Activity

30 days up to

User

Subprojects

Activity

From 05/11/2023 to 06/09/2023

06/09/2023

08:43 PM pfSense Docs Correction #14422 (New): Release Versions Supported Needs Updated: 22.05.1 & 22.05 are still marked as supported, but shouldn't be. They should also be moved from https://docs.netgate.... Christopher Cope
07:35 PM Feature #9545: Enable Multipath Routing in the Kernel: i do have a use case with 2x DIA circuits. Would love to test if possible. Mike Moore
05:51 PM Feature #9545: Enable Multipath Routing in the Kernel: Will it be enabled in any development snapshots maybe for 23.09 or made available sooner? Mike Moore
06:29 PM Bug #14466 (New): Log errors on new systems without a thoth chip: On new 1100s and 2100s without thoth chips the following error is being generated in the logs. Perhaps it should be h... Christopher Cope
06:03 PM pfSense Docs Correction #14465 (Closed): Move "Supported" Releases That Aren't Supported into Unsupported Category: Fixed and deployed.
https://gitlab.netgate.com/docs/pfSense-docs/-/commit/18a4244b96ec0f75442648a0fee790263484b2d0
Jim Pingle
04:25 PM pfSense Docs Correction #14465 (Closed): Move "Supported" Releases That Aren't Supported into Unsupported Category: Releases 22.01 and all of the 21.02.X releases on this page are under the "Supported" heading:
https://docs.netgate.... Kris Phillips
05:27 PM pfSense Packages Bug #14199 (Feedback): ACME - Issue with corrupted cert: Fixed in ACME pkg v0.7.4 Jim Pingle
05:10 PM pfSense Packages Bug #14199 (In Progress): ACME - Issue with corrupted cert: Jim Pingle
05:27 PM pfSense Packages Todo #9200 (Feedback): Add DNS support for Google domain to Acme manager: Added in ACME pkg v0.7.4 Jim Pingle
05:10 PM pfSense Packages Todo #9200 (In Progress): Add DNS support for Google domain to Acme manager: Jim Pingle
05:08 PM pfSense Packages Feature #13608 (Not a Bug): ACME Not Recognizing new .au domain on wildcard: There is *no special handling* of anything under "*.au" in this package or in @acme.sh@. Looking at the error in the ... Jim Pingle
01:16 PM pfSense Packages Feature #14464 (Duplicate): BGP ECMP: Duplicate of #9545
Jim Pingle
03:43 AM pfSense Packages Feature #14464 (Duplicate): BGP ECMP: Enable the ability to have bgp perform ECMP (multipath).
I see it as possible in the frr documentation. Would be gre... Mike Moore

06/08/2023

09:56 PM Bug #2218: CARP VIPs can become master too early at boot time: I had some stale edits in the commit referenced above, as of commit:5e92d678f642277642acb7f471cd430ed53aae16 these sh... Reid Linnemann
09:31 PM Revision 5e92d678: Fix references to 'disable_carp' introduced in 62fb07c816. #2218: The original commit had some lingering references to a function 'disable_carp'
that had been abandoned in favor of a ... Reid Linnemann
08:44 PM pfSense Packages Bug #14426: PHP errors in Lightsquid: 2100-MAX
Crash report begins. Anonymous machine information:
arm64
14.0-CURRENT
FreeBSD 14.0-CURRENT #1 plus... Jonathan Lee
06:12 PM pfSense Docs Todo #14449 (Feedback): Add info about crypto accelerator behavior when multiple options are enabled: Updates:
* https://gitlab.netgate.com/docs/pfSense-docs/-/commit/e2fe9ea936afad80d3bf63102f0712e15897831e
* https... Jim Pingle
05:36 PM pfSense Docs Todo #14449 (In Progress): Add info about crypto accelerator behavior when multiple options are enabled: Still needs some adjustment based on the latest performance data results.
See https://netgate.slack.com/archives/C... Jim Pingle
04:10 PM pfSense Docs Todo #14463 (Closed): The reference external port for LAN should be unset when adding OPT: When carrying out this procedure: https://docs.netgate.com/pfsense/en/latest/solutions/sg-1100/configuring-the-switch... Steve Wheeler
03:14 PM Feature #11302: WireGuard XMLRPC sync: We have recently switched our site-to-site links to WireGuard, and were disappointed to find that WireGuard settings ... Tanner Schultz
02:34 PM pfSense Plus Bug #14461: Uncaught TypeError after import alias: This site is not for support or diagnostic discussion.
For assistance in solving problems, please post on the "Net... Jim Pingle
02:22 PM pfSense Plus Bug #14461: Uncaught TypeError after import alias: Jim Pingle wrote in #note-1:
> Duplicate of #14412
>
> Already fixed and in system patches.
Oké but it complet... Marc Hagen
02:04 PM pfSense Plus Bug #14461 (Duplicate): Uncaught TypeError after import alias: Duplicate of #14412
Already fixed and in system patches. Jim Pingle
01:49 PM pfSense Plus Bug #14461 (Duplicate): Uncaught TypeError after import alias: /firewall_aliases_import.php?tab=ip
After importing a alias with the following info:
Name: RFC5771_Multicast
D... Marc Hagen
02:21 PM Bug #14462: Breadcrumb path missing on ``system_register.php``: I wanted to say, "At the *top* of the screen, there should be System/Register" Danilo Zrenjanin
02:20 PM Bug #14462 (Resolved): Breadcrumb path missing on ``system_register.php``: The path is missing. At the bottom of the screen, there should be *System/Register* Danilo Zrenjanin
12:37 PM pfSense Plus Bug #14329: DDNS IPv6 update PHP error: The solution might be as simple as : https://forum.netgate.com/topic/180552/23-05-uncaught-error-attempt-to-assign-pr... Gertjan KROEB
12:29 PM pfSense Packages Bug #14460: PHP Fatal error: Uncaught TypeError: Cannot access offset of type string on string in /usr/local/pkg/haproxy/haproxy.inc:2158: Here is the configuration that triggers PHP errors.... Danilo Zrenjanin
12:18 PM pfSense Packages Bug #14460: PHP Fatal error: Uncaught TypeError: Cannot access offset of type string on string in /usr/local/pkg/haproxy/haproxy.inc:2158: Here is the forum thread https://forum.netgate.com/post/1109155 Danilo Zrenjanin
11:31 AM pfSense Packages Bug #14460 (Resolved): PHP Fatal error: Uncaught TypeError: Cannot access offset of type string on string in /usr/local/pkg/haproxy/haproxy.inc:2158: ... Danilo Zrenjanin
07:16 AM Bug #14458 (Resolved): PHP error in IPsec tunnels list: I could reproduce the issue.... Danilo Zrenjanin
03:14 AM pfSense Plus Todo #14456 (Resolved): Update Ethernet rules Description field help text: Looks good. Marcos M
12:38 AM Regression #11570: Gateway monitoring services is not always restarted on interface events, which may prevent a WAN from recovering back to an online state: We have an office that uses Starlink (CGNAT DHCP IP) and a slow FWA (Public Static IP) connection as backup. If the o... LTC Tech

06/07/2023

08:28 PM Revision cb5e5b32: Update RELENG_2_7_0 from DEVELOPMENT to BETA: Glen Barber
05:43 PM Feature #14457 (Feedback): Support receiving ``EAPOL`` frames on VLAN ``0`` in ``wpa_supplicant``: Christian McDonald
04:55 PM Revision b17e7d94: Revert "Add net/dhcpcd to poudriere_bulk": This reverts commit 5c80b44d0aa294684f10c03f97b4b4793d4865dc. Christian McDonald
02:35 PM Bug #14458: PHP error in IPsec tunnels list: After applying the patch the PHP error has been resolved. Thanks for the quick fix. Steve Wilson
12:50 PM Bug #14458 (Feedback): PHP error in IPsec tunnels list: Applied in changeset commit:04a06f2c513052a0a7415b1853c97db3992fd3de. Jim Pingle
12:29 PM Bug #14458 (Confirmed): PHP error in IPsec tunnels list: That Phase 1 entry in the config is invalid, not sure where it came from. It's full of empty tags that aren't possibl... Jim Pingle
09:58 AM Bug #14458: PHP error in IPsec tunnels list: <ipsec>
<phase1>
<disabled></disabled>
<encryption>
<item>
<encryption-algorithm></encryption-... Steve Wilson
03:32 AM Bug #14458: PHP error in IPsec tunnels list: Would you provide the contents of the @<ipsec>@ section in @/conf/config.xml@ file? Make sure to redact any sensitive... Marcos M
12:51 AM Bug #14458 (Resolved): PHP error in IPsec tunnels list: The following PHP error is thrown when accessing the IPsec Tunnels page:
Crash report begins. Anonymous machine i... Steve Wilson
12:50 PM pfSense Plus Feature #14459 (Not a Bug): SNMP obsolete 32bit counters: If you use the appropriate high capacity (HC) OIDs for 64-bit counters they are there:... Jim Pingle
08:21 AM pfSense Plus Feature #14459 (Not a Bug): SNMP obsolete 32bit counters: Hi,
We have 10G interfaces and we are trying to monitor speed on them with SNMP. Values are stored in 32-bit count... Tomas Vecko
12:42 PM Revision 04a06f2c: Fix PHP error from invalid IPsec P1 config. Fixes #14458: Switch to PHP 8.x friendly functions to access multi-level array parts
since there is a chance they may be empty or p... Jim Pingle
11:53 AM Bug #14396 (Feedback): Reassembled packets received on a VTI are not forwarded: Jim Pingle
04:54 AM pfSense Packages Bug #14406: Squid Proxy version 0.4.46 Missing Error subfolder and files for "en" or "en-usa" and all other languages.: Jonathan Lee wrote in #note-5:
> Hi Marcos, I wanted to confirm that this issue was not present until inplace upgrad... Pete Wright

