Activity

30 days up to

User

Subprojects

Activity

From 11/07/2022 to 12/06/2022

12/06/2022

08:53 PM Bug #13729: Gateways stuck in Unknown status: Marcos M wrote in #note-1:
> There's a decent chance this is fixed in 2.7/23.01. Please test there.
I'm willing t... Nazar Mokrynskyi
01:43 PM Bug #13729 (Feedback): Gateways stuck in Unknown status: There's a decent chance this is fixed in 2.7/23.01. Please test there. Marcos M
12:13 PM Bug #13729 (Resolved): Gateways stuck in Unknown status: My pfSense is virtualized, so its interfaces are always up.
I have a multi-WAN setup with WAN and WAN2 interfaces.
... Nazar Mokrynskyi
05:01 PM pfSense Packages Bug #13730 (Feedback): Suricata fails to download Emerging Threats rule archive due to a behavior change in a native PHP function in PHP 8.1: Merged to CE as of 71bfc136 Reid Linnemann
03:29 PM pfSense Packages Bug #13730: Suricata fails to download Emerging Threats rule archive due to a behavior change in a native PHP function in PHP 8.1: Pull request 1201 has been submitted to the DEVEL branch. Details are here: https://github.com/pfsense/FreeBSD-ports/... Bill Meeks
03:23 PM pfSense Packages Bug #13730 (Resolved): Suricata fails to download Emerging Threats rule archive due to a behavior change in a native PHP function in PHP 8.1: Suricata fails to download Emerging Threats rules archives in the latest pfSense DEVEL snapshots due to apparent chan... Bill Meeks
01:39 PM pfSense Packages Regression #13628 (Pull Request Review): FreeRADIUS Users cleared out each time a user is add, removed, or modified: https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/301
Copy/paste/apply attached patch (strip count... Marcos M
12:51 PM pfSense Plus Bug #13664 (Feedback): GUI allows configuring OpenVPN DCO with incompatible options (TCP, compression, TAP, net30): GUI now hides dev mode and topology choices when DCO is enabled, both front and backend code force the use of tun dev... Jim Pingle
12:35 PM pfSense Plus Feature #13728: Builtin Database for historical log collection: In fairness Jim, other vendors have a similar feature set. This isn’t an oddball request. It’s an attempt to have so... Mike Moore
11:17 AM pfSense Plus Feature #13728 (Rejected): Builtin Database for historical log collection: The firewall is not a place to run a database. Massively increases the attack surface and complexity for little benef... Jim Pingle
10:39 AM pfSense Plus Feature #13728 (Rejected): Builtin Database for historical log collection: Not sure of the amount of effort / technical debt that would be needed to accomplish this but I would like to see the... Mike Moore
12:08 PM Feature #6742: OAuth2 authentication for OpenVPN (and for FreeRadius): We would like to setup a captive portal with an authentication server that supports type oauth2. At the moment it's o... Tom Peeters
12:08 PM Feature #3377: OAuth2 authentication in captive portal: We would like to setup a captive portal with an authentication server that supports type oauth2. At the moment it's o... Tom Peeters
11:51 AM Regression #13629 (Duplicate): Uncaught TypeError: Cannot access offset of type string on string in /usr/local/www/services_dhcp.php: This was duplicated by #13719 and a fix was put in there.
Jim Pingle
07:14 AM pfSense Packages Regression #13714 (Resolved): PHP8.1 error when adding a new interface.: PR merged, thanks! Jim Pingle
06:58 AM pfSense Packages Regression #13714: PHP8.1 error when adding a new interface.: A fix for this issue has been submitted for review and merge. The pull request is here: https://github.com/pfsense/Fr... Bill Meeks
05:47 AM pfSense Packages Regression #13714: PHP8.1 error when adding a new interface.: I am working on this and will post a pull request to DEVEL soon.
Bill Meeks
07:09 AM pfSense Packages Bug #13727 (Not a Bug): Snort - PHP 8.1 error when adding a new interface: Jim Pingle
07:06 AM pfSense Packages Bug #13727: Snort - PHP 8.1 error when adding a new interface: Not a bug.
Oops! This bug report was submitted in error. Please delete it. The Snort package does NOT have the bug r... Bill Meeks
07:00 AM pfSense Packages Bug #13727 (Not a Bug): Snort - PHP 8.1 error when adding a new interface: When adding a new interface to Snort, a fatal PHP 8.1 error is thrown due to passing a NULL where an array parameter ... Bill Meeks
06:19 AM Bug #13014: Deadlock in Charon VICI interface: Kris Phillips wrote in #note-26:
> Kristof Provost wrote in #note-25:
> > Thanks for that.
> >
> > There's nothi... Mikael Karlsson
03:02 AM Bug #9296: Alias content is sometimes incomplete when an alias contains both FQDN and IP address entries: Brian M wrote in #note-116:
> I have the same issue. Mixing FQDN and IP addresses caused me hours of frustration why... Reid Linnemann
12:54 AM Bug #9296: Alias content is sometimes incomplete when an alias contains both FQDN and IP address entries: I have the same issue. Mixing FQDN and IP addresses caused me hours of frustration why various rules were not working... Brian M

12/05/2022

08:08 PM pfSense Plus Regression #13726 (Resolved): pkg-utils.inc error at first boot: On the first boot after install the console shows:... Steve Wheeler
07:25 PM pfSense Plus Regression #13712: PHP error: pkg-utils.inc: Applied in changeset pfsense:commit:dd8a019e7676fc326d0656d5ee7ab2cb12cba67a. Christian McDonald
07:19 PM pfSense Plus Regression #13712 (Feedback): PHP error: pkg-utils.inc: Christian McDonald
12:46 PM pfSense Plus Regression #13712: PHP error: pkg-utils.inc: Steve Wheeler wrote:
> When switching repos in 23.01:
>
> [...]
>
> Tested in:
> [...]
>
> Does not affect... Ryan Coleman
05:42 PM Bug #5413: Reduce disruptions when changing DNS records from DHCP leases in Unbound: Jeff Kuehl wrote in #note-45:
> I agree, I'll test too
Count me in as well. I'd be happy to test a patch! David Reitz
09:58 AM Bug #5413: Reduce disruptions when changing DNS records from DHCP leases in Unbound: I agree, I'll test too Jeff Kuehl
05:28 PM Bug #13707: Unbound not binding to LAN on startup when explicitly set: This isn't a discussion platform, the forum is. Simple as that. To find the root cause, this needs more discussion, a... Jim Pingle
04:02 PM Bug #13707: Unbound not binding to LAN on startup when explicitly set: Thanks Jim, but if I'm just going to be shunted back to the forum with "it must be something wrong with your hardware... Simon Byrnand
02:53 PM Bug #13707: Unbound not binding to LAN on startup when explicitly set: Please continue the discussion on the forum, this isn't the place to diagnose your situation in that kind of detail -... Jim Pingle
02:41 PM Bug #13707: Unbound not binding to LAN on startup when explicitly set: Jim Pingle wrote in #note-10:
> Simon Byrnand wrote in #note-9:
> > Jim Pingle wrote in #note-8:
> > There seems to b... Simon Byrnand
10:24 AM Bug #13707: Unbound not binding to LAN on startup when explicitly set: Simon Byrnand wrote in #note-9:
> Jim Pingle wrote in #note-8:
> There seems to be something missing in your descri... Jim Pingle
10:13 AM Bug #13707: Unbound not binding to LAN on startup when explicitly set: Jim Pingle wrote in #note-8:
> It gets started/restarted by rc.bootup, rc.newwanip, and/or rc.newwanipv6. There ar... Simon Byrnand
08:27 AM Bug #13707 (New): Unbound not binding to LAN on startup when explicitly set: Simon Byrnand wrote in #note-5:
> In https://redmine.pfsense.org/projects/pfsense/repository/1/revisions/31c37082cad... Jim Pingle
03:53 AM Bug #13707: Unbound not binding to LAN on startup when explicitly set: Jordan Greene wrote in #note-6:
> Simon Byrnand wrote in #note-5:
>
> > Thinking it might be related to the Unifi co... Simon Byrnand
04:34 PM Regression #13719 (Resolved): PHP8.1 error when saving DHCP Server settings.: Thanks for confirming. Marcos M
03:20 PM Regression #13719 (Feedback): PHP8.1 error when saving DHCP Server settings.: Applied in changeset commit:c5c09acd9713a8e3ed3a553dc4d83daf4baf9502. Marcos M
01:25 PM Regression #13719: PHP8.1 error when saving DHCP Server settings.: *CONFIRMED* :
The patch posted by Marcos resolves the issue, even with pfBlockerNG-devel installed. Eric R
12:10 PM Regression #13719: PHP8.1 error when saving DHCP Server settings.: Ah, my mistake. Missed that. Just downloaded the patch and will apply it and report results this afternoon. Eric R
11:53 AM Regression #13719: PHP8.1 error when saving DHCP Server settings.: That link is not public, that's why a patch file was attached aswell. Flole Systems
11:30 AM Regression #13719: PHP8.1 error when saving DHCP Server settings.: Marcos, can you verify the link? I am unable to access the one you provided. Showing as unreachable. Eric R
09:12 AM Regression #13719: PHP8.1 error when saving DHCP Server settings.: If you are able to reproduce the problem, please test the patch. Marcos M
02:29 AM Regression #13719: PHP8.1 error when saving DHCP Server settings.: What is strange is that I installed 2.6.0 from a USB stick, then unsuccessfully because of my i-226 network cards, re... Steph Swiss
12:03 PM pfSense Docs Correction #13725: Configure Switch docs cite LAGGs tab that does not exist: That was combined into the ports tab quite a while ago:
https://gitlab.netgate.com/pfSense/factory/-/commit/862f39... Jim Pingle
11:50 AM pfSense Docs Correction #13725 (New): Configure Switch docs cite LAGGs tab that does not exist: On the docs for all Marvell switch-based appliances there are many references to a LAGGs tab that no longer exists.
... Ryan Coleman
11:28 AM Bug #8087: Provide Calling-Station-ID to RADIUS backed VPN connections: The format itself is application-specific. Marcos M
10:47 AM Bug #8087: Provide Calling-Station-ID to RADIUS backed VPN connections: Christian Ullrich wrote in #note-4:
> OpenVPN makes the client's apparent address available in environment variables... Brandon Verkada
07:54 AM Bug #13722 (Not a Bug): OpenVPN connection fail after service restart: I can't reproduce that problem as stated. Edit/Save does sometimes take actions the service restart does not, but if ... Jim Pingle
07:53 AM pfSense Packages Bug #13587 (Feedback): Zabbix-agent62 install fails: It's in the tree now on both CE and Plus, CE might even be in current snapshots, Plus tomorrow. Jim Pingle
07:50 AM pfSense Plus Regression #13724 (Resolved): pfSense-upgrade breaks the pkg repo conf: Upgrades from 22.05 to 23.01 will fail with an error like:... Steve Wheeler
07:49 AM pfSense Packages Bug #13692 (New): Netgate_Firmware_Upgrade - Title link needs updated: Not duplicate. I requested individual issues for these as they have defined links but need correcting in each separat... Jim Pingle
07:49 AM pfSense Packages Bug #13690 (New): IPsec Profile Wizard: Update package description and link in ``pkg-descr``: Not duplicate. I requested individual issues for these as they have defined links but need correcting in each separat... Jim Pingle
07:47 AM Bug #13721 (Duplicate): PHP Fatal error - firewall_rules.php - FreeBSD 14.0-CURRENT #0 devel-main-n255818-a851396c4f4: Fri Dec 2 06:29:25 UTC 2022: Duplicate of #13660 Jim Pingle
07:45 AM Bug #13258 (Resolved): Hidden menu option ``100`` incorrectly handles HTTPS detection: Jim Pingle
07:45 AM Bug #13453 (Resolved): Incorrect word in "Network Interfaces" help text on ``services_unbound.php``: Jim Pingle
07:31 AM Bug #13298 (Resolved): Dynv6 Dynamic DNS client does not check the response code when updating: Jim Pingle
07:31 AM Regression #13303 (Resolved): DNSExit Dynamic DNS updates no longer work: Jim Pingle
07:30 AM Todo #13250 (Resolved): Clean up DHCP Server option language: I wasn't looking at the RA pages here, just the DHCP pages. But I removed that "Seconds." bit just now in commit:4dc4... Jim Pingle
07:26 AM Regression #13488 (Resolved): All Captive Portal users are given the same limiter pipe pair: Jim Pingle
07:25 AM Bug #13645 (Resolved): PHP errors regarding ssh: Jim Pingle
07:24 AM Bug #13132 (Resolved): Multiple ``<sshdata>`` or ``<rrddata>`` sections in ``config.xml`` lead to an XML parsing error during restore: That should be sufficient testing.
The "live" method can be done if you are logged in and sitting at the backup pa... Jim Pingle
07:14 AM Bug #13723 (Confirmed): dpinger doesn't renew Gateway Monitoring IP address for IPsec VTi after changing IPsec VTi subnet: Tested on 22.05
Steps to reproduce:
1. Create Routed IPsec with IPv6 addresses as a Local and Remote. In my case ... Azamat Khakimyanov
06:19 AM Bug #12764: VTI gateway status is pending after assigning the VTI interface: I found it on my VM which had Gateway monitoring disabled so dpinger was not active (Status/Services). So when I adde... Azamat Khakimyanov
06:13 AM Bug #12764: VTI gateway status is pending after assigning the VTI interface: Tested on latest 23.01-DEV (built on Mon Dec 05 06:05:03 UTC 2022)
This issue hasn't been resolved yet. When new R... Azamat Khakimyanov
01:06 AM pfSense Packages Bug #13564 (Feedback): PHP error after creating a Route Map: I believe this is fixed by the resolution for #13642. Can you retest? Reid Linnemann
12:53 AM pfSense Packages Bug #13679 (Feedback): Error in pfBlockerNG Post Install Script: Should be fixed in CE as of "18035e":https://github.com/pfsense/FreeBSD-ports/commit/18035e2a5340c0b57be694a2d5b3f777... Reid Linnemann

