Project

General

Profile

Activity

From 08/16/2022 to 09/14/2022

09/14/2022

10:09 AM Bug #13080 (Feedback): Cannot set EFI console as primary console when using both EFI and Serial
Merged.
commit:067f3650ae64e85b74d6577ac0c511a373600e89 Jim Pingle
08:27 AM Bug #13080 (In Progress): Cannot set EFI console as primary console when using both EFI and Serial
Looks like this keys off the presence of @boot_serial@ in the environment now and not just the order of consoles in t... Jim Pingle

09/13/2022

04:26 PM Bug #13493 (Resolved): Several advanced DHCP6 client options do not inform the user when rejecting invalid input
When entering "F" for example ad id-assoc pd ID in the interfaces Tab and saving it magically disappears without any ... Flole Systems
04:24 PM Todo #13492 (Resolved): Start ``rtsold`` immediately after ``dhcp6c`` sends a request
I suggest to remove the 2 second sleep before the rtsold is started after a request in the "don't wait for RA"-codepa... Flole Systems
01:19 PM Todo #13440 (Resolved): Update external HTTPS/HTTP links
Merged. Marcos M
01:16 PM Bug #13393: DNS Resolver responds with unexpected source address when the DNS over TLS server function is enabled
The changelog here indicates it's been fixed:
https://nlnetlabs.nl/projects/unbound/download/
> Fix @#618@: enabling ... Marcos M
10:56 AM pfSense Plus Regression #13491 (Resolved): Crypto devices are not detected on current snapshots because the format of pciconf has changed
The crypto device detection on the dashboard relies on the output of @pciconf@ to determine if a device is active. Th... Jim Pingle
08:14 AM Regression #13488: All Captive Portal users are given the same limiter pipe pair
This actually affects all users with or without bandwidth limiting set. When there is no limit set all user are passe... Steve Wheeler
07:10 AM Regression #13490 (Incomplete): blocking mac addresses in captive portal
There isn't enough information here to say anything for certain, and this site is not for support or diagnostic discu... Jim Pingle
06:59 AM Regression #13490 (Duplicate): blocking mac addresses in captive portal
Hello
Since update 22.05, blocking mac addresses in captive portal no longer works. Is this related to this bug?: ht... DI Brendi

09/12/2022

06:52 PM pfSense Packages Bug #13489 (Resolved): Tailscale Exit node without IPv6 connectivity break connections with Chromium based browser
https://github.com/tailscale/tailscale/issues/5425
Recently all IPV6 enabled websites can't be reached by Tailscal... Maxime Haché
06:23 PM Regression #13488 (Resolved): All Captive Portal users are given the same limiter pipe pair
When the captive portal is configured to use a per-user bandwidth limit individual pipes are supposed to be created f... Steve Wheeler
02:46 PM Bug #13257 (In Progress): Exporting a PKCS#12 file from the certificate manager does not use the intended encryption algorithm
Jim Pingle
01:14 PM Bug #13487 (New): GUI IPV6-WAN-status stays "Offline, Packetloss" after a short communication hick up
After what is probably a short communication hick up, the GUI IPV6-WAN-status stays "Offline, Packetloss"
I notic... Louis B
09:45 AM pfSense Packages Bug #13485: Interfaces are not listed correctly in pfBlockerNG-devel when selecting the cURL interface
To elaborate a bit further: The current version only lists physical interfaces and their "friendly" names. LAGG and V... Charles Hamilton
09:31 AM pfSense Packages Bug #13485: Interfaces are not listed correctly in pfBlockerNG-devel when selecting the cURL interface
PR submitted: https://github.com/pfsense/FreeBSD-ports/pull/1188 Charles Hamilton
09:18 AM pfSense Packages Bug #13485 (Resolved): Interfaces are not listed correctly in pfBlockerNG-devel when selecting the cURL interface
Interfaces are not listed correctly in pfBlockerNG-devel when selecting the cURL interface (see attached screenshots)... Charles Hamilton
09:30 AM Bug #13486 (New): stongswan attributes should be comma-separated instead of whitespace-separated
The strongswan docs mention that attribute lists need to be "specified as a comma-separated list": https://docs.stron... Andreas W
07:56 AM Bug #13177: pppoe Cannot attach to ng_ether message: Invalid argument.
No, you should complete the upgrade. There are several threads on the forum covering the issue already. Jim Pingle
05:09 AM Bug #13177: pppoe Cannot attach to ng_ether message: Invalid argument.
Jim Pingle wrote in #note-4:
> This is not a problem on its own. It's a side effect of mpd not being updated because... Yehuda Y
07:46 AM Bug #13483: dhcp6c shouldn't be killed and restarted on interface reconfigurations
It's something we can consider, but a change like this could have other fallout that might need to be accounted for, ... Jim Pingle
07:44 AM Bug #13482 (Not a Bug): Can't change interface assignments from web GUI, but can from console
Jim Pingle
07:43 AM Bug #13481 (Not a Bug): Traffic Graphs Unit Size changes if tab becomes inactive
Jim Pingle
07:39 AM pfSense Packages Bug #12073 (New): ``netsnmptrapd.conf`` syntax for ``snmpTrapdAddr`` is wrong
Jim Pingle
07:21 AM Bug #13393 (In Progress): DNS Resolver responds with unexpected source address when the DNS over TLS server function is enabled
I thought I reopened this but apparently not. Based on my last comment, this needs some more testing and confirmation... Jim Pingle

09/11/2022

10:52 PM pfSense Packages Feature #13484 (New): IPsec Profile Wizard/Apple: Support on-demand connections in exported profile
Connect on demand is super helpful, and is pretty easy to add by hand to a profile, but would be even better to have ... Rex Hoffman
04:00 PM pfSense Packages Regression #13156: pfBlockerNG IP block stats do not work
Additional fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/276
This resolves the IP block sta... Marcos M

09/10/2022

08:34 PM pfSense Docs New Content #12237: Add information on ``ifqmaxlen`` to Hardware Tuning and Troubleshooting
It looks like "this":https://calomel.org/freebsd_network_tuning.html is the source of the 2048 figure given in #10311... Chris W
06:39 PM Bug #13483 (New): dhcp6c shouldn't be killed and restarted on interface reconfigurations
When changing the configuration of an interface currently dhcp6c is killed and restarted. That comes with all kinds o... Flole Systems
04:38 PM Bug #13482: Can't change interface assignments from web GUI, but can from console

I was not able to reproduce this issue , make sure this port is not assigned to other interface Alhusein Zawi
08:43 AM Bug #13482 (Not a Bug): Can't change interface assignments from web GUI, but can from console
Hi! I have an 4 port intel nic, wan on one port, and lan with four vlans on other port. the other two ports aren't us... Federico Galli
04:32 PM Feature #10345 (Resolved): Improve distinction between online and idle/offline entries in DHCP lease list

the green color has been added
2.7.0-DEVELOPMENT (amd64)
built on Fri Sep 09 06:04:09 UTC 2022
FreeBSD 14.0-C... Alhusein Zawi
12:13 PM pfSense Packages Bug #10393 (Resolved): Syslog-ng TLS support is broken
Tested against Syslog-ng... Danilo Zrenjanin
10:53 AM pfSense Docs Todo #13456: Feedback on pfSense® software Configuration Recipes — Configuring DNS over TLS
For 1) It's true that if any of one's local clients MUST talk to the DNS Resolver using DoT then one MUST enable this... Sean McBride
06:06 AM pfSense Packages Bug #12264 (Resolved): Stray <table> line in squid_monitor.php
That line doesn't exist in the current Squid release squid_monitor.php.
I am marking this ticket resolved. Danilo Zrenjanin
05:56 AM Bug #13481 (Not a Bug): Traffic Graphs Unit Size changes if tab becomes inactive
Setting "Traffic Graphs" to "Unit Size" "Bits" and also setting "Backgroud updates" to "clear graphs when not visible... Oskar Stroka
05:15 AM pfSense Packages Bug #12073: ``netsnmptrapd.conf`` syntax for ``snmpTrapdAddr`` is wrong
tested on version:... Danilo Zrenjanin
05:09 AM Feature #1337: VLANs with different MAC address than parent interface
Using promiscuous mode might be desirable for some users. If Snort is used for example it puts the interfaces in prom... Flole Systems
04:48 AM Bug #13480 (New): GIFs are not automatically started when parent interface doesn't have an address at boot
If there are GIFs which use IPv6 and at boot the IPv6-DHCP fails those are shown as Down/"Pending" on the Dashboard. ... Flole Systems
04:39 AM Bug #13479 (Resolved): Input validation is checking RAM disk sizes when they are inactive
When you disable/don't enable the RAM-Disk feature and then set insane limits it complains:... Flole Systems
03:58 AM Feature #13478 (New): Add Route Table Flags table in the /diag_routes.php
It would be helpful to have a Routeing Table Flags explanation at the bottom of the screen.
https://docs.netgate.co... Danilo Zrenjanin
02:21 AM pfSense Packages Bug #12423 (Resolved): Dashboard shows "SQLite database missing, Force Reload DNSBL to recover!"
Yes, it's included in the 3.1.0_4 version. ... Danilo Zrenjanin
01:40 AM Regression #12816: Namecheap Dynamic DNS responses are not parsed properly
Working fine for me with the latest diff
!2022-09-10_09-36-54.png!
!2022-09-10_09-35-54.png!
 Lev Prokofev

