Activity

30 days up to

User

Subprojects

Activity

From 07/31/2023 to 08/29/2023

08/29/2023

10:57 PM Bug #13555: When WAN is lost, ipv6 interface will not renew upon WAN availability: I am on 23.09.a.20230826.1731...
Just did some more captures and am not seeing any solicitations or any other rand... Mike McV
10:19 PM Bug #13555: When WAN is lost, ipv6 interface will not renew upon WAN availability: Perhaps it's related to / caused by #13423. If possible, try testing it on 23.09 dev snapshots. Marcos M
07:59 PM Bug #13555: When WAN is lost, ipv6 interface will not renew upon WAN availability: I have the same issue and have spent some time looking in to it. It looks to be more related to RADVD/NDP than DHCP6.... Mike McV
10:30 PM Bug #14725 (Feedback): Primary IPv6 interface address may be incorrect when a ULA is set: Applied in changeset commit:35b6dbe65cdff7d96008554ffafdd1b047b3f3fc. Marcos M
03:09 PM Bug #14725 (Pull Request Review): Primary IPv6 interface address may be incorrect when a ULA is set: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/1067 Marcos M
07:41 PM pfSense Packages Bug #14108 (Rejected): Antivirus Bases showing outdated main.cvd with a version dated year 2021: 2021 is the most recent main.cvd/main.cld file from ClamAV directly. The daily file gets updated more regularly.
F... Jim Pingle
06:40 PM pfSense Packages Bug #14108: Antivirus Bases showing outdated main.cvd with a version dated year 2021: From Squid and indirectly also c-icap upstream(s):
Neither Squid nor c-icap have anything to do with the ClamAV dat... Amos Jeffries
06:31 AM pfSense Packages Bug #14108: Antivirus Bases showing outdated main.cvd with a version dated year 2021: https://bugs.squid-cache.org/show_bug.cgi?id=5297
Bug zilla ticket also open for Squid side for more visibility of... Jonathan Lee
05:41 PM pfSense Docs New Content #14647: Add a note for ixgbe linking at NBase-T: Confirmed as working on an X550-T: https://forum.netgate.com/post/1122962 Steve Wheeler
03:43 PM Regression #14727: PCH Temperature missing from Thermal Sensors: Looks like we had @pchtherm.ko@ on the previous release but it's not in current builds. Jim Pingle
02:34 AM Regression #14727 (Resolved): PCH Temperature missing from Thermal Sensors: PCH temperature was present in 23.05 and probably introduced in that version. Ted Quade
03:21 PM Bug #14717: A default route can remain after setting the default gateway to None: !https://i.imgur.com/QAReNOq.jpg!
!https://i.imgur.com/XIMRavl.jpg! yon Liu
03:07 PM Revision 35b6dbe6: Prioritize the first GUA when selecting the primary IPv6 address. Fix #14725: Marcos M
02:40 PM Regression #14719 (Feedback): IPv4+IPv6 outbound NAT rule expands to invalid rule set: Applied in changeset commit:3ac7816f637b54cb4fb958fa0a439c147e13baff. Marcos M
02:31 PM Revision 3ac7816f: Validate mixed address family for outbound NAT rules. Fix #14719: Marcos M
01:54 PM pfSense Packages Feature #14729 (New): OpenVPN Client Export - Support PLAP on Windows: OpenVPN 2.6 for Windows introduced support for PLAP (Pre-Logon Access Provider). With this support, users get a new i... Pablo Bendersky
06:36 AM pfSense Packages Bug #14341: Squid Cache Table Logs Showing incorrect date: https://bugs.squid-cache.org/show_bug.cgi?id=5298
Added to bugzilla for Squid for more support visibility Jonathan Lee
06:21 AM pfSense Packages Bug #14406: Squid Proxy version 0.4.46 Missing Error subfolder and files for "en" or "en-usa" and all other languages.: https://bugs.squid-cache.org/show_bug.cgi?id=5296
Bugzilla Squid ticket now open for more Squid support visibility. Jonathan Lee
03:25 AM Feature #14728 (Resolved): Support for CD/DVD drives in the External Configuration Locator (ECL): In the Hyper-V environment, there's an observed behavior where pfSense does not appear to search for ... Tanner H

08/28/2023

07:55 PM Feature #14726 (Feedback): Show IPsec phase 1 authentication type in Mode column of tunnel list: Applied in changeset commit:52c5417c4b38477b8a835c997f815b52089da5d0. Jim Pingle
07:45 PM Feature #14726 (Resolved): Show IPsec phase 1 authentication type in Mode column of tunnel list: IKEv2 is much more common than IKEv1 these days so the "Mode" column is nearly always blank since it's irrelevant to ... Jim Pingle
07:43 PM Revision 52c5417c: Show IPsec P1 auth in list. Implements #14726: While here, pluralize "Mobile Client" label on mobile P1 since it's
inconsistent with other usages in the IPsec GUI. Jim Pingle
06:52 PM Bug #14725 (In Progress): Primary IPv6 interface address may be incorrect when a ULA is set: Marcos M
06:11 PM Bug #14725 (Resolved): Primary IPv6 interface address may be incorrect when a ULA is set: The previous behavior of using the first IPv6 non-LL address as the primary interface address was restored with https... Marcos M
05:50 PM Regression #14719 (Pull Request Review): IPv4+IPv6 outbound NAT rule expands to invalid rule set: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/1066 Marcos M
04:10 PM Regression #14719 (In Progress): IPv4+IPv6 outbound NAT rule expands to invalid rule set: Marcos M
03:14 PM Regression #14719: IPv4+IPv6 outbound NAT rule expands to invalid rule set: Not specific to Plus.
Probably related to #3288 or other recent changes in that area by Marcos. Jim Pingle
05:15 PM pfSense Packages Bug #14722: Snort Rule Update time settings does not create cron job correctly with certain times: This is a duplicate of bug 14723. My report of the user-identified issue and the acutal user's report of the same iss... Bill Meeks
04:37 PM pfSense Packages Bug #14722 (Duplicate): Snort Rule Update time settings does not create cron job correctly with certain times: What happens is that when a combination of update interval and hour is set that adds up to 24, the script that create... Benjamin McRobert
05:13 PM pfSense Packages Bug #14724: Suricata package incorrectly accounts for 24-hour rollover when creating automated rules update cron task and a 12-hour update interval is selected: Pull Request 1289 (https://github.com/pfsense/FreeBSD-ports/pull/1289) has been submitted to correct this issue. This... Bill Meeks
04:44 PM pfSense Packages Bug #14724 (Resolved): Suricata package incorrectly accounts for 24-hour rollover when creating automated rules update cron task and a 12-hour update interval is selected: The Suricata package GUI incorrectly adjusts the starting hour for the automated rules update cron task when the user... Bill Meeks
05:12 PM pfSense Packages Bug #14723: Snort package incorrectly handles rollover from 23 to 00 hours when calculating rules update cron task times: Pull Request 1288 (https://github.com/pfsense/FreeBSD-ports/pull/1288) has been submitted to resolve this issue.
T... Bill Meeks
04:38 PM pfSense Packages Bug #14723 (Resolved): Snort package incorrectly handles rollover from 23 to 00 hours when calculating rules update cron task times: The Snort package incorrectly adjusts the rollover from 23:xx hours to 00:xx hours when creating the cron task for au... Bill Meeks
04:01 PM pfSense Packages Bug #13432: ups driver will not start: I started having similar issue after upgrade to 2.7.0 (was working before)
got notices and saw "upsmon" giving "fail... Tom Bauer
02:29 PM Revision 936aa9ba: services.inc: ensure dhcpd devfs is only ever mounted one time: Christian McDonald
02:28 PM Revision fd391b0c: services.inc: ensure dhcpd devfs is only ever mounted one time: Christian McDonald
01:02 PM pfSense Packages Bug #14426 (Resolved): PHP errors in Lightsquid: The PR was merged. Jim Pingle
12:31 PM Todo #14011: Update memory graphs to account for changes in memory reporting: It's already correct in the repository and has been since March, you maybe accidentally reverted that change at some ... Jim Pingle
12:26 PM Regression #14635 (Resolved): "Legacy" strength PKCS#12 Export needs ``-legacy`` provider parameter on OpenSSL command: Looks good. When it failed it produced no file to download for the 'legacy' option at all, not even a 0-byte file.
Jim Pingle
12:24 PM pfSense Plus Bug #14720 (Duplicate): Traffic Graph Does Not Update For OpenVPN Interface When DCO Is Enabled: Seems like a duplicate of #14531
It's known/expected that in some cases DCO can't get traffic stats. Jim Pingle
12:23 PM Feature #13124 (Resolved): Option to wait for interface selection before displaying firewall rules: Jim Pingle
12:22 PM Todo #14686 (Resolved): Check for deprecated OpenVPN encryption and digest options on upgrade: The list of current algorithms is pulled dynamically from OpenVPN/OpenSSL, so if it's in the list on a current snapsh... Jim Pingle
12:21 PM Regression #14713 (Resolved): Mobile IPsec not allocating address to connecting clients on dev snapshots: Jim Pingle
12:18 PM pfSense Plus Bug #14721 (Rejected): disable / enable interface: There are very few details here and I don't see anything unexpected in that log, it's restarting things that use the ... Jim Pingle
11:39 AM pfSense Plus Bug #14721 (Rejected): disable / enable interface: when disable / enable gre interface, flap all other interface. Evgeny Korostelev
12:07 PM Bug #13729 (Resolved): Gateways stuck in Unknown status: Tested on several pfSense versions: 21.02_2, 22.05, 23.05_1 and 2.7
I was able to reproduce this issue on 21.02_2.
W... Azamat Khakimyanov
06:44 AM Bug #9296: Alias content is sometimes incomplete when an alias contains both FQDN and IP address entries: Unfortunately, the exact thing happened again in 2.7.0 for us over the weekend. We use an external spamfilter where m... Robert Gijsen

08/27/2023

11:31 PM Todo #14011: Update memory graphs to account for changes in memory reporting: Hello I wanted to give a heads up for 23.09.
I had to reapply this with 23.05 the error came back.
Jim sent t... Jonathan Lee
08:20 PM Regression #14635: "Legacy" strength PKCS#12 Export needs ``-legacy`` provider parameter on OpenSSL command: % openssl pkcs12 -legacy -info -in HA+OpenVPN+Server-Legacy.p12
MAC Iteration 2048
MAC verified OK
PKCS7 Encrypted d... Chris Linstruth
06:29 PM pfSense Plus Bug #14720 (Duplicate): Traffic Graph Does Not Update For OpenVPN Interface When DCO Is Enabled: Related forum thread:
https://forum.netgate.com/topic/182465/traffic-from-openvpn-interface-not-updating-on-traffi... Timo M
05:30 PM Bug #12959: dhcplease process wrongly update host file if client-hostname is empty: I wasn't able to reproduce it on 2.5 or 2.6 or 2.7
When I enabled 'don't send hostname' option on my Ubuntu PCs, a... Azamat Khakimyanov
03:36 PM Bug #12849: pfsync kernel crash on reboot: Backtrace for those searching redmine:... Steve Wheeler
03:03 PM Feature #13124: Option to wait for interface selection before displaying firewall rules: Tested on:
23.09-DEVELOPMENT (amd64)
built on Sat Aug 26 17:37:15 UTC 2023
FreeBSD 14.0-ALPHA2
Looks good. Chris Linstruth
12:35 PM Regression #14719 (Resolved): IPv4+IPv6 outbound NAT rule expands to invalid rule set: A misconfigured outbound NAT rule that used to load now stops pf from loading the rule set.
First seen on:
23.09-... Chris Linstruth
08:05 AM pfSense Packages Feature #9916 (Resolved): Check allow-transfer in custom option when the zone is slave: Tested on 23.05_1
Allow-transfer option check was added and there wasn't any bind error if I add this option into Cu... Azamat Khakimyanov
05:21 AM pfSense Packages Feature #14710: Possible Idea for new firewall feature "ACL CONNECTED RED LED FLAG FEATURE": Different way to iterate the variable for multiple cases
You can also use the the case command to iterate over t... Jonathan Lee
02:25 AM Feature #13377: Option to configure a custom value for the PHP memory limit: Chris W wrote in #note-19:
> Systems with 1GB or less of RAM show a negative number as the hinted maximum adjusted va... Christopher Cope
12:53 AM Feature #13377: Option to configure a custom value for the PHP memory limit: Systems with 1GB or less of RAM show a negative number as the hinted maximum adjusted value. The screenshot is taken ... Chris W
12:05 AM Feature #13377: Option to configure a custom value for the PHP memory limit: Tested on... Christopher Cope
01:15 AM Feature #3288: Support interface macros in Outbound NAT rules: source/destination (of outbound NAT) show predefined subnets (LAN/WAN)
23.09.a.20230825.1302
Alhusein Zawi
12:06 AM Todo #14686: Check for deprecated OpenVPN encryption and digest options on upgrade: I used the wizard to make an OpenVPN server in 23.05, then manually:
- Confirmed all the algorithm choices listed ab... Chris W

08/26/2023

11:57 PM pfSense Packages Regression #13817: pfBlockerNG-devel cron jobs persist after the service is disabled or the package is uninstalled: on 23.05.1 and pfB 3.2.0_6 after working through getting the package to uninstall successfully (see https://redmine.p... Jordan G
11:47 PM pfSense Packages Bug #14572: Unused DNSBL files may not be removed: Kris Phillips wrote in #note-1:
> Hello,
>
> Is this with the devel or stable branch of pfBlockerNG?
devel and... Jordan G
11:03 PM pfSense Packages Bug #14287: pfBlockerNG does not uninstall cleanly when using RAM disks: This is still happening with pfBlockerNG 3.2.0_6. I believe I've found a workaround for this after chasing a few of t... Jordan G
07:06 PM Bug #14708: PHP error when the system fails to create an interface: I tried to reproduce it on a seperate interface, but did not encounter the same error.
So it must be related to m... Diana Moore
02:49 PM Bug #14708: PHP error when the system fails to create an interface: I am unable to reproduce this on 23.05.1. I created an interface using 6to4 and then another using 6rd without error.... Christopher Cope
06:29 PM pfSense Plus Bug #14682 (Resolved): DCO OpenVPN server bound to Localhost does not pass traffic as expected: Tested against:... Danilo Zrenjanin
08:08 AM pfSense Plus Bug #14682: DCO OpenVPN server bound to Localhost does not pass traffic as expected: Tested on
... Lev Prokofev
03:56 PM Regression #14698 (Resolved): TLS Cert Warning Message Present on First Start: No certificate warning before or after the Wizard on first boot using build
23.09-DEVELOPMENT (amd64)
built on Sa... Chris W
12:11 PM Bug #14637 (Resolved): PHP shell script ``pfanchordrill`` shows duplicate anchor content: The patch fixes it.
I am marking the ticket resolved. Danilo Zrenjanin
11:01 AM Regression #14713: Mobile IPsec not allocating address to connecting clients on dev snapshots: Fixed for me. Thanks. Vladimir Suhhanov
07:08 AM pfSense Packages Bug #14711 (Confirmed): pfBlocker ASN to IP Address option doesn't work: Tested on pfBlocker 3.2.0_6
It failed to load list.... Lev Prokofev
07:06 AM pfSense Packages Bug #14718 (New): pfBlocker DNSBL IPs list action is wrongly named: !clipboard-202308260857-oz2vd.png!
Under *Firewall/pfBlockerNG/DNSBL* there is *DNSBL IPs* section.
The *Alias ... Danilo Zrenjanin
03:01 AM Bug #14717: A default route can remain after setting the default gateway to None: Hello,
Can you please provide some screenshots of what you're expecting versus what you're seeing? I'm not unders... Kris Phillips
12:19 AM pfSense Packages Feature #14710: Possible Idea for new firewall feature "ACL CONNECTED RED LED FLAG FEATURE": Non standard colours also
@#!/bin/sh
pfctl -vvss | grep ', rule 79' >/dev/null
res=$?
if [ $res = 0 ];
then
... Jonathan Lee

