Project

General

Profile

Activity

From 05/01/2023 to 05/30/2023

05/30/2023

11:56 PM Regression #14039 (In Progress): Limiters have no effect on upload traffic passed by policy routing rules
Marcos M
11:05 PM Feature #9156: OpenVPN: Add tickbox for 'nopool' directive
Orion Poplawski wrote in #note-3:
> This would be very nice to have.
I would like this as well. After upgrading to 2... Craig Leres
06:45 PM Feature #14437 (Pull Request Review): Add DynDNS Provider - Hetzner
please add hetzner as a dyndns provider because hetzner does not officially support dyndns, you would have to do it v... Denis Billmeier
05:04 PM Bug #14435 (Feedback): PHP error with limiters
I cannot reproduce this on a clean install either by creating a new limiter or creating a second limiter. The VM had ... Jim Pingle
04:25 PM Bug #14435 (Incomplete): PHP error with limiters
On 23.05:
> trying to create a traffic shaper in the limiter tab after putting the value and saving the changes I ge... Marcos M
04:26 PM pfSense Plus Regression #14436 (Closed): Upgrades from 23.05-RC/beta/dev fail server authentication
Upgrades from earlier 23.05 versions can fail due to the configured branch no longer existing and server cert from th... Steve Wheeler
02:00 PM Bug #14425 (Feedback): "Max Processes" value is not stored properly when saving on ``system_advanced_admin.php``
Applied in changeset commit:073a6baceffc4a363eac9369cc036fc7b19b919e. Jim Pingle
01:46 PM Bug #14425: "Max Processes" value is not stored properly when saving on ``system_advanced_admin.php``
This isn't Plus-specific. Also it appears to stay when saving but reverts when refreshing the page. If the value is n... Jim Pingle
01:55 PM Bug #14434 (Feedback): PPPoE WAN interface with VIPs causes continuous interface restarting
I have a /28 routable legacy IP block from the ISP, and they assign the first usable address of the /28 block as a /3... Bert Smith
01:51 PM Revision 073a6bac: Fix mac_procs incorrect references. Fixes #14425
Jim Pingle
01:02 PM Regression #14431: Sending IPv6 traffic on a disabled interface can trigger a kernel panic
Kristof Provost wrote in #note-4:
> The addresses in both the ip6_output() and in6_selecthlim() panics suggest that ... Mateusz Guzik
10:50 AM Regression #14431: Sending IPv6 traffic on a disabled interface can trigger a kernel panic
This may or may not be irrelevant to the underlying fault but combing through other logs I can multiple WAN PPPoE con... Rob A
10:30 AM Regression #14431: Sending IPv6 traffic on a disabled interface can trigger a kernel panic
Mateusz Guzik wrote in #note-3:
> All the above crashes are in ipv6 code, most likely racing against an interface an... Rob A
09:14 AM Regression #14431: Sending IPv6 traffic on a disabled interface can trigger a kernel panic
I should add that I've been running iperf3 on the pfsense device. The backtraces show locally originated traffic, so ... Kristof Provost
08:57 AM Regression #14431: Sending IPv6 traffic on a disabled interface can trigger a kernel panic
The addresses in both the ip6_output() and in6_selecthlim() panics suggest that fib6_lookup() returned an nhop_object... Kristof Provost
12:50 PM pfSense Packages Todo #9200: Add DNS support for Google domain to Acme manager
Nathan Stansell wrote in #note-11:
> Can this be reopened as google now has api access?
> https://domains.google/le... Jim Pingle
12:49 PM pfSense Packages Bug #14369 (Closed): DNSBL Parsing error when DNSBL Mode "Unbound python mode".
Jim Pingle
12:29 PM Bug #14432 (Incomplete): PHP error when failing to write ``config.cache``
We need a better idea of how to reproduce this. The backtrace is similar to #14061 but that file referenced here -- "... Jim Pingle
12:12 AM Bug #14432 (Resolved): PHP error when failing to write ``config.cache``
On 23.05, the following PHP errors can be triggered:... Marcos M
12:18 PM pfSense Packages Feature #14101: Add Zabbix 6.4 packages
Zabbix 6.2 is not supported anymore... So can you add FreshPort 6.4 packages ? Stephane HOFMAN
08:14 AM Bug #14396: Reassembled packets received on a VTI are not forwarded
We are scrambling a bit to at least find a workaround here. Unfortunately, disabling PF Scrub is not a viable work-ar... Christopher de Haas
02:50 AM Bug #14433 (Resolved): Panic when changing the parent of a VLAN interface used by limiters
Tested in 23.05:
# Assign a VLAN interface @vmx0.99@
# Use the interface with limiters (WF2Q+ pipe with Tail Drop q... Marcos M
01:46 AM Regression #14410: Behavior of ``earlyshellcmd`` changed, ``ngeth`` interfaces cannot be initiated early enough to pass assignment check
I have now added ngeth interfaces to the list of ignored prefixes.
I will continue to investigate this regression. Christian McDonald
01:45 AM Revision c13bf6d4: Ignore ngeth and wg interfaces when performing interface mismatch detection. For #14410
Christian McDonald

05/29/2023

09:10 PM Regression #14431: Sending IPv6 traffic on a disabled interface can trigger a kernel panic
All the above crashes are in ipv6 code, most likely racing against an interface and/or address removal.
Given your d... Mateusz Guzik
07:14 PM Regression #14431: Sending IPv6 traffic on a disabled interface can trigger a kernel panic
To add additional context that may aid in diagnostics:
* The issue presents with any change in WAN interface status ... Rob A
02:41 PM Regression #14431 (Resolved): Sending IPv6 traffic on a disabled interface can trigger a kernel panic
This issue was hidden by https://redmine.pfsense.org/issues/14164 but now that is solved in 23.05 is being seen.
<... Steve Wheeler
05:11 PM Feature #7260: Source OS / p0f Database Missing Modern Operating Systems
running p0f -i (intrface)
Example 4:63+1:0:1460:65228,7:mss,nop,ws,sok,ts: :0
this is freeBSD 13.12
The databa... Jonathan Lee
06:55 AM Feature #7260: Source OS / p0f Database Missing Modern Operating Systems
I have attached the current signature database that is being used by 23.05:
;
; p0f - fingerprint database
; -----... Jonathan Lee
02:42 PM Regression #14164 (Resolved): IPv6 interface configuration race condition can lead to kernel panic
Split to: https://redmine.pfsense.org/issues/14431 Steve Wheeler
02:25 PM Regression #14164: IPv6 interface configuration race condition can lead to kernel panic
As Kristof said this is a *different* bug in ipv6 handling.
As such please open a new redmine with the new traces ... Mateusz Guzik
10:26 AM Regression #14164: IPv6 interface configuration race condition can lead to kernel panic
Two more backtraces, should they offer any more insight:... Rob A
07:29 AM Regression #14164: IPv6 interface configuration race condition can lead to kernel panic
I've not yet been able to reproduce this, but it looks like the issue in comment 9 and 10 is that we're trying to sen... Kristof Provost
12:49 AM Regression #14164 (Incomplete): IPv6 interface configuration race condition can lead to kernel panic
It can also show as:... Steve Wheeler
11:07 AM pfSense Packages Bug #14369: DNSBL Parsing error when DNSBL Mode "Unbound python mode".
It seems to be fixed in 23.05. Please close or delete it. Thank you. Jens Kristensen
06:45 AM Regression #14410: Behavior of ``earlyshellcmd`` changed, ``ngeth`` interfaces cannot be initiated early enough to pass assignment check
I'm also having this issue with the most recent upgrade. I switched to the new GUI supported 802.1x forwarding method... Hayden Hill

05/28/2023

11:12 PM pfSense Packages Todo #9200: Add DNS support for Google domain to Acme manager
Can this be reopened as google now has api access?
https://domains.google/learn/gts-acme/ Nathan Stansell
04:28 PM Regression #14164: IPv6 interface configuration race condition can lead to kernel panic
Failure condition is still present on 23.05 Release.
Re-configuring an interface, ISP induced WAN link down/up or si... Rob A
02:28 PM Feature #14430 (Not a Bug): Post-quantum cryptography in pfSense(+)
We plan on moving to OpenSSL 3.x once it's integrated into FreeBSD base, which is already in the works for FreeBSD 14... Jim Pingle
12:42 PM Feature #14430 (Not a Bug): Post-quantum cryptography in pfSense(+)
Hello,
As you likely know very well OpenSSL 1.1.1 will hit end of life support on 11th Sept 2023. (To my knowledge... Pawel Piaskowy
11:29 AM Regression #14374: Static ARP entries are not configured at boot
I've tested on 23.05... aleksei prokofiev
07:53 AM pfSense Packages Bug #14427: LLDPD & LADVD permissions with RAM Disks
Jordan Greene wrote:
> LLDPD cannot enable agent-x support with RAM Disks enabled
>
> @May 27 10:55:19 lldpd 38... Grzegorz Krzystek
02:56 AM pfSense Packages Bug #14426: PHP errors in Lightsquid
Unable to reproduce on amd64 on 23.05-RELEASE. Possibly an aarch64/ARM only problem. Kris Phillips
02:33 AM pfSense Plus Bug #14401: Changing from Switchport to Discrete Interface in VGA/Serial Console Breaks Port Status Monitoring
Tested this on 23.05-RELEASE and it's still present in the release version like the RC. Kris Phillips
02:32 AM Bug #14417: System Information widget does not properly form list of active hardware crypto algorithms
I tested this with IPSec-MB and QAT enabled and AES-NI disabled. Issue was not present, so this appears to just be t... Kris Phillips
02:21 AM pfSense Packages Bug #14429 (New): Wireguard - Tunnel Will Never Handshake Again After WAN PPPoE Reset
Looking through the wireguard issues this one is the one that best describes the problem.
https://redmine.pfsense.o... mrpops2ko .
02:17 AM Bug #14425: "Max Processes" value is not stored properly when saving on ``system_advanced_admin.php``
Confirmed able to recreate this in 23.05-RELEASE. The <max_procs> value is not updated in the config.xml either. Kris Phillips
02:13 AM pfSense Packages Bug #14369 (Incomplete): DNSBL Parsing error when DNSBL Mode "Unbound python mode".
Also not able to recreate this issue on 23.05-RELEASE still, just like the RC. If you can reproduce this please let ... Kris Phillips
02:11 AM pfSense Packages Bug #14428 (Not a Bug): re-open existing bug
That would be a different issue, most likely. Similar, but not identical. Create a new issue and reference the old one. Jim Pingle
02:06 AM pfSense Packages Bug #14428 (Not a Bug): re-open existing bug
what is the process for reopening an existing 'fixed' bug? specifically https://redmine.pfsense.org/issues/12808 this... mrpops2ko .
12:16 AM pfSense Plus Regression #14137: pfSense Plus Upgrade repo data remains on the system after upgradng
I'm still seeing issues; if I try changing branch both base systems stay on 23.05, with branch set to 23.05 I get an ... Jordan G

05/27/2023

08:54 PM pfSense Packages Bug #14427 (Resolved): LLDPD & LADVD permissions with RAM Disks
LLDPD cannot enable agent-x support with RAM Disks enabled
@May 27 10:55:19 lldpd 3881 Warning: Failed to conne... Jordan G
06:36 PM Feature #2479: Allow reordering of the traffic graphs on the dashboard
I would also like to have this feature added. Maxime Haché
05:47 PM pfSense Packages Bug #14426 (Resolved): PHP errors in Lightsquid
PHP errors
PHP ERROR: Type: 1, File: /usr/local/www/sqstat/sqstat.php, Line: 137, Message: Uncaught TypeError: Canno... Jonathan Lee
04:38 PM pfSense Packages Bug #12338 (Resolved): RRD Summary does not report data on 3100
Jim Pingle
06:26 AM pfSense Packages Bug #12338: RRD Summary does not report data on 3100
I see that it finally got fixed in version 23.05 on my 3100 box. Mihai B
02:58 PM Bug #14425 (Resolved): "Max Processes" value is not stored properly when saving on ``system_advanced_admin.php``
When instance was on 23.01, went to
system_advanced_admin.php and bumped maxprocesses for the web configurator to 4... M Felden
04:08 AM Regression #14424 (Duplicate): filter.inc typo causing rule errors on upgrade.
Duplicate of #14415 Jim Pingle
03:19 AM Regression #14424 (Duplicate): filter.inc typo causing rule errors on upgrade.
Since upgrading to version 23.01 I've been plagued by a typo in /etc/inc/filter.inc that causes the following error e... Mike Wright

