Project

General

Profile

Activity

From 07/03/2022 to 08/01/2022

08/01/2022

05:19 PM Revision 2fe0e0fa: CA/Cert descr validation fixes. Fixes #13387
Validate description on save when editing and in other situations that
were not yet covered.
While here, ensure that... Jim Pingle
04:10 PM pfSense Docs Todo #12461: Improve macOS Serial Command Instructions
Ryan Coleman wrote in #note-9:
> Jim Pingle wrote in #note-8:
>
> > I don't think we should start down a path of... Jim Pingle
03:35 PM pfSense Docs Todo #12461: Improve macOS Serial Command Instructions
Jim Pingle wrote in #note-8:
> I don't think we should start down a path of writing a manual for screen. We only e... Ryan Coleman
08:53 AM pfSense Docs Todo #12461: Improve macOS Serial Command Instructions
Ryan Coleman wrote in #note-6:
> Jim Pingle wrote in #note-5:
> > Updated in pfSense docs as well: https://gitlab.... Jim Pingle
03:15 PM pfSense Docs New Content #12883 (Feedback): Add note to DNS Resolver/Forwarder Host Overrides docs about client DNS bypassing the firewall (e.g. DoH)
This should hopefully cover the topic in a few relevant places with minimal repetition:
https://gitlab.netgate.com... Jim Pingle
12:57 PM pfSense Docs New Content #12883 (New): Add note to DNS Resolver/Forwarder Host Overrides docs about client DNS bypassing the firewall (e.g. DoH)
Jim Pingle
08:36 AM pfSense Docs New Content #12883 (Pull Request Review): Add note to DNS Resolver/Forwarder Host Overrides docs about client DNS bypassing the firewall (e.g. DoH)
Jim Pingle
02:40 PM pfSense Docs New Content #13385 (Feedback): Add notice "A remote gateway address of '0.0.0.0' or '::' is not compatible with VTI, use an FQDN instead"
This should cover it: https://gitlab.netgate.com/docs/pfSense-docs/-/commit/94b3b01c346a8dcbc5718d0c39b55bdb1563705d Jim Pingle
12:35 PM Bug #13387 (Feedback): Input validation is not rejecting invalid description characters when editing a CA or Certificate
Applied in changeset commit:2fe0e0fab528be3e297ed14ddd9d9e73c99cc1c4. Jim Pingle
10:19 AM Bug #13387 (Resolved): Input validation is not rejecting invalid description characters when editing a CA or Certificate
When editing an existing CA or Certificate, the description is not validated on save the way it is validated during o... Jim Pingle
12:34 PM pfSense Docs New Content #11071 (Feedback): Add documentation for missing configuration items on IPv6 Router Advertisements
Merged and I also fixed a couple things in it after: https://gitlab.netgate.com/docs/pfSense-docs/-/commit/a5d062e917... Jim Pingle
07:34 AM pfSense Docs New Content #11071 (Pull Request Review): Add documentation for missing configuration items on IPv6 Router Advertisements
Jim Pingle
09:15 AM Bug #13383 (Feedback): Certificates cannot be created via csr in the Certificate Manager
I cannot reproduce this. I can create a CSR and sign it without error.
We'll need to know the exact input you are ... Jim Pingle
08:37 AM pfSense Docs Correction #8852 (Pull Request Review): Clarify purpose of "Client Identifier" in DHCP static mapping
Jim Pingle
08:31 AM Feature #13384 (Rejected): When Adding / Editing a Firewall Rule, the Interface option should default to the Interface from which you clicked on the Add/Edit link
I can't replicate what you are stating here.
If I go to any given tab in firewall rules and add a new rule or edit... Jim Pingle
08:02 AM pfSense Packages Bug #13380 (Feedback): OpenVPN client options cause "Options error: --proto tcp is ambiguous in this context. Please specify --proto tcp-server or --proto tcp-client"
Is this a problem in base or in the OpenVPN client export package? The issue was opened under base (not packages), bu... Jim Pingle
07:40 AM Bug #13376 (Rejected): Firewall ruleset fails to populate interface subnets/addresses if the internal interface names have been changed
The tags for assigned interfaces don't change like that. When changing the name of an interface it only changes the @... Jim Pingle
07:33 AM Bug #13375: Mixing VTI and disabled Tunnel Mode phase 2 entries on the same phase 1 breaks VTI gateway monitoring
It isn't valid to have both types on the same P1. I thought we already had checks that prevented ending up with the c... Jim Pingle
06:47 AM pfSense Packages Bug #12683 (Resolved): snort_get_vpns_list() does not include OpenVPN CSO
Tested on 22.05
OpenVPN CSO subnet/IP were successfully added as VPN Addresses into Snort Pass List
I marked th... Azamat Khakimyanov
04:16 AM pfSense Packages Bug #11693 (Resolved): IPv6 static routing fails
Tested on 22.05
When I setup FRR static route 240d::/20 via DHCPv6 interface I got correct static route in frr.con... Azamat Khakimyanov

07/31/2022

09:06 PM Feature #13382 (Pull Request Review): Packet Capture GUI with granular control
Louis B wrote in #note-7:
> Sometimes, I would like to monitor what is happening on multiple vlans = interfaces at t... Marcos M
11:03 AM Feature #13382: Packet Capture GUI with granular control
Sometimes, I would like to monitor what is happening on multiple vlans = interfaces at the same time. So I would be g... Louis B
02:35 PM pfSense Docs Todo #12461: Improve macOS Serial Command Instructions
Thoughts: @ls -l /dev/cu.*@ will specifically show all available cu devices regardless of driver, which is what we ar... Chris Linstruth
02:15 PM pfSense Docs Todo #12461: Improve macOS Serial Command Instructions
Jim Pingle wrote in #note-5:
> Updated in pfSense docs as well: https://gitlab.netgate.com/docs/pfSense-docs/-/commit... Ryan Coleman
11:21 AM pfSense Packages Bug #11681 (Resolved): FRR generates invalid BFD configuration after removing interfaces
Tested on 22.05
I wasn't able to reproduce this issue. After deleting interface which were chosen for BFD peer, I ... Azamat Khakimyanov
09:49 AM Bug #13386: service is work: MRT_DEL_MFC; Errno(49): Can't assign requested address
Version 2.6.0-RELEASE (amd64)
built on Mon Jan 31 19:57:53 UTC 2022
FreeBSD 12.3-STABLE
igmpproxy-0.3,1 Torstein Eide
09:45 AM Bug #13386 (New): service is work: MRT_DEL_MFC; Errno(49): Can't assign requested address
The service looks to be unable to work properly.
@
Jul 31 15:17:37 igmpproxy 80356 MRT_DEL_MFC; Errno(49): Can'... Torstein Eide

07/30/2022

09:38 PM pfSense Packages Bug #13368: IPsec Profile Wizard/Windows: Cannot generate a script for IKEv2 VPN using GCM ciphers when mobile P2 has no hash algorithms selected
I tried to recreate this and got a different error message with the same Phase 1 settings:
Phase 1 Hash Algorithm ... Kris Phillips
09:20 PM pfSense Packages Bug #13380: OpenVPN client options cause "Options error: --proto tcp is ambiguous in this context. Please specify --proto tcp-server or --proto tcp-client"
Can confirm the OpenVPN Export Utility does not specify tcp-client in it's config for clients to use, but instead def... Kris Phillips
07:12 PM Bug #7096: Unbound fails to start on boot if specific network devices are configured in the "Network Interfaces"
unbound starts as expected with only two WAN connections set for outgoing network interfaces and only selected intern... Jordan G
06:53 PM pfSense Docs Correction #8852 (Feedback): Clarify purpose of "Client Identifier" in DHCP static mapping
Merge request liking to RFC for explanation:
https://gitlab.netgate.com/docs/pfSense-docs/-/merge_requests/47/ Chris W
05:27 PM pfSense Docs New Content #12883 (Feedback): Add note to DNS Resolver/Forwarder Host Overrides docs about client DNS bypassing the firewall (e.g. DoH)
Merge request:
https://gitlab.netgate.com/docs/pfSense-docs/-/merge_requests/46/ Chris W
02:47 PM Bug #12543 (Closed): Deleteing a Outbound NAT rule gave me an empty rule and displayed php error in UI.
Alhusein Zawi
12:58 PM pfSense Docs New Content #13385 (Resolved): Add notice "A remote gateway address of '0.0.0.0' or '::' is not compatible with VTI, use an FQDN instead"
https://docs.netgate.com/pfsense/en/latest/vpn/ipsec/configure-p1.html#ike-endpoint-configuration
Remote Gateway
... Danilo Zrenjanin
12:30 PM Feature #13377: Option to configure a custom value for the PHP memory limit
Got it and checked, working as expected. Lev Prokofev

