Project

General

Profile

Activity

From 08/11/2023 to 09/09/2023

09/09/2023

11:16 PM Feature #14766 (New): i225/i226 based NICs not recognized for CE install/virtualized instances freezing
Intel's information for i225/6 based network cards states they both require pcie gen 3.1 for interface. This requires... Jordan G
08:31 PM Bug #14579: PHP error in ``handle_wireless_post()`` when toggling some wireless interface options
Crash report begins. Anonymous machine information:
amd64
14.0-CURRENT
FreeBSD 14.0-CURRENT #1 RELENG_2_7_0-n25... Michael Pfsense
08:31 PM Bug #14579: PHP error in ``handle_wireless_post()`` when toggling some wireless interface options
I also have this problem when trying to take a wificard interface from SSID broadcast to no SSID broadcast on 2.7.0-R... Michael Pfsense
07:34 PM Feature #14765 (Rejected): DHCPv6 is limited to DUID and unable to consider IAID
In DHCPv6, the client identifier is not the MAC Address anymore. That concept is replaced with the DUID. If the same ... Jacques Bourdeau
07:08 PM pfSense Packages Regression #14764 (Confirmed): HAProxy local syslog not working
HAProxy package v0.63_1
Setting the syslog host to @/var/run/log@ in the HAProxy settings doesn't produce any entr... Michael Vincent

09/08/2023

10:45 PM pfSense Plus Regression #14171: High Availability Setup with Gateway to secondary pfSense not working - No Internet
The @-iface@ parameter is only specified if the gateway value is a MAC address ("source":https://github.com/pfsense/p... Marcos M
09:11 PM pfSense Packages Bug #14711: pfBlocker ASN to IP Address option doesn't work
It seems to be working again for me! Hayden Hill
07:49 PM pfSense Packages Feature #9833: ACME: add ability to use custom ACME server
+1 for me too. I'd like to set it up with FreeIPA 4.9 as it starts to support the ACME protocol for certificates. Ben Tyger
07:15 PM Todo #14750: Automatically configure PF states hash table size
Indeed I meant @net.pf.states_hashsize@. Marcos M
07:03 PM Todo #14750: Automatically configure PF states hash table size
Updating subject for release notes.
The original description here doesn't match what was committed. The commit is ... Jim Pingle
07:00 PM Regression #14569: ``bnxt(4)`` driver errors
Updating subject for release notes. Jim Pingle
06:59 PM Feature #14731: Unbound Advanced Settings entry for ``sock-queue-timeout``
Updating subject for release notes. Jim Pingle
05:09 PM pfSense Plus Bug #14763 (Rejected): Editing Static Routes
I can't reproduce this on 23.05.1 or elsewhere. There may be something specific in your setup that's contributing, bu... Jim Pingle
04:43 PM pfSense Plus Bug #14763 (Rejected): Editing Static Routes
Unable to edit static routes - when saving, the page tells you the route already exists as if it's trying to create a... Sean Huggans
03:58 PM Feature #14047: Options to control Intel Speed Shift
Tested against:
pfSense release:... Danilo Zrenjanin
03:21 PM Bug #14758: ``status_carp.php`` and ``diag_dump_states.php`` unresponsive with large state tables
I believe the problem is that we're overflowing the size field in the DIOCGETSTATESV2 call, and that's causing confus... Kristof Provost
07:05 AM Bug #14758: ``status_carp.php`` and ``diag_dump_states.php`` unresponsive with large state tables
So the lack of kernel stack as well as the lack of truss output (reported on Slack) would point in the direction of t... Kristof Provost
02:42 PM Feature #14762 (New): Support X25519 and X448 public key algorithms in certificates
Currently there is no support for certificates using X25519 and X448 public keys. Importing certificates with such ke... Jim Pingle
01:42 PM Feature #14761: Select multiple config backups in history to delete
Pull request:
https://github.com/pfsense/pfsense/pull/4648 Phil Wardt
01:41 PM Feature #14761 (Pull Request Review): Select multiple config backups in history to delete
Add option to select multiple configs from the backup history so that they can be deleted at once
Report in GUI the ... Phil Wardt
05:39 AM pfSense Packages Bug #14748 (Confirmed): FRR reload script is not executed properly
I can confirm this behavior, the Frr keeps the neighbor config until the restart of the service
tested on
<pre... Lev Prokofev
02:05 AM pfSense Packages Feature #14539: Add support for Oracle Cloud Infrastructure (OCI) vNIC management to work with unicast CARP
Package PR: https://github.com/pfsense/FreeBSD-ports/pull/1291
With initial commit to introduce this capability. James George

09/07/2023

06:18 PM Todo #14732 (Resolved): Update Unbound to 1.18.0
Christian McDonald
05:07 PM Bug #9889: Cannot validate Certificates against Certificate Revocation Lists for Intermediate Certificate Authorities
Added to System Patches: https://github.com/pfsense/FreeBSD-ports/commit/ade361d4fbbaf4c40b55fdd0838e6b1594b5f801 Jim Pingle
04:39 PM Bug #9889 (Feedback): Cannot validate Certificates against Certificate Revocation Lists for Intermediate Certificate Authorities
We received a submission privately from "MalteHillmann":https://github.com/MalteHillmann with a fix for this. It's a ... Jim Pingle
04:07 PM pfSense Packages Bug #14760 (New): When RPKI is enabled for filtering, no upstream routes are received
When RPKI is enabled for filtering, no upstream routes are received.
route-map RPKI deny 20
match rpki invalid
... yon Liu
04:05 PM pfSense Plus Bug #14759 (Rejected): openvpn not show Client Certificate
This site is not for support or diagnostic discussion.
For assistance in solving problems, please post on the "Net... Jim Pingle
04:02 PM pfSense Plus Bug #14759 (Rejected): openvpn not show Client Certificate
openvpn not show Client Certificate,The previous pfsense version showed normal
23.09-DEVELOPMENT (amd64)
built on... yon Liu
03:46 PM pfSense Plus Bug #14752: PHP Request Shutdown: Cannot use output buffering in output buffering display handlers in Unknown on line 0
Fatal error: Allowed memory size of 536870912 bytes exhausted (tried to allocate 526385168 bytes) in /usr/local/www/s... yon Liu
02:53 PM Bug #14758: ``status_carp.php`` and ``diag_dump_states.php`` unresponsive with large state tables
Kristof Provost wrote in #note-2:
> Replicating what I said in Slack: it'd be good to attach truss to one of the pfc... Kris Phillips
07:26 AM Bug #14758: ``status_carp.php`` and ``diag_dump_states.php`` unresponsive with large state tables
Replicating what I said in Slack: it'd be good to attach truss to one of the pfctl processes, to see what it's doing.... Kristof Provost
12:21 AM Bug #14758: ``status_carp.php`` and ``diag_dump_states.php`` unresponsive with large state tables
The command run on the CARP status page shows the list of creator IDs for all sync'd states:... Steve Wheeler
12:12 AM Bug #14758 (Resolved): ``status_carp.php`` and ``diag_dump_states.php`` unresponsive with large state tables
When attempting to load the CARP Status Page or States Diagnostics page in pfSense Plus when there is 2-3 Million Sta... Kris Phillips
12:54 PM pfSense Packages Bug #14460: PHP Fatal error: Uncaught TypeError: Cannot access offset of type string on string in /usr/local/pkg/haproxy/haproxy.inc:2158
Will open issue in TAC asap.
Currently I don't have a GUI ... because the LE-Cert-Renewal fails because of the non-wo... Stefan Weichinger
12:52 PM pfSense Packages Bug #14460: PHP Fatal error: Uncaught TypeError: Cannot access offset of type string on string in /usr/local/pkg/haproxy/haproxy.inc:2158
Stefan Weichinger wrote in #note-12:
> I have a 2nd pfSense (SG1100) that also has HAproxy not starting.
> Should I... Jim Pingle
12:42 PM pfSense Packages Bug #14460: PHP Fatal error: Uncaught TypeError: Cannot access offset of type string on string in /usr/local/pkg/haproxy/haproxy.inc:2158
I have a 2nd pfSense (SG1100) that also has HAproxy not starting.
Should I open a new issue in TAC, may I post the r... Stefan Weichinger
12:40 PM Bug #14757: Special character encoding - crash on save / config restore
Hi,
the comment was in there bevore we updates to the new Version 2.7.0 not the 23.05.1.
Also the issue ocurred when... Alex G
10:44 AM Bug #14757: Special character encoding - crash on save / config restore
I couldn't reproduce that issue if I entered the same description for a group directly in the 23.05.1 release.
... Danilo Zrenjanin
07:31 AM pfSense Plus Regression #14378: Packages are not removed when using the hardware reset button
The issue persists on:... Danilo Zrenjanin
07:15 AM pfSense Plus Regression #14378: Packages are not removed when using the hardware reset button
The issue persists on :... Danilo Zrenjanin

09/06/2023

10:14 PM Bug #14757: Special character encoding - crash on save / config restore
The caracter in the description is encoded like this... Alex G
10:14 PM Bug #14757 (New): Special character encoding - crash on save / config restore
I have posted this in the forum and could verify / reproduce the problem.
I upgraded from version 2.6.0 to 2.7.0 and... Alex G
08:47 PM Bug #14756 (Resolved): Link loss causes interfaces configured as Track Interface for IPv6 to lose their IPv4 addresses
An interface configured as 'Track Interface' for IPv6 will lose it's static IPv4 address if the NIC link is brought d... Steve Wheeler
07:55 PM Bug #14609 (Feedback): Update check in GUI does not always honor the configured proxy settings
Applied in changeset commit:3c8a408116c01d74fd114d8cc143b0f550bf00c5. Jim Pingle
07:45 PM Bug #14609 (In Progress): Update check in GUI does not always honor the configured proxy settings
Jim Pingle
06:30 PM pfSense Packages Feature #14032: Neighbor Discovery Proxy (NDproxy)
The port does not currently build on FreeBSD 14 according to:
https://gitlab.com/FreeBSD/freebsd-ports/-/commit/d738... Marcos M
06:21 PM Bug #13218 (Resolved): GIF-based interface MTU is assigned to parent interface on boot when parent interface is a LAGG
The patch fixes it.
I am marking this ticket resovled. Danilo Zrenjanin
06:17 PM Bug #13218: GIF-based interface MTU is assigned to parent interface on boot when parent interface is a LAGG
I reproduced the issue on the following version:... Danilo Zrenjanin
05:50 PM Bug #14717: A default route can remain after setting the default gateway to None
This problem also exists in pfsense 23.09 version. This also brings about a side problem. The local ISP wan pppoe ipv... yon Liu
05:35 PM Bug #12938 (Feedback): Incorrect warning from ``radvd`` about ``AdvRDNSSLifetime`` value
Applied in changeset commit:7dd12384e42233149d971a8a1333383eb4891ae5. Marcos M
05:34 PM Regression #14755: Intermittent core dump in ``ndp`` when visiting ``diag_ndp.php``

