Project

General

Profile

Activity

From 07/10/2023 to 08/08/2023

08/08/2023

11:42 PM pfSense Plus Bug #14586: Adding an IP Alias VIP using a unicast CARP VIP as its parent changes the CARP VIP to multicast at the OS level
I'm happy to test the fix in my environment if you'd like; I'd just need a diff/patch to apply if the official fix is... James George
04:13 PM pfSense Plus Bug #14586: Adding an IP Alias VIP using a unicast CARP VIP as its parent changes the CARP VIP to multicast at the OS level
Updating subject for release notes. Jim Pingle
04:09 PM pfSense Plus Bug #14586 (Feedback): Adding an IP Alias VIP using a unicast CARP VIP as its parent changes the CARP VIP to multicast at the OS level
Fixed in eab8453f Reid Linnemann
10:34 PM pfSense Packages Feature #14653: Update to LCPROC NTP Screen
@jimp will it take a few days before the updated package is released? Elvis Impersonator
08:41 PM pfSense Packages Bug #14670 (Resolved): net-snmp does not ignore /var/unbound/dev
Net-snmp has ignoreDisk directives for devfs mount points /dev and /var/dhcpd/dev, but is missing an ignoreDIsk direc... Denny Page
08:34 PM Regression #14525: PHP error in ``status_ipsec.php`` after removing active IPsec tunnel configuration
Another instance of this (v23.05):... Craig Coonrad
07:50 PM Bug #14648 (Feedback): Values obtained from ``sysctl`` are sometimes unexpectedly empty, leading to PHP and other math errors
Applied in changeset commit:054c25418f28bd0afeb1e4a3f07075db76f8f61b. Jim Pingle
07:42 PM Bug #14648: Values obtained from ``sysctl`` are sometimes unexpectedly empty, leading to PHP and other math errors
I never could reproduce the error condition but I added several safety belts to ensure the values are sane coming out... Jim Pingle
07:42 PM pfSense Packages Feature #13138: DNS over HTTPS/TLS Blocking should be removed from SafeSearch
The block list [if done by IP] offers the option to create an ALIAS which is more flexible then sink holing. I would ... Mike Moore
07:39 PM Revision 054c2541: Add safety belts around memory size checks. Fixes #14648
* Add safety checks when fetching the memory size
* Also ensure the state table size is sane if the memory check fails Jim Pingle
07:31 PM pfSense Packages Bug #14668: FRR BGP route is not making into kernel route table after WireGuard's peer change is applied
Ive ran into a similar issue as well. The routes will appear in FRR but you check the pfsense route table the routes ... Mike Moore
04:22 PM pfSense Packages Bug #14668 (New): FRR BGP route is not making into kernel route table after WireGuard's peer change is applied
I was able to reproduce this behavior in clear PfSense 2.7 setup with frr 1.3_1 and WireGuard 0.2.0_2, not sure which... Oleksii Tucha
07:27 PM pfSense Packages Feature #14669 (New): pfblocker log rotation on schedule
Allow the option to set logroate option (daily,weekly,monthly)
Im using pfBlocker stats to fill in a report and beca... Mike Moore
03:43 PM Bug #14356: URL scheme is not properly validated in some cases
Updating for release notes. Jim Pingle
03:41 PM Regression #14039: Limiters have no effect on upload traffic passed by policy routing rules
Updating subject for release notes. Jim Pingle
03:40 PM Bug #14497: Kernel panic when using traffic shaping on a PPPoE interface
Updating subject for release notes. Jim Pingle
03:36 PM Feature #14666: Option to add automatic pass rules for IGMP Proxy which allow IP options
I'd suggest a (default on, because it's basically required for it to work anyway) checkbox to create automagic rules ... Kristof Provost
02:49 PM Feature #14666 (New): Option to add automatic pass rules for IGMP Proxy which allow IP options
Users frequently get tripped up by IGMP not receiving traffic because by default, firewall rules do not allow packets... Jim Pingle
03:29 PM Feature #14667 (Resolved): Improve SCTP support in ``filterlog``
FreeBSD 14.x includes more support for SCTP in the OS and in PF. There is a separate issue underway for allowing port... Jim Pingle
03:22 PM Regression #14377 (Closed): Cannot add a QinQ interface to a bridge
Looks good in todays snapshot:... Steve Wheeler
02:15 PM Regression #14377: Cannot add a QinQ interface to a bridge
Doesn't appear to be specific to Plus Jim Pingle
03:05 PM Regression #14615 (Resolved): PHP crash during bootup with gateway monitoring enabled with custom monitor IP
Christian McDonald
03:03 PM Regression #14615: PHP crash during bootup with gateway monitoring enabled with custom monitor IP
Excluding from release notes since this wasn't a problem in a release, only during development. Jim Pingle
03:04 PM Bug #14619: Rule separators are ordered incorrectly after removing rules in certain positions
Updating subject for release notes. Jim Pingle
03:02 PM Feature #14457: Support receiving ``EAPOL`` frames on VLAN ``0`` in ``wpa_supplicant``
Updating subject for release notes. Jim Pingle
02:59 PM Regression #14370: Console and system log may contain unnecessary Netlink debug messages from IPsec
Updating subject for release notes. Jim Pingle
02:58 PM Bug #13088: Rapidly clicking certain options on OpenVPN Client Overrides can cause hide/show field behavior to invert
Updating subject for release notes. Jim Pingle
02:50 PM Bug #14301: Input validation error when saving IGMP Proxy settings
I also created a feature request for an option to handle the firewall rules we discussed: #14666 Jim Pingle
02:40 PM Bug #14301: Input validation error when saving IGMP Proxy settings
I made a dedicated issue for the VirtIO problem at #14665 Jim Pingle
02:22 PM Bug #14301: Input validation error when saving IGMP Proxy settings
The virtio issue did turn out to be a virtio problem. It doesn't allow IFF_ALLMULTI to be set (on systems where the h... Kristof Provost
12:35 PM Bug #14301 (Feedback): Input validation error when saving IGMP Proxy settings
Applied in changeset commit:a38aa6d7ffd121727eae9f0d5229b4121928e1f5. Kristof Provost
02:42 PM Bug #13277 (Duplicate): IGMP Proxy webConfigurator Page Always Produces Error
Duplicate of #14301 -- This one was first, but the fix is already committed and noted on #14301 Jim Pingle
02:39 PM Bug #14665 (Resolved): IGMP Proxy cannot start on VirtIO (``vtnet``) interfaces
Moved this over from #14301
From Kristof:
> I'm investigating another issue, which I suspect to be limited to ... Jim Pingle
02:36 PM Bug #12079: Kernel panic when running IGMP Proxy: Sleeping thread owns a non-sleepable lock
Updating subject for release notes. Jim Pingle
02:34 PM Bug #14524: Cannot select IP Alias VIP with CARP VIP parent in Virtual IP drop-down on Gateway Groups
Updating subject for release notes. Jim Pingle
02:31 PM Feature #14402: Dynamic DNS support for Porkbun
Updating subject for release notes. Jim Pingle
02:31 PM Bug #14637: PHP shell script ``pfanchordrill`` shows duplicate anchor content
Updating subject for release notes. Jim Pingle
02:28 PM Bug #14598: Link to view Captive Portal custom HTML page content does not work
Updating subject for release notes. Jim Pingle
02:28 PM Bug #14574: Firewall rules are not displayed properly when they reference a URL table alias and its file does not exist
Updating subject for release notes. Jim Pingle
02:21 PM Regression #14374: Static ARP entries are not configured at boot
Updating subject for release notes. Jim Pingle
02:21 PM Bug #13068: Firewall rules fail to load when a URL table alias file does not exist
Updating subject for release notes. Jim Pingle
02:17 PM pfSense Plus Bug #13348: Error when deleting ZFS Boot Environment created from duplicate of non-default entry
Updating subject for release notes. Jim Pingle
01:35 PM Bug #14660: Sticky Connections do not work properly when multiple connections have the same Gateway IP
Jim Pingle wrote in #note-1:
> That isn't a supported case. pf has no way to differentiate between two identical gat... Lucas Tam
12:24 PM Bug #14660 (Rejected): Sticky Connections do not work properly when multiple connections have the same Gateway IP
That isn't a supported case. pf has no way to differentiate between two identical gateways in this case and there isn... Jim Pingle
08:01 AM Bug #14660 (Rejected): Sticky Connections do not work properly when multiple connections have the same Gateway IP
I have set up a multi-WAN configuration that involves multiple PPPoE connections to my Internet service provider. Eac... Lucas Tam
01:15 PM Bug #14661 (New): ``dpinger`` can unintentionally choose an IPv6 VIP for a monitoring source
Jim Pingle
01:00 PM Bug #14661: ``dpinger`` can unintentionally choose an IPv6 VIP for a monitoring source
In that screenshot you can see that dpinger is using the CARP IP on a IPv6 gateway.
And this happens with all IPv6 g... Hannes Scherbichler
12:23 PM Bug #14661 (Feedback): ``dpinger`` can unintentionally choose an IPv6 VIP for a monitoring source
I can't reproduce this here, @dpinger@ is using the interface IPv6 address as expected. In the @dpinger@ command line... Jim Pingle
11:38 AM Bug #14661 (Closed): ``dpinger`` can unintentionally choose an IPv6 VIP for a monitoring source
Hello,
We have a pfSense cluster running with CARP and IPv6.
We noticed, that dpinger uses the CARP IP address as... Hannes Scherbichler
12:26 PM Revision a38aa6d7: igmpproxy: Do not display an error when saving changes. Fixes #14301
Kristof Provost

08/07/2023

11:49 PM Feature #3288 (In Progress): Support interface macros in Outbound NAT rules
Marcos M
09:24 PM pfSense Packages Bug #14659 (New): vlan (add/modify/delete) with pfblockerNG installed - all interfaces flap
Hard to say if this is a bug per se but its a reproducible problem.
1. create a LAGG with assigned VLANs and those... Mike Moore
09:19 PM pfSense Docs Todo #14658 (Resolved): Update firewall/NAT rule source/destination field references
The firewall/NAT rule source/destination fields have been updated:
https://github.com/pfsense/pfsense/commit/feefe2c... Marcos M
09:01 PM Bug #14301: Input validation error when saving IGMP Proxy settings
Note that that's mostly only a cosmetic problem. It does actually start igmpproxy.
I'm investigating another issue, ... Kristof Provost
08:12 PM Bug #14301 (Pull Request Review): Input validation error when saving IGMP Proxy settings
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/1058 Marcos M
08:25 PM Bug #14657 (Rejected): PHP Fatal error: Allowed memory size of 536870912 bytes exhausted (tried to allocate 4096 bytes) in /usr/local/www/diag_command.php on line 174
That is not a package created or maintained by Netgate. Contact its author for assistance. Jim Pingle
08:20 PM Bug #14657 (Rejected): PHP Fatal error: Allowed memory size of 536870912 bytes exhausted (tried to allocate 4096 bytes) in /usr/local/www/diag_command.php on line 174
Hi, I executed this command via the GUI
curl https://updates.sunnyvalley.io/getzenarmor | sh
and then this one... e ok
07:21 PM pfSense Docs Todo #14656 (Resolved): Feedback on Interface Types and Configuration — LAGG (Link Aggregation)
*Page:* https://docs.netgate.com/pfsense/en/latest/interfaces/lagg.html
*Feedback:* New to this so sorry if I'm ju... Anthony Celata
07:21 PM Bug #13068 (Resolved): Firewall rules fail to load when a URL table alias file does not exist
Marcos M
07:15 PM Bug #14637 (Feedback): PHP shell script ``pfanchordrill`` shows duplicate anchor content
Applied in changeset commit:68f5fc1bd5d2583317ab6e38f833070c2d1174cd. Marcos M
07:15 PM Bug #6799 (Feedback): Negating ``<interface> net`` when a VIP exists on the interface results in unintended behavior
Applied in changeset commit:85c4a8de0016bc4d192b60fd384af56aa4ba1376. Marcos M
07:13 PM pfSense Packages Bug #14654 (Resolved): Can't select BFD Peer for BGP Neighbor in GUI, Route Maps are shown instead
Jim Pingle
06:55 PM pfSense Packages Bug #14654: Can't select BFD Peer for BGP Neighbor in GUI, Route Maps are shown instead
Jim Pingle wrote in #note-4:
> Corrected packages are building now.
Updated, configured and checked on 2.7 - work... Oleksii Tucha
05:44 PM pfSense Packages Bug #14654 (Feedback): Can't select BFD Peer for BGP Neighbor in GUI, Route Maps are shown instead
It doesn't appear that I introduced an error in the behavior of the function that gathers BFD peers but I did spot an... Jim Pingle
12:52 PM pfSense Packages Bug #14654: Can't select BFD Peer for BGP Neighbor in GUI, Route Maps are shown instead
I probably made an error when updating all the FRR code for the new config access functions. I'll look into it today.
 Jim Pingle
07:12 PM Bug #13423 (Resolved): IPv6 neighbor discovery protocol (NDP) fails in some cases
Seems to be solid here after several days in a row and several interface events. Gateways are still showing green thr... Jim Pingle
07:08 PM Revision 68f5fc1b: Avoid displaying duplicate anchors with pfanchordrill. Fix #14637
Marcos M
07:06 PM Revision 85c4a8de: Use pf macros for <interface> subnets. Fix #6799
This changes the behavior of '<if> subnet' in generated firewall/NAT
rules. The previous behavior expands '<if> subne... Marcos M
06:20 PM Bug #14646: OpenVPN can select the wrong interface IP address when multiple addresses are present
In my testing here, the behavior is correct when that is set to a failover group.
@get_interface_ip(<group name>)@... Jim Pingle
06:09 PM pfSense Packages Feature #14653 (Feedback): Update to LCPROC NTP Screen
PR merged Jim Pingle
05:38 PM Revision 7e01141a: Don't restrict the outbound NAT target list
The target_type list was changed in abc9d914 to restrict the displayed
selection options depending on the interface. ... Marcos M
05:35 PM Feature #14650 (Resolved): Change default match modifier from "all of" to "any of"
Marcos M
03:55 PM Feature #14650 (Feedback): Change default match modifier from "all of" to "any of"
Applied in changeset commit:54756f9f683282ca8e850de61f9929a9f011cda1. Marcos M
04:48 PM pfSense Plus Bug #14586: Adding an IP Alias VIP using a unicast CARP VIP as its parent changes the CARP VIP to multicast at the OS level
I've got a similar patch incoming, and this should be included in the System Patches as well I think. Reid Linnemann
03:48 PM Revision 54756f9f: Change the default match for Port and MAC in the packet capture GUI. Implement #14650
Marcos M
03:39 PM pfSense Packages Bug #14496: FATAL ERROR: /usr/local/etc/snort/snort_11005_mvneta1/snort.conf(405) Please activate arpspoof before trying to use arpspoof_detect_host.
This error has returned for some reason Jonathan Lee
03:02 PM Bug #14651: pfSense 2.7.0 Release has PPPoE bug. Unable to even make connection. LCP: Down Event and Link: Down event with no explanation
Marcos M wrote in #note-1:
> Please continue to discuss the issue in the forum. Once steps to reproduce the issue on... Cin Lung Chen
01:35 PM Bug #14648: Values obtained from ``sysctl`` are sometimes unexpectedly empty, leading to PHP and other math errors
Yeah that's what I figured but what I can't figure out is why it would ever come back blank for that OID. I can't mak... Jim Pingle
01:32 PM Bug #14648: Values obtained from ``sysctl`` are sometimes unexpectedly empty, leading to PHP and other math errors
@var_dump(""/1000);@ produces the same error
the empty string does not cleanly cast automatically to an int.
@g... Christian McDonald
01:11 PM Bug #14648: Values obtained from ``sysctl`` are sometimes unexpectedly empty, leading to PHP and other math errors
I doubt it is related to hardware at all, but maybe a timing issue with reading those values from sysctl. It may be h... Jim Pingle
10:55 AM Bug #14648: Values obtained from ``sysctl`` are sometimes unexpectedly empty, leading to PHP and other math errors
I also get similar error:... Michael Clews
12:46 PM Bug #7589 (Resolved): ``diag_edit.php`` warning is not cleared after picking non-directory to load
Jim Pingle
12:14 PM Regression #14377 (Feedback): Cannot add a QinQ interface to a bridge
Kristof Provost
11:38 AM Bug #12079: Kernel panic when running IGMP Proxy: Sleeping thread owns a non-sleepable lock
This is the relevant commit: https://github.com/pfsense/FreeBSD-src/commit/f10efe9d5708cf2f385f17f6ed13909d84cea737
... Kristof Provost
04:41 AM Feature #12077: Allow stick-connections per gateway group
Yes, this would be useful in my scenario where I have 3 x 1Gbe PPPoE links and I only want my browser clients to be s... Lucas Tam
04:38 AM Feature #290: Add Multi-WAN awareness to UPnP
Same, interested, all packages should have multi-wan awareness? Lucas Tam

