Activity

30 days up to

User

Subprojects

Activity

From 03/04/2023 to 04/02/2023

04/02/2023

09:01 PM Todo #14231 (Rejected): Set net prefix to /24 by default when add new net: Dear pfSense stuff:
In DNS Resolver ACL configuration page set net prefix to /24 by default when add new net.
(... Sergei Shablovsky
03:21 PM pfSense Packages Bug #14230: PHP error with pfBlockerNG: As a workaround, use the @System Patches@ package to apply the following patch (set @Path Strip Count@ to @0@).... Marcos M
03:11 PM pfSense Packages Bug #14230 (New): PHP error with pfBlockerNG: On @pfBlockerNG-3.2.0_3@ and @pfSense-23.01@.... Marcos M
11:33 AM Bug #13996: Limiters using the fq_pie scheduler no longer pass any traffic.: I am not the only one with the problem: https://forum.netgate.com/topic/177555/fq_pie-no-internet?_=1680451711804
... Anonymous
10:52 AM Bug #14227 (Duplicate): Traffic Shaper - selected scheduler not recognized: Marcos M
12:17 AM Bug #14227: Traffic Shaper - selected scheduler not recognized: looking at diagnostic>limiter info displays a limiter with tail drop/FIFO above the AQM/scheduler that are modifiable... Jordan G
12:09 AM Bug #14227 (Duplicate): Traffic Shaper - selected scheduler not recognized: Limiter created and enabled with a child queue enabled, both saved and applied. Make change and save parent limiter, ... Jordan G
10:51 AM pfSense Packages Bug #14075 (Feedback): Using the ``Transparent ClientIP`` option in HAproxy results in kernel panics: The original report was from a customer's system, however I have not been able to reproduce this either on 23.01 nor ... Marcos M
10:13 AM pfSense Plus Bug #14224 (Duplicate): Error when deleting Boot Environment that was the source for a clone: Marcos M
06:54 AM pfSense Docs Todo #14225: Feedback on Packages — IDS / IPS — Configuring the Snort Package: Should of added, there are 4 policies and *Max-Detect* is not mentioned on the help page Jon Brown
05:25 AM pfSense Docs Todo #14225: Feedback on Packages — IDS / IPS — Configuring the Snort Package: this snort page lists the different policies but also gives a warning that the *Max-Detect* should only be used in te... Jon Brown
05:45 AM pfSense Docs Todo #14229: Snort - Add help page for SID MGMT: Sticky topics - https://forum.netgate.com/category/53/ids-ips Jon Brown
05:43 AM pfSense Docs Todo #14229 (New): Snort - Add help page for SID MGMT: there is no help page for
* https://x.x.x.x/help.php?page=snort/snort_sid_mgmt.php
* Services --> Snort --> SID M... Jon Brown
03:43 AM pfSense Packages Bug #14228 (Resolved): pfBlockerNG might not support new Maxmind license keys: https://dev.maxmind.com/geoip/release-notes/2023?lang=en#changes-to-maxmind-license-keys
* New license keys will b... Jon Brown
03:08 AM pfSense Packages Feature #13195: Dedicated website for Feed mangement - Community Driven: or the website could be website where end users (me and others) can add feeds and report dead feeds that would then b... Jon Brown
03:06 AM pfSense Packages Feature #14193: Website to add and remove feeds automatically: duplicate of #13195 - close this one Jon Brown

04/01/2023

10:52 PM pfSense Docs Todo #14226 (New): Feedback on Packages — IDS / IPS — Configuring the Snort Package: *Page:* https://docs.netgate.com/pfsense/en/latest/packages/snort/setup.html
*Feedback:* The docs seem to unnecess... Ashley R. Thomas
08:58 PM Feature #13868: Allow packet capture on unassigned interfaces: Danilo Zrenjanin wrote in #note-4:
> I tested the commit da2879b467746b43c8b8687700b6d7f34d4fd302 against the 22.05 ... Kris Phillips
08:49 PM pfSense Packages Todo #14221: Sync settings and inline documentation needs improving: >>http is insecure because your password will be transmitted in plain text so use https
Not sure it's relevant to ... Kris Phillips
03:35 AM pfSense Packages Todo #14221 (New): Sync settings and inline documentation needs improving: This inline notes on the sync page (Firewall --> pfBlockerNG --> Sync) need improving.
* *Add: Allow Sync Pushes*
... Jon Brown
08:41 PM pfSense Plus Bug #14168: OpenVPN status GUI cannot display RADIUS ACL Generated Ruleset with usernames containing an ``@`` symbol: Jim Pingle wrote in #note-1:
> Is this newly broken in 23.01 (regression) or has it never worked, even on older vers... Kris Phillips
08:36 PM pfSense Plus Bug #14224: Error when deleting Boot Environment that was the source for a clone: Confirmed on 23.01. The boot environment deletes, but throws the error, so it appears to be cosmetic in nature, than... Kris Phillips
12:14 PM pfSense Plus Bug #14224 (Duplicate): Error when deleting Boot Environment that was the source for a clone: Steps to reproduce.
1. Navigate to System > Boot Environments
2. Create New Boot Environment
3. Clone that n... Christopher Cope
08:34 PM pfSense Packages Bug #14218: Deleting a shellcmd entry results in a PHP error and crash report: A diff of the merge request fixes the problem when applied as a system patch. Deleting a shellcmd job doesn't give an... Chris W
10:08 AM pfSense Packages Bug #14218 (Pull Request Review): Deleting a shellcmd entry results in a PHP error and crash report: https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/334 Christopher Cope
03:20 PM Bug #13996 (Not a Bug): Limiters using the fq_pie scheduler no longer pass any traffic.: Chris W
03:19 PM Bug #13996: Limiters using the fq_pie scheduler no longer pass any traffic.: I'm unable to reproduce this on a virtual machine which was upgraded to 23.01 from 22.05 (and to 22.05 from 22.01 pre... Chris W
02:02 PM pfSense Docs Todo #14225 (New): Feedback on Packages — IDS / IPS — Configuring the Snort Package: *Page:* https://docs.netgate.com/pfsense/en/latest/packages/snort/setup.html
*Feedback:*
the following statemen... Jon Brown
01:55 PM pfSense Packages Bug #11477: FRR does not recognize some BFD options: not exist
frr 1.2_3
pfsense 23.01 Alhusein Zawi
12:16 PM pfSense Plus Bug #14074 (Resolved): Cannot edit or delete ZFS Boot Environment with a name containing only numbers: Did some more testing. The other error seems to be unrelated to this issue. I created another redmine to track it. ht... Christopher Cope
11:17 AM pfSense Packages Bug #14223 (New): Block Offenders - Incorrect statement/description: The description on the options 'Block Offenders' is incorrect for 'inline mode' but still valid for 'Legacy Mode'
... Jon Brown
10:55 AM pfSense Packages Bug #14220: pfBlockerNG does not sync to HA secondary: Apparently my search for "sync" wasn't good enough. Apologies for the dupe. Steve Y
06:46 AM pfSense Packages Bug #14220: pfBlockerNG does not sync to HA secondary: I alreay created a bug for it, see https://redmine.pfsense.org/issues/14189 .
No feedback yet, if someone is even ... name name
07:08 AM Bug #14031: Identical SMTP notifications repeat in an infinite loop under certain conditions: I can confirm the fix is working for me. I don't see any repeats anymore. Thanks Jim! Haraldinho D
04:37 AM Feature #14222 (New): Add additional checks to admin account when disabling - Prevent lockouts: Currently on a fresh copy of pfSense and only an admin account I am able to disable this 'admin' account. This is a p... Jon Brown
02:32 AM Todo #14183: Update OpenVPN Wizard to match current certificate and OpenVPN options: Changeset tested on... Lev Prokofev

03/31/2023

06:58 PM Regression #14217: IPsec Phase 2 rekey failures with some PFS key groups: Rekeying appears to work OK using PFS group 18 in IKEv1. Though it doesn't remove old rekeyed SAs.... Steve Wheeler
01:50 PM Regression #14217: IPsec Phase 2 rekey failures with some PFS key groups: When rekeying from 2.7 against 2.6 the remote side accepts the rekeys and installs the new child_SA. But the local si... Steve Wheeler
12:41 PM Regression #14217 (Confirmed): IPsec Phase 2 rekey failures with some PFS key groups: Seeing this between a 2.7 VM and 23.01 on a 5100.
Tunnel rekeys as expected using PFS key group 14 but fails after... Steve Wheeler
11:15 AM Regression #14217: IPsec Phase 2 rekey failures with some PFS key groups: Jim Pingle wrote in #note-1:
> Is this tunnel mode or VTI?
This behavior is on both tunnel and VTI. Logs are for VTI... Georgiy Tyutyunnik
10:36 AM Regression #14217: IPsec Phase 2 rekey failures with some PFS key groups: Is this tunnel mode or VTI?
Are those logs in forward or reverse order? They seem to be in reverse which makes re... Jim Pingle
10:24 AM Regression #14217 (Resolved): IPsec Phase 2 rekey failures with some PFS key groups: IPSec phase 2 with some specific PFS key groups fails to rekey with the following logs message:
Mar 31 12:47:14 ch... Georgiy Tyutyunnik
05:30 PM Regression #14139: CARP announcement src MAC should be virtual MAC: Looking good on 2.7.0.a.20230331.1347, these are virtual src MACs coming from the MASTER:
tcpdump -e -i
00:13:3... Robert Karsai
09:08 AM Regression #14139 (Ready To Test): CARP announcement src MAC should be virtual MAC: The fix has been merged and will be present in future snapshot builds. Kristof Provost
05:27 PM pfSense Packages Bug #14220 (Duplicate): pfBlockerNG does not sync to HA secondary: After making changes they are not replicated to the secondary. E.g. on /pfblockerng/pfblockerng_ip.php check "kill s... Steve Y
04:28 PM pfSense Packages Bug #14218 (Resolved): Deleting a shellcmd entry results in a PHP error and crash report: 1. Install the shellcmd package from System > Package Manager.
2. Services > shellcmd >
Command: ... Chris W
02:43 PM Bug #14212: Using limiters and VLANs crashes with kernel panic: Jim Pingle wrote in #note-3:
> Bug reports must be for the current version or snapshots, not outdated releases. It's... Diogo Silva
02:28 PM Bug #14212 (Rejected): Using limiters and VLANs crashes with kernel panic: Bug reports must be for the current version or snapshots, not outdated releases. It's entirely possible this has alre... Jim Pingle
12:53 PM Bug #14212: Using limiters and VLANs crashes with kernel panic: Jim Pingle wrote in #note-1:
> What version are you using?
>
> Can you replicate the problem on development snaps... Diogo Silva
07:17 AM Bug #14212 (Incomplete): Using limiters and VLANs crashes with kernel panic: What version are you using?
Can you replicate the problem on development snapshots?
At a minimum we are going t... Jim Pingle
05:30 AM Bug #14212 (Rejected): Using limiters and VLANs crashes with kernel panic: This problem was reported way on the past, at the time I ended up stopping using TS and lost track of this. Now I end... Diogo Silva
01:00 PM Bug #14124 (Resolved): Some blank SAN fields are not ignored when creating a certificate: !clipboard-202303311957-pkspm.png!
The patch clarifies the function of add button. I am marking this ticket resolved. Danilo Zrenjanin
10:28 AM Bug #14118: freeRadius "Amount of Time" setting is not accurately tracked for Stop/Start settings in Caaptive Portal: re: 23.01 mid Feb release: Although the $rastart_time and $rastop_time are set around line 684 for the call to line 2... Dale Harron
09:05 AM Regression #13943 (Ready To Test): OpenVPN crashes with Signal 8 with very low fragment size: Future snapshots will have OpenVPN 2.6.2, which contains the fix. Kristof Provost
08:54 AM Bug #14216 (New): ntopng causes OpenVPN server errors 'error - IP packet with unknown IP version=15 seen' when OpenVPN server interface is selected: If the OpenVPN server interface is selected in the ntopng 'General Options' - 'Interfaces', it causes thousands of Op... Damir Altus
07:58 AM Regression #14164 (Feedback): IPv6 interface configuration race condition can lead to kernel panic: Let's keep this in a feedback state for a bit so we can confirm it's fixed in snapshots.
Jim Pingle
07:46 AM Todo #14210: Proposed new Icons for Logs to make for more logical reading: I'm open to changing the icons but personally I don't find either of those any better/worse than the current icons.
... Jim Pingle
04:51 AM Todo #14210 (New): Proposed new Icons for Logs to make for more logical reading: On the firewall logs (Status --> System Logs --> Firewall --> normal view) and probably elsewhere you use the followi... Jon Brown
07:22 AM Todo #14209 (Closed): Update Time Zone data to 2023c or later: This was merged in yesterday when we synced the tree with upstream and should be in today's snapshots.
Jim Pingle
03:50 AM Todo #14209 (Closed): Update Time Zone data to 2023c or later: Hi,
Egypt decided to return to daylight saving in 2023
tzdata need to be updated to 2023c
thanks and best regar... khaled osama
07:16 AM Feature #14213 (Rejected): Set range for random Gateway and network used for OpenVPN connections: The address assigned to a client is set by the server to which it connects or set static in the tunnel network field.... Jim Pingle
05:31 AM Feature #14213 (Rejected): Set range for random Gateway and network used for OpenVPN connections: When I create a new OpenVPN client (VPN --> OpenVPN --> Clients), assign it to an interface it becomes a gateway. The... Jon Brown
07:14 AM Todo #14215 (Closed): Redmine - Add CE to pfSense 2.6.0/2.7.0 Repo names for clarity: We can consider that for future versions but changing existing ones can have some unintended side effects.
Given t... Jim Pingle
06:11 AM Todo #14215 (Closed): Redmine - Add CE to pfSense 2.6.0/2.7.0 Repo names for clarity: Is it possible to add the *CE* to the 2.6.0 and 2.7.0 Redmine repo names so they follow your other products naming.
... Jon Brown
05:50 AM Feature #14214 (New): Add logging options to the GUI for DNS Resolver: This is a simple request to have the logging options to be added to the GUI for the DNS Resolver. The list below is n... Jon Brown
05:13 AM Todo #14211 (New): OpenVPN Status page (Stop|Start|Restart) - Use Ajax instead of full page reload.: (Status --> OpenVPN)
When I (Start|Stop|Restart) an OpenVPN service in any of the sections (Client Connections|Pee... Jon Brown
05:06 AM Bug #14136 (Resolved): Services Status page and Dashboard widget do not list the ``radvd`` service with certain static IPv6 configurations: I replicated the issue on 23.01.
Re-tested the same scenario on 2.7.0.a.20230330.0600, and it worked fine. I am ma... Danilo Zrenjanin
03:10 AM Bug #14176 (Resolved): Uptime displays plural seconds for multiple minutes in the System Information Dashboard widget: Tested on the 2.7.0.a.20230330.0600. It works fine.
I am marking this ticket resolved. Danilo Zrenjanin
03:03 AM pfSense Plus Regression #14137 (Confirmed): pfSense Plus Upgrade repo data remains on the system after upgradng: I hit that case and confirmed that the offered workaround fixes it. Danilo Zrenjanin

