Activity

30 days up to

User

Subprojects

Activity

From 11/01/2022 to 11/30/2022

11/30/2022

08:37 PM Revision 04d726ac: Disable MTU input for a bridged interface: Bridge member interfaces cannot have their MTU configured independently from a
bridge, this change disables the MTU i... Reid Linnemann
08:37 PM Revision 51b682d9: Add ovpn qinqs to bridges instead of rebuilding them. Fixes #13666: qinq interfaces defined with parent openvpn interfaces are configured late in
rc.bootup, after qinqs for other physic... Reid Linnemann
06:57 PM pfSense Packages Regression #13714 (Resolved): PHP8.1 error when adding a new interface.: On the latest Suricata on 23.01 when adding a new interface:
> Fatal error: Uncaught TypeError: array_get_path(): Ar... Marcos M
06:55 PM pfSense Packages Bug #12956 (Resolved): suricata fails to use pcre in SID management (e.g. dropsid.conf): Marcos M
06:29 PM pfSense Plus Regression #13613: OpenVPN crashes due to if_tuntap changes: Tested patch and it worked well here. Marcos M
05:22 AM pfSense Plus Regression #13613: OpenVPN crashes due to if_tuntap changes: I can reproduce that here. It looks like the problem is that we send a SIGTERM to openvpn, but don't wait until it ac... Kristof Provost
12:13 AM pfSense Plus Regression #13613 (Feedback): OpenVPN crashes due to if_tuntap changes: I just ran into a different way of triggering what seems to be a similar issue. Editing a client with DCO enabled, un... Marcos M
06:02 PM Bug #12870 (Resolved): Clicking Save & Force Update on a Dynamic DNS entry results in a GUI timeout: The fix worked for me, thanks! Marcos M
06:01 PM Bug #13600 (Duplicate): Saving a DDNS entry can lead to the GUI timing out.: Marcos M
06:00 PM Bug #13600 (Resolved): Saving a DDNS entry can lead to the GUI timing out.: Worked well here, thanks! Marcos M
05:50 PM pfSense Packages Bug #13684 (Duplicate): HAProxy PHP error haproxy.inc:1229: Marcos M
05:13 PM pfSense Packages Bug #13684: HAProxy PHP error haproxy.inc:1229: Duplicate of #13562 (with fix in there) Robert Johnston
05:47 PM pfSense Packages Bug #13562 (Duplicate): HAProxy PHP error on upgrade to PHP8.1 update: I'm marking this one as duplicate given that the fix for both packages has already been submitted and pending review.... Marcos M
01:43 PM pfSense Packages Bug #13562: HAProxy PHP error on upgrade to PHP8.1 update: Okay, I have fixed all the errors I was getting. The procedure I used.
# Edit @/usr/local/pkg/haproxy/haproxy_util... Robert Johnston
03:01 PM Bug #13093 (Feedback): LDAP authentication fails with extended query and RFC2307 group lookups enabled: OK this may be another case where it's the LDAP schema at play.
If your groups are not in the same container as the ... Jim Pingle
02:45 PM Regression #13666 (Feedback): Assigned bridge interfaces are not configured at boot: Applied in changeset commit:51b682d9d7eb3bbba5bb6af96b09ab709115be58. Reid Linnemann
01:54 PM Bug #13713 (New): intermittent display of CPU Current / Max speed in System Information dashboard panel: A cosmetic / UX issue.
Issue:
When CPU powerd / scaling is enabled, the "Current: X MHz, Max: Y MHz" text is di... Royce Williams
01:11 PM pfSense Packages Bug #13709: Suricata 6.0.6_1 - PHP 8.1 Error on Alerts Page: The pull request has been merged. This issue can be marked as resolved. Bill Meeks
11:05 AM pfSense Plus Regression #13712 (Resolved): PHP error: pkg-utils.inc: When switching repos in 23.01:... Steve Wheeler
09:11 AM Regression #13705 (Resolved): PHP8.1 Captive Portal TypeError: I was getting this error every few hours. After applying this patch I've went almost 24 hours without an error. Marki... Christopher Cope
06:53 AM pfSense Plus Bug #13602: OpenVPN fails to start again if it crashes with DCO enabled: Jim is beter qualified to review these changes than I am. Kristof Provost
04:46 AM pfSense Packages Bug #13444: zabbix_proxy : cannot open "/var/log/zabbix-proxy/zabbix_proxy.log": [13] Permission denied: I see the same behavior, independently from Zabbix versions. The problem indeed, is in @newsyslog@ config for the ser... Juraj Lutter
02:29 AM Bug #13676 (Resolved): PHP errors on services_dhcpv6_relay.php: Tested against:... Danilo Zrenjanin

11/29/2022

11:57 PM pfSense Plus Bug #13602 (Pull Request Review): OpenVPN fails to start again if it crashes with DCO enabled: Marcos M
04:09 PM pfSense Plus Bug #13602 (New): OpenVPN fails to start again if it crashes with DCO enabled: I think it'd be preferred to implement part of this in both CE and Plus to avoid unnecessary code differences.
https... Marcos M
07:38 PM pfSense Packages Bug #13709: Suricata 6.0.6_1 - PHP 8.1 Error on Alerts Page: I've submitted a pull request to the 2.7.0 CE snapshot development branch to address this issue. The request is here:... Bill Meeks
04:44 PM pfSense Packages Bug #13709: Suricata 6.0.6_1 - PHP 8.1 Error on Alerts Page: Confirmed.
This is caused by a missing closing parenthesis in the if() conditional statement on line 545 directly ... Bill Meeks
08:36 AM pfSense Packages Bug #13709 (Resolved): Suricata 6.0.6_1 - PHP 8.1 Error on Alerts Page: Seeing this error upon clicking on the Suricata alerts tab:
"Parse error: syntax error, unexpected token ";" in /u... Steve Wilson
05:54 PM Revision f67c3ec2: rc.ipsec: Strip bonus quotes. Fixes #13076: The string was coming from check_reload_status wrapped in quotes that
were not necessary, and were causing the string... Jim Pingle
04:55 PM Revision 8de9ebba: $usedmacs should never be a string, default should be an array. For #13705: Christian McDonald
03:51 PM Revision 829322b3: Rector some direct config gets with complex paths.: Christian McDonald
03:04 PM Bug #13093: LDAP authentication fails with extended query and RFC2307 group lookups enabled: I'll poke at this and see what I can turn up. Apparently both of my lab LDAP servers are broken in different ways at ... Jim Pingle
12:05 PM Bug #13076 (Feedback): Marking a gateway as down does not affect IPsec entries using gateway groups: Applied in changeset commit:f67c3ec2946594a3679f6016716712ce74dac9c5. Jim Pingle
12:00 PM Bug #13076 (In Progress): Marking a gateway as down does not affect IPsec entries using gateway groups: I see why this is happening, the gateway value being passed to rc.ipsec is coming through as a quoted string where th... Jim Pingle
11:13 AM pfSense Packages Bug #13619 (Resolved): PHP Error in pfblockerNG-devel widget: The package version was bumped (now today on 3.1.0_11) to include the fix for this issue on pfSense+. I'm no longer s... Marcos M
10:58 AM Regression #13705 (Feedback): PHP8.1 Captive Portal TypeError: https://gitlab.netgate.com/pfSense/pfSense/-/commit/8de9ebba70b1e7860b071f06791479bbaf2d6e5c
Christian McDonald
10:23 AM Feature #13710 (New): Support UTF-8 CA/Certificate subject components: Some support was added for UTF-8 CA/Certificate fields in #12041 but it isn't complete.
The backend seems to handl... Jim Pingle
10:08 AM pfSense Plus Bug #13530: Remote Logging strange behavior: Jim, I am still trying to interconnect connect pfsense with my gray log server and there are surely multiple issues b... Louis B
08:09 AM Bug #13707: Unbound not binding to LAN on startup when explicitly set: Hi Jim,
Thanks for the reply.
If I take a backup of my current config, is it possible to do an in-place upgrade... Simon Byrnand
07:42 AM Bug #13707 (Feedback): Unbound not binding to LAN on startup when explicitly set: The fix for #13254 may have addressed this already. That fix won't apply to older versions, however, you will need to... Jim Pingle
04:47 AM Bug #13707 (New): Unbound not binding to LAN on startup when explicitly set: Hi,
This is related to the following forum thread:
https://forum.netgate.com/topic/176155/unbound-not-respondin... Simon Byrnand
07:54 AM Bug #13253: ``dhcp6c`` is not restarted when applying settings when multiple WANs are configured for DHCP6: The change is working as expected for this case in the latest snapshot. Saving and applying on a DHCP6 WAN causes the... Jim Pingle
05:36 AM pfSense Packages Feature #13708 (New): Apprise - Huge variety of notification methods in a single package: Apprise -
One notification library to rule them all.
A common and intuitive notification syntax.
Supports the ha... Jack Grimsdell
05:34 AM pfSense Packages Bug #13587: Zabbix-agent62 install fails: Hi, there seems to be an error in the installation, installs "zabbix62-agent" and then search for "zabbix-agent62".
... Xavier Roig

11/28/2022

09:04 PM Revision 8e88bd48: Pass reloadall flag to dhcp6c config. Fixes #13253: This ensures that if the interface is being configured in a way that requires a reload, that the DHCP6 client is also... Jim Pingle
08:09 PM Revision 7e3ea4a8: Rector some config unsets with complex paths.: Christian McDonald
07:16 PM Bug #13706 (Confirmed): Static routes are not updated when updating a nested alias.: Tested on @22.05@ and @23.01.a.20221123.0600@.
Setup:
* Create the network alias @a2@ with a subnet defined.
* C... Marcos M
05:29 PM Revision 02d6ca03: DDNS Save+Force timeout improvements. Fixes #12870: * In PHP8, curl_close is a no-op, so remove it.
* Now that curl_close does nothing, we have to set CURLOPT_FORBID_REU... Jim Pingle
05:21 PM Revision f4970dcd: Update Rector config with pfSense-specific tweaks and notes: Christian McDonald
05:03 PM Revision 75c2fbf0: Update namespace for custom Rectors to better align with on-disk hierarchy.: Christian McDonald
04:57 PM Regression #13705: PHP8.1 Captive Portal TypeError: Tested on... Christopher Cope
04:56 PM Regression #13705 (Resolved): PHP8.1 Captive Portal TypeError: ... Christopher Cope
04:54 PM Bug #13704 (Resolved): Refactor IPsec code using config access functions: Brad Davis
04:54 PM Todo #13702 (Resolved): Replace direct config accesses in ``system_advanced_sysctl``: Brad Davis
04:52 PM Todo #13701 (Resolved): Replace direct config accesses for the rest of the paths in ``system_advanced_admin.inc``: Brad Davis
03:10 PM Bug #13253 (Feedback): ``dhcp6c`` is not restarted when applying settings when multiple WANs are configured for DHCP6: Applied in changeset commit:8e88bd48a22b55d213ac7613be74c651706cfa0d. Jim Pingle
03:04 PM Revision 721fafba: Rector some direct config sets with pure scalar paths.: Christian McDonald
12:07 PM Bug #13600 (Feedback): Saving a DDNS entry can lead to the GUI timing out.: The new fix on #12870 probably fixed this as well, try with commit:02d6ca03965777ab95da05c7ae526aa75d2ddc2a applied o... Jim Pingle
11:40 AM Bug #12870 (Feedback): Clicking Save & Force Update on a Dynamic DNS entry results in a GUI timeout: Applied in changeset commit:02d6ca03965777ab95da05c7ae526aa75d2ddc2a. Jim Pingle
11:36 AM Bug #12870: Clicking Save & Force Update on a Dynamic DNS entry results in a GUI timeout: I think I have this fixed again, it's still weirdness in cURL.
With PHP 8, curl_close() does nothing, which explai... Jim Pingle
07:57 AM Bug #12870 (New): Clicking Save & Force Update on a Dynamic DNS entry results in a GUI timeout: The fixes should already be in 23.01/2.7.0 snapshots, but it's possible some other change broke this again.
I can ... Jim Pingle
08:50 AM pfSense Docs Correction #13699: Clarification to URL / URL Table Aliases in Docs: Jens Groh wrote in #note-2:
> So I'm right in remembering, that URL-style aliases are only fetched once (and again e... Jim Pingle
08:48 AM pfSense Docs Correction #13699: Clarification to URL / URL Table Aliases in Docs: Jim Pingle wrote in #note-1:
> The bottom part is wrong since the automatic update part only applies to URL table ... Jens Groh
08:26 AM pfSense Docs Correction #13699: Clarification to URL / URL Table Aliases in Docs: The behavior did change over time so neither one of those is quite right.
The top part is wrong because it doesn't... Jim Pingle
02:49 AM pfSense Docs Correction #13699 (New): Clarification to URL / URL Table Aliases in Docs: Hi,
I got a mail by a customer that was a bit confused about the wording on the docs page concerning the differenc... Jens Groh
08:13 AM Feature #13698 (Duplicate): Routes Flag - Legend: Duplicate of #13478
Though you can click the help link on the page ("(?)" in the breadcrumb bar) to get the docs p... Jim Pingle
08:07 AM Bug #13676: PHP errors on services_dhcpv6_relay.php: Jordan Greene wrote in #note-6:
> still happening on 23.01.a.20221124.0600
What exactly is the error message now?... Jim Pingle
08:05 AM pfSense Plus Bug #13530: Remote Logging strange behavior: Again, there isn't enough to go on there. It works fine and doesn't stop on many systems in other places (including m... Jim Pingle
08:02 AM Bug #13493: Several advanced DHCP6 client options do not inform the user when rejecting invalid input: Client-side validation in JS could probably be done to help guide users toward valid input, but that should be a sepa... Jim Pingle
07:54 AM Bug #13694 (Not a Bug): Strange behavior when disabling a firewall rule while anoter is simultaneosly in Edit mode: While this could be handled better, it's not a bug but a design flaw in how any area handles items by index number in... Jim Pingle
07:51 AM pfSense Packages Bug #13696 (Not a Bug): WireGuard v0.1.6_2 - Tunnel Will Never Handshake Again After WAN Reset: Jim Pingle
07:48 AM Regression #13618 (Duplicate): Creating URL Table (IPs) alias fails on applying: I missed this issue and ended up making a new one when I fixed it. See #13685 Jim Pingle
07:07 AM pfSense Packages Feature #11130 (Resolved): FRR RIP support: Azamat Khakimyanov
07:07 AM pfSense Packages Feature #11130: FRR RIP support: Tested on 22.05 and on latest 23.01-DEV (built on Thu Nov 24 06:04:19 UTC 2022)
I used RIP between 2 nodes, with adv... Azamat Khakimyanov
07:01 AM pfSense Packages Regression #12653 (Resolved): RIP related startup error: Tested on 22.05 and on latest 23.01-DEV (built on Thu Nov 24 06:04:19 UTC 2022)
There is no issue with RIP. I crea... Azamat Khakimyanov

