Activity

30 days up to

User

Subprojects

Activity

From 01/20/2023 to 02/18/2023

02/18/2023

09:59 PM pfSense Packages Regression #13984: PHP errors with squid: Resolve for this was found when working with members of the Netgate forum, resave the reverse proxy settings and afte... Jonathan Lee
08:43 PM pfSense Packages Regression #13984: PHP errors with squid: This error displays when any changes are made under Squid Jonathan Lee
08:42 PM pfSense Packages Regression #13984: PHP errors with squid: System was not having issues under prior version of pfSense. After update PHP errors occur when you try to make chang... Jonathan Lee
08:38 PM pfSense Packages Regression #13984 (Resolved): PHP errors with squid: I am not running Squid Reverse proxy, only Squid Proxy for outbound traffic.... Jonathan Lee
09:29 PM pfSense Packages Bug #10692: PIMD starts twice at boot: seeing 2x PIMD start, each with unique PIDs running 0.0.3_6 on 23.01 release Jordan G
08:39 PM pfSense Packages Bug #13972: nut on pfsense spams console every 5 minutes "UPS ups is unavailable" against cyberpower snmp rmcard205: Kernel issues please review attached log showing issue for NUT package Jonathan Lee
08:06 PM Bug #13729: Gateways stuck in Unknown status: Jordan Greene wrote in #note-9:
> Nazar Mokrynskyi wrote:
> > My pfSense is virtualized, so its interfaces are alwa... Nazar Mokrynskyi
07:53 PM Bug #13729: Gateways stuck in Unknown status: Nazar Mokrynskyi wrote:
> My pfSense is virtualized, so its interfaces are always up.
> pfSense was able to get IP ... Jordan G
07:03 PM pfSense Packages Todo #13906: Update tailscale from 1.34.2 to 1.36.0: Tailscale package updated to version *0.1.1_2* - showing dependency tailscale-1.36.0 Jordan G
03:23 PM pfSense Packages Bug #13898: Issues saving pfBlocker Sync Targets: This should be fixed in v3.2.0_2 BBcan177 .
03:22 PM pfSense Packages Regression #13950: PHP error with pfBlockerNG: This should be fixed in v3.2.0_2 BBcan177 .
10:13 AM pfSense Packages Regression #13950: PHP error with pfBlockerNG: Here is another after-clean install/restore:... Danilo Zrenjanin
02:05 PM pfSense Packages Bug #11898: PHP error from apcupsd dashboard widget when battery is charging: After upgrading to 23.01-RELEASE I also see similar behavior:... Anthony Messina
12:22 PM Regression #13983 (Resolved): Multiple PHP errors in the DHCP Server when the configuration contains an empty section for an interface: Seeing multiple pfSense 23.01 users having these PHP fatal error crashes. I got it in the DHCP Server tab by simply c... Car F
11:27 AM Bug #13915: PHP errors when re-running Traffic Shaper Wizards with different settings: If I can be of help, please let me know. I am having this issue as well, consistently. See https://forum.netgate.com/... Drew Saur
09:08 AM Bug #13982 (Duplicate): PHP error: /usr/local/www/firewall_rules.php:805: Duplicate of #13953 Jim Pingle
08:56 AM Bug #13982 (Duplicate): PHP error: /usr/local/www/firewall_rules.php:805: After upgrading to 23.01 with floating rules present and no currently configured OpenVPN intances:... Steve Wheeler
09:02 AM pfSense Packages Bug #13515: Snort with PHP 8.1 - TypeError when saving edits to an interface: One report of this still in 23.01-REL:
https://forum.netgate.com/topic/178019/php-errors-at-upgrade-to-23-01/ Steve Wheeler
08:56 AM pfSense Packages Bug #13979 (Duplicate): PfblockerNG fails to load on 23.01: Duplicate: https://redmine.pfsense.org/issues/13950 Christopher Cope
03:57 AM pfSense Packages Bug #13979: PfblockerNG fails to load on 23.01: My machine: netgate 6100 Paolo Est
03:55 AM pfSense Packages Bug #13979 (Duplicate): PfblockerNG fails to load on 23.01: Notifications in this message: 1
================================
10:31:41 PHP ERROR: Type: 1, File: /usr/local/w... Paolo Est
08:54 AM pfSense Packages Bug #13980 (Duplicate): PfblockerNG error on installation on 23.01: Duplicate https://redmine.pfsense.org/issues/13950 Christopher Cope
03:57 AM pfSense Packages Bug #13980: PfblockerNG error on installation on 23.01: My machine: netgate 6100 Paolo Est
03:55 AM pfSense Packages Bug #13980 (Duplicate): PfblockerNG error on installation on 23.01: Executing custom_php_install_command()...
Rebuilding GeoIP tabs...grep: /usr/local/share/GeoIP/cc/Africa_v4.txt: No ... Paolo Est
07:50 AM pfSense Plus Bug #13981 (Resolved): PHP Error on ``status_interfaces.php`` with empty switch VLAN group configuration and assigned VLAN interfaces: Devices with switches are hitting this after upgrading to 23.01.... Steve Wheeler

02/17/2023

11:14 PM pfSense Packages Regression #13978 (Resolved): PHP errors with squidGuard: Receiving the following error when trying to install/uninstall the squidguard package.
codePHP ERROR: Type: 1, Fil... Bob Williams
10:05 PM Revision a81a848e: Remove subtree support from devel/git since we do not need it and it pulls in a bunch of ruby deps: Brad Davis
09:57 PM Revision 879c85b0: add net/mcjoin and net/mrouted to poudriere_bulk: Christian McDonald
09:33 PM Regression #13963: OpenVPN and GIF interface create/destroy operations fail due to outdated ``linker.hints``: If the /dev/tun part is significant I'm still seeing this after running both `kldxref` (and restarting) and patching ... Zac West
10:45 AM Regression #13963: OpenVPN and GIF interface create/destroy operations fail due to outdated ``linker.hints``: The change above will make it refresh the linker.hints file on each boot instead of only when the file doesn't exist.... Jim Pingle
10:40 AM Regression #13963 (Feedback): OpenVPN and GIF interface create/destroy operations fail due to outdated ``linker.hints``: Applied in changeset pfsense:commit:18b8e41591905844627377b76347f8acba88f0a1. Jim Pingle
08:35 AM Regression #13963: OpenVPN and GIF interface create/destroy operations fail due to outdated ``linker.hints``: It looks like the Tailcalse is affected too.
https://forum.netgate.com/topic/177923/tailscale-service-won-t-start-a... Danilo Zrenjanin
04:34 PM Revision 18b8e415: Refresh linker hints at each boot. Fixes #13963: Jim Pingle
03:54 PM Revision ef882c74: Merge pull request #4626 from bmeeks8/suricata-6.0.10_netmap_v14_api_build_opts: Jim Pingle
03:42 PM Bug #13929: IGMP Proxy multicast group membership query packets have an invalid checksum: Attached is a bundled up pkg that can be installed on amd64... Christian McDonald
02:40 PM Bug #13929: IGMP Proxy multicast group membership query packets have an invalid checksum: @Christian McDonald
sorry about the different output on freebsd 14, I figured out the issue, the bug is indeed in th... Nizam Moidu
02:11 PM Bug #13929: IGMP Proxy multicast group membership query packets have an invalid checksum: I've tried different versions of llvm across different versions of FreeBSD... I get the same result:... Christian McDonald
12:57 PM Bug #13929: IGMP Proxy multicast group membership query packets have an invalid checksum: Unfortunately I get the same output with the example program on 22.05 (FreeBSD 12.3) and 23.01 (FreeBSD14) Christian McDonald
12:37 PM Bug #13929: IGMP Proxy multicast group membership query packets have an invalid checksum: @Nizam Moidu
Thanks for the example program. This is immensely helpful. I'm looking at it now. Christian McDonald
09:46 AM Bug #13929: IGMP Proxy multicast group membership query packets have an invalid checksum: Has a bug report been filed upstream at https://bugs.freebsd.org/ ?
If so, can you please link it here Christian McDonald
09:37 AM Bug #13929: IGMP Proxy multicast group membership query packets have an invalid checksum: issue seems to be from freeBSD-14 upstream, freeBSD-13 seems to generate valid igmp query packets,
any idea pfsense ... Nizam Moidu
10:06 AM pfSense Packages Bug #13925 (Resolved): Suricata 6.0.8_7 - PHP Fatal Errror on IP Rep Tab: PR merged. Will be in builds soon. Jim Pingle
10:06 AM pfSense Packages Feature #13955 (Resolved): Add NETMAP_V14 build option knob to Suricata binary makefile options in file ./tools/conf/pfPorts/make.conf: PR merged. Will be in builds soon. Jim Pingle
10:06 AM pfSense Packages Bug #13920 (Resolved): 23.01RC - Suricata stops working after Wireguard installed: PR merged. Will be in builds soon. Jim Pingle
09:18 AM Todo #13977 (Rejected): ip asignadas openvpn-client: You shouldn't assign statics within the range for dynamic assignment. The lack of checking there is not something we ... Jim Pingle
08:43 AM Todo #13977: ip asignadas openvpn-client: Hello everyone, I have a problem when accessing with my client vpn, when accessing it gives me a dhcp error because w... Vicente Millan
08:40 AM Todo #13977 (Rejected): ip asignadas openvpn-client: Saliudos a todos tengo un problemas al accesar con mi client vpn, al accesar me da error de dhcp porque al crear mi p... Vicente Millan
07:24 AM Bug #13973: PHP error in ``gwlb.inc`` when OpenVPN or IPsec instances referred to by assigned interface entries are missing: You assigned an OpenVPN server as an interface, then removed the server entry but not the assignment? That isn't a va... Jim Pingle
07:16 AM Bug #13974 (Rejected): No network connectivity after 23.01 upgrade, 23.01 fresh image installation and configuration restoration: There isn't enough information here to say there is a bug. Interfaces such as OpenVPN get dummy entries that are allo... Jim Pingle
07:12 AM Bug #13573 (New): DHCP Server generates an invalid configuration for static mappings when defining network booting and UEFI HTTPBoot URL: Jim Pingle
07:00 AM pfSense Plus Bug #13976 (Resolved): SNMP logs "Device not configured" error message when queries involve built-in switch port interfaces: SNMP polls cause the following errors in system logs:
Feb 17 12:52:11 snmpd 9415 SIOCGIFDESCR (e6000sw0port1): De... Georgiy Tyutyunnik
05:39 AM pfSense Plus Bug #13975: when assigning a vlan to wan interface configured mac address is not used: I've tried the configuration on a sg-3100, that does exactly the same. Once you set the wan interface to the .34 inte... Oscar Muntenaar
04:53 AM pfSense Plus Bug #13975 (Not a Bug): when assigning a vlan to wan interface configured mac address is not used: I just updated my 22.05 to 23.01, and I noticed my mac address I configured in the physical interface was not getting... Oscar Muntenaar
05:06 AM Bug #12079: Kernel panic when running IGMP Proxy: Sleeping thread owns a non-sleepable lock: Hello. This is the same issue. I can't make promises, but it possibly going to get fixed some time next month. Mateusz Guzik
02:27 AM pfSense Packages Feature #10500: Build HAProxy Package with buildin Prometheus exporter: Per-Arne Hellarvik wrote in #note-14:
> I want to reopen this. The service has disappeared:
> [...]
Just stop using ... DRago_Angel [InV@DER]