08/25/2023

08:56 PM pfSense Packages Bug #14426 (Pull Request Review): PHP errors in Lightsquid: https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/353 Marcos M
08:10 PM pfSense Packages Regression #13984 (Resolved): PHP errors with squid: Marcos M
08:04 PM Bug #14717 (Resolved): A default route can remain after setting the default gateway to None: pfsense v23.05.01 Always automatically set static default ipv6 to pppoe wan.because i have run frr ipv6 bgp, when i h... yon Liu
05:41 PM pfSense Docs Correction #14639 (Resolved): Multiple email address notification: Note added and deployed.
https://gitlab.netgate.com/docs/pfSense-docs/-/commit/f2f85861b0ccd82cd19d9b4f72c17cf2be6... Jim Pingle
05:30 PM pfSense Docs Todo #14716 (Resolved): Update the squid help link URL: Fixed. There were several that were wrong.
https://gitlab.netgate.com/docs/pfSense-docs/-/commit/2d75de5525ca68375... Jim Pingle
04:24 PM pfSense Docs Todo #14716 (Resolved): Update the squid help link URL: The squid package help link (@help.php?page=squid.xml@) redirects to an unrelated page:
https://docs.netgate.com/pfs... Marcos M
04:43 PM Regression #14709 (Resolved): Patch to disable procctl in pkg is missing: Patch is restored Christian McDonald
12:09 AM Regression #14709 (Resolved): Patch to disable procctl in pkg is missing: The patch to remove procctl in pkg is missing. This is needed to prevent child processes being killed which is used i... Marcos M
04:19 PM pfSense Docs Todo #14658 (Resolved): Update firewall/NAT rule source/destination field references: https://gitlab.netgate.com/docs/pfSense-docs/-/merge_requests/59 Marcos M
04:13 PM pfSense Packages Bug #14714: HAProxy Agent Check: Bug No 2 is now described in Bug #14715 Jacques Bourdeau
03:56 PM pfSense Packages Bug #14714: HAProxy Agent Check: Jacques Bourdeau wrote in #note-2:
> Jim Pingle wrote in #note-1:
> > Please create a separate issue entry for each... Jim Pingle
03:46 PM pfSense Packages Bug #14714: HAProxy Agent Check: Jim Pingle wrote in #note-1:
> Please create a separate issue entry for each problem, even if they appear to be rela... Jacques Bourdeau
03:21 PM pfSense Packages Bug #14714: HAProxy Agent Check: Please create a separate issue entry for each problem, even if they appear to be related.
Jim Pingle
03:03 PM pfSense Packages Bug #14714 (New): HAProxy Agent Check: For my load balancing, I ended up needing to use Agent-based checks in HAProxy.
I configured it in my pfSense+ (23... Jacques Bourdeau
04:06 PM pfSense Packages Bug #14715 (New): HAProxy Agent-Check are not enabled in the config despite being checked in the UI: Related to Bug #14714 which also does not populate the config file properly for agent-check based monitoring in HAPro... Jacques Bourdeau
04:01 PM pfSense Packages Feature #14710: Possible Idea for new firewall feature "ACL CONNECTED RED LED FLAG FEATURE": If anyone knows of a more efficient want to poll the state table, please let me know.
Have a good day Jonathan Lee
03:59 PM pfSense Packages Feature #14710: Possible Idea for new firewall feature "ACL CONNECTED RED LED FLAG FEATURE": Here is a photo of testing with the three LEDs enabled when rule 79 went active.
Does the state table counters als... Jonathan Lee
03:49 PM pfSense Packages Feature #14710: Possible Idea for new firewall feature "ACL CONNECTED RED LED FLAG FEATURE": I wonder if there is another way to do it maybe with the active state tables counters. Thanks for looking into this i... Jonathan Lee
03:27 PM pfSense Packages Feature #14710: Possible Idea for new firewall feature "ACL CONNECTED RED LED FLAG FEATURE": I don't see anything like that being added to the base system, but maybe someone might design a package around it.
... Jim Pingle
04:54 AM pfSense Packages Feature #14710: Possible Idea for new firewall feature "ACL CONNECTED RED LED FLAG FEATURE": Side note, I recently learned "The Air force one Executive Phone has a light on the back that lights up red when secu... Jonathan Lee
02:03 AM pfSense Packages Feature #14710: Possible Idea for new firewall feature "ACL CONNECTED RED LED FLAG FEATURE": pfctl -vvss| grep '192.168.1.11' would work great too as it would be IP address based not rule based
also
pfctl -vv... Jonathan Lee
01:26 AM pfSense Packages Feature #14710: Possible Idea for new firewall feature "ACL CONNECTED RED LED FLAG FEATURE": The capability is you can take any rule ID you have that establishes a connection and you could configure it to be us... Jonathan Lee
01:12 AM pfSense Packages Feature #14710 (New): Possible Idea for new firewall feature "ACL CONNECTED RED LED FLAG FEATURE": Hello fellow Netgate pfSense Redmine community members,
I wanted to share this with you all to see if this is any... Jonathan Lee
02:37 PM Bug #14613: Incorrect wireguard control panel status management: You can only enable wiregtuard by starting it in the web gui.
After starting with the script /usr/local/bin/php_wg -... hao zhang
02:07 PM Bug #14613: Incorrect wireguard control panel status management: After running
/usr/local/bin/php_wg -f /usr/local/pkg/wireguard/includes/wg_service.inc stop
fstat shows that /var... hao zhang
02:06 PM Bug #14613: Incorrect wireguard control panel status management: I checked /var/run/wireguardd.pid before rebooting and it was 22536.
After that I rebooted the pfsense.
After reboo... hao zhang
12:58 PM Bug #14613: Incorrect wireguard control panel status management: I do it manually with ssh
/usr/local/bin/php_wg -f /usr/local/pkg/wireguard/includes/wg_service.inc stop
then web... hao zhang
12:40 PM Bug #14613: Incorrect wireguard control panel status management: I reinstalled pfsense and ran into this problem again
I have 3 tunnel, 5 peers and each tunnel is assigned interface... hao zhang
02:37 PM Bug #14691 (Resolved): Separators get shifted when copying firewall rules between interfaces: Tested against:... Danilo Zrenjanin
01:35 PM Regression #14713 (Feedback): Mobile IPsec not allocating address to connecting clients on dev snapshots: Applied in changeset commit:ceea1bd07b25ecb3061f3eda1a5137d2ead8311d. Jim Pingle
01:28 PM Regression #14713: Mobile IPsec not allocating address to connecting clients on dev snapshots: This regressed in a recent rector refactoring ( commit:264198a5a69c0ea45726ccb4c0682f1f0cd5e8a9 ), some references to... Jim Pingle
12:43 PM Regression #14713 (Resolved): Mobile IPsec not allocating address to connecting clients on dev snapshots: This regressed since the previous release at some point. Mobile client attempts to connect but is unable to obtain an... Jim Pingle
01:25 PM Revision ceea1bd0: Mobile IPsec settings PHP refactor corrections. Fixes #14713: Jim Pingle
01:17 PM pfSense Packages Feature #14712: CrowdSec package: e ok wrote:
> I think is not necessary another IPS, but I leave here If something consider that is more robust or go... Marco Mariani
12:32 PM pfSense Packages Feature #14712 (New): CrowdSec package: I think is not necessary another IPS, but I leave here If something consider that is more robust or good tan Snort or... e ok
12:26 PM Revision 67dc6377: Tweak formatting of SMTP notifications: Jim Pingle
06:58 AM Regression #14569 (Feedback): ``bnxt(4)`` driver errors: I've cherry-picked the upstream fixes (see https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=269133) into our branche... Kristof Provost
06:30 AM pfSense Packages Bug #14711 (Resolved): pfBlocker ASN to IP Address option doesn't work: pfBlocker relies on Team Cymru IP to ASN Lookup v1.0 to get the list of prefixes for the defined ASN. But it seems th... Danilo Zrenjanin
06:12 AM pfSense Packages Bug #12822 (Confirmed): IPv4 Source ASN format not working: I have tried to define the ASN format and it appears that it is still not working consistently. Occasionally, it does... Danilo Zrenjanin

08/24/2023

11:39 PM Bug #14707 (Rejected): Fresh installation with a bug.: That's a hardware/driver issue with your @dc@ based NIC. Given the age of that hardware and the fact that it's only 1... Jim Pingle
10:45 PM Bug #14707 (Rejected): Fresh installation with a bug.: Hi, I made a fresh installation and get a bug/error. Attached the dumps for your future analyst if you consider neces... e ok
11:35 PM Bug #14708 (Resolved): PHP error when the system fails to create an interface: When enabling 6rd while 6to4 is enabled on another interface the web ui will throw an error of @Uncaught TypeError: p... Diana Moore
07:03 PM Bug #14432 (Feedback): PHP error when failing to write ``config.cache``: This should be fixed by commit:596a88fa42f0ac77bd2fc2be87b54457df11f64b Jim Pingle
07:00 PM Feature #14337: Allow SMTP notifications from non-root processes: With the changes I just pushed, I get working SMTP notifications from NUT as well as other users. No duplicates/loops... Jim Pingle
06:50 PM Feature #14337 (Feedback): Allow SMTP notifications from non-root processes: Applied in changeset commit:596a88fa42f0ac77bd2fc2be87b54457df11f64b. Jim Pingle
06:43 PM Revision 596a88fa: Notification code updates: * Rework how notice queue files are setup and maintained, which should
allow all users to send notifications now wi... Jim Pingle
02:29 PM pfSense Packages Feature #14706 (New): Add Cloudflare tunnel pkg: Hello everybody,
I've been using Cloudflare tunnel for more than an year as I'm now behind CGNAT so no more open p... Vlad Saftoiu
01:42 PM Bug #14691: Separators get shifted when copying firewall rules between interfaces: That result indicates a patch is missing. The fix is in the latest build (20230824-0600) - try it there. Marcos M
07:39 AM Bug #14691: Separators get shifted when copying firewall rules between interfaces: After applying the patch, I made the following observations:
h3. Before copying:
Rules on source interface (L... Danilo Zrenjanin
12:50 PM Regression #14690 (Resolved): Creating or duplicating an IPsec P1 entry does not increment the IKE ID: Jim Pingle
05:24 AM Regression #14690: Creating or duplicating an IPsec P1 entry does not increment the IKE ID: Tested on ... Lev Prokofev

08/23/2023

11:32 PM Bug #14619: Rule separators are ordered incorrectly after removing rules in certain positions: Side note:
I have also seen this behavior carrying into layer 2 Ethernet filtering rules.
Photos inside duplicat... Jonathan Lee
10:54 PM pfSense Plus Bug #14705: Changes in Ethernet ruleset can lead to incorrect rule and separator order: I was not able to replicate it (including with Ethernet rules, etc). If you can replicate this on a default install/c... Marcos M
10:21 PM pfSense Plus Bug #14705: Changes in Ethernet ruleset can lead to incorrect rule and separator order: Thanks for looking into this. I am not changing the firewall configuration only the firewall rule when this occurs. L... Jonathan Lee
10:00 PM pfSense Plus Bug #14705 (Rejected): Changes in Ethernet ruleset can lead to incorrect rule and separator order: I can only replicate this if I change the config while editing a rule. This is known behavior that is due to the inde... Marcos M
05:28 PM pfSense Plus Bug #14705: Changes in Ethernet ruleset can lead to incorrect rule and separator order: For mine the rules are randomizing. I have some rules that jump to the middle and or end of the rule list. Jonathan Lee
05:21 PM pfSense Plus Bug #14705 (Duplicate): Changes in Ethernet ruleset can lead to incorrect rule and separator order: Most likely a duplicate of #14691 or #14619 Jim Pingle
05:16 PM pfSense Plus Bug #14705 (Closed): Changes in Ethernet ruleset can lead to incorrect rule and separator order: Hello fellow pfSense Redmine community members,
I noticed after the recent software update to 23.05.1 that issues ... Jonathan Lee
09:45 PM Regression #14623 (Feedback): Primary interface address is incorrectly set to the last address on the interface: Applied in changeset commit:baa612e555ba48e1961f03ac54e8f93b078aff48. Marcos M
07:05 PM Regression #14623 (Pull Request Review): Primary interface address is incorrectly set to the last address on the interface: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/1064 Marcos M
09:37 PM Revision baa612e5: Return the first interface address instead of the last. Fix #14623: Marcos M
09:23 PM Revision 9602c76c: Correctly shift separators when deleting a single rule above a separator. Fix #14691: Marcos M
08:55 PM Bug #14691 (Feedback): Separators get shifted when copying firewall rules between interfaces: Applied in changeset commit:26b97b650457ba98360b5648dd801fd0adb567a5. Marcos M
08:45 PM Bug #14691 (In Progress): Separators get shifted when copying firewall rules between interfaces: The behavior of the rule being placed on top when being copied only happens when e.g. copying the last rule of LAN to... Marcos M
06:40 PM Bug #14691 (Feedback): Separators get shifted when copying firewall rules between interfaces: Applied in changeset commit:abc8192b1028f48bb768ffb6727bed4d05adae7f. Marcos M
06:10 PM Bug #14691: Separators get shifted when copying firewall rules between interfaces: Tested against:... Danilo Zrenjanin
08:46 PM Revision 26b97b65: Remove the original rule when chaning the rule's interface. Fix #14691: Marcos M
08:04 PM Feature #14337: Allow SMTP notifications from non-root processes: Thanks Jim Denny Page
07:57 PM Feature #14337 (In Progress): Allow SMTP notifications from non-root processes: I have an alternate idea on how to fix this and (hopefully) also preserve the duplicate message suppression. There is... Jim Pingle
06:32 PM Revision abc8192b: Refactor rule separators. Fix #14691: Marcos M
06:11 PM Feature #13784 (Rejected): Option to completely block MAC addresses in Captive Portal: Now that L2 filtering is possible in the GUI (see #14308), this is no longer needed. Below is the diff for this MR fo... Marcos M
05:18 PM pfSense Packages Bug #14704 (Duplicate): FRR BGP Neighbor configuration page no longer displays BFD Peer(s) in the BFD section: Duplicate of #14654
It's already fixed in the most recent version of the package. Jim Pingle
05:10 PM pfSense Packages Bug #14704 (Duplicate): FRR BGP Neighbor configuration page no longer displays BFD Peer(s) in the BFD section: Hello,
I can no longer select a BFD Peer when creating a FRR BGP neighbor.
As an example.
I have two (2) BFD... Michael Mercier
04:44 PM Bug #13903 (Feedback): PPPoE Server address input validation is incorrectly allowing IPv6: Fixed by commit:9d0cd39f3be509ca0fd46119777bedd1954802c4 (typo'd the issue ID on there) Jim Pingle
03:48 PM Bug #13903 (In Progress): PPPoE Server address input validation is incorrectly allowing IPv6: Looks like it should be IPv4 only so I've fixed the input validation to restrict it to IPv4
I also corrected a mis... Jim Pingle
04:40 PM Bug #14392 (Feedback): ``find_interface_ipv6_ll()`` can return a VIP instead of the interface address: Applied in changeset commit:5df71c77b6b03a30b8f6425da331a892eb9876ad. Jim Pingle
04:21 PM Revision 5df71c77: Correct IPv6 LL addr locate behavior. Fixes #14392: Comments said it should take the first but it was taking the last.
Make that behavior optional but default to taking... Jim Pingle
03:47 PM Revision 9d0cd39f: Fixup PPPoE server input validation. Fixes #13909: Jim Pingle
03:40 PM Bug #14394 (Feedback): PHP error in CSRF Magic from invalid time value: Applied in changeset commit:1a57545864783b3acc5f28d166a79bd92a849759. Jim Pingle
03:10 PM Bug #14394 (In Progress): PHP error in CSRF Magic from invalid time value: Jim Pingle
03:29 PM Revision 1a575458: Correct PHP errors in CSRF Magic. Fixes #14394: Jim Pingle
03:00 PM Bug #13218 (Feedback): GIF-based interface MTU is assigned to parent interface on boot when parent interface is a LAGG: Applied in changeset commit:14beb636e4ca286c011398a30fd818f15c83eb7e. Jim Pingle
02:40 PM Bug #13218 (In Progress): GIF-based interface MTU is assigned to parent interface on boot when parent interface is a LAGG: PR has conflicts (and some logic issues, and outdated code usage). I'm working on an updated version of the changes. Jim Pingle
02:44 PM Revision 14beb636: Simplify interface_find_child_cfgmtu(). Fixes #13218: * Simplify the code in interface_find_child_cfgmtu() so it doesn't have
so much repetition
* Do not test GIF/GRE as... Jim Pingle
02:15 PM Regression #11570: Gateway monitoring services is not always restarted on interface events, which may prevent a WAN from recovering back to an online state: PR has conflicts and needs work/testing still Jim Pingle
02:15 PM Feature #13124 (Feedback): Option to wait for interface selection before displaying firewall rules: Applied in changeset commit:c451853836ae3e00ec20aa666c64a198d08b402c. Jim Pingle
02:09 PM Feature #13124 (In Progress): Option to wait for interface selection before displaying firewall rules: Jim Pingle
02:13 PM Bug #12225 (Rejected): Group membership field is not needed for remote groups: Doesn't seem like something we really need/want at the moment, and the PR was closed a few weeks ago.
Jim Pingle
02:08 PM Revision c4518538: Option to require if select before showing fw rules. Implements #13124: Originally submitted in PR 4582 by Chrisc-c-c at GitHub Jim Pingle
01:40 PM Feature #13245 (Feedback): Type column on Alias lists: Applied in changeset commit:33cd269034590899b429f72305a4abdc4c6f686e. Jim Pingle
01:30 PM Feature #13245 (In Progress): Type column on Alias lists: Jim Pingle
01:32 PM Revision 33cd2690: Type column for Alias list. Implements #13245: While here, clean up some redundant/incorrect variable usage.
Adapted from PR 4592 submitted by luckman212 @ GitHub Jim Pingle
01:26 PM Feature #13377 (Feedback): Option to configure a custom value for the PHP memory limit: MR Merged Jim Pingle
01:12 PM Revision fc62ac50: Add a setting for PHP memory limit in System -> Advanced. Feature #13377: Christopher Cope
01:10 PM Feature #13804 (Feedback): Prevent CARP status/maintenance mode from being erroneously toggled: Applied in changeset commit:a9238fddf3149f0bd22886f91becfa3d373cc164. Christopher Cope
01:05 PM Feature #14347 (Feedback): Improve System menu behavior for Certificate Manager privileges: Applied in changeset commit:d9f02c6abae1d58e57cdff1775f1b516cb038585. Jim Pingle
12:55 PM Feature #14347 (In Progress): Improve System menu behavior for Certificate Manager privileges: Jim Pingle
01:02 PM Revision a9238fdd: Add requested state to status_carp requests. Implements #13804: Christopher Cope
12:59 PM Feature #14208: Automatic Split-DNS for 1:1 NAT: Waiting on changes to the PR, will be better in the next release with more time to test it out. Jim Pingle
12:55 PM Revision d9f02c6a: Pick crt mgr start by privs. Implements #14347: Check user privileges to determine where the menu entry for the
certificate manager should point. Users might have ac... Jim Pingle
12:38 PM Bug #14621 (Feedback): Rule separators are hidden when their index is greater than the number of rules: This was merged a couple weeks ago Jim Pingle
07:56 AM Bug #14702 (Resolved): ``ctype_digit()`` returns unexpected result for values <= ``255`` which can break some validation functions/usages: The patch fixes it.
I am marking this ticket resolved. Danilo Zrenjanin
07:45 AM Bug #14695 (Resolved): Copy function for User Manager Groups does not work for first group in list: Danilo Zrenjanin
07:45 AM Bug #14695: Copy function for User Manager Groups does not work for first group in list: The patch fixes it.
I am marking this ticket resolved.
Danilo Zrenjanin
06:52 AM Bug #14628: PPPoE Interface Panic: Occurred again today.
@
Aug 23 11:47:25 login 74579 login on ttyv0 as root
Aug 23 11:47:25 sshguard 77416 Now mo... Faisal Mahmood

