Activity

30 days up to

User

Subprojects

Activity

From 11/18/2022 to 12/17/2022

12/17/2022

07:52 PM pfSense Packages Bug #13738: Typo under Services/Snort/Interface Settings/WAN - Rules: Is the affected version correct for 21.05 or was this intended to be 22.05? Kris Phillips
07:48 PM pfSense Packages Bug #13763: Error starting TFTP with PHP 8.1: Tested on CE abc516d86cf14a85029e and was unable to reproduce this issue there. Seems to be a 23.01 only issue. Kris Phillips
06:27 PM Bug #13573: DHCP Server generates an invalid configuration for static mappings when defining network booting and UEFI HTTPBoot URL: I'm unable to reproduce this in pfSense Plus 23.01. Can you please test this on the latest development version to ve... Kris Phillips
06:02 PM pfSense Plus Regression #13743: Latest snapshot defaults to 22.05 branch selected which can pull that version's package information: Tested on Dec 17th builds and now the repo list is completely blank. Running "pkg update -f" shows normal results:
... Kris Phillips
05:48 PM Regression #13767: Refuse Nonlocal action in DNS Resolver access list breaks configuration file: I can confirm this behavior on pfSense Plus 23.01 as well. Service fails to start when "Refuse Nonlocal" is chosen i... Kris Phillips
02:56 PM Regression #13767: Refuse Nonlocal action in DNS Resolver access list breaks configuration file: In `/var/unbound/access_lists.conf`, the access list entry that is generated reads as follows:... Gerke Max Preussner
02:54 PM Regression #13767: Refuse Nonlocal action in DNS Resolver access list breaks configuration file: Full error message:... Gerke Max Preussner
02:53 PM Regression #13767 (Resolved): Refuse Nonlocal action in DNS Resolver access list breaks configuration file: 2.7.0-DEVELOPMENT (amd64)
built on Fri Dec 16 06:05:53 UTC 2022
FreeBSD 14.0-CURRENT
After upgrading to the late... Gerke Max Preussner
09:12 AM Feature #12091: RFE: Add support for sssd authentication: Orion Poplawski wrote in #note-1:
> I was very disappointed to see that sssd disappeared from the pfSense repository.... Gabriel Zellmer

12/16/2022

06:22 PM pfSense Plus Bug #13766 (Closed): Various PHP warnings during first reboot after upgrading to 23.01 from 22.01 or 22.05: Some examples, but they're all easy to spot in the screen logs files despite their length.... Chris W
05:07 PM pfSense Packages Bug #13679 (Resolved): Error in pfBlockerNG Post Install Script: Tested version 3.1.0_15 on... Christopher Cope
05:05 PM Revision db6dd2d2: Don't load CSRF timeout from config. Fixes #13757: This allows us to reorder includes so that authgui.inc can load auth.inc first, which fixes several auth mechanisms t... Jim Pingle
03:12 PM Regression #13420: TCP traffic sourced from the firewall can only use the default gateway: The same test works as expected in 23.01:... Steve Wheeler
11:56 AM Bug #13525: Memory leak in PF when retrieving Ethernet rules: Updating subject for release notes. Jim Pingle
03:04 AM Bug #13525 (Feedback): Memory leak in PF when retrieving Ethernet rules: This is now in 23.01 and 2.7.
It needs feedback from someone who was hitting it previously. Steve Wheeler
11:55 AM Regression #13748: DHCP server "Disable Ping Check" option does not store value on save: Updating subject for release notes. Jim Pingle
11:55 AM Regression #13290: Error ``dummynet: bad switch 21!`` when using Captive Portal with Limiters: Updating subject for release notes. Jim Pingle
11:53 AM Bug #13148: Traffic passed by Captive Portal cannot use limiter queues on other rules: Updating subject for release notes. Jim Pingle
11:52 AM pfSense Plus Bug #11626: Google LDAP connections fail due to lack of SNI for TLS 1.3: Updating subject for release notes. Jim Pingle
11:15 AM Regression #13757 (Feedback): Circular dependency issue in ``auth.inc``/``authgui.inc``: Applied in changeset commit:db6dd2d2d288fdd64b9e741db0900c5eb15ba9fb. Jim Pingle
11:06 AM Bug #12920 (Resolved): Gateway behavior differs when the gateway does not exist in the configuration: Closing for lack of feedback either way here. I haven't noticed any gateway issues like this in a while and I've done... Jim Pingle
11:05 AM Regression #13459 (Resolved): Automatic ``reply-to`` bypass for traffic in the same subnet is no longer functioning in main builds: I haven't needed the manual rule to disable reply-to on WAN since this went in months ago. Seems OK to close to me.
Jim Pingle
11:04 AM Bug #13317 (Resolved): ``array_filter`` PHP Errors in ``interfaces.inc``: Closing for lack of feedback either way here. Given the code involved if it was still a problem we'd have encountered... Jim Pingle
08:05 AM Bug #13445 (Resolved): ``easyrule`` CLI script has multiple bugs and undesirable behaviors: This all appears to be OK now. Can always make new issues if more problems pop up.
Jim Pingle
08:04 AM Bug #13755 (Resolved): Multiple incorrect configuration paths in recent UPnP code changes: All working well on current snapshots:
* No trace of UPnP anchors/rules in ruleset when UPnP is disabled
* Enabli... Jim Pingle
07:57 AM Regression #13581 (Resolved): Empty Dynamic DNS entry causes PHP errors in various contexts: I can't reproduce any of the original errors on a current snapshot now. This appears to be resolved. Jim Pingle
07:55 AM Regression #11545 (Resolved): Primary interface address is not always used when VIPs are present: No feedback (positive or negative) and it's been in snapshots for quite some time now. Closing this now, but if anyon... Jim Pingle
07:54 AM Regression #13761 (Resolved): Gateway list is empty when editing static route entries: Gateway list has content again on current snapshots. Jim Pingle
07:32 AM pfSense Packages Regression #13697 (Resolved): pfBlockerNG alerts error on 2.7.0 devel and PHP 8.1: Those other errors were unrelated and were corrected a few snaps ago. Jim Pingle
07:29 AM Bug #13762 (Duplicate): Available Packages for 23.01 Not Displaying: This is likely either a duplicate of #13743 (fixed by picking the right update branch) or another known issue where i... Jim Pingle
03:47 AM Bug #13762 (Duplicate): Available Packages for 23.01 Not Displaying: Hi all,
I have upgrade to 23.01.b.20221216.0600 however when you go to
System > Packet Manager > Available Pac... Mathew Hepple
07:20 AM pfSense Packages Bug #13763: Error starting TFTP with PHP 8.1: Copying the error out of the attachment so it's easier to see:... Jim Pingle
03:50 AM pfSense Packages Bug #13763 (Not a Bug): Error starting TFTP with PHP 8.1: Hi all,
I have upgraded to 23.01.b.20221216.0600 and found that the package TFTP pfSense-pkg-tftpd upgraded: 0.1.3... Mathew Hepple
07:18 AM Bug #13764 (Not a Bug): DHCP Server config restore: There is likely a difference in interface layout between the two systems. The backup/restore function is intended for... Jim Pingle
06:09 AM Bug #13764 (Not a Bug): DHCP Server config restore: Need to transfer DHCP server config from one system to another
Done backup on original system.
After restore, confi... Ivaylo Velikov

12/15/2022

11:27 PM Revision 1e706214: Protect mem_usage() from doing arithmetic with empty sysctl values.: get_single_sysctl() may return an empty string in some conditions, there is no
guarantee that it returns an expected ... Reid Linnemann
04:20 PM Revision 616579c0: Remove trailing whitespace: Steve Wheeler
04:20 PM Revision 4049406a: Remove cxl from altq capable interfaces list: Steve Wheeler
02:27 PM Revision 8a9e2bfb: Some cleanups in system_routes.php: Christian McDonald
01:45 PM Revision e44e4bb8: Clean up some global access in system_routes_edit.php: Christian McDonald
01:33 PM Revision de0e9927: Fix gateway list for static routes. Fixes #13761: Jim Pingle
01:24 PM pfSense Packages Bug #13753: Gateway groups stop sending traffic if they contain wireguard tunnels: Today, Cox went down. In theory, the gateway group should have automatically switched over to starlink, and the wg_s2... Dan Tentler
12:51 PM Bug #12887: GUI does not reject an invalid OpenVPN tap mode configuration with an empty tunnel network "Bridge DHCP" disabled: Marcos M wrote in #note-7:
> > I shouldn't be required to send DHCP over the bridge
> From what I understand, if no... Yousif Hassan
08:45 AM Regression #13761: Gateway list is empty when editing static route entries: Jim Pingle wrote in #note-2:
> Applied in changeset commit:de0e99275b5275d1f5b2e477fcd0322aef5284c4.
Confirmed co... Ronald Schellberg
07:40 AM Regression #13761 (Feedback): Gateway list is empty when editing static route entries: Applied in changeset commit:de0e99275b5275d1f5b2e477fcd0322aef5284c4. Jim Pingle
07:12 AM Regression #13761 (Confirmed): Gateway list is empty when editing static route entries: I saw this last night but hadn't had a chance to make an issue for it yet. Since I can reproduce it here, I'll take a... Jim Pingle
12:27 AM Regression #13761 (Resolved): Gateway list is empty when editing static route entries: Completely blank drop-down for Gateway in ' System/Routing/Static Routes' page despite multiple gateways configured. ... RED SKULL
07:42 AM Bug #13756: Rules for authenticated Captive Portal users are not removed when a zone is disabled: Updating subject for release notes. Jim Pingle
07:11 AM Regression #13748 (Resolved): DHCP server "Disable Ping Check" option does not store value on save: Jim Pingle
02:55 AM Regression #13748: DHCP server "Disable Ping Check" option does not store value on save: Tested on
@23.01-DEVELOPMENT (amd64)
built on Wed Dec 14 06:05:14 UTC 2022
FreeBSD 14.0-CURRENT@
The "<disab... Lev Prokofev
04:08 AM Regression #13522: Minnowboard Turbot additions are no longer present: Tested on MBT-2220
2.7.0-DEVELOPMENT (amd64)
built on Tue Dec 15 06:07:19 UTC 2022
FreeBSD 14.0-CURRENT
No vi... Lev Prokofev
03:28 AM Bug #12926: Changing LAGG type on CARP interfaces makes VIPs go to an "init" State: Tested on 22.05.
I restored the same HA cluster on current 22.05 and got the same result - after changing LAGG typ... Azamat Khakimyanov
02:37 AM Bug #12926 (Confirmed): Changing LAGG type on CARP interfaces makes VIPs go to an "init" State: Tested on 22.01
I was able to reproduce this bug.
I've created HA cluster with LAGG interface on each node and 30... Azamat Khakimyanov
02:21 AM Bug #12747: Restarting the logging daemon during rotation also restarts ``sshguard``, leading to frequent log messages: I am having the same issue in 22.05. Netgate XG1541 van trung tran

12/14/2022

06:38 PM Revision 7cae10a3: Revert "Correct includes/load order in guiconfig.inc. Fixes #13757": This reverts commit 2a24c162e0a8e69d176c54b5a7be09b23cb233f8. Jim Pingle
06:23 PM Revision 2a24c162: Correct includes/load order in guiconfig.inc. Fixes #13757: The recent change here ended up loading some things out of order. Jim Pingle
04:49 PM Revision e3d247ec: Another DDNS empty entry fix. Fixes #13581: Jim Pingle
04:45 PM Revision 00d3003d: Improve handling of empty DDNS entries. Fixes #13581: Jim Pingle
04:35 PM Revision 2067a034: Revert "Add shells/zsh to poudriere_bulk": This reverts commit a360b261b33663b062b20ec15f3f7b5082e6e2bd.
This requires man(1) which we do not have so revert th... Brad Davis
03:33 PM pfSense Docs Todo #13760 (Rejected): Feedback on Development — Executing Commands at Boot: *Page:* https://docs.netgate.com/pfsense/en/latest/development/boot-commands.html
*Feedback:*
This page does no... Jon Brown
03:29 PM Regression #13757: Circular dependency issue in ``auth.inc``/``authgui.inc``: Draft MR: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/984
At the moment the least disruptive way t... Jim Pingle
01:58 PM Regression #13757 (In Progress): Circular dependency issue in ``auth.inc``/``authgui.inc``: That fix attempt ended up not incomplete, it could break CSRF in certain cases.
Still experimenting and checking i... Jim Pingle
12:30 PM Regression #13757 (Feedback): Circular dependency issue in ``auth.inc``/``authgui.inc``: Applied in changeset commit:2a24c162e0a8e69d176c54b5a7be09b23cb233f8. Jim Pingle
12:26 PM Regression #13757: Circular dependency issue in ``auth.inc``/``authgui.inc``: Looks like this may have broken in commit:746f30e3ce1ff39c226a73bf87c86dd370ef239c with the added includes changing t... Jim Pingle
11:49 AM Regression #13757 (Resolved): Circular dependency issue in ``auth.inc``/``authgui.inc``: Some parts of @auth.inc@ use a check for a function before doing some GUI-specific checks:... Jim Pingle
02:58 PM Feature #13758: OpenVPN service names inconsistent - Hard to get OpenVPN ID for CLi: While there is definitely room for improvement here, you can get the OpenVPN ID by editing an instance directly. It's... Jim Pingle
02:24 PM Feature #13758 (New): OpenVPN service names inconsistent - Hard to get OpenVPN ID for CLi: h1. Background
This came about because I am creating a command to be run by Shellcmd to disable an OpenVPN service... Jon Brown
02:48 PM Revision a360b261: Add shells/zsh to poudriere_bulk: Christian McDonald
02:44 PM Feature #13759 (New): Ability to disable services on boot up: h1. The feature
I would like the ability to prevent selected services from being enabled during bootup.
h1. Why... Jon Brown
02:05 PM Revision 374dd9fe: UPnP rule/service cleanup. Fixes #13755: * Fix several incorrect config paths/tests
* Fix UPnP local interface automatic rule to pass traffic into UPnP
itse... Jim Pingle
11:36 AM Regression #13754 (Resolved): DHCPv4 rules are not automatically created: Chris W
11:36 AM Regression #13754: DHCPv4 rules are not automatically created: Looks good. This is present in Firewall-Generated Ruleset.txt:... Chris W
07:25 AM Regression #13754 (Feedback): DHCPv4 rules are not automatically created: Applied in changeset commit:46c9508efb21a8c809dda5b1cc47a4218399a04f. Marcos M
11:24 AM Regression #13581: Empty Dynamic DNS entry causes PHP errors in various contexts: Jim Pingle wrote in #note-16:
> There is a second commit for the widget, commit:e3d247ec
Fixes my issues with #13... Ronald Schellberg
11:17 AM Regression #13581: Empty Dynamic DNS entry causes PHP errors in various contexts: There is a second commit for the widget, commit:e3d247ec Jim Pingle
11:08 AM Regression #13581: Empty Dynamic DNS entry causes PHP errors in various contexts: Jim Pingle wrote in #note-13:
> I found several places that can trigger errors the same way between traditional DynD... Ronald Schellberg
10:55 AM Regression #13581 (Feedback): Empty Dynamic DNS entry causes PHP errors in various contexts: Applied in changeset commit:00d3003d9aad824e4d51dd908c234ffebd5a3516. Jim Pingle
10:24 AM Regression #13581 (In Progress): Empty Dynamic DNS entry causes PHP errors in various contexts: OK I can reproduce these errors but only with an empty entry in the configuration, such as:... Jim Pingle
11:23 AM Bug #13756: Rules for authenticated Captive Portal users are not removed when a zone is disabled: Tested:... Steve Wheeler
11:22 AM Bug #13756 (Resolved): Rules for authenticated Captive Portal users are not removed when a zone is disabled: Users that have been authenticated by the captive portal are added as ether pass rules to the 'cpzoneid_X_auth' ancho... Steve Wheeler
08:25 AM Bug #13755 (Feedback): Multiple incorrect configuration paths in recent UPnP code changes: Applied in changeset commit:374dd9fe6a456d09cb41515b913396ac0992467d. Jim Pingle
08:05 AM Bug #13755: Multiple incorrect configuration paths in recent UPnP code changes: I spotted another incorrect configuration path usage in there as well as I was testing. Commit coming shortly.
Jim Pingle
07:26 AM Bug #13755: Multiple incorrect configuration paths in recent UPnP code changes: There is at least one other place using the same incorrect test for upnp being enabled, and I'd prefer a slightly dif... Jim Pingle
03:53 AM Bug #13014: Deadlock in Charon VICI interface: Jim Pingle wrote in #note-21:
> It didn't get pushed back to the next version, there won't be a 22.11 as there is sti... james greenhill
03:42 AM Revision 46c9508e: Fix config access regressions in filter.inc. Fix #13754: Marcos M
12:55 AM pfSense Packages Feature #10818: UDP Broadcast Relay: The underlying package (https://github.com/marjohn56/udpbroadcastrelay) does not support IPv6 (https://github.com/mar... Djon K

