Activity

30 days up to

User

Subprojects

Activity

From 06/12/2023 to 07/11/2023

07/11/2023

09:52 PM pfSense Packages Bug #13489 (Resolved): Tailscale Exit node without IPv6 connectivity break connections with Chromium based browser: We are up to Tailscale v1.44.
> Tailscale 1.30.1 has been released which includes the fix for this issue. The upda... Christian McDonald
09:35 PM Feature #11369 (Resolved): add Enabling IPv6 Source Address Validation support: This is now enabled by default after the move to FreeBSD 14. Marcos M
09:08 PM pfSense Packages Bug #13515: Snort with PHP 8.1 - TypeError when saving edits to an interface: I am still seeing this error in 2.7.0-RELEASE.... Jove Too
07:56 PM Revision 5a2d873b: ipsec: correct typo in var name when modifying p1s: Reid Linnemann
03:44 PM pfSense Docs Todo #14564 (Closed): Feedback on Releases — 22.05/22.05.1 New Features and Changes (add note for 2100): Corrected and deployed:
https://gitlab.netgate.com/docs/pfSense-docs/-/commit/370c2215edefe68c74f1d5326604df23f7a5... Jim Pingle
03:43 PM Bug #14567 (Rejected): Traffic flow since upgrade from 2.5 to 2.6: This site is not for support or diagnostic discussion.
For assistance in solving problems, please post on the "Net... Jim Pingle
03:42 PM Bug #14567 (Rejected): Traffic flow since upgrade from 2.5 to 2.6: Since upgrading from 2.5 to 2.6 http will flow from LAN interface into our IIS interface hit our IIS servers and repl... Rob Woodcock
09:10 AM pfSense Packages Bug #14554: PHP Fatal error: Uncaught TypeError: Cannot access offset of type string on string: By reading /usr/local/pkg/pfblockerng/pfblockerng.inc it seems a few more lines down this part might be affected as w... Buster de

07/10/2023

10:22 PM Regression #14026: HA node with CARP VIP in backup state is unable to ping the active node using that CARP VIP address: For reference:
This is due to source validation which is now being enabled by default. To return the previous behavi... Marcos M
08:13 PM pfSense Packages Bug #14560: NRPE does not function properly on Plus 23.09 / CE 2.7.0: Thank you all!
> So to re-summarize, these -5- 6 changes appear to restore 100% functionality from the previous rele... Tom Huerlimann
05:25 PM pfSense Packages Bug #14560: NRPE does not function properly on Plus 23.09 / CE 2.7.0: @TomTheOne: I'd suggest rebooting after making the five changes I listed above. nrpe3.sh definitely seems to get gene... Jeff Morris
05:12 PM pfSense Packages Bug #14560: NRPE does not function properly on Plus 23.09 / CE 2.7.0: Ok, I think I've got this figured out... nrpe3.sh gets automatically generated, so disregard my previous comment rega... Jeff Morris
05:06 PM pfSense Packages Bug #14560: NRPE does not function properly on Plus 23.09 / CE 2.7.0: In my case, nrpe is already running by manually starting the service via start-script in /usr/local/etc/rc.d/nrpe.
I... Tom Huerlimann
04:44 PM pfSense Packages Bug #14560: NRPE does not function properly on Plus 23.09 / CE 2.7.0: Sorry for the confusion Tom. Those changes do indeed fix it on my system, but after seeing your comment I just did so... Jeff Morris
04:18 PM pfSense Packages Bug #14560: NRPE does not function properly on Plus 23.09 / CE 2.7.0: Thank you
> So in summary, these 4 changes appear to restore 100% functionality from the previous release:
>
> /... Tom Huerlimann
04:07 PM pfSense Packages Bug #14560: NRPE does not function properly on Plus 23.09 / CE 2.7.0: Two more notes:
(1) At least on my system, the command="/usr/local/sbin/nrpe" change had to be made to /usr/local/... Jeff Morris
03:37 PM pfSense Packages Bug #14560: NRPE does not function properly on Plus 23.09 / CE 2.7.0: In addition to the daemon name being changed from nrpe3 to nrpe, I've noticed that the associated check command has a... Jeff Morris
07:27 PM pfSense Packages Bug #14566 (Confirmed): Softlflowd package don't send ICMP flows: I am using the softflowd package v.1.2.6_1 on pfsense v.2.7.0
Apparently icmp traffic is not sent from the sensor to... Yuran Yastreb
04:00 PM Bug #14565 (Duplicate): php crash when killing openvpn session: Duplicate of #12817 which is fixed in 2.7.0.
Jim Pingle
03:59 PM Bug #14565 (Duplicate): php crash when killing openvpn session: Hi,
I just copy/paste the crash report here. This is a regression from 2.5.x... abk imp
03:43 PM pfSense Docs Todo #14564 (Closed): Feedback on Releases — 22.05/22.05.1 New Features and Changes (add note for 2100): *Page:* https://docs.netgate.com/pfsense/en/latest/releases/22-05.html
*Feedback:*
Per https://forum.netgate.com/... Steve Y
02:26 PM Regression #14374: Static ARP entries are not configured at boot: Yeah I just tested this on my 2.7 and working..
I posted details of the test here.
https://forum.netgate.com/po... JohnPoz _
02:04 PM Regression #14374: Static ARP entries are not configured at boot: ARAMP1 _ wrote in #note-22:
> Does not appear to work on 2.7.0.
It works on 2.7.0 in my testing here. You will ne... Jim Pingle
01:46 PM Regression #14374: Static ARP entries are not configured at boot: Does not appear to work on 2.7.0. ARAMP1 _
01:04 PM Regression #14374 (Resolved): Static ARP entries are not configured at boot: Jim Pingle
01:15 PM pfSense Plus Bug #14563 (Feedback): System Log - General Log Order Setting is not being respected when using Raw Logs: Applied in changeset pfsense:commit:7f7d0165a37f0d7d2e0e8e5d1bd4ab2e35fc8ab8. Christopher Cope
01:06 PM pfSense Packages Bug #14559 (Duplicate): nrpe 3.1_6 service control broken on pfSense 2.7.0: Jim Pingle
01:05 PM Bug #14462 (Resolved): Breadcrumb path missing on ``system_register.php``: Jim Pingle

07/09/2023

12:25 PM Bug #14434: PPPoE WAN interface with VIPs causes continuous interface restarting: This also affects 2.7 and when using IPAlias VIPs on the WAN.
See: https://forum.netgate.com/topic/181345/2-7-0-pppo... Steve Wheeler
08:03 AM pfSense Packages Bug #14364: APCUPSD unable to process date string: Perfect, thanks Kris :-) Lloyd Collins
01:44 AM pfSense Packages Bug #14364 (Confirmed): APCUPSD unable to process date string: Yeah we should add a date format option to the widget so that it properly displayed depending on user input. Kris Phillips
01:56 AM pfSense Packages Bug #14349 (Confirmed): The ClamAV 0.105.1 got a few vulnerabilities: pfSense Plus 23.09 has the latest ClamAV 1.1.0, which is not vulnerable:
/usr/local/sbin/clamd --version
ClamAV 1... Kris Phillips
01:37 AM pfSense Packages Feature #14529: eBPFShield: The project appears to be primarily written for Debian-based Linux and the Summer of Code project from 2020 doesn't a... Kris Phillips
01:20 AM pfSense Packages Bug #14560 (Confirmed): NRPE does not function properly on Plus 23.09 / CE 2.7.0: Tested on 23.09. Confirmed this behavior.
Editing /usr/local/etc/rc.d/nrpe to change this allows the service to... Kris Phillips

07/08/2023

11:45 PM Bug #13542: Boot delay caused when OpenVPN config uses alias list that relies on DNS: I no longer work for the company that operates this instance but I might be able to get access and retest this after ... Adrien Carlyle
11:03 PM Bug #13542: Boot delay caused when OpenVPN config uses alias list that relies on DNS: I'm unable to reproduce this to any noteworthy degree on 23.05.1. Steps taken:
1. Made an alias "mint" to mint.home.... Chris W
09:34 PM pfSense Plus Bug #14563 (Pull Request Review): System Log - General Log Order Setting is not being respected when using Raw Logs: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/1046 Christopher Cope
09:29 PM pfSense Plus Bug #14563 (Confirmed): System Log - General Log Order Setting is not being respected when using Raw Logs: Thank you for that detail! I was able to confirm that behavior. I'll get the patch submitted shortly. Christopher Cope
08:58 PM pfSense Plus Bug #14563: System Log - General Log Order Setting is not being respected when using Raw Logs: Thank you for your reply. I have just noticed that the problem happens when using "Raw Logs" format in combination wi... Fred Lear
06:09 PM pfSense Plus Bug #14563: System Log - General Log Order Setting is not being respected when using Raw Logs: I am unable to reproduce this. I have a fresh 23.05.1 install and changing the global option instantly affects all lo... Christopher Cope
05:58 PM pfSense Plus Bug #14563 (Resolved): System Log - General Log Order Setting is not being respected when using Raw Logs: No matter what the "Forward/Reverse Display" option in general System Log settings is set to, the logs are always dis... Fred Lear
09:33 PM Revision 7f7d0165: /etc/inc/syslog.inc: Update accessor method formatting. Fixes #14563: Christopher Cope
05:29 PM pfSense Packages Bug #14562 (Resolved): PHP error when trying to run OSPF and BGP in the same time: The following PHP error is thrown when you enable OSPF while the BGP service is already running.... Danilo Zrenjanin
04:35 PM Feature #8173: dhcp6c - RAW Options: Hi there. This seems a pretty old request, but still no change so far.
Some ISP actually require to send specific ra... Sylvain A
04:02 PM pfSense Packages Regression #14561 (Resolved): FRR errors accessing Global Settings after deleting BGP neighbor: Steps to reproduce:
1. Install FRR.
2. Create a BGP neighbor without staring FRR.
3. Delete the neighbor.
4. Atte... Christopher Cope
03:20 PM Feature #14535: DNS Unbound Resolver will still resolve IPv6 AAAA URLS when LAN and WAN are set to none for IPv6.: At this point this discussion is best taken to the forum at https://forum.netgate.com/category/46/ipv6 Chris Linstruth
03:19 PM Feature #14535: DNS Unbound Resolver will still resolve IPv6 AAAA URLS when LAN and WAN are set to none for IPv6.: Then they thought they had IPv6 available to use and, properly, tried to use it first. Check the IPv6 configuration o... Chris Linstruth
01:14 PM pfSense Packages Regression #14494 (Confirmed): FRR,PHP errors when deleting AS-path: I can confirm this behavior.
Tested against:... Danilo Zrenjanin
12:42 PM pfSense Packages Regression #14493 (Confirmed): FRR,PHP errors when deleting neighbor: I can confirm this behavior.
Tested against:... Danilo Zrenjanin
09:20 AM pfSense Packages Bug #14559: nrpe 3.1_6 service control broken on pfSense 2.7.0: To be deleted, i posted in the wrong category.
Correct one here: https://redmine.pfsense.org/issues/14560 Tom Huerlimann
08:12 AM pfSense Packages Bug #14559 (Duplicate): nrpe 3.1_6 service control broken on pfSense 2.7.0: nrpe 3.1_5 works smooth on pfSense 2.7.0, after the upgrade to nrpe 3.1_6 the service can not be controled anymore vi... Tom Huerlimann
09:20 AM pfSense Packages Bug #14560 (Resolved): NRPE does not function properly on Plus 23.09 / CE 2.7.0: nrpe 3.1_5 works smooth on pfSense 2.7.0, after the upgrade to nrpe 3.1_6 the service can not be controled anymore vi... Tom Huerlimann
07:42 AM pfSense Packages Bug #14364: APCUPSD unable to process date string: Done, and it's fixed the problem and the widget is working again, but apctest expects the format in DD/MM/YY and the ... Lloyd Collins
06:56 AM pfSense Packages Bug #14364: APCUPSD unable to process date string: Are you able to try with the month and then day in the first and second numbers respectively when entering the date? ... Jordan G
07:42 AM Bug #14462: Breadcrumb path missing on ``system_register.php``: appears correct with changeset patched Jordan G
07:12 AM Regression #14374: Static ARP entries are not configured at boot: patch works on 23.05.1 as advertised Jordan G

07/07/2023

10:32 PM Regression #14502: DHCPv6 Prefix Delegation (PD) not installing routes: See this here in 2.7 also. Steve Wheeler
10:29 PM pfSense Packages Bug #14557 (Not a Bug): SSL Offloading configuration settings missing from frontends: Jim Pingle
09:37 PM pfSense Packages Bug #14557: SSL Offloading configuration settings missing from frontends: Andrew Cz wrote:
> The SSL Offloading section of any and all frontends are missing.
>
> I was expecting to see the s... Andrew Cz
03:02 PM pfSense Packages Bug #14557 (Not a Bug): SSL Offloading configuration settings missing from frontends: The SSL Offloading section of any and all frontends are missing.
I was expecting to see the section that can be fo... Andrew Cz
06:43 PM pfSense Packages Todo #13917 (Feedback): OpenVPN Client Export: Integrate OpenVPN 2.6.0: Included in OpenVPN client export package 1.9. Will be in snapshots for testing, then release branches if it tests OK.
Jim Pingle
06:43 PM pfSense Packages Todo #13255 (Feedback): Set PKCS#12 algorithm when exporting OpenVPN ZIP or Windows bundles: Included in OpenVPN client export package 1.9. Will be in snapshots for testing, then release branches if it tests OK.
Jim Pingle
05:11 PM pfSense Packages Todo #13255 (In Progress): Set PKCS#12 algorithm when exporting OpenVPN ZIP or Windows bundles: Jim Pingle
06:43 PM pfSense Packages Todo #14202 (Feedback): Rename exported OpenVPN connect files as "connect" rather than "ios": Included in OpenVPN client export package 1.9. Will be in snapshots for testing, then release branches if it tests OK.
Jim Pingle
05:10 PM pfSense Packages Todo #14202 (In Progress): Rename exported OpenVPN connect files as "connect" rather than "ios": The change from "ios" to "connect" would be good.
The change from "config" to "archive" is not needed, it is a con... Jim Pingle
06:15 PM pfSense Packages Bug #14426: PHP errors in Lightsquid: This occurs with 23.05.1 also
Attached is logs Jonathan Lee
05:59 PM Bug #14432 (New): PHP error when failing to write ``config.cache``: Marcos M
05:08 PM pfSense Plus Bug #14175: LDAP authentication for SSH fails: With @Use Authentication Server for Shell Authentication@ checked, this issue can prevent the firewall from booting c... Marcos M
04:42 PM Feature #14483: Conditionally reconfigure IPsec VTI interfaces only when necessary while applying IPsec changes: Without the solution I described there is no viable workaround that wouldn't cripple the function in some way (e.g. c... Jim Pingle
04:01 PM Feature #14483: Conditionally reconfigure IPsec VTI interfaces only when necessary while applying IPsec changes: Appreciate the analysis. Is there a workaround that I can implement?
In my scenario my BGP peers bounce which breaks... Mike Moore
03:58 PM Feature #14535: DNS Unbound Resolver will still resolve IPv6 AAAA URLS when LAN and WAN are set to none for IPv6.: Thanks for looking at this,
For me all the sudden clients kept trying to use AAAA (IPv6) results. Again, I had so ... Jonathan Lee
03:51 PM Feature #14558 (New): Feature Request: GUI options to Unbound Resolver's new DoH abilities: Hello fellow PfSense Redmine community members,
I was wondering if the DNS resolver could have GUI abilities to co... Jonathan Lee
02:33 PM pfSense Plus Regression #14378: Packages are not removed when using the hardware reset button: Also happens when using the console menu to restore to defaults. Or at least, they are not removed, not sure which. ... Steve Y
02:28 PM pfSense Packages Bug #14556 (New): Tailscale dropping routes from FIB: Installation has several tailscale nodes. The problematic node is a 6100. Some of the other nodes are 2100s.
At so... Chris Linstruth
01:17 PM pfSense Packages Feature #14101 (Feedback): Add Zabbix 6.4 packages: Brad Davis
01:14 PM Revision 264198a5: ipsec: refactor config access: Christian McDonald
12:50 PM Revision 74033068: Move the options to Zabbix 6.4 after ece014b0: (cherry picked from commit 653c88154893f4ea87b9fccdffeff2b0bfcbe364) Brad Davis
12:50 PM Revision 653c8815: Move the options to Zabbix 6.4 after ece014b0: Brad Davis
12:41 PM Revision 5a1b86a4: Update to zabbix 6.4 after ports merge: (cherry picked from commit ea05d6a1299374e5178d5d258b4f9e944ebeff12) Kristof Provost
11:59 AM pfSense Plus Bug #13348 (Feedback): Error when deleting ZFS Boot Environment created from duplicate of non-default entry: Fixed: https://gitlab.netgate.com/pfSense/FreeBSD-src/-/commit/2a3ce72f2163aa8bc0cd4224354a43c8067569c7 Christian McDonald
01:40 AM pfSense Plus Bug #13348: Error when deleting ZFS Boot Environment created from duplicate of non-default entry: https://reviews.freebsd.org/D40903
Christian McDonald

