Activity

30 days up to

User

Subprojects

Activity

From 08/22/2023 to 09/20/2023

09/20/2023

09:40 PM Bug #14800: Cant find bin/sh: Yes the "/bin/sh: cannot open /etc/rc: No such file or directory" does match what i was seeing. I had just upgraded t... Mike McV
08:08 PM Bug #14800 (Rejected): Cant find bin/sh: There isn't nearly enough information here to know what happened in your case, but it sounds like maybe you didn't se... Jim Pingle
08:05 PM Bug #14800 (Rejected): Cant find bin/sh: Upgrade to 23.09.a.20230920.1314 caused boot fail with "cant find bin/sh" in console.
Resolved with config recove... Mike McV
09:08 PM Feature #14802 (New): Re-enable multiqueue support for virtio NIC: In current versions of pfSense (2.7.0, 23.05.1) multiqueue support for virtio NIC has vanished. Apparently this was d... Christopher de Haas
08:43 PM pfSense Plus Bug #14801 (Duplicate): Fatal error: Uncaught TypeError: array_get_path(): Argument #1 ($arr) must be of type array, null given: Already fixed in the repo: #14790#note-4 Jim Pingle
08:11 PM pfSense Plus Bug #14801 (Duplicate): Fatal error: Uncaught TypeError: array_get_path(): Argument #1 ($arr) must be of type array, null given: Fatal error: Uncaught TypeError: array_get_path(): Argument #1 ($arr) must be of type array, null given, called... yon Liu
07:52 PM pfSense Docs Todo #14799 (Resolved): Feedback on Packages — Package List: Fixed, thanks!
https://gitlab.netgate.com/docs/pfSense-docs/-/commit/8b9aba54cc4db5f6dcebd6cd543d4e5635f7a2ad
Jim Pingle
05:02 PM pfSense Docs Todo #14799 (Resolved): Feedback on Packages — Package List: *Page:* https://docs.netgate.com/pfsense/en/latest/packages/list.html
The LADVD package name contains a link that ... Denny Page
06:28 PM pfSense Packages Bug #14390: Squid: SECURITY ALERT: Host header forgery detected: Hi Mike, (and others)
Thanks for commenting and having a look at this - I agree, with "host_verify_strict off", whic... Simon Byrnand
05:05 PM pfSense Packages Bug #14390: Squid: SECURITY ALERT: Host header forgery detected: host verify strict is set to OFF by default so technically we souldnt be having these /409 errors.
My suspicion is t... Mike Moore
04:56 PM pfSense Packages Bug #14390: Squid: SECURITY ALERT: Host header forgery detected: https://github.com/rudiservo/pfsense_storeid
This program was made for CDN maybe it can be expanded Jonathan Lee
04:54 PM pfSense Packages Bug #14390: Squid: SECURITY ALERT: Host header forgery detected: Could Squids storeID help resolve this?
https://wiki.squid-cache.org/Features/StoreID
https://forum.netgate... Jonathan Lee
04:44 PM pfSense Packages Bug #14390: Squid: SECURITY ALERT: Host header forgery detected: https://redmine.pfsense.org/issues/14786
I have also seen "UPP" utilizing this to get around non transparent mode ... Jonathan Lee
04:46 PM pfSense Packages Feature #14786: Add GUI option for host_verify_strict: I wish it did resolve this. Thanks for the information. I will keep researching. Jonathan Lee
04:30 PM pfSense Packages Feature #14786: Add GUI option for host_verify_strict: This seems related:
https://redmine.pfsense.org/issues/14390
Keep in mind that a report on the forum mentions tha... Marcos M
03:35 PM Bug #8846 (Feedback): Misleading error message when adding/editing static routes which use a gateway on a disabled interface: Applied in changeset commit:e9c88ff2a0aea18c62382c70b75b6f03649f11e2. Jim Pingle
03:28 PM Revision e9c88ff2: Check disabled gw/ifs when validating gw addr fam. Fixes #8846: Jim Pingle
03:20 PM Bug #12720 (Rejected): Hide the ``tag`` field on non-floating tabs: Marcos M
01:40 PM Todo #14790 (Feedback): Eliminate direct config access in ``interfaces.php``: Applied in changeset commit:3c431c2d2b38ddeee160c685a92c971e83ac972c. Jim Pingle
01:29 PM Todo #14790 (In Progress): Eliminate direct config access in ``interfaces.php``: PHP error when disabling an interface:... Jim Pingle
01:32 PM Revision 3c431c2d: Fix variable name typo. Fixes #14790: Jim Pingle
01:25 PM Bug #14798 (Duplicate): can't ping VIP addresses from the secondary node: Duplicate of #14026 Jim Pingle
01:06 PM Bug #14798 (Duplicate): can't ping VIP addresses from the secondary node: Hello,
I have a master/slave pfsense cluster.Everything is working properly (HA proxy , OpenVPN, Ipsec , etc..) exce... David Texier
01:24 PM pfSense Packages Todo #14795 (Pull Request Review): Transition to nut-devel: Jim Pingle
01:00 PM pfSense Packages Bug #14797 (Not a Bug): FRR not propagating some kernel routes to Zebra table, breaking OSPF redistribution: This is most likely a problem in your configuration, or maybe an upstream bug in FRR on FreeBSD. Either way there isn... Jim Pingle

09/19/2023

11:18 PM pfSense Packages Feature #14786: Add GUI option for host_verify_strict: host_verify_strict on
host_verify_strict off Jonathan Lee
11:15 PM pfSense Packages Feature #14786: Add GUI option for host_verify_strict: Ref:
http://www.squid-cache.org/Doc/config/host_verify_strict/
This option could be built into the GUI to bring m... Jonathan Lee
10:42 PM pfSense Packages Bug #14797 (Not a Bug): FRR not propagating some kernel routes to Zebra table, breaking OSPF redistribution: I recently upgraded a pfSense VM from 2.6.x to 2.7.0, and the FRR package was also updated from _something_ to 1.3_1
... Geoffrey Davis
10:27 PM Bug #8846 (New): Misleading error message when adding/editing static routes which use a gateway on a disabled interface: The error can still appear when a dynamic gateway exists for the disabled interface:
> The gateway "dynamic" is a di... Marcos M
10:15 PM pfSense Packages Bug #14796 (Resolved): ACME for domain registrar INWX in Germany: I am using ACME with INWX in Germany and automatic renewal has worked up to (at least) 11 July 2023. The latest renew... K. K.
10:15 PM Feature #14640 (Resolved): Extend support for SCTP in firewall and NAT rules: Tested with rules allowing, logging, and NAT'ing SCTP traffic. Marcos M
09:23 PM pfSense Packages Todo #14795 (Resolved): Transition to nut-devel: The current NUT package is based upon the 2.8.0 distribution of NUT. Unfortunately, since its release in April of 202... Denny Page
09:22 PM pfSense Packages Feature #13575 (Waiting on Merge): Update to frr 9.0.1: Since frr9 has been released, we can upgrade to that instead. Ideally, it will be merged upstream first:
https://bug... Marcos M
06:23 PM Bug #14513 (Feedback): Improve error handling in ``status.php``: Need to wait for a good snapshot build before testing this for sure. The new include file may not have been in this c... Jim Pingle
06:11 PM Bug #14513 (Resolved): Improve error handling in ``status.php``: Needed one more fix to make sure the error count was right, but now I think it's doing all it can to ensure errors ar... Jim Pingle
06:04 PM Revision b44dbd7c: status.php: Fix error count. Fixes #14513: Make header before adding note at the bottom, otherwise error count is
off by one. Jim Pingle
06:00 PM Bug #9889 (Resolved): Cannot validate Certificates against Certificate Revocation Lists for Intermediate Certificate Authorities: Working as expected in current dev snapshots. Jim Pingle
05:56 PM Feature #13804 (Resolved): Prevent CARP status/maintenance mode from being erroneously toggled: Behavior is correct now. Duplicated a tab and clicked "Enter persistent CARP maintenance mode" on both. The second on... Jim Pingle
05:54 PM Todo #14769 (Resolved): Increase timeout for password entry when restoring an encrypted configuration via ECL: Timeout is now 60 seconds in snapshots. Jim Pingle
05:51 PM Bug #14579: PHP error in ``handle_wireless_post()`` when toggling some wireless interface options: Updating subject for release notes. Jim Pingle
05:48 PM Bug #14687: Error in boot messages about missing ``/boot/loader.conf.d`` directory: I spot checked several systems here and they all had that directory already. Does this only appear on a new fresh ins... Jim Pingle
05:40 PM Feature #14731 (Feedback): Unbound Advanced Settings entry for ``sock-queue-timeout``: Applied in changeset commit:e3fc86e10898518016016d17bba9e6ab36fc3eec. Marcos M
02:54 PM Feature #14731 (New): Unbound Advanced Settings entry for ``sock-queue-timeout``: If you remove the value from the field so it's blank, then save, the config it generates is not valid and unbound won... Jim Pingle
05:31 PM Revision e3fc86e1: Add input validation for sock_queue_timeout. Fix #14731: Marcos M
05:30 PM Todo #14672 (Feedback): Prevent weak SHA1 certificates from being used with GUI and Captive Portal: Applied in changeset commit:ffcb42471edc6684a10e5670c89b5248de9a3038. Jim Pingle
04:31 PM Todo #14672 (In Progress): Prevent weak SHA1 certificates from being used with GUI and Captive Portal: Certs that have a weak CA are still offered for use in the GUI, but rejected in the backend. The GUI filtering still ... Jim Pingle
05:23 PM Revision ffcb4247: Correct HTTPS cert list. Fixes #14672: Make sure to exclude weak CA chains from list of HTTPS certificates. Jim Pingle
05:20 PM Bug #14648 (Confirmed): Values obtained from ``sysctl`` are sometimes unexpectedly empty, leading to PHP and other math errors: Pushing this ahead since we still can't replicate this and have no leads about how it's happening. Jim Pingle
04:54 PM Regression #14791 (Feedback): ``/etc/version.buildtime`` is not being updated on current snapshots: Brad put a fix in for this: https://github.com/pfsense/FreeBSD-ports/commit/11fd487e5b135b73d613fd9809e5303463254d8e ... Jim Pingle
04:50 PM Bug #14717 (Feedback): A default route can remain after setting the default gateway to None: Applied in changeset commit:f016f14911d90cab2d940264a636cfef9303de1d. Marcos M
04:37 PM pfSense Packages Feature #14793: Package: sfpnfo, SFP Information: And just double checked @jimp in scenarios like having a LAG the Mentioned Interface Status is not displaying any SFP... Marco Goetze
04:08 PM pfSense Packages Feature #14793: Package: sfpnfo, SFP Information: I have a totally different opinion on this, the existing interface output is cluttered and not showing all needed inf... Marco Goetze
03:58 PM pfSense Packages Feature #14793 (Rejected): Package: sfpnfo, SFP Information: This is not needed. SFP information is already printed on Status > Interfaces. If more detail is needed the additiona... Jim Pingle
03:21 PM pfSense Packages Feature #14793 (Rejected): Package: sfpnfo, SFP Information: Submitted a PR for a Package displaying Information about inserted SFP / SFP+ Modules in a easy to access way in the ... Marco Goetze
03:41 PM Revision f016f149: Check for routing protocol flags when removing the default route. Fix #14717: Marcos M
03:37 PM Bug #13776 (Resolved): Some functions fail if the Language does not exactly match an available Locale: Works as expected on snapshots Jim Pingle
03:35 PM Regression #14794 (Feedback): PHP error when adding firewall rule when the configuration contains no separators: Applied in changeset commit:261ffcca08615d80f790cdeaeed4d77647362fe2. Jim Pingle
03:24 PM Regression #14794 (Resolved): PHP error when adding firewall rule when the configuration contains no separators: Trying to add a firewall rule to a configuration without separators yields a PHP error:... Jim Pingle
03:25 PM Revision 261ffcca: Skip empty separators. Fixes #14794: Other nearby similar loops already had this check, this was the only one
missing. Jim Pingle
03:18 PM Todo #14750 (Resolved): Automatically configure PF states hash table size: Appears to be using the expected value based on the given calculation. Jim Pingle
03:14 PM pfSense Packages Regression #14636 (Resolved): "Legacy" strength PKCS#12 Export needs ``-legacy`` provider parameter on OpenSSL command: Works as expected on current dev snapshots with the most recent export package. Jim Pingle
03:12 PM Todo #14677 (Resolved): Prevent weak SHA1 certificates from being used with OpenVPN clients and servers: Certificate lists are filtered appropriately. Certificates with weak hashes are not listed. Jim Pingle
03:10 PM Feature #14337 (Resolved): Allow SMTP notifications from non-root processes: Seems to be working as expected on dev snapshots.
Jim Pingle
03:10 PM Bug #14432 (Resolved): PHP error when failing to write ``config.cache``: Seems to be working as expected on dev snapshots.
Jim Pingle
03:08 PM Bug #14392 (Resolved): ``find_interface_ipv6_ll()`` can return a VIP instead of the interface address: Works as expected on snapshots. A unicast CARP VIP peer syncs via XMLRPC and uses the expected LL address when fixing... Jim Pingle
03:06 PM Todo #12762 (Resolved): Clarify that the IPsec keep alive check option ignores Child SA Start Action: New text is visible in the IPsec P2 edit page. Jim Pingle
03:01 PM Bug #14665 (Resolved): IGMP Proxy cannot start on VirtIO (``vtnet``) interfaces: Daemon appears to start OK on vtnet interfaces on dev snapshots. Jim Pingle
02:58 PM Bug #14767 (Resolved): Kernel textdumps are not recovered properly on systems with multiple swap partitions: Tested and working as expected on snapshots as well. Jim Pingle
02:55 PM Bug #14784 (Resolved): Correct name of Gandi LiveDNS: Name is correct on current dev snapshots Jim Pingle
02:49 PM Feature #14347 (Resolved): Improve System menu behavior for Certificate Manager privileges: Works as expected on snapshots. A user with privileges to access certificates but not CAs get a menu entry that leads... Jim Pingle
02:45 PM Bug #14549 (Resolved): Interface value is not properly validated when submitted on ``interfaces_gif_edit.php`` and ``interfaces_gre_edit.php``: Problem can easily be reproduced on Plus 23.05.1 and CE 2.7.0, but cannot be reproduced on dev snapshots (CE or Plus)... Jim Pingle
02:35 PM Bug #14547 (Resolved): ``getserviceproviders.php`` does not always validate value of ``$connection``, displays without encoding: Problem can easily be reproduced on Plus 23.05.1 and CE 2.7.0, but cannot be reproduced on dev snapshots (CE or Plus)... Jim Pingle
02:35 PM Bug #14544 (Feedback): PPP interface default username/password are not being populated from provider data on ``interfaces.php`` and ``interfaces_ppps_edit.php``: Applied in changeset commit:b85c6620ba16fd249eafc2575d32a3240969f79c. Jim Pingle
02:27 PM Revision b85c6620: Correct PPP provider pre-fill. Fixes #14544: * Make pre-fill behavior function correctly on interfaces_ppps_edit.php
* Fix some inconsistencies in similar code on... Jim Pingle
12:51 PM Revision ca99238d: Prevent nginx from serving backup copies of files.: Files with .orig can be left in place from patching and .pkgsave files
are left in place if files are replaced with d... Jim Pingle

