Activity

30 days up to

User

Subprojects

Activity

From 06/02/2023 to 07/01/2023

07/01/2023

11:59 PM Bug #14477: Defining IP address on an Interface doesn't check defined VIPs for possible IP address overlapping: This bug are likely related: https://redmine.pfsense.org/issues/13961 Kris Phillips
11:57 PM pfSense Packages Bug #10692: PIMD starts twice at boot: confirming, same thing as above with 23.05.1 and pimd 0.0.3_6 Jordan G
11:45 PM pfSense Plus Bug #14531: Traffic Graph widget doesn't show traffic counts for OpenVPN interfaces since 23.05.1 upgrade.: What is being done to reproduce this? I have two OpenVPN Client interfaces and the widget on the dashboard shows tra... Kris Phillips
06:24 AM pfSense Plus Bug #14531 (Confirmed): Traffic Graph widget doesn't show traffic counts for OpenVPN interfaces since 23.05.1 upgrade.: Tested on SG-3100 23.05.1 release. I can confirm this behavior. Danilo Zrenjanin
11:41 PM Regression #14534: Cavium ``qlnxe`` / ``if_qlnxe`` driver is not present: Nikolaos Astyrakakis wrote:
> Interfaces using qlnxe driver are not appearing in 2.7.0 version.
>
> I added if_ql... Kris Phillips
12:13 PM Regression #14534 (Resolved): Cavium ``qlnxe`` / ``if_qlnxe`` driver is not present: Interfaces using qlnxe driver are not appearing in 2.7.0 version.
I added if_qlnxe_load="YES" but the interfaces a... Nikolaos Astyrakakis
11:39 PM Bug #13277: IGMP Proxy webConfigurator Page Always Produces Error: Tested on 23.05 and 23.05.1. The error is present on both releases. Kris Phillips
11:04 PM Regression #12215: OpenVPN does not resync when running on a gateway group: 23.05.1 has OpenVPN clients using the configured gateway group as the correct interface(s) and appears to failover an... Jordan G
10:30 PM pfSense Packages Bug #14498: php errors when looking at snort active rules: We'll need more information to confirm if this is actually a bug. It is possible you are hitting the memory limit in ... Christopher Cope
10:31 AM Feature #14533 (Duplicate): Kil UDP states on gateway recovery: Hi the community
I tested pfsense 2.7CE and I hoped it can finally solved a long time problem that udp states for ... Lionel RIVIERE
09:48 AM Regression #14517 (Resolved): Log rotation is not active if the configuration contains an empty ``<syslog>`` section or if that section is not present: Tested the patch against the:... Danilo Zrenjanin
05:37 AM Bug #14237: Intermittent packet loss related to DHCP with Multi-WAN: Still an issue on 2.7.0 release. Seems to happen more frequently now, but might also be a coincidence. Nazar Mokrynskyi
12:36 AM Todo #10464: Don't change the current update repo when new releases are available: Imo there are three separate updates pfsense manages
* pfsense update: branch set to current should update as new cur... Patch Public

06/30/2023

08:29 PM pfSense Packages Bug #14532 (Not a Bug): Error is logged every time a domain in the DNSBL is temporarily unlocked or re-locked: From the Reports > Alerts tab, when I click the red lock icon to temporarily unlock a domain listed under the DNSBL P... Derek Fong
06:09 PM Regression #14374: Static ARP entries are not configured at boot: pfSense 2.7.0 problem with static arp after reboot still exists. Evgeny Korostelev
05:17 PM pfSense Packages Todo #13917 (In Progress): OpenVPN Client Export: Integrate OpenVPN 2.6.0: Jim Pingle
04:48 PM pfSense Plus Bug #14531 (Confirmed): Traffic Graph widget doesn't show traffic counts for OpenVPN interfaces since 23.05.1 upgrade.: The Traffic Graph widget doesn't show the in\out traffic for the OpenVPN interfaces.
!clipboard-202306302045-mzwyk... Lev Prokofev
03:47 PM pfSense Packages Bug #14530 (Resolved): Suricata 6.0.13 package interface settings: Hello,
The text label at _Services / Suricata / Interfaces / <IF>(Edit) / <IF>Flow/Stream / Stream Memory Cap_ say... Robert Karsai
02:40 PM Feature #14265 (Feedback): Option to invalidate GUI login session if the client address changes: Applied in changeset commit:d6078e851ade476b6e9190fd77b9a70eb3c7bb92. Christopher Cope
02:33 PM Revision d6078e85: Add option to invalidate GUI login on IP address change. Implements #14265: Christopher Cope
02:06 PM Bug #14497: Kernel panic when using traffic shaping on a PPPoE interface: A bit more progress. It looks like we're enqueuing the same mbuf twice, so it gets used after it's been freed and tha... Kristof Provost
12:56 PM pfSense Packages Feature #14529: eBPFShield: Also can send alerts to SIEM ie call outs to "ransomware_.com" or other nastyware infected machines calling out to c... Michael Lawrence
12:46 PM pfSense Packages Feature #14529 (New): eBPFShield: https://github.com/sagarbhure/eBPFShield
Advanced host monitoring and threat detection with eBPF 🛡️
eBPFShield ... Michael Lawrence
08:12 AM Bug #14524: Cannot select IP Alias VIP with CARP VIP parent in Virtual IP drop-down on Gateway Groups: Created a forum topic just in case: https://forum.netgate.com/topic/181150/bug-in-gateway-group-creation-screen Jens Groh
07:03 AM pfSense Packages Bug #10936: both haproxy/haproxy-devel non-existent option lb-agent-chk: Tested on: ... Danilo Zrenjanin
06:22 AM pfSense Docs Todo #14528 (New): Feedback on pfSense® software Configuration Recipes — Configuring CoDel Limiters for Bufferbloat: *Page:* https://docs.netgate.com/pfsense/en/latest/recipes/codel-limiters.html
*Feedback:*
The documentation for ... Nico Neukirchen
03:50 AM Bug #12079: Kernel panic when running IGMP Proxy: Sleeping thread owns a non-sleepable lock: There seems to be little progress and a possible fix is being postponed.
I can't imagine that I'm the only one bumpi... Arturo de Vries

06/29/2023

11:18 PM Feature #14483: Conditionally reconfigure IPsec VTI interfaces only when necessary while applying IPsec changes: I moved one of my FRR neighbors over to wireguard and left the rest to IPsec VTI. As I suspected any changes to the I... Mike Moore
01:40 PM Feature #14483: Conditionally reconfigure IPsec VTI interfaces only when necessary while applying IPsec changes: IPsec with FRR is still not stable. Any hope in getting it looked at after the holiday? Mike Moore
09:09 PM Bug #5413: Reduce disruptions when changing DNS records from DHCP leases in Unbound: It is actively being worked on. Christian McDonald
09:06 PM Bug #5413: Reduce disruptions when changing DNS records from DHCP leases in Unbound: I had high hopes that we may see the fix in the latest version (23.05). Do we have a road map or at least a time fram... Mark Abram
09:00 PM Bug #14527 (Duplicate): DNS Resolver restarts when clients connect or reconnect: There is already a report for it (the one you linked to), no need for a duplicate. Add a comment on the open issue. Jim Pingle
08:31 PM Bug #14527 (Duplicate): DNS Resolver restarts when clients connect or reconnect: Hi,
So this problem has been an issue for some time. I mean years time. I run Unbound DNS externally because I am ... Mark Abram
08:46 PM Bug #14516: With Multiple static ARP MAC-IP pairing to the same IP address hosts in ARP TABLE showing wrong pairings: yes we can agree the user can configure it wrong all over. Again, an administrator might fat finger a large static DH... Jonathan Lee
08:28 PM Bug #14516: With Multiple static ARP MAC-IP pairing to the same IP address hosts in ARP TABLE showing wrong pairings: Because of the hostname mix up seen here can we please use a Java "map" object and or Python's "dictionary" equivalen... Jonathan Lee
01:35 PM Bug #14516: With Multiple static ARP MAC-IP pairing to the same IP address hosts in ARP TABLE showing wrong pairings: Why does the GUI allow it? Leading to, it does allow it so, why does it map to the wrong host names? Jonathan Lee
03:20 AM Bug #14516: With Multiple static ARP MAC-IP pairing to the same IP address hosts in ARP TABLE showing wrong pairings: Should DHCP allow multiple entries? Leading to if it does why did it not map to the correct hostname in the arp table... Jonathan Lee
05:15 PM Revision 6e1a1453: Make 2.7.0-RELEASE the default: Brad Davis
05:14 PM pfSense Plus Bug #14526 (Rejected): 23.05.01 can't normal boot: This site is not for support or diagnostic discussion.
For assistance in solving problems, please post on the "Net... Jim Pingle
05:12 PM pfSense Plus Bug #14526 (Rejected): 23.05.01 can't normal boot: i am upgrade from 23.05 to 23.05.01. it is installed frr. the 23.05.01 can't normal work.
!clipboard-20230... yon Liu
04:57 PM Regression #14525 (Resolved): PHP error in ``status_ipsec.php`` after removing active IPsec tunnel configuration: ... Christopher Cope
04:23 PM pfSense Packages Feature #9141: FRR xmlrpc: To understand the set up then.
nodeA and nodeB will have sepearate routing neighbors probably exchanging the same ... Mike Moore
04:19 PM pfSense Packages Feature #14512: Basic Auth through GUI: This can be achieved through Advanced pass-thru.
I am only advocating having a GUI option available to create users/... Mike Moore
03:05 PM pfSense Packages Feature #9833: ACME: add ability to use custom ACME server: +1 as well. Also a shout out to Step CA. There are more and more options for ACME endpoints hosted privately, this ... Jamison Maxwell
02:39 PM Revision e0c84221: Bump next to 2.7.0-RELEASE: Brad Davis
01:43 PM Bug #14524 (Resolved): Cannot select IP Alias VIP with CARP VIP parent in Virtual IP drop-down on Gateway Groups: Running version: 23.05-plus
Affected: all? (as it's probably a UI issue)
Hi,
As this seems a clear UI issue/bu... Jens Groh
01:02 PM Bug #14432: PHP error when failing to write ``config.cache``: User still hitting this in 23.05:... Steve Wheeler
12:10 PM Revision 0fb335e6: Bump to 2.8.0-DEVELOPMENT: Brad Davis
07:26 AM pfSense Plus Bug #14515 (Resolved): Ethernet rule Action field hint text lists "reject" option which is not compatible with Ethernet rules: Tested the patched file. The help text on Ethernet rules says only "Choose what to do with packets that match the cri... Danilo Zrenjanin
03:14 AM pfSense Plus Bug #14515: Ethernet rule Action field hint text lists "reject" option which is not compatible with Ethernet rules: Thanks for looking into this small detail. I appreciate you. Jonathan Lee
06:45 AM pfSense Packages Bug #14460: PHP Fatal error: Uncaught TypeError: Cannot access offset of type string on string in /usr/local/pkg/haproxy/haproxy.inc:2158: I have the exact same block of three lines on another appliance. So this might be some result of upgrades and changes... Stefan Weichinger
06:30 AM pfSense Packages Bug #14460: PHP Fatal error: Uncaught TypeError: Cannot access offset of type string on string in /usr/local/pkg/haproxy/haproxy.inc:2158: I can confirm that after removing the lines, there are no PHP errors, and the service starts successfully.
Danilo Zrenjanin
12:38 AM pfSense Packages Bug #14523 (Resolved): PHP error when using an unsupported alias type in Advanced Rule Settings: Confirmed on both 2.6, 2.7-RC and 23.05 using pfBlockerNG-Devel 3.2.0_5 and 3.2.0_4. Removing pfBlockerNG-devel packa... Sengor K

