Project

General

Profile

Activity

From 03/04/2023 to 04/02/2023

04/02/2023

09:01 PM Todo #14231 (Rejected): Set net prefix to /24 by default when add new net
Dear pfSense stuff:
In DNS Resolver ACL configuration page set net prefix to /24 by default when add new net.
(...
Sergei Shablovsky
03:21 PM pfSense Packages Bug #14230: PHP error with pfBlockerNG
As a workaround, use the @System Patches@ package to apply the following patch (set @Path Strip Count@ to @0@).... Marcos M
03:11 PM pfSense Packages Bug #14230 (New): PHP error with pfBlockerNG
On @pfBlockerNG-3.2.0_3@ and @pfSense-23.01@.... Marcos M
11:33 AM Bug #13996: Limiters using the fq_pie scheduler no longer pass any traffic.
I am not the only one with the problem: https://forum.netgate.com/topic/177555/fq_pie-no-internet?_=1680451711804
...
Anonymous
10:52 AM Bug #14227 (Duplicate): Traffic Shaper - selected scheduler not recognized
Marcos M
12:17 AM Bug #14227: Traffic Shaper - selected scheduler not recognized
looking at diagnostic>limiter info displays a limiter with tail drop/FIFO above the AQM/scheduler that are modifiable... Jordan G
12:09 AM Bug #14227 (Duplicate): Traffic Shaper - selected scheduler not recognized
Limiter created and enabled with a child queue enabled, both saved and applied. Make change and save parent limiter, ... Jordan G
10:51 AM pfSense Packages Bug #14075 (Feedback): Using the ``Transparent ClientIP`` option in HAproxy results in kernel panics
The original report was from a customer's system, however I have not been able to reproduce this either on 23.01 nor ... Marcos M
10:13 AM pfSense Plus Bug #14224 (Duplicate): Error when deleting Boot Environment that was the source for a clone
Marcos M
06:54 AM pfSense Docs Todo #14225: Feedback on Packages — IDS / IPS — Configuring the Snort Package
Should of added, there are 4 policies and *Max-Detect* is not mentioned on the help page Jon Brown
05:25 AM pfSense Docs Todo #14225: Feedback on Packages — IDS / IPS — Configuring the Snort Package
this snort page lists the different policies but also gives a warning that the *Max-Detect* should only be used in te... Jon Brown
05:45 AM pfSense Docs Todo #14229: Snort - Add help page for SID MGMT
Sticky topics - https://forum.netgate.com/category/53/ids-ips Jon Brown
05:43 AM pfSense Docs Todo #14229 (New): Snort - Add help page for SID MGMT
there is no help page for
* https://x.x.x.x/help.php?page=snort/snort_sid_mgmt.php
* Services --> Snort --> SID M...
Jon Brown
03:43 AM pfSense Packages Bug #14228 (Resolved): pfBlockerNG might not support new Maxmind license keys
https://dev.maxmind.com/geoip/release-notes/2023?lang=en#changes-to-maxmind-license-keys
* New license keys will b...
Jon Brown
03:08 AM pfSense Packages Feature #13195: Dedicated website for Feed mangement - Community Driven
or the website could be website where end users (me and others) can add feeds and report dead feeds that would then b... Jon Brown
03:06 AM pfSense Packages Feature #14193: Website to add and remove feeds automatically
duplicate of #13195 - close this one Jon Brown

04/01/2023

10:52 PM pfSense Docs Todo #14226 (New): Feedback on Packages — IDS / IPS — Configuring the Snort Package
*Page:* https://docs.netgate.com/pfsense/en/latest/packages/snort/setup.html
*Feedback:* The docs seem to unnecess...
Ashley R. Thomas
08:58 PM Feature #13868: Allow packet capture on unassigned interfaces
Danilo Zrenjanin wrote in #note-4:
> I tested the commit da2879b467746b43c8b8687700b6d7f34d4fd302 against the 22.05 ...
Kris Phillips
08:49 PM pfSense Packages Todo #14221: Sync settings and inline documentation needs improving
>>http is insecure because your password will be transmitted in plain text so use https
Not sure it's relevant to ...
Kris Phillips
03:35 AM pfSense Packages Todo #14221 (New): Sync settings and inline documentation needs improving
This inline notes on the sync page (Firewall --> pfBlockerNG --> Sync) need improving.
* *Add: Allow Sync Pushes*
...
Jon Brown
08:41 PM pfSense Plus Bug #14168: OpenVPN status GUI cannot display RADIUS ACL Generated Ruleset with usernames containing an ``@`` symbol
Jim Pingle wrote in #note-1:
> Is this newly broken in 23.01 (regression) or has it never worked, even on older vers...
Kris Phillips
08:36 PM pfSense Plus Bug #14224: Error when deleting Boot Environment that was the source for a clone
Confirmed on 23.01. The boot environment deletes, but throws the error, so it appears to be cosmetic in nature, than... Kris Phillips
12:14 PM pfSense Plus Bug #14224 (Duplicate): Error when deleting Boot Environment that was the source for a clone
Steps to reproduce.
1. Navigate to System > Boot Environments
2. Create New Boot Environment
3. Clone that n...
Christopher Cope
08:34 PM pfSense Packages Bug #14218: Deleting a shellcmd entry results in a PHP error and crash report
A diff of the merge request fixes the problem when applied as a system patch. Deleting a shellcmd job doesn't give an... Chris W
10:08 AM pfSense Packages Bug #14218 (Pull Request Review): Deleting a shellcmd entry results in a PHP error and crash report
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/334 Christopher Cope
03:20 PM Bug #13996 (Not a Bug): Limiters using the fq_pie scheduler no longer pass any traffic.
Chris W
03:19 PM Bug #13996: Limiters using the fq_pie scheduler no longer pass any traffic.
I'm unable to reproduce this on a virtual machine which was upgraded to 23.01 from 22.05 (and to 22.05 from 22.01 pre... Chris W
02:02 PM pfSense Docs Todo #14225 (New): Feedback on Packages — IDS / IPS — Configuring the Snort Package
*Page:* https://docs.netgate.com/pfsense/en/latest/packages/snort/setup.html
*Feedback:*
the following statemen...
Jon Brown
01:55 PM pfSense Packages Bug #11477: FRR does not recognize some BFD options

not exist
frr 1.2_3
pfsense 23.01
Alhusein Zawi
12:16 PM pfSense Plus Bug #14074 (Resolved): Cannot edit or delete ZFS Boot Environment with a name containing only numbers
Did some more testing. The other error seems to be unrelated to this issue. I created another redmine to track it. ht... Christopher Cope
11:17 AM pfSense Packages Bug #14223 (New): Block Offenders - Incorrect statement/description
The description on the options 'Block Offenders' is incorrect for 'inline mode' but still valid for 'Legacy Mode'
...
Jon Brown
10:55 AM pfSense Packages Bug #14220: pfBlockerNG does not sync to HA secondary
Apparently my search for "sync" wasn't good enough. Apologies for the dupe. Steve Y
06:46 AM pfSense Packages Bug #14220: pfBlockerNG does not sync to HA secondary
I alreay created a bug for it, see https://redmine.pfsense.org/issues/14189 .
No feedback yet, if someone is even ...
name name
07:08 AM Bug #14031: Identical SMTP notifications repeat in an infinite loop under certain conditions
I can confirm the fix is working for me. I don't see any repeats anymore. Thanks Jim! Haraldinho D
04:37 AM Feature #14222 (New): Add additional checks to admin account when disabling - Prevent lockouts
Currently on a fresh copy of pfSense and only an admin account I am able to disable this 'admin' account. This is a p... Jon Brown
02:32 AM Todo #14183: Update OpenVPN Wizard to match current certificate and OpenVPN options
Changeset tested on... Lev Prokofev

03/31/2023

06:58 PM Regression #14217: IPsec Phase 2 rekey failures with some PFS key groups
Rekeying appears to work OK using PFS group 18 in IKEv1. Though it doesn't remove old rekeyed SAs.... Steve Wheeler
01:50 PM Regression #14217: IPsec Phase 2 rekey failures with some PFS key groups
When rekeying from 2.7 against 2.6 the remote side accepts the rekeys and installs the new child_SA. But the local si... Steve Wheeler
12:41 PM Regression #14217 (Confirmed): IPsec Phase 2 rekey failures with some PFS key groups
Seeing this between a 2.7 VM and 23.01 on a 5100.
Tunnel rekeys as expected using PFS key group 14 but fails after...
Steve Wheeler
11:15 AM Regression #14217: IPsec Phase 2 rekey failures with some PFS key groups
Jim Pingle wrote in #note-1:
> Is this tunnel mode or VTI?
This behavior is on both tunnel and VTI. Logs are for VTI...
Georgiy Tyutyunnik
10:36 AM Regression #14217: IPsec Phase 2 rekey failures with some PFS key groups
Is this tunnel mode or VTI?
Are those logs in forward or reverse order? They seem to be in reverse which makes re...
Jim Pingle
10:24 AM Regression #14217 (Resolved): IPsec Phase 2 rekey failures with some PFS key groups
IPSec phase 2 with some specific PFS key groups fails to rekey with the following logs message:
Mar 31 12:47:14 ch...
Georgiy Tyutyunnik
05:30 PM Regression #14139: CARP announcement src MAC should be virtual MAC
Looking good on 2.7.0.a.20230331.1347, these are virtual src MACs coming from the MASTER:
tcpdump -e -i
00:13:3...
Robert Karsai
09:08 AM Regression #14139 (Ready To Test): CARP announcement src MAC should be virtual MAC
The fix has been merged and will be present in future snapshot builds. Kristof Provost
05:27 PM pfSense Packages Bug #14220 (Duplicate): pfBlockerNG does not sync to HA secondary
After making changes they are not replicated to the secondary. E.g. on /pfblockerng/pfblockerng_ip.php check "kill s... Steve Y
04:28 PM pfSense Packages Bug #14218 (Resolved): Deleting a shellcmd entry results in a PHP error and crash report

1. Install the shellcmd package from System > Package Manager.
2. Services > shellcmd >
Command: ...
Chris W
02:43 PM Bug #14212: Using limiters and VLANs crashes with kernel panic
Jim Pingle wrote in #note-3:
> Bug reports must be for the current version or snapshots, not outdated releases. It's...
Diogo Silva
02:28 PM Bug #14212 (Rejected): Using limiters and VLANs crashes with kernel panic
Bug reports must be for the current version or snapshots, not outdated releases. It's entirely possible this has alre... Jim Pingle
12:53 PM Bug #14212: Using limiters and VLANs crashes with kernel panic
Jim Pingle wrote in #note-1:
> What version are you using?
>
> Can you replicate the problem on development snaps...
Diogo Silva
07:17 AM Bug #14212 (Incomplete): Using limiters and VLANs crashes with kernel panic
What version are you using?
Can you replicate the problem on development snapshots?
At a minimum we are going t...
Jim Pingle
05:30 AM Bug #14212 (Rejected): Using limiters and VLANs crashes with kernel panic
This problem was reported way on the past, at the time I ended up stopping using TS and lost track of this. Now I end... Diogo Silva
01:00 PM Bug #14124 (Resolved): Some blank SAN fields are not ignored when creating a certificate
!clipboard-202303311957-pkspm.png!
The patch clarifies the function of add button. I am marking this ticket resolved.
Danilo Zrenjanin
10:28 AM Bug #14118: freeRadius "Amount of Time" setting is not accurately tracked for Stop/Start settings in Caaptive Portal
re: 23.01 mid Feb release: Although the $rastart_time and $rastop_time are set around line 684 for the call to line 2... Dale Harron
09:05 AM Regression #13943 (Ready To Test): OpenVPN crashes with Signal 8 with very low fragment size
Future snapshots will have OpenVPN 2.6.2, which contains the fix. Kristof Provost
08:54 AM Bug #14216 (New): ntopng causes OpenVPN server errors 'error - IP packet with unknown IP version=15 seen' when OpenVPN server interface is selected
If the OpenVPN server interface is selected in the ntopng 'General Options' - 'Interfaces', it causes thousands of Op... Damir Altus
07:58 AM Regression #14164 (Feedback): IPv6 interface configuration race condition can lead to kernel panic
Let's keep this in a feedback state for a bit so we can confirm it's fixed in snapshots.
Jim Pingle
07:46 AM Todo #14210: Proposed new Icons for Logs to make for more logical reading
I'm open to changing the icons but personally I don't find either of those any better/worse than the current icons.
...
Jim Pingle
04:51 AM Todo #14210 (New): Proposed new Icons for Logs to make for more logical reading
On the firewall logs (Status --> System Logs --> Firewall --> normal view) and probably elsewhere you use the followi... Jon Brown
07:22 AM Todo #14209 (Closed): Update Time Zone data to 2023c or later
This was merged in yesterday when we synced the tree with upstream and should be in today's snapshots.
Jim Pingle
03:50 AM Todo #14209 (Closed): Update Time Zone data to 2023c or later
Hi,
Egypt decided to return to daylight saving in 2023
tzdata need to be updated to 2023c
thanks and best regar...
khaled osama
07:16 AM Feature #14213 (Rejected): Set range for random Gateway and network used for OpenVPN connections
The address assigned to a client is set by the server to which it connects or set static in the tunnel network field.... Jim Pingle
05:31 AM Feature #14213 (Rejected): Set range for random Gateway and network used for OpenVPN connections
When I create a new OpenVPN client (VPN --> OpenVPN --> Clients), assign it to an interface it becomes a gateway. The... Jon Brown
07:14 AM Todo #14215 (Closed): Redmine - Add CE to pfSense 2.6.0/2.7.0 Repo names for clarity
We can consider that for future versions but changing existing ones can have some unintended side effects.
Given t...
Jim Pingle
06:11 AM Todo #14215 (Closed): Redmine - Add CE to pfSense 2.6.0/2.7.0 Repo names for clarity
Is it possible to add the *CE* to the 2.6.0 and 2.7.0 Redmine repo names so they follow your other products naming.
...
Jon Brown
05:50 AM Feature #14214 (New): Add logging options to the GUI for DNS Resolver
This is a simple request to have the logging options to be added to the GUI for the DNS Resolver. The list below is n... Jon Brown
05:13 AM Todo #14211 (New): OpenVPN Status page (Stop|Start|Restart) - Use Ajax instead of full page reload.
(Status --> OpenVPN)
When I (Start|Stop|Restart) an OpenVPN service in any of the sections (Client Connections|Pee...
Jon Brown
05:06 AM Bug #14136 (Resolved): Services Status page and Dashboard widget do not list the ``radvd`` service with certain static IPv6 configurations
I replicated the issue on 23.01.
Re-tested the same scenario on 2.7.0.a.20230330.0600, and it worked fine. I am ma...
Danilo Zrenjanin
03:10 AM Bug #14176 (Resolved): Uptime displays plural seconds for multiple minutes in the System Information Dashboard widget
Tested on the 2.7.0.a.20230330.0600. It works fine.
I am marking this ticket resolved.
Danilo Zrenjanin
03:03 AM pfSense Plus Regression #14137 (Confirmed): pfSense Plus Upgrade repo data remains on the system after upgradng
I hit that case and confirmed that the offered workaround fixes it. Danilo Zrenjanin