07/29/2022

07:10 PM Feature #13382: Packet Capture GUI with granular control
It's now fixed. Since it's currently still a work in progress, please leave feedback on the MR page if you have acces... Marcos M
02:35 PM Feature #13382: Packet Capture GUI with granular control
Promiscuous mode is on by default, as compared to previously where it is off by default, and turning it off doesn't s... Christopher Cope
04:03 PM Regression #13381: Software VLAN tagging does not work on ``ixgbe(4)`` interfaces
It looks like this issue still happens in FreeBSD Head. Though unlike in pfSense (FreeBSD 12) we can see outbound tra... Steve Wheeler
03:51 PM Feature #13384 (Rejected): When Adding / Editing a Firewall Rule, the Interface option should default to the Interface from which you clicked on the Add/Edit link
As a system admin adding/editing a Firewall Rule
I want to Add/Edit a Firewall Rule specifically against the Inter... Michael Cropper
03:09 PM Feature #8173: dhcp6c - RAW Options
I have added a PR with the changes of the dhcp6 client : https://github.com/pfsense/FreeBSD-ports/pull/1181
Until th... Paul M
02:12 PM Feature #13377: Option to configure a custom value for the PHP memory limit
The change only applies to the PHP used directly by pfSense, as they are set with config.inc.
For testing you can us... Christopher Cope
01:56 AM Feature #13377: Option to configure a custom value for the PHP memory limit
Seems no changes,
Set 256M
!clipboard-202207290952-dkowf.png!
Reboot,
checked with
echo ini_get("memory_... Lev Prokofev
12:26 PM Bug #11830: Certificate validation with OCSP always fails in ``openvpn.tls-verify.php``
Konstantin Panchenko wrote in #note-12:
> I see the issue was closed by adding "-resp_text" option, however without ... Marcos M
11:55 AM Bug #13378 (Not a Bug): Captive portal - Uncaught Error: Call to undefined function pfSense_pf_cp_get_eth_pipes() in /etc/inc/captiveportal.inc:1660
That seems to be a failed upgrade - try reinstalling. If you are able to reproduce it reliably, feel free to provide ... Marcos M
10:28 AM Regression #13162: Upgrade does not work when using only IPv6 DNS servers
A couple of observations on this change, and the function in general. Firstly, there's a $nameservers variable being ... Jonathan Snell
09:27 AM Bug #13383: Certificates cannot be created via csr in the Certificate Manager
Sorry, 2.6 of course. Not 2.6.2 :-)
Seems src/usr/local/www/system_certmanager.php is also affected. B P
09:24 AM Bug #13383 (Rejected): Certificates cannot be created via csr in the Certificate Manager
Certificates cannot be created via csr in the Certificate Manager since version 2.6.2. The introduced regex seems to ... B P
05:49 AM pfSense Packages Regression #13002 (Resolved): BIND 9.16_13 could not find existing DNSSEC keys at /cf/named/etc/namedb/keys due to directory change
Tested:... Danilo Zrenjanin
04:39 AM pfSense Packages Bug #12869 (Resolved): Bind DNS Package AAAA filtering Broken on new ZFS Installs
Tested:... Danilo Zrenjanin
04:10 AM pfSense Plus Bug #13358 (Pull Request Review): Traffic to OpenVPN DCO RA clients above the first available tunnel IP address is incorrectly routed
https://gitlab.netgate.com/pfSense/FreeBSD-src/-/merge_requests/102
The issue here is that one of the assumptions ... Kristof Provost

07/28/2022

06:32 PM Feature #13382: Packet Capture GUI with granular control
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/838 Marcos M
06:03 PM Feature #13382 (In Progress): Packet Capture GUI with granular control
Marcos M
06:00 PM Feature #13382 (Resolved): Packet Capture GUI with granular control
This is a complete re-write of the Packet Capture page.
Changes:
- Saved filename now includes the interface and ... Marcos M
06:03 PM Feature #13094 (In Progress): Allow packet capture filtering in tagged packets
I'm closing this in favor of a new Packet Capture page; see #13382
For reference, the old patch is below:... Marcos M
06:01 PM Feature #13322 (In Progress): Define Packet Capture Protocol
See #13382 Marcos M
03:54 PM Regression #13381 (Resolved): Software VLAN tagging does not work on ``ixgbe(4)`` interfaces
VLAN tagged traffic fails on an ix NIC if hardware vlan tagging is disabled.
For example:... Steve Wheeler
03:17 PM Bug #13379 (Duplicate): OpenVPN RADIUS wrong NAS IP
Marcos M
07:10 AM Bug #13379: OpenVPN RADIUS wrong NAS IP
Fix is actually already done: https://github.com/pfsense/pfsense/commit/d7be34a7d766b06e13272a5b1904dba9f532e4cc
Cha... Candera Austria
05:02 AM Bug #13379 (Duplicate): OpenVPN RADIUS wrong NAS IP
When connecting a OpenVPN by using RADIUS as Backend for Authentication the NAS-IP-Address is always the IP address o... Candera Austria
02:58 PM Feature #13377 (Pull Request Review): Option to configure a custom value for the PHP memory limit
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/837 Christopher Cope
05:29 AM pfSense Packages Bug #13380 (Not a Bug): OpenVPN client options cause "Options error: --proto tcp is ambiguous in this context. Please specify --proto tcp-server or --proto tcp-client"
Find that if the OpenVPN client has the "TCP" option of the remote (--remote host [port] [proto])
Example
@rem... Lev Prokofev

07/27/2022

03:38 PM Bug #9296: Alias content is sometimes incomplete when an alias contains both FQDN and IP address entries
Bob, thank you for your detailed report. Can you confirm for me that all of the entries in the hosted list are IPs, a... Reid Linnemann
03:22 PM pfSense Plus Bug #13358 (Confirmed): Traffic to OpenVPN DCO RA clients above the first available tunnel IP address is incorrectly routed
Steve Wheeler
01:10 PM pfSense Plus Bug #13358: Traffic to OpenVPN DCO RA clients above the first available tunnel IP address is incorrectly routed
... Steve Wheeler
12:42 PM pfSense Plus Bug #13358: Traffic to OpenVPN DCO RA clients above the first available tunnel IP address is incorrectly routed
Nothing special is required to recreate this beyond enabling DCO:
Install 22.09 clean. Tested: 22.09.a.20220725.06... Steve Wheeler
02:06 PM Bug #13378 (Not a Bug): Captive portal - Uncaught Error: Call to undefined function pfSense_pf_cp_get_eth_pipes() in /etc/inc/captiveportal.inc:1660

GOT these errors after pfsense update 22.05
I hope you can help me with these issue.
PHP Errors:
[27-Jul-2... kin andre patingo
11:38 AM Feature #13377 (Resolved): Option to configure a custom value for the PHP memory limit
There are several cases where the default memory limit used for PHP is being hit and where the system has plenty of e... Christopher Cope
08:28 AM Feature #3652: OpenVPN - Dynamic IPv6 Tunnel Network
I can only confirm this, would be really helpful for people who are on IPV6 only and do not have a static prefix assi... Arne M
05:04 AM Bug #13325: System Information widget breaks with multiple instances
I didn't mention that I performed my tests on Firefox on MacOS.
I performed additional testing on Chrome and Safar... Danilo Zrenjanin

07/26/2022

04:13 PM pfSense Packages Bug #12475 (New): OpenVPN Client Export does not show certificate without private key
I'm reopening this. The comments above about the $settings and $cert variable are correct. A symptom of this is that ... Marcos M
10:31 AM Bug #9296: Alias content is sometimes incomplete when an alias contains both FQDN and IP address entries
UPDATE: Tinkering some more this morning. Found out that if I make a new alias URL table, point it to a new URL list ... Bob Smith
02:46 AM Bug #9296: Alias content is sometimes incomplete when an alias contains both FQDN and IP address entries
Had to create an account just to leave a note regarding this issue
We host a text file at *https://www.mydomainur... Bob Smith
04:03 AM pfSense Packages Regression #12160 (Resolved): An invalid configuration is generated when choosing TLS as the default protocol
Tested on 22.05 and on 22.09-DEV
There was no problem using TLS as a default protocol for syslog-ng. I was able su... Azamat Khakimyanov
01:42 AM Revision 2884bd1f: Add two missing '\n' to pkg.conf.
This file is quickly overwritten by the (correct) version written by
pfSense-upgrade, this makes this failure hard to... Luiz Souza

07/25/2022

08:20 AM Regression #13167: DigitalOcean Dynamic DNS update fails with a "bad request" error
Same here. Issue has arisen across two domains served on DigitalOcean on 22.05
Having to use Google custom setup for... Mark Lynch
06:54 AM pfSense Packages Bug #12114 (Resolved): syslog-ng only binds to the last specified interface
I can't reproduce this issue on 22.05 and on 22.09-DEV.
After choose several interfaces for Syslog-ng, in 'netstat... Azamat Khakimyanov
01:33 AM pfSense Packages Bug #13098 (Resolved): HAProxy Virtual IP broken link under Frontend setup
I was able to reproduce this issue on 21.05_2 (HAproxy 0.61_3) but since then on 22.01/22.05 and on 22.09-DEV "Virtua... Azamat Khakimyanov

07/24/2022

05:18 PM pfSense Packages Bug #13360: Not All AS Prefixes are returned by WHOIS
Danilo Zrenjanin wrote in #note-3:
> I recommend trying with the pfBlockerNG-devel. Here is the list I got on the de... Alex Knop