09/09/2022

05:35 PM pfSense Docs Todo #13452 (Pull Request Review): Add a one line command for Windows Command Prompt to return an installer's SHA256 checksum
Chris W
05:34 PM pfSense Docs Todo #13456 (Pull Request Review): Feedback on pfSense® software Configuration Recipes — Configuring DNS over TLS
Chris W
05:32 PM pfSense Docs Todo #13456: Feedback on pfSense® software Configuration Recipes — Configuring DNS over TLS
https://gitlab.netgate.com/docs/pfSense-docs/-/merge_requests/53
Regarding the list points:
1) The word "must" ... Chris W
10:19 AM Regression #12816 (Feedback): Namecheap Dynamic DNS responses are not parsed properly
Fix merged Jim Pingle
10:15 AM Regression #12816 (In Progress): Namecheap Dynamic DNS responses are not parsed properly
This seems to have broken again in almost the exact same way, but the previous workaround no longer functions. The la... Jim Pingle
09:32 AM Bug #13475: Captive Portal per-user limiters malfunction
Georgiy Tyutyunnik wrote in #note-2:
> Correction: the problem is present with and without per-user bandwidth enable... Christopher Cope
04:07 AM Bug #13475: Captive Portal per-user limiters malfunction
Correction: the problem is present with and without per-user bandwidth enabled.
User can reliably reproduce this on ... Georgiy Tyutyunnik
09:28 AM Bug #13477 (Resolved): Captive Portal disconnecting a single user stops all traffic.
Steps to reproduce:
# Disconnect a user from Captive Portal in Status > Captive Portal
# Traffic for all users st... Christopher Cope
08:18 AM Bug #13476 (Not a Bug): External syslog receives tons of "send to syslog" messages
When you have syslog send all messages it does just that, sends all messages, and that includes messages from when cr... Jim Pingle
05:07 AM Bug #13476 (Not a Bug): External syslog receives tons of "send to syslog" messages
When forwarding messages to an external syslog system, I get tons of messages in that system telling that a message h... Louis B
03:46 AM Bug #13366: Under or over size state tables cause pfctl error ``DIOCSETSYNCOOKIES``
I've proposed this fix upstream to cope with a state limit of 1: https://reviews.freebsd.org/D36497
It also deals wi... Kristof Provost

09/08/2022

01:19 PM pfSense Docs New Content #13463 (Feedback): Define route map sequence number range
Added: https://gitlab.netgate.com/docs/pfSense-docs/-/commit/e8d52fb8c7fc3c95e4414376065a896f28b1ed67 Jim Pingle
11:53 AM Bug #13475: Captive Portal per-user limiters malfunction
user have created a forum thread on this issue:
https://forum.netgate.com/topic/174489/22-05-cp-clients-have-connect... Georgiy Tyutyunnik
11:52 AM Bug #13475 (Duplicate): Captive Portal per-user limiters malfunction
22.05 6100 with captive portal and enabled per-user bandwidth is experiencing traffic being shaped for the whole inte... Georgiy Tyutyunnik
11:51 AM Feature #855: Ability to selectively kill states on gateway recovery
Wanted to put more support for this feature. I have 11 netgate appliances deployed and enterprise support on a few, w... MICHAEL MAST

09/07/2022

10:40 AM pfSense Docs Todo #13452: Add a one line command for Windows Command Prompt to return an installer's SHA256 checksum
Changed from CMD to PS. Chris W
09:17 AM Bug #13366: Under or over size state tables cause pfctl error ``DIOCSETSYNCOOKIES``
Syncookie limits are configured as a percentage of the maximum number of states, so the error in DIOCSETSYNCOOKIES is... Kristof Provost
07:11 AM Bug #13471 (Feedback): APU1 hardware is not properly identified with current BIOS versions
Merged Jim Pingle

09/06/2022

07:45 PM pfSense Packages Feature #13474: Don't set ListenPort in wireguard
If you use it as a client only and want the port to be random/dynamic. Flole Systems
07:42 PM pfSense Packages Feature #13474: Don't set ListenPort in wireguard
What use case is there for not setting a listening port? Marcos M
07:08 PM pfSense Packages Feature #13474 (New): Don't set ListenPort in wireguard
Currently it is not possible to not set the ListenPort setting for wireguard. I suggest to use the special value 0 as... Flole Systems
06:22 PM Bug #13473 (Duplicate): No IPv6 address acquired after reboot/dhcp6c not starting
Upon boot I often see something like this:... Flole Systems
02:57 PM Bug #13257: Exporting a PKCS#12 file from the certificate manager does not use the intended encryption algorithm
This is not fixed on PHP 8.1, so option 2 seems to be the path forward here.
 Jim Pingle
02:56 PM Bug #13472 (Duplicate): Cert Manager and OpenVPN exporter use **obsolete** sig/algo combination
We're already aware, it's being tracked internally as #13257
Our code sets all of the correct parameters but they... Jim Pingle
02:43 PM Bug #13472 (Duplicate): Cert Manager and OpenVPN exporter use **obsolete** sig/algo combination
Hello.
It was identified today that the Cert Manager when exporting .p12 files containing private keys and cert ch... Thomas Ward
01:42 PM Feature #4154 (Resolved): Support for RADIUS authentication over IPv6
Tried it again after going over all the rules and such on both sides and it worked so it must have been in my setup.
... Jim Pingle
12:08 PM Feature #4154 (New): Support for RADIUS authentication over IPv6
The UI allows adding the IPv6 RADIUS server after that change but it does not appear to be working from PHP auth. No ... Jim Pingle
11:12 AM Bug #13471 (Resolved): APU1 hardware is not properly identified with current BIOS versions
PCEngines original APU devices (sold by Netgate as the APU2 and APU4) returned the value of smbios.system.product as ... Steve Wheeler
10:30 AM pfSense Packages Todo #13306: Update NUT to version 2.8.0 to match FreeBSD Packages
I've also removed an excess call to send_smtp_message that should have been removed when notify_all_remote was added. Denny Page
07:52 AM Feature #13470 (Rejected): Allow reservations within DHCP-range, to add DHCP-client to reserved from within DHCP-leases with pre-filled IP
Not possible. The underlying DHCP daemon does not support reservations. Static mappings express a preference, they do... Jim Pingle
03:08 AM Feature #13470 (Rejected): Allow reservations within DHCP-range, to add DHCP-client to reserved from within DHCP-leases with pre-filled IP
Hi,
It would be absolutely fantastic if one could do reservations of addresses that are within the DHCP-range. Ena... Jonas R
07:46 AM pfSense Packages Bug #13467: ACME: "Unable to find domain name" error when updating Namesilo
That fix will be picked up naturally the next time we update the acme.sh code from upstream.
 Jim Pingle
07:44 AM Bug #13466 (Not a Bug): dhcp server with static mapping and aditional pools with "mac allow" list , dont work as expected.
You're feeding the configuration conflicting information. If you add a MAC address to the "MAC Allow" list it doesn't... Jim Pingle
07:39 AM Bug #13465: Apple iOS Logins prevent when WAN is offline
And if this is talking about captive portal and not the GUI, that is a client problem and not something the firewall ... Jim Pingle
07:37 AM pfSense Packages Bug #11343 (Resolved): Invalid link to pfSense-pkg-bind changelog
Jim Pingle
07:36 AM pfSense Docs Correction #12861 (Resolved): pfSense hardware tuning guide references obsolete interface loader variable & buffer limits
Jim Pingle
07:36 AM Bug #13447 (Not a Bug): Double Nmap and NMap entries in Diagnostics menu
When the package is (un/re)installing it only matches its same exact menu string when checking if an old entry should... Jim Pingle
07:32 AM pfSense Docs Todo #13464 (Pull Request Review): Reorder bullet list for ESX/ESXi settings for HA clusters
Jim Pingle
07:27 AM Feature #10345 (Feedback): Improve distinction between online and idle/offline entries in DHCP lease list
Merged. Jim Pingle
02:56 AM pfSense Packages Feature #13469 (New): Feature/Package request: Wireguard Client/Peer config files export
Hi,
It would be absolutely awesome if one could generate/export wireguard peer config files, to hand out to client... Jonas R
02:25 AM pfSense Packages Regression #11738 (Resolved): SquidGuard 1.16.18_17 Not Filtering Blacklist No-Transparent Mode
Tested on 22.05 with SquidGuard 1.16.18_20
In No-Transparent Mode SquidGuard was successfully blocking FQDNs from ... Azamat Khakimyanov