12/13/2022

10:38 PM Regression #13635 (Resolved): Interface speed and duplex selection defaults to non-default option: Marcos M
10:13 PM Feature #385 (In Progress): Allow the use of Captive Portal to restrict services on the firewall itself.: Marcos M
10:11 PM Bug #13215 (Incomplete): Allowed MAC/IP/Hostname traffic counts for authorized users: Marcos M
10:01 PM Regression #13754 (Pull Request Review): DHCPv4 rules are not automatically created: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/980 Marcos M
08:36 PM Regression #13754 (Resolved): DHCPv4 rules are not automatically created: Tested on @23.01.a.20221213.1812@.
With DHCPv4 Server enabled, rules allowing DHCP traffic are not automatically c... Marcos M
09:59 PM Bug #13755 (Pull Request Review): Multiple incorrect configuration paths in recent UPnP code changes: Marcos M
09:58 PM Bug #13755: Multiple incorrect configuration paths in recent UPnP code changes: The miniupnp auto rule has been broken since the code was committed due to the invalid config path access, and due to... Marcos M
09:55 PM Bug #13755 (Resolved): Multiple incorrect configuration paths in recent UPnP code changes: The automatic rule @pass multicast traffic to miniupnpd@ is never created. Marcos M
09:39 PM Revision 30196510: Fix direct config accesses in unbound for php81: Christian McDonald
09:02 PM Regression #13581: Empty Dynamic DNS entry causes PHP errors in various contexts: Jim Pingle wrote in #note-11:
> Do you maybe have a blank entry under the RFC2136 tab for dynamic DNS? If so, delete ... Ronald Schellberg
12:33 PM Regression #13581: Empty Dynamic DNS entry causes PHP errors in various contexts: Do you maybe have a blank entry under the RFC2136 tab for dynamic DNS? If so, delete it.
That's about the only way I... Jim Pingle
06:48 PM Revision 503e7e8c: Fix DHCP server ping check option. Fixes #13748: Jim Pingle
03:08 PM pfSense Packages Bug #13753 (New): Gateway groups stop sending traffic if they contain wireguard tunnels: I have a dual-isp setup running on an xg7100. Cox and Starlink. I have been able to configure two wireguard tunnels, ... Dan Tentler
12:55 PM Regression #13748 (Feedback): DHCP server "Disable Ping Check" option does not store value on save: Applied in changeset commit:503e7e8cfde3127068b2c5aaef6ccc01e80036d4. Jim Pingle
12:45 PM pfSense Packages Bug #13752 (Resolved): Avahi broken on PHP 8.1: Clea install of 23.01.a.20221213.0600.
Installed avahi from packages.
Click on Services > Avahi... Erik Osterholm
10:53 AM Feature #13751 (New): Add language to IPsec configuration for disabled ciphers: Apparently it is confusing to users to have inapplicable hash methods disabled in the IPsec configuration pages.
A... Chris Linstruth
07:31 AM Bug #13436 (Resolved): Input validation on ``system_advanced_firewall.inc`` uses incorrect variable references for some fields: This issue was specifically about the variable names being incorrect which was causing the validation to be non-funct... Jim Pingle
07:27 AM Bug #13436 (In Progress): Input validation on ``system_advanced_firewall.inc`` uses incorrect variable references for some fields: Should this be in Feedback, Resolved, or is there more work to be done based on the last feedback? Chris Linstruth
07:18 AM Regression #13614 (Resolved): Cannot Edit Firewall Rules - 2.7.0-DEVELOPMENT (amd64) built on Mon Oct 31 06:05:27 UTC 2022: Jim Pingle
05:34 AM Regression #13614: Cannot Edit Firewall Rules - 2.7.0-DEVELOPMENT (amd64) built on Mon Oct 31 06:05:27 UTC 2022: no more errors. Good to close out RED SKULL
06:44 AM Regression #13739 (Resolved): Interfaces without a configured name appear as lowercase: This looks good in todays snap.
Tested:... Steve Wheeler
05:29 AM pfSense Docs Correction #13750 (Resolved): "Using Software from FreeBSD": The topic "Using Software from FreeBSD" is missing information.
The text says to modify the file */usr/local/etc/p... Michel Pereira

12/12/2022

09:46 PM Bug #7553 (Resolved): Captive portal on a parent interface blocks traffic on VLAN interfaces too: Tested on latest 23.01 snap - this is no longer an issue. Marcos M
09:42 PM Bug #12467 (Resolved): CP error on client disconnect after reboot: Tested on latest snap - I'm not seeing this error in any logs, nor the extra files. Marcos M
09:35 PM Bug #12730 (Resolved): RADIUS accounting does not work if WAN is down: Marcos M
09:28 PM Bug #13148 (Resolved): Traffic passed by Captive Portal cannot use limiter queues on other rules: Tested on latest snap - this is indeed fixed. Marcos M
09:11 PM Bug #13215 (New): Allowed MAC/IP/Hostname traffic counts for authorized users: These needs further testing/explanation.
If the issue is that rules under @cpzoneid_2_allowedhosts@ will have thei... Marcos M
09:09 PM Bug #13014: Deadlock in Charon VICI interface: I have some 40+ spoke firewalls with new ones deploying weekly. Each FW is initiating 3 IPSec VPNs.
While the VPN is... Roman Kazmierczak
08:26 PM Bug #13226: Disconnecting a user from Captive Portal may allow previously established connections to continue: The root issue here is actually #11556. When @pfSense_kill_states()@ is called, the state on WAN using NAT will remai... Marcos M
06:50 PM Regression #13290 (Resolved): Error ``dummynet: bad switch 21!`` when using Captive Portal with Limiters: Marcos M
06:41 PM Bug #13475 (Duplicate): Captive Portal per-user limiters malfunction: Marcos M
06:36 PM Bug #13477 (Resolved): Captive Portal disconnecting a single user stops all traffic.: Tested latest snap. This is no longer a problem after the fix in the related issue #13488. Marcos M
06:13 PM Regression #13490 (Not a Bug): blocking mac addresses in captive portal: As mentioned, more info would be needed for 22.05 to be considered a bug. Note that even after the MAC rule has been ... Marcos M
06:09 PM Bug #13736 (Not a Bug): Captive Portal service restart needed after MAC bypass: Marcos M
06:08 PM Bug #13742 (Not a Bug): Captive Portal MAC bypass - pf rules are not enforced: I was unable to reproduce the reported issue on the latest snap - the client with the bypass MAC correctly bypasses R... Marcos M
05:14 PM Regression #13418 (Pull Request Review): Captive Portal does not keep track of client data usage: Marcos M
01:41 PM Regression #13418 (In Progress): Captive Portal does not keep track of client data usage: Thank you for testing - there looks to be a type casting issue in php-pfSense-module.
https://gitlab.netgate.com/pfSe... Marcos M
01:32 PM Regression #13418: Captive Portal does not keep track of client data usage: Counters still zero... Chris Linstruth
03:37 PM Regression #13749 (Resolved): RADIUS auth using CHAP does not work: Tested the patch - I am now able to authenticate using MSCHAPv2! Marcos M
02:38 PM Regression #13749 (Feedback): RADIUS auth using CHAP does not work: https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/commit/5601fb0b0bb0c733aece989bd8a71882c1fd9118
Should be fixed... Christian McDonald
12:58 PM Regression #13749 (Resolved): RADIUS auth using CHAP does not work: In 23.01, PAP works but CHAP protocols (e.g. MSCHAPv2) do not when authenticating with a RADIUS backend.
The error... Marcos M
02:51 PM Bug #13716: CVE-2022-23093 / FreeBSD-SA-22:15.ping: Further "clarification from FreeBSD":http://docs.freebsd.org/cgi/mid.cgi?CAPyFy2AMKEorH6v2VLG_g0UOyZdcpXb0YjZbc+-0=-d... Jim Pingle
02:09 PM Revision 8fec79ad: Restore default interface media selection. Fix #13635: Marcos M
02:08 PM Revision 5c7cda13: Restore default description behavior. Fix #13739: Marcos M
02:00 PM Feature #2676: Reply-to option in firewall rule: Upvote for this request.
We have a rare scenario that requires this reply-to been added to some of the firewall rule... Billy Yao
01:12 PM pfSense Plus Regression #13741: Update message interpreted as the available version: Yes, the message error affects any device that receives it. Not limited to aarch64.... Steve Wheeler
08:20 AM Regression #13635 (Feedback): Interface speed and duplex selection defaults to non-default option: Applied in changeset commit:8fec79ad597ff0d25674c249594fe2043817fb56. Marcos M
08:15 AM Regression #13739 (Feedback): Interfaces without a configured name appear as lowercase: Applied in changeset commit:5c7cda134dbcffe3ff4a2387b6d8a83fc9d03aa3. Marcos M
08:14 AM Regression #13747 (Duplicate): Captive Portal blocked MAC addresses are not blocked: Appears to be a duplicate of #13742 Jim Pingle
01:21 AM Regression #13747 (Resolved): Captive Portal blocked MAC addresses are not blocked: See here https://forum.netgate.com/topic/176356/captive-portal-bypass-issue/13
This test : https://github.com/pfse... Gertjan KROEB
08:04 AM Regression #13744 (Resolved): Debug output shown on dashboard: Jim Pingle
07:51 AM Regression #13744: Debug output shown on dashboard: I can confirm that this is fixed with:
2.7.0-DEVELOPMENT (amd64)
built on Mon Dec 12 06:07:23 UTC 2022
FreeBSD 1... RED SKULL
08:03 AM pfSense Plus Regression #13726 (Resolved): pkg-utils.inc error at first boot: Jim Pingle
07:49 AM Regression #13581: Empty Dynamic DNS entry causes PHP errors in various contexts: Traffic graphs are still working but saw this error after updating this AM:
PHP ERROR: Type: 1, File: /etc/inc/auth.... TyphooN .
07:36 AM pfSense Plus Bug #11626 (Feedback): Google LDAP connections fail due to lack of SNI for TLS 1.3: Jim Pingle
07:35 AM pfSense Packages Bug #13730 (Resolved): Suricata fails to download Emerging Threats rule archive due to a behavior change in a native PHP function in PHP 8.1: Jim Pingle
07:35 AM pfSense Plus Regression #13724 (Resolved): pfSense-upgrade breaks the pkg repo conf: Jim Pingle
07:32 AM pfSense Plus Feature #13649 (Resolved): Support for ChaCha20-Poly1305 and AES-128-GCM encryption with OpenVPN DCO: Jim Pingle
07:32 AM Bug #12645 (Resolved): ``filterdns`` does not monitor remote IPsec gateways for IPv6 address changes: The filterdns part is likely OK then. IIRC there may be an open issue for that other quirk already, it seems familiar... Jim Pingle
06:33 AM Regression #13748 (Resolved): DHCP server "Disable Ping Check" option does not store value on save: Tested on 22.05 and latest 23.01-DEV
When 'Disable Ping Check' option checked and "Save' button pressed, system sh... Azamat Khakimyanov

12/11/2022

11:50 PM Regression #13660 (Feedback): PHP8.1 error after applying floating rules changes: Applied in changeset commit:483512b3a3226132b7b249f7ea3e2146d3829c23. Reid Linnemann
07:10 PM Bug #13736: Captive Portal service restart needed after MAC bypass: I was not able to reproduce this issue on 23.01. After the MAC was added in Captive Portal, the client was able to ac... Marcos M
06:25 PM pfSense Packages Bug #13746: Removing Watchdog Show me other applications installed: Christian McDonald wrote in #note-1:
> This isn't unique to service watchdog, there was some debug bits in the XML p... Peter Moreno
06:15 PM pfSense Packages Bug #13746 (Duplicate): Removing Watchdog Show me other applications installed: This isn't unique to service watchdog, there was some debug bits in the XML parser that accidentally made it into a p... Christian McDonald
06:03 PM pfSense Packages Bug #13746 (Duplicate): Removing Watchdog Show me other applications installed: Hello guys.
I'm working with PFsense 2.7.x Watchdog-1.8.7_1.
Pfsense:
2.7.0-DEVELOPMENT (amd64)
built on F... Peter Moreno
01:47 PM pfSense Packages Bug #13745 (New): pfBlockerNG doesn't resolve aliases in supression alias list: When adding another alias to the pfBlockerNGSuppresion alias it is not resolved. I would expect that at least all oth... Flole Systems
12:31 PM Regression #13635 (Pull Request Review): Interface speed and duplex selection defaults to non-default option: Fix https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/975 Marcos M
12:09 PM Regression #13739 (Pull Request Review): Interfaces without a configured name appear as lowercase: Marcos M
12:09 PM Regression #13739: Interfaces without a configured name appear as lowercase: Fix https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/974 Marcos M
11:43 AM Bug #13014: Deadlock in Charon VICI interface: I am running 2.7.0.a.20221202.0600 on my firewall at the current time so I installed the strongswan package above for... David Vazquez
11:39 AM Bug #13014: Deadlock in Charon VICI interface: we have new developers for this topic Hi Mateusz.
I Have this same issue in my configuration on production. One or... Rafał Kaźmierowski
11:34 AM Feature #12190: Ability to use an IPv6 prefix in firewall rules: Marcos M wrote in #note-2:
> This is possible in rules, but not practical to implement in aliases, see https://redmi... Greg Wallace
11:21 AM Feature #12190 (Rejected): Ability to use an IPv6 prefix in firewall rules: This is possible in rules, but not practical to implement in aliases, see https://redmine.pfsense.org/issues/6626#not... Marcos M
11:31 AM Bug #13659 (Resolved): replace direct config accesses for system/webgui paths in system_advanced_admin.inc: Marcos M
11:29 AM Regression #13744 (Feedback): Debug output shown on dashboard: It seems this was fixed with https://github.com/pfsense/pfsense/commit/2c8f5e09d54071db912638429e6a370efe544a62. Marcos M
10:59 AM pfSense Docs New Content #10311: Default net.link.ifqmaxlen value leads to packet loss under load in OpenVPN: Chris Collins wrote in #note-5:
> Interestingly its forced to a value of 128 now.
>
> If set it inside on /boot/l... Marcos M
09:57 AM Bug #12887: GUI does not reject an invalid OpenVPN tap mode configuration with an empty tunnel network "Bridge DHCP" disabled: > I shouldn't be required to send DHCP over the bridge
From what I understand, if no DHCP range is set, then there wo... Marcos M
09:20 AM Bug #12887: GUI does not reject an invalid OpenVPN tap mode configuration with an empty tunnel network "Bridge DHCP" disabled: Can someone explain this bug fix to me? It seems like it may have been driven by a change in OpenVPN itself, but this... Yousif Hassan
08:58 AM Feature #6626: Support for IPv6 firewall entries with dynamic delegated prefix and static host address: Thilo Gass wrote in #note-39:
> Format for source or destination address is {LAN-56}2601:db8::dead:beef
>
> but... Thilo Gass
08:50 AM pfSense Plus Regression #13712 (Resolved): PHP error: pkg-utils.inc: I was able to replicate that previously. Looks good in the current snap on all archs.
Tested:... Steve Wheeler
08:22 AM pfSense Plus Regression #13741: Update message interpreted as the available version: You will only see it on a system that is sent a message. I believe that's only the aarch64 supported devices right no... Steve Wheeler
07:52 AM pfSense Plus Bug #13348: Error when deleting ZFS Boot Environment created from duplicate of non-default entry: FWIW: I get these errors whenever I (try to) delete a snapshot that is the parent snapshot of another clone. But dele... Jonas R
05:09 AM pfSense Packages Bug #13409: Copy button for Optional pre-shared key for this tunnel works in HTTPS mode only: Still persist such behavior on
23.01-DEVELOPMENT (amd64)
built on Sat Dec 10 03:22:16 UTC 2022
FreeBSD 14.0-CURRENT aleksei prokofiev

12/10/2022

10:05 PM Bug #13742: Captive Portal MAC bypass - pf rules are not enforced: Ive noticed that there are anchor rules that do not apply as there is no MAC bypass available. Its as if the config i... Mike Moore
07:17 PM Bug #13742: Captive Portal MAC bypass - pf rules are not enforced: Can you help me diagnose this then because im really not understanding how this is currently possible?
I cant use an... Mike Moore
06:45 PM Bug #13742: Captive Portal MAC bypass - pf rules are not enforced: I tested this in Dec 10th build of 23.01 pfSense Plus and was unable to reproduce this. I did the following:
1. Cre... Kris Phillips
05:38 PM Bug #13742 (Not a Bug): Captive Portal MAC bypass - pf rules are not enforced: I am able to bypass all firewall rules for an Interface that has Captive Portal enabled using MAC or IP bypass.
This... Mike Moore
09:45 PM Regression #13744 (Resolved): Debug output shown on dashboard: Crash report begins. Anonymous machine information:
amd64
14.0-CURRENT
FreeBSD 14.0-CURRENT #0 devel-main-n2558... RED SKULL
08:39 PM Bug #13659: replace direct config accesses for system/webgui paths in system_advanced_admin.inc: WebGUI redirect option is showing up in System>Advanced
23.01-DEVELOPMENT (amd64)
built on Sat Dec 10 03:22:16 ... Alhusein Zawi
08:06 PM pfSense Plus Regression #13726: pkg-utils.inc error at first boot: not seeing this on fresh install using 23.01-amd64-20221210-0318 build Jordan G
06:57 PM pfSense Plus Regression #13726: pkg-utils.inc error at first boot: No longer seeing this on the December 10th builds. Looks fixed. Kris Phillips
07:18 PM pfSense Plus Bug #11626: Google LDAP connections fail due to lack of SNI for TLS 1.3: Builds for 23.01 are including openldap26-client version 2.6.3, so this can probably be marked as Feedback. Kris Phillips
07:12 PM pfSense Plus Bug #13348: Error when deleting ZFS Boot Environment created from duplicate of non-default entry: This should probably be marked as Incomplete. Kris Phillips
07:07 PM pfSense Plus Regression #13741: Update message interpreted as the available version: Steve Wheeler wrote:
> In some circumstances the message sent by the update server is seen as the available version ... Kris Phillips
09:00 AM pfSense Plus Regression #13741 (Resolved): Update message interpreted as the available version: In some circumstances the message sent by the update server is seen as the available version by the GUI upgrade page:... Steve Wheeler
07:03 PM pfSense Plus Regression #13712: PHP error: pkg-utils.inc: Not seeing
Lev Prokofev wrote in #note-6:
> Tested on
>
> @23.01-DEVELOPMENT (amd64)
> built on Thu Dec 08 0... Kris Phillips
07:00 PM pfSense Plus Regression #13743: Latest snapshot defaults to 22.05 branch selected which can pull that version's package information: Confirmed that the drop down appears to show 22.05 Stable, but oddly it shows the current 23.01 build in both the "Cu... Kris Phillips
06:46 PM pfSense Plus Regression #13743 (Closed): Latest snapshot defaults to 22.05 branch selected which can pull that version's package information: 23.01-DEVELOPMENT (amd64)
built on Sat Dec 10 03:22:16 UTC 2022
FreeBSD 14.0-CURRENT
On a fresh installation, Sy... Chris W
06:49 PM Bug #13687: Cannot add limiters named ``new``: No longer able to reproduce this bug in the Dec 10th builds of 23.01. It appears this may be fixed. Kris Phillips
04:33 PM Bug #13729: Gateways stuck in Unknown status: Jordan Greene wrote in #note-5:
> what virtual environment, host version, etc?
Qemu 7 with 3 virtio network inter... Nazar Mokrynskyi
04:17 PM Bug #13729: Gateways stuck in Unknown status: what virtual environment, host version, etc? Jordan G
07:37 AM Bug #13729: Gateways stuck in Unknown status: Marcos M wrote in #note-3:
> I would not recommend it for production, but it should be fine for personal use.
It ... Nazar Mokrynskyi
04:10 PM pfSense Plus Regression #13724: pfSense-upgrade breaks the pkg repo conf: Updating from 23.01.a.20221206.1416 to 23.01.a.20221210.0318 required running pkg update -f && pkg upgrade or being... Jordan G
12:13 AM pfSense Plus Regression #13724: pfSense-upgrade breaks the pkg repo conf: Happy to confirm that Glenn's approach worked for me as well now. After nearly a month of breakage, I'm back on the d... Nick Goehring
03:45 PM pfSense Packages Bug #13730: Suricata fails to download Emerging Threats rule archive due to a behavior change in a native PHP function in PHP 8.1: I tested using both the Emerging Threats Open rules and the Emerging Threats Pro rules in a 2.7.0-DEVEL CE virtual ma... Bill Meeks
02:29 PM pfSense Packages Bug #13730: Suricata fails to download Emerging Threats rule archive due to a behavior change in a native PHP function in PHP 8.1: I presume this was initially opened using the ETOpen rule list and not the ETPro list. ETOpen working fine on:
23.... Chris W
01:02 PM pfSense Plus Feature #13649: Support for ChaCha20-Poly1305 and AES-128-GCM encryption with OpenVPN DCO: added as shown
23.01-DEVELOPMENT (amd64)
built on Fri Dec 02 06:04:48 UTC 2022 Alhusein Zawi
10:12 AM Bug #12645: ``filterdns`` does not monitor remote IPsec gateways for IPv6 address changes: Tested against:... Danilo Zrenjanin
08:37 AM Regression #13739: Interfaces without a configured name appear as lowercase: In addition this changes the auto generated gateway name for any dynamic gateway on an affected interface.
So if W... Steve Wheeler
07:41 AM Bug #11730 (Resolved): "Dark" theme does not sufficiently distinguish between selected and deselected elements in option lists: Tested against:... Danilo Zrenjanin

