLE devel-12-n227385-38ca... -
07:53 AM Bug #13132 (New): Multiple ``<sshdata>`` or ``<rrddata>`` sections in ``config.xml`` lead to an XML parsing error during restore
- There is still some issue here as users are hitting this on 22.05 when restoring backups with two sections.
-
07:00 AM pfSense Packages Regression #13156: pfBlockerNG IP block stats do not work
- I just tested and your patch also works on the latest 2.7.0-DEVELOPMENT.
06/28/2022
-
09:01 PM Regression #13316: ``vmstat -m`` value for ``temp`` is accounted for incorrectly, resulting in underflows
- Just after a reboot the value is sane and the script works, so there is something else going on there.
I'd say the... -
08:43 PM Regression #13316: ``vmstat -m`` value for ``temp`` is accounted for incorrectly, resulting in underflows
- There is a line in @vmstat -m@ for @temp@ that is throwing off the output, it's gigantic...
-
08:29 PM Regression #13316 (Resolved): ``vmstat -m`` value for ``temp`` is accounted for incorrectly, resulting in underflows
- It works on 22.01, running it on 22.05 produces the following output:...
-
08:32 PM Revision c5d78635: get_interface_addresses: Silence array_filter warnings
-
06:09 PM Bug #13093: LDAP authentication fails with extended query and RFC2307 group lookups enabled
- @(&(DN_RETURNED_BY_INITIAL_SEARCH)(memberOf=cn=nextcloud,cn=groups,cn=accounts,dc=example,dc=com))@
That doesn't w... -
05:21 PM Bug #13093: LDAP authentication fails with extended query and RFC2307 group lookups enabled
- OK. It looks like it is combining the RFC2307 query and the extended query into something that cannot match when both...
-
02:20 PM Revision d9ff4a76: Clean up old repo files that are not needed any longer since we just template the one
-
01:14 PM pfSense Packages Bug #13154: pfBlocker causing excessive CPU load
- For reference, the patch to fix it is as follows:...
-
12:44 PM Revision 2a9f6b40: Clarify delegated IPv6 prefix source. Fixes #13310
- Indicates the tracked interface and prefix ID, which is more important
now that delegation works from multiple upstre... -
12:04 PM pfSense Plus Todo #13189 (Resolved): Input validation should reject the combination of DCO and P2P mode
-
12:04 PM pfSense Plus Regression #13183 (Resolved): ZFS module is loaded on systems without ZFS
-
10:28 AM pfSense Docs New Content #13311 (Resolved): Add troubleshooting tips for multiple disk boot issues
- https://docs.netgate.com/pfsense/en/latest/troubleshooting/boot-issues.html
It's possible that pfSense may mount a... -
08:22 AM pfSense Packages Bug #13309 (Feedback): Cron validation prevents special strings such as @reboot
- Fixed: https://github.com/pfsense/FreeBSD-ports/commit/68b6508b0454c6113e03c1fd84e20279310d0bef
-
07:55 AM Bug #13310 (Feedback): Each line in the NPt destination IPv6 prefix list also contains the network of the previous line when multiple choices are present
- Applied in changeset commit:2a9f6b409bdde67c065a0fa6b13296bbad6c6794.
-
07:16 AM Bug #13310: Each line in the NPt destination IPv6 prefix list also contains the network of the previous line when multiple choices are present
- This is also mentioned on #13240 but in the interest of only having one problem per issue we can keep this one and ch...
-
07:18 AM Bug #13240: User is forced to pick an NPt destination IPv6 prefix length even when choosing a drop-down entry which contains a defined prefix length
- Moving first point to #13310 - keeping this one for point 2.
06/27/2022
-
10:19 PM Regression #13290: Error ``dummynet: bad switch 21!`` when using Captive Portal with Limiters
- I've posted some additional info on the forums here: https://forum.netgate.com/topic/173061/captive-portal-broken-aft...