03/30/2023

10:27 PM Feature #14208: Automatic Split-DNS for 1:1 NAT: PR: https://github.com/pfsense/pfsense/pull/4630 Yehuda Katz
10:26 PM Feature #14208 (Pull Request Review): Automatic Split-DNS for 1:1 NAT: There is a well-known challenge of dealing with accessing public IP addresses from inside the network. The two existi... Yehuda Katz
04:46 PM Regression #14164 (Closed): IPv6 interface configuration race condition can lead to kernel panic: Fix landed upstream and locally after the merge Mateusz Guzik
02:45 PM pfSense Docs New Content #14170 (Closed): Radius Authentication Timeout: Note added and deployed: https://gitlab.netgate.com/docs/pfSense-docs/-/commit/961dbec8f6cfdf95313ee3aff4c33d67f5bc118b Jim Pingle
02:16 PM pfSense Packages Regression #13978: PHP errors with squidGuard: Additionally:... Steve Wheeler
01:51 PM pfSense Docs Todo #14207 (Resolved): Rate limiting on Chelsio T4/5 NICs: Chelsio T520-CR and T420-CR are unable to route speeds over 470mbps when updated to 23.01 code. Goes to full 1gb spee... Bruce Talbot
12:38 PM Revision 6f8ad15a: Fix memory RRD initialization. Fixes #14011: Jim Pingle
12:23 PM pfSense Docs Todo #14187 (Closed): Feedback on Certificate Management — Certificate Revocation List Management: Though the existing text states that they should check if it's in use and remove it from use before deleting, I added... Jim Pingle
11:54 AM pfSense Plus Bug #14206: package manager broken: Almost certainly this though: https://redmine.pfsense.org/issues/14137 Steve Wheeler
11:35 AM pfSense Plus Bug #14206 (Rejected): package manager broken: This site is not for support or diagnostic discussion.
For assistance in solving problems, please post on the "Net... Jim Pingle
11:19 AM pfSense Plus Bug #14206 (Rejected): package manager broken: newbe question *How do I remove pfsense plus upgrade? *
just upgraded to pfsense plus 23.01
when I click for availa... Douglas Pannell
10:52 AM pfSense Docs Todo #13968 (In Progress): Marvell install instructions need updated: I updated the 1100 and 2100 docs a couple weeks ago:
* https://gitlab.netgate.com/docs/pfsense-platforms/-/commit/... Jim Pingle
10:42 AM pfSense Docs New Content #13941 (In Progress): Memory usage in pfSense: First step, I updated the breakdown of memory types in the graph text:
https://gitlab.netgate.com/docs/pfSense-doc... Jim Pingle
10:37 AM pfSense Docs Correction #13987 (Closed): Monitoring system graphs need updated info about Nat States: Note added:
https://gitlab.netgate.com/docs/pfSense-docs/-/commit/04d2ec5dd76ba85922322f62c9fb67f58f64d47b
Jim Pingle
09:58 AM Regression #13942 (Resolved): PHP error on ``status_logs_settings.php`` if the configuration contains an empty ``syslog`` section: That was my bad. I probably didn't wait long enough for the system_package to finish the installation process after r... Danilo Zrenjanin
09:14 AM Regression #13942: PHP error on ``status_logs_settings.php`` if the configuration contains an empty ``syslog`` section: I tried again on a fresh snapshot and @<syslog></syslog>@ does not produce a crash. If you added a tag you might have... Jim Pingle
09:00 AM Regression #13942: PHP error on ``status_logs_settings.php`` if the configuration contains an empty ``syslog`` section: Danilo Zrenjanin wrote in #note-6:
> I applied the patch (8b962c6a752a654f2def293d93c102d2d20a6887) and then made a ... Jim Pingle
08:33 AM Regression #13942: PHP error on ``status_logs_settings.php`` if the configuration contains an empty ``syslog`` section: I applied the patch (8b962c6a752a654f2def293d93c102d2d20a6887) and then made a backup. I added an empty <syslog></sys... Danilo Zrenjanin
07:45 AM Todo #14011 (Feedback): Update memory graphs to account for changes in memory reporting: Applied in changeset commit:6f8ad15a0160bc1369e9fd4bcf3ac4c8462c9be7. Jim Pingle
07:34 AM Todo #14011 (In Progress): Update memory graphs to account for changes in memory reporting: Looks like the command that gets run at boot to put "unknown" values into the RRD (source:/src/etc/inc/rrd.inc#L642) ... Jim Pingle
07:19 AM pfSense Packages Bug #14203 (Rejected): Zabbix Agent 6.2 installation fails: The package installs fine (both agent and proxy) so whatever problem you are encountering is likely unique to your se... Jim Pingle
04:19 AM pfSense Packages Bug #14203 (Rejected): Zabbix Agent 6.2 installation fails: I see that this issue is reported a couple of times, i.e. https://redmine.pfsense.org/issues/13587 however it still p... Rajib Momen
07:05 AM pfSense Plus Feature #14205 (New): Allow for maximum concurrent users, per user, in captive portal: We have several schools who wish to impose how many devices are allowed to have access via the Captive Portal, per us... Alex Rubenstein
06:58 AM pfSense Plus Bug #14204 (Pull Request Review): System Information Dashboard widget stops showing CPU details on aarch64: Steve Wheeler
06:58 AM pfSense Plus Bug #14204: System Information Dashboard widget stops showing CPU details on aarch64: https://gitlab.netgate.com/pfSense/factory/-/merge_requests/97 Steve Wheeler
06:43 AM pfSense Plus Bug #14204 (Resolved): System Information Dashboard widget stops showing CPU details on aarch64: In aarch64 systems (1100, 2100) the system information widget gets CPU data by greping the strings from dmesg.
Howev... Steve Wheeler

03/29/2023

08:43 PM Bug #13252: reduce frequency of php-fpm socket connection attempts from check_reload_status: If it helps, I've experienced something similar in the past few days.
I got a report that "internet is down", but by... Konstantin Svist
07:32 PM Revision 8dcaa361: Remove deprecated/removed NCP toggle from OpenVPN. Fixes #14201: Jim Pingle
05:29 PM pfSense Packages Bug #14199: ACME - Issue with corrupted cert: Hi Jim .
My bad, I said HAProxy by mistake, I am using ACME for this, attached screenshot
Juan Francisco Rodriguez Garcia
11:57 AM pfSense Packages Bug #14199: ACME - Issue with corrupted cert: The attached configuration snippet isn't a valid configuration for ACME. I'm not sure how it ended up in that state, ... Jim Pingle
05:23 PM Bug #14077: Kernel panic from incoming IPv6 connections: Jim Pingle wrote in #note-13:
> Bruno Dambrine wrote in #note-12:
> > 1 - Can I install the last snapshop of pfsens... Bruno Dambrine
03:54 PM Bug #14077: Kernel panic from incoming IPv6 connections: I'm not proficient with FreeBSD package management so this is probably a dumb question, but is there any way to drop ... David Myers
04:03 PM Revision 0abc80b1: OpenVPN wizard updates. Fixes #14183: * Added Randomize Serial option when creating CA
* Added Common Name field to CA/Cert (still can use descr if blank)
... Jim Pingle
02:58 PM pfSense Packages Todo #14202 (Resolved): Rename exported OpenVPN connect files as "connect" rather than "ios": Some of the files have names that are not following the same rules as the rest. I have made corrections to some of th... Jon Brown
02:53 PM Revision 8b962c6a: Update direct config access in status_logs_settings.php. Fix #13942: Marcos M
02:40 PM Todo #14201 (Feedback): Remove deprecated NCP enable/disable toggle from OpenVPN: Applied in changeset commit:8dcaa3610c92aea930cc1fa631247ff2bce81e83. Jim Pingle
12:23 PM Todo #14201 (Resolved): Remove deprecated NCP enable/disable toggle from OpenVPN: CE snapshots now have OpenVPN 2.6.0 which removed the deprecated @ncp-disable@ option, making cipher negotiation comp... Jim Pingle
01:54 PM Revision 3706158f: Disble unmapped mbufs. #13938: Christian McDonald
01:01 PM Revision 7e7910fd: syslogd source interface corrections. Fixes #14120: * Do not attempt to use a source address when remote logging is
disabled.
* Do not attempt to use a source address ... Jim Pingle
11:10 AM Todo #14183 (Feedback): Update OpenVPN Wizard to match current certificate and OpenVPN options: Applied in changeset commit:0abc80b184bcf16387fb9befa1f5f4695280c561. Jim Pingle
11:03 AM Todo #14183 (In Progress): Update OpenVPN Wizard to match current certificate and OpenVPN options: Making this more general as there are a few other places that need updated as well. I went through and compared thing... Jim Pingle
10:02 AM pfSense Packages Bug #14200 (New): WireGuard reply-to without NAT: I have discovered that the WireGuard package requires the interface to have the gateway set for the reply-to rules to... Carrnell Tech
10:00 AM Regression #13942 (Feedback): PHP error on ``status_logs_settings.php`` if the configuration contains an empty ``syslog`` section: Applied in changeset commit:8b962c6a752a654f2def293d93c102d2d20a6887. Marcos M
08:56 AM Bug #13938 (Feedback): Kernel panic accessing the GUI over IPsec in certain environments when using nginx ``sendfile`` with unmapped mbufs: Christian McDonald
08:56 AM Bug #13938: Kernel panic accessing the GUI over IPsec in certain environments when using nginx ``sendfile`` with unmapped mbufs: That is a good point.
I've addressed this case too
https://gitlab.netgate.com/pfSense/pfSense/-/commit/3706158fe69c... Christian McDonald
08:40 AM Bug #13938: Kernel panic accessing the GUI over IPsec in certain environments when using nginx ``sendfile`` with unmapped mbufs: Seeing as this is a bug in mbuf handling, I would argue the thing to do is to flip the unmapped buf support off -- th... Mateusz Guzik
08:10 AM Regression #14120 (Feedback): ``syslogd`` tries to bind interfaces with no IP address: Applied in changeset commit:7e7910fded01a44a7ab1014e95bbfb0fbae709a8. Jim Pingle
07:46 AM Regression #14120: ``syslogd`` tries to bind interfaces with no IP address: Did this happen on previous versions or just on 23.01 and after?
EDIT: Nevermind, it probably did based on the code. ... Jim Pingle
08:08 AM Regression #14164 (In Progress): IPv6 interface configuration race condition can lead to kernel panic: Mateusz Guzik
08:08 AM Regression #14164: IPv6 interface configuration race condition can lead to kernel panic: Posted a review upstream: https://reviews.freebsd.org/D39317 Mateusz Guzik
07:32 AM Regression #14163: Running ``ifconfig`` logs a high volume of netlink debug messages (``genl_handle_message``) on dev snapshots: Updating subject and excluding from release notes since it was a regression introduced between snapshots and not in a... Jim Pingle

03/28/2023

05:34 PM pfSense Packages Bug #14199: ACME - Issue with corrupted cert: Attaching the Acme section of my config.xml backup which had this issue after upgrading to the new release on Feb 17 ... Jerold Von Hemel
04:55 PM pfSense Packages Bug #14199 (Resolved): ACME - Issue with corrupted cert: Hi team
After creating a new cert in HAProxy i got an timeout on the webui interface then receive this error:
P... Juan Francisco Rodriguez Garcia
05:22 PM Revision bfa5cfef: Skip blank SAN values, make + more clear. Fixes #14124: Jim Pingle
04:44 PM Revision 9d87553c: Fix radvd service check. Fixes #14136: Jim Pingle
03:48 PM Revision d588bb5c: Allow editing of CRL properties. Fixes #14185: Fixes editing of imported CRLs and also allows editing properties of
internal CRLs. Jim Pingle
03:00 PM Revision 663e29bb: Note that CA serial is ignored when randomizing. Fixes #14188: While here, when creating a CA, set the default serial to 1 since the
GUI won't allow saving with the serial remainin... Jim Pingle
02:36 PM Bug #14077: Kernel panic from incoming IPv6 connections: Bruno Dambrine wrote in #note-12:
> 1 - Can I install the last snapshop of pfsense CE on my netgate 6100 as I do wit... Jim Pingle
12:50 PM Bug #14077: Kernel panic from incoming IPv6 connections: Sorry, I have two questions.
1 - Can I install the last snapshop of pfsense CE on my netgate 6100 as I do with pfs... Bruno Dambrine
09:40 AM Bug #14077 (Feedback): Kernel panic from incoming IPv6 connections: A fix for this was merged into snapshots around the 17th. If possible, please upgrade to a current dev snapshot and s... Jim Pingle
02:33 PM Feature #14197 (Rejected): DHCP Leases - Add interface column: The lease database doesn't record the interface, and given the potential size of the leases display calculating that ... Jim Pingle
01:56 PM Feature #14197 (Rejected): DHCP Leases - Add interface column: Status --> DHCP Leases
Can you add an Interface column so the results can be sorted by interface and also this mak... Jon Brown
02:25 PM pfSense Packages Todo #14194: Better colours for alerts: Green and Red are also not great choices because some people are red/green color blind, so ideally whatever colors ar... Jim Pingle
01:32 PM pfSense Packages Todo #14194 (New): Better colours for alerts: on the page Firewall --> pfBlockerNG --> Reports --> unified (and others)
pfBlocker uses
* 'Red' for traffic st... Jon Brown
02:05 PM Feature #14198 (New): Allow gateway group with no members: I would like the option of having gateway groups with no members, or perhaps a null entry if needed.
h2. Why
I ... Jon Brown
01:50 PM pfSense Packages Feature #14196 (Incomplete): permitted firewall rules - additional text: Firewall --> pfBlockerNG --> DNSBL --> DNSBL Configuration --> Permit Firewall Rules
Can you add some additional i... Jon Brown
01:45 PM pfSense Packages Feature #14195 (New): Customise what are class as Full Domains when blocking with DNSBL: Currently when a DNSBL is Blocked you get one of 2 pages depending what was looked up. Most lookups will end up beeb ... Jon Brown
01:26 PM pfSense Packages Feature #14193 (Duplicate): Website to add and remove feeds automatically: I would like to see a website where end users (me and others) can add feeds and report dead feeds that would then be ... Jon Brown
01:15 PM Bug #14136: Services Status page and Dashboard widget do not list the ``radvd`` service with certain static IPv6 configurations: Jim Pingle wrote in #note-2:
> Took me a bit to find one but I was able to reproduce this on one system in my lab --... David Myers
11:50 AM Bug #14136 (Feedback): Services Status page and Dashboard widget do not list the ``radvd`` service with certain static IPv6 configurations: Applied in changeset commit:9d87553c55770db317d0f65f608933f4412af363. Jim Pingle
11:46 AM Bug #14136: Services Status page and Dashboard widget do not list the ``radvd`` service with certain static IPv6 configurations: Took me a bit to find one but I was able to reproduce this on one system in my lab -- the others already showed it OK... Jim Pingle
01:09 PM Revision c5faa351: Message queue handling improvements. Fixes #14031 Fixes #14061: * Do not attempt to process the message queue without sufficient
privileges.
* Check for permission to write the me... Jim Pingle
01:04 PM Bug #13487: GUI IPV6-WAN-status stays "Offline, Packetloss" after a short communication hick up: To be noted. In the actual 2.7 snapshot the IPV6 gateway is still relatively frequently changing to 'unavailable' Louis B
12:30 PM Bug #14124 (Feedback): Some blank SAN fields are not ignored when creating a certificate: Applied in changeset commit:bfa5cfef8125d4ba07db5aa481fd854978b20c63. Jim Pingle
11:22 AM pfSense Packages Feature #14192 (Rejected): Instant Website Redaction Technology Not working: Hello Fellow Netgate Community Members,
I wanted to share some topics for discussion and possibly create a communi... Jonathan Lee
10:55 AM Feature #14185 (Feedback): Ability to edit Certificate Revocation List properties: Applied in changeset commit:d588bb5c211c5e2fb9e00647bff206ac6c806c26. Jim Pingle
10:48 AM Feature #14185 (In Progress): Ability to edit Certificate Revocation List properties: Making this more general since while I was in there it was also not too hard to allow editing the lifetime and serial... Jim Pingle
04:59 AM Feature #14185: Ability to edit Certificate Revocation List properties: just a small followup that is related.
I created a CRL using 'import an existing certificate revocation list' and ... Jon Brown
10:10 AM Todo #14188 (Feedback): Add note to inform the user that the "Next Certificate Serial" value is ignored when the "Randomize Serial" option is enabled: Applied in changeset commit:663e29bb666388407c52fbb8d418ff24077bffe0. Jim Pingle
09:45 AM Regression #14163: Running ``ifconfig`` logs a high volume of netlink debug messages (``genl_handle_message``) on dev snapshots: For the record, this appears to be triggered by running @ifconfig@. So any page or action that ends up using ifconfig... Jim Pingle
09:39 AM Bug #14092 (Resolved): Kernel panic when PF passes a large/fragmented ICMP6 packet: Looks good to me. I cannot crash a current Plus 23.05 or CE 2.7.0 snapshot with a large ping packet as I could before... Jim Pingle
09:33 AM pfSense Packages Regression #14189: pfBlocker-NG: HA-Sync is not working: I understand, but I don't know what is "not" happening.
There are two choices when configuring Sync for pfBlockerN... name name
09:25 AM Bug #14061 (Feedback): PHP error if a non-privileged shell user attempts an operation which needs to write ``config.cache``: Applied in changeset commit:c5faa351c1ef6d4555478a7f50b3a16ece7e0b2a. Jim Pingle
08:13 AM Bug #14061: PHP error if a non-privileged shell user attempts an operation which needs to write ``config.cache``: The more I looked at this I'm fairly certain it's the same root cause as #14031 -- If an unprivileged user such as @n... Jim Pingle
09:25 AM Bug #14031 (Feedback): Identical SMTP notifications repeat in an infinite loop under certain conditions: Applied in changeset commit:c5faa351c1ef6d4555478a7f50b3a16ece7e0b2a. Jim Pingle
08:15 AM Bug #14031: Identical SMTP notifications repeat in an infinite loop under certain conditions: I was able to reproduce this on demand by triggering a notification from nut and a notification from the system short... Jim Pingle
07:08 AM Regression #14139 (Waiting on Merge): CARP announcement src MAC should be virtual MAC: Jim Pingle
05:43 AM pfSense Docs Todo #14191 (Rejected): Feedback on pfSense® software Configuration Recipes — OpenVPN Site-to-Site Configuration Example with SSL/TLS: *Page:* https://docs.netgate.com/pfsense/en/latest/recipes/openvpn-s2s-tls.html
*Feedback:*
Hi there,
I think ... EComputer Vision
02:56 AM Todo #14190 (Duplicate): Update nvd3 (web ui dependency) to 1.8.6: Updates and minifies nvd3 for better performance and some bug fixes.
PR: https://github.com/pfsense/pfsense/pull/4629 GChuf 6