11/27/2022

11:06 PM Feature #13698 (Duplicate): Routes Flag - Legend: Under Diagnostics / Routes in the Flags column, it would be helpful to have a legend somewhere on screen to indicate ... Mike Moore
06:45 PM Bug #13473: No IPv6 address acquired after reboot/dhcp6c not starting: Probably similar to #13671 Flole Systems
06:43 PM Bug #13473: No IPv6 address acquired after reboot/dhcp6c not starting: Have you tested with multiple client interfaces? As described the issue happens due to the new "single dhcpv6 client ... Flole Systems
04:54 PM Bug #13676: PHP errors on services_dhcpv6_relay.php: still happening on 23.01.a.20221124.0600 Jordan G
10:42 AM pfSense Plus Bug #13530: Remote Logging strange behavior: I did some further test. Not only the firewall log stops but also e.g. unbound. I disabled forwarding to GrayLog. At ... Louis B
07:59 AM pfSense Plus Bug #13530: Remote Logging strange behavior: Yep, I just started logging pfsense alarms in GrayLog, and .... it does not work. The firewall logging stops after so... Louis B
01:22 AM pfSense Packages Bug #13619: PHP Error in pfblockerNG-devel widget: Tested on 23.01.a.20221124.0600 and I don't see any errors on the widget
!clipboard-202211271021-lhh79.png!
aleksei prokofiev

11/26/2022

08:04 PM Bug #13687: Cannot add limiters named ``new``: Confirmed this bug on 23.01. Additionally, if you create a limiter named "new" and then create a queue, if you go an... Kris Phillips
08:04 PM Bug #13493: Several advanced DHCP6 client options do not inform the user when rejecting invalid input: Wouldn't it be possible to limit the possible characters in the web interface aswell? Using the HTML5 attribute @type... Flole Systems
08:02 PM Bug #13375: Mixing VTI and disabled Tunnel Mode phase 2 entries on the same phase 1 breaks VTI gateway monitoring: Confirmed for 23.01 builds too. Kris Phillips
07:56 PM Bug #13277: IGMP Proxy webConfigurator Page Always Produces Error: Tested on pfSense Plus 23.01 and this message is still present. However, the service starts and works normally regar... Kris Phillips
07:27 PM Bug #13014: Deadlock in Charon VICI interface: Kristof Provost wrote in #note-25:
> Thanks for that.
>
> There's nothing obviously suspect in the status or conf... Kris Phillips
07:24 PM pfSense Packages Bug #13623 (Resolved): Snort binary package fails to install on 2.7.0-DEVEL snapshots due to luajit-openresty version problems: This looks like it was merged, so I tested on the latest builds.
Issue is no longer present and the package inst... Kris Phillips
05:37 PM pfSense Packages Regression #13697 (Resolved): pfBlockerNG alerts error on 2.7.0 devel and PHP 8.1: Getting the following error:... Robert Johnston
10:25 AM Bug #12870: Clicking Save & Force Update on a Dynamic DNS entry results in a GUI timeout: I was able to replicate this issue with GoDaddy DNS. Click Save & Force Update then eventually a 504/timeout error ap... Dean Arnold
12:14 AM Bug #13694: Strange behavior when disabling a firewall rule while anoter is simultaneosly in Edit mode: Tested on
23.01-DEVELOPMENT (amd64)
built on Fri Nov 18 06:04:48 UTC 2022
FreeBSD 14.0-CURRENT
In step "4" a... Lev Prokofev

11/25/2022

04:14 PM pfSense Packages Bug #13696: WireGuard v0.1.6_2 - Tunnel Will Never Handshake Again After WAN Reset: Never mind. It was a problem with my firewall. Follow the guide here and you'll be fine: https://mullvad.net/en/help/... Nunya Business
02:08 PM pfSense Packages Bug #13696: WireGuard v0.1.6_2 - Tunnel Will Never Handshake Again After WAN Reset: I think I found the solution for 0.1.6_2. Once your tunnel is setup with peers, you have your tun_wg0 Interface, and ... Nunya Business
07:27 AM pfSense Packages Bug #13696: WireGuard v0.1.6_2 - Tunnel Will Never Handshake Again After WAN Reset: even just rebooting or restarting Wireguard Nunya Business
07:14 AM pfSense Packages Bug #13696 (Not a Bug): WireGuard v0.1.6_2 - Tunnel Will Never Handshake Again After WAN Reset: This old bug has returned: https://redmine.pfsense.org/issues/12399
Identical symptoms: make any changes to the tu... Nunya Business
07:10 AM pfSense Packages Bug #12399: WireGuard v0.1.5 - Tunnel Will Never Handshake Again After WAN Reset: This problem has returned with the current version of the Wireguard package, 1.1.6_2.
Identical symptoms: make any... Nunya Business

11/24/2022

07:08 PM pfSense Packages Regression #13695 (Duplicate): pfBlockerNG-devel net 3.1.0_11 install error | 2.7.0-DEVELOPMENT (amd64) built on Thu Nov 24 06:05:10 UTC 2022: PHP ERROR: Type: 1, File: /usr/local/pkg/pfblockerng/pfblockerng_install.inc, Line: 142, Message: Uncaught TypeError:... RED SKULL
04:39 PM Regression #13618: Creating URL Table (IPs) alias fails on applying: This appears to be resolved now. I update around once a week on my test system so unsure which build fixed it. Brad Smith
03:32 PM Bug #13694 (Not a Bug): Strange behavior when disabling a firewall rule while anoter is simultaneosly in Edit mode: It appears this is regardless of interface. WAN and floating are from the original ticket so they're used here as an ... Chris W
09:03 AM Regression #13026: Limiters do not work: I can replicate the issue Steve describes, but I'm not quite sure if it's a bug or somewhat surprising expected behav... Kristof Provost
01:07 AM pfSense Docs New Content #10311: Default net.link.ifqmaxlen value leads to packet loss under load in OpenVPN: Interestingly its forced to a value of 128 now.
If set it inside on /boot/loader.conf.local, it will apply on the ... Chris Collins

11/23/2022

08:47 PM Regression #12827: High latency and packet loss during a filter reload: Hi guys feedback from myself.
I had this enabled when I first updated to 2.6.0. Had noticed no issues.
But yesterd... Chris Collins
04:34 PM Revision 522e3f91: DHCP6 Adv field validation errors. Fixes #13493: A few fields were being validated but not informing the user when the
values were bad. This commit lets the user know... Jim Pingle
02:06 PM Revision 1e45d13f: Rector some direct config gets with pure scalar paths.: Christian McDonald
01:06 PM pfSense Plus Bug #13693 (Rejected): Private domain in resolver custom options randomly breaks resolution for that domain: There isn't nearly enough here to suggest it's actually a bug or anything actionable on our part -- This site is not ... Jim Pingle
01:04 PM pfSense Plus Bug #13693 (Rejected): Private domain in resolver custom options randomly breaks resolution for that domain: I have the following "custom options" configuration in my DNS resolver settings to allow DNS over OpenVPN to work pro... Ryan Goodfellow
11:33 AM Regression #13666: Assigned bridge interfaces are not configured at boot: The resolution to #13225 appears to have caused this. The rebuilding of the bridge interfaces after logical ovpn inte... Reid Linnemann
10:45 AM Bug #13493 (Feedback): Several advanced DHCP6 client options do not inform the user when rejecting invalid input: Applied in changeset commit:522e3f912bf849161e5a52e50fcc7fc80c3b11f5. Jim Pingle
10:32 AM pfSense Packages Bug #13692 (New): Netgate_Firmware_Upgrade - Title link needs updated: >Netgate_Firmware_Upgrade links to https://github.com/pfSense-pkg-Netgate_Firmware_Upgrade/pfSense-pkg-Netgate_Firmwa... Christopher Cope
10:30 AM pfSense Packages Bug #13691 (Resolved): ldpd - Title link needs updated: >lldpd links to https://docs.netgate.com/pfsense/en/latest/packages/nut.html
That is the wrong package. Christopher Cope
10:30 AM pfSense Packages Bug #13690 (Closed): IPsec Profile Wizard: Update package description and link in ``pkg-descr``: >ipsec-profile-wizard links to http://www.netgate.com/docs/
Perhaps that is on purpose, but it would seem better t... Christopher Cope
10:07 AM Bug #13689 (Rejected): Links on some package names are incorrect.: Each package manages its own link(s) in its @pkg-descr@ file -- this will need to be one separate Redmine under Packa... Jim Pingle
10:04 AM Bug #13689 (Rejected): Links on some package names are incorrect.: When loading the list of packages in System > Package Manager > Available Packages some of the links need updated / c... Christopher Cope
09:37 AM Bug #13686: Unbound breaks SPF: Jim Pingle wrote in #note-3:
> That is not anything we can control, it's the behavior of Unbound itself. You can rai... Frederic Steinfels
09:28 AM pfSense Packages Bug #13612: Snort building lists is broken: A pull request has been submitted to the pfSense DEVEL branch of FreeBSD-ports to correct this issue. The pull reques... Bill Meeks
09:26 AM pfSense Packages Bug #13623: Snort binary package fails to install on 2.7.0-DEVEL snapshots due to luajit-openresty version problems: I have submitted a pull request to the pfSense DEVEL FreeBSD-ports tree to correct this issue. Here is the link: http... Bill Meeks
09:10 AM pfSense Plus Feature #13688 (Rejected): Twice(Dual) NAT separate configuration: Given that it's already possible now, and adding another way to do the same thing would likely confuse people even mo... Jim Pingle
09:06 AM pfSense Plus Feature #13688 (Rejected): Twice(Dual) NAT separate configuration: In order to do Twice NAT, source and destination IP fields need to be changed, one would need to create separate outb... Mike Moore
08:56 AM pfSense Packages Feature #13643: FRR - Display what BGP is advertsing to its neighbors: Appreciate the responses here. I didnt know if vtysh could be called from the cli - rather i didnt know how.
That be... Mike Moore
03:10 AM Bug #13148 (Ready To Test): Traffic passed by Captive Portal cannot use limiter queues on other rules: My understanding is that this is fixed, but that Reid had an unrelated issue. @Reid, can you confirm? Kristof Provost
02:41 AM Bug #13687 (Resolved): Cannot add limiters named ``new``: When I create a limiter named 'new' via the Traffic Shaper page (firewall_shaper_vinterface.php) with the name 'new' ... Kristof Provost

11/22/2022

08:38 PM Revision 88774881: Rector some more direct config unsets with pure scalar paths: Christian McDonald
06:45 PM Revision 6e081414: Rector some direct config unsets with pure scalar string paths.: Christian McDonald
06:18 PM Bug #13686: Unbound breaks SPF: That is not anything we can control, it's the behavior of Unbound itself. You can raise a request with them directly ... Jim Pingle
06:17 PM Bug #13686: Unbound breaks SPF: I see, thanks. I will reformulate my request. Instead of stripping the answer, wouldn't it make more sense to replace... Frederic Steinfels
06:00 PM Bug #13686 (Not a Bug): Unbound breaks SPF: This is not a bug, it's a security feature. Unbound disallows private addresses in replies by default. You can disabl... Jim Pingle
05:09 PM Bug #13686 (Not a Bug): Unbound breaks SPF: It seems the unbound module is not compliant with the SPF standard.
When I do the lookup on the pfsense unbound se... Frederic Steinfels
05:04 PM Revision fa323663: IPsec cert SAN improvements. Fixes #13373: * Improve descriptions of IPsec P1 cert fields.
* Allow using a cert with a wildcard SAN so long as there is at least... Jim Pingle
03:43 PM Revision f16d3f4d: Add CA/Cert invalid descr char list to help. Fixes #13387: Jim Pingle
03:10 PM Revision af613468: Fix regression in URL alias parsing. Fixes #13685: Jim Pingle
12:05 PM Bug #13493: Several advanced DHCP6 client options do not inform the user when rejecting invalid input: Looks like several fields get tested to ensure they are numeric ints before being stored, but don't have correspondin... Jim Pingle
12:04 PM Feature #4728: Expose ``nopool`` server option in the OpenVPN Server GUI: Hi, I do not think this is a duplicate and I just ran into this again. I actually want to be able to specify "nopool"... Florian Apolloner
11:56 AM Bug #13671: DHCP client can fail permanently if an interface is down at boot: MR: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/949 Jim Pingle
11:53 AM Bug #13671 (Feedback): DHCP client can fail permanently if an interface is down at boot: Try this change, for example:... Jim Pingle
11:50 AM Bug #13671: DHCP client can fail permanently if an interface is down at boot: @/etc/rc.linkup@ explicitly exits if it detects the platform is booting. We might be able to insert a test there to c... Jim Pingle
11:35 AM Bug #13473 (Incomplete): No IPv6 address acquired after reboot/dhcp6c not starting: I can't reproduce anything like this with LAGG and DHCP6 on current snapshots, it's all working happily here and none... Jim Pingle
11:15 AM Bug #13280 (Feedback): Entries for ``net.link.ifqmaxlen`` duplicated in ``/boot/loader.conf``: I cannot reproduce this on current snapshots either. The only place I can reproduce it is on a 22.05 system.
I hav... Jim Pingle
11:15 AM Regression #13373 (Feedback): IPsec rejects certificates if any SAN is wildcard rather than rejecting when **all** SANs are wildcard: Applied in changeset commit:fa3236635876914ab330778545ec8dd7cefe7a80. Jim Pingle
11:07 AM Regression #13373: IPsec rejects certificates if any SAN is wildcard rather than rejecting when **all** SANs are wildcard: I re-confirmed that using a cert with one non-wildcard SAN and multiple wildcard SANs does work properly in strongSwa... Jim Pingle
10:13 AM Bug #13574 (Resolved): Extra remote address information can confuse ``sshguard``: The extra information is no longer printed in the log, and sshguard properly recognizes the failed attempts even when... Jim Pingle
09:50 AM Bug #13387 (Feedback): Input validation is not rejecting invalid description characters when editing a CA or Certificate: Applied in changeset commit:f16d3f4d3f466bb1fca84c754e51fbaa1b9e48ba. Jim Pingle
09:42 AM Bug #13387 (In Progress): Input validation is not rejecting invalid description characters when editing a CA or Certificate: I'll add the list of invalid characters to the help text for those fields.
Jim Pingle
09:25 AM Bug #13425 (Resolved): Invalid alias name can still be used by code attempting to validate URL table content: Attempting a previously working exploit no longer creates an arbitrary file. Marking resolved.
Jim Pingle
09:11 AM Bug #13425: Invalid alias name can still be used by code attempting to validate URL table content: Jordan Greene wrote in #note-3:
> when attempting to save an alias in 23.01.a.20221111.0600 include an additional / ... Jim Pingle
09:20 AM Regression #13685 (Feedback): URL alias parsing is broken, gets stuck in infinite loop reading downloaded file: Applied in changeset commit:af61346825f5507889d66c142c78babee837f6e4. Jim Pingle
09:08 AM Regression #13685 (In Progress): URL alias parsing is broken, gets stuck in infinite loop reading downloaded file: Jim Pingle
09:07 AM Regression #13685 (Resolved): URL alias parsing is broken, gets stuck in infinite loop reading downloaded file: In commit:c239afac1763951eacefc1dbc59ad04f9d319b91 we made the following change:... Jim Pingle
08:31 AM Bug #13426 (Resolved): ``status.php`` uses ``<name>`` component of ``/tmp/rules.packages.<name>`` filenames in shell command without encoding: Can't reproduce on snapshots. Marking resolved. Jim Pingle
07:13 AM Bug #12673: Firewall Logs Dashboard Widget is slow and may fail to update: I think I have solved all issues. The functionality is the same as the original NetGate version. However with a 20 ti... Louis B