-
07:26 PM Regression #13290: Error ``dummynet: bad switch 21!`` when using Captive Portal with Limiters
- I've updated to pfSense+ 22.05 today and I'm seeing the same thing on the console when activating a captive portal.
-
06:32 PM Revision 60a2fa6b: Remove incorrectly restored code. Fixes #13308
-
06:28 PM Revision 2bf4167c: Set PKG_REPO_BRANCH_DEVEL to match the branch name
-
04:08 PM Bug #13310: Each line in the NPt destination IPv6 prefix list also contains the network of the previous line when multiple choices are present
- PR here: https://github.com/pfsense/pfsense/pull/4608
-
04:07 PM Bug #13310 (Resolved): Each line in the NPt destination IPv6 prefix list also contains the network of the previous line when multiple choices are present
- Destination IPv6 prefix list is not built properly due to wrongly placed string operator
-
03:52 PM pfSense Packages Bug #13309 (Resolved): Cron validation prevents special strings such as @reboot
- A recent change to the Cron package introduced field validation. Although the UI specifies time examples, some users ...
-
03:09 PM Bug #13308 (Resolved): The ``negate_networks`` table is duplicated in ``rules.debug``
- Tested patch on 22.05. The table is no longer duplicated.
-
01:50 PM Bug #13308 (Feedback): The ``negate_networks`` table is duplicated in ``rules.debug``
- Applied in changeset commit:60a2fa6b6f1a59f3f86933265fbb48e25f652bfc.
-
01:30 PM Bug #13308 (Resolved): The ``negate_networks`` table is duplicated in ``rules.debug``
- In #13049 the logic to generate the @negate_networks@ table changed ( commit:415a1b2083228030f200c8ea0eac3a8fc91f7142...
-
11:20 AM Bug #13307 (Resolved): PPP interface custom reset date/time Hour and Minute fields do not properly handle ``0`` value
- When configuring a custom PPP interface reset time on @/interfaces_ppps_edit.php@ *or* @interfaces.php@ the page mish...
-
10:56 AM Regression #13303 (Pull Request Review): DNSExit Dynamic DNS updates no longer work
-
10:45 AM pfSense Packages Todo #13306 (Resolved): Update NUT to version 2.8.0 to match FreeBSD Packages
- NUT in the FreeBSD repo has been updated to 2.8.0. Make a corresponding update in the pfSense Packages repo.
-
10:26 AM Feature #13305: Certificate Revocation page should show expiration date
- This would only be valid for imported CRLs, as internal CRLs are regenerated every time they are refreshed (e.g. Open...
-
10:07 AM Feature #13305 (New): Certificate Revocation page should show expiration date
- For external CAs, it would be helpful if the Certificate Revovation page showed the valid dates for the CRLs as is do...
-
09:50 AM Bug #11629: PPPoE WAN IP address different than expected when set static by ISP
- Dan Rice wrote in #note-23:
> We've installed 22.05 on our Netgate 2100 appliance and it's still assigning the wrong... -
07:42 AM pfSense Docs Todo #12770 (Pull Request Review): Feedback on Firewall — Configuring firewall rules
-
07:31 AM Bug #12947 (Pull Request Review): Old IPv6 addresses may continue to be used after DHCP or RA changes
-
07:27 AM pfSense Docs Correction #11223: Azure Marketplace links are invalid
- Looks like they were fixed in #13130 (2 months ago) and https://gitlab.netgate.com/docs/pfsense-platforms/-/commit/c3...
-
07:23 AM pfSense Plus Bug #11626: Google LDAP connections fail due to lack of SNI for TLS 1.3
- Not up to me, it'll need to be handled by Luiz or Brad once things start moving for 22.09 but it's already on the radar.
-
07:22 AM Feature #12466: Option to Disable Renegotiation timer in OpenVPN Server
- Kris Phillips wrote in #note-10:
> The problem is that renegotiating the data channel key, in the default operation ... -
07:20 AM Bug #13301 (Duplicate): Bug #13239 = (?) = #12645 appease not fixed - ipv6 based ipsec vpn tunnel bug found with fqdn remote host
- I reopened the previous issue, no need for a new one.