06/03/2023

10:57 PM Regression #12215: OpenVPN does not resync when running on a gateway group: seeing this with 23.05, OpenVPN using a gateway group as the interface won't failover unless dpinger is restarted, bu... Jordan G
10:25 PM pfSense Packages Bug #14406 (Confirmed): Squid Proxy version 0.4.46 Missing Error subfolder and files for "en" or "en-usa" and all other languages.: Can confirm on both a fresh installation of 23.05 with Squid 0.4.46, and one which was upgraded from 23.01 with Squid... Chris W
10:09 PM pfSense Packages Bug #14287: pfBlockerNG does not uninstall cleanly when using RAM disks: Loh Phat wrote in #note-10:
> No joy with the new 2.2.2 system patches:
>
> [...]
Please retest this on 23.05 ... Kris Phillips
10:01 PM Feature #14448: Support interface groups in firewall rule source/destination fields: You can select interface networks as a source/destination. It would be useful to be able to select an interface group... Chris M Scott
09:58 PM Feature #14448 (Resolved): Support interface groups in firewall rule source/destination fields: You can select interface networks as a source/destination. It would be useful to be able to select an interface group... Chris M Scott
09:59 PM pfSense Packages Bug #14108: Antivirus Bases showing outdated main.cvd with a version dated year 2021: Tested on 23.05-RELEASE and this issue is still present. Kris Phillips
09:56 PM pfSense Packages Bug #14021 (Not a Bug): Squid ClamAV showing bytecode errors for version 334: Closing as Not a Bug Kris Phillips
09:53 PM Bug #14425: "Max Processes" value is not stored properly when saving on ``system_advanced_admin.php``: Tested in 23.05 via System Patch. Max Processes variable is now properly updated and shows in the config and the web... Kris Phillips
08:55 PM pfSense Packages Feature #14447 (Resolved): Update haproxy from 2.6 to 2.8 lts: A few days ago, haproxy 2.8 was released. It is an LTS release with support until Q2 2028.
Its a pretty useful rel... Jens Frankfurter
08:06 PM pfSense Docs Todo #14207: Rate limiting on Chelsio T4/5 NICs: This should be added to the tuning documentation at https://docs.netgate.com/pfsense/en/latest/hardware/tune.html#che... Mike Schwier
07:59 PM pfSense Docs Todo #14207: Rate limiting on Chelsio T4/5 NICs: Confirmed this fixed the issue with a Chelsio T520-CR on 23.05 Mike Schwier
04:10 AM pfSense Docs Todo #14207: Rate limiting on Chelsio T4/5 NICs: Tested the fix posted above which fixed this issue. Bruce Talbot
08:03 PM pfSense Packages Feature #10818: UDP Broadcast Relay: installed the package on 2.7 and the service is working
2.7.0-DEVELOPMENT (amd64)
built on Fri May 26 06:04:59... Alhusein Zawi
06:05 PM Bug #14446 (Pull Request Review): PHP error in Captive Portal ``usedmacs`` handling: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/1042 Christopher Cope
04:47 PM Bug #14446: PHP error in Captive Portal ``usedmacs`` handling: I misread the code at first. It uses an or statement, so if $usedmacs is an array it tries to trim it and check if it... Christopher Cope
04:42 PM Bug #14446 (Resolved): PHP error in Captive Portal ``usedmacs`` handling: ... Christopher Cope
03:00 PM Feature #14265 (Pull Request Review): Option to invalidate GUI login session if the client address changes: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/1041 Christopher Cope
11:07 AM pfSense Packages Regression #14445 (Resolved): HAProxy PHP error /usr/local/www/haproxy/haproxy_global.php:138: On upgrade from 23.01 to 23.05... Lev Prokofev
07:14 AM Bug #14354: Outbound NAT rule input validation error when attempting to manually specify "Other Subnet" with a valid address: Update it produces the following error:... Lev Prokofev
06:46 AM Bug #14354: Outbound NAT rule input validation error when attempting to manually specify "Other Subnet" with a valid address: The patch is allowing to add a CIDR and seems doesn't affect anything at first glance. But I found the typo on the NA... Lev Prokofev
05:44 AM Feature #14444: Aliases options for custom OS fingerprints?: Location of current database in pfSense if you want to add any OS fingerprints to it
/etc/pf.os
Jonathan Lee
02:45 AM pfSense Packages Todo #9200: Add DNS support for Google domain to Acme manager: Upstream support has been merged and released: https://github.com/acmesh-official/acme.sh/pull/4542
There is a PR at... Jonathan Moscardini

06/02/2023

11:48 PM Feature #14444: Aliases options for custom OS fingerprints?: In theory we could just adapt an Access Control List to what ever Docker container OS fingerprint that needs to be bl... Jonathan Lee
11:44 PM Feature #14444: Aliases options for custom OS fingerprints?: Docker’s Kali Container is 4:42+22:0:1372:mss*20,7:mss,nop,nop,sok,nop,ws:df:0
Update the signature before is not ... Jonathan Lee
11:30 PM Feature #14444: Aliases options for custom OS fingerprints?: Did you know you can essentially adapt the old p0f.fp OS database in pfSense and use OS specific access control lists... Jonathan Lee
11:28 PM Feature #14444: Aliases options for custom OS fingerprints?: Docker’s Kali Container OS fingerprint is 4:64+0:0:1460:mss*44,7:mss,sok,ts,nop,ws:df,id+:0
Jonathan Lee
08:50 PM Feature #14444: Aliases options for custom OS fingerprints?: Example: Same laptop running Ubuntu with Docker installed
sudo apt install docker.io -y
sudo docker run -itd --rm... Jonathan Lee
03:01 PM Feature #14444: Aliases options for custom OS fingerprints?: I am aware that the current tool is outdated with the signatures with https://redmine.pfsense.org/issues/7260
This i... Jonathan Lee
02:59 PM Feature #14444 (New): Aliases options for custom OS fingerprints?: Idea for new feature, is there a way to add some custom fingerprints? I was able to find one manually but how can I a... Jonathan Lee
09:38 PM Bug #14396 (In Progress): Reassembled packets received on a VTI are not forwarded: Marcos M
03:55 PM Bug #14396: Reassembled packets received on a VTI are not forwarded: I believe I understand what's going on here, but Marcos will test my theories on his setup soon.
Basically, there'... Kristof Provost
09:11 PM pfSense Docs Todo #14207: Rate limiting on Chelsio T4/5 NICs: Anyone hitting this should try the loader variable: ... Steve Wheeler
09:03 PM Bug #14435: PHP error with limiters: System logs show:... Marcos M
08:29 PM Regression #14039 (Resolved): Limiters have no effect on upload traffic passed by policy routing rules: Tested fix - now works. Marcos M
03:07 PM Regression #14039 (Feedback): Limiters have no effect on upload traffic passed by policy routing rules: I've cherry picked this: ... Kristof Provost
02:55 PM Feature #7260: Source OS / p0f Database Missing Modern Operating Systems: Idea, is there a way to add some custom fingerprints? I was able to find one manually but how can I add it? Maybe jus... Jonathan Lee
02:29 PM pfSense Packages Bug #14405: PHP Crash report: It returned. Let me know what you need. Jens Kristensen
01:41 PM pfSense Packages Feature #9833: ACME: add ability to use custom ACME server: +1 here as well. I also have set up Step CA as an internal CA with ACME. I want to be able to set up a custom ACME se... Jeremy Reichman
05:18 AM pfSense Docs Todo #14443 (New): Feedback on Services — NTPD — NTP Server Configuration: *Page:* https://docs.netgate.com/pfsense/en/latest/services/ntpd/server.html
*Feedback:* Several settings availabl... Anthony S

06/01/2023

08:48 PM Feature #2983: DHCPD: Add vendor-class-identifier and MAC-OIDs: I have a similar requirement - assigning different pools to clients based on option 82 data. I think the most general... Matthew Kern
08:36 PM Bug #14331: rDNS for the Hostname IP is first DNS override rather than hostname: Danilo Zrenjanin wrote in #note-1:
> I couldn't reproduce it.
>
> A hostname defined under *System>General* is _p... Pete Holzmann
07:40 AM Bug #14331: rDNS for the Hostname IP is first DNS override rather than hostname: I couldn't reproduce it.
A hostname defined under *System>General* is _pftest2.ipbgd.office_
I made a host over... Danilo Zrenjanin
06:11 PM pfSense Docs Correction #14442: VPN scaling section needs some corrections according to the performance comparing to OpenVPN with DCO: ... Danilo Zrenjanin
05:55 PM pfSense Docs Correction #14442: VPN scaling section needs some corrections according to the performance comparing to OpenVPN with DCO: ... Danilo Zrenjanin
05:41 PM pfSense Docs Correction #14442 (Closed): VPN scaling section needs some corrections according to the performance comparing to OpenVPN with DCO: https://docs.netgate.com/pfsense/en/latest/vpn/performance.html#use-data-channel-offload-plus-only ... Danilo Zrenjanin
12:00 PM pfSense Packages Regression #14441 (New): Zabbix Proxy package version 6.0.15 doesn't work in 23.05: All the items in the package are impacted.
It seems to be a regression. It worked fine in the 23.01 Danilo Zrenjanin
10:36 AM Regression #14412 (Resolved): PHP error when attempting to bulk import Alias content: I replicated the issue on the:... Danilo Zrenjanin
09:30 AM Bug #13961 (Confirmed): Virtual IP address input validation does not check for overlap with DHCP address ranges: I've just confirmed the described behavior.
Tested against:... Danilo Zrenjanin
08:01 AM Bug #14373: System crashes or may become unresponsive with Captive Portal: yeah, just as a reminder:
Captive Portal started crashing on our sites with 22.05 already. We waited eagerly for two... Gerhard Gröschl

05/31/2023

10:59 PM pfSense Plus Bug #14440 (Closed): Firewall rule traffic counters show invalid values on 32bit platforms: The traffic counters shown on firewall rules on the 3100 are limited to the 32bit integer maximum of 2,147,483,647 by... Steve Wheeler
03:11 PM Bug #14435: PHP error with limiters: If there is an existing limiter named 'new' the GUI doesn't allow adding a new Limiter. Instead, it opens the page fo... Danilo Zrenjanin
01:57 PM Regression #14431: Sending IPv6 traffic on a disabled interface can trigger a kernel panic: ***PPPoE reconnection WITHOUT triggering a pfSense Crash***
From the 2am time slot this looks like an ISP-triggered ... Rob A
12:27 PM pfSense Packages Bug #14438 (Not a Bug): The db5 port currently does not have a maintainer: That is a message from the FreeBSD ports system about the state of that dependency port in the FreeBSD ports system. ... Jim Pingle
01:22 AM pfSense Packages Bug #14438 (Not a Bug): The db5 port currently does not have a maintainer: When reinstalling or installing Squidguard URL blocker I just started to see this today. Is this of concern for using... Jonathan Lee
12:22 PM pfSense Plus Bug #14439 (Not a Bug): Upgrade from 23.01 > 23.05 throws Undefined Constant IFF_PPROMISC: That constant is registered by the pfSense PHP module. If it's not there, some component(s) of your system did not up... Jim Pingle
09:33 AM pfSense Plus Bug #14439 (Not a Bug): Upgrade from 23.01 > 23.05 throws Undefined Constant IFF_PPROMISC: Running N5105 Topton router w/ i226v interfaces.
I just rebuilt my PFSense box from running Proxmox to a bare meta... Ryan Meskill
03:19 AM Bug #14396 (Confirmed): Reassembled packets received on a VTI are not forwarded: I was able to reproduce this on 23.01.
All VTI have an MTU of 1446 and the rest have an MTU of 1500. Topology:... Marcos M
01:53 AM pfSense Packages Regression #13984: PHP errors with squid: If this is fixed can this be closed?
Jonathan Lee