Just checked and both ndp -an and ndp -na work via the CLI, so regression limited to the GUI. For me the issue is n... Rob A
05:25 PM Regression #14755 (Resolved): Intermittent core dump in ``ndp`` when visiting ``diag_ndp.php``
In certain cases when visiting @diag_ndp.php@ the NDP table is empty and @ndp@ has dumped core:... Jim Pingle
05:11 PM Regression #14431: Sending IPv6 traffic on a disabled interface can trigger a kernel panic
Issue remains 'live' with 23.09 dev. Details of the first crash on this version, triggered this time by taking the W... Rob A
04:35 PM Regression #14431: Sending IPv6 traffic on a disabled interface can trigger a kernel panic
I have switched to 23.09 dev as that is where most of the activity is focused. I will monitor and update if this iss... Rob A
04:58 PM pfSense Plus Bug #14752: PHP Request Shutdown: Cannot use output buffering in output buffering display handlers in Unknown on line 0
It appeared when I visited the pfsense homepage, but I don’t know what it is related to.I'll report back to you as so... yon Liu
12:02 PM pfSense Plus Bug #14752 (Incomplete): PHP Request Shutdown: Cannot use output buffering in output buffering display handlers in Unknown on line 0
There isn't nearly enough information there to tell anything. We need to know how to reproduce it, the page it happen... Jim Pingle
10:19 AM pfSense Plus Bug #14752 (Incomplete): PHP Request Shutdown: Cannot use output buffering in output buffering display handlers in Unknown on line 0
amd64
14.0-ALPHA2
FreeBSD 14.0-ALPHA2 amd64 1400094 #1 plus-devel-main-n256133-bef8dca4536: Tue Sep 5 06:26:19 UTC... yon Liu
04:50 PM Todo #14750 (Feedback): Automatically configure PF states hash table size
Applied in changeset commit:5224e0b2416ac93b3562374fef1c3537f7af4003. Marcos M
04:49 PM Regression #14727 (Feedback): PCH Temperature missing from Thermal Sensors
Will be included in the next nightly snapshot Brad Davis
03:37 PM pfSense Docs Correction #14697 (Resolved): Need to fix TNSR examples recipes
Fixed, thanks!
You might have to clear your cache to pick up the images since the names are the same, I just correct... Jim Pingle
03:25 PM Feature #14731 (Feedback): Unbound Advanced Settings entry for ``sock-queue-timeout``
Applied in changeset commit:19f6d85f5c0401ebd849b50941fc81106e903d17. Marcos M
03:06 PM Feature #14731: Unbound Advanced Settings entry for ``sock-queue-timeout``
Changed from a subtask to "follows" otherwise this would prevent us from closing the Unbound update task until this w... Jim Pingle
02:59 PM Feature #14731: Unbound Advanced Settings entry for ``sock-queue-timeout``
Unbound has now been updated to 1.18.0, this is now ready to land Christian McDonald
02:58 PM Feature #14731 (Pull Request Review): Unbound Advanced Settings entry for ``sock-queue-timeout``
Christian McDonald
02:58 PM Todo #14732 (Feedback): Update Unbound to 1.18.0
Christian McDonald
02:53 PM pfSense Packages Bug #14754: Snort security issue bug within tcp/UDP scan detection blocking tool DoS event
Please Note:
bugs@snort.org does not respond to any emails with the report listed above. If you are reading this ... Jonathan Lee
02:52 PM pfSense Packages Bug #14754: Snort security issue bug within tcp/UDP scan detection blocking tool DoS event
Per Netgate Security Team on August 25, 2023 at 5:17:05 AM PDT:
Hello,
The Snort package for pfSense software i... Jonathan Lee
02:50 PM pfSense Packages Bug #14754 (Not a Bug): Snort security issue bug within tcp/UDP scan detection blocking tool DoS event
*Version:*
Snort 4.1.6_8 built on pfSense plus Netgate 2100 appliance running an ARM processor. Package is prebuilt... Jonathan Lee
01:58 PM pfSense Packages Bug #14753: pfBlockerNG sync issues
Tested on pfSense 23.05.1 and pfBlocker 3.2.0_6 and can confirm such issue. aleksei prokofiev
01:50 PM pfSense Packages Bug #14753 (New): pfBlockerNG sync issues
pfBlockerNG sync user's password may cause sync issues and be recognised as an attacker by sshguard if it's password ... Georgiy Tyutyunnik
11:46 AM Bug #13687: Cannot add limiters named ``new``
Still the issue on the dev build... Lev Prokofev
08:57 AM Feature #14751 (New): OpenVPN CSO option to control duplicate connections per a specific client
It would be beneficial to have an option in the Client Specific Overrides to enable/disable duplicate connections per... Danilo Zrenjanin
08:11 AM Bug #13903 (Resolved): PPPoE Server address input validation is incorrectly allowing IPv6
The patch fixes the reported issue.
I am marking this case resolved. Danilo Zrenjanin

09/05/2023

09:35 PM Todo #14750 (Pull Request Review): Automatically configure PF states hash table size
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/1072 Marcos M
08:07 PM Todo #14750 (Resolved): Automatically configure PF states hash table size
See @net.pf.states_hashsize@ in pf(4):
> Size of hash tables that store states. Should be power of 2. Default value ... Marcos M
09:33 PM Feature #14731: Unbound Advanced Settings entry for ``sock-queue-timeout``
suggest changing the description on this to include "Unbound" Jim Thompson
08:27 PM Feature #12522: More GUI options for OpenVPN Client-Specific Overrides
I pushed a clean version for 2.7
Hope it can be reviewed
https://github.com/pfsense/pfsense/pull/4570
Preview link:... Phil Wardt
08:04 PM pfSense Packages Bug #14668: FRR BGP route is not making into kernel route table after WireGuard's peer change is applied
please upgrade pf23.09 and frr 8.5.2 for test yon Liu
07:58 PM pfSense Packages Bug #12951: FRR cannot remove IPv6 routes

https://github.com/FRRouting/frr/issues/14205
23.09-DEVELOPMENT (amd64)
built on Tue Sep 05 05:55:55 UTC 2023... yon Liu
07:57 PM pfSense Docs Todo #14749 (Duplicate): Feedback on pfSense® software Configuration Recipes — Connecting OpenVPN Sites with Conflicting IP Subnets
No need to open new duplicate issues, just reply on the old one. We can reopen if needed.
 Jim Pingle
07:55 PM pfSense Docs Todo #14749 (Duplicate): Feedback on pfSense® software Configuration Recipes — Connecting OpenVPN Sites with Conflicting IP Subnets
*Page:* https://docs.netgate.com/pfsense/en/latest/recipes/openvpn-nat-subnets-conflict.html
*Feedback:*
Please... Joshua Diamant
07:56 PM pfSense Docs Todo #14737: Feedback on pfSense® software Configuration Recipes — Connecting OpenVPN Sites with Conflicting IP Subnets
Those examples are meant to be that way, they are talking about entire subnets, not specific single addresses.
Esp... Jim Pingle
07:53 PM pfSense Docs Todo #14737: Feedback on pfSense® software Configuration Recipes — Connecting OpenVPN Sites with Conflicting IP Subnets
Hi @Jim Pingle - here are some examples
Site 0 - 10.1.1/24
Site 1 - 192.168.0/24 -> 10.10.1/24
Site 2 - 192.168.... Joshua Diamant
07:23 PM pfSense Docs Todo #14737 (Rejected): Feedback on pfSense® software Configuration Recipes — Connecting OpenVPN Sites with Conflicting IP Subnets
I reviewed the examples on that page and the addresses appear to line up properly as far as I can see.
There are t... Jim Pingle
07:51 PM Feature #13377: Option to configure a custom value for the PHP memory limit
Should allow the user to fill in the PHP memory according to the total memory capacity of the server yon Liu
07:39 PM pfSense Packages Bug #14748 (Feedback): FRR reload script is not executed properly
I deleted frr Neighbors through webgui, but it was not deleted in frr.
That is, the deletion operation through pf... yon Liu
07:13 PM pfSense Docs Todo #14656 (Resolved): Feedback on Interface Types and Configuration — LAGG (Link Aggregation)
Info added and deployed:
https://gitlab.netgate.com/docs/pfSense-docs/-/commit/39557bb6ad5049c1b84dfec335612fdc7b7... Jim Pingle
06:36 PM pfSense Docs New Content #14647 (Resolved): Add a note for ixgbe linking at NBase-T
Info added and deployed
https://gitlab.netgate.com/docs/pfSense-docs/-/commit/2923a008b428795aa6651ea95b227ae8a5cb... Jim Pingle
05:12 PM pfSense Packages Bug #14711: pfBlocker ASN to IP Address option doesn't work
For those looking for a workaround for now I found this. Can use it to pull a JSON.
https://github.com/ipverse/asn-ip Hayden Hill
02:12 AM pfSense Packages Bug #14711: pfBlocker ASN to IP Address option doesn't work
I can confirm this is an issue. ASN lookup no longer working for me. Hayden Hill
03:45 PM Regression #14736 (Feedback): Unable to select PFS Group for individual Phase 2 configurations if Mobile Client global override is not selected
Applied in changeset commit:f2031838067f36195c632b210bd903578789c0ef. Jim Pingle
03:37 PM Regression #14736 (In Progress): Unable to select PFS Group for individual Phase 2 configurations if Mobile Client global override is not selected
Jim Pingle
03:30 PM Regression #14500 (Feedback): PHP Error when viewing Traffic Graphs in ``iftop`` mode
Applied in changeset commit:71f360de9043c64a999c6b47003099ee59a5a132. Jim Pingle
03:20 PM Regression #14500 (In Progress): PHP Error when viewing Traffic Graphs in ``iftop`` mode
Jim Pingle
12:43 PM pfSense Plus Bug #14467: Temperature sensor reading is abnormally high on some systems
PCH isn't there on dev snaps because of #14727 Jim Pingle
12:42 PM Bug #14744 (Rejected): Documentation bug: Remote access VPN example
Sounds like both of those points are specific to your config/use case and not as described in the docs exactly. The W... Jim Pingle
12:39 PM Feature #14746: Method for users to customize shell initialization behavior
I thought we already had an open feature request for this but I don't see it.
Rather than trying to accommodate so... Jim Pingle
12:35 PM pfSense Packages Bug #14747 (Needs Patch): softflowd sending same data with different snmp versions
That looks like something specific to the behavior of the daemon which is out of our control (unless there is a CLI/c... Jim Pingle
07:43 AM Bug #13707: Unbound not binding to LAN on startup when explicitly set
Hi,
I now have an SG-2100 with 23.05.1 for the same setup and still the same problem.
Unbound fails to start as I h... robotox sysadmin

09/04/2023

11:36 PM pfSense Packages Bug #14747: softflowd sending same data with different snmp versions
It seems that the problem is related to VLAN interfaces.
I've been doing some tests and if you set softflowd to coll... Marcelo Cury
06:32 PM pfSense Packages Bug #14747: softflowd sending same data with different snmp versions
upstream bug reported:
https://github.com/irino/softflowd/issues/51 Marcelo Cury
06:05 PM pfSense Packages Bug #14747 (Needs Patch): softflowd sending same data with different snmp versions
My environment:
SG-4100 23.05.1, packages up to date and System patches applied.
sotflowd running on LAN, WIFI an... Marcelo Cury
12:40 PM pfSense Packages Feature #14712: CrowdSec package
Hi!
The package is ready for public testing.
Three things to read:
- the short repository readme - https://... Marco Mariani
12:21 PM Feature #14746 (Resolved): Method for users to customize shell initialization behavior
The .tcshrc file is created at every boot from /etc/skel/dot.tcshrc so to make changes persistent that file must be e... Steve Wheeler
05:56 AM pfSense Packages Bug #14745 (New): haproxy: backend, SSL health check
During testing with a backend HTTPS server, I wanted to test if the SSL health check would work; it did not.
So, I d... Stephen Trotter
01:33 AM pfSense Packages Feature #14468: pass along ntopng professional license key
Just an update to say I have now successfully installed NTOPNG Pro version, via console, and licensed it on latest ve... Russ Reynolds

09/03/2023

08:04 PM Bug #14744 (Rejected): Documentation bug: Remote access VPN example
I recently looked at https://docs.netgate.com/pfsense/en/latest/recipes/wireguard-ra.html to set up remote access wit... Chris Gelatt
04:22 AM pfSense Plus Feature #12546: Add 2FA Support to pfSense Plus Local Database Authentication
Redmine created for separate feature request: https://redmine.pfsense.org/issues/14743
 Kris Phillips
04:19 AM pfSense Plus Feature #12546: Add 2FA Support to pfSense Plus Local Database Authentication
jeffrey Smith wrote in #note-4:
> Can we please add support for passkeys into default accounts for pfsense.
>
> A... Kris Phillips
04:21 AM pfSense Plus Feature #14743 (New): Add Passkey/Certificate-based Authentication
pfSense Plus's webConfigurator is currently limited in authentication for local auth, requiring third party implement... Kris Phillips
04:12 AM pfSense Plus Bug #14467: Temperature sensor reading is abnormally high on some systems
This command doesn't appear to work on Cordoba-based platforms, but I believe there is a PCH for the NVME interfaces,... Kris Phillips
03:24 AM Bug #14621 (Resolved): Rule separators are hidden when their index is greater than the number of rules

tested by adding 4 separators and 2 rules ., all rule and separators are displayed.
23.09.a.20230902.0133 Alhusein Zawi

09/02/2023

10:52 PM Bug #14684 (Confirmed): Allowed IP Address does not control incoming speed in captive portal, PF Sense Release 2.7 Latest
Chris W
05:24 PM Bug #14684: Allowed IP Address does not control incoming speed in captive portal, PF Sense Release 2.7 Latest
What I see on both 2.7 and 23.05.1 that applying an upload bandwidth limitation for Allowed IP Addresses has little e... Chris W
08:18 PM Bug #14742 (Resolved): Several PHP errors in upgrade_config.inc
This file still needs to be updated to use the new accessor methods, as several errors are still occurring with certa... Christopher Cope
07:36 PM Feature #13245 (Resolved): Type column on Alias lists

"Type" column is added and it looks good.
23.09.a.20230902.0133 Alhusein Zawi
07:12 PM pfSense Packages Bug #14659: vlan (add/modify/delete) with pfblockerNG installed - all interfaces flap
This is still an issue but I have a feeling it’s related to 14484
Edit any interface will lead to a reconfiguration ... Mike Moore
05:33 PM pfSense Packages Bug #14659: vlan (add/modify/delete) with pfblockerNG installed - all interfaces flap
do you still see this flapping issue after removing or correcting the unresolvable source/destination alias messages ... Jordan G
06:46 PM Feature #3288 (Resolved): Support interface macros in Outbound NAT rules
Alhusein Zawi
03:50 PM Bug #14083: Adding MSS and MTU values on a LAGG VLAN interface breaks connectivity
I seem to also be able to reproduce this behavior using the ix interfaces on cordoba platform to create a LAGG (LACP)... Jordan G
03:41 PM Bug #14741: PHP error in DNS Forwarder host overrides when the language is set to French
can confirm bug using above steps. spot checked various other languages and was unable to find this issue occurring o... Jordan G
11:03 AM Bug #14741: PHP error in DNS Forwarder host overrides when the language is set to French
Can confirm that bug
Tested on ... Lev Prokofev
10:26 AM Bug #14741 (New): PHP error in DNS Forwarder host overrides when the language is set to French
A PHP error occur when a user try to add or modify Host Override in DNS Forwarder module... Nicolas PISTER
07:11 AM pfSense Packages Feature #14629 (Resolved): Add option control LCDProc ``syslog`` behavior
Tested the package version:... Danilo Zrenjanin
02:40 AM Regression #14740 (Resolved): Outbound NAT pool options are hidden when a subnet VIP is selected
Fixed with @1b4cdce8ef452d0d8073b3621ab1a4139cd0dd91@. Marcos M
02:10 AM Regression #14740 (Resolved): Outbound NAT pool options are hidden when a subnet VIP is selected
When an outbound NAT rule contains a subnet VIP as the target address, the pool options should be configurable; curre... Marcos M

