Project

General

Profile

Activity

From 07/27/2023 to 08/25/2023

08/25/2023

08:56 PM pfSense Packages Bug #14426 (Pull Request Review): PHP errors in Lightsquid
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/353 Marcos M
08:10 PM pfSense Packages Regression #13984 (Resolved): PHP errors with squid
Marcos M
08:04 PM Bug #14717 (Resolved): A default route can remain after setting the default gateway to None
pfsense v23.05.01 Always automatically set static default ipv6 to pppoe wan.because i have run frr ipv6 bgp, when i h... yon Liu
05:41 PM pfSense Docs Correction #14639 (Resolved): Multiple email address notification
Note added and deployed.
https://gitlab.netgate.com/docs/pfSense-docs/-/commit/f2f85861b0ccd82cd19d9b4f72c17cf2be6... Jim Pingle
05:30 PM pfSense Docs Todo #14716 (Resolved): Update the squid help link URL
Fixed. There were several that were wrong.
https://gitlab.netgate.com/docs/pfSense-docs/-/commit/2d75de5525ca68375... Jim Pingle
04:24 PM pfSense Docs Todo #14716 (Resolved): Update the squid help link URL
The squid package help link (@help.php?page=squid.xml@) redirects to an unrelated page:
https://docs.netgate.com/pfs... Marcos M
04:43 PM Regression #14709 (Resolved): Patch to disable procctl in pkg is missing
Patch is restored Christian McDonald
12:09 AM Regression #14709 (Resolved): Patch to disable procctl in pkg is missing
The patch to remove procctl in pkg is missing. This is needed to prevent child processes being killed which is used i... Marcos M
04:19 PM pfSense Docs Todo #14658 (Resolved): Update firewall/NAT rule source/destination field references
https://gitlab.netgate.com/docs/pfSense-docs/-/merge_requests/59 Marcos M
04:13 PM pfSense Packages Bug #14714: HAProxy Agent Check
Bug No 2 is now described in Bug #14715 Jacques Bourdeau
03:56 PM pfSense Packages Bug #14714: HAProxy Agent Check
Jacques Bourdeau wrote in #note-2:
> Jim Pingle wrote in #note-1:
> > Please create a separate issue entry for each... Jim Pingle
03:46 PM pfSense Packages Bug #14714: HAProxy Agent Check
Jim Pingle wrote in #note-1:
> Please create a separate issue entry for each problem, even if they appear to be rela... Jacques Bourdeau
03:21 PM pfSense Packages Bug #14714: HAProxy Agent Check
Please create a separate issue entry for each problem, even if they appear to be related.
 Jim Pingle
03:03 PM pfSense Packages Bug #14714 (New): HAProxy Agent Check
For my load balancing, I ended up needing to use Agent-based checks in HAProxy.
I configured it in my pfSense+ (23... Jacques Bourdeau
04:06 PM pfSense Packages Bug #14715 (New): HAProxy Agent-Check are not enabled in the config despite being checked in the UI
Related to Bug #14714 which also does not populate the config file properly for agent-check based monitoring in HAPro... Jacques Bourdeau
04:01 PM pfSense Packages Feature #14710: Possible Idea for new firewall feature "ACL CONNECTED RED LED FLAG FEATURE"
If anyone knows of a more efficient want to poll the state table, please let me know.
Have a good day Jonathan Lee
03:59 PM pfSense Packages Feature #14710: Possible Idea for new firewall feature "ACL CONNECTED RED LED FLAG FEATURE"
Here is a photo of testing with the three LEDs enabled when rule 79 went active.
Does the state table counters als... Jonathan Lee
03:49 PM pfSense Packages Feature #14710: Possible Idea for new firewall feature "ACL CONNECTED RED LED FLAG FEATURE"
I wonder if there is another way to do it maybe with the active state tables counters. Thanks for looking into this i... Jonathan Lee
03:27 PM pfSense Packages Feature #14710: Possible Idea for new firewall feature "ACL CONNECTED RED LED FLAG FEATURE"
I don't see anything like that being added to the base system, but maybe someone might design a package around it.
... Jim Pingle
04:54 AM pfSense Packages Feature #14710: Possible Idea for new firewall feature "ACL CONNECTED RED LED FLAG FEATURE"
Side note, I recently learned "The Air force one Executive Phone has a light on the back that lights up red when secu... Jonathan Lee
02:03 AM pfSense Packages Feature #14710: Possible Idea for new firewall feature "ACL CONNECTED RED LED FLAG FEATURE"
pfctl -vvss| grep '192.168.1.11' would work great too as it would be IP address based not rule based
also
pfctl -vv... Jonathan Lee
01:26 AM pfSense Packages Feature #14710: Possible Idea for new firewall feature "ACL CONNECTED RED LED FLAG FEATURE"
The capability is you can take any rule ID you have that establishes a connection and you could configure it to be us... Jonathan Lee
01:12 AM pfSense Packages Feature #14710 (New): Possible Idea for new firewall feature "ACL CONNECTED RED LED FLAG FEATURE"
Hello fellow Netgate pfSense Redmine community members,
I wanted to share this with you all to see if this is any... Jonathan Lee
02:37 PM Bug #14613: Incorrect wireguard control panel status management
You can only enable wiregtuard by starting it in the web gui.
After starting with the script /usr/local/bin/php_wg -... hao zhang
02:07 PM Bug #14613: Incorrect wireguard control panel status management
After running
/usr/local/bin/php_wg -f /usr/local/pkg/wireguard/includes/wg_service.inc stop
fstat shows that /var... hao zhang
02:06 PM Bug #14613: Incorrect wireguard control panel status management
I checked /var/run/wireguardd.pid before rebooting and it was 22536.
After that I rebooted the pfsense.
After reboo... hao zhang
12:58 PM Bug #14613: Incorrect wireguard control panel status management
I do it manually with ssh
/usr/local/bin/php_wg -f /usr/local/pkg/wireguard/includes/wg_service.inc stop
then web... hao zhang
12:40 PM Bug #14613: Incorrect wireguard control panel status management
I reinstalled pfsense and ran into this problem again
I have 3 tunnel, 5 peers and each tunnel is assigned interface... hao zhang
02:37 PM Bug #14691 (Resolved): Separators get shifted when copying firewall rules between interfaces
Tested against:... Danilo Zrenjanin
01:35 PM Regression #14713 (Feedback): Mobile IPsec not allocating address to connecting clients on dev snapshots
Applied in changeset commit:ceea1bd07b25ecb3061f3eda1a5137d2ead8311d. Jim Pingle
01:28 PM Regression #14713: Mobile IPsec not allocating address to connecting clients on dev snapshots
This regressed in a recent rector refactoring ( commit:264198a5a69c0ea45726ccb4c0682f1f0cd5e8a9 ), some references to... Jim Pingle
12:43 PM Regression #14713 (Resolved): Mobile IPsec not allocating address to connecting clients on dev snapshots
This regressed since the previous release at some point. Mobile client attempts to connect but is unable to obtain an... Jim Pingle
01:25 PM Revision ceea1bd0: Mobile IPsec settings PHP refactor corrections. Fixes #14713
Jim Pingle
01:17 PM pfSense Packages Feature #14712: CrowdSec package
e ok wrote:
> I think is not necessary another IPS, but I leave here If something consider that is more robust or go... Marco Mariani
12:32 PM pfSense Packages Feature #14712 (New): CrowdSec package
I think is not necessary another IPS, but I leave here If something consider that is more robust or good tan Snort or... e ok
12:26 PM Revision 67dc6377: Tweak formatting of SMTP notifications
Jim Pingle
06:58 AM Regression #14569 (Feedback): ``bnxt(4)`` driver errors
I've cherry-picked the upstream fixes (see https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=269133) into our branche... Kristof Provost
06:30 AM pfSense Packages Bug #14711 (Resolved): pfBlocker ASN to IP Address option doesn't work
pfBlocker relies on Team Cymru IP to ASN Lookup v1.0 to get the list of prefixes for the defined ASN. But it seems th... Danilo Zrenjanin
06:12 AM pfSense Packages Bug #12822 (Confirmed): IPv4 Source ASN format not working
I have tried to define the ASN format and it appears that it is still not working consistently. Occasionally, it does... Danilo Zrenjanin

08/24/2023

11:39 PM Bug #14707 (Rejected): Fresh installation with a bug.
That's a hardware/driver issue with your @dc@ based NIC. Given the age of that hardware and the fact that it's only 1... Jim Pingle
10:45 PM Bug #14707 (Rejected): Fresh installation with a bug.
Hi, I made a fresh installation and get a bug/error. Attached the dumps for your future analyst if you consider neces... e ok
11:35 PM Bug #14708 (Resolved): PHP error when the system fails to create an interface
When enabling 6rd while 6to4 is enabled on another interface the web ui will throw an error of @Uncaught TypeError: p... Diana Moore
07:03 PM Bug #14432 (Feedback): PHP error when failing to write ``config.cache``
This should be fixed by commit:596a88fa42f0ac77bd2fc2be87b54457df11f64b Jim Pingle
07:00 PM Feature #14337: Allow SMTP notifications from non-root processes
With the changes I just pushed, I get working SMTP notifications from NUT as well as other users. No duplicates/loops... Jim Pingle
06:50 PM Feature #14337 (Feedback): Allow SMTP notifications from non-root processes
Applied in changeset commit:596a88fa42f0ac77bd2fc2be87b54457df11f64b. Jim Pingle
06:43 PM Revision 596a88fa: Notification code updates
* Rework how notice queue files are setup and maintained, which should
allow all users to send notifications now wi... Jim Pingle
02:29 PM pfSense Packages Feature #14706 (New): Add Cloudflare tunnel pkg
Hello everybody,
I've been using Cloudflare tunnel for more than an year as I'm now behind CGNAT so no more open p... Vlad Saftoiu
01:42 PM Bug #14691: Separators get shifted when copying firewall rules between interfaces
That result indicates a patch is missing. The fix is in the latest build (20230824-0600) - try it there. Marcos M
07:39 AM Bug #14691: Separators get shifted when copying firewall rules between interfaces
After applying the patch, I made the following observations:
h3. Before copying:
Rules on source interface (L... Danilo Zrenjanin
12:50 PM Regression #14690 (Resolved): Creating or duplicating an IPsec P1 entry does not increment the IKE ID
Jim Pingle
05:24 AM Regression #14690: Creating or duplicating an IPsec P1 entry does not increment the IKE ID
Tested on ... Lev Prokofev

08/23/2023

11:32 PM Bug #14619: Rule separators are ordered incorrectly after removing rules in certain positions
Side note:
I have also seen this behavior carrying into layer 2 Ethernet filtering rules.
Photos inside duplicat... Jonathan Lee
10:54 PM pfSense Plus Bug #14705: Changes in Ethernet ruleset can lead to incorrect rule and separator order
I was not able to replicate it (including with Ethernet rules, etc). If you can replicate this on a default install/c... Marcos M
10:21 PM pfSense Plus Bug #14705: Changes in Ethernet ruleset can lead to incorrect rule and separator order
Thanks for looking into this. I am not changing the firewall configuration only the firewall rule when this occurs. L... Jonathan Lee
10:00 PM pfSense Plus Bug #14705 (Rejected): Changes in Ethernet ruleset can lead to incorrect rule and separator order
I can only replicate this if I change the config while editing a rule. This is known behavior that is due to the inde... Marcos M
05:28 PM pfSense Plus Bug #14705: Changes in Ethernet ruleset can lead to incorrect rule and separator order
For mine the rules are randomizing. I have some rules that jump to the middle and or end of the rule list. Jonathan Lee
05:21 PM pfSense Plus Bug #14705 (Duplicate): Changes in Ethernet ruleset can lead to incorrect rule and separator order
Most likely a duplicate of #14691 or #14619 Jim Pingle
05:16 PM pfSense Plus Bug #14705 (Closed): Changes in Ethernet ruleset can lead to incorrect rule and separator order
Hello fellow pfSense Redmine community members,
I noticed after the recent software update to 23.05.1 that issues ... Jonathan Lee
09:45 PM Regression #14623 (Feedback): Primary interface address is incorrectly set to the last address on the interface
Applied in changeset commit:baa612e555ba48e1961f03ac54e8f93b078aff48. Marcos M
07:05 PM Regression #14623 (Pull Request Review): Primary interface address is incorrectly set to the last address on the interface
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/1064 Marcos M
09:37 PM Revision baa612e5: Return the first interface address instead of the last. Fix #14623
Marcos M
09:23 PM Revision 9602c76c: Correctly shift separators when deleting a single rule above a separator. Fix #14691
Marcos M
08:55 PM Bug #14691 (Feedback): Separators get shifted when copying firewall rules between interfaces
Applied in changeset commit:26b97b650457ba98360b5648dd801fd0adb567a5. Marcos M
08:45 PM Bug #14691 (In Progress): Separators get shifted when copying firewall rules between interfaces
The behavior of the rule being placed on top when being copied only happens when e.g. copying the last rule of LAN to... Marcos M
06:40 PM Bug #14691 (Feedback): Separators get shifted when copying firewall rules between interfaces
Applied in changeset commit:abc8192b1028f48bb768ffb6727bed4d05adae7f. Marcos M
06:10 PM Bug #14691: Separators get shifted when copying firewall rules between interfaces
Tested against:... Danilo Zrenjanin
08:46 PM Revision 26b97b65: Remove the original rule when chaning the rule's interface. Fix #14691
Marcos M
08:04 PM Feature #14337: Allow SMTP notifications from non-root processes
Thanks Jim Denny Page
07:57 PM Feature #14337 (In Progress): Allow SMTP notifications from non-root processes
I have an alternate idea on how to fix this and (hopefully) also preserve the duplicate message suppression. There is... Jim Pingle
06:32 PM Revision abc8192b: Refactor rule separators. Fix #14691
Marcos M
06:11 PM Feature #13784 (Rejected): Option to completely block MAC addresses in Captive Portal
Now that L2 filtering is possible in the GUI (see #14308), this is no longer needed. Below is the diff for this MR fo... Marcos M
05:18 PM pfSense Packages Bug #14704 (Duplicate): FRR BGP Neighbor configuration page no longer displays BFD Peer(s) in the BFD section
Duplicate of #14654
It's already fixed in the most recent version of the package. Jim Pingle
05:10 PM pfSense Packages Bug #14704 (Duplicate): FRR BGP Neighbor configuration page no longer displays BFD Peer(s) in the BFD section
Hello,
I can no longer select a BFD Peer when creating a FRR BGP neighbor.
As an example.
I have two (2) BFD... Michael Mercier
04:44 PM Bug #13903 (Feedback): PPPoE Server address input validation is incorrectly allowing IPv6
Fixed by commit:9d0cd39f3be509ca0fd46119777bedd1954802c4 (typo'd the issue ID on there) Jim Pingle
03:48 PM Bug #13903 (In Progress): PPPoE Server address input validation is incorrectly allowing IPv6
Looks like it should be IPv4 only so I've fixed the input validation to restrict it to IPv4
I also corrected a mis... Jim Pingle
04:40 PM Bug #14392 (Feedback): ``find_interface_ipv6_ll()`` can return a VIP instead of the interface address
Applied in changeset commit:5df71c77b6b03a30b8f6425da331a892eb9876ad. Jim Pingle
04:21 PM Revision 5df71c77: Correct IPv6 LL addr locate behavior. Fixes #14392
Comments said it should take the first but it was taking the last.
Make that behavior optional but default to taking... Jim Pingle
03:47 PM Revision 9d0cd39f: Fixup PPPoE server input validation. Fixes #13909
Jim Pingle
03:40 PM Bug #14394 (Feedback): PHP error in CSRF Magic from invalid time value
Applied in changeset commit:1a57545864783b3acc5f28d166a79bd92a849759. Jim Pingle
03:10 PM Bug #14394 (In Progress): PHP error in CSRF Magic from invalid time value
Jim Pingle
03:29 PM Revision 1a575458: Correct PHP errors in CSRF Magic. Fixes #14394
Jim Pingle
03:00 PM Bug #13218 (Feedback): GIF-based interface MTU is assigned to parent interface on boot when parent interface is a LAGG
Applied in changeset commit:14beb636e4ca286c011398a30fd818f15c83eb7e. Jim Pingle
02:40 PM Bug #13218 (In Progress): GIF-based interface MTU is assigned to parent interface on boot when parent interface is a LAGG
PR has conflicts (and some logic issues, and outdated code usage). I'm working on an updated version of the changes. Jim Pingle
02:44 PM Revision 14beb636: Simplify interface_find_child_cfgmtu(). Fixes #13218
* Simplify the code in interface_find_child_cfgmtu() so it doesn't have
so much repetition
* Do not test GIF/GRE as... Jim Pingle
02:15 PM Regression #11570: Gateway monitoring services is not always restarted on interface events, which may prevent a WAN from recovering back to an online state
PR has conflicts and needs work/testing still Jim Pingle
02:15 PM Feature #13124 (Feedback): Option to wait for interface selection before displaying firewall rules
Applied in changeset commit:c451853836ae3e00ec20aa666c64a198d08b402c. Jim Pingle
02:09 PM Feature #13124 (In Progress): Option to wait for interface selection before displaying firewall rules
Jim Pingle
02:13 PM Bug #12225 (Rejected): Group membership field is not needed for remote groups
Doesn't seem like something we really need/want at the moment, and the PR was closed a few weeks ago.
 Jim Pingle
02:08 PM Revision c4518538: Option to require if select before showing fw rules. Implements #13124
Originally submitted in PR 4582 by Chrisc-c-c at GitHub Jim Pingle
01:40 PM Feature #13245 (Feedback): Type column on Alias lists
Applied in changeset commit:33cd269034590899b429f72305a4abdc4c6f686e. Jim Pingle
01:30 PM Feature #13245 (In Progress): Type column on Alias lists
Jim Pingle
01:32 PM Revision 33cd2690: Type column for Alias list. Implements #13245
While here, clean up some redundant/incorrect variable usage.
Adapted from PR 4592 submitted by luckman212 @ GitHub Jim Pingle
01:26 PM Feature #13377 (Feedback): Option to configure a custom value for the PHP memory limit
MR Merged Jim Pingle
01:12 PM Revision fc62ac50: Add a setting for PHP memory limit in System -> Advanced. Feature #13377
Christopher Cope
01:10 PM Feature #13804 (Feedback): Prevent CARP status/maintenance mode from being erroneously toggled
Applied in changeset commit:a9238fddf3149f0bd22886f91becfa3d373cc164. Christopher Cope
01:05 PM Feature #14347 (Feedback): Improve System menu behavior for Certificate Manager privileges
Applied in changeset commit:d9f02c6abae1d58e57cdff1775f1b516cb038585. Jim Pingle
12:55 PM Feature #14347 (In Progress): Improve System menu behavior for Certificate Manager privileges
Jim Pingle
01:02 PM Revision a9238fdd: Add requested state to status_carp requests. Implements #13804
Christopher Cope
12:59 PM Feature #14208: Automatic Split-DNS for 1:1 NAT
Waiting on changes to the PR, will be better in the next release with more time to test it out. Jim Pingle
12:55 PM Revision d9f02c6a: Pick crt mgr start by privs. Implements #14347
Check user privileges to determine where the menu entry for the
certificate manager should point. Users might have ac... Jim Pingle
12:38 PM Bug #14621 (Feedback): Rule separators are hidden when their index is greater than the number of rules
This was merged a couple weeks ago Jim Pingle
07:56 AM Bug #14702 (Resolved): ``ctype_digit()`` returns unexpected result for values <= ``255`` which can break some validation functions/usages
The patch fixes it.
I am marking this ticket resolved. Danilo Zrenjanin
07:45 AM Bug #14695 (Resolved): Copy function for User Manager Groups does not work for first group in list
Danilo Zrenjanin
07:45 AM Bug #14695: Copy function for User Manager Groups does not work for first group in list
The patch fixes it.
I am marking this ticket resolved.
Danilo Zrenjanin
06:52 AM Bug #14628: PPPoE Interface Panic
Occurred again today.
@
Aug 23 11:47:25 login 74579 login on ttyv0 as root
Aug 23 11:47:25 sshguard 77416 Now mo... Faisal Mahmood

