Project

General

Profile

Activity

From 12/12/2022 to 01/10/2023

01/10/2023

10:18 PM Bug #13859 (Closed): Wireguard peer doesn't connect on reboot
I installed experimental Wireguard 0.1.6_3 package on pfSense 2.7.0-DEVELOPMENT (amd64) built on Wed Jan 04 06:05:22 ... Nazar Mokrynskyi
08:13 PM pfSense Packages Bug #12705: IPsec Profile Wizard/Apple: IKEv2 VPN with ECDSA server certificate does not connect using generated profile
Hi @Jim Pingle
Today we reproduced the same issue with newer macOS, namely Sierra(10) and Monterey(12) using the s... Alex Sensation
07:06 PM pfSense Packages Bug #13738 (Resolved): Typo under Services/Snort/Interface Settings/WAN - Rules
Fix merged. Christopher Cope
01:00 PM pfSense Packages Bug #13738 (Pull Request Review): Typo under Services/Snort/Interface Settings/WAN - Rules
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/315 Christopher Cope
06:19 PM Bug #13068: Firewall rules fail to load when a URL table alias file does not exist
Similar to https://redmine.pfsense.org/issues/4893 Marcos M
05:43 PM Regression #11316: Unbound crashes with signal 11 when reloading
This is great news! Thanks Christian McDonald for diving into this issue. Even when it was almost a complete rewrite ... BBcan177 .
12:23 PM Regression #11316 (Feedback): Unbound crashes with signal 11 when reloading
Christian tracked this down to a problem in the Unbound Python module when the Maxmind library is enabled, as it is w... Jim Pingle
04:30 PM Revision f9f3523e: Add bandwidth selections for pipes regardless of whether passthrumac is set. Fixes #13853
Reid Linnemann
03:31 PM pfSense Packages Bug #13858: Snort shares some GUI bugs previously identified and corrected in Suricata
The three issues identified in this ticket have all been fixed in Pull Request 1213 posted here: https://github.com/p... Bill Meeks
02:31 PM pfSense Packages Bug #13858 (Resolved): Snort shares some GUI bugs previously identified and corrected in Suricata
Because the Snort and Suricata GUI packages share much of the same PHP code, three previously identified issues in Su... Bill Meeks
02:54 PM Bug #13853: Captive Portal does not apply RADIUS bandwidth limits to user pipes
Updating subject for release notes. Jim Pingle
10:35 AM Bug #13853 (Feedback): Captive Portal does not apply RADIUS bandwidth limits to user pipes
Applied in changeset commit:f9f3523e07913311524cd8de0bc9c2778196718a. Reid Linnemann
10:30 AM Bug #13853 (Pull Request Review): Captive Portal does not apply RADIUS bandwidth limits to user pipes
Internal MR: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/1004
 Jim Pingle
02:05 AM Bug #13853: Captive Portal does not apply RADIUS bandwidth limits to user pipes
https://redmine.pfsense.org/projects/pfsense/repository/1/revisions/c0f216b9b1b6455afc96cb37e6319a23bf28a98d/diff/src... OpIT GmbH
02:54 PM Bug #13838: Captive Portal RADIUS start/stop accounting does not reset counters at each accounting start
Updating subject for release notes. Jim Pingle
12:55 PM pfSense Packages Regression #13856: OpenVPN Export Utility creates a broken installer package
Version update: https://redmine.pfsense.org/issues/13857
Cert looks good:... Marcos M
12:50 PM pfSense Packages Regression #13856: OpenVPN Export Utility creates a broken installer package
This was just needing a fix to a new path for 7-zip since it moved, the other part is unrelated and should go in a se... Jim Pingle
12:37 PM pfSense Packages Regression #13856: OpenVPN Export Utility creates a broken installer package
Last time I went to update it (Late Nov/Early Dec) their most recent installers were showing they had been signed wit... Jim Pingle
12:31 PM pfSense Packages Regression #13856: OpenVPN Export Utility creates a broken installer package
Would be helpful to also update the bundled version given that 2.5.2 is fairly old. Marcos M
12:28 PM pfSense Packages Regression #13856 (Resolved): OpenVPN Export Utility creates a broken installer package
Tested on @pfSense-23.01.b.20230106.0600@ using the latest @OpenVPN Export Utility@ package version.
The downloade... Marcos M
12:55 PM pfSense Packages Todo #13857 (Resolved): Update bundled installer in OpenVPN Export Utility
The current installer version shows as @2.5.2-Ix01@. Latest version as of now is @OpenVPN-2.5.8-I604-amd64.msi@: http... Marcos M
11:04 AM pfSense Plus Bug #13348: Error when deleting ZFS Boot Environment created from duplicate of non-default entry
Cool! Thanks for repro steps :) Christian McDonald
10:35 AM pfSense Plus Bug #13348 (Confirmed): Error when deleting ZFS Boot Environment created from duplicate of non-default entry
I can reproduce this on 23.01.
# Click @Create@ and use @default@ as the source; save it.
# Click the duplicate i... Marcos M
10:28 AM pfSense Plus Bug #13348 (Feedback): Error when deleting ZFS Boot Environment created from duplicate of non-default entry
Moving this ahead and marking that we need feedback here. It's still not clear how to reproduce this, and thus far no... Jim Pingle
10:34 AM Bug #13680: Package install scripts run after PHP upgrade produce errors
Reid Linnemann wrote in #note-3:
> I think we'd be better served by focusing our efforts on performing the complete ... Jim Pingle
10:27 AM pfSense Plus Bug #13455: Serial console output fails to render properly in certain cases on 4100, 6100, and 8200.
Moving ahead. Jim Pingle
10:06 AM pfSense Docs Todo #13854: Feedback on Backup and Recovery — ZFS Boot Environments (Plus Only) — Managing Boot Environments in the GUI
That is expected, because ZFS Boot Environments do not include the configuration. The configuration history (console ... Jim Pingle

01/09/2023

07:01 PM pfSense Packages Feature #13855 (New): Allow specifying a custom port
The OpenVPN client export package already contains a function to set the host name resolution to "other", which, as t... Phil K
05:55 PM pfSense Docs Todo #13854 (Closed): Feedback on Backup and Recovery — ZFS Boot Environments (Plus Only) — Managing Boot Environments in the GUI
*Page:* https://docs.netgate.com/pfsense/en/latest/backup/zfsbe/gui.html
*Feedback:*
It is very good to be able t... Hans Erik Busk
04:55 PM Bug #13847: Page doesn't load with a lot of IP aliases (crash)
Jim Pingle wrote in #note-3:
> Trying to manage that many entries in the configuration isn't viable, not only does i... Nazar Mokrynskyi
08:53 AM Bug #13847: Page doesn't load with a lot of IP aliases (crash)
Trying to manage that many entries in the configuration isn't viable, not only does it consume too many resources in ... Jim Pingle
08:43 AM Bug #13847: Page doesn't load with a lot of IP aliases (crash)
Jim Pingle wrote in #note-1:
> That is expected. Use a URL *table* alias for large lists.
I'm not sure how this i... Nazar Mokrynskyi
08:35 AM Bug #13847 (Rejected): Page doesn't load with a lot of IP aliases (crash)
That is expected. Use a URL *table* alias for large lists.
 Jim Pingle
04:54 PM pfSense Plus Bug #13848: OpenVPN Client Breaking Outbound NAT
Hello Jim, this issue was raised as per TAC (Kris P). I am not looking for configuration support, however, I am able ... AJ Harran
08:44 AM pfSense Plus Bug #13848 (Rejected): OpenVPN Client Breaking Outbound NAT
As stated, the issue cannot be reproduced, and is likely something in your specific configuration or environment. Thi... Jim Pingle
04:54 PM pfSense Packages Bug #13753: Gateway groups stop sending traffic if they contain wireguard tunnels
In my case I do Load Balancing of Wireguard Tunnels, if I add only Wireguard tunnels it only uses one tunnel.
Seco... Jeff Kuehl
04:12 PM Bug #13853 (Resolved): Captive Portal does not apply RADIUS bandwidth limits to user pipes
When configured to use per-user bandwidth restrictions, a captive portal's db entry for a user will have the proper b... Reid Linnemann
02:27 PM pfSense Packages Bug #12608: WireGuard tunnels monitored by dpinger causing system to stop routing completely in certain situations
I have noticed this whenever I enable or disable peers this happens. But I see that even interface-to-interface traff... Jeff Kuehl
01:12 PM Bug #13846: IPv6 firewall rules using the interface network macro on a GIF/GRE interface do not respect the configured subnet mask
Why is the IPv4 behavior different from the IPv6 behavior? From my perspective, IPv4 is "working" and IPv6 is "broken... Ross Tajvar
08:33 AM Bug #13846: IPv6 firewall rules using the interface network macro on a GIF/GRE interface do not respect the configured subnet mask
That is expected based on how the interfaces are configured in the OS.
It's a point-to-point link so the underlyin... Jim Pingle
09:05 AM Bug #13852 (Rejected): Pfsense VPN dosen't work when unexpected reboot
That is not a typical issue and cannot be reproduced here with what little information has been provided. This site i... Jim Pingle
08:18 AM Bug #13852 (Rejected): Pfsense VPN dosen't work when unexpected reboot
Hi,
I have an issue, when the pfsense make an unexpected reboot the VPN dosen't work, it seems like the service st... Miguel Richard
09:04 AM Bug #13851 (Rejected): DNS Resolver does not generate automatic ACLs for IPv6 when Network Interfaces is set to "All"
The DNS resolver forms IPv6 ACLs by default already for both static and dynamic IPv6 in everything I have access to w... Jim Pingle
04:40 AM Bug #13851 (Resolved): DNS Resolver does not generate automatic ACLs for IPv6 when Network Interfaces is set to "All"
When investigating unexpected IPV6 DNS behavoir, I discovered that the DNS-resolver does not function for IPV6. The p... Louis B
09:02 AM Bug #13850 (Rejected): Limiters upload
Not nearly enough information here, and even so, this has already been tested and shown to work on current snapshots ... Jim Pingle
03:43 AM Bug #13850 (Rejected): Limiters upload
limiters does not work on upload In / Out pipe rules NATALE GRASSO
08:54 AM pfSense Packages Todo #13306 (Resolved): Update NUT to version 2.8.0 to match FreeBSD Packages
Jim Pingle
08:54 AM pfSense Plus Bug #13797 (Not a Bug): DNS Resolver stops working
Jim Pingle
08:47 AM pfSense Packages Feature #13733 (Resolved): Upgrade ha proxy 2.6
The HAProxy devel package is at 2.6.6 on both pfSense Plus 23.01 and CE 2.7.0 snapshots.
 Jim Pingle
08:45 AM pfSense Plus Regression #13743 (Closed): Latest snapshot defaults to 22.05 branch selected which can pull that version's package information
Jim Pingle
08:36 AM pfSense Plus Bug #13845 (Not a Bug): Issues with Dynamic DNS on 23.01DEV
Jim Pingle
08:10 AM pfSense Packages Bug #13842: RADIUS user accounting limit inputs for bandwidth and total usage are not validated to prevent exceeding a 32 bit unsigned value
From the description this is about adding input validation to limit what the FreeRADIUS package will allow, so moving... Jim Pingle

01/08/2023

10:20 PM pfSense Packages Todo #13306: Update NUT to version 2.8.0 to match FreeBSD Packages
installed nut 2.8.0_2 on pfSense Plus 23.01.b.20230106.0600 Jordan G
12:37 PM Feature #13849 (New): Dashboard > Firewall Logs > Date Time formatting
When you have set the Log Message Format to syslog (RFC 5424, with RFC 3339 microsecond-precision timestamps), the da... The Cycler63

01/07/2023

10:35 PM pfSense Plus Bug #13797: DNS Resolver stops working
Kris Phillips wrote in #note-4:
> Fred Brunken wrote in #note-3:
> > Hi there,
> >
> > First of, happy new year.... Fred Brunken
08:07 PM pfSense Plus Bug #13797: DNS Resolver stops working
Fred Brunken wrote in #note-3:
> Hi there,
>
> First of, happy new year.
>
> I was able to get a new log file... Kris Phillips
10:17 PM pfSense Packages Feature #13733 (Feedback): Upgrade ha proxy 2.6
pfSense Plus 23.01 has HAProxy 2.6.6 available in the repos for the devel branch. I expect that 2.7 also has this in... Kris Phillips
10:05 PM pfSense Packages Bug #13738 (Confirmed): Typo under Services/Snort/Interface Settings/WAN - Rules
Can confirm this on pfSense 23.01-BETA and 22.05. This is only present when a rule is force disabled and only shows ... Kris Phillips
08:55 PM pfSense Packages Bug #13810 (Confirmed): Squid options obsolete
I can confirm this behavior on my 23.01-BETA install:
2023/01/08 02:53:54| Startup: Initializing Authentication Sc... Kris Phillips
08:16 PM pfSense Packages Feature #13809: Add Netdata package
Making the netdata package and dependencies available in the repos should be pretty trivial, but in order to configur... Kris Phillips
08:10 PM pfSense Plus Regression #13743: Latest snapshot defaults to 22.05 branch selected which can pull that version's package information
Tested this with an upgrade of an existing install and this does not happen when upgrading between 23.01-BETA builds ... Kris Phillips
08:06 PM pfSense Plus Bug #13848: OpenVPN Client Breaking Outbound NAT
Here you go Kris. All the same settings while using 22.05 AJ Harran
08:01 PM pfSense Plus Bug #13848: OpenVPN Client Breaking Outbound NAT
AJ Harran wrote in #note-1:
> Downgraded to 22.01 and OpenVPN Client works as expected.
Hello AJ,
Can you please pr... Kris Phillips
07:46 PM pfSense Plus Bug #13848: OpenVPN Client Breaking Outbound NAT
Downgraded to 22.01 and OpenVPN Client works as expected. AJ Harran
04:32 PM pfSense Plus Bug #13848 (Rejected): OpenVPN Client Breaking Outbound NAT
Issue occurs on vanilla out of the box appliance.
Configuration:
- VLAN 35 added to mvneta0
- PPPoE Dialer added... AJ Harran
01:10 PM pfSense Plus Bug #13845: Issues with Dynamic DNS on 23.01DEV
And I think I was double-natted.
I switched my network around this morning to try something, and it started working... Michael Tarbox
09:54 AM Bug #13847 (Rejected): Page doesn't load with a lot of IP aliases (crash)
pfSense only supports up to 3000 IP aliases in URLs and I'm not sure whether it supports comments or compression for ... Nazar Mokrynskyi
05:37 AM Bug #13846 (New): IPv6 firewall rules using the interface network macro on a GIF/GRE interface do not respect the configured subnet mask
Steps to reproduce:
1. Define GRE tunnel with a remote peer and define IPv6 Local and Remote Tunnel addresses
2. ... Danilo Zrenjanin