07/23/2022

10:14 PM Bug #13325: System Information widget breaks with multiple instances
Danilo Zrenjanin wrote in #note-3:
> Following Larry's instructions, I recreated the issue on the 22.05 clean instal... Larry Bernardo
09:57 PM Bug #13325: System Information widget breaks with multiple instances
You will need to split your two System Information Widgets.
1st Column = top half (From name down to MDS Mitigatio... Larry Bernardo
05:47 PM Bug #13325: System Information widget breaks with multiple instances
Nope. Not a Chrome browser thing. Unless I'm missing something on the steps to reproduce this, I can't recreate it ... Kris Phillips
05:44 PM Bug #13325: System Information widget breaks with multiple instances
I probably should have mentioned in my previous reply that I tested this. I've edited the original comment.
I d... Kris Phillips
07:22 PM pfSense Packages Bug #12706: pfBlockerNG and unbound does not work after switching /var to RAM disk
unable to recreate in the current dev build 22.09.a.20220722.0600 Jordan G
06:55 PM Bug #13376 (Rejected): Firewall ruleset fails to populate interface subnets/addresses if the internal interface names have been changed
For example if I create a config and use the internal interface name 'lan1' instead of the default 'opt1':... Steve Wheeler
05:31 PM pfSense Packages Feature #13361: Add Zabbix 6.2 (agent and proxy) packages
This is present in FreshPorts.
https://www.freshports.org/net-mgmt/zabbix62-agent/ Kris Phillips
05:29 PM Bug #13364: Using the copy (not clone) function on firewall rules unintentionally converts interface ``address`` to interface ``net``
Tested this and confirmed an issue on 22.05. Tested just using the copy button in the actual rule and this does not ... Kris Phillips
05:27 PM Bug #13375: Mixing VTI and disabled Tunnel Mode phase 2 entries on the same phase 1 breaks VTI gateway monitoring

It could be better to add restriction when creating VTI to delete tunnel mode Phase 2 entries. Alhusein Zawi
02:23 PM Bug #13375 (New): Mixing VTI and disabled Tunnel Mode phase 2 entries on the same phase 1 breaks VTI gateway monitoring
If a user disables all of their tunnel mode Phase 2 entries to migrate to VTI, rather than deleting them, the VTI gat... Kris Phillips
05:23 PM Bug #13374: UI: status_logs_filter.php -- after resolution hides last column without being able to view it.
The data isn't cut off. There is a scroll bar at the bottom of the page that allows for scrolling to the right to se... Kris Phillips
04:03 AM Bug #13374 (New): UI: status_logs_filter.php -- after resolution hides last column without being able to view it.
If both the source and destination column are long enough the last column of the data is hidden and cannot be viewed.... Aram Mirzadeh
04:58 PM pfSense Docs Correction #9685 (Closed): Processing order of ``match`` action for Floating Rules is ambiguous
Hello,
Apologies for just getting you a response here, but I've been going through backlog and wanted to add some ... Chris W
04:54 PM pfSense Docs New Content #11071 (Feedback): Add documentation for missing configuration items on IPv6 Router Advertisements
Chris W
03:12 PM pfSense Docs New Content #11071: Add documentation for missing configuration items on IPv6 Router Advertisements
MR with Marcos's addition:
https://gitlab.netgate.com/docs/pfSense-docs/-/merge_requests/45 Chris W
01:12 PM Bug #13344: Vlan loses parent interface when changing LAGG mtu to jumbo frames

it appears with 22.05 too.
to workaround :
re-save the Lagg interface *Interfaces>LAGGs*
after resaving:
... Alhusein Zawi
12:07 PM pfSense Plus Regression #13355: OpenVPN crashes after reaching the configured concurrent connection limit
Lev Prokofev wrote in #note-4:
> Have the same behavior after diff applying on 22.05
The fix is applied when the ... Marcos M
03:37 AM pfSense Plus Regression #13355: OpenVPN crashes after reaching the configured concurrent connection limit
Have the same behavior after diff applying on 22.05
OpenVPN logs:... Lev Prokofev

07/22/2022

04:00 PM Bug #12754: Google Domains Dynamic DNS responses are not parsed properly
FWIW, this fix didn't work for me (CE running 2.6).
Instead, I had to use the recommendation at https://forum.netg... Alex Neihaus
03:06 PM pfSense Docs Todo #12461: Improve macOS Serial Command Instructions
Updated in pfSense docs as well: https://gitlab.netgate.com/docs/pfSense-docs/-/commit/a1870dd5368f3232712f0cc9564b54... Jim Pingle
02:10 PM pfSense Docs Todo #13369: Standardize mentions of macOS
TNSR platform docs are done: https://gitlab.netgate.com/docs/tnsr-platforms/-/commit/52e7909fb64ea2f2ba2994dd4df3e70a... Jim Pingle
01:15 PM Feature #11266 (Pull Request Review): Option to list AutoConfigBackup entries in "reverse" order (newest at top)
Jim Pingle
12:46 PM Feature #11266: Option to list AutoConfigBackup entries in "reverse" order (newest at top)
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/836 Christopher Cope
08:18 AM Bug #13325: System Information widget breaks with multiple instances
Following Larry's instructions, I recreated the issue on the 22.05 clean install. The second widget blinks, as explai... Danilo Zrenjanin
07:44 AM pfSense Packages Bug #13360: Not All AS Prefixes are returned by WHOIS
I recommend trying with the pfBlockerNG-devel. Here is the list I got on the devel version:... Danilo Zrenjanin
07:18 AM Regression #13373: IPsec rejects certificates if any SAN is wildcard rather than rejecting when **all** SANs are wildcard
That should be possible to address. Considering that the other SANs _do_ work, We probably should not fail a certific... Jim Pingle
06:43 AM Regression #13373: IPsec rejects certificates if any SAN is wildcard rather than rejecting when **all** SANs are wildcard
Hello Andrew -
SAN certificate without wildcard entries should work with no issues.
Please check https://wiki.s... Danilo Zrenjanin
05:51 AM pfSense Packages Bug #13034 (Resolved): Zabbix6 Agent and Proxy fail to set the PSK from the web GUI in its conf files
Tested:... Danilo Zrenjanin
02:14 AM Bug #13272 (Resolved): Voucher CSV output has leading space before voucher code
Tested:... Danilo Zrenjanin

07/21/2022

05:57 PM pfSense Packages Feature #13370: Wireguard Dashboard status
Ideally, it would be nice to see which Peers are connected, similar to the status of the OpenVPN widget.
This is a s... Gil Gil
04:24 PM pfSense Plus Regression #13365 (Closed): ZFS widget no longer displays information
Thanks for the feedback. Christian McDonald
03:59 PM pfSense Plus Regression #13365: ZFS widget no longer displays information
The widget is working again for me using @22.09.a.20220721.0600@ Glenn Hall
04:07 PM Regression #13373 (Resolved): IPsec rejects certificates if any SAN is wildcard rather than rejecting when **all** SANs are wildcard
The patch used in https://redmine.pfsense.org/issues/11297 causes any certificate with a wildcard SAN from being used... Andrew Stuart
03:17 PM pfSense Docs Todo #13369 (In Progress): Standardize mentions of macOS
pfSense Platform docs are done: https://gitlab.netgate.com/docs/pfsense-platforms/-/commit/23b92e18e50dc72de4b7479daf... Jim Pingle
11:55 AM Bug #13372 (Not a Bug): Can't upgrade from 2.6 to Plus
That's likely a temporary failure in the authentication process. TAC can help you get around that, but it's not a bug... Jim Pingle
11:50 AM Bug #13372 (Not a Bug): Can't upgrade from 2.6 to Plus
[2.6.0-RELEASE][admin@pfSense.home.arpa]/root: pfSense-upgrade -d -c
>>> Updating repositories metadata...
Updating... Jeff Petovello
07:59 AM Bug #13289 (Resolved): Attempting to restore a 0 byte ``config.xml`` prints an error that the file cannot be read
Tested:... Danilo Zrenjanin
07:20 AM Feature #7688 (Rejected): AutoConfigBackup - Info Icon - username only
ACB doesn't use logins anymore so this is moot. Jim Pingle
07:19 AM Bug #7757 (Not a Bug): Auto Config Backup fails to upload unless Default Gateway is up
This isn't an ACB issue. This can be resolved by configuring the default gateway to be a failover group which matches... Jim Pingle
07:16 AM Feature #13371 (Duplicate): ACB multiple save point removal
Duplicate of #12553 Jim Pingle
07:02 AM Regression #13356 (Resolved): RADIUS authentication attempts no longer send RADIUS NAS IP attribute
Tested:... Danilo Zrenjanin

