Project

General

Profile

Activity

From 10/18/2022 to 11/16/2022

11/16/2022

05:49 PM pfSense Packages Bug #13642 (In Progress): PHP Error: frr_zebra.inc:159
Reid Linnemann
05:48 PM pfSense Packages Bug #13642 (Confirmed): PHP Error: frr_zebra.inc:159
Reid Linnemann
05:48 PM pfSense Packages Bug #13642: PHP Error: frr_zebra.inc:159
Root cause of this appears to be an empty <config> element being written under the frrglobalroutemaps package. Due to... Reid Linnemann
05:42 PM Bug #12552: "Pull DNS" option within OpenVPN client does not cause pfSense to use DNS servers assigned by remote OpenVPN server
Are there any updates on this issue? I am having exactly the same problem and I am on pfSense Plus 22.05 Alex Stoev
05:32 PM Revision 9c2b9b78: Replace direct config accesses to system/webgui paths in system_advanced_admin.inc. Fixes #13659
Also move default assignment of $pconfig['webguiproto'] to 'http' from
system_advanced_admin.php to system_advanced_a... Reid Linnemann
02:57 PM Bug #13671: DHCP client can fail permanently if an interface is down at boot
A workaround for this issue is to delay pfSense booting to allow an upstream device time to bring up the link.
This ... Steve Wheeler
02:54 PM Bug #13671 (Resolved): DHCP client can fail permanently if an interface is down at boot
If when the WAN is brought up at boot launching dhclient the interface is down it will fail and stop:... Steve Wheeler
02:07 PM Regression #13670 (Resolved): AES-NI support is built into the kernel on snapshots instead of being a module
AES-NI is activated in Advanced/Miscellaneous but dashboard system status shows AES-NI present but inactive
ps thi... johnny stecchino
12:46 PM Regression #13669 (Duplicate): Status / Services doesn't show correct OpenVPN status
When stopping the OpenVPN service from Status > Services, it shows disabled instead of stopped. It can be started aga... Danilo Zrenjanin
12:37 PM pfSense Packages Regression #13668 (Duplicate): Unable to start FRR from Status > Services
When stopping FRR from Status > Services, it shows disabled instead of stopped and can't be restarted from the GUI. I... Danilo Zrenjanin
11:54 AM Bug #13014: Deadlock in Charon VICI interface
EDIT:
Disregard this. Did not permanently resolve the issue, but only seemed to help slow it down.
ORIGINAL:
Anot... Kris Phillips
11:50 AM Bug #13659 (Feedback): replace direct config accesses for system/webgui paths in system_advanced_admin.inc
Applied in changeset commit:9c2b9b78c150b27850c56dbf2df0260ba13b00fe. Reid Linnemann
10:19 AM pfSense Plus Bug #13667: QuickAssist hardware not recognized
I've checked, and the only other use of pciconf in the GUI is intended for human consumption (on the status.php page)... Kristof Provost
10:16 AM pfSense Plus Bug #13667 (Pull Request Review): QuickAssist hardware not recognized
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/933
See also #13491 Kristof Provost
06:34 AM pfSense Plus Bug #13667 (Duplicate): QuickAssist hardware not recognized
see https://forum.netgate.com/topic/175893/quickassist-doesn-t-seem-to-be-working
This is part of a larger issue a... johnny stecchino
09:03 AM Bug #13662: Setting a limiter queue length greater than 100 prevents the limiter from loading
Setting the queue length on the child queue AND parent scheduler worked! (also have to keep this bug in mind #13158) Marcos M
07:56 AM Bug #13662: Setting a limiter queue length greater than 100 prevents the limiter from loading
Increasing the queue lengths of the individual queues appears to help. I tested with a queue of 5000 at 100Mbps. Incr... Kristof Provost
08:48 AM pfSense Packages Regression #13657: pfblockerng.widget.php Error - Pfsense 2.7 Fri Nov 11 06:30:07 UTC 2022 Build
Duplicate of https://redmine.pfsense.org/issues/13619 BBcan177 .
08:18 AM pfSense Packages Bug #13665 (Confirmed): Unable to start Wireguard from Status > Services
I can confirm this behavior.
Tested on the:... Danilo Zrenjanin

11/15/2022

08:36 PM Revision 9d6fc9e4: Merge pull request #4604 from luckman212/fix-func-args-in-gwlb.inc
Jim Pingle
08:30 PM Revision 3ae365f4: Removed unused filter_flush_nat_table, fix typo. Fixes #12757
Jim Pingle
07:50 PM Revision 6628b730: More Rector integration
Christian McDonald
07:46 PM Revision 0a960600: Add support for custom Rectors.
Christian McDonald
07:21 PM Revision d35a18fc: RemoveUnusedForeachKeyRector runresults
Christian McDonald
07:14 PM Revision 1eba2bc4: Remove dead statement as per rector
Christian McDonald
06:49 PM Revision bd9c894d: Update `Submitting a Pull Request via GitHub` link
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> Josh Soref
06:49 PM Revision 4864d7f6: Spelling fixes. Fix #13357
Bugs:
* Incorrect input validation for `dhcp6c` `keyinfo expire` `forever` keyword in `interfaces.inc`.
* Incorrect i... Josh Soref
06:46 PM Revision 6eaada18: Cleanup some unreachable statements as per Rector.
Christian McDonald
06:45 PM Revision 585d63b4: Merge pull request #4596 from luckman212/update-rc.initial-202206
Jim Pingle
06:41 PM Revision 9e3798fb: Merge pull request #4606 from KoenZomers/DNSExitFix
Jim Pingle
06:39 PM Revision 4a1354d1: Merge pull request #4605 from kaedros/master
Jim Pingle
06:15 PM Regression #13666 (Resolved): Assigned bridge interfaces are not configured at boot
Under some circumstances a bridge interface assigned as LAN is not configured correctly at boot. It comes up without ... Steve Wheeler
06:03 PM Revision a637e8ec: Remove duplicate reserved alias names. Fix #13524
Marcos M
06:03 PM Revision c77e381e: Respect bind interfaces in unbound. Fix #13393
Marcos M
05:59 PM Revision e289a583: Also create DHCPv6 rules for interfaces with static IPv6. Fix #13633
Marcos M
05:23 PM Revision bfa54b82: Add initial support for Rector dev tooling.
Christian McDonald
04:52 PM pfSense Packages Bug #13665: Unable to start Wireguard from Status > Services
Using Wireguard 0.1.6_3 Christopher Cope
04:34 PM pfSense Packages Bug #13665 (Duplicate): Unable to start Wireguard from Status > Services
When stopping Wireguard from Status > Services it shows disabled instead of stopped and can't be restarted from the G... Christopher Cope
04:41 PM Revision e8c09d18: Update/cleanup DHCP 4/6 server text. Fixes #13250
Jim Pingle
03:00 PM Revision 26da7653: Correct typo. Fixes #13663
Jim Pingle
02:49 PM pfSense Plus Bug #13664 (Resolved): GUI allows configuring OpenVPN DCO with incompatible options (TCP, compression, TAP, net30)
When DCO mode is enabled for OpenVPN, the GUI allows configuring options which are currently incompatible with OpenVP... Jim Pingle
02:38 PM Bug #13408 (Feedback): PF can fail to load a new ruleset
Jim Pingle
02:37 PM Bug #13295 (Feedback): Incorrect function parameters for ``get_dpinger_status()`` call in ``gwlb.inc``
PR merged Jim Pingle
02:35 PM Bug #12947 (Feedback): Old IPv6 addresses may continue to be used after DHCP or RA changes
This needs re-tested since snapshots are on FreeBSD 14-CURRENT (main) now the change noted above is in the tree. I ch... Jim Pingle
02:31 PM Bug #12757 (Feedback): Clean up use of ``pfctl -F`` in ``/etc/inc/filter.inc``
Changes made manually since the PR had conflicts and it was a small diff.
 Jim Pingle
02:28 PM Bug #12920 (Feedback): Gateway behavior differs when the gateway does not exist in the configuration
The last MR was merged a while ago. If there are still problems here we need a detailed list of incorrect behaviors, ... Jim Pingle
02:26 PM Bug #12673 (New): Firewall Logs Dashboard Widget is slow and may fail to update
Needs re-checked to see if it's still a problem and it needs to account for the items I mentioned in the MR. The valu... Jim Pingle
02:24 PM Feature #12464 (New): Option to control log level of authentication messages in system logs ("Emergency" vs "Notice" level)
Needs re-designed as I suggested, just lowering the log level unilaterally will have other unintended effects.
 Jim Pingle
02:23 PM Bug #12385 (Rejected): deleteVIP() does not check 1:1 NAT and Outbound NAT rules
There is no easy way to determine if this is a fatal error or not. If the upstream routes the block to the firewall, ... Jim Pingle
01:03 PM Revision 231fc598: While here, reduce a few differences with Plus.
Luiz Souza
12:58 PM Revision 2984a4b1: Update the loader.conf filter list.
This remove the duplicate entries for the settings added by pfSense.
Sync with the current Plus defaults. Luiz Souza
12:51 PM Revision ce1cf189: Update the EFI loader from the package installation script.
The simply action of installation the script will perform the loader update. Luiz Souza
12:50 PM Todo #13357 (Feedback): Spelling and typo corrections
PR merged Jim Pingle
12:46 PM Bug #13258 (Feedback): Hidden menu option ``100`` incorrectly handles HTTPS detection
PR merged Jim Pingle
12:42 PM Regression #13303 (Feedback): DNSExit Dynamic DNS updates no longer work
PR https://github.com/pfsense/pfsense/pull/4606/files Merged Jim Pingle
12:41 PM Bug #13298 (Feedback): Dynv6 Dynamic DNS client does not check the response code when updating
PR Merged. Jim Pingle
12:25 PM Regression #13420 (Feedback): TCP traffic sourced from the firewall can only use the default gateway
Now that we are on main-based builds this needs retested/reconfirmed. Jim Pingle
12:24 PM Regression #13459 (Feedback): Automatic ``reply-to`` bypass for traffic in the same subnet is no longer functioning in main builds
Jim Pingle
12:23 PM Regression #12549: Per-user Mobile IPsec settings are not applied to connecting mobile clients
Still needs more thought here. The differences in client behavior and which values they send may make this impossible... Jim Pingle
12:19 PM Feature #13304 (Feedback): ALTQ GUI support for Broadcom Netextreme II (``bxe``) interfaces
Jim Pingle
12:10 PM Todo #13524 (Feedback): Update reserved alias names
Applied in changeset commit:a637e8eccca0955a2ca8d97f18d94f7fca8c8bc2. Marcos M
12:10 PM Bug #13393 (Feedback): DNS Resolver responds with unexpected source address when the DNS over TLS server function is enabled
Applied in changeset commit:c77e381e5c408172cb20a565a3fdfd998fc983d1. Marcos M
12:05 PM Bug #13633 (Feedback): DHCPv6 rules are not created for interfaces with static IPv6
Applied in changeset commit:e289a583abbf90eeab67c057f9b92d732ba70448. Marcos M
11:05 AM Todo #13250 (Feedback): Clean up DHCP Server option language
Applied in changeset commit:e8c09d18f12996e1652a636de49f00f75d60b772. Jim Pingle
09:30 AM Todo #13250 (In Progress): Clean up DHCP Server option language
Jim Pingle
10:23 AM Todo #13644 (In Progress): Enable ALTQ support in cxgbe(4)
Yes, cxl should also be removed. It doesn't support altq either, that's what I was testing with. Expect an additional... Steve Wheeler
10:05 AM Todo #13644: Enable ALTQ support in cxgbe(4)
Kristof Provost wrote in #note-1:
> Unfortunately it's not straightforward to re-enable ALTQ support in the cxgbe(4)... Victor Coss
09:19 AM Regression #13660: PHP8.1 error after applying floating rules changes
I managed to trigger this a couple more times while changing limiter settings and simply browsing to the floating rul... Marcos M
09:15 AM Bug #13662: Setting a limiter queue length greater than 100 prevents the limiter from loading
The bandwidth limits I have are 140 up 9 down and the issue persists there even with a queue length of 1400/90. Marcos M
09:06 AM Bug #13662: Setting a limiter queue length greater than 100 prevents the limiter from loading
Does it help to increase the queue length there? Normally we recommend setting it to >= 1000 for 100Mbit/s and even h... Jim Pingle
09:00 AM Bug #13662: Setting a limiter queue length greater than 100 prevents the limiter from loading
There's something very odd going on with this. I can reproduce the problem, but only if I set the pipe bandwidth suff... Kristof Provost
09:10 AM Regression #13663 (Feedback): WIFI interface configuration creates invalid xml
Applied in changeset commit:26da7653ee52f45ed36157cf5192b167f408d0de. Jim Pingle
09:07 AM Regression #13663: WIFI interface configuration creates invalid xml
Yup, that fixes it here. Steve Wheeler
09:01 AM Regression #13663 (In Progress): WIFI interface configuration creates invalid xml
Looks like it's a typo in a key name.... Jim Pingle
08:51 AM Regression #13663 (Resolved): WIFI interface configuration creates invalid xml
Saving the config for a wifi interface creates a bad config file causing it to be rejected and rolled back:... Steve Wheeler
02:59 AM Feature #13639: Add custom DSCP value in firewall rules
Marcos M wrote in #note-5:
> Odd, it worked fine here. I attached the patch for different versions - try the one spe... Marc Turin

