Activity

30 days up to

User

Subprojects

Activity

From 01/13/2023 to 02/11/2023

02/11/2023

08:46 PM Feature #13948 (New): Allow %any for local_addrs IPsec endpoint setting: Charon allows setting %any as local_addrs, allowing connections to all IPs. We should offer a setting to set this opt... Flole Systems
12:03 PM pfSense Packages Regression #13947: Remove 4096GB quota limit: As an observation, you can avoid the overflow consequences of premature logout due to the 32 bit unsigned integer ove... Dale Harron
10:40 AM Bug #13929: IGMP Proxy multicast group membership query packets have an invalid checksum: Hopefully it will be fixed in the upcoming version 23.01. Otherwise I have to skip this version. :(
Is this bug al... Johannes Wanink
04:01 AM Bug #13940: Firewall log parser does not handle SCTP log entries: Done in https://github.com/pfsense/pfsense/pull/4625. Théo Sarrazin

02/10/2023

04:59 PM Revision 3269c456: update dependencies managed by composer: Christian McDonald
11:18 AM Feature #13843: Add ability to properly configure RADIUS captive portal user quotas of 4096MB or more: Let's keep the notes relevant to the issue topic, please. Your concerns about interim accounting overflowing uint32, ... Reid Linnemann

02/09/2023

07:40 AM pfSense Packages Bug #13874 (Resolved): pfBlocker -devel hanging on cron jobs: Thanks for testing and following up!
I'm going to mark this one resolved as there was some overlap with #13926 and... Jim Pingle
07:39 AM pfSense Packages Bug #13926 (Resolved): pfBlockerNG-devel 3.2.0 - Slow MaxMind Database Downloads under PHP 8.1: Jim Pingle
06:20 AM Feature #13843: Add ability to properly configure RADIUS captive portal user quotas of 4096MB or more: I believe I can finally put this project in perspective for all of us.
1. The reconciliation of the 32 bit unsigne... Dale Harron
05:39 AM pfSense Packages Bug #13936 (Confirmed): PHP error from RRD Graphs when attempting a query a newly created empty database: I replicated the issue. ... Danilo Zrenjanin
12:17 AM Revision 402c98a2: Update copyright years to include 2023: Reid Linnemann

02/08/2023

06:38 PM pfSense Packages Bug #13874: pfBlocker -devel hanging on cron jobs: Work has had me tied up so I haven't been able to do review the information Jim was kind enough to provide. I freed ... Allen C
06:31 PM Feature #13843: Add ability to properly configure RADIUS captive portal user quotas of 4096MB or more: If you are referring to periodic auth as both Reauth every minute checked and/or stop/start checked I have tested bot... Dale Harron
11:23 AM Feature #13843: Add ability to properly configure RADIUS captive portal user quotas of 4096MB or more: Regression #13947 covers this. Reid Linnemann
11:15 AM Feature #13843: Add ability to properly configure RADIUS captive portal user quotas of 4096MB or more: I understand the concern here. I think until I can improve on the pfSense-Max-Total-Octets used for preemptive logout... Reid Linnemann
07:21 AM Feature #13843: Add ability to properly configure RADIUS captive portal user quotas of 4096MB or more: Perhaps it would help if I took a different perspective here:
You do not have to implement the following: "Documen... Dale Harron
06:47 AM Feature #13843: Add ability to properly configure RADIUS captive portal user quotas of 4096MB or more: In way of clarification, the used-octets-user or used-octets-user-uniqueID files are currently correctly updated with... Dale Harron
03:36 PM pfSense Packages Bug #13926: pfBlockerNG-devel 3.2.0 - Slow MaxMind Database Downloads under PHP 8.1: This change fixed two issues I have seen with pfB since moving to 23.01: 1) slow MaxMind downloads; 2) slow block lis... Glenn Hall
11:21 AM pfSense Packages Regression #13947 (Feedback): Remove 4096GB quota limit: The 4096GB quota limit introduced to prevent pfSense-Max-Total-Octets overflowing uint32 for captive portal artificia... Reid Linnemann
08:37 AM pfSense Packages Bug #13897 (Resolved): IPsec Profile Wizard/Windows: Generated script adds an invalid route command for ``0.0.0.0/0``: Tested against the IPsec Profile Wizard pkg v. 1.1
It looks fine.
*Split Tunnel Routes* part is omitted if the loca... Danilo Zrenjanin
07:49 AM Bug #13946 (Resolved): Polish translation contains an invalid ``sprintf()`` format in the text for ``firewall_nat_out_edit.php``: A PHP error occurs when a user tries to open @firewall_nat_out_edit.php@ when using the Polish translation:... Jim Pingle
07:14 AM pfSense Packages Feature #13930: Hysteria Proxy/Relay: help doc link: https://hysteria.network/docs/advanced-usage/ yon Liu
04:41 AM pfSense Packages Feature #13930: Hysteria Proxy/Relay: It supports using ACME to obtain encryption certificates or self-signed certificates can be used. yon Liu
04:40 AM pfSense Packages Feature #13930: Hysteria Proxy/Relay: After I have tested and compared, it is designed to include encryption to bypass monitoring. After the network protoc... yon Liu
04:33 AM pfSense Packages Feature #13930: Hysteria Proxy/Relay: No, it has encryption, and it's specifically designed to bypass internet surveillance in authoritarian countries. Cer... yon Liu
06:44 AM Regression #13418: Captive Portal does not keep track of client data usage: In way of clarification, the used-octets-user or used-octets-user-uniqueID files are currently correctly updated with... Dale Harron
06:19 AM Regression #13418: Captive Portal does not keep track of client data usage: The solution that was applied for stop/start freeRadius that sends only incremental data use in each stop/start packe... Dale Harron
04:02 AM Bug #13929: IGMP Proxy multicast group membership query packets have an invalid checksum: I’m also hoping this could be fixed in 23.01.
It’s going to destroy a lot of IPTV setups when people upgrade. R. Picobello
03:59 AM Bug #13929: IGMP Proxy multicast group membership query packets have an invalid checksum: I can't upgrade to 23.01 if this issue is still active in 23.01.
Hopefully this will be fixed in 23.01 instead of ... Remie van de Zande

02/07/2023

10:31 PM Feature #12070: Support for VLAN ``0``: Christopher Cope wrote in #note-7:
> Tested on
> [...]
>
> Working successfully with AT&T on my edge without the... Matt Johnson
08:05 PM Revision e0fd8fdd: Enable the registration page on Plus.: Allow the customers to re-register an existing instance if the NDI changes.
Ticket: 9580 Luiz Souza
04:31 PM Bug #13945: DHCP Active Leases page display: Further testing on my system has shown the issue to be present in the "legacy" light and dark themes, the Beta themes... Mike McV
04:20 PM Bug #13945 (Rejected): DHCP Active Leases page display: Can't reproduce this here. The whole row is always displayed. FF 109.0.1, Chrome 110.0.5481.78.
If I reduce the wi... Jim Pingle
04:07 PM Bug #13945 (Rejected): DHCP Active Leases page display: The DHCP assigned leases page formatting will not allow a full row display regardless of window dimensions.
I have... Mike McV
03:49 PM Feature #13843: Add ability to properly configure RADIUS captive portal user quotas of 4096MB or more: @edaleh I believe I can now explain most of this behavior.
redmine 13418 fixed an issue with freeRadius where fr... Dale Harron
02:19 PM pfSense Packages Todo #13255: Set PKCS#12 algorithm when exporting OpenVPN ZIP or Windows bundles: That is part of the plan, see #13917 Jim Pingle
01:06 PM pfSense Packages Todo #13255: Set PKCS#12 algorithm when exporting OpenVPN ZIP or Windows bundles: Jim Pingle wrote:
> Currently when crafting a PKCS#12 archive the OpenVPN Client Export package does not set a speci... Thomas Ward
09:33 AM pfSense Packages Bug #10646 (Resolved): Reinstall package process stalls at pfBlockerNG when restoring a config: This has been working since the fix went in. Jim Pingle
09:33 AM pfSense Packages Bug #11398 (Resolved): pfBlocker upgrade hangs forever: This has been working since the fix went in. Jim Pingle
09:19 AM Bug #13935 (Resolved): RRD restore process does not sanitize filenames from backup XML: Backup and restore of RRD works as expected on current builds.
Jim Pingle
08:21 AM Bug #10624 (Resolved): Memory leak in Unbound with Python module and DHCP lease registration active: No reports of problems that I've seen since the fix is in place. If it recurs we can always reopen or start a fresh i... Jim Pingle
08:20 AM Regression #11316 (Resolved): Unbound crashes with signal 11 when reloading: No reports of problems that I've seen since the fix is in place. If it recurs we can always reopen or start a fresh i... Jim Pingle
08:19 AM Todo #13893 (Closed): Update Unbound to 1.17.1: This has been in for a while and no apparent issues. Closing. Jim Pingle
08:18 AM Regression #13944 (Resolved): PHP error in ``flock()`` during certain XMLRPC operations: Certain XMLRPC operations generate a PHP error mentioning @flock()@:... Jim Pingle
08:13 AM Feature #13446 (Closed): Upgrade PHP from 7.4 to 8.1: All done for 23.01. New issues can be handled separately. Jim Pingle
08:13 AM pfSense Packages Regression #13892 (Resolved): PHP error from ``status_monitoring.php`` with empty OpenVPN servers: Jim Pingle
08:05 AM Bug #13940: Firewall log parser does not handle SCTP log entries: The protocol layout isn't defined in the log parser so it doesn't know what to do with it. There is no test for proto... Jim Pingle