05/26/2023

11:00 PM Bug #14373: System crashes or may become unresponsive with Captive Portal
So long story short: 23.05 is another release that's broken at kernel level? 23.01 was the one with the IPv6 crashes,... Flole Systems
10:19 PM pfSense Packages Feature #14423 (New): haproxy 2.7 QUIC support (+ maybe LUA 5.4?)
Hello,
I appreciate all pfSense+ updates and efforts Team is doing (I am relatively new user, but I am advocating ... Pawel Piaskowy
08:29 PM pfSense Packages Bug #12338: RRD Summary does not report data on 3100
Flole Systems wrote in #note-8:
> There was another bug that was caused when the locale was changed as rrdtool used ... Jim Pingle
08:20 PM pfSense Packages Bug #12338: RRD Summary does not report data on 3100
There was another bug that was caused when the locale was changed as rrdtool used the wrong decimal separator and PHP... Flole Systems
05:26 PM pfSense Packages Bug #12338 (Feedback): RRD Summary does not report data on 3100
Fixed in version 2.2 of the package: https://github.com/pfsense/FreeBSD-ports/commit/961bbfe5878928af449b4b91f1e486f8... Jim Pingle
05:19 PM pfSense Packages Bug #12338 (In Progress): RRD Summary does not report data on 3100
After some more digging I found that this isn't related directly to Unix timestamps yet but to rrdtool on ARM. For so... Jim Pingle
06:23 PM pfSense Docs Correction #14422 (Closed): Release Versions Supported Needs Updated
Already done before this was put in.
 Jim Pingle
06:21 PM pfSense Docs Correction #14422 (Closed): Release Versions Supported Needs Updated
https://docs.netgate.com/pfsense/en/latest/releases/versions.html
* 23.05 isn't marked as released or supported ye... Christopher Cope
04:38 PM pfSense Packages Bug #13811: Youtube content getting filtered on Squid when none is Selected
https://github.com/pfsense/FreeBSD-ports/pull/1266
Submitted new Pull this is still present in 23.05 Jonathan Lee
12:55 PM Regression #14415 (Resolved): Enable IPv6 over IPv4 tunneling option results in invalid PF rule
Jim Pingle
12:51 PM Regression #14415: Enable IPv6 over IPv4 tunneling option results in invalid PF rule
Tested the patch on the:... Danilo Zrenjanin
12:23 PM Feature #8958: Dynamic DNS - CARP Address
This site is not for support or diagnostic discussion.
For assistance in solving problems, please post on the "Net... Jim Pingle
12:17 PM Feature #8958: Dynamic DNS - CARP Address
Hi Jim. Sorry for bumping this up, but the current implementation still lacks of this functionality and does not allo... Alex Kolesnik
12:21 PM Bug #14421: OPT interfaces randomly reassign NICs on reboot when virtualised instances used
There is also a known issue with ESX and >4 NICs where the hypervisor maps the NICs weirdly:
* NIC 1
* NIC 5
* N... Jim Pingle
02:16 AM Bug #14421 (Rejected): OPT interfaces randomly reassign NICs on reboot when virtualised instances used
As is, this is likely to be an environment-specific issue and more direct evidence would be needed before it's consid... Marcos M
01:34 AM Bug #14421 (Rejected): OPT interfaces randomly reassign NICs on reboot when virtualised instances used
Hi,
I've had this issue with all (20+) of my instances virtualised under VMware ESXi (all flavours). I don't know w... Michael Knowles
12:04 PM Regression #14374: Static ARP entries are not configured at boot
I also have re-experienced the arp entry disappearing with static arp after being in-active for less than a week. Jeff Kuehl
10:34 AM Regression #14374 (Confirmed): Static ARP entries are not configured at boot
I was able to replicate the issue. After reboot, the arp entry didn't stay in the permanent status.
Tested on the:... Danilo Zrenjanin
12:03 PM pfSense Packages Regression #14418: RRD Summary prints zero in all data fields
Denny Page wrote in #note-2:
> The epoch issue appears to be a perverse and long standing (for rrdtool) issue:
>
... Jim Pingle
05:46 AM pfSense Packages Regression #14418: RRD Summary prints zero in all data fields
The epoch issue appears to be a perverse and long standing (for rrdtool) issue:
https://github.com/oetiker/rrdtool... Denny Page
11:59 AM pfSense Packages Bug #14407 (Resolved): pfSense-pkg-syslog-ng package error
Jim Pingle
09:20 AM pfSense Packages Bug #14407: pfSense-pkg-syslog-ng package error
Can confirm it working properly on
... Lev Prokofev
08:50 AM pfSense Packages Bug #14407: pfSense-pkg-syslog-ng package error
It is fixed now and the service is working properly. Kaan Kayan
11:54 AM pfSense Packages Regression #14389 (Resolved): syslog-ng cannot save config
Tested the package version 1.16.
Config modifications were successfully saved.
I am marking this ticket resolved. Danilo Zrenjanin
07:02 AM Bug #13498: Newer variant models within the PC Engines APU2 platform are not recognized, causing garbled early serial console output
Is there anything more you need from me in order to merge this patch? It looks like the 2.7 release is coming soon, ... Brett Keller

05/25/2023

10:23 PM pfSense Packages Bug #14405: PHP Crash report
Will do. Thanks. Jens Kristensen
08:36 PM Feature #7260: Source OS / p0f Database Missing Modern Operating Systems
Does anyone know if we can add the most often used OS into this line Mac, Windows 10 and 11 based on NMAPs signatures... Jonathan Lee
07:53 PM Bug #14420 (Duplicate): Firewall Rule ACL Source OS missing current Software versions
Duplicate of #7260 -- We know it's out of date but there isn't any update upstream either. It seems to be abandoned. Jim Pingle
07:39 PM Bug #14420 (Duplicate): Firewall Rule ACL Source OS missing current Software versions
Hello, I have just noticed that the Firewall ACL Rules do not include any updated OS versions. No smartphones and or ... Jonathan Lee
07:33 PM pfSense Packages Regression #14418 (Feedback): RRD Summary prints zero in all data fields
Fixed in version 2.1 of the package: https://github.com/pfsense/FreeBSD-ports/commit/0049587898b2c192d95b2d1359941daf... Jim Pingle
06:26 PM pfSense Packages Regression #14418 (Resolved): RRD Summary prints zero in all data fields
When RRD Summary tries to fetch data for specific time ranges, the commands it runs fail.
For example it tries to ... Jim Pingle
07:24 PM pfSense Packages Bug #12338: RRD Summary does not report data on 3100
This is because the 3100 is armv7 which is a 32-bit platform and there are some issues with Unix timestamps on there ... Jim Pingle
06:32 PM pfSense Packages Bug #14419 (Closed): PHP error when trying to access pfBlockerNG configuration
... Marcos M
06:27 PM pfSense Packages Bug #14326 (Rejected): RRD Summary 2.0_2 is not showing any data
I can't reproduce this here but given that the interface name you show is printed in lower case I'm guessing it was m... Jim Pingle
05:48 PM pfSense Packages Feature #12502 (Feedback): Option to include Syslog-ng Configuration Library (scl)
Implemented in pkg version 1.16: https://github.com/pfsense/FreeBSD-ports/commit/d848b6da1957d728a867b9010ed3795d946b... Jim Pingle
05:04 PM pfSense Packages Feature #12502 (In Progress): Option to include Syslog-ng Configuration Library (scl)
Jim Pingle
05:48 PM pfSense Packages Regression #14389 (Feedback): syslog-ng cannot save config
Fixed in pkg version 1.16: https://github.com/pfsense/FreeBSD-ports/commit/d848b6da1957d728a867b9010ed3795d946b68c4 Jim Pingle
05:03 PM pfSense Packages Regression #14389 (In Progress): syslog-ng cannot save config
Jim Pingle
04:43 PM pfSense Packages Regression #14389: syslog-ng cannot save config
I can reproduce it here on a clean install.
Better format of the error message:... Jim Pingle
05:48 PM pfSense Packages Bug #14407 (Feedback): pfSense-pkg-syslog-ng package error
Fixed in pkg version 1.16: https://github.com/pfsense/FreeBSD-ports/commit/d848b6da1957d728a867b9010ed3795d946b68c4 Jim Pingle
05:04 PM pfSense Packages Bug #14407 (In Progress): pfSense-pkg-syslog-ng package error
Jim Pingle
05:31 PM Bug #14417 (Resolved): System Information widget does not properly form list of active hardware crypto algorithms

The System Information widget fails to display support for crypto algorithms if the algorithm is available both in ... Patrik Stahlman
05:09 PM Regression #14410: Behavior of ``earlyshellcmd`` changed, ``ngeth`` interfaces cannot be initiated early enough to pass assignment check
Adding ngeth to the 'do not check' list doesn't seem like a bad option. That is always a virtual interface. Steve Wheeler
04:59 PM pfSense Packages Bug #8295 (Closed): syslog-ng logrotates tls files
This is quite old and the regex has changed since this was put in. No recent complaints/updates. Closing. Jim Pingle
04:56 PM pfSense Packages Bug #8229 (Closed): syslog-ng stops parsing logs after logrotate run
Very old report and no recent updates, lots of changes since then. If you can reproduce it on a current version, plea... Jim Pingle
04:55 PM pfSense Packages Bug #8180 (Closed): syslog-ng default log file
This appears to be working on the current package, I see it setup logrotate with a config file and cron job. It was l... Jim Pingle
04:53 PM pfSense Packages Bug #8705 (Closed): Syslog-NG error in latest snapshot
Probably similar to #14389 but this is so old and lacks detail it's hard to say. Jim Pingle
04:02 PM pfSense Packages Regression #14024 (Feedback): PHP error in HAProxy Widget with Show Client Traffic enabled
Pushed a fix for the widget error and also fixed some broken logic in the widget that was working by accident. New ve... Jim Pingle
03:51 PM pfSense Packages Regression #14024 (In Progress): PHP error in HAProxy Widget with Show Client Traffic enabled
Jim Pingle
03:25 PM Bug #14416 (Resolved): Update Suricata binary package build OPTION knobs for NETMAP to reflect recent upstream change.
Jim Pingle
03:09 PM Bug #14416: Update Suricata binary package build OPTION knobs for NETMAP to reflect recent upstream change.
The pull request has been merged. This issue can be marked RESOLVED. Bill Meeks
02:44 PM Bug #14416: Update Suricata binary package build OPTION knobs for NETMAP to reflect recent upstream change.
Assign this one to me (Bill Meeks). I have a pull request ready to provide the fix. Bill Meeks
02:43 PM Bug #14416 (Resolved): Update Suricata binary package build OPTION knobs for NETMAP to reflect recent upstream change.
Recent updates in FreeBSD ports upstream require a small change to the syntax of the NETMAP and NETMAP_V14 build OPTI... Bill Meeks
03:00 PM Revision 881fa564: Merge pull request #4641 from bmeeks8/suricata_build_OPTION_knob_update
Jim Pingle
02:38 PM pfSense Plus Regression #14137: pfSense Plus Upgrade repo data remains on the system after upgradng
Moving ahead. If it's actually done we can close it on 23.05, but if there is more to do, it'll marked as 23.09 Jim Pingle
02:25 PM Regression #14415 (Feedback): Enable IPv6 over IPv4 tunneling option results in invalid PF rule
Applied in changeset commit:ea79a4fe5707898fff89e80d7252e5c84fca7dd4. Jim Pingle
02:18 PM Regression #14415 (Resolved): Enable IPv6 over IPv4 tunneling option results in invalid PF rule
Enabling "Enable IPv6 over IPv4 tunneling" on @system_advanced_network.php@ results in an invalid pf rule, leading to... Jim Pingle
02:18 PM Revision ea79a4fe: Correct 6o4 addr variable name. Fixes #14415
Jim Pingle
02:15 PM Revision 00b2bc29: Update Suricata binary build OPTION knob settings for NETMAP.
Bill Meeks
12:12 PM Bug #14414 (Duplicate): Diagnostics activité system (French language setup) don't work: Unable to gather system activity (1). The command top -aSH give invalid locale.
Duplicate of #13776 Jim Pingle
03:28 AM Bug #14414 (Duplicate): Diagnostics activité system (French language setup) don't work: Unable to gather system activity (1). The command top -aSH give invalid locale.
Diagnostics activité system (French language setup) don't work: Unable to gather system activity (1). The command t... Claude Lapointe
10:15 AM pfSense Packages Bug #14199: ACME - Issue with corrupted cert
Problem continues after update to 23.05 Juan Francisco Rodriguez Garcia

05/24/2023

06:37 PM pfSense Packages Bug #14413 (Duplicate): After upgrade to 23.05 RELEASE, Syslog-NG won't start
Duplicate of #14389 Jim Pingle
06:08 PM pfSense Packages Bug #14413 (Duplicate): After upgrade to 23.05 RELEASE, Syslog-NG won't start
Low priority for me, but thought I'd mention. Cannot start manually, un/reinstalled no difference.
Running *servic... Richard Rovelstad
06:08 PM Feature #14408: Include ``ixv`` in ALTQ capable NIC list
That's good enough to list it, I'd say.
If it were not supported it wouldn't have even loaded the new ruleset, let... Jim Pingle
06:07 PM Feature #14408 (New): Include ``ixv`` in ALTQ capable NIC list
Jim Pingle
05:58 PM Feature #14408: Include ``ixv`` in ALTQ capable NIC list
ok did some testing but as my setup is quite complex it would be good to have someone else test too.
i can confir... mrpops2ko .
02:47 PM Feature #14408: Include ``ixv`` in ALTQ capable NIC list
OK, for 23.05 the diff would be:... Jim Pingle
02:45 PM Feature #14408: Include ``ixv`` in ALTQ capable NIC list
manually editing it results in it now being visible
!https://gyazo.com/4d35846ac9973a0c317543bfd371e3f3.png!
i wi... mrpops2ko .
02:39 PM Feature #14408: Include ``ixv`` in ALTQ capable NIC list
23.05-RELEASE (amd64)
 mrpops2ko .
02:37 PM Feature #14408: Include ``ixv`` in ALTQ capable NIC list
What version are you running? That diff was against the master branch of CE so it may be different. You can make the ... Jim Pingle
02:16 PM Feature #14408: Include ``ixv`` in ALTQ capable NIC list
/usr/bin/patch --directory='/' -t --strip '2' -i '/var/patches/646e1ad314998.patch' --check --forward --ignore-white... mrpops2ko .
12:35 PM Feature #14408: Include ``ixv`` in ALTQ capable NIC list
pops pops wrote in #note-1:
> I'm assuming a quick and dirty resolution would be to just vlan tag my LAN traffic too... Jim Pingle
12:34 PM Feature #14408 (Feedback): Include ``ixv`` in ALTQ capable NIC list
For ATLQ to be offered on that NIC, it must be listed as being ALTQ capable in source:src/etc/inc/interfaces.inc#L682... Jim Pingle
03:39 PM Regression #14410: Behavior of ``earlyshellcmd`` changed, ``ngeth`` interfaces cannot be initiated early enough to pass assignment check
Thanks for the quick response, Christian. That makes complete sense to me. This makes me wonder if it's possible to u... Taylor Jasko
02:21 PM Regression #14410: Behavior of ``earlyshellcmd`` changed, ``ngeth`` interfaces cannot be initiated early enough to pass assignment check
The reason for this change is due to how WireGuard tunnels are created via early shell commands and the new cryptogra... Christian McDonald
01:27 AM Regression #14410 (Resolved): Behavior of ``earlyshellcmd`` changed, ``ngeth`` interfaces cannot be initiated early enough to pass assignment check
In pfSense Plus 23.01, I was leveraging "earlyshellcmd":https://docs.netgate.com/pfsense/en/latest/development/boot-c... Taylor Jasko
01:15 PM Regression #14412 (Feedback): PHP error when attempting to bulk import Alias content
Applied in changeset commit:217f42ec30a4008907ac6fbb65b7b2e0ebf51eb9. Jim Pingle
01:04 PM Regression #14412: PHP error when attempting to bulk import Alias content
Looks like it was broken during a recent bulk refactor in commit:29cd08ea0da6246ad416e33b3788c05c0b0a5172, fix is ver... Jim Pingle
12:56 PM Regression #14412 (Resolved): PHP error when attempting to bulk import Alias content
Saving after attempting bulk import of a new alias on @firewall_aliases_import.php@ results in the alias configuratio... Jim Pingle
01:05 PM Revision 217f42ec: Correct alias bulk import regression. Fixes #14412
While here, ensure that a broken alias configuration does not cause PHP
errors which prevent users from using the GUI... Jim Pingle
12:24 PM pfSense Packages Bug #14411 (Duplicate): syslog-ng cannot start on 23.05
The error in that thread already has an open issue: #14389 Jim Pingle
06:17 AM pfSense Packages Bug #14411 (Duplicate): syslog-ng cannot start on 23.05
Syslog-ng can no longer start after upgrading to 23.05. It throws a parsing error that seems to relate to faylt gener... Tue Madsen
01:13 AM pfSense Packages Bug #14409: pfBlockerNG Cron Redundantly Updates pfSense Configuration When DNSBL is Disabled Due to Faulty Virtual IP Count
Another quirk seems to be that there is some other bug that writes to config on cron until you toggle some DNSBL sett... LTC Tech
12:15 AM pfSense Packages Bug #14409 (New): pfBlockerNG Cron Redundantly Updates pfSense Configuration When DNSBL is Disabled Due to Faulty Virtual IP Count
pfBlockerNG: 3.2.0_4
pfSense Plus: 23.01
Related forum post:
https://forum.netgate.com/topic/174231/pfblockerng-... LTC Tech