-
07:20 AM Bug #12645 (New): ``filterdns`` does not monitor remote IPsec gateways for IPv6 address changes
-
07:19 AM pfSense Packages Bug #13261: Input validation rejects empty ``sudo`` command list, but GUI text says it can be empty
- Picked back to release branches.
-
12:09 AM Revision 17f81cb6: Fixing broken DNSExit implementation
06/26/2022
-
11:31 PM Feature #13304 (Resolved): ALTQ GUI support for Broadcom Netextreme II (``bxe``) interfaces
- Original support commit "freebsd-src: 4e40076":https://github.com/freebsd/freebsd-src/commit/4e4007688cf99b61408f5b60...
-
07:44 PM Bug #12947: Old IPv6 addresses may continue to be used after DHCP or RA changes
- I posted on the PR that since @rlinnemann has just deprecated pfSense_getall_interface_addresses(), this should proba...
-
07:18 PM Regression #13303 (Resolved): DNSExit Dynamic DNS updates no longer work
- The current implementation of DNSExit under DynDNS doesn't work anymore. In the logs it will show:
!clipboard-2022... -
02:47 PM Bug #7996 (Pull Request Review): Unnecessary link tag in login page
- https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/825
-
02:35 PM Bug #12544 (Closed): OpenSSH vulnerabilities
-
02:14 PM Regression #11870 (Not a Bug): Setting MTU on VLAN does not set MTU on parent interface in 2.5.1
- VLAN MTU _should_ be allowed to be set at the same or lower MTU as the parent. This issue can be re-opened if a case ...
-
12:54 PM pfSense Docs New Content #13270 (Pull Request Review): OpenVPN client gateway is incorrect when the server does not push routes
- https://gitlab.netgate.com/docs/pfSense-docs/-/merge_requests/41
06/25/2022
-
07:01 PM pfSense Docs Correction #11223 (Resolved): Azure Marketplace links are invalid
-
07:01 PM pfSense Docs Correction #11223: Azure Marketplace links are invalid
- Looks like this was fixed. The corrected links point to https://azuremarketplace.microsoft.com/en-us/marketplace/apps...
-
05:47 PM Bug #12544: OpenSSH vulnerabilities
- This bug report can be closed. pfSense Plus 22.05 comes with OpenSSH 8.8p1, which is not vulnerable to any of these ...
-
05:42 PM Bug #8207: 2.4 cannot boot as a Xen VM with more than 7 NICs
- Due to lack of confirmation, this bug report should be rejected unless it can be verified that there is a problem on ...
-
05:41 PM Bug #9626: When deny write permission is assigned to a user, there is no error feedback if the user tries to write something
- Can confirm this is still an issue in 22.05 of pfSense Plus. There is no visual feedback or an error notification du...
-
05:39 PM Bug #7996: Unnecessary link tag in login page
- This is still present in pfSense Plus 22.05.
-
05:38 PM pfSense Packages Bug #10602 (Resolved): Dashboard->Traffic Graphs bandwidth designations on hover pop-ups
- Tested this on pfSense Plus 22.05. Not sure when this was fixed, but this looks to be resolved. Closing out this bu...
-
05:34 PM pfSense Plus Bug #11626: Google LDAP connections fail due to lack of SNI for TLS 1.3
- Jim Pingle wrote in #note-15:
> Nudge this ahead so we have more time to ensure there aren't any regressions from th... -
05:30 PM pfSense Plus Feature #12546: Add 2FA Support to pfSense Plus Local Database Authentication
- Further expounding on this, it appears that Viscosity has native capability to add prompts in the client config.