08/22/2023

10:45 PM Bug #14691 (Pull Request Review): Separators get shifted when copying firewall rules between interfaces: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/1063 Marcos M
03:36 PM Bug #14691 (In Progress): Separators get shifted when copying firewall rules between interfaces: Marcos M
07:26 PM Feature #13422: Add a 'type' field to the DHCPv6 server Additional BOOTP/DHCP Options: This may already be part of the Kea work, but in case it isn't... Jim Pingle
07:24 PM Feature #13710: Support UTF-8 CA/Certificate subject components: We have enough to worry about with OpenSSL 3.x changes in this release, best not to complicate cert changes any furth... Jim Pingle
07:16 PM pfSense Packages Bug #14349 (Closed): The ClamAV 0.105.1 got a few vulnerabilities: It's already fixed in dev snaps, it'll come back naturally with the next release.
Jim Pingle
06:38 PM pfSense Plus Bug #14682 (Feedback): DCO OpenVPN server bound to Localhost does not pass traffic as expected: Committed upstream in https://cgit.freebsd.org/src/commit/?id=949491f2a6397f2514f8fcde1c7dc61bd82f201a, and cherry-pi... Kristof Provost
03:45 PM pfSense Plus Bug #14682 (In Progress): DCO OpenVPN server bound to Localhost does not pass traffic as expected: I've also been able to reproduce this.
The problem turns out to be that we pass through pf multiple times (which i... Kristof Provost
05:06 PM pfSense Plus Feature #14348 (Resolved): Add unicast CARP indication and peer address to CARP status: This looks really good on Plus and CE both compared to before. Much more useful information and it all appears to be ... Jim Pingle
04:25 PM Revision 0600beae: services_dhcp.php: fix pool address range validation: Christian McDonald
02:20 AM Bug #14648: Values obtained from ``sysctl`` are sometimes unexpectedly empty, leading to PHP and other math errors: I am repeatedly receiving errors related to this. In addition to errors, crash reports, nearly every day. I just appl... C T

08/21/2023

10:59 PM Bug #14700: High CPU Temperature in CE 2.7: I would check your cooling solution if those are real values. Simply running with the default Speedshift settings sho... Steve Wheeler
12:31 PM Bug #14700 (Duplicate): High CPU Temperature in CE 2.7: Already covered by #14047 Jim Pingle
10:43 PM Bootstrap Bug #5121: interfaces.php - Wireless Antenna Selection should default to "Default": Hello, what about 3 antenna port pcie cards? I learned the AR5BXB112 functions in some appliances. Is the 3rd port no... Jonathan Lee
10:38 PM pfSense Plus Regression #14703: 2100 pcie wireless issues: https://redmine.pfsense.org/issues/5121
Also talks about the now degraded Wireless Antenna Selection GUI setting Jonathan Lee
10:36 PM pfSense Plus Regression #14703: 2100 pcie wireless issues: Antenna tx and rx adjustments missing on 23.05.1
See attached is the new GUI settings showing changes Jonathan Lee
10:31 PM pfSense Plus Regression #14703: 2100 pcie wireless issues: https://redmine.pfsense.org/issues/13
was the options removed for antenna adjustments? It use to display them in the... Jonathan Lee
10:16 PM pfSense Plus Regression #14703: 2100 pcie wireless issues: even when removing dev.ath.0.tpc and dev.ath.0.tpcscale and setting tpack and tpcts to 99 it does not take the config... Jonathan Lee
07:00 PM pfSense Plus Regression #14703: 2100 pcie wireless issues: When I would add a system tunable for tpcts and tpack and reboot or manually adjust they would never change and alway... Jonathan Lee
06:53 PM pfSense Plus Regression #14703: 2100 pcie wireless issues: Compex WLE200NX Wireless A/B/G/N Network Mini PCIe Adapter (A4343) is the only card that works inside the 2100 Jonathan Lee
06:51 PM pfSense Plus Regression #14703 (New): 2100 pcie wireless issues: Hello fellow pfSense Packages Redmine community members can you please help.
1. The SG-2100MAX the Compex WLE200NX... Jonathan Lee
07:35 PM Bug #14695 (Feedback): Copy function for User Manager Groups does not work for first group in list: Applied in changeset commit:9270d777907048d2bfc31f4e57a01e915ff71a88. Jim Pingle
07:16 PM Bug #14695 (In Progress): Copy function for User Manager Groups does not work for first group in list: Not specific to Plus.
Looks like most of the tests checking if the duplicate action is being performed are done in a... Jim Pingle
07:25 PM Revision 9270d777: Improve dup action tests in group mgr. Fixes #14695: Jim Pingle
06:38 PM Regression #14698: TLS Cert Warning Message Present on First Start: Ended up being an issue in the upgrade code, not the GUI or certs. Jim Pingle
06:35 PM Regression #14698 (Feedback): TLS Cert Warning Message Present on First Start: Applied in changeset commit:dcc7c577b51d68878c68313e3e0705d600c75b6f. Jim Pingle
06:24 PM Revision dcc7c577: Prevent running upgrade code on first boot. Fixes #14698: * Update default config to current latest revision number
* Add safety belt check to not flag an empty GUI cert as we... Jim Pingle
03:15 PM Bug #14702 (Feedback): ``ctype_digit()`` returns unexpected result for values <= ``255`` which can break some validation functions/usages: Applied in changeset commit:28e2b61100b0f1cf81de5e73fd579bb6bd36afb5. Jim Pingle
03:05 PM Bug #14702 (In Progress): ``ctype_digit()`` returns unexpected result for values <= ``255`` which can break some validation functions/usages: Looks like this could also break things in a few other places since we use that function ~10 times in various files.
... Jim Pingle
02:56 PM Bug #14702: ``ctype_digit()`` returns unexpected result for values <= ``255`` which can break some validation functions/usages: The problem is with the @ctype_digit()@ test used in @is_port()@:
https://www.php.net/manual/en/function.ctype-dig... Jim Pingle
02:44 PM Bug #14702 (Confirmed): ``ctype_digit()`` returns unexpected result for values <= ``255`` which can break some validation functions/usages: This isn't specific to FTP, it happens for a few different ranges I tried (10-11, 20-21, 100-101, etc.) though it doe... Jim Pingle
06:45 AM Bug #14702 (Resolved): ``ctype_digit()`` returns unexpected result for values <= ``255`` which can break some validation functions/usages: Hello pfSense,
I've noticed that when you create a NAT rule with a port range starting with 20 (e.g. 20-21 or 20-... John Uplink
03:05 PM Revision 28e2b611: Cast to string before ctype_digit() testing. Fixes #14702: Jim Pingle
02:12 PM pfSense Plus Bug #14701: Regression #14374 new issue with active DHCP leases can no longer differentiate between online and offline system.: Static ARP entries must always be in the table. Prior to that patch, static ARP was broken, which is why the DHCP sta... Jim Pingle
02:08 PM pfSense Plus Bug #14701: Regression #14374 new issue with active DHCP leases can no longer differentiate between online and offline system.: Thanks for looking into this, prior to this PfSense patch I was able to see if a device was on or offline in the stat... Jonathan Lee
01:09 PM pfSense Plus Bug #14701 (Not a Bug): Regression #14374 new issue with active DHCP leases can no longer differentiate between online and offline system.: The online/offline status is solely based off the presence of the client MAC address in the ARP table. With static AR... Jim Pingle
02:10 PM Revision 343b9d14: pkg-utils.inc: just consider the first line of output from rquery when determining remote version.: Christian McDonald
02:01 PM pfSense Packages Feature #14696: possible cross site scripting and URL manipulation shell access injection issue sgerror.php: Thanks for looking at this and testing the various inputs. I did not know about the other reporting URL I will use th... Jonathan Lee
01:52 PM pfSense Packages Feature #14696 (Rejected): possible cross site scripting and URL manipulation shell access injection issue sgerror.php: That action is just echoing back the input to the user but as it passes through a query string and so on, the content... Jim Pingle
12:30 PM Bug #14301 (Resolved): Input validation error when saving IGMP Proxy settings: Jim Pingle
12:30 PM Bug #14646 (Resolved): OpenVPN can select the wrong interface IP address when multiple addresses are present: Jim Pingle
12:28 PM Regression #14678 (Resolved): CA and Certificate renewal page does not properly list some SHA1 certificates as being weak: Jim Pingle
12:27 PM Bug #14699 (Duplicate): Certificate alert is shown with a new install: Duplicate of #14698 Jim Pingle

08/20/2023

11:42 PM pfSense Plus Bug #14701 (Not a Bug): Regression #14374 new issue with active DHCP leases can no longer differentiate between online and offline system.: Hello fellow pfSense Redmine community members,
I wanted to add a note about a new issue showing. The active stati... Jonathan Lee
05:02 PM Bug #14700 (Duplicate): High CPU Temperature in CE 2.7: After upgrading 3 2.6 CE installs to 2.7, all of them experienced high CPU temps. A mitigation was found on reddit to... Boolie Boolie
03:47 PM Bug #14699 (Duplicate): Certificate alert is shown with a new install: I installed snapshot 23.09 build @20230818-1744@ and this alert is shown with a default config:
> The GUI HTTPS cert... Marcos M
02:50 AM Bug #14301: Input validation error when saving IGMP Proxy settings: Tested on Aug 18th builds of Plus 23.09. No errors are present when saving IGMP Proxy anymore. This can be closed a... Kris Phillips
01:02 AM Bug #14646: OpenVPN can select the wrong interface IP address when multiple addresses are present: retested with a different config after applying the related system_patch and failover appears to be working as expect... Jordan G

08/19/2023

10:16 PM Regression #14698 (Resolved): TLS Cert Warning Message Present on First Start: On first boot of the Aug 18th 23.09 builds, the following notification is present immediately when prompted with the ... Kris Phillips
09:18 PM Bug #14655 (Confirmed): NAT behind a WAN rule" and "!WAN rule": I can confirm this behavior on... Christopher Cope
05:47 PM pfSense Packages Bug #14683: PHP error on ``status_frr.php`` from using too much memory: Since this is the same base issue solved by the PHP patch, I'm marking this as a duplicate of https://redmine.pfsense... Christopher Cope
05:47 PM pfSense Packages Bug #14683 (Duplicate): PHP error on ``status_frr.php`` from using too much memory: Christopher Cope
12:48 PM pfSense Plus Bug #14129 (Resolved): Chelsio T520 unable to route past 470Mbps: This is resolved by https://redmine.pfsense.org/issues/14207 Steve Wheeler
12:21 PM Regression #14678: CA and Certificate renewal page does not properly list some SHA1 certificates as being weak: Also can confirm on 23.09... aleksei prokofiev
11:46 AM Regression #14678: CA and Certificate renewal page does not properly list some SHA1 certificates as being weak: I can confirm that it is working as expected. Tested patch on 23.05.1 and 2.7.0 aleksei prokofiev
12:10 PM pfSense Docs Correction #14697 (Resolved): Need to fix TNSR examples recipes: Looks like the example images don't match the context of the example.
https://docs.netgate.com/tnsr/en/latest/recipe... aleksei prokofiev
10:37 AM pfSense Plus Bug #14175: LDAP authentication for SSH fails: Marcos M wrote in #note-6:
> With @Use Authentication Server for Shell Authentication@ checked, this issue can preve... Emre K
07:09 AM pfSense Plus Bug #14531: Traffic Graph widget doesn't show traffic counts for OpenVPN interfaces since 23.05.1 upgrade.: The same behavior on ... Lev Prokofev
04:04 AM Bug #14648: Values obtained from ``sysctl`` are sometimes unexpectedly empty, leading to PHP and other math errors: Hi
For the last 2 hrs been running script to keep getting that output every 1 second..
It hasn't come up blank o... Michael Clews
12:05 AM pfSense Packages Feature #14696: possible cross site scripting and URL manipulation shell access injection issue sgerror.php: /usr/local/www/sgerror.php
has no ability to disable internal error redirect functionality when utilizing externa... Jonathan Lee
12:03 AM pfSense Packages Feature #14696: possible cross site scripting and URL manipulation shell access injection issue sgerror.php: In my case https://192.168.1.1:8080/sgerror.php?url=403%20Blocked%20by%20Mom%20and%20Dad&a=%a&n=%n&i=%i&s=%s&t=%t&u=%... Jonathan Lee
12:02 AM pfSense Packages Feature #14696: possible cross site scripting and URL manipulation shell access injection issue sgerror.php: sgerror.php is also still accessible even with the internal error redirector redirecting to external site like Google... Jonathan Lee

08/18/2023

11:13 PM pfSense Packages Feature #14696: possible cross site scripting and URL manipulation shell access injection issue sgerror.php: I wonder if there is any php injection vulnerabilities here. I did get it to say hello world. I noticed there is some... Jonathan Lee
10:48 PM pfSense Packages Feature #14696: possible cross site scripting and URL manipulation shell access injection issue sgerror.php: if I can force it to say hello world, you could force it to say it a million times and do a denial of service attack ... Jonathan Lee
10:33 PM pfSense Packages Feature #14696 (Rejected): possible cross site scripting and URL manipulation shell access injection issue sgerror.php: Hello fellow pfSense Redmine team,

