Project

General

Profile

Activity

From 07/20/2022 to 08/18/2022

08/18/2022

11:44 PM pfSense Packages Bug #10693: pfSense Bind Zone Editor UI does not update zone serial number when a change is made
Andrzej Milewski wrote in #note-3:
> I have BIND version 9.16-11 package and pfSense version 2.5.2. Serial number no... Gabriel Millerd
04:57 PM pfSense Docs Correction #13428 (Resolved): Firewall rules clarification
In https://docs.netgate.com/pfsense/en/latest/firewall/rule-methodology.html, the following text is, at best, unclear... Dave Madsen
08:11 AM Bug #13424: CRL expiration date with default lifetime is too long, goes past UTCTime limit
The patch has been committed into the System Patches package and will be available to users there soon once some work... Jim Pingle
08:09 AM Bug #13423: IPv6 neighbor discovery protocol (NDP) fails in some cases
Pim Pish wrote in #note-3:
> Here's a similar case.
> https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=263288
W... Jim Pingle
02:33 AM Bug #13423: IPv6 neighbor discovery protocol (NDP) fails in some cases
Here's a similar case.
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=263288 Pim Pish
04:20 AM Bug #10792: Crash when switching interface off and on again in cohesion with multicast
I probably made a mistake. Every thing is still working including the GUI. Note that there seems to be two versions o... Louis B
01:54 AM Feature #13411: Packet capture does not support 6rd tunnels
Thanks; I can confirm that this works.
* Installs cleanly with the System Patches tool
* Provides the option to ca... Daniel Engel

08/17/2022

08:01 PM Revision 611de84a: Encode filename browser.php. Fixes #13262
(cherry picked from commit 1b5919c769ba736b44819f71ee1ddce06e2a50c5) Jim Pingle
07:52 PM Revision f6404cad: CRL lifetime fixes to avoid rollover. Fixes #13424
(cherry picked from commit a3c1589086ea67d25a28ec14ab95d7fd9ab25fa2) Jim Pingle
07:52 PM Revision 6dc07508: Skip URL tables with invalid names. Fixes #13425
(cherry picked from commit db0cdbc8e77a47b45a6da4061e5d8e59e0fc592d) Jim Pingle
07:52 PM Revision 22f7276c: Clean up+encode pkg rule filenames. Fixes #13426
(cherry picked from commit 4d9dd165e471394bb2ca520d56f8d8f9a82bb99a) Jim Pingle
07:52 PM Revision 7c54d26e: CA/Cert descr validation fixes. Fixes #13387
Validate description on save when editing and in other situations that
were not yet covered.
While here, ensure that... Jim Pingle
07:49 PM Revision a3c15890: CRL lifetime fixes to avoid rollover. Fixes #13424
Jim Pingle
07:38 PM Revision db0cdbc8: Skip URL tables with invalid names. Fixes #13425
Jim Pingle
07:26 PM Revision 4d9dd165: Clean up+encode pkg rule filenames. Fixes #13426
Jim Pingle
02:55 PM Bug #13424 (Feedback): CRL expiration date with default lifetime is too long, goes past UTCTime limit
Applied in changeset commit:a3c1589086ea67d25a28ec14ab95d7fd9ab25fa2. Jim Pingle
01:44 PM Bug #13424: CRL expiration date with default lifetime is too long, goes past UTCTime limit
Applied diff manually.
Restarted OpenVPN server service, bingo, it works!
Thanks! Greg M
11:11 AM Bug #13424 (Pull Request Review): CRL expiration date with default lifetime is too long, goes past UTCTime limit
MR: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/842
Diff attached for testing.
 Jim Pingle
10:40 AM Bug #13424 (Resolved): CRL expiration date with default lifetime is too long, goes past UTCTime limit
The default lifetime on internal CRLs is 9999 which as of now lands the expiration of a CRL past 2050. The CRL librar... Jim Pingle
02:55 PM Bug #13425 (Feedback): Invalid alias name can still be used by code attempting to validate URL table content
Applied in changeset commit:db0cdbc8e77a47b45a6da4061e5d8e59e0fc592d. Jim Pingle
02:09 PM Bug #13425 (Resolved): Invalid alias name can still be used by code attempting to validate URL table content
When validating an alias on save, the name is checked for validity, however the name is still used during validation ... Jim Pingle
02:55 PM Bug #13426 (Feedback): ``status.php`` uses ``<name>`` component of ``/tmp/rules.packages.<name>`` filenames in shell command without encoding
Applied in changeset commit:4d9dd165e471394bb2ca520d56f8d8f9a82bb99a. Jim Pingle
02:16 PM Bug #13426 (Resolved): ``status.php`` uses ``<name>`` component of ``/tmp/rules.packages.<name>`` filenames in shell command without encoding
If there is a file named @/tmp/rules.packages.|<command>|.txt@, then when an authenticated GUI user loads @status.php... Jim Pingle
02:50 PM Revision 6c055aaf: captiveportal: fix comment
Restore the correct comment, as pointed out by "Fole Systems" in
https://redmine.pfsense.org/issues/13323#change-62565 Kristof Provost
01:52 PM Bug #12938: Incorrect warning from ``radvd`` about ``AdvRDNSSLifetime`` value
I still get thousands of messages like:... Louis B
01:14 PM Regression #13420: TCP traffic sourced from the firewall can only use the default gateway
Tested:
2.5.0 - Passes TCP traffic from both WANs
2.5.1 - Fails as described
2.5.2 - Fails as described
2.6.0 - F... Steve Wheeler
08:38 AM Regression #13420: TCP traffic sourced from the firewall can only use the default gateway
Tested:
22.09.a.20220729.0600 - same behaviour
21.02.2-rel - same behaviour
21.02-rel - works as expected
<pre... Steve Wheeler
06:46 AM Regression #13420: TCP traffic sourced from the firewall can only use the default gateway
Attached rules from the tested firewall in 22.05. Steve Wheeler
10:52 AM Bug #10792: Crash when switching interface off and on again in cohesion with multicast
I changed my pfSense disk (SSD) for which reason I had to reinstall pfSense. After installing CE 2.7.0 version Fri Au... Louis B
10:16 AM Bug #13423: IPv6 neighbor discovery protocol (NDP) fails in some cases
A few other details:
This seems to only affect GUA (and possibly ULA) addresses, Link Local addresses always respo... Jim Pingle
09:57 AM Bug #13423 (Resolved): IPv6 neighbor discovery protocol (NDP) fails in some cases
This is proving fairly difficult to pin down a set of "steps to duplicate." In some cases an IPv6 interface seems to ... Chris Linstruth
09:32 AM Feature #13422 (Duplicate): Add a 'type' field to the DHCPv6 server Additional BOOTP/DHCP Options
In the IPv4 DHCP server the Additional BOOTP/DHCP Options allow setting the option type. Currently the DHCPv6 server ... Steve Wheeler
06:36 AM pfSense Plus Feature #12832: 6100 configurable Blinking Blue LED
shawn butts wrote:
> The blinking blue like for "normal operation status" feels like an "everything is ok ALARM!!!!"... Jonas R

08/16/2022

11:28 PM pfSense Packages Bug #13412: SquidGuard, Rewrite rules, only one sub-rule will work if more than one sub-rule defined
Here's a workaround for this issue however seems the workaround will not stay after network disconnection etc.or some... UserPfbUg User
09:11 PM pfSense Packages Bug #13421 (New): Stunnel certificate does not refresh
I use stunnel with ACME certificates which expires every 90 days. When the certificate is 6í days old ACME auto refre... A Schnee
06:39 PM Regression #13420: TCP traffic sourced from the firewall can only use the default gateway
This only affects traffic sourced from the firewall itself. Policy routed traffic from other local subnets opens stat... Steve Wheeler
06:32 PM Regression #13420 (Resolved): TCP traffic sourced from the firewall can only use the default gateway
Traffic sourced from the firewall itself will always open states on the interface with the default system route. Even... Steve Wheeler
03:49 PM Feature #13411: Packet capture does not support 6rd tunnels
It should work on 22.05 and 2.7. Here's the patch specifically for 2.6 though. Marcos M
03:02 PM Feature #13411: Packet capture does not support 6rd tunnels
I can't say whether the patch makes any difference or not; I cannot apply it:... Daniel Engel
02:58 PM pfSense Docs Todo #13419 (Resolved): Note FreeRADIUS request/response limitation
Add the following note to:
https://docs.netgate.com/pfsense/en/latest/packages/freeradius.html#troubleshooting-radiu... Marcos M
02:12 PM Feature #12982: Add support for RFC7499 in RADIUS library.
Hello Christian,
thank you VERY MUCH for looking into this. Any sort of workaround or patch would be GREATLY appr... Frank Lee
10:16 AM Regression #13323: Captive Portal breaks policy based routing for MAC address bypass clients
The comment ... Flole Systems