01/06/2023

09:36 PM pfSense Plus Bug #13845: Issues with Dynamic DNS on 23.01DEV
Using the default check ip services, http://checkip.dyndns.org Michael Tarbox
09:33 PM pfSense Plus Bug #13845 (Not a Bug): Issues with Dynamic DNS on 23.01DEV
Netgate 4100. Updated from 22.01-22.05 and Dynamic DNS updated fine with my FQDN.
Upgraded to 23.01, now it fails to... Michael Tarbox
09:04 PM Bug #7589 (Pull Request Review): ``diag_edit.php`` warning is not cleared after picking non-directory to load
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/1003 Christopher Cope
06:47 PM Bug #13838 (Closed): Captive Portal RADIUS start/stop accounting does not reset counters at each accounting start
Thanks for all of your reports and responses, I've been able to make some decent headway improving the captive portal... Reid Linnemann
03:36 PM Bug #13838: Captive Portal RADIUS start/stop accounting does not reset counters at each accounting start
Dale Harron wrote in #note-7:
> Yes, but I did not check Interim updates for logout on Quota yet. I doubt that will ... Reid Linnemann
03:16 PM Bug #13838: Captive Portal RADIUS start/stop accounting does not reset counters at each accounting start
It sounds like you have fixed the primary problem, a way to track Data usage by simultaneous users logged into one fr... Dale Harron
03:04 PM Bug #13838: Captive Portal RADIUS start/stop accounting does not reset counters at each accounting start
Yes, but I did not check Interim updates for logout on Quota yet. I doubt that will work because captive portal does... Dale Harron
02:56 PM Bug #13838: Captive Portal RADIUS start/stop accounting does not reset counters at each accounting start
I can verify at this time that freeradius as configured by the pfsense package does not include any attributes in the... Reid Linnemann
02:26 PM Bug #13838: Captive Portal RADIUS start/stop accounting does not reset counters at each accounting start
I think I understand the disconnect here - Start/Stop requires resetting the rule counters in the firewall, and only ... Reid Linnemann
01:37 PM Bug #13838: Captive Portal RADIUS start/stop accounting does not reset counters at each accounting start
-You'll have the same observed behavior as 'reauthenticate every minute', since accounting start/stop is done at minu... Reid Linnemann
01:11 PM Bug #13838: Captive Portal RADIUS start/stop accounting does not reset counters at each accounting start
I can confirm that start/stop freeRadius does handle data quota tracking for a freeRadius User. I tested 2 simultane... Dale Harron
06:39 PM Feature #13844 (New): Make RADIUS Start/Stop accounting immediately log off a user that exceeds quota when reauthentication is disabled
In captiveportal_prune_old, when accounting start/stop packets are sent, the response attributes are not examined and... Reid Linnemann
06:28 PM Feature #13843 (New): Add ability to properly configure RADIUS captive portal user quotas of 4096MB or more
The current vendor attribute pfSense-Max-Total-Octets used for setting a user's traffic quota is a 32 bit unsigned in... Reid Linnemann
06:09 PM Regression #13823 (Rejected): RADIUS attribute pfSense-Max-Total-Octets is not parsed correctly
I'm rejecting this as parsing is not the actual issue, and I'm linking to a new bug and enhancement request. Reid Linnemann
12:35 PM Regression #13823: RADIUS attribute pfSense-Max-Total-Octets is not parsed correctly
According to the RFCs, integers types are all 32 bits, period. To support larger limits we'll need to have an alterna... Reid Linnemann
12:04 PM Regression #13823: RADIUS attribute pfSense-Max-Total-Octets is not parsed correctly
Ok, I misunderstood the actual problem here, which is that the database record is having the wrong value inserted. It... Reid Linnemann
06:07 PM pfSense Packages Bug #13842 (New): RADIUS user accounting limit inputs for bandwidth and total usage are not validated to prevent exceeding a 32 bit unsigned value
In the FreeRadius package, user upload/download limits can be set to any positive integer, including any values that ... Reid Linnemann
04:21 PM pfSense Packages Bug #13839: Suricata version updates take a long time
Marcos M wrote in #note-3:
> I certainly did not take any action during it that would have affected it. I did ommit s... Bill Meeks
12:14 PM pfSense Packages Bug #13839: Suricata version updates take a long time
I certainly did not take any action during it that would have affected it. I did ommit some unrelated lines like me l... Marcos M
09:54 AM pfSense Packages Bug #13839: Suricata version updates take a long time
I have also noticed some overall package installation issues with both Suricata and Snort over the last couple of mon... Bill Meeks
03:38 PM pfSense Packages Bug #13650 (Pull Request Review): User with a wireguard permissions not able to edit peers/tunnels
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/313 Christopher Cope
10:02 AM pfSense Docs New Content #12597 (Feedback): How to reset IPMI settings and password for Netgate appliances
Added that info to the docs and also cleaned up the rest of the info so it's all consistent.
https://gitlab.netgat... Jim Pingle
08:53 AM pfSense Docs Correction #13841 (Feedback): Incorrect example in FreeRADIUS stats example
Updated and cleaned up that whole section (And parts of the rest of the doc). It had quite a few inconsistencies and ... Jim Pingle
07:36 AM pfSense Plus Regression #13819 (Resolved): OpenVPN process PID is not logged correctly
Value is logged correctly on the current snapshot.... Jim Pingle
07:32 AM Regression #13833 (Resolved): Cron jobs are not removed by ``install_cron_job`` when set inactive as they should be
Current snapshot works correctly all around. Jobs are removed, and subsequent operations in the same batch happen on ... Jim Pingle
04:02 AM pfSense Packages Bug #12036 (Resolved): Certificate Manager page do not show Zabbix used certificates
Tested against:... Danilo Zrenjanin
02:14 AM pfSense Packages Regression #13828 (Resolved): ACME cron jobs persist after the package is uninstalled
Tested against:... Danilo Zrenjanin
01:30 AM pfSense Packages Bug #11204 (Resolved): Fix net-snmp logging to syslog
Tested against:... Danilo Zrenjanin

01/05/2023

07:57 PM Revision f11e2f74: Add .vscode to .gitignore
Marcos M
06:29 PM Regression #13823: RADIUS attribute pfSense-Max-Total-Octets is not parsed correctly
This smells to me like your user authenticated and then you modified the user's traffic quota. The quota in the datab... Reid Linnemann
04:53 PM pfSense Docs Correction #13841 (Resolved): Incorrect example in FreeRADIUS stats example
The example in the step here is incorrect:
https://docs.netgate.com/pfsense/en/latest/packages/freeradius.html#get-f... Marcos M
04:16 PM Feature #13840: add whitelist config option for igmpproxy
This PR adds the option to config these whitelists in the GUI and to be added to the config file
https://github.com... Igor Ybema
04:14 PM Feature #13840 (Pull Request Review): add whitelist config option for igmpproxy
The IGMP Proxy allows whitelisting multicast groups in the config file. This is used to only allow certain groups to ... Igor Ybema
02:40 PM pfSense Packages Bug #13839 (Resolved): Suricata version updates take a long time
Recently I've noticed that updating Suricata versions takes a very long time, every time. After an update to the late... Marcos M
02:23 PM pfSense Docs Correction #13750 (Resolved): "Using Software from FreeBSD"
Added that to the page.
 Jim Pingle
02:22 PM pfSense Docs New Content #13825: Add docs for installing/using a debug kernel
There aren't any concerns for that as far as I'm aware. If there were I would have documented them. As already mentio... Jim Pingle
02:10 PM pfSense Docs New Content #13825: Add docs for installing/using a debug kernel
Please add how updates to new versions should be handled, if at all. For example, will updating to a new version whil... Marcos M
01:44 PM pfSense Docs New Content #13825 (Feedback): Add docs for installing/using a debug kernel
New doc added:
https://gitlab.netgate.com/docs/pfSense-docs/-/commit/4005215f82e008ee6eeacc8dc64bcf3db66a043e
S... Jim Pingle
02:13 PM Revision e00916c1: Locate cron jobs more accurately. Fixes #13833
Jim Pingle
02:08 PM pfSense Docs Todo #13760 (Rejected): Feedback on Development — Executing Commands at Boot
It's mentioned right there in the second paragraph.
!clipboard-202301051506-w9jkj.png!
The package itself doesn... Jim Pingle
01:45 PM Bug #13838 (Feedback): Captive Portal RADIUS start/stop accounting does not reset counters at each accounting start
Jim Pingle
01:34 PM Bug #13838 (Ready To Test): Captive Portal RADIUS start/stop accounting does not reset counters at each accounting start
Fixed in "70c8081":https://github.com/pfsense/FreeBSD-ports/commit/70c8081dccdd8f64651c2c4680f9f0ae23323acf Reid Linnemann
12:44 PM Bug #13838 (Closed): Captive Portal RADIUS start/stop accounting does not reset counters at each accounting start
pfSense_pf_cp_zerocnt() is not resetting the eth rule counters for authenticated user pipe rules, as a result the acc... Reid Linnemann
12:01 PM pfSense Docs New Content #13834 (Resolved): Document 22.05.1 release
Added/picked/deployed.
https://gitlab.netgate.com/docs/pfSense-docs/-/commit/65569b69350f7f31cd0a4e788fe7b245795ab... Jim Pingle
10:17 AM Bug #10624 (Confirmed): Memory leak in Unbound with Python module and DHCP lease registration active
This is confirmed.
Python3.9 and lower has some deeply rooted memory management problems. Because of the way Unbou... Christian McDonald
09:57 AM pfSense Packages Feature #13837 (New): PRTG Package
Is it possible to add a PRTG Remote Probe Package?
https://www.paessler.com OpIT GmbH
09:48 AM pfSense Plus Bug #13602: OpenVPN fails to start again if it crashes with DCO enabled
There have been lots of other changes in the code, so patches would need to be crafted from scratch just for 22.05 if... Jim Pingle
09:45 AM pfSense Packages Bug #13798 (Resolved): Crash report with lldpd package and 23.01.b.20221223.0600
Jim Pingle
09:42 AM Feature #13826 (Duplicate): Update pcsc-lite
No need for a new issue for this, it should just be a comment on #12095 since that is still open.
 Jim Pingle
09:41 AM Bug #13814 (Rejected): DNS Resolver continue fail to answer queries until I restart the server or wait a couple of minutes the services to work
There really isn't much to go on here so it's hard to say what might be happening. It's normal for the DNS Resolver t... Jim Pingle
09:28 AM pfSense Plus Regression #13819 (Feedback): OpenVPN process PID is not logged correctly
Fix tested and merged.
Before the fix, there was nothing logged when starting OpenVPN with the actual PID.
Afte... Jim Pingle
09:01 AM Regression #13831 (Resolved): Syntax error in /etc/inc/util.inc on line 3655
With a properly formatted ACL sent from RADIUS, the rule is accepted and present in the ruleset.
With a deliberate... Jim Pingle
08:47 AM pfSense Packages Regression #13828 (Feedback): ACME cron jobs persist after the package is uninstalled
Fix committed, will be in the ACME package on the next build started after this commit:
https://github.com/pfsense... Jim Pingle
08:30 AM pfSense Packages Regression #13828 (Confirmed): ACME cron jobs persist after the package is uninstalled
The ACME cron job is still present after removing the package. The deinstall function isn't referencing the correct A... Jim Pingle
08:45 AM pfSense Packages Regression #13817 (Confirmed): pfBlockerNG-devel cron jobs persist after the service is disabled or the package is uninstalled
The cron job is still present after removing the package. There is likely a package-specific change that must be made... Jim Pingle
08:22 AM pfSense Packages Bug #13830 (Resolved): Snort cron jobs persist after the package is uninstalled
Jim Pingle
08:20 AM Regression #13833 (Feedback): Cron jobs are not removed by ``install_cron_job`` when set inactive as they should be
Applied in changeset commit:e00916c1681394ccc7be193335dc001ec23029ec. Jim Pingle
08:17 AM Regression #13833: Cron jobs are not removed by ``install_cron_job`` when set inactive as they should be
Commit is pending for this, but as an example of the problem, consider a scenario similar to the following:... Jim Pingle
07:46 AM Regression #13833 (In Progress): Cron jobs are not removed by ``install_cron_job`` when set inactive as they should be
The way the current code locates jobs to alter might not work well with the new way to remove an existing job if mult... Jim Pingle
08:11 AM pfSense Packages Feature #10818: UDP Broadcast Relay
I've installed 23.01 RC and pfSense-pkg-udpbroadcastrelay-1.0.pkg installs without issue. James R
07:37 AM Feature #13836 (Duplicate): Show all rules that have effect
Duplicate of #2049 Jim Pingle
03:31 AM pfSense Plus Bug #13799 (Resolved): Unbound python module persistently shows enabled in resolver settings
Tested against:... Danilo Zrenjanin
03:09 AM pfSense Plus Bug #13799: Unbound python module persistently shows enabled in resolver settings
I confirmed this behavior on 23.01.b.20221228.0300. Danilo Zrenjanin
02:17 AM pfSense Plus Regression #13824 (Resolved): CPU/Crypto Detection for the 3100 is not functioning properly
Tested against:... Danilo Zrenjanin

01/04/2023

08:34 PM Revision bf6f57e4: Fix cron job removal. Fixes #13833
Jim Pingle
04:38 PM Feature #13836 (Duplicate): Show all rules that have effect
I recently learned that there are MANY rules that have effect in pfSense, but are not shown in UI.
For instance rule... Nazar Mokrynskyi
04:22 PM pfSense Packages Regression #13828 (Closed): ACME cron jobs persist after the package is uninstalled
Fixed in https://redmine.pfsense.org/issues/13833 Marcos M
04:22 PM pfSense Packages Regression #13817 (Closed): pfBlockerNG-devel cron jobs persist after the service is disabled or the package is uninstalled
Fixed in https://redmine.pfsense.org/issues/13833 Marcos M
03:59 PM Regression #13835 (Duplicate): Cron jobs are not properly removed
Duplicate of https://redmine.pfsense.org/issues/13833 (fix already committed) Jim Pingle
03:10 PM Regression #13835 (Duplicate): Cron jobs are not properly removed
See https://redmine.pfsense.org/issues/13827#note-4
> Instead, I believe this issue was introduced by a recent chang... Marcos M
03:56 PM Revision 02724a5a: Fix copy/paste error. Issue #13831
Jim Pingle
03:50 PM Revision 5df5c9b4: Fix catch syntax and variable usage. Fixes #13831
* Add variable back to catch statement
* Use the exception message
* Correct error message when this exception is thr... Jim Pingle
03:12 PM pfSense Plus Regression #13613 (Resolved): OpenVPN crashes due to if_tuntap changes
Marcos M
03:10 PM pfSense Packages Bug #13830: Snort cron jobs persist after the package is uninstalled
This issue may be closed and marked either "resolved" or "not a bug" as desired. It was addressed by this Changeset: ... Bill Meeks
11:34 AM pfSense Packages Bug #13830: Snort cron jobs persist after the package is uninstalled
Update -- this is not actually a problem within the Snort GUI package. Instead, the issue is the result of a PHP 8.1 ... Bill Meeks
09:05 AM pfSense Packages Bug #13830 (Resolved): Snort cron jobs persist after the package is uninstalled
Uninstalling the package does not remove the cron jobs added when the service is configured/enabled. Similar to https... Bill Meeks
02:46 PM pfSense Docs New Content #13834 (Resolved): Document 22.05.1 release
Document the 22.05.1 point release (similarly to 21.02.1).
https://docs.netgate.com/pfsense/en/latest/releases/ver... Marcos M
02:44 PM pfSense Packages Regression #13827 (Resolved): Suricata cron jobs persist after the package is uninstalled
PR merged, thanks! Jim Pingle
02:05 PM pfSense Packages Regression #13827: Suricata cron jobs persist after the package is uninstalled
I made some changes to the Suricata uninstall code to ensure all code paths perform config writes before exiting. Tho... Bill Meeks
11:21 AM pfSense Packages Regression #13827: Suricata cron jobs persist after the package is uninstalled
After some further investigation and testing, I'm not convinced the problem is within the package code. Instead, I be... Bill Meeks
09:03 AM pfSense Packages Regression #13827: Suricata cron jobs persist after the package is uninstalled
This was actually broken, it appears, 6 years ago by this commit: https://github.com/pfsense/pfsense/commit/b2bb49709... Bill Meeks
02:40 PM Regression #13833 (Feedback): Cron jobs are not removed by ``install_cron_job`` when set inactive as they should be
Applied in changeset commit:bf6f57e4f857fd5a66d1e0a35c2b43c320da3c66. Jim Pingle
02:34 PM Regression #13833 (Resolved): Cron jobs are not removed by ``install_cron_job`` when set inactive as they should be
There is a regression in @install_cron_job@ where it fails to remove cron jobs when they are set inactive (@$active =... Jim Pingle
12:36 PM pfSense Packages Todo #13306 (Feedback): Update NUT to version 2.8.0 to match FreeBSD Packages
PR https://github.com/pfsense/FreeBSD-ports/pull/1175 Merged
Will be in snapshots overnight.
 Jim Pingle
12:17 PM pfSense Packages Todo #13306: Update NUT to version 2.8.0 to match FreeBSD Packages
Also updating for PHP 8.1 Denny Page
11:17 AM Feature #13832 (New): Allow Slack notification API URL override
Slack notifications were added in #12291 .
Currently it's hardcoded to always post to `https://slack.com/api/chat.... Ulrich Petri
10:27 AM pfSense Packages Bug #13829: WG not removing interface rules from config even if "Keep Configuration" is unchecked before pkg removal
Jim Pingle wrote in #note-3:
> Reopening this since there is a bit more to think about here.
Perhaps another ch... Loh Phat
09:03 AM pfSense Packages Bug #13829 (New): WG not removing interface rules from config even if "Keep Configuration" is unchecked before pkg removal
Reading this again, perhaps I misunderstood. I was talking about assigned interfaces since you mentioned interfaces s... Jim Pingle
08:53 AM pfSense Packages Bug #13829: WG not removing interface rules from config even if "Keep Configuration" is unchecked before pkg removal
Jim Pingle wrote in #note-1:
> Interface rules are usually removed when removing an interface from assignments, which... Loh Phat
08:19 AM pfSense Packages Bug #13829 (Not a Bug): WG not removing interface rules from config even if "Keep Configuration" is unchecked before pkg removal
Interface rules are usually removed when removing an interface from assignments, which is a manual process and not pa... Jim Pingle
10:05 AM Regression #13831 (Feedback): Syntax error in /etc/inc/util.inc on line 3655
Applied in changeset commit:5df5c9b48aabacf223b29d7857d3c27486b8f591. Jim Pingle
09:55 AM Regression #13831: Syntax error in /etc/inc/util.inc on line 3655
This isn't plus specific, it was just noticed there first.
This would happen only if an invalid Cisco ACL rule is ... Jim Pingle
09:50 AM Regression #13831 (In Progress): Syntax error in /etc/inc/util.inc on line 3655
Jim Pingle
09:50 AM Regression #13831 (Resolved): Syntax error in /etc/inc/util.inc on line 3655
When upgrading from 22.05 to 23.01 with a specific config:... Steve Wheeler
09:12 AM pfSense Packages Bug #12178: WireGuard always shows 'Configuring WireGuard tunnels...done.' message on boot
Have to hop on this. This message (Configuring WireGuard tunnels) shows up couple of minutes if the interface the WG ... Car F

