Activity

30 days up to

User

Subprojects

Activity

From 12/24/2022 to 01/22/2023

01/22/2023

11:59 PM Bug #13859: Wireguard peer doesn't connect on reboot: I tested on the latest 23.01-BETA and Wireguard 0.1.6_3
23.01-BETA (amd64)
built on Fri Jan 06 06:04:43 UTC 2023
F... aleksei prokofiev
06:43 PM pfSense Packages Bug #13874: pfBlocker -devel hanging on cron jobs: I am seeing this on 3.1.0_19 Michael Kellogg
05:29 PM Bug #13652: Inconsistent behavior filtering ICMP traffic: It's not listed there because the VIP address doesn't actually reach pfSense in my test, only the primary interface a... Marcos M
04:28 PM Bug #13652: Inconsistent behavior filtering ICMP traffic: Hello Marcos,
I don't know how you specified the hosts range in the Qualys scanner.
In the log you provided, we... Serge Caron
04:14 PM Bug #13652 (Not a Bug): Inconsistent behavior filtering ICMP traffic: I could not replicate this either on 23.01 using Qualys with the following scan options:
* All ICMP QIDs selected (in... Marcos M
10:24 AM Bug #12747: Restarting the logging daemon during rotation also restarts ``sshguard``, leading to frequent log messages: I am Still seeing this on 2.7 built on Fri Jan 20 03:01:02 UTC 2023
seems like every 5-10 minutes not a pattern i... Michael Kellogg

01/21/2023

08:10 PM pfSense Packages Bug #13432 (Incomplete): ups driver will not start: I'm still unable to reproduce this problem with a fresh install of 23.01 and the latest NUT package. At this point I... Kris Phillips
07:59 PM pfSense Packages Bug #13873 (Closed): PHP Errors on FRR Global Settings: No longer able to recreate this. Not sure what caused it before, but I was testing on a fresh install of 23.01 and o... Kris Phillips
07:29 PM pfSense Packages Todo #13857 (Resolved): Update bundled installer in OpenVPN Export Utility: They are there on internal 23.01 RC snaps.... Jim Pingle
06:44 PM pfSense Packages Todo #13857: Update bundled installer in OpenVPN Export Utility: Checked on 22.05 and it appears these were merged properly. However, looking at the repos for 23.01, which is on a n... Kris Phillips
06:37 PM pfSense Packages Bug #13877: IPsec Profile Wizard/Windows: IKEv2 VPN using GCM configured by the generated script fails to connect with "The IPsec cipher transform is not compatible with the policy": Redmine 13368 may be related, as it's in a similar vein: https://redmine.pfsense.org/issues/13368
Kris Phillips
06:33 PM pfSense Packages Bug #13886: NUT Server Package: # Installed NUT package on 23.01
# Setup usbhid with a simple UPS config and enabled the service with Local USB
# S... Kris Phillips
06:07 PM pfSense Plus Bug #13434 (Closed): Upgrade from 2.4.4. to 22.0x results in LAN traffic intermittently dropped for OpenVPN clients: I'm closing this. We've not been able to replicate it, we've not seen it with other customers, and with 23.01 around ... Chris W
01:42 PM pfSense Plus Regression #13816 (Resolved): Shutting down an 1100 running 23.01 results in an error. Unsure if operating system has halted.: Not seeing this behavior anymore on the latest build. The 1100 shuts down normally both from GUI and USB console.
23... Chris W
12:29 PM pfSense Packages Feature #13361: Add Zabbix 6.2 (agent and proxy) packages: Based on a project spanning multiple clients / locations / firewalls, I can certify that this is still true in CE 2.6... Jonathan Edman
12:28 PM pfSense Packages Feature #13361: Add Zabbix 6.2 (agent and proxy) packages: Hannes Palmquist wrote in #note-11:
> +1
>
> Agent 6.2 install does not work, same error.
Based on a project s... Jonathan Edman
10:46 AM pfSense Packages Bug #13874: pfBlocker -devel hanging on cron jobs: Lev Prokofev wrote in #note-7:
> It is still here, unfortunately.
I mean the issue was occurred after I update th... Lev Prokofev
10:45 AM pfSense Packages Bug #13874: pfBlocker -devel hanging on cron jobs: It is still here, unfortunately. Lev Prokofev
10:30 AM pfSense Packages Bug #13874: pfBlocker -devel hanging on cron jobs: Lev Prokofev wrote in #note-5:
> I can confirm this behavior on 22.05 after updating the pfBlocker package to v3.1.0... Jim Pingle
05:03 AM pfSense Packages Bug #13874: pfBlocker -devel hanging on cron jobs: I can confirm this behavior on 22.05 after updating the pfBlocker package to v3.1.0_16 Lev Prokofev
06:02 AM Feature #13868: Allow packet capture on unassigned interfaces: I tested the commit da2879b467746b43c8b8687700b6d7f34d4fd302 against the 22.05 release.
I was able to capture on u... Danilo Zrenjanin
03:15 AM pfSense Packages Bug #13328: Wireguard Site-to-Site broken after upgrade to 22.05: Still the same issue
PPPOE connection might be the problem.
I found more poeple with the same problem.
Tested... Sebastian Schmid

01/20/2023

08:16 PM Feature #12070: Support for VLAN ``0``: Christopher Cope wrote in #note-7:
> Tested on
> [...]
>
> Working successfully with AT&T on my edge without the... Matt Johnson
11:30 AM Bug #13891 (Duplicate): PHP Error when deleting an active OpenVPN conenction: Duplicate of #12817
There is already a fix for that in the recommended patches area of the "System Patches packag... Jim Pingle
11:17 AM Bug #13891 (Duplicate): PHP Error when deleting an active OpenVPN conenction: When trying to disconnect a user's VPN connection, (screenshot) the user remains connected and the attached PHP error... Brian Dubreuil
10:49 AM Feature #13682: Automatically indicate a packet capture has stopped when count limit is reached: I tested the commit da2879b467746b43c8b8687700b6d7f34d4fd302 against the 22.05 release.
It does show the packets ... Danilo Zrenjanin
10:02 AM Todo #13867 (Resolved): Update Unbound to use Python 3.11 instead of Python 3.9: Copying some relevant portions of my notes here from #13866
Unbound is linked against 3.11 as expected:... Jim Pingle
10:01 AM Todo #13866 (Resolved): Add Python 3.11.1 to base system: Both versions are present on 23.01 snapshots... Jim Pingle
09:57 AM Todo #13865 (Resolved): Update Python 3.9.15 to 3.9.16 in base system: New version is present on snapshots.... Jim Pingle
09:40 AM Bug #10624: Memory leak in Unbound with Python module and DHCP lease registration active: Even more improvements were realized https://github.com/pfsense/FreeBSD-ports/commit/2585ff63a67594c3530a2bc111c5544e... Christian McDonald
07:33 AM Regression #13890 (Resolved): Captive Portal Voucher Rolls Status "Fatal error": Thanks for testing!
The same is true here as well. I could crash multiple lab systems before the fix, and after th... Jim Pingle
04:58 AM Regression #13890: Captive Portal Voucher Rolls Status "Fatal error": I updated today to most recent version *2.7.0.a.20230120.0255* and confirm that Voucher Rolls status is working perfe... Muhammad Waseem Ul Haq
07:31 AM Bug #13723 (Confirmed): dpinger doesn't renew Gateway Monitoring IP address for IPsec VTi after changing IPsec VTi subnet: I can confirm this behavior on the 22.05 and 23.01 Beta versions.
I tried to remove the VTI interfaces before cha... Danilo Zrenjanin
07:22 AM Bug #13525 (Resolved): Memory leak in PF when retrieving Ethernet rules: That seems like enough to call this resolved for now -- we can always revisit it if needed.
Unrelated to this issu... Jim Pingle
01:07 AM Bug #13525: Memory leak in PF when retrieving Ethernet rules: updated the system to 23.01 beta on sunday 15th
4 days later i can not notice any significant memory leak. wired memo... jeroen van breedam
05:52 AM Bug #13652: Inconsistent behavior filtering ICMP traffic: Please find attached the packet capture reduced down to just ICMP traffic. The associated firewall rule is:... Infra Weavers
04:23 AM Bug #13652: Inconsistent behavior filtering ICMP traffic: We have also been unable to reproduce this without the Qualys scanner; literally every other tool we have used has re... Infra Weavers

01/19/2023

08:44 PM Revision ef353af0: Remove unnecessary count param. Fixes #13890: Jim Pingle
08:09 PM Bug #13652: Inconsistent behavior filtering ICMP traffic: Hello Steve,
I have not been able to replicate this with any other tool.
You have a PCAP file attached to this ... Serge Caron
07:02 PM Bug #13652: Inconsistent behavior filtering ICMP traffic: Have you been able to replicate this without using the Qualys Scanner?
Rules all work as expected for various ICMP... Steve Wheeler
02:55 PM Regression #13890 (Feedback): Captive Portal Voucher Rolls Status "Fatal error": Applied in changeset commit:ef353af0b40a98d4ce0ee2638206f10ac67e212b. Jim Pingle
02:47 PM Regression #13890: Captive Portal Voucher Rolls Status "Fatal error": For some reason that page has always unnecessarily passed a second parameter to @count()@ there and on old versions o... Jim Pingle
02:44 PM Regression #13890 (In Progress): Captive Portal Voucher Rolls Status "Fatal error": Jim Pingle
02:18 PM Regression #13890 (Confirmed): Captive Portal Voucher Rolls Status "Fatal error": Jim Pingle
02:16 PM Regression #13890 (Resolved): Captive Portal Voucher Rolls Status "Fatal error": When enabled & Created Vouchers under Captive Portal, *Status* -----> *Captive Portal* -----> *Voucher Rolls* not sho... Muhammad Waseem Ul Haq
11:59 AM pfSense Docs Correction #13885 (Resolved): Feedback on Routing — Gateway Settings - Advanced Gateway Settings: Updated and deployed. Jim Pingle
08:03 AM pfSense Docs Correction #13885: Feedback on Routing — Gateway Settings - Advanced Gateway Settings: You are correct, the default was 0 but changed to 1.
It had been 0 for a long time, and we added the GUI field (de... Jim Pingle
04:47 AM pfSense Docs Correction #13885 (Resolved): Feedback on Routing — Gateway Settings - Advanced Gateway Settings: *Page:* https://docs.netgate.com/pfsense/en/latest/routing/gateway-configure.html
*Feedback:* It seems in version ... Brandon Brand
10:05 AM Bug #13889 (Rejected): Dynamic DNS update stay locked somewhere: You appear to be testing this on a non-dev version, and the Dynamic DNS code has had quite a few bugs fixed since the... Jim Pingle
09:51 AM Bug #13889 (Rejected): Dynamic DNS update stay locked somewhere: Dynamic DNS are configured like this:... Yann Papouin
09:57 AM Bug #13888 (Not a Bug): ipsec tunnel interfaces not listed in SNMP IF-MIB on pfSense Plus: There is no bug or missing data here, it's a difference in your setup between the two.
IPsec tunnels using VTI mod... Jim Pingle
09:18 AM Bug #13888 (Not a Bug): ipsec tunnel interfaces not listed in SNMP IF-MIB on pfSense Plus: We run pfsense in several locations, primarily using pfSense Plus in AWS. We're monitoring our environment using SNMP... Jonas Andén
09:17 AM Bug #13887 (New): General protection fault in key_freesp(): ... Christopher Cope
07:47 AM pfSense Packages Bug #12705: IPsec Profile Wizard/Apple: IKEv2 VPN with ECDSA server certificate does not connect using generated profile: Alex Sensation wrote in #note-10:
> I noticed that you created a separated ticket for the Apple profile and ECDSA ce... Jim Pingle
07:17 AM pfSense Packages Bug #12705: IPsec Profile Wizard/Apple: IKEv2 VPN with ECDSA server certificate does not connect using generated profile: Apologies for the delay and the resurrection.
I have now tested my ECDSA cert with Windows 10 and it worked flawle... Alex Sensation
07:42 AM pfSense Packages Bug #13873: PHP Errors on FRR Global Settings: I can't reproduce it either, even from a clean install that has never had FRR before, but I can see why it might happ... Jim Pingle
06:52 AM pfSense Packages Bug #13873: PHP Errors on FRR Global Settings: I couldn't reproduce this behavior on 22.05 or 23.01-RC.... Danilo Zrenjanin
07:37 AM pfSense Packages Bug #13886 (Incomplete): NUT Server Package: There isn't nearly enough information here and this site is not for support or diagnostic discussion.
For assistan... Jim Pingle
06:02 AM pfSense Packages Bug #13886 (Closed): NUT Server Package: NUT server package (2.8.0_2) wont load in 23.01 Beta Anonymous