09/01/2023

06:23 PM pfSense Packages Regression #14739 (Feedback): PHP error with lightsquid when generating an SSL certificate
Should be fixed in commit @11ed1711e84357241c044c82e7f2be7186375e75@ (https://github.com/pfsense/FreeBSD-ports/commit... Jim Pingle
05:40 PM pfSense Packages Regression #14739 (Resolved): PHP error with lightsquid when generating an SSL certificate
... Marcos M
04:24 PM pfSense Packages Bug #14406 (Feedback): Squid Proxy version 0.4.46 Missing Error subfolder and files for "en" or "en-usa" and all other languages.
I tested this on 23.09 dev snapshots and I'm not able to replicate the issue. The files are in the directory:
{{co... Marcos M
04:20 PM Bug #14738 (Feedback): IPsec restart in CARP event scripts does not check VIP properly and never runs
Applied in changeset commit:fcd5e10a67ac9a67cc7116ea1a314aaea225c699. Jim Pingle
04:10 PM Bug #14738 (Resolved): IPsec restart in CARP event scripts does not check VIP properly and never runs
The IPsec interface VIP check in @rc.carpmaster@ and @rc.carpbackup@ is not checking the VIP presence properly and th... Jim Pingle
02:49 PM pfSense Docs Todo #14737 (Rejected): Feedback on pfSense® software Configuration Recipes — Connecting OpenVPN Sites with Conflicting IP Subnets
*Page:* https://docs.netgate.com/pfsense/en/latest/recipes/openvpn-nat-subnets-conflict.html
*Feedback:*
thro... Joshua Diamant
09:08 AM pfSense Packages Bug #14730: FreeRADIUS package has wrong/old internal_name specified in backup xml causing package reinstall failure on backup restore
Let me try give you more info to reproduce. We have the issue on many devices not just one. We also had this issue on... Luca Piccirillo
07:45 AM Feature #14726 (Resolved): Show IPsec phase 1 authentication type in Mode column of tunnel list
The patch has been applied successfully, and after reviewing the changes, they look great and useful.
!clipboard-20... Danilo Zrenjanin
06:54 AM pfSense Packages Bug #14733: CARP Master before HA Proxy is started
Hi Jim,
Thanks for the quick response and suggestion. Changing the WebUI port makes sense to get rid of the confli... Christopher de Haas
06:48 AM pfSense Packages Bug #13405: Wireguard: The webgui becomes excessively slow to respond with a large number of peers
I can also confirm this, but its happening to me with only some Peers (exactly, 4 tunnels, about 10 peers in total) I... David Martin
06:26 AM Regression #14735 (Confirmed): ``arp`` command is not filtering output as expected, behavior changed in FreeBSD
Ok. I replicated the issue on:... Danilo Zrenjanin

08/31/2023

08:25 PM Feature #14047 (Feedback): Options to control Intel Speed Shift
Applied in changeset commit:93f8b28797a2b618f96589c916128019231f027e. Jim Pingle
06:45 PM Regression #14736 (Confirmed): Unable to select PFS Group for individual Phase 2 configurations if Mobile Client global override is not selected
I saw that the other day as well but hadn't got around to trying it again or creating a redmine. Probably some logic ... Jim Pingle
06:35 PM Regression #14736 (Resolved): Unable to select PFS Group for individual Phase 2 configurations if Mobile Client global override is not selected
In the currently nightly snapshot, I'm unable to select a PFS group for an individual Phase 2 configuration unless th... Kev Kitchens
05:37 PM Regression #14719 (Resolved): IPv4+IPv6 outbound NAT rule expands to invalid rule set
After applying the patch, the same rule set loads without any issues.... Danilo Zrenjanin
05:32 PM Regression #14719 (Confirmed): IPv4+IPv6 outbound NAT rule expands to invalid rule set
I can confirm this behavior on the:... Danilo Zrenjanin
05:21 PM Regression #14735: ``arp`` command is not filtering output as expected, behavior changed in FreeBSD
Seems to be a regression on 23.09 Christian McDonald
05:20 PM Regression #14735: ``arp`` command is not filtering output as expected, behavior changed in FreeBSD
I couldn't reproduce it on 23.05.1
!clipboard-202308311919-cliyy.png!
It pulled the MAC address from my MacOS inter... Danilo Zrenjanin
03:15 PM Regression #14735 (Resolved): ``arp`` command is not filtering output as expected, behavior changed in FreeBSD
Christian McDonald
05:16 PM pfSense Packages Bug #14406: Squid Proxy version 0.4.46 Missing Error subfolder and files for "en" or "en-usa" and all other languages.
"2Amos Jeffries 2023-08-29 18:26:02 UTC
AFAICT "0.4.46" is the version number of the pfsense plugin used to integra... Jonathan Lee
02:43 PM pfSense Packages Bug #14733 (Not a Bug): CARP Master before HA Proxy is started
Sounds like you have something misconfigured. You are trying to bind two things to the same port on the same address ... Jim Pingle
11:09 AM pfSense Packages Bug #14733 (Not a Bug): CARP Master before HA Proxy is started
Pfsense becomes CARP master before HA proxy is started. This is a significant problem and causes unneeded outages. Wh... Christopher de Haas
02:02 PM Bug #14734: Alias FQDN resolving issue results in incomplete tables
btw, might be related to https://redmine.pfsense.org/issues/9296 Robert Gijsen
01:59 PM Bug #14734 (New): Alias FQDN resolving issue results in incomplete tables
In CE 2.7.0, there are still issues when FQDN are used in aliasses. Vonsider an alias with 3 entries, 2 static IP's a... Robert Gijsen
09:21 AM Bug #14394 (Resolved): PHP error in CSRF Magic from invalid time value
The issue occurred only once on a customer's appliance and has not been reported by anyone else yet.
The patch min... Danilo Zrenjanin
09:02 AM pfSense Packages Bug #14730: FreeRADIUS package has wrong/old internal_name specified in backup xml causing package reinstall failure on backup restore
Just checked on pfSense 2.7.0
Backup version is the same as yours.
internal_name is still there as before.
Not sure ... Luca Piccirillo
06:41 AM pfSense Packages Bug #14730: FreeRADIUS package has wrong/old internal_name specified in backup xml causing package reinstall failure on backup restore
I couldn't reproduce this issue on the:... Danilo Zrenjanin
07:24 AM pfSense Packages Bug #14670 (Resolved): net-snmp does not ignore /var/unbound/dev
The latest release 0.1.5_11 contains the ignoreDisk directive for /var/unbound/dev ... Danilo Zrenjanin
06:39 AM pfSense Plus Feature #11920: SAML Authentication for pfSense (VPN and webConfigurator)
Have been told in https://forum.netgate.com/topic/182512/login-security-phishing-resistant-mfa/ that this was discuss... jeffrey Smith
01:20 AM Bug #12938 (Pull Request Review): Incorrect warning from ``radvd`` about ``AdvRDNSSLifetime`` value
The warning can be ignored. It is shown due to the current radvd version not taking RFC8106 into account. A fix has b... Marcos M

08/30/2023

09:01 PM pfSense Packages Bug #14108: Antivirus Bases showing outdated main.cvd with a version dated year 2021
Also confirmed via Andrew C. Aitchison of ClamAV users support email system.
"It is a very big file and stores the... Jonathan Lee
07:47 PM Feature #14047 (In Progress): Options to control Intel Speed Shift
Jim Pingle
07:07 PM Todo #14732 (Resolved): Update Unbound to 1.18.0
Christian McDonald
06:15 PM Feature #14731 (Waiting on Merge): Unbound Advanced Settings entry for ``sock-queue-timeout``
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/1068 Marcos M
06:10 PM Feature #14731 (Resolved): Unbound Advanced Settings entry for ``sock-queue-timeout``
@sock-queue-timeout@ was introduced in unbound 1.18.0.
https://unbound.docs.nlnetlabs.nl/en/latest/manpages/unboun... Marcos M
05:34 PM Bug #13555: When WAN is lost, ipv6 interface will not renew upon WAN availability
Happened again early hours of the morning for me. VZ carried out a brief interruption to service, v4 lease comes back... quiet lion
04:53 PM pfSense Plus Feature #12546: Add 2FA Support to pfSense Plus Local Database Authentication
Can we please add support for passkeys into default accounts for pfsense.
Apple and Microsoft are adding native su... jeffrey Smith
04:30 PM Bug #11548 (Closed): "rule expands to no valid combination" error from port forward automatic rule mixing IPv4 and IPv6 elements
It doesn't seem possible for a rule that causes this error to be added in the GUI since input validation would catch ... Marcos M
02:12 PM pfSense Packages Feature #8547: fwknop Port Knocking Package
I'm willing to chip in, help code this myself or hire someone to develop this. Either way I'd like to see this packa... Alan V
02:09 PM pfSense Packages Feature #8547: fwknop Port Knocking Package
I really want to see this as well. I'll explain why people want fwknop or at the minimum knockd support...
Fwknop... Alan V
12:49 PM pfSense Packages Bug #14722 (Duplicate): Snort Rule Update time settings does not create cron job correctly with certain times
Jim Pingle
12:49 PM pfSense Packages Bug #14724 (Resolved): Suricata package incorrectly accounts for 24-hour rollover when creating automated rules update cron task and a 12-hour update interval is selected
PR merged, thanks! Jim Pingle
12:49 PM pfSense Packages Bug #14723 (Resolved): Snort package incorrectly handles rollover from 23 to 00 hours when calculating rules update cron task times
PR merged, thanks! Jim Pingle
11:14 AM pfSense Packages Bug #14730 (New): FreeRADIUS package has wrong/old internal_name specified in backup xml causing package reinstall failure on backup restore
When backing up with package info included:... Luca Piccirillo

08/29/2023

10:57 PM Bug #13555: When WAN is lost, ipv6 interface will not renew upon WAN availability
I am on 23.09.a.20230826.1731...
Just did some more captures and am not seeing any solicitations or any other rand... Mike McV
10:19 PM Bug #13555: When WAN is lost, ipv6 interface will not renew upon WAN availability
Perhaps it's related to / caused by #13423. If possible, try testing it on 23.09 dev snapshots. Marcos M
07:59 PM Bug #13555: When WAN is lost, ipv6 interface will not renew upon WAN availability
I have the same issue and have spent some time looking in to it. It looks to be more related to RADVD/NDP than DHCP6.... Mike McV
10:30 PM Bug #14725 (Feedback): Primary IPv6 interface address may be incorrect when a ULA is set
Applied in changeset commit:35b6dbe65cdff7d96008554ffafdd1b047b3f3fc. Marcos M
03:09 PM Bug #14725 (Pull Request Review): Primary IPv6 interface address may be incorrect when a ULA is set
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/1067 Marcos M
07:41 PM pfSense Packages Bug #14108 (Rejected): Antivirus Bases showing outdated main.cvd with a version dated year 2021
2021 is the most recent main.cvd/main.cld file from ClamAV directly. The daily file gets updated more regularly.
F... Jim Pingle
06:40 PM pfSense Packages Bug #14108: Antivirus Bases showing outdated main.cvd with a version dated year 2021
From Squid and indirectly also c-icap upstream(s):
Neither Squid nor c-icap have anything to do with the ClamAV dat... Amos Jeffries
06:31 AM pfSense Packages Bug #14108: Antivirus Bases showing outdated main.cvd with a version dated year 2021
https://bugs.squid-cache.org/show_bug.cgi?id=5297
Bug zilla ticket also open for Squid side for more visibility of... Jonathan Lee
05:41 PM pfSense Docs New Content #14647: Add a note for ixgbe linking at NBase-T
Confirmed as working on an X550-T: https://forum.netgate.com/post/1122962 Steve Wheeler
03:43 PM Regression #14727: PCH Temperature missing from Thermal Sensors
Looks like we had @pchtherm.ko@ on the previous release but it's not in current builds. Jim Pingle
02:34 AM Regression #14727 (Resolved): PCH Temperature missing from Thermal Sensors
PCH temperature was present in 23.05 and probably introduced in that version. Ted Quade
03:21 PM Bug #14717: A default route can remain after setting the default gateway to None
!https://i.imgur.com/QAReNOq.jpg!
!https://i.imgur.com/XIMRavl.jpg! yon Liu
02:40 PM Regression #14719 (Feedback): IPv4+IPv6 outbound NAT rule expands to invalid rule set
Applied in changeset commit:3ac7816f637b54cb4fb958fa0a439c147e13baff. Marcos M
01:54 PM pfSense Packages Feature #14729 (New): OpenVPN Client Export - Support PLAP on Windows
OpenVPN 2.6 for Windows introduced support for PLAP (Pre-Logon Access Provider). With this support, users get a new i... Pablo Bendersky
06:36 AM pfSense Packages Bug #14341: Squid Cache Table Logs Showing incorrect date
https://bugs.squid-cache.org/show_bug.cgi?id=5298
Added to bugzilla for Squid for more support visibility Jonathan Lee
06:21 AM pfSense Packages Bug #14406: Squid Proxy version 0.4.46 Missing Error subfolder and files for "en" or "en-usa" and all other languages.
https://bugs.squid-cache.org/show_bug.cgi?id=5296
Bugzilla Squid ticket now open for more Squid support visibility. Jonathan Lee
03:25 AM Feature #14728 (Resolved): Support for CD/DVD drives in the External Configuration Locator (ECL)
In the Hyper-V environment, there's an observed behavior where pfSense does not appear to search for ... Tanner H