09/18/2023

08:23 PM Feature #14777: Status output plugin hook for packages to include their own data: To use this, packages need to make two changes:
First define the plugin in their main XML file (e.g. frr.xml)
<pr... Jim Pingle
08:15 PM Feature #14777 (Feedback): Status output plugin hook for packages to include their own data: Applied in changeset commit:edba13d595cd270be852b29fed96029e622282f7. Jim Pingle
04:33 PM Feature #14777 (In Progress): Status output plugin hook for packages to include their own data: Jim Pingle
08:19 PM pfSense Packages Feature #14588 (Feedback): Add FRR diagnostic status output plugin: This is committed and will be in FRR pkg version 2.0.1 when it builds. Only in dev snapshots for now as it depends on... Jim Pingle
08:06 PM Revision edba13d5: Add status output package plugin hook. Implements #14777: * Move status output functions to a separate include file
* Change function names to be specific to this include, the... Jim Pingle
07:47 PM Bug #14717 (Pull Request Review): A default route can remain after setting the default gateway to None: The function which removes the default route specifically checks for the @STATIC@ flag in the default route. When the... Marcos M
07:35 PM Bug #14758: ``status_carp.php`` and ``diag_dump_states.php`` unresponsive with large state tables: The kernel does not sort the list (and neither does pfctl). I had assumed that the sort was only there to ensure we h... Kristof Provost
01:56 PM Bug #14758 (Feedback): ``status_carp.php`` and ``diag_dump_states.php`` unresponsive with large state tables: Jim Pingle
01:56 PM Bug #14758: ``status_carp.php`` and ``diag_dump_states.php`` unresponsive with large state tables: On a current snapshot the `pfctl -sc` changes are present and working on @status_carp.php@ and the CLI. I pushed a sm... Jim Pingle
07:12 PM Regression #14431: Sending IPv6 traffic on a disabled interface can trigger a kernel panic: Core dump provided to Christian McDonald for the related ndp issue.
☕️ Rob A
07:00 PM Bug #14513 (Feedback): Improve error handling in ``status.php``: Applied in changeset commit:1e7eb7900bb3e349c2caadbe9574b1bd774e25a6. Jim Pingle
04:33 PM Bug #14513 (In Progress): Improve error handling in ``status.php``: Jim Pingle
06:56 PM Bug #14792 (Rejected): pfSense 2.7.0 >> OpenVPN >> Aliases: This site is not for support or diagnostic discussion.
For assistance in solving problems, please post on the "Net... Jim Pingle
06:20 PM Bug #14792 (Rejected): pfSense 2.7.0 >> OpenVPN >> Aliases: I didn't really figure out the categories for OpenVPN... and so let's start:
pfSense 2.6.0 > FW > Rules > OpenVPN-... Имя Фамилия
06:51 PM Revision 1e7eb790: Improve error handling in status.php. Implements #14513: Jim Pingle
06:23 PM Regression #14755 (Feedback): Intermittent core dump in ``ndp`` when visiting ``diag_ndp.php``: https://github.com/pfsense/FreeBSD-src/commit/e9e1dd2bf8c43d16878b54cac0a72bab8b8e89af
Christian McDonald
05:46 PM Regression #14791 (Resolved): ``/etc/version.buildtime`` is not being updated on current snapshots: The file @/etc/version.buildtime@ used to be a part of the @pfSense-base@ package @base.txz@ file, but it isn't there... Jim Pingle
03:55 PM Bug #14579 (Feedback): PHP error in ``handle_wireless_post()`` when toggling some wireless interface options: Applied in changeset commit:1857f9fbf03ad0ea7435c87a3289c5d6da50dc54. Jim Pingle
03:55 PM Todo #14790 (Feedback): Eliminate direct config access in ``interfaces.php``: Applied in changeset commit:1857f9fbf03ad0ea7435c87a3289c5d6da50dc54. Jim Pingle
03:47 PM Todo #14790: Eliminate direct config access in ``interfaces.php``: MR: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/1079 Jim Pingle
03:38 PM Todo #14790 (Resolved): Eliminate direct config access in ``interfaces.php``: The code in @interfaces.php@ needs updated for PHP 8.x and to use the new config/array access functions. There have b... Jim Pingle
03:48 PM Revision 1857f9fb: PHP updates in interfaces.inc. Implements #14790: * Converted to new array/config access functions. Implements #14790
* Eliminated direct config and $g access. Issue #... Jim Pingle
01:53 PM Revision e17a8991: Use full path to tail, sort output. Issue #14758: Jim Pingle
12:51 PM pfSense Packages Bug #14771 (Feedback): Lightsquid creating multiple SSL certificates, not starting: Jim Pingle
12:47 PM pfSense Packages Regression #14774 (Resolved): Lightsquid won't allow change the password.: Jim Pingle
12:47 PM Regression #14500 (Resolved): PHP Error when viewing Traffic Graphs in ``iftop`` mode: Jim Pingle
12:46 PM pfSense Packages Bug #14788 (Not a Bug): NtopNG high swap usage: (a) Not all swap usage is bad: https://docs.netgate.com/pfsense/en/latest/hardware/memory.html#not-all-swap-usage-is-... Jim Pingle
12:41 PM Feature #13377 (New): Option to configure a custom value for the PHP memory limit: It's better but still quirky.
On a VM with 1GB RAM it says the default is 512 but the allowed range is 128 to 449,... Jim Pingle
12:35 PM Bug #14784 (Feedback): Correct name of Gandi LiveDNS: Applied in changeset commit:e2b29aaca1774f9a6347e1d416e8def9b7ba3794. Christopher Cope
12:34 PM Regression #14735: ``arp`` command is not filtering output as expected, behavior changed in FreeBSD: For good measure I also tested out the @arp@ fixes and everything is working properly as far as I can see now.
Man... Jim Pingle
12:28 PM Revision e2b29aac: Correct Gandi LiveDNS name. Fixes #14784: Christopher Cope
07:28 AM pfSense Plus Feature #14789: Captive Portal - Add OTP authentication option to the portal's authentication options: Pull request created: https://github.com/pfsense/pfsense/pull/4649 Barry Schut
06:34 AM pfSense Plus Feature #14789 (Pull Request Review): Captive Portal - Add OTP authentication option to the portal's authentication options: I have created a small modification to the captive portal pages so it would be possible to use an OTP as login option... Barry Schut
01:52 AM Bug #1819: DNS Resolver Not Registering DHCP Server Specified Domain Name: I, for one, would hate to lose a true DNS resolver (Unbound) and have just a forwarder (dnsmasq) as my only choice fo... Glenn Hall

09/17/2023

09:56 PM pfSense Packages Feature #9238: Add support for Zerotier: This is still a hope and a dream for me. Seems like a great way to add SD-WAN features to pfS. Corey Boyle
08:14 PM pfSense Packages Regression #14774: Lightsquid won't allow change the password.: I update the package and now I can add user and change password, thanks team!!! Peter Moreno
05:40 AM pfSense Packages Regression #14774: Lightsquid won't allow change the password.: Tested on 2.7.0-RELEASE (amd64)
built on Wed Jun 28 03:53:34 UTC 2023
FreeBSD 14.0-CURRENT
Lightsquid 3.0.7_3 Th... aleksei prokofiev
06:57 PM Bug #14237: Intermittent packet loss related to DHCP with Multi-WAN: Can someone look into this? It is certainly unexpected that all networking on pfSense goes down for some time when on... Nazar Mokrynskyi
03:07 PM Bug #14783: List of Dynamic DNS types with split host+domain name is missing several providers: Correcting:
Open VPN config file will point to the hostname only, instead of the **FQDN** dylan mendez
07:31 AM Bug #14758: ``status_carp.php`` and ``diag_dump_states.php`` unresponsive with large state tables: You. do also need the kernel and pfctl changes. I'm not sure if there's been a successful build since those landed.
... Kristof Provost
01:49 AM Bug #14758: ``status_carp.php`` and ``diag_dump_states.php`` unresponsive with large state tables: Kristof Provost wrote in #note-8:
> I've merged the fix for the pfctl loop, as well as the new 'list creator ids' co... Kris Phillips
03:02 AM pfSense Plus Bug #13530: Remote Logging strange behavior: unsuccessfully attempted reproducing with my 3100 and graylog - will monitor further to see if anything occurs Jordan G
02:32 AM Bug #14579: PHP error in ``handle_wireless_post()`` when toggling some wireless interface options: Michael Pfsense wrote in #note-5:
> Crash report begins. Anonymous machine information:
>
> amd64
> 14.0-CURREN... Kris Phillips
01:44 AM Bug #14717: A default route can remain after setting the default gateway to None: Tested this without FRR on a stock setup of the latest 23.09 Plus build. When setting Default IPv6 gateway to "none"... Kris Phillips
01:19 AM Regression #14500: PHP Error when viewing Traffic Graphs in ``iftop`` mode: testing with above changeset applied via system_patches package running 23.05.1, I am not seeing any crashes or php e... Jordan G
12:56 AM pfSense Packages Bug #14788 (Not a Bug): NtopNG high swap usage: +*Issue:*+
100% SWAP usage on pfSense+ 23.05.1-RELEASE after a number of days of uptime when the package NtopNG 0.8.... Denis O'Leary

09/16/2023

10:32 PM Bug #14784 (Pull Request Review): Correct name of Gandi LiveDNS: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/1078 Christopher Cope
02:34 PM pfSense Packages Feature #14787 (New): Feature request - Freeradius post-auth custom options: I would like to check if it is possible to add a custom options field for post-auth in Freeradius package.
This woul... Marcelo Cury
02:16 PM Feature #13377: Option to configure a custom value for the PHP memory limit: Jordan G wrote in #note-22:
> still seeing a negative number suggested for the higher limit on system with <1gb RAM ... Christopher Cope
02:14 PM Revision e521e546: PHP memory limit; Accommodate systems with 1GiB or less of RAM. Feature #13377: Christopher Cope
09:07 AM Regression #14735 (Resolved): ``arp`` command is not filtering output as expected, behavior changed in FreeBSD: I have conducted a test on the most recent build today and can verify that it is performing as expected.
I am mark... Danilo Zrenjanin
05:51 AM Bug #14783: List of Dynamic DNS types with split host+domain name is missing several providers: It seems related only to Gandi Live DNS DyDNS, other configured DyDNS give FQDN
!clipboard-202309160948-4jant.png... Lev Prokofev

09/15/2023

09:45 PM Bug #14785 (Feedback): Primary IPv6 interface address may be incorrect when a VIP is set: Applied in changeset commit:9bda254db22b1d87da8e17b14d045eb55a0c7e92. Marcos M
08:46 PM Bug #14785 (Pull Request Review): Primary IPv6 interface address may be incorrect when a VIP is set: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/1077 Marcos M
07:42 PM Bug #14785 (Resolved): Primary IPv6 interface address may be incorrect when a VIP is set: If a compressed IPv6 VIP exists, the interface's primary IPv6 address will be set to the VIP even when a non-VIP GUA ... Marcos M
09:28 PM Revision 9bda254d: Uncompress IPv6 before filtering interface addresses. Fix #14785: Marcos M
09:04 PM Bug #14717 (New): A default route can remain after setting the default gateway to None: Marcos M
08:55 PM Regression #14623 (Resolved): Primary interface address is incorrectly set to the last address on the interface: The fix has worked well (the first interface address is used instead of the last). However, fixing this uncovered two... Marcos M
08:53 PM Bug #14725 (Resolved): Primary IPv6 interface address may be incorrect when a ULA is set: Marcos M
08:05 PM pfSense Packages Feature #14786: Add GUI option for host_verify_strict: Keep in mind my concern is not of Apple's use of UPP rather for, when UPP Get requests are used invasively. How can a... Jonathan Lee
07:49 PM pfSense Packages Feature #14786 (Duplicate): Add GUI option for host_verify_strict: Ref for research of UPP get requests:
https://forum.netgate.com/topic/182866/universal-procedure-pointers-upp-mzstat... Jonathan Lee
02:23 PM Revision fe8ce610: Remove /etc/rc from excludes since we do not have a rc package anymore: Brad Davis
12:17 PM pfSense Packages Regression #14024 (Resolved): PHP error in HAProxy Widget with Show Client Traffic enabled: I couldn't reproduce this issue.
Tested against:... Danilo Zrenjanin
10:33 AM pfSense Packages Regression #14445 (Resolved): HAProxy PHP error /usr/local/www/haproxy/haproxy_global.php:138: I can not reproduce this issue.
Tested on packages:
HAproxy 0.63_1
haproxy-devel 0.63_1
I am marking this cas... Danilo Zrenjanin
12:22 AM Bug #14784 (Resolved): Correct name of Gandi LiveDNS: In the DynDNS Client, Gandi's DynDNS service is called "LiveDNS", but it's referred to as "Live DNS" and "Live DNS v6... Kris Phillips