12/04/2022

10:35 PM Regression #13719: PHP8.1 error when saving DHCP Server settings.: Found a workaround.
You can reconfigure the interfaces and DHCP Servers via console to the box. Had no issues maki... Eric R
04:43 PM Regression #13719: PHP8.1 error when saving DHCP Server settings.: I determined what was causing the issue. It seems to be caused by the pfBlockerNG-devel package. I had a second route... Eric R
01:26 PM Regression #13719 (Pull Request Review): PHP8.1 error when saving DHCP Server settings.: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/967
Copy/paste/apply the attached patch via the System P... Marcos M
10:16 AM Regression #13719: PHP8.1 error when saving DHCP Server settings.: *Debugging output can be collected to share with pfSense developers or others providing support or assistance.*
... Steph Swiss
10:14 AM Regression #13719: PHP8.1 error when saving DHCP Server settings.: *OUPS* ... in fact I still have the BUG (PHP error) when I use the "SAVE" button, however I finally managed to "fix" ... Steph Swiss
10:02 AM Regression #13719: PHP8.1 error when saving DHCP Server settings.: Hello,
I found how to "fix" (now I don't have this PHP error message anymore).
To start in "Services > DHCP Serve... Steph Swiss
01:49 AM Regression #13719: PHP8.1 error when saving DHCP Server settings.: You are very lucky because on the "built on Tue Nov 29 06:04:43 UTC 2022" and on the last one "the same one you have"... Steph Swiss
10:34 PM Bug #13722 (Not a Bug): OpenVPN connection fail after service restart: I am using OPenVPN client. When service is started from Status -> OpenVPN (stop, then start) I always getting "TLS Er... Stanislav Meshcheriakov
04:35 PM Bug #13076 (Resolved): Marking a gateway as down does not affect IPsec entries using gateway groups: Tested on latest snap - now works correctly. Marcos M
02:14 PM pfSense Packages Feature #13361: Add Zabbix 6.2 (agent and proxy) packages: +1
Agent 6.2 install does not work, same error. Hannes Palmquist

12/03/2022

11:56 PM Regression #13719: PHP8.1 error when saving DHCP Server settings.: Tested on
2.7.0-DEVELOPMENT (amd64)
built on Fri Dec 02 06:04:46 UTC 2022
FreeBSD 14.0-CURRENT
I can not reprod... aleksei prokofiev
03:52 AM Regression #13719: PHP8.1 error when saving DHCP Server settings.: Hello and sorry for my bad English :-(
I just registered to be able to write here. I have exactly the same bug wit... Steph Swiss
09:13 PM pfSense Packages Bug #13247 (Confirmed): Open-VM-Tools service actions do not work: Can confirm this behavior on pfSense Plus 23.01. Since this is a kernel module and not a service, probably best to j... Kris Phillips
09:04 PM pfSense Packages Bug #13690 (Duplicate): IPsec Profile Wizard: Update package description and link in ``pkg-descr``: This is a duplicated of https://redmine.pfsense.org/issues/12759 Kris Phillips
09:02 PM pfSense Packages Regression #13714 (Confirmed): PHP8.1 error when adding a new interface.: I'm able to reproduce this. Marked as Confirmed. Kris Phillips
09:01 PM pfSense Packages Bug #13692 (Duplicate): Netgate_Firmware_Upgrade - Title link needs updated: Marking as duplicate of https://redmine.pfsense.org/issues/12759
The Netgate Firmware Upgrade package is a proprie... Kris Phillips
08:59 PM pfSense Packages Bug #13709 (Resolved): Suricata 6.0.6_1 - PHP 8.1 Error on Alerts Page: Tested with Suricata 6.0.8_2. Not seeing PHP error messages on the Alerts page. Looks to be resolved. Kris Phillips
08:52 PM Bug #13721: PHP Fatal error - firewall_rules.php - FreeBSD 14.0-CURRENT #0 devel-main-n255818-a851396c4f4: Fri Dec 2 06:29:25 UTC 2022: There is not enough information in this bug report. What was the steps/action(s) that caused this crash report to ap... Kris Phillips
08:32 PM Bug #13721 (Duplicate): PHP Fatal error - firewall_rules.php - FreeBSD 14.0-CURRENT #0 devel-main-n255818-a851396c4f4: Fri Dec 2 06:29:25 UTC 2022: amd64
14.0-CURRENT
FreeBSD 14.0-CURRENT #0 devel-main-n255818-a851396c4f4: Fri Dec 2 06:29:25 UTC 2022 root@fr... RED SKULL
08:48 PM pfSense Packages Bug #13587: Zabbix-agent62 install fails: Tested on latest builds in case the above merge request was merged in. It has not. Kris Phillips
07:39 PM Bug #13258: Hidden menu option ``100`` incorrectly handles HTTPS detection: running 23.01.a.20221202.0600
!clipboard-202212031938-mrhwj.png!
Jordan G
07:29 PM Bug #13707: Unbound not binding to LAN on startup when explicitly set: Simon Byrnand wrote in #note-5:
> Thinking it might be related to the Unifi controller software I'm also running on ... Jordan G
12:00 PM Bug #13707: Unbound not binding to LAN on startup when explicitly set: Well that was an ordeal updating to the development snapshot. :(
My first attempt at an in place upgrade from 2.6.0 ... Simon Byrnand
06:36 PM Bug #13453: Incorrect word in "Network Interfaces" help text on ``services_unbound.php``: language has been corrected to not reference improper field selection - pfSense Plus Dev 23.01.a.20221202.0600 Jordan G
04:59 PM Bug #13507 (Resolved): Copying multiple rules at the same time results in new rules with duplicate tracker IDs: Alhusein Zawi
04:59 PM Bug #13507: Copying multiple rules at the same time results in new rules with duplicate tracker IDs: there is no duplication after copy/past the rules.
anchor "userrules/*"
pass in quick on $WAN reply-to ( em0 ... Alhusein Zawi
03:05 PM pfSense Packages Bug #13513: Cannot install Squid: Kris Phillips wrote in #note-9:
> Tested on Nov 18th builds. Package installs properly with no more errors. Issue ... Peter Moreno
01:45 PM Regression #13666 (Resolved): Assigned bridge interfaces are not configured at boot: fixed
after reboot :
[23.01-DEVELOPMENT][admin@pfSense.home.arpa]/root: ifconfig bridge0
bridge0: ... Alhusein Zawi
01:10 PM Bug #12612 (Resolved): DNS Resolver is restarted during every ``rc.newwanip`` event even for interfaces not used in the resolver: Tested against the:... Danilo Zrenjanin
12:27 PM Bug #13307 (Resolved): PPP interface custom reset date/time Hour and Minute fields do not properly handle ``0`` value: Alhusein Zawi
12:27 PM Bug #13307: PPP interface custom reset date/time Hour and Minute fields do not properly handle ``0`` value: Custom reset option takes 0 value
23.01-DEVELOPMENT (amd64)
built on Fri Dec 02 06:04:48 UTC 2022
Alhusein Zawi
07:15 AM Bug #8087: Provide Calling-Station-ID to RADIUS backed VPN connections: OpenVPN makes the client's apparent address available in environment variables:... Christian Ullrich
07:08 AM Bug #13298: Dynv6 Dynamic DNS client does not check the response code when updating: Working as expected, tested on
23.01-DEVELOPMENT (amd64)
built on Fri Dec 02 06:04:48 UTC 2022
FreeBSD 14.0-CURR... Lev Prokofev
06:50 AM Regression #13303: DNSExit Dynamic DNS updates no longer work: Can confirm that it's working as expected on
23.01-DEVELOPMENT (amd64)
built on Fri Dec 02 06:04:48 UTC 2022
Fr... Lev Prokofev
05:27 AM Todo #13250: Clean up DHCP Server option language: Checked against:... Danilo Zrenjanin
04:58 AM Bug #13387 (Resolved): Input validation is not rejecting invalid description characters when editing a CA or Certificate: Tested against:... Danilo Zrenjanin
04:37 AM Regression #13488: All Captive Portal users are given the same limiter pipe pair: Looks like pipes per user fixed. Users using their own pipe.
Tested
@23.01-DEVELOPMENT (amd64)
built on Fri D... Lev Prokofev
04:08 AM Bug #13539 (Resolved): Missing descriptions for referrers to firewall aliases cause empty strings for references to be returned when deleting an in-use alias: Tested against:... Danilo Zrenjanin
02:29 AM Bug #13645: PHP errors regarding ssh: Tested on
23.01-DEVELOPMENT (amd64)
built on Fri Dec 02 06:04:48 UTC 2022
FreeBSD 14.0-CURRENT
No such error... Lev Prokofev

12/02/2022

08:27 PM Bug #13132: Multiple ``<sshdata>`` or ``<rrddata>`` sections in ``config.xml`` lead to an XML parsing error during restore: I updated a virtual machine from 2.6 to 2.7.0.a.20221202.0600 and took a snapshot.
- SSH is enabled and the default a... Chris W
03:41 PM Regression #13719 (Resolved): PHP8.1 error when saving DHCP Server settings.: *BRANCH:* DEVEL version (devel)
*VERSION:* 2.7.0.a.20221202.0600
*ERROR MESSAGE:* PHP Fatal error: Uncaught TypeErr... Eric R
02:16 PM Regression #13685 (Resolved): URL alias parsing is broken, gets stuck in infinite loop reading downloaded file: Jim Pingle
12:53 PM Regression #13685: URL alias parsing is broken, gets stuck in infinite loop reading downloaded file: tested on
Version 2.7.0-DEVELOPMENT (amd64)
built on Fri Dec 02 06:04:46 UTC 2022
FreeBSD 14.0-CURRENT
Alias i... Georgiy Tyutyunnik
01:16 PM pfSense Packages Bug #13587 (Pull Request Review): Zabbix-agent62 install fails: https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/300 Christopher Cope
12:36 PM Feature #13388 (Resolved): Support for international characters in the AutoConfigBackup Hint/Identifier field: I was able to recreate the issue on the 22.05.
It worked as expected when I tested it against:... Danilo Zrenjanin
12:21 PM Bug #13706 (Confirmed): Static routes are not updated when updating a nested alias.: Tested against:... Danilo Zrenjanin
09:37 AM Bug #13093: LDAP authentication fails with extended query and RFC2307 group lookups enabled: I improved the LDAP debug logging a bit over on #13718 which may help here as well.
Jim Pingle
08:35 AM Todo #13718 (Feedback): Improve LDAP debugging: Applied in changeset commit:51c72717a62860a85b251ea17e72087a27d9e18a. Jim Pingle
08:23 AM Todo #13718 (Resolved): Improve LDAP debugging: The LDAP debug logs are inconsistent in their use of @log_auth()@ vs @log_error()@ and they should all be @log_error(... Jim Pingle
07:27 AM pfSense Plus Bug #13664 (In Progress): GUI allows configuring OpenVPN DCO with incompatible options (TCP, compression, TAP, net30): OK, I'll open this back up and work up similar changes to disable and force the TUN/TAP setting to always be 'tun', a... Jim Pingle
06:30 AM pfSense Plus Bug #13664: GUI allows configuring OpenVPN DCO with incompatible options (TCP, compression, TAP, net30): Tested against:... Danilo Zrenjanin

12/01/2022

02:30 PM Bug #13717 (Duplicate): Stack overflow in ping(8) Vulnerability (FreeBSD): Duplicate of #13716 Jim Pingle
02:29 PM Bug #13717 (Duplicate): Stack overflow in ping(8) Vulnerability (FreeBSD): FreeBSD-SA-22:15.ping
https://www.freebsd.org/security/advisories/FreeBSD-SA-22:15.ping.asc
------
ping rea... RED SKULL
11:09 AM Bug #13716 (Resolved): CVE-2022-23093 / FreeBSD-SA-22:15.ping: Ref: https://www.freebsd.org/security/advisories/FreeBSD-SA-22:15.ping.asc
Not a significant concern for pfSense s... Jim Pingle
11:09 AM pfSense Packages Bug #13715 (New): arpwatch causing issues with Cron notifications?: Since upgrading to 2.7.0-devel I'm getting the following errors instead of the cron messages I'm expecting:
Arpwatch... Robert Johnston
11:03 AM Bug #13707: Unbound not binding to LAN on startup when explicitly set: Hi Danilo,
Yes, I'll try the latest development snapshot on the affected box sometime in the next few days and rep... Simon Byrnand
07:32 AM Bug #13707: Unbound not binding to LAN on startup when explicitly set: I tested against the:... Danilo Zrenjanin
09:09 AM pfSense Plus Regression #13613 (Ready To Test): OpenVPN crashes due to if_tuntap changes: Merged. This will turn up in the next snapshot build. Kristof Provost
08:06 AM pfSense Plus Regression #13613 (Pull Request Review): OpenVPN crashes due to if_tuntap changes: Jim Pingle
06:45 AM Bug #13254 (Resolved): DNS resolver does not update its configuration or reload during link down events: Tested against:... Danilo Zrenjanin

11/30/2022

06:57 PM pfSense Packages Regression #13714 (Resolved): PHP8.1 error when adding a new interface.: On the latest Suricata on 23.01 when adding a new interface:
> Fatal error: Uncaught TypeError: array_get_path(): Ar... Marcos M
06:55 PM pfSense Packages Bug #12956 (Resolved): suricata fails to use pcre in SID management (e.g. dropsid.conf): Marcos M
06:29 PM pfSense Plus Regression #13613: OpenVPN crashes due to if_tuntap changes: Tested patch and it worked well here. Marcos M
05:22 AM pfSense Plus Regression #13613: OpenVPN crashes due to if_tuntap changes: I can reproduce that here. It looks like the problem is that we send a SIGTERM to openvpn, but don't wait until it ac... Kristof Provost
12:13 AM pfSense Plus Regression #13613 (Feedback): OpenVPN crashes due to if_tuntap changes: I just ran into a different way of triggering what seems to be a similar issue. Editing a client with DCO enabled, un... Marcos M
06:02 PM Bug #12870 (Resolved): Clicking Save & Force Update on a Dynamic DNS entry results in a GUI timeout: The fix worked for me, thanks! Marcos M
06:01 PM Bug #13600 (Duplicate): Saving a DDNS entry can lead to the GUI timing out.: Marcos M
06:00 PM Bug #13600 (Resolved): Saving a DDNS entry can lead to the GUI timing out.: Worked well here, thanks! Marcos M
05:50 PM pfSense Packages Bug #13684 (Duplicate): HAProxy PHP error haproxy.inc:1229: Marcos M
05:13 PM pfSense Packages Bug #13684: HAProxy PHP error haproxy.inc:1229: Duplicate of #13562 (with fix in there) Robert Johnston
05:47 PM pfSense Packages Bug #13562 (Duplicate): HAProxy PHP error on upgrade to PHP8.1 update: I'm marking this one as duplicate given that the fix for both packages has already been submitted and pending review.... Marcos M
01:43 PM pfSense Packages Bug #13562: HAProxy PHP error on upgrade to PHP8.1 update: Okay, I have fixed all the errors I was getting. The procedure I used.
# Edit @/usr/local/pkg/haproxy/haproxy_util... Robert Johnston
03:01 PM Bug #13093 (Feedback): LDAP authentication fails with extended query and RFC2307 group lookups enabled: OK this may be another case where it's the LDAP schema at play.
If your groups are not in the same container as the ... Jim Pingle
02:45 PM Regression #13666 (Feedback): Assigned bridge interfaces are not configured at boot: Applied in changeset commit:51b682d9d7eb3bbba5bb6af96b09ab709115be58. Reid Linnemann
01:54 PM Bug #13713 (New): intermittent display of CPU Current / Max speed in System Information dashboard panel: A cosmetic / UX issue.
Issue:
When CPU powerd / scaling is enabled, the "Current: X MHz, Max: Y MHz" text is di... Royce Williams
01:11 PM pfSense Packages Bug #13709: Suricata 6.0.6_1 - PHP 8.1 Error on Alerts Page: The pull request has been merged. This issue can be marked as resolved. Bill Meeks
11:05 AM pfSense Plus Regression #13712 (Resolved): PHP error: pkg-utils.inc: When switching repos in 23.01:... Steve Wheeler
09:11 AM Regression #13705 (Resolved): PHP8.1 Captive Portal TypeError: I was getting this error every few hours. After applying this patch I've went almost 24 hours without an error. Marki... Christopher Cope
06:53 AM pfSense Plus Bug #13602: OpenVPN fails to start again if it crashes with DCO enabled: Jim is beter qualified to review these changes than I am. Kristof Provost
04:46 AM pfSense Packages Bug #13444: zabbix_proxy : cannot open "/var/log/zabbix-proxy/zabbix_proxy.log": [13] Permission denied: I see the same behavior, independently from Zabbix versions. The problem indeed, is in @newsyslog@ config for the ser... Juraj Lutter
02:29 AM Bug #13676 (Resolved): PHP errors on services_dhcpv6_relay.php: Tested against:... Danilo Zrenjanin