02/16/2023

10:36 PM Bug #13573: DHCP Server generates an invalid configuration for static mappings when defining network booting and UEFI HTTPBoot URL: Commenting this line causes it to work as expected.
https://github.com/pfsense/pfsense/blob/master/src/etc/inc/servi... Jason Montleon
08:52 PM Bug #13573: DHCP Server generates an invalid configuration for static mappings when defining network booting and UEFI HTTPBoot URL: This still happens for me on 23.01-RELEASE.... Jason Montleon
10:33 PM Bug #12079: Kernel panic when running IGMP Proxy: Sleeping thread owns a non-sleepable lock: I may have hit this same issue. My pfsense box has crashed three times the last few months.
Due to my almost zero k... Arturo de Vries
10:13 PM Bug #13974 (Rejected): No network connectivity after 23.01 upgrade, 23.01 fresh image installation and configuration restoration: When PFSense is upgraded / re-imaged to 23.01 and configuration file restored, some interfaces that are un-assigned o... YP Lo
10:00 PM Bug #13973 (Resolved): PHP error in ``gwlb.inc`` when OpenVPN or IPsec instances referred to by assigned interface entries are missing: I have previously configured OpenVPN interface and OpenVPN, but subsequently removed OpenVPN configuration but leavin... YP Lo
09:24 PM pfSense Packages Bug #13972 (Closed): nut on pfsense spams console every 5 minutes "UPS ups is unavailable" against cyberpower snmp rmcard205: This is a bug in nut. I've seen similar on Linux and have confirmed MIB 0.52 fixes it rebuilding packages there.
T... Jason Montleon
06:43 PM Revision d9fa4584: Correct NAT state regex matching for rrd graphs. Fixes #13966: The original regex was ambiguous for posix REs, and some basic RE application
may have been done for *? which is not ... Reid Linnemann
05:35 PM pfSense Packages Bug #13971 (New): Prometheus service for HAProxy is gone: In https://redmine.pfsense.org/issues/10500 it was added. Now it's gone:... Per-Arne Hellarvik
05:31 PM pfSense Packages Feature #10500: Build HAProxy Package with buildin Prometheus exporter: I want to reopen this. The service has disappeared:... Per-Arne Hellarvik
04:56 PM pfSense Packages Regression #13970 (Resolved): PHP error in apcupsd widget from UTF-8 string handling: In 23.01 release:... Steve Wheeler
04:18 PM Revision 2186435b: Fix DHCP server config path typos. Fixes #13965: Jim Pingle
02:59 PM pfSense Packages Bug #13969: Status_Monitoring ignores NAT states: To apply the fix manually in the meantime, use this patch:... Jim Pingle
02:52 PM pfSense Packages Bug #13969 (Feedback): Status_Monitoring ignores NAT states: Fix pushed, will be in dev snapshots.
Not picked to 23.01 since it doesn't make sense to update this without havin... Jim Pingle
02:40 PM pfSense Packages Bug #13969 (Resolved): Status_Monitoring ignores NAT states: The fix for #13966 corrected parsing of NAT states for RRD, but the Status_Monitoring frontend appears to be ignoring... Jim Pingle
02:37 PM pfSense Docs Todo #13968 (Closed): Marvell install instructions need updated: The Marvell units below show screenshots from old versions of pfSense and don't inform about the option to select UFS... Christopher Cope
02:24 PM Revision e53f0573: Fix DNS override enable test. Fixes #13962: Jim Pingle
01:25 PM Regression #13966 (Feedback): RRD update script does not parse state data properly: Applied in changeset commit:d9fa4584e3fb63d6051e9f1db7655f931cb1be19. Reid Linnemann
12:37 PM Regression #13966: RRD update script does not parse state data properly: This has probably not worked correctly in a while. In addition to '.*?' being ambiguous in extended REs, these patter... Reid Linnemann
10:44 AM Regression #13966 (Resolved): RRD update script does not parse state data properly: The states graph is not functional on 23.01 and current dev snapshots of CE and Plus
The regex pattern used by the... Jim Pingle
12:24 PM Regression #13963: OpenVPN and GIF interface create/destroy operations fail due to outdated ``linker.hints``: This also affects GIF interfaces, so it's more general than just OpenVPN.
https://forum.netgate.com/topic/177928/h... Jim Pingle
07:50 AM Regression #13963: OpenVPN and GIF interface create/destroy operations fail due to outdated ``linker.hints``: See: https://forum.netgate.com/topic/177887/openvpn-could-not-be-established-after-upgrade-to-23-01-on-sg-3100 Steve Wheeler
07:47 AM Regression #13963 (Resolved): OpenVPN and GIF interface create/destroy operations fail due to outdated ``linker.hints``: Tunnels can fail to start like:... Steve Wheeler
10:57 AM pfSense Plus Bug #13967 (Resolved): aarch64 23.01 upgrade can fail to write the bootloader: In some situations an upgrade to 23.01 on an 1100 or 2100 will fail after the upgrade process is unable to update the... Steve Wheeler
10:25 AM Regression #13965 (Feedback): Automatic DHCP failover firewall rules are not present in the ruleset when failover is active: Applied in changeset commit:2186435b5185ceb294cd6a4c1380db443e4dd218. Jim Pingle
10:17 AM Regression #13965 (Resolved): Automatic DHCP failover firewall rules are not present in the ruleset when failover is active: In an HA setup when the DHCP server is configured with a failover peer IP address, the ruleset should automatically g... Jim Pingle
09:46 AM Bug #12056: Filterlog says "Unknown Option %u": Seems to be caused by https://github.com/pfsense/FreeBSD-ports/blob/95209049501e8372d0f31dcf2dfb45269a179151/sysutils... Florian Apolloner
08:33 AM Regression #13962: PPP interfaces do not request DNS servers when "DNS Server Override" is enabled: Updating the subject to match the root cause of the problem.
You can install the "System Patches package":https://... Jim Pingle
08:30 AM Regression #13962 (Feedback): PPP interfaces do not request DNS servers when "DNS Server Override" is enabled: Applied in changeset commit:e53f0573d853325dfb463eab8bfe59a9f4d6ce61. Jim Pingle
08:27 AM Regression #13962: PPP interfaces do not request DNS servers when "DNS Server Override" is enabled: The test in the code that generates the MPD config for PPP interfaces isn't checking the override setting correctly s... Jim Pingle
08:06 AM Regression #13962 (Confirmed): PPP interfaces do not request DNS servers when "DNS Server Override" is enabled: I can reproduce this here locally at least on one system.
The DNS servers are not getting passed through to @/usr/... Jim Pingle
04:05 AM Regression #13962 (Resolved): PPP interfaces do not request DNS servers when "DNS Server Override" is enabled: System --> General Setup --> DNS Server Settings --> DNS Server Override --> [x] Allow DNS server list to be overridd... Philip Gahl
08:31 AM pfSense Plus Bug #13964: PHP syntax error in ``ec2_setup.php``: That code only exists in Plus, and it's in the factory ports repo under @sysutils/pfSense-ec2_setup@ Jim Pingle
08:19 AM pfSense Plus Bug #13964 (Resolved): PHP syntax error in ``ec2_setup.php``: The ec2_setup.php file contains code that is not compatible with PHP 8.1.... Danilo Zrenjanin
07:45 AM Todo #13959: Trim blank characters from static IP address fields on the Interface configuration page: It shouldn't be letting that through.
It should either be doing a @trim()@ on the input to remove whitespace or it... Jim Pingle
07:37 AM Bug #13961: Virtual IP address input validation does not check for overlap with DHCP address ranges: You are right, if it is checked in one direction then it should be checked in both.
Jim Pingle
04:00 AM Bug #13961 (Confirmed): Virtual IP address input validation does not check for overlap with DHCP address ranges: Firewall|Virtual IPs/Add:
When adding a Virtual IP to an interface in the WebGUI, there is no check at this point to... Willy Tenner
07:34 AM Regression #13943: OpenVPN crashes with Signal 8 with very low fragment size: Florian Achleitner wrote in #note-8:
> Unfortunately, theres is no mechanism to restart a crashed service automatica... Jim Pingle
06:59 AM Regression #13943: OpenVPN crashes with Signal 8 with very low fragment size: I wonder if explicitly specifying a value for mssfix would fix this. From the docs:... Florian Apolloner
06:52 AM Regression #13943: OpenVPN crashes with Signal 8 with very low fragment size: We observed this today. OpenVPN crashed with these log lines:
openvpn:... Florian Achleitner

02/15/2023

08:30 PM Revision c19e685a: Add and enable new NETMAP_V14 Suricata build option: Bill Meeks
08:26 PM pfSense Packages Regression #13950: PHP error with pfBlockerNG: Another report after upgrading to 23.01:... Marcos M
08:25 PM pfSense Packages Regression #13960 (Resolved): PHP Fatal error - pfblockerng.widget.php: Upgrading to new 23.01 release today and was greeted with unusable WebConfigurator due to php error on Pfblocker dash... RED SKULL
07:10 PM pfSense Packages Regression #13958: Snort exits with signal 10 on arm32: Signal 10 is the "unaligned memory access" fault. My first suspicion is an update of the llvm compiler in 23.01 has r... Bill Meeks
06:09 PM pfSense Packages Regression #13958 (Resolved): Snort exits with signal 10 on arm32: In 23.01 Snort core dumps with signal 10:... Steve Wheeler
06:39 PM Todo #13959 (Resolved): Trim blank characters from static IP address fields on the Interface configuration page: A days ago i have a trouble configuring Unbound.
When adding a service in a new interface (only in IPv6) the test... william costa
03:01 PM pfSense Packages Bug #13920: 23.01RC - Suricata stops working after Wireguard installed: The final fix for this issue is contained in pull request #1226 posted for review and merge. The request may be viewe... Bill Meeks
02:58 PM pfSense Packages Feature #13955: Add NETMAP_V14 build option knob to Suricata binary makefile options in file ./tools/conf/pfPorts/make.conf: The required Pull Request for this feature has been posted for review and merge. The request is available here: https... Bill Meeks
02:56 PM pfSense Packages Bug #13925: Suricata 6.0.8_7 - PHP Fatal Errror on IP Rep Tab: The pull request containing this fix has been posted for review and merge. The pull request can be viewed here: https... Bill Meeks
11:25 AM Bug #13883 (Resolved): UDP checksum errors with ``ixgbe`` interfaces: Noted, thanks! Jim Pingle
11:23 AM Bug #13883: UDP checksum errors with ``ixgbe`` interfaces: This issue appears to be fixed now that commit @d9b31bb0c79fc0febe4c93d71af6bc7de4009ccf@ was merged on 2/9. This can... Glenn Hall
09:10 AM pfSense Packages Feature #13957 (Rejected): BandwidthD: For any of that to be possible the actual developers of bandwidthd would have to add those functions first, which at ... Jim Pingle
09:01 AM pfSense Packages Feature #13957 (Rejected): BandwidthD: The current application available through pfsense doesn't allow for monitoring of multiple interfaces and data collec... Mike Moore
08:12 AM Bug #13953: PHP Error loading Floating rule tab with OpenVPN group rules when there are no OpenVPN instances in the configuration: Jim Pingle wrote in #note-1:
> Looks like maybe you have rules defined for the OpenVPN group on the Floating tab but... Christos Messios
07:54 AM Feature #13956 (New): Add advanced firewall rule function: I want to implement something like the following rule functionality in pfsense. This function is used to prevent in... yon Liu
07:34 AM Bug #13954 (Duplicate): Invalid custom DHCP option data can cause the DHCP daemon to fail: I can't replicate this here on snapshots as it appears to be fixed by #13584.
Your error was caused because you en... Jim Pingle