09/14/2023

10:01 PM Bug #14783 (Resolved): List of Dynamic DNS types with split host+domain name is missing several providers: Steps to replicate:
1)Configure Dynamic DNS using "Gandi Live DNS". Input both hostname and domain.
2)Export ov... dylan mendez
06:08 PM Regression #14768 (Resolved): "syslog: unknown facility name "radvd"" error when "Routing Daemon Events (RADVD, UPnP, RIP, OSPF, BGP)" option is enabled: I confirmed this behavior on the:... Danilo Zrenjanin
04:00 PM Regression #14623: Primary interface address is incorrectly set to the last address on the interface: Apologies.
In the original report here and https://github.com/pfsense/pfsense/blob/f106b62cfbed279e8140ffa1edf535de... M Felden
03:47 PM Regression #14623: Primary interface address is incorrectly set to the last address on the interface: M Felden wrote in #note-5:
> I am not convinced #14782 is a duplicate of #14623 as the behavior observed in #14782 w... Jim Pingle
03:42 PM Regression #14623: Primary interface address is incorrectly set to the last address on the interface: I am not convinced #14782 is a duplicate of #14623 as the behavior observed in #14782 was all about GUA and involved ... M Felden
03:38 PM Regression #14781 (Resolved): OpenVPN resync for a specific interface may unintentionally restart OpenVPN instances on unrelated interfaces: Jim Pingle
03:34 PM Regression #14781: OpenVPN resync for a specific interface may unintentionally restart OpenVPN instances on unrelated interfaces: Tested changeset on 23.09,
Don't see OpenVPN restart events anymore. Lev Prokofev
02:35 PM Regression #14781 (Feedback): OpenVPN resync for a specific interface may unintentionally restart OpenVPN instances on unrelated interfaces: Applied in changeset commit:f106b62cfbed279e8140ffa1edf535defb0221ab. Jim Pingle
02:25 PM Regression #14781 (In Progress): OpenVPN resync for a specific interface may unintentionally restart OpenVPN instances on unrelated interfaces: OK I see what happened here. Though at the moment I can still only trigger it by forcefully disabling an interface an... Jim Pingle
12:42 PM Regression #14781: OpenVPN resync for a specific interface may unintentionally restart OpenVPN instances on unrelated interfaces: Agree but the OpenVPN server and clients are listening on the WAN interface and have nothing with the OPT10 interface... Lev Prokofev
12:26 PM Regression #14781 (Not a Bug): OpenVPN resync for a specific interface may unintentionally restart OpenVPN instances on unrelated interfaces: That is expected and intended behavior. When an interface event occurs, daemons bound to that interface will be resta... Jim Pingle
10:53 AM Regression #14781: OpenVPN resync for a specific interface may unintentionally restart OpenVPN instances on unrelated interfaces: Update:
Not related to the gateway on LAN, and reproducible on 23.05.1
here I disable OPT10 Interface that is s... Lev Prokofev
09:41 AM Regression #14781 (Resolved): OpenVPN resync for a specific interface may unintentionally restart OpenVPN instances on unrelated interfaces: Tested on ... Lev Prokofev
03:37 PM Bug #14782 (Duplicate): RFC 2136 Dynamic DNS client selects a virtual IPv6 address instead of statically configured WAN Ipv6 address: Looks like it's almost certainly a duplicate of #14623 Jim Pingle
03:15 PM Bug #14782 (Duplicate): RFC 2136 Dynamic DNS client selects a virtual IPv6 address instead of statically configured WAN Ipv6 address: 2.7.0
WAN IPv6 address set statically. 2001:db8:5000:5::1/64. Gateway is fe80:: with an interface route %vtnet0
... M Felden
02:39 PM Regression #14736 (Resolved): Unable to select PFS Group for individual Phase 2 configurations if Mobile Client global override is not selected: Danilo Zrenjanin
02:39 PM Regression #14736: Unable to select PFS Group for individual Phase 2 configurations if Mobile Client global override is not selected: Tested on :... Danilo Zrenjanin
02:29 PM Bug #14738 (Resolved): IPsec restart in CARP event scripts does not check VIP properly and never runs: Jim Pingle
02:28 PM Bug #14738: IPsec restart in CARP event scripts does not check VIP properly and never runs: I stand corrected after my config's review - patch is working Georgiy Tyutyunnik
12:45 PM Bug #14738: IPsec restart in CARP event scripts does not check VIP properly and never runs: Georgiy Tyutyunnik wrote in #note-2:
> Reproduced the issue on
> 23.05.1-RELEASE (amd64)
> built on Wed Jun 28 03:... Jim Pingle
12:41 PM Bug #14738: IPsec restart in CARP event scripts does not check VIP properly and never runs: Reproduced the issue on
23.05.1-RELEASE (amd64)
built on Wed Jun 28 03:57:27 UTC 2023
FreeBSD 14.0-CURRENT
IPSe... Georgiy Tyutyunnik
02:26 PM Revision f106b62c: Fix format of OpenVPN cached interface. Fixes #14781: Jim Pingle
01:17 PM Revision d00473a3: status_carp: use the new `pfctl -sc` command: Kristof Provost
01:10 PM Bug #14758: ``status_carp.php`` and ``diag_dump_states.php`` unresponsive with large state tables: I've merged the fix for the pfctl loop, as well as the new 'list creator ids' command.
https://gitlab.netgate.com/pf... Kristof Provost
01:03 PM pfSense Packages Bug #14748: FRR reload script is not executed properly: i using frr webgui setup Route Handling not normal work also. yon Liu
12:57 PM pfSense Packages Regression #14774: Lightsquid won't allow change the password.: Hello Jim.
Other thing, there is a way to create users with lightsquid?
If I type newuser + password and save, ... Peter Moreno
12:55 PM pfSense Packages Bug #14780 (Not a Bug): The assigned Tailscale interface causes the "Network interface mismatch" on booting: Christian McDonald
12:17 PM pfSense Packages Bug #14780: The assigned Tailscale interface causes the "Network interface mismatch" on booting: That is expected, users should not assign the Tailscale interface, it isn't meant to be used that way.
There may n... Jim Pingle
10:13 AM pfSense Packages Bug #14780 (Confirmed): The assigned Tailscale interface causes the "Network interface mismatch" on booting: I can confirm this behavior on the: ... Danilo Zrenjanin
07:16 AM pfSense Packages Bug #14780: The assigned Tailscale interface causes the "Network interface mismatch" on booting: Tested on ... Lev Prokofev
07:09 AM pfSense Packages Bug #14780 (Not a Bug): The assigned Tailscale interface causes the "Network interface mismatch" on booting: If you assign the tailscale0 as the interface, it will cause "Network interface mismatch" during the boot and prevent... Lev Prokofev
12:54 PM Regression #14735 (Feedback): ``arp`` command is not filtering output as expected, behavior changed in FreeBSD: Christian McDonald
09:36 AM pfSense Packages Bug #14711 (Resolved): pfBlocker ASN to IP Address option doesn't work: I am marking this case resolved. Danilo Zrenjanin
09:35 AM pfSense Packages Bug #14711: pfBlocker ASN to IP Address option doesn't work: Yes, I can confirm it works again. ... Danilo Zrenjanin
05:21 AM pfSense Packages Feature #14779 (New): dynamic dns for wireguard peer: Dear team;
we have multiple business with many branches the have smb internet with no static ip address assigned t... Abdulaziz Al-Marwani
12:36 AM Regression #11570 (Feedback): Gateway monitoring services is not always restarted on interface events, which may prevent a WAN from recovering back to an online state: I believe the original issue description is related to the following two issues:
* #14616 (a patch is available)
* ... Marcos M

09/13/2023

11:35 PM Regression #14616 (Feedback): dpinger does not start after renewing DHCP: Applied in changeset commit:c830f50da98b2f91f15163ed21d5b6086f10fc24. Marcos M
11:23 PM Bug #12947 (Feedback): Old IPv6 addresses may continue to be used after DHCP or RA changes: I tested this in 23.09 dev snapshots and am not able to reproduce the issue.
The following are logs from a lease cha... Marcos M
09:39 PM Regression #14039: Limiters have no effect on upload traffic passed by policy routing rules: Marcos M wrote in #note-2:
> The issue can be avoided by creating a floating rule that applies the upload limiter.
... Mike McNabb
09:32 PM pfSense Plus Bug #14778: /usr/local/www/csrf/csrf-magic.php on line 161 PHP Fatal error: Hi Jim,
All-in-all about 140k in size, the largest file has about 2700 CIDR addresses.
I've got a XG7100 that has... Andrew Rojek
07:04 PM pfSense Plus Bug #14778: /usr/local/www/csrf/csrf-magic.php on line 161 PHP Fatal error: How many IP addresses would you say are in those aliases? The GUI isn't capable of handling a ton, usually browsers w... Jim Pingle
06:54 PM pfSense Plus Bug #14778: /usr/local/www/csrf/csrf-magic.php on line 161 PHP Fatal error: Hello Jim,
If memory serves me correctly it's always been related to trying to edit IP Aliases.
Once I've created... Andrew Rojek
04:23 PM pfSense Plus Bug #14778 (Incomplete): /usr/local/www/csrf/csrf-magic.php on line 161 PHP Fatal error: What exact steps did you take that resulted in that error? Include the page filenames specifically and what exactly w... Jim Pingle
04:04 PM pfSense Plus Bug #14778 (Incomplete): /usr/local/www/csrf/csrf-magic.php on line 161 PHP Fatal error: Got this error message when trying to view a small list of CIDR addresses in Firewall->Aliases.
It was followed by a... Andrew Rojek
07:55 PM Revision c830f50d: Remove the cached interface address when killing the dhcp client. Fix #14616: Marcos M
06:29 PM Regression #14755 (In Progress): Intermittent core dump in ``ndp`` when visiting ``diag_ndp.php``: Christian McDonald
06:29 PM Regression #14755: Intermittent core dump in ``ndp`` when visiting ``diag_ndp.php``: Attached is ndp built with debugging symbols for anyone who can reliably replicate this... Christian McDonald
04:45 PM Revision 9e6b1893: Use the real interface name when storing the interface address.: The updated filename aligns with the references in:
find_interface_ip(), delete_old_address(), and add_new_address(). Marcos M
03:51 PM Bug #1819: DNS Resolver Not Registering DHCP Server Specified Domain Name: I left pfSense years ago for a homegrown Linux solution and recently returned. Lots of amazing progress has been made... Mike Pastore
01:03 PM Regression #14735 (Waiting on Merge): ``arp`` command is not filtering output as expected, behavior changed in FreeBSD: https://reviews.freebsd.org/D41839 Christian McDonald
12:25 PM pfSense Packages Feature #14588: Add FRR diagnostic status output plugin: See #14777 for implementation details once that is complete. Jim Pingle
12:24 PM Feature #14777: Status output plugin hook for packages to include their own data: First target is FRR: #14588 Jim Pingle
12:24 PM Feature #14777 (Resolved): Status output plugin hook for packages to include their own data: The status output page (@status.php@) gathers system information that is helpful for diagnosing problems, but it is c... Jim Pingle
12:14 PM Bug #14776: Port forwarding not working properly: What you are describing is explained by a lack of reply-to on the rules as I mentioned in my first response. Post on ... Jim Pingle
11:29 AM Bug #14776: Port forwarding not working properly: You may not understand my question.
For example I have several wiregaurd p2p tunnels，the wg0 public ip is 15.5.5.5... yon Liu