11/21/2022

10:31 PM Feature #2479: Allow reordering of the traffic graphs on the dashboard: This would be nice to have. Although you can hide interfaces it still doesn't group, for example, WAN interfaces or V... Steve Wheeler
09:29 PM Revision 824ab9c4: Correct special net NPt dst prefix handling. Fixes #13240: Disables prefix length drop-down when using a special net (e.g. track6
delegated prefix) because that already has its... Jim Pingle
08:06 PM Revision 749af017: Use 'ip' when copying+converting addr rules. Fixes #13364: Jim Pingle
07:59 PM Revision 2e534ffe: Ensure copied rules get unique IDs. Fixes #13507: Jim Pingle
07:15 PM Revision ad040b70: Omit RAM disk size check when disabled. Fixes #13479: Jim Pingle
07:03 PM Revision 7d087f60: Remove unused deprecated code from dhclient script. Fixes #13501: Jim Pingle
07:01 PM Revision 54115a67: Add CDATA protection to "hint". Fixes #13388: Jim Pingle
06:43 PM Revision 31c37082: rc.linkup code refresh and fixes. Fixes #13254: * Update code to be more compatible with PHP 8.1
* Consistency changes to code and logging so every path has similar
... Jim Pingle
04:33 PM Regression #13663 (Resolved): WIFI interface configuration creates invalid xml: This is fixed in current snapshots.
Tested:... Steve Wheeler
03:40 PM Bug #13240 (Feedback): User is forced to pick an NPt destination IPv6 prefix length even when choosing a drop-down entry which contains a defined prefix length: Applied in changeset commit:824ab9c44e658b3fc1e1a4d6a96f41265cec0221. Jim Pingle
02:29 PM Bug #13240 (In Progress): User is forced to pick an NPt destination IPv6 prefix length even when choosing a drop-down entry which contains a defined prefix length: Jim Pingle
03:33 PM Regression #13373 (In Progress): IPsec rejects certificates if any SAN is wildcard rather than rejecting when **all** SANs are wildcard: Jim Pingle
03:28 PM Revision 877cff6f: Fix more Rector foreach fallout: Jim Pingle
02:48 PM Revision 7a3637b1: Restore unintentionally removed line. Issue NG 9247: Jim Pingle
02:19 PM Bug #12335: IPsec DNS inefficiency: Bump this forward again, not enough spare cycles this release to dig into it. Jim Pingle
02:18 PM Bug #12942: Code to kill states for old gateway when reconnecting an interface is incorrect: Bump this forward again, not enough spare cycles this release to dig into it. Jim Pingle
02:18 PM Bug #12811 (Feedback): Services are not restarted when PPP interfaces connect: There have been a lot of changes here since the last comment and it's not clear if this should be marked resolved or ... Jim Pingle
02:15 PM Bug #13364 (Feedback): Using the copy (not clone) function on firewall rules unintentionally converts interface ``address`` to interface ``net``: Applied in changeset commit:749af017d77897079e759cb934461f1f4e810592. Jim Pingle
02:03 PM Bug #13364: Using the copy (not clone) function on firewall rules unintentionally converts interface ``address`` to interface ``net``: I can reproduce this on the latest dev snaps exactly as described. Working on a fix now. Jim Pingle
02:02 PM Bug #13364 (In Progress): Using the copy (not clone) function on firewall rules unintentionally converts interface ``address`` to interface ``net``: Jim Pingle
02:15 PM Bug #13507 (Feedback): Copying multiple rules at the same time results in new rules with duplicate tracker IDs: Applied in changeset commit:2e534ffe71dc763c66a2009c07a9883c252afa0f. Jim Pingle
02:02 PM Bug #13507 (In Progress): Copying multiple rules at the same time results in new rules with duplicate tracker IDs: Looks like a simple fix, it's using microtime inside a loop and it should just be using that once as a starting value... Jim Pingle
01:38 PM Todo #13508: Uncouple RAM Disk size from available kernel memory: We can't remove the check entirely but it would need to be adjusted for whatever limits tmpfs may have. For example, ... Jim Pingle
01:37 PM Bug #13479: Input validation is checking RAM disk sizes when they are inactive: That's a separate issue, I'm taking things one at at time. While we evaluate the other, it's still safe to remove thi... Jim Pingle
01:29 PM Bug #13479: Input validation is checking RAM disk sizes when they are inactive: Not entirely sure if this is a good idea as #13508 suggests that the check can be removed entirely as it's no longer ... Flole Systems
01:25 PM Bug #13479 (Feedback): Input validation is checking RAM disk sizes when they are inactive: Applied in changeset commit:ad040b7063c9cc5487b15c044a95949888041271. Jim Pingle
01:10 PM Todo #13501 (Feedback): Clean up obsolete code in ``pfSense-dhclient-script``: Applied in changeset commit:7d087f60126b57e34c689cb44e8ba3d7d352f238. Jim Pingle
01:10 PM Feature #13388 (Feedback): Support for international characters in the AutoConfigBackup Hint/Identifier field: Applied in changeset commit:54115a67546fcfbe32c7ec5433fb8a0d3661c808. Jim Pingle
12:55 PM Bug #13254 (Feedback): DNS resolver does not update its configuration or reload during link down events: Applied in changeset commit:31c37082cad1ca068fc22d93fe3dc3c6a8005144. Jim Pingle
12:53 PM pfSense Packages Bug #13619 (Feedback): PHP Error in pfblockerNG-devel widget: Reid Linnemann
11:37 AM pfSense Packages Bug #13619: PHP Error in pfblockerNG-devel widget: The change was just merged to Plus this morning, try the next build please. Reid Linnemann
09:34 AM pfSense Packages Bug #13619 (New): PHP Error in pfblockerNG-devel widget: There's a separate redmine for that one:
https://redmine.pfsense.org/issues/13679
Still seeing this on latest snap/p... Marcos M
11:52 AM pfSense Packages Bug #13642 (Feedback): PHP Error: frr_zebra.inc:159: Fixed in "4a256a0":https://github.com/pfsense/FreeBSD-ports/commit/4a256a029fccc20a7e2b3f2e5a9a5a7dc024eaa8 Reid Linnemann
11:29 AM Bug #13676: PHP errors on services_dhcpv6_relay.php: Jordan Greene wrote in #note-4:
> still seeing this running 23.01.a.20221118.0600 but works with changeset added via ... Reid Linnemann
11:24 AM pfSense Packages Bug #13679: Error in pfBlockerNG Post Install Script: I think I see why you've run into this where others haven't. Around the line in question:... Reid Linnemann
11:03 AM pfSense Packages Bug #13679: Error in pfBlockerNG Post Install Script: Chris W wrote in #note-3:
> I hit this today upgrading from 22.05 to 23.01.a.20221118.0600 with pfBlocker-devel 3.1.... Reid Linnemann
09:49 AM pfSense Packages Bug #13684 (Duplicate): HAProxy PHP error haproxy.inc:1229: On upgrade to 2.7:... Steve Wheeler
08:37 AM Regression #11545: Primary interface address is not always used when VIPs are present: All the issues I could reproduce here are fixed now. If we could get some more feedback from users who encountered th... Jim Pingle
07:31 AM Regression #13670 (Resolved): AES-NI support is built into the kernel on snapshots instead of being a module: That is normal. Changing the configuration does not unload the other modules since that could cause running processes... Jim Pingle
07:18 AM Bug #13579 (Resolved): Incorrect quoting of Split DNS attribute value in ``strongswan.conf``: Jim Pingle
07:12 AM Bug #12673: Firewall Logs Dashboard Widget is slow and may fail to update: The rule lookup function I disable to speedup the widget, was in opposite to my expectation in use to show the rule i... Louis B
04:12 AM Bug #13014: Deadlock in Charon VICI interface: Thanks for that.
There's nothing obviously suspect in the status or configuration files. I do see you have a fair ... Kristof Provost

11/20/2022

10:54 PM pfSense Packages Feature #13683 (New): Request: manually clear collected database/ remove an individual item from the database: It would be helpful when one has reconfigured a network or hosts to be able to manually clear the collected MAC datab... Steve Prior
01:25 PM Bug #12673: Firewall Logs Dashboard Widget is slow and may fail to update: Here my code, watch out debug still partly active (to show the speed :)) . The code is more than 150 times faster on ... Louis B
01:02 PM Bug #12673: Firewall Logs Dashboard Widget is slow and may fail to update: I did some further analyses, and my previous conclusion was not correct. After making further changes and debugging t... Louis B
09:45 AM Bug #12673: Firewall Logs Dashboard Widget is slow and may fail to update: I did add debug time traces in the widget and it turned out that the html part of the code is causing the terrible d... Louis B
12:58 PM pfSense Packages Bug #13619: PHP Error in pfblockerNG-devel widget: With 23.01.a.20221118.0600 I these errors
Please find attached the logs:... Alex Casanova

11/19/2022

06:56 PM pfSense Packages Bug #13619: PHP Error in pfblockerNG-devel widget: widget is able to be added to the dashboard now, running ver 23.01.a.20221118.0600 Jordan G
06:23 PM Regression #13670: AES-NI support is built into the kernel on snapshots instead of being a module: on 23.01.a.20221118.0600 if I switch from QAT to AES-NI in the System>Advanced>Miscellaneous, save/apply, then check ... Jordan G
05:21 PM pfSense Packages Bug #13679: Error in pfBlockerNG Post Install Script: I hit this today upgrading from 22.05 to 23.01.a.20221118.0600 with pfBlocker-devel 3.1.0_10. After logging into the ... Chris W
02:34 AM pfSense Packages Bug #13679: Error in pfBlockerNG Post Install Script: No errors on 23.01-DEVELOPMENT (amd64) built on Fri Nov 11
@>>> Installing pfSense-pkg-pfBlockerNG-devel...
Upda... Lev Prokofev
05:04 PM Bug #13676: PHP errors on services_dhcpv6_relay.php: still seeing this running 23.01.a.20221118.0600 but works with changeset added via system_patches Jordan G
04:51 PM Bug #12632: Changing an interface IP address and gateway at the console does not save the new gateway if one already exists for the interface: WAN IP and the default GW have been assigned via the console and the the default route has been added
> First... Alhusein Zawi
04:40 PM Todo #13524 (Resolved): Update reserved alias names: Marcos M
04:40 PM Bug #13393 (Resolved): DNS Resolver responds with unexpected source address when the DNS over TLS server function is enabled: Marcos M
04:37 PM Feature #13682 (In Progress): Automatically indicate a packet capture has stopped when count limit is reached: Marcos M
11:14 AM Feature #13682 (Closed): Automatically indicate a packet capture has stopped when count limit is reached: It'd be helpful if the GUI of Diagnostics > Packet Capture could automatically refresh or in some way indicate the co... Chris W
04:23 PM Regression #13488 (Feedback): All Captive Portal users are given the same limiter pipe pair: Applied in:
https://redmine.pfsense.org/projects/pfsense/repository/1/revisions/c0f216b9b1b6455afc96cb37e6319a23bf28... Marcos M
04:12 AM Regression #13488 (Ready To Test): All Captive Portal users are given the same limiter pipe pair: Merged to pfSense CE and plus. Kristof Provost
09:43 AM Revision c0f216b9: captiveportal: actually allocate a pipe number for new clients: When a client authenticates to the captive portal we generate a pipe
number (actually two) for it. However, we did th... Kristof Provost
08:56 AM Bug #13579: Incorrect quoting of Split DNS attribute value in ``strongswan.conf``: Testing performed:
client: ... Danilo Zrenjanin
07:03 AM Bug #13633 (Resolved): DHCPv6 rules are not created for interfaces with static IPv6: Tested against:... Danilo Zrenjanin
06:33 AM Bug #13675: Code that sets IPv6 MTU can unintentionally act on IPv4 addresses: Not able to reproduce it on 23.01-DEVELOPMENT (amd64) built on Fri Nov 11 using the config from customer ticket. Lev Prokofev
05:18 AM pfSense Packages Bug #13544: SquidGuard either denying everything or proxying everything: Disabling transparent proxying seems to have fixed the issue... But yet again, using it on some interfaces now works ... Jimmy Michaelson