02/06/2023

10:05 PM Regression #13943: OpenVPN crashes with Signal 8 with very low fragment size: Marcos M wrote in #note-2:
> Signal 8 (SIGFPE) is @floating-point exception@:
> https://man.freebsd.org/cgi/man.cgi?s... Leon Dang
08:38 PM Regression #13943: OpenVPN crashes with Signal 8 with very low fragment size: Signal 8 (SIGFPE) is @floating-point exception@:
https://man.freebsd.org/cgi/man.cgi?sektion=3&query=signal
The Open... Marcos M
08:27 PM Regression #13943 (Resolved): OpenVPN crashes with Signal 8 with very low fragment size: OpenVPN crashes after updating from 22.01 to 22.05. The issue also occurs on 23.01-RC. Tested on an XG-1537-M2-32GB.
... Marcos M
07:54 PM Regression #13942 (Pull Request Review): PHP error on ``status_logs_settings.php`` if the configuration contains an empty ``syslog`` section: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/1010 Marcos M
07:08 PM Regression #13942 (Resolved): PHP error on ``status_logs_settings.php`` if the configuration contains an empty ``syslog`` section: See:
https://forum.netgate.com/topic/177633/logs-not-updating-on-23-01... Marcos M
06:34 PM pfSense Docs New Content #13941 (Resolved): Memory usage in pfSense: Questions frequently come up regarding memory usage in pfSense software. A doc on the subject could mention notes/qui... Marcos M
05:14 PM Revision ca80d184: Correct RRD backup/restore cmd file handling. Fixes #13935: Jim Pingle
04:18 PM Bug #13940 (Resolved): Firewall log parser does not handle SCTP log entries: Tested in 22.05 / 23.01.
The firewall logs page in the webGUI does not show the following entries in @/var/log/fil... Marcos M
04:15 PM Revision 053f60e5: util.inc: fix incorrect resource test in unlock(): Christian McDonald
03:48 PM Bug #13939: IPv6 does not work on secondary PPPoE WAN: It actually looks like this was written from the get-go to omit the scope, which is why it does @echo ${IP} |cut -d% ... Reid Linnemann
02:51 PM Bug #13939: IPv6 does not work on secondary PPPoE WAN: It may only need to ensure the proper scope gets added to that router file, which it isn't doing now.
source:src/usr... Jim Pingle
02:42 PM Bug #13939 (Resolved): IPv6 does not work on secondary PPPoE WAN: I have 2 PPPoE WANs at home and IPv6 only works on primary link, used as default gateway. In this case pppoe0 works ... Renato Botelho
02:38 PM pfSense Packages Bug #13920: 23.01RC - Suricata stops working after Wireguard installed: The fix for this issue requires an update to the custom blocking plugin compiled into the Suricata binary on pfSense.... Bill Meeks
02:24 PM Bug #13014: Deadlock in Charon VICI interface: We're still trying to reproduce this and gather data on it, but we are getting closer. Jim Pingle
02:12 PM Bug #13938 (Resolved): Kernel panic accessing the GUI over IPsec in certain environments when using nginx ``sendfile`` with unmapped mbufs: Under certain conditions which have not yet been identified, it is possible to encounter a kernel kernel panic on Fre... Jim Pingle
12:40 PM Bug #13937 (New): New OpenVPN entries are not immediately reflected in RRD graphs: When creating an OpenVPN entry, it is not immediately reflected in the RRD update script, graph database files, etc.
... Jim Pingle
12:33 PM pfSense Packages Bug #13936 (Resolved): PHP error from RRD Graphs when attempting a query a newly created empty database: Attempting to view an RRD graph of a new database that doesn't yet have data results in a PHP error.
Easiest way t... Jim Pingle
11:25 AM Bug #13935 (Feedback): RRD restore process does not sanitize filenames from backup XML: Applied in changeset commit:ca80d18493f8f91b21933ebd6b714215ae1e5e94. Jim Pingle
11:14 AM Bug #13935 (Resolved): RRD restore process does not sanitize filenames from backup XML: The code in source:src/etc/inc/config.lib.inc#L291 which restores RRD files from a @config.xml@ backup does not escap... Jim Pingle
08:46 AM pfSense Plus Bug #13933: Unable to make modifications to vlan descriptions: This site is not for support or diagnostic discussion, so that is something you'd need to keep on the forum thread an... Jim Pingle
08:25 AM pfSense Plus Bug #13933: Unable to make modifications to vlan descriptions: Although not a stock install of pfsense as there are other packages that needed to be installed via the repo[pfblocke... Mike Moore
07:30 AM pfSense Plus Bug #13933 (Rejected): Unable to make modifications to vlan descriptions: I can't reproduce this as stated. Changes to descriptions are immediately reflected as expected. They are stored in t... Jim Pingle
08:04 AM Bug #13929: IGMP Proxy multicast group membership query packets have an invalid checksum: Marking as 23.05 for now so it doesn't get missed. If we find a viable solution in the meantime we can try to squeeze... Jim Pingle
07:48 AM pfSense Packages Feature #13575: Update to frr 9.0.1: When this happens it's best to just move to 8.x and not keep two versions around.
Jim Pingle
07:46 AM pfSense Packages Feature #13931 (Duplicate): Upgrade FRR from 7.x to 8.x: Duplicate of #13575 Jim Pingle
07:34 AM pfSense Packages Feature #13930: Hysteria Proxy/Relay: It's no surprise that it's faster than WireGuard as it has no encryption. It's a proxy/relay setup, not an encrypted ... Jim Pingle

02/05/2023

09:16 PM Bug #13934 (Closed): Killing states by gateway can miss some IPv6 outbound states: Due to the default outbound rules, IPv6 outbound states are created with @gateway: ::@ which prevents the states from... Marcos M
05:50 PM pfSense Plus Bug #13933: Unable to make modifications to vlan descriptions: This is a reproducible issue. Changes to VLAN description cause all interfaces to flap. I have the system.log file to... Mike Moore
12:55 PM pfSense Plus Bug #13933: Unable to make modifications to vlan descriptions: Uploading log output jpeg. This occurs each time the vlan description is attempted to be changed but doesn't. There i... Mike Moore
12:49 PM pfSense Plus Bug #13933 (Rejected): Unable to make modifications to vlan descriptions: The issue is focused on interface heirarchy.
1. Attempting to change vlan description <clicking save> does not resul... Mike Moore
09:18 AM pfSense Packages Bug #13920: 23.01RC - Suricata stops working after Wireguard installed: Bill Meeks wrote in #note-7:
> Just to be clear on this PHP error. I think you are getting that because you made an ... Greger Blennerud
07:55 AM pfSense Packages Feature #13930: Hysteria Proxy/Relay: I have notified the developer of this program, and the developer has agreed to promote this program. And it is recomm... yon Liu

02/04/2023

10:41 PM Bug #13344: Vlan loses parent interface when changing LAGG mtu to jumbo frames: Matthew Whittaker-Williams wrote:
> When I try to add jumbo frames to lagg interface ( 9000 ) - main
> When I chan... Jordan G
09:36 PM pfSense Packages Bug #13932 (Not a Bug): Deprecation Message for Arpwatch: I checked the code. We are already using -w instead of -m. We could remove the pkg-message from our net-mgmt/arpwatch. Christian McDonald
06:12 PM pfSense Packages Bug #13932 (Not a Bug): Deprecation Message for Arpwatch: During install, the following message about deprecated flags is mentioned:
_
The -m flag is deprecated. If you are ... Kris Phillips
02:21 PM pfSense Packages Bug #13920: 23.01RC - Suricata stops working after Wireguard installed: Greger Blennerud wrote in #note-6:
> The actual list found in /usr/local/etc/suricata/suricata_28603_vtnet1 never cha... Bill Meeks
04:08 AM pfSense Packages Bug #13920: 23.01RC - Suricata stops working after Wireguard installed: I decided to do some more testing and discovered some wierd issues with the passlist.
First of all, I get a discrep... Greger Blennerud
11:03 AM Bug #13915: PHP errors when re-running Traffic Shaper Wizards with different settings: Athanasios Chatzi wrote in #note-2:
> Jim Pingle wrote in #note-1:
> > Can you attach the @<ezshaper>[...]</ezshape... Athanasios Chatzi
05:49 AM Bug #13915: PHP errors when re-running Traffic Shaper Wizards with different settings: Hi all!
Same problem here!! Since i updated to 23.01-RC i have the same problem like you.
I always had it worki... Humberto Nieto
10:59 AM pfSense Packages Feature #13931 (Duplicate): Upgrade FRR from 7.x to 8.x: The FRR latest version has fixed many problems. Including the bug fixes submitted by me. And added many new features.... yon Liu
10:55 AM pfSense Packages Feature #13930 (New): Hysteria Proxy/Relay: Please consider adding this function. I have tested that its actual network speed is 5-10 times faster than wireguard... yon Liu
10:05 AM pfSense Packages Bug #13925 (Pull Request Review): Suricata 6.0.8_7 - PHP Fatal Errror on IP Rep Tab: https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/328 Christopher Cope
08:45 AM pfSense Packages Bug #13925 (Confirmed): Suricata 6.0.8_7 - PHP Fatal Errror on IP Rep Tab: I'm able to reproduce this on... Christopher Cope
04:33 AM Feature #13843: Add ability to properly configure RADIUS captive portal user quotas of 4096MB or more: If the new 4095 GB limit set in the freeRadius user file edit/create code is related to this Feature, it is INCORRECT... Dale Harron
02:47 AM Bug #13929 (Resolved): IGMP Proxy multicast group membership query packets have an invalid checksum: Having a TV provider with multicast streams, working flawless in 22.50 when upgraded to 23.01 it starts stuttering an... R. Picobello

02/03/2023

09:34 PM Revision 8a2c52b0: Refactor some direct config access in sysctl: Christian McDonald
07:22 PM pfSense Plus Bug #13924 (Not a Bug): 23.01.r.20230202.1645 reports a creation date of 2022-07-01 23:36 - also have to manually add interfaces after rebooting each time.: Thanks for following up! Jim Pingle
07:16 PM pfSense Plus Bug #13924: 23.01.r.20230202.1645 reports a creation date of 2022-07-01 23:36 - also have to manually add interfaces after rebooting each time.: Christian McDonald wrote in #note-3:
> tailscaled expects to solely own the tailscale0 interface.
>
> pfSense is ... Scott Costa
06:48 PM pfSense Plus Bug #13924: 23.01.r.20230202.1645 reports a creation date of 2022-07-01 23:36 - also have to manually add interfaces after rebooting each time.: Christian McDonald wrote in #note-3:
> tailscaled expects to solely own the tailscale0 interface.
>
> pfSense is ... Scott Costa
08:28 AM pfSense Plus Bug #13924: 23.01.r.20230202.1645 reports a creation date of 2022-07-01 23:36 - also have to manually add interfaces after rebooting each time.: tailscaled expects to solely own the tailscale0 interface.
pfSense is throwing an interface mismatch/change warnin... Christian McDonald
07:22 AM pfSense Plus Bug #13924 (Incomplete): 23.01.r.20230202.1645 reports a creation date of 2022-07-01 23:36 - also have to manually add interfaces after rebooting each time.: The creation date you are referencing is the creation date of the default Boot Environment and that's normal/expected... Jim Pingle
06:20 PM Bug #13928 (Duplicate): Add Notification to webConfigurator for Low Disk Space: Duplicate of #10467 Jim Pingle
04:30 PM Bug #13928 (Duplicate): Add Notification to webConfigurator for Low Disk Space: Frequently customers will run into disk space issues with very little indication what is causing it. Adding a notifi... Kris Phillips
04:33 PM pfSense Packages Bug #13920: 23.01RC - Suricata stops working after Wireguard installed: Looking into this deeper, I suspect there is potentially an issue with the custom blocking plugin used with the Suric... Bill Meeks
11:07 AM pfSense Packages Regression #13884: pfBlockerNG DNSBL TLD option causes reloads to take a long time: Related forum thread: https://forum.netgate.com/topic/177504/v-3-2-0-with-pfsense-23-01-rc-20230202 Jim Pingle
10:40 AM pfSense Packages Bug #13874: pfBlocker -devel hanging on cron jobs: There may be two distinct issues there: One with downloads, and one with processing.
If you find it's hanging up on ... Jim Pingle
10:10 AM pfSense Packages Bug #13874: pfBlocker -devel hanging on cron jobs: Ran into this issue on pfBlockerNG-devel v3.2.0 a few days ago. Have been deploying dailies, currently on v2.7.0.a.2... Allen C
10:24 AM Bug #13927 (New): Cannot set AdvDefaultLifetime aka "Router lifetime": Typically, setting AdvDefaultLifetime to 0 means that a router cannot be used as a default router.
(c.f. https://lin... Jan L.
10:08 AM pfSense Packages Bug #13926 (Feedback): pfBlockerNG-devel 3.2.0 - Slow MaxMind Database Downloads under PHP 8.1: I merged the changes to the pfBlockerNG cURL defaults, so the next build will include them. Jim Pingle
09:48 AM pfSense Packages Bug #13926: pfBlockerNG-devel 3.2.0 - Slow MaxMind Database Downloads under PHP 8.1: Steve Wilson wrote in #note-2:
> Jim,
>
> With your patch applied the download completes in about 5 seconds, so i... Jim Pingle
09:44 AM pfSense Packages Bug #13926: pfBlockerNG-devel 3.2.0 - Slow MaxMind Database Downloads under PHP 8.1: Jim,
With your patch applied the download completes in about 5 seconds, so it solves the issue. But note that the... Steve Wilson
09:24 AM pfSense Packages Bug #13926: pfBlockerNG-devel 3.2.0 - Slow MaxMind Database Downloads under PHP 8.1: If you can easily reproduce this, try the following patch (path strip=1):... Jim Pingle
04:37 AM pfSense Packages Bug #13926 (Resolved): pfBlockerNG-devel 3.2.0 - Slow MaxMind Database Downloads under PHP 8.1: Prior to the update to PHP 8.1, downloads of the MaxMind database would take approximately 4 seconds. After the updat... Steve Wilson
08:11 AM pfSense Packages Bug #13922 (Resolved): Snort - rules package downloads may hang for an extended period if remote site offers an HTTP/2 connection: PR merged, thanks! Jim Pingle
08:11 AM pfSense Packages Bug #13923 (Resolved): Snort - fails to clean-up all files when uninstalling and also creates an unnecessary barnyard2 logging subdirectory.: PR merged, thanks! Jim Pingle
08:11 AM pfSense Packages Bug #13839 (Resolved): Suricata version updates take a long time: PR merged, thanks! Jim Pingle
01:54 AM pfSense Packages Bug #13925 (Resolved): Suricata 6.0.8_7 - PHP Fatal Errror on IP Rep Tab: Clicking on the IP Rep tab when editing an existing interface throws a PHP error.
Steps to reproduce:
1. Naviga... Steve Wilson