11/29/2022

11:57 PM pfSense Plus Bug #13602 (Pull Request Review): OpenVPN fails to start again if it crashes with DCO enabled: Marcos M
04:09 PM pfSense Plus Bug #13602 (New): OpenVPN fails to start again if it crashes with DCO enabled: I think it'd be preferred to implement part of this in both CE and Plus to avoid unnecessary code differences.
https... Marcos M
07:38 PM pfSense Packages Bug #13709: Suricata 6.0.6_1 - PHP 8.1 Error on Alerts Page: I've submitted a pull request to the 2.7.0 CE snapshot development branch to address this issue. The request is here:... Bill Meeks
04:44 PM pfSense Packages Bug #13709: Suricata 6.0.6_1 - PHP 8.1 Error on Alerts Page: Confirmed.
This is caused by a missing closing parenthesis in the if() conditional statement on line 545 directly ... Bill Meeks
08:36 AM pfSense Packages Bug #13709 (Resolved): Suricata 6.0.6_1 - PHP 8.1 Error on Alerts Page: Seeing this error upon clicking on the Suricata alerts tab:
"Parse error: syntax error, unexpected token ";" in /u... Steve Wilson
03:04 PM Bug #13093: LDAP authentication fails with extended query and RFC2307 group lookups enabled: I'll poke at this and see what I can turn up. Apparently both of my lab LDAP servers are broken in different ways at ... Jim Pingle
12:05 PM Bug #13076 (Feedback): Marking a gateway as down does not affect IPsec entries using gateway groups: Applied in changeset commit:f67c3ec2946594a3679f6016716712ce74dac9c5. Jim Pingle
12:00 PM Bug #13076 (In Progress): Marking a gateway as down does not affect IPsec entries using gateway groups: I see why this is happening, the gateway value being passed to rc.ipsec is coming through as a quoted string where th... Jim Pingle
11:13 AM pfSense Packages Bug #13619 (Resolved): PHP Error in pfblockerNG-devel widget: The package version was bumped (now today on 3.1.0_11) to include the fix for this issue on pfSense+. I'm no longer s... Marcos M
10:58 AM Regression #13705 (Feedback): PHP8.1 Captive Portal TypeError: https://gitlab.netgate.com/pfSense/pfSense/-/commit/8de9ebba70b1e7860b071f06791479bbaf2d6e5c
Christian McDonald
10:23 AM Feature #13710 (New): Support UTF-8 CA/Certificate subject components: Some support was added for UTF-8 CA/Certificate fields in #12041 but it isn't complete.
The backend seems to handl... Jim Pingle
10:08 AM pfSense Plus Bug #13530: Remote Logging strange behavior: Jim, I am still trying to interconnect connect pfsense with my gray log server and there are surely multiple issues b... Louis B
08:09 AM Bug #13707: Unbound not binding to LAN on startup when explicitly set: Hi Jim,
Thanks for the reply.
If I take a backup of my current config, is it possible to do an in-place upgrade... Simon Byrnand
07:42 AM Bug #13707 (Feedback): Unbound not binding to LAN on startup when explicitly set: The fix for #13254 may have addressed this already. That fix won't apply to older versions, however, you will need to... Jim Pingle
04:47 AM Bug #13707 (New): Unbound not binding to LAN on startup when explicitly set: Hi,
This is related to the following forum thread:
https://forum.netgate.com/topic/176155/unbound-not-respondin... Simon Byrnand
07:54 AM Bug #13253: ``dhcp6c`` is not restarted when applying settings when multiple WANs are configured for DHCP6: The change is working as expected for this case in the latest snapshot. Saving and applying on a DHCP6 WAN causes the... Jim Pingle
05:36 AM pfSense Packages Feature #13708 (New): Apprise - Huge variety of notification methods in a single package: Apprise -
One notification library to rule them all.
A common and intuitive notification syntax.
Supports the ha... Jack Grimsdell
05:34 AM pfSense Packages Bug #13587: Zabbix-agent62 install fails: Hi, there seems to be an error in the installation, installs "zabbix62-agent" and then search for "zabbix-agent62".
... Xavier Roig

11/28/2022

07:16 PM Bug #13706 (Confirmed): Static routes are not updated when updating a nested alias.: Tested on @22.05@ and @23.01.a.20221123.0600@.
Setup:
* Create the network alias @a2@ with a subnet defined.
* C... Marcos M
04:57 PM Regression #13705: PHP8.1 Captive Portal TypeError: Tested on... Christopher Cope
04:56 PM Regression #13705 (Resolved): PHP8.1 Captive Portal TypeError: ... Christopher Cope
04:54 PM Bug #13704 (Resolved): Refactor IPsec code using config access functions: Brad Davis
04:54 PM Todo #13702 (Resolved): Replace direct config accesses in ``system_advanced_sysctl``: Brad Davis
04:52 PM Todo #13701 (Resolved): Replace direct config accesses for the rest of the paths in ``system_advanced_admin.inc``: Brad Davis
03:10 PM Bug #13253 (Feedback): ``dhcp6c`` is not restarted when applying settings when multiple WANs are configured for DHCP6: Applied in changeset commit:8e88bd48a22b55d213ac7613be74c651706cfa0d. Jim Pingle
12:07 PM Bug #13600 (Feedback): Saving a DDNS entry can lead to the GUI timing out.: The new fix on #12870 probably fixed this as well, try with commit:02d6ca03965777ab95da05c7ae526aa75d2ddc2a applied o... Jim Pingle
11:40 AM Bug #12870 (Feedback): Clicking Save & Force Update on a Dynamic DNS entry results in a GUI timeout: Applied in changeset commit:02d6ca03965777ab95da05c7ae526aa75d2ddc2a. Jim Pingle
11:36 AM Bug #12870: Clicking Save & Force Update on a Dynamic DNS entry results in a GUI timeout: I think I have this fixed again, it's still weirdness in cURL.
With PHP 8, curl_close() does nothing, which explai... Jim Pingle
07:57 AM Bug #12870 (New): Clicking Save & Force Update on a Dynamic DNS entry results in a GUI timeout: The fixes should already be in 23.01/2.7.0 snapshots, but it's possible some other change broke this again.
I can ... Jim Pingle
08:50 AM pfSense Docs Correction #13699: Clarification to URL / URL Table Aliases in Docs: Jens Groh wrote in #note-2:
> So I'm right in remembering, that URL-style aliases are only fetched once (and again e... Jim Pingle
08:48 AM pfSense Docs Correction #13699: Clarification to URL / URL Table Aliases in Docs: Jim Pingle wrote in #note-1:
> The bottom part is wrong since the automatic update part only applies to URL table ... Jens Groh
08:26 AM pfSense Docs Correction #13699: Clarification to URL / URL Table Aliases in Docs: The behavior did change over time so neither one of those is quite right.
The top part is wrong because it doesn't... Jim Pingle
02:49 AM pfSense Docs Correction #13699 (New): Clarification to URL / URL Table Aliases in Docs: Hi,
I got a mail by a customer that was a bit confused about the wording on the docs page concerning the differenc... Jens Groh
08:13 AM Feature #13698 (Duplicate): Routes Flag - Legend: Duplicate of #13478
Though you can click the help link on the page ("(?)" in the breadcrumb bar) to get the docs p... Jim Pingle
08:07 AM Bug #13676: PHP errors on services_dhcpv6_relay.php: Jordan Greene wrote in #note-6:
> still happening on 23.01.a.20221124.0600
What exactly is the error message now?... Jim Pingle
08:05 AM pfSense Plus Bug #13530: Remote Logging strange behavior: Again, there isn't enough to go on there. It works fine and doesn't stop on many systems in other places (including m... Jim Pingle
08:02 AM Bug #13493: Several advanced DHCP6 client options do not inform the user when rejecting invalid input: Client-side validation in JS could probably be done to help guide users toward valid input, but that should be a sepa... Jim Pingle
07:54 AM Bug #13694 (Not a Bug): Strange behavior when disabling a firewall rule while anoter is simultaneosly in Edit mode: While this could be handled better, it's not a bug but a design flaw in how any area handles items by index number in... Jim Pingle
07:51 AM pfSense Packages Bug #13696 (Not a Bug): WireGuard v0.1.6_2 - Tunnel Will Never Handshake Again After WAN Reset: Jim Pingle
07:48 AM Regression #13618 (Duplicate): Creating URL Table (IPs) alias fails on applying: I missed this issue and ended up making a new one when I fixed it. See #13685 Jim Pingle
07:07 AM pfSense Packages Feature #11130 (Resolved): FRR RIP support: Azamat Khakimyanov
07:07 AM pfSense Packages Feature #11130: FRR RIP support: Tested on 22.05 and on latest 23.01-DEV (built on Thu Nov 24 06:04:19 UTC 2022)
I used RIP between 2 nodes, with adv... Azamat Khakimyanov
07:01 AM pfSense Packages Regression #12653 (Resolved): RIP related startup error: Tested on 22.05 and on latest 23.01-DEV (built on Thu Nov 24 06:04:19 UTC 2022)
There is no issue with RIP. I crea... Azamat Khakimyanov

11/27/2022

11:06 PM Feature #13698 (Duplicate): Routes Flag - Legend: Under Diagnostics / Routes in the Flags column, it would be helpful to have a legend somewhere on screen to indicate ... Mike Moore
06:45 PM Bug #13473: No IPv6 address acquired after reboot/dhcp6c not starting: Probably similar to #13671 Flole Systems
06:43 PM Bug #13473: No IPv6 address acquired after reboot/dhcp6c not starting: Have you tested with multiple client interfaces? As described the issue happens due to the new "single dhcpv6 client ... Flole Systems
04:54 PM Bug #13676: PHP errors on services_dhcpv6_relay.php: still happening on 23.01.a.20221124.0600 Jordan G
10:42 AM pfSense Plus Bug #13530: Remote Logging strange behavior: I did some further test. Not only the firewall log stops but also e.g. unbound. I disabled forwarding to GrayLog. At ... Louis B
07:59 AM pfSense Plus Bug #13530: Remote Logging strange behavior: Yep, I just started logging pfsense alarms in GrayLog, and .... it does not work. The firewall logging stops after so... Louis B
01:22 AM pfSense Packages Bug #13619: PHP Error in pfblockerNG-devel widget: Tested on 23.01.a.20221124.0600 and I don't see any errors on the widget
!clipboard-202211271021-lhh79.png!
aleksei prokofiev

11/26/2022

08:04 PM Bug #13687: Cannot add limiters named ``new``: Confirmed this bug on 23.01. Additionally, if you create a limiter named "new" and then create a queue, if you go an... Kris Phillips
08:04 PM Bug #13493: Several advanced DHCP6 client options do not inform the user when rejecting invalid input: Wouldn't it be possible to limit the possible characters in the web interface aswell? Using the HTML5 attribute @type... Flole Systems
08:02 PM Bug #13375: Mixing VTI and disabled Tunnel Mode phase 2 entries on the same phase 1 breaks VTI gateway monitoring: Confirmed for 23.01 builds too. Kris Phillips
07:56 PM Bug #13277: IGMP Proxy webConfigurator Page Always Produces Error: Tested on pfSense Plus 23.01 and this message is still present. However, the service starts and works normally regar... Kris Phillips
07:27 PM Bug #13014: Deadlock in Charon VICI interface: Kristof Provost wrote in #note-25:
> Thanks for that.
>
> There's nothing obviously suspect in the status or conf... Kris Phillips
07:24 PM pfSense Packages Bug #13623 (Resolved): Snort binary package fails to install on 2.7.0-DEVEL snapshots due to luajit-openresty version problems: This looks like it was merged, so I tested on the latest builds.
Issue is no longer present and the package inst... Kris Phillips
05:37 PM pfSense Packages Regression #13697 (Resolved): pfBlockerNG alerts error on 2.7.0 devel and PHP 8.1: Getting the following error:... Robert Johnston
10:25 AM Bug #12870: Clicking Save & Force Update on a Dynamic DNS entry results in a GUI timeout: I was able to replicate this issue with GoDaddy DNS. Click Save & Force Update then eventually a 504/timeout error ap... Dean Arnold
12:14 AM Bug #13694: Strange behavior when disabling a firewall rule while anoter is simultaneosly in Edit mode: Tested on
23.01-DEVELOPMENT (amd64)
built on Fri Nov 18 06:04:48 UTC 2022
FreeBSD 14.0-CURRENT
In step "4" a... Lev Prokofev

11/25/2022

04:14 PM pfSense Packages Bug #13696: WireGuard v0.1.6_2 - Tunnel Will Never Handshake Again After WAN Reset: Never mind. It was a problem with my firewall. Follow the guide here and you'll be fine: https://mullvad.net/en/help/... Nunya Business
02:08 PM pfSense Packages Bug #13696: WireGuard v0.1.6_2 - Tunnel Will Never Handshake Again After WAN Reset: I think I found the solution for 0.1.6_2. Once your tunnel is setup with peers, you have your tun_wg0 Interface, and ... Nunya Business
07:27 AM pfSense Packages Bug #13696: WireGuard v0.1.6_2 - Tunnel Will Never Handshake Again After WAN Reset: even just rebooting or restarting Wireguard Nunya Business
07:14 AM pfSense Packages Bug #13696 (Not a Bug): WireGuard v0.1.6_2 - Tunnel Will Never Handshake Again After WAN Reset: This old bug has returned: https://redmine.pfsense.org/issues/12399
Identical symptoms: make any changes to the tu... Nunya Business
07:10 AM pfSense Packages Bug #12399: WireGuard v0.1.5 - Tunnel Will Never Handshake Again After WAN Reset: This problem has returned with the current version of the Wireguard package, 1.1.6_2.
Identical symptoms: make any... Nunya Business