05/30/2023

11:56 PM Regression #14039 (In Progress): Limiters have no effect on upload traffic passed by policy routing rules: Marcos M
11:05 PM Feature #9156: OpenVPN: Add tickbox for 'nopool' directive: Orion Poplawski wrote in #note-3:
> This would be very nice to have.
I would like this as well. After upgrading to 2... Craig Leres
06:45 PM Feature #14437 (Pull Request Review): Add DynDNS Provider - Hetzner: please add hetzner as a dyndns provider because hetzner does not officially support dyndns, you would have to do it v... Denis Billmeier
05:04 PM Bug #14435 (Feedback): PHP error with limiters: I cannot reproduce this on a clean install either by creating a new limiter or creating a second limiter. The VM had ... Jim Pingle
04:25 PM Bug #14435 (Incomplete): PHP error with limiters: On 23.05:
> trying to create a traffic shaper in the limiter tab after putting the value and saving the changes I ge... Marcos M
04:26 PM pfSense Plus Regression #14436 (Closed): Upgrades from 23.05-RC/beta/dev fail server authentication: Upgrades from earlier 23.05 versions can fail due to the configured branch no longer existing and server cert from th... Steve Wheeler
02:00 PM Bug #14425 (Feedback): "Max Processes" value is not stored properly when saving on ``system_advanced_admin.php``: Applied in changeset commit:073a6baceffc4a363eac9369cc036fc7b19b919e. Jim Pingle
01:46 PM Bug #14425: "Max Processes" value is not stored properly when saving on ``system_advanced_admin.php``: This isn't Plus-specific. Also it appears to stay when saving but reverts when refreshing the page. If the value is n... Jim Pingle
01:55 PM Bug #14434 (Feedback): PPPoE WAN interface with VIPs causes continuous interface restarting: I have a /28 routable legacy IP block from the ISP, and they assign the first usable address of the /28 block as a /3... Bert Smith
01:51 PM Revision 073a6bac: Fix mac_procs incorrect references. Fixes #14425: Jim Pingle
01:02 PM Regression #14431: Sending IPv6 traffic on a disabled interface can trigger a kernel panic: Kristof Provost wrote in #note-4:
> The addresses in both the ip6_output() and in6_selecthlim() panics suggest that ... Mateusz Guzik
10:50 AM Regression #14431: Sending IPv6 traffic on a disabled interface can trigger a kernel panic: This may or may not be irrelevant to the underlying fault but combing through other logs I can multiple WAN PPPoE con... Rob A
10:30 AM Regression #14431: Sending IPv6 traffic on a disabled interface can trigger a kernel panic: Mateusz Guzik wrote in #note-3:
> All the above crashes are in ipv6 code, most likely racing against an interface an... Rob A
09:14 AM Regression #14431: Sending IPv6 traffic on a disabled interface can trigger a kernel panic: I should add that I've been running iperf3 on the pfsense device. The backtraces show locally originated traffic, so ... Kristof Provost
08:57 AM Regression #14431: Sending IPv6 traffic on a disabled interface can trigger a kernel panic: The addresses in both the ip6_output() and in6_selecthlim() panics suggest that fib6_lookup() returned an nhop_object... Kristof Provost
12:50 PM pfSense Packages Todo #9200: Add DNS support for Google domain to Acme manager: Nathan Stansell wrote in #note-11:
> Can this be reopened as google now has api access?
> https://domains.google/le... Jim Pingle
12:49 PM pfSense Packages Bug #14369 (Closed): DNSBL Parsing error when DNSBL Mode "Unbound python mode".: Jim Pingle
12:29 PM Bug #14432 (Incomplete): PHP error when failing to write ``config.cache``: We need a better idea of how to reproduce this. The backtrace is similar to #14061 but that file referenced here -- "... Jim Pingle
12:12 AM Bug #14432 (Resolved): PHP error when failing to write ``config.cache``: On 23.05, the following PHP errors can be triggered:... Marcos M
12:18 PM pfSense Packages Feature #14101: Add Zabbix 6.4 packages: Zabbix 6.2 is not supported anymore... So can you add FreshPort 6.4 packages ? Stephane HOFMAN
08:14 AM Bug #14396: Reassembled packets received on a VTI are not forwarded: We are scrambling a bit to at least find a workaround here. Unfortunately, disabling PF Scrub is not a viable work-ar... Christopher de Haas
02:50 AM Bug #14433 (Resolved): Panic when changing the parent of a VLAN interface used by limiters: Tested in 23.05:
# Assign a VLAN interface @vmx0.99@
# Use the interface with limiters (WF2Q+ pipe with Tail Drop q... Marcos M
01:46 AM Regression #14410: Behavior of ``earlyshellcmd`` changed, ``ngeth`` interfaces cannot be initiated early enough to pass assignment check: I have now added ngeth interfaces to the list of ignored prefixes.
I will continue to investigate this regression. Christian McDonald
01:45 AM Revision c13bf6d4: Ignore ngeth and wg interfaces when performing interface mismatch detection. For #14410: Christian McDonald

05/29/2023

09:10 PM Regression #14431: Sending IPv6 traffic on a disabled interface can trigger a kernel panic: All the above crashes are in ipv6 code, most likely racing against an interface and/or address removal.
Given your d... Mateusz Guzik
07:14 PM Regression #14431: Sending IPv6 traffic on a disabled interface can trigger a kernel panic: To add additional context that may aid in diagnostics:
* The issue presents with any change in WAN interface status ... Rob A
02:41 PM Regression #14431 (Resolved): Sending IPv6 traffic on a disabled interface can trigger a kernel panic: This issue was hidden by https://redmine.pfsense.org/issues/14164 but now that is solved in 23.05 is being seen.
<... Steve Wheeler
05:11 PM Feature #7260: Source OS / p0f Database Missing Modern Operating Systems: running p0f -i (intrface)
Example 4:63+1:0:1460:65228,7:mss,nop,ws,sok,ts: :0
this is freeBSD 13.12
The databa... Jonathan Lee
06:55 AM Feature #7260: Source OS / p0f Database Missing Modern Operating Systems: I have attached the current signature database that is being used by 23.05:
;
; p0f - fingerprint database
; -----... Jonathan Lee
02:42 PM Regression #14164 (Resolved): IPv6 interface configuration race condition can lead to kernel panic: Split to: https://redmine.pfsense.org/issues/14431 Steve Wheeler
02:25 PM Regression #14164: IPv6 interface configuration race condition can lead to kernel panic: As Kristof said this is a *different* bug in ipv6 handling.
As such please open a new redmine with the new traces ... Mateusz Guzik
10:26 AM Regression #14164: IPv6 interface configuration race condition can lead to kernel panic: Two more backtraces, should they offer any more insight:... Rob A
07:29 AM Regression #14164: IPv6 interface configuration race condition can lead to kernel panic: I've not yet been able to reproduce this, but it looks like the issue in comment 9 and 10 is that we're trying to sen... Kristof Provost
12:49 AM Regression #14164 (Incomplete): IPv6 interface configuration race condition can lead to kernel panic: It can also show as:... Steve Wheeler
11:07 AM pfSense Packages Bug #14369: DNSBL Parsing error when DNSBL Mode "Unbound python mode".: It seems to be fixed in 23.05. Please close or delete it. Thank you. Jens Kristensen
06:45 AM Regression #14410: Behavior of ``earlyshellcmd`` changed, ``ngeth`` interfaces cannot be initiated early enough to pass assignment check: I'm also having this issue with the most recent upgrade. I switched to the new GUI supported 802.1x forwarding method... Hayden Hill

05/28/2023

11:12 PM pfSense Packages Todo #9200: Add DNS support for Google domain to Acme manager: Can this be reopened as google now has api access?
https://domains.google/learn/gts-acme/ Nathan Stansell
04:28 PM Regression #14164: IPv6 interface configuration race condition can lead to kernel panic: Failure condition is still present on 23.05 Release.
Re-configuring an interface, ISP induced WAN link down/up or si... Rob A
02:28 PM Feature #14430 (Not a Bug): Post-quantum cryptography in pfSense(+): We plan on moving to OpenSSL 3.x once it's integrated into FreeBSD base, which is already in the works for FreeBSD 14... Jim Pingle
12:42 PM Feature #14430 (Not a Bug): Post-quantum cryptography in pfSense(+): Hello,
As you likely know very well OpenSSL 1.1.1 will hit end of life support on 11th Sept 2023. (To my knowledge... Pawel Piaskowy
11:29 AM Regression #14374: Static ARP entries are not configured at boot: I've tested on 23.05... aleksei prokofiev
07:53 AM pfSense Packages Bug #14427: LLDPD & LADVD permissions with RAM Disks: Jordan Greene wrote:
> LLDPD cannot enable agent-x support with RAM Disks enabled
>
> @May 27 10:55:19 lldpd 38... Grzegorz Krzystek
02:56 AM pfSense Packages Bug #14426: PHP errors in Lightsquid: Unable to reproduce on amd64 on 23.05-RELEASE. Possibly an aarch64/ARM only problem. Kris Phillips
02:33 AM pfSense Plus Bug #14401: Changing from Switchport to Discrete Interface in VGA/Serial Console Breaks Port Status Monitoring: Tested this on 23.05-RELEASE and it's still present in the release version like the RC. Kris Phillips
02:32 AM Bug #14417: System Information widget does not properly form list of active hardware crypto algorithms: I tested this with IPSec-MB and QAT enabled and AES-NI disabled. Issue was not present, so this appears to just be t... Kris Phillips
02:21 AM pfSense Packages Bug #14429 (New): Wireguard - Tunnel Will Never Handshake Again After WAN PPPoE Reset: Looking through the wireguard issues this one is the one that best describes the problem.
https://redmine.pfsense.o... mrpops2ko .
02:17 AM Bug #14425: "Max Processes" value is not stored properly when saving on ``system_advanced_admin.php``: Confirmed able to recreate this in 23.05-RELEASE. The <max_procs> value is not updated in the config.xml either. Kris Phillips
02:13 AM pfSense Packages Bug #14369 (Incomplete): DNSBL Parsing error when DNSBL Mode "Unbound python mode".: Also not able to recreate this issue on 23.05-RELEASE still, just like the RC. If you can reproduce this please let ... Kris Phillips
02:11 AM pfSense Packages Bug #14428 (Not a Bug): re-open existing bug: That would be a different issue, most likely. Similar, but not identical. Create a new issue and reference the old one. Jim Pingle
02:06 AM pfSense Packages Bug #14428 (Not a Bug): re-open existing bug: what is the process for reopening an existing 'fixed' bug? specifically https://redmine.pfsense.org/issues/12808 this... mrpops2ko .
12:16 AM pfSense Plus Regression #14137: pfSense Plus Upgrade repo data remains on the system after upgradng: I'm still seeing issues; if I try changing branch both base systems stay on 23.05, with branch set to 23.05 I get an ... Jordan G