06/28/2023

09:28 PM pfSense Packages Bug #14426: PHP errors in Lightsquid: Hi, it is happening in 4100 too.
Crash report begins. Anonymous machine information:
amd64
14.0-CURRENT
Free... Wil M
09:18 PM Feature #14402: Dynamic DNS support for Porkbun: I'm using pfsense+ 23.05-Release
I was able to import this PR using the patches plugin via this URL https://github... Adrien Carlyle
07:51 PM pfSense Packages Bug #14460: PHP Fatal error: Uncaught TypeError: Cannot access offset of type string on string in /usr/local/pkg/haproxy/haproxy.inc:2158: Found my way: fixed now. Thanks for your help. Stefan Weichinger
06:56 PM pfSense Packages Bug #14460: PHP Fatal error: Uncaught TypeError: Cannot access offset of type string on string in /usr/local/pkg/haproxy/haproxy.inc:2158: Tried editing with `viconfig`: as HAproxy is down, ACME couldn't pull a LetsEncrypt-Cert, so no GUI right now ... edi... Stefan Weichinger
06:41 PM pfSense Packages Bug #14460: PHP Fatal error: Uncaught TypeError: Cannot access offset of type string on string in /usr/local/pkg/haproxy/haproxy.inc:2158: Stefan Weichinger wrote in #note-6:
> Jim Pingle wrote in #note-5:
> Great, thanks. How would I do this? HAproxy is... Jim Pingle
06:29 PM pfSense Packages Bug #14460: PHP Fatal error: Uncaught TypeError: Cannot access offset of type string on string in /usr/local/pkg/haproxy/haproxy.inc:2158: Jim Pingle wrote in #note-5:
> This is your problem, the configuration is invalid:
>
> [...]
>
> If you delete... Stefan Weichinger
06:13 PM pfSense Packages Bug #14460: PHP Fatal error: Uncaught TypeError: Cannot access offset of type string on string in /usr/local/pkg/haproxy/haproxy.inc:2158: This is your problem, the configuration is invalid:... Jim Pingle
06:15 AM pfSense Packages Bug #14460: PHP Fatal error: Uncaught TypeError: Cannot access offset of type string on string in /usr/local/pkg/haproxy/haproxy.inc:2158: May I ask for help again? We'd like to see this issue solved ... thanks Stefan Weichinger
07:10 PM Bug #14522 (New): IPv6 doesn't get update on interface change if track interface is selected: How to reproduce:
configure a WAN connection with dynamic IPv6 and request a subnet:
!clipboard-202306282106-rec3j.... L J
06:22 PM Feature #14521 (New): Allow larger subets that /64 for track interface in interface settings: it would be very helpful if a larger subnet mask could be selected for a tracking interface (e.g. to allow a second f... L J
05:46 PM pfSense Packages Bug #14519: PHP Error: Cannot access offset of type string on string in /usr/local/pkg/status_traffic_totals.inc:189: Yes, it's consistent with the package not updating during the upgrade. Updating the package to the current (fixed) co... Jim Pingle
05:41 PM pfSense Packages Bug #14519: PHP Error: Cannot access offset of type string on string in /usr/local/pkg/status_traffic_totals.inc:189: This is strange as I get this error every time I log into the web interface. I've reinstalled the package and now the... L J
04:22 PM pfSense Packages Bug #14519 (Not a Bug): PHP Error: Cannot access offset of type string on string in /usr/local/pkg/status_traffic_totals.inc:189: OK I've tried but I can't reproduce this. The only thing I can think of is that somehow your system was trying to exe... Jim Pingle
03:27 PM pfSense Packages Bug #14519: PHP Error: Cannot access offset of type string on string in /usr/local/pkg/status_traffic_totals.inc:189: Looks like it's one of a common set of errors we've seen where the config has no (or a partial/empty) OpenVPN config ... Jim Pingle
03:09 PM pfSense Packages Bug #14519 (Not a Bug): PHP Error: Cannot access offset of type string on string in /usr/local/pkg/status_traffic_totals.inc:189: It seems that this error was already topic in #13775
Crash report begins. Anonymous machine information:
amd64... L J
05:37 PM Feature #14520 (New): Allow more than one IPv6 per Interface and in RA-Service: In current development status it is only possible to have one IPv6 per interface in tracking mode. If there are more ... L J
05:29 PM pfSense Packages Bug #14509 (Not a Bug): PHP Error in ``vpn_openvpn_export.php``: Jim Pingle
05:23 PM pfSense Packages Bug #14509: PHP Error in ``vpn_openvpn_export.php``: Issue fixed by manually upgrading the openvpn-client-export package:
---------------------------------------------... Ivo Gurp
03:04 PM pfSense Plus Bug #14515: Ethernet rule Action field hint text lists "reject" option which is not compatible with Ethernet rules: Updating subject and fixing project/target. Jim Pingle
02:17 PM pfSense Plus Bug #14515 (Feedback): Ethernet rule Action field hint text lists "reject" option which is not compatible with Ethernet rules: Thanks.
pf(4) only supports pass/block action semantics for L2 rule processing, reject/match are not supported.
I h... Christian McDonald
01:34 PM Bug #14518: pfSense CrashLog on 2.7.0RC Upgrade: I did have to update almost all of the packages after the upgrade. I think the acme package and system patches were t... Matthew Drury
01:15 PM Bug #14518: pfSense CrashLog on 2.7.0RC Upgrade: OK, and did you have to manually upgrade those packages after?
It's possible a problem with one of the old package... Jim Pingle
01:09 PM Bug #14518: pfSense CrashLog on 2.7.0RC Upgrade: There is no new crash report given upon a reboot.
Packages Installed:
Acme
llpd
nut
Openvpn-client-export
pfB... Matthew Drury
01:00 PM Bug #14518 (Feedback): pfSense CrashLog on 2.7.0RC Upgrade: The module errors are known/expected during any upgrade where the PHP version changes. We're working on trying to imp... Jim Pingle
12:51 PM Bug #14518 (Closed): pfSense CrashLog on 2.7.0RC Upgrade: I received this crash log upon upgrade to 2.7.0RC from 2.6.0. Everything seems to be running fine so far despite this... Matthew Drury
01:00 PM Regression #14517 (Feedback): Log rotation is not active if the configuration contains an empty ``<syslog>`` section or if that section is not present: Applied in changeset commit:892de1ecdaa23b164f6b2a2251d7538eee2199ea. Jim Pingle
12:42 PM Regression #14517 (Resolved): Log rotation is not active if the configuration contains an empty ``<syslog>`` section or if that section is not present: Similar to how logging didn't work in #14283, if the @<syslog>@ section of @config.xml@ is missing or empty, the news... Jim Pingle
12:53 PM Revision 892de1ec: Fix invalid log rotation setup test. Fixes #14517: Jim Pingle
12:00 AM pfSense Packages Feature #9238: Add support for Zerotier: Any update on this?
I third this idea Scott Howard

06/27/2023

10:57 PM Bug #14516 (Not a Bug): With Multiple static ARP MAC-IP pairing to the same IP address hosts in ARP TABLE showing wrong pairings: Hello fellow pfsense redmine community members,
I was researching just random items with MAC addresses and IP mapp... Jonathan Lee
10:25 PM pfSense Plus Bug #14515 (Resolved): Ethernet rule Action field hint text lists "reject" option which is not compatible with Ethernet rules: Hello fellow pfsense redmine members,
I wanted to post this under the experimental layer 2 access control list are... Jonathan Lee
10:22 PM pfSense Packages Bug #14514 (Duplicate): SNORT randomly starts blocking the IP address on the interface that it is residing on: Hello fellow pfsense Redmine team members,
I have found an issue where SNORT starts to block out my ip address th... Jonathan Lee
07:20 PM Bug #14513 (Resolved): Improve error handling in ``status.php``: The status.php page is typically used when there's an issue with the system. If PHP errors are encountered while gene... Marcos M
06:51 PM Revision 81c6453d: composer update: Christian McDonald
05:22 PM pfSense Docs Correction #14511: Dynamic Routing over WireGuard: The only other caveat i have found is if the tunnel is up using a non-zero allowed IP address and you have establishe... Mike Moore
04:45 PM pfSense Docs Correction #14511: Dynamic Routing over WireGuard: Correction. The route just made it in there when i did my screencap. I reverted back to 0.0.0.0/0 in Allowed IP Mike Moore
04:44 PM pfSense Docs Correction #14511: Dynamic Routing over WireGuard: Another post.
As you can see the routes exist within the BGP dameon process
sh ip bgp neighbors 10.6.106.2 receiv... Mike Moore
04:37 PM pfSense Docs Correction #14511: Dynamic Routing over WireGuard: Routing fails. I am uploading the pics to show.
Moving back to 0.0.0.0/0 restores connectivity. Mike Moore
04:26 PM pfSense Docs Correction #14511: Dynamic Routing over WireGuard: Mike Moore wrote in #note-2:
> Its possible things have changed.
> This is a site2site tunnel with a configuration ... Jim Pingle
04:24 PM pfSense Docs Correction #14511: Dynamic Routing over WireGuard: Its possible things have changed.
This is a site2site tunnel with a configuration with only 1x peer. I am doing BGP
... Mike Moore
04:09 PM pfSense Docs Correction #14511 (Feedback): Dynamic Routing over WireGuard: Unless something changed, if there is only one peer on the tunnel it used to assume that since it didn't have to deci... Jim Pingle
02:42 PM pfSense Docs Correction #14511 (Feedback): Dynamic Routing over WireGuard: https://docs.netgate.com/pfsense/en/latest/vpn/wireguard/routing.html#dynamic-routing
Please add a note that when ... Mike Moore
04:53 PM Revision 1d1b1c02: Bump to 2.7-RELEASE: Brad Davis
03:01 PM pfSense Packages Feature #14512 (New): Basic Auth through GUI: Add the ability through the GUI to provide basic authentication for either frontend or backend pools
You can hack ... Mike Moore
02:13 PM Bug #14497: Kernel panic when using traffic shaping on a PPPoE interface: I believe I've reproduced the problem. It required using ix3 as LAN interface and ix3.201 as PPPoE for WAN.
With a... Kristof Provost
03:57 AM Feature #14483: Conditionally reconfigure IPsec VTI interfaces only when necessary while applying IPsec changes: Hi. Making a heartbeat check.
Will this get investigated further?
At this time i cant reliably use VTI and FRR at ... Mike Moore

06/26/2023

10:03 PM pfSense Packages Bug #14510 (New): match rpki invalid What is actually executed is match rpki valid: when i setup match rpki invalid for deny, then actually executed is match rpki valid for deny.
please your check a... yon Liu
08:10 PM Bug #11418: 'NAT-T: Force' is broken for IPv6 IPsec: I submitted option B to strongSwan here: https://github.com/strongswan/strongswan/issues/1759 Richard Laager
08:06 PM Bug #11418: 'NAT-T: Force' is broken for IPv6 IPsec: This is a problem for us. In short, what is happening is that stateful firewalls in the middle are not associating th... Richard Laager
06:50 PM pfSense Packages Bug #14509 (Not a Bug): PHP Error in ``vpn_openvpn_export.php``: When clicking 'VPN >> OpenVPN >> Client Export' the following issue occurs (Intel Celeron 1005M):
----------------... Ivo Gurp
04:45 PM Bug #14497: Kernel panic when using traffic shaping on a PPPoE interface: I have no idea what could be going on here.
I'm going to assume that the `codel_should_drop: could not found the p... Kristof Provost
12:20 PM Bug #14497: Kernel panic when using traffic shaping on a PPPoE interface: Attached shaper config that hots this. Steve Wheeler
12:27 PM pfSense Packages Feature #12502 (Resolved): Option to include Syslog-ng Configuration Library (scl): Jim Pingle
12:26 PM pfSense Plus Bug #14507 (Not a Bug): CPU hog with 23.05: Given that the thread in question is from iflib this seems more like busy hardware or an upstream driver issue and no... Jim Pingle
12:24 PM Todo #14506 (Rejected): Cambio de IP publica caída de la VPN: This site is not for diagnosing or discussing problems with your installation. Please start a forum thread at https:/... Jim Pingle
05:29 AM Bug #13555: When WAN is lost, ipv6 interface will not renew upon WAN availability: The problem persists in version 23.05 with the same configuration as above (different ISP).
The problem doesn't seem... Vincent Gauthier
03:50 AM Regression #11545: Primary interface address is not always used when VIPs are present: Updated a patched 2.6.0 to 2.7.0.r.20230622.0600 and the issue https://redmine.pfsense.org/issues/11545#note-10 has r... M Felden