... -
05:03 PM Feature #12466: Option to Disable Renegotiation timer in OpenVPN Server
- Jim Pingle wrote in #note-9:
> Marcos Mendoza wrote in #note-7:
> > I created https://redmine.pfsense.org/issues/13... -
05:00 PM Bug #13003: Malicious Driver Detection event on ``ixl(4)`` driver
- Christoph Vieten wrote in #note-5:
> Kris Phillips wrote in #note-3:
> > Christoph Vieten wrote in #note-2:
> > > ... -
03:25 PM pfSense Docs Todo #12770: Feedback on Firewall — Configuring firewall rules
- Merge request:
https://gitlab.netgate.com/docs/pfSense-docs/-/merge_requests/42 -
10:59 AM pfSense Packages Bug #11572: Auto created firewall rules have IPv4 as protocol only - even for IPv6 lists.
- Still an issue in 2.6.0
Why not remove pfblockerNG from Repo if it's no more fixed and maintained anyway? Saves ti... -
05:41 AM Bug #13301 (Duplicate): Bug #13239 = (?) = #12645 appease not fixed - ipv6 based ipsec vpn tunnel bug found with fqdn remote host
- Hi,
I reported the bug earlier : https://redmine.pfsense.org/issues/13239#change-61632
ipv6 based ipsec vpn tun... -
05:33 AM Bug #12645: ``filterdns`` does not monitor remote IPsec gateways for IPv6 address changes
- tested on the latest built 22.05-RC (amd64) built on Fri Jun 17 06:34:36 UTC 2022
the bug is not fixed, Ipsec tunnel...
06/24/2022
-
10:10 PM Feature #13296: Add support for DHCP6 OPTION_PD_EXCLUDE (RFC 6603)
- It's where the bug entries are for FreeBSD ports are, and where a feature request can be submitted.
-
04:16 PM Bug #9471 (Resolved): GIF tunnel not added to interface group after reboot
added GIF,LAN,PPPoE and GRE to the group of interfaces, GIF is added to the interface group after reboot
ifconfi...-
03:09 PM Revision 3222c70a: Omit VIPs from interface address selection. Fixes #11545
- Add function get_interface_addresses() which wraps around pfSense_get_ifaddrs() and
filters VIPs before selecting an ... -
02:50 PM pfSense Packages Bug #13261 (Feedback): Input validation rejects empty ``sudo`` command list, but GUI text says it can be empty
- Merged: https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/commit/a056c1984a174248da0a0f8c541d9441678a2339
-
01:23 PM pfSense Packages Bug #13261 (Pull Request Review): Input validation rejects empty ``sudo`` command list, but GUI text says it can be empty
- https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/251
-
11:31 AM pfSense Docs Correction #13300 (Resolved): Corrected Silabs driver URL
-
11:20 AM pfSense Docs Correction #13300 (Resolved): Corrected Silabs driver URL
- Current link in the Windows tab of the Connecting to the Console Port pages for Netgate firewalls (excluding 1100 and...
-
11:21 AM pfSense Packages Bug #13299 (Resolved): Cron package needs basic input validation and output encoding
- Tested and working as expected on...
-
10:18 AM pfSense Packages Bug #13299 (Feedback): Cron package needs basic input validation and output encoding
- Fixed: https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/commit/1a8a2f338592428dd46e543a884b1758b68198c9
-
10:09 AM pfSense Packages Bug #13299 (Resolved): Cron package needs basic input validation and output encoding
- The cron package does not validate its inputs nor does it encode its output. This can lead to a potential stored XSS....
-
10:25 AM Regression #11545: Primary interface address is not always used when VIPs are present
- I believe I have a fix for this issue. I created a variation on pfSense_get_interface_addresses() named pfSense_get_i...
-
10:15 AM Regression #11545 (Feedback): Primary interface address is not always used when VIPs are present
- Applied in changeset commit:3222c70aaf783336901f7b1225727b5973ba865a.
-
07:47 AM Bug #13298: Dynv6 Dynamic DNS client does not check the response code when updating
- PR: https://github.com/pfsense/pfsense/pull/4605
-
07:16 AM Feature #12466: Option to Disable Renegotiation timer in OpenVPN Server
- Marcos Mendoza wrote in #note-7:
> I created https://redmine.pfsense.org/issues/13293 for that. Given that @auth-gen...