08/22/2023

10:45 PM Bug #14691 (Pull Request Review): Separators get shifted when copying firewall rules between interfaces
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/1063 Marcos M
03:36 PM Bug #14691 (In Progress): Separators get shifted when copying firewall rules between interfaces
Marcos M
07:26 PM Feature #13422: Add a 'type' field to the DHCPv6 server Additional BOOTP/DHCP Options
This may already be part of the Kea work, but in case it isn't... Jim Pingle
07:24 PM Feature #13710: Support UTF-8 CA/Certificate subject components
We have enough to worry about with OpenSSL 3.x changes in this release, best not to complicate cert changes any furth... Jim Pingle
07:16 PM pfSense Packages Bug #14349 (Closed): The ClamAV 0.105.1 got a few vulnerabilities
It's already fixed in dev snaps, it'll come back naturally with the next release.
 Jim Pingle
06:38 PM pfSense Plus Bug #14682 (Feedback): DCO OpenVPN server bound to Localhost does not pass traffic as expected
Committed upstream in https://cgit.freebsd.org/src/commit/?id=949491f2a6397f2514f8fcde1c7dc61bd82f201a, and cherry-pi... Kristof Provost
03:45 PM pfSense Plus Bug #14682 (In Progress): DCO OpenVPN server bound to Localhost does not pass traffic as expected
I've also been able to reproduce this.
The problem turns out to be that we pass through pf multiple times (which i... Kristof Provost
05:06 PM pfSense Plus Feature #14348 (Resolved): Add unicast CARP indication and peer address to CARP status
This looks really good on Plus and CE both compared to before. Much more useful information and it all appears to be ... Jim Pingle
04:25 PM Revision 0600beae: services_dhcp.php: fix pool address range validation
Christian McDonald
02:20 AM Bug #14648: Values obtained from ``sysctl`` are sometimes unexpectedly empty, leading to PHP and other math errors
I am repeatedly receiving errors related to this. In addition to errors, crash reports, nearly every day. I just appl... C T

08/21/2023

10:59 PM Bug #14700: High CPU Temperature in CE 2.7
I would check your cooling solution if those are real values. Simply running with the default Speedshift settings sho... Steve Wheeler
12:31 PM Bug #14700 (Duplicate): High CPU Temperature in CE 2.7
Already covered by #14047 Jim Pingle
10:43 PM Bootstrap Bug #5121: interfaces.php - Wireless Antenna Selection should default to "Default"
Hello, what about 3 antenna port pcie cards? I learned the AR5BXB112 functions in some appliances. Is the 3rd port no... Jonathan Lee
10:38 PM pfSense Plus Regression #14703: 2100 pcie wireless issues
https://redmine.pfsense.org/issues/5121
Also talks about the now degraded Wireless Antenna Selection GUI setting Jonathan Lee
10:36 PM pfSense Plus Regression #14703: 2100 pcie wireless issues
Antenna tx and rx adjustments missing on 23.05.1
See attached is the new GUI settings showing changes Jonathan Lee
10:31 PM pfSense Plus Regression #14703: 2100 pcie wireless issues
https://redmine.pfsense.org/issues/13
was the options removed for antenna adjustments? It use to display them in the... Jonathan Lee
10:16 PM pfSense Plus Regression #14703: 2100 pcie wireless issues
even when removing dev.ath.0.tpc and dev.ath.0.tpcscale and setting tpack and tpcts to 99 it does not take the config... Jonathan Lee
07:00 PM pfSense Plus Regression #14703: 2100 pcie wireless issues
When I would add a system tunable for tpcts and tpack and reboot or manually adjust they would never change and alway... Jonathan Lee
06:53 PM pfSense Plus Regression #14703: 2100 pcie wireless issues
Compex WLE200NX Wireless A/B/G/N Network Mini PCIe Adapter (A4343) is the only card that works inside the 2100 Jonathan Lee
06:51 PM pfSense Plus Regression #14703 (New): 2100 pcie wireless issues
Hello fellow pfSense Packages Redmine community members can you please help.
1. The SG-2100MAX the Compex WLE200NX... Jonathan Lee
07:35 PM Bug #14695 (Feedback): Copy function for User Manager Groups does not work for first group in list
Applied in changeset commit:9270d777907048d2bfc31f4e57a01e915ff71a88. Jim Pingle
07:16 PM Bug #14695 (In Progress): Copy function for User Manager Groups does not work for first group in list
Not specific to Plus.
Looks like most of the tests checking if the duplicate action is being performed are done in a... Jim Pingle
07:25 PM Revision 9270d777: Improve dup action tests in group mgr. Fixes #14695
Jim Pingle
06:38 PM Regression #14698: TLS Cert Warning Message Present on First Start
Ended up being an issue in the upgrade code, not the GUI or certs. Jim Pingle
06:35 PM Regression #14698 (Feedback): TLS Cert Warning Message Present on First Start
Applied in changeset commit:dcc7c577b51d68878c68313e3e0705d600c75b6f. Jim Pingle
06:24 PM Revision dcc7c577: Prevent running upgrade code on first boot. Fixes #14698
* Update default config to current latest revision number
* Add safety belt check to not flag an empty GUI cert as we... Jim Pingle
03:15 PM Bug #14702 (Feedback): ``ctype_digit()`` returns unexpected result for values <= ``255`` which can break some validation functions/usages
Applied in changeset commit:28e2b61100b0f1cf81de5e73fd579bb6bd36afb5. Jim Pingle
03:05 PM Bug #14702 (In Progress): ``ctype_digit()`` returns unexpected result for values <= ``255`` which can break some validation functions/usages
Looks like this could also break things in a few other places since we use that function ~10 times in various files.
... Jim Pingle
02:56 PM Bug #14702: ``ctype_digit()`` returns unexpected result for values <= ``255`` which can break some validation functions/usages
The problem is with the @ctype_digit()@ test used in @is_port()@:
https://www.php.net/manual/en/function.ctype-dig... Jim Pingle
02:44 PM Bug #14702 (Confirmed): ``ctype_digit()`` returns unexpected result for values <= ``255`` which can break some validation functions/usages
This isn't specific to FTP, it happens for a few different ranges I tried (10-11, 20-21, 100-101, etc.) though it doe... Jim Pingle
06:45 AM Bug #14702 (Resolved): ``ctype_digit()`` returns unexpected result for values <= ``255`` which can break some validation functions/usages
Hello pfSense,
I've noticed that when you create a NAT rule with a port range starting with 20 (e.g. 20-21 or 20-... John Uplink
03:05 PM Revision 28e2b611: Cast to string before ctype_digit() testing. Fixes #14702
Jim Pingle
02:12 PM pfSense Plus Bug #14701: Regression #14374 new issue with active DHCP leases can no longer differentiate between online and offline system.
Static ARP entries must always be in the table. Prior to that patch, static ARP was broken, which is why the DHCP sta... Jim Pingle
02:08 PM pfSense Plus Bug #14701: Regression #14374 new issue with active DHCP leases can no longer differentiate between online and offline system.
Thanks for looking into this, prior to this PfSense patch I was able to see if a device was on or offline in the stat... Jonathan Lee
01:09 PM pfSense Plus Bug #14701 (Not a Bug): Regression #14374 new issue with active DHCP leases can no longer differentiate between online and offline system.
The online/offline status is solely based off the presence of the client MAC address in the ARP table. With static AR... Jim Pingle
02:10 PM Revision 343b9d14: pkg-utils.inc: just consider the first line of output from rquery when determining remote version.
Christian McDonald
02:01 PM pfSense Packages Feature #14696: possible cross site scripting and URL manipulation shell access injection issue sgerror.php
Thanks for looking at this and testing the various inputs. I did not know about the other reporting URL I will use th... Jonathan Lee
01:52 PM pfSense Packages Feature #14696 (Rejected): possible cross site scripting and URL manipulation shell access injection issue sgerror.php
That action is just echoing back the input to the user but as it passes through a query string and so on, the content... Jim Pingle
12:30 PM Bug #14301 (Resolved): Input validation error when saving IGMP Proxy settings
Jim Pingle
12:30 PM Bug #14646 (Resolved): OpenVPN can select the wrong interface IP address when multiple addresses are present
Jim Pingle
12:28 PM Regression #14678 (Resolved): CA and Certificate renewal page does not properly list some SHA1 certificates as being weak
Jim Pingle
12:27 PM Bug #14699 (Duplicate): Certificate alert is shown with a new install
Duplicate of #14698 Jim Pingle

08/20/2023

11:42 PM pfSense Plus Bug #14701 (Not a Bug): Regression #14374 new issue with active DHCP leases can no longer differentiate between online and offline system.
Hello fellow pfSense Redmine community members,
I wanted to add a note about a new issue showing. The active stati... Jonathan Lee
05:02 PM Bug #14700 (Duplicate): High CPU Temperature in CE 2.7
After upgrading 3 2.6 CE installs to 2.7, all of them experienced high CPU temps. A mitigation was found on reddit to... Boolie Boolie
03:47 PM Bug #14699 (Duplicate): Certificate alert is shown with a new install
I installed snapshot 23.09 build @20230818-1744@ and this alert is shown with a default config:
> The GUI HTTPS cert... Marcos M
02:50 AM Bug #14301: Input validation error when saving IGMP Proxy settings
Tested on Aug 18th builds of Plus 23.09. No errors are present when saving IGMP Proxy anymore. This can be closed a... Kris Phillips
01:02 AM Bug #14646: OpenVPN can select the wrong interface IP address when multiple addresses are present
retested with a different config after applying the related system_patch and failover appears to be working as expect... Jordan G

08/19/2023

10:16 PM Regression #14698 (Resolved): TLS Cert Warning Message Present on First Start
On first boot of the Aug 18th 23.09 builds, the following notification is present immediately when prompted with the ... Kris Phillips
09:18 PM Bug #14655 (Confirmed): NAT behind a WAN rule" and "!WAN rule"
I can confirm this behavior on... Christopher Cope
05:47 PM pfSense Packages Bug #14683: PHP error on ``status_frr.php`` from using too much memory
Since this is the same base issue solved by the PHP patch, I'm marking this as a duplicate of https://redmine.pfsense... Christopher Cope
05:47 PM pfSense Packages Bug #14683 (Duplicate): PHP error on ``status_frr.php`` from using too much memory
Christopher Cope
12:48 PM pfSense Plus Bug #14129 (Resolved): Chelsio T520 unable to route past 470Mbps
This is resolved by https://redmine.pfsense.org/issues/14207 Steve Wheeler
12:21 PM Regression #14678: CA and Certificate renewal page does not properly list some SHA1 certificates as being weak
Also can confirm on 23.09... aleksei prokofiev
11:46 AM Regression #14678: CA and Certificate renewal page does not properly list some SHA1 certificates as being weak
I can confirm that it is working as expected. Tested patch on 23.05.1 and 2.7.0 aleksei prokofiev
12:10 PM pfSense Docs Correction #14697 (Resolved): Need to fix TNSR examples recipes
Looks like the example images don't match the context of the example.
https://docs.netgate.com/tnsr/en/latest/recipe... aleksei prokofiev
10:37 AM pfSense Plus Bug #14175: LDAP authentication for SSH fails
Marcos M wrote in #note-6:
> With @Use Authentication Server for Shell Authentication@ checked, this issue can preve... Emre K
07:09 AM pfSense Plus Bug #14531: Traffic Graph widget doesn't show traffic counts for OpenVPN interfaces since 23.05.1 upgrade.
The same behavior on ... Lev Prokofev
04:04 AM Bug #14648: Values obtained from ``sysctl`` are sometimes unexpectedly empty, leading to PHP and other math errors
Hi
For the last 2 hrs been running script to keep getting that output every 1 second..
It hasn't come up blank o... Michael Clews
12:05 AM pfSense Packages Feature #14696: possible cross site scripting and URL manipulation shell access injection issue sgerror.php
/usr/local/www/sgerror.php
has no ability to disable internal error redirect functionality when utilizing externa... Jonathan Lee
12:03 AM pfSense Packages Feature #14696: possible cross site scripting and URL manipulation shell access injection issue sgerror.php
In my case https://192.168.1.1:8080/sgerror.php?url=403%20Blocked%20by%20Mom%20and%20Dad&a=%a&n=%n&i=%i&s=%s&t=%t&u=%... Jonathan Lee
12:02 AM pfSense Packages Feature #14696: possible cross site scripting and URL manipulation shell access injection issue sgerror.php
sgerror.php is also still accessible even with the internal error redirector redirecting to external site like Google... Jonathan Lee