02/02/2023

11:31 PM pfSense Plus Bug #13924: 23.01.r.20230202.1645 reports a creation date of 2022-07-01 23:36 - also have to manually add interfaces after rebooting each time.: Intended to mention that having to manually add the interfaces back and DHCP not auto starting all began upon upgradi... Scott Costa
11:25 PM pfSense Plus Bug #13924 (Not a Bug): 23.01.r.20230202.1645 reports a creation date of 2022-07-01 23:36 - also have to manually add interfaces after rebooting each time.: 23.01.r.20230202.1645 reports a incorrect creation date of 2022-07001 23:36 after installing it.
Also, after firs... Scott Costa
07:26 PM pfSense Packages Bug #13922: Snort - rules package downloads may hang for an extended period if remote site offers an HTTP/2 connection: This issue is resolved by pull request #1225 posted against the DEVEL snapshots here: https://github.com/pfsense/Free... Bill Meeks
07:04 PM pfSense Packages Bug #13922 (Resolved): Snort - rules package downloads may hang for an extended period if remote site offers an HTTP/2 connection: Changes in cURL function behavior in PHP 8.1 make the Snort package vulnerable to a hang condition when downloading r... Bill Meeks
07:26 PM pfSense Packages Bug #13923: Snort - fails to clean-up all files when uninstalling and also creates an unnecessary barnyard2 logging subdirectory.: This issue is resolved by pull request #1225 posted against the DEVEL snapshots here: https://github.com/pfsense/Free... Bill Meeks
07:10 PM pfSense Packages Bug #13923 (Resolved): Snort - fails to clean-up all files when uninstalling and also creates an unnecessary barnyard2 logging subdirectory.: The Snort package fails to clean up all it's _*.rules_ files when uninstalling. It also creates a Barnyard2 logging s... Bill Meeks
06:27 PM pfSense Packages Bug #13839: Suricata version updates take a long time: Jim Pingle wrote in #note-6:
> To fix some issues in Dynamic DNS where it didn't want to close connections (it hung ... Bill Meeks
06:12 PM pfSense Packages Bug #13839: Suricata version updates take a long time: The pull request to correct this issue has been submitted against the snapshots DEVEL branch here: https://github.com... Bill Meeks
05:19 PM pfSense Packages Bug #13839: Suricata version updates take a long time: To fix some issues in Dynamic DNS where it didn't want to close connections (it hung pretty much indefinitely) we end... Jim Pingle
05:07 PM pfSense Packages Bug #13839: Suricata version updates take a long time: After some digging around, I am pretty sure I found the problem here. It is related to HTTP/2 support in cURL. I can ... Bill Meeks
05:24 PM pfSense Packages Bug #13566 (Resolved): Non-devel pfBlocker Package Broken in 2.7 CE with PHP 8.1: Tested on... Christopher Cope
04:31 PM pfSense Packages Bug #13920: 23.01RC - Suricata stops working after Wireguard installed: Christian McDonald wrote in #note-3:
> Hi,
>
> I'll have a look. Might not be this week, but definitely next week... Bill Meeks
02:23 PM pfSense Packages Bug #13920: 23.01RC - Suricata stops working after Wireguard installed: Hi,
I'll have a look. Might not be this week, but definitely next week. Christian McDonald
01:43 PM pfSense Packages Bug #13920: 23.01RC - Suricata stops working after Wireguard installed: I might need some assistance from the Netgate wireguard guru on this one. I don't have a functioning wireguard packag... Bill Meeks
10:38 AM pfSense Packages Bug #13920 (Resolved): 23.01RC - Suricata stops working after Wireguard installed: Upgraded to 23.01RC from 22.05 without any packages installed. Current base system shown as 23.01.r.20230202.0019
... Greger Blennerud
12:51 PM pfSense Docs Correction #13921 (Closed): OpenVPN Monitoring Docs need updated: https://redmine.pfsense.org/issues/13129
The above issue changes have been committed. The docs haven't been updated ... Christopher Cope
10:47 AM pfSense Packages Bug #13919 (Resolved): Typo in suricata package: cpnfig_set_path(): PR merged Jim Pingle
08:34 AM pfSense Packages Bug #13919: Typo in suricata package: cpnfig_set_path(): This issue has been corrected in pull request 1223 posted here: https://github.com/pfsense/FreeBSD-ports/pull/1223.
... Bill Meeks
05:15 AM pfSense Packages Bug #13919 (Resolved): Typo in suricata package: cpnfig_set_path(): FreeBSD 14.0-CURRENT #0 plus-RELENG_23_01-n256014-9cf2a68c5e5: Thu Feb 2 00:48:35 UTC 2023 root@freebsd:/var/jen... Brian Macy

02/01/2023

04:43 PM Revision 5e15b80d: composer update: Christian McDonald
02:32 PM Regression #12827: High latency and packet loss during a filter reload: Hello.
To reiterate, there are 2 distinct issues remaining.
What was patched, was one change which resulted in ... Mateusz Guzik
12:04 PM Todo #13893: Update Unbound to 1.17.1: No need to mention the old version, the one that was there was only present on snapshots, previous versions of Plus w... Jim Pingle
07:59 AM pfSense Packages Bug #10436: softflowd no longer sends flow data after upgrade (v0.9.9_1 -> v1.0.0): Can someone test this with 23.01 snaps on the SG-3100 ?
Marcelo Cury

01/31/2023

01:38 AM Bug #13918: ICMP timestamp requests are passed by states created from ICMP echo requests if they use the same ID: First, thanks to Marcos for providing a simple test.
I have the following FLOATING rules repeated for every interf... Serge Caron
12:48 AM Revision 1f940d34: Correctly identify newer AWS instances: Steve Wheeler

01/30/2023

05:17 PM Bug #13918: ICMP timestamp requests are passed by states created from ICMP echo requests if they use the same ID: pf's state table is keyed by a structure that is defined with TCP/UDP in mind and includes a source and destination p... Reid Linnemann
02:52 PM Bug #13918: ICMP timestamp requests are passed by states created from ICMP echo requests if they use the same ID: This just seems to be part of how pf tracks state for ICMP currently. Given that ICMP is a "stateless" protocol it ha... Jim Pingle
02:46 PM Bug #13918 (New): ICMP timestamp requests are passed by states created from ICMP echo requests if they use the same ID: ICMP timestamp requests with the same identifier of a previously allowed ICMP echo request are also allowed. This is ... Marcos M
02:49 PM Bug #13652 (Closed): Inconsistent behavior filtering ICMP traffic: I've created a separate report with specific details and easily reproducible steps; I'm going to close this one out a... Marcos M
01:52 PM Bug #13652 (Confirmed): Inconsistent behavior filtering ICMP traffic: I was able to reproduce this in 23.01. The scan options required are:
* A @Search List@ with the @82003 ICMP Timestam... Marcos M
01:53 PM Feature #9544: Enable ``ROUTE_MPATH`` multipath routing: Updating subject for release notes. Jim Pingle
07:26 AM Feature #9544 (Closed): Enable ``ROUTE_MPATH`` multipath routing: FreeBSD retired @RAXIX_MPATH@ and replaced it with @ROUTE_MPATH@ which is in the default kernel used on FreeBSD 14-ba... Jim Pingle
01:47 PM pfSense Docs Todo #13586 (Pull Request Review): Add note for adjusting MSS on IPsec VTIs: Jim Pingle
01:47 PM pfSense Docs Correction #13841 (Resolved): Incorrect example in FreeRADIUS stats example: Jim Pingle
01:46 PM pfSense Docs Todo #13595 (Resolved): Update the cryptographic accelerators page with DCO info: Jim Pingle
01:46 PM pfSense Docs Correction #13400 (Resolved): Feedback on Cellular Wireless — Known Working 3G-4G Modems: Jim Pingle
01:46 PM pfSense Docs Todo #13020 (Resolved): Improve ``easyrule`` command documentation: Jim Pingle
01:45 PM pfSense Docs New Content #12883 (Resolved): Add note to DNS Resolver/Forwarder Host Overrides docs about client DNS bypassing the firewall (e.g. DoH): Jim Pingle
01:45 PM pfSense Docs New Content #12597 (Resolved): How to reset IPMI settings and password for Netgate appliances: Jim Pingle
01:45 PM pfSense Docs Correction #12400 (Resolved): NAT 1:1 documentation - multi-wan information: Jim Pingle
01:45 PM pfSense Docs New Content #11071 (Resolved): Add documentation for missing configuration items on IPv6 Router Advertisements: Jim Pingle
01:44 PM pfSense Docs Todo #9374 (Resolved): Update Virtualizing pfSense with Hyper-V recipe with more recent information: I've followed this several times since I updated it and it works fine here. Closing.
Jim Pingle
01:39 PM pfSense Docs Correction #13914 (Resolved): Typo in PPP docs: Jim Pingle
01:39 PM pfSense Docs Correction #13914: Typo in PPP docs: Fixed and deployed, will be live shortly. Jim Pingle
01:38 PM pfSense Docs Correction #13913 (Resolved): Typo in Captive Portal Docs: Fixed and deployed, will be live shortly. Jim Pingle
01:38 PM pfSense Docs Correction #13909 (Resolved): Feedback on pfSense® software Configuration Recipes — OpenVPN Site-to-Site Configuration Example with SSL/TLS: Fixed and deployed, will be live shortly. Jim Pingle
12:16 PM Bug #13916: Interface config doesn't allow colliding IP addresses even if a wireguard interface is used: I'm not really sure if I understand what you mean. In my case I have the slightly odd config of having a Wireguard VP... Flole Systems
07:30 AM Bug #13916 (Rejected): Interface config doesn't allow colliding IP addresses even if a wireguard interface is used: Jim Pingle
07:30 AM Bug #13916: Interface config doesn't allow colliding IP addresses even if a wireguard interface is used: While it may happen to work in some cases it's not valid in the underlying OS and can have unintended side effects. I... Jim Pingle
10:31 AM Feature #13656 (Duplicate): Add UI Elements for Priority Control Point on Interfaces: Duplicate of #13511 Jim Pingle
10:01 AM pfSense Packages Todo #13917 (Resolved): OpenVPN Client Export: Integrate OpenVPN 2.6.0: We need to add OpenVPN 2.6.0 to the export package but doing so has a few caveats:
* OpenSSL 3.0 which is used in ... Jim Pingle
07:38 AM Bug #13915: PHP errors when re-running Traffic Shaper Wizards with different settings: Athanasios Chatzi wrote in #note-2:
> Jim Pingle wrote in #note-1:
> > Can you attach the @<ezshaper>[...]</ezshape... Athanasios Chatzi
07:32 AM Bug #13915: PHP errors when re-running Traffic Shaper Wizards with different settings: Jim Pingle wrote in #note-1:
> Can you attach the @<ezshaper>[...]</ezshaper>@ section from your configuration and g... Athanasios Chatzi
07:16 AM Bug #13915: PHP errors when re-running Traffic Shaper Wizards with different settings: Can you attach the @<ezshaper>[...]</ezshaper>@ section from your configuration and give us a list of all the options... Jim Pingle
07:22 AM Feature #9545: Enable Multipath Routing in the Kernel: Builds based on FreeBSD 14 (including 23.01 and snapshots of 2.7.0) have @ROUTE_MPATH@ enabled in the kernel and it's... Jim Pingle
02:18 AM Feature #9545: Enable Multipath Routing in the Kernel: Jim Pingle wrote in #note-3:
> This requires RADIX_MPATH in the kernel which proved to be too unstable, thus had to ... Jens Groh