08/15/2022

05:14 PM Bug #13417 (Feedback): Kernel panic: pf_purge
Marcos M
04:28 PM Bug #13417: Kernel panic: pf_purge
... Mateusz Guzik
01:48 PM Bug #13417 (Feedback): Kernel panic: pf_purge
On a 7100 with 22.05:
> When we came into the office this morning, the pfSense was down, with no internet access t... Marcos M
03:41 PM Revision 67f0518a: Update UPnP status regex. Fixes #4500
Submitted-By: rtadams89 @ GitHub PR #4610 Jim Pingle
03:29 PM Regression #13418 (Resolved): Captive Portal does not keep track of client data usage
Setup:
* pfSense+ 22.05
* Configure Captive Portal on VLAN interface
* Use FreeRADIUS auth backend
* Check @Reaut... Dale Harron
01:33 PM Regression #11545 (Feedback): Primary interface address is not always used when VIPs are present
Jim Pingle
10:50 AM Bug #4500 (Feedback): UPnP/NAT-PMP status page does not display all port mappings
Applied in changeset commit:67f0518a9a00b6709e997b55b569926ef22c109d. Jim Pingle
10:45 AM Bug #4500: UPnP/NAT-PMP status page does not display all port mappings
Tested the PR and it worked well for that last problem case I mentioned. PR will be merged shortly. Thanks! Jim Pingle
10:33 AM Bug #4500 (Pull Request Review): UPnP/NAT-PMP status page does not display all port mappings
Jim Pingle
09:58 AM pfSense Docs Correction #12659 (Resolved): Correct inaccuracies in configuring Flow Control for ``ix`` and ``ixl`` interfaces
Merged and deployed. Jim Pingle
09:54 AM pfSense Packages Bug #12130 (Closed): Zeek fails to start
Jim Pingle
12:54 AM pfSense Packages Bug #12130: Zeek fails to start
I've tested on 22.05 pfsense release and Zeek (3.0.6_3) is started with out any issue. The file local.zeek is present... aleksei prokofiev
09:54 AM Regression #13323 (Resolved): Captive Portal breaks policy based routing for MAC address bypass clients
If it works as expected on a snapshot with the fix that's sufficient. Jim Pingle
09:53 AM pfSense Packages Bug #13415: Pushing WireGuard traffic out a specific GW using static routes crashes the WireGuard Service
Seems highly unlikely it's related to policy routing, but maybe the way the service is restarted or the conditions at... Jim Pingle
09:11 AM Feature #13416 (New): Change gateway monitoring actions default to "disabled"
I posit that the expense of running gateway monitoring actions is too expensive and disruptive to be enabled on every... Chris Linstruth
03:57 AM Bug #10792: Crash when switching interface off and on again in cohesion with multicast
Hello,
Just for info:
Related to PIMD
- I am still a happy PIMD user however the very old >>released version<<... Louis B

08/14/2022

08:38 PM Bug #10792 (New): Crash when switching interface off and on again in cohesion with multicast
This happened after renaming the description of a VLAN on an LACP LAGG consisting of ix0 and ix1 on a Netgate 7100 ru... Marcos M
07:59 PM Regression #13323: Captive Portal breaks policy based routing for MAC address bypass clients
Duplicated similar environment in 22.05. Confirmed policy routing was ignored for passthrumac entry hosts.
Upgrade... Chris Linstruth
07:18 PM Feature #13411: Packet capture does not support 6rd tunnels
If I understand this correctly, the following patch should cover it:
https://redmine.pfsense.org/issues/13382
App... Marcos M
07:16 PM Todo #13414: IPsec: Phase 1 Delay advanced option does not include scale or type of timer in Description
For what it's worth, the online docs explains things in more detail (including specifying seconds). Marcos M
07:11 PM Bug #13390: "Dark" theme uses the same colors for disabled and enabled input fields
I think the beta dark style should be removed at this point - it's even less up-to-date than the normal dark one and ... Marcos M
03:30 AM pfSense Packages Bug #13415 (New): Pushing WireGuard traffic out a specific GW using static routes crashes the WireGuard Service
This relates to Bug #11613 and Bug #12811
Trying to work around Bug #12811 I set up a Gateway Group containing 2 ... Oskar Stroka
02:31 AM pfSense Packages Bug #13404: LDAP authentication does not working
Hello,
yes, I can't find the right options that allow me to configure ldap authentication when you don't have admin ... Ettore Caprella

08/13/2022

09:06 PM Bug #12552: "Pull DNS" option within OpenVPN client does not cause pfSense to use DNS servers assigned by remote OpenVPN server
Sadly this is still a problem for me. Is there anything I can do to help move this bug along? John Williams
08:02 PM Bug #13396: Custom logo or background image is created with two dots (``..``) before the file extension
Tested and confirmed that the file extension gets an extra "." added when uploading a custom logo to the portal.
... Kris Phillips
06:58 PM Todo #13414 (New): IPsec: Phase 1 Delay advanced option does not include scale or type of timer in Description
The description for dead peer detection delay does not include the type of timer, or the scale. This makes it difficu... Pat Jensen
06:43 PM pfSense Packages Bug #13404: LDAP authentication does not working
Hello,
The virtual-server-default config file is generated from the webConfigurator in freeRADIUS. You shouldn't ... Kris Phillips
06:32 PM pfSense Docs Correction #12659: Correct inaccuracies in configuring Flow Control for ``ix`` and ``ixl`` interfaces
- From what I can see on a 5100 with both 22.05 and 22.01:
- Default settings are: @dev.ix.#.fc=0@ and @hw.ix.flow_co... Chris W
06:31 PM pfSense Packages Bug #13409 (Confirmed): Copy button for Optional pre-shared key for this tunnel works in HTTPS mode only
Confirmed on 22.05. Pressing the button does nothing in HTTP mode. Switches back to HTTPS and it functioned as expe... Kris Phillips
06:28 PM pfSense Packages Bug #13410: ClamAV 0.104.2 is subject to several vulnerabilies
The latest is on Freshports. We should probably bump the pfSense squid package up a version and pull in the updated ... Kris Phillips
06:25 PM Bug #13413: Some messages presented to users contain relative links to pages which may be invalid when triggered from certain packages
I can't reproduce this, but only because I can't get this error to pop up. I've tried intentionally breaking Wiregua... Kris Phillips
05:28 AM Bug #13413 (Resolved): Some messages presented to users contain relative links to pages which may be invalid when triggered from certain packages
If something goes wrong when you save the config changes of Wireguard (can't determine what it was in my case)
you w... Lev Prokofev
01:59 PM Bug #8846 (Resolved): Misleading error message when adding/editing static routes which use a gateway on a disabled interface

fixed
the GW will be disabled if the interface was disabled.
if there was a static route the GW will disappe... Alhusein Zawi
01:13 PM pfSense Packages Bug #12506 (Resolved): Only selected instance is restarted on suppress list change
Tested against:... Danilo Zrenjanin
09:29 AM pfSense Packages Bug #12036: Certificate Manager page do not show Zabbix used certificates
Tested:... Danilo Zrenjanin
03:21 AM Bug #4500: UPnP/NAT-PMP status page does not display all port mappings
I've just submitted a pull request to fix both of these issues: https://github.com/pfsense/pfsense/pull/4610 Ryan Adams
02:57 AM Bug #4500: UPnP/NAT-PMP status page does not display all port mappings
I have this same issue, caused both when the "label" on a rule is missing OR in my case when the rule allows only fro... Ryan Adams
01:33 AM Feature #701: Interface groups with NAT
Was this ever implemented? Status still "open" after >12 years... Suriname Clubcard
01:25 AM pfSense Packages Bug #13412: SquidGuard, Rewrite rules, only one sub-rule will work if more than one sub-rule defined
https://forum.netgate.com/topic/174018/squidguard-rewrite-rule-bug
If manually modify the squidguard configuration f... UserPfbUg User
01:21 AM pfSense Packages Bug #13412 (New): SquidGuard, Rewrite rules, only one sub-rule will work if more than one sub-rule defined

So, SquidGuard - Rewrites
If we create a new rewrite rule, add 1 rewrite condition and save it, Apply, it works ... UserPfbUg User