11/14/2022

11:44 PM Revision b1972170: Correct codelq shaper input validation for firewall_shaper.php. Fixes #13661
Ensure all bandwidth values are cast to int before applying arithmetic to the
return value of get_bandwidth_typescale... Reid Linnemann
09:02 PM Revision d55227f4: Misc EasyRule updates/fixes.
* Addresses several known issues in EasyRule. Fixes #13445
* Updates syntax to new style for PHP 8.1. Fixes #13627 Jim Pingle
08:52 PM Revision 834732a5: Add devel/pecl-xdebug to poudriere_bulk
Christian McDonald
08:27 PM Revision 9a9a6b3e: Fix config_del_path() if the node doesn't exist
If the node we're trying to delete with config_del_path() doesn't exist
array_del_path() will fail as follows:
Fatal... Kristof Provost
08:27 PM Revision 3f5702a9: Add bxe to the ALTQ capable interfaces list
Redmine: #13304 Kristof Provost
07:01 PM Bug #13662 (Resolved): Setting a limiter queue length greater than 100 prevents the limiter from loading
h3. Issue
Traffic is not limited based on the weight value within WF2Q+ queues resulting in higher-weighted queue ... Marcos M
06:02 PM pfSense Packages Feature #9833: ACME: add ability to use custom ACME server
+1, we have completed a rollout of step-ca to our enterprise and would really appreciate this feature as well.
This ... Karl Ribich
05:55 PM Regression #13661 (Feedback): Input validation issues on firewall_shaper.php
Applied in changeset commit:b1972170a9d4bbc12ca6e35f861980f7d4b0d525. Reid Linnemann
05:19 PM Regression #13661 (Resolved): Input validation issues on firewall_shaper.php
On the firewall_shaper.php page, when I create a new shaper without setting a bandwidth I see this error:... Reid Linnemann
03:58 PM Revision 6600b09f: Backup/Restore fixes for dup SSH/RRD. Issue #13132
Fixes for multiple SSHDATA or RRDDATA sections in config.xml
* On backup, strip out any existing SSH and RRD data se... Jim Pingle
03:40 PM Bug #13633: DHCPv6 rules are not created for interfaces with static IPv6
Patch works as expected and is required in current snapshots.
Tested:... Steve Wheeler
03:10 PM Regression #13627 (Feedback): PHP: Easyrule from the firewall log
Applied in changeset commit:d55227f4e8b73000eefc60c5d0e479f3ab26e214. Jim Pingle
11:19 AM Regression #13627 (In Progress): PHP: Easyrule from the firewall log
Jim Pingle
03:10 PM Bug #13445 (Feedback): ``easyrule`` CLI script has multiple bugs and undesirable behaviors
Applied in changeset commit:d55227f4e8b73000eefc60c5d0e479f3ab26e214. Jim Pingle
11:19 AM Bug #13445 (In Progress): ``easyrule`` CLI script has multiple bugs and undesirable behaviors
See also: #13627 Jim Pingle
02:28 PM Feature #13304 (Ready To Test): ALTQ GUI support for Broadcom Netextreme II (``bxe``) interfaces
Done in https://gitlab.netgate.com/pfSense/pfSense/-/commit/3f5702a9ba507f22abbb4e77063fc9dccad34f69
That should b... Kristof Provost
12:04 PM Regression #13660 (Resolved): PHP8.1 error after applying floating rules changes
Tested on @23.01.a.20221114.0600@
After applying floating rules changes, the following error showed under the rule... Marcos M
11:56 AM Regression #13026: Limiters do not work
The originally described scenario works fine on current snapshots for me. That is; Limiters applied via a floating ou... Steve Wheeler
08:05 AM Regression #13026: Limiters do not work
I've tested a recent CE snapshot and see correct limiting both up and down, with a gateway set on the floating rule.
... Kristof Provost
11:36 AM Bug #13659 (Resolved): replace direct config accesses for system/webgui paths in system_advanced_admin.inc
Brad Davis
10:17 AM Bug #13132 (Feedback): Multiple ``<sshdata>`` or ``<rrddata>`` sections in ``config.xml`` lead to an XML parsing error during restore
Fixed by commit:6600b09f72ca2fddfaae0f834b211689c3d32655 Jim Pingle
10:11 AM Bug #13132: Multiple ``<sshdata>`` or ``<rrddata>`` sections in ``config.xml`` lead to an XML parsing error during restore
When testing this fix, be sure to test the following scenarios:
* Add sections to the live config.xml before takin... Jim Pingle
09:45 AM Bug #13132 (In Progress): Multiple ``<sshdata>`` or ``<rrddata>`` sections in ``config.xml`` lead to an XML parsing error during restore
I see a couple problems here. One, code that removed duplicate sections on backup (#10508) got unintentionally remove... Jim Pingle
09:49 AM Feature #13658: Autofill Mask (Prefix-Length) Drop-Down if IP-Adress Field ends with /XX
Interesting idea but I'm not sure how viable it will be, especially on large forms like aliases.
In most OS/browse... Jim Pingle
09:36 AM Feature #13658 (New): Autofill Mask (Prefix-Length) Drop-Down if IP-Adress Field ends with /XX
Currently (V2.6.0 pfsense CE) It is a bit tedious to enter IP adresses with
known netmask.
You have to enter the ad... Christian Schroeder
07:20 AM pfSense Packages Feature #12789 (Resolved): Show expiration date of certificates in the ACME package list
Jim Pingle
03:43 AM Bug #13280: Entries for ``net.link.ifqmaxlen`` duplicated in ``/boot/loader.conf``
I cannot reproduce this on either CE (20221111) or Plus (of a similar vintage). Does this problem still occur on rece... Kristof Provost
01:11 AM pfSense Packages Bug #13641: PHP Error: squid.inc:852
on 23.01-DEVELOPMENT (built on Fri Nov 11 06:05:57 UTC 2022) when I tried to install Squid I got
_Fatal error: Uncaug... Azamat Khakimyanov

11/13/2022

09:38 PM pfSense Packages Regression #13657 (Duplicate): pfblockerng.widget.php Error - Pfsense 2.7 Fri Nov 11 06:30:07 UTC 2022 Build
Crash report begins. Anonymous machine information:
amd64
14.0-CURRENT
FreeBSD 14.0-CURRENT #0 devel-main-n2558... RED SKULL
12:19 PM Regression #13593 (Resolved): pfSense-repo.abi left at FreeBSD:14:amd64 after changing update branch to DEVEL and back
Steve Wheeler
06:51 AM pfSense Packages Bug #13587: Zabbix-agent62 install fails
Trying to install on version pfsense 2.6
>>> Installing pfSense-pkg-zabbix-agent62...
Updating pfSense-core ... Marcio Gomes

11/12/2022

07:40 PM Feature #13656 (Duplicate): Add UI Elements for Priority Control Point on Interfaces
With the addition of PCP VLAN0 tagging support in FreeBSD and introduction into pfSense Plus 23.01 we should add a UI... Kris Phillips
07:36 PM Regression #12821: Intel e1000 driver (``em``, ``igb``) cannot pass packets tagged with VLAN ``0``
With the introduction of native PCP VLAN0 tagging in pfSense Plus 23.01 and the new bridge filtering to pass along EA... Kris Phillips
07:31 PM pfSense Plus Bug #13206: SG-3100 LED GPIO hangs
Graham Collinson wrote in #note-5:
> I can confirm it's happening for me on a 22.01 3100 firewall.
> I haven't seen i... Kris Phillips
07:10 PM pfSense Packages Feature #13643: FRR - Display what BGP is advertsing to its neighbors

it could be added as "vtysh command " similar to Diagnostics>Command Prompt .
only "show" Commands (not conf. c... Alhusein Zawi
06:40 PM Bug #13600: Saving a DDNS entry can lead to the GUI timing out.
I am unable to recreate this issue on the Nov 11th builds of 23.01. When clicking save or save and force update afte... Kris Phillips
06:14 PM Regression #13593: pfSense-repo.abi left at FreeBSD:14:amd64 after changing update branch to DEVEL and back
Tested this on my 22.05 box as well. Looking good. This can be marked as Resolved. Kris Phillips
03:40 PM Regression #13593: pfSense-repo.abi left at FreeBSD:14:amd64 after changing update branch to DEVEL and back
much happier now, I had a 22.05 VM that was unable to check for updates after switching to dev branch last week. Now ... Jordan G
06:04 PM Bug #13425: Invalid alias name can still be used by code attempting to validate URL table content
when attempting to save an alias in 23.01.a.20221111.0600 include an additional / at the end of a URL results in
<... Jordan G
03:18 PM pfSense Packages Feature #12789: Show expiration date of certificates in the ACME package list
ACME v0.7.3 now displays when the certificate was last renewed as well as the issued certificate validity from and un... Jordan G
01:33 PM pfSense Packages Bug #13642: PHP Error: frr_zebra.inc:159
There is a different redmine for that issue:
https://redmine.pfsense.org/issues/13564 Danilo Zrenjanin
01:19 PM pfSense Packages Bug #13642: PHP Error: frr_zebra.inc:159

The issue occurs when adding a route map
PHP errors:
PHP ERROR: Type: 1, File: /usr/local/pkg/frr/inc/frr_zebra... Alhusein Zawi
01:20 PM Regression #13026 (New): Limiters do not work
I can confirm that limiters work fine until you define a specific gateway in the rule where the limiters are applied.... Danilo Zrenjanin
10:11 AM Bug #13655 (Resolved): DNS Forwarder (``dnsmasq``) is using an invalid combination of options when "Query DNS servers sequentially" is enabled
dnsmasq is always getting the --all-servers option added in https://github.com/pfsense/pfsense/blob/29e534800a56f21bd... Flole Systems
06:05 AM pfSense Packages Bug #13654 (New): Wireguard does not fail back failover WAN setup.
I have this main WAN connection that is quite unstable. So I set up a 4G router on the OPT port on netgate 1100. This... Frode Martin
03:07 AM pfSense Packages Bug #13653 (Confirmed): FreeRadius package 0.15.8_1 on 23.01 doesn't write user's info to /usr/local/etc/raddb/users file.
Tested on the:... Danilo Zrenjanin
02:31 AM pfSense Packages Bug #13653 (Duplicate): FreeRadius package 0.15.8_1 on 23.01 doesn't write user's info to /usr/local/etc/raddb/users file.
FreeRadius package 0.15.8_1 on 23.01 doesn't write user's info to /usr/local/etc/raddb/users file.
@lrwxr-xr-x ... Lev Prokofev

11/11/2022

09:14 PM Revision 0e6c4d62: Rewrite functions for toggle & delete NAT. Fixes #13545
Christopher Cope
07:25 PM Revision 599742b0: Refine IPsec deprecation behavior. Issue #13648
P1 and P2 entries are only disabled if they have no remaining valid combinations of options. This way tunnels that ju... Jim Pingle
03:40 PM Bug #13545: Toggling NAT rules using the button method does not enable/disable corresponding firewall rules
Applied in changeset commit:0e6c4d622c6046fb76ed1e706ef3788e89be5168. Christopher Cope
03:35 PM Bug #13545 (Feedback): Toggling NAT rules using the button method does not enable/disable corresponding firewall rules
Merged. Christopher Cope
03:18 PM Feature #12070 (Resolved): Support for VLAN ``0``
Tested on... Christopher Cope
01:38 PM pfSense Plus Bug #13206: SG-3100 LED GPIO hangs
I can confirm it's happening for me on a 22.01 3100 firewall.
I haven't seen it yet on other firewalls that have bee... Graham Collinson
01:32 PM Todo #13648 (Feedback): Remove deprecated IPsec algorithms (3DES, Blowfish, and CAST 128 encryption; MD5 HMAC/Hashing)
This is now complete. See commit:599742b01436e2b99c0c2fb52cab71f5726a695d
P1 and P2 entries are only disabled if t... Jim Pingle
11:21 AM Bug #13652 (Closed): Inconsistent behavior filtering ICMP traffic
I have the following FLOATING rules to filter out unwanted ICMP traffic on the network (these are repeated for all in... Serge Caron
11:05 AM pfSense Plus Feature #13649 (Feedback): Support for ChaCha20-Poly1305 and AES-128-GCM encryption with OpenVPN DCO
Changes merged: https://gitlab.netgate.com/pfSense/factory/-/commit/8a67fe3c06a070c997873cf68b38796d6df821c0
The c... Jim Pingle
10:28 AM Regression #13593: pfSense-repo.abi left at FreeBSD:14:amd64 after changing update branch to DEVEL and back
This looks good in Plus too:... Steve Wheeler
07:54 AM Regression #13593 (Feedback): pfSense-repo.abi left at FreeBSD:14:amd64 after changing update branch to DEVEL and back
Brad Davis
01:01 AM Regression #13593: pfSense-repo.abi left at FreeBSD:14:amd64 after changing update branch to DEVEL and back
It works for me now running pfsense 2.6.0-RELEASE (amd64) Patch Public
09:22 AM pfSense Docs Correction #13651 (Closed): Writing an Installation Image to Flash Media doc
This is already noted on the document you linked.
> Note
> Etcher requires elevated privileges to write USB drive... Jim Pingle
09:18 AM pfSense Docs Correction #13651: Writing an Installation Image to Flash Media doc
the link to the document:
https://docs.netgate.com/reference/create-flash-media.html#using-etcher Georgiy Tyutyunnik
09:17 AM pfSense Docs Correction #13651 (Closed): Writing an Installation Image to Flash Media doc
On several occasions in Windows 10 and 11 the Balena Etcher would fail to flash firmware to USB or the resulting flas... Georgiy Tyutyunnik
08:48 AM Bug #13633: DHCPv6 rules are not created for interfaces with static IPv6
The 22.05 system that had the same symptom ended up being user error. However 23.01 is still an issue. Marcos M
05:03 AM Bug #13633: DHCPv6 rules are not created for interfaces with static IPv6
I couldn't replicate the issue on 22.05.
After setting the static IPv6 on the LAN interface and enabling DHCPv6 S... Danilo Zrenjanin
07:44 AM pfSense Packages Bug #13650 (Confirmed): User with a wireguard permissions not able to edit peers/tunnels
I can confirm this behavior on the:... Danilo Zrenjanin
04:04 AM pfSense Packages Bug #13650 (Resolved): User with a wireguard permissions not able to edit peers/tunnels
User with "WebCfg - VPN: WireGuard" can't edit anything. On attemt to edit got redirect to wg/vpn_wg_tunnels.php.
Lo... Andrey Hammer
02:00 AM pfSense Packages Bug #13642: PHP Error: frr_zebra.inc:159
Tested against:... Danilo Zrenjanin