I seem to have found an issue with sgerror.php allowing a user to adapt the ph... Jonathan Lee
07:51 PM Bug #14542 (Resolved): Gateway widget tooltip incorrectly indicates some gateways as being default: Entries below default gateways no longer have the incorrect tooltip in the widget.
Jim Pingle
07:50 PM Todo #14399 (Resolved): Combining Interface and Rule ID state table filter fields returns no results: Input validation error is printed as expected, other queries still work.
Jim Pingle
07:48 PM Bug #14417 (Resolved): System Information widget does not properly form list of active hardware crypto algorithms: This appears to be correct and looks better on a variety of hardware models Jim Pingle
04:31 PM Bug #14673 (Resolved): Remove broken ``stun.sipgate.net`` from UPnP STUN server list: Jim Pingle
11:14 AM Bug #14673: Remove broken ``stun.sipgate.net`` from UPnP STUN server list: Tested on 23.05.1
No more stun.sipgate.net in the list.
!clipboard-202308181514-vpy4v.png!
Lev Prokofev
04:31 PM pfSense Packages Bug #14694 (Not a Bug): HAProcy: I'm using ACME certs with HAProxy and it works fine here, so it's not clear why yours might be failing.
This site ... Jim Pingle
05:02 AM pfSense Packages Bug #14694 (Not a Bug): HAProcy: After the latest update I can no longer assign an ACME certificate to a HAProxy Frontend, not matter which certificat... Rick Strangman
03:56 PM Bug #14648: Values obtained from ``sysctl`` are sometimes unexpectedly empty, leading to PHP and other math errors: Suika Ibuki wrote in #note-16:
> Why not do a patch against that function to dump everything, env and what not? At l... Jim Pingle
03:51 PM Bug #14648: Values obtained from ``sysctl`` are sometimes unexpectedly empty, leading to PHP and other math errors: commit:aed18fb07d387c90942b729c02fe460064310f5e should show up on GitHub here in a few minutes with a small fix to av... Jim Pingle
03:50 PM Bug #14648: Values obtained from ``sysctl`` are sometimes unexpectedly empty, leading to PHP and other math errors: I don't even know what is triggering that, something in the background of pfsense does, but dunno how to trigger it.
... Suika Ibuki
03:36 PM Bug #14648 (In Progress): Values obtained from ``sysctl`` are sometimes unexpectedly empty, leading to PHP and other math errors: OK that is in a completely different function, but one which also takes fetches its data from sysctl. Makes no sense ... Jim Pingle
01:59 PM Bug #14648: Values obtained from ``sysctl`` are sometimes unexpectedly empty, leading to PHP and other math errors: Jim Pingle wrote in #note-13:
> Michael Clews wrote in #note-12:
> > Hi
> > I received the error again
>
> Is ... Suika Ibuki
03:39 PM Revision aed18fb0: Avoid div by 0 in memory calculation. Issue #14648: Jim Pingle
09:18 AM Bug #14695 (Resolved): Copy function for User Manager Groups does not work for first group in list: It seems that https://redmine.pfsense.org/issues/12226 did not completely resolve this issue.
If you try to copy t... Dan Edwards

08/17/2023

10:33 PM Revision abe73fb3: Update .gitignore and remove autosave file from tests: Reid Linnemann
10:21 PM Bug #14693 (New): Filter reload with NAT reflection rules is extremely slow: We're running a PFSense cluster which contains the following amount of rules:
- 60x Outbound NAT rule
- 120x NAT ... Kevin Bentlage
08:46 PM Bug #14692 (New): Mangled link-local addresses are being logged: My system is logging discarded ping request messages from a link-local address, as is expected.
Here is an example... Daryl Morse
08:33 PM Bug #12833: GUI Service Log Filling Up with Cruft: Jim Pingle wrote in #note-6:
> That is a raw web server log, it's not meant to only show notable events, but every a... Daryl Morse
08:20 PM Bug #14542 (Feedback): Gateway widget tooltip incorrectly indicates some gateways as being default: Applied in changeset commit:d1f43fb9b03f4d4b30dc1b0dfed33d46d6386902. Jim Pingle
07:25 PM Bug #14542 (In Progress): Gateway widget tooltip incorrectly indicates some gateways as being default: Jim Pingle
07:28 PM Revision d1f43fb9: Fix gateway widget tooltip 'default' text. Fixes #14542: Jim Pingle
07:25 PM Todo #14399 (Feedback): Combining Interface and Rule ID state table filter fields returns no results: Applied in changeset commit:1b6b8b4c9c1e187d3a55f7fdb5dd8a22252caf06. Jim Pingle
07:10 PM Todo #14399 (In Progress): Combining Interface and Rule ID state table filter fields returns no results: Not specific to plus
I'll add an input validation error if both are filled in. Jim Pingle
07:19 PM Revision 1b6b8b4c: Error on states with if and ruleid filters. Fixes #14399: Jim Pingle
05:21 PM Bug #14417 (Feedback): System Information widget does not properly form list of active hardware crypto algorithms: Fix committed. Seems to list everything for me now and also in the correct alphabetical order.
Before:
!clipboard... Jim Pingle
04:14 PM Bug #14417 (In Progress): System Information widget does not properly form list of active hardware crypto algorithms: Though the problem is easiest to notice in Plus, the function is similar in CE and could in theory have the same prob... Jim Pingle
05:19 PM Revision 81da0ed3: Correct hwcrypto alg list in widget. Fixes #14417: Jim Pingle
03:34 PM Bug #11539: Mobile IPsec ``split_include`` value of ``0.0.0.0/0`` causes some clients to fail: Still waiting on an affected user to test and offer feedback.
Jim Pingle
03:33 PM Regression #12549: Per-user Mobile IPsec settings are not applied to connecting mobile clients: Clients are still not behaving a way that appears to be fixable for all of them at once. Will keep checking, though.
Jim Pingle
03:32 PM Todo #13508: Uncouple RAM Disk size from available kernel memory: Needs more time to come up with a proper solution. Jim Pingle
03:30 PM Regression #14690: Creating or duplicating an IPsec P1 entry does not increment the IKE ID: Excluding from release notes since it was never a problem in a release version. Jim Pingle
03:25 PM Regression #14690 (Feedback): Creating or duplicating an IPsec P1 entry does not increment the IKE ID: Applied in changeset commit:c10d5dc27156880b4939b0a4e862753949f9e649. Jim Pingle
03:17 PM Regression #14690: Creating or duplicating an IPsec P1 entry does not increment the IKE ID: This regressed after the last release. It's OK on 23.05.1 and 2.7.0, but broken in the current code. Looks like a var... Jim Pingle
03:12 PM Regression #14690 (In Progress): Creating or duplicating an IPsec P1 entry does not increment the IKE ID: It's worse than that, even creating a new tunnel from scratch has a duplicate ID. Jim Pingle
12:58 PM Regression #14690: Creating or duplicating an IPsec P1 entry does not increment the IKE ID: Not specific to plus, happens on CE as well.
Jim Pingle
03:18 PM Revision c10d5dc2: Fix var name in ipsec_ikeid_next(). Fixes #14690: Jim Pingle
03:16 PM Bug #14691 (Resolved): Separators get shifted when copying firewall rules between interfaces: h1. Reproduce
Have two active interfaces, one with at least one firewall rule (hereafter called OPT1) and the othe... Filip Bengtsson
08:10 AM pfSense Packages Bug #14683: PHP error on ``status_frr.php`` from using too much memory: and changed config.inc
// Set memory limit to 512M on amd64.
if ($ARCH == "amd64") {
ini_set("memory_limit", ... yon Liu
08:06 AM pfSense Packages Bug #14683: PHP error on ``status_frr.php`` from using too much memory: i have changed php tomemory_limit = 1200M now,it is ok.
and if run frr bgp route, the kern.ipc.maxsockbuf must be ch... yon Liu
07:24 AM Bug #14604: Bugs in dhclient implementation according to RFC 2131: Just to manage my expectations, how high is this on your priority list?
I'm thinking whether I should cancel my ISP ... Nazar Mokrynskyi

08/16/2023

11:15 PM Feature #14640 (Feedback): Extend support for SCTP in firewall and NAT rules: Applied in changeset commit:7a654802f01c17a921b3ae51099bf7d829df6cad. Marcos M
10:53 PM Revision 7a654802: Extend support for SCTP in firewall and NAT rules. Implement #14640: Marcos M
10:31 PM Feature #14483: Conditionally reconfigure IPsec VTI interfaces only when necessary while applying IPsec changes: I started a forum thread and during the discussion i realized the situation is very familiar to this redmine.
http... Mike Moore
09:23 PM Regression #14690 (Resolved): Creating or duplicating an IPsec P1 entry does not increment the IKE ID: pfSense 23.09-DEV build from today
VPN -> IPSec. I select the button to "copy phase 1 entry" for a P1 I created. The... Clinton Cory
07:45 PM Bug #14648: Values obtained from ``sysctl`` are sometimes unexpectedly empty, leading to PHP and other math errors: Michael Clews wrote in #note-12:
> Hi
> I received the error again
Is that with the patch applied or without it? Jim Pingle
07:40 PM pfSense Plus Feature #14348 (Feedback): Add unicast CARP indication and peer address to CARP status: Implemented in:
* https://gitlab.netgate.com/pfSense/pfSense/-/commit/d02e9664d251f54d99e5738808ea25b018421754 (CE... Jim Pingle
07:34 PM Revision d02e9664: CARP status update. Issue #14348: Add description Jim Pingle
12:57 PM pfSense Packages Feature #14689 (Rejected): Warn users about the risks of using snort in a netgate pfsense device: There are already warnings in place in various locations about this.
For example: https://www.netgate.com/supporte... Jim Pingle

08/15/2023

09:30 PM pfSense Packages Feature #14689 (Rejected): Warn users about the risks of using snort in a netgate pfsense device: Hello
I installed pfsense in a computer, running snort, protecting my network, it was awesome.... I decided to purch... Edgar Estrada
08:00 PM Feature #3288 (Feedback): Support interface macros in Outbound NAT rules: Applied in changeset commit:fecb90e9acdf0bd801e8a250b39e9a57555d3476. Marcos M
07:49 PM Revision fecb90e9: Support specialnets in outbound NAT source/destination. Implement #3288: Also, show an asterisk in place of 'Any' for the source,
and avoid generating oNAT rules with invalid aliases. Marcos M
07:16 PM Revision 1799f409: Extend alias and VIP checks to outbound NAT: Marcos M
06:27 PM Todo #14686: Check for deprecated OpenVPN encryption and digest options on upgrade: Updating subject for release notes. Jim Pingle
06:26 PM Todo #14672: Prevent weak SHA1 certificates from being used with GUI and Captive Portal: Updating subject for release notes. Jim Pingle
05:20 PM Todo #14672 (Feedback): Prevent weak SHA1 certificates from being used with GUI and Captive Portal: Applied in changeset commit:f78ae299e5ea7918478ad0cf902e169292ceb6f4. Jim Pingle
06:25 PM Todo #14677: Prevent weak SHA1 certificates from being used with OpenVPN clients and servers: Updating subject for release notes. Jim Pingle
06:24 PM Regression #14678: CA and Certificate renewal page does not properly list some SHA1 certificates as being weak: Updating subject for release notes. Jim Pingle
05:45 PM Feature #14688 (Rejected): Feedback on System Monitoring — DHCPv4 Status: You can already do that by making a static mapping entry -- it doesn't need to specify an IP address, it can just add... Jim Pingle
05:42 PM Feature #14688 (Rejected): Feedback on System Monitoring — DHCPv4 Status: *Page:* https://docs.netgate.com/pfsense/en/latest/monitoring/status/dhcp-ipv4.html
*Feedback:* It would be nice t... Joe Francis
05:45 PM Bug #14673 (Feedback): Remove broken ``stun.sipgate.net`` from UPnP STUN server list: Applied in changeset commit:9dc325fa2328597020540ab70f74fe13b575cdac. Jim Pingle
05:37 PM Bug #14673: Remove broken ``stun.sipgate.net`` from UPnP STUN server list: It's nice to have examples, so long as they work. Removing the broken one seems like a good enough measure for now.
Jim Pingle
05:39 PM Revision 9dc325fa: Remove broken STUN server from UPnP list. Fixes #14673: Jim Pingle
05:10 PM Revision f78ae299: Work around weak certificates for nginx. Implements #14672: * Generalize and move function that creates self-signed certs
* Detect weak cert when starting GUI and re-generate
* ... Jim Pingle
02:06 PM pfSense Plus Bug #14586: Adding an IP Alias VIP using a unicast CARP VIP as its parent changes the CARP VIP to multicast at the OS level: Ok, cool. Thanks for letting me know. I'll await 23.09. :) James George
01:29 PM pfSense Plus Bug #14586: Adding an IP Alias VIP using a unicast CARP VIP as its parent changes the CARP VIP to multicast at the OS level: Oh shoot, I apologize. I created the patch from a previous aborted MR, which I had closed before I saw and corrected ... Reid Linnemann
03:17 AM pfSense Plus Bug #14586: Adding an IP Alias VIP using a unicast CARP VIP as its parent changes the CARP VIP to multicast at the OS level: Thanks Reid.
Unfortunately, this seems to only be a partial fix (for me at least) - it does not work at bootup. I ... James George
02:54 AM pfSense Plus Bug #14682: DCO OpenVPN server bound to Localhost does not pass traffic as expected: I was able to confirm this bug on 2100 w/23.05.1. Craig Coonrad
01:25 AM Revision 15a79170: composer.json: add twig/twig and update versions: Christian McDonald

08/14/2023

10:19 PM pfSense Plus Bug #14586: Adding an IP Alias VIP using a unicast CARP VIP as its parent changes the CARP VIP to multicast at the OS level: James George wrote in #note-9:
> I'm happy to test the fix in my environment if you'd like; I'd just need a diff/pat... Reid Linnemann
09:53 PM Bug #14648: Values obtained from ``sysctl`` are sometimes unexpectedly empty, leading to PHP and other math errors: Hi
I received the error again
Crash report begins. Anonymous machine information:
amd64
14.0-CURRENT
FreeB... Michael Clews
08:53 PM Bug #14687: Error in boot messages about missing ``/boot/loader.conf.d`` directory: Stock FreeBSD comes with the directory.
Thus the best long term option is to just add one, but I don't know to do ... Mateusz Guzik
08:00 PM Bug #14687 (Closed): Error in boot messages about missing ``/boot/loader.conf.d`` directory: This is defined in /boot/defaults/loader.conf:... Steve Wheeler
07:35 PM Todo #14686 (Feedback): Check for deprecated OpenVPN encryption and digest options on upgrade: Applied in changeset commit:45b87923fecb8d7e414f927997b399fbe5a69355. Jim Pingle
05:44 PM Todo #14686 (Resolved): Check for deprecated OpenVPN encryption and digest options on upgrade: OpenSSL 3.x deprecated several algorithms for encryption and digest.
Encryption algorithms removed from OpenVPN:
... Jim Pingle
07:35 PM Todo #14677 (Feedback): Prevent weak SHA1 certificates from being used with OpenVPN clients and servers: Applied in changeset commit:45b87923fecb8d7e414f927997b399fbe5a69355. Jim Pingle
07:27 PM Revision 45b87923: Check OpenVPN instances for deprecated items: * Check for weak certificate digests. Implements #14677
* Check for deprecated encryption and digests. Implements #14686 Jim Pingle
03:53 PM Revision e1267c0f: Improve GUI cert digest help text: Instead of calling out one weak digest, mention the current best
practice minimum and that others may fail for being ... Jim Pingle
02:30 PM pfSense Plus Bug #14682: DCO OpenVPN server bound to Localhost does not pass traffic as expected: I can confirm this (even on 23.09 snaps) but it doesn't seem to be a routing issue. I see all the same interface conf... Jim Pingle
12:32 PM pfSense Plus Bug #14685 (Not a Bug): Kernel panic on reroot: The crash looks like it could potentially be a problem with the filesystem or disk. While there is a possibility it's... Jim Pingle
12:18 PM Regression #14678: CA and Certificate renewal page does not properly list some SHA1 certificates as being weak: aleksei prokofiev wrote in #note-2:
> Tested this patch on 23.05.1 and 2.7.0
> After apply the patch the the cert m... Jim Pingle
12:15 PM pfSense Packages Bug #14683: PHP error on ``status_frr.php`` from using too much memory: Probably too much data for that page to deal with (e.g. route table is gigantic).
It already tries to limit how th... Jim Pingle
12:12 PM Bug #14681 (Duplicate): IGMP proxy cause crash on 23.05.1: The backtrace looks close enough that it seems like the same bug. No reason for a new report at this point. Even if i... Jim Pingle
12:10 PM Bug #14680 (Not a Bug): server/client openvpn /30: This is just how OpenVPN works. With a /24 subnet, SSL/TLS, and no DCO you have to have Overrides to setup iroutes be... Jim Pingle
06:12 AM Bug #14651: pfSense 2.7.0 Release has PPPoE bug. Unable to even make connection. LCP: Down Event and Link: Down event with no explanation: Lucas Tam wrote in #note-3:
> I recently had a similar issue with my PPPoE interfaces w/ a QNAP QXG-2G4T-I225 passed... Cin Lung Chen
02:12 AM Bug #14684: Allowed IP Address does not control incoming speed in captive portal, PF Sense Release 2.7 Latest: I Also make a issue thread on forum.netgate.com, where Mr. Rcoleman-netgate advice me to address this bug
on this bu... Noman Haroon
02:07 AM Bug #14684: Allowed IP Address does not control incoming speed in captive portal, PF Sense Release 2.7 Latest: Dear PF Sense Engineers, I have shared a video, Kindly check it.
https://drive.google.com/drive/folders/1kVCGz0lYr... Noman Haroon