03/30/2023

10:27 PM Feature #14208: Automatic Split-DNS for 1:1 NAT
PR: https://github.com/pfsense/pfsense/pull/4630 Yehuda Katz
10:26 PM Feature #14208 (Pull Request Review): Automatic Split-DNS for 1:1 NAT
There is a well-known challenge of dealing with accessing public IP addresses from inside the network. The two existi... Yehuda Katz
04:46 PM Regression #14164 (Closed): IPv6 interface configuration race condition can lead to kernel panic
Fix landed upstream and locally after the merge Mateusz Guzik
02:45 PM pfSense Docs New Content #14170 (Closed): Radius Authentication Timeout
Note added and deployed: https://gitlab.netgate.com/docs/pfSense-docs/-/commit/961dbec8f6cfdf95313ee3aff4c33d67f5bc118b Jim Pingle
02:16 PM pfSense Packages Regression #13978: PHP errors with squidGuard
Additionally:... Steve Wheeler
01:51 PM pfSense Docs Todo #14207 (Resolved): Rate limiting on Chelsio T4/5 NICs
Chelsio T520-CR and T420-CR are unable to route speeds over 470mbps when updated to 23.01 code. Goes to full 1gb spee... Bruce Talbot
12:38 PM Revision 6f8ad15a: Fix memory RRD initialization. Fixes #14011
Jim Pingle
12:23 PM pfSense Docs Todo #14187 (Closed): Feedback on Certificate Management — Certificate Revocation List Management
Though the existing text states that they should check if it's in use and remove it from use before deleting, I added... Jim Pingle
11:54 AM pfSense Plus Bug #14206: package manager broken
Almost certainly this though: https://redmine.pfsense.org/issues/14137 Steve Wheeler
11:35 AM pfSense Plus Bug #14206 (Rejected): package manager broken
This site is not for support or diagnostic discussion.
For assistance in solving problems, please post on the "Net...
Jim Pingle
11:19 AM pfSense Plus Bug #14206 (Rejected): package manager broken
newbe question *How do I remove pfsense plus upgrade? *
just upgraded to pfsense plus 23.01
when I click for availa...
Douglas Pannell
10:52 AM pfSense Docs Todo #13968 (In Progress): Marvell install instructions need updated
I updated the 1100 and 2100 docs a couple weeks ago:
* https://gitlab.netgate.com/docs/pfsense-platforms/-/commit/...
Jim Pingle
10:42 AM pfSense Docs New Content #13941 (In Progress): Memory usage in pfSense
First step, I updated the breakdown of memory types in the graph text:
https://gitlab.netgate.com/docs/pfSense-doc...
Jim Pingle
10:37 AM pfSense Docs Correction #13987 (Closed): Monitoring system graphs need updated info about Nat States
Note added:
https://gitlab.netgate.com/docs/pfSense-docs/-/commit/04d2ec5dd76ba85922322f62c9fb67f58f64d47b
Jim Pingle
09:58 AM Regression #13942 (Resolved): PHP error on ``status_logs_settings.php`` if the configuration contains an empty ``syslog`` section
That was my bad. I probably didn't wait long enough for the system_package to finish the installation process after r... Danilo Zrenjanin
09:14 AM Regression #13942: PHP error on ``status_logs_settings.php`` if the configuration contains an empty ``syslog`` section
I tried again on a fresh snapshot and @<syslog></syslog>@ does not produce a crash. If you added a tag you might have... Jim Pingle
09:00 AM Regression #13942: PHP error on ``status_logs_settings.php`` if the configuration contains an empty ``syslog`` section
Danilo Zrenjanin wrote in #note-6:
> I applied the patch (8b962c6a752a654f2def293d93c102d2d20a6887) and then made a ...
Jim Pingle
08:33 AM Regression #13942: PHP error on ``status_logs_settings.php`` if the configuration contains an empty ``syslog`` section
I applied the patch (8b962c6a752a654f2def293d93c102d2d20a6887) and then made a backup. I added an empty <syslog></sys... Danilo Zrenjanin
07:45 AM Todo #14011 (Feedback): Update memory graphs to account for changes in memory reporting
Applied in changeset commit:6f8ad15a0160bc1369e9fd4bcf3ac4c8462c9be7. Jim Pingle
07:34 AM Todo #14011 (In Progress): Update memory graphs to account for changes in memory reporting
Looks like the command that gets run at boot to put "unknown" values into the RRD (source:/src/etc/inc/rrd.inc#L642) ... Jim Pingle
07:19 AM pfSense Packages Bug #14203 (Rejected): Zabbix Agent 6.2 installation fails
The package installs fine (both agent and proxy) so whatever problem you are encountering is likely unique to your se... Jim Pingle
04:19 AM pfSense Packages Bug #14203 (Rejected): Zabbix Agent 6.2 installation fails
I see that this issue is reported a couple of times, i.e. https://redmine.pfsense.org/issues/13587 however it still p... Rajib Momen
07:05 AM pfSense Plus Feature #14205 (New): Allow for maximum concurrent users, per user, in captive portal
We have several schools who wish to impose how many devices are allowed to have access via the Captive Portal, per us... Alex Rubenstein
06:58 AM pfSense Plus Bug #14204 (Pull Request Review): System Information Dashboard widget stops showing CPU details on aarch64
Steve Wheeler
06:58 AM pfSense Plus Bug #14204: System Information Dashboard widget stops showing CPU details on aarch64
https://gitlab.netgate.com/pfSense/factory/-/merge_requests/97 Steve Wheeler
06:43 AM pfSense Plus Bug #14204 (Resolved): System Information Dashboard widget stops showing CPU details on aarch64
In aarch64 systems (1100, 2100) the system information widget gets CPU data by greping the strings from dmesg.
Howev...
Steve Wheeler

03/29/2023

08:43 PM Bug #13252: reduce frequency of php-fpm socket connection attempts from check_reload_status
If it helps, I've experienced something similar in the past few days.
I got a report that "internet is down", but by...
Konstantin Svist
07:32 PM Revision 8dcaa361: Remove deprecated/removed NCP toggle from OpenVPN. Fixes #14201
Jim Pingle
05:29 PM pfSense Packages Bug #14199: ACME - Issue with corrupted cert
Hi Jim .
My bad, I said HAProxy by mistake, I am using ACME for this, attached screenshot
Juan Francisco Rodriguez Garcia
11:57 AM pfSense Packages Bug #14199: ACME - Issue with corrupted cert
The attached configuration snippet isn't a valid configuration for ACME. I'm not sure how it ended up in that state, ... Jim Pingle
05:23 PM Bug #14077: Kernel panic from incoming IPv6 connections
Jim Pingle wrote in #note-13:
> Bruno Dambrine wrote in #note-12:
> > 1 - Can I install the last snapshop of pfsens...
Bruno Dambrine
03:54 PM Bug #14077: Kernel panic from incoming IPv6 connections
I'm not proficient with FreeBSD package management so this is probably a dumb question, but is there any way to drop ... David Myers
04:03 PM Revision 0abc80b1: OpenVPN wizard updates. Fixes #14183
* Added Randomize Serial option when creating CA
* Added Common Name field to CA/Cert (still can use descr if blank)
...
Jim Pingle
02:58 PM pfSense Packages Todo #14202 (Resolved): Rename exported OpenVPN connect files as "connect" rather than "ios"
Some of the files have names that are not following the same rules as the rest. I have made corrections to some of th... Jon Brown
02:53 PM Revision 8b962c6a: Update direct config access in status_logs_settings.php. Fix #13942
Marcos M
02:40 PM Todo #14201 (Feedback): Remove deprecated NCP enable/disable toggle from OpenVPN
Applied in changeset commit:8dcaa3610c92aea930cc1fa631247ff2bce81e83. Jim Pingle
12:23 PM Todo #14201 (Resolved): Remove deprecated NCP enable/disable toggle from OpenVPN
CE snapshots now have OpenVPN 2.6.0 which removed the deprecated @ncp-disable@ option, making cipher negotiation comp... Jim Pingle
01:54 PM Revision 3706158f: Disble unmapped mbufs. #13938
Christian McDonald
01:01 PM Revision 7e7910fd: syslogd source interface corrections. Fixes #14120
* Do not attempt to use a source address when remote logging is
disabled.
* Do not attempt to use a source address ...
Jim Pingle
11:10 AM Todo #14183 (Feedback): Update OpenVPN Wizard to match current certificate and OpenVPN options
Applied in changeset commit:0abc80b184bcf16387fb9befa1f5f4695280c561. Jim Pingle
11:03 AM Todo #14183 (In Progress): Update OpenVPN Wizard to match current certificate and OpenVPN options
Making this more general as there are a few other places that need updated as well. I went through and compared thing... Jim Pingle
10:02 AM pfSense Packages Bug #14200 (New): WireGuard reply-to without NAT
I have discovered that the WireGuard package requires the interface to have the gateway set for the reply-to rules to... Carrnell Tech
10:00 AM Regression #13942 (Feedback): PHP error on ``status_logs_settings.php`` if the configuration contains an empty ``syslog`` section
Applied in changeset commit:8b962c6a752a654f2def293d93c102d2d20a6887. Marcos M
08:56 AM Bug #13938 (Feedback): Kernel panic accessing the GUI over IPsec in certain environments when using nginx ``sendfile`` with unmapped mbufs
Christian McDonald
08:56 AM Bug #13938: Kernel panic accessing the GUI over IPsec in certain environments when using nginx ``sendfile`` with unmapped mbufs
That is a good point.
I've addressed this case too
https://gitlab.netgate.com/pfSense/pfSense/-/commit/3706158fe69c...
Christian McDonald
08:40 AM Bug #13938: Kernel panic accessing the GUI over IPsec in certain environments when using nginx ``sendfile`` with unmapped mbufs
Seeing as this is a bug in mbuf handling, I would argue the thing to do is to flip the unmapped buf support off -- th... Mateusz Guzik
08:10 AM Regression #14120 (Feedback): ``syslogd`` tries to bind interfaces with no IP address
Applied in changeset commit:7e7910fded01a44a7ab1014e95bbfb0fbae709a8. Jim Pingle
07:46 AM Regression #14120: ``syslogd`` tries to bind interfaces with no IP address
Did this happen on previous versions or just on 23.01 and after?
EDIT: Nevermind, it probably did based on the code. ...
Jim Pingle
08:08 AM Regression #14164 (In Progress): IPv6 interface configuration race condition can lead to kernel panic
Mateusz Guzik
08:08 AM Regression #14164: IPv6 interface configuration race condition can lead to kernel panic
Posted a review upstream: https://reviews.freebsd.org/D39317 Mateusz Guzik
07:32 AM Regression #14163: Running ``ifconfig`` logs a high volume of netlink debug messages (``genl_handle_message``) on dev snapshots
Updating subject and excluding from release notes since it was a regression introduced between snapshots and not in a... Jim Pingle

03/28/2023

05:34 PM pfSense Packages Bug #14199: ACME - Issue with corrupted cert
Attaching the Acme section of my config.xml backup which had this issue after upgrading to the new release on Feb 17 ... Jerold Von Hemel
04:55 PM pfSense Packages Bug #14199 (Resolved): ACME - Issue with corrupted cert
Hi team
After creating a new cert in HAProxy i got an timeout on the webui interface then receive this error:
P...
Juan Francisco Rodriguez Garcia
05:22 PM Revision bfa5cfef: Skip blank SAN values, make + more clear. Fixes #14124
Jim Pingle
04:44 PM Revision 9d87553c: Fix radvd service check. Fixes #14136
Jim Pingle
03:48 PM Revision d588bb5c: Allow editing of CRL properties. Fixes #14185
Fixes editing of imported CRLs and also allows editing properties of
internal CRLs.
Jim Pingle
03:00 PM Revision 663e29bb: Note that CA serial is ignored when randomizing. Fixes #14188
While here, when creating a CA, set the default serial to 1 since the
GUI won't allow saving with the serial remainin...
Jim Pingle
02:36 PM Bug #14077: Kernel panic from incoming IPv6 connections
Bruno Dambrine wrote in #note-12:
> 1 - Can I install the last snapshop of pfsense CE on my netgate 6100 as I do wit...
Jim Pingle
12:50 PM Bug #14077: Kernel panic from incoming IPv6 connections
Sorry, I have two questions.
1 - Can I install the last snapshop of pfsense CE on my netgate 6100 as I do with pfs...
Bruno Dambrine
09:40 AM Bug #14077 (Feedback): Kernel panic from incoming IPv6 connections
A fix for this was merged into snapshots around the 17th. If possible, please upgrade to a current dev snapshot and s... Jim Pingle
02:33 PM Feature #14197 (Rejected): DHCP Leases - Add interface column
The lease database doesn't record the interface, and given the potential size of the leases display calculating that ... Jim Pingle
01:56 PM Feature #14197 (Rejected): DHCP Leases - Add interface column
Status --> DHCP Leases
Can you add an Interface column so the results can be sorted by interface and also this mak...
Jon Brown
02:25 PM pfSense Packages Todo #14194: Better colours for alerts
Green and Red are also not great choices because some people are red/green color blind, so ideally whatever colors ar... Jim Pingle
01:32 PM pfSense Packages Todo #14194 (New): Better colours for alerts
on the page Firewall --> pfBlockerNG --> Reports --> unified (and others)
pfBlocker uses
* 'Red' for traffic st...
Jon Brown
02:05 PM Feature #14198 (New): Allow gateway group with no members
I would like the option of having gateway groups with no members, or perhaps a null entry if needed.
h2. Why
I ...
Jon Brown
01:50 PM pfSense Packages Feature #14196 (Incomplete): permitted firewall rules - additional text
Firewall --> pfBlockerNG --> DNSBL --> DNSBL Configuration --> Permit Firewall Rules
Can you add some additional i...
Jon Brown
01:45 PM pfSense Packages Feature #14195 (New): Customise what are class as Full Domains when blocking with DNSBL
Currently when a DNSBL is Blocked you get one of 2 pages depending what was looked up. Most lookups will end up beeb ... Jon Brown
01:26 PM pfSense Packages Feature #14193 (Duplicate): Website to add and remove feeds automatically
I would like to see a website where end users (me and others) can add feeds and report dead feeds that would then be ... Jon Brown
01:15 PM Bug #14136: Services Status page and Dashboard widget do not list the ``radvd`` service with certain static IPv6 configurations
Jim Pingle wrote in #note-2:
> Took me a bit to find one but I was able to reproduce this on one system in my lab --...
David Myers
11:50 AM Bug #14136 (Feedback): Services Status page and Dashboard widget do not list the ``radvd`` service with certain static IPv6 configurations
Applied in changeset commit:9d87553c55770db317d0f65f608933f4412af363. Jim Pingle
11:46 AM Bug #14136: Services Status page and Dashboard widget do not list the ``radvd`` service with certain static IPv6 configurations
Took me a bit to find one but I was able to reproduce this on one system in my lab -- the others already showed it OK... Jim Pingle
01:09 PM Revision c5faa351: Message queue handling improvements. Fixes #14031 Fixes #14061
* Do not attempt to process the message queue without sufficient
privileges.
* Check for permission to write the me...
Jim Pingle
01:04 PM Bug #13487: GUI IPV6-WAN-status stays "Offline, Packetloss" after a short communication hick up
To be noted. In the actual 2.7 snapshot the IPV6 gateway is still relatively frequently changing to 'unavailable' Louis B
12:30 PM Bug #14124 (Feedback): Some blank SAN fields are not ignored when creating a certificate
Applied in changeset commit:bfa5cfef8125d4ba07db5aa481fd854978b20c63. Jim Pingle
11:22 AM pfSense Packages Feature #14192 (Rejected): Instant Website Redaction Technology Not working
Hello Fellow Netgate Community Members,
I wanted to share some topics for discussion and possibly create a communi...
Jonathan Lee
10:55 AM Feature #14185 (Feedback): Ability to edit Certificate Revocation List properties
Applied in changeset commit:d588bb5c211c5e2fb9e00647bff206ac6c806c26. Jim Pingle
10:48 AM Feature #14185 (In Progress): Ability to edit Certificate Revocation List properties
Making this more general since while I was in there it was also not too hard to allow editing the lifetime and serial... Jim Pingle
04:59 AM Feature #14185: Ability to edit Certificate Revocation List properties
just a small followup that is related.
I created a CRL using 'import an existing certificate revocation list' and ...
Jon Brown
10:10 AM Todo #14188 (Feedback): Add note to inform the user that the "Next Certificate Serial" value is ignored when the "Randomize Serial" option is enabled
Applied in changeset commit:663e29bb666388407c52fbb8d418ff24077bffe0. Jim Pingle
09:45 AM Regression #14163: Running ``ifconfig`` logs a high volume of netlink debug messages (``genl_handle_message``) on dev snapshots
For the record, this appears to be triggered by running @ifconfig@. So any page or action that ends up using ifconfig... Jim Pingle
09:39 AM Bug #14092 (Resolved): Kernel panic when PF passes a large/fragmented ICMP6 packet
Looks good to me. I cannot crash a current Plus 23.05 or CE 2.7.0 snapshot with a large ping packet as I could before... Jim Pingle
09:33 AM pfSense Packages Regression #14189: pfBlocker-NG: HA-Sync is not working
I understand, but I don't know what is "not" happening.
There are two choices when configuring Sync for pfBlockerN...
name name
09:25 AM Bug #14061 (Feedback): PHP error if a non-privileged shell user attempts an operation which needs to write ``config.cache``
Applied in changeset commit:c5faa351c1ef6d4555478a7f50b3a16ece7e0b2a. Jim Pingle
08:13 AM Bug #14061: PHP error if a non-privileged shell user attempts an operation which needs to write ``config.cache``
The more I looked at this I'm fairly certain it's the same root cause as #14031 -- If an unprivileged user such as @n... Jim Pingle
09:25 AM Bug #14031 (Feedback): Identical SMTP notifications repeat in an infinite loop under certain conditions
Applied in changeset commit:c5faa351c1ef6d4555478a7f50b3a16ece7e0b2a. Jim Pingle
08:15 AM Bug #14031: Identical SMTP notifications repeat in an infinite loop under certain conditions
I was able to reproduce this on demand by triggering a notification from nut and a notification from the system short... Jim Pingle
07:08 AM Regression #14139 (Waiting on Merge): CARP announcement src MAC should be virtual MAC
Jim Pingle
05:43 AM pfSense Docs Todo #14191 (Rejected): Feedback on pfSense® software Configuration Recipes — OpenVPN Site-to-Site Configuration Example with SSL/TLS
*Page:* https://docs.netgate.com/pfsense/en/latest/recipes/openvpn-s2s-tls.html
*Feedback:*
Hi there,
I think ...
EComputer Vision
02:56 AM Todo #14190 (Duplicate): Update nvd3 (web ui dependency) to 1.8.6
Updates and minifies nvd3 for better performance and some bug fixes.
PR: https://github.com/pfsense/pfsense/pull/4629
GChuf 6