12/09/2022

09:30 PM pfSense Plus Regression #13724: pfSense-upgrade breaks the pkg repo conf: Thanks for the feedback! Christian McDonald
09:00 PM pfSense Plus Regression #13724: pfSense-upgrade breaks the pkg repo conf: Working for me now. Was able to successfully upgrade from 22.05 to 23.01.a.20221209.1819.
Since the upgrade had prev... Glenn Hall
02:49 PM pfSense Plus Regression #13724: pfSense-upgrade breaks the pkg repo conf: on an SG5100 running 22.05. Attempting to switch to the 23.01 branch no longer breaks the upgrade/pkg function on my ... Nick Goehring
12:01 PM pfSense Plus Regression #13724 (Feedback): pfSense-upgrade breaks the pkg repo conf: Fixed in the latest snapshot.
Only make the link after complete the repo settings download. Luiz Souza
07:32 PM pfSense Packages Regression #13697: pfBlockerNG alerts error on 2.7.0 devel and PHP 8.1: Not seeing the original error anymore with -devel version 3.1.0_14 on:
2.7.0-DEVELOPMENT (amd64)
built on Fri Dec 09... Chris W
06:53 PM Revision 483512b3: Prevent get_pf_rules() from indexing a string error. Fixes #13660: pfSense_get_pf_rules(), which populates the $rulescnt variable sent to
get_pf_rules(), will terminate its loop fetchi... Reid Linnemann
05:24 PM Revision c7f74fcc: Add phpunit/phpunit to composer as dev dependency: Christian McDonald
04:48 PM Regression #13739: Interfaces without a configured name appear as lowercase: The interfaces lack a descr tag initially, so they are assumed to be the internal name of the interface ('wan', 'lan'... Jim Pingle
11:37 AM Regression #13739: Interfaces without a configured name appear as lowercase: Jim Pingle wrote in #note-1:
> Where exactly are they printed lowercase?
>
> Boot output? The console menu? A das... Christopher Cope
11:22 AM Regression #13739: Interfaces without a configured name appear as lowercase: Where exactly are they printed lowercase?
Boot output? The console menu? A dashboard widget? Interface status page... Jim Pingle
11:20 AM Regression #13739 (Resolved): Interfaces without a configured name appear as lowercase: ... Christopher Cope
04:12 PM pfSense Packages Bug #13640 (Resolved): PHP Error: util.inc:1932: Tested on... Christopher Cope
02:04 PM pfSense Plus Feature #13740 (New): Feature Request: Mark Boot Environments with different properties. I.e "No boot", "No Delete" etc etc: Boot snapshots are awesome. However. I see huge potential for expanding the features on these. So here are a few sugg... Jonas R
01:18 PM Revision 2c8f5e09: Remove leftover debug prints.: Jim Pingle
12:59 PM Regression #13661 (Resolved): Input validation issues on firewall_shaper.php: Tested against:... Danilo Zrenjanin
12:20 PM Regression #13660: PHP8.1 error after applying floating rules changes: This is probably another case where the returned array can contain an element keyed 'error' that indicates some error... Reid Linnemann
12:17 PM pfSense Packages Bug #13641 (Not a Bug): PHP Error: squid.inc:852: I'm going to close this as not a bug, when we upgrade php we expect php errors before the packages are updated. Reid Linnemann
12:16 PM pfSense Packages Bug #13641 (Assigned): PHP Error: squid.inc:852: Reid Linnemann
12:15 PM Bug #13529 (Resolved): Intel i226 network interfaces do not honor a manually selected link speed: Reid Linnemann
11:59 AM pfSense Plus Regression #13726 (Feedback): pkg-utils.inc error at first boot: The PHP has to be initialized before calling pfSense-upgrade in the first boot.
Fixed in 3f97a8052c5767bfb7e20d1b8... Luiz Souza
10:50 AM Regression #13614: Cannot Edit Firewall Rules - 2.7.0-DEVELOPMENT (amd64) built on Mon Oct 31 06:05:27 UTC 2022: Don't see listed errors on
@2.7.0-DEVELOPMENT (amd64)
built on Fri Dec 09 06:13:30 UTC 2022
FreeBSD 14.0-CURR... Lev Prokofev
10:35 AM Bug #12960 (Resolved): VGA install defaults to serial as primary console when loading/saving admin GUI settings without making changes: This is working properly for both EFI and legacy BIOS installs. Either way, when visiting the page for the first time... Jim Pingle
10:16 AM Bug #13280 (Resolved): Entries for ``net.link.ifqmaxlen`` duplicated in ``/boot/loader.conf``: No, those are unrelated. They are added during the process that builds the images and are left as-is in the file, the... Jim Pingle
10:03 AM Regression #13735 (Resolved): UPnP service status is incorrect when disabled: Service is now hidden when disabled. Jim Pingle
09:57 AM Bug #13737: Killing OpenVPN client connection from dashboard widget fails with error: The affected Version is
2.6.0-RELEASE (amd64)
built on Mon Jan 31 19:57:53 UTC 2022 me me
07:26 AM Bug #13737 (Duplicate): Killing OpenVPN client connection from dashboard widget fails with error: Duplicate of #12817 Jim Pingle
03:48 AM Bug #13737: Killing OpenVPN client connection from dashboard widget fails with error: I couldn't replicate this issue on the following releases:... Danilo Zrenjanin
01:23 AM Bug #13737 (Duplicate): Killing OpenVPN client connection from dashboard widget fails with error: When I tried to kill a OpenVPN client connection from the dashboard OpenVPN widget it failed (see attached PHP_errors... me me
09:41 AM Bug #13295 (Resolved): Incorrect function parameters for ``get_dpinger_status()`` call in ``gwlb.inc``: Closing as it seems to be correct now in the code, even if it didn't impact much (if anything), can always reopen if ... Jim Pingle
09:36 AM Bug #13736: Captive Portal service restart needed after MAC bypass: Here are a list of specific issues in Captive Portal on 23.01 (most are already resolved):
https://redmine.pfsense... Jim Pingle
08:52 AM Bug #13736: Captive Portal service restart needed after MAC bypass: Thanks for the feedback Jim.
Would you happen to have the changelog just for Captive Portal?
Its going to take m... Mike Moore
07:29 AM Bug #13736 (Feedback): Captive Portal service restart needed after MAC bypass: Can you try this on a development snapshot? There have been a number of captive portal fixes there after 22.05 and th... Jim Pingle
09:32 AM pfSense Packages Regression #13628 (Resolved): FreeRADIUS Users cleared out each time a user is add, removed, or modified: Seems to be working OK on current snaps+package version. Users are listed in the GUI OK, I can modify them, and the u... Jim Pingle
08:57 AM Bug #13014: Deadlock in Charon VICI interface: I've built strongswan packages for 22.05 (should also work on 2.6.0) and 23.01:
https://people.freebsd.org/~kp/stron... Kristof Provost
07:25 AM pfSense Packages Bug #13642 (Resolved): PHP Error: frr_zebra.inc:159: This appears to be OK on a current snap with the latest package (After removing some leftover debug prints in the bas... Jim Pingle
01:48 AM pfSense Packages Bug #13642: PHP Error: frr_zebra.inc:159: I had neglected originally to bump the portrevision, so the package was not actually rebuilt. That has been done as o... Reid Linnemann
07:25 AM pfSense Packages Bug #13564 (Resolved): PHP error after creating a Route Map: This appears to be OK on a current snap with the latest package (After removing some leftover debug prints in the bas... Jim Pingle
01:49 AM pfSense Packages Bug #13564: PHP error after creating a Route Map: The above commit adds a workaround if the user's config.xml already has empty config tags in the frrglobalroutemaps tag. Reid Linnemann
07:23 AM Regression #13581 (Resolved): Empty Dynamic DNS entry causes PHP errors in various contexts: Jim Pingle
06:26 AM Regression #13581: Empty Dynamic DNS entry causes PHP errors in various contexts: After upgrading to v2.7.0.a.20221209.0600 I am no longer experiencing this issue and can see the graphs. TyphooN .
02:10 AM pfSense Plus Regression #13712 (Feedback): PHP error: pkg-utils.inc: Danilo Zrenjanin
02:05 AM pfSense Plus Regression #13712: PHP error: pkg-utils.inc: Tested on
@23.01-DEVELOPMENT (amd64)
built on Thu Dec 08 06:08:06 UTC 2022
FreeBSD 14.0-CURRENT@
It works fin... Lev Prokofev
01:28 AM pfSense Packages Bug #13738 (Resolved): Typo under Services/Snort/Interface Settings/WAN - Rules: Once at the rules selection page, the "Category Selection:" should be set to "User Forced Disabled Rules"
Hover the ... Danilo Zrenjanin
12:14 AM Revision 63a0efce: Work around for empty config tags. Fixes #13564.: Related to issue #13642, the serialization of route maps was broken for a time
in such a way that the frrglobalroutem... Reid Linnemann

12/08/2022

10:03 PM Revision 663a93e4: globals.inc needs to be sourced in auth_func.inc: Christian McDonald
09:11 PM Revision 4fb9658d: Improve visibility of select fields in dark theme. Fix #11730: Marcos M
09:03 PM Revision 2568e151: Rector direct global g accesses: Christian McDonald
08:28 PM Revision 7e8a2c76: Merge branch 'rcm-rector': Christian McDonald
08:24 PM Revision 255a18ee: Introduce GlobalGGetExprRector.php: Christian McDonald
07:15 PM Revision b573f119: Use correct UPnP enabled test. Fixes #13735: Jim Pingle
06:32 PM Bug #13736: Captive Portal service restart needed after MAC bypass: Found perhaps an associated issue with this bug.
Once the clients are added to the whitelist on Captive Portal, Fir... Mike Moore
06:25 PM Bug #13736 (Not a Bug): Captive Portal service restart needed after MAC bypass: When using either MAC or IP address bypass in Captive Portal for a Guest WLAN setup, when entering a MAC address for... Mike Moore
06:20 PM pfSense Packages Bug #13564 (Feedback): PHP error after creating a Route Map: Applied in changeset pfsense:commit:63a0efce7eb90ddea102e79a6750d4c19605f1cf. Reid Linnemann
04:53 PM pfSense Packages Bug #13564: PHP error after creating a Route Map: I neglected to tick the portrevision when I fixed this in #13642, I have corrected that and the next build should hav... Reid Linnemann
11:20 AM pfSense Packages Bug #13564 (New): PHP error after creating a Route Map: I still get errors here:... Jim Pingle
03:39 PM pfSense Packages Bug #13587 (Resolved): Zabbix-agent62 install fails: Test version zabbix-agent62 version 1.0.6 on... Christopher Cope
03:37 PM Bug #13240 (Resolved): User is forced to pick an NPt destination IPv6 prefix length even when choosing a drop-down entry which contains a defined prefix length: Working correctly on current snap Jim Pingle
03:36 PM Bug #13364 (Resolved): Using the copy (not clone) function on firewall rules unintentionally converts interface ``address`` to interface ``net``: Working correctly on current snap Jim Pingle
03:30 PM Bug #13493 (Resolved): Several advanced DHCP6 client options do not inform the user when rejecting invalid input: Working as expected now Jim Pingle
03:21 PM Todo #13501 (Resolved): Clean up obsolete code in ``pfSense-dhclient-script``: Old unused code block is gone and things are still working normally. Closing. Jim Pingle
03:20 PM Bug #11730 (Feedback): "Dark" theme does not sufficiently distinguish between selected and deselected elements in option lists: Applied in changeset commit:4fb9658da45fb6b0fcda92607ded50456bf0d0b6. Marcos M
03:09 PM Revision 01d714a1: Add nikic/php-parser as a composer dev dependency: Christian McDonald
02:48 PM Bug #13253 (Resolved): ``dhcp6c`` is not restarted when applying settings when multiple WANs are configured for DHCP6: Jim Pingle
02:31 PM Bug #12632 (Resolved): Changing an interface IP address and gateway at the console does not save the new gateway if one already exists for the interface: Seems to be doing the right/expected thing. It prompts to set the default gateway and does so when instructed.... Jim Pingle
02:14 PM Bug #4500 (Resolved): UPnP/NAT-PMP status page does not display all port mappings: Jim Pingle
02:13 PM Todo #13648 (Resolved): Remove deprecated IPsec algorithms (3DES, Blowfish, and CAST 128 encryption; MD5 HMAC/Hashing): I've tried the upgrade path several more times and it's been doing the right/expected thing each time. Deprecated ent... Jim Pingle
01:40 PM Regression #13735 (Feedback): UPnP service status is incorrect when disabled: Applied in changeset commit:b573f1194c44baf82fe2d0b094032e72207865ae. Jim Pingle
01:14 PM Regression #13735 (Resolved): UPnP service status is incorrect when disabled: When the UPnP service is disabled (top checkbox unchecked), the service is still listed but shown as stopped.
It s... Jim Pingle
01:23 PM pfSense Plus Bug #13664 (Resolved): GUI allows configuring OpenVPN DCO with incompatible options (TCP, compression, TAP, net30): Jim Pingle
01:08 PM pfSense Plus Bug #13664: GUI allows configuring OpenVPN DCO with incompatible options (TCP, compression, TAP, net30): Testes against the following release:... Danilo Zrenjanin
01:22 PM Todo #13357 (Resolved): Spelling and typo corrections: These have been in for almost a month, should be good to close as there hasn't been any observed negative impact. Jim Pingle
01:07 PM Regression #13604 (Resolved): OpenVPN service status is incorrect: Works as expected. Jim Pingle
12:43 PM Regression #13373 (Resolved): IPsec rejects certificates if any SAN is wildcard rather than rejecting when **all** SANs are wildcard: A cert with both a wildcard and non-wildcard SAN works on current snapshots.
Jim Pingle
10:55 AM Bug #12757 (Resolved): Clean up use of ``pfctl -F`` in ``/etc/inc/filter.inc``: The code in question is gone. Jim Pingle
10:24 AM Bug #13734: PPP interfaces with a QinQ parent can't initialize the PPPoE node for link: If we can find a fix maybe we can get this in but I don't see this as being a blocker for 23.01. Jim Pingle
10:21 AM Bug #13734: PPP interfaces with a QinQ parent can't initialize the PPPoE node for link: Might be related to https://redmine.pfsense.org/issues/7981 Danilo Zrenjanin
10:20 AM Bug #13734 (New): PPP interfaces with a QinQ parent can't initialize the PPPoE node for link: After defining PPPoE using a QinQ interface as a parent, the PPPoE node for the link can't be initialized.
Here ar... Danilo Zrenjanin
10:23 AM Bug #13014: Deadlock in Charon VICI interface: A way to reproduce it reliably, but I appreciate that that's not easy (I've been trying to get one for two days, afte... Kristof Provost
10:07 AM Bug #13014: Deadlock in Charon VICI interface: Kristof Provost wrote in #note-30:
> I've tried running charon under valgrind's helgrind and drd tools. The idea was... David Vazquez
07:24 AM Bug #13014: Deadlock in Charon VICI interface: I've tried running charon under valgrind's helgrind and drd tools. The idea was to identify any lock misuse or lock o... Kristof Provost
08:08 AM Todo #13731 (Resolved): Add multicast group membership (``ifmcstat``) to ``status.php``: Output is present on a current snap. Jim Pingle
08:06 AM Bug #13479 (Resolved): Input validation is checking RAM disk sizes when they are inactive: Working as expected.
Jim Pingle
08:05 AM Bug #12737 (Resolved): CA path is not defined when using ``curl`` in the shell: Working as expected. Mark a CA as trusted and cURL in a shell prompt can connect to a server with a cert signed by th... Jim Pingle
07:55 AM Todo #13718 (Resolved): Improve LDAP debugging: This is working well. Go to Diag > Auth, pick the server, enter the credentials, check the debug box and:... Jim Pingle
07:41 AM pfSense Plus Regression #13712 (Resolved): PHP error: pkg-utils.inc: Tested against:... Danilo Zrenjanin
02:51 AM Revision 089c14df: Update Rector to v0.15: Christian McDonald