08/13/2023

08:28 PM pfSense Plus Bug #14685 (Feedback): Kernel panic on reroot: When running a reroot on my firewall (Dell R220) it starts to stop services just fine then kernel panics and does a w... Ed McLain
04:29 PM Bug #14684 (Confirmed): Allowed IP Address does not control incoming speed in captive portal, PF Sense Release 2.7 Latest: Hi PF Sense Engineers, I like to report a bug. There is problem in captive portal in latest release 2.7, In captive p... Noman Haroon
02:38 PM Bug #14628: PPPoE Interface Panic: @Jim Pingle The issue was reported again earlier today and I am attaching the latest dump. The ending lines of logs w... Faisal Mahmood
06:17 AM Regression #14678: CA and Certificate renewal page does not properly list some SHA1 certificates as being weak: Tested this patch on 23.05.1 and 2.7.0
After apply the patch the the cert marks as Weak Digest
!clipboard-202308130... aleksei prokofiev
04:59 AM pfSense Packages Bug #14683 (Duplicate): PHP error on ``status_frr.php`` from using too much memory: amd64
14.0-CURRENT
FreeBSD 14.0-CURRENT #1 plus-RELENG_23_05_1-n256108-459fc493a87: Wed Jun 28 04:26:04 UTC 202... yon Liu
04:26 AM Bug #14681: IGMP proxy cause crash on 23.05.1: No patch was applied, because the patch requires a kernel build. Lev Prokofev
02:45 AM Bug #14681: IGMP proxy cause crash on 23.05.1: Did this issue crop up as a result of the patch in the linked redmine or does this crash happen without the patch? Kris Phillips
02:47 AM Bug #14680: server/client openvpn /30: Based on the note below the Tunnel Network field, this might be expected behavior:
_A tunnel network of /30 or small... Kris Phillips

08/12/2023

09:27 PM pfSense Plus Bug #14682 (Resolved): DCO OpenVPN server bound to Localhost does not pass traffic as expected: When connected to an OpenVPN server that has DCO enabled and the OpenVPN server is bound to Localhost with Port Forwa... Kris Phillips
08:27 PM pfSense Packages Bug #14643 (Not a Bug): Suricata PHP error after upgrade to CE 2.7.0: That is expected as the system upgrades the packages. Since it is working correctly after the upgrade, I'm marking th... Christopher Cope
08:26 PM pfSense Packages Bug #14644 (Not a Bug): Zeek PHP error after upgrade to CE 2.7.0: e 1/1 wrote in #note-2:
> Kris Phillips wrote in #note-1:
> > Do any issues occur with the package post-upgrade or ... Christopher Cope
08:20 PM Bug #13344: Vlan loses parent interface when changing LAGG mtu to jumbo frames: related/duplicate? https://redmine.pfsense.org/issues/14603 Jordan G
07:17 PM Bug #13996: Limiters using the fq_pie scheduler no longer pass any traffic.: I can confirm, I'm seeing this on 23.05.1 - if nothing else but the scheduler changes from FQ_CODEL to FQ_PIE under t... Jordan G
12:55 PM Bug #14681 (Duplicate): IGMP proxy cause crash on 23.05.1: Crash trace attached, possibly related to https://redmine.pfsense.org/issues/12079
Fatal trap 12: page fault whi... Lev Prokofev
03:14 AM Bug #14648: Values obtained from ``sysctl`` are sometimes unexpectedly empty, leading to PHP and other math errors: It happens in my case after logging into the system based on the time stamp as its the same time as my login.
not su... Michael Clews
03:10 AM Bug #14680 (Not a Bug): server/client openvpn /30: server/client does not work if the Tunnel Network is not /30 in ssl/tls , it works with shared key .
* create Op... Alhusein Zawi

08/11/2023

09:52 PM Regression #14679: Allow simultaneously including/excluding the same type: This would make sense for types that allow "all of" and "none of" (host, mac, port). Marcos M
08:36 PM Regression #14679 (New): Allow simultaneously including/excluding the same type: Hi All
With the updates in the last couple version it looks like functionality was lost with the GUI packet captur... Martin Kenney
09:02 PM Revision 8c605478: Show the correct selection when editing oNAT rules: Fixes a copy/paste error from 887d0e7d. Marcos M
07:44 PM pfSense Packages Bug #14644: Zeek PHP error after upgrade to CE 2.7.0: Kris Phillips wrote in #note-1:
> Do any issues occur with the package post-upgrade or is just the upgrade PHP errors... e 1/1
07:15 PM Regression #14678 (Feedback): CA and Certificate renewal page does not properly list some SHA1 certificates as being weak: Applied in changeset commit:3ad1e1cb0dd5fa9a486448bfd44c82c230741306. Jim Pingle
06:05 PM Regression #14678 (Resolved): CA and Certificate renewal page does not properly list some SHA1 certificates as being weak: Noticed this when working on other OpenSSL changes, but some certificates are not being flagged by the renewal page a... Jim Pingle
07:12 PM Todo #14677 (In Progress): Prevent weak SHA1 certificates from being used with OpenVPN clients and servers: Adding the GUI warnings and filtering out the invalid certificate choices is now complete.
The upgrade code is the... Jim Pingle
07:11 PM Todo #14672 (In Progress): Prevent weak SHA1 certificates from being used with GUI and Captive Portal: Adding the GUI warnings and filtering out the invalid certificate choices is now complete.
The upgrade code is the... Jim Pingle
07:05 PM Revision 3ad1e1cb: Certificate digest strength changes: Part of ongoing changes for OpenSSL 3.x
* Consolidate and improve checks for weak digest algorithms.
Fixes #14678
... Jim Pingle
05:38 PM pfSense Packages Regression #14636 (Feedback): "Legacy" strength PKCS#12 Export needs ``-legacy`` provider parameter on OpenSSL command: I pushed this change on Wednesday:
https://github.com/pfsense/FreeBSD-ports/commit/f61ca6b81bab553e94046b1e6c5811a... Jim Pingle
04:29 PM Revision b6698d5b: Add the new initial installation tarball to the pkg-plist files in the base core package.: Luiz Souza
04:16 PM Revision 10f20bdb: Add a list of initial files installed only a single time.: Those files are mostly static and will not be upgraded with the rest of the
system to also preserve user customizatio... Luiz Souza
03:52 PM pfSense Packages Feature #14423: haproxy 2.7 QUIC support (+ maybe LUA 5.4?): Pawel Piaskowy wrote:
> Hello,
>
> I appreciate all pfSense+ updates and efforts Team is doing (I am relatively new ... Torben Hørup
01:46 PM Bug #14651: pfSense 2.7.0 Release has PPPoE bug. Unable to even make connection. LCP: Down Event and Link: Down event with no explanation: I recently had a similar issue with my PPPoE interfaces w/ a QNAP QXG-2G4T-I225 passed through to the VM using VMXNet... Lucas Tam
12:54 PM Bug #14665 (Feedback): IGMP Proxy cannot start on VirtIO (``vtnet``) interfaces: I've committed the relevant fix upstream and merged that into our trees. igmpproxy is expected to work in the next sn... Kristof Provost
12:36 PM pfSense Packages Bug #12899 (Resolved): Suricata doesn't honor Pass List: Jim Pingle
01:14 AM pfSense Packages Bug #12899: Suricata doesn't honor Pass List: Another pass at resolving this long standing, but random, issue is in the code of Pull Request 1284 (https://github.c... Bill Meeks
12:36 PM pfSense Packages Bug #14530 (Resolved): Suricata 6.0.13 package interface settings: Jim Pingle
01:11 AM pfSense Packages Bug #14530: Suricata 6.0.13 package interface settings: This issue is resolved by Pull Request 1285 https://github.com/pfsense/FreeBSD-ports/pull/1285 merged on August 10, 2... Bill Meeks
12:36 PM Bug #14648: Values obtained from ``sysctl`` are sometimes unexpectedly empty, leading to PHP and other math errors: Those are the exact same errors as above. You can try the patch above and see if you can reproduce it after.
At th... Jim Pingle
07:42 AM Bug #14648: Values obtained from ``sysctl`` are sometimes unexpectedly empty, leading to PHP and other math errors: Got a slightly different variant (havent changed anything):
PHP ERROR: Type: 1, File: /etc/inc/util.inc, Line: 2479,... Michael Clews
04:52 AM Revision 157e4821: Make sure all of /etc/dh-parameters* are not in the pfSense-base package.: For details, see e02a5d8c0f8627ed0259e1cc91dbbdaeb9746602 and #4816. Luiz Souza

08/10/2023

10:55 PM Revision 887d0e7d: Refactor outbound NAT target config field: Don't keep a separate target field, and handle
some older configs on upgrade. Marcos M
10:53 PM Revision 1b8b0963: Revert "Refactor outbound NAT target config field": This reverts commit 5557bc594916a5a6ff51ac8ed319a6ad436d3475. Marcos M
08:44 PM Feature #3288 (In Progress): Support interface macros in Outbound NAT rules: Marcos M
07:00 PM Feature #3288 (Feedback): Support interface macros in Outbound NAT rules: Marcos M
06:30 PM Revision 5557bc59: Refactor outbound NAT target config field: There's no need to keep a separate target field,
and now it's easier to implement #3288. Marcos M
06:08 PM pfSense Packages Bug #14676 (Confirmed): Listening Port option in the Tailscale configurator is not respected: Christian McDonald
05:37 PM pfSense Packages Bug #14676: Listening Port option in the Tailscale configurator is not respected: David G wrote in #note-7:
> Christian McDonald wrote in #note-5:
> > I bet something else is already listening on 1... David G
05:27 PM pfSense Packages Bug #14676: Listening Port option in the Tailscale configurator is not respected: Christian McDonald wrote in #note-5:
> I bet something else is already listening on 11111, forcing tailscaled to cho... David G
05:14 PM pfSense Packages Bug #14676 (Not a Bug): Listening Port option in the Tailscale configurator is not respected: Christian McDonald
05:12 PM pfSense Packages Bug #14676: Listening Port option in the Tailscale configurator is not respected: I bet something else is already listening on 11111, forcing tailscaled to choose another port to bind. Christian McDonald
05:09 PM pfSense Packages Bug #14676: Listening Port option in the Tailscale configurator is not respected: David G wrote in #note-3:
> Christian McDonald wrote in #note-2:
> > I'm not able to replicate this report myself.
... David G
04:49 PM pfSense Packages Bug #14676: Listening Port option in the Tailscale configurator is not respected: Christian McDonald wrote in #note-2:
> I'm not able to replicate this report myself.
Here are some screenshots of... David G
04:13 PM pfSense Packages Bug #14676: Listening Port option in the Tailscale configurator is not respected: I'm not able to replicate this report myself. Christian McDonald
10:32 AM pfSense Packages Bug #14676: Listening Port option in the Tailscale configurator is not respected: Tested on 2.7.0 and 23.05.1 , Tailscale 0.1.4
Can not reproduce, if I change listen port it always changed appropria... aleksei prokofiev
02:54 AM pfSense Packages Bug #14676 (Confirmed): Listening Port option in the Tailscale configurator is not respected: The tailscaled process starts and listens on a random port, instead of the one specified. This causes things like dir... David G
04:24 PM Todo #14672: Prevent weak SHA1 certificates from being used with GUI and Captive Portal: Added Captive Portal here since it will also fail with a SHA1 cert or CA Jim Pingle
04:19 PM Todo #14677 (Resolved): Prevent weak SHA1 certificates from being used with OpenVPN clients and servers: OpenVPN built against OpenSSL 3.0 rejects any certificate (client or server) using SHA1 hash. Surprisingly, a SHA1 CA... Jim Pingle
03:15 PM Feature #14667 (Resolved): Improve SCTP support in ``filterlog``: Looks good on the latest snapshot with @filterlog-0.1_10@.
!clipboard-202308101114-0moko.png!
Raw log content:
... Jim Pingle
02:15 PM pfSense Packages Bug #14674 (Resolved): Error after upgrade to HAProxy 0.62_1: Jim Pingle
02:08 PM pfSense Packages Bug #14674: Error after upgrade to HAProxy 0.62_1: It works for me too, thank you so much Crystian Geovani Dorabiatto
02:00 PM pfSense Packages Bug #14674: Error after upgrade to HAProxy 0.62_1: It seems to be working properly now with the new build no errors. Thanks Willem-Jan v R
12:54 PM pfSense Packages Bug #14674 (Feedback): Error after upgrade to HAProxy 0.62_1: I updated the non-devel version of the package with the code from -devel. The underlying versions of haproxy updated ... Jim Pingle
12:02 PM pfSense Packages Bug #14674 (In Progress): Error after upgrade to HAProxy 0.62_1: Jim Pingle
11:56 AM pfSense Packages Bug #14674: Error after upgrade to HAProxy 0.62_1: I had the same issue, Im using the Dev PKG but the Dev PKG has a lot of issue about SSL, in the past they fixed the s... Crystian Geovani Dorabiatto
11:36 AM pfSense Packages Bug #14674: Error after upgrade to HAProxy 0.62_1: I had the same issue. Luckily the develop version was working. I didn't make a new boot environment to restore from.
... Willem-Jan v R
02:37 AM pfSense Packages Bug #14674: Error after upgrade to HAProxy 0.62_1: Can confirm. Manually editing the file doesn't work. Kevin Ruffus
12:48 AM pfSense Packages Bug #14674 (Resolved): Error after upgrade to HAProxy 0.62_1: Looks like nbproc is no long supported in the config file and needs to be removed in order to start the service.
E... Chad High
01:05 PM Regression #14431: Sending IPv6 traffic on a disabled interface can trigger a kernel panic: In my case there is no involvement of Tailscale as I do not use it.
Regards.
☕️ Rob A
12:05 PM pfSense Plus Bug #14586 (Resolved): Adding an IP Alias VIP using a unicast CARP VIP as its parent changes the CARP VIP to multicast at the OS level: Jim Pingle
07:36 AM pfSense Plus Bug #14586: Adding an IP Alias VIP using a unicast CARP VIP as its parent changes the CARP VIP to multicast at the OS level: Tested on Dev build... Lev Prokofev
12:02 PM pfSense Packages Regression #14675 (Duplicate): HA Proxy can’t commit changes: Duplicate of #14674 (it has the full non-cropped error message) Jim Pingle
01:40 AM pfSense Packages Regression #14675 (Duplicate): HA Proxy can’t commit changes: There seems to an issue with commiting any changes in HA Proxy after a recent (today) package update.
There are foru... Mike Moore