03/27/2023

08:20 PM Regression #14139: CARP announcement src MAC should be virtual MAC
The bug is fairly obvious now. The check for multicast in carp_output() expects the IP address to be in host endianne... Kristof Provost
06:35 PM Regression #14139: CARP announcement src MAC should be virtual MAC
Actually, they do. Chris Linstruth
06:14 PM Regression #14139: CARP announcement src MAC should be virtual MAC
Switches do not learn what port to use based on the carp announcements, so that's not actually something to worry abo... Kristof Provost
08:40 AM Regression #14139: CARP announcement src MAC should be virtual MAC
Hi Jim, yes, master & backup states are OK, even the switchover is OK, however without the right announcements coming... Robert Karsai
08:38 AM Regression #14139: CARP announcement src MAC should be virtual MAC
Hmm, yeah, that could be fallout from the unicast carp work. In unicast mode we use the interface Mac as source (most... Kristof Provost
08:12 AM Regression #14139: CARP announcement src MAC should be virtual MAC
On @2.7.0.a.20230314.0600@ the CARP advertisement source MAC was still the CARP MAC, but on current snaps it is the i... Jim Pingle
07:14 PM pfSense Packages Regression #14189: pfBlocker-NG: HA-Sync is not working
Packages get updated directly, they don't get patches.
Also there is almost no detail here or on the linked forum ...
Jim Pingle
05:31 PM pfSense Packages Regression #14189 (Closed): pfBlocker-NG: HA-Sync is not working
I'm not the only one with this problem.
See https://forum.netgate.com/topic/179060/pfblockerng-sync-not-working .
...
name name
06:11 PM Regression #14163: Running ``ifconfig`` logs a high volume of netlink debug messages (``genl_handle_message``) on dev snapshots
As Christian said, these logs will go away with the next upstream merge.
They are harmless and can safely be ignored...
Kristof Provost
06:09 AM Regression #14163: Running ``ifconfig`` logs a high volume of netlink debug messages (``genl_handle_message``) on dev snapshots
Hi, I think this is related: https://redmine.pfsense.org/issues/14139 CARP do have problems in the last few builds, t... Robert Karsai
05:28 PM pfSense Plus Regression #14181: ``mmcsd0`` controller timeout/system hang on 1100
I found mmc-utils but I'm sure if it can tell me about the health of the flash. What else can I do to test it? I reme... Craig Leres
10:23 AM pfSense Plus Regression #14181: ``mmcsd0`` controller timeout/system hang on 1100
I have seen the same thing on my 1100 but given the timing (could be hours, days, or even weeks between timeouts) it ... Jim Pingle
04:36 PM Revision 1e05389e: Capitalize "dns" in DynDNS ttl help text
Bojan Bogojevic
04:36 PM Revision e89ddfb9: Reorder DynDNS zone id help text alphabetically
Bojan Bogojevic
04:36 PM Revision f9f13d00: Reorder DynDNS pasxsowrd help text alphabetically
Bojan Bogojevic
04:36 PM Revision 6d610dde: Reorder DynDNS username help text alphabetically
Bojan Bogojevic
04:36 PM Revision d3d29594: Reorder DynDNS hostname help text alphabetically
Bojan Bogojevic
03:12 PM Bug #14031: Identical SMTP notifications repeat in an infinite loop under certain conditions
I can confirm I have this issue too _and_ I have nut installed. Actually, I am suffering from it now and can't reboot... Haraldinho D
02:56 PM Bug #14031 (Confirmed): Identical SMTP notifications repeat in an infinite loop under certain conditions
We've run up against issues like this with NUT before but not always a loop. See https://redmine.pfsense.org/issues/1... Jim Pingle
02:49 PM Bug #14031: Identical SMTP notifications repeat in an infinite loop under certain conditions
I do have nut installed on my system. It hasn't repeated the process since my last report; maybe its a rare sequence ... Paul Diederich
02:44 PM Bug #14031: Identical SMTP notifications repeat in an infinite loop under certain conditions
I finally had a system in my lab get stuck doing this, it was a fresh image of a 23.05 dev snapshot, restored a confi... Jim Pingle
02:53 PM Bug #13224 (Duplicate): Email notification flood when UPS (NUT) and WAN send notifications
Closing in favor of #14031 since it has more/better detail. Jim Pingle
02:18 PM Bug #14124: Some blank SAN fields are not ignored when creating a certificate
Jim Pingle wrote in #note-4:
> The "Add" button adds a new row to the form, it doesn't save or take any other action....
Mario Jauvin
07:34 AM Bug #14124: Some blank SAN fields are not ignored when creating a certificate
The "Add" button adds a new row to the form, it doesn't save or take any other action. It's working as intended and i... Jim Pingle
11:37 AM Todo #14186 (Feedback): Improve DynDNS help text readability
PR merged. Jim Pingle
09:12 AM Todo #14186: Improve DynDNS help text readability
Github PR link: https://github.com/pfsense/pfsense/pull/4628 Bojan Bogojevic
09:12 AM Todo #14186 (Resolved): Improve DynDNS help text readability
* To improve readability I've reordered hostname, username, password, zone id help texts alphabetically.
* Changed '...
Bojan Bogojevic
11:27 AM pfSense Packages Todo #9200: Add DNS support for Google domain to Acme manager
Ryan Keen wrote in #note-9:
> It appears that Google Domains has added support for DNS-01 ACME Challenges using a to...
Jim Pingle
11:02 AM pfSense Plus Bug #14074: Cannot edit or delete ZFS Boot Environment with a name containing only numbers
OK, it may still be worth a quick look to see if we can make that smoother in case users are stuck with the problem e... Jim Pingle
09:34 AM pfSense Plus Bug #14074: Cannot edit or delete ZFS Boot Environment with a name containing only numbers
just want to be precise so you dont spend time on this if you dont have to;
the patch fixed the issue regarding n...
Mark Grant
07:27 AM pfSense Plus Bug #14074 (New): Cannot edit or delete ZFS Boot Environment with a name containing only numbers
The current patch was merged into dev builds last week, but since there is still an issue with the patch applied, mov... Jim Pingle
10:58 AM Bug #13423: IPv6 neighbor discovery protocol (NDP) fails in some cases
Matt Gaynor wrote in #note-18:
> Also facing this issue, with the same lack of NDP response from pfSense, IPv6 is un...
Jim Pingle
09:15 AM Bug #13423: IPv6 neighbor discovery protocol (NDP) fails in some cases
Also facing this issue, with the same lack of NDP response from pfSense, IPv6 is unusable when using a non link-local... Matt Gaynor
10:47 AM Feature #14185: Ability to edit Certificate Revocation List properties
That should be fairly easy, not sure why it isn't there already unless something in the form structure of that page m... Jim Pingle
08:59 AM Feature #14185: Ability to edit Certificate Revocation List properties
the CRL buttons
!crl-buttons.jpg!
Jon Brown
08:54 AM Feature #14185 (Resolved): Ability to edit Certificate Revocation List properties
Can you add the option to rename a 'Certificate Revocation List'
h2. Scenario
I have made a list and then added...
Jon Brown
10:43 AM Todo #14183: Update OpenVPN Wizard to match current certificate and OpenVPN options
I agree, we should either add that as an option or silently enable it by default.
That whole workflow is probably ...
Jim Pingle
08:14 AM Todo #14183: Update OpenVPN Wizard to match current certificate and OpenVPN options
https://docs.netgate.com/pfsense/en/latest/certificates/ca.html... Jon Brown
08:00 AM Todo #14183 (Resolved): Update OpenVPN Wizard to match current certificate and OpenVPN options
When running the OpenVPN wizard (VPN --> OpenVPN --> Wizards --> Type of Server: Local User Access ) On step 6 of 11,... Jon Brown
10:41 AM Todo #14184 (Rejected): Redmine - Automatically subscribe the issue reporter
The only options there are in your own profile settings. There is no global option in Redmine to change that behavior.
Jim Pingle
08:06 AM Todo #14184 (Rejected): Redmine - Automatically subscribe the issue reporter
When I create an issue in Redmine I have to manually subscribe/watch.
Can you change the settings so when I report...
Jon Brown
10:35 AM Bug #14182: PHP error when XMLRPC client attempts to synchronize without any synchronization settings in the configuration
The only way I can see that error happening is if the HA sync settings in the configuration are empty, which isn't va... Jim Pingle
04:30 AM Bug #14182 (Closed): PHP error when XMLRPC client attempts to synchronize without any synchronization settings in the configuration
After upgrading to 23.01 the FreeRADIUS XMLRPC Sync get PHP error. ... aleksei prokofiev
10:31 AM pfSense Plus Bug #13967 (Resolved): aarch64 23.01 upgrade can fail to write the bootloader
Jim Pingle
10:30 AM Regression #14138 (Feedback): Kernel Panic in ``rtsock_msg_mbuf``
Is the backtrace always the same?
Is there anything else going on when this happens?
In the message buffer it l...
Jim Pingle
10:13 AM pfSense Plus Bug #14140 (Not a Bug): OpenVPN Custom Options removes newline before push statements
Not a bug. Statements must be separated with a *semicolon* , not a newline.
This is stated clearly in the descript...
Jim Pingle
10:10 AM pfSense Plus Regression #14180 (Feedback): ConnectX-4 LX MCX4121A-ACAT - VT-d passthrough of both ports, virtualized pfSense fails to boot due to mlx5 driver errors
The error messages are different so this may not be the case, but over on the TNSR side we have seen behavior changes... Jim Pingle
10:00 AM Feature #14177: tcprtt Measures the TCP handshake RTT using the stats(9) statistics framework
If we do include this it should also warn against using it arbitrarily, since some public services may also not react... Jim Pingle
09:56 AM Bug #9459: patch pf: silence a runtime warning pfr_update_stats: assertion failed.
Given the age of the original issue this was likely fixed before and then regressed in a later version. Please make a... Jim Pingle
09:56 AM pfSense Docs New Content #14174: Feedback on Certificate Management — Certificate Authority Management
see https://forum.netgate.com/topic/179007/add-this-certificate-authority-to-the-operating-system-trust-store/5?_=167... Jon Brown
09:49 AM pfSense Docs New Content #14174 (Rejected): Feedback on Certificate Management — Certificate Authority Management
The current text already covers the second point and the first point is irrelevant.
The text already says "When ad...
Jim Pingle
09:55 AM Bug #14176 (Feedback): Uptime displays plural seconds for multiple minutes in the System Information Dashboard widget
MR merged Jim Pingle
09:52 AM pfSense Plus Bug #14175: LDAP authentication for SSH fails
Did the same configuration work before 23.01?
Jim Pingle
09:37 AM Todo #14188 (Resolved): Add note to inform the user that the "Next Certificate Serial" value is ignored when the "Randomize Serial" option is enabled
When editing or creating a CA you have the option to 'Randomize Serial'. When this is used the 'Next Certificate Seri... Jon Brown
09:36 AM pfSense Plus Feature #14173: QAT driver does not attach to QAT virtual function devices passed through to VM on Xeon D-2146NT
Hi Jim,
thank you for looking into it.
I'm already in contact with the Intel QAT driver team, to see if the fau...
name name
09:30 AM pfSense Plus Feature #14173 (Needs Patch): QAT driver does not attach to QAT virtual function devices passed through to VM on Xeon D-2146NT
If it fails on FreeBSD 14-CURRENT then it needs fixed upstream first and we can pull in the fix from there. It could ... Jim Pingle
09:26 AM pfSense Docs Todo #14187 (Closed): Feedback on Certificate Management — Certificate Revocation List Management
*Page:* https://docs.netgate.com/pfsense/en/latest/certificates/crl.html#delete-a-certificate-revocation-list
*Fee...
Jon Brown
09:21 AM pfSense Plus Regression #14171 (Not a Bug): High Availability Setup with Gateway to secondary pfSense not working - No Internet
This is not and will not be a supported CARP configuration. WANs must be static using CARP for CARP to function prope... Jim Pingle
09:19 AM Bug #14169 (Not a Bug): OpenVPN Backend for authentication doesn't distinguish reject from timeout
This is not a bug, it's intended behavior.
When an auth server is down or fails it may either timeout, reject acce...
Jim Pingle
09:17 AM pfSense Plus Bug #14168: OpenVPN status GUI cannot display RADIUS ACL Generated Ruleset with usernames containing an ``@`` symbol
Is this newly broken in 23.01 (regression) or has it never worked, even on older versions?
Jim Pingle
09:14 AM Feature #14166: Use netstat output for interface packet counters
Also netstat has libxo support so getting the data should be fairly simple (e.g. @netstat -ni --libxo=json@) Jim Pingle
09:08 AM Feature #14165: Option to allow the DNS Forwarder to ignore system DNS servers
That isn't a use case that should have worked before, it just happened to work by accident. Adding an option to accom... Jim Pingle
09:06 AM Bug #14060 (Resolved): Auto Config Backup prints a confusing decryption error when using the wrong key
Jim Pingle
08:54 AM Feature #14156 (Rejected): See the configured .opvn file from the GUI for the OpenVPN servers
Exposing that level of backend config data in the GUI would be more confusing and rarely help users solve problems. A... Jim Pingle
08:53 AM pfSense Packages Todo #14155 (Rejected): 'Block Outside DNS' option is present in the server and on the client
The two options cover different scenarios: The option in the base pushes to all clients, the option in the client exp... Jim Pingle
08:42 AM pfSense Docs Correction #14143: Feedback on System Monitoring — Remote Logging with Syslog
I thought the syslog-ng information was relevant because it would clear up when to use remote logging to a separate s... Jon Brown
08:37 AM pfSense Docs Correction #14143: Feedback on System Monitoring — Remote Logging with Syslog
Updating the links is OK, but adding more info on syslog-ng should go in its own separate doc somewhere. It doesn't c... Jim Pingle
08:39 AM Feature #14144: Improve support for renaming interface groups
This may end up being related to #14095 -- or at least overlapping somewhat. Jim Pingle
08:32 AM pfSense Packages Bug #14142 (Rejected): PHP errors in OpenVPN Client Export package
Christopher is right, it looks like the package needs updating because @vpn_openvpn_export_shared.php@ is removed on ... Jim Pingle
08:14 AM pfSense Packages Bug #14141 (Rejected): pfsense 2.6.0 -pfSense-pkg-squid installation failed!
This isn't a bug, but a problem with your current update settings. This site is not for support or diagnostic discuss... Jim Pingle
08:09 AM pfSense Plus Bug #14132: Aliases of the same name current as previously deleted will not be respected properly
Thanks for the update. You sparked an idea about not everything being removed when an Alias is changed.
I'm goin...
Steven Cedrone
07:55 AM pfSense Plus Bug #14132 (Not a Bug): Aliases of the same name current as previously deleted will not be respected properly
There isn't nearly enough evidence here of a bug and not something else happening in the configuration or existing st... Jim Pingle
08:04 AM pfSense Plus Feature #14134: Notifier on main dashboard for other updates availble: Packages / System Patches (if installed) Under the PfSense current Version.
Jim Pingle wrote in #note-1:
> There is already a packages widget which shows available package updates.
My apolo...
Steven Cedrone
07:56 AM pfSense Plus Feature #14134 (Rejected): Notifier on main dashboard for other updates availble: Packages / System Patches (if installed) Under the PfSense current Version.
There is already a packages widget which shows available package updates. Jim Pingle
07:59 AM pfSense Plus Bug #14135 (Rejected): iOT Devices not reconnecting properly
There isn't any evidence here of a bug in pfSense. Myself and many others use various IOT devices in many different w... Jim Pingle
07:53 AM pfSense Packages Feature #14126: Quality monitoring graph scale adjustment
Moving over to the graph frontend location since I'm fairly certain if it can be changed, it's in the parts located i... Jim Pingle
07:32 AM Bug #14115: DHCP Server page does not properly select a default interface tab if neither WAN nor LAN are capable of being DHCP servers
Looks like one test is reversed when it's trying to locate the starting interface. I don't have a setup to test this ... Jim Pingle

03/26/2023

06:29 PM Regression #14138: Kernel Panic in ``rtsock_msg_mbuf``
It's the exact same hardware I ran the previous version on, with no changes to hardware or BIOS settings. The problem... Stephen Baines
05:46 AM Bug #9577: radvd send_ra_forall failed on interface / can't join ipv6-allrouters
This problem returned for me after updating to pfSense 2.6.0.
Immediately after starting radvd, it starts spamming...
Lars Veldcholte