07/06/2023

07:15 PM Regression #14534 (Feedback): Cavium ``qlnxe`` / ``if_qlnxe`` driver is not present: Christian McDonald
05:49 PM Regression #14534: Cavium ``qlnxe`` / ``if_qlnxe`` driver is not present: I see the problem. I'm running a test build now to confirm. This will be resolved in the next release. Christian McDonald
06:17 PM Feature #14483: Conditionally reconfigure IPsec VTI interfaces only when necessary while applying IPsec changes: I was able to find a system in my lab where I could reproduce this. After some investigation it turns out there isn't... Jim Pingle
12:15 PM Feature #14483: Conditionally reconfigure IPsec VTI interfaces only when necessary while applying IPsec changes: "Ignore IPsec Restart" doesn't actually control whether or not FRR/BGP/etc restart on interface events. What it contr... Jim Pingle
06:12 PM pfSense Plus Feature #14555: Display Overridden Interface Names On Interface and VLAN Setup Pages: Alternatively, you could just hide the internal device names altogether for those specific areas previously mentioned... John Uplink
06:01 PM pfSense Plus Feature #14555 (New): Display Overridden Interface Names On Interface and VLAN Setup Pages: Please reference overridden interface names in various places in the pfSense web management UI. It seems that in some... John Uplink
06:06 PM Regression #14374: Static ARP entries are not configured at boot: Jim Pingle wrote in #note-18:
> Applied in changeset commit:5082edf92795fe8266be49905fe4f07eb682449d.
Confirmed t... Zachary Cohen
05:30 PM Regression #14374 (Feedback): Static ARP entries are not configured at boot: Applied in changeset commit:5082edf92795fe8266be49905fe4f07eb682449d. Jim Pingle
05:30 PM Regression #14374: Static ARP entries are not configured at boot: Looks like it was a simple change in a PHP test early in the static route setup function. Simple to fix by using a be... Jim Pingle
04:14 PM Regression #14374: Static ARP entries are not configured at boot: I can reproduce this in my lab as well. Jim Pingle
06:39 AM Regression #14374: Static ARP entries are not configured at boot: I can also validate that Regression #14374 is present on my 3.7.0 installation.
I noticed that simply opening and sa... Zachary Cohen
05:47 PM Bug #13552: Dashboard - uptime shows nothing and gateway widget loses default gateway soon after PPPoE comes up: Jim Pingle wrote in #note-1:
> This seems to be the same as #12811
Still happening in 2.7.0, in effect worse in 2... Phil Lee
05:21 PM Revision 5082edf9: Fix static ARP interface check. Fixes #14374: Jim Pingle
04:22 PM Bug #14550: MySQLi PHP module missing after upgrade from 2.6 to 2.7: The suggestion worked well! Thanks for your help! Jefeson Alves
12:23 PM Bug #14550 (Not a Bug): MySQLi PHP module missing after upgrade from 2.6 to 2.7: That module is not included in the base OS but is available as an add-on. You must install/track manually, it may not... Jim Pingle
03:55 PM Bug #14524: Cannot select IP Alias VIP with CARP VIP parent in Virtual IP drop-down on Gateway Groups: Applied in changeset commit:d333e763df6cad2fdfa6be447826a4814e0fece6. Anonymous
03:48 PM Bug #14524 (Feedback): Cannot select IP Alias VIP with CARP VIP parent in Virtual IP drop-down on Gateway Groups: PR merged, thanks! Jim Pingle
09:54 AM Bug #14524: Cannot select IP Alias VIP with CARP VIP parent in Virtual IP drop-down on Gateway Groups: Created as Pull request https://github.com/pfsense/pfsense/pull/4646 Jens Groh
03:53 PM pfSense Packages Bug #13343 (Pull Request Review): HAproxy cookie protection syntax needs updated: Jim Pingle
03:00 PM pfSense Packages Bug #13343: HAproxy cookie protection syntax needs updated: Sorry for the duplicate report; for some reason I missed this one.
I've now prepared a pull request https://github... Alfredo Pironti
03:48 PM Revision d333e763: Update util.inc: Add additional check to correctly display "Alias-on-CARP"-style Virtual IPs in Gateway Group VIP dropdown selection. ... qwertiko GmbH
03:45 PM Bug #14462 (Feedback): Breadcrumb path missing on ``system_register.php``: Applied in changeset commit:437fd1b694ea70e8d7043814cc262346209064ea. Christopher Cope
07:16 AM Bug #14462: Breadcrumb path missing on ``system_register.php``: The merge hasn't been completed yet, but I have tested the commit and it appears to be working as intended.
!clipb... Danilo Zrenjanin
03:35 PM Revision 437fd1b6: Add page title to system_register.php. Fixes #14462: Christopher Cope
12:38 PM Feature #14265: Option to invalidate GUI login session if the client address changes: I tested it multiple times on multiple clients and it always kicked me off. Are you sure the client address is changi... Jim Pingle
08:29 AM Feature #14265: Option to invalidate GUI login session if the client address changes: I conducted a test on the commit, however, altering the client source IP address did not result in a connection break... Danilo Zrenjanin
12:34 PM Regression #14503 (Rejected): The system is stuck on boot on the Synchronizing user settings if remote authentication server is set.: There may be some other aspect of the poster's setup that is a factor here, like it being remote, or maybe it's used ... Jim Pingle
07:45 AM Regression #14503: The system is stuck on boot on the Synchronizing user settings if remote authentication server is set.: I couldn't replicate this behavior on:... Danilo Zrenjanin
12:29 PM Bug #14552 (Duplicate): No Site-to-Site VPN after upgrading CE from 2.6.0 to 2.7.0: Please do not open duplicate issues. Keep the discussion on the forum and if there is a proven bug and not a configur... Jim Pingle
04:40 AM Bug #14552 (Duplicate): No Site-to-Site VPN after upgrading CE from 2.6.0 to 2.7.0: A long-standing configuration in CE 2.6.0 should survive an update to 2.7.0. A growing number of users is reporting t... Michael Schefczyk
12:25 PM Feature #14535: DNS Unbound Resolver will still resolve IPv6 AAAA URLS when LAN and WAN are set to none for IPv6.: If the clients don't have working IPv6 they wouldn't use the AAAA results. But you don't know what is making the DNS ... Jim Pingle
08:36 AM pfSense Packages Bug #14553: Call to undefined function sync_package_filer(): ... Alex Kolesnik
08:29 AM pfSense Packages Bug #14553 (Resolved): Call to undefined function sync_package_filer(): https://forum.netgate.com/topic/180220/filer-package-xmlrpc-sync-error Alex Kolesnik
08:34 AM pfSense Packages Bug #14554 (Duplicate): PHP Fatal error: Uncaught TypeError: Cannot access offset of type string on string: https://forum.netgate.com/topic/180950/error-on-pfblockerng-inc-5310-pfblockerng-devel-3-2-0_5... Alex Kolesnik
08:14 AM Feature #13245: Type column on Alias lists: I tested the commit, and it looks fine.
!clipboard-202307061014-v9aqd.png!
Danilo Zrenjanin
07:06 AM pfSense Packages Bug #13432: ups driver will not start: The root cause appears to be the kernel not recognizing some UPS models as a UPS. See discussion here:
https://fo... Doug Miles
06:54 AM Bug #14545 (Resolved): Per-log settings for file size and retention count are not honored: I am marking this case resolved. Danilo Zrenjanin
06:54 AM Bug #14545: Per-log settings for file size and retention count are not honored: The patch fixes the described issue.
Tested against:... Danilo Zrenjanin
01:25 AM Feature #14551 (New): DynDns Route53 using IAM Roles Anywhere: Static credentials for IAM Users to access AWS is considered poor practice, but necessary before IAM Roles Anywhere. ... Gene Chung