05/27/2023

08:54 PM pfSense Packages Bug #14427 (Resolved): LLDPD & LADVD permissions with RAM Disks: LLDPD cannot enable agent-x support with RAM Disks enabled
@May 27 10:55:19 lldpd 3881 Warning: Failed to conne... Jordan G
06:36 PM Feature #2479: Allow reordering of the traffic graphs on the dashboard: I would also like to have this feature added. Maxime Haché
05:47 PM pfSense Packages Bug #14426 (Resolved): PHP errors in Lightsquid: PHP errors
PHP ERROR: Type: 1, File: /usr/local/www/sqstat/sqstat.php, Line: 137, Message: Uncaught TypeError: Canno... Jonathan Lee
04:38 PM pfSense Packages Bug #12338 (Resolved): RRD Summary does not report data on 3100: Jim Pingle
06:26 AM pfSense Packages Bug #12338: RRD Summary does not report data on 3100: I see that it finally got fixed in version 23.05 on my 3100 box. Mihai B
02:58 PM Bug #14425 (Resolved): "Max Processes" value is not stored properly when saving on ``system_advanced_admin.php``: When instance was on 23.01, went to
system_advanced_admin.php and bumped maxprocesses for the web configurator to 4... M Felden
04:08 AM Regression #14424 (Duplicate): filter.inc typo causing rule errors on upgrade.: Duplicate of #14415 Jim Pingle
03:19 AM Regression #14424 (Duplicate): filter.inc typo causing rule errors on upgrade.: Since upgrading to version 23.01 I've been plagued by a typo in /etc/inc/filter.inc that causes the following error e... Mike Wright

05/26/2023

11:00 PM Bug #14373: System crashes or may become unresponsive with Captive Portal: So long story short: 23.05 is another release that's broken at kernel level? 23.01 was the one with the IPv6 crashes,... Flole Systems
10:19 PM pfSense Packages Feature #14423 (New): haproxy 2.7 QUIC support (+ maybe LUA 5.4?): Hello,
I appreciate all pfSense+ updates and efforts Team is doing (I am relatively new user, but I am advocating ... Pawel Piaskowy
08:29 PM pfSense Packages Bug #12338: RRD Summary does not report data on 3100: Flole Systems wrote in #note-8:
> There was another bug that was caused when the locale was changed as rrdtool used ... Jim Pingle
08:20 PM pfSense Packages Bug #12338: RRD Summary does not report data on 3100: There was another bug that was caused when the locale was changed as rrdtool used the wrong decimal separator and PHP... Flole Systems
05:26 PM pfSense Packages Bug #12338 (Feedback): RRD Summary does not report data on 3100: Fixed in version 2.2 of the package: https://github.com/pfsense/FreeBSD-ports/commit/961bbfe5878928af449b4b91f1e486f8... Jim Pingle
05:19 PM pfSense Packages Bug #12338 (In Progress): RRD Summary does not report data on 3100: After some more digging I found that this isn't related directly to Unix timestamps yet but to rrdtool on ARM. For so... Jim Pingle
06:23 PM pfSense Docs Correction #14422 (Closed): Release Versions Supported Needs Updated: Already done before this was put in.
Jim Pingle
06:21 PM pfSense Docs Correction #14422 (Closed): Release Versions Supported Needs Updated: https://docs.netgate.com/pfsense/en/latest/releases/versions.html
* 23.05 isn't marked as released or supported ye... Christopher Cope
04:38 PM pfSense Packages Bug #13811: Youtube content getting filtered on Squid when none is Selected: https://github.com/pfsense/FreeBSD-ports/pull/1266
Submitted new Pull this is still present in 23.05 Jonathan Lee
12:55 PM Regression #14415 (Resolved): Enable IPv6 over IPv4 tunneling option results in invalid PF rule: Jim Pingle
12:51 PM Regression #14415: Enable IPv6 over IPv4 tunneling option results in invalid PF rule: Tested the patch on the:... Danilo Zrenjanin
12:23 PM Feature #8958: Dynamic DNS - CARP Address: This site is not for support or diagnostic discussion.
For assistance in solving problems, please post on the "Net... Jim Pingle
12:17 PM Feature #8958: Dynamic DNS - CARP Address: Hi Jim. Sorry for bumping this up, but the current implementation still lacks of this functionality and does not allo... Alex Kolesnik
12:21 PM Bug #14421: OPT interfaces randomly reassign NICs on reboot when virtualised instances used: There is also a known issue with ESX and >4 NICs where the hypervisor maps the NICs weirdly:
* NIC 1
* NIC 5
* N... Jim Pingle
02:16 AM Bug #14421 (Rejected): OPT interfaces randomly reassign NICs on reboot when virtualised instances used: As is, this is likely to be an environment-specific issue and more direct evidence would be needed before it's consid... Marcos M
01:34 AM Bug #14421 (Rejected): OPT interfaces randomly reassign NICs on reboot when virtualised instances used: Hi,
I've had this issue with all (20+) of my instances virtualised under VMware ESXi (all flavours). I don't know w... Michael Knowles
12:04 PM Regression #14374: Static ARP entries are not configured at boot: I also have re-experienced the arp entry disappearing with static arp after being in-active for less than a week. Jeff Kuehl
10:34 AM Regression #14374 (Confirmed): Static ARP entries are not configured at boot: I was able to replicate the issue. After reboot, the arp entry didn't stay in the permanent status.
Tested on the:... Danilo Zrenjanin
12:03 PM pfSense Packages Regression #14418: RRD Summary prints zero in all data fields: Denny Page wrote in #note-2:
> The epoch issue appears to be a perverse and long standing (for rrdtool) issue:
>
... Jim Pingle
05:46 AM pfSense Packages Regression #14418: RRD Summary prints zero in all data fields: The epoch issue appears to be a perverse and long standing (for rrdtool) issue:
https://github.com/oetiker/rrdtool... Denny Page
11:59 AM pfSense Packages Bug #14407 (Resolved): pfSense-pkg-syslog-ng package error: Jim Pingle
09:20 AM pfSense Packages Bug #14407: pfSense-pkg-syslog-ng package error: Can confirm it working properly on
... Lev Prokofev
08:50 AM pfSense Packages Bug #14407: pfSense-pkg-syslog-ng package error: It is fixed now and the service is working properly. Kaan Kayan
11:54 AM pfSense Packages Regression #14389 (Resolved): syslog-ng cannot save config: Tested the package version 1.16.
Config modifications were successfully saved.
I am marking this ticket resolved. Danilo Zrenjanin
07:02 AM Bug #13498: Newer variant models within the PC Engines APU2 platform are not recognized, causing garbled early serial console output: Is there anything more you need from me in order to merge this patch? It looks like the 2.7 release is coming soon, ... Brett Keller

05/25/2023

10:23 PM pfSense Packages Bug #14405: PHP Crash report: Will do. Thanks. Jens Kristensen
08:36 PM Feature #7260: Source OS / p0f Database Missing Modern Operating Systems: Does anyone know if we can add the most often used OS into this line Mac, Windows 10 and 11 based on NMAPs signatures... Jonathan Lee
07:53 PM Bug #14420 (Duplicate): Firewall Rule ACL Source OS missing current Software versions: Duplicate of #7260 -- We know it's out of date but there isn't any update upstream either. It seems to be abandoned. Jim Pingle
07:39 PM Bug #14420 (Duplicate): Firewall Rule ACL Source OS missing current Software versions: Hello, I have just noticed that the Firewall ACL Rules do not include any updated OS versions. No smartphones and or ... Jonathan Lee
07:33 PM pfSense Packages Regression #14418 (Feedback): RRD Summary prints zero in all data fields: Fixed in version 2.1 of the package: https://github.com/pfsense/FreeBSD-ports/commit/0049587898b2c192d95b2d1359941daf... Jim Pingle
06:26 PM pfSense Packages Regression #14418 (Resolved): RRD Summary prints zero in all data fields: When RRD Summary tries to fetch data for specific time ranges, the commands it runs fail.
For example it tries to ... Jim Pingle
07:24 PM pfSense Packages Bug #12338: RRD Summary does not report data on 3100: This is because the 3100 is armv7 which is a 32-bit platform and there are some issues with Unix timestamps on there ... Jim Pingle
06:32 PM pfSense Packages Bug #14419 (Closed): PHP error when trying to access pfBlockerNG configuration: ... Marcos M
06:27 PM pfSense Packages Bug #14326 (Rejected): RRD Summary 2.0_2 is not showing any data: I can't reproduce this here but given that the interface name you show is printed in lower case I'm guessing it was m... Jim Pingle
05:48 PM pfSense Packages Feature #12502 (Feedback): Option to include Syslog-ng Configuration Library (scl): Implemented in pkg version 1.16: https://github.com/pfsense/FreeBSD-ports/commit/d848b6da1957d728a867b9010ed3795d946b... Jim Pingle
05:04 PM pfSense Packages Feature #12502 (In Progress): Option to include Syslog-ng Configuration Library (scl): Jim Pingle
05:48 PM pfSense Packages Regression #14389 (Feedback): syslog-ng cannot save config: Fixed in pkg version 1.16: https://github.com/pfsense/FreeBSD-ports/commit/d848b6da1957d728a867b9010ed3795d946b68c4 Jim Pingle
05:03 PM pfSense Packages Regression #14389 (In Progress): syslog-ng cannot save config: Jim Pingle
04:43 PM pfSense Packages Regression #14389: syslog-ng cannot save config: I can reproduce it here on a clean install.
Better format of the error message:... Jim Pingle
05:48 PM pfSense Packages Bug #14407 (Feedback): pfSense-pkg-syslog-ng package error: Fixed in pkg version 1.16: https://github.com/pfsense/FreeBSD-ports/commit/d848b6da1957d728a867b9010ed3795d946b68c4 Jim Pingle
05:04 PM pfSense Packages Bug #14407 (In Progress): pfSense-pkg-syslog-ng package error: Jim Pingle
05:31 PM Bug #14417 (Resolved): System Information widget does not properly form list of active hardware crypto algorithms: The System Information widget fails to display support for crypto algorithms if the algorithm is available both in ... Patrik Stahlman
05:09 PM Regression #14410: Behavior of ``earlyshellcmd`` changed, ``ngeth`` interfaces cannot be initiated early enough to pass assignment check: Adding ngeth to the 'do not check' list doesn't seem like a bad option. That is always a virtual interface. Steve Wheeler
04:59 PM pfSense Packages Bug #8295 (Closed): syslog-ng logrotates tls files: This is quite old and the regex has changed since this was put in. No recent complaints/updates. Closing. Jim Pingle
04:56 PM pfSense Packages Bug #8229 (Closed): syslog-ng stops parsing logs after logrotate run: Very old report and no recent updates, lots of changes since then. If you can reproduce it on a current version, plea... Jim Pingle
04:55 PM pfSense Packages Bug #8180 (Closed): syslog-ng default log file: This appears to be working on the current package, I see it setup logrotate with a config file and cron job. It was l... Jim Pingle
04:53 PM pfSense Packages Bug #8705 (Closed): Syslog-NG error in latest snapshot: Probably similar to #14389 but this is so old and lacks detail it's hard to say. Jim Pingle
04:02 PM pfSense Packages Regression #14024 (Feedback): PHP error in HAProxy Widget with Show Client Traffic enabled: Pushed a fix for the widget error and also fixed some broken logic in the widget that was working by accident. New ve... Jim Pingle
03:51 PM pfSense Packages Regression #14024 (In Progress): PHP error in HAProxy Widget with Show Client Traffic enabled: Jim Pingle
03:25 PM Bug #14416 (Resolved): Update Suricata binary package build OPTION knobs for NETMAP to reflect recent upstream change.: Jim Pingle
03:09 PM Bug #14416: Update Suricata binary package build OPTION knobs for NETMAP to reflect recent upstream change.: The pull request has been merged. This issue can be marked RESOLVED. Bill Meeks
02:44 PM Bug #14416: Update Suricata binary package build OPTION knobs for NETMAP to reflect recent upstream change.: Assign this one to me (Bill Meeks). I have a pull request ready to provide the fix. Bill Meeks
02:43 PM Bug #14416 (Resolved): Update Suricata binary package build OPTION knobs for NETMAP to reflect recent upstream change.: Recent updates in FreeBSD ports upstream require a small change to the syntax of the NETMAP and NETMAP_V14 build OPTI... Bill Meeks
03:00 PM Revision 881fa564: Merge pull request #4641 from bmeeks8/suricata_build_OPTION_knob_update: Jim Pingle
02:38 PM pfSense Plus Regression #14137: pfSense Plus Upgrade repo data remains on the system after upgradng: Moving ahead. If it's actually done we can close it on 23.05, but if there is more to do, it'll marked as 23.09 Jim Pingle
02:25 PM Regression #14415 (Feedback): Enable IPv6 over IPv4 tunneling option results in invalid PF rule: Applied in changeset commit:ea79a4fe5707898fff89e80d7252e5c84fca7dd4. Jim Pingle
02:18 PM Regression #14415 (Resolved): Enable IPv6 over IPv4 tunneling option results in invalid PF rule: Enabling "Enable IPv6 over IPv4 tunneling" on @system_advanced_network.php@ results in an invalid pf rule, leading to... Jim Pingle
02:18 PM Revision ea79a4fe: Correct 6o4 addr variable name. Fixes #14415: Jim Pingle
02:15 PM Revision 00b2bc29: Update Suricata binary build OPTION knob settings for NETMAP.: Bill Meeks
12:12 PM Bug #14414 (Duplicate): Diagnostics activité system (French language setup) don't work: Unable to gather system activity (1). The command top -aSH give invalid locale.: Duplicate of #13776 Jim Pingle
03:28 AM Bug #14414 (Duplicate): Diagnostics activité system (French language setup) don't work: Unable to gather system activity (1). The command top -aSH give invalid locale.: Diagnostics activité system (French language setup) don't work: Unable to gather system activity (1). The command t... Claude Lapointe
10:15 AM pfSense Packages Bug #14199: ACME - Issue with corrupted cert: Problem continues after update to 23.05 Juan Francisco Rodriguez Garcia