06/23/2022
- 08:49 PM Revision adfb1d2b: fix: Dynv6 checkIP
- Check return of update to release check IP
-
07:49 PM pfSense Packages Bug #8454: Arpwatch package break email notifications from other sources
- Is this still current as of 22.05? I just started playing with Arpwatch. What exactly does the "Disable Cron emails" ...
-
04:01 PM Bug #13298: Dynv6 Dynamic DNS client does not check the response code when updating
- *Testing*
Tested with https://dynv6.com -
03:58 PM Bug #13298 (Resolved): Dynv6 Dynamic DNS client does not check the response code when updating
- Check return of update to release check IP
-
12:04 PM Feature #13297 (New): Support for Gateway Groups as Static Route destinations
- It could be interesting to have the possibility to use a group of gateways with static routes in a failover scenario....
-
07:06 AM Regression #11316: Unbound crashes with signal 11 when reloading
- Why is this closed ??
All was ok for my pfsense until a power outage.
I have pfsense 2.6 up to date and it has been... -
01:31 AM Bug #13003: Malicious Driver Detection event on ``ixl(4)`` driver
- Kris Phillips wrote in #note-3:
> Christoph Vieten wrote in #note-2:
> > Same happened on 2.6.0 with Intel x710-T4 ...
06/22/2022
-
09:31 PM Feature #13296: Add support for DHCP6 OPTION_PD_EXCLUDE (RFC 6603)
- @mmendoza was that last link you posted supposed to show something related? for me it just appears to be a list of ev...
-
05:54 PM Feature #13296: Add support for DHCP6 OPTION_PD_EXCLUDE (RFC 6603)
- It's http://wide-dhcpv6.sourceforge.net/
See:
https://github.com/pfsense/FreeBSD-ports/tree/devel/net/dhcp6
http... -
04:47 PM Feature #13296: Add support for DHCP6 OPTION_PD_EXCLUDE (RFC 6603)
- I'm still hazy on exactly which dhcp6c implementation is currently shipping. I _thought_ it was the "hrs-allbsd/wide-...
-
04:01 PM Feature #13296 (New): Add support for DHCP6 OPTION_PD_EXCLUDE (RFC 6603)
- Some ISPs are rolling out IPv6 and not directly providing a globally routable WAN address via DHCPv6. Instead, they a...
-
09:04 PM Regression #11570: Gateway monitoring services is not always restarted on interface events, which may prevent a WAN from recovering back to an online state
- hello guys
Configurator (Scope):
Interfaces: WAN-DHCP4|WAN2-DHCP4
Gateway Group: Failover (WAN_DHCP Gateway: 192... -
06:06 PM Feature #13294: Change gateway name
- There's no functionality to rename the gateway/group and update all of the places where it could be used. That could ...
-
10:27 AM Feature #13294 (New): Change gateway name
- After clicking on a gateway on system_gateways_edit.php, which takes the user to e.g., system_gateways_edit.php?id=0,...
-
05:19 PM Revision d55e0d4b: fix func params for get_dpinger_status() call in gwlb.inc
-
04:15 PM Revision 7e9a12e9: Centralize the branches into builder_defaults.sh to simplify and eliminate overwriting the variables
-
12:26 PM Bug #13295 (Resolved): Incorrect function parameters for ``get_dpinger_status()`` call in ``gwlb.inc``
- There seems to be an error in @gwlb.inc@ around line 479. The call to @get_dpinger_status()@ has the @$action_disable...
-
02:12 AM Revision 5ecee3d7: scrubing -> scrubbing
06/21/2022
-
03:47 PM Revision 098cdb61: Add version config for use by pfSense-repo
-
02:37 PM Feature #12466: Option to Disable Renegotiation timer in OpenVPN Server
- I created https://redmine.pfsense.org/issues/13293 for that. Given that @auth-gen-token@ handles the issue with frequ...