08/12/2022

07:32 PM Revision b0d417e2: Correct omission of ipv6 addresses in get_interface_addresses. #11545
The original v6 translation wrapping from pfSense_get_ifaddrs() output to that
of pfSense_get_interface_addresses had... Reid Linnemann
04:13 PM Bug #7996: Unnecessary link tag in login page
Pull request tested on... Christopher Cope
03:57 PM Bug #13390: "Dark" theme uses the same colors for disabled and enabled input fields
Tested on... Christopher Cope
02:46 PM pfSense Docs New Content #13401 (Feedback): Best practices doc for rotating credentials and keys
This should be reasonably complete. Can add anything else over time / as needed.
https://gitlab.netgate.com/docs/p... Jim Pingle
02:18 PM Regression #11545: Primary interface address is not always used when VIPs are present
Found it, it looks like I had some confusion in my array keys migrating the v6 address from the output of pfSense_get... Reid Linnemann
12:39 PM Feature #13411 (Closed): Packet capture does not support 6rd tunnels
Only the WAN interface is shown in the interface selection box, no sign of WAN_STF.
The capture log is empty aft... Daniel Engel
08:02 AM pfSense Packages Bug #13410 (New): ClamAV 0.104.2 is subject to several vulnerabilies
The current ClamAV pkg: clamav-0.104.2,1 is subject to a number of new vulnerabilites:
https://blog.clamav.net/2022/... Steve Wheeler
06:35 AM pfSense Packages Bug #13409 (Pull Request Review): Copy button for Optional pre-shared key for this tunnel works in HTTPS mode only
Under *VPN/WireGuard/Peers/Edit* - *Optional pre-shared key for this tunnel* Copy button works only when the GUI runs... Danilo Zrenjanin
06:29 AM pfSense Packages Bug #12258 (Resolved): Copy key buttons only work in HTTPS mode
Tested against:... Danilo Zrenjanin
02:36 AM pfSense Packages Bug #13404: LDAP authentication does not working
I can add moreover that I don't have any admin privileges on the ldap server and the ldap doesn't store any password ... Ettore Caprella

08/11/2022

06:31 PM Bug #13408 (Resolved): PF can fail to load a new ruleset
In some circumstances pfctl fails to load the rulset after it's updated. It shows errors like:... Steve Wheeler
04:34 PM pfSense Plus Regression #13355 (Resolved): OpenVPN crashes after reaching the configured concurrent connection limit
Tested on... Christopher Cope
04:02 PM Feature #12982: Add support for RFC7499 in RADIUS library.
I've been working on the radius code quite a bit over the past few weeks. The radius client library used in pfSense d... Christian McDonald
03:29 PM pfSense Packages Bug #13395 (Rejected): pfBlockerNG changes firewall URLs to unparseable
The @<br />@ shown there is done on purpose - this affects the alias details when hovering over an alias on the firew... Marcos M
03:00 PM pfSense Plus Bug #13407 (Not a Bug): pfsense dhcp_leases dont load
This site is not for support or diagnostic discussion.
For assistance in solving problems, please post on the "Net... Jim Pingle
02:58 PM pfSense Plus Bug #13407 (Not a Bug): pfsense dhcp_leases dont load
!clipboard-202208111656-c8uzl.png!
in my pfsenses in version 22.05 Plus dhcp leases page dont load
Error 504 - ... Leonardo Furquim
02:31 PM Regression #13167: DigitalOcean Dynamic DNS update fails with a "bad request" error
Another +1, with a bit more information. I have 3 pfSense 2.6.0 boxes: 2 in an HA pair and 1 standalone. Both site... Jason Schechner
01:59 PM Feature #12070: Support for VLAN ``0``
It seems this is fixed by:
https://reviews.freebsd.org/rGabf5bff71d38da3c797a3b6decb426c375cc0f8f Marcos M
12:41 PM Bug #13406 (Not a Bug): Moving webConfigurator to HTTP protocol voids the current password defined in the user management
That would have no effect on the password. The browser is -- correctly -- preventing cookies from working due to HSTS... Jim Pingle
12:37 PM Bug #13406 (Not a Bug): Moving webConfigurator to HTTP protocol voids the current password defined in the user management
Steps to reproduce:
1.)Under System/Advanced/Admin Access, choose the HTTP protocol under webConfiguration setting... Danilo Zrenjanin
09:12 AM pfSense Packages Bug #13405 (New): Wireguard: The webgui becomes excessively slow to respond with a large number of peers
Webgui pages that include data from Wireguard can become very slow to respond with a large number of elements present... Steve Wheeler
08:20 AM Regression #13381: Software VLAN tagging does not work on ``ixgbe(4)`` interfaces
I proposed a patch in https://reviews.freebsd.org/D36139
It works for me, but I'd like the Intel people (and driver ... Kristof Provost
06:57 AM Regression #13381: Software VLAN tagging does not work on ``ixgbe(4)`` interfaces
I've been able to reproduce this (on pfsense/main).
That required the following:... Kristof Provost
07:50 AM pfSense Packages Bug #12414 (Resolved): DNSBL SafeSearch page displays input validation error if DoH / DoT blocking is not enabled
Tested:... Danilo Zrenjanin
04:51 AM pfSense Packages Bug #13404 (Not a Bug): LDAP authentication does not working
Hi all,
has anyone encountered this particular issue with Freeradius3 0.15.7_33 with LDAP when a user tries to authe... Ettore Caprella
04:35 AM pfSense Packages Feature #13403 (New): Option to suppress graphing for individual thermal zones
As in many systems the thermal_tz1 and thermal_tz0 are invariant (not really present) it would be nice if they could ... odo maitre

08/10/2022

03:34 PM pfSense Packages Feature #13402 (New): Monitor graph thermal sensors F option vs just C
So the thermal widget allows showing temps in F, but if you look at the monitor graph it is only in C.
Allow for t... JohnPoz _
11:20 AM pfSense Docs New Content #13401: Best practices doc for rotating credentials and keys
Brad Davis wrote in #note-1:
> Maybe also add CA and certificates?
CA/Certs have that built in -- they expire. Th... Jim Pingle
11:18 AM pfSense Docs New Content #13401: Best practices doc for rotating credentials and keys
Maybe also add CA and certificates? Brad Davis
11:04 AM pfSense Docs New Content #13401 (Resolved): Best practices doc for rotating credentials and keys
We need a document somewhere in the pfSense docs which describes methods for periodic rotation of security-related it... Jim Pingle
06:37 AM pfSense Packages Bug #13395: pfBlockerNG changes firewall URLs to unparseable
pfSense 22.05
pfBlockerNG-devel 3.1.0_4
Steps to recreate:
Run wizard and (re)create the default setup.
It mi... Per-Arne Hellarvik
06:16 AM pfSense Packages Bug #13395: pfBlockerNG changes firewall URLs to unparseable
I couldn't replicate the issue on the 22.05 pfSense release.
I tested against:... Danilo Zrenjanin

08/09/2022

07:47 AM pfSense Packages Bug #12206 (Resolved): Certificate Manager page doesn't show Net-SNMP used certificates
Azamat Khakimyanov
03:31 AM Bug #8179: Incorrect reverse DNS zone in DHCP server config for non-octet-aligned subnet mask
Yousif Hassan wrote in #note-12:
> Azamat Khakimyanov wrote in #note-11:
> > Tested on 22.05
> >
> > With IP: 17... Azamat Khakimyanov

08/08/2022

10:37 PM Bug #9296: Alias content is sometimes incomplete when an alias contains both FQDN and IP address entries
@Reid - per your previous question - yes our entire list is only IP addresses with a #comment after each address. No ... Bob Smith
04:29 PM Bug #13014: Deadlock in Charon VICI interface
It doesn't appear to be related to AES-NI. Had the issue happen a couple times with AES-NI disabled. Gassy Antelope
01:31 PM Regression #13381: Software VLAN tagging does not work on ``ixgbe(4)`` interfaces
Tested: FreeBSD-14.0-CURRENT-amd64-20220729-467d3e2e8aa-257025-memstick.img Steve Wheeler
12:36 PM pfSense Docs Correction #13400: Feedback on Cellular Wireless — Known Working 3G-4G Modems
Felipe de Lorenzi wrote:
*Page:* https://docs.netgate.com/pfsense/en/latest/cellular/hardware.html