08/06/2023

03:25 PM Bug #14655: NAT behind a WAN rule" and "!WAN rule"
Im wanting about different NATs with the same ports Andre Lopez Araujo
03:24 PM Bug #14655 (Confirmed): NAT behind a WAN rule" and "!WAN rule"
Good morning,
I just set up a DMZ NAT for everything that is not a WAN Net, but when creating another NAT with the... Andre Lopez Araujo
09:14 AM pfSense Packages Feature #14652: FRR OSPF6 not working over wireguard
Correct, I am relying on neighbor discovery. But even if I wanted to define a static neighbor, there would not be any... beermount beermount
04:12 AM Bug #14646: OpenVPN can select the wrong interface IP address when multiple addresses are present
Wasn't sure if this applied to clients and servers. After applying changeset via system_patches I rebooted upstream g... Jordan G
03:02 AM pfSense Packages Regression #14445: HAProxy PHP error /usr/local/www/haproxy/haproxy_global.php:138
Please see this pull request: https://github.com/pfsense/FreeBSD-ports/pull/1282 Alex Neihaus

08/05/2023

11:13 PM pfSense Packages Bug #14654: Can't select BFD Peer for BGP Neighbor in GUI, Route Maps are shown instead

confirmed.
BFD option(in BGP Neighbors) does not list BFD peers , it shows Route Map lists.
tested on 2.7 and... Alhusein Zawi
09:24 PM pfSense Packages Bug #14654: Can't select BFD Peer for BGP Neighbor in GUI, Route Maps are shown instead
FRR package version is 1.3, if that does matter.
It was working in FRR 1.1.1_7 (which is still installed in my 2.6 i... Oleksii Tucha
09:21 PM pfSense Packages Bug #14654 (Resolved): Can't select BFD Peer for BGP Neighbor in GUI, Route Maps are shown instead
To reproduce:
1. Install FRR
2. Create Route Map
3. Try to select a BFD Peer for BGP Neighbor
!bfd.png!
The se... Oleksii Tucha
11:10 PM pfSense Packages Bug #12899: Suricata doesn't honor Pass List
This has proven to be a very hard bug to find and fix. The problem is random. I have thus far been unable to reproduc... Bill Meeks
10:45 PM pfSense Packages Bug #14644: Zeek PHP error after upgrade to CE 2.7.0
Do any issues occur with the package post-upgrade or is just the upgrade PHP errors the only issue? Kris Phillips
10:44 PM pfSense Packages Feature #14652: FRR OSPF6 not working over wireguard
Hello,
Are you relying on neighbor discovery or do you have neighbors manually programmed in across the link? Typ... Kris Phillips
12:55 PM pfSense Packages Feature #14652: FRR OSPF6 not working over wireguard
Also see https://redmine.pfsense.org/issues/12760 beermount beermount
10:53 AM pfSense Packages Feature #14652 (New): FRR OSPF6 not working over wireguard
FRR OSPF6 is unable to form neighborship without adding link-local alias to wireguard interface.
Unless i perform:... beermount beermount
10:20 PM pfSense Packages Feature #14653: Update to LCPROC NTP Screen
Update LCDPROC NTP Screen
* Add time zone
* Improved selection between GPS and PPS
* Add stability parameter for P... Elvis Impersonator
03:01 PM pfSense Packages Feature #14653 (Feedback): Update to LCPROC NTP Screen
Update to LCDPROC NTP Screen
* Add time zone
* Add local PPS stability pps
https://github.com/pfsense/FreeBSD-po... Elvis Impersonator
10:01 PM pfSense Packages Bug #14287 (Feedback): pfBlockerNG does not uninstall cleanly when using RAM disks
I'm seeing this on 23.05.1 pfBlockerNG 3.2.0_5 across multiple devices. Perhaps you need an existing pfBlockerNG sect... Jordan G
08:45 AM pfSense Packages Bug #14287 (Resolved): pfBlockerNG does not uninstall cleanly when using RAM disks
No PHP errors on 23.05.1 when deleting 3.2.0_5 package with unchecked "keep config"... Lev Prokofev
04:33 PM Bug #6799: Negating ``<interface> net`` when a VIP exists on the interface results in unintended behavior
Tested and reproduced. Also tested with patch applied.
Steps to reproduce:
1. Create a LAN rule with Source ... Kris Phillips
03:33 PM Bug #14651 (Incomplete): pfSense 2.7.0 Release has PPPoE bug. Unable to even make connection. LCP: Down Event and Link: Down event with no explanation
Please continue to discuss the issue in the forum. Once steps to reproduce the issue on other systems (or specific de... Marcos M
09:22 AM Bug #14651 (Incomplete): pfSense 2.7.0 Release has PPPoE bug. Unable to even make connection. LCP: Down Event and Link: Down event with no explanation
Sorry if this is wrong, I am frustrated and would love to be pointed to the right direction. I made a post in the for... Cin Lung Chen
12:50 PM Bug #7589: ``diag_edit.php`` warning is not cleared after picking non-directory to load
Patch clear the warning after you click browse.
Tested on ... Lev Prokofev
09:41 AM pfSense Packages Regression #14189: pfBlocker-NG: HA-Sync is not working
the typo fix patch from the forum thread does fix the Sync functional for pfBlockerNG
tested on
Version 23.05.1-RE... Georgiy Tyutyunnik
09:36 AM Bug #14646: OpenVPN can select the wrong interface IP address when multiple addresses are present
wasn't able to reproduce the original issue as it's stated in the ticket.
However, found a somewhat linked issue:
I... Georgiy Tyutyunnik
05:52 AM Bug #14631: ACL on DNS Resolver is not updated list after IPs changed on interfaces
Can confirm, adding the IP on interfaces doesn't trigger the unbound to reload the config, and the new subnet is not ... Lev Prokofev

08/04/2023

09:55 PM Feature #14650 (Pull Request Review): Change default match modifier from "all of" to "any of"
The default match selection for @PORT NUMBER@ and @HOST MAC ADDRESS@ has been changed to @any of@; this is the more c... Marcos M
06:31 PM Feature #14650 (Resolved): Change default match modifier from "all of" to "any of"
It makes more sense to default the match Christian McDonald
08:09 PM Feature #14620: Support running DHCPv4 Server and DHCPv4 Relay at the same time on different interfaces
We will need to re-test this, as the previous attempt ended up breaking DHCPv6 completely.
More work is needed to su... Christian McDonald
06:24 PM Feature #13377: Option to configure a custom value for the PHP memory limit
Jonathan Lee wrote in #note-15:
> Thanks for the reply,
>
> just to confirm the is the Path Strip Count 2 for you... Christopher Cope
06:04 PM Feature #13377: Option to configure a custom value for the PHP memory limit
Thanks for the reply,
just to confirm the is the Path Strip Count 2 for your patch?
!clipboard-202308041104-h72... Jonathan Lee
05:30 PM Feature #13377: Option to configure a custom value for the PHP memory limit
Jonathan Lee wrote in #note-10:
> Could this also be adapted to use a disk swap? That way it could have an option to... Christopher Cope
05:28 PM Feature #13377: Option to configure a custom value for the PHP memory limit
Jonathan Lee wrote in #note-12:
> I added your patch set this to 512mb and I am still getting that snort error for a... Christopher Cope
04:33 PM Feature #13377: Option to configure a custom value for the PHP memory limit
I added your patch set this to 512mb and I am still getting that snort error for active rules
Crash report begins.... Jonathan Lee
03:57 PM Feature #13377: Option to configure a custom value for the PHP memory limit
is the Path Strip Count 2 for the patch? Jonathan Lee
03:42 PM Feature #13377: Option to configure a custom value for the PHP memory limit
Could this also be adapted to use a disk swap? That way it could have an option to use and allocate fixed disk storag... Jonathan Lee
06:07 PM Regression #14649: PHP error with One.com Dynamic DNS provider
https://redmine.pfsense.org/issues/14558
Could DoH support help with this? Jonathan Lee
03:52 PM Regression #14649: PHP error with One.com Dynamic DNS provider
confirmed and reproduced on:
Version 2.7.0-RELEASE (amd64)
built on Wed Jun 28 03:53:34 UTC 2023
FreeBSD 14.0-CURR... Georgiy Tyutyunnik
01:05 PM Regression #14649 (Resolved): PHP error with One.com Dynamic DNS provider
Tested on ... Lev Prokofev
06:00 PM pfSense Packages Bug #14498: php errors when looking at snort active rules
[04-Aug-2023 09:30:42 US/Pacific] PHP Fatal error: str_ireplace(): Cannot use output buffering in output buffering d... Jonathan Lee
04:36 PM pfSense Packages Bug #14498: php errors when looking at snort active rules
@Christopher Cope
I have tested your patch attached here. Strip level 2
set to 512mb
Hover I am still getting... Jonathan Lee
03:37 PM pfSense Packages Bug #14498: php errors when looking at snort active rules
Amazing, thanks for sharing I appreciate you. Jonathan Lee
04:37 PM pfSense Packages Feature #13575 (In Progress): Update to frr 9.0.1
This appears to be functioning OK for the most part but it isn't building with the SNMP option enabled yet. There is ... Jim Pingle
03:16 PM pfSense Packages Bug #12899: Suricata doesn't honor Pass List
I've also experienced this for quite awhile. I created an alias for a vendor and added all IP addresses and ranges kn... tasty ratz
06:23 AM pfSense Packages Feature #14032: Neighbor Discovery Proxy (NDproxy)
NDProxy is the only way we have been able to get IPv6 working for our company network, and that have been possible on... Filippo Tessarotto

08/03/2023

10:05 PM pfSense Packages Regression #14189: pfBlocker-NG: HA-Sync is not working
Related: "Sync to configured backup server" option does not allow to Save without an IP address in the target below.
... dylan mendez
08:09 PM pfSense Packages Regression #14189: pfBlocker-NG: HA-Sync is not working
Patch to fix the typo was posted at https://forum.netgate.com/post/1108304 Steve Y
08:57 PM pfSense Packages Feature #13575 (Feedback): Update to frr 9.0.1
Merged https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/350 Marcos M
07:49 PM pfSense Packages Feature #14625: Add NTP Screens to LCDPROC
The installed packages Widget did not show there was a new package. Package manage did, but that was when it failed.... Elvis Impersonator
07:35 PM pfSense Packages Feature #14625: Add NTP Screens to LCDPROC
Probably best to move it to the forum then, there may be something that needs fixed on your system, but it's not a ge... Jim Pingle
07:34 PM pfSense Packages Feature #14625: Add NTP Screens to LCDPROC
checked branch and it set correctly
 Elvis Impersonator
07:31 PM pfSense Packages Feature #14625: Add NTP Screens to LCDPROC
No issues installing or upgrading it here. Make sure the update branch is set to the appropriate version that matches... Jim Pingle
07:15 PM pfSense Packages Feature #14625: Add NTP Screens to LCDPROC
@jimp
new LCDPROC package will not install
WARNING: Current pkg repository has a new PHP major
version. pfSens... Elvis Impersonator
06:36 PM pfSense Packages Feature #14625 (Feedback): Add NTP Screens to LCDPROC
Merged in LCDProc package version 0.11.5 Jim Pingle
06:38 PM Feature #14448 (Resolved): Support interface groups in firewall rule source/destination fields
Marcos M
03:43 PM pfSense Docs New Content #14647: Add a note for ixgbe linking at NBase-T
N.B. They will need to check the current value and add the desired value to it. Support varies by NIC/Chip/SFP/etc. S... Jim Pingle
03:22 PM pfSense Docs New Content #14647: Add a note for ixgbe linking at NBase-T
The sysctl that needs to be set is: dev.ix.X.advertise_speed
So for example set dev.ix.3.advertise_speed=0x1b to a... Steve Wheeler
12:39 PM Bug #14648: Values obtained from ``sysctl`` are sometimes unexpectedly empty, leading to PHP and other math errors
Normally I'd say we could just change the lines there to cast to @int@ but I'm curious why it fails to automatically ... Jim Pingle
11:18 AM Bug #14648 (Feedback): Values obtained from ``sysctl`` are sometimes unexpectedly empty, leading to PHP and other math errors
In 23.05.1:... Steve Wheeler
11:31 AM pfSense Packages Feature #9141: FRR xmlrpc
In simple setups like mine I believe having the same BGP configuration on both Primary and Secondary members is what ... Adrian Dascalu