06/25/2023

11:15 PM Regression #14059: Old states are still used after a route change: This state behavior can affect other VPN types, not only IPsec.
Edit: e.g. https://www.reddit.com/r/PFSENSE/comments... Marcos M
10:05 PM pfSense Docs New Content #14508 (New): Optimizing MTU for VPN Tunnels: Interfaces with suboptimal MTU values can degrade VPN performance; a document that provides examples/steps to optimiz... Marcos M
04:15 PM pfSense Plus Bug #14507: CPU hog with 23.05: If there is a bug, it's more likely to be upstream. FWIW a debug kernel is available in the pfSense repo:... Marcos M
07:49 AM pfSense Plus Bug #14507: CPU hog with 23.05: Kris Phillips wrote in #note-1:
> I'm unable to reproduce this on 23.05 on an amd64 system.
>
> kernel{if_io_tq... Juraj Lutter
01:55 AM pfSense Plus Bug #14507: CPU hog with 23.05: I'm unable to reproduce this on 23.05 on an amd64 system.
kernel{if_io_tqg_1} would be interface processing from... Kris Phillips
04:48 AM pfSense Packages Todo #12351: Remove non-functional feeds: https://cybercrime-tracker.net/fuckerz.php - 500 server error
https://cybercrime-tracker.net/all.php - 500 server er... Jordan G
04:32 AM pfSense Packages Feature #12502: Option to include Syslog-ng Configuration Library (scl): Looks good in syslog-ng v1.16, radio box is present at bottom of config
!clipboard-202306242332-gmfwm.png!
Jordan G
02:06 AM Bug #14450: 23.05 fails to boot on Hyper-V after VM power off, workaround: pfSense Plus 23.05 direct upgrade from CE should now be available, so this should be no longer an issue. Can you ple... Kris Phillips

06/24/2023

11:02 PM Bug #14301: Input validation error when saving IGMP Proxy settings: Tested in 23.05.1-RC and this still seems to be present. Kris Phillips
07:41 PM Feature #14483: Conditionally reconfigure IPsec VTI interfaces only when necessary while applying IPsec changes: Will there be a fox for the IPsec restarts impacting FRR ? Mike Moore
06:25 PM pfSense Packages Bug #14364: APCUPSD unable to process date string: Kris Phillips wrote in #note-1:
> Tested with an APC UPS on 23.05 with the latest apcupsd package. Unable to reprod... Lloyd Collins
07:32 AM pfSense Plus Bug #14507 (Not a Bug): CPU hog with 23.05: I’ve started to observe a CPU hog of one CPU core on APU2 box running pfSense 23.05.
dtrace showed:... Juraj Lutter

06/23/2023

09:10 PM Revision 8967ffeb: Remove devel now that we are at RC: Brad Davis
09:09 PM Revision 8ceefc75: Bump devel: Brad Davis
09:07 PM Revision 9f21eea2: Add .descr for next: Brad Davis
08:53 PM Revision c7a0a10f: Add pfSense next repo for 2.7.0-RC: Brad Davis
08:36 PM Todo #14506 (Rejected): Cambio de IP publica caída de la VPN: Buenas tardes, debido al cambio del proveedor de internet y cambio de IP Publica no funciona la VPN el error que me a... Benjamin Prieto
08:34 PM Revision 3b356a6a: Bump 2.7 to RC: Brad Davis
05:15 PM pfSense Packages Bug #14496: FATAL ERROR: /usr/local/etc/snort/snort_11005_mvneta1/snort.conf(405) Please activate arpspoof before trying to use arpspoof_detect_host.: Thanks for all you do, I appreciate you. Jonathan Lee
03:33 PM pfSense Packages Bug #14496 (Resolved): FATAL ERROR: /usr/local/etc/snort/snort_11005_mvneta1/snort.conf(405) Please activate arpspoof before trying to use arpspoof_detect_host.: PR Merged Jim Pingle
01:55 PM pfSense Packages Bug #14496: FATAL ERROR: /usr/local/etc/snort/snort_11005_mvneta1/snort.conf(405) Please activate arpspoof before trying to use arpspoof_detect_host.: A fix for this issue has been submitted in Pull Request 1269: https://github.com/pfsense/FreeBSD-ports/pull/1269. Thi... Bill Meeks
03:32 PM pfSense Packages Bug #14469 (Resolved): Snort Advanced config pass-through encodes entries: PR Merged Jim Pingle
01:55 PM pfSense Packages Bug #14469: Snort Advanced config pass-through encodes entries: A fix for this issue has been submitted in Pull Request 1269: https://github.com/pfsense/FreeBSD-ports/pull/1269. Thi... Bill Meeks
03:32 PM pfSense Packages Bug #14475 (Resolved): PHP Error: suricata_check_for_rule_updates.php:820: PR Merged Jim Pingle
01:53 PM pfSense Packages Bug #14475: PHP Error: suricata_check_for_rule_updates.php:820: A fix for this has been submitted in Pull Request 1271: https://github.com/pfsense/FreeBSD-ports/pull/1271. This issu... Bill Meeks
02:32 PM pfSense Plus Bug #14385 (Resolved): Unicast CARP VIPs do not communicate using IPv6 Link Local Addresses: Confirmed fixed here as well. I can set an LL on the VIP peer and it communicates as expected and reflects the proper... Jim Pingle
12:54 PM pfSense Plus Bug #14385: Unicast CARP VIPs do not communicate using IPv6 Link Local Addresses: 23.05.1 fixes the issue
tested on:
Version 23.05.1-RC (amd64)
built on Wed Jun 21 19:31:48 UTC 2023
FreeBSD 14.0-... Georgiy Tyutyunnik
02:04 PM Bug #14505 (Duplicate): When trying to create alias for cloudlflare ips pfsense breaks: Duplicate of #14412 Jim Pingle
02:02 PM Bug #14505 (Duplicate): When trying to create alias for cloudlflare ips pfsense breaks: I was trying to create an alias for the cloudflare's ips as provided here https://www.cloudflare.com/ips/ and when I ... Alexandros Georgantas
08:23 AM pfSense Packages Bug #14504 (Incomplete): FTP_Client_Proxy package doesn't create firewall rule: I've installed FTP_Client_Proxy 0.3_8 on pfSense plus 23.05. I enabled the FTP client proxy services, but it doesn't ... Stefano Ceccherini
06:34 AM Regression #14503 (Rejected): The system is stuck on boot on the Synchronizing user settings if remote authentication server is set.: If you set the remote auth server at System=>User Manager=>Settings=>Authentication Server and this server the system... Lev Prokofev

06/22/2023

11:17 PM pfSense Packages Bug #14469: Snort Advanced config pass-through encodes entries: I was able to replicate this issue. It is caused by a misplaced early Base64 decode of a config parameter. A fix will... Bill Meeks
10:24 PM pfSense Packages Bug #14475: PHP Error: suricata_check_for_rule_updates.php:820: Not sure exactly why the input string is too long in this case, but I did find in the PHP interpreter source code tha... Bill Meeks
06:37 PM pfSense Docs Todo #14492 (Resolved): Feedback on Packages — AWS VPC Wizard — AWS VPC Wizard FAQ: Fixed and pushed. I also checked for other references and there were none outside of older release notes where it was... Jim Pingle
06:03 PM Regression #14502 (Confirmed): DHCPv6 Prefix Delegation (PD) not installing routes: Looks like this is happening because dhcpleases6 was removed from the base install in commit:b63b534cb5fb10347f7fdc87... Jim Pingle
05:06 PM Regression #14502 (Resolved): DHCPv6 Prefix Delegation (PD) not installing routes: pfSense successfully hands out PDs, but does not install a route for them. This effectively causes traffic to black h... Jade Deane
02:11 PM Bug #14501 (New): iwi_monitor: You need to read the LICENSE file in /usr/share/doc/legal/intel_iwi.LICENSE.: Hello fellow redmine community members,
I just noticed a small issue on reboots I wanted to share. My system logs ... Jonathan Lee
12:46 PM pfSense Packages Bug #14496: FATAL ERROR: /usr/local/etc/snort/snort_11005_mvneta1/snort.conf(405) Please activate arpspoof before trying to use arpspoof_detect_host.: The code used to generate the @snort.conf@ file for an interface should validate one of the ARP preprocessor options ... Bill Meeks
12:21 PM Regression #14500: PHP Error when viewing Traffic Graphs in ``iftop`` mode: I had fixed this in #14236 but then it regressed when the function was rewritten in commit:fd30ce6a3bddfbc88560952153... Jim Pingle
08:04 AM Regression #14500 (Resolved): PHP Error when viewing Traffic Graphs in ``iftop`` mode: [22-Jun-2023 00:52:59 US/Pacific] PHP Fatal error: Uncaught TypeError: format_number(): Argument #1 ($num) must be o... Jonathan Lee
12:37 AM Bug #14499: rc.bootup: The command '/usr/local/sbin/strongswanrc stop' returned exit code '1', the output was 'strongswan not running? (check /var/run/daemon-charon.pid).': Thanks for the information that error I had not seen until the updates. Is this on other 2100-MAX's? Jonathan Lee
12:19 AM Bug #14499 (Not a Bug): rc.bootup: The command '/usr/local/sbin/strongswanrc stop' returned exit code '1', the output was 'strongswan not running? (check /var/run/daemon-charon.pid).': It's simply saying the service couldn't be stopped because it's already stopped (since the system is booting and the ... Marcos M
12:02 AM Bug #14499 (Not a Bug): rc.bootup: The command '/usr/local/sbin/strongswanrc stop' returned exit code '1', the output was 'strongswan not running? (check /var/run/daemon-charon.pid).': Hello fellow Redmine community members,
Can you please help I found a rc.bootup error that occurs every reboot.
... Jonathan Lee