01/18/2023

12:59 PM pfSense Packages Regression #13884 (Resolved): pfBlockerNG DNSBL TLD option causes reloads to take a long time: Enabling the DNSBL option @Wildcard Blocking (TLD)@ causes DNSBL reloads to take an extremely long time:... Marcos M
12:09 PM Bug #13883 (Resolved): UDP checksum errors with ``ixgbe`` interfaces: It appears there is an errata on the Intel 82559 NIC's that causes issues related to IPv4 UDP frames with zero checks... Glenn Hall
07:16 AM pfSense Plus Bug #13882: 22.05 to 23.01 - PHP_errors.log: Hello,
Sorry to have taken time. I wasn't asking questions for help.
And sorry (again) I was talking about "pfB... Steph Swiss
07:10 AM pfSense Plus Bug #13882 (Rejected): 22.05 to 23.01 - PHP_errors.log: This site is not for support or diagnostic discussion, and there isn't nearly enough detail here. Also, each Redmine ... Jim Pingle
06:05 AM pfSense Plus Bug #13882: 22.05 to 23.01 - PHP_errors.log: SORRY !
We are on January 18, 2023, I tried to switch from my version 22.05 which works perfectly to the 23.01 beta... Steph Swiss
05:09 AM pfSense Plus Bug #13882 (Rejected): 22.05 to 23.01 - PHP_errors.log: It's January 18, 2023, I tried to upgrade from my perfectly working version 22.05 to the 23.01 beta du 6 janvier qui ... Steph Swiss

01/17/2023

04:31 PM Bug #13707: Unbound not binding to LAN on startup when explicitly set: Hi,
I have the same problem but with OpenVPN interfaces, as described here https://forum.netgate.com/topic/176155/un... robotox sysadmin
04:09 PM Bug #13881 (New): Status / System logs / Settings GUI issue: When changing the "GUI Log Entries" field in Status / System logs / Settings and then hit the Enter key this activate... Job Cacka
01:53 PM pfSense Packages Todo #13880: security/tailscale: update to 1.34.2_1: Also bump security/pfSense-pkg-Tailscale PORTREVISION to signal GUI for package upgrade. Christian McDonald
01:53 PM pfSense Packages Todo #13880 (Closed): security/tailscale: update to 1.34.2_1: Christian McDonald
10:21 AM Regression #13861 (Resolved): Configuration history restores revision no matter which option is clicked in confirmation dialog: Behaves correctly on current snapshots.
Jim Pingle
10:20 AM Regression #13876 (Resolved): PHP error on diag_backup.php with no packages installed: I was able to find a system that could reproduce the problem before this patch went in. After updating, I can no long... Jim Pingle
10:10 AM pfSense Docs Todo #13854 (Closed): Feedback on Backup and Recovery — ZFS Boot Environments (Plus Only) — Managing Boot Environments in the GUI: Actually I was wrong on that last comment. I ran some tests here and stepping back to a boot environment did revert t... Jim Pingle

01/16/2023

11:38 PM pfSense Packages Bug #13879: Squid blacklist definition causing issues.: Will be a good option to have those on the GUI and the user decide if they want to use regular expression or plain te... Peter Moreno
08:25 PM pfSense Packages Bug #13879 (Not a Bug): Squid blacklist definition causing issues.: This is not a bug. It expects regular expressions, not plain strings.
If that works better for you, you can make t... Jim Pingle
07:22 PM pfSense Packages Bug #13879: Squid blacklist definition causing issues.: I have change squid.inc
$options = array(
'unrestricted_hosts' => 'src',
'banned... Peter Moreno
07:11 PM pfSense Packages Bug #13879 (Not a Bug): Squid blacklist definition causing issues.: Hello.
Working with pfsense 2.7-dev for some months and is going solid, excellent work team.
Now I face a issue t... Peter Moreno
03:56 PM pfSense Packages Bug #9934 (Closed): suricata update kills WAN interface: Interfaces are now reloaded live without bringing down the interface. Marcos M
03:54 PM pfSense Packages Bug #10292 (Not a Bug): Suricata not respecting SID Mgmt list: Marcos M
03:54 PM pfSense Packages Feature #10472 (Resolved): Blocked host alert table break out by timestamp and type to allow sorting by date: This is possible in the latest version. Marcos M
03:52 PM pfSense Packages Bug #11780 (Rejected): Suricata package fails to prune suricata.log: Marcos M
03:45 PM pfSense Packages Feature #10872 (Resolved): Add adjustable notification for Severity Alert: Marcos M
03:45 PM pfSense Packages Bug #6964 (Resolved): Host OS Policy Assignment broken when using "Import" or "Aliases" buttons: Marcos M
03:45 PM pfSense Packages Feature #12285 (Resolved): Add more EVE Logged Traffic protocols: Marcos M
03:44 PM pfSense Packages Feature #12292 (Resolved): GeoIP look on the Alerts, Blocked and Files pages: Marcos M
03:44 PM pfSense Packages Bug #11742 (Not a Bug): Blocking / Unblocking is not working correctly.: Marcos M
03:44 PM pfSense Packages Bug #11742 (Closed): Blocking / Unblocking is not working correctly.: Marcos M
03:43 PM pfSense Packages Bug #12322 (Resolved): Suricata creates invalid HOME_NET entries: Marcos M
03:43 PM pfSense Packages Bug #11525 (Closed): pfsense 2.5.0 release version for vlan issue to suricata: Unable to reproduce using 23.01 and latest Suricata package. Marcos M
03:40 PM pfSense Packages Feature #11210 (Resolved): 3rd party rulesets: Marcos M
03:08 PM pfSense Packages Feature #12748 (Resolved): Suricata blocked page timestamp breakout to it's own sortable column: Marcos M
03:06 PM Revision a7b25043: Fix PHP error on diag_backup.php. Fixes #13876: Jim Pingle
02:39 PM Bug #13498: Newer variant models within the PC Engines APU2 platform are not recognized, causing garbled early serial console output: This patch has been ready to go for a while. Any chance of getting it merged before the next release? Brett Keller
02:29 PM pfSense Packages Regression #13856 (Resolved): OpenVPN Export Utility creates a broken installer package: Jim Pingle
02:23 PM pfSense Packages Todo #13857 (Feedback): Update bundled installer in OpenVPN Export Utility: Updates are merged into all the relevant branches and will appear once a build succeeds.
Jim Pingle
01:50 PM pfSense Packages Todo #13857 (In Progress): Update bundled installer in OpenVPN Export Utility: I've got the files and patch ready for this, testing it now.
Jim Pingle
12:53 PM pfSense Packages Bug #13878 (Resolved): IPsec Profile Wizard/Apple: Generated profile does not contain the correct ``AuthenticationMethod`` for IKEv2 EAP configurations: When importing a profile for EAP-MSCHAPv2 for example, the @AuthenticationMethod@ is set to @Certificate@ when it sho... Jim Pingle
12:50 PM pfSense Packages Bug #12705: IPsec Profile Wizard/Apple: IKEv2 VPN with ECDSA server certificate does not connect using generated profile: Sean McBride wrote in #note-8:
> Jim, thanks for investigating. Note however that we're not using the profile wizard... Jim Pingle
12:48 PM pfSense Packages Bug #12705: IPsec Profile Wizard/Apple: IKEv2 VPN with ECDSA server certificate does not connect using generated profile: Jim, thanks for investigating. Note however that we're not using the profile wizard at all. Does that mean ECDSA is ... Sean McBride
12:22 PM pfSense Packages Bug #12705: IPsec Profile Wizard/Apple: IKEv2 VPN with ECDSA server certificate does not connect using generated profile: This is not a bug in pfSense or macOS but from the way the profile wizard forms the configuration profile: The profil... Jim Pingle
12:47 PM pfSense Packages Bug #13877 (Resolved): IPsec Profile Wizard/Windows: IKEv2 VPN using GCM configured by the generated script fails to connect with "The IPsec cipher transform is not compatible with the policy": I was exporting a test config to Windows which had a large number of different P1 options, and the profile generated ... Jim Pingle
12:32 PM pfSense Packages Feature #13484: IPsec Profile Wizard/Apple: Support on-demand connections in exported profile: Would need to be set based on a toggle on user request rather than being set unconditionally. Jim Pingle
11:57 AM pfSense Packages Bug #13870 (Resolved): pfSense-pkg-suricata-6.0.8_5 error in /usr/local/pkg/suricata/suricata.inc(4261): Jim Pingle
11:14 AM pfSense Packages Bug #13870: pfSense-pkg-suricata-6.0.8_5 error in /usr/local/pkg/suricata/suricata.inc(4261): Pull request https://github.com/pfsense/FreeBSD-ports/pull/1214 has been merged. This issue may be marked as "Resolved". Bill Meeks
08:15 AM pfSense Packages Bug #13870: pfSense-pkg-suricata-6.0.8_5 error in /usr/local/pkg/suricata/suricata.inc(4261): Jim Pingle wrote in #note-4:
> That should probably be something like this instead:
>
> [...]
Thanks Jim. I believe... Bill Meeks
07:11 AM pfSense Packages Bug #13870: pfSense-pkg-suricata-6.0.8_5 error in /usr/local/pkg/suricata/suricata.inc(4261): That should probably be something like this instead:... Jim Pingle
06:45 AM pfSense Packages Bug #13870: pfSense-pkg-suricata-6.0.8_5 error in /usr/local/pkg/suricata/suricata.inc(4261): I honestly don't know how to cause it to happen... I don't know this stuff to even find out where in the config ovpne... Brian Macy
09:15 AM Regression #13876 (Feedback): PHP error on diag_backup.php with no packages installed: Applied in changeset commit:a7b2504361d509f90997f26cc737169a7ca00ea6. Jim Pingle
09:03 AM Regression #13876 (Resolved): PHP error on diag_backup.php with no packages installed: If there is no @<installedpackages></installedpackages>@ section in the firewall configuration, the diag_backup.php p... Jim Pingle
07:46 AM pfSense Plus Bug #13875 (Rejected): Boot after upgrade form 22.05 to 23.01 hangs: There isn't enough detail here to say it's an actionable bug.
Please post on the forum to discuss and diagnose the... Jim Pingle
03:10 AM pfSense Plus Bug #13875: Boot after upgrade form 22.05 to 23.01 hangs: Hangs during boot right after the last line shown in the entry above. RED SKULL
03:09 AM pfSense Plus Bug #13875 (Duplicate): Boot after upgrade form 22.05 to 23.01 hangs: Loading kernel..
/boot/kernel/kernel text=0x1a8f80 text=0x1052b58 text=0x1a260c0 data-0x140 data=0x2618c4+0×59d73c 0... RED SKULL
07:31 AM Bug #13871: GUI logins stop appearing in system log after a while: I seem to recall hitting this on a rare occasion in the past but it wasn't related to logins but logging from anythin... Jim Pingle
07:25 AM Bug #10624: Memory leak in Unbound with Python module and DHCP lease registration active: Updating subject for release notes.
Jim Pingle
07:23 AM Regression #13862 (Resolved): Dynamic DNS check IP address service fails when using the default service: Jim Pingle
07:22 AM Bug #13869 (Confirmed): EWS server does not have an IPv6 address: This affects several areas which all rely on contacting the same Netgate server(s), including:
* Product registrat... Jim Pingle
03:32 AM pfSense Plus Regression #13816: Shutting down an 1100 running 23.01 results in an error. Unsure if operating system has halted.: I can confirm on my sg-1100, I see next message when do halt system from console or webGUI
Uptime: 11m58s
ERROR: ... aleksei prokofiev

01/15/2023

09:17 PM Feature #13868 (Pull Request Review): Allow packet capture on unassigned interfaces: Marcos M
09:16 PM Feature #13682 (Pull Request Review): Automatically indicate a packet capture has stopped when count limit is reached: Marcos M
09:16 PM Feature #13094 (Pull Request Review): Allow packet capture filtering in tagged packets: Marcos M
09:16 PM Feature #13322 (Pull Request Review): Define Packet Capture Protocol: Marcos M
06:26 PM pfSense Docs Todo #13872 (Rejected): Feedback on Services — DNS Resolver — DNS Resolver Advanced Options: That is best left to the unbound manual here:
https://unbound.docs.nlnetlabs.nl/en/latest/manpages/unbound.conf.html Marcos M
03:16 PM Bug #5413: Reduce disruptions when changing DNS records from DHCP leases in Unbound: Taking this one on as I'm now quite familiar with Unbound in pfSense Christian McDonald