03/27/2023

08:20 PM Regression #14139: CARP announcement src MAC should be virtual MAC: The bug is fairly obvious now. The check for multicast in carp_output() expects the IP address to be in host endianne... Kristof Provost
06:35 PM Regression #14139: CARP announcement src MAC should be virtual MAC: Actually, they do. Chris Linstruth
06:14 PM Regression #14139: CARP announcement src MAC should be virtual MAC: Switches do not learn what port to use based on the carp announcements, so that's not actually something to worry abo... Kristof Provost
08:40 AM Regression #14139: CARP announcement src MAC should be virtual MAC: Hi Jim, yes, master & backup states are OK, even the switchover is OK, however without the right announcements coming... Robert Karsai
08:38 AM Regression #14139: CARP announcement src MAC should be virtual MAC: Hmm, yeah, that could be fallout from the unicast carp work. In unicast mode we use the interface Mac as source (most... Kristof Provost
08:12 AM Regression #14139: CARP announcement src MAC should be virtual MAC: On @2.7.0.a.20230314.0600@ the CARP advertisement source MAC was still the CARP MAC, but on current snaps it is the i... Jim Pingle
07:14 PM pfSense Packages Regression #14189: pfBlocker-NG: HA-Sync is not working: Packages get updated directly, they don't get patches.
Also there is almost no detail here or on the linked forum ... Jim Pingle
05:31 PM pfSense Packages Regression #14189 (Closed): pfBlocker-NG: HA-Sync is not working: I'm not the only one with this problem.
See https://forum.netgate.com/topic/179060/pfblockerng-sync-not-working .
... name name
06:11 PM Regression #14163: Running ``ifconfig`` logs a high volume of netlink debug messages (``genl_handle_message``) on dev snapshots: As Christian said, these logs will go away with the next upstream merge.
They are harmless and can safely be ignored... Kristof Provost
06:09 AM Regression #14163: Running ``ifconfig`` logs a high volume of netlink debug messages (``genl_handle_message``) on dev snapshots: Hi, I think this is related: https://redmine.pfsense.org/issues/14139 CARP do have problems in the last few builds, t... Robert Karsai
05:28 PM pfSense Plus Regression #14181: ``mmcsd0`` controller timeout/system hang on 1100: I found mmc-utils but I'm sure if it can tell me about the health of the flash. What else can I do to test it? I reme... Craig Leres
10:23 AM pfSense Plus Regression #14181: ``mmcsd0`` controller timeout/system hang on 1100: I have seen the same thing on my 1100 but given the timing (could be hours, days, or even weeks between timeouts) it ... Jim Pingle
04:36 PM Revision 1e05389e: Capitalize "dns" in DynDNS ttl help text: Bojan Bogojevic
04:36 PM Revision e89ddfb9: Reorder DynDNS zone id help text alphabetically: Bojan Bogojevic
04:36 PM Revision f9f13d00: Reorder DynDNS pasxsowrd help text alphabetically: Bojan Bogojevic
04:36 PM Revision 6d610dde: Reorder DynDNS username help text alphabetically: Bojan Bogojevic
04:36 PM Revision d3d29594: Reorder DynDNS hostname help text alphabetically: Bojan Bogojevic
03:12 PM Bug #14031: Identical SMTP notifications repeat in an infinite loop under certain conditions: I can confirm I have this issue too _and_ I have nut installed. Actually, I am suffering from it now and can't reboot... Haraldinho D
02:56 PM Bug #14031 (Confirmed): Identical SMTP notifications repeat in an infinite loop under certain conditions: We've run up against issues like this with NUT before but not always a loop. See https://redmine.pfsense.org/issues/1... Jim Pingle
02:49 PM Bug #14031: Identical SMTP notifications repeat in an infinite loop under certain conditions: I do have nut installed on my system. It hasn't repeated the process since my last report; maybe its a rare sequence ... Paul Diederich
02:44 PM Bug #14031: Identical SMTP notifications repeat in an infinite loop under certain conditions: I finally had a system in my lab get stuck doing this, it was a fresh image of a 23.05 dev snapshot, restored a confi... Jim Pingle
02:53 PM Bug #13224 (Duplicate): Email notification flood when UPS (NUT) and WAN send notifications: Closing in favor of #14031 since it has more/better detail. Jim Pingle
02:18 PM Bug #14124: Some blank SAN fields are not ignored when creating a certificate: Jim Pingle wrote in #note-4:
> The "Add" button adds a new row to the form, it doesn't save or take any other action.... Mario Jauvin
07:34 AM Bug #14124: Some blank SAN fields are not ignored when creating a certificate: The "Add" button adds a new row to the form, it doesn't save or take any other action. It's working as intended and i... Jim Pingle
11:37 AM Todo #14186 (Feedback): Improve DynDNS help text readability: PR merged. Jim Pingle
09:12 AM Todo #14186: Improve DynDNS help text readability: Github PR link: https://github.com/pfsense/pfsense/pull/4628 Bojan Bogojevic
09:12 AM Todo #14186 (Resolved): Improve DynDNS help text readability: * To improve readability I've reordered hostname, username, password, zone id help texts alphabetically.
* Changed '... Bojan Bogojevic
11:27 AM pfSense Packages Todo #9200: Add DNS support for Google domain to Acme manager: Ryan Keen wrote in #note-9:
> It appears that Google Domains has added support for DNS-01 ACME Challenges using a to... Jim Pingle
11:02 AM pfSense Plus Bug #14074: Cannot edit or delete ZFS Boot Environment with a name containing only numbers: OK, it may still be worth a quick look to see if we can make that smoother in case users are stuck with the problem e... Jim Pingle
09:34 AM pfSense Plus Bug #14074: Cannot edit or delete ZFS Boot Environment with a name containing only numbers: just want to be precise so you dont spend time on this if you dont have to;
the patch fixed the issue regarding n... Mark Grant
07:27 AM pfSense Plus Bug #14074 (New): Cannot edit or delete ZFS Boot Environment with a name containing only numbers: The current patch was merged into dev builds last week, but since there is still an issue with the patch applied, mov... Jim Pingle
10:58 AM Bug #13423: IPv6 neighbor discovery protocol (NDP) fails in some cases: Matt Gaynor wrote in #note-18:
> Also facing this issue, with the same lack of NDP response from pfSense, IPv6 is un... Jim Pingle
09:15 AM Bug #13423: IPv6 neighbor discovery protocol (NDP) fails in some cases: Also facing this issue, with the same lack of NDP response from pfSense, IPv6 is unusable when using a non link-local... Matt Gaynor
10:47 AM Feature #14185: Ability to edit Certificate Revocation List properties: That should be fairly easy, not sure why it isn't there already unless something in the form structure of that page m... Jim Pingle
08:59 AM Feature #14185: Ability to edit Certificate Revocation List properties: the CRL buttons
!crl-buttons.jpg!
Jon Brown
08:54 AM Feature #14185 (Resolved): Ability to edit Certificate Revocation List properties: Can you add the option to rename a 'Certificate Revocation List'
h2. Scenario
I have made a list and then added... Jon Brown
10:43 AM Todo #14183: Update OpenVPN Wizard to match current certificate and OpenVPN options: I agree, we should either add that as an option or silently enable it by default.
That whole workflow is probably ... Jim Pingle
08:14 AM Todo #14183: Update OpenVPN Wizard to match current certificate and OpenVPN options: https://docs.netgate.com/pfsense/en/latest/certificates/ca.html... Jon Brown
08:00 AM Todo #14183 (Resolved): Update OpenVPN Wizard to match current certificate and OpenVPN options: When running the OpenVPN wizard (VPN --> OpenVPN --> Wizards --> Type of Server: Local User Access ) On step 6 of 11,... Jon Brown
10:41 AM Todo #14184 (Rejected): Redmine - Automatically subscribe the issue reporter: The only options there are in your own profile settings. There is no global option in Redmine to change that behavior.
Jim Pingle
08:06 AM Todo #14184 (Rejected): Redmine - Automatically subscribe the issue reporter: When I create an issue in Redmine I have to manually subscribe/watch.
Can you change the settings so when I report... Jon Brown
10:35 AM Bug #14182: PHP error when XMLRPC client attempts to synchronize without any synchronization settings in the configuration: The only way I can see that error happening is if the HA sync settings in the configuration are empty, which isn't va... Jim Pingle
04:30 AM Bug #14182 (Closed): PHP error when XMLRPC client attempts to synchronize without any synchronization settings in the configuration: After upgrading to 23.01 the FreeRADIUS XMLRPC Sync get PHP error. ... aleksei prokofiev
10:31 AM pfSense Plus Bug #13967 (Resolved): aarch64 23.01 upgrade can fail to write the bootloader: Jim Pingle
10:30 AM Regression #14138 (Feedback): Kernel Panic in ``rtsock_msg_mbuf``: Is the backtrace always the same?
Is there anything else going on when this happens?
In the message buffer it l... Jim Pingle
10:13 AM pfSense Plus Bug #14140 (Not a Bug): OpenVPN Custom Options removes newline before push statements: Not a bug. Statements must be separated with a *semicolon* , not a newline.
This is stated clearly in the descript... Jim Pingle
10:10 AM pfSense Plus Regression #14180 (Feedback): ConnectX-4 LX MCX4121A-ACAT - VT-d passthrough of both ports, virtualized pfSense fails to boot due to mlx5 driver errors: The error messages are different so this may not be the case, but over on the TNSR side we have seen behavior changes... Jim Pingle
10:00 AM Feature #14177: tcprtt Measures the TCP handshake RTT using the stats(9) statistics framework: If we do include this it should also warn against using it arbitrarily, since some public services may also not react... Jim Pingle
09:56 AM Bug #9459: patch pf: silence a runtime warning pfr_update_stats: assertion failed.: Given the age of the original issue this was likely fixed before and then regressed in a later version. Please make a... Jim Pingle
09:56 AM pfSense Docs New Content #14174: Feedback on Certificate Management — Certificate Authority Management: see https://forum.netgate.com/topic/179007/add-this-certificate-authority-to-the-operating-system-trust-store/5?_=167... Jon Brown
09:49 AM pfSense Docs New Content #14174 (Rejected): Feedback on Certificate Management — Certificate Authority Management: The current text already covers the second point and the first point is irrelevant.
The text already says "When ad... Jim Pingle
09:55 AM Bug #14176 (Feedback): Uptime displays plural seconds for multiple minutes in the System Information Dashboard widget: MR merged Jim Pingle
09:52 AM pfSense Plus Bug #14175: LDAP authentication for SSH fails: Did the same configuration work before 23.01?
Jim Pingle
09:37 AM Todo #14188 (Resolved): Add note to inform the user that the "Next Certificate Serial" value is ignored when the "Randomize Serial" option is enabled: When editing or creating a CA you have the option to 'Randomize Serial'. When this is used the 'Next Certificate Seri... Jon Brown
09:36 AM pfSense Plus Feature #14173: QAT driver does not attach to QAT virtual function devices passed through to VM on Xeon D-2146NT: Hi Jim,
thank you for looking into it.
I'm already in contact with the Intel QAT driver team, to see if the fau... name name
09:30 AM pfSense Plus Feature #14173 (Needs Patch): QAT driver does not attach to QAT virtual function devices passed through to VM on Xeon D-2146NT: If it fails on FreeBSD 14-CURRENT then it needs fixed upstream first and we can pull in the fix from there. It could ... Jim Pingle
09:26 AM pfSense Docs Todo #14187 (Closed): Feedback on Certificate Management — Certificate Revocation List Management: *Page:* https://docs.netgate.com/pfsense/en/latest/certificates/crl.html#delete-a-certificate-revocation-list
*Fee... Jon Brown
09:21 AM pfSense Plus Regression #14171 (Not a Bug): High Availability Setup with Gateway to secondary pfSense not working - No Internet: This is not and will not be a supported CARP configuration. WANs must be static using CARP for CARP to function prope... Jim Pingle
09:19 AM Bug #14169 (Not a Bug): OpenVPN Backend for authentication doesn't distinguish reject from timeout: This is not a bug, it's intended behavior.
When an auth server is down or fails it may either timeout, reject acce... Jim Pingle
09:17 AM pfSense Plus Bug #14168: OpenVPN status GUI cannot display RADIUS ACL Generated Ruleset with usernames containing an ``@`` symbol: Is this newly broken in 23.01 (regression) or has it never worked, even on older versions?
Jim Pingle
09:14 AM Feature #14166: Use netstat output for interface packet counters: Also netstat has libxo support so getting the data should be fairly simple (e.g. @netstat -ni --libxo=json@) Jim Pingle
09:08 AM Feature #14165: Option to allow the DNS Forwarder to ignore system DNS servers: That isn't a use case that should have worked before, it just happened to work by accident. Adding an option to accom... Jim Pingle
09:06 AM Bug #14060 (Resolved): Auto Config Backup prints a confusing decryption error when using the wrong key: Jim Pingle
08:54 AM Feature #14156 (Rejected): See the configured .opvn file from the GUI for the OpenVPN servers: Exposing that level of backend config data in the GUI would be more confusing and rarely help users solve problems. A... Jim Pingle
08:53 AM pfSense Packages Todo #14155 (Rejected): 'Block Outside DNS' option is present in the server and on the client: The two options cover different scenarios: The option in the base pushes to all clients, the option in the client exp... Jim Pingle
08:42 AM pfSense Docs Correction #14143: Feedback on System Monitoring — Remote Logging with Syslog: I thought the syslog-ng information was relevant because it would clear up when to use remote logging to a separate s... Jon Brown
08:37 AM pfSense Docs Correction #14143: Feedback on System Monitoring — Remote Logging with Syslog: Updating the links is OK, but adding more info on syslog-ng should go in its own separate doc somewhere. It doesn't c... Jim Pingle
08:39 AM Feature #14144: Improve support for renaming interface groups: This may end up being related to #14095 -- or at least overlapping somewhat. Jim Pingle
08:32 AM pfSense Packages Bug #14142 (Rejected): PHP errors in OpenVPN Client Export package: Christopher is right, it looks like the package needs updating because @vpn_openvpn_export_shared.php@ is removed on ... Jim Pingle
08:14 AM pfSense Packages Bug #14141 (Rejected): pfsense 2.6.0 -pfSense-pkg-squid installation failed!: This isn't a bug, but a problem with your current update settings. This site is not for support or diagnostic discuss... Jim Pingle
08:09 AM pfSense Plus Bug #14132: Aliases of the same name current as previously deleted will not be respected properly: Thanks for the update. You sparked an idea about not everything being removed when an Alias is changed.
I'm goin... Steven Cedrone
07:55 AM pfSense Plus Bug #14132 (Not a Bug): Aliases of the same name current as previously deleted will not be respected properly: There isn't nearly enough evidence here of a bug and not something else happening in the configuration or existing st... Jim Pingle
08:04 AM pfSense Plus Feature #14134: Notifier on main dashboard for other updates availble: Packages / System Patches (if installed) Under the PfSense current Version.: Jim Pingle wrote in #note-1:
> There is already a packages widget which shows available package updates.
My apolo... Steven Cedrone
07:56 AM pfSense Plus Feature #14134 (Rejected): Notifier on main dashboard for other updates availble: Packages / System Patches (if installed) Under the PfSense current Version.: There is already a packages widget which shows available package updates. Jim Pingle
07:59 AM pfSense Plus Bug #14135 (Rejected): iOT Devices not reconnecting properly: There isn't any evidence here of a bug in pfSense. Myself and many others use various IOT devices in many different w... Jim Pingle
07:53 AM pfSense Packages Feature #14126: Quality monitoring graph scale adjustment: Moving over to the graph frontend location since I'm fairly certain if it can be changed, it's in the parts located i... Jim Pingle
07:32 AM Bug #14115: DHCP Server page does not properly select a default interface tab if neither WAN nor LAN are capable of being DHCP servers: Looks like one test is reversed when it's trying to locate the starting interface. I don't have a setup to test this ... Jim Pingle

03/26/2023

06:29 PM Regression #14138: Kernel Panic in ``rtsock_msg_mbuf``: It's the exact same hardware I ran the previous version on, with no changes to hardware or BIOS settings. The problem... Stephen Baines
05:46 AM Bug #9577: radvd send_ra_forall failed on interface / can't join ipv6-allrouters: This problem returned for me after updating to pfSense 2.6.0.
Immediately after starting radvd, it starts spamming... Lars Veldcholte