08/28/2023

07:55 PM Feature #14726 (Feedback): Show IPsec phase 1 authentication type in Mode column of tunnel list
Applied in changeset commit:52c5417c4b38477b8a835c997f815b52089da5d0. Jim Pingle
07:45 PM Feature #14726 (Resolved): Show IPsec phase 1 authentication type in Mode column of tunnel list
IKEv2 is much more common than IKEv1 these days so the "Mode" column is nearly always blank since it's irrelevant to ... Jim Pingle
06:52 PM Bug #14725 (In Progress): Primary IPv6 interface address may be incorrect when a ULA is set
Marcos M
06:11 PM Bug #14725 (Resolved): Primary IPv6 interface address may be incorrect when a ULA is set
The previous behavior of using the first IPv6 non-LL address as the primary interface address was restored with https... Marcos M
05:50 PM Regression #14719 (Pull Request Review): IPv4+IPv6 outbound NAT rule expands to invalid rule set
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/1066 Marcos M
04:10 PM Regression #14719 (In Progress): IPv4+IPv6 outbound NAT rule expands to invalid rule set
Marcos M
03:14 PM Regression #14719: IPv4+IPv6 outbound NAT rule expands to invalid rule set
Not specific to Plus.
Probably related to #3288 or other recent changes in that area by Marcos. Jim Pingle
05:15 PM pfSense Packages Bug #14722: Snort Rule Update time settings does not create cron job correctly with certain times
This is a duplicate of bug 14723. My report of the user-identified issue and the acutal user's report of the same iss... Bill Meeks
04:37 PM pfSense Packages Bug #14722 (Duplicate): Snort Rule Update time settings does not create cron job correctly with certain times
What happens is that when a combination of update interval and hour is set that adds up to 24, the script that create... Benjamin McRobert
05:13 PM pfSense Packages Bug #14724: Suricata package incorrectly accounts for 24-hour rollover when creating automated rules update cron task and a 12-hour update interval is selected
Pull Request 1289 (https://github.com/pfsense/FreeBSD-ports/pull/1289) has been submitted to correct this issue. This... Bill Meeks
04:44 PM pfSense Packages Bug #14724 (Resolved): Suricata package incorrectly accounts for 24-hour rollover when creating automated rules update cron task and a 12-hour update interval is selected
The Suricata package GUI incorrectly adjusts the starting hour for the automated rules update cron task when the user... Bill Meeks
05:12 PM pfSense Packages Bug #14723: Snort package incorrectly handles rollover from 23 to 00 hours when calculating rules update cron task times
Pull Request 1288 (https://github.com/pfsense/FreeBSD-ports/pull/1288) has been submitted to resolve this issue.
T... Bill Meeks
04:38 PM pfSense Packages Bug #14723 (Resolved): Snort package incorrectly handles rollover from 23 to 00 hours when calculating rules update cron task times
The Snort package incorrectly adjusts the rollover from 23:xx hours to 00:xx hours when creating the cron task for au... Bill Meeks
04:01 PM pfSense Packages Bug #13432: ups driver will not start
I started having similar issue after upgrade to 2.7.0 (was working before)
got notices and saw "upsmon" giving "fail... Tom Bauer
01:02 PM pfSense Packages Bug #14426 (Resolved): PHP errors in Lightsquid
The PR was merged. Jim Pingle
12:31 PM Todo #14011: Update memory graphs to account for changes in memory reporting
It's already correct in the repository and has been since March, you maybe accidentally reverted that change at some ... Jim Pingle
12:26 PM Regression #14635 (Resolved): "Legacy" strength PKCS#12 Export needs ``-legacy`` provider parameter on OpenSSL command
Looks good. When it failed it produced no file to download for the 'legacy' option at all, not even a 0-byte file.
 Jim Pingle
12:24 PM pfSense Plus Bug #14720 (Duplicate): Traffic Graph Does Not Update For OpenVPN Interface When DCO Is Enabled
Seems like a duplicate of #14531
It's known/expected that in some cases DCO can't get traffic stats. Jim Pingle
12:23 PM Feature #13124 (Resolved): Option to wait for interface selection before displaying firewall rules
Jim Pingle
12:22 PM Todo #14686 (Resolved): Check for deprecated OpenVPN encryption and digest options on upgrade
The list of current algorithms is pulled dynamically from OpenVPN/OpenSSL, so if it's in the list on a current snapsh... Jim Pingle
12:21 PM Regression #14713 (Resolved): Mobile IPsec not allocating address to connecting clients on dev snapshots
Jim Pingle
12:18 PM pfSense Plus Bug #14721 (Rejected): disable / enable interface
There are very few details here and I don't see anything unexpected in that log, it's restarting things that use the ... Jim Pingle
11:39 AM pfSense Plus Bug #14721 (Rejected): disable / enable interface
when disable / enable gre interface, flap all other interface. Evgeny Korostelev
12:07 PM Bug #13729 (Resolved): Gateways stuck in Unknown status
Tested on several pfSense versions: 21.02_2, 22.05, 23.05_1 and 2.7
I was able to reproduce this issue on 21.02_2.
W... Azamat Khakimyanov
06:44 AM Bug #9296: Alias content is sometimes incomplete when an alias contains both FQDN and IP address entries
Unfortunately, the exact thing happened again in 2.7.0 for us over the weekend. We use an external spamfilter where m... Robert Gijsen

08/27/2023

11:31 PM Todo #14011: Update memory graphs to account for changes in memory reporting
Hello I wanted to give a heads up for 23.09.
I had to reapply this with 23.05 the error came back.
Jim sent t... Jonathan Lee
08:20 PM Regression #14635: "Legacy" strength PKCS#12 Export needs ``-legacy`` provider parameter on OpenSSL command

% openssl pkcs12 -legacy -info -in HA+OpenVPN+Server-Legacy.p12
MAC Iteration 2048
MAC verified OK
PKCS7 Encrypted d... Chris Linstruth
06:29 PM pfSense Plus Bug #14720 (Duplicate): Traffic Graph Does Not Update For OpenVPN Interface When DCO Is Enabled
Related forum thread:
https://forum.netgate.com/topic/182465/traffic-from-openvpn-interface-not-updating-on-traffi... Timo M
05:30 PM Bug #12959: dhcplease process wrongly update host file if client-hostname is empty
I wasn't able to reproduce it on 2.5 or 2.6 or 2.7
When I enabled 'don't send hostname' option on my Ubuntu PCs, a... Azamat Khakimyanov
03:36 PM Bug #12849: pfsync kernel crash on reboot
Backtrace for those searching redmine:... Steve Wheeler
03:03 PM Feature #13124: Option to wait for interface selection before displaying firewall rules
Tested on:
23.09-DEVELOPMENT (amd64)
built on Sat Aug 26 17:37:15 UTC 2023
FreeBSD 14.0-ALPHA2
Looks good. Chris Linstruth
12:35 PM Regression #14719 (Resolved): IPv4+IPv6 outbound NAT rule expands to invalid rule set
A misconfigured outbound NAT rule that used to load now stops pf from loading the rule set.
First seen on:
23.09-... Chris Linstruth
08:05 AM pfSense Packages Feature #9916 (Resolved): Check allow-transfer in custom option when the zone is slave
Tested on 23.05_1
Allow-transfer option check was added and there wasn't any bind error if I add this option into Cu... Azamat Khakimyanov
05:21 AM pfSense Packages Feature #14710: Possible Idea for new firewall feature "ACL CONNECTED RED LED FLAG FEATURE"

Different way to iterate the variable for multiple cases
You can also use the the case command to iterate over t... Jonathan Lee
02:25 AM Feature #13377: Option to configure a custom value for the PHP memory limit
Chris W wrote in #note-19:
> Systems with 1GB or less of RAM show a negative number as the hinted maximum adjusted va... Christopher Cope
12:53 AM Feature #13377: Option to configure a custom value for the PHP memory limit
Systems with 1GB or less of RAM show a negative number as the hinted maximum adjusted value. The screenshot is taken ... Chris W
12:05 AM Feature #13377: Option to configure a custom value for the PHP memory limit
Tested on... Christopher Cope
01:15 AM Feature #3288: Support interface macros in Outbound NAT rules

source/destination (of outbound NAT) show predefined subnets (LAN/WAN)
23.09.a.20230825.1302
 Alhusein Zawi
12:06 AM Todo #14686: Check for deprecated OpenVPN encryption and digest options on upgrade
I used the wizard to make an OpenVPN server in 23.05, then manually:
- Confirmed all the algorithm choices listed ab... Chris W

08/26/2023

11:57 PM pfSense Packages Regression #13817: pfBlockerNG-devel cron jobs persist after the service is disabled or the package is uninstalled
on 23.05.1 and pfB 3.2.0_6 after working through getting the package to uninstall successfully (see https://redmine.p... Jordan G
11:47 PM pfSense Packages Bug #14572: Unused DNSBL files may not be removed
Kris Phillips wrote in #note-1:
> Hello,
>
> Is this with the devel or stable branch of pfBlockerNG?
devel and... Jordan G
11:03 PM pfSense Packages Bug #14287: pfBlockerNG does not uninstall cleanly when using RAM disks
This is still happening with pfBlockerNG 3.2.0_6. I believe I've found a workaround for this after chasing a few of t... Jordan G
07:06 PM Bug #14708: PHP error when the system fails to create an interface
I tried to reproduce it on a seperate interface, but did not encounter the same error.
So it must be related to m... Diana Moore
02:49 PM Bug #14708: PHP error when the system fails to create an interface
I am unable to reproduce this on 23.05.1. I created an interface using 6to4 and then another using 6rd without error.... Christopher Cope
06:29 PM pfSense Plus Bug #14682 (Resolved): DCO OpenVPN server bound to Localhost does not pass traffic as expected
Tested against:... Danilo Zrenjanin
08:08 AM pfSense Plus Bug #14682: DCO OpenVPN server bound to Localhost does not pass traffic as expected
Tested on
... Lev Prokofev
03:56 PM Regression #14698 (Resolved): TLS Cert Warning Message Present on First Start
No certificate warning before or after the Wizard on first boot using build
23.09-DEVELOPMENT (amd64)
built on Sa... Chris W
12:11 PM Bug #14637 (Resolved): PHP shell script ``pfanchordrill`` shows duplicate anchor content
The patch fixes it.
I am marking the ticket resolved. Danilo Zrenjanin
11:01 AM Regression #14713: Mobile IPsec not allocating address to connecting clients on dev snapshots
Fixed for me. Thanks. Vladimir Suhhanov
07:08 AM pfSense Packages Bug #14711 (Confirmed): pfBlocker ASN to IP Address option doesn't work
Tested on pfBlocker 3.2.0_6
It failed to load list.... Lev Prokofev
07:06 AM pfSense Packages Bug #14718 (New): pfBlocker DNSBL IPs list action is wrongly named
!clipboard-202308260857-oz2vd.png!
Under *Firewall/pfBlockerNG/DNSBL* there is *DNSBL IPs* section.
The *Alias ... Danilo Zrenjanin
03:01 AM Bug #14717: A default route can remain after setting the default gateway to None
Hello,
Can you please provide some screenshots of what you're expecting versus what you're seeing? I'm not unders... Kris Phillips
12:19 AM pfSense Packages Feature #14710: Possible Idea for new firewall feature "ACL CONNECTED RED LED FLAG FEATURE"
Non standard colours also
@#!/bin/sh
pfctl -vvss | grep ', rule 79' >/dev/null
res=$?
if [ $res = 0 ];
then
... Jonathan Lee

