Project

General

Profile

Activity

From 08/15/2023 to 09/13/2023

09/13/2023

11:35 PM Regression #14616 (Feedback): dpinger does not start after renewing DHCP
Applied in changeset commit:c830f50da98b2f91f15163ed21d5b6086f10fc24. Marcos M
11:23 PM Bug #12947 (Feedback): Old IPv6 addresses may continue to be used after DHCP or RA changes
I tested this in 23.09 dev snapshots and am not able to reproduce the issue.
The following are logs from a lease cha... Marcos M
09:39 PM Regression #14039: Limiters have no effect on upload traffic passed by policy routing rules
Marcos M wrote in #note-2:
> The issue can be avoided by creating a floating rule that applies the upload limiter.
... Mike McNabb
09:32 PM pfSense Plus Bug #14778: /usr/local/www/csrf/csrf-magic.php on line 161 PHP Fatal error
Hi Jim,
All-in-all about 140k in size, the largest file has about 2700 CIDR addresses.
I've got a XG7100 that has... Andrew Rojek
07:04 PM pfSense Plus Bug #14778: /usr/local/www/csrf/csrf-magic.php on line 161 PHP Fatal error
How many IP addresses would you say are in those aliases? The GUI isn't capable of handling a ton, usually browsers w... Jim Pingle
06:54 PM pfSense Plus Bug #14778: /usr/local/www/csrf/csrf-magic.php on line 161 PHP Fatal error
Hello Jim,
If memory serves me correctly it's always been related to trying to edit IP Aliases.
Once I've created... Andrew Rojek
04:23 PM pfSense Plus Bug #14778 (Incomplete): /usr/local/www/csrf/csrf-magic.php on line 161 PHP Fatal error
What exact steps did you take that resulted in that error? Include the page filenames specifically and what exactly w... Jim Pingle
04:04 PM pfSense Plus Bug #14778 (Incomplete): /usr/local/www/csrf/csrf-magic.php on line 161 PHP Fatal error
Got this error message when trying to view a small list of CIDR addresses in Firewall->Aliases.
It was followed by a... Andrew Rojek
07:55 PM Revision c830f50d: Remove the cached interface address when killing the dhcp client. Fix #14616
Marcos M
06:29 PM Regression #14755 (In Progress): Intermittent core dump in ``ndp`` when visiting ``diag_ndp.php``
Christian McDonald
06:29 PM Regression #14755: Intermittent core dump in ``ndp`` when visiting ``diag_ndp.php``
Attached is ndp built with debugging symbols for anyone who can reliably replicate this... Christian McDonald
04:45 PM Revision 9e6b1893: Use the real interface name when storing the interface address.
The updated filename aligns with the references in:
find_interface_ip(), delete_old_address(), and add_new_address(). Marcos M
03:51 PM Bug #1819: DNS Resolver Not Registering DHCP Server Specified Domain Name
I left pfSense years ago for a homegrown Linux solution and recently returned. Lots of amazing progress has been made... Mike Pastore
01:03 PM Regression #14735 (Waiting on Merge): ``arp`` command is not filtering output as expected, behavior changed in FreeBSD
https://reviews.freebsd.org/D41839 Christian McDonald
12:25 PM pfSense Packages Feature #14588: Add FRR diagnostic status output plugin
See #14777 for implementation details once that is complete. Jim Pingle
12:24 PM Feature #14777: Status output plugin hook for packages to include their own data
First target is FRR: #14588 Jim Pingle
12:24 PM Feature #14777 (Resolved): Status output plugin hook for packages to include their own data
The status output page (@status.php@) gathers system information that is helpful for diagnosing problems, but it is c... Jim Pingle
12:14 PM Bug #14776: Port forwarding not working properly
What you are describing is explained by a lack of reply-to on the rules as I mentioned in my first response. Post on ... Jim Pingle
11:29 AM Bug #14776: Port forwarding not working properly
You may not understand my question.
For example I have several wiregaurd p2p tunnels,the wg0 public ip is 15.5.5.5... yon Liu

09/12/2023

11:31 PM Regression #14616 (Pull Request Review): dpinger does not start after renewing DHCP
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/1074/
Here's the patch to test.
{{collapse... Marcos M
12:07 AM Regression #14616: dpinger does not start after renewing DHCP
I was able to replicate this on 2.8 dev. The default gateway correctly switches to the tier 2 gateway when the DHCP l... Marcos M
07:21 PM Bug #9889: Cannot validate Certificates against Certificate Revocation Lists for Intermediate Certificate Authorities
Updating subject for release notes. Jim Pingle
07:18 PM Bug #8846: Misleading error message when adding/editing static routes which use a gateway on a disabled interface
Updating subject for release notes. Jim Pingle
07:10 PM Bug #13776 (Feedback): Some functions fail if the Language does not exactly match an available Locale
Applied in changeset commit:6ce83e7455ea35243e2bd0645651ca22b43bc569. Jim Pingle
06:30 PM Bug #13776 (In Progress): Some functions fail if the Language does not exactly match an available Locale
It looks like the easiest path forward is to rename our translation directories and the internal IDs to match the bas... Jim Pingle
07:00 PM Revision 6ce83e74: Align pfSense and OS locale names. Fixes #13776
Jim Pingle
06:19 PM pfSense Plus Regression #14436 (Closed): Upgrades from 23.05-RC/beta/dev fail server authentication
This was fixed before 23.05 released. Jim Pingle
06:19 PM Bug #14776 (Not a Bug): Port forwarding not working properly
That is almost certainly something in your configuration. Inbound NAT such as port forwards will work on any interfac... Jim Pingle
06:16 PM Bug #14776 (Not a Bug): Port forwarding not working properly

when I creat wiregaurd vpn tunnel and setup NAT rule, if Default gateway IPv4 not setup the wiregaurd interface, th... yon Liu
06:01 PM Bug #14758: ``status_carp.php`` and ``diag_dump_states.php`` unresponsive with large state tables
I have a fix for the infinite pfctl loop, and in-progress patches for the improved code to retrieve creator ids. It o... Kristof Provost
05:04 PM Bug #14758: ``status_carp.php`` and ``diag_dump_states.php`` unresponsive with large state tables
Bumping this ahead. It would be nice to fix but I don't think it's a release blocker. Jim Pingle
05:46 PM Bug #13704 (Resolved): Refactor IPsec code using config access functions
Looks like most if not all of this was already committed. See commit:264198a5a69c0ea45726ccb4c0682f1f0cd5e8a9
It m... Jim Pingle
05:45 PM pfSense Packages Regression #14739 (Resolved): PHP error with lightsquid when generating an SSL certificate
Resolved with 3.0.7_1. Marcos M
05:04 PM pfSense Packages Regression #14739 (Feedback): PHP error with lightsquid when generating an SSL certificate
Jim Pingle
05:29 PM Feature #14483: Conditionally reconfigure IPsec VTI interfaces only when necessary while applying IPsec changes
We're are still working on this, but it is going to take more time to untangle this than we have for it to make this ... Jim Pingle
05:20 PM Regression #14735: ``arp`` command is not filtering output as expected, behavior changed in FreeBSD
The problem here is that the behavior of the @arp@ command has changed. Running @arp -n <ip addr>@ used to limit the ... Jim Pingle
03:31 PM pfSense Packages Bug #14775 (New): FRR LocPrf and Weight is forced to 0
frr8-8.5.2
Because some upstream routes show that LocPrf and Weight are 0. FRR LocPrf and Weight is forced to 0
... yon Liu
02:55 PM Todo #14769 (Feedback): Increase timeout for password entry when restoring an encrypted configuration via ECL
Applied in changeset commit:c449bcafcffef37bf0a3818a00f719939ccbd8b4. Jim Pingle
02:47 PM Todo #14769 (In Progress): Increase timeout for password entry when restoring an encrypted configuration via ECL
Bumping up that timeout to 60s should be safe. I'll commit that shortly.
Updating the subject and issue type to mo... Jim Pingle
09:02 AM Todo #14769: Increase timeout for password entry when restoring an encrypted configuration via ECL
I think it is the ECL he didnt specify which link, but told me the process in more detail which sounds like the ECL t... Chris Collins
02:47 PM Revision c449bcaf: Increase ECL passwd prompt timeout. Fixes #14769
Jim Pingle
02:40 PM Regression #14773 (Not a Bug): Unable to boot pfSense after installation on Proxmox VE 8.x
Thanks for following up.
We have seen some similar reports in the past but they were all issues with the Hyperviso... Jim Pingle
02:30 PM Regression #14773: Unable to boot pfSense after installation on Proxmox VE 8.x
The systems were installed using ZFS. Following your suggestion here https://forum.netgate.com/topic/182742/pfsense-2... Christopher de Haas
12:16 PM Regression #14773: Unable to boot pfSense after installation on Proxmox VE 8.x
It works fine in Proxmox VE 7.x, so something must have changed in 8.x, so there is only so much we can do there. It ... Jim Pingle
08:51 AM Regression #14773: Unable to boot pfSense after installation on Proxmox VE 8.x
Also found this redmine issue which may be related https://redmine.pfsense.org/issues/13895 Christopher de Haas
08:48 AM Regression #14773 (Not a Bug): Unable to boot pfSense after installation on Proxmox VE 8.x
I have multiple new pfSense 2.7 installations that are unable to boot after installation. Also tested with pfSense 23... Christopher de Haas
02:17 PM pfSense Packages Regression #14774 (Feedback): Lightsquid won't allow change the password.
I pushed a fix for this, it will be available shortly. Jim Pingle
01:42 PM pfSense Packages Regression #14774 (Resolved): Lightsquid won't allow change the password.
I had the latest version of lightsquid 1.8.5 3.0.7_2.
Is not accepting new password for the user 'admin'.
It wo... Peter Moreno
12:15 PM Bug #14634: The default gateway icon is not updated when the default gateway is changed to none
>however the globe icon does remain even when the default gateway is set to None
yes, it is this. and default route ... yon Liu
12:11 PM Bug #14717: A default route can remain after setting the default gateway to None
frr has no setup ipv6 default gateway.so WAN pppoe auto setup default gateway in pfsense. yon Liu
12:07 PM Bug #14717: A default route can remain after setting the default gateway to None
my frr only has ipv6 bgp sessions, no ipv4 bgp session. frr has no setup ipv4 default gateway yon Liu
12:32 AM Bug #14717 (Feedback): A default route can remain after setting the default gateway to None
Marcos M
12:31 AM Bug #14717: A default route can remain after setting the default gateway to None
It's possible that frr is playing a part here - please try reproducing the issue with frr disabled or removed. For ex... Marcos M
12:10 PM Regression #14727 (Resolved): PCH Temperature missing from Thermal Sensors
Jim Pingle
01:09 AM Regression #14727: PCH Temperature missing from Thermal Sensors
23.09-DEVELOPMENT (amd64)
built on Thu Sep 07 06:05:43 UTC 2023
FreeBSD 14.0-ALPHA2
Confirm PCH temp is presented Ted Quade

09/11/2023

09:54 PM Bug #14634 (Feedback): The default gateway icon is not updated when the default gateway is changed to none
I tried replicating this on 2.8 dev. The default routes themselves are removed (see Diagnostics > Routes), however th... Marcos M
07:30 PM Feature #14746 (Feedback): Method for users to customize shell initialization behavior
Applied in changeset commit:61be9dccb422718ca85351795e64d9558a851658. Jim Pingle
07:28 PM Feature #14746: Method for users to customize shell initialization behavior
I just pushed a commit that implements "local" versions of @.profile@, @.shrc@, and @.tcshrc@ which are, respectively... Jim Pingle
07:27 PM Revision 490e61c2: Remove leftover debugging menu bypass. Issue #14746
It is not compatible with console autologin, so this shouldn't be kept in place. Jim Pingle
07:22 PM Revision 61be9dcc: Allow users to customize shell init behavior. Implements #14746
Jim Pingle
06:51 PM pfSense Plus Bug #14772 (New): PFsense Plus doesn't work with AWS new Instance Metadata Service (IMDSv2)
AWS has an updated version of their metadata service (IMDS) that is designed to add some defense-in-depth (see https:... Cameron Epp
06:00 PM Bug #8846 (Feedback): Misleading error message when adding/editing static routes which use a gateway on a disabled interface
Applied in changeset commit:ec5fca391c67d3f4453545efe862382d2c04bb4d. Jim Pingle
05:27 PM Bug #8846 (In Progress): Misleading error message when adding/editing static routes which use a gateway on a disabled interface
Jim Pingle
05:50 PM Revision ec5fca39: Try alt. way of validating route GW fam. Fixes #8846
The when passed a gaetway name, the function won't see a gateway
for a disabled interface as valid. Thus, since we ha... Jim Pingle
04:31 PM Regression #14768: "syslog: unknown facility name "radvd"" error when "Routing Daemon Events (RADVD, UPnP, RIP, OSPF, BGP)" option is enabled
Fixed, thanks, Marcos! Vladimir Suhhanov
04:15 PM Regression #14768: "syslog: unknown facility name "radvd"" error when "Routing Daemon Events (RADVD, UPnP, RIP, OSPF, BGP)" option is enabled
Applied in changeset commit:6aa3f8b5243d54ed48507df25d92e7a664856e1e. Marcos M
04:12 PM Regression #14768 (Feedback): "syslog: unknown facility name "radvd"" error when "Routing Daemon Events (RADVD, UPnP, RIP, OSPF, BGP)" option is enabled
Fixed with @6aa3f8b5243d54ed48507df25d92e7a664856e1e@. A @!@ was missing which denotes a program rather than a facility. Marcos M
04:08 PM Revision 6aa3f8b5: Correct program reference in syslog config. Fix #14768
Marcos M
03:57 PM pfSense Packages Regression #14739: PHP error with lightsquid when generating an SSL certificate
Fixed in commit @9be9459ba796313087ca34b63c3deee7f181faea@ it will be in the next snapshot builds. Jim Pingle
03:32 PM pfSense Packages Regression #14739 (In Progress): PHP error with lightsquid when generating an SSL certificate
The new fix wasn't quite right (has a couple incorrect variable references. New fix coming momentarily. Jim Pingle
03:56 PM pfSense Packages Bug #14771: Lightsquid creating multiple SSL certificates, not starting
I pushed a fix for this ( @52f6d98647b961eefa693ca3ab793785befd3a5d@ ), it should be available soon.
The fix could... Jim Pingle
03:47 PM pfSense Packages Bug #14771 (In Progress): Lightsquid creating multiple SSL certificates, not starting
I take that back, it's not related, but I fixed it when I fixed the other issue. Though when I fixed that, I used fun... Jim Pingle
03:40 PM pfSense Packages Bug #14771 (Duplicate): Lightsquid creating multiple SSL certificates, not starting
This is from the change in #14739 -- that one is still open (in feedback state) so I'm closing this and noting the fi... Jim Pingle
02:14 PM pfSense Packages Bug #14771 (Resolved): Lightsquid creating multiple SSL certificates, not starting
Hello we update lightsquid the latest version and we found that stop working.
Every time we try to access the repo... Peter Moreno
03:10 PM Bug #14767: Kernel textdumps are not recovered properly on systems with multiple swap partitions
Tested, works fine. Thanks, Jim.
 Vladimir Suhhanov
02:05 PM Bug #14767 (Feedback): Kernel textdumps are not recovered properly on systems with multiple swap partitions
Applied in changeset commit:17630ffa48e33def331a65ee50f1ba1d2c3a5de5. Jim Pingle
01:15 PM Bug #14767 (In Progress): Kernel textdumps are not recovered properly on systems with multiple swap partitions
The problem isn't with rc.dumpon, it's in rc.savecore.
The OS supports multiple dump devices and it can use them a... Jim Pingle
01:58 PM Revision 17630ffa: Check all dump devices for crash dumps. Fixes #14767
Jim Pingle
01:57 PM Todo #14769: Increase timeout for password entry when restoring an encrypted configuration via ECL
I will be back hopefully soon with confirmation. Chris Collins
12:34 PM Todo #14769 (Incomplete): Increase timeout for password entry when restoring an encrypted configuration via ECL
Exactly which method were they using to restore the encrypted config.xml?
Was it on a "USB drive during the instal... Jim Pingle
12:49 PM Bug #14518 (Closed): pfSense CrashLog on 2.7.0RC Upgrade
Jim Pingle
12:15 PM Feature #14047 (Resolved): Options to control Intel Speed Shift
Jordan G wrote in #note-11:
> I didn't see any gui toggle when testing 23.09-DEVELOPMENT-amd64-20230909-1856, I was ... Jim Pingle
01:28 AM Feature #14047: Options to control Intel Speed Shift
Jim Pingle wrote in #note-9:
> Applied in changeset commit:93f8b28797a2b618f96589c916128019231f027e.
Tested since... Ronald Schellberg
03:14 AM pfSense Packages Feature #14770: Search for addresses and ports optimization
I understand there is a note for admins to use regex style but there really should be a simplier way....
a seperate ... Mike Moore
02:57 AM pfSense Packages Feature #14770 (New): Search for addresses and ports optimization
The search field for source IP addresses requires a bit of optimization.
If you search for source IP 192.168.3.3 the... Mike Moore