08/18/2023

11:13 PM pfSense Packages Feature #14696: possible cross site scripting and URL manipulation shell access injection issue sgerror.php
I wonder if there is any php injection vulnerabilities here. I did get it to say hello world. I noticed there is some... Jonathan Lee
10:48 PM pfSense Packages Feature #14696: possible cross site scripting and URL manipulation shell access injection issue sgerror.php
if I can force it to say hello world, you could force it to say it a million times and do a denial of service attack ... Jonathan Lee
10:33 PM pfSense Packages Feature #14696 (Rejected): possible cross site scripting and URL manipulation shell access injection issue sgerror.php
Hello fellow pfSense Redmine team,

I seem to have found an issue with sgerror.php allowing a user to adapt the ph... Jonathan Lee
07:51 PM Bug #14542 (Resolved): Gateway widget tooltip incorrectly indicates some gateways as being default
Entries below default gateways no longer have the incorrect tooltip in the widget.
 Jim Pingle
07:50 PM Todo #14399 (Resolved): Combining Interface and Rule ID state table filter fields returns no results
Input validation error is printed as expected, other queries still work.
 Jim Pingle
07:48 PM Bug #14417 (Resolved): System Information widget does not properly form list of active hardware crypto algorithms
This appears to be correct and looks better on a variety of hardware models Jim Pingle
04:31 PM Bug #14673 (Resolved): Remove broken ``stun.sipgate.net`` from UPnP STUN server list
Jim Pingle
11:14 AM Bug #14673: Remove broken ``stun.sipgate.net`` from UPnP STUN server list
Tested on 23.05.1
No more stun.sipgate.net in the list.
!clipboard-202308181514-vpy4v.png!
 Lev Prokofev
04:31 PM pfSense Packages Bug #14694 (Not a Bug): HAProcy
I'm using ACME certs with HAProxy and it works fine here, so it's not clear why yours might be failing.
This site ... Jim Pingle
05:02 AM pfSense Packages Bug #14694 (Not a Bug): HAProcy
After the latest update I can no longer assign an ACME certificate to a HAProxy Frontend, not matter which certificat... Rick Strangman
03:56 PM Bug #14648: Values obtained from ``sysctl`` are sometimes unexpectedly empty, leading to PHP and other math errors
Suika Ibuki wrote in #note-16:
> Why not do a patch against that function to dump everything, env and what not? At l... Jim Pingle
03:51 PM Bug #14648: Values obtained from ``sysctl`` are sometimes unexpectedly empty, leading to PHP and other math errors
commit:aed18fb07d387c90942b729c02fe460064310f5e should show up on GitHub here in a few minutes with a small fix to av... Jim Pingle
03:50 PM Bug #14648: Values obtained from ``sysctl`` are sometimes unexpectedly empty, leading to PHP and other math errors
I don't even know what is triggering that, something in the background of pfsense does, but dunno how to trigger it.
... Suika Ibuki
03:36 PM Bug #14648 (In Progress): Values obtained from ``sysctl`` are sometimes unexpectedly empty, leading to PHP and other math errors
OK that is in a completely different function, but one which also takes fetches its data from sysctl. Makes no sense ... Jim Pingle
01:59 PM Bug #14648: Values obtained from ``sysctl`` are sometimes unexpectedly empty, leading to PHP and other math errors
Jim Pingle wrote in #note-13:
> Michael Clews wrote in #note-12:
> > Hi
> > I received the error again
>
> Is ... Suika Ibuki
03:39 PM Revision aed18fb0: Avoid div by 0 in memory calculation. Issue #14648
Jim Pingle
09:18 AM Bug #14695 (Resolved): Copy function for User Manager Groups does not work for first group in list
It seems that https://redmine.pfsense.org/issues/12226 did not completely resolve this issue.
If you try to copy t... Dan Edwards

08/17/2023

10:33 PM Revision abe73fb3: Update .gitignore and remove autosave file from tests
Reid Linnemann
10:21 PM Bug #14693 (New): Filter reload with NAT reflection rules is extremely slow
We're running a PFSense cluster which contains the following amount of rules:
- 60x Outbound NAT rule
- 120x NAT ... Kevin Bentlage
08:46 PM Bug #14692 (New): Mangled link-local addresses are being logged
My system is logging discarded ping request messages from a link-local address, as is expected.
Here is an example... Daryl Morse
08:33 PM Bug #12833: GUI Service Log Filling Up with Cruft
Jim Pingle wrote in #note-6:
> That is a raw web server log, it's not meant to only show notable events, but every a... Daryl Morse
08:20 PM Bug #14542 (Feedback): Gateway widget tooltip incorrectly indicates some gateways as being default
Applied in changeset commit:d1f43fb9b03f4d4b30dc1b0dfed33d46d6386902. Jim Pingle
07:25 PM Bug #14542 (In Progress): Gateway widget tooltip incorrectly indicates some gateways as being default
Jim Pingle
07:28 PM Revision d1f43fb9: Fix gateway widget tooltip 'default' text. Fixes #14542
Jim Pingle
07:25 PM Todo #14399 (Feedback): Combining Interface and Rule ID state table filter fields returns no results
Applied in changeset commit:1b6b8b4c9c1e187d3a55f7fdb5dd8a22252caf06. Jim Pingle
07:10 PM Todo #14399 (In Progress): Combining Interface and Rule ID state table filter fields returns no results
Not specific to plus
I'll add an input validation error if both are filled in. Jim Pingle
07:19 PM Revision 1b6b8b4c: Error on states with if and ruleid filters. Fixes #14399
Jim Pingle
05:21 PM Bug #14417 (Feedback): System Information widget does not properly form list of active hardware crypto algorithms
Fix committed. Seems to list everything for me now and also in the correct alphabetical order.
Before:
!clipboard... Jim Pingle
04:14 PM Bug #14417 (In Progress): System Information widget does not properly form list of active hardware crypto algorithms
Though the problem is easiest to notice in Plus, the function is similar in CE and could in theory have the same prob... Jim Pingle
05:19 PM Revision 81da0ed3: Correct hwcrypto alg list in widget. Fixes #14417
Jim Pingle
03:34 PM Bug #11539: Mobile IPsec ``split_include`` value of ``0.0.0.0/0`` causes some clients to fail
Still waiting on an affected user to test and offer feedback.
 Jim Pingle
03:33 PM Regression #12549: Per-user Mobile IPsec settings are not applied to connecting mobile clients
Clients are still not behaving a way that appears to be fixable for all of them at once. Will keep checking, though.
 Jim Pingle
03:32 PM Todo #13508: Uncouple RAM Disk size from available kernel memory
Needs more time to come up with a proper solution. Jim Pingle
03:30 PM Regression #14690: Creating or duplicating an IPsec P1 entry does not increment the IKE ID
Excluding from release notes since it was never a problem in a release version. Jim Pingle
03:25 PM Regression #14690 (Feedback): Creating or duplicating an IPsec P1 entry does not increment the IKE ID
Applied in changeset commit:c10d5dc27156880b4939b0a4e862753949f9e649. Jim Pingle
03:17 PM Regression #14690: Creating or duplicating an IPsec P1 entry does not increment the IKE ID
This regressed after the last release. It's OK on 23.05.1 and 2.7.0, but broken in the current code. Looks like a var... Jim Pingle
03:12 PM Regression #14690 (In Progress): Creating or duplicating an IPsec P1 entry does not increment the IKE ID
It's worse than that, even creating a new tunnel from scratch has a duplicate ID. Jim Pingle
12:58 PM Regression #14690: Creating or duplicating an IPsec P1 entry does not increment the IKE ID
Not specific to plus, happens on CE as well.
 Jim Pingle
03:18 PM Revision c10d5dc2: Fix var name in ipsec_ikeid_next(). Fixes #14690
Jim Pingle
03:16 PM Bug #14691 (Resolved): Separators get shifted when copying firewall rules between interfaces
h1. Reproduce
Have two active interfaces, one with at least one firewall rule (hereafter called OPT1) and the othe... Filip Bengtsson
08:10 AM pfSense Packages Bug #14683: PHP error on ``status_frr.php`` from using too much memory

and changed config.inc
// Set memory limit to 512M on amd64.
if ($ARCH == "amd64") {
ini_set("memory_limit", ... yon Liu
08:06 AM pfSense Packages Bug #14683: PHP error on ``status_frr.php`` from using too much memory
i have changed php tomemory_limit = 1200M now,it is ok.
and if run frr bgp route, the kern.ipc.maxsockbuf must be ch... yon Liu
07:24 AM Bug #14604: Bugs in dhclient implementation according to RFC 2131
Just to manage my expectations, how high is this on your priority list?
I'm thinking whether I should cancel my ISP ... Nazar Mokrynskyi

08/16/2023

11:15 PM Feature #14640 (Feedback): Extend support for SCTP in firewall and NAT rules
Applied in changeset commit:7a654802f01c17a921b3ae51099bf7d829df6cad. Marcos M
10:53 PM Revision 7a654802: Extend support for SCTP in firewall and NAT rules. Implement #14640
Marcos M
10:31 PM Feature #14483: Conditionally reconfigure IPsec VTI interfaces only when necessary while applying IPsec changes
I started a forum thread and during the discussion i realized the situation is very familiar to this redmine.
http... Mike Moore
09:23 PM Regression #14690 (Resolved): Creating or duplicating an IPsec P1 entry does not increment the IKE ID
pfSense 23.09-DEV build from today
VPN -> IPSec. I select the button to "copy phase 1 entry" for a P1 I created. The... Clinton Cory
07:45 PM Bug #14648: Values obtained from ``sysctl`` are sometimes unexpectedly empty, leading to PHP and other math errors
Michael Clews wrote in #note-12:
> Hi
> I received the error again
Is that with the patch applied or without it? Jim Pingle
07:40 PM pfSense Plus Feature #14348 (Feedback): Add unicast CARP indication and peer address to CARP status
Implemented in:
* https://gitlab.netgate.com/pfSense/pfSense/-/commit/d02e9664d251f54d99e5738808ea25b018421754 (CE... Jim Pingle
07:34 PM Revision d02e9664: CARP status update. Issue #14348
Add description Jim Pingle
12:57 PM pfSense Packages Feature #14689 (Rejected): Warn users about the risks of using snort in a netgate pfsense device
There are already warnings in place in various locations about this.
For example: https://www.netgate.com/supporte... Jim Pingle

08/15/2023

09:30 PM pfSense Packages Feature #14689 (Rejected): Warn users about the risks of using snort in a netgate pfsense device
Hello
I installed pfsense in a computer, running snort, protecting my network, it was awesome.... I decided to purch... Edgar Estrada
08:00 PM Feature #3288 (Feedback): Support interface macros in Outbound NAT rules
Applied in changeset commit:fecb90e9acdf0bd801e8a250b39e9a57555d3476. Marcos M
07:49 PM Revision fecb90e9: Support specialnets in outbound NAT source/destination. Implement #3288
Also, show an asterisk in place of 'Any' for the source,
and avoid generating oNAT rules with invalid aliases. Marcos M
07:16 PM Revision 1799f409: Extend alias and VIP checks to outbound NAT
Marcos M
06:27 PM Todo #14686: Check for deprecated OpenVPN encryption and digest options on upgrade
Updating subject for release notes. Jim Pingle
06:26 PM Todo #14672: Prevent weak SHA1 certificates from being used with GUI and Captive Portal
Updating subject for release notes. Jim Pingle
05:20 PM Todo #14672 (Feedback): Prevent weak SHA1 certificates from being used with GUI and Captive Portal
Applied in changeset commit:f78ae299e5ea7918478ad0cf902e169292ceb6f4. Jim Pingle
06:25 PM Todo #14677: Prevent weak SHA1 certificates from being used with OpenVPN clients and servers
Updating subject for release notes. Jim Pingle
06:24 PM Regression #14678: CA and Certificate renewal page does not properly list some SHA1 certificates as being weak
Updating subject for release notes. Jim Pingle
05:45 PM Feature #14688 (Rejected): Feedback on System Monitoring — DHCPv4 Status
You can already do that by making a static mapping entry -- it doesn't need to specify an IP address, it can just add... Jim Pingle
05:42 PM Feature #14688 (Rejected): Feedback on System Monitoring — DHCPv4 Status
*Page:* https://docs.netgate.com/pfsense/en/latest/monitoring/status/dhcp-ipv4.html
*Feedback:* It would be nice t... Joe Francis
05:45 PM Bug #14673 (Feedback): Remove broken ``stun.sipgate.net`` from UPnP STUN server list
Applied in changeset commit:9dc325fa2328597020540ab70f74fe13b575cdac. Jim Pingle
05:37 PM Bug #14673: Remove broken ``stun.sipgate.net`` from UPnP STUN server list
It's nice to have examples, so long as they work. Removing the broken one seems like a good enough measure for now.
 Jim Pingle
05:39 PM Revision 9dc325fa: Remove broken STUN server from UPnP list. Fixes #14673
Jim Pingle
05:10 PM Revision f78ae299: Work around weak certificates for nginx. Implements #14672
* Generalize and move function that creates self-signed certs
* Detect weak cert when starting GUI and re-generate
* ... Jim Pingle
02:06 PM pfSense Plus Bug #14586: Adding an IP Alias VIP using a unicast CARP VIP as its parent changes the CARP VIP to multicast at the OS level
Ok, cool. Thanks for letting me know. I'll await 23.09. :) James George
01:29 PM pfSense Plus Bug #14586: Adding an IP Alias VIP using a unicast CARP VIP as its parent changes the CARP VIP to multicast at the OS level
Oh shoot, I apologize. I created the patch from a previous aborted MR, which I had closed before I saw and corrected ... Reid Linnemann
03:17 AM pfSense Plus Bug #14586: Adding an IP Alias VIP using a unicast CARP VIP as its parent changes the CARP VIP to multicast at the OS level
Thanks Reid.
Unfortunately, this seems to only be a partial fix (for me at least) - it does not work at bootup. I ... James George
02:54 AM pfSense Plus Bug #14682: DCO OpenVPN server bound to Localhost does not pass traffic as expected
I was able to confirm this bug on 2100 w/23.05.1. Craig Coonrad
01:25 AM Revision 15a79170: composer.json: add twig/twig and update versions
Christian McDonald