01/14/2023

10:02 PM pfSense Packages Bug #13780 (Rejected): pfBlockerNG v2.1.4_28 on 23.01b Alerts-page results in error: pfBlockerNG v2 will be retired and replaced with v3 on 23.01 and 2.7 and beyond. Christian McDonald
07:10 PM pfSense Packages Bug #13780: pfBlockerNG v2.1.4_28 on 23.01b Alerts-page results in error: This is a known issue with pfBlockerNG on pfSense Plus 23.01. This issue should not be present on the -devel package... Kris Phillips
07:07 PM pfSense Packages Bug #13822 (Confirmed): haproxy bug when adding a Frontend containing accented characters in description in generated XML entities: This issue is confirmed on pfSense Plus 23.01-BETA.
If you add an HAProxy frontend and attempt to use a special ch... Kris Phillips
07:03 PM pfSense Packages Bug #13870 (Incomplete): pfSense-pkg-suricata-6.0.8_5 error in /usr/local/pkg/suricata/suricata.inc(4261): I'm unable to reproduce any bad interactions between Suricata and OpenVPN. I created an OpenVPN interface, enabled i... Kris Phillips
06:52 AM pfSense Packages Bug #13870: pfSense-pkg-suricata-6.0.8_5 error in /usr/local/pkg/suricata/suricata.inc(4261): This code is part of a function added by Viktor Gurov in the recent past. The purpose of the function is to collect a... Bill Meeks
05:55 AM pfSense Packages Bug #13870 (Resolved): pfSense-pkg-suricata-6.0.8_5 error in /usr/local/pkg/suricata/suricata.inc(4261): ... Brian Macy
04:58 PM pfSense Packages Bug #13874: pfBlocker -devel hanging on cron jobs: The PHP errors related to the widget provided by the customer were:... Chris W
04:54 PM pfSense Packages Bug #13874 (Resolved): pfBlocker -devel hanging on cron jobs: Build:
23.01-BETA (amd64)
built on Fri Jan 06 06:04:43 UTC 2023
FreeBSD 14.0-CURRENT
When pfBlocker is told t... Chris W
03:37 PM pfSense Packages Bug #13873 (Closed): PHP Errors on FRR Global Settings: When navigating to the Global Settings tab under Services --> FRR Global/Zebra --> Global Settings, the following err... Kris Phillips
12:01 PM pfSense Docs Todo #13872 (Rejected): Feedback on Services — DNS Resolver — DNS Resolver Advanced Options: *Page:* https://docs.netgate.com/pfsense/en/latest/services/dns/resolver-advanced.html
*Feedback:*
Please clear... Pat Jensen
09:34 AM Bug #13871 (New): GUI logins stop appearing in system log after a while: We've so far seen two customers run into this and only one TAC member has been able to reproduce it, though it's not ... Chris W
08:29 AM Bug #10624 (Feedback): Memory leak in Unbound with Python module and DHCP lease registration active: https://github.com/pfsense/FreeBSD-ports/commit/190a54b5581d5a20b5f839a8a01180d201883cab
This should be significan... Christian McDonald
06:11 AM Feature #13864: QR codes for captive portal vouchers.: May be is a good idea to link this feature request with request #11379, which requests the basic print function for v... Frank Stoppacher
04:10 AM Regression #13862: Dynamic DNS check IP address service fails when using the default service: Works as expected with the patch on
23.01-RC (amd64)
built on Fri Jan 13 06:06:07 UTC 2023
FreeBSD 14.0-CURRENT Lev Prokofev
03:29 AM Bug #13087 (Pull Request Review): OpenVPN WINS options may be visible even when NetBIOS is disabled: I can confirm this behavior on the:... Danilo Zrenjanin
03:28 AM Bug #13869 (Confirmed): EWS server does not have an IPv6 address: When you try to register your pfsense for Plus and are connected via IPv6 only, the register page says "The registrat... Tony Boston
03:09 AM Bug #13088: Rapidly clicking certain options on OpenVPN Client Overrides can cause hide/show field behavior to invert: Correcting,
Replicable on 23.05 and 23.01 Lev Prokofev
03:04 AM Bug #13088: Rapidly clicking certain options on OpenVPN Client Overrides can cause hide/show field behavior to invert: Can't replicate the issue on
23.05-DEVELOPMENT (amd64)
built on Mon Jan 09 06:04:59 UTC 2023
FreeBSD 14.0-CURREN... Lev Prokofev
01:06 AM Feature #13868 (Closed): Allow packet capture on unassigned interfaces: I want to be able to capture packets on the base physical interface for a physical interface that only has assigned V... Andrew B

01/13/2023

06:00 PM Feature #13844: Make RADIUS Start/Stop accounting immediately log off a user that exceeds quota when reauthentication is disabled: From my research the RADIUS standards facilitate this by way of RFC-3576 Disconnect-Request requests, which are suppo... Reid Linnemann
03:48 PM Bug #10624: Memory leak in Unbound with Python module and DHCP lease registration active: https://github.com/NLnetLabs/unbound/pull/827
We also need Unbound to quit reloading the interpreter on every SIGH... Christian McDonald
03:09 PM Bug #13860 (Pull Request Review): Typo in Remote IPv4/IPv6 Address help text on ``interfaces_gre_edit.php``: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/1007 Christopher Cope
12:33 PM Bug #13088 (Pull Request Review): Rapidly clicking certain options on OpenVPN Client Overrides can cause hide/show field behavior to invert: I can confirm this behavior is present on the:... Danilo Zrenjanin
11:46 AM pfSense Docs New Content #13825 (Closed): Add docs for installing/using a debug kernel: Picked back and deployed since we want these public before release in case we need users to load a debug kernel when ... Jim Pingle
09:00 AM Bug #13652: Inconsistent behavior filtering ICMP traffic: > Clearly, this behavior is inconsistent.
>
> Even stranger, the inbound rules work as expected when the Qualys ... Infra Weavers
08:58 AM Todo #13867 (Resolved): Update Unbound to use Python 3.11 instead of Python 3.9: Christian McDonald
08:56 AM Todo #13866 (Feedback): Add Python 3.11.1 to base system: Christian McDonald
08:56 AM Todo #13866 (Resolved): Add Python 3.11.1 to base system: Christian McDonald
08:55 AM Todo #13865 (Resolved): Update Python 3.9.15 to 3.9.16 in base system: Christian McDonald
05:56 AM Feature #13864 (New): QR codes for captive portal vouchers.: Would be great, if the qrencode package (see [[https://fukuchi.org/works/qrencode/]] ) could somehow integrated (pack... Frank Stoppacher

01/12/2023

05:55 PM Revision 20813411: Use filter_var to validate URLs. Issue #13425: Jim Pingle
04:32 PM Revision c5d5b76c: Use random_bytes() to generate salt for SHA512 password hashing. Fixes #12801: (cherry picked from commit 961f240c18f8421b0a28ee192ffa041e754e8f8e) Viktor Gurov
04:12 PM Revision 70bfd0fd: Omit irrelevant info from auth error. Fixes #13574: (cherry picked from commit 9633ec324eada0b870962d3682d264be577edc66) Jim Pingle
04:05 PM Revision e9c53ad9: Encode path+fn in browser.php. Fixes #13262: (cherry picked from commit 73ca6743954ac9f35ca293e3f2af63eac20cf32e) Jim Pingle
01:47 PM Revision 1e7eb5d1: Check IP service list corrections. Fixes #13862: Jim Pingle
09:46 AM pfSense Packages Feature #13863 (New): squidguard auto update blacklist: Instead of creating a custom cron job none, auto update with a dropdown for daily, weekly, biweekly or monthly update... Mustafa Avcı
08:00 AM pfSense Packages Bug #13858 (Resolved): Snort shares some GUI bugs previously identified and corrected in Suricata: Jim Pingle
08:00 AM Regression #13862: Dynamic DNS check IP address service fails when using the default service: Not a problem in a release, excluding from release notes. Jim Pingle
07:55 AM Regression #13862 (Feedback): Dynamic DNS check IP address service fails when using the default service: Applied in changeset commit:1e7eb5d1186dbc4c31f49af5e3ce72d9797b48ba. Jim Pingle
07:38 AM Regression #13862: Dynamic DNS check IP address service fails when using the default service: I see the problem, when trying to include the default check IP service in the list of available services, it's not pr... Jim Pingle
06:48 AM Regression #13862: Dynamic DNS check IP address service fails when using the default service: This was working recently (Around December 21, when I fixed the Check IP service selection in commit:1670f4c028141eec... Jim Pingle
03:47 AM Regression #13862: Dynamic DNS check IP address service fails when using the default service: Tested on
23.05-DEVELOPMENT (amd64)
built on Mon Jan 09 06:04:59 UTC 2023
FreeBSD 14.0-CURRENT
Can confirm t... Lev Prokofev
12:03 AM Regression #13862: Dynamic DNS check IP address service fails when using the default service: Replicated on SG-1100 and two whitebox installs now:
Current Base System
23.01.b.20230106.0600
Latest Base Syste... M Felden
12:01 AM Regression #13862 (Resolved): Dynamic DNS check IP address service fails when using the default service: M Felden

01/11/2023

05:54 PM pfSense Packages Bug #13858: Snort shares some GUI bugs previously identified and corrected in Suricata: The corrections for the issues identified here were manually merged by @jimp. This issue can be marked "resolved". Bill Meeks
02:36 PM Revision db28fc70: Fix conf history confirmation prompt. Fixes #13861: * Change confirmation method to be compatible with usepost
* Update action icon titles to be more descriptive, which ... Jim Pingle
02:21 PM Bug #13529: Intel i226 network interfaces do not honor a manually selected link speed: Updating subject for release notes. Jim Pingle
01:39 PM Revision 22f4a5e4: Build certain ports against python 3.11: Christian McDonald
11:38 AM pfSense Packages Feature #10818: UDP Broadcast Relay: James R wrote in #note-49:
> D. I. wrote in #note-48:
> > I'm seeing a lot of talk about a package for pfSense 2.6.... D. I.
07:40 AM pfSense Packages Feature #10818: UDP Broadcast Relay: D. I. wrote in #note-48:
> I'm seeing a lot of talk about a package for pfSense 2.6. However, the package seems to b... James R
07:05 AM pfSense Packages Feature #10818: UDP Broadcast Relay: I'm seeing a lot of talk about a package for pfSense 2.6. However, the package seems to be removed from this page (an... D. I.
10:24 AM Bug #13846: IPv6 firewall rules using the interface network macro on a GIF/GRE interface do not respect the configured subnet mask: You can do that, but that removes functionality. It would be better to make it work as expected. And again, IPv4 is w... Ross Tajvar
01:30 AM Bug #13846: IPv6 firewall rules using the interface network macro on a GIF/GRE interface do not respect the configured subnet mask: Since there is an option to define the subnet manually, the option 'Interface net' when the interface is GRE or GIF t... Danilo Zrenjanin
08:55 AM Regression #13861 (Feedback): Configuration history restores revision no matter which option is clicked in confirmation dialog: Applied in changeset commit:db28fc70c446aca6d2047d081c981ba3833ec835. Jim Pingle
08:25 AM Regression #13861 (Resolved): Configuration history restores revision no matter which option is clicked in confirmation dialog: When restoring an entry from the configuration history, the user is prompted to confirm the action. However, no matte... Jim Pingle
06:38 AM pfSense Packages Bug #13650 (Resolved): User with a wireguard permissions not able to edit peers/tunnels: Christian McDonald
06:38 AM pfSense Packages Bug #13650 (Closed): User with a wireguard permissions not able to edit peers/tunnels: Christian McDonald
05:12 AM pfSense Packages Bug #13650: User with a wireguard permissions not able to edit peers/tunnels: It works as expected with the patch.
Tested the patch against:... Danilo Zrenjanin
06:05 AM pfSense Packages Bug #13343: HAproxy cookie protection syntax needs updated: Hello,
Thank you Johannes Goldynia for the work-around, this worked for me too.
Is the fix in the GUI function ... Alexandre J
04:26 AM pfSense Packages Bug #12338: RRD Summary does not report data on 3100: Same issue for me on all the 3100's I've tested.
ntopng package 2.0_2 on pfSense 22.05 Karl Brown
02:46 AM Bug #13860 (Resolved): Typo in Remote IPv4/IPv6 Address help text on ``interfaces_gre_edit.php``: There is a typo under Interfaces/GREs/Edit
It says:
*Remote IPv4 address address.* Should be *Remote IPv4 tunne... Danilo Zrenjanin
02:22 AM Bug #13772 (Confirmed): Changing the alias resolve interval to the default value does not take effect after saving.: In my tests, even when I changed to a custom value, I had to "Reload Filter" to get it to run with the newly defined ... Danilo Zrenjanin