09/12/2023

11:31 PM Regression #14616 (Pull Request Review): dpinger does not start after renewing DHCP: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/1074/
Here's the patch to test.
{{collapse... Marcos M
12:07 AM Regression #14616: dpinger does not start after renewing DHCP: I was able to replicate this on 2.8 dev. The default gateway correctly switches to the tier 2 gateway when the DHCP l... Marcos M
07:21 PM Bug #9889: Cannot validate Certificates against Certificate Revocation Lists for Intermediate Certificate Authorities: Updating subject for release notes. Jim Pingle
07:18 PM Bug #8846: Misleading error message when adding/editing static routes which use a gateway on a disabled interface: Updating subject for release notes. Jim Pingle
07:10 PM Bug #13776 (Feedback): Some functions fail if the Language does not exactly match an available Locale: Applied in changeset commit:6ce83e7455ea35243e2bd0645651ca22b43bc569. Jim Pingle
06:30 PM Bug #13776 (In Progress): Some functions fail if the Language does not exactly match an available Locale: It looks like the easiest path forward is to rename our translation directories and the internal IDs to match the bas... Jim Pingle
07:00 PM Revision 6ce83e74: Align pfSense and OS locale names. Fixes #13776: Jim Pingle
06:19 PM pfSense Plus Regression #14436 (Closed): Upgrades from 23.05-RC/beta/dev fail server authentication: This was fixed before 23.05 released. Jim Pingle
06:19 PM Bug #14776 (Not a Bug): Port forwarding not working properly: That is almost certainly something in your configuration. Inbound NAT such as port forwards will work on any interfac... Jim Pingle
06:16 PM Bug #14776 (Not a Bug): Port forwarding not working properly: when I creat wiregaurd vpn tunnel and setup NAT rule, if Default gateway IPv4 not setup the wiregaurd interface, th... yon Liu
06:01 PM Bug #14758: ``status_carp.php`` and ``diag_dump_states.php`` unresponsive with large state tables: I have a fix for the infinite pfctl loop, and in-progress patches for the improved code to retrieve creator ids. It o... Kristof Provost
05:04 PM Bug #14758: ``status_carp.php`` and ``diag_dump_states.php`` unresponsive with large state tables: Bumping this ahead. It would be nice to fix but I don't think it's a release blocker. Jim Pingle
05:46 PM Bug #13704 (Resolved): Refactor IPsec code using config access functions: Looks like most if not all of this was already committed. See commit:264198a5a69c0ea45726ccb4c0682f1f0cd5e8a9
It m... Jim Pingle
05:45 PM pfSense Packages Regression #14739 (Resolved): PHP error with lightsquid when generating an SSL certificate: Resolved with 3.0.7_1. Marcos M
05:04 PM pfSense Packages Regression #14739 (Feedback): PHP error with lightsquid when generating an SSL certificate: Jim Pingle
05:29 PM Feature #14483: Conditionally reconfigure IPsec VTI interfaces only when necessary while applying IPsec changes: We're are still working on this, but it is going to take more time to untangle this than we have for it to make this ... Jim Pingle
05:20 PM Regression #14735: ``arp`` command is not filtering output as expected, behavior changed in FreeBSD: The problem here is that the behavior of the @arp@ command has changed. Running @arp -n <ip addr>@ used to limit the ... Jim Pingle
03:31 PM pfSense Packages Bug #14775 (New): FRR LocPrf and Weight is forced to 0: frr8-8.5.2
Because some upstream routes show that LocPrf and Weight are 0. FRR LocPrf and Weight is forced to 0
... yon Liu
02:55 PM Todo #14769 (Feedback): Increase timeout for password entry when restoring an encrypted configuration via ECL: Applied in changeset commit:c449bcafcffef37bf0a3818a00f719939ccbd8b4. Jim Pingle
02:47 PM Todo #14769 (In Progress): Increase timeout for password entry when restoring an encrypted configuration via ECL: Bumping up that timeout to 60s should be safe. I'll commit that shortly.
Updating the subject and issue type to mo... Jim Pingle
09:02 AM Todo #14769: Increase timeout for password entry when restoring an encrypted configuration via ECL: I think it is the ECL he didnt specify which link, but told me the process in more detail which sounds like the ECL t... Chris Collins
02:47 PM Revision c449bcaf: Increase ECL passwd prompt timeout. Fixes #14769: Jim Pingle
02:40 PM Regression #14773 (Not a Bug): Unable to boot pfSense after installation on Proxmox VE 8.x: Thanks for following up.
We have seen some similar reports in the past but they were all issues with the Hyperviso... Jim Pingle
02:30 PM Regression #14773: Unable to boot pfSense after installation on Proxmox VE 8.x: The systems were installed using ZFS. Following your suggestion here https://forum.netgate.com/topic/182742/pfsense-2... Christopher de Haas
12:16 PM Regression #14773: Unable to boot pfSense after installation on Proxmox VE 8.x: It works fine in Proxmox VE 7.x, so something must have changed in 8.x, so there is only so much we can do there. It ... Jim Pingle
08:51 AM Regression #14773: Unable to boot pfSense after installation on Proxmox VE 8.x: Also found this redmine issue which may be related https://redmine.pfsense.org/issues/13895 Christopher de Haas
08:48 AM Regression #14773 (Not a Bug): Unable to boot pfSense after installation on Proxmox VE 8.x: I have multiple new pfSense 2.7 installations that are unable to boot after installation. Also tested with pfSense 23... Christopher de Haas
02:17 PM pfSense Packages Regression #14774 (Feedback): Lightsquid won't allow change the password.: I pushed a fix for this, it will be available shortly. Jim Pingle
01:42 PM pfSense Packages Regression #14774 (Resolved): Lightsquid won't allow change the password.: I had the latest version of lightsquid 1.8.5 3.0.7_2.
Is not accepting new password for the user 'admin'.
It wo... Peter Moreno
12:15 PM Bug #14634: The default gateway icon is not updated when the default gateway is changed to none: >however the globe icon does remain even when the default gateway is set to None
yes, it is this. and default route ... yon Liu
12:11 PM Bug #14717: A default route can remain after setting the default gateway to None: frr has no setup ipv6 default gateway.so WAN pppoe auto setup default gateway in pfsense. yon Liu
12:07 PM Bug #14717: A default route can remain after setting the default gateway to None: my frr only has ipv6 bgp sessions, no ipv4 bgp session. frr has no setup ipv4 default gateway yon Liu
12:32 AM Bug #14717 (Feedback): A default route can remain after setting the default gateway to None: Marcos M
12:31 AM Bug #14717: A default route can remain after setting the default gateway to None: It's possible that frr is playing a part here - please try reproducing the issue with frr disabled or removed. For ex... Marcos M
12:10 PM Regression #14727 (Resolved): PCH Temperature missing from Thermal Sensors: Jim Pingle
01:09 AM Regression #14727: PCH Temperature missing from Thermal Sensors: 23.09-DEVELOPMENT (amd64)
built on Thu Sep 07 06:05:43 UTC 2023
FreeBSD 14.0-ALPHA2
Confirm PCH temp is presented Ted Quade

09/11/2023

09:54 PM Bug #14634 (Feedback): The default gateway icon is not updated when the default gateway is changed to none: I tried replicating this on 2.8 dev. The default routes themselves are removed (see Diagnostics > Routes), however th... Marcos M
07:30 PM Feature #14746 (Feedback): Method for users to customize shell initialization behavior: Applied in changeset commit:61be9dccb422718ca85351795e64d9558a851658. Jim Pingle
07:28 PM Feature #14746: Method for users to customize shell initialization behavior: I just pushed a commit that implements "local" versions of @.profile@, @.shrc@, and @.tcshrc@ which are, respectively... Jim Pingle
07:27 PM Revision 490e61c2: Remove leftover debugging menu bypass. Issue #14746: It is not compatible with console autologin, so this shouldn't be kept in place. Jim Pingle
07:22 PM Revision 61be9dcc: Allow users to customize shell init behavior. Implements #14746: Jim Pingle
06:51 PM pfSense Plus Bug #14772 (New): PFsense Plus doesn't work with AWS new Instance Metadata Service (IMDSv2): AWS has an updated version of their metadata service (IMDS) that is designed to add some defense-in-depth (see https:... Cameron Epp
06:00 PM Bug #8846 (Feedback): Misleading error message when adding/editing static routes which use a gateway on a disabled interface: Applied in changeset commit:ec5fca391c67d3f4453545efe862382d2c04bb4d. Jim Pingle
05:27 PM Bug #8846 (In Progress): Misleading error message when adding/editing static routes which use a gateway on a disabled interface: Jim Pingle
05:50 PM Revision ec5fca39: Try alt. way of validating route GW fam. Fixes #8846: The when passed a gaetway name, the function won't see a gateway
for a disabled interface as valid. Thus, since we ha... Jim Pingle
04:31 PM Regression #14768: "syslog: unknown facility name "radvd"" error when "Routing Daemon Events (RADVD, UPnP, RIP, OSPF, BGP)" option is enabled: Fixed, thanks, Marcos! Vladimir Suhhanov
04:15 PM Regression #14768: "syslog: unknown facility name "radvd"" error when "Routing Daemon Events (RADVD, UPnP, RIP, OSPF, BGP)" option is enabled: Applied in changeset commit:6aa3f8b5243d54ed48507df25d92e7a664856e1e. Marcos M
04:12 PM Regression #14768 (Feedback): "syslog: unknown facility name "radvd"" error when "Routing Daemon Events (RADVD, UPnP, RIP, OSPF, BGP)" option is enabled: Fixed with @6aa3f8b5243d54ed48507df25d92e7a664856e1e@. A @!@ was missing which denotes a program rather than a facility. Marcos M
04:08 PM Revision 6aa3f8b5: Correct program reference in syslog config. Fix #14768: Marcos M
03:57 PM pfSense Packages Regression #14739: PHP error with lightsquid when generating an SSL certificate: Fixed in commit @9be9459ba796313087ca34b63c3deee7f181faea@ it will be in the next snapshot builds. Jim Pingle
03:32 PM pfSense Packages Regression #14739 (In Progress): PHP error with lightsquid when generating an SSL certificate: The new fix wasn't quite right (has a couple incorrect variable references. New fix coming momentarily. Jim Pingle
03:56 PM pfSense Packages Bug #14771: Lightsquid creating multiple SSL certificates, not starting: I pushed a fix for this ( @52f6d98647b961eefa693ca3ab793785befd3a5d@ ), it should be available soon.
The fix could... Jim Pingle
03:47 PM pfSense Packages Bug #14771 (In Progress): Lightsquid creating multiple SSL certificates, not starting: I take that back, it's not related, but I fixed it when I fixed the other issue. Though when I fixed that, I used fun... Jim Pingle
03:40 PM pfSense Packages Bug #14771 (Duplicate): Lightsquid creating multiple SSL certificates, not starting: This is from the change in #14739 -- that one is still open (in feedback state) so I'm closing this and noting the fi... Jim Pingle
02:14 PM pfSense Packages Bug #14771 (Resolved): Lightsquid creating multiple SSL certificates, not starting: Hello we update lightsquid the latest version and we found that stop working.
Every time we try to access the repo... Peter Moreno
03:10 PM Bug #14767: Kernel textdumps are not recovered properly on systems with multiple swap partitions: Tested, works fine. Thanks, Jim.
Vladimir Suhhanov
02:05 PM Bug #14767 (Feedback): Kernel textdumps are not recovered properly on systems with multiple swap partitions: Applied in changeset commit:17630ffa48e33def331a65ee50f1ba1d2c3a5de5. Jim Pingle
01:15 PM Bug #14767 (In Progress): Kernel textdumps are not recovered properly on systems with multiple swap partitions: The problem isn't with rc.dumpon, it's in rc.savecore.
The OS supports multiple dump devices and it can use them a... Jim Pingle
01:58 PM Revision 17630ffa: Check all dump devices for crash dumps. Fixes #14767: Jim Pingle
01:57 PM Todo #14769: Increase timeout for password entry when restoring an encrypted configuration via ECL: I will be back hopefully soon with confirmation. Chris Collins
12:34 PM Todo #14769 (Incomplete): Increase timeout for password entry when restoring an encrypted configuration via ECL: Exactly which method were they using to restore the encrypted config.xml?
Was it on a "USB drive during the instal... Jim Pingle
12:49 PM Bug #14518 (Closed): pfSense CrashLog on 2.7.0RC Upgrade: Jim Pingle
12:15 PM Feature #14047 (Resolved): Options to control Intel Speed Shift: Jordan G wrote in #note-11:
> I didn't see any gui toggle when testing 23.09-DEVELOPMENT-amd64-20230909-1856, I was ... Jim Pingle
01:28 AM Feature #14047: Options to control Intel Speed Shift: Jim Pingle wrote in #note-9:
> Applied in changeset commit:93f8b28797a2b618f96589c916128019231f027e.
Tested since... Ronald Schellberg
03:14 AM pfSense Packages Feature #14770: Search for addresses and ports optimization: I understand there is a note for admins to use regex style but there really should be a simplier way....
a seperate ... Mike Moore
02:57 AM pfSense Packages Feature #14770 (New): Search for addresses and ports optimization: The search field for source IP addresses requires a bit of optimization.
If you search for source IP 192.168.3.3 the... Mike Moore

09/10/2023

05:29 PM Bug #13707: Unbound not binding to LAN on startup when explicitly set: Now testing the SG-2100 with 23.05.1 for the similar setup but with multiple Wireguards instead of multiple OpenVPNs.... robotox sysadmin
03:46 PM Todo #14769 (Resolved): Increase timeout for password entry when restoring an encrypted configuration via ECL: Reporting on behalf of a friend, he installed 2.7.0 fresh using a password protected backup, as he was typing the pas... Chris Collins
03:32 PM pfSense Packages Bug #14748: FRR reload script is not executed properly: yes, Now any changes need to restart the frr service to take effect. yon Liu
08:21 AM Regression #14768 (Resolved): "syslog: unknown facility name "radvd"" error when "Routing Daemon Events (RADVD, UPnP, RIP, OSPF, BGP)" option is enabled: 23.09 latest snapshot, go to Status/System Logs/Settings
find and enable “Routing Daemon Events (RADVD, UPnP, RIP, ... Vladimir Suhhanov
08:11 AM Bug #14767 (Resolved): Kernel textdumps are not recovered properly on systems with multiple swap partitions: ZFS guided auto-install, selected zfs-mirror, two disks.
As a result we have two swap partitions in fstab
@
# D... Vladimir Suhhanov
03:15 AM Regression #14138: Kernel Panic in ``rtsock_msg_mbuf``: All I can say is I haven’t seen it since the 23.05.01 upgrade. It’s not something I could directly trigger. Stephen Baines
01:56 AM Regression #14138: Kernel Panic in ``rtsock_msg_mbuf``: Stephen,
Can you please re-test on 23.05.1? The associated redmine is marked as Resolved for this release, so thi... Kris Phillips
02:34 AM Feature #14047: Options to control Intel Speed Shift: I didn't see any gui toggle when testing 23.09-DEVELOPMENT-amd64-20230909-1856, I was testing virtualized but it was ... Jordan G
02:11 AM Feature #13377: Option to configure a custom value for the PHP memory limit: still seeing a negative number suggested for the higher limit on system with <1gb RAM running 23.09-DEVELOPMENT-amd64... Jordan G
01:54 AM Bug #14518: pfSense CrashLog on 2.7.0RC Upgrade: This can be closed as the RC is now RELEASE and there doesn't appear to be any more issues. Kris Phillips
01:53 AM pfSense Packages Regression #14739: PHP error with lightsquid when generating an SSL certificate: Hello.
Does this bug is related to the error about lightsquid creating certs each we try to access the reports and w... Peter Moreno