-
02:35 PM Feature #13293 (New): Option to set auth-gen-token in OpenVPN GUI
- This option is useful to avoid having to frequently manually re-authenticate when using MFA.
> --auth-gen-token [lif... -
12:06 PM pfSense Packages Feature #13292 (New): Separator
- It'd be really nice if there was a way to add a separator to the certificates list in the ACME package. Nothing fanc...
-
10:22 AM pfSense Docs Todo #13291 (Duplicate): Notification documentation
- I know there is documentation here on how to setup notification
https://docs.netgate.com/pfsense/en/latest/config/... -
01:00 AM Bug #13210: PPPoE server panics with multiple client connections
- Sorry, wanted to add it here for documentation purpose but forgot to make it yesterday:...
06/20/2022
-
06:01 PM Regression #13290 (Feedback): Error ``dummynet: bad switch 21!`` when using Captive Portal with Limiters
- There's not enough info here to troubleshoot this. Discussion of the issue may be continued on the forums: https://fo...
-
02:25 PM Regression #13290 (Resolved): Error ``dummynet: bad switch 21!`` when using Captive Portal with Limiters
- After upgrading from 2.6.0 to 2.7.0, my Captives Portal users are dropped randomly, having to re-authenticate... Ther...
-
04:20 PM Bug #13210 (Resolved): PPPoE server panics with multiple client connections
- Customer which was previously frequently hitting this issue reports it's been resolved after updating to the RC.
-
04:04 PM Bug #10352: RADIUS authentication fails with MSCHAPv1 or MSCHAPv2 when passwords contain international characters
- The issue is still present on 22.01-RELEASE
Any foreseen planning to fix this issue ?
Is someone working on it ? ma... -
01:03 PM Feature #13286: webConfigurator does not redirect to requested page after login
- I understand.
To be honest, one of my main reasons for wanting this merged was because my dashboard takes so darn l... -
12:52 PM Feature #13286: webConfigurator does not redirect to requested page after login
- Some pages require parameters to load the right view, so stripping the parameters isn't helpful.
It is not going t... -
10:18 AM Feature #13286: webConfigurator does not redirect to requested page after login
- But, again- nothing prevents a logged in user from bookmarking a page or recalling one from history that actions some...
-
10:15 AM Feature #13286: webConfigurator does not redirect to requested page after login
- Doesn't have to be an attack, they could also do it unintentionally by bookmarking or hitting a page from their histo...
-
10:07 AM Feature #13286: webConfigurator does not redirect to requested page after login
- Not sure I follow how this makes it any less secure than it already is. If a user is logged in already, they can stil...
-
08:49 AM Feature #13286 (Rejected): webConfigurator does not redirect to requested page after login
- This is done on purpose for security reasons. Until the entire GUI is purged of any page that takes action on GET, th...
-
08:34 AM Feature #13286: webConfigurator does not redirect to requested page after login
- PR: https://github.com/pfsense/pfsense/pull/4599
-
08:33 AM Feature #13286 (Rejected): webConfigurator does not redirect to requested page after login
- Something that has bugged me for a while now is that if you are logged out of pfSense, and request a "deep" page e.g....
-
10:46 AM Bug #13289 (Resolved): Attempting to restore a 0 byte ``config.xml`` prints an error that the file cannot be read
- When attempting to restore an empty config.xml file (0 bytes) the GUI prints an error saying the file cannot be read ...
-
10:36 AM Bug #13288 (New): Encode FreeRADIUS Custom Options
- Currently, fields in the FreeRADIUS package such as @varusersreplyitemsadditionaloptions@ are not encoded in config.x...
-
10:33 AM Feature #13287 (New): Encode OpenVPN Custom Options
- The @custom_options@ field for OpenVPN configurations is currently not encoded. This should be encoded in base64.
-
07:46 AM Feature #12466: Option to Disable Renegotiation timer in OpenVPN Server
- Both @auth-gen-token@ and @reneg-sec@ are useful in different ways, we should expose and (optionally) use both. Thoug...