11/24/2022

07:08 PM pfSense Packages Regression #13695 (Duplicate): pfBlockerNG-devel net 3.1.0_11 install error | 2.7.0-DEVELOPMENT (amd64) built on Thu Nov 24 06:05:10 UTC 2022: PHP ERROR: Type: 1, File: /usr/local/pkg/pfblockerng/pfblockerng_install.inc, Line: 142, Message: Uncaught TypeError:... RED SKULL
04:39 PM Regression #13618: Creating URL Table (IPs) alias fails on applying: This appears to be resolved now. I update around once a week on my test system so unsure which build fixed it. Brad Smith
03:32 PM Bug #13694 (Not a Bug): Strange behavior when disabling a firewall rule while anoter is simultaneosly in Edit mode: It appears this is regardless of interface. WAN and floating are from the original ticket so they're used here as an ... Chris W
09:03 AM Regression #13026: Limiters do not work: I can replicate the issue Steve describes, but I'm not quite sure if it's a bug or somewhat surprising expected behav... Kristof Provost
01:07 AM pfSense Docs New Content #10311: Default net.link.ifqmaxlen value leads to packet loss under load in OpenVPN: Interestingly its forced to a value of 128 now.
If set it inside on /boot/loader.conf.local, it will apply on the ... Chris Collins

11/23/2022

08:47 PM Regression #12827: High latency and packet loss during a filter reload: Hi guys feedback from myself.
I had this enabled when I first updated to 2.6.0. Had noticed no issues.
But yesterd... Chris Collins
01:06 PM pfSense Plus Bug #13693 (Rejected): Private domain in resolver custom options randomly breaks resolution for that domain: There isn't nearly enough here to suggest it's actually a bug or anything actionable on our part -- This site is not ... Jim Pingle
01:04 PM pfSense Plus Bug #13693 (Rejected): Private domain in resolver custom options randomly breaks resolution for that domain: I have the following "custom options" configuration in my DNS resolver settings to allow DNS over OpenVPN to work pro... Ryan Goodfellow
11:33 AM Regression #13666: Assigned bridge interfaces are not configured at boot: The resolution to #13225 appears to have caused this. The rebuilding of the bridge interfaces after logical ovpn inte... Reid Linnemann
10:45 AM Bug #13493 (Feedback): Several advanced DHCP6 client options do not inform the user when rejecting invalid input: Applied in changeset commit:522e3f912bf849161e5a52e50fcc7fc80c3b11f5. Jim Pingle
10:32 AM pfSense Packages Bug #13692 (New): Netgate_Firmware_Upgrade - Title link needs updated: >Netgate_Firmware_Upgrade links to https://github.com/pfSense-pkg-Netgate_Firmware_Upgrade/pfSense-pkg-Netgate_Firmwa... Christopher Cope
10:30 AM pfSense Packages Bug #13691 (Resolved): ldpd - Title link needs updated: >lldpd links to https://docs.netgate.com/pfsense/en/latest/packages/nut.html
That is the wrong package. Christopher Cope
10:30 AM pfSense Packages Bug #13690 (Closed): IPsec Profile Wizard: Update package description and link in ``pkg-descr``: >ipsec-profile-wizard links to http://www.netgate.com/docs/
Perhaps that is on purpose, but it would seem better t... Christopher Cope
10:07 AM Bug #13689 (Rejected): Links on some package names are incorrect.: Each package manages its own link(s) in its @pkg-descr@ file -- this will need to be one separate Redmine under Packa... Jim Pingle
10:04 AM Bug #13689 (Rejected): Links on some package names are incorrect.: When loading the list of packages in System > Package Manager > Available Packages some of the links need updated / c... Christopher Cope
09:37 AM Bug #13686: Unbound breaks SPF: Jim Pingle wrote in #note-3:
> That is not anything we can control, it's the behavior of Unbound itself. You can rai... Frederic Steinfels
09:28 AM pfSense Packages Bug #13612: Snort building lists is broken: A pull request has been submitted to the pfSense DEVEL branch of FreeBSD-ports to correct this issue. The pull reques... Bill Meeks
09:26 AM pfSense Packages Bug #13623: Snort binary package fails to install on 2.7.0-DEVEL snapshots due to luajit-openresty version problems: I have submitted a pull request to the pfSense DEVEL FreeBSD-ports tree to correct this issue. Here is the link: http... Bill Meeks
09:10 AM pfSense Plus Feature #13688 (Rejected): Twice(Dual) NAT separate configuration: Given that it's already possible now, and adding another way to do the same thing would likely confuse people even mo... Jim Pingle
09:06 AM pfSense Plus Feature #13688 (Rejected): Twice(Dual) NAT separate configuration: In order to do Twice NAT, source and destination IP fields need to be changed, one would need to create separate outb... Mike Moore
08:56 AM pfSense Packages Feature #13643: FRR - Display what BGP is advertsing to its neighbors: Appreciate the responses here. I didnt know if vtysh could be called from the cli - rather i didnt know how.
That be... Mike Moore
03:10 AM Bug #13148 (Ready To Test): Traffic passed by Captive Portal cannot use limiter queues on other rules: My understanding is that this is fixed, but that Reid had an unrelated issue. @Reid, can you confirm? Kristof Provost
02:41 AM Bug #13687 (Resolved): Cannot add limiters named ``new``: When I create a limiter named 'new' via the Traffic Shaper page (firewall_shaper_vinterface.php) with the name 'new' ... Kristof Provost

11/22/2022

06:18 PM Bug #13686: Unbound breaks SPF: That is not anything we can control, it's the behavior of Unbound itself. You can raise a request with them directly ... Jim Pingle
06:17 PM Bug #13686: Unbound breaks SPF: I see, thanks. I will reformulate my request. Instead of stripping the answer, wouldn't it make more sense to replace... Frederic Steinfels
06:00 PM Bug #13686 (Not a Bug): Unbound breaks SPF: This is not a bug, it's a security feature. Unbound disallows private addresses in replies by default. You can disabl... Jim Pingle
05:09 PM Bug #13686 (Not a Bug): Unbound breaks SPF: It seems the unbound module is not compliant with the SPF standard.
When I do the lookup on the pfsense unbound se... Frederic Steinfels
12:05 PM Bug #13493: Several advanced DHCP6 client options do not inform the user when rejecting invalid input: Looks like several fields get tested to ensure they are numeric ints before being stored, but don't have correspondin... Jim Pingle
12:04 PM Feature #4728: Expose ``nopool`` server option in the OpenVPN Server GUI: Hi, I do not think this is a duplicate and I just ran into this again. I actually want to be able to specify "nopool"... Florian Apolloner
11:56 AM Bug #13671: DHCP client can fail permanently if an interface is down at boot: MR: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/949 Jim Pingle
11:53 AM Bug #13671 (Feedback): DHCP client can fail permanently if an interface is down at boot: Try this change, for example:... Jim Pingle
11:50 AM Bug #13671: DHCP client can fail permanently if an interface is down at boot: @/etc/rc.linkup@ explicitly exits if it detects the platform is booting. We might be able to insert a test there to c... Jim Pingle
11:35 AM Bug #13473 (Incomplete): No IPv6 address acquired after reboot/dhcp6c not starting: I can't reproduce anything like this with LAGG and DHCP6 on current snapshots, it's all working happily here and none... Jim Pingle
11:15 AM Bug #13280 (Feedback): Entries for ``net.link.ifqmaxlen`` duplicated in ``/boot/loader.conf``: I cannot reproduce this on current snapshots either. The only place I can reproduce it is on a 22.05 system.
I hav... Jim Pingle
11:15 AM Regression #13373 (Feedback): IPsec rejects certificates if any SAN is wildcard rather than rejecting when **all** SANs are wildcard: Applied in changeset commit:fa3236635876914ab330778545ec8dd7cefe7a80. Jim Pingle
11:07 AM Regression #13373: IPsec rejects certificates if any SAN is wildcard rather than rejecting when **all** SANs are wildcard: I re-confirmed that using a cert with one non-wildcard SAN and multiple wildcard SANs does work properly in strongSwa... Jim Pingle
10:13 AM Bug #13574 (Resolved): Extra remote address information can confuse ``sshguard``: The extra information is no longer printed in the log, and sshguard properly recognizes the failed attempts even when... Jim Pingle
09:50 AM Bug #13387 (Feedback): Input validation is not rejecting invalid description characters when editing a CA or Certificate: Applied in changeset commit:f16d3f4d3f466bb1fca84c754e51fbaa1b9e48ba. Jim Pingle
09:42 AM Bug #13387 (In Progress): Input validation is not rejecting invalid description characters when editing a CA or Certificate: I'll add the list of invalid characters to the help text for those fields.
Jim Pingle
09:25 AM Bug #13425 (Resolved): Invalid alias name can still be used by code attempting to validate URL table content: Attempting a previously working exploit no longer creates an arbitrary file. Marking resolved.
Jim Pingle
09:11 AM Bug #13425: Invalid alias name can still be used by code attempting to validate URL table content: Jordan Greene wrote in #note-3:
> when attempting to save an alias in 23.01.a.20221111.0600 include an additional / ... Jim Pingle
09:20 AM Regression #13685 (Feedback): URL alias parsing is broken, gets stuck in infinite loop reading downloaded file: Applied in changeset commit:af61346825f5507889d66c142c78babee837f6e4. Jim Pingle
09:08 AM Regression #13685 (In Progress): URL alias parsing is broken, gets stuck in infinite loop reading downloaded file: Jim Pingle
09:07 AM Regression #13685 (Resolved): URL alias parsing is broken, gets stuck in infinite loop reading downloaded file: In commit:c239afac1763951eacefc1dbc59ad04f9d319b91 we made the following change:... Jim Pingle
08:31 AM Bug #13426 (Resolved): ``status.php`` uses ``<name>`` component of ``/tmp/rules.packages.<name>`` filenames in shell command without encoding: Can't reproduce on snapshots. Marking resolved. Jim Pingle
07:13 AM Bug #12673: Firewall Logs Dashboard Widget is slow and may fail to update: I think I have solved all issues. The functionality is the same as the original NetGate version. However with a 20 ti... Louis B

11/21/2022

10:31 PM Feature #2479: Allow reordering of the traffic graphs on the dashboard: This would be nice to have. Although you can hide interfaces it still doesn't group, for example, WAN interfaces or V... Steve Wheeler
04:33 PM Regression #13663 (Resolved): WIFI interface configuration creates invalid xml: This is fixed in current snapshots.
Tested:... Steve Wheeler
03:40 PM Bug #13240 (Feedback): User is forced to pick an NPt destination IPv6 prefix length even when choosing a drop-down entry which contains a defined prefix length: Applied in changeset commit:824ab9c44e658b3fc1e1a4d6a96f41265cec0221. Jim Pingle
02:29 PM Bug #13240 (In Progress): User is forced to pick an NPt destination IPv6 prefix length even when choosing a drop-down entry which contains a defined prefix length: Jim Pingle
03:33 PM Regression #13373 (In Progress): IPsec rejects certificates if any SAN is wildcard rather than rejecting when **all** SANs are wildcard: Jim Pingle
02:19 PM Bug #12335: IPsec DNS inefficiency: Bump this forward again, not enough spare cycles this release to dig into it. Jim Pingle
02:18 PM Bug #12942: Code to kill states for old gateway when reconnecting an interface is incorrect: Bump this forward again, not enough spare cycles this release to dig into it. Jim Pingle
02:18 PM Bug #12811 (Feedback): Services are not restarted when PPP interfaces connect: There have been a lot of changes here since the last comment and it's not clear if this should be marked resolved or ... Jim Pingle
02:15 PM Bug #13364 (Feedback): Using the copy (not clone) function on firewall rules unintentionally converts interface ``address`` to interface ``net``: Applied in changeset commit:749af017d77897079e759cb934461f1f4e810592. Jim Pingle
02:03 PM Bug #13364: Using the copy (not clone) function on firewall rules unintentionally converts interface ``address`` to interface ``net``: I can reproduce this on the latest dev snaps exactly as described. Working on a fix now. Jim Pingle
02:02 PM Bug #13364 (In Progress): Using the copy (not clone) function on firewall rules unintentionally converts interface ``address`` to interface ``net``: Jim Pingle
02:15 PM Bug #13507 (Feedback): Copying multiple rules at the same time results in new rules with duplicate tracker IDs: Applied in changeset commit:2e534ffe71dc763c66a2009c07a9883c252afa0f. Jim Pingle
02:02 PM Bug #13507 (In Progress): Copying multiple rules at the same time results in new rules with duplicate tracker IDs: Looks like a simple fix, it's using microtime inside a loop and it should just be using that once as a starting value... Jim Pingle
01:38 PM Todo #13508: Uncouple RAM Disk size from available kernel memory: We can't remove the check entirely but it would need to be adjusted for whatever limits tmpfs may have. For example, ... Jim Pingle
01:37 PM Bug #13479: Input validation is checking RAM disk sizes when they are inactive: That's a separate issue, I'm taking things one at at time. While we evaluate the other, it's still safe to remove thi... Jim Pingle
01:29 PM Bug #13479: Input validation is checking RAM disk sizes when they are inactive: Not entirely sure if this is a good idea as #13508 suggests that the check can be removed entirely as it's no longer ... Flole Systems
01:25 PM Bug #13479 (Feedback): Input validation is checking RAM disk sizes when they are inactive: Applied in changeset commit:ad040b7063c9cc5487b15c044a95949888041271. Jim Pingle
01:10 PM Todo #13501 (Feedback): Clean up obsolete code in ``pfSense-dhclient-script``: Applied in changeset commit:7d087f60126b57e34c689cb44e8ba3d7d352f238. Jim Pingle
01:10 PM Feature #13388 (Feedback): Support for international characters in the AutoConfigBackup Hint/Identifier field: Applied in changeset commit:54115a67546fcfbe32c7ec5433fb8a0d3661c808. Jim Pingle
12:55 PM Bug #13254 (Feedback): DNS resolver does not update its configuration or reload during link down events: Applied in changeset commit:31c37082cad1ca068fc22d93fe3dc3c6a8005144. Jim Pingle
12:53 PM pfSense Packages Bug #13619 (Feedback): PHP Error in pfblockerNG-devel widget: Reid Linnemann
11:37 AM pfSense Packages Bug #13619: PHP Error in pfblockerNG-devel widget: The change was just merged to Plus this morning, try the next build please. Reid Linnemann
09:34 AM pfSense Packages Bug #13619 (New): PHP Error in pfblockerNG-devel widget: There's a separate redmine for that one:
https://redmine.pfsense.org/issues/13679
Still seeing this on latest snap/p... Marcos M
11:52 AM pfSense Packages Bug #13642 (Feedback): PHP Error: frr_zebra.inc:159: Fixed in "4a256a0":https://github.com/pfsense/FreeBSD-ports/commit/4a256a029fccc20a7e2b3f2e5a9a5a7dc024eaa8 Reid Linnemann
11:29 AM Bug #13676: PHP errors on services_dhcpv6_relay.php: Jordan Greene wrote in #note-4:
> still seeing this running 23.01.a.20221118.0600 but works with changeset added via ... Reid Linnemann
11:24 AM pfSense Packages Bug #13679: Error in pfBlockerNG Post Install Script: I think I see why you've run into this where others haven't. Around the line in question:... Reid Linnemann
11:03 AM pfSense Packages Bug #13679: Error in pfBlockerNG Post Install Script: Chris W wrote in #note-3:
> I hit this today upgrading from 22.05 to 23.01.a.20221118.0600 with pfBlocker-devel 3.1.... Reid Linnemann
09:49 AM pfSense Packages Bug #13684 (Duplicate): HAProxy PHP error haproxy.inc:1229: On upgrade to 2.7:... Steve Wheeler
08:37 AM Regression #11545: Primary interface address is not always used when VIPs are present: All the issues I could reproduce here are fixed now. If we could get some more feedback from users who encountered th... Jim Pingle
07:31 AM Regression #13670 (Resolved): AES-NI support is built into the kernel on snapshots instead of being a module: That is normal. Changing the configuration does not unload the other modules since that could cause running processes... Jim Pingle
07:18 AM Bug #13579 (Resolved): Incorrect quoting of Split DNS attribute value in ``strongswan.conf``: Jim Pingle
07:12 AM Bug #12673: Firewall Logs Dashboard Widget is slow and may fail to update: The rule lookup function I disable to speedup the widget, was in opposite to my expectation in use to show the rule i... Louis B
04:12 AM Bug #13014: Deadlock in Charon VICI interface: Thanks for that.
There's nothing obviously suspect in the status or configuration files. I do see you have a fair ... Kristof Provost