01/29/2023

06:54 PM Regression #12827: High latency and packet loss during a filter reload: Yeah unfortunately this is still an issue. As I said, it's still worse than before, even though it was improved. Incr... Flole Systems
06:21 PM Bug #13916 (Rejected): Interface config doesn't allow colliding IP addresses even if a wireguard interface is used: When using wireguard a config where the same IP address is used for multiple interfaces is perfectly valid. Pfsense d... Flole Systems
05:57 PM pfSense Plus Regression #13895: Early boot hangs on Hyper-V with Gen2 VMs: Changing the loader menu option @5. Cons:@ did not help. However, removing the DVD drive from the VM allows it to boo... Marcos M
04:31 AM Bug #13915 (Resolved): PHP errors when re-running Traffic Shaper Wizards with different settings: While finishing the configuration of traffic shaper at apply configuration appeared the error Athanasios Chatzi

01/28/2023

09:44 PM pfSense Packages Bug #13566: Non-devel pfBlocker Package Broken in 2.7 CE with PHP 8.1: I'm assuming this will have to wait for the RC release, as I don't see this reflected in the BETA repos. Both versio... Kris Phillips
05:49 AM pfSense Packages Bug #12808: Wireguard Gateways disabled when Wireguard Service is Manually Restarted: I'm still having the same issue. The link below has recently been update and would suggest that it's an issue using P... B P
02:06 AM pfSense Packages Bug #13441: FRR fails to start with route map on "sequence 0" in configuration: The same behavior on frr 1.2_3
frr fail to start
_Jan 28 11:02:02 watchfrr 97266 [EC 268435457] bgpd state... Lev Prokofev

01/27/2023

04:53 PM pfSense Docs Correction #13914: Typo in PPP docs: Screenshot attached Christopher Cope
04:46 PM pfSense Docs Correction #13914 (Resolved): Typo in PPP docs: https://docs.netgate.com/pfsense/en/latest/interfaces/ppp.html
When checked, the firewall tracks the uptime for th... Christopher Cope
03:58 PM pfSense Packages Bug #13566 (Feedback): Non-devel pfBlocker Package Broken in 2.7 CE with PHP 8.1: @security/pfSense-pkg-pfBlockerNG-devel@ has been copied to @security/pfSense-pkg-pfBlockerNG@.
The versions of bo... Christian McDonald
03:04 PM pfSense Docs Correction #13913 (Resolved): Typo in Captive Portal Docs: https://docs.netgate.com/pfsense/en/latest/captiveportal/configuration.html... Christopher Cope
10:52 AM pfSense Packages Bug #12948: IPsec Profile Wizard/Windows: Script generated for IKEv2 VPN using GCM does not use an optimal Phase 2 hash configuration: I also closed out #13877 and #13368 since they were all related. Testing one means the others are also working.
Jim Pingle
10:50 AM pfSense Packages Bug #12948 (Resolved): IPsec Profile Wizard/Windows: Script generated for IKEv2 VPN using GCM does not use an optimal Phase 2 hash configuration: Jim Pingle
10:05 AM pfSense Packages Bug #12948: IPsec Profile Wizard/Windows: Script generated for IKEv2 VPN using GCM does not use an optimal Phase 2 hash configuration: Tested against:... Danilo Zrenjanin
10:51 AM pfSense Packages Bug #13368 (Resolved): IPsec Profile Wizard/Windows: Cannot generate a script for IKEv2 VPN using GCM ciphers when mobile P2 has no hash algorithms selected: Jim Pingle
10:51 AM pfSense Packages Bug #13877 (Resolved): IPsec Profile Wizard/Windows: IKEv2 VPN using GCM configured by the generated script fails to connect with "The IPsec cipher transform is not compatible with the policy": Jim Pingle
08:02 AM Bug #13896: Panic: page fault with ipV6: Even this is a pre-release, the Pfsense is used in production.
So I can't provoke a crash.
Since the crash is onl... Grischa Zengel
07:54 AM Bug #13853 (Resolved): Captive Portal does not apply RADIUS bandwidth limits to user pipes: Jim Pingle
05:01 AM Bug #13853: Captive Portal does not apply RADIUS bandwidth limits to user pipes: tested, reproduced on:
Version 23.01-BETA (amd64)
built on Fri Jan 06 06:04:43 UTC 2023
FreeBSD 14.0-CURRENT
change... Georgiy Tyutyunnik
07:23 AM Bug #13621: GUI allows selection of ICMP types that pf rejects: Can confirm that behavior on 22.05 and 23.01 Beta
There were error(s) loading the rules: /tmp/rules.debug:430: syn... Lev Prokofev
05:43 AM Feature #9942: Give pfSense the possibility to change the keyboard Layout for console users: Just as a side note as I'm stumbling over this time and time again after setting up new boxes:
The selection that ca... Jens Groh

01/26/2023

04:13 PM Bug #13911 (Resolved): Unnecessary delay when querying ``ixgbe(4)`` interfaces with SFP ports: ixgbe NICs with SFP ports attempt to read the modules and wait for 1s when queried by ifconfig -v.
This means that... Steve Wheeler
11:59 AM pfSense Packages Bug #13910 (Resolved): Typo in Snort package GUI code may generate an invalid parameter value in snort.conf when Performance Stats logging is enabled: PR merged. Jim Pingle
09:01 AM pfSense Packages Bug #13910: Typo in Snort package GUI code may generate an invalid parameter value in snort.conf when Performance Stats logging is enabled: Pull request 1221 has been submitted to correct this issue: https://github.com/pfsense/FreeBSD-ports/pull/1221.
Th... Bill Meeks
08:41 AM pfSense Packages Bug #13910 (Resolved): Typo in Snort package GUI code may generate an invalid parameter value in snort.conf when Performance Stats logging is enabled: There is a typo on line 253 of /usr/local/pkg/snort/snort_generate_conf. This can result in the creation of an invali... Bill Meeks
09:36 AM Regression #11570: Gateway monitoring services is not always restarted on interface events, which may prevent a WAN from recovering back to an online state: Ran into this on my 2.6.0-RELEASE (amd64) which has two WANs, one PPPoE and one DHCP. The DHCP one experienced occasi... robi robi
06:41 AM pfSense Docs Correction #13909 (Resolved): Feedback on pfSense® software Configuration Recipes — OpenVPN Site-to-Site Configuration Example with SSL/TLS: *Page:* https://docs.netgate.com/pfsense/en/latest/recipes/openvpn-s2s-tls.html
*Feedback:* Where it says, "Find t... Matthew Fearnley
03:27 AM pfSense Plus Regression #13895: Early boot hangs on Hyper-V with Gen2 VMs: Don't see any issues with pfSense-plus-23.01-BETA-amd64-20230106-0600 on Win11pro 22H2 nor ZFS or UFS. Hyper-V is all... Lev Prokofev