*Feedback:*... Felipe de Lorenzi
12:35 PM pfSense Docs Correction #13400 (Resolved): Feedback on Cellular Wireless — Known Working 3G-4G Modems
*Page:* https://docs.netgate.com/pfsense/en/latest/cellular/hardware.html
*Feedback:* The correct command for the ... Felipe de Lorenzi
11:52 AM pfSense Packages Bug #12206 (Assigned): Certificate Manager page doesn't show Net-SNMP used certificates
Tested on 22.05
After configuring CA and Certificate for Net-SNMP, and choosing 'Interface Binding: TLS/TCP' I saw N... Azamat Khakimyanov
10:57 AM Bug #8179: Incorrect reverse DNS zone in DHCP server config for non-octet-aligned subnet mask
Azamat Khakimyanov wrote in #note-11:
> Tested on 22.05
>
> With IP: 172.24.208.1/23 on DMZ interface and enabled... Yousif Hassan
07:40 AM Todo #13398: Information box on ``status_ipsec.php`` says "IPsec not enabled" even when a tunnel is established
Should be easy enough to fix, it's already doing a test of enabled/disabled there just above where it prints the info... Jim Pingle
07:21 AM pfSense Plus Bug #13399: Routing/Gateway - Can't switch from dynamic to Static IP-adress
Jim Pingle wrote in #note-1:
> Dynamic gateways can't change that way and are not intended to. They are not true ful... Jonas R
07:13 AM pfSense Plus Bug #13399 (Not a Bug): Routing/Gateway - Can't switch from dynamic to Static IP-adress
Dynamic gateways can't change that way and are not intended to. They are not true full gateway entries, they are auto... Jim Pingle
07:18 AM pfSense Docs Correction #8852 (Resolved): Clarify purpose of "Client Identifier" in DHCP static mapping
Merged and deployed. Jim Pingle
07:15 AM pfSense Docs Correction #12659: Correct inaccuracies in configuring Flow Control for ``ix`` and ``ixl`` interfaces
Chris W wrote in #note-3:
> Should the "ixgbe(4) (aka ix)" part be removed from under the System Tunables area since... Jim Pingle
07:11 AM Bug #12779 (New): Bogus domain generated for reverse DDNS when network mask is custom (not 24 16 or 8)
Jim Pingle
06:58 AM pfSense Packages Bug #11746 (Resolved): Second LDAP server configuration misses the ipaNThash control attribute
Tested on 22.05
Both LDAP server configurations have ipaNThash control attribute.
I marked this Bug as resolved. Azamat Khakimyanov

08/07/2022

07:04 AM Bug #8179 (Resolved): Incorrect reverse DNS zone in DHCP server config for non-octet-aligned subnet mask
Tested on 22.05
With IP: 172.24.208.1/23 on DMZ interface and enabled DHCP pool: 172.24.208.10-172.24.209.254 and ... Azamat Khakimyanov
05:23 AM pfSense Plus Bug #13399 (Not a Bug): Routing/Gateway - Can't switch from dynamic to Static IP-adress
Was doing some experiments which lead to some unforseen troubleshooting (thanks ZFS-snapshots for making it easy to r... Jonas R

08/06/2022

09:18 PM pfSense Packages Bug #13368: IPsec Profile Wizard/Windows: Cannot generate a script for IKEv2 VPN using GCM ciphers when mobile P2 has no hash algorithms selected
Setting "Auto" for the algorithm also causes issues. Formerly, it used to error out on "Auto" not being a valid opti... Kris Phillips
09:00 PM Bug #13375: Mixing VTI and disabled Tunnel Mode phase 2 entries on the same phase 1 breaks VTI gateway monitoring
Jim Pingle wrote in #note-2:
> It isn't valid to have both types on the same P1. I thought we already had checks tha... Kris Phillips
08:54 PM pfSense Packages Todo #13306: Update NUT to version 2.8.0 to match FreeBSD Packages
The NUT package is in FreshPorts:
https://www.freshports.org/sysutils/nut/
This will be automatically brought in ... Kris Phillips
08:52 PM pfSense Docs Correction #12659: Correct inaccuracies in configuring Flow Control for ``ix`` and ``ixl`` interfaces
Should the "ixgbe(4) (aka ix)" part be removed from under the System Tunables area since it's already present in the ... Chris W
08:50 PM pfSense Packages Feature #13370: Wireguard Dashboard status
Gil Gil wrote in #note-4:
> Ideally, it would be nice to see which Peers are connected, similar to the status of the... Kris Phillips
05:50 PM Regression #13167: DigitalOcean Dynamic DNS update fails with a "bad request" error
Dogpiling on -- have two pfSense+ (Netgate appliances) that have experienced this issue... Both on 22.05-RELEASE
B... IT Admin
02:51 PM Bug #7040 (Resolved): Issue when disabling an interface

Disabling the parent interface will stop the connectivity to all connected networks/VLANs , the vlan is up and you ... Alhusein Zawi
02:11 PM Bug #7551 (Resolved): Dynamic IPsec endpoints not added to rule set after WAN down/up

tested on 22.05-RELEASE
fixed.
when port is down (disabled WAN2 port) :
# VPN Rules
# Could not locate inte... Alhusein Zawi
08:27 AM pfSense Packages Bug #12706 (Resolved): pfBlockerNG and unbound does not work after switching /var to RAM disk
Tested:... Danilo Zrenjanin
06:14 AM pfSense Packages Bug #13114: BIND calls rndc in rc_stop when named is not running
Any instructions on how to replicate/test this case would be appreciated. Danilo Zrenjanin
06:10 AM pfSense Packages Bug #13380: OpenVPN client options cause "Options error: --proto tcp is ambiguous in this context. Please specify --proto tcp-server or --proto tcp-client"
It's not a bug, then. The correct syntax must be manually entered in the Custom Options field in the OpenVPN base cli... Danilo Zrenjanin
01:09 AM pfSense Packages Bug #13380: OpenVPN client options cause "Options error: --proto tcp is ambiguous in this context. Please specify --proto tcp-server or --proto tcp-client"
In origin, the config was imported to 22.01.
With problems:
OpenVPN 2.6_git amd64-portbld-freebsd12.3 [SSL (OpenSSL)... Lev Prokofev

08/05/2022

09:18 PM pfSense Packages Feature #12658: Adding prometheus metrics to darkstat
Sorry to keep pestering about this, but I am wondering what else needs to be done to include this?
Thank you. Karim Elatov
07:48 PM Todo #13398 (Resolved): Information box on ``status_ipsec.php`` says "IPsec not enabled" even when a tunnel is established
It appears that the default state for the info button is expanded when IPsec is disabled, and closed when a tunnel is... Chris W
06:35 PM Bug #5413: Reduce disruptions when changing DNS records from DHCP leases in Unbound
Hello Netgate Folk,
What if you created a version with this fix that could be applied with the Patch tool? I know ... Dennis Adler
02:18 PM pfSense Packages Bug #13380: OpenVPN client options cause "Options error: --proto tcp is ambiguous in this context. Please specify --proto tcp-server or --proto tcp-client"
Which version(s) of the OpenVPN binary are in place on the _clients_ when they have problems / when they do not have ... Jim Pingle
01:46 PM pfSense Packages Bug #13380: OpenVPN client options cause "Options error: --proto tcp is ambiguous in this context. Please specify --proto tcp-server or --proto tcp-client"
Tested on the:... Danilo Zrenjanin
02:14 PM Bug #13014: Deadlock in Charon VICI interface
Interesting, I'll go ahead and disable AES-NI and see what happens. Gassy Antelope
01:25 PM Bug #13014: Deadlock in Charon VICI interface
FYI I had a customer who had a box working fine for years, but it had some slow performance due to high CPU usage. U... Kris Phillips
12:55 PM Bug #13387: Input validation is not rejecting invalid description characters when editing a CA or Certificate
Tested the patch against:... Danilo Zrenjanin
06:25 AM Feature #13397 (New): Schema and associated APIs for access point manufacturers to leverage to allow pfSense to manage/configure access points.
I suspect this will be heavily debated but please read my idea before dismissing it.
One of the reasons products l... Anchal Nigam
01:26 AM Bug #13396 (Resolved): Custom logo or background image is created with two dots (``..``) before the file extension
When you upload a Logo or a Background Logo, its created with 2 .. (Dots) in the extension. So you have "captiveporta... OpIT GmbH

08/04/2022

08:54 PM Bug #13014: Deadlock in Charon VICI interface
Here's a kernel trace that shows what occurs when it crashes. I know the previous dump someone posted didn't show any... Gassy Antelope
01:38 PM pfSense Packages Bug #13395 (Rejected): pfBlockerNG changes firewall URLs to unparseable
It seems like the Auto creation of the update-urls in Firewall->Aliases->URLs get some addition which should not be t... Per-Arne Hellarvik
12:26 PM Bug #9296: Alias content is sometimes incomplete when an alias contains both FQDN and IP address entries
Some of the issues with FQDNs are better with 2.6/2.7.0-development and 22.05, but there are still very real problems... Reid Linnemann
08:04 AM Bug #9296: Alias content is sometimes incomplete when an alias contains both FQDN and IP address entries
Hi all,
i think this issue is solved in the version 2.6.0. I have 2 diffrent pfsense. One is on the verison 2.4.4-P... Marco Jäger
08:32 AM Regression #13394 (Resolved): ``ASN1_NULL.php`` missing from package build of ``security/php-openssl_x509_crl`` on snapshots
Current snapshots of Plus 22.09 and CE 2.7.0 have a problem with the build of @security/php-openssl_x509_crl@ where t... Jim Pingle
07:17 AM Bug #13393: DNS Resolver responds with unexpected source address when the DNS over TLS server function is enabled
Marcos M wrote in #note-4:
> Indeed it was the DoT option - what's the reason for @interface-automatic@ being depende... Jim Pingle
05:31 AM pfSense Docs New Content #13385 (Resolved): Add notice "A remote gateway address of '0.0.0.0' or '::' is not compatible with VTI, use an FQDN instead"
Yes, it looks fine now. I am marking this ticket resolved. Danilo Zrenjanin