01/10/2023

10:18 PM Bug #13859 (Closed): Wireguard peer doesn't connect on reboot: I installed experimental Wireguard 0.1.6_3 package on pfSense 2.7.0-DEVELOPMENT (amd64) built on Wed Jan 04 06:05:22 ... Nazar Mokrynskyi
08:13 PM pfSense Packages Bug #12705: IPsec Profile Wizard/Apple: IKEv2 VPN with ECDSA server certificate does not connect using generated profile: Hi @Jim Pingle
Today we reproduced the same issue with newer macOS, namely Sierra(10) and Monterey(12) using the s... Alex Sensation
07:06 PM pfSense Packages Bug #13738 (Resolved): Typo under Services/Snort/Interface Settings/WAN - Rules: Fix merged. Christopher Cope
01:00 PM pfSense Packages Bug #13738 (Pull Request Review): Typo under Services/Snort/Interface Settings/WAN - Rules: https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/315 Christopher Cope
06:19 PM Bug #13068: Firewall rules fail to load when a URL table alias file does not exist: Similar to https://redmine.pfsense.org/issues/4893 Marcos M
05:43 PM Regression #11316: Unbound crashes with signal 11 when reloading: This is great news! Thanks Christian McDonald for diving into this issue. Even when it was almost a complete rewrite ... BBcan177 .
12:23 PM Regression #11316 (Feedback): Unbound crashes with signal 11 when reloading: Christian tracked this down to a problem in the Unbound Python module when the Maxmind library is enabled, as it is w... Jim Pingle
04:30 PM Revision f9f3523e: Add bandwidth selections for pipes regardless of whether passthrumac is set. Fixes #13853: Reid Linnemann
03:31 PM pfSense Packages Bug #13858: Snort shares some GUI bugs previously identified and corrected in Suricata: The three issues identified in this ticket have all been fixed in Pull Request 1213 posted here: https://github.com/p... Bill Meeks
02:31 PM pfSense Packages Bug #13858 (Resolved): Snort shares some GUI bugs previously identified and corrected in Suricata: Because the Snort and Suricata GUI packages share much of the same PHP code, three previously identified issues in Su... Bill Meeks
02:54 PM Bug #13853: Captive Portal does not apply RADIUS bandwidth limits to user pipes: Updating subject for release notes. Jim Pingle
10:35 AM Bug #13853 (Feedback): Captive Portal does not apply RADIUS bandwidth limits to user pipes: Applied in changeset commit:f9f3523e07913311524cd8de0bc9c2778196718a. Reid Linnemann
10:30 AM Bug #13853 (Pull Request Review): Captive Portal does not apply RADIUS bandwidth limits to user pipes: Internal MR: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/1004
Jim Pingle
02:05 AM Bug #13853: Captive Portal does not apply RADIUS bandwidth limits to user pipes: https://redmine.pfsense.org/projects/pfsense/repository/1/revisions/c0f216b9b1b6455afc96cb37e6319a23bf28a98d/diff/src... OpIT GmbH
02:54 PM Bug #13838: Captive Portal RADIUS start/stop accounting does not reset counters at each accounting start: Updating subject for release notes. Jim Pingle
12:55 PM pfSense Packages Regression #13856: OpenVPN Export Utility creates a broken installer package: Version update: https://redmine.pfsense.org/issues/13857
Cert looks good:... Marcos M
12:50 PM pfSense Packages Regression #13856: OpenVPN Export Utility creates a broken installer package: This was just needing a fix to a new path for 7-zip since it moved, the other part is unrelated and should go in a se... Jim Pingle
12:37 PM pfSense Packages Regression #13856: OpenVPN Export Utility creates a broken installer package: Last time I went to update it (Late Nov/Early Dec) their most recent installers were showing they had been signed wit... Jim Pingle
12:31 PM pfSense Packages Regression #13856: OpenVPN Export Utility creates a broken installer package: Would be helpful to also update the bundled version given that 2.5.2 is fairly old. Marcos M
12:28 PM pfSense Packages Regression #13856 (Resolved): OpenVPN Export Utility creates a broken installer package: Tested on @pfSense-23.01.b.20230106.0600@ using the latest @OpenVPN Export Utility@ package version.
The downloade... Marcos M
12:55 PM pfSense Packages Todo #13857 (Resolved): Update bundled installer in OpenVPN Export Utility: The current installer version shows as @2.5.2-Ix01@. Latest version as of now is @OpenVPN-2.5.8-I604-amd64.msi@: http... Marcos M
11:04 AM pfSense Plus Bug #13348: Error when deleting ZFS Boot Environment created from duplicate of non-default entry: Cool! Thanks for repro steps :) Christian McDonald
10:35 AM pfSense Plus Bug #13348 (Confirmed): Error when deleting ZFS Boot Environment created from duplicate of non-default entry: I can reproduce this on 23.01.
# Click @Create@ and use @default@ as the source; save it.
# Click the duplicate i... Marcos M
10:28 AM pfSense Plus Bug #13348 (Feedback): Error when deleting ZFS Boot Environment created from duplicate of non-default entry: Moving this ahead and marking that we need feedback here. It's still not clear how to reproduce this, and thus far no... Jim Pingle
10:34 AM Bug #13680: Package install scripts run after PHP upgrade produce errors: Reid Linnemann wrote in #note-3:
> I think we'd be better served by focusing our efforts on performing the complete ... Jim Pingle
10:27 AM pfSense Plus Bug #13455: Serial console output fails to render properly in certain cases on 4100, 6100, and 8200.: Moving ahead. Jim Pingle
10:06 AM pfSense Docs Todo #13854: Feedback on Backup and Recovery — ZFS Boot Environments (Plus Only) — Managing Boot Environments in the GUI: That is expected, because ZFS Boot Environments do not include the configuration. The configuration history (console ... Jim Pingle

01/09/2023

07:01 PM pfSense Packages Feature #13855 (New): Allow specifying a custom port: The OpenVPN client export package already contains a function to set the host name resolution to "other", which, as t... Phil K
05:55 PM pfSense Docs Todo #13854 (Closed): Feedback on Backup and Recovery — ZFS Boot Environments (Plus Only) — Managing Boot Environments in the GUI: *Page:* https://docs.netgate.com/pfsense/en/latest/backup/zfsbe/gui.html
*Feedback:*
It is very good to be able t... Hans Erik Busk
04:55 PM Bug #13847: Page doesn't load with a lot of IP aliases (crash): Jim Pingle wrote in #note-3:
> Trying to manage that many entries in the configuration isn't viable, not only does i... Nazar Mokrynskyi
08:53 AM Bug #13847: Page doesn't load with a lot of IP aliases (crash): Trying to manage that many entries in the configuration isn't viable, not only does it consume too many resources in ... Jim Pingle
08:43 AM Bug #13847: Page doesn't load with a lot of IP aliases (crash): Jim Pingle wrote in #note-1:
> That is expected. Use a URL *table* alias for large lists.
I'm not sure how this i... Nazar Mokrynskyi
08:35 AM Bug #13847 (Rejected): Page doesn't load with a lot of IP aliases (crash): That is expected. Use a URL *table* alias for large lists.
Jim Pingle
04:54 PM pfSense Plus Bug #13848: OpenVPN Client Breaking Outbound NAT: Hello Jim, this issue was raised as per TAC (Kris P). I am not looking for configuration support, however, I am able ... AJ Harran
08:44 AM pfSense Plus Bug #13848 (Rejected): OpenVPN Client Breaking Outbound NAT: As stated, the issue cannot be reproduced, and is likely something in your specific configuration or environment. Thi... Jim Pingle
04:54 PM pfSense Packages Bug #13753: Gateway groups stop sending traffic if they contain wireguard tunnels: In my case I do Load Balancing of Wireguard Tunnels, if I add only Wireguard tunnels it only uses one tunnel.
Seco... Jeff Kuehl
04:12 PM Bug #13853 (Resolved): Captive Portal does not apply RADIUS bandwidth limits to user pipes: When configured to use per-user bandwidth restrictions, a captive portal's db entry for a user will have the proper b... Reid Linnemann
02:27 PM pfSense Packages Bug #12608: WireGuard tunnels monitored by dpinger causing system to stop routing completely in certain situations: I have noticed this whenever I enable or disable peers this happens. But I see that even interface-to-interface traff... Jeff Kuehl
01:12 PM Bug #13846: IPv6 firewall rules using the interface network macro on a GIF/GRE interface do not respect the configured subnet mask: Why is the IPv4 behavior different from the IPv6 behavior? From my perspective, IPv4 is "working" and IPv6 is "broken... Ross Tajvar
08:33 AM Bug #13846: IPv6 firewall rules using the interface network macro on a GIF/GRE interface do not respect the configured subnet mask: That is expected based on how the interfaces are configured in the OS.
It's a point-to-point link so the underlyin... Jim Pingle
09:05 AM Bug #13852 (Rejected): Pfsense VPN dosen't work when unexpected reboot: That is not a typical issue and cannot be reproduced here with what little information has been provided. This site i... Jim Pingle
08:18 AM Bug #13852 (Rejected): Pfsense VPN dosen't work when unexpected reboot: Hi,
I have an issue, when the pfsense make an unexpected reboot the VPN dosen't work, it seems like the service st... Miguel Richard
09:04 AM Bug #13851 (Rejected): DNS Resolver does not generate automatic ACLs for IPv6 when Network Interfaces is set to "All": The DNS resolver forms IPv6 ACLs by default already for both static and dynamic IPv6 in everything I have access to w... Jim Pingle
04:40 AM Bug #13851 (Resolved): DNS Resolver does not generate automatic ACLs for IPv6 when Network Interfaces is set to "All": When investigating unexpected IPV6 DNS behavoir, I discovered that the DNS-resolver does not function for IPV6. The p... Louis B
09:02 AM Bug #13850 (Rejected): Limiters upload: Not nearly enough information here, and even so, this has already been tested and shown to work on current snapshots ... Jim Pingle
03:43 AM Bug #13850 (Rejected): Limiters upload: limiters does not work on upload In / Out pipe rules NATALE GRASSO
08:54 AM pfSense Packages Todo #13306 (Resolved): Update NUT to version 2.8.0 to match FreeBSD Packages: Jim Pingle
08:54 AM pfSense Plus Bug #13797 (Not a Bug): DNS Resolver stops working: Jim Pingle
08:47 AM pfSense Packages Feature #13733 (Resolved): Upgrade ha proxy 2.6: The HAProxy devel package is at 2.6.6 on both pfSense Plus 23.01 and CE 2.7.0 snapshots.
Jim Pingle
08:45 AM pfSense Plus Regression #13743 (Closed): Latest snapshot defaults to 22.05 branch selected which can pull that version's package information: Jim Pingle
08:36 AM pfSense Plus Bug #13845 (Not a Bug): Issues with Dynamic DNS on 23.01DEV: Jim Pingle
08:10 AM pfSense Packages Bug #13842: RADIUS user accounting limit inputs for bandwidth and total usage are not validated to prevent exceeding a 32 bit unsigned value: From the description this is about adding input validation to limit what the FreeRADIUS package will allow, so moving... Jim Pingle

01/08/2023

10:20 PM pfSense Packages Todo #13306: Update NUT to version 2.8.0 to match FreeBSD Packages: installed nut 2.8.0_2 on pfSense Plus 23.01.b.20230106.0600 Jordan G
12:37 PM Feature #13849 (New): Dashboard > Firewall Logs > Date Time formatting: When you have set the Log Message Format to syslog (RFC 5424, with RFC 3339 microsecond-precision timestamps), the da... The Cycler63