09/10/2023

05:29 PM Bug #13707: Unbound not binding to LAN on startup when explicitly set
Now testing the SG-2100 with 23.05.1 for the similar setup but with multiple Wireguards instead of multiple OpenVPNs.... robotox sysadmin
03:46 PM Todo #14769 (Resolved): Increase timeout for password entry when restoring an encrypted configuration via ECL
Reporting on behalf of a friend, he installed 2.7.0 fresh using a password protected backup, as he was typing the pas... Chris Collins
03:32 PM pfSense Packages Bug #14748: FRR reload script is not executed properly
yes, Now any changes need to restart the frr service to take effect. yon Liu
08:21 AM Regression #14768 (Resolved): "syslog: unknown facility name "radvd"" error when "Routing Daemon Events (RADVD, UPnP, RIP, OSPF, BGP)" option is enabled
23.09 latest snapshot, go to Status/System Logs/Settings
find and enable “Routing Daemon Events (RADVD, UPnP, RIP, ... Vladimir Suhhanov
08:11 AM Bug #14767 (Resolved): Kernel textdumps are not recovered properly on systems with multiple swap partitions
ZFS guided auto-install, selected zfs-mirror, two disks.
As a result we have two swap partitions in fstab
@
# D... Vladimir Suhhanov
03:15 AM Regression #14138: Kernel Panic in ``rtsock_msg_mbuf``
All I can say is I haven’t seen it since the 23.05.01 upgrade. It’s not something I could directly trigger. Stephen Baines
01:56 AM Regression #14138: Kernel Panic in ``rtsock_msg_mbuf``
Stephen,
Can you please re-test on 23.05.1? The associated redmine is marked as Resolved for this release, so thi... Kris Phillips
02:34 AM Feature #14047: Options to control Intel Speed Shift
I didn't see any gui toggle when testing 23.09-DEVELOPMENT-amd64-20230909-1856, I was testing virtualized but it was ... Jordan G
02:11 AM Feature #13377: Option to configure a custom value for the PHP memory limit
still seeing a negative number suggested for the higher limit on system with <1gb RAM running 23.09-DEVELOPMENT-amd64... Jordan G
01:54 AM Bug #14518: pfSense CrashLog on 2.7.0RC Upgrade
This can be closed as the RC is now RELEASE and there doesn't appear to be any more issues. Kris Phillips
01:53 AM pfSense Packages Regression #14739: PHP error with lightsquid when generating an SSL certificate
Hello.
Does this bug is related to the error about lightsquid creating certs each we try to access the reports and w... Peter Moreno

09/09/2023

11:16 PM Feature #14766 (New): i225/i226 based NICs not recognized for CE install/virtualized instances freezing
Intel's information for i225/6 based network cards states they both require pcie gen 3.1 for interface. This requires... Jordan G
08:31 PM Bug #14579: PHP error in ``handle_wireless_post()`` when toggling some wireless interface options
Crash report begins. Anonymous machine information:
amd64
14.0-CURRENT
FreeBSD 14.0-CURRENT #1 RELENG_2_7_0-n25... Michael Pfsense
08:31 PM Bug #14579: PHP error in ``handle_wireless_post()`` when toggling some wireless interface options
I also have this problem when trying to take a wificard interface from SSID broadcast to no SSID broadcast on 2.7.0-R... Michael Pfsense
07:34 PM Feature #14765 (Rejected): DHCPv6 is limited to DUID and unable to consider IAID
In DHCPv6, the client identifier is not the MAC Address anymore. That concept is replaced with the DUID. If the same ... Jacques Bourdeau
07:08 PM pfSense Packages Regression #14764 (Confirmed): HAProxy local syslog not working
HAProxy package v0.63_1
Setting the syslog host to @/var/run/log@ in the HAProxy settings doesn't produce any entr... Michael Vincent

09/08/2023

10:45 PM pfSense Plus Regression #14171: High Availability Setup with Gateway to secondary pfSense not working - No Internet
The @-iface@ parameter is only specified if the gateway value is a MAC address ("source":https://github.com/pfsense/p... Marcos M
09:11 PM pfSense Packages Bug #14711: pfBlocker ASN to IP Address option doesn't work
It seems to be working again for me! Hayden Hill
07:49 PM pfSense Packages Feature #9833: ACME: add ability to use custom ACME server
+1 for me too. I'd like to set it up with FreeIPA 4.9 as it starts to support the ACME protocol for certificates. Ben Tyger
07:15 PM Todo #14750: Automatically configure PF states hash table size
Indeed I meant @net.pf.states_hashsize@. Marcos M
07:03 PM Todo #14750: Automatically configure PF states hash table size
Updating subject for release notes.
The original description here doesn't match what was committed. The commit is ... Jim Pingle
07:00 PM Regression #14569: ``bnxt(4)`` driver errors
Updating subject for release notes. Jim Pingle
06:59 PM Feature #14731: Unbound Advanced Settings entry for ``sock-queue-timeout``
Updating subject for release notes. Jim Pingle
05:09 PM pfSense Plus Bug #14763 (Rejected): Editing Static Routes
I can't reproduce this on 23.05.1 or elsewhere. There may be something specific in your setup that's contributing, bu... Jim Pingle
04:43 PM pfSense Plus Bug #14763 (Rejected): Editing Static Routes
Unable to edit static routes - when saving, the page tells you the route already exists as if it's trying to create a... Sean Huggans
04:48 PM Revision 94eaa720: Remove config.xml now that it is migrated to a port sysutils/pfSense-default-config*
Brad Davis
03:58 PM Feature #14047: Options to control Intel Speed Shift
Tested against:
pfSense release:... Danilo Zrenjanin
03:21 PM Bug #14758: ``status_carp.php`` and ``diag_dump_states.php`` unresponsive with large state tables
I believe the problem is that we're overflowing the size field in the DIOCGETSTATESV2 call, and that's causing confus... Kristof Provost
07:05 AM Bug #14758: ``status_carp.php`` and ``diag_dump_states.php`` unresponsive with large state tables
So the lack of kernel stack as well as the lack of truss output (reported on Slack) would point in the direction of t... Kristof Provost
02:42 PM Feature #14762 (New): Support X25519 and X448 public key algorithms in certificates
Currently there is no support for certificates using X25519 and X448 public keys. Importing certificates with such ke... Jim Pingle
01:42 PM Feature #14761: Select multiple config backups in history to delete
Pull request:
https://github.com/pfsense/pfsense/pull/4648 Phil Wardt
01:41 PM Feature #14761 (Pull Request Review): Select multiple config backups in history to delete
Add option to select multiple configs from the backup history so that they can be deleted at once
Report in GUI the ... Phil Wardt
05:39 AM pfSense Packages Bug #14748 (Confirmed): FRR reload script is not executed properly
I can confirm this behavior, the Frr keeps the neighbor config until the restart of the service
tested on
<pre... Lev Prokofev
02:05 AM pfSense Packages Feature #14539: Add support for Oracle Cloud Infrastructure (OCI) vNIC management to work with unicast CARP
Package PR: https://github.com/pfsense/FreeBSD-ports/pull/1291
With initial commit to introduce this capability. James George

09/07/2023

06:18 PM Todo #14732 (Resolved): Update Unbound to 1.18.0
Christian McDonald
05:07 PM Bug #9889: Cannot validate Certificates against Certificate Revocation Lists for Intermediate Certificate Authorities
Added to System Patches: https://github.com/pfsense/FreeBSD-ports/commit/ade361d4fbbaf4c40b55fdd0838e6b1594b5f801 Jim Pingle
04:39 PM Bug #9889 (Feedback): Cannot validate Certificates against Certificate Revocation Lists for Intermediate Certificate Authorities
We received a submission privately from "MalteHillmann":https://github.com/MalteHillmann with a fix for this. It's a ... Jim Pingle
04:07 PM pfSense Packages Bug #14760 (New): When RPKI is enabled for filtering, no upstream routes are received
When RPKI is enabled for filtering, no upstream routes are received.
route-map RPKI deny 20
match rpki invalid
... yon Liu
04:05 PM pfSense Plus Bug #14759 (Rejected): openvpn not show Client Certificate
This site is not for support or diagnostic discussion.
For assistance in solving problems, please post on the "Net... Jim Pingle
04:02 PM pfSense Plus Bug #14759 (Rejected): openvpn not show Client Certificate
openvpn not show Client Certificate,The previous pfsense version showed normal
23.09-DEVELOPMENT (amd64)
built on... yon Liu
03:46 PM pfSense Plus Bug #14752: PHP Request Shutdown: Cannot use output buffering in output buffering display handlers in Unknown on line 0
Fatal error: Allowed memory size of 536870912 bytes exhausted (tried to allocate 526385168 bytes) in /usr/local/www/s... yon Liu
02:57 PM Revision 109c8115: Remove pfSense-rc before moving it to ports
Brad Davis
02:53 PM Bug #14758: ``status_carp.php`` and ``diag_dump_states.php`` unresponsive with large state tables
Kristof Provost wrote in #note-2:
> Replicating what I said in Slack: it'd be good to attach truss to one of the pfc... Kris Phillips
07:26 AM Bug #14758: ``status_carp.php`` and ``diag_dump_states.php`` unresponsive with large state tables
Replicating what I said in Slack: it'd be good to attach truss to one of the pfctl processes, to see what it's doing.... Kristof Provost
12:21 AM Bug #14758: ``status_carp.php`` and ``diag_dump_states.php`` unresponsive with large state tables
The command run on the CARP status page shows the list of creator IDs for all sync'd states:... Steve Wheeler
12:12 AM Bug #14758 (Resolved): ``status_carp.php`` and ``diag_dump_states.php`` unresponsive with large state tables
When attempting to load the CARP Status Page or States Diagnostics page in pfSense Plus when there is 2-3 Million Sta... Kris Phillips
02:39 PM Revision 095d14fa: Add pfSense-default-config and pfSense-default-config-serial to the pkg list
Brad Davis
12:54 PM pfSense Packages Bug #14460: PHP Fatal error: Uncaught TypeError: Cannot access offset of type string on string in /usr/local/pkg/haproxy/haproxy.inc:2158
Will open issue in TAC asap.
Currently I don't have a GUI ... because the LE-Cert-Renewal fails because of the non-wo... Stefan Weichinger
12:52 PM pfSense Packages Bug #14460: PHP Fatal error: Uncaught TypeError: Cannot access offset of type string on string in /usr/local/pkg/haproxy/haproxy.inc:2158
Stefan Weichinger wrote in #note-12:
> I have a 2nd pfSense (SG1100) that also has HAproxy not starting.
> Should I... Jim Pingle
12:42 PM pfSense Packages Bug #14460: PHP Fatal error: Uncaught TypeError: Cannot access offset of type string on string in /usr/local/pkg/haproxy/haproxy.inc:2158
I have a 2nd pfSense (SG1100) that also has HAproxy not starting.
Should I open a new issue in TAC, may I post the r... Stefan Weichinger
12:40 PM Bug #14757: Special character encoding - crash on save / config restore
Hi,
the comment was in there bevore we updates to the new Version 2.7.0 not the 23.05.1.
Also the issue ocurred when... Alex G
10:44 AM Bug #14757: Special character encoding - crash on save / config restore
I couldn't reproduce that issue if I entered the same description for a group directly in the 23.05.1 release.
... Danilo Zrenjanin
07:31 AM pfSense Plus Regression #14378: Packages are not removed when using the hardware reset button
The issue persists on:... Danilo Zrenjanin
07:15 AM pfSense Plus Regression #14378: Packages are not removed when using the hardware reset button
The issue persists on :... Danilo Zrenjanin

09/06/2023

10:14 PM Bug #14757: Special character encoding - crash on save / config restore
The caracter in the description is encoded like this... Alex G
10:14 PM Bug #14757 (New): Special character encoding - crash on save / config restore
I have posted this in the forum and could verify / reproduce the problem.
I upgraded from version 2.6.0 to 2.7.0 and... Alex G
08:47 PM Bug #14756 (Resolved): Link loss causes interfaces configured as Track Interface for IPv6 to lose their IPv4 addresses
An interface configured as 'Track Interface' for IPv6 will lose it's static IPv4 address if the NIC link is brought d... Steve Wheeler
07:55 PM Bug #14609 (Feedback): Update check in GUI does not always honor the configured proxy settings
Applied in changeset commit:3c8a408116c01d74fd114d8cc143b0f550bf00c5. Jim Pingle
07:45 PM Bug #14609 (In Progress): Update check in GUI does not always honor the configured proxy settings
Jim Pingle
07:45 PM Revision 3c8a4081: Rewrite update_repos(). Fixes #14609
Rewrite update_repos() to use process_open() style execution with a full
pkg-style environment. This allows it to ful... Jim Pingle
06:30 PM pfSense Packages Feature #14032: Neighbor Discovery Proxy (NDproxy)
The port does not currently build on FreeBSD 14 according to:
https://gitlab.com/FreeBSD/freebsd-ports/-/commit/d738... Marcos M
06:21 PM Bug #13218 (Resolved): GIF-based interface MTU is assigned to parent interface on boot when parent interface is a LAGG
The patch fixes it.
I am marking this ticket resovled. Danilo Zrenjanin
06:17 PM Bug #13218: GIF-based interface MTU is assigned to parent interface on boot when parent interface is a LAGG
I reproduced the issue on the following version:... Danilo Zrenjanin
05:50 PM Bug #14717: A default route can remain after setting the default gateway to None
This problem also exists in pfsense 23.09 version. This also brings about a side problem. The local ISP wan pppoe ipv... yon Liu
05:35 PM Bug #12938 (Feedback): Incorrect warning from ``radvd`` about ``AdvRDNSSLifetime`` value
Applied in changeset commit:7dd12384e42233149d971a8a1333383eb4891ae5. Marcos M
05:34 PM Regression #14755: Intermittent core dump in ``ndp`` when visiting ``diag_ndp.php``