05/24/2023

06:37 PM pfSense Packages Bug #14413 (Duplicate): After upgrade to 23.05 RELEASE, Syslog-NG won't start: Duplicate of #14389 Jim Pingle
06:08 PM pfSense Packages Bug #14413 (Duplicate): After upgrade to 23.05 RELEASE, Syslog-NG won't start: Low priority for me, but thought I'd mention. Cannot start manually, un/reinstalled no difference.
Running *servic... Richard Rovelstad
06:08 PM Feature #14408: Include ``ixv`` in ALTQ capable NIC list: That's good enough to list it, I'd say.
If it were not supported it wouldn't have even loaded the new ruleset, let... Jim Pingle
06:07 PM Feature #14408 (New): Include ``ixv`` in ALTQ capable NIC list: Jim Pingle
05:58 PM Feature #14408: Include ``ixv`` in ALTQ capable NIC list: ok did some testing but as my setup is quite complex it would be good to have someone else test too.
i can confir... mrpops2ko .
02:47 PM Feature #14408: Include ``ixv`` in ALTQ capable NIC list: OK, for 23.05 the diff would be:... Jim Pingle
02:45 PM Feature #14408: Include ``ixv`` in ALTQ capable NIC list: manually editing it results in it now being visible
!https://gyazo.com/4d35846ac9973a0c317543bfd371e3f3.png!
i wi... mrpops2ko .
02:39 PM Feature #14408: Include ``ixv`` in ALTQ capable NIC list: 23.05-RELEASE (amd64)
mrpops2ko .
02:37 PM Feature #14408: Include ``ixv`` in ALTQ capable NIC list: What version are you running? That diff was against the master branch of CE so it may be different. You can make the ... Jim Pingle
02:16 PM Feature #14408: Include ``ixv`` in ALTQ capable NIC list: /usr/bin/patch --directory='/' -t --strip '2' -i '/var/patches/646e1ad314998.patch' --check --forward --ignore-white... mrpops2ko .
12:35 PM Feature #14408: Include ``ixv`` in ALTQ capable NIC list: pops pops wrote in #note-1:
> I'm assuming a quick and dirty resolution would be to just vlan tag my LAN traffic too... Jim Pingle
12:34 PM Feature #14408 (Feedback): Include ``ixv`` in ALTQ capable NIC list: For ATLQ to be offered on that NIC, it must be listed as being ALTQ capable in source:src/etc/inc/interfaces.inc#L682... Jim Pingle
03:39 PM Regression #14410: Behavior of ``earlyshellcmd`` changed, ``ngeth`` interfaces cannot be initiated early enough to pass assignment check: Thanks for the quick response, Christian. That makes complete sense to me. This makes me wonder if it's possible to u... Taylor Jasko
02:21 PM Regression #14410: Behavior of ``earlyshellcmd`` changed, ``ngeth`` interfaces cannot be initiated early enough to pass assignment check: The reason for this change is due to how WireGuard tunnels are created via early shell commands and the new cryptogra... Christian McDonald
01:27 AM Regression #14410 (Resolved): Behavior of ``earlyshellcmd`` changed, ``ngeth`` interfaces cannot be initiated early enough to pass assignment check: In pfSense Plus 23.01, I was leveraging "earlyshellcmd":https://docs.netgate.com/pfsense/en/latest/development/boot-c... Taylor Jasko
01:15 PM Regression #14412 (Feedback): PHP error when attempting to bulk import Alias content: Applied in changeset commit:217f42ec30a4008907ac6fbb65b7b2e0ebf51eb9. Jim Pingle
01:04 PM Regression #14412: PHP error when attempting to bulk import Alias content: Looks like it was broken during a recent bulk refactor in commit:29cd08ea0da6246ad416e33b3788c05c0b0a5172, fix is ver... Jim Pingle
12:56 PM Regression #14412 (Resolved): PHP error when attempting to bulk import Alias content: Saving after attempting bulk import of a new alias on @firewall_aliases_import.php@ results in the alias configuratio... Jim Pingle
01:05 PM Revision 217f42ec: Correct alias bulk import regression. Fixes #14412: While here, ensure that a broken alias configuration does not cause PHP
errors which prevent users from using the GUI... Jim Pingle
12:24 PM pfSense Packages Bug #14411 (Duplicate): syslog-ng cannot start on 23.05: The error in that thread already has an open issue: #14389 Jim Pingle
06:17 AM pfSense Packages Bug #14411 (Duplicate): syslog-ng cannot start on 23.05: Syslog-ng can no longer start after upgrading to 23.05. It throws a parsing error that seems to relate to faylt gener... Tue Madsen
01:13 AM pfSense Packages Bug #14409: pfBlockerNG Cron Redundantly Updates pfSense Configuration When DNSBL is Disabled Due to Faulty Virtual IP Count: Another quirk seems to be that there is some other bug that writes to config on cron until you toggle some DNSBL sett... LTC Tech
12:15 AM pfSense Packages Bug #14409 (Feedback): pfBlockerNG Cron Redundantly Updates pfSense Configuration When DNSBL is Disabled Due to Faulty Virtual IP Count: pfBlockerNG: 3.2.0_4
pfSense Plus: 23.01
Related forum post:
https://forum.netgate.com/topic/174231/pfblockerng-... LTC Tech

05/23/2023

09:52 PM Feature #14408: Include ``ixv`` in ALTQ capable NIC list: edit: ah interestingly if i associate the guest wifi without a vlan tag it is removed from the interface
!https://gy... mrpops2ko .
09:47 PM Feature #14408 (Resolved): Include ``ixv`` in ALTQ capable NIC list: Not a lot to go on for this one unfortunately but I can attach screenshots. WAN and Guest Wifi (Opt 11 is an openvpn ... mrpops2ko .
09:32 PM pfSense Packages Bug #12808: Wireguard Gateways disabled when Wireguard Service is Manually Restarted: +1 for this bug still existing, through googling it appears to be associated with people who have PPPoE WAN connections. mrpops2ko .
06:58 PM pfSense Packages Bug #14405: PHP Crash report: I dont see anything odd in the logs. If this PHP error returns, try to review the log for the event so we can see wha... BBcan177 .
06:09 PM pfSense Packages Bug #14405: PHP Crash report: I am by no means a pfSense or BSD expert, but I managed to get the filter.log files (there are several) attached.
... Jens Kristensen
04:40 PM pfSense Packages Bug #14405: PHP Crash report: If this error persists, we need to get the line in the firewall log "/var/log/filter.log" that corresponds to the err... BBcan177 .
09:55 AM pfSense Packages Bug #14405: PHP Crash report: I'm using BSD. Don't think I ever changed any logging settings. Jens Kristensen
03:11 AM pfSense Packages Bug #14405: PHP Crash report: What firewall log type are you using? "syslog" or "BSD"?
For some reason there are "\x00" characters in the pfSens... BBcan177 .
03:06 PM Bug #14077: Kernel panic from incoming IPv6 connections: There are more details about this issue and specifics of how to easily reproduce it over on #14092 which is now publi... Jim Pingle
02:48 PM pfSense Packages Bug #14407 (Resolved): pfSense-pkg-syslog-ng package error: Syslog-ng package throws an error during the installation like below.
New packages to be INSTALLED:
pfSense-pk... Kaan Kayan
01:42 PM Regression #14374: Static ARP entries are not configured at boot: I can provide logs or diagnostics to help? Jeff Kuehl
01:16 PM pfSense Plus Feature #14404: Reference Alias when pushing IPv4 Local Network: You're right Jim. Thanks for the quick feedback and link. Appreciate you. Mike Moore
12:46 AM pfSense Packages Bug #14406: Squid Proxy version 0.4.46 Missing Error subfolder and files for "en" or "en-usa" and all other languages.: Path I have taken to correct:
1. full remove and reinstall of Squid and Squidguard package error returned
2. copie... Jonathan Lee
12:43 AM pfSense Packages Bug #14406 (Resolved): Squid Proxy version 0.4.46 Missing Error subfolder and files for "en" or "en-usa" and all other languages.: After 23.05 update and new Squid version 0.4.46 installed errors started showing,
"ERROR: loading file 9;/usr/lo... Jonathan Lee