11/10/2022

06:28 PM Revision 624aa476: Replace direct config accesses regarding ssh configuration. Fixes #13645
In system_advanced_admin.inc, use config interface funcs instead of direct
$config access regarding ssh configuration... Reid Linnemann
05:24 PM Revision b30acd45: Replace some direct config accesses in util.inc. Fixes #13640
Reid Linnemann
04:35 PM Regression #13593 (In Progress): pfSense-repo.abi left at FreeBSD:14:amd64 after changing update branch to DEVEL and back
This is now fixed in CE:... Steve Wheeler
04:20 PM Bug #13645 (Feedback): PHP errors regarding ssh
Applied in changeset commit:624aa476802af87c04971651cd18c6d22800d52e. Reid Linnemann
12:32 PM Bug #13645 (Pull Request Review): PHP errors regarding ssh
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/927 Reid Linnemann
12:12 PM Bug #13645 (Resolved): PHP errors regarding ssh
Found by @bdavis
With no ssh section in the config, this can be hit:... Reid Linnemann
04:18 PM pfSense Packages Bug #13641: PHP Error: squid.inc:852
This appears to perhaps have been generated post php upgrade and pre pfSense-pkg-squid upgrade, as I don't see any li... Reid Linnemann
03:51 PM Revision ba97e19f: Remove cxgbe (cc) from the ALTQ capable list
Despite what the relevant man page claimed (now fixed) the cxgbe driver
has not supported ALTQ since 2012. Do not all... Kristof Provost
03:03 PM Bug #13080 (Resolved): Cannot set EFI console as primary console when using both EFI and Serial
The user-selected behavior is respected now on both EFI and legacy consoles.
The loader menu displays the wrong st... Jim Pingle
02:41 PM pfSense Plus Feature #13649 (Resolved): Support for ChaCha20-Poly1305 and AES-128-GCM encryption with OpenVPN DCO
Copying from NG Redmine.
The @if_ovpn@ driver (in plus) and OpenVPN userspace now support ChaCha20-Poly1305 and AE... Jim Pingle
02:09 PM pfSense Packages Feature #13643: FRR - Display what BGP is advertsing to its neighbors
I do not know whether this will or will not be picked up for GUI inclusion but I wanted to put it out there that admi... Chris Linstruth
01:48 PM Feature #13639: Add custom DSCP value in firewall rules
Odd, it worked fine here. I attached the patch for different versions - try the one specific to yours. Marcos M
09:31 AM Feature #13639: Add custom DSCP value in firewall rules
Marcos M wrote in #note-1:
> For now, here's a quick patch for testing only:
> [...]
Thank for the feedback,
I ... Marc Turin
12:28 PM Todo #13648 (Resolved): Remove deprecated IPsec algorithms (3DES, Blowfish, and CAST 128 encryption; MD5 HMAC/Hashing)
FreeBSD removed support for several obsolete ciphers from its IPsec stack. See https://cgit.freebsd.org/src/commit/?i... Jim Pingle
12:22 PM Feature #13647 (Resolved): Support for ChaCha20-Poly1305 encryption with IPsec
Copying here so it gets into the release notes.
This requires changes to the FreeBSD source (https://cgit.freebsd.... Jim Pingle
11:30 AM pfSense Packages Bug #13640 (Feedback): PHP Error: util.inc:1932
Applied in changeset pfsense:commit:b30acd4516b08ebb647f674c28748a6bc685b91c. Reid Linnemann
09:54 AM Todo #13644: Enable ALTQ support in cxgbe(4)
Unfortunately it's not straightforward to re-enable ALTQ support in the cxgbe(4) driver. It has been substantially al... Kristof Provost
07:29 AM Bug #13579: Incorrect quoting of Split DNS attribute value in ``strongswan.conf``
Before closing this it would be best if someone could test a live mobile client which can consume these settings to c... Jim Pingle
01:32 AM Bug #13579: Incorrect quoting of Split DNS attribute value in ``strongswan.conf``
Tested the patch against:... Danilo Zrenjanin
03:15 AM Regression #13629: Uncaught TypeError: Cannot access offset of type string on string in /usr/local/www/services_dhcp.php
Here my DHCP configfiles Louis B
02:05 AM Regression #13629: Uncaught TypeError: Cannot access offset of type string on string in /usr/local/www/services_dhcp.php
I tested again against the:... Danilo Zrenjanin

11/09/2022

11:06 PM Revision 27a52d08: Remove invalid quotes from charon attr plugin attributes. Fixes #13579
Reid Linnemann
06:13 PM Feature #13639 (Ready To Test): Add custom DSCP value in firewall rules
Marcos M
10:49 AM Feature #13639: Add custom DSCP value in firewall rules
See attached for a quick patch for testing only. Marcos M
05:30 AM Feature #13639 (Ready To Test): Add custom DSCP value in firewall rules
Hi,
I am using custom DSCP values on a network and want to use custom DSCP fields in firewall rules.
Of the 64 ... Marc Turin
06:06 PM Bug #13393 (Pull Request Review): DNS Resolver responds with unexpected source address when the DNS over TLS server function is enabled
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/918 Marcos M
05:43 PM pfSense Packages Bug #13640 (Pull Request Review): PHP Error: util.inc:1932
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/925 Reid Linnemann
02:03 PM pfSense Packages Bug #13640: PHP Error: util.inc:1932
The box I hit this on has no aliases configured.
This is the HAProxy config that triggered it:... Steve Wheeler
08:38 AM pfSense Packages Bug #13640 (Resolved): PHP Error: util.inc:1932
... Steve Wheeler
05:42 PM pfSense Packages Bug #13513 (Pull Request Review): Cannot install Squid
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/297 Reid Linnemann
05:25 PM Bug #13579 (Feedback): Incorrect quoting of Split DNS attribute value in ``strongswan.conf``
Applied in changeset commit:27a52d0807fdb4731360ac1dbe5bf23a0155fda1. Reid Linnemann
05:00 PM Revision b51ea481: Fix setting EFI boot console type. Issue #13080
For some reason the EFI loader is forcing boot_serial=YES when it is not
set in the loader configuration. To work aro... Jim Pingle
02:56 PM Revision 81c792f0: make.conf: enable GCM for strongswan
This will also cause a rebuild, which we need to get chacha20 support
now that the kernel supports it. Kristof Provost
02:50 PM Todo #13644 (In Progress): Enable ALTQ support in cxgbe(4)
The cxgbe(4) driver is shown in documentation as supporting ALTQ but the code there appears to have had that removed ... Steve Wheeler
01:09 PM pfSense Packages Feature #13643 (New): FRR - Display what BGP is advertsing to its neighbors
There is no way to verify what the pfsense is sending to its bgp peers using the Services/FRR/Status page.
Althoug... Mike Moore
11:08 AM Bug #13080 (Feedback): Cannot set EFI console as primary console when using both EFI and Serial
The EFI loader seems to be forcing boot_serial=YES when the value is unset in the loader configuration. If we explici... Jim Pingle
08:44 AM pfSense Packages Bug #13642 (Resolved): PHP Error: frr_zebra.inc:159
This prevented boot completing. I had to uninstall FRR at the CLI.... Steve Wheeler
08:40 AM pfSense Packages Bug #13641 (Not a Bug): PHP Error: squid.inc:852
... Steve Wheeler
07:40 AM pfSense Packages Bug #11847 (Resolved): Filters not applied to PEER Groups
Jim Pingle
02:26 AM pfSense Packages Bug #11847 (Assigned): Filters not applied to PEER Groups
Tested on 22.05
I still see that filters are not applied to Peer group. But I don't think it's a Bug because:
1. ... Azamat Khakimyanov

11/08/2022

05:33 PM Bug #13638: ``fcgicli`` fails to write packets with ``nvpair`` values that exceed ``128`` bytes
fcgicli bugs fixed in freebsd-ports/devel change "2993b0084175e2d998f0f294b985371989677d7d":https://github.com/pfsens... Reid Linnemann
05:32 PM Bug #13638 (Resolved): ``fcgicli`` fails to write packets with ``nvpair`` values that exceed ``128`` bytes
Originally identified in #4521, the FastCGI implementation in fcgicli has bugs that prevent it from correctly writing... Reid Linnemann
04:01 PM pfSense Packages Bug #13612: Snort building lists is broken
Flole Systems wrote in #note-8:
> You are absolutely right, the name passed is the german version of "default", which... Bill Meeks
01:36 PM pfSense Packages Bug #13612: Snort building lists is broken
You are absolutely right, the name passed is the german version of "default", which should have been covered by the c... Flole Systems
12:58 PM pfSense Packages Bug #13612: Snort building lists is broken
I am unable to reproduce this in the current RELEASE version of the Snort package. All of the referenced lists (HOME_... Bill Meeks
12:47 PM pfSense Packages Bug #13612: Snort building lists is broken
Flole Systems wrote in #note-5:
> I didn't test it on the dev version, I only tested the latest plus and CE release v... Bill Meeks
08:55 AM pfSense Packages Bug #13612: Snort building lists is broken
I didn't test it on the dev version, I only tested the latest plus and CE release versions.
For me the check I men... Flole Systems
06:38 AM pfSense Packages Bug #13612: Snort building lists is broken
I am the Snort package maintainer and tested this in a current pfSense-2.7.0-DEVEL snapshot with the most recent Snor... Bill Meeks
03:13 PM Bug #13080 (In Progress): Cannot set EFI console as primary console when using both EFI and Serial
This had been working but stopped at some point since I tested it last.
It still prefers serial no matter what, an... Jim Pingle
12:34 PM Bug #13579: Incorrect quoting of Split DNS attribute value in ``strongswan.conf``
MR: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/922 Jim Pingle
12:24 PM Feature #13446: Upgrade PHP from 7.4 to 8.1
Fixing this up so we can use it as a parent issue for all the various PHP-related issues being tracked Jim Pingle
11:52 AM pfSense Packages Feature #13637 (New): pfBLockerNG Add suppression support for GeoIP lists
It would be useful for GeoIP to support the suppression feature and allow the CIDR to be limited as is possible with ... Marcos M
10:39 AM Revision 807e9117: ipsec: remove warnings about now removed algorithms
Redmine: #9247 Kristof Provost
10:39 AM Revision ee9bbad1: ipsec: disable any tunnels using 3des, blowfish, cast128 or md5 during upgrades
Redmine: #9247 Kristof Provost
09:09 AM Revision f9cfd6bc: ipsec: remove obsolete algorithms
These are no longer supported in FreeBSD main. Ensure they can no longer be configured.
Redmine: #9247 Kristof Provost
09:09 AM Revision 2a8d2eba: ipsec: allow CHACHA20-POLY1305 to be configured
Redmine: #9246 Kristof Provost
08:57 AM pfSense Packages Feature #13636 (New): Show all type of actions on the HAProxy page: haproxy_listeners.php
Currently when you go to the HAProxy service, you see a page with all shared frontends, some information columns and ... Steve Van Lint
07:41 AM Feature #11302: WireGuard XMLRPC sync
We are considering switching from OPNsense (because of pfSense better BGP support), which has XMLRPC synchronization ... Filip Kočí

11/07/2022

04:13 PM pfSense Packages Bug #13619: PHP Error in pfblockerNG-devel widget
BBcan177 . wrote in #note-2:
> Its calling:
>
> [...]
>
> Seems like some rules are missing the ['tracker'] ke... Reid Linnemann
01:25 PM Regression #13614 (Feedback): Cannot Edit Firewall Rules - 2.7.0-DEVELOPMENT (amd64) built on Mon Oct 31 06:05:27 UTC 2022
Applied in changeset commit:6115e76bed50888710f4852f1295461dc526d12a. Reid Linnemann
12:42 PM Bug #13585 (Closed): Multiple VPN Gateways will not completely start a boot.
Thanks! I posted a response on the forum. I'm not able to reproduce this and I don't believe there's an issue with pf... Marcos M
11:58 AM pfSense Packages Bug #12475 (Resolved): OpenVPN Client Export does not show certificate without private key
Tested and it's working - thanks! Marking resolved. Marcos M
11:28 AM pfSense Packages Bug #12475 (Feedback): OpenVPN Client Export does not show certificate without private key
Should be fixed in pkg v1.7_2 and v1.6_7
 Jim Pingle
11:48 AM pfSense Packages Regression #13570 (Resolved): openvpn-client-export php error in 2.7
Tested and it's working - thanks! Marking resolved. Marcos M
11:28 AM pfSense Packages Regression #13570 (Feedback): openvpn-client-export php error in 2.7
Should be fixed in pkg v1.7_3 and v1.6_8 Jim Pingle
11:22 AM pfSense Packages Regression #13570 (In Progress): openvpn-client-export php error in 2.7
OK, with the supplied configuration from Marcos I could reproduce it and worked up a fix. Commit coming shortly.
 Jim Pingle
10:36 AM pfSense Packages Regression #13570: openvpn-client-export php error in 2.7
Marcos M wrote in #note-8:
> There's still some access issues - visiting @vpn_openvpn_export.php@ gives the followin... Jim Pingle
10:29 AM Regression #13635 (Resolved): Interface speed and duplex selection defaults to non-default option
On 23.01, the @Speed and Duplex@ option within the interface configuration now shows @------- Media Supported by this... Marcos M
10:16 AM pfSense Packages Feature #10818: UDP Broadcast Relay
I believe it's in a good enough state where it can at least be added to the dev branch, but if/when it's merged is up... Marcos M
10:12 AM Regression #11545: Primary interface address is not always used when VIPs are present
I am having the same issue as #note-43. Marcos M
09:37 AM Todo #13634: Update default DHCPv6 rules to follow RFC8415
Proposed rules:... Marcos M
09:32 AM Todo #13634 (New): Update default DHCPv6 rules to follow RFC8415
The reason for updating these is to have "correct" rules by default. Anything that breaks RFC would potentially need ... Marcos M
08:34 AM Bug #12259 (Closed): Intel em NICs Suffering Performance Degradation on FreeBSD12
Jim Pingle
08:31 AM pfSense Packages Bug #13612: Snort building lists is broken
This affects CE aswell as Plus. Snort version is 4.1.6. Reproduction steps are described in the first comment:
Flo... Flole Systems
07:07 AM Bug #11960 (Resolved): Gateway Monitoring Traffic Goes Out Default Gateway
Tested on 21.02_2 and on 22.05
I was able to reproduce this issue on 21.02_2 but on 22.05 everything worked correc... Azamat Khakimyanov