06/21/2023

11:56 PM pfSense Packages Bug #14498 (New): php errors when looking at snort active rules: Hello Fellow Redmine community members,
I found another php error when I go to look at active rules with Snort fo... Jonathan Lee
10:02 PM Bug #14497 (Closed): Kernel panic when using traffic shaping on a PPPoE interface: A PRIQ traffic shaper with codel enabled can cause a panicwhen applied to a PPPoE WAN.
See: https://forum.netgate.... Steve Wheeler
09:57 PM pfSense Packages Bug #14495 (Not a Bug): Snort does not contain DetectorFini() function: Marcos M
07:53 PM pfSense Packages Bug #14495: Snort does not contain DetectorFini() function: I did not know this. Thanks for the reply. I have attached this for future reference should someone search for the sa... Jonathan Lee
07:11 PM pfSense Packages Bug #14495: Snort does not contain DetectorFini() function: This is not a bug. This is due to having incorrect user-supplied text rules for the current version of the OpenAppID ... Bill Meeks
04:06 PM pfSense Packages Bug #14495 (Not a Bug): Snort does not contain DetectorFini() function: Detector cisco_content_group_dummy_detectors.lua: does not contain DetectorFini() function
I have been getting t... Jonathan Lee
07:35 PM pfSense Packages Bug #14496: FATAL ERROR: /usr/local/etc/snort/snort_11005_mvneta1/snort.conf(405) Please activate arpspoof before trying to use arpspoof_detect_host.: I had to enable unicast Arp checks for the error to stop. After that it never returned. I was under the impression th... Jonathan Lee
07:28 PM pfSense Packages Bug #14496: FATAL ERROR: /usr/local/etc/snort/snort_11005_mvneta1/snort.conf(405) Please activate arpspoof before trying to use arpspoof_detect_host.: I am unable to replicate this issue. I installed the latest 2.7.0-BETA of CE on a virtual machine, enabled the ARP Sp... Bill Meeks
04:54 PM pfSense Packages Bug #14496 (Resolved): FATAL ERROR: /usr/local/etc/snort/snort_11005_mvneta1/snort.conf(405) Please activate arpspoof before trying to use arpspoof_detect_host.: Hello fellow redmine team can you please help I am getting some weird bug errors. I have apr spoof detection enabled ... Jonathan Lee
07:11 PM Revision ea05d6a1: Update to zabbix 6.4 after ports merge: Kristof Provost
06:17 PM Bug #14373: System crashes or may become unresponsive with Captive Portal: thx guys, we really appreciate your work very much! Gerhard Gröschl
05:14 PM Bug #14373: System crashes or may become unresponsive with Captive Portal: Gerhard Gröschl wrote in #note-8:
> yeah, just as a reminder:
> Captive Portal started crashing on our sites with 22.... Jim Thompson
03:29 PM Bug #14373 (Resolved): System crashes or may become unresponsive with Captive Portal: Christian McDonald
05:17 PM Bug #14345 (Resolved): Default tab on ``firewall_rules.php`` is not selected if the configuration has no WAN interface: Tested in latest BETA.
Disabling the WAN interface causes firewall_rules.php page to select the first configured i... Christian McDonald
03:30 PM Bug #14345: Default tab on ``firewall_rules.php`` is not selected if the configuration has no WAN interface: Applied in changeset commit:b9b2596931a623f40299250aa6a973521b326a78. Christian McDonald
03:25 PM Bug #14345 (Feedback): Default tab on ``firewall_rules.php`` is not selected if the configuration has no WAN interface: Christian McDonald
03:37 PM Revision 0a49564d: Update to 2.7.0-RC: Brad Davis
03:28 PM Feature #14408 (Resolved): Include ``ixv`` in ALTQ capable NIC list: ixv is now in the ALTQ capable NIC list.
Marking as resolved. Christian McDonald
03:24 PM Revision c0b53576: firewall_rules.php: default to the first configured interface, Fixes #14345: (cherry picked from commit b9b2596931a623f40299250aa6a973521b326a78) Christian McDonald
03:23 PM Revision b9b25969: firewall_rules.php: default to the first configured interface, Fixes #14345: Christian McDonald
03:14 PM Regression #11570: Gateway monitoring services is not always restarted on interface events, which may prevent a WAN from recovering back to an online state: I might have something to add. While inspecting my downloaded config.xml (CE 2.6.0) I noticed this:
<gateways>
... Darius ITGuys.net
02:40 PM Revision 347bd87c: firewall_nat_out_edit.php: fix invalid format string on Polish translation. Fixes #13946: (cherry picked from commit 755e45db735e505e31e470411c4cb7f388a495ab) Christian McDonald
12:07 PM pfSense Packages Regression #14493: FRR,PHP errors when deleting neighbor: Additional note.
If you disable the FRR service - you can delete anything without errors. Lev Prokofev
06:47 AM pfSense Packages Regression #14493: FRR,PHP errors when deleting neighbor: I can confirm that error
Tested on... aleksei prokofiev
06:11 AM pfSense Packages Regression #14493 (Resolved): FRR,PHP errors when deleting neighbor: Steps to reproduce:
Go to Services=>FRR=>BGP=>Neighbors
1)Add new neighbor
2)Set IP\name
3)Set remote AS
4)S... Lev Prokofev
12:07 PM pfSense Packages Regression #14494: FRR,PHP errors when deleting AS-path: Additional note.
If you disable the FRR service - you can delete anything without errors. Lev Prokofev
11:59 AM pfSense Packages Regression #14494 (Resolved): FRR,PHP errors when deleting AS-path: Steps to reproduce:
1)Create AS-path list
2)Delete As-path list
Looks like related to https://redmine.pfsense.... Lev Prokofev
11:39 AM pfSense Packages Bug #13873: PHP Errors on FRR Global Settings: I get this error on 23.05, without any config except enabling the service and setting the password. PHP error log att... Lev Prokofev
12:33 AM pfSense Packages Bug #14480: Faulty IDS rules can prevent Snort from starting: side note: I think found out why my codespaces environment won't run, I have the free account. It is similar to https... Jonathan Lee

06/20/2023

11:01 PM pfSense Docs Todo #14492 (Resolved): Feedback on Packages — AWS VPC Wizard — AWS VPC Wizard FAQ: *Page:* https://docs.netgate.com/pfsense/en/latest/packages/aws-vpc-wizard/faq.html
*Feedback:*
pfSense doesn't... Chris Linstruth
10:44 PM Bug #14433 (Resolved): Panic when changing the parent of a VLAN interface used by limiters: Works correctly on 23.05.1-RC. Marcos M
09:45 PM Revision 93ad8037: Fixed message about adaptive state handling: Fixed misleading message regarding adaptive state handling.
States are reduced from 100% to the $scalingfactor value... Adam Syndoman
06:56 PM Todo #12431 (Resolved): GUI pages should use ``POST`` for AJAX calls, not ``GET``: These all appear to be working well with POST on current builds.
Jim Pingle
06:47 PM Regression #14370 (Resolved): Console and system log may contain unnecessary Netlink debug messages from IPsec: Looks much better now. I'm no longer seeing any of the debug messages and they were very prevalent on prior builds.
Jim Pingle
06:43 PM pfSense Packages Bug #14491 (Confirmed): FRR not starting with AgentX enabled: After upgrading to pfSense 2.7.0 Beta, FRR wont't start with AgentX enabled in the configuration.
Syslog... beermount beermount
06:37 PM Bug #13088 (Resolved): Rapidly clicking certain options on OpenVPN Client Overrides can cause hide/show field behavior to invert: Working OK on the latest build as far as I can tell.
Jim Pingle
06:34 PM Bug #14474 (Resolved): PHP error from empty ``<plugins>`` tag in ``config.xml``: Looks OK here. I can't crash current builds with that empty tag.
Jim Pingle
06:30 PM Bug #14358 (Resolved): Discrepancy in "TTL for Host Cache Entries" Description: Description is correct in the current builds. Jim Pingle
06:01 PM Bug #14482 (Resolved): Notices incorrectly set system LEDs on hardware with less than three LEDs: This looks good on the 1100 with that patch.
Tested: 23.05.1.r.20230620.1137 Steve Wheeler
05:42 PM Regression #13522 (Resolved): Minnowboard Turbot additions are no longer present: Works as expected in todays beta build: 2.7.0.b.20230620.0600... Steve Wheeler
05:35 PM Bug #13946 (Resolved): Polish translation contains an invalid ``sprintf()`` format in the text for ``firewall_nat_out_edit.php``: Christian McDonald
05:33 PM Bug #13946 (Closed): Polish translation contains an invalid ``sprintf()`` format in the text for ``firewall_nat_out_edit.php``: Fixed Christian McDonald
05:29 PM Revision 755e45db: firewall_nat_out_edit.php: fix invalid format string on Polish translation. Fixes #13946: Christian McDonald
05:07 PM Feature #14408 (Feedback): Include ``ixv`` in ALTQ capable NIC list: Diff committed to master and RELENG_2_7_0. Luiz Souza
05:05 PM Revision e3a8291b: Add "ixv" to the list of capable ALTQ interfaces.: Ticket: #14408
(cherry picked from commit 9947de3e4a03b46bcc05890866c5de44e539b469) Luiz Souza
05:03 PM Revision 9947de3e: Add "ixv" to the list of capable ALTQ interfaces.: Ticket: #14408 Luiz Souza
04:48 PM Bug #14056 (Closed): DNS Resolver experiences intermittent resolution failures with SSL over TLS due to ASLR: We are disabling ASLR on Unbound until a proper fix lands upstream. Christian McDonald
08:42 AM pfSense Plus Bug #13569: Restarting an OpenVPN server running on a CARP VIP in an HA cluster can disrupt unrelated TCP states: I don't think those two are related. Florian Apolloner

06/19/2023

10:36 PM pfSense Plus Bug #13569: Restarting an OpenVPN server running on a CARP VIP in an HA cluster can disrupt unrelated TCP states: Potentially related to https://redmine.pfsense.org/issues/11556 Marcos M
08:37 PM Regression #13522: Minnowboard Turbot additions are no longer present: You should be able to load both the i915/drm and zfs drivers now. The available module space was increased a while back. Steve Wheeler
08:19 PM Regression #13522 (Feedback): Minnowboard Turbot additions are no longer present: Loading of i915kms.ko is fixed with https://gitlab.netgate.com/pfSense/Crossbuild/-/commit/7193baf3aced99352e315801cb... Kristof Provost
09:44 AM Regression #13522: Minnowboard Turbot additions are no longer present: I assume the either zfs or hotplug driver issue remains?
I remember there was a boot issue, which is why I decided t... Ronald Antony
07:55 PM Bug #14358 (Feedback): Discrepancy in "TTL for Host Cache Entries" Description: Applied in changeset commit:d9982f0f4b5401823f85b27d313c2fdc12b235e3. Jim Pingle
07:49 PM Revision 9a129119: Correct ambiguous Unbound TTL Host Cache descr text. Fixes #14358: (cherry picked from commit d9982f0f4b5401823f85b27d313c2fdc12b235e3) Jim Pingle
07:49 PM Revision d9982f0f: Correct ambiguous Unbound TTL Host Cache descr text. Fixes #14358: Jim Pingle
07:30 PM Bug #14474 (Feedback): PHP error from empty ``<plugins>`` tag in ``config.xml``: Applied in changeset commit:1dfacf5a5d66fe31d11f441f5055dd31da8e1e9c. Jim Pingle
07:24 PM Revision d86f814c: Read pkg plugins more carefully. Fixes #14474: (cherry picked from commit 1dfacf5a5d66fe31d11f441f5055dd31da8e1e9c) Jim Pingle
07:23 PM Revision 1dfacf5a: Read pkg plugins more carefully. Fixes #14474: Jim Pingle
06:47 PM Regression #14431: Sending IPv6 traffic on a disabled interface can trigger a kernel panic: After poking around here is my analysis, which confirms my preliminary suspicion:
All of the crash sites are invokin... Mateusz Guzik
06:30 PM Bug #14482 (Feedback): Notices incorrectly set system LEDs on hardware with less than three LEDs: Applied in changeset commit:06c11e21180bdec5b764ea3a9ac1bf50b4b1ab3f. Jim Pingle
06:25 PM Bug #14482: Notices incorrectly set system LEDs on hardware with less than three LEDs: We had a function to check the count of LEDs already so I added a check for that in all the LED functions which expec... Jim Pingle
06:23 PM Revision 61367c8e: Don't use LED functions without the expected LED count. Fixes #14482: (cherry picked from commit 06c11e21180bdec5b764ea3a9ac1bf50b4b1ab3f) Jim Pingle
06:22 PM Revision 06c11e21: Don't use LED functions without the expected LED count. Fixes #14482: Jim Pingle
06:20 PM Bug #14237: Intermittent packet loss related to DHCP with Multi-WAN: Updated to 2.7.0-BETA, still the same issue. Please let me know if there is anything else I can do to help diagnose a... Nazar Mokrynskyi
04:57 PM pfSense Plus Bug #14478: Ethernet rules using ``(self)`` as a source or destination make the ruleset fail to load: The issue here is that pfctl is not correctly parsing the case where the L3 host spec is a dynamic host, that is @(se... Christian McDonald
04:35 PM Bug #2218: CARP VIPs can become master too early at boot time: Changes picked to 23.05.1 branch Reid Linnemann
04:28 PM Bug #2218: CARP VIPs can become master too early at boot time: Bringing in to 23.05.1 Reid Linnemann
03:06 PM pfSense Docs Todo #14485 (Closed): Feedback on Cellular Wireless — Known Working 3G-4G Modems: Added, thanks! Jim Pingle
01:13 PM Regression #14488: Extensions directory is not set in ``rc.php_ini_setup``: I'm not sure we even need to set this anymore. It is using the correct directory already by default. ... Jim Pingle
06:13 AM Regression #14488: Extensions directory is not set in ``rc.php_ini_setup``: https://github.com/pfsense/pfsense/pull/4642 Marcello Silva Coutinho
04:15 AM Regression #14488 (Resolved): Extensions directory is not set in ``rc.php_ini_setup``: rc.php_ini_setup not checking php version 8.2
--- /root/rc.php_ini_setup 2023-06-19 04:10:57.592644000 +0000
... Marcello Silva Coutinho
01:04 PM Bug #14490 (Not a Bug): ~/.tcshrc needs cleaning up...: I updated the info in the linked Redmine, there already wasn't any mention of the deprecated ~/.keephistory file in t... Jim Pingle
10:44 AM Bug #14490 (Not a Bug): ~/.tcshrc needs cleaning up...: The ~/.tcshrc still has this misleading comment:... Ronald Antony
01:03 PM Feature #11029: Enable command history in the shell: I updated the info here and linked to the later issue which changed the behavior, so there is no mention of the ~/.ke... Jim Pingle
09:35 AM Feature #11029: Enable command history in the shell: As of CE2.7.0 beta this issue is still misleadingly referenced in ~/.tcshrc misleading users about how to enable perm... Ronald Antony
12:25 PM Feature #9545: Enable Multipath Routing in the Kernel: Mike Moore wrote in #note-13:
> Confirmed that multipath is enabled by default.
> Although unlikely for me, is ther... Jim Pingle
09:06 AM pfSense Packages Bug #14489 (New): FRR needs delayed startup: Hi,
FRR is currently started before completing Wireguard tunnels initialization:
[FRR startup]
*2023-06-17 18... Spike R.D.
07:59 AM pfSense Plus Bug #14385: Unicast CARP VIPs do not communicate using IPv6 Link Local Addresses: So the fix was already in 2.7 BETA, and was also cherry-picked to the plus-RELENG_23_05 branch in case of future poin... Kristof Provost
05:24 AM pfSense Packages Bug #14480: Faulty IDS rules can prevent Snort from starting: I have attached a very simple example of a Java version of try catch. I am positive you know try catch very well. My ... Jonathan Lee
04:35 AM pfSense Packages Bug #14480: Faulty IDS rules can prevent Snort from starting: https://github.com/pfsense/FreeBSD-ports/tree/devel/security/snort
Thanks for the reply again,
I wanted to as... Jonathan Lee
04:19 AM Revision e7e6a4ed: Update rc.php_ini_setup to check php version 8.2: rc.php_ini_setup on 2.7 version not checking php version 8.2
https://redmine.pfsense.org/issues/14488 Marcello Silva Coutinho