08/03/2022

04:15 PM Bug #13393: DNS Resolver responds with unexpected source address when the DNS over TLS server function is enabled
Indeed it was the DoT option - what's the reason for @interface-automatic@ being dependent on DoT being disabled? Whe... Marcos M
03:05 PM Bug #13393: DNS Resolver responds with unexpected source address when the DNS over TLS server function is enabled
It's already set in the config where it can be:
https://github.com/pfsense/pfsense/blob/master/src/etc/inc/unbound... Jim Pingle
03:04 PM Bug #13393: DNS Resolver responds with unexpected source address when the DNS over TLS server function is enabled
The issue is when it's bound to all. When it's bound to specific interfaces, it's not an issue.
https://gitlab.netga... Marcos M
02:52 PM Bug #13393 (Not a Bug): DNS Resolver responds with unexpected source address when the DNS over TLS server function is enabled
That's a limitation of Unbound when binding to specific interfaces/addresses or when acting as a DNS over TLS server.... Jim Pingle
02:36 PM Bug #13393 (Resolved): DNS Resolver responds with unexpected source address when the DNS over TLS server function is enabled
When unbound responds to DNS queries, it will by default respond with a source address that is closest to the request... Marcos M
02:37 PM Feature #13384: When Adding / Editing a Firewall Rule, the Interface option should default to the Interface from which you clicked on the Add/Edit link
Just because they hit the add button there doesn't mean it should be restricted. It's to add a rule, period. It defau... Jim Pingle
02:32 PM Feature #13384: When Adding / Editing a Firewall Rule, the Interface option should default to the Interface from which you clicked on the Add/Edit link
@Jim Pingle
It does indeed select the correct interface. What I'm saying is that it should not allow this to be a ... Michael Cropper
10:57 AM pfSense Plus Bug #13392: Ipv6 firewall exposing all global addresses on lan.
You're right. It qA pfblockerNG. Uninstalled and it's solved. Sorry for any inconvinience João Oliveira
10:44 AM pfSense Plus Bug #13392: Ipv6 firewall exposing all global addresses on lan.
Ii know this is not a help forum. pretty sure it’s a big since i have no ipv6 rules set on wan and the only floating... João Oliveira
10:35 AM pfSense Plus Bug #13392 (Not a Bug): Ipv6 firewall exposing all global addresses on lan.
That can only be true if your WAN rules are passing in the traffic or pf is disabled. That does not happen automatica... Jim Pingle
09:35 AM pfSense Plus Bug #13392 (Not a Bug): Ipv6 firewall exposing all global addresses on lan.
Hello.
I’ve just configured ipv6 provided by my isp with following settings\
Interfaces --> WAN --> DHCP6 Clien... João Oliveira
06:57 AM Regression #13391: Multiple Captive Portal interfaces do not properly form the list of portal IP addresses
User gertjan found the Problem. See this Post: https://forum.netgate.com/topic/173842/problem-with-multiple-interface... OpIT GmbH
03:30 AM Regression #13391 (Resolved): Multiple Captive Portal interfaces do not properly form the list of portal IP addresses
When you select multiple Interfaces in a Captive Portal Zone, its just creating Rules for one Interface and that caus... OpIT GmbH

08/02/2022

07:09 PM Bug #13390 (Pull Request Review): "Dark" theme uses the same colors for disabled and enabled input fields
Marcos M
07:09 PM Bug #13390: "Dark" theme uses the same colors for disabled and enabled input fields
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/839 Marcos M
07:03 PM Bug #13390 (Resolved): "Dark" theme uses the same colors for disabled and enabled input fields
As is, it's hard to tell the difference between input fields which are disabled and enabled. Marcos M
03:44 PM Bug #13389 (Duplicate): IPsec filter rules do not match Mobile IPsec traffic when Captive Portal is enabled.
This issue exists on a build before the Jun 22nd release. This has already been fixed - NG #8287. Marcos M
01:51 PM Bug #13389: IPsec filter rules do not match Mobile IPsec traffic when Captive Portal is enabled.
I should have clarified.
LAN2 is 10.0.5.1 (where I'm trying to get to from the client)
LAN is 10.0.1.1 (where CP ... Marcos M
01:47 PM Bug #13389 (Not a Bug): IPsec filter rules do not match Mobile IPsec traffic when Captive Portal is enabled.
Unless I'm missing something here that's normal and expected.
Traffic _to_ a host on LAN from anywhere, including ... Jim Pingle
01:34 PM Bug #13389 (Duplicate): IPsec filter rules do not match Mobile IPsec traffic when Captive Portal is enabled.
Running 22.05 amd64
The following rule exists at the top of the IPsec interface:... Marcos M
11:49 AM pfSense Plus Bug #13358 (Ready To Test): Traffic to OpenVPN DCO RA clients above the first available tunnel IP address is incorrectly routed
Kristof Provost
10:19 AM pfSense Docs Todo #13369 (Feedback): Standardize mentions of macOS
This should take care of the remaining mentions: https://gitlab.netgate.com/docs/pfSense-docs/-/commit/0349e56bf7e2ff... Jim Pingle
07:30 AM Feature #13388 (Resolved): Support for international characters in the AutoConfigBackup Hint/Identifier field
Using unexpected characters in the Hint/Identifier field results in an invalid xml error.
For example using the va... Steve Wheeler

08/01/2022

05:19 PM Revision 2fe0e0fa: CA/Cert descr validation fixes. Fixes #13387
Validate description on save when editing and in other situations that
were not yet covered.
While here, ensure that... Jim Pingle
04:10 PM pfSense Docs Todo #12461: Improve macOS Serial Command Instructions
Ryan Coleman wrote in #note-9:
> Jim Pingle wrote in #note-8:
>
> > I don't think we should start down a path of... Jim Pingle
03:35 PM pfSense Docs Todo #12461: Improve macOS Serial Command Instructions
Jim Pingle wrote in #note-8:
> I don't think we should start down a path of writing a manual for screen. We only e... Ryan Coleman
08:53 AM pfSense Docs Todo #12461: Improve macOS Serial Command Instructions
Ryan Coleman wrote in #note-6:
> Jim Pingle wrote in #note-5:
> > Updated in pfSense docs as well: https://gitlab.... Jim Pingle
03:15 PM pfSense Docs New Content #12883 (Feedback): Add note to DNS Resolver/Forwarder Host Overrides docs about client DNS bypassing the firewall (e.g. DoH)
This should hopefully cover the topic in a few relevant places with minimal repetition:
https://gitlab.netgate.com... Jim Pingle
12:57 PM pfSense Docs New Content #12883 (New): Add note to DNS Resolver/Forwarder Host Overrides docs about client DNS bypassing the firewall (e.g. DoH)
Jim Pingle
08:36 AM pfSense Docs New Content #12883 (Pull Request Review): Add note to DNS Resolver/Forwarder Host Overrides docs about client DNS bypassing the firewall (e.g. DoH)
Jim Pingle
02:40 PM pfSense Docs New Content #13385 (Feedback): Add notice "A remote gateway address of '0.0.0.0' or '::' is not compatible with VTI, use an FQDN instead"
This should cover it: https://gitlab.netgate.com/docs/pfSense-docs/-/commit/94b3b01c346a8dcbc5718d0c39b55bdb1563705d Jim Pingle
12:35 PM Bug #13387 (Feedback): Input validation is not rejecting invalid description characters when editing a CA or Certificate
Applied in changeset commit:2fe0e0fab528be3e297ed14ddd9d9e73c99cc1c4. Jim Pingle
10:19 AM Bug #13387 (Resolved): Input validation is not rejecting invalid description characters when editing a CA or Certificate
When editing an existing CA or Certificate, the description is not validated on save the way it is validated during o... Jim Pingle
12:34 PM pfSense Docs New Content #11071 (Feedback): Add documentation for missing configuration items on IPv6 Router Advertisements
Merged and I also fixed a couple things in it after: https://gitlab.netgate.com/docs/pfSense-docs/-/commit/a5d062e917... Jim Pingle
07:34 AM pfSense Docs New Content #11071 (Pull Request Review): Add documentation for missing configuration items on IPv6 Router Advertisements
Jim Pingle
09:15 AM Bug #13383 (Feedback): Certificates cannot be created via csr in the Certificate Manager
I cannot reproduce this. I can create a CSR and sign it without error.
We'll need to know the exact input you are ... Jim Pingle
08:37 AM pfSense Docs Correction #8852 (Pull Request Review): Clarify purpose of "Client Identifier" in DHCP static mapping
Jim Pingle
08:31 AM Feature #13384 (Rejected): When Adding / Editing a Firewall Rule, the Interface option should default to the Interface from which you clicked on the Add/Edit link
I can't replicate what you are stating here.
If I go to any given tab in firewall rules and add a new rule or edit... Jim Pingle
08:02 AM pfSense Packages Bug #13380 (Feedback): OpenVPN client options cause "Options error: --proto tcp is ambiguous in this context. Please specify --proto tcp-server or --proto tcp-client"
Is this a problem in base or in the OpenVPN client export package? The issue was opened under base (not packages), bu... Jim Pingle
07:40 AM Bug #13376 (Rejected): Firewall ruleset fails to populate interface subnets/addresses if the internal interface names have been changed
The tags for assigned interfaces don't change like that. When changing the name of an interface it only changes the @... Jim Pingle
07:33 AM Bug #13375: Mixing VTI and disabled Tunnel Mode phase 2 entries on the same phase 1 breaks VTI gateway monitoring
It isn't valid to have both types on the same P1. I thought we already had checks that prevented ending up with the c... Jim Pingle
06:47 AM pfSense Packages Bug #12683 (Resolved): snort_get_vpns_list() does not include OpenVPN CSO
Tested on 22.05
OpenVPN CSO subnet/IP were successfully added as VPN Addresses into Snort Pass List
I marked th... Azamat Khakimyanov
04:16 AM pfSense Packages Bug #11693 (Resolved): IPv6 static routing fails
Tested on 22.05
When I setup FRR static route 240d::/20 via DHCPv6 interface I got correct static route in frr.con... Azamat Khakimyanov