08/02/2023

11:26 PM Feature #14640 (Pull Request Review): Extend support for SCTP in firewall and NAT rules
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/1056 Marcos M
10:01 PM pfSense Docs New Content #14647 (Resolved): Add a note for ixgbe linking at NBase-T
The ixgbe driver in 23.01/2.7 recognises link speeds of 2.5G and 5G and can be set to use them as fixed speeds.
How... Steve Wheeler
07:25 PM Bug #14646 (Feedback): OpenVPN can select the wrong interface IP address when multiple addresses are present
Applied in changeset commit:340aa54839a5b3a8fb74b66919511cebb307bb57. Jim Pingle
07:14 PM Bug #14646 (Resolved): OpenVPN can select the wrong interface IP address when multiple addresses are present
If there are multiple IP addresses and VIPs on an interface, OpenVPN can unintentionally select the wrong address.
... Jim Pingle
07:14 PM Revision 340aa548: Correct OpenVPN if IP addr code. Fixes #14646
Jim Pingle
06:28 PM pfSense Packages Bug #14645 (Resolved): Snort interface "External Net" (EXTERNAL_NET) custom IP list should have negation when expanded
Hello,
I'm not really good with Snort but all my search results confirm that it is common to have @EXTERNAL_NET@ c... Dzmitry Kazei
05:52 PM Revision e4bba4ab: "OpenVPN clients" is not a valid rule src/dst, remove it.
Marcos M
04:59 PM Revision 35abdef2: Revert "services_dhcp_relay.php: introduce proper shortcut section for dhcrelay"
This reverts commit 834bb946dd952f1d7a59e131d6b265cc82b7837d. Christian McDonald
04:58 PM Revision f137d9cd: Revert "services_dhcp.php: cleanup warning notice when DHCP relay is enabled"
This reverts commit 564905382d696ef80b45e7552f4fdc502a7d2053. Christian McDonald
04:29 PM Revision e9995ff3: Revert "services_dhcp.php: just hide relay-enabled interfaces"
This reverts commit 7a1d5e27022fb7183e8a7b17b5514169cbd7ecc7. Christian McDonald
04:28 PM Revision 3fa4d6fe: Revert "dhcp: support simultaneous v4 dhcpd and dhcrelay, Implements #14620"
This reverts commit e9577ebfd7852646a66697a3bde41b712687a4ca. Christian McDonald
01:17 PM Bug #14634: The default gateway icon is not updated when the default gateway is changed to none
This looks likely to be the same cause as this: https://redmine.pfsense.org/issues/14171#note-3
The command used f... Steve Wheeler
12:01 PM pfSense Packages Bug #14644 (Not a Bug): Zeek PHP error after upgrade to CE 2.7.0
First login after upgrading to 2.7.0, a couple of PHP error notices are shown, one of them related to Zeek:
@PHP E... e 1/1
12:00 PM pfSense Packages Bug #14643 (Not a Bug): Suricata PHP error after upgrade to CE 2.7.0
First login after upgrading to 2.7.0, a couple of PHP error notices are shown, one of them related to Suricata:
@P... e 1/1
04:16 AM Bug #12079: Kernel panic when running IGMP Proxy: Sleeping thread owns a non-sleepable lock
Awesome Kristof, I'll be happy to test it.
Could you briefly explain how to apply the patch?
I'm on CE 2.7.0 and ... Arturo de Vries

08/01/2023

10:47 PM Feature #14640 (In Progress): Extend support for SCTP in firewall and NAT rules
Marcos M
06:29 PM Feature #14640 (Resolved): Extend support for SCTP in firewall and NAT rules
As of 47d0c1fe7d3279e9d38df75cf0c359b1fbc26d5e (on devel-main) pf has improved SCTP support. It can now filter on SCT... Kristof Provost
10:21 PM pfSense Packages Feature #13575: Update to frr 9.0.1
Tested in 23.09 by running:... Marcos M
08:06 PM pfSense Packages Feature #14642 (New): nfsen-nfdump intergration
Can we get nfdump/nfsen package integrated within pfsense? Have sflow send data to nfsen. The built-in collector woul... Mike Moore
07:29 PM Todo #1521: Multipath Routing GUI Support
See also: #9545, #14641 Jim Pingle
07:28 PM Todo #1521: Multipath Routing GUI Support
As of Plus 23.05.1 and CE 2.7.0, the OS supports multipath routing (i.e. ECMP).
However, outside of FRR, there isn... Jim Pingle
07:29 PM Feature #9545: Enable Multipath Routing in the Kernel
See also: #1521, #14641 Jim Pingle
06:44 PM Feature #9545 (Resolved): Enable Multipath Routing in the Kernel
From our local testing here on Plus (23.05.1, 23.09 snaps) and CE (2.7.0, 2.8.0 snaps), with both static and BGP it a... Jim Pingle
07:28 PM pfSense Docs New Content #14641: Add content about multipath routing
See also: #1521, #9545 Jim Pingle
07:07 PM pfSense Docs New Content #14641 (Resolved): Add content about multipath routing
Now that the OS supports multipath routing it should be covered in the docs were appropriate.
See #9545 for notes/... Jim Pingle
07:25 PM pfSense Packages Feature #14625: Add NTP Screens to LCDPROC
Round 3
https://github.com/pfsense/FreeBSD-ports/pull/1278
 Elvis Impersonator
06:52 PM Revision c76dadcc: Add Next Hop info to status output
Jim Pingle
04:11 PM Regression #14431: Sending IPv6 traffic on a disabled interface can trigger a kernel panic
Is Tailscale also in play here? I've trying and failing to reproduce this again. No matter what I try to do, I simply... Kristof Provost
03:20 PM Bug #14577: OpenVPN not removing old Cisco-AVPair anchor rules and files in ``/tmp``
Until the referenced functionality is added upstream, floating client support will need to be disabled if avpair rule... Marcos M
02:28 PM Bug #14577: OpenVPN not removing old Cisco-AVPair anchor rules and files in ``/tmp``
I have to disagree that they are a cosmetic issue.
This issue was originally discovered via the following:
1. A n... Michael Mercier
11:21 AM pfSense Docs Correction #14639 (Resolved): Multiple email address notification
https://docs.netgate.com/pfsense/en/latest/config/advanced-notifications.html#smtp-e-mail
Please add a note about ... Mike Moore
04:54 AM pfSense Packages Bug #14638 (Closed): Upgrading from Tailscale 0.1.3.1 to 0.1.4 does not start tailscale after upgrading
After upgrading Tailscale from 0.1.3.1 to 0.1.4, Tailscale was not running according to the status page.
I was abl... R W

07/31/2023

08:41 PM Bug #14577 (Needs Patch): OpenVPN not removing old Cisco-AVPair anchor rules and files in ``/tmp``
The duplicate rules listed with @pfanchordrill@ are a cosmetic issue - see #14637.
As for the files that aren't be... Marcos M
08:33 PM Bug #14637 (Pull Request Review): PHP shell script ``pfanchordrill`` shows duplicate anchor content
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/1054
For future reference, @pfctl -vsA@ loops through L3... Marcos M
08:31 PM Bug #14637 (Resolved): PHP shell script ``pfanchordrill`` shows duplicate anchor content
... Marcos M
07:55 PM Regression #14635 (Feedback): "Legacy" strength PKCS#12 Export needs ``-legacy`` provider parameter on OpenSSL command
Applied in changeset commit:9b9eaaeaa6cfa87c1320687836496d316aac61ef. Jim Pingle
07:47 PM Regression #14635: "Legacy" strength PKCS#12 Export needs ``-legacy`` provider parameter on OpenSSL command
Export package issue: #14636 Jim Pingle
07:44 PM Regression #14635 (Resolved): "Legacy" strength PKCS#12 Export needs ``-legacy`` provider parameter on OpenSSL command
On current dev snapshots with OpenSSL 3.0, the "Legacy" strength PKCS#12 export (RC2-40+SHA1) is unsupported by defau... Jim Pingle
07:48 PM Revision 9b9eaaea: Allow legacy PKCS#12 export to function (for now). Fixes #14635
Jim Pingle
07:47 PM pfSense Packages Regression #14636 (Resolved): "Legacy" strength PKCS#12 Export needs ``-legacy`` provider parameter on OpenSSL command
See #14635 for details.
The export package will need a change similar to that one from #14635 but it will need to ... Jim Pingle
07:30 PM Bug #14634 (Confirmed): The default gateway icon is not updated when the default gateway is changed to none
Link to the discussion in question: https://forum.netgate.com/topic/180684/bug-in-default-gateway-selection
As des... Fabiano B. Franco
07:19 PM Feature #9545: Enable Multipath Routing in the Kernel
Jim Pingle wrote in #note-16:
> Turns out it's already enabled in the current builds. FRR without the "multipath" op... Chris Baker
06:54 PM Bug #13423 (Feedback): IPv6 neighbor discovery protocol (NDP) fails in some cases
Lets wait until we get more real-world testing to call it completely resolved. Jim Pingle
06:53 PM Bug #13423 (Resolved): IPv6 neighbor discovery protocol (NDP) fails in some cases
I was able to reliably reproduce this before, and can no longer reproduce it with the fix. Marcos M
06:50 PM Bug #13423: IPv6 neighbor discovery protocol (NDP) fails in some cases
I upgraded my edge to a dev snap with the fix and so far, so good. Everything across the board is green in my lab for... Jim Pingle
06:39 PM Bug #14619 (Resolved): Rule separators are ordered incorrectly after removing rules in certain positions
Original issue is now fixed, and all test cases referenced in the attachments of #9887 pass as well; separators in th... Marcos M
05:40 PM Bug #14619 (Feedback): Rule separators are ordered incorrectly after removing rules in certain positions
Applied in changeset commit:8a12728da23fc7cb654cec4a97670ef2b6dfb239. Marcos M
06:00 PM Regression #14616: dpinger does not start after renewing DHCP
Kris Phillips wrote in #note-1:
> Hello,
>
> Is there no default route defined when you go to Diagnostics --> Rou... Maternal Pause
03:12 PM Regression #14616: dpinger does not start after renewing DHCP
You can edit the "/conf/config.xml" file under "<system>" and add a new line with "<route-debug></route-debug>" to ge... Kyouko M
05:45 PM Feature #14448 (Feedback): Support interface groups in firewall rule source/destination fields
Applied in changeset commit:9fbd5798a3d76b36e6cc37debc5a37d382977a78. Marcos M
05:32 PM Revision abc9d914: Refactor translation target for outbound NAT
Marcos M
05:32 PM Revision feefe2c3: Refactor display of special networks
Marcos M
05:32 PM Revision 9fbd5798: Allow use of interface groups in firewall rule source/destination fields. Implement #14448
Marcos M
05:32 PM Revision ccf3b257: Refactor usage of special networks
Pre-requisite for easier implementation of interface group in firewall rules. Marcos M
05:30 PM Revision 8a12728d: Use the correct index when saving rule separators. Fix #14619
Also fix displaying rule separators with an out of range index. Marcos M
04:46 PM pfSense Packages Feature #14625: Add NTP Screens to LCDPROC
Tested files attached Elvis Impersonator
04:44 PM pfSense Packages Feature #14625: Add NTP Screens to LCDPROC
Updated PR
https://github.com/pfsense/FreeBSD-ports/pull/1277 Elvis Impersonator
02:53 PM pfSense Packages Feature #14625 (Pull Request Review): Add NTP Screens to LCDPROC
Jim Pingle
04:08 PM pfSense Packages Feature #14633: Cleanup states on dynamic routing changes
The scripting hook described at https://docs.frrouting.org/en/latest/scripting.html seems promising. If nothing else ... Jim Pingle
03:59 PM pfSense Packages Feature #14633: Cleanup states on dynamic routing changes
This is specific to FRR, so I moved it to the FRR package.
Base system routing changes of this nature are already ... Jim Pingle
03:57 PM pfSense Packages Feature #14633 (Feedback): Cleanup states on dynamic routing changes
Currently, with FRR, dynamic routing changes does not cleanup old firewall states causing traffic to flow incorrectly... Christopher de Haas
03:46 PM Regression #14502: DHCPv6 Prefix Delegation (PD) not installing routes
For another confirmation point, I upgraded my edge to 23.09 dev snapshots and dhcpleases6 is running and I have route... Jim Pingle
03:43 PM pfSense Packages Feature #14629: Add option control LCDProc ``syslog`` behavior
Worth noting that the old hardcoded default was level 3. When I added the option I made the new default level 2 to al... Jim Pingle
03:18 PM pfSense Packages Feature #14629 (Feedback): Add option control LCDProc ``syslog`` behavior
Added in LCDProc package v0.11.4_2 which is building now and will be available shortly.
 Jim Pingle
03:28 PM Revision 7a1d5e27: services_dhcp.php: just hide relay-enabled interfaces
Christian McDonald
02:36 PM pfSense Packages Bug #14627: FRR prefix list creation failure
The validation could use some work but it's not completely broken as-is, it can be worked around.
If you enter the... Jim Pingle
02:25 PM Bug #14261: Trim white space in a DHCP Leases page search field
I'm not sure I agree this is a problem exactly as stated. Sometimes I may want to search for a specific string that s... Jim Pingle
01:52 PM Bug #14622 (Not a Bug): Special characters can cause the CDATA tags to be stripped during HA Sync
I can't duplicate this as stated in any case. I can create a user with a full name of "Tést" and it synchronizes with... Jim Pingle
10:56 AM Bug #14622: Special characters can cause the CDATA tags to be stripped during HA Sync
Upon further testing we found the following:
Accented characters (or an apostrophe for that matter too) present in... Udo Llorens
10:20 AM Bug #14622: Special characters can cause the CDATA tags to be stripped during HA Sync
Tested on... Udo Llorens
01:43 PM pfSense Packages Feature #14630: FRR script hook for clearing states on routing changes
If such extensions were possible those would require developing new features to accommodate them, adding the new func... Jim Pingle
01:32 PM pfSense Packages Feature #14630: FRR script hook for clearing states on routing changes
Hi Jim,
Thanks for responding to this quickly, and thanks for the floating-rule idea. I get that it can help mitigat... Christopher de Haas
12:34 PM pfSense Packages Feature #14630 (Not a Bug): FRR script hook for clearing states on routing changes
There is no event or mechanism by which that situation could be identified and acted upon.
If it were a built-in W... Jim Pingle
05:55 AM pfSense Packages Feature #14630 (New): FRR script hook for clearing states on routing changes
I have been chasing an issue of dropped traffic, and finally found the issue. A client is repeatedly sending traffic ... Christopher de Haas
12:48 PM Bug #14624 (Not a Bug): DNS Lookup tool doesn't respect 'DNS Resolution Behavior: Use local, ignore remote' when DoT is configured
That page uses several different techniques to function and some do not use the local resolver directly. For example,... Jim Pingle
12:29 PM pfSense Packages Feature #14632 (Rejected): Add flock pacakage to pfsense repository
There isn't nearly enough information here. Do you mean the @sysutils/flock@ port from FreeBSD? Or something else?
... Jim Pingle
11:50 AM pfSense Packages Feature #14632 (Rejected): Add flock pacakage to pfsense repository
i would like to use flock with cron jobs
Thanks Richard Horvath
12:24 PM Bug #14628: PPPoE Interface Panic
Looking at the end of the message buffer there were a lot of interface link transitions up/down on a PPPoE interface ... Jim Pingle
12:15 PM pfSense Packages Bug #14484 (Resolved): lldpd php error on saving with no interface selected
Jim Pingle
12:14 PM Bug #14626: Multi-WAN IPsec does not fail over when preferred WAN loses link
Thomas Simon wrote in #note-3:
> Hi Kris. thanks for the quick response. Yes, attempting. However on the failed WAN ... Jim Pingle
07:53 AM pfSense Packages Feature #14468: pass along ntopng professional license key
Hi, I thought I was the only one with this issue. I need to install my NTOPNG Pro license on Ver 23.05.1 but even if ... Russ Reynolds
06:48 AM Bug #14631 (Duplicate): ACL on DNS Resolver is not updated list after IPs changed on interfaces
ACL on DNS Resolver is not updated list after IPs changed on interfaces.
How to repruduce:
1. Create new interface
... aleksei prokofiev