05/23/2023

09:52 PM Feature #14408: Include ``ixv`` in ALTQ capable NIC list
edit: ah interestingly if i associate the guest wifi without a vlan tag it is removed from the interface
!https://gy... mrpops2ko .
09:47 PM Feature #14408 (Resolved): Include ``ixv`` in ALTQ capable NIC list
Not a lot to go on for this one unfortunately but I can attach screenshots. WAN and Guest Wifi (Opt 11 is an openvpn ... mrpops2ko .
09:32 PM pfSense Packages Bug #12808: Wireguard Gateways disabled when Wireguard Service is Manually Restarted
+1 for this bug still existing, through googling it appears to be associated with people who have PPPoE WAN connections. mrpops2ko .
06:58 PM pfSense Packages Bug #14405: PHP Crash report
I dont see anything odd in the logs. If this PHP error returns, try to review the log for the event so we can see wha... BBcan177 .
06:09 PM pfSense Packages Bug #14405: PHP Crash report
I am by no means a pfSense or BSD expert, but I managed to get the filter.log files (there are several) attached.
... Jens Kristensen
04:40 PM pfSense Packages Bug #14405: PHP Crash report
If this error persists, we need to get the line in the firewall log "/var/log/filter.log" that corresponds to the err... BBcan177 .
09:55 AM pfSense Packages Bug #14405: PHP Crash report
I'm using BSD. Don't think I ever changed any logging settings. Jens Kristensen
03:11 AM pfSense Packages Bug #14405: PHP Crash report
What firewall log type are you using? "syslog" or "BSD"?
For some reason there are "\x00" characters in the pfSens... BBcan177 .
03:06 PM Bug #14077: Kernel panic from incoming IPv6 connections
There are more details about this issue and specifics of how to easily reproduce it over on #14092 which is now publi... Jim Pingle
02:48 PM pfSense Packages Bug #14407 (Resolved): pfSense-pkg-syslog-ng package error
Syslog-ng package throws an error during the installation like below.
New packages to be INSTALLED:
pfSense-pk... Kaan Kayan
01:42 PM Regression #14374: Static ARP entries are not configured at boot
I can provide logs or diagnostics to help? Jeff Kuehl
01:16 PM pfSense Plus Feature #14404: Reference Alias when pushing IPv4 Local Network
You're right Jim. Thanks for the quick feedback and link. Appreciate you. Mike Moore
12:46 AM pfSense Packages Bug #14406: Squid Proxy version 0.4.46 Missing Error subfolder and files for "en" or "en-usa" and all other languages.
Path I have taken to correct:
1. full remove and reinstall of Squid and Squidguard package error returned
2. copie... Jonathan Lee
12:43 AM pfSense Packages Bug #14406 (Resolved): Squid Proxy version 0.4.46 Missing Error subfolder and files for "en" or "en-usa" and all other languages.
After 23.05 update and new Squid version 0.4.46 installed errors started showing,
"ERROR: loading file 9;/usr/lo... Jonathan Lee

05/22/2023

11:27 PM pfSense Packages Bug #14405: PHP Crash report
... Jim Pingle
10:18 PM pfSense Packages Bug #14405 (New): PHP Crash report
Report attached. All I have. Let me know if you need more.
ver. 23.01. Jens Kristensen
09:12 PM pfSense Plus Feature #14404 (Duplicate): Reference Alias when pushing IPv4 Local Network
It's already possible and has been for several releases. See #2668 .
It's also mentioned in the docs:
https://d... Jim Pingle
08:57 PM pfSense Plus Feature #14404 (Duplicate): Reference Alias when pushing IPv4 Local Network
When setting up an OpenVPN server and the option for pushing Local Networks [IPv4 Local Network]
Would it be possi... Mike Moore
08:19 PM Bug #14403: Syslog Over OpenVPN Routed Out Default GW On Reboot
The problem is it taking an undesired path originally. It shouldn't continue to take that path if a better route is a... James Blanton
06:21 PM Bug #14403 (Not a Bug): Syslog Over OpenVPN Routed Out Default GW On Reboot
This is a configuration issue -- if traffic is taking a path you don't want when the VPN is down, you need to add rul... Jim Pingle
06:20 PM Bug #14403 (Not a Bug): Syslog Over OpenVPN Routed Out Default GW On Reboot
When using syslog over a site-to-site VPN, syslog will begin to route all syslog messages out of the default gateway ... James Blanton
01:58 PM Todo #14399 (Confirmed): Combining Interface and Rule ID state table filter fields returns no results
The page should return an error indicating that search combination is invalid. Steve Wheeler
01:25 PM Bug #14400 (Feedback): PHP Error in ``upgrade216_ipsec_create_vtimap()``
Applied in changeset commit:9fab01eae0698ce23979663fc18d58536dc305f0. Christopher Cope
01:15 PM Revision 9fab01ea: inc/upgrade_config: PHP 8.x issues. Fixes #14400
Christopher Cope
02:23 AM pfSense Docs Todo #14234 (Resolved): Update Packet Capture docs to reflect the new GUI
Marcos M
02:13 AM pfSense Packages Regression #13978 (Feedback): PHP errors with squidGuard
Fixed on squid 0.4.46 and squidGuard 1.16.19; these should be available on the next ports build. Marcos M
02:10 AM pfSense Packages Regression #13984 (Feedback): PHP errors with squid
Fixed on squid 0.4.46 and squidGuard 1.16.19; these should be available on the next ports build. Marcos M

05/21/2023

04:43 PM pfSense Packages Regression #13978: PHP errors with squidGuard
I just found the problem and the solution.
*Problem:*
PHP ERROR: Type: 1, File: /usr/local/pkg/squidguard.inc, ... EDUARDO RODRIGUEZ ROMERO
09:18 AM pfSense Packages Regression #13984: PHP errors with squid
I just found the problem and the solution.
Problem:
The squidguardtime settings it's empty
Solution:
... EDUARDO RODRIGUEZ ROMERO
06:45 AM pfSense Packages Regression #13984: PHP errors with squid
Can please somebody help me. This is really important for me because at this moment i dont have any restriction for t... EDUARDO RODRIGUEZ ROMERO
06:43 AM pfSense Packages Regression #13984: PHP errors with squid
I have the same problem with the squidguard package, i try to reinstall the squidguard package and i received the err... EDUARDO RODRIGUEZ ROMERO
08:23 AM Feature #14402 (Resolved): Dynamic DNS support for Porkbun
This feature adds the ability to use Porkbun (porkbun.com) DNS as a dynamic DNS service. Nita Vesa
02:29 AM pfSense Plus Bug #14401 (Confirmed): Changing from Switchport to Discrete Interface in VGA/Serial Console Breaks Port Status Monitoring
If you have an interface on a switchport device, like the 7100, and reassign the interface to a discrete interface li... Kris Phillips

05/20/2023

09:42 PM Bug #14397: DHCPv4 client (dhclient) does not use 802.1p Priority tagging on DHCP RENEW - Only on Discover and release
After quite the investigation the above BUG statement is a little more nuanced:
Using the second option (Adding “vla... Tue Madsen
03:29 PM Bug #14400 (Pull Request Review): PHP Error in ``upgrade216_ipsec_create_vtimap()``
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/1040 Christopher Cope
02:02 PM Bug #14400 (Resolved): PHP Error in ``upgrade216_ipsec_create_vtimap()``
... Christopher Cope
11:29 AM Regression #14078 (Confirmed): Traffic graph shows half actual throughput when switching back to the graph
I reproduced this behavior on 23.01.
With the *Keep graphs updated on inactive tab* as a Background updates
, th... Danilo Zrenjanin
10:52 AM pfSense Packages Bug #14369: DNSBL Parsing error when DNSBL Mode "Unbound python mode".
I can't reproduce the errors on 23.01 with pfBlocker 3.2.0_4
Reload went without errors. Lev Prokofev
10:32 AM pfSense Packages Regression #14389: syslog-ng cannot save config
I couldn't reproduce it on:... Danilo Zrenjanin
08:53 AM Bug #14396: Reassembled packets received on a VTI are not forwarded
Just checked the IP Fragment Reassemble toggle, and it has no effect on this issue on 23.05 either Christopher de Haas

05/19/2023

09:46 PM Todo #14399: Combining Interface and Rule ID state table filter fields returns no results
This is not a bug it's the expected behaviour. Probably just not implemented yet:
https://github.com/pfsense/FreeBSD... Steve Wheeler
06:57 PM Todo #14399 (Resolved): Combining Interface and Rule ID state table filter fields returns no results
Steps to reproduce:
1. Diagnostics > States. Leave everything default (Interface: all, Filter expression and Rule ... Chris W
05:08 PM pfSense Packages Bug #14398 (New): ONBATT Status Missing in apcupsd.widget.php
Description:
The file apcupsd.widget.php is currently lacking the "ONBATT" status. Due to this, when the system is o... Nick ...
04:58 PM Bug #14376: Packet captures can fail to start on loopback and encapsulated IP interfaces
resolved. tested on
Version 23.05-RC (amd64)
built on Fri May 19 06:06:05 UTC 2023
FreeBSD 14.0-CURRENT Georgiy Tyutyunnik
03:25 PM Bug #14396 (New): Reassembled packets received on a VTI are not forwarded
OK, thanks for checking. There wouldn't be any patches yet for 23.05, just for 23.01. If it still happens on 23.05 th... Jim Pingle
02:54 PM Bug #14396: Reassembled packets received on a VTI are not forwarded
Thanks for replying. I have just updated a Netgate 4100 lab unit to 23.05-RC (23.05.r.20230519.0600). Unfortunately, ... Christopher de Haas
12:36 PM Bug #14396 (Feedback): Reassembled packets received on a VTI are not forwarded
Can you reproduce this on a 23.05 RC snapshot?
Have you applied all of the available recommended System Patches?
... Jim Pingle
07:36 AM Bug #14396 (Resolved): Reassembled packets received on a VTI are not forwarded
Larger than MTU backets, which require fragmentation, cannot be routed on an IPsec VTI interface. Here is an example ... Christopher de Haas
02:52 PM Bug #14397 (New): DHCPv4 client (dhclient) does not use 802.1p Priority tagging on DHCP RENEW - Only on Discover and release
Some ISPs using VLANs for service, require DHCPv4/v6 Frames to be 802.1p priority tagged.
pfSense has the option to... Tue Madsen
07:57 AM pfSense Packages Feature #14101: Add Zabbix 6.4 packages
https://github.com/pfsense/FreeBSD-ports/pull/1263
Looking for a review and hopefully a quick merge into 12.05 Valentin A

05/18/2023

10:35 PM pfSense Docs Todo #13456: Feedback on pfSense® software Configuration Recipes — Configuring DNS over TLS
Created https://redmine.pfsense.org/issues/14395 Sean McBride
10:35 PM Feature #14395 (New): Provide ability to turn of classic/unencrypted DNS (and use only DoT and/or DoH)
As of now (2023), I'd wager few local networks could manage without classic/unencrypted DNS (on UDP port 53). But the... Sean McBride
07:49 PM pfSense Docs Todo #14360 (Closed): Feedback on pfSense® software Configuration Recipes — Virtualizing with Proxmox® VE
Note added: https://gitlab.netgate.com/docs/pfSense-docs/-/commit/caa7f1ff7eda903d58599e65c1293e01eee711f3 Jim Pingle
04:06 PM pfSense Plus Bug #14385 (Feedback): Unicast CARP VIPs do not communicate using IPv6 Link Local Addresses
Fixed upstream in https://cgit.freebsd.org/src/commit/?id=c2c28c0fa2e44caf1671b4dbf94167f686c3c411
Merged into devel... Kristof Provost
12:49 PM pfSense Plus Bug #14385: Unicast CARP VIPs do not communicate using IPv6 Link Local Addresses
Added note about this limitation to the docs: https://gitlab.netgate.com/docs/pfSense-docs/-/commit/67a457244248d481f... Jim Pingle
12:34 PM Bug #14394: PHP error in CSRF Magic from invalid time value
This specific error appears to possibly come from bad/corrupted cookie data from the client. It's trying to extract a... Jim Pingle
12:26 PM Bug #14394 (Resolved): PHP error in CSRF Magic from invalid time value
... Danilo Zrenjanin
12:31 PM Bug #14393 (Duplicate): Unable to gather system activity (1)
This is almost certainly a duplicate of #13776 and it didn't immediately start to work again because the system needs... Jim Pingle
10:41 AM pfSense Plus Regression #14378 (Confirmed): Packages are not removed when using the hardware reset button
I observed the same behavior on the SG-5100.... Danilo Zrenjanin

05/17/2023

11:53 PM Regression #12821: Intel e1000 driver (``em``, ``igb``) cannot pass packets tagged with VLAN ``0``
Tested on 23.05 with my ATT Fiber connection and VLAN0 PCP tagging. No issues. Kris Phillips
08:01 PM pfSense Plus Bug #14385: Unicast CARP VIPs do not communicate using IPv6 Link Local Addresses
I think I see why this doesn't work. Mostly because I forgot to consider link-local addresses.
It doesn't look ver... Kristof Provost
05:07 PM Bug #14393 (Duplicate): Unable to gather system activity (1)
HI
In the Netgate SG1100 version 23.01 Pfsense plus going to the Diagnostics menu and then selecting the system acti... Antonio Briguglio
01:29 PM Bug #14373 (Feedback): System crashes or may become unresponsive with Captive Portal
Fixed upstream in https://cgit.freebsd.org/src/commit/?id=bdd47177528b5beacabb4837bfac0e9de92aae74 and cherry-picked ... Kristof Provost
10:23 AM pfSense Packages Bug #14390: Squid: SECURITY ALERT: Host header forgery detected
I've written a small Python script to help reliably reproduce and demonstrate this issue.
To simulate an application... Simon Byrnand
10:06 AM Bug #14083: Adding MSS and MTU values on a LAGG VLAN interface breaks connectivity
I tested against:... Danilo Zrenjanin