12/07/2022

11:27 PM Bug #13014: Deadlock in Charon VICI interface: We have tried everything based on....
https://forum.netgate.com/topic/172075/my-ipsec-service-hangs/6
We now have o... Dan Bailey
10:10 PM pfSense Packages Feature #13733 (Resolved): Upgrade ha proxy 2.6: As above, 2.6 has been out since May 2022, opnsense has it!
devel branch still only 2.5.5 Darren Taylor
09:20 PM Feature #13732: Allow the use of macros within aliases: I agree it can be tedious. There's the @Copy@ button on the rules page which does make it easier. Marcos M
01:08 PM Feature #13732: Allow the use of macros within aliases: In ipv6 we now receive public ip locally and this is dynamic.
The old way to block private IP is not an option with ... Luc Courville
12:54 PM Feature #13732: Allow the use of macros within aliases: I understand but this is a easy way to help everyone.
Let me give you an exemple
If you have 10 interface that me... Luc Courville
11:57 AM Feature #13732: Allow the use of macros within aliases: The @* net@ and @* address@ options are actually macros, not aliases, which are handled differently by the system. It... Marcos M
11:33 AM Feature #13732 (New): Allow the use of macros within aliases: Because of limitation of IPv6 at the current way. (Traffic is allow between Vlan) I found a solution but this will be... Luc Courville
09:11 PM Bug #13729: Gateways stuck in Unknown status: I would not recommend it for production, but it should be fine for personal use. Marcos M
09:08 PM pfSense Packages Regression #13628 (Feedback): FreeRADIUS Users cleared out each time a user is add, removed, or modified: Merged. Marcos M
08:53 PM Bug #11730 (Pull Request Review): "Dark" theme does not sufficiently distinguish between selected and deselected elements in option lists: There exist a number of workarounds with mixed complexity and compatibility between different browsers and even versi... Marcos M
08:42 PM Revision 0c6c7237: Update composer.lock: Christian McDonald
05:36 PM pfSense Packages Regression #13697 (Feedback): pfBlockerNG alerts error on 2.7.0 devel and PHP 8.1: This should be fixed in CE as of "e912a45":https://github.com/pfsense/FreeBSD-ports/commit/e912a4571e950f6f6f8759f9fe... Reid Linnemann
05:05 PM Bug #13723: dpinger doesn't renew Gateway Monitoring IP address for IPsec VTi after changing IPsec VTi subnet: This might be related to #13362, there seems to be some missing functionality for updating gateways when VTI interfac... Reid Linnemann
04:40 PM Revision 9a5eb723: Add ifmcstat to status.php. Implements #13731: Jim Pingle
03:51 PM Revision dce1eece: Use rtrim for trimming whitespace and EOLs from version files: Christian McDonald
03:01 PM Bug #13591: Changing the GUI port does not redirect the browser to the new port on save: Updating subject for release notes. Jim Pingle
02:58 PM Bug #13436: Input validation on ``system_advanced_firewall.inc`` uses incorrect variable references for some fields: Updating subject for release notes. Jim Pingle
02:56 PM Bug #13390: "Dark" theme uses the same colors for disabled and enabled input fields: Updating subject for release notes. Jim Pingle
02:53 PM Bug #13364: Using the copy (not clone) function on firewall rules unintentionally converts interface ``address`` to interface ``net``: Updating subject for release notes. Jim Pingle
02:52 PM Bug #13318: Neighbor hostnames in the NDP Table on ``diag_ndp.php`` are always empty: Updating subject for release notes. Jim Pingle
02:48 PM Bug #4500: UPnP/NAT-PMP status page does not display all port mappings: Updating subject for release notes. Jim Pingle
02:47 PM Regression #13593: pfSense-repo.abi left at FreeBSD:14:amd64 after changing update branch to DEVEL and back: Not a problem in a release, excluding from release notes. Jim Pingle
02:47 PM Bug #13638: ``fcgicli`` fails to write packets with ``nvpair`` values that exceed ``128`` bytes: Updating subject for release notes. Jim Pingle
02:46 PM Todo #13440: Update external HTTPS/HTTP links: Updating subject for release notes. Jim Pingle
02:44 PM Todo #13357: Spelling and typo corrections: Updating subject for release notes. Jim Pingle
02:42 PM Feature #13304: ALTQ GUI support for Broadcom Netextreme II (``bxe``) interfaces: Updating subject for release notes. Jim Pingle
02:40 PM Regression #13604: OpenVPN service status is incorrect: Not a problem in a release, excluding from release notes. Jim Pingle
02:40 PM Regression #13601: Error creating port forward rule with port alias: Updating subject for release notes. Jim Pingle
02:39 PM Bug #13507: Copying multiple rules at the same time results in new rules with duplicate tracker IDs: Updating subject for release notes. Jim Pingle
02:38 PM Todo #13505: Correct DHCP client rule descriptions in the generated firewall ruleset: Updating subject for release notes. Jim Pingle
02:37 PM Regression #13459: Automatic ``reply-to`` bypass for traffic in the same subnet is no longer functioning in main builds: Not a problem in a release, excluding from release notes. Jim Pingle
02:37 PM Bug #13445: ``easyrule`` CLI script has multiple bugs and undesirable behaviors: Updating subject for release notes. Jim Pingle
02:33 PM Regression #13460: Panic with netgraph interfaces: Wasn't a bug in a release, exclude from notes. Jim Pingle
02:32 PM Todo #13648: Remove deprecated IPsec algorithms (3DES, Blowfish, and CAST 128 encryption; MD5 HMAC/Hashing): Updating subject for release notes. Jim Pingle
02:30 PM Todo #13398 (Resolved): Information box on ``status_ipsec.php`` says "IPsec not enabled" even when a tunnel is established: Info block now only contains a link to configure IPsec no matter what the current IPsec state is, which is the intend... Jim Pingle
02:27 PM Bug #11539: Mobile IPsec ``split_include`` value of ``0.0.0.0/0`` causes some clients to fail: Updating subject for release notes. Jim Pingle
02:26 PM Bug #11539 (Ready To Test): Mobile IPsec ``split_include`` value of ``0.0.0.0/0`` causes some clients to fail: Still no feedback on the proposed fix Jim Pingle
02:26 PM Bug #13675: Code that sets IPv6 MTU can unintentionally act on IPv4 addresses: Updating subject for release notes. Jim Pingle
02:24 PM Bug #13671 (Ready To Test): DHCP client can fail permanently if an interface is down at boot: Updating subject for release notes. Jim Pingle
02:22 PM Todo #13501: Clean up obsolete code in ``pfSense-dhclient-script``: Updating subject for release notes. Jim Pingle
02:22 PM Bug #13493: Several advanced DHCP6 client options do not inform the user when rejecting invalid input: Updating subject for release notes. Jim Pingle
02:10 PM Regression #13381: Software VLAN tagging does not work on ``ixgbe(4)`` interfaces: Updating subject for release notes. Jim Pingle
02:09 PM Bug #12632: Changing an interface IP address and gateway at the console does not save the new gateway if one already exists for the interface: Updating subject for release notes. Jim Pingle
02:05 PM Regression #13167 (Resolved): DigitalOcean Dynamic DNS update fails with a "bad request" error: Jim Pingle
02:04 PM Regression #13167: DigitalOcean Dynamic DNS update fails with a "bad request" error: Updating subject for release notes. Jim Pingle
02:05 PM Regression #13303: DNSExit Dynamic DNS updates no longer work: Updating subject for release notes. Jim Pingle
02:04 PM Bug #13298: Dynv6 Dynamic DNS client does not check the response code when updating: Updating subject for release notes. Jim Pingle
02:02 PM Bug #12612: DNS Resolver is restarted during every ``rc.newwanip`` event even for interfaces not used in the resolver: Updating subject for release notes. Jim Pingle
12:37 PM Feature #13584: Input validation for numbered DHCP options in static mappings: Updating subject for release notes. Jim Pingle
12:36 PM Feature #12070: Support for VLAN ``0``: Updating subject for release notes. Jim Pingle
12:34 PM Feature #10345: Improve distinction between online and idle/offline entries in DHCP lease list: Updating subject for release notes. Jim Pingle
12:32 PM Bug #13479: Input validation is checking RAM disk sizes when they are inactive: Updating subject for release notes. Jim Pingle
12:31 PM Bug #12737: CA path is not defined when using ``curl`` in the shell: Updating subject for release notes. Jim Pingle
12:29 PM Regression #13488: All Captive Portal users are given the same limiter pipe pair: Updating subject for release notes. Jim Pingle
12:29 PM Regression #13323: Captive Portal breaks policy based routing for MAC address bypass clients: Updating subject for release notes. Jim Pingle
12:27 PM Todo #12782: Disable ``pkg`` compatibility flag which creates ``txz`` file extension symbolic links: Updating subject for release notes. Jim Pingle
12:22 PM Bug #13132: Multiple ``<sshdata>`` or ``<rrddata>`` sections in ``config.xml`` lead to an XML parsing error during restore: Updating subject for release notes. Jim Pingle
12:21 PM Feature #13388: Support for international characters in the AutoConfigBackup Hint/Identifier field: Updating subject for release notes. Jim Pingle
12:20 PM Feature #11266: Option to list AutoConfigBackup entries in "reverse" order (newest at top): Updating subject for release notes. Jim Pingle
12:19 PM Regression #13356: RADIUS authentication attempts no longer send RADIUS NAS IP attribute: Updating subject for release notes. Jim Pingle
12:11 PM Feature #13367: Specify CA trust store location when downloading and validating URL alias content: Updating subject for release notes again, last one was a bit off.
Though really this would affect anything using d... Jim Pingle
12:06 PM Feature #13367: Specify CA trust store location when downloading and validating URL alias content: Updating subject for release notes. Jim Pingle
12:09 PM Feature #13362: Update dynamic gateway consumers when their interface is renamed: That sounds like the most likely culprit. We should target an enhancement for 23.05 I think. Reid Linnemann
12:02 PM Feature #13362 (New): Update dynamic gateway consumers when their interface is renamed: If an interface with dynamic gateways is renamed, the dynamic gateways also change names to follow the interface, but... Jim Pingle
12:05 PM Bug #9296: Alias content is sometimes incomplete when an alias contains both FQDN and IP address entries: Updating subject for release notes. Jim Pingle
12:03 PM pfSense Packages Regression #13695 (Duplicate): pfBlockerNG-devel net 3.1.0_11 install error | 2.7.0-DEVELOPMENT (amd64) built on Thu Nov 24 06:05:10 UTC 2022: Cause is the same as #13679, resolution should fix this particular issue. Can you confirm? Reid Linnemann
12:03 PM pfSense Plus Bug #13358: Traffic to OpenVPN DCO RA clients above the first available tunnel IP address is incorrectly routed: Updating subject for release notes. Jim Pingle
12:03 PM pfSense Plus Regression #13355: OpenVPN crashes after reaching the configured concurrent connection limit: Updating subject for release notes. Jim Pingle
11:54 AM Bug #13282: Alias content is sometimes incomplete if the firewall cannot resolve an FQDN in the alias: Updating subject for release notes. Jim Pingle
10:50 AM Todo #13731 (Feedback): Add multicast group membership (``ifmcstat``) to ``status.php``: Applied in changeset commit:9a5eb723dd2127601e0c0da22c5a30ebc3067417. Jim Pingle
10:22 AM Todo #13731 (Resolved): Add multicast group membership (``ifmcstat``) to ``status.php``: Having the multicast group membership in the status output can be helpful for diagnosing IPv6 issues.
Jim Pingle
10:40 AM Bug #13280: Entries for ``net.link.ifqmaxlen`` duplicated in ``/boot/loader.conf``: Version 2.7.0-DEVELOPMENT (amd64)
built on Fri Dec 02 06:04:46 UTC 2022
FreeBSD 14.0-CURRENT
Hyper-V VMs
net.link... Georgiy Tyutyunnik
10:39 AM pfSense Packages Feature #9833: ACME: add ability to use custom ACME server: Another +1. Just got Step CA installed, and it's really great. Right now I'm just creating CSR's and creating certs t... Jeremy Schoonover
10:37 AM pfSense Packages Feature #10818: UDP Broadcast Relay: Sadly it doesn't seem to IPv6.
I have set up mDNS (5353/224.0.0.251) and SSDP (1900/239.255.255.250), only with IPv6... Øystein Gåsdal
10:00 AM pfSense Packages Feature #10818: UDP Broadcast Relay: I installed pfSense-pkg-udpbroadcastrelay-0.1_6.pkg on my 2.6 install, but am unable to start the service...
!clipbo... John Stafford
12:59 AM pfSense Packages Feature #10818: UDP Broadcast Relay: I've successfully installed the 1.0 package on the 2.7.0 snapshots and was able to configure mDNS (5353/224.0.0.251) ... Dean Arnold
10:33 AM Bug #13423: IPv6 neighbor discovery protocol (NDP) fails in some cases: It may also be useful to set `net.inet6.icmp6.nd6_debug` to 1 in the system tunables, and then restarting the machine... Kristof Provost
10:21 AM Bug #13423: IPv6 neighbor discovery protocol (NDP) fails in some cases: ... Chris Linstruth
10:10 AM Bug #13423: IPv6 neighbor discovery protocol (NDP) fails in some cases: In my case I had an extra IP alias VIP on that interface for fe80:: and removing that VIP and saving/applying the int... Jim Pingle
10:08 AM Bug #13423: IPv6 neighbor discovery protocol (NDP) fails in some cases: Jim and I have done a bit more digging on his setup, and we believe the issue is that the interface is not joined on ... Kristof Provost
09:46 AM Bug #13423: IPv6 neighbor discovery protocol (NDP) fails in some cases: As with cjl, a packet capture on an affected target shows the NS arrive, but there is no NA response. Other hosts in ... Jim Pingle
08:49 AM Bug #13423: IPv6 neighbor discovery protocol (NDP) fails in some cases: Here is a packet capture filtered on the MAC address that is not receiving NDP responses. (Taken on the node that is ... Chris Linstruth
08:44 AM Bug #13423: IPv6 neighbor discovery protocol (NDP) fails in some cases: This is from a system that is currently refusing to offer NDP to a host:... Chris Linstruth
12:45 AM Bug #12870: Clicking Save & Force Update on a Dynamic DNS entry results in a GUI timeout: I can also confirm the recent changeset fixes the issue in 2.7.0 snapshots. Dean Arnold

12/06/2022

10:06 PM Revision 8e26b84f: Cleanup globals.inc. Use single quotes on scalar strings.: Christian McDonald
08:53 PM Bug #13729: Gateways stuck in Unknown status: Marcos M wrote in #note-1:
> There's a decent chance this is fixed in 2.7/23.01. Please test there.
I'm willing t... Nazar Mokrynskyi
01:43 PM Bug #13729 (Feedback): Gateways stuck in Unknown status: There's a decent chance this is fixed in 2.7/23.01. Please test there. Marcos M
12:13 PM Bug #13729 (Resolved): Gateways stuck in Unknown status: My pfSense is virtualized, so its interfaces are always up.
I have a multi-WAN setup with WAN and WAN2 interfaces.
... Nazar Mokrynskyi
07:11 PM Revision 97ac6eb4: Eliminate some direct config access in util.inc, add some documentation: Christian McDonald
05:01 PM pfSense Packages Bug #13730 (Feedback): Suricata fails to download Emerging Threats rule archive due to a behavior change in a native PHP function in PHP 8.1: Merged to CE as of 71bfc136 Reid Linnemann
03:29 PM pfSense Packages Bug #13730: Suricata fails to download Emerging Threats rule archive due to a behavior change in a native PHP function in PHP 8.1: Pull request 1201 has been submitted to the DEVEL branch. Details are here: https://github.com/pfsense/FreeBSD-ports/... Bill Meeks
03:23 PM pfSense Packages Bug #13730 (Resolved): Suricata fails to download Emerging Threats rule archive due to a behavior change in a native PHP function in PHP 8.1: Suricata fails to download Emerging Threats rules archives in the latest pfSense DEVEL snapshots due to apparent chan... Bill Meeks
03:17 PM Revision def2ce00: Add append hook to globals.inc.: Christian McDonald
01:39 PM pfSense Packages Regression #13628 (Pull Request Review): FreeRADIUS Users cleared out each time a user is add, removed, or modified: https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/301
Copy/paste/apply attached patch (strip count... Marcos M
12:51 PM pfSense Plus Bug #13664 (Feedback): GUI allows configuring OpenVPN DCO with incompatible options (TCP, compression, TAP, net30): GUI now hides dev mode and topology choices when DCO is enabled, both front and backend code force the use of tun dev... Jim Pingle
12:35 PM pfSense Plus Feature #13728: Builtin Database for historical log collection: In fairness Jim, other vendors have a similar feature set. This isn’t an oddball request. It’s an attempt to have so... Mike Moore
11:17 AM pfSense Plus Feature #13728 (Rejected): Builtin Database for historical log collection: The firewall is not a place to run a database. Massively increases the attack surface and complexity for little benef... Jim Pingle
10:39 AM pfSense Plus Feature #13728 (Rejected): Builtin Database for historical log collection: Not sure of the amount of effort / technical debt that would be needed to accomplish this but I would like to see the... Mike Moore
12:08 PM Feature #6742: OAuth2 authentication for OpenVPN (and for FreeRadius): We would like to setup a captive portal with an authentication server that supports type oauth2. At the moment it's o... Tom Peeters
12:08 PM Feature #3377: OAuth2 authentication in captive portal: We would like to setup a captive portal with an authentication server that supports type oauth2. At the moment it's o... Tom Peeters
11:51 AM Regression #13629 (Duplicate): Uncaught TypeError: Cannot access offset of type string on string in /usr/local/www/services_dhcp.php: This was duplicated by #13719 and a fix was put in there.
Jim Pingle
07:14 AM pfSense Packages Regression #13714 (Resolved): PHP8.1 error when adding a new interface.: PR merged, thanks! Jim Pingle
06:58 AM pfSense Packages Regression #13714: PHP8.1 error when adding a new interface.: A fix for this issue has been submitted for review and merge. The pull request is here: https://github.com/pfsense/Fr... Bill Meeks
05:47 AM pfSense Packages Regression #13714: PHP8.1 error when adding a new interface.: I am working on this and will post a pull request to DEVEL soon.
Bill Meeks
07:09 AM pfSense Packages Bug #13727 (Not a Bug): Snort - PHP 8.1 error when adding a new interface: Jim Pingle
07:06 AM pfSense Packages Bug #13727: Snort - PHP 8.1 error when adding a new interface: Not a bug.
Oops! This bug report was submitted in error. Please delete it. The Snort package does NOT have the bug r... Bill Meeks
07:00 AM pfSense Packages Bug #13727 (Not a Bug): Snort - PHP 8.1 error when adding a new interface: When adding a new interface to Snort, a fatal PHP 8.1 error is thrown due to passing a NULL where an array parameter ... Bill Meeks
06:19 AM Bug #13014: Deadlock in Charon VICI interface: Kris Phillips wrote in #note-26:
> Kristof Provost wrote in #note-25:
> > Thanks for that.
> >
> > There's nothi... Mikael Karlsson
03:02 AM Bug #9296: Alias content is sometimes incomplete when an alias contains both FQDN and IP address entries: Brian M wrote in #note-116:
> I have the same issue. Mixing FQDN and IP addresses caused me hours of frustration why... Reid Linnemann
12:54 AM Bug #9296: Alias content is sometimes incomplete when an alias contains both FQDN and IP address entries: I have the same issue. Mixing FQDN and IP addresses caused me hours of frustration why various rules were not working... Brian M
01:18 AM Revision dd8a019e: Fix a regression caused by Rector: Fixes #13712: Christian McDonald