01/03/2023

08:42 PM Revision b756f227: Restore resolver host override sorting.
Jim Pingle
03:59 PM Revision a5c284f3: Fix #13799: Unbound python module persistently shows enabled in resolver settings.
Christian McDonald
02:31 PM pfSense Packages Bug #13829 (New): WG not removing interface rules from config even if "Keep Configuration" is unchecked before pkg removal
In the pfsense (22.05) config.xml there was a section of rules for the "WireGuard" package i/f. I had tried the pack... Loh Phat
02:25 PM pfSense Plus Bug #13602: OpenVPN fails to start again if it crashes with DCO enabled
I have the same issue. I have to run *ifconfig ovpns3 destroy* to allow the DCO enabled OpenVPN server to restart.
... Dean Arnold
02:02 PM pfSense Packages Regression #13828 (Resolved): ACME cron jobs persist after the package is uninstalled
Tested on @23.01.b.20221230.0600@ with the latest package.
Uninstalling the package does not remove the cron jobs ... Marcos M
01:46 PM pfSense Packages Regression #13827 (Resolved): Suricata cron jobs persist after the package is uninstalled
Tested on @23.01.b.20221230.0600@ with the latest package.
Uninstalling the package does not remove the cron jobs ... Marcos M
12:47 PM Feature #13826 (Duplicate): Update pcsc-lite
Current version in pfSense+ 23.01 is @pcsc-lite-1.9.5,2@.
There have been several fixes to pcsc that are relevant ... Marcos M
12:06 PM pfSense Packages Bug #13798 (Feedback): Crash report with lldpd package and 23.01.b.20221223.0600
Fixed: https://github.com/pfsense/FreeBSD-ports/commit/c0904ba7caffb3edf51ab67ce70dbbd362119987 Jim Pingle
09:30 AM pfSense Packages Bug #13798: Crash report with lldpd package and 23.01.b.20221223.0600
The error in the original report is definitely from problematic code when run under PHP 8.1. It would be most evident... Jim Pingle
11:34 AM Bug #12927: OpenVPN with OCSP enabled allows connections with revoked certificates
OCSP is not checked at all if certificate depth checking is disabled.
openvpn.inc does not place tls-verify into t... Chris Linstruth
11:19 AM Regression #13823: RADIUS attribute pfSense-Max-Total-Octets is not parsed correctly
Maybe we should pass this one to Reid as he handled https://redmine.pfsense.org/issues/13418 Christian McDonald
11:10 AM Regression #13823 (Confirmed): RADIUS attribute pfSense-Max-Total-Octets is not parsed correctly
The values used to generate the files by Captive Portal are correct - such as what gets placed in the db and quota tr... Marcos M
08:36 AM Regression #13823 (Not a Bug): RADIUS attribute pfSense-Max-Total-Octets is not parsed correctly
I agree, it looks right.
In FreeRADIUS the label even mentions MB:
> Enter the amount of download and upload tr... Jim Pingle
08:26 AM Regression #13823: RADIUS attribute pfSense-Max-Total-Octets is not parsed correctly
... Christian McDonald
10:57 AM pfSense Packages Bug #13808 (Resolved): Suricata saves duplicate entries for the default built-in events and files rule sets when saving changes on the CATEGORIES tab
PR Merged. Jim Pingle
10:57 AM pfSense Packages Bug #13806 (Resolved): Suricata interface rules cannot be viewed.
PR Merged. Jim Pingle
10:57 AM pfSense Packages Bug #13812 (Resolved): Attempting to change suricata blocking mode on LAN interface from legacy to inline throws a PHP error
PR Merged. Jim Pingle
10:44 AM Regression #13818: OpenVPN fails to start when a related static route already exists
Static routes for non-DCO OpenVPN should always be managed by OpenVPN itself, a dynamic routing protocol, or policy r... Jim Pingle
09:25 AM Regression #13818: OpenVPN fails to start when a related static route already exists
Tested on 23.01 BETA for Dec 30. Can confirm this is the case. Kris Phillips
10:41 AM pfSense Docs New Content #13825 (Closed): Add docs for installing/using a debug kernel
Starting with 23.01 there is an option to install a debug kernel that is actually a full debug kernel and not just de... Jim Pingle
10:27 AM pfSense Plus Regression #13824 (Feedback): CPU/Crypto Detection for the 3100 is not functioning properly
Fixed: https://gitlab.netgate.com/pfSense/factory/-/commit/e71c2e7ea3f67f09e6a8fcea7da87eac78c28094
 Jim Pingle
10:22 AM pfSense Plus Regression #13824 (Resolved): CPU/Crypto Detection for the 3100 is not functioning properly
The CPU and crypto detection on the dashboard widget are not functioning properly on the 3100. The CPU information di... Jim Pingle
10:19 AM pfSense Plus Regression #13779 (Resolved): SafeXcel support is built into the aarch64 kernel on snapshots instead of being a module
This change was merged in and is present on current snapshots. It's a module again and the dashboard detects it corre... Jim Pingle
10:05 AM pfSense Plus Bug #13799 (Feedback): Unbound python module persistently shows enabled in resolver settings
Applied in changeset pfsense:commit:a5c284f3214df41f5b00d321bbcc92489285e344. Christian McDonald
09:37 AM pfSense Packages Regression #13817 (New): pfBlockerNG-devel cron jobs persist after the service is disabled or the package is uninstalled
I had originally opened this against just pfBLockerNG-devel, but changed it since I saw it was happening on all packa... Marcos M
07:57 AM pfSense Packages Regression #13817 (Rejected): pfBlockerNG-devel cron jobs persist after the service is disabled or the package is uninstalled
It's up to each package to manage its own cron jobs. There isn't a way for the package manager to know those belong t... Jim Pingle
08:20 AM Bug #13014: Deadlock in Charon VICI interface
After disabling keepalives on all responders, the IPsec has been up for past 8days. Before that it would fail every 1... Roman Kazmierczak
08:16 AM Bug #13014: Deadlock in Charon VICI interface
That could be part of the problem, then, because if there are two P2 entries for the same src/dst in the SPD table it... Jim Pingle
08:02 AM Bug #13014: Deadlock in Charon VICI interface
Jim Pingle wrote in #note-42:
> Having overlapping P2 networks isn't really supported either, and could be a source ... David Vazquez
07:47 AM Bug #13014: Deadlock in Charon VICI interface
David Vazquez wrote in #note-41:
> Jim Pingle wrote in #note-40:
> > I have a lot of connections that stay down in ... Jim Pingle
08:10 AM pfSense Packages Feature #13821 (Rejected): [New package] - DNS Leak Test
This is not a useful test compared to testing from a client behind the firewall where it matters more.
Furthermore... Jim Pingle
08:04 AM pfSense Docs Todo #13820 (Closed): Feedback on Packages — ACME package
While it doesn't have the EKUs, it does work, at least last time I tried it before changing that recipe.
 Jim Pingle
08:02 AM Bug #8831 (Closed): Radvd causes latency spikes
Jim Pingle
08:01 AM pfSense Packages Bug #13612 (Resolved): Snort building lists is broken
Jim Pingle
07:54 AM pfSense Plus Regression #13816: Shutting down an 1100 running 23.01 results in an error. Unsure if operating system has halted.
There is an open issue for the 2100 having a similar problem on snapshots (NG internal redmine, 8866), given the simi... Jim Pingle
07:48 AM pfSense Packages Regression #12643 (Resolved): Rule categories are cleared after clicking the save button on the Global Settings page
Jim Pingle
07:44 AM Bug #13807 (Not a Bug): NAT changes aren't rolled back using Restore recent configuration on the console
This is normal and expected. Restoring a past config doesn't activate it, it only changes the configuration data back... Jim Pingle
07:43 AM Bug #13800 (Rejected): Module Init Failure - FreeBSD 14.0-CURRENT #0 devel-main-n255825-17d2b04a49e: Fri Dec 23 06:29:08 UTC 2022
There are two main possibilities here:
1. They are normal errors during the upgrade that wouldn't come back on the... Jim Pingle
07:38 AM Feature #13805: A way to reliably determine if system is the primary or secondary in CARP
At the moment I don't see this being worth spending time on.
Having a manual setting is about the only way to make... Jim Pingle
07:29 AM Regression #13803 (Not a Bug): When adding an EasyBlock rule, the GUI redirects to "Firewall > Aliases > IP" instead of "Firewall > Rules"
That's what it's supposed to do. When adding new blocks they go into the alias. Only the first new block makes a rule... Jim Pingle
07:28 AM Bug #13802: Incorrect language in Plus registration
I'm pretty sure that comes from Prodtrack as those strings aren't in the code anywhere. Should probably move this to ... Jim Pingle
07:17 AM pfSense Docs Correction #13813 (Resolved): Minor typo in io ports
Fixed: https://gitlab.netgate.com/docs/pfsense-platforms/-/commit/74b5da375e6e837bb078ba798a483b04c6d4d46c Jim Pingle
07:12 AM Regression #13517 (Resolved): Erroneous dhcp6 Messages in Boot log on 22.11
Jim Pingle
07:10 AM pfSense Plus Bug #13338 (Resolved): OpenVPN DCO panics with short UDP packets
Jim Pingle
07:08 AM Feature #13796 (Rejected): Restrict hardware address client (UUID string) login
It's not feasible. The client can lie about its UUID, there is no way for the server to know that it is accurate and ... Jim Pingle

01/02/2023

10:04 PM Regression #13823 (Rejected): RADIUS attribute pfSense-Max-Total-Octets is not parsed correctly
The RADIUS attribute @pfSense-Max-Total-Octets@ is used in FreeRADIUS with the option @Amount of Download and Upload ... Marcos M
10:17 AM pfSense Packages Bug #13822 (Confirmed): haproxy bug when adding a Frontend containing accented characters in description in generated XML entities
Hello,
Running snapshot from 2022-12-30 and pfsense stable 2.6.0, same bug in haproxy package.
Adding a Frontend... appzer0 appzer0
09:25 AM pfSense Plus Bug #13797: DNS Resolver stops working
Hi there,
First of, happy new year.
I was able to get a new log file, this time with log level 4. Unfortunately, t... Fred Brunken
04:20 AM pfSense Packages Feature #13821: [New package] - DNS Leak Test
PR Submitted -> https://github.com/pfsense/FreeBSD-ports/pull/1211 Luis Moraguez
03:54 AM pfSense Packages Feature #13821 (Rejected): [New package] - DNS Leak Test
I've developed a package that I would like to be made available for other to install via the Package Manager.
I've... Luis Moraguez

01/01/2023

10:35 PM pfSense Docs Todo #13820 (Closed): Feedback on Packages — ACME package
*Page:* https://docs.netgate.com/pfsense/en/latest/packages/acme/index.html
*Feedback:*
The recipe for IPsec Re... Taine Gilliam
08:38 PM Bug #8831: Radvd causes latency spikes
At least for me this is no longer happening so I'd say er can mark it resolved (unless someone else is still seeing t... Flole Systems
08:36 PM Bug #13473: No IPv6 address acquired after reboot/dhcp6c not starting
Further information was provided, so this is not incomplete. Flole Systems
08:34 PM pfSense Packages Bug #13612: Snort building lists is broken
This has been resolved now, so the status is wrong. Flole Systems
06:13 PM Regression #13418 (Resolved): Captive Portal does not keep track of client data usage
The original issue is now resolved; traffic is recorded correctly:... Marcos M
06:54 AM Regression #13418: Captive Portal does not keep track of client data usage
More extended testing demonstrates a NEW issue (see #2 point above for as tested configuration): pre-mature captive p... Dale Harron
05:07 PM pfSense Plus Regression #13819 (Pull Request Review): OpenVPN process PID is not logged correctly
https://gitlab.netgate.com/pfSense/factory/-/merge_requests/90 Marcos M
04:57 PM pfSense Plus Regression #13819 (Resolved): OpenVPN process PID is not logged correctly
Tested on the latest snapshot.
The system logs now show the following when the OpenVPN service is started:
> Jan ... Marcos M
03:41 PM Regression #13818 (New): OpenVPN fails to start when a related static route already exists
Tested on @23.01.b.20221230.0600@.
Steps:
# Configure an OpenVPN client in the GUI (tested with non-DCO); verify ... Marcos M
03:04 PM pfSense Packages Bug #13333 (Resolved): PHP error when saving Suricata rulesets
Marcos M
01:18 PM pfSense Packages Regression #13817 (Confirmed): pfBlockerNG-devel cron jobs persist after the service is disabled or the package is uninstalled
Tested on @23.01.b.20221230.0600@ with the latest pfBlockerNG-devel, Suricata, and ACME packages.
Using pfBlockerN... Marcos M
09:17 AM pfSense Plus Regression #13816 (Resolved): Shutting down an 1100 running 23.01 results in an error. Unsure if operating system has halted.
With a normal shutdown (CLI option 6 or Diagnostics > Halt) in 22.05, the USB console output ends with:... Chris W
04:21 AM pfSense Packages Feature #10818: UDP Broadcast Relay
Is there any way to install 1.0 package in pfSense 2.6? Installation failed, see below. Or do I have to use the older... M J

12/31/2022

02:14 PM Bug #13814 (Rejected): DNS Resolver continue fail to answer queries until I restart the server or wait a couple of minutes the services to work
Hello guys.
I have been testing pfsense 2.7-dev for a while, is my current version on my lan(home)network.
Right ... Peter Moreno
12:17 AM pfSense Packages Feature #13469: Feature/Package request: Wireguard Client/Peer config files export
I think this is a much needed feature and should be prioritized. WireGuard is far superior than OpenVPN and other VPNs. Eric Nix

12/30/2022

06:47 PM Bug #13687: Cannot add limiters named ``new``
Seeing this on build:
23.01-BETA (arm64)
built on Wed Dec 28 03:05:04 UTC 2022
FreeBSD 14.0-CURRENT
I create ... Chris W
04:36 PM pfSense Docs Correction #13813: Minor typo in io ports
The same wording is on the 2100 page as well.
https://docs.netgate.com/pfsense/en/latest/solutions/netgate-2100/io... Christopher Cope
04:01 PM pfSense Docs Correction #13813 (Resolved): Minor typo in io ports
https://docs.netgate.com/pfsense/en/latest/solutions/sg-3100/io-ports.html#switched-ethernet
Reads... Christopher Cope
03:20 PM Regression #13418: Captive Portal does not keep track of client data usage
Some success, data is now being passed to freeRadius but: (steady state stream of 33 MB/minute, single login per user... Dale Harron
08:53 AM pfSense Packages Bug #13812: Attempting to change suricata blocking mode on LAN interface from legacy to inline throws a PHP error
The fix for this issue was added to open Pull Request #1210 against DEVEL posted here: https://github.com/pfsense/Fre... Bill Meeks
12:30 AM pfSense Packages Bug #13812 (Resolved): Attempting to change suricata blocking mode on LAN interface from legacy to inline throws a PHP error
WebGUI reports:
The 'lan' interface does not support Inline IPS Mode with native netmap.
However, I then get a cr... John Elliott