07/30/2023

10:36 PM Bug #14604: Bugs in dhclient implementation according to RFC 2131
I will look at this, as I’m currently doing a lot of DHCP work at the moment.
(We are also looking at moving to dh... Christian McDonald
09:27 PM Bug #14604: Bugs in dhclient implementation according to RFC 2131
Reported upstream in https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=272827, turns out dhclient needs some updating... Nazar Mokrynskyi
07:53 PM Bug #14626: Multi-WAN IPsec does not fail over when preferred WAN loses link
Kris Phillips wrote in #note-2:
> Thomas Simon wrote in #note-1:
> > Thomas Simon wrote:
> > > Hi
> > >
> > > I have... Thomas Simon
12:02 AM Bug #14626: Multi-WAN IPsec does not fail over when preferred WAN loses link
Thomas Simon wrote in #note-1:
> Thomas Simon wrote:
> > Hi
> >
> > I have a site to site to vpn over ipsec betw... Kris Phillips
12:41 PM pfSense Packages Feature #14629: Add option control LCDProc ``syslog`` behavior
Another options might be to allow changing the log level
ReportLevel=3
ReportLevel = LEVEL
Sets the reporting lev... Elvis Impersonator
11:06 AM pfSense Packages Feature #14629 (Resolved): Add option control LCDProc ``syslog`` behavior
Currently there is no way via the package config GUI to disable messages getting written to the /var/log/system.log.... Elvis Impersonator
10:48 AM pfSense Packages Bug #14572: Unused DNSBL files may not be removed
Hi,
this is stable branch.
 Jove Too
01:17 AM pfSense Packages Bug #14572: Unused DNSBL files may not be removed
Hello,
Is this with the devel or stable branch of pfBlockerNG? Kris Phillips
06:59 AM Bug #14628 (New): PPPoE Interface Panic
Hi,
I recently upgraded from 2.7 CE to 23.05 Plus version for my home network. But it keeps crashing after 2,3 day... Faisal Mahmood
02:02 AM pfSense Packages Bug #14287 (Feedback): pfBlockerNG does not uninstall cleanly when using RAM disks
I'm no longer able to recreate this in 23.05.1. If someone else can also confirm no more issues, we can mark this as... Kris Phillips
01:59 AM pfSense Packages Feature #14447 (In Progress): Update haproxy from 2.6 to 2.8 lts
HAProxy 2.8.1 is in the stable package in 23.09 of Plus.
Current version in 23.05.1 is 2.2.29. Kris Phillips
12:04 AM Regression #14616: dpinger does not start after renewing DHCP
Hello,
Is there no default route defined when you go to Diagnostics --> Routes? Kris Phillips

07/29/2023

10:13 PM Bug #14261 (Pull Request Review): Trim white space in a DHCP Leases page search field
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/1053 Christopher Cope
07:46 PM Feature #14620: Support running DHCPv4 Server and DHCPv4 Relay at the same time on different interfaces

DHCPv4 Relay is available on interface that does not run DHCP .
2.8.0.a.20230728.0600 Alhusein Zawi
06:03 PM pfSense Packages Bug #14484: lldpd php error on saving with no interface selected
confirmed, now working with lldpd 0.9.11_2 Jordan G
12:30 PM pfSense Packages Bug #14484: lldpd php error on saving with no interface selected
Tested on 23.05.1 and 2.7.0 ... aleksei prokofiev
04:53 PM pfSense Packages Bug #14627: FRR prefix list creation failure
The same behavior is on FRR v1.2_3 Lev Prokofev
04:40 PM pfSense Packages Bug #14627 (New): FRR prefix list creation failure
If you try to create a Prefix List with multiple Prefix List Entries and you check the checkbox Any in the last row, ... Danilo Zrenjanin
03:23 PM Bug #14626: Multi-WAN IPsec does not fail over when preferred WAN loses link
Thomas Simon wrote:
> Hi
>
> I have a site to site to vpn over ipsec between HO and a branch office. Now i have g... Thomas Simon
03:20 PM Bug #14626 (Resolved): Multi-WAN IPsec does not fail over when preferred WAN loses link
Hi
I have a site to site to vpn over ipsec between HO and a branch office. Now i have got added one more WAN conne... Thomas Simon
03:03 PM pfSense Packages Feature #14625 (Feedback): Add NTP Screens to LCDPROC
updated the lcdproc_client.php and lcdproc_screens.php to include NTP screen
https://github.com/pfsense/FreeBSD-po... Elvis Impersonator
08:25 AM pfSense Packages Bug #14275 (Resolved): Deleting a route map that is assigned to an active neighbor causes crash
Tested against FRR Package v1.3.
It's fixed.
I am marking this ticket resolved. Danilo Zrenjanin
08:00 AM pfSense Packages Regression #14561 (Resolved): FRR errors accessing Global Settings after deleting BGP neighbor
Tested against FRR Package v1.3.
It's fixed.
I am marking this ticket resolved. Danilo Zrenjanin
07:56 AM pfSense Packages Bug #14562 (Resolved): PHP error when trying to run OSPF and BGP in the same time
Tested against FRR Package v1.3. It's fixed.
I am marking this ticket resolved. Danilo Zrenjanin
04:58 AM pfSense Packages Regression #14494 (Resolved): FRR,PHP errors when deleting AS-path
No more errors with the 1.3 package, marked it resolved. Lev Prokofev
04:53 AM pfSense Packages Regression #14493 (Resolved): FRR,PHP errors when deleting neighbor
No more errors, with the 1.3 package, marked it resolved. Lev Prokofev

07/28/2023

11:00 PM Bug #14624: DNS Lookup tool doesn't respect 'DNS Resolution Behavior: Use local, ignore remote' when DoT is configured
Will also say that I'm unsure if this is of significance or just due to my lack of understanding on what the GUI is a... Chris W
11:00 PM Bug #14624 (Not a Bug): DNS Lookup tool doesn't respect 'DNS Resolution Behavior: Use local, ignore remote' when DoT is configured
When DoT is configured according to https://docs.netgate.com/pfsense/en/latest/recipes/dns-over-tls.html, the DNS Loo... Chris W
10:17 PM Regression #14623 (Resolved): Primary interface address is incorrectly set to the last address on the interface
The fixes for #11545 seem to have introduced another regresssion when finding the primary interface address.
My WA... Ajay Easter
09:30 PM Bug #14622 (Not a Bug): Special characters can cause the CDATA tags to be stripped during HA Sync
Tested on... Christopher Cope
08:46 PM pfSense Packages Bug #14606 (Resolved): Deleting Last BFD Profile in FRR Package Causes PHP Fatal Error
Jim Pingle
08:30 PM pfSense Packages Bug #14606: Deleting Last BFD Profile in FRR Package Causes PHP Fatal Error
Jim Pingle wrote in #note-4:
> Fixed in FRR Package v1.3, which is building now and will be available shortly.
I ... Bill Hughes
05:44 PM pfSense Packages Bug #14606 (Feedback): Deleting Last BFD Profile in FRR Package Causes PHP Fatal Error
Fixed in FRR Package v1.3, which is building now and will be available shortly. Jim Pingle
05:46 PM pfSense Packages Bug #14275 (Feedback): Deleting a route map that is assigned to an active neighbor causes crash
This should be fixed in FRR Package v1.3, which is building now and will be available shortly. Jim Pingle
05:44 PM pfSense Packages Regression #14493 (Feedback): FRR,PHP errors when deleting neighbor
Fixed in FRR Package v1.3, which is building now and will be available shortly. Jim Pingle
05:44 PM pfSense Packages Regression #14494 (Feedback): FRR,PHP errors when deleting AS-path
Fixed in FRR Package v1.3, which is building now and will be available shortly. Jim Pingle
05:44 PM pfSense Packages Regression #14561 (Feedback): FRR errors accessing Global Settings after deleting BGP neighbor
Fixed in FRR Package v1.3, which is building now and will be available shortly. Jim Pingle
05:44 PM pfSense Packages Bug #14562 (Feedback): PHP error when trying to run OSPF and BGP in the same time
Fixed in FRR Package v1.3, which is building now and will be available shortly. Jim Pingle
04:56 PM Bug #14619 (Pull Request Review): Rule separators are ordered incorrectly after removing rules in certain positions
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/1052 Marcos M
04:56 PM Bug #14621 (Pull Request Review): Rule separators are hidden when their index is greater than the number of rules
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/1052 Marcos M
04:55 PM Bug #14621 (Resolved): Rule separators are hidden when their index is greater than the number of rules
When the rule separator index is greater than the number of rules on the page, it is not displayed. Marcos M
04:50 PM Todo #12762 (Feedback): Clarify that the IPsec keep alive check option ignores Child SA Start Action
Applied in changeset commit:56f0a8361c1a73266a93a20b0a3a7566ebfe164a. Marcos M
04:42 PM Revision 56f0a836: Clarify IPsec Keep Alive description. Fix #12762
Marcos M
03:53 PM Feature #14448: Support interface groups in firewall rule source/destination fields
tested on:
Version 2.7.0-RELEASE (amd64)
built on Wed Jun 28 03:53:34 UTC 2023
FreeBSD 14.0-CURRENT
Version 2... Georgiy Tyutyunnik
01:11 PM Bug #14216: ntopng causes OpenVPN server errors 'error - IP packet with unknown IP version=15 seen' when OpenVPN server interface is selected
I can not reproduce it. Tested on 2.7.0 ... aleksei prokofiev
11:45 AM Bug #12079 (Feedback): Kernel panic when running IGMP Proxy: Sleeping thread owns a non-sleepable lock
I've committed that patch and picked it to our branches. It'll be part of the next snapshot build. Kristof Provost
02:41 AM Bug #14083: Adding MSS and MTU values on a LAGG VLAN interface breaks connectivity
Tested this on the Netgate 3100 and it appears to be isolated to only the 7100. Setting an MTU on LAN while using or... Kris Phillips

07/27/2023

10:41 PM Bug #14619 (In Progress): Rule separators are ordered incorrectly after removing rules in certain positions
Marcos M
05:44 PM Bug #14619: Rule separators are ordered incorrectly after removing rules in certain positions
There were some recent changes made here in #9887 that fixed some other scenarios Jim Pingle
05:39 PM Bug #14619 (Resolved): Rule separators are ordered incorrectly after removing rules in certain positions
Steps to reproduce:
# Create three rules, and a separator between the second and third rule.
# Select the first two... Marcos M
10:31 PM Bug #14617 (Closed): Package updates fail over IPv6
Closing - this is now resolved. We identified the issue which is being tracked internally, thank you for reporting it. Marcos M
06:22 PM Bug #14617 (Confirmed): Package updates fail over IPv6
Tested on 2.7. The fetch does fall back to IPv4, but it does take several minutes for IPv6 to time out:... Marcos M
03:30 PM Bug #14617 (Closed): Package updates fail over IPv6
Hello,
As of right now, the host that pfSense connects to check upgrades (pkg00-atx.netgate.com [2610:160:11:18::2... Spike R.D.
09:30 PM Feature #14620 (Feedback): Support running DHCPv4 Server and DHCPv4 Relay at the same time on different interfaces
Applied in changeset commit:e9577ebfd7852646a66697a3bde41b712687a4ca. Christian McDonald
08:35 PM Feature #14620: Support running DHCPv4 Server and DHCPv4 Relay at the same time on different interfaces
This also introduces shortcut service status specific to dhcrelay Christian McDonald
08:34 PM Feature #14620: Support running DHCPv4 Server and DHCPv4 Relay at the same time on different interfaces
!clipboard-202307271633-rlqtx.png! Christian McDonald
08:27 PM Feature #14620 (Assigned): Support running DHCPv4 Server and DHCPv4 Relay at the same time on different interfaces
Christian McDonald
09:24 PM Revision e9577ebf: dhcp: support simultaneous v4 dhcpd and dhcrelay, Implements #14620
Christian McDonald
08:12 PM Regression #14502 (Resolved): DHCPv6 Prefix Delegation (PD) not installing routes
Christian McDonald
11:30 AM Regression #14502: DHCPv6 Prefix Delegation (PD) not installing routes
tested on
Version 2.7.0-RELEASE (amd64)
built on Wed Jun 28 03:53:34 UTC 2023
FreeBSD 14.0-CURRENT
Version 23.... Georgiy Tyutyunnik
08:00 PM Revision 30b8b63a: Disable frr 8 build options for the moment.
SNMP is broken, MULTIPATH may be unnecessary. Jim Pingle
05:55 PM Bug #14083: Adding MSS and MTU values on a LAGG VLAN interface breaks connectivity
Other behavior notes:
If you run an ifconfig lagg0 from shell, the lagg will show up and both of the ix interfaces... Kris Phillips
05:43 PM Bug #14083: Adding MSS and MTU values on a LAGG VLAN interface breaks connectivity
Just ran into this with another customer running 23.05.1 on a 7100. Adding an <mtu> value to any interface on the sw... Kris Phillips
05:27 PM Feature #14448: Support interface groups in firewall rule source/destination fields
Tested on ... Lev Prokofev
05:20 PM Feature #9545 (Feedback): Enable Multipath Routing in the Kernel
Turns out it's already enabled in the current builds. FRR without the "multipath" option allows 16 duplicate routes, ... Jim Pingle
04:50 PM Todo #12762 (Pull Request Review): Clarify that the IPsec keep alive check option ignores Child SA Start Action
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/1051 Marcos M
04:39 PM Bug #14618 (Rejected): vpn routing
There isn't enough detail there to claim this is a bug and not a problem in your configuration. It may have worked in... Jim Pingle
04:37 PM Bug #14618 (Rejected): vpn routing
Pfsense 2.7.0. automatic add route on vpn is bugged, the os add only first ovpnc.
I downgrade to 2.6.0 with the sa... Pier Federico Flamigni
02:23 PM pfSense Plus Regression #14171: High Availability Setup with Gateway to secondary pfSense not working - No Internet
I tested this behavior in a default install, I hope it wasn't bad form to open another ticket, but I wanted to separa... Maternal Pause
02:12 PM Regression #14616 (Resolved): dpinger does not start after renewing DHCP

Default install on 2.7
WAN is on VLAN 201 of vtnet0 (vtnet0.201) vtnet0 is not assigned.
LAN on vtnet1
Creat... Maternal Pause
12:20 PM Bug #12079: Kernel panic when running IGMP Proxy: Sleeping thread owns a non-sleepable lock
I believe this should also mitigate the problem: https://reviews.freebsd.org/D41209
The LOR occurs only, at least ... Kristof Provost
12:52 AM Feature #946: Allow aliases to be used to define IPsec phase 2 networks
It would be great if this could get integrated Jason Kolter
12:52 AM Bug #6799 (Pull Request Review): Negating ``<interface> net`` when a VIP exists on the interface results in unintended behavior
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/1050 Marcos M