01/25/2023

03:50 PM pfSense Plus Feature #13786: ldap intergration for firewall rules: So there is no way in the future to create a LAN rule stating
Src: AD/mmoore
Dst: 1.1.1.1
Prot: ICMP
So in the ... Mike Moore
02:39 PM pfSense Packages Bug #13690 (Closed): IPsec Profile Wizard: Update package description and link in ``pkg-descr``: The updated description and link appear as expected in the package list now.
Jim Pingle
01:01 PM pfSense Packages Bug #13690 (Feedback): IPsec Profile Wizard: Update package description and link in ``pkg-descr``: Fixed in IPsec Profile Wizard pkg v. 1.1, which has been committed and will be available with the next build.
Jim Pingle
01:04 PM Bug #13908: Firewall rules are not reloaded when removing a VIP, outdated rules/entries remain active: This likely applies to any VIP type, not just CARP. Though other types do not have special rules like CARP, they may ... Jim Pingle
12:38 PM Bug #13908 (Resolved): Firewall rules are not reloaded when removing a VIP, outdated rules/entries remain active: Carp automatically generated rules generated after defining a CARP VIP don't get removed after removing the CARP VIP.... Danilo Zrenjanin
01:01 PM pfSense Packages Bug #12948 (Feedback): IPsec Profile Wizard/Windows: Script generated for IKEv2 VPN using GCM does not use an optimal Phase 2 hash configuration: Fixed in IPsec Profile Wizard pkg v. 1.1, which has been committed and will be available with the next build.
Jim Pingle
09:18 AM pfSense Packages Bug #12948: IPsec Profile Wizard/Windows: Script generated for IKEv2 VPN using GCM does not use an optimal Phase 2 hash configuration: The code added here was incorrect, see #13368 and #13877 Jim Pingle
09:17 AM pfSense Packages Bug #12948 (New): IPsec Profile Wizard/Windows: Script generated for IKEv2 VPN using GCM does not use an optimal Phase 2 hash configuration: Jim Pingle
01:01 PM pfSense Packages Bug #13877 (Feedback): IPsec Profile Wizard/Windows: IKEv2 VPN using GCM configured by the generated script fails to connect with "The IPsec cipher transform is not compatible with the policy": Fixed in IPsec Profile Wizard pkg v. 1.1, which has been committed and will be available with the next build.
Jim Pingle
09:47 AM pfSense Packages Bug #13877: IPsec Profile Wizard/Windows: IKEv2 VPN using GCM configured by the generated script fails to connect with "The IPsec cipher transform is not compatible with the policy": Tested on Windows 10 and Windows 11 against a VPN with and without a P2 hash selected and it worked as expected in ev... Jim Pingle
09:15 AM pfSense Packages Bug #13877: IPsec Profile Wizard/Windows: IKEv2 VPN using GCM configured by the generated script fails to connect with "The IPsec cipher transform is not compatible with the policy": After testing, the value of @AuthenticationTransformConstants@ should be set to match @CipherTransformConstants@ when... Jim Pingle
01:01 PM pfSense Packages Bug #13897 (Feedback): IPsec Profile Wizard/Windows: Generated script adds an invalid route command for ``0.0.0.0/0``: Fixed in IPsec Profile Wizard pkg v. 1.1, which has been committed and will be available with the next build.
Jim Pingle
01:01 PM pfSense Packages Bug #13368 (Feedback): IPsec Profile Wizard/Windows: Cannot generate a script for IKEv2 VPN using GCM ciphers when mobile P2 has no hash algorithms selected: Fixed in IPsec Profile Wizard pkg v. 1.1, which has been committed and will be available with the next build.
Jim Pingle
09:13 AM pfSense Packages Bug #13368: IPsec Profile Wizard/Windows: Cannot generate a script for IKEv2 VPN using GCM ciphers when mobile P2 has no hash algorithms selected: After testing, the value of @AuthenticationTransformConstants@ should apparently be set to match @CipherTransformCons... Jim Pingle
01:01 PM pfSense Packages Bug #12705 (Feedback): IPsec Profile Wizard/Apple: IKEv2 VPN with ECDSA server certificate does not connect using generated profile: Fixed in IPsec Profile Wizard pkg v. 1.1, which has been committed and will be available with the next build.
Jim Pingle
09:19 AM pfSense Packages Bug #12705 (Confirmed): IPsec Profile Wizard/Apple: IKEv2 VPN with ECDSA server certificate does not connect using generated profile: Jim Pingle
01:00 PM pfSense Packages Bug #13878 (Feedback): IPsec Profile Wizard/Apple: Generated profile does not contain the correct ``AuthenticationMethod`` for IKEv2 EAP configurations: Fixed in IPsec Profile Wizard pkg v. 1.1, which has been committed and will be available with the next build.
Jim Pingle
10:07 AM pfSense Plus Bug #13907 (Duplicate): Crashing when enters to back up and restore: Duplicate of #13876 -- already fixed in the repository.
Jim Pingle
10:04 AM pfSense Plus Bug #13907 (Duplicate): Crashing when enters to back up and restore: after the upgrade to beta , buckup and restore does not showup and error appears
Fatal error: Uncaught TypeError:... Athanasios Chatzi
09:55 AM pfSense Packages Todo #13906 (Resolved): Update tailscale from 1.34.2 to 1.36.0: https://tailscale.com/changelog/ Christian McDonald
09:44 AM Bug #13652: Inconsistent behavior filtering ICMP traffic: Hiya,
So we think we have got this down the smallest scan we can (takes about 90 seconds). There unfortunately isn... Infra Weavers
06:03 AM Bug #13652: Inconsistent behavior filtering ICMP traffic: Hello,
We have just tested pfSense-CE-memstick-2.7.0-DEVELOPMENT-amd64-20230125-0600.img.gz and we are seeing the IC... Infra Weavers
09:13 AM pfSense Packages Feature #13474: Don't set ListenPort in wireguard: Good point. Will add this soon Christian McDonald
09:13 AM pfSense Packages Feature #13905 (Bogus): Introduce GUI knob for controlling ```--snat-subnet-routes``` tailscaled option: https://github.com/pfsense/FreeBSD-ports/commit/dfb9dcf53bd8e687cda708701f07217ec5e7f1ef Christian McDonald
07:28 AM Bug #13900 (Confirmed): Reply-to and route-to do not work on WAN2 when WAN interface is down: It still happens against 2.7. If there is no default gateway in the routing table, the OS doesn't know how it can sen... Jim Pingle
07:10 AM Bug #13900: Reply-to and route-to do not work on WAN2 when WAN interface is down: Probably this or at least the same cause as that: https://redmine.pfsense.org/issues/13420
Please test a 2.7 snapshot Steve Wheeler
02:56 AM Feature #13904 (New): PPPoE server IPv6 support: According to the subnet mask drop-down menu, the PPPoE server only supports IPv4 addressing family.
Adding IPv6 su... Danilo Zrenjanin
02:51 AM Bug #13903 (Resolved): PPPoE Server address input validation is incorrectly allowing IPv6: PPPoE server allows entering IPv6 address in the *Server Address* and *Remote Address Range* fields, but the *Subnet ... Danilo Zrenjanin
02:14 AM pfSense Packages Bug #13874 (Confirmed): pfBlocker -devel hanging on cron jobs: Yes, the issue is present on the 3.1.0_19 version. Danilo Zrenjanin
12:56 AM Feature #13902 (New): Add configuration option to IPsec VPN section to allow strongSwan to use RSA-PSS signatures: When an IKEv2 client indicates support for RFC 7427 digital signature authentication to a strongSwan server configure... Kev Kitchens

01/24/2023

09:39 PM Feature #13901 (Closed): Update default DDNS check IP service to support IPv6: The default service @checkip.dyndns.org@ will fail when connecting over IPv6 (e.g. if upstream only provides IPv6 con... Marcos M
08:08 PM Bug #13900: Reply-to and route-to do not work on WAN2 when WAN interface is down: I have set priority with very low because when gateway group is configured properly, problem not occurs. Renato Martins
07:42 PM Bug #13900 (Confirmed): Reply-to and route-to do not work on WAN2 when WAN interface is down: Scenario and how to reproduce:
*Interfaces*
WAN - 192.168.100.2/30 - GW 192.168.100.1
LAN - 192.168.5.254/... Renato Martins
02:52 PM Todo #13899 (Closed): Unclear description for UPnP option Override WAN address: The description is currently:
> Use an alternate WAN address to accept inbound connections, such as an IP Alias or C... Marcos M
02:01 PM pfSense Packages Bug #13898 (Resolved): Issues saving pfBlocker Sync Targets: I have the hosts visible in the image 1.png in the target list to sync. I click on "Save XMLRPC sync settings" and ge... Tom Huerlimann
12:55 PM Bug #13896: Panic: page fault with ipV6: Does this happen without the Captive Portal configuration? It looks like IPv6 on Captive Portal isn't yet supported a... Marcos M
06:25 AM Bug #13896 (New): Panic: page fault with ipV6: The pfsense crashes if the pfsense gets a IPv6 subnet over a PPPoE interface.
The pfsense gets the subnet via DHCPv6... Grischa Zengel
10:21 AM Bug #13652: Inconsistent behavior filtering ICMP traffic: Hiya Marcos,
We've just reproduced this on a totally stock PFsense 2.6.0 install. The only things we did was to co... Infra Weavers
09:59 AM pfSense Packages Bug #13368: IPsec Profile Wizard/Windows: Cannot generate a script for IKEv2 VPN using GCM ciphers when mobile P2 has no hash algorithms selected: This appears to have been broken by the change in #12948, the fix from that issue forced the P1 hash to 'None' when t... Jim Pingle
09:28 AM pfSense Packages Bug #13368: IPsec Profile Wizard/Windows: Cannot generate a script for IKEv2 VPN using GCM ciphers when mobile P2 has no hash algorithms selected: Moving the unrelated split tunnel part to a new issue (#13897). Jim Pingle
09:36 AM pfSense Plus Regression #13816: Shutting down an 1100 running 23.01 results in an error. Unsure if operating system has halted.: Adding another data point, I also no longer see an error on shutdown here. It halts as expected. Jim Pingle
09:30 AM pfSense Packages Bug #13897 (Resolved): IPsec Profile Wizard/Windows: Generated script adds an invalid route command for ``0.0.0.0/0``: When exporting an IPsec profile for Windows which includes split tunneling, if the local P2 network is set to @0.0.0.... Jim Pingle
08:41 AM Bug #13217: dhclient using default pid file location which does not exist: Never seen this with my previous ISP (Beeline), spent a day troubleshooting this with the new ISP (Megafon). Reboot f... Vitaly Bakulev

01/23/2023

08:22 PM pfSense Plus Regression #13895: Early boot hangs on Hyper-V with Gen2 VMs: Tested 22.05 as well and that worked - updated description. It may be related to https://redmine.pfsense.org/issues/1... Marcos M
07:50 PM pfSense Plus Regression #13895: Early boot hangs on Hyper-V with Gen2 VMs: I can't reproduce this at all. 23.01 clean ZFS installs and upgrades boot fine here. Windows 10 22H2 and Windows 11 P... Jim Pingle
07:46 PM pfSense Plus Regression #13895: Early boot hangs on Hyper-V with Gen2 VMs: VMs in Azure are not affected:... Steve Wheeler
07:16 PM pfSense Plus Regression #13895 (Resolved): Early boot hangs on Hyper-V with Gen2 VMs: After installing pfSense+ 23.01 with ZFS on a HyperV Gen2 VM in Windows 11, pfSense does not boot. The console shows ... Marcos M
02:54 PM Feature #13894 (Resolved): Explicitly enable/disable DHCP Dynamic DNS updates in each scope: If DDNS is enabled in a DHCP scope, a DHCP configuration stanza like this is created for the domain specified:
<pr... Chris Linstruth
02:32 PM Todo #13893 (Closed): Update Unbound to 1.17.1: Unbound has been updated from 1.17.0 to 1.17.1
https://www.nlnetlabs.nl/news/2023/Jan/12/unbound-1.17.1-released/ Christian McDonald
11:00 AM pfSense Packages Regression #13892 (Feedback): PHP error from ``status_monitoring.php`` with empty OpenVPN servers: Commit pushed and merged/picked as needed, will be in builds soon.
https://github.com/pfsense/FreeBSD-ports/commit... Jim Pingle
10:03 AM pfSense Packages Regression #13892 (Resolved): PHP error from ``status_monitoring.php`` with empty OpenVPN servers: When visiting status_monitoring.php, the user may get a PHP error if they have no valid OpenVPN server entries.
<p... Jim Pingle
09:49 AM Bug #13652: Inconsistent behavior filtering ICMP traffic: I didn't expect there to be a difference between a single address and multiple address, but I've now tested with mult... Marcos M
07:32 AM Bug #13652: Inconsistent behavior filtering ICMP traffic: To add to these observations, the issue does NOT occur for Address Mask requests even when sequential IPs are used.
... Serge Caron
02:46 AM Bug #13652: Inconsistent behavior filtering ICMP traffic: > It's not listed there because the VIP address doesn't actually reach pfSense in my test, only the primary interface... Infra Weavers
08:34 AM Bug #13859 (Closed): Wireguard peer doesn't connect on reboot: Jim Pingle
03:31 AM Bug #13859: Wireguard peer doesn't connect on reboot: aleksei prokofiev wrote in #note-1:
> I tested on the latest 23.01-BETA and Wireguard 0.1.6_3
> 23.01-BETA (amd64)
... Nazar Mokrynskyi