08/14/2023

10:19 PM pfSense Plus Bug #14586: Adding an IP Alias VIP using a unicast CARP VIP as its parent changes the CARP VIP to multicast at the OS level
James George wrote in #note-9:
> I'm happy to test the fix in my environment if you'd like; I'd just need a diff/pat... Reid Linnemann
09:53 PM Bug #14648: Values obtained from ``sysctl`` are sometimes unexpectedly empty, leading to PHP and other math errors
Hi
I received the error again
Crash report begins. Anonymous machine information:
amd64
14.0-CURRENT
FreeB... Michael Clews
08:53 PM Bug #14687: Error in boot messages about missing ``/boot/loader.conf.d`` directory
Stock FreeBSD comes with the directory.
Thus the best long term option is to just add one, but I don't know to do ... Mateusz Guzik
08:00 PM Bug #14687 (Closed): Error in boot messages about missing ``/boot/loader.conf.d`` directory
This is defined in /boot/defaults/loader.conf:... Steve Wheeler
07:35 PM Todo #14686 (Feedback): Check for deprecated OpenVPN encryption and digest options on upgrade
Applied in changeset commit:45b87923fecb8d7e414f927997b399fbe5a69355. Jim Pingle
05:44 PM Todo #14686 (Resolved): Check for deprecated OpenVPN encryption and digest options on upgrade
OpenSSL 3.x deprecated several algorithms for encryption and digest.
Encryption algorithms removed from OpenVPN:
... Jim Pingle
07:35 PM Todo #14677 (Feedback): Prevent weak SHA1 certificates from being used with OpenVPN clients and servers
Applied in changeset commit:45b87923fecb8d7e414f927997b399fbe5a69355. Jim Pingle
07:27 PM Revision 45b87923: Check OpenVPN instances for deprecated items
* Check for weak certificate digests. Implements #14677
* Check for deprecated encryption and digests. Implements #14686 Jim Pingle
03:53 PM Revision e1267c0f: Improve GUI cert digest help text
Instead of calling out one weak digest, mention the current best
practice minimum and that others may fail for being ... Jim Pingle
02:30 PM pfSense Plus Bug #14682: DCO OpenVPN server bound to Localhost does not pass traffic as expected
I can confirm this (even on 23.09 snaps) but it doesn't seem to be a routing issue. I see all the same interface conf... Jim Pingle
12:32 PM pfSense Plus Bug #14685 (Not a Bug): Kernel panic on reroot
The crash looks like it could potentially be a problem with the filesystem or disk. While there is a possibility it's... Jim Pingle
12:18 PM Regression #14678: CA and Certificate renewal page does not properly list some SHA1 certificates as being weak
aleksei prokofiev wrote in #note-2:
> Tested this patch on 23.05.1 and 2.7.0
> After apply the patch the the cert m... Jim Pingle
12:15 PM pfSense Packages Bug #14683: PHP error on ``status_frr.php`` from using too much memory
Probably too much data for that page to deal with (e.g. route table is gigantic).
It already tries to limit how th... Jim Pingle
12:12 PM Bug #14681 (Duplicate): IGMP proxy cause crash on 23.05.1
The backtrace looks close enough that it seems like the same bug. No reason for a new report at this point. Even if i... Jim Pingle
12:10 PM Bug #14680 (Not a Bug): server/client openvpn /30
This is just how OpenVPN works. With a /24 subnet, SSL/TLS, and no DCO you have to have Overrides to setup iroutes be... Jim Pingle
06:12 AM Bug #14651: pfSense 2.7.0 Release has PPPoE bug. Unable to even make connection. LCP: Down Event and Link: Down event with no explanation
Lucas Tam wrote in #note-3:
> I recently had a similar issue with my PPPoE interfaces w/ a QNAP QXG-2G4T-I225 passed... Cin Lung Chen
02:12 AM Bug #14684: Allowed IP Address does not control incoming speed in captive portal, PF Sense Release 2.7 Latest
I Also make a issue thread on forum.netgate.com, where Mr. Rcoleman-netgate advice me to address this bug
on this bu... Noman Haroon
02:07 AM Bug #14684: Allowed IP Address does not control incoming speed in captive portal, PF Sense Release 2.7 Latest
Dear PF Sense Engineers, I have shared a video, Kindly check it.
https://drive.google.com/drive/folders/1kVCGz0lYr... Noman Haroon

08/13/2023

08:28 PM pfSense Plus Bug #14685 (Feedback): Kernel panic on reroot
When running a reroot on my firewall (Dell R220) it starts to stop services just fine then kernel panics and does a w... Ed McLain
04:29 PM Bug #14684 (Confirmed): Allowed IP Address does not control incoming speed in captive portal, PF Sense Release 2.7 Latest
Hi PF Sense Engineers, I like to report a bug. There is problem in captive portal in latest release 2.7, In captive p... Noman Haroon
02:38 PM Bug #14628: PPPoE Interface Panic
@Jim Pingle The issue was reported again earlier today and I am attaching the latest dump. The ending lines of logs w... Faisal Mahmood
06:17 AM Regression #14678: CA and Certificate renewal page does not properly list some SHA1 certificates as being weak
Tested this patch on 23.05.1 and 2.7.0
After apply the patch the the cert marks as Weak Digest
!clipboard-202308130... aleksei prokofiev
04:59 AM pfSense Packages Bug #14683 (Duplicate): PHP error on ``status_frr.php`` from using too much memory

amd64
14.0-CURRENT
FreeBSD 14.0-CURRENT #1 plus-RELENG_23_05_1-n256108-459fc493a87: Wed Jun 28 04:26:04 UTC 202... yon Liu
04:26 AM Bug #14681: IGMP proxy cause crash on 23.05.1
No patch was applied, because the patch requires a kernel build. Lev Prokofev
02:45 AM Bug #14681: IGMP proxy cause crash on 23.05.1
Did this issue crop up as a result of the patch in the linked redmine or does this crash happen without the patch? Kris Phillips
02:47 AM Bug #14680: server/client openvpn /30
Based on the note below the Tunnel Network field, this might be expected behavior:
_A tunnel network of /30 or small... Kris Phillips

08/12/2023

09:27 PM pfSense Plus Bug #14682 (Resolved): DCO OpenVPN server bound to Localhost does not pass traffic as expected
When connected to an OpenVPN server that has DCO enabled and the OpenVPN server is bound to Localhost with Port Forwa... Kris Phillips
08:27 PM pfSense Packages Bug #14643 (Not a Bug): Suricata PHP error after upgrade to CE 2.7.0
That is expected as the system upgrades the packages. Since it is working correctly after the upgrade, I'm marking th... Christopher Cope
08:26 PM pfSense Packages Bug #14644 (Not a Bug): Zeek PHP error after upgrade to CE 2.7.0
e 1/1 wrote in #note-2:
> Kris Phillips wrote in #note-1:
> > Do any issues occur with the package post-upgrade or ... Christopher Cope
08:20 PM Bug #13344: Vlan loses parent interface when changing LAGG mtu to jumbo frames
related/duplicate? https://redmine.pfsense.org/issues/14603 Jordan G
07:17 PM Bug #13996: Limiters using the fq_pie scheduler no longer pass any traffic.
I can confirm, I'm seeing this on 23.05.1 - if nothing else but the scheduler changes from FQ_CODEL to FQ_PIE under t... Jordan G
12:55 PM Bug #14681 (Duplicate): IGMP proxy cause crash on 23.05.1
Crash trace attached, possibly related to https://redmine.pfsense.org/issues/12079
Fatal trap 12: page fault whi... Lev Prokofev
03:14 AM Bug #14648: Values obtained from ``sysctl`` are sometimes unexpectedly empty, leading to PHP and other math errors
It happens in my case after logging into the system based on the time stamp as its the same time as my login.
not su... Michael Clews
03:10 AM Bug #14680 (Not a Bug): server/client openvpn /30

server/client does not work if the Tunnel Network is not /30 in ssl/tls , it works with shared key .
* create Op... Alhusein Zawi

08/11/2023

09:52 PM Regression #14679: Allow simultaneously including/excluding the same type
This would make sense for types that allow "all of" and "none of" (host, mac, port). Marcos M
08:36 PM Regression #14679 (New): Allow simultaneously including/excluding the same type
Hi All
With the updates in the last couple version it looks like functionality was lost with the GUI packet captur... Martin Kenney
09:02 PM Revision 8c605478: Show the correct selection when editing oNAT rules
Fixes a copy/paste error from 887d0e7d. Marcos M
07:44 PM pfSense Packages Bug #14644: Zeek PHP error after upgrade to CE 2.7.0
Kris Phillips wrote in #note-1:
> Do any issues occur with the package post-upgrade or is just the upgrade PHP errors... e 1/1
07:15 PM Regression #14678 (Feedback): CA and Certificate renewal page does not properly list some SHA1 certificates as being weak
Applied in changeset commit:3ad1e1cb0dd5fa9a486448bfd44c82c230741306. Jim Pingle
06:05 PM Regression #14678 (Resolved): CA and Certificate renewal page does not properly list some SHA1 certificates as being weak
Noticed this when working on other OpenSSL changes, but some certificates are not being flagged by the renewal page a... Jim Pingle
07:12 PM Todo #14677 (In Progress): Prevent weak SHA1 certificates from being used with OpenVPN clients and servers
Adding the GUI warnings and filtering out the invalid certificate choices is now complete.
The upgrade code is the... Jim Pingle
07:11 PM Todo #14672 (In Progress): Prevent weak SHA1 certificates from being used with GUI and Captive Portal
Adding the GUI warnings and filtering out the invalid certificate choices is now complete.
The upgrade code is the... Jim Pingle
07:05 PM Revision 3ad1e1cb: Certificate digest strength changes
Part of ongoing changes for OpenSSL 3.x
* Consolidate and improve checks for weak digest algorithms.
Fixes #14678
... Jim Pingle
05:38 PM pfSense Packages Regression #14636 (Feedback): "Legacy" strength PKCS#12 Export needs ``-legacy`` provider parameter on OpenSSL command
I pushed this change on Wednesday:
https://github.com/pfsense/FreeBSD-ports/commit/f61ca6b81bab553e94046b1e6c5811a... Jim Pingle
04:29 PM Revision b6698d5b: Add the new initial installation tarball to the pkg-plist files in the base core package.
Luiz Souza
04:16 PM Revision 10f20bdb: Add a list of initial files installed only a single time.
Those files are mostly static and will not be upgraded with the rest of the
system to also preserve user customizatio... Luiz Souza
03:52 PM pfSense Packages Feature #14423: haproxy 2.7 QUIC support (+ maybe LUA 5.4?)
Pawel Piaskowy wrote:
> Hello,
>
> I appreciate all pfSense+ updates and efforts Team is doing (I am relatively new ... Torben Hørup
01:46 PM Bug #14651: pfSense 2.7.0 Release has PPPoE bug. Unable to even make connection. LCP: Down Event and Link: Down event with no explanation
I recently had a similar issue with my PPPoE interfaces w/ a QNAP QXG-2G4T-I225 passed through to the VM using VMXNet... Lucas Tam
12:54 PM Bug #14665 (Feedback): IGMP Proxy cannot start on VirtIO (``vtnet``) interfaces
I've committed the relevant fix upstream and merged that into our trees. igmpproxy is expected to work in the next sn... Kristof Provost
12:36 PM pfSense Packages Bug #12899 (Resolved): Suricata doesn't honor Pass List
Jim Pingle
01:14 AM pfSense Packages Bug #12899: Suricata doesn't honor Pass List
Another pass at resolving this long standing, but random, issue is in the code of Pull Request 1284 (https://github.c... Bill Meeks
12:36 PM pfSense Packages Bug #14530 (Resolved): Suricata 6.0.13 package interface settings
Jim Pingle
01:11 AM pfSense Packages Bug #14530: Suricata 6.0.13 package interface settings
This issue is resolved by Pull Request 1285 https://github.com/pfsense/FreeBSD-ports/pull/1285 merged on August 10, 2... Bill Meeks
12:36 PM Bug #14648: Values obtained from ``sysctl`` are sometimes unexpectedly empty, leading to PHP and other math errors
Those are the exact same errors as above. You can try the patch above and see if you can reproduce it after.
At th... Jim Pingle
07:42 AM Bug #14648: Values obtained from ``sysctl`` are sometimes unexpectedly empty, leading to PHP and other math errors
Got a slightly different variant (havent changed anything):
PHP ERROR: Type: 1, File: /etc/inc/util.inc, Line: 2479,... Michael Clews
04:52 AM Revision 157e4821: Make sure all of /etc/dh-parameters* are not in the pfSense-base package.
For details, see e02a5d8c0f8627ed0259e1cc91dbbdaeb9746602 and #4816. Luiz Souza

08/10/2023

10:55 PM Revision 887d0e7d: Refactor outbound NAT target config field
Don't keep a separate target field, and handle
some older configs on upgrade. Marcos M
10:53 PM Revision 1b8b0963: Revert "Refactor outbound NAT target config field"
This reverts commit 5557bc594916a5a6ff51ac8ed319a6ad436d3475. Marcos M
08:44 PM Feature #3288 (In Progress): Support interface macros in Outbound NAT rules
Marcos M
07:00 PM Feature #3288 (Feedback): Support interface macros in Outbound NAT rules
Marcos M
06:30 PM Revision 5557bc59: Refactor outbound NAT target config field
There's no need to keep a separate target field,
and now it's easier to implement #3288. Marcos M
06:08 PM pfSense Packages Bug #14676 (Confirmed): Listening Port option in the Tailscale configurator is not respected
Christian McDonald
05:37 PM pfSense Packages Bug #14676: Listening Port option in the Tailscale configurator is not respected
David G wrote in #note-7:
> Christian McDonald wrote in #note-5:
> > I bet something else is already listening on 1... David G
05:27 PM pfSense Packages Bug #14676: Listening Port option in the Tailscale configurator is not respected
Christian McDonald wrote in #note-5:
> I bet something else is already listening on 11111, forcing tailscaled to cho... David G
05:14 PM pfSense Packages Bug #14676 (Not a Bug): Listening Port option in the Tailscale configurator is not respected
Christian McDonald
05:12 PM pfSense Packages Bug #14676: Listening Port option in the Tailscale configurator is not respected
I bet something else is already listening on 11111, forcing tailscaled to choose another port to bind. Christian McDonald
05:09 PM pfSense Packages Bug #14676: Listening Port option in the Tailscale configurator is not respected
David G wrote in #note-3:
> Christian McDonald wrote in #note-2:
> > I'm not able to replicate this report myself.
... David G
04:49 PM pfSense Packages Bug #14676: Listening Port option in the Tailscale configurator is not respected
Christian McDonald wrote in #note-2:
> I'm not able to replicate this report myself.
Here are some screenshots of... David G
04:13 PM pfSense Packages Bug #14676: Listening Port option in the Tailscale configurator is not respected
I'm not able to replicate this report myself. Christian McDonald
10:32 AM pfSense Packages Bug #14676: Listening Port option in the Tailscale configurator is not respected
Tested on 2.7.0 and 23.05.1 , Tailscale 0.1.4
Can not reproduce, if I change listen port it always changed appropria... aleksei prokofiev
02:54 AM pfSense Packages Bug #14676 (Confirmed): Listening Port option in the Tailscale configurator is not respected
The tailscaled process starts and listens on a random port, instead of the one specified. This causes things like dir... David G
04:24 PM Todo #14672: Prevent weak SHA1 certificates from being used with GUI and Captive Portal
Added Captive Portal here since it will also fail with a SHA1 cert or CA Jim Pingle
04:19 PM Todo #14677 (Resolved): Prevent weak SHA1 certificates from being used with OpenVPN clients and servers
OpenVPN built against OpenSSL 3.0 rejects any certificate (client or server) using SHA1 hash. Surprisingly, a SHA1 CA... Jim Pingle
03:15 PM Feature #14667 (Resolved): Improve SCTP support in ``filterlog``
Looks good on the latest snapshot with @filterlog-0.1_10@.
!clipboard-202308101114-0moko.png!
Raw log content:
... Jim Pingle
02:15 PM pfSense Packages Bug #14674 (Resolved): Error after upgrade to HAProxy 0.62_1
Jim Pingle
02:08 PM pfSense Packages Bug #14674: Error after upgrade to HAProxy 0.62_1
It works for me too, thank you so much Crystian Geovani Dorabiatto
02:00 PM pfSense Packages Bug #14674: Error after upgrade to HAProxy 0.62_1
It seems to be working properly now with the new build no errors. Thanks Willem-Jan v R
12:54 PM pfSense Packages Bug #14674 (Feedback): Error after upgrade to HAProxy 0.62_1
I updated the non-devel version of the package with the code from -devel. The underlying versions of haproxy updated ... Jim Pingle
12:02 PM pfSense Packages Bug #14674 (In Progress): Error after upgrade to HAProxy 0.62_1
Jim Pingle
11:56 AM pfSense Packages Bug #14674: Error after upgrade to HAProxy 0.62_1
I had the same issue, Im using the Dev PKG but the Dev PKG has a lot of issue about SSL, in the past they fixed the s... Crystian Geovani Dorabiatto
11:36 AM pfSense Packages Bug #14674: Error after upgrade to HAProxy 0.62_1
I had the same issue. Luckily the develop version was working. I didn't make a new boot environment to restore from.
... Willem-Jan v R
02:37 AM pfSense Packages Bug #14674: Error after upgrade to HAProxy 0.62_1
Can confirm. Manually editing the file doesn't work. Kevin Ruffus
12:48 AM pfSense Packages Bug #14674 (Resolved): Error after upgrade to HAProxy 0.62_1
Looks like nbproc is no long supported in the config file and needs to be removed in order to start the service.
E... Chad High
01:05 PM Regression #14431: Sending IPv6 traffic on a disabled interface can trigger a kernel panic