05/16/2023

08:11 PM pfSense Docs Todo #13456: Feedback on pfSense® software Configuration Recipes — Configuring DNS over TLS
>They may be locked down corporate systems...
I strive for something of the sort myself. :) We are close to being ... Sean McBride
07:57 PM pfSense Docs Todo #13456: Feedback on pfSense® software Configuration Recipes — Configuring DNS over TLS
We have no way of knowing what kind of clients are on a network. Not all of them have traditional client devices like... Jim Pingle
07:51 PM pfSense Docs Todo #13456: Feedback on pfSense® software Configuration Recipes — Configuring DNS over TLS
Thank for these updates Jim!
>Or the inverse, if no clients use DoT, then do not enable the feature.
I suspect ... Sean McBride
07:36 PM pfSense Docs Todo #13456 (Closed): Feedback on pfSense® software Configuration Recipes — Configuring DNS over TLS
Sean McBride wrote in #note-4:
> For 1) It's true that if any of one's local clients MUST talk to the DNS Resolver u... Jim Pingle
07:52 PM pfSense Docs Todo #13464 (Rejected): Reorder bullet list for ESX/ESXi settings for HA clusters
Closing in favor of #10924 -- according to that, some of the info there isn't even necessary/relevant anymore, so rat... Jim Pingle
07:50 PM pfSense Docs Todo #13586 (Closed): Add note for adjusting MSS on IPsec VTIs
Merged but also needed some wording and syntax fixes. Jim Pingle
07:46 PM pfSense Docs Todo #13452 (Closed): Add a one line command for Windows Command Prompt to return an installer's SHA256 checksum
Changed and deployed.
 Jim Pingle
07:41 PM pfSense Docs Todo #13452 (In Progress): Add a one line command for Windows Command Prompt to return an installer's SHA256 checksum
Jim Pingle
03:45 PM Bug #14312 (Pull Request Review): MSS clamping on VPN traffic does not work on IPsec IPv6 mobile VPNs
Reid Linnemann
02:51 PM Regression #12821 (Resolved): Intel e1000 driver (``em``, ``igb``) cannot pass packets tagged with VLAN ``0``
Works as expected in current 23.05 snapshots:... Steve Wheeler
02:30 PM Bug #14056: DNS Resolver experiences intermittent resolution failures with SSL over TLS due to ASLR
Updating subject to reflect current knowledge.
Christian added an option to the Unbound port to disable ASLR for n... Jim Pingle
02:21 PM Bug #14363: "All" user group overwritten after assigning an existing user to a group
Re-tested on the latest 23.05 snapshot and it's working as expected. Only the intended group is modified.
Unfortun... Jim Pingle
02:09 PM Regression #14365 (Resolved): PHP error in RSS widget after saving settings
Working well on the current RC snapshot. No PHP errors after saving the widget settings. Jim Pingle
02:06 PM Bug #14392 (Resolved): ``find_interface_ipv6_ll()`` can return a VIP instead of the interface address
While looking at #14383 and #14385 I noticed that @find_interface_ipv6_ll()@ would return the last link local address... Jim Pingle
12:34 PM pfSense Docs Correction #14391 (Closed): Correcting installation guide for sg-1000
Fixed and deployed. The last working image for the 1000 is 22.05, and now its docs are hardcoded to reflect that.
... Jim Pingle
12:27 PM pfSense Docs Correction #14391 (In Progress): Correcting installation guide for sg-1000
Jim Pingle
11:03 AM pfSense Docs Correction #14391 (Closed): Correcting installation guide for sg-1000
Since the sg-1000 doesn't support 23.01, need to correct this page
https://docs.netgate.com/pfsense/en/latest/soluti... aleksei prokofiev
09:27 AM pfSense Packages Bug #14390: Squid: SECURITY ALERT: Host header forgery detected
I can't seem to edit my initial post but wanted to clarify the Squid debug option should be *debug_options ALL,1 rota... Simon Byrnand
09:19 AM pfSense Packages Bug #14390 (New): Squid: SECURITY ALERT: Host header forgery detected
In Squid version 3.2 in 2012 a "fix" for a potential security vulnerability involving host header forgery was added, ... Simon Byrnand

05/15/2023

11:38 PM pfSense Packages Regression #14389 (Resolved): syslog-ng cannot save config
Trying to save the configuration, even with the default values, in syslog-ng results in an error:... Steve Wheeler
11:27 PM Feature #14388 (New): Ability to search for timezone
A lot of people set their firewalls to their local timezone from UTC. There are however, a lot of timezones. It would... Mike Leone
11:25 PM pfSense Plus Feature #14387 (New): Offline config mode
From a forum discussion. Steve deserves credit.
[[https://forum.netgate.com/topic/180107]]
h1. Offline Config Mod... Mike Leone
09:59 PM Revision 8156d6d4: Fix ipsec_ikeid_next() copy/paste errors
The content of ipsec_ikeid_next() had some references to undefined variables
stemming from a change of nomenclature b... Reid Linnemann
07:43 PM pfSense Plus Regression #14383 (Resolved): IPv6 CARP VIPs are not configured properly on interfaces, ``ifconfig`` error in system log
Thanks for testing!
 Jim Pingle
06:03 PM pfSense Plus Regression #14383: IPv6 CARP VIPs are not configured properly on interfaces, ``ifconfig`` error in system log
Jim Pingle wrote in #note-7:
> The URL for that commit is private, it will be in the next build.
>
> You can try ... Vladimir Suhhanov
05:50 PM pfSense Plus Regression #14383: IPv6 CARP VIPs are not configured properly on interfaces, ``ifconfig`` error in system log
The URL for that commit is private, it will be in the next build.
You can try this patch in the meantime, which is... Jim Pingle
05:41 PM pfSense Plus Regression #14383: IPv6 CARP VIPs are not configured properly on interfaces, ``ifconfig`` error in system log
Jim Pingle wrote in #note-5:
> Vladimir Suhhanov wrote in #note-4:
> > Jim Pingle wrote in #note-2:
> > > Fixed in... Vladimir Suhhanov
04:09 PM pfSense Plus Regression #14383: IPv6 CARP VIPs are not configured properly on interfaces, ``ifconfig`` error in system log
Vladimir Suhhanov wrote in #note-4:
> Jim Pingle wrote in #note-2:
> > Fixed in https://gitlab.netgate.com/pfSense/... Jim Pingle
03:59 PM pfSense Plus Regression #14383: IPv6 CARP VIPs are not configured properly on interfaces, ``ifconfig`` error in system log
Jim Pingle wrote in #note-2:
> Fixed in https://gitlab.netgate.com/pfSense/factory/-/commit/7694007e9570faecfd715020... Vladimir Suhhanov
03:37 PM pfSense Plus Regression #14383: IPv6 CARP VIPs are not configured properly on interfaces, ``ifconfig`` error in system log
Not a problem in a release, exclude from release notes. Jim Pingle
02:04 PM pfSense Plus Regression #14383 (Feedback): IPv6 CARP VIPs are not configured properly on interfaces, ``ifconfig`` error in system log
Fixed in https://gitlab.netgate.com/pfSense/factory/-/commit/7694007e9570faecfd7150206bd029fba2bb4bf0
There is one... Jim Pingle
12:48 PM pfSense Plus Regression #14383 (Confirmed): IPv6 CARP VIPs are not configured properly on interfaces, ``ifconfig`` error in system log
I can reproduce this here as well:... Jim Pingle
07:29 PM Regression #12821: Intel e1000 driver (``em``, ``igb``) cannot pass packets tagged with VLAN ``0``
Jim Pingle wrote in #note-39:
> Updating subject for release notes.
Thank you all!! Hayden Hill
02:07 PM Regression #12821: Intel e1000 driver (``em``, ``igb``) cannot pass packets tagged with VLAN ``0``
Updating subject for release notes. Jim Pingle
07:15 PM pfSense Docs Todo #14191 (Rejected): Feedback on pfSense® software Configuration Recipes — OpenVPN Site-to-Site Configuration Example with SSL/TLS
I followed the doc again on a current version of Plus (and latest CE snapshots) and it's accurate as it is. I made a ... Jim Pingle
06:58 PM pfSense Plus Regression #13895 (Resolved): Early boot hangs on Hyper-V with Gen2 VMs
23.05-RC works correctly with Azure and Windows 11 Hyper-V in all mentioned test cases. If any issues are found after... Marcos M
06:52 PM pfSense Plus Regression #14137: pfSense Plus Upgrade repo data remains on the system after upgradng
This works as expected upgrading from 2.6 to 23.01. The correct repo is set after upgrade and the custom repo data is... Steve Wheeler
06:42 PM Regression #14305 (Resolved): Boot loader is not updated during upgrade from pfSense CE 2.6 to 2.7
Retesting this from @2.6@ to @2.7.0.a.20230510.0600@, the issue no longer occurs. Marcos M
06:36 PM Revision 4dcad18e: dns/unbound: enable NOASLR port option
Christian McDonald
05:15 PM Bug #14386 (Resolved): ``openvpn.auth-user.php`` gets stuck at 100% CPU usage when RADIUS authentication times out
This seems to be new behavior on pfsense plus 23.01-RELEASE. I'm seeing openvpn.auth-user.php processes stuck consum... Orion Poplawski
04:08 PM pfSense Docs Todo #14381: Feedback on Firewall — Aliases
It's a natural part of DNS that CNAMES would be followed by a resolver. So long as the end result is an A/AAAA record... Jim Pingle
03:55 PM pfSense Docs Todo #14381: Feedback on Firewall — Aliases
In that case the documentation should mention that it does follow CNAME. Filip Bengtsson
02:13 PM pfSense Docs Todo #14381 (Rejected): Feedback on Firewall — Aliases
It resolves CNAME records OK when I try it. You may have some other issue in your DNS setup. This site is not for sup... Jim Pingle
02:22 PM pfSense Docs Todo #14384 (Rejected): Feedback on pfSense® software Configuration Recipes — Virtualizing with Proxmox® VE
Until that is a package users can install in the GUI, that doesn't belong in the documentation. It's in the repo for ... Jim Pingle
11:04 AM pfSense Docs Todo #14384 (Rejected): Feedback on pfSense® software Configuration Recipes — Virtualizing with Proxmox® VE
*Page:* https://docs.netgate.com/pfsense/en/latest/recipes/virtualize-proxmox-ve.html
*Feedback:*
Hello.
T... Hrvoje Horvat
02:16 PM Bug #14363: "All" user group overwritten after assigning an existing user to a group
Picked back to 23.05 since there are potential security implications.
 Jim Pingle
02:14 PM Regression #14365: PHP error in RSS widget after saving settings
Picked back to 23.05 Jim Pingle
02:14 PM Bug #14382 (Rejected): Service enable not work on boot
pfSense does not use the FreeBSD RC system at boot.
 Jim Pingle
02:08 PM pfSense Plus Bug #14357 (Closed): Making Changes to DNS Resolution Behavior Causes DNS Servers to be Lost
Closing this for now, if you can find a way to reproduce it, check the files in my comment above and see what the con... Jim Pingle
02:01 PM pfSense Plus Bug #14385 (Resolved): Unicast CARP VIPs do not communicate using IPv6 Link Local Addresses
Configuring an IPv6 CARP VIP with a link local sync peer address does not appear to function properly. I've tried wit... Jim Pingle
12:57 PM pfSense Plus Feature #14348: Add unicast CARP indication and peer address to CARP status
While here, if there is room, the VIP description would also be helpful Jim Pingle
11:07 AM Bug #14313: Unable to create nested URL table aliases
A bit more tests:
1. when I used pfBlockerNG's IP lists
- https://feodotracker.abuse.ch/downloads/ipblocklist_recom... Azamat Khakimyanov
10:24 AM Feature #10843: Allow user manager settings to specify multiple authentication servers
Just here to push this up. This feature would be very useful on enterprise environments. Denis Grilli
02:12 AM pfSense Packages Bug #12808: Wireguard Gateways disabled when Wireguard Service is Manually Restarted
Hi everyone, I know this is closed but I am also experiencing the same issue. Netgate 6100. Just updated to 23.01 (... Allan Dresner

05/14/2023

05:17 PM Regression #14374: Static ARP entries are not configured at boot
Yes that is correct. Jeff Kuehl
12:45 AM Regression #14374: Static ARP entries are not configured at boot
So, for clarification, if you have a static MAC and IP mapping, after some period of time of the client being inactiv... Kris Phillips
03:11 PM pfSense Plus Regression #14383 (Resolved): IPv6 CARP VIPs are not configured properly on interfaces, ``ifconfig`` error in system log
https://forum.netgate.com/topic/180051/ipv6-carp-seems-broken-on-23-05/4
Let's say you have a LAN with both IPV6 a... Vladimir Suhhanov
09:11 AM pfSense Packages Bug #14369: DNSBL Parsing error when DNSBL Mode "Unbound python mode".
Thanks for checking it. Hopefully it's fixed then. I'll wait and see what 23.05 does, and come back, if it's still th... Jens Kristensen
02:38 AM pfSense Packages Bug #14369: DNSBL Parsing error when DNSBL Mode "Unbound python mode".
Attempted to recreate this in pfSense Plus 23.05 RC with pfBlocker 3.2.0_5. Unable to recreate. Kris Phillips
09:08 AM Feature #855: Ability to selectively kill states on gateway recovery
A very necessary feature for those who use the second WAN exclusively as a backup channel, and especially if it has v... Alex Viper_Rus
08:42 AM Bug #14382: Service enable not work on boot
/etc/rc.d/mountd
service mountd enable > not work on boot
/etc/rc.d/nfsd
service nfsd enable > not work on boot
... Geno Geno
08:42 AM Bug #14382 (Rejected): Service enable not work on boot
/etc/rc.d/mountd
service mountd enable > not work on boot
/etc/rc.d/nfsd
service nfsd enable > not work on boot
... Geno Geno
01:42 AM pfSense Plus Bug #14357: Making Changes to DNS Resolution Behavior Causes DNS Servers to be Lost
Jordan Greene wrote in #note-3:
> Not able to reproduce this either. Does the DNS server override pull different ser... Kris Phillips
01:38 AM pfSense Plus Bug #14357: Making Changes to DNS Resolution Behavior Causes DNS Servers to be Lost
Not able to reproduce this either. Does the DNS server override pull different servers on your ATT interface? Jordan G
12:42 AM pfSense Plus Bug #14357: Making Changes to DNS Resolution Behavior Causes DNS Servers to be Lost
I'm no longer able to reproduce this. I was able to reliably get this to happen when flipping between between "Use R... Kris Phillips
01:19 AM pfSense Docs Todo #14381 (Rejected): Feedback on Firewall — Aliases
*Page:* https://docs.netgate.com/pfsense/en/latest/firewall/aliases.html#using-hostnames-in-aliases
*Feedback:* Wh... Filip Bengtsson
12:49 AM pfSense Plus Bug #14329: DDNS IPv6 update PHP error
Tested on pfSense Plus 23.05 RC from May 13th. This is present in this build and confirmed. Kris Phillips