03/25/2023

09:40 PM Bug #8343 (Resolved): Gateway Routes (Default Routes) not removed in Kernel when removed from GUI

disabling/disconnecting the WAN_DHCP interface will remove the default route
tested on
2.7.0-DEVELOPMENT (amd...
Alhusein Zawi
08:48 PM pfSense Plus Bug #13967: aarch64 23.01 upgrade can fail to write the bootloader
This has been working for over a week now without issue. We can close this as Resolved. Kris Phillips
08:44 PM Regression #14138: Kernel Panic in ``rtsock_msg_mbuf``
Did this start after updating or something? General Protection Fault is almost always hardware failure or a hardware... Kris Phillips
08:05 PM pfSense Plus Regression #14181: ``mmcsd0`` controller timeout/system hang on 1100
Well I'm running on a completely different SG-1100 now so I'll wait and see if the problem reoccurs before the next v... Craig Leres
07:23 PM pfSense Plus Regression #14181: ``mmcsd0`` controller timeout/system hang on 1100
I haven't seen this with any other firewalls or on my personal Netgate 1100. I suspect you might have a fault eMMC t... Kris Phillips
05:00 PM pfSense Plus Regression #14181: ``mmcsd0`` controller timeout/system hang on 1100
Oops, I'm actually running 23.01. Craig Leres
02:26 PM pfSense Plus Regression #14181: ``mmcsd0`` controller timeout/system hang on 1100
Craig Leres wrote:
> I've attached two serial console stack traces.
Here's one more crash from a few minutes ago,...
Craig Leres
12:28 PM pfSense Plus Regression #14181 (Closed): ``mmcsd0`` controller timeout/system hang on 1100
Several times since upgrading to 23.05 and later reinstalling to switch to zfs root I've had a SG-1100 glitch and los... Craig Leres
07:43 PM Bug #14083: Adding MSS and MTU values on a LAGG VLAN interface breaks connectivity
confirmed on 7100 running 23.01 - after setting mtu/mss and rebooting system receives and displays IP on WAN in conso... Jordan G
07:28 PM pfSense Plus Bug #14104: Google LDAP connections still fail even after adding SNI for TLS 1.3
If the client certificate is chained into a single entry with the CA data, may be related to this: https://redmine.pf... Kris Phillips
06:43 PM pfSense Packages Todo #12351: Remove non-functional feeds
shallalist is no longer updated, it needs to be removed from DNSBL categories
https://www.shallalist.de/ is comple...
Jordan G
06:34 PM pfSense Packages Bug #13936 (Pull Request Review): PHP error from RRD Graphs when attempting a query a newly created empty database
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/333 Christopher Cope
06:30 PM pfSense Plus Regression #13993: Switch ports on 7100/1100/2100 do not have Auto MDI-X support enabled
switch is not detected under interfaces menu with current build - 23.05.a.20230322.0600 Jordan G
12:24 PM pfSense Plus Bug #14140 (Confirmed): OpenVPN Custom Options removes newline before push statements
Chris W
09:43 AM pfSense Plus Bug #14140: OpenVPN Custom Options removes newline before push statements
I'm not able to reproduce this on the server settings, but can on the Client Specific Overrides page. After saving an... Chris W
09:19 AM pfSense Plus Regression #14180 (Feedback): ConnectX-4 LX MCX4121A-ACAT - VT-d passthrough of both ports, virtualized pfSense fails to boot due to mlx5 driver errors
I've been running the following configuration for months now:
Hypervisor:
Linux Kernel 5.15
libvirt/qemu/kvm
...
name name
07:49 AM pfSense Packages Bug #14179 (New): FreeRadius is active but in an inoperable state, switches to a generated freeradius-temp certificate upon restart
I was testing my HA setup yesterday evening and used the "Enter Persistent CARP Maintenance Mode" button quite a few ... name name
04:54 AM Regression #14039: Limiters have no effect on upload traffic passed by policy routing rules
Tried as Floating Rule but for me same outcome, the Limiter Diagnostic showing no limiter applied.
Marco Goetze

03/24/2023

08:25 PM Bug #14178: Captive Portal Pass-through MAC Auto Entry registering MAC address for unauthenticated users when using Pass-through credits
Typo in the third bullet of Actual Behavior "They don't ever see the login/portal prompt." Dean Arnold
08:21 PM Bug #14178 (New): Captive Portal Pass-through MAC Auto Entry registering MAC address for unauthenticated users when using Pass-through credits
The Captive Portal "Pass-through MAC Auto Entry" feature is adding an Allowed Client MAC address registration for una... Dean Arnold
07:17 PM Revision 1b121a0f: Correct plural seconds check.
Steve Wheeler
05:54 PM Feature #14177 (New): tcprtt Measures the TCP handshake RTT using the stats(9) statistics framework
My coworker thought using 8.8.8.8 for the gateway monitor would suffice for a “is the internet up” monitor. Well, goo... Ryan Whitlock
03:15 PM Bug #9459: patch pf: silence a runtime warning pfr_update_stats: assertion failed.
I see. Thanks for the info.
Issue still exists so status of this bug shouldn't be 'resolved'..
Casper B
02:21 PM Bug #14176: Uptime displays plural seconds for multiple minutes in the System Information Dashboard widget
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/1023 Steve Wheeler
02:06 PM Bug #14176 (Resolved): Uptime displays plural seconds for multiple minutes in the System Information Dashboard widget
The check to display seconds as plural is incorrectly checking for multiple minutes here:
https://github.com/pfsense...
Steve Wheeler
01:25 PM pfSense Plus Bug #14175: LDAP authentication for SSH fails
Can confirm the issue.... Lev Prokofev
12:58 PM pfSense Plus Bug #14175 (New): LDAP authentication for SSH fails
LDAP authentication fails for SSH user authentication via LDAP with error (Invalid credentials).
Same user successfu...
Georgiy Tyutyunnik
12:43 PM pfSense Docs New Content #14174 (Rejected): Feedback on Certificate Management — Certificate Authority Management
*Page:* https://docs.netgate.com/pfsense/en/latest/certificates/ca.html
*Feedback:*
the *Trust Store* section s...
Jon Brown
10:20 AM pfSense Plus Feature #14173 (Needs Patch): QAT driver does not attach to QAT virtual function devices passed through to VM on Xeon D-2146NT
pfSense is virtualized under Linux.
Hypervisor:
* qemu-kvm
* i440fx (q35 doesn't work either)
* kernel 5.15.9...
name name
10:03 AM pfSense Plus Regression #14102 (Feedback): Console menu incorrectly shows option ``99`` on some ARMv7/ARM64 installations
Fixed in 209cb8b1. Reid Linnemann
09:59 AM pfSense Plus Regression #14102: Console menu incorrectly shows option ``99`` on some ARMv7/ARM64 installations
I've simplified and improved the EMMC/SATA rootdev check for aarch64 devices. The modified script is more specific ab... Reid Linnemann
09:55 AM Regression #14172 (Resolved): PHP error in Captive Portal if ``usedmacs`` list is empty
... name name
09:51 AM pfSense Plus Regression #14171: High Availability Setup with Gateway to secondary pfSense not working - No Internet
I forgot to add: All currently available patches were applied via the System Patches package, before any testing was ... name name
09:44 AM pfSense Plus Regression #14171 (Not a Bug): High Availability Setup with Gateway to secondary pfSense not working - No Internet
Hi,
the following setup is working just fine on pfSense CE 2.6.0:
* High Availability/CARP
* Gateway group WAN...
name name
06:15 AM Regression #14039: Limiters have no effect on upload traffic passed by policy routing rules
I think in general you currently don't need more testers but can at least share that we are quite affected since we h... Jose Duarte
04:13 AM pfSense Docs New Content #14170 (Closed): Radius Authentication Timeout
https://docs.netgate.com/pfsense/en/latest/usermanager/radius.html#radius-configuration ... Danilo Zrenjanin
03:44 AM Bug #14169 (Not a Bug): OpenVPN Backend for authentication doesn't distinguish reject from timeout
When multiple auth servers are defined in the list, the VPN doesn't respect the reject message from the first server ... Danilo Zrenjanin

03/23/2023

08:35 PM pfSense Plus Bug #14168 (New): OpenVPN status GUI cannot display RADIUS ACL Generated Ruleset with usernames containing an ``@`` symbol
When looking at the Status --> OpenVPN page and viewing a user's ACLs from RADIUS, if the user signed in with user@do... Kris Phillips
03:03 PM Regression #14164: IPv6 interface configuration race condition can lead to kernel panic
... Christian McDonald
11:15 AM Regression #14164 (Resolved): IPv6 interface configuration race condition can lead to kernel panic
While re-configuring an interface that has an IPv6 config, such as when the link bounces, it's possible to hit a race... Steve Wheeler
01:59 PM Bug #14167 (Confirmed): Auto Config Backup: Selected manual backups are not retained.
The 'Manual backups to keep' feature in ACB does not retain the selected number of manual backups as expected.
Man...
Steve Wheeler
12:49 PM Feature #14166 (New): Use netstat output for interface packet counters
Currently the In/Out Packets counters shown for Interface Status are taken from pfctl. Hence they show the identical ... Steve Wheeler
12:31 PM Feature #14165 (Resolved): Option to allow the DNS Forwarder to ignore system DNS servers
Since the change for #12902 I can no longer specify custom servers in the DNS Forward configuration. I do not want t... Orion Poplawski
12:08 PM Bug #14060: Auto Config Backup prints a confusing decryption error when using the wrong key
Tested on:
Version 23.01-RELEASE (amd64)
built on Fri Feb 10 20:06:33 UTC 2023
FreeBSD 14.0-CURRENT
patch resol...
Georgiy Tyutyunnik
10:02 AM Todo #14098 (Resolved): Match upstream changes in PF syntax to disable fragment disassembly
The patch fixes this one. I am marking this ticket resolved. Danilo Zrenjanin
08:37 AM Regression #14163 (Waiting on Merge): Running ``ifconfig`` logs a high volume of netlink debug messages (``genl_handle_message``) on dev snapshots
This will be fixed when we do our next merge from upstream FreeBSD Christian McDonald
08:13 AM Regression #14163 (Resolved): Running ``ifconfig`` logs a high volume of netlink debug messages (``genl_handle_message``) on dev snapshots
System log is being spammed with kernel messages. CE 2.7.0.a.20230322.0600. It only appears to happen when the Dashb... Keith Townsend
07:56 AM Regression #14015 (Resolved): Alias list is not sorted
I tested the patch with different upper-lower case setups. The patch works fine.
I am marking this ticket resolved.
Danilo Zrenjanin
07:46 AM Bug #13992 (Resolved): Custom default state timeouts are not respected in the ruleset
The patch fixes the issue. I've just run the Status > Filter Reload after applying the patch.
I am marking this t...
Danilo Zrenjanin
05:25 AM pfSense Packages Feature #14160: Add Search Engine Group in feeds
This is so we can whitelist search engines "Search Engines IPv4", "Search Engines IPv6" Jon Brown
05:02 AM pfSense Packages Feature #14160 (New): Add Search Engine Group in feeds
It would be good to get a search engine feed so you can either block them or use them as a whitelist. I have included... Jon Brown
05:22 AM pfSense Packages Feature #14162 (New): Add 'Google Services' feed group
This group can be used to allow the blocking or whitelisting of google services. I have added what I found along with... Jon Brown
05:17 AM pfSense Packages Feature #14161 (New): Add 'Microsoft Services' feed
This should include all of the Microsoft services and preferably in separate items. I have included links to the page... Jon Brown
03:17 AM pfSense Packages Feature #14159 (New): Add netgate bogon feeds
Can you add the netgate bogon feeds.
* https://files.netgate.com/lists/
** https://files.netgate.com/lists/bogon-...
Jon Brown
02:48 AM pfSense Packages Bug #13936: PHP error from RRD Graphs when attempting a query a newly created empty database
Can replicate on ... Lev Prokofev
02:30 AM Regression #13942: PHP error on ``status_logs_settings.php`` if the configuration contains an empty ``syslog`` section
I couldn't apply the patch on the:... Danilo Zrenjanin
02:03 AM Feature #14002 (Resolved): Option to enable/disable console bell, enabled by default
Tested the patch against:... Danilo Zrenjanin

03/22/2023

07:38 PM Regression #12821: Intel e1000 driver (``em``, ``igb``) cannot pass packets tagged with VLAN ``0``
For clarity the e1000 iflib driver that is in-kernel in pfSense has a bug that prevents it passing vlan0 if vlan hard... Steve Wheeler
06:30 PM Regression #12821: Intel e1000 driver (``em``, ``igb``) cannot pass packets tagged with VLAN ``0``
Kris Phillips wrote in #note-31:
> Hayden Hill wrote in #note-30:
> > Kris Phillips wrote in #note-29:
> > > FYI i...
Hayden Hill
10:02 AM Regression #12821: Intel e1000 driver (``em``, ``igb``) cannot pass packets tagged with VLAN ``0``
Hayden Hill wrote in #note-30:
> Kris Phillips wrote in #note-29:
> > FYI it appears this issue has spread in 23.01...
Kris Phillips
03:34 PM pfSense Packages Feature #13200: Custom DNS Servers for Alert settings
One solution would be to deny:
LAN: Deny any != pfblockerng ip TCP/UDP:53
WAN: ANY outgoing TCP/UDP:53
And allow...
Carlos Montalvo J.
12:55 PM pfSense Plus Bug #14158: Unable to delete boot environment "X". Error 3
Duplicate of https://redmine.pfsense.org/issues/14074 Christopher Cope
12:55 PM pfSense Plus Bug #14158 (Duplicate): Unable to delete boot environment "X". Error 3
Christopher Cope
12:38 PM pfSense Plus Bug #14158 (Duplicate): Unable to delete boot environment "X". Error 3
Hi,
I was going to make a new backup recovery in the Boot Environments.
I name it with one number ie. 1, then save ...
B. B.
11:44 AM Feature #14157 (New): Wildcards for 'Host Overrides' and 'Domain Overrides' in the GUI
Can you add the ability to use wildcards in 'Host Overrides' and 'Domain Overrides' in the GUI.
I know I can add w...
Jon Brown
11:36 AM Feature #14156 (Rejected): See the configured .opvn file from the GUI for the OpenVPN servers
It would be a useful feature for diagnosing issues quickly to see the generate .OPVN file in the GUI.
If the onscr...
Jon Brown
11:27 AM pfSense Packages Todo #14155 (Rejected): 'Block Outside DNS' option is present in the server and on the client
I find this situation confusing and propose a couple of resolutions:
* If the option 'Block Outside DNS' should stay...
Jon Brown
11:22 AM pfSense Packages Feature #11165: OpenVPN Exporter - Allow for name customization
I would like to see this so if I want, I can create more human readable connection names which are shown in the OpenV... Jon Brown
10:59 AM Regression #13965 (Resolved): Automatic DHCP failover firewall rules are not present in the ruleset when failover is active
The patch fixes it.
I am marking this ticket resolved.
Danilo Zrenjanin
09:22 AM Feature #14144: Improve support for renaming interface groups
maybe this should have been bug, not feature. Sorry. Kyle Wadman
07:18 AM Feature #14144 (New): Improve support for renaming interface groups
I have noticed that when an Interface Groups is renamed, all the Separators are lost.
I then named it back to the or...
Kyle Wadman
08:41 AM pfSense Packages Bug #14142 (Not a Bug): PHP errors in OpenVPN Client Export package
This doesn't look like a bug. From the logs, the OpenVPN export package needs to be updated / reinstalled.
If that...
Christopher Cope
06:05 AM pfSense Packages Bug #14142 (Rejected): PHP errors in OpenVPN Client Export package
Good moorning after installation last version of pf-sense, system shows Us the follow error related openvpn .
I am...
Stefano Raniero
08:40 AM pfSense Packages Feature #14154 (New): Ability to use pfSense alias in IPv4 Custom_List
Firewall --> pfBlockerNG --> IP --> IPv4 --> edit/add --> IPv4 Custom_List
the reasons for this are:
* I only hav...
Jon Brown
08:36 AM pfSense Packages Bug #14153 (New): default whitelist is not created
When I click on the button from the + button from the reports tab and follow the whitelisting, the default whitelist ... Jon Brown
08:35 AM pfSense Plus Bug #14140: OpenVPN Custom Options removes newline before push statements
Sorry, i forgot to describe WHY this is a problem.
The issue is that the invalid formatting of the options will ca...
Nick Maludy
08:19 AM Feature #14152 (New): Add a way to find where an alias is used in the GUI
I would like the ability to find where an alias is used via the GUI. I imagine a button next to the other alias optio... Jon Brown
08:08 AM pfSense Packages Feature #14151 (New): Add (ASN) to IPv4 Custom_List information
Firewall --> pfBlockerNG --> IP --> IPv4 --> IPv4 Custom_List
the line ...
Jon Brown
08:05 AM pfSense Packages Feature #14150 (New): Source and Destination information for IPv4 Custom_List and feeds
Firewall --> pfBlockerNG --> IP --> IPv4 --> list
When you edit/create a list you have to select an action type an...
Jon Brown
07:58 AM pfSense Packages Feature #14149 (New): Make the NEXT Scheduled CRON counter active
I would like the countdown timer of the cron to be active. Like on an aution page of ebay. :)
Firewall --> pfBlock...
Jon Brown
07:54 AM pfSense Packages Feature #14148 (New): Update alias information and error handling
On the following sections can you:
Firewall --> pfBlockerNG --> IP --> IPv4
*Advanced Inbound Firewall Rule Set...
Jon Brown
07:48 AM pfSense Packages Feature #14147 (New): when you rename an alias the alias reference in pfsense Advanced Inbound/Outbound rules ar enot updated
I refer to the rules @ (Firewall --> pfBlockerNG --> IP --> IPv4)
I noticed that when I renamed an alias that the ...
Jon Brown
07:36 AM pfSense Packages Bug #14146 (New): Small Typo in 'Advanced Outbound firewall rule settings' warning message
When creating an IPv4 outbound permit rule (Firewall --> pfBlockerNG --> Ip --> IPv4) and you leave the **Custom Prot... Jon Brown
07:20 AM Feature #14145 (New): Combined rule view (Floating + Group + Interface) that shows all rules relevant to a given interface
When viewing an interface firewall rule section it would be nice to have a toggle to "show inherited". This would sho... Kyle Wadman
07:09 AM pfSense Docs Correction #14143 (Closed): Feedback on System Monitoring — Remote Logging with Syslog
*Page:* https://docs.netgate.com/pfsense/en/latest/monitoring/logs/remote.html
*correction:*
in the section *Se...
Jon Brown