08/25/2023

08:56 PM pfSense Packages Bug #14426 (Pull Request Review): PHP errors in Lightsquid
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/353 Marcos M
08:10 PM pfSense Packages Regression #13984 (Resolved): PHP errors with squid
Marcos M
08:04 PM Bug #14717 (Resolved): A default route can remain after setting the default gateway to None
pfsense v23.05.01 Always automatically set static default ipv6 to pppoe wan.because i have run frr ipv6 bgp, when i h... yon Liu
05:41 PM pfSense Docs Correction #14639 (Resolved): Multiple email address notification
Note added and deployed.
https://gitlab.netgate.com/docs/pfSense-docs/-/commit/f2f85861b0ccd82cd19d9b4f72c17cf2be6... Jim Pingle
05:30 PM pfSense Docs Todo #14716 (Resolved): Update the squid help link URL
Fixed. There were several that were wrong.
https://gitlab.netgate.com/docs/pfSense-docs/-/commit/2d75de5525ca68375... Jim Pingle
04:24 PM pfSense Docs Todo #14716 (Resolved): Update the squid help link URL
The squid package help link (@help.php?page=squid.xml@) redirects to an unrelated page:
https://docs.netgate.com/pfs... Marcos M
04:43 PM Regression #14709 (Resolved): Patch to disable procctl in pkg is missing
Patch is restored Christian McDonald
12:09 AM Regression #14709 (Resolved): Patch to disable procctl in pkg is missing
The patch to remove procctl in pkg is missing. This is needed to prevent child processes being killed which is used i... Marcos M
04:19 PM pfSense Docs Todo #14658 (Resolved): Update firewall/NAT rule source/destination field references
https://gitlab.netgate.com/docs/pfSense-docs/-/merge_requests/59 Marcos M
04:13 PM pfSense Packages Bug #14714: HAProxy Agent Check
Bug No 2 is now described in Bug #14715 Jacques Bourdeau
03:56 PM pfSense Packages Bug #14714: HAProxy Agent Check
Jacques Bourdeau wrote in #note-2:
> Jim Pingle wrote in #note-1:
> > Please create a separate issue entry for each... Jim Pingle
03:46 PM pfSense Packages Bug #14714: HAProxy Agent Check
Jim Pingle wrote in #note-1:
> Please create a separate issue entry for each problem, even if they appear to be rela... Jacques Bourdeau
03:21 PM pfSense Packages Bug #14714: HAProxy Agent Check
Please create a separate issue entry for each problem, even if they appear to be related.
 Jim Pingle
03:03 PM pfSense Packages Bug #14714 (New): HAProxy Agent Check
For my load balancing, I ended up needing to use Agent-based checks in HAProxy.
I configured it in my pfSense+ (23... Jacques Bourdeau
04:06 PM pfSense Packages Bug #14715 (New): HAProxy Agent-Check are not enabled in the config despite being checked in the UI
Related to Bug #14714 which also does not populate the config file properly for agent-check based monitoring in HAPro... Jacques Bourdeau
04:01 PM pfSense Packages Feature #14710: Possible Idea for new firewall feature "ACL CONNECTED RED LED FLAG FEATURE"
If anyone knows of a more efficient want to poll the state table, please let me know.
Have a good day Jonathan Lee
03:59 PM pfSense Packages Feature #14710: Possible Idea for new firewall feature "ACL CONNECTED RED LED FLAG FEATURE"
Here is a photo of testing with the three LEDs enabled when rule 79 went active.
Does the state table counters als... Jonathan Lee
03:49 PM pfSense Packages Feature #14710: Possible Idea for new firewall feature "ACL CONNECTED RED LED FLAG FEATURE"
I wonder if there is another way to do it maybe with the active state tables counters. Thanks for looking into this i... Jonathan Lee
03:27 PM pfSense Packages Feature #14710: Possible Idea for new firewall feature "ACL CONNECTED RED LED FLAG FEATURE"
I don't see anything like that being added to the base system, but maybe someone might design a package around it.
... Jim Pingle
04:54 AM pfSense Packages Feature #14710: Possible Idea for new firewall feature "ACL CONNECTED RED LED FLAG FEATURE"
Side note, I recently learned "The Air force one Executive Phone has a light on the back that lights up red when secu... Jonathan Lee
02:03 AM pfSense Packages Feature #14710: Possible Idea for new firewall feature "ACL CONNECTED RED LED FLAG FEATURE"
pfctl -vvss| grep '192.168.1.11' would work great too as it would be IP address based not rule based
also
pfctl -vv... Jonathan Lee
01:26 AM pfSense Packages Feature #14710: Possible Idea for new firewall feature "ACL CONNECTED RED LED FLAG FEATURE"
The capability is you can take any rule ID you have that establishes a connection and you could configure it to be us... Jonathan Lee
01:12 AM pfSense Packages Feature #14710 (New): Possible Idea for new firewall feature "ACL CONNECTED RED LED FLAG FEATURE"
Hello fellow Netgate pfSense Redmine community members,
I wanted to share this with you all to see if this is any... Jonathan Lee
02:37 PM Bug #14613: Incorrect wireguard control panel status management
You can only enable wiregtuard by starting it in the web gui.
After starting with the script /usr/local/bin/php_wg -... hao zhang
02:07 PM Bug #14613: Incorrect wireguard control panel status management
After running
/usr/local/bin/php_wg -f /usr/local/pkg/wireguard/includes/wg_service.inc stop
fstat shows that /var... hao zhang
02:06 PM Bug #14613: Incorrect wireguard control panel status management
I checked /var/run/wireguardd.pid before rebooting and it was 22536.
After that I rebooted the pfsense.
After reboo... hao zhang
12:58 PM Bug #14613: Incorrect wireguard control panel status management
I do it manually with ssh
/usr/local/bin/php_wg -f /usr/local/pkg/wireguard/includes/wg_service.inc stop
then web... hao zhang
12:40 PM Bug #14613: Incorrect wireguard control panel status management
I reinstalled pfsense and ran into this problem again
I have 3 tunnel, 5 peers and each tunnel is assigned interface... hao zhang
02:37 PM Bug #14691 (Resolved): Separators get shifted when copying firewall rules between interfaces
Tested against:... Danilo Zrenjanin
01:35 PM Regression #14713 (Feedback): Mobile IPsec not allocating address to connecting clients on dev snapshots
Applied in changeset commit:ceea1bd07b25ecb3061f3eda1a5137d2ead8311d. Jim Pingle
01:28 PM Regression #14713: Mobile IPsec not allocating address to connecting clients on dev snapshots
This regressed in a recent rector refactoring ( commit:264198a5a69c0ea45726ccb4c0682f1f0cd5e8a9 ), some references to... Jim Pingle
12:43 PM Regression #14713 (Resolved): Mobile IPsec not allocating address to connecting clients on dev snapshots
This regressed since the previous release at some point. Mobile client attempts to connect but is unable to obtain an... Jim Pingle
01:17 PM pfSense Packages Feature #14712: CrowdSec package
e ok wrote:
> I think is not necessary another IPS, but I leave here If something consider that is more robust or go... Marco Mariani
12:32 PM pfSense Packages Feature #14712 (New): CrowdSec package
I think is not necessary another IPS, but I leave here If something consider that is more robust or good tan Snort or... e ok
06:58 AM Regression #14569 (Feedback): ``bnxt(4)`` driver errors
I've cherry-picked the upstream fixes (see https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=269133) into our branche... Kristof Provost
06:30 AM pfSense Packages Bug #14711 (Resolved): pfBlocker ASN to IP Address option doesn't work
pfBlocker relies on Team Cymru IP to ASN Lookup v1.0 to get the list of prefixes for the defined ASN. But it seems th... Danilo Zrenjanin
06:12 AM pfSense Packages Bug #12822 (Confirmed): IPv4 Source ASN format not working
I have tried to define the ASN format and it appears that it is still not working consistently. Occasionally, it does... Danilo Zrenjanin

08/24/2023

11:39 PM Bug #14707 (Rejected): Fresh installation with a bug.
That's a hardware/driver issue with your @dc@ based NIC. Given the age of that hardware and the fact that it's only 1... Jim Pingle
10:45 PM Bug #14707 (Rejected): Fresh installation with a bug.
Hi, I made a fresh installation and get a bug/error. Attached the dumps for your future analyst if you consider neces... e ok
11:35 PM Bug #14708 (Resolved): PHP error when the system fails to create an interface
When enabling 6rd while 6to4 is enabled on another interface the web ui will throw an error of @Uncaught TypeError: p... Diana Moore
07:03 PM Bug #14432 (Feedback): PHP error when failing to write ``config.cache``
This should be fixed by commit:596a88fa42f0ac77bd2fc2be87b54457df11f64b Jim Pingle
07:00 PM Feature #14337: Allow SMTP notifications from non-root processes
With the changes I just pushed, I get working SMTP notifications from NUT as well as other users. No duplicates/loops... Jim Pingle
06:50 PM Feature #14337 (Feedback): Allow SMTP notifications from non-root processes
Applied in changeset commit:596a88fa42f0ac77bd2fc2be87b54457df11f64b. Jim Pingle
02:29 PM pfSense Packages Feature #14706 (New): Add Cloudflare tunnel pkg
Hello everybody,
I've been using Cloudflare tunnel for more than an year as I'm now behind CGNAT so no more open p... Vlad Saftoiu
01:42 PM Bug #14691: Separators get shifted when copying firewall rules between interfaces
That result indicates a patch is missing. The fix is in the latest build (20230824-0600) - try it there. Marcos M
07:39 AM Bug #14691: Separators get shifted when copying firewall rules between interfaces
After applying the patch, I made the following observations:
h3. Before copying:
Rules on source interface (L... Danilo Zrenjanin
12:50 PM Regression #14690 (Resolved): Creating or duplicating an IPsec P1 entry does not increment the IKE ID
Jim Pingle
05:24 AM Regression #14690: Creating or duplicating an IPsec P1 entry does not increment the IKE ID
Tested on ... Lev Prokofev

08/23/2023

11:32 PM Bug #14619: Rule separators are ordered incorrectly after removing rules in certain positions
Side note:
I have also seen this behavior carrying into layer 2 Ethernet filtering rules.
Photos inside duplicat... Jonathan Lee
10:54 PM pfSense Plus Bug #14705: Changes in Ethernet ruleset can lead to incorrect rule and separator order
I was not able to replicate it (including with Ethernet rules, etc). If you can replicate this on a default install/c... Marcos M
10:21 PM pfSense Plus Bug #14705: Changes in Ethernet ruleset can lead to incorrect rule and separator order
Thanks for looking into this. I am not changing the firewall configuration only the firewall rule when this occurs. L... Jonathan Lee
10:00 PM pfSense Plus Bug #14705 (Rejected): Changes in Ethernet ruleset can lead to incorrect rule and separator order
I can only replicate this if I change the config while editing a rule. This is known behavior that is due to the inde... Marcos M
05:28 PM pfSense Plus Bug #14705: Changes in Ethernet ruleset can lead to incorrect rule and separator order
For mine the rules are randomizing. I have some rules that jump to the middle and or end of the rule list. Jonathan Lee
05:21 PM pfSense Plus Bug #14705 (Duplicate): Changes in Ethernet ruleset can lead to incorrect rule and separator order
Most likely a duplicate of #14691 or #14619 Jim Pingle
05:16 PM pfSense Plus Bug #14705 (Closed): Changes in Ethernet ruleset can lead to incorrect rule and separator order
Hello fellow pfSense Redmine community members,
I noticed after the recent software update to 23.05.1 that issues ... Jonathan Lee
09:45 PM Regression #14623 (Feedback): Primary interface address is incorrectly set to the last address on the interface
Applied in changeset commit:baa612e555ba48e1961f03ac54e8f93b078aff48. Marcos M
07:05 PM Regression #14623 (Pull Request Review): Primary interface address is incorrectly set to the last address on the interface
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/1064 Marcos M
08:55 PM Bug #14691 (Feedback): Separators get shifted when copying firewall rules between interfaces
Applied in changeset commit:26b97b650457ba98360b5648dd801fd0adb567a5. Marcos M
08:45 PM Bug #14691 (In Progress): Separators get shifted when copying firewall rules between interfaces
The behavior of the rule being placed on top when being copied only happens when e.g. copying the last rule of LAN to... Marcos M
06:40 PM Bug #14691 (Feedback): Separators get shifted when copying firewall rules between interfaces
Applied in changeset commit:abc8192b1028f48bb768ffb6727bed4d05adae7f. Marcos M
06:10 PM Bug #14691: Separators get shifted when copying firewall rules between interfaces
Tested against:... Danilo Zrenjanin
08:04 PM Feature #14337: Allow SMTP notifications from non-root processes
Thanks Jim Denny Page
07:57 PM Feature #14337 (In Progress): Allow SMTP notifications from non-root processes
I have an alternate idea on how to fix this and (hopefully) also preserve the duplicate message suppression. There is... Jim Pingle
06:11 PM Feature #13784 (Rejected): Option to completely block MAC addresses in Captive Portal
Now that L2 filtering is possible in the GUI (see #14308), this is no longer needed. Below is the diff for this MR fo... Marcos M
05:18 PM pfSense Packages Bug #14704 (Duplicate): FRR BGP Neighbor configuration page no longer displays BFD Peer(s) in the BFD section
Duplicate of #14654
It's already fixed in the most recent version of the package. Jim Pingle
05:10 PM pfSense Packages Bug #14704 (Duplicate): FRR BGP Neighbor configuration page no longer displays BFD Peer(s) in the BFD section
Hello,
I can no longer select a BFD Peer when creating a FRR BGP neighbor.
As an example.
I have two (2) BFD... Michael Mercier
04:44 PM Bug #13903 (Feedback): PPPoE Server address input validation is incorrectly allowing IPv6
Fixed by commit:9d0cd39f3be509ca0fd46119777bedd1954802c4 (typo'd the issue ID on there) Jim Pingle
03:48 PM Bug #13903 (In Progress): PPPoE Server address input validation is incorrectly allowing IPv6
Looks like it should be IPv4 only so I've fixed the input validation to restrict it to IPv4
I also corrected a mis... Jim Pingle
04:40 PM Bug #14392 (Feedback): ``find_interface_ipv6_ll()`` can return a VIP instead of the interface address
Applied in changeset commit:5df71c77b6b03a30b8f6425da331a892eb9876ad. Jim Pingle
03:40 PM Bug #14394 (Feedback): PHP error in CSRF Magic from invalid time value
Applied in changeset commit:1a57545864783b3acc5f28d166a79bd92a849759. Jim Pingle
03:10 PM Bug #14394 (In Progress): PHP error in CSRF Magic from invalid time value
Jim Pingle
03:00 PM Bug #13218 (Feedback): GIF-based interface MTU is assigned to parent interface on boot when parent interface is a LAGG
Applied in changeset commit:14beb636e4ca286c011398a30fd818f15c83eb7e. Jim Pingle
02:40 PM Bug #13218 (In Progress): GIF-based interface MTU is assigned to parent interface on boot when parent interface is a LAGG
PR has conflicts (and some logic issues, and outdated code usage). I'm working on an updated version of the changes. Jim Pingle
02:15 PM Regression #11570: Gateway monitoring services is not always restarted on interface events, which may prevent a WAN from recovering back to an online state
PR has conflicts and needs work/testing still Jim Pingle
02:15 PM Feature #13124 (Feedback): Option to wait for interface selection before displaying firewall rules
Applied in changeset commit:c451853836ae3e00ec20aa666c64a198d08b402c. Jim Pingle
02:09 PM Feature #13124 (In Progress): Option to wait for interface selection before displaying firewall rules
Jim Pingle
02:13 PM Bug #12225 (Rejected): Group membership field is not needed for remote groups
Doesn't seem like something we really need/want at the moment, and the PR was closed a few weeks ago.
 Jim Pingle
01:40 PM Feature #13245 (Feedback): Type column on Alias lists
Applied in changeset commit:33cd269034590899b429f72305a4abdc4c6f686e. Jim Pingle
01:30 PM Feature #13245 (In Progress): Type column on Alias lists
Jim Pingle
01:26 PM Feature #13377 (Feedback): Option to configure a custom value for the PHP memory limit
MR Merged Jim Pingle
01:10 PM Feature #13804 (Feedback): Prevent CARP status/maintenance mode from being erroneously toggled
Applied in changeset commit:a9238fddf3149f0bd22886f91becfa3d373cc164. Christopher Cope
01:05 PM Feature #14347 (Feedback): Improve System menu behavior for Certificate Manager privileges
Applied in changeset commit:d9f02c6abae1d58e57cdff1775f1b516cb038585. Jim Pingle
12:55 PM Feature #14347 (In Progress): Improve System menu behavior for Certificate Manager privileges
Jim Pingle
12:59 PM Feature #14208: Automatic Split-DNS for 1:1 NAT
Waiting on changes to the PR, will be better in the next release with more time to test it out. Jim Pingle
12:38 PM Bug #14621 (Feedback): Rule separators are hidden when their index is greater than the number of rules
This was merged a couple weeks ago Jim Pingle
07:56 AM Bug #14702 (Resolved): ``ctype_digit()`` returns unexpected result for values <= ``255`` which can break some validation functions/usages
The patch fixes it.
I am marking this ticket resolved. Danilo Zrenjanin
07:45 AM Bug #14695 (Resolved): Copy function for User Manager Groups does not work for first group in list
Danilo Zrenjanin
07:45 AM Bug #14695: Copy function for User Manager Groups does not work for first group in list
The patch fixes it.
I am marking this ticket resolved.
Danilo Zrenjanin
06:52 AM Bug #14628: PPPoE Interface Panic
Occurred again today.
@
Aug 23 11:47:25 login 74579 login on ttyv0 as root
Aug 23 11:47:25 sshguard 77416 Now mo... Faisal Mahmood