07/05/2023

10:30 PM Feature #14535: DNS Unbound Resolver will still resolve IPv6 AAAA URLS when LAN and WAN are set to none for IPv6.: If the router is not saying it is IPv6-capable the clients will not have IPv6 available to use. Every modern IPv4-onl... Chris Linstruth
09:41 PM Feature #14535: DNS Unbound Resolver will still resolve IPv6 AAAA URLS when LAN and WAN are set to none for IPv6.: If LAN is set to none for IPv6, it technically would never be able to access AAAA correct? Jonathan Lee
12:44 PM Feature #14535 (Not a Bug): DNS Unbound Resolver will still resolve IPv6 AAAA URLS when LAN and WAN are set to none for IPv6.: That's how DNS works.
The _clients_ are requesting A and AAAA records, the service is giving the clients the respo... Jim Pingle
10:20 PM Bug #14550 (Not a Bug): MySQLi PHP module missing after upgrade from 2.6 to 2.7: After upgrading from version 2.6 to 2.7 on the amd64 architecture, the following crash report message is displayed on... Jefeson Alves
08:05 PM Bug #14545 (Feedback): Per-log settings for file size and retention count are not honored: Applied in changeset commit:6021c3e059885ce3fff09e5b00df037db034ff14. Jim Pingle
07:56 PM Bug #14545: Per-log settings for file size and retention count are not honored: This also affects the retention count, not just the log size. Easy fix, it's not using the full correct path to the X... Jim Pingle
04:47 PM Bug #14545 (Confirmed): Per-log settings for file size and retention count are not honored: Setting the log file size for individual logs is not reflected in the generated file: /var/etc/newsyslog.conf.d/pfSen... Steve Wheeler
04:31 PM Bug #14545 (Resolved): Per-log settings for file size and retention count are not honored: Since upgrade from 2.6.0 to 2.7.0 there is something wrong with syslog. When increasing the file size of some logs le... odo maitre
07:56 PM Revision 6021c3e0: Use correct per-log settings path. Fixes #14545: Jim Pingle
07:40 PM Bug #14549 (Feedback): Interface value is not properly validated when submitted on ``interfaces_gif_edit.php`` and ``interfaces_gre_edit.php``: Applied in changeset commit:d69d6c8424ab4299234fb5ec6964682e2e6cbcdd. Jim Pingle
07:30 PM Bug #14549 (Resolved): Interface value is not properly validated when submitted on ``interfaces_gif_edit.php`` and ``interfaces_gre_edit.php``: When submitting a form on @interfaces_gif_edit.php@ and @interfaces_gre_edit.php@ the page takes an optional value fo... Jim Pingle
07:31 PM Revision d69d6c84: Improve GIF/GRE interface handling. Fixes #14549: Jim Pingle
07:00 PM Bug #14548 (Feedback): ``status_logs_filter_dynamic.php`` does not encode value of ``interfacefilter`` in raw mode: Applied in changeset commit:f387c974a9a597bf01ab86ec049cca186a1e050c. Jim Pingle
06:50 PM Bug #14548 (Resolved): ``status_logs_filter_dynamic.php`` does not encode value of ``interfacefilter`` in raw mode: When accessing the dynamic firewall log view via @status_logs_filter_dynamic.php@ in RAW mode (@filtersubmit=1@) the ... Jim Pingle
06:51 PM Revision f387c974: Encode dynamic log if filter. Fixes #14548: Jim Pingle
05:55 PM Bug #14547 (Feedback): ``getserviceproviders.php`` does not always validate value of ``$connection``, displays without encoding: Applied in changeset commit:543dc9253d6ab0e755ee043da2217d996a28ab5e. Jim Pingle
05:43 PM Bug #14547 (Resolved): ``getserviceproviders.php`` does not always validate value of ``$connection``, displays without encoding: When obtaining PPP service provider plan information, the code in @getserviceproviders.php@ does not test or validate... Jim Pingle
05:51 PM pfSense Packages Bug #14406: Squid Proxy version 0.4.46 Missing Error subfolder and files for "en" or "en-usa" and all other languages.: @jonathanlee and @pete-wright I wanted to confirm that I had not seen this thread and had performed similar steps to ... Eric Reiss
05:43 PM Revision 543dc925: Multiple issues with PPP providers. Fixes #14547: * Update code for PHP 8.x
* Fix connection name handling (validation, parsing, etc)
* Fix output encoding of plan dat... Jim Pingle
04:51 PM Bug #14524: Cannot select IP Alias VIP with CARP VIP parent in Virtual IP drop-down on Gateway Groups: Will gladly try to send that in as a pull tomorrow. Jens Groh
12:59 PM Bug #14524: Cannot select IP Alias VIP with CARP VIP parent in Virtual IP drop-down on Gateway Groups: Can you submit that change as a pull request on Github?
https://docs.netgate.com/pfsense/en/latest/development/pul... Jim Pingle
11:40 AM Bug #14524: Cannot select IP Alias VIP with CARP VIP parent in Virtual IP drop-down on Gateway Groups: Just wanted to add that the fix is working in a production setting on a customer's box running with multiple VIPs and... Jens Groh
04:47 PM Feature #14546 (New): Package description should identify SSD/HDD requirement: Netgate has a list of which packages have an SSD requirement or recommendation at https://www.netgate.com/supported-p... Steve Y
04:07 PM Bug #14543 (Not a Bug): minor issue installing 2.7 with ZFS, mouse required!: If there is only one entry it's already there, the cursor is already in the right place.
Pressing the space bar wo... Jim Pingle
03:53 PM Bug #14543: minor issue installing 2.7 with ZFS, mouse required!: Marcos M wrote in #note-1:
> It sounds as if the keyboard was not detected.
>
The keyboard was detected and us... Patrik Stahlman
03:40 PM Bug #14543 (Incomplete): minor issue installing 2.7 with ZFS, mouse required!: The installer has been tested on multiple platforms, including Proxmox VE, Microsoft Hyper-V, and VMware ESXi. If the... Marcos M
03:05 PM Bug #14543 (Not a Bug): minor issue installing 2.7 with ZFS, mouse required!: This is a rare corner case (IMHO) but perhaps a "bug" worth fixing.
I was going to install a fresh 2.7 with ZFS.... Patrik Stahlman
04:05 PM Bug #14537: Nat Reflection changed behavior on pfsense 2.7: Hello Jim,
thanks for your reply. It was not a request for support.
I just notified a changed behavior between pf... Michele Zamboni
12:57 PM Bug #14537 (Rejected): Nat Reflection changed behavior on pfsense 2.7: This site is not for support or diagnostic discussion.
For assistance in solving problems, please post on the "Net... Jim Pingle
03:56 PM Bug #14544 (Resolved): PPP interface default username/password are not being populated from provider data on ``interfaces.php`` and ``interfaces_ppps_edit.php``: When selecting a PPP interface service (country, provider, plan) there is JavaScript on the page which is supposed to... Jim Pingle
03:23 PM pfSense Packages Feature #14538 (Resolved): Add switch for Tailscale DNS: With the accept DNS option enabled (default):... Christian McDonald
01:51 PM pfSense Packages Feature #14538 (Feedback): Add switch for Tailscale DNS: https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/commit/543e81ef566acdd95d4c13f04f3535c62e1e9ac4
Done. Christian McDonald
02:05 PM Bug #14542 (Confirmed): Gateway widget tooltip incorrectly indicates some gateways as being default: Jim Pingle
02:00 PM Bug #14542 (Resolved): Gateway widget tooltip incorrectly indicates some gateways as being default: The gateway widget display incorrect information. When hovering over any gateway it is shown (in the pop-up) that it ... Patrik Stahlman
01:24 PM Bug #14541: No Site-to-Site VPN after upgrading CE from 2.6.0 to 2.7.0: If I still may respond: I would never dare to post anything here prematurely. This was filed AFTER posting in the for... Michael Schefczyk
12:59 PM Bug #14541 (Not a Bug): No Site-to-Site VPN after upgrading CE from 2.6.0 to 2.7.0: That is almost certainly a configuration issue. This site is not for support or diagnostic discussion.
For assista... Jim Pingle
06:53 AM Bug #14541 (Not a Bug): No Site-to-Site VPN after upgrading CE from 2.6.0 to 2.7.0: After upgrading from CE 2.6.0 to 2.7.0, OpenVPN site-to-site does stop working. This does not seem to be an isolated ... Michael Schefczyk
01:07 PM Regression #14534: Cavium ``qlnxe`` / ``if_qlnxe`` driver is not present: Jim Pingle wrote in #note-3:
> I don't see the module in the builds or in the kernel configuration, but the string fo... Nikolaos Astyrakakis
12:53 PM Regression #14534: Cavium ``qlnxe`` / ``if_qlnxe`` driver is not present: I don't see the module in the builds or in the kernel configuration, but the string for it is still in @MODULES_OVERR... Jim Pingle
12:58 PM Bug #14540 (Rejected): Crash logs after 2.6 > 2.7 upgrade. Keep reappearing after delete: That looks like some portion of your upgrade did not complete properly. This site is not for support or diagnostic di... Jim Pingle
12:56 AM Bug #14540 (Rejected): Crash logs after 2.6 > 2.7 upgrade. Keep reappearing after delete: I’m seeing a message to a crash log on the dashboard of pfsense after the upgrade from 2.6.0 to 2.7.0. I did clear i... Keith Sauer
12:55 PM pfSense Packages Bug #14536 (Duplicate): Backend cookie protection option generates invalid haproxy config file: Duplicate of #13343 Jim Pingle
12:42 PM pfSense Packages Bug #10692 (Confirmed): PIMD starts twice at boot: Jim Pingle
12:41 PM Regression #12215 (Closed): OpenVPN does not resync when running on a gateway group: Jim Pingle
12:23 PM pfSense Plus Bug #14531: Traffic Graph widget doesn't show traffic counts for OpenVPN interfaces since 23.05.1 upgrade.: It would help to know a few things, such as:
* Is DCO enabled or disabled?
* Is OpenVPN in tap or tun mode?
* Ha... Jim Pingle
12:20 PM Feature #14533 (Duplicate): Kil UDP states on gateway recovery: Duplicate of #855 Jim Pingle
10:07 AM Feature #9545: Enable Multipath Routing in the Kernel: Jim, are you aware of any plans to enable multipath in the FRR package? Alex Kolesnik

07/04/2023

03:07 PM Bug #14497 (Feedback): Kernel panic when using traffic shaping on a PPPoE interface: I've cherry-picked the fix to our branches as well. It should be part of future snapshot builds.
There's no real w... Kristof Provost
02:48 PM Regression #14026: HA node with CARP VIP in backup state is unable to ping the active node using that CARP VIP address: https://forum.netgate.com/topic/181163/strange-carp-behavioral-change-bug-in-ha-setup-after-upgrade-from-2-6-0-to-2-7... Jonathan Lee
04:45 AM pfSense Packages Feature #14539 (New): Add support for Oracle Cloud Infrastructure (OCI) vNIC management to work with unicast CARP: Add the ability to invoke OCI APIs to relocate secondary IPs (i.e. CARP VIPs) on vNICs when CARP VIP events occur in ... James George
01:27 AM pfSense Packages Feature #14538 (Resolved): Add switch for Tailscale DNS: from cmacdonald on Reddit - Add a simple knob to the Tailscale section of the pfSense Web UI to toggle whether pfSens... Lily S

07/03/2023

11:00 PM pfSense Packages Regression #14452: Prometheus node_exporter generates errors with the default config: I stumbled upon this today. This PR [[https://github.com/prometheus/node_exporter/pull/2584]] may provide additional ... Steven Hostetler
07:36 PM Bug #14497: Kernel panic when using traffic shaping on a PPPoE interface: Fixed upstream in https://cgit.freebsd.org/src/commit/?id=d0b0424fa0ca8fb239e00d6bdd5e6340b7a85e68
Test case: https:... Kristof Provost
02:36 PM Bug #14497: Kernel panic when using traffic shaping on a PPPoE interface: I believe I've identified the cause. It's not quite what I thought initially, but it's close.
We are indeed enqueuin... Kristof Provost
04:31 PM Bug #14537: Nat Reflection changed behavior on pfsense 2.7: Added System>Advanced>Firewall & NAT>Network Address Translation configuration. Michele Zamboni
04:15 PM Bug #14537 (Rejected): Nat Reflection changed behavior on pfsense 2.7: Hello,
we are having problems with NAT Reflection after updating to pfsense 2.7 from 2.6
It seems that now NAT re... Michele Zamboni
02:46 PM Regression #14374: Static ARP entries are not configured at boot: Just to chime in - this came up in recent thread
https://forum.netgate.com/topic/181220/arp-tables-most-static-add... JohnPoz _
01:43 PM Bug #11759: Traffic graphs on dashboard double upload on pppoe links: This issue is still present in 23.05.1
I also run a traffic shaper on WAN.
What's not shown in the traffic graph a... Patrik Stahlman
01:33 PM pfSense Packages Bug #14536 (Duplicate): Backend cookie protection option generates invalid haproxy config file: On PFSense 2.7.0, with haproxy 0.61_10 package installed.
Create a haproxy backend, edit it and enable the "Cookie... Alfredo Pironti
10:49 AM Bug #14524: Cannot select IP Alias VIP with CARP VIP parent in Virtual IP drop-down on Gateway Groups: I made a small patch against the current stable (CE) repository.
Problem most certainly stems from util.inc (https... Jens Groh
08:54 AM Regression #14534: Cavium ``qlnxe`` / ``if_qlnxe`` driver is not present: Kris Phillips wrote in #note-1:
> Nikolaos Astyrakakis wrote:
> > Interfaces using qlnxe driver are not appearing i... Nikolaos Astyrakakis
07:03 AM Todo #10464: Don't change the current update repo when new releases are available: Same here: pfSense uninstalled the asterisk package without any approval:... Alex Kolesnik
02:56 AM pfSense Packages Bug #14498: php errors when looking at snort active rules: In the interest of coming to a resolution on this ticket...
The issue identified here is more of a generic problem w... Bill Meeks
02:19 AM pfSense Packages Bug #14498: php errors when looking at snort active rules: @Christopher Cope
I wanted to also take the time to message you and say I am sorry for the reply with, "If you do no... Jonathan Lee
12:20 AM pfSense Packages Bug #14498: php errors when looking at snort active rules: @Ryan Coleman
Can you mark my open TAC ticket #1731574435 as closed as it is confirmed this is a code/software is... Jonathan Lee
01:11 AM pfSense Packages Bug #14514: SNORT randomly starts blocking the IP address on the interface that it is residing on: Hello fellow Redmine members,
I do understand that adding my ISP issued IP address to the pass list and or suppres... Jonathan Lee
01:05 AM pfSense Packages Bug #14108: Antivirus Bases showing outdated main.cvd with a version dated year 2021: @Kris Phillips
Thanks for looking into this Jonathan Lee
01:03 AM pfSense Packages Regression #13984: PHP errors with squid: @Marcos
Thanks for looking into this. Jonathan Lee
01:01 AM Regression #14500: PHP Error when viewing Traffic Graphs in ``iftop`` mode: @Jim Pingle
Thanks for looking into this. I appreciate all you do. Jonathan Lee
12:59 AM pfSense Packages Bug #14406: Squid Proxy version 0.4.46 Missing Error subfolder and files for "en" or "en-usa" and all other languages.: @Pete Wright thanks for confirming this issue. Jonathan Lee

07/02/2023

11:59 PM pfSense Packages Bug #14498: php errors when looking at snort active rules: @Bill Meeks
Thank you for confirming the code issue. As you quoted,
"No matter how much RAM is in the firewall,... Jonathan Lee
11:48 PM pfSense Packages Bug #14498: php errors when looking at snort active rules: _How were you attempting to implement a paged output? Was it images that you created and or just accessing sections o... Ryan Coleman
10:47 PM pfSense Packages Bug #14498: php errors when looking at snort active rules: I would just make a buffered image and save it everytime that method was called on. It would save the file and open i... Jonathan Lee
10:36 PM pfSense Packages Bug #14498: php errors when looking at snort active rules: Thanks for your reply and looking into this at a granular level.
I noticed you said " _I've toyed around with tryi... Jonathan Lee
06:24 PM pfSense Packages Bug #14498: php errors when looking at snort active rules: This is a consequence of the PHP process itself running out of memory. Because the output is being buffered in an att... Bill Meeks
02:41 PM pfSense Packages Bug #14498: php errors when looking at snort active rules: The truth is, I really want to fix this PHP software issue, again I am still a student and rather overzealous when I ... Jonathan Lee
05:30 AM pfSense Packages Bug #14498: php errors when looking at snort active rules: Your ticket number is: 1731574435 Jonathan Lee
05:29 AM pfSense Packages Bug #14498: php errors when looking at snort active rules: TAC ticket open with this referenced copy of config is loaded with my serial number. I hope that provides everything ... Jonathan Lee
05:11 AM pfSense Packages Bug #14498: php errors when looking at snort active rules: Also attached is *proof* that the custom rules I have in Snort are in use and functional within this regard.
_S... Jonathan Lee
05:03 AM pfSense Packages Bug #14498: php errors when looking at snort active rules: After sometime I still show no memory errors inside of the SG-2100MAX for this timestamp.
Please let me know if y... Jonathan Lee
04:59 AM pfSense Packages Bug #14498: php errors when looking at snort active rules: Per your request in 23.05.1
See attached system goes to blank screen error occurs and no errors in system logs tha... Jonathan Lee
04:46 AM pfSense Packages Bug #14498: php errors when looking at snort active rules: I do also have custom rules active inside snort. I do not know if that causes it. As custom rules are pasted in and l... Jonathan Lee
04:38 AM pfSense Packages Bug #14498: php errors when looking at snort active rules: Hello thanks for the reply. This PHP error occurs when I attempt to view the active rules in snort. I only have 20 pe... Jonathan Lee
11:08 PM Feature #14535: DNS Unbound Resolver will still resolve IPv6 AAAA URLS when LAN and WAN are set to none for IPv6.: See attached with custom options only IPv4 address is resolved. Without them it will still show an IPv6 address even ... Jonathan Lee
11:06 PM Feature #14535 (Not a Bug): DNS Unbound Resolver will still resolve IPv6 AAAA URLS when LAN and WAN are set to none for IPv6.: Hello fellow redmine members,
I have noticed that the DNS unbound still resolves AAAA ipv6 when the LAN and WAN in... Jonathan Lee
09:33 PM pfSense Packages Bug #14491: FRR not starting with AgentX enabled: We can confirm this also on our 2.7 Upgrade which broke FRR from starting (although I think its somthing to do with t... Yif Swery
04:11 PM Bug #12612: DNS Resolver is restarted during every ``rc.newwanip`` event even for interfaces not used in the resolver: It seems the problem is back in 2.7.0 - even if nothing has changed running rc.newwanip is restarting unbound. odo maitre
04:24 AM Feature #5074: Standard release notes URLs to facilitate GUI viewing before upgrade: Even a static link to https://docs.netgate.com/pfsense/en/latest/releases/index.html on the "update available" page w... router owner
12:11 AM Bug #14462: Breadcrumb path missing on ``system_register.php``: still present in 23.05.1 for system_register.php page Jordan G