Just checked and both ndp -an and ndp -na work via the CLI, so regression limited to the GUI. For me the issue is n... Rob A
05:25 PM Regression #14755 (Resolved): Intermittent core dump in ``ndp`` when visiting ``diag_ndp.php``
In certain cases when visiting @diag_ndp.php@ the NDP table is empty and @ndp@ has dumped core:... Jim Pingle
05:22 PM Revision 7dd12384: Only log radvd level err and higher by default. Fix #12938
Previous behavior can be restored under System > Advanced > Networking Marcos M
05:17 PM Revision 70d588b8: Align indentation in syslogd conf file
Marcos M
05:11 PM Regression #14431: Sending IPv6 traffic on a disabled interface can trigger a kernel panic
Issue remains 'live' with 23.09 dev. Details of the first crash on this version, triggered this time by taking the W... Rob A
04:35 PM Regression #14431: Sending IPv6 traffic on a disabled interface can trigger a kernel panic
I have switched to 23.09 dev as that is where most of the activity is focused. I will monitor and update if this iss... Rob A
04:58 PM pfSense Plus Bug #14752: PHP Request Shutdown: Cannot use output buffering in output buffering display handlers in Unknown on line 0
It appeared when I visited the pfsense homepage, but I don’t know what it is related to.I'll report back to you as so... yon Liu
12:02 PM pfSense Plus Bug #14752 (Incomplete): PHP Request Shutdown: Cannot use output buffering in output buffering display handlers in Unknown on line 0
There isn't nearly enough information there to tell anything. We need to know how to reproduce it, the page it happen... Jim Pingle
10:19 AM pfSense Plus Bug #14752 (Incomplete): PHP Request Shutdown: Cannot use output buffering in output buffering display handlers in Unknown on line 0
amd64
14.0-ALPHA2
FreeBSD 14.0-ALPHA2 amd64 1400094 #1 plus-devel-main-n256133-bef8dca4536: Tue Sep 5 06:26:19 UTC... yon Liu
04:50 PM Todo #14750 (Feedback): Automatically configure PF states hash table size
Applied in changeset commit:5224e0b2416ac93b3562374fef1c3537f7af4003. Marcos M
04:49 PM Regression #14727 (Feedback): PCH Temperature missing from Thermal Sensors
Will be included in the next nightly snapshot Brad Davis
04:41 PM Revision 5224e0b2: Automatically configure the state hash tables size. Implement #14750
Marcos M
03:37 PM pfSense Docs Correction #14697 (Resolved): Need to fix TNSR examples recipes
Fixed, thanks!
You might have to clear your cache to pick up the images since the names are the same, I just correct... Jim Pingle
03:25 PM Feature #14731 (Feedback): Unbound Advanced Settings entry for ``sock-queue-timeout``
Applied in changeset commit:19f6d85f5c0401ebd849b50941fc81106e903d17. Marcos M
03:06 PM Feature #14731: Unbound Advanced Settings entry for ``sock-queue-timeout``
Changed from a subtask to "follows" otherwise this would prevent us from closing the Unbound update task until this w... Jim Pingle
02:59 PM Feature #14731: Unbound Advanced Settings entry for ``sock-queue-timeout``
Unbound has now been updated to 1.18.0, this is now ready to land Christian McDonald
02:58 PM Feature #14731 (Pull Request Review): Unbound Advanced Settings entry for ``sock-queue-timeout``
Christian McDonald
03:14 PM Revision 19f6d85f: Add unbound option sock-queue-timeout to the GUI. Implement #14731
Marcos M
02:58 PM Todo #14732 (Feedback): Update Unbound to 1.18.0
Christian McDonald
02:53 PM pfSense Packages Bug #14754: Snort security issue bug within tcp/UDP scan detection blocking tool DoS event
Please Note:
bugs@snort.org does not respond to any emails with the report listed above. If you are reading this ... Jonathan Lee
02:52 PM pfSense Packages Bug #14754: Snort security issue bug within tcp/UDP scan detection blocking tool DoS event
Per Netgate Security Team on August 25, 2023 at 5:17:05 AM PDT:
Hello,
The Snort package for pfSense software i... Jonathan Lee
02:50 PM pfSense Packages Bug #14754 (Not a Bug): Snort security issue bug within tcp/UDP scan detection blocking tool DoS event
*Version:*
Snort 4.1.6_8 built on pfSense plus Netgate 2100 appliance running an ARM processor. Package is prebuilt... Jonathan Lee
01:58 PM pfSense Packages Bug #14753: pfBlockerNG sync issues
Tested on pfSense 23.05.1 and pfBlocker 3.2.0_6 and can confirm such issue. aleksei prokofiev
01:50 PM pfSense Packages Bug #14753 (New): pfBlockerNG sync issues
pfBlockerNG sync user's password may cause sync issues and be recognised as an attacker by sshguard if it's password ... Georgiy Tyutyunnik
11:46 AM Bug #13687: Cannot add limiters named ``new``
Still the issue on the dev build... Lev Prokofev
08:57 AM Feature #14751 (New): OpenVPN CSO option to control duplicate connections per a specific client
It would be beneficial to have an option in the Client Specific Overrides to enable/disable duplicate connections per... Danilo Zrenjanin
08:11 AM Bug #13903 (Resolved): PPPoE Server address input validation is incorrectly allowing IPv6
The patch fixes the reported issue.
I am marking this case resolved. Danilo Zrenjanin

09/05/2023

09:35 PM Todo #14750 (Pull Request Review): Automatically configure PF states hash table size
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/1072 Marcos M
08:07 PM Todo #14750 (Resolved): Automatically configure PF states hash table size
See @net.pf.states_hashsize@ in pf(4):
> Size of hash tables that store states. Should be power of 2. Default value ... Marcos M
09:33 PM Feature #14731: Unbound Advanced Settings entry for ``sock-queue-timeout``
suggest changing the description on this to include "Unbound" Jim Thompson
08:27 PM Feature #12522: More GUI options for OpenVPN Client-Specific Overrides
I pushed a clean version for 2.7
Hope it can be reviewed
https://github.com/pfsense/pfsense/pull/4570
Preview link:... Phil Wardt
08:04 PM pfSense Packages Bug #14668: FRR BGP route is not making into kernel route table after WireGuard's peer change is applied
please upgrade pf23.09 and frr 8.5.2 for test yon Liu
07:58 PM pfSense Packages Bug #12951: FRR cannot remove IPv6 routes

https://github.com/FRRouting/frr/issues/14205
23.09-DEVELOPMENT (amd64)
built on Tue Sep 05 05:55:55 UTC 2023... yon Liu
07:57 PM pfSense Docs Todo #14749 (Duplicate): Feedback on pfSense® software Configuration Recipes — Connecting OpenVPN Sites with Conflicting IP Subnets
No need to open new duplicate issues, just reply on the old one. We can reopen if needed.
 Jim Pingle
07:55 PM pfSense Docs Todo #14749 (Duplicate): Feedback on pfSense® software Configuration Recipes — Connecting OpenVPN Sites with Conflicting IP Subnets
*Page:* https://docs.netgate.com/pfsense/en/latest/recipes/openvpn-nat-subnets-conflict.html
*Feedback:*
Please... Joshua Diamant
07:56 PM pfSense Docs Todo #14737: Feedback on pfSense® software Configuration Recipes — Connecting OpenVPN Sites with Conflicting IP Subnets
Those examples are meant to be that way, they are talking about entire subnets, not specific single addresses.
Esp... Jim Pingle
07:53 PM pfSense Docs Todo #14737: Feedback on pfSense® software Configuration Recipes — Connecting OpenVPN Sites with Conflicting IP Subnets
Hi @Jim Pingle - here are some examples
Site 0 - 10.1.1/24
Site 1 - 192.168.0/24 -> 10.10.1/24
Site 2 - 192.168.... Joshua Diamant
07:23 PM pfSense Docs Todo #14737 (Rejected): Feedback on pfSense® software Configuration Recipes — Connecting OpenVPN Sites with Conflicting IP Subnets
I reviewed the examples on that page and the addresses appear to line up properly as far as I can see.
There are t... Jim Pingle
07:51 PM Feature #13377: Option to configure a custom value for the PHP memory limit
Should allow the user to fill in the PHP memory according to the total memory capacity of the server yon Liu
07:39 PM pfSense Packages Bug #14748 (Feedback): FRR reload script is not executed properly
I deleted frr Neighbors through webgui, but it was not deleted in frr.
That is, the deletion operation through pf... yon Liu
07:13 PM pfSense Docs Todo #14656 (Resolved): Feedback on Interface Types and Configuration — LAGG (Link Aggregation)
Info added and deployed:
https://gitlab.netgate.com/docs/pfSense-docs/-/commit/39557bb6ad5049c1b84dfec335612fdc7b7... Jim Pingle
06:36 PM pfSense Docs New Content #14647 (Resolved): Add a note for ixgbe linking at NBase-T
Info added and deployed
https://gitlab.netgate.com/docs/pfSense-docs/-/commit/2923a008b428795aa6651ea95b227ae8a5cb... Jim Pingle
05:12 PM pfSense Packages Bug #14711: pfBlocker ASN to IP Address option doesn't work
For those looking for a workaround for now I found this. Can use it to pull a JSON.
https://github.com/ipverse/asn-ip Hayden Hill
02:12 AM pfSense Packages Bug #14711: pfBlocker ASN to IP Address option doesn't work
I can confirm this is an issue. ASN lookup no longer working for me. Hayden Hill
03:45 PM Regression #14736 (Feedback): Unable to select PFS Group for individual Phase 2 configurations if Mobile Client global override is not selected
Applied in changeset commit:f2031838067f36195c632b210bd903578789c0ef. Jim Pingle
03:37 PM Regression #14736 (In Progress): Unable to select PFS Group for individual Phase 2 configurations if Mobile Client global override is not selected
Jim Pingle
03:35 PM Revision f2031838: Correct Mobile IPsec P2 PFS. Fixes #14736
Jim Pingle
03:30 PM Regression #14500 (Feedback): PHP Error when viewing Traffic Graphs in ``iftop`` mode
Applied in changeset commit:71f360de9043c64a999c6b47003099ee59a5a132. Jim Pingle
03:20 PM Regression #14500 (In Progress): PHP Error when viewing Traffic Graphs in ``iftop`` mode
Jim Pingle
03:21 PM Revision 71f360de: PHP cleanup in bandwidth_by_ip.inc. Fixes #14500
Jim Pingle
12:43 PM pfSense Plus Bug #14467: Temperature sensor reading is abnormally high on some systems
PCH isn't there on dev snaps because of #14727 Jim Pingle
12:42 PM Bug #14744 (Rejected): Documentation bug: Remote access VPN example
Sounds like both of those points are specific to your config/use case and not as described in the docs exactly. The W... Jim Pingle
12:39 PM Feature #14746: Method for users to customize shell initialization behavior
I thought we already had an open feature request for this but I don't see it.
Rather than trying to accommodate so... Jim Pingle
12:35 PM pfSense Packages Bug #14747 (Needs Patch): softflowd sending same data with different snmp versions
That looks like something specific to the behavior of the daemon which is out of our control (unless there is a CLI/c... Jim Pingle
07:43 AM Bug #13707: Unbound not binding to LAN on startup when explicitly set
Hi,
I now have an SG-2100 with 23.05.1 for the same setup and still the same problem.
Unbound fails to start as I h... robotox sysadmin

09/04/2023

11:36 PM pfSense Packages Bug #14747: softflowd sending same data with different snmp versions
It seems that the problem is related to VLAN interfaces.
I've been doing some tests and if you set softflowd to coll... Marcelo Cury
06:32 PM pfSense Packages Bug #14747: softflowd sending same data with different snmp versions
upstream bug reported:
https://github.com/irino/softflowd/issues/51 Marcelo Cury
06:05 PM pfSense Packages Bug #14747 (Needs Patch): softflowd sending same data with different snmp versions
My environment:
SG-4100 23.05.1, packages up to date and System patches applied.
sotflowd running on LAN, WIFI an... Marcelo Cury
06:29 PM Revision b3c3e114: Removed unnecessary business logic for CD/DVD drives
Tanner
12:40 PM pfSense Packages Feature #14712: CrowdSec package
Hi!
The package is ready for public testing.
Three things to read:
- the short repository readme - https://... Marco Mariani
12:21 PM Feature #14746 (Resolved): Method for users to customize shell initialization behavior
The .tcshrc file is created at every boot from /etc/skel/dot.tcshrc so to make changes persistent that file must be e... Steve Wheeler
05:56 AM pfSense Packages Bug #14745 (New): haproxy: backend, SSL health check
During testing with a backend HTTPS server, I wanted to test if the SSL health check would work; it did not.
So, I d... Stephen Trotter
01:33 AM pfSense Packages Feature #14468: pass along ntopng professional license key
Just an update to say I have now successfully installed NTOPNG Pro version, via console, and licensed it on latest ve... Russ Reynolds

09/03/2023

08:04 PM Bug #14744 (Rejected): Documentation bug: Remote access VPN example
I recently looked at https://docs.netgate.com/pfsense/en/latest/recipes/wireguard-ra.html to set up remote access wit... Chris Gelatt
04:22 AM pfSense Plus Feature #12546: Add 2FA Support to pfSense Plus Local Database Authentication
Redmine created for separate feature request: https://redmine.pfsense.org/issues/14743
 Kris Phillips
04:19 AM pfSense Plus Feature #12546: Add 2FA Support to pfSense Plus Local Database Authentication
jeffrey Smith wrote in #note-4:
> Can we please add support for passkeys into default accounts for pfsense.
>
> A... Kris Phillips
04:21 AM pfSense Plus Feature #14743 (New): Add Passkey/Certificate-based Authentication
pfSense Plus's webConfigurator is currently limited in authentication for local auth, requiring third party implement... Kris Phillips
04:12 AM pfSense Plus Bug #14467: Temperature sensor reading is abnormally high on some systems
This command doesn't appear to work on Cordoba-based platforms, but I believe there is a PCH for the NVME interfaces,... Kris Phillips
03:24 AM Bug #14621 (Resolved): Rule separators are hidden when their index is greater than the number of rules

tested by adding 4 separators and 2 rules ., all rule and separators are displayed.
23.09.a.20230902.0133 Alhusein Zawi