12/29/2022

11:07 PM Revision c1bc55a9: Change captive portal counter keys to string keys. Fixes #13418.
String keys for rule counters are introduced in php-pfSense-module v0.89 Reid Linnemann
09:34 PM pfSense Plus Bug #13797: DNS Resolver stops working
Hi,
Thanks for you feedback. As for your questions, well...
The symptom is relatively easy to explain. The Netw... Fred Brunken
09:09 PM pfSense Plus Bug #13797: DNS Resolver stops working
Hello,
There is nothing unusual in the log file provided and there isn't enough information to go on here for a bu... Kris Phillips
09:15 PM Regression #13517: Erroneous dhcp6 Messages in Boot log on 22.11
Tested on Dec 28th builds of 23.01-BETA and these messages are no longer present. This can be marked as Resolved. Kris Phillips
09:12 PM pfSense Packages Bug #13798: Crash report with lldpd package and 23.01.b.20221223.0600
I'm unable to reproduce any issue with the LLPDd package in pfSense 23.01-BETA's December 28th build. Please provide... Kris Phillips
09:03 PM pfSense Plus Bug #13348: Error when deleting ZFS Boot Environment created from duplicate of non-default entry
Jonas R wrote in #note-6:
> FWIW: I get these errors whenever I (try to) delete a snapshot that is the parent snapsh... Kris Phillips
08:59 PM pfSense Plus Bug #13799: Unbound python module persistently shows enabled in resolver settings
I can confirm this. Steps to reproduce:
1. Go to Services --> DNS Resolver --> Python Module and check the box. ... Kris Phillips
09:18 AM pfSense Plus Bug #13799 (Confirmed): Unbound python module persistently shows enabled in resolver settings
Christian McDonald
08:55 PM pfSense Plus Bug #13338: OpenVPN DCO panics with short UDP packets
This can be marked as Resolved since we have tested the fix and confirmed it's resolution. Kris Phillips
08:53 PM pfSense Packages Bug #10867 (Resolved): squidGuard Package Hangs on Uninstall or Upgrade
Tested on latest 23.01 builds and the install issue is no longer a problem. Closing as resolved. Kris Phillips
06:21 PM Regression #13418: Captive Portal does not keep track of client data usage
PF_IN/PF_OUT direction was mismatched with the array index into the counters that we sampled. This should be fixed in... Reid Linnemann
06:20 PM Regression #13418 (Feedback): Captive Portal does not keep track of client data usage
Applied in changeset commit:c1bc55a9f37e5977110a3bb1f170321738fdf3d2. Reid Linnemann
12:36 PM pfSense Packages Bug #13811: Youtube content getting filtered on Squid when none is Selected
Maharsh Patel wrote:
> Youtube's content gets filtered by its SafeSearch headers even though I have selected *None* ... Maharsh Patel
10:38 AM pfSense Packages Bug #13811 (Closed): Youtube content getting filtered on Squid when none is Selected
Youtube's content gets filtered by its SafeSearch headers even though I have selected *None* on youtube restrictions ... Maharsh Patel
09:26 AM pfSense Packages Feature #13791 (Resolved): package information link goes to an old forum post - change to pfBlockerNG package page
I agree...docs is better than an old forum post. Fixed. Christian McDonald
01:07 AM pfSense Packages Bug #13810 (Rejected): Squid options obsolete
Hello guys.
Running squid -k parse we have some options that are no longer used, maybe is time to update the GUI:... Peter Moreno

12/28/2022

10:18 PM pfSense Packages Feature #13809 (New): Add Netdata package
I would like to see the Netdata monitoring package added to pfSense.
This would allow a fleet of pfSense systems to ... Ben Woods
01:13 PM pfSense Packages Bug #13738: Typo under Services/Snort/Interface Settings/WAN - Rules
It was intended to be 22.05. I fixed that. Danilo Zrenjanin
12:32 PM Bug #13680: Package install scripts run after PHP upgrade produce errors
I think we'd be better served by focusing our efforts on performing the complete upgrade in the target boot environme... Reid Linnemann

12/27/2022

09:43 PM pfSense Packages Bug #13806: Suricata interface rules cannot be viewed.
This issue is corrected by Pull Request 1210 submitted to the DEVEL branch: https://github.com/pfsense/FreeBSD-ports/... Bill Meeks
04:49 PM pfSense Packages Bug #13806: Suricata interface rules cannot be viewed.
Okay, was able to reproduce the condition when using SID MGMT to auto-disable rules. Will dig into the processing to ... Bill Meeks
04:46 PM pfSense Packages Bug #13806: Suricata interface rules cannot be viewed.
A fresh greenfield install still works for me, showing the rule categories auto-enabled on the CATEGORIES tab (green ... Bill Meeks
04:24 PM pfSense Packages Bug #13806: Suricata interface rules cannot be viewed.
Still working for me in an existing installation. I just went to the SID MGMT tab, created an _enablesid.conf_ file, ... Bill Meeks
04:12 PM pfSense Packages Bug #13806: Suricata interface rules cannot be viewed.
Marcos M wrote in #note-2:
> It's a fresh install and configuration. All categories do show correctly (see attached)... Bill Meeks
02:41 PM pfSense Packages Bug #13806: Suricata interface rules cannot be viewed.
It's a fresh install and configuration. All categories do show correctly (see attached) - they are currently being ma... Marcos M
02:04 PM pfSense Packages Bug #13806: Suricata interface rules cannot be viewed.
Can you post additional details? I cannot reproduce this issue on my test virtual machine. Do you show any rule categ... Bill Meeks
09:42 PM pfSense Packages Bug #13808: Suricata saves duplicate entries for the default built-in events and files rule sets when saving changes on the CATEGORIES tab
This issue is corrected by Pull Request 1210 submitted to the DEVEL branch: https://github.com/pfsense/FreeBSD-ports/... Bill Meeks
09:30 PM pfSense Packages Bug #13808 (Resolved): Suricata saves duplicate entries for the default built-in events and files rule sets when saving changes on the CATEGORIES tab
The Suricata package will save duplicate entries in _config.xml_ for the default built-in rules when saving enabled r... Bill Meeks
08:32 PM pfSense Packages Bug #10646 (Feedback): Reinstall package process stalls at pfBlockerNG when restoring a config
Issue here has to do with pkg(8) hardening that prevents it from spawning long-lived processes. pkg(8) uses procctl t... Christian McDonald
08:31 PM pfSense Packages Bug #10867 (Feedback): squidGuard Package Hangs on Uninstall or Upgrade
Issue here has to do with pkg(8) hardening that prevents it from spawning long-lived processes. pkg(8) uses procctl t... Christian McDonald
08:30 PM pfSense Packages Bug #11398 (Feedback): pfBlocker upgrade hangs forever
Issue here has to do with pkg(8) hardening that prevents it from spawning long-lived processes. pkg(8) uses procctl t... Christian McDonald
12:01 PM Bug #13014: Deadlock in Charon VICI interface
Jim Pingle wrote in #note-40:
> I have a lot of connections that stay down in my lab for various reasons, but they ca... David Vazquez
02:00 AM Bug #13807 (Not a Bug): NAT changes aren't rolled back using Restore recent configuration on the console
Accidentally I natted all traffic from the intranet(1) going to the firewall(2) to an internal host. Obviously I wasn... Gustavo Domínguez

12/26/2022

10:00 PM pfSense Packages Bug #13806 (Resolved): Suricata interface rules cannot be viewed.
Tested on the latest version on the dev branch.
No matter which rule is selected in the drop-down, the custom rule... Marcos M
03:29 PM Feature #13805 (New): A way to reliably determine if system is the primary or secondary in CARP
There is no current way, as far as I can tell, to reliably determine if the current system is the primary or secondar... Christopher Cope
03:16 PM Feature #13804 (Pull Request Review): Prevent CARP status/maintenance mode from being erroneously toggled
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/999 Christopher Cope
03:06 PM Feature #13804 (Resolved): Prevent CARP status/maintenance mode from being erroneously toggled
On the Status > CARP page the buttons to disable/enable CARP or enter/leave CARP maintenance mode only toggle the sta... Christopher Cope
10:33 AM Regression #13803 (Not a Bug): When adding an EasyBlock rule, the GUI redirects to "Firewall > Aliases > IP" instead of "Firewall > Rules"
2.7.0-DEVELOPMENT (amd64)
built on Fri Dec 23 06:05:19 UTC 2022
FreeBSD 14.0-CURRENT
Repro steps:
1. Navigate... Gerke Max Preussner
10:21 AM Bug #13423: IPv6 neighbor discovery protocol (NDP) fails in some cases
It occurs on 23.01 DEVEL too. I kindly ask Netgate to take a look at this issue because it breaks IPv6 almost complet... Tito Sacchi
10:17 AM Bug #13423: IPv6 neighbor discovery protocol (NDP) fails in some cases
I found a way to automate this process with pfSsh.php:... Tito Sacchi
10:12 AM Bug #13423: IPv6 neighbor discovery protocol (NDP) fails in some cases
OK -
Tested saving the interface and it did add multicast group:... Chris Linstruth
08:34 AM Bug #13423: IPv6 neighbor discovery protocol (NDP) fails in some cases
Opening the interface configuration page and clicking 'Save' and then 'Apply' without changing anything solves the pr... Tito Sacchi
06:56 AM Bug #13802 (New): Incorrect language in Plus registration
The email sent by shopify says this:... Chris Linstruth
06:56 AM Feature #13801 (New): PPPoE Server should allow no authentication
Currently the built-in PPPoE server supports PAP and CHAP auth, but does not allow for no authentication.
The use-... Nick Hall

12/25/2022

08:32 PM Bug #13800: Module Init Failure - FreeBSD 14.0-CURRENT #0 devel-main-n255825-17d2b04a49e: Fri Dec 23 06:29:08 UTC 2022
Somehow you've managed to upgrade PHP without also upgrading the extensions.
Module compiled with module API=20210... Christian McDonald
06:28 PM Bug #13800 (Rejected): Module Init Failure - FreeBSD 14.0-CURRENT #0 devel-main-n255825-17d2b04a49e: Fri Dec 23 06:29:08 UTC 2022
Crash report begins. Anonymous machine information:
amd64
14.0-CURRENT
FreeBSD 14.0-CURRENT #0 devel-main-n2558... RED SKULL
10:48 AM pfSense Packages Feature #10818: UDP Broadcast Relay
Check Diagnostics / System Activity and make sure that the process is actually running. There are some errors which a... Marcos M
12:43 AM Bug #13729: Gateways stuck in Unknown status
Jordan Greene wrote in #note-7:
> Nazar Mokrynskyi wrote in #note-6:
> >
> > Qemu 7 with 3 virtio network interfa... Nazar Mokrynskyi

12/24/2022

08:56 PM pfSense Packages Regression #12643: Rule categories are cleared after clicking the save button on the Global Settings page
suricata 6.0.8_2 on 23.01.b.20221223.0600 does not lose interface rule selection when saving from global settings page Jordan G
07:50 PM pfSense Plus Bug #13799 (Resolved): Unbound python module persistently shows enabled in resolver settings
Unchecking python module in dns resolver settings shows checked again after save/apply and there is no python script ... Jordan G
06:25 PM Bug #13729: Gateways stuck in Unknown status
Nazar Mokrynskyi wrote in #note-6:
>
> Qemu 7 with 3 virtio network interfaces (WAN, LAN, WAN2), host is x86-64 Al... Jordan G
05:01 PM pfSense Packages Bug #13798 (Resolved): Crash report with lldpd package and 23.01.b.20221223.0600
Seen this issue since the first 23.01 BETA and still see it every upgrade. Using the standard LLDPD package from pfSe... Richie Crews
12:42 PM pfSense Plus Bug #13797 (Not a Bug): DNS Resolver stops working
Hi there,
I have been having problems with the DNS Resolver that it just stops working for no reason every now and... Fred Brunken
06:51 AM Feature #13796 (Rejected): Restrict hardware address client (UUID string) login
Hello everybody,
I am using Netgate pfsense on Aws
Now i want trust the client login vpn server by restrict uuid st... vicent lee

12/23/2022

04:20 PM Revision 0d5e0838: Fix loading the i915 driver for MBT in 2.7.
Steve Wheeler
01:38 PM Bug #13014: Deadlock in Charon VICI interface
David Vazquez wrote in #note-39:
> After a couple mentions of Phase 2 connections being down, I decided to do a test... Jim Pingle
01:33 PM Bug #13014: Deadlock in Charon VICI interface
After a couple mentions of Phase 2 connections being down, I decided to do a test. On the affected firewall, I had a ... David Vazquez
12:47 PM pfSense Plus Bug #13455: Serial console output fails to render properly in certain cases on 4100, 6100, and 8200.
Not a blocker since it's functional (if ugly), but would be nice to figure out for this release if possible.
Since... Jim Pingle
12:35 PM pfSense Plus Bug #13602 (Resolved): OpenVPN fails to start again if it crashes with DCO enabled
The commit that's in place now is already tested and working. Let's move that other change to the next release so we ... Jim Pingle
12:24 PM Bug #13680: Package install scripts run after PHP upgrade produce errors
This may not be viable for this release but for a while I've thought the upgrade process should be removing all packa... Jim Pingle
12:15 PM pfSense Packages Bug #13771 (Resolved): Suricata tries to load invalid SID file
PR Merged Jim Pingle
11:05 AM pfSense Packages Bug #13771: Suricata tries to load invalid SID file
A fix for this issue has been posted in Pull Request #1208 against DEVEL posted here: https://github.com/pfsense/Free... Bill Meeks
09:39 AM pfSense Packages Bug #13771: Suricata tries to load invalid SID file
I will investigate further and get a fix submitted to address this. Bill Meeks
12:15 PM pfSense Packages Bug #13794 (Resolved): Suricata - when adding a new interface the latest app-layer protocol decoders are not default enabled on the new interface
PR Merged Jim Pingle
11:06 AM pfSense Packages Bug #13794: Suricata - when adding a new interface the latest app-layer protocol decoders are not default enabled on the new interface
A fix for this issue has been posted in Pull Request #1208 against DEVEL here: https://github.com/pfsense/FreeBSD-por... Bill Meeks
11:00 AM pfSense Packages Bug #13794 (Resolved): Suricata - when adding a new interface the latest app-layer protocol decoders are not default enabled on the new interface
When adding a new interface to an existing Suricata installation, the most recently supported app-layer protocol deco... Bill Meeks
11:46 AM pfSense Packages Feature #13795 (New): Add Country Code (Geolocation) details to the lookup modals
I would like the country to be displayed when you click on an IP lookup button in Snort.
It could be added as addi... Jon Brown
11:37 AM pfSense Packages Feature #10160: Dedicated Maxmind GeoIP package including license registration
I think this is the best way forwards to have a shared package offering IP to country resolution. This package need n... Jon Brown
09:39 AM pfSense Plus Regression #13741: Update message interpreted as the available version
Not a problem in a release, excluding from release notes. Jim Pingle
09:39 AM Bug #13067: Resolve interval for ``filterdns`` may not match the configured value
Updating subject for release notes. Jim Pingle
09:14 AM Bug #13525: Memory leak in PF when retrieving Ethernet rules
I checked all around my lab and though I have captive portal enabled on numerous systems I couldn't find any that had... Jim Pingle
09:02 AM Bug #9296 (Resolved): Alias content is sometimes incomplete when an alias contains both FQDN and IP address entries
The issue here related to the subject appears to be OK, and the other related issues have been spun off into their ow... Jim Pingle
08:53 AM Bug #13282 (Resolved): Alias content is sometimes incomplete if the firewall cannot resolve an FQDN in the alias
Hard to reproduce this but at least as stated it appears to be OK. I tried a few variations and every time the table ... Jim Pingle
08:52 AM Bug #12708 (Resolved): Alias with non-resolving FQDN entry breaks underlying PF table
Hard to reproduce this but at least as stated it appears to be OK. I tried a few variations and every time the table ... Jim Pingle
08:32 AM Regression #13391 (Resolved): Multiple Captive Portal interfaces do not properly form the list of portal IP addresses
This appears to be OK now:... Jim Pingle
08:29 AM Bug #13756 (Resolved): Rules for authenticated Captive Portal users are not removed when a zone is disabled
Rules for logged-in users are removed when disabling a portal zone as expected now. Jim Pingle
01:25 AM Revision b37f3f5d: Include all interface IPs and VIPs in cpip table. #13391
The cpzoneid_<zone>_cpips tables only include the IP and VIPS of the final
interface searched, causing captive portal... Reid Linnemann