11/20/2022

10:54 PM pfSense Packages Feature #13683 (New): Request: manually clear collected database/ remove an individual item from the database: It would be helpful when one has reconfigured a network or hosts to be able to manually clear the collected MAC datab... Steve Prior
01:25 PM Bug #12673: Firewall Logs Dashboard Widget is slow and may fail to update: Here my code, watch out debug still partly active (to show the speed :)) . The code is more than 150 times faster on ... Louis B
01:02 PM Bug #12673: Firewall Logs Dashboard Widget is slow and may fail to update: I did some further analyses, and my previous conclusion was not correct. After making further changes and debugging t... Louis B
09:45 AM Bug #12673: Firewall Logs Dashboard Widget is slow and may fail to update: I did add debug time traces in the widget and it turned out that the html part of the code is causing the terrible d... Louis B
12:58 PM pfSense Packages Bug #13619: PHP Error in pfblockerNG-devel widget: With 23.01.a.20221118.0600 I these errors
Please find attached the logs:... Alex Casanova

11/19/2022

06:56 PM pfSense Packages Bug #13619: PHP Error in pfblockerNG-devel widget: widget is able to be added to the dashboard now, running ver 23.01.a.20221118.0600 Jordan G
06:23 PM Regression #13670: AES-NI support is built into the kernel on snapshots instead of being a module: on 23.01.a.20221118.0600 if I switch from QAT to AES-NI in the System>Advanced>Miscellaneous, save/apply, then check ... Jordan G
05:21 PM pfSense Packages Bug #13679: Error in pfBlockerNG Post Install Script: I hit this today upgrading from 22.05 to 23.01.a.20221118.0600 with pfBlocker-devel 3.1.0_10. After logging into the ... Chris W
02:34 AM pfSense Packages Bug #13679: Error in pfBlockerNG Post Install Script: No errors on 23.01-DEVELOPMENT (amd64) built on Fri Nov 11
@>>> Installing pfSense-pkg-pfBlockerNG-devel...
Upda... Lev Prokofev
05:04 PM Bug #13676: PHP errors on services_dhcpv6_relay.php: still seeing this running 23.01.a.20221118.0600 but works with changeset added via system_patches Jordan G
04:51 PM Bug #12632: Changing an interface IP address and gateway at the console does not save the new gateway if one already exists for the interface: WAN IP and the default GW have been assigned via the console and the the default route has been added
> First... Alhusein Zawi
04:40 PM Todo #13524 (Resolved): Update reserved alias names: Marcos M
04:40 PM Bug #13393 (Resolved): DNS Resolver responds with unexpected source address when the DNS over TLS server function is enabled: Marcos M
04:37 PM Feature #13682 (In Progress): Automatically indicate a packet capture has stopped when count limit is reached: Marcos M
11:14 AM Feature #13682 (Closed): Automatically indicate a packet capture has stopped when count limit is reached: It'd be helpful if the GUI of Diagnostics > Packet Capture could automatically refresh or in some way indicate the co... Chris W
04:23 PM Regression #13488 (Feedback): All Captive Portal users are given the same limiter pipe pair: Applied in:
https://redmine.pfsense.org/projects/pfsense/repository/1/revisions/c0f216b9b1b6455afc96cb37e6319a23bf28... Marcos M
04:12 AM Regression #13488 (Ready To Test): All Captive Portal users are given the same limiter pipe pair: Merged to pfSense CE and plus. Kristof Provost
08:56 AM Bug #13579: Incorrect quoting of Split DNS attribute value in ``strongswan.conf``: Testing performed:
client: ... Danilo Zrenjanin
07:03 AM Bug #13633 (Resolved): DHCPv6 rules are not created for interfaces with static IPv6: Tested against:... Danilo Zrenjanin
06:33 AM Bug #13675: Code that sets IPv6 MTU can unintentionally act on IPv4 addresses: Not able to reproduce it on 23.01-DEVELOPMENT (amd64) built on Fri Nov 11 using the config from customer ticket. Lev Prokofev
05:18 AM pfSense Packages Bug #13544: SquidGuard either denying everything or proxying everything: Disabling transparent proxying seems to have fixed the issue... But yet again, using it on some interfaces now works ... Jimmy Michaelson

11/18/2022

08:50 PM Bug #13678: Complete connectivity loss when OpenVPN Client loses connection: I'm unable to reproduce this with any of my OpenVPN clients. Do you have any special configuration items in your con... Kris Phillips
09:49 AM Bug #13678 (Rejected): Complete connectivity loss when OpenVPN Client loses connection: There isn't enough here to classify this as a bug, and it can't be reproduced as stated. This site is not for support... Jim Pingle
09:13 AM Bug #13678 (Rejected): Complete connectivity loss when OpenVPN Client loses connection: Greetings.
Had updated to 2.6 from 2.5.2 in the past, and encountered a bug where if an OpenVPN client goes down f... Lily S
08:47 PM pfSense Packages Bug #13589: PHP Errors during cellular package installation on CE 2.7: This issue is still present in Nov 18th builds. Kris Phillips
08:45 PM pfSense Packages Bug #13679: Error in pfBlockerNG Post Install Script: Unable to reproduce this. Installing the package shows normal for me. Here is the full log on 23.01 for Nov 18th bu... Kris Phillips
05:07 PM pfSense Packages Bug #13679 (Resolved): Error in pfBlockerNG Post Install Script: Error installing pfBlockerNG-devel 3.1.0_10 on... Christopher Cope
08:39 PM pfSense Packages Bug #13587: Zabbix-agent62 install fails: This problem is unique to the agent for some reason. zabbix-proxy62 works just fine. Tested again on Nov 18th builds. Kris Phillips
08:34 PM pfSense Packages Bug #13513 (Resolved): Cannot install Squid: Tested on Nov 18th builds. Package installs properly with no more errors. Issue is resolved. Kris Phillips
06:45 PM Bug #13680 (New): Package install scripts run after PHP upgrade produce errors: During the upgrade to 2.7 or 23.11 PHP is upgraded before the pfSense packages are upgraded. That can lead to the sit... Steve Wheeler
04:51 PM Regression #13627 (Resolved): PHP: Easyrule from the firewall log: Tested on... Christopher Cope
04:15 PM Regression #11545 (Feedback): Primary interface address is not always used when VIPs are present: Applied in changeset commit:2b66dafae80f4a17c4cfc4a5f548f336b97513de. Reid Linnemann
03:00 PM Bug #12612 (Feedback): DNS Resolver is restarted during every ``rc.newwanip`` event even for interfaces not used in the resolver: Applied in changeset commit:1688a9608cbe5889f160dc4b4d3bcfc64fc856c4. Jim Pingle
02:04 PM Bug #13014: Deadlock in Charon VICI interface: Kristof Provost wrote in #note-23:
> Based on available information the suspicion is that charon itself is deadlocki... David Vazquez
12:30 PM Bug #13307 (Feedback): PPP interface custom reset date/time Hour and Minute fields do not properly handle ``0`` value: Applied in changeset commit:b381fa76bd817f94f9971caddace1faef1e83b6c. Jim Pingle
12:15 PM Bug #13676 (Feedback): PHP errors on services_dhcpv6_relay.php: Applied in changeset commit:bef138fa29432321d9befad6038117d9b55cbe13. Reid Linnemann
11:10 AM Bug #12632 (Feedback): Changing an interface IP address and gateway at the console does not save the new gateway if one already exists for the interface: Applied in changeset commit:13ae614b25433193c5bab8beabff65a1c80dcb3a. Jim Pingle
10:54 AM Bug #12632 (In Progress): Changing an interface IP address and gateway at the console does not save the new gateway if one already exists for the interface: I see a couple problems here.
First, the script only sets the default gateway if there is no default gateway set -... Jim Pingle
11:01 AM Bug #12737 (Feedback): CA path is not defined when using ``curl`` in the shell: Implemented in commit:8b4e08382a890b2978c80130def0db2bab0adf28
Jim Pingle
08:38 AM Bug #12737: CA path is not defined when using ``curl`` in the shell: Defining it in the environment in the shell init scripts works for me. Commit inbound shortly.
With the CA for a w... Jim Pingle
08:28 AM Bug #12737 (In Progress): CA path is not defined when using ``curl`` in the shell: Jim Pingle
10:55 AM Bug #12673: Firewall Logs Dashboard Widget is slow and may fail to update: The problem is clear to me. If the widget processing time > than the refresh time the widget will be re triggered bef... Louis B
10:10 AM Bug #13453 (Feedback): Incorrect word in "Network Interfaces" help text on ``services_unbound.php``: Applied in changeset commit:b03e0c60bcd1675a35a53ebb94db22cd5598be1c. Jim Pingle
10:09 AM pfSense Plus Bug #13674 (Resolved): QAT detection on dashboard is incorrect if the driver does not attach: This is working as expected on the latest snapshot. I don't have any hardware around with an unsupported chip but if ... Jim Pingle
10:05 AM pfSense Plus Regression #13491 (Resolved): Crypto devices are not detected on current snapshots because the format of pciconf has changed: Confirmed here as well on 4100 (C3K), 7100 (C3K), and 7551 (C2K). Jim Pingle
09:54 AM pfSense Plus Regression #13491: Crypto devices are not detected on current snapshots because the format of pciconf has changed: Can confirm the fix is working on an SG-5100 running 23.01 build 23.01.a.20221118.0600. Thanks for the quick turnarou... Nick Goehring
10:05 AM Bug #13462 (Feedback): Advanced DHCP6 client settings only work for a single interface: Applied in changeset commit:29f367a0e681621c1950e42fbc1261b08e2d3a42. Jim Pingle
10:00 AM Bug #13675 (Feedback): Code that sets IPv6 MTU can unintentionally act on IPv4 addresses: Applied in changeset commit:9b391783768adc4e0db543770c3a2b7208a56a33. Christopher Cope
09:49 AM Bug #13677 (Duplicate): Complete connectivity loss when OpenVPN Client loses connection: Duplicate of #13678 Jim Pingle
06:29 AM Bug #13677 (Duplicate): Complete connectivity loss when OpenVPN Client loses connection: Greetings.
Had updated to 2.6 from 2.5.3 in the past, and encountered a bug where if an OpenVPN client goes down f... Lily S
08:25 AM Bug #12960 (Feedback): VGA install defaults to serial as primary console when loading/saving admin GUI settings without making changes: Applied in changeset commit:410e9b52e45b7248942640f4a08189cd18567353. Jim Pingle
07:42 AM Bug #12960: VGA install defaults to serial as primary console when loading/saving admin GUI settings without making changes: To confirm, the loader menu issue is identical to #13080 -- On the ISO when booting via BIOS, it has @boot_serial=NO@... Jim Pingle
02:53 AM Regression #13488: All Captive Portal users are given the same limiter pipe pair: Steve Wheeler wrote in #note-4:
> For reference the thread this was discussed and diagnosed in is here:
> https://f... Kristof Provost