01/07/2023

10:35 PM pfSense Plus Bug #13797: DNS Resolver stops working: Kris Phillips wrote in #note-4:
> Fred Brunken wrote in #note-3:
> > Hi there,
> >
> > First of, happy new year.... Fred Brunken
08:07 PM pfSense Plus Bug #13797: DNS Resolver stops working: Fred Brunken wrote in #note-3:
> Hi there,
>
> First of, happy new year.
>
> I was able to get a new log file... Kris Phillips
10:17 PM pfSense Packages Feature #13733 (Feedback): Upgrade ha proxy 2.6: pfSense Plus 23.01 has HAProxy 2.6.6 available in the repos for the devel branch. I expect that 2.7 also has this in... Kris Phillips
10:05 PM pfSense Packages Bug #13738 (Confirmed): Typo under Services/Snort/Interface Settings/WAN - Rules: Can confirm this on pfSense 23.01-BETA and 22.05. This is only present when a rule is force disabled and only shows ... Kris Phillips
08:55 PM pfSense Packages Bug #13810 (Confirmed): Squid options obsolete: I can confirm this behavior on my 23.01-BETA install:
2023/01/08 02:53:54| Startup: Initializing Authentication Sc... Kris Phillips
08:16 PM pfSense Packages Feature #13809: Add Netdata package: Making the netdata package and dependencies available in the repos should be pretty trivial, but in order to configur... Kris Phillips
08:10 PM pfSense Plus Regression #13743: Latest snapshot defaults to 22.05 branch selected which can pull that version's package information: Tested this with an upgrade of an existing install and this does not happen when upgrading between 23.01-BETA builds ... Kris Phillips
08:06 PM pfSense Plus Bug #13848: OpenVPN Client Breaking Outbound NAT: Here you go Kris. All the same settings while using 22.05 AJ Harran
08:01 PM pfSense Plus Bug #13848: OpenVPN Client Breaking Outbound NAT: AJ Harran wrote in #note-1:
> Downgraded to 22.01 and OpenVPN Client works as expected.
Hello AJ,
Can you please pr... Kris Phillips
07:46 PM pfSense Plus Bug #13848: OpenVPN Client Breaking Outbound NAT: Downgraded to 22.01 and OpenVPN Client works as expected. AJ Harran
04:32 PM pfSense Plus Bug #13848 (Rejected): OpenVPN Client Breaking Outbound NAT: Issue occurs on vanilla out of the box appliance.
Configuration:
- VLAN 35 added to mvneta0
- PPPoE Dialer added... AJ Harran
01:10 PM pfSense Plus Bug #13845: Issues with Dynamic DNS on 23.01DEV: And I think I was double-natted.
I switched my network around this morning to try something, and it started working... Michael Tarbox
09:54 AM Bug #13847 (Rejected): Page doesn't load with a lot of IP aliases (crash): pfSense only supports up to 3000 IP aliases in URLs and I'm not sure whether it supports comments or compression for ... Nazar Mokrynskyi
05:37 AM Bug #13846 (New): IPv6 firewall rules using the interface network macro on a GIF/GRE interface do not respect the configured subnet mask: Steps to reproduce:
1. Define GRE tunnel with a remote peer and define IPv6 Local and Remote Tunnel addresses
2. ... Danilo Zrenjanin

01/06/2023

09:36 PM pfSense Plus Bug #13845: Issues with Dynamic DNS on 23.01DEV: Using the default check ip services, http://checkip.dyndns.org Michael Tarbox
09:33 PM pfSense Plus Bug #13845 (Not a Bug): Issues with Dynamic DNS on 23.01DEV: Netgate 4100. Updated from 22.01-22.05 and Dynamic DNS updated fine with my FQDN.
Upgraded to 23.01, now it fails to... Michael Tarbox
09:04 PM Bug #7589 (Pull Request Review): ``diag_edit.php`` warning is not cleared after picking non-directory to load: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/1003 Christopher Cope
06:47 PM Bug #13838 (Closed): Captive Portal RADIUS start/stop accounting does not reset counters at each accounting start: Thanks for all of your reports and responses, I've been able to make some decent headway improving the captive portal... Reid Linnemann
03:36 PM Bug #13838: Captive Portal RADIUS start/stop accounting does not reset counters at each accounting start: Dale Harron wrote in #note-7:
> Yes, but I did not check Interim updates for logout on Quota yet. I doubt that will ... Reid Linnemann
03:16 PM Bug #13838: Captive Portal RADIUS start/stop accounting does not reset counters at each accounting start: It sounds like you have fixed the primary problem, a way to track Data usage by simultaneous users logged into one fr... Dale Harron
03:04 PM Bug #13838: Captive Portal RADIUS start/stop accounting does not reset counters at each accounting start: Yes, but I did not check Interim updates for logout on Quota yet. I doubt that will work because captive portal does... Dale Harron
02:56 PM Bug #13838: Captive Portal RADIUS start/stop accounting does not reset counters at each accounting start: I can verify at this time that freeradius as configured by the pfsense package does not include any attributes in the... Reid Linnemann
02:26 PM Bug #13838: Captive Portal RADIUS start/stop accounting does not reset counters at each accounting start: I think I understand the disconnect here - Start/Stop requires resetting the rule counters in the firewall, and only ... Reid Linnemann
01:37 PM Bug #13838: Captive Portal RADIUS start/stop accounting does not reset counters at each accounting start: -You'll have the same observed behavior as 'reauthenticate every minute', since accounting start/stop is done at minu... Reid Linnemann
01:11 PM Bug #13838: Captive Portal RADIUS start/stop accounting does not reset counters at each accounting start: I can confirm that start/stop freeRadius does handle data quota tracking for a freeRadius User. I tested 2 simultane... Dale Harron
06:39 PM Feature #13844 (New): Make RADIUS Start/Stop accounting immediately log off a user that exceeds quota when reauthentication is disabled: In captiveportal_prune_old, when accounting start/stop packets are sent, the response attributes are not examined and... Reid Linnemann
06:28 PM Feature #13843 (New): Add ability to properly configure RADIUS captive portal user quotas of 4096MB or more: The current vendor attribute pfSense-Max-Total-Octets used for setting a user's traffic quota is a 32 bit unsigned in... Reid Linnemann
06:09 PM Regression #13823 (Rejected): RADIUS attribute pfSense-Max-Total-Octets is not parsed correctly: I'm rejecting this as parsing is not the actual issue, and I'm linking to a new bug and enhancement request. Reid Linnemann
12:35 PM Regression #13823: RADIUS attribute pfSense-Max-Total-Octets is not parsed correctly: According to the RFCs, integers types are all 32 bits, period. To support larger limits we'll need to have an alterna... Reid Linnemann
12:04 PM Regression #13823: RADIUS attribute pfSense-Max-Total-Octets is not parsed correctly: Ok, I misunderstood the actual problem here, which is that the database record is having the wrong value inserted. It... Reid Linnemann
06:07 PM pfSense Packages Bug #13842 (New): RADIUS user accounting limit inputs for bandwidth and total usage are not validated to prevent exceeding a 32 bit unsigned value: In the FreeRadius package, user upload/download limits can be set to any positive integer, including any values that ... Reid Linnemann
04:21 PM pfSense Packages Bug #13839: Suricata version updates take a long time: Marcos M wrote in #note-3:
> I certainly did not take any action during it that would have affected it. I did ommit s... Bill Meeks
12:14 PM pfSense Packages Bug #13839: Suricata version updates take a long time: I certainly did not take any action during it that would have affected it. I did ommit some unrelated lines like me l... Marcos M
09:54 AM pfSense Packages Bug #13839: Suricata version updates take a long time: I have also noticed some overall package installation issues with both Suricata and Snort over the last couple of mon... Bill Meeks
03:38 PM pfSense Packages Bug #13650 (Pull Request Review): User with a wireguard permissions not able to edit peers/tunnels: https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/313 Christopher Cope
10:02 AM pfSense Docs New Content #12597 (Feedback): How to reset IPMI settings and password for Netgate appliances: Added that info to the docs and also cleaned up the rest of the info so it's all consistent.
https://gitlab.netgat... Jim Pingle
08:53 AM pfSense Docs Correction #13841 (Feedback): Incorrect example in FreeRADIUS stats example: Updated and cleaned up that whole section (And parts of the rest of the doc). It had quite a few inconsistencies and ... Jim Pingle
07:36 AM pfSense Plus Regression #13819 (Resolved): OpenVPN process PID is not logged correctly: Value is logged correctly on the current snapshot.... Jim Pingle
07:32 AM Regression #13833 (Resolved): Cron jobs are not removed by ``install_cron_job`` when set inactive as they should be: Current snapshot works correctly all around. Jobs are removed, and subsequent operations in the same batch happen on ... Jim Pingle
04:02 AM pfSense Packages Bug #12036 (Resolved): Certificate Manager page do not show Zabbix used certificates: Tested against:... Danilo Zrenjanin
02:14 AM pfSense Packages Regression #13828 (Resolved): ACME cron jobs persist after the package is uninstalled: Tested against:... Danilo Zrenjanin
01:30 AM pfSense Packages Bug #11204 (Resolved): Fix net-snmp logging to syslog: Tested against:... Danilo Zrenjanin

01/05/2023

07:57 PM Revision f11e2f74: Add .vscode to .gitignore: Marcos M
06:29 PM Regression #13823: RADIUS attribute pfSense-Max-Total-Octets is not parsed correctly: This smells to me like your user authenticated and then you modified the user's traffic quota. The quota in the datab... Reid Linnemann
04:53 PM pfSense Docs Correction #13841 (Resolved): Incorrect example in FreeRADIUS stats example: The example in the step here is incorrect:
https://docs.netgate.com/pfsense/en/latest/packages/freeradius.html#get-f... Marcos M
04:16 PM Feature #13840: add whitelist config option for igmpproxy: This PR adds the option to config these whitelists in the GUI and to be added to the config file
https://github.com... Igor Ybema
04:14 PM Feature #13840 (Pull Request Review): add whitelist config option for igmpproxy: The IGMP Proxy allows whitelisting multicast groups in the config file. This is used to only allow certain groups to ... Igor Ybema
02:40 PM pfSense Packages Bug #13839 (Resolved): Suricata version updates take a long time: Recently I've noticed that updating Suricata versions takes a very long time, every time. After an update to the late... Marcos M
02:23 PM pfSense Docs Correction #13750 (Resolved): "Using Software from FreeBSD": Added that to the page.
Jim Pingle
02:22 PM pfSense Docs New Content #13825: Add docs for installing/using a debug kernel: There aren't any concerns for that as far as I'm aware. If there were I would have documented them. As already mentio... Jim Pingle
02:10 PM pfSense Docs New Content #13825: Add docs for installing/using a debug kernel: Please add how updates to new versions should be handled, if at all. For example, will updating to a new version whil... Marcos M
01:44 PM pfSense Docs New Content #13825 (Feedback): Add docs for installing/using a debug kernel: New doc added:
https://gitlab.netgate.com/docs/pfSense-docs/-/commit/4005215f82e008ee6eeacc8dc64bcf3db66a043e
S... Jim Pingle
02:13 PM Revision e00916c1: Locate cron jobs more accurately. Fixes #13833: Jim Pingle
02:08 PM pfSense Docs Todo #13760 (Rejected): Feedback on Development — Executing Commands at Boot: It's mentioned right there in the second paragraph.
!clipboard-202301051506-w9jkj.png!
The package itself doesn... Jim Pingle
01:45 PM Bug #13838 (Feedback): Captive Portal RADIUS start/stop accounting does not reset counters at each accounting start: Jim Pingle
01:34 PM Bug #13838 (Ready To Test): Captive Portal RADIUS start/stop accounting does not reset counters at each accounting start: Fixed in "70c8081":https://github.com/pfsense/FreeBSD-ports/commit/70c8081dccdd8f64651c2c4680f9f0ae23323acf Reid Linnemann
12:44 PM Bug #13838 (Closed): Captive Portal RADIUS start/stop accounting does not reset counters at each accounting start: pfSense_pf_cp_zerocnt() is not resetting the eth rule counters for authenticated user pipe rules, as a result the acc... Reid Linnemann
12:01 PM pfSense Docs New Content #13834 (Resolved): Document 22.05.1 release: Added/picked/deployed.
https://gitlab.netgate.com/docs/pfSense-docs/-/commit/65569b69350f7f31cd0a4e788fe7b245795ab... Jim Pingle
10:17 AM Bug #10624 (Confirmed): Memory leak in Unbound with Python module and DHCP lease registration active: This is confirmed.
Python3.9 and lower has some deeply rooted memory management problems. Because of the way Unbou... Christian McDonald
09:57 AM pfSense Packages Feature #13837 (New): PRTG Package: Is it possible to add a PRTG Remote Probe Package?
https://www.paessler.com OpIT GmbH
09:48 AM pfSense Plus Bug #13602: OpenVPN fails to start again if it crashes with DCO enabled: There have been lots of other changes in the code, so patches would need to be crafted from scratch just for 22.05 if... Jim Pingle
09:45 AM pfSense Packages Bug #13798 (Resolved): Crash report with lldpd package and 23.01.b.20221223.0600: Jim Pingle
09:42 AM Feature #13826 (Duplicate): Update pcsc-lite: No need for a new issue for this, it should just be a comment on #12095 since that is still open.
Jim Pingle
09:41 AM Bug #13814 (Rejected): DNS Resolver continue fail to answer queries until I restart the server or wait a couple of minutes the services to work: There really isn't much to go on here so it's hard to say what might be happening. It's normal for the DNS Resolver t... Jim Pingle
09:28 AM pfSense Plus Regression #13819 (Feedback): OpenVPN process PID is not logged correctly: Fix tested and merged.
Before the fix, there was nothing logged when starting OpenVPN with the actual PID.
Afte... Jim Pingle
09:01 AM Regression #13831 (Resolved): Syntax error in /etc/inc/util.inc on line 3655: With a properly formatted ACL sent from RADIUS, the rule is accepted and present in the ruleset.
With a deliberate... Jim Pingle
08:47 AM pfSense Packages Regression #13828 (Feedback): ACME cron jobs persist after the package is uninstalled: Fix committed, will be in the ACME package on the next build started after this commit:
https://github.com/pfsense... Jim Pingle
08:30 AM pfSense Packages Regression #13828 (Confirmed): ACME cron jobs persist after the package is uninstalled: The ACME cron job is still present after removing the package. The deinstall function isn't referencing the correct A... Jim Pingle
08:45 AM pfSense Packages Regression #13817 (Confirmed): pfBlockerNG-devel cron jobs persist after the service is disabled or the package is uninstalled: The cron job is still present after removing the package. There is likely a package-specific change that must be made... Jim Pingle
08:22 AM pfSense Packages Bug #13830 (Resolved): Snort cron jobs persist after the package is uninstalled: Jim Pingle
08:20 AM Regression #13833 (Feedback): Cron jobs are not removed by ``install_cron_job`` when set inactive as they should be: Applied in changeset commit:e00916c1681394ccc7be193335dc001ec23029ec. Jim Pingle
08:17 AM Regression #13833: Cron jobs are not removed by ``install_cron_job`` when set inactive as they should be: Commit is pending for this, but as an example of the problem, consider a scenario similar to the following:... Jim Pingle
07:46 AM Regression #13833 (In Progress): Cron jobs are not removed by ``install_cron_job`` when set inactive as they should be: The way the current code locates jobs to alter might not work well with the new way to remove an existing job if mult... Jim Pingle
08:11 AM pfSense Packages Feature #10818: UDP Broadcast Relay: I've installed 23.01 RC and pfSense-pkg-udpbroadcastrelay-1.0.pkg installs without issue. James R
07:37 AM Feature #13836 (Duplicate): Show all rules that have effect: Duplicate of #2049 Jim Pingle
03:31 AM pfSense Plus Bug #13799 (Resolved): Unbound python module persistently shows enabled in resolver settings: Tested against:... Danilo Zrenjanin
03:09 AM pfSense Plus Bug #13799: Unbound python module persistently shows enabled in resolver settings: I confirmed this behavior on 23.01.b.20221228.0300. Danilo Zrenjanin
02:17 AM pfSense Plus Regression #13824 (Resolved): CPU/Crypto Detection for the 3100 is not functioning properly: Tested against:... Danilo Zrenjanin