12/22/2022

11:07 PM pfSense Packages Bug #13771: Suricata tries to load invalid SID file
I haven't looked at how the value is ending up there, but I can say that I've never used that particular option, nor ... Marcos M
10:17 AM pfSense Packages Bug #13771: Suricata tries to load invalid SID file
A lowercase "none" should not be present there. A value of "None" (note the uppercase "N") is automatically added to ... Bill Meeks
09:48 PM Revision 19ae6203: Remove rules before unlinking the db files
Steve Wheeler
07:35 PM Regression #13391 (Feedback): Multiple Captive Portal interfaces do not properly form the list of portal IP addresses
Reid Linnemann
07:28 PM Regression #13391: Multiple Captive Portal interfaces do not properly form the list of portal IP addresses
Reading over the forum post again, I think I am actually seeing what you are describing - that the ips for the interf... Reid Linnemann
05:32 PM Regression #13391: Multiple Captive Portal interfaces do not properly form the list of portal IP addresses
I don't currently see this behavior in devel, unless I understand the problem incorrectly, but I do see a problem wit... Reid Linnemann
05:44 PM pfSense Packages Feature #10818: UDP Broadcast Relay
Very nice job @Marcos M, thank you to you and everyone else that has contributed to the creation of this package.
... Joe Lippa
04:02 PM Bug #13756 (Feedback): Rules for authenticated Captive Portal users are not removed when a zone is disabled
MR merged Jim Pingle
02:55 PM Bug #13756 (Pull Request Review): Rules for authenticated Captive Portal users are not removed when a zone is disabled
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/997 Steve Wheeler
03:32 PM pfSense Packages Bug #13609 (Resolved): Editing ACLs in BIND Package Produces PHP error in CE 2.7.X
Tested using bind 9.17 on both:... Christopher Cope
02:26 PM pfSense Plus Regression #13741 (Resolved): Update message interpreted as the available version
This is resolved on current snaps.
 Jim Pingle
02:04 PM Bug #13545 (Resolved): Toggling NAT rules using the button method does not enable/disable corresponding firewall rules
Works as expected. I could reproduce the problem on 22.05, but performing the same test on the current 23.01 snapshot... Jim Pingle
02:00 PM Bug #13638 (Resolved): ``fcgicli`` fails to write packets with ``nvpair`` values that exceed ``128`` bytes
This appears to be OK now.
22.05 test:... Jim Pingle
01:57 PM Bug #13793 (New): filterdns does not reconcile modelled tables with the current state of filter tables
filterdns tracks changes in the sets of addresses associated with hostnames to generate add/delete events for those a... Reid Linnemann
01:47 PM Bug #9296: Alias content is sometimes incomplete when an alias contains both FQDN and IP address entries
The most recent comments above identify problems in filterdns that are fundamentally different in nature. I am openin... Reid Linnemann
01:18 PM Bug #9296 (Feedback): Alias content is sometimes incomplete when an alias contains both FQDN and IP address entries
Lets keep this issue for just the stated problem here and ensure that any potentially related problems have their own... Jim Pingle
01:46 PM Bug #13067 (Resolved): Resolve interval for ``filterdns`` may not match the configured value
This issue only addresses the filter interval, which has been confirmed to be correct. Reid Linnemann
01:45 PM Feature #12768 (Rejected): pfSense-repo: Make sure default config file exists
Dynamic repos will supersede this Brad Davis
01:35 PM Bug #13253 (Resolved): ``dhcp6c`` is not restarted when applying settings when multiple WANs are configured for DHCP6
Re-tested on 23.01.b.20221221.1946 and dhcp6c is restarted there when applying WAN changes.
 Jim Pingle
01:30 PM Regression #13420: TCP traffic sourced from the firewall can only use the default gateway
Works as expected in:... Steve Wheeler
01:28 PM Regression #13420: TCP traffic sourced from the firewall can only use the default gateway
This is the intended behavior, so it's safe to close. Jim Pingle
01:27 PM Regression #13420 (Resolved): TCP traffic sourced from the firewall can only use the default gateway
Jim Pingle
09:50 AM Regression #13420: TCP traffic sourced from the firewall can only use the default gateway
tested to the same result as Steve Wheeler - traffic flows correctly but states are present on the interface with def... Georgiy Tyutyunnik
01:28 PM Bug #13408 (Resolved): PF can fail to load a new ruleset
I haven't seen this happen (or any reports of it happening) on snapshots since the fix went in. Jim Pingle
01:14 PM Regression #13622: QinQ ethertype tags changed
Moving ahead to 23.05, we can document the change for now. Jim Pingle
01:11 PM Bug #12079: Kernel panic when running IGMP Proxy: Sleeping thread owns a non-sleepable lock
This is still broken in HEAD and on snapshots, moving forward to 23.05. The attached textdump has a bit more debug in... Jim Pingle
01:09 PM Bug #12079: Kernel panic when running IGMP Proxy: Sleeping thread owns a non-sleepable lock
Rebase to main happened and the bug remains and as predicted in the previous comment the bug is still there.
Most ... Mateusz Guzik
01:09 PM Bug #13792 (New): Filterdns assumes sets of resolved addresses for each hostname are nonintersecting
In the current design of filterdns, each hostname thread wake periodically and performs a NS lookup, comparing its cu... Reid Linnemann
01:07 PM Regression #13754 (Resolved): DHCPv4 rules are not automatically created
These cases all appear to be solved now, and no more errors/regressions in the ruleset or from config accesses that I... Jim Pingle
12:44 PM pfSense Plus Regression #13613 (Feedback): OpenVPN crashes due to if_tuntap changes
Jim Pingle
12:43 PM Bug #13671: DHCP client can fail permanently if an interface is down at boot
Moving to the next release so we have more time to reproduce and test. Jim Pingle
11:40 AM pfSense Plus Bug #13766 (Closed): Various PHP warnings during first reboot after upgrading to 23.01 from 22.01 or 22.05
Chris W
11:40 AM pfSense Plus Bug #13766: Various PHP warnings during first reboot after upgrading to 23.01 from 22.01 or 22.05
Sounds good. They certainly didn't reappear on next reboots but just thought I'd bring it to attention. Chris W
11:10 AM Bug #6668 (Closed): IPSec tunnel + L2TP/IPSec VPN - wrong PSK chosen by pfSense
Jim Pingle
11:09 AM Bug #10577 (Not a Bug): intel x553 (c3000 chipset) loading x520 driver
If you can still reproduce this on 2.7.0 or 23.01 snapshots, post on the forum, it's likely some kind of config issue... Jim Pingle
11:08 AM Feature #10621 (Resolved): Update system.inc/system_identify_specific_platform() update to accommodate AWS, Azure and GCP
Jim Pingle
11:07 AM Feature #12055 (Closed): Option to disable XMLRPC Sync for Loopback Virtual IPs
Jim Pingle
11:06 AM Bug #8576 (Closed): pfSense stops passing traffic after some time when using Outbound NAT pool w/ Sticky Address
Jim Pingle
11:05 AM Bug #12853 (Closed): Network Address Translation - Pure NAT pfsense freeze after reboot
Doesn't seem to happen to anyone else and might have been related to other solved issues in PF with loading rules/mem... Jim Pingle
11:03 AM Bug #12829 (Closed): Dummynet kernel module fails to load after upgrade.
No other reports and no way to reproduce it that I'm aware of, and it's been quite some time since the last report.
... Jim Pingle
11:02 AM Bug #9024 (Closed): Ping packet loss under load when using limiters
Jim Pingle
11:01 AM Bug #12877 (Closed): Cloudflare DynDNS fails to update more than two addresses
Jim Pingle
11:00 AM Bug #7096 (Resolved): Unbound fails to start on boot if specific network devices are configured in the "Network Interfaces"
Jim Pingle
11:00 AM Bug #13383 (Rejected): Certificates cannot be created via csr in the Certificate Manager
Closing for lack of response and not being able to reproduce the problem. Jim Pingle
10:57 AM Regression #13598 (Resolved): fcgicli can output garbage for stdout/stderr read back from php-fpm
Jim Pingle
10:50 AM pfSense Packages Bug #8315 (Closed): Mail Report mail_report_send() behavior different than notify_via_smtp()
Jim Pingle
10:48 AM pfSense Packages Feature #11879 (Closed): Add support for SSL.com ACME server
Jim Pingle
10:47 AM pfSense Packages Todo #13532 (Closed): Sync ACME package with upstream v3.0.5
Jim Pingle
10:47 AM pfSense Packages Feature #11163 (Closed): Preferred Chain option
Jim Pingle
10:47 AM pfSense Packages Bug #13053 (Closed): LoopiaAPI error handling
Jim Pingle
10:46 AM pfSense Packages Bug #13773 (Resolved): Include file of mail reports package changed path and filename but one file requiring it did not follow
Working fine on the current version of the package. Jim Pingle
10:44 AM pfSense Packages Feature #13791: package information link goes to an old forum post - change to pfBlockerNG package page
also this https://docs.netgate.com/pfsense/en/latest/packages/pfblocker.html
should go to
https://docs.netgate.... Jon Brown
10:39 AM pfSense Packages Feature #13791 (Resolved): package information link goes to an old forum post - change to pfBlockerNG package page
The info link goes to https://forum.netgate.com/topic/158592/pfblockerng-devel-v3-0-0-no-longer-bound-by-unbound/43
... Jon Brown
09:52 AM pfSense Packages Bug #13444: zabbix_proxy : cannot open "/var/log/zabbix-proxy/zabbix_proxy.log": [13] Permission denied
I've updated to @1.0.5@ and checked the contents of @/var/etc/newsyslog.conf.d/zabbix_proxy.log.conf@, it's still set... Steve Scotter
09:27 AM pfSense Packages Bug #13444: zabbix_proxy : cannot open "/var/log/zabbix-proxy/zabbix_proxy.log": [13] Permission denied
Apologies for the delay Kris. Zabbix had been behaving itself for quite some time (or rather I hadn't noticed it was ... Steve Scotter
09:49 AM pfSense Packages Feature #13790 (New): Bar and Bar (stacked) graphs are almost the same
h1. The issue
If you look at the follow Traffic Totals graphs you will see that they are the same except one alter... Jon Brown
09:01 AM pfSense Packages Feature #13540: Check what rule is triggered by a Domain or IP
I would add this in it's own tab and this can also be used to test any domain or IP to see if they would get blocked ... Jon Brown
07:54 AM Feature #13789: Available Packages should have information buttons
While the icon isn't there, the link is. It's linked as the package name, rather than a separate icon.
It could pr... Jim Pingle
07:32 AM Feature #13789 (New): Available Packages should have information buttons
On installed packages you have information buttons which links to their related page in the Netgate documentation. th... Jon Brown
07:46 AM Bug #13788 (Duplicate): Allow IPSEC .vips-configuration in GUI - connections.<conn>.vips ModeConfig
Duplicate of #8346 though I changed it to be more general just now, it was there to add "client" style support.
Th... Jim Pingle
03:24 AM Bug #13788 (Duplicate): Allow IPSEC .vips-configuration in GUI - connections.<conn>.vips ModeConfig
To be able to request an ip address from another vpn-server, ipsec configuration needs vips-support.
https://docs.st... Stefan Bauer
07:45 AM Feature #8346: Allow pfSense to act as an IPsec VPN client
Making this more general since Xauth is pretty much dead. Jim Pingle

12/21/2022

10:47 PM pfSense Packages Bug #12667 (Bogus): Firewall Crashed After Upgrading Wireguard
Christian McDonald
10:46 PM pfSense Packages Bug #12667 (Incomplete): Firewall Crashed After Upgrading Wireguard
Christian McDonald
10:44 PM pfSense Packages Bug #13114 (Resolved): BIND calls rndc in rc_stop when named is not running
Christian McDonald
10:41 PM pfSense Packages Bug #13115 (Resolved): WireGuard panic due to KBI changes in ```udp_tun_func_t()```
Christian McDonald
07:44 PM Revision b7b482b1: xmlparse.inc: tweak the handling of XML listtags that are parsed as leaf strings
Christian McDonald
05:59 PM Revision 1670f4c0: Correct check IP service config path.
Jim Pingle
04:38 PM Revision 5daac457: Revert "Pass reloadall flag to dhcp6c config. Fixes #13253"
This reverts commit 8e88bd48a22b55d213ac7613be74c651706cfa0d. Jim Pingle
02:13 PM pfSense Plus Bug #11626 (Resolved): Google LDAP connections fail due to lack of SNI for TLS 1.3
We don't have an account with Google LDAP auth any longer, but I can confirm that the LDAP client is sending the SNI ... Jim Pingle
01:52 PM pfSense Packages Bug #13609 (Feedback): Editing ACLs in BIND Package Produces PHP error in CE 2.7.X
Should be fixed in next snapshot run for CE and Plus
https://github.com/pfsense/pfsense/commit/b7b482b1601272723ac97... Christian McDonald
12:56 PM Regression #13782: DHCP leases are not registered in Unbound
Not a problem in a release, excluding from release notes. Jim Pingle
11:40 AM Feature #13787 (New): Increase Tiers under Gateway Group
Hello, i am using latest pfsense but i have a request about increasing Tiers under Gateway Group, currently the limit... edi t
10:45 AM Bug #13253: ``dhcp6c`` is not restarted when applying settings when multiple WANs are configured for DHCP6
Backing out this change and re-testing on lab systems with multiple DHCP6 WANs, dhcp6 is still restarted now. Some ot... Jim Pingle
10:45 AM Bug #13253 (Feedback): ``dhcp6c`` is not restarted when applying settings when multiple WANs are configured for DHCP6
Applied in changeset commit:5daac45752d00a97a9e01c5ddc7ed4f5ae0501ba. Jim Pingle
10:27 AM Bug #13253 (In Progress): ``dhcp6c`` is not restarted when applying settings when multiple WANs are configured for DHCP6
There is a bit of a regression here in certain cases. For whatever reason the change made here is causing a failure f... Jim Pingle
08:10 AM Regression #13660 (Resolved): PHP8.1 error after applying floating rules changes
I loaded/edited/saved/applied a bunch of floating rules without error on the latest snapshot. Hard to say if it's sol... Jim Pingle
08:04 AM pfSense Packages Regression #13597 (Resolved): haproxy-devel PHP8 regression when saving a backend entry
No errors when editing backends in current version of haproxy package on the latest snapshot.
 Jim Pingle
07:56 AM pfSense Packages Bug #13775: Status Traffic Totals PHP error on dev snapshots w/PHP 8.1
Yep, agree - fixed for me on the latest snapshots. Ben Woods
07:53 AM pfSense Packages Bug #13775 (Resolved): Status Traffic Totals PHP error on dev snapshots w/PHP 8.1
Unable to replicate the errors on a current snapshot, so it appears to be fixed.
 Jim Pingle
07:54 AM Regression #13553 (Resolved): PHP error when creating a new limiter
Jim Pingle
07:48 AM pfSense Packages Bug #13774 (Resolved): PIMD Interfaces drop-down empty on dev snapshots w/PHP 8.1
Unable to replicate the errors on a current snapshot, so it appears to be fixed.
 Jim Pingle
07:44 AM pfSense Packages Bug #13752 (Resolved): Avahi broken on PHP 8.1
Unable to replicate the errors on a current snapshot, so it appears to be fixed.
 Jim Pingle
07:36 AM pfSense Packages Bug #13589 (Resolved): PHP Errors during cellular package installation on CE 2.7
Package installs and deinstalls without error. Visting the GUI page and using the widget also do not produce any erro... Jim Pingle
07:28 AM Regression #13781 (Resolved): DNS Forwarder: PHP error in ``services_dnsmasq_edit``
Works without error on current snapshot in cases which failed easily before.
 Jim Pingle
07:24 AM Bug #13675 (Resolved): Code that sets IPv6 MTU can unintentionally act on IPv4 addresses
Closing based on the note above saying it was tested successfully. Jim Pingle
06:26 AM Revision 435948ff: Always declare $config global in case a script is included in a non-global scope
$config is expected to always be a global containing the parsed configuration,
however in the sources that it is assi... Reid Linnemann