09/09/2023

11:16 PM Feature #14766 (New): i225/i226 based NICs not recognized for CE install/virtualized instances freezing: Intel's information for i225/6 based network cards states they both require pcie gen 3.1 for interface. This requires... Jordan G
08:31 PM Bug #14579: PHP error in ``handle_wireless_post()`` when toggling some wireless interface options: Crash report begins. Anonymous machine information:
amd64
14.0-CURRENT
FreeBSD 14.0-CURRENT #1 RELENG_2_7_0-n25... Michael Pfsense
08:31 PM Bug #14579: PHP error in ``handle_wireless_post()`` when toggling some wireless interface options: I also have this problem when trying to take a wificard interface from SSID broadcast to no SSID broadcast on 2.7.0-R... Michael Pfsense
07:34 PM Feature #14765 (Rejected): DHCPv6 is limited to DUID and unable to consider IAID: In DHCPv6, the client identifier is not the MAC Address anymore. That concept is replaced with the DUID. If the same ... Jacques Bourdeau
07:08 PM pfSense Packages Regression #14764 (Confirmed): HAProxy local syslog not working: HAProxy package v0.63_1
Setting the syslog host to @/var/run/log@ in the HAProxy settings doesn't produce any entr... Michael Vincent

09/08/2023

10:45 PM pfSense Plus Regression #14171: High Availability Setup with Gateway to secondary pfSense not working - No Internet: The @-iface@ parameter is only specified if the gateway value is a MAC address ("source":https://github.com/pfsense/p... Marcos M
09:11 PM pfSense Packages Bug #14711: pfBlocker ASN to IP Address option doesn't work: It seems to be working again for me! Hayden Hill
07:49 PM pfSense Packages Feature #9833: ACME: add ability to use custom ACME server: +1 for me too. I'd like to set it up with FreeIPA 4.9 as it starts to support the ACME protocol for certificates. Ben Tyger
07:15 PM Todo #14750: Automatically configure PF states hash table size: Indeed I meant @net.pf.states_hashsize@. Marcos M
07:03 PM Todo #14750: Automatically configure PF states hash table size: Updating subject for release notes.
The original description here doesn't match what was committed. The commit is ... Jim Pingle
07:00 PM Regression #14569: ``bnxt(4)`` driver errors: Updating subject for release notes. Jim Pingle
06:59 PM Feature #14731: Unbound Advanced Settings entry for ``sock-queue-timeout``: Updating subject for release notes. Jim Pingle
05:09 PM pfSense Plus Bug #14763 (Rejected): Editing Static Routes: I can't reproduce this on 23.05.1 or elsewhere. There may be something specific in your setup that's contributing, bu... Jim Pingle
04:43 PM pfSense Plus Bug #14763 (Rejected): Editing Static Routes: Unable to edit static routes - when saving, the page tells you the route already exists as if it's trying to create a... Sean Huggans
04:48 PM Revision 94eaa720: Remove config.xml now that it is migrated to a port sysutils/pfSense-default-config*: Brad Davis
03:58 PM Feature #14047: Options to control Intel Speed Shift: Tested against:
pfSense release:... Danilo Zrenjanin
03:21 PM Bug #14758: ``status_carp.php`` and ``diag_dump_states.php`` unresponsive with large state tables: I believe the problem is that we're overflowing the size field in the DIOCGETSTATESV2 call, and that's causing confus... Kristof Provost
07:05 AM Bug #14758: ``status_carp.php`` and ``diag_dump_states.php`` unresponsive with large state tables: So the lack of kernel stack as well as the lack of truss output (reported on Slack) would point in the direction of t... Kristof Provost
02:42 PM Feature #14762 (New): Support X25519 and X448 public key algorithms in certificates: Currently there is no support for certificates using X25519 and X448 public keys. Importing certificates with such ke... Jim Pingle
01:42 PM Feature #14761: Select multiple config backups in history to delete: Pull request:
https://github.com/pfsense/pfsense/pull/4648 Phil Wardt
01:41 PM Feature #14761 (Pull Request Review): Select multiple config backups in history to delete: Add option to select multiple configs from the backup history so that they can be deleted at once
Report in GUI the ... Phil Wardt
05:39 AM pfSense Packages Bug #14748 (Confirmed): FRR reload script is not executed properly: I can confirm this behavior, the Frr keeps the neighbor config until the restart of the service
tested on
<pre... Lev Prokofev
02:05 AM pfSense Packages Feature #14539: Add support for Oracle Cloud Infrastructure (OCI) vNIC management to work with unicast CARP: Package PR: https://github.com/pfsense/FreeBSD-ports/pull/1291
With initial commit to introduce this capability. James George

09/07/2023

06:18 PM Todo #14732 (Resolved): Update Unbound to 1.18.0: Christian McDonald
05:07 PM Bug #9889: Cannot validate Certificates against Certificate Revocation Lists for Intermediate Certificate Authorities: Added to System Patches: https://github.com/pfsense/FreeBSD-ports/commit/ade361d4fbbaf4c40b55fdd0838e6b1594b5f801 Jim Pingle
04:39 PM Bug #9889 (Feedback): Cannot validate Certificates against Certificate Revocation Lists for Intermediate Certificate Authorities: We received a submission privately from "MalteHillmann":https://github.com/MalteHillmann with a fix for this. It's a ... Jim Pingle
04:07 PM pfSense Packages Bug #14760 (New): When RPKI is enabled for filtering, no upstream routes are received: When RPKI is enabled for filtering, no upstream routes are received.
route-map RPKI deny 20
match rpki invalid
... yon Liu
04:05 PM pfSense Plus Bug #14759 (Rejected): openvpn not show Client Certificate: This site is not for support or diagnostic discussion.
For assistance in solving problems, please post on the "Net... Jim Pingle
04:02 PM pfSense Plus Bug #14759 (Rejected): openvpn not show Client Certificate: openvpn not show Client Certificate,The previous pfsense version showed normal
23.09-DEVELOPMENT (amd64)
built on... yon Liu
03:46 PM pfSense Plus Bug #14752: PHP Request Shutdown: Cannot use output buffering in output buffering display handlers in Unknown on line 0: Fatal error: Allowed memory size of 536870912 bytes exhausted (tried to allocate 526385168 bytes) in /usr/local/www/s... yon Liu
02:57 PM Revision 109c8115: Remove pfSense-rc before moving it to ports: Brad Davis
02:53 PM Bug #14758: ``status_carp.php`` and ``diag_dump_states.php`` unresponsive with large state tables: Kristof Provost wrote in #note-2:
> Replicating what I said in Slack: it'd be good to attach truss to one of the pfc... Kris Phillips
07:26 AM Bug #14758: ``status_carp.php`` and ``diag_dump_states.php`` unresponsive with large state tables: Replicating what I said in Slack: it'd be good to attach truss to one of the pfctl processes, to see what it's doing.... Kristof Provost
12:21 AM Bug #14758: ``status_carp.php`` and ``diag_dump_states.php`` unresponsive with large state tables: The command run on the CARP status page shows the list of creator IDs for all sync'd states:... Steve Wheeler
12:12 AM Bug #14758 (Resolved): ``status_carp.php`` and ``diag_dump_states.php`` unresponsive with large state tables: When attempting to load the CARP Status Page or States Diagnostics page in pfSense Plus when there is 2-3 Million Sta... Kris Phillips
02:39 PM Revision 095d14fa: Add pfSense-default-config and pfSense-default-config-serial to the pkg list: Brad Davis
12:54 PM pfSense Packages Bug #14460: PHP Fatal error: Uncaught TypeError: Cannot access offset of type string on string in /usr/local/pkg/haproxy/haproxy.inc:2158: Will open issue in TAC asap.
Currently I don't have a GUI ... because the LE-Cert-Renewal fails because of the non-wo... Stefan Weichinger
12:52 PM pfSense Packages Bug #14460: PHP Fatal error: Uncaught TypeError: Cannot access offset of type string on string in /usr/local/pkg/haproxy/haproxy.inc:2158: Stefan Weichinger wrote in #note-12:
> I have a 2nd pfSense (SG1100) that also has HAproxy not starting.
> Should I... Jim Pingle
12:42 PM pfSense Packages Bug #14460: PHP Fatal error: Uncaught TypeError: Cannot access offset of type string on string in /usr/local/pkg/haproxy/haproxy.inc:2158: I have a 2nd pfSense (SG1100) that also has HAproxy not starting.
Should I open a new issue in TAC, may I post the r... Stefan Weichinger
12:40 PM Bug #14757: Special character encoding - crash on save / config restore: Hi,
the comment was in there bevore we updates to the new Version 2.7.0 not the 23.05.1.
Also the issue ocurred when... Alex G
10:44 AM Bug #14757: Special character encoding - crash on save / config restore: I couldn't reproduce that issue if I entered the same description for a group directly in the 23.05.1 release.
... Danilo Zrenjanin
07:31 AM pfSense Plus Regression #14378: Packages are not removed when using the hardware reset button: The issue persists on:... Danilo Zrenjanin
07:15 AM pfSense Plus Regression #14378: Packages are not removed when using the hardware reset button: The issue persists on :... Danilo Zrenjanin

09/06/2023

10:14 PM Bug #14757: Special character encoding - crash on save / config restore: The caracter in the description is encoded like this... Alex G
10:14 PM Bug #14757 (New): Special character encoding - crash on save / config restore: I have posted this in the forum and could verify / reproduce the problem.
I upgraded from version 2.6.0 to 2.7.0 and... Alex G
08:47 PM Bug #14756 (Resolved): Link loss causes interfaces configured as Track Interface for IPv6 to lose their IPv4 addresses: An interface configured as 'Track Interface' for IPv6 will lose it's static IPv4 address if the NIC link is brought d... Steve Wheeler
07:55 PM Bug #14609 (Feedback): Update check in GUI does not always honor the configured proxy settings: Applied in changeset commit:3c8a408116c01d74fd114d8cc143b0f550bf00c5. Jim Pingle
07:45 PM Bug #14609 (In Progress): Update check in GUI does not always honor the configured proxy settings: Jim Pingle
07:45 PM Revision 3c8a4081: Rewrite update_repos(). Fixes #14609: Rewrite update_repos() to use process_open() style execution with a full
pkg-style environment. This allows it to ful... Jim Pingle
06:30 PM pfSense Packages Feature #14032: Neighbor Discovery Proxy (NDproxy): The port does not currently build on FreeBSD 14 according to:
https://gitlab.com/FreeBSD/freebsd-ports/-/commit/d738... Marcos M
06:21 PM Bug #13218 (Resolved): GIF-based interface MTU is assigned to parent interface on boot when parent interface is a LAGG: The patch fixes it.
I am marking this ticket resovled. Danilo Zrenjanin
06:17 PM Bug #13218: GIF-based interface MTU is assigned to parent interface on boot when parent interface is a LAGG: I reproduced the issue on the following version:... Danilo Zrenjanin
05:50 PM Bug #14717: A default route can remain after setting the default gateway to None: This problem also exists in pfsense 23.09 version. This also brings about a side problem. The local ISP wan pppoe ipv... yon Liu
05:35 PM Bug #12938 (Feedback): Incorrect warning from ``radvd`` about ``AdvRDNSSLifetime`` value: Applied in changeset commit:7dd12384e42233149d971a8a1333383eb4891ae5. Marcos M
05:34 PM Regression #14755: Intermittent core dump in ``ndp`` when visiting ``diag_ndp.php``: Just checked and both ndp -an and ndp -na work via the CLI, so regression limited to the GUI. For me the issue is n... Rob A
05:25 PM Regression #14755 (Resolved): Intermittent core dump in ``ndp`` when visiting ``diag_ndp.php``: In certain cases when visiting @diag_ndp.php@ the NDP table is empty and @ndp@ has dumped core:... Jim Pingle
05:22 PM Revision 7dd12384: Only log radvd level err and higher by default. Fix #12938: Previous behavior can be restored under System > Advanced > Networking Marcos M
05:17 PM Revision 70d588b8: Align indentation in syslogd conf file: Marcos M
05:11 PM Regression #14431: Sending IPv6 traffic on a disabled interface can trigger a kernel panic: Issue remains 'live' with 23.09 dev. Details of the first crash on this version, triggered this time by taking the W... Rob A
04:35 PM Regression #14431: Sending IPv6 traffic on a disabled interface can trigger a kernel panic: I have switched to 23.09 dev as that is where most of the activity is focused. I will monitor and update if this iss... Rob A
04:58 PM pfSense Plus Bug #14752: PHP Request Shutdown: Cannot use output buffering in output buffering display handlers in Unknown on line 0: It appeared when I visited the pfsense homepage, but I don’t know what it is related to.I'll report back to you as so... yon Liu
12:02 PM pfSense Plus Bug #14752 (Incomplete): PHP Request Shutdown: Cannot use output buffering in output buffering display handlers in Unknown on line 0: There isn't nearly enough information there to tell anything. We need to know how to reproduce it, the page it happen... Jim Pingle
10:19 AM pfSense Plus Bug #14752 (Incomplete): PHP Request Shutdown: Cannot use output buffering in output buffering display handlers in Unknown on line 0: amd64
14.0-ALPHA2
FreeBSD 14.0-ALPHA2 amd64 1400094 #1 plus-devel-main-n256133-bef8dca4536: Tue Sep 5 06:26:19 UTC... yon Liu
04:50 PM Todo #14750 (Feedback): Automatically configure PF states hash table size: Applied in changeset commit:5224e0b2416ac93b3562374fef1c3537f7af4003. Marcos M
04:49 PM Regression #14727 (Feedback): PCH Temperature missing from Thermal Sensors: Will be included in the next nightly snapshot Brad Davis
04:41 PM Revision 5224e0b2: Automatically configure the state hash tables size. Implement #14750: Marcos M
03:37 PM pfSense Docs Correction #14697 (Resolved): Need to fix TNSR examples recipes: Fixed, thanks!
You might have to clear your cache to pick up the images since the names are the same, I just correct... Jim Pingle
03:25 PM Feature #14731 (Feedback): Unbound Advanced Settings entry for ``sock-queue-timeout``: Applied in changeset commit:19f6d85f5c0401ebd849b50941fc81106e903d17. Marcos M
03:06 PM Feature #14731: Unbound Advanced Settings entry for ``sock-queue-timeout``: Changed from a subtask to "follows" otherwise this would prevent us from closing the Unbound update task until this w... Jim Pingle
02:59 PM Feature #14731: Unbound Advanced Settings entry for ``sock-queue-timeout``: Unbound has now been updated to 1.18.0, this is now ready to land Christian McDonald
02:58 PM Feature #14731 (Pull Request Review): Unbound Advanced Settings entry for ``sock-queue-timeout``: Christian McDonald
03:14 PM Revision 19f6d85f: Add unbound option sock-queue-timeout to the GUI. Implement #14731: Marcos M
02:58 PM Todo #14732 (Feedback): Update Unbound to 1.18.0: Christian McDonald
02:53 PM pfSense Packages Bug #14754: Snort security issue bug within tcp/UDP scan detection blocking tool DoS event: Please Note:
bugs@snort.org does not respond to any emails with the report listed above. If you are reading this ... Jonathan Lee
02:52 PM pfSense Packages Bug #14754: Snort security issue bug within tcp/UDP scan detection blocking tool DoS event: Per Netgate Security Team on August 25, 2023 at 5:17:05 AM PDT:
Hello,
The Snort package for pfSense software i... Jonathan Lee
02:50 PM pfSense Packages Bug #14754 (Not a Bug): Snort security issue bug within tcp/UDP scan detection blocking tool DoS event: *Version:*
Snort 4.1.6_8 built on pfSense plus Netgate 2100 appliance running an ARM processor. Package is prebuilt... Jonathan Lee
01:58 PM pfSense Packages Bug #14753: pfBlockerNG sync issues: Tested on pfSense 23.05.1 and pfBlocker 3.2.0_6 and can confirm such issue. aleksei prokofiev
01:50 PM pfSense Packages Bug #14753 (New): pfBlockerNG sync issues: pfBlockerNG sync user's password may cause sync issues and be recognised as an attacker by sshguard if it's password ... Georgiy Tyutyunnik
11:46 AM Bug #13687: Cannot add limiters named ``new``: Still the issue on the dev build... Lev Prokofev
08:57 AM Feature #14751 (New): OpenVPN CSO option to control duplicate connections per a specific client: It would be beneficial to have an option in the Client Specific Overrides to enable/disable duplicate connections per... Danilo Zrenjanin
08:11 AM Bug #13903 (Resolved): PPPoE Server address input validation is incorrectly allowing IPv6: The patch fixes the reported issue.
I am marking this case resolved. Danilo Zrenjanin