11/17/2022

05:29 PM Bug #13676 (Resolved): PHP errors on services_dhcpv6_relay.php: ... Reid Linnemann
05:25 PM pfSense Packages Feature #13608: ACME Not Recognizing new .au domain on wildcard: This is now becoming a huge problem for my customers who have embraced the new tld .au. We are not able to create any... Rick Strangman
04:31 PM pfSense Packages Bug #13619 (Feedback): PHP Error in pfblockerNG-devel widget: This should be fixed as of "223d90f":https://github.com/pfsense/FreeBSD-ports/commit/223d90f55b308871c21e1b3d93812bc9... Reid Linnemann
03:11 PM pfSense Packages Regression #13628: FreeRADIUS Users cleared out each time a user is add, removed, or modified: Sounds like it might be the same root cause as #13642 (See the most recent note on there) Jim Pingle
03:09 PM pfSense Packages Regression #13631 (Duplicate): FreeRADIUS fails to authenticate users: Duplicate of #13628 Jim Pingle
03:09 PM pfSense Packages Bug #13653 (Duplicate): FreeRadius package 0.15.8_1 on 23.01 doesn't write user's info to /usr/local/etc/raddb/users file.: Duplicate of #13628 Jim Pingle
03:06 PM Bug #13675 (Pull Request Review): Code that sets IPv6 MTU can unintentionally act on IPv4 addresses: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/937 Christopher Cope
02:40 PM Bug #13675 (Resolved): Code that sets IPv6 MTU can unintentionally act on IPv4 addresses: Related to https://redmine.pfsense.org/issues/11855
The patch on that issue adds a check for the address being IPv... Christopher Cope
03:02 PM Bug #13102: Deleting an IPSec tunnel doesn't destroy the SA (SADs/SPDs), causes crash in status_ipsec.php: Can move this forward, previous attempts were too disruptive to risk given all the other changes going on for the 23.... Jim Pingle
03:00 PM Bug #12960: VGA install defaults to serial as primary console when loading/saving admin GUI settings without making changes: As we saw on #13080 this is probably just the loader menu interpreting the environment incorrectly.
The GUI page c... Jim Pingle
02:56 PM Bug #12901 (Resolved): DNS Forwarder refuses valid retries from clients in certain cases: Current dev snapshots have dnsmasq-2.87,1 so this should be resolved.
Jim Pingle
02:54 PM Feature #12768: pfSense-repo: Make sure default config file exists: Is this still something we need to address?
I think this has either already been done or has been superseded by ot... Jim Pingle
02:53 PM Bug #12737: CA path is not defined when using ``curl`` in the shell: Seems like we should be able to define our CA path in the environment to cover some of these cases:
From the man p... Jim Pingle
02:44 PM Bug #12645 (Feedback): ``filterdns`` does not monitor remote IPsec gateways for IPv6 address changes: This should be re-tested/re-confirmed. There have been several potentially relevant changes since the last report, in... Jim Pingle
02:36 PM Bug #11296: Static route targets may still reachable via default route when the gateway they should route through is down: While this can be confusing, any solution tried thus far has broken more than it has fixed. If someone wants to pick ... Jim Pingle
02:34 PM Bug #3132: Gateway events for IPv6 affect IPv4 services and vice versa: Moving ahead again, too many other more important things and this requires working on each affected service separatel... Jim Pingle
02:32 PM Bug #11091 (Rejected): Interfaces set as disabled in the configuration have an UP status in the operating system at boot: No movement in a long time on this plus when we did try it was really disruptive for little to no benefit. Closing fo... Jim Pingle
12:54 PM pfSense Plus Bug #13664 (Feedback): GUI allows configuring OpenVPN DCO with incompatible options (TCP, compression, TAP, net30): Done: https://gitlab.netgate.com/pfSense/factory/-/commit/966988801d2684e2d31d24040ab9641b0390d61a
> When DCO is e... Jim Pingle
12:17 PM pfSense Plus Bug #13664 (In Progress): GUI allows configuring OpenVPN DCO with incompatible options (TCP, compression, TAP, net30): Jim Pingle
12:11 PM Regression #13488: All Captive Portal users are given the same limiter pipe pair: The changes in https://redmine.pfsense.org/projects/pfsense/repository/1/revisions/32661caf9549d8675763e814c9ceb9c2b4... Reid Linnemann
11:13 AM Regression #13488: All Captive Portal users are given the same limiter pipe pair: For reference the thread this was discussed and diagnosed in is here:
https://forum.netgate.com/topic/174489/22-05-c... Steve Wheeler
10:53 AM Regression #13488: All Captive Portal users are given the same limiter pipe pair: Potential fix in https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/936 Kristof Provost
11:50 AM Regression #13604: OpenVPN service status is incorrect: Tested the patch against the following services under Status/Services:... Danilo Zrenjanin
10:30 AM Regression #13604 (Feedback): OpenVPN service status is incorrect: Applied in changeset commit:5ee97acf88086e33e751d85571ff34c1157f9204. Jim Pingle
10:27 AM Regression #13604: OpenVPN service status is incorrect: Confirmed, they're all the same root cause. Fix committed, will be in momentarily. Jim Pingle
10:17 AM Regression #13604 (In Progress): OpenVPN service status is incorrect: Pretty sure all of these service-related Redmine issues are the same root cause. I see at least one obvious problem t... Jim Pingle
01:19 AM Regression #13604 (Confirmed): OpenVPN service status is incorrect: I confirmed this behavior on the:... Danilo Zrenjanin
10:26 AM pfSense Packages Bug #13665 (Duplicate): Unable to start Wireguard from Status > Services: Duplicate of #13604 (same root cause). Jim Pingle
10:22 AM pfSense Packages Regression #13668 (Duplicate): Unable to start FRR from Status > Services: Duplicate of #13604 (same root cause). Jim Pingle
10:21 AM pfSense Packages Regression #13673 (Duplicate): Unable to start pfBlockerNG-devel from Status > Services: Duplicate of #13604 (same root cause). Jim Pingle
06:12 AM pfSense Packages Regression #13673 (Duplicate): Unable to start pfBlockerNG-devel from Status > Services: When stopping pfb_filter or pfb_dnsbl from Status > Services, it shows disabled instead of stopped and can't be start... Danilo Zrenjanin
10:21 AM pfSense Packages Regression #13672 (Duplicate): Unable to start freeradius from Status > Services: Duplicate of #13604 (same root cause). Jim Pingle
02:44 AM pfSense Packages Regression #13672 (Duplicate): Unable to start freeradius from Status > Services: When stopping radiusd from *Status > Services*, it shows disabled instead of stopped and can't be restarted under *St... Danilo Zrenjanin
10:10 AM pfSense Plus Bug #13674 (Feedback): QAT detection on dashboard is incorrect if the driver does not attach: Applied in changeset pfsense:commit:12689bb00142ccf14d323d123277c02f3ffc48bf. Jim Pingle
09:54 AM pfSense Plus Bug #13674 (Resolved): QAT detection on dashboard is incorrect if the driver does not attach: If the QAT module is loaded but the driver did not attached to the hardware, the dashboard still reports "QAT: Yes (a... Jim Pingle
09:47 AM pfSense Plus Regression #13491 (Feedback): Crypto devices are not detected on current snapshots because the format of pciconf has changed: MR is merged. Works well here for detecting QAT, but needs further testing on more hardware once it's in a snapshot.
Jim Pingle
07:13 AM pfSense Plus Regression #13491: Crypto devices are not detected on current snapshots because the format of pciconf has changed: MR: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/933 Jim Pingle
08:42 AM Bug #13014: Deadlock in Charon VICI interface: Based on available information the suspicion is that charon itself is deadlocking, which matches the described sympto... Kristof Provost
07:50 AM pfSense Packages Regression #13657 (Duplicate): pfblockerng.widget.php Error - Pfsense 2.7 Fri Nov 11 06:30:07 UTC 2022 Build: Jim Pingle
07:18 AM Regression #13670 (Feedback): AES-NI support is built into the kernel on snapshots instead of being a module: This is because AES-NI is currently built into the kernel. We were debating whether to keep it in the kernel or move ... Jim Pingle
07:13 AM pfSense Plus Bug #13667 (Duplicate): QuickAssist hardware not recognized: Duplicate of #13491 Jim Pingle
05:07 AM pfSense Docs New Content #12597 (New): How to reset IPMI settings and password for Netgate appliances: The part with the commands to define the IP address, subnet mask, and default gateway is still missing.
Enable an... Danilo Zrenjanin
01:17 AM Regression #13669 (Duplicate): Status / Services doesn't show correct OpenVPN status: This one is a duplicate of https://redmine.pfsense.org/issues/13604 Danilo Zrenjanin

11/16/2022

05:49 PM pfSense Packages Bug #13642 (In Progress): PHP Error: frr_zebra.inc:159: Reid Linnemann
05:48 PM pfSense Packages Bug #13642 (Confirmed): PHP Error: frr_zebra.inc:159: Reid Linnemann
05:48 PM pfSense Packages Bug #13642: PHP Error: frr_zebra.inc:159: Root cause of this appears to be an empty <config> element being written under the frrglobalroutemaps package. Due to... Reid Linnemann
05:42 PM Bug #12552: "Pull DNS" option within OpenVPN client does not cause pfSense to use DNS servers assigned by remote OpenVPN server: Are there any updates on this issue? I am having exactly the same problem and I am on pfSense Plus 22.05 Alex Stoev
02:57 PM Bug #13671: DHCP client can fail permanently if an interface is down at boot: A workaround for this issue is to delay pfSense booting to allow an upstream device time to bring up the link.
This ... Steve Wheeler
02:54 PM Bug #13671 (Resolved): DHCP client can fail permanently if an interface is down at boot: If when the WAN is brought up at boot launching dhclient the interface is down it will fail and stop:... Steve Wheeler
02:07 PM Regression #13670 (Resolved): AES-NI support is built into the kernel on snapshots instead of being a module: AES-NI is activated in Advanced/Miscellaneous but dashboard system status shows AES-NI present but inactive
ps thi... johnny stecchino
12:46 PM Regression #13669 (Duplicate): Status / Services doesn't show correct OpenVPN status: When stopping the OpenVPN service from Status > Services, it shows disabled instead of stopped. It can be started aga... Danilo Zrenjanin
12:37 PM pfSense Packages Regression #13668 (Duplicate): Unable to start FRR from Status > Services: When stopping FRR from Status > Services, it shows disabled instead of stopped and can't be restarted from the GUI. I... Danilo Zrenjanin
11:54 AM Bug #13014: Deadlock in Charon VICI interface: EDIT:
Disregard this. Did not permanently resolve the issue, but only seemed to help slow it down.
ORIGINAL:
Anot... Kris Phillips
11:50 AM Bug #13659 (Feedback): replace direct config accesses for system/webgui paths in system_advanced_admin.inc: Applied in changeset commit:9c2b9b78c150b27850c56dbf2df0260ba13b00fe. Reid Linnemann
10:19 AM pfSense Plus Bug #13667: QuickAssist hardware not recognized: I've checked, and the only other use of pciconf in the GUI is intended for human consumption (on the status.php page)... Kristof Provost
10:16 AM pfSense Plus Bug #13667 (Pull Request Review): QuickAssist hardware not recognized: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/933
See also #13491 Kristof Provost
06:34 AM pfSense Plus Bug #13667 (Duplicate): QuickAssist hardware not recognized: see https://forum.netgate.com/topic/175893/quickassist-doesn-t-seem-to-be-working
This is part of a larger issue a... johnny stecchino
09:03 AM Bug #13662: Setting a limiter queue length greater than 100 prevents the limiter from loading: Setting the queue length on the child queue AND parent scheduler worked! (also have to keep this bug in mind #13158) Marcos M
07:56 AM Bug #13662: Setting a limiter queue length greater than 100 prevents the limiter from loading: Increasing the queue lengths of the individual queues appears to help. I tested with a queue of 5000 at 100Mbps. Incr... Kristof Provost
08:48 AM pfSense Packages Regression #13657: pfblockerng.widget.php Error - Pfsense 2.7 Fri Nov 11 06:30:07 UTC 2022 Build: Duplicate of https://redmine.pfsense.org/issues/13619 BBcan177 .
08:18 AM pfSense Packages Bug #13665 (Confirmed): Unable to start Wireguard from Status > Services: I can confirm this behavior.
Tested on the:... Danilo Zrenjanin

11/15/2022

06:15 PM Regression #13666 (Resolved): Assigned bridge interfaces are not configured at boot: Under some circumstances a bridge interface assigned as LAN is not configured correctly at boot. It comes up without ... Steve Wheeler
04:52 PM pfSense Packages Bug #13665: Unable to start Wireguard from Status > Services: Using Wireguard 0.1.6_3 Christopher Cope
04:34 PM pfSense Packages Bug #13665 (Duplicate): Unable to start Wireguard from Status > Services: When stopping Wireguard from Status > Services it shows disabled instead of stopped and can't be restarted from the G... Christopher Cope
02:49 PM pfSense Plus Bug #13664 (Resolved): GUI allows configuring OpenVPN DCO with incompatible options (TCP, compression, TAP, net30): When DCO mode is enabled for OpenVPN, the GUI allows configuring options which are currently incompatible with OpenVP... Jim Pingle
02:38 PM Bug #13408 (Feedback): PF can fail to load a new ruleset: Jim Pingle
02:37 PM Bug #13295 (Feedback): Incorrect function parameters for ``get_dpinger_status()`` call in ``gwlb.inc``: PR merged Jim Pingle
02:35 PM Bug #12947 (Feedback): Old IPv6 addresses may continue to be used after DHCP or RA changes: This needs re-tested since snapshots are on FreeBSD 14-CURRENT (main) now the change noted above is in the tree. I ch... Jim Pingle
02:31 PM Bug #12757 (Feedback): Clean up use of ``pfctl -F`` in ``/etc/inc/filter.inc``: Changes made manually since the PR had conflicts and it was a small diff.
Jim Pingle
02:28 PM Bug #12920 (Feedback): Gateway behavior differs when the gateway does not exist in the configuration: The last MR was merged a while ago. If there are still problems here we need a detailed list of incorrect behaviors, ... Jim Pingle
02:26 PM Bug #12673 (New): Firewall Logs Dashboard Widget is slow and may fail to update: Needs re-checked to see if it's still a problem and it needs to account for the items I mentioned in the MR. The valu... Jim Pingle
02:24 PM Feature #12464 (New): Option to control log level of authentication messages in system logs ("Emergency" vs "Notice" level): Needs re-designed as I suggested, just lowering the log level unilaterally will have other unintended effects.
Jim Pingle
02:23 PM Bug #12385 (Rejected): deleteVIP() does not check 1:1 NAT and Outbound NAT rules: There is no easy way to determine if this is a fatal error or not. If the upstream routes the block to the firewall, ... Jim Pingle
12:50 PM Todo #13357 (Feedback): Spelling and typo corrections: PR merged Jim Pingle
12:46 PM Bug #13258 (Feedback): Hidden menu option ``100`` incorrectly handles HTTPS detection: PR merged Jim Pingle
12:42 PM Regression #13303 (Feedback): DNSExit Dynamic DNS updates no longer work: PR https://github.com/pfsense/pfsense/pull/4606/files Merged Jim Pingle
12:41 PM Bug #13298 (Feedback): Dynv6 Dynamic DNS client does not check the response code when updating: PR Merged. Jim Pingle
12:25 PM Regression #13420 (Feedback): TCP traffic sourced from the firewall can only use the default gateway: Now that we are on main-based builds this needs retested/reconfirmed. Jim Pingle
12:24 PM Regression #13459 (Feedback): Automatic ``reply-to`` bypass for traffic in the same subnet is no longer functioning in main builds: Jim Pingle
12:23 PM Regression #12549: Per-user Mobile IPsec settings are not applied to connecting mobile clients: Still needs more thought here. The differences in client behavior and which values they send may make this impossible... Jim Pingle
12:19 PM Feature #13304 (Feedback): ALTQ GUI support for Broadcom Netextreme II (``bxe``) interfaces: Jim Pingle
12:10 PM Todo #13524 (Feedback): Update reserved alias names: Applied in changeset commit:a637e8eccca0955a2ca8d97f18d94f7fca8c8bc2. Marcos M
12:10 PM Bug #13393 (Feedback): DNS Resolver responds with unexpected source address when the DNS over TLS server function is enabled: Applied in changeset commit:c77e381e5c408172cb20a565a3fdfd998fc983d1. Marcos M
12:05 PM Bug #13633 (Feedback): DHCPv6 rules are not created for interfaces with static IPv6: Applied in changeset commit:e289a583abbf90eeab67c057f9b92d732ba70448. Marcos M
11:05 AM Todo #13250 (Feedback): Clean up DHCP Server option language: Applied in changeset commit:e8c09d18f12996e1652a636de49f00f75d60b772. Jim Pingle
09:30 AM Todo #13250 (In Progress): Clean up DHCP Server option language: Jim Pingle
10:23 AM Todo #13644 (In Progress): Enable ALTQ support in cxgbe(4): Yes, cxl should also be removed. It doesn't support altq either, that's what I was testing with. Expect an additional... Steve Wheeler
10:05 AM Todo #13644: Enable ALTQ support in cxgbe(4): Kristof Provost wrote in #note-1:
> Unfortunately it's not straightforward to re-enable ALTQ support in the cxgbe(4)... Victor Coss
09:19 AM Regression #13660: PHP8.1 error after applying floating rules changes: I managed to trigger this a couple more times while changing limiter settings and simply browsing to the floating rul... Marcos M
09:15 AM Bug #13662: Setting a limiter queue length greater than 100 prevents the limiter from loading: The bandwidth limits I have are 140 up 9 down and the issue persists there even with a queue length of 1400/90. Marcos M
09:06 AM Bug #13662: Setting a limiter queue length greater than 100 prevents the limiter from loading: Does it help to increase the queue length there? Normally we recommend setting it to >= 1000 for 100Mbit/s and even h... Jim Pingle
09:00 AM Bug #13662: Setting a limiter queue length greater than 100 prevents the limiter from loading: There's something very odd going on with this. I can reproduce the problem, but only if I set the pipe bandwidth suff... Kristof Provost
09:10 AM Regression #13663 (Feedback): WIFI interface configuration creates invalid xml: Applied in changeset commit:26da7653ee52f45ed36157cf5192b167f408d0de. Jim Pingle
09:07 AM Regression #13663: WIFI interface configuration creates invalid xml: Yup, that fixes it here. Steve Wheeler
09:01 AM Regression #13663 (In Progress): WIFI interface configuration creates invalid xml: Looks like it's a typo in a key name.... Jim Pingle
08:51 AM Regression #13663 (Resolved): WIFI interface configuration creates invalid xml: Saving the config for a wifi interface creates a bad config file causing it to be rejected and rolled back:... Steve Wheeler
02:59 AM Feature #13639: Add custom DSCP value in firewall rules: Marcos M wrote in #note-5:
> Odd, it worked fine here. I attached the patch for different versions - try the one spe... Marc Turin