02/14/2023

10:07 PM pfSense Packages Feature #13955: Add NETMAP_V14 build option knob to Suricata binary makefile options in file ./tools/conf/pfPorts/make.conf: I will be submitting the pull request to accomplish this request as soon as pfSense Plus 23.01 exits RC status and go... Bill Meeks
10:01 PM pfSense Packages Feature #13955 (Resolved): Add NETMAP_V14 build option knob to Suricata binary makefile options in file ./tools/conf/pfPorts/make.conf: Suricata 6.0.9 and later supports a new Makefile build option called NETMAP_V14. This enables a binary build using th... Bill Meeks
10:06 PM pfSense Packages Bug #13925: Suricata 6.0.8_7 - PHP Fatal Errror on IP Rep Tab: Thanks Marcos. I have already created the necessary fix and posted the commit to my personal FreeBSD-ports repo. I wi... Bill Meeks
07:06 PM pfSense Packages Bug #13925: Suricata 6.0.8_7 - PHP Fatal Errror on IP Rep Tab: Here's the diff submitted previously FWIW:... Marcos M
07:02 PM pfSense Packages Bug #13925: Suricata 6.0.8_7 - PHP Fatal Errror on IP Rep Tab: I have taken responsibility for correcting this issue in the Suricata GUI package. I have a PR ready for submission s... Bill Meeks
04:03 PM Bug #13954 (Duplicate): Invalid custom DHCP option data can cause the DHCP daemon to fail: It took a 24 hours and 30 configuration changes to be noticed, so I don't know exactly what I did (I'm a newb in pfSe... Corey Cooper
07:24 AM Bug #13953: PHP Error loading Floating rule tab with OpenVPN group rules when there are no OpenVPN instances in the configuration: Looks like maybe you have rules defined for the OpenVPN group on the Floating tab but you have no OpenVPN clients or ... Jim Pingle
12:55 AM Bug #13953 (Resolved): PHP Error loading Floating rule tab with OpenVPN group rules when there are no OpenVPN instances in the configuration: PHP ERROR: Type: 1, File: /usr/local/www/firewall_rules.php, Line: 805, Message: Uncaught TypeError: Cannot access of... Christos Messios

02/13/2023

03:52 PM pfSense Packages Feature #12711: Add InfluxDB V2 support: Is it possible to get some TLC on this? I use Telegraf and InfluxDB V2 for my metrics from my homelab, so this is a b... Per-Arne Hellarvik
03:24 PM Revision a6494075: poudriere: start building kea: Christian McDonald
01:56 PM Bug #13952 (New): OpenVPN: Pfsense doesn't report the correct client IP in log after DHCP reply from Radius: We have 2 pfsense nodes experiencing the same issue.
We have openvpn server setup in them with the IPv4 Tunnel range... Data Vee
11:00 AM pfSense Packages Regression #13947 (Feedback): Remove 4096GB quota limit: Validation removed in ddebe728, plumbed through plus-devel and 23.01 Reid Linnemann
10:23 AM pfSense Packages Bug #13951: pfblockerNG does not allow for vlan description changes: A workaround i have found is to first disable the interface under Interfaces/Interface Assignments / Select an interf... Mike Moore
10:21 AM pfSense Packages Bug #13951 (Resolved): pfblockerNG does not allow for vlan description changes: After a few weeks of troubleshooting within the forums, the problem has been traced directly to pfblocker. If install... Mike Moore
07:12 AM Bug #13940 (Pull Request Review): Firewall log parser does not handle SCTP log entries: Jim Pingle

02/12/2023

11:46 PM Bug #5413: Reduce disruptions when changing DNS records from DHCP leases in Unbound: Christian McDonald wrote in #note-49:
> Unbound reloads are faster now when Python mode is enabled. I eliminated the... Michael Kolassa
09:09 PM Bug #5413: Reduce disruptions when changing DNS records from DHCP leases in Unbound: Unbound reloads are faster now when Python mode is enabled. I eliminated the expensive task of reloading the entire p... Christian McDonald
08:28 PM Bug #5413: Reduce disruptions when changing DNS records from DHCP leases in Unbound: Christian McDonald wrote in #note-47:
> Taking this one on as I'm now quite familiar with Unbound in pfSense
Sorr... Michael Kolassa
09:00 PM pfSense Packages Regression #13950 (Resolved): PHP error with pfBlockerNG: After restoring a config backup which contains pfBlockerNG-devel to a fresh install of 23.01, a crash/alert shows the... Marcos M
01:06 PM pfSense Plus Bug #13949: Boot Environments do not seem to cleanly restore the system: That’s why I said that errors in packages are irrelevant
User runs 22.05 and has no errors in packages - BE “defa... Yuri Weinstein
11:57 AM pfSense Plus Bug #13949: Boot Environments do not seem to cleanly restore the system: There is some conflating of issues here. What I'm saying is, the issue with pfBlockerNG specifically wasn't unique to... Christian McDonald
11:16 AM pfSense Plus Bug #13949: Boot Environments do not seem to cleanly restore the system: IMHO errors with packages are irrelevant.
User expectations are that BE switches in between different pfS versions... Yuri Weinstein
11:10 AM pfSense Plus Bug #13949: Boot Environments do not seem to cleanly restore the system: That issue with pfBlockerNG isn't related to BEs. I've seen it and I addressed it. It was also impacting CE 2.6.0
... Christian McDonald
10:35 AM pfSense Plus Bug #13949: Boot Environments do not seem to cleanly restore the system: `pfBlockerNG-devel` had errors:... Yuri Weinstein
10:07 AM pfSense Plus Bug #13949: Boot Environments do not seem to cleanly restore the system: We're going to need more information. What errors ? Christian McDonald
09:51 AM pfSense Plus Bug #13949 (New): Boot Environments do not seem to cleanly restore the system: I tried and set up 25.01RC and had a minor issue so decided to roll back to 22.05.
To my surprise, after restoring... Yuri Weinstein
06:15 AM Feature #13843: Add ability to properly configure RADIUS captive portal user quotas of 4096MB or more: From my perspective, the 32 bit overflow has broken the captive portal quota tracking with freeRadius that was workin... Dale Harron
02:02 AM Bug #731: Shaper: p2p catch all bandwidth allows various selections but only % usable: This claims to be resolved over 8 years ago, however at this moment I'm getting this error.
In the source in func... Grioghar Thomas-Baldwin
01:43 AM Bug #13929: IGMP Proxy multicast group membership query packets have an invalid checksum: I was going to upgrade from 2.6.0 CE to plus 23.01, but this bug is a stopper for me. I've got a working IPTV setup a... Arturo de Vries

02/11/2023

08:46 PM Feature #13948 (New): Allow %any for local_addrs IPsec endpoint setting: Charon allows setting %any as local_addrs, allowing connections to all IPs. We should offer a setting to set this opt... Flole Systems
12:03 PM pfSense Packages Regression #13947: Remove 4096GB quota limit: As an observation, you can avoid the overflow consequences of premature logout due to the 32 bit unsigned integer ove... Dale Harron
10:40 AM Bug #13929: IGMP Proxy multicast group membership query packets have an invalid checksum: Hopefully it will be fixed in the upcoming version 23.01. Otherwise I have to skip this version. :(
Is this bug al... Johannes Wanink
04:01 AM Bug #13940: Firewall log parser does not handle SCTP log entries: Done in https://github.com/pfsense/pfsense/pull/4625. Théo Sarrazin

02/10/2023

04:59 PM Revision 3269c456: update dependencies managed by composer: Christian McDonald
11:18 AM Feature #13843: Add ability to properly configure RADIUS captive portal user quotas of 4096MB or more: Let's keep the notes relevant to the issue topic, please. Your concerns about interim accounting overflowing uint32, ... Reid Linnemann

02/09/2023

07:40 AM pfSense Packages Bug #13874 (Resolved): pfBlocker -devel hanging on cron jobs: Thanks for testing and following up!
I'm going to mark this one resolved as there was some overlap with #13926 and... Jim Pingle
07:39 AM pfSense Packages Bug #13926 (Resolved): pfBlockerNG-devel 3.2.0 - Slow MaxMind Database Downloads under PHP 8.1: Jim Pingle
06:20 AM Feature #13843: Add ability to properly configure RADIUS captive portal user quotas of 4096MB or more: I believe I can finally put this project in perspective for all of us.
1. The reconciliation of the 32 bit unsigne... Dale Harron
05:39 AM pfSense Packages Bug #13936 (Confirmed): PHP error from RRD Graphs when attempting a query a newly created empty database: I replicated the issue. ... Danilo Zrenjanin
12:17 AM Revision 402c98a2: Update copyright years to include 2023: Reid Linnemann

02/08/2023

06:38 PM pfSense Packages Bug #13874: pfBlocker -devel hanging on cron jobs: Work has had me tied up so I haven't been able to do review the information Jim was kind enough to provide. I freed ... Allen C
06:31 PM Feature #13843: Add ability to properly configure RADIUS captive portal user quotas of 4096MB or more: If you are referring to periodic auth as both Reauth every minute checked and/or stop/start checked I have tested bot... Dale Harron
11:23 AM Feature #13843: Add ability to properly configure RADIUS captive portal user quotas of 4096MB or more: Regression #13947 covers this. Reid Linnemann
11:15 AM Feature #13843: Add ability to properly configure RADIUS captive portal user quotas of 4096MB or more: I understand the concern here. I think until I can improve on the pfSense-Max-Total-Octets used for preemptive logout... Reid Linnemann
07:21 AM Feature #13843: Add ability to properly configure RADIUS captive portal user quotas of 4096MB or more: Perhaps it would help if I took a different perspective here:
You do not have to implement the following: "Documen... Dale Harron
06:47 AM Feature #13843: Add ability to properly configure RADIUS captive portal user quotas of 4096MB or more: In way of clarification, the used-octets-user or used-octets-user-uniqueID files are currently correctly updated with... Dale Harron
03:36 PM pfSense Packages Bug #13926: pfBlockerNG-devel 3.2.0 - Slow MaxMind Database Downloads under PHP 8.1: This change fixed two issues I have seen with pfB since moving to 23.01: 1) slow MaxMind downloads; 2) slow block lis... Glenn Hall
11:21 AM pfSense Packages Regression #13947 (Feedback): Remove 4096GB quota limit: The 4096GB quota limit introduced to prevent pfSense-Max-Total-Octets overflowing uint32 for captive portal artificia... Reid Linnemann
08:37 AM pfSense Packages Bug #13897 (Resolved): IPsec Profile Wizard/Windows: Generated script adds an invalid route command for ``0.0.0.0/0``: Tested against the IPsec Profile Wizard pkg v. 1.1
It looks fine.
*Split Tunnel Routes* part is omitted if the loca... Danilo Zrenjanin
07:49 AM Bug #13946 (Resolved): Polish translation contains an invalid ``sprintf()`` format in the text for ``firewall_nat_out_edit.php``: A PHP error occurs when a user tries to open @firewall_nat_out_edit.php@ when using the Polish translation:... Jim Pingle
07:14 AM pfSense Packages Feature #13930: Hysteria Proxy/Relay: help doc link: https://hysteria.network/docs/advanced-usage/ yon Liu
04:41 AM pfSense Packages Feature #13930: Hysteria Proxy/Relay: It supports using ACME to obtain encryption certificates or self-signed certificates can be used. yon Liu
04:40 AM pfSense Packages Feature #13930: Hysteria Proxy/Relay: After I have tested and compared, it is designed to include encryption to bypass monitoring. After the network protoc... yon Liu
04:33 AM pfSense Packages Feature #13930: Hysteria Proxy/Relay: No, it has encryption, and it's specifically designed to bypass internet surveillance in authoritarian countries. Cer... yon Liu
06:44 AM Regression #13418: Captive Portal does not keep track of client data usage: In way of clarification, the used-octets-user or used-octets-user-uniqueID files are currently correctly updated with... Dale Harron
06:19 AM Regression #13418: Captive Portal does not keep track of client data usage: The solution that was applied for stop/start freeRadius that sends only incremental data use in each stop/start packe... Dale Harron
04:02 AM Bug #13929: IGMP Proxy multicast group membership query packets have an invalid checksum: I’m also hoping this could be fixed in 23.01.
It’s going to destroy a lot of IPTV setups when people upgrade. R. Picobello
03:59 AM Bug #13929: IGMP Proxy multicast group membership query packets have an invalid checksum: I can't upgrade to 23.01 if this issue is still active in 23.01.
Hopefully this will be fixed in 23.01 instead of ... Remie van de Zande