12/20/2022

11:01 PM pfSense Plus Feature #13786: ldap intergration for firewall rules
Mike Moore wrote in #note-2:
> This isn’t for OpenVPN. This is for firewall rules controlling movement day from LAN t... Christian McDonald
07:05 PM pfSense Plus Feature #13786: ldap intergration for firewall rules
This isn’t for OpenVPN. This is for firewall rules controlling movement day from LAN to DMZ.
Source is an AD user n... Mike Moore
06:40 PM pfSense Plus Feature #13786: ldap intergration for firewall rules
Normally this type of setup is implemented with something like IPsec/OpenVPN using RADIUS authentication, at which po... Marcos M
03:54 PM pfSense Plus Feature #13786 (New): ldap intergration for firewall rules
Seeing as there are LDAP connectors in the software already for authentication, would it be possible to leverage that... Mike Moore
10:37 PM Bug #13014: Deadlock in Charon VICI interface
Regarding my previous experiment turning off disk logging, we just had IPsec total fail due to just a few p2 of 150+ ... Dan Bailey
06:37 PM Revision 9ac53f56: Fix more config access regressions in filter.inc. Fix #13754
Marcos M
06:25 PM Revision 7e5dbbfc: Fix regression allowing blocked MAC addresses to login. Fix #13747
Marcos M
06:18 PM Regression #13781: DNS Forwarder: PHP error in ``services_dnsmasq_edit``
That fixes it for my test case.
Waiting for new build to confirm. Steve Wheeler
10:05 AM Regression #13781 (Feedback): DNS Forwarder: PHP error in ``services_dnsmasq_edit``
Applied in changeset commit:0fb806adf349a1fbeb2f040b08a917157abbcb40. Jim Pingle
07:05 AM Regression #13781 (In Progress): DNS Forwarder: PHP error in ``services_dnsmasq_edit``
Jim Pingle
03:51 PM Revision 0fb806ad: PHP 8.1 fixes for DNS Forwarder Hosts/Overrides. Fixes #13781
Jim Pingle
03:47 PM Regression #13747 (Resolved): Captive Portal blocked MAC addresses are not blocked
Marcos M
02:41 PM Regression #13747: Captive Portal blocked MAC addresses are not blocked
This works as expected for me with the patch:
 Steve Wheeler
12:35 PM Regression #13747 (Feedback): Captive Portal blocked MAC addresses are not blocked
Applied in changeset commit:7e5dbbfca68179fd29a685363625c810d4da6417. Marcos M
10:20 AM Regression #13747: Captive Portal blocked MAC addresses are not blocked
Good feedback - I fixed the regression and kept the old behavior. The new blocking functionality will be a new option... Marcos M
03:33 AM Regression #13747: Captive Portal blocked MAC addresses are not blocked
> Previously, ....
But is that they way to block ?
'Hard MAC blocking' with pf firewall rules, now possible, is a... Gertjan KROEB
02:55 PM Regression #13757 (Resolved): Circular dependency issue in ``auth.inc``/``authgui.inc``
Closing this for now as it appears to be working as expected given the current limitations for the moment.
I can t... Jim Pingle
02:52 PM Regression #13782 (Resolved): DHCP leases are not registered in Unbound
Working on the latest snap or when patched.
 Jim Pingle
08:00 AM Regression #13782 (Feedback): DHCP leases are not registered in Unbound
Applied in changeset commit:6ba16cde4f7fe8db5c4ae415a737d5da5fcc84d7. Jim Pingle
07:49 AM Regression #13782 (In Progress): DHCP leases are not registered in Unbound
Jim Pingle
02:49 PM Bug #12811 (Resolved): Services are not restarted when PPP interfaces connect
Ran some tests just now and services are restarted when the interface (re)connects (gets its address) and the rules r... Jim Pingle
01:50 PM Revision 6ba16cde: Correct DHCP lease reg enabled test. Fixes #13782
Jim Pingle
01:14 PM Revision 243afd23: Revert "Fix more config access regressions in filter.inc. Fix #13754"
This reverts commit c0d7519df5dc1632ba9f2791ab377bdc19f45105. Jim Pingle
12:42 PM Regression #13767 (Resolved): Refuse Nonlocal action in DNS Resolver access list breaks configuration file
All three affected actions now work properly (allow snoop, deny nonlocal, refuse nonlocal). The config is correct and... Jim Pingle
12:38 PM Bug #13228 (Resolved): Recovering interface gateway may not be added back into gateway groups and rules when expected
Seems to be doing OK here for now, and was previously found to help before committing.
If there is a regression di... Jim Pingle
12:34 PM Feature #13304 (Resolved): ALTQ GUI support for Broadcom Netextreme II (``bxe``) interfaces
Value is present in ALTQ list.
 Jim Pingle
12:31 PM Bug #13462 (Resolved): Advanced DHCP6 client settings only work for a single interface
This change had already been validated by multiple other people. Safe to close.
 Jim Pingle
12:17 PM Feature #13784 (Pull Request Review): Option to completely block MAC addresses in Captive Portal
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/994
A new "reject" action is now available which retai... Marcos M
11:13 AM Feature #13784 (Rejected): Option to completely block MAC addresses in Captive Portal
Currently, blocked MAC addresses are still able to access services on the firewall itself such as DNS and NTP. Add an... Marcos M
12:09 PM Bug #12920: Gateway behavior differs when the gateway does not exist in the configuration
Lets take our time with this and make sure it gets a thorough and proper analysis and correction for the next release... Jim Pingle
12:07 PM pfSense Plus Bug #13785 (Closed): 23.01.b.20221220.0600 Broke routing, Boot Environments, probably other stuff
Already fixed, there is already a new snapshot with that corrected. Jim Pingle
12:01 PM pfSense Plus Bug #13785 (Closed): 23.01.b.20221220.0600 Broke routing, Boot Environments, probably other stuff
Upgraded to 23.01.b.20221220.0600
After that I couldn't log in to the router, or get any trafic out through the netw... Jonas R
12:04 PM Bug #13776: Some functions fail if the Language does not exactly match an available Locale
Not a release blocker, can be pushed to 23.05 if we can't find a good solution near term.
 Jim Pingle
11:44 AM pfSense Packages Bug #13589 (Feedback): PHP Errors during cellular package installation on CE 2.7
Fix committed, it will be in snapshots tomorrow to test. Since the package couldn't even install I tested bits of the... Jim Pingle
10:27 AM pfSense Packages Bug #13589 (In Progress): PHP Errors during cellular package installation on CE 2.7
Jim Pingle
10:36 AM pfSense Packages Bug #13775: Status Traffic Totals PHP error on dev snapshots w/PHP 8.1
Ben Woods wrote in #note-3:
> Out of curiosity, is it the same suite of packages used on both the stable and devel b... Jim Pingle
10:35 AM Regression #13490 (Duplicate): blocking mac addresses in captive portal
Marcos M
10:26 AM pfSense Packages Regression #13597 (Feedback): haproxy-devel PHP8 regression when saving a backend entry
This was merged a week ago Jim Pingle
10:25 AM Bug #13704: Refactor IPsec code using config access functions
Moving this ahead, we'll fix any breakage we find in the meantime but pushing these issues which cover entire files. Jim Pingle
10:25 AM Todo #13702: Replace direct config accesses in ``system_advanced_sysctl``
Moving this ahead, we'll fix any breakage we find in the meantime but pushing these issues which cover entire files. Jim Pingle
10:25 AM Todo #13701: Replace direct config accesses for the rest of the paths in ``system_advanced_admin.inc``
Moving this ahead, we'll fix any breakage we find in the meantime but pushing these issues which cover entire files. Jim Pingle
10:22 AM pfSense Plus Bug #13455: Serial console output fails to render properly in certain cases on 4100, 6100, and 8200.
Looks like there is also an issue with the loader menu on here, option 8 for the boot environment list doesn't clear ... Jim Pingle
10:20 AM pfSense Plus Bug #13783 (Duplicate): Console (USB) doesn't show Boot Environments properly
The BE list is there it's just not drawn properly on your terminal for some reason. You can see see them and select t... Jim Pingle
06:07 AM pfSense Plus Bug #13783 (Duplicate): Console (USB) doesn't show Boot Environments properly
Had an issue with the latest beta for 23.01. That completely broke everything (I'll provide separate bug report on th... Jonas R

12/19/2022

07:21 PM pfSense Docs New Content #10311: Default net.link.ifqmaxlen value leads to packet loss under load in OpenVPN
Generally there's a decent chance that an issue has already been reported and/or resolved, hence it's good to search ... Marcos M
07:17 PM pfSense Docs New Content #10311: Default net.link.ifqmaxlen value leads to packet loss under load in OpenVPN
I have verified myself now on github master branch.
Looks like the code has been changed to no longer filter in lo... Chris Collins
07:06 PM pfSense Docs New Content #10311: Default net.link.ifqmaxlen value leads to packet loss under load in OpenVPN
Might be quicker if I show you the code, then you check if the code that restricts it is there, I m guessing you unab... Chris Collins
07:00 PM Revision c0d7519d: Fix more config access regressions in filter.inc. Fix #13754
Marcos M
05:28 PM Regression #13782 (Resolved): DHCP leases are not registered in Unbound
Enabling 'Register DHCP leases in the DNS Resolver' in the Unbound config no longer functions as expected.
The /va... Steve Wheeler
05:10 PM Regression #13781 (Resolved): DNS Forwarder: PHP error in ``services_dnsmasq_edit``
Trying to add a host override in a clean DNSmasq config throws a PHP error.
Using:... Steve Wheeler
04:58 PM pfSense Packages Bug #13780 (Rejected): pfBlockerNG v2.1.4_28 on 23.01b Alerts-page results in error
When looking at the Alerts page for pfblockerng. It results in a white page with the error pasted below.
Pfsense Plu... Jonas R
03:39 PM Regression #13747 (Pull Request Review): Captive Portal blocked MAC addresses are not blocked
This regression was introduced in 22.05. Fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/990
Previo... Marcos M
03:06 PM Regression #13747 (In Progress): Captive Portal blocked MAC addresses are not blocked
Marcos M
01:16 PM Regression #13747 (Confirmed): Captive Portal blocked MAC addresses are not blocked
This isn't a duplicate of #13742.
MAC addresses added as block entries are not blocked. Hosts are still redirected t... Steve Wheeler
03:31 PM pfSense Packages Bug #13775: Status Traffic Totals PHP error on dev snapshots w/PHP 8.1
Thanks for the quick fix - I’ll test it once it’s released tomorrow.
Out of curiosity, is it the same suite of pac... Ben Woods
02:37 PM pfSense Packages Bug #13775 (Feedback): Status Traffic Totals PHP error on dev snapshots w/PHP 8.1
Fix committed, will be tomorrow's snapshots.
https://github.com/pfsense/FreeBSD-ports/commit/3aaece2348795bfd36b81... Jim Pingle
10:38 AM pfSense Packages Bug #13775 (Resolved): Status Traffic Totals PHP error on dev snapshots w/PHP 8.1
Status Traffic Totals has a problem generating its interface list, and it appears to be from needing to be updated fo... Jim Pingle
03:01 PM Revision ce2fe058: Redo Unbound ACL action handling. Fixes #13767
Jim Pingle
03:00 PM pfSense Packages Bug #13774 (Feedback): PIMD Interfaces drop-down empty on dev snapshots w/PHP 8.1
Fix committed, will be in tomorrow's snapshot:
https://github.com/pfsense/FreeBSD-ports/commit/43ec955af978b16adbb... Jim Pingle
09:15 AM pfSense Packages Bug #13774: PIMD Interfaces drop-down empty on dev snapshots w/PHP 8.1
Marcos M wrote in #note-1:
> I'm able to add configuration for interfaces as normal.
If your config has OpenVPN c... Jim Pingle
09:11 AM pfSense Packages Bug #13774: PIMD Interfaces drop-down empty on dev snapshots w/PHP 8.1
I'm able to add configuration for interfaces as normal. Marcos M
08:37 AM pfSense Packages Bug #13774 (Resolved): PIMD Interfaces drop-down empty on dev snapshots w/PHP 8.1
The interfaces drop-down in PIMD has no content, and it appears to be from needing to be updated for PHP 8.1.
@pim... Jim Pingle
02:11 PM pfSense Packages Bug #13752 (Feedback): Avahi broken on PHP 8.1
Fix committed, will be in snapshots tomorrow.
https://github.com/pfsense/FreeBSD-ports/commit/1c8ad5a506aa5204833a... Jim Pingle
10:42 AM pfSense Packages Bug #13752: Avahi broken on PHP 8.1
There is a similar error when trying to run it as well, looking at the code it's the same use of old/deprecated array... Jim Pingle
02:05 PM Feature #13778: Changing a network port may not fully move all settings to the new interface
Yes, from the assignments page is where I was speaking of as well, but I meant you may have to save/apply on the rele... Jim Pingle
01:43 PM Feature #13778: Changing a network port may not fully move all settings to the new interface
I should of mentioned that I was doing this from (Interfaces --> assignments) page, is there another page I should be... Jon Brown
01:07 PM Feature #13778: Changing a network port may not fully move all settings to the new interface
It does work but you likely need to visit the interface page and save/apply to fully apply the settings, or (worst ca... Jim Pingle
12:41 PM Feature #13778 (New): Changing a network port may not fully move all settings to the new interface
I spent a bit of time trying to change the network port on the LAN interface and I found out that you cannot change t... Jon Brown
01:25 PM Regression #13754 (Feedback): DHCPv4 rules are not automatically created
Applied in changeset commit:c0d7519df5dc1632ba9f2791ab377bdc19f45105. Marcos M
01:01 PM Regression #13754 (Pull Request Review): DHCPv4 rules are not automatically created
When @filter_rules_generate()@ is called in this case, only enabled interfaces are parsed hence there's no need for a... Marcos M
10:22 AM Regression #13754 (New): DHCPv4 rules are not automatically created
Looks like these changes can cause a pf error if DHCP is enabled on an interface that is disabled. It's worth adding ... Jim Pingle
12:46 PM Feature #628: Ability to specify listen IP address of management services (SSH, web interface)
I just initiated an ticked asking for better GUI/SSH security. GUI/SSH should IMHO only listen to defined IP's and no... Louis B
12:42 PM pfSense Plus Regression #13779 (Resolved): SafeXcel support is built into the aarch64 kernel on snapshots instead of being a module
SafeXcel is selected in *System > Advanced* , *Miscellaneous* tab but dashboard system status shows SafeXcel present ... Jim Pingle
11:59 AM Feature #13777 (Rejected): Better security for FW-management
Most of these things are already possible with proper configuration, others there are already open feature requests f... Jim Pingle
11:57 AM Feature #13777 (Rejected): Better security for FW-management
IMHO pfSense should only be manageable via defined IP-addresses, and not via all GW-ddresses, like it is now.