01/04/2023

08:34 PM Revision bf6f57e4: Fix cron job removal. Fixes #13833: Jim Pingle
04:38 PM Feature #13836 (Duplicate): Show all rules that have effect: I recently learned that there are MANY rules that have effect in pfSense, but are not shown in UI.
For instance rule... Nazar Mokrynskyi
04:22 PM pfSense Packages Regression #13828 (Closed): ACME cron jobs persist after the package is uninstalled: Fixed in https://redmine.pfsense.org/issues/13833 Marcos M
04:22 PM pfSense Packages Regression #13817 (Closed): pfBlockerNG-devel cron jobs persist after the service is disabled or the package is uninstalled: Fixed in https://redmine.pfsense.org/issues/13833 Marcos M
03:59 PM Regression #13835 (Duplicate): Cron jobs are not properly removed: Duplicate of https://redmine.pfsense.org/issues/13833 (fix already committed) Jim Pingle
03:10 PM Regression #13835 (Duplicate): Cron jobs are not properly removed: See https://redmine.pfsense.org/issues/13827#note-4
> Instead, I believe this issue was introduced by a recent chang... Marcos M
03:56 PM Revision 02724a5a: Fix copy/paste error. Issue #13831: Jim Pingle
03:50 PM Revision 5df5c9b4: Fix catch syntax and variable usage. Fixes #13831: * Add variable back to catch statement
* Use the exception message
* Correct error message when this exception is thr... Jim Pingle
03:12 PM pfSense Plus Regression #13613 (Resolved): OpenVPN crashes due to if_tuntap changes: Marcos M
03:10 PM pfSense Packages Bug #13830: Snort cron jobs persist after the package is uninstalled: This issue may be closed and marked either "resolved" or "not a bug" as desired. It was addressed by this Changeset: ... Bill Meeks
11:34 AM pfSense Packages Bug #13830: Snort cron jobs persist after the package is uninstalled: Update -- this is not actually a problem within the Snort GUI package. Instead, the issue is the result of a PHP 8.1 ... Bill Meeks
09:05 AM pfSense Packages Bug #13830 (Resolved): Snort cron jobs persist after the package is uninstalled: Uninstalling the package does not remove the cron jobs added when the service is configured/enabled. Similar to https... Bill Meeks
02:46 PM pfSense Docs New Content #13834 (Resolved): Document 22.05.1 release: Document the 22.05.1 point release (similarly to 21.02.1).
https://docs.netgate.com/pfsense/en/latest/releases/ver... Marcos M
02:44 PM pfSense Packages Regression #13827 (Resolved): Suricata cron jobs persist after the package is uninstalled: PR merged, thanks! Jim Pingle
02:05 PM pfSense Packages Regression #13827: Suricata cron jobs persist after the package is uninstalled: I made some changes to the Suricata uninstall code to ensure all code paths perform config writes before exiting. Tho... Bill Meeks
11:21 AM pfSense Packages Regression #13827: Suricata cron jobs persist after the package is uninstalled: After some further investigation and testing, I'm not convinced the problem is within the package code. Instead, I be... Bill Meeks
09:03 AM pfSense Packages Regression #13827: Suricata cron jobs persist after the package is uninstalled: This was actually broken, it appears, 6 years ago by this commit: https://github.com/pfsense/pfsense/commit/b2bb49709... Bill Meeks
02:40 PM Regression #13833 (Feedback): Cron jobs are not removed by ``install_cron_job`` when set inactive as they should be: Applied in changeset commit:bf6f57e4f857fd5a66d1e0a35c2b43c320da3c66. Jim Pingle
02:34 PM Regression #13833 (Resolved): Cron jobs are not removed by ``install_cron_job`` when set inactive as they should be: There is a regression in @install_cron_job@ where it fails to remove cron jobs when they are set inactive (@$active =... Jim Pingle
12:36 PM pfSense Packages Todo #13306 (Feedback): Update NUT to version 2.8.0 to match FreeBSD Packages: PR https://github.com/pfsense/FreeBSD-ports/pull/1175 Merged
Will be in snapshots overnight.
Jim Pingle
12:17 PM pfSense Packages Todo #13306: Update NUT to version 2.8.0 to match FreeBSD Packages: Also updating for PHP 8.1 Denny Page
11:17 AM Feature #13832 (New): Allow Slack notification API URL override: Slack notifications were added in #12291 .
Currently it's hardcoded to always post to `https://slack.com/api/chat.... Ulrich Petri
10:27 AM pfSense Packages Bug #13829: WG not removing interface rules from config even if "Keep Configuration" is unchecked before pkg removal: Jim Pingle wrote in #note-3:
> Reopening this since there is a bit more to think about here.
Perhaps another ch... Loh Phat
09:03 AM pfSense Packages Bug #13829 (New): WG not removing interface rules from config even if "Keep Configuration" is unchecked before pkg removal: Reading this again, perhaps I misunderstood. I was talking about assigned interfaces since you mentioned interfaces s... Jim Pingle
08:53 AM pfSense Packages Bug #13829: WG not removing interface rules from config even if "Keep Configuration" is unchecked before pkg removal: Jim Pingle wrote in #note-1:
> Interface rules are usually removed when removing an interface from assignments, which... Loh Phat
08:19 AM pfSense Packages Bug #13829 (Not a Bug): WG not removing interface rules from config even if "Keep Configuration" is unchecked before pkg removal: Interface rules are usually removed when removing an interface from assignments, which is a manual process and not pa... Jim Pingle
10:05 AM Regression #13831 (Feedback): Syntax error in /etc/inc/util.inc on line 3655: Applied in changeset commit:5df5c9b48aabacf223b29d7857d3c27486b8f591. Jim Pingle
09:55 AM Regression #13831: Syntax error in /etc/inc/util.inc on line 3655: This isn't plus specific, it was just noticed there first.
This would happen only if an invalid Cisco ACL rule is ... Jim Pingle
09:50 AM Regression #13831 (In Progress): Syntax error in /etc/inc/util.inc on line 3655: Jim Pingle
09:50 AM Regression #13831 (Resolved): Syntax error in /etc/inc/util.inc on line 3655: When upgrading from 22.05 to 23.01 with a specific config:... Steve Wheeler
09:12 AM pfSense Packages Bug #12178: WireGuard always shows 'Configuring WireGuard tunnels...done.' message on boot: Have to hop on this. This message (Configuring WireGuard tunnels) shows up couple of minutes if the interface the WG ... Car F