11/18/2022

09:46 PM Revision 2b66dafa: Fix gif interface _routerv6 files not being created. Fixes #11545: interface_gif_configure() uses the global variable $g to look up the temp
directory in which to write the router/gate... Reid Linnemann
08:50 PM Bug #13678: Complete connectivity loss when OpenVPN Client loses connection: I'm unable to reproduce this with any of my OpenVPN clients. Do you have any special configuration items in your con... Kris Phillips
09:49 AM Bug #13678 (Rejected): Complete connectivity loss when OpenVPN Client loses connection: There isn't enough here to classify this as a bug, and it can't be reproduced as stated. This site is not for support... Jim Pingle
09:13 AM Bug #13678 (Rejected): Complete connectivity loss when OpenVPN Client loses connection: Greetings.
Had updated to 2.6 from 2.5.2 in the past, and encountered a bug where if an OpenVPN client goes down f... Lily S
08:49 PM Revision 1688a960: Add iface to some resolver restarts. Fixes #12612: A few interface-specific calls to restart the resolver were not passing
the interface name to ensure it was only rest... Jim Pingle
08:47 PM pfSense Packages Bug #13589: PHP Errors during cellular package installation on CE 2.7: This issue is still present in Nov 18th builds. Kris Phillips
08:45 PM pfSense Packages Bug #13679: Error in pfBlockerNG Post Install Script: Unable to reproduce this. Installing the package shows normal for me. Here is the full log on 23.01 for Nov 18th bu... Kris Phillips
05:07 PM pfSense Packages Bug #13679 (Resolved): Error in pfBlockerNG Post Install Script: Error installing pfBlockerNG-devel 3.1.0_10 on... Christopher Cope
08:39 PM pfSense Packages Bug #13587: Zabbix-agent62 install fails: This problem is unique to the agent for some reason. zabbix-proxy62 works just fine. Tested again on Nov 18th builds. Kris Phillips
08:34 PM pfSense Packages Bug #13513 (Resolved): Cannot install Squid: Tested on Nov 18th builds. Package installs properly with no more errors. Issue is resolved. Kris Phillips
06:45 PM Bug #13680 (New): Package install scripts run after PHP upgrade produce errors: During the upgrade to 2.7 or 23.11 PHP is upgraded before the pfSense packages are upgraded. That can lead to the sit... Steve Wheeler
06:23 PM Revision b381fa76: Fix PPP reset hr/min blank vs 0. Fixes #13307: Jim Pingle
06:08 PM Revision bef138fa: Replace direct config accesses in services_dhcpv6_relay.php. Fixes #13676: Reid Linnemann
06:06 PM Revision efe80217: Fix PPP interface regression: Jim Pingle
04:58 PM Revision 13ae614b: Correct console set IP addr script. Fixes #12632: * Prompt to replace default gateway instead of only setting if it was
empty before.
* Correct faulty assumptions ab... Jim Pingle
04:51 PM Regression #13627 (Resolved): PHP: Easyrule from the firewall log: Tested on... Christopher Cope
04:15 PM Regression #11545 (Feedback): Primary interface address is not always used when VIPs are present: Applied in changeset commit:2b66dafae80f4a17c4cfc4a5f548f336b97513de. Reid Linnemann
04:03 PM Revision b03e0c60: Fix descr for unbound network ifs. Fixes #13453: Jim Pingle
03:58 PM Revision 29f367a0: Fix Adv DHCP6 f/multiple interfaces. Fixes #13462: Jim Pingle
03:54 PM Revision 9b391783: Improve set_ipv6routes_mtu checks. Fixes #13675: Christopher Cope
03:00 PM Bug #12612 (Feedback): DNS Resolver is restarted during every ``rc.newwanip`` event even for interfaces not used in the resolver: Applied in changeset commit:1688a9608cbe5889f160dc4b4d3bcfc64fc856c4. Jim Pingle
02:35 PM Revision 8b4e0838: Define curl CAPath for trusted CAs. Fixes 12737: Jim Pingle
02:17 PM Revision 410e9b52: Detect/set default primary console. Fixes #12960: If the user has not chosen a primary console, use the current active
console type as the default.
This prevents a us... Jim Pingle
02:04 PM Bug #13014: Deadlock in Charon VICI interface: Kristof Provost wrote in #note-23:
> Based on available information the suspicion is that charon itself is deadlocki... David Vazquez
12:30 PM Bug #13307 (Feedback): PPP interface custom reset date/time Hour and Minute fields do not properly handle ``0`` value: Applied in changeset commit:b381fa76bd817f94f9971caddace1faef1e83b6c. Jim Pingle
12:15 PM Bug #13676 (Feedback): PHP errors on services_dhcpv6_relay.php: Applied in changeset commit:bef138fa29432321d9befad6038117d9b55cbe13. Reid Linnemann
11:10 AM Bug #12632 (Feedback): Changing an interface IP address and gateway at the console does not save the new gateway if one already exists for the interface: Applied in changeset commit:13ae614b25433193c5bab8beabff65a1c80dcb3a. Jim Pingle
10:54 AM Bug #12632 (In Progress): Changing an interface IP address and gateway at the console does not save the new gateway if one already exists for the interface: I see a couple problems here.
First, the script only sets the default gateway if there is no default gateway set -... Jim Pingle
11:01 AM Bug #12737 (Feedback): CA path is not defined when using ``curl`` in the shell: Implemented in commit:8b4e08382a890b2978c80130def0db2bab0adf28
Jim Pingle
08:38 AM Bug #12737: CA path is not defined when using ``curl`` in the shell: Defining it in the environment in the shell init scripts works for me. Commit inbound shortly.
With the CA for a w... Jim Pingle
08:28 AM Bug #12737 (In Progress): CA path is not defined when using ``curl`` in the shell: Jim Pingle
10:55 AM Bug #12673: Firewall Logs Dashboard Widget is slow and may fail to update: The problem is clear to me. If the widget processing time > than the refresh time the widget will be re triggered bef... Louis B
10:10 AM Bug #13453 (Feedback): Incorrect word in "Network Interfaces" help text on ``services_unbound.php``: Applied in changeset commit:b03e0c60bcd1675a35a53ebb94db22cd5598be1c. Jim Pingle
10:09 AM pfSense Plus Bug #13674 (Resolved): QAT detection on dashboard is incorrect if the driver does not attach: This is working as expected on the latest snapshot. I don't have any hardware around with an unsupported chip but if ... Jim Pingle
10:05 AM pfSense Plus Regression #13491 (Resolved): Crypto devices are not detected on current snapshots because the format of pciconf has changed: Confirmed here as well on 4100 (C3K), 7100 (C3K), and 7551 (C2K). Jim Pingle
09:54 AM pfSense Plus Regression #13491: Crypto devices are not detected on current snapshots because the format of pciconf has changed: Can confirm the fix is working on an SG-5100 running 23.01 build 23.01.a.20221118.0600. Thanks for the quick turnarou... Nick Goehring
10:05 AM Bug #13462 (Feedback): Advanced DHCP6 client settings only work for a single interface: Applied in changeset commit:29f367a0e681621c1950e42fbc1261b08e2d3a42. Jim Pingle
10:00 AM Bug #13675 (Feedback): Code that sets IPv6 MTU can unintentionally act on IPv4 addresses: Applied in changeset commit:9b391783768adc4e0db543770c3a2b7208a56a33. Christopher Cope
09:49 AM Bug #13677 (Duplicate): Complete connectivity loss when OpenVPN Client loses connection: Duplicate of #13678 Jim Pingle
06:29 AM Bug #13677 (Duplicate): Complete connectivity loss when OpenVPN Client loses connection: Greetings.
Had updated to 2.6 from 2.5.3 in the past, and encountered a bug where if an OpenVPN client goes down f... Lily S
08:25 AM Bug #12960 (Feedback): VGA install defaults to serial as primary console when loading/saving admin GUI settings without making changes: Applied in changeset commit:410e9b52e45b7248942640f4a08189cd18567353. Jim Pingle
07:42 AM Bug #12960: VGA install defaults to serial as primary console when loading/saving admin GUI settings without making changes: To confirm, the loader menu issue is identical to #13080 -- On the ISO when booting via BIOS, it has @boot_serial=NO@... Jim Pingle
02:53 AM Regression #13488: All Captive Portal users are given the same limiter pipe pair: Steve Wheeler wrote in #note-4:
> For reference the thread this was discussed and diagnosed in is here:
> https://f... Kristof Provost

11/17/2022

05:29 PM Bug #13676 (Resolved): PHP errors on services_dhcpv6_relay.php: ... Reid Linnemann
05:25 PM pfSense Packages Feature #13608: ACME Not Recognizing new .au domain on wildcard: This is now becoming a huge problem for my customers who have embraced the new tld .au. We are not able to create any... Rick Strangman
04:31 PM pfSense Packages Bug #13619 (Feedback): PHP Error in pfblockerNG-devel widget: This should be fixed as of "223d90f":https://github.com/pfsense/FreeBSD-ports/commit/223d90f55b308871c21e1b3d93812bc9... Reid Linnemann
04:19 PM Revision 5ee97acf: Disabled service status correction. Fixes #13604: Jim Pingle
03:58 PM Revision 12689bb0: Correct QAT active reporting. Fixes #13674: Account for cases where the module(s) are loaded but the driver failed
to attach. Jim Pingle
03:11 PM pfSense Packages Regression #13628: FreeRADIUS Users cleared out each time a user is add, removed, or modified: Sounds like it might be the same root cause as #13642 (See the most recent note on there) Jim Pingle
03:09 PM pfSense Packages Regression #13631 (Duplicate): FreeRADIUS fails to authenticate users: Duplicate of #13628 Jim Pingle
03:09 PM pfSense Packages Bug #13653 (Duplicate): FreeRadius package 0.15.8_1 on 23.01 doesn't write user's info to /usr/local/etc/raddb/users file.: Duplicate of #13628 Jim Pingle
03:06 PM Bug #13675 (Pull Request Review): Code that sets IPv6 MTU can unintentionally act on IPv4 addresses: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/937 Christopher Cope
02:40 PM Bug #13675 (Resolved): Code that sets IPv6 MTU can unintentionally act on IPv4 addresses: Related to https://redmine.pfsense.org/issues/11855
The patch on that issue adds a check for the address being IPv... Christopher Cope
03:02 PM Bug #13102: Deleting an IPSec tunnel doesn't destroy the SA (SADs/SPDs), causes crash in status_ipsec.php: Can move this forward, previous attempts were too disruptive to risk given all the other changes going on for the 23.... Jim Pingle
03:00 PM Bug #12960: VGA install defaults to serial as primary console when loading/saving admin GUI settings without making changes: As we saw on #13080 this is probably just the loader menu interpreting the environment incorrectly.
The GUI page c... Jim Pingle
02:56 PM Bug #12901 (Resolved): DNS Forwarder refuses valid retries from clients in certain cases: Current dev snapshots have dnsmasq-2.87,1 so this should be resolved.
Jim Pingle
02:54 PM Feature #12768: pfSense-repo: Make sure default config file exists: Is this still something we need to address?
I think this has either already been done or has been superseded by ot... Jim Pingle
02:53 PM Bug #12737: CA path is not defined when using ``curl`` in the shell: Seems like we should be able to define our CA path in the environment to cover some of these cases:
From the man p... Jim Pingle
02:44 PM Bug #12645 (Feedback): ``filterdns`` does not monitor remote IPsec gateways for IPv6 address changes: This should be re-tested/re-confirmed. There have been several potentially relevant changes since the last report, in... Jim Pingle
02:36 PM Bug #11296: Static route targets may still reachable via default route when the gateway they should route through is down: While this can be confusing, any solution tried thus far has broken more than it has fixed. If someone wants to pick ... Jim Pingle
02:34 PM Bug #3132: Gateway events for IPv6 affect IPv4 services and vice versa: Moving ahead again, too many other more important things and this requires working on each affected service separatel... Jim Pingle
02:32 PM Bug #11091 (Rejected): Interfaces set as disabled in the configuration have an UP status in the operating system at boot: No movement in a long time on this plus when we did try it was really disruptive for little to no benefit. Closing fo... Jim Pingle
12:54 PM pfSense Plus Bug #13664 (Feedback): GUI allows configuring OpenVPN DCO with incompatible options (TCP, compression, TAP, net30): Done: https://gitlab.netgate.com/pfSense/factory/-/commit/966988801d2684e2d31d24040ab9641b0390d61a
> When DCO is e... Jim Pingle
12:17 PM pfSense Plus Bug #13664 (In Progress): GUI allows configuring OpenVPN DCO with incompatible options (TCP, compression, TAP, net30): Jim Pingle
12:11 PM Regression #13488: All Captive Portal users are given the same limiter pipe pair: The changes in https://redmine.pfsense.org/projects/pfsense/repository/1/revisions/32661caf9549d8675763e814c9ceb9c2b4... Reid Linnemann
11:13 AM Regression #13488: All Captive Portal users are given the same limiter pipe pair: For reference the thread this was discussed and diagnosed in is here:
https://forum.netgate.com/topic/174489/22-05-c... Steve Wheeler
10:53 AM Regression #13488: All Captive Portal users are given the same limiter pipe pair: Potential fix in https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/936 Kristof Provost
11:50 AM Regression #13604: OpenVPN service status is incorrect: Tested the patch against the following services under Status/Services:... Danilo Zrenjanin
10:30 AM Regression #13604 (Feedback): OpenVPN service status is incorrect: Applied in changeset commit:5ee97acf88086e33e751d85571ff34c1157f9204. Jim Pingle
10:27 AM Regression #13604: OpenVPN service status is incorrect: Confirmed, they're all the same root cause. Fix committed, will be in momentarily. Jim Pingle
10:17 AM Regression #13604 (In Progress): OpenVPN service status is incorrect: Pretty sure all of these service-related Redmine issues are the same root cause. I see at least one obvious problem t... Jim Pingle
01:19 AM Regression #13604 (Confirmed): OpenVPN service status is incorrect: I confirmed this behavior on the:... Danilo Zrenjanin
10:57 AM Revision 1be126b7: fix pciconf output parsing: In FreeBSD 14 the output format of pciconf changed. It now splits up the
device and vendor fields.
Simplify this cod... Kristof Provost
10:26 AM pfSense Packages Bug #13665 (Duplicate): Unable to start Wireguard from Status > Services: Duplicate of #13604 (same root cause). Jim Pingle
10:22 AM pfSense Packages Regression #13668 (Duplicate): Unable to start FRR from Status > Services: Duplicate of #13604 (same root cause). Jim Pingle
10:21 AM pfSense Packages Regression #13673 (Duplicate): Unable to start pfBlockerNG-devel from Status > Services: Duplicate of #13604 (same root cause). Jim Pingle
06:12 AM pfSense Packages Regression #13673 (Duplicate): Unable to start pfBlockerNG-devel from Status > Services: When stopping pfb_filter or pfb_dnsbl from Status > Services, it shows disabled instead of stopped and can't be start... Danilo Zrenjanin
10:21 AM pfSense Packages Regression #13672 (Duplicate): Unable to start freeradius from Status > Services: Duplicate of #13604 (same root cause). Jim Pingle
02:44 AM pfSense Packages Regression #13672 (Duplicate): Unable to start freeradius from Status > Services: When stopping radiusd from *Status > Services*, it shows disabled instead of stopped and can't be restarted under *St... Danilo Zrenjanin
10:10 AM pfSense Plus Bug #13674 (Feedback): QAT detection on dashboard is incorrect if the driver does not attach: Applied in changeset pfsense:commit:12689bb00142ccf14d323d123277c02f3ffc48bf. Jim Pingle
09:54 AM pfSense Plus Bug #13674 (Resolved): QAT detection on dashboard is incorrect if the driver does not attach: If the QAT module is loaded but the driver did not attached to the hardware, the dashboard still reports "QAT: Yes (a... Jim Pingle
09:47 AM pfSense Plus Regression #13491 (Feedback): Crypto devices are not detected on current snapshots because the format of pciconf has changed: MR is merged. Works well here for detecting QAT, but needs further testing on more hardware once it's in a snapshot.
Jim Pingle
07:13 AM pfSense Plus Regression #13491: Crypto devices are not detected on current snapshots because the format of pciconf has changed: MR: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/933 Jim Pingle
08:42 AM Bug #13014: Deadlock in Charon VICI interface: Based on available information the suspicion is that charon itself is deadlocking, which matches the described sympto... Kristof Provost
07:50 AM pfSense Packages Regression #13657 (Duplicate): pfblockerng.widget.php Error - Pfsense 2.7 Fri Nov 11 06:30:07 UTC 2022 Build: Jim Pingle
07:18 AM Regression #13670 (Feedback): AES-NI support is built into the kernel on snapshots instead of being a module: This is because AES-NI is currently built into the kernel. We were debating whether to keep it in the kernel or move ... Jim Pingle
07:13 AM pfSense Plus Bug #13667 (Duplicate): QuickAssist hardware not recognized: Duplicate of #13491 Jim Pingle
05:07 AM pfSense Docs New Content #12597 (New): How to reset IPMI settings and password for Netgate appliances: The part with the commands to define the IP address, subnet mask, and default gateway is still missing.
Enable an... Danilo Zrenjanin
01:17 AM Regression #13669 (Duplicate): Status / Services doesn't show correct OpenVPN status: This one is a duplicate of https://redmine.pfsense.org/issues/13604 Danilo Zrenjanin