07/26/2023

07:48 PM pfSense Packages Bug #14491: FRR not starting with AgentX enabled
The FRR package is built with SNMP support but it doesn't appear to be loading the module somehow.
The vtysh CLI l... Jim Pingle
12:22 PM pfSense Packages Bug #14491: FRR not starting with AgentX enabled
Jim Pingle wrote in #note-3:
> For those hitting this error, do you have the NET-SNMP package installed and active?
... Yif Swery
12:12 PM pfSense Packages Bug #14491: FRR not starting with AgentX enabled
For those hitting this error, do you have the NET-SNMP package installed and active?
The AgentX integration is int... Jim Pingle
10:15 AM pfSense Packages Bug #14491 (Confirmed): FRR not starting with AgentX enabled
I can confirm this behavior.
Tested against:... Danilo Zrenjanin
07:44 PM Revision d2bda7c0: Set compile options for FRR 8
Jim Pingle
07:10 PM Bug #7589 (Feedback): ``diag_edit.php`` warning is not cleared after picking non-directory to load
Applied in changeset commit:8c2df62bbcd3d3f47048e9b9fededa6478a1ea14. Christopher Cope
07:04 PM Revision 8c2df62b: diag_edit.php Improvements. Fixes #7589
Christopher Cope
07:03 PM pfSense Packages Feature #14321 (Feedback): Add UPS information to LCDproc screen
I added screens for both APCUPSD and NUT to LCDProc. The option only appears (and will only work) when the correspond... Jim Pingle
06:06 PM Regression #14615 (Resolved): PHP crash during bootup with gateway monitoring enabled with custom monitor IP
https://github.com/freebsd/freebsd-src/commit/6422599e74db4bb8b47cead46760d96601d8396a Christian McDonald
04:25 PM Bug #14614 (Confirmed): Status/IPSec/Overview - sort IPSec list by description does not work
The order for sorting when using the clickable headers doesn't get honored when the table updates via AJAX. So once y... Jim Pingle
04:10 PM Bug #14614 (Confirmed): Status/IPSec/Overview - sort IPSec list by description does not work
The list page for Status/IPSec/Overview. When the description sort is selected, the list is still sorted by the ID. Y Chen
03:04 PM Bug #14613: Incorrect wireguard control panel status management
Meanwhile, in this state, although it shows that the peer is connected, it is not actually able to communicate hao zhang
02:59 PM Bug #14613 (New): Incorrect wireguard control panel status management
!clipboard-202307262256-rlh8k.png!
Wireguard can still be clicked on to start while in the boot state and is unrespo... hao zhang
02:53 PM pfSense Plus Bug #14586 (Confirmed): Adding an IP Alias VIP using a unicast CARP VIP as its parent changes the CARP VIP to multicast at the OS level
Ok, that was my bad. I've checked only the GUI status. After checking the ifconfig output, I realized that it reverts... Danilo Zrenjanin
08:10 AM pfSense Plus Bug #14586: Adding an IP Alias VIP using a unicast CARP VIP as its parent changes the CARP VIP to multicast at the OS level
I backed out my patch and rebooted. Looking at just LAN:... James George
07:42 AM pfSense Plus Bug #14586: Adding an IP Alias VIP using a unicast CARP VIP as its parent changes the CARP VIP to multicast at the OS level
Interesting, I'm definitely seeing this on 23.05.1 (just noticed I selected the wrong version in the bug - I'll fix t... James George
07:34 AM pfSense Plus Bug #14586: Adding an IP Alias VIP using a unicast CARP VIP as its parent changes the CARP VIP to multicast at the OS level
I've tested against:... Danilo Zrenjanin
12:33 PM pfSense Packages Bug #14484 (Feedback): lldpd php error on saving with no interface selected
I pushed a fix, it is building now and will be available shortly in lldpd pkg version 0.9.11_2 on Plus 23.05.1 and CE... Jim Pingle
06:41 AM pfSense Packages Bug #14484 (Confirmed): lldpd php error on saving with no interface selected
Lev Prokofev
06:41 AM pfSense Packages Bug #14484: lldpd php error on saving with no interface selected
I can reproduce it on 23.05.1, probably the "No interface selected" warning message is needed here.... Lev Prokofev
12:09 PM Bug #14600: 2.7.0 Installation error on Oracle Cloud Infrastrucutre (OCI)
Nothing we can do about that, then. There must be something about that particular disk setup that isn't compatible, a... Jim Pingle
05:59 AM Bug #14600: 2.7.0 Installation error on Oracle Cloud Infrastrucutre (OCI)
Hello Jim,
The screen it shows me is a little different from what the manual shows.
I attach it as pfSense_1.png.... Santiago Nunez
12:06 PM pfSense Plus Feature #14612 (Rejected): Show egress interface in firewall logs
The log entries have no concept of anything other than the interface which triggered the rule and trying to calculate... Jim Pingle
01:50 AM pfSense Plus Feature #14612 (Rejected): Show egress interface in firewall logs
As the subject states could we add egress interface within the firewall logs?
There is a column for ingress and anot... Mike Moore
09:29 AM pfSense Packages Bug #14199 (Resolved): ACME - Issue with corrupted cert
Perhaps this issue is related to the https://redmine.pfsense.org/issues/14592
I couldn't recreate any of the repo... Danilo Zrenjanin
08:09 AM Bug #14605: Dynamic DNS uses the default gateway interface instead of the specified interface
I followed the steps to reproduce the issue. However, in my case, the Dynamic DNS used the WAN2 as defined.
1. Conf... Danilo Zrenjanin
06:34 AM pfSense Packages Bug #14606 (Confirmed): Deleting Last BFD Profile in FRR Package Causes PHP Fatal Error
Lev Prokofev
06:34 AM pfSense Packages Bug #14606: Deleting Last BFD Profile in FRR Package Causes PHP Fatal Error
I can reproduce it on 23.05.1, error doesn't come if the BFD daemon is disabled, but occurs immediately when you enab... Lev Prokofev

07/25/2023

06:51 PM Revision 1daabcfd: Fix the installation of the pfSense base package with pkg -r.
Luiz Souza
06:10 PM pfSense Plus Feature #14611 (Rejected): tracking flows and added context
That's what ntop/softflowd/netflow in general are for. That sort of data storage and drill-down shouldn't be happenin... Jim Pingle
05:58 PM pfSense Plus Feature #14611 (Rejected): tracking flows and added context
pfSense does not have a cleaner way to track flows going through the firewall.
Seeing if a packet matches a rule i... Mike Moore
05:38 PM Bug #6167: IPsec IPComp not working
Renato Botelho wrote in #note-25:
> When it's fixed on FreeBSD we can import the fix and target it to a version
I... Ronald Antony
04:00 PM Feature #14610 (Closed): Add source address option to Check IP Services
Add a GUI option for Check IP Services to specify the source address - it should support gateway groups and VIPs.
... Marcos M
03:59 PM Bug #14605: Dynamic DNS uses the default gateway interface instead of the specified interface
This seems to be due to the Check IP Service using the default gateway which happens because the WANs are both RFC1918. Marcos M
03:22 PM Bug #14518: pfSense CrashLog on 2.7.0RC Upgrade
Hello Kris,
I have not been able to recreate the issue since the 1 time it occurred. The 1st machine I upgraded to... Matthew Drury
03:02 PM Bug #14609 (Resolved): Update check in GUI does not always honor the configured proxy settings
When checking for updates from **System > Update**, the function call to @update_repos()@ and @pfSense-repoc@ does no... Jim Pingle

07/24/2023

07:14 PM Bug #14577: OpenVPN not removing old Cisco-AVPair anchor rules and files in ``/tmp``
Going back to the /tmp/<user> files.
I manually removed all the route (/tmp/<user>) files from the /tmp directory la... Michael Mercier
05:58 PM pfSense Docs Correction #14601 (Closed): Outdated mbuf reference in Squid Tuning doc
Outdated reference removed: https://gitlab.netgate.com/docs/pfSense-docs/-/commit/de41f9b6a2bb9ac5cf4d7fffe9d10c4cd39... Jim Pingle
12:15 PM pfSense Docs Correction #14601: Outdated mbuf reference in Squid Tuning doc
That section should just be removed, it hasn't been relevant for years since the defaults were increased way beyond w... Jim Pingle
05:23 PM Bug #13423 (Feedback): IPv6 neighbor discovery protocol (NDP) fails in some cases
And that's been cherry-picked to our branches as well. Future snapshot builds will have the fix. Kristof Provost
03:47 PM Bug #13423: IPv6 neighbor discovery protocol (NDP) fails in some cases
I've pushed the fix upstream in https://cgit.freebsd.org/src/commit/?id=9c9a76dc6873427b14f6c84397dd60ea8e529d8d and ... Kristof Provost
03:46 PM Bug #13423 (Waiting on Merge): IPv6 neighbor discovery protocol (NDP) fails in some cases
Preliminary fix upstream: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=233683 Marcos M
03:55 PM Bug #6799 (In Progress): Negating ``<interface> net`` when a VIP exists on the interface results in unintended behavior
Marcos M
03:54 PM Feature #14448 (Pull Request Review): Support interface groups in firewall rule source/destination fields
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/1048 Marcos M
01:12 PM Bug #14607 (Rejected): "Use remote DNS Servers, ingore local DNS" is not working properly
Can't reproduce it here, it's likely something in your setup or environment.
This site is not for support or diagn... Jim Pingle
12:51 PM Bug #14607: "Use remote DNS Servers, ingore local DNS" is not working properly
It's working fine only when disabling "DNS forwarder" and "DNS resolver" Evgeny Pankov
12:46 PM Bug #14607 (Rejected): "Use remote DNS Servers, ingore local DNS" is not working properly
Selecting "Use remote DNS Servers, ingore local DNS" takes no differ from "Use local DNS (127.0.0.1), fall back to re... Evgeny Pankov
12:05 PM Bug #14600 (Not a Bug): 2.7.0 Installation error on Oracle Cloud Infrastrucutre (OCI)
Press space to select the disk for use, as described in the documentation:
https://docs.netgate.com/pfsense/en/lat... Jim Pingle
09:12 AM Regression #14569: ``bnxt(4)`` driver errors
Where do i get the 23.09 snapshot releases? David Ludvigsson
09:10 AM Regression #14569: ``bnxt(4)`` driver errors
I replaced the NICs to get online again, but ill try in a testbuild. David Ludvigsson
01:08 AM pfSense Packages Bug #14606 (Resolved): Deleting Last BFD Profile in FRR Package Causes PHP Fatal Error
To reproduce:
1. Enable BFD in FRR.
2. Create a BFD profile (only requires a profile name).
3. Delete the BFD pr... Bill Hughes

07/23/2023

08:21 PM Bug #14604: Bugs in dhclient implementation according to RFC 2131
Flole Systems wrote in #note-1:
> The ISPs understanding of the RFC is not correct. A client does not need to wait u... Nazar Mokrynskyi
08:16 PM Bug #14604: Bugs in dhclient implementation according to RFC 2131
The ISPs understanding of the RFC is not correct. A client does not need to wait up to 10 second for a response. Flole Systems
02:11 PM Bug #14604 (New): Bugs in dhclient implementation according to RFC 2131
I had issues with one of the ISPs on pfSense and after talking to their tech support and observing what is happening ... Nazar Mokrynskyi
07:55 PM Bug #14605 (Resolved): Dynamic DNS uses the default gateway interface instead of the specified interface
Steps:
# Configure a gateway group with WAN1 (tier 1) and WAN2 (tier 2), and set it as the default system gateway.
... Marcos M
09:32 AM pfSense Plus Regression #14171: High Availability Setup with Gateway to secondary pfSense not working - No Internet
I know it's not a bug but maybe this is affecting other areas since the FreeBSD route command (as of pfSense 2.7.0) b... Kyouko M
05:38 AM Bug #14603 (Duplicate): LAGG VLAN Interfaces report parent no longer exists
LAGG VLAN interfaces report parent interface no longer exists following the parent (LAGG0) being added under interfac... Jordan G
02:30 AM pfSense Plus Feature #14594: VDOM on pfsense
Kris Phillips wrote in #note-1:
> VDOM seems like a marketing rebrand for a VRF on Fortinet. TNSR currently has thi... Conor Dang
01:59 AM pfSense Plus Feature #14594: VDOM on pfsense
VDOM seems like a marketing rebrand for a VRF on Fortinet. TNSR currently has this, but pfSense Plus does not. Kris Phillips
02:04 AM pfSense Packages Bug #14504 (Incomplete): FTP_Client_Proxy package doesn't create firewall rule
Hello,
Do you mean it doesn't create a rule from the inside interface outbound for FTP traffic? If so, typically ... Kris Phillips
01:52 AM pfSense Plus Bug #14531: Traffic Graph widget doesn't show traffic counts for OpenVPN interfaces since 23.05.1 upgrade.
So I retested this today and now I'm seeing the same results with DCO enabled. The odd thing is that there is still ... Kris Phillips
01:48 AM Bug #14518: pfSense CrashLog on 2.7.0RC Upgrade
Hello Matthew,
Please test with the release of 2.7 and let us know if you're able to reproduce this issue. Kris Phillips
01:43 AM Bug #14600: 2.7.0 Installation error on Oracle Cloud Infrastrucutre (OCI)
Santiago Nunez wrote in #note-1:
> should said: SPC-4 instead of 1:
>
> pass1: <ORACLE BlockVolume 1.0> Fixed Dir... Kris Phillips
01:27 AM pfSense Packages Bug #10502: LLDP spamming errors on Netgate XG-7100
still seeing this on 7100 running 23.05.1 lldpd 0.9.11_1 - set all protocol support to active, save... Jordan G
01:20 AM Bug #14473: Automatic gateway not updating after default deleted

it could be related to #12536 Alhusein Zawi
12:38 AM Bug #14473 (Confirmed): Automatic gateway not updating after default deleted
I can confirm this behavior on... Christopher Cope
12:55 AM pfSense Packages Bug #14498: php errors when looking at snort active rules
Jonathan Lee wrote in #note-16:
> @Christopher Cope
> I wanted to also take the time to message you and say I am so... Christopher Cope

07/22/2023

12:09 PM pfSense Packages Bug #14592 (Resolved): Issues with ACME Private Key handling
Danilo Zrenjanin
12:09 PM pfSense Packages Bug #14592: Issues with ACME Private Key handling
I couldn't reproduce any of the listed issues on the 0.7.5 Acme package.
I am marking this case resolved. Danilo Zrenjanin
10:59 AM pfSense Packages Bug #14596 (Confirmed): FreeRADIUS falsely shows its default is to save data during package reinstall
I can confirm this behavior.
Tested on:... Danilo Zrenjanin
07:22 AM Bug #14598 (Resolved): Link to view Captive Portal custom HTML page content does not work
The patch fixes it.
I am marking this ticket resolved. Danilo Zrenjanin
06:57 AM pfSense Packages Feature #14602: squidguard log search
Not sure if its possible to do with the package but if multiple categories are selected and the action is blocked, th... Mike Moore
06:52 AM pfSense Packages Feature #14602 (New): squidguard log search
Package > SquidGuard > Logs
The ability to search through the logs in the GUI. Right now there is no ability to do... Mike Moore
05:33 AM pfSense Docs Correction #14601 (Closed): Outdated mbuf reference in Squid Tuning doc
Performance Tweaks - https://docs.netgate.com/pfsense/en/latest/packages/cache-proxy/tune.html#performance-tweaks
... Mike Moore
12:41 AM Bug #14600: 2.7.0 Installation error on Oracle Cloud Infrastrucutre (OCI)
should said: SPC-4 instead of 1:
pass1: <ORACLE BlockVolume 1.0> Fixed Direct Access SPC-4 SCSI device
... Santiago Nunez
12:35 AM Bug #14600 (Not a Bug): 2.7.0 Installation error on Oracle Cloud Infrastrucutre (OCI)
I'm following this instructions to install pfSense 2.7.0 on Oracle Cloud Infrastructure
https://docs.oracle.com/en/l... Santiago Nunez