01/22/2023

11:59 PM Bug #13859: Wireguard peer doesn't connect on reboot: I tested on the latest 23.01-BETA and Wireguard 0.1.6_3
23.01-BETA (amd64)
built on Fri Jan 06 06:04:43 UTC 2023
F... aleksei prokofiev
06:43 PM pfSense Packages Bug #13874: pfBlocker -devel hanging on cron jobs: I am seeing this on 3.1.0_19 Michael Kellogg
05:29 PM Bug #13652: Inconsistent behavior filtering ICMP traffic: It's not listed there because the VIP address doesn't actually reach pfSense in my test, only the primary interface a... Marcos M
04:28 PM Bug #13652: Inconsistent behavior filtering ICMP traffic: Hello Marcos,
I don't know how you specified the hosts range in the Qualys scanner.
In the log you provided, we... Serge Caron
04:14 PM Bug #13652 (Not a Bug): Inconsistent behavior filtering ICMP traffic: I could not replicate this either on 23.01 using Qualys with the following scan options:
* All ICMP QIDs selected (in... Marcos M
10:24 AM Bug #12747: Restarting the logging daemon during rotation also restarts ``sshguard``, leading to frequent log messages: I am Still seeing this on 2.7 built on Fri Jan 20 03:01:02 UTC 2023
seems like every 5-10 minutes not a pattern i... Michael Kellogg

01/21/2023

08:10 PM pfSense Packages Bug #13432 (Incomplete): ups driver will not start: I'm still unable to reproduce this problem with a fresh install of 23.01 and the latest NUT package. At this point I... Kris Phillips
07:59 PM pfSense Packages Bug #13873 (Closed): PHP Errors on FRR Global Settings: No longer able to recreate this. Not sure what caused it before, but I was testing on a fresh install of 23.01 and o... Kris Phillips
07:29 PM pfSense Packages Todo #13857 (Resolved): Update bundled installer in OpenVPN Export Utility: They are there on internal 23.01 RC snaps.... Jim Pingle
06:44 PM pfSense Packages Todo #13857: Update bundled installer in OpenVPN Export Utility: Checked on 22.05 and it appears these were merged properly. However, looking at the repos for 23.01, which is on a n... Kris Phillips
06:37 PM pfSense Packages Bug #13877: IPsec Profile Wizard/Windows: IKEv2 VPN using GCM configured by the generated script fails to connect with "The IPsec cipher transform is not compatible with the policy": Redmine 13368 may be related, as it's in a similar vein: https://redmine.pfsense.org/issues/13368
Kris Phillips
06:33 PM pfSense Packages Bug #13886: NUT Server Package: # Installed NUT package on 23.01
# Setup usbhid with a simple UPS config and enabled the service with Local USB
# S... Kris Phillips
06:07 PM pfSense Plus Bug #13434 (Closed): Upgrade from 2.4.4. to 22.0x results in LAN traffic intermittently dropped for OpenVPN clients: I'm closing this. We've not been able to replicate it, we've not seen it with other customers, and with 23.01 around ... Chris W
01:42 PM pfSense Plus Regression #13816 (Resolved): Shutting down an 1100 running 23.01 results in an error. Unsure if operating system has halted.: Not seeing this behavior anymore on the latest build. The 1100 shuts down normally both from GUI and USB console.
23... Chris W
12:29 PM pfSense Packages Feature #13361: Add Zabbix 6.2 (agent and proxy) packages: Based on a project spanning multiple clients / locations / firewalls, I can certify that this is still true in CE 2.6... Jonathan Edman
12:28 PM pfSense Packages Feature #13361: Add Zabbix 6.2 (agent and proxy) packages: Hannes Palmquist wrote in #note-11:
> +1
>
> Agent 6.2 install does not work, same error.
Based on a project s... Jonathan Edman
10:46 AM pfSense Packages Bug #13874: pfBlocker -devel hanging on cron jobs: Lev Prokofev wrote in #note-7:
> It is still here, unfortunately.
I mean the issue was occurred after I update th... Lev Prokofev
10:45 AM pfSense Packages Bug #13874: pfBlocker -devel hanging on cron jobs: It is still here, unfortunately. Lev Prokofev
10:30 AM pfSense Packages Bug #13874: pfBlocker -devel hanging on cron jobs: Lev Prokofev wrote in #note-5:
> I can confirm this behavior on 22.05 after updating the pfBlocker package to v3.1.0... Jim Pingle
05:03 AM pfSense Packages Bug #13874: pfBlocker -devel hanging on cron jobs: I can confirm this behavior on 22.05 after updating the pfBlocker package to v3.1.0_16 Lev Prokofev
06:02 AM Feature #13868: Allow packet capture on unassigned interfaces: I tested the commit da2879b467746b43c8b8687700b6d7f34d4fd302 against the 22.05 release.
I was able to capture on u... Danilo Zrenjanin
03:15 AM pfSense Packages Bug #13328: Wireguard Site-to-Site broken after upgrade to 22.05: Still the same issue
PPPOE connection might be the problem.
I found more poeple with the same problem.
Tested... Sebastian Schmid

01/20/2023

08:16 PM Feature #12070: Support for VLAN ``0``: Christopher Cope wrote in #note-7:
> Tested on
> [...]
>
> Working successfully with AT&T on my edge without the... Matt Johnson
11:30 AM Bug #13891 (Duplicate): PHP Error when deleting an active OpenVPN conenction: Duplicate of #12817
There is already a fix for that in the recommended patches area of the "System Patches packag... Jim Pingle
11:17 AM Bug #13891 (Duplicate): PHP Error when deleting an active OpenVPN conenction: When trying to disconnect a user's VPN connection, (screenshot) the user remains connected and the attached PHP error... Brian Dubreuil
10:49 AM Feature #13682: Automatically indicate a packet capture has stopped when count limit is reached: I tested the commit da2879b467746b43c8b8687700b6d7f34d4fd302 against the 22.05 release.
It does show the packets ... Danilo Zrenjanin
10:02 AM Todo #13867 (Resolved): Update Unbound to use Python 3.11 instead of Python 3.9: Copying some relevant portions of my notes here from #13866
Unbound is linked against 3.11 as expected:... Jim Pingle
10:01 AM Todo #13866 (Resolved): Add Python 3.11.1 to base system: Both versions are present on 23.01 snapshots... Jim Pingle
09:57 AM Todo #13865 (Resolved): Update Python 3.9.15 to 3.9.16 in base system: New version is present on snapshots.... Jim Pingle
09:40 AM Bug #10624: Memory leak in Unbound with Python module and DHCP lease registration active: Even more improvements were realized https://github.com/pfsense/FreeBSD-ports/commit/2585ff63a67594c3530a2bc111c5544e... Christian McDonald
07:33 AM Regression #13890 (Resolved): Captive Portal Voucher Rolls Status "Fatal error": Thanks for testing!
The same is true here as well. I could crash multiple lab systems before the fix, and after th... Jim Pingle
04:58 AM Regression #13890: Captive Portal Voucher Rolls Status "Fatal error": I updated today to most recent version *2.7.0.a.20230120.0255* and confirm that Voucher Rolls status is working perfe... Muhammad Waseem Ul Haq
07:31 AM Bug #13723 (Confirmed): dpinger doesn't renew Gateway Monitoring IP address for IPsec VTi after changing IPsec VTi subnet: I can confirm this behavior on the 22.05 and 23.01 Beta versions.
I tried to remove the VTI interfaces before cha... Danilo Zrenjanin
07:22 AM Bug #13525 (Resolved): Memory leak in PF when retrieving Ethernet rules: That seems like enough to call this resolved for now -- we can always revisit it if needed.
Unrelated to this issu... Jim Pingle
01:07 AM Bug #13525: Memory leak in PF when retrieving Ethernet rules: updated the system to 23.01 beta on sunday 15th
4 days later i can not notice any significant memory leak. wired memo... jeroen van breedam
05:52 AM Bug #13652: Inconsistent behavior filtering ICMP traffic: Please find attached the packet capture reduced down to just ICMP traffic. The associated firewall rule is:... Infra Weavers
04:23 AM Bug #13652: Inconsistent behavior filtering ICMP traffic: We have also been unable to reproduce this without the Qualys scanner; literally every other tool we have used has re... Infra Weavers