09/02/2023

10:52 PM Bug #14684 (Confirmed): Allowed IP Address does not control incoming speed in captive portal, PF Sense Release 2.7 Latest
Chris W
05:24 PM Bug #14684: Allowed IP Address does not control incoming speed in captive portal, PF Sense Release 2.7 Latest
What I see on both 2.7 and 23.05.1 that applying an upload bandwidth limitation for Allowed IP Addresses has little e... Chris W
08:18 PM Bug #14742 (Resolved): Several PHP errors in upgrade_config.inc
This file still needs to be updated to use the new accessor methods, as several errors are still occurring with certa... Christopher Cope
07:36 PM Feature #13245 (Resolved): Type column on Alias lists

"Type" column is added and it looks good.
23.09.a.20230902.0133 Alhusein Zawi
07:12 PM pfSense Packages Bug #14659: vlan (add/modify/delete) with pfblockerNG installed - all interfaces flap
This is still an issue but I have a feeling it’s related to 14484
Edit any interface will lead to a reconfiguration ... Mike Moore
05:33 PM pfSense Packages Bug #14659: vlan (add/modify/delete) with pfblockerNG installed - all interfaces flap
do you still see this flapping issue after removing or correcting the unresolvable source/destination alias messages ... Jordan G
06:46 PM Feature #3288 (Resolved): Support interface macros in Outbound NAT rules
Alhusein Zawi
03:50 PM Bug #14083: Adding MSS and MTU values on a LAGG VLAN interface breaks connectivity
I seem to also be able to reproduce this behavior using the ix interfaces on cordoba platform to create a LAGG (LACP)... Jordan G
03:41 PM Bug #14741: PHP error in DNS Forwarder host overrides when the language is set to French
can confirm bug using above steps. spot checked various other languages and was unable to find this issue occurring o... Jordan G
11:03 AM Bug #14741: PHP error in DNS Forwarder host overrides when the language is set to French
Can confirm that bug
Tested on ... Lev Prokofev
10:26 AM Bug #14741 (New): PHP error in DNS Forwarder host overrides when the language is set to French
A PHP error occur when a user try to add or modify Host Override in DNS Forwarder module... Nicolas PISTER
07:11 AM pfSense Packages Feature #14629 (Resolved): Add option control LCDProc ``syslog`` behavior
Tested the package version:... Danilo Zrenjanin
02:40 AM Regression #14740 (Resolved): Outbound NAT pool options are hidden when a subnet VIP is selected
Fixed with @1b4cdce8ef452d0d8073b3621ab1a4139cd0dd91@. Marcos M
02:10 AM Regression #14740 (Resolved): Outbound NAT pool options are hidden when a subnet VIP is selected
When an outbound NAT rule contains a subnet VIP as the target address, the pool options should be configurable; curre... Marcos M
02:37 AM Revision 1b4cdce8: Show outbound NAT pool options with subnet VIPs. Fix #14740
Marcos M
02:37 AM Revision 4633ef11: Specify specialnet flags when checking oNAT rules.
If the flags are not specified and an oNAT rule has a source/destination
address that is also a VIP, the address is h... Marcos M

09/01/2023

06:23 PM pfSense Packages Regression #14739 (Feedback): PHP error with lightsquid when generating an SSL certificate
Should be fixed in commit @11ed1711e84357241c044c82e7f2be7186375e75@ (https://github.com/pfsense/FreeBSD-ports/commit... Jim Pingle
05:40 PM pfSense Packages Regression #14739 (Resolved): PHP error with lightsquid when generating an SSL certificate
... Marcos M
04:24 PM pfSense Packages Bug #14406 (Feedback): Squid Proxy version 0.4.46 Missing Error subfolder and files for "en" or "en-usa" and all other languages.
I tested this on 23.09 dev snapshots and I'm not able to replicate the issue. The files are in the directory:
{{co... Marcos M
04:20 PM Bug #14738 (Feedback): IPsec restart in CARP event scripts does not check VIP properly and never runs
Applied in changeset commit:fcd5e10a67ac9a67cc7116ea1a314aaea225c699. Jim Pingle
04:10 PM Bug #14738 (Resolved): IPsec restart in CARP event scripts does not check VIP properly and never runs
The IPsec interface VIP check in @rc.carpmaster@ and @rc.carpbackup@ is not checking the VIP presence properly and th... Jim Pingle
04:10 PM Revision fcd5e10a: Correct CARP event IPsec VIP tests. Fixes #14738
Jim Pingle
02:49 PM pfSense Docs Todo #14737 (Rejected): Feedback on pfSense® software Configuration Recipes — Connecting OpenVPN Sites with Conflicting IP Subnets
*Page:* https://docs.netgate.com/pfsense/en/latest/recipes/openvpn-nat-subnets-conflict.html
*Feedback:*
thro... Joshua Diamant
12:28 PM Revision 378c8692: Show value of Speed Shift preference. Issue #14047
Adds the ability to display the underlying value of range (slider)
controls, and activates this for the Speed Shift e... Jim Pingle
09:08 AM pfSense Packages Bug #14730: FreeRADIUS package has wrong/old internal_name specified in backup xml causing package reinstall failure on backup restore
Let me try give you more info to reproduce. We have the issue on many devices not just one. We also had this issue on... Luca Piccirillo
07:45 AM Feature #14726 (Resolved): Show IPsec phase 1 authentication type in Mode column of tunnel list
The patch has been applied successfully, and after reviewing the changes, they look great and useful.
!clipboard-20... Danilo Zrenjanin
06:54 AM pfSense Packages Bug #14733: CARP Master before HA Proxy is started
Hi Jim,
Thanks for the quick response and suggestion. Changing the WebUI port makes sense to get rid of the confli... Christopher de Haas
06:48 AM pfSense Packages Bug #13405: Wireguard: The webgui becomes excessively slow to respond with a large number of peers
I can also confirm this, but its happening to me with only some Peers (exactly, 4 tunnels, about 10 peers in total) I... David Martin
06:26 AM Regression #14735 (Confirmed): ``arp`` command is not filtering output as expected, behavior changed in FreeBSD
Ok. I replicated the issue on:... Danilo Zrenjanin

08/31/2023

09:50 PM Revision f98a499e: Added CD/DVD search to ECL
Tanner
08:25 PM Feature #14047 (Feedback): Options to control Intel Speed Shift
Applied in changeset commit:93f8b28797a2b618f96589c916128019231f027e. Jim Pingle
08:16 PM Revision 93f8b287: Intel Speed Shift support. Implements #14047
GUI controls only appear on hardware that supports Speed Shift. Jim Pingle
06:45 PM Regression #14736 (Confirmed): Unable to select PFS Group for individual Phase 2 configurations if Mobile Client global override is not selected
I saw that the other day as well but hadn't got around to trying it again or creating a redmine. Probably some logic ... Jim Pingle
06:35 PM Regression #14736 (Resolved): Unable to select PFS Group for individual Phase 2 configurations if Mobile Client global override is not selected
In the currently nightly snapshot, I'm unable to select a PFS group for an individual Phase 2 configuration unless th... Kev Kitchens
05:37 PM Regression #14719 (Resolved): IPv4+IPv6 outbound NAT rule expands to invalid rule set
After applying the patch, the same rule set loads without any issues.... Danilo Zrenjanin
05:32 PM Regression #14719 (Confirmed): IPv4+IPv6 outbound NAT rule expands to invalid rule set
I can confirm this behavior on the:... Danilo Zrenjanin
05:21 PM Regression #14735: ``arp`` command is not filtering output as expected, behavior changed in FreeBSD
Seems to be a regression on 23.09 Christian McDonald
05:20 PM Regression #14735: ``arp`` command is not filtering output as expected, behavior changed in FreeBSD
I couldn't reproduce it on 23.05.1
!clipboard-202308311919-cliyy.png!
It pulled the MAC address from my MacOS inter... Danilo Zrenjanin
03:15 PM Regression #14735 (Resolved): ``arp`` command is not filtering output as expected, behavior changed in FreeBSD
Christian McDonald
05:16 PM pfSense Packages Bug #14406: Squid Proxy version 0.4.46 Missing Error subfolder and files for "en" or "en-usa" and all other languages.
"2Amos Jeffries 2023-08-29 18:26:02 UTC
AFAICT "0.4.46" is the version number of the pfsense plugin used to integra... Jonathan Lee
02:43 PM pfSense Packages Bug #14733 (Not a Bug): CARP Master before HA Proxy is started
Sounds like you have something misconfigured. You are trying to bind two things to the same port on the same address ... Jim Pingle
11:09 AM pfSense Packages Bug #14733 (Not a Bug): CARP Master before HA Proxy is started
Pfsense becomes CARP master before HA proxy is started. This is a significant problem and causes unneeded outages. Wh... Christopher de Haas
02:02 PM Bug #14734: Alias FQDN resolving issue results in incomplete tables
btw, might be related to https://redmine.pfsense.org/issues/9296 Robert Gijsen
01:59 PM Bug #14734 (New): Alias FQDN resolving issue results in incomplete tables
In CE 2.7.0, there are still issues when FQDN are used in aliasses. Vonsider an alias with 3 entries, 2 static IP's a... Robert Gijsen
09:21 AM Bug #14394 (Resolved): PHP error in CSRF Magic from invalid time value
The issue occurred only once on a customer's appliance and has not been reported by anyone else yet.
The patch min... Danilo Zrenjanin
09:02 AM pfSense Packages Bug #14730: FreeRADIUS package has wrong/old internal_name specified in backup xml causing package reinstall failure on backup restore
Just checked on pfSense 2.7.0
Backup version is the same as yours.
internal_name is still there as before.
Not sure ... Luca Piccirillo
06:41 AM pfSense Packages Bug #14730: FreeRADIUS package has wrong/old internal_name specified in backup xml causing package reinstall failure on backup restore
I couldn't reproduce this issue on the:... Danilo Zrenjanin
07:24 AM pfSense Packages Bug #14670 (Resolved): net-snmp does not ignore /var/unbound/dev
The latest release 0.1.5_11 contains the ignoreDisk directive for /var/unbound/dev ... Danilo Zrenjanin
06:39 AM pfSense Plus Feature #11920: SAML Authentication for pfSense (VPN and webConfigurator)
Have been told in https://forum.netgate.com/topic/182512/login-security-phishing-resistant-mfa/ that this was discuss... jeffrey Smith
01:20 AM Bug #12938 (Pull Request Review): Incorrect warning from ``radvd`` about ``AdvRDNSSLifetime`` value
The warning can be ignored. It is shown due to the current radvd version not taking RFC8106 into account. A fix has b... Marcos M

08/30/2023

09:01 PM pfSense Packages Bug #14108: Antivirus Bases showing outdated main.cvd with a version dated year 2021
Also confirmed via Andrew C. Aitchison of ClamAV users support email system.
"It is a very big file and stores the... Jonathan Lee
07:47 PM Feature #14047 (In Progress): Options to control Intel Speed Shift
Jim Pingle
07:07 PM Todo #14732 (Resolved): Update Unbound to 1.18.0
Christian McDonald
06:15 PM Feature #14731 (Waiting on Merge): Unbound Advanced Settings entry for ``sock-queue-timeout``
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/1068 Marcos M
06:10 PM Feature #14731 (Resolved): Unbound Advanced Settings entry for ``sock-queue-timeout``
@sock-queue-timeout@ was introduced in unbound 1.18.0.
https://unbound.docs.nlnetlabs.nl/en/latest/manpages/unboun... Marcos M
05:34 PM Bug #13555: When WAN is lost, ipv6 interface will not renew upon WAN availability
Happened again early hours of the morning for me. VZ carried out a brief interruption to service, v4 lease comes back... quiet lion
04:53 PM pfSense Plus Feature #12546: Add 2FA Support to pfSense Plus Local Database Authentication
Can we please add support for passkeys into default accounts for pfsense.
Apple and Microsoft are adding native su... jeffrey Smith
04:30 PM Bug #11548 (Closed): "rule expands to no valid combination" error from port forward automatic rule mixing IPv4 and IPv6 elements
It doesn't seem possible for a rule that causes this error to be added in the GUI since input validation would catch ... Marcos M
02:12 PM pfSense Packages Feature #8547: fwknop Port Knocking Package
I'm willing to chip in, help code this myself or hire someone to develop this. Either way I'd like to see this packa... Alan V
02:09 PM pfSense Packages Feature #8547: fwknop Port Knocking Package
I really want to see this as well. I'll explain why people want fwknop or at the minimum knockd support...
Fwknop... Alan V
12:49 PM pfSense Packages Bug #14722 (Duplicate): Snort Rule Update time settings does not create cron job correctly with certain times
Jim Pingle
12:49 PM pfSense Packages Bug #14724 (Resolved): Suricata package incorrectly accounts for 24-hour rollover when creating automated rules update cron task and a 12-hour update interval is selected
PR merged, thanks! Jim Pingle
12:49 PM pfSense Packages Bug #14723 (Resolved): Snort package incorrectly handles rollover from 23 to 00 hours when calculating rules update cron task times
PR merged, thanks! Jim Pingle
11:14 AM pfSense Packages Bug #14730 (New): FreeRADIUS package has wrong/old internal_name specified in backup xml causing package reinstall failure on backup restore
When backing up with package info included:... Luca Piccirillo

08/29/2023

10:57 PM Bug #13555: When WAN is lost, ipv6 interface will not renew upon WAN availability
I am on 23.09.a.20230826.1731...
Just did some more captures and am not seeing any solicitations or any other rand... Mike McV
10:19 PM Bug #13555: When WAN is lost, ipv6 interface will not renew upon WAN availability
Perhaps it's related to / caused by #13423. If possible, try testing it on 23.09 dev snapshots. Marcos M
07:59 PM Bug #13555: When WAN is lost, ipv6 interface will not renew upon WAN availability
I have the same issue and have spent some time looking in to it. It looks to be more related to RADVD/NDP than DHCP6.... Mike McV
10:30 PM Bug #14725 (Feedback): Primary IPv6 interface address may be incorrect when a ULA is set
Applied in changeset commit:35b6dbe65cdff7d96008554ffafdd1b047b3f3fc. Marcos M
03:09 PM Bug #14725 (Pull Request Review): Primary IPv6 interface address may be incorrect when a ULA is set
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/1067 Marcos M
07:41 PM pfSense Packages Bug #14108 (Rejected): Antivirus Bases showing outdated main.cvd with a version dated year 2021
2021 is the most recent main.cvd/main.cld file from ClamAV directly. The daily file gets updated more regularly.
F... Jim Pingle
06:40 PM pfSense Packages Bug #14108: Antivirus Bases showing outdated main.cvd with a version dated year 2021
From Squid and indirectly also c-icap upstream(s):
Neither Squid nor c-icap have anything to do with the ClamAV dat... Amos Jeffries
06:31 AM pfSense Packages Bug #14108: Antivirus Bases showing outdated main.cvd with a version dated year 2021
https://bugs.squid-cache.org/show_bug.cgi?id=5297
Bug zilla ticket also open for Squid side for more visibility of... Jonathan Lee
05:41 PM pfSense Docs New Content #14647: Add a note for ixgbe linking at NBase-T
Confirmed as working on an X550-T: https://forum.netgate.com/post/1122962 Steve Wheeler
03:43 PM Regression #14727: PCH Temperature missing from Thermal Sensors
Looks like we had @pchtherm.ko@ on the previous release but it's not in current builds. Jim Pingle
02:34 AM Regression #14727 (Resolved): PCH Temperature missing from Thermal Sensors
PCH temperature was present in 23.05 and probably introduced in that version. Ted Quade
03:21 PM Bug #14717: A default route can remain after setting the default gateway to None
!https://i.imgur.com/QAReNOq.jpg!
!https://i.imgur.com/XIMRavl.jpg! yon Liu
03:07 PM Revision 35b6dbe6: Prioritize the first GUA when selecting the primary IPv6 address. Fix #14725
Marcos M
02:40 PM Regression #14719 (Feedback): IPv4+IPv6 outbound NAT rule expands to invalid rule set
Applied in changeset commit:3ac7816f637b54cb4fb958fa0a439c147e13baff. Marcos M
02:31 PM Revision 3ac7816f: Validate mixed address family for outbound NAT rules. Fix #14719
Marcos M
01:54 PM pfSense Packages Feature #14729 (New): OpenVPN Client Export - Support PLAP on Windows
OpenVPN 2.6 for Windows introduced support for PLAP (Pre-Logon Access Provider). With this support, users get a new i... Pablo Bendersky
06:36 AM pfSense Packages Bug #14341: Squid Cache Table Logs Showing incorrect date
https://bugs.squid-cache.org/show_bug.cgi?id=5298
Added to bugzilla for Squid for more support visibility Jonathan Lee
06:21 AM pfSense Packages Bug #14406: Squid Proxy version 0.4.46 Missing Error subfolder and files for "en" or "en-usa" and all other languages.
https://bugs.squid-cache.org/show_bug.cgi?id=5296
Bugzilla Squid ticket now open for more Squid support visibility. Jonathan Lee
03:25 AM Feature #14728 (Resolved): Support for CD/DVD drives in the External Configuration Locator (ECL)
In the Hyper-V environment, there's an observed behavior where pfSense does not appear to search for ... Tanner H