09/05/2022

02:45 PM Feature #13468 (Duplicate): FW-rule-groups, would be very, very helpfull
Hello,
I have a significant number of vlans which all need small variants of the same ruleset. In the actual situa... Louis B
02:33 PM Regression #13459 (Ready To Test): Automatic ``reply-to`` bypass for traffic in the same subnet is no longer functioning in main builds
While I still think the best fix here would be to teach the PHP code to generate a corresponding pass rule for local ... Kristof Provost

09/04/2022

05:24 PM pfSense Packages Bug #13432: ups driver will not start
I also had the same issue after doing a fresh install (and restored config) Travis Erdmann
03:40 PM pfSense Packages Bug #13467 (Resolved): ACME: "Unable to find domain name" error when updating Namesilo
Issue is documented here:
https://github.com/acmesh-official/acme.sh/issues/4268
Issue text, copied here:
> Gett... Bryan Guscott
11:16 AM Bug #13465 (Not a Bug): Apple iOS Logins prevent when WAN is offline
The login may be delayed due to widgets which require internet connectivity such as the update check. If OCSP needs t... Marcos M
10:06 AM Bug #13465 (Not a Bug): Apple iOS Logins prevent when WAN is offline
When the pFSense router does not have a WAN connection, logins from Apple iOS WIFI devices do not complete and hang o... Juan Abonia
10:50 AM Bug #13466 (Not a Bug): dhcp server with static mapping and aditional pools with "mac allow" list , dont work as expected.
Hello !
Let me explain what occours.
When i set a static mapping, and set 2 or more pools and put a macaddr in ... Alex Werle Baule

09/03/2022

07:02 PM pfSense Packages Bug #13128: Zabbix Agent 6: HA Server Setup
Attaching screenshot Kris Phillips
07:01 PM pfSense Packages Bug #13128 (Confirmed): Zabbix Agent 6: HA Server Setup
I see the issue here. It appears that this feature for HA uses semi-colons for HA and uses Commas for multiple serve... Kris Phillips
06:55 PM pfSense Packages Bug #11343: Invalid link to pfSense-pkg-bind changelog
changelog link now points to - https://github.com/pfsense/FreeBSD-ports/commits/devel/dns/pfSense-pkg-bind
the page ... Jordan G
06:54 PM Bug #13014: Deadlock in Charon VICI interface
I've been having the same issue as everyone above so I wrote a script to restart the necessary services when the prob... David Vazquez
06:51 PM pfSense Packages Feature #12859 (Resolved): Add Zabbix 6.0 LTS (agent and proxy) packages
Closing as resolved. Kris Phillips
06:49 PM pfSense Packages Bug #13343 (Confirmed): HAproxy cookie protection syntax needs updated
Here is the error message in 2.0 of HAProxy:
_
The 'rspirep' directive is deprecated in favor of 'http-response repla... Kris Phillips
06:49 PM pfSense Docs Correction #12861: pfSense hardware tuning guide references obsolete interface loader variable & buffer limits
looks good Jordan G
06:29 PM pfSense Plus Bug #13206: SG-3100 LED GPIO hangs
Hello Daniel,
Is this issue still present for you on 22.05? Kris Phillips
06:26 PM pfSense Packages Bug #11530 (Incomplete): ntopng 4.2 needs to be updated to 4.3, Bug when accessing a host for details
Hello,
Due to lack of response here and the fact that the package was updated to 5.2 in the 22.05 pfSense Plus rep... Kris Phillips
05:23 PM Regression #12821: Intel e1000 driver (``em``, ``igb``) cannot pass packets tagged with VLAN ``0``
Hayden Hill wrote in #note-19:
> Hey! Any chance there is an update on this? Would love to stop using the custom dri... Kris Phillips
05:18 PM pfSense Packages Bug #13444 (Incomplete): zabbix_proxy : cannot open "/var/log/zabbix-proxy/zabbix_proxy.log": [13] Permission denied
Marking as Incomplete until additional details, per previous request, is provided. Kris Phillips
05:17 PM Bug #13447: Double Nmap and NMap entries in Diagnostics menu
Danilo Zrenjanin wrote in #note-3:
> >You mean just cut out the uppercase variant above?
>
> That's right. Delete... Kris Phillips
05:14 PM pfSense Packages Bug #13461: Prefix lists help text is not placed correctly
If we're going to change this, it'll have to be changed globally across the board, because this is how the layout is ... Kris Phillips
03:31 PM pfSense Docs Todo #13464: Reorder bullet list for ESX/ESXi settings for HA clusters
https://gitlab.netgate.com/docs/pfSense-docs/-/merge_requests/51/ Chris W
02:58 PM pfSense Docs Todo #13464 (Rejected): Reorder bullet list for ESX/ESXi settings for HA clusters
The bulleted list ends with enabling _Net.ReversePathFwdCheckPromisc_ , however enabling that after turning on Promis... Chris W
02:07 PM pfSense Packages Bug #13380 (Not a Bug): OpenVPN client options cause "Options error: --proto tcp is ambiguous in this context. Please specify --proto tcp-server or --proto tcp-client"
pfSense has no impact on the entries defined in the custom options. Custom options must be updated manually. Not a bug. Danilo Zrenjanin
02:03 PM pfSense Docs New Content #13463 (Closed): Define route map sequence number range
https://docs.netgate.com/pfsense/en/latest/packages/frr/global/routemaps.html#route-map-configuration
Having a not... Danilo Zrenjanin
03:16 AM pfSense Packages Bug #13441 (Confirmed): FRR fails to start with route map on "sequence 0" in configuration
Tested on the:... Danilo Zrenjanin

09/02/2022

07:52 PM Bug #13462: Advanced DHCP6 client settings only work for a single interface
This is basically the same as #13353, however you provided the solution aswell which I didn't want to.
Those changes... Flole Systems
01:41 PM Bug #13462 (Resolved): Advanced DHCP6 client settings only work for a single interface
In /etc/inc/interfaces.inc function interface_dhcpv6_configure... Tim Dunn
01:50 PM pfSense Plus Feature #12832: 6100 configurable Blinking Blue LED
shawn butts wrote:
> The blinking blue like for "normal operation status" feels like an "everything is ok ALARM!!!!"... Jeffrey Altman
11:09 AM Bug #13366: Under or over size state tables cause pfctl error ``DIOCSETSYNCOOKIES``
Updating the subject, I also saw this error when the states limit is set far too low (e.g. @1@), so it isn't only tri... Jim Pingle
07:58 AM Bug #13448: Table row selection has poor contrast in Dark theme
Lev Prokofev wrote in #note-4:
> The color changed to #009688
Indeed - thank you! (Also for the 855.diff ) odo maitre
07:32 AM Bug #13448: Table row selection has poor contrast in Dark theme
The color changed to #009688
Looks much better.
!clipboard-202209021532-v63um.png!
 Lev Prokofev
07:06 AM Bug #13448: Table row selection has poor contrast in Dark theme
Christopher Cope wrote in #note-1:
> https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/855
What was mer... odo maitre
07:40 AM pfSense Packages Bug #13461 (New): Prefix lists help text is not placed correctly
!clipboard-202209021438-1vffe.png!
Under 'Services/FRR/Global Settings/Edit/Prefix Lists,' the help text should ... Danilo Zrenjanin
02:51 AM Bug #13447: Double Nmap and NMap entries in Diagnostics menu
>You mean just cut out the uppercase variant above?
That's right. Delete everything between <menu>...</menu> tags ... Danilo Zrenjanin