11/16/2022

05:49 PM pfSense Packages Bug #13642 (In Progress): PHP Error: frr_zebra.inc:159: Reid Linnemann
05:48 PM pfSense Packages Bug #13642 (Confirmed): PHP Error: frr_zebra.inc:159: Reid Linnemann
05:48 PM pfSense Packages Bug #13642: PHP Error: frr_zebra.inc:159: Root cause of this appears to be an empty <config> element being written under the frrglobalroutemaps package. Due to... Reid Linnemann
05:42 PM Bug #12552: "Pull DNS" option within OpenVPN client does not cause pfSense to use DNS servers assigned by remote OpenVPN server: Are there any updates on this issue? I am having exactly the same problem and I am on pfSense Plus 22.05 Alex Stoev
05:32 PM Revision 9c2b9b78: Replace direct config accesses to system/webgui paths in system_advanced_admin.inc. Fixes #13659: Also move default assignment of $pconfig['webguiproto'] to 'http' from
system_advanced_admin.php to system_advanced_a... Reid Linnemann
02:57 PM Bug #13671: DHCP client can fail permanently if an interface is down at boot: A workaround for this issue is to delay pfSense booting to allow an upstream device time to bring up the link.
This ... Steve Wheeler
02:54 PM Bug #13671 (Resolved): DHCP client can fail permanently if an interface is down at boot: If when the WAN is brought up at boot launching dhclient the interface is down it will fail and stop:... Steve Wheeler
02:07 PM Regression #13670 (Resolved): AES-NI support is built into the kernel on snapshots instead of being a module: AES-NI is activated in Advanced/Miscellaneous but dashboard system status shows AES-NI present but inactive
ps thi... johnny stecchino
12:46 PM Regression #13669 (Duplicate): Status / Services doesn't show correct OpenVPN status: When stopping the OpenVPN service from Status > Services, it shows disabled instead of stopped. It can be started aga... Danilo Zrenjanin
12:37 PM pfSense Packages Regression #13668 (Duplicate): Unable to start FRR from Status > Services: When stopping FRR from Status > Services, it shows disabled instead of stopped and can't be restarted from the GUI. I... Danilo Zrenjanin
11:54 AM Bug #13014: Deadlock in Charon VICI interface: EDIT:
Disregard this. Did not permanently resolve the issue, but only seemed to help slow it down.
ORIGINAL:
Anot... Kris Phillips
11:50 AM Bug #13659 (Feedback): replace direct config accesses for system/webgui paths in system_advanced_admin.inc: Applied in changeset commit:9c2b9b78c150b27850c56dbf2df0260ba13b00fe. Reid Linnemann
10:19 AM pfSense Plus Bug #13667: QuickAssist hardware not recognized: I've checked, and the only other use of pciconf in the GUI is intended for human consumption (on the status.php page)... Kristof Provost
10:16 AM pfSense Plus Bug #13667 (Pull Request Review): QuickAssist hardware not recognized: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/933
See also #13491 Kristof Provost
06:34 AM pfSense Plus Bug #13667 (Duplicate): QuickAssist hardware not recognized: see https://forum.netgate.com/topic/175893/quickassist-doesn-t-seem-to-be-working
This is part of a larger issue a... johnny stecchino
09:03 AM Bug #13662: Setting a limiter queue length greater than 100 prevents the limiter from loading: Setting the queue length on the child queue AND parent scheduler worked! (also have to keep this bug in mind #13158) Marcos M
07:56 AM Bug #13662: Setting a limiter queue length greater than 100 prevents the limiter from loading: Increasing the queue lengths of the individual queues appears to help. I tested with a queue of 5000 at 100Mbps. Incr... Kristof Provost
08:48 AM pfSense Packages Regression #13657: pfblockerng.widget.php Error - Pfsense 2.7 Fri Nov 11 06:30:07 UTC 2022 Build: Duplicate of https://redmine.pfsense.org/issues/13619 BBcan177 .
08:18 AM pfSense Packages Bug #13665 (Confirmed): Unable to start Wireguard from Status > Services: I can confirm this behavior.
Tested on the:... Danilo Zrenjanin

11/15/2022

08:36 PM Revision 9d6fc9e4: Merge pull request #4604 from luckman212/fix-func-args-in-gwlb.inc: Jim Pingle
08:30 PM Revision 3ae365f4: Removed unused filter_flush_nat_table, fix typo. Fixes #12757: Jim Pingle
07:50 PM Revision 6628b730: More Rector integration: Christian McDonald
07:46 PM Revision 0a960600: Add support for custom Rectors.: Christian McDonald
07:21 PM Revision d35a18fc: RemoveUnusedForeachKeyRector runresults: Christian McDonald
07:14 PM Revision 1eba2bc4: Remove dead statement as per rector: Christian McDonald
06:49 PM Revision bd9c894d: Update `Submitting a Pull Request via GitHub` link: Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> Josh Soref
06:49 PM Revision 4864d7f6: Spelling fixes. Fix #13357: Bugs:
* Incorrect input validation for `dhcp6c` `keyinfo expire` `forever` keyword in `interfaces.inc`.
* Incorrect i... Josh Soref
06:46 PM Revision 6eaada18: Cleanup some unreachable statements as per Rector.: Christian McDonald
06:45 PM Revision 585d63b4: Merge pull request #4596 from luckman212/update-rc.initial-202206: Jim Pingle
06:41 PM Revision 9e3798fb: Merge pull request #4606 from KoenZomers/DNSExitFix: Jim Pingle
06:39 PM Revision 4a1354d1: Merge pull request #4605 from kaedros/master: Jim Pingle
06:15 PM Regression #13666 (Resolved): Assigned bridge interfaces are not configured at boot: Under some circumstances a bridge interface assigned as LAN is not configured correctly at boot. It comes up without ... Steve Wheeler
06:03 PM Revision a637e8ec: Remove duplicate reserved alias names. Fix #13524: Marcos M
06:03 PM Revision c77e381e: Respect bind interfaces in unbound. Fix #13393: Marcos M
05:59 PM Revision e289a583: Also create DHCPv6 rules for interfaces with static IPv6. Fix #13633: Marcos M
05:23 PM Revision bfa54b82: Add initial support for Rector dev tooling.: Christian McDonald
04:52 PM pfSense Packages Bug #13665: Unable to start Wireguard from Status > Services: Using Wireguard 0.1.6_3 Christopher Cope
04:34 PM pfSense Packages Bug #13665 (Duplicate): Unable to start Wireguard from Status > Services: When stopping Wireguard from Status > Services it shows disabled instead of stopped and can't be restarted from the G... Christopher Cope
04:41 PM Revision e8c09d18: Update/cleanup DHCP 4/6 server text. Fixes #13250: Jim Pingle
03:00 PM Revision 26da7653: Correct typo. Fixes #13663: Jim Pingle
02:49 PM pfSense Plus Bug #13664 (Resolved): GUI allows configuring OpenVPN DCO with incompatible options (TCP, compression, TAP, net30): When DCO mode is enabled for OpenVPN, the GUI allows configuring options which are currently incompatible with OpenVP... Jim Pingle
02:38 PM Bug #13408 (Feedback): PF can fail to load a new ruleset: Jim Pingle
02:37 PM Bug #13295 (Feedback): Incorrect function parameters for ``get_dpinger_status()`` call in ``gwlb.inc``: PR merged Jim Pingle
02:35 PM Bug #12947 (Feedback): Old IPv6 addresses may continue to be used after DHCP or RA changes: This needs re-tested since snapshots are on FreeBSD 14-CURRENT (main) now the change noted above is in the tree. I ch... Jim Pingle
02:31 PM Bug #12757 (Feedback): Clean up use of ``pfctl -F`` in ``/etc/inc/filter.inc``: Changes made manually since the PR had conflicts and it was a small diff.
Jim Pingle
02:28 PM Bug #12920 (Feedback): Gateway behavior differs when the gateway does not exist in the configuration: The last MR was merged a while ago. If there are still problems here we need a detailed list of incorrect behaviors, ... Jim Pingle
02:26 PM Bug #12673 (New): Firewall Logs Dashboard Widget is slow and may fail to update: Needs re-checked to see if it's still a problem and it needs to account for the items I mentioned in the MR. The valu... Jim Pingle
02:24 PM Feature #12464 (New): Option to control log level of authentication messages in system logs ("Emergency" vs "Notice" level): Needs re-designed as I suggested, just lowering the log level unilaterally will have other unintended effects.
Jim Pingle
02:23 PM Bug #12385 (Rejected): deleteVIP() does not check 1:1 NAT and Outbound NAT rules: There is no easy way to determine if this is a fatal error or not. If the upstream routes the block to the firewall, ... Jim Pingle
01:03 PM Revision 231fc598: While here, reduce a few differences with Plus.: Luiz Souza
12:58 PM Revision 2984a4b1: Update the loader.conf filter list.: This remove the duplicate entries for the settings added by pfSense.
Sync with the current Plus defaults. Luiz Souza
12:51 PM Revision ce1cf189: Update the EFI loader from the package installation script.: The simply action of installation the script will perform the loader update. Luiz Souza
12:50 PM Todo #13357 (Feedback): Spelling and typo corrections: PR merged Jim Pingle
12:46 PM Bug #13258 (Feedback): Hidden menu option ``100`` incorrectly handles HTTPS detection: PR merged Jim Pingle
12:42 PM Regression #13303 (Feedback): DNSExit Dynamic DNS updates no longer work: PR https://github.com/pfsense/pfsense/pull/4606/files Merged Jim Pingle
12:41 PM Bug #13298 (Feedback): Dynv6 Dynamic DNS client does not check the response code when updating: PR Merged. Jim Pingle
12:25 PM Regression #13420 (Feedback): TCP traffic sourced from the firewall can only use the default gateway: Now that we are on main-based builds this needs retested/reconfirmed. Jim Pingle
12:24 PM Regression #13459 (Feedback): Automatic ``reply-to`` bypass for traffic in the same subnet is no longer functioning in main builds: Jim Pingle
12:23 PM Regression #12549: Per-user Mobile IPsec settings are not applied to connecting mobile clients: Still needs more thought here. The differences in client behavior and which values they send may make this impossible... Jim Pingle
12:19 PM Feature #13304 (Feedback): ALTQ GUI support for Broadcom Netextreme II (``bxe``) interfaces: Jim Pingle
12:10 PM Todo #13524 (Feedback): Update reserved alias names: Applied in changeset commit:a637e8eccca0955a2ca8d97f18d94f7fca8c8bc2. Marcos M
12:10 PM Bug #13393 (Feedback): DNS Resolver responds with unexpected source address when the DNS over TLS server function is enabled: Applied in changeset commit:c77e381e5c408172cb20a565a3fdfd998fc983d1. Marcos M
12:05 PM Bug #13633 (Feedback): DHCPv6 rules are not created for interfaces with static IPv6: Applied in changeset commit:e289a583abbf90eeab67c057f9b92d732ba70448. Marcos M
11:05 AM Todo #13250 (Feedback): Clean up DHCP Server option language: Applied in changeset commit:e8c09d18f12996e1652a636de49f00f75d60b772. Jim Pingle
09:30 AM Todo #13250 (In Progress): Clean up DHCP Server option language: Jim Pingle
10:23 AM Todo #13644 (In Progress): Enable ALTQ support in cxgbe(4): Yes, cxl should also be removed. It doesn't support altq either, that's what I was testing with. Expect an additional... Steve Wheeler
10:05 AM Todo #13644: Enable ALTQ support in cxgbe(4): Kristof Provost wrote in #note-1:
> Unfortunately it's not straightforward to re-enable ALTQ support in the cxgbe(4)... Victor Coss
09:19 AM Regression #13660: PHP8.1 error after applying floating rules changes: I managed to trigger this a couple more times while changing limiter settings and simply browsing to the floating rul... Marcos M
09:15 AM Bug #13662: Setting a limiter queue length greater than 100 prevents the limiter from loading: The bandwidth limits I have are 140 up 9 down and the issue persists there even with a queue length of 1400/90. Marcos M
09:06 AM Bug #13662: Setting a limiter queue length greater than 100 prevents the limiter from loading: Does it help to increase the queue length there? Normally we recommend setting it to >= 1000 for 100Mbit/s and even h... Jim Pingle
09:00 AM Bug #13662: Setting a limiter queue length greater than 100 prevents the limiter from loading: There's something very odd going on with this. I can reproduce the problem, but only if I set the pipe bandwidth suff... Kristof Provost
09:10 AM Regression #13663 (Feedback): WIFI interface configuration creates invalid xml: Applied in changeset commit:26da7653ee52f45ed36157cf5192b167f408d0de. Jim Pingle
09:07 AM Regression #13663: WIFI interface configuration creates invalid xml: Yup, that fixes it here. Steve Wheeler
09:01 AM Regression #13663 (In Progress): WIFI interface configuration creates invalid xml: Looks like it's a typo in a key name.... Jim Pingle
08:51 AM Regression #13663 (Resolved): WIFI interface configuration creates invalid xml: Saving the config for a wifi interface creates a bad config file causing it to be rejected and rolled back:... Steve Wheeler
02:59 AM Feature #13639: Add custom DSCP value in firewall rules: Marcos M wrote in #note-5:
> Odd, it worked fine here. I attached the patch for different versions - try the one spe... Marc Turin