02/07/2023

10:31 PM Feature #12070: Support for VLAN ``0``: Christopher Cope wrote in #note-7:
> Tested on
> [...]
>
> Working successfully with AT&T on my edge without the... Matt Johnson
08:05 PM Revision e0fd8fdd: Enable the registration page on Plus.: Allow the customers to re-register an existing instance if the NDI changes.
Ticket: 9580 Luiz Souza
04:31 PM Bug #13945: DHCP Active Leases page display: Further testing on my system has shown the issue to be present in the "legacy" light and dark themes, the Beta themes... Mike McV
04:20 PM Bug #13945 (Rejected): DHCP Active Leases page display: Can't reproduce this here. The whole row is always displayed. FF 109.0.1, Chrome 110.0.5481.78.
If I reduce the wi... Jim Pingle
04:07 PM Bug #13945 (Rejected): DHCP Active Leases page display: The DHCP assigned leases page formatting will not allow a full row display regardless of window dimensions.
I have... Mike McV
03:49 PM Feature #13843: Add ability to properly configure RADIUS captive portal user quotas of 4096MB or more: @edaleh I believe I can now explain most of this behavior.
redmine 13418 fixed an issue with freeRadius where fr... Dale Harron
02:19 PM pfSense Packages Todo #13255: Set PKCS#12 algorithm when exporting OpenVPN ZIP or Windows bundles: That is part of the plan, see #13917 Jim Pingle
01:06 PM pfSense Packages Todo #13255: Set PKCS#12 algorithm when exporting OpenVPN ZIP or Windows bundles: Jim Pingle wrote:
> Currently when crafting a PKCS#12 archive the OpenVPN Client Export package does not set a speci... Thomas Ward
09:33 AM pfSense Packages Bug #10646 (Resolved): Reinstall package process stalls at pfBlockerNG when restoring a config: This has been working since the fix went in. Jim Pingle
09:33 AM pfSense Packages Bug #11398 (Resolved): pfBlocker upgrade hangs forever: This has been working since the fix went in. Jim Pingle
09:19 AM Bug #13935 (Resolved): RRD restore process does not sanitize filenames from backup XML: Backup and restore of RRD works as expected on current builds.
Jim Pingle
08:21 AM Bug #10624 (Resolved): Memory leak in Unbound with Python module and DHCP lease registration active: No reports of problems that I've seen since the fix is in place. If it recurs we can always reopen or start a fresh i... Jim Pingle
08:20 AM Regression #11316 (Resolved): Unbound crashes with signal 11 when reloading: No reports of problems that I've seen since the fix is in place. If it recurs we can always reopen or start a fresh i... Jim Pingle
08:19 AM Todo #13893 (Closed): Update Unbound to 1.17.1: This has been in for a while and no apparent issues. Closing. Jim Pingle
08:18 AM Regression #13944 (Resolved): PHP error in ``flock()`` during certain XMLRPC operations: Certain XMLRPC operations generate a PHP error mentioning @flock()@:... Jim Pingle
08:13 AM Feature #13446 (Closed): Upgrade PHP from 7.4 to 8.1: All done for 23.01. New issues can be handled separately. Jim Pingle
08:13 AM pfSense Packages Regression #13892 (Resolved): PHP error from ``status_monitoring.php`` with empty OpenVPN servers: Jim Pingle
08:05 AM Bug #13940: Firewall log parser does not handle SCTP log entries: The protocol layout isn't defined in the log parser so it doesn't know what to do with it. There is no test for proto... Jim Pingle

02/06/2023

10:05 PM Regression #13943: OpenVPN crashes with Signal 8 with very low fragment size: Marcos M wrote in #note-2:
> Signal 8 (SIGFPE) is @floating-point exception@:
> https://man.freebsd.org/cgi/man.cgi?s... Leon Dang
08:38 PM Regression #13943: OpenVPN crashes with Signal 8 with very low fragment size: Signal 8 (SIGFPE) is @floating-point exception@:
https://man.freebsd.org/cgi/man.cgi?sektion=3&query=signal
The Open... Marcos M
08:27 PM Regression #13943 (Resolved): OpenVPN crashes with Signal 8 with very low fragment size: OpenVPN crashes after updating from 22.01 to 22.05. The issue also occurs on 23.01-RC. Tested on an XG-1537-M2-32GB.
... Marcos M
07:54 PM Regression #13942 (Pull Request Review): PHP error on ``status_logs_settings.php`` if the configuration contains an empty ``syslog`` section: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/1010 Marcos M
07:08 PM Regression #13942 (Resolved): PHP error on ``status_logs_settings.php`` if the configuration contains an empty ``syslog`` section: See:
https://forum.netgate.com/topic/177633/logs-not-updating-on-23-01... Marcos M
06:34 PM pfSense Docs New Content #13941 (Resolved): Memory usage in pfSense: Questions frequently come up regarding memory usage in pfSense software. A doc on the subject could mention notes/qui... Marcos M
05:14 PM Revision ca80d184: Correct RRD backup/restore cmd file handling. Fixes #13935: Jim Pingle
04:18 PM Bug #13940 (Resolved): Firewall log parser does not handle SCTP log entries: Tested in 22.05 / 23.01.
The firewall logs page in the webGUI does not show the following entries in @/var/log/fil... Marcos M
04:15 PM Revision 053f60e5: util.inc: fix incorrect resource test in unlock(): Christian McDonald
03:48 PM Bug #13939: IPv6 does not work on secondary PPPoE WAN: It actually looks like this was written from the get-go to omit the scope, which is why it does @echo ${IP} |cut -d% ... Reid Linnemann
02:51 PM Bug #13939: IPv6 does not work on secondary PPPoE WAN: It may only need to ensure the proper scope gets added to that router file, which it isn't doing now.
source:src/usr... Jim Pingle
02:42 PM Bug #13939 (Resolved): IPv6 does not work on secondary PPPoE WAN: I have 2 PPPoE WANs at home and IPv6 only works on primary link, used as default gateway. In this case pppoe0 works ... Renato Botelho
02:38 PM pfSense Packages Bug #13920: 23.01RC - Suricata stops working after Wireguard installed: The fix for this issue requires an update to the custom blocking plugin compiled into the Suricata binary on pfSense.... Bill Meeks
02:24 PM Bug #13014: Deadlock in Charon VICI interface: We're still trying to reproduce this and gather data on it, but we are getting closer. Jim Pingle
02:12 PM Bug #13938 (Resolved): Kernel panic accessing the GUI over IPsec in certain environments when using nginx ``sendfile`` with unmapped mbufs: Under certain conditions which have not yet been identified, it is possible to encounter a kernel kernel panic on Fre... Jim Pingle
12:40 PM Bug #13937 (New): New OpenVPN entries are not immediately reflected in RRD graphs: When creating an OpenVPN entry, it is not immediately reflected in the RRD update script, graph database files, etc.
... Jim Pingle
12:33 PM pfSense Packages Bug #13936 (Resolved): PHP error from RRD Graphs when attempting a query a newly created empty database: Attempting to view an RRD graph of a new database that doesn't yet have data results in a PHP error.
Easiest way t... Jim Pingle
11:25 AM Bug #13935 (Feedback): RRD restore process does not sanitize filenames from backup XML: Applied in changeset commit:ca80d18493f8f91b21933ebd6b714215ae1e5e94. Jim Pingle
11:14 AM Bug #13935 (Resolved): RRD restore process does not sanitize filenames from backup XML: The code in source:src/etc/inc/config.lib.inc#L291 which restores RRD files from a @config.xml@ backup does not escap... Jim Pingle
08:46 AM pfSense Plus Bug #13933: Unable to make modifications to vlan descriptions: This site is not for support or diagnostic discussion, so that is something you'd need to keep on the forum thread an... Jim Pingle
08:25 AM pfSense Plus Bug #13933: Unable to make modifications to vlan descriptions: Although not a stock install of pfsense as there are other packages that needed to be installed via the repo[pfblocke... Mike Moore
07:30 AM pfSense Plus Bug #13933 (Rejected): Unable to make modifications to vlan descriptions: I can't reproduce this as stated. Changes to descriptions are immediately reflected as expected. They are stored in t... Jim Pingle
08:04 AM Bug #13929: IGMP Proxy multicast group membership query packets have an invalid checksum: Marking as 23.05 for now so it doesn't get missed. If we find a viable solution in the meantime we can try to squeeze... Jim Pingle
07:48 AM pfSense Packages Feature #13575: Update to frr 9.0.1: When this happens it's best to just move to 8.x and not keep two versions around.
Jim Pingle
07:46 AM pfSense Packages Feature #13931 (Duplicate): Upgrade FRR from 7.x to 8.x: Duplicate of #13575 Jim Pingle
07:34 AM pfSense Packages Feature #13930: Hysteria Proxy/Relay: It's no surprise that it's faster than WireGuard as it has no encryption. It's a proxy/relay setup, not an encrypted ... Jim Pingle

02/05/2023

09:16 PM Bug #13934 (Closed): Killing states by gateway can miss some IPv6 outbound states: Due to the default outbound rules, IPv6 outbound states are created with @gateway: ::@ which prevents the states from... Marcos M
05:50 PM pfSense Plus Bug #13933: Unable to make modifications to vlan descriptions: This is a reproducible issue. Changes to VLAN description cause all interfaces to flap. I have the system.log file to... Mike Moore
12:55 PM pfSense Plus Bug #13933: Unable to make modifications to vlan descriptions: Uploading log output jpeg. This occurs each time the vlan description is attempted to be changed but doesn't. There i... Mike Moore
12:49 PM pfSense Plus Bug #13933 (Rejected): Unable to make modifications to vlan descriptions: The issue is focused on interface heirarchy.
1. Attempting to change vlan description <clicking save> does not resul... Mike Moore
09:18 AM pfSense Packages Bug #13920: 23.01RC - Suricata stops working after Wireguard installed: Bill Meeks wrote in #note-7:
> Just to be clear on this PHP error. I think you are getting that because you made an ... Greger Blennerud
07:55 AM pfSense Packages Feature #13930: Hysteria Proxy/Relay: I have notified the developer of this program, and the developer has agreed to promote this program. And it is recomm... yon Liu

02/04/2023

10:41 PM Bug #13344: Vlan loses parent interface when changing LAGG mtu to jumbo frames: Matthew Whittaker-Williams wrote:
> When I try to add jumbo frames to lagg interface ( 9000 ) - main
> When I chan... Jordan G
09:36 PM pfSense Packages Bug #13932 (Not a Bug): Deprecation Message for Arpwatch: I checked the code. We are already using -w instead of -m. We could remove the pkg-message from our net-mgmt/arpwatch. Christian McDonald
06:12 PM pfSense Packages Bug #13932 (Not a Bug): Deprecation Message for Arpwatch: During install, the following message about deprecated flags is mentioned:
_
The -m flag is deprecated. If you are ... Kris Phillips
02:21 PM pfSense Packages Bug #13920: 23.01RC - Suricata stops working after Wireguard installed: Greger Blennerud wrote in #note-6:
> The actual list found in /usr/local/etc/suricata/suricata_28603_vtnet1 never cha... Bill Meeks
04:08 AM pfSense Packages Bug #13920: 23.01RC - Suricata stops working after Wireguard installed: I decided to do some more testing and discovered some wierd issues with the passlist.
First of all, I get a discrep... Greger Blennerud
11:03 AM Bug #13915: PHP errors when re-running Traffic Shaper Wizards with different settings: Athanasios Chatzi wrote in #note-2:
> Jim Pingle wrote in #note-1:
> > Can you attach the @<ezshaper>[...]</ezshape... Athanasios Chatzi
05:49 AM Bug #13915: PHP errors when re-running Traffic Shaper Wizards with different settings: Hi all!
Same problem here!! Since i updated to 23.01-RC i have the same problem like you.
I always had it worki... Humberto Nieto
10:59 AM pfSense Packages Feature #13931 (Duplicate): Upgrade FRR from 7.x to 8.x: The FRR latest version has fixed many problems. Including the bug fixes submitted by me. And added many new features.... yon Liu
10:55 AM pfSense Packages Feature #13930 (New): Hysteria Proxy/Relay: Please consider adding this function. I have tested that its actual network speed is 5-10 times faster than wireguard... yon Liu
10:05 AM pfSense Packages Bug #13925 (Pull Request Review): Suricata 6.0.8_7 - PHP Fatal Errror on IP Rep Tab: https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/328 Christopher Cope
08:45 AM pfSense Packages Bug #13925 (Confirmed): Suricata 6.0.8_7 - PHP Fatal Errror on IP Rep Tab: I'm able to reproduce this on... Christopher Cope
04:33 AM Feature #13843: Add ability to properly configure RADIUS captive portal user quotas of 4096MB or more: If the new 4095 GB limit set in the freeRadius user file edit/create code is related to this Feature, it is INCORRECT... Dale Harron
02:47 AM Bug #13929 (Resolved): IGMP Proxy multicast group membership query packets have an invalid checksum: Having a TV provider with multicast streams, working flawless in 22.50 when upgraded to 23.01 it starts stuttering an... R. Picobello