09/01/2022

04:21 PM Regression #13460 (Closed): Panic with netgraph interfaces
Seeing this panic on a main snapshot that has PPP WANs:... Jim Pingle
02:58 PM Bug #13448 (Feedback): Table row selection has poor contrast in Dark theme
Merged. Christopher Cope
02:58 PM Feature #11266 (Feedback): Option to list AutoConfigBackup entries in "reverse" order (newest at top)
Merged. Christopher Cope
02:24 PM Regression #13459 (Resolved): Automatic ``reply-to`` bypass for traffic in the same subnet is no longer functioning in main builds
The patch we had to by-pass reply-to tagging for traffic sourced from the same subnet is not in main builds.
That ... Steve Wheeler
01:33 PM pfSense Packages Bug #13432: ups driver will not start
I cannot reproduce this after it started working. Even uninstalling and reinstalling the nut package does not seem t... Scott Lampert
11:59 AM Feature #4154 (Feedback): Support for RADIUS authentication over IPv6
https://gitlab.netgate.com/pfSense/pfSense/-/commit/5f9666a1b3a81f289c7c02954f9f92d3b989a346
RADIUS authentication... Christian McDonald
11:56 AM Bug #8711: igmpproxy with PPPoE Interfaces
Can you force this, please? Pascal Köhl
09:56 AM Bug #13458 (Duplicate): IGMP Proxy not working with PPPoE Upstream-Interface
Duplicate of #8711
 Jim Pingle
04:40 AM Bug #13458 (Duplicate): IGMP Proxy not working with PPPoE Upstream-Interface
Zugehörige Forums-Diskussion:
https://forum.netgate.com/topic/174329/pfsense-2-6-0-igmp-proxy-startet-nicht-bei-pppo... Pascal Köhl

08/31/2022

06:35 PM Regression #12821: Intel e1000 driver (``em``, ``igb``) cannot pass packets tagged with VLAN ``0``
Hey! Any chance there is an update on this? Would love to stop using the custom driver on the next release. Hayden Hill
06:19 PM Bug #13243 (Resolved): OpenVPN status for multi-user VPN shows info icon to display RADIUS rules when there are none to display
Merged. Marcos M
06:17 PM Bug #7996 (Resolved): Unnecessary link tag in login page
Merged. Marcos M
06:17 PM Feature #13367 (Resolved): Specify CA trust store location when downloading and validating URL alias content
Merged. Marcos M
06:16 PM Bug #13390 (Resolved): "Dark" theme uses the same colors for disabled and enabled input fields
Merged. Marcos M
06:16 PM pfSense Packages Todo #13349 (Resolved): Add note in WireGuard GUI regarding routing behavior for Allowed IPs
Merged. Should be available on the next version. Marcos M
04:31 PM Regression #13418 (Pull Request Review): Captive Portal does not keep track of client data usage
Additional fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/863
https://gitlab.netgate.com/pfSense/Fr... Marcos M
10:56 AM Regression #13418 (Feedback): Captive Portal does not keep track of client data usage
Merged Jim Pingle
10:11 AM Regression #13418 (Pull Request Review): Captive Portal does not keep track of client data usage
Additional fix https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/262 Marcos M
02:28 PM Bug #13457 (Rejected): statis routes disappears
There isn't nearly enough information here to classify this as a bug. This site is not for support or diagnostic disc... Jim Pingle
02:22 PM Bug #13457 (Rejected): statis routes disappears
intermittently the static routes disappear from PFsense, I can see them in the GUI, but when I use the command netsta... Caio Chagas

08/30/2022

10:33 PM pfSense Packages Feature #8547: fwknop Port Knocking Package
I'm adding my vote here as well, I'd like port knocking to be possible within pfSense either natively or as a separat... Geoff Hilton
06:58 PM pfSense Packages Bug #13154 (Pull Request Review): pfBlocker causing excessive CPU load
See fix here https://redmine.pfsense.org/issues/13156#note-18 Marcos M
06:57 PM pfSense Packages Regression #13156: pfBlockerNG IP block stats do not work
Here's the patch to test - use the System Patches package and copy/paste the contents of the attached file. Apply the... Marcos M
06:55 PM pfSense Packages Regression #13156 (Pull Request Review): pfBlockerNG IP block stats do not work
Fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/261
This also handles cases where a rule u... Marcos M
04:56 PM pfSense Packages Bug #10436: softflowd no longer sends flow data after upgrade (v0.9.9_1 -> v1.0.0)
If you set the Netflow version to PSAMP, it seems to work but I don't have a collector to analyze the data.
All other... Marcelo Cury
04:01 PM Regression #13381 (Waiting on Merge): Software VLAN tagging does not work on ``ixgbe(4)`` interfaces
This has now been committed upstream: https://github.com/freebsd/freebsd-src/commit/e7abb897018be34f039ad957562fdc2f3... Steve Wheeler
12:44 PM Bug #13448 (Pull Request Review): Table row selection has poor contrast in Dark theme
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/855 Christopher Cope
12:05 PM Bug #13454: Enabling DoT (DNS over TLS) breaks IPSec VPN DNS
Thanks Jim. We have it working now.
I created https://redmine.pfsense.org/issues/13456 with suggestions to improv... Sean McBride
12:04 PM pfSense Docs Todo #13456 (Closed): Feedback on pfSense® software Configuration Recipes — Configuring DNS over TLS
*Page:* https://docs.netgate.com/pfsense/en/latest/recipes/dns-over-tls.html
*Feedback:*
For the "Enable DNS ov... Sean McBride

08/29/2022

11:10 PM pfSense Plus Bug #13455: Serial console output fails to render properly in certain cases on 4100, 6100, and 8200.
OK I didn't think about this before, but I'm pretty sure the USB console had the username and password prompts on the... Chris Mirchandani
05:30 PM pfSense Plus Bug #13455: Serial console output fails to render properly in certain cases on 4100, 6100, and 8200.
The USB console is also not displayed correctly on the 6100/4100 though to a far lesser extent:... Steve Wheeler
05:12 PM pfSense Plus Bug #13455: Serial console output fails to render properly in certain cases on 4100, 6100, and 8200.
CE devices with RJ-45 serial consoles seem unaffected. Tested 2.7 snaps. Steve Wheeler
04:59 PM pfSense Plus Bug #13455 (Confirmed): Serial console output fails to render properly in certain cases on 4100, 6100, and 8200.
Ok, I replicated that using the RJ-45 console. And only with 'Password protect the console menu' enabled.
Tested 6... Steve Wheeler
04:02 PM pfSense Plus Bug #13455: Serial console output fails to render properly in certain cases on 4100, 6100, and 8200.
I didn't notice an issue when I was connected to the Serial Console via the USB connection on the 6100, just when con... Chris Mirchandani
03:44 PM pfSense Plus Bug #13455: Serial console output fails to render properly in certain cases on 4100, 6100, and 8200.
Unable to replicate that in 22.05 or 22.09 on a 6100 using pfSense as a console server in a similar way.
Do you se... Steve Wheeler
02:51 PM pfSense Plus Bug #13455 (Resolved): Serial console output fails to render properly in certain cases on 4100, 6100, and 8200.
Greetings,
I don't know if this issue is related to pfSense Plus 22.05 or the Netgate 6100. I have been running pf... Chris Mirchandani
07:16 PM Regression #13150: Captive Portal not applying per user bandwidths
There still seems to be an issue here when the bandwidth limit values come from RADIUS attributes e.g. @WISPr-Bandwid... Marcos M
02:18 PM pfSense Docs Todo #13452: Add a one line command for Windows Command Prompt to return an installer's SHA256 checksum
PowerShell is definitely the way to go for this. Any supported version of Windows is going to have that available. No... Jim Pingle
01:41 PM Bug #13447: Double Nmap and NMap entries in Diagnostics menu
>...Likely your config has two menu items...
I have backups for exported configs...
The one from 2022-05-04 has... Sean McBride
12:55 PM Regression #13418 (Feedback): Captive Portal does not keep track of client data usage
Merged Jim Pingle
12:53 PM pfSense Packages Feature #9852 (Resolved): show File-Store directory listing
Jim Pingle
10:48 AM Bug #13454 (Not a Bug): Enabling DoT (DNS over TLS) breaks IPSec VPN DNS
That is a problem with your configuration or combination of options chosen. It's not a bug, but there is a change in ... Jim Pingle
10:37 AM Bug #13454 (Not a Bug): Enabling DoT (DNS over TLS) breaks IPSec VPN DNS
Using pfsense plus 22.05 (current newest). Among other services, we run DNS and 'road warrior' IPSec VPN. Setup has w... Sean McBride
10:43 AM Bug #13453: Incorrect word in "Network Interfaces" help text on ``services_unbound.php``
Yes, that should say "above" there, or it could more generally say "not selected in this list" so it doesn't rely on ... Jim Pingle
10:16 AM Bug #13453 (Resolved): Incorrect word in "Network Interfaces" help text on ``services_unbound.php``
I hate to seem petty, but I was genuinely confused by instructions provided in the DNS Resolver's general settings.
... Lonnie Best
04:41 AM Bug #13449: Wrong logging if ICMP "Port unreachable"
Kris Phillips wrote in #note-1:
> Hello Johannes,
>
> Are you viewing the filter.log file, viewing syslog data, o... Johannes Wanink