11/14/2022

11:44 PM Revision b1972170: Correct codelq shaper input validation for firewall_shaper.php. Fixes #13661: Ensure all bandwidth values are cast to int before applying arithmetic to the
return value of get_bandwidth_typescale... Reid Linnemann
09:02 PM Revision d55227f4: Misc EasyRule updates/fixes.: * Addresses several known issues in EasyRule. Fixes #13445
* Updates syntax to new style for PHP 8.1. Fixes #13627 Jim Pingle
08:52 PM Revision 834732a5: Add devel/pecl-xdebug to poudriere_bulk: Christian McDonald
08:27 PM Revision 9a9a6b3e: Fix config_del_path() if the node doesn't exist: If the node we're trying to delete with config_del_path() doesn't exist
array_del_path() will fail as follows:
Fatal... Kristof Provost
08:27 PM Revision 3f5702a9: Add bxe to the ALTQ capable interfaces list: Redmine: #13304 Kristof Provost
07:01 PM Bug #13662 (Resolved): Setting a limiter queue length greater than 100 prevents the limiter from loading: h3. Issue
Traffic is not limited based on the weight value within WF2Q+ queues resulting in higher-weighted queue ... Marcos M
06:02 PM pfSense Packages Feature #9833: ACME: add ability to use custom ACME server: +1, we have completed a rollout of step-ca to our enterprise and would really appreciate this feature as well.
This ... Karl Ribich
05:55 PM Regression #13661 (Feedback): Input validation issues on firewall_shaper.php: Applied in changeset commit:b1972170a9d4bbc12ca6e35f861980f7d4b0d525. Reid Linnemann
05:19 PM Regression #13661 (Resolved): Input validation issues on firewall_shaper.php: On the firewall_shaper.php page, when I create a new shaper without setting a bandwidth I see this error:... Reid Linnemann
03:58 PM Revision 6600b09f: Backup/Restore fixes for dup SSH/RRD. Issue #13132: Fixes for multiple SSHDATA or RRDDATA sections in config.xml
* On backup, strip out any existing SSH and RRD data se... Jim Pingle
03:40 PM Bug #13633: DHCPv6 rules are not created for interfaces with static IPv6: Patch works as expected and is required in current snapshots.
Tested:... Steve Wheeler
03:10 PM Regression #13627 (Feedback): PHP: Easyrule from the firewall log: Applied in changeset commit:d55227f4e8b73000eefc60c5d0e479f3ab26e214. Jim Pingle
11:19 AM Regression #13627 (In Progress): PHP: Easyrule from the firewall log: Jim Pingle
03:10 PM Bug #13445 (Feedback): ``easyrule`` CLI script has multiple bugs and undesirable behaviors: Applied in changeset commit:d55227f4e8b73000eefc60c5d0e479f3ab26e214. Jim Pingle
11:19 AM Bug #13445 (In Progress): ``easyrule`` CLI script has multiple bugs and undesirable behaviors: See also: #13627 Jim Pingle
02:28 PM Feature #13304 (Ready To Test): ALTQ GUI support for Broadcom Netextreme II (``bxe``) interfaces: Done in https://gitlab.netgate.com/pfSense/pfSense/-/commit/3f5702a9ba507f22abbb4e77063fc9dccad34f69
That should b... Kristof Provost
12:04 PM Regression #13660 (Resolved): PHP8.1 error after applying floating rules changes: Tested on @23.01.a.20221114.0600@
After applying floating rules changes, the following error showed under the rule... Marcos M
11:56 AM Regression #13026: Limiters do not work: The originally described scenario works fine on current snapshots for me. That is; Limiters applied via a floating ou... Steve Wheeler
08:05 AM Regression #13026: Limiters do not work: I've tested a recent CE snapshot and see correct limiting both up and down, with a gateway set on the floating rule.
... Kristof Provost
11:36 AM Bug #13659 (Resolved): replace direct config accesses for system/webgui paths in system_advanced_admin.inc: Brad Davis
10:17 AM Bug #13132 (Feedback): Multiple ``<sshdata>`` or ``<rrddata>`` sections in ``config.xml`` lead to an XML parsing error during restore: Fixed by commit:6600b09f72ca2fddfaae0f834b211689c3d32655 Jim Pingle
10:11 AM Bug #13132: Multiple ``<sshdata>`` or ``<rrddata>`` sections in ``config.xml`` lead to an XML parsing error during restore: When testing this fix, be sure to test the following scenarios:
* Add sections to the live config.xml before takin... Jim Pingle
09:45 AM Bug #13132 (In Progress): Multiple ``<sshdata>`` or ``<rrddata>`` sections in ``config.xml`` lead to an XML parsing error during restore: I see a couple problems here. One, code that removed duplicate sections on backup (#10508) got unintentionally remove... Jim Pingle
09:49 AM Feature #13658: Autofill Mask (Prefix-Length) Drop-Down if IP-Adress Field ends with /XX: Interesting idea but I'm not sure how viable it will be, especially on large forms like aliases.
In most OS/browse... Jim Pingle
09:36 AM Feature #13658 (New): Autofill Mask (Prefix-Length) Drop-Down if IP-Adress Field ends with /XX: Currently (V2.6.0 pfsense CE) It is a bit tedious to enter IP adresses with
known netmask.
You have to enter the ad... Christian Schroeder
07:20 AM pfSense Packages Feature #12789 (Resolved): Show expiration date of certificates in the ACME package list: Jim Pingle
03:43 AM Bug #13280: Entries for ``net.link.ifqmaxlen`` duplicated in ``/boot/loader.conf``: I cannot reproduce this on either CE (20221111) or Plus (of a similar vintage). Does this problem still occur on rece... Kristof Provost
01:11 AM pfSense Packages Bug #13641: PHP Error: squid.inc:852: on 23.01-DEVELOPMENT (built on Fri Nov 11 06:05:57 UTC 2022) when I tried to install Squid I got
_Fatal error: Uncaug... Azamat Khakimyanov

11/13/2022

09:38 PM pfSense Packages Regression #13657 (Duplicate): pfblockerng.widget.php Error - Pfsense 2.7 Fri Nov 11 06:30:07 UTC 2022 Build: Crash report begins. Anonymous machine information:
amd64
14.0-CURRENT
FreeBSD 14.0-CURRENT #0 devel-main-n2558... RED SKULL
12:19 PM Regression #13593 (Resolved): pfSense-repo.abi left at FreeBSD:14:amd64 after changing update branch to DEVEL and back: Steve Wheeler
06:51 AM pfSense Packages Bug #13587: Zabbix-agent62 install fails: Trying to install on version pfsense 2.6
>>> Installing pfSense-pkg-zabbix-agent62...
Updating pfSense-core ... Marcio Gomes

11/12/2022

07:40 PM Feature #13656 (Duplicate): Add UI Elements for Priority Control Point on Interfaces: With the addition of PCP VLAN0 tagging support in FreeBSD and introduction into pfSense Plus 23.01 we should add a UI... Kris Phillips
07:36 PM Regression #12821: Intel e1000 driver (``em``, ``igb``) cannot pass packets tagged with VLAN ``0``: With the introduction of native PCP VLAN0 tagging in pfSense Plus 23.01 and the new bridge filtering to pass along EA... Kris Phillips
07:31 PM pfSense Plus Bug #13206: SG-3100 LED GPIO hangs: Graham Collinson wrote in #note-5:
> I can confirm it's happening for me on a 22.01 3100 firewall.
> I haven't seen i... Kris Phillips
07:10 PM pfSense Packages Feature #13643: FRR - Display what BGP is advertsing to its neighbors: it could be added as "vtysh command " similar to Diagnostics>Command Prompt .
only "show" Commands (not conf. c... Alhusein Zawi
06:40 PM Bug #13600: Saving a DDNS entry can lead to the GUI timing out.: I am unable to recreate this issue on the Nov 11th builds of 23.01. When clicking save or save and force update afte... Kris Phillips
06:14 PM Regression #13593: pfSense-repo.abi left at FreeBSD:14:amd64 after changing update branch to DEVEL and back: Tested this on my 22.05 box as well. Looking good. This can be marked as Resolved. Kris Phillips
03:40 PM Regression #13593: pfSense-repo.abi left at FreeBSD:14:amd64 after changing update branch to DEVEL and back: much happier now, I had a 22.05 VM that was unable to check for updates after switching to dev branch last week. Now ... Jordan G
06:04 PM Bug #13425: Invalid alias name can still be used by code attempting to validate URL table content: when attempting to save an alias in 23.01.a.20221111.0600 include an additional / at the end of a URL results in
<... Jordan G
03:18 PM pfSense Packages Feature #12789: Show expiration date of certificates in the ACME package list: ACME v0.7.3 now displays when the certificate was last renewed as well as the issued certificate validity from and un... Jordan G
01:33 PM pfSense Packages Bug #13642: PHP Error: frr_zebra.inc:159: There is a different redmine for that issue:
https://redmine.pfsense.org/issues/13564 Danilo Zrenjanin
01:19 PM pfSense Packages Bug #13642: PHP Error: frr_zebra.inc:159: The issue occurs when adding a route map
PHP errors:
PHP ERROR: Type: 1, File: /usr/local/pkg/frr/inc/frr_zebra... Alhusein Zawi
01:20 PM Regression #13026 (New): Limiters do not work: I can confirm that limiters work fine until you define a specific gateway in the rule where the limiters are applied.... Danilo Zrenjanin
10:11 AM Bug #13655 (Resolved): DNS Forwarder (``dnsmasq``) is using an invalid combination of options when "Query DNS servers sequentially" is enabled: dnsmasq is always getting the --all-servers option added in https://github.com/pfsense/pfsense/blob/29e534800a56f21bd... Flole Systems
06:05 AM pfSense Packages Bug #13654 (New): Wireguard does not fail back failover WAN setup.: I have this main WAN connection that is quite unstable. So I set up a 4G router on the OPT port on netgate 1100. This... Frode Martin
03:07 AM pfSense Packages Bug #13653 (Confirmed): FreeRadius package 0.15.8_1 on 23.01 doesn't write user's info to /usr/local/etc/raddb/users file.: Tested on the:... Danilo Zrenjanin
02:31 AM pfSense Packages Bug #13653 (Duplicate): FreeRadius package 0.15.8_1 on 23.01 doesn't write user's info to /usr/local/etc/raddb/users file.: FreeRadius package 0.15.8_1 on 23.01 doesn't write user's info to /usr/local/etc/raddb/users file.
@lrwxr-xr-x ... Lev Prokofev

11/11/2022

09:14 PM Revision 0e6c4d62: Rewrite functions for toggle & delete NAT. Fixes #13545: Christopher Cope
07:25 PM Revision 599742b0: Refine IPsec deprecation behavior. Issue #13648: P1 and P2 entries are only disabled if they have no remaining valid combinations of options. This way tunnels that ju... Jim Pingle
03:40 PM Bug #13545: Toggling NAT rules using the button method does not enable/disable corresponding firewall rules: Applied in changeset commit:0e6c4d622c6046fb76ed1e706ef3788e89be5168. Christopher Cope
03:35 PM Bug #13545 (Feedback): Toggling NAT rules using the button method does not enable/disable corresponding firewall rules: Merged. Christopher Cope
03:18 PM Feature #12070 (Resolved): Support for VLAN ``0``: Tested on... Christopher Cope
01:38 PM pfSense Plus Bug #13206: SG-3100 LED GPIO hangs: I can confirm it's happening for me on a 22.01 3100 firewall.
I haven't seen it yet on other firewalls that have bee... Graham Collinson
01:32 PM Todo #13648 (Feedback): Remove deprecated IPsec algorithms (3DES, Blowfish, and CAST 128 encryption; MD5 HMAC/Hashing): This is now complete. See commit:599742b01436e2b99c0c2fb52cab71f5726a695d
P1 and P2 entries are only disabled if t... Jim Pingle
11:21 AM Bug #13652 (Closed): Inconsistent behavior filtering ICMP traffic: I have the following FLOATING rules to filter out unwanted ICMP traffic on the network (these are repeated for all in... Serge Caron
11:05 AM pfSense Plus Feature #13649 (Feedback): Support for ChaCha20-Poly1305 and AES-128-GCM encryption with OpenVPN DCO: Changes merged: https://gitlab.netgate.com/pfSense/factory/-/commit/8a67fe3c06a070c997873cf68b38796d6df821c0
The c... Jim Pingle
10:28 AM Regression #13593: pfSense-repo.abi left at FreeBSD:14:amd64 after changing update branch to DEVEL and back: This looks good in Plus too:... Steve Wheeler
07:54 AM Regression #13593 (Feedback): pfSense-repo.abi left at FreeBSD:14:amd64 after changing update branch to DEVEL and back: Brad Davis
01:01 AM Regression #13593: pfSense-repo.abi left at FreeBSD:14:amd64 after changing update branch to DEVEL and back: It works for me now running pfsense 2.6.0-RELEASE (amd64) Patch Public
09:22 AM pfSense Docs Correction #13651 (Closed): Writing an Installation Image to Flash Media doc: This is already noted on the document you linked.
> Note
> Etcher requires elevated privileges to write USB drive... Jim Pingle
09:18 AM pfSense Docs Correction #13651: Writing an Installation Image to Flash Media doc: the link to the document:
https://docs.netgate.com/reference/create-flash-media.html#using-etcher Georgiy Tyutyunnik
09:17 AM pfSense Docs Correction #13651 (Closed): Writing an Installation Image to Flash Media doc: On several occasions in Windows 10 and 11 the Balena Etcher would fail to flash firmware to USB or the resulting flas... Georgiy Tyutyunnik
08:48 AM Bug #13633: DHCPv6 rules are not created for interfaces with static IPv6: The 22.05 system that had the same symptom ended up being user error. However 23.01 is still an issue. Marcos M
05:03 AM Bug #13633: DHCPv6 rules are not created for interfaces with static IPv6: I couldn't replicate the issue on 22.05.
After setting the static IPv6 on the LAN interface and enabling DHCPv6 S... Danilo Zrenjanin
07:44 AM pfSense Packages Bug #13650 (Confirmed): User with a wireguard permissions not able to edit peers/tunnels: I can confirm this behavior on the:... Danilo Zrenjanin
04:04 AM pfSense Packages Bug #13650 (Resolved): User with a wireguard permissions not able to edit peers/tunnels: User with "WebCfg - VPN: WireGuard" can't edit anything. On attemt to edit got redirect to wg/vpn_wg_tunnels.php.
Lo... Andrey Hammer
02:00 AM pfSense Packages Bug #13642: PHP Error: frr_zebra.inc:159: Tested against:... Danilo Zrenjanin

11/10/2022

06:28 PM Revision 624aa476: Replace direct config accesses regarding ssh configuration. Fixes #13645: In system_advanced_admin.inc, use config interface funcs instead of direct
$config access regarding ssh configuration... Reid Linnemann
05:24 PM Revision b30acd45: Replace some direct config accesses in util.inc. Fixes #13640: Reid Linnemann
04:35 PM Regression #13593 (In Progress): pfSense-repo.abi left at FreeBSD:14:amd64 after changing update branch to DEVEL and back: This is now fixed in CE:... Steve Wheeler
04:20 PM Bug #13645 (Feedback): PHP errors regarding ssh: Applied in changeset commit:624aa476802af87c04971651cd18c6d22800d52e. Reid Linnemann
12:32 PM Bug #13645 (Pull Request Review): PHP errors regarding ssh: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/927 Reid Linnemann
12:12 PM Bug #13645 (Resolved): PHP errors regarding ssh: Found by @bdavis
With no ssh section in the config, this can be hit:... Reid Linnemann
04:18 PM pfSense Packages Bug #13641: PHP Error: squid.inc:852: This appears to perhaps have been generated post php upgrade and pre pfSense-pkg-squid upgrade, as I don't see any li... Reid Linnemann
03:51 PM Revision ba97e19f: Remove cxgbe (cc) from the ALTQ capable list: Despite what the relevant man page claimed (now fixed) the cxgbe driver
has not supported ALTQ since 2012. Do not all... Kristof Provost
03:03 PM Bug #13080 (Resolved): Cannot set EFI console as primary console when using both EFI and Serial: The user-selected behavior is respected now on both EFI and legacy consoles.
The loader menu displays the wrong st... Jim Pingle
02:41 PM pfSense Plus Feature #13649 (Resolved): Support for ChaCha20-Poly1305 and AES-128-GCM encryption with OpenVPN DCO: Copying from NG Redmine.
The @if_ovpn@ driver (in plus) and OpenVPN userspace now support ChaCha20-Poly1305 and AE... Jim Pingle
02:09 PM pfSense Packages Feature #13643: FRR - Display what BGP is advertsing to its neighbors: I do not know whether this will or will not be picked up for GUI inclusion but I wanted to put it out there that admi... Chris Linstruth
01:48 PM Feature #13639: Add custom DSCP value in firewall rules: Odd, it worked fine here. I attached the patch for different versions - try the one specific to yours. Marcos M
09:31 AM Feature #13639: Add custom DSCP value in firewall rules: Marcos M wrote in #note-1:
> For now, here's a quick patch for testing only:
> [...]
Thank for the feedback,
I ... Marc Turin
12:28 PM Todo #13648 (Resolved): Remove deprecated IPsec algorithms (3DES, Blowfish, and CAST 128 encryption; MD5 HMAC/Hashing): FreeBSD removed support for several obsolete ciphers from its IPsec stack. See https://cgit.freebsd.org/src/commit/?i... Jim Pingle
12:22 PM Feature #13647 (Resolved): Support for ChaCha20-Poly1305 encryption with IPsec: Copying here so it gets into the release notes.
This requires changes to the FreeBSD source (https://cgit.freebsd.... Jim Pingle
11:30 AM pfSense Packages Bug #13640 (Feedback): PHP Error: util.inc:1932: Applied in changeset pfsense:commit:b30acd4516b08ebb647f674c28748a6bc685b91c. Reid Linnemann
09:54 AM Todo #13644: Enable ALTQ support in cxgbe(4): Unfortunately it's not straightforward to re-enable ALTQ support in the cxgbe(4) driver. It has been substantially al... Kristof Provost
07:29 AM Bug #13579: Incorrect quoting of Split DNS attribute value in ``strongswan.conf``: Before closing this it would be best if someone could test a live mobile client which can consume these settings to c... Jim Pingle
01:32 AM Bug #13579: Incorrect quoting of Split DNS attribute value in ``strongswan.conf``: Tested the patch against:... Danilo Zrenjanin
03:15 AM Regression #13629: Uncaught TypeError: Cannot access offset of type string on string in /usr/local/www/services_dhcp.php: Here my DHCP configfiles Louis B
02:05 AM Regression #13629: Uncaught TypeError: Cannot access offset of type string on string in /usr/local/www/services_dhcp.php: I tested again against the:... Danilo Zrenjanin