02/03/2023

09:34 PM Revision 8a2c52b0: Refactor some direct config access in sysctl: Christian McDonald
07:22 PM pfSense Plus Bug #13924 (Not a Bug): 23.01.r.20230202.1645 reports a creation date of 2022-07-01 23:36 - also have to manually add interfaces after rebooting each time.: Thanks for following up! Jim Pingle
07:16 PM pfSense Plus Bug #13924: 23.01.r.20230202.1645 reports a creation date of 2022-07-01 23:36 - also have to manually add interfaces after rebooting each time.: Christian McDonald wrote in #note-3:
> tailscaled expects to solely own the tailscale0 interface.
>
> pfSense is ... Scott Costa
06:48 PM pfSense Plus Bug #13924: 23.01.r.20230202.1645 reports a creation date of 2022-07-01 23:36 - also have to manually add interfaces after rebooting each time.: Christian McDonald wrote in #note-3:
> tailscaled expects to solely own the tailscale0 interface.
>
> pfSense is ... Scott Costa
08:28 AM pfSense Plus Bug #13924: 23.01.r.20230202.1645 reports a creation date of 2022-07-01 23:36 - also have to manually add interfaces after rebooting each time.: tailscaled expects to solely own the tailscale0 interface.
pfSense is throwing an interface mismatch/change warnin... Christian McDonald
07:22 AM pfSense Plus Bug #13924 (Incomplete): 23.01.r.20230202.1645 reports a creation date of 2022-07-01 23:36 - also have to manually add interfaces after rebooting each time.: The creation date you are referencing is the creation date of the default Boot Environment and that's normal/expected... Jim Pingle
06:20 PM Bug #13928 (Duplicate): Add Notification to webConfigurator for Low Disk Space: Duplicate of #10467 Jim Pingle
04:30 PM Bug #13928 (Duplicate): Add Notification to webConfigurator for Low Disk Space: Frequently customers will run into disk space issues with very little indication what is causing it. Adding a notifi... Kris Phillips
04:33 PM pfSense Packages Bug #13920: 23.01RC - Suricata stops working after Wireguard installed: Looking into this deeper, I suspect there is potentially an issue with the custom blocking plugin used with the Suric... Bill Meeks
11:07 AM pfSense Packages Regression #13884: pfBlockerNG DNSBL TLD option causes reloads to take a long time: Related forum thread: https://forum.netgate.com/topic/177504/v-3-2-0-with-pfsense-23-01-rc-20230202 Jim Pingle
10:40 AM pfSense Packages Bug #13874: pfBlocker -devel hanging on cron jobs: There may be two distinct issues there: One with downloads, and one with processing.
If you find it's hanging up on ... Jim Pingle
10:10 AM pfSense Packages Bug #13874: pfBlocker -devel hanging on cron jobs: Ran into this issue on pfBlockerNG-devel v3.2.0 a few days ago. Have been deploying dailies, currently on v2.7.0.a.2... Allen C
10:24 AM Bug #13927 (New): Cannot set AdvDefaultLifetime aka "Router lifetime": Typically, setting AdvDefaultLifetime to 0 means that a router cannot be used as a default router.
(c.f. https://lin... Jan L.
10:08 AM pfSense Packages Bug #13926 (Feedback): pfBlockerNG-devel 3.2.0 - Slow MaxMind Database Downloads under PHP 8.1: I merged the changes to the pfBlockerNG cURL defaults, so the next build will include them. Jim Pingle
09:48 AM pfSense Packages Bug #13926: pfBlockerNG-devel 3.2.0 - Slow MaxMind Database Downloads under PHP 8.1: Steve Wilson wrote in #note-2:
> Jim,
>
> With your patch applied the download completes in about 5 seconds, so i... Jim Pingle
09:44 AM pfSense Packages Bug #13926: pfBlockerNG-devel 3.2.0 - Slow MaxMind Database Downloads under PHP 8.1: Jim,
With your patch applied the download completes in about 5 seconds, so it solves the issue. But note that the... Steve Wilson
09:24 AM pfSense Packages Bug #13926: pfBlockerNG-devel 3.2.0 - Slow MaxMind Database Downloads under PHP 8.1: If you can easily reproduce this, try the following patch (path strip=1):... Jim Pingle
04:37 AM pfSense Packages Bug #13926 (Resolved): pfBlockerNG-devel 3.2.0 - Slow MaxMind Database Downloads under PHP 8.1: Prior to the update to PHP 8.1, downloads of the MaxMind database would take approximately 4 seconds. After the updat... Steve Wilson
08:11 AM pfSense Packages Bug #13922 (Resolved): Snort - rules package downloads may hang for an extended period if remote site offers an HTTP/2 connection: PR merged, thanks! Jim Pingle
08:11 AM pfSense Packages Bug #13923 (Resolved): Snort - fails to clean-up all files when uninstalling and also creates an unnecessary barnyard2 logging subdirectory.: PR merged, thanks! Jim Pingle
08:11 AM pfSense Packages Bug #13839 (Resolved): Suricata version updates take a long time: PR merged, thanks! Jim Pingle
01:54 AM pfSense Packages Bug #13925 (Resolved): Suricata 6.0.8_7 - PHP Fatal Errror on IP Rep Tab: Clicking on the IP Rep tab when editing an existing interface throws a PHP error.
Steps to reproduce:
1. Naviga... Steve Wilson

02/02/2023

11:31 PM pfSense Plus Bug #13924: 23.01.r.20230202.1645 reports a creation date of 2022-07-01 23:36 - also have to manually add interfaces after rebooting each time.: Intended to mention that having to manually add the interfaces back and DHCP not auto starting all began upon upgradi... Scott Costa
11:25 PM pfSense Plus Bug #13924 (Not a Bug): 23.01.r.20230202.1645 reports a creation date of 2022-07-01 23:36 - also have to manually add interfaces after rebooting each time.: 23.01.r.20230202.1645 reports a incorrect creation date of 2022-07001 23:36 after installing it.
Also, after firs... Scott Costa
07:26 PM pfSense Packages Bug #13922: Snort - rules package downloads may hang for an extended period if remote site offers an HTTP/2 connection: This issue is resolved by pull request #1225 posted against the DEVEL snapshots here: https://github.com/pfsense/Free... Bill Meeks
07:04 PM pfSense Packages Bug #13922 (Resolved): Snort - rules package downloads may hang for an extended period if remote site offers an HTTP/2 connection: Changes in cURL function behavior in PHP 8.1 make the Snort package vulnerable to a hang condition when downloading r... Bill Meeks
07:26 PM pfSense Packages Bug #13923: Snort - fails to clean-up all files when uninstalling and also creates an unnecessary barnyard2 logging subdirectory.: This issue is resolved by pull request #1225 posted against the DEVEL snapshots here: https://github.com/pfsense/Free... Bill Meeks
07:10 PM pfSense Packages Bug #13923 (Resolved): Snort - fails to clean-up all files when uninstalling and also creates an unnecessary barnyard2 logging subdirectory.: The Snort package fails to clean up all it's _*.rules_ files when uninstalling. It also creates a Barnyard2 logging s... Bill Meeks
06:27 PM pfSense Packages Bug #13839: Suricata version updates take a long time: Jim Pingle wrote in #note-6:
> To fix some issues in Dynamic DNS where it didn't want to close connections (it hung ... Bill Meeks
06:12 PM pfSense Packages Bug #13839: Suricata version updates take a long time: The pull request to correct this issue has been submitted against the snapshots DEVEL branch here: https://github.com... Bill Meeks
05:19 PM pfSense Packages Bug #13839: Suricata version updates take a long time: To fix some issues in Dynamic DNS where it didn't want to close connections (it hung pretty much indefinitely) we end... Jim Pingle
05:07 PM pfSense Packages Bug #13839: Suricata version updates take a long time: After some digging around, I am pretty sure I found the problem here. It is related to HTTP/2 support in cURL. I can ... Bill Meeks
05:24 PM pfSense Packages Bug #13566 (Resolved): Non-devel pfBlocker Package Broken in 2.7 CE with PHP 8.1: Tested on... Christopher Cope
04:31 PM pfSense Packages Bug #13920: 23.01RC - Suricata stops working after Wireguard installed: Christian McDonald wrote in #note-3:
> Hi,
>
> I'll have a look. Might not be this week, but definitely next week... Bill Meeks
02:23 PM pfSense Packages Bug #13920: 23.01RC - Suricata stops working after Wireguard installed: Hi,
I'll have a look. Might not be this week, but definitely next week. Christian McDonald
01:43 PM pfSense Packages Bug #13920: 23.01RC - Suricata stops working after Wireguard installed: I might need some assistance from the Netgate wireguard guru on this one. I don't have a functioning wireguard packag... Bill Meeks
10:38 AM pfSense Packages Bug #13920 (Resolved): 23.01RC - Suricata stops working after Wireguard installed: Upgraded to 23.01RC from 22.05 without any packages installed. Current base system shown as 23.01.r.20230202.0019
... Greger Blennerud
12:51 PM pfSense Docs Correction #13921 (Closed): OpenVPN Monitoring Docs need updated: https://redmine.pfsense.org/issues/13129
The above issue changes have been committed. The docs haven't been updated ... Christopher Cope
10:47 AM pfSense Packages Bug #13919 (Resolved): Typo in suricata package: cpnfig_set_path(): PR merged Jim Pingle
08:34 AM pfSense Packages Bug #13919: Typo in suricata package: cpnfig_set_path(): This issue has been corrected in pull request 1223 posted here: https://github.com/pfsense/FreeBSD-ports/pull/1223.
... Bill Meeks
05:15 AM pfSense Packages Bug #13919 (Resolved): Typo in suricata package: cpnfig_set_path(): FreeBSD 14.0-CURRENT #0 plus-RELENG_23_01-n256014-9cf2a68c5e5: Thu Feb 2 00:48:35 UTC 2023 root@freebsd:/var/jen... Brian Macy

02/01/2023

04:43 PM Revision 5e15b80d: composer update: Christian McDonald
02:32 PM Regression #12827: High latency and packet loss during a filter reload: Hello.
To reiterate, there are 2 distinct issues remaining.
What was patched, was one change which resulted in ... Mateusz Guzik
12:04 PM Todo #13893: Update Unbound to 1.17.1: No need to mention the old version, the one that was there was only present on snapshots, previous versions of Plus w... Jim Pingle
07:59 AM pfSense Packages Bug #10436: softflowd no longer sends flow data after upgrade (v0.9.9_1 -> v1.0.0): Can someone test this with 23.01 snaps on the SG-3100 ?
Marcelo Cury