07/31/2022

09:06 PM Feature #13382 (Pull Request Review): Packet Capture GUI with granular control
Louis B wrote in #note-7:
> Sometimes, I would like to monitor what is happening on multiple vlans = interfaces at t... Marcos M
11:03 AM Feature #13382: Packet Capture GUI with granular control
Sometimes, I would like to monitor what is happening on multiple vlans = interfaces at the same time. So I would be g... Louis B
02:35 PM pfSense Docs Todo #12461: Improve macOS Serial Command Instructions
Thoughts: @ls -l /dev/cu.*@ will specifically show all available cu devices regardless of driver, which is what we ar... Chris Linstruth
02:15 PM pfSense Docs Todo #12461: Improve macOS Serial Command Instructions
Jim Pingle wrote in #note-5:
> Updated in pfSense docs as well: https://gitlab.netgate.com/docs/pfSense-docs/-/commit... Ryan Coleman
11:21 AM pfSense Packages Bug #11681 (Resolved): FRR generates invalid BFD configuration after removing interfaces
Tested on 22.05
I wasn't able to reproduce this issue. After deleting interface which were chosen for BFD peer, I ... Azamat Khakimyanov
09:49 AM Bug #13386: service is work: MRT_DEL_MFC; Errno(49): Can't assign requested address
Version 2.6.0-RELEASE (amd64)
built on Mon Jan 31 19:57:53 UTC 2022
FreeBSD 12.3-STABLE
igmpproxy-0.3,1 Torstein Eide
09:45 AM Bug #13386 (New): service is work: MRT_DEL_MFC; Errno(49): Can't assign requested address
The service looks to be unable to work properly.
@
Jul 31 15:17:37 igmpproxy 80356 MRT_DEL_MFC; Errno(49): Can'... Torstein Eide

07/30/2022

09:38 PM pfSense Packages Bug #13368: IPsec Profile Wizard/Windows: Cannot generate a script for IKEv2 VPN using GCM ciphers when mobile P2 has no hash algorithms selected
I tried to recreate this and got a different error message with the same Phase 1 settings:
Phase 1 Hash Algorithm ... Kris Phillips
09:20 PM pfSense Packages Bug #13380: OpenVPN client options cause "Options error: --proto tcp is ambiguous in this context. Please specify --proto tcp-server or --proto tcp-client"
Can confirm the OpenVPN Export Utility does not specify tcp-client in it's config for clients to use, but instead def... Kris Phillips
07:12 PM Bug #7096: Unbound fails to start on boot if specific network devices are configured in the "Network Interfaces"
unbound starts as expected with only two WAN connections set for outgoing network interfaces and only selected intern... Jordan G
06:53 PM pfSense Docs Correction #8852 (Feedback): Clarify purpose of "Client Identifier" in DHCP static mapping
Merge request liking to RFC for explanation:
https://gitlab.netgate.com/docs/pfSense-docs/-/merge_requests/47/ Chris W
05:27 PM pfSense Docs New Content #12883 (Feedback): Add note to DNS Resolver/Forwarder Host Overrides docs about client DNS bypassing the firewall (e.g. DoH)
Merge request:
https://gitlab.netgate.com/docs/pfSense-docs/-/merge_requests/46/ Chris W
02:47 PM Bug #12543 (Closed): Deleteing a Outbound NAT rule gave me an empty rule and displayed php error in UI.
Alhusein Zawi
12:58 PM pfSense Docs New Content #13385 (Resolved): Add notice "A remote gateway address of '0.0.0.0' or '::' is not compatible with VTI, use an FQDN instead"
https://docs.netgate.com/pfsense/en/latest/vpn/ipsec/configure-p1.html#ike-endpoint-configuration
Remote Gateway
... Danilo Zrenjanin
12:30 PM Feature #13377: Option to configure a custom value for the PHP memory limit
Got it and checked, working as expected. Lev Prokofev

07/29/2022

07:10 PM Feature #13382: Packet Capture GUI with granular control
It's now fixed. Since it's currently still a work in progress, please leave feedback on the MR page if you have acces... Marcos M
02:35 PM Feature #13382: Packet Capture GUI with granular control
Promiscuous mode is on by default, as compared to previously where it is off by default, and turning it off doesn't s... Christopher Cope
04:03 PM Regression #13381: Software VLAN tagging does not work on ``ixgbe(4)`` interfaces
It looks like this issue still happens in FreeBSD Head. Though unlike in pfSense (FreeBSD 12) we can see outbound tra... Steve Wheeler
03:51 PM Feature #13384 (Rejected): When Adding / Editing a Firewall Rule, the Interface option should default to the Interface from which you clicked on the Add/Edit link
As a system admin adding/editing a Firewall Rule
I want to Add/Edit a Firewall Rule specifically against the Inter... Michael Cropper
03:09 PM Feature #8173: dhcp6c - RAW Options
I have added a PR with the changes of the dhcp6 client : https://github.com/pfsense/FreeBSD-ports/pull/1181
Until th... Paul M
02:12 PM Feature #13377: Option to configure a custom value for the PHP memory limit
The change only applies to the PHP used directly by pfSense, as they are set with config.inc.
For testing you can us... Christopher Cope
01:56 AM Feature #13377: Option to configure a custom value for the PHP memory limit
Seems no changes,
Set 256M
!clipboard-202207290952-dkowf.png!
Reboot,
checked with
echo ini_get("memory_... Lev Prokofev
12:26 PM Bug #11830: Certificate validation with OCSP always fails in ``openvpn.tls-verify.php``
Konstantin Panchenko wrote in #note-12:
> I see the issue was closed by adding "-resp_text" option, however without ... Marcos M
11:55 AM Bug #13378 (Not a Bug): Captive portal - Uncaught Error: Call to undefined function pfSense_pf_cp_get_eth_pipes() in /etc/inc/captiveportal.inc:1660
That seems to be a failed upgrade - try reinstalling. If you are able to reproduce it reliably, feel free to provide ... Marcos M
10:28 AM Regression #13162: Upgrade does not work when using only IPv6 DNS servers
A couple of observations on this change, and the function in general. Firstly, there's a $nameservers variable being ... Jonathan Snell
09:27 AM Bug #13383: Certificates cannot be created via csr in the Certificate Manager
Sorry, 2.6 of course. Not 2.6.2 :-)
Seems src/usr/local/www/system_certmanager.php is also affected. B P
09:24 AM Bug #13383 (Rejected): Certificates cannot be created via csr in the Certificate Manager
Certificates cannot be created via csr in the Certificate Manager since version 2.6.2. The introduced regex seems to ... B P
05:49 AM pfSense Packages Regression #13002 (Resolved): BIND 9.16_13 could not find existing DNSSEC keys at /cf/named/etc/namedb/keys due to directory change
Tested:... Danilo Zrenjanin
04:39 AM pfSense Packages Bug #12869 (Resolved): Bind DNS Package AAAA filtering Broken on new ZFS Installs
Tested:... Danilo Zrenjanin
04:10 AM pfSense Plus Bug #13358 (Pull Request Review): Traffic to OpenVPN DCO RA clients above the first available tunnel IP address is incorrectly routed
https://gitlab.netgate.com/pfSense/FreeBSD-src/-/merge_requests/102
The issue here is that one of the assumptions ... Kristof Provost