03/21/2023

07:17 PM pfSense Packages Bug #14054: pfBlockerNG can incorrectly modify firewall rules
It appears this related to the IPv4 IP list being updated, and happens during this step:... Marcos M
06:38 PM pfSense Packages Bug #14141 (Rejected): pfsense 2.6.0 -pfSense-pkg-squid installation failed!
Hi guys,
Any help please.
I'm working on a lab project that is due in the comming days. Everything has worke fine u...
Jean Smail Origene
05:43 PM pfSense Packages Todo #9200: Add DNS support for Google domain to Acme manager
It appears that Google Domains has added support for DNS-01 ACME Challenges using a token generated on Google Domains... Ryan Keen
01:56 PM pfSense Packages Feature #8547: fwknop Port Knocking Package
I'd like to add a vote here, too. This would be *incredibly* useful.
Port knocking is not an _alternative_ to a VP...
Liquid Thex
01:54 PM pfSense Plus Bug #14140 (Not a Bug): OpenVPN Custom Options removes newline before push statements
Hello,
I'm setting up an OpenVPN server and need to pass in some additional option in two places:
1. VPN -> Ope...
Nick Maludy
12:49 PM Regression #14139 (Resolved): CARP announcement src MAC should be virtual MAC
Hi All,
I think at some point in the last couple of 2.7.0 builds CARP function became somewhat broken. CARP announ...
Robert Karsai
11:12 AM Feature #12091: RFE: Add support for sssd authentication
Just updated to psSense Plus 23.01 and now with sssd-1.16.5_8 it fails to start with:
ld-elf.so.1: /usr/local/sbin...
Orion Poplawski
02:22 AM Regression #14138 (Feedback): Kernel Panic in ``rtsock_msg_mbuf``
I’ve been having a number of these over the last week or so. Last night’s was overnight when no one was using the net... Stephen Baines
12:09 AM pfSense Plus Regression #14137: pfSense Plus Upgrade repo data remains on the system after upgradng
Also, if package manager unavailable, may help next solution
Check and then uncheck dashboard auto update box in Sys...
aleksei prokofiev

03/20/2023

10:36 PM Bug #13624: Only one alias in local network of OpenVPN Server works in 2.6.0
Also ran into the sub-alias not updating the parent alias issue as described by Florian Bat.
This had one of our en...
Dean Arnold
07:21 PM pfSense Plus Regression #14137 (Resolved): pfSense Plus Upgrade repo data remains on the system after upgradng
After upgrading from CE to pfSense Plus the repo data used for that should be removed from the firewall leaving it us... Steve Wheeler
02:14 PM Revision 875221b6: ArrayGetExprRector support for variable and funccall array keys
Change how buildPathArgNode() generates an Arg node - as we introduce support
for more complicated expressions in arr...
Reid Linnemann
02:14 PM Revision ce614369: Make ArrayGetExprRector configurable for multiple variables
Rector only permits a single instance of a Rule class in a configuration, so in
order to allow the ArrayGetExprRector...
Reid Linnemann
02:14 PM Revision 96eb75ed: Rename GlobalGGetExprRector and friends to ArrayGetExprRector
Reid Linnemann
02:14 PM Revision 46f5b38a: Make GlobalGGetExprRector configurable, add simple test for $g variable
Reid Linnemann
02:03 PM pfSense Packages Bug #14116 (Duplicate): Squid Error went I press SAVE button.
Duplicate of https://redmine.pfsense.org/issues/13984
Missing Squid Reverse config values.
Steve Wheeler
10:19 AM pfSense Packages Bug #14116: Squid Error went I press SAVE button.

Looks like Clamav is the issue, once I disable this services, the error is gone.

This is my config file:
cat...
Peter Moreno
11:52 AM Feature #13017 (Pull Request Review): Packet capture: add preview results while capture is running
Thank you for the pull request. This has been implemented with a re-write of the Packet Capture page. See https://red... Marcos M
09:42 AM Bug #14136 (Resolved): Services Status page and Dashboard widget do not list the ``radvd`` service with certain static IPv6 configurations
After upgrading from 2.5.2 to 23.01 I noticed that @radvd@ no longer appears in Services Status or the associated das... David Myers
04:38 AM pfSense Plus Bug #14135: iOT Devices not reconnecting properly
I forgot to mention we also tested this with a Sony TV (1 year old and up to date Firmware) on an ethernet connection... Steven Cedrone
04:24 AM pfSense Plus Bug #14135 (Rejected): iOT Devices not reconnecting properly
IOT Devices of different manufacturers all seem to have this problem and while the problem is being experienced I wou... Steven Cedrone
04:32 AM pfSense Plus Bug #13497: unbound process looks like stuck periodically
Yaroslav Semenenko wrote:
> Hello,
>
> I have Netgate 2100.
> Unbound service is needed to restart sometimes due...
Steven Cedrone
03:50 AM pfSense Plus Feature #14134 (Rejected): Notifier on main dashboard for other updates availble: Packages / System Patches (if installed) Under the PfSense current Version.
A notifier on the Main Landing page under the Current PfSense Version number that lets you also know if your packages... Steven Cedrone
03:47 AM pfSense Plus Feature #14133 (New): Exporting and Importing - Change Layout
Please change Backup & Restore to allow for choosing only what areas you want to import/export without having to do i... Steven Cedrone
03:39 AM pfSense Plus Bug #14132 (Not a Bug): Aliases of the same name current as previously deleted will not be respected properly
This problem is hard to describe so I'll give as much information as possible as best as I can.
-Alias was created...
Steven Cedrone
03:30 AM pfSense Plus Feature #14131 (New): Add Dynamic DNS Service: DYNU
Please add Dynamic DNS provider DYNU
https://www.dynu.com/en-US/
It's working now but sometimes won't update an...
Steven Cedrone
03:10 AM Feature #14130 (New): Add DynDNS Provider - IPv64.net
I would like to have the German DynDNS provider IPv64.net added. An integration with DynDNS is very easy there via th... Dennis Schröder

03/19/2023

10:52 PM pfSense Plus Bug #14129 (Resolved): Chelsio T520 unable to route past 470Mbps
Chelsio T520-CR and T420-CR are unable to route speeds over 470mbps when updated to 23.01 code. Goes to full 1gb spee... Bruce Talbot
05:58 PM Bug #14128 (New): Input validation does not prevent limiter bandwidth values that are too large
There exists a limit to the bandwidth value within Limiters:
https://github.com/pfsense/FreeBSD-src/blob/bd5b6c0d6cc...
Marcos M
04:33 PM pfSense Packages Regression #14024: PHP error in HAProxy Widget with Show Client Traffic enabled
I have the same issue but only affecting one of my deployments. As a workaround you can disable the haproxy service t... Hans Perera
04:01 PM pfSense Plus Bug #12974 (Closed): Typing anything into 1100/2100 recovery installer causes process to stop
This should be closed. Updating to reflect. Ryan Coleman
03:27 PM Regression #12821: Intel e1000 driver (``em``, ``igb``) cannot pass packets tagged with VLAN ``0``
Kris Phillips wrote in #note-29:
> FYI it appears this issue has spread in 23.01 to the igc driver as well. After u...
Hayden Hill
02:13 PM Bug #14127 (New): Captive Portal - LDAP server with special characters in description fails to authenticate in
When you have an LDAP configured that has commas (and likely other special characters) two things fail:
1) Selecti...
Ryan Coleman
11:25 AM pfSense Packages Feature #14126 (New): Quality monitoring graph scale adjustment
If possible, it would be nice if the scale of the packet loss side of the onitoring graph was not the same as the lat... Chris Linstruth
02:33 AM pfSense Plus Feature #14125 (New): Add Cateogory field to Available Packages Tab like Installed Packages Tab
Under the Installed Packages the header fields have the following listed at the top Name Category Version Description... Scott Costa

03/18/2023

10:22 PM Regression #12821: Intel e1000 driver (``em``, ``igb``) cannot pass packets tagged with VLAN ``0``
FYI it appears this issue has spread in 23.01 to the igc driver as well. After upgrading to 23.01 on a Netgate 4100,... Kris Phillips
09:37 PM Bug #14124: Some blank SAN fields are not ignored when creating a certificate
I just realized that if I just enter the type of IP address and value of 10.0.0.2 and not click add, just save then 1... Mario Jauvin
09:33 PM Bug #14124: Some blank SAN fields are not ignored when creating a certificate
Kris, this is an interesting comment and you are quite true. If I delete the second blank entry in my screen shot th... Mario Jauvin
09:12 PM Bug #14124: Some blank SAN fields are not ignored when creating a certificate
This doesn't appear to be a bug. You have a FQDN or Hostname entry added as an Alternative Name, but nothing defined... Kris Phillips
04:07 PM Bug #14124 (Resolved): Some blank SAN fields are not ignored when creating a certificate
If I add a alternate name
!clipboard-202303181705-cigpe.png!
and click save, I get this error:
!clipboard-20230318...
Mario Jauvin
09:36 PM pfSense Packages Bug #13985: Telegraf error After Update PFSense to 23.01
Unable to replicate in pfSense CE 2.7. Possible it's just an issue on Plus for some reason. Kris Phillips
09:30 PM pfSense Packages Bug #14116: Squid Error went I press SAVE button.
Hello,
What settings do you have enabled and what page were you on that you clicked save to cause this issue? I'v...
Kris Phillips
08:02 PM pfSense Plus Bug #14074: Cannot edit or delete ZFS Boot Environment with a name containing only numbers
i installed the patch.
it renamed the two broken boot environments with the name i originally gave them, swapping ...
Mark Grant
04:57 PM pfSense Plus Bug #14074: Cannot edit or delete ZFS Boot Environment with a name containing only numbers
The patch works well. I'm not hitting any of the problems I encountered previously. *It only applies to the currently... Chris W
01:57 PM pfSense Plus Bug #14074 (Pull Request Review): Cannot edit or delete ZFS Boot Environment with a name containing only numbers
https://gitlab.netgate.com/pfSense/factory/-/merge_requests/94 Christopher Cope
01:01 PM pfSense Plus Bug #14074 (Confirmed): Cannot edit or delete ZFS Boot Environment with a name containing only numbers
I was able to reproduce this by cloning the default environment, naming it 20230318 (today's date), no description. C... Chris W
06:29 PM Bug #14115: DHCP Server page does not properly select a default interface tab if neither WAN nor LAN are capable of being DHCP servers

this state occurs with previous versions too.
click on the tab of opt interface and you will be able to configur...
Alhusein Zawi

03/17/2023

09:21 PM Bug #13655: DNS Forwarder (``dnsmasq``) is using an invalid combination of options when "Query DNS servers sequentially" is enabled
Just to update this: This issue is being addressed in upstream dnsmasq now in order to disallow this invalid and misl... Flole Systems
06:26 PM pfSense Docs Correction #14123 (Closed): DNS Rebinding pfsense documentation
DNS protection documentation here: <https://docs.netgate.com/pfsense/en/latest/services/dns/rebinding.html#dns-protec... Alex Sensation
06:16 PM pfSense Plus Bug #13967 (Feedback): aarch64 23.01 upgrade can fail to write the bootloader
Fix has been released to the world this week. Reid Linnemann
06:15 PM Bug #14046 (Rejected): bsdinstall based installs are missing EFISYS DOS label on efi partition
There are many reasons the EFISYS label is missing. pfSense-upgrade has also been modified to restore this FAT label ... Reid Linnemann
03:35 PM Revision 5c4a6ada: Improve alias sorting (again). Issue #14015
asort does not handle natural case-insensitive sorting of
multi-dimensional arrays properly, so it needs a custom sor...
Jim Pingle
02:57 PM Bug #14007 (Resolved): Using PF reserved keywords for interface descriptions results in an invalid ruleset
Jim Pingle
01:18 PM Bug #14007: Using PF reserved keywords for interface descriptions results in an invalid ruleset
patch fixes the issue, prohibiting the reserved pf keywords from being configured as interface names
Tested on:
Ver...
Georgiy Tyutyunnik
02:53 PM Feature #14122 (New): Allow selecting the repo branch on config restore
Currently the config restore code always defaults the update repo branch to current stable. The branch set in the con... Steve Wheeler
12:14 PM Feature #12070: Support for VLAN ``0``
Steve Wheeler wrote in #note-15:
> This specific feature request was opened to handle vlan0 for ISPs other than AT&T...
Matt Johnson
10:33 AM Feature #12070: Support for VLAN ``0``
This specific feature request was opened to handle vlan0 for ISPs other than AT&T.
It is marked resolved because t...
Steve Wheeler
10:02 AM Feature #12070: Support for VLAN ``0``
EDIT: thanks for the update Steve
I noticed the fix was implemented at the dhclient level which is good but the or...
Matt Johnson
10:02 AM Feature #12070: Support for VLAN ``0``
Steve Wheeler wrote in #note-12:
> For clarification this issue is marked resolved because pfSense can now accept pr...
Matt Johnson
09:28 AM Feature #12070: Support for VLAN ``0``
For clarification this issue is marked resolved because pfSense can now accept priority tagged dhcp replies (vlan0). ... Steve Wheeler
11:41 AM Bug #14092 (Ready To Test): Kernel panic when PF passes a large/fragmented ICMP6 packet
Snapshots as of today have the relevant fix included. Kristof Provost
11:03 AM Regression #14015: Alias list is not sorted
Also of note: I added another patch to the system patches package which applies on top of the previous patch (@4342d1... Jim Pingle
11:00 AM Regression #14015 (Feedback): Alias list is not sorted
Should be fixed by commit:5c4a6ada1867a7d6ec13461680d8309d154c90b1 seems to be OK in various tests I've done.
Beca...
Jim Pingle
09:27 AM Regression #14015: Alias list is not sorted
This was also broken again by commit:29cd08ea0da6246ad416e33b3788c05c0b0a5172 during a rector pass. It was changed ba... Jim Pingle
06:35 AM Regression #14015: Alias list is not sorted
Danilo Zrenjanin wrote in #note-3:
> I couldn't reproduce the issue on the:
> I made an extensive list of aliases t...
Jim Pingle
03:19 AM Regression #14015: Alias list is not sorted
I couldn't reproduce the issue on the:... Danilo Zrenjanin
10:33 AM Feature #14121 (Duplicate): Add ability to batch import IPs into an *existing* alias
Firewall > Aliases > IP already has an "Import" button that allows creating a *new* alias by pasting a long list of I... Sean McBride
10:15 AM Bug #14117 (Resolved): PHP Error on ``status_interfaces.php`` from PPP interface uptime
Tested on the:... Danilo Zrenjanin
06:17 AM Regression #13962 (Resolved): PPP interfaces do not request DNS servers when "DNS Server Override" is enabled
Tested against:... Danilo Zrenjanin