07/21/2023

07:47 PM pfSense Packages Bug #14571: PHP Error prevents LCDProc client from working properly due to empty VIP tags in config.xml
For the record, I now have an LCD with buttons and the fix I committed last week did correct the errors. Jim Pingle
07:14 PM Bug #14577: OpenVPN not removing old Cisco-AVPair anchor rules and files in ``/tmp``
I've replicated the issue with the rules/anchors which I'll be looking at. The route file itself (/tmp/<User>) is alw... Marcos M
04:49 PM Bug #14577: OpenVPN not removing old Cisco-AVPair anchor rules and files in ``/tmp``
As for the route files (e.g. /tmp/user100) I see the following:
1. When some users login, the file is removed duri... Michael Mercier
04:36 PM Bug #14577: OpenVPN not removing old Cisco-AVPair anchor rules and files in ``/tmp``
Logs from when I do the steps above:... Michael Mercier
06:36 PM Bug #14290: ICMPv6 Path MTU Discovery breaks with NPT
I can confirm I also have this exact same issue on 23.05.1-RELEASE. However, It's not just when GIF tunnels are used... John S
06:17 PM Revision a30510e8: poudriere_bulk: re-add dhcpleases6 so we build it again. Fixes #14502
Christian McDonald
06:09 PM Regression #14502: DHCPv6 Prefix Delegation (PD) not installing routes
Georgiy Tyutyunnik wrote in #note-5:
> applied the patch to no effect, no routes were added for delegated prefixes
... Christian McDonald
06:05 PM Regression #14502: DHCPv6 Prefix Delegation (PD) not installing routes
applied the patch to no effect, no routes were added for delegated prefixes
tested on:
Version 2.7.0-RELEASE (amd64... Georgiy Tyutyunnik
05:45 PM pfSense Docs Correction #14599 (Rejected): Change Interface Names in TNSR Remote Office With Existing IPsec Hub to Something Else
When you search for something like "port forward" in our documentation, rather than bringing up the NAT page, it brin... Kris Phillips
02:55 PM Bug #14598 (Feedback): Link to view Captive Portal custom HTML page content does not work
Applied in changeset commit:d536506909c89b5f42e6bf1c63cf02e723b0fb72. Jim Pingle
02:38 PM Bug #14598: Link to view Captive Portal custom HTML page content does not work
Jim,
yep, I can confirm: This fix works fine!
Best,
Volker Volker Werbus
12:58 PM Bug #14598: Link to view Captive Portal custom HTML page content does not work
Looks like the regex at source:src/usr/local/www/services_captiveportal.php#L73 isn't quite right. It won't match @vi... Jim Pingle
08:17 AM Bug #14598 (Resolved): Link to view Captive Portal custom HTML page content does not work
Hi PFSense developers,
we run about 200+ locations and recently updated around 50% of the locations to 2.7.0
We... Volker Werbus
02:44 PM Revision d5365069: Fix Captive Portal view HTML link param. Fixes #14598
The way the code regex matches the parameter it needs the extra bit on
the end so it both matches the regex and gets ... Jim Pingle
02:31 PM pfSense Packages Bug #14596: FreeRADIUS falsely shows its default is to save data during package reinstall
Stated differently, it is not possible to restore FreeRADIUS settings unless one has at some point clicked the Save b... Steve Y
03:24 AM pfSense Packages Bug #14596 (Duplicate): FreeRADIUS falsely shows its default is to save data during package reinstall
forum thread: https://forum.netgate.com/topic/181594/restore-missing-freeradius-config
A new install of FreeRADIUS... Steve Y
02:09 PM Bug #14386: ``openvpn.auth-user.php`` gets stuck at 100% CPU usage when RADIUS authentication times out
I just checked my 23.05 box and I see 5 of these runaways. I guess we'll need to update to 23.05.1 to test that... Orion Poplawski
11:12 AM Bug #14386: ``openvpn.auth-user.php`` gets stuck at 100% CPU usage when RADIUS authentication times out
Can not reproduce on 23.05.1
23.05.1-RELEASE (amd64)
built on Wed Jun 28 03:57:27 UTC 2023
FreeBSD 14.0-CURRENT aleksei prokofiev
02:03 PM pfSense Packages Bug #14315 (Resolved): Routes are not exposed on Tailscale when an empty route entry exists in the GUI
Christian McDonald
11:57 AM pfSense Packages Bug #14315: Routes are not exposed on Tailscale when an empty route entry exists in the GUI
Tested on 23.05.1 and CE 2.7.0, looks like it has been fixed, I could not reproduce.
23.05.1-RELEASE (amd64)
built ... aleksei prokofiev
12:53 PM Bug #14597: Captive Portal: Allowed IPs are not working when config is inherited from earlier versions
Hi Jim,
I already did.
The difference is the entry <dir>both</dir> is missing at the allowed IP. Looks like 2.6... Volker Werbus
12:41 PM Bug #14597: Captive Portal: Allowed IPs are not working when config is inherited from earlier versions
Can you compare the @config.xml@ contents from an older entry with a new entry to see what the difference is in the r... Jim Pingle
08:13 AM Bug #14597 (New): Captive Portal: Allowed IPs are not working when config is inherited from earlier versions
Hi PFSense developers,
we are running 200+ locations with PFSense, varoius hardware, various versions. We did a ma... Volker Werbus
12:39 PM Feature #14595 (Rejected): Enable use of aliases
Those are two wildly different use cases and shouldn't be lumped into a single feature request.
Also doing so woul... Jim Pingle
11:31 AM Bug #14325: Captive Portal incorrectly allows leading zeroes on voucher roll numbers
Checked, I confirm this behavior on 23.05.1 as well.
23.05.1-RELEASE (amd64)
built on Wed Jun 28 03:57:27 UTC 2023
... aleksei prokofiev
06:35 AM Regression #14500: PHP Error when viewing Traffic Graphs in ``iftop`` mode
Can't reproduce the issue on 23.05.1 and on 23.09-DEVELOPMENT (amd64)
built on Wed Jul 19 20:12:23 UTC 2023 Lev Prokofev

07/20/2023

10:51 PM Feature #14595 (Rejected): Enable use of aliases
If possible, it’d be useful to have the ability to use aliases for DNS servers in both ‘General Setup’ and in ‘Servic... James Chambers
05:55 PM Feature #14402: Dynamic DNS support for Porkbun
PR merged, thanks! Jim Pingle
05:40 PM Feature #14402 (Feedback): Dynamic DNS support for Porkbun
Applied in changeset commit:d9d91d5df28c235baba4bfe3cc7c792037df35c2. Nita Vesa
05:32 PM Revision d9d91d5d: Add dynamic DNS support for Porkbun DNS, closes #14402
Signed-off-by: Nita Vesa <nita.vesa@elektrik.link> Nita Vesa
04:43 PM Revision 834bb946: services_dhcp_relay.php: introduce proper shortcut section for dhcrelay
Christian McDonald
04:08 PM pfSense Packages Feature #14529: eBPFShield
https://github.com/generic-ebpf/generic-ebpf
should do the job adds kernel/user space tools
Generic eBPF run... Michael Lawrence
01:54 PM Revision 56490538: services_dhcp.php: cleanup warning notice when DHCP relay is enabled
Christian McDonald
12:53 PM Bug #14590: OpenVPN server crashes when client closes connection
me me wrote in #note-2:
> > This site is not for support or diagnostic discussion.
>
> I did not ask for support.... Jim Pingle
06:38 AM Bug #14590: OpenVPN server crashes when client closes connection
> This site is not for support or diagnostic discussion.
I did not ask for support.
> If an actionable bug can ... me me
12:52 PM pfSense Packages Bug #14560 (Resolved): NRPE does not function properly on Plus 23.09 / CE 2.7.0
Jim Pingle
07:01 AM pfSense Packages Bug #14560: NRPE does not function properly on Plus 23.09 / CE 2.7.0

Tested package 4.1 on ... Lev Prokofev
09:12 AM pfSense Packages Bug #14554: PHP Fatal error: Uncaught TypeError: Cannot access offset of type string on string
I do have some customizations in unbound, but they're not connected with dhcp (private-domain, local-zone, forward-zo... Alex Kolesnik
08:51 AM pfSense Packages Bug #14554: PHP Fatal error: Uncaught TypeError: Cannot access offset of type string on string
I set up DHCP Static Mappings in the DHCP server but couldn't replicate the issue with a fresh pfBlocker installation... Danilo Zrenjanin
09:01 AM pfSense Plus Bug #14531: Traffic Graph widget doesn't show traffic counts for OpenVPN interfaces since 23.05.1 upgrade.
Can confirm if DCO is not active, the widget shows the correct graphs Lev Prokofev
07:01 AM pfSense Plus Bug #14531: Traffic Graph widget doesn't show traffic counts for OpenVPN interfaces since 23.05.1 upgrade.
The sole distinction lies in whether the DCO option was activated or deactivated on the server. ... Danilo Zrenjanin
06:59 AM pfSense Plus Bug #14531: Traffic Graph widget doesn't show traffic counts for OpenVPN interfaces since 23.05.1 upgrade.
I tested again on a VM hosted on ProxMox with the factory default config file and the OpenVPN configured through the ... Danilo Zrenjanin
08:52 AM pfSense Packages Regression #14561: FRR errors accessing Global Settings after deleting BGP neighbor
I can confirm this behavior.
This seems to be a duplicate of https://redmine.pfsense.org/issues/14493
 Danilo Zrenjanin
08:12 AM pfSense Packages Bug #14553 (Resolved): Call to undefined function sync_package_filer()
Tested on the:... Danilo Zrenjanin
02:38 AM Bug #14593: Build.sh script failing while trying to rename the new php-pfSense-module
(Correction) The file is *builder_common.sh* not the build.sh Fabricio Guzzy
12:42 AM Bug #14593 (New): Build.sh script failing while trying to rename the new php-pfSense-module
Up to Version 2.6.0, the build.sh script could successfully rename the php-pfsense-module to be used with a different... Fabricio Guzzy
12:58 AM pfSense Plus Feature #14594 (New): VDOM on pfsense
I do not see this feature in any of the open requests but having a similar functionality to VDOM (virtual domain) on ... Conor Dang

07/19/2023

07:16 PM pfSense Packages Bug #14592 (Feedback): Issues with ACME Private Key handling
Commit: https://github.com/pfsense/FreeBSD-ports/commit/2b3c7e925fed1d53763e6d2eee5e5ab2289b4116
Packages are buil... Jim Pingle
06:40 PM pfSense Packages Bug #14592 (Resolved): Issues with ACME Private Key handling
There are some problems with private key handling in the ACME package that appear to have been ongoing for a while.
... Jim Pingle
07:12 PM Bug #14591: Restoring with different interfaces (partially?) applies changes before reboot
That does sound very similar but only one of my cases was using VLANs (restore from 4860 to a very temporary 2100 wit... Steve Y
07:01 PM Bug #14591: Restoring with different interfaces (partially?) applies changes before reboot
You are correct that this is unlikely to affect only plus. I've set it to pfSense. Steve was looking into this a bit ... Jim Pingle
05:27 PM Bug #14591: Restoring with different interfaces (partially?) applies changes before reboot
typo: deletes or adds _an_ interface Steve Y
05:26 PM Bug #14591 (New): Restoring with different interfaces (partially?) applies changes before reboot
Initial forum topic: https://forum.netgate.com/topic/181356/restore-issues-apply-changes-button-missing-save-does-not... Steve Y
05:05 PM Regression #14502: DHCPv6 Prefix Delegation (PD) not installing routes
Applied in changeset commit:892d939ee0473992abece201ed3d5d2bfdfd276f. Christian McDonald
05:00 PM Regression #14502 (Feedback): DHCPv6 Prefix Delegation (PD) not installing routes
Christian McDonald
05:01 PM Regression #14534 (Resolved): Cavium ``qlnxe`` / ``if_qlnxe`` driver is not present
Christian McDonald
04:59 PM Revision 892d939e: Restore and continue to support dhcpleases6 until Kea migration is complete. Fixes #14502
Christian McDonald
03:23 PM Bug #14450 (Closed): 23.05 fails to boot on Hyper-V after VM power off, workaround
Marcos M
03:00 PM pfSense Packages Bug #14585 (Closed): Fatal error editing acme certificates
Looking at the PHP code blocks you showed above, something must not have updated in your setup. Lines were added to i... Jim Pingle
12:58 PM Bug #14590 (Rejected): OpenVPN server crashes when client closes connection
This site is not for support or diagnostic discussion.
For assistance in solving problems, please post on the "Net... Jim Pingle
12:56 PM Bug #14590 (Rejected): OpenVPN server crashes when client closes connection
I have a OpenVPN server running on interface WAN2 which has a single OpenVPN client connecting to it.
The OpenVPN se... me me
12:52 PM pfSense Packages Feature #10462 (Resolved): CPU Temp Screen
Jim Pingle
12:51 PM pfSense Packages Feature #10462: CPU Temp Screen
Works well! Thank you very much! odo maitre
12:44 PM pfSense Packages Feature #10462 (Feedback): CPU Temp Screen
I didn't merge the original PR since other work on the package caused conflicts and made a lot of the changes unneces... Jim Pingle
12:51 PM pfSense Packages Bug #11509 (Closed): LCD package - not starting at boot - stop and start in Status Window not possible
This report is quite old and the package has had significant work done to it since then. Please try it again on pfSen... Jim Pingle
12:46 PM pfSense Packages Feature #14321: Add UPS information to LCDproc screen
It should be OK to add that in, but it would need to be made conditional. By that I mean the option for the screen sh... Jim Pingle
12:42 PM pfSense Packages Bug #14571 (Resolved): PHP Error prevents LCDProc client from working properly due to empty VIP tags in config.xml
The error as originally stated in this issue is solved. If you still have problems starting LCDProc, please post a ne... Jim Pingle
12:38 PM Bug #14589 (Rejected): Error in auto generated Gateways
I cannot reproduce the problem as stated. A disconnected and assigned client has an empty/undefined gateway and once ... Jim Pingle
06:30 AM Bug #14589 (Rejected): Error in auto generated Gateways
2.7.0: When using an OpenVPN-Client and assigning an interface to it, an ipv4 gateway is auto generated with gateway ... Chris Fokkenrood
02:26 AM pfSense Packages Feature #14588 (Resolved): Add FRR diagnostic status output plugin
Since FRR is a package and the status output does not generate information for packages, it would be really helpful f... Chris Linstruth