01/03/2023

08:42 PM Revision b756f227: Restore resolver host override sorting.: Jim Pingle
03:59 PM Revision a5c284f3: Fix #13799: Unbound python module persistently shows enabled in resolver settings.: Christian McDonald
02:31 PM pfSense Packages Bug #13829 (New): WG not removing interface rules from config even if "Keep Configuration" is unchecked before pkg removal: In the pfsense (22.05) config.xml there was a section of rules for the "WireGuard" package i/f. I had tried the pack... Loh Phat
02:25 PM pfSense Plus Bug #13602: OpenVPN fails to start again if it crashes with DCO enabled: I have the same issue. I have to run *ifconfig ovpns3 destroy* to allow the DCO enabled OpenVPN server to restart.
... Dean Arnold
02:02 PM pfSense Packages Regression #13828 (Resolved): ACME cron jobs persist after the package is uninstalled: Tested on @23.01.b.20221230.0600@ with the latest package.
Uninstalling the package does not remove the cron jobs ... Marcos M
01:46 PM pfSense Packages Regression #13827 (Resolved): Suricata cron jobs persist after the package is uninstalled: Tested on @23.01.b.20221230.0600@ with the latest package.
Uninstalling the package does not remove the cron jobs ... Marcos M
12:47 PM Feature #13826 (Duplicate): Update pcsc-lite: Current version in pfSense+ 23.01 is @pcsc-lite-1.9.5,2@.
There have been several fixes to pcsc that are relevant ... Marcos M
12:06 PM pfSense Packages Bug #13798 (Feedback): Crash report with lldpd package and 23.01.b.20221223.0600: Fixed: https://github.com/pfsense/FreeBSD-ports/commit/c0904ba7caffb3edf51ab67ce70dbbd362119987 Jim Pingle
09:30 AM pfSense Packages Bug #13798: Crash report with lldpd package and 23.01.b.20221223.0600: The error in the original report is definitely from problematic code when run under PHP 8.1. It would be most evident... Jim Pingle
11:34 AM Bug #12927: OpenVPN with OCSP enabled allows connections with revoked certificates: OCSP is not checked at all if certificate depth checking is disabled.
openvpn.inc does not place tls-verify into t... Chris Linstruth
11:19 AM Regression #13823: RADIUS attribute pfSense-Max-Total-Octets is not parsed correctly: Maybe we should pass this one to Reid as he handled https://redmine.pfsense.org/issues/13418 Christian McDonald
11:10 AM Regression #13823 (Confirmed): RADIUS attribute pfSense-Max-Total-Octets is not parsed correctly: The values used to generate the files by Captive Portal are correct - such as what gets placed in the db and quota tr... Marcos M
08:36 AM Regression #13823 (Not a Bug): RADIUS attribute pfSense-Max-Total-Octets is not parsed correctly: I agree, it looks right.
In FreeRADIUS the label even mentions MB:
> Enter the amount of download and upload tr... Jim Pingle
08:26 AM Regression #13823: RADIUS attribute pfSense-Max-Total-Octets is not parsed correctly: ... Christian McDonald
10:57 AM pfSense Packages Bug #13808 (Resolved): Suricata saves duplicate entries for the default built-in events and files rule sets when saving changes on the CATEGORIES tab: PR Merged. Jim Pingle
10:57 AM pfSense Packages Bug #13806 (Resolved): Suricata interface rules cannot be viewed.: PR Merged. Jim Pingle
10:57 AM pfSense Packages Bug #13812 (Resolved): Attempting to change suricata blocking mode on LAN interface from legacy to inline throws a PHP error: PR Merged. Jim Pingle
10:44 AM Regression #13818: OpenVPN fails to start when a related static route already exists: Static routes for non-DCO OpenVPN should always be managed by OpenVPN itself, a dynamic routing protocol, or policy r... Jim Pingle
09:25 AM Regression #13818: OpenVPN fails to start when a related static route already exists: Tested on 23.01 BETA for Dec 30. Can confirm this is the case. Kris Phillips
10:41 AM pfSense Docs New Content #13825 (Closed): Add docs for installing/using a debug kernel: Starting with 23.01 there is an option to install a debug kernel that is actually a full debug kernel and not just de... Jim Pingle
10:27 AM pfSense Plus Regression #13824 (Feedback): CPU/Crypto Detection for the 3100 is not functioning properly: Fixed: https://gitlab.netgate.com/pfSense/factory/-/commit/e71c2e7ea3f67f09e6a8fcea7da87eac78c28094
Jim Pingle
10:22 AM pfSense Plus Regression #13824 (Resolved): CPU/Crypto Detection for the 3100 is not functioning properly: The CPU and crypto detection on the dashboard widget are not functioning properly on the 3100. The CPU information di... Jim Pingle
10:19 AM pfSense Plus Regression #13779 (Resolved): SafeXcel support is built into the aarch64 kernel on snapshots instead of being a module: This change was merged in and is present on current snapshots. It's a module again and the dashboard detects it corre... Jim Pingle
10:05 AM pfSense Plus Bug #13799 (Feedback): Unbound python module persistently shows enabled in resolver settings: Applied in changeset pfsense:commit:a5c284f3214df41f5b00d321bbcc92489285e344. Christian McDonald
09:37 AM pfSense Packages Regression #13817 (New): pfBlockerNG-devel cron jobs persist after the service is disabled or the package is uninstalled: I had originally opened this against just pfBLockerNG-devel, but changed it since I saw it was happening on all packa... Marcos M
07:57 AM pfSense Packages Regression #13817 (Rejected): pfBlockerNG-devel cron jobs persist after the service is disabled or the package is uninstalled: It's up to each package to manage its own cron jobs. There isn't a way for the package manager to know those belong t... Jim Pingle
08:20 AM Bug #13014: Deadlock in Charon VICI interface: After disabling keepalives on all responders, the IPsec has been up for past 8days. Before that it would fail every 1... Roman Kazmierczak
08:16 AM Bug #13014: Deadlock in Charon VICI interface: That could be part of the problem, then, because if there are two P2 entries for the same src/dst in the SPD table it... Jim Pingle
08:02 AM Bug #13014: Deadlock in Charon VICI interface: Jim Pingle wrote in #note-42:
> Having overlapping P2 networks isn't really supported either, and could be a source ... David Vazquez
07:47 AM Bug #13014: Deadlock in Charon VICI interface: David Vazquez wrote in #note-41:
> Jim Pingle wrote in #note-40:
> > I have a lot of connections that stay down in ... Jim Pingle
08:10 AM pfSense Packages Feature #13821 (Rejected): [New package] - DNS Leak Test: This is not a useful test compared to testing from a client behind the firewall where it matters more.
Furthermore... Jim Pingle
08:04 AM pfSense Docs Todo #13820 (Closed): Feedback on Packages — ACME package: While it doesn't have the EKUs, it does work, at least last time I tried it before changing that recipe.
Jim Pingle
08:02 AM Bug #8831 (Closed): Radvd causes latency spikes: Jim Pingle
08:01 AM pfSense Packages Bug #13612 (Resolved): Snort building lists is broken: Jim Pingle
07:54 AM pfSense Plus Regression #13816: Shutting down an 1100 running 23.01 results in an error. Unsure if operating system has halted.: There is an open issue for the 2100 having a similar problem on snapshots (NG internal redmine, 8866), given the simi... Jim Pingle
07:48 AM pfSense Packages Regression #12643 (Resolved): Rule categories are cleared after clicking the save button on the Global Settings page: Jim Pingle
07:44 AM Bug #13807 (Not a Bug): NAT changes aren't rolled back using Restore recent configuration on the console: This is normal and expected. Restoring a past config doesn't activate it, it only changes the configuration data back... Jim Pingle
07:43 AM Bug #13800 (Rejected): Module Init Failure - FreeBSD 14.0-CURRENT #0 devel-main-n255825-17d2b04a49e: Fri Dec 23 06:29:08 UTC 2022: There are two main possibilities here:
1. They are normal errors during the upgrade that wouldn't come back on the... Jim Pingle
07:38 AM Feature #13805: A way to reliably determine if system is the primary or secondary in CARP: At the moment I don't see this being worth spending time on.
Having a manual setting is about the only way to make... Jim Pingle
07:29 AM Regression #13803 (Not a Bug): When adding an EasyBlock rule, the GUI redirects to "Firewall > Aliases > IP" instead of "Firewall > Rules": That's what it's supposed to do. When adding new blocks they go into the alias. Only the first new block makes a rule... Jim Pingle
07:28 AM Bug #13802: Incorrect language in Plus registration: I'm pretty sure that comes from Prodtrack as those strings aren't in the code anywhere. Should probably move this to ... Jim Pingle
07:17 AM pfSense Docs Correction #13813 (Resolved): Minor typo in io ports: Fixed: https://gitlab.netgate.com/docs/pfsense-platforms/-/commit/74b5da375e6e837bb078ba798a483b04c6d4d46c Jim Pingle
07:12 AM Regression #13517 (Resolved): Erroneous dhcp6 Messages in Boot log on 22.11: Jim Pingle
07:10 AM pfSense Plus Bug #13338 (Resolved): OpenVPN DCO panics with short UDP packets: Jim Pingle
07:08 AM Feature #13796 (Rejected): Restrict hardware address client (UUID string) login: It's not feasible. The client can lie about its UUID, there is no way for the server to know that it is accurate and ... Jim Pingle

01/02/2023

10:04 PM Regression #13823 (Rejected): RADIUS attribute pfSense-Max-Total-Octets is not parsed correctly: The RADIUS attribute @pfSense-Max-Total-Octets@ is used in FreeRADIUS with the option @Amount of Download and Upload ... Marcos M
10:17 AM pfSense Packages Bug #13822 (Confirmed): haproxy bug when adding a Frontend containing accented characters in description in generated XML entities: Hello,
Running snapshot from 2022-12-30 and pfsense stable 2.6.0, same bug in haproxy package.
Adding a Frontend... appzer0 appzer0
09:25 AM pfSense Plus Bug #13797: DNS Resolver stops working: Hi there,
First of, happy new year.
I was able to get a new log file, this time with log level 4. Unfortunately, t... Fred Brunken
04:20 AM pfSense Packages Feature #13821: [New package] - DNS Leak Test: PR Submitted -> https://github.com/pfsense/FreeBSD-ports/pull/1211 Luis Moraguez
03:54 AM pfSense Packages Feature #13821 (Rejected): [New package] - DNS Leak Test: I've developed a package that I would like to be made available for other to install via the Package Manager.
I've... Luis Moraguez

01/01/2023

10:35 PM pfSense Docs Todo #13820 (Closed): Feedback on Packages — ACME package: *Page:* https://docs.netgate.com/pfsense/en/latest/packages/acme/index.html
*Feedback:*
The recipe for IPsec Re... Taine Gilliam
08:38 PM Bug #8831: Radvd causes latency spikes: At least for me this is no longer happening so I'd say er can mark it resolved (unless someone else is still seeing t... Flole Systems
08:36 PM Bug #13473: No IPv6 address acquired after reboot/dhcp6c not starting: Further information was provided, so this is not incomplete. Flole Systems
08:34 PM pfSense Packages Bug #13612: Snort building lists is broken: This has been resolved now, so the status is wrong. Flole Systems
06:13 PM Regression #13418 (Resolved): Captive Portal does not keep track of client data usage: The original issue is now resolved; traffic is recorded correctly:... Marcos M
06:54 AM Regression #13418: Captive Portal does not keep track of client data usage: More extended testing demonstrates a NEW issue (see #2 point above for as tested configuration): pre-mature captive p... Dale Harron
05:07 PM pfSense Plus Regression #13819 (Pull Request Review): OpenVPN process PID is not logged correctly: https://gitlab.netgate.com/pfSense/factory/-/merge_requests/90 Marcos M
04:57 PM pfSense Plus Regression #13819 (Resolved): OpenVPN process PID is not logged correctly: Tested on the latest snapshot.
The system logs now show the following when the OpenVPN service is started:
> Jan ... Marcos M
03:41 PM Regression #13818 (New): OpenVPN fails to start when a related static route already exists: Tested on @23.01.b.20221230.0600@.
Steps:
# Configure an OpenVPN client in the GUI (tested with non-DCO); verify ... Marcos M
03:04 PM pfSense Packages Bug #13333 (Resolved): PHP error when saving Suricata rulesets: Marcos M
01:18 PM pfSense Packages Regression #13817 (Confirmed): pfBlockerNG-devel cron jobs persist after the service is disabled or the package is uninstalled: Tested on @23.01.b.20221230.0600@ with the latest pfBlockerNG-devel, Suricata, and ACME packages.
Using pfBlockerN... Marcos M
09:17 AM pfSense Plus Regression #13816 (Resolved): Shutting down an 1100 running 23.01 results in an error. Unsure if operating system has halted.: With a normal shutdown (CLI option 6 or Diagnostics > Halt) in 22.05, the USB console output ends with:... Chris W
04:21 AM pfSense Packages Feature #10818: UDP Broadcast Relay: Is there any way to install 1.0 package in pfSense 2.6? Installation failed, see below. Or do I have to use the older... M J

12/31/2022

02:14 PM Bug #13814 (Rejected): DNS Resolver continue fail to answer queries until I restart the server or wait a couple of minutes the services to work: Hello guys.
I have been testing pfsense 2.7-dev for a while, is my current version on my lan(home)network.
Right ... Peter Moreno
12:17 AM pfSense Packages Feature #13469: Feature/Package request: Wireguard Client/Peer config files export: I think this is a much needed feature and should be prioritized. WireGuard is far superior than OpenVPN and other VPNs. Eric Nix

12/30/2022

06:47 PM Bug #13687: Cannot add limiters named ``new``: Seeing this on build:
23.01-BETA (arm64)
built on Wed Dec 28 03:05:04 UTC 2022
FreeBSD 14.0-CURRENT
I create ... Chris W
04:36 PM pfSense Docs Correction #13813: Minor typo in io ports: The same wording is on the 2100 page as well.
https://docs.netgate.com/pfsense/en/latest/solutions/netgate-2100/io... Christopher Cope
04:01 PM pfSense Docs Correction #13813 (Resolved): Minor typo in io ports: https://docs.netgate.com/pfsense/en/latest/solutions/sg-3100/io-ports.html#switched-ethernet
Reads... Christopher Cope
03:20 PM Regression #13418: Captive Portal does not keep track of client data usage: Some success, data is now being passed to freeRadius but: (steady state stream of 33 MB/minute, single login per user... Dale Harron
08:53 AM pfSense Packages Bug #13812: Attempting to change suricata blocking mode on LAN interface from legacy to inline throws a PHP error: The fix for this issue was added to open Pull Request #1210 against DEVEL posted here: https://github.com/pfsense/Fre... Bill Meeks
12:30 AM pfSense Packages Bug #13812 (Resolved): Attempting to change suricata blocking mode on LAN interface from legacy to inline throws a PHP error: WebGUI reports:
The 'lan' interface does not support Inline IPS Mode with native netmap.
However, I then get a cr... John Elliott