12/05/2022

09:13 PM Revision c5c09acd: Replace direct config access in services_dhcp.php. Fix #13719: Marcos M
08:08 PM pfSense Plus Regression #13726 (Resolved): pkg-utils.inc error at first boot: On the first boot after install the console shows:... Steve Wheeler
07:25 PM pfSense Plus Regression #13712: PHP error: pkg-utils.inc: Applied in changeset pfsense:commit:dd8a019e7676fc326d0656d5ee7ab2cb12cba67a. Christian McDonald
07:19 PM pfSense Plus Regression #13712 (Feedback): PHP error: pkg-utils.inc: Christian McDonald
12:46 PM pfSense Plus Regression #13712: PHP error: pkg-utils.inc: Steve Wheeler wrote:
> When switching repos in 23.01:
>
> [...]
>
> Tested in:
> [...]
>
> Does not affect... Ryan Coleman
05:42 PM Bug #5413: Reduce disruptions when changing DNS records from DHCP leases in Unbound: Jeff Kuehl wrote in #note-45:
> I agree, I'll test too
Count me in as well. I'd be happy to test a patch! David Reitz
09:58 AM Bug #5413: Reduce disruptions when changing DNS records from DHCP leases in Unbound: I agree, I'll test too Jeff Kuehl
05:28 PM Bug #13707: Unbound not binding to LAN on startup when explicitly set: This isn't a discussion platform, the forum is. Simple as that. To find the root cause, this needs more discussion, a... Jim Pingle
04:02 PM Bug #13707: Unbound not binding to LAN on startup when explicitly set: Thanks Jim, but if I'm just going to be shunted back to the forum with "it must be something wrong with your hardware... Simon Byrnand
02:53 PM Bug #13707: Unbound not binding to LAN on startup when explicitly set: Please continue the discussion on the forum, this isn't the place to diagnose your situation in that kind of detail -... Jim Pingle
02:41 PM Bug #13707: Unbound not binding to LAN on startup when explicitly set: Jim Pingle wrote in #note-10:
> Simon Byrnand wrote in #note-9:
> > Jim Pingle wrote in #note-8:
> > There seems to b... Simon Byrnand
10:24 AM Bug #13707: Unbound not binding to LAN on startup when explicitly set: Simon Byrnand wrote in #note-9:
> Jim Pingle wrote in #note-8:
> There seems to be something missing in your descri... Jim Pingle
10:13 AM Bug #13707: Unbound not binding to LAN on startup when explicitly set: Jim Pingle wrote in #note-8:
> It gets started/restarted by rc.bootup, rc.newwanip, and/or rc.newwanipv6. There ar... Simon Byrnand
08:27 AM Bug #13707 (New): Unbound not binding to LAN on startup when explicitly set: Simon Byrnand wrote in #note-5:
> In https://redmine.pfsense.org/projects/pfsense/repository/1/revisions/31c37082cad... Jim Pingle
03:53 AM Bug #13707: Unbound not binding to LAN on startup when explicitly set: Jordan Greene wrote in #note-6:
> Simon Byrnand wrote in #note-5:
>
> > Thinking it might be related to the Unifi co... Simon Byrnand
04:54 PM Revision dbff99ef: Eliminate backticks shell execution operator in diag_system_activity.php.: Christian McDonald
04:34 PM Regression #13719 (Resolved): PHP8.1 error when saving DHCP Server settings.: Thanks for confirming. Marcos M
03:20 PM Regression #13719 (Feedback): PHP8.1 error when saving DHCP Server settings.: Applied in changeset commit:c5c09acd9713a8e3ed3a553dc4d83daf4baf9502. Marcos M
01:25 PM Regression #13719: PHP8.1 error when saving DHCP Server settings.: *CONFIRMED* :
The patch posted by Marcos resolves the issue, even with pfBlockerNG-devel installed. Eric R
12:10 PM Regression #13719: PHP8.1 error when saving DHCP Server settings.: Ah, my mistake. Missed that. Just downloaded the patch and will apply it and report results this afternoon. Eric R
11:53 AM Regression #13719: PHP8.1 error when saving DHCP Server settings.: That link is not public, that's why a patch file was attached aswell. Flole Systems
11:30 AM Regression #13719: PHP8.1 error when saving DHCP Server settings.: Marcos, can you verify the link? I am unable to access the one you provided. Showing as unreachable. Eric R
09:12 AM Regression #13719: PHP8.1 error when saving DHCP Server settings.: If you are able to reproduce the problem, please test the patch. Marcos M
02:29 AM Regression #13719: PHP8.1 error when saving DHCP Server settings.: What is strange is that I installed 2.6.0 from a USB stick, then unsuccessfully because of my i-226 network cards, re... Steph Swiss
01:28 PM Revision 4dc4ac50: Fix unnecessarily duplicated work. Issue #13250: Jim Pingle
12:03 PM pfSense Docs Correction #13725: Configure Switch docs cite LAGGs tab that does not exist: That was combined into the ports tab quite a while ago:
https://gitlab.netgate.com/pfSense/factory/-/commit/862f39... Jim Pingle
11:50 AM pfSense Docs Correction #13725 (New): Configure Switch docs cite LAGGs tab that does not exist: On the docs for all Marvell switch-based appliances there are many references to a LAGGs tab that no longer exists.
... Ryan Coleman
11:28 AM Bug #8087: Provide Calling-Station-ID to RADIUS backed VPN connections: The format itself is application-specific. Marcos M
10:47 AM Bug #8087: Provide Calling-Station-ID to RADIUS backed VPN connections: Christian Ullrich wrote in #note-4:
> OpenVPN makes the client's apparent address available in environment variables... Brandon Verkada
07:54 AM Bug #13722 (Not a Bug): OpenVPN connection fail after service restart: I can't reproduce that problem as stated. Edit/Save does sometimes take actions the service restart does not, but if ... Jim Pingle
07:53 AM pfSense Packages Bug #13587 (Feedback): Zabbix-agent62 install fails: It's in the tree now on both CE and Plus, CE might even be in current snapshots, Plus tomorrow. Jim Pingle
07:50 AM pfSense Plus Regression #13724 (Resolved): pfSense-upgrade breaks the pkg repo conf: Upgrades from 22.05 to 23.01 will fail with an error like:... Steve Wheeler
07:49 AM pfSense Packages Bug #13692 (New): Netgate_Firmware_Upgrade - Title link needs updated: Not duplicate. I requested individual issues for these as they have defined links but need correcting in each separat... Jim Pingle
07:49 AM pfSense Packages Bug #13690 (New): IPsec Profile Wizard: Update package description and link in ``pkg-descr``: Not duplicate. I requested individual issues for these as they have defined links but need correcting in each separat... Jim Pingle
07:47 AM Bug #13721 (Duplicate): PHP Fatal error - firewall_rules.php - FreeBSD 14.0-CURRENT #0 devel-main-n255818-a851396c4f4: Fri Dec 2 06:29:25 UTC 2022: Duplicate of #13660 Jim Pingle
07:45 AM Bug #13258 (Resolved): Hidden menu option ``100`` incorrectly handles HTTPS detection: Jim Pingle
07:45 AM Bug #13453 (Resolved): Incorrect word in "Network Interfaces" help text on ``services_unbound.php``: Jim Pingle
07:31 AM Bug #13298 (Resolved): Dynv6 Dynamic DNS client does not check the response code when updating: Jim Pingle
07:31 AM Regression #13303 (Resolved): DNSExit Dynamic DNS updates no longer work: Jim Pingle
07:30 AM Todo #13250 (Resolved): Clean up DHCP Server option language: I wasn't looking at the RA pages here, just the DHCP pages. But I removed that "Seconds." bit just now in commit:4dc4... Jim Pingle
07:26 AM Regression #13488 (Resolved): All Captive Portal users are given the same limiter pipe pair: Jim Pingle
07:25 AM Bug #13645 (Resolved): PHP errors regarding ssh: Jim Pingle
07:24 AM Bug #13132 (Resolved): Multiple ``<sshdata>`` or ``<rrddata>`` sections in ``config.xml`` lead to an XML parsing error during restore: That should be sufficient testing.
The "live" method can be done if you are logged in and sitting at the backup pa... Jim Pingle
07:14 AM Bug #13723 (Confirmed): dpinger doesn't renew Gateway Monitoring IP address for IPsec VTi after changing IPsec VTi subnet: Tested on 22.05
Steps to reproduce:
1. Create Routed IPsec with IPv6 addresses as a Local and Remote. In my case ... Azamat Khakimyanov
06:19 AM Bug #12764: VTI gateway status is pending after assigning the VTI interface: I found it on my VM which had Gateway monitoring disabled so dpinger was not active (Status/Services). So when I adde... Azamat Khakimyanov
06:13 AM Bug #12764: VTI gateway status is pending after assigning the VTI interface: Tested on latest 23.01-DEV (built on Mon Dec 05 06:05:03 UTC 2022)
This issue hasn't been resolved yet. When new R... Azamat Khakimyanov
01:06 AM pfSense Packages Bug #13564 (Feedback): PHP error after creating a Route Map: I believe this is fixed by the resolution for #13642. Can you retest? Reid Linnemann
12:53 AM pfSense Packages Bug #13679 (Feedback): Error in pfBlockerNG Post Install Script: Should be fixed in CE as of "18035e":https://github.com/pfsense/FreeBSD-ports/commit/18035e2a5340c0b57be694a2d5b3f777... Reid Linnemann

12/04/2022

10:35 PM Regression #13719: PHP8.1 error when saving DHCP Server settings.: Found a workaround.
You can reconfigure the interfaces and DHCP Servers via console to the box. Had no issues maki... Eric R
04:43 PM Regression #13719: PHP8.1 error when saving DHCP Server settings.: I determined what was causing the issue. It seems to be caused by the pfBlockerNG-devel package. I had a second route... Eric R
01:26 PM Regression #13719 (Pull Request Review): PHP8.1 error when saving DHCP Server settings.: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/967
Copy/paste/apply the attached patch via the System P... Marcos M
10:16 AM Regression #13719: PHP8.1 error when saving DHCP Server settings.: *Debugging output can be collected to share with pfSense developers or others providing support or assistance.*
... Steph Swiss
10:14 AM Regression #13719: PHP8.1 error when saving DHCP Server settings.: *OUPS* ... in fact I still have the BUG (PHP error) when I use the "SAVE" button, however I finally managed to "fix" ... Steph Swiss
10:02 AM Regression #13719: PHP8.1 error when saving DHCP Server settings.: Hello,
I found how to "fix" (now I don't have this PHP error message anymore).
To start in "Services > DHCP Serve... Steph Swiss
01:49 AM Regression #13719: PHP8.1 error when saving DHCP Server settings.: You are very lucky because on the "built on Tue Nov 29 06:04:43 UTC 2022" and on the last one "the same one you have"... Steph Swiss
10:34 PM Bug #13722 (Not a Bug): OpenVPN connection fail after service restart: I am using OPenVPN client. When service is started from Status -> OpenVPN (stop, then start) I always getting "TLS Er... Stanislav Meshcheriakov
04:35 PM Bug #13076 (Resolved): Marking a gateway as down does not affect IPsec entries using gateway groups: Tested on latest snap - now works correctly. Marcos M
02:14 PM pfSense Packages Feature #13361: Add Zabbix 6.2 (agent and proxy) packages: +1
Agent 6.2 install does not work, same error. Hannes Palmquist

12/03/2022

11:56 PM Regression #13719: PHP8.1 error when saving DHCP Server settings.: Tested on
2.7.0-DEVELOPMENT (amd64)
built on Fri Dec 02 06:04:46 UTC 2022
FreeBSD 14.0-CURRENT
I can not reprod... aleksei prokofiev
03:52 AM Regression #13719: PHP8.1 error when saving DHCP Server settings.: Hello and sorry for my bad English :-(
I just registered to be able to write here. I have exactly the same bug wit... Steph Swiss
09:13 PM pfSense Packages Bug #13247 (Confirmed): Open-VM-Tools service actions do not work: Can confirm this behavior on pfSense Plus 23.01. Since this is a kernel module and not a service, probably best to j... Kris Phillips
09:04 PM pfSense Packages Bug #13690 (Duplicate): IPsec Profile Wizard: Update package description and link in ``pkg-descr``: This is a duplicated of https://redmine.pfsense.org/issues/12759 Kris Phillips
09:02 PM pfSense Packages Regression #13714 (Confirmed): PHP8.1 error when adding a new interface.: I'm able to reproduce this. Marked as Confirmed. Kris Phillips
09:01 PM pfSense Packages Bug #13692 (Duplicate): Netgate_Firmware_Upgrade - Title link needs updated: Marking as duplicate of https://redmine.pfsense.org/issues/12759
The Netgate Firmware Upgrade package is a proprie... Kris Phillips
08:59 PM pfSense Packages Bug #13709 (Resolved): Suricata 6.0.6_1 - PHP 8.1 Error on Alerts Page: Tested with Suricata 6.0.8_2. Not seeing PHP error messages on the Alerts page. Looks to be resolved. Kris Phillips
08:52 PM Bug #13721: PHP Fatal error - firewall_rules.php - FreeBSD 14.0-CURRENT #0 devel-main-n255818-a851396c4f4: Fri Dec 2 06:29:25 UTC 2022: There is not enough information in this bug report. What was the steps/action(s) that caused this crash report to ap... Kris Phillips
08:32 PM Bug #13721 (Duplicate): PHP Fatal error - firewall_rules.php - FreeBSD 14.0-CURRENT #0 devel-main-n255818-a851396c4f4: Fri Dec 2 06:29:25 UTC 2022: amd64
14.0-CURRENT
FreeBSD 14.0-CURRENT #0 devel-main-n255818-a851396c4f4: Fri Dec 2 06:29:25 UTC 2022 root@fr... RED SKULL
08:48 PM pfSense Packages Bug #13587: Zabbix-agent62 install fails: Tested on latest builds in case the above merge request was merged in. It has not. Kris Phillips
07:39 PM Bug #13258: Hidden menu option ``100`` incorrectly handles HTTPS detection: running 23.01.a.20221202.0600
!clipboard-202212031938-mrhwj.png!
Jordan G
07:29 PM Bug #13707: Unbound not binding to LAN on startup when explicitly set: Simon Byrnand wrote in #note-5:
> Thinking it might be related to the Unifi controller software I'm also running on ... Jordan G
12:00 PM Bug #13707: Unbound not binding to LAN on startup when explicitly set: Well that was an ordeal updating to the development snapshot. :(
My first attempt at an in place upgrade from 2.6.0 ... Simon Byrnand
06:36 PM Bug #13453: Incorrect word in "Network Interfaces" help text on ``services_unbound.php``: language has been corrected to not reference improper field selection - pfSense Plus Dev 23.01.a.20221202.0600 Jordan G
04:59 PM Bug #13507 (Resolved): Copying multiple rules at the same time results in new rules with duplicate tracker IDs: Alhusein Zawi
04:59 PM Bug #13507: Copying multiple rules at the same time results in new rules with duplicate tracker IDs: there is no duplication after copy/past the rules.
anchor "userrules/*"
pass in quick on $WAN reply-to ( em0 ... Alhusein Zawi
03:05 PM pfSense Packages Bug #13513: Cannot install Squid: Kris Phillips wrote in #note-9:
> Tested on Nov 18th builds. Package installs properly with no more errors. Issue ... Peter Moreno
01:45 PM Regression #13666 (Resolved): Assigned bridge interfaces are not configured at boot: fixed
after reboot :
[23.01-DEVELOPMENT][admin@pfSense.home.arpa]/root: ifconfig bridge0
bridge0: ... Alhusein Zawi
01:10 PM Bug #12612 (Resolved): DNS Resolver is restarted during every ``rc.newwanip`` event even for interfaces not used in the resolver: Tested against the:... Danilo Zrenjanin
12:27 PM Bug #13307 (Resolved): PPP interface custom reset date/time Hour and Minute fields do not properly handle ``0`` value: Alhusein Zawi
12:27 PM Bug #13307: PPP interface custom reset date/time Hour and Minute fields do not properly handle ``0`` value: Custom reset option takes 0 value
23.01-DEVELOPMENT (amd64)
built on Fri Dec 02 06:04:48 UTC 2022
Alhusein Zawi
07:15 AM Bug #8087: Provide Calling-Station-ID to RADIUS backed VPN connections: OpenVPN makes the client's apparent address available in environment variables:... Christian Ullrich
07:08 AM Bug #13298: Dynv6 Dynamic DNS client does not check the response code when updating: Working as expected, tested on
23.01-DEVELOPMENT (amd64)
built on Fri Dec 02 06:04:48 UTC 2022
FreeBSD 14.0-CURR... Lev Prokofev
06:50 AM Regression #13303: DNSExit Dynamic DNS updates no longer work: Can confirm that it's working as expected on
23.01-DEVELOPMENT (amd64)
built on Fri Dec 02 06:04:48 UTC 2022
Fr... Lev Prokofev
05:27 AM Todo #13250: Clean up DHCP Server option language: Checked against:... Danilo Zrenjanin
04:58 AM Bug #13387 (Resolved): Input validation is not rejecting invalid description characters when editing a CA or Certificate: Tested against:... Danilo Zrenjanin
04:37 AM Regression #13488: All Captive Portal users are given the same limiter pipe pair: Looks like pipes per user fixed. Users using their own pipe.
Tested
@23.01-DEVELOPMENT (amd64)
built on Fri D... Lev Prokofev
04:08 AM Bug #13539 (Resolved): Missing descriptions for referrers to firewall aliases cause empty strings for references to be returned when deleting an in-use alias: Tested against:... Danilo Zrenjanin
02:29 AM Bug #13645: PHP errors regarding ssh: Tested on
23.01-DEVELOPMENT (amd64)
built on Fri Dec 02 06:04:48 UTC 2022
FreeBSD 14.0-CURRENT
No such error... Lev Prokofev