05/13/2023

12:37 PM Regression #12821 (Feedback): Intel e1000 driver (``em``, ``igb``) cannot pass packets tagged with VLAN ``0``
This is now in 23.05-RC Steve Wheeler

05/12/2023

07:51 PM pfSense Docs New Content #14355 (Closed): Create new doc about managing ``/boot/loader.conf.local``
Added to 23.05 docs, will merge along with that release.
https://gitlab.netgate.com/docs/pfSense-docs/-/commit/f33... Jim Pingle
07:33 PM Bug #14376 (Resolved): Packet captures can fail to start on loopback and encapsulated IP interfaces
Marcos M
07:15 PM Bug #14376 (Feedback): Packet captures can fail to start on loopback and encapsulated IP interfaces
Applied in changeset commit:af317696460a19c8331412cf7b8103b583a07a75. Marcos M
12:49 AM Bug #14376 (Pull Request Review): Packet captures can fail to start on loopback and encapsulated IP interfaces
This will happen for loopback and encapsulated IP interfaces. Fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merg... Marcos M
06:26 PM Feature #6960 (In Progress): Introduce Kea DHCP as an alternative DHCP server for IPv4 and IPv6
Christian McDonald
02:27 PM Feature #6960: Introduce Kea DHCP as an alternative DHCP server for IPv4 and IPv6
Worth noting that when we do convert, we can remove input validation that prevents adding mappings within pools (or m... Jim Pingle
02:57 PM Bug #14083: Adding MSS and MTU values on a LAGG VLAN interface breaks connectivity
Is there any progress here?
This is serious bug which affects all XG-7100s path MTU discovery.
Is there any workaro... Lukas Macura
01:08 PM Bug #14056 (Confirmed): DNS Resolver experiences intermittent resolution failures with SSL over TLS due to ASLR
Christian McDonald
12:59 PM pfSense Plus Regression #14378: Packages are not removed when using the hardware reset button
Observed the same thing on the 2100 using the reset button. Steve Wheeler
12:41 AM pfSense Plus Regression #14378 (Confirmed): Packages are not removed when using the hardware reset button
More precisely it appears that packages are re-installed after rebooting into the new config.
This does not happen... Steve Wheeler
12:34 PM Regression #14370 (Waiting on Merge): Console and system log may contain unnecessary Netlink debug messages from IPsec
Committed as https://cgit.freebsd.org/src/commit/?id=fa554de7746d88959738e4cb978608af8ce479c1
We'll get that with ... Kristof Provost
10:05 AM Regression #14377 (Waiting on Merge): Cannot add a QinQ interface to a bridge
Fix in https://cgit.freebsd.org/src/commit/?id=92c23f6d9c2074f6deb0029d13a8c92b32797059
We'll pick that up with th... Kristof Provost
06:31 AM Regression #14377: Cannot add a QinQ interface to a bridge
I can also reproduce this on base FreeBSD. It appears to be due to incorrect locking in if_vlan, possibly as a result... Kristof Provost
07:13 AM Feature #14379 (New): pftop - filter preset
make please filter preset in Diagnostic -> pfTop, like Status -> Monitoring (add view) Evgeny Korostelev
12:17 AM Revision af317696: Add VLAN support validation for the Packet Capture interface. Fix #14376
Marcos M

05/11/2023

11:58 PM Regression #14377 (Closed): Cannot add a QinQ interface to a bridge
Attempting to create a bridge with a QinQ member results in the GUI timing out.
An existing bridge with a QinQ mem... Steve Wheeler
07:20 PM Revision 0fe74727: net/keama: add Kea migration assistant to build for development and testing
Christian McDonald
07:15 PM Revision c8014348: Replace abbreviated links from System menu
Christian McDonald
05:17 PM pfSense Packages Bug #14287: pfBlockerNG does not uninstall cleanly when using RAM disks
No joy with the new 2.2.2 system patches:... Loh Phat
05:04 PM Bug #14376 (Resolved): Packet captures can fail to start on loopback and encapsulated IP interfaces
Packet capture fails to start if interface is enc0 (IPSec) and any custom filter configuration present.
"Any" type f... Georgiy Tyutyunnik
04:35 PM Bug #14373: System crashes or may become unresponsive with Captive Portal
Mark doesn't think his fix would affect this.
Having looked a bit more, I have a different theory.
Thread 100008 ... Kristof Provost
12:50 PM Bug #14373: System crashes or may become unresponsive with Captive Portal
The config uploaded to the file drop for internal testing - folder 1328742557 Lev Prokofev
12:40 PM Bug #14373: System crashes or may become unresponsive with Captive Portal
That backtrace has me suspecting that this may actually be a fix: https://cgit.freebsd.org/src/commit/?id=7b92493ab1d... Kristof Provost
12:10 PM Bug #14373: System crashes or may become unresponsive with Captive Portal
Summarising the discussions we've had so far: it appears that the issue is that something is holding the PF_RULES loc... Kristof Provost
11:31 AM Bug #14373 (Resolved): System crashes or may become unresponsive with Captive Portal
Symptoms
Captive Portal gets stuck (no internet or network access), sometimes service restart can fix it. Sometime... Lev Prokofev
03:34 PM pfSense Docs New Content #14317: Add docs for Ethernet Filtering (Plus Only)
I also added a recipe to configure an AT&T style WAN using Ethernet rules and other recent features:
https://gitla... Jim Pingle
03:34 PM pfSense Docs New Content #14375 (Resolved): Add recipe for AT&T fiber ONT/Modem auth bridge setup
Add a recipe covering the typical AT&T ONT/Modem auth bridge setup now possible using the GUI alone.
Source doc wi... Jim Pingle
01:31 PM Regression #14374: Static ARP entries are not configured at boot
Found Work-around for Rebooting is to use the "ShellCmd" package to run "arp -s <IPAddr> <MAC_Addr>" on boot for each... Jeff Kuehl
01:27 PM Regression #14374 (Resolved): Static ARP entries are not configured at boot
Not Sure if Category of "Aliases / Tables" is correct for ARP issues, or otherwise we could put on "DHCP Server" cate... Jeff Kuehl
01:16 PM Regression #14370: Console and system log may contain unnecessary Netlink debug messages from IPsec
I've proposed https://reviews.freebsd.org/D40062 upstream as a slightly more general improvement. Kristof Provost
10:08 AM pfSense Packages Feature #14372 (New): More advanced filter options on snort interface rules
Hello community,
I think it would make sense to integrate a text search field for the interface rules filter, which ... Fabian Winzinger
07:51 AM Regression #12821 (Waiting on Merge): Intel e1000 driver (``em``, ``igb``) cannot pass packets tagged with VLAN ``0``
This will be fixed with https://cgit.freebsd.org/src/commit/?id=0229fab2fe0eed843ebec98fd31b7d49bb2e8438 Kristof Provost
02:20 AM Revision 0ba64c06: Switch exclusively over to Python 3.11
Brad Davis
12:18 AM Bug #14056: DNS Resolver experiences intermittent resolution failures with SSL over TLS due to ASLR
https://forum.netgate.com/post/1104001
This issue is not unique to pfSense. We do have a workaround:
# Stop the Unb... Marcos M

05/10/2023

10:55 PM Bug #2218 (Feedback): CARP VIPs can become master too early at boot time
Applied in changeset commit:62fb07c8163b1cf8731d944fe958071f73f43ef8. Reid Linnemann
10:44 PM Revision 62fb07c8: Disable CARP until services have started and before shutdown/reboot. Fixes #2218
CARP has historically been enabled as part of interface bringup and sync setup
fairly early in rc.bootup. This change... Reid Linnemann
10:08 PM Bug #14371 (New): Firewall does not respond to UDP traceroute requests over IPsec
Tested on @23.01@.
pfSense itself does not respond to UDP traceroutes when it receives the request over IPsec (bot... Marcos M
08:51 PM Revision 211d0196: Relocate ConfigLibTest.php to new tests directory
To correctly handle running test in situ, add set_include_path() call to add
relative src/etc/inc path to the include... Reid Linnemann
06:21 PM Bug #14056: DNS Resolver experiences intermittent resolution failures with SSL over TLS due to ASLR
This is a regression, I believe, and definitely does not just affect 9.9.9.9. No settings changes occurred when I fi... Doug Miles
05:16 PM pfSense Docs Todo #14362 (Closed): Feedback on Troubleshooting — Troubleshooting Multiple Disks
Note added: https://gitlab.netgate.com/docs/pfSense-docs/-/commit/b803c0aa71d0a9f35ed5986a5f2ac57ef029404a Jim Pingle
04:53 PM Regression #14368 (Duplicate): Intermittent DNS failures
Duplicate of #14056 Jim Pingle
12:00 AM Regression #14368: Intermittent DNS failures
I've noticed the same since 2.7 snapshots for a long time. At first, I suspected my WiFi system but I eventually rule... Brad Smith
04:04 PM Regression #14370: Console and system log may contain unnecessary Netlink debug messages from IPsec
https://gitlab.netgate.com/pfSense/FreeBSD-src/-/merge_requests/126 went into plus-RELENG_23_05, not anywhere else. T... Kristof Provost
03:47 PM Regression #14370: Console and system log may contain unnecessary Netlink debug messages from IPsec
It's worth noting that at the moment I'm only seeing this on CE snapshots and not on Plus.
 Jim Pingle
12:55 PM Regression #14370 (Resolved): Console and system log may contain unnecessary Netlink debug messages from IPsec
At boot when setting up IPsec and some event after, there is a netlink debug message that gets logged multiple times:... Jim Pingle
02:07 PM Todo #14307 (Resolved): Update miniupnpd to 2.3.3
Marking this as closed, as miniupnpd has been updated. Christian McDonald
12:50 PM Regression #14163 (Resolved): Running ``ifconfig`` logs a high volume of netlink debug messages (``genl_handle_message``) on dev snapshots
The errors when running ifconfig and some others are gone, but there are still some others I see here and there that ... Jim Pingle
12:15 PM Regression #14163 (Feedback): Running ``ifconfig`` logs a high volume of netlink debug messages (``genl_handle_message``) on dev snapshots
This was merged: https://gitlab.netgate.com/pfSense/FreeBSD-src/-/merge_requests/126 Jim Pingle
12:22 PM Regression #14086 (Resolved): Current snapshot builds missing most kernel modules that were on previous builds/releases
The additional modules are back on RC snapshots as expected.... Jim Pingle
12:19 PM pfSense Packages Bug #14366 (Resolved): Enabling IPv6 DNSBL pfb_dnsbl service startup failure
Jim Pingle
02:37 AM pfSense Packages Bug #14366: Enabling IPv6 DNSBL pfb_dnsbl service startup failure
The patch works for me. The DNSBL now starts again. Thank you! Glenn Hall

05/09/2023

09:58 PM pfSense Packages Bug #14369: DNSBL Parsing error when DNSBL Mode "Unbound python mode".
pfBlockerNG-devel ver 3.2.0_4 Jens Kristensen
09:50 PM pfSense Packages Bug #14369 (Closed): DNSBL Parsing error when DNSBL Mode "Unbound python mode".
Hi,
First, Thank you for this EXCELLENT package!
This may very well be a user-error. In that case I apologize.
... Jens Kristensen
09:05 PM Regression #14368: Intermittent DNS failures
This is actually for *23.01*
That somehow posted before I had finished typing and checking everything. Here are t... Doug Miles
08:54 PM Regression #14368 (Duplicate): Intermittent DNS failures
When DNS Resolver is set to forwarding mode and "Use SSL/TLS for outgoing DNS Queries to Forwarding Servers" is enabl... Doug Miles
07:29 PM pfSense Docs New Content #14317 (Feedback): Add docs for Ethernet Filtering (Plus Only)
This should get it the rest of the way for this release:
https://gitlab.netgate.com/docs/pfSense-docs/-/commit/166... Jim Pingle
06:34 PM pfSense Packages Bug #14366: Enabling IPv6 DNSBL pfb_dnsbl service startup failure
Patch is in place for development branches and cherry-picked to 23.05. Christian McDonald
06:24 PM pfSense Packages Bug #14366 (Feedback): Enabling IPv6 DNSBL pfb_dnsbl service startup failure
Christian McDonald
03:42 PM pfSense Packages Bug #14366 (Resolved): Enabling IPv6 DNSBL pfb_dnsbl service startup failure
https://forum.netgate.com/topic/179874/failure-when-starting-pfb_dnsbl-service?lang=en-US Christian McDonald
06:02 PM Feature #13416: Change gateway monitoring actions default to "disabled"
Yes plz! Gateway actions on a single WAN (most of our customers) is silly and only complicates things. Monitoring s... George Phillips
05:27 PM Feature #13416: Change gateway monitoring actions default to "disabled"
Good idea. In my testing, the gateway monitoring action will mark the gateway down, although it is still functional. ... Craig Coonrad
05:22 PM Feature #13416: Change gateway monitoring actions default to "disabled"
Definitely a positive move - limit 'automatic' monitoring to if there's a gateway group existing or maybe just a 'str... Ryan Coleman
05:57 PM Bug #14363 (Resolved): "All" user group overwritten after assigning an existing user to a group
Patch fixed the issue. Marcos M
03:15 PM Bug #14363 (Feedback): "All" user group overwritten after assigning an existing user to a group
Applied in changeset commit:a2a2e8a8bee55d5b0c393d2c2d311a2fc8903bce. Jim Pingle
03:03 PM Bug #14363 (In Progress): "All" user group overwritten after assigning an existing user to a group
Looks like more PHP weirdness. There are several loops in @local_user_set_groups()@ and each uses a variable @$group@... Jim Pingle
02:03 AM Bug #14363 (Resolved): "All" user group overwritten after assigning an existing user to a group
Tested on @23.01@.
Steps to reproduce on a default configuration:
# Create a new user; assign a password, no grou... Marcos M
04:52 PM Bug #14313 (Assigned): Unable to create nested URL table aliases
Tested on 23.01 and on 23.05-RC (built on Tue May 09 02:36:47 UTC 2023)
I tried to create nested URL table alias b... Azamat Khakimyanov
04:28 PM Bug #14367: Captive Portal connected page logo does not load
See the attached example.
I'm not sure why it would fetch from the redirect's domain instead of the firewall's dom... Marcos M
03:53 PM Bug #14367: Captive Portal connected page logo does not load
That doesn't make much sense. Relative paths would only affect a local image file, not one coming from a remote URL. ... Jim Pingle
03:51 PM Bug #14367 (New): Captive Portal connected page logo does not load
The Captive Portal connected page logo does not load. It seems to be due to the use of relative paths given that the ... Marcos M
03:07 PM Revision a2a2e8a8: Work around PHP var ref scope weirdness. Fixes #14363
Jim Pingle
12:45 PM Regression #14365 (Feedback): PHP error in RSS widget after saving settings
Applied in changeset commit:7b69f93c2b8f642c5abc6b714d36f7f0b76ba8b6. Jim Pingle
12:36 PM Regression #14365 (Resolved): PHP error in RSS widget after saving settings
If you save settings for the RSS widget, the widget generates a PHP error.
This happens even with the default sett... Jim Pingle
12:39 PM Revision 7b69f93c: Ensure RSS widget number values are treated as int. Fixes #14365
Jim Pingle
08:50 AM pfSense Packages Bug #14364 (Confirmed): APCUPSD unable to process date string
Hi,
After upgrading on a new install from 2.6.0 to + v23.01 (on amd64 if relevant) I'm unable to use the apcupsd w... Lloyd Collins
01:52 AM Bug #14361 (Duplicate): pfSense writes erroneous tunnel network in OpenVPN client configuration despite being provided a valid tunnel network
Thanks for the report. This has already been fixed. See https://redmine.pfsense.org/issues/13350 Marcos M
01:25 AM Bug #14361 (Duplicate): pfSense writes erroneous tunnel network in OpenVPN client configuration despite being provided a valid tunnel network
Please see the following Reddit post: https://www.reddit.com/r/PFSENSE/comments/11tyu6k/openvpn_site_to_site_ssltls_i... James Dekker
01:32 AM pfSense Docs Todo #14362 (Closed): Feedback on Troubleshooting — Troubleshooting Multiple Disks
*Page:* https://docs.netgate.com/pfsense/en/latest/troubleshooting/multiple-disks.html
*Feedback:*
Some users hav... Marcos M
01:27 AM Regression #13943 (Resolved): OpenVPN crashes with Signal 8 with very low fragment size
I could not reproduce the issue on @23.05.r.20230505.1836@. Marcos M
01:12 AM pfSense Docs Todo #14360 (Closed): Feedback on pfSense® software Configuration Recipes — Virtualizing with Proxmox® VE
*Page:* https://docs.netgate.com/pfsense/en/latest/recipes/virtualize-proxmox-ve.html
*Feedback:*
To enable AES-N... Joshua Fox