07/18/2023

07:15 PM pfSense Packages Bug #14585: Fatal error editing acme certificates
I just edited config.xml and added actions to my items.
It worked. I immediately got access to those items in pfS... Phil Tull
05:32 PM pfSense Packages Bug #14585: Fatal error editing acme certificates
Thanks. I'm going to try this tonight.
Perfect. Phil Tull
05:01 PM pfSense Packages Bug #14585: Fatal error editing acme certificates
Phil Tull wrote in #note-6:
> ok one more question please.
> Is it possible for me to edit the live config.xml and ... Jim Pingle
04:59 PM pfSense Packages Bug #14585: Fatal error editing acme certificates
ok one more question please.
Is it possible for me to edit the live config.xml and put in the actions (presumable to... Phil Tull
04:53 PM pfSense Packages Bug #14585: Fatal error editing acme certificates
Phil Tull wrote in #note-4:
> I'm considering your suggestion to reinstall acme.
In this case I doubt it would ma... Jim Pingle
04:15 PM pfSense Packages Bug #14585: Fatal error editing acme certificates
I'm considering your suggestion to reinstall acme.
Would that require me to rebuild all my acme settings?
I wonder ... Phil Tull
04:10 PM pfSense Packages Bug #14585 (New): Fatal error editing acme certificates
OK, you mean no actions defined in the list in the cert entry -- I thought you meant they showed no action icons in t... Jim Pingle
03:41 PM pfSense Packages Bug #14585: Fatal error editing acme certificates
Yes, I'm in the config.xml and it looks perfectly normal to me. I'll attach an example entry.
Consider this...
<p... Phil Tull
02:42 PM pfSense Packages Bug #14585 (Feedback): Fatal error editing acme certificates
Sounds like you have a corrupted/incomplete certificate entry in the configuration that is leading to the errors, but... Jim Pingle
01:22 AM pfSense Packages Bug #14585 (Closed): Fatal error editing acme certificates
After updating pfSense from 2.6.0 to 2.7.0, cannot manage acme certificates IF the certificate has NO actions.
Acme ... Phil Tull
04:55 PM Bug #14587: Firewall Log Sort By Time
Brian Shell wrote in #note-2:
> Setting the logging to RFC-5424 does indeed work around the issue, thank you. I don... Jim Pingle
04:22 PM Bug #14587: Firewall Log Sort By Time
Setting the logging to RFC-5424 does indeed work around the issue, thank you. I don't have the programming skills to... Brian Shell
03:24 PM Bug #14587: Firewall Log Sort By Time
The sortable table code is usually smart enough to pick up on date fields but apparently not in this case. When the l... Jim Pingle
03:14 PM Bug #14587 (New): Firewall Log Sort By Time
When viewing the System Logs > Firewall, and trying to sort by Time with newest first, it appears the sort is working... Brian Shell
03:14 PM Bug #14579: PHP error in ``handle_wireless_post()`` when toggling some wireless interface options
The same could happen on CE, not just Plus. There are several places there for that and other settings nearby which c... Jim Pingle
03:09 PM pfSense Plus Feature #14582 (Not a Bug): Interfaces/Interface Assignments wireless MAC missing
That is intentional. Those are not wireless interfaces directly, but virtual "clones" of a wireless interface (VAPs).... Jim Pingle
03:07 PM pfSense Docs Todo #14580 (Closed): Feedback on Installing and Upgrading — Prepare Installation Media
I added a warning on https://docs.netgate.com/pfsense/en/latest/install/download-installer-image.html in two places -... Jim Pingle
02:45 PM pfSense Packages Bug #14553 (Feedback): Call to undefined function sync_package_filer()
Request merged. Jim Pingle
02:36 PM pfSense Packages Feature #14583: Add LiveKit package
In my opinion, I don't believe this package, essentially being a video conference server, is a good fit for running o... Jim Pingle
02:36 PM Bug #14576: "Convert interface definitions" option is not respected when bulk copying rules
I had apply the patch, now I can see the difference.
Fixed, thanks guys!!! Peter Moreno
01:03 PM Bug #14576: "Convert interface definitions" option is not respected when bulk copying rules
Peter Moreno wrote in #note-3:
> How to apply the patch to 2.7-Release?
> Regards!!
You can install the "System ... Jim Pingle
03:32 AM Bug #14576: "Convert interface definitions" option is not respected when bulk copying rules
How to apply the patch to 2.7-Release?
Regards!! Peter Moreno
01:00 PM Bug #14584 (Rejected): Report a Bug.
We cannot accept bug reports against past versions, only against the current release, which is either Plus 23.05.1 or... Jim Pingle
12:58 PM pfSense Packages Feature #14101 (Resolved): Add Zabbix 6.4 packages
Jim Pingle
12:57 PM pfSense Plus Bug #14531: Traffic Graph widget doesn't show traffic counts for OpenVPN interfaces since 23.05.1 upgrade.
There is likely some other configuration factor contributing here then, such as tun/tap, subnet size, topology, etc. ... Jim Pingle
12:55 PM Todo #14581 (Resolved): CE 2.7.0 release branch missing on GitHub repository
Jim Pingle
10:30 AM Todo #14581: CE 2.7.0 release branch missing on GitHub repository
Noah Jacobson wrote:
> pfSense CE 2.7.0 has been released however there is no branch for it on the public GitHub. Th... Noah Jacobson
12:22 PM Bug #14577: OpenVPN not removing old Cisco-AVPair anchor rules and files in ``/tmp``
I have been able to reproduce the issue, some details below.
My OpenVPN server has the @Allow connected clients to... Michael Mercier
05:30 AM pfSense Plus Bug #14586 (Resolved): Adding an IP Alias VIP using a unicast CARP VIP as its parent changes the CARP VIP to multicast at the OS level
Adding IP Alias to a unicast CARP VIP results in the CARP VIP being reconfigured to multicast. Reapplying (i.e. savin... James George

07/17/2023

08:27 PM Revision d605ac4d: dhcpd: re-add devfs to dhcpd chroot (BPF needs it)
Christian McDonald
08:16 PM Revision 7ddc0080: dhcpd: remove unnecessary paths from dhcpd chroot
Christian McDonald
07:22 PM Feature #14483: Conditionally reconfigure IPsec VTI interfaces only when necessary while applying IPsec changes
Just wanted to follow up to say that my testing has observed similar findings as well. Apologies for the late reply.... Mike Moore
05:56 PM Bug #14584 (Rejected): Report a Bug.
https://forum.netgate.com/topic/181585/report-a-bug
Hello everyone, thank you for accepting me I did a clean insta... e ok
04:39 PM pfSense Packages Bug #14571: PHP Error prevents LCDProc client from working properly due to empty VIP tags in config.xml
Soren Pedersen wrote in #note-7:
> @Jim Pringle:
>
> I installed the updated version of LCDProc on PFsense 2.7.0 ... Jim Pingle
04:33 PM pfSense Packages Bug #14571: PHP Error prevents LCDProc client from working properly due to empty VIP tags in config.xml
@Jim Pringle:
I installed the updated version of LCDProc on PFsense 2.7.0 and the service still refuses to start. Re... Soren Pedersen
03:32 PM Bug #14574 (Resolved): Firewall rules are not displayed properly when they reference a URL table alias and its file does not exist
Marcos M
03:14 PM pfSense Packages Feature #14583: Add LiveKit package
PR link => https://github.com/pfsense/FreeBSD-ports/pull/1273 Andrés Manelli
01:00 PM pfSense Packages Feature #14583 (Pull Request Review): Add LiveKit package
This is to add the LiveKit server as a pfSense package and configuration UI.
I created a pull request in GitHub wi... Andrés Manelli
02:45 PM pfSense Packages Regression #14445: HAProxy PHP error /usr/local/www/haproxy/haproxy_global.php:138
I'm experiencing this regression on CE 2.7 when trying to de-activate HA Proxy. If I then refresh the browser, I am a... Alex Neihaus
09:37 AM Revision dc57795c: Unset DPCRE2/SPCRE2 options for haproxy-devel
Fix build failure:
====> You cannot select multiple options from the PCRE radio
=====> Only one of th... Kristof Provost
08:06 AM pfSense Plus Bug #14005: SFP Interfaces not available with Traffic Shaper in v23.01
Hi Chris, Yes, I was booting between different snapshots v22.05 and then 23.01. The Netgates have been updated to 23.... Brendon Flint
02:27 AM pfSense Packages Bug #14532: Error is logged every time a domain in the DNSBL is temporarily unlocked or re-locked
After doing some more testing on this, I also get the results you reported, i.e., nothing gets logged to py_errors.lo... Derek Fong
02:06 AM pfSense Plus Feature #14582 (Not a Bug): Interfaces/Interface Assignments wireless MAC missing
hello fellow redmine members,
I noticed that wireless interfaces do not list their mac address. Please see attached. Jonathan Lee

07/16/2023

11:47 PM Todo #14581 (Resolved): CE 2.7.0 release branch missing on GitHub repository
pfSense CE 2.7.0 has been released however there is no branch for it on the public GitHub. The @master@ branch has al... Noah Jacobson
11:45 AM pfSense Plus Bug #13348 (Resolved): Error when deleting ZFS Boot Environment created from duplicate of non-default entry
Christian McDonald
02:45 AM pfSense Plus Bug #13348: Error when deleting ZFS Boot Environment created from duplicate of non-default entry
Tested on July 10th builds of 23.09. Following Marcos' steps, I'm not able to reproduce this bug, so looking fixed. Kris Phillips
05:41 AM pfSense Docs Todo #14580 (Closed): Feedback on Installing and Upgrading — Prepare Installation Media
*Page:* https://docs.netgate.com/pfsense/en/latest/install/prepare-installer-media.html
*Feedback:* for verifying ... Eric Kurman
02:37 AM pfSense Plus Bug #14531: Traffic Graph widget doesn't show traffic counts for OpenVPN interfaces since 23.05.1 upgrade.
I tested this with AES-128-GCM and DCO enabled and the Status --> Traffic Graphs still show traffic normally for me. ... Kris Phillips
02:27 AM Regression #14569: ``bnxt(4)`` driver errors
Hello,
Are you able to test this in the 23.09 snapshots to see if this issue is resolved? Kris Phillips
02:20 AM Bug #14579: PHP error in ``handle_wireless_post()`` when toggling some wireless interface options
Tested this on 23.09 DEVELOPMENT builds. I'm not able to reproduce this, so either something else is needed to recre... Kris Phillips
02:04 AM pfSense Packages Bug #14562: PHP error when trying to run OSPF and BGP in the same time

is there a specific configuration in OSPF/BGP? Alhusein Zawi
12:39 AM pfSense Packages Bug #14553 (Pull Request Review): Call to undefined function sync_package_filer()
Thank you for the bug report. I have tested and confirmed the issue. A merge request is created so this fix will be a... Christopher Cope

07/15/2023

09:11 PM Bug #14548 (Resolved): ``status_logs_filter_dynamic.php`` does not encode value of ``interfacefilter`` in raw mode
Tested on... Christopher Cope
09:04 PM pfSense Plus Bug #14005: SFP Interfaces not available with Traffic Shaper in v23.01
I presume you're booting between different ZFS snapshots, correct? If you upgrade or reflash to 23.05.1, does it beha... Chris W
08:15 PM pfSense Packages Feature #14101: Add Zabbix 6.4 packages
the package is added .
23.05.1-RELEASE (amd64)
built on Wed Jun 28 03:57:27 UTC 2023
FreeBSD 14.0-CURRENT Alhusein Zawi
07:45 PM pfSense Plus Bug #13348: Error when deleting ZFS Boot Environment created from duplicate of non-default entry
I was able to create a new boot environment, clone it and remove the original as described above on 23.09.a.20230710.... Jordan G
07:26 PM pfSense Plus Regression #14436: Upgrades from 23.05-RC/beta/dev fail server authentication
seeing some different choices in the branch selection just when cycling Jordan G
06:39 PM pfSense Packages Bug #14532 (Not a Bug): Error is logged every time a domain in the DNSBL is temporarily unlocked or re-locked
What pfSense and pfBlocker versions are you using?
I'm unable to replicate this on pfSense Plus 23.05.1 with pfBlo... Chris W
05:50 PM Bug #14574: Firewall rules are not displayed properly when they reference a URL table alias and its file does not exist
Using above changeset on 23.05.1 restoring a firewall rule that references a non-existent alias produces a notificati... Jordan G
08:29 AM pfSense Plus Bug #14531: Traffic Graph widget doesn't show traffic counts for OpenVPN interfaces since 23.05.1 upgrade.
I ran another test and this time, I disabled DCO. The traffic Graph widget was showing traffic.
The problem only oc... Danilo Zrenjanin
07:32 AM pfSense Packages Bug #14530 (Confirmed): Suricata 6.0.13 package interface settings
Danilo Zrenjanin
06:58 AM pfSense Plus Bug #14563 (Resolved): System Log - General Log Order Setting is not being respected when using Raw Logs
Tested the patch against:... Danilo Zrenjanin
12:38 AM Bug #14579 (Resolved): PHP error in ``handle_wireless_post()`` when toggling some wireless interface options
Hello fellow redmine community members. I found a php error when I change SSID to hidden. WiFi card works otherwise.
... Jonathan Lee

07/14/2023

10:37 PM Feature #14448 (In Progress): Support interface groups in firewall rule source/destination fields
Marcos M
07:07 PM pfSense Packages Bug #14571 (Feedback): PHP Error prevents LCDProc client from working properly due to empty VIP tags in config.xml
This should be fixed now. I don't have a panel with buttons to test it (yet, it's on the way) but I see why it was fa... Jim Pingle
12:21 PM pfSense Packages Bug #14571 (In Progress): PHP Error prevents LCDProc client from working properly due to empty VIP tags in config.xml
I have some ideas on why the button calls are hitting that error, I'll work on it some more.
Good to know the othe... Jim Pingle
02:51 AM pfSense Packages Bug #14571: PHP Error prevents LCDProc client from working properly due to empty VIP tags in config.xml
I've updated to the newest package and life is good again. thank you Cino .
05:15 PM Bug #14577: OpenVPN not removing old Cisco-AVPair anchor rules and files in ``/tmp``
Does OpenVPN need to be restarted after applying the patch? If so I will need to book a maintenance window for it to... Michael Mercier
02:53 PM Bug #13327 (Resolved): Valid OpenVPN client connections rejected due to extraneous output to ovpn_auth_verify
Jim Pingle
02:03 PM Bug #13327: Valid OpenVPN client connections rejected due to extraneous output to ovpn_auth_verify
I just tested with CE 2.7. I confirmed that my [[patch: https://redmine.pfsense.org/issues/13327#note-5]] is no longe... Brian Martin
12:18 PM pfSense Packages Bug #13343 (Resolved): HAproxy cookie protection syntax needs updated
Jim Pingle
05:51 AM pfSense Packages Bug #13343: HAproxy cookie protection syntax needs updated
Hello,
it works now together with the haproxy version 0.61_11.
Thanks!
 Johannes Goldynia
09:20 AM Bug #14576 (Resolved): "Convert interface definitions" option is not respected when bulk copying rules
Tested the patch against:... Danilo Zrenjanin
08:59 AM Bug #14524 (Resolved): Cannot select IP Alias VIP with CARP VIP parent in Virtual IP drop-down on Gateway Groups
I have conducted tests on both versions 23.05 and 23.05.1 and can confirm that the patch is functioning properly as a... Danilo Zrenjanin
01:02 AM pfSense Packages Feature #14032: Neighbor Discovery Proxy (NDproxy)
There is a growing need for this with more providers sticking us with /64. It's understandable that this wouldn't be ... spoon spoon