12/02/2022

08:27 PM Bug #13132: Multiple ``<sshdata>`` or ``<rrddata>`` sections in ``config.xml`` lead to an XML parsing error during restore: I updated a virtual machine from 2.6 to 2.7.0.a.20221202.0600 and took a snapshot.
- SSH is enabled and the default a... Chris W
03:41 PM Regression #13719 (Resolved): PHP8.1 error when saving DHCP Server settings.: *BRANCH:* DEVEL version (devel)
*VERSION:* 2.7.0.a.20221202.0600
*ERROR MESSAGE:* PHP Fatal error: Uncaught TypeErr... Eric R
02:38 PM Revision 2af41fcd: Introduce public accessors for $g: g_has, g_get, and g_set.: Christian McDonald
02:25 PM Revision 51c72717: Improve LDAP debug logs. Implements #13718: Jim Pingle
02:16 PM Regression #13685 (Resolved): URL alias parsing is broken, gets stuck in infinite loop reading downloaded file: Jim Pingle
12:53 PM Regression #13685: URL alias parsing is broken, gets stuck in infinite loop reading downloaded file: tested on
Version 2.7.0-DEVELOPMENT (amd64)
built on Fri Dec 02 06:04:46 UTC 2022
FreeBSD 14.0-CURRENT
Alias i... Georgiy Tyutyunnik
01:16 PM pfSense Packages Bug #13587 (Pull Request Review): Zabbix-agent62 install fails: https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/300 Christopher Cope
12:38 PM Revision 3a603398: Fix typo s/_echo/echo/: Renato Botelho
12:36 PM Feature #13388 (Resolved): Support for international characters in the AutoConfigBackup Hint/Identifier field: I was able to recreate the issue on the 22.05.
It worked as expected when I tested it against:... Danilo Zrenjanin
12:21 PM Bug #13706 (Confirmed): Static routes are not updated when updating a nested alias.: Tested against:... Danilo Zrenjanin
09:37 AM Bug #13093: LDAP authentication fails with extended query and RFC2307 group lookups enabled: I improved the LDAP debug logging a bit over on #13718 which may help here as well.
Jim Pingle
08:35 AM Todo #13718 (Feedback): Improve LDAP debugging: Applied in changeset commit:51c72717a62860a85b251ea17e72087a27d9e18a. Jim Pingle
08:23 AM Todo #13718 (Resolved): Improve LDAP debugging: The LDAP debug logs are inconsistent in their use of @log_auth()@ vs @log_error()@ and they should all be @log_error(... Jim Pingle
07:27 AM pfSense Plus Bug #13664 (In Progress): GUI allows configuring OpenVPN DCO with incompatible options (TCP, compression, TAP, net30): OK, I'll open this back up and work up similar changes to disable and force the TUN/TAP setting to always be 'tun', a... Jim Pingle
06:30 AM pfSense Plus Bug #13664: GUI allows configuring OpenVPN DCO with incompatible options (TCP, compression, TAP, net30): Tested against:... Danilo Zrenjanin

12/01/2022

09:30 PM Revision 7c841634: Revert "Remove unused global $config_extra": This reverts commit e36bc382ae1e0533c328b9dcd99959b17171de2e Christian McDonald
09:30 PM Revision e36bc382: Remove unused global $config_extra: Christian McDonald
08:48 PM Revision a4105aad: Remove unused xmlreader implementation and conditional sourcing: Christian McDonald
02:30 PM Bug #13717 (Duplicate): Stack overflow in ping(8) Vulnerability (FreeBSD): Duplicate of #13716 Jim Pingle
02:29 PM Bug #13717 (Duplicate): Stack overflow in ping(8) Vulnerability (FreeBSD): FreeBSD-SA-22:15.ping
https://www.freebsd.org/security/advisories/FreeBSD-SA-22:15.ping.asc
------
ping rea... RED SKULL
11:09 AM Bug #13716 (Resolved): CVE-2022-23093 / FreeBSD-SA-22:15.ping: Ref: https://www.freebsd.org/security/advisories/FreeBSD-SA-22:15.ping.asc
Not a significant concern for pfSense s... Jim Pingle
11:09 AM pfSense Packages Bug #13715 (New): arpwatch causing issues with Cron notifications?: Since upgrading to 2.7.0-devel I'm getting the following errors instead of the cron messages I'm expecting:
Arpwatch... Robert Johnston
11:03 AM Bug #13707: Unbound not binding to LAN on startup when explicitly set: Hi Danilo,
Yes, I'll try the latest development snapshot on the affected box sometime in the next few days and rep... Simon Byrnand
07:32 AM Bug #13707: Unbound not binding to LAN on startup when explicitly set: I tested against the:... Danilo Zrenjanin
09:09 AM pfSense Plus Regression #13613 (Ready To Test): OpenVPN crashes due to if_tuntap changes: Merged. This will turn up in the next snapshot build. Kristof Provost
08:06 AM pfSense Plus Regression #13613 (Pull Request Review): OpenVPN crashes due to if_tuntap changes: Jim Pingle
06:45 AM Bug #13254 (Resolved): DNS resolver does not update its configuration or reload during link down events: Tested against:... Danilo Zrenjanin

11/30/2022

08:37 PM Revision 04d726ac: Disable MTU input for a bridged interface: Bridge member interfaces cannot have their MTU configured independently from a
bridge, this change disables the MTU i... Reid Linnemann
08:37 PM Revision 51b682d9: Add ovpn qinqs to bridges instead of rebuilding them. Fixes #13666: qinq interfaces defined with parent openvpn interfaces are configured late in
rc.bootup, after qinqs for other physic... Reid Linnemann
06:57 PM pfSense Packages Regression #13714 (Resolved): PHP8.1 error when adding a new interface.: On the latest Suricata on 23.01 when adding a new interface:
> Fatal error: Uncaught TypeError: array_get_path(): Ar... Marcos M
06:55 PM pfSense Packages Bug #12956 (Resolved): suricata fails to use pcre in SID management (e.g. dropsid.conf): Marcos M
06:29 PM pfSense Plus Regression #13613: OpenVPN crashes due to if_tuntap changes: Tested patch and it worked well here. Marcos M
05:22 AM pfSense Plus Regression #13613: OpenVPN crashes due to if_tuntap changes: I can reproduce that here. It looks like the problem is that we send a SIGTERM to openvpn, but don't wait until it ac... Kristof Provost
12:13 AM pfSense Plus Regression #13613 (Feedback): OpenVPN crashes due to if_tuntap changes: I just ran into a different way of triggering what seems to be a similar issue. Editing a client with DCO enabled, un... Marcos M
06:02 PM Bug #12870 (Resolved): Clicking Save & Force Update on a Dynamic DNS entry results in a GUI timeout: The fix worked for me, thanks! Marcos M
06:01 PM Bug #13600 (Duplicate): Saving a DDNS entry can lead to the GUI timing out.: Marcos M
06:00 PM Bug #13600 (Resolved): Saving a DDNS entry can lead to the GUI timing out.: Worked well here, thanks! Marcos M
05:50 PM pfSense Packages Bug #13684 (Duplicate): HAProxy PHP error haproxy.inc:1229: Marcos M
05:13 PM pfSense Packages Bug #13684: HAProxy PHP error haproxy.inc:1229: Duplicate of #13562 (with fix in there) Robert Johnston
05:47 PM pfSense Packages Bug #13562 (Duplicate): HAProxy PHP error on upgrade to PHP8.1 update: I'm marking this one as duplicate given that the fix for both packages has already been submitted and pending review.... Marcos M
01:43 PM pfSense Packages Bug #13562: HAProxy PHP error on upgrade to PHP8.1 update: Okay, I have fixed all the errors I was getting. The procedure I used.
# Edit @/usr/local/pkg/haproxy/haproxy_util... Robert Johnston
03:01 PM Bug #13093 (Feedback): LDAP authentication fails with extended query and RFC2307 group lookups enabled: OK this may be another case where it's the LDAP schema at play.
If your groups are not in the same container as the ... Jim Pingle
02:45 PM Regression #13666 (Feedback): Assigned bridge interfaces are not configured at boot: Applied in changeset commit:51b682d9d7eb3bbba5bb6af96b09ab709115be58. Reid Linnemann
01:54 PM Bug #13713 (New): intermittent display of CPU Current / Max speed in System Information dashboard panel: A cosmetic / UX issue.
Issue:
When CPU powerd / scaling is enabled, the "Current: X MHz, Max: Y MHz" text is di... Royce Williams
01:11 PM pfSense Packages Bug #13709: Suricata 6.0.6_1 - PHP 8.1 Error on Alerts Page: The pull request has been merged. This issue can be marked as resolved. Bill Meeks
11:05 AM pfSense Plus Regression #13712 (Resolved): PHP error: pkg-utils.inc: When switching repos in 23.01:... Steve Wheeler
09:11 AM Regression #13705 (Resolved): PHP8.1 Captive Portal TypeError: I was getting this error every few hours. After applying this patch I've went almost 24 hours without an error. Marki... Christopher Cope
06:53 AM pfSense Plus Bug #13602: OpenVPN fails to start again if it crashes with DCO enabled: Jim is beter qualified to review these changes than I am. Kristof Provost
04:46 AM pfSense Packages Bug #13444: zabbix_proxy : cannot open "/var/log/zabbix-proxy/zabbix_proxy.log": [13] Permission denied: I see the same behavior, independently from Zabbix versions. The problem indeed, is in @newsyslog@ config for the ser... Juraj Lutter
02:29 AM Bug #13676 (Resolved): PHP errors on services_dhcpv6_relay.php: Tested against:... Danilo Zrenjanin

11/29/2022

11:57 PM pfSense Plus Bug #13602 (Pull Request Review): OpenVPN fails to start again if it crashes with DCO enabled: Marcos M
04:09 PM pfSense Plus Bug #13602 (New): OpenVPN fails to start again if it crashes with DCO enabled: I think it'd be preferred to implement part of this in both CE and Plus to avoid unnecessary code differences.
https... Marcos M
07:38 PM pfSense Packages Bug #13709: Suricata 6.0.6_1 - PHP 8.1 Error on Alerts Page: I've submitted a pull request to the 2.7.0 CE snapshot development branch to address this issue. The request is here:... Bill Meeks
04:44 PM pfSense Packages Bug #13709: Suricata 6.0.6_1 - PHP 8.1 Error on Alerts Page: Confirmed.
This is caused by a missing closing parenthesis in the if() conditional statement on line 545 directly ... Bill Meeks
08:36 AM pfSense Packages Bug #13709 (Resolved): Suricata 6.0.6_1 - PHP 8.1 Error on Alerts Page: Seeing this error upon clicking on the Suricata alerts tab:
"Parse error: syntax error, unexpected token ";" in /u... Steve Wilson
05:54 PM Revision f67c3ec2: rc.ipsec: Strip bonus quotes. Fixes #13076: The string was coming from check_reload_status wrapped in quotes that
were not necessary, and were causing the string... Jim Pingle
04:55 PM Revision 8de9ebba: $usedmacs should never be a string, default should be an array. For #13705: Christian McDonald
03:51 PM Revision 829322b3: Rector some direct config gets with complex paths.: Christian McDonald
03:04 PM Bug #13093: LDAP authentication fails with extended query and RFC2307 group lookups enabled: I'll poke at this and see what I can turn up. Apparently both of my lab LDAP servers are broken in different ways at ... Jim Pingle
12:05 PM Bug #13076 (Feedback): Marking a gateway as down does not affect IPsec entries using gateway groups: Applied in changeset commit:f67c3ec2946594a3679f6016716712ce74dac9c5. Jim Pingle
12:00 PM Bug #13076 (In Progress): Marking a gateway as down does not affect IPsec entries using gateway groups: I see why this is happening, the gateway value being passed to rc.ipsec is coming through as a quoted string where th... Jim Pingle
11:13 AM pfSense Packages Bug #13619 (Resolved): PHP Error in pfblockerNG-devel widget: The package version was bumped (now today on 3.1.0_11) to include the fix for this issue on pfSense+. I'm no longer s... Marcos M
10:58 AM Regression #13705 (Feedback): PHP8.1 Captive Portal TypeError: https://gitlab.netgate.com/pfSense/pfSense/-/commit/8de9ebba70b1e7860b071f06791479bbaf2d6e5c
Christian McDonald
10:23 AM Feature #13710 (New): Support UTF-8 CA/Certificate subject components: Some support was added for UTF-8 CA/Certificate fields in #12041 but it isn't complete.
The backend seems to handl... Jim Pingle
10:08 AM pfSense Plus Bug #13530: Remote Logging strange behavior: Jim, I am still trying to interconnect connect pfsense with my gray log server and there are surely multiple issues b... Louis B
08:09 AM Bug #13707: Unbound not binding to LAN on startup when explicitly set: Hi Jim,
Thanks for the reply.
If I take a backup of my current config, is it possible to do an in-place upgrade... Simon Byrnand
07:42 AM Bug #13707 (Feedback): Unbound not binding to LAN on startup when explicitly set: The fix for #13254 may have addressed this already. That fix won't apply to older versions, however, you will need to... Jim Pingle
04:47 AM Bug #13707 (New): Unbound not binding to LAN on startup when explicitly set: Hi,
This is related to the following forum thread:
https://forum.netgate.com/topic/176155/unbound-not-respondin... Simon Byrnand
07:54 AM Bug #13253: ``dhcp6c`` is not restarted when applying settings when multiple WANs are configured for DHCP6: The change is working as expected for this case in the latest snapshot. Saving and applying on a DHCP6 WAN causes the... Jim Pingle
05:36 AM pfSense Packages Feature #13708 (New): Apprise - Huge variety of notification methods in a single package: Apprise -
One notification library to rule them all.
A common and intuitive notification syntax.
Supports the ha... Jack Grimsdell
05:34 AM pfSense Packages Bug #13587: Zabbix-agent62 install fails: Hi, there seems to be an error in the installation, installs "zabbix62-agent" and then search for "zabbix-agent62".
... Xavier Roig

11/28/2022

09:04 PM Revision 8e88bd48: Pass reloadall flag to dhcp6c config. Fixes #13253: This ensures that if the interface is being configured in a way that requires a reload, that the DHCP6 client is also... Jim Pingle
08:09 PM Revision 7e3ea4a8: Rector some config unsets with complex paths.: Christian McDonald
07:16 PM Bug #13706 (Confirmed): Static routes are not updated when updating a nested alias.: Tested on @22.05@ and @23.01.a.20221123.0600@.
Setup:
* Create the network alias @a2@ with a subnet defined.
* C... Marcos M
05:29 PM Revision 02d6ca03: DDNS Save+Force timeout improvements. Fixes #12870: * In PHP8, curl_close is a no-op, so remove it.
* Now that curl_close does nothing, we have to set CURLOPT_FORBID_REU... Jim Pingle
05:21 PM Revision f4970dcd: Update Rector config with pfSense-specific tweaks and notes: Christian McDonald
05:03 PM Revision 75c2fbf0: Update namespace for custom Rectors to better align with on-disk hierarchy.: Christian McDonald
04:57 PM Regression #13705: PHP8.1 Captive Portal TypeError: Tested on... Christopher Cope
04:56 PM Regression #13705 (Resolved): PHP8.1 Captive Portal TypeError: ... Christopher Cope
04:54 PM Bug #13704 (Resolved): Refactor IPsec code using config access functions: Brad Davis
04:54 PM Todo #13702 (Resolved): Replace direct config accesses in ``system_advanced_sysctl``: Brad Davis
04:52 PM Todo #13701 (Resolved): Replace direct config accesses for the rest of the paths in ``system_advanced_admin.inc``: Brad Davis
03:10 PM Bug #13253 (Feedback): ``dhcp6c`` is not restarted when applying settings when multiple WANs are configured for DHCP6: Applied in changeset commit:8e88bd48a22b55d213ac7613be74c651706cfa0d. Jim Pingle
03:04 PM Revision 721fafba: Rector some direct config sets with pure scalar paths.: Christian McDonald
12:07 PM Bug #13600 (Feedback): Saving a DDNS entry can lead to the GUI timing out.: The new fix on #12870 probably fixed this as well, try with commit:02d6ca03965777ab95da05c7ae526aa75d2ddc2a applied o... Jim Pingle
11:40 AM Bug #12870 (Feedback): Clicking Save & Force Update on a Dynamic DNS entry results in a GUI timeout: Applied in changeset commit:02d6ca03965777ab95da05c7ae526aa75d2ddc2a. Jim Pingle
11:36 AM Bug #12870: Clicking Save & Force Update on a Dynamic DNS entry results in a GUI timeout: I think I have this fixed again, it's still weirdness in cURL.
With PHP 8, curl_close() does nothing, which explai... Jim Pingle
07:57 AM Bug #12870 (New): Clicking Save & Force Update on a Dynamic DNS entry results in a GUI timeout: The fixes should already be in 23.01/2.7.0 snapshots, but it's possible some other change broke this again.
I can ... Jim Pingle
08:50 AM pfSense Docs Correction #13699: Clarification to URL / URL Table Aliases in Docs: Jens Groh wrote in #note-2:
> So I'm right in remembering, that URL-style aliases are only fetched once (and again e... Jim Pingle
08:48 AM pfSense Docs Correction #13699: Clarification to URL / URL Table Aliases in Docs: Jim Pingle wrote in #note-1:
> The bottom part is wrong since the automatic update part only applies to URL table ... Jens Groh
08:26 AM pfSense Docs Correction #13699: Clarification to URL / URL Table Aliases in Docs: The behavior did change over time so neither one of those is quite right.
The top part is wrong because it doesn't... Jim Pingle
02:49 AM pfSense Docs Correction #13699 (New): Clarification to URL / URL Table Aliases in Docs: Hi,
I got a mail by a customer that was a bit confused about the wording on the docs page concerning the differenc... Jens Groh
08:13 AM Feature #13698 (Duplicate): Routes Flag - Legend: Duplicate of #13478
Though you can click the help link on the page ("(?)" in the breadcrumb bar) to get the docs p... Jim Pingle
08:07 AM Bug #13676: PHP errors on services_dhcpv6_relay.php: Jordan Greene wrote in #note-6:
> still happening on 23.01.a.20221124.0600
What exactly is the error message now?... Jim Pingle
08:05 AM pfSense Plus Bug #13530: Remote Logging strange behavior: Again, there isn't enough to go on there. It works fine and doesn't stop on many systems in other places (including m... Jim Pingle
08:02 AM Bug #13493: Several advanced DHCP6 client options do not inform the user when rejecting invalid input: Client-side validation in JS could probably be done to help guide users toward valid input, but that should be a sepa... Jim Pingle
07:54 AM Bug #13694 (Not a Bug): Strange behavior when disabling a firewall rule while anoter is simultaneosly in Edit mode: While this could be handled better, it's not a bug but a design flaw in how any area handles items by index number in... Jim Pingle
07:51 AM pfSense Packages Bug #13696 (Not a Bug): WireGuard v0.1.6_2 - Tunnel Will Never Handshake Again After WAN Reset: Jim Pingle
07:48 AM Regression #13618 (Duplicate): Creating URL Table (IPs) alias fails on applying: I missed this issue and ended up making a new one when I fixed it. See #13685 Jim Pingle
07:07 AM pfSense Packages Feature #11130 (Resolved): FRR RIP support: Azamat Khakimyanov
07:07 AM pfSense Packages Feature #11130: FRR RIP support: Tested on 22.05 and on latest 23.01-DEV (built on Thu Nov 24 06:04:19 UTC 2022)
I used RIP between 2 nodes, with adv... Azamat Khakimyanov
07:01 AM pfSense Packages Regression #12653 (Resolved): RIP related startup error: Tested on 22.05 and on latest 23.01-DEV (built on Thu Nov 24 06:04:19 UTC 2022)
There is no issue with RIP. I crea... Azamat Khakimyanov