05/08/2023

08:23 PM Bug #14356: URL scheme is not properly validated in some cases
Thank you for looking at this, I thought I should share it as it could possibly be used with a zero day if it is not ... Jonathan Lee
07:15 PM Bug #14356: URL scheme is not properly validated in some cases
I just don't want to get caught in a situation where something big relies on the current behavior that would be a pai... Jim Pingle
05:46 PM Bug #14356: URL scheme is not properly validated in some cases
Different areas behave differently, however they all expect a valid URL with a scheme. For example:
* The OpenVPN in... Marcos M
02:12 PM Bug #14356: URL scheme is not properly validated in some cases
Marcos M wrote in #note-3:
> This currently affects multiple areas:
Affects how? They get a PHP error? Or they fa... Jim Pingle
08:01 PM pfSense Docs New Content #14317: Add docs for Ethernet Filtering (Plus Only)
More progress: https://gitlab.netgate.com/docs/pfSense-docs/-/commit/8959bb98382c02b4d531493d898fb9050abb35ea Jim Pingle
07:16 PM pfSense Docs New Content #14317: Add docs for Ethernet Filtering (Plus Only)
Reorganized Advanced options and added the Ethernet Rules option along the way: https://gitlab.netgate.com/docs/pfSen... Jim Pingle
07:10 PM Todo #14359 (New): Reorganize Advanced Options
The placement of several options under the various Advanced options tabs doesn't make much sense in current versions.... Jim Pingle
04:43 PM Bug #14358: Discrepancy in "TTL for Host Cache Entries" Description
That is a bit awkward as it is. The stored value and value in the backend is in seconds but at some point the GUI dro... Jim Pingle
04:20 PM Bug #14358 (Resolved): Discrepancy in "TTL for Host Cache Entries" Description
Hello,
There appears to be a discrepancy in the description. Services / DNS Resolver / Advanced Settings - TTL fo... Jason Bauman
02:21 PM Revision 89803e07: Fix net/miniupnpd 2.3.3 build
Christian McDonald
02:05 PM Feature #14294: Add option to disable update-optimization.
PR link: https://github.com/pfsense/pfsense/pull/4637 Jim Pingle
01:50 PM Regression #14351 (Resolved): Ram Disks are not created at boot.
Same here. On a system where I hit that error on the previous builds, a current build works without error. RAM disks ... Jim Pingle
01:48 PM pfSense Plus Bug #14357 (Feedback): Making Changes to DNS Resolution Behavior Causes DNS Servers to be Lost
I can't reproduce this here. Where exactly are they missing from?
If I change that mode from the default (use local,... Jim Pingle
01:42 PM pfSense Docs New Content #14355: Create new doc about managing ``/boot/loader.conf.local``
That file is mentioned many times throughout the docs, and having to mention every time that the file should be creat... Jim Pingle
01:34 PM Bug #14354: Outbound NAT rule input validation error when attempting to manually specify "Other Subnet" with a valid address
Looks like it might just be one inverted test tripping it up but it needs more time/testing to ensure this change doe... Jim Pingle

05/07/2023

10:36 PM Bug #2218: CARP VIPs can become master too early at boot time
I thought I had responded to this ticket but I must have gotten distracted before I hit submit.
I have changes tha... Reid Linnemann
10:13 PM Bug #2218 (Pull Request Review): CARP VIPs can become master too early at boot time
Thanks for the contribution. There's already a merge request being reviewed internally for this issue:
https://gitlab... Marcos M
07:58 PM Bug #2218: CARP VIPs can become master too early at boot time
I already have a working implementation to delay CARP at bootup. I just pushed it to github.
It starts carp in mai... Andreas Pross
08:30 PM Bug #14356 (Pull Request Review): URL scheme is not properly validated in some cases
In all uses of the function @is_URL()@, the URL scheme is required. If the subdomain @www@ is specified, the function... Marcos M
03:42 AM Bug #14356: URL scheme is not properly validated in some cases
Exactly the steps I did to reproduce the issue. Thank you for checking. Jonathan Lee
03:40 AM Bug #14356: URL scheme is not properly validated in some cases
Tested this in pfSense Plus 23.05 RC builds from May 6th. Created an Alias called "Test Alias" that was set to "Host... Kris Phillips
12:39 PM pfSense Packages Feature #9721 (Resolved): add squidclient -h 127.0.0.1 mgr:info output to Diagnostics / Squid and status.php
Tested on 23.01
There is /Services/Squid/Status page and this page has correct /status_squid.php address
I marked t... Azamat Khakimyanov
04:11 AM Regression #14351: Ram Disks are not created at boot.
seeing tmpfs for /tmp and /var according to the dashboard widget with 23.05.r.20230505.1836 Jordan G
03:43 AM Bug #14354: Outbound NAT rule input validation error when attempting to manually specify "Other Subnet" with a valid address
I can confirm this bug. This can be easily worked around by adding a VIP with a type of "Other" and then using that ... Kris Phillips
02:42 AM pfSense Plus Bug #14357 (Closed): Making Changes to DNS Resolution Behavior Causes DNS Servers to be Lost
If DNS servers are define by DHCP in pfSense Plus 23.05 and you change the DNS Resolution Behavior under System --> G... Kris Phillips

05/06/2023

11:01 PM Bug #14356 (Resolved): URL scheme is not properly validated in some cases
Hello fellow pfSense Redmine community members can you please help?
If you generate an error inside of an Aliases ... Jonathan Lee
10:06 PM pfSense Docs New Content #14355 (Closed): Create new doc about managing ``/boot/loader.conf.local``
*Page:* https://docs.netgate.com/pfsense/en/latest/hardware/tune.html
*Feedback:*
The file "/boot/loader.conf.loc... Jason Self
07:57 PM pfSense Packages Regression #13984: PHP errors with squid
Thanks for your reply.
For those logs you reviewed the user could not reinstall the package as it would not fully... Jonathan Lee
04:37 PM pfSense Packages Regression #13984: PHP errors with squid
The patch can't be applied to non-existent files, hence (re)installing the package will trigger issues resolved by th... Marcos M
01:57 PM pfSense Plus Regression #14137 (Feedback): pfSense Plus Upgrade repo data remains on the system after upgradng
Fixed in the latest pfSense-upgrade. Luiz Souza
08:42 AM pfSense Packages Bug #12705 (Resolved): IPsec Profile Wizard/Apple: IKEv2 VPN with ECDSA server certificate does not connect using generated profile
Tested EAP-TLS using ECDSA certs - works fine
Tested EAP-RADIUS using ECDSA certs - works fine
I am marking this ... Danilo Zrenjanin
06:59 AM pfSense Plus Feature #13227: Group-based Mobile IPsec Virtual Address Pool assignment via RADIUS
Christopher de Haas wrote in #note-3:
> I very much hope to see this in an upcoming version. We currently have to us... Tue Madsen
06:52 AM pfSense Packages Bug #13632 (Resolved): tailscale does not survive reboot on pfsense with ram disk in use
Danilo Zrenjanin
06:51 AM pfSense Packages Bug #13632: tailscale does not survive reboot on pfsense with ram disk in use
Tested against:... Danilo Zrenjanin
04:24 AM Bug #14354 (Resolved): Outbound NAT rule input validation error when attempting to manually specify "Other Subnet" with a valid address
I believe I have stumbled upon a bug within the WebUI while attempting to create brand new outbound NAT rule with a m... Sum Fox

05/05/2023

10:19 PM pfSense Plus Regression #14137: pfSense Plus Upgrade repo data remains on the system after upgradng
aleksei prokofiev wrote in #note-1:
> Also, if package manager unavailable, may help next solution
> Check and then... Grant Macdonald
09:54 PM pfSense Plus Feature #13227: Group-based Mobile IPsec Virtual Address Pool assignment via RADIUS
I very much hope to see this in an upcoming version. We currently have to use openvpn instances or full pfSense insta... Christopher de Haas
08:36 PM pfSense Packages Regression #13984: PHP errors with squid

This patch fixed the issue with the other user ben and the HA use, but the other user Hugo still has issues reinsta... Jonathan Lee
08:24 PM Bug #14353: Dynamics DNS Widget only showing host name without domain for Azure DNS service
Scenario:
Configure Dynamic DNS Update for an Azure DNS host entry, add dynamic DNS status widget to the dashboard.... Sean M
05:30 PM Bug #14353 (New): Dynamics DNS Widget only showing host name without domain for Azure DNS service
Currently the Azure dynamic DNS service doesn't show the host + domain and only shows the host name on the status wid... Sean M
07:39 PM pfSense Plus Bug #8600: "snmpd SIOCGIFDESCR (e6000sw0port1): Device not configured"
Jim Pingle wrote in #note-12:
> Martin Stockzell wrote in #note-11:
> > Jim Pingle wrote in #note-10:
> > > See #1... Martin Stockzell
07:38 PM pfSense Plus Bug #8600: "snmpd SIOCGIFDESCR (e6000sw0port1): Device not configured"
Martin Stockzell wrote in #note-11:
> Jim Pingle wrote in #note-10:
> > See #13976 -- it's already fixed on 23.05 s... Jim Pingle
07:36 PM pfSense Plus Bug #8600: "snmpd SIOCGIFDESCR (e6000sw0port1): Device not configured"
Jim Pingle wrote in #note-10:
> See #13976 -- it's already fixed on 23.05 snapshots
My bad I actually thought it ... Martin Stockzell
07:28 PM pfSense Plus Bug #8600: "snmpd SIOCGIFDESCR (e6000sw0port1): Device not configured"
See #13976 -- it's already fixed on 23.05 snapshots Jim Pingle
07:27 PM pfSense Plus Bug #8600: "snmpd SIOCGIFDESCR (e6000sw0port1): Device not configured"
Unfortunatly it's back...
@May 5 21:20:06 snmpd 15562 SIOCGIFDESCR (e6000sw0port3): Device not configured
May 5 21:2... Martin Stockzell
07:27 PM pfSense Plus Feature #14339: Sort interfaces by name/custom order
I meant to add, if you just want the cosmetic sorting there is an option for that under System > General and it can b... Jim Pingle
06:54 PM pfSense Docs New Content #14317: Add docs for Ethernet Filtering (Plus Only)
I started on them here:
https://gitlab.netgate.com/docs/pfSense-docs/-/commit/8c98f9424906a84009ddd9b0640c633d0ca6... Jim Pingle
05:56 PM pfSense Docs New Content #14317 (In Progress): Add docs for Ethernet Filtering (Plus Only)
Jim Pingle
06:39 PM pfSense Plus Bug #14340 (Resolved): Unicast CARP XMLRPC sync does not adjust CARP peer address when sycnrhonizing
Jim Pingle
06:39 PM pfSense Plus Bug #14340: Unicast CARP XMLRPC sync does not adjust CARP peer address when sycnrhonizing
tested on:
Version
23.05-BETA (amd64)
built on Wed May 03 06:05:00 UTC 2023
FreeBSD 14.0-CURRENT
patches succe... Georgiy Tyutyunnik
05:45 PM pfSense Docs New Content #14318 (Resolved): Add docs for Unicast CARP (Plus only)
Added:
https://gitlab.netgate.com/docs/pfSense-docs/-/commit/8f027172df25bf58b2051dd6811218b02dcd3c4d
http://st... Jim Pingle
03:48 PM Todo #14352 (New): Virtual IP address configuration input fields are handled inconsistently between VIP types
When editing a VIP, some options are enabled/disabled when changing types (e.g. Address Type, CARP Options) while oth... Jim Pingle
12:25 PM Todo #13508: Uncouple RAM Disk size from available kernel memory
The last commit, @b10998b1951b3e0d1cb74449a6b6dd333b9d292a@, did not work on some systems and triggered a boot time f... Jim Pingle
12:24 PM Regression #14351 (Feedback): Ram Disks are not created at boot.
This was indeed broken by my last change on #13508 somehow. Since that fix was only partial anyhow, reverting that is... Jim Pingle
12:05 PM Regression #14351: Ram Disks are not created at boot.
I was seeing that when I had the RAM disk size set larger than the free memory (but smaller than RAM+SWAP) but not wh... Jim Pingle
11:58 AM Regression #14351 (Resolved): Ram Disks are not created at boot.
RAM disks fail to be created at boot showing the alert:... Steve Wheeler
12:21 PM Revision 1c0fa041: Revert "Correct RAM disk swap calculation. Issue #13508"
This reverts commit b10998b1951b3e0d1cb74449a6b6dd333b9d292a. Jim Pingle
07:20 AM Bug #14350 (New): Captive portal text messages are not translated
See here :
How to translate captive portal reply messages? : https://forum.netgate.com/topic/179878/how-to-transla... Gertjan KROEB
05:36 AM pfSense Packages Bug #14349 (Closed): The ClamAV 0.105.1 got a few vulnerabilities