01/19/2023

08:44 PM Revision ef353af0: Remove unnecessary count param. Fixes #13890: Jim Pingle
08:09 PM Bug #13652: Inconsistent behavior filtering ICMP traffic: Hello Steve,
I have not been able to replicate this with any other tool.
You have a PCAP file attached to this ... Serge Caron
07:02 PM Bug #13652: Inconsistent behavior filtering ICMP traffic: Have you been able to replicate this without using the Qualys Scanner?
Rules all work as expected for various ICMP... Steve Wheeler
02:55 PM Regression #13890 (Feedback): Captive Portal Voucher Rolls Status "Fatal error": Applied in changeset commit:ef353af0b40a98d4ce0ee2638206f10ac67e212b. Jim Pingle
02:47 PM Regression #13890: Captive Portal Voucher Rolls Status "Fatal error": For some reason that page has always unnecessarily passed a second parameter to @count()@ there and on old versions o... Jim Pingle
02:44 PM Regression #13890 (In Progress): Captive Portal Voucher Rolls Status "Fatal error": Jim Pingle
02:18 PM Regression #13890 (Confirmed): Captive Portal Voucher Rolls Status "Fatal error": Jim Pingle
02:16 PM Regression #13890 (Resolved): Captive Portal Voucher Rolls Status "Fatal error": When enabled & Created Vouchers under Captive Portal, *Status* -----> *Captive Portal* -----> *Voucher Rolls* not sho... Muhammad Waseem Ul Haq
11:59 AM pfSense Docs Correction #13885 (Resolved): Feedback on Routing — Gateway Settings - Advanced Gateway Settings: Updated and deployed. Jim Pingle
08:03 AM pfSense Docs Correction #13885: Feedback on Routing — Gateway Settings - Advanced Gateway Settings: You are correct, the default was 0 but changed to 1.
It had been 0 for a long time, and we added the GUI field (de... Jim Pingle
04:47 AM pfSense Docs Correction #13885 (Resolved): Feedback on Routing — Gateway Settings - Advanced Gateway Settings: *Page:* https://docs.netgate.com/pfsense/en/latest/routing/gateway-configure.html
*Feedback:* It seems in version ... Brandon Brand
10:05 AM Bug #13889 (Rejected): Dynamic DNS update stay locked somewhere: You appear to be testing this on a non-dev version, and the Dynamic DNS code has had quite a few bugs fixed since the... Jim Pingle
09:51 AM Bug #13889 (Rejected): Dynamic DNS update stay locked somewhere: Dynamic DNS are configured like this:... Yann Papouin
09:57 AM Bug #13888 (Not a Bug): ipsec tunnel interfaces not listed in SNMP IF-MIB on pfSense Plus: There is no bug or missing data here, it's a difference in your setup between the two.
IPsec tunnels using VTI mod... Jim Pingle
09:18 AM Bug #13888 (Not a Bug): ipsec tunnel interfaces not listed in SNMP IF-MIB on pfSense Plus: We run pfsense in several locations, primarily using pfSense Plus in AWS. We're monitoring our environment using SNMP... Jonas Andén
09:17 AM Bug #13887 (New): General protection fault in key_freesp(): ... Christopher Cope
07:47 AM pfSense Packages Bug #12705: IPsec Profile Wizard/Apple: IKEv2 VPN with ECDSA server certificate does not connect using generated profile: Alex Sensation wrote in #note-10:
> I noticed that you created a separated ticket for the Apple profile and ECDSA ce... Jim Pingle
07:17 AM pfSense Packages Bug #12705: IPsec Profile Wizard/Apple: IKEv2 VPN with ECDSA server certificate does not connect using generated profile: Apologies for the delay and the resurrection.
I have now tested my ECDSA cert with Windows 10 and it worked flawle... Alex Sensation
07:42 AM pfSense Packages Bug #13873: PHP Errors on FRR Global Settings: I can't reproduce it either, even from a clean install that has never had FRR before, but I can see why it might happ... Jim Pingle
06:52 AM pfSense Packages Bug #13873: PHP Errors on FRR Global Settings: I couldn't reproduce this behavior on 22.05 or 23.01-RC.... Danilo Zrenjanin
07:37 AM pfSense Packages Bug #13886 (Incomplete): NUT Server Package: There isn't nearly enough information here and this site is not for support or diagnostic discussion.
For assistan... Jim Pingle
06:02 AM pfSense Packages Bug #13886 (Closed): NUT Server Package: NUT server package (2.8.0_2) wont load in 23.01 Beta Anonymous

01/18/2023

12:59 PM pfSense Packages Regression #13884 (Resolved): pfBlockerNG DNSBL TLD option causes reloads to take a long time: Enabling the DNSBL option @Wildcard Blocking (TLD)@ causes DNSBL reloads to take an extremely long time:... Marcos M
12:09 PM Bug #13883 (Resolved): UDP checksum errors with ``ixgbe`` interfaces: It appears there is an errata on the Intel 82559 NIC's that causes issues related to IPv4 UDP frames with zero checks... Glenn Hall
07:16 AM pfSense Plus Bug #13882: 22.05 to 23.01 - PHP_errors.log: Hello,
Sorry to have taken time. I wasn't asking questions for help.
And sorry (again) I was talking about "pfB... Steph Swiss
07:10 AM pfSense Plus Bug #13882 (Rejected): 22.05 to 23.01 - PHP_errors.log: This site is not for support or diagnostic discussion, and there isn't nearly enough detail here. Also, each Redmine ... Jim Pingle
06:05 AM pfSense Plus Bug #13882: 22.05 to 23.01 - PHP_errors.log: SORRY !
We are on January 18, 2023, I tried to switch from my version 22.05 which works perfectly to the 23.01 beta... Steph Swiss
05:09 AM pfSense Plus Bug #13882 (Rejected): 22.05 to 23.01 - PHP_errors.log: It's January 18, 2023, I tried to upgrade from my perfectly working version 22.05 to the 23.01 beta du 6 janvier qui ... Steph Swiss

01/17/2023

04:31 PM Bug #13707: Unbound not binding to LAN on startup when explicitly set: Hi,
I have the same problem but with OpenVPN interfaces, as described here https://forum.netgate.com/topic/176155/un... robotox sysadmin
04:09 PM Bug #13881 (New): Status / System logs / Settings GUI issue: When changing the "GUI Log Entries" field in Status / System logs / Settings and then hit the Enter key this activate... Job Cacka
01:53 PM pfSense Packages Todo #13880: security/tailscale: update to 1.34.2_1: Also bump security/pfSense-pkg-Tailscale PORTREVISION to signal GUI for package upgrade. Christian McDonald
01:53 PM pfSense Packages Todo #13880 (Closed): security/tailscale: update to 1.34.2_1: Christian McDonald
10:21 AM Regression #13861 (Resolved): Configuration history restores revision no matter which option is clicked in confirmation dialog: Behaves correctly on current snapshots.
Jim Pingle
10:20 AM Regression #13876 (Resolved): PHP error on diag_backup.php with no packages installed: I was able to find a system that could reproduce the problem before this patch went in. After updating, I can no long... Jim Pingle
10:10 AM pfSense Docs Todo #13854 (Closed): Feedback on Backup and Recovery — ZFS Boot Environments (Plus Only) — Managing Boot Environments in the GUI: Actually I was wrong on that last comment. I ran some tests here and stepping back to a boot environment did revert t... Jim Pingle

01/16/2023

11:38 PM pfSense Packages Bug #13879: Squid blacklist definition causing issues.: Will be a good option to have those on the GUI and the user decide if they want to use regular expression or plain te... Peter Moreno
08:25 PM pfSense Packages Bug #13879 (Not a Bug): Squid blacklist definition causing issues.: This is not a bug. It expects regular expressions, not plain strings.
If that works better for you, you can make t... Jim Pingle
07:22 PM pfSense Packages Bug #13879: Squid blacklist definition causing issues.: I have change squid.inc
$options = array(
'unrestricted_hosts' => 'src',
'banned... Peter Moreno
07:11 PM pfSense Packages Bug #13879 (Not a Bug): Squid blacklist definition causing issues.: Hello.
Working with pfsense 2.7-dev for some months and is going solid, excellent work team.
Now I face a issue t... Peter Moreno
03:56 PM pfSense Packages Bug #9934 (Closed): suricata update kills WAN interface: Interfaces are now reloaded live without bringing down the interface. Marcos M
03:54 PM pfSense Packages Bug #10292 (Not a Bug): Suricata not respecting SID Mgmt list: Marcos M
03:54 PM pfSense Packages Feature #10472 (Resolved): Blocked host alert table break out by timestamp and type to allow sorting by date: This is possible in the latest version. Marcos M
03:52 PM pfSense Packages Bug #11780 (Rejected): Suricata package fails to prune suricata.log: Marcos M
03:45 PM pfSense Packages Feature #10872 (Resolved): Add adjustable notification for Severity Alert: Marcos M
03:45 PM pfSense Packages Bug #6964 (Resolved): Host OS Policy Assignment broken when using "Import" or "Aliases" buttons: Marcos M
03:45 PM pfSense Packages Feature #12285 (Resolved): Add more EVE Logged Traffic protocols: Marcos M
03:44 PM pfSense Packages Feature #12292 (Resolved): GeoIP look on the Alerts, Blocked and Files pages: Marcos M
03:44 PM pfSense Packages Bug #11742 (Not a Bug): Blocking / Unblocking is not working correctly.: Marcos M
03:44 PM pfSense Packages Bug #11742 (Closed): Blocking / Unblocking is not working correctly.: Marcos M
03:43 PM pfSense Packages Bug #12322 (Resolved): Suricata creates invalid HOME_NET entries: Marcos M
03:43 PM pfSense Packages Bug #11525 (Closed): pfsense 2.5.0 release version for vlan issue to suricata: Unable to reproduce using 23.01 and latest Suricata package. Marcos M
03:40 PM pfSense Packages Feature #11210 (Resolved): 3rd party rulesets: Marcos M
03:08 PM pfSense Packages Feature #12748 (Resolved): Suricata blocked page timestamp breakout to it's own sortable column: Marcos M
03:06 PM Revision a7b25043: Fix PHP error on diag_backup.php. Fixes #13876: Jim Pingle
02:39 PM Bug #13498: Newer variant models within the PC Engines APU2 platform are not recognized, causing garbled early serial console output: This patch has been ready to go for a while. Any chance of getting it merged before the next release? Brett Keller
02:29 PM pfSense Packages Regression #13856 (Resolved): OpenVPN Export Utility creates a broken installer package: Jim Pingle
02:23 PM pfSense Packages Todo #13857 (Feedback): Update bundled installer in OpenVPN Export Utility: Updates are merged into all the relevant branches and will appear once a build succeeds.
Jim Pingle
01:50 PM pfSense Packages Todo #13857 (In Progress): Update bundled installer in OpenVPN Export Utility: I've got the files and patch ready for this, testing it now.
Jim Pingle
12:53 PM pfSense Packages Bug #13878 (Resolved): IPsec Profile Wizard/Apple: Generated profile does not contain the correct ``AuthenticationMethod`` for IKEv2 EAP configurations: When importing a profile for EAP-MSCHAPv2 for example, the @AuthenticationMethod@ is set to @Certificate@ when it sho... Jim Pingle
12:50 PM pfSense Packages Bug #12705: IPsec Profile Wizard/Apple: IKEv2 VPN with ECDSA server certificate does not connect using generated profile: Sean McBride wrote in #note-8:
> Jim, thanks for investigating. Note however that we're not using the profile wizard... Jim Pingle
12:48 PM pfSense Packages Bug #12705: IPsec Profile Wizard/Apple: IKEv2 VPN with ECDSA server certificate does not connect using generated profile: Jim, thanks for investigating. Note however that we're not using the profile wizard at all. Does that mean ECDSA is ... Sean McBride
12:22 PM pfSense Packages Bug #12705: IPsec Profile Wizard/Apple: IKEv2 VPN with ECDSA server certificate does not connect using generated profile: This is not a bug in pfSense or macOS but from the way the profile wizard forms the configuration profile: The profil... Jim Pingle
12:47 PM pfSense Packages Bug #13877 (Resolved): IPsec Profile Wizard/Windows: IKEv2 VPN using GCM configured by the generated script fails to connect with "The IPsec cipher transform is not compatible with the policy": I was exporting a test config to Windows which had a large number of different P1 options, and the profile generated ... Jim Pingle
12:32 PM pfSense Packages Feature #13484: IPsec Profile Wizard/Apple: Support on-demand connections in exported profile: Would need to be set based on a toggle on user request rather than being set unconditionally. Jim Pingle
11:57 AM pfSense Packages Bug #13870 (Resolved): pfSense-pkg-suricata-6.0.8_5 error in /usr/local/pkg/suricata/suricata.inc(4261): Jim Pingle
11:14 AM pfSense Packages Bug #13870: pfSense-pkg-suricata-6.0.8_5 error in /usr/local/pkg/suricata/suricata.inc(4261): Pull request https://github.com/pfsense/FreeBSD-ports/pull/1214 has been merged. This issue may be marked as "Resolved". Bill Meeks
08:15 AM pfSense Packages Bug #13870: pfSense-pkg-suricata-6.0.8_5 error in /usr/local/pkg/suricata/suricata.inc(4261): Jim Pingle wrote in #note-4:
> That should probably be something like this instead:
>
> [...]
Thanks Jim. I believe... Bill Meeks
07:11 AM pfSense Packages Bug #13870: pfSense-pkg-suricata-6.0.8_5 error in /usr/local/pkg/suricata/suricata.inc(4261): That should probably be something like this instead:... Jim Pingle
06:45 AM pfSense Packages Bug #13870: pfSense-pkg-suricata-6.0.8_5 error in /usr/local/pkg/suricata/suricata.inc(4261): I honestly don't know how to cause it to happen... I don't know this stuff to even find out where in the config ovpne... Brian Macy
09:15 AM Regression #13876 (Feedback): PHP error on diag_backup.php with no packages installed: Applied in changeset commit:a7b2504361d509f90997f26cc737169a7ca00ea6. Jim Pingle
09:03 AM Regression #13876 (Resolved): PHP error on diag_backup.php with no packages installed: If there is no @<installedpackages></installedpackages>@ section in the firewall configuration, the diag_backup.php p... Jim Pingle
07:46 AM pfSense Plus Bug #13875 (Rejected): Boot after upgrade form 22.05 to 23.01 hangs: There isn't enough detail here to say it's an actionable bug.
Please post on the forum to discuss and diagnose the... Jim Pingle
03:10 AM pfSense Plus Bug #13875: Boot after upgrade form 22.05 to 23.01 hangs: Hangs during boot right after the last line shown in the entry above. RED SKULL
03:09 AM pfSense Plus Bug #13875 (Duplicate): Boot after upgrade form 22.05 to 23.01 hangs: Loading kernel..
/boot/kernel/kernel text=0x1a8f80 text=0x1052b58 text=0x1a260c0 data-0x140 data=0x2618c4+0×59d73c 0... RED SKULL
07:31 AM Bug #13871: GUI logins stop appearing in system log after a while: I seem to recall hitting this on a rare occasion in the past but it wasn't related to logins but logging from anythin... Jim Pingle
07:25 AM Bug #10624: Memory leak in Unbound with Python module and DHCP lease registration active: Updating subject for release notes.
Jim Pingle
07:23 AM Regression #13862 (Resolved): Dynamic DNS check IP address service fails when using the default service: Jim Pingle
07:22 AM Bug #13869 (Confirmed): EWS server does not have an IPv6 address: This affects several areas which all rely on contacting the same Netgate server(s), including:
* Product registrat... Jim Pingle
03:32 AM pfSense Plus Regression #13816: Shutting down an 1100 running 23.01 results in an error. Unsure if operating system has halted.: I can confirm on my sg-1100, I see next message when do halt system from console or webGUI
Uptime: 11m58s
ERROR: ... aleksei prokofiev