03/25/2023

09:40 PM Bug #8343 (Resolved): Gateway Routes (Default Routes) not removed in Kernel when removed from GUI: disabling/disconnecting the WAN_DHCP interface will remove the default route
tested on
2.7.0-DEVELOPMENT (amd... Alhusein Zawi
08:48 PM pfSense Plus Bug #13967: aarch64 23.01 upgrade can fail to write the bootloader: This has been working for over a week now without issue. We can close this as Resolved. Kris Phillips
08:44 PM Regression #14138: Kernel Panic in ``rtsock_msg_mbuf``: Did this start after updating or something? General Protection Fault is almost always hardware failure or a hardware... Kris Phillips
08:05 PM pfSense Plus Regression #14181: ``mmcsd0`` controller timeout/system hang on 1100: Well I'm running on a completely different SG-1100 now so I'll wait and see if the problem reoccurs before the next v... Craig Leres
07:23 PM pfSense Plus Regression #14181: ``mmcsd0`` controller timeout/system hang on 1100: I haven't seen this with any other firewalls or on my personal Netgate 1100. I suspect you might have a fault eMMC t... Kris Phillips
05:00 PM pfSense Plus Regression #14181: ``mmcsd0`` controller timeout/system hang on 1100: Oops, I'm actually running 23.01. Craig Leres
02:26 PM pfSense Plus Regression #14181: ``mmcsd0`` controller timeout/system hang on 1100: Craig Leres wrote:
> I've attached two serial console stack traces.
Here's one more crash from a few minutes ago,... Craig Leres
12:28 PM pfSense Plus Regression #14181 (Closed): ``mmcsd0`` controller timeout/system hang on 1100: Several times since upgrading to 23.05 and later reinstalling to switch to zfs root I've had a SG-1100 glitch and los... Craig Leres
07:43 PM Bug #14083: Adding MSS and MTU values on a LAGG VLAN interface breaks connectivity: confirmed on 7100 running 23.01 - after setting mtu/mss and rebooting system receives and displays IP on WAN in conso... Jordan G
07:28 PM pfSense Plus Bug #14104: Google LDAP connections still fail even after adding SNI for TLS 1.3: If the client certificate is chained into a single entry with the CA data, may be related to this: https://redmine.pf... Kris Phillips
06:43 PM pfSense Packages Todo #12351: Remove non-functional feeds: shallalist is no longer updated, it needs to be removed from DNSBL categories
https://www.shallalist.de/ is comple... Jordan G
06:34 PM pfSense Packages Bug #13936 (Pull Request Review): PHP error from RRD Graphs when attempting a query a newly created empty database: https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/333 Christopher Cope
06:30 PM pfSense Plus Regression #13993: Switch ports on 7100/1100/2100 do not have Auto MDI-X support enabled: switch is not detected under interfaces menu with current build - 23.05.a.20230322.0600 Jordan G
12:24 PM pfSense Plus Bug #14140 (Confirmed): OpenVPN Custom Options removes newline before push statements: Chris W
09:43 AM pfSense Plus Bug #14140: OpenVPN Custom Options removes newline before push statements: I'm not able to reproduce this on the server settings, but can on the Client Specific Overrides page. After saving an... Chris W
09:19 AM pfSense Plus Regression #14180 (Feedback): ConnectX-4 LX MCX4121A-ACAT - VT-d passthrough of both ports, virtualized pfSense fails to boot due to mlx5 driver errors: I've been running the following configuration for months now:
Hypervisor:
Linux Kernel 5.15
libvirt/qemu/kvm
... name name
07:49 AM pfSense Packages Bug #14179 (New): FreeRadius is active but in an inoperable state, switches to a generated freeradius-temp certificate upon restart: I was testing my HA setup yesterday evening and used the "Enter Persistent CARP Maintenance Mode" button quite a few ... name name
04:54 AM Regression #14039: Limiters have no effect on upload traffic passed by policy routing rules: Tried as Floating Rule but for me same outcome, the Limiter Diagnostic showing no limiter applied.
Marco Goetze

03/24/2023

08:25 PM Bug #14178: Captive Portal Pass-through MAC Auto Entry registering MAC address for unauthenticated users when using Pass-through credits: Typo in the third bullet of Actual Behavior "They don't ever see the login/portal prompt." Dean Arnold
08:21 PM Bug #14178 (New): Captive Portal Pass-through MAC Auto Entry registering MAC address for unauthenticated users when using Pass-through credits: The Captive Portal "Pass-through MAC Auto Entry" feature is adding an Allowed Client MAC address registration for una... Dean Arnold
07:17 PM Revision 1b121a0f: Correct plural seconds check.: Steve Wheeler
05:54 PM Feature #14177 (New): tcprtt Measures the TCP handshake RTT using the stats(9) statistics framework: My coworker thought using 8.8.8.8 for the gateway monitor would suffice for a “is the internet up” monitor. Well, goo... Ryan Whitlock
03:15 PM Bug #9459: patch pf: silence a runtime warning pfr_update_stats: assertion failed.: I see. Thanks for the info.
Issue still exists so status of this bug shouldn't be 'resolved'.. Casper B
02:21 PM Bug #14176: Uptime displays plural seconds for multiple minutes in the System Information Dashboard widget: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/1023 Steve Wheeler
02:06 PM Bug #14176 (Resolved): Uptime displays plural seconds for multiple minutes in the System Information Dashboard widget: The check to display seconds as plural is incorrectly checking for multiple minutes here:
https://github.com/pfsense... Steve Wheeler
01:25 PM pfSense Plus Bug #14175: LDAP authentication for SSH fails: Can confirm the issue.... Lev Prokofev
12:58 PM pfSense Plus Bug #14175 (New): LDAP authentication for SSH fails: LDAP authentication fails for SSH user authentication via LDAP with error (Invalid credentials).
Same user successfu... Georgiy Tyutyunnik
12:43 PM pfSense Docs New Content #14174 (Rejected): Feedback on Certificate Management — Certificate Authority Management: *Page:* https://docs.netgate.com/pfsense/en/latest/certificates/ca.html
*Feedback:*
the *Trust Store* section s... Jon Brown
10:20 AM pfSense Plus Feature #14173 (Needs Patch): QAT driver does not attach to QAT virtual function devices passed through to VM on Xeon D-2146NT: pfSense is virtualized under Linux.
Hypervisor:
* qemu-kvm
* i440fx (q35 doesn't work either)
* kernel 5.15.9... name name
10:03 AM pfSense Plus Regression #14102 (Feedback): Console menu incorrectly shows option ``99`` on some ARMv7/ARM64 installations: Fixed in 209cb8b1. Reid Linnemann
09:59 AM pfSense Plus Regression #14102: Console menu incorrectly shows option ``99`` on some ARMv7/ARM64 installations: I've simplified and improved the EMMC/SATA rootdev check for aarch64 devices. The modified script is more specific ab... Reid Linnemann
09:55 AM Regression #14172 (Resolved): PHP error in Captive Portal if ``usedmacs`` list is empty: ... name name
09:51 AM pfSense Plus Regression #14171: High Availability Setup with Gateway to secondary pfSense not working - No Internet: I forgot to add: All currently available patches were applied via the System Patches package, before any testing was ... name name
09:44 AM pfSense Plus Regression #14171 (Not a Bug): High Availability Setup with Gateway to secondary pfSense not working - No Internet: Hi,
the following setup is working just fine on pfSense CE 2.6.0:
* High Availability/CARP
* Gateway group WAN... name name
06:15 AM Regression #14039: Limiters have no effect on upload traffic passed by policy routing rules: I think in general you currently don't need more testers but can at least share that we are quite affected since we h... Jose Duarte
04:13 AM pfSense Docs New Content #14170 (Closed): Radius Authentication Timeout: https://docs.netgate.com/pfsense/en/latest/usermanager/radius.html#radius-configuration ... Danilo Zrenjanin
03:44 AM Bug #14169 (Not a Bug): OpenVPN Backend for authentication doesn't distinguish reject from timeout: When multiple auth servers are defined in the list, the VPN doesn't respect the reject message from the first server ... Danilo Zrenjanin

03/23/2023

08:35 PM pfSense Plus Bug #14168 (New): OpenVPN status GUI cannot display RADIUS ACL Generated Ruleset with usernames containing an ``@`` symbol: When looking at the Status --> OpenVPN page and viewing a user's ACLs from RADIUS, if the user signed in with user@do... Kris Phillips
03:03 PM Regression #14164: IPv6 interface configuration race condition can lead to kernel panic: ... Christian McDonald
11:15 AM Regression #14164 (Resolved): IPv6 interface configuration race condition can lead to kernel panic: While re-configuring an interface that has an IPv6 config, such as when the link bounces, it's possible to hit a race... Steve Wheeler
01:59 PM Bug #14167 (Confirmed): Auto Config Backup: Selected manual backups are not retained.: The 'Manual backups to keep' feature in ACB does not retain the selected number of manual backups as expected.
Man... Steve Wheeler
12:49 PM Feature #14166 (New): Use netstat output for interface packet counters: Currently the In/Out Packets counters shown for Interface Status are taken from pfctl. Hence they show the identical ... Steve Wheeler
12:31 PM Feature #14165 (Resolved): Option to allow the DNS Forwarder to ignore system DNS servers: Since the change for #12902 I can no longer specify custom servers in the DNS Forward configuration. I do not want t... Orion Poplawski
12:08 PM Bug #14060: Auto Config Backup prints a confusing decryption error when using the wrong key: Tested on:
Version 23.01-RELEASE (amd64)
built on Fri Feb 10 20:06:33 UTC 2023
FreeBSD 14.0-CURRENT
patch resol... Georgiy Tyutyunnik
10:02 AM Todo #14098 (Resolved): Match upstream changes in PF syntax to disable fragment disassembly: The patch fixes this one. I am marking this ticket resolved. Danilo Zrenjanin
08:37 AM Regression #14163 (Waiting on Merge): Running ``ifconfig`` logs a high volume of netlink debug messages (``genl_handle_message``) on dev snapshots: This will be fixed when we do our next merge from upstream FreeBSD Christian McDonald
08:13 AM Regression #14163 (Resolved): Running ``ifconfig`` logs a high volume of netlink debug messages (``genl_handle_message``) on dev snapshots: System log is being spammed with kernel messages. CE 2.7.0.a.20230322.0600. It only appears to happen when the Dashb... Keith Townsend
07:56 AM Regression #14015 (Resolved): Alias list is not sorted: I tested the patch with different upper-lower case setups. The patch works fine.
I am marking this ticket resolved. Danilo Zrenjanin
07:46 AM Bug #13992 (Resolved): Custom default state timeouts are not respected in the ruleset: The patch fixes the issue. I've just run the Status > Filter Reload after applying the patch.
I am marking this t... Danilo Zrenjanin
05:25 AM pfSense Packages Feature #14160: Add Search Engine Group in feeds: This is so we can whitelist search engines "Search Engines IPv4", "Search Engines IPv6" Jon Brown
05:02 AM pfSense Packages Feature #14160 (New): Add Search Engine Group in feeds: It would be good to get a search engine feed so you can either block them or use them as a whitelist. I have included... Jon Brown
05:22 AM pfSense Packages Feature #14162 (New): Add 'Google Services' feed group: This group can be used to allow the blocking or whitelisting of google services. I have added what I found along with... Jon Brown
05:17 AM pfSense Packages Feature #14161 (New): Add 'Microsoft Services' feed: This should include all of the Microsoft services and preferably in separate items. I have included links to the page... Jon Brown
03:17 AM pfSense Packages Feature #14159 (New): Add netgate bogon feeds: Can you add the netgate bogon feeds.
* https://files.netgate.com/lists/
** https://files.netgate.com/lists/bogon-... Jon Brown
02:48 AM pfSense Packages Bug #13936: PHP error from RRD Graphs when attempting a query a newly created empty database: Can replicate on ... Lev Prokofev
02:30 AM Regression #13942: PHP error on ``status_logs_settings.php`` if the configuration contains an empty ``syslog`` section: I couldn't apply the patch on the:... Danilo Zrenjanin
02:03 AM Feature #14002 (Resolved): Option to enable/disable console bell, enabled by default: Tested the patch against:... Danilo Zrenjanin

03/22/2023

07:38 PM Regression #12821: Intel e1000 driver (``em``, ``igb``) cannot pass packets tagged with VLAN ``0``: For clarity the e1000 iflib driver that is in-kernel in pfSense has a bug that prevents it passing vlan0 if vlan hard... Steve Wheeler
06:30 PM Regression #12821: Intel e1000 driver (``em``, ``igb``) cannot pass packets tagged with VLAN ``0``: Kris Phillips wrote in #note-31:
> Hayden Hill wrote in #note-30:
> > Kris Phillips wrote in #note-29:
> > > FYI i... Hayden Hill
10:02 AM Regression #12821: Intel e1000 driver (``em``, ``igb``) cannot pass packets tagged with VLAN ``0``: Hayden Hill wrote in #note-30:
> Kris Phillips wrote in #note-29:
> > FYI it appears this issue has spread in 23.01... Kris Phillips
03:34 PM pfSense Packages Feature #13200: Custom DNS Servers for Alert settings: One solution would be to deny:
LAN: Deny any != pfblockerng ip TCP/UDP:53
WAN: ANY outgoing TCP/UDP:53
And allow... Carlos Montalvo J.
12:55 PM pfSense Plus Bug #14158: Unable to delete boot environment "X". Error 3: Duplicate of https://redmine.pfsense.org/issues/14074 Christopher Cope
12:55 PM pfSense Plus Bug #14158 (Duplicate): Unable to delete boot environment "X". Error 3: Christopher Cope
12:38 PM pfSense Plus Bug #14158 (Duplicate): Unable to delete boot environment "X". Error 3: Hi,
I was going to make a new backup recovery in the Boot Environments.
I name it with one number ie. 1, then save ... B. B.
11:44 AM Feature #14157 (New): Wildcards for 'Host Overrides' and 'Domain Overrides' in the GUI: Can you add the ability to use wildcards in 'Host Overrides' and 'Domain Overrides' in the GUI.
I know I can add w... Jon Brown
11:36 AM Feature #14156 (Rejected): See the configured .opvn file from the GUI for the OpenVPN servers: It would be a useful feature for diagnosing issues quickly to see the generate .OPVN file in the GUI.
If the onscr... Jon Brown
11:27 AM pfSense Packages Todo #14155 (Rejected): 'Block Outside DNS' option is present in the server and on the client: I find this situation confusing and propose a couple of resolutions:
* If the option 'Block Outside DNS' should stay... Jon Brown
11:22 AM pfSense Packages Feature #11165: OpenVPN Exporter - Allow for name customization: I would like to see this so if I want, I can create more human readable connection names which are shown in the OpenV... Jon Brown
10:59 AM Regression #13965 (Resolved): Automatic DHCP failover firewall rules are not present in the ruleset when failover is active: The patch fixes it.
I am marking this ticket resolved. Danilo Zrenjanin
09:22 AM Feature #14144: Improve support for renaming interface groups: maybe this should have been bug, not feature. Sorry. Kyle Wadman
07:18 AM Feature #14144 (New): Improve support for renaming interface groups: I have noticed that when an Interface Groups is renamed, all the Separators are lost.
I then named it back to the or... Kyle Wadman
08:41 AM pfSense Packages Bug #14142 (Not a Bug): PHP errors in OpenVPN Client Export package: This doesn't look like a bug. From the logs, the OpenVPN export package needs to be updated / reinstalled.
If that... Christopher Cope
06:05 AM pfSense Packages Bug #14142 (Rejected): PHP errors in OpenVPN Client Export package: Good moorning after installation last version of pf-sense, system shows Us the follow error related openvpn .
I am... Stefano Raniero
08:40 AM pfSense Packages Feature #14154 (New): Ability to use pfSense alias in IPv4 Custom_List: Firewall --> pfBlockerNG --> IP --> IPv4 --> edit/add --> IPv4 Custom_List
the reasons for this are:
* I only hav... Jon Brown
08:36 AM pfSense Packages Bug #14153 (New): default whitelist is not created: When I click on the button from the + button from the reports tab and follow the whitelisting, the default whitelist ... Jon Brown
08:35 AM pfSense Plus Bug #14140: OpenVPN Custom Options removes newline before push statements: Sorry, i forgot to describe WHY this is a problem.
The issue is that the invalid formatting of the options will ca... Nick Maludy
08:19 AM Feature #14152 (New): Add a way to find where an alias is used in the GUI: I would like the ability to find where an alias is used via the GUI. I imagine a button next to the other alias optio... Jon Brown
08:08 AM pfSense Packages Feature #14151 (New): Add (ASN) to IPv4 Custom_List information: Firewall --> pfBlockerNG --> IP --> IPv4 --> IPv4 Custom_List
the line ... Jon Brown
08:05 AM pfSense Packages Feature #14150 (New): Source and Destination information for IPv4 Custom_List and feeds: Firewall --> pfBlockerNG --> IP --> IPv4 --> list
When you edit/create a list you have to select an action type an... Jon Brown
07:58 AM pfSense Packages Feature #14149 (New): Make the NEXT Scheduled CRON counter active: I would like the countdown timer of the cron to be active. Like on an aution page of ebay. :)
Firewall --> pfBlock... Jon Brown
07:54 AM pfSense Packages Feature #14148 (New): Update alias information and error handling: On the following sections can you:
Firewall --> pfBlockerNG --> IP --> IPv4
*Advanced Inbound Firewall Rule Set... Jon Brown
07:48 AM pfSense Packages Feature #14147 (New): when you rename an alias the alias reference in pfsense Advanced Inbound/Outbound rules ar enot updated: I refer to the rules @ (Firewall --> pfBlockerNG --> IP --> IPv4)
I noticed that when I renamed an alias that the ... Jon Brown
07:36 AM pfSense Packages Bug #14146 (New): Small Typo in 'Advanced Outbound firewall rule settings' warning message: When creating an IPv4 outbound permit rule (Firewall --> pfBlockerNG --> Ip --> IPv4) and you leave the **Custom Prot... Jon Brown
07:20 AM Feature #14145 (New): Combined rule view (Floating + Group + Interface) that shows all rules relevant to a given interface: When viewing an interface firewall rule section it would be nice to have a toggle to "show inherited". This would sho... Kyle Wadman
07:09 AM pfSense Docs Correction #14143 (Closed): Feedback on System Monitoring — Remote Logging with Syslog: *Page:* https://docs.netgate.com/pfsense/en/latest/monitoring/logs/remote.html
*correction:*
in the section *Se... Jon Brown