08/28/2023

07:55 PM Feature #14726 (Feedback): Show IPsec phase 1 authentication type in Mode column of tunnel list
Applied in changeset commit:52c5417c4b38477b8a835c997f815b52089da5d0. Jim Pingle
07:45 PM Feature #14726 (Resolved): Show IPsec phase 1 authentication type in Mode column of tunnel list
IKEv2 is much more common than IKEv1 these days so the "Mode" column is nearly always blank since it's irrelevant to ... Jim Pingle
07:43 PM Revision 52c5417c: Show IPsec P1 auth in list. Implements #14726
While here, pluralize "Mobile Client" label on mobile P1 since it's
inconsistent with other usages in the IPsec GUI. Jim Pingle
06:52 PM Bug #14725 (In Progress): Primary IPv6 interface address may be incorrect when a ULA is set
Marcos M
06:11 PM Bug #14725 (Resolved): Primary IPv6 interface address may be incorrect when a ULA is set
The previous behavior of using the first IPv6 non-LL address as the primary interface address was restored with https... Marcos M
05:50 PM Regression #14719 (Pull Request Review): IPv4+IPv6 outbound NAT rule expands to invalid rule set
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/1066 Marcos M
04:10 PM Regression #14719 (In Progress): IPv4+IPv6 outbound NAT rule expands to invalid rule set
Marcos M
03:14 PM Regression #14719: IPv4+IPv6 outbound NAT rule expands to invalid rule set
Not specific to Plus.
Probably related to #3288 or other recent changes in that area by Marcos. Jim Pingle
05:15 PM pfSense Packages Bug #14722: Snort Rule Update time settings does not create cron job correctly with certain times
This is a duplicate of bug 14723. My report of the user-identified issue and the acutal user's report of the same iss... Bill Meeks
04:37 PM pfSense Packages Bug #14722 (Duplicate): Snort Rule Update time settings does not create cron job correctly with certain times
What happens is that when a combination of update interval and hour is set that adds up to 24, the script that create... Benjamin McRobert
05:13 PM pfSense Packages Bug #14724: Suricata package incorrectly accounts for 24-hour rollover when creating automated rules update cron task and a 12-hour update interval is selected
Pull Request 1289 (https://github.com/pfsense/FreeBSD-ports/pull/1289) has been submitted to correct this issue. This... Bill Meeks
04:44 PM pfSense Packages Bug #14724 (Resolved): Suricata package incorrectly accounts for 24-hour rollover when creating automated rules update cron task and a 12-hour update interval is selected
The Suricata package GUI incorrectly adjusts the starting hour for the automated rules update cron task when the user... Bill Meeks
05:12 PM pfSense Packages Bug #14723: Snort package incorrectly handles rollover from 23 to 00 hours when calculating rules update cron task times
Pull Request 1288 (https://github.com/pfsense/FreeBSD-ports/pull/1288) has been submitted to resolve this issue.
T... Bill Meeks
04:38 PM pfSense Packages Bug #14723 (Resolved): Snort package incorrectly handles rollover from 23 to 00 hours when calculating rules update cron task times
The Snort package incorrectly adjusts the rollover from 23:xx hours to 00:xx hours when creating the cron task for au... Bill Meeks
04:01 PM pfSense Packages Bug #13432: ups driver will not start
I started having similar issue after upgrade to 2.7.0 (was working before)
got notices and saw "upsmon" giving "fail... Tom Bauer
02:29 PM Revision 936aa9ba: services.inc: ensure dhcpd devfs is only ever mounted one time
Christian McDonald
02:28 PM Revision fd391b0c: services.inc: ensure dhcpd devfs is only ever mounted one time
Christian McDonald
01:02 PM pfSense Packages Bug #14426 (Resolved): PHP errors in Lightsquid
The PR was merged. Jim Pingle
12:31 PM Todo #14011: Update memory graphs to account for changes in memory reporting
It's already correct in the repository and has been since March, you maybe accidentally reverted that change at some ... Jim Pingle
12:26 PM Regression #14635 (Resolved): "Legacy" strength PKCS#12 Export needs ``-legacy`` provider parameter on OpenSSL command
Looks good. When it failed it produced no file to download for the 'legacy' option at all, not even a 0-byte file.
 Jim Pingle
12:24 PM pfSense Plus Bug #14720 (Duplicate): Traffic Graph Does Not Update For OpenVPN Interface When DCO Is Enabled
Seems like a duplicate of #14531
It's known/expected that in some cases DCO can't get traffic stats. Jim Pingle
12:23 PM Feature #13124 (Resolved): Option to wait for interface selection before displaying firewall rules
Jim Pingle
12:22 PM Todo #14686 (Resolved): Check for deprecated OpenVPN encryption and digest options on upgrade
The list of current algorithms is pulled dynamically from OpenVPN/OpenSSL, so if it's in the list on a current snapsh... Jim Pingle
12:21 PM Regression #14713 (Resolved): Mobile IPsec not allocating address to connecting clients on dev snapshots
Jim Pingle
12:18 PM pfSense Plus Bug #14721 (Rejected): disable / enable interface
There are very few details here and I don't see anything unexpected in that log, it's restarting things that use the ... Jim Pingle
11:39 AM pfSense Plus Bug #14721 (Rejected): disable / enable interface
when disable / enable gre interface, flap all other interface. Evgeny Korostelev
12:07 PM Bug #13729 (Resolved): Gateways stuck in Unknown status
Tested on several pfSense versions: 21.02_2, 22.05, 23.05_1 and 2.7
I was able to reproduce this issue on 21.02_2.
W... Azamat Khakimyanov
06:44 AM Bug #9296: Alias content is sometimes incomplete when an alias contains both FQDN and IP address entries
Unfortunately, the exact thing happened again in 2.7.0 for us over the weekend. We use an external spamfilter where m... Robert Gijsen

08/27/2023

11:31 PM Todo #14011: Update memory graphs to account for changes in memory reporting
Hello I wanted to give a heads up for 23.09.
I had to reapply this with 23.05 the error came back.
Jim sent t... Jonathan Lee
08:20 PM Regression #14635: "Legacy" strength PKCS#12 Export needs ``-legacy`` provider parameter on OpenSSL command

% openssl pkcs12 -legacy -info -in HA+OpenVPN+Server-Legacy.p12
MAC Iteration 2048
MAC verified OK
PKCS7 Encrypted d... Chris Linstruth
06:29 PM pfSense Plus Bug #14720 (Duplicate): Traffic Graph Does Not Update For OpenVPN Interface When DCO Is Enabled
Related forum thread:
https://forum.netgate.com/topic/182465/traffic-from-openvpn-interface-not-updating-on-traffi... Timo M
05:30 PM Bug #12959: dhcplease process wrongly update host file if client-hostname is empty
I wasn't able to reproduce it on 2.5 or 2.6 or 2.7
When I enabled 'don't send hostname' option on my Ubuntu PCs, a... Azamat Khakimyanov
03:36 PM Bug #12849: pfsync kernel crash on reboot
Backtrace for those searching redmine:... Steve Wheeler
03:03 PM Feature #13124: Option to wait for interface selection before displaying firewall rules
Tested on:
23.09-DEVELOPMENT (amd64)
built on Sat Aug 26 17:37:15 UTC 2023
FreeBSD 14.0-ALPHA2
Looks good. Chris Linstruth
12:35 PM Regression #14719 (Resolved): IPv4+IPv6 outbound NAT rule expands to invalid rule set
A misconfigured outbound NAT rule that used to load now stops pf from loading the rule set.
First seen on:
23.09-... Chris Linstruth
08:05 AM pfSense Packages Feature #9916 (Resolved): Check allow-transfer in custom option when the zone is slave
Tested on 23.05_1
Allow-transfer option check was added and there wasn't any bind error if I add this option into Cu... Azamat Khakimyanov
05:21 AM pfSense Packages Feature #14710: Possible Idea for new firewall feature "ACL CONNECTED RED LED FLAG FEATURE"

Different way to iterate the variable for multiple cases
You can also use the the case command to iterate over t... Jonathan Lee
02:25 AM Feature #13377: Option to configure a custom value for the PHP memory limit
Chris W wrote in #note-19:
> Systems with 1GB or less of RAM show a negative number as the hinted maximum adjusted va... Christopher Cope
12:53 AM Feature #13377: Option to configure a custom value for the PHP memory limit
Systems with 1GB or less of RAM show a negative number as the hinted maximum adjusted value. The screenshot is taken ... Chris W
12:05 AM Feature #13377: Option to configure a custom value for the PHP memory limit
Tested on... Christopher Cope
01:15 AM Feature #3288: Support interface macros in Outbound NAT rules

source/destination (of outbound NAT) show predefined subnets (LAN/WAN)
23.09.a.20230825.1302
 Alhusein Zawi
12:06 AM Todo #14686: Check for deprecated OpenVPN encryption and digest options on upgrade
I used the wizard to make an OpenVPN server in 23.05, then manually:
- Confirmed all the algorithm choices listed ab... Chris W

08/26/2023

11:57 PM pfSense Packages Regression #13817: pfBlockerNG-devel cron jobs persist after the service is disabled or the package is uninstalled
on 23.05.1 and pfB 3.2.0_6 after working through getting the package to uninstall successfully (see https://redmine.p... Jordan G
11:47 PM pfSense Packages Bug #14572: Unused DNSBL files may not be removed
Kris Phillips wrote in #note-1:
> Hello,
>
> Is this with the devel or stable branch of pfBlockerNG?
devel and... Jordan G
11:03 PM pfSense Packages Bug #14287: pfBlockerNG does not uninstall cleanly when using RAM disks
This is still happening with pfBlockerNG 3.2.0_6. I believe I've found a workaround for this after chasing a few of t... Jordan G
07:06 PM Bug #14708: PHP error when the system fails to create an interface
I tried to reproduce it on a seperate interface, but did not encounter the same error.
So it must be related to m... Diana Moore
02:49 PM Bug #14708: PHP error when the system fails to create an interface
I am unable to reproduce this on 23.05.1. I created an interface using 6to4 and then another using 6rd without error.... Christopher Cope
06:29 PM pfSense Plus Bug #14682 (Resolved): DCO OpenVPN server bound to Localhost does not pass traffic as expected
Tested against:... Danilo Zrenjanin
08:08 AM pfSense Plus Bug #14682: DCO OpenVPN server bound to Localhost does not pass traffic as expected
Tested on
... Lev Prokofev
03:56 PM Regression #14698 (Resolved): TLS Cert Warning Message Present on First Start
No certificate warning before or after the Wizard on first boot using build
23.09-DEVELOPMENT (amd64)
built on Sa... Chris W
12:11 PM Bug #14637 (Resolved): PHP shell script ``pfanchordrill`` shows duplicate anchor content
The patch fixes it.
I am marking the ticket resolved. Danilo Zrenjanin
11:01 AM Regression #14713: Mobile IPsec not allocating address to connecting clients on dev snapshots
Fixed for me. Thanks. Vladimir Suhhanov
07:08 AM pfSense Packages Bug #14711 (Confirmed): pfBlocker ASN to IP Address option doesn't work
Tested on pfBlocker 3.2.0_6
It failed to load list.... Lev Prokofev
07:06 AM pfSense Packages Bug #14718 (New): pfBlocker DNSBL IPs list action is wrongly named
!clipboard-202308260857-oz2vd.png!
Under *Firewall/pfBlockerNG/DNSBL* there is *DNSBL IPs* section.
The *Alias ... Danilo Zrenjanin
03:01 AM Bug #14717: A default route can remain after setting the default gateway to None
Hello,
Can you please provide some screenshots of what you're expecting versus what you're seeing? I'm not unders... Kris Phillips
12:19 AM pfSense Packages Feature #14710: Possible Idea for new firewall feature "ACL CONNECTED RED LED FLAG FEATURE"
Non standard colours also
@#!/bin/sh
pfctl -vvss | grep ', rule 79' >/dev/null
res=$?
if [ $res = 0 ];
then
... Jonathan Lee