-
07:21 AM Bug #13285: Uncaught ArgumentCountError to function openvpn_kill_client()
- Okay, thank you Jim for test and quick feedback.
-
07:20 AM Bug #13285 (Duplicate): Uncaught ArgumentCountError to function openvpn_kill_client()
- There are no errors when terminating clients on the status page or widget on 22.05/2.7.0 snapshots.
-
07:11 AM Bug #13285: Uncaught ArgumentCountError to function openvpn_kill_client()
- Sorry, found https://redmine.pfsense.org/issues/12817 but it not mention status page, not sure 12817 also resolve Ope...
-
07:09 AM Bug #13285 (Duplicate): Uncaught ArgumentCountError to function openvpn_kill_client()
- Killing session for user using OpenVPN Dashboard Widget or using OpenVPN Status page do not works.
On Widget next er...
06/19/2022
-
11:11 PM Bug #5413: Reduce disruptions when changing DNS records from DHCP leases in Unbound
- Hey Netgate - I get the feeling this affects far more customers than you think.
Can this be assigned to someone to a... -
09:34 PM Bug #12947: Old IPv6 addresses may continue to be used after DHCP or RA changes
- Just updated "PR #4595":https://github.com/pfsense/pfsense/pull/4595 with the new mitigation changes. Testers & feedb...
-
12:20 PM Bug #12947: Old IPv6 addresses may continue to be used after DHCP or RA changes
- It appears we are out of luck on having @devd@ fire events for IP address changes. There is a commit: https://reviews...
-
06:42 PM pfSense Plus Bug #13283 (Not a Bug): PBR forcing traffic out one WAN and back into another WAN with NAT Reflection Fails
- Tested this.
With that PBR in place, even traffic that is being NAT'ed from the NAT Reflection rule will be caught... -
05:53 PM Bug #13243 (Pull Request Review): OpenVPN status for multi-user VPN shows info icon to display RADIUS rules when there are none to display
-
02:18 PM Bug #13243: OpenVPN status for multi-user VPN shows info icon to display RADIUS rules when there are none to display
- This fixes the original issue:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/821
Reiner Keller wr... -
05:52 PM Feature #12466: Option to Disable Renegotiation timer in OpenVPN Server
- It's better to implement @--auth-gen-token [lifetime]@
> --auth-gen-token [lifetime]
> After successful user/passwo... -
05:38 PM Feature #12982: Add support for RFC7499 in RADIUS library.
- So are you saying that pfsense/freeRadius will not be able to go more then 68 rules? any software you know would be ...
-
03:58 PM Feature #12982: Add support for RFC7499 in RADIUS library.
- I was able to replicate this with a simpler setup by adding a custom option to the @Additional RADIUS Attributes (REP...
-
12:10 PM pfSense Packages Feature #13284 (New): Option to define "Issuer" in OPT configuration.
- All QR codes are presently identifying as "FreeRADIUS(username).
Please add an optional variable in user->One-Time... -
11:11 AM Bug #13280: Entries for ``net.link.ifqmaxlen`` duplicated in ``/boot/loader.conf``
- I'm seeing this as well on a VM with @22.05.r.20220609.1919@....
06/18/2022
-
05:48 PM pfSense Plus Bug #13283 (Not a Bug): PBR forcing traffic out one WAN and back into another WAN with NAT Reflection Fails
- Assuming the following configuration:
2 WAN interfaces WAN1 and WAN2
One LAN interface with Host A and Host B.
H... -
02:34 PM Bug #9296: Alias content is sometimes incomplete when an alias contains both FQDN and IP address entries
- It seems this issue has gotten worse somewhere along the line similar to how others are describing it. Tables now lo...
-
02:25 PM Bug #13282 (Resolved): Alias content is sometimes incomplete if the firewall cannot resolve an FQDN in the alias
- If an invalid FQDN is present in an alias before a valid one, the entire table will be empty.
For an example, if...