07/01/2023

11:59 PM Bug #14477: Defining IP address on an Interface doesn't check defined VIPs for possible IP address overlapping: This bug are likely related: https://redmine.pfsense.org/issues/13961 Kris Phillips
11:57 PM pfSense Packages Bug #10692: PIMD starts twice at boot: confirming, same thing as above with 23.05.1 and pimd 0.0.3_6 Jordan G
11:45 PM pfSense Plus Bug #14531: Traffic Graph widget doesn't show traffic counts for OpenVPN interfaces since 23.05.1 upgrade.: What is being done to reproduce this? I have two OpenVPN Client interfaces and the widget on the dashboard shows tra... Kris Phillips
06:24 AM pfSense Plus Bug #14531 (Confirmed): Traffic Graph widget doesn't show traffic counts for OpenVPN interfaces since 23.05.1 upgrade.: Tested on SG-3100 23.05.1 release. I can confirm this behavior. Danilo Zrenjanin
11:41 PM Regression #14534: Cavium ``qlnxe`` / ``if_qlnxe`` driver is not present: Nikolaos Astyrakakis wrote:
> Interfaces using qlnxe driver are not appearing in 2.7.0 version.
>
> I added if_ql... Kris Phillips
12:13 PM Regression #14534 (Resolved): Cavium ``qlnxe`` / ``if_qlnxe`` driver is not present: Interfaces using qlnxe driver are not appearing in 2.7.0 version.
I added if_qlnxe_load="YES" but the interfaces a... Nikolaos Astyrakakis
11:39 PM Bug #13277: IGMP Proxy webConfigurator Page Always Produces Error: Tested on 23.05 and 23.05.1. The error is present on both releases. Kris Phillips
11:04 PM Regression #12215: OpenVPN does not resync when running on a gateway group: 23.05.1 has OpenVPN clients using the configured gateway group as the correct interface(s) and appears to failover an... Jordan G
10:30 PM pfSense Packages Bug #14498: php errors when looking at snort active rules: We'll need more information to confirm if this is actually a bug. It is possible you are hitting the memory limit in ... Christopher Cope
10:31 AM Feature #14533 (Duplicate): Kil UDP states on gateway recovery: Hi the community
I tested pfsense 2.7CE and I hoped it can finally solved a long time problem that udp states for ... Lionel RIVIERE
09:48 AM Regression #14517 (Resolved): Log rotation is not active if the configuration contains an empty ``<syslog>`` section or if that section is not present: Tested the patch against the:... Danilo Zrenjanin
05:37 AM Bug #14237: Intermittent packet loss related to DHCP with Multi-WAN: Still an issue on 2.7.0 release. Seems to happen more frequently now, but might also be a coincidence. Nazar Mokrynskyi
12:36 AM Todo #10464: Don't change the current update repo when new releases are available: Imo there are three separate updates pfsense manages
* pfsense update: branch set to current should update as new cur... Patch Public

06/30/2023

08:29 PM pfSense Packages Bug #14532 (Not a Bug): Error is logged every time a domain in the DNSBL is temporarily unlocked or re-locked: From the Reports > Alerts tab, when I click the red lock icon to temporarily unlock a domain listed under the DNSBL P... Derek Fong
06:09 PM Regression #14374: Static ARP entries are not configured at boot: pfSense 2.7.0 problem with static arp after reboot still exists. Evgeny Korostelev
05:17 PM pfSense Packages Todo #13917 (In Progress): OpenVPN Client Export: Integrate OpenVPN 2.6.0: Jim Pingle
04:48 PM pfSense Plus Bug #14531 (Confirmed): Traffic Graph widget doesn't show traffic counts for OpenVPN interfaces since 23.05.1 upgrade.: The Traffic Graph widget doesn't show the in\out traffic for the OpenVPN interfaces.
!clipboard-202306302045-mzwyk... Lev Prokofev
03:47 PM pfSense Packages Bug #14530 (Resolved): Suricata 6.0.13 package interface settings: Hello,
The text label at _Services / Suricata / Interfaces / <IF>(Edit) / <IF>Flow/Stream / Stream Memory Cap_ say... Robert Karsai
02:40 PM Feature #14265 (Feedback): Option to invalidate GUI login session if the client address changes: Applied in changeset commit:d6078e851ade476b6e9190fd77b9a70eb3c7bb92. Christopher Cope
02:33 PM Revision d6078e85: Add option to invalidate GUI login on IP address change. Implements #14265: Christopher Cope
02:06 PM Bug #14497: Kernel panic when using traffic shaping on a PPPoE interface: A bit more progress. It looks like we're enqueuing the same mbuf twice, so it gets used after it's been freed and tha... Kristof Provost
12:56 PM pfSense Packages Feature #14529: eBPFShield: Also can send alerts to SIEM ie call outs to "ransomware_.com" or other nastyware infected machines calling out to c... Michael Lawrence
12:46 PM pfSense Packages Feature #14529 (New): eBPFShield: https://github.com/sagarbhure/eBPFShield
Advanced host monitoring and threat detection with eBPF 🛡️
eBPFShield ... Michael Lawrence
08:12 AM Bug #14524: Cannot select IP Alias VIP with CARP VIP parent in Virtual IP drop-down on Gateway Groups: Created a forum topic just in case: https://forum.netgate.com/topic/181150/bug-in-gateway-group-creation-screen Jens Groh
07:03 AM pfSense Packages Bug #10936: both haproxy/haproxy-devel non-existent option lb-agent-chk: Tested on: ... Danilo Zrenjanin
06:22 AM pfSense Docs Todo #14528 (New): Feedback on pfSense® software Configuration Recipes — Configuring CoDel Limiters for Bufferbloat: *Page:* https://docs.netgate.com/pfsense/en/latest/recipes/codel-limiters.html
*Feedback:*
The documentation for ... Nico Neukirchen
03:50 AM Bug #12079: Kernel panic when running IGMP Proxy: Sleeping thread owns a non-sleepable lock: There seems to be little progress and a possible fix is being postponed.
I can't imagine that I'm the only one bumpi... Arturo de Vries

06/29/2023

11:18 PM Feature #14483: Conditionally reconfigure IPsec VTI interfaces only when necessary while applying IPsec changes: I moved one of my FRR neighbors over to wireguard and left the rest to IPsec VTI. As I suspected any changes to the I... Mike Moore
01:40 PM Feature #14483: Conditionally reconfigure IPsec VTI interfaces only when necessary while applying IPsec changes: IPsec with FRR is still not stable. Any hope in getting it looked at after the holiday? Mike Moore
09:09 PM Bug #5413: Reduce disruptions when changing DNS records from DHCP leases in Unbound: It is actively being worked on. Christian McDonald
09:06 PM Bug #5413: Reduce disruptions when changing DNS records from DHCP leases in Unbound: I had high hopes that we may see the fix in the latest version (23.05). Do we have a road map or at least a time fram... Mark Abram
09:00 PM Bug #14527 (Duplicate): DNS Resolver restarts when clients connect or reconnect: There is already a report for it (the one you linked to), no need for a duplicate. Add a comment on the open issue. Jim Pingle
08:31 PM Bug #14527 (Duplicate): DNS Resolver restarts when clients connect or reconnect: Hi,
So this problem has been an issue for some time. I mean years time. I run Unbound DNS externally because I am ... Mark Abram
08:46 PM Bug #14516: With Multiple static ARP MAC-IP pairing to the same IP address hosts in ARP TABLE showing wrong pairings: yes we can agree the user can configure it wrong all over. Again, an administrator might fat finger a large static DH... Jonathan Lee
08:28 PM Bug #14516: With Multiple static ARP MAC-IP pairing to the same IP address hosts in ARP TABLE showing wrong pairings: Because of the hostname mix up seen here can we please use a Java "map" object and or Python's "dictionary" equivalen... Jonathan Lee
01:35 PM Bug #14516: With Multiple static ARP MAC-IP pairing to the same IP address hosts in ARP TABLE showing wrong pairings: Why does the GUI allow it? Leading to, it does allow it so, why does it map to the wrong host names? Jonathan Lee
03:20 AM Bug #14516: With Multiple static ARP MAC-IP pairing to the same IP address hosts in ARP TABLE showing wrong pairings: Should DHCP allow multiple entries? Leading to if it does why did it not map to the correct hostname in the arp table... Jonathan Lee
05:15 PM Revision 6e1a1453: Make 2.7.0-RELEASE the default: Brad Davis
05:14 PM pfSense Plus Bug #14526 (Rejected): 23.05.01 can't normal boot: This site is not for support or diagnostic discussion.
For assistance in solving problems, please post on the "Net... Jim Pingle
05:12 PM pfSense Plus Bug #14526 (Rejected): 23.05.01 can't normal boot: i am upgrade from 23.05 to 23.05.01. it is installed frr. the 23.05.01 can't normal work.
!clipboard-20230... yon Liu
04:57 PM Regression #14525 (Resolved): PHP error in ``status_ipsec.php`` after removing active IPsec tunnel configuration: ... Christopher Cope
04:23 PM pfSense Packages Feature #9141: FRR xmlrpc: To understand the set up then.
nodeA and nodeB will have sepearate routing neighbors probably exchanging the same ... Mike Moore
04:19 PM pfSense Packages Feature #14512: Basic Auth through GUI: This can be achieved through Advanced pass-thru.
I am only advocating having a GUI option available to create users/... Mike Moore
03:05 PM pfSense Packages Feature #9833: ACME: add ability to use custom ACME server: +1 as well. Also a shout out to Step CA. There are more and more options for ACME endpoints hosted privately, this ... Jamison Maxwell
02:39 PM Revision e0c84221: Bump next to 2.7.0-RELEASE: Brad Davis
01:43 PM Bug #14524 (Resolved): Cannot select IP Alias VIP with CARP VIP parent in Virtual IP drop-down on Gateway Groups: Running version: 23.05-plus
Affected: all? (as it's probably a UI issue)
Hi,
As this seems a clear UI issue/bu... Jens Groh
01:02 PM Bug #14432: PHP error when failing to write ``config.cache``: User still hitting this in 23.05:... Steve Wheeler
12:10 PM Revision 0fb335e6: Bump to 2.8.0-DEVELOPMENT: Brad Davis
07:26 AM pfSense Plus Bug #14515 (Resolved): Ethernet rule Action field hint text lists "reject" option which is not compatible with Ethernet rules: Tested the patched file. The help text on Ethernet rules says only "Choose what to do with packets that match the cri... Danilo Zrenjanin
03:14 AM pfSense Plus Bug #14515: Ethernet rule Action field hint text lists "reject" option which is not compatible with Ethernet rules: Thanks for looking into this small detail. I appreciate you. Jonathan Lee
06:45 AM pfSense Packages Bug #14460: PHP Fatal error: Uncaught TypeError: Cannot access offset of type string on string in /usr/local/pkg/haproxy/haproxy.inc:2158: I have the exact same block of three lines on another appliance. So this might be some result of upgrades and changes... Stefan Weichinger
06:30 AM pfSense Packages Bug #14460: PHP Fatal error: Uncaught TypeError: Cannot access offset of type string on string in /usr/local/pkg/haproxy/haproxy.inc:2158: I can confirm that after removing the lines, there are no PHP errors, and the service starts successfully.
Danilo Zrenjanin
12:38 AM pfSense Packages Bug #14523 (Resolved): PHP error when using an unsupported alias type in Advanced Rule Settings: Confirmed on both 2.6, 2.7-RC and 23.05 using pfBlockerNG-Devel 3.2.0_5 and 3.2.0_4. Removing pfBlockerNG-devel packa... Sengor K

06/28/2023

09:28 PM pfSense Packages Bug #14426: PHP errors in Lightsquid: Hi, it is happening in 4100 too.
Crash report begins. Anonymous machine information:
amd64
14.0-CURRENT
Free... Wil M
09:18 PM Feature #14402: Dynamic DNS support for Porkbun: I'm using pfsense+ 23.05-Release
I was able to import this PR using the patches plugin via this URL https://github... Adrien Carlyle
07:51 PM pfSense Packages Bug #14460: PHP Fatal error: Uncaught TypeError: Cannot access offset of type string on string in /usr/local/pkg/haproxy/haproxy.inc:2158: Found my way: fixed now. Thanks for your help. Stefan Weichinger
06:56 PM pfSense Packages Bug #14460: PHP Fatal error: Uncaught TypeError: Cannot access offset of type string on string in /usr/local/pkg/haproxy/haproxy.inc:2158: Tried editing with `viconfig`: as HAproxy is down, ACME couldn't pull a LetsEncrypt-Cert, so no GUI right now ... edi... Stefan Weichinger
06:41 PM pfSense Packages Bug #14460: PHP Fatal error: Uncaught TypeError: Cannot access offset of type string on string in /usr/local/pkg/haproxy/haproxy.inc:2158: Stefan Weichinger wrote in #note-6:
> Jim Pingle wrote in #note-5:
> Great, thanks. How would I do this? HAproxy is... Jim Pingle
06:29 PM pfSense Packages Bug #14460: PHP Fatal error: Uncaught TypeError: Cannot access offset of type string on string in /usr/local/pkg/haproxy/haproxy.inc:2158: Jim Pingle wrote in #note-5:
> This is your problem, the configuration is invalid:
>
> [...]
>
> If you delete... Stefan Weichinger
06:13 PM pfSense Packages Bug #14460: PHP Fatal error: Uncaught TypeError: Cannot access offset of type string on string in /usr/local/pkg/haproxy/haproxy.inc:2158: This is your problem, the configuration is invalid:... Jim Pingle
06:15 AM pfSense Packages Bug #14460: PHP Fatal error: Uncaught TypeError: Cannot access offset of type string on string in /usr/local/pkg/haproxy/haproxy.inc:2158: May I ask for help again? We'd like to see this issue solved ... thanks Stefan Weichinger
07:10 PM Bug #14522 (New): IPv6 doesn't get update on interface change if track interface is selected: How to reproduce:
configure a WAN connection with dynamic IPv6 and request a subnet:
!clipboard-202306282106-rec3j.... L J
06:22 PM Feature #14521 (New): Allow larger subets that /64 for track interface in interface settings: it would be very helpful if a larger subnet mask could be selected for a tracking interface (e.g. to allow a second f... L J
05:46 PM pfSense Packages Bug #14519: PHP Error: Cannot access offset of type string on string in /usr/local/pkg/status_traffic_totals.inc:189: Yes, it's consistent with the package not updating during the upgrade. Updating the package to the current (fixed) co... Jim Pingle
05:41 PM pfSense Packages Bug #14519: PHP Error: Cannot access offset of type string on string in /usr/local/pkg/status_traffic_totals.inc:189: This is strange as I get this error every time I log into the web interface. I've reinstalled the package and now the... L J
04:22 PM pfSense Packages Bug #14519 (Not a Bug): PHP Error: Cannot access offset of type string on string in /usr/local/pkg/status_traffic_totals.inc:189: OK I've tried but I can't reproduce this. The only thing I can think of is that somehow your system was trying to exe... Jim Pingle
03:27 PM pfSense Packages Bug #14519: PHP Error: Cannot access offset of type string on string in /usr/local/pkg/status_traffic_totals.inc:189: Looks like it's one of a common set of errors we've seen where the config has no (or a partial/empty) OpenVPN config ... Jim Pingle
03:09 PM pfSense Packages Bug #14519 (Not a Bug): PHP Error: Cannot access offset of type string on string in /usr/local/pkg/status_traffic_totals.inc:189: It seems that this error was already topic in #13775
Crash report begins. Anonymous machine information:
amd64... L J
05:37 PM Feature #14520 (New): Allow more than one IPv6 per Interface and in RA-Service: In current development status it is only possible to have one IPv6 per interface in tracking mode. If there are more ... L J
05:29 PM pfSense Packages Bug #14509 (Not a Bug): PHP Error in ``vpn_openvpn_export.php``: Jim Pingle
05:23 PM pfSense Packages Bug #14509: PHP Error in ``vpn_openvpn_export.php``: Issue fixed by manually upgrading the openvpn-client-export package:
---------------------------------------------... Ivo Gurp
03:04 PM pfSense Plus Bug #14515: Ethernet rule Action field hint text lists "reject" option which is not compatible with Ethernet rules: Updating subject and fixing project/target. Jim Pingle
02:17 PM pfSense Plus Bug #14515 (Feedback): Ethernet rule Action field hint text lists "reject" option which is not compatible with Ethernet rules: Thanks.
pf(4) only supports pass/block action semantics for L2 rule processing, reject/match are not supported.
I h... Christian McDonald
01:34 PM Bug #14518: pfSense CrashLog on 2.7.0RC Upgrade: I did have to update almost all of the packages after the upgrade. I think the acme package and system patches were t... Matthew Drury
01:15 PM Bug #14518: pfSense CrashLog on 2.7.0RC Upgrade: OK, and did you have to manually upgrade those packages after?
It's possible a problem with one of the old package... Jim Pingle
01:09 PM Bug #14518: pfSense CrashLog on 2.7.0RC Upgrade: There is no new crash report given upon a reboot.
Packages Installed:
Acme
llpd
nut
Openvpn-client-export
pfB... Matthew Drury
01:00 PM Bug #14518 (Feedback): pfSense CrashLog on 2.7.0RC Upgrade: The module errors are known/expected during any upgrade where the PHP version changes. We're working on trying to imp... Jim Pingle
12:51 PM Bug #14518 (Closed): pfSense CrashLog on 2.7.0RC Upgrade: I received this crash log upon upgrade to 2.7.0RC from 2.6.0. Everything seems to be running fine so far despite this... Matthew Drury
01:00 PM Regression #14517 (Feedback): Log rotation is not active if the configuration contains an empty ``<syslog>`` section or if that section is not present: Applied in changeset commit:892de1ecdaa23b164f6b2a2251d7538eee2199ea. Jim Pingle
12:42 PM Regression #14517 (Resolved): Log rotation is not active if the configuration contains an empty ``<syslog>`` section or if that section is not present: Similar to how logging didn't work in #14283, if the @<syslog>@ section of @config.xml@ is missing or empty, the news... Jim Pingle
12:53 PM Revision 892de1ec: Fix invalid log rotation setup test. Fixes #14517: Jim Pingle
12:00 AM pfSense Packages Feature #9238: Add support for Zerotier: Any update on this?
I third this idea Scott Howard