You... Louis B
11:26 AM Bug #13776 (Resolved): Some functions fail if the Language does not exactly match an available Locale
Some languages are defined in the pfSense translations system without a location, such as French which is defined as ... Jim Pingle
11:20 AM Bug #12920 (Confirmed): Gateway behavior differs when the gateway does not exist in the configuration
Marcos M wrote:
> The gateway status and @dpinger@ behave differently when the respective gateway entry does not exi... Ryan Coleman
09:25 AM Regression #13767 (Feedback): Refuse Nonlocal action in DNS Resolver access list breaks configuration file
Applied in changeset commit:ce2fe0583fda6b38f70c78892d63945b40145867. Jim Pingle
09:03 AM Regression #13767: Refuse Nonlocal action in DNS Resolver access list breaks configuration file
Looks like when this code was changed for PHP 8.1 it was changed in a way that didn't match the original intent of wh... Jim Pingle
09:06 AM Bug #13573 (Feedback): DHCP Server generates an invalid configuration for static mappings when defining network booting and UEFI HTTPBoot URL
Jim Pingle
08:37 AM pfSense Packages Bug #12907: PIMD: Nonexistent interfaces should be hidden/disabled in pimd.conf before bringing up the service
Jordan Greene wrote in #note-5:
> pimd 0.0.3_5 on 23.01.b.20221217.1429 has bind to all/none and interface binding a... Jim Pingle
08:24 AM pfSense Packages Bug #13773 (Feedback): Include file of mail reports package changed path and filename but one file requiring it did not follow
Fix merged, will be in the package with the next new snapshot (likely tomorrow AM)
https://github.com/pfsense/Free... Jim Pingle
08:02 AM pfSense Packages Bug #13773 (Resolved): Include file of mail reports package changed path and filename but one file requiring it did not follow
In a recent change to update the mail reports package for PHP 8.1 the main include file for the package was moved and... Jim Pingle
07:55 AM pfSense Packages Bug #13763 (Not a Bug): Error starting TFTP with PHP 8.1
From a completely fresh install that never had TFTP before, after enabling the service I can start/stop it from the d... Jim Pingle
03:42 AM pfSense Packages Bug #13763: Error starting TFTP with PHP 8.1
See attached screenshot Mathew Hepple
03:23 AM pfSense Packages Bug #13763: Error starting TFTP with PHP 8.1
Hi All,
I have upgraded to the latest PFSense 23.01.b.20221217.1429 and found the same error. Unable to start the ... Mathew Hepple
12:24 AM pfSense Packages Bug #13763: Error starting TFTP with PHP 8.1
Tested on latest
23.01-BETA (amd64)
built on Sat Dec 17 14:33:51 UTC 2022
FreeBSD 14.0-CURRENT
I did update fr... aleksei prokofiev
07:29 AM Bug #13092: PPPoE WANs fail to reconnect after parameter negotiation failure
David G wrote in #note-15:
> According to the developers the issue has been fixed in mpd5-5.9_11 and later versions,... Jim Pingle
02:45 AM Bug #13092: PPPoE WANs fail to reconnect after parameter negotiation failure
According to the developers the issue has been fixed in mpd5-5.9_11 and later versions, therefore the above workaroun... David G
07:08 AM pfSense Plus Bug #13766 (Not a Bug): Various PHP warnings during first reboot after upgrading to 23.01 from 22.01 or 22.05
One-off PHP warnings during upgrade will always happen when we change PHP versions or have other major differences be... Jim Pingle

12/18/2022

01:25 PM pfSense Packages Feature #13575: Update to frr 9.0.1
Marcos M wrote:
> The current frr package version is 7.5.1_3 - frr 7.5.1 was released on 2021-03-07 https://github.c... Carlos Daniel Silva
11:58 AM Bug #9296 (Confirmed): Alias content is sometimes incomplete when an alias contains both FQDN and IP address entries
Another potentially related issue:
Editing an entry within an alias when that alias has been included within another ... Marcos M
08:48 AM Bug #9296: Alias content is sometimes incomplete when an alias contains both FQDN and IP address entries
I am testing https://snapshots.netgate.com/amd64/pfSense_master/installer/pfSense-CE-2.7.0-DEVELOPMENT-amd64-20221216... Alexey Ab
11:52 AM Bug #13772 (Confirmed): Changing the alias resolve interval to the default value does not take effect after saving.
Under @System / Advanced / Firewall & NAT@, if the @Aliases Hostnames Resolve Interval@ option is changed from a cust... Marcos M
11:10 AM pfSense Packages Bug #13771 (Resolved): Suricata tries to load invalid SID file
Tested on @6.0.8_2@, @pfSense-23.01.b.20221217.1429@.
After trying to start Suricata using inline mode, the follow... Marcos M
08:20 AM pfSense Packages Feature #13770 (New): Shellcmd package - Add Enable/Disable option
NB: there is no Shellcmd package option to choose from in Redmine
I think it is better to have an Enable/Disable o... Jon Brown
08:18 AM pfSense Packages Feature #13769 (New): Shellcmd Package - Add Copy Command
NB: there is no *Shellcmd* package option to choose from in Redmine
It would make things a little easier for me t... Jon Brown
08:12 AM Feature #13768 (New): Add Gatway Descriptions to the Gateways Widget
When you use this widget you can see the interface name and the IP address of the interface.
I would also like to ... Jon Brown
06:41 AM pfSense Packages Bug #10692: PIMD starts twice at boot
Running a pimd beta build on top of latest 2.7 pfSense build, Í just checked the general system log. Which does look ... Louis B
12:23 AM pfSense Packages Bug #10692: PIMD starts twice at boot
not seeing the previously noted behavior on 23.01.b.20221217.1429 w/ pimd 0.0.3_5
good so far! Jordan G
01:06 AM pfSense Packages Bug #12330: pfBlockerNG devel creating invalid NAT rules on boot
-similar behavior when restoring a backupconfig.xml that had pfBlockerNG-devel settings but the pfBlockerNG pkg doesn... Jordan G
12:56 AM pfSense Packages Bug #12907: PIMD: Nonexistent interfaces should be hidden/disabled in pimd.conf before bringing up the service
pimd 0.0.3_5 on 23.01.b.20221217.1429 has bind to all/none and interface binding always/never settings available but ... Jordan G

12/17/2022

07:52 PM pfSense Packages Bug #13738: Typo under Services/Snort/Interface Settings/WAN - Rules
Is the affected version correct for 21.05 or was this intended to be 22.05? Kris Phillips
07:48 PM pfSense Packages Bug #13763: Error starting TFTP with PHP 8.1
Tested on CE abc516d86cf14a85029e and was unable to reproduce this issue there. Seems to be a 23.01 only issue. Kris Phillips
06:27 PM Bug #13573: DHCP Server generates an invalid configuration for static mappings when defining network booting and UEFI HTTPBoot URL
I'm unable to reproduce this in pfSense Plus 23.01. Can you please test this on the latest development version to ve... Kris Phillips
06:02 PM pfSense Plus Regression #13743: Latest snapshot defaults to 22.05 branch selected which can pull that version's package information
Tested on Dec 17th builds and now the repo list is completely blank. Running "pkg update -f" shows normal results:
... Kris Phillips
05:48 PM Regression #13767: Refuse Nonlocal action in DNS Resolver access list breaks configuration file
I can confirm this behavior on pfSense Plus 23.01 as well. Service fails to start when "Refuse Nonlocal" is chosen i... Kris Phillips
02:56 PM Regression #13767: Refuse Nonlocal action in DNS Resolver access list breaks configuration file
In `/var/unbound/access_lists.conf`, the access list entry that is generated reads as follows:... Gerke Max Preussner
02:54 PM Regression #13767: Refuse Nonlocal action in DNS Resolver access list breaks configuration file
Full error message:... Gerke Max Preussner
02:53 PM Regression #13767 (Resolved): Refuse Nonlocal action in DNS Resolver access list breaks configuration file
2.7.0-DEVELOPMENT (amd64)
built on Fri Dec 16 06:05:53 UTC 2022
FreeBSD 14.0-CURRENT
After upgrading to the late... Gerke Max Preussner
09:12 AM Feature #12091: RFE: Add support for sssd authentication
Orion Poplawski wrote in #note-1:
> I was very disappointed to see that sssd disappeared from the pfSense repository.... Gabriel Zellmer

12/16/2022

06:22 PM pfSense Plus Bug #13766 (Closed): Various PHP warnings during first reboot after upgrading to 23.01 from 22.01 or 22.05
Some examples, but they're all easy to spot in the screen logs files despite their length.... Chris W
05:07 PM pfSense Packages Bug #13679 (Resolved): Error in pfBlockerNG Post Install Script
Tested version 3.1.0_15 on... Christopher Cope
05:05 PM Revision db6dd2d2: Don't load CSRF timeout from config. Fixes #13757
This allows us to reorder includes so that authgui.inc can load auth.inc first, which fixes several auth mechanisms t... Jim Pingle
03:12 PM Regression #13420: TCP traffic sourced from the firewall can only use the default gateway
The same test works as expected in 23.01:... Steve Wheeler
11:56 AM Bug #13525: Memory leak in PF when retrieving Ethernet rules
Updating subject for release notes. Jim Pingle
03:04 AM Bug #13525 (Feedback): Memory leak in PF when retrieving Ethernet rules
This is now in 23.01 and 2.7.
It needs feedback from someone who was hitting it previously. Steve Wheeler
11:55 AM Regression #13748: DHCP server "Disable Ping Check" option does not store value on save
Updating subject for release notes. Jim Pingle
11:55 AM Regression #13290: Error ``dummynet: bad switch 21!`` when using Captive Portal with Limiters
Updating subject for release notes. Jim Pingle
11:53 AM Bug #13148: Traffic passed by Captive Portal cannot use limiter queues on other rules
Updating subject for release notes. Jim Pingle
11:52 AM pfSense Plus Bug #11626: Google LDAP connections fail due to lack of SNI for TLS 1.3
Updating subject for release notes. Jim Pingle
11:15 AM Regression #13757 (Feedback): Circular dependency issue in ``auth.inc``/``authgui.inc``
Applied in changeset commit:db6dd2d2d288fdd64b9e741db0900c5eb15ba9fb. Jim Pingle
11:06 AM Bug #12920 (Resolved): Gateway behavior differs when the gateway does not exist in the configuration
Closing for lack of feedback either way here. I haven't noticed any gateway issues like this in a while and I've done... Jim Pingle
11:05 AM Regression #13459 (Resolved): Automatic ``reply-to`` bypass for traffic in the same subnet is no longer functioning in main builds
I haven't needed the manual rule to disable reply-to on WAN since this went in months ago. Seems OK to close to me.
 Jim Pingle
11:04 AM Bug #13317 (Resolved): ``array_filter`` PHP Errors in ``interfaces.inc``
Closing for lack of feedback either way here. Given the code involved if it was still a problem we'd have encountered... Jim Pingle
08:05 AM Bug #13445 (Resolved): ``easyrule`` CLI script has multiple bugs and undesirable behaviors
This all appears to be OK now. Can always make new issues if more problems pop up.
 Jim Pingle
08:04 AM Bug #13755 (Resolved): Multiple incorrect configuration paths in recent UPnP code changes
All working well on current snapshots:
* No trace of UPnP anchors/rules in ruleset when UPnP is disabled
* Enabli... Jim Pingle
07:57 AM Regression #13581 (Resolved): Empty Dynamic DNS entry causes PHP errors in various contexts
I can't reproduce any of the original errors on a current snapshot now. This appears to be resolved. Jim Pingle
07:55 AM Regression #11545 (Resolved): Primary interface address is not always used when VIPs are present
No feedback (positive or negative) and it's been in snapshots for quite some time now. Closing this now, but if anyon... Jim Pingle
07:54 AM Regression #13761 (Resolved): Gateway list is empty when editing static route entries
Gateway list has content again on current snapshots. Jim Pingle
07:32 AM pfSense Packages Regression #13697 (Resolved): pfBlockerNG alerts error on 2.7.0 devel and PHP 8.1
Those other errors were unrelated and were corrected a few snaps ago. Jim Pingle
07:29 AM Bug #13762 (Duplicate): Available Packages for 23.01 Not Displaying
This is likely either a duplicate of #13743 (fixed by picking the right update branch) or another known issue where i... Jim Pingle
03:47 AM Bug #13762 (Duplicate): Available Packages for 23.01 Not Displaying
Hi all,
I have upgrade to 23.01.b.20221216.0600 however when you go to
System > Packet Manager > Available Pac... Mathew Hepple
07:20 AM pfSense Packages Bug #13763: Error starting TFTP with PHP 8.1
Copying the error out of the attachment so it's easier to see:... Jim Pingle
03:50 AM pfSense Packages Bug #13763 (Not a Bug): Error starting TFTP with PHP 8.1
Hi all,
I have upgraded to 23.01.b.20221216.0600 and found that the package TFTP pfSense-pkg-tftpd upgraded: 0.1.3... Mathew Hepple
07:18 AM Bug #13764 (Not a Bug): DHCP Server config restore
There is likely a difference in interface layout between the two systems. The backup/restore function is intended for... Jim Pingle
06:09 AM Bug #13764 (Not a Bug): DHCP Server config restore
Need to transfer DHCP server config from one system to another
Done backup on original system.
After restore, confi... Ivaylo Velikov

12/15/2022

11:27 PM Revision 1e706214: Protect mem_usage() from doing arithmetic with empty sysctl values.
get_single_sysctl() may return an empty string in some conditions, there is no
guarantee that it returns an expected ... Reid Linnemann
04:20 PM Revision 616579c0: Remove trailing whitespace
Steve Wheeler
04:20 PM Revision 4049406a: Remove cxl from altq capable interfaces list
Steve Wheeler
02:27 PM Revision 8a9e2bfb: Some cleanups in system_routes.php
Christian McDonald
01:45 PM Revision e44e4bb8: Clean up some global access in system_routes_edit.php
Christian McDonald
01:33 PM Revision de0e9927: Fix gateway list for static routes. Fixes #13761
Jim Pingle
01:24 PM pfSense Packages Bug #13753: Gateway groups stop sending traffic if they contain wireguard tunnels
Today, Cox went down. In theory, the gateway group should have automatically switched over to starlink, and the wg_s2... Dan Tentler
12:51 PM Bug #12887: GUI does not reject an invalid OpenVPN tap mode configuration with an empty tunnel network "Bridge DHCP" disabled
Marcos M wrote in #note-7:
> > I shouldn't be required to send DHCP over the bridge
> From what I understand, if no... Yousif Hassan
08:45 AM Regression #13761: Gateway list is empty when editing static route entries
Jim Pingle wrote in #note-2:
> Applied in changeset commit:de0e99275b5275d1f5b2e477fcd0322aef5284c4.
Confirmed co... Ronald Schellberg
07:40 AM Regression #13761 (Feedback): Gateway list is empty when editing static route entries
Applied in changeset commit:de0e99275b5275d1f5b2e477fcd0322aef5284c4. Jim Pingle
07:12 AM Regression #13761 (Confirmed): Gateway list is empty when editing static route entries
I saw this last night but hadn't had a chance to make an issue for it yet. Since I can reproduce it here, I'll take a... Jim Pingle
12:27 AM Regression #13761 (Resolved): Gateway list is empty when editing static route entries
Completely blank drop-down for Gateway in ' System/Routing/Static Routes' page despite multiple gateways configured. ... RED SKULL
07:42 AM Bug #13756: Rules for authenticated Captive Portal users are not removed when a zone is disabled
Updating subject for release notes. Jim Pingle
07:11 AM Regression #13748 (Resolved): DHCP server "Disable Ping Check" option does not store value on save
Jim Pingle
02:55 AM Regression #13748: DHCP server "Disable Ping Check" option does not store value on save
Tested on
@23.01-DEVELOPMENT (amd64)
built on Wed Dec 14 06:05:14 UTC 2022
FreeBSD 14.0-CURRENT@
The "<disab... Lev Prokofev
04:08 AM Regression #13522: Minnowboard Turbot additions are no longer present
Tested on MBT-2220
2.7.0-DEVELOPMENT (amd64)
built on Tue Dec 15 06:07:19 UTC 2022
FreeBSD 14.0-CURRENT
No vi... Lev Prokofev
03:28 AM Bug #12926: Changing LAGG type on CARP interfaces makes VIPs go to an "init" State
Tested on 22.05.
I restored the same HA cluster on current 22.05 and got the same result - after changing LAGG typ... Azamat Khakimyanov
02:37 AM Bug #12926 (Confirmed): Changing LAGG type on CARP interfaces makes VIPs go to an "init" State
Tested on 22.01
I was able to reproduce this bug.
I've created HA cluster with LAGG interface on each node and 30... Azamat Khakimyanov
02:21 AM Bug #12747: Restarting the logging daemon during rotation also restarts ``sshguard``, leading to frequent log messages
I am having the same issue in 22.05. Netgate XG1541 van trung tran