07/28/2022

06:32 PM Feature #13382: Packet Capture GUI with granular control
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/838 Marcos M
06:03 PM Feature #13382 (In Progress): Packet Capture GUI with granular control
Marcos M
06:00 PM Feature #13382 (Resolved): Packet Capture GUI with granular control
This is a complete re-write of the Packet Capture page.
Changes:
- Saved filename now includes the interface and ... Marcos M
06:03 PM Feature #13094 (In Progress): Allow packet capture filtering in tagged packets
I'm closing this in favor of a new Packet Capture page; see #13382
For reference, the old patch is below:... Marcos M
06:01 PM Feature #13322 (In Progress): Define Packet Capture Protocol
See #13382 Marcos M
03:54 PM Regression #13381 (Resolved): Software VLAN tagging does not work on ``ixgbe(4)`` interfaces
VLAN tagged traffic fails on an ix NIC if hardware vlan tagging is disabled.
For example:... Steve Wheeler
03:17 PM Bug #13379 (Duplicate): OpenVPN RADIUS wrong NAS IP
Marcos M
07:10 AM Bug #13379: OpenVPN RADIUS wrong NAS IP
Fix is actually already done: https://github.com/pfsense/pfsense/commit/d7be34a7d766b06e13272a5b1904dba9f532e4cc
Cha... Candera Austria
05:02 AM Bug #13379 (Duplicate): OpenVPN RADIUS wrong NAS IP
When connecting a OpenVPN by using RADIUS as Backend for Authentication the NAS-IP-Address is always the IP address o... Candera Austria
02:58 PM Feature #13377 (Pull Request Review): Option to configure a custom value for the PHP memory limit
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/837 Christopher Cope
05:29 AM pfSense Packages Bug #13380 (Not a Bug): OpenVPN client options cause "Options error: --proto tcp is ambiguous in this context. Please specify --proto tcp-server or --proto tcp-client"
Find that if the OpenVPN client has the "TCP" option of the remote (--remote host [port] [proto])
Example
@rem... Lev Prokofev

07/27/2022

03:38 PM Bug #9296: Alias content is sometimes incomplete when an alias contains both FQDN and IP address entries
Bob, thank you for your detailed report. Can you confirm for me that all of the entries in the hosted list are IPs, a... Reid Linnemann
03:22 PM pfSense Plus Bug #13358 (Confirmed): Traffic to OpenVPN DCO RA clients above the first available tunnel IP address is incorrectly routed
Steve Wheeler
01:10 PM pfSense Plus Bug #13358: Traffic to OpenVPN DCO RA clients above the first available tunnel IP address is incorrectly routed
... Steve Wheeler
12:42 PM pfSense Plus Bug #13358: Traffic to OpenVPN DCO RA clients above the first available tunnel IP address is incorrectly routed
Nothing special is required to recreate this beyond enabling DCO:
Install 22.09 clean. Tested: 22.09.a.20220725.06... Steve Wheeler
02:06 PM Bug #13378 (Not a Bug): Captive portal - Uncaught Error: Call to undefined function pfSense_pf_cp_get_eth_pipes() in /etc/inc/captiveportal.inc:1660

GOT these errors after pfsense update 22.05
I hope you can help me with these issue.
PHP Errors:
[27-Jul-2... kin andre patingo
11:38 AM Feature #13377 (Resolved): Option to configure a custom value for the PHP memory limit
There are several cases where the default memory limit used for PHP is being hit and where the system has plenty of e... Christopher Cope
08:28 AM Feature #3652: OpenVPN - Dynamic IPv6 Tunnel Network
I can only confirm this, would be really helpful for people who are on IPV6 only and do not have a static prefix assi... Arne M
05:04 AM Bug #13325: System Information widget breaks with multiple instances
I didn't mention that I performed my tests on Firefox on MacOS.
I performed additional testing on Chrome and Safar... Danilo Zrenjanin

07/26/2022

04:13 PM pfSense Packages Bug #12475 (New): OpenVPN Client Export does not show certificate without private key
I'm reopening this. The comments above about the $settings and $cert variable are correct. A symptom of this is that ... Marcos M
10:31 AM Bug #9296: Alias content is sometimes incomplete when an alias contains both FQDN and IP address entries
UPDATE: Tinkering some more this morning. Found out that if I make a new alias URL table, point it to a new URL list ... Bob Smith
02:46 AM Bug #9296: Alias content is sometimes incomplete when an alias contains both FQDN and IP address entries
Had to create an account just to leave a note regarding this issue
We host a text file at *https://www.mydomainur... Bob Smith
04:03 AM pfSense Packages Regression #12160 (Resolved): An invalid configuration is generated when choosing TLS as the default protocol
Tested on 22.05 and on 22.09-DEV
There was no problem using TLS as a default protocol for syslog-ng. I was able su... Azamat Khakimyanov
01:42 AM Revision 2884bd1f: Add two missing '\n' to pkg.conf.
This file is quickly overwritten by the (correct) version written by
pfSense-upgrade, this makes this failure hard to... Luiz Souza

07/25/2022

08:20 AM Regression #13167: DigitalOcean Dynamic DNS update fails with a "bad request" error
Same here. Issue has arisen across two domains served on DigitalOcean on 22.05
Having to use Google custom setup for... Mark Lynch
06:54 AM pfSense Packages Bug #12114 (Resolved): syslog-ng only binds to the last specified interface
I can't reproduce this issue on 22.05 and on 22.09-DEV.
After choose several interfaces for Syslog-ng, in 'netstat... Azamat Khakimyanov
01:33 AM pfSense Packages Bug #13098 (Resolved): HAProxy Virtual IP broken link under Frontend setup
I was able to reproduce this issue on 21.05_2 (HAproxy 0.61_3) but since then on 22.01/22.05 and on 22.09-DEV "Virtua... Azamat Khakimyanov

07/24/2022

05:18 PM pfSense Packages Bug #13360: Not All AS Prefixes are returned by WHOIS
Danilo Zrenjanin wrote in #note-3:
> I recommend trying with the pfBlockerNG-devel. Here is the list I got on the de... Alex Knop

07/23/2022

10:14 PM Bug #13325: System Information widget breaks with multiple instances
Danilo Zrenjanin wrote in #note-3:
> Following Larry's instructions, I recreated the issue on the 22.05 clean instal... Larry Bernardo
09:57 PM Bug #13325: System Information widget breaks with multiple instances
You will need to split your two System Information Widgets.
1st Column = top half (From name down to MDS Mitigatio... Larry Bernardo
05:47 PM Bug #13325: System Information widget breaks with multiple instances
Nope. Not a Chrome browser thing. Unless I'm missing something on the steps to reproduce this, I can't recreate it ... Kris Phillips
05:44 PM Bug #13325: System Information widget breaks with multiple instances
I probably should have mentioned in my previous reply that I tested this. I've edited the original comment.
I d... Kris Phillips
07:22 PM pfSense Packages Bug #12706: pfBlockerNG and unbound does not work after switching /var to RAM disk
unable to recreate in the current dev build 22.09.a.20220722.0600 Jordan G
06:55 PM Bug #13376 (Rejected): Firewall ruleset fails to populate interface subnets/addresses if the internal interface names have been changed
For example if I create a config and use the internal interface name 'lan1' instead of the default 'opt1':... Steve Wheeler
05:31 PM pfSense Packages Feature #13361: Add Zabbix 6.2 (agent and proxy) packages
This is present in FreshPorts.
https://www.freshports.org/net-mgmt/zabbix62-agent/ Kris Phillips
05:29 PM Bug #13364: Using the copy (not clone) function on firewall rules unintentionally converts interface ``address`` to interface ``net``
Tested this and confirmed an issue on 22.05. Tested just using the copy button in the actual rule and this does not ... Kris Phillips
05:27 PM Bug #13375: Mixing VTI and disabled Tunnel Mode phase 2 entries on the same phase 1 breaks VTI gateway monitoring