11/14/2022

07:01 PM Bug #13662 (Resolved): Setting a limiter queue length greater than 100 prevents the limiter from loading: h3. Issue
Traffic is not limited based on the weight value within WF2Q+ queues resulting in higher-weighted queue ... Marcos M
06:02 PM pfSense Packages Feature #9833: ACME: add ability to use custom ACME server: +1, we have completed a rollout of step-ca to our enterprise and would really appreciate this feature as well.
This ... Karl Ribich
05:55 PM Regression #13661 (Feedback): Input validation issues on firewall_shaper.php: Applied in changeset commit:b1972170a9d4bbc12ca6e35f861980f7d4b0d525. Reid Linnemann
05:19 PM Regression #13661 (Resolved): Input validation issues on firewall_shaper.php: On the firewall_shaper.php page, when I create a new shaper without setting a bandwidth I see this error:... Reid Linnemann
03:40 PM Bug #13633: DHCPv6 rules are not created for interfaces with static IPv6: Patch works as expected and is required in current snapshots.
Tested:... Steve Wheeler
03:10 PM Regression #13627 (Feedback): PHP: Easyrule from the firewall log: Applied in changeset commit:d55227f4e8b73000eefc60c5d0e479f3ab26e214. Jim Pingle
11:19 AM Regression #13627 (In Progress): PHP: Easyrule from the firewall log: Jim Pingle
03:10 PM Bug #13445 (Feedback): ``easyrule`` CLI script has multiple bugs and undesirable behaviors: Applied in changeset commit:d55227f4e8b73000eefc60c5d0e479f3ab26e214. Jim Pingle
11:19 AM Bug #13445 (In Progress): ``easyrule`` CLI script has multiple bugs and undesirable behaviors: See also: #13627 Jim Pingle
02:28 PM Feature #13304 (Ready To Test): ALTQ GUI support for Broadcom Netextreme II (``bxe``) interfaces: Done in https://gitlab.netgate.com/pfSense/pfSense/-/commit/3f5702a9ba507f22abbb4e77063fc9dccad34f69
That should b... Kristof Provost
12:04 PM Regression #13660 (Resolved): PHP8.1 error after applying floating rules changes: Tested on @23.01.a.20221114.0600@
After applying floating rules changes, the following error showed under the rule... Marcos M
11:56 AM Regression #13026: Limiters do not work: The originally described scenario works fine on current snapshots for me. That is; Limiters applied via a floating ou... Steve Wheeler
08:05 AM Regression #13026: Limiters do not work: I've tested a recent CE snapshot and see correct limiting both up and down, with a gateway set on the floating rule.
... Kristof Provost
11:36 AM Bug #13659 (Resolved): replace direct config accesses for system/webgui paths in system_advanced_admin.inc: Brad Davis
10:17 AM Bug #13132 (Feedback): Multiple ``<sshdata>`` or ``<rrddata>`` sections in ``config.xml`` lead to an XML parsing error during restore: Fixed by commit:6600b09f72ca2fddfaae0f834b211689c3d32655 Jim Pingle
10:11 AM Bug #13132: Multiple ``<sshdata>`` or ``<rrddata>`` sections in ``config.xml`` lead to an XML parsing error during restore: When testing this fix, be sure to test the following scenarios:
* Add sections to the live config.xml before takin... Jim Pingle
09:45 AM Bug #13132 (In Progress): Multiple ``<sshdata>`` or ``<rrddata>`` sections in ``config.xml`` lead to an XML parsing error during restore: I see a couple problems here. One, code that removed duplicate sections on backup (#10508) got unintentionally remove... Jim Pingle
09:49 AM Feature #13658: Autofill Mask (Prefix-Length) Drop-Down if IP-Adress Field ends with /XX: Interesting idea but I'm not sure how viable it will be, especially on large forms like aliases.
In most OS/browse... Jim Pingle
09:36 AM Feature #13658 (New): Autofill Mask (Prefix-Length) Drop-Down if IP-Adress Field ends with /XX: Currently (V2.6.0 pfsense CE) It is a bit tedious to enter IP adresses with
known netmask.
You have to enter the ad... Christian Schroeder
07:20 AM pfSense Packages Feature #12789 (Resolved): Show expiration date of certificates in the ACME package list: Jim Pingle
03:43 AM Bug #13280: Entries for ``net.link.ifqmaxlen`` duplicated in ``/boot/loader.conf``: I cannot reproduce this on either CE (20221111) or Plus (of a similar vintage). Does this problem still occur on rece... Kristof Provost
01:11 AM pfSense Packages Bug #13641: PHP Error: squid.inc:852: on 23.01-DEVELOPMENT (built on Fri Nov 11 06:05:57 UTC 2022) when I tried to install Squid I got
_Fatal error: Uncaug... Azamat Khakimyanov

11/13/2022

09:38 PM pfSense Packages Regression #13657 (Duplicate): pfblockerng.widget.php Error - Pfsense 2.7 Fri Nov 11 06:30:07 UTC 2022 Build: Crash report begins. Anonymous machine information:
amd64
14.0-CURRENT
FreeBSD 14.0-CURRENT #0 devel-main-n2558... RED SKULL
12:19 PM Regression #13593 (Resolved): pfSense-repo.abi left at FreeBSD:14:amd64 after changing update branch to DEVEL and back: Steve Wheeler
06:51 AM pfSense Packages Bug #13587: Zabbix-agent62 install fails: Trying to install on version pfsense 2.6
>>> Installing pfSense-pkg-zabbix-agent62...
Updating pfSense-core ... Marcio Gomes

11/12/2022

07:40 PM Feature #13656 (Duplicate): Add UI Elements for Priority Control Point on Interfaces: With the addition of PCP VLAN0 tagging support in FreeBSD and introduction into pfSense Plus 23.01 we should add a UI... Kris Phillips
07:36 PM Regression #12821: Intel e1000 driver (``em``, ``igb``) cannot pass packets tagged with VLAN ``0``: With the introduction of native PCP VLAN0 tagging in pfSense Plus 23.01 and the new bridge filtering to pass along EA... Kris Phillips
07:31 PM pfSense Plus Bug #13206: SG-3100 LED GPIO hangs: Graham Collinson wrote in #note-5:
> I can confirm it's happening for me on a 22.01 3100 firewall.
> I haven't seen i... Kris Phillips
07:10 PM pfSense Packages Feature #13643: FRR - Display what BGP is advertsing to its neighbors: it could be added as "vtysh command " similar to Diagnostics>Command Prompt .
only "show" Commands (not conf. c... Alhusein Zawi
06:40 PM Bug #13600: Saving a DDNS entry can lead to the GUI timing out.: I am unable to recreate this issue on the Nov 11th builds of 23.01. When clicking save or save and force update afte... Kris Phillips
06:14 PM Regression #13593: pfSense-repo.abi left at FreeBSD:14:amd64 after changing update branch to DEVEL and back: Tested this on my 22.05 box as well. Looking good. This can be marked as Resolved. Kris Phillips
03:40 PM Regression #13593: pfSense-repo.abi left at FreeBSD:14:amd64 after changing update branch to DEVEL and back: much happier now, I had a 22.05 VM that was unable to check for updates after switching to dev branch last week. Now ... Jordan G
06:04 PM Bug #13425: Invalid alias name can still be used by code attempting to validate URL table content: when attempting to save an alias in 23.01.a.20221111.0600 include an additional / at the end of a URL results in
<... Jordan G
03:18 PM pfSense Packages Feature #12789: Show expiration date of certificates in the ACME package list: ACME v0.7.3 now displays when the certificate was last renewed as well as the issued certificate validity from and un... Jordan G
01:33 PM pfSense Packages Bug #13642: PHP Error: frr_zebra.inc:159: There is a different redmine for that issue:
https://redmine.pfsense.org/issues/13564 Danilo Zrenjanin
01:19 PM pfSense Packages Bug #13642: PHP Error: frr_zebra.inc:159: The issue occurs when adding a route map
PHP errors:
PHP ERROR: Type: 1, File: /usr/local/pkg/frr/inc/frr_zebra... Alhusein Zawi
01:20 PM Regression #13026 (New): Limiters do not work: I can confirm that limiters work fine until you define a specific gateway in the rule where the limiters are applied.... Danilo Zrenjanin
10:11 AM Bug #13655 (Resolved): DNS Forwarder (``dnsmasq``) is using an invalid combination of options when "Query DNS servers sequentially" is enabled: dnsmasq is always getting the --all-servers option added in https://github.com/pfsense/pfsense/blob/29e534800a56f21bd... Flole Systems
06:05 AM pfSense Packages Bug #13654 (New): Wireguard does not fail back failover WAN setup.: I have this main WAN connection that is quite unstable. So I set up a 4G router on the OPT port on netgate 1100. This... Frode Martin
03:07 AM pfSense Packages Bug #13653 (Confirmed): FreeRadius package 0.15.8_1 on 23.01 doesn't write user's info to /usr/local/etc/raddb/users file.: Tested on the:... Danilo Zrenjanin
02:31 AM pfSense Packages Bug #13653 (Duplicate): FreeRadius package 0.15.8_1 on 23.01 doesn't write user's info to /usr/local/etc/raddb/users file.: FreeRadius package 0.15.8_1 on 23.01 doesn't write user's info to /usr/local/etc/raddb/users file.
@lrwxr-xr-x ... Lev Prokofev

11/11/2022

03:40 PM Bug #13545: Toggling NAT rules using the button method does not enable/disable corresponding firewall rules: Applied in changeset commit:0e6c4d622c6046fb76ed1e706ef3788e89be5168. Christopher Cope
03:35 PM Bug #13545 (Feedback): Toggling NAT rules using the button method does not enable/disable corresponding firewall rules: Merged. Christopher Cope
03:18 PM Feature #12070 (Resolved): Support for VLAN ``0``: Tested on... Christopher Cope
01:38 PM pfSense Plus Bug #13206: SG-3100 LED GPIO hangs: I can confirm it's happening for me on a 22.01 3100 firewall.
I haven't seen it yet on other firewalls that have bee... Graham Collinson
01:32 PM Todo #13648 (Feedback): Remove deprecated IPsec algorithms (3DES, Blowfish, and CAST 128 encryption; MD5 HMAC/Hashing): This is now complete. See commit:599742b01436e2b99c0c2fb52cab71f5726a695d
P1 and P2 entries are only disabled if t... Jim Pingle
11:21 AM Bug #13652 (Closed): Inconsistent behavior filtering ICMP traffic: I have the following FLOATING rules to filter out unwanted ICMP traffic on the network (these are repeated for all in... Serge Caron
11:05 AM pfSense Plus Feature #13649 (Feedback): Support for ChaCha20-Poly1305 and AES-128-GCM encryption with OpenVPN DCO: Changes merged: https://gitlab.netgate.com/pfSense/factory/-/commit/8a67fe3c06a070c997873cf68b38796d6df821c0
The c... Jim Pingle
10:28 AM Regression #13593: pfSense-repo.abi left at FreeBSD:14:amd64 after changing update branch to DEVEL and back: This looks good in Plus too:... Steve Wheeler
07:54 AM Regression #13593 (Feedback): pfSense-repo.abi left at FreeBSD:14:amd64 after changing update branch to DEVEL and back: Brad Davis
01:01 AM Regression #13593: pfSense-repo.abi left at FreeBSD:14:amd64 after changing update branch to DEVEL and back: It works for me now running pfsense 2.6.0-RELEASE (amd64) Patch Public
09:22 AM pfSense Docs Correction #13651 (Closed): Writing an Installation Image to Flash Media doc: This is already noted on the document you linked.
> Note
> Etcher requires elevated privileges to write USB drive... Jim Pingle
09:18 AM pfSense Docs Correction #13651: Writing an Installation Image to Flash Media doc: the link to the document:
https://docs.netgate.com/reference/create-flash-media.html#using-etcher Georgiy Tyutyunnik
09:17 AM pfSense Docs Correction #13651 (Closed): Writing an Installation Image to Flash Media doc: On several occasions in Windows 10 and 11 the Balena Etcher would fail to flash firmware to USB or the resulting flas... Georgiy Tyutyunnik
08:48 AM Bug #13633: DHCPv6 rules are not created for interfaces with static IPv6: The 22.05 system that had the same symptom ended up being user error. However 23.01 is still an issue. Marcos M
05:03 AM Bug #13633: DHCPv6 rules are not created for interfaces with static IPv6: I couldn't replicate the issue on 22.05.
After setting the static IPv6 on the LAN interface and enabling DHCPv6 S... Danilo Zrenjanin
07:44 AM pfSense Packages Bug #13650 (Confirmed): User with a wireguard permissions not able to edit peers/tunnels: I can confirm this behavior on the:... Danilo Zrenjanin
04:04 AM pfSense Packages Bug #13650 (Resolved): User with a wireguard permissions not able to edit peers/tunnels: User with "WebCfg - VPN: WireGuard" can't edit anything. On attemt to edit got redirect to wg/vpn_wg_tunnels.php.
Lo... Andrey Hammer
02:00 AM pfSense Packages Bug #13642: PHP Error: frr_zebra.inc:159: Tested against:... Danilo Zrenjanin