05/22/2023

11:27 PM pfSense Packages Bug #14405: PHP Crash report: ... Jim Pingle
10:18 PM pfSense Packages Bug #14405 (New): PHP Crash report: Report attached. All I have. Let me know if you need more.
ver. 23.01. Jens Kristensen
09:12 PM pfSense Plus Feature #14404 (Duplicate): Reference Alias when pushing IPv4 Local Network: It's already possible and has been for several releases. See #2668 .
It's also mentioned in the docs:
https://d... Jim Pingle
08:57 PM pfSense Plus Feature #14404 (Duplicate): Reference Alias when pushing IPv4 Local Network: When setting up an OpenVPN server and the option for pushing Local Networks [IPv4 Local Network]
Would it be possi... Mike Moore
08:19 PM Bug #14403: Syslog Over OpenVPN Routed Out Default GW On Reboot: The problem is it taking an undesired path originally. It shouldn't continue to take that path if a better route is a... James Blanton
06:21 PM Bug #14403 (Not a Bug): Syslog Over OpenVPN Routed Out Default GW On Reboot: This is a configuration issue -- if traffic is taking a path you don't want when the VPN is down, you need to add rul... Jim Pingle
06:20 PM Bug #14403 (Not a Bug): Syslog Over OpenVPN Routed Out Default GW On Reboot: When using syslog over a site-to-site VPN, syslog will begin to route all syslog messages out of the default gateway ... James Blanton
01:58 PM Todo #14399 (Confirmed): Combining Interface and Rule ID state table filter fields returns no results: The page should return an error indicating that search combination is invalid. Steve Wheeler
01:25 PM Bug #14400 (Feedback): PHP Error in ``upgrade216_ipsec_create_vtimap()``: Applied in changeset commit:9fab01eae0698ce23979663fc18d58536dc305f0. Christopher Cope
01:15 PM Revision 9fab01ea: inc/upgrade_config: PHP 8.x issues. Fixes #14400: Christopher Cope
02:23 AM pfSense Docs Todo #14234 (Resolved): Update Packet Capture docs to reflect the new GUI: Marcos M
02:13 AM pfSense Packages Regression #13978 (Feedback): PHP errors with squidGuard: Fixed on squid 0.4.46 and squidGuard 1.16.19; these should be available on the next ports build. Marcos M
02:10 AM pfSense Packages Regression #13984 (Feedback): PHP errors with squid: Fixed on squid 0.4.46 and squidGuard 1.16.19; these should be available on the next ports build. Marcos M

05/21/2023

04:43 PM pfSense Packages Regression #13978: PHP errors with squidGuard: I just found the problem and the solution.
*Problem:*
PHP ERROR: Type: 1, File: /usr/local/pkg/squidguard.inc, ... EDUARDO RODRIGUEZ ROMERO
09:18 AM pfSense Packages Regression #13984: PHP errors with squid: I just found the problem and the solution.
Problem:
The squidguardtime settings it's empty
Solution:
... EDUARDO RODRIGUEZ ROMERO
06:45 AM pfSense Packages Regression #13984: PHP errors with squid: Can please somebody help me. This is really important for me because at this moment i dont have any restriction for t... EDUARDO RODRIGUEZ ROMERO
06:43 AM pfSense Packages Regression #13984: PHP errors with squid: I have the same problem with the squidguard package, i try to reinstall the squidguard package and i received the err... EDUARDO RODRIGUEZ ROMERO
08:23 AM Feature #14402 (Resolved): Dynamic DNS support for Porkbun: This feature adds the ability to use Porkbun (porkbun.com) DNS as a dynamic DNS service. Nita Vesa
02:29 AM pfSense Plus Bug #14401 (Confirmed): Changing from Switchport to Discrete Interface in VGA/Serial Console Breaks Port Status Monitoring: If you have an interface on a switchport device, like the 7100, and reassign the interface to a discrete interface li... Kris Phillips

05/20/2023

09:42 PM Bug #14397: DHCPv4 client (dhclient) does not use 802.1p Priority tagging on DHCP RENEW - Only on Discover and release: After quite the investigation the above BUG statement is a little more nuanced:
Using the second option (Adding “vla... Tue Madsen
03:29 PM Bug #14400 (Pull Request Review): PHP Error in ``upgrade216_ipsec_create_vtimap()``: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/1040 Christopher Cope
02:02 PM Bug #14400 (Resolved): PHP Error in ``upgrade216_ipsec_create_vtimap()``: ... Christopher Cope
11:29 AM Regression #14078 (Confirmed): Traffic graph shows half actual throughput when switching back to the graph: I reproduced this behavior on 23.01.
With the *Keep graphs updated on inactive tab* as a Background updates
, th... Danilo Zrenjanin
10:52 AM pfSense Packages Bug #14369: DNSBL Parsing error when DNSBL Mode "Unbound python mode".: I can't reproduce the errors on 23.01 with pfBlocker 3.2.0_4
Reload went without errors. Lev Prokofev
10:32 AM pfSense Packages Regression #14389: syslog-ng cannot save config: I couldn't reproduce it on:... Danilo Zrenjanin
08:53 AM Bug #14396: Reassembled packets received on a VTI are not forwarded: Just checked the IP Fragment Reassemble toggle, and it has no effect on this issue on 23.05 either Christopher de Haas

05/19/2023

09:46 PM Todo #14399: Combining Interface and Rule ID state table filter fields returns no results: This is not a bug it's the expected behaviour. Probably just not implemented yet:
https://github.com/pfsense/FreeBSD... Steve Wheeler
06:57 PM Todo #14399 (Resolved): Combining Interface and Rule ID state table filter fields returns no results: Steps to reproduce:
1. Diagnostics > States. Leave everything default (Interface: all, Filter expression and Rule ... Chris W
05:08 PM pfSense Packages Bug #14398 (New): ONBATT Status Missing in apcupsd.widget.php: Description:
The file apcupsd.widget.php is currently lacking the "ONBATT" status. Due to this, when the system is o... Nick ...
04:58 PM Bug #14376: Packet captures can fail to start on loopback and encapsulated IP interfaces: resolved. tested on
Version 23.05-RC (amd64)
built on Fri May 19 06:06:05 UTC 2023
FreeBSD 14.0-CURRENT Georgiy Tyutyunnik
03:25 PM Bug #14396 (New): Reassembled packets received on a VTI are not forwarded: OK, thanks for checking. There wouldn't be any patches yet for 23.05, just for 23.01. If it still happens on 23.05 th... Jim Pingle
02:54 PM Bug #14396: Reassembled packets received on a VTI are not forwarded: Thanks for replying. I have just updated a Netgate 4100 lab unit to 23.05-RC (23.05.r.20230519.0600). Unfortunately, ... Christopher de Haas
12:36 PM Bug #14396 (Feedback): Reassembled packets received on a VTI are not forwarded: Can you reproduce this on a 23.05 RC snapshot?
Have you applied all of the available recommended System Patches?
... Jim Pingle
07:36 AM Bug #14396 (Resolved): Reassembled packets received on a VTI are not forwarded: Larger than MTU backets, which require fragmentation, cannot be routed on an IPsec VTI interface. Here is an example ... Christopher de Haas
02:52 PM Bug #14397 (New): DHCPv4 client (dhclient) does not use 802.1p Priority tagging on DHCP RENEW - Only on Discover and release: Some ISPs using VLANs for service, require DHCPv4/v6 Frames to be 802.1p priority tagged.
pfSense has the option to... Tue Madsen
07:57 AM pfSense Packages Feature #14101: Add Zabbix 6.4 packages: https://github.com/pfsense/FreeBSD-ports/pull/1263
Looking for a review and hopefully a quick merge into 12.05 Valentin A

05/18/2023

10:35 PM pfSense Docs Todo #13456: Feedback on pfSense® software Configuration Recipes — Configuring DNS over TLS: Created https://redmine.pfsense.org/issues/14395 Sean McBride
10:35 PM Feature #14395 (New): Provide ability to turn of classic/unencrypted DNS (and use only DoT and/or DoH): As of now (2023), I'd wager few local networks could manage without classic/unencrypted DNS (on UDP port 53). But the... Sean McBride
07:49 PM pfSense Docs Todo #14360 (Closed): Feedback on pfSense® software Configuration Recipes — Virtualizing with Proxmox® VE: Note added: https://gitlab.netgate.com/docs/pfSense-docs/-/commit/caa7f1ff7eda903d58599e65c1293e01eee711f3 Jim Pingle
04:06 PM pfSense Plus Bug #14385 (Feedback): Unicast CARP VIPs do not communicate using IPv6 Link Local Addresses: Fixed upstream in https://cgit.freebsd.org/src/commit/?id=c2c28c0fa2e44caf1671b4dbf94167f686c3c411
Merged into devel... Kristof Provost
12:49 PM pfSense Plus Bug #14385: Unicast CARP VIPs do not communicate using IPv6 Link Local Addresses: Added note about this limitation to the docs: https://gitlab.netgate.com/docs/pfSense-docs/-/commit/67a457244248d481f... Jim Pingle
12:34 PM Bug #14394: PHP error in CSRF Magic from invalid time value: This specific error appears to possibly come from bad/corrupted cookie data from the client. It's trying to extract a... Jim Pingle
12:26 PM Bug #14394 (Resolved): PHP error in CSRF Magic from invalid time value: ... Danilo Zrenjanin
12:31 PM Bug #14393 (Duplicate): Unable to gather system activity (1): This is almost certainly a duplicate of #13776 and it didn't immediately start to work again because the system needs... Jim Pingle
10:41 AM pfSense Plus Regression #14378 (Confirmed): Packages are not removed when using the hardware reset button: I observed the same behavior on the SG-5100.... Danilo Zrenjanin

05/17/2023

11:53 PM Regression #12821: Intel e1000 driver (``em``, ``igb``) cannot pass packets tagged with VLAN ``0``: Tested on 23.05 with my ATT Fiber connection and VLAN0 PCP tagging. No issues. Kris Phillips
08:01 PM pfSense Plus Bug #14385: Unicast CARP VIPs do not communicate using IPv6 Link Local Addresses: I think I see why this doesn't work. Mostly because I forgot to consider link-local addresses.
It doesn't look ver... Kristof Provost
05:07 PM Bug #14393 (Duplicate): Unable to gather system activity (1): HI
In the Netgate SG1100 version 23.01 Pfsense plus going to the Diagnostics menu and then selecting the system acti... Antonio Briguglio
01:29 PM Bug #14373 (Feedback): System crashes or may become unresponsive with Captive Portal: Fixed upstream in https://cgit.freebsd.org/src/commit/?id=bdd47177528b5beacabb4837bfac0e9de92aae74 and cherry-picked ... Kristof Provost
10:23 AM pfSense Packages Bug #14390: Squid: SECURITY ALERT: Host header forgery detected: I've written a small Python script to help reliably reproduce and demonstrate this issue.
To simulate an application... Simon Byrnand
10:06 AM Bug #14083: Adding MSS and MTU values on a LAGG VLAN interface breaks connectivity: I tested against:... Danilo Zrenjanin