08/28/2022

06:12 PM Regression #13418 (Pull Request Review): Captive Portal does not keep track of client data usage
Tested patch on 22.05 and reported issues are resolved.
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/850 Marcos M
06:02 PM Regression #13418 (Confirmed): Captive Portal does not keep track of client data usage
Updating issue for clarification. Marcos M
04:21 PM Regression #13418: Captive Portal does not keep track of client data usage
Please test the attached patch with the System Patches package on pfSense+ 22.05. Marcos M
12:58 PM Regression #13418: Captive Portal does not keep track of client data usage
I would also like to point out that this issue is not solely related to FreeRadius Accounting Packets but also affect... Dale Harron
05:19 PM pfSense Docs Todo #13452: Add a one line command for Windows Command Prompt to return an installer's SHA256 checksum
It'd be nice to have the PowerShell way listed as well, now that this shell is becoming essential in managing Windows... e 1/1
09:20 AM Regression #13167 (Closed): DigitalOcean Dynamic DNS update fails with a "bad request" error
Marcos M
05:16 AM Bug #13408 (Ready To Test): PF can fail to load a new ruleset
This will be fixed by https://cgit.freebsd.org/src/commit/?id=6ab80e7275091c900da8d2e84a7b0bb4c34a1e41
I've also mer... Kristof Provost
04:22 AM pfSense Packages Bug #12338: RRD Summary does not report data on 3100
Tested on 3100 with RRD Summary package version 2.0_2 on 22.05 pfSense release and I see the same issue aleksei prokofiev

08/27/2022

09:15 PM pfSense Packages Bug #13404 (Not a Bug): LDAP authentication does not working
Ettore Caprella wrote in #note-3:
> Hello,
> yes, I can't find the right options that allow me to configure ldap auth... Kris Phillips
08:54 PM pfSense Packages Bug #13432: ups driver will not start
Scott Lampert wrote in #note-3:
> It seems to be the same as this issue: https://redmine.pfsense.org/issues/9849
> ... Kris Phillips
08:53 PM pfSense Packages Bug #13444: zabbix_proxy : cannot open "/var/log/zabbix-proxy/zabbix_proxy.log": [13] Permission denied
Hello Steve,
Which version of the Zabbix package are you seeing this behavior? There are several. Kris Phillips
08:52 PM Bug #13447: Double Nmap and NMap entries in Diagnostics menu
Hello Sean,
I installed the NMap package and am unable to reproduce this issue. Likely your config has two menu i... Kris Phillips
08:49 PM Bug #13449: Wrong logging if ICMP "Port unreachable"
Hello Johannes,
Are you viewing the filter.log file, viewing syslog data, or something else here? I'm looking at ... Kris Phillips
08:43 PM Bug #13267: dpinger continues to run on OpenVPN gateway after OpenVPN service is stopped.
I can confirm this behavior. Running a pcap on the current default gateway will show traffic from the OpenVPN client... Kris Phillips
02:30 PM Bug #13267: dpinger continues to run on OpenVPN gateway after OpenVPN service is stopped.

Does it mean to stop openvpn service or disabling the openvpn client?
> # Stop the OpenVPN client
If I try ... Alhusein Zawi
06:31 PM pfSense Docs Todo #13452: Add a one line command for Windows Command Prompt to return an installer's SHA256 checksum
Merge request:
https://gitlab.netgate.com/docs/pfSense-docs/-/merge_requests/50 Chris W
06:30 PM pfSense Docs Todo #13452 (Closed): Add a one line command for Windows Command Prompt to return an installer's SHA256 checksum
Currently we link to the Github page of OpenHashTab, which of course is an .exe which must be downloaded and installe... Chris W
06:30 PM pfSense Packages Feature #9852: show File-Store directory listing
new 'Files' submenu available on Suricata 6.0.6 - looks good Jordan G
06:13 PM pfSense Packages Bug #12423: Dashboard shows "SQLite database missing, Force Reload DNSBL to recover!"
current version is 3.1.0_4 so it should be included - I have not hit this on that release, please update if you're st... Jordan G
05:56 PM pfSense Packages Bug #10692: PIMD starts twice at boot
still seeing this start 2x on 22.05 following reboot Jordan G
04:07 PM pfSense Packages Bug #12475: OpenVPN Client Export does not show certificate without private key
Denis Grilli wrote in #note-13:
> Could you tell in more detail what is your use scenario? From the error you are ge... Charles Sprickman
09:56 AM Bug #13308: The ``negate_networks`` table is duplicated in ``rules.debug``
Patch is working
Before
!clipboard-202208271755-qch1c.png!
After
!clipboard-202208271756-tznw4.png!
 Lev Prokofev
08:10 AM Regression #13167 (Resolved): DigitalOcean Dynamic DNS update fails with a "bad request" error
I can confirm it works as expected.
Tested against:... Danilo Zrenjanin
04:42 AM pfSense Packages Bug #13451 (New): Update the Default Router ID help text link under FRR Global Setting
The Wikipedia link directs to the OSPF Wiki page. Since this is the Global FRR settings page it has more sense to cha... Danilo Zrenjanin

08/26/2022

03:05 PM Bug #13424 (Resolved): CRL expiration date with default lifetime is too long, goes past UTCTime limit
Tested on... Christopher Cope
02:37 PM pfSense Docs New Content #11739 (Resolved): Manual Outbound NAT rules in HA setup
The updated content looks good.
Marking resolved. Christopher Cope
02:34 PM pfSense Packages Feature #12963: Run nmap scans in the background
Marcos M wrote in #note-26:
> I can't think of a privacy issue for either - both locations are readable by everyone.... Phil Wardt
08:50 AM Bug #13450: L2TP Clients system alias is not populated
Tested using l2tp config:... Steve Wheeler
08:48 AM Bug #13450 (New): L2TP Clients system alias is not populated
After creating an L2TP server and defining a 'Remote address range' for clients it should be possible to use that in ... Steve Wheeler
07:31 AM Feature #10345 (Pull Request Review): Improve distinction between online and idle/offline entries in DHCP lease list
Jim Pingle
06:28 AM Feature #10345: Improve distinction between online and idle/offline entries in DHCP lease list
PR opened on GitHub: https://github.com/pfsense/pfsense/pull/4612 Thomas Arthofer
05:46 AM Bug #13449 (New): Wrong logging if ICMP "Port unreachable"
It seems to me that there is a comma missing from these type of logs:
filterlog[82349]: 143,,,1611338923,vtnet2,ma... Johannes Wanink

08/25/2022

04:46 PM Bug #13448 (Resolved): Table row selection has poor contrast in Dark theme
In UI that uses a table, and requires selecting a row (like with pfBlockerNG under IP > IP Interface/Rules Configurat... Sean McBride
01:01 PM Feature #8867 (Confirmed): interfaces_vlan_edit.php does not display proper interface aliases
Re-opened this as a feature. It's not a bug, that's the expected behaviour, but there is no point displaying the inte... Steve Wheeler
12:59 PM Bug #13447 (Not a Bug): Double Nmap and NMap entries in Diagnostics menu
I'm not sure when it happened, possibly after updating from pfsense+ 22.01 to 22.05, but I now have two nmap items in... Sean McBride
12:27 PM Feature #13446: Upgrade PHP from 7.4 to 8.1
Commits already made that do not reference this issue:... Reid Linnemann
12:21 PM Feature #13446 (Closed): Upgrade PHP from 7.4 to 8.1
php 7.4 is EOL Nov. 28, 2022. We are migrating to php 8.1 as a result. Several changes will need to be made to accomp... Reid Linnemann
12:09 PM Bug #12902: DNS Forwarder creates a loop when "Use local DNS, ignore remote DNS servers" is selected
I'm afraid that this broke my use-case. I set the following custom options:
no-resolv
server=208.67.222.222
ser... Orion Poplawski
10:19 AM Bug #13445 (Resolved): ``easyrule`` CLI script has multiple bugs and undesirable behaviors
While updating docs I noticed a few minor issues in the ``easyrule`` CLI script/backend code that need addressing:
... Jim Pingle
08:05 AM pfSense Packages Bug #13444 (Incomplete): zabbix_proxy : cannot open "/var/log/zabbix-proxy/zabbix_proxy.log": [13] Permission denied
Hi
I frequently come across this issue when trying to investigate why a Zabbix agent isn't communicating successfu... Steve Scotter
07:33 AM Bug #13437 (Resolved): ECDSA certificate renewal causes digest algorithm to be reset to SHA1
Jim Pingle
01:00 AM Bug #13437: ECDSA certificate renewal causes digest algorithm to be reset to SHA1
Tested on
@22.05-RELEASE (amd64)
built on Wed Jun 22 18:56:13 UTC 2022
FreeBSD 12.3-STABLE@
After implementing... Lev Prokofev
07:27 AM pfSense Docs Correction #12861 (Feedback): pfSense hardware tuning guide references obsolete interface loader variable & buffer limits
Merged and deployed Jim Pingle