08/22/2023

10:45 PM Bug #14691 (Pull Request Review): Separators get shifted when copying firewall rules between interfaces
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/1063 Marcos M
03:36 PM Bug #14691 (In Progress): Separators get shifted when copying firewall rules between interfaces
Marcos M
07:26 PM Feature #13422: Add a 'type' field to the DHCPv6 server Additional BOOTP/DHCP Options
This may already be part of the Kea work, but in case it isn't... Jim Pingle
07:24 PM Feature #13710: Support UTF-8 CA/Certificate subject components
We have enough to worry about with OpenSSL 3.x changes in this release, best not to complicate cert changes any furth... Jim Pingle
07:16 PM pfSense Packages Bug #14349 (Closed): The ClamAV 0.105.1 got a few vulnerabilities
It's already fixed in dev snaps, it'll come back naturally with the next release.
 Jim Pingle
06:38 PM pfSense Plus Bug #14682 (Feedback): DCO OpenVPN server bound to Localhost does not pass traffic as expected
Committed upstream in https://cgit.freebsd.org/src/commit/?id=949491f2a6397f2514f8fcde1c7dc61bd82f201a, and cherry-pi... Kristof Provost
03:45 PM pfSense Plus Bug #14682 (In Progress): DCO OpenVPN server bound to Localhost does not pass traffic as expected
I've also been able to reproduce this.
The problem turns out to be that we pass through pf multiple times (which i... Kristof Provost
05:06 PM pfSense Plus Feature #14348 (Resolved): Add unicast CARP indication and peer address to CARP status
This looks really good on Plus and CE both compared to before. Much more useful information and it all appears to be ... Jim Pingle
02:20 AM Bug #14648: Values obtained from ``sysctl`` are sometimes unexpectedly empty, leading to PHP and other math errors
I am repeatedly receiving errors related to this. In addition to errors, crash reports, nearly every day. I just appl... C T

08/21/2023

10:59 PM Bug #14700: High CPU Temperature in CE 2.7
I would check your cooling solution if those are real values. Simply running with the default Speedshift settings sho... Steve Wheeler
12:31 PM Bug #14700 (Duplicate): High CPU Temperature in CE 2.7
Already covered by #14047 Jim Pingle
10:43 PM Bootstrap Bug #5121: interfaces.php - Wireless Antenna Selection should default to "Default"
Hello, what about 3 antenna port pcie cards? I learned the AR5BXB112 functions in some appliances. Is the 3rd port no... Jonathan Lee
10:38 PM pfSense Plus Regression #14703: 2100 pcie wireless issues
https://redmine.pfsense.org/issues/5121
Also talks about the now degraded Wireless Antenna Selection GUI setting Jonathan Lee
10:36 PM pfSense Plus Regression #14703: 2100 pcie wireless issues
Antenna tx and rx adjustments missing on 23.05.1
See attached is the new GUI settings showing changes Jonathan Lee
10:31 PM pfSense Plus Regression #14703: 2100 pcie wireless issues
https://redmine.pfsense.org/issues/13
was the options removed for antenna adjustments? It use to display them in the... Jonathan Lee
10:16 PM pfSense Plus Regression #14703: 2100 pcie wireless issues
even when removing dev.ath.0.tpc and dev.ath.0.tpcscale and setting tpack and tpcts to 99 it does not take the config... Jonathan Lee
07:00 PM pfSense Plus Regression #14703: 2100 pcie wireless issues
When I would add a system tunable for tpcts and tpack and reboot or manually adjust they would never change and alway... Jonathan Lee
06:53 PM pfSense Plus Regression #14703: 2100 pcie wireless issues
Compex WLE200NX Wireless A/B/G/N Network Mini PCIe Adapter (A4343) is the only card that works inside the 2100 Jonathan Lee
06:51 PM pfSense Plus Regression #14703 (New): 2100 pcie wireless issues
Hello fellow pfSense Packages Redmine community members can you please help.
1. The SG-2100MAX the Compex WLE200NX... Jonathan Lee
07:35 PM Bug #14695 (Feedback): Copy function for User Manager Groups does not work for first group in list
Applied in changeset commit:9270d777907048d2bfc31f4e57a01e915ff71a88. Jim Pingle
07:16 PM Bug #14695 (In Progress): Copy function for User Manager Groups does not work for first group in list
Not specific to Plus.
Looks like most of the tests checking if the duplicate action is being performed are done in a... Jim Pingle
06:38 PM Regression #14698: TLS Cert Warning Message Present on First Start
Ended up being an issue in the upgrade code, not the GUI or certs. Jim Pingle
06:35 PM Regression #14698 (Feedback): TLS Cert Warning Message Present on First Start
Applied in changeset commit:dcc7c577b51d68878c68313e3e0705d600c75b6f. Jim Pingle
03:15 PM Bug #14702 (Feedback): ``ctype_digit()`` returns unexpected result for values <= ``255`` which can break some validation functions/usages
Applied in changeset commit:28e2b61100b0f1cf81de5e73fd579bb6bd36afb5. Jim Pingle
03:05 PM Bug #14702 (In Progress): ``ctype_digit()`` returns unexpected result for values <= ``255`` which can break some validation functions/usages
Looks like this could also break things in a few other places since we use that function ~10 times in various files.
... Jim Pingle
02:56 PM Bug #14702: ``ctype_digit()`` returns unexpected result for values <= ``255`` which can break some validation functions/usages
The problem is with the @ctype_digit()@ test used in @is_port()@:
https://www.php.net/manual/en/function.ctype-dig... Jim Pingle
02:44 PM Bug #14702 (Confirmed): ``ctype_digit()`` returns unexpected result for values <= ``255`` which can break some validation functions/usages
This isn't specific to FTP, it happens for a few different ranges I tried (10-11, 20-21, 100-101, etc.) though it doe... Jim Pingle
06:45 AM Bug #14702 (Resolved): ``ctype_digit()`` returns unexpected result for values <= ``255`` which can break some validation functions/usages
Hello pfSense,
I've noticed that when you create a NAT rule with a port range starting with 20 (e.g. 20-21 or 20-... John Uplink
02:12 PM pfSense Plus Bug #14701: Regression #14374 new issue with active DHCP leases can no longer differentiate between online and offline system.
Static ARP entries must always be in the table. Prior to that patch, static ARP was broken, which is why the DHCP sta... Jim Pingle
02:08 PM pfSense Plus Bug #14701: Regression #14374 new issue with active DHCP leases can no longer differentiate between online and offline system.
Thanks for looking into this, prior to this PfSense patch I was able to see if a device was on or offline in the stat... Jonathan Lee
01:09 PM pfSense Plus Bug #14701 (Not a Bug): Regression #14374 new issue with active DHCP leases can no longer differentiate between online and offline system.
The online/offline status is solely based off the presence of the client MAC address in the ARP table. With static AR... Jim Pingle
02:01 PM pfSense Packages Feature #14696: possible cross site scripting and URL manipulation shell access injection issue sgerror.php
Thanks for looking at this and testing the various inputs. I did not know about the other reporting URL I will use th... Jonathan Lee
01:52 PM pfSense Packages Feature #14696 (Rejected): possible cross site scripting and URL manipulation shell access injection issue sgerror.php
That action is just echoing back the input to the user but as it passes through a query string and so on, the content... Jim Pingle
12:30 PM Bug #14301 (Resolved): Input validation error when saving IGMP Proxy settings
Jim Pingle
12:30 PM Bug #14646 (Resolved): OpenVPN can select the wrong interface IP address when multiple addresses are present
Jim Pingle
12:28 PM Regression #14678 (Resolved): CA and Certificate renewal page does not properly list some SHA1 certificates as being weak
Jim Pingle
12:27 PM Bug #14699 (Duplicate): Certificate alert is shown with a new install
Duplicate of #14698 Jim Pingle

08/20/2023

11:42 PM pfSense Plus Bug #14701 (Not a Bug): Regression #14374 new issue with active DHCP leases can no longer differentiate between online and offline system.
Hello fellow pfSense Redmine community members,
I wanted to add a note about a new issue showing. The active stati... Jonathan Lee
05:02 PM Bug #14700 (Duplicate): High CPU Temperature in CE 2.7
After upgrading 3 2.6 CE installs to 2.7, all of them experienced high CPU temps. A mitigation was found on reddit to... Boolie Boolie
03:47 PM Bug #14699 (Duplicate): Certificate alert is shown with a new install
I installed snapshot 23.09 build @20230818-1744@ and this alert is shown with a default config:
> The GUI HTTPS cert... Marcos M
02:50 AM Bug #14301: Input validation error when saving IGMP Proxy settings
Tested on Aug 18th builds of Plus 23.09. No errors are present when saving IGMP Proxy anymore. This can be closed a... Kris Phillips
01:02 AM Bug #14646: OpenVPN can select the wrong interface IP address when multiple addresses are present
retested with a different config after applying the related system_patch and failover appears to be working as expect... Jordan G