01/31/2023

01:38 AM Bug #13918: ICMP timestamp requests are passed by states created from ICMP echo requests if they use the same ID: First, thanks to Marcos for providing a simple test.
I have the following FLOATING rules repeated for every interf... Serge Caron
12:48 AM Revision 1f940d34: Correctly identify newer AWS instances: Steve Wheeler

01/30/2023

05:17 PM Bug #13918: ICMP timestamp requests are passed by states created from ICMP echo requests if they use the same ID: pf's state table is keyed by a structure that is defined with TCP/UDP in mind and includes a source and destination p... Reid Linnemann
02:52 PM Bug #13918: ICMP timestamp requests are passed by states created from ICMP echo requests if they use the same ID: This just seems to be part of how pf tracks state for ICMP currently. Given that ICMP is a "stateless" protocol it ha... Jim Pingle
02:46 PM Bug #13918 (New): ICMP timestamp requests are passed by states created from ICMP echo requests if they use the same ID: ICMP timestamp requests with the same identifier of a previously allowed ICMP echo request are also allowed. This is ... Marcos M
02:49 PM Bug #13652 (Closed): Inconsistent behavior filtering ICMP traffic: I've created a separate report with specific details and easily reproducible steps; I'm going to close this one out a... Marcos M
01:52 PM Bug #13652 (Confirmed): Inconsistent behavior filtering ICMP traffic: I was able to reproduce this in 23.01. The scan options required are:
* A @Search List@ with the @82003 ICMP Timestam... Marcos M
01:53 PM Feature #9544: Enable ``ROUTE_MPATH`` multipath routing: Updating subject for release notes. Jim Pingle
07:26 AM Feature #9544 (Closed): Enable ``ROUTE_MPATH`` multipath routing: FreeBSD retired @RAXIX_MPATH@ and replaced it with @ROUTE_MPATH@ which is in the default kernel used on FreeBSD 14-ba... Jim Pingle
01:47 PM pfSense Docs Todo #13586 (Pull Request Review): Add note for adjusting MSS on IPsec VTIs: Jim Pingle
01:47 PM pfSense Docs Correction #13841 (Resolved): Incorrect example in FreeRADIUS stats example: Jim Pingle
01:46 PM pfSense Docs Todo #13595 (Resolved): Update the cryptographic accelerators page with DCO info: Jim Pingle
01:46 PM pfSense Docs Correction #13400 (Resolved): Feedback on Cellular Wireless — Known Working 3G-4G Modems: Jim Pingle
01:46 PM pfSense Docs Todo #13020 (Resolved): Improve ``easyrule`` command documentation: Jim Pingle
01:45 PM pfSense Docs New Content #12883 (Resolved): Add note to DNS Resolver/Forwarder Host Overrides docs about client DNS bypassing the firewall (e.g. DoH): Jim Pingle
01:45 PM pfSense Docs New Content #12597 (Resolved): How to reset IPMI settings and password for Netgate appliances: Jim Pingle
01:45 PM pfSense Docs Correction #12400 (Resolved): NAT 1:1 documentation - multi-wan information: Jim Pingle
01:45 PM pfSense Docs New Content #11071 (Resolved): Add documentation for missing configuration items on IPv6 Router Advertisements: Jim Pingle
01:44 PM pfSense Docs Todo #9374 (Resolved): Update Virtualizing pfSense with Hyper-V recipe with more recent information: I've followed this several times since I updated it and it works fine here. Closing.
Jim Pingle
01:39 PM pfSense Docs Correction #13914 (Resolved): Typo in PPP docs: Jim Pingle
01:39 PM pfSense Docs Correction #13914: Typo in PPP docs: Fixed and deployed, will be live shortly. Jim Pingle
01:38 PM pfSense Docs Correction #13913 (Resolved): Typo in Captive Portal Docs: Fixed and deployed, will be live shortly. Jim Pingle
01:38 PM pfSense Docs Correction #13909 (Resolved): Feedback on pfSense® software Configuration Recipes — OpenVPN Site-to-Site Configuration Example with SSL/TLS: Fixed and deployed, will be live shortly. Jim Pingle
12:16 PM Bug #13916: Interface config doesn't allow colliding IP addresses even if a wireguard interface is used: I'm not really sure if I understand what you mean. In my case I have the slightly odd config of having a Wireguard VP... Flole Systems
07:30 AM Bug #13916 (Rejected): Interface config doesn't allow colliding IP addresses even if a wireguard interface is used: Jim Pingle
07:30 AM Bug #13916: Interface config doesn't allow colliding IP addresses even if a wireguard interface is used: While it may happen to work in some cases it's not valid in the underlying OS and can have unintended side effects. I... Jim Pingle
10:31 AM Feature #13656 (Duplicate): Add UI Elements for Priority Control Point on Interfaces: Duplicate of #13511 Jim Pingle
10:01 AM pfSense Packages Todo #13917 (Resolved): OpenVPN Client Export: Integrate OpenVPN 2.6.0: We need to add OpenVPN 2.6.0 to the export package but doing so has a few caveats:
* OpenSSL 3.0 which is used in ... Jim Pingle
07:38 AM Bug #13915: PHP errors when re-running Traffic Shaper Wizards with different settings: Athanasios Chatzi wrote in #note-2:
> Jim Pingle wrote in #note-1:
> > Can you attach the @<ezshaper>[...]</ezshape... Athanasios Chatzi
07:32 AM Bug #13915: PHP errors when re-running Traffic Shaper Wizards with different settings: Jim Pingle wrote in #note-1:
> Can you attach the @<ezshaper>[...]</ezshaper>@ section from your configuration and g... Athanasios Chatzi
07:16 AM Bug #13915: PHP errors when re-running Traffic Shaper Wizards with different settings: Can you attach the @<ezshaper>[...]</ezshaper>@ section from your configuration and give us a list of all the options... Jim Pingle
07:22 AM Feature #9545: Enable Multipath Routing in the Kernel: Builds based on FreeBSD 14 (including 23.01 and snapshots of 2.7.0) have @ROUTE_MPATH@ enabled in the kernel and it's... Jim Pingle
02:18 AM Feature #9545: Enable Multipath Routing in the Kernel: Jim Pingle wrote in #note-3:
> This requires RADIX_MPATH in the kernel which proved to be too unstable, thus had to ... Jens Groh

01/29/2023

06:54 PM Regression #12827: High latency and packet loss during a filter reload: Yeah unfortunately this is still an issue. As I said, it's still worse than before, even though it was improved. Incr... Flole Systems
06:21 PM Bug #13916 (Rejected): Interface config doesn't allow colliding IP addresses even if a wireguard interface is used: When using wireguard a config where the same IP address is used for multiple interfaces is perfectly valid. Pfsense d... Flole Systems
05:57 PM pfSense Plus Regression #13895: Early boot hangs on Hyper-V with Gen2 VMs: Changing the loader menu option @5. Cons:@ did not help. However, removing the DVD drive from the VM allows it to boo... Marcos M
04:31 AM Bug #13915 (Resolved): PHP errors when re-running Traffic Shaper Wizards with different settings: While finishing the configuration of traffic shaper at apply configuration appeared the error Athanasios Chatzi

01/28/2023

09:44 PM pfSense Packages Bug #13566: Non-devel pfBlocker Package Broken in 2.7 CE with PHP 8.1: I'm assuming this will have to wait for the RC release, as I don't see this reflected in the BETA repos. Both versio... Kris Phillips
05:49 AM pfSense Packages Bug #12808: Wireguard Gateways disabled when Wireguard Service is Manually Restarted: I'm still having the same issue. The link below has recently been update and would suggest that it's an issue using P... B P
02:06 AM pfSense Packages Bug #13441: FRR fails to start with route map on "sequence 0" in configuration: The same behavior on frr 1.2_3
frr fail to start
_Jan 28 11:02:02 watchfrr 97266 [EC 268435457] bgpd state... Lev Prokofev

01/27/2023

04:53 PM pfSense Docs Correction #13914: Typo in PPP docs: Screenshot attached Christopher Cope
04:46 PM pfSense Docs Correction #13914 (Resolved): Typo in PPP docs: https://docs.netgate.com/pfsense/en/latest/interfaces/ppp.html
When checked, the firewall tracks the uptime for th... Christopher Cope
03:58 PM pfSense Packages Bug #13566 (Feedback): Non-devel pfBlocker Package Broken in 2.7 CE with PHP 8.1: @security/pfSense-pkg-pfBlockerNG-devel@ has been copied to @security/pfSense-pkg-pfBlockerNG@.
The versions of bo... Christian McDonald
03:04 PM pfSense Docs Correction #13913 (Resolved): Typo in Captive Portal Docs: https://docs.netgate.com/pfsense/en/latest/captiveportal/configuration.html... Christopher Cope
10:52 AM pfSense Packages Bug #12948: IPsec Profile Wizard/Windows: Script generated for IKEv2 VPN using GCM does not use an optimal Phase 2 hash configuration: I also closed out #13877 and #13368 since they were all related. Testing one means the others are also working.
Jim Pingle
10:50 AM pfSense Packages Bug #12948 (Resolved): IPsec Profile Wizard/Windows: Script generated for IKEv2 VPN using GCM does not use an optimal Phase 2 hash configuration: Jim Pingle
10:05 AM pfSense Packages Bug #12948: IPsec Profile Wizard/Windows: Script generated for IKEv2 VPN using GCM does not use an optimal Phase 2 hash configuration: Tested against:... Danilo Zrenjanin
10:51 AM pfSense Packages Bug #13368 (Resolved): IPsec Profile Wizard/Windows: Cannot generate a script for IKEv2 VPN using GCM ciphers when mobile P2 has no hash algorithms selected: Jim Pingle
10:51 AM pfSense Packages Bug #13877 (Resolved): IPsec Profile Wizard/Windows: IKEv2 VPN using GCM configured by the generated script fails to connect with "The IPsec cipher transform is not compatible with the policy": Jim Pingle
08:02 AM Bug #13896: Panic: page fault with ipV6: Even this is a pre-release, the Pfsense is used in production.
So I can't provoke a crash.
Since the crash is onl... Grischa Zengel
07:54 AM Bug #13853 (Resolved): Captive Portal does not apply RADIUS bandwidth limits to user pipes: Jim Pingle
05:01 AM Bug #13853: Captive Portal does not apply RADIUS bandwidth limits to user pipes: tested, reproduced on:
Version 23.01-BETA (amd64)
built on Fri Jan 06 06:04:43 UTC 2023
FreeBSD 14.0-CURRENT
change... Georgiy Tyutyunnik
07:23 AM Bug #13621: GUI allows selection of ICMP types that pf rejects: Can confirm that behavior on 22.05 and 23.01 Beta
There were error(s) loading the rules: /tmp/rules.debug:430: syn... Lev Prokofev
05:43 AM Feature #9942: Give pfSense the possibility to change the keyboard Layout for console users: Just as a side note as I'm stumbling over this time and time again after setting up new boxes:
The selection that ca... Jens Groh