08/25/2023

08:56 PM pfSense Packages Bug #14426 (Pull Request Review): PHP errors in Lightsquid
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/353 Marcos M
08:10 PM pfSense Packages Regression #13984 (Resolved): PHP errors with squid
Marcos M
08:04 PM Bug #14717 (Resolved): A default route can remain after setting the default gateway to None
pfsense v23.05.01 Always automatically set static default ipv6 to pppoe wan.because i have run frr ipv6 bgp, when i h... yon Liu
05:41 PM pfSense Docs Correction #14639 (Resolved): Multiple email address notification
Note added and deployed.
https://gitlab.netgate.com/docs/pfSense-docs/-/commit/f2f85861b0ccd82cd19d9b4f72c17cf2be6... Jim Pingle
05:30 PM pfSense Docs Todo #14716 (Resolved): Update the squid help link URL
Fixed. There were several that were wrong.
https://gitlab.netgate.com/docs/pfSense-docs/-/commit/2d75de5525ca68375... Jim Pingle
04:24 PM pfSense Docs Todo #14716 (Resolved): Update the squid help link URL
The squid package help link (@help.php?page=squid.xml@) redirects to an unrelated page:
https://docs.netgate.com/pfs... Marcos M
04:43 PM Regression #14709 (Resolved): Patch to disable procctl in pkg is missing
Patch is restored Christian McDonald
12:09 AM Regression #14709 (Resolved): Patch to disable procctl in pkg is missing
The patch to remove procctl in pkg is missing. This is needed to prevent child processes being killed which is used i... Marcos M
04:19 PM pfSense Docs Todo #14658 (Resolved): Update firewall/NAT rule source/destination field references
https://gitlab.netgate.com/docs/pfSense-docs/-/merge_requests/59 Marcos M
04:13 PM pfSense Packages Bug #14714: HAProxy Agent Check
Bug No 2 is now described in Bug #14715 Jacques Bourdeau
03:56 PM pfSense Packages Bug #14714: HAProxy Agent Check
Jacques Bourdeau wrote in #note-2:
> Jim Pingle wrote in #note-1:
> > Please create a separate issue entry for each... Jim Pingle
03:46 PM pfSense Packages Bug #14714: HAProxy Agent Check
Jim Pingle wrote in #note-1:
> Please create a separate issue entry for each problem, even if they appear to be rela... Jacques Bourdeau
03:21 PM pfSense Packages Bug #14714: HAProxy Agent Check
Please create a separate issue entry for each problem, even if they appear to be related.
 Jim Pingle
03:03 PM pfSense Packages Bug #14714 (New): HAProxy Agent Check
For my load balancing, I ended up needing to use Agent-based checks in HAProxy.
I configured it in my pfSense+ (23... Jacques Bourdeau
04:06 PM pfSense Packages Bug #14715 (New): HAProxy Agent-Check are not enabled in the config despite being checked in the UI
Related to Bug #14714 which also does not populate the config file properly for agent-check based monitoring in HAPro... Jacques Bourdeau
04:01 PM pfSense Packages Feature #14710: Possible Idea for new firewall feature "ACL CONNECTED RED LED FLAG FEATURE"
If anyone knows of a more efficient want to poll the state table, please let me know.
Have a good day Jonathan Lee
03:59 PM pfSense Packages Feature #14710: Possible Idea for new firewall feature "ACL CONNECTED RED LED FLAG FEATURE"
Here is a photo of testing with the three LEDs enabled when rule 79 went active.
Does the state table counters als... Jonathan Lee
03:49 PM pfSense Packages Feature #14710: Possible Idea for new firewall feature "ACL CONNECTED RED LED FLAG FEATURE"
I wonder if there is another way to do it maybe with the active state tables counters. Thanks for looking into this i... Jonathan Lee
03:27 PM pfSense Packages Feature #14710: Possible Idea for new firewall feature "ACL CONNECTED RED LED FLAG FEATURE"
I don't see anything like that being added to the base system, but maybe someone might design a package around it.
... Jim Pingle
04:54 AM pfSense Packages Feature #14710: Possible Idea for new firewall feature "ACL CONNECTED RED LED FLAG FEATURE"
Side note, I recently learned "The Air force one Executive Phone has a light on the back that lights up red when secu... Jonathan Lee
02:03 AM pfSense Packages Feature #14710: Possible Idea for new firewall feature "ACL CONNECTED RED LED FLAG FEATURE"
pfctl -vvss| grep '192.168.1.11' would work great too as it would be IP address based not rule based
also
pfctl -vv... Jonathan Lee
01:26 AM pfSense Packages Feature #14710: Possible Idea for new firewall feature "ACL CONNECTED RED LED FLAG FEATURE"
The capability is you can take any rule ID you have that establishes a connection and you could configure it to be us... Jonathan Lee
01:12 AM pfSense Packages Feature #14710 (New): Possible Idea for new firewall feature "ACL CONNECTED RED LED FLAG FEATURE"
Hello fellow Netgate pfSense Redmine community members,
I wanted to share this with you all to see if this is any... Jonathan Lee
02:37 PM Bug #14613: Incorrect wireguard control panel status management
You can only enable wiregtuard by starting it in the web gui.
After starting with the script /usr/local/bin/php_wg -... hao zhang
02:07 PM Bug #14613: Incorrect wireguard control panel status management
After running
/usr/local/bin/php_wg -f /usr/local/pkg/wireguard/includes/wg_service.inc stop
fstat shows that /var... hao zhang
02:06 PM Bug #14613: Incorrect wireguard control panel status management
I checked /var/run/wireguardd.pid before rebooting and it was 22536.
After that I rebooted the pfsense.
After reboo... hao zhang
12:58 PM Bug #14613: Incorrect wireguard control panel status management
I do it manually with ssh
/usr/local/bin/php_wg -f /usr/local/pkg/wireguard/includes/wg_service.inc stop
then web... hao zhang
12:40 PM Bug #14613: Incorrect wireguard control panel status management
I reinstalled pfsense and ran into this problem again
I have 3 tunnel, 5 peers and each tunnel is assigned interface... hao zhang
02:37 PM Bug #14691 (Resolved): Separators get shifted when copying firewall rules between interfaces
Tested against:... Danilo Zrenjanin
01:35 PM Regression #14713 (Feedback): Mobile IPsec not allocating address to connecting clients on dev snapshots
Applied in changeset commit:ceea1bd07b25ecb3061f3eda1a5137d2ead8311d. Jim Pingle
01:28 PM Regression #14713: Mobile IPsec not allocating address to connecting clients on dev snapshots
This regressed in a recent rector refactoring ( commit:264198a5a69c0ea45726ccb4c0682f1f0cd5e8a9 ), some references to... Jim Pingle
12:43 PM Regression #14713 (Resolved): Mobile IPsec not allocating address to connecting clients on dev snapshots
This regressed since the previous release at some point. Mobile client attempts to connect but is unable to obtain an... Jim Pingle
01:25 PM Revision ceea1bd0: Mobile IPsec settings PHP refactor corrections. Fixes #14713
Jim Pingle
01:17 PM pfSense Packages Feature #14712: CrowdSec package
e ok wrote:
> I think is not necessary another IPS, but I leave here If something consider that is more robust or go... Marco Mariani
12:32 PM pfSense Packages Feature #14712 (New): CrowdSec package
I think is not necessary another IPS, but I leave here If something consider that is more robust or good tan Snort or... e ok
12:26 PM Revision 67dc6377: Tweak formatting of SMTP notifications
Jim Pingle
06:58 AM Regression #14569 (Feedback): ``bnxt(4)`` driver errors
I've cherry-picked the upstream fixes (see https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=269133) into our branche... Kristof Provost
06:30 AM pfSense Packages Bug #14711 (Resolved): pfBlocker ASN to IP Address option doesn't work
pfBlocker relies on Team Cymru IP to ASN Lookup v1.0 to get the list of prefixes for the defined ASN. But it seems th... Danilo Zrenjanin
06:12 AM pfSense Packages Bug #12822 (Confirmed): IPv4 Source ASN format not working
I have tried to define the ASN format and it appears that it is still not working consistently. Occasionally, it does... Danilo Zrenjanin

08/24/2023

11:39 PM Bug #14707 (Rejected): Fresh installation with a bug.
That's a hardware/driver issue with your @dc@ based NIC. Given the age of that hardware and the fact that it's only 1... Jim Pingle
10:45 PM Bug #14707 (Rejected): Fresh installation with a bug.
Hi, I made a fresh installation and get a bug/error. Attached the dumps for your future analyst if you consider neces... e ok
11:35 PM Bug #14708 (Resolved): PHP error when the system fails to create an interface
When enabling 6rd while 6to4 is enabled on another interface the web ui will throw an error of @Uncaught TypeError: p... Diana Moore
07:03 PM Bug #14432 (Feedback): PHP error when failing to write ``config.cache``
This should be fixed by commit:596a88fa42f0ac77bd2fc2be87b54457df11f64b Jim Pingle
07:00 PM Feature #14337: Allow SMTP notifications from non-root processes
With the changes I just pushed, I get working SMTP notifications from NUT as well as other users. No duplicates/loops... Jim Pingle
06:50 PM Feature #14337 (Feedback): Allow SMTP notifications from non-root processes
Applied in changeset commit:596a88fa42f0ac77bd2fc2be87b54457df11f64b. Jim Pingle
06:43 PM Revision 596a88fa: Notification code updates
* Rework how notice queue files are setup and maintained, which should
allow all users to send notifications now wi... Jim Pingle
02:29 PM pfSense Packages Feature #14706 (New): Add Cloudflare tunnel pkg
Hello everybody,
I've been using Cloudflare tunnel for more than an year as I'm now behind CGNAT so no more open p... Vlad Saftoiu
01:42 PM Bug #14691: Separators get shifted when copying firewall rules between interfaces
That result indicates a patch is missing. The fix is in the latest build (20230824-0600) - try it there. Marcos M
07:39 AM Bug #14691: Separators get shifted when copying firewall rules between interfaces
After applying the patch, I made the following observations:
h3. Before copying:
Rules on source interface (L... Danilo Zrenjanin
12:50 PM Regression #14690 (Resolved): Creating or duplicating an IPsec P1 entry does not increment the IKE ID
Jim Pingle
05:24 AM Regression #14690: Creating or duplicating an IPsec P1 entry does not increment the IKE ID
Tested on ... Lev Prokofev

08/23/2023

11:32 PM Bug #14619: Rule separators are ordered incorrectly after removing rules in certain positions
Side note:
I have also seen this behavior carrying into layer 2 Ethernet filtering rules.
Photos inside duplicat... Jonathan Lee
10:54 PM pfSense Plus Bug #14705: Changes in Ethernet ruleset can lead to incorrect rule and separator order
I was not able to replicate it (including with Ethernet rules, etc). If you can replicate this on a default install/c... Marcos M
10:21 PM pfSense Plus Bug #14705: Changes in Ethernet ruleset can lead to incorrect rule and separator order
Thanks for looking into this. I am not changing the firewall configuration only the firewall rule when this occurs. L... Jonathan Lee
10:00 PM pfSense Plus Bug #14705 (Rejected): Changes in Ethernet ruleset can lead to incorrect rule and separator order
I can only replicate this if I change the config while editing a rule. This is known behavior that is due to the inde... Marcos M
05:28 PM pfSense Plus Bug #14705: Changes in Ethernet ruleset can lead to incorrect rule and separator order
For mine the rules are randomizing. I have some rules that jump to the middle and or end of the rule list. Jonathan Lee
05:21 PM pfSense Plus Bug #14705 (Duplicate): Changes in Ethernet ruleset can lead to incorrect rule and separator order
Most likely a duplicate of #14691 or #14619 Jim Pingle
05:16 PM pfSense Plus Bug #14705 (Closed): Changes in Ethernet ruleset can lead to incorrect rule and separator order
Hello fellow pfSense Redmine community members,
I noticed after the recent software update to 23.05.1 that issues ... Jonathan Lee
09:45 PM Regression #14623 (Feedback): Primary interface address is incorrectly set to the last address on the interface
Applied in changeset commit:baa612e555ba48e1961f03ac54e8f93b078aff48. Marcos M
07:05 PM Regression #14623 (Pull Request Review): Primary interface address is incorrectly set to the last address on the interface
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/1064 Marcos M
09:37 PM Revision baa612e5: Return the first interface address instead of the last. Fix #14623
Marcos M
09:23 PM Revision 9602c76c: Correctly shift separators when deleting a single rule above a separator. Fix #14691
Marcos M
08:55 PM Bug #14691 (Feedback): Separators get shifted when copying firewall rules between interfaces
Applied in changeset commit:26b97b650457ba98360b5648dd801fd0adb567a5. Marcos M
08:45 PM Bug #14691 (In Progress): Separators get shifted when copying firewall rules between interfaces
The behavior of the rule being placed on top when being copied only happens when e.g. copying the last rule of LAN to... Marcos M
06:40 PM Bug #14691 (Feedback): Separators get shifted when copying firewall rules between interfaces
Applied in changeset commit:abc8192b1028f48bb768ffb6727bed4d05adae7f. Marcos M
06:10 PM Bug #14691: Separators get shifted when copying firewall rules between interfaces
Tested against:... Danilo Zrenjanin
08:46 PM Revision 26b97b65: Remove the original rule when chaning the rule's interface. Fix #14691
Marcos M
08:04 PM Feature #14337: Allow SMTP notifications from non-root processes
Thanks Jim Denny Page
07:57 PM Feature #14337 (In Progress): Allow SMTP notifications from non-root processes
I have an alternate idea on how to fix this and (hopefully) also preserve the duplicate message suppression. There is... Jim Pingle
06:32 PM Revision abc8192b: Refactor rule separators. Fix #14691
Marcos M
06:11 PM Feature #13784 (Rejected): Option to completely block MAC addresses in Captive Portal
Now that L2 filtering is possible in the GUI (see #14308), this is no longer needed. Below is the diff for this MR fo... Marcos M
05:18 PM pfSense Packages Bug #14704 (Duplicate): FRR BGP Neighbor configuration page no longer displays BFD Peer(s) in the BFD section
Duplicate of #14654
It's already fixed in the most recent version of the package. Jim Pingle
05:10 PM pfSense Packages Bug #14704 (Duplicate): FRR BGP Neighbor configuration page no longer displays BFD Peer(s) in the BFD section
Hello,
I can no longer select a BFD Peer when creating a FRR BGP neighbor.
As an example.
I have two (2) BFD... Michael Mercier
04:44 PM Bug #13903 (Feedback): PPPoE Server address input validation is incorrectly allowing IPv6
Fixed by commit:9d0cd39f3be509ca0fd46119777bedd1954802c4 (typo'd the issue ID on there) Jim Pingle
03:48 PM Bug #13903 (In Progress): PPPoE Server address input validation is incorrectly allowing IPv6
Looks like it should be IPv4 only so I've fixed the input validation to restrict it to IPv4
I also corrected a mis... Jim Pingle
04:40 PM Bug #14392 (Feedback): ``find_interface_ipv6_ll()`` can return a VIP instead of the interface address
Applied in changeset commit:5df71c77b6b03a30b8f6425da331a892eb9876ad. Jim Pingle
04:21 PM Revision 5df71c77: Correct IPv6 LL addr locate behavior. Fixes #14392
Comments said it should take the first but it was taking the last.
Make that behavior optional but default to taking... Jim Pingle
03:47 PM Revision 9d0cd39f: Fixup PPPoE server input validation. Fixes #13909
Jim Pingle
03:40 PM Bug #14394 (Feedback): PHP error in CSRF Magic from invalid time value
Applied in changeset commit:1a57545864783b3acc5f28d166a79bd92a849759. Jim Pingle
03:10 PM Bug #14394 (In Progress): PHP error in CSRF Magic from invalid time value
Jim Pingle
03:29 PM Revision 1a575458: Correct PHP errors in CSRF Magic. Fixes #14394
Jim Pingle
03:00 PM Bug #13218 (Feedback): GIF-based interface MTU is assigned to parent interface on boot when parent interface is a LAGG
Applied in changeset commit:14beb636e4ca286c011398a30fd818f15c83eb7e. Jim Pingle
02:40 PM Bug #13218 (In Progress): GIF-based interface MTU is assigned to parent interface on boot when parent interface is a LAGG
PR has conflicts (and some logic issues, and outdated code usage). I'm working on an updated version of the changes. Jim Pingle
02:44 PM Revision 14beb636: Simplify interface_find_child_cfgmtu(). Fixes #13218
* Simplify the code in interface_find_child_cfgmtu() so it doesn't have
so much repetition
* Do not test GIF/GRE as... Jim Pingle
02:15 PM Regression #11570: Gateway monitoring services is not always restarted on interface events, which may prevent a WAN from recovering back to an online state
PR has conflicts and needs work/testing still Jim Pingle
02:15 PM Feature #13124 (Feedback): Option to wait for interface selection before displaying firewall rules
Applied in changeset commit:c451853836ae3e00ec20aa666c64a198d08b402c. Jim Pingle
02:09 PM Feature #13124 (In Progress): Option to wait for interface selection before displaying firewall rules
Jim Pingle
02:13 PM Bug #12225 (Rejected): Group membership field is not needed for remote groups
Doesn't seem like something we really need/want at the moment, and the PR was closed a few weeks ago.
 Jim Pingle
02:08 PM Revision c4518538: Option to require if select before showing fw rules. Implements #13124
Originally submitted in PR 4582 by Chrisc-c-c at GitHub Jim Pingle
01:40 PM Feature #13245 (Feedback): Type column on Alias lists
Applied in changeset commit:33cd269034590899b429f72305a4abdc4c6f686e. Jim Pingle
01:30 PM Feature #13245 (In Progress): Type column on Alias lists
Jim Pingle
01:32 PM Revision 33cd2690: Type column for Alias list. Implements #13245
While here, clean up some redundant/incorrect variable usage.
Adapted from PR 4592 submitted by luckman212 @ GitHub Jim Pingle
01:26 PM Feature #13377 (Feedback): Option to configure a custom value for the PHP memory limit
MR Merged Jim Pingle
01:12 PM Revision fc62ac50: Add a setting for PHP memory limit in System -> Advanced. Feature #13377
Christopher Cope
01:10 PM Feature #13804 (Feedback): Prevent CARP status/maintenance mode from being erroneously toggled
Applied in changeset commit:a9238fddf3149f0bd22886f91becfa3d373cc164. Christopher Cope
01:05 PM Feature #14347 (Feedback): Improve System menu behavior for Certificate Manager privileges
Applied in changeset commit:d9f02c6abae1d58e57cdff1775f1b516cb038585. Jim Pingle
12:55 PM Feature #14347 (In Progress): Improve System menu behavior for Certificate Manager privileges
Jim Pingle
01:02 PM Revision a9238fdd: Add requested state to status_carp requests. Implements #13804
Christopher Cope
12:59 PM Feature #14208: Automatic Split-DNS for 1:1 NAT
Waiting on changes to the PR, will be better in the next release with more time to test it out. Jim Pingle
12:55 PM Revision d9f02c6a: Pick crt mgr start by privs. Implements #14347
Check user privileges to determine where the menu entry for the
certificate manager should point. Users might have ac... Jim Pingle
12:38 PM Bug #14621 (Feedback): Rule separators are hidden when their index is greater than the number of rules
This was merged a couple weeks ago Jim Pingle
07:56 AM Bug #14702 (Resolved): ``ctype_digit()`` returns unexpected result for values <= ``255`` which can break some validation functions/usages
The patch fixes it.
I am marking this ticket resolved. Danilo Zrenjanin
07:45 AM Bug #14695 (Resolved): Copy function for User Manager Groups does not work for first group in list
Danilo Zrenjanin
07:45 AM Bug #14695: Copy function for User Manager Groups does not work for first group in list
The patch fixes it.
I am marking this ticket resolved.
Danilo Zrenjanin
06:52 AM Bug #14628: PPPoE Interface Panic
Occurred again today.
@
Aug 23 11:47:25 login 74579 login on ttyv0 as root
Aug 23 11:47:25 sshguard 77416 Now mo... Faisal Mahmood