11/06/2022

10:21 PM pfSense Packages Regression #13628: FreeRADIUS Users cleared out each time a user is add, removed, or modified
I noticed that the file can also get wiped without touching the RADIUS users at all. I haven't figured out yet how th... Gerke Max Preussner
01:57 AM pfSense Packages Regression #13628: FreeRADIUS Users cleared out each time a user is add, removed, or modified
Tested on
2.7.0-DEVELOPMENT (amd64)
built on Fri Nov 04 06:05:19 UTC 2022
FreeBSD 14.0-CURRENT
I can confirm t... aleksei prokofiev
09:31 PM Bug #13633 (Pull Request Review): DHCPv6 rules are not created for interfaces with static IPv6
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/920
Before, clients on @$ADMIN@ interface do not receive... Marcos M
09:19 PM Bug #13633 (Resolved): DHCPv6 rules are not created for interfaces with static IPv6
Tested on 23.01.
Rules are not created automatically when the DHCPv6 server is enabled on interfaces with a static... Marcos M
08:29 PM pfSense Packages Bug #13405: Wireguard: The webgui becomes excessively slow to respond with a large number of peers
I can also confirm that 50 WG peers are killing a 1537 Max device. Making changes is painful, doubled when I have to... Marc Mapplebeck
08:16 PM Feature #11302: WireGuard XMLRPC sync
Jim Pingle wrote in #note-6:
> Until the other issue is addressed, I have noted the limitation here: https://docs.net... Marc Mapplebeck
05:54 PM Todo #13524 (Pull Request Review): Update reserved alias names
Fix: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/919 Marcos M
02:29 PM Todo #13524: Update reserved alias names
Minor nit but it looks like if the keyword is included in two different sections (Like Original and New) the error me... Chris Linstruth
03:53 PM Bug #13393: DNS Resolver responds with unexpected source address when the DNS over TLS server function is enabled
This looks good now. Chris Linstruth
01:40 PM Bug #13393 (Ready To Test): DNS Resolver responds with unexpected source address when the DNS over TLS server function is enabled
Testing this again on 23.01 gives the following results:
* If @Network Interfaces@ is set to all, unbound will respo... Marcos M
11:47 AM Bug #13393: DNS Resolver responds with unexpected source address when the DNS over TLS server function is enabled
When I select LAN+Localhost in Network Interfaces I get this:... Chris Linstruth
03:03 PM pfSense Packages Bug #13632: tailscale does not survive reboot on pfsense with ram disk in use
The ram disk is configured in pfsense->System->Advanced->Miscellaneous and backup parameters are populated. Bill Flood
02:44 PM pfSense Packages Bug #13632 (Resolved): tailscale does not survive reboot on pfsense with ram disk in use
pfSense-pkg-Tailscale 0.1.0_1pfSense package Tailscale 1.26.2
pfsense 2.6.0-RELEASE (amd64)
With a properly confi... Bill Flood
02:46 PM Bug #12552: "Pull DNS" option within OpenVPN client does not cause pfSense to use DNS servers assigned by remote OpenVPN server
I just switched VPN providers and I still can't use that provider's DNS that's provided via OpenVPN. This seems like... John Williams
01:01 PM pfSense Packages Bug #13623: Snort binary package fails to install on 2.7.0-DEVEL snapshots due to luajit-openresty version problems
I also forgot to add that I do not think this _luajit_ library issue is restricted to just Snort. I suspect any packa... Bill Meeks
11:19 AM pfSense Packages Regression #13570 (New): openvpn-client-export php error in 2.7
There's still some access issues - visiting @vpn_openvpn_export.php@ gives the following error on the latest version:... Marcos M
10:47 AM pfSense Packages Bug #12475 (Confirmed): OpenVPN Client Export does not show certificate without private key
With the new version, the following error message is given when exporting a profile with an RA User server:... Marcos M
10:02 AM pfSense Packages Regression #13631 (Duplicate): FreeRADIUS fails to authenticate users
Tested on @pfSense-23.01.a.20221104.0600@. Same setup works in 22.05.
Using the FreeRADIUS package as a RADIUS aut... Marcos M
03:44 AM Regression #13629: Uncaught TypeError: Cannot access offset of type string on string in /usr/local/www/services_dhcp.php
No, the problem occurs probably on every vlan. More precise if I enable or disable the dhcp server and hit save its t... Louis B

11/05/2022

11:12 PM pfSense Packages Feature #10818: UDP Broadcast Relay
Hello Marcos M, many thanks for your great work. This package will definitely be interesting for a lot of people! Sin... James M
08:46 PM pfSense Packages Bug #13623 (Confirmed): Snort binary package fails to install on 2.7.0-DEVEL snapshots due to luajit-openresty version problems
I can confirm this bug report. Installation log matches on Nov 4th builds:
>>> Installing pfSense-pkg-snort...
... Kris Phillips
11:21 AM pfSense Packages Bug #13623: Snort binary package fails to install on 2.7.0-DEVEL snapshots due to luajit-openresty version problems
Found the change in upstream FreeBSD ports that likely caused this issue: [https://reviews.freebsd.org/D36947?id=1116... Bill Meeks
08:41 PM pfSense Packages Feature #13560: Update FreeRADIUS to version 3.0.26
FreeRADIUS has been updated to 3.2.1 in Freshports for FreeBSD14 on many platforms. Only notable that is missing is ... Kris Phillips
08:32 PM Regression #13593: pfSense-repo.abi left at FreeBSD:14:amd64 after changing update branch to DEVEL and back
I can confirm this on 22.05 when switching to the 23.01 repos as well. Kris Phillips
08:30 PM pfSense Packages Bug #13587: Zabbix-agent62 install fails
Updated title for corrected relevance. Kris Phillips
08:22 PM pfSense Packages Bug #13587: Zabbix-agent62 install fails
Tested on November 4th builds of 23.01. Issue still present in this build where it tries to install zabbix-agent62, ... Kris Phillips
08:29 PM pfSense Packages Bug #13626 (Duplicate): Zabbix Agent 6.2 installation fails
This is a duplicate of https://redmine.pfsense.org/issues/13587 Kris Phillips
08:27 PM pfSense Packages Bug #13612 (Incomplete): Snort building lists is broken
Please provide details on whether this is a CE or Plus problem and what version it affects. This ticket does not hav... Kris Phillips
08:25 PM Bug #12259: Intel em NICs Suffering Performance Degradation on FreeBSD12
Someone please close this issue. It's no longer relevant. Kris Phillips
08:20 PM pfSense Docs Todo #12461 (Resolved): Improve macOS Serial Command Instructions
Docs look good for the scope of macOS. Closing this as Resolved. Kris Phillips
05:43 PM Regression #13629: Uncaught TypeError: Cannot access offset of type string on string in /usr/local/www/services_dhcp.php
Unable to reproduce on build 2.7.0.a.20221104.0600, upgraded from 2.6.
I created a new VLAN, gave it an allow all ... Chris W
01:31 PM Regression #13629: Uncaught TypeError: Cannot access offset of type string on string in /usr/local/www/services_dhcp.php
here a copy of the messages from a few minutes ago Louis B
01:27 PM Regression #13629: Uncaught TypeError: Cannot access offset of type string on string in /usr/local/www/services_dhcp.php
At this moment I am running the same version and did the test again. No problem to reproduce the problem at all.
I d... Louis B
11:33 AM Regression #13629: Uncaught TypeError: Cannot access offset of type string on string in /usr/local/www/services_dhcp.php
I couldn't replicate this issue on the:... Danilo Zrenjanin
02:37 PM Bug #9035: Inactive Interfaces are Hidden in Firewall Rules

does " inactive" mean disabled interface? Alhusein Zawi
02:04 PM Regression #13618 (Confirmed): Creating URL Table (IPs) alias fails on applying
Confirmed on build 2.7.0.a.20221104.0600
In Firewall > Alias, I added five URL type aliases. Clicked save and PHP-... Chris W
12:47 PM Bug #13545: Toggling NAT rules using the button method does not enable/disable corresponding firewall rules
Tested the patch against:... Danilo Zrenjanin
11:44 AM pfSense Packages Bug #13589 (Confirmed): PHP Errors during cellular package installation on CE 2.7
Danilo Zrenjanin
11:25 AM Regression #13627: PHP: Easyrule from the firewall log
Tested the patch against:... Danilo Zrenjanin
01:09 AM pfSense Docs New Content #13401 (Resolved): Best practices doc for rotating credentials and keys
It looks good!
I am marking this ticket resolved. Danilo Zrenjanin

11/04/2022

09:10 PM Revision 6115e76b: Replace direct config accesses in firewall_rules_edit.php. Fixes #13614
Reid Linnemann
05:41 PM Regression #13381 (Resolved): Software VLAN tagging does not work on ``ixgbe(4)`` interfaces
This fix is now merged into 23.01 and works in current snapshots:... Steve Wheeler
05:01 PM Revision 758ee42a: Revert "Change OpenVPN auth to php-cgi for the time being. Fixes #4521"
This reverts commit 1bfdb794cb2a06932da0029ca37f9727c3f74274. Reid Linnemann
03:31 PM Regression #13627 (Pull Request Review): PHP: Easyrule from the firewall log
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/916
This only happens if there are no OpenVPN servers ... Christopher Cope
03:15 PM Regression #13614 (In Progress): Cannot Edit Firewall Rules - 2.7.0-DEVELOPMENT (amd64) built on Mon Oct 31 06:05:27 UTC 2022
There's a direct config array access here that needs to be replaced with the accessor func. Reid Linnemann
02:49 PM Bug #13630 (New): Automatic Configuration Backup system using weak TLS settings
The backend for ACB is using weak TLS settings. Pleas see the following report from SSL Labs: https://www.ssllabs.co... KStar Runner
01:43 PM Regression #13629 (Duplicate): Uncaught TypeError: Cannot access offset of type string on string in /usr/local/www/services_dhcp.php
when switching a vlan related DHCP-server off there is a php crash (2.7 bsd 14)
Fatal error: Uncaught TypeError: C... Louis B
12:17 PM Bug #13538 (Resolved): Deleting an alias marks the subsystem as unclean but also unconditionally reloads the filter configuration
Tested on... Christopher Cope
12:11 PM Bug #4521: OpenVPN authentication and certificate validation fail due to size of data passed through ``fcgicli``
fcgicli restored to execution of ovpn_auth_verify_* in "758ee42ae096fee8436efc89f2c9bcc4ae7ea23d":https://github.com/... Reid Linnemann
11:34 AM Bug #4521: OpenVPN authentication and certificate validation fail due to size of data passed through ``fcgicli``
fcgicli bugs fixed in freebsd-ports/devel change "2993b0084175e2d998f0f294b985371989677d7d":https://github.com/pfsens... Reid Linnemann
12:07 PM Regression #11545 (In Progress): Primary interface address is not always used when VIPs are present
The IPv6 GIF interfaces still have an issue here. The interface address is reported properly by the GUI now, but the ... Jim Pingle

11/03/2022

07:35 PM pfSense Packages Regression #13628: FreeRADIUS Users cleared out each time a user is add, removed, or modified
Other package dependencies:
_bash-5.2.2_1
freeradius3-3.0.25
python39-3.9.15 _ Gerke Max Preussner
07:34 PM pfSense Packages Regression #13628: FreeRADIUS Users cleared out each time a user is add, removed, or modified
My _freeradius3_ package is on 0.15.8_1 Gerke Max Preussner
07:31 PM pfSense Packages Regression #13628 (Resolved): FreeRADIUS Users cleared out each time a user is add, removed, or modified
After upgrading from Stable to Development I noticed that my RADIUS authentication was broken. I'm using a very basic... Gerke Max Preussner
07:07 PM Regression #13627 (Resolved): PHP: Easyrule from the firewall log
Creating an easyrule using the button in the firewall log throws a php error:... Steve Wheeler
11:04 AM pfSense Packages Feature #13361: Add Zabbix 6.2 (agent and proxy) packages
I second what Xavier Roig has just reported. I tried to install both the Agent6.2 and Proxy6.2 on multiple systems t... Nic Bernstein
10:54 AM pfSense Packages Feature #13361: Add Zabbix 6.2 (agent and proxy) packages
Hello,
There seems to be a mistake in the agent installer.
The zabbix62-agent package is installed but during the... Xavier Roig
09:12 AM pfSense Packages Todo #13576 (Resolved): Remove OpenVPN Shared Key Export
Tested on... Christopher Cope
07:48 AM pfSense Packages Bug #12475 (Feedback): OpenVPN Client Export does not show certificate without private key
This should address the remaining issue: https://github.com/pfsense/FreeBSD-ports/commit/34355ebf71b78a6bfca47577fb97... Jim Pingle
07:13 AM pfSense Packages Bug #12475 (In Progress): OpenVPN Client Export does not show certificate without private key
Looks like it's still broken in some way, a few people report seeing the input validation error on the forum now who ... Jim Pingle
07:34 AM Bug #13624: Only one alias in local network of OpenVPN Server works in 2.6.0
A note about the "workaround":
If you have setup a "meta"-alias, that holds the subaliases as suggested by Jim, ad... Florian Bat
05:19 AM Bug #13620 (Duplicate): After adding Route-map FRR crashes
It's a dup of https://redmine.pfsense.org/issues/13564 Danilo Zrenjanin
03:38 AM pfSense Packages Bug #13626 (Duplicate): Zabbix Agent 6.2 installation fails
Here are the installation logs:... Danilo Zrenjanin