01/26/2023

04:13 PM Bug #13911 (Resolved): Unnecessary delay when querying ``ixgbe(4)`` interfaces with SFP ports: ixgbe NICs with SFP ports attempt to read the modules and wait for 1s when queried by ifconfig -v.
This means that... Steve Wheeler
11:59 AM pfSense Packages Bug #13910 (Resolved): Typo in Snort package GUI code may generate an invalid parameter value in snort.conf when Performance Stats logging is enabled: PR merged. Jim Pingle
09:01 AM pfSense Packages Bug #13910: Typo in Snort package GUI code may generate an invalid parameter value in snort.conf when Performance Stats logging is enabled: Pull request 1221 has been submitted to correct this issue: https://github.com/pfsense/FreeBSD-ports/pull/1221.
Th... Bill Meeks
08:41 AM pfSense Packages Bug #13910 (Resolved): Typo in Snort package GUI code may generate an invalid parameter value in snort.conf when Performance Stats logging is enabled: There is a typo on line 253 of /usr/local/pkg/snort/snort_generate_conf. This can result in the creation of an invali... Bill Meeks
09:36 AM Regression #11570: Gateway monitoring services is not always restarted on interface events, which may prevent a WAN from recovering back to an online state: Ran into this on my 2.6.0-RELEASE (amd64) which has two WANs, one PPPoE and one DHCP. The DHCP one experienced occasi... robi robi
06:41 AM pfSense Docs Correction #13909 (Resolved): Feedback on pfSense® software Configuration Recipes — OpenVPN Site-to-Site Configuration Example with SSL/TLS: *Page:* https://docs.netgate.com/pfsense/en/latest/recipes/openvpn-s2s-tls.html
*Feedback:* Where it says, "Find t... Matthew Fearnley
03:27 AM pfSense Plus Regression #13895: Early boot hangs on Hyper-V with Gen2 VMs: Don't see any issues with pfSense-plus-23.01-BETA-amd64-20230106-0600 on Win11pro 22H2 nor ZFS or UFS. Hyper-V is all... Lev Prokofev

01/25/2023

03:50 PM pfSense Plus Feature #13786: ldap intergration for firewall rules: So there is no way in the future to create a LAN rule stating
Src: AD/mmoore
Dst: 1.1.1.1
Prot: ICMP
So in the ... Mike Moore
02:39 PM pfSense Packages Bug #13690 (Closed): IPsec Profile Wizard: Update package description and link in ``pkg-descr``: The updated description and link appear as expected in the package list now.
Jim Pingle
01:01 PM pfSense Packages Bug #13690 (Feedback): IPsec Profile Wizard: Update package description and link in ``pkg-descr``: Fixed in IPsec Profile Wizard pkg v. 1.1, which has been committed and will be available with the next build.
Jim Pingle
01:04 PM Bug #13908: Firewall rules are not reloaded when removing a VIP, outdated rules/entries remain active: This likely applies to any VIP type, not just CARP. Though other types do not have special rules like CARP, they may ... Jim Pingle
12:38 PM Bug #13908 (Resolved): Firewall rules are not reloaded when removing a VIP, outdated rules/entries remain active: Carp automatically generated rules generated after defining a CARP VIP don't get removed after removing the CARP VIP.... Danilo Zrenjanin
01:01 PM pfSense Packages Bug #12948 (Feedback): IPsec Profile Wizard/Windows: Script generated for IKEv2 VPN using GCM does not use an optimal Phase 2 hash configuration: Fixed in IPsec Profile Wizard pkg v. 1.1, which has been committed and will be available with the next build.
Jim Pingle
09:18 AM pfSense Packages Bug #12948: IPsec Profile Wizard/Windows: Script generated for IKEv2 VPN using GCM does not use an optimal Phase 2 hash configuration: The code added here was incorrect, see #13368 and #13877 Jim Pingle
09:17 AM pfSense Packages Bug #12948 (New): IPsec Profile Wizard/Windows: Script generated for IKEv2 VPN using GCM does not use an optimal Phase 2 hash configuration: Jim Pingle
01:01 PM pfSense Packages Bug #13877 (Feedback): IPsec Profile Wizard/Windows: IKEv2 VPN using GCM configured by the generated script fails to connect with "The IPsec cipher transform is not compatible with the policy": Fixed in IPsec Profile Wizard pkg v. 1.1, which has been committed and will be available with the next build.
Jim Pingle
09:47 AM pfSense Packages Bug #13877: IPsec Profile Wizard/Windows: IKEv2 VPN using GCM configured by the generated script fails to connect with "The IPsec cipher transform is not compatible with the policy": Tested on Windows 10 and Windows 11 against a VPN with and without a P2 hash selected and it worked as expected in ev... Jim Pingle
09:15 AM pfSense Packages Bug #13877: IPsec Profile Wizard/Windows: IKEv2 VPN using GCM configured by the generated script fails to connect with "The IPsec cipher transform is not compatible with the policy": After testing, the value of @AuthenticationTransformConstants@ should be set to match @CipherTransformConstants@ when... Jim Pingle
01:01 PM pfSense Packages Bug #13897 (Feedback): IPsec Profile Wizard/Windows: Generated script adds an invalid route command for ``0.0.0.0/0``: Fixed in IPsec Profile Wizard pkg v. 1.1, which has been committed and will be available with the next build.
Jim Pingle
01:01 PM pfSense Packages Bug #13368 (Feedback): IPsec Profile Wizard/Windows: Cannot generate a script for IKEv2 VPN using GCM ciphers when mobile P2 has no hash algorithms selected: Fixed in IPsec Profile Wizard pkg v. 1.1, which has been committed and will be available with the next build.
Jim Pingle
09:13 AM pfSense Packages Bug #13368: IPsec Profile Wizard/Windows: Cannot generate a script for IKEv2 VPN using GCM ciphers when mobile P2 has no hash algorithms selected: After testing, the value of @AuthenticationTransformConstants@ should apparently be set to match @CipherTransformCons... Jim Pingle
01:01 PM pfSense Packages Bug #12705 (Feedback): IPsec Profile Wizard/Apple: IKEv2 VPN with ECDSA server certificate does not connect using generated profile: Fixed in IPsec Profile Wizard pkg v. 1.1, which has been committed and will be available with the next build.
Jim Pingle
09:19 AM pfSense Packages Bug #12705 (Confirmed): IPsec Profile Wizard/Apple: IKEv2 VPN with ECDSA server certificate does not connect using generated profile: Jim Pingle
01:00 PM pfSense Packages Bug #13878 (Feedback): IPsec Profile Wizard/Apple: Generated profile does not contain the correct ``AuthenticationMethod`` for IKEv2 EAP configurations: Fixed in IPsec Profile Wizard pkg v. 1.1, which has been committed and will be available with the next build.
Jim Pingle
10:07 AM pfSense Plus Bug #13907 (Duplicate): Crashing when enters to back up and restore: Duplicate of #13876 -- already fixed in the repository.
Jim Pingle
10:04 AM pfSense Plus Bug #13907 (Duplicate): Crashing when enters to back up and restore: after the upgrade to beta , buckup and restore does not showup and error appears
Fatal error: Uncaught TypeError:... Athanasios Chatzi
09:55 AM pfSense Packages Todo #13906 (Resolved): Update tailscale from 1.34.2 to 1.36.0: https://tailscale.com/changelog/ Christian McDonald
09:44 AM Bug #13652: Inconsistent behavior filtering ICMP traffic: Hiya,
So we think we have got this down the smallest scan we can (takes about 90 seconds). There unfortunately isn... Infra Weavers
06:03 AM Bug #13652: Inconsistent behavior filtering ICMP traffic: Hello,
We have just tested pfSense-CE-memstick-2.7.0-DEVELOPMENT-amd64-20230125-0600.img.gz and we are seeing the IC... Infra Weavers
09:13 AM pfSense Packages Feature #13474: Don't set ListenPort in wireguard: Good point. Will add this soon Christian McDonald
09:13 AM pfSense Packages Feature #13905 (Bogus): Introduce GUI knob for controlling ```--snat-subnet-routes``` tailscaled option: https://github.com/pfsense/FreeBSD-ports/commit/dfb9dcf53bd8e687cda708701f07217ec5e7f1ef Christian McDonald
07:28 AM Bug #13900 (Confirmed): Reply-to and route-to do not work on WAN2 when WAN interface is down: It still happens against 2.7. If there is no default gateway in the routing table, the OS doesn't know how it can sen... Jim Pingle
07:10 AM Bug #13900: Reply-to and route-to do not work on WAN2 when WAN interface is down: Probably this or at least the same cause as that: https://redmine.pfsense.org/issues/13420
Please test a 2.7 snapshot Steve Wheeler
02:56 AM Feature #13904 (New): PPPoE server IPv6 support: According to the subnet mask drop-down menu, the PPPoE server only supports IPv4 addressing family.
Adding IPv6 su... Danilo Zrenjanin
02:51 AM Bug #13903 (Resolved): PPPoE Server address input validation is incorrectly allowing IPv6: PPPoE server allows entering IPv6 address in the *Server Address* and *Remote Address Range* fields, but the *Subnet ... Danilo Zrenjanin
02:14 AM pfSense Packages Bug #13874 (Confirmed): pfBlocker -devel hanging on cron jobs: Yes, the issue is present on the 3.1.0_19 version. Danilo Zrenjanin
12:56 AM Feature #13902 (New): Add configuration option to IPsec VPN section to allow strongSwan to use RSA-PSS signatures: When an IKEv2 client indicates support for RFC 7427 digital signature authentication to a strongSwan server configure... Kev Kitchens

01/24/2023

09:39 PM Feature #13901 (Closed): Update default DDNS check IP service to support IPv6: The default service @checkip.dyndns.org@ will fail when connecting over IPv6 (e.g. if upstream only provides IPv6 con... Marcos M
08:08 PM Bug #13900: Reply-to and route-to do not work on WAN2 when WAN interface is down: I have set priority with very low because when gateway group is configured properly, problem not occurs. Renato Martins
07:42 PM Bug #13900 (Confirmed): Reply-to and route-to do not work on WAN2 when WAN interface is down: Scenario and how to reproduce:
*Interfaces*
WAN - 192.168.100.2/30 - GW 192.168.100.1
LAN - 192.168.5.254/... Renato Martins
02:52 PM Todo #13899 (Closed): Unclear description for UPnP option Override WAN address: The description is currently:
> Use an alternate WAN address to accept inbound connections, such as an IP Alias or C... Marcos M
02:01 PM pfSense Packages Bug #13898 (New): Issues saving pfBlocker Sync Targets: I have the hosts visible in the image 1.png in the target list to sync. I click on "Save XMLRPC sync settings" and ge... Tom Huerlimann
12:55 PM Bug #13896: Panic: page fault with ipV6: Does this happen without the Captive Portal configuration? It looks like IPv6 on Captive Portal isn't yet supported a... Marcos M
06:25 AM Bug #13896 (New): Panic: page fault with ipV6: The pfsense crashes if the pfsense gets a IPv6 subnet over a PPPoE interface.
The pfsense gets the subnet via DHCPv6... Grischa Zengel
10:21 AM Bug #13652: Inconsistent behavior filtering ICMP traffic: Hiya Marcos,
We've just reproduced this on a totally stock PFsense 2.6.0 install. The only things we did was to co... Infra Weavers
09:59 AM pfSense Packages Bug #13368: IPsec Profile Wizard/Windows: Cannot generate a script for IKEv2 VPN using GCM ciphers when mobile P2 has no hash algorithms selected: This appears to have been broken by the change in #12948, the fix from that issue forced the P1 hash to 'None' when t... Jim Pingle
09:28 AM pfSense Packages Bug #13368: IPsec Profile Wizard/Windows: Cannot generate a script for IKEv2 VPN using GCM ciphers when mobile P2 has no hash algorithms selected: Moving the unrelated split tunnel part to a new issue (#13897). Jim Pingle
09:36 AM pfSense Plus Regression #13816: Shutting down an 1100 running 23.01 results in an error. Unsure if operating system has halted.: Adding another data point, I also no longer see an error on shutdown here. It halts as expected. Jim Pingle
09:30 AM pfSense Packages Bug #13897 (Resolved): IPsec Profile Wizard/Windows: Generated script adds an invalid route command for ``0.0.0.0/0``: When exporting an IPsec profile for Windows which includes split tunneling, if the local P2 network is set to @0.0.0.... Jim Pingle
08:41 AM Bug #13217: dhclient using default pid file location which does not exist: Never seen this with my previous ISP (Beeline), spent a day troubleshooting this with the new ISP (Megafon). Reboot f... Vitaly Bakulev