12/29/2022

11:07 PM Revision c1bc55a9: Change captive portal counter keys to string keys. Fixes #13418.: String keys for rule counters are introduced in php-pfSense-module v0.89 Reid Linnemann
09:34 PM pfSense Plus Bug #13797: DNS Resolver stops working: Hi,
Thanks for you feedback. As for your questions, well...
The symptom is relatively easy to explain. The Netw... Fred Brunken
09:09 PM pfSense Plus Bug #13797: DNS Resolver stops working: Hello,
There is nothing unusual in the log file provided and there isn't enough information to go on here for a bu... Kris Phillips
09:15 PM Regression #13517: Erroneous dhcp6 Messages in Boot log on 22.11: Tested on Dec 28th builds of 23.01-BETA and these messages are no longer present. This can be marked as Resolved. Kris Phillips
09:12 PM pfSense Packages Bug #13798: Crash report with lldpd package and 23.01.b.20221223.0600: I'm unable to reproduce any issue with the LLPDd package in pfSense 23.01-BETA's December 28th build. Please provide... Kris Phillips
09:03 PM pfSense Plus Bug #13348: Error when deleting ZFS Boot Environment created from duplicate of non-default entry: Jonas R wrote in #note-6:
> FWIW: I get these errors whenever I (try to) delete a snapshot that is the parent snapsh... Kris Phillips
08:59 PM pfSense Plus Bug #13799: Unbound python module persistently shows enabled in resolver settings: I can confirm this. Steps to reproduce:
1. Go to Services --> DNS Resolver --> Python Module and check the box. ... Kris Phillips
09:18 AM pfSense Plus Bug #13799 (Confirmed): Unbound python module persistently shows enabled in resolver settings: Christian McDonald
08:55 PM pfSense Plus Bug #13338: OpenVPN DCO panics with short UDP packets: This can be marked as Resolved since we have tested the fix and confirmed it's resolution. Kris Phillips
08:53 PM pfSense Packages Bug #10867 (Resolved): squidGuard Package Hangs on Uninstall or Upgrade: Tested on latest 23.01 builds and the install issue is no longer a problem. Closing as resolved. Kris Phillips
06:21 PM Regression #13418: Captive Portal does not keep track of client data usage: PF_IN/PF_OUT direction was mismatched with the array index into the counters that we sampled. This should be fixed in... Reid Linnemann
06:20 PM Regression #13418 (Feedback): Captive Portal does not keep track of client data usage: Applied in changeset commit:c1bc55a9f37e5977110a3bb1f170321738fdf3d2. Reid Linnemann
12:36 PM pfSense Packages Bug #13811: Youtube content getting filtered on Squid when none is Selected: Maharsh Patel wrote:
> Youtube's content gets filtered by its SafeSearch headers even though I have selected *None* ... Maharsh Patel
10:38 AM pfSense Packages Bug #13811 (Closed): Youtube content getting filtered on Squid when none is Selected: Youtube's content gets filtered by its SafeSearch headers even though I have selected *None* on youtube restrictions ... Maharsh Patel
09:26 AM pfSense Packages Feature #13791 (Resolved): package information link goes to an old forum post - change to pfBlockerNG package page: I agree...docs is better than an old forum post. Fixed. Christian McDonald
01:07 AM pfSense Packages Bug #13810 (Rejected): Squid options obsolete: Hello guys.
Running squid -k parse we have some options that are no longer used, maybe is time to update the GUI:... Peter Moreno

12/28/2022

10:18 PM pfSense Packages Feature #13809 (New): Add Netdata package: I would like to see the Netdata monitoring package added to pfSense.
This would allow a fleet of pfSense systems to ... Ben Woods
01:13 PM pfSense Packages Bug #13738: Typo under Services/Snort/Interface Settings/WAN - Rules: It was intended to be 22.05. I fixed that. Danilo Zrenjanin
12:32 PM Bug #13680: Package install scripts run after PHP upgrade produce errors: I think we'd be better served by focusing our efforts on performing the complete upgrade in the target boot environme... Reid Linnemann

12/27/2022

09:43 PM pfSense Packages Bug #13806: Suricata interface rules cannot be viewed.: This issue is corrected by Pull Request 1210 submitted to the DEVEL branch: https://github.com/pfsense/FreeBSD-ports/... Bill Meeks
04:49 PM pfSense Packages Bug #13806: Suricata interface rules cannot be viewed.: Okay, was able to reproduce the condition when using SID MGMT to auto-disable rules. Will dig into the processing to ... Bill Meeks
04:46 PM pfSense Packages Bug #13806: Suricata interface rules cannot be viewed.: A fresh greenfield install still works for me, showing the rule categories auto-enabled on the CATEGORIES tab (green ... Bill Meeks
04:24 PM pfSense Packages Bug #13806: Suricata interface rules cannot be viewed.: Still working for me in an existing installation. I just went to the SID MGMT tab, created an _enablesid.conf_ file, ... Bill Meeks
04:12 PM pfSense Packages Bug #13806: Suricata interface rules cannot be viewed.: Marcos M wrote in #note-2:
> It's a fresh install and configuration. All categories do show correctly (see attached)... Bill Meeks
02:41 PM pfSense Packages Bug #13806: Suricata interface rules cannot be viewed.: It's a fresh install and configuration. All categories do show correctly (see attached) - they are currently being ma... Marcos M
02:04 PM pfSense Packages Bug #13806: Suricata interface rules cannot be viewed.: Can you post additional details? I cannot reproduce this issue on my test virtual machine. Do you show any rule categ... Bill Meeks
09:42 PM pfSense Packages Bug #13808: Suricata saves duplicate entries for the default built-in events and files rule sets when saving changes on the CATEGORIES tab: This issue is corrected by Pull Request 1210 submitted to the DEVEL branch: https://github.com/pfsense/FreeBSD-ports/... Bill Meeks
09:30 PM pfSense Packages Bug #13808 (Resolved): Suricata saves duplicate entries for the default built-in events and files rule sets when saving changes on the CATEGORIES tab: The Suricata package will save duplicate entries in _config.xml_ for the default built-in rules when saving enabled r... Bill Meeks
08:32 PM pfSense Packages Bug #10646 (Feedback): Reinstall package process stalls at pfBlockerNG when restoring a config: Issue here has to do with pkg(8) hardening that prevents it from spawning long-lived processes. pkg(8) uses procctl t... Christian McDonald
08:31 PM pfSense Packages Bug #10867 (Feedback): squidGuard Package Hangs on Uninstall or Upgrade: Issue here has to do with pkg(8) hardening that prevents it from spawning long-lived processes. pkg(8) uses procctl t... Christian McDonald
08:30 PM pfSense Packages Bug #11398 (Feedback): pfBlocker upgrade hangs forever: Issue here has to do with pkg(8) hardening that prevents it from spawning long-lived processes. pkg(8) uses procctl t... Christian McDonald
12:01 PM Bug #13014: Deadlock in Charon VICI interface: Jim Pingle wrote in #note-40:
> I have a lot of connections that stay down in my lab for various reasons, but they ca... David Vazquez
02:00 AM Bug #13807 (Not a Bug): NAT changes aren't rolled back using Restore recent configuration on the console: Accidentally I natted all traffic from the intranet(1) going to the firewall(2) to an internal host. Obviously I wasn... Gustavo Domínguez

12/26/2022

10:00 PM pfSense Packages Bug #13806 (Resolved): Suricata interface rules cannot be viewed.: Tested on the latest version on the dev branch.
No matter which rule is selected in the drop-down, the custom rule... Marcos M
03:29 PM Feature #13805 (New): A way to reliably determine if system is the primary or secondary in CARP: There is no current way, as far as I can tell, to reliably determine if the current system is the primary or secondar... Christopher Cope
03:16 PM Feature #13804 (Pull Request Review): Prevent CARP status/maintenance mode from being erroneously toggled: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/999 Christopher Cope
03:06 PM Feature #13804 (Resolved): Prevent CARP status/maintenance mode from being erroneously toggled: On the Status > CARP page the buttons to disable/enable CARP or enter/leave CARP maintenance mode only toggle the sta... Christopher Cope
10:33 AM Regression #13803 (Not a Bug): When adding an EasyBlock rule, the GUI redirects to "Firewall > Aliases > IP" instead of "Firewall > Rules": 2.7.0-DEVELOPMENT (amd64)
built on Fri Dec 23 06:05:19 UTC 2022
FreeBSD 14.0-CURRENT
Repro steps:
1. Navigate... Gerke Max Preussner
10:21 AM Bug #13423: IPv6 neighbor discovery protocol (NDP) fails in some cases: It occurs on 23.01 DEVEL too. I kindly ask Netgate to take a look at this issue because it breaks IPv6 almost complet... Tito Sacchi
10:17 AM Bug #13423: IPv6 neighbor discovery protocol (NDP) fails in some cases: I found a way to automate this process with pfSsh.php:... Tito Sacchi
10:12 AM Bug #13423: IPv6 neighbor discovery protocol (NDP) fails in some cases: OK -
Tested saving the interface and it did add multicast group:... Chris Linstruth
08:34 AM Bug #13423: IPv6 neighbor discovery protocol (NDP) fails in some cases: Opening the interface configuration page and clicking 'Save' and then 'Apply' without changing anything solves the pr... Tito Sacchi
06:56 AM Bug #13802 (New): Incorrect language in Plus registration: The email sent by shopify says this:... Chris Linstruth
06:56 AM Feature #13801 (New): PPPoE Server should allow no authentication: Currently the built-in PPPoE server supports PAP and CHAP auth, but does not allow for no authentication.
The use-... Nick Hall

12/25/2022

08:32 PM Bug #13800: Module Init Failure - FreeBSD 14.0-CURRENT #0 devel-main-n255825-17d2b04a49e: Fri Dec 23 06:29:08 UTC 2022: Somehow you've managed to upgrade PHP without also upgrading the extensions.
Module compiled with module API=20210... Christian McDonald
06:28 PM Bug #13800 (Rejected): Module Init Failure - FreeBSD 14.0-CURRENT #0 devel-main-n255825-17d2b04a49e: Fri Dec 23 06:29:08 UTC 2022: Crash report begins. Anonymous machine information:
amd64
14.0-CURRENT
FreeBSD 14.0-CURRENT #0 devel-main-n2558... RED SKULL
10:48 AM pfSense Packages Feature #10818: UDP Broadcast Relay: Check Diagnostics / System Activity and make sure that the process is actually running. There are some errors which a... Marcos M
12:43 AM Bug #13729: Gateways stuck in Unknown status: Jordan Greene wrote in #note-7:
> Nazar Mokrynskyi wrote in #note-6:
> >
> > Qemu 7 with 3 virtio network interfa... Nazar Mokrynskyi

12/24/2022

08:56 PM pfSense Packages Regression #12643: Rule categories are cleared after clicking the save button on the Global Settings page: suricata 6.0.8_2 on 23.01.b.20221223.0600 does not lose interface rule selection when saving from global settings page Jordan G
07:50 PM pfSense Plus Bug #13799 (Resolved): Unbound python module persistently shows enabled in resolver settings: Unchecking python module in dns resolver settings shows checked again after save/apply and there is no python script ... Jordan G
06:25 PM Bug #13729: Gateways stuck in Unknown status: Nazar Mokrynskyi wrote in #note-6:
>
> Qemu 7 with 3 virtio network interfaces (WAN, LAN, WAN2), host is x86-64 Al... Jordan G
05:01 PM pfSense Packages Bug #13798 (Resolved): Crash report with lldpd package and 23.01.b.20221223.0600: Seen this issue since the first 23.01 BETA and still see it every upgrade. Using the standard LLDPD package from pfSe... Richie Crews
12:42 PM pfSense Plus Bug #13797 (Not a Bug): DNS Resolver stops working: Hi there,
I have been having problems with the DNS Resolver that it just stops working for no reason every now and... Fred Brunken
06:51 AM Feature #13796 (Rejected): Restrict hardware address client (UUID string) login: Hello everybody,
I am using Netgate pfsense on Aws
Now i want trust the client login vpn server by restrict uuid st... vicent lee

Also available in: Atom

Project

General

Profile

pfSense

Activity

Activity

01/22/2023

01/21/2023

01/20/2023

01/19/2023

01/18/2023

01/17/2023

01/16/2023

01/15/2023

01/14/2023

01/13/2023

01/12/2023

01/11/2023

01/10/2023

01/09/2023

01/08/2023

01/07/2023

01/06/2023

01/05/2023

01/04/2023

01/03/2023

01/02/2023

01/01/2023

12/31/2022

12/30/2022

12/29/2022

12/28/2022

12/27/2022

12/26/2022

12/25/2022

12/24/2022