03/16/2023

11:25 PM Regression #13983 (Resolved): Multiple PHP errors in the DHCP Server when the configuration contains an empty section for an interface
Tested on... Christopher Cope
10:21 PM Regression #14076 (Resolved): PHP error if the configuration has an empty Auto Configuration Backup section
Tested on... Christopher Cope
09:05 PM Regression #14015 (In Progress): Alias list is not sorted
Looks like there may be an issue if aliases are not sorted in the config, the ID in the list may not match the ID in ... Jim Pingle
07:59 PM pfSense Packages Bug #12399: WireGuard v0.1.5 - Tunnel Will Never Handshake Again After WAN Reset
Prime BDE wrote in #note-28:
> Nunya Business wrote in #note-27:
> > This problem has returned with the current ver...
Gianluca Semadeni
05:17 PM Regression #14120 (Resolved): ``syslogd`` tries to bind interfaces with no IP address
In 23.01 syslogd will try to bind to an interface that has no IP resulting in the service failing to start.
This i...
Steve Wheeler
05:16 PM Revision 1792ffdb: ppp-linkup: Keep routerv6 address scope
Original code was removing address scope from v6 router and because of
that, system always use default gateway to con...
Renato Botelho
02:07 PM Feature #14119: Correct or fully implement, in Captive Portal authentication routines, the Tunnel attributes related to the freeRadius VLAN ID setting
If freeRadius was correctly parsing the attributes sent in the accounting communication to freeRadius, the following ... Dale Harron
01:09 PM Feature #14119: Correct or fully implement, in Captive Portal authentication routines, the Tunnel attributes related to the freeRadius VLAN ID setting
WRT ##14093's rejection,
"The solution here is to set each portal to use the RADIUS server in a different way, eith...
Dale Harron
11:10 AM Feature #14119 (New): Correct or fully implement, in Captive Portal authentication routines, the Tunnel attributes related to the freeRadius VLAN ID setting
This may be either a bug or the completion of a partially implemented feature to support freeRadius users.
The cap...
Dale Harron
01:40 PM Revision ae1bda66: composer update
Christian McDonald
01:12 PM Revision cf2a2f82: Add safety belts to PPP historical uptime calculation. Fixes #14117
Jim Pingle
12:25 PM Bug #13939 (Feedback): IPv6 does not work on secondary PPPoE WAN
Applied in changeset commit:1792ffdb859a5cb40c11360c30989ccc3b7a9271. Renato Botelho
09:19 AM Bug #13939: IPv6 does not work on secondary PPPoE WAN
Reid Linnemann wrote in #note-2:
> It actually looks like this was written from the get-go to omit the scope, which ...
Renato Botelho
10:32 AM Todo #6727: Missing file apple-touch-icon-precomposed.png ?
I'm on v2.6.0 CE and I just got this error myself. Interesting. Seems like it would be an easy fix. Allistah F
10:23 AM Bug #14118 (New): freeRadius "Amount of Time" setting is not accurately tracked for Stop/Start settings in Caaptive Portal
Re: tested on 23.01 plus mid Feb release: Correct time accounting error in captiveportal.inc Stop/Start routines for... Dale Harron
08:20 AM Bug #14117 (Feedback): PHP Error on ``status_interfaces.php`` from PPP interface uptime
Applied in changeset commit:cf2a2f82c2aa551b26a6d9606d5e6da1e760ff6b. Jim Pingle
08:00 AM Bug #14117 (Resolved): PHP Error on ``status_interfaces.php`` from PPP interface uptime
Seems to require the "Uptime Logging" option enabled on a plain PPP type WAN (cell modem style, NOT PPPoE/L2TP/PPTP)
...
Jim Pingle
07:10 AM Regression #13943: OpenVPN crashes with Signal 8 with very low fragment size
For reference, the fix appears to be: https://github.com/OpenVPN/openvpn/commit/b9a9de156bc3ad517bfc6d1042ad0ef0350b638e Jim Pingle
07:00 AM Regression #13943: OpenVPN crashes with Signal 8 with very low fragment size
OpenVPN has fixed it in version 2.6.1!
When is it available in pfsense+ 23.01?
Patrick Schmid
06:33 AM Bug #13860 (Resolved): Typo in Remote IPv4/IPv6 Address help text on ``interfaces_gre_edit.php``
The patch fixes it.
Tested against:...
Danilo Zrenjanin
06:29 AM Bug #13953 (Resolved): PHP Error loading Floating rule tab with OpenVPN group rules when there are no OpenVPN instances in the configuration
Danilo Zrenjanin
06:29 AM Bug #13953: PHP Error loading Floating rule tab with OpenVPN group rules when there are no OpenVPN instances in the configuration
Tested the patch on the:... Danilo Zrenjanin
03:29 AM Bug #14034 (Resolved): PHP errors in ``xmlrpc.php`` during configuration synchronization if the target host has an empty XML tag for a given section
Danilo Zrenjanin
03:29 AM Bug #14034: PHP errors in ``xmlrpc.php`` during configuration synchronization if the target host has an empty XML tag for a given section
I tested the patch against:... Danilo Zrenjanin
02:49 AM pfSense Packages Feature #14101: Add Zabbix 6.4 packages
Should there be any help needed, I happen to be the maintainer of all zabbix ports. Juraj Lutter
01:32 AM Bug #5413: Reduce disruptions when changing DNS records from DHCP leases in Unbound
Hi there, I just wanted to say thanks for all the time and work that is going into this fix. It's really a problem w... Allistah F
12:52 AM pfSense Packages Bug #14116: Squid Error went I press SAVE button.
Crash report begins. Anonymous machine information:
amd64
14.0-CURRENT
FreeBSD 14.0-CURRENT #1 devel-main-n2558...
Peter Moreno
12:51 AM pfSense Packages Bug #14116 (Duplicate): Squid Error went I press SAVE button.
Hello, I have squid+SG on Pfsense 2.7-dev, testing.
I was trying to do a little change and went I press 'SAVE' butto...
Peter Moreno

03/15/2023

03:00 PM Bug #14061: PHP error if a non-privileged shell user attempts an operation which needs to write ``config.cache``
The only potential possible cause I can see is that both this and #14031 are initially triggered by source:usr/local/... Jim Pingle
07:37 AM Bug #14061 (New): PHP error if a non-privileged shell user attempts an operation which needs to write ``config.cache``
Reopening this for some more investigation. There appear to be several people hitting this, but not consistently and ... Jim Pingle
02:50 PM pfSense Docs Todo #14107: Add troubleshooting steps for LDAP auth
Note added and deployed:
https://gitlab.netgate.com/docs/pfSense-docs/-/commit/022334bebe388fd6edea9ac2418cb0c0944...
Jim Pingle
02:40 PM pfSense Plus Feature #14112 (Duplicate): Allow user to trigger license re-sync and/or reset in system_register.php
We already have an internal issue for this.
Jim Pingle
01:57 PM pfSense Plus Bug #14104: Google LDAP connections still fail even after adding SNI for TLS 1.3
LDAP client certs are only available on Plus. Jim Pingle
12:21 PM pfSense Docs Todo #14114 (Closed): Change info about ESXi version which might work with pfSense.
Updated and deployed:
https://gitlab.netgate.com/docs/pfSense-docs/-/commit/57c3e5e2789a84b71a4eb3544f68e7077c87c4fb
Jim Pingle
07:43 AM pfSense Docs Todo #14114 (Closed): Change info about ESXi version which might work with pfSense.
on https://docs.netgate.com/pfsense/en/latest/recipes/virtualize-esxi.html we have
_Article explains how to install ...
Azamat Khakimyanov
12:16 PM Bug #14115 (Resolved): DHCP Server page does not properly select a default interface tab if neither WAN nor LAN are capable of being DHCP servers
When both WAN and LAN are set to DHCP, the DHCP server web interface doesn't appropriately select an interface tab.
...
Christian McDonald
11:13 AM pfSense Docs Todo #14111 (Closed): Installation pages flash drive too small for 23.01 ARM64 image
Updated and deployed.
https://gitlab.netgate.com/docs/netgate-docs/-/commit/b45a21365b0faf6bee17141d70b41a216698b964
Jim Pingle
11:00 AM pfSense Docs Todo #14111: Installation pages flash drive too small for 23.01 ARM64 image
I'll update that doc but do note the documents for the 1100 and 2100 both actually say 8GB already:
https://docs.n...
Jim Pingle
09:45 AM pfSense Packages Bug #14113 (Duplicate): PHP Error: /usr/local/pkg/avahi/avahi.inc:76
Duplicate of #14019 Jim Pingle
02:22 AM pfSense Packages Bug #14113 (Duplicate): PHP Error: /usr/local/pkg/avahi/avahi.inc:76
Just updated my pfsense box to 23.01 from 22.05. Everything was going smoothly, but on my first login i received a no... S Hunor
12:50 AM Bug #13624: Only one alias in local network of OpenVPN Server works in 2.6.0
I also discovered this issue in 2.7.0 & 22.x with alias parsing in the all OpenVPN configuration page network fields.... Dean Arnold

03/14/2023

09:34 PM pfSense Docs Todo #14107: Add troubleshooting steps for LDAP auth
It helped someone on 23.01 after they saw the following from pfSense on a pcap when testing the auth:
> Alert (Level...
Marcos M
10:52 AM pfSense Docs Todo #14107 (Closed): Add troubleshooting steps for LDAP auth
That shouldn't be needed on current versions since the LDAP CA setup is different than it was back at the time that s... Jim Pingle
10:43 AM pfSense Docs Todo #14107 (Closed): Add troubleshooting steps for LDAP auth
Add the troubleshooting step of restarting php-fpm as detailed here:
https://forum.netgate.com/post/893499
Add to...
Marcos M
08:44 PM pfSense Plus Feature #14112 (Duplicate): Allow user to trigger license re-sync and/or reset in system_register.php
There may be a case for adding some buttons in system_register.php that allow the user to 1) Force the existing pfSen... M Felden
04:50 PM pfSense Docs Todo #14111 (Closed): Installation pages flash drive too small for 23.01 ARM64 image
The installation media page says 4GB is sufficient for pfSense but the 23.01 ARM64 image is 4 in one and expands to 4... Ryan Coleman
03:43 PM Revision 5f43b9b5: RAM disk size check/options update. Fixes #13508
* Update RAM disk size/free memory calculations
* Fix up some text in the option labels
* Show current /tmp and /var ...
Jim Pingle
02:53 PM Bug #11877 (Resolved): Labels and description disappear in firewall_schedule_edit.php
There's a quirk with the fix where removing the row with the labels does not re-add the labels until the changes are ... Marcos M
01:42 PM pfSense Packages Bug #14075: Using the ``Transparent ClientIP`` option in HAproxy results in kernel panics
I have returned ipfw to development snapshots so we can work on replicating and testing there. It is not possible to ... Christian McDonald
12:02 PM pfSense Docs Todo #14110 (Resolved): Clean up outdated references to "Factory" edition
Main docs:
https://gitlab.netgate.com/docs/pfSense-docs/-/commit/9a0c401f51fa65168905fe798fe4b74475e8e6f9
Platf...
Jim Pingle
11:05 AM pfSense Docs Todo #14110 (Resolved): Clean up outdated references to "Factory" edition
There are a few remaining references in the documentation to the old "Factory" edition ("FE") name that need updated ... Jim Pingle
11:28 AM Feature #14109: Auto Configuration Backup Key Feature Request
Thanks for the reply, speaking from experience is all I noticed they are ever changing with each software reload or c... Jonathan Lee
11:09 AM Feature #14109 (Rejected): Auto Configuration Backup Key Feature Request
The key is not something that should be passed around that freely, it should be treated like a password or similar to... Jim Pingle
11:04 AM Feature #14109 (Rejected): Auto Configuration Backup Key Feature Request
Hello fellow pfSense Community,
I wanted to add a feature request for Auto Configuration Backup, there is no setti...
Jonathan Lee
10:54 AM pfSense Packages Bug #14108 (Rejected): Antivirus Bases showing outdated main.cvd with a version dated year 2021
Per ClamAV's website:
"ClamAV signatures come in a variety of formats, one for each of the distinct detection method...
Jonathan Lee
10:50 AM Todo #13508 (Feedback): Uncouple RAM Disk size from available kernel memory
Applied in changeset commit:5f43b9b527a6a65bd2c70ac231e3fdceff6ab0d3. Jim Pingle
07:55 AM Todo #13508 (In Progress): Uncouple RAM Disk size from available kernel memory
Note to self: tmpfs data can get moved to swap under memory pressure, which further extends its potential capacity, s... Jim Pingle
10:41 AM pfSense Plus Bug #14106 (New): arc4random: WARNING: initial seeding bypassed the cryptographic random device because it was not yet seeded and the knob 'bypass_before_seeding' was enabled.
23.01 is now showing this error after a fresh firmware install on a Netgate 2100-MAX system. It will continue to boot... Jonathan Lee
10:24 AM Feature #14105 (New): Ability to set 'block-local' gateway flag in OpenVPN Server Config
I am setting up my OpenVPN servers so when a client connects all their traffic (except VPN tunnel traffic) goes throu... Jon Brown
08:50 AM Todo #14103 (Resolved): Add more disk information to status output
This is present and working in the latest snapshot. Jim Pingle
08:08 AM pfSense Plus Regression #13895: Early boot hangs on Hyper-V with Gen2 VMs
Thanks Chris.
While this doesn't solve your immediate situation, it looks like repro is possible with Windows Serv...
Leon Dang
03:11 AM pfSense Plus Bug #14104 (New): Google LDAP connections still fail even after adding SNI for TLS 1.3
tested on 23.01 and with IPv6
After fixing https://redmine.pfsense.org/issues/11626 I see that the LDAP client is ...
Azamat Khakimyanov
02:28 AM Bug #14077: Kernel panic from incoming IPv6 connections
Sorry, I missed that.
I believe I understand the issue. Briefly put, pf_refragment6() ends up calling ip6_forward(...
Kristof Provost

03/13/2023

11:17 PM Revision d6911589: Add more disk info to status output. Implements #14103
Jim Pingle
10:56 PM Bug #14077: Kernel panic from incoming IPv6 connections
#14092 is not public, so it's impossible to check what that one is about and what will trigger it. Flole Systems
12:23 PM Bug #14077: Kernel panic from incoming IPv6 connections
This issue isn't related to IPv4 NAT, so your NAT rules will not matter.
See #14092 as well, because this is almos...
Kristof Provost
09:17 PM pfSense Plus Regression #13895: Early boot hangs on Hyper-V with Gen2 VMs
Here is a screenshot of the memmap command on an affect VM. This machine is on Windows Server 2022. The Pfsense VM ... Chris Poillion
07:03 PM Revision c37e9ab9: Catch case when DHCP WAN comes up late during boot. Fixes #13671
Jim Pingle
06:37 PM Revision 5c75223e: Fix typo. Fixes #13860
Jim Pingle
06:31 PM Revision 6c186dae: Auth log behavior update. Fixes #12464
Jim Pingle
06:25 PM Todo #14103 (Feedback): Add more disk information to status output
Applied in changeset commit:d691158995f63347d2ad7ab037b7bf3d4fe989bb. Jim Pingle
06:16 PM Todo #14103 (Resolved): Add more disk information to status output
The status output could use some more disk information we've been requesting recently:... Jim Pingle
06:04 PM Revision 4fe6481f: Add knob for console bell (default: enabled). Fixes #14002
Jim Pingle
05:54 PM pfSense Plus Regression #14102 (Resolved): Console menu incorrectly shows option ``99`` on some ARMv7/ARM64 installations
The console menu is intended to only show menu option 99 'Install to device' if pfSense is not running from eMMC or S... Steve Wheeler
05:27 PM pfSense Packages Feature #14101 (Resolved): Add Zabbix 6.4 packages
https://www.freshports.org/net-mgmt/zabbix64-agent/
https://www.freshports.org/net-mgmt/zabbix64-proxy/
Tirso Ramirez
05:11 PM Revision 7ce12dcb: Do not allow an interface to use PF reserved words as its name. Fixes #14007
Jim Pingle
03:58 PM Revision 5f121e6a: Improve floating rule handling of missing VPNs. Fixes #13953
Jim Pingle
03:39 PM Revision 0dbc2d6a: GW Edit: Handle missing OpenVPN/IPsec entries better. Fixes #13973
Jim Pingle
03:02 PM Revision 9bfd8974: Improve handling of XMLRPC sync of empty sections. Fixes #14034
Jim Pingle
02:10 PM Bug #13671 (Feedback): DHCP client can fail permanently if an interface is down at boot
Applied in changeset commit:c37e9ab908cffe20227cc8c88ae5463b5562a397. Jim Pingle
02:03 PM Bug #13671 (In Progress): DHCP client can fail permanently if an interface is down at boot
I was able to reproduce this in a VM finally. The key is to boot with the interface detected and then reconnect it ju... Jim Pingle
01:45 PM Bug #13860 (Feedback): Typo in Remote IPv4/IPv6 Address help text on ``interfaces_gre_edit.php``
Applied in changeset commit:5c75223e38c6c3ba1b67f9ab24b9f7ea34bde0f8. Jim Pingle
01:38 PM Bug #13860 (In Progress): Typo in Remote IPv4/IPv6 Address help text on ``interfaces_gre_edit.php``
Jim Pingle
01:40 PM Feature #12464 (Feedback): Option to control log level of authentication messages in system logs ("Emergency" vs "Notice" level)
Applied in changeset commit:6c186dae17fe41851c2ee3bb72852178596f2652. Jim Pingle
01:30 PM Feature #12464 (In Progress): Option to control log level of authentication messages in system logs ("Emergency" vs "Notice" level)
Now that the console bell behavior is split off from this (See #14002) I think what we should do here is just keep th... Jim Pingle
01:29 PM Revision f884cc20: filter: correctly disable fragment reassembly
Kristof Provost
01:15 PM Feature #14002 (Feedback): Option to enable/disable console bell, enabled by default
Applied in changeset commit:4fe6481fa35f31b93ed5841c3342cbb5bd76237c. Jim Pingle
01:04 PM Feature #14002 (In Progress): Option to enable/disable console bell, enabled by default
The more I look at this the less it's tied to the login messages since it's a general console bell setting. I've got ... Jim Pingle
01:10 PM pfSense Plus Regression #13824: CPU/Crypto Detection for the 3100 is not functioning properly
Bill McGonigle wrote in #note-4:
> Is the patch world-readable anywhere? I have affected hardware and the System Pa...
Jim Pingle
01:08 PM pfSense Plus Regression #13824: CPU/Crypto Detection for the 3100 is not functioning properly
Is the patch world-readable anywhere? I have affected hardware and the System Patches feature can't resolve this com... Bill McGonigle
12:22 PM Bug #14092 (In Progress): Kernel panic when PF passes a large/fragmented ICMP6 packet
I believe I understand the issue. Briefly put, pf_refragment6() ends up calling ip6_forward() for traffic in the outp... Kristof Provost
12:20 PM Bug #14007 (Feedback): Using PF reserved keywords for interface descriptions results in an invalid ruleset
Applied in changeset commit:7ce12dcb36c73d6526dd46ef6b790d189be25a40. Jim Pingle
12:09 PM Bug #14007 (In Progress): Using PF reserved keywords for interface descriptions results in an invalid ruleset
The fix for #14057 likely also solved this as a byproduct but we should still reject these names just in case.
I c...
Jim Pingle
11:05 AM Bug #13953 (Feedback): PHP Error loading Floating rule tab with OpenVPN group rules when there are no OpenVPN instances in the configuration
Applied in changeset commit:5f121e6a11df8f640f01d27795afeaefb55c50d6. Jim Pingle
10:50 AM Bug #13973 (Feedback): PHP error in ``gwlb.inc`` when OpenVPN or IPsec instances referred to by assigned interface entries are missing
Applied in changeset commit:0dbc2d6a7679e85d69bae85ec57d90674e393ea8. Jim Pingle
10:43 AM Bug #13973: PHP error in ``gwlb.inc`` when OpenVPN or IPsec instances referred to by assigned interface entries are missing
There is already a check which prevents deleting an assigned VPN instance, so it's not clear how this situation may h... Jim Pingle
10:29 AM Bug #13973 (In Progress): PHP error in ``gwlb.inc`` when OpenVPN or IPsec instances referred to by assigned interface entries are missing
Jim Pingle
10:50 AM Bug #13003: Malicious Driver Detection event on ``ixl(4)`` driver
Today we have had a crash with the "Malicious Driver Detection" event at 10:00:26 Colombia time:
Mar 13 10:00:26 ker...
Daniel Montealvaro
10:10 AM Bug #14034 (Feedback): PHP errors in ``xmlrpc.php`` during configuration synchronization if the target host has an empty XML tag for a given section
Applied in changeset commit:9bfd89747eba77091ab6e2df5639a33a185342f8. Jim Pingle
09:43 AM pfSense Packages Feature #14100 (New): Use interface groups as an Alias for IP Interface/Rules Configuration
Hi
I understand that there is an order in how firewall rules are used but my suggestion is not for altering that.
...
Jon Brown
09:28 AM pfSense Plus Regression #14099 (Duplicate): snmpd SIOCGIFDESCR (e6000sw0port1): Device not configured
Duplicate of #13976 Jim Pingle
09:26 AM pfSense Plus Regression #14099 (Duplicate): snmpd SIOCGIFDESCR (e6000sw0port1): Device not configured
See bug #8600 Björn Bylander
09:18 AM pfSense Plus Bug #8600: "snmpd SIOCGIFDESCR (e6000sw0port1): Device not configured"
This bug seems to have popped up again on my SG-3100 after upgrading to 23.01. Björn Bylander
09:09 AM Feature #8794: NTP authentication support
I can confirm this issue still occurs in version 23 Jonathan Lee
09:05 AM pfSense Packages Regression #13978: PHP errors with squidGuard
Also:... Steve Wheeler
08:40 AM Todo #14098 (Resolved): Match upstream changes in PF syntax to disable fragment disassembly
PF enables fragment disassembly by default now, so to disable it the directive must explicitly be @fragment no reasse... Jim Pingle
07:38 AM Bug #13938 (Resolved): Kernel panic accessing the GUI over IPsec in certain environments when using nginx ``sendfile`` with unmapped mbufs
@sendfile@ is @off@ in all @nginx@ configurations now, for the GUI and Captive Portal.
Jim Pingle