07/20/2022

09:53 PM Feature #13371 (Duplicate): ACB multiple save point removal
Currently under Services>Auto Configuration Backup>Restore there is no ability to select (remove) more than one hoste... Jordan G
09:09 PM pfSense Packages Feature #13370: Wireguard Dashboard status
What detail specifically? Marcos M
08:31 PM pfSense Packages Feature #13370 (New): Wireguard Dashboard status
It would be nice if the WireGuard widget would give a little more detail on the Dashboard. Gil Gil
01:33 PM Bug #13280 (Confirmed): Entries for ``net.link.ifqmaxlen`` duplicated in ``/boot/loader.conf``
Yes, it should have a target. It definitely needs addressed and should be possible to patch between releases if neede... Jim Pingle
01:18 PM Bug #13280: Entries for ``net.link.ifqmaxlen`` duplicated in ``/boot/loader.conf``
I know this is probably a low priority bug since pfSense does not need to be rebooted frequently, but shouldn't this ... Joe Mott
12:28 PM pfSense Docs Todo #13369 (Resolved): Standardize mentions of macOS
As of 2016 and macOS 10.12 Apple has standardized on macOS instead of the former OS X. We should update mentions of M... Jim Pingle
11:56 AM Bug #13366: Under or over size state tables cause pfctl error ``DIOCSETSYNCOOKIES``
Jim Pingle wrote in #note-1:
> What was the limit before it was lowered?
>
> How much RAM did they have?
>
> I... Christopher Cope
11:20 AM pfSense Packages Bug #13368 (Resolved): IPsec Profile Wizard/Windows: Cannot generate a script for IKEv2 VPN using GCM ciphers when mobile P2 has no hash algorithms selected
The following P1 cipher suite is supported by Windows natively, yet the wizard prevents it:
AES256-GCM | 128 bits ... Marcos M
11:05 AM Bug #7329 (Closed): DHCP Not Updating DNS
Given the affected version here is 2.3.3, I'm going to close this out. If anyone can reproduce this on 2.6/2.7, feel ... Marcos M
09:49 AM Bug #7329: DHCP Not Updating DNS
pfSense version is Community Edition 2.6.0-Release with DNS Resolver enabled. Garry Page
09:45 AM Bug #7329: DHCP Not Updating DNS
Related, may be...
Windows 10 PC has DHCP enabled, IP address: 10.0.0.164 (preferred), Default Gateway: 10.0.0.1, DH... Garry Page
09:50 AM pfSense Docs Todo #12461 (Feedback): Improve macOS Serial Command Instructions
This should take it the rest of the way, given that it appears all recent (~10 year old and newer) Macs running a cur... Jim Pingle

07/19/2022

06:26 PM Feature #13367 (Pull Request Review): Specify CA trust store location when downloading and validating URL alias content
Marcos M
06:12 PM Feature #13367: Specify CA trust store location when downloading and validating URL alias content
Patch:... Marcos M
06:11 PM Feature #13367: Specify CA trust store location when downloading and validating URL alias content
Tested on 22.09 - works for me.
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/835 Marcos M
06:07 PM Feature #13367 (Resolved): Specify CA trust store location when downloading and validating URL alias content
When the option @Check certificate of aliases URLs@ is checked, it does not use the same trust store used when enabli... Marcos M
06:16 PM Bug #12737: CA path is not defined when using ``curl`` in the shell
Djerk Geurts wrote in #note-6:
> Same issue here, curl doesn't use the trust store and it seems neither does pfBlock... Marcos M
11:33 AM Bug #12737: CA path is not defined when using ``curl`` in the shell
Same issue here, curl doesn't use the trust store and it seems neither does pfBlockerNG. Seems a bit laughable that i... Djerk Geurts
05:11 PM Bug #13366: Under or over size state tables cause pfctl error ``DIOCSETSYNCOOKIES``
What was the limit before it was lowered?
How much RAM did they have?
It may be that we are calculating it base... Jim Pingle
04:47 PM Bug #13366 (New): Under or over size state tables cause pfctl error ``DIOCSETSYNCOOKIES``
On systems with excessively large RAM, where the default state table is huge the following error is seen and traffic ... Christopher Cope
12:17 PM pfSense Plus Regression #13365: ZFS widget no longer displays information
Looks good here with that fix applied. Will wait for it to land in a snapshot and re-test before closing.
 Jim Pingle
12:08 PM pfSense Plus Regression #13365 (Feedback): ZFS widget no longer displays information
Christian McDonald
12:08 PM pfSense Plus Regression #13365: ZFS widget no longer displays information
Fixed in https://gitlab.netgate.com/pfSense/factory/-/commit/1c8a0c751e0f5894b53d4cafb2707428005d85b0 Christian McDonald
11:41 AM pfSense Plus Regression #13365: ZFS widget no longer displays information
I can reproduce this here, it broke somewhere between @22.09.a.20220714.0600@ and @22.09.a.20220719.0600@. Jim Pingle
11:30 AM pfSense Plus Regression #13365 (Closed): ZFS widget no longer displays information
Dashboard widget no longer displays ZFS pool information "No ZFS pools are configured." is displayed when ZFS pools e... Keith Townsend
09:30 AM pfSense Docs New Content #12063 (Closed): Document recently added options for Configuring RFC 2136 Dynamic DNS updates
This has been added - I forget when it was done. Marcos M

07/18/2022

05:50 PM Bug #13363 (Rejected): Pfsense 2.6.0 Buggy and Should have Remained in Development Branch (one bug report inside). Usage issues as well
First, most of those are not bugs, but known limitations. Like the gateway thing -- you set it to auto, it's doing au... Jim Pingle
04:42 PM Bug #13363: Pfsense 2.6.0 Buggy and Should have Remained in Development Branch (one bug report inside). Usage issues as well
Based on this post. Should I have split them up?
https://forum.netgate.com/topic/173526/pfsense-2-6-0-buggy-and-s... Dragon Master
04:42 PM Bug #13363 (Rejected): Pfsense 2.6.0 Buggy and Should have Remained in Development Branch (one bug report inside). Usage issues as well
1) Applying changes seems to take significantly longer. (Certain ones, I forgot which ones off the top of my head. ... Dragon Master
05:16 PM Bug #13364 (Resolved): Using the copy (not clone) function on firewall rules unintentionally converts interface ``address`` to interface ``net``
Tested on 22.05 and latest dev.
Steps:
# Start with three interfaces, WAN, LAN, OP1
# Create a rule on OPT1: ipv... Marcos M
04:06 PM pfSense Docs Todo #13236 (Resolved): Document link speed limitations with igc and ix on 6100/4100
Looks good, thanks! Marcos M
03:10 PM pfSense Docs Todo #13236: Document link speed limitations with igc and ix on 6100/4100
This should be better now:
https://gitlab.netgate.com/docs/pfsense-platforms/-/commit/ce3288bce4b70211f1296deddaa2... Jim Pingle
01:50 PM pfSense Docs Todo #13236: Document link speed limitations with igc and ix on 6100/4100
For ix, it's the same on the 4100/5100/6100. I only see testing history on the RJ-45 ix ports, not SFP. Marcos M
08:05 AM pfSense Docs Todo #13236: Document link speed limitations with igc and ix on 6100/4100
Marcos M wrote in #note-8:
> Note looks good, however when we tested this, the issue happened on the @ix@ ports as w... Jim Pingle
01:40 PM Feature #13362 (Feedback): Update dynamic gateway consumers when their interface is renamed
If the gateway selection was empty, that could mean the gateway was disabled/renamed at some point. If this happened ... Marcos M
12:22 PM Feature #13362 (New): Update dynamic gateway consumers when their interface is renamed
I set up a IPSEC tunnel using VTI mode. Created the Static route and pointed it out the correct gateway. Approx 3 day... Fredrick Pettiford
08:02 AM pfSense Packages Feature #13361 (Resolved): Add Zabbix 6.2 (agent and proxy) packages
New release from zabbix. Please add this new version.
https://www.zabbix.com/rn/rn6.2.0
https://www.freshports.or... Pim Janssen
07:53 AM pfSense Packages Feature #12859: Add Zabbix 6.0 LTS (agent and proxy) packages
zabbix proxy 6 is available but i am unable to close the issue. Pim Janssen

07/17/2022

01:30 PM Todo #13357 (Pull Request Review): Spelling and typo corrections
I reviewed the spelling fixes and confirmed the changes. I'm highlighting the bugs addressed by the changes here:
... Marcos M
09:34 AM pfSense Packages Bug #13360: Not All AS Prefixes are returned by WHOIS
Kris Phillips wrote in #note-1:
> I can confirm that subnet should be part of that ASN. However, I cannot recreate ... Alex Knop
04:45 AM pfSense Packages Bug #13343: HAproxy cookie protection syntax needs updated
Hello,
the bug is there if the haproxy package installation dependency is set to use
haproxy22-2.2.22 (no more "rs... Johannes Goldynia

07/16/2022

08:35 PM Bug #13317: ``array_filter`` PHP Errors in ``interfaces.inc``
What are the steps to reproduce this issue so that we can test the patch? No information on reproducible steps is pr... Kris Phillips
08:32 PM pfSense Packages Bug #13343: HAproxy cookie protection syntax needs updated
Hello,
Is this present on the stable or devel branch? Or both? Kris Phillips
08:30 PM pfSense Plus Bug #13348: Error when deleting ZFS Boot Environment created from duplicate of non-default entry
I cannot reproduce this either. Hopefully Christian can provide some insight into what might be the reproducible ste... Kris Phillips
11:45 AM pfSense Plus Bug #13348: Error when deleting ZFS Boot Environment created from duplicate of non-default entry
I don't recall the details when discussing it with Christian, but he mentioned something along the lines of the issue... Marcos M
08:28 PM Todo #13357: Spelling and typo corrections
As mentioned by Jim P in the Github pull request, some of these are for functions that may need to be updated in othe... Kris Phillips
08:21 PM pfSense Packages Bug #13360: Not All AS Prefixes are returned by WHOIS
I can confirm that subnet should be part of that ASN. However, I cannot recreate this in pfBlockerNG. Are you runni... Kris Phillips
03:27 PM pfSense Packages Bug #13360 (New): Not All AS Prefixes are returned by WHOIS
If you set up a rule to do WHOIS on AS4917, these are the prefixes returned by pfBlockerNG:
• 12.187.160.0/24
•... Alex Knop
02:26 PM Feature #12521: Add the BBR2, QUIC, RACK Congestion Control (CC) protocols
Good afternoon!
I'm trying to test the BBR and RACK algorithms on FreeBSD v13.1 and I'm having trouble getting tra... Yuran Yastreb
12:05 PM pfSense Packages Todo #13349 (Pull Request Review): Add note in WireGuard GUI regarding routing behavior for Allowed IPs
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/254 Marcos M
11:41 AM Bug #13359 (Not a Bug): bug found: ipsec vpn ipv4 and web management (trusted hosts) do not work together
This is almost certainly a configuration issue, either on pfSense itself or the hosting platform. Please continue the... Marcos M
06:40 AM Bug #13359 (Not a Bug): bug found: ipsec vpn ipv4 and web management (trusted hosts) do not work together
Hi
the bus gas been noticed on on latest pfsense+ 22.05, I have an ipsec tunnel between 2 routers: using ipv4 addr... Alex Zaykov