06/27/2023

10:57 PM Bug #14516 (Not a Bug): With Multiple static ARP MAC-IP pairing to the same IP address hosts in ARP TABLE showing wrong pairings: Hello fellow pfsense redmine community members,
I was researching just random items with MAC addresses and IP mapp... Jonathan Lee
10:25 PM pfSense Plus Bug #14515 (Resolved): Ethernet rule Action field hint text lists "reject" option which is not compatible with Ethernet rules: Hello fellow pfsense redmine members,
I wanted to post this under the experimental layer 2 access control list are... Jonathan Lee
10:22 PM pfSense Packages Bug #14514 (Duplicate): SNORT randomly starts blocking the IP address on the interface that it is residing on: Hello fellow pfsense Redmine team members,
I have found an issue where SNORT starts to block out my ip address th... Jonathan Lee
07:20 PM Bug #14513 (Resolved): Improve error handling in ``status.php``: The status.php page is typically used when there's an issue with the system. If PHP errors are encountered while gene... Marcos M
06:51 PM Revision 81c6453d: composer update: Christian McDonald
05:22 PM pfSense Docs Correction #14511: Dynamic Routing over WireGuard: The only other caveat i have found is if the tunnel is up using a non-zero allowed IP address and you have establishe... Mike Moore
04:45 PM pfSense Docs Correction #14511: Dynamic Routing over WireGuard: Correction. The route just made it in there when i did my screencap. I reverted back to 0.0.0.0/0 in Allowed IP Mike Moore
04:44 PM pfSense Docs Correction #14511: Dynamic Routing over WireGuard: Another post.
As you can see the routes exist within the BGP dameon process
sh ip bgp neighbors 10.6.106.2 receiv... Mike Moore
04:37 PM pfSense Docs Correction #14511: Dynamic Routing over WireGuard: Routing fails. I am uploading the pics to show.
Moving back to 0.0.0.0/0 restores connectivity. Mike Moore
04:26 PM pfSense Docs Correction #14511: Dynamic Routing over WireGuard: Mike Moore wrote in #note-2:
> Its possible things have changed.
> This is a site2site tunnel with a configuration ... Jim Pingle
04:24 PM pfSense Docs Correction #14511: Dynamic Routing over WireGuard: Its possible things have changed.
This is a site2site tunnel with a configuration with only 1x peer. I am doing BGP
... Mike Moore
04:09 PM pfSense Docs Correction #14511 (Feedback): Dynamic Routing over WireGuard: Unless something changed, if there is only one peer on the tunnel it used to assume that since it didn't have to deci... Jim Pingle
02:42 PM pfSense Docs Correction #14511 (Feedback): Dynamic Routing over WireGuard: https://docs.netgate.com/pfsense/en/latest/vpn/wireguard/routing.html#dynamic-routing
Please add a note that when ... Mike Moore
04:53 PM Revision 1d1b1c02: Bump to 2.7-RELEASE: Brad Davis
03:01 PM pfSense Packages Feature #14512 (New): Basic Auth through GUI: Add the ability through the GUI to provide basic authentication for either frontend or backend pools
You can hack ... Mike Moore
02:13 PM Bug #14497: Kernel panic when using traffic shaping on a PPPoE interface: I believe I've reproduced the problem. It required using ix3 as LAN interface and ix3.201 as PPPoE for WAN.
With a... Kristof Provost
03:57 AM Feature #14483: Conditionally reconfigure IPsec VTI interfaces only when necessary while applying IPsec changes: Hi. Making a heartbeat check.
Will this get investigated further?
At this time i cant reliably use VTI and FRR at ... Mike Moore

06/26/2023

10:03 PM pfSense Packages Bug #14510 (New): match rpki invalid What is actually executed is match rpki valid: when i setup match rpki invalid for deny, then actually executed is match rpki valid for deny.
please your check a... yon Liu
08:10 PM Bug #11418: 'NAT-T: Force' is broken for IPv6 IPsec: I submitted option B to strongSwan here: https://github.com/strongswan/strongswan/issues/1759 Richard Laager
08:06 PM Bug #11418: 'NAT-T: Force' is broken for IPv6 IPsec: This is a problem for us. In short, what is happening is that stateful firewalls in the middle are not associating th... Richard Laager
06:50 PM pfSense Packages Bug #14509 (Not a Bug): PHP Error in ``vpn_openvpn_export.php``: When clicking 'VPN >> OpenVPN >> Client Export' the following issue occurs (Intel Celeron 1005M):
----------------... Ivo Gurp
04:45 PM Bug #14497: Kernel panic when using traffic shaping on a PPPoE interface: I have no idea what could be going on here.
I'm going to assume that the `codel_should_drop: could not found the p... Kristof Provost
12:20 PM Bug #14497: Kernel panic when using traffic shaping on a PPPoE interface: Attached shaper config that hots this. Steve Wheeler
12:27 PM pfSense Packages Feature #12502 (Resolved): Option to include Syslog-ng Configuration Library (scl): Jim Pingle
12:26 PM pfSense Plus Bug #14507 (Not a Bug): CPU hog with 23.05: Given that the thread in question is from iflib this seems more like busy hardware or an upstream driver issue and no... Jim Pingle
12:24 PM Todo #14506 (Rejected): Cambio de IP publica caída de la VPN: This site is not for diagnosing or discussing problems with your installation. Please start a forum thread at https:/... Jim Pingle
05:29 AM Bug #13555: When WAN is lost, ipv6 interface will not renew upon WAN availability: The problem persists in version 23.05 with the same configuration as above (different ISP).
The problem doesn't seem... Vincent Gauthier
03:50 AM Regression #11545: Primary interface address is not always used when VIPs are present: Updated a patched 2.6.0 to 2.7.0.r.20230622.0600 and the issue https://redmine.pfsense.org/issues/11545#note-10 has r... M Felden

06/25/2023

11:15 PM Regression #14059: Old states are still used after a route change: This state behavior can affect other VPN types, not only IPsec.
Edit: e.g. https://www.reddit.com/r/PFSENSE/comments... Marcos M
10:05 PM pfSense Docs New Content #14508 (New): Optimizing MTU for VPN Tunnels: Interfaces with suboptimal MTU values can degrade VPN performance; a document that provides examples/steps to optimiz... Marcos M
04:15 PM pfSense Plus Bug #14507: CPU hog with 23.05: If there is a bug, it's more likely to be upstream. FWIW a debug kernel is available in the pfSense repo:... Marcos M
07:49 AM pfSense Plus Bug #14507: CPU hog with 23.05: Kris Phillips wrote in #note-1:
> I'm unable to reproduce this on 23.05 on an amd64 system.
>
> kernel{if_io_tq... Juraj Lutter
01:55 AM pfSense Plus Bug #14507: CPU hog with 23.05: I'm unable to reproduce this on 23.05 on an amd64 system.
kernel{if_io_tqg_1} would be interface processing from... Kris Phillips
04:48 AM pfSense Packages Todo #12351: Remove non-functional feeds: https://cybercrime-tracker.net/fuckerz.php - 500 server error
https://cybercrime-tracker.net/all.php - 500 server er... Jordan G
04:32 AM pfSense Packages Feature #12502: Option to include Syslog-ng Configuration Library (scl): Looks good in syslog-ng v1.16, radio box is present at bottom of config
!clipboard-202306242332-gmfwm.png!
Jordan G
02:06 AM Bug #14450: 23.05 fails to boot on Hyper-V after VM power off, workaround: pfSense Plus 23.05 direct upgrade from CE should now be available, so this should be no longer an issue. Can you ple... Kris Phillips

06/24/2023

11:02 PM Bug #14301: Input validation error when saving IGMP Proxy settings: Tested in 23.05.1-RC and this still seems to be present. Kris Phillips
07:41 PM Feature #14483: Conditionally reconfigure IPsec VTI interfaces only when necessary while applying IPsec changes: Will there be a fox for the IPsec restarts impacting FRR ? Mike Moore
06:25 PM pfSense Packages Bug #14364: APCUPSD unable to process date string: Kris Phillips wrote in #note-1:
> Tested with an APC UPS on 23.05 with the latest apcupsd package. Unable to reprod... Lloyd Collins
07:32 AM pfSense Plus Bug #14507 (Not a Bug): CPU hog with 23.05: I’ve started to observe a CPU hog of one CPU core on APU2 box running pfSense 23.05.
dtrace showed:... Juraj Lutter

06/23/2023

09:10 PM Revision 8967ffeb: Remove devel now that we are at RC: Brad Davis
09:09 PM Revision 8ceefc75: Bump devel: Brad Davis
09:07 PM Revision 9f21eea2: Add .descr for next: Brad Davis
08:53 PM Revision c7a0a10f: Add pfSense next repo for 2.7.0-RC: Brad Davis
08:36 PM Todo #14506 (Rejected): Cambio de IP publica caída de la VPN: Buenas tardes, debido al cambio del proveedor de internet y cambio de IP Publica no funciona la VPN el error que me a... Benjamin Prieto
08:34 PM Revision 3b356a6a: Bump 2.7 to RC: Brad Davis
05:15 PM pfSense Packages Bug #14496: FATAL ERROR: /usr/local/etc/snort/snort_11005_mvneta1/snort.conf(405) Please activate arpspoof before trying to use arpspoof_detect_host.: Thanks for all you do, I appreciate you. Jonathan Lee
03:33 PM pfSense Packages Bug #14496 (Resolved): FATAL ERROR: /usr/local/etc/snort/snort_11005_mvneta1/snort.conf(405) Please activate arpspoof before trying to use arpspoof_detect_host.: PR Merged Jim Pingle
01:55 PM pfSense Packages Bug #14496: FATAL ERROR: /usr/local/etc/snort/snort_11005_mvneta1/snort.conf(405) Please activate arpspoof before trying to use arpspoof_detect_host.: A fix for this issue has been submitted in Pull Request 1269: https://github.com/pfsense/FreeBSD-ports/pull/1269. Thi... Bill Meeks
03:32 PM pfSense Packages Bug #14469 (Resolved): Snort Advanced config pass-through encodes entries: PR Merged Jim Pingle
01:55 PM pfSense Packages Bug #14469: Snort Advanced config pass-through encodes entries: A fix for this issue has been submitted in Pull Request 1269: https://github.com/pfsense/FreeBSD-ports/pull/1269. Thi... Bill Meeks
03:32 PM pfSense Packages Bug #14475 (Resolved): PHP Error: suricata_check_for_rule_updates.php:820: PR Merged Jim Pingle
01:53 PM pfSense Packages Bug #14475: PHP Error: suricata_check_for_rule_updates.php:820: A fix for this has been submitted in Pull Request 1271: https://github.com/pfsense/FreeBSD-ports/pull/1271. This issu... Bill Meeks
02:32 PM pfSense Plus Bug #14385 (Resolved): Unicast CARP VIPs do not communicate using IPv6 Link Local Addresses: Confirmed fixed here as well. I can set an LL on the VIP peer and it communicates as expected and reflects the proper... Jim Pingle
12:54 PM pfSense Plus Bug #14385: Unicast CARP VIPs do not communicate using IPv6 Link Local Addresses: 23.05.1 fixes the issue
tested on:
Version 23.05.1-RC (amd64)
built on Wed Jun 21 19:31:48 UTC 2023
FreeBSD 14.0-... Georgiy Tyutyunnik
02:04 PM Bug #14505 (Duplicate): When trying to create alias for cloudlflare ips pfsense breaks: Duplicate of #14412 Jim Pingle
02:02 PM Bug #14505 (Duplicate): When trying to create alias for cloudlflare ips pfsense breaks: I was trying to create an alias for the cloudflare's ips as provided here https://www.cloudflare.com/ips/ and when I ... Alexandros Georgantas
08:23 AM pfSense Packages Bug #14504 (Incomplete): FTP_Client_Proxy package doesn't create firewall rule: I've installed FTP_Client_Proxy 0.3_8 on pfSense plus 23.05. I enabled the FTP client proxy services, but it doesn't ... Stefano Ceccherini
06:34 AM Regression #14503 (Rejected): The system is stuck on boot on the Synchronizing user settings if remote authentication server is set.: If you set the remote auth server at System=>User Manager=>Settings=>Authentication Server and this server the system... Lev Prokofev