01/23/2023

08:22 PM pfSense Plus Regression #13895: Early boot hangs on Hyper-V with Gen2 VMs: Tested 22.05 as well and that worked - updated description. It may be related to https://redmine.pfsense.org/issues/1... Marcos M
07:50 PM pfSense Plus Regression #13895: Early boot hangs on Hyper-V with Gen2 VMs: I can't reproduce this at all. 23.01 clean ZFS installs and upgrades boot fine here. Windows 10 22H2 and Windows 11 P... Jim Pingle
07:46 PM pfSense Plus Regression #13895: Early boot hangs on Hyper-V with Gen2 VMs: VMs in Azure are not affected:... Steve Wheeler
07:16 PM pfSense Plus Regression #13895 (Resolved): Early boot hangs on Hyper-V with Gen2 VMs: After installing pfSense+ 23.01 with ZFS on a HyperV Gen2 VM in Windows 11, pfSense does not boot. The console shows ... Marcos M
02:54 PM Feature #13894 (Resolved): Explicitly enable/disable DHCP Dynamic DNS updates in each scope: If DDNS is enabled in a DHCP scope, a DHCP configuration stanza like this is created for the domain specified:
<pr... Chris Linstruth
02:32 PM Todo #13893 (Closed): Update Unbound to 1.17.1: Unbound has been updated from 1.17.0 to 1.17.1
https://www.nlnetlabs.nl/news/2023/Jan/12/unbound-1.17.1-released/ Christian McDonald
11:00 AM pfSense Packages Regression #13892 (Feedback): PHP error from ``status_monitoring.php`` with empty OpenVPN servers: Commit pushed and merged/picked as needed, will be in builds soon.
https://github.com/pfsense/FreeBSD-ports/commit... Jim Pingle
10:03 AM pfSense Packages Regression #13892 (Resolved): PHP error from ``status_monitoring.php`` with empty OpenVPN servers: When visiting status_monitoring.php, the user may get a PHP error if they have no valid OpenVPN server entries.
<p... Jim Pingle
09:49 AM Bug #13652: Inconsistent behavior filtering ICMP traffic: I didn't expect there to be a difference between a single address and multiple address, but I've now tested with mult... Marcos M
07:32 AM Bug #13652: Inconsistent behavior filtering ICMP traffic: To add to these observations, the issue does NOT occur for Address Mask requests even when sequential IPs are used.
... Serge Caron
02:46 AM Bug #13652: Inconsistent behavior filtering ICMP traffic: > It's not listed there because the VIP address doesn't actually reach pfSense in my test, only the primary interface... Infra Weavers
08:34 AM Bug #13859 (Closed): Wireguard peer doesn't connect on reboot: Jim Pingle
03:31 AM Bug #13859: Wireguard peer doesn't connect on reboot: aleksei prokofiev wrote in #note-1:
> I tested on the latest 23.01-BETA and Wireguard 0.1.6_3
> 23.01-BETA (amd64)
... Nazar Mokrynskyi

01/22/2023

11:59 PM Bug #13859: Wireguard peer doesn't connect on reboot: I tested on the latest 23.01-BETA and Wireguard 0.1.6_3
23.01-BETA (amd64)
built on Fri Jan 06 06:04:43 UTC 2023
F... aleksei prokofiev
06:43 PM pfSense Packages Bug #13874: pfBlocker -devel hanging on cron jobs: I am seeing this on 3.1.0_19 Michael Kellogg
05:29 PM Bug #13652: Inconsistent behavior filtering ICMP traffic: It's not listed there because the VIP address doesn't actually reach pfSense in my test, only the primary interface a... Marcos M
04:28 PM Bug #13652: Inconsistent behavior filtering ICMP traffic: Hello Marcos,
I don't know how you specified the hosts range in the Qualys scanner.
In the log you provided, we... Serge Caron
04:14 PM Bug #13652 (Not a Bug): Inconsistent behavior filtering ICMP traffic: I could not replicate this either on 23.01 using Qualys with the following scan options:
* All ICMP QIDs selected (in... Marcos M
10:24 AM Bug #12747: Restarting the logging daemon during rotation also restarts ``sshguard``, leading to frequent log messages: I am Still seeing this on 2.7 built on Fri Jan 20 03:01:02 UTC 2023
seems like every 5-10 minutes not a pattern i... Michael Kellogg

01/21/2023

08:10 PM pfSense Packages Bug #13432 (Incomplete): ups driver will not start: I'm still unable to reproduce this problem with a fresh install of 23.01 and the latest NUT package. At this point I... Kris Phillips
07:59 PM pfSense Packages Bug #13873 (Closed): PHP Errors on FRR Global Settings: No longer able to recreate this. Not sure what caused it before, but I was testing on a fresh install of 23.01 and o... Kris Phillips
07:29 PM pfSense Packages Todo #13857 (Resolved): Update bundled installer in OpenVPN Export Utility: They are there on internal 23.01 RC snaps.... Jim Pingle
06:44 PM pfSense Packages Todo #13857: Update bundled installer in OpenVPN Export Utility: Checked on 22.05 and it appears these were merged properly. However, looking at the repos for 23.01, which is on a n... Kris Phillips
06:37 PM pfSense Packages Bug #13877: IPsec Profile Wizard/Windows: IKEv2 VPN using GCM configured by the generated script fails to connect with "The IPsec cipher transform is not compatible with the policy": Redmine 13368 may be related, as it's in a similar vein: https://redmine.pfsense.org/issues/13368
Kris Phillips
06:33 PM pfSense Packages Bug #13886: NUT Server Package: # Installed NUT package on 23.01
# Setup usbhid with a simple UPS config and enabled the service with Local USB
# S... Kris Phillips
06:07 PM pfSense Plus Bug #13434 (Closed): Upgrade from 2.4.4. to 22.0x results in LAN traffic intermittently dropped for OpenVPN clients: I'm closing this. We've not been able to replicate it, we've not seen it with other customers, and with 23.01 around ... Chris W
01:42 PM pfSense Plus Regression #13816 (Resolved): Shutting down an 1100 running 23.01 results in an error. Unsure if operating system has halted.: Not seeing this behavior anymore on the latest build. The 1100 shuts down normally both from GUI and USB console.
23... Chris W
12:29 PM pfSense Packages Feature #13361: Add Zabbix 6.2 (agent and proxy) packages: Based on a project spanning multiple clients / locations / firewalls, I can certify that this is still true in CE 2.6... Jonathan Edman
12:28 PM pfSense Packages Feature #13361: Add Zabbix 6.2 (agent and proxy) packages: Hannes Palmquist wrote in #note-11:
> +1
>
> Agent 6.2 install does not work, same error.
Based on a project s... Jonathan Edman
10:46 AM pfSense Packages Bug #13874: pfBlocker -devel hanging on cron jobs: Lev Prokofev wrote in #note-7:
> It is still here, unfortunately.
I mean the issue was occurred after I update th... Lev Prokofev
10:45 AM pfSense Packages Bug #13874: pfBlocker -devel hanging on cron jobs: It is still here, unfortunately. Lev Prokofev
10:30 AM pfSense Packages Bug #13874: pfBlocker -devel hanging on cron jobs: Lev Prokofev wrote in #note-5:
> I can confirm this behavior on 22.05 after updating the pfBlocker package to v3.1.0... Jim Pingle
05:03 AM pfSense Packages Bug #13874: pfBlocker -devel hanging on cron jobs: I can confirm this behavior on 22.05 after updating the pfBlocker package to v3.1.0_16 Lev Prokofev
06:02 AM Feature #13868: Allow packet capture on unassigned interfaces: I tested the commit da2879b467746b43c8b8687700b6d7f34d4fd302 against the 22.05 release.
I was able to capture on u... Danilo Zrenjanin
03:15 AM pfSense Packages Bug #13328: Wireguard Site-to-Site broken after upgrade to 22.05: Still the same issue
PPPOE connection might be the problem.
I found more poeple with the same problem.
Tested... Sebastian Schmid

01/20/2023

08:16 PM Feature #12070: Support for VLAN ``0``: Christopher Cope wrote in #note-7:
> Tested on
> [...]
>
> Working successfully with AT&T on my edge without the... Matt Johnson
11:30 AM Bug #13891 (Duplicate): PHP Error when deleting an active OpenVPN conenction: Duplicate of #12817
There is already a fix for that in the recommended patches area of the "System Patches packag... Jim Pingle
11:17 AM Bug #13891 (Duplicate): PHP Error when deleting an active OpenVPN conenction: When trying to disconnect a user's VPN connection, (screenshot) the user remains connected and the attached PHP error... Brian Dubreuil
10:49 AM Feature #13682: Automatically indicate a packet capture has stopped when count limit is reached: I tested the commit da2879b467746b43c8b8687700b6d7f34d4fd302 against the 22.05 release.
It does show the packets ... Danilo Zrenjanin
10:02 AM Todo #13867 (Resolved): Update Unbound to use Python 3.11 instead of Python 3.9: Copying some relevant portions of my notes here from #13866
Unbound is linked against 3.11 as expected:... Jim Pingle
10:01 AM Todo #13866 (Resolved): Add Python 3.11.1 to base system: Both versions are present on 23.01 snapshots... Jim Pingle
09:57 AM Todo #13865 (Resolved): Update Python 3.9.15 to 3.9.16 in base system: New version is present on snapshots.... Jim Pingle
09:40 AM Bug #10624: Memory leak in Unbound with Python module and DHCP lease registration active: Even more improvements were realized https://github.com/pfsense/FreeBSD-ports/commit/2585ff63a67594c3530a2bc111c5544e... Christian McDonald
07:33 AM Regression #13890 (Resolved): Captive Portal Voucher Rolls Status "Fatal error": Thanks for testing!
The same is true here as well. I could crash multiple lab systems before the fix, and after th... Jim Pingle
04:58 AM Regression #13890: Captive Portal Voucher Rolls Status "Fatal error": I updated today to most recent version *2.7.0.a.20230120.0255* and confirm that Voucher Rolls status is working perfe... Muhammad Waseem Ul Haq
07:31 AM Bug #13723 (Confirmed): dpinger doesn't renew Gateway Monitoring IP address for IPsec VTi after changing IPsec VTi subnet: I can confirm this behavior on the 22.05 and 23.01 Beta versions.
I tried to remove the VTI interfaces before cha... Danilo Zrenjanin
07:22 AM Bug #13525 (Resolved): Memory leak in PF when retrieving Ethernet rules: That seems like enough to call this resolved for now -- we can always revisit it if needed.
Unrelated to this issu... Jim Pingle
01:07 AM Bug #13525: Memory leak in PF when retrieving Ethernet rules: updated the system to 23.01 beta on sunday 15th
4 days later i can not notice any significant memory leak. wired memo... jeroen van breedam
05:52 AM Bug #13652: Inconsistent behavior filtering ICMP traffic: Please find attached the packet capture reduced down to just ICMP traffic. The associated firewall rule is:... Infra Weavers
04:23 AM Bug #13652: Inconsistent behavior filtering ICMP traffic: We have also been unable to reproduce this without the Qualys scanner; literally every other tool we have used has re... Infra Weavers

Also available in: Atom

Project

General

Profile

pfSense

Activity

Activity

02/18/2023

02/17/2023

02/16/2023

02/15/2023

02/14/2023

02/13/2023

02/12/2023

02/11/2023

02/10/2023

02/09/2023

02/08/2023

02/07/2023

02/06/2023

02/05/2023

02/04/2023

02/03/2023

02/02/2023

02/01/2023

01/31/2023

01/30/2023

01/29/2023

01/28/2023

01/27/2023

01/26/2023

01/25/2023

01/24/2023

01/23/2023

01/22/2023

01/21/2023

01/20/2023