It could be better to add restriction when creating VTI to delete tunnel mode Phase 2 entries. Alhusein Zawi
02:23 PM Bug #13375 (New): Mixing VTI and disabled Tunnel Mode phase 2 entries on the same phase 1 breaks VTI gateway monitoring
If a user disables all of their tunnel mode Phase 2 entries to migrate to VTI, rather than deleting them, the VTI gat... Kris Phillips
05:23 PM Bug #13374: UI: status_logs_filter.php -- after resolution hides last column without being able to view it.
The data isn't cut off. There is a scroll bar at the bottom of the page that allows for scrolling to the right to se... Kris Phillips
04:03 AM Bug #13374 (New): UI: status_logs_filter.php -- after resolution hides last column without being able to view it.
If both the source and destination column are long enough the last column of the data is hidden and cannot be viewed.... Aram Mirzadeh
04:58 PM pfSense Docs Correction #9685 (Closed): Processing order of ``match`` action for Floating Rules is ambiguous
Hello,
Apologies for just getting you a response here, but I've been going through backlog and wanted to add some ... Chris W
04:54 PM pfSense Docs New Content #11071 (Feedback): Add documentation for missing configuration items on IPv6 Router Advertisements
Chris W
03:12 PM pfSense Docs New Content #11071: Add documentation for missing configuration items on IPv6 Router Advertisements
MR with Marcos's addition:
https://gitlab.netgate.com/docs/pfSense-docs/-/merge_requests/45 Chris W
01:12 PM Bug #13344: Vlan loses parent interface when changing LAGG mtu to jumbo frames

it appears with 22.05 too.
to workaround :
re-save the Lagg interface *Interfaces>LAGGs*
after resaving:
... Alhusein Zawi
12:07 PM pfSense Plus Regression #13355: OpenVPN crashes after reaching the configured concurrent connection limit
Lev Prokofev wrote in #note-4:
> Have the same behavior after diff applying on 22.05
The fix is applied when the ... Marcos M
03:37 AM pfSense Plus Regression #13355: OpenVPN crashes after reaching the configured concurrent connection limit
Have the same behavior after diff applying on 22.05
OpenVPN logs:... Lev Prokofev

07/22/2022

04:00 PM Bug #12754: Google Domains Dynamic DNS responses are not parsed properly
FWIW, this fix didn't work for me (CE running 2.6).
Instead, I had to use the recommendation at https://forum.netg... Alex Neihaus
03:06 PM pfSense Docs Todo #12461: Improve macOS Serial Command Instructions
Updated in pfSense docs as well: https://gitlab.netgate.com/docs/pfSense-docs/-/commit/a1870dd5368f3232712f0cc9564b54... Jim Pingle
02:10 PM pfSense Docs Todo #13369: Standardize mentions of macOS
TNSR platform docs are done: https://gitlab.netgate.com/docs/tnsr-platforms/-/commit/52e7909fb64ea2f2ba2994dd4df3e70a... Jim Pingle
01:15 PM Feature #11266 (Pull Request Review): Option to list AutoConfigBackup entries in "reverse" order (newest at top)
Jim Pingle
12:46 PM Feature #11266: Option to list AutoConfigBackup entries in "reverse" order (newest at top)
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/836 Christopher Cope
08:18 AM Bug #13325: System Information widget breaks with multiple instances
Following Larry's instructions, I recreated the issue on the 22.05 clean install. The second widget blinks, as explai... Danilo Zrenjanin
07:44 AM pfSense Packages Bug #13360: Not All AS Prefixes are returned by WHOIS
I recommend trying with the pfBlockerNG-devel. Here is the list I got on the devel version:... Danilo Zrenjanin
07:18 AM Regression #13373: IPsec rejects certificates if any SAN is wildcard rather than rejecting when **all** SANs are wildcard
That should be possible to address. Considering that the other SANs _do_ work, We probably should not fail a certific... Jim Pingle
06:43 AM Regression #13373: IPsec rejects certificates if any SAN is wildcard rather than rejecting when **all** SANs are wildcard
Hello Andrew -
SAN certificate without wildcard entries should work with no issues.
Please check https://wiki.s... Danilo Zrenjanin
05:51 AM pfSense Packages Bug #13034 (Resolved): Zabbix6 Agent and Proxy fail to set the PSK from the web GUI in its conf files
Tested:... Danilo Zrenjanin
02:14 AM Bug #13272 (Resolved): Voucher CSV output has leading space before voucher code
Tested:... Danilo Zrenjanin

07/21/2022

05:57 PM pfSense Packages Feature #13370: Wireguard Dashboard status
Ideally, it would be nice to see which Peers are connected, similar to the status of the OpenVPN widget.
This is a s... Gil Gil
04:24 PM pfSense Plus Regression #13365 (Closed): ZFS widget no longer displays information
Thanks for the feedback. Christian McDonald
03:59 PM pfSense Plus Regression #13365: ZFS widget no longer displays information
The widget is working again for me using @22.09.a.20220721.0600@ Glenn Hall
04:07 PM Regression #13373 (Resolved): IPsec rejects certificates if any SAN is wildcard rather than rejecting when **all** SANs are wildcard
The patch used in https://redmine.pfsense.org/issues/11297 causes any certificate with a wildcard SAN from being used... Andrew Stuart
03:17 PM pfSense Docs Todo #13369 (In Progress): Standardize mentions of macOS
pfSense Platform docs are done: https://gitlab.netgate.com/docs/pfsense-platforms/-/commit/23b92e18e50dc72de4b7479daf... Jim Pingle
11:55 AM Bug #13372 (Not a Bug): Can't upgrade from 2.6 to Plus
That's likely a temporary failure in the authentication process. TAC can help you get around that, but it's not a bug... Jim Pingle
11:50 AM Bug #13372 (Not a Bug): Can't upgrade from 2.6 to Plus
[2.6.0-RELEASE][admin@pfSense.home.arpa]/root: pfSense-upgrade -d -c
>>> Updating repositories metadata...
Updating... Jeff Petovello
07:59 AM Bug #13289 (Resolved): Attempting to restore a 0 byte ``config.xml`` prints an error that the file cannot be read
Tested:... Danilo Zrenjanin
07:20 AM Feature #7688 (Rejected): AutoConfigBackup - Info Icon - username only
ACB doesn't use logins anymore so this is moot. Jim Pingle
07:19 AM Bug #7757 (Not a Bug): Auto Config Backup fails to upload unless Default Gateway is up
This isn't an ACB issue. This can be resolved by configuring the default gateway to be a failover group which matches... Jim Pingle
07:16 AM Feature #13371 (Duplicate): ACB multiple save point removal
Duplicate of #12553 Jim Pingle
07:02 AM Regression #13356 (Resolved): RADIUS authentication attempts no longer send RADIUS NAS IP attribute
Tested:... Danilo Zrenjanin

07/20/2022

09:53 PM Feature #13371 (Duplicate): ACB multiple save point removal
Currently under Services>Auto Configuration Backup>Restore there is no ability to select (remove) more than one hoste... Jordan G
09:09 PM pfSense Packages Feature #13370: Wireguard Dashboard status
What detail specifically? Marcos M
08:31 PM pfSense Packages Feature #13370 (New): Wireguard Dashboard status
It would be nice if the WireGuard widget would give a little more detail on the Dashboard. Gil Gil
01:33 PM Bug #13280 (Confirmed): Entries for ``net.link.ifqmaxlen`` duplicated in ``/boot/loader.conf``
Yes, it should have a target. It definitely needs addressed and should be possible to patch between releases if neede... Jim Pingle
01:18 PM Bug #13280: Entries for ``net.link.ifqmaxlen`` duplicated in ``/boot/loader.conf``
I know this is probably a low priority bug since pfSense does not need to be rebooted frequently, but shouldn't this ... Joe Mott
12:28 PM pfSense Docs Todo #13369 (Resolved): Standardize mentions of macOS
As of 2016 and macOS 10.12 Apple has standardized on macOS instead of the former OS X. We should update mentions of M... Jim Pingle
11:56 AM Bug #13366: Under or over size state tables cause pfctl error ``DIOCSETSYNCOOKIES``
Jim Pingle wrote in #note-1:
> What was the limit before it was lowered?
>
> How much RAM did they have?
>
> I... Christopher Cope
11:20 AM pfSense Packages Bug #13368 (Resolved): IPsec Profile Wizard/Windows: Cannot generate a script for IKEv2 VPN using GCM ciphers when mobile P2 has no hash algorithms selected
The following P1 cipher suite is supported by Windows natively, yet the wizard prevents it:
AES256-GCM | 128 bits ... Marcos M
11:05 AM Bug #7329 (Closed): DHCP Not Updating DNS
Given the affected version here is 2.3.3, I'm going to close this out. If anyone can reproduce this on 2.6/2.7, feel ... Marcos M
09:49 AM Bug #7329: DHCP Not Updating DNS
pfSense version is Community Edition 2.6.0-Release with DNS Resolver enabled. Garry Page
09:45 AM Bug #7329: DHCP Not Updating DNS
Related, may be...
Windows 10 PC has DHCP enabled, IP address: 10.0.0.164 (preferred), Default Gateway: 10.0.0.1, DH... Garry Page
09:50 AM pfSense Docs Todo #12461 (Feedback): Improve macOS Serial Command Instructions
This should take it the rest of the way, given that it appears all recent (~10 year old and newer) Macs running a cur... Jim Pingle
 

Also available in: Atom