In my case there is no involvement of Tailscale as I do not use it.
Regards.
☕️ Rob A
12:05 PM pfSense Plus Bug #14586 (Resolved): Adding an IP Alias VIP using a unicast CARP VIP as its parent changes the CARP VIP to multicast at the OS level
Jim Pingle
07:36 AM pfSense Plus Bug #14586: Adding an IP Alias VIP using a unicast CARP VIP as its parent changes the CARP VIP to multicast at the OS level
Tested on Dev build... Lev Prokofev
12:02 PM pfSense Packages Regression #14675 (Duplicate): HA Proxy can’t commit changes
Duplicate of #14674 (it has the full non-cropped error message) Jim Pingle
01:40 AM pfSense Packages Regression #14675 (Duplicate): HA Proxy can’t commit changes
There seems to an issue with commiting any changes in HA Proxy after a recent (today) package update.
There are foru... Mike Moore

08/09/2023

08:39 PM Bug #14673: Remove broken ``stun.sipgate.net`` from UPnP STUN server list
An example from a bug report from OpenWRT:
https://github.com/openwrt/packages/issues/17413#issuecomment-133790197... Kris Phillips
08:36 PM Bug #14673 (Resolved): Remove broken ``stun.sipgate.net`` from UPnP STUN server list
Some users are reporting that stun.sipgate.net, which is the first item in the list of the "Some public STUN servers:... Kris Phillips
07:56 PM Todo #14672: Prevent weak SHA1 certificates from being used with GUI and Captive Portal
Note this is for both the certificate itself using SHA1 *or* if the CA is using SHA1. Neither one can use it. Jim Pingle
07:14 PM Todo #14672 (Resolved): Prevent weak SHA1 certificates from being used with GUI and Captive Portal
The @nginx@ daemon for the GUI fails to run with a SHA1 certificate on dev snapshots using OpenSSL 3.0
The daemon ... Jim Pingle
07:43 PM Feature #14667: Improve SCTP support in ``filterlog``
PRs merged. The filterlog port change was missing a Makefile version bump but I took care of that. Should be in the n... Jim Pingle
07:30 PM Feature #14667 (Feedback): Improve SCTP support in ``filterlog``
Applied in changeset commit:d9601d99bbeb1d941484d777d8d3fbe1839a2faa. Kristof Provost
05:16 PM Feature #14667 (Pull Request Review): Improve SCTP support in ``filterlog``
Jim Pingle
04:58 PM Feature #14667: Improve SCTP support in ``filterlog``
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/1060
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/... Kristof Provost
07:22 PM Revision d9601d99: syslog: filterlog now exports port numbers for SCTP. Implements #14667
Kristof Provost
05:17 PM pfSense Packages Bug #14671: LCDproc package does not automatically restart after upgrade
I don't believe it has anything to do with the configuration, but some sort of timing issue on when the package is st... Jim Pingle
04:03 PM pfSense Packages Bug #14671 (New): LCDproc package does not automatically restart after upgrade
When upgrading LCDproc, the lcdproc daemon does not automatically restart.
One must re-save the LCDproc service se... Elvis Impersonator
02:11 PM pfSense Packages Feature #14653: Update to LCPROC NTP Screen
I've noticed that as well sometimes but haven't yet been able to track it down. That would belong in its own separate... Jim Pingle
02:08 PM pfSense Packages Feature #14653: Update to LCPROC NTP Screen

@jimp
23.05.1 I think there might a lingering bug with the package installer for LCDProc
After updating, LCDProc... Elvis Impersonator
01:33 PM pfSense Packages Feature #14653: Update to LCPROC NTP Screen
Elvis Impersonator wrote in #note-3:
> @jimp will it take a few days before the updated package is released?
It ... Jim Pingle
01:24 PM Revision 21a588f7: Unset DPCRE2/SPCRE2 options for haproxy-devel
Fix build failure:
====> You cannot select multiple options from the PCRE radio
=====> Only one of th... Kristof Provost
01:21 PM pfSense Packages Bug #14670 (Feedback): net-snmp does not ignore /var/unbound/dev
PR merged Jim Pingle
01:16 PM pfSense Packages Bug #14670: net-snmp does not ignore /var/unbound/dev
PR: https://github.com/pfsense/FreeBSD-ports/pull/1283 Jim Pingle
01:15 PM Feature #14402 (Resolved): Dynamic DNS support for Porkbun
Jim Pingle
06:35 AM Feature #14402: Dynamic DNS support for Porkbun
Work as expected, tested on ... Lev Prokofev
01:15 PM pfSense Packages Regression #14445 (Feedback): HAProxy PHP error /usr/local/www/haproxy/haproxy_global.php:138
PR merged -- also the same edit was made to the -devel package.
 Jim Pingle
10:18 AM Bug #8686: IPsec VTI: Assigned interface firewall rules are never parsed
Could the ipsec interface be enabled for inclusion to an interface group when the advanced ipsec filter mode is set t... beermount beermount
07:00 AM Bug #14628: PPPoE Interface Panic
Hi, it was reported again yesterday and the dump looks the same as mentioned earlier. I tried to check the system log... Faisal Mahmood

08/08/2023

11:42 PM pfSense Plus Bug #14586: Adding an IP Alias VIP using a unicast CARP VIP as its parent changes the CARP VIP to multicast at the OS level
I'm happy to test the fix in my environment if you'd like; I'd just need a diff/patch to apply if the official fix is... James George
04:13 PM pfSense Plus Bug #14586: Adding an IP Alias VIP using a unicast CARP VIP as its parent changes the CARP VIP to multicast at the OS level
Updating subject for release notes. Jim Pingle
04:09 PM pfSense Plus Bug #14586 (Feedback): Adding an IP Alias VIP using a unicast CARP VIP as its parent changes the CARP VIP to multicast at the OS level
Fixed in eab8453f Reid Linnemann
10:34 PM pfSense Packages Feature #14653: Update to LCPROC NTP Screen
@jimp will it take a few days before the updated package is released? Elvis Impersonator
08:41 PM pfSense Packages Bug #14670 (Resolved): net-snmp does not ignore /var/unbound/dev
Net-snmp has ignoreDisk directives for devfs mount points /dev and /var/dhcpd/dev, but is missing an ignoreDIsk direc... Denny Page
08:34 PM Regression #14525: PHP error in ``status_ipsec.php`` after removing active IPsec tunnel configuration
Another instance of this (v23.05):... Craig Coonrad
07:50 PM Bug #14648 (Feedback): Values obtained from ``sysctl`` are sometimes unexpectedly empty, leading to PHP and other math errors
Applied in changeset commit:054c25418f28bd0afeb1e4a3f07075db76f8f61b. Jim Pingle
07:42 PM Bug #14648: Values obtained from ``sysctl`` are sometimes unexpectedly empty, leading to PHP and other math errors
I never could reproduce the error condition but I added several safety belts to ensure the values are sane coming out... Jim Pingle
07:42 PM pfSense Packages Feature #13138: DNS over HTTPS/TLS Blocking should be removed from SafeSearch
The block list [if done by IP] offers the option to create an ALIAS which is more flexible then sink holing. I would ... Mike Moore
07:39 PM Revision 054c2541: Add safety belts around memory size checks. Fixes #14648
* Add safety checks when fetching the memory size
* Also ensure the state table size is sane if the memory check fails Jim Pingle
07:31 PM pfSense Packages Bug #14668: FRR BGP route is not making into kernel route table after WireGuard's peer change is applied
Ive ran into a similar issue as well. The routes will appear in FRR but you check the pfsense route table the routes ... Mike Moore
04:22 PM pfSense Packages Bug #14668 (New): FRR BGP route is not making into kernel route table after WireGuard's peer change is applied
I was able to reproduce this behavior in clear PfSense 2.7 setup with frr 1.3_1 and WireGuard 0.2.0_2, not sure which... Oleksii Tucha
07:27 PM pfSense Packages Feature #14669 (New): pfblocker log rotation on schedule
Allow the option to set logroate option (daily,weekly,monthly)
Im using pfBlocker stats to fill in a report and beca... Mike Moore
03:43 PM Bug #14356: URL scheme is not properly validated in some cases
Updating for release notes. Jim Pingle
03:41 PM Regression #14039: Limiters have no effect on upload traffic passed by policy routing rules
Updating subject for release notes. Jim Pingle
03:40 PM Bug #14497: Kernel panic when using traffic shaping on a PPPoE interface
Updating subject for release notes. Jim Pingle
03:36 PM Feature #14666: Option to add automatic pass rules for IGMP Proxy which allow IP options
I'd suggest a (default on, because it's basically required for it to work anyway) checkbox to create automagic rules ... Kristof Provost
02:49 PM Feature #14666 (New): Option to add automatic pass rules for IGMP Proxy which allow IP options
Users frequently get tripped up by IGMP not receiving traffic because by default, firewall rules do not allow packets... Jim Pingle
03:29 PM Feature #14667 (Resolved): Improve SCTP support in ``filterlog``
FreeBSD 14.x includes more support for SCTP in the OS and in PF. There is a separate issue underway for allowing port... Jim Pingle
03:22 PM Regression #14377 (Closed): Cannot add a QinQ interface to a bridge
Looks good in todays snapshot:... Steve Wheeler
02:15 PM Regression #14377: Cannot add a QinQ interface to a bridge
Doesn't appear to be specific to Plus Jim Pingle
03:05 PM Regression #14615 (Resolved): PHP crash during bootup with gateway monitoring enabled with custom monitor IP
Christian McDonald
03:03 PM Regression #14615: PHP crash during bootup with gateway monitoring enabled with custom monitor IP
Excluding from release notes since this wasn't a problem in a release, only during development. Jim Pingle
03:04 PM Bug #14619: Rule separators are ordered incorrectly after removing rules in certain positions
Updating subject for release notes. Jim Pingle
03:02 PM Feature #14457: Support receiving ``EAPOL`` frames on VLAN ``0`` in ``wpa_supplicant``
Updating subject for release notes. Jim Pingle
02:59 PM Regression #14370: Console and system log may contain unnecessary Netlink debug messages from IPsec
Updating subject for release notes. Jim Pingle
02:58 PM Bug #13088: Rapidly clicking certain options on OpenVPN Client Overrides can cause hide/show field behavior to invert
Updating subject for release notes. Jim Pingle
02:50 PM Bug #14301: Input validation error when saving IGMP Proxy settings
I also created a feature request for an option to handle the firewall rules we discussed: #14666 Jim Pingle
02:40 PM Bug #14301: Input validation error when saving IGMP Proxy settings
I made a dedicated issue for the VirtIO problem at #14665 Jim Pingle
02:22 PM Bug #14301: Input validation error when saving IGMP Proxy settings
The virtio issue did turn out to be a virtio problem. It doesn't allow IFF_ALLMULTI to be set (on systems where the h... Kristof Provost
12:35 PM Bug #14301 (Feedback): Input validation error when saving IGMP Proxy settings
Applied in changeset commit:a38aa6d7ffd121727eae9f0d5229b4121928e1f5. Kristof Provost
02:42 PM Bug #13277 (Duplicate): IGMP Proxy webConfigurator Page Always Produces Error
Duplicate of #14301 -- This one was first, but the fix is already committed and noted on #14301 Jim Pingle
02:39 PM Bug #14665 (Resolved): IGMP Proxy cannot start on VirtIO (``vtnet``) interfaces
Moved this over from #14301
From Kristof:
> I'm investigating another issue, which I suspect to be limited to ... Jim Pingle
02:36 PM Bug #12079: Kernel panic when running IGMP Proxy: Sleeping thread owns a non-sleepable lock
Updating subject for release notes. Jim Pingle
02:34 PM Bug #14524: Cannot select IP Alias VIP with CARP VIP parent in Virtual IP drop-down on Gateway Groups
Updating subject for release notes. Jim Pingle
02:31 PM Feature #14402: Dynamic DNS support for Porkbun
Updating subject for release notes. Jim Pingle
02:31 PM Bug #14637: PHP shell script ``pfanchordrill`` shows duplicate anchor content
Updating subject for release notes. Jim Pingle
02:28 PM Bug #14598: Link to view Captive Portal custom HTML page content does not work
Updating subject for release notes. Jim Pingle
02:28 PM Bug #14574: Firewall rules are not displayed properly when they reference a URL table alias and its file does not exist
Updating subject for release notes. Jim Pingle
02:21 PM Regression #14374: Static ARP entries are not configured at boot
Updating subject for release notes. Jim Pingle
02:21 PM Bug #13068: Firewall rules fail to load when a URL table alias file does not exist
Updating subject for release notes. Jim Pingle
02:17 PM pfSense Plus Bug #13348: Error when deleting ZFS Boot Environment created from duplicate of non-default entry
Updating subject for release notes. Jim Pingle
01:35 PM Bug #14660: Sticky Connections do not work properly when multiple connections have the same Gateway IP
Jim Pingle wrote in #note-1:
> That isn't a supported case. pf has no way to differentiate between two identical gat... Lucas Tam
12:24 PM Bug #14660 (Rejected): Sticky Connections do not work properly when multiple connections have the same Gateway IP
That isn't a supported case. pf has no way to differentiate between two identical gateways in this case and there isn... Jim Pingle
08:01 AM Bug #14660 (Rejected): Sticky Connections do not work properly when multiple connections have the same Gateway IP
I have set up a multi-WAN configuration that involves multiple PPPoE connections to my Internet service provider. Eac... Lucas Tam
01:15 PM Bug #14661 (New): ``dpinger`` can unintentionally choose an IPv6 VIP for a monitoring source
Jim Pingle
01:00 PM Bug #14661: ``dpinger`` can unintentionally choose an IPv6 VIP for a monitoring source
In that screenshot you can see that dpinger is using the CARP IP on a IPv6 gateway.
And this happens with all IPv6 g... Hannes Scherbichler
12:23 PM Bug #14661 (Feedback): ``dpinger`` can unintentionally choose an IPv6 VIP for a monitoring source
I can't reproduce this here, @dpinger@ is using the interface IPv6 address as expected. In the @dpinger@ command line... Jim Pingle
11:38 AM Bug #14661 (Closed): ``dpinger`` can unintentionally choose an IPv6 VIP for a monitoring source
Hello,
We have a pfSense cluster running with CARP and IPv6.
We noticed, that dpinger uses the CARP IP address as... Hannes Scherbichler
12:26 PM Revision a38aa6d7: igmpproxy: Do not display an error when saving changes. Fixes #14301
Kristof Provost