03/12/2023

04:02 PM pfSense Packages Bug #13043: OSPF over Wireguard interface doesn't populate neighbors after reboot
Hi,
just wanted to confirm. I can reproduce this issue on all of my installations so far. Mostly PFsense CE 2.6.0 ...
Johann Lohberger
03:29 PM Bug #11877 (Feedback): Labels and description disappear in firewall_schedule_edit.php
Right. The fix is in snapshots. Christian McDonald
02:28 PM Bug #13938: Kernel panic accessing the GUI over IPsec in certain environments when using nginx ``sendfile`` with unmapped mbufs
We will now disable sendfile mode. Sendfile has little to no benefit for us on pfSense.
This feature of nginx has ...
Christian McDonald
01:05 PM Bug #14077: Kernel panic from incoming IPv6 connections
Thank you for the information.
I got an unexpected crash but I forgot that I have another NAT rule (the 443 NAT rule...
Bruno Dambrine
10:33 AM Bug #13325 (Confirmed): System Information widget breaks with multiple instances
Marcos M
09:09 AM pfSense Packages Regression #14097 (Duplicate): Upgrade to 23.01: PHP Fatal error: Uncaught TypeError: Unsupported operand types: string / int in /etc/inc/util.inc
Duplicate of #14024 Jim Pingle
01:28 AM pfSense Packages Regression #14097 (Duplicate): Upgrade to 23.01: PHP Fatal error: Uncaught TypeError: Unsupported operand types: string / int in /etc/inc/util.inc
After the upgrade to version 23.01-RELEASE I right away got a message from the Crash reporter:... Sebastian Wagner
04:57 AM Bug #13729: Gateways stuck in Unknown status
Same issue, restarting dpinger service resolved the issue. I have dpinger in service watchdog service do it should no... Marko Koivusalo
01:55 AM Revision 37c29e4d: Disable nginx sendfile mode, Fixes #13938
Christian McDonald

03/11/2023

09:37 PM pfSense Plus Feature #13786: ldap intergration for firewall rules
Mike Moore wrote in #note-4:
> So there is no way in the future to create a LAN rule stating
> Src: AD/mmoore
> Ds...
Kris Phillips
09:29 PM pfSense Plus Feature #14017: Ability to remove all packages before upgardes with saved configuration
There is already an option to reinstall packages from Diagnostics --> Backup and Restore. It would be beneficial for... Kris Phillips
09:25 PM pfSense Plus Regression #14080: Installer fails to install to a geom mirror
Typically right now we also have issues with the installer converting from gmirror to ZFS. Haven't tested since 22.0... Kris Phillips
09:06 PM Bug #14060: Auto Config Backup prints a confusing decryption error when using the wrong key
that looks better, when I do the same thing I get the following now with that patch applied to 23.01
__
The followi...
Jordan G
08:05 PM Bug #13938 (Feedback): Kernel panic accessing the GUI over IPsec in certain environments when using nginx ``sendfile`` with unmapped mbufs
Applied in changeset commit:37c29e4de148a14480c01c8fa179e9b630bb0fb4. Christian McDonald
07:44 PM Bug #14089 (Duplicate): System information widget bars operate incorrectly when widget is "split"
Duplicate of #13325 Christopher Cope
03:34 PM pfSense Packages Bug #14096 (Resolved): Status_Traffic_Totals does not work on snapshots due to sqlite change
It looks like a recent change in sqlite broke vnstat which leads to Status_Traffic_Totals not working:
https://for...
Jim Pingle
02:05 PM pfSense Packages Bug #14094: HAProxy "Write to Disk" files not being saved
Christopher Cope wrote in #note-2:
> The files are not wrote unless HAProxy is enabled, and the backend / frontend a...
Ryan V
01:39 PM pfSense Packages Bug #14094 (Not a Bug): HAProxy "Write to Disk" files not being saved
Ryan V wrote:
> pfSense v2.6.0, HAProxy package v0.61_7.
>
> I am trying to save a map file via the Files tab in ...
Christopher Cope
12:34 PM pfSense Packages Bug #14094: HAProxy "Write to Disk" files not being saved
Replying to add that nothing helpful is showing in the logs found in Status > System Logs:... Ryan V
12:31 PM pfSense Packages Bug #14094 (Not a Bug): HAProxy "Write to Disk" files not being saved
pfSense v2.6.0, HAProxy package v0.61_7.
I am trying to save a map file via the Files tab in the HAProxy GUI. I ad...
Ryan V
01:57 PM Bug #14077: Kernel panic from incoming IPv6 connections
This looks similar to another crash we have been able to reproduce, and we're still working on a fix. I suspect it's ... Jim Pingle
01:41 PM Bug #14077: Kernel panic from incoming IPv6 connections
Hi.
I have rebuild the configuration and I may have some useful information.
First of all, some information on ...
Bruno Dambrine
01:54 PM Bug #13003: Malicious Driver Detection event on ``ixl(4)`` driver
Good afternoon.
We have tried updating the driver, disabling TSO, increasing queues, changing the interface... Wit...
Daniel Montealvaro
01:10 PM Bug #14095: Removing an interface group does not remove rules for the interface group
This isn't an alias problem, the alias code is doing what it should and preventing you from removing an item that's i... Jim Pingle
01:02 PM Bug #14095 (New): Removing an interface group does not remove rules for the interface group
If an Alias was used in a rule on an Interface Group, after removing the interface group, you won't be able to delete... Danilo Zrenjanin
12:30 PM pfSense Plus Bug #13981 (Resolved): PHP Error on ``status_interfaces.php`` with empty switch VLAN group configuration and assigned VLAN interfaces
Replicated the issue on SG-2100.... Danilo Zrenjanin
09:08 AM pfSense Packages Bug #14088 (Resolved): pfsense 2.7-dev pfSense-pkg-snort installation failed!
Jim Pingle
01:03 AM pfSense Packages Bug #14088: pfsense 2.7-dev pfSense-pkg-snort installation failed!
Yes, now I could install snort, thanks!!! Peter Moreno
09:08 AM Bug #11877 (New): Labels and description disappear in firewall_schedule_edit.php
Jim Pingle
12:13 AM Bug #11877: Labels and description disappear in firewall_schedule_edit.php
Tested on 23.01, It still disappears descriptions and labels. Lev Prokofev

03/10/2023

05:09 PM Revision 5efa3d45: Improve error handling in ACB. Fixes #14060
It wasn't printing a helpful message when it failed to decrypt a
configuration (e.g. using the wrong key).
Jim Pingle
04:51 PM Revision 404efa21: Resolve various PHP8 issues in ACB. Fixes #14076
Jim Pingle
03:28 PM Revision 94e26e56: Fix labels and description dissapear in firewall_schedule_edit.php, #11877
Christian McDonald
03:16 PM Revision a478307d: Start sshd after hosts and interfaces
Steve Wheeler
03:05 PM Revision 29cd08ea: Aliases config access refactor by brd
Christian McDonald
02:19 PM Feature #14093 (Rejected): Captive Portal permits user to authenticate / log into wrong vlan ID selected in freeRadius
The solution here is to set each portal to use the RADIUS server in a different way, either with a different NAS Iden... Jim Pingle
01:38 PM Feature #14093 (Rejected): Captive Portal permits user to authenticate / log into wrong vlan ID selected in freeRadius
When two or more separate Captive Portals use freeRadius for authentication and a user in freeRadius exists with a VL... Dale Harron
02:15 PM Bug #13851 (Resolved): DNS Resolver does not generate automatic ACLs for IPv6 when Network Interfaces is set to "All"
Jim Pingle
01:01 PM Bug #13851: DNS Resolver does not generate automatic ACLs for IPv6 when Network Interfaces is set to "All"
Tested on:
Version 23.01-RELEASE (amd64)
built on Fri Feb 10 20:06:33 UTC 2023
FreeBSD 14.0-CURRENT
patch suc...
Georgiy Tyutyunnik
12:55 PM Feature #13844: Make RADIUS Start/Stop accounting immediately log off a user that exceeds quota when reauthentication is disabled
I considered a separate redmine but this issue must be resolved simultaneous with this redmine as simply removing the... Dale Harron
12:21 PM Bug #14092: Kernel panic when PF passes a large/fragmented ICMP6 packet
The backtrace here looks the same as on #14077, they may be the same. Jim Pingle
08:35 AM Bug #14092 (Resolved): Kernel panic when PF passes a large/fragmented ICMP6 packet
With pf enabled and a rule to pass IPv6 ICMP, the kernel may panic when receiving and passing a large ICMP6 packet:
...
Jim Pingle
12:21 PM pfSense Packages Bug #14075: Using the ``Transparent ClientIP`` option in HAproxy results in kernel panics
This is likely a bug in ipfw, which was included in 23.01. 23.05 does not contain the ipfw kernel module.
23.01:
...
Christian McDonald
11:15 AM Bug #14060 (Feedback): Auto Config Backup prints a confusing decryption error when using the wrong key
Applied in changeset pfsense:commit:5efa3d459f07382c8ab9d487775f07cb1114e212. Jim Pingle
11:08 AM Bug #14060 (In Progress): Auto Config Backup prints a confusing decryption error when using the wrong key
It just can't decrypt the config because it isn't using the right encryption key. If you set the correct key then you... Jim Pingle
11:00 AM Regression #14076 (Feedback): PHP error if the configuration has an empty Auto Configuration Backup section
Applied in changeset commit:404efa211294c85fa497b756d494d41f1b0f658d. Jim Pingle
10:50 AM Regression #14076: PHP error if the configuration has an empty Auto Configuration Backup section
This one can also happen with the empty settings tag:... Jim Pingle
10:47 AM Regression #14076 (In Progress): PHP error if the configuration has an empty Auto Configuration Backup section
Jim Pingle
10:29 AM pfSense Plus Bug #14068 (Closed): Importing Chained Cert Data into the System --> Cert Manager --> Certificates Breaks Authentication
Kris Phillips wrote in #note-2:
> The message of "Unknown CA" is what pfSense is sending to the remote host. This w...
Jim Pingle
10:16 AM pfSense Plus Bug #14068: Importing Chained Cert Data into the System --> Cert Manager --> Certificates Breaks Authentication
Jim Pingle wrote in #note-1:
> Allowing multiple CAs in a single entry was always a hackish workaround for things th...
Kris Phillips
09:29 AM Bug #11877: Labels and description disappear in firewall_schedule_edit.php
Reapplied the patch. I was unable to rebase in GitLab.
Feedback now appreciated.
Christian McDonald
09:26 AM Bug #11877 (Feedback): Labels and description disappear in firewall_schedule_edit.php
Christian McDonald
08:44 AM pfSense Packages Bug #14088: pfsense 2.7-dev pfSense-pkg-snort installation failed!
I checked the Suricata port and it still uses luajit:luajit-openresty. Both work now. Christian McDonald
07:00 AM pfSense Packages Bug #14088: pfsense 2.7-dev pfSense-pkg-snort installation failed!
Christian McDonald wrote in #note-3:
> Thanks Bill for the history, that was helpful.
>
> I set the luajit-openre...
Bill Meeks
08:07 AM Bug #14035: PHP error when attempting to create a GIF interface when ``if_gif`` kernel module is not loaded
My configuration also has @<gifs></gifs>@ and I can create a new GIF OK. I still can't find a way to reproduce this r... Jim Pingle
07:25 AM Regression #14091 (Confirmed): The "Kill States" button does not work consistently
It doesn't seem to be about the destination, it works sometimes and not others.
I tried a few different states and...
Jim Pingle
03:49 AM Regression #14091 (Resolved): The "Kill States" button does not work consistently
Steps to reproduce
1)go to Dignostics=>States
2)Use the Filter expression field to filter using some known destinat...
Lev Prokofev
04:18 AM Bug #14034: PHP errors in ``xmlrpc.php`` during configuration synchronization if the target host has an empty XML tag for a given section
If no VIP is defined on the primary, after any XMLRPC action, it will create an empty <virtualip></virtualip> tag on ... Danilo Zrenjanin

03/09/2023

09:17 PM pfSense Packages Bug #14088 (Feedback): pfsense 2.7-dev pfSense-pkg-snort installation failed!
Thanks Bill for the history, that was helpful.
Honestly one of these days I need to audit the port options that we h...
Christian McDonald
07:54 PM pfSense Packages Bug #14088: pfsense 2.7-dev pfSense-pkg-snort installation failed!
Christian McDonald wrote in #note-1:
> This also impacts 23.05 snapshots.
>
> We currently build nginx with LUA supp...
Bill Meeks
04:43 PM pfSense Packages Bug #14088: pfsense 2.7-dev pfSense-pkg-snort installation failed!
This also impacts 23.05 snapshots.
We currently build nginx with LUA support (which we don't use). Snort also depend...
Christian McDonald
11:49 AM pfSense Packages Bug #14088 (Resolved): pfsense 2.7-dev pfSense-pkg-snort installation failed!
Hello.
I want to test snort on pfsense 2.7-dev latest version
But I receive this error:
>>> Installing pfSen...
Peter Moreno
05:55 PM Bug #14077: Kernel panic from incoming IPv6 connections
Bruno Dambrine wrote in #note-2:
> I have reinstalled the 6100 with the 23.01 to make sure that the issue is not lin...
Paul Kennedy
05:42 PM Bug #13325: System Information widget breaks with multiple instances
Just following up on this as this is STILL and ALSO occurring on the latest pfSense+ version 23.01. Larry Bernardo
02:45 PM pfSense Plus Bug #14090 (New): Significant State Creation Causes LACP, BGP, and Possibly Other Components to Temporarily Fail
When testing with a customer, when a remote host has a large number of new states being created, then transitioning t... Kris Phillips
12:34 PM Bug #14089 (Duplicate): System information widget bars operate incorrectly when widget is "split"
System information widget fields:
State table size
MBUF Usage
Temperature
Load average
CPU usage
Memory usage...
Georgiy Tyutyunnik
12:33 PM pfSense Docs Correction #14084 (Resolved): Feedback on Virtual Private Networks — OpenVPN — OpenVPN Configuration Options — Client Specific Overrides
I pushed a correction for this, it will be live in ~10-15 minutes when the build finishes. Jim Pingle
11:16 AM pfSense Docs Correction #14084: Feedback on Virtual Private Networks — OpenVPN — OpenVPN Configuration Options — Client Specific Overrides
It's actually working as it should in that case, but you are right the docs could use some clarity on that.
Withou...
Jim Pingle
05:46 AM pfSense Docs Correction #14084 (Resolved): Feedback on Virtual Private Networks — OpenVPN — OpenVPN Configuration Options — Client Specific Overrides
*Page:* https://docs.netgate.com/pfsense/en/latest/vpn/openvpn/configure-overrides.html
Using:...
Marius Popa
11:06 AM Bug #14087 (Duplicate): Adding CARP: Uncaught TypeError: Cannot access offset of type string on string in /usr/local/www/xmlrpc.php:399
Duplicate of #14034 Jim Pingle
10:44 AM Bug #14087 (Duplicate): Adding CARP: Uncaught TypeError: Cannot access offset of type string on string in /usr/local/www/xmlrpc.php:399
When I add a (my first) Virtual IP (CARP) I get an error on the secondary:... Michael Lipp
10:57 AM pfSense Packages Regression #14043 (Feedback): Netgate Firmware Upgrade fails to mount EFISYS
Fixed in plus as of 67fef1ab045a. /mnt and /boot/efi are both unmounted prior to mounting the ESP at /mnt. Reid Linnemann
07:35 AM Regression #14086 (Resolved): Current snapshot builds missing most kernel modules that were on previous builds/releases
At some point between March 1 and March 8 dev snapshot builds of CE 2.7.0 the kernel package lost 90% of its modules.... Jim Pingle
07:02 AM pfSense Plus Bug #14085 (New): QAT not working / same speed as AES-NI with CPIC-8955!
My post on the netgate forum, still no unanswer:
https://forum.netgate.com/topic/175096/ipsec-with-qat-low-performan...
Alexandru Racovita
06:30 AM Bug #14070: STUN or Override WAN address in UPnP breaks working port forwarding if WAN IP is Private IP
Simplified testing:
*Scenario 1.*
Upstream router gives pfsense a *Private IP in DMZ* on WAN.
UPnP settings in pfse...
Greger Blennerud