11/02/2022

07:27 PM pfSense Plus Feature #13511: Priority Code Point (PCP) option on interface configuration
An alternative GUI interface to enable setting the VLAN to zero is, to allow the VLAN to be set to zero in the GUI.
... Patch Public
07:07 PM Regression #13614 (Resolved): Cannot Edit Firewall Rules - 2.7.0-DEVELOPMENT (amd64) built on Mon Oct 31 06:05:27 UTC 2022
Unable to reproduce on CE 2.7.0.a.20221101.0600. I can successfully edit the default LAN allow rule and create new ru... Chris W
04:01 PM Feature #13625 (New): Add support for CoA (Change of Authorization) to Captive Portal / RADIUS features
It would be really useful if PfSense added support for CoA packets received from freeradius, as coova-chilli does (se... Federico Capoano
02:54 PM pfSense Packages Bug #12475 (Feedback): OpenVPN Client Export does not show certificate without private key
Should be fixed now, though I couldn't reproduce it here. Probably requires landing on just the wrong combination of ... Jim Pingle
02:53 PM pfSense Packages Todo #13576 (Feedback): Remove OpenVPN Shared Key Export
Removed: https://github.com/pfsense/FreeBSD-ports/commit/72f0574b9c991b1de2bf0592e3431b5f310ab759 Jim Pingle
12:19 PM Bug #13624: Only one alias in local network of OpenVPN Server works in 2.6.0
That is definitely undesirable behavior, but at least it's fairly simple to work around. I'm surprised OpenVPN even a... Jim Pingle
12:17 PM Bug #13624: Only one alias in local network of OpenVPN Server works in 2.6.0
Yes, i can confirm. Only using one alias, which contains the other aliases works and expands all of them.
Ok, this "f... Florian Bat
12:08 PM Bug #13624: Only one alias in local network of OpenVPN Server works in 2.6.0
Not saying this shouldn't be looked into, but in most cases only one alias is necessary -- create a new alias which i... Jim Pingle
11:55 AM Bug #13624 (New): Only one alias in local network of OpenVPN Server works in 2.6.0
Issue #2668 implemented the possibility to have host/network aliases in the OpenVPN local/remote/tunnel network field... Florian Bat
09:20 AM pfSense Packages Bug #13623 (Resolved): Snort binary package fails to install on 2.7.0-DEVEL snapshots due to luajit-openresty version problems
The Snort package binary piece (snort-2.9.20_1) fails to install on the latest 2.7.0-DEVEL snapshot due to an apparen... Bill Meeks
06:13 AM Bug #13620 (Confirmed): After adding Route-map FRR crashes
Danilo Zrenjanin
06:12 AM Bug #13620: After adding Route-map FRR crashes
Confirmed this behavior on the:... Danilo Zrenjanin

11/01/2022

09:22 PM pfSense Packages Bug #12475: OpenVPN Client Export does not show certificate without private key
Charles Sprickman wrote in #note-14:
> Denis Grilli wrote in #note-13:
> > Could you tell in more detail what is yo... Charles Sprickman
07:24 PM Regression #13622 (New): QinQ ethertype tags changed
In 2.7/23.01 QinQ uses if_vlan instead of netgraph and set the outer tag ethertype as 802.1ad (0x88a8). That is the e... Steve Wheeler
02:29 PM Feature #13340: Option to change QinQ ethertype to Service VLAN Tag
In 23.01/2.7 the QinQ is handled by if_vlan directly and not netgraph. It now uses s-tags by default.
Since that's a... Steve Wheeler
10:59 AM pfSense Packages Bug #13619: PHP Error in pfblockerNG-devel widget
> Seems like some rules are missing the ['tracker'] key?
If I remember correctly while working on #13156, that is ... Marcos M
10:34 AM pfSense Packages Bug #13619: PHP Error in pfblockerNG-devel widget
Its calling:... BBcan177 .
08:01 AM Bug #13621 (New): GUI allows selection of ICMP types that pf rejects
Example: selecting ICMP types any,echorep,echoreq cause pf to refuse to load the rule:
/rc.filter_configure_sync: ... Chris Linstruth
07:55 AM Bug #13620 (Duplicate): After adding Route-map FRR crashes
Tested on the latest 23.01 (built on Tue Nov 01 06:05:26 UTC 2022)
I enabled FRR with simple settings (Default Rou... Azamat Khakimyanov
07:32 AM pfSense Packages Feature #13608: ACME Not Recognizing new .au domain on wildcard
The version of acme.sh in the ACME package was updated about two weeks ago to version 3.0.5, so it's very current. I ... Jim Pingle

10/31/2022

10:19 PM pfSense Packages Bug #13619 (Resolved): PHP Error in pfblockerNG-devel widget
pfSense-pkg-pfBlockerNG-devel-3.1.0_10... Brad Davis
08:09 PM Regression #13618 (Duplicate): Creating URL Table (IPs) alias fails on applying
Creating URL Table (IPs) alias fails on applying
It just eventually times out and nothing has been created. Tried ... Brad Smith
08:08 PM Regression #13617 (New): PowerD doesn't seem to work
With PowerD enabled and on Hiaptive, CPU remains pinned at max speed. It worked as expected before the FreeBSD 14-bas... Brad Smith
08:05 PM Regression #13616 (New): SDHCI Controller timeouts are back
This occurred in the past and was fixed in a subsequent version. It was somewhere around the 2.4 days but I can't rem... Brad Smith
06:42 PM Revision fef6c79e: openvpn: don't IFF_UP the new tun interface
New openvpn versions set TUNSIFMODE, which FreeBSD's if_tuntap only
allows on interfaces which are not up.
So, don't... Kristof Provost
06:24 PM pfSense Packages Feature #13608: ACME Not Recognizing new .au domain on wildcard
This is the unhelpful response from github:
"Please upgrade to the latest code and try again first. Maybe it's alrea... Rick Strangman
07:21 AM pfSense Packages Feature #13608 (Needs Patch): ACME Not Recognizing new .au domain on wildcard
The place where that error is generated is in the upstream acme.sh code -- you'll need to report that to them, not us... Jim Pingle
02:30 PM Feature #13615 (New): Show details when hovering over macros in firewall rules
Show the which addresses/networks a macro like @LAN net@ resolves to while hovering over it in the firewall NAT/rules... Marcos M
02:22 PM Regression #13614 (Resolved): Cannot Edit Firewall Rules - 2.7.0-DEVELOPMENT (amd64) built on Mon Oct 31 06:05:27 UTC 2022
Fatal error: Uncaught TypeError: Cannot access offset of type string on string in /usr/local/www/firewall_rules_edit.... RED SKULL
01:55 PM pfSense Packages Feature #10818: UDP Broadcast Relay
Wireguard interfaces are point-to-point interfaces and do not support the broadcast flag, hence cannot be used. Marcos M
01:22 PM pfSense Plus Regression #13613 (Resolved): OpenVPN crashes due to if_tuntap changes
Tested patch - issue now fixed. Marcos M
12:34 PM pfSense Plus Regression #13613 (Ready To Test): OpenVPN crashes due to if_tuntap changes
https://gitlab.netgate.com/pfSense/factory/-/commit/47923705f62711ff1764e8eac21607f2bdd07401 Kristof Provost
12:23 PM pfSense Plus Regression #13613 (Resolved): OpenVPN crashes due to if_tuntap changes
Tested on @pfSense-23.01.a.20221031.0600@.
Client/Server (no DCO) crashes only after a reboot - starting it manual... Marcos M
12:20 PM pfSense Plus Regression #13603 (Resolved): OpenVPN with DCO crashes due to userspace code being ahead of kernel
The @dco_set_ifmode@ issue has been resolved after updating to @pfSense-23.01.a.20221031.0600@. Marcos M
11:58 AM pfSense Plus Bug #13602 (Resolved): OpenVPN fails to start again if it crashes with DCO enabled
Tested and it works well - thanks! Marcos M
11:07 AM Todo #13592: Clarify Hardware TCP Segmentation Offloading option
Very good points, in which case it would be helpful to clarify the @Hardware TCP Segmentation Offloading@ option to s... Marcos M
10:40 AM Todo #13592: Clarify Hardware TCP Segmentation Offloading option
As with any tunable that's just a default. That was ~12 years ago and before that we disabled it globally because of ... Jim Pingle
10:33 AM Todo #13592: Clarify Hardware TCP Segmentation Offloading option
Indeed it affects few users. I personally haven't seen it do anything, and it's only served to confuse troubleshootin... Marcos M
10:19 AM Todo #13592: Clarify Hardware TCP Segmentation Offloading option
But it's much more confusing for users to see the flag on the interfaces when it may not actually be active than it i... Jim Pingle
09:54 AM Todo #13592: Clarify Hardware TCP Segmentation Offloading option
It seems to me that the intention for the checkbox is to behave as a global toggle. Marcos M
07:25 AM Todo #13592: Clarify Hardware TCP Segmentation Offloading option
The two settings are not tied together so that's all normal and expected.
The value on the individual network inte... Jim Pingle
08:53 AM Bug #13529: Intel i226 network interfaces do not honor a manually selected link speed
Testing on newest i226 firmware, the link speed appears to report properly now. Clinton Cory
08:45 AM pfSense Packages Bug #13609 (In Progress): Editing ACLs in BIND Package Produces PHP error in CE 2.7.X
Christian McDonald
08:25 AM pfSense Packages Regression #12278 (Resolved): Invalid plugin_certificates() function name
Tested on 22.05
All related functions and files were renamed properly.
I marked this Regression as resolved. Azamat Khakimyanov
07:32 AM pfSense Packages Bug #13611 (Rejected): DNS Alias Mode CNAME issue
There isn't nearly enough information here to tell what happened in your specific case. This site is not for support ... Jim Pingle
07:30 AM pfSense Packages Todo #13532: Sync ACME package with upstream v3.0.5
Peet P wrote in #note-4:
> I see some DNS providers being removed, can we add dns_transip.sh which is in upstream ac... Jim Pingle
06:06 AM Bug #13610: VLAN ID of 0 Not Accepted in CE 2.7 or Plus 23.01
Steve Wheeler wrote in #note-1:
> [...]
> That will than send traffic tagged with vlan id 0 and the pcp tag set.
... Patch Public

10/30/2022

08:56 PM pfSense Packages Bug #13612: Snort building lists is broken
Actually inverting it doesn't work either, removing it seems to be better. In my case when clicking "Show" on any of ... Flole Systems
08:29 PM pfSense Packages Bug #13612 (Resolved): Snort building lists is broken
Somehow in https://github.com/pfsense/FreeBSD-ports/blob/5fc6406094c5c78b0d93cfb37ce29267735df16b/security/pfSense-pk... Flole Systems
05:23 PM pfSense Packages Bug #13587: Zabbix-agent62 install fails
Can confirm this issue on the brand-new SG 6100. Errors are a little different, however:
Install initially appears t... Tux Powered
12:09 PM Bug #13610 (Not a Bug): VLAN ID of 0 Not Accepted in CE 2.7 or Plus 23.01
Creating VLAN with VLAN ID 0 is still invalid:... Steve Wheeler
11:56 AM pfSense Packages Bug #13611 (Rejected): DNS Alias Mode CNAME issue
*Page:* https://docs.netgate.com/pfsense/en/latest/packages/acme/settings-dnsalias.html
*Feedback:*
I have setu... Michael Moffitt
11:49 AM Feature #12982: Add support for RFC7499 in RADIUS library.
Hello, so new information. I was able to install a separate stand-alone Ubuntu server which includes both FreeRadius... Frank Lee
10:57 AM Bug #13585: Multiple VPN Gateways will not completely start a boot.
Outputs of Commands pfctl -vvss, pfctl -vvsr, and netstat -rn4 as requested
 Keith Townsend
10:37 AM Bug #13585: Multiple VPN Gateways will not completely start a boot.
It would be helpful to have the output of @pfctl -vvss@, @pfctl -vvsr@, and @netstat -rn4@ while the bad state exists. Marcos M
10:29 AM Bug #13555: When WAN is lost, ipv6 interface will not renew upon WAN availability
It may be helpful to have DHCP6 debugging enabled under @System / Advanced / Networking@ and getting the full logs bo... Marcos M
09:56 AM pfSense Packages Todo #13532: Sync ACME package with upstream v3.0.5
I see some DNS providers being removed, can we add dns_transip.sh which is in upstream acme 3.0.5?
https://github.... Peet P
09:49 AM Bug #8273 (Confirmed): IPv6 GRE tunnel over PPPoE fails on startup
This is not a duplicate directly because in this scenario the parent interface is not a WAN directly but an internal ... Steve Wheeler
02:49 AM pfSense Packages Todo #13590: Fix inconsistent capitalization of ``sudo`` in package (menu entry, config page, etc.)
Thanks for the effort. Marcus GM

10/29/2022

10:11 PM Bug #13610 (Not a Bug): VLAN ID of 0 Not Accepted in CE 2.7 or Plus 23.01
FreeBSD now supports VLAN tagging of 0 for interfaces, which is important for some ISPs for uplinks. However, the we... Kris Phillips
09:02 PM pfSense Packages Bug #13609: Editing ACLs in BIND Package Produces PHP error in CE 2.7.X
Full crash report:
Crash report begins. Anonymous machine information:
amd64
14.0-CURRENT
FreeBSD 14.0-CURRE... Kris Phillips
09:01 PM pfSense Packages Bug #13609 (Resolved): Editing ACLs in BIND Package Produces PHP error in CE 2.7.X
When editing ACLs in BIND, the following PHP error is thrown:
Fatal error: Uncaught TypeError: Cannot access offse... Kris Phillips
08:58 PM Bug #13555: When WAN is lost, ipv6 interface will not renew upon WAN availability
Kris Phillips wrote in #note-5:
> This redmine can be closed as Not a Bug
No. It can't. It is reproducable on every ... quiet lion
08:55 PM Bug #13555: When WAN is lost, ipv6 interface will not renew upon WAN availability
This redmine can be closed as Not a Bug Kris Phillips
08:56 PM pfSense Packages Bug #13513: Cannot install Squid
Tested on Oct 28th build of CE. Issue still persists for this package. Kris Phillips
08:39 PM Bug #13585: Multiple VPN Gateways will not completely start a boot.
Yes, The delay during initialization would be expected. But the second gateway not coming up at all unless the "Do no... Keith Townsend
03:13 PM Bug #13585: Multiple VPN Gateways will not completely start a boot.