06/18/2023

10:34 PM Feature #14483: Conditionally reconfigure IPsec VTI interfaces only when necessary while applying IPsec changes: Another action thats repeateable. Go into the tunnel settings. Select a tunnel but do not make any changes. Click sav... Mike Moore
10:31 PM Feature #14483: Conditionally reconfigure IPsec VTI interfaces only when necessary while applying IPsec changes: changes to P1 parameters of any tunnel and clicking apply bounces all bgp peers.
changes to the Tunnels description ... Mike Moore
10:02 PM Feature #14483 (New): Conditionally reconfigure IPsec VTI interfaces only when necessary while applying IPsec changes: Oddly I can only replicate the issue after changing/saving/applying the P1 description a _second_ time with @Ignore I... Marcos M
09:01 PM Feature #14483: Conditionally reconfigure IPsec VTI interfaces only when necessary while applying IPsec changes: Why was this rejected. That option is enabled for me. The entire point of a redmine is not to troubleshoot but to rep... Mike Moore
05:37 PM Feature #14483 (Rejected): Conditionally reconfigure IPsec VTI interfaces only when necessary while applying IPsec changes: This is part of the reason why the option @Ignore IPsec Restart@ in FRR exists. Marcos M
01:50 AM Feature #14483: Conditionally reconfigure IPsec VTI interfaces only when necessary while applying IPsec changes: I have made a VTI description change. Logs from the ipsec.log file..
Jun 17 21:48:15 GAFW charon[5702]: 14[KNL] <c... Mike Moore
12:43 AM Feature #14483: Conditionally reconfigure IPsec VTI interfaces only when necessary while applying IPsec changes: Although not a true apples to apples comparison, I do have another FreeBSD firewall running ( *sense) and ran the sam... Mike Moore
12:38 AM Feature #14483: Conditionally reconfigure IPsec VTI interfaces only when necessary while applying IPsec changes: Extended ping from Windows client through the IPsec tunnel to the OCI compute instance. Notice the drop in pings. Tha... Mike Moore
12:35 AM Feature #14483: Conditionally reconfigure IPsec VTI interfaces only when necessary while applying IPsec changes: Routing logs Mike Moore
12:26 AM Feature #14483: Conditionally reconfigure IPsec VTI interfaces only when necessary while applying IPsec changes: This is to OCI - Oracle Cloud Infrastructure.
To add to the notes, even updating the description bounces eBGP neighb... Mike Moore
09:43 PM pfSense Packages Bug #14486 (Duplicate): FRR - Changes to VTI tunnels bounce all eBGP peers: Marcos M
09:13 PM pfSense Packages Bug #14486 (Duplicate): FRR - Changes to VTI tunnels bounce all eBGP peers: Please reference Bug #14483
I have the option "Ignore IPsec Restart" enabled under Global Settings in FRR.
Any... Mike Moore
08:07 PM pfSense Docs Todo #14207 (Resolved): Rate limiting on Chelsio T4/5 NICs: Changing issue scope as this does not seem to be a bug with pfSense software. Marcos M
08:01 PM Bug #14288 (Resolved): Setting system DNS servers can incorrectly modify routes for interface addresses: Marcos M
07:59 PM Bug #14356 (Resolved): URL scheme is not properly validated in some cases: Marcos M
07:54 PM Bug #14400 (Resolved): PHP Error in ``upgrade216_ipsec_create_vtimap()``: Marcos M
07:35 PM Bug #14446 (Resolved): PHP error in Captive Portal ``usedmacs`` handling: Marcos M
07:03 PM Bug #2218 (Resolved): CARP VIPs can become master too early at boot time: Tested on 23.05 - no issues. Marcos M
06:37 PM Bug #13423: IPv6 neighbor discovery protocol (NDP) fails in some cases: I also am experiencing this same issue and I can reliably re-produce it. However, I am not getting any output in dmes... Josh Balcom
06:29 PM pfSense Packages Bug #14480 (Not a Bug): Faulty IDS rules can prevent Snort from starting: Marcos M
05:32 PM pfSense Packages Bug #14480: Faulty IDS rules can prevent Snort from starting: The Snort package on pfSense is an open source volunteer maintained contribution. The source code for both the GUI an... Bill Meeks
03:46 PM Bug #14435 (New): PHP error with limiters: The issues in the previous comments are known:
#note-2 - https://redmine.pfsense.org/issues/13687
#note-4 - https:/... Marcos M
04:28 AM Bug #14435: PHP error with limiters: could be related, but if you already have a limiter and child queue created, saving the limiter again presents the ap... Jordan G
12:54 PM pfSense Docs Todo #14485 (Closed): Feedback on Cellular Wireless — Known Working 3G-4G Modems: *Page:* https://docs.netgate.com/pfsense/en/latest/cellular/hardware.html
*Feedback:*
Please add "NETGEAR 4G LTE ... David Irwin
02:51 AM pfSense Plus Regression #14436: Upgrades from 23.05-RC/beta/dev fail server authentication: Still unable to hit this again when switching update branch or add/removing packages. Lets verify what branches shoul... Jordan G
02:35 AM pfSense Packages Bug #14484 (Resolved): lldpd php error on saving with no interface selected: use ctrl + click and deselect any interface (previously) highlighted and attempt to save lldpd settings... Jordan G
12:48 AM Bug #14325: Captive Portal incorrectly allows leading zeroes on voucher roll numbers: Tested and confirm behavior in pfSense CE 2.7. Kris Phillips
12:10 AM Bug #14477: Defining IP address on an Interface doesn't check defined VIPs for possible IP address overlapping: Confirmed this behavior in pfSense CE 2.7.
When attempting to add a VIP that is already used by the interface, i... Kris Phillips

06/17/2023

11:59 PM pfSense Packages Bug #14284 (Incomplete): Wen changing frontend type, there will be invissible leftovers, disturbing defining the new type: Hello,
What "leftovers" are you referring to? Please provide reproduction step-by-step with what you expect and w... Kris Phillips
11:45 PM Feature #14483: Conditionally reconfigure IPsec VTI interfaces only when necessary while applying IPsec changes: please provide more details about the tunnel's configurations. Alhusein Zawi
06:38 PM Feature #14483 (New): Conditionally reconfigure IPsec VTI interfaces only when necessary while applying IPsec changes: I have at this time 4x IPsec VTI tunnels running eBGP.
When any change is made to any VPN tunnel (changes to the VTI... Mike Moore
09:55 PM Bug #14462 (Pull Request Review): Breadcrumb path missing on ``system_register.php``: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/1045 Christopher Cope
06:40 PM Feature #9545: Enable Multipath Routing in the Kernel: Confirmed that multipath is enabled by default.
Although unlikely for me, is there a way to turn OFF multipath behav... Mike Moore
05:51 PM Bug #2218: CARP VIPs can become master too early at boot time: Never mind, just applied it in sequence, 62fb07c8163b1cf8731d944fe958071f73f43ef8 and 5e92d678f642277642acb7f471cd430... Vladimir Suhhanov
02:19 PM Bug #2218: CARP VIPs can become master too early at boot time: Reid Linnemann wrote in #note-21:
> I had some stale edits in the commit referenced above, as of commit:5e92d678f642... Vladimir Suhhanov
03:48 PM pfSense Plus Bug #14385: Unicast CARP VIPs do not communicate using IPv6 Link Local Addresses: I tested against the latest Plus DEVELOPMENT built.
The behavior is consistent with the explanation provided. It a... Danilo Zrenjanin
03:27 PM Bug #14482: Notices incorrectly set system LEDs on hardware with less than three LEDs: See: https://forum.netgate.com/topic/177872/sg-1100-black-diamond-led-always-off-in-23-01 Steve Wheeler
03:27 PM Bug #14482 (Resolved): Notices incorrectly set system LEDs on hardware with less than three LEDs: Creating or dismissing notices triggers code that sets system LEDs incorrectly.
The functions that are called (led_n... Steve Wheeler
03:25 PM pfSense Packages Bug #14480: Faulty IDS rules can prevent Snort from starting: I'll chime in with another view point that I find disturbing. Not classifying this as a bug, or at the least a securi... the root
05:14 AM pfSense Packages Bug #14480: Faulty IDS rules can prevent Snort from starting: Thanks for the reply Bill Meeks,
Please let me attempt to pitch this one more time as a bug and not a feature to y... Jonathan Lee
02:53 AM pfSense Packages Bug #14480: Faulty IDS rules can prevent Snort from starting: This is not a bug. The problem described here was caused by a faulty rules update file produced and distributed by a ... Bill Meeks
12:58 AM pfSense Packages Bug #14480: Faulty IDS rules can prevent Snort from starting: Main issue: Snort fails completely open within this situation. Snort does not function at all during this. Jonathan Lee
09:37 AM Feature #14402: Dynamic DNS support for Porkbun: Adrien Carlyle wrote in #note-1:
> EDIT: looks like OP already submitted a PR: https://www.reddit.com/r/PFSENSE/comm... Nita Vesa
05:16 AM pfSense Packages Feature #14481: Add Smartphone Base Splice Support Groups Radio Button in "SSL Man In the Middle Filtering": Note: some of the regex expressions were mixed up when posting this please ref the screen shots. Jonathan Lee
01:43 AM pfSense Packages Feature #14481 (New): Add Smartphone Base Splice Support Groups Radio Button in "SSL Man In the Middle Filtering": https://support.google.com/work/android/answer/10513641?hl=en
https://support.apple.com/en-gb/HT210060
Each of ... Jonathan Lee
01:00 AM Feature #14444: Aliases options for custom OS fingerprints?: Main Issue: pfSense's ACL (access control list) under advanced has a source OS option, this would work again if we co... Jonathan Lee