08/07/2023

11:49 PM Feature #3288 (In Progress): Support interface macros in Outbound NAT rules
Marcos M
09:24 PM pfSense Packages Bug #14659 (New): vlan (add/modify/delete) with pfblockerNG installed - all interfaces flap
Hard to say if this is a bug per se but its a reproducible problem.
1. create a LAGG with assigned VLANs and those... Mike Moore
09:19 PM pfSense Docs Todo #14658 (Resolved): Update firewall/NAT rule source/destination field references
The firewall/NAT rule source/destination fields have been updated:
https://github.com/pfsense/pfsense/commit/feefe2c... Marcos M
09:01 PM Bug #14301: Input validation error when saving IGMP Proxy settings
Note that that's mostly only a cosmetic problem. It does actually start igmpproxy.
I'm investigating another issue, ... Kristof Provost
08:12 PM Bug #14301 (Pull Request Review): Input validation error when saving IGMP Proxy settings
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/1058 Marcos M
08:25 PM Bug #14657 (Rejected): PHP Fatal error: Allowed memory size of 536870912 bytes exhausted (tried to allocate 4096 bytes) in /usr/local/www/diag_command.php on line 174
That is not a package created or maintained by Netgate. Contact its author for assistance. Jim Pingle
08:20 PM Bug #14657 (Rejected): PHP Fatal error: Allowed memory size of 536870912 bytes exhausted (tried to allocate 4096 bytes) in /usr/local/www/diag_command.php on line 174
Hi, I executed this command via the GUI
curl https://updates.sunnyvalley.io/getzenarmor | sh
and then this one... e ok
07:21 PM pfSense Docs Todo #14656 (Resolved): Feedback on Interface Types and Configuration — LAGG (Link Aggregation)
*Page:* https://docs.netgate.com/pfsense/en/latest/interfaces/lagg.html
*Feedback:* New to this so sorry if I'm ju... Anthony Celata
07:21 PM Bug #13068 (Resolved): Firewall rules fail to load when a URL table alias file does not exist
Marcos M
07:15 PM Bug #14637 (Feedback): PHP shell script ``pfanchordrill`` shows duplicate anchor content
Applied in changeset commit:68f5fc1bd5d2583317ab6e38f833070c2d1174cd. Marcos M
07:15 PM Bug #6799 (Feedback): Negating ``<interface> net`` when a VIP exists on the interface results in unintended behavior
Applied in changeset commit:85c4a8de0016bc4d192b60fd384af56aa4ba1376. Marcos M
07:13 PM pfSense Packages Bug #14654 (Resolved): Can't select BFD Peer for BGP Neighbor in GUI, Route Maps are shown instead
Jim Pingle
06:55 PM pfSense Packages Bug #14654: Can't select BFD Peer for BGP Neighbor in GUI, Route Maps are shown instead
Jim Pingle wrote in #note-4:
> Corrected packages are building now.
Updated, configured and checked on 2.7 - work... Oleksii Tucha
05:44 PM pfSense Packages Bug #14654 (Feedback): Can't select BFD Peer for BGP Neighbor in GUI, Route Maps are shown instead
It doesn't appear that I introduced an error in the behavior of the function that gathers BFD peers but I did spot an... Jim Pingle
12:52 PM pfSense Packages Bug #14654: Can't select BFD Peer for BGP Neighbor in GUI, Route Maps are shown instead
I probably made an error when updating all the FRR code for the new config access functions. I'll look into it today.
 Jim Pingle
07:12 PM Bug #13423 (Resolved): IPv6 neighbor discovery protocol (NDP) fails in some cases
Seems to be solid here after several days in a row and several interface events. Gateways are still showing green thr... Jim Pingle
07:08 PM Revision 68f5fc1b: Avoid displaying duplicate anchors with pfanchordrill. Fix #14637
Marcos M
07:06 PM Revision 85c4a8de: Use pf macros for <interface> subnets. Fix #6799
This changes the behavior of '<if> subnet' in generated firewall/NAT
rules. The previous behavior expands '<if> subne... Marcos M
06:20 PM Bug #14646: OpenVPN can select the wrong interface IP address when multiple addresses are present
In my testing here, the behavior is correct when that is set to a failover group.
@get_interface_ip(<group name>)@... Jim Pingle
06:09 PM pfSense Packages Feature #14653 (Feedback): Update to LCPROC NTP Screen
PR merged Jim Pingle
05:38 PM Revision 7e01141a: Don't restrict the outbound NAT target list
The target_type list was changed in abc9d914 to restrict the displayed
selection options depending on the interface. ... Marcos M
05:35 PM Feature #14650 (Resolved): Change default match modifier from "all of" to "any of"
Marcos M
03:55 PM Feature #14650 (Feedback): Change default match modifier from "all of" to "any of"
Applied in changeset commit:54756f9f683282ca8e850de61f9929a9f011cda1. Marcos M
04:48 PM pfSense Plus Bug #14586: Adding an IP Alias VIP using a unicast CARP VIP as its parent changes the CARP VIP to multicast at the OS level
I've got a similar patch incoming, and this should be included in the System Patches as well I think. Reid Linnemann
03:48 PM Revision 54756f9f: Change the default match for Port and MAC in the packet capture GUI. Implement #14650
Marcos M
03:39 PM pfSense Packages Bug #14496: FATAL ERROR: /usr/local/etc/snort/snort_11005_mvneta1/snort.conf(405) Please activate arpspoof before trying to use arpspoof_detect_host.
This error has returned for some reason Jonathan Lee
03:02 PM Bug #14651: pfSense 2.7.0 Release has PPPoE bug. Unable to even make connection. LCP: Down Event and Link: Down event with no explanation
Marcos M wrote in #note-1:
> Please continue to discuss the issue in the forum. Once steps to reproduce the issue on... Cin Lung Chen
01:35 PM Bug #14648: Values obtained from ``sysctl`` are sometimes unexpectedly empty, leading to PHP and other math errors
Yeah that's what I figured but what I can't figure out is why it would ever come back blank for that OID. I can't mak... Jim Pingle
01:32 PM Bug #14648: Values obtained from ``sysctl`` are sometimes unexpectedly empty, leading to PHP and other math errors
@var_dump(""/1000);@ produces the same error
the empty string does not cleanly cast automatically to an int.
@g... Christian McDonald
01:11 PM Bug #14648: Values obtained from ``sysctl`` are sometimes unexpectedly empty, leading to PHP and other math errors
I doubt it is related to hardware at all, but maybe a timing issue with reading those values from sysctl. It may be h... Jim Pingle
10:55 AM Bug #14648: Values obtained from ``sysctl`` are sometimes unexpectedly empty, leading to PHP and other math errors
I also get similar error:... Michael Clews
12:46 PM Bug #7589 (Resolved): ``diag_edit.php`` warning is not cleared after picking non-directory to load
Jim Pingle
12:14 PM Regression #14377 (Feedback): Cannot add a QinQ interface to a bridge
Kristof Provost
11:38 AM Bug #12079: Kernel panic when running IGMP Proxy: Sleeping thread owns a non-sleepable lock
This is the relevant commit: https://github.com/pfsense/FreeBSD-src/commit/f10efe9d5708cf2f385f17f6ed13909d84cea737
... Kristof Provost
04:41 AM Feature #12077: Allow stick-connections per gateway group
Yes, this would be useful in my scenario where I have 3 x 1Gbe PPPoE links and I only want my browser clients to be s... Lucas Tam
04:38 AM Feature #290: Add Multi-WAN awareness to UPnP
Same, interested, all packages should have multi-wan awareness? Lucas Tam

08/06/2023

03:25 PM Bug #14655: NAT behind a WAN rule" and "!WAN rule"
Im wanting about different NATs with the same ports Andre Lopez Araujo
03:24 PM Bug #14655 (Confirmed): NAT behind a WAN rule" and "!WAN rule"
Good morning,
I just set up a DMZ NAT for everything that is not a WAN Net, but when creating another NAT with the... Andre Lopez Araujo
09:14 AM pfSense Packages Feature #14652: FRR OSPF6 not working over wireguard
Correct, I am relying on neighbor discovery. But even if I wanted to define a static neighbor, there would not be any... beermount beermount
04:12 AM Bug #14646: OpenVPN can select the wrong interface IP address when multiple addresses are present
Wasn't sure if this applied to clients and servers. After applying changeset via system_patches I rebooted upstream g... Jordan G
03:02 AM pfSense Packages Regression #14445: HAProxy PHP error /usr/local/www/haproxy/haproxy_global.php:138
Please see this pull request: https://github.com/pfsense/FreeBSD-ports/pull/1282 Alex Neihaus

08/05/2023

11:13 PM pfSense Packages Bug #14654: Can't select BFD Peer for BGP Neighbor in GUI, Route Maps are shown instead

confirmed.
BFD option(in BGP Neighbors) does not list BFD peers , it shows Route Map lists.
tested on 2.7 and... Alhusein Zawi
09:24 PM pfSense Packages Bug #14654: Can't select BFD Peer for BGP Neighbor in GUI, Route Maps are shown instead
FRR package version is 1.3, if that does matter.
It was working in FRR 1.1.1_7 (which is still installed in my 2.6 i... Oleksii Tucha
09:21 PM pfSense Packages Bug #14654 (Resolved): Can't select BFD Peer for BGP Neighbor in GUI, Route Maps are shown instead
To reproduce:
1. Install FRR
2. Create Route Map
3. Try to select a BFD Peer for BGP Neighbor
!bfd.png!
The se... Oleksii Tucha
11:10 PM pfSense Packages Bug #12899: Suricata doesn't honor Pass List
This has proven to be a very hard bug to find and fix. The problem is random. I have thus far been unable to reproduc... Bill Meeks
10:45 PM pfSense Packages Bug #14644: Zeek PHP error after upgrade to CE 2.7.0
Do any issues occur with the package post-upgrade or is just the upgrade PHP errors the only issue? Kris Phillips
10:44 PM pfSense Packages Feature #14652: FRR OSPF6 not working over wireguard
Hello,
Are you relying on neighbor discovery or do you have neighbors manually programmed in across the link? Typ... Kris Phillips
12:55 PM pfSense Packages Feature #14652: FRR OSPF6 not working over wireguard
Also see https://redmine.pfsense.org/issues/12760 beermount beermount
10:53 AM pfSense Packages Feature #14652 (New): FRR OSPF6 not working over wireguard
FRR OSPF6 is unable to form neighborship without adding link-local alias to wireguard interface.
Unless i perform:... beermount beermount
10:20 PM pfSense Packages Feature #14653: Update to LCPROC NTP Screen
Update LCDPROC NTP Screen
* Add time zone
* Improved selection between GPS and PPS
* Add stability parameter for P... Elvis Impersonator
03:01 PM pfSense Packages Feature #14653 (Feedback): Update to LCPROC NTP Screen
Update to LCDPROC NTP Screen
* Add time zone
* Add local PPS stability pps
https://github.com/pfsense/FreeBSD-po... Elvis Impersonator
10:01 PM pfSense Packages Bug #14287 (Feedback): pfBlockerNG does not uninstall cleanly when using RAM disks
I'm seeing this on 23.05.1 pfBlockerNG 3.2.0_5 across multiple devices. Perhaps you need an existing pfBlockerNG sect... Jordan G
08:45 AM pfSense Packages Bug #14287 (Resolved): pfBlockerNG does not uninstall cleanly when using RAM disks
No PHP errors on 23.05.1 when deleting 3.2.0_5 package with unchecked "keep config"... Lev Prokofev
04:33 PM Bug #6799: Negating ``<interface> net`` when a VIP exists on the interface results in unintended behavior
Tested and reproduced. Also tested with patch applied.
Steps to reproduce:
1. Create a LAN rule with Source ... Kris Phillips
03:33 PM Bug #14651 (Incomplete): pfSense 2.7.0 Release has PPPoE bug. Unable to even make connection. LCP: Down Event and Link: Down event with no explanation
Please continue to discuss the issue in the forum. Once steps to reproduce the issue on other systems (or specific de... Marcos M
09:22 AM Bug #14651 (Incomplete): pfSense 2.7.0 Release has PPPoE bug. Unable to even make connection. LCP: Down Event and Link: Down event with no explanation
Sorry if this is wrong, I am frustrated and would love to be pointed to the right direction. I made a post in the for... Cin Lung Chen
12:50 PM Bug #7589: ``diag_edit.php`` warning is not cleared after picking non-directory to load
Patch clear the warning after you click browse.
Tested on ... Lev Prokofev
09:41 AM pfSense Packages Regression #14189: pfBlocker-NG: HA-Sync is not working
the typo fix patch from the forum thread does fix the Sync functional for pfBlockerNG
tested on
Version 23.05.1-RE... Georgiy Tyutyunnik
09:36 AM Bug #14646: OpenVPN can select the wrong interface IP address when multiple addresses are present
wasn't able to reproduce the original issue as it's stated in the ticket.
However, found a somewhat linked issue:
I... Georgiy Tyutyunnik
05:52 AM Bug #14631: ACL on DNS Resolver is not updated list after IPs changed on interfaces
Can confirm, adding the IP on interfaces doesn't trigger the unbound to reload the config, and the new subnet is not ... Lev Prokofev

08/04/2023

09:55 PM Feature #14650 (Pull Request Review): Change default match modifier from "all of" to "any of"
The default match selection for @PORT NUMBER@ and @HOST MAC ADDRESS@ has been changed to @any of@; this is the more c... Marcos M
06:31 PM Feature #14650 (Resolved): Change default match modifier from "all of" to "any of"
It makes more sense to default the match Christian McDonald
08:09 PM Feature #14620: Support running DHCPv4 Server and DHCPv4 Relay at the same time on different interfaces
We will need to re-test this, as the previous attempt ended up breaking DHCPv6 completely.
More work is needed to su... Christian McDonald
06:24 PM Feature #13377: Option to configure a custom value for the PHP memory limit
Jonathan Lee wrote in #note-15:
> Thanks for the reply,
>
> just to confirm the is the Path Strip Count 2 for you... Christopher Cope
06:04 PM Feature #13377: Option to configure a custom value for the PHP memory limit
Thanks for the reply,
just to confirm the is the Path Strip Count 2 for your patch?
!clipboard-202308041104-h72... Jonathan Lee
05:30 PM Feature #13377: Option to configure a custom value for the PHP memory limit
Jonathan Lee wrote in #note-10:
> Could this also be adapted to use a disk swap? That way it could have an option to... Christopher Cope
05:28 PM Feature #13377: Option to configure a custom value for the PHP memory limit
Jonathan Lee wrote in #note-12:
> I added your patch set this to 512mb and I am still getting that snort error for a... Christopher Cope
04:33 PM Feature #13377: Option to configure a custom value for the PHP memory limit
I added your patch set this to 512mb and I am still getting that snort error for active rules
Crash report begins.... Jonathan Lee
03:57 PM Feature #13377: Option to configure a custom value for the PHP memory limit
is the Path Strip Count 2 for the patch? Jonathan Lee
03:42 PM Feature #13377: Option to configure a custom value for the PHP memory limit
Could this also be adapted to use a disk swap? That way it could have an option to use and allocate fixed disk storag... Jonathan Lee
06:07 PM Regression #14649: PHP error with One.com Dynamic DNS provider
https://redmine.pfsense.org/issues/14558
Could DoH support help with this? Jonathan Lee
03:52 PM Regression #14649: PHP error with One.com Dynamic DNS provider
confirmed and reproduced on:
Version 2.7.0-RELEASE (amd64)
built on Wed Jun 28 03:53:34 UTC 2023
FreeBSD 14.0-CURR... Georgiy Tyutyunnik
01:05 PM Regression #14649 (Resolved): PHP error with One.com Dynamic DNS provider
Tested on ... Lev Prokofev
06:00 PM pfSense Packages Bug #14498: php errors when looking at snort active rules
[04-Aug-2023 09:30:42 US/Pacific] PHP Fatal error: str_ireplace(): Cannot use output buffering in output buffering d... Jonathan Lee
04:36 PM pfSense Packages Bug #14498: php errors when looking at snort active rules
@Christopher Cope
I have tested your patch attached here. Strip level 2
set to 512mb
Hover I am still getting... Jonathan Lee
03:37 PM pfSense Packages Bug #14498: php errors when looking at snort active rules
Amazing, thanks for sharing I appreciate you. Jonathan Lee
04:37 PM pfSense Packages Feature #13575 (In Progress): Update to frr 9.0.1
This appears to be functioning OK for the most part but it isn't building with the SNMP option enabled yet. There is ... Jim Pingle
03:16 PM pfSense Packages Bug #12899: Suricata doesn't honor Pass List
I've also experienced this for quite awhile. I created an alias for a vendor and added all IP addresses and ranges kn... tasty ratz
06:23 AM pfSense Packages Feature #14032: Neighbor Discovery Proxy (NDproxy)
NDProxy is the only way we have been able to get IPv6 working for our company network, and that have been possible on... Filippo Tessarotto