07/15/2022

04:02 PM Revision 71758a5f: Zabbix 5.4 is EoL so remove it
Brad Davis
03:31 PM pfSense Docs Todo #13236: Document link speed limitations with igc and ix on 6100/4100
Note looks good, however when we tested this, the issue happened on the @ix@ ports as well (see #note-3). Marcos M
09:35 AM pfSense Docs Todo #13236 (Feedback): Document link speed limitations with igc and ix on 6100/4100
Note added: https://gitlab.netgate.com/docs/pfsense-platforms/-/commit/05b5a002a9ecf6915681b90c4f75bf49248dcc1d
ht... Jim Pingle
09:23 AM pfSense Docs Todo #13236 (In Progress): Document link speed limitations with igc and ix on 6100/4100
Jim Pingle
02:00 PM pfSense Packages Bug #13154: pfBlocker causing excessive CPU load
Michael Novotny wrote in #note-11:
> Interesting... I reinstalled pfBlocker (pfBlockerNG-devel 3.1.0_4) as I was not ... Denny Page
01:08 PM pfSense Packages Bug #13154: pfBlocker causing excessive CPU load
Denny Page wrote in #note-10:
> Probably should confirm that the patch applied correctly. Assuming that you are runni... Michael Novotny
12:45 PM pfSense Packages Bug #13154: pfBlocker causing excessive CPU load
Michael Novotny wrote in #note-9:
> The high cpu is still occurring with this patch applied and running on 22.05, re... Denny Page
08:17 AM pfSense Packages Bug #13154: pfBlocker causing excessive CPU load
The high cpu is still occurring with this patch applied and running on 22.05, reboot, reloading package, etc. As sta... Michael Novotny
12:58 PM Revision d7be34a7: Get radius nas ip from correct variable. Fix #13356
Marcos M
12:56 PM Revision 73b5f1f7: Check for empty config.xml restore. Fixes #13289
Christopher Cope
12:42 PM pfSense Docs New Content #12787: Convert "Routing Internet Traffic Through a Site-to-Site IPsec Tunnel" recipe to VTI or add VTI as an alternate strategy
The current info isn't bad or outdated, VTI isn't necessarily better either. For that to work with VTI you'd likely n... Jim Pingle
12:30 PM pfSense Docs Todo #11944 (Closed): Feedback on Packages — FRR Package — Bidirectional Forwarding Detection
No such reference on the page currently. Jim Pingle
12:29 PM pfSense Docs Todo #11648 (Closed): Feedback on Packages — AWS VPC Wizard — pfSense Plus Configuration Details
This was fixed some time ago, it's FRR now. Jim Pingle
12:20 PM pfSense Docs Todo #13020: Improve ``easyrule`` command documentation
This could use some expansion in general. As it is, it's just a copy of the CLI usage output.
There are some other... Jim Pingle
12:15 PM pfSense Docs Todo #12214: Inconsistent usage of GUI/WebGUI/webConfigurator
The root of the issue here is that we're calling it several different names in various places and we should standardi... Jim Pingle
12:08 PM Bug #13310 (Resolved): Each line in the NPt destination IPv6 prefix list also contains the network of the previous line when multiple choices are present
This is working perfectly on snapshots. Jim Pingle
12:04 PM pfSense Docs Correction #10482 (Closed): In AWS, Get System Log may not show output and Get Instance Screenshot may need to be used
Note added: https://gitlab.netgate.com/docs/pfsense-platforms/-/commit/c0e54493ddd97d92bed72c365df8b861658358fc Jim Pingle
11:35 AM pfSense Plus Bug #13358 (Resolved): Traffic to OpenVPN DCO RA clients above the first available tunnel IP address is incorrectly routed
Traffic from hosts in the local subnet, for example a server on LAN, can only reach the first assign RA client when D... Steve Wheeler
11:07 AM pfSense Docs Correction #13187 (Closed): Azure Frequently asked questions
This was updated recently, the outdated references are gone. Jim Pingle
10:58 AM pfSense Docs Correction #12978 (Resolved): Correction to iftop section of Monitoring Bandwidth Usage
I fixed this at some point, the old references are no longer present. Jim Pingle
10:52 AM pfSense Docs Todo #12411 (Resolved): Feedback on High Availability — pfSense XML-RPC Config Sync Overview
This was added a month or so ago: https://docs.netgate.com/pfsense/en/latest/highavailability/settings.html#synchroni... Jim Pingle
10:37 AM pfSense Docs New Content #11172 (Closed): Interfaces order of 10 Gigabit Quad-Port SFP+ Intel® X710BM2 Card
Looks like they were added at some point since this went in. If what is there is still incorrect, then you'll need to... Jim Pingle
10:37 AM pfSense Docs New Content #11608 (Closed): Interfaces order of XG-7100 Quad-Port 10GbE Fiber SFP+ Installation Kit
Looks like they were added at some point since this went in. If what is there is still incorrect, then you'll need to... Jim Pingle
10:35 AM pfSense Docs Correction #9310 (Closed): Appliances with internal switch need the MAC Address section of their Getting Started guides updated
Those docs were redesigned since this was put in, the sections in question aren't anywhere in the current docs for th... Jim Pingle
10:08 AM pfSense Docs Todo #12162 (Feedback): Add "usb reset" as possible solution for non-booting flash drives on the SG-1100
Note added: https://gitlab.netgate.com/docs/pfsense-platforms/-/commit/1f955d02df41f4a57cde5bd560a7c8e21818925b
http... Jim Pingle
10:05 AM pfSense Docs Todo #12162 (In Progress): Add "usb reset" as possible solution for non-booting flash drives on the SG-1100
Jim Pingle
09:20 AM pfSense Docs Correction #11871 (Resolved): SG-2100 must be manually power cycled after installation
Fixed: https://gitlab.netgate.com/docs/pfsense-platforms/-/commit/4c5c52b9b56999cb49c5dd8106538e9cfa005f69
https:/... Jim Pingle
09:01 AM pfSense Docs Correction #11871 (In Progress): SG-2100 must be manually power cycled after installation
Jim Pingle
08:09 AM pfSense Docs Correction #12570 (Closed): Active appliance list missing 6100
This was fixed a while ago, it's there now (and the 4100) Jim Pingle
08:07 AM pfSense Docs New Content #12597 (Resolved): How to reset IPMI settings and password for Netgate appliances
It's in the docs now, has been since that commit was merged in.
https://docs.netgate.com/pfsense/en/latest/solutio... Jim Pingle
08:05 AM Regression #13356 (Feedback): RADIUS authentication attempts no longer send RADIUS NAS IP attribute
Applied in changeset commit:d7be34a7d766b06e13272a5b1904dba9f532e4cc. Marcos M
08:05 AM Bug #13289 (Feedback): Attempting to restore a 0 byte ``config.xml`` prints an error that the file cannot be read
Applied in changeset commit:73b5f1f758dedb6c87dbed89c7b7c70494c3a5cd. Christopher Cope
08:04 AM pfSense Docs Todo #13291 (Duplicate): Notification documentation
Duplicate of #12805 Jim Pingle

07/14/2022

09:12 PM Revision 970a364f: Build security/pfSense-pkg-Tailscale
(cherry picked from commit 54ab28a2f7d051c0fc251ab76900ffeddd5a2d68) Christian McDonald
09:12 PM Revision 54ab28a2: Build security/pfSense-pkg-Tailscale
Christian McDonald
06:27 PM Regression #13356 (Pull Request Review): RADIUS authentication attempts no longer send RADIUS NAS IP attribute
Thank you for your looking into it!
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/834 Marcos M
11:55 AM Regression #13356: RADIUS authentication attempts no longer send RADIUS NAS IP attribute
As requested, I added in the following (to ensure I could see the separation):... Alastair Burr
11:34 AM Regression #13356: RADIUS authentication attempts no longer send RADIUS NAS IP attribute
I'm curious what those contain - you can dump them to the system log by adding:... Marcos M
03:49 PM Bug #13289: Attempting to restore a 0 byte ``config.xml`` prints an error that the file cannot be read
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/833 Christopher Cope
03:42 PM pfSense Docs Todo #12461 (In Progress): Improve macOS Serial Command Instructions
I added some general info on finding the serial device.
Waiting on info from someone with both a Mac and a 2100 to... Jim Pingle
11:36 AM pfSense Plus Regression #13355 (Feedback): OpenVPN crashes after reaching the configured concurrent connection limit
Marcos M
08:42 AM pfSense Packages Feature #12748: Suricata blocked page timestamp breakout to it's own sortable column
Thanks so much, Bill! Appreciate your efforts. tasty ratz
08:30 AM pfSense Packages Feature #12748: Suricata blocked page timestamp breakout to it's own sortable column
The pull request has been merged to correct this issue and it can be marked "Resolved". Bill Meeks
08:31 AM pfSense Packages Bug #12956: suricata fails to use pcre in SID management (e.g. dropsid.conf)
The pull request has been merged to correct this issue and it can be marked "Resolved". Bill Meeks
08:30 AM pfSense Packages Bug #13333: PHP error when saving Suricata rulesets
The pull request has been merged to correct this issue and it can be marked "Resolved". Bill Meeks
01:34 AM Bug #8435: DHCPv6 unusable in certain circumstances (US AT&T Fiber, etc.)
Can confirm; there is a workaround that was documented in the forums.... Nathan Ollerenshaw