06/16/2023

09:33 PM Revision 4ff9590c: Bump 2.7 to BETA: Brad Davis
09:26 PM pfSense Packages Bug #14480: Faulty IDS rules can prevent Snort from starting: To quote bemeeks,
" _This will have to be fixed by the Emerging Threats rule writers. They will release an updated... Jonathan Lee
09:17 PM pfSense Packages Bug #14480: Faulty IDS rules can prevent Snort from starting: To quote valete3. . .
_"Emerging threats released out of band rules update to resolve.
https://community.emergi... Jonathan Lee
09:13 PM pfSense Packages Bug #14480 (Not a Bug): Faulty IDS rules can prevent Snort from starting: FATAL ERROR: /usr/local/etc/snort/snort_4851_ix0/rules/snort.rules:19567: Can't use flow: stateless option with other... Jonathan Lee
08:21 PM Bug #14479: unbound doing qname-minimisation when enabled in unbound gui.: Just tested on 23.05 same thing - if you uncheck to do qname in the unbound advanced section, it removes the qname li... JohnPoz _
06:52 PM Bug #14479: unbound doing qname-minimisation when enabled in unbound gui.: here is link to unbound doc's stating they do qname min by default
https://nlnetlabs.nl/documentation/unbound/unbo... JohnPoz _
06:46 PM Bug #14479 (New): unbound doing qname-minimisation when enabled in unbound gui.: I have not checked 2.7 or 23.05 yet but this came up in a discussion here
https://forum.netgate.com/post/1110945
... JohnPoz _
07:18 PM Revision ebc3bde6: Add the pfSense Plus pkg fingerprints.: Fixes the upgrade from CE now that CE can verify the Plus packages.
Submitted by: KrisM
(cherry picked from commi... Luiz Souza
07:15 PM Revision df664372: Add the pfSense Plus pkg fingerprints.: Fixes the upgrade from CE now that CE can verify the Plus packages.
Submitted by: KrisM Luiz Souza
06:43 PM pfSense Plus Bug #14478 (In Progress): Ethernet rules using ``(self)`` as a source or destination make the ruleset fail to load: Christian McDonald
06:43 PM pfSense Plus Bug #14478: Ethernet rules using ``(self)`` as a source or destination make the ruleset fail to load: Tracked this down. Fix in progress. Christian McDonald
05:03 PM pfSense Plus Bug #14478 (Resolved): Ethernet rules using ``(self)`` as a source or destination make the ruleset fail to load: Specific Ethernet rule configuration produces rules loading error. Seems to be linked with "Destination IP" set as "O... Georgiy Tyutyunnik
06:20 PM pfSense Packages Bug #10436: softflowd no longer sends flow data after upgrade (v0.9.9_1 -> v1.0.0): fyi.. after upgrading to pfsense 23.05 & softflowd 1.2.6_1, stability has returned.. two weeks of uptime so far. Mark Hassman
04:01 PM Feature #14402: Dynamic DNS support for Porkbun: I'm interested in this because Google Domains customers are being sold to Squarespace, but Squarespace does not have ... Adrien Carlyle
12:59 PM Regression #14370 (Feedback): Console and system log may contain unnecessary Netlink debug messages from IPsec: I've cherry-picked the upstream change to the 2.7 branch. Kristof Provost
09:11 AM pfSense Packages Regression #14441: Zabbix Proxy package version 6.0.15 doesn't work in 23.05: Can confirm, the service is running but there is no traffic sent to the Zabbix server. Works fine on 23.01
Tested ... Lev Prokofev

06/15/2023

08:18 PM Revision 890dfadb: Use the dynamic repos help text instead of the old 'custom' repo.: (cherry picked from commit 2f723b39d1201bfb5906eed3edda16de45b3a463) Luiz Souza
08:17 PM Revision 2f723b39: Use the dynamic repos help text instead of the old 'custom' repo.: Luiz Souza
08:13 PM Revision a516e0f2: Remove the old 'pfupdate' endpoint support.: Disable the support for old style 'custom' repo.
The Plus migration will be handled by the dynamic repos now.
(cher... Luiz Souza
08:12 PM Revision 43d83a84: Remove the old 'pfupdate' endpoint support.: Disable the support for old style 'custom' repo.
The Plus migration will be handled by the dynamic repos now. Luiz Souza
08:02 PM Bug #12927 (Incomplete): OpenVPN with OCSP enabled allows connections with revoked certificates: Looks like we need more info here or some reliable way to reproduce the problem. There was no response to our last in... Jim Pingle
07:30 PM Bug #14167: Auto Config Backup: Selected manual backups are not retained.: If this is all in the backend there is no need to tie it to a pfSense software release/version. Jim Pingle
03:52 PM Revision ef03960a: net/dhcpcd: (re)introduce dhcpcd to poudriere_bulk for development and testing: Christian McDonald
12:38 PM Bug #14476 (Rejected): No log for GRE Traffic: I cannot reproduce the problem as stated. If I add a rule to log GRE traffic, it gets logged.
!clipboard-202306150... Jim Pingle
06:40 AM Bug #14476 (Rejected): No log for GRE Traffic: When a rule is configured to let GRE traffic pass through the firewall, this traffic is never logged even if the rule... Michel Nolf
09:55 AM Bug #14477 (New): Defining IP address on an Interface doesn't check defined VIPs for possible IP address overlapping: When attempting to create a VIP (Alias type) with an IP address that has already been defined on the interface, the s... Danilo Zrenjanin

06/14/2023

10:35 PM Revision daf0b149: Use the new notation from 877e6b53c7e76f0bcb02621d290a4e325941fd1c.: No functional changes.
(cherry picked from commit 3c2cb48ceb9ed1c2336c6476b2bcb9cc386bf2e4) Luiz Souza
10:34 PM Revision 3c2cb48c: Use the new notation from 877e6b53c7e76f0bcb02621d290a4e325941fd1c.: No functional changes. Luiz Souza
10:08 PM pfSense Packages Bug #14475 (Resolved): PHP Error: suricata_check_for_rule_updates.php:820: PHP Error from Suricata when updating:... Steve Wheeler
09:57 PM Bug #14083: Adding MSS and MTU values on a LAGG VLAN interface breaks connectivity: I think i may be affected by this on a Netgate 3100. I had an MTU set on WAN interface 1480, which had been seemingly... Joakim Plate
09:45 PM Revision 54b89425: Add the missing 'pkg_repos_path' global.: Rerported and tested by: KrisM
(cherry picked from commit 9de48f4b0a925932f7a14e8b6b9ff851780c4deb) Luiz Souza
09:44 PM Revision 9de48f4b: Add the missing 'pkg_repos_path' global.: Rerported and tested by: KrisM Luiz Souza
07:51 PM Todo #14027: Update PHP to 8.2.6: For CE 2.7.0, this was bumped up to PHP 8.2.6 Jim Pingle
07:51 PM Revision 720f11b3: Fix a merge problem in the last commit to accommodate a small difference with Plus.: (cherry picked from commit 77a16446b68860f14faad054c02c8ac532d138c9) Luiz Souza
07:50 PM Revision 77a16446: Fix a merge problem in the last commit to accommodate a small difference with Plus.: Luiz Souza
07:48 PM Todo #13866: Add Python 3.11.1 to base system: This was superseded by #13867, no need to include it in release notes. Jim Pingle
07:47 PM Todo #13865: Update Python 3.9.15 to 3.9.16 in base system: This was superseded by #13867, no need to include it in release notes. Jim Pingle
05:54 PM Bug #14474: PHP error from empty ``<plugins>`` tag in ``config.xml``: They must have hit some other older bug first. At least on a current install, the squid package has two plugins liste... Jim Pingle
05:32 PM Bug #14474: PHP error from empty ``<plugins>`` tag in ``config.xml``: Jim Pingle wrote in #note-1:
> Any idea how that bad tag made it into the configuration?
>
> That isn't something... Christopher Cope
05:14 PM Bug #14474: PHP error from empty ``<plugins>`` tag in ``config.xml``: Any idea how that bad tag made it into the configuration?
That isn't something we've seen in any testing before th... Jim Pingle
05:11 PM Bug #14474 (Resolved): PHP error from empty ``<plugins>`` tag in ``config.xml``: The following error occurred preventing the GUI from opening.... Christopher Cope
05:40 PM Revision c6fc414c: Add the dynamic repos support.: Load the repository settings dynamically from Netgate, allowing for more
flexibility and direct support to update for... Luiz Souza
05:37 PM Revision 654dc4ac: Add the dynamic repos support.: Load the repository settings dynamically from Netgate, allowing for more
flexibility and direct support to update for... Luiz Souza
04:04 PM Bug #14356: URL scheme is not properly validated in some cases: Thank you for looking at this. Jonathan Lee
04:03 PM Feature #14444: Aliases options for custom OS fingerprints?: https://forum.netgate.com/topic/180680/feature-request-aliases-options-for-use-with-advanced-option-source-os-access-... Jonathan Lee
02:26 PM pfSense Plus Feature #13786: ldap intergration for firewall rules: Appreciate the feedback Kris! Mike Moore
12:47 PM Feature #14457 (Closed): Support receiving ``EAPOL`` frames on VLAN ``0`` in ``wpa_supplicant``: Christian McDonald
01:46 AM Bug #14473 (Confirmed): Automatic gateway not updating after default deleted: Copied from forum post: https://forum.netgate.com/topic/177395/automatic-gateway-not-updating-after-default-deleted
... Matthew Foran

06/13/2023

08:23 PM Feature #14457: Support receiving ``EAPOL`` frames on VLAN ``0`` in ``wpa_supplicant``: Tested the patch, works perfectly with AT&T. Thank you!
We had a pfsense release in the past where the wpa_supplic... Hayden Hill
07:47 PM Bug #12947 (New): Old IPv6 addresses may continue to be used after DHCP or RA changes: Jim Pingle
04:05 PM Bug #14288 (Feedback): Setting system DNS servers can incorrectly modify routes for interface addresses: Applied in changeset commit:e47285ae279a35b3a5211a093299eb69d3344592. Marcos M
04:01 PM Revision 10ada61d: Don't modify routes when adding or removing DNS IP addresses that exist on interfaces. Fix #14288: (cherry picked from commit e47285ae279a35b3a5211a093299eb69d3344592) Marcos M
04:01 PM Revision 25751a38: Fix references to 'disable_carp' introduced in 62fb07c816. #2218: The original commit had some lingering references to a function 'disable_carp'
that had been abandoned in favor of a ... Reid Linnemann
03:57 PM Revision e47285ae: Don't modify routes when adding or removing DNS IP addresses that exist on interfaces. Fix #14288: Marcos M
02:13 PM Bug #14458: PHP error in IPsec tunnels list: Updating subject for release notes. Jim Pingle
02:10 PM Bug #14373: System crashes or may become unresponsive with Captive Portal: Updating subject for release notes. Jim Pingle
02:04 PM Bug #14433 (Feedback): Panic when changing the parent of a VLAN interface used by limiters: Fixed by https://cgit.freebsd.org/src/commit/?id=0ba9cb5e710f42fcbc5d710a606bfae5a7f90984
I've also cherry-picked ... Kristof Provost
01:56 PM pfSense Plus Bug #13569: Restarting an OpenVPN server running on a CARP VIP in an HA cluster can disrupt unrelated TCP states: Debugging even further this seems to be timing sensitive. If I run @pfctl -i ovpns1 -Fs && pfSctl -c 'filter reload a... Florian Apolloner
01:38 PM pfSense Plus Bug #13569: Restarting an OpenVPN server running on a CARP VIP in an HA cluster can disrupt unrelated TCP states: I am able to reproduce the issue and I can also confirm that the issue is gone if I comment out @/sbin/pfctl -i $1 -F... Florian Apolloner
08:48 AM pfSense Plus Bug #13569: Restarting an OpenVPN server running on a CARP VIP in an HA cluster can disrupt unrelated TCP states: Marcos M wrote in #note-5:
> Additional notes while working with cjl:
> Commenting out the line @/sbin/pfctl -i $1 ... Florian Apolloner
08:43 AM pfSense Plus Bug #13569: Restarting an OpenVPN server running on a CARP VIP in an HA cluster can disrupt unrelated TCP states: Hi there, I think I am seeing the same issue (on 23.05). I also do have OpenVPN on CARP IPs as of now (though openvpn... Florian Apolloner
07:16 AM pfSense Packages Bug #14460: PHP Fatal error: Uncaught TypeError: Cannot access offset of type string on string in /usr/local/pkg/haproxy/haproxy.inc:2158: Thanks for creating this issue.
Could it be that the lua-script used in the HAproxy-config triggers these errors?
... Stefan Weichinger