01/15/2023

09:17 PM Feature #13868 (Pull Request Review): Allow packet capture on unassigned interfaces: Marcos M
09:16 PM Feature #13682 (Pull Request Review): Automatically indicate a packet capture has stopped when count limit is reached: Marcos M
09:16 PM Feature #13094 (Pull Request Review): Allow packet capture filtering in tagged packets: Marcos M
09:16 PM Feature #13322 (Pull Request Review): Define Packet Capture Protocol: Marcos M
06:26 PM pfSense Docs Todo #13872 (Rejected): Feedback on Services — DNS Resolver — DNS Resolver Advanced Options: That is best left to the unbound manual here:
https://unbound.docs.nlnetlabs.nl/en/latest/manpages/unbound.conf.html Marcos M
03:16 PM Bug #5413: Reduce disruptions when changing DNS records from DHCP leases in Unbound: Taking this one on as I'm now quite familiar with Unbound in pfSense Christian McDonald

01/14/2023

10:02 PM pfSense Packages Bug #13780 (Rejected): pfBlockerNG v2.1.4_28 on 23.01b Alerts-page results in error: pfBlockerNG v2 will be retired and replaced with v3 on 23.01 and 2.7 and beyond. Christian McDonald
07:10 PM pfSense Packages Bug #13780: pfBlockerNG v2.1.4_28 on 23.01b Alerts-page results in error: This is a known issue with pfBlockerNG on pfSense Plus 23.01. This issue should not be present on the -devel package... Kris Phillips
07:07 PM pfSense Packages Bug #13822 (Confirmed): haproxy bug when adding a Frontend containing accented characters in description in generated XML entities: This issue is confirmed on pfSense Plus 23.01-BETA.
If you add an HAProxy frontend and attempt to use a special ch... Kris Phillips
07:03 PM pfSense Packages Bug #13870 (Incomplete): pfSense-pkg-suricata-6.0.8_5 error in /usr/local/pkg/suricata/suricata.inc(4261): I'm unable to reproduce any bad interactions between Suricata and OpenVPN. I created an OpenVPN interface, enabled i... Kris Phillips
06:52 AM pfSense Packages Bug #13870: pfSense-pkg-suricata-6.0.8_5 error in /usr/local/pkg/suricata/suricata.inc(4261): This code is part of a function added by Viktor Gurov in the recent past. The purpose of the function is to collect a... Bill Meeks
05:55 AM pfSense Packages Bug #13870 (Resolved): pfSense-pkg-suricata-6.0.8_5 error in /usr/local/pkg/suricata/suricata.inc(4261): ... Brian Macy
04:58 PM pfSense Packages Bug #13874: pfBlocker -devel hanging on cron jobs: The PHP errors related to the widget provided by the customer were:... Chris W
04:54 PM pfSense Packages Bug #13874 (Resolved): pfBlocker -devel hanging on cron jobs: Build:
23.01-BETA (amd64)
built on Fri Jan 06 06:04:43 UTC 2023
FreeBSD 14.0-CURRENT
When pfBlocker is told t... Chris W
03:37 PM pfSense Packages Bug #13873 (Closed): PHP Errors on FRR Global Settings: When navigating to the Global Settings tab under Services --> FRR Global/Zebra --> Global Settings, the following err... Kris Phillips
12:01 PM pfSense Docs Todo #13872 (Rejected): Feedback on Services — DNS Resolver — DNS Resolver Advanced Options: *Page:* https://docs.netgate.com/pfsense/en/latest/services/dns/resolver-advanced.html
*Feedback:*
Please clear... Pat Jensen
09:34 AM Bug #13871 (New): GUI logins stop appearing in system log after a while: We've so far seen two customers run into this and only one TAC member has been able to reproduce it, though it's not ... Chris W
08:29 AM Bug #10624 (Feedback): Memory leak in Unbound with Python module and DHCP lease registration active: https://github.com/pfsense/FreeBSD-ports/commit/190a54b5581d5a20b5f839a8a01180d201883cab
This should be significan... Christian McDonald
06:11 AM Feature #13864: QR codes for captive portal vouchers.: May be is a good idea to link this feature request with request #11379, which requests the basic print function for v... Frank Stoppacher
04:10 AM Regression #13862: Dynamic DNS check IP address service fails when using the default service: Works as expected with the patch on
23.01-RC (amd64)
built on Fri Jan 13 06:06:07 UTC 2023
FreeBSD 14.0-CURRENT Lev Prokofev
03:29 AM Bug #13087 (Pull Request Review): OpenVPN WINS options may be visible even when NetBIOS is disabled: I can confirm this behavior on the:... Danilo Zrenjanin
03:28 AM Bug #13869 (Confirmed): EWS server does not have an IPv6 address: When you try to register your pfsense for Plus and are connected via IPv6 only, the register page says "The registrat... Tony Boston
03:09 AM Bug #13088: Rapidly clicking certain options on OpenVPN Client Overrides can cause hide/show field behavior to invert: Correcting,
Replicable on 23.05 and 23.01 Lev Prokofev
03:04 AM Bug #13088: Rapidly clicking certain options on OpenVPN Client Overrides can cause hide/show field behavior to invert: Can't replicate the issue on
23.05-DEVELOPMENT (amd64)
built on Mon Jan 09 06:04:59 UTC 2023
FreeBSD 14.0-CURREN... Lev Prokofev
01:06 AM Feature #13868 (Closed): Allow packet capture on unassigned interfaces: I want to be able to capture packets on the base physical interface for a physical interface that only has assigned V... Andrew B

01/13/2023

06:00 PM Feature #13844: Make RADIUS Start/Stop accounting immediately log off a user that exceeds quota when reauthentication is disabled: From my research the RADIUS standards facilitate this by way of RFC-3576 Disconnect-Request requests, which are suppo... Reid Linnemann
03:48 PM Bug #10624: Memory leak in Unbound with Python module and DHCP lease registration active: https://github.com/NLnetLabs/unbound/pull/827
We also need Unbound to quit reloading the interpreter on every SIGH... Christian McDonald
03:09 PM Bug #13860 (Pull Request Review): Typo in Remote IPv4/IPv6 Address help text on ``interfaces_gre_edit.php``: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/1007 Christopher Cope
12:33 PM Bug #13088 (Pull Request Review): Rapidly clicking certain options on OpenVPN Client Overrides can cause hide/show field behavior to invert: I can confirm this behavior is present on the:... Danilo Zrenjanin
11:46 AM pfSense Docs New Content #13825 (Closed): Add docs for installing/using a debug kernel: Picked back and deployed since we want these public before release in case we need users to load a debug kernel when ... Jim Pingle
09:00 AM Bug #13652: Inconsistent behavior filtering ICMP traffic: > Clearly, this behavior is inconsistent.
>
> Even stranger, the inbound rules work as expected when the Qualys ... Infra Weavers
08:58 AM Todo #13867 (Resolved): Update Unbound to use Python 3.11 instead of Python 3.9: Christian McDonald
08:56 AM Todo #13866 (Feedback): Add Python 3.11.1 to base system: Christian McDonald
08:56 AM Todo #13866 (Resolved): Add Python 3.11.1 to base system: Christian McDonald
08:55 AM Todo #13865 (Resolved): Update Python 3.9.15 to 3.9.16 in base system: Christian McDonald
05:56 AM Feature #13864 (New): QR codes for captive portal vouchers.: Would be great, if the qrencode package (see [[https://fukuchi.org/works/qrencode/]] ) could somehow integrated (pack... Frank Stoppacher

Also available in: Atom

Project

General

Profile

pfSense

Activity

Activity

02/11/2023

02/10/2023

02/09/2023

02/08/2023

02/07/2023

02/06/2023

02/05/2023

02/04/2023

02/03/2023

02/02/2023

02/01/2023

01/31/2023

01/30/2023

01/29/2023

01/28/2023

01/27/2023

01/26/2023

01/25/2023

01/24/2023

01/23/2023

01/22/2023

01/21/2023

01/20/2023

01/19/2023

01/18/2023

01/17/2023

01/16/2023

01/15/2023

01/14/2023

01/13/2023