08/09/2023

08:39 PM Bug #14673: Remove broken ``stun.sipgate.net`` from UPnP STUN server list: An example from a bug report from OpenWRT:
https://github.com/openwrt/packages/issues/17413#issuecomment-133790197... Kris Phillips
08:36 PM Bug #14673 (Resolved): Remove broken ``stun.sipgate.net`` from UPnP STUN server list: Some users are reporting that stun.sipgate.net, which is the first item in the list of the "Some public STUN servers:... Kris Phillips
07:56 PM Todo #14672: Prevent weak SHA1 certificates from being used with GUI and Captive Portal: Note this is for both the certificate itself using SHA1 *or* if the CA is using SHA1. Neither one can use it. Jim Pingle
07:14 PM Todo #14672 (Resolved): Prevent weak SHA1 certificates from being used with GUI and Captive Portal: The @nginx@ daemon for the GUI fails to run with a SHA1 certificate on dev snapshots using OpenSSL 3.0
The daemon ... Jim Pingle
07:43 PM Feature #14667: Improve SCTP support in ``filterlog``: PRs merged. The filterlog port change was missing a Makefile version bump but I took care of that. Should be in the n... Jim Pingle
07:30 PM Feature #14667 (Feedback): Improve SCTP support in ``filterlog``: Applied in changeset commit:d9601d99bbeb1d941484d777d8d3fbe1839a2faa. Kristof Provost
05:16 PM Feature #14667 (Pull Request Review): Improve SCTP support in ``filterlog``: Jim Pingle
04:58 PM Feature #14667: Improve SCTP support in ``filterlog``: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/1060
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/... Kristof Provost
07:22 PM Revision d9601d99: syslog: filterlog now exports port numbers for SCTP. Implements #14667: Kristof Provost
05:17 PM pfSense Packages Bug #14671: LCDproc package does not automatically restart after upgrade: I don't believe it has anything to do with the configuration, but some sort of timing issue on when the package is st... Jim Pingle
04:03 PM pfSense Packages Bug #14671 (New): LCDproc package does not automatically restart after upgrade: When upgrading LCDproc, the lcdproc daemon does not automatically restart.
One must re-save the LCDproc service se... Elvis Impersonator
02:11 PM pfSense Packages Feature #14653: Update to LCPROC NTP Screen: I've noticed that as well sometimes but haven't yet been able to track it down. That would belong in its own separate... Jim Pingle
02:08 PM pfSense Packages Feature #14653: Update to LCPROC NTP Screen: @jimp
23.05.1 I think there might a lingering bug with the package installer for LCDProc
After updating, LCDProc... Elvis Impersonator
01:33 PM pfSense Packages Feature #14653: Update to LCPROC NTP Screen: Elvis Impersonator wrote in #note-3:
> @jimp will it take a few days before the updated package is released?
It ... Jim Pingle
01:24 PM Revision 21a588f7: Unset DPCRE2/SPCRE2 options for haproxy-devel: Fix build failure:
====> You cannot select multiple options from the PCRE radio
=====> Only one of th... Kristof Provost
01:21 PM pfSense Packages Bug #14670 (Feedback): net-snmp does not ignore /var/unbound/dev: PR merged Jim Pingle
01:16 PM pfSense Packages Bug #14670: net-snmp does not ignore /var/unbound/dev: PR: https://github.com/pfsense/FreeBSD-ports/pull/1283 Jim Pingle
01:15 PM Feature #14402 (Resolved): Dynamic DNS support for Porkbun: Jim Pingle
06:35 AM Feature #14402: Dynamic DNS support for Porkbun: Work as expected, tested on ... Lev Prokofev
01:15 PM pfSense Packages Regression #14445 (Feedback): HAProxy PHP error /usr/local/www/haproxy/haproxy_global.php:138: PR merged -- also the same edit was made to the -devel package.
Jim Pingle
10:18 AM Bug #8686: IPsec VTI: Assigned interface firewall rules are never parsed: Could the ipsec interface be enabled for inclusion to an interface group when the advanced ipsec filter mode is set t... beermount beermount
07:00 AM Bug #14628: PPPoE Interface Panic: Hi, it was reported again yesterday and the dump looks the same as mentioned earlier. I tried to check the system log... Faisal Mahmood

08/08/2023

11:42 PM pfSense Plus Bug #14586: Adding an IP Alias VIP using a unicast CARP VIP as its parent changes the CARP VIP to multicast at the OS level: I'm happy to test the fix in my environment if you'd like; I'd just need a diff/patch to apply if the official fix is... James George
04:13 PM pfSense Plus Bug #14586: Adding an IP Alias VIP using a unicast CARP VIP as its parent changes the CARP VIP to multicast at the OS level: Updating subject for release notes. Jim Pingle
04:09 PM pfSense Plus Bug #14586 (Feedback): Adding an IP Alias VIP using a unicast CARP VIP as its parent changes the CARP VIP to multicast at the OS level: Fixed in eab8453f Reid Linnemann
10:34 PM pfSense Packages Feature #14653: Update to LCPROC NTP Screen: @jimp will it take a few days before the updated package is released? Elvis Impersonator
08:41 PM pfSense Packages Bug #14670 (Resolved): net-snmp does not ignore /var/unbound/dev: Net-snmp has ignoreDisk directives for devfs mount points /dev and /var/dhcpd/dev, but is missing an ignoreDIsk direc... Denny Page
08:34 PM Regression #14525: PHP error in ``status_ipsec.php`` after removing active IPsec tunnel configuration: Another instance of this (v23.05):... Craig Coonrad
07:50 PM Bug #14648 (Feedback): Values obtained from ``sysctl`` are sometimes unexpectedly empty, leading to PHP and other math errors: Applied in changeset commit:054c25418f28bd0afeb1e4a3f07075db76f8f61b. Jim Pingle
07:42 PM Bug #14648: Values obtained from ``sysctl`` are sometimes unexpectedly empty, leading to PHP and other math errors: I never could reproduce the error condition but I added several safety belts to ensure the values are sane coming out... Jim Pingle
07:42 PM pfSense Packages Feature #13138: DNS over HTTPS/TLS Blocking should be removed from SafeSearch: The block list [if done by IP] offers the option to create an ALIAS which is more flexible then sink holing. I would ... Mike Moore
07:39 PM Revision 054c2541: Add safety belts around memory size checks. Fixes #14648: * Add safety checks when fetching the memory size
* Also ensure the state table size is sane if the memory check fails Jim Pingle
07:31 PM pfSense Packages Bug #14668: FRR BGP route is not making into kernel route table after WireGuard's peer change is applied: Ive ran into a similar issue as well. The routes will appear in FRR but you check the pfsense route table the routes ... Mike Moore
04:22 PM pfSense Packages Bug #14668 (New): FRR BGP route is not making into kernel route table after WireGuard's peer change is applied: I was able to reproduce this behavior in clear PfSense 2.7 setup with frr 1.3_1 and WireGuard 0.2.0_2, not sure which... Oleksii Tucha
07:27 PM pfSense Packages Feature #14669 (New): pfblocker log rotation on schedule: Allow the option to set logroate option (daily,weekly,monthly)
Im using pfBlocker stats to fill in a report and beca... Mike Moore
03:43 PM Bug #14356: URL scheme is not properly validated in some cases: Updating for release notes. Jim Pingle
03:41 PM Regression #14039: Limiters have no effect on upload traffic passed by policy routing rules: Updating subject for release notes. Jim Pingle
03:40 PM Bug #14497: Kernel panic when using traffic shaping on a PPPoE interface: Updating subject for release notes. Jim Pingle
03:36 PM Feature #14666: Option to add automatic pass rules for IGMP Proxy which allow IP options: I'd suggest a (default on, because it's basically required for it to work anyway) checkbox to create automagic rules ... Kristof Provost
02:49 PM Feature #14666 (New): Option to add automatic pass rules for IGMP Proxy which allow IP options: Users frequently get tripped up by IGMP not receiving traffic because by default, firewall rules do not allow packets... Jim Pingle
03:29 PM Feature #14667 (Resolved): Improve SCTP support in ``filterlog``: FreeBSD 14.x includes more support for SCTP in the OS and in PF. There is a separate issue underway for allowing port... Jim Pingle
03:22 PM Regression #14377 (Closed): Cannot add a QinQ interface to a bridge: Looks good in todays snapshot:... Steve Wheeler
02:15 PM Regression #14377: Cannot add a QinQ interface to a bridge: Doesn't appear to be specific to Plus Jim Pingle
03:05 PM Regression #14615 (Resolved): PHP crash during bootup with gateway monitoring enabled with custom monitor IP: Christian McDonald
03:03 PM Regression #14615: PHP crash during bootup with gateway monitoring enabled with custom monitor IP: Excluding from release notes since this wasn't a problem in a release, only during development. Jim Pingle
03:04 PM Bug #14619: Rule separators are ordered incorrectly after removing rules in certain positions: Updating subject for release notes. Jim Pingle
03:02 PM Feature #14457: Support receiving ``EAPOL`` frames on VLAN ``0`` in ``wpa_supplicant``: Updating subject for release notes. Jim Pingle
02:59 PM Regression #14370: Console and system log may contain unnecessary Netlink debug messages from IPsec: Updating subject for release notes. Jim Pingle
02:58 PM Bug #13088: Rapidly clicking certain options on OpenVPN Client Overrides can cause hide/show field behavior to invert: Updating subject for release notes. Jim Pingle
02:50 PM Bug #14301: Input validation error when saving IGMP Proxy settings: I also created a feature request for an option to handle the firewall rules we discussed: #14666 Jim Pingle
02:40 PM Bug #14301: Input validation error when saving IGMP Proxy settings: I made a dedicated issue for the VirtIO problem at #14665 Jim Pingle
02:22 PM Bug #14301: Input validation error when saving IGMP Proxy settings: The virtio issue did turn out to be a virtio problem. It doesn't allow IFF_ALLMULTI to be set (on systems where the h... Kristof Provost
12:35 PM Bug #14301 (Feedback): Input validation error when saving IGMP Proxy settings: Applied in changeset commit:a38aa6d7ffd121727eae9f0d5229b4121928e1f5. Kristof Provost
02:42 PM Bug #13277 (Duplicate): IGMP Proxy webConfigurator Page Always Produces Error: Duplicate of #14301 -- This one was first, but the fix is already committed and noted on #14301 Jim Pingle
02:39 PM Bug #14665 (Resolved): IGMP Proxy cannot start on VirtIO (``vtnet``) interfaces: Moved this over from #14301
From Kristof:
> I'm investigating another issue, which I suspect to be limited to ... Jim Pingle
02:36 PM Bug #12079: Kernel panic when running IGMP Proxy: Sleeping thread owns a non-sleepable lock: Updating subject for release notes. Jim Pingle
02:34 PM Bug #14524: Cannot select IP Alias VIP with CARP VIP parent in Virtual IP drop-down on Gateway Groups: Updating subject for release notes. Jim Pingle
02:31 PM Feature #14402: Dynamic DNS support for Porkbun: Updating subject for release notes. Jim Pingle
02:31 PM Bug #14637: PHP shell script ``pfanchordrill`` shows duplicate anchor content: Updating subject for release notes. Jim Pingle
02:28 PM Bug #14598: Link to view Captive Portal custom HTML page content does not work: Updating subject for release notes. Jim Pingle
02:28 PM Bug #14574: Firewall rules are not displayed properly when they reference a URL table alias and its file does not exist: Updating subject for release notes. Jim Pingle
02:21 PM Regression #14374: Static ARP entries are not configured at boot: Updating subject for release notes. Jim Pingle
02:21 PM Bug #13068: Firewall rules fail to load when a URL table alias file does not exist: Updating subject for release notes. Jim Pingle
02:17 PM pfSense Plus Bug #13348: Error when deleting ZFS Boot Environment created from duplicate of non-default entry: Updating subject for release notes. Jim Pingle
01:35 PM Bug #14660: Sticky Connections do not work properly when multiple connections have the same Gateway IP: Jim Pingle wrote in #note-1:
> That isn't a supported case. pf has no way to differentiate between two identical gat... Lucas Tam
12:24 PM Bug #14660 (Rejected): Sticky Connections do not work properly when multiple connections have the same Gateway IP: That isn't a supported case. pf has no way to differentiate between two identical gateways in this case and there isn... Jim Pingle
08:01 AM Bug #14660 (Rejected): Sticky Connections do not work properly when multiple connections have the same Gateway IP: I have set up a multi-WAN configuration that involves multiple PPPoE connections to my Internet service provider. Eac... Lucas Tam
01:15 PM Bug #14661 (New): ``dpinger`` can unintentionally choose an IPv6 VIP for a monitoring source: Jim Pingle
01:00 PM Bug #14661: ``dpinger`` can unintentionally choose an IPv6 VIP for a monitoring source: In that screenshot you can see that dpinger is using the CARP IP on a IPv6 gateway.
And this happens with all IPv6 g... Hannes Scherbichler
12:23 PM Bug #14661 (Feedback): ``dpinger`` can unintentionally choose an IPv6 VIP for a monitoring source: I can't reproduce this here, @dpinger@ is using the interface IPv6 address as expected. In the @dpinger@ command line... Jim Pingle
11:38 AM Bug #14661 (Closed): ``dpinger`` can unintentionally choose an IPv6 VIP for a monitoring source: Hello,
We have a pfSense cluster running with CARP and IPv6.
We noticed, that dpinger uses the CARP IP address as... Hannes Scherbichler
12:26 PM Revision a38aa6d7: igmpproxy: Do not display an error when saving changes. Fixes #14301: Kristof Provost