11/27/2022

11:06 PM Feature #13698 (Duplicate): Routes Flag - Legend: Under Diagnostics / Routes in the Flags column, it would be helpful to have a legend somewhere on screen to indicate ... Mike Moore
06:45 PM Bug #13473: No IPv6 address acquired after reboot/dhcp6c not starting: Probably similar to #13671 Flole Systems
06:43 PM Bug #13473: No IPv6 address acquired after reboot/dhcp6c not starting: Have you tested with multiple client interfaces? As described the issue happens due to the new "single dhcpv6 client ... Flole Systems
04:54 PM Bug #13676: PHP errors on services_dhcpv6_relay.php: still happening on 23.01.a.20221124.0600 Jordan G
10:42 AM pfSense Plus Bug #13530: Remote Logging strange behavior: I did some further test. Not only the firewall log stops but also e.g. unbound. I disabled forwarding to GrayLog. At ... Louis B
07:59 AM pfSense Plus Bug #13530: Remote Logging strange behavior: Yep, I just started logging pfsense alarms in GrayLog, and .... it does not work. The firewall logging stops after so... Louis B
01:22 AM pfSense Packages Bug #13619: PHP Error in pfblockerNG-devel widget: Tested on 23.01.a.20221124.0600 and I don't see any errors on the widget
!clipboard-202211271021-lhh79.png!
aleksei prokofiev

11/26/2022

08:04 PM Bug #13687: Cannot add limiters named ``new``: Confirmed this bug on 23.01. Additionally, if you create a limiter named "new" and then create a queue, if you go an... Kris Phillips
08:04 PM Bug #13493: Several advanced DHCP6 client options do not inform the user when rejecting invalid input: Wouldn't it be possible to limit the possible characters in the web interface aswell? Using the HTML5 attribute @type... Flole Systems
08:02 PM Bug #13375: Mixing VTI and disabled Tunnel Mode phase 2 entries on the same phase 1 breaks VTI gateway monitoring: Confirmed for 23.01 builds too. Kris Phillips
07:56 PM Bug #13277: IGMP Proxy webConfigurator Page Always Produces Error: Tested on pfSense Plus 23.01 and this message is still present. However, the service starts and works normally regar... Kris Phillips
07:27 PM Bug #13014: Deadlock in Charon VICI interface: Kristof Provost wrote in #note-25:
> Thanks for that.
>
> There's nothing obviously suspect in the status or conf... Kris Phillips
07:24 PM pfSense Packages Bug #13623 (Resolved): Snort binary package fails to install on 2.7.0-DEVEL snapshots due to luajit-openresty version problems: This looks like it was merged, so I tested on the latest builds.
Issue is no longer present and the package inst... Kris Phillips
05:37 PM pfSense Packages Regression #13697 (Resolved): pfBlockerNG alerts error on 2.7.0 devel and PHP 8.1: Getting the following error:... Robert Johnston
10:25 AM Bug #12870: Clicking Save & Force Update on a Dynamic DNS entry results in a GUI timeout: I was able to replicate this issue with GoDaddy DNS. Click Save & Force Update then eventually a 504/timeout error ap... Dean Arnold
12:14 AM Bug #13694: Strange behavior when disabling a firewall rule while anoter is simultaneosly in Edit mode: Tested on
23.01-DEVELOPMENT (amd64)
built on Fri Nov 18 06:04:48 UTC 2022
FreeBSD 14.0-CURRENT
In step "4" a... Lev Prokofev

11/25/2022

04:14 PM pfSense Packages Bug #13696: WireGuard v0.1.6_2 - Tunnel Will Never Handshake Again After WAN Reset: Never mind. It was a problem with my firewall. Follow the guide here and you'll be fine: https://mullvad.net/en/help/... Nunya Business
02:08 PM pfSense Packages Bug #13696: WireGuard v0.1.6_2 - Tunnel Will Never Handshake Again After WAN Reset: I think I found the solution for 0.1.6_2. Once your tunnel is setup with peers, you have your tun_wg0 Interface, and ... Nunya Business
07:27 AM pfSense Packages Bug #13696: WireGuard v0.1.6_2 - Tunnel Will Never Handshake Again After WAN Reset: even just rebooting or restarting Wireguard Nunya Business
07:14 AM pfSense Packages Bug #13696 (Not a Bug): WireGuard v0.1.6_2 - Tunnel Will Never Handshake Again After WAN Reset: This old bug has returned: https://redmine.pfsense.org/issues/12399
Identical symptoms: make any changes to the tu... Nunya Business
07:10 AM pfSense Packages Bug #12399: WireGuard v0.1.5 - Tunnel Will Never Handshake Again After WAN Reset: This problem has returned with the current version of the Wireguard package, 1.1.6_2.
Identical symptoms: make any... Nunya Business

11/24/2022

07:08 PM pfSense Packages Regression #13695 (Duplicate): pfBlockerNG-devel net 3.1.0_11 install error | 2.7.0-DEVELOPMENT (amd64) built on Thu Nov 24 06:05:10 UTC 2022: PHP ERROR: Type: 1, File: /usr/local/pkg/pfblockerng/pfblockerng_install.inc, Line: 142, Message: Uncaught TypeError:... RED SKULL
04:39 PM Regression #13618: Creating URL Table (IPs) alias fails on applying: This appears to be resolved now. I update around once a week on my test system so unsure which build fixed it. Brad Smith
03:32 PM Bug #13694 (Not a Bug): Strange behavior when disabling a firewall rule while anoter is simultaneosly in Edit mode: It appears this is regardless of interface. WAN and floating are from the original ticket so they're used here as an ... Chris W
09:03 AM Regression #13026: Limiters do not work: I can replicate the issue Steve describes, but I'm not quite sure if it's a bug or somewhat surprising expected behav... Kristof Provost
01:07 AM pfSense Docs New Content #10311: Default net.link.ifqmaxlen value leads to packet loss under load in OpenVPN: Interestingly its forced to a value of 128 now.
If set it inside on /boot/loader.conf.local, it will apply on the ... Chris Collins

11/23/2022

08:47 PM Regression #12827: High latency and packet loss during a filter reload: Hi guys feedback from myself.
I had this enabled when I first updated to 2.6.0. Had noticed no issues.
But yesterd... Chris Collins
04:34 PM Revision 522e3f91: DHCP6 Adv field validation errors. Fixes #13493: A few fields were being validated but not informing the user when the
values were bad. This commit lets the user know... Jim Pingle
02:06 PM Revision 1e45d13f: Rector some direct config gets with pure scalar paths.: Christian McDonald
01:06 PM pfSense Plus Bug #13693 (Rejected): Private domain in resolver custom options randomly breaks resolution for that domain: There isn't nearly enough here to suggest it's actually a bug or anything actionable on our part -- This site is not ... Jim Pingle
01:04 PM pfSense Plus Bug #13693 (Rejected): Private domain in resolver custom options randomly breaks resolution for that domain: I have the following "custom options" configuration in my DNS resolver settings to allow DNS over OpenVPN to work pro... Ryan Goodfellow
11:33 AM Regression #13666: Assigned bridge interfaces are not configured at boot: The resolution to #13225 appears to have caused this. The rebuilding of the bridge interfaces after logical ovpn inte... Reid Linnemann
10:45 AM Bug #13493 (Feedback): Several advanced DHCP6 client options do not inform the user when rejecting invalid input: Applied in changeset commit:522e3f912bf849161e5a52e50fcc7fc80c3b11f5. Jim Pingle
10:32 AM pfSense Packages Bug #13692 (New): Netgate_Firmware_Upgrade - Title link needs updated: >Netgate_Firmware_Upgrade links to https://github.com/pfSense-pkg-Netgate_Firmware_Upgrade/pfSense-pkg-Netgate_Firmwa... Christopher Cope
10:30 AM pfSense Packages Bug #13691 (Resolved): ldpd - Title link needs updated: >lldpd links to https://docs.netgate.com/pfsense/en/latest/packages/nut.html
That is the wrong package. Christopher Cope
10:30 AM pfSense Packages Bug #13690 (Closed): IPsec Profile Wizard: Update package description and link in ``pkg-descr``: >ipsec-profile-wizard links to http://www.netgate.com/docs/
Perhaps that is on purpose, but it would seem better t... Christopher Cope
10:07 AM Bug #13689 (Rejected): Links on some package names are incorrect.: Each package manages its own link(s) in its @pkg-descr@ file -- this will need to be one separate Redmine under Packa... Jim Pingle
10:04 AM Bug #13689 (Rejected): Links on some package names are incorrect.: When loading the list of packages in System > Package Manager > Available Packages some of the links need updated / c... Christopher Cope
09:37 AM Bug #13686: Unbound breaks SPF: Jim Pingle wrote in #note-3:
> That is not anything we can control, it's the behavior of Unbound itself. You can rai... Frederic Steinfels
09:28 AM pfSense Packages Bug #13612: Snort building lists is broken: A pull request has been submitted to the pfSense DEVEL branch of FreeBSD-ports to correct this issue. The pull reques... Bill Meeks
09:26 AM pfSense Packages Bug #13623: Snort binary package fails to install on 2.7.0-DEVEL snapshots due to luajit-openresty version problems: I have submitted a pull request to the pfSense DEVEL FreeBSD-ports tree to correct this issue. Here is the link: http... Bill Meeks
09:10 AM pfSense Plus Feature #13688 (Rejected): Twice(Dual) NAT separate configuration: Given that it's already possible now, and adding another way to do the same thing would likely confuse people even mo... Jim Pingle
09:06 AM pfSense Plus Feature #13688 (Rejected): Twice(Dual) NAT separate configuration: In order to do Twice NAT, source and destination IP fields need to be changed, one would need to create separate outb... Mike Moore
08:56 AM pfSense Packages Feature #13643: FRR - Display what BGP is advertsing to its neighbors: Appreciate the responses here. I didnt know if vtysh could be called from the cli - rather i didnt know how.
That be... Mike Moore
03:10 AM Bug #13148 (Ready To Test): Traffic passed by Captive Portal cannot use limiter queues on other rules: My understanding is that this is fixed, but that Reid had an unrelated issue. @Reid, can you confirm? Kristof Provost
02:41 AM Bug #13687 (Resolved): Cannot add limiters named ``new``: When I create a limiter named 'new' via the Traffic Shaper page (firewall_shaper_vinterface.php) with the name 'new' ... Kristof Provost

11/22/2022

08:38 PM Revision 88774881: Rector some more direct config unsets with pure scalar paths: Christian McDonald
06:45 PM Revision 6e081414: Rector some direct config unsets with pure scalar string paths.: Christian McDonald
06:18 PM Bug #13686: Unbound breaks SPF: That is not anything we can control, it's the behavior of Unbound itself. You can raise a request with them directly ... Jim Pingle
06:17 PM Bug #13686: Unbound breaks SPF: I see, thanks. I will reformulate my request. Instead of stripping the answer, wouldn't it make more sense to replace... Frederic Steinfels
06:00 PM Bug #13686 (Not a Bug): Unbound breaks SPF: This is not a bug, it's a security feature. Unbound disallows private addresses in replies by default. You can disabl... Jim Pingle
05:09 PM Bug #13686 (Not a Bug): Unbound breaks SPF: It seems the unbound module is not compliant with the SPF standard.
When I do the lookup on the pfsense unbound se... Frederic Steinfels
05:04 PM Revision fa323663: IPsec cert SAN improvements. Fixes #13373: * Improve descriptions of IPsec P1 cert fields.
* Allow using a cert with a wildcard SAN so long as there is at least... Jim Pingle
03:43 PM Revision f16d3f4d: Add CA/Cert invalid descr char list to help. Fixes #13387: Jim Pingle
03:10 PM Revision af613468: Fix regression in URL alias parsing. Fixes #13685: Jim Pingle
12:05 PM Bug #13493: Several advanced DHCP6 client options do not inform the user when rejecting invalid input: Looks like several fields get tested to ensure they are numeric ints before being stored, but don't have correspondin... Jim Pingle
12:04 PM Feature #4728: Expose ``nopool`` server option in the OpenVPN Server GUI: Hi, I do not think this is a duplicate and I just ran into this again. I actually want to be able to specify "nopool"... Florian Apolloner
11:56 AM Bug #13671: DHCP client can fail permanently if an interface is down at boot: MR: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/949 Jim Pingle
11:53 AM Bug #13671 (Feedback): DHCP client can fail permanently if an interface is down at boot: Try this change, for example:... Jim Pingle
11:50 AM Bug #13671: DHCP client can fail permanently if an interface is down at boot: @/etc/rc.linkup@ explicitly exits if it detects the platform is booting. We might be able to insert a test there to c... Jim Pingle
11:35 AM Bug #13473 (Incomplete): No IPv6 address acquired after reboot/dhcp6c not starting: I can't reproduce anything like this with LAGG and DHCP6 on current snapshots, it's all working happily here and none... Jim Pingle
11:15 AM Bug #13280 (Feedback): Entries for ``net.link.ifqmaxlen`` duplicated in ``/boot/loader.conf``: I cannot reproduce this on current snapshots either. The only place I can reproduce it is on a 22.05 system.
I hav... Jim Pingle
11:15 AM Regression #13373 (Feedback): IPsec rejects certificates if any SAN is wildcard rather than rejecting when **all** SANs are wildcard: Applied in changeset commit:fa3236635876914ab330778545ec8dd7cefe7a80. Jim Pingle
11:07 AM Regression #13373: IPsec rejects certificates if any SAN is wildcard rather than rejecting when **all** SANs are wildcard: I re-confirmed that using a cert with one non-wildcard SAN and multiple wildcard SANs does work properly in strongSwa... Jim Pingle
10:13 AM Bug #13574 (Resolved): Extra remote address information can confuse ``sshguard``: The extra information is no longer printed in the log, and sshguard properly recognizes the failed attempts even when... Jim Pingle
09:50 AM Bug #13387 (Feedback): Input validation is not rejecting invalid description characters when editing a CA or Certificate: Applied in changeset commit:f16d3f4d3f466bb1fca84c754e51fbaa1b9e48ba. Jim Pingle
09:42 AM Bug #13387 (In Progress): Input validation is not rejecting invalid description characters when editing a CA or Certificate: I'll add the list of invalid characters to the help text for those fields.
Jim Pingle
09:25 AM Bug #13425 (Resolved): Invalid alias name can still be used by code attempting to validate URL table content: Attempting a previously working exploit no longer creates an arbitrary file. Marking resolved.
Jim Pingle
09:11 AM Bug #13425: Invalid alias name can still be used by code attempting to validate URL table content: Jordan Greene wrote in #note-3:
> when attempting to save an alias in 23.01.a.20221111.0600 include an additional / ... Jim Pingle
09:20 AM Regression #13685 (Feedback): URL alias parsing is broken, gets stuck in infinite loop reading downloaded file: Applied in changeset commit:af61346825f5507889d66c142c78babee837f6e4. Jim Pingle
09:08 AM Regression #13685 (In Progress): URL alias parsing is broken, gets stuck in infinite loop reading downloaded file: Jim Pingle
09:07 AM Regression #13685 (Resolved): URL alias parsing is broken, gets stuck in infinite loop reading downloaded file: In commit:c239afac1763951eacefc1dbc59ad04f9d319b91 we made the following change:... Jim Pingle
08:31 AM Bug #13426 (Resolved): ``status.php`` uses ``<name>`` component of ``/tmp/rules.packages.<name>`` filenames in shell command without encoding: Can't reproduce on snapshots. Marking resolved. Jim Pingle
07:13 AM Bug #12673: Firewall Logs Dashboard Widget is slow and may fail to update: I think I have solved all issues. The functionality is the same as the original NetGate version. However with a 20 ti... Louis B