07/13/2022

06:24 PM pfSense Packages Bug #12956: suricata fails to use pcre in SID management (e.g. dropsid.conf)
The logic has been changed back to the original behavior by removing the _preg_quote()_ wrapping of the PCRE keyword ... Bill Meeks
06:22 PM pfSense Packages Feature #12748: Suricata blocked page timestamp breakout to it's own sortable column
Sortable columns have been added to the BLOCKS tab in the latest _pfSense-pkg-suricata-6.0.6_ version of the GUI pack... Bill Meeks
06:20 PM pfSense Packages Bug #13333: PHP error when saving Suricata rulesets
This issue has been addressed in the new _pfSense-pkg-suricata-6.0.6_ update. Pull request posted here: https://githu... Bill Meeks
11:41 AM Regression #11545: Primary interface address is not always used when VIPs are present
I'll have a look, thanks! Reid Linnemann
07:44 AM Regression #11545 (In Progress): Primary interface address is not always used when VIPs are present
Since this went in my GIF interface doesn't seem to be working properly, and it might affect others. It was working p... Jim Pingle
06:03 AM pfSense Plus Regression #13355 (Pull Request Review): OpenVPN crashes after reaching the configured concurrent connection limit
MR: https://gitlab.netgate.com/pfSense/factory-ports/-/merge_requests/63 Kristof Provost

07/12/2022

06:23 PM Todo #13357 (Resolved): Spelling and typo corrections
Filing as a place to hang a PR.
The misspellings have been reported at https://github.com/jsoref/pfsense/commit/0b... Josh Soref
06:15 PM Regression #13356 (Resolved): RADIUS authentication attempts no longer send RADIUS NAS IP attribute
After upgrading to pfSense Plus 22.05, the RADIUS NAS IP Attribute setting is no longer sent to the RADIUS server.
... Alastair Burr
05:57 PM Bug #13282: Alias content is sometimes incomplete if the firewall cannot resolve an FQDN in the alias
I trust that it is definitely real and not a false or misinterpreted report. There's a reason for it and with enough ... Reid Linnemann
05:55 PM Bug #13282: Alias content is sometimes incomplete if the firewall cannot resolve an FQDN in the alias
This has been squirreley for a long time and has been very difficult to reliably duplicate but it is very real. #9296... Chris Linstruth
05:26 PM Bug #13282: Alias content is sometimes incomplete if the firewall cannot resolve an FQDN in the alias
No, none that I am aware of. I know that filterdns has been untouched for a few months now. I'll look for changes els... Reid Linnemann
01:33 PM pfSense Plus Regression #13355 (Resolved): OpenVPN crashes after reaching the configured concurrent connection limit
Tested on 22.05.
If @Concurrent connections@ is set and that limit is reached, the OpenVPN service will crash with... Marcos M
01:12 PM Revision 9490042f: Build security/tailscale
Christian McDonald
07:30 AM pfSense Docs Todo #13352 (Resolved): Feedback on DNS — DNS Rebinding Protections
Fixed, thanks! Jim Pingle

07/11/2022

09:10 PM Bug #13353: DHCPv6 (still) doesn't work properly with multiple interfaces
We do test a variety of configurations but testing every possible iteration is not possible. Even with unit testing t... Jim Pingle
09:00 PM Bug #13353: DHCPv6 (still) doesn't work properly with multiple interfaces
If you would do proper testing (which means that at least multiple options that the GUI offers are tested, not just t... Flole Systems
07:47 PM Bug #13353: DHCPv6 (still) doesn't work properly with multiple interfaces
Unit tests are a concept that is easy to suggest but not at all easy to implement. It's something we are working towa... Jim Pingle
07:33 PM Bug #13353: DHCPv6 (still) doesn't work properly with multiple interfaces
I know exactly why it's working for you (and for some others aswell, not for all though), but it's not my job to fix ... Flole Systems
07:16 PM Bug #13353: DHCPv6 (still) doesn't work properly with multiple interfaces
I am actively using it on 22.05. It works, and does not behave as you describe.... Jim Pingle
07:10 PM Bug #13353: DHCPv6 (still) doesn't work properly with multiple interfaces
No it's not! I clearly wrote:
h3. That is on the latest pfSense plus version.
above which shouldn't leave any r... Flole Systems
06:34 PM Bug #13353 (Duplicate): DHCPv6 (still) doesn't work properly with multiple interfaces
Duplicate of #6880 -- it does work on Plus 22.05 and 2.7.0 snapshots.
 Jim Pingle
06:31 PM Bug #13353 (Duplicate): DHCPv6 (still) doesn't work properly with multiple interfaces
Another release, another stupid IPv6 bug that could have been detected with basic testing. I'm sure the users of the ... Flole Systems
07:18 PM Regression #12827: High latency and packet loss during a filter reload
There is still packet loss by the way and latency spikes up to 300ms on 22.05.... It becomes super obvious when the t... Flole Systems
06:49 PM pfSense Packages Bug #13354 (New): Tinc VPN causes constant gateway up/down events, packages restarts and filter reloads
The latest pfSense Plus version broke the tinc VPN: When tinc connects it generates an event:... Flole Systems
06:31 PM pfSense Packages Regression #13156: pfBlockerNG IP block stats do not work
luc Willems wrote in #note-15:
> found the issue why it was not working for me. the patch above, it was not "clear" ... Adrian Hansraj
03:58 PM pfSense Docs Todo #13352 (Resolved): Feedback on DNS — DNS Rebinding Protections
*Page:* https://docs.netgate.com/pfsense/en/latest/services/dns/rebinding.html
*Feedback:*
Small suggestion: Th... Jesse Sheidlower
02:13 PM Bug #9296: Alias content is sometimes incomplete when an alias contains both FQDN and IP address entries
There are several things I've noted about how aliases and filterdns work that - if they aren't directly related to th... Reid Linnemann
12:42 PM Revision 70dacbf3: Trim leading space from CSV vouchers. Fixes #13272
Jim Pingle
09:40 AM Feature #13351 (New): Improve Indicated Memory Usage in the Dashboard
Currently the value shown in the System Information widget is simply the system reported Free RAM value but that does... Steve Wheeler
08:18 AM Regression #13350: SSL/TLS OpenVPN Client fails with ``ifconfig`` error when the IPv4 Tunnel Network is defined
No, because there are valid cases where it should be set (e.g. to /30) at least for the time being. Since the client ... Jim Pingle
08:10 AM Regression #13350: SSL/TLS OpenVPN Client fails with ``ifconfig`` error when the IPv4 Tunnel Network is defined
Does it make sense to remove this GUI element from the options then? Erik Osterholm
07:59 AM Regression #13350: SSL/TLS OpenVPN Client fails with ``ifconfig`` error when the IPv4 Tunnel Network is defined
Normally in SSL/TLS with a client/server setup that has multiple clients the clients would never populate the tunnel ... Jim Pingle
08:08 AM Bug #9887 (Resolved): Rule separator positions change when deleting multiple rules
Looks good on the latest snapshot. Jim Pingle
07:54 AM Bug #13272 (Feedback): Voucher CSV output has leading space before voucher code
Merged. Jim Pingle
07:48 AM Bug #13014: Deadlock in Charon VICI interface
Hello, I have been working with technical support on this issue and was told to upgrade to version Pfsense Plus 22.05... Jesse Ortiz
07:47 AM pfSense Plus Bug #13348: Error when deleting ZFS Boot Environment created from duplicate of non-default entry
I can't reproduce this here so far. I can create a quick BE and then delete it without error. Though I haven't tried ... Jim Pingle
07:43 AM Bug #12875 (Resolved): Import zabbix-agent6 and zabbix-proxy6 from FreeBSD Ports
Jim Pingle
07:43 AM pfSense Packages Bug #10608 (Closed): Update squid port to 4.11-p2
Jim Pingle
03:59 AM pfSense Packages Bug #13209: Parsing Filter log by pfBlockerNG creates IP Block log with Source/Destination mixed up or wrong Direcion
Any news on a solution for this issue? Djerk Geurts