08/07/2023

11:49 PM Feature #3288 (In Progress): Support interface macros in Outbound NAT rules: Marcos M
09:24 PM pfSense Packages Bug #14659 (New): vlan (add/modify/delete) with pfblockerNG installed - all interfaces flap: Hard to say if this is a bug per se but its a reproducible problem.
1. create a LAGG with assigned VLANs and those... Mike Moore
09:19 PM pfSense Docs Todo #14658 (Resolved): Update firewall/NAT rule source/destination field references: The firewall/NAT rule source/destination fields have been updated:
https://github.com/pfsense/pfsense/commit/feefe2c... Marcos M
09:01 PM Bug #14301: Input validation error when saving IGMP Proxy settings: Note that that's mostly only a cosmetic problem. It does actually start igmpproxy.
I'm investigating another issue, ... Kristof Provost
08:12 PM Bug #14301 (Pull Request Review): Input validation error when saving IGMP Proxy settings: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/1058 Marcos M
08:25 PM Bug #14657 (Rejected): PHP Fatal error: Allowed memory size of 536870912 bytes exhausted (tried to allocate 4096 bytes) in /usr/local/www/diag_command.php on line 174: That is not a package created or maintained by Netgate. Contact its author for assistance. Jim Pingle
08:20 PM Bug #14657 (Rejected): PHP Fatal error: Allowed memory size of 536870912 bytes exhausted (tried to allocate 4096 bytes) in /usr/local/www/diag_command.php on line 174: Hi, I executed this command via the GUI
curl https://updates.sunnyvalley.io/getzenarmor | sh
and then this one... e ok
07:21 PM pfSense Docs Todo #14656 (Resolved): Feedback on Interface Types and Configuration — LAGG (Link Aggregation): *Page:* https://docs.netgate.com/pfsense/en/latest/interfaces/lagg.html
*Feedback:* New to this so sorry if I'm ju... Anthony Celata
07:21 PM Bug #13068 (Resolved): Firewall rules fail to load when a URL table alias file does not exist: Marcos M
07:15 PM Bug #14637 (Feedback): PHP shell script ``pfanchordrill`` shows duplicate anchor content: Applied in changeset commit:68f5fc1bd5d2583317ab6e38f833070c2d1174cd. Marcos M
07:15 PM Bug #6799 (Feedback): Negating ``<interface> net`` when a VIP exists on the interface results in unintended behavior: Applied in changeset commit:85c4a8de0016bc4d192b60fd384af56aa4ba1376. Marcos M
07:13 PM pfSense Packages Bug #14654 (Resolved): Can't select BFD Peer for BGP Neighbor in GUI, Route Maps are shown instead: Jim Pingle
06:55 PM pfSense Packages Bug #14654: Can't select BFD Peer for BGP Neighbor in GUI, Route Maps are shown instead: Jim Pingle wrote in #note-4:
> Corrected packages are building now.
Updated, configured and checked on 2.7 - work... Oleksii Tucha
05:44 PM pfSense Packages Bug #14654 (Feedback): Can't select BFD Peer for BGP Neighbor in GUI, Route Maps are shown instead: It doesn't appear that I introduced an error in the behavior of the function that gathers BFD peers but I did spot an... Jim Pingle
12:52 PM pfSense Packages Bug #14654: Can't select BFD Peer for BGP Neighbor in GUI, Route Maps are shown instead: I probably made an error when updating all the FRR code for the new config access functions. I'll look into it today.
Jim Pingle
07:12 PM Bug #13423 (Resolved): IPv6 neighbor discovery protocol (NDP) fails in some cases: Seems to be solid here after several days in a row and several interface events. Gateways are still showing green thr... Jim Pingle
07:08 PM Revision 68f5fc1b: Avoid displaying duplicate anchors with pfanchordrill. Fix #14637: Marcos M
07:06 PM Revision 85c4a8de: Use pf macros for <interface> subnets. Fix #6799: This changes the behavior of '<if> subnet' in generated firewall/NAT
rules. The previous behavior expands '<if> subne... Marcos M
06:20 PM Bug #14646: OpenVPN can select the wrong interface IP address when multiple addresses are present: In my testing here, the behavior is correct when that is set to a failover group.
@get_interface_ip(<group name>)@... Jim Pingle
06:09 PM pfSense Packages Feature #14653 (Feedback): Update to LCPROC NTP Screen: PR merged Jim Pingle
05:38 PM Revision 7e01141a: Don't restrict the outbound NAT target list: The target_type list was changed in abc9d914 to restrict the displayed
selection options depending on the interface. ... Marcos M
05:35 PM Feature #14650 (Resolved): Change default match modifier from "all of" to "any of": Marcos M
03:55 PM Feature #14650 (Feedback): Change default match modifier from "all of" to "any of": Applied in changeset commit:54756f9f683282ca8e850de61f9929a9f011cda1. Marcos M
04:48 PM pfSense Plus Bug #14586: Adding an IP Alias VIP using a unicast CARP VIP as its parent changes the CARP VIP to multicast at the OS level: I've got a similar patch incoming, and this should be included in the System Patches as well I think. Reid Linnemann
03:48 PM Revision 54756f9f: Change the default match for Port and MAC in the packet capture GUI. Implement #14650: Marcos M
03:39 PM pfSense Packages Bug #14496: FATAL ERROR: /usr/local/etc/snort/snort_11005_mvneta1/snort.conf(405) Please activate arpspoof before trying to use arpspoof_detect_host.: This error has returned for some reason Jonathan Lee
03:02 PM Bug #14651: pfSense 2.7.0 Release has PPPoE bug. Unable to even make connection. LCP: Down Event and Link: Down event with no explanation: Marcos M wrote in #note-1:
> Please continue to discuss the issue in the forum. Once steps to reproduce the issue on... Cin Lung Chen
01:35 PM Bug #14648: Values obtained from ``sysctl`` are sometimes unexpectedly empty, leading to PHP and other math errors: Yeah that's what I figured but what I can't figure out is why it would ever come back blank for that OID. I can't mak... Jim Pingle
01:32 PM Bug #14648: Values obtained from ``sysctl`` are sometimes unexpectedly empty, leading to PHP and other math errors: @var_dump(""/1000);@ produces the same error
the empty string does not cleanly cast automatically to an int.
@g... Christian McDonald
01:11 PM Bug #14648: Values obtained from ``sysctl`` are sometimes unexpectedly empty, leading to PHP and other math errors: I doubt it is related to hardware at all, but maybe a timing issue with reading those values from sysctl. It may be h... Jim Pingle
10:55 AM Bug #14648: Values obtained from ``sysctl`` are sometimes unexpectedly empty, leading to PHP and other math errors: I also get similar error:... Michael Clews
12:46 PM Bug #7589 (Resolved): ``diag_edit.php`` warning is not cleared after picking non-directory to load: Jim Pingle
12:14 PM Regression #14377 (Feedback): Cannot add a QinQ interface to a bridge: Kristof Provost
11:38 AM Bug #12079: Kernel panic when running IGMP Proxy: Sleeping thread owns a non-sleepable lock: This is the relevant commit: https://github.com/pfsense/FreeBSD-src/commit/f10efe9d5708cf2f385f17f6ed13909d84cea737
... Kristof Provost
04:41 AM Feature #12077: Allow stick-connections per gateway group: Yes, this would be useful in my scenario where I have 3 x 1Gbe PPPoE links and I only want my browser clients to be s... Lucas Tam
04:38 AM Feature #290: Add Multi-WAN awareness to UPnP: Same, interested, all packages should have multi-wan awareness? Lucas Tam

08/06/2023

03:25 PM Bug #14655: NAT behind a WAN rule" and "!WAN rule": Im wanting about different NATs with the same ports Andre Lopez Araujo
03:24 PM Bug #14655 (Confirmed): NAT behind a WAN rule" and "!WAN rule": Good morning,
I just set up a DMZ NAT for everything that is not a WAN Net, but when creating another NAT with the... Andre Lopez Araujo
09:14 AM pfSense Packages Feature #14652: FRR OSPF6 not working over wireguard: Correct, I am relying on neighbor discovery. But even if I wanted to define a static neighbor, there would not be any... beermount beermount
04:12 AM Bug #14646: OpenVPN can select the wrong interface IP address when multiple addresses are present: Wasn't sure if this applied to clients and servers. After applying changeset via system_patches I rebooted upstream g... Jordan G
03:02 AM pfSense Packages Regression #14445: HAProxy PHP error /usr/local/www/haproxy/haproxy_global.php:138: Please see this pull request: https://github.com/pfsense/FreeBSD-ports/pull/1282 Alex Neihaus

08/05/2023

11:13 PM pfSense Packages Bug #14654: Can't select BFD Peer for BGP Neighbor in GUI, Route Maps are shown instead: confirmed.
BFD option(in BGP Neighbors) does not list BFD peers , it shows Route Map lists.
tested on 2.7 and... Alhusein Zawi
09:24 PM pfSense Packages Bug #14654: Can't select BFD Peer for BGP Neighbor in GUI, Route Maps are shown instead: FRR package version is 1.3, if that does matter.
It was working in FRR 1.1.1_7 (which is still installed in my 2.6 i... Oleksii Tucha
09:21 PM pfSense Packages Bug #14654 (Resolved): Can't select BFD Peer for BGP Neighbor in GUI, Route Maps are shown instead: To reproduce:
1. Install FRR
2. Create Route Map
3. Try to select a BFD Peer for BGP Neighbor
!bfd.png!
The se... Oleksii Tucha
11:10 PM pfSense Packages Bug #12899: Suricata doesn't honor Pass List: This has proven to be a very hard bug to find and fix. The problem is random. I have thus far been unable to reproduc... Bill Meeks
10:45 PM pfSense Packages Bug #14644: Zeek PHP error after upgrade to CE 2.7.0: Do any issues occur with the package post-upgrade or is just the upgrade PHP errors the only issue? Kris Phillips
10:44 PM pfSense Packages Feature #14652: FRR OSPF6 not working over wireguard: Hello,
Are you relying on neighbor discovery or do you have neighbors manually programmed in across the link? Typ... Kris Phillips
12:55 PM pfSense Packages Feature #14652: FRR OSPF6 not working over wireguard: Also see https://redmine.pfsense.org/issues/12760 beermount beermount
10:53 AM pfSense Packages Feature #14652 (New): FRR OSPF6 not working over wireguard: FRR OSPF6 is unable to form neighborship without adding link-local alias to wireguard interface.
Unless i perform:... beermount beermount
10:20 PM pfSense Packages Feature #14653: Update to LCPROC NTP Screen: Update LCDPROC NTP Screen
* Add time zone
* Improved selection between GPS and PPS
* Add stability parameter for P... Elvis Impersonator
03:01 PM pfSense Packages Feature #14653 (Feedback): Update to LCPROC NTP Screen: Update to LCDPROC NTP Screen
* Add time zone
* Add local PPS stability pps
https://github.com/pfsense/FreeBSD-po... Elvis Impersonator
10:01 PM pfSense Packages Bug #14287 (Feedback): pfBlockerNG does not uninstall cleanly when using RAM disks: I'm seeing this on 23.05.1 pfBlockerNG 3.2.0_5 across multiple devices. Perhaps you need an existing pfBlockerNG sect... Jordan G
08:45 AM pfSense Packages Bug #14287 (Resolved): pfBlockerNG does not uninstall cleanly when using RAM disks: No PHP errors on 23.05.1 when deleting 3.2.0_5 package with unchecked "keep config"... Lev Prokofev
04:33 PM Bug #6799: Negating ``<interface> net`` when a VIP exists on the interface results in unintended behavior: Tested and reproduced. Also tested with patch applied.
Steps to reproduce:
1. Create a LAN rule with Source ... Kris Phillips
03:33 PM Bug #14651 (Incomplete): pfSense 2.7.0 Release has PPPoE bug. Unable to even make connection. LCP: Down Event and Link: Down event with no explanation: Please continue to discuss the issue in the forum. Once steps to reproduce the issue on other systems (or specific de... Marcos M
09:22 AM Bug #14651 (Incomplete): pfSense 2.7.0 Release has PPPoE bug. Unable to even make connection. LCP: Down Event and Link: Down event with no explanation: Sorry if this is wrong, I am frustrated and would love to be pointed to the right direction. I made a post in the for... Cin Lung Chen
12:50 PM Bug #7589: ``diag_edit.php`` warning is not cleared after picking non-directory to load: Patch clear the warning after you click browse.
Tested on ... Lev Prokofev
09:41 AM pfSense Packages Regression #14189: pfBlocker-NG: HA-Sync is not working: the typo fix patch from the forum thread does fix the Sync functional for pfBlockerNG
tested on
Version 23.05.1-RE... Georgiy Tyutyunnik
09:36 AM Bug #14646: OpenVPN can select the wrong interface IP address when multiple addresses are present: wasn't able to reproduce the original issue as it's stated in the ticket.
However, found a somewhat linked issue:
I... Georgiy Tyutyunnik
05:52 AM Bug #14631: ACL on DNS Resolver is not updated list after IPs changed on interfaces: Can confirm, adding the IP on interfaces doesn't trigger the unbound to reload the config, and the new subnet is not ... Lev Prokofev

08/04/2023

09:55 PM Feature #14650 (Pull Request Review): Change default match modifier from "all of" to "any of": The default match selection for @PORT NUMBER@ and @HOST MAC ADDRESS@ has been changed to @any of@; this is the more c... Marcos M
06:31 PM Feature #14650 (Resolved): Change default match modifier from "all of" to "any of": It makes more sense to default the match Christian McDonald
08:09 PM Feature #14620: Support running DHCPv4 Server and DHCPv4 Relay at the same time on different interfaces: We will need to re-test this, as the previous attempt ended up breaking DHCPv6 completely.
More work is needed to su... Christian McDonald
06:24 PM Feature #13377: Option to configure a custom value for the PHP memory limit: Jonathan Lee wrote in #note-15:
> Thanks for the reply,
>
> just to confirm the is the Path Strip Count 2 for you... Christopher Cope
06:04 PM Feature #13377: Option to configure a custom value for the PHP memory limit: Thanks for the reply,
just to confirm the is the Path Strip Count 2 for your patch?
!clipboard-202308041104-h72... Jonathan Lee
05:30 PM Feature #13377: Option to configure a custom value for the PHP memory limit: Jonathan Lee wrote in #note-10:
> Could this also be adapted to use a disk swap? That way it could have an option to... Christopher Cope
05:28 PM Feature #13377: Option to configure a custom value for the PHP memory limit: Jonathan Lee wrote in #note-12:
> I added your patch set this to 512mb and I am still getting that snort error for a... Christopher Cope
04:33 PM Feature #13377: Option to configure a custom value for the PHP memory limit: I added your patch set this to 512mb and I am still getting that snort error for active rules
Crash report begins.... Jonathan Lee
03:57 PM Feature #13377: Option to configure a custom value for the PHP memory limit: is the Path Strip Count 2 for the patch? Jonathan Lee
03:42 PM Feature #13377: Option to configure a custom value for the PHP memory limit: Could this also be adapted to use a disk swap? That way it could have an option to use and allocate fixed disk storag... Jonathan Lee
06:07 PM Regression #14649: PHP error with One.com Dynamic DNS provider: https://redmine.pfsense.org/issues/14558
Could DoH support help with this? Jonathan Lee
03:52 PM Regression #14649: PHP error with One.com Dynamic DNS provider: confirmed and reproduced on:
Version 2.7.0-RELEASE (amd64)
built on Wed Jun 28 03:53:34 UTC 2023
FreeBSD 14.0-CURR... Georgiy Tyutyunnik
01:05 PM Regression #14649 (Resolved): PHP error with One.com Dynamic DNS provider: Tested on ... Lev Prokofev
06:00 PM pfSense Packages Bug #14498: php errors when looking at snort active rules: [04-Aug-2023 09:30:42 US/Pacific] PHP Fatal error: str_ireplace(): Cannot use output buffering in output buffering d... Jonathan Lee
04:36 PM pfSense Packages Bug #14498: php errors when looking at snort active rules: @Christopher Cope
I have tested your patch attached here. Strip level 2
set to 512mb
Hover I am still getting... Jonathan Lee
03:37 PM pfSense Packages Bug #14498: php errors when looking at snort active rules: Amazing, thanks for sharing I appreciate you. Jonathan Lee
04:37 PM pfSense Packages Feature #13575 (In Progress): Update to frr 9.0.1: This appears to be functioning OK for the most part but it isn't building with the SNMP option enabled yet. There is ... Jim Pingle
03:16 PM pfSense Packages Bug #12899: Suricata doesn't honor Pass List: I've also experienced this for quite awhile. I created an alias for a vendor and added all IP addresses and ranges kn... tasty ratz
06:23 AM pfSense Packages Feature #14032: Neighbor Discovery Proxy (NDproxy): NDProxy is the only way we have been able to get IPv6 working for our company network, and that have been possible on... Filippo Tessarotto

08/03/2023

10:05 PM pfSense Packages Regression #14189: pfBlocker-NG: HA-Sync is not working: Related: "Sync to configured backup server" option does not allow to Save without an IP address in the target below.
... dylan mendez
08:09 PM pfSense Packages Regression #14189: pfBlocker-NG: HA-Sync is not working: Patch to fix the typo was posted at https://forum.netgate.com/post/1108304 Steve Y
08:57 PM pfSense Packages Feature #13575 (Feedback): Update to frr 9.0.1: Merged https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/350 Marcos M
07:49 PM pfSense Packages Feature #14625: Add NTP Screens to LCDPROC: The installed packages Widget did not show there was a new package. Package manage did, but that was when it failed.... Elvis Impersonator
07:35 PM pfSense Packages Feature #14625: Add NTP Screens to LCDPROC: Probably best to move it to the forum then, there may be something that needs fixed on your system, but it's not a ge... Jim Pingle
07:34 PM pfSense Packages Feature #14625: Add NTP Screens to LCDPROC: checked branch and it set correctly
Elvis Impersonator
07:31 PM pfSense Packages Feature #14625: Add NTP Screens to LCDPROC: No issues installing or upgrading it here. Make sure the update branch is set to the appropriate version that matches... Jim Pingle
07:15 PM pfSense Packages Feature #14625: Add NTP Screens to LCDPROC: @jimp
new LCDPROC package will not install
WARNING: Current pkg repository has a new PHP major
version. pfSens... Elvis Impersonator
06:36 PM pfSense Packages Feature #14625 (Feedback): Add NTP Screens to LCDPROC: Merged in LCDProc package version 0.11.5 Jim Pingle
06:38 PM Feature #14448 (Resolved): Support interface groups in firewall rule source/destination fields: Marcos M
03:43 PM pfSense Docs New Content #14647: Add a note for ixgbe linking at NBase-T: N.B. They will need to check the current value and add the desired value to it. Support varies by NIC/Chip/SFP/etc. S... Jim Pingle
03:22 PM pfSense Docs New Content #14647: Add a note for ixgbe linking at NBase-T: The sysctl that needs to be set is: dev.ix.X.advertise_speed
So for example set dev.ix.3.advertise_speed=0x1b to a... Steve Wheeler
12:39 PM Bug #14648: Values obtained from ``sysctl`` are sometimes unexpectedly empty, leading to PHP and other math errors: Normally I'd say we could just change the lines there to cast to @int@ but I'm curious why it fails to automatically ... Jim Pingle
11:18 AM Bug #14648 (Feedback): Values obtained from ``sysctl`` are sometimes unexpectedly empty, leading to PHP and other math errors: In 23.05.1:... Steve Wheeler
11:31 AM pfSense Packages Feature #9141: FRR xmlrpc: In simple setups like mine I believe having the same BGP configuration on both Primary and Secondary members is what ... Adrian Dascalu