06/22/2023

11:17 PM pfSense Packages Bug #14469: Snort Advanced config pass-through encodes entries: I was able to replicate this issue. It is caused by a misplaced early Base64 decode of a config parameter. A fix will... Bill Meeks
10:24 PM pfSense Packages Bug #14475: PHP Error: suricata_check_for_rule_updates.php:820: Not sure exactly why the input string is too long in this case, but I did find in the PHP interpreter source code tha... Bill Meeks
06:37 PM pfSense Docs Todo #14492 (Resolved): Feedback on Packages — AWS VPC Wizard — AWS VPC Wizard FAQ: Fixed and pushed. I also checked for other references and there were none outside of older release notes where it was... Jim Pingle
06:03 PM Regression #14502 (Confirmed): DHCPv6 Prefix Delegation (PD) not installing routes: Looks like this is happening because dhcpleases6 was removed from the base install in commit:b63b534cb5fb10347f7fdc87... Jim Pingle
05:06 PM Regression #14502 (Resolved): DHCPv6 Prefix Delegation (PD) not installing routes: pfSense successfully hands out PDs, but does not install a route for them. This effectively causes traffic to black h... Jade Deane
02:11 PM Bug #14501 (New): iwi_monitor: You need to read the LICENSE file in /usr/share/doc/legal/intel_iwi.LICENSE.: Hello fellow redmine community members,
I just noticed a small issue on reboots I wanted to share. My system logs ... Jonathan Lee
12:46 PM pfSense Packages Bug #14496: FATAL ERROR: /usr/local/etc/snort/snort_11005_mvneta1/snort.conf(405) Please activate arpspoof before trying to use arpspoof_detect_host.: The code used to generate the @snort.conf@ file for an interface should validate one of the ARP preprocessor options ... Bill Meeks
12:21 PM Regression #14500: PHP Error when viewing Traffic Graphs in ``iftop`` mode: I had fixed this in #14236 but then it regressed when the function was rewritten in commit:fd30ce6a3bddfbc88560952153... Jim Pingle
08:04 AM Regression #14500 (Resolved): PHP Error when viewing Traffic Graphs in ``iftop`` mode: [22-Jun-2023 00:52:59 US/Pacific] PHP Fatal error: Uncaught TypeError: format_number(): Argument #1 ($num) must be o... Jonathan Lee
12:37 AM Bug #14499: rc.bootup: The command '/usr/local/sbin/strongswanrc stop' returned exit code '1', the output was 'strongswan not running? (check /var/run/daemon-charon.pid).': Thanks for the information that error I had not seen until the updates. Is this on other 2100-MAX's? Jonathan Lee
12:19 AM Bug #14499 (Not a Bug): rc.bootup: The command '/usr/local/sbin/strongswanrc stop' returned exit code '1', the output was 'strongswan not running? (check /var/run/daemon-charon.pid).': It's simply saying the service couldn't be stopped because it's already stopped (since the system is booting and the ... Marcos M
12:02 AM Bug #14499 (Not a Bug): rc.bootup: The command '/usr/local/sbin/strongswanrc stop' returned exit code '1', the output was 'strongswan not running? (check /var/run/daemon-charon.pid).': Hello fellow Redmine community members,
Can you please help I found a rc.bootup error that occurs every reboot.
... Jonathan Lee

06/21/2023

11:56 PM pfSense Packages Bug #14498 (New): php errors when looking at snort active rules: Hello Fellow Redmine community members,
I found another php error when I go to look at active rules with Snort fo... Jonathan Lee
10:02 PM Bug #14497 (Closed): Kernel panic when using traffic shaping on a PPPoE interface: A PRIQ traffic shaper with codel enabled can cause a panicwhen applied to a PPPoE WAN.
See: https://forum.netgate.... Steve Wheeler
09:57 PM pfSense Packages Bug #14495 (Not a Bug): Snort does not contain DetectorFini() function: Marcos M
07:53 PM pfSense Packages Bug #14495: Snort does not contain DetectorFini() function: I did not know this. Thanks for the reply. I have attached this for future reference should someone search for the sa... Jonathan Lee
07:11 PM pfSense Packages Bug #14495: Snort does not contain DetectorFini() function: This is not a bug. This is due to having incorrect user-supplied text rules for the current version of the OpenAppID ... Bill Meeks
04:06 PM pfSense Packages Bug #14495 (Not a Bug): Snort does not contain DetectorFini() function: Detector cisco_content_group_dummy_detectors.lua: does not contain DetectorFini() function
I have been getting t... Jonathan Lee
07:35 PM pfSense Packages Bug #14496: FATAL ERROR: /usr/local/etc/snort/snort_11005_mvneta1/snort.conf(405) Please activate arpspoof before trying to use arpspoof_detect_host.: I had to enable unicast Arp checks for the error to stop. After that it never returned. I was under the impression th... Jonathan Lee
07:28 PM pfSense Packages Bug #14496: FATAL ERROR: /usr/local/etc/snort/snort_11005_mvneta1/snort.conf(405) Please activate arpspoof before trying to use arpspoof_detect_host.: I am unable to replicate this issue. I installed the latest 2.7.0-BETA of CE on a virtual machine, enabled the ARP Sp... Bill Meeks
04:54 PM pfSense Packages Bug #14496 (Resolved): FATAL ERROR: /usr/local/etc/snort/snort_11005_mvneta1/snort.conf(405) Please activate arpspoof before trying to use arpspoof_detect_host.: Hello fellow redmine team can you please help I am getting some weird bug errors. I have apr spoof detection enabled ... Jonathan Lee
07:11 PM Revision ea05d6a1: Update to zabbix 6.4 after ports merge: Kristof Provost
06:17 PM Bug #14373: System crashes or may become unresponsive with Captive Portal: thx guys, we really appreciate your work very much! Gerhard Gröschl
05:14 PM Bug #14373: System crashes or may become unresponsive with Captive Portal: Gerhard Gröschl wrote in #note-8:
> yeah, just as a reminder:
> Captive Portal started crashing on our sites with 22.... Jim Thompson
03:29 PM Bug #14373 (Resolved): System crashes or may become unresponsive with Captive Portal: Christian McDonald
05:17 PM Bug #14345 (Resolved): Default tab on ``firewall_rules.php`` is not selected if the configuration has no WAN interface: Tested in latest BETA.
Disabling the WAN interface causes firewall_rules.php page to select the first configured i... Christian McDonald
03:30 PM Bug #14345: Default tab on ``firewall_rules.php`` is not selected if the configuration has no WAN interface: Applied in changeset commit:b9b2596931a623f40299250aa6a973521b326a78. Christian McDonald
03:25 PM Bug #14345 (Feedback): Default tab on ``firewall_rules.php`` is not selected if the configuration has no WAN interface: Christian McDonald
03:37 PM Revision 0a49564d: Update to 2.7.0-RC: Brad Davis
03:28 PM Feature #14408 (Resolved): Include ``ixv`` in ALTQ capable NIC list: ixv is now in the ALTQ capable NIC list.
Marking as resolved. Christian McDonald
03:24 PM Revision c0b53576: firewall_rules.php: default to the first configured interface, Fixes #14345: (cherry picked from commit b9b2596931a623f40299250aa6a973521b326a78) Christian McDonald
03:23 PM Revision b9b25969: firewall_rules.php: default to the first configured interface, Fixes #14345: Christian McDonald
03:14 PM Regression #11570: Gateway monitoring services is not always restarted on interface events, which may prevent a WAN from recovering back to an online state: I might have something to add. While inspecting my downloaded config.xml (CE 2.6.0) I noticed this:
<gateways>
... Darius ITGuys.net
02:40 PM Revision 347bd87c: firewall_nat_out_edit.php: fix invalid format string on Polish translation. Fixes #13946: (cherry picked from commit 755e45db735e505e31e470411c4cb7f388a495ab) Christian McDonald
12:07 PM pfSense Packages Regression #14493: FRR,PHP errors when deleting neighbor: Additional note.
If you disable the FRR service - you can delete anything without errors. Lev Prokofev
06:47 AM pfSense Packages Regression #14493: FRR,PHP errors when deleting neighbor: I can confirm that error
Tested on... aleksei prokofiev
06:11 AM pfSense Packages Regression #14493 (Resolved): FRR,PHP errors when deleting neighbor: Steps to reproduce:
Go to Services=>FRR=>BGP=>Neighbors
1)Add new neighbor
2)Set IP\name
3)Set remote AS
4)S... Lev Prokofev
12:07 PM pfSense Packages Regression #14494: FRR,PHP errors when deleting AS-path: Additional note.
If you disable the FRR service - you can delete anything without errors. Lev Prokofev
11:59 AM pfSense Packages Regression #14494 (Resolved): FRR,PHP errors when deleting AS-path: Steps to reproduce:
1)Create AS-path list
2)Delete As-path list
Looks like related to https://redmine.pfsense.... Lev Prokofev
11:39 AM pfSense Packages Bug #13873: PHP Errors on FRR Global Settings: I get this error on 23.05, without any config except enabling the service and setting the password. PHP error log att... Lev Prokofev
12:33 AM pfSense Packages Bug #14480: Faulty IDS rules can prevent Snort from starting: side note: I think found out why my codespaces environment won't run, I have the free account. It is similar to https... Jonathan Lee

06/20/2023

11:01 PM pfSense Docs Todo #14492 (Resolved): Feedback on Packages — AWS VPC Wizard — AWS VPC Wizard FAQ: *Page:* https://docs.netgate.com/pfsense/en/latest/packages/aws-vpc-wizard/faq.html
*Feedback:*
pfSense doesn't... Chris Linstruth
10:44 PM Bug #14433 (Resolved): Panic when changing the parent of a VLAN interface used by limiters: Works correctly on 23.05.1-RC. Marcos M
09:45 PM Revision 93ad8037: Fixed message about adaptive state handling: Fixed misleading message regarding adaptive state handling.
States are reduced from 100% to the $scalingfactor value... Adam Syndoman
06:56 PM Todo #12431 (Resolved): GUI pages should use ``POST`` for AJAX calls, not ``GET``: These all appear to be working well with POST on current builds.
Jim Pingle
06:47 PM Regression #14370 (Resolved): Console and system log may contain unnecessary Netlink debug messages from IPsec: Looks much better now. I'm no longer seeing any of the debug messages and they were very prevalent on prior builds.
Jim Pingle
06:43 PM pfSense Packages Bug #14491 (Confirmed): FRR not starting with AgentX enabled: After upgrading to pfSense 2.7.0 Beta, FRR wont't start with AgentX enabled in the configuration.
Syslog... beermount beermount
06:37 PM Bug #13088 (Resolved): Rapidly clicking certain options on OpenVPN Client Overrides can cause hide/show field behavior to invert: Working OK on the latest build as far as I can tell.
Jim Pingle
06:34 PM Bug #14474 (Resolved): PHP error from empty ``<plugins>`` tag in ``config.xml``: Looks OK here. I can't crash current builds with that empty tag.
Jim Pingle
06:30 PM Bug #14358 (Resolved): Discrepancy in "TTL for Host Cache Entries" Description: Description is correct in the current builds. Jim Pingle
06:01 PM Bug #14482 (Resolved): Notices incorrectly set system LEDs on hardware with less than three LEDs: This looks good on the 1100 with that patch.
Tested: 23.05.1.r.20230620.1137 Steve Wheeler
05:42 PM Regression #13522 (Resolved): Minnowboard Turbot additions are no longer present: Works as expected in todays beta build: 2.7.0.b.20230620.0600... Steve Wheeler
05:35 PM Bug #13946 (Resolved): Polish translation contains an invalid ``sprintf()`` format in the text for ``firewall_nat_out_edit.php``: Christian McDonald
05:33 PM Bug #13946 (Closed): Polish translation contains an invalid ``sprintf()`` format in the text for ``firewall_nat_out_edit.php``: Fixed Christian McDonald
05:29 PM Revision 755e45db: firewall_nat_out_edit.php: fix invalid format string on Polish translation. Fixes #13946: Christian McDonald
05:07 PM Feature #14408 (Feedback): Include ``ixv`` in ALTQ capable NIC list: Diff committed to master and RELENG_2_7_0. Luiz Souza
05:05 PM Revision e3a8291b: Add "ixv" to the list of capable ALTQ interfaces.: Ticket: #14408
(cherry picked from commit 9947de3e4a03b46bcc05890866c5de44e539b469) Luiz Souza
05:03 PM Revision 9947de3e: Add "ixv" to the list of capable ALTQ interfaces.: Ticket: #14408 Luiz Souza
04:48 PM Bug #14056 (Closed): DNS Resolver experiences intermittent resolution failures with SSL over TLS due to ASLR: We are disabling ASLR on Unbound until a proper fix lands upstream. Christian McDonald
08:42 AM pfSense Plus Bug #13569: Restarting an OpenVPN server running on a CARP VIP in an HA cluster can disrupt unrelated TCP states: I don't think those two are related. Florian Apolloner