06/17/2022
-
07:24 PM Bug #13281 (Duplicate): Crash Reporter
- Duplicate, and already fixed: #12817
-
06:49 PM Bug #13281 (Duplicate): Crash Reporter
- Crash report begins. Anonymous machine information:
amd64
12.3-STABLE
FreeBSD 12.3-STABLE plus-RELENG_22_01-n20... -
04:10 PM Revision 3f4ee315: Template the versions as well
-
03:31 PM Bug #13280 (Resolved): Entries for ``net.link.ifqmaxlen`` duplicated in ``/boot/loader.conf``
Using 22.05-RC 22.05.r.20220617.0613 Duplicate entries appear in /boot/loader.conf
Here are the contents of my loa...-
08:36 AM Bug #13243: OpenVPN status for multi-user VPN shows info icon to display RADIUS rules when there are none to display
- Additional to this "informal" bug the ruleset given by Radius parameter isn't stored and when the renegiotion is done...
-
07:34 AM Bug #13278 (Needs Patch): OpenVPN dynamic gateway created incorrectly when not pulling routes or server pushes no routes
- We're aware of this, but it's an OpenVPN bug, not a bug in our code. As you see, the variables are unpopulated even w...
-
01:10 AM Bug #13278: OpenVPN dynamic gateway created incorrectly when not pulling routes or server pushes no routes
- This appears to be happening because OpenVPN doesn't populate these environment variables when either option is selec...
-
07:09 AM Bug #13279 (New): DHCP config override affects Gateway installation.
- If you check Configuration Override on the interface in the DHCP Client Configuration section, then open Status => In...
-
07:02 AM Regression #13274 (Resolved): OpenVPN override IPv4 tunnel network field changing value improperly
- Working as expected on the latest build. The exact tunnel network address and mask remain, and the resulting @ifconfi...
06/16/2022
-
11:54 PM Bug #12947: Old IPv6 addresses may continue to be used after DHCP or RA changes
- @dem I believe I'm facing this exact issue, take a look at https://forum.netgate.com/topic/172849/rtsold-not-running-...
-
10:31 PM Bug #13278 (Needs Patch): OpenVPN dynamic gateway created incorrectly when not pulling routes or server pushes no routes
- IF: I configure OpenVPN client and set the "Don't pull routes" check box
OR
IF: I include the advanced option: pull... -
09:30 PM Regression #13167: DigitalOcean Dynamic DNS update fails with a "bad request" error
- +1 Also having this problem : 2.6.0-RELEASE (amd64)
-
07:50 PM Bug #13277 (Duplicate): IGMP Proxy webConfigurator Page Always Produces Error
- Whether your IGMP Proxy settings are correct or not, there is always an error stating "There was a problem applying t...
-
07:48 PM Bug #13276 (New): IGMP Proxy Error Message for Logging Links to System Log Instead of Routing Log
- If you try to apply a setting that won't apply in IGMP Proxy, it will state "There was a problem applying the changes...
06/15/2022
-
03:16 PM Revision 230b2303: Fix OpenVPN override TN handling. Fixes #13274
-
10:42 AM pfSense Docs New Content #13211: OpenVPN DCO Documentation
- Updates: https://gitlab.netgate.com/docs/pfSense-docs/-/commit/989cfa8946010d913fddeebc8d8fe740ba409390
-
10:25 AM Regression #13274 (Feedback): OpenVPN override IPv4 tunnel network field changing value improperly
- Applied in changeset commit:230b23033a898633681ef0dde4df8f63a2b7258c.
-
10:13 AM Regression #13274 (Resolved): OpenVPN override IPv4 tunnel network field changing value improperly
- For an override on a subnet topology VPN, the mask on the tunnel network in the override has to reflect the subnet ma...
-
03:44 AM Bug #11629: PPPoE WAN IP address different than expected when set static by ISP
- We've installed 22.05 on our Netgate 2100 appliance and it's still assigning the wrong IP address to the WAN interfac...
Also available in: Atom