07/10/2022

12:31 PM Regression #13350 (Resolved): SSL/TLS OpenVPN Client fails with ``ifconfig`` error when the IPv4 Tunnel Network is defined
Filing this on behalf of a client.
When an IPv4 Tunnel Network is defined on an OpenVPN *Client* in pfSense, we ge... Erik Osterholm
12:16 PM Bug #13325: System Information widget breaks with multiple instances
Kris Phillips wrote in #note-1:
> Larry,
>
> Have you tried a fresh install of pfSense Plus to verify this issue ... Larry Bernardo
11:18 AM pfSense Packages Todo #13349 (Resolved): Add note in WireGuard GUI regarding routing behavior for Allowed IPs
As specified here:
https://docs.netgate.com/pfsense/en/latest/vpn/wireguard/settings.html#wireguard-settings-peer
... Marcos M
11:13 AM pfSense Plus Bug #13348 (Resolved): Error when deleting ZFS Boot Environment created from duplicate of non-default entry
After attempting to delete a "quick" boot environment, the GUI displayed the following error:... Marcos M
04:05 AM pfSense Packages Regression #13156: pfBlockerNG IP block stats do not work
found the issue why it was not working for me. the patch above, it was not "clear" for me it had to be ' _<space>_ '... luc Willems

07/09/2022

09:06 PM Bug #12875: Import zabbix-agent6 and zabbix-proxy6 from FreeBSD Ports
This is present in the 22.05 RELEASE repos, so this redmine should be closed as Resolved. Kris Phillips
09:05 PM Bug #13276: IGMP Proxy Error Message for Logging Links to System Log Instead of Routing Log
This is present on 2.6 and 22.05. Kris Phillips
09:04 PM Bug #13277: IGMP Proxy webConfigurator Page Always Produces Error
This is present in the 22.05-RELEASE build as well (just tested). However, it does not appear to affect functionality. Kris Phillips
09:01 PM Bug #13325: System Information widget breaks with multiple instances
Larry,
Have you tried a fresh install of pfSense Plus to verify this issue is still present? That looks like someth... Kris Phillips
08:57 PM Todo #10464: Don't change the current update repo when new releases are available
Internal Redmine 7479 I feel would be a better solution to this problem, rather than making PHP changes. If we split... Kris Phillips
08:55 PM pfSense Docs Todo #12461: Improve macOS Serial Command Instructions
This should be corrected as customers run into this all the time now, since the driver was updated for all platforms ... Kris Phillips
08:48 PM Bug #9296: Alias content is sometimes incomplete when an alias contains both FQDN and IP address entries
Reid Linnemann wrote in #note-101:
> I'm having a crack at this issue now. Is everyone experiencing this issue using... Kris Phillips
06:50 PM pfSense Packages Bug #10900: /packages/backup/backup.php?a=download&t=backup HTTP 504, or Sends PHP Error Message as ASCII/Text file Named pfsense.bak.tgz
This is very similar to https://redmine.pfsense.org/issues/11098 - testing covered using both "/root" and "/" as back... Jordan G
02:11 PM pfSense Packages Bug #10608: Update squid port to 4.11-p2
[22.05-RELEASE][admin@pfSense.home.arpa]/root: pkg info squid
squid-5.4.1
Name : squid
Version ... Alhusein Zawi
10:43 AM pfSense Packages Bug #13347: Setting BGP default-originate route map does not prepend the AS path
Side note I quickly tested setting a community using a route map on the default-originate statement and it worked. Se... Chris Linstruth
10:32 AM pfSense Packages Bug #13347 (New): Setting BGP default-originate route map does not prepend the AS path
Setting a route-map on the default-originate statement or outbound routes to a BGP peer does not properly prepend the... Chris Linstruth
01:43 AM Bug #13272: Voucher CSV output has leading space before voucher code
Tested, no more space before the code.
!clipboard-202207090942-zzonz.png!
 Lev Prokofev
01:23 AM Bug #9887: Rule separator positions change when deleting multiple rules
Tested, and it works for me. Lev Prokofev

07/08/2022

06:15 PM Regression #13026: Limiters do not work
Not sure if fully related but having limiter issues on final 22.05 release with a netgate 6100.
2 limiters, each wit... Jose Duarte
02:33 PM pfSense Plus Bug #13338: OpenVPN DCO panics with short UDP packets
Tested on 22.05, was able to reproduce
tested on
Version 22.09-DEVELOPMENT (amd64)
built on Fri Jul 08 06:14:3... Georgiy Tyutyunnik
02:08 PM pfSense Plus Bug #13338 (Feedback): OpenVPN DCO panics with short UDP packets
This is now merged. Steve Wheeler
02:21 PM Revision 2dc23896: Fixed handling of single rule selected with multi-delete Issue #9887
Christopher Cope
02:15 PM pfSense Docs New Content #12791 (Feedback): Diagnostic Information for Support (pfSense)
I took a different approach than the MR did. It's up and live now:
https://gitlab.netgate.com/docs/pfSense-docs/-/... Jim Pingle
10:16 AM Bug #9887 (Feedback): Rule separator positions change when deleting multiple rules
Fix merged Christopher Cope
09:22 AM Bug #9887: Rule separator positions change when deleting multiple rules
Latest patch tests OK for me. Jim Pingle
07:16 AM pfSense Plus Regression #13345 (Not a Bug): IPSEC tunnel loosing packets after upgrade to 22.05 between NG 1100 and NG 7100
There isn't enough information here to classify this as a bug, and we can't reproduce that in lab conditions. It's en... Jim Pingle
02:52 AM pfSense Plus Regression #13345 (Not a Bug): IPSEC tunnel loosing packets after upgrade to 22.05 between NG 1100 and NG 7100
After upgrading i noticed horrible performance over the tunnel to work.
ping gives loss and hundreds and thousands ... Lars Lindley
05:59 AM pfSense Packages Regression #13156: pfBlockerNG IP block stats do not work
same for me
using
pfsense+ V22.05
pfblockerNG-devel V3.1.0_4
basic setup using wizard.
manually edit the pf... luc Willems

07/07/2022

01:44 PM Bug #13014: Deadlock in Charon VICI interface
We suggested this bug may be the cause of what the customer is seeing in 945855019. His experience is that the tunnel... Chris W
12:19 PM Bug #9887: Rule separator positions change when deleting multiple rules
Here's a new patch with missing fixes. Seems to pass all tests this time. Christopher Cope
09:01 AM Bug #13344 (Duplicate): Vlan loses parent interface when changing LAGG mtu to jumbo frames
Hi,
Psense+ version: 22.01
When I try to add jumbo frames to lagg interface ( 9000 ) - main
When I change the... Matthew Whittaker-Williams

07/06/2022

02:26 PM Regression #11512: DHCP Leases page and ARP table page fail to load if DNS is not available
I recently upgraded to 22.05 and am seeing this same issue. Possible regression again? The page used to load within a... Aaron Shaffer
02:01 PM Bug #5413: Reduce disruptions when changing DNS records from DHCP leases in Unbound
Netgate 3100 user here, running 22.05, upgraded from 22.01 - Same problem: DNS interruptions. Can this issue get some... Per-Arne Hellarvik
01:01 PM Bug #13327: Valid OpenVPN client connections rejected due to extraneous output to ovpn_auth_verify
I'm experiencing the exact same problem reported by Brian Martin.
Unfortunately I don't have enough knowledge of PHP... Massimo Vannucci
11:03 AM pfSense Packages Bug #13343 (Resolved): HAproxy cookie protection syntax needs updated
A bug has been found after UPdate to pfSense plus 22.05: the generated code by HaProxy-GUI... Johannes Goldynia
08:05 AM pfSense Docs Todo #13342 (Feedback): Correct BGP last-as description
Merged. Jim Pingle
03:45 AM Regression #13323 (Feedback): Captive Portal breaks policy based routing for MAC address bypass clients
And that fix has landed: https://github.com/pfsense/pfsense/commit/add6447b9dc801144141bb24f8c264e03a0e7cae Kristof Provost