08/03/2023

10:05 PM pfSense Packages Regression #14189: pfBlocker-NG: HA-Sync is not working
Related: "Sync to configured backup server" option does not allow to Save without an IP address in the target below.
... dylan mendez
08:09 PM pfSense Packages Regression #14189: pfBlocker-NG: HA-Sync is not working
Patch to fix the typo was posted at https://forum.netgate.com/post/1108304 Steve Y
08:57 PM pfSense Packages Feature #13575 (Feedback): Update to frr 9.0.1
Merged https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/350 Marcos M
07:49 PM pfSense Packages Feature #14625: Add NTP Screens to LCDPROC
The installed packages Widget did not show there was a new package. Package manage did, but that was when it failed.... Elvis Impersonator
07:35 PM pfSense Packages Feature #14625: Add NTP Screens to LCDPROC
Probably best to move it to the forum then, there may be something that needs fixed on your system, but it's not a ge... Jim Pingle
07:34 PM pfSense Packages Feature #14625: Add NTP Screens to LCDPROC
checked branch and it set correctly
 Elvis Impersonator
07:31 PM pfSense Packages Feature #14625: Add NTP Screens to LCDPROC
No issues installing or upgrading it here. Make sure the update branch is set to the appropriate version that matches... Jim Pingle
07:15 PM pfSense Packages Feature #14625: Add NTP Screens to LCDPROC
@jimp
new LCDPROC package will not install
WARNING: Current pkg repository has a new PHP major
version. pfSens... Elvis Impersonator
06:36 PM pfSense Packages Feature #14625 (Feedback): Add NTP Screens to LCDPROC
Merged in LCDProc package version 0.11.5 Jim Pingle
06:38 PM Feature #14448 (Resolved): Support interface groups in firewall rule source/destination fields
Marcos M
03:43 PM pfSense Docs New Content #14647: Add a note for ixgbe linking at NBase-T
N.B. They will need to check the current value and add the desired value to it. Support varies by NIC/Chip/SFP/etc. S... Jim Pingle
03:22 PM pfSense Docs New Content #14647: Add a note for ixgbe linking at NBase-T
The sysctl that needs to be set is: dev.ix.X.advertise_speed
So for example set dev.ix.3.advertise_speed=0x1b to a... Steve Wheeler
12:39 PM Bug #14648: Values obtained from ``sysctl`` are sometimes unexpectedly empty, leading to PHP and other math errors
Normally I'd say we could just change the lines there to cast to @int@ but I'm curious why it fails to automatically ... Jim Pingle
11:18 AM Bug #14648 (Feedback): Values obtained from ``sysctl`` are sometimes unexpectedly empty, leading to PHP and other math errors
In 23.05.1:... Steve Wheeler
11:31 AM pfSense Packages Feature #9141: FRR xmlrpc
In simple setups like mine I believe having the same BGP configuration on both Primary and Secondary members is what ... Adrian Dascalu

08/02/2023

11:26 PM Feature #14640 (Pull Request Review): Extend support for SCTP in firewall and NAT rules
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/1056 Marcos M
10:01 PM pfSense Docs New Content #14647 (Resolved): Add a note for ixgbe linking at NBase-T
The ixgbe driver in 23.01/2.7 recognises link speeds of 2.5G and 5G and can be set to use them as fixed speeds.
How... Steve Wheeler
07:25 PM Bug #14646 (Feedback): OpenVPN can select the wrong interface IP address when multiple addresses are present
Applied in changeset commit:340aa54839a5b3a8fb74b66919511cebb307bb57. Jim Pingle
07:14 PM Bug #14646 (Resolved): OpenVPN can select the wrong interface IP address when multiple addresses are present
If there are multiple IP addresses and VIPs on an interface, OpenVPN can unintentionally select the wrong address.
... Jim Pingle
07:14 PM Revision 340aa548: Correct OpenVPN if IP addr code. Fixes #14646
Jim Pingle
06:28 PM pfSense Packages Bug #14645 (Resolved): Snort interface "External Net" (EXTERNAL_NET) custom IP list should have negation when expanded
Hello,
I'm not really good with Snort but all my search results confirm that it is common to have @EXTERNAL_NET@ c... Dzmitry Kazei
05:52 PM Revision e4bba4ab: "OpenVPN clients" is not a valid rule src/dst, remove it.
Marcos M
04:59 PM Revision 35abdef2: Revert "services_dhcp_relay.php: introduce proper shortcut section for dhcrelay"
This reverts commit 834bb946dd952f1d7a59e131d6b265cc82b7837d. Christian McDonald
04:58 PM Revision f137d9cd: Revert "services_dhcp.php: cleanup warning notice when DHCP relay is enabled"
This reverts commit 564905382d696ef80b45e7552f4fdc502a7d2053. Christian McDonald
04:29 PM Revision e9995ff3: Revert "services_dhcp.php: just hide relay-enabled interfaces"
This reverts commit 7a1d5e27022fb7183e8a7b17b5514169cbd7ecc7. Christian McDonald
04:28 PM Revision 3fa4d6fe: Revert "dhcp: support simultaneous v4 dhcpd and dhcrelay, Implements #14620"
This reverts commit e9577ebfd7852646a66697a3bde41b712687a4ca. Christian McDonald
01:17 PM Bug #14634: The default gateway icon is not updated when the default gateway is changed to none
This looks likely to be the same cause as this: https://redmine.pfsense.org/issues/14171#note-3
The command used f... Steve Wheeler
12:01 PM pfSense Packages Bug #14644 (Not a Bug): Zeek PHP error after upgrade to CE 2.7.0
First login after upgrading to 2.7.0, a couple of PHP error notices are shown, one of them related to Zeek:
@PHP E... e 1/1
12:00 PM pfSense Packages Bug #14643 (Not a Bug): Suricata PHP error after upgrade to CE 2.7.0
First login after upgrading to 2.7.0, a couple of PHP error notices are shown, one of them related to Suricata:
@P... e 1/1
04:16 AM Bug #12079: Kernel panic when running IGMP Proxy: Sleeping thread owns a non-sleepable lock
Awesome Kristof, I'll be happy to test it.
Could you briefly explain how to apply the patch?
I'm on CE 2.7.0 and ... Arturo de Vries

08/01/2023

10:47 PM Feature #14640 (In Progress): Extend support for SCTP in firewall and NAT rules
Marcos M
06:29 PM Feature #14640 (Resolved): Extend support for SCTP in firewall and NAT rules
As of 47d0c1fe7d3279e9d38df75cf0c359b1fbc26d5e (on devel-main) pf has improved SCTP support. It can now filter on SCT... Kristof Provost
10:21 PM pfSense Packages Feature #13575: Update to frr 9.0.1
Tested in 23.09 by running:... Marcos M
08:06 PM pfSense Packages Feature #14642 (New): nfsen-nfdump intergration
Can we get nfdump/nfsen package integrated within pfsense? Have sflow send data to nfsen. The built-in collector woul... Mike Moore
07:29 PM Todo #1521: Multipath Routing GUI Support
See also: #9545, #14641 Jim Pingle
07:28 PM Todo #1521: Multipath Routing GUI Support
As of Plus 23.05.1 and CE 2.7.0, the OS supports multipath routing (i.e. ECMP).
However, outside of FRR, there isn... Jim Pingle
07:29 PM Feature #9545: Enable Multipath Routing in the Kernel
See also: #1521, #14641 Jim Pingle
06:44 PM Feature #9545 (Resolved): Enable Multipath Routing in the Kernel
From our local testing here on Plus (23.05.1, 23.09 snaps) and CE (2.7.0, 2.8.0 snaps), with both static and BGP it a... Jim Pingle
07:28 PM pfSense Docs New Content #14641: Add content about multipath routing
See also: #1521, #9545 Jim Pingle
07:07 PM pfSense Docs New Content #14641 (Resolved): Add content about multipath routing
Now that the OS supports multipath routing it should be covered in the docs were appropriate.
See #9545 for notes/... Jim Pingle
07:25 PM pfSense Packages Feature #14625: Add NTP Screens to LCDPROC
Round 3
https://github.com/pfsense/FreeBSD-ports/pull/1278
 Elvis Impersonator
06:52 PM Revision c76dadcc: Add Next Hop info to status output
Jim Pingle
04:11 PM Regression #14431: Sending IPv6 traffic on a disabled interface can trigger a kernel panic
Is Tailscale also in play here? I've trying and failing to reproduce this again. No matter what I try to do, I simply... Kristof Provost
03:20 PM Bug #14577: OpenVPN not removing old Cisco-AVPair anchor rules and files in ``/tmp``
Until the referenced functionality is added upstream, floating client support will need to be disabled if avpair rule... Marcos M
02:28 PM Bug #14577: OpenVPN not removing old Cisco-AVPair anchor rules and files in ``/tmp``
I have to disagree that they are a cosmetic issue.
This issue was originally discovered via the following:
1. A n... Michael Mercier
11:21 AM pfSense Docs Correction #14639 (Resolved): Multiple email address notification
https://docs.netgate.com/pfsense/en/latest/config/advanced-notifications.html#smtp-e-mail
Please add a note about ... Mike Moore
04:54 AM pfSense Packages Bug #14638 (Closed): Upgrading from Tailscale 0.1.3.1 to 0.1.4 does not start tailscale after upgrading
After upgrading Tailscale from 0.1.3.1 to 0.1.4, Tailscale was not running according to the status page.
I was abl... R W

07/31/2023

08:41 PM Bug #14577 (Needs Patch): OpenVPN not removing old Cisco-AVPair anchor rules and files in ``/tmp``
The duplicate rules listed with @pfanchordrill@ are a cosmetic issue - see #14637.
As for the files that aren't be... Marcos M
08:33 PM Bug #14637 (Pull Request Review): PHP shell script ``pfanchordrill`` shows duplicate anchor content
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/1054
For future reference, @pfctl -vsA@ loops through L3... Marcos M
08:31 PM Bug #14637 (Resolved): PHP shell script ``pfanchordrill`` shows duplicate anchor content
... Marcos M
07:55 PM Regression #14635 (Feedback): "Legacy" strength PKCS#12 Export needs ``-legacy`` provider parameter on OpenSSL command
Applied in changeset commit:9b9eaaeaa6cfa87c1320687836496d316aac61ef. Jim Pingle
07:47 PM Regression #14635: "Legacy" strength PKCS#12 Export needs ``-legacy`` provider parameter on OpenSSL command
Export package issue: #14636 Jim Pingle
07:44 PM Regression #14635 (Resolved): "Legacy" strength PKCS#12 Export needs ``-legacy`` provider parameter on OpenSSL command
On current dev snapshots with OpenSSL 3.0, the "Legacy" strength PKCS#12 export (RC2-40+SHA1) is unsupported by defau... Jim Pingle
07:48 PM Revision 9b9eaaea: Allow legacy PKCS#12 export to function (for now). Fixes #14635
Jim Pingle
07:47 PM pfSense Packages Regression #14636 (Resolved): "Legacy" strength PKCS#12 Export needs ``-legacy`` provider parameter on OpenSSL command
See #14635 for details.
The export package will need a change similar to that one from #14635 but it will need to ... Jim Pingle
07:30 PM Bug #14634 (Confirmed): The default gateway icon is not updated when the default gateway is changed to none
Link to the discussion in question: https://forum.netgate.com/topic/180684/bug-in-default-gateway-selection
As des... Fabiano B. Franco
07:19 PM Feature #9545: Enable Multipath Routing in the Kernel
Jim Pingle wrote in #note-16:
> Turns out it's already enabled in the current builds. FRR without the "multipath" op... Chris Baker
06:54 PM Bug #13423 (Feedback): IPv6 neighbor discovery protocol (NDP) fails in some cases
Lets wait until we get more real-world testing to call it completely resolved. Jim Pingle
06:53 PM Bug #13423 (Resolved): IPv6 neighbor discovery protocol (NDP) fails in some cases
I was able to reliably reproduce this before, and can no longer reproduce it with the fix. Marcos M
06:50 PM Bug #13423: IPv6 neighbor discovery protocol (NDP) fails in some cases
I upgraded my edge to a dev snap with the fix and so far, so good. Everything across the board is green in my lab for... Jim Pingle
06:39 PM Bug #14619 (Resolved): Rule separators are ordered incorrectly after removing rules in certain positions
Original issue is now fixed, and all test cases referenced in the attachments of #9887 pass as well; separators in th... Marcos M
05:40 PM Bug #14619 (Feedback): Rule separators are ordered incorrectly after removing rules in certain positions
Applied in changeset commit:8a12728da23fc7cb654cec4a97670ef2b6dfb239. Marcos M
06:00 PM Regression #14616: dpinger does not start after renewing DHCP
Kris Phillips wrote in #note-1:
> Hello,
>
> Is there no default route defined when you go to Diagnostics --> Rou... Maternal Pause
03:12 PM Regression #14616: dpinger does not start after renewing DHCP
You can edit the "/conf/config.xml" file under "<system>" and add a new line with "<route-debug></route-debug>" to ge... Kyouko M
05:45 PM Feature #14448 (Feedback): Support interface groups in firewall rule source/destination fields
Applied in changeset commit:9fbd5798a3d76b36e6cc37debc5a37d382977a78. Marcos M
05:32 PM Revision abc9d914: Refactor translation target for outbound NAT
Marcos M
05:32 PM Revision feefe2c3: Refactor display of special networks
Marcos M
05:32 PM Revision 9fbd5798: Allow use of interface groups in firewall rule source/destination fields. Implement #14448
Marcos M
05:32 PM Revision ccf3b257: Refactor usage of special networks
Pre-requisite for easier implementation of interface group in firewall rules. Marcos M
05:30 PM Revision 8a12728d: Use the correct index when saving rule separators. Fix #14619
Also fix displaying rule separators with an out of range index. Marcos M
04:46 PM pfSense Packages Feature #14625: Add NTP Screens to LCDPROC
Tested files attached Elvis Impersonator
04:44 PM pfSense Packages Feature #14625: Add NTP Screens to LCDPROC
Updated PR
https://github.com/pfsense/FreeBSD-ports/pull/1277 Elvis Impersonator
02:53 PM pfSense Packages Feature #14625 (Pull Request Review): Add NTP Screens to LCDPROC
Jim Pingle
04:08 PM pfSense Packages Feature #14633: Cleanup states on dynamic routing changes
The scripting hook described at https://docs.frrouting.org/en/latest/scripting.html seems promising. If nothing else ... Jim Pingle
03:59 PM pfSense Packages Feature #14633: Cleanup states on dynamic routing changes
This is specific to FRR, so I moved it to the FRR package.
Base system routing changes of this nature are already ... Jim Pingle
03:57 PM pfSense Packages Feature #14633 (Feedback): Cleanup states on dynamic routing changes
Currently, with FRR, dynamic routing changes does not cleanup old firewall states causing traffic to flow incorrectly... Christopher de Haas
03:46 PM Regression #14502: DHCPv6 Prefix Delegation (PD) not installing routes
For another confirmation point, I upgraded my edge to 23.09 dev snapshots and dhcpleases6 is running and I have route... Jim Pingle
03:43 PM pfSense Packages Feature #14629: Add option control LCDProc ``syslog`` behavior
Worth noting that the old hardcoded default was level 3. When I added the option I made the new default level 2 to al... Jim Pingle
03:18 PM pfSense Packages Feature #14629 (Feedback): Add option control LCDProc ``syslog`` behavior
Added in LCDProc package v0.11.4_2 which is building now and will be available shortly.
 Jim Pingle
03:28 PM Revision 7a1d5e27: services_dhcp.php: just hide relay-enabled interfaces
Christian McDonald
02:36 PM pfSense Packages Bug #14627: FRR prefix list creation failure
The validation could use some work but it's not completely broken as-is, it can be worked around.
If you enter the... Jim Pingle
02:25 PM Bug #14261: Trim white space in a DHCP Leases page search field
I'm not sure I agree this is a problem exactly as stated. Sometimes I may want to search for a specific string that s... Jim Pingle
01:52 PM Bug #14622 (Not a Bug): Special characters can cause the CDATA tags to be stripped during HA Sync
I can't duplicate this as stated in any case. I can create a user with a full name of "Tést" and it synchronizes with... Jim Pingle
10:56 AM Bug #14622: Special characters can cause the CDATA tags to be stripped during HA Sync
Upon further testing we found the following:
Accented characters (or an apostrophe for that matter too) present in... Udo Llorens
10:20 AM Bug #14622: Special characters can cause the CDATA tags to be stripped during HA Sync
Tested on... Udo Llorens
01:43 PM pfSense Packages Feature #14630: FRR script hook for clearing states on routing changes
If such extensions were possible those would require developing new features to accommodate them, adding the new func... Jim Pingle
01:32 PM pfSense Packages Feature #14630: FRR script hook for clearing states on routing changes
Hi Jim,
Thanks for responding to this quickly, and thanks for the floating-rule idea. I get that it can help mitigat... Christopher de Haas
12:34 PM pfSense Packages Feature #14630 (Not a Bug): FRR script hook for clearing states on routing changes
There is no event or mechanism by which that situation could be identified and acted upon.
If it were a built-in W... Jim Pingle
05:55 AM pfSense Packages Feature #14630 (New): FRR script hook for clearing states on routing changes
I have been chasing an issue of dropped traffic, and finally found the issue. A client is repeatedly sending traffic ... Christopher de Haas
12:48 PM Bug #14624 (Not a Bug): DNS Lookup tool doesn't respect 'DNS Resolution Behavior: Use local, ignore remote' when DoT is configured
That page uses several different techniques to function and some do not use the local resolver directly. For example,... Jim Pingle
12:29 PM pfSense Packages Feature #14632 (Rejected): Add flock pacakage to pfsense repository
There isn't nearly enough information here. Do you mean the @sysutils/flock@ port from FreeBSD? Or something else?
... Jim Pingle
11:50 AM pfSense Packages Feature #14632 (Rejected): Add flock pacakage to pfsense repository
i would like to use flock with cron jobs
Thanks Richard Horvath
12:24 PM Bug #14628: PPPoE Interface Panic
Looking at the end of the message buffer there were a lot of interface link transitions up/down on a PPPoE interface ... Jim Pingle
12:15 PM pfSense Packages Bug #14484 (Resolved): lldpd php error on saving with no interface selected
Jim Pingle
12:14 PM Bug #14626: Multi-WAN IPsec does not fail over when preferred WAN loses link
Thomas Simon wrote in #note-3:
> Hi Kris. thanks for the quick response. Yes, attempting. However on the failed WAN ... Jim Pingle
07:53 AM pfSense Packages Feature #14468: pass along ntopng professional license key
Hi, I thought I was the only one with this issue. I need to install my NTOPNG Pro license on Ver 23.05.1 but even if ... Russ Reynolds
06:48 AM Bug #14631 (Duplicate): ACL on DNS Resolver is not updated list after IPs changed on interfaces
ACL on DNS Resolver is not updated list after IPs changed on interfaces.
How to repruduce:
1. Create new interface
... aleksei prokofiev