05/16/2023

08:11 PM pfSense Docs Todo #13456: Feedback on pfSense® software Configuration Recipes — Configuring DNS over TLS: >They may be locked down corporate systems...
I strive for something of the sort myself. :) We are close to being ... Sean McBride
07:57 PM pfSense Docs Todo #13456: Feedback on pfSense® software Configuration Recipes — Configuring DNS over TLS: We have no way of knowing what kind of clients are on a network. Not all of them have traditional client devices like... Jim Pingle
07:51 PM pfSense Docs Todo #13456: Feedback on pfSense® software Configuration Recipes — Configuring DNS over TLS: Thank for these updates Jim!
>Or the inverse, if no clients use DoT, then do not enable the feature.
I suspect ... Sean McBride
07:36 PM pfSense Docs Todo #13456 (Closed): Feedback on pfSense® software Configuration Recipes — Configuring DNS over TLS: Sean McBride wrote in #note-4:
> For 1) It's true that if any of one's local clients MUST talk to the DNS Resolver u... Jim Pingle
07:52 PM pfSense Docs Todo #13464 (Rejected): Reorder bullet list for ESX/ESXi settings for HA clusters: Closing in favor of #10924 -- according to that, some of the info there isn't even necessary/relevant anymore, so rat... Jim Pingle
07:50 PM pfSense Docs Todo #13586 (Closed): Add note for adjusting MSS on IPsec VTIs: Merged but also needed some wording and syntax fixes. Jim Pingle
07:46 PM pfSense Docs Todo #13452 (Closed): Add a one line command for Windows Command Prompt to return an installer's SHA256 checksum: Changed and deployed.
Jim Pingle
07:41 PM pfSense Docs Todo #13452 (In Progress): Add a one line command for Windows Command Prompt to return an installer's SHA256 checksum: Jim Pingle
03:45 PM Bug #14312 (Pull Request Review): MSS clamping on VPN traffic does not work on IPsec IPv6 mobile VPNs: Reid Linnemann
02:51 PM Regression #12821 (Resolved): Intel e1000 driver (``em``, ``igb``) cannot pass packets tagged with VLAN ``0``: Works as expected in current 23.05 snapshots:... Steve Wheeler
02:30 PM Bug #14056: DNS Resolver experiences intermittent resolution failures with SSL over TLS due to ASLR: Updating subject to reflect current knowledge.
Christian added an option to the Unbound port to disable ASLR for n... Jim Pingle
02:21 PM Bug #14363: "All" user group overwritten after assigning an existing user to a group: Re-tested on the latest 23.05 snapshot and it's working as expected. Only the intended group is modified.
Unfortun... Jim Pingle
02:09 PM Regression #14365 (Resolved): PHP error in RSS widget after saving settings: Working well on the current RC snapshot. No PHP errors after saving the widget settings. Jim Pingle
02:06 PM Bug #14392 (Resolved): ``find_interface_ipv6_ll()`` can return a VIP instead of the interface address: While looking at #14383 and #14385 I noticed that @find_interface_ipv6_ll()@ would return the last link local address... Jim Pingle
12:34 PM pfSense Docs Correction #14391 (Closed): Correcting installation guide for sg-1000: Fixed and deployed. The last working image for the 1000 is 22.05, and now its docs are hardcoded to reflect that.
... Jim Pingle
12:27 PM pfSense Docs Correction #14391 (In Progress): Correcting installation guide for sg-1000: Jim Pingle
11:03 AM pfSense Docs Correction #14391 (Closed): Correcting installation guide for sg-1000: Since the sg-1000 doesn't support 23.01, need to correct this page
https://docs.netgate.com/pfsense/en/latest/soluti... aleksei prokofiev
09:27 AM pfSense Packages Bug #14390: Squid: SECURITY ALERT: Host header forgery detected: I can't seem to edit my initial post but wanted to clarify the Squid debug option should be *debug_options ALL,1 rota... Simon Byrnand
09:19 AM pfSense Packages Bug #14390 (New): Squid: SECURITY ALERT: Host header forgery detected: In Squid version 3.2 in 2012 a "fix" for a potential security vulnerability involving host header forgery was added, ... Simon Byrnand

05/15/2023

11:38 PM pfSense Packages Regression #14389 (Resolved): syslog-ng cannot save config: Trying to save the configuration, even with the default values, in syslog-ng results in an error:... Steve Wheeler
11:27 PM Feature #14388 (New): Ability to search for timezone: A lot of people set their firewalls to their local timezone from UTC. There are however, a lot of timezones. It would... Mike Leone
11:25 PM pfSense Plus Feature #14387 (New): Offline config mode: From a forum discussion. Steve deserves credit.
[[https://forum.netgate.com/topic/180107]]
h1. Offline Config Mod... Mike Leone
09:59 PM Revision 8156d6d4: Fix ipsec_ikeid_next() copy/paste errors: The content of ipsec_ikeid_next() had some references to undefined variables
stemming from a change of nomenclature b... Reid Linnemann
07:43 PM pfSense Plus Regression #14383 (Resolved): IPv6 CARP VIPs are not configured properly on interfaces, ``ifconfig`` error in system log: Thanks for testing!
Jim Pingle
06:03 PM pfSense Plus Regression #14383: IPv6 CARP VIPs are not configured properly on interfaces, ``ifconfig`` error in system log: Jim Pingle wrote in #note-7:
> The URL for that commit is private, it will be in the next build.
>
> You can try ... Vladimir Suhhanov
05:50 PM pfSense Plus Regression #14383: IPv6 CARP VIPs are not configured properly on interfaces, ``ifconfig`` error in system log: The URL for that commit is private, it will be in the next build.
You can try this patch in the meantime, which is... Jim Pingle
05:41 PM pfSense Plus Regression #14383: IPv6 CARP VIPs are not configured properly on interfaces, ``ifconfig`` error in system log: Jim Pingle wrote in #note-5:
> Vladimir Suhhanov wrote in #note-4:
> > Jim Pingle wrote in #note-2:
> > > Fixed in... Vladimir Suhhanov
04:09 PM pfSense Plus Regression #14383: IPv6 CARP VIPs are not configured properly on interfaces, ``ifconfig`` error in system log: Vladimir Suhhanov wrote in #note-4:
> Jim Pingle wrote in #note-2:
> > Fixed in https://gitlab.netgate.com/pfSense/... Jim Pingle
03:59 PM pfSense Plus Regression #14383: IPv6 CARP VIPs are not configured properly on interfaces, ``ifconfig`` error in system log: Jim Pingle wrote in #note-2:
> Fixed in https://gitlab.netgate.com/pfSense/factory/-/commit/7694007e9570faecfd715020... Vladimir Suhhanov
03:37 PM pfSense Plus Regression #14383: IPv6 CARP VIPs are not configured properly on interfaces, ``ifconfig`` error in system log: Not a problem in a release, exclude from release notes. Jim Pingle
02:04 PM pfSense Plus Regression #14383 (Feedback): IPv6 CARP VIPs are not configured properly on interfaces, ``ifconfig`` error in system log: Fixed in https://gitlab.netgate.com/pfSense/factory/-/commit/7694007e9570faecfd7150206bd029fba2bb4bf0
There is one... Jim Pingle
12:48 PM pfSense Plus Regression #14383 (Confirmed): IPv6 CARP VIPs are not configured properly on interfaces, ``ifconfig`` error in system log: I can reproduce this here as well:... Jim Pingle
07:29 PM Regression #12821: Intel e1000 driver (``em``, ``igb``) cannot pass packets tagged with VLAN ``0``: Jim Pingle wrote in #note-39:
> Updating subject for release notes.
Thank you all!! Hayden Hill
02:07 PM Regression #12821: Intel e1000 driver (``em``, ``igb``) cannot pass packets tagged with VLAN ``0``: Updating subject for release notes. Jim Pingle
07:15 PM pfSense Docs Todo #14191 (Rejected): Feedback on pfSense® software Configuration Recipes — OpenVPN Site-to-Site Configuration Example with SSL/TLS: I followed the doc again on a current version of Plus (and latest CE snapshots) and it's accurate as it is. I made a ... Jim Pingle
06:58 PM pfSense Plus Regression #13895 (Resolved): Early boot hangs on Hyper-V with Gen2 VMs: 23.05-RC works correctly with Azure and Windows 11 Hyper-V in all mentioned test cases. If any issues are found after... Marcos M
06:52 PM pfSense Plus Regression #14137: pfSense Plus Upgrade repo data remains on the system after upgradng: This works as expected upgrading from 2.6 to 23.01. The correct repo is set after upgrade and the custom repo data is... Steve Wheeler
06:42 PM Regression #14305 (Resolved): Boot loader is not updated during upgrade from pfSense CE 2.6 to 2.7: Retesting this from @2.6@ to @2.7.0.a.20230510.0600@, the issue no longer occurs. Marcos M
06:36 PM Revision 4dcad18e: dns/unbound: enable NOASLR port option: Christian McDonald
05:15 PM Bug #14386 (Resolved): ``openvpn.auth-user.php`` gets stuck at 100% CPU usage when RADIUS authentication times out: This seems to be new behavior on pfsense plus 23.01-RELEASE. I'm seeing openvpn.auth-user.php processes stuck consum... Orion Poplawski
04:08 PM pfSense Docs Todo #14381: Feedback on Firewall — Aliases: It's a natural part of DNS that CNAMES would be followed by a resolver. So long as the end result is an A/AAAA record... Jim Pingle
03:55 PM pfSense Docs Todo #14381: Feedback on Firewall — Aliases: In that case the documentation should mention that it does follow CNAME. Filip Bengtsson
02:13 PM pfSense Docs Todo #14381 (Rejected): Feedback on Firewall — Aliases: It resolves CNAME records OK when I try it. You may have some other issue in your DNS setup. This site is not for sup... Jim Pingle
02:22 PM pfSense Docs Todo #14384 (Rejected): Feedback on pfSense® software Configuration Recipes — Virtualizing with Proxmox® VE: Until that is a package users can install in the GUI, that doesn't belong in the documentation. It's in the repo for ... Jim Pingle
11:04 AM pfSense Docs Todo #14384 (Rejected): Feedback on pfSense® software Configuration Recipes — Virtualizing with Proxmox® VE: *Page:* https://docs.netgate.com/pfsense/en/latest/recipes/virtualize-proxmox-ve.html
*Feedback:*
Hello.
T... Hrvoje Horvat
02:16 PM Bug #14363: "All" user group overwritten after assigning an existing user to a group: Picked back to 23.05 since there are potential security implications.
Jim Pingle
02:14 PM Regression #14365: PHP error in RSS widget after saving settings: Picked back to 23.05 Jim Pingle
02:14 PM Bug #14382 (Rejected): Service enable not work on boot: pfSense does not use the FreeBSD RC system at boot.
Jim Pingle
02:08 PM pfSense Plus Bug #14357 (Closed): Making Changes to DNS Resolution Behavior Causes DNS Servers to be Lost: Closing this for now, if you can find a way to reproduce it, check the files in my comment above and see what the con... Jim Pingle
02:01 PM pfSense Plus Bug #14385 (Resolved): Unicast CARP VIPs do not communicate using IPv6 Link Local Addresses: Configuring an IPv6 CARP VIP with a link local sync peer address does not appear to function properly. I've tried wit... Jim Pingle
12:57 PM pfSense Plus Feature #14348: Add unicast CARP indication and peer address to CARP status: While here, if there is room, the VIP description would also be helpful Jim Pingle
11:07 AM Bug #14313: Unable to create nested URL table aliases: A bit more tests:
1. when I used pfBlockerNG's IP lists
- https://feodotracker.abuse.ch/downloads/ipblocklist_recom... Azamat Khakimyanov
10:24 AM Feature #10843: Allow user manager settings to specify multiple authentication servers: Just here to push this up. This feature would be very useful on enterprise environments. Denis Grilli
02:12 AM pfSense Packages Bug #12808: Wireguard Gateways disabled when Wireguard Service is Manually Restarted: Hi everyone, I know this is closed but I am also experiencing the same issue. Netgate 6100. Just updated to 23.01 (... Allan Dresner