11/09/2022

11:06 PM Revision 27a52d08: Remove invalid quotes from charon attr plugin attributes. Fixes #13579: Reid Linnemann
06:13 PM Feature #13639 (Ready To Test): Add custom DSCP value in firewall rules: Marcos M
10:49 AM Feature #13639: Add custom DSCP value in firewall rules: See attached for a quick patch for testing only. Marcos M
05:30 AM Feature #13639 (Ready To Test): Add custom DSCP value in firewall rules: Hi,
I am using custom DSCP values on a network and want to use custom DSCP fields in firewall rules.
Of the 64 ... Marc Turin
06:06 PM Bug #13393 (Pull Request Review): DNS Resolver responds with unexpected source address when the DNS over TLS server function is enabled: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/918 Marcos M
05:43 PM pfSense Packages Bug #13640 (Pull Request Review): PHP Error: util.inc:1932: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/925 Reid Linnemann
02:03 PM pfSense Packages Bug #13640: PHP Error: util.inc:1932: The box I hit this on has no aliases configured.
This is the HAProxy config that triggered it:... Steve Wheeler
08:38 AM pfSense Packages Bug #13640 (Resolved): PHP Error: util.inc:1932: ... Steve Wheeler
05:42 PM pfSense Packages Bug #13513 (Pull Request Review): Cannot install Squid: https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/297 Reid Linnemann
05:25 PM Bug #13579 (Feedback): Incorrect quoting of Split DNS attribute value in ``strongswan.conf``: Applied in changeset commit:27a52d0807fdb4731360ac1dbe5bf23a0155fda1. Reid Linnemann
05:00 PM Revision b51ea481: Fix setting EFI boot console type. Issue #13080: For some reason the EFI loader is forcing boot_serial=YES when it is not
set in the loader configuration. To work aro... Jim Pingle
02:56 PM Revision 81c792f0: make.conf: enable GCM for strongswan: This will also cause a rebuild, which we need to get chacha20 support
now that the kernel supports it. Kristof Provost
02:50 PM Todo #13644 (In Progress): Enable ALTQ support in cxgbe(4): The cxgbe(4) driver is shown in documentation as supporting ALTQ but the code there appears to have had that removed ... Steve Wheeler
01:09 PM pfSense Packages Feature #13643 (New): FRR - Display what BGP is advertsing to its neighbors: There is no way to verify what the pfsense is sending to its bgp peers using the Services/FRR/Status page.
Althoug... Mike Moore
11:08 AM Bug #13080 (Feedback): Cannot set EFI console as primary console when using both EFI and Serial: The EFI loader seems to be forcing boot_serial=YES when the value is unset in the loader configuration. If we explici... Jim Pingle
08:44 AM pfSense Packages Bug #13642 (Resolved): PHP Error: frr_zebra.inc:159: This prevented boot completing. I had to uninstall FRR at the CLI.... Steve Wheeler
08:40 AM pfSense Packages Bug #13641 (Not a Bug): PHP Error: squid.inc:852: ... Steve Wheeler
07:40 AM pfSense Packages Bug #11847 (Resolved): Filters not applied to PEER Groups: Jim Pingle
02:26 AM pfSense Packages Bug #11847 (Assigned): Filters not applied to PEER Groups: Tested on 22.05
I still see that filters are not applied to Peer group. But I don't think it's a Bug because:
1. ... Azamat Khakimyanov

11/08/2022

05:33 PM Bug #13638: ``fcgicli`` fails to write packets with ``nvpair`` values that exceed ``128`` bytes: fcgicli bugs fixed in freebsd-ports/devel change "2993b0084175e2d998f0f294b985371989677d7d":https://github.com/pfsens... Reid Linnemann
05:32 PM Bug #13638 (Resolved): ``fcgicli`` fails to write packets with ``nvpair`` values that exceed ``128`` bytes: Originally identified in #4521, the FastCGI implementation in fcgicli has bugs that prevent it from correctly writing... Reid Linnemann
04:01 PM pfSense Packages Bug #13612: Snort building lists is broken: Flole Systems wrote in #note-8:
> You are absolutely right, the name passed is the german version of "default", which... Bill Meeks
01:36 PM pfSense Packages Bug #13612: Snort building lists is broken: You are absolutely right, the name passed is the german version of "default", which should have been covered by the c... Flole Systems
12:58 PM pfSense Packages Bug #13612: Snort building lists is broken: I am unable to reproduce this in the current RELEASE version of the Snort package. All of the referenced lists (HOME_... Bill Meeks
12:47 PM pfSense Packages Bug #13612: Snort building lists is broken: Flole Systems wrote in #note-5:
> I didn't test it on the dev version, I only tested the latest plus and CE release v... Bill Meeks
08:55 AM pfSense Packages Bug #13612: Snort building lists is broken: I didn't test it on the dev version, I only tested the latest plus and CE release versions.
For me the check I men... Flole Systems
06:38 AM pfSense Packages Bug #13612: Snort building lists is broken: I am the Snort package maintainer and tested this in a current pfSense-2.7.0-DEVEL snapshot with the most recent Snor... Bill Meeks
03:13 PM Bug #13080 (In Progress): Cannot set EFI console as primary console when using both EFI and Serial: This had been working but stopped at some point since I tested it last.
It still prefers serial no matter what, an... Jim Pingle
12:34 PM Bug #13579: Incorrect quoting of Split DNS attribute value in ``strongswan.conf``: MR: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/922 Jim Pingle
12:24 PM Feature #13446: Upgrade PHP from 7.4 to 8.1: Fixing this up so we can use it as a parent issue for all the various PHP-related issues being tracked Jim Pingle
11:52 AM pfSense Packages Feature #13637 (New): pfBLockerNG Add suppression support for GeoIP lists: It would be useful for GeoIP to support the suppression feature and allow the CIDR to be limited as is possible with ... Marcos M
10:39 AM Revision 807e9117: ipsec: remove warnings about now removed algorithms: Redmine: #9247 Kristof Provost
10:39 AM Revision ee9bbad1: ipsec: disable any tunnels using 3des, blowfish, cast128 or md5 during upgrades: Redmine: #9247 Kristof Provost
09:09 AM Revision f9cfd6bc: ipsec: remove obsolete algorithms: These are no longer supported in FreeBSD main. Ensure they can no longer be configured.
Redmine: #9247 Kristof Provost
09:09 AM Revision 2a8d2eba: ipsec: allow CHACHA20-POLY1305 to be configured: Redmine: #9246 Kristof Provost
08:57 AM pfSense Packages Feature #13636 (New): Show all type of actions on the HAProxy page: haproxy_listeners.php: Currently when you go to the HAProxy service, you see a page with all shared frontends, some information columns and ... Steve Van Lint
07:41 AM Feature #11302: WireGuard XMLRPC sync: We are considering switching from OPNsense (because of pfSense better BGP support), which has XMLRPC synchronization ... Filip Kočí

11/07/2022

04:13 PM pfSense Packages Bug #13619: PHP Error in pfblockerNG-devel widget: BBcan177 . wrote in #note-2:
> Its calling:
>
> [...]
>
> Seems like some rules are missing the ['tracker'] ke... Reid Linnemann
01:25 PM Regression #13614 (Feedback): Cannot Edit Firewall Rules - 2.7.0-DEVELOPMENT (amd64) built on Mon Oct 31 06:05:27 UTC 2022: Applied in changeset commit:6115e76bed50888710f4852f1295461dc526d12a. Reid Linnemann
12:42 PM Bug #13585 (Closed): Multiple VPN Gateways will not completely start a boot.: Thanks! I posted a response on the forum. I'm not able to reproduce this and I don't believe there's an issue with pf... Marcos M
11:58 AM pfSense Packages Bug #12475 (Resolved): OpenVPN Client Export does not show certificate without private key: Tested and it's working - thanks! Marking resolved. Marcos M
11:28 AM pfSense Packages Bug #12475 (Feedback): OpenVPN Client Export does not show certificate without private key: Should be fixed in pkg v1.7_2 and v1.6_7
Jim Pingle
11:48 AM pfSense Packages Regression #13570 (Resolved): openvpn-client-export php error in 2.7: Tested and it's working - thanks! Marking resolved. Marcos M
11:28 AM pfSense Packages Regression #13570 (Feedback): openvpn-client-export php error in 2.7: Should be fixed in pkg v1.7_3 and v1.6_8 Jim Pingle
11:22 AM pfSense Packages Regression #13570 (In Progress): openvpn-client-export php error in 2.7: OK, with the supplied configuration from Marcos I could reproduce it and worked up a fix. Commit coming shortly.
Jim Pingle
10:36 AM pfSense Packages Regression #13570: openvpn-client-export php error in 2.7: Marcos M wrote in #note-8:
> There's still some access issues - visiting @vpn_openvpn_export.php@ gives the followin... Jim Pingle
10:29 AM Regression #13635 (Resolved): Interface speed and duplex selection defaults to non-default option: On 23.01, the @Speed and Duplex@ option within the interface configuration now shows @------- Media Supported by this... Marcos M
10:16 AM pfSense Packages Feature #10818: UDP Broadcast Relay: I believe it's in a good enough state where it can at least be added to the dev branch, but if/when it's merged is up... Marcos M
10:12 AM Regression #11545: Primary interface address is not always used when VIPs are present: I am having the same issue as #note-43. Marcos M
09:37 AM Todo #13634: Update default DHCPv6 rules to follow RFC8415: Proposed rules:... Marcos M
09:32 AM Todo #13634 (New): Update default DHCPv6 rules to follow RFC8415: The reason for updating these is to have "correct" rules by default. Anything that breaks RFC would potentially need ... Marcos M
08:34 AM Bug #12259 (Closed): Intel em NICs Suffering Performance Degradation on FreeBSD12: Jim Pingle
08:31 AM pfSense Packages Bug #13612: Snort building lists is broken: This affects CE aswell as Plus. Snort version is 4.1.6. Reproduction steps are described in the first comment:
Flo... Flole Systems
07:07 AM Bug #11960 (Resolved): Gateway Monitoring Traffic Goes Out Default Gateway: Tested on 21.02_2 and on 22.05
I was able to reproduce this issue on 21.02_2 but on 22.05 everything worked correc... Azamat Khakimyanov

11/06/2022

10:21 PM pfSense Packages Regression #13628: FreeRADIUS Users cleared out each time a user is add, removed, or modified: I noticed that the file can also get wiped without touching the RADIUS users at all. I haven't figured out yet how th... Gerke Max Preussner
01:57 AM pfSense Packages Regression #13628: FreeRADIUS Users cleared out each time a user is add, removed, or modified: Tested on
2.7.0-DEVELOPMENT (amd64)
built on Fri Nov 04 06:05:19 UTC 2022
FreeBSD 14.0-CURRENT
I can confirm t... aleksei prokofiev
09:31 PM Bug #13633 (Pull Request Review): DHCPv6 rules are not created for interfaces with static IPv6: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/920
Before, clients on @$ADMIN@ interface do not receive... Marcos M
09:19 PM Bug #13633 (Resolved): DHCPv6 rules are not created for interfaces with static IPv6: Tested on 23.01.
Rules are not created automatically when the DHCPv6 server is enabled on interfaces with a static... Marcos M
08:29 PM pfSense Packages Bug #13405: Wireguard: The webgui becomes excessively slow to respond with a large number of peers: I can also confirm that 50 WG peers are killing a 1537 Max device. Making changes is painful, doubled when I have to... Marc Mapplebeck
08:16 PM Feature #11302: WireGuard XMLRPC sync: Jim Pingle wrote in #note-6:
> Until the other issue is addressed, I have noted the limitation here: https://docs.net... Marc Mapplebeck
05:54 PM Todo #13524 (Pull Request Review): Update reserved alias names: Fix: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/919 Marcos M
02:29 PM Todo #13524: Update reserved alias names: Minor nit but it looks like if the keyword is included in two different sections (Like Original and New) the error me... Chris Linstruth
03:53 PM Bug #13393: DNS Resolver responds with unexpected source address when the DNS over TLS server function is enabled: This looks good now. Chris Linstruth
01:40 PM Bug #13393 (Ready To Test): DNS Resolver responds with unexpected source address when the DNS over TLS server function is enabled: Testing this again on 23.01 gives the following results:
* If @Network Interfaces@ is set to all, unbound will respo... Marcos M
11:47 AM Bug #13393: DNS Resolver responds with unexpected source address when the DNS over TLS server function is enabled: When I select LAN+Localhost in Network Interfaces I get this:... Chris Linstruth
03:03 PM pfSense Packages Bug #13632: tailscale does not survive reboot on pfsense with ram disk in use: The ram disk is configured in pfsense->System->Advanced->Miscellaneous and backup parameters are populated. Bill Flood
02:44 PM pfSense Packages Bug #13632 (Resolved): tailscale does not survive reboot on pfsense with ram disk in use: pfSense-pkg-Tailscale 0.1.0_1pfSense package Tailscale 1.26.2
pfsense 2.6.0-RELEASE (amd64)
With a properly confi... Bill Flood
02:46 PM Bug #12552: "Pull DNS" option within OpenVPN client does not cause pfSense to use DNS servers assigned by remote OpenVPN server: I just switched VPN providers and I still can't use that provider's DNS that's provided via OpenVPN. This seems like... John Williams
01:01 PM pfSense Packages Bug #13623: Snort binary package fails to install on 2.7.0-DEVEL snapshots due to luajit-openresty version problems: I also forgot to add that I do not think this _luajit_ library issue is restricted to just Snort. I suspect any packa... Bill Meeks
11:19 AM pfSense Packages Regression #13570 (New): openvpn-client-export php error in 2.7: There's still some access issues - visiting @vpn_openvpn_export.php@ gives the following error on the latest version:... Marcos M
10:47 AM pfSense Packages Bug #12475 (Confirmed): OpenVPN Client Export does not show certificate without private key: With the new version, the following error message is given when exporting a profile with an RA User server:... Marcos M
10:02 AM pfSense Packages Regression #13631 (Duplicate): FreeRADIUS fails to authenticate users: Tested on @pfSense-23.01.a.20221104.0600@. Same setup works in 22.05.
Using the FreeRADIUS package as a RADIUS aut... Marcos M
03:44 AM Regression #13629: Uncaught TypeError: Cannot access offset of type string on string in /usr/local/www/services_dhcp.php: No, the problem occurs probably on every vlan. More precise if I enable or disable the dhcp server and hit save its t... Louis B