after rebooting, I see a latency in both GW VPN and then after while the GW status will be normal (online)
2.7.0... Alhusein Zawi
06:41 PM pfSense Packages Feature #13608: ACME Not Recognizing new .au domain on wildcard
See attached files Rick Strangman
06:15 PM pfSense Packages Feature #13608: ACME Not Recognizing new .au domain on wildcard
This doesn't seem like a bug, but instead a configuration issue. Can you please provide the full log file with priva... Kris Phillips
06:34 PM Todo #13592: Clarify Hardware TCP Segmentation Offloading option
It looks like there's a disconnect between the sysctl tunable and whether the Hardware TCP Segmentation Offloading bo... Chris W
06:09 PM Regression #13598: fcgicli can output garbage for stdout/stderr read back from php-fpm
Looks good here and no longer seeing the garbage output when running the above commands. Kris Phillips
03:49 PM pfSense Packages Todo #13306: Update NUT to version 2.8.0 to match FreeBSD Packages
Have users running into issues with 2.7... can we get NUT 2.8 pulled in please? Thanks. Denny Page
01:11 PM Bug #13067 (New): Resolve interval for ``filterdns`` may not match the configured value
Tested against:... Danilo Zrenjanin
03:53 AM Bug #13396 (Resolved): Custom logo or background image is created with two dots (``..``) before the file extension
Tested:... Danilo Zrenjanin

10/28/2022

08:58 PM pfSense Packages Feature #13608 (Not a Bug): ACME Not Recognizing new .au domain on wildcard
Australia has a new tld called companyname.au as opposed to the old companyname.com.au
If you create a single domain... Rick Strangman
08:13 PM Revision 3a30311c: Fix malformed format strings in French translation. Fixes #13607
Christian McDonald
03:40 PM Revision 6be5acb1: Fix config path typo when installing firewall schedule cron job. Fixes #13605
Christian McDonald
03:17 PM Bug #13607 (Resolved): Malformed format strings in French translation causing PHP errors.
Christian McDonald
03:17 PM Bug #13607: Malformed format strings in French translation causing PHP errors.
Fixed: https://gitlab.netgate.com/pfSense/pfSense/-/commit/3a30311c28ef8e76fac83fbd24158420f67a0742 Christian McDonald
03:06 PM Bug #13607 (Resolved): Malformed format strings in French translation causing PHP errors.
An audit of the translation PO files uncovered two problematic translation strings. These two strings contained malfo... Christian McDonald
02:37 PM Regression #13583 (Resolved): PHP error when defining an IP address and gateway manually from the Console menu using option 2) Set Interface(s) IP address
No errors on... Christopher Cope
02:27 PM Regression #13605 (Resolved): Creating firewall rules with a schedule set triggers a config restore.
Tested patch on @pfSense-23.01.a.20221026.0600@. Now working. Marcos M
10:50 AM Regression #13605: Creating firewall rules with a schedule set triggers a config restore.
Applied in changeset commit:6be5acb1b5f88f0eee3e40072131fab1aa0792f0. Christian McDonald
10:40 AM Regression #13605 (Feedback): Creating firewall rules with a schedule set triggers a config restore.
Fixed in https://gitlab.netgate.com/pfSense/pfSense/-/commit/6be5acb1b5f88f0eee3e40072131fab1aa0792f0 Christian McDonald
02:22 PM Feature #13606 (New): Allowing wildcard domain on DY.fi Dynamic DNS Client
DY.fi added support for wildcard domains *.myname.dy.fi on 15.12.2004 (https://www.dy.fi/?c=news). The wildcard ddns ... Janne Summanen
11:34 AM pfSense Packages Feature #13361: Add Zabbix 6.2 (agent and proxy) packages
Now it shows thx Pim Janssen
10:34 AM pfSense Packages Feature #13361: Add Zabbix 6.2 (agent and proxy) packages
It is presented on the Stable branch at the moment, probably some people need to go to System => Update and wait a bi... Lev Prokofev
10:19 AM pfSense Packages Feature #13361: Add Zabbix 6.2 (agent and proxy) packages
Try again :) Christian McDonald
11:01 AM pfSense Packages Bug #13587 (Confirmed): Zabbix-agent62 install fails
Christian McDonald wrote in #note-2:
> This should now be resolved
Still appears to be an issue. Installation fa... Kris Phillips
10:47 AM pfSense Packages Bug #13587 (Feedback): Zabbix-agent62 install fails
This should now be resolved Christian McDonald
10:57 AM Bug #6361 (Not a Bug): Responsive Mobile Menu issue
Unable to replicate on current stable and development branches. Christian McDonald
10:45 AM Regression #13599 (Resolved): Error when disabling sshd
I was able to reproduce it on... Christopher Cope
08:07 AM pfSense Plus Bug #13602: OpenVPN fails to start again if it crashes with DCO enabled
https://gitlab.netgate.com/pfSense/factory/-/merge_requests/81
Your analysis is spot on. We can resolve this probl... Kristof Provost
06:45 AM pfSense Plus Regression #13603 (Ready To Test): OpenVPN with DCO crashes due to userspace code being ahead of kernel
`dco_set_ifmode: failed to set ifmode=00008002: Operation not supported (errno=45)` happened because the openvpn user... Kristof Provost

10/27/2022

09:05 PM Revision f01cd834: Correctly handle port aliases in port forwarding rules. Fixes #13601
Christian McDonald
06:42 PM Revision f64da88b: Add knobs for zabbix62
Remove knobs that are already the default, like IPv6.
(cherry picked from commit 4e6dbcf4e9ebdd9e78e7fefd43297c09df3... Brad Davis
06:42 PM Revision d654bf4c: Add Zabbix 6.2 pfSense packages to the list of packages to build
Brad Davis
06:38 PM Regression #13605 (Resolved): Creating firewall rules with a schedule set triggers a config restore.
Tested @pfSense-23.01.a.20221026.0600@.
Creating a rule with a @Schedule@ set results in the following:... Marcos M
06:23 PM Revision 4e6dbcf4: Add knobs for zabbix62
Remove knobs that are already the default, like IPv6. Brad Davis
06:02 PM Regression #13604 (Resolved): OpenVPN service status is incorrect
On 22.05, stopping an OpenVPN service under @Status / OpenVPN@ results in a red "OpenVPN Service is Stopped" icon. On... Marcos M
05:52 PM Bug #13132: Multiple ``<sshdata>`` or ``<rrddata>`` sections in ``config.xml`` lead to an XML parsing error during restore
My 2.6.0-RELEASE (amd64) installation right now creates backups with extra sshdata section at the end for some reason... Nazar Mokrynskyi
05:40 PM pfSense Plus Regression #13603 (Resolved): OpenVPN with DCO crashes due to userspace code being ahead of kernel
Tested on @pfSense-23.01.a.20221026.0600@.
Client/Server crashes with DCO enabled:
> dco_set_ifmode: failed to se... Marcos M
05:16 PM pfSense Plus Bug #13602 (Resolved): OpenVPN fails to start again if it crashes with DCO enabled
If OpenVPN crashes with DCO enabled, it doesn't remove the interface which prevents it from starting again. The inter... Marcos M
04:53 PM Regression #13598 (Feedback): fcgicli can output garbage for stdout/stderr read back from php-fpm
Fixed in change "240e1907727eaba6a1d677e631a464d751198aa7":https://github.com/pfsense/FreeBSD-ports/commit/240e190772... Reid Linnemann
04:42 PM Revision 042d75c8: Fix potentially problematic config access in sshd enable/disable. Fixes #13599
Christian McDonald
04:35 PM Regression #13601 (Resolved): Error creating port forward rule with port alias
Tested patch - now working. Marcos M
04:15 PM Regression #13601: Error creating port forward rule with port alias
Applied in changeset commit:f01cd8348f8a0520dfc9265f548d2ec187b55e67. Christian McDonald
04:06 PM Regression #13601 (Feedback): Error creating port forward rule with port alias
Fixed https://gitlab.netgate.com/pfSense/pfSense/-/commit/f01cd8348f8a0520dfc9265f548d2ec187b55e67 Christian McDonald
03:19 PM Regression #13601 (Resolved): Error creating port forward rule with port alias
Tested on @pfSense-23.01.a.20221026.0600@.
# Create the alias test_Port
# Add a port forward rule using the port ... Marcos M
04:31 PM Revision b187fcce: Fix array initialization in rc.initial.setlanip. Fixes #13583
Christian McDonald
03:00 PM pfSense Packages Todo #13590 (Closed): Fix inconsistent capitalization of ``sudo`` in package (menu entry, config page, etc.)
When checking on this I found a problem with changing the menu entry. When a package manages its menu entry, it must ... Jim Pingle
12:15 PM pfSense Packages Bug #13467 (Resolved): ACME: "Unable to find domain name" error when updating Namesilo
Tested against ACME pkg v0.7.3.
It contains the patch. ... Danilo Zrenjanin
12:00 PM Regression #13599: Error when disabling sshd
Applied in changeset commit:042d75c8efab83bbc7978e58d50c45d43a3a4e0c. Christian McDonald
11:43 AM Regression #13599 (Feedback): Error when disabling sshd
Could be a problem. I went ahead and updated the config access to the new API.
https://gitlab.netgate.com/pfSense/... Christian McDonald
11:32 AM Regression #13583 (Feedback): PHP error when defining an IP address and gateway manually from the Console menu using option 2) Set Interface(s) IP address
Christian McDonald
11:31 AM Regression #13583: PHP error when defining an IP address and gateway manually from the Console menu using option 2) Set Interface(s) IP address
Fixed: https://gitlab.netgate.com/pfSense/pfSense/-/commit/b187fccefee4d99b391e965436b390ae1d03dfd9
Try again Christian McDonald
11:26 AM Regression #13583 (New): PHP error when defining an IP address and gateway manually from the Console menu using option 2) Set Interface(s) IP address
Jim Pingle
04:36 AM Regression #13583: PHP error when defining an IP address and gateway manually from the Console menu using option 2) Set Interface(s) IP address
The issue still exists on the:... Danilo Zrenjanin
05:24 AM pfSense Packages Bug #13495 (Resolved): ACME package's "DNS-Sleep" field's help text is incorrect
Tested against ACME 0.7.3.
The help text has been updated accordingly.
*DNS-Sleep*... Danilo Zrenjanin
05:06 AM Feature #13584 (Resolved): Input validation for numbered DHCP options in static mappings
Tested on:... Danilo Zrenjanin
04:41 AM pfSense Packages Bug #13588 (Resolved): Arping package PHP8.1 Error in 2.7
Tested on the:... Danilo Zrenjanin