08/24/2022

03:10 PM pfSense Docs Todo #13020 (Feedback): Improve ``easyrule`` command documentation
Done:
https://gitlab.netgate.com/docs/pfSense-docs/-/commit/0d6712ef2372a761a7a000507e355f46b72b3940
https://gi... Jim Pingle
11:08 AM pfSense Docs Todo #13020 (In Progress): Improve ``easyrule`` command documentation
Jim Pingle
09:52 AM pfSense Docs Todo #12162 (Resolved): Add "usb reset" as possible solution for non-booting flash drives on the SG-1100
Jim Pingle
09:52 AM pfSense Docs Todo #13342 (Resolved): Correct BGP last-as description
Jim Pingle
09:51 AM pfSense Docs New Content #13211 (Resolved): OpenVPN DCO Documentation
Jim Pingle
09:51 AM pfSense Docs New Content #13205 (Resolved): ZFS Boot Environment documentation
Jim Pingle
09:50 AM pfSense Docs Todo #13229 (Resolved): Update documentation for IPFW to PF transition for Limiters and Captive Portal
Jim Pingle
09:49 AM pfSense Docs New Content #13223 (Resolved): Document new gateway state killing behavior
Jim Pingle
09:49 AM pfSense Docs Todo #12980 (Resolved): Add warnings against OpenVPN Shared Key mode
Jim Pingle
07:24 AM pfSense Docs Todo #13369 (Resolved): Standardize mentions of macOS
All the documentation is updated accordingly. It looks OK now.
I am marking this ticket resolved. Danilo Zrenjanin
04:44 AM pfSense Docs Correction #13428 (Resolved): Firewall rules clarification
It looks good.
I am marking this ticket resovled. Danilo Zrenjanin
04:17 AM pfSense Docs Todo #13442 (Resolved): Feedback on Virtual Private Networks — IPsec — Using IPsec with Multiple Subnets
It looks good now.
I am marking this ticket resolved. Danilo Zrenjanin
02:41 AM Regression #13418: Captive Portal does not keep track of client data usage
I've posted the same (?) conclusion in the forum : "FreeRadius and quotas, doesn't work since 22.05":https://forum.ne... Gertjan KROEB

08/23/2022

07:45 PM Bug #8151: Changing name on a gateway is not allowed
Excuse provided by Jim Pingle is unacceptable. If you can't figure it out, don't say it can't be done. Your failures ... C Tong
02:36 PM pfSense Docs New Content #11739 (Feedback): Manual Outbound NAT rules in HA setup
Added and deployed:
https://gitlab.netgate.com/docs/pfSense-docs/-/commit/4d938fbf916b32518177adcdd97d6eaee641a250... Jim Pingle
01:25 PM pfSense Docs Correction #11145 (Duplicate): Screenshots in "Virtualizing pfSense with Hyper-V" recipe are incorrect and outdated
I updated all the screenshots when updating the recipe for #9374, they are already live. Jim Pingle
01:24 PM pfSense Docs Correction #12400 (Feedback): NAT 1:1 documentation - multi-wan information
Updated to account for the items above, plus other recent changes to the page, including new screenshots.
https://... Jim Pingle
12:53 PM pfSense Docs New Content #9608 (Duplicate): Add note about disabling secure boot when configuring a Hyper-V Gen 2 VM
Addressed when I updated the doc for #9374, it's already live. Jim Pingle
10:55 AM pfSense Docs New Content #13311 (Resolved): Add troubleshooting tips for multiple disk boot issues
Looks good; good info! Marcos M
10:42 AM pfSense Docs New Content #13311 (Feedback): Add troubleshooting tips for multiple disk boot issues
Added:
https://gitlab.netgate.com/docs/pfSense-docs/-/commit/190b7a62950635bf62ab6975c902567fea2bd232
https://d... Jim Pingle
10:32 AM pfSense Docs New Content #13311: Add troubleshooting tips for multiple disk boot issues
We see these issues mostly on ZFS but they aren't necessarily exclusive to ZFS.
 Jim Pingle
10:09 AM Regression #13420: TCP traffic sourced from the firewall can only use the default gateway
I can reproduce the problem on a 22.09 snapshot, but not on a main-based image:... Kristof Provost
09:35 AM pfSense Docs Correction #13400 (Feedback): Feedback on Cellular Wireless — Known Working 3G-4G Modems
I added that as an alternative command. I see references to both for that same model around, so it may depend on the ... Jim Pingle
09:17 AM Regression #13443 (Not a Bug): OpenVPN Peer-to-peer w. PSK broken after upgrade to 2.6.0
There isn't enough information here or in the thread to support it being a bug. It works fine in general for others, ... Jim Pingle
09:16 AM Regression #13443 (Rejected): OpenVPN Peer-to-peer w. PSK broken after upgrade to 2.6.0
There's not enough information here to indicate there's a bug. Please continue to discuss this on the forum - increas... Marcos M
08:05 AM Regression #13443 (Not a Bug): OpenVPN Peer-to-peer w. PSK broken after upgrade to 2.6.0
After I upgraded both my PFsense boxes to 2.6.2 from 2.5.x my site-to-site OpenVPN connection does not work. Nothing ... Morten Pedersen
07:09 AM pfSense Docs Todo #13442 (Feedback): Feedback on Virtual Private Networks — IPsec — Using IPsec with Multiple Subnets
Fixed and deployed, will be live once the docs build in a few minutes.
Thanks!
https://gitlab.netgate.com/docs/... Jim Pingle
07:08 AM pfSense Docs Todo #13442 (In Progress): Feedback on Virtual Private Networks — IPsec — Using IPsec with Multiple Subnets
Jim Pingle
05:08 AM pfSense Docs Todo #13442 (Resolved): Feedback on Virtual Private Networks — IPsec — Using IPsec with Multiple Subnets
*Page:* https://docs.netgate.com/pfsense/en/latest/vpn/ipsec/multiple-subnets.html
*Feedback:*
Ciao,
the 3 netwo... Andrea Marcato
06:18 AM pfSense Packages Bug #12475: OpenVPN Client Export does not show certificate without private key
Charles Sprickman wrote in #note-12:
> Marcos M wrote in #note-11:
> > I'm reopening this. The comments above about... Denis Grilli