09/05/2023

09:35 PM Todo #14750 (Pull Request Review): Automatically configure PF states hash table size: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/1072 Marcos M
08:07 PM Todo #14750 (Resolved): Automatically configure PF states hash table size: See @net.pf.states_hashsize@ in pf(4):
> Size of hash tables that store states. Should be power of 2. Default value ... Marcos M
09:33 PM Feature #14731: Unbound Advanced Settings entry for ``sock-queue-timeout``: suggest changing the description on this to include "Unbound" Jim Thompson
08:27 PM Feature #12522: More GUI options for OpenVPN Client-Specific Overrides: I pushed a clean version for 2.7
Hope it can be reviewed
https://github.com/pfsense/pfsense/pull/4570
Preview link:... Phil Wardt
08:04 PM pfSense Packages Bug #14668: FRR BGP route is not making into kernel route table after WireGuard's peer change is applied: please upgrade pf23.09 and frr 8.5.2 for test yon Liu
07:58 PM pfSense Packages Bug #12951: FRR cannot remove IPv6 routes: https://github.com/FRRouting/frr/issues/14205
23.09-DEVELOPMENT (amd64)
built on Tue Sep 05 05:55:55 UTC 2023... yon Liu
07:57 PM pfSense Docs Todo #14749 (Duplicate): Feedback on pfSense® software Configuration Recipes — Connecting OpenVPN Sites with Conflicting IP Subnets: No need to open new duplicate issues, just reply on the old one. We can reopen if needed.
Jim Pingle
07:55 PM pfSense Docs Todo #14749 (Duplicate): Feedback on pfSense® software Configuration Recipes — Connecting OpenVPN Sites with Conflicting IP Subnets: *Page:* https://docs.netgate.com/pfsense/en/latest/recipes/openvpn-nat-subnets-conflict.html
*Feedback:*
Please... Joshua Diamant
07:56 PM pfSense Docs Todo #14737: Feedback on pfSense® software Configuration Recipes — Connecting OpenVPN Sites with Conflicting IP Subnets: Those examples are meant to be that way, they are talking about entire subnets, not specific single addresses.
Esp... Jim Pingle
07:53 PM pfSense Docs Todo #14737: Feedback on pfSense® software Configuration Recipes — Connecting OpenVPN Sites with Conflicting IP Subnets: Hi @Jim Pingle - here are some examples
Site 0 - 10.1.1/24
Site 1 - 192.168.0/24 -> 10.10.1/24
Site 2 - 192.168.... Joshua Diamant
07:23 PM pfSense Docs Todo #14737 (Rejected): Feedback on pfSense® software Configuration Recipes — Connecting OpenVPN Sites with Conflicting IP Subnets: I reviewed the examples on that page and the addresses appear to line up properly as far as I can see.
There are t... Jim Pingle
07:51 PM Feature #13377: Option to configure a custom value for the PHP memory limit: Should allow the user to fill in the PHP memory according to the total memory capacity of the server yon Liu
07:39 PM pfSense Packages Bug #14748 (Feedback): FRR reload script is not executed properly: I deleted frr Neighbors through webgui, but it was not deleted in frr.
That is, the deletion operation through pf... yon Liu
07:13 PM pfSense Docs Todo #14656 (Resolved): Feedback on Interface Types and Configuration — LAGG (Link Aggregation): Info added and deployed:
https://gitlab.netgate.com/docs/pfSense-docs/-/commit/39557bb6ad5049c1b84dfec335612fdc7b7... Jim Pingle
06:36 PM pfSense Docs New Content #14647 (Resolved): Add a note for ixgbe linking at NBase-T: Info added and deployed
https://gitlab.netgate.com/docs/pfSense-docs/-/commit/2923a008b428795aa6651ea95b227ae8a5cb... Jim Pingle
05:12 PM pfSense Packages Bug #14711: pfBlocker ASN to IP Address option doesn't work: For those looking for a workaround for now I found this. Can use it to pull a JSON.
https://github.com/ipverse/asn-ip Hayden Hill
02:12 AM pfSense Packages Bug #14711: pfBlocker ASN to IP Address option doesn't work: I can confirm this is an issue. ASN lookup no longer working for me. Hayden Hill
03:45 PM Regression #14736 (Feedback): Unable to select PFS Group for individual Phase 2 configurations if Mobile Client global override is not selected: Applied in changeset commit:f2031838067f36195c632b210bd903578789c0ef. Jim Pingle
03:37 PM Regression #14736 (In Progress): Unable to select PFS Group for individual Phase 2 configurations if Mobile Client global override is not selected: Jim Pingle
03:35 PM Revision f2031838: Correct Mobile IPsec P2 PFS. Fixes #14736: Jim Pingle
03:30 PM Regression #14500 (Feedback): PHP Error when viewing Traffic Graphs in ``iftop`` mode: Applied in changeset commit:71f360de9043c64a999c6b47003099ee59a5a132. Jim Pingle
03:20 PM Regression #14500 (In Progress): PHP Error when viewing Traffic Graphs in ``iftop`` mode: Jim Pingle
03:21 PM Revision 71f360de: PHP cleanup in bandwidth_by_ip.inc. Fixes #14500: Jim Pingle
12:43 PM pfSense Plus Bug #14467: Temperature sensor reading is abnormally high on some systems: PCH isn't there on dev snaps because of #14727 Jim Pingle
12:42 PM Bug #14744 (Rejected): Documentation bug: Remote access VPN example: Sounds like both of those points are specific to your config/use case and not as described in the docs exactly. The W... Jim Pingle
12:39 PM Feature #14746: Method for users to customize shell initialization behavior: I thought we already had an open feature request for this but I don't see it.
Rather than trying to accommodate so... Jim Pingle
12:35 PM pfSense Packages Bug #14747 (Needs Patch): softflowd sending same data with different snmp versions: That looks like something specific to the behavior of the daemon which is out of our control (unless there is a CLI/c... Jim Pingle
07:43 AM Bug #13707: Unbound not binding to LAN on startup when explicitly set: Hi,
I now have an SG-2100 with 23.05.1 for the same setup and still the same problem.
Unbound fails to start as I h... robotox sysadmin

09/04/2023

11:36 PM pfSense Packages Bug #14747: softflowd sending same data with different snmp versions: It seems that the problem is related to VLAN interfaces.
I've been doing some tests and if you set softflowd to coll... Marcelo Cury
06:32 PM pfSense Packages Bug #14747: softflowd sending same data with different snmp versions: upstream bug reported:
https://github.com/irino/softflowd/issues/51 Marcelo Cury
06:05 PM pfSense Packages Bug #14747 (Needs Patch): softflowd sending same data with different snmp versions: My environment:
SG-4100 23.05.1, packages up to date and System patches applied.
sotflowd running on LAN, WIFI an... Marcelo Cury
06:29 PM Revision b3c3e114: Removed unnecessary business logic for CD/DVD drives: Tanner
12:40 PM pfSense Packages Feature #14712: CrowdSec package: Hi!
The package is ready for public testing.
Three things to read:
- the short repository readme - https://... Marco Mariani
12:21 PM Feature #14746 (Resolved): Method for users to customize shell initialization behavior: The .tcshrc file is created at every boot from /etc/skel/dot.tcshrc so to make changes persistent that file must be e... Steve Wheeler
05:56 AM pfSense Packages Bug #14745 (New): haproxy: backend, SSL health check: During testing with a backend HTTPS server, I wanted to test if the SSL health check would work; it did not.
So, I d... Stephen Trotter
01:33 AM pfSense Packages Feature #14468: pass along ntopng professional license key: Just an update to say I have now successfully installed NTOPNG Pro version, via console, and licensed it on latest ve... Russ Reynolds

09/03/2023

08:04 PM Bug #14744 (Rejected): Documentation bug: Remote access VPN example: I recently looked at https://docs.netgate.com/pfsense/en/latest/recipes/wireguard-ra.html to set up remote access wit... Chris Gelatt
04:22 AM pfSense Plus Feature #12546: Add 2FA Support to pfSense Plus Local Database Authentication: Redmine created for separate feature request: https://redmine.pfsense.org/issues/14743
Kris Phillips
04:19 AM pfSense Plus Feature #12546: Add 2FA Support to pfSense Plus Local Database Authentication: jeffrey Smith wrote in #note-4:
> Can we please add support for passkeys into default accounts for pfsense.
>
> A... Kris Phillips
04:21 AM pfSense Plus Feature #14743 (New): Add Passkey/Certificate-based Authentication: pfSense Plus's webConfigurator is currently limited in authentication for local auth, requiring third party implement... Kris Phillips
04:12 AM pfSense Plus Bug #14467: Temperature sensor reading is abnormally high on some systems: This command doesn't appear to work on Cordoba-based platforms, but I believe there is a PCH for the NVME interfaces,... Kris Phillips
03:24 AM Bug #14621 (Resolved): Rule separators are hidden when their index is greater than the number of rules: tested by adding 4 separators and 2 rules ., all rule and separators are displayed.
23.09.a.20230902.0133 Alhusein Zawi

09/02/2023

10:52 PM Bug #14684 (Confirmed): Allowed IP Address does not control incoming speed in captive portal, PF Sense Release 2.7 Latest: Chris W
05:24 PM Bug #14684: Allowed IP Address does not control incoming speed in captive portal, PF Sense Release 2.7 Latest: What I see on both 2.7 and 23.05.1 that applying an upload bandwidth limitation for Allowed IP Addresses has little e... Chris W
08:18 PM Bug #14742 (Resolved): Several PHP errors in upgrade_config.inc: This file still needs to be updated to use the new accessor methods, as several errors are still occurring with certa... Christopher Cope
07:36 PM Feature #13245 (Resolved): Type column on Alias lists: "Type" column is added and it looks good.
23.09.a.20230902.0133 Alhusein Zawi
07:12 PM pfSense Packages Bug #14659: vlan (add/modify/delete) with pfblockerNG installed - all interfaces flap: This is still an issue but I have a feeling it’s related to 14484
Edit any interface will lead to a reconfiguration ... Mike Moore
05:33 PM pfSense Packages Bug #14659: vlan (add/modify/delete) with pfblockerNG installed - all interfaces flap: do you still see this flapping issue after removing or correcting the unresolvable source/destination alias messages ... Jordan G
06:46 PM Feature #3288 (Resolved): Support interface macros in Outbound NAT rules: Alhusein Zawi
03:50 PM Bug #14083: Adding MSS and MTU values on a LAGG VLAN interface breaks connectivity: I seem to also be able to reproduce this behavior using the ix interfaces on cordoba platform to create a LAGG (LACP)... Jordan G
03:41 PM Bug #14741: PHP error in DNS Forwarder host overrides when the language is set to French: can confirm bug using above steps. spot checked various other languages and was unable to find this issue occurring o... Jordan G
11:03 AM Bug #14741: PHP error in DNS Forwarder host overrides when the language is set to French: Can confirm that bug
Tested on ... Lev Prokofev
10:26 AM Bug #14741 (New): PHP error in DNS Forwarder host overrides when the language is set to French: A PHP error occur when a user try to add or modify Host Override in DNS Forwarder module... Nicolas PISTER
07:11 AM pfSense Packages Feature #14629 (Resolved): Add option control LCDProc ``syslog`` behavior: Tested the package version:... Danilo Zrenjanin
02:40 AM Regression #14740 (Resolved): Outbound NAT pool options are hidden when a subnet VIP is selected: Fixed with @1b4cdce8ef452d0d8073b3621ab1a4139cd0dd91@. Marcos M
02:10 AM Regression #14740 (Resolved): Outbound NAT pool options are hidden when a subnet VIP is selected: When an outbound NAT rule contains a subnet VIP as the target address, the pool options should be configurable; curre... Marcos M
02:37 AM Revision 1b4cdce8: Show outbound NAT pool options with subnet VIPs. Fix #14740: Marcos M
02:37 AM Revision 4633ef11: Specify specialnet flags when checking oNAT rules.: If the flags are not specified and an oNAT rule has a source/destination
address that is also a VIP, the address is h... Marcos M