03/21/2023

07:17 PM pfSense Packages Bug #14054: pfBlockerNG can incorrectly modify firewall rules: It appears this related to the IPv4 IP list being updated, and happens during this step:... Marcos M
06:38 PM pfSense Packages Bug #14141 (Rejected): pfsense 2.6.0 -pfSense-pkg-squid installation failed!: Hi guys,
Any help please.
I'm working on a lab project that is due in the comming days. Everything has worke fine u... Jean Smail Origene
05:43 PM pfSense Packages Todo #9200: Add DNS support for Google domain to Acme manager: It appears that Google Domains has added support for DNS-01 ACME Challenges using a token generated on Google Domains... Ryan Keen
01:56 PM pfSense Packages Feature #8547: fwknop Port Knocking Package: I'd like to add a vote here, too. This would be *incredibly* useful.
Port knocking is not an _alternative_ to a VP... Liquid Thex
01:54 PM pfSense Plus Bug #14140 (Not a Bug): OpenVPN Custom Options removes newline before push statements: Hello,
I'm setting up an OpenVPN server and need to pass in some additional option in two places:
1. VPN -> Ope... Nick Maludy
12:49 PM Regression #14139 (Resolved): CARP announcement src MAC should be virtual MAC: Hi All,
I think at some point in the last couple of 2.7.0 builds CARP function became somewhat broken. CARP announ... Robert Karsai
11:12 AM Feature #12091: RFE: Add support for sssd authentication: Just updated to psSense Plus 23.01 and now with sssd-1.16.5_8 it fails to start with:
ld-elf.so.1: /usr/local/sbin... Orion Poplawski
02:22 AM Regression #14138 (Feedback): Kernel Panic in ``rtsock_msg_mbuf``: I’ve been having a number of these over the last week or so. Last night’s was overnight when no one was using the net... Stephen Baines
12:09 AM pfSense Plus Regression #14137: pfSense Plus Upgrade repo data remains on the system after upgradng: Also, if package manager unavailable, may help next solution
Check and then uncheck dashboard auto update box in Sys... aleksei prokofiev

03/20/2023

10:36 PM Bug #13624: Only one alias in local network of OpenVPN Server works in 2.6.0: Also ran into the sub-alias not updating the parent alias issue as described by Florian Bat.
This had one of our en... Dean Arnold
07:21 PM pfSense Plus Regression #14137 (Resolved): pfSense Plus Upgrade repo data remains on the system after upgradng: After upgrading from CE to pfSense Plus the repo data used for that should be removed from the firewall leaving it us... Steve Wheeler
02:14 PM Revision 875221b6: ArrayGetExprRector support for variable and funccall array keys: Change how buildPathArgNode() generates an Arg node - as we introduce support
for more complicated expressions in arr... Reid Linnemann
02:14 PM Revision ce614369: Make ArrayGetExprRector configurable for multiple variables: Rector only permits a single instance of a Rule class in a configuration, so in
order to allow the ArrayGetExprRector... Reid Linnemann
02:14 PM Revision 96eb75ed: Rename GlobalGGetExprRector and friends to ArrayGetExprRector: Reid Linnemann
02:14 PM Revision 46f5b38a: Make GlobalGGetExprRector configurable, add simple test for $g variable: Reid Linnemann
02:03 PM pfSense Packages Bug #14116 (Duplicate): Squid Error went I press SAVE button.: Duplicate of https://redmine.pfsense.org/issues/13984
Missing Squid Reverse config values. Steve Wheeler
10:19 AM pfSense Packages Bug #14116: Squid Error went I press SAVE button.: Looks like Clamav is the issue, once I disable this services, the error is gone.

This is my config file:
cat... Peter Moreno
11:52 AM Feature #13017 (Pull Request Review): Packet capture: add preview results while capture is running: Thank you for the pull request. This has been implemented with a re-write of the Packet Capture page. See https://red... Marcos M
09:42 AM Bug #14136 (Resolved): Services Status page and Dashboard widget do not list the ``radvd`` service with certain static IPv6 configurations: After upgrading from 2.5.2 to 23.01 I noticed that @radvd@ no longer appears in Services Status or the associated das... David Myers
04:38 AM pfSense Plus Bug #14135: iOT Devices not reconnecting properly: I forgot to mention we also tested this with a Sony TV (1 year old and up to date Firmware) on an ethernet connection... Steven Cedrone
04:24 AM pfSense Plus Bug #14135 (Rejected): iOT Devices not reconnecting properly: IOT Devices of different manufacturers all seem to have this problem and while the problem is being experienced I wou... Steven Cedrone
04:32 AM pfSense Plus Bug #13497: unbound process looks like stuck periodically: Yaroslav Semenenko wrote:
> Hello,
>
> I have Netgate 2100.
> Unbound service is needed to restart sometimes due... Steven Cedrone
03:50 AM pfSense Plus Feature #14134 (Rejected): Notifier on main dashboard for other updates availble: Packages / System Patches (if installed) Under the PfSense current Version.: A notifier on the Main Landing page under the Current PfSense Version number that lets you also know if your packages... Steven Cedrone
03:47 AM pfSense Plus Feature #14133 (New): Exporting and Importing - Change Layout: Please change Backup & Restore to allow for choosing only what areas you want to import/export without having to do i... Steven Cedrone
03:39 AM pfSense Plus Bug #14132 (Not a Bug): Aliases of the same name current as previously deleted will not be respected properly: This problem is hard to describe so I'll give as much information as possible as best as I can.
-Alias was created... Steven Cedrone
03:30 AM pfSense Plus Feature #14131 (New): Add Dynamic DNS Service: DYNU: Please add Dynamic DNS provider DYNU
https://www.dynu.com/en-US/
It's working now but sometimes won't update an... Steven Cedrone
03:10 AM Feature #14130 (New): Add DynDNS Provider - IPv64.net: I would like to have the German DynDNS provider IPv64.net added. An integration with DynDNS is very easy there via th... Dennis Schröder

03/19/2023

10:52 PM pfSense Plus Bug #14129 (Resolved): Chelsio T520 unable to route past 470Mbps: Chelsio T520-CR and T420-CR are unable to route speeds over 470mbps when updated to 23.01 code. Goes to full 1gb spee... Bruce Talbot
05:58 PM Bug #14128 (New): Input validation does not prevent limiter bandwidth values that are too large: There exists a limit to the bandwidth value within Limiters:
https://github.com/pfsense/FreeBSD-src/blob/bd5b6c0d6cc... Marcos M
04:33 PM pfSense Packages Regression #14024: PHP error in HAProxy Widget with Show Client Traffic enabled: I have the same issue but only affecting one of my deployments. As a workaround you can disable the haproxy service t... Hans Perera
04:01 PM pfSense Plus Bug #12974 (Closed): Typing anything into 1100/2100 recovery installer causes process to stop: This should be closed. Updating to reflect. Ryan Coleman
03:27 PM Regression #12821: Intel e1000 driver (``em``, ``igb``) cannot pass packets tagged with VLAN ``0``: Kris Phillips wrote in #note-29:
> FYI it appears this issue has spread in 23.01 to the igc driver as well. After u... Hayden Hill
02:13 PM Bug #14127 (New): Captive Portal - LDAP server with special characters in description fails to authenticate in: When you have an LDAP configured that has commas (and likely other special characters) two things fail:
1) Selecti... Ryan Coleman
11:25 AM pfSense Packages Feature #14126 (New): Quality monitoring graph scale adjustment: If possible, it would be nice if the scale of the packet loss side of the onitoring graph was not the same as the lat... Chris Linstruth
02:33 AM pfSense Plus Feature #14125 (New): Add Cateogory field to Available Packages Tab like Installed Packages Tab: Under the Installed Packages the header fields have the following listed at the top Name Category Version Description... Scott Costa

03/18/2023

10:22 PM Regression #12821: Intel e1000 driver (``em``, ``igb``) cannot pass packets tagged with VLAN ``0``: FYI it appears this issue has spread in 23.01 to the igc driver as well. After upgrading to 23.01 on a Netgate 4100,... Kris Phillips
09:37 PM Bug #14124: Some blank SAN fields are not ignored when creating a certificate: I just realized that if I just enter the type of IP address and value of 10.0.0.2 and not click add, just save then 1... Mario Jauvin
09:33 PM Bug #14124: Some blank SAN fields are not ignored when creating a certificate: Kris, this is an interesting comment and you are quite true. If I delete the second blank entry in my screen shot th... Mario Jauvin
09:12 PM Bug #14124: Some blank SAN fields are not ignored when creating a certificate: This doesn't appear to be a bug. You have a FQDN or Hostname entry added as an Alternative Name, but nothing defined... Kris Phillips
04:07 PM Bug #14124 (Resolved): Some blank SAN fields are not ignored when creating a certificate: If I add a alternate name
!clipboard-202303181705-cigpe.png!
and click save, I get this error:
!clipboard-20230318... Mario Jauvin
09:36 PM pfSense Packages Bug #13985: Telegraf error After Update PFSense to 23.01: Unable to replicate in pfSense CE 2.7. Possible it's just an issue on Plus for some reason. Kris Phillips
09:30 PM pfSense Packages Bug #14116: Squid Error went I press SAVE button.: Hello,
What settings do you have enabled and what page were you on that you clicked save to cause this issue? I'v... Kris Phillips
08:02 PM pfSense Plus Bug #14074: Cannot edit or delete ZFS Boot Environment with a name containing only numbers: i installed the patch.
it renamed the two broken boot environments with the name i originally gave them, swapping ... Mark Grant
04:57 PM pfSense Plus Bug #14074: Cannot edit or delete ZFS Boot Environment with a name containing only numbers: The patch works well. I'm not hitting any of the problems I encountered previously. *It only applies to the currently... Chris W
01:57 PM pfSense Plus Bug #14074 (Pull Request Review): Cannot edit or delete ZFS Boot Environment with a name containing only numbers: https://gitlab.netgate.com/pfSense/factory/-/merge_requests/94 Christopher Cope
01:01 PM pfSense Plus Bug #14074 (Confirmed): Cannot edit or delete ZFS Boot Environment with a name containing only numbers: I was able to reproduce this by cloning the default environment, naming it 20230318 (today's date), no description. C... Chris W
06:29 PM Bug #14115: DHCP Server page does not properly select a default interface tab if neither WAN nor LAN are capable of being DHCP servers: this state occurs with previous versions too.
click on the tab of opt interface and you will be able to configur... Alhusein Zawi

03/17/2023

09:21 PM Bug #13655: DNS Forwarder (``dnsmasq``) is using an invalid combination of options when "Query DNS servers sequentially" is enabled: Just to update this: This issue is being addressed in upstream dnsmasq now in order to disallow this invalid and misl... Flole Systems
06:26 PM pfSense Docs Correction #14123 (Closed): DNS Rebinding pfsense documentation: DNS protection documentation here: <https://docs.netgate.com/pfsense/en/latest/services/dns/rebinding.html#dns-protec... Alex Sensation
06:16 PM pfSense Plus Bug #13967 (Feedback): aarch64 23.01 upgrade can fail to write the bootloader: Fix has been released to the world this week. Reid Linnemann
06:15 PM Bug #14046 (Rejected): bsdinstall based installs are missing EFISYS DOS label on efi partition: There are many reasons the EFISYS label is missing. pfSense-upgrade has also been modified to restore this FAT label ... Reid Linnemann
03:35 PM Revision 5c4a6ada: Improve alias sorting (again). Issue #14015: asort does not handle natural case-insensitive sorting of
multi-dimensional arrays properly, so it needs a custom sor... Jim Pingle
02:57 PM Bug #14007 (Resolved): Using PF reserved keywords for interface descriptions results in an invalid ruleset: Jim Pingle
01:18 PM Bug #14007: Using PF reserved keywords for interface descriptions results in an invalid ruleset: patch fixes the issue, prohibiting the reserved pf keywords from being configured as interface names
Tested on:
Ver... Georgiy Tyutyunnik
02:53 PM Feature #14122 (New): Allow selecting the repo branch on config restore: Currently the config restore code always defaults the update repo branch to current stable. The branch set in the con... Steve Wheeler
12:14 PM Feature #12070: Support for VLAN ``0``: Steve Wheeler wrote in #note-15:
> This specific feature request was opened to handle vlan0 for ISPs other than AT&T... Matt Johnson
10:33 AM Feature #12070: Support for VLAN ``0``: This specific feature request was opened to handle vlan0 for ISPs other than AT&T.
It is marked resolved because t... Steve Wheeler
10:02 AM Feature #12070: Support for VLAN ``0``: EDIT: thanks for the update Steve
I noticed the fix was implemented at the dhclient level which is good but the or... Matt Johnson
10:02 AM Feature #12070: Support for VLAN ``0``: Steve Wheeler wrote in #note-12:
> For clarification this issue is marked resolved because pfSense can now accept pr... Matt Johnson
09:28 AM Feature #12070: Support for VLAN ``0``: For clarification this issue is marked resolved because pfSense can now accept priority tagged dhcp replies (vlan0). ... Steve Wheeler
11:41 AM Bug #14092 (Ready To Test): Kernel panic when PF passes a large/fragmented ICMP6 packet: Snapshots as of today have the relevant fix included. Kristof Provost
11:03 AM Regression #14015: Alias list is not sorted: Also of note: I added another patch to the system patches package which applies on top of the previous patch (@4342d1... Jim Pingle
11:00 AM Regression #14015 (Feedback): Alias list is not sorted: Should be fixed by commit:5c4a6ada1867a7d6ec13461680d8309d154c90b1 seems to be OK in various tests I've done.
Beca... Jim Pingle
09:27 AM Regression #14015: Alias list is not sorted: This was also broken again by commit:29cd08ea0da6246ad416e33b3788c05c0b0a5172 during a rector pass. It was changed ba... Jim Pingle
06:35 AM Regression #14015: Alias list is not sorted: Danilo Zrenjanin wrote in #note-3:
> I couldn't reproduce the issue on the:
> I made an extensive list of aliases t... Jim Pingle
03:19 AM Regression #14015: Alias list is not sorted: I couldn't reproduce the issue on the:... Danilo Zrenjanin
10:33 AM Feature #14121 (Duplicate): Add ability to batch import IPs into an *existing* alias: Firewall > Aliases > IP already has an "Import" button that allows creating a *new* alias by pasting a long list of I... Sean McBride
10:15 AM Bug #14117 (Resolved): PHP Error on ``status_interfaces.php`` from PPP interface uptime: Tested on the:... Danilo Zrenjanin
06:17 AM Regression #13962 (Resolved): PPP interfaces do not request DNS servers when "DNS Server Override" is enabled: Tested against:... Danilo Zrenjanin