10/26/2022

10:50 PM pfSense Packages Bug #13596: pfBlockerNG-devel Unbound does not start when using DNSBL python regex with multiple commented lines
Ok I see the issue. It's because the existing code takes the comment and uses that as the key value. So "test" is a d... BBcan177 .
06:13 PM pfSense Packages Bug #13596: pfBlockerNG-devel Unbound does not start when using DNSBL python regex with multiple commented lines
On pfSense dev snapshots (FreeBSD 14) with latest pfBlockerNG-devel.
SUCCESS... Marcos M
05:47 PM pfSense Packages Bug #13596: pfBlockerNG-devel Unbound does not start when using DNSBL python regex with multiple commented lines
Can you post the /var/unbound/pfb_unbound.ini file contents working and not working?
And what version of pfSense? BBcan177 .
09:21 PM pfSense Packages Todo #13590: Fix inconsistent capitalization of ``sudo`` in package (menu entry, config page, etc.)
At https://www.sudo.ws/ they use both, so both versions seem to be acceptable. We can use whatever fits better here, ... Flole Systems
08:49 PM Revision 5ed254c4: Remove direct $config accesses form rc.filter_synchronize. Fixes Issue #13446
Reid Linnemann
07:44 PM Bug #13600 (Duplicate): Saving a DDNS entry can lead to the GUI timing out.
On @pfSense-23.01.a.20221026.0600@:
# Add a DDNS entry with:
** Service Type: Cloudflare
** Disable: checked
** I... Marcos M
07:05 PM Regression #13598 (In Progress): fcgicli can output garbage for stdout/stderr read back from php-fpm
Many scripts, including rc.start_packages, use fcgicli to instruct php-fpm to load and execute a script rather than s... Reid Linnemann
06:31 PM Regression #13598 (Resolved): fcgicli can output garbage for stdout/stderr read back from php-fpm
After upgrading to 23.01, the console now shows the following when executing @/usr/local/sbin/fcgicli -f /etc/rc.star... Marcos M
06:56 PM Regression #13599: Error when disabling sshd
Could not replicate on @pfSense-23.01.a.20221026.0600@. Marcos M
06:38 PM Regression #13599 (Resolved): Error when disabling sshd
On system_advanced_admin.php when unchecking the 'Enable Secure Shell' and saving the page give this error:
```
F... Brad Davis
05:38 PM Revision 29e53480: Skip empty dnsmasq custom options
Jim Pingle
02:46 PM pfSense Docs Todo #13595 (Feedback): Update the cryptographic accelerators page with DCO info
This should cover it. We already have a section out there for acceleration with DCO, but I put a brief summary here a... Jim Pingle
11:17 AM pfSense Packages Feature #13361: Add Zabbix 6.2 (agent and proxy) packages
Sorry, but it does not seem to show up in the package manager. Or will it take a bit longer to show up? Pim Janssen
11:15 AM Regression #13593: pfSense-repo.abi left at FreeBSD:14:amd64 after changing update branch to DEVEL and back
https://forum.netgate.com/topic/175432/unable-to-check-for-updates-pkg-static-wrong-architecture/ Steve Y
08:27 AM pfSense Packages Feature #9833: ACME: add ability to use custom ACME server
+1 for this.
Using hacky scripts to add my domain to config files is not a suitable solution Carsten Kragelund
03:29 AM pfSense Packages Feature #8547: fwknop Port Knocking Package
I'm adding my vote here as well. The point is that we all know that we should not open any management services to the... Kristian Kirilov
03:26 AM pfSense Packages Bug #10990 (Resolved): net-snmp IPv6 listen address needs to be wrapped in square brackets
Tested on 22.05
No needs for square brackets to enable net-snmp on IPv6 address.
I marked this bug as resolved Azamat Khakimyanov

10/25/2022

07:43 PM pfSense Packages Regression #13597 (Pull Request Review): haproxy-devel PHP8 regression when saving a backend entry
This fix is for both haproxy and haproxy-devel:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/291... Marcos M
07:11 PM pfSense Packages Regression #13597 (In Progress): haproxy-devel PHP8 regression when saving a backend entry
Marcos M
06:33 PM pfSense Packages Regression #13597 (Resolved): haproxy-devel PHP8 regression when saving a backend entry
When saving a backend in haproxy-devel on 22.11, the following PHP error is thrown and the backend entry is not saved... Marcos M
05:23 PM Revision 19604202: Perform proper input validation on static DHCP mapping additional BOOTP/DHCP Options. Fixes #13584
Christian McDonald
05:06 PM Revision 04e69275: Fix saving dhcp6c-dns setting in services_dhcpv6.php. Fixes #13594
Christian McDonald
04:41 PM Revision a229259a: services_dhcpv6.php: Fix a PHP81 config access error
Christian McDonald
03:58 PM pfSense Packages Bug #13596 (Resolved): pfBlockerNG-devel Unbound does not start when using DNSBL python regex with multiple commented lines
Enabling @Regex Blocking@ in @Unbound python mode@ and adding comments in @Python Regex List@ cant prevent unbound fr... Marcos M
01:24 PM Bug #13594 (Resolved): "Provide DNS servers to DHCPv6 clients" setting does not reflect a changed value until the page is reloaded
Tested patch on @22.11.a.20221021.0600@. Now works correctly. Marcos M
12:15 PM Bug #13594: "Provide DNS servers to DHCPv6 clients" setting does not reflect a changed value until the page is reloaded
Applied in changeset commit:04e6927518ff2736a0a385c794192dda33c2bdb7. Christian McDonald
12:06 PM Bug #13594 (Feedback): "Provide DNS servers to DHCPv6 clients" setting does not reflect a changed value until the page is reloaded
Fixed in https://gitlab.netgate.com/pfSense/pfSense/-/commit/04e6927518ff2736a0a385c794192dda33c2bdb7
The problem he... Christian McDonald
10:18 AM Bug #13594 (Resolved): "Provide DNS servers to DHCPv6 clients" setting does not reflect a changed value until the page is reloaded
After checking the option @Provide DNS servers to DHCPv6 clients@ under @Services / DHCPv6 Server & RA@ then clicking... Marcos M
12:30 PM Feature #13584 (Feedback): Input validation for numbered DHCP options in static mappings
Applied in changeset commit:196042028df24092a0ed87282000e81598591562. Christian McDonald
12:23 PM Feature #13584: Input validation for numbered DHCP options in static mappings
Fixed in https://gitlab.netgate.com/pfSense/pfSense/-/commit/196042028df24092a0ed87282000e81598591562 Christian McDonald
10:47 AM pfSense Docs Todo #13595 (Resolved): Update the cryptographic accelerators page with DCO info
The OpenVPN section on this page should include information for using DCO with hardware accelerators.
https://docs... Steve Wheeler
09:35 AM Bug #13585: Multiple VPN Gateways will not completely start a boot.
Discovered a workaround for this issue. Enabling the "Do not add Static Routes" in the Gateway monitoring options in ... Keith Townsend
09:18 AM Regression #13593 (Resolved): pfSense-repo.abi left at FreeBSD:14:amd64 after changing update branch to DEVEL and back
After changing the update branch to DEVEL and back, /usr/local/share/pfSense/pkg/repos/pfSense-repo.abi is left conta... Steve Y
06:15 AM pfSense Packages Bug #10426 (Resolved): Filer must validate that File name is uniq
Tested on 22.05
It's not allowed to create files with the same name.
I've also tested on 22.01 with Filer 0.60.6_... Azamat Khakimyanov
05:27 AM pfSense Packages Feature #9762 (Resolved): Squid Reverse Proxy Change redir domain(s) to use regex
Tested on 22.05
There is an 'Redirect is Regular Expression' option which allows to choose "dstdomain" or "dstdom_... Azamat Khakimyanov

10/24/2022

09:58 PM pfSense Packages Todo #13590: Fix inconsistent capitalization of ``sudo`` in package (menu entry, config page, etc.)
Thanks bud ! Marcus GM
09:11 PM pfSense Packages Todo #13590: Fix inconsistent capitalization of ``sudo`` in package (menu entry, config page, etc.)
That's where menu entries end up post-install. That isn't where the menu entry comes from in the package definition (... Jim Pingle
08:41 PM pfSense Packages Todo #13590: Fix inconsistent capitalization of ``sudo`` in package (menu entry, config page, etc.)
Just wondering if '/cf/conf/config.xml' is the correct place to rename menu entries ? Marcus GM
08:38 PM pfSense Packages Todo #13590: Fix inconsistent capitalization of ``sudo`` in package (menu entry, config page, etc.)
Noted. Thanks. Marcus GM
07:27 PM pfSense Packages Todo #13590: Fix inconsistent capitalization of ``sudo`` in package (menu entry, config page, etc.)
I'm aware of that distinction. What I'm saying is that it should be "sudo" everywhere to match the name of the softwa... Jim Pingle
07:15 PM pfSense Packages Todo #13590: Fix inconsistent capitalization of ``sudo`` in package (menu entry, config page, etc.)
Hi Jim,
Thanks for the update.
Pls note that I am not referring to the 'sudo' command but to to the 'sudo' entry ... Marcus GM
07:50 AM pfSense Packages Todo #13590: Fix inconsistent capitalization of ``sudo`` in package (menu entry, config page, etc.)
The program is actually named "sudo" (lowercase), but there are a couple references to it that show it capitalized, s... Jim Pingle
06:51 PM Revision 5479fd1c: Remove extraneous and malformed meta refresh tag during proto/port change for web UI. Fixes #13591
Christian McDonald
04:27 PM Regression #13522: Minnowboard Turbot additions are no longer present
This should be fixed as of 5667935a3058064442fc16363f825dfc4bce0c90.
I don't have the hardware to test this myself... Kristof Provost
02:28 PM Bug #13591 (Resolved): Changing the GUI port does not redirect the browser to the new port on save
Tested patch on @22.11.a.20221021.0600@. Now works correctly. Marcos M
02:00 PM Bug #13591: Changing the GUI port does not redirect the browser to the new port on save
Applied in changeset commit:5479fd1ca4c9cbdb764b34361f1d48cace1a204f. Christian McDonald
01:52 PM Bug #13591 (Feedback): Changing the GUI port does not redirect the browser to the new port on save
Christian McDonald
01:52 PM Bug #13591: Changing the GUI port does not redirect the browser to the new port on save
I suspect that this has been broken for a while now. The issue is caused by a malformed meta tag being inserted at th... Christian McDonald
01:00 PM Bug #13591 (Resolved): Changing the GUI port does not redirect the browser to the new port on save
Under System / Advanced / Admin Access, changing the TCP port and clicking Save shows a message that the page is bein... Marcos M
01:21 PM Todo #13592 (New): Clarify Hardware TCP Segmentation Offloading option
Under @System / Advanced / Networking@, the option @Disable hardware TCP segmentation offload@ is checked by default.... Marcos M
11:57 AM pfSense Packages Bug #13566: Non-devel pfBlocker Package Broken in 2.7 CE with PHP 8.1
BBCan177 is currently finalizing changes for pfBlockerNG-devel for 2.7/ 23.01. When those are submitted, devel and no... Reid Linnemann
11:23 AM Bug #13539: Missing descriptions for referrers to firewall aliases cause empty strings for references to be returned when deleting an in-use alias
Alhusein Zawi wrote in #note-3:
> the error when deleting used alias "Cannot delete alias. Currently in use by filte... Reid Linnemann
09:55 AM pfSense Packages Bug #13588: Arping package PHP8.1 Error in 2.7
Fixed https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/290/diffs?commit_id=9693f93967a14baabbcc6a5b2... Christian McDonald
09:54 AM pfSense Packages Bug #13588 (Feedback): Arping package PHP8.1 Error in 2.7
Christian McDonald
07:41 AM pfSense Packages Bug #13582 (Not a Bug): Zabbix service gives error about required "Hostname" field, even when the field is populated
Hostnames/FQDNs have rules governing their format. Hostnames cannot have spaces. While Zabbix may allow spaces in the... Jim Pingle
07:35 AM pfSense Plus Bug #13577 (Not a Bug): Network Time Protocol (NTP) Mode 6 Scanner
Jim Pingle

10/23/2022

04:33 PM pfSense Packages Todo #13590: Fix inconsistent capitalization of ``sudo`` in package (menu entry, config page, etc.)
https://imgur.com/a/HBI6tS1 Marcus GM
03:00 PM pfSense Packages Todo #13590: Fix inconsistent capitalization of ``sudo`` in package (menu entry, config page, etc.)
grep -ri 'sudo' file_name Marcus GM
02:59 PM pfSense Packages Todo #13590 (Closed): Fix inconsistent capitalization of ``sudo`` in package (menu entry, config page, etc.)
Guys,
I have installed the 'sudo' package.
It appears in small case ( 'sudo' ) under the Main Menu -> System.
... Marcus GM
09:43 AM Regression #13581: Empty Dynamic DNS entry causes PHP errors in various contexts
I have been receiving this error too. No RFC2136 client enabled and no RFC2136 entries in the backup config file.
I... Ronald Schellberg
02:31 AM pfSense Packages Bug #13587: Zabbix-agent62 install fails
I can confirm this behavior on 2.7 CE
Full output of install
>>> Installing pfSense-pkg-zabbix-agent62...
Updat... aleksei prokofiev
02:28 AM pfSense Packages Bug #13588: Arping package PHP8.1 Error in 2.7
Yes, I can confirm such bug on 2.7 CE aleksei prokofiev
02:22 AM pfSense Packages Bug #13589: PHP Errors during cellular package installation on CE 2.7
Yes, I can confirm such bug on 2.7 CE aleksei prokofiev

10/22/2022

08:59 PM Regression #13581: Empty Dynamic DNS entry causes PHP errors in various contexts
I have unbound enabled because I am using pfblockerng - I am not using a dyndns client. TyphooN .
07:58 PM pfSense Packages Todo #13532: Sync ACME package with upstream v3.0.5
was successfully able to update ACME to 0.7.3 on 22.05 Jordan G
07:51 PM pfSense Packages Bug #13571: Tailscale disconnection problem
Kris Phillips wrote in #note-1:
> There is not enough information here for a proper bug report. Please provide more... Anonymous
12:45 PM pfSense Packages Bug #13571 (Incomplete): Tailscale disconnection problem
There is not enough information here for a proper bug report. Please provide more details, including the pfSense or ... Kris Phillips
07:33 PM Bug #13539: Missing descriptions for referrers to firewall aliases cause empty strings for references to be returned when deleting an in-use alias

the error when deleting used alias "Cannot delete alias. Currently in use by filter rule id 3. " in built of Fri Oc... Alhusein Zawi
07:06 PM Regression #13583: PHP error when defining an IP address and gateway manually from the Console menu using option 2) Set Interface(s) IP address
just confirming this is present on Plus as well when testing snapshot 22.11-DEVELOPMENT-amd64-20221021-0600 Jordan G
06:52 PM pfSense Packages Bug #13582: Zabbix service gives error about required "Hostname" field, even when the field is populated
Kris Phillips wrote in #note-2:
> Are you editing the config file manually or something and just using the webConfig... Caleb Hornbeck
02:30 PM pfSense Packages Bug #13582 (Incomplete): Zabbix service gives error about required "Hostname" field, even when the field is populated
Marking as Incomplete until additional information can be provided. Kris Phillips
02:30 PM pfSense Packages Bug #13582: Zabbix service gives error about required "Hostname" field, even when the field is populated
Are you editing the config file manually or something and just using the webConfigurator interface to start and manag... Kris Phillips
05:14 PM Feature #13584: Input validation for numbered DHCP options in static mappings
This is on 2.6.0-RELEASE (amd64). Jonathan DeFreeuw
12:42 PM Feature #13584: Input validation for numbered DHCP options in static mappings
Hello Jonathan,
What version of pfSense or pfSense Plus did you test this on? The bug report includes no Affected... Kris Phillips