11/10/2022

04:35 PM Regression #13593 (In Progress): pfSense-repo.abi left at FreeBSD:14:amd64 after changing update branch to DEVEL and back: This is now fixed in CE:... Steve Wheeler
04:20 PM Bug #13645 (Feedback): PHP errors regarding ssh: Applied in changeset commit:624aa476802af87c04971651cd18c6d22800d52e. Reid Linnemann
12:32 PM Bug #13645 (Pull Request Review): PHP errors regarding ssh: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/927 Reid Linnemann
12:12 PM Bug #13645 (Resolved): PHP errors regarding ssh: Found by @bdavis
With no ssh section in the config, this can be hit:... Reid Linnemann
04:18 PM pfSense Packages Bug #13641: PHP Error: squid.inc:852: This appears to perhaps have been generated post php upgrade and pre pfSense-pkg-squid upgrade, as I don't see any li... Reid Linnemann
03:03 PM Bug #13080 (Resolved): Cannot set EFI console as primary console when using both EFI and Serial: The user-selected behavior is respected now on both EFI and legacy consoles.
The loader menu displays the wrong st... Jim Pingle
02:41 PM pfSense Plus Feature #13649 (Resolved): Support for ChaCha20-Poly1305 and AES-128-GCM encryption with OpenVPN DCO: Copying from NG Redmine.
The @if_ovpn@ driver (in plus) and OpenVPN userspace now support ChaCha20-Poly1305 and AE... Jim Pingle
02:09 PM pfSense Packages Feature #13643: FRR - Display what BGP is advertsing to its neighbors: I do not know whether this will or will not be picked up for GUI inclusion but I wanted to put it out there that admi... Chris Linstruth
01:48 PM Feature #13639: Add custom DSCP value in firewall rules: Odd, it worked fine here. I attached the patch for different versions - try the one specific to yours. Marcos M
09:31 AM Feature #13639: Add custom DSCP value in firewall rules: Marcos M wrote in #note-1:
> For now, here's a quick patch for testing only:
> [...]
Thank for the feedback,
I ... Marc Turin
12:28 PM Todo #13648 (Resolved): Remove deprecated IPsec algorithms (3DES, Blowfish, and CAST 128 encryption; MD5 HMAC/Hashing): FreeBSD removed support for several obsolete ciphers from its IPsec stack. See https://cgit.freebsd.org/src/commit/?i... Jim Pingle
12:22 PM Feature #13647 (Resolved): Support for ChaCha20-Poly1305 encryption with IPsec: Copying here so it gets into the release notes.
This requires changes to the FreeBSD source (https://cgit.freebsd.... Jim Pingle
11:30 AM pfSense Packages Bug #13640 (Feedback): PHP Error: util.inc:1932: Applied in changeset pfsense:commit:b30acd4516b08ebb647f674c28748a6bc685b91c. Reid Linnemann
09:54 AM Todo #13644: Enable ALTQ support in cxgbe(4): Unfortunately it's not straightforward to re-enable ALTQ support in the cxgbe(4) driver. It has been substantially al... Kristof Provost
07:29 AM Bug #13579: Incorrect quoting of Split DNS attribute value in ``strongswan.conf``: Before closing this it would be best if someone could test a live mobile client which can consume these settings to c... Jim Pingle
01:32 AM Bug #13579: Incorrect quoting of Split DNS attribute value in ``strongswan.conf``: Tested the patch against:... Danilo Zrenjanin
03:15 AM Regression #13629: Uncaught TypeError: Cannot access offset of type string on string in /usr/local/www/services_dhcp.php: Here my DHCP configfiles Louis B
02:05 AM Regression #13629: Uncaught TypeError: Cannot access offset of type string on string in /usr/local/www/services_dhcp.php: I tested again against the:... Danilo Zrenjanin

11/09/2022

06:13 PM Feature #13639 (Ready To Test): Add custom DSCP value in firewall rules: Marcos M
10:49 AM Feature #13639: Add custom DSCP value in firewall rules: See attached for a quick patch for testing only. Marcos M
05:30 AM Feature #13639 (Ready To Test): Add custom DSCP value in firewall rules: Hi,
I am using custom DSCP values on a network and want to use custom DSCP fields in firewall rules.
Of the 64 ... Marc Turin
06:06 PM Bug #13393 (Pull Request Review): DNS Resolver responds with unexpected source address when the DNS over TLS server function is enabled: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/918 Marcos M
05:43 PM pfSense Packages Bug #13640 (Pull Request Review): PHP Error: util.inc:1932: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/925 Reid Linnemann
02:03 PM pfSense Packages Bug #13640: PHP Error: util.inc:1932: The box I hit this on has no aliases configured.
This is the HAProxy config that triggered it:... Steve Wheeler
08:38 AM pfSense Packages Bug #13640 (Resolved): PHP Error: util.inc:1932: ... Steve Wheeler
05:42 PM pfSense Packages Bug #13513 (Pull Request Review): Cannot install Squid: https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/297 Reid Linnemann
05:25 PM Bug #13579 (Feedback): Incorrect quoting of Split DNS attribute value in ``strongswan.conf``: Applied in changeset commit:27a52d0807fdb4731360ac1dbe5bf23a0155fda1. Reid Linnemann
02:50 PM Todo #13644 (In Progress): Enable ALTQ support in cxgbe(4): The cxgbe(4) driver is shown in documentation as supporting ALTQ but the code there appears to have had that removed ... Steve Wheeler
01:09 PM pfSense Packages Feature #13643 (New): FRR - Display what BGP is advertsing to its neighbors: There is no way to verify what the pfsense is sending to its bgp peers using the Services/FRR/Status page.
Althoug... Mike Moore
11:08 AM Bug #13080 (Feedback): Cannot set EFI console as primary console when using both EFI and Serial: The EFI loader seems to be forcing boot_serial=YES when the value is unset in the loader configuration. If we explici... Jim Pingle
08:44 AM pfSense Packages Bug #13642 (Resolved): PHP Error: frr_zebra.inc:159: This prevented boot completing. I had to uninstall FRR at the CLI.... Steve Wheeler
08:40 AM pfSense Packages Bug #13641 (Not a Bug): PHP Error: squid.inc:852: ... Steve Wheeler
07:40 AM pfSense Packages Bug #11847 (Resolved): Filters not applied to PEER Groups: Jim Pingle
02:26 AM pfSense Packages Bug #11847 (Assigned): Filters not applied to PEER Groups: Tested on 22.05
I still see that filters are not applied to Peer group. But I don't think it's a Bug because:
1. ... Azamat Khakimyanov

11/08/2022

05:33 PM Bug #13638: ``fcgicli`` fails to write packets with ``nvpair`` values that exceed ``128`` bytes: fcgicli bugs fixed in freebsd-ports/devel change "2993b0084175e2d998f0f294b985371989677d7d":https://github.com/pfsens... Reid Linnemann
05:32 PM Bug #13638 (Resolved): ``fcgicli`` fails to write packets with ``nvpair`` values that exceed ``128`` bytes: Originally identified in #4521, the FastCGI implementation in fcgicli has bugs that prevent it from correctly writing... Reid Linnemann
04:01 PM pfSense Packages Bug #13612: Snort building lists is broken: Flole Systems wrote in #note-8:
> You are absolutely right, the name passed is the german version of "default", which... Bill Meeks
01:36 PM pfSense Packages Bug #13612: Snort building lists is broken: You are absolutely right, the name passed is the german version of "default", which should have been covered by the c... Flole Systems
12:58 PM pfSense Packages Bug #13612: Snort building lists is broken: I am unable to reproduce this in the current RELEASE version of the Snort package. All of the referenced lists (HOME_... Bill Meeks
12:47 PM pfSense Packages Bug #13612: Snort building lists is broken: Flole Systems wrote in #note-5:
> I didn't test it on the dev version, I only tested the latest plus and CE release v... Bill Meeks
08:55 AM pfSense Packages Bug #13612: Snort building lists is broken: I didn't test it on the dev version, I only tested the latest plus and CE release versions.
For me the check I men... Flole Systems
06:38 AM pfSense Packages Bug #13612: Snort building lists is broken: I am the Snort package maintainer and tested this in a current pfSense-2.7.0-DEVEL snapshot with the most recent Snor... Bill Meeks
03:13 PM Bug #13080 (In Progress): Cannot set EFI console as primary console when using both EFI and Serial: This had been working but stopped at some point since I tested it last.
It still prefers serial no matter what, an... Jim Pingle
12:34 PM Bug #13579: Incorrect quoting of Split DNS attribute value in ``strongswan.conf``: MR: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/922 Jim Pingle
12:24 PM Feature #13446: Upgrade PHP from 7.4 to 8.1: Fixing this up so we can use it as a parent issue for all the various PHP-related issues being tracked Jim Pingle
11:52 AM pfSense Packages Feature #13637 (New): pfBLockerNG Add suppression support for GeoIP lists: It would be useful for GeoIP to support the suppression feature and allow the CIDR to be limited as is possible with ... Marcos M
08:57 AM pfSense Packages Feature #13636 (New): Show all type of actions on the HAProxy page: haproxy_listeners.php: Currently when you go to the HAProxy service, you see a page with all shared frontends, some information columns and ... Steve Van Lint
07:41 AM Feature #11302: WireGuard XMLRPC sync: We are considering switching from OPNsense (because of pfSense better BGP support), which has XMLRPC synchronization ... Filip Kočí

11/07/2022

04:13 PM pfSense Packages Bug #13619: PHP Error in pfblockerNG-devel widget: BBcan177 . wrote in #note-2:
> Its calling:
>
> [...]
>
> Seems like some rules are missing the ['tracker'] ke... Reid Linnemann
01:25 PM Regression #13614 (Feedback): Cannot Edit Firewall Rules - 2.7.0-DEVELOPMENT (amd64) built on Mon Oct 31 06:05:27 UTC 2022: Applied in changeset commit:6115e76bed50888710f4852f1295461dc526d12a. Reid Linnemann
12:42 PM Bug #13585 (Closed): Multiple VPN Gateways will not completely start a boot.: Thanks! I posted a response on the forum. I'm not able to reproduce this and I don't believe there's an issue with pf... Marcos M
11:58 AM pfSense Packages Bug #12475 (Resolved): OpenVPN Client Export does not show certificate without private key: Tested and it's working - thanks! Marking resolved. Marcos M
11:28 AM pfSense Packages Bug #12475 (Feedback): OpenVPN Client Export does not show certificate without private key: Should be fixed in pkg v1.7_2 and v1.6_7
Jim Pingle
11:48 AM pfSense Packages Regression #13570 (Resolved): openvpn-client-export php error in 2.7: Tested and it's working - thanks! Marking resolved. Marcos M
11:28 AM pfSense Packages Regression #13570 (Feedback): openvpn-client-export php error in 2.7: Should be fixed in pkg v1.7_3 and v1.6_8 Jim Pingle
11:22 AM pfSense Packages Regression #13570 (In Progress): openvpn-client-export php error in 2.7: OK, with the supplied configuration from Marcos I could reproduce it and worked up a fix. Commit coming shortly.
Jim Pingle
10:36 AM pfSense Packages Regression #13570: openvpn-client-export php error in 2.7: Marcos M wrote in #note-8:
> There's still some access issues - visiting @vpn_openvpn_export.php@ gives the followin... Jim Pingle
10:29 AM Regression #13635 (Resolved): Interface speed and duplex selection defaults to non-default option: On 23.01, the @Speed and Duplex@ option within the interface configuration now shows @------- Media Supported by this... Marcos M
10:16 AM pfSense Packages Feature #10818: UDP Broadcast Relay: I believe it's in a good enough state where it can at least be added to the dev branch, but if/when it's merged is up... Marcos M
10:12 AM Regression #11545: Primary interface address is not always used when VIPs are present: I am having the same issue as #note-43. Marcos M
09:37 AM Todo #13634: Update default DHCPv6 rules to follow RFC8415: Proposed rules:... Marcos M
09:32 AM Todo #13634 (New): Update default DHCPv6 rules to follow RFC8415: The reason for updating these is to have "correct" rules by default. Anything that breaks RFC would potentially need ... Marcos M
08:34 AM Bug #12259 (Closed): Intel em NICs Suffering Performance Degradation on FreeBSD12: Jim Pingle
08:31 AM pfSense Packages Bug #13612: Snort building lists is broken: This affects CE aswell as Plus. Snort version is 4.1.6. Reproduction steps are described in the first comment:
Flo... Flole Systems
07:07 AM Bug #11960 (Resolved): Gateway Monitoring Traffic Goes Out Default Gateway: Tested on 21.02_2 and on 22.05
I was able to reproduce this issue on 21.02_2 but on 22.05 everything worked correc... Azamat Khakimyanov

Also available in: Atom

Project

General

Profile

pfSense

Activity

Activity

12/06/2022

12/05/2022

12/04/2022

12/03/2022

12/02/2022

12/01/2022

11/30/2022

11/29/2022

11/28/2022

11/27/2022

11/26/2022

11/25/2022

11/24/2022

11/23/2022

11/22/2022

11/21/2022

11/20/2022

11/19/2022

11/18/2022

11/17/2022

11/16/2022

11/15/2022

11/14/2022

11/13/2022

11/12/2022

11/11/2022

11/10/2022

11/09/2022

11/08/2022

11/07/2022