Current ClamAV 0.105.1 got a few vulnerabilities:
https://blog.clamav.net/2023/02/clamav-01038-01052-and-101-pat... Lev Prokofev
03:27 AM pfSense Packages Feature #10818: UDP Broadcast Relay
I can verify that pkg install *pfSense-pkg-udpbroadcastrelay-1.0.pkg* doesn't work on pfSense 2.6
It would be nice i... I W

05/04/2023

11:09 PM Bug #14077: Kernel panic from incoming IPv6 connections
This evening, I have installed the last beta of 23.05 on my 6100 and done some tests.
Currently no crash.
Thanks. Bruno Dambrine
05:40 PM Revision b08e5eb8: Update make.conf to use correct miniupnpd port options for v2.3.3
Christian McDonald
05:14 PM Todo #14307 (Feedback): Update miniupnpd to 2.3.3
Done.
Patch also submitted upstream: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=271244 Christian McDonald
05:01 PM pfSense Plus Feature #14348 (Resolved): Add unicast CARP indication and peer address to CARP status
On *Status > CARP* (@status_carp.php@) the status of each VHID is printed along with other info about the VIPs.
It... Jim Pingle
04:07 PM Feature #14347: Improve System menu behavior for Certificate Manager privileges
Link to the Pull Request: https://github.com/pfsense/pfsense/pull/4636 Ludovic Morin
04:03 PM Feature #14347 (Resolved): Improve System menu behavior for Certificate Manager privileges
I would like to have a user that can create or revoke certificates but not manage CA.
Currently, if a user does no... Ludovic Morin
03:45 PM pfSense Packages Feature #10818: UDP Broadcast Relay
Idealy the port would be updated upstream in FreeBSD rather than having to run a pfSense-specific build.
For those a... Marcos M
04:32 AM pfSense Packages Feature #10818: UDP Broadcast Relay
The upstream was updated to add additional features to include options such as --allowcidr and --blockcidr:
https://... James G
03:27 PM Bug #14346: Anchor for reordering gateways won't move to bottom position
Jim Pingle wrote in #note-7:
> No, because the order is significant when it comes to automatic selection. Interfaces... Jim Pingle
03:25 PM Bug #14346: Anchor for reordering gateways won't move to bottom position
Michael Kellogg wrote in #note-6:
> could they at least be sorted by name by default to match interfaces sorting ?
... Jim Pingle
03:22 PM Bug #14346: Anchor for reordering gateways won't move to bottom position
could they at least be sorted by name by default to match interfaces sorting ? Michael Kellogg
03:20 PM Bug #14346 (Confirmed): Anchor for reordering gateways won't move to bottom position
I was able to reproduce one problem here. You can't use the anchor to move a gateway to the bottom of the list. You c... Jim Pingle
03:15 PM Bug #14346: Anchor for reordering gateways won't move to bottom position
This may just be a side effect of #12920 and whether or not those gateways have an entry in config.xml or not. If the... Jim Pingle
02:29 PM Bug #14346: Anchor for reordering gateways won't move to bottom position
It seems doesn't save changes if you check the gateway marked as a "Default gateway", can you confirm? Lev Prokofev
02:27 PM Bug #14346 (Not a Bug): Anchor for reordering gateways won't move to bottom position
I'm not able to reproduce this.
* Select a gateway
* Select an anchor to move entry
* Click save
 Christian McDonald
02:13 PM Bug #14346 (Confirmed): Anchor for reordering gateways won't move to bottom position
on page system_gateways.php if you check a gate way then click on anchor where you want it moved to saving it does no... Michael Kellogg
02:02 PM pfSense Packages Feature #9749: 95th percentile missing for quality in monitoring
Would still like to see this fixed or implemented Michael Kellogg
01:52 PM Bug #14345 (Resolved): Default tab on ``firewall_rules.php`` is not selected if the configuration has no WAN interface
If the firewall configuration lacks a WAN interface, the default tab on firewall_rules.php may end up as Floating, or... Jim Pingle
01:01 PM pfSense Plus Bug #14344 (Duplicate): No PHP errors found
Duplicate of #13938 Jim Pingle
10:06 AM pfSense Plus Bug #14344 (Duplicate): No PHP errors found
Crash report begins. Anonymous machine information:
amd64
14.0-CURRENT
FreeBSD 14.0-CURRENT #0 plus-RELENG_23_0... hamza başak
01:01 PM Bug #14343 (Duplicate): No PHP errors found
Duplicate of #13938 Jim Pingle
10:03 AM Bug #14343 (Duplicate): No PHP errors found
Crash report begins. Anonymous machine information:
amd64
14.0-CURRENT
FreeBSD 14.0-CURRENT #0 plus-RELENG_23_0... hamza başak
01:00 PM pfSense Plus Bug #14342 (Rejected): Packages not working
This site is not for support or diagnostic discussion.
For assistance in solving problems, please post on the "Net... Jim Pingle
08:54 AM pfSense Plus Bug #14342 (Rejected): Packages not working
Hello,
I upgraded from community version to plus and the packages do not work.
*Install package:* * Unable to r... Andrei Lazarescu
12:11 AM pfSense Packages Bug #14341 (New): Squid Cache Table Logs Showing incorrect date
Squid - Cache Logs
Date-Time Message
31.12.1969 16:00:00
31.12.1969 16:00:00
31.12.1969 16:00:00
31.12.1969 1... Jonathan Lee
12:07 AM pfSense Packages Regression #13984: PHP errors with squid
Thanks, I appreciate you. I posted the information about this to the Netgate forum again. Jonathan Lee

05/03/2023

11:43 PM pfSense Packages Regression #13984: PHP errors with squid
This should resolve the error, thanks! Marcos M
10:19 PM pfSense Packages Regression #13984: PHP errors with squid
I got another user https://forum.netgate.com/user/hugoeyng to test with their PHP errors this was his result.
@jona... Jonathan Lee
08:42 PM pfSense Packages Regression #13984: PHP errors with squid
Installed and no errors so far. System running.
Thank you. This is with the change you made. Jonathan Lee
03:00 PM pfSense Packages Regression #13984: PHP errors with squid
Thanks for the test (no need to post patch details). Feel free to try again with the updated squidGuard patch. Marcos M
06:16 AM pfSense Packages Regression #13984: PHP errors with squid
It just dawned on me I use both modes on Squid transparently and SSL Intercept is this a problem with me using this p... Jonathan Lee
06:01 AM pfSense Packages Regression #13984: PHP errors with squid
Other Patch debug does not show 64 in debug Jonathan Lee
06:00 AM pfSense Packages Regression #13984: PHP errors with squid
<removed patch success details> Jonathan Lee
05:52 AM pfSense Packages Regression #13984: PHP errors with squid
I ran into an error and had to revert back. Attached is the error. Jonathan Lee
05:47 AM pfSense Packages Regression #13984: PHP errors with squid
One error after reboot
 Jonathan Lee
05:34 AM pfSense Packages Regression #13984: PHP errors with squid
I appreciate all you do. Testing attached patches, I noticed you adjusted clam AV or Squids antivirus to store on the... Jonathan Lee
03:41 AM pfSense Packages Regression #13984 (Pull Request Review): PHP errors with squid
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/337
Patch for both squid and squidGuiard are att... Marcos M
08:38 PM pfSense Packages Regression #13958 (Resolved): Snort exits with signal 10 on arm32
This looks good in current snaps:
pfSense-23.05.b.20230503.0600
pfSense-pkg-snort-4.1.6_7
snort-2.9.20_3 Steve Wheeler
07:40 PM pfSense Plus Bug #14340 (Feedback): Unicast CARP XMLRPC sync does not adjust CARP peer address when sycnrhonizing
Fixed by the following commits:
* https://gitlab.netgate.com/pfSense/factory/-/commit/8d52ac6d5cdfc7173c03ce106ead... Jim Pingle
07:21 PM pfSense Plus Bug #14340 (Resolved): Unicast CARP XMLRPC sync does not adjust CARP peer address when sycnrhonizing
When XMLRPC sync is enabled for VIPs and the primary has a unicast CARP VIP configured, the VIP is copied to the seco... Jim Pingle
04:59 PM Regression #14172 (Resolved): PHP error in Captive Portal if ``usedmacs`` list is empty
The change fixes the error. I could induce the error before by manually running @captiveportal_write_usedmacs_db("");... Jim Pingle
04:06 PM Bug #14045 (Resolved): ``pfSense-boot`` can fail to copy the EFI bootloader
This has been working smoothly for some time now. Jim Pingle
03:55 PM Regression #14164 (Resolved): IPv6 interface configuration race condition can lead to kernel panic
No subsequent reports of this that I'm aware of. Jim Pingle
03:55 PM Bug #14335 (Resolved): Associated firewall rule for NAT port forward does not inherit ``nosync`` property, gets synchronized
Working as expected on current snapshots. Associated firewall rule inherits the nosync property, and neither the NAT ... Jim Pingle
11:33 AM Bug #14335: Associated firewall rule for NAT port forward does not inherit ``nosync`` property, gets synchronized
That is a separate issue: #14316 -- I found this one when testing and fixing that one.
To test this one properly, ... Jim Pingle
06:36 AM Bug #14335: Associated firewall rule for NAT port forward does not inherit ``nosync`` property, gets synchronized
In my testing before and after applying the patch, both the port forward and firewall-associated rule get copied to t... Danilo Zrenjanin
03:45 PM Todo #13508: Uncouple RAM Disk size from available kernel memory
There is a chicken/egg problem here that will need more time to solve properly to allow creating RAM disks at boot th... Jim Pingle
02:47 PM Todo #13508 (In Progress): Uncouple RAM Disk size from available kernel memory
Looks like there is still a problem here. The memory calculation in source:src/etc/rc.ramdisk_functions.sh is still u... Jim Pingle
03:39 PM Revision b10998b1: Correct RAM disk swap calculation. Issue #13508
It was not factored into the shell version as it should be (still a
problem here, see Redmine).
It was also returnin... Jim Pingle
03:35 PM Regression #14338 (Resolved): PHP error from empty separator
Confirmed resolved on current snapshots. Jim Pingle
03:26 PM Revision a33abf9d: Start building frr8 for development and testing. For #13575
Christian McDonald
02:42 PM Bug #14035 (Resolved): PHP error when attempting to create a GIF interface when ``if_gif`` kernel module is not loaded
This is working well on current snapshots. Creating a GIF on a 3100 (ARMv7) loads the module and no longer generates ... Jim Pingle
02:40 PM Todo #13492 (Resolved): Start ``rtsold`` immediately after ``dhcp6c`` sends a request
Jim Pingle
02:39 PM Bug #13939 (Resolved): IPv6 does not work on secondary PPPoE WAN
Renato says this is working well on current snapshots and can be closed. Jim Pingle
02:37 PM pfSense Plus Regression #13895: Early boot hangs on Hyper-V with Gen2 VMs
I never could replicate the original hang here, but my Hyper-V test VM (Gen2, ZFS) upgraded fine from 23.01 to 23.05 ... Jim Pingle
02:30 PM Feature #14255 (Resolved): Support for Intel PCH temperature values in thermal sensors
Jim Pingle
02:30 PM Bug #13003 (Resolved): Malicious Driver Detection event on ``ixl(4)`` driver
Jim Pingle
02:29 PM Bug #13014 (Resolved): Deadlock in Charon VICI interface
Jim Pingle
02:26 PM Feature #13382 (Resolved): Packet Capture GUI with granular control
Still seems to be OK at least with the light testing I've done. If any new problems come up they can go into separate... Jim Pingle
02:18 PM pfSense Plus Bug #13976: SNMP logs "Device not configured" error message when queries involve built-in switch port interfaces
Before upgrading to the current snapshot:... Jim Pingle
01:53 PM pfSense Plus Bug #13976 (Resolved): SNMP logs "Device not configured" error message when queries involve built-in switch port interfaces
Christian McDonald
01:53 PM pfSense Plus Feature #14308 (Resolved): Support for Ethernet (L2) filtering rules
Latest snapshot has the updated help text and experimental note. Christian McDonald
01:11 PM Regression #14072 (Resolved): No working IPv6 gateway if upstream RA does not contain M or O flags because rtsold does not execute script
Tested latest Plus (23.05.b.20230503.0600) and CE (2.7.0.a.20230503.0600) snapshots and both are working well with th... Jim Pingle
12:53 PM Regression #14091 (Resolved): The "Kill States" button does not work consistently
Looks good on today's snapshot. I can kill states for a single address or a subnet. The states are actually removed a... Jim Pingle
11:36 AM pfSense Plus Feature #14339 (Rejected): Sort interfaces by name/custom order
The interface order is significant and must be maintained. Allowing this safely would require significant changes to ... Jim Pingle
04:04 AM pfSense Packages Bug #14287: pfBlockerNG does not uninstall cleanly when using RAM disks
Chris W wrote in #note-7:
> It looks like the issue you're seeing is due to a greater PHP problem as a result of u... Loh Phat