02:48 PM pfSense Packages Bug #13589: PHP Errors during cellular package installation on CE 2.7
Full crash report:
Crash report begins. Anonymous machine information:
amd64
14.0-CURRENT
FreeBSD 14.0-CURRE... Kris Phillips
02:47 PM pfSense Packages Bug #13589 (Resolved): PHP Errors during cellular package installation on CE 2.7
Full install log:
>>> Installing pfSense-pkg-cellular...
Updating pfSense-core repository catalogue...
pfSense-... Kris Phillips
02:45 PM pfSense Packages Bug #13588: Arping package PHP8.1 Error in 2.7
Full crash report:
Crash report begins. Anonymous machine information:
amd64
14.0-CURRENT
FreeBSD 14.0-CURRE... Kris Phillips
02:44 PM pfSense Packages Bug #13588 (Resolved): Arping package PHP8.1 Error in 2.7
Attempting to use arping in 2.7 produces the following error:
Parse error: Unmatched ']' in /usr/local/www/pkg_edi... Kris Phillips
02:39 PM pfSense Packages Feature #13560: Update FreeRADIUS to version 3.0.26
Current release of freeRADIUS is 3.0.25 in the 2.7/23.01 builds.
Checking FreshPorts this is the latest availabl... Kris Phillips
02:35 PM pfSense Packages Regression #13570 (Resolved): openvpn-client-export php error in 2.7
OpenVPN Client Export throws no PHP errors now in my testing either. Closing as Resolved. Kris Phillips
02:26 PM pfSense Packages Bug #13587 (Resolved): Zabbix-agent62 install fails
When installing the Zabbix-agent62 package, it will attempt install Zabbix-agent6 and then fail. Installing zabbix-a... Kris Phillips
01:31 PM pfSense Plus Bug #13577: Network Time Protocol (NTP) Mode 6 Scanner
Checking /var/etc/ntpd.conf on 22.05, the proper "notrap" and "nomodify" config line items are present
restrict defa... Kris Phillips
12:06 PM Bug #13555: When WAN is lost, ipv6 interface will not renew upon WAN availability
Kris Phillips wrote in #note-3:
> Correction: I was able to reproduce this with one of my two ISPs after I changed so... quiet lion
11:16 AM pfSense Docs Todo #13586: Add note for adjusting MSS on IPsec VTIs
https://gitlab.netgate.com/docs/pfSense-docs/-/merge_requests/54 Chris W
11:13 AM pfSense Docs Todo #13586 (Closed): Add note for adjusting MSS on IPsec VTIs
System > Advanced > Firewall & NAT: Enable Maximum MSS only applies to Phase 2 connections in tunnel mode. Added a no... Chris W
06:57 AM Bug #13585 (Closed): Multiple VPN Gateways will not completely start a boot.
This issue was discussed at forum thread [[https://forum.netgate.com/topic/175376/strange-gateway-issues-with-2-7-0-d... Keith Townsend

10/21/2022

08:20 PM Feature #13584 (Resolved): Input validation for numbered DHCP options in static mappings
Bug: Incorrectly formatted values in Additional BOOTP/DHCP Options for Static DHCP Mappings cause dhcpd to crash. For... Jonathan DeFreeuw
07:06 PM Revision 81777072: Fixes for problematic config access in rc.initial.setlanip. Fixes #13583
Christian McDonald
04:17 PM pfSense Packages Bug #13582: Zabbix service gives error about required "Hostname" field, even when the field is populated
Upon further testing, this seems to be an issue related to bug #13128 as it relates to input validation. If I set the... Caleb Hornbeck
02:57 AM pfSense Packages Bug #13582 (Not a Bug): Zabbix service gives error about required "Hostname" field, even when the field is populated
When configuring the Zabbix agent service, I can't seem to get around the error that says "The following input errors... Caleb Hornbeck
02:15 PM Regression #13583: PHP error when defining an IP address and gateway manually from the Console menu using option 2) Set Interface(s) IP address
Applied in changeset commit:817770726a20d50523a6bd5247c6b17ac6e5c897. Christian McDonald
02:09 PM Regression #13583: PHP error when defining an IP address and gateway manually from the Console menu using option 2) Set Interface(s) IP address
https://gitlab.netgate.com/pfSense/pfSense/-/commit/817770726a20d50523a6bd5247c6b17ac6e5c897 Christian McDonald
02:09 PM Regression #13583 (Feedback): PHP error when defining an IP address and gateway manually from the Console menu using option 2) Set Interface(s) IP address
Christian McDonald
12:25 PM Regression #13583 (Resolved): PHP error when defining an IP address and gateway manually from the Console menu using option 2) Set Interface(s) IP address
... Danilo Zrenjanin
02:14 PM Regression #13581: Empty Dynamic DNS entry causes PHP errors in various contexts
The line number seems to indicate that you might have RFC2136 dyndns client enabled? Can you share anything related t... Christian McDonald
12:31 PM pfSense Packages Feature #13361 (Resolved): Add Zabbix 6.2 (agent and proxy) packages
Zabbix 6.2 Proxy and Agent are now both available in CE and Plus repos Christian McDonald
12:16 PM Regression #13563: PHP Error when attempting to save configuration after disabling a gateway
This one is fixed. Danilo Zrenjanin
11:26 AM Regression #13563 (Resolved): PHP Error when attempting to save configuration after disabling a gateway
Christian McDonald
11:25 AM Regression #13563: PHP Error when attempting to save configuration after disabling a gateway
I have a fix in progress for that, please make a new redmine for it. Christian McDonald
07:06 AM Regression #13563: PHP Error when attempting to save configuration after disabling a gateway
Tested against:... Danilo Zrenjanin

10/20/2022

11:20 AM Regression #13581: Empty Dynamic DNS entry causes PHP errors in various contexts
I have 2 users that are in the admins group, if that is relevant. TyphooN .
11:19 AM Regression #13581: Empty Dynamic DNS entry causes PHP errors in various contexts
I get this error upon logging into the web interface. Unsure if it is related but the traffic graphs are no longer wo... TyphooN .
11:07 AM Regression #13581 (Resolved): Empty Dynamic DNS entry causes PHP errors in various contexts
PHP Errors:
[20-Oct-2022 11:23:20 America/New_York] PHP Fatal error: Uncaught TypeError: Cannot access offset of typ... TyphooN .
10:50 AM pfSense Packages Bug #13515 (Resolved): Snort with PHP 8.1 - TypeError when saving edits to an interface
Jim Pingle
10:35 AM pfSense Packages Bug #13515: Snort with PHP 8.1 - TypeError when saving edits to an interface
This issue has been resolved with the merging of Pull Request 1191 as detailed here: https://github.com/pfsense/FreeB... Bill Meeks
10:50 AM pfSense Packages Bug #13531 (Resolved): Suricata GUI broken with PHP 8.1
Jim Pingle
10:37 AM pfSense Packages Bug #13531: Suricata GUI broken with PHP 8.1
This issue and several other PHP 8.1 related issues in the Suricata package have been resolved by the merging of Pull... Bill Meeks
05:59 AM Feature #13580 (New): Batch creation of User Certificates
Hello,
I would like to request a method to generate a lot of certificate users at once (as i am in the process of ch... Xavier Sirard
02:20 AM pfSense Packages Bug #12916: pfBlockerNG-devel cron job does not trigger xmlrpc sync
Viktor Gurov wrote in #note-3:
> fix:
> https://github.com/pfsense/FreeBSD-ports/pull/1158
I've manually added t... Caleb Hornbeck

10/19/2022

07:50 PM Revision 9178a649: More PHP81 fixes for gwlb.inc. Fixes #13563
Christian McDonald
06:50 PM pfSense Packages Bug #13154 (Resolved): pfBlocker causing excessive CPU load
Fixes are merged and working:
3.1.0_6 for pfSense CE
3.1.0_7 for pfSense Plus Marcos M
06:50 PM pfSense Packages Regression #13156 (Resolved): pfBlockerNG IP block stats do not work
Fixes are merged and working:
3.1.0_6 for pfSense CE
3.1.0_7 for pfSense Plus Marcos M
04:47 PM Revision a1ca121f: Change text in info block on Status > IPsec. Fixes #13398
Christopher Cope
03:47 PM pfSense Packages Feature #11163 (Feedback): Preferred Chain option
Addressed in ACME pkg v0.7.3 Jim Pingle
03:46 PM pfSense Packages Feature #12789 (Feedback): Show expiration date of certificates in the ACME package list
Addressed in ACME pkg v0.7.3 Jim Pingle
03:46 PM pfSense Packages Bug #13053 (Feedback): LoopiaAPI error handling
Addressed in ACME pkg v0.7.3 Jim Pingle
03:46 PM pfSense Packages Bug #13467 (Feedback): ACME: "Unable to find domain name" error when updating Namesilo
Addressed in ACME pkg v0.7.3 Jim Pingle
03:46 PM pfSense Packages Bug #13495 (Feedback): ACME package's "DNS-Sleep" field's help text is incorrect
Addressed in ACME pkg v0.7.3 Jim Pingle
03:45 PM pfSense Packages Todo #13532 (Feedback): Sync ACME package with upstream v3.0.5
https://github.com/pfsense/FreeBSD-ports/commit/80c6bb731c469fabcc41a90a2a648fecde2c6f12
ACME pkg v0.7.3
Synchroniz... Jim Pingle
07:14 AM pfSense Packages Todo #13532 (In Progress): Sync ACME package with upstream v3.0.5
Jim Pingle
03:29 PM pfSense Plus Bug #13577: Network Time Protocol (NTP) Mode 6 Scanner
The remote NTP server responds to mode 6 queries. Devices that respond to these queries have the potential to be used... Adam Esslinger
03:13 PM pfSense Plus Bug #13577 (Not a Bug): Network Time Protocol (NTP) Mode 6 Scanner
Im running a Nessuss scan against my pfsense+ firewall version pfsense+ 22.05-RELEASE (amd64) and it reports that pfs... Adam Esslinger
03:24 PM Revision e759996d: OVPN linkdown script improvements
Jim Pingle
03:23 PM Bug #13579 (Resolved): Incorrect quoting of Split DNS attribute value in ``strongswan.conf``

Configuring more than one domain name (space separated) in IPsec mobile client Split DNS UI incorrectly wraps the s... Rogelio Baucells
03:20 PM Bug #13578 (Rejected): FreeBSD Vulnerabilities
We run our own scans and deal with such things internally, we do not need outside input in this area.
 Jim Pingle
03:19 PM Bug #13578 (Rejected): FreeBSD Vulnerabilities
Im running a Nessuss scan against my pfsense+ firewall version pfsense+ 22.05-RELEASE (amd64) and it reports that Fre... Adam Esslinger
02:55 PM Regression #13563 (Feedback): PHP Error when attempting to save configuration after disabling a gateway
Applied in changeset commit:9178a64972685f1e66dd4429e37becdcad47ac99. Christian McDonald
02:51 PM Regression #13563: PHP Error when attempting to save configuration after disabling a gateway
Fixed some more potential problematic config access https://gitlab.netgate.com/pfSense/pfSense/-/commit/9178a64972685... Christian McDonald
11:48 AM Todo #13398 (Feedback): Information box on ``status_ipsec.php`` says "IPsec not enabled" even when a tunnel is established
Merged. Christopher Cope
10:30 AM pfSense Packages Regression #13570: openvpn-client-export php error in 2.7
Yes, the shared key parts are deprecated and should be removed. I made a separate issue for that: https://redmine.pfs... Jim Pingle
09:03 AM pfSense Packages Regression #13570: openvpn-client-export php error in 2.7
Hi,
I just updated to the newest Version an it looks good. Client-Export seems to work now.
Shared Key Expo... John Doe
10:30 AM pfSense Packages Todo #13576 (Resolved): Remove OpenVPN Shared Key Export
The OpenVPN Client Export package has a function to export shared key tunnels. As shared key is now deprecated upstre... Jim Pingle
07:28 AM pfSense Packages Feature #11931: Add support for validating a domain's ownership via Google Cloud Cloud DNS
This would also require adding a dependency for @net/google-cloud-sdk@ to get the @gcloud@ command on the firewall. T... Jim Pingle
07:24 AM pfSense Packages Todo #9200 (Needs Patch): Add DNS support for Google domain to Acme manager
There is #11931 for Google Cloud, there is nothing we can do got Google Domains. Google needs to come up with an API ... Jim Pingle
07:10 AM pfSense Packages Bug #13567 (Resolved): Confirmation Prompt Missing Text on Deletion
Jim Pingle
03:59 AM pfSense Packages Bug #13567: Confirmation Prompt Missing Text on Deletion
After applying the patch, I was prompted with the following text:... Danilo Zrenjanin
07:03 AM pfSense Plus Bug #13572 (Not a Bug): SG-3100 switch wrong behavior
Jim Pingle
05:31 AM pfSense Docs Todo #13557 (Resolved): Minnowboard Turbo: Add ZFS install warning
It looks good.
I am marking this ticket resolved. Danilo Zrenjanin
04:48 AM pfSense Packages Bug #11961 (Resolved): FRR OSPF add unwanted area 0 authentication to router ospf
Adding Simple Authentication on the interface doesn't add any kind of authentication on the router OSPF part.... Danilo Zrenjanin

10/18/2022

08:47 PM pfSense Plus Bug #13569: Restarting an OpenVPN server running on a CARP VIP in an HA cluster can disrupt unrelated TCP states
Additional notes while working with cjl:
Commenting out the line @/sbin/pfctl -i $1 -Fs@ in @/usr/local/sbin/ovpn-lin... Marcos M
04:38 PM pfSense Plus Bug #13572: SG-3100 switch wrong behavior
The problem has been solved with the help of stephenw10 and johnpoz
Details can be found here:
https://forum.netg... Marcelo Cury
09:05 AM pfSense Plus Bug #13572: SG-3100 switch wrong behavior
Disregard that VLAN199 in the topology, that doesn't exist anymore.
Follows a pcap made in host 192.168.255.251:
 Marcelo Cury
08:53 AM pfSense Plus Bug #13572 (Not a Bug): SG-3100 switch wrong behavior
Problem description: Connections going to host 192.168.255.253 are being sent to 192.168.255.251
*VLAN100 LAN: 192... Marcelo Cury
03:14 PM Revision 9633ec32: Omit irrelevant info from auth error. Fixes #13574
Jim Pingle
10:37 AM pfSense Packages Bug #11836 (Confirmed): FRR ACCEPTFILTER shows out of order prefix-list
Marcos M
03:50 AM pfSense Packages Bug #11836: FRR ACCEPTFILTER shows out of order prefix-list
When I generate the FRR config via the GUI, it actually formats and displays the ACCEPTFILTER correctly, so the above... Gavin Owen
10:31 AM pfSense Packages Feature #13575 (Resolved): Update to frr 9.0.1
The current frr package version is 7.5.1_3 - frr 7.5.1 was released on 2021-03-07 https://github.com/FRRouting/frr/re... Marcos M
10:20 AM Bug #13574 (Feedback): Extra remote address information can confuse ``sshguard``
Applied in changeset commit:9633ec324eada0b870962d3682d264be577edc66. Jim Pingle
10:09 AM Bug #13574 (Resolved): Extra remote address information can confuse ``sshguard``
The authentication system attempts to be informative and print extra information along with IP addresses to completel... Jim Pingle
09:25 AM Bug #13573: DHCP Server generates an invalid configuration for static mappings when defining network booting and UEFI HTTPBoot URL
May be the same or related to https://redmine.pfsense.org/issues/13554, but this was referencing vlan configuration i... Jason Montleon
09:15 AM Bug #13573 (Resolved): DHCP Server generates an invalid configuration for static mappings when defining network booting and UEFI HTTPBoot URL
If I go down to Network Booting, check enable, and add a UEFI HTTPBoot URL pfSense adds an option for every static ma... Jason Montleon
08:40 AM pfSense Packages Regression #13570: openvpn-client-export php error in 2.7
Hi, thanks for the feedback. This should be resolved in the next build. I also saw another potentially problematic co... Christian McDonald
05:41 AM pfSense Packages Regression #13570: openvpn-client-export php error in 2.7
Greetings,
fyi:
I just updated to the newest Version 2.7.0.a.20221018.0600 and got a different php Error:
P... John Doe
03:10 AM pfSense Packages Bug #13571 (Incomplete): Tailscale disconnection problem
pppoe dial-up network, Tailscale will fail to connect after redialing after disconnection, and needs to change the po... Anonymous
02:09 AM Regression #13488: All Captive Portal users are given the same limiter pipe pair
any clue when a patch for 22.05 will be available ? jeroen van breedam
 

Also available in: Atom