07/05/2022

06:17 PM pfSense Docs Todo #13342 (Pull Request Review): Correct BGP last-as description
https://gitlab.netgate.com/docs/pfSense-docs/-/merge_requests/44 Marcos M
05:49 PM pfSense Docs Todo #13342 (Resolved): Correct BGP last-as description
The following is incorrect:
https://docs.netgate.com/pfsense/en/latest/packages/frr/global/routemaps.html#bgp-as-p... Marcos M
04:45 PM Revision add6447b: Ensure we apply policy routing on whitelisted captive portal MAC addresses
We cannot simply 'pass in quick' for the _patthru tagged packets,
because that means we don't process any subsequent ... Kristof Provost
02:56 PM Revision ad20a68b: Filter reload at end of rc.newwanip. Fixes #13228
Jim Pingle
01:51 PM pfSense Plus Bug #13338 (Pull Request Review): OpenVPN DCO panics with short UDP packets
Marcos M
12:59 PM pfSense Plus Bug #13338: OpenVPN DCO panics with short UDP packets
That looks to be the result of a short UDP packet. Short enough that it doesn't contain an openvpn header.
https:/... Kristof Provost
10:31 AM pfSense Plus Bug #13338 (Resolved): OpenVPN DCO panics with short UDP packets
If a UDP packet directed towards an active OpenVPN socket is received which is too short to contain an OpenVPN header... Marcos M
01:46 PM pfSense Packages Bug #13332: HAProxy Broken after v22.05 and HAProxy v0.61_3
Johannes Goldynia
Please open a new bug report for the HSTS / Cookie protection issue. Marcos M
07:59 AM pfSense Packages Bug #13332 (Rejected): HAProxy Broken after v22.05 and HAProxy v0.61_3
There is no way the package can possibly track and warn about custom configuration directives. By definition it does ... Jim Pingle
12:53 PM Bug #13341 (Not a Bug): IPSEC VTI Gateway Monitoring
That is most likely a problem in your configuration or environment, VTI gateway monitoring is working fine in general... Jim Pingle
12:14 PM Bug #13341 (Not a Bug): IPSEC VTI Gateway Monitoring
Hello,
Gateway monitoring does not work on VTI gateways altough the tunnel is UP and traffic is passing succesfull... Marcus Oliveira
12:24 PM Bug #9296: Alias content is sometimes incomplete when an alias contains both FQDN and IP address entries
I'm having a crack at this issue now. Is everyone experiencing this issue using unbound as a resolver by chance? Reid Linnemann
11:25 AM Feature #13340 (New): Option to change QinQ ethertype to Service VLAN Tag
Currently, pfSense uses C-Tags (ethertype 0x8100) for QinQ interfaces. Ideally, it should keep C-Tags on existing con... Marcos M
10:46 AM Bug #13339 (Not a Bug): Randomly DHCP interface detaches and attach automatically in pfsense 2.6.0
This site is not for support or diagnostic discussion.
For assistance in solving problems, please post on the "Net... Jim Pingle
10:44 AM Bug #13339 (Not a Bug): Randomly DHCP interface detaches and attach automatically in pfsense 2.6.0
I am facing issue on pfsense firewall CE 2.6.0 after upgrade on 2.5.0 to 2.6.0.., Honnesh Gowda
10:05 AM Bug #13228 (Feedback): Recovering interface gateway may not be added back into gateway groups and rules when expected
Applied in changeset commit:ad20a68bae86fff5660b02789a49618a6e71ae22. Jim Pingle
09:42 AM Bug #9887: Rule separator positions change when deleting multiple rules
This fails in a new/different way when applied. When attempting "test 2" from my original attachments, it puts the se... Jim Pingle
09:36 AM Bug #13327: Valid OpenVPN client connections rejected due to extraneous output to ovpn_auth_verify
I neglected to mention in the bug report and the forum thread that I'm on release 2.6.0, the current stable release. ... Brian Martin
07:35 AM Bug #13327 (Rejected): Valid OpenVPN client connections rejected due to extraneous output to ovpn_auth_verify
There isn't enough information to go on here. This is working for us in the lab and for most if not all users of the ... Jim Pingle
08:47 AM Regression #13323: Captive Portal breaks policy based routing for MAC address bypass clients
I've applied the patch and it fixed the problem for me. Thanks a bunch! Axel Taferner
08:11 AM Bug #13337 (Rejected): After upgrading from 22.01 to 22.05 unbound intermittently stops resolving until manually restarted
There isn't enough information to go on here and it's working fine for thousands of others. It's possible it's relate... Jim Pingle
03:37 AM Bug #13337 (Rejected): After upgrading from 22.01 to 22.05 unbound intermittently stops resolving until manually restarted
Config haven't changed from 22.01 but after upgrade started having problems with dns resolver just timing out on reso... Vaidotas Butkus
08:09 AM pfSense Packages Bug #13336 (Rejected): BGP packets not being sent to OpenVPN cloud connections
This is almost certainly a configuration problem with your OpenVPN setup and/or FRR settings. This site is not for su... Jim Pingle
08:07 AM pfSense Packages Bug #13328 (Not a Bug): Wireguard Site-to-Site broken after upgrade to 22.05
This is unlikely to be a bug, but something in your configuration or environment. It's working for many others in sim... Jim Pingle
08:05 AM pfSense Docs Todo #12770 (Resolved): Feedback on Firewall — Configuring firewall rules
Merged. Also fixed a couple small things I noticed after merging: https://gitlab.netgate.com/docs/pfSense-docs/-/comm... Jim Pingle
07:56 AM pfSense Docs New Content #13270 (Resolved): OpenVPN client gateway is incorrect when the server does not push routes
Merged.
I fixed a couple extra things I noticed after merging: https://gitlab.netgate.com/docs/pfSense-docs/-/comm... Jim Pingle
07:43 AM pfSense Plus Bug #12607 (Closed): Instability with Snort Inline with AWS Instances
Jim Pingle
07:41 AM Bug #13330 (Rejected): Traffic Shaper Wizard is broken
Please open separate issues for each item, like you did for the second bullet point there ( #13329 )
The first bul... Jim Pingle
07:41 AM Bug #12747: Restarting the logging daemon during rotation also restarts ``sshguard``, leading to frequent log messages
I'm having the same issue on 2.6.0 at every 1 minute:
Jul 5 09:33:00 sshguard 77002 Exiting on signal.
Jul 5 09:3... Geovane Gonçalves
07:36 AM Bug #13318 (Resolved): Neighbor hostnames in the NDP Table on ``diag_ndp.php`` are always empty
Jim Pingle
03:26 AM Bug #5413: Reduce disruptions when changing DNS records from DHCP leases in Unbound
Any progress on this as it causes lots of other DNS resolver issues not just short interruptions.
22.01 dns resolver... Vaidotas Butkus

07/04/2022

08:14 PM pfSense Packages Bug #13336 (Rejected): BGP packets not being sent to OpenVPN cloud connections
Scenario:
OpenVPN cloud is utilized to connect two pfsense routers behind CGNAT to allow for site to site connectivi... Devan Bhagat
03:23 PM Feature #13293: Option to set auth-gen-token in OpenVPN GUI
It's unclear if the concerns mentioned on the following link have been addressed - best to keep this as a custom opti... Marcos M
02:07 PM Regression #13323: Captive Portal breaks policy based routing for MAC address bypass clients
If you'd like to test it and provide feedback, here's the patch - apply it with the System Patches package. Marcos M
01:30 PM Regression #13323: Captive Portal breaks policy based routing for MAC address bypass clients
Yes, that's internal. It'll turn up in the public tree once I find a victim to review it. That's going to take a day ... Kristof Provost
01:00 PM Regression #13323: Captive Portal breaks policy based routing for MAC address bypass clients
Kristof, the link you posted doesn't work. DNS_PROBE_FINISHED_NXDOMAIN
You probably linked to something internal tha... Axel Taferner
11:07 AM Regression #13323: Captive Portal breaks policy based routing for MAC address bypass clients
The draft patch wouldn't work, but a similar fix does:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests... Kristof Provost
11:15 AM pfSense Plus Bug #13334 (Not a Bug): Configuration Auto Backup broken after v22.05 fresh install
I was able to upload backups successfully. Likely a temporary service outage. If it continues to happen, I'd suggest ... Marcos M
11:04 AM pfSense Packages Bug #11098 (Resolved): Backup Files and Directories plugin crashes firewall if /root specified as backup location
I'll close this given that the original issue (crash) no longer happens. There's still the issue of the package locki... Marcos M
10:48 AM Feature #13335: Allow NAT reflection to be limited to specific interfaces
The NAT reflection mode default can be kept as @disabled@, while enabling it per NAT rule. I suppose having the featu... Marcos M
02:08 AM Feature #13335 (New): Allow NAT reflection to be limited to specific interfaces
I have a setup at home with a VLAN for guests, which doesn't have access to any internal resources. Because of this,... Chris Gelatt
10:32 AM pfSense Packages Bug #13333: PHP error when saving Suricata rulesets
Marcos Mendoza wrote in #note-2:
> It happened a while ago as you can tell from the timestamp, unfortunately I don't... Bill Meeks

07/03/2022

11:35 PM pfSense Packages Bug #11098: Backup Files and Directories plugin crashes firewall if /root specified as backup location
my apologies, I did misunderstand the initial report
in case of specifying "/root/" as path, the backup button produ... Jordan G
07:25 PM Regression #13290: Error ``dummynet: bad switch 21!`` when using Captive Portal with Limiters
For reference:
There's a redmine report for the policy routing issue here https://redmine.pfsense.org/issues/13323... Marcos M
07:23 PM Regression #13323: Captive Portal breaks policy based routing for MAC address bypass clients
Potential fix here: https://redmine.pfsense.org/issues/13290#note-6 Marcos M
06:42 PM pfSense Packages Bug #13333: PHP error when saving Suricata rulesets
It happened a while ago as you can tell from the timestamp, unfortunately I don't remember the exact details to repro... Marcos M
04:14 PM pfSense Packages Bug #13333: PHP error when saving Suricata rulesets
Can you add a little more detail for this statement: " _This was triggered when existing rules were auto-enabled by ... Bill Meeks
12:59 PM pfSense Packages Bug #13333 (Resolved): PHP error when saving Suricata rulesets
In some cases, @$enabled_rulesets_array@ in @suricata_rulesets.php@ may not be an array which results in the followin... Marcos M
06:06 PM pfSense Plus Bug #13334 (Not a Bug): Configuration Auto Backup broken after v22.05 fresh install
Multiple errors (30) generated with the same message:
3:33:24 An error occurred while uploading the encrypted confi... Rick Strangman
12:20 PM pfSense Packages Bug #13332: HAProxy Broken after v22.05 and HAProxy v0.61_3
Hello,
updating the pass-trough rules to... Johannes Goldynia
02:58 AM pfSense Packages Bug #13328: Wireguard Site-to-Site broken after upgrade to 22.05
After reading through here, I think this might be related to this
https://redmine.pfsense.org/issues/12808
I never h... Sebastian Schmid
 

Also available in: Atom