08/02/2023

11:26 PM Feature #14640 (Pull Request Review): Extend support for SCTP in firewall and NAT rules: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/1056 Marcos M
10:01 PM pfSense Docs New Content #14647 (Resolved): Add a note for ixgbe linking at NBase-T: The ixgbe driver in 23.01/2.7 recognises link speeds of 2.5G and 5G and can be set to use them as fixed speeds.
How... Steve Wheeler
07:25 PM Bug #14646 (Feedback): OpenVPN can select the wrong interface IP address when multiple addresses are present: Applied in changeset commit:340aa54839a5b3a8fb74b66919511cebb307bb57. Jim Pingle
07:14 PM Bug #14646 (Resolved): OpenVPN can select the wrong interface IP address when multiple addresses are present: If there are multiple IP addresses and VIPs on an interface, OpenVPN can unintentionally select the wrong address.
... Jim Pingle
07:14 PM Revision 340aa548: Correct OpenVPN if IP addr code. Fixes #14646: Jim Pingle
06:28 PM pfSense Packages Bug #14645 (Resolved): Snort interface "External Net" (EXTERNAL_NET) custom IP list should have negation when expanded: Hello,
I'm not really good with Snort but all my search results confirm that it is common to have @EXTERNAL_NET@ c... Dzmitry Kazei
05:52 PM Revision e4bba4ab: "OpenVPN clients" is not a valid rule src/dst, remove it.: Marcos M
04:59 PM Revision 35abdef2: Revert "services_dhcp_relay.php: introduce proper shortcut section for dhcrelay": This reverts commit 834bb946dd952f1d7a59e131d6b265cc82b7837d. Christian McDonald
04:58 PM Revision f137d9cd: Revert "services_dhcp.php: cleanup warning notice when DHCP relay is enabled": This reverts commit 564905382d696ef80b45e7552f4fdc502a7d2053. Christian McDonald
04:29 PM Revision e9995ff3: Revert "services_dhcp.php: just hide relay-enabled interfaces": This reverts commit 7a1d5e27022fb7183e8a7b17b5514169cbd7ecc7. Christian McDonald
04:28 PM Revision 3fa4d6fe: Revert "dhcp: support simultaneous v4 dhcpd and dhcrelay, Implements #14620": This reverts commit e9577ebfd7852646a66697a3bde41b712687a4ca. Christian McDonald
01:17 PM Bug #14634: The default gateway icon is not updated when the default gateway is changed to none: This looks likely to be the same cause as this: https://redmine.pfsense.org/issues/14171#note-3
The command used f... Steve Wheeler
12:01 PM pfSense Packages Bug #14644 (Not a Bug): Zeek PHP error after upgrade to CE 2.7.0: First login after upgrading to 2.7.0, a couple of PHP error notices are shown, one of them related to Zeek:
@PHP E... e 1/1
12:00 PM pfSense Packages Bug #14643 (Not a Bug): Suricata PHP error after upgrade to CE 2.7.0: First login after upgrading to 2.7.0, a couple of PHP error notices are shown, one of them related to Suricata:
@P... e 1/1
04:16 AM Bug #12079: Kernel panic when running IGMP Proxy: Sleeping thread owns a non-sleepable lock: Awesome Kristof, I'll be happy to test it.
Could you briefly explain how to apply the patch?
I'm on CE 2.7.0 and ... Arturo de Vries

08/01/2023

10:47 PM Feature #14640 (In Progress): Extend support for SCTP in firewall and NAT rules: Marcos M
06:29 PM Feature #14640 (Resolved): Extend support for SCTP in firewall and NAT rules: As of 47d0c1fe7d3279e9d38df75cf0c359b1fbc26d5e (on devel-main) pf has improved SCTP support. It can now filter on SCT... Kristof Provost
10:21 PM pfSense Packages Feature #13575: Update to frr 9.0.1: Tested in 23.09 by running:... Marcos M
08:06 PM pfSense Packages Feature #14642 (New): nfsen-nfdump intergration: Can we get nfdump/nfsen package integrated within pfsense? Have sflow send data to nfsen. The built-in collector woul... Mike Moore
07:29 PM Todo #1521: Multipath Routing GUI Support: See also: #9545, #14641 Jim Pingle
07:28 PM Todo #1521: Multipath Routing GUI Support: As of Plus 23.05.1 and CE 2.7.0, the OS supports multipath routing (i.e. ECMP).
However, outside of FRR, there isn... Jim Pingle
07:29 PM Feature #9545: Enable Multipath Routing in the Kernel: See also: #1521, #14641 Jim Pingle
06:44 PM Feature #9545 (Resolved): Enable Multipath Routing in the Kernel: From our local testing here on Plus (23.05.1, 23.09 snaps) and CE (2.7.0, 2.8.0 snaps), with both static and BGP it a... Jim Pingle
07:28 PM pfSense Docs New Content #14641: Add content about multipath routing: See also: #1521, #9545 Jim Pingle
07:07 PM pfSense Docs New Content #14641 (Resolved): Add content about multipath routing: Now that the OS supports multipath routing it should be covered in the docs were appropriate.
See #9545 for notes/... Jim Pingle
07:25 PM pfSense Packages Feature #14625: Add NTP Screens to LCDPROC: Round 3
https://github.com/pfsense/FreeBSD-ports/pull/1278
Elvis Impersonator
06:52 PM Revision c76dadcc: Add Next Hop info to status output: Jim Pingle
04:11 PM Regression #14431: Sending IPv6 traffic on a disabled interface can trigger a kernel panic: Is Tailscale also in play here? I've trying and failing to reproduce this again. No matter what I try to do, I simply... Kristof Provost
03:20 PM Bug #14577: OpenVPN not removing old Cisco-AVPair anchor rules and files in ``/tmp``: Until the referenced functionality is added upstream, floating client support will need to be disabled if avpair rule... Marcos M
02:28 PM Bug #14577: OpenVPN not removing old Cisco-AVPair anchor rules and files in ``/tmp``: I have to disagree that they are a cosmetic issue.
This issue was originally discovered via the following:
1. A n... Michael Mercier
11:21 AM pfSense Docs Correction #14639 (Resolved): Multiple email address notification: https://docs.netgate.com/pfsense/en/latest/config/advanced-notifications.html#smtp-e-mail
Please add a note about ... Mike Moore
04:54 AM pfSense Packages Bug #14638 (Closed): Upgrading from Tailscale 0.1.3.1 to 0.1.4 does not start tailscale after upgrading: After upgrading Tailscale from 0.1.3.1 to 0.1.4, Tailscale was not running according to the status page.
I was abl... R W

07/31/2023

08:41 PM Bug #14577 (Needs Patch): OpenVPN not removing old Cisco-AVPair anchor rules and files in ``/tmp``: The duplicate rules listed with @pfanchordrill@ are a cosmetic issue - see #14637.
As for the files that aren't be... Marcos M
08:33 PM Bug #14637 (Pull Request Review): PHP shell script ``pfanchordrill`` shows duplicate anchor content: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/1054
For future reference, @pfctl -vsA@ loops through L3... Marcos M
08:31 PM Bug #14637 (Resolved): PHP shell script ``pfanchordrill`` shows duplicate anchor content: ... Marcos M
07:55 PM Regression #14635 (Feedback): "Legacy" strength PKCS#12 Export needs ``-legacy`` provider parameter on OpenSSL command: Applied in changeset commit:9b9eaaeaa6cfa87c1320687836496d316aac61ef. Jim Pingle
07:47 PM Regression #14635: "Legacy" strength PKCS#12 Export needs ``-legacy`` provider parameter on OpenSSL command: Export package issue: #14636 Jim Pingle
07:44 PM Regression #14635 (Resolved): "Legacy" strength PKCS#12 Export needs ``-legacy`` provider parameter on OpenSSL command: On current dev snapshots with OpenSSL 3.0, the "Legacy" strength PKCS#12 export (RC2-40+SHA1) is unsupported by defau... Jim Pingle
07:48 PM Revision 9b9eaaea: Allow legacy PKCS#12 export to function (for now). Fixes #14635: Jim Pingle
07:47 PM pfSense Packages Regression #14636 (Resolved): "Legacy" strength PKCS#12 Export needs ``-legacy`` provider parameter on OpenSSL command: See #14635 for details.
The export package will need a change similar to that one from #14635 but it will need to ... Jim Pingle
07:30 PM Bug #14634 (Confirmed): The default gateway icon is not updated when the default gateway is changed to none: Link to the discussion in question: https://forum.netgate.com/topic/180684/bug-in-default-gateway-selection
As des... Fabiano B. Franco
07:19 PM Feature #9545: Enable Multipath Routing in the Kernel: Jim Pingle wrote in #note-16:
> Turns out it's already enabled in the current builds. FRR without the "multipath" op... Chris Baker
06:54 PM Bug #13423 (Feedback): IPv6 neighbor discovery protocol (NDP) fails in some cases: Lets wait until we get more real-world testing to call it completely resolved. Jim Pingle
06:53 PM Bug #13423 (Resolved): IPv6 neighbor discovery protocol (NDP) fails in some cases: I was able to reliably reproduce this before, and can no longer reproduce it with the fix. Marcos M
06:50 PM Bug #13423: IPv6 neighbor discovery protocol (NDP) fails in some cases: I upgraded my edge to a dev snap with the fix and so far, so good. Everything across the board is green in my lab for... Jim Pingle
06:39 PM Bug #14619 (Resolved): Rule separators are ordered incorrectly after removing rules in certain positions: Original issue is now fixed, and all test cases referenced in the attachments of #9887 pass as well; separators in th... Marcos M
05:40 PM Bug #14619 (Feedback): Rule separators are ordered incorrectly after removing rules in certain positions: Applied in changeset commit:8a12728da23fc7cb654cec4a97670ef2b6dfb239. Marcos M
06:00 PM Regression #14616: dpinger does not start after renewing DHCP: Kris Phillips wrote in #note-1:
> Hello,
>
> Is there no default route defined when you go to Diagnostics --> Rou... Maternal Pause
03:12 PM Regression #14616: dpinger does not start after renewing DHCP: You can edit the "/conf/config.xml" file under "<system>" and add a new line with "<route-debug></route-debug>" to ge... Kyouko M
05:45 PM Feature #14448 (Feedback): Support interface groups in firewall rule source/destination fields: Applied in changeset commit:9fbd5798a3d76b36e6cc37debc5a37d382977a78. Marcos M
05:32 PM Revision abc9d914: Refactor translation target for outbound NAT: Marcos M
05:32 PM Revision feefe2c3: Refactor display of special networks: Marcos M
05:32 PM Revision 9fbd5798: Allow use of interface groups in firewall rule source/destination fields. Implement #14448: Marcos M
05:32 PM Revision ccf3b257: Refactor usage of special networks: Pre-requisite for easier implementation of interface group in firewall rules. Marcos M
05:30 PM Revision 8a12728d: Use the correct index when saving rule separators. Fix #14619: Also fix displaying rule separators with an out of range index. Marcos M
04:46 PM pfSense Packages Feature #14625: Add NTP Screens to LCDPROC: Tested files attached Elvis Impersonator
04:44 PM pfSense Packages Feature #14625: Add NTP Screens to LCDPROC: Updated PR
https://github.com/pfsense/FreeBSD-ports/pull/1277 Elvis Impersonator
02:53 PM pfSense Packages Feature #14625 (Pull Request Review): Add NTP Screens to LCDPROC: Jim Pingle
04:08 PM pfSense Packages Feature #14633: Cleanup states on dynamic routing changes: The scripting hook described at https://docs.frrouting.org/en/latest/scripting.html seems promising. If nothing else ... Jim Pingle
03:59 PM pfSense Packages Feature #14633: Cleanup states on dynamic routing changes: This is specific to FRR, so I moved it to the FRR package.
Base system routing changes of this nature are already ... Jim Pingle
03:57 PM pfSense Packages Feature #14633 (Feedback): Cleanup states on dynamic routing changes: Currently, with FRR, dynamic routing changes does not cleanup old firewall states causing traffic to flow incorrectly... Christopher de Haas
03:46 PM Regression #14502: DHCPv6 Prefix Delegation (PD) not installing routes: For another confirmation point, I upgraded my edge to 23.09 dev snapshots and dhcpleases6 is running and I have route... Jim Pingle
03:43 PM pfSense Packages Feature #14629: Add option control LCDProc ``syslog`` behavior: Worth noting that the old hardcoded default was level 3. When I added the option I made the new default level 2 to al... Jim Pingle
03:18 PM pfSense Packages Feature #14629 (Feedback): Add option control LCDProc ``syslog`` behavior: Added in LCDProc package v0.11.4_2 which is building now and will be available shortly.
Jim Pingle
03:28 PM Revision 7a1d5e27: services_dhcp.php: just hide relay-enabled interfaces: Christian McDonald
02:36 PM pfSense Packages Bug #14627: FRR prefix list creation failure: The validation could use some work but it's not completely broken as-is, it can be worked around.
If you enter the... Jim Pingle
02:25 PM Bug #14261: Trim white space in a DHCP Leases page search field: I'm not sure I agree this is a problem exactly as stated. Sometimes I may want to search for a specific string that s... Jim Pingle
01:52 PM Bug #14622 (Not a Bug): Special characters can cause the CDATA tags to be stripped during HA Sync: I can't duplicate this as stated in any case. I can create a user with a full name of "Tést" and it synchronizes with... Jim Pingle
10:56 AM Bug #14622: Special characters can cause the CDATA tags to be stripped during HA Sync: Upon further testing we found the following:
Accented characters (or an apostrophe for that matter too) present in... Udo Llorens
10:20 AM Bug #14622: Special characters can cause the CDATA tags to be stripped during HA Sync: Tested on... Udo Llorens
01:43 PM pfSense Packages Feature #14630: FRR script hook for clearing states on routing changes: If such extensions were possible those would require developing new features to accommodate them, adding the new func... Jim Pingle
01:32 PM pfSense Packages Feature #14630: FRR script hook for clearing states on routing changes: Hi Jim,
Thanks for responding to this quickly, and thanks for the floating-rule idea. I get that it can help mitigat... Christopher de Haas
12:34 PM pfSense Packages Feature #14630 (Not a Bug): FRR script hook for clearing states on routing changes: There is no event or mechanism by which that situation could be identified and acted upon.
If it were a built-in W... Jim Pingle
05:55 AM pfSense Packages Feature #14630 (New): FRR script hook for clearing states on routing changes: I have been chasing an issue of dropped traffic, and finally found the issue. A client is repeatedly sending traffic ... Christopher de Haas
12:48 PM Bug #14624 (Not a Bug): DNS Lookup tool doesn't respect 'DNS Resolution Behavior: Use local, ignore remote' when DoT is configured: That page uses several different techniques to function and some do not use the local resolver directly. For example,... Jim Pingle
12:29 PM pfSense Packages Feature #14632 (Rejected): Add flock pacakage to pfsense repository: There isn't nearly enough information here. Do you mean the @sysutils/flock@ port from FreeBSD? Or something else?
... Jim Pingle
11:50 AM pfSense Packages Feature #14632 (Rejected): Add flock pacakage to pfsense repository: i would like to use flock with cron jobs
Thanks Richard Horvath
12:24 PM Bug #14628: PPPoE Interface Panic: Looking at the end of the message buffer there were a lot of interface link transitions up/down on a PPPoE interface ... Jim Pingle
12:15 PM pfSense Packages Bug #14484 (Resolved): lldpd php error on saving with no interface selected: Jim Pingle
12:14 PM Bug #14626: Multi-WAN IPsec does not fail over when preferred WAN loses link: Thomas Simon wrote in #note-3:
> Hi Kris. thanks for the quick response. Yes, attempting. However on the failed WAN ... Jim Pingle
07:53 AM pfSense Packages Feature #14468: pass along ntopng professional license key: Hi, I thought I was the only one with this issue. I need to install my NTOPNG Pro license on Ver 23.05.1 but even if ... Russ Reynolds
06:48 AM Bug #14631 (Duplicate): ACL on DNS Resolver is not updated list after IPs changed on interfaces: ACL on DNS Resolver is not updated list after IPs changed on interfaces.
How to repruduce:
1. Create new interface
... aleksei prokofiev

Also available in: Atom

Project

General

Profile

pfSense

Activity

Activity

08/29/2023

08/28/2023

08/27/2023

08/26/2023

08/25/2023

08/24/2023

08/23/2023

08/22/2023

08/21/2023

08/20/2023

08/19/2023

08/18/2023

08/17/2023

08/16/2023

08/15/2023

08/14/2023

08/13/2023

08/12/2023

08/11/2023

08/10/2023

08/09/2023

08/08/2023

08/07/2023

08/06/2023

08/05/2023

08/04/2023

08/03/2023

08/02/2023

08/01/2023

07/31/2023