08/19/2023

10:16 PM Regression #14698 (Resolved): TLS Cert Warning Message Present on First Start
On first boot of the Aug 18th 23.09 builds, the following notification is present immediately when prompted with the ... Kris Phillips
09:18 PM Bug #14655 (Confirmed): NAT behind a WAN rule" and "!WAN rule"
I can confirm this behavior on... Christopher Cope
05:47 PM pfSense Packages Bug #14683: PHP error on ``status_frr.php`` from using too much memory
Since this is the same base issue solved by the PHP patch, I'm marking this as a duplicate of https://redmine.pfsense... Christopher Cope
05:47 PM pfSense Packages Bug #14683 (Duplicate): PHP error on ``status_frr.php`` from using too much memory
Christopher Cope
12:48 PM pfSense Plus Bug #14129 (Resolved): Chelsio T520 unable to route past 470Mbps
This is resolved by https://redmine.pfsense.org/issues/14207 Steve Wheeler
12:21 PM Regression #14678: CA and Certificate renewal page does not properly list some SHA1 certificates as being weak
Also can confirm on 23.09... aleksei prokofiev
11:46 AM Regression #14678: CA and Certificate renewal page does not properly list some SHA1 certificates as being weak
I can confirm that it is working as expected. Tested patch on 23.05.1 and 2.7.0 aleksei prokofiev
12:10 PM pfSense Docs Correction #14697 (Resolved): Need to fix TNSR examples recipes
Looks like the example images don't match the context of the example.
https://docs.netgate.com/tnsr/en/latest/recipe... aleksei prokofiev
10:37 AM pfSense Plus Bug #14175: LDAP authentication for SSH fails
Marcos M wrote in #note-6:
> With @Use Authentication Server for Shell Authentication@ checked, this issue can preve... Emre K
07:09 AM pfSense Plus Bug #14531: Traffic Graph widget doesn't show traffic counts for OpenVPN interfaces since 23.05.1 upgrade.
The same behavior on ... Lev Prokofev
04:04 AM Bug #14648: Values obtained from ``sysctl`` are sometimes unexpectedly empty, leading to PHP and other math errors
Hi
For the last 2 hrs been running script to keep getting that output every 1 second..
It hasn't come up blank o... Michael Clews
12:05 AM pfSense Packages Feature #14696: possible cross site scripting and URL manipulation shell access injection issue sgerror.php
/usr/local/www/sgerror.php
has no ability to disable internal error redirect functionality when utilizing externa... Jonathan Lee
12:03 AM pfSense Packages Feature #14696: possible cross site scripting and URL manipulation shell access injection issue sgerror.php
In my case https://192.168.1.1:8080/sgerror.php?url=403%20Blocked%20by%20Mom%20and%20Dad&a=%a&n=%n&i=%i&s=%s&t=%t&u=%... Jonathan Lee
12:02 AM pfSense Packages Feature #14696: possible cross site scripting and URL manipulation shell access injection issue sgerror.php
sgerror.php is also still accessible even with the internal error redirector redirecting to external site like Google... Jonathan Lee

08/18/2023

11:13 PM pfSense Packages Feature #14696: possible cross site scripting and URL manipulation shell access injection issue sgerror.php
I wonder if there is any php injection vulnerabilities here. I did get it to say hello world. I noticed there is some... Jonathan Lee
10:48 PM pfSense Packages Feature #14696: possible cross site scripting and URL manipulation shell access injection issue sgerror.php
if I can force it to say hello world, you could force it to say it a million times and do a denial of service attack ... Jonathan Lee
10:33 PM pfSense Packages Feature #14696 (Rejected): possible cross site scripting and URL manipulation shell access injection issue sgerror.php
Hello fellow pfSense Redmine team,

I seem to have found an issue with sgerror.php allowing a user to adapt the ph... Jonathan Lee
07:51 PM Bug #14542 (Resolved): Gateway widget tooltip incorrectly indicates some gateways as being default
Entries below default gateways no longer have the incorrect tooltip in the widget.
 Jim Pingle
07:50 PM Todo #14399 (Resolved): Combining Interface and Rule ID state table filter fields returns no results
Input validation error is printed as expected, other queries still work.
 Jim Pingle
07:48 PM Bug #14417 (Resolved): System Information widget does not properly form list of active hardware crypto algorithms
This appears to be correct and looks better on a variety of hardware models Jim Pingle
04:31 PM Bug #14673 (Resolved): Remove broken ``stun.sipgate.net`` from UPnP STUN server list
Jim Pingle
11:14 AM Bug #14673: Remove broken ``stun.sipgate.net`` from UPnP STUN server list
Tested on 23.05.1
No more stun.sipgate.net in the list.
!clipboard-202308181514-vpy4v.png!
 Lev Prokofev
04:31 PM pfSense Packages Bug #14694 (Not a Bug): HAProcy
I'm using ACME certs with HAProxy and it works fine here, so it's not clear why yours might be failing.
This site ... Jim Pingle
05:02 AM pfSense Packages Bug #14694 (Not a Bug): HAProcy
After the latest update I can no longer assign an ACME certificate to a HAProxy Frontend, not matter which certificat... Rick Strangman
03:56 PM Bug #14648: Values obtained from ``sysctl`` are sometimes unexpectedly empty, leading to PHP and other math errors
Suika Ibuki wrote in #note-16:
> Why not do a patch against that function to dump everything, env and what not? At l... Jim Pingle
03:51 PM Bug #14648: Values obtained from ``sysctl`` are sometimes unexpectedly empty, leading to PHP and other math errors
commit:aed18fb07d387c90942b729c02fe460064310f5e should show up on GitHub here in a few minutes with a small fix to av... Jim Pingle
03:50 PM Bug #14648: Values obtained from ``sysctl`` are sometimes unexpectedly empty, leading to PHP and other math errors
I don't even know what is triggering that, something in the background of pfsense does, but dunno how to trigger it.
... Suika Ibuki
03:36 PM Bug #14648 (In Progress): Values obtained from ``sysctl`` are sometimes unexpectedly empty, leading to PHP and other math errors
OK that is in a completely different function, but one which also takes fetches its data from sysctl. Makes no sense ... Jim Pingle
01:59 PM Bug #14648: Values obtained from ``sysctl`` are sometimes unexpectedly empty, leading to PHP and other math errors
Jim Pingle wrote in #note-13:
> Michael Clews wrote in #note-12:
> > Hi
> > I received the error again
>
> Is ... Suika Ibuki
09:18 AM Bug #14695 (Resolved): Copy function for User Manager Groups does not work for first group in list
It seems that https://redmine.pfsense.org/issues/12226 did not completely resolve this issue.
If you try to copy t... Dan Edwards

08/17/2023

10:21 PM Bug #14693 (New): Filter reload with NAT reflection rules is extremely slow
We're running a PFSense cluster which contains the following amount of rules:
- 60x Outbound NAT rule
- 120x NAT ... Kevin Bentlage
08:46 PM Bug #14692 (New): Mangled link-local addresses are being logged
My system is logging discarded ping request messages from a link-local address, as is expected.
Here is an example... Daryl Morse
08:33 PM Bug #12833: GUI Service Log Filling Up with Cruft
Jim Pingle wrote in #note-6:
> That is a raw web server log, it's not meant to only show notable events, but every a... Daryl Morse
08:20 PM Bug #14542 (Feedback): Gateway widget tooltip incorrectly indicates some gateways as being default
Applied in changeset commit:d1f43fb9b03f4d4b30dc1b0dfed33d46d6386902. Jim Pingle
07:25 PM Bug #14542 (In Progress): Gateway widget tooltip incorrectly indicates some gateways as being default
Jim Pingle
07:25 PM Todo #14399 (Feedback): Combining Interface and Rule ID state table filter fields returns no results
Applied in changeset commit:1b6b8b4c9c1e187d3a55f7fdb5dd8a22252caf06. Jim Pingle
07:10 PM Todo #14399 (In Progress): Combining Interface and Rule ID state table filter fields returns no results
Not specific to plus
I'll add an input validation error if both are filled in. Jim Pingle
05:21 PM Bug #14417 (Feedback): System Information widget does not properly form list of active hardware crypto algorithms
Fix committed. Seems to list everything for me now and also in the correct alphabetical order.
Before:
!clipboard... Jim Pingle
04:14 PM Bug #14417 (In Progress): System Information widget does not properly form list of active hardware crypto algorithms
Though the problem is easiest to notice in Plus, the function is similar in CE and could in theory have the same prob... Jim Pingle
03:34 PM Bug #11539: Mobile IPsec ``split_include`` value of ``0.0.0.0/0`` causes some clients to fail
Still waiting on an affected user to test and offer feedback.
 Jim Pingle
03:33 PM Regression #12549: Per-user Mobile IPsec settings are not applied to connecting mobile clients
Clients are still not behaving a way that appears to be fixable for all of them at once. Will keep checking, though.
 Jim Pingle
03:32 PM Todo #13508: Uncouple RAM Disk size from available kernel memory
Needs more time to come up with a proper solution. Jim Pingle
03:30 PM Regression #14690: Creating or duplicating an IPsec P1 entry does not increment the IKE ID
Excluding from release notes since it was never a problem in a release version. Jim Pingle
03:25 PM Regression #14690 (Feedback): Creating or duplicating an IPsec P1 entry does not increment the IKE ID
Applied in changeset commit:c10d5dc27156880b4939b0a4e862753949f9e649. Jim Pingle
03:17 PM Regression #14690: Creating or duplicating an IPsec P1 entry does not increment the IKE ID
This regressed after the last release. It's OK on 23.05.1 and 2.7.0, but broken in the current code. Looks like a var... Jim Pingle
03:12 PM Regression #14690 (In Progress): Creating or duplicating an IPsec P1 entry does not increment the IKE ID
It's worse than that, even creating a new tunnel from scratch has a duplicate ID. Jim Pingle
12:58 PM Regression #14690: Creating or duplicating an IPsec P1 entry does not increment the IKE ID
Not specific to plus, happens on CE as well.
 Jim Pingle
03:16 PM Bug #14691 (Resolved): Separators get shifted when copying firewall rules between interfaces
h1. Reproduce
Have two active interfaces, one with at least one firewall rule (hereafter called OPT1) and the othe... Filip Bengtsson
08:10 AM pfSense Packages Bug #14683: PHP error on ``status_frr.php`` from using too much memory

and changed config.inc
// Set memory limit to 512M on amd64.
if ($ARCH == "amd64") {
ini_set("memory_limit", ... yon Liu
08:06 AM pfSense Packages Bug #14683: PHP error on ``status_frr.php`` from using too much memory
i have changed php tomemory_limit = 1200M now,it is ok.
and if run frr bgp route, the kern.ipc.maxsockbuf must be ch... yon Liu
07:24 AM Bug #14604: Bugs in dhclient implementation according to RFC 2131
Just to manage my expectations, how high is this on your priority list?
I'm thinking whether I should cancel my ISP ... Nazar Mokrynskyi

08/16/2023

11:15 PM Feature #14640 (Feedback): Extend support for SCTP in firewall and NAT rules
Applied in changeset commit:7a654802f01c17a921b3ae51099bf7d829df6cad. Marcos M
10:31 PM Feature #14483: Conditionally reconfigure IPsec VTI interfaces only when necessary while applying IPsec changes
I started a forum thread and during the discussion i realized the situation is very familiar to this redmine.
http... Mike Moore
09:23 PM Regression #14690 (Resolved): Creating or duplicating an IPsec P1 entry does not increment the IKE ID
pfSense 23.09-DEV build from today
VPN -> IPSec. I select the button to "copy phase 1 entry" for a P1 I created. The... Clinton Cory
07:45 PM Bug #14648: Values obtained from ``sysctl`` are sometimes unexpectedly empty, leading to PHP and other math errors
Michael Clews wrote in #note-12:
> Hi
> I received the error again
Is that with the patch applied or without it? Jim Pingle
07:40 PM pfSense Plus Feature #14348 (Feedback): Add unicast CARP indication and peer address to CARP status
Implemented in:
* https://gitlab.netgate.com/pfSense/pfSense/-/commit/d02e9664d251f54d99e5738808ea25b018421754 (CE... Jim Pingle
12:57 PM pfSense Packages Feature #14689 (Rejected): Warn users about the risks of using snort in a netgate pfsense device
There are already warnings in place in various locations about this.
For example: https://www.netgate.com/supporte... Jim Pingle