03/16/2023

11:25 PM Regression #13983 (Resolved): Multiple PHP errors in the DHCP Server when the configuration contains an empty section for an interface: Tested on... Christopher Cope
10:21 PM Regression #14076 (Resolved): PHP error if the configuration has an empty Auto Configuration Backup section: Tested on... Christopher Cope
09:05 PM Regression #14015 (In Progress): Alias list is not sorted: Looks like there may be an issue if aliases are not sorted in the config, the ID in the list may not match the ID in ... Jim Pingle
07:59 PM pfSense Packages Bug #12399: WireGuard v0.1.5 - Tunnel Will Never Handshake Again After WAN Reset: Prime BDE wrote in #note-28:
> Nunya Business wrote in #note-27:
> > This problem has returned with the current ver... Gianluca Semadeni
05:17 PM Regression #14120 (Resolved): ``syslogd`` tries to bind interfaces with no IP address: In 23.01 syslogd will try to bind to an interface that has no IP resulting in the service failing to start.
This i... Steve Wheeler
05:16 PM Revision 1792ffdb: ppp-linkup: Keep routerv6 address scope: Original code was removing address scope from v6 router and because of
that, system always use default gateway to con... Renato Botelho
02:07 PM Feature #14119: Correct or fully implement, in Captive Portal authentication routines, the Tunnel attributes related to the freeRadius VLAN ID setting: If freeRadius was correctly parsing the attributes sent in the accounting communication to freeRadius, the following ... Dale Harron
01:09 PM Feature #14119: Correct or fully implement, in Captive Portal authentication routines, the Tunnel attributes related to the freeRadius VLAN ID setting: WRT ##14093's rejection,
"The solution here is to set each portal to use the RADIUS server in a different way, eith... Dale Harron
11:10 AM Feature #14119 (New): Correct or fully implement, in Captive Portal authentication routines, the Tunnel attributes related to the freeRadius VLAN ID setting: This may be either a bug or the completion of a partially implemented feature to support freeRadius users.
The cap... Dale Harron
01:40 PM Revision ae1bda66: composer update: Christian McDonald
01:12 PM Revision cf2a2f82: Add safety belts to PPP historical uptime calculation. Fixes #14117: Jim Pingle
12:25 PM Bug #13939 (Feedback): IPv6 does not work on secondary PPPoE WAN: Applied in changeset commit:1792ffdb859a5cb40c11360c30989ccc3b7a9271. Renato Botelho
09:19 AM Bug #13939: IPv6 does not work on secondary PPPoE WAN: Reid Linnemann wrote in #note-2:
> It actually looks like this was written from the get-go to omit the scope, which ... Renato Botelho
10:32 AM Todo #6727: Apple TouchID/FaceID probes for site icon files that do not exist: I'm on v2.6.0 CE and I just got this error myself. Interesting. Seems like it would be an easy fix. Allistah F
10:23 AM Bug #14118 (New): freeRadius "Amount of Time" setting is not accurately tracked for Stop/Start settings in Caaptive Portal: Re: tested on 23.01 plus mid Feb release: Correct time accounting error in captiveportal.inc Stop/Start routines for... Dale Harron
08:20 AM Bug #14117 (Feedback): PHP Error on ``status_interfaces.php`` from PPP interface uptime: Applied in changeset commit:cf2a2f82c2aa551b26a6d9606d5e6da1e760ff6b. Jim Pingle
08:00 AM Bug #14117 (Resolved): PHP Error on ``status_interfaces.php`` from PPP interface uptime: Seems to require the "Uptime Logging" option enabled on a plain PPP type WAN (cell modem style, NOT PPPoE/L2TP/PPTP)
... Jim Pingle
07:10 AM Regression #13943: OpenVPN crashes with Signal 8 with very low fragment size: For reference, the fix appears to be: https://github.com/OpenVPN/openvpn/commit/b9a9de156bc3ad517bfc6d1042ad0ef0350b638e Jim Pingle
07:00 AM Regression #13943: OpenVPN crashes with Signal 8 with very low fragment size: OpenVPN has fixed it in version 2.6.1!
When is it available in pfsense+ 23.01? Patrick Schmid
06:33 AM Bug #13860 (Resolved): Typo in Remote IPv4/IPv6 Address help text on ``interfaces_gre_edit.php``: The patch fixes it.
Tested against:... Danilo Zrenjanin
06:29 AM Bug #13953 (Resolved): PHP Error loading Floating rule tab with OpenVPN group rules when there are no OpenVPN instances in the configuration: Danilo Zrenjanin
06:29 AM Bug #13953: PHP Error loading Floating rule tab with OpenVPN group rules when there are no OpenVPN instances in the configuration: Tested the patch on the:... Danilo Zrenjanin
03:29 AM Bug #14034 (Resolved): PHP errors in ``xmlrpc.php`` during configuration synchronization if the target host has an empty XML tag for a given section: Danilo Zrenjanin
03:29 AM Bug #14034: PHP errors in ``xmlrpc.php`` during configuration synchronization if the target host has an empty XML tag for a given section: I tested the patch against:... Danilo Zrenjanin
02:49 AM pfSense Packages Feature #14101: Add Zabbix 6.4 packages: Should there be any help needed, I happen to be the maintainer of all zabbix ports. Juraj Lutter
01:32 AM Bug #5413: Reduce disruptions when changing DNS records from DHCP leases in Unbound: Hi there, I just wanted to say thanks for all the time and work that is going into this fix. It's really a problem w... Allistah F
12:52 AM pfSense Packages Bug #14116: Squid Error went I press SAVE button.: Crash report begins. Anonymous machine information:
amd64
14.0-CURRENT
FreeBSD 14.0-CURRENT #1 devel-main-n2558... Peter Moreno
12:51 AM pfSense Packages Bug #14116 (Duplicate): Squid Error went I press SAVE button.: Hello, I have squid+SG on Pfsense 2.7-dev, testing.
I was trying to do a little change and went I press 'SAVE' butto... Peter Moreno

03/15/2023

03:00 PM Bug #14061: PHP error if a non-privileged shell user attempts an operation which needs to write ``config.cache``: The only potential possible cause I can see is that both this and #14031 are initially triggered by source:usr/local/... Jim Pingle
07:37 AM Bug #14061 (New): PHP error if a non-privileged shell user attempts an operation which needs to write ``config.cache``: Reopening this for some more investigation. There appear to be several people hitting this, but not consistently and ... Jim Pingle
02:50 PM pfSense Docs Todo #14107: Add troubleshooting steps for LDAP auth: Note added and deployed:
https://gitlab.netgate.com/docs/pfSense-docs/-/commit/022334bebe388fd6edea9ac2418cb0c0944... Jim Pingle
02:40 PM pfSense Plus Feature #14112 (Duplicate): Allow user to trigger license re-sync and/or reset in system_register.php: We already have an internal issue for this.
Jim Pingle
01:57 PM pfSense Plus Bug #14104: Google LDAP connections still fail even after adding SNI for TLS 1.3: LDAP client certs are only available on Plus. Jim Pingle
12:21 PM pfSense Docs Todo #14114 (Closed): Change info about ESXi version which might work with pfSense.: Updated and deployed:
https://gitlab.netgate.com/docs/pfSense-docs/-/commit/57c3e5e2789a84b71a4eb3544f68e7077c87c4fb Jim Pingle
07:43 AM pfSense Docs Todo #14114 (Closed): Change info about ESXi version which might work with pfSense.: on https://docs.netgate.com/pfsense/en/latest/recipes/virtualize-esxi.html we have
_Article explains how to install ... Azamat Khakimyanov
12:16 PM Bug #14115 (Resolved): DHCP Server page does not properly select a default interface tab if neither WAN nor LAN are capable of being DHCP servers: When both WAN and LAN are set to DHCP, the DHCP server web interface doesn't appropriately select an interface tab.
... Christian McDonald
11:13 AM pfSense Docs Todo #14111 (Closed): Installation pages flash drive too small for 23.01 ARM64 image: Updated and deployed.
https://gitlab.netgate.com/docs/netgate-docs/-/commit/b45a21365b0faf6bee17141d70b41a216698b964 Jim Pingle
11:00 AM pfSense Docs Todo #14111: Installation pages flash drive too small for 23.01 ARM64 image: I'll update that doc but do note the documents for the 1100 and 2100 both actually say 8GB already:
https://docs.n... Jim Pingle
09:45 AM pfSense Packages Bug #14113 (Duplicate): PHP Error: /usr/local/pkg/avahi/avahi.inc:76: Duplicate of #14019 Jim Pingle
02:22 AM pfSense Packages Bug #14113 (Duplicate): PHP Error: /usr/local/pkg/avahi/avahi.inc:76: Just updated my pfsense box to 23.01 from 22.05. Everything was going smoothly, but on my first login i received a no... S Hunor
12:50 AM Bug #13624: Only one alias in local network of OpenVPN Server works in 2.6.0: I also discovered this issue in 2.7.0 & 22.x with alias parsing in the all OpenVPN configuration page network fields.... Dean Arnold

03/14/2023

09:34 PM pfSense Docs Todo #14107: Add troubleshooting steps for LDAP auth: It helped someone on 23.01 after they saw the following from pfSense on a pcap when testing the auth:
> Alert (Level... Marcos M
10:52 AM pfSense Docs Todo #14107 (Closed): Add troubleshooting steps for LDAP auth: That shouldn't be needed on current versions since the LDAP CA setup is different than it was back at the time that s... Jim Pingle
10:43 AM pfSense Docs Todo #14107 (Closed): Add troubleshooting steps for LDAP auth: Add the troubleshooting step of restarting php-fpm as detailed here:
https://forum.netgate.com/post/893499
Add to... Marcos M
08:44 PM pfSense Plus Feature #14112 (Duplicate): Allow user to trigger license re-sync and/or reset in system_register.php: There may be a case for adding some buttons in system_register.php that allow the user to 1) Force the existing pfSen... M Felden
04:50 PM pfSense Docs Todo #14111 (Closed): Installation pages flash drive too small for 23.01 ARM64 image: The installation media page says 4GB is sufficient for pfSense but the 23.01 ARM64 image is 4 in one and expands to 4... Ryan Coleman
03:43 PM Revision 5f43b9b5: RAM disk size check/options update. Fixes #13508: * Update RAM disk size/free memory calculations
* Fix up some text in the option labels
* Show current /tmp and /var ... Jim Pingle
02:53 PM Bug #11877 (Resolved): Labels and description disappear in firewall_schedule_edit.php: There's a quirk with the fix where removing the row with the labels does not re-add the labels until the changes are ... Marcos M
01:42 PM pfSense Packages Bug #14075: Using the ``Transparent ClientIP`` option in HAproxy results in kernel panics: I have returned ipfw to development snapshots so we can work on replicating and testing there. It is not possible to ... Christian McDonald
12:02 PM pfSense Docs Todo #14110 (Resolved): Clean up outdated references to "Factory" edition: Main docs:
https://gitlab.netgate.com/docs/pfSense-docs/-/commit/9a0c401f51fa65168905fe798fe4b74475e8e6f9
Platf... Jim Pingle
11:05 AM pfSense Docs Todo #14110 (Resolved): Clean up outdated references to "Factory" edition: There are a few remaining references in the documentation to the old "Factory" edition ("FE") name that need updated ... Jim Pingle
11:28 AM Feature #14109: Auto Configuration Backup Key Feature Request: Thanks for the reply, speaking from experience is all I noticed they are ever changing with each software reload or c... Jonathan Lee
11:09 AM Feature #14109 (Rejected): Auto Configuration Backup Key Feature Request: The key is not something that should be passed around that freely, it should be treated like a password or similar to... Jim Pingle
11:04 AM Feature #14109 (Rejected): Auto Configuration Backup Key Feature Request: Hello fellow pfSense Community,
I wanted to add a feature request for Auto Configuration Backup, there is no setti... Jonathan Lee
10:54 AM pfSense Packages Bug #14108 (Rejected): Antivirus Bases showing outdated main.cvd with a version dated year 2021: Per ClamAV's website:
"ClamAV signatures come in a variety of formats, one for each of the distinct detection method... Jonathan Lee
10:50 AM Todo #13508 (Feedback): Uncouple RAM Disk size from available kernel memory: Applied in changeset commit:5f43b9b527a6a65bd2c70ac231e3fdceff6ab0d3. Jim Pingle
07:55 AM Todo #13508 (In Progress): Uncouple RAM Disk size from available kernel memory: Note to self: tmpfs data can get moved to swap under memory pressure, which further extends its potential capacity, s... Jim Pingle
10:41 AM pfSense Plus Bug #14106 (New): arc4random: WARNING: initial seeding bypassed the cryptographic random device because it was not yet seeded and the knob 'bypass_before_seeding' was enabled.: 23.01 is now showing this error after a fresh firmware install on a Netgate 2100-MAX system. It will continue to boot... Jonathan Lee
10:24 AM Feature #14105 (New): Ability to set 'block-local' gateway flag in OpenVPN Server Config: I am setting up my OpenVPN servers so when a client connects all their traffic (except VPN tunnel traffic) goes throu... Jon Brown
08:50 AM Todo #14103 (Resolved): Add more disk information to status output: This is present and working in the latest snapshot. Jim Pingle
08:08 AM pfSense Plus Regression #13895: Early boot hangs on Hyper-V with Gen2 VMs: Thanks Chris.
While this doesn't solve your immediate situation, it looks like repro is possible with Windows Serv... Leon Dang
03:11 AM pfSense Plus Bug #14104 (New): Google LDAP connections still fail even after adding SNI for TLS 1.3: tested on 23.01 and with IPv6
After fixing https://redmine.pfsense.org/issues/11626 I see that the LDAP client is ... Azamat Khakimyanov
02:28 AM Bug #14077: Kernel panic from incoming IPv6 connections: Sorry, I missed that.
I believe I understand the issue. Briefly put, pf_refragment6() ends up calling ip6_forward(... Kristof Provost

03/13/2023

11:17 PM Revision d6911589: Add more disk info to status output. Implements #14103: Jim Pingle
10:56 PM Bug #14077: Kernel panic from incoming IPv6 connections: #14092 is not public, so it's impossible to check what that one is about and what will trigger it. Flole Systems
12:23 PM Bug #14077: Kernel panic from incoming IPv6 connections: This issue isn't related to IPv4 NAT, so your NAT rules will not matter.
See #14092 as well, because this is almos... Kristof Provost
09:17 PM pfSense Plus Regression #13895: Early boot hangs on Hyper-V with Gen2 VMs: Here is a screenshot of the memmap command on an affect VM. This machine is on Windows Server 2022. The Pfsense VM ... Chris Poillion
07:03 PM Revision c37e9ab9: Catch case when DHCP WAN comes up late during boot. Fixes #13671: Jim Pingle
06:37 PM Revision 5c75223e: Fix typo. Fixes #13860: Jim Pingle
06:31 PM Revision 6c186dae: Auth log behavior update. Fixes #12464: Jim Pingle
06:25 PM Todo #14103 (Feedback): Add more disk information to status output: Applied in changeset commit:d691158995f63347d2ad7ab037b7bf3d4fe989bb. Jim Pingle
06:16 PM Todo #14103 (Resolved): Add more disk information to status output: The status output could use some more disk information we've been requesting recently:... Jim Pingle
06:04 PM Revision 4fe6481f: Add knob for console bell (default: enabled). Fixes #14002: Jim Pingle
05:54 PM pfSense Plus Regression #14102 (Resolved): Console menu incorrectly shows option ``99`` on some ARMv7/ARM64 installations: The console menu is intended to only show menu option 99 'Install to device' if pfSense is not running from eMMC or S... Steve Wheeler
05:27 PM pfSense Packages Feature #14101 (Resolved): Add Zabbix 6.4 packages: https://www.freshports.org/net-mgmt/zabbix64-agent/
https://www.freshports.org/net-mgmt/zabbix64-proxy/
Tirso Ramirez
05:11 PM Revision 7ce12dcb: Do not allow an interface to use PF reserved words as its name. Fixes #14007: Jim Pingle
03:58 PM Revision 5f121e6a: Improve floating rule handling of missing VPNs. Fixes #13953: Jim Pingle
03:39 PM Revision 0dbc2d6a: GW Edit: Handle missing OpenVPN/IPsec entries better. Fixes #13973: Jim Pingle
03:02 PM Revision 9bfd8974: Improve handling of XMLRPC sync of empty sections. Fixes #14034: Jim Pingle
02:10 PM Bug #13671 (Feedback): DHCP client can fail permanently if an interface is down at boot: Applied in changeset commit:c37e9ab908cffe20227cc8c88ae5463b5562a397. Jim Pingle
02:03 PM Bug #13671 (In Progress): DHCP client can fail permanently if an interface is down at boot: I was able to reproduce this in a VM finally. The key is to boot with the interface detected and then reconnect it ju... Jim Pingle
01:45 PM Bug #13860 (Feedback): Typo in Remote IPv4/IPv6 Address help text on ``interfaces_gre_edit.php``: Applied in changeset commit:5c75223e38c6c3ba1b67f9ab24b9f7ea34bde0f8. Jim Pingle
01:38 PM Bug #13860 (In Progress): Typo in Remote IPv4/IPv6 Address help text on ``interfaces_gre_edit.php``: Jim Pingle
01:40 PM Feature #12464 (Feedback): Option to control log level of authentication messages in system logs ("Emergency" vs "Notice" level): Applied in changeset commit:6c186dae17fe41851c2ee3bb72852178596f2652. Jim Pingle
01:30 PM Feature #12464 (In Progress): Option to control log level of authentication messages in system logs ("Emergency" vs "Notice" level): Now that the console bell behavior is split off from this (See #14002) I think what we should do here is just keep th... Jim Pingle
01:29 PM Revision f884cc20: filter: correctly disable fragment reassembly: Kristof Provost
01:15 PM Feature #14002 (Feedback): Option to enable/disable console bell, enabled by default: Applied in changeset commit:4fe6481fa35f31b93ed5841c3342cbb5bd76237c. Jim Pingle
01:04 PM Feature #14002 (In Progress): Option to enable/disable console bell, enabled by default: The more I look at this the less it's tied to the login messages since it's a general console bell setting. I've got ... Jim Pingle
01:10 PM pfSense Plus Regression #13824: CPU/Crypto Detection for the 3100 is not functioning properly: Bill McGonigle wrote in #note-4:
> Is the patch world-readable anywhere? I have affected hardware and the System Pa... Jim Pingle
01:08 PM pfSense Plus Regression #13824: CPU/Crypto Detection for the 3100 is not functioning properly: Is the patch world-readable anywhere? I have affected hardware and the System Patches feature can't resolve this com... Bill McGonigle
12:22 PM Bug #14092 (In Progress): Kernel panic when PF passes a large/fragmented ICMP6 packet: I believe I understand the issue. Briefly put, pf_refragment6() ends up calling ip6_forward() for traffic in the outp... Kristof Provost
12:20 PM Bug #14007 (Feedback): Using PF reserved keywords for interface descriptions results in an invalid ruleset: Applied in changeset commit:7ce12dcb36c73d6526dd46ef6b790d189be25a40. Jim Pingle
12:09 PM Bug #14007 (In Progress): Using PF reserved keywords for interface descriptions results in an invalid ruleset: The fix for #14057 likely also solved this as a byproduct but we should still reject these names just in case.
I c... Jim Pingle
11:05 AM Bug #13953 (Feedback): PHP Error loading Floating rule tab with OpenVPN group rules when there are no OpenVPN instances in the configuration: Applied in changeset commit:5f121e6a11df8f640f01d27795afeaefb55c50d6. Jim Pingle
10:50 AM Bug #13973 (Feedback): PHP error in ``gwlb.inc`` when OpenVPN or IPsec instances referred to by assigned interface entries are missing: Applied in changeset commit:0dbc2d6a7679e85d69bae85ec57d90674e393ea8. Jim Pingle
10:43 AM Bug #13973: PHP error in ``gwlb.inc`` when OpenVPN or IPsec instances referred to by assigned interface entries are missing: There is already a check which prevents deleting an assigned VPN instance, so it's not clear how this situation may h... Jim Pingle
10:29 AM Bug #13973 (In Progress): PHP error in ``gwlb.inc`` when OpenVPN or IPsec instances referred to by assigned interface entries are missing: Jim Pingle
10:50 AM Bug #13003: Malicious Driver Detection event on ``ixl(4)`` driver: Today we have had a crash with the "Malicious Driver Detection" event at 10:00:26 Colombia time:
Mar 13 10:00:26 ker... Daniel Montealvaro
10:10 AM Bug #14034 (Feedback): PHP errors in ``xmlrpc.php`` during configuration synchronization if the target host has an empty XML tag for a given section: Applied in changeset commit:9bfd89747eba77091ab6e2df5639a33a185342f8. Jim Pingle
09:43 AM pfSense Packages Feature #14100 (New): Use interface groups as an Alias for IP Interface/Rules Configuration: Hi
I understand that there is an order in how firewall rules are used but my suggestion is not for altering that.
... Jon Brown
09:28 AM pfSense Plus Regression #14099 (Duplicate): snmpd SIOCGIFDESCR (e6000sw0port1): Device not configured: Duplicate of #13976 Jim Pingle
09:26 AM pfSense Plus Regression #14099 (Duplicate): snmpd SIOCGIFDESCR (e6000sw0port1): Device not configured: See bug #8600 Björn Bylander
09:18 AM pfSense Plus Bug #8600: "snmpd SIOCGIFDESCR (e6000sw0port1): Device not configured": This bug seems to have popped up again on my SG-3100 after upgrading to 23.01. Björn Bylander
09:09 AM Feature #8794: NTP authentication support: I can confirm this issue still occurs in version 23 Jonathan Lee
09:05 AM pfSense Packages Regression #13978: PHP errors with squidGuard: Also:... Steve Wheeler
08:40 AM Todo #14098 (Resolved): Match upstream changes in PF syntax to disable fragment disassembly: PF enables fragment disassembly by default now, so to disable it the directive must explicitly be @fragment no reasse... Jim Pingle
07:38 AM Bug #13938 (Resolved): Kernel panic accessing the GUI over IPsec in certain environments when using nginx ``sendfile`` with unmapped mbufs: @sendfile@ is @off@ in all @nginx@ configurations now, for the GUI and Captive Portal.
Jim Pingle