06/19/2023

10:36 PM pfSense Plus Bug #13569: Restarting an OpenVPN server running on a CARP VIP in an HA cluster can disrupt unrelated TCP states: Potentially related to https://redmine.pfsense.org/issues/11556 Marcos M
08:37 PM Regression #13522: Minnowboard Turbot additions are no longer present: You should be able to load both the i915/drm and zfs drivers now. The available module space was increased a while back. Steve Wheeler
08:19 PM Regression #13522 (Feedback): Minnowboard Turbot additions are no longer present: Loading of i915kms.ko is fixed with https://gitlab.netgate.com/pfSense/Crossbuild/-/commit/7193baf3aced99352e315801cb... Kristof Provost
09:44 AM Regression #13522: Minnowboard Turbot additions are no longer present: I assume the either zfs or hotplug driver issue remains?
I remember there was a boot issue, which is why I decided t... Ronald Antony
07:55 PM Bug #14358 (Feedback): Discrepancy in "TTL for Host Cache Entries" Description: Applied in changeset commit:d9982f0f4b5401823f85b27d313c2fdc12b235e3. Jim Pingle
07:49 PM Revision 9a129119: Correct ambiguous Unbound TTL Host Cache descr text. Fixes #14358: (cherry picked from commit d9982f0f4b5401823f85b27d313c2fdc12b235e3) Jim Pingle
07:49 PM Revision d9982f0f: Correct ambiguous Unbound TTL Host Cache descr text. Fixes #14358: Jim Pingle
07:30 PM Bug #14474 (Feedback): PHP error from empty ``<plugins>`` tag in ``config.xml``: Applied in changeset commit:1dfacf5a5d66fe31d11f441f5055dd31da8e1e9c. Jim Pingle
07:24 PM Revision d86f814c: Read pkg plugins more carefully. Fixes #14474: (cherry picked from commit 1dfacf5a5d66fe31d11f441f5055dd31da8e1e9c) Jim Pingle
07:23 PM Revision 1dfacf5a: Read pkg plugins more carefully. Fixes #14474: Jim Pingle
06:47 PM Regression #14431: Sending IPv6 traffic on a disabled interface can trigger a kernel panic: After poking around here is my analysis, which confirms my preliminary suspicion:
All of the crash sites are invokin... Mateusz Guzik
06:30 PM Bug #14482 (Feedback): Notices incorrectly set system LEDs on hardware with less than three LEDs: Applied in changeset commit:06c11e21180bdec5b764ea3a9ac1bf50b4b1ab3f. Jim Pingle
06:25 PM Bug #14482: Notices incorrectly set system LEDs on hardware with less than three LEDs: We had a function to check the count of LEDs already so I added a check for that in all the LED functions which expec... Jim Pingle
06:23 PM Revision 61367c8e: Don't use LED functions without the expected LED count. Fixes #14482: (cherry picked from commit 06c11e21180bdec5b764ea3a9ac1bf50b4b1ab3f) Jim Pingle
06:22 PM Revision 06c11e21: Don't use LED functions without the expected LED count. Fixes #14482: Jim Pingle
06:20 PM Bug #14237: Intermittent packet loss related to DHCP with Multi-WAN: Updated to 2.7.0-BETA, still the same issue. Please let me know if there is anything else I can do to help diagnose a... Nazar Mokrynskyi
04:57 PM pfSense Plus Bug #14478: Ethernet rules using ``(self)`` as a source or destination make the ruleset fail to load: The issue here is that pfctl is not correctly parsing the case where the L3 host spec is a dynamic host, that is @(se... Christian McDonald
04:35 PM Bug #2218: CARP VIPs can become master too early at boot time: Changes picked to 23.05.1 branch Reid Linnemann
04:28 PM Bug #2218: CARP VIPs can become master too early at boot time: Bringing in to 23.05.1 Reid Linnemann
03:06 PM pfSense Docs Todo #14485 (Closed): Feedback on Cellular Wireless — Known Working 3G-4G Modems: Added, thanks! Jim Pingle
01:13 PM Regression #14488: Extensions directory is not set in ``rc.php_ini_setup``: I'm not sure we even need to set this anymore. It is using the correct directory already by default. ... Jim Pingle
06:13 AM Regression #14488: Extensions directory is not set in ``rc.php_ini_setup``: https://github.com/pfsense/pfsense/pull/4642 Marcello Silva Coutinho
04:15 AM Regression #14488 (Resolved): Extensions directory is not set in ``rc.php_ini_setup``: rc.php_ini_setup not checking php version 8.2
--- /root/rc.php_ini_setup 2023-06-19 04:10:57.592644000 +0000
... Marcello Silva Coutinho
01:04 PM Bug #14490 (Not a Bug): ~/.tcshrc needs cleaning up...: I updated the info in the linked Redmine, there already wasn't any mention of the deprecated ~/.keephistory file in t... Jim Pingle
10:44 AM Bug #14490 (Not a Bug): ~/.tcshrc needs cleaning up...: The ~/.tcshrc still has this misleading comment:... Ronald Antony
01:03 PM Feature #11029: Enable command history in the shell: I updated the info here and linked to the later issue which changed the behavior, so there is no mention of the ~/.ke... Jim Pingle
09:35 AM Feature #11029: Enable command history in the shell: As of CE2.7.0 beta this issue is still misleadingly referenced in ~/.tcshrc misleading users about how to enable perm... Ronald Antony
12:25 PM Feature #9545: Enable Multipath Routing in the Kernel: Mike Moore wrote in #note-13:
> Confirmed that multipath is enabled by default.
> Although unlikely for me, is ther... Jim Pingle
09:06 AM pfSense Packages Bug #14489 (New): FRR needs delayed startup: Hi,
FRR is currently started before completing Wireguard tunnels initialization:
[FRR startup]
*2023-06-17 18... Spike R.D.
07:59 AM pfSense Plus Bug #14385: Unicast CARP VIPs do not communicate using IPv6 Link Local Addresses: So the fix was already in 2.7 BETA, and was also cherry-picked to the plus-RELENG_23_05 branch in case of future poin... Kristof Provost
05:24 AM pfSense Packages Bug #14480: Faulty IDS rules can prevent Snort from starting: I have attached a very simple example of a Java version of try catch. I am positive you know try catch very well. My ... Jonathan Lee
04:35 AM pfSense Packages Bug #14480: Faulty IDS rules can prevent Snort from starting: https://github.com/pfsense/FreeBSD-ports/tree/devel/security/snort
Thanks for the reply again,
I wanted to as... Jonathan Lee
04:19 AM Revision e7e6a4ed: Update rc.php_ini_setup to check php version 8.2: rc.php_ini_setup on 2.7 version not checking php version 8.2
https://redmine.pfsense.org/issues/14488 Marcello Silva Coutinho

06/18/2023

10:34 PM Feature #14483: Conditionally reconfigure IPsec VTI interfaces only when necessary while applying IPsec changes: Another action thats repeateable. Go into the tunnel settings. Select a tunnel but do not make any changes. Click sav... Mike Moore
10:31 PM Feature #14483: Conditionally reconfigure IPsec VTI interfaces only when necessary while applying IPsec changes: changes to P1 parameters of any tunnel and clicking apply bounces all bgp peers.
changes to the Tunnels description ... Mike Moore
10:02 PM Feature #14483 (New): Conditionally reconfigure IPsec VTI interfaces only when necessary while applying IPsec changes: Oddly I can only replicate the issue after changing/saving/applying the P1 description a _second_ time with @Ignore I... Marcos M
09:01 PM Feature #14483: Conditionally reconfigure IPsec VTI interfaces only when necessary while applying IPsec changes: Why was this rejected. That option is enabled for me. The entire point of a redmine is not to troubleshoot but to rep... Mike Moore
05:37 PM Feature #14483 (Rejected): Conditionally reconfigure IPsec VTI interfaces only when necessary while applying IPsec changes: This is part of the reason why the option @Ignore IPsec Restart@ in FRR exists. Marcos M
01:50 AM Feature #14483: Conditionally reconfigure IPsec VTI interfaces only when necessary while applying IPsec changes: I have made a VTI description change. Logs from the ipsec.log file..
Jun 17 21:48:15 GAFW charon[5702]: 14[KNL] <c... Mike Moore
12:43 AM Feature #14483: Conditionally reconfigure IPsec VTI interfaces only when necessary while applying IPsec changes: Although not a true apples to apples comparison, I do have another FreeBSD firewall running ( *sense) and ran the sam... Mike Moore
12:38 AM Feature #14483: Conditionally reconfigure IPsec VTI interfaces only when necessary while applying IPsec changes: Extended ping from Windows client through the IPsec tunnel to the OCI compute instance. Notice the drop in pings. Tha... Mike Moore
12:35 AM Feature #14483: Conditionally reconfigure IPsec VTI interfaces only when necessary while applying IPsec changes: Routing logs Mike Moore
12:26 AM Feature #14483: Conditionally reconfigure IPsec VTI interfaces only when necessary while applying IPsec changes: This is to OCI - Oracle Cloud Infrastructure.
To add to the notes, even updating the description bounces eBGP neighb... Mike Moore
09:43 PM pfSense Packages Bug #14486 (Duplicate): FRR - Changes to VTI tunnels bounce all eBGP peers: Marcos M
09:13 PM pfSense Packages Bug #14486 (Duplicate): FRR - Changes to VTI tunnels bounce all eBGP peers: Please reference Bug #14483
I have the option "Ignore IPsec Restart" enabled under Global Settings in FRR.
Any... Mike Moore
08:07 PM pfSense Docs Todo #14207 (Resolved): Rate limiting on Chelsio T4/5 NICs: Changing issue scope as this does not seem to be a bug with pfSense software. Marcos M
08:01 PM Bug #14288 (Resolved): Setting system DNS servers can incorrectly modify routes for interface addresses: Marcos M
07:59 PM Bug #14356 (Resolved): URL scheme is not properly validated in some cases: Marcos M
07:54 PM Bug #14400 (Resolved): PHP Error in ``upgrade216_ipsec_create_vtimap()``: Marcos M
07:35 PM Bug #14446 (Resolved): PHP error in Captive Portal ``usedmacs`` handling: Marcos M
07:03 PM Bug #2218 (Resolved): CARP VIPs can become master too early at boot time: Tested on 23.05 - no issues. Marcos M
06:37 PM Bug #13423: IPv6 neighbor discovery protocol (NDP) fails in some cases: I also am experiencing this same issue and I can reliably re-produce it. However, I am not getting any output in dmes... Josh Balcom
06:29 PM pfSense Packages Bug #14480 (Not a Bug): Faulty IDS rules can prevent Snort from starting: Marcos M
05:32 PM pfSense Packages Bug #14480: Faulty IDS rules can prevent Snort from starting: The Snort package on pfSense is an open source volunteer maintained contribution. The source code for both the GUI an... Bill Meeks
03:46 PM Bug #14435 (New): PHP error with limiters: The issues in the previous comments are known:
#note-2 - https://redmine.pfsense.org/issues/13687
#note-4 - https:/... Marcos M
04:28 AM Bug #14435: PHP error with limiters: could be related, but if you already have a limiter and child queue created, saving the limiter again presents the ap... Jordan G
12:54 PM pfSense Docs Todo #14485 (Closed): Feedback on Cellular Wireless — Known Working 3G-4G Modems: *Page:* https://docs.netgate.com/pfsense/en/latest/cellular/hardware.html
*Feedback:*
Please add "NETGEAR 4G LTE ... David Irwin
02:51 AM pfSense Plus Regression #14436: Upgrades from 23.05-RC/beta/dev fail server authentication: Still unable to hit this again when switching update branch or add/removing packages. Lets verify what branches shoul... Jordan G
02:35 AM pfSense Packages Bug #14484 (Resolved): lldpd php error on saving with no interface selected: use ctrl + click and deselect any interface (previously) highlighted and attempt to save lldpd settings... Jordan G
12:48 AM Bug #14325: Captive Portal incorrectly allows leading zeroes on voucher roll numbers: Tested and confirm behavior in pfSense CE 2.7. Kris Phillips
12:10 AM Bug #14477: Defining IP address on an Interface doesn't check defined VIPs for possible IP address overlapping: Confirmed this behavior in pfSense CE 2.7.
When attempting to add a VIP that is already used by the interface, i... Kris Phillips

06/17/2023

11:59 PM pfSense Packages Bug #14284 (Incomplete): Wen changing frontend type, there will be invissible leftovers, disturbing defining the new type: Hello,
What "leftovers" are you referring to? Please provide reproduction step-by-step with what you expect and w... Kris Phillips
11:45 PM Feature #14483: Conditionally reconfigure IPsec VTI interfaces only when necessary while applying IPsec changes: please provide more details about the tunnel's configurations. Alhusein Zawi
06:38 PM Feature #14483 (New): Conditionally reconfigure IPsec VTI interfaces only when necessary while applying IPsec changes: I have at this time 4x IPsec VTI tunnels running eBGP.
When any change is made to any VPN tunnel (changes to the VTI... Mike Moore
09:55 PM Bug #14462 (Pull Request Review): Breadcrumb path missing on ``system_register.php``: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/1045 Christopher Cope
06:40 PM Feature #9545: Enable Multipath Routing in the Kernel: Confirmed that multipath is enabled by default.
Although unlikely for me, is there a way to turn OFF multipath behav... Mike Moore
05:51 PM Bug #2218: CARP VIPs can become master too early at boot time: Never mind, just applied it in sequence, 62fb07c8163b1cf8731d944fe958071f73f43ef8 and 5e92d678f642277642acb7f471cd430... Vladimir Suhhanov
02:19 PM Bug #2218: CARP VIPs can become master too early at boot time: Reid Linnemann wrote in #note-21:
> I had some stale edits in the commit referenced above, as of commit:5e92d678f642... Vladimir Suhhanov
03:48 PM pfSense Plus Bug #14385: Unicast CARP VIPs do not communicate using IPv6 Link Local Addresses: I tested against the latest Plus DEVELOPMENT built.
The behavior is consistent with the explanation provided. It a... Danilo Zrenjanin
03:27 PM Bug #14482: Notices incorrectly set system LEDs on hardware with less than three LEDs: See: https://forum.netgate.com/topic/177872/sg-1100-black-diamond-led-always-off-in-23-01 Steve Wheeler
03:27 PM Bug #14482 (Resolved): Notices incorrectly set system LEDs on hardware with less than three LEDs: Creating or dismissing notices triggers code that sets system LEDs incorrectly.
The functions that are called (led_n... Steve Wheeler
03:25 PM pfSense Packages Bug #14480: Faulty IDS rules can prevent Snort from starting: I'll chime in with another view point that I find disturbing. Not classifying this as a bug, or at the least a securi... the root
05:14 AM pfSense Packages Bug #14480: Faulty IDS rules can prevent Snort from starting: Thanks for the reply Bill Meeks,
Please let me attempt to pitch this one more time as a bug and not a feature to y... Jonathan Lee
02:53 AM pfSense Packages Bug #14480: Faulty IDS rules can prevent Snort from starting: This is not a bug. The problem described here was caused by a faulty rules update file produced and distributed by a ... Bill Meeks
12:58 AM pfSense Packages Bug #14480: Faulty IDS rules can prevent Snort from starting: Main issue: Snort fails completely open within this situation. Snort does not function at all during this. Jonathan Lee
09:37 AM Feature #14402: Dynamic DNS support for Porkbun: Adrien Carlyle wrote in #note-1:
> EDIT: looks like OP already submitted a PR: https://www.reddit.com/r/PFSENSE/comm... Nita Vesa
05:16 AM pfSense Packages Feature #14481: Add Smartphone Base Splice Support Groups Radio Button in "SSL Man In the Middle Filtering": Note: some of the regex expressions were mixed up when posting this please ref the screen shots. Jonathan Lee
01:43 AM pfSense Packages Feature #14481 (New): Add Smartphone Base Splice Support Groups Radio Button in "SSL Man In the Middle Filtering": https://support.google.com/work/android/answer/10513641?hl=en
https://support.apple.com/en-gb/HT210060
Each of ... Jonathan Lee
01:00 AM Feature #14444: Aliases options for custom OS fingerprints?: Main Issue: pfSense's ACL (access control list) under advanced has a source OS option, this would work again if we co... Jonathan Lee