06/12/2023

09:18 PM pfSense Packages Bug #14469 (Resolved): Snort Advanced config pass-through encodes entries: When attempting to add a custom snort.conf config line using the Snort Advanced Configuration Pass-Through feature, t... Alex Tatistcheff
03:03 PM Bug #13940 (Resolved): Firewall log parser does not handle SCTP log entries: Seems to be working OK. Logs are showing not only SCTP but also some other entries that were not previously parsed.
... Jim Pingle
01:58 PM pfSense Docs Todo #14463 (Closed): The reference external port for LAN should be unset when adding OPT: Done and deployed.
https://gitlab.netgate.com/docs/pfsense-platforms/-/commit/5635ed72407a70aadffe16f4eae6975de83e... Jim Pingle
01:36 PM pfSense Docs Correction #14422 (Closed): Release Versions Supported Needs Updated: Done and deployed. Jim Pingle
12:00 PM Bug #14354 (Resolved): Outbound NAT rule input validation error when attempting to manually specify "Other Subnet" with a valid address: Jim Pingle
11:59 AM pfSense Packages Todo #9200 (Resolved): Add DNS support for Google domain to Acme manager: Jim Pingle
11:20 AM Feature #290: Add Multi-WAN awareness to UPnP: I am really interested in this feature as i use dual wan and this is a must have in my book as changing wan for UPNP ... Michael Clews

06/11/2023

10:50 PM pfSense Plus Bug #14467: Temperature sensor reading is abnormally high on some systems: This is not true for all pchtherm devices though. For example:... Steve Wheeler
04:52 PM pfSense Plus Bug #14467 (New): Temperature sensor reading is abnormally high on some systems: The temperature reading @dev.pchtherm.0.temperature@ was introduced in 23.01 and it seems to be incorrect. It fluctua... Marcos M
10:50 PM pfSense Packages Feature #14468 (Rejected): pass along ntopng professional license key: Provide a way through the ntop settings GUI to pass along the ability to upgrade to the Pro version. Perhaps have an ... Mike Moore
10:46 PM Feature #9545: Enable Multipath Routing in the Kernel: Looks like its available in the 23.05 release i am running a 6100. So its enabled but not exposed through the GUI. I ... Mike Moore
08:00 PM Bug #14396: Reassembled packets received on a VTI are not forwarded: I would very much like to understand what I am missing here. The patch changes
- $scrubrules .= "scr... Christopher de Haas
05:52 PM Bug #14396 (Resolved): Reassembled packets received on a VTI are not forwarded: I can confirm that the patch works correctly with both reassembly and filtering (FWIW the actual fix cannot be applie... Marcos M
11:22 AM Bug #14396: Reassembled packets received on a VTI are not forwarded: I found the filter_get_vpns_list() funtion, and as far as I can tell this will never include networks routed over a V... Christopher de Haas
08:51 AM Bug #14396: Reassembled packets received on a VTI are not forwarded: Thank you all very much for taking this issue seriously.
Something is still not quite right here. I am testing with ... Christopher de Haas
06:57 PM pfSense Plus Regression #14436: Upgrades from 23.05-RC/beta/dev fail server authentication: this may have been from logging in as someone other than admin? don't seem to be able to replicate what I saw previou... Jordan G
04:32 PM Bug #14450: 23.05 fails to boot on Hyper-V after VM power off, workaround: Had root cause been identified? Are there known manual repair steps? As of 6/11 there are no 23.05 patches availabl... Travis McMurry
04:24 PM pfSense Packages Feature #13863: squidguard auto update blacklist: Hello,
will the function be built in?
The function is already available in other Firewalls.
It would be really ... Thomas Schäfer
04:23 PM pfSense Packages Regression #13984: PHP errors with squid: +https://redmine.pfsense.org/issues/14426+
Hello Marcos I found you some more PHP issues with this under Squid rep... Jonathan Lee
01:14 AM pfSense Packages Todo #9200: Add DNS support for Google domain to Acme manager: I just created a cert using this earlier today, works like a charm! Thank you! Matt D

06/10/2023

11:17 PM Feature #9545: Enable Multipath Routing in the Kernel: net.route.multipath =1 is active
[2.7.0-DEVELOPMENT][admin@pfSense.home.arpa]/root: sysctl net.route
net.route... Alhusein Zawi
08:48 PM pfSense Packages Todo #9200: Add DNS support for Google domain to Acme manager: the drop down and token field for Google Domains (DNS API) is present in ACME 0.7.4 - don't have valid credentials I ... Jordan G
08:18 PM pfSense Plus Regression #14436: Upgrades from 23.05-RC/beta/dev fail server authentication: Following a reboot on 8200 (which previously had gotten the latest pfSense-repoc, pfSense-upgrade; could pull, instal... Jordan G
05:56 PM pfSense Packages Bug #14364 (Incomplete): APCUPSD unable to process date string: Tested with an APC UPS on 23.05 with the latest apcupsd package. Unable to reproduce this error. Can you please pro... Kris Phillips
04:55 PM Bug #14386: ``openvpn.auth-user.php`` gets stuck at 100% CPU usage when RADIUS authentication times out: Hello,
Do you see this same behavior in 23.05? Kris Phillips
04:55 PM Regression #14374: Static ARP entries are not configured at boot: Title should be updated, since this is no longer only relevant to 23.01. Kris Phillips
04:52 PM Bug #14462: Breadcrumb path missing on ``system_register.php``: Confirmed in 23.05 of pfSense Plus. The browser tab shows no information about the tab on the Register page. See at... Kris Phillips
09:00 AM Bug #14354: Outbound NAT rule input validation error when attempting to manually specify "Other Subnet" with a valid address: Looks good after the fix, no more errors and typos.
!clipboard-202306101259-vg2hb.png!
Lev Prokofev

06/09/2023

08:43 PM pfSense Docs Correction #14422 (New): Release Versions Supported Needs Updated: 22.05.1 & 22.05 are still marked as supported, but shouldn't be. They should also be moved from https://docs.netgate.... Christopher Cope
07:35 PM Feature #9545: Enable Multipath Routing in the Kernel: i do have a use case with 2x DIA circuits. Would love to test if possible. Mike Moore
05:51 PM Feature #9545: Enable Multipath Routing in the Kernel: Will it be enabled in any development snapshots maybe for 23.09 or made available sooner? Mike Moore
06:29 PM Bug #14466 (New): Log errors on new systems without a thoth chip: On new 1100s and 2100s without thoth chips the following error is being generated in the logs. Perhaps it should be h... Christopher Cope
06:03 PM pfSense Docs Correction #14465 (Closed): Move "Supported" Releases That Aren't Supported into Unsupported Category: Fixed and deployed.
https://gitlab.netgate.com/docs/pfSense-docs/-/commit/18a4244b96ec0f75442648a0fee790263484b2d0
Jim Pingle
04:25 PM pfSense Docs Correction #14465 (Closed): Move "Supported" Releases That Aren't Supported into Unsupported Category: Releases 22.01 and all of the 21.02.X releases on this page are under the "Supported" heading:
https://docs.netgate.... Kris Phillips
05:27 PM pfSense Packages Bug #14199 (Feedback): ACME - Issue with corrupted cert: Fixed in ACME pkg v0.7.4 Jim Pingle
05:10 PM pfSense Packages Bug #14199 (In Progress): ACME - Issue with corrupted cert: Jim Pingle
05:27 PM pfSense Packages Todo #9200 (Feedback): Add DNS support for Google domain to Acme manager: Added in ACME pkg v0.7.4 Jim Pingle
05:10 PM pfSense Packages Todo #9200 (In Progress): Add DNS support for Google domain to Acme manager: Jim Pingle
05:08 PM pfSense Packages Feature #13608 (Not a Bug): ACME Not Recognizing new .au domain on wildcard: There is *no special handling* of anything under "*.au" in this package or in @acme.sh@. Looking at the error in the ... Jim Pingle
01:16 PM pfSense Packages Feature #14464 (Duplicate): BGP ECMP: Duplicate of #9545
Jim Pingle
03:43 AM pfSense Packages Feature #14464 (Duplicate): BGP ECMP: Enable the ability to have bgp perform ECMP (multipath).
I see it as possible in the frr documentation. Would be gre... Mike Moore

06/08/2023

09:56 PM Bug #2218: CARP VIPs can become master too early at boot time: I had some stale edits in the commit referenced above, as of commit:5e92d678f642277642acb7f471cd430ed53aae16 these sh... Reid Linnemann
09:31 PM Revision 5e92d678: Fix references to 'disable_carp' introduced in 62fb07c816. #2218: The original commit had some lingering references to a function 'disable_carp'
that had been abandoned in favor of a ... Reid Linnemann
08:44 PM pfSense Packages Bug #14426: PHP errors in Lightsquid: 2100-MAX
Crash report begins. Anonymous machine information:
arm64
14.0-CURRENT
FreeBSD 14.0-CURRENT #1 plus... Jonathan Lee
06:12 PM pfSense Docs Todo #14449 (Feedback): Add info about crypto accelerator behavior when multiple options are enabled: Updates:
* https://gitlab.netgate.com/docs/pfSense-docs/-/commit/e2fe9ea936afad80d3bf63102f0712e15897831e
* https... Jim Pingle
05:36 PM pfSense Docs Todo #14449 (In Progress): Add info about crypto accelerator behavior when multiple options are enabled: Still needs some adjustment based on the latest performance data results.
See https://netgate.slack.com/archives/C... Jim Pingle
04:10 PM pfSense Docs Todo #14463 (Closed): The reference external port for LAN should be unset when adding OPT: When carrying out this procedure: https://docs.netgate.com/pfsense/en/latest/solutions/sg-1100/configuring-the-switch... Steve Wheeler
03:14 PM Feature #11302: WireGuard XMLRPC sync: We have recently switched our site-to-site links to WireGuard, and were disappointed to find that WireGuard settings ... Tanner Schultz
02:34 PM pfSense Plus Bug #14461: Uncaught TypeError after import alias: This site is not for support or diagnostic discussion.
For assistance in solving problems, please post on the "Net... Jim Pingle
02:22 PM pfSense Plus Bug #14461: Uncaught TypeError after import alias: Jim Pingle wrote in #note-1:
> Duplicate of #14412
>
> Already fixed and in system patches.
Oké but it complet... Marc Hagen
02:04 PM pfSense Plus Bug #14461 (Duplicate): Uncaught TypeError after import alias: Duplicate of #14412
Already fixed and in system patches. Jim Pingle
01:49 PM pfSense Plus Bug #14461 (Duplicate): Uncaught TypeError after import alias: /firewall_aliases_import.php?tab=ip
After importing a alias with the following info:
Name: RFC5771_Multicast
D... Marc Hagen
02:21 PM Bug #14462: Breadcrumb path missing on ``system_register.php``: I wanted to say, "At the *top* of the screen, there should be System/Register" Danilo Zrenjanin
02:20 PM Bug #14462 (Resolved): Breadcrumb path missing on ``system_register.php``: The path is missing. At the bottom of the screen, there should be *System/Register* Danilo Zrenjanin
12:37 PM pfSense Plus Bug #14329: DDNS IPv6 update PHP error: The solution might be as simple as : https://forum.netgate.com/topic/180552/23-05-uncaught-error-attempt-to-assign-pr... Gertjan KROEB
12:29 PM pfSense Packages Bug #14460: PHP Fatal error: Uncaught TypeError: Cannot access offset of type string on string in /usr/local/pkg/haproxy/haproxy.inc:2158: Here is the configuration that triggers PHP errors.... Danilo Zrenjanin
12:18 PM pfSense Packages Bug #14460: PHP Fatal error: Uncaught TypeError: Cannot access offset of type string on string in /usr/local/pkg/haproxy/haproxy.inc:2158: Here is the forum thread https://forum.netgate.com/post/1109155 Danilo Zrenjanin
11:31 AM pfSense Packages Bug #14460 (Resolved): PHP Fatal error: Uncaught TypeError: Cannot access offset of type string on string in /usr/local/pkg/haproxy/haproxy.inc:2158: ... Danilo Zrenjanin
07:16 AM Bug #14458 (Resolved): PHP error in IPsec tunnels list: I could reproduce the issue.... Danilo Zrenjanin
03:14 AM pfSense Plus Todo #14456 (Resolved): Update Ethernet rules Description field help text: Looks good. Marcos M
12:38 AM Regression #11570: Gateway monitoring services is not always restarted on interface events, which may prevent a WAN from recovering back to an online state: We have an office that uses Starlink (CGNAT DHCP IP) and a slow FWA (Public Static IP) connection as backup. If the o... LTC Tech