03/12/2023

04:02 PM pfSense Packages Bug #13043: OSPF over Wireguard interface doesn't populate neighbors after reboot: Hi,
just wanted to confirm. I can reproduce this issue on all of my installations so far. Mostly PFsense CE 2.6.0 ... Johann Lohberger
03:29 PM Bug #11877 (Feedback): Labels and description disappear in firewall_schedule_edit.php: Right. The fix is in snapshots. Christian McDonald
02:28 PM Bug #13938: Kernel panic accessing the GUI over IPsec in certain environments when using nginx ``sendfile`` with unmapped mbufs: We will now disable sendfile mode. Sendfile has little to no benefit for us on pfSense.
This feature of nginx has ... Christian McDonald
01:05 PM Bug #14077: Kernel panic from incoming IPv6 connections: Thank you for the information.
I got an unexpected crash but I forgot that I have another NAT rule (the 443 NAT rule... Bruno Dambrine
10:33 AM Bug #13325 (Confirmed): System Information widget breaks with multiple instances: Marcos M
09:09 AM pfSense Packages Regression #14097 (Duplicate): Upgrade to 23.01: PHP Fatal error: Uncaught TypeError: Unsupported operand types: string / int in /etc/inc/util.inc: Duplicate of #14024 Jim Pingle
01:28 AM pfSense Packages Regression #14097 (Duplicate): Upgrade to 23.01: PHP Fatal error: Uncaught TypeError: Unsupported operand types: string / int in /etc/inc/util.inc: After the upgrade to version 23.01-RELEASE I right away got a message from the Crash reporter:... Sebastian Wagner
04:57 AM Bug #13729: Gateways stuck in Unknown status: Same issue, restarting dpinger service resolved the issue. I have dpinger in service watchdog service do it should no... Marko Koivusalo
01:55 AM Revision 37c29e4d: Disable nginx sendfile mode, Fixes #13938: Christian McDonald

03/11/2023

09:37 PM pfSense Plus Feature #13786: ldap intergration for firewall rules: Mike Moore wrote in #note-4:
> So there is no way in the future to create a LAN rule stating
> Src: AD/mmoore
> Ds... Kris Phillips
09:29 PM pfSense Plus Feature #14017: Ability to remove all packages before upgardes with saved configuration: There is already an option to reinstall packages from Diagnostics --> Backup and Restore. It would be beneficial for... Kris Phillips
09:25 PM pfSense Plus Regression #14080: Installer fails to install to a geom mirror: Typically right now we also have issues with the installer converting from gmirror to ZFS. Haven't tested since 22.0... Kris Phillips
09:06 PM Bug #14060: Auto Config Backup prints a confusing decryption error when using the wrong key: that looks better, when I do the same thing I get the following now with that patch applied to 23.01
__
The followi... Jordan G
08:05 PM Bug #13938 (Feedback): Kernel panic accessing the GUI over IPsec in certain environments when using nginx ``sendfile`` with unmapped mbufs: Applied in changeset commit:37c29e4de148a14480c01c8fa179e9b630bb0fb4. Christian McDonald
07:44 PM Bug #14089 (Duplicate): System information widget bars operate incorrectly when widget is "split": Duplicate of #13325 Christopher Cope
03:34 PM pfSense Packages Bug #14096 (Resolved): Status_Traffic_Totals does not work on snapshots due to sqlite change: It looks like a recent change in sqlite broke vnstat which leads to Status_Traffic_Totals not working:
https://for... Jim Pingle
02:05 PM pfSense Packages Bug #14094: HAProxy "Write to Disk" files not being saved: Christopher Cope wrote in #note-2:
> The files are not wrote unless HAProxy is enabled, and the backend / frontend a... Ryan V
01:39 PM pfSense Packages Bug #14094 (Not a Bug): HAProxy "Write to Disk" files not being saved: Ryan V wrote:
> pfSense v2.6.0, HAProxy package v0.61_7.
>
> I am trying to save a map file via the Files tab in ... Christopher Cope
12:34 PM pfSense Packages Bug #14094: HAProxy "Write to Disk" files not being saved: Replying to add that nothing helpful is showing in the logs found in Status > System Logs:... Ryan V
12:31 PM pfSense Packages Bug #14094 (Not a Bug): HAProxy "Write to Disk" files not being saved: pfSense v2.6.0, HAProxy package v0.61_7.
I am trying to save a map file via the Files tab in the HAProxy GUI. I ad... Ryan V
01:57 PM Bug #14077: Kernel panic from incoming IPv6 connections: This looks similar to another crash we have been able to reproduce, and we're still working on a fix. I suspect it's ... Jim Pingle
01:41 PM Bug #14077: Kernel panic from incoming IPv6 connections: Hi.
I have rebuild the configuration and I may have some useful information.
First of all, some information on ... Bruno Dambrine
01:54 PM Bug #13003: Malicious Driver Detection event on ``ixl(4)`` driver: Good afternoon.
We have tried updating the driver, disabling TSO, increasing queues, changing the interface... Wit... Daniel Montealvaro
01:10 PM Bug #14095: Removing an interface group does not remove rules for the interface group: This isn't an alias problem, the alias code is doing what it should and preventing you from removing an item that's i... Jim Pingle
01:02 PM Bug #14095 (New): Removing an interface group does not remove rules for the interface group: If an Alias was used in a rule on an Interface Group, after removing the interface group, you won't be able to delete... Danilo Zrenjanin
12:30 PM pfSense Plus Bug #13981 (Resolved): PHP Error on ``status_interfaces.php`` with empty switch VLAN group configuration and assigned VLAN interfaces: Replicated the issue on SG-2100.... Danilo Zrenjanin
09:08 AM pfSense Packages Bug #14088 (Resolved): pfsense 2.7-dev pfSense-pkg-snort installation failed!: Jim Pingle
01:03 AM pfSense Packages Bug #14088: pfsense 2.7-dev pfSense-pkg-snort installation failed!: Yes, now I could install snort, thanks!!! Peter Moreno
09:08 AM Bug #11877 (New): Labels and description disappear in firewall_schedule_edit.php: Jim Pingle
12:13 AM Bug #11877: Labels and description disappear in firewall_schedule_edit.php: Tested on 23.01, It still disappears descriptions and labels. Lev Prokofev

03/10/2023

05:09 PM Revision 5efa3d45: Improve error handling in ACB. Fixes #14060: It wasn't printing a helpful message when it failed to decrypt a
configuration (e.g. using the wrong key). Jim Pingle
04:51 PM Revision 404efa21: Resolve various PHP8 issues in ACB. Fixes #14076: Jim Pingle
03:28 PM Revision 94e26e56: Fix labels and description dissapear in firewall_schedule_edit.php, #11877: Christian McDonald
03:16 PM Revision a478307d: Start sshd after hosts and interfaces: Steve Wheeler
03:05 PM Revision 29cd08ea: Aliases config access refactor by brd: Christian McDonald
02:19 PM Feature #14093 (Rejected): Captive Portal permits user to authenticate / log into wrong vlan ID selected in freeRadius: The solution here is to set each portal to use the RADIUS server in a different way, either with a different NAS Iden... Jim Pingle
01:38 PM Feature #14093 (Rejected): Captive Portal permits user to authenticate / log into wrong vlan ID selected in freeRadius: When two or more separate Captive Portals use freeRadius for authentication and a user in freeRadius exists with a VL... Dale Harron
02:15 PM Bug #13851 (Resolved): DNS Resolver does not generate automatic ACLs for IPv6 when Network Interfaces is set to "All": Jim Pingle
01:01 PM Bug #13851: DNS Resolver does not generate automatic ACLs for IPv6 when Network Interfaces is set to "All": Tested on:
Version 23.01-RELEASE (amd64)
built on Fri Feb 10 20:06:33 UTC 2023
FreeBSD 14.0-CURRENT
patch suc... Georgiy Tyutyunnik
12:55 PM Feature #13844: Make RADIUS Start/Stop accounting immediately log off a user that exceeds quota when reauthentication is disabled: I considered a separate redmine but this issue must be resolved simultaneous with this redmine as simply removing the... Dale Harron
12:21 PM Bug #14092: Kernel panic when PF passes a large/fragmented ICMP6 packet: The backtrace here looks the same as on #14077, they may be the same. Jim Pingle
08:35 AM Bug #14092 (Resolved): Kernel panic when PF passes a large/fragmented ICMP6 packet: With pf enabled and a rule to pass IPv6 ICMP, the kernel may panic when receiving and passing a large ICMP6 packet:
... Jim Pingle
12:21 PM pfSense Packages Bug #14075: Using the ``Transparent ClientIP`` option in HAproxy results in kernel panics: This is likely a bug in ipfw, which was included in 23.01. 23.05 does not contain the ipfw kernel module.
23.01:
... Christian McDonald
11:15 AM Bug #14060 (Feedback): Auto Config Backup prints a confusing decryption error when using the wrong key: Applied in changeset pfsense:commit:5efa3d459f07382c8ab9d487775f07cb1114e212. Jim Pingle
11:08 AM Bug #14060 (In Progress): Auto Config Backup prints a confusing decryption error when using the wrong key: It just can't decrypt the config because it isn't using the right encryption key. If you set the correct key then you... Jim Pingle
11:00 AM Regression #14076 (Feedback): PHP error if the configuration has an empty Auto Configuration Backup section: Applied in changeset commit:404efa211294c85fa497b756d494d41f1b0f658d. Jim Pingle
10:50 AM Regression #14076: PHP error if the configuration has an empty Auto Configuration Backup section: This one can also happen with the empty settings tag:... Jim Pingle
10:47 AM Regression #14076 (In Progress): PHP error if the configuration has an empty Auto Configuration Backup section: Jim Pingle
10:29 AM pfSense Plus Bug #14068 (Closed): Importing Chained Cert Data into the System --> Cert Manager --> Certificates Breaks Authentication: Kris Phillips wrote in #note-2:
> The message of "Unknown CA" is what pfSense is sending to the remote host. This w... Jim Pingle
10:16 AM pfSense Plus Bug #14068: Importing Chained Cert Data into the System --> Cert Manager --> Certificates Breaks Authentication: Jim Pingle wrote in #note-1:
> Allowing multiple CAs in a single entry was always a hackish workaround for things th... Kris Phillips
09:29 AM Bug #11877: Labels and description disappear in firewall_schedule_edit.php: Reapplied the patch. I was unable to rebase in GitLab.
Feedback now appreciated. Christian McDonald
09:26 AM Bug #11877 (Feedback): Labels and description disappear in firewall_schedule_edit.php: Christian McDonald
08:44 AM pfSense Packages Bug #14088: pfsense 2.7-dev pfSense-pkg-snort installation failed!: I checked the Suricata port and it still uses luajit:luajit-openresty. Both work now. Christian McDonald
07:00 AM pfSense Packages Bug #14088: pfsense 2.7-dev pfSense-pkg-snort installation failed!: Christian McDonald wrote in #note-3:
> Thanks Bill for the history, that was helpful.
>
> I set the luajit-openre... Bill Meeks
08:07 AM Bug #14035: PHP error when attempting to create a GIF interface when ``if_gif`` kernel module is not loaded: My configuration also has @<gifs></gifs>@ and I can create a new GIF OK. I still can't find a way to reproduce this r... Jim Pingle
07:25 AM Regression #14091 (Confirmed): The "Kill States" button does not work consistently: It doesn't seem to be about the destination, it works sometimes and not others.
I tried a few different states and... Jim Pingle
03:49 AM Regression #14091 (Resolved): The "Kill States" button does not work consistently: Steps to reproduce
1)go to Dignostics=>States
2)Use the Filter expression field to filter using some known destinat... Lev Prokofev
04:18 AM Bug #14034: PHP errors in ``xmlrpc.php`` during configuration synchronization if the target host has an empty XML tag for a given section: If no VIP is defined on the primary, after any XMLRPC action, it will create an empty <virtualip></virtualip> tag on ... Danilo Zrenjanin

03/09/2023

09:17 PM pfSense Packages Bug #14088 (Feedback): pfsense 2.7-dev pfSense-pkg-snort installation failed!: Thanks Bill for the history, that was helpful.
Honestly one of these days I need to audit the port options that we h... Christian McDonald
07:54 PM pfSense Packages Bug #14088: pfsense 2.7-dev pfSense-pkg-snort installation failed!: Christian McDonald wrote in #note-1:
> This also impacts 23.05 snapshots.
>
> We currently build nginx with LUA supp... Bill Meeks
04:43 PM pfSense Packages Bug #14088: pfsense 2.7-dev pfSense-pkg-snort installation failed!: This also impacts 23.05 snapshots.
We currently build nginx with LUA support (which we don't use). Snort also depend... Christian McDonald
11:49 AM pfSense Packages Bug #14088 (Resolved): pfsense 2.7-dev pfSense-pkg-snort installation failed!: Hello.
I want to test snort on pfsense 2.7-dev latest version
But I receive this error:
>>> Installing pfSen... Peter Moreno
05:55 PM Bug #14077: Kernel panic from incoming IPv6 connections: Bruno Dambrine wrote in #note-2:
> I have reinstalled the 6100 with the 23.01 to make sure that the issue is not lin... Paul Kennedy
05:42 PM Bug #13325: System Information widget breaks with multiple instances: Just following up on this as this is STILL and ALSO occurring on the latest pfSense+ version 23.01. Larry Bernardo
02:45 PM pfSense Plus Bug #14090 (New): Significant State Creation Causes LACP, BGP, and Possibly Other Components to Temporarily Fail: When testing with a customer, when a remote host has a large number of new states being created, then transitioning t... Kris Phillips
12:34 PM Bug #14089 (Duplicate): System information widget bars operate incorrectly when widget is "split": System information widget fields:
State table size
MBUF Usage
Temperature
Load average
CPU usage
Memory usage... Georgiy Tyutyunnik
12:33 PM pfSense Docs Correction #14084 (Resolved): Feedback on Virtual Private Networks — OpenVPN — OpenVPN Configuration Options — Client Specific Overrides: I pushed a correction for this, it will be live in ~10-15 minutes when the build finishes. Jim Pingle
11:16 AM pfSense Docs Correction #14084: Feedback on Virtual Private Networks — OpenVPN — OpenVPN Configuration Options — Client Specific Overrides: It's actually working as it should in that case, but you are right the docs could use some clarity on that.
Withou... Jim Pingle
05:46 AM pfSense Docs Correction #14084 (Resolved): Feedback on Virtual Private Networks — OpenVPN — OpenVPN Configuration Options — Client Specific Overrides: *Page:* https://docs.netgate.com/pfsense/en/latest/vpn/openvpn/configure-overrides.html
Using:... Marius Popa
11:06 AM Bug #14087 (Duplicate): Adding CARP: Uncaught TypeError: Cannot access offset of type string on string in /usr/local/www/xmlrpc.php:399: Duplicate of #14034 Jim Pingle
10:44 AM Bug #14087 (Duplicate): Adding CARP: Uncaught TypeError: Cannot access offset of type string on string in /usr/local/www/xmlrpc.php:399: When I add a (my first) Virtual IP (CARP) I get an error on the secondary:... Michael Lipp
10:57 AM pfSense Packages Regression #14043 (Feedback): Netgate Firmware Upgrade fails to mount EFISYS: Fixed in plus as of 67fef1ab045a. /mnt and /boot/efi are both unmounted prior to mounting the ESP at /mnt. Reid Linnemann
07:35 AM Regression #14086 (Resolved): Current snapshot builds missing most kernel modules that were on previous builds/releases: At some point between March 1 and March 8 dev snapshot builds of CE 2.7.0 the kernel package lost 90% of its modules.... Jim Pingle
07:02 AM pfSense Plus Bug #14085 (New): QAT not working / same speed as AES-NI with CPIC-8955!: My post on the netgate forum, still no unanswer:
https://forum.netgate.com/topic/175096/ipsec-with-qat-low-performan... Alexandru Racovita
06:30 AM Bug #14070: STUN or Override WAN address in UPnP breaks working port forwarding if WAN IP is Private IP: Simplified testing:
*Scenario 1.*
Upstream router gives pfsense a *Private IP in DMZ* on WAN.
UPnP settings in pfse... Greger Blennerud