05/14/2023

05:17 PM Regression #14374: Static ARP entries are not configured at boot: Yes that is correct. Jeff Kuehl
12:45 AM Regression #14374: Static ARP entries are not configured at boot: So, for clarification, if you have a static MAC and IP mapping, after some period of time of the client being inactiv... Kris Phillips
03:11 PM pfSense Plus Regression #14383 (Resolved): IPv6 CARP VIPs are not configured properly on interfaces, ``ifconfig`` error in system log: https://forum.netgate.com/topic/180051/ipv6-carp-seems-broken-on-23-05/4
Let's say you have a LAN with both IPV6 a... Vladimir Suhhanov
09:11 AM pfSense Packages Bug #14369: DNSBL Parsing error when DNSBL Mode "Unbound python mode".: Thanks for checking it. Hopefully it's fixed then. I'll wait and see what 23.05 does, and come back, if it's still th... Jens Kristensen
02:38 AM pfSense Packages Bug #14369: DNSBL Parsing error when DNSBL Mode "Unbound python mode".: Attempted to recreate this in pfSense Plus 23.05 RC with pfBlocker 3.2.0_5. Unable to recreate. Kris Phillips
09:08 AM Feature #855: Ability to selectively kill states on gateway recovery: A very necessary feature for those who use the second WAN exclusively as a backup channel, and especially if it has v... Alex Viper_Rus
08:42 AM Bug #14382: Service enable not work on boot: /etc/rc.d/mountd
service mountd enable > not work on boot
/etc/rc.d/nfsd
service nfsd enable > not work on boot
... Geno Geno
08:42 AM Bug #14382 (Rejected): Service enable not work on boot: /etc/rc.d/mountd
service mountd enable > not work on boot
/etc/rc.d/nfsd
service nfsd enable > not work on boot
... Geno Geno
01:42 AM pfSense Plus Bug #14357: Making Changes to DNS Resolution Behavior Causes DNS Servers to be Lost: Jordan Greene wrote in #note-3:
> Not able to reproduce this either. Does the DNS server override pull different ser... Kris Phillips
01:38 AM pfSense Plus Bug #14357: Making Changes to DNS Resolution Behavior Causes DNS Servers to be Lost: Not able to reproduce this either. Does the DNS server override pull different servers on your ATT interface? Jordan G
12:42 AM pfSense Plus Bug #14357: Making Changes to DNS Resolution Behavior Causes DNS Servers to be Lost: I'm no longer able to reproduce this. I was able to reliably get this to happen when flipping between between "Use R... Kris Phillips
01:19 AM pfSense Docs Todo #14381 (Rejected): Feedback on Firewall — Aliases: *Page:* https://docs.netgate.com/pfsense/en/latest/firewall/aliases.html#using-hostnames-in-aliases
*Feedback:* Wh... Filip Bengtsson
12:49 AM pfSense Plus Bug #14329: DDNS IPv6 update PHP error: Tested on pfSense Plus 23.05 RC from May 13th. This is present in this build and confirmed. Kris Phillips

05/13/2023

12:37 PM Regression #12821 (Feedback): Intel e1000 driver (``em``, ``igb``) cannot pass packets tagged with VLAN ``0``: This is now in 23.05-RC Steve Wheeler

05/12/2023

07:51 PM pfSense Docs New Content #14355 (Closed): Create new doc about managing ``/boot/loader.conf.local``: Added to 23.05 docs, will merge along with that release.
https://gitlab.netgate.com/docs/pfSense-docs/-/commit/f33... Jim Pingle
07:33 PM Bug #14376 (Resolved): Packet captures can fail to start on loopback and encapsulated IP interfaces: Marcos M
07:15 PM Bug #14376 (Feedback): Packet captures can fail to start on loopback and encapsulated IP interfaces: Applied in changeset commit:af317696460a19c8331412cf7b8103b583a07a75. Marcos M
12:49 AM Bug #14376 (Pull Request Review): Packet captures can fail to start on loopback and encapsulated IP interfaces: This will happen for loopback and encapsulated IP interfaces. Fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merg... Marcos M
06:26 PM Feature #6960 (In Progress): Introduce Kea DHCP as an alternative DHCP server for IPv4 and IPv6: Christian McDonald
02:27 PM Feature #6960: Introduce Kea DHCP as an alternative DHCP server for IPv4 and IPv6: Worth noting that when we do convert, we can remove input validation that prevents adding mappings within pools (or m... Jim Pingle
02:57 PM Bug #14083: Adding MSS and MTU values on a LAGG VLAN interface breaks connectivity: Is there any progress here?
This is serious bug which affects all XG-7100s path MTU discovery.
Is there any workaro... Lukas Macura
01:08 PM Bug #14056 (Confirmed): DNS Resolver experiences intermittent resolution failures with SSL over TLS due to ASLR: Christian McDonald
12:59 PM pfSense Plus Regression #14378: Packages are not removed when using the hardware reset button: Observed the same thing on the 2100 using the reset button. Steve Wheeler
12:41 AM pfSense Plus Regression #14378 (Confirmed): Packages are not removed when using the hardware reset button: More precisely it appears that packages are re-installed after rebooting into the new config.
This does not happen... Steve Wheeler
12:34 PM Regression #14370 (Waiting on Merge): Console and system log may contain unnecessary Netlink debug messages from IPsec: Committed as https://cgit.freebsd.org/src/commit/?id=fa554de7746d88959738e4cb978608af8ce479c1
We'll get that with ... Kristof Provost
10:05 AM Regression #14377 (Waiting on Merge): Cannot add a QinQ interface to a bridge: Fix in https://cgit.freebsd.org/src/commit/?id=92c23f6d9c2074f6deb0029d13a8c92b32797059
We'll pick that up with th... Kristof Provost
06:31 AM Regression #14377: Cannot add a QinQ interface to a bridge: I can also reproduce this on base FreeBSD. It appears to be due to incorrect locking in if_vlan, possibly as a result... Kristof Provost
07:13 AM Feature #14379 (New): pftop - filter preset: make please filter preset in Diagnostic -> pfTop, like Status -> Monitoring (add view) Evgeny Korostelev
12:17 AM Revision af317696: Add VLAN support validation for the Packet Capture interface. Fix #14376: Marcos M

05/11/2023

11:58 PM Regression #14377 (Closed): Cannot add a QinQ interface to a bridge: Attempting to create a bridge with a QinQ member results in the GUI timing out.
An existing bridge with a QinQ mem... Steve Wheeler
07:20 PM Revision 0fe74727: net/keama: add Kea migration assistant to build for development and testing: Christian McDonald
07:15 PM Revision c8014348: Replace abbreviated links from System menu: Christian McDonald
05:17 PM pfSense Packages Bug #14287: pfBlockerNG does not uninstall cleanly when using RAM disks: No joy with the new 2.2.2 system patches:... Loh Phat
05:04 PM Bug #14376 (Resolved): Packet captures can fail to start on loopback and encapsulated IP interfaces: Packet capture fails to start if interface is enc0 (IPSec) and any custom filter configuration present.
"Any" type f... Georgiy Tyutyunnik
04:35 PM Bug #14373: System crashes or may become unresponsive with Captive Portal: Mark doesn't think his fix would affect this.
Having looked a bit more, I have a different theory.
Thread 100008 ... Kristof Provost
12:50 PM Bug #14373: System crashes or may become unresponsive with Captive Portal: The config uploaded to the file drop for internal testing - folder 1328742557 Lev Prokofev
12:40 PM Bug #14373: System crashes or may become unresponsive with Captive Portal: That backtrace has me suspecting that this may actually be a fix: https://cgit.freebsd.org/src/commit/?id=7b92493ab1d... Kristof Provost
12:10 PM Bug #14373: System crashes or may become unresponsive with Captive Portal: Summarising the discussions we've had so far: it appears that the issue is that something is holding the PF_RULES loc... Kristof Provost
11:31 AM Bug #14373 (Resolved): System crashes or may become unresponsive with Captive Portal: Symptoms
Captive Portal gets stuck (no internet or network access), sometimes service restart can fix it. Sometime... Lev Prokofev
03:34 PM pfSense Docs New Content #14317: Add docs for Ethernet Filtering (Plus Only): I also added a recipe to configure an AT&T style WAN using Ethernet rules and other recent features:
https://gitla... Jim Pingle
03:34 PM pfSense Docs New Content #14375 (Resolved): Add recipe for AT&T fiber ONT/Modem auth bridge setup: Add a recipe covering the typical AT&T ONT/Modem auth bridge setup now possible using the GUI alone.
Source doc wi... Jim Pingle
01:31 PM Regression #14374: Static ARP entries are not configured at boot: Found Work-around for Rebooting is to use the "ShellCmd" package to run "arp -s <IPAddr> <MAC_Addr>" on boot for each... Jeff Kuehl
01:27 PM Regression #14374 (Resolved): Static ARP entries are not configured at boot: Not Sure if Category of "Aliases / Tables" is correct for ARP issues, or otherwise we could put on "DHCP Server" cate... Jeff Kuehl
01:16 PM Regression #14370: Console and system log may contain unnecessary Netlink debug messages from IPsec: I've proposed https://reviews.freebsd.org/D40062 upstream as a slightly more general improvement. Kristof Provost
10:08 AM pfSense Packages Feature #14372 (New): More advanced filter options on snort interface rules: Hello community,
I think it would make sense to integrate a text search field for the interface rules filter, which ... Fabian Winzinger
07:51 AM Regression #12821 (Waiting on Merge): Intel e1000 driver (``em``, ``igb``) cannot pass packets tagged with VLAN ``0``: This will be fixed with https://cgit.freebsd.org/src/commit/?id=0229fab2fe0eed843ebec98fd31b7d49bb2e8438 Kristof Provost
02:20 AM Revision 0ba64c06: Switch exclusively over to Python 3.11: Brad Davis
12:18 AM Bug #14056: DNS Resolver experiences intermittent resolution failures with SSL over TLS due to ASLR: https://forum.netgate.com/post/1104001
This issue is not unique to pfSense. We do have a workaround:
# Stop the Unb... Marcos M

Also available in: Atom

Project

General

Profile

pfSense

Activity

Activity

06/09/2023

06/08/2023

06/07/2023

06/06/2023

06/05/2023

06/04/2023

06/03/2023

06/02/2023

06/01/2023

05/31/2023

05/30/2023

05/29/2023

05/28/2023

05/27/2023

05/26/2023

05/25/2023

05/24/2023

05/23/2023

05/22/2023

05/21/2023

05/20/2023

05/19/2023

05/18/2023

05/17/2023

05/16/2023

05/15/2023

05/14/2023

05/13/2023

05/12/2023

05/11/2023