08/22/2023

10:45 PM Bug #14691 (Pull Request Review): Separators get shifted when copying firewall rules between interfaces
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/1063 Marcos M
03:36 PM Bug #14691 (In Progress): Separators get shifted when copying firewall rules between interfaces
Marcos M
07:26 PM Feature #13422: Add a 'type' field to the DHCPv6 server Additional BOOTP/DHCP Options
This may already be part of the Kea work, but in case it isn't... Jim Pingle
07:24 PM Feature #13710: Support UTF-8 CA/Certificate subject components
We have enough to worry about with OpenSSL 3.x changes in this release, best not to complicate cert changes any furth... Jim Pingle
07:16 PM pfSense Packages Bug #14349 (Closed): The ClamAV 0.105.1 got a few vulnerabilities
It's already fixed in dev snaps, it'll come back naturally with the next release.
 Jim Pingle
06:38 PM pfSense Plus Bug #14682 (Feedback): DCO OpenVPN server bound to Localhost does not pass traffic as expected
Committed upstream in https://cgit.freebsd.org/src/commit/?id=949491f2a6397f2514f8fcde1c7dc61bd82f201a, and cherry-pi... Kristof Provost
03:45 PM pfSense Plus Bug #14682 (In Progress): DCO OpenVPN server bound to Localhost does not pass traffic as expected
I've also been able to reproduce this.
The problem turns out to be that we pass through pf multiple times (which i... Kristof Provost
05:06 PM pfSense Plus Feature #14348 (Resolved): Add unicast CARP indication and peer address to CARP status
This looks really good on Plus and CE both compared to before. Much more useful information and it all appears to be ... Jim Pingle
04:25 PM Revision 0600beae: services_dhcp.php: fix pool address range validation
Christian McDonald
02:20 AM Bug #14648: Values obtained from ``sysctl`` are sometimes unexpectedly empty, leading to PHP and other math errors
I am repeatedly receiving errors related to this. In addition to errors, crash reports, nearly every day. I just appl... C T

08/21/2023

10:59 PM Bug #14700: High CPU Temperature in CE 2.7
I would check your cooling solution if those are real values. Simply running with the default Speedshift settings sho... Steve Wheeler
12:31 PM Bug #14700 (Duplicate): High CPU Temperature in CE 2.7
Already covered by #14047 Jim Pingle
10:43 PM Bootstrap Bug #5121: interfaces.php - Wireless Antenna Selection should default to "Default"
Hello, what about 3 antenna port pcie cards? I learned the AR5BXB112 functions in some appliances. Is the 3rd port no... Jonathan Lee
10:38 PM pfSense Plus Regression #14703: 2100 pcie wireless issues
https://redmine.pfsense.org/issues/5121
Also talks about the now degraded Wireless Antenna Selection GUI setting Jonathan Lee
10:36 PM pfSense Plus Regression #14703: 2100 pcie wireless issues
Antenna tx and rx adjustments missing on 23.05.1
See attached is the new GUI settings showing changes Jonathan Lee
10:31 PM pfSense Plus Regression #14703: 2100 pcie wireless issues
https://redmine.pfsense.org/issues/13
was the options removed for antenna adjustments? It use to display them in the... Jonathan Lee
10:16 PM pfSense Plus Regression #14703: 2100 pcie wireless issues
even when removing dev.ath.0.tpc and dev.ath.0.tpcscale and setting tpack and tpcts to 99 it does not take the config... Jonathan Lee
07:00 PM pfSense Plus Regression #14703: 2100 pcie wireless issues
When I would add a system tunable for tpcts and tpack and reboot or manually adjust they would never change and alway... Jonathan Lee
06:53 PM pfSense Plus Regression #14703: 2100 pcie wireless issues
Compex WLE200NX Wireless A/B/G/N Network Mini PCIe Adapter (A4343) is the only card that works inside the 2100 Jonathan Lee
06:51 PM pfSense Plus Regression #14703 (New): 2100 pcie wireless issues
Hello fellow pfSense Packages Redmine community members can you please help.
1. The SG-2100MAX the Compex WLE200NX... Jonathan Lee
07:35 PM Bug #14695 (Feedback): Copy function for User Manager Groups does not work for first group in list
Applied in changeset commit:9270d777907048d2bfc31f4e57a01e915ff71a88. Jim Pingle
07:16 PM Bug #14695 (In Progress): Copy function for User Manager Groups does not work for first group in list
Not specific to Plus.
Looks like most of the tests checking if the duplicate action is being performed are done in a... Jim Pingle
07:25 PM Revision 9270d777: Improve dup action tests in group mgr. Fixes #14695
Jim Pingle
06:38 PM Regression #14698: TLS Cert Warning Message Present on First Start
Ended up being an issue in the upgrade code, not the GUI or certs. Jim Pingle
06:35 PM Regression #14698 (Feedback): TLS Cert Warning Message Present on First Start
Applied in changeset commit:dcc7c577b51d68878c68313e3e0705d600c75b6f. Jim Pingle
06:24 PM Revision dcc7c577: Prevent running upgrade code on first boot. Fixes #14698
* Update default config to current latest revision number
* Add safety belt check to not flag an empty GUI cert as we... Jim Pingle
03:15 PM Bug #14702 (Feedback): ``ctype_digit()`` returns unexpected result for values <= ``255`` which can break some validation functions/usages
Applied in changeset commit:28e2b61100b0f1cf81de5e73fd579bb6bd36afb5. Jim Pingle
03:05 PM Bug #14702 (In Progress): ``ctype_digit()`` returns unexpected result for values <= ``255`` which can break some validation functions/usages
Looks like this could also break things in a few other places since we use that function ~10 times in various files.
... Jim Pingle
02:56 PM Bug #14702: ``ctype_digit()`` returns unexpected result for values <= ``255`` which can break some validation functions/usages
The problem is with the @ctype_digit()@ test used in @is_port()@:
https://www.php.net/manual/en/function.ctype-dig... Jim Pingle
02:44 PM Bug #14702 (Confirmed): ``ctype_digit()`` returns unexpected result for values <= ``255`` which can break some validation functions/usages
This isn't specific to FTP, it happens for a few different ranges I tried (10-11, 20-21, 100-101, etc.) though it doe... Jim Pingle
06:45 AM Bug #14702 (Resolved): ``ctype_digit()`` returns unexpected result for values <= ``255`` which can break some validation functions/usages
Hello pfSense,
I've noticed that when you create a NAT rule with a port range starting with 20 (e.g. 20-21 or 20-... John Uplink
03:05 PM Revision 28e2b611: Cast to string before ctype_digit() testing. Fixes #14702
Jim Pingle
02:12 PM pfSense Plus Bug #14701: Regression #14374 new issue with active DHCP leases can no longer differentiate between online and offline system.
Static ARP entries must always be in the table. Prior to that patch, static ARP was broken, which is why the DHCP sta... Jim Pingle
02:08 PM pfSense Plus Bug #14701: Regression #14374 new issue with active DHCP leases can no longer differentiate between online and offline system.
Thanks for looking into this, prior to this PfSense patch I was able to see if a device was on or offline in the stat... Jonathan Lee
01:09 PM pfSense Plus Bug #14701 (Not a Bug): Regression #14374 new issue with active DHCP leases can no longer differentiate between online and offline system.
The online/offline status is solely based off the presence of the client MAC address in the ARP table. With static AR... Jim Pingle
02:10 PM Revision 343b9d14: pkg-utils.inc: just consider the first line of output from rquery when determining remote version.
Christian McDonald
02:01 PM pfSense Packages Feature #14696: possible cross site scripting and URL manipulation shell access injection issue sgerror.php
Thanks for looking at this and testing the various inputs. I did not know about the other reporting URL I will use th... Jonathan Lee
01:52 PM pfSense Packages Feature #14696 (Rejected): possible cross site scripting and URL manipulation shell access injection issue sgerror.php
That action is just echoing back the input to the user but as it passes through a query string and so on, the content... Jim Pingle
12:30 PM Bug #14301 (Resolved): Input validation error when saving IGMP Proxy settings
Jim Pingle
12:30 PM Bug #14646 (Resolved): OpenVPN can select the wrong interface IP address when multiple addresses are present
Jim Pingle
12:28 PM Regression #14678 (Resolved): CA and Certificate renewal page does not properly list some SHA1 certificates as being weak
Jim Pingle
12:27 PM Bug #14699 (Duplicate): Certificate alert is shown with a new install
Duplicate of #14698 Jim Pingle

08/20/2023

11:42 PM pfSense Plus Bug #14701 (Not a Bug): Regression #14374 new issue with active DHCP leases can no longer differentiate between online and offline system.
Hello fellow pfSense Redmine community members,
I wanted to add a note about a new issue showing. The active stati... Jonathan Lee
05:02 PM Bug #14700 (Duplicate): High CPU Temperature in CE 2.7
After upgrading 3 2.6 CE installs to 2.7, all of them experienced high CPU temps. A mitigation was found on reddit to... Boolie Boolie
03:47 PM Bug #14699 (Duplicate): Certificate alert is shown with a new install
I installed snapshot 23.09 build @20230818-1744@ and this alert is shown with a default config:
> The GUI HTTPS cert... Marcos M
02:50 AM Bug #14301: Input validation error when saving IGMP Proxy settings
Tested on Aug 18th builds of Plus 23.09. No errors are present when saving IGMP Proxy anymore. This can be closed a... Kris Phillips
01:02 AM Bug #14646: OpenVPN can select the wrong interface IP address when multiple addresses are present
retested with a different config after applying the related system_patch and failover appears to be working as expect... Jordan G

08/19/2023

10:16 PM Regression #14698 (Resolved): TLS Cert Warning Message Present on First Start
On first boot of the Aug 18th 23.09 builds, the following notification is present immediately when prompted with the ... Kris Phillips
09:18 PM Bug #14655 (Confirmed): NAT behind a WAN rule" and "!WAN rule"
I can confirm this behavior on... Christopher Cope
05:47 PM pfSense Packages Bug #14683: PHP error on ``status_frr.php`` from using too much memory
Since this is the same base issue solved by the PHP patch, I'm marking this as a duplicate of https://redmine.pfsense... Christopher Cope
05:47 PM pfSense Packages Bug #14683 (Duplicate): PHP error on ``status_frr.php`` from using too much memory
Christopher Cope
12:48 PM pfSense Plus Bug #14129 (Resolved): Chelsio T520 unable to route past 470Mbps
This is resolved by https://redmine.pfsense.org/issues/14207 Steve Wheeler
12:21 PM Regression #14678: CA and Certificate renewal page does not properly list some SHA1 certificates as being weak
Also can confirm on 23.09... aleksei prokofiev
11:46 AM Regression #14678: CA and Certificate renewal page does not properly list some SHA1 certificates as being weak
I can confirm that it is working as expected. Tested patch on 23.05.1 and 2.7.0 aleksei prokofiev
12:10 PM pfSense Docs Correction #14697 (Resolved): Need to fix TNSR examples recipes
Looks like the example images don't match the context of the example.
https://docs.netgate.com/tnsr/en/latest/recipe... aleksei prokofiev
10:37 AM pfSense Plus Bug #14175: LDAP authentication for SSH fails
Marcos M wrote in #note-6:
> With @Use Authentication Server for Shell Authentication@ checked, this issue can preve... Emre K
07:09 AM pfSense Plus Bug #14531: Traffic Graph widget doesn't show traffic counts for OpenVPN interfaces since 23.05.1 upgrade.
The same behavior on ... Lev Prokofev
04:04 AM Bug #14648: Values obtained from ``sysctl`` are sometimes unexpectedly empty, leading to PHP and other math errors
Hi
For the last 2 hrs been running script to keep getting that output every 1 second..
It hasn't come up blank o... Michael Clews
12:05 AM pfSense Packages Feature #14696: possible cross site scripting and URL manipulation shell access injection issue sgerror.php
/usr/local/www/sgerror.php
has no ability to disable internal error redirect functionality when utilizing externa... Jonathan Lee
12:03 AM pfSense Packages Feature #14696: possible cross site scripting and URL manipulation shell access injection issue sgerror.php
In my case https://192.168.1.1:8080/sgerror.php?url=403%20Blocked%20by%20Mom%20and%20Dad&a=%a&n=%n&i=%i&s=%s&t=%t&u=%... Jonathan Lee
12:02 AM pfSense Packages Feature #14696: possible cross site scripting and URL manipulation shell access injection issue sgerror.php
sgerror.php is also still accessible even with the internal error redirector redirecting to external site like Google... Jonathan Lee