09/01/2023

06:23 PM pfSense Packages Regression #14739 (Feedback): PHP error with lightsquid when generating an SSL certificate: Should be fixed in commit @11ed1711e84357241c044c82e7f2be7186375e75@ (https://github.com/pfsense/FreeBSD-ports/commit... Jim Pingle
05:40 PM pfSense Packages Regression #14739 (Resolved): PHP error with lightsquid when generating an SSL certificate: ... Marcos M
04:24 PM pfSense Packages Bug #14406 (Feedback): Squid Proxy version 0.4.46 Missing Error subfolder and files for "en" or "en-usa" and all other languages.: I tested this on 23.09 dev snapshots and I'm not able to replicate the issue. The files are in the directory:
{{co... Marcos M
04:20 PM Bug #14738 (Feedback): IPsec restart in CARP event scripts does not check VIP properly and never runs: Applied in changeset commit:fcd5e10a67ac9a67cc7116ea1a314aaea225c699. Jim Pingle
04:10 PM Bug #14738 (Resolved): IPsec restart in CARP event scripts does not check VIP properly and never runs: The IPsec interface VIP check in @rc.carpmaster@ and @rc.carpbackup@ is not checking the VIP presence properly and th... Jim Pingle
04:10 PM Revision fcd5e10a: Correct CARP event IPsec VIP tests. Fixes #14738: Jim Pingle
02:49 PM pfSense Docs Todo #14737 (Rejected): Feedback on pfSense® software Configuration Recipes — Connecting OpenVPN Sites with Conflicting IP Subnets: *Page:* https://docs.netgate.com/pfsense/en/latest/recipes/openvpn-nat-subnets-conflict.html
*Feedback:*
thro... Joshua Diamant
12:28 PM Revision 378c8692: Show value of Speed Shift preference. Issue #14047: Adds the ability to display the underlying value of range (slider)
controls, and activates this for the Speed Shift e... Jim Pingle
09:08 AM pfSense Packages Bug #14730: FreeRADIUS package has wrong/old internal_name specified in backup xml causing package reinstall failure on backup restore: Let me try give you more info to reproduce. We have the issue on many devices not just one. We also had this issue on... Luca Piccirillo
07:45 AM Feature #14726 (Resolved): Show IPsec phase 1 authentication type in Mode column of tunnel list: The patch has been applied successfully, and after reviewing the changes, they look great and useful.
!clipboard-20... Danilo Zrenjanin
06:54 AM pfSense Packages Bug #14733: CARP Master before HA Proxy is started: Hi Jim,
Thanks for the quick response and suggestion. Changing the WebUI port makes sense to get rid of the confli... Christopher de Haas
06:48 AM pfSense Packages Bug #13405: Wireguard: The webgui becomes excessively slow to respond with a large number of peers: I can also confirm this, but its happening to me with only some Peers (exactly, 4 tunnels, about 10 peers in total) I... David Martin
06:26 AM Regression #14735 (Confirmed): ``arp`` command is not filtering output as expected, behavior changed in FreeBSD: Ok. I replicated the issue on:... Danilo Zrenjanin

08/31/2023

09:50 PM Revision f98a499e: Added CD/DVD search to ECL: Tanner
08:25 PM Feature #14047 (Feedback): Options to control Intel Speed Shift: Applied in changeset commit:93f8b28797a2b618f96589c916128019231f027e. Jim Pingle
08:16 PM Revision 93f8b287: Intel Speed Shift support. Implements #14047: GUI controls only appear on hardware that supports Speed Shift. Jim Pingle
06:45 PM Regression #14736 (Confirmed): Unable to select PFS Group for individual Phase 2 configurations if Mobile Client global override is not selected: I saw that the other day as well but hadn't got around to trying it again or creating a redmine. Probably some logic ... Jim Pingle
06:35 PM Regression #14736 (Resolved): Unable to select PFS Group for individual Phase 2 configurations if Mobile Client global override is not selected: In the currently nightly snapshot, I'm unable to select a PFS group for an individual Phase 2 configuration unless th... Kev Kitchens
05:37 PM Regression #14719 (Resolved): IPv4+IPv6 outbound NAT rule expands to invalid rule set: After applying the patch, the same rule set loads without any issues.... Danilo Zrenjanin
05:32 PM Regression #14719 (Confirmed): IPv4+IPv6 outbound NAT rule expands to invalid rule set: I can confirm this behavior on the:... Danilo Zrenjanin
05:21 PM Regression #14735: ``arp`` command is not filtering output as expected, behavior changed in FreeBSD: Seems to be a regression on 23.09 Christian McDonald
05:20 PM Regression #14735: ``arp`` command is not filtering output as expected, behavior changed in FreeBSD: I couldn't reproduce it on 23.05.1
!clipboard-202308311919-cliyy.png!
It pulled the MAC address from my MacOS inter... Danilo Zrenjanin
03:15 PM Regression #14735 (Resolved): ``arp`` command is not filtering output as expected, behavior changed in FreeBSD: Christian McDonald
05:16 PM pfSense Packages Bug #14406: Squid Proxy version 0.4.46 Missing Error subfolder and files for "en" or "en-usa" and all other languages.: "2Amos Jeffries 2023-08-29 18:26:02 UTC
AFAICT "0.4.46" is the version number of the pfsense plugin used to integra... Jonathan Lee
02:43 PM pfSense Packages Bug #14733 (Not a Bug): CARP Master before HA Proxy is started: Sounds like you have something misconfigured. You are trying to bind two things to the same port on the same address ... Jim Pingle
11:09 AM pfSense Packages Bug #14733 (Not a Bug): CARP Master before HA Proxy is started: Pfsense becomes CARP master before HA proxy is started. This is a significant problem and causes unneeded outages. Wh... Christopher de Haas
02:02 PM Bug #14734: Alias FQDN resolving issue results in incomplete tables: btw, might be related to https://redmine.pfsense.org/issues/9296 Robert Gijsen
01:59 PM Bug #14734 (New): Alias FQDN resolving issue results in incomplete tables: In CE 2.7.0, there are still issues when FQDN are used in aliasses. Vonsider an alias with 3 entries, 2 static IP's a... Robert Gijsen
09:21 AM Bug #14394 (Resolved): PHP error in CSRF Magic from invalid time value: The issue occurred only once on a customer's appliance and has not been reported by anyone else yet.
The patch min... Danilo Zrenjanin
09:02 AM pfSense Packages Bug #14730: FreeRADIUS package has wrong/old internal_name specified in backup xml causing package reinstall failure on backup restore: Just checked on pfSense 2.7.0
Backup version is the same as yours.
internal_name is still there as before.
Not sure ... Luca Piccirillo
06:41 AM pfSense Packages Bug #14730: FreeRADIUS package has wrong/old internal_name specified in backup xml causing package reinstall failure on backup restore: I couldn't reproduce this issue on the:... Danilo Zrenjanin
07:24 AM pfSense Packages Bug #14670 (Resolved): net-snmp does not ignore /var/unbound/dev: The latest release 0.1.5_11 contains the ignoreDisk directive for /var/unbound/dev ... Danilo Zrenjanin
06:39 AM pfSense Plus Feature #11920: SAML Authentication for pfSense (VPN and webConfigurator): Have been told in https://forum.netgate.com/topic/182512/login-security-phishing-resistant-mfa/ that this was discuss... jeffrey Smith
01:20 AM Bug #12938 (Pull Request Review): Incorrect warning from ``radvd`` about ``AdvRDNSSLifetime`` value: The warning can be ignored. It is shown due to the current radvd version not taking RFC8106 into account. A fix has b... Marcos M

08/30/2023

09:01 PM pfSense Packages Bug #14108: Antivirus Bases showing outdated main.cvd with a version dated year 2021: Also confirmed via Andrew C. Aitchison of ClamAV users support email system.
"It is a very big file and stores the... Jonathan Lee
07:47 PM Feature #14047 (In Progress): Options to control Intel Speed Shift: Jim Pingle
07:07 PM Todo #14732 (Resolved): Update Unbound to 1.18.0: Christian McDonald
06:15 PM Feature #14731 (Waiting on Merge): Unbound Advanced Settings entry for ``sock-queue-timeout``: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/1068 Marcos M
06:10 PM Feature #14731 (Resolved): Unbound Advanced Settings entry for ``sock-queue-timeout``: @sock-queue-timeout@ was introduced in unbound 1.18.0.
https://unbound.docs.nlnetlabs.nl/en/latest/manpages/unboun... Marcos M
05:34 PM Bug #13555: When WAN is lost, ipv6 interface will not renew upon WAN availability: Happened again early hours of the morning for me. VZ carried out a brief interruption to service, v4 lease comes back... quiet lion
04:53 PM pfSense Plus Feature #12546: Add 2FA Support to pfSense Plus Local Database Authentication: Can we please add support for passkeys into default accounts for pfsense.
Apple and Microsoft are adding native su... jeffrey Smith
04:30 PM Bug #11548 (Closed): "rule expands to no valid combination" error from port forward automatic rule mixing IPv4 and IPv6 elements: It doesn't seem possible for a rule that causes this error to be added in the GUI since input validation would catch ... Marcos M
02:12 PM pfSense Packages Feature #8547: fwknop Port Knocking Package: I'm willing to chip in, help code this myself or hire someone to develop this. Either way I'd like to see this packa... Alan V
02:09 PM pfSense Packages Feature #8547: fwknop Port Knocking Package: I really want to see this as well. I'll explain why people want fwknop or at the minimum knockd support...
Fwknop... Alan V
12:49 PM pfSense Packages Bug #14722 (Duplicate): Snort Rule Update time settings does not create cron job correctly with certain times: Jim Pingle
12:49 PM pfSense Packages Bug #14724 (Resolved): Suricata package incorrectly accounts for 24-hour rollover when creating automated rules update cron task and a 12-hour update interval is selected: PR merged, thanks! Jim Pingle
12:49 PM pfSense Packages Bug #14723 (Resolved): Snort package incorrectly handles rollover from 23 to 00 hours when calculating rules update cron task times: PR merged, thanks! Jim Pingle
11:14 AM pfSense Packages Bug #14730 (New): FreeRADIUS package has wrong/old internal_name specified in backup xml causing package reinstall failure on backup restore: When backing up with package info included:... Luca Piccirillo

08/29/2023

10:57 PM Bug #13555: When WAN is lost, ipv6 interface will not renew upon WAN availability: I am on 23.09.a.20230826.1731...
Just did some more captures and am not seeing any solicitations or any other rand... Mike McV
10:19 PM Bug #13555: When WAN is lost, ipv6 interface will not renew upon WAN availability: Perhaps it's related to / caused by #13423. If possible, try testing it on 23.09 dev snapshots. Marcos M
07:59 PM Bug #13555: When WAN is lost, ipv6 interface will not renew upon WAN availability: I have the same issue and have spent some time looking in to it. It looks to be more related to RADVD/NDP than DHCP6.... Mike McV
10:30 PM Bug #14725 (Feedback): Primary IPv6 interface address may be incorrect when a ULA is set: Applied in changeset commit:35b6dbe65cdff7d96008554ffafdd1b047b3f3fc. Marcos M
03:09 PM Bug #14725 (Pull Request Review): Primary IPv6 interface address may be incorrect when a ULA is set: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/1067 Marcos M
07:41 PM pfSense Packages Bug #14108 (Rejected): Antivirus Bases showing outdated main.cvd with a version dated year 2021: 2021 is the most recent main.cvd/main.cld file from ClamAV directly. The daily file gets updated more regularly.
F... Jim Pingle
06:40 PM pfSense Packages Bug #14108: Antivirus Bases showing outdated main.cvd with a version dated year 2021: From Squid and indirectly also c-icap upstream(s):
Neither Squid nor c-icap have anything to do with the ClamAV dat... Amos Jeffries
06:31 AM pfSense Packages Bug #14108: Antivirus Bases showing outdated main.cvd with a version dated year 2021: https://bugs.squid-cache.org/show_bug.cgi?id=5297
Bug zilla ticket also open for Squid side for more visibility of... Jonathan Lee
05:41 PM pfSense Docs New Content #14647: Add a note for ixgbe linking at NBase-T: Confirmed as working on an X550-T: https://forum.netgate.com/post/1122962 Steve Wheeler
03:43 PM Regression #14727: PCH Temperature missing from Thermal Sensors: Looks like we had @pchtherm.ko@ on the previous release but it's not in current builds. Jim Pingle
02:34 AM Regression #14727 (Resolved): PCH Temperature missing from Thermal Sensors: PCH temperature was present in 23.05 and probably introduced in that version. Ted Quade
03:21 PM Bug #14717: A default route can remain after setting the default gateway to None: !https://i.imgur.com/QAReNOq.jpg!
!https://i.imgur.com/XIMRavl.jpg! yon Liu
03:07 PM Revision 35b6dbe6: Prioritize the first GUA when selecting the primary IPv6 address. Fix #14725: Marcos M
02:40 PM Regression #14719 (Feedback): IPv4+IPv6 outbound NAT rule expands to invalid rule set: Applied in changeset commit:3ac7816f637b54cb4fb958fa0a439c147e13baff. Marcos M
02:31 PM Revision 3ac7816f: Validate mixed address family for outbound NAT rules. Fix #14719: Marcos M
01:54 PM pfSense Packages Feature #14729 (New): OpenVPN Client Export - Support PLAP on Windows: OpenVPN 2.6 for Windows introduced support for PLAP (Pre-Logon Access Provider). With this support, users get a new i... Pablo Bendersky
06:36 AM pfSense Packages Bug #14341: Squid Cache Table Logs Showing incorrect date: https://bugs.squid-cache.org/show_bug.cgi?id=5298
Added to bugzilla for Squid for more support visibility Jonathan Lee
06:21 AM pfSense Packages Bug #14406: Squid Proxy version 0.4.46 Missing Error subfolder and files for "en" or "en-usa" and all other languages.: https://bugs.squid-cache.org/show_bug.cgi?id=5296
Bugzilla Squid ticket now open for more Squid support visibility. Jonathan Lee
03:25 AM Feature #14728 (Resolved): Support for CD/DVD drives in the External Configuration Locator (ECL): In the Hyper-V environment, there's an observed behavior where pfSense does not appear to search for ... Tanner H