03/08/2023

06:57 PM pfSense Plus Regression #13895: Early boot hangs on Hyper-V with Gen2 VMs
I can't repro it in Win-11 Hyper-V. 4GB, ZFS, 3 NICs, ISO still attached.
In the loader prompt (option 3), can you...
Leon Dang
01:53 PM Bug #14070: STUN or Override WAN address in UPnP breaks working port forwarding if WAN IP is Private IP
Here's the "same" testing with some more details:
Testing is done in two difference scenarios, where the first has p...
Greger Blennerud
01:09 PM Bug #14083 (Resolved): Adding MSS and MTU values on a LAGG VLAN interface breaks connectivity
Steps to reproduce:
# Under Interfaces/WAN, define MTU 1480 and MSS 1440. Save and Apply the changes.
# Reboot th...
Danilo Zrenjanin
10:16 AM pfSense Docs Todo #14082 (Closed): Feedback on Network Address Translation — Port Forwards
That definitely is wrong as-is, it should be:... Jim Pingle
09:05 AM pfSense Docs Todo #14082 (Closed): Feedback on Network Address Translation — Port Forwards
*Page:* https://docs.netgate.com/pfsense/en/latest/nat/port-forwards.html#adding-port-forwards
*Feedback:*
The bu...
Steve Y
07:54 AM pfSense Plus Regression #14080: Installer fails to install to a geom mirror
Reid Linnemann wrote in #note-2:
> Do we want to cut the cord on UFS and just be done with it?
UFS is OK and not ...
Jim Pingle
07:34 AM Regression #14072: No working IPv6 gateway if upstream RA does not contain M or O flags because rtsold does not execute script
Ricardo Mendes wrote in #note-3:
> Since the current behaviour introduced by the update is what we'd consider to be ...
Jim Pingle
05:06 AM Regression #14072: No working IPv6 gateway if upstream RA does not contain M or O flags because rtsold does not execute script
Hi there,
I initially posted about this issue on the forums and would like to leave a suggestion here;
Since th...
Ricardo Mendes
07:06 AM pfSense Packages Feature #14081 (New): Nagios
Hello,
I have a problem with the netgate in version 23.01 for Nagio monitoring.
After researching the problem of...
Florian BELIARD
01:43 AM Bug #13003: Malicious Driver Detection event on ``ixl(4)`` driver
Good afternoon.
We have the same problem with our 1541.
We are in version 23.01.
The problem is that sometimes the...
Daniel Montealvaro

03/07/2023

11:02 PM pfSense Plus Regression #14080: Installer fails to install to a geom mirror
Do we want to cut the cord on UFS and just be done with it? Reid Linnemann
07:44 PM pfSense Plus Regression #14080: Installer fails to install to a geom mirror
You can get past that point by manually setting the UFS slice on the mirror to mount at @/@ though it still fails eve... Jim Pingle
06:12 PM pfSense Plus Regression #14080 (New): Installer fails to install to a geom mirror
The 23.01 installer fails to create the expected mount points when trying to reinstall UFS to an existing gmirror.
...
Steve Wheeler
03:28 PM Bug #14045: ``pfSense-boot`` can fail to copy the EFI bootloader
Merged to plus with merge commit 70bd508078 Reid Linnemann
12:21 PM pfSense Plus Bug #14074: Cannot edit or delete ZFS Boot Environment with a name containing only numbers
more experimentation
if i create a new environment with the same name as the old damaged ones (now 0 or 1) it create...
Mark Grant
12:10 PM Bug #14077: Kernel panic from incoming IPv6 connections
I have reinstalled the 6100 with the 23.01 to make sure that the issue is not linked to the upgrade.
I got the same ...
Bruno Dambrine
10:43 AM Regression #14072: No working IPv6 gateway if upstream RA does not contain M or O flags because rtsold does not execute script
Louis B wrote in #note-1:
> I also think the RA behavoir is not OK! See my form post https://forum.netgate.com/topic...
Jim Pingle
09:41 AM Regression #14072: No working IPv6 gateway if upstream RA does not contain M or O flags because rtsold does not execute script
I also think the RA behavoir is not OK! See my form post https://forum.netgate.com/topic/178423/some-doubts-about-rou... Louis B
08:51 AM pfSense Packages Bug #12399: WireGuard v0.1.5 - Tunnel Will Never Handshake Again After WAN Reset
Nunya Business wrote in #note-27:
> This problem has returned with the current version of the Wireguard package, 1.1...
Prime BDE

03/06/2023

09:44 PM Revision 8b8f94c7: Safely update efi loader from pfSense-boot. Fixes #14045
Alter pfSense-boot +INSTALL script to safely update the efi loader from
/boot/loader.efi. The update is now done with...
Reid Linnemann
04:39 PM Bug #14045: ``pfSense-boot`` can fail to copy the EFI bootloader
Merge to plus is still pending before this can be closed. Reid Linnemann
04:30 PM Bug #14045 (Feedback): ``pfSense-boot`` can fail to copy the EFI bootloader
Applied in changeset commit:8b8f94c7e10d9bc64d267eb8fb6f4280f13d3ab9. Reid Linnemann
04:33 PM pfSense Plus Bug #13967: aarch64 23.01 upgrade can fail to write the bootloader
Fix for this is introduced into pfSense-updgrade at revision 2c4bf3c in plus packages only at this time. pfSense-upgr... Reid Linnemann
04:32 PM Bug #14035: PHP error when attempting to create a GIF interface when ``if_gif`` kernel module is not loaded
We actually have the full config this is hitting this in Nextcloud.
The gif section is empty:...
Steve Wheeler
12:10 PM Bug #14035: PHP error when attempting to create a GIF interface when ``if_gif`` kernel module is not loaded
Jay Maynard wrote in #note-3:
> What information can I supply?
See my comment in #note-1 above.
Jim Pingle
11:34 AM Bug #14035: PHP error when attempting to create a GIF interface when ``if_gif`` kernel module is not loaded
What information can I supply? Jay Maynard
03:46 PM pfSense Plus Bug #14074: Cannot edit or delete ZFS Boot Environment with a name containing only numbers
did some more trials, and found if i just use the date as 20230306 it does it.
named it 20230306, the other day i na...
Mark Grant
09:38 AM pfSense Plus Bug #14074: Cannot edit or delete ZFS Boot Environment with a name containing only numbers
to get the initial issue;
what i did; i didnt read the limitation of what characters could be used, and used a "-"...
Mark Grant
07:17 AM pfSense Plus Bug #14074 (Feedback): Cannot edit or delete ZFS Boot Environment with a name containing only numbers
There must be some additional steps needed to replicate the problem. I tried a 23.01 system here and I could create a... Jim Pingle
02:53 AM pfSense Plus Bug #14074: Cannot edit or delete ZFS Boot Environment with a name containing only numbers
now that it has this new boot environment '0' if i try to edit it, it makes a new boot environment. Each time.
ho...
Mark Grant
03:09 PM Revision d24242c7: Handle IPsec P1 w/o valid proposals better. Fixes #14009
Jim Pingle
02:49 PM pfSense Docs Todo #14023 (Closed): Feedback on Releases — 23.01 New Features and Changes
I pushed updates to this section today which include updates for this text. They should appear when the build finishe... Jim Pingle
02:36 PM Bug #14009 (Resolved): PHP error from upgraded IPsec tunnel containing only deprecated ciphers
That fixed it. I am marking this ticket resolved. Danilo Zrenjanin
09:20 AM Bug #14009 (Feedback): PHP error from upgraded IPsec tunnel containing only deprecated ciphers
Applied in changeset commit:d24242c77ae420b9df0723ca6f1dab209e69c357. Jim Pingle
07:08 AM Bug #14009 (In Progress): PHP error from upgraded IPsec tunnel containing only deprecated ciphers
Jim Pingle
02:18 PM pfSense Packages Bug #14079 (Rejected): Debug descriptions misleading
The current text is correct. There is no need to suppress anything, it's clearly explained in the result string.
E...
Jim Pingle
01:28 PM pfSense Packages Bug #14079 (Rejected): Debug descriptions misleading
the purpose of the debug button is... Jon Brown
12:23 PM Bug #14061 (Not a Bug): PHP error if a non-privileged shell user attempts an operation which needs to write ``config.cache``
That really isn't viable. We'd have to potentially catch any/every PHP error or rewrite every call that might even po... Jim Pingle
10:09 AM Regression #14078: Traffic graph shows half actual throughput when switching back to the graph
'Clear graphs when not visible' must be selected. Steve Y
10:08 AM Regression #14078 (Confirmed): Traffic graph shows half actual throughput when switching back to the graph
When switching back to the traffic graph page, the graph restarts as designed but the data shown is now half actual.
...
Steve Y
07:38 AM Bug #14077: Kernel panic from incoming IPv6 connections
There must be some other required component to replicate this. I've not seen a panic like this on the 6100 at my edge... Jim Pingle
07:11 AM Regression #14053 (Resolved): Changing the default IPsec widget tab removes all widgets
Jim Pingle
07:10 AM Bug #14071 (Not a Bug): installing packages on 23.05
Jim Pingle
07:08 AM pfSense Plus Bug #14068 (Feedback): Importing Chained Cert Data into the System --> Cert Manager --> Certificates Breaks Authentication
Allowing multiple CAs in a single entry was always a hackish workaround for things that didn't support chains. Import... Jim Pingle
12:48 AM Feature #7746: Proxy NDP
Hi, All.
I have again asked for an ND Proxy implementation in Feature #14032.
Does anyone agree with me?
Yuki Hiramatsu

03/05/2023

07:43 PM Bug #14077 (Resolved): Kernel panic from incoming IPv6 connections
After upgrading to 23.01, the system crashes with the following test on a Netgate 6100:
* With a default configurati...
Marcos M
07:29 PM Regression #14076 (Resolved): PHP error if the configuration has an empty Auto Configuration Backup section
After upgrading to 23.01, the following is reported:... Marcos M
07:25 PM Feature #4681 (Resolved): AutoConfigBackup make a way to easily download a saved backup
This functionality now exists. Marcos M
07:14 PM pfSense Packages Bug #14075 (Not a Bug): Using the ``Transparent ClientIP`` option in HAproxy results in kernel panics
Report from a Netgate 7100 after upgrading to @23.01@.
Before disabling the @Transparent ClientIP@ option in hapro...
Marcos M
03:43 PM pfSense Plus Regression #13895: Early boot hangs on Hyper-V with Gen2 VMs
This can be replicated on Azure as well. Deploy a new pfSense+ 23.01 Gen 2 VM on Azure with a size which allows addin... Marcos M
03:38 PM pfSense Plus Bug #14074: Cannot edit or delete ZFS Boot Environment with a name containing only numbers
Are you able to replicate this reliably? If so, please detail the steps to do so. Marcos M
03:18 PM pfSense Plus Bug #14074 (Resolved): Cannot edit or delete ZFS Boot Environment with a name containing only numbers

i just created a new boot environment, but it apparently didnt like the name i gave it and set it to '0'
It cann...
Mark Grant
01:52 PM pfSense Packages Bug #14058: Update vendor=on triggers installation failure
Thanks Chris. Let’s wait and see then. Jan-Peter Koopmann
01:34 PM Bug #14061 (New): PHP error if a non-privileged shell user attempts an operation which needs to write ``config.cache``
It would be preferable to add better error handling for these kinds of PHP errors, and ideally show a more useful ale... Marcos M
04:24 AM Regression #13381: Software VLAN tagging does not work on ``ixgbe(4)`` interfaces
Steve Wheeler wrote:
> VLAN tagged traffic fails on an ix NIC if hardware vlan tagging is disabled.
> For example:
...
Nicolas Embriz
01:53 AM Regression #14053: Changing the default IPsec widget tab removes all widgets
Tested on
23.01-RELEASE (amd64)
built on Fri Feb 10 20:06:33 UTC 2023
FreeBSD 14.0-CURRENT
After apply the pat...
aleksei prokofiev

03/04/2023

08:17 PM pfSense Packages Todo #14073 (Confirmed): Shalla block list is offline but still available in pfBlocker
The Shalla Services blocklist went offline permanently in January 2022. It's still available as a list option in the ... Chris W
07:40 PM Bug #14056: DNS Resolver experiences intermittent resolution failures with SSL over TLS due to ASLR
I have successfully been using DNSoTLS with 1.1.1.2/security.cloudflare-dns.com for some time and have temporarily sw... Jordan G
07:23 PM Regression #14057 (Resolved): Dynamic gateway names use mixed case instead of upper case, leading to configuration mismatches
Tested on... Christopher Cope
07:09 PM Regression #14016 (Resolved): FreeBSD default ``cron`` jobs are enabled when they should be disabled
Tested on... Christopher Cope
06:29 PM Regression #14010 (Resolved): Typo in ``filter.inc`` variable for DHCPv6 VLAN priority tag value
Tested on... Christopher Cope
04:35 PM pfSense Packages Bug #14019 (Resolved): PHP Error: /usr/local/pkg/avahi/avahi.inc:76
Tested on 2.2_4. I don't see reproduction steps, so I'm assuming this was triggered on install or when navigating to... Kris Phillips
03:58 PM Bug #14071: installing packages on 23.05
Repos for 23.05 are not public at this time, which will cause the issue described here. This can be closed as not a ... Kris Phillips
01:57 PM Bug #14071 (Not a Bug): installing packages on 23.05

I am not able to install any package in 23.05
the error is attached
23.05-DEVELOPMENT (amd64)
built on Fri...
Alhusein Zawi
03:46 PM Regression #14072 (Resolved): No working IPv6 gateway if upstream RA does not contain M or O flags because rtsold does not execute script
On 23.01, rtsold is not firing the script at @/var/etc/rtsold_<if>_script.sh@ unless the router advertisement receive... Jim Pingle
01:09 PM Bug #14070 (New): STUN or Override WAN address in UPnP breaks working port forwarding if WAN IP is Private IP
I discovered some weird behavior when experimenting with UPnP - STUN and Override WAN address in a failover scenario ... Greger Blennerud
10:57 AM Feature #14069 (New): UPnP & NAT-PMP External Interface - multi select and/or gateway group
Using UPnP in a failover scenario with dual WAN does not work unless you manually change the External interface and r... Greger Blennerud
09:44 AM Bug #14009: PHP error from upgraded IPsec tunnel containing only deprecated ciphers
I applied the patch on:... Danilo Zrenjanin
08:54 AM Bug #14036 (Resolved): PHP error when the ``timeserver`` section of the configuration is empty
I could replicate the issue on the:... Danilo Zrenjanin
08:37 AM Bug #14065: UPnP not working when WAN IP is private IP range.
Greger Blennerud wrote in #note-4:
> Jim Pingle wrote in #note-3:
> > We've tried communicating with them before ab...
Greger Blennerud
07:51 AM Bug #14037 (Resolved): PHP Error enabling ICMP6 using EasyRule
I could replicate the issue on the:... Danilo Zrenjanin
07:05 AM pfSense Packages Bug #14058: Update vendor=on triggers installation failure
Yep very sure.
I even ran it through truss and watched the fetch calls be made and return successfully.
I waa a...
Christian McDonald
04:12 AM pfSense Packages Bug #14058: Update vendor=on triggers installation failure
Are you sure you selected „update vendor list“ in the arpwatch settings before trying to reproduce it? Jan-Peter Koopmann
 

Also available in: Atom