07/30/2023

10:36 PM Bug #14604: Bugs in dhclient implementation according to RFC 2131
I will look at this, as I’m currently doing a lot of DHCP work at the moment.
(We are also looking at moving to dh... Christian McDonald
09:27 PM Bug #14604: Bugs in dhclient implementation according to RFC 2131
Reported upstream in https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=272827, turns out dhclient needs some updating... Nazar Mokrynskyi
07:53 PM Bug #14626: Multi-WAN IPsec does not fail over when preferred WAN loses link
Kris Phillips wrote in #note-2:
> Thomas Simon wrote in #note-1:
> > Thomas Simon wrote:
> > > Hi
> > >
> > > I have... Thomas Simon
12:02 AM Bug #14626: Multi-WAN IPsec does not fail over when preferred WAN loses link
Thomas Simon wrote in #note-1:
> Thomas Simon wrote:
> > Hi
> >
> > I have a site to site to vpn over ipsec betw... Kris Phillips
12:41 PM pfSense Packages Feature #14629: Add option control LCDProc ``syslog`` behavior
Another options might be to allow changing the log level
ReportLevel=3
ReportLevel = LEVEL
Sets the reporting lev... Elvis Impersonator
11:06 AM pfSense Packages Feature #14629 (Resolved): Add option control LCDProc ``syslog`` behavior
Currently there is no way via the package config GUI to disable messages getting written to the /var/log/system.log.... Elvis Impersonator
10:48 AM pfSense Packages Bug #14572: Unused DNSBL files may not be removed
Hi,
this is stable branch.
 Jove Too
01:17 AM pfSense Packages Bug #14572: Unused DNSBL files may not be removed
Hello,
Is this with the devel or stable branch of pfBlockerNG? Kris Phillips
06:59 AM Bug #14628 (New): PPPoE Interface Panic
Hi,
I recently upgraded from 2.7 CE to 23.05 Plus version for my home network. But it keeps crashing after 2,3 day... Faisal Mahmood
02:02 AM pfSense Packages Bug #14287 (Feedback): pfBlockerNG does not uninstall cleanly when using RAM disks
I'm no longer able to recreate this in 23.05.1. If someone else can also confirm no more issues, we can mark this as... Kris Phillips
01:59 AM pfSense Packages Feature #14447 (In Progress): Update haproxy from 2.6 to 2.8 lts
HAProxy 2.8.1 is in the stable package in 23.09 of Plus.
Current version in 23.05.1 is 2.2.29. Kris Phillips
12:04 AM Regression #14616: dpinger does not start after renewing DHCP
Hello,
Is there no default route defined when you go to Diagnostics --> Routes? Kris Phillips

07/29/2023

10:13 PM Bug #14261 (Pull Request Review): Trim white space in a DHCP Leases page search field
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/1053 Christopher Cope
07:46 PM Feature #14620: Support running DHCPv4 Server and DHCPv4 Relay at the same time on different interfaces

DHCPv4 Relay is available on interface that does not run DHCP .
2.8.0.a.20230728.0600 Alhusein Zawi
06:03 PM pfSense Packages Bug #14484: lldpd php error on saving with no interface selected
confirmed, now working with lldpd 0.9.11_2 Jordan G
12:30 PM pfSense Packages Bug #14484: lldpd php error on saving with no interface selected
Tested on 23.05.1 and 2.7.0 ... aleksei prokofiev
04:53 PM pfSense Packages Bug #14627: FRR prefix list creation failure
The same behavior is on FRR v1.2_3 Lev Prokofev
04:40 PM pfSense Packages Bug #14627 (New): FRR prefix list creation failure
If you try to create a Prefix List with multiple Prefix List Entries and you check the checkbox Any in the last row, ... Danilo Zrenjanin
03:23 PM Bug #14626: Multi-WAN IPsec does not fail over when preferred WAN loses link
Thomas Simon wrote:
> Hi
>
> I have a site to site to vpn over ipsec between HO and a branch office. Now i have g... Thomas Simon
03:20 PM Bug #14626 (Resolved): Multi-WAN IPsec does not fail over when preferred WAN loses link
Hi
I have a site to site to vpn over ipsec between HO and a branch office. Now i have got added one more WAN conne... Thomas Simon
03:03 PM pfSense Packages Feature #14625 (Feedback): Add NTP Screens to LCDPROC
updated the lcdproc_client.php and lcdproc_screens.php to include NTP screen
https://github.com/pfsense/FreeBSD-po... Elvis Impersonator
08:25 AM pfSense Packages Bug #14275 (Resolved): Deleting a route map that is assigned to an active neighbor causes crash
Tested against FRR Package v1.3.
It's fixed.
I am marking this ticket resolved. Danilo Zrenjanin
08:00 AM pfSense Packages Regression #14561 (Resolved): FRR errors accessing Global Settings after deleting BGP neighbor
Tested against FRR Package v1.3.
It's fixed.
I am marking this ticket resolved. Danilo Zrenjanin
07:56 AM pfSense Packages Bug #14562 (Resolved): PHP error when trying to run OSPF and BGP in the same time
Tested against FRR Package v1.3. It's fixed.
I am marking this ticket resolved. Danilo Zrenjanin
04:58 AM pfSense Packages Regression #14494 (Resolved): FRR,PHP errors when deleting AS-path
No more errors with the 1.3 package, marked it resolved. Lev Prokofev
04:53 AM pfSense Packages Regression #14493 (Resolved): FRR,PHP errors when deleting neighbor
No more errors, with the 1.3 package, marked it resolved. Lev Prokofev

07/28/2023

11:00 PM Bug #14624: DNS Lookup tool doesn't respect 'DNS Resolution Behavior: Use local, ignore remote' when DoT is configured
Will also say that I'm unsure if this is of significance or just due to my lack of understanding on what the GUI is a... Chris W
11:00 PM Bug #14624 (Not a Bug): DNS Lookup tool doesn't respect 'DNS Resolution Behavior: Use local, ignore remote' when DoT is configured
When DoT is configured according to https://docs.netgate.com/pfsense/en/latest/recipes/dns-over-tls.html, the DNS Loo... Chris W
10:17 PM Regression #14623 (Resolved): Primary interface address is incorrectly set to the last address on the interface
The fixes for #11545 seem to have introduced another regresssion when finding the primary interface address.
My WA... Ajay Easter
09:30 PM Bug #14622 (Not a Bug): Special characters can cause the CDATA tags to be stripped during HA Sync
Tested on... Christopher Cope
08:46 PM pfSense Packages Bug #14606 (Resolved): Deleting Last BFD Profile in FRR Package Causes PHP Fatal Error
Jim Pingle
08:30 PM pfSense Packages Bug #14606: Deleting Last BFD Profile in FRR Package Causes PHP Fatal Error
Jim Pingle wrote in #note-4:
> Fixed in FRR Package v1.3, which is building now and will be available shortly.
I ... Bill Hughes
05:44 PM pfSense Packages Bug #14606 (Feedback): Deleting Last BFD Profile in FRR Package Causes PHP Fatal Error
Fixed in FRR Package v1.3, which is building now and will be available shortly. Jim Pingle
05:46 PM pfSense Packages Bug #14275 (Feedback): Deleting a route map that is assigned to an active neighbor causes crash
This should be fixed in FRR Package v1.3, which is building now and will be available shortly. Jim Pingle
05:44 PM pfSense Packages Regression #14493 (Feedback): FRR,PHP errors when deleting neighbor
Fixed in FRR Package v1.3, which is building now and will be available shortly. Jim Pingle
05:44 PM pfSense Packages Regression #14494 (Feedback): FRR,PHP errors when deleting AS-path
Fixed in FRR Package v1.3, which is building now and will be available shortly. Jim Pingle
05:44 PM pfSense Packages Regression #14561 (Feedback): FRR errors accessing Global Settings after deleting BGP neighbor
Fixed in FRR Package v1.3, which is building now and will be available shortly. Jim Pingle
05:44 PM pfSense Packages Bug #14562 (Feedback): PHP error when trying to run OSPF and BGP in the same time
Fixed in FRR Package v1.3, which is building now and will be available shortly. Jim Pingle
04:56 PM Bug #14619 (Pull Request Review): Rule separators are ordered incorrectly after removing rules in certain positions
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/1052 Marcos M
04:56 PM Bug #14621 (Pull Request Review): Rule separators are hidden when their index is greater than the number of rules
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/1052 Marcos M
04:55 PM Bug #14621 (Resolved): Rule separators are hidden when their index is greater than the number of rules
When the rule separator index is greater than the number of rules on the page, it is not displayed. Marcos M
04:50 PM Todo #12762 (Feedback): Clarify that the IPsec keep alive check option ignores Child SA Start Action
Applied in changeset commit:56f0a8361c1a73266a93a20b0a3a7566ebfe164a. Marcos M
04:42 PM Revision 56f0a836: Clarify IPsec Keep Alive description. Fix #12762
Marcos M
03:53 PM Feature #14448: Support interface groups in firewall rule source/destination fields
tested on:
Version 2.7.0-RELEASE (amd64)
built on Wed Jun 28 03:53:34 UTC 2023
FreeBSD 14.0-CURRENT
Version 2... Georgiy Tyutyunnik
01:11 PM Bug #14216: ntopng causes OpenVPN server errors 'error - IP packet with unknown IP version=15 seen' when OpenVPN server interface is selected
I can not reproduce it. Tested on 2.7.0 ... aleksei prokofiev
11:45 AM Bug #12079 (Feedback): Kernel panic when running IGMP Proxy: Sleeping thread owns a non-sleepable lock
I've committed that patch and picked it to our branches. It'll be part of the next snapshot build. Kristof Provost
02:41 AM Bug #14083: Adding MSS and MTU values on a LAGG VLAN interface breaks connectivity
Tested this on the Netgate 3100 and it appears to be isolated to only the 7100. Setting an MTU on LAN while using or... Kris Phillips

07/27/2023

10:41 PM Bug #14619 (In Progress): Rule separators are ordered incorrectly after removing rules in certain positions
Marcos M
05:44 PM Bug #14619: Rule separators are ordered incorrectly after removing rules in certain positions
There were some recent changes made here in #9887 that fixed some other scenarios Jim Pingle
05:39 PM Bug #14619 (Resolved): Rule separators are ordered incorrectly after removing rules in certain positions
Steps to reproduce:
# Create three rules, and a separator between the second and third rule.
# Select the first two... Marcos M
10:31 PM Bug #14617 (Closed): Package updates fail over IPv6
Closing - this is now resolved. We identified the issue which is being tracked internally, thank you for reporting it. Marcos M
06:22 PM Bug #14617 (Confirmed): Package updates fail over IPv6
Tested on 2.7. The fetch does fall back to IPv4, but it does take several minutes for IPv6 to time out:... Marcos M
03:30 PM Bug #14617 (Closed): Package updates fail over IPv6
Hello,
As of right now, the host that pfSense connects to check upgrades (pkg00-atx.netgate.com [2610:160:11:18::2... Spike R.D.
09:30 PM Feature #14620 (Feedback): Support running DHCPv4 Server and DHCPv4 Relay at the same time on different interfaces
Applied in changeset commit:e9577ebfd7852646a66697a3bde41b712687a4ca. Christian McDonald
08:35 PM Feature #14620: Support running DHCPv4 Server and DHCPv4 Relay at the same time on different interfaces
This also introduces shortcut service status specific to dhcrelay Christian McDonald
08:34 PM Feature #14620: Support running DHCPv4 Server and DHCPv4 Relay at the same time on different interfaces
!clipboard-202307271633-rlqtx.png! Christian McDonald
08:27 PM Feature #14620 (Assigned): Support running DHCPv4 Server and DHCPv4 Relay at the same time on different interfaces
Christian McDonald
09:24 PM Revision e9577ebf: dhcp: support simultaneous v4 dhcpd and dhcrelay, Implements #14620
Christian McDonald
08:12 PM Regression #14502 (Resolved): DHCPv6 Prefix Delegation (PD) not installing routes
Christian McDonald
11:30 AM Regression #14502: DHCPv6 Prefix Delegation (PD) not installing routes
tested on
Version 2.7.0-RELEASE (amd64)
built on Wed Jun 28 03:53:34 UTC 2023
FreeBSD 14.0-CURRENT
Version 23.... Georgiy Tyutyunnik
08:00 PM Revision 30b8b63a: Disable frr 8 build options for the moment.
SNMP is broken, MULTIPATH may be unnecessary. Jim Pingle
05:55 PM Bug #14083: Adding MSS and MTU values on a LAGG VLAN interface breaks connectivity
Other behavior notes:
If you run an ifconfig lagg0 from shell, the lagg will show up and both of the ix interfaces... Kris Phillips
05:43 PM Bug #14083: Adding MSS and MTU values on a LAGG VLAN interface breaks connectivity
Just ran into this with another customer running 23.05.1 on a 7100. Adding an <mtu> value to any interface on the sw... Kris Phillips
05:27 PM Feature #14448: Support interface groups in firewall rule source/destination fields
Tested on ... Lev Prokofev
05:20 PM Feature #9545 (Feedback): Enable Multipath Routing in the Kernel
Turns out it's already enabled in the current builds. FRR without the "multipath" option allows 16 duplicate routes, ... Jim Pingle
04:50 PM Todo #12762 (Pull Request Review): Clarify that the IPsec keep alive check option ignores Child SA Start Action
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/1051 Marcos M
04:39 PM Bug #14618 (Rejected): vpn routing
There isn't enough detail there to claim this is a bug and not a problem in your configuration. It may have worked in... Jim Pingle
04:37 PM Bug #14618 (Rejected): vpn routing
Pfsense 2.7.0. automatic add route on vpn is bugged, the os add only first ovpnc.
I downgrade to 2.6.0 with the sa... Pier Federico Flamigni
02:23 PM pfSense Plus Regression #14171: High Availability Setup with Gateway to secondary pfSense not working - No Internet
I tested this behavior in a default install, I hope it wasn't bad form to open another ticket, but I wanted to separa... Maternal Pause
02:12 PM Regression #14616 (Resolved): dpinger does not start after renewing DHCP

Default install on 2.7
WAN is on VLAN 201 of vtnet0 (vtnet0.201) vtnet0 is not assigned.
LAN on vtnet1
Creat... Maternal Pause
12:20 PM Bug #12079: Kernel panic when running IGMP Proxy: Sleeping thread owns a non-sleepable lock
I believe this should also mitigate the problem: https://reviews.freebsd.org/D41209
The LOR occurs only, at least ... Kristof Provost
12:52 AM Feature #946: Allow aliases to be used to define IPsec phase 2 networks
It would be great if this could get integrated Jason Kolter
12:52 AM Bug #6799 (Pull Request Review): Negating ``<interface> net`` when a VIP exists on the interface results in unintended behavior
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/1050 Marcos M
 

Also available in: Atom