03/08/2023

06:57 PM pfSense Plus Regression #13895: Early boot hangs on Hyper-V with Gen2 VMs: I can't repro it in Win-11 Hyper-V. 4GB, ZFS, 3 NICs, ISO still attached.
In the loader prompt (option 3), can you... Leon Dang
01:53 PM Bug #14070: STUN or Override WAN address in UPnP breaks working port forwarding if WAN IP is Private IP: Here's the "same" testing with some more details:
Testing is done in two difference scenarios, where the first has p... Greger Blennerud
01:09 PM Bug #14083 (Resolved): Adding MSS and MTU values on a LAGG VLAN interface breaks connectivity: Steps to reproduce:
# Under Interfaces/WAN, define MTU 1480 and MSS 1440. Save and Apply the changes.
# Reboot th... Danilo Zrenjanin
10:16 AM pfSense Docs Todo #14082 (Closed): Feedback on Network Address Translation — Port Forwards: That definitely is wrong as-is, it should be:... Jim Pingle
09:05 AM pfSense Docs Todo #14082 (Closed): Feedback on Network Address Translation — Port Forwards: *Page:* https://docs.netgate.com/pfsense/en/latest/nat/port-forwards.html#adding-port-forwards
*Feedback:*
The bu... Steve Y
07:54 AM pfSense Plus Regression #14080: Installer fails to install to a geom mirror: Reid Linnemann wrote in #note-2:
> Do we want to cut the cord on UFS and just be done with it?
UFS is OK and not ... Jim Pingle
07:34 AM Regression #14072: No working IPv6 gateway if upstream RA does not contain M or O flags because rtsold does not execute script: Ricardo Mendes wrote in #note-3:
> Since the current behaviour introduced by the update is what we'd consider to be ... Jim Pingle
05:06 AM Regression #14072: No working IPv6 gateway if upstream RA does not contain M or O flags because rtsold does not execute script: Hi there,
I initially posted about this issue on the forums and would like to leave a suggestion here;
Since th... Ricardo Mendes
07:06 AM pfSense Packages Feature #14081 (New): Nagios: Hello,
I have a problem with the netgate in version 23.01 for Nagio monitoring.
After researching the problem of... Florian BELIARD
01:43 AM Bug #13003: Malicious Driver Detection event on ``ixl(4)`` driver: Good afternoon.
We have the same problem with our 1541.
We are in version 23.01.
The problem is that sometimes the... Daniel Montealvaro

03/07/2023

11:02 PM pfSense Plus Regression #14080: Installer fails to install to a geom mirror: Do we want to cut the cord on UFS and just be done with it? Reid Linnemann
07:44 PM pfSense Plus Regression #14080: Installer fails to install to a geom mirror: You can get past that point by manually setting the UFS slice on the mirror to mount at @/@ though it still fails eve... Jim Pingle
06:12 PM pfSense Plus Regression #14080 (New): Installer fails to install to a geom mirror: The 23.01 installer fails to create the expected mount points when trying to reinstall UFS to an existing gmirror.
... Steve Wheeler
03:28 PM Bug #14045: ``pfSense-boot`` can fail to copy the EFI bootloader: Merged to plus with merge commit 70bd508078 Reid Linnemann
12:21 PM pfSense Plus Bug #14074: Cannot edit or delete ZFS Boot Environment with a name containing only numbers: more experimentation
if i create a new environment with the same name as the old damaged ones (now 0 or 1) it create... Mark Grant
12:10 PM Bug #14077: Kernel panic from incoming IPv6 connections: I have reinstalled the 6100 with the 23.01 to make sure that the issue is not linked to the upgrade.
I got the same ... Bruno Dambrine
10:43 AM Regression #14072: No working IPv6 gateway if upstream RA does not contain M or O flags because rtsold does not execute script: Louis B wrote in #note-1:
> I also think the RA behavoir is not OK! See my form post https://forum.netgate.com/topic... Jim Pingle
09:41 AM Regression #14072: No working IPv6 gateway if upstream RA does not contain M or O flags because rtsold does not execute script: I also think the RA behavoir is not OK! See my form post https://forum.netgate.com/topic/178423/some-doubts-about-rou... Louis B
08:51 AM pfSense Packages Bug #12399: WireGuard v0.1.5 - Tunnel Will Never Handshake Again After WAN Reset: Nunya Business wrote in #note-27:
> This problem has returned with the current version of the Wireguard package, 1.1... Prime BDE

03/06/2023

09:44 PM Revision 8b8f94c7: Safely update efi loader from pfSense-boot. Fixes #14045: Alter pfSense-boot +INSTALL script to safely update the efi loader from
/boot/loader.efi. The update is now done with... Reid Linnemann
04:39 PM Bug #14045: ``pfSense-boot`` can fail to copy the EFI bootloader: Merge to plus is still pending before this can be closed. Reid Linnemann
04:30 PM Bug #14045 (Feedback): ``pfSense-boot`` can fail to copy the EFI bootloader: Applied in changeset commit:8b8f94c7e10d9bc64d267eb8fb6f4280f13d3ab9. Reid Linnemann
04:33 PM pfSense Plus Bug #13967: aarch64 23.01 upgrade can fail to write the bootloader: Fix for this is introduced into pfSense-updgrade at revision 2c4bf3c in plus packages only at this time. pfSense-upgr... Reid Linnemann
04:32 PM Bug #14035: PHP error when attempting to create a GIF interface when ``if_gif`` kernel module is not loaded: We actually have the full config this is hitting this in Nextcloud.
The gif section is empty:... Steve Wheeler
12:10 PM Bug #14035: PHP error when attempting to create a GIF interface when ``if_gif`` kernel module is not loaded: Jay Maynard wrote in #note-3:
> What information can I supply?
See my comment in #note-1 above. Jim Pingle
11:34 AM Bug #14035: PHP error when attempting to create a GIF interface when ``if_gif`` kernel module is not loaded: What information can I supply? Jay Maynard
03:46 PM pfSense Plus Bug #14074: Cannot edit or delete ZFS Boot Environment with a name containing only numbers: did some more trials, and found if i just use the date as 20230306 it does it.
named it 20230306, the other day i na... Mark Grant
09:38 AM pfSense Plus Bug #14074: Cannot edit or delete ZFS Boot Environment with a name containing only numbers: to get the initial issue;
what i did; i didnt read the limitation of what characters could be used, and used a "-"... Mark Grant
07:17 AM pfSense Plus Bug #14074 (Feedback): Cannot edit or delete ZFS Boot Environment with a name containing only numbers: There must be some additional steps needed to replicate the problem. I tried a 23.01 system here and I could create a... Jim Pingle
02:53 AM pfSense Plus Bug #14074: Cannot edit or delete ZFS Boot Environment with a name containing only numbers: now that it has this new boot environment '0' if i try to edit it, it makes a new boot environment. Each time.
ho... Mark Grant
03:09 PM Revision d24242c7: Handle IPsec P1 w/o valid proposals better. Fixes #14009: Jim Pingle
02:49 PM pfSense Docs Todo #14023 (Closed): Feedback on Releases — 23.01 New Features and Changes: I pushed updates to this section today which include updates for this text. They should appear when the build finishe... Jim Pingle
02:36 PM Bug #14009 (Resolved): PHP error from upgraded IPsec tunnel containing only deprecated ciphers: That fixed it. I am marking this ticket resolved. Danilo Zrenjanin
09:20 AM Bug #14009 (Feedback): PHP error from upgraded IPsec tunnel containing only deprecated ciphers: Applied in changeset commit:d24242c77ae420b9df0723ca6f1dab209e69c357. Jim Pingle
07:08 AM Bug #14009 (In Progress): PHP error from upgraded IPsec tunnel containing only deprecated ciphers: Jim Pingle
02:18 PM pfSense Packages Bug #14079 (Rejected): Debug descriptions misleading: The current text is correct. There is no need to suppress anything, it's clearly explained in the result string.
E... Jim Pingle
01:28 PM pfSense Packages Bug #14079 (Rejected): Debug descriptions misleading: the purpose of the debug button is... Jon Brown
12:23 PM Bug #14061 (Not a Bug): PHP error if a non-privileged shell user attempts an operation which needs to write ``config.cache``: That really isn't viable. We'd have to potentially catch any/every PHP error or rewrite every call that might even po... Jim Pingle
10:09 AM Regression #14078: Traffic graph shows half actual throughput when switching back to the graph: 'Clear graphs when not visible' must be selected. Steve Y
10:08 AM Regression #14078 (Confirmed): Traffic graph shows half actual throughput when switching back to the graph: When switching back to the traffic graph page, the graph restarts as designed but the data shown is now half actual.
... Steve Y
07:38 AM Bug #14077: Kernel panic from incoming IPv6 connections: There must be some other required component to replicate this. I've not seen a panic like this on the 6100 at my edge... Jim Pingle
07:11 AM Regression #14053 (Resolved): Changing the default IPsec widget tab removes all widgets: Jim Pingle
07:10 AM Bug #14071 (Not a Bug): installing packages on 23.05: Jim Pingle
07:08 AM pfSense Plus Bug #14068 (Feedback): Importing Chained Cert Data into the System --> Cert Manager --> Certificates Breaks Authentication: Allowing multiple CAs in a single entry was always a hackish workaround for things that didn't support chains. Import... Jim Pingle
12:48 AM Feature #7746: Proxy NDP: Hi, All.
I have again asked for an ND Proxy implementation in Feature #14032.
Does anyone agree with me? Yuki Hiramatsu

03/05/2023

07:43 PM Bug #14077 (Resolved): Kernel panic from incoming IPv6 connections: After upgrading to 23.01, the system crashes with the following test on a Netgate 6100:
* With a default configurati... Marcos M
07:29 PM Regression #14076 (Resolved): PHP error if the configuration has an empty Auto Configuration Backup section: After upgrading to 23.01, the following is reported:... Marcos M
07:25 PM Feature #4681 (Resolved): AutoConfigBackup make a way to easily download a saved backup: This functionality now exists. Marcos M
07:14 PM pfSense Packages Bug #14075 (Not a Bug): Using the ``Transparent ClientIP`` option in HAproxy results in kernel panics: Report from a Netgate 7100 after upgrading to @23.01@.
Before disabling the @Transparent ClientIP@ option in hapro... Marcos M
03:43 PM pfSense Plus Regression #13895: Early boot hangs on Hyper-V with Gen2 VMs: This can be replicated on Azure as well. Deploy a new pfSense+ 23.01 Gen 2 VM on Azure with a size which allows addin... Marcos M
03:38 PM pfSense Plus Bug #14074: Cannot edit or delete ZFS Boot Environment with a name containing only numbers: Are you able to replicate this reliably? If so, please detail the steps to do so. Marcos M
03:18 PM pfSense Plus Bug #14074 (Resolved): Cannot edit or delete ZFS Boot Environment with a name containing only numbers: i just created a new boot environment, but it apparently didnt like the name i gave it and set it to '0'
It cann... Mark Grant
01:52 PM pfSense Packages Bug #14058: Update vendor=on triggers installation failure: Thanks Chris. Let’s wait and see then. Jan-Peter Koopmann
01:34 PM Bug #14061 (New): PHP error if a non-privileged shell user attempts an operation which needs to write ``config.cache``: It would be preferable to add better error handling for these kinds of PHP errors, and ideally show a more useful ale... Marcos M
04:24 AM Regression #13381: Software VLAN tagging does not work on ``ixgbe(4)`` interfaces: Steve Wheeler wrote:
> VLAN tagged traffic fails on an ix NIC if hardware vlan tagging is disabled.
> For example:
... Nicolas Embriz
01:53 AM Regression #14053: Changing the default IPsec widget tab removes all widgets: Tested on
23.01-RELEASE (amd64)
built on Fri Feb 10 20:06:33 UTC 2023
FreeBSD 14.0-CURRENT
After apply the pat... aleksei prokofiev

03/04/2023

08:17 PM pfSense Packages Todo #14073 (Confirmed): Shalla block list is offline but still available in pfBlocker: The Shalla Services blocklist went offline permanently in January 2022. It's still available as a list option in the ... Chris W
07:40 PM Bug #14056: DNS Resolver experiences intermittent resolution failures with SSL over TLS due to ASLR: I have successfully been using DNSoTLS with 1.1.1.2/security.cloudflare-dns.com for some time and have temporarily sw... Jordan G
07:23 PM Regression #14057 (Resolved): Dynamic gateway names use mixed case instead of upper case, leading to configuration mismatches: Tested on... Christopher Cope
07:09 PM Regression #14016 (Resolved): FreeBSD default ``cron`` jobs are enabled when they should be disabled: Tested on... Christopher Cope
06:29 PM Regression #14010 (Resolved): Typo in ``filter.inc`` variable for DHCPv6 VLAN priority tag value: Tested on... Christopher Cope
04:35 PM pfSense Packages Bug #14019 (Resolved): PHP Error: /usr/local/pkg/avahi/avahi.inc:76: Tested on 2.2_4. I don't see reproduction steps, so I'm assuming this was triggered on install or when navigating to... Kris Phillips
03:58 PM Bug #14071: installing packages on 23.05: Repos for 23.05 are not public at this time, which will cause the issue described here. This can be closed as not a ... Kris Phillips
01:57 PM Bug #14071 (Not a Bug): installing packages on 23.05: I am not able to install any package in 23.05
the error is attached
23.05-DEVELOPMENT (amd64)
built on Fri... Alhusein Zawi
03:46 PM Regression #14072 (Resolved): No working IPv6 gateway if upstream RA does not contain M or O flags because rtsold does not execute script: On 23.01, rtsold is not firing the script at @/var/etc/rtsold_<if>_script.sh@ unless the router advertisement receive... Jim Pingle
01:09 PM Bug #14070 (New): STUN or Override WAN address in UPnP breaks working port forwarding if WAN IP is Private IP: I discovered some weird behavior when experimenting with UPnP - STUN and Override WAN address in a failover scenario ... Greger Blennerud
10:57 AM Feature #14069 (New): UPnP & NAT-PMP External Interface - multi select and/or gateway group: Using UPnP in a failover scenario with dual WAN does not work unless you manually change the External interface and r... Greger Blennerud
09:44 AM Bug #14009: PHP error from upgraded IPsec tunnel containing only deprecated ciphers: I applied the patch on:... Danilo Zrenjanin
08:54 AM Bug #14036 (Resolved): PHP error when the ``timeserver`` section of the configuration is empty: I could replicate the issue on the:... Danilo Zrenjanin
08:37 AM Bug #14065: UPnP not working when WAN IP is private IP range.: Greger Blennerud wrote in #note-4:
> Jim Pingle wrote in #note-3:
> > We've tried communicating with them before ab... Greger Blennerud
07:51 AM Bug #14037 (Resolved): PHP Error enabling ICMP6 using EasyRule: I could replicate the issue on the:... Danilo Zrenjanin
07:05 AM pfSense Packages Bug #14058: Update vendor=on triggers installation failure: Yep very sure.
I even ran it through truss and watched the fetch calls be made and return successfully.
I waa a... Christian McDonald
04:12 AM pfSense Packages Bug #14058: Update vendor=on triggers installation failure: Are you sure you selected „update vendor list“ in the arpwatch settings before trying to reproduce it? Jan-Peter Koopmann

Also available in: Atom

Project

General

Profile

pfSense

Activity

Activity

04/02/2023

04/01/2023

03/31/2023

03/30/2023

03/29/2023

03/28/2023

03/27/2023

03/26/2023

03/25/2023

03/24/2023

03/23/2023

03/22/2023

03/21/2023

03/20/2023

03/19/2023

03/18/2023

03/17/2023

03/16/2023

03/15/2023

03/14/2023

03/13/2023

03/12/2023

03/11/2023

03/10/2023

03/09/2023

03/08/2023

03/07/2023

03/06/2023

03/05/2023

03/04/2023