08/22/2022

09:00 PM pfSense Packages Bug #13441 (Confirmed): FRR fails to start with route map on "sequence 0" in configuration
Creating a route map in FRR global configuration and assigning a network to sequence 0 prevents FRR/BGP from loading
... Paighton Bisconer
08:13 PM pfSense Packages Bug #12475: OpenVPN Client Export does not show certificate without private key
Marcos M wrote in #note-11:
> I'm reopening this. The comments above about the $settings and $cert variable are corr... Charles Sprickman
04:31 PM pfSense Docs Todo #13419 (Resolved): Note FreeRADIUS request/response limitation
Marcos M
03:19 PM pfSense Docs Todo #13419: Note FreeRADIUS request/response limitation
Fixed: https://gitlab.netgate.com/docs/pfSense-docs/-/commit/37b9bed9905acebb16d340fae613fdb70a3a3987 Jim Pingle
12:57 PM pfSense Docs Todo #13419: Note FreeRADIUS request/response limitation
This:
> response payloads to upper limit of 4096 bytes
should be this:
> response payloads to the upper limit of... Marcos M
12:24 PM pfSense Docs Todo #13419 (Feedback): Note FreeRADIUS request/response limitation
I added the note to the authentication troubleshooting page and not the FreeRADIUS page. The limit is in pfSense soft... Jim Pingle
03:17 PM pfSense Docs Todo #9374 (Feedback): Update Virtualizing pfSense with Hyper-V recipe with more recent information
Updated: https://gitlab.netgate.com/docs/pfSense-docs/-/commit/8d7a2654b2d040da94dffc9a3520157406314a88
Should be ... Jim Pingle
12:50 PM pfSense Docs Todo #9374 (In Progress): Update Virtualizing pfSense with Hyper-V recipe with more recent information
Jim Pingle
12:35 PM Bug #12747: Restarting the logging daemon during rotation also restarts ``sshguard``, leading to frequent log messages
I am having the same issue in 22.05. Hayden Hill
12:01 PM pfSense Docs New Content #12402: Add recipe for configuring Telegram to receive notifications from pfSense software
The GUI fields for Telegram on pfSense software are already documented. All the stuff mentioned here is about configu... Jim Pingle
11:44 AM Todo #13440 (Pull Request Review): Update external HTTPS/HTTP links
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/846 Marcos M
11:39 AM Todo #13440 (Resolved): Update external HTTPS/HTTP links
There are links referenced in comments that no longer exist, have changed, or should be updated to point to https ins... Marcos M
10:20 AM Bug #13437 (Feedback): ECDSA certificate renewal causes digest algorithm to be reset to SHA1
Applied in changeset commit:9484a1cbdc2fa73cfe24681c342327729ffb6d61. Jim Pingle
09:05 AM Bug #13437 (Confirmed): ECDSA certificate renewal causes digest algorithm to be reset to SHA1
I can reproduce this here. I'll look into it. Jim Pingle
12:29 AM Bug #13437 (Resolved): ECDSA certificate renewal causes digest algorithm to be reset to SHA1
I have pfSense 2.6.0-RELEASE (amd64) Community Edition.
h3. Description:
When renewing a ECDSA certificate, the... Kevin St-Sauveur
09:27 AM Bug #13439 (Not a Bug): no emails when primary wan goes down
They work fine so long as there is a route to your mail server. If your default route is down of course the firewall ... Jim Pingle
09:21 AM Bug #13439 (Not a Bug): no emails when primary wan goes down
Dual wan setup. Failover works fine.
Email alerts work for:
primary wan up
secondary wan down
secondary wan up... jeff knight
08:31 AM Bug #13436 (Feedback): Input validation on ``system_advanced_firewall.inc`` uses incorrect variable references for some fields
PR merged Jim Pingle
08:26 AM Bug #13436: Input validation on ``system_advanced_firewall.inc`` uses incorrect variable references for some fields
Looks like a remnant of the Bootstrap GUI work many years ago, most fields were fixed in #5025 but those were apparen... Jim Pingle
07:58 AM pfSense Docs Correction #12861 (Pull Request Review): pfSense hardware tuning guide references obsolete interface loader variable & buffer limits
Jim Pingle
07:50 AM pfSense Docs Correction #13431 (Resolved): Incorrect count of /24 networks in a /5 CIDR block
Jim Pingle
04:10 AM pfSense Docs Correction #13431: Incorrect count of /24 networks in a /5 CIDR block
Thank you Abraham Samuel B. SANFO
07:49 AM pfSense Docs Correction #13433 (Resolved): Change the link for the help button on /diag_backup.php
Changed and deployed, it's live now.
https://gitlab.netgate.com/docs/pfSense-docs/-/commit/b3ba9146053a2b8876c9ca1... Jim Pingle
07:18 AM Regression #13167: DigitalOcean Dynamic DNS update fails with a "bad request" error
the issue seems to be resolved. I'm no longer getting this error. Antes Despues
02:38 AM Bug #13438 (New): No IPv6 tracked interface addresses after reboot
I have a 6rd connection over PPPoE to CenturyLink. I have IPv6 configured on LAN interface to track the WAN, plus 4 ... Daniel Engel

08/21/2022

08:01 PM Feature #701: Interface groups with NAT
Interface groups may be selected in port forwards, though there isn't a destination selection for "Interface Address"... Marcos M
12:34 PM Bug #13436 (Resolved): Input validation on ``system_advanced_firewall.inc`` uses incorrect variable references for some fields
A few fields in /usr/local/pfSense/include/www/system_advanced_firewall.inc are being incorrectly validated.
- `a... Jared Hendrickson
07:25 AM pfSense Packages Bug #13432: ups driver will not start
It seems to be the same as this issue: https://redmine.pfsense.org/issues/9849
This was on a completely new instal... Scott Lampert

08/20/2022

10:10 PM Bug #13375: Mixing VTI and disabled Tunnel Mode phase 2 entries on the same phase 1 breaks VTI gateway monitoring
This seems to affect 22.11 builds as well. Kris Phillips
10:08 PM Bug #4500: UPnP/NAT-PMP status page does not display all port mappings
Tested and seems to apply and work fine here. Kris Phillips
09:58 PM pfSense Packages Bug #13432: ups driver will not start
Actually, I tested this with an APC unit just now and the nut package and was able to connect with the generic usbhid... Kris Phillips
09:42 PM pfSense Packages Bug #13432: ups driver will not start
Hello,
I tested and was unable to reproduce this, but I don't have a Cyberpower UPS. It seems this shouldn't be l... Kris Phillips
07:57 PM pfSense Docs Correction #12861 (Feedback): pfSense hardware tuning guide references obsolete interface loader variable & buffer limits
Merge request:
https://gitlab.netgate.com/docs/pfSense-docs/-/merge_requests/49 Chris W
02:43 PM Bug #13424: CRL expiration date with default lifetime is too long, goes past UTCTime limit
I can't reproduce that here. Start a thread on the forum to discuss your problem further. Jim Pingle
02:31 PM Bug #13424: CRL expiration date with default lifetime is too long, goes past UTCTime limit
The fix doesn't work after turning off pfsense. After switching on, the error repeats. Restarting the vpn service or ... Oleg Utkin
02:42 PM Bug #13435 (Duplicate): Certification Revocation
Duplicate of #13424 Jim Pingle
02:41 PM Bug #13435 (Duplicate): Certification Revocation
When creating a new CRL (Certification Revocation) and you use the default value 9999
The Next Update date is set th... Saso Kocev
10:50 AM Feature #13411 (Pull Request Review): Packet capture does not support 6rd tunnels
Thanks for the feedback! I've addressed the issue. Marcos M
10:36 AM pfSense Plus Bug #13434 (Closed): Upgrade from 2.4.4. to 22.0x results in LAN traffic intermittently dropped for OpenVPN clients
Scenario:
- pfSense 2.4.4 AWS image with around 100 - 150 OpenVPN clients functions normally.
- After moving to... Chris W
06:57 AM pfSense Plus Bug #13430 (Not a Bug): Redundate Breadcumb Path in Diagnostics > Backup & Restore
Actually, that's the right path. If you follow each link, you'll get exactly that.
From the Status/Dashboard, yo... Danilo Zrenjanin
06:53 AM pfSense Docs Correction #13433 (Resolved): Change the link for the help button on /diag_backup.php
It would have more sense to change that link to the https://docs.netgate.com/pfsense/en/latest/backup/index.html#back... Danilo Zrenjanin
04:19 AM pfSense Packages Bug #13409: Copy button for Optional pre-shared key for this tunnel works in HTTPS mode only
The same behavior on 22.09-DEVELOPMENT (amd64)built on Fri Jul 29 06:14:54 UTC 2022
 Lev Prokofev