06/07/2023

08:28 PM Revision cb5e5b32: Update RELENG_2_7_0 from DEVELOPMENT to BETA: Glen Barber
05:43 PM Feature #14457 (Feedback): Support receiving ``EAPOL`` frames on VLAN ``0`` in ``wpa_supplicant``: Christian McDonald
04:55 PM Revision b17e7d94: Revert "Add net/dhcpcd to poudriere_bulk": This reverts commit 5c80b44d0aa294684f10c03f97b4b4793d4865dc. Christian McDonald
02:35 PM Bug #14458: PHP error in IPsec tunnels list: After applying the patch the PHP error has been resolved. Thanks for the quick fix. Steve Wilson
12:50 PM Bug #14458 (Feedback): PHP error in IPsec tunnels list: Applied in changeset commit:04a06f2c513052a0a7415b1853c97db3992fd3de. Jim Pingle
12:29 PM Bug #14458 (Confirmed): PHP error in IPsec tunnels list: That Phase 1 entry in the config is invalid, not sure where it came from. It's full of empty tags that aren't possibl... Jim Pingle
09:58 AM Bug #14458: PHP error in IPsec tunnels list: <ipsec>
<phase1>
<disabled></disabled>
<encryption>
<item>
<encryption-algorithm></encryption-... Steve Wilson
03:32 AM Bug #14458: PHP error in IPsec tunnels list: Would you provide the contents of the @<ipsec>@ section in @/conf/config.xml@ file? Make sure to redact any sensitive... Marcos M
12:51 AM Bug #14458 (Resolved): PHP error in IPsec tunnels list: The following PHP error is thrown when accessing the IPsec Tunnels page:
Crash report begins. Anonymous machine i... Steve Wilson
12:50 PM pfSense Plus Feature #14459 (Not a Bug): SNMP obsolete 32bit counters: If you use the appropriate high capacity (HC) OIDs for 64-bit counters they are there:... Jim Pingle
08:21 AM pfSense Plus Feature #14459 (Not a Bug): SNMP obsolete 32bit counters: Hi,
We have 10G interfaces and we are trying to monitor speed on them with SNMP. Values are stored in 32-bit count... Tomas Vecko
12:42 PM Revision 04a06f2c: Fix PHP error from invalid IPsec P1 config. Fixes #14458: Switch to PHP 8.x friendly functions to access multi-level array parts
since there is a chance they may be empty or p... Jim Pingle
11:53 AM Bug #14396 (Feedback): Reassembled packets received on a VTI are not forwarded: Jim Pingle
04:54 AM pfSense Packages Bug #14406: Squid Proxy version 0.4.46 Missing Error subfolder and files for "en" or "en-usa" and all other languages.: Jonathan Lee wrote in #note-5:
> Hi Marcos, I wanted to confirm that this issue was not present until inplace upgrad... Pete Wright

06/03/2023

10:57 PM Regression #12215: OpenVPN does not resync when running on a gateway group: seeing this with 23.05, OpenVPN using a gateway group as the interface won't failover unless dpinger is restarted, bu... Jordan G
10:25 PM pfSense Packages Bug #14406 (Confirmed): Squid Proxy version 0.4.46 Missing Error subfolder and files for "en" or "en-usa" and all other languages.: Can confirm on both a fresh installation of 23.05 with Squid 0.4.46, and one which was upgraded from 23.01 with Squid... Chris W
10:09 PM pfSense Packages Bug #14287: pfBlockerNG does not uninstall cleanly when using RAM disks: Loh Phat wrote in #note-10:
> No joy with the new 2.2.2 system patches:
>
> [...]
Please retest this on 23.05 ... Kris Phillips
10:01 PM Feature #14448: Support interface groups in firewall rule source/destination fields: You can select interface networks as a source/destination. It would be useful to be able to select an interface group... Chris M Scott
09:58 PM Feature #14448 (Resolved): Support interface groups in firewall rule source/destination fields: You can select interface networks as a source/destination. It would be useful to be able to select an interface group... Chris M Scott
09:59 PM pfSense Packages Bug #14108: Antivirus Bases showing outdated main.cvd with a version dated year 2021: Tested on 23.05-RELEASE and this issue is still present. Kris Phillips
09:56 PM pfSense Packages Bug #14021 (Not a Bug): Squid ClamAV showing bytecode errors for version 334: Closing as Not a Bug Kris Phillips
09:53 PM Bug #14425: "Max Processes" value is not stored properly when saving on ``system_advanced_admin.php``: Tested in 23.05 via System Patch. Max Processes variable is now properly updated and shows in the config and the web... Kris Phillips
08:55 PM pfSense Packages Feature #14447 (Resolved): Update haproxy from 2.6 to 2.8 lts: A few days ago, haproxy 2.8 was released. It is an LTS release with support until Q2 2028.
Its a pretty useful rel... Jens Frankfurter
08:06 PM pfSense Docs Todo #14207: Rate limiting on Chelsio T4/5 NICs: This should be added to the tuning documentation at https://docs.netgate.com/pfsense/en/latest/hardware/tune.html#che... Mike Schwier
07:59 PM pfSense Docs Todo #14207: Rate limiting on Chelsio T4/5 NICs: Confirmed this fixed the issue with a Chelsio T520-CR on 23.05 Mike Schwier
04:10 AM pfSense Docs Todo #14207: Rate limiting on Chelsio T4/5 NICs: Tested the fix posted above which fixed this issue. Bruce Talbot
08:03 PM pfSense Packages Feature #10818: UDP Broadcast Relay: installed the package on 2.7 and the service is working
2.7.0-DEVELOPMENT (amd64)
built on Fri May 26 06:04:59... Alhusein Zawi
06:05 PM Bug #14446 (Pull Request Review): PHP error in Captive Portal ``usedmacs`` handling: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/1042 Christopher Cope
04:47 PM Bug #14446: PHP error in Captive Portal ``usedmacs`` handling: I misread the code at first. It uses an or statement, so if $usedmacs is an array it tries to trim it and check if it... Christopher Cope
04:42 PM Bug #14446 (Resolved): PHP error in Captive Portal ``usedmacs`` handling: ... Christopher Cope
03:00 PM Feature #14265 (Pull Request Review): Option to invalidate GUI login session if the client address changes: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/1041 Christopher Cope
11:07 AM pfSense Packages Regression #14445 (Resolved): HAProxy PHP error /usr/local/www/haproxy/haproxy_global.php:138: On upgrade from 23.01 to 23.05... Lev Prokofev
07:14 AM Bug #14354: Outbound NAT rule input validation error when attempting to manually specify "Other Subnet" with a valid address: Update it produces the following error:... Lev Prokofev
06:46 AM Bug #14354: Outbound NAT rule input validation error when attempting to manually specify "Other Subnet" with a valid address: The patch is allowing to add a CIDR and seems doesn't affect anything at first glance. But I found the typo on the NA... Lev Prokofev
05:44 AM Feature #14444: Aliases options for custom OS fingerprints?: Location of current database in pfSense if you want to add any OS fingerprints to it
/etc/pf.os
Jonathan Lee
02:45 AM pfSense Packages Todo #9200: Add DNS support for Google domain to Acme manager: Upstream support has been merged and released: https://github.com/acmesh-official/acme.sh/pull/4542
There is a PR at... Jonathan Moscardini

06/02/2023

11:48 PM Feature #14444: Aliases options for custom OS fingerprints?: In theory we could just adapt an Access Control List to what ever Docker container OS fingerprint that needs to be bl... Jonathan Lee
11:44 PM Feature #14444: Aliases options for custom OS fingerprints?: Docker’s Kali Container is 4:42+22:0:1372:mss*20,7:mss,nop,nop,sok,nop,ws:df:0
Update the signature before is not ... Jonathan Lee
11:30 PM Feature #14444: Aliases options for custom OS fingerprints?: Did you know you can essentially adapt the old p0f.fp OS database in pfSense and use OS specific access control lists... Jonathan Lee
11:28 PM Feature #14444: Aliases options for custom OS fingerprints?: Docker’s Kali Container OS fingerprint is 4:64+0:0:1460:mss*44,7:mss,sok,ts,nop,ws:df,id+:0
Jonathan Lee
08:50 PM Feature #14444: Aliases options for custom OS fingerprints?: Example: Same laptop running Ubuntu with Docker installed
sudo apt install docker.io -y
sudo docker run -itd --rm... Jonathan Lee
03:01 PM Feature #14444: Aliases options for custom OS fingerprints?: I am aware that the current tool is outdated with the signatures with https://redmine.pfsense.org/issues/7260
This i... Jonathan Lee
02:59 PM Feature #14444 (New): Aliases options for custom OS fingerprints?: Idea for new feature, is there a way to add some custom fingerprints? I was able to find one manually but how can I a... Jonathan Lee
09:38 PM Bug #14396 (In Progress): Reassembled packets received on a VTI are not forwarded: Marcos M
03:55 PM Bug #14396: Reassembled packets received on a VTI are not forwarded: I believe I understand what's going on here, but Marcos will test my theories on his setup soon.
Basically, there'... Kristof Provost
09:11 PM pfSense Docs Todo #14207: Rate limiting on Chelsio T4/5 NICs: Anyone hitting this should try the loader variable: ... Steve Wheeler
09:03 PM Bug #14435: PHP error with limiters: System logs show:... Marcos M
08:29 PM Regression #14039 (Resolved): Limiters have no effect on upload traffic passed by policy routing rules: Tested fix - now works. Marcos M
03:07 PM Regression #14039 (Feedback): Limiters have no effect on upload traffic passed by policy routing rules: I've cherry picked this: ... Kristof Provost
02:55 PM Feature #7260: Source OS / p0f Database Missing Modern Operating Systems: Idea, is there a way to add some custom fingerprints? I was able to find one manually but how can I add it? Maybe jus... Jonathan Lee
02:29 PM pfSense Packages Bug #14405: PHP Crash report: It returned. Let me know what you need. Jens Kristensen
01:41 PM pfSense Packages Feature #9833: ACME: add ability to use custom ACME server: +1 here as well. I also have set up Step CA as an internal CA with ACME. I want to be able to set up a custom ACME se... Jeremy Reichman
05:18 AM pfSense Docs Todo #14443 (New): Feedback on Services — NTPD — NTP Server Configuration: *Page:* https://docs.netgate.com/pfsense/en/latest/services/ntpd/server.html
*Feedback:* Several settings availabl... Anthony S

Also available in: Atom

Project

General

Profile

pfSense

Activity

Activity

07/01/2023

06/30/2023

06/29/2023

06/28/2023

06/27/2023

06/26/2023

06/25/2023

06/24/2023

06/23/2023

06/22/2023

06/21/2023

06/20/2023

06/19/2023

06/18/2023

06/17/2023

06/16/2023

06/15/2023

06/14/2023

06/13/2023

06/12/2023

06/11/2023

06/10/2023

06/09/2023

06/08/2023

06/07/2023

06/06/2023

06/05/2023

06/04/2023

06/03/2023

06/02/2023