06/16/2023

09:33 PM Revision 4ff9590c: Bump 2.7 to BETA: Brad Davis
09:26 PM pfSense Packages Bug #14480: Faulty IDS rules can prevent Snort from starting: To quote bemeeks,
" _This will have to be fixed by the Emerging Threats rule writers. They will release an updated... Jonathan Lee
09:17 PM pfSense Packages Bug #14480: Faulty IDS rules can prevent Snort from starting: To quote valete3. . .
_"Emerging threats released out of band rules update to resolve.
https://community.emergi... Jonathan Lee
09:13 PM pfSense Packages Bug #14480 (Not a Bug): Faulty IDS rules can prevent Snort from starting: FATAL ERROR: /usr/local/etc/snort/snort_4851_ix0/rules/snort.rules:19567: Can't use flow: stateless option with other... Jonathan Lee
08:21 PM Bug #14479: unbound doing qname-minimisation when enabled in unbound gui.: Just tested on 23.05 same thing - if you uncheck to do qname in the unbound advanced section, it removes the qname li... JohnPoz _
06:52 PM Bug #14479: unbound doing qname-minimisation when enabled in unbound gui.: here is link to unbound doc's stating they do qname min by default
https://nlnetlabs.nl/documentation/unbound/unbo... JohnPoz _
06:46 PM Bug #14479 (New): unbound doing qname-minimisation when enabled in unbound gui.: I have not checked 2.7 or 23.05 yet but this came up in a discussion here
https://forum.netgate.com/post/1110945
... JohnPoz _
07:18 PM Revision ebc3bde6: Add the pfSense Plus pkg fingerprints.: Fixes the upgrade from CE now that CE can verify the Plus packages.
Submitted by: KrisM
(cherry picked from commi... Luiz Souza
07:15 PM Revision df664372: Add the pfSense Plus pkg fingerprints.: Fixes the upgrade from CE now that CE can verify the Plus packages.
Submitted by: KrisM Luiz Souza
06:43 PM pfSense Plus Bug #14478 (In Progress): Ethernet rules using ``(self)`` as a source or destination make the ruleset fail to load: Christian McDonald
06:43 PM pfSense Plus Bug #14478: Ethernet rules using ``(self)`` as a source or destination make the ruleset fail to load: Tracked this down. Fix in progress. Christian McDonald
05:03 PM pfSense Plus Bug #14478 (Resolved): Ethernet rules using ``(self)`` as a source or destination make the ruleset fail to load: Specific Ethernet rule configuration produces rules loading error. Seems to be linked with "Destination IP" set as "O... Georgiy Tyutyunnik
06:20 PM pfSense Packages Bug #10436: softflowd no longer sends flow data after upgrade (v0.9.9_1 -> v1.0.0): fyi.. after upgrading to pfsense 23.05 & softflowd 1.2.6_1, stability has returned.. two weeks of uptime so far. Mark Hassman
04:01 PM Feature #14402: Dynamic DNS support for Porkbun: I'm interested in this because Google Domains customers are being sold to Squarespace, but Squarespace does not have ... Adrien Carlyle
12:59 PM Regression #14370 (Feedback): Console and system log may contain unnecessary Netlink debug messages from IPsec: I've cherry-picked the upstream change to the 2.7 branch. Kristof Provost
09:11 AM pfSense Packages Regression #14441: Zabbix Proxy package version 6.0.15 doesn't work in 23.05: Can confirm, the service is running but there is no traffic sent to the Zabbix server. Works fine on 23.01
Tested ... Lev Prokofev

06/15/2023

08:18 PM Revision 890dfadb: Use the dynamic repos help text instead of the old 'custom' repo.: (cherry picked from commit 2f723b39d1201bfb5906eed3edda16de45b3a463) Luiz Souza
08:17 PM Revision 2f723b39: Use the dynamic repos help text instead of the old 'custom' repo.: Luiz Souza
08:13 PM Revision a516e0f2: Remove the old 'pfupdate' endpoint support.: Disable the support for old style 'custom' repo.
The Plus migration will be handled by the dynamic repos now.
(cher... Luiz Souza
08:12 PM Revision 43d83a84: Remove the old 'pfupdate' endpoint support.: Disable the support for old style 'custom' repo.
The Plus migration will be handled by the dynamic repos now. Luiz Souza
08:02 PM Bug #12927 (Incomplete): OpenVPN with OCSP enabled allows connections with revoked certificates: Looks like we need more info here or some reliable way to reproduce the problem. There was no response to our last in... Jim Pingle
07:30 PM Bug #14167: Auto Config Backup: Selected manual backups are not retained.: If this is all in the backend there is no need to tie it to a pfSense software release/version. Jim Pingle
03:52 PM Revision ef03960a: net/dhcpcd: (re)introduce dhcpcd to poudriere_bulk for development and testing: Christian McDonald
12:38 PM Bug #14476 (Rejected): No log for GRE Traffic: I cannot reproduce the problem as stated. If I add a rule to log GRE traffic, it gets logged.
!clipboard-202306150... Jim Pingle
06:40 AM Bug #14476 (Rejected): No log for GRE Traffic: When a rule is configured to let GRE traffic pass through the firewall, this traffic is never logged even if the rule... Michel Nolf
09:55 AM Bug #14477 (New): Defining IP address on an Interface doesn't check defined VIPs for possible IP address overlapping: When attempting to create a VIP (Alias type) with an IP address that has already been defined on the interface, the s... Danilo Zrenjanin

06/14/2023

10:35 PM Revision daf0b149: Use the new notation from 877e6b53c7e76f0bcb02621d290a4e325941fd1c.: No functional changes.
(cherry picked from commit 3c2cb48ceb9ed1c2336c6476b2bcb9cc386bf2e4) Luiz Souza
10:34 PM Revision 3c2cb48c: Use the new notation from 877e6b53c7e76f0bcb02621d290a4e325941fd1c.: No functional changes. Luiz Souza
10:08 PM pfSense Packages Bug #14475 (Resolved): PHP Error: suricata_check_for_rule_updates.php:820: PHP Error from Suricata when updating:... Steve Wheeler
09:57 PM Bug #14083: Adding MSS and MTU values on a LAGG VLAN interface breaks connectivity: I think i may be affected by this on a Netgate 3100. I had an MTU set on WAN interface 1480, which had been seemingly... Joakim Plate
09:45 PM Revision 54b89425: Add the missing 'pkg_repos_path' global.: Rerported and tested by: KrisM
(cherry picked from commit 9de48f4b0a925932f7a14e8b6b9ff851780c4deb) Luiz Souza
09:44 PM Revision 9de48f4b: Add the missing 'pkg_repos_path' global.: Rerported and tested by: KrisM Luiz Souza
07:51 PM Todo #14027: Update PHP to 8.2.6: For CE 2.7.0, this was bumped up to PHP 8.2.6 Jim Pingle
07:51 PM Revision 720f11b3: Fix a merge problem in the last commit to accommodate a small difference with Plus.: (cherry picked from commit 77a16446b68860f14faad054c02c8ac532d138c9) Luiz Souza
07:50 PM Revision 77a16446: Fix a merge problem in the last commit to accommodate a small difference with Plus.: Luiz Souza
07:48 PM Todo #13866: Add Python 3.11.1 to base system: This was superseded by #13867, no need to include it in release notes. Jim Pingle
07:47 PM Todo #13865: Update Python 3.9.15 to 3.9.16 in base system: This was superseded by #13867, no need to include it in release notes. Jim Pingle
05:54 PM Bug #14474: PHP error from empty ``<plugins>`` tag in ``config.xml``: They must have hit some other older bug first. At least on a current install, the squid package has two plugins liste... Jim Pingle
05:32 PM Bug #14474: PHP error from empty ``<plugins>`` tag in ``config.xml``: Jim Pingle wrote in #note-1:
> Any idea how that bad tag made it into the configuration?
>
> That isn't something... Christopher Cope
05:14 PM Bug #14474: PHP error from empty ``<plugins>`` tag in ``config.xml``: Any idea how that bad tag made it into the configuration?
That isn't something we've seen in any testing before th... Jim Pingle
05:11 PM Bug #14474 (Resolved): PHP error from empty ``<plugins>`` tag in ``config.xml``: The following error occurred preventing the GUI from opening.... Christopher Cope
05:40 PM Revision c6fc414c: Add the dynamic repos support.: Load the repository settings dynamically from Netgate, allowing for more
flexibility and direct support to update for... Luiz Souza
05:37 PM Revision 654dc4ac: Add the dynamic repos support.: Load the repository settings dynamically from Netgate, allowing for more
flexibility and direct support to update for... Luiz Souza
04:04 PM Bug #14356: URL scheme is not properly validated in some cases: Thank you for looking at this. Jonathan Lee
04:03 PM Feature #14444: Aliases options for custom OS fingerprints?: https://forum.netgate.com/topic/180680/feature-request-aliases-options-for-use-with-advanced-option-source-os-access-... Jonathan Lee
02:26 PM pfSense Plus Feature #13786: ldap intergration for firewall rules: Appreciate the feedback Kris! Mike Moore
12:47 PM Feature #14457 (Closed): Support receiving ``EAPOL`` frames on VLAN ``0`` in ``wpa_supplicant``: Christian McDonald
01:46 AM Bug #14473 (Confirmed): Automatic gateway not updating after default deleted: Copied from forum post: https://forum.netgate.com/topic/177395/automatic-gateway-not-updating-after-default-deleted
... Matthew Foran

06/13/2023

08:23 PM Feature #14457: Support receiving ``EAPOL`` frames on VLAN ``0`` in ``wpa_supplicant``: Tested the patch, works perfectly with AT&T. Thank you!
We had a pfsense release in the past where the wpa_supplic... Hayden Hill
07:47 PM Bug #12947 (New): Old IPv6 addresses may continue to be used after DHCP or RA changes: Jim Pingle
04:05 PM Bug #14288 (Feedback): Setting system DNS servers can incorrectly modify routes for interface addresses: Applied in changeset commit:e47285ae279a35b3a5211a093299eb69d3344592. Marcos M
04:01 PM Revision 10ada61d: Don't modify routes when adding or removing DNS IP addresses that exist on interfaces. Fix #14288: (cherry picked from commit e47285ae279a35b3a5211a093299eb69d3344592) Marcos M
04:01 PM Revision 25751a38: Fix references to 'disable_carp' introduced in 62fb07c816. #2218: The original commit had some lingering references to a function 'disable_carp'
that had been abandoned in favor of a ... Reid Linnemann
03:57 PM Revision e47285ae: Don't modify routes when adding or removing DNS IP addresses that exist on interfaces. Fix #14288: Marcos M
02:13 PM Bug #14458: PHP error in IPsec tunnels list: Updating subject for release notes. Jim Pingle
02:10 PM Bug #14373: System crashes or may become unresponsive with Captive Portal: Updating subject for release notes. Jim Pingle
02:04 PM Bug #14433 (Feedback): Panic when changing the parent of a VLAN interface used by limiters: Fixed by https://cgit.freebsd.org/src/commit/?id=0ba9cb5e710f42fcbc5d710a606bfae5a7f90984
I've also cherry-picked ... Kristof Provost
01:56 PM pfSense Plus Bug #13569: Restarting an OpenVPN server running on a CARP VIP in an HA cluster can disrupt unrelated TCP states: Debugging even further this seems to be timing sensitive. If I run @pfctl -i ovpns1 -Fs && pfSctl -c 'filter reload a... Florian Apolloner
01:38 PM pfSense Plus Bug #13569: Restarting an OpenVPN server running on a CARP VIP in an HA cluster can disrupt unrelated TCP states: I am able to reproduce the issue and I can also confirm that the issue is gone if I comment out @/sbin/pfctl -i $1 -F... Florian Apolloner
08:48 AM pfSense Plus Bug #13569: Restarting an OpenVPN server running on a CARP VIP in an HA cluster can disrupt unrelated TCP states: Marcos M wrote in #note-5:
> Additional notes while working with cjl:
> Commenting out the line @/sbin/pfctl -i $1 ... Florian Apolloner
08:43 AM pfSense Plus Bug #13569: Restarting an OpenVPN server running on a CARP VIP in an HA cluster can disrupt unrelated TCP states: Hi there, I think I am seeing the same issue (on 23.05). I also do have OpenVPN on CARP IPs as of now (though openvpn... Florian Apolloner
07:16 AM pfSense Packages Bug #14460: PHP Fatal error: Uncaught TypeError: Cannot access offset of type string on string in /usr/local/pkg/haproxy/haproxy.inc:2158: Thanks for creating this issue.
Could it be that the lua-script used in the HAproxy-config triggers these errors?
... Stefan Weichinger

06/12/2023

09:18 PM pfSense Packages Bug #14469 (Resolved): Snort Advanced config pass-through encodes entries: When attempting to add a custom snort.conf config line using the Snort Advanced Configuration Pass-Through feature, t... Alex Tatistcheff
03:03 PM Bug #13940 (Resolved): Firewall log parser does not handle SCTP log entries: Seems to be working OK. Logs are showing not only SCTP but also some other entries that were not previously parsed.
... Jim Pingle
01:58 PM pfSense Docs Todo #14463 (Closed): The reference external port for LAN should be unset when adding OPT: Done and deployed.
https://gitlab.netgate.com/docs/pfsense-platforms/-/commit/5635ed72407a70aadffe16f4eae6975de83e... Jim Pingle
01:36 PM pfSense Docs Correction #14422 (Closed): Release Versions Supported Needs Updated: Done and deployed. Jim Pingle
12:00 PM Bug #14354 (Resolved): Outbound NAT rule input validation error when attempting to manually specify "Other Subnet" with a valid address: Jim Pingle
11:59 AM pfSense Packages Todo #9200 (Resolved): Add DNS support for Google domain to Acme manager: Jim Pingle
11:20 AM Feature #290: Add Multi-WAN awareness to UPnP: I am really interested in this feature as i use dual wan and this is a must have in my book as changing wan for UPNP ... Michael Clews

Also available in: Atom

Project

General

Profile

pfSense

Activity

Activity

07/11/2023

07/10/2023

07/09/2023

07/08/2023

07/07/2023

07/06/2023

07/05/2023

07/04/2023

07/03/2023

07/02/2023

07/01/2023

06/30/2023

06/29/2023

06/28/2023

06/27/2023

06/26/2023

06/25/2023

06/24/2023

06/23/2023

06/22/2023

06/21/2023

06/20/2023

06/19/2023

06/18/2023

06/17/2023

06/16/2023

06/15/2023

06/14/2023

06/13/2023

06/12/2023