08/19/2022

03:51 PM pfSense Docs New Content #12791 (Resolved): Diagnostic Information for Support (pfSense)
Documentation looks good. Been using it on tickets for awhile and customers seem to understand it well.
Marking re... Christopher Cope
03:18 PM pfSense Docs Correction #13429 (Resolved): Update CRL Lifetime default value
Looks good. Marking as resolved. Christopher Cope
12:53 PM pfSense Docs Correction #13429 (Feedback): Update CRL Lifetime default value
Fixed and deployed
https://gitlab.netgate.com/docs/pfSense-docs/-/commit/9a5b5341097dccc08f99f428ed9f67cf66bacc1d Jim Pingle
04:08 AM pfSense Docs Correction #13429 (Resolved): Update CRL Lifetime default value
https://docs.netgate.com/pfsense/en/latest/certificates/crl.html#create-a-new-certificate-revocation-list... Danilo Zrenjanin
02:43 PM pfSense Packages Bug #13432 (Incomplete): ups driver will not start
I cannot get a USB-connected UPS to be recognized unless the nut usb driver is started with the "-u root" option.
... Scott Lampert
01:05 PM pfSense Docs Correction #13428 (Feedback): Firewall rules clarification
Fixed and deployed:
https://gitlab.netgate.com/docs/pfSense-docs/-/commit/07564b51b361a9351ab0ac65d2d553261de48dc8
 Jim Pingle
07:27 AM pfSense Docs Correction #13428: Firewall rules clarification
It is correct but could maybe be more clear.
It says "traffic initiated from the LAN". It does *NOT* say "traffic ... Jim Pingle
01:02 PM pfSense Docs Correction #13431 (Feedback): Incorrect count of /24 networks in a /5 CIDR block
Actually the remaining values in that whole column were off from that point down. Should be fixed shortly once the bu... Jim Pingle
11:27 AM pfSense Docs Correction #13431 (Resolved): Incorrect count of /24 networks in a /5 CIDR block
*Page:* https://docs.netgate.com/pfsense/en/latest/index.html
*Feedback:*
Good morning.
Reading "The pfSense d... Abraham Samuel B. SANFO
10:51 AM pfSense Plus Bug #13430 (Not a Bug): Redundate Breadcumb Path in Diagnostics > Backup & Restore
Version: 22.05-RELEASE
This is very minor, but I noticed a redundancy in the breadcrumb path of *Backup & Restore*... Lonnie Best
07:12 AM Bug #13424: CRL expiration date with default lifetime is too long, goes past UTCTime limit
The patch does not alter the configuration or lifetimes of existing entries, it (a) reduces the default for new CRL e... Jim Pingle
04:03 AM Bug #13424: CRL expiration date with default lifetime is too long, goes past UTCTime limit
Tested the patch:... Danilo Zrenjanin

08/18/2022

11:44 PM pfSense Packages Bug #10693: pfSense Bind Zone Editor UI does not update zone serial number when a change is made
Andrzej Milewski wrote in #note-3:
> I have BIND version 9.16-11 package and pfSense version 2.5.2. Serial number no... Gabriel Millerd
04:57 PM pfSense Docs Correction #13428 (Resolved): Firewall rules clarification
In https://docs.netgate.com/pfsense/en/latest/firewall/rule-methodology.html, the following text is, at best, unclear... Dave Madsen
08:11 AM Bug #13424: CRL expiration date with default lifetime is too long, goes past UTCTime limit
The patch has been committed into the System Patches package and will be available to users there soon once some work... Jim Pingle
08:09 AM Bug #13423: IPv6 neighbor discovery protocol (NDP) fails in some cases
Pim Pish wrote in #note-3:
> Here's a similar case.
> https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=263288
W... Jim Pingle
02:33 AM Bug #13423: IPv6 neighbor discovery protocol (NDP) fails in some cases
Here's a similar case.
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=263288 Pim Pish
04:20 AM Bug #10792: Crash when switching interface off and on again in cohesion with multicast
I probably made a mistake. Every thing is still working including the GUI. Note that there seems to be two versions o... Louis B
01:54 AM Feature #13411: Packet capture does not support 6rd tunnels
Thanks; I can confirm that this works.
* Installs cleanly with the System Patches tool
* Provides the option to ca... Daniel Engel

08/17/2022

02:55 PM Bug #13424 (Feedback): CRL expiration date with default lifetime is too long, goes past UTCTime limit
Applied in changeset commit:a3c1589086ea67d25a28ec14ab95d7fd9ab25fa2. Jim Pingle
01:44 PM Bug #13424: CRL expiration date with default lifetime is too long, goes past UTCTime limit
Applied diff manually.
Restarted OpenVPN server service, bingo, it works!
Thanks! Greg M
11:11 AM Bug #13424 (Pull Request Review): CRL expiration date with default lifetime is too long, goes past UTCTime limit
MR: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/842
Diff attached for testing.
 Jim Pingle
10:40 AM Bug #13424 (Resolved): CRL expiration date with default lifetime is too long, goes past UTCTime limit
The default lifetime on internal CRLs is 9999 which as of now lands the expiration of a CRL past 2050. The CRL librar... Jim Pingle
02:55 PM Bug #13425 (Feedback): Invalid alias name can still be used by code attempting to validate URL table content
Applied in changeset commit:db0cdbc8e77a47b45a6da4061e5d8e59e0fc592d. Jim Pingle
02:09 PM Bug #13425 (Resolved): Invalid alias name can still be used by code attempting to validate URL table content
When validating an alias on save, the name is checked for validity, however the name is still used during validation ... Jim Pingle
02:55 PM Bug #13426 (Feedback): ``status.php`` uses ``<name>`` component of ``/tmp/rules.packages.<name>`` filenames in shell command without encoding
Applied in changeset commit:4d9dd165e471394bb2ca520d56f8d8f9a82bb99a. Jim Pingle
02:16 PM Bug #13426 (Resolved): ``status.php`` uses ``<name>`` component of ``/tmp/rules.packages.<name>`` filenames in shell command without encoding
If there is a file named @/tmp/rules.packages.|<command>|.txt@, then when an authenticated GUI user loads @status.php... Jim Pingle
01:52 PM Bug #12938: Incorrect warning from ``radvd`` about ``AdvRDNSSLifetime`` value
I still get thousands of messages like:... Louis B
01:14 PM Regression #13420: TCP traffic sourced from the firewall can only use the default gateway
Tested:
2.5.0 - Passes TCP traffic from both WANs
2.5.1 - Fails as described
2.5.2 - Fails as described
2.6.0 - F... Steve Wheeler
08:38 AM Regression #13420: TCP traffic sourced from the firewall can only use the default gateway
Tested:
22.09.a.20220729.0600 - same behaviour
21.02.2-rel - same behaviour
21.02-rel - works as expected
<pre... Steve Wheeler
06:46 AM Regression #13420: TCP traffic sourced from the firewall can only use the default gateway
Attached rules from the tested firewall in 22.05. Steve Wheeler
10:52 AM Bug #10792: Crash when switching interface off and on again in cohesion with multicast
I changed my pfSense disk (SSD) for which reason I had to reinstall pfSense. After installing CE 2.7.0 version Fri Au... Louis B
10:16 AM Bug #13423: IPv6 neighbor discovery protocol (NDP) fails in some cases
A few other details:
This seems to only affect GUA (and possibly ULA) addresses, Link Local addresses always respo... Jim Pingle
09:57 AM Bug #13423 (Resolved): IPv6 neighbor discovery protocol (NDP) fails in some cases
This is proving fairly difficult to pin down a set of "steps to duplicate." In some cases an IPv6 interface seems to ... Chris Linstruth
09:32 AM Feature #13422 (Duplicate): Add a 'type' field to the DHCPv6 server Additional BOOTP/DHCP Options
In the IPv4 DHCP server the Additional BOOTP/DHCP Options allow setting the option type. Currently the DHCPv6 server ... Steve Wheeler
06:36 AM pfSense Plus Feature #12832: 6100 configurable Blinking Blue LED
shawn butts wrote:
> The blinking blue like for "normal operation status" feels like an "everything is ok ALARM!!!!"... Jonas R

08/16/2022

11:28 PM pfSense Packages Bug #13412: SquidGuard, Rewrite rules, only one sub-rule will work if more than one sub-rule defined
Here's a workaround for this issue however seems the workaround will not stay after network disconnection etc.or some... UserPfbUg User
09:11 PM pfSense Packages Bug #13421 (New): Stunnel certificate does not refresh
I use stunnel with ACME certificates which expires every 90 days. When the certificate is 6í days old ACME auto refre... A Schnee
06:39 PM Regression #13420: TCP traffic sourced from the firewall can only use the default gateway
This only affects traffic sourced from the firewall itself. Policy routed traffic from other local subnets opens stat... Steve Wheeler
06:32 PM Regression #13420 (Resolved): TCP traffic sourced from the firewall can only use the default gateway
Traffic sourced from the firewall itself will always open states on the interface with the default system route. Even... Steve Wheeler
03:49 PM Feature #13411: Packet capture does not support 6rd tunnels
It should work on 22.05 and 2.7. Here's the patch specifically for 2.6 though. Marcos M
03:02 PM Feature #13411: Packet capture does not support 6rd tunnels
I can't say whether the patch makes any difference or not; I cannot apply it:... Daniel Engel
02:58 PM pfSense Docs Todo #13419 (Resolved): Note FreeRADIUS request/response limitation
Add the following note to:
https://docs.netgate.com/pfsense/en/latest/packages/freeradius.html#troubleshooting-radiu... Marcos M
02:12 PM Feature #12982: Add support for RFC7499 in RADIUS library.
Hello Christian,
thank you VERY MUCH for looking into this. Any sort of workaround or patch would be GREATLY appr... Frank Lee
10:16 AM Regression #13323: Captive Portal breaks policy based routing for MAC address bypass clients
The comment ... Flole Systems
 

Also available in: Atom