12/14/2022

06:38 PM Revision 7cae10a3: Revert "Correct includes/load order in guiconfig.inc. Fixes #13757"
This reverts commit 2a24c162e0a8e69d176c54b5a7be09b23cb233f8. Jim Pingle
06:23 PM Revision 2a24c162: Correct includes/load order in guiconfig.inc. Fixes #13757
The recent change here ended up loading some things out of order. Jim Pingle
04:49 PM Revision e3d247ec: Another DDNS empty entry fix. Fixes #13581
Jim Pingle
04:45 PM Revision 00d3003d: Improve handling of empty DDNS entries. Fixes #13581
Jim Pingle
04:35 PM Revision 2067a034: Revert "Add shells/zsh to poudriere_bulk"
This reverts commit a360b261b33663b062b20ec15f3f7b5082e6e2bd.
This requires man(1) which we do not have so revert th... Brad Davis
03:33 PM pfSense Docs Todo #13760 (Rejected): Feedback on Development — Executing Commands at Boot
*Page:* https://docs.netgate.com/pfsense/en/latest/development/boot-commands.html
*Feedback:*
This page does no... Jon Brown
03:29 PM Regression #13757: Circular dependency issue in ``auth.inc``/``authgui.inc``
Draft MR: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/984
At the moment the least disruptive way t... Jim Pingle
01:58 PM Regression #13757 (In Progress): Circular dependency issue in ``auth.inc``/``authgui.inc``
That fix attempt ended up not incomplete, it could break CSRF in certain cases.
Still experimenting and checking i... Jim Pingle
12:30 PM Regression #13757 (Feedback): Circular dependency issue in ``auth.inc``/``authgui.inc``
Applied in changeset commit:2a24c162e0a8e69d176c54b5a7be09b23cb233f8. Jim Pingle
12:26 PM Regression #13757: Circular dependency issue in ``auth.inc``/``authgui.inc``
Looks like this may have broken in commit:746f30e3ce1ff39c226a73bf87c86dd370ef239c with the added includes changing t... Jim Pingle
11:49 AM Regression #13757 (Resolved): Circular dependency issue in ``auth.inc``/``authgui.inc``
Some parts of @auth.inc@ use a check for a function before doing some GUI-specific checks:... Jim Pingle
02:58 PM Feature #13758: OpenVPN service names inconsistent - Hard to get OpenVPN ID for CLi
While there is definitely room for improvement here, you can get the OpenVPN ID by editing an instance directly. It's... Jim Pingle
02:24 PM Feature #13758 (New): OpenVPN service names inconsistent - Hard to get OpenVPN ID for CLi
h1. Background
This came about because I am creating a command to be run by Shellcmd to disable an OpenVPN service... Jon Brown
02:48 PM Revision a360b261: Add shells/zsh to poudriere_bulk
Christian McDonald
02:44 PM Feature #13759 (New): Ability to disable services on boot up
h1. The feature
I would like the ability to prevent selected services from being enabled during bootup.
h1. Why... Jon Brown
02:05 PM Revision 374dd9fe: UPnP rule/service cleanup. Fixes #13755
* Fix several incorrect config paths/tests
* Fix UPnP local interface automatic rule to pass traffic into UPnP
itse... Jim Pingle
11:36 AM Regression #13754 (Resolved): DHCPv4 rules are not automatically created
Chris W
11:36 AM Regression #13754: DHCPv4 rules are not automatically created
Looks good. This is present in Firewall-Generated Ruleset.txt:... Chris W
07:25 AM Regression #13754 (Feedback): DHCPv4 rules are not automatically created
Applied in changeset commit:46c9508efb21a8c809dda5b1cc47a4218399a04f. Marcos M
11:24 AM Regression #13581: Empty Dynamic DNS entry causes PHP errors in various contexts
Jim Pingle wrote in #note-16:
> There is a second commit for the widget, commit:e3d247ec
Fixes my issues with #13... Ronald Schellberg
11:17 AM Regression #13581: Empty Dynamic DNS entry causes PHP errors in various contexts
There is a second commit for the widget, commit:e3d247ec Jim Pingle
11:08 AM Regression #13581: Empty Dynamic DNS entry causes PHP errors in various contexts
Jim Pingle wrote in #note-13:
> I found several places that can trigger errors the same way between traditional DynD... Ronald Schellberg
10:55 AM Regression #13581 (Feedback): Empty Dynamic DNS entry causes PHP errors in various contexts
Applied in changeset commit:00d3003d9aad824e4d51dd908c234ffebd5a3516. Jim Pingle
10:24 AM Regression #13581 (In Progress): Empty Dynamic DNS entry causes PHP errors in various contexts
OK I can reproduce these errors but only with an empty entry in the configuration, such as:... Jim Pingle
11:23 AM Bug #13756: Rules for authenticated Captive Portal users are not removed when a zone is disabled
Tested:... Steve Wheeler
11:22 AM Bug #13756 (Resolved): Rules for authenticated Captive Portal users are not removed when a zone is disabled
Users that have been authenticated by the captive portal are added as ether pass rules to the 'cpzoneid_X_auth' ancho... Steve Wheeler
08:25 AM Bug #13755 (Feedback): Multiple incorrect configuration paths in recent UPnP code changes
Applied in changeset commit:374dd9fe6a456d09cb41515b913396ac0992467d. Jim Pingle
08:05 AM Bug #13755: Multiple incorrect configuration paths in recent UPnP code changes
I spotted another incorrect configuration path usage in there as well as I was testing. Commit coming shortly.
 Jim Pingle
07:26 AM Bug #13755: Multiple incorrect configuration paths in recent UPnP code changes
There is at least one other place using the same incorrect test for upnp being enabled, and I'd prefer a slightly dif... Jim Pingle
03:53 AM Bug #13014: Deadlock in Charon VICI interface
Jim Pingle wrote in #note-21:
> It didn't get pushed back to the next version, there won't be a 22.11 as there is sti... james greenhill
03:42 AM Revision 46c9508e: Fix config access regressions in filter.inc. Fix #13754
Marcos M
12:55 AM pfSense Packages Feature #10818: UDP Broadcast Relay
The underlying package (https://github.com/marjohn56/udpbroadcastrelay) does not support IPv6 (https://github.com/mar... Djon K

12/13/2022

10:38 PM Regression #13635 (Resolved): Interface speed and duplex selection defaults to non-default option
Marcos M
10:13 PM Feature #385 (In Progress): Allow the use of Captive Portal to restrict services on the firewall itself.
Marcos M
10:11 PM Bug #13215 (Incomplete): Allowed MAC/IP/Hostname traffic counts for authorized users
Marcos M
10:01 PM Regression #13754 (Pull Request Review): DHCPv4 rules are not automatically created
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/980 Marcos M
08:36 PM Regression #13754 (Resolved): DHCPv4 rules are not automatically created
Tested on @23.01.a.20221213.1812@.
With DHCPv4 Server enabled, rules allowing DHCP traffic are not automatically c... Marcos M
09:59 PM Bug #13755 (Pull Request Review): Multiple incorrect configuration paths in recent UPnP code changes
Marcos M
09:58 PM Bug #13755: Multiple incorrect configuration paths in recent UPnP code changes
The miniupnp auto rule has been broken since the code was committed due to the invalid config path access, and due to... Marcos M
09:55 PM Bug #13755 (Resolved): Multiple incorrect configuration paths in recent UPnP code changes
The automatic rule @pass multicast traffic to miniupnpd@ is never created. Marcos M
09:39 PM Revision 30196510: Fix direct config accesses in unbound for php81
Christian McDonald
09:02 PM Regression #13581: Empty Dynamic DNS entry causes PHP errors in various contexts
Jim Pingle wrote in #note-11:
> Do you maybe have a blank entry under the RFC2136 tab for dynamic DNS? If so, delete ... Ronald Schellberg
12:33 PM Regression #13581: Empty Dynamic DNS entry causes PHP errors in various contexts
Do you maybe have a blank entry under the RFC2136 tab for dynamic DNS? If so, delete it.
That's about the only way I... Jim Pingle
06:48 PM Revision 503e7e8c: Fix DHCP server ping check option. Fixes #13748
Jim Pingle
03:08 PM pfSense Packages Bug #13753 (New): Gateway groups stop sending traffic if they contain wireguard tunnels
I have a dual-isp setup running on an xg7100. Cox and Starlink. I have been able to configure two wireguard tunnels, ... Dan Tentler
12:55 PM Regression #13748 (Feedback): DHCP server "Disable Ping Check" option does not store value on save
Applied in changeset commit:503e7e8cfde3127068b2c5aaef6ccc01e80036d4. Jim Pingle
12:45 PM pfSense Packages Bug #13752 (Resolved): Avahi broken on PHP 8.1
Clea install of 23.01.a.20221213.0600.
Installed avahi from packages.
Click on Services > Avahi... Erik Osterholm
10:53 AM Feature #13751 (New): Add language to IPsec configuration for disabled ciphers
Apparently it is confusing to users to have inapplicable hash methods disabled in the IPsec configuration pages.
A... Chris Linstruth
07:31 AM Bug #13436 (Resolved): Input validation on ``system_advanced_firewall.inc`` uses incorrect variable references for some fields
This issue was specifically about the variable names being incorrect which was causing the validation to be non-funct... Jim Pingle
07:27 AM Bug #13436 (In Progress): Input validation on ``system_advanced_firewall.inc`` uses incorrect variable references for some fields
Should this be in Feedback, Resolved, or is there more work to be done based on the last feedback? Chris Linstruth
07:18 AM Regression #13614 (Resolved): Cannot Edit Firewall Rules - 2.7.0-DEVELOPMENT (amd64) built on Mon Oct 31 06:05:27 UTC 2022
Jim Pingle
05:34 AM Regression #13614: Cannot Edit Firewall Rules - 2.7.0-DEVELOPMENT (amd64) built on Mon Oct 31 06:05:27 UTC 2022
no more errors. Good to close out RED SKULL
06:44 AM Regression #13739 (Resolved): Interfaces without a configured name appear as lowercase
This looks good in todays snap.
Tested:... Steve Wheeler
05:29 AM pfSense Docs Correction #13750 (Resolved): "Using Software from FreeBSD"
The topic "Using Software from FreeBSD" is missing information.
The text says to modify the file */usr/local/etc/p... Michel Pereira

12/12/2022

09:46 PM Bug #7553 (Resolved): Captive portal on a parent interface blocks traffic on VLAN interfaces too
Tested on latest 23.01 snap - this is no longer an issue. Marcos M
09:42 PM Bug #12467 (Resolved): CP error on client disconnect after reboot
Tested on latest snap - I'm not seeing this error in any logs, nor the extra files. Marcos M
09:35 PM Bug #12730 (Resolved): RADIUS accounting does not work if WAN is down
Marcos M
09:28 PM Bug #13148 (Resolved): Traffic passed by Captive Portal cannot use limiter queues on other rules
Tested on latest snap - this is indeed fixed. Marcos M
09:11 PM Bug #13215 (New): Allowed MAC/IP/Hostname traffic counts for authorized users
These needs further testing/explanation.
If the issue is that rules under @cpzoneid_2_allowedhosts@ will have thei... Marcos M
09:09 PM Bug #13014: Deadlock in Charon VICI interface
I have some 40+ spoke firewalls with new ones deploying weekly. Each FW is initiating 3 IPSec VPNs.
While the VPN is... Roman Kazmierczak
08:26 PM Bug #13226: Disconnecting a user from Captive Portal may allow previously established connections to continue
The root issue here is actually #11556. When @pfSense_kill_states()@ is called, the state on WAN using NAT will remai... Marcos M
06:50 PM Regression #13290 (Resolved): Error ``dummynet: bad switch 21!`` when using Captive Portal with Limiters
Marcos M
06:41 PM Bug #13475 (Duplicate): Captive Portal per-user limiters malfunction
Marcos M
06:36 PM Bug #13477 (Resolved): Captive Portal disconnecting a single user stops all traffic.
Tested latest snap. This is no longer a problem after the fix in the related issue #13488. Marcos M
06:13 PM Regression #13490 (Not a Bug): blocking mac addresses in captive portal
As mentioned, more info would be needed for 22.05 to be considered a bug. Note that even after the MAC rule has been ... Marcos M
06:09 PM Bug #13736 (Not a Bug): Captive Portal service restart needed after MAC bypass
Marcos M
06:08 PM Bug #13742 (Not a Bug): Captive Portal MAC bypass - pf rules are not enforced
I was unable to reproduce the reported issue on the latest snap - the client with the bypass MAC correctly bypasses R... Marcos M
05:14 PM Regression #13418 (Pull Request Review): Captive Portal does not keep track of client data usage
Marcos M
01:41 PM Regression #13418 (In Progress): Captive Portal does not keep track of client data usage
Thank you for testing - there looks to be a type casting issue in php-pfSense-module.
https://gitlab.netgate.com/pfSe... Marcos M
01:32 PM Regression #13418: Captive Portal does not keep track of client data usage
Counters still zero... Chris Linstruth
03:37 PM Regression #13749 (Resolved): RADIUS auth using CHAP does not work
Tested the patch - I am now able to authenticate using MSCHAPv2! Marcos M
02:38 PM Regression #13749 (Feedback): RADIUS auth using CHAP does not work
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/commit/5601fb0b0bb0c733aece989bd8a71882c1fd9118
Should be fixed... Christian McDonald
12:58 PM Regression #13749 (Resolved): RADIUS auth using CHAP does not work
In 23.01, PAP works but CHAP protocols (e.g. MSCHAPv2) do not when authenticating with a RADIUS backend.
The error... Marcos M
02:51 PM Bug #13716: CVE-2022-23093 / FreeBSD-SA-22:15.ping
Further "clarification from FreeBSD":http://docs.freebsd.org/cgi/mid.cgi?CAPyFy2AMKEorH6v2VLG_g0UOyZdcpXb0YjZbc+-0=-d... Jim Pingle
02:09 PM Revision 8fec79ad: Restore default interface media selection. Fix #13635
Marcos M
02:08 PM Revision 5c7cda13: Restore default description behavior. Fix #13739
Marcos M
02:00 PM Feature #2676: Reply-to option in firewall rule
Upvote for this request.
We have a rare scenario that requires this reply-to been added to some of the firewall rule... Billy Yao
01:12 PM pfSense Plus Regression #13741: Update message interpreted as the available version
Yes, the message error affects any device that receives it. Not limited to aarch64.... Steve Wheeler
08:20 AM Regression #13635 (Feedback): Interface speed and duplex selection defaults to non-default option
Applied in changeset commit:8fec79ad597ff0d25674c249594fe2043817fb56. Marcos M
08:15 AM Regression #13739 (Feedback): Interfaces without a configured name appear as lowercase
Applied in changeset commit:5c7cda134dbcffe3ff4a2387b6d8a83fc9d03aa3. Marcos M
08:14 AM Regression #13747 (Duplicate): Captive Portal blocked MAC addresses are not blocked
Appears to be a duplicate of #13742 Jim Pingle
01:21 AM Regression #13747 (Resolved): Captive Portal blocked MAC addresses are not blocked
See here https://forum.netgate.com/topic/176356/captive-portal-bypass-issue/13
This test : https://github.com/pfse... Gertjan KROEB
08:04 AM Regression #13744 (Resolved): Debug output shown on dashboard
Jim Pingle
07:51 AM Regression #13744: Debug output shown on dashboard
I can confirm that this is fixed with:
2.7.0-DEVELOPMENT (amd64)
built on Mon Dec 12 06:07:23 UTC 2022
FreeBSD 1... RED SKULL
08:03 AM pfSense Plus Regression #13726 (Resolved): pkg-utils.inc error at first boot
Jim Pingle
07:49 AM Regression #13581: Empty Dynamic DNS entry causes PHP errors in various contexts
Traffic graphs are still working but saw this error after updating this AM:
PHP ERROR: Type: 1, File: /etc/inc/auth.... TyphooN .
07:36 AM pfSense Plus Bug #11626 (Feedback): Google LDAP connections fail due to lack of SNI for TLS 1.3
Jim Pingle
07:35 AM pfSense Packages Bug #13730 (Resolved): Suricata fails to download Emerging Threats rule archive due to a behavior change in a native PHP function in PHP 8.1
Jim Pingle
07:35 AM pfSense Plus Regression #13724 (Resolved): pfSense-upgrade breaks the pkg repo conf
Jim Pingle
07:32 AM pfSense Plus Feature #13649 (Resolved): Support for ChaCha20-Poly1305 and AES-128-GCM encryption with OpenVPN DCO
Jim Pingle
07:32 AM Bug #12645 (Resolved): ``filterdns`` does not monitor remote IPsec gateways for IPv6 address changes
The filterdns part is likely OK then. IIRC there may be an open issue for that other quirk already, it seems familiar... Jim Pingle
06:33 AM Regression #13748 (Resolved): DHCP server "Disable Ping Check" option does not store value on save
Tested on 22.05 and latest 23.01-DEV
When 'Disable Ping Check' option checked and "Save' button pressed, system sh... Azamat Khakimyanov
 

Also available in: Atom