08/15/2023

09:30 PM pfSense Packages Feature #14689 (Rejected): Warn users about the risks of using snort in a netgate pfsense device
Hello
I installed pfsense in a computer, running snort, protecting my network, it was awesome.... I decided to purch... Edgar Estrada
08:00 PM Feature #3288 (Feedback): Support interface macros in Outbound NAT rules
Applied in changeset commit:fecb90e9acdf0bd801e8a250b39e9a57555d3476. Marcos M
06:27 PM Todo #14686: Check for deprecated OpenVPN encryption and digest options on upgrade
Updating subject for release notes. Jim Pingle
06:26 PM Todo #14672: Prevent weak SHA1 certificates from being used with GUI and Captive Portal
Updating subject for release notes. Jim Pingle
05:20 PM Todo #14672 (Feedback): Prevent weak SHA1 certificates from being used with GUI and Captive Portal
Applied in changeset commit:f78ae299e5ea7918478ad0cf902e169292ceb6f4. Jim Pingle
06:25 PM Todo #14677: Prevent weak SHA1 certificates from being used with OpenVPN clients and servers
Updating subject for release notes. Jim Pingle
06:24 PM Regression #14678: CA and Certificate renewal page does not properly list some SHA1 certificates as being weak
Updating subject for release notes. Jim Pingle
05:45 PM Feature #14688 (Rejected): Feedback on System Monitoring — DHCPv4 Status
You can already do that by making a static mapping entry -- it doesn't need to specify an IP address, it can just add... Jim Pingle
05:42 PM Feature #14688 (Rejected): Feedback on System Monitoring — DHCPv4 Status
*Page:* https://docs.netgate.com/pfsense/en/latest/monitoring/status/dhcp-ipv4.html
*Feedback:* It would be nice t... Joe Francis
05:45 PM Bug #14673 (Feedback): Remove broken ``stun.sipgate.net`` from UPnP STUN server list
Applied in changeset commit:9dc325fa2328597020540ab70f74fe13b575cdac. Jim Pingle
05:37 PM Bug #14673: Remove broken ``stun.sipgate.net`` from UPnP STUN server list
It's nice to have examples, so long as they work. Removing the broken one seems like a good enough measure for now.
 Jim Pingle
02:06 PM pfSense Plus Bug #14586: Adding an IP Alias VIP using a unicast CARP VIP as its parent changes the CARP VIP to multicast at the OS level
Ok, cool. Thanks for letting me know. I'll await 23.09. :) James George
01:29 PM pfSense Plus Bug #14586: Adding an IP Alias VIP using a unicast CARP VIP as its parent changes the CARP VIP to multicast at the OS level
Oh shoot, I apologize. I created the patch from a previous aborted MR, which I had closed before I saw and corrected ... Reid Linnemann
03:17 AM pfSense Plus Bug #14586: Adding an IP Alias VIP using a unicast CARP VIP as its parent changes the CARP VIP to multicast at the OS level
Thanks Reid.
Unfortunately, this seems to only be a partial fix (for me at least) - it does not work at bootup. I ... James George
02:54 AM pfSense Plus Bug #14682: DCO OpenVPN server bound to Localhost does not pass traffic as expected
I was able to confirm this bug on 2100 w/23.05.1. Craig Coonrad

08/14/2023

10:19 PM pfSense Plus Bug #14586: Adding an IP Alias VIP using a unicast CARP VIP as its parent changes the CARP VIP to multicast at the OS level
James George wrote in #note-9:
> I'm happy to test the fix in my environment if you'd like; I'd just need a diff/pat... Reid Linnemann
09:53 PM Bug #14648: Values obtained from ``sysctl`` are sometimes unexpectedly empty, leading to PHP and other math errors
Hi
I received the error again
Crash report begins. Anonymous machine information:
amd64
14.0-CURRENT
FreeB... Michael Clews
08:53 PM Bug #14687: Error in boot messages about missing ``/boot/loader.conf.d`` directory
Stock FreeBSD comes with the directory.
Thus the best long term option is to just add one, but I don't know to do ... Mateusz Guzik
08:00 PM Bug #14687 (Closed): Error in boot messages about missing ``/boot/loader.conf.d`` directory
This is defined in /boot/defaults/loader.conf:... Steve Wheeler
07:35 PM Todo #14686 (Feedback): Check for deprecated OpenVPN encryption and digest options on upgrade
Applied in changeset commit:45b87923fecb8d7e414f927997b399fbe5a69355. Jim Pingle
05:44 PM Todo #14686 (Resolved): Check for deprecated OpenVPN encryption and digest options on upgrade
OpenSSL 3.x deprecated several algorithms for encryption and digest.
Encryption algorithms removed from OpenVPN:
... Jim Pingle
07:35 PM Todo #14677 (Feedback): Prevent weak SHA1 certificates from being used with OpenVPN clients and servers
Applied in changeset commit:45b87923fecb8d7e414f927997b399fbe5a69355. Jim Pingle
02:30 PM pfSense Plus Bug #14682: DCO OpenVPN server bound to Localhost does not pass traffic as expected
I can confirm this (even on 23.09 snaps) but it doesn't seem to be a routing issue. I see all the same interface conf... Jim Pingle
12:32 PM pfSense Plus Bug #14685 (Not a Bug): Kernel panic on reroot
The crash looks like it could potentially be a problem with the filesystem or disk. While there is a possibility it's... Jim Pingle
12:18 PM Regression #14678: CA and Certificate renewal page does not properly list some SHA1 certificates as being weak
aleksei prokofiev wrote in #note-2:
> Tested this patch on 23.05.1 and 2.7.0
> After apply the patch the the cert m... Jim Pingle
12:15 PM pfSense Packages Bug #14683: PHP error on ``status_frr.php`` from using too much memory
Probably too much data for that page to deal with (e.g. route table is gigantic).
It already tries to limit how th... Jim Pingle
12:12 PM Bug #14681 (Duplicate): IGMP proxy cause crash on 23.05.1
The backtrace looks close enough that it seems like the same bug. No reason for a new report at this point. Even if i... Jim Pingle
12:10 PM Bug #14680 (Not a Bug): server/client openvpn /30
This is just how OpenVPN works. With a /24 subnet, SSL/TLS, and no DCO you have to have Overrides to setup iroutes be... Jim Pingle
06:12 AM Bug #14651: pfSense 2.7.0 Release has PPPoE bug. Unable to even make connection. LCP: Down Event and Link: Down event with no explanation
Lucas Tam wrote in #note-3:
> I recently had a similar issue with my PPPoE interfaces w/ a QNAP QXG-2G4T-I225 passed... Cin Lung Chen
02:12 AM Bug #14684: Allowed IP Address does not control incoming speed in captive portal, PF Sense Release 2.7 Latest
I Also make a issue thread on forum.netgate.com, where Mr. Rcoleman-netgate advice me to address this bug
on this bu... Noman Haroon
02:07 AM Bug #14684: Allowed IP Address does not control incoming speed in captive portal, PF Sense Release 2.7 Latest
Dear PF Sense Engineers, I have shared a video, Kindly check it.
https://drive.google.com/drive/folders/1kVCGz0lYr... Noman Haroon

08/13/2023

08:28 PM pfSense Plus Bug #14685 (Feedback): Kernel panic on reroot
When running a reroot on my firewall (Dell R220) it starts to stop services just fine then kernel panics and does a w... Ed McLain
04:29 PM Bug #14684 (Confirmed): Allowed IP Address does not control incoming speed in captive portal, PF Sense Release 2.7 Latest
Hi PF Sense Engineers, I like to report a bug. There is problem in captive portal in latest release 2.7, In captive p... Noman Haroon
02:38 PM Bug #14628: PPPoE Interface Panic
@Jim Pingle The issue was reported again earlier today and I am attaching the latest dump. The ending lines of logs w... Faisal Mahmood
06:17 AM Regression #14678: CA and Certificate renewal page does not properly list some SHA1 certificates as being weak
Tested this patch on 23.05.1 and 2.7.0
After apply the patch the the cert marks as Weak Digest
!clipboard-202308130... aleksei prokofiev
04:59 AM pfSense Packages Bug #14683 (Duplicate): PHP error on ``status_frr.php`` from using too much memory

amd64
14.0-CURRENT
FreeBSD 14.0-CURRENT #1 plus-RELENG_23_05_1-n256108-459fc493a87: Wed Jun 28 04:26:04 UTC 202... yon Liu
04:26 AM Bug #14681: IGMP proxy cause crash on 23.05.1
No patch was applied, because the patch requires a kernel build. Lev Prokofev
02:45 AM Bug #14681: IGMP proxy cause crash on 23.05.1
Did this issue crop up as a result of the patch in the linked redmine or does this crash happen without the patch? Kris Phillips
02:47 AM Bug #14680: server/client openvpn /30
Based on the note below the Tunnel Network field, this might be expected behavior:
_A tunnel network of /30 or small... Kris Phillips

08/12/2023

09:27 PM pfSense Plus Bug #14682 (Resolved): DCO OpenVPN server bound to Localhost does not pass traffic as expected
When connected to an OpenVPN server that has DCO enabled and the OpenVPN server is bound to Localhost with Port Forwa... Kris Phillips
08:27 PM pfSense Packages Bug #14643 (Not a Bug): Suricata PHP error after upgrade to CE 2.7.0
That is expected as the system upgrades the packages. Since it is working correctly after the upgrade, I'm marking th... Christopher Cope
08:26 PM pfSense Packages Bug #14644 (Not a Bug): Zeek PHP error after upgrade to CE 2.7.0
e 1/1 wrote in #note-2:
> Kris Phillips wrote in #note-1:
> > Do any issues occur with the package post-upgrade or ... Christopher Cope
08:20 PM Bug #13344: Vlan loses parent interface when changing LAGG mtu to jumbo frames
related/duplicate? https://redmine.pfsense.org/issues/14603 Jordan G
07:17 PM Bug #13996: Limiters using the fq_pie scheduler no longer pass any traffic.
I can confirm, I'm seeing this on 23.05.1 - if nothing else but the scheduler changes from FQ_CODEL to FQ_PIE under t... Jordan G
12:55 PM Bug #14681 (Duplicate): IGMP proxy cause crash on 23.05.1
Crash trace attached, possibly related to https://redmine.pfsense.org/issues/12079
Fatal trap 12: page fault whi... Lev Prokofev
03:14 AM Bug #14648: Values obtained from ``sysctl`` are sometimes unexpectedly empty, leading to PHP and other math errors
It happens in my case after logging into the system based on the time stamp as its the same time as my login.
not su... Michael Clews
03:10 AM Bug #14680 (Not a Bug): server/client openvpn /30

server/client does not work if the Tunnel Network is not /30 in ssl/tls , it works with shared key .
* create Op... Alhusein Zawi

08/11/2023

09:52 PM Regression #14679: Allow simultaneously including/excluding the same type
This would make sense for types that allow "all of" and "none of" (host, mac, port). Marcos M
08:36 PM Regression #14679 (New): Allow simultaneously including/excluding the same type
Hi All
With the updates in the last couple version it looks like functionality was lost with the GUI packet captur... Martin Kenney
07:44 PM pfSense Packages Bug #14644: Zeek PHP error after upgrade to CE 2.7.0
Kris Phillips wrote in #note-1:
> Do any issues occur with the package post-upgrade or is just the upgrade PHP errors... e 1/1
07:15 PM Regression #14678 (Feedback): CA and Certificate renewal page does not properly list some SHA1 certificates as being weak
Applied in changeset commit:3ad1e1cb0dd5fa9a486448bfd44c82c230741306. Jim Pingle
06:05 PM Regression #14678 (Resolved): CA and Certificate renewal page does not properly list some SHA1 certificates as being weak
Noticed this when working on other OpenSSL changes, but some certificates are not being flagged by the renewal page a... Jim Pingle
07:12 PM Todo #14677 (In Progress): Prevent weak SHA1 certificates from being used with OpenVPN clients and servers
Adding the GUI warnings and filtering out the invalid certificate choices is now complete.
The upgrade code is the... Jim Pingle
07:11 PM Todo #14672 (In Progress): Prevent weak SHA1 certificates from being used with GUI and Captive Portal
Adding the GUI warnings and filtering out the invalid certificate choices is now complete.
The upgrade code is the... Jim Pingle
05:38 PM pfSense Packages Regression #14636 (Feedback): "Legacy" strength PKCS#12 Export needs ``-legacy`` provider parameter on OpenSSL command
I pushed this change on Wednesday:
https://github.com/pfsense/FreeBSD-ports/commit/f61ca6b81bab553e94046b1e6c5811a... Jim Pingle
03:52 PM pfSense Packages Feature #14423: haproxy 2.7 QUIC support (+ maybe LUA 5.4?)
Pawel Piaskowy wrote:
> Hello,
>
> I appreciate all pfSense+ updates and efforts Team is doing (I am relatively new ... Torben Hørup
01:46 PM Bug #14651: pfSense 2.7.0 Release has PPPoE bug. Unable to even make connection. LCP: Down Event and Link: Down event with no explanation
I recently had a similar issue with my PPPoE interfaces w/ a QNAP QXG-2G4T-I225 passed through to the VM using VMXNet... Lucas Tam
12:54 PM Bug #14665 (Feedback): IGMP Proxy cannot start on VirtIO (``vtnet``) interfaces
I've committed the relevant fix upstream and merged that into our trees. igmpproxy is expected to work in the next sn... Kristof Provost
12:36 PM pfSense Packages Bug #12899 (Resolved): Suricata doesn't honor Pass List
Jim Pingle
01:14 AM pfSense Packages Bug #12899: Suricata doesn't honor Pass List
Another pass at resolving this long standing, but random, issue is in the code of Pull Request 1284 (https://github.c... Bill Meeks
12:36 PM pfSense Packages Bug #14530 (Resolved): Suricata 6.0.13 package interface settings
Jim Pingle
01:11 AM pfSense Packages Bug #14530: Suricata 6.0.13 package interface settings
This issue is resolved by Pull Request 1285 https://github.com/pfsense/FreeBSD-ports/pull/1285 merged on August 10, 2... Bill Meeks
12:36 PM Bug #14648: Values obtained from ``sysctl`` are sometimes unexpectedly empty, leading to PHP and other math errors
Those are the exact same errors as above. You can try the patch above and see if you can reproduce it after.
At th... Jim Pingle
07:42 AM Bug #14648: Values obtained from ``sysctl`` are sometimes unexpectedly empty, leading to PHP and other math errors
Got a slightly different variant (havent changed anything):
PHP ERROR: Type: 1, File: /etc/inc/util.inc, Line: 2479,... Michael Clews
 

Also available in: Atom