11/21/2022

10:31 PM Feature #2479: Allow reordering of the traffic graphs on the dashboard: This would be nice to have. Although you can hide interfaces it still doesn't group, for example, WAN interfaces or V... Steve Wheeler
09:29 PM Revision 824ab9c4: Correct special net NPt dst prefix handling. Fixes #13240: Disables prefix length drop-down when using a special net (e.g. track6
delegated prefix) because that already has its... Jim Pingle
08:06 PM Revision 749af017: Use 'ip' when copying+converting addr rules. Fixes #13364: Jim Pingle
07:59 PM Revision 2e534ffe: Ensure copied rules get unique IDs. Fixes #13507: Jim Pingle
07:15 PM Revision ad040b70: Omit RAM disk size check when disabled. Fixes #13479: Jim Pingle
07:03 PM Revision 7d087f60: Remove unused deprecated code from dhclient script. Fixes #13501: Jim Pingle
07:01 PM Revision 54115a67: Add CDATA protection to "hint". Fixes #13388: Jim Pingle
06:43 PM Revision 31c37082: rc.linkup code refresh and fixes. Fixes #13254: * Update code to be more compatible with PHP 8.1
* Consistency changes to code and logging so every path has similar
... Jim Pingle
04:33 PM Regression #13663 (Resolved): WIFI interface configuration creates invalid xml: This is fixed in current snapshots.
Tested:... Steve Wheeler
03:40 PM Bug #13240 (Feedback): User is forced to pick an NPt destination IPv6 prefix length even when choosing a drop-down entry which contains a defined prefix length: Applied in changeset commit:824ab9c44e658b3fc1e1a4d6a96f41265cec0221. Jim Pingle
02:29 PM Bug #13240 (In Progress): User is forced to pick an NPt destination IPv6 prefix length even when choosing a drop-down entry which contains a defined prefix length: Jim Pingle
03:33 PM Regression #13373 (In Progress): IPsec rejects certificates if any SAN is wildcard rather than rejecting when **all** SANs are wildcard: Jim Pingle
03:28 PM Revision 877cff6f: Fix more Rector foreach fallout: Jim Pingle
02:48 PM Revision 7a3637b1: Restore unintentionally removed line. Issue NG 9247: Jim Pingle
02:19 PM Bug #12335: IPsec DNS inefficiency: Bump this forward again, not enough spare cycles this release to dig into it. Jim Pingle
02:18 PM Bug #12942: Code to kill states for old gateway when reconnecting an interface is incorrect: Bump this forward again, not enough spare cycles this release to dig into it. Jim Pingle
02:18 PM Bug #12811 (Feedback): Services are not restarted when PPP interfaces connect: There have been a lot of changes here since the last comment and it's not clear if this should be marked resolved or ... Jim Pingle
02:15 PM Bug #13364 (Feedback): Using the copy (not clone) function on firewall rules unintentionally converts interface ``address`` to interface ``net``: Applied in changeset commit:749af017d77897079e759cb934461f1f4e810592. Jim Pingle
02:03 PM Bug #13364: Using the copy (not clone) function on firewall rules unintentionally converts interface ``address`` to interface ``net``: I can reproduce this on the latest dev snaps exactly as described. Working on a fix now. Jim Pingle
02:02 PM Bug #13364 (In Progress): Using the copy (not clone) function on firewall rules unintentionally converts interface ``address`` to interface ``net``: Jim Pingle
02:15 PM Bug #13507 (Feedback): Copying multiple rules at the same time results in new rules with duplicate tracker IDs: Applied in changeset commit:2e534ffe71dc763c66a2009c07a9883c252afa0f. Jim Pingle
02:02 PM Bug #13507 (In Progress): Copying multiple rules at the same time results in new rules with duplicate tracker IDs: Looks like a simple fix, it's using microtime inside a loop and it should just be using that once as a starting value... Jim Pingle
01:38 PM Todo #13508: Uncouple RAM Disk size from available kernel memory: We can't remove the check entirely but it would need to be adjusted for whatever limits tmpfs may have. For example, ... Jim Pingle
01:37 PM Bug #13479: Input validation is checking RAM disk sizes when they are inactive: That's a separate issue, I'm taking things one at at time. While we evaluate the other, it's still safe to remove thi... Jim Pingle
01:29 PM Bug #13479: Input validation is checking RAM disk sizes when they are inactive: Not entirely sure if this is a good idea as #13508 suggests that the check can be removed entirely as it's no longer ... Flole Systems
01:25 PM Bug #13479 (Feedback): Input validation is checking RAM disk sizes when they are inactive: Applied in changeset commit:ad040b7063c9cc5487b15c044a95949888041271. Jim Pingle
01:10 PM Todo #13501 (Feedback): Clean up obsolete code in ``pfSense-dhclient-script``: Applied in changeset commit:7d087f60126b57e34c689cb44e8ba3d7d352f238. Jim Pingle
01:10 PM Feature #13388 (Feedback): Support for international characters in the AutoConfigBackup Hint/Identifier field: Applied in changeset commit:54115a67546fcfbe32c7ec5433fb8a0d3661c808. Jim Pingle
12:55 PM Bug #13254 (Feedback): DNS resolver does not update its configuration or reload during link down events: Applied in changeset commit:31c37082cad1ca068fc22d93fe3dc3c6a8005144. Jim Pingle
12:53 PM pfSense Packages Bug #13619 (Feedback): PHP Error in pfblockerNG-devel widget: Reid Linnemann
11:37 AM pfSense Packages Bug #13619: PHP Error in pfblockerNG-devel widget: The change was just merged to Plus this morning, try the next build please. Reid Linnemann
09:34 AM pfSense Packages Bug #13619 (New): PHP Error in pfblockerNG-devel widget: There's a separate redmine for that one:
https://redmine.pfsense.org/issues/13679
Still seeing this on latest snap/p... Marcos M
11:52 AM pfSense Packages Bug #13642 (Feedback): PHP Error: frr_zebra.inc:159: Fixed in "4a256a0":https://github.com/pfsense/FreeBSD-ports/commit/4a256a029fccc20a7e2b3f2e5a9a5a7dc024eaa8 Reid Linnemann
11:29 AM Bug #13676: PHP errors on services_dhcpv6_relay.php: Jordan Greene wrote in #note-4:
> still seeing this running 23.01.a.20221118.0600 but works with changeset added via ... Reid Linnemann
11:24 AM pfSense Packages Bug #13679: Error in pfBlockerNG Post Install Script: I think I see why you've run into this where others haven't. Around the line in question:... Reid Linnemann
11:03 AM pfSense Packages Bug #13679: Error in pfBlockerNG Post Install Script: Chris W wrote in #note-3:
> I hit this today upgrading from 22.05 to 23.01.a.20221118.0600 with pfBlocker-devel 3.1.... Reid Linnemann
09:49 AM pfSense Packages Bug #13684 (Duplicate): HAProxy PHP error haproxy.inc:1229: On upgrade to 2.7:... Steve Wheeler
08:37 AM Regression #11545: Primary interface address is not always used when VIPs are present: All the issues I could reproduce here are fixed now. If we could get some more feedback from users who encountered th... Jim Pingle
07:31 AM Regression #13670 (Resolved): AES-NI support is built into the kernel on snapshots instead of being a module: That is normal. Changing the configuration does not unload the other modules since that could cause running processes... Jim Pingle
07:18 AM Bug #13579 (Resolved): Incorrect quoting of Split DNS attribute value in ``strongswan.conf``: Jim Pingle
07:12 AM Bug #12673: Firewall Logs Dashboard Widget is slow and may fail to update: The rule lookup function I disable to speedup the widget, was in opposite to my expectation in use to show the rule i... Louis B
04:12 AM Bug #13014: Deadlock in Charon VICI interface: Thanks for that.
There's nothing obviously suspect in the status or configuration files. I do see you have a fair ... Kristof Provost

11/20/2022

10:54 PM pfSense Packages Feature #13683 (New): Request: manually clear collected database/ remove an individual item from the database: It would be helpful when one has reconfigured a network or hosts to be able to manually clear the collected MAC datab... Steve Prior
01:25 PM Bug #12673: Firewall Logs Dashboard Widget is slow and may fail to update: Here my code, watch out debug still partly active (to show the speed :)) . The code is more than 150 times faster on ... Louis B
01:02 PM Bug #12673: Firewall Logs Dashboard Widget is slow and may fail to update: I did some further analyses, and my previous conclusion was not correct. After making further changes and debugging t... Louis B
09:45 AM Bug #12673: Firewall Logs Dashboard Widget is slow and may fail to update: I did add debug time traces in the widget and it turned out that the html part of the code is causing the terrible d... Louis B
12:58 PM pfSense Packages Bug #13619: PHP Error in pfblockerNG-devel widget: With 23.01.a.20221118.0600 I these errors
Please find attached the logs:... Alex Casanova

11/19/2022

06:56 PM pfSense Packages Bug #13619: PHP Error in pfblockerNG-devel widget: widget is able to be added to the dashboard now, running ver 23.01.a.20221118.0600 Jordan G
06:23 PM Regression #13670: AES-NI support is built into the kernel on snapshots instead of being a module: on 23.01.a.20221118.0600 if I switch from QAT to AES-NI in the System>Advanced>Miscellaneous, save/apply, then check ... Jordan G
05:21 PM pfSense Packages Bug #13679: Error in pfBlockerNG Post Install Script: I hit this today upgrading from 22.05 to 23.01.a.20221118.0600 with pfBlocker-devel 3.1.0_10. After logging into the ... Chris W
02:34 AM pfSense Packages Bug #13679: Error in pfBlockerNG Post Install Script: No errors on 23.01-DEVELOPMENT (amd64) built on Fri Nov 11
@>>> Installing pfSense-pkg-pfBlockerNG-devel...
Upda... Lev Prokofev
05:04 PM Bug #13676: PHP errors on services_dhcpv6_relay.php: still seeing this running 23.01.a.20221118.0600 but works with changeset added via system_patches Jordan G
04:51 PM Bug #12632: Changing an interface IP address and gateway at the console does not save the new gateway if one already exists for the interface: WAN IP and the default GW have been assigned via the console and the the default route has been added
> First... Alhusein Zawi
04:40 PM Todo #13524 (Resolved): Update reserved alias names: Marcos M
04:40 PM Bug #13393 (Resolved): DNS Resolver responds with unexpected source address when the DNS over TLS server function is enabled: Marcos M
04:37 PM Feature #13682 (In Progress): Automatically indicate a packet capture has stopped when count limit is reached: Marcos M
11:14 AM Feature #13682 (Closed): Automatically indicate a packet capture has stopped when count limit is reached: It'd be helpful if the GUI of Diagnostics > Packet Capture could automatically refresh or in some way indicate the co... Chris W
04:23 PM Regression #13488 (Feedback): All Captive Portal users are given the same limiter pipe pair: Applied in:
https://redmine.pfsense.org/projects/pfsense/repository/1/revisions/c0f216b9b1b6455afc96cb37e6319a23bf28... Marcos M
04:12 AM Regression #13488 (Ready To Test): All Captive Portal users are given the same limiter pipe pair: Merged to pfSense CE and plus. Kristof Provost
09:43 AM Revision c0f216b9: captiveportal: actually allocate a pipe number for new clients: When a client authenticates to the captive portal we generate a pipe
number (actually two) for it. However, we did th... Kristof Provost
08:56 AM Bug #13579: Incorrect quoting of Split DNS attribute value in ``strongswan.conf``: Testing performed:
client: ... Danilo Zrenjanin
07:03 AM Bug #13633 (Resolved): DHCPv6 rules are not created for interfaces with static IPv6: Tested against:... Danilo Zrenjanin
06:33 AM Bug #13675: Code that sets IPv6 MTU can unintentionally act on IPv4 addresses: Not able to reproduce it on 23.01-DEVELOPMENT (amd64) built on Fri Nov 11 using the config from customer ticket. Lev Prokofev
05:18 AM pfSense Packages Bug #13544: SquidGuard either denying everything or proxying everything: Disabling transparent proxying seems to have fixed the issue... But yet again, using it on some interfaces now works ... Jimmy Michaelson

11/18/2022

09:46 PM Revision 2b66dafa: Fix gif interface _routerv6 files not being created. Fixes #11545: interface_gif_configure() uses the global variable $g to look up the temp
directory in which to write the router/gate... Reid Linnemann
08:50 PM Bug #13678: Complete connectivity loss when OpenVPN Client loses connection: I'm unable to reproduce this with any of my OpenVPN clients. Do you have any special configuration items in your con... Kris Phillips
09:49 AM Bug #13678 (Rejected): Complete connectivity loss when OpenVPN Client loses connection: There isn't enough here to classify this as a bug, and it can't be reproduced as stated. This site is not for support... Jim Pingle
09:13 AM Bug #13678 (Rejected): Complete connectivity loss when OpenVPN Client loses connection: Greetings.
Had updated to 2.6 from 2.5.2 in the past, and encountered a bug where if an OpenVPN client goes down f... Lily S
08:49 PM Revision 1688a960: Add iface to some resolver restarts. Fixes #12612: A few interface-specific calls to restart the resolver were not passing
the interface name to ensure it was only rest... Jim Pingle
08:47 PM pfSense Packages Bug #13589: PHP Errors during cellular package installation on CE 2.7: This issue is still present in Nov 18th builds. Kris Phillips
08:45 PM pfSense Packages Bug #13679: Error in pfBlockerNG Post Install Script: Unable to reproduce this. Installing the package shows normal for me. Here is the full log on 23.01 for Nov 18th bu... Kris Phillips
05:07 PM pfSense Packages Bug #13679 (Resolved): Error in pfBlockerNG Post Install Script: Error installing pfBlockerNG-devel 3.1.0_10 on... Christopher Cope
08:39 PM pfSense Packages Bug #13587: Zabbix-agent62 install fails: This problem is unique to the agent for some reason. zabbix-proxy62 works just fine. Tested again on Nov 18th builds. Kris Phillips
08:34 PM pfSense Packages Bug #13513 (Resolved): Cannot install Squid: Tested on Nov 18th builds. Package installs properly with no more errors. Issue is resolved. Kris Phillips
06:45 PM Bug #13680 (New): Package install scripts run after PHP upgrade produce errors: During the upgrade to 2.7 or 23.11 PHP is upgraded before the pfSense packages are upgraded. That can lead to the sit... Steve Wheeler
06:23 PM Revision b381fa76: Fix PPP reset hr/min blank vs 0. Fixes #13307: Jim Pingle
06:08 PM Revision bef138fa: Replace direct config accesses in services_dhcpv6_relay.php. Fixes #13676: Reid Linnemann
06:06 PM Revision efe80217: Fix PPP interface regression: Jim Pingle
04:58 PM Revision 13ae614b: Correct console set IP addr script. Fixes #12632: * Prompt to replace default gateway instead of only setting if it was
empty before.
* Correct faulty assumptions ab... Jim Pingle
04:51 PM Regression #13627 (Resolved): PHP: Easyrule from the firewall log: Tested on... Christopher Cope
04:15 PM Regression #11545 (Feedback): Primary interface address is not always used when VIPs are present: Applied in changeset commit:2b66dafae80f4a17c4cfc4a5f548f336b97513de. Reid Linnemann
04:03 PM Revision b03e0c60: Fix descr for unbound network ifs. Fixes #13453: Jim Pingle
03:58 PM Revision 29f367a0: Fix Adv DHCP6 f/multiple interfaces. Fixes #13462: Jim Pingle
03:54 PM Revision 9b391783: Improve set_ipv6routes_mtu checks. Fixes #13675: Christopher Cope
03:00 PM Bug #12612 (Feedback): DNS Resolver is restarted during every ``rc.newwanip`` event even for interfaces not used in the resolver: Applied in changeset commit:1688a9608cbe5889f160dc4b4d3bcfc64fc856c4. Jim Pingle
02:35 PM Revision 8b4e0838: Define curl CAPath for trusted CAs. Fixes 12737: Jim Pingle
02:17 PM Revision 410e9b52: Detect/set default primary console. Fixes #12960: If the user has not chosen a primary console, use the current active
console type as the default.
This prevents a us... Jim Pingle
02:04 PM Bug #13014: Deadlock in Charon VICI interface: Kristof Provost wrote in #note-23:
> Based on available information the suspicion is that charon itself is deadlocki... David Vazquez
12:30 PM Bug #13307 (Feedback): PPP interface custom reset date/time Hour and Minute fields do not properly handle ``0`` value: Applied in changeset commit:b381fa76bd817f94f9971caddace1faef1e83b6c. Jim Pingle
12:15 PM Bug #13676 (Feedback): PHP errors on services_dhcpv6_relay.php: Applied in changeset commit:bef138fa29432321d9befad6038117d9b55cbe13. Reid Linnemann
11:10 AM Bug #12632 (Feedback): Changing an interface IP address and gateway at the console does not save the new gateway if one already exists for the interface: Applied in changeset commit:13ae614b25433193c5bab8beabff65a1c80dcb3a. Jim Pingle
10:54 AM Bug #12632 (In Progress): Changing an interface IP address and gateway at the console does not save the new gateway if one already exists for the interface: I see a couple problems here.
First, the script only sets the default gateway if there is no default gateway set -... Jim Pingle
11:01 AM Bug #12737 (Feedback): CA path is not defined when using ``curl`` in the shell: Implemented in commit:8b4e08382a890b2978c80130def0db2bab0adf28
Jim Pingle
08:38 AM Bug #12737: CA path is not defined when using ``curl`` in the shell: Defining it in the environment in the shell init scripts works for me. Commit inbound shortly.
With the CA for a w... Jim Pingle
08:28 AM Bug #12737 (In Progress): CA path is not defined when using ``curl`` in the shell: Jim Pingle
10:55 AM Bug #12673: Firewall Logs Dashboard Widget is slow and may fail to update: The problem is clear to me. If the widget processing time > than the refresh time the widget will be re triggered bef... Louis B
10:10 AM Bug #13453 (Feedback): Incorrect word in "Network Interfaces" help text on ``services_unbound.php``: Applied in changeset commit:b03e0c60bcd1675a35a53ebb94db22cd5598be1c. Jim Pingle
10:09 AM pfSense Plus Bug #13674 (Resolved): QAT detection on dashboard is incorrect if the driver does not attach: This is working as expected on the latest snapshot. I don't have any hardware around with an unsupported chip but if ... Jim Pingle
10:05 AM pfSense Plus Regression #13491 (Resolved): Crypto devices are not detected on current snapshots because the format of pciconf has changed: Confirmed here as well on 4100 (C3K), 7100 (C3K), and 7551 (C2K). Jim Pingle
09:54 AM pfSense Plus Regression #13491: Crypto devices are not detected on current snapshots because the format of pciconf has changed: Can confirm the fix is working on an SG-5100 running 23.01 build 23.01.a.20221118.0600. Thanks for the quick turnarou... Nick Goehring
10:05 AM Bug #13462 (Feedback): Advanced DHCP6 client settings only work for a single interface: Applied in changeset commit:29f367a0e681621c1950e42fbc1261b08e2d3a42. Jim Pingle
10:00 AM Bug #13675 (Feedback): Code that sets IPv6 MTU can unintentionally act on IPv4 addresses: Applied in changeset commit:9b391783768adc4e0db543770c3a2b7208a56a33. Christopher Cope
09:49 AM Bug #13677 (Duplicate): Complete connectivity loss when OpenVPN Client loses connection: Duplicate of #13678 Jim Pingle
06:29 AM Bug #13677 (Duplicate): Complete connectivity loss when OpenVPN Client loses connection: Greetings.
Had updated to 2.6 from 2.5.3 in the past, and encountered a bug where if an OpenVPN client goes down f... Lily S
08:25 AM Bug #12960 (Feedback): VGA install defaults to serial as primary console when loading/saving admin GUI settings without making changes: Applied in changeset commit:410e9b52e45b7248942640f4a08189cd18567353. Jim Pingle
07:42 AM Bug #12960: VGA install defaults to serial as primary console when loading/saving admin GUI settings without making changes: To confirm, the loader menu issue is identical to #13080 -- On the ISO when booting via BIOS, it has @boot_serial=NO@... Jim Pingle
02:53 AM Regression #13488: All Captive Portal users are given the same limiter pipe pair: Steve Wheeler wrote in #note-4:
> For reference the thread this was discussed and diagnosed in is here:
> https://f... Kristof Provost

Also available in: Atom

Project

General

Profile

pfSense

Activity

Activity

12/17/2022

12/16/2022

12/15/2022

12/14/2022

12/13/2022

12/12/2022

12/11/2022

12/10/2022

12/09/2022

12/08/2022

12/07/2022

12/06/2022

12/05/2022

12/04/2022

12/03/2022

12/02/2022

12/01/2022

11/30/2022

11/29/2022

11/28/2022

11/27/2022

11/26/2022

11/25/2022

11/24/2022

11/23/2022

11/22/2022

11/21/2022

11/20/2022

11/19/2022

11/18/2022