07/13/2023

10:45 PM pfSense Packages Bug #14571: PHP Error prevents LCDProc client from working properly due to empty VIP tags in config.xml
Seeing some errors when trying to use the Reboot or Shutdown functions from the LCD buttons:... Steve Wheeler
07:50 PM pfSense Packages Bug #14571 (Feedback): PHP Error prevents LCDProc client from working properly due to empty VIP tags in config.xml
Fixed in the new version of the package I just committed. Will be available once the package builds finish.
 Jim Pingle
10:20 PM Bug #14577 (Feedback): OpenVPN not removing old Cisco-AVPair anchor rules and files in ``/tmp``
The duplicate connections are disconnected automatically after the timeout period, at which point the related files/r... Marcos M
09:18 PM Bug #14577: OpenVPN not removing old Cisco-AVPair anchor rules and files in ``/tmp``
Yes, the "duplicate" @ovpn_ovpns1_<user>_<port>.rules@ differ by port number, multiple connections are *not* enabled ... Michael Mercier
07:00 PM Bug #14577: OpenVPN not removing old Cisco-AVPair anchor rules and files in ``/tmp``
I presume the "duplicate" @ovpn_ovpns1_<user>_<port>.rules@ files differ by port number, in which case it'd mean the ... Marcos M
02:49 PM Bug #14577 (Needs Patch): OpenVPN not removing old Cisco-AVPair anchor rules and files in ``/tmp``
Hello,
I am seeing duplicate @ovpn_ovpns1_<user>_<port>.rules@ files in the /tmp directory, and I also see duplica... Michael Mercier
07:54 PM pfSense Packages Bug #14406: Squid Proxy version 0.4.46 Missing Error subfolder and files for "en" or "en-usa" and all other languages.
Hello,
I wanted to add an issue I am experiencing with Squid plugin version 0.4.46.
I am not sure if this iss... K Puleston
05:29 PM Feature #14265 (Resolved): Option to invalidate GUI login session if the client address changes
I've just tested again applying the patch on a clean install. It works as expected.
Tested against:... Danilo Zrenjanin
03:35 PM Bug #14574 (Feedback): Firewall rules are not displayed properly when they reference a URL table alias and its file does not exist
Applied in changeset commit:2aba9f00f3b4fc179153f2bc77fca61ec373e372. Marcos M
03:35 PM Bug #13068 (Feedback): Firewall rules fail to load when a URL table alias file does not exist
Applied in changeset commit:3789fca8088be8df178266d899a9261385752469. Marcos M
03:24 PM Revision 2aba9f00: Don't fetch contents of nonexistent URL aliases. Fix #14574
Marcos M
03:24 PM Revision 3789fca8: Validate all URL alias types when expanding URL aliases. Fix #13068
Marcos M
03:03 PM pfSense Packages Bug #13343 (Feedback): HAproxy cookie protection syntax needs updated
PR merged, thanks!
Packages are building for Plus 23.05.1 and CE 2.7.0, they will be available shortly.
 Jim Pingle
01:53 PM pfSense Packages Todo #14202 (Resolved): Rename exported OpenVPN connect files as "connect" rather than "ios"
This has been available for Plus 23.05.1 and CE 2.7.0 for several days with no reports of trouble.
We can open new... Jim Pingle
01:53 PM pfSense Packages Todo #13255 (Resolved): Set PKCS#12 algorithm when exporting OpenVPN ZIP or Windows bundles
This has been available for Plus 23.05.1 and CE 2.7.0 for several days with no reports of trouble.
We can open new... Jim Pingle
01:52 PM pfSense Packages Todo #13917 (Resolved): OpenVPN Client Export: Integrate OpenVPN 2.6.0
This has been available for Plus 23.05.1 and CE 2.7.0 for several days with no reports of trouble.
We can open new... Jim Pingle
01:36 PM pfSense Docs New Content #14573 (Resolved): Add a warning to ZFS users not to upgrade the ZFS pool beyond what the bootloader supports
Note added and deployed: https://gitlab.netgate.com/docs/pfSense-docs/-/commit/a8e1b3f931cac290e3edfad77f529e9c6fcbe92a Jim Pingle
12:50 PM Bug #14576 (Feedback): "Convert interface definitions" option is not respected when bulk copying rules
Applied in changeset commit:77e168861ba43b3d6290df07fc04481c09174b28. Jim Pingle
12:41 PM Bug #14576 (Resolved): "Convert interface definitions" option is not respected when bulk copying rules
When using the "Copy" button to bulk copy rules from one interface to another, the "Convert interface definitions" op... Jim Pingle
12:43 PM Revision 77e16886: Correct JS for bulk rule copy convertif. Fixes #14576
Jim Pingle
12:12 PM Bug #14575 (Duplicate): Renewing the pppoe WAN cause crash if the Tailscale enabled
The backtrace here is identical to #14431 and given the way the problem is stated seems highly likely to be the same ... Jim Pingle
07:07 AM Bug #14575 (Duplicate): Renewing the pppoe WAN cause crash if the Tailscale enabled
Steps to reproduce:
Install and enable Tailscale
In Status=>Interfaces On the WAN interface, click on Disconnect ... Lev Prokofev
07:28 AM pfSense Packages Feature #14321: Add UPS information to LCDproc screen
Geo Rou wrote:
> Hi,
>
> I'd like to add a new screen to LCDproc that reads the UPS information from NUT.
Jus... odo maitre

07/12/2023

10:44 PM Bug #14574 (Pull Request Review): Firewall rules are not displayed properly when they reference a URL table alias and its file does not exist
Fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/1047 Marcos M
10:28 PM Bug #14574 (Resolved): Firewall rules are not displayed properly when they reference a URL table alias and its file does not exist
Steps to reproduce:
# Disconnect pfSense from the internet.
# Restore a config with a URL IP or Port alias which do... Marcos M
10:44 PM Bug #13068 (Pull Request Review): Firewall rules fail to load when a URL table alias file does not exist
This occurs when the related file under @/var/db/aliastables/@ does not exist. I found a related bug while troublesho... Marcos M
05:22 PM pfSense Docs New Content #14573 (Resolved): Add a warning to ZFS users not to upgrade the ZFS pool beyond what the bootloader supports
Speifically in the 2.7 release notes where an unwary user can hit this:
https://docs.netgate.com/pfsense/en/latest/r... Steve Wheeler
04:30 PM pfSense Packages Bug #14572 (Resolved): Unused DNSBL files may not be removed
Hi,
I get the following crash report:... Jove Too
03:28 PM pfSense Packages Bug #14560 (Feedback): NRPE does not function properly on Plus 23.09 / CE 2.7.0
Updated package committed on devel branches and also to RELENG_2_7_0, should be available soon on CE 2.7.0 and in dev... Jim Pingle
01:32 PM pfSense Packages Bug #14560 (In Progress): NRPE does not function properly on Plus 23.09 / CE 2.7.0
Some care will be needed here since CE 2.7.0 apparently has the OS package nrpe-4.1.0 while Plus 23.05.1 has nrpe3-3.... Jim Pingle
02:48 PM pfSense Packages Bug #14571 (Resolved): PHP Error prevents LCDProc client from working properly due to empty VIP tags in config.xml
Since the latest pfSense update, the LCDproc client is unable to connect to the LCDproc server. I can confirm LCDproc... Cino .
02:15 PM pfSense Docs Correction #14511: Dynamic Routing over WireGuard
Hi Jim,
Did you manage to test my thesis in a lab? Mike Moore
12:26 PM pfSense Packages Regression #14452: Prometheus node_exporter generates errors with the default config
Confirmed this also affects the 2.7 package:
https://forum.netgate.com/topic/180575/node_exporter-is-not-working-pr... Steve Wheeler
09:41 AM Regression #14570 (Duplicate): Broadcom NetXtreme interfaces (bnxt) driver issue in 23.05.1
Duplicate of https://redmine.pfsense.org/issues/14569 Danilo Zrenjanin
09:18 AM Regression #14570 (Duplicate): Broadcom NetXtreme interfaces (bnxt) driver issue in 23.05.1
Broadcom NetXtreme interfaces don't work in 23.05.1
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=269133 Danilo Zrenjanin
09:38 AM pfSense Plus Bug #14531: Traffic Graph widget doesn't show traffic counts for OpenVPN interfaces since 23.05.1 upgrade.
In my case:
DCO enabled
Tun mode
Platform 5100
 Lev Prokofev
09:11 AM Regression #14569: ``bnxt(4)`` driver errors
wrong link, heres the correct one.
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=269133 David Ludvigsson
09:09 AM Regression #14569 (Closed): ``bnxt(4)`` driver errors
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=236983 happening on both pfsense CE 2.7 and plus 23.5.1.
sample ... David Ludvigsson

07/11/2023

09:52 PM pfSense Packages Bug #13489 (Resolved): Tailscale Exit node without IPv6 connectivity break connections with Chromium based browser
We are up to Tailscale v1.44.
> Tailscale 1.30.1 has been released which includes the fix for this issue. The upda... Christian McDonald
09:35 PM Feature #11369 (Resolved): add Enabling IPv6 Source Address Validation support
This is now enabled by default after the move to FreeBSD 14. Marcos M
09:08 PM pfSense Packages Bug #13515: Snort with PHP 8.1 - TypeError when saving edits to an interface
I am still seeing this error in 2.7.0-RELEASE.... Jove Too
07:56 PM Revision 5a2d873b: ipsec: correct typo in var name when modifying p1s
Reid Linnemann
03:44 PM pfSense Docs Todo #14564 (Closed): Feedback on Releases — 22.05/22.05.1 New Features and Changes (add note for 2100)
Corrected and deployed:
https://gitlab.netgate.com/docs/pfSense-docs/-/commit/370c2215edefe68c74f1d5326604df23f7a5... Jim Pingle
03:43 PM Bug #14567 (Rejected): Traffic flow since upgrade from 2.5 to 2.6
This site is not for support or diagnostic discussion.
For assistance in solving problems, please post on the "Net... Jim Pingle
03:42 PM Bug #14567 (Rejected): Traffic flow since upgrade from 2.5 to 2.6
Since upgrading from 2.5 to 2.6 http will flow from LAN interface into our IIS interface hit our IIS servers and repl... Rob Woodcock
09:10 AM pfSense Packages Bug #14554: PHP Fatal error: Uncaught TypeError: Cannot access offset of type string on string
By reading /usr/local/pkg/pfblockerng/pfblockerng.inc it seems a few more lines down this part might be affected as w... Buster de

07/10/2023

10:22 PM Regression #14026: HA node with CARP VIP in backup state is unable to ping the active node using that CARP VIP address
For reference:
This is due to source validation which is now being enabled by default. To return the previous behavi... Marcos M
08:13 PM pfSense Packages Bug #14560: NRPE does not function properly on Plus 23.09 / CE 2.7.0
Thank you all!
> So to re-summarize, these -5- 6 changes appear to restore 100% functionality from the previous rele... Tom Huerlimann
05:25 PM pfSense Packages Bug #14560: NRPE does not function properly on Plus 23.09 / CE 2.7.0
@TomTheOne: I'd suggest rebooting after making the five changes I listed above. nrpe3.sh definitely seems to get gene... Jeff Morris
05:12 PM pfSense Packages Bug #14560: NRPE does not function properly on Plus 23.09 / CE 2.7.0
Ok, I think I've got this figured out... nrpe3.sh gets automatically generated, so disregard my previous comment rega... Jeff Morris
05:06 PM pfSense Packages Bug #14560: NRPE does not function properly on Plus 23.09 / CE 2.7.0
In my case, nrpe is already running by manually starting the service via start-script in /usr/local/etc/rc.d/nrpe.
I... Tom Huerlimann
04:44 PM pfSense Packages Bug #14560: NRPE does not function properly on Plus 23.09 / CE 2.7.0
Sorry for the confusion Tom. Those changes do indeed fix it on my system, but after seeing your comment I just did so... Jeff Morris
04:18 PM pfSense Packages Bug #14560: NRPE does not function properly on Plus 23.09 / CE 2.7.0
Thank you
> So in summary, these 4 changes appear to restore 100% functionality from the previous release:
>
> /... Tom Huerlimann
04:07 PM pfSense Packages Bug #14560: NRPE does not function properly on Plus 23.09 / CE 2.7.0
Two more notes:
(1) At least on my system, the command="/usr/local/sbin/nrpe" change had to be made to /usr/local/... Jeff Morris
03:37 PM pfSense Packages Bug #14560: NRPE does not function properly on Plus 23.09 / CE 2.7.0
In addition to the daemon name being changed from nrpe3 to nrpe, I've noticed that the associated check command has a... Jeff Morris
07:27 PM pfSense Packages Bug #14566 (Confirmed): Softlflowd package don't send ICMP flows
I am using the softflowd package v.1.2.6_1 on pfsense v.2.7.0
Apparently icmp traffic is not sent from the sensor to... Yuran Yastreb
04:00 PM Bug #14565 (Duplicate): php crash when killing openvpn session
Duplicate of #12817 which is fixed in 2.7.0.
 Jim Pingle
03:59 PM Bug #14565 (Duplicate): php crash when killing openvpn session
Hi,
I just copy/paste the crash report here. This is a regression from 2.5.x... abk imp
03:43 PM pfSense Docs Todo #14564 (Closed): Feedback on Releases — 22.05/22.05.1 New Features and Changes (add note for 2100)
*Page:* https://docs.netgate.com/pfsense/en/latest/releases/22-05.html
*Feedback:*
Per https://forum.netgate.com/... Steve Y
02:26 PM Regression #14374: Static ARP entries are not configured at boot
Yeah I just tested this on my 2.7 and working..
I posted details of the test here.
https://forum.netgate.com/po... JohnPoz _
02:04 PM Regression #14374: Static ARP entries are not configured at boot
ARAMP1 _ wrote in #note-22:
> Does not appear to work on 2.7.0.
It works on 2.7.0 in my testing here. You will ne... Jim Pingle
01:46 PM Regression #14374: Static ARP entries are not configured at boot
Does not appear to work on 2.7.0. ARAMP1 _
01:04 PM Regression #14374 (Resolved): Static ARP entries are not configured at boot
Jim Pingle
01:15 PM pfSense Plus Bug #14563 (Feedback): System Log - General Log Order Setting is not being respected when using Raw Logs
Applied in changeset pfsense:commit:7f7d0165a37f0d7d2e0e8e5d1bd4ab2e35fc8ab8. Christopher Cope
01:06 PM pfSense Packages Bug #14559 (Duplicate): nrpe 3.1_6 service control broken on pfSense 2.7.0
Jim Pingle
01:05 PM Bug #14462 (Resolved): Breadcrumb path missing on ``system_register.php``
Jim Pingle
 

Also available in: Atom