05/02/2023

10:09 PM pfSense Plus Feature #14339: Sort interfaces by name/custom order
This also applies to the VLAN page, where the vlans are listed in the order they were added. There is a way to sort t... douglas meyer
10:05 PM pfSense Plus Feature #14339 (Rejected): Sort interfaces by name/custom order
On the interfaces > assignments page, interfaces are displayed in the order I added them to my pfSense unit, instead ... douglas meyer
07:55 PM Regression #14338 (Feedback): PHP error from empty separator
Fixed by commit:9dd708be53639e1760d741c049f95f8ac7d56c35 Jim Pingle
07:53 PM Regression #14338 (Resolved): PHP error from empty separator
If the configuration contains an empty separator entry, it can lead to a PHP error:... Jim Pingle
07:55 PM Regression #14091 (Feedback): The "Kill States" button does not work consistently
Okay I have fixes in the PHP module that properly fixes #9270, which was still a bug and likely related to this issue. Christian McDonald
07:54 PM Revision 9dd708be: Fix PHP 8.x issues in separator functions. Fixes #14338
Jim Pingle
07:48 PM pfSense Packages Regression #13958 (Feedback): Snort exits with signal 10 on arm32
patches for armv7 are now in our tree. Christian McDonald
07:40 PM Revision e79a872f: Remove unnecessary utf8_encode'ing to pfSense_kill_states arguments. Partial #9270
Christian McDonald
05:38 PM Bug #14052 (Resolved): Bridge interface is not properly validated when submitted on ``interfaces_bridge_edit.php``
I can't get any problematic input past the new input validation. Looks solid to me.
 Jim Pingle
05:35 PM Regression #14336 (Resolved): Firewall logs do not show the rule description
Patches fixed the issue. Marcos M
05:15 PM Regression #14336 (Feedback): Firewall logs do not show the rule description
Looks like the user label is in there first, not last, but my logs were so full of default deny blocks (one label, so... Jim Pingle
05:06 PM Regression #14336: Firewall logs do not show the rule description
Nevermind, I see it now. It worked in some cases but not all. Jim Pingle
05:02 PM Regression #14336: Firewall logs do not show the rule description
Make sure you're on the latest snapshot, not just applying the patch. It's possible your module is out of date.
It w... Jim Pingle
05:01 PM Regression #14336 (Confirmed): Firewall logs do not show the rule description
I applied the patch and the rule column now shows:
> id:1677444350 (1677444350)
The user description is still mis... Marcos M
01:04 PM Regression #14336 (Feedback): Firewall logs do not show the rule description
Applied in changeset commit:e472f96d82add603c187bf71cb5eb2cf5d44753c. Jim Pingle
12:42 PM Regression #14336 (In Progress): Firewall logs do not show the rule description
The structure of the labels returned by @pfSense_get_pf_rules()@ changed but it appears to be a simple change to fix. Jim Pingle
05:21 PM pfSense Plus Regression #14137 (In Progress): pfSense Plus Upgrade repo data remains on the system after upgradng
Luiz said he and Steve W. will work together on solving this. Jim Pingle
05:10 PM Revision 9f3f2b6f: Use first label, not last. Fixes #14336
Jim Pingle
04:58 PM Feature #14337 (Resolved): Allow SMTP notifications from non-root processes
The changes to address #14031 removed the ability for non root processes to send notifications. This one line change ... Denny Page
04:50 PM Bug #14031: Identical SMTP notifications repeat in an infinite loop under certain conditions
It's too late for this issue / Plus 23.05, but if you want to open a new Redmine issue and propose it there we can co... Jim Pingle
04:41 PM Bug #14031: Identical SMTP notifications repeat in an infinite loop under certain conditions
I would like to propose a small change to this fix. It is a "one liner," which maintains the ability to send notifica... Denny Page
04:40 PM Regression #14072 (Feedback): No working IPv6 gateway if upstream RA does not contain M or O flags because rtsold does not execute script
And Jim merged that, so this should be fixed in the next snapshot. Kristof Provost
04:26 PM Regression #14072: No working IPv6 gateway if upstream RA does not contain M or O flags because rtsold does not execute script
I've merged the rtsol change to our branches and propose this PHP tweak: https://gitlab.netgate.com/pfSense/pfSense/-... Kristof Provost
12:54 PM Regression #14072 (In Progress): No working IPv6 gateway if upstream RA does not contain M or O flags because rtsold does not execute script
Jim Pingle
09:21 AM Regression #14072: No working IPv6 gateway if upstream RA does not contain M or O flags because rtsold does not execute script
Proposed rtsol change: https://reviews.freebsd.org/D39931
(We'll also need a change in the PHP code to set '-A' ra... Kristof Provost
04:36 PM Revision 16bf36e0: Have rtsold always call the script, even if 'M' or 'O' bits are not set
Kristof Provost
04:36 PM pfSense Packages Regression #13984: PHP errors with squid
Additional errors:... Marcos M
03:47 PM Regression #14086 (Feedback): Current snapshot builds missing most kernel modules that were on previous builds/releases
Brad changed this back in crossbuild commit @02433536277d0174f62118ac2255676c88ee4f09@ on the RELENG_23_05 branch so ... Jim Pingle
03:38 PM pfSense Plus Feature #14308 (Feedback): Support for Ethernet (L2) filtering rules
Option text updated in https://gitlab.netgate.com/pfSense/factory/-/commit/3bc930fcb786a4b0fa264c093150f3d27b31f1ae
... Jim Pingle
02:49 PM pfSense Plus Feature #14308 (In Progress): Support for Ethernet (L2) filtering rules
To me for a tiny change, going to add a warning to the enable option marking this as beta/experimental for this relea... Jim Pingle
03:20 PM Bug #14335 (Feedback): Associated firewall rule for NAT port forward does not inherit ``nosync`` property, gets synchronized
Fixed in commit:3eee2ed7605c1e8ac5929fcc844b5d45a371d6a5 Jim Pingle
02:33 PM Bug #14335 (In Progress): Associated firewall rule for NAT port forward does not inherit ``nosync`` property, gets synchronized
This is a much smaller fix than I anticipated. Commit inbound.
 Jim Pingle
03:12 PM pfSense Plus Bug #13976 (Feedback): SNMP logs "Device not configured" error message when queries involve built-in switch port interfaces
Fixed. Luiz Souza
02:54 PM Feature #14050 (Resolved): Support for ``iwlwifi`` wireless interfaces
The change is present in the code. No hardware available to check if it works and no feedback, so for now we will ass... Jim Pingle
02:51 PM Bug #14077 (Resolved): Kernel panic from incoming IPv6 connections
Jim Pingle
02:50 PM Feature #13054 (Resolved): Package plugin hook for web server configuration stanzas
Jim Pingle
02:50 PM Regression #14316 (Resolved): Filter/NAT rules configured with "No XMLRPC Sync" enabled are still synchronized
This is working as expected now. Rules marked nosync are no longer being synchronized. Jim Pingle
01:25 PM Regression #14316: Filter/NAT rules configured with "No XMLRPC Sync" enabled are still synchronized
Updating subject for release notes. Jim Pingle
02:33 PM Revision 3eee2ed7: Repsect NAT nosync for assoc rules. Fixes #14335
Jim Pingle
01:21 PM Bug #14022 (Resolved): PHP error when exporting a CRL for an old CA
Patch is present and working. I could replicate it before updating, but not after.
 Jim Pingle
12:58 PM pfSense Docs New Content #14309 (Closed): UDP Broadcast Relay package
MR merged. Jim Pingle
12:44 PM Revision e472f96d: Update method of finding rule labels. Fixes #14336
The way rule labels are returned from pfSense_get_pf_rules() changed, so
this code needs to follow the new format. Jim Pingle
12:21 PM pfSense Packages Feature #14314: Keep DDNS entries on config change
https://github.com/pfsense/FreeBSD-ports/pull/1256 Andreas Pross
11:38 AM Regression #14327 (Resolved): Gateway popup in firewall rule list does not indicate current gateway status
The patch fixes it. Thanks!
I am marking this one resolved. Danilo Zrenjanin
03:25 AM Bug #13423: IPv6 neighbor discovery protocol (NDP) fails in some cases
I am running into this issue on 23.05-BETA using vmx. It seems to be similar to this issue upstream given that the co... Marcos M

05/01/2023

10:04 PM pfSense Docs Todo #14207 (Confirmed): Rate limiting on Chelsio T4/5 NICs
This appears to affect current 2.7 and 23.05 snapshots.
The -SO hardware variants seem unaffected Steve Wheeler
09:37 PM Regression #14336 (Resolved): Firewall logs do not show the rule description
Tested in @23.05.b.20230428.2019@. It previously worked on @23.05.b.20230428.1452@.
Firewall log entries under @St... Marcos M
08:24 PM Bug #14178: Captive Portal Pass-through MAC Auto Entry registering MAC address for unauthenticated users when using Pass-through credits
Hello, Is it possible for someone to review and prioritize this issue? Dean Arnold
07:16 PM pfSense Plus Bug #13976: SNMP logs "Device not configured" error message when queries involve built-in switch port interfaces
It _looks_ like this would be a current equivalent change:... Jim Pingle
07:12 PM pfSense Plus Bug #13976: SNMP logs "Device not configured" error message when queries involve built-in switch port interfaces
The last time we fixed this appears to be in src commit b33b6cb8a704be9c4053ca4f050357cd9eb0a13d (Internal link: http... Jim Pingle
06:28 PM Bug #14335 (Resolved): Associated firewall rule for NAT port forward does not inherit ``nosync`` property, gets synchronized
If a user creates a port forward and checks the box to disable XMLRPC sync, this property is not copied to an automat... Jim Pingle
06:21 PM pfSense Plus Regression #14233 (Resolved): pfSense installer crashes on the 7100
This is fixed in current 23.05 snaps. The Apr 3rd snap panics at every boot, current snaps boot and install fine.
... Steve Wheeler
05:13 PM pfSense Plus Regression #14233: pfSense installer crashes on the 7100
was able to install to m.2 on 7100 using memstick-serial-23.05-DEVELOPMENT-amd64-20230427-0208.img without issue Jordan G
04:52 PM pfSense Plus Regression #14233: pfSense installer crashes on the 7100
Does this 7100 have any expansion cards in it?
M.2 or eMMC?
Does it happen with a more recent BETA snapshot?
 Jim Pingle
06:01 PM Bug #14022 (Feedback): PHP error when exporting a CRL for an old CA
Local patch added in ports repo commit @3d9792221fb093f50af07d46dd5c753807ecde1f@. Will be in the next snapshot.
 Jim Pingle
05:50 PM Bug #13911: Unnecessary delay when querying ``ixgbe(4)`` interfaces with SFP ports
The delay is still present in the driver but it's probably best if we look into the driver changes over a longer term... Jim Pingle
05:20 PM Regression #14316 (Feedback): Filter/NAT rules configured with "No XMLRPC Sync" enabled are still synchronized
Fixed in commit:0b612e5498164239ce431e0d61185c8af0627813
The syntax for @array_path_enabled()@ was missing the pat... Jim Pingle
05:19 PM Revision 0b612e54: Correct array_path_enabled syntax for nosync check. Fixes #14316
Jim Pingle
04:48 PM pfSense Plus Bug #13455: Serial console output fails to render properly in certain cases on 4100, 6100, and 8200.
Moving forward, still no leads on a cause here.
 Jim Pingle
04:03 PM pfSense Plus Regression #14320 (Resolved): ``ifconfig -a`` prints CARP information for interfaces that do not have CARP configured
This is fixed on current snapshots. CARP info is only printed for interfaces which actually contain CARP VIPs now.
 Jim Pingle
03:51 PM pfSense Plus Regression #14334 (Closed): 2100/1100 PCIe bus devices are not recognized
Copying from NG 9622 so it will get a release notes entry. This is already confirmed to be resolved on 23.05.
In 2... Jim Pingle
03:28 PM pfSense Packages Todo #14333 (New): Reduce config writes
When the service is started, multiple config writes are performed. System logs (reversed) show:... Marcos M
03:11 PM pfSense Docs Todo #14332 (Resolved): Remove Experimental Note on WireGuard Docs
Done: https://gitlab.netgate.com/docs/pfSense-docs/-/commit/a447f58d9485d6cd6d2cbe11602da401ffbc623f
That is on th... Jim Pingle
02:45 PM pfSense Docs Todo #14332 (Resolved): Remove Experimental Note on WireGuard Docs
Christian McDonald
03:11 PM Regression #14327 (Feedback): Gateway popup in firewall rule list does not indicate current gateway status
Fixed in commit:d357172cfcbc5def693a8948ba95b068bd5f4ab2 it will be in the next 23.05 snapshot.
The fix also applies... Jim Pingle
01:33 PM Regression #14327 (In Progress): Gateway popup in firewall rule list does not indicate current gateway status
This is actually a bug, not a missing feature. The gateway popup should be showing the gateway group status with the ... Jim Pingle
02:41 PM Revision d357172c: FW rule GW status popup improvements. Fixes #14327
* Fix status check to account for current gw status/substatus strings
* Include Tier for gateway groups
* Sort groups... Jim Pingle
02:28 PM Bug #14331 (New): rDNS for the Hostname IP is first DNS override rather than hostname
+Expected Function:+
Given that Hostname produces a typical local DNS entry for subnets, eg:
`local-data: "my.d... Pete Holzmann
01:10 PM Regression #14072: No working IPv6 gateway if upstream RA does not contain M or O flags because rtsold does not execute script
If it worked before but does not work on 23.01, then it probably does require forcing dhcp to launch when M/O are not... Jim Pingle
12:12 AM Regression #14072: No working IPv6 gateway if upstream RA does not contain M or O flags because rtsold does not execute script
This issue impacts Canadian Telus PureFibre [native IPv6 over fibre to the house] residential customers.
Telus imple... William Blew
01:06 PM Todo #13508: Uncouple RAM Disk size from available kernel memory
It should have rejected the change if there was not enough free memory. Unfortunately since the amount of memory in u... Jim Pingle
01:00 PM Bug #13915 (Resolved): PHP errors when re-running Traffic Shaper Wizards with different settings
Jim Pingle
12:40 PM pfSense Packages Bug #14330: Arpwatch - Cron "Broken pipe" Errors
Jim Pingle wrote in #note-1:
> Not a bug in arpwatch, it's from #14016 -- see that issue for details. There is a fix... James Blanton
12:28 PM pfSense Packages Bug #14330 (Rejected): Arpwatch - Cron "Broken pipe" Errors
Not a bug in arpwatch, it's from #14016 -- see that issue for details. There is a fix in the recommended patches area... Jim Pingle
12:26 PM pfSense Packages Bug #14330 (Rejected): Arpwatch - Cron "Broken pipe" Errors
I've got 11 XG-7100 1U's that I've upgraded to 23.01, all of which have Arpwatch installed. Since upgrading them, I'm... James Blanton
12:31 PM pfSense Docs Todo #14234 (Feedback): Update Packet Capture docs to reflect the new GUI
That revert was only on stable/dev. This feature is not in a release yet, so it's on the releng/23.05 branch, not sta... Jim Pingle
12:27 PM Regression #14322 (Resolved): CARP password is not being respected on 23.05 snapshots
Nodes are behaving properly on the current snapshot (23.05.b.20230501.0600) again, thanks!
* If I change the VIP pas... Jim Pingle
 

Also available in: Atom