11/05/2022

11:12 PM pfSense Packages Feature #10818: UDP Broadcast Relay: Hello Marcos M, many thanks for your great work. This package will definitely be interesting for a lot of people! Sin... James M
08:46 PM pfSense Packages Bug #13623 (Confirmed): Snort binary package fails to install on 2.7.0-DEVEL snapshots due to luajit-openresty version problems: I can confirm this bug report. Installation log matches on Nov 4th builds:
>>> Installing pfSense-pkg-snort...
... Kris Phillips
11:21 AM pfSense Packages Bug #13623: Snort binary package fails to install on 2.7.0-DEVEL snapshots due to luajit-openresty version problems: Found the change in upstream FreeBSD ports that likely caused this issue: [https://reviews.freebsd.org/D36947?id=1116... Bill Meeks
08:41 PM pfSense Packages Feature #13560: Update FreeRADIUS to version 3.0.26: FreeRADIUS has been updated to 3.2.1 in Freshports for FreeBSD14 on many platforms. Only notable that is missing is ... Kris Phillips
08:32 PM Regression #13593: pfSense-repo.abi left at FreeBSD:14:amd64 after changing update branch to DEVEL and back: I can confirm this on 22.05 when switching to the 23.01 repos as well. Kris Phillips
08:30 PM pfSense Packages Bug #13587: Zabbix-agent62 install fails: Updated title for corrected relevance. Kris Phillips
08:22 PM pfSense Packages Bug #13587: Zabbix-agent62 install fails: Tested on November 4th builds of 23.01. Issue still present in this build where it tries to install zabbix-agent62, ... Kris Phillips
08:29 PM pfSense Packages Bug #13626 (Duplicate): Zabbix Agent 6.2 installation fails: This is a duplicate of https://redmine.pfsense.org/issues/13587 Kris Phillips
08:27 PM pfSense Packages Bug #13612 (Incomplete): Snort building lists is broken: Please provide details on whether this is a CE or Plus problem and what version it affects. This ticket does not hav... Kris Phillips
08:25 PM Bug #12259: Intel em NICs Suffering Performance Degradation on FreeBSD12: Someone please close this issue. It's no longer relevant. Kris Phillips
08:20 PM pfSense Docs Todo #12461 (Resolved): Improve macOS Serial Command Instructions: Docs look good for the scope of macOS. Closing this as Resolved. Kris Phillips
05:43 PM Regression #13629: Uncaught TypeError: Cannot access offset of type string on string in /usr/local/www/services_dhcp.php: Unable to reproduce on build 2.7.0.a.20221104.0600, upgraded from 2.6.
I created a new VLAN, gave it an allow all ... Chris W
01:31 PM Regression #13629: Uncaught TypeError: Cannot access offset of type string on string in /usr/local/www/services_dhcp.php: here a copy of the messages from a few minutes ago Louis B
01:27 PM Regression #13629: Uncaught TypeError: Cannot access offset of type string on string in /usr/local/www/services_dhcp.php: At this moment I am running the same version and did the test again. No problem to reproduce the problem at all.
I d... Louis B
11:33 AM Regression #13629: Uncaught TypeError: Cannot access offset of type string on string in /usr/local/www/services_dhcp.php: I couldn't replicate this issue on the:... Danilo Zrenjanin
02:37 PM Bug #9035: Inactive Interfaces are Hidden in Firewall Rules: does " inactive" mean disabled interface? Alhusein Zawi
02:04 PM Regression #13618 (Confirmed): Creating URL Table (IPs) alias fails on applying: Confirmed on build 2.7.0.a.20221104.0600
In Firewall > Alias, I added five URL type aliases. Clicked save and PHP-... Chris W
12:47 PM Bug #13545: Toggling NAT rules using the button method does not enable/disable corresponding firewall rules: Tested the patch against:... Danilo Zrenjanin
11:44 AM pfSense Packages Bug #13589 (Confirmed): PHP Errors during cellular package installation on CE 2.7: Danilo Zrenjanin
11:25 AM Regression #13627: PHP: Easyrule from the firewall log: Tested the patch against:... Danilo Zrenjanin
01:09 AM pfSense Docs New Content #13401 (Resolved): Best practices doc for rotating credentials and keys: It looks good!
I am marking this ticket resolved. Danilo Zrenjanin

11/04/2022

09:10 PM Revision 6115e76b: Replace direct config accesses in firewall_rules_edit.php. Fixes #13614: Reid Linnemann
05:41 PM Regression #13381 (Resolved): Software VLAN tagging does not work on ``ixgbe(4)`` interfaces: This fix is now merged into 23.01 and works in current snapshots:... Steve Wheeler
05:01 PM Revision 758ee42a: Revert "Change OpenVPN auth to php-cgi for the time being. Fixes #4521": This reverts commit 1bfdb794cb2a06932da0029ca37f9727c3f74274. Reid Linnemann
03:31 PM Regression #13627 (Pull Request Review): PHP: Easyrule from the firewall log: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/916
This only happens if there are no OpenVPN servers ... Christopher Cope
03:15 PM Regression #13614 (In Progress): Cannot Edit Firewall Rules - 2.7.0-DEVELOPMENT (amd64) built on Mon Oct 31 06:05:27 UTC 2022: There's a direct config array access here that needs to be replaced with the accessor func. Reid Linnemann
02:49 PM Bug #13630 (New): Automatic Configuration Backup system using weak TLS settings: The backend for ACB is using weak TLS settings. Pleas see the following report from SSL Labs: https://www.ssllabs.co... KStar Runner
01:43 PM Regression #13629 (Duplicate): Uncaught TypeError: Cannot access offset of type string on string in /usr/local/www/services_dhcp.php: when switching a vlan related DHCP-server off there is a php crash (2.7 bsd 14)
Fatal error: Uncaught TypeError: C... Louis B
12:17 PM Bug #13538 (Resolved): Deleting an alias marks the subsystem as unclean but also unconditionally reloads the filter configuration: Tested on... Christopher Cope
12:11 PM Bug #4521: OpenVPN authentication and certificate validation fail due to size of data passed through ``fcgicli``: fcgicli restored to execution of ovpn_auth_verify_* in "758ee42ae096fee8436efc89f2c9bcc4ae7ea23d":https://github.com/... Reid Linnemann
11:34 AM Bug #4521: OpenVPN authentication and certificate validation fail due to size of data passed through ``fcgicli``: fcgicli bugs fixed in freebsd-ports/devel change "2993b0084175e2d998f0f294b985371989677d7d":https://github.com/pfsens... Reid Linnemann
12:07 PM Regression #11545 (In Progress): Primary interface address is not always used when VIPs are present: The IPv6 GIF interfaces still have an issue here. The interface address is reported properly by the GUI now, but the ... Jim Pingle

11/03/2022

07:35 PM pfSense Packages Regression #13628: FreeRADIUS Users cleared out each time a user is add, removed, or modified: Other package dependencies:
_bash-5.2.2_1
freeradius3-3.0.25
python39-3.9.15 _ Gerke Max Preussner
07:34 PM pfSense Packages Regression #13628: FreeRADIUS Users cleared out each time a user is add, removed, or modified: My _freeradius3_ package is on 0.15.8_1 Gerke Max Preussner
07:31 PM pfSense Packages Regression #13628 (Resolved): FreeRADIUS Users cleared out each time a user is add, removed, or modified: After upgrading from Stable to Development I noticed that my RADIUS authentication was broken. I'm using a very basic... Gerke Max Preussner
07:07 PM Regression #13627 (Resolved): PHP: Easyrule from the firewall log: Creating an easyrule using the button in the firewall log throws a php error:... Steve Wheeler
11:04 AM pfSense Packages Feature #13361: Add Zabbix 6.2 (agent and proxy) packages: I second what Xavier Roig has just reported. I tried to install both the Agent6.2 and Proxy6.2 on multiple systems t... Nic Bernstein
10:54 AM pfSense Packages Feature #13361: Add Zabbix 6.2 (agent and proxy) packages: Hello,
There seems to be a mistake in the agent installer.
The zabbix62-agent package is installed but during the... Xavier Roig
09:12 AM pfSense Packages Todo #13576 (Resolved): Remove OpenVPN Shared Key Export: Tested on... Christopher Cope
07:48 AM pfSense Packages Bug #12475 (Feedback): OpenVPN Client Export does not show certificate without private key: This should address the remaining issue: https://github.com/pfsense/FreeBSD-ports/commit/34355ebf71b78a6bfca47577fb97... Jim Pingle
07:13 AM pfSense Packages Bug #12475 (In Progress): OpenVPN Client Export does not show certificate without private key: Looks like it's still broken in some way, a few people report seeing the input validation error on the forum now who ... Jim Pingle
07:34 AM Bug #13624: Only one alias in local network of OpenVPN Server works in 2.6.0: A note about the "workaround":
If you have setup a "meta"-alias, that holds the subaliases as suggested by Jim, ad... Florian Bat
05:19 AM Bug #13620 (Duplicate): After adding Route-map FRR crashes: It's a dup of https://redmine.pfsense.org/issues/13564 Danilo Zrenjanin
03:38 AM pfSense Packages Bug #13626 (Duplicate): Zabbix Agent 6.2 installation fails: Here are the installation logs:... Danilo Zrenjanin

11/02/2022

07:27 PM pfSense Plus Feature #13511: Priority Code Point (PCP) option on interface configuration: An alternative GUI interface to enable setting the VLAN to zero is, to allow the VLAN to be set to zero in the GUI.
... Patch Public
07:07 PM Regression #13614 (Resolved): Cannot Edit Firewall Rules - 2.7.0-DEVELOPMENT (amd64) built on Mon Oct 31 06:05:27 UTC 2022: Unable to reproduce on CE 2.7.0.a.20221101.0600. I can successfully edit the default LAN allow rule and create new ru... Chris W
04:01 PM Feature #13625 (New): Add support for CoA (Change of Authorization) to Captive Portal / RADIUS features: It would be really useful if PfSense added support for CoA packets received from freeradius, as coova-chilli does (se... Federico Capoano
02:54 PM pfSense Packages Bug #12475 (Feedback): OpenVPN Client Export does not show certificate without private key: Should be fixed now, though I couldn't reproduce it here. Probably requires landing on just the wrong combination of ... Jim Pingle
02:53 PM pfSense Packages Todo #13576 (Feedback): Remove OpenVPN Shared Key Export: Removed: https://github.com/pfsense/FreeBSD-ports/commit/72f0574b9c991b1de2bf0592e3431b5f310ab759 Jim Pingle
12:19 PM Bug #13624: Only one alias in local network of OpenVPN Server works in 2.6.0: That is definitely undesirable behavior, but at least it's fairly simple to work around. I'm surprised OpenVPN even a... Jim Pingle
12:17 PM Bug #13624: Only one alias in local network of OpenVPN Server works in 2.6.0: Yes, i can confirm. Only using one alias, which contains the other aliases works and expands all of them.
Ok, this "f... Florian Bat
12:08 PM Bug #13624: Only one alias in local network of OpenVPN Server works in 2.6.0: Not saying this shouldn't be looked into, but in most cases only one alias is necessary -- create a new alias which i... Jim Pingle
11:55 AM Bug #13624 (New): Only one alias in local network of OpenVPN Server works in 2.6.0: Issue #2668 implemented the possibility to have host/network aliases in the OpenVPN local/remote/tunnel network field... Florian Bat
09:20 AM pfSense Packages Bug #13623 (Resolved): Snort binary package fails to install on 2.7.0-DEVEL snapshots due to luajit-openresty version problems: The Snort package binary piece (snort-2.9.20_1) fails to install on the latest 2.7.0-DEVEL snapshot due to an apparen... Bill Meeks
06:13 AM Bug #13620 (Confirmed): After adding Route-map FRR crashes: Danilo Zrenjanin
06:12 AM Bug #13620: After adding Route-map FRR crashes: Confirmed this behavior on the:... Danilo Zrenjanin

11/01/2022

09:22 PM pfSense Packages Bug #12475: OpenVPN Client Export does not show certificate without private key: Charles Sprickman wrote in #note-14:
> Denis Grilli wrote in #note-13:
> > Could you tell in more detail what is yo... Charles Sprickman
07:24 PM Regression #13622 (New): QinQ ethertype tags changed: In 2.7/23.01 QinQ uses if_vlan instead of netgraph and set the outer tag ethertype as 802.1ad (0x88a8). That is the e... Steve Wheeler
02:29 PM Feature #13340: Option to change QinQ ethertype to Service VLAN Tag: In 23.01/2.7 the QinQ is handled by if_vlan directly and not netgraph. It now uses s-tags by default.
Since that's a... Steve Wheeler
10:59 AM pfSense Packages Bug #13619: PHP Error in pfblockerNG-devel widget: > Seems like some rules are missing the ['tracker'] key?
If I remember correctly while working on #13156, that is ... Marcos M
10:34 AM pfSense Packages Bug #13619: PHP Error in pfblockerNG-devel widget: Its calling:... BBcan177 .
08:01 AM Bug #13621 (New): GUI allows selection of ICMP types that pf rejects: Example: selecting ICMP types any,echorep,echoreq cause pf to refuse to load the rule:
/rc.filter_configure_sync: ... Chris Linstruth
07:55 AM Bug #13620 (Duplicate): After adding Route-map FRR crashes: Tested on the latest 23.01 (built on Tue Nov 01 06:05:26 UTC 2022)
I enabled FRR with simple settings (Default Rou... Azamat Khakimyanov
07:32 AM pfSense Packages Feature #13608: ACME Not Recognizing new .au domain on wildcard: The version of acme.sh in the ACME package was updated about two weeks ago to version 3.0.5, so it's very current. I ... Jim Pingle

Also available in: Atom

Project

General

Profile

pfSense

Activity

Activity

11/30/2022

11/29/2022

11/28/2022

11/27/2022

11/26/2022

11/25/2022

11/24/2022

11/23/2022

11/22/2022

11/21/2022

11/20/2022

11/19/2022

11/18/2022

11/17/2022

11/16/2022

11/15/2022

11/14/2022

11/13/2022

11/12/2022

11/11/2022

11/10/2022

11/09/2022

11/08/2022

11/07/2022

11/06/2022

11/05/2022

11/04/2022

11/03/2022

11/02/2022

11/01/2022