08/18/2023

11:13 PM pfSense Packages Feature #14696: possible cross site scripting and URL manipulation shell access injection issue sgerror.php
I wonder if there is any php injection vulnerabilities here. I did get it to say hello world. I noticed there is some... Jonathan Lee
10:48 PM pfSense Packages Feature #14696: possible cross site scripting and URL manipulation shell access injection issue sgerror.php
if I can force it to say hello world, you could force it to say it a million times and do a denial of service attack ... Jonathan Lee
10:33 PM pfSense Packages Feature #14696 (Rejected): possible cross site scripting and URL manipulation shell access injection issue sgerror.php
Hello fellow pfSense Redmine team,

I seem to have found an issue with sgerror.php allowing a user to adapt the ph... Jonathan Lee
07:51 PM Bug #14542 (Resolved): Gateway widget tooltip incorrectly indicates some gateways as being default
Entries below default gateways no longer have the incorrect tooltip in the widget.
 Jim Pingle
07:50 PM Todo #14399 (Resolved): Combining Interface and Rule ID state table filter fields returns no results
Input validation error is printed as expected, other queries still work.
 Jim Pingle
07:48 PM Bug #14417 (Resolved): System Information widget does not properly form list of active hardware crypto algorithms
This appears to be correct and looks better on a variety of hardware models Jim Pingle
04:31 PM Bug #14673 (Resolved): Remove broken ``stun.sipgate.net`` from UPnP STUN server list
Jim Pingle
11:14 AM Bug #14673: Remove broken ``stun.sipgate.net`` from UPnP STUN server list
Tested on 23.05.1
No more stun.sipgate.net in the list.
!clipboard-202308181514-vpy4v.png!
 Lev Prokofev
04:31 PM pfSense Packages Bug #14694 (Not a Bug): HAProcy
I'm using ACME certs with HAProxy and it works fine here, so it's not clear why yours might be failing.
This site ... Jim Pingle
05:02 AM pfSense Packages Bug #14694 (Not a Bug): HAProcy
After the latest update I can no longer assign an ACME certificate to a HAProxy Frontend, not matter which certificat... Rick Strangman
03:56 PM Bug #14648: Values obtained from ``sysctl`` are sometimes unexpectedly empty, leading to PHP and other math errors
Suika Ibuki wrote in #note-16:
> Why not do a patch against that function to dump everything, env and what not? At l... Jim Pingle
03:51 PM Bug #14648: Values obtained from ``sysctl`` are sometimes unexpectedly empty, leading to PHP and other math errors
commit:aed18fb07d387c90942b729c02fe460064310f5e should show up on GitHub here in a few minutes with a small fix to av... Jim Pingle
03:50 PM Bug #14648: Values obtained from ``sysctl`` are sometimes unexpectedly empty, leading to PHP and other math errors
I don't even know what is triggering that, something in the background of pfsense does, but dunno how to trigger it.
... Suika Ibuki
03:36 PM Bug #14648 (In Progress): Values obtained from ``sysctl`` are sometimes unexpectedly empty, leading to PHP and other math errors
OK that is in a completely different function, but one which also takes fetches its data from sysctl. Makes no sense ... Jim Pingle
01:59 PM Bug #14648: Values obtained from ``sysctl`` are sometimes unexpectedly empty, leading to PHP and other math errors
Jim Pingle wrote in #note-13:
> Michael Clews wrote in #note-12:
> > Hi
> > I received the error again
>
> Is ... Suika Ibuki
03:39 PM Revision aed18fb0: Avoid div by 0 in memory calculation. Issue #14648
Jim Pingle
09:18 AM Bug #14695 (Resolved): Copy function for User Manager Groups does not work for first group in list
It seems that https://redmine.pfsense.org/issues/12226 did not completely resolve this issue.
If you try to copy t... Dan Edwards

08/17/2023

10:33 PM Revision abe73fb3: Update .gitignore and remove autosave file from tests
Reid Linnemann
10:21 PM Bug #14693 (New): Filter reload with NAT reflection rules is extremely slow
We're running a PFSense cluster which contains the following amount of rules:
- 60x Outbound NAT rule
- 120x NAT ... Kevin Bentlage
08:46 PM Bug #14692 (New): Mangled link-local addresses are being logged
My system is logging discarded ping request messages from a link-local address, as is expected.
Here is an example... Daryl Morse
08:33 PM Bug #12833: GUI Service Log Filling Up with Cruft
Jim Pingle wrote in #note-6:
> That is a raw web server log, it's not meant to only show notable events, but every a... Daryl Morse
08:20 PM Bug #14542 (Feedback): Gateway widget tooltip incorrectly indicates some gateways as being default
Applied in changeset commit:d1f43fb9b03f4d4b30dc1b0dfed33d46d6386902. Jim Pingle
07:25 PM Bug #14542 (In Progress): Gateway widget tooltip incorrectly indicates some gateways as being default
Jim Pingle
07:28 PM Revision d1f43fb9: Fix gateway widget tooltip 'default' text. Fixes #14542
Jim Pingle
07:25 PM Todo #14399 (Feedback): Combining Interface and Rule ID state table filter fields returns no results
Applied in changeset commit:1b6b8b4c9c1e187d3a55f7fdb5dd8a22252caf06. Jim Pingle
07:10 PM Todo #14399 (In Progress): Combining Interface and Rule ID state table filter fields returns no results
Not specific to plus
I'll add an input validation error if both are filled in. Jim Pingle
07:19 PM Revision 1b6b8b4c: Error on states with if and ruleid filters. Fixes #14399
Jim Pingle
05:21 PM Bug #14417 (Feedback): System Information widget does not properly form list of active hardware crypto algorithms
Fix committed. Seems to list everything for me now and also in the correct alphabetical order.
Before:
!clipboard... Jim Pingle
04:14 PM Bug #14417 (In Progress): System Information widget does not properly form list of active hardware crypto algorithms
Though the problem is easiest to notice in Plus, the function is similar in CE and could in theory have the same prob... Jim Pingle
05:19 PM Revision 81da0ed3: Correct hwcrypto alg list in widget. Fixes #14417
Jim Pingle
03:34 PM Bug #11539: Mobile IPsec ``split_include`` value of ``0.0.0.0/0`` causes some clients to fail
Still waiting on an affected user to test and offer feedback.
 Jim Pingle
03:33 PM Regression #12549: Per-user Mobile IPsec settings are not applied to connecting mobile clients
Clients are still not behaving a way that appears to be fixable for all of them at once. Will keep checking, though.
 Jim Pingle
03:32 PM Todo #13508: Uncouple RAM Disk size from available kernel memory
Needs more time to come up with a proper solution. Jim Pingle
03:30 PM Regression #14690: Creating or duplicating an IPsec P1 entry does not increment the IKE ID
Excluding from release notes since it was never a problem in a release version. Jim Pingle
03:25 PM Regression #14690 (Feedback): Creating or duplicating an IPsec P1 entry does not increment the IKE ID
Applied in changeset commit:c10d5dc27156880b4939b0a4e862753949f9e649. Jim Pingle
03:17 PM Regression #14690: Creating or duplicating an IPsec P1 entry does not increment the IKE ID
This regressed after the last release. It's OK on 23.05.1 and 2.7.0, but broken in the current code. Looks like a var... Jim Pingle
03:12 PM Regression #14690 (In Progress): Creating or duplicating an IPsec P1 entry does not increment the IKE ID
It's worse than that, even creating a new tunnel from scratch has a duplicate ID. Jim Pingle
12:58 PM Regression #14690: Creating or duplicating an IPsec P1 entry does not increment the IKE ID
Not specific to plus, happens on CE as well.
 Jim Pingle
03:18 PM Revision c10d5dc2: Fix var name in ipsec_ikeid_next(). Fixes #14690
Jim Pingle
03:16 PM Bug #14691 (Resolved): Separators get shifted when copying firewall rules between interfaces
h1. Reproduce
Have two active interfaces, one with at least one firewall rule (hereafter called OPT1) and the othe... Filip Bengtsson
08:10 AM pfSense Packages Bug #14683: PHP error on ``status_frr.php`` from using too much memory

and changed config.inc
// Set memory limit to 512M on amd64.
if ($ARCH == "amd64") {
ini_set("memory_limit", ... yon Liu
08:06 AM pfSense Packages Bug #14683: PHP error on ``status_frr.php`` from using too much memory
i have changed php tomemory_limit = 1200M now,it is ok.
and if run frr bgp route, the kern.ipc.maxsockbuf must be ch... yon Liu
07:24 AM Bug #14604: Bugs in dhclient implementation according to RFC 2131
Just to manage my expectations, how high is this on your priority list?
I'm thinking whether I should cancel my ISP ... Nazar Mokrynskyi

08/16/2023

11:15 PM Feature #14640 (Feedback): Extend support for SCTP in firewall and NAT rules
Applied in changeset commit:7a654802f01c17a921b3ae51099bf7d829df6cad. Marcos M
10:53 PM Revision 7a654802: Extend support for SCTP in firewall and NAT rules. Implement #14640
Marcos M
10:31 PM Feature #14483: Conditionally reconfigure IPsec VTI interfaces only when necessary while applying IPsec changes
I started a forum thread and during the discussion i realized the situation is very familiar to this redmine.
http... Mike Moore
09:23 PM Regression #14690 (Resolved): Creating or duplicating an IPsec P1 entry does not increment the IKE ID
pfSense 23.09-DEV build from today
VPN -> IPSec. I select the button to "copy phase 1 entry" for a P1 I created. The... Clinton Cory
07:45 PM Bug #14648: Values obtained from ``sysctl`` are sometimes unexpectedly empty, leading to PHP and other math errors
Michael Clews wrote in #note-12:
> Hi
> I received the error again
Is that with the patch applied or without it? Jim Pingle
07:40 PM pfSense Plus Feature #14348 (Feedback): Add unicast CARP indication and peer address to CARP status
Implemented in:
* https://gitlab.netgate.com/pfSense/pfSense/-/commit/d02e9664d251f54d99e5738808ea25b018421754 (CE... Jim Pingle
07:34 PM Revision d02e9664: CARP status update. Issue #14348
Add description Jim Pingle
12:57 PM pfSense Packages Feature #14689 (Rejected): Warn users about the risks of using snort in a netgate pfsense device
There are already warnings in place in various locations about this.
For example: https://www.netgate.com/supporte... Jim Pingle

08/15/2023

09:30 PM pfSense Packages Feature #14689 (Rejected): Warn users about the risks of using snort in a netgate pfsense device
Hello
I installed pfsense in a computer, running snort, protecting my network, it was awesome.... I decided to purch... Edgar Estrada
08:00 PM Feature #3288 (Feedback): Support interface macros in Outbound NAT rules
Applied in changeset commit:fecb90e9acdf0bd801e8a250b39e9a57555d3476. Marcos M
07:49 PM Revision fecb90e9: Support specialnets in outbound NAT source/destination. Implement #3288
Also, show an asterisk in place of 'Any' for the source,
and avoid generating oNAT rules with invalid aliases. Marcos M
07:16 PM Revision 1799f409: Extend alias and VIP checks to outbound NAT
Marcos M
06:27 PM Todo #14686: Check for deprecated OpenVPN encryption and digest options on upgrade
Updating subject for release notes. Jim Pingle
06:26 PM Todo #14672: Prevent weak SHA1 certificates from being used with GUI and Captive Portal
Updating subject for release notes. Jim Pingle
05:20 PM Todo #14672 (Feedback): Prevent weak SHA1 certificates from being used with GUI and Captive Portal
Applied in changeset commit:f78ae299e5ea7918478ad0cf902e169292ceb6f4. Jim Pingle
06:25 PM Todo #14677: Prevent weak SHA1 certificates from being used with OpenVPN clients and servers
Updating subject for release notes. Jim Pingle
06:24 PM Regression #14678: CA and Certificate renewal page does not properly list some SHA1 certificates as being weak
Updating subject for release notes. Jim Pingle
05:45 PM Feature #14688 (Rejected): Feedback on System Monitoring — DHCPv4 Status
You can already do that by making a static mapping entry -- it doesn't need to specify an IP address, it can just add... Jim Pingle
05:42 PM Feature #14688 (Rejected): Feedback on System Monitoring — DHCPv4 Status
*Page:* https://docs.netgate.com/pfsense/en/latest/monitoring/status/dhcp-ipv4.html
*Feedback:* It would be nice t... Joe Francis
05:45 PM Bug #14673 (Feedback): Remove broken ``stun.sipgate.net`` from UPnP STUN server list
Applied in changeset commit:9dc325fa2328597020540ab70f74fe13b575cdac. Jim Pingle
05:37 PM Bug #14673: Remove broken ``stun.sipgate.net`` from UPnP STUN server list
It's nice to have examples, so long as they work. Removing the broken one seems like a good enough measure for now.
 Jim Pingle
05:39 PM Revision 9dc325fa: Remove broken STUN server from UPnP list. Fixes #14673
Jim Pingle
05:10 PM Revision f78ae299: Work around weak certificates for nginx. Implements #14672
* Generalize and move function that creates self-signed certs
* Detect weak cert when starting GUI and re-generate
* ... Jim Pingle
02:06 PM pfSense Plus Bug #14586: Adding an IP Alias VIP using a unicast CARP VIP as its parent changes the CARP VIP to multicast at the OS level
Ok, cool. Thanks for letting me know. I'll await 23.09. :) James George
01:29 PM pfSense Plus Bug #14586: Adding an IP Alias VIP using a unicast CARP VIP as its parent changes the CARP VIP to multicast at the OS level
Oh shoot, I apologize. I created the patch from a previous aborted MR, which I had closed before I saw and corrected ... Reid Linnemann
03:17 AM pfSense Plus Bug #14586: Adding an IP Alias VIP using a unicast CARP VIP as its parent changes the CARP VIP to multicast at the OS level
Thanks Reid.
Unfortunately, this seems to only be a partial fix (for me at least) - it does not work at bootup. I ... James George
02:54 AM pfSense Plus Bug #14682: DCO OpenVPN server bound to Localhost does not pass traffic as expected
I was able to confirm this bug on 2100 w/23.05.1. Craig Coonrad
01:25 AM Revision 15a79170: composer.json: add twig/twig and update versions
Christian McDonald
 

Also available in: Atom