08/28/2023

07:55 PM Feature #14726 (Feedback): Show IPsec phase 1 authentication type in Mode column of tunnel list: Applied in changeset commit:52c5417c4b38477b8a835c997f815b52089da5d0. Jim Pingle
07:45 PM Feature #14726 (Resolved): Show IPsec phase 1 authentication type in Mode column of tunnel list: IKEv2 is much more common than IKEv1 these days so the "Mode" column is nearly always blank since it's irrelevant to ... Jim Pingle
07:43 PM Revision 52c5417c: Show IPsec P1 auth in list. Implements #14726: While here, pluralize "Mobile Client" label on mobile P1 since it's
inconsistent with other usages in the IPsec GUI. Jim Pingle
06:52 PM Bug #14725 (In Progress): Primary IPv6 interface address may be incorrect when a ULA is set: Marcos M
06:11 PM Bug #14725 (Resolved): Primary IPv6 interface address may be incorrect when a ULA is set: The previous behavior of using the first IPv6 non-LL address as the primary interface address was restored with https... Marcos M
05:50 PM Regression #14719 (Pull Request Review): IPv4+IPv6 outbound NAT rule expands to invalid rule set: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/1066 Marcos M
04:10 PM Regression #14719 (In Progress): IPv4+IPv6 outbound NAT rule expands to invalid rule set: Marcos M
03:14 PM Regression #14719: IPv4+IPv6 outbound NAT rule expands to invalid rule set: Not specific to Plus.
Probably related to #3288 or other recent changes in that area by Marcos. Jim Pingle
05:15 PM pfSense Packages Bug #14722: Snort Rule Update time settings does not create cron job correctly with certain times: This is a duplicate of bug 14723. My report of the user-identified issue and the acutal user's report of the same iss... Bill Meeks
04:37 PM pfSense Packages Bug #14722 (Duplicate): Snort Rule Update time settings does not create cron job correctly with certain times: What happens is that when a combination of update interval and hour is set that adds up to 24, the script that create... Benjamin McRobert
05:13 PM pfSense Packages Bug #14724: Suricata package incorrectly accounts for 24-hour rollover when creating automated rules update cron task and a 12-hour update interval is selected: Pull Request 1289 (https://github.com/pfsense/FreeBSD-ports/pull/1289) has been submitted to correct this issue. This... Bill Meeks
04:44 PM pfSense Packages Bug #14724 (Resolved): Suricata package incorrectly accounts for 24-hour rollover when creating automated rules update cron task and a 12-hour update interval is selected: The Suricata package GUI incorrectly adjusts the starting hour for the automated rules update cron task when the user... Bill Meeks
05:12 PM pfSense Packages Bug #14723: Snort package incorrectly handles rollover from 23 to 00 hours when calculating rules update cron task times: Pull Request 1288 (https://github.com/pfsense/FreeBSD-ports/pull/1288) has been submitted to resolve this issue.
T... Bill Meeks
04:38 PM pfSense Packages Bug #14723 (Resolved): Snort package incorrectly handles rollover from 23 to 00 hours when calculating rules update cron task times: The Snort package incorrectly adjusts the rollover from 23:xx hours to 00:xx hours when creating the cron task for au... Bill Meeks
04:01 PM pfSense Packages Bug #13432: ups driver will not start: I started having similar issue after upgrade to 2.7.0 (was working before)
got notices and saw "upsmon" giving "fail... Tom Bauer
02:29 PM Revision 936aa9ba: services.inc: ensure dhcpd devfs is only ever mounted one time: Christian McDonald
02:28 PM Revision fd391b0c: services.inc: ensure dhcpd devfs is only ever mounted one time: Christian McDonald
01:02 PM pfSense Packages Bug #14426 (Resolved): PHP errors in Lightsquid: The PR was merged. Jim Pingle
12:31 PM Todo #14011: Update memory graphs to account for changes in memory reporting: It's already correct in the repository and has been since March, you maybe accidentally reverted that change at some ... Jim Pingle
12:26 PM Regression #14635 (Resolved): "Legacy" strength PKCS#12 Export needs ``-legacy`` provider parameter on OpenSSL command: Looks good. When it failed it produced no file to download for the 'legacy' option at all, not even a 0-byte file.
Jim Pingle
12:24 PM pfSense Plus Bug #14720 (Duplicate): Traffic Graph Does Not Update For OpenVPN Interface When DCO Is Enabled: Seems like a duplicate of #14531
It's known/expected that in some cases DCO can't get traffic stats. Jim Pingle
12:23 PM Feature #13124 (Resolved): Option to wait for interface selection before displaying firewall rules: Jim Pingle
12:22 PM Todo #14686 (Resolved): Check for deprecated OpenVPN encryption and digest options on upgrade: The list of current algorithms is pulled dynamically from OpenVPN/OpenSSL, so if it's in the list on a current snapsh... Jim Pingle
12:21 PM Regression #14713 (Resolved): Mobile IPsec not allocating address to connecting clients on dev snapshots: Jim Pingle
12:18 PM pfSense Plus Bug #14721 (Rejected): disable / enable interface: There are very few details here and I don't see anything unexpected in that log, it's restarting things that use the ... Jim Pingle
11:39 AM pfSense Plus Bug #14721 (Rejected): disable / enable interface: when disable / enable gre interface, flap all other interface. Evgeny Korostelev
12:07 PM Bug #13729 (Resolved): Gateways stuck in Unknown status: Tested on several pfSense versions: 21.02_2, 22.05, 23.05_1 and 2.7
I was able to reproduce this issue on 21.02_2.
W... Azamat Khakimyanov
06:44 AM Bug #9296: Alias content is sometimes incomplete when an alias contains both FQDN and IP address entries: Unfortunately, the exact thing happened again in 2.7.0 for us over the weekend. We use an external spamfilter where m... Robert Gijsen

08/27/2023

11:31 PM Todo #14011: Update memory graphs to account for changes in memory reporting: Hello I wanted to give a heads up for 23.09.
I had to reapply this with 23.05 the error came back.
Jim sent t... Jonathan Lee
08:20 PM Regression #14635: "Legacy" strength PKCS#12 Export needs ``-legacy`` provider parameter on OpenSSL command: % openssl pkcs12 -legacy -info -in HA+OpenVPN+Server-Legacy.p12
MAC Iteration 2048
MAC verified OK
PKCS7 Encrypted d... Chris Linstruth
06:29 PM pfSense Plus Bug #14720 (Duplicate): Traffic Graph Does Not Update For OpenVPN Interface When DCO Is Enabled: Related forum thread:
https://forum.netgate.com/topic/182465/traffic-from-openvpn-interface-not-updating-on-traffi... Timo M
05:30 PM Bug #12959: dhcplease process wrongly update host file if client-hostname is empty: I wasn't able to reproduce it on 2.5 or 2.6 or 2.7
When I enabled 'don't send hostname' option on my Ubuntu PCs, a... Azamat Khakimyanov
03:36 PM Bug #12849: pfsync kernel crash on reboot: Backtrace for those searching redmine:... Steve Wheeler
03:03 PM Feature #13124: Option to wait for interface selection before displaying firewall rules: Tested on:
23.09-DEVELOPMENT (amd64)
built on Sat Aug 26 17:37:15 UTC 2023
FreeBSD 14.0-ALPHA2
Looks good. Chris Linstruth
12:35 PM Regression #14719 (Resolved): IPv4+IPv6 outbound NAT rule expands to invalid rule set: A misconfigured outbound NAT rule that used to load now stops pf from loading the rule set.
First seen on:
23.09-... Chris Linstruth
08:05 AM pfSense Packages Feature #9916 (Resolved): Check allow-transfer in custom option when the zone is slave: Tested on 23.05_1
Allow-transfer option check was added and there wasn't any bind error if I add this option into Cu... Azamat Khakimyanov
05:21 AM pfSense Packages Feature #14710: Possible Idea for new firewall feature "ACL CONNECTED RED LED FLAG FEATURE": Different way to iterate the variable for multiple cases
You can also use the the case command to iterate over t... Jonathan Lee
02:25 AM Feature #13377: Option to configure a custom value for the PHP memory limit: Chris W wrote in #note-19:
> Systems with 1GB or less of RAM show a negative number as the hinted maximum adjusted va... Christopher Cope
12:53 AM Feature #13377: Option to configure a custom value for the PHP memory limit: Systems with 1GB or less of RAM show a negative number as the hinted maximum adjusted value. The screenshot is taken ... Chris W
12:05 AM Feature #13377: Option to configure a custom value for the PHP memory limit: Tested on... Christopher Cope
01:15 AM Feature #3288: Support interface macros in Outbound NAT rules: source/destination (of outbound NAT) show predefined subnets (LAN/WAN)
23.09.a.20230825.1302
Alhusein Zawi
12:06 AM Todo #14686: Check for deprecated OpenVPN encryption and digest options on upgrade: I used the wizard to make an OpenVPN server in 23.05, then manually:
- Confirmed all the algorithm choices listed ab... Chris W

08/26/2023

11:57 PM pfSense Packages Regression #13817: pfBlockerNG-devel cron jobs persist after the service is disabled or the package is uninstalled: on 23.05.1 and pfB 3.2.0_6 after working through getting the package to uninstall successfully (see https://redmine.p... Jordan G
11:47 PM pfSense Packages Bug #14572: Unused DNSBL files may not be removed: Kris Phillips wrote in #note-1:
> Hello,
>
> Is this with the devel or stable branch of pfBlockerNG?
devel and... Jordan G
11:03 PM pfSense Packages Bug #14287: pfBlockerNG does not uninstall cleanly when using RAM disks: This is still happening with pfBlockerNG 3.2.0_6. I believe I've found a workaround for this after chasing a few of t... Jordan G
07:06 PM Bug #14708: PHP error when the system fails to create an interface: I tried to reproduce it on a seperate interface, but did not encounter the same error.
So it must be related to m... Diana Moore
02:49 PM Bug #14708: PHP error when the system fails to create an interface: I am unable to reproduce this on 23.05.1. I created an interface using 6to4 and then another using 6rd without error.... Christopher Cope
06:29 PM pfSense Plus Bug #14682 (Resolved): DCO OpenVPN server bound to Localhost does not pass traffic as expected: Tested against:... Danilo Zrenjanin
08:08 AM pfSense Plus Bug #14682: DCO OpenVPN server bound to Localhost does not pass traffic as expected: Tested on
... Lev Prokofev
03:56 PM Regression #14698 (Resolved): TLS Cert Warning Message Present on First Start: No certificate warning before or after the Wizard on first boot using build
23.09-DEVELOPMENT (amd64)
built on Sa... Chris W
12:11 PM Bug #14637 (Resolved): PHP shell script ``pfanchordrill`` shows duplicate anchor content: The patch fixes it.
I am marking the ticket resolved. Danilo Zrenjanin
11:01 AM Regression #14713: Mobile IPsec not allocating address to connecting clients on dev snapshots: Fixed for me. Thanks. Vladimir Suhhanov
07:08 AM pfSense Packages Bug #14711 (Confirmed): pfBlocker ASN to IP Address option doesn't work: Tested on pfBlocker 3.2.0_6
It failed to load list.... Lev Prokofev
07:06 AM pfSense Packages Bug #14718 (New): pfBlocker DNSBL IPs list action is wrongly named: !clipboard-202308260857-oz2vd.png!
Under *Firewall/pfBlockerNG/DNSBL* there is *DNSBL IPs* section.
The *Alias ... Danilo Zrenjanin
03:01 AM Bug #14717: A default route can remain after setting the default gateway to None: Hello,
Can you please provide some screenshots of what you're expecting versus what you're seeing? I'm not unders... Kris Phillips
12:19 AM pfSense Packages Feature #14710: Possible Idea for new firewall feature "ACL CONNECTED RED LED FLAG FEATURE": Non standard colours also
@#!/bin/sh
pfctl -vvss | grep ', rule 79' >/dev/null
res=$?
if [ $res = 0 ];
then
... Jonathan Lee

08/25/2023

08:56 PM pfSense Packages Bug #14426 (Pull Request Review): PHP errors in Lightsquid: https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/353 Marcos M
08:10 PM pfSense Packages Regression #13984 (Resolved): PHP errors with squid: Marcos M
08:04 PM Bug #14717 (Resolved): A default route can remain after setting the default gateway to None: pfsense v23.05.01 Always automatically set static default ipv6 to pppoe wan.because i have run frr ipv6 bgp, when i h... yon Liu
05:41 PM pfSense Docs Correction #14639 (Resolved): Multiple email address notification: Note added and deployed.
https://gitlab.netgate.com/docs/pfSense-docs/-/commit/f2f85861b0ccd82cd19d9b4f72c17cf2be6... Jim Pingle
05:30 PM pfSense Docs Todo #14716 (Resolved): Update the squid help link URL: Fixed. There were several that were wrong.
https://gitlab.netgate.com/docs/pfSense-docs/-/commit/2d75de5525ca68375... Jim Pingle
04:24 PM pfSense Docs Todo #14716 (Resolved): Update the squid help link URL: The squid package help link (@help.php?page=squid.xml@) redirects to an unrelated page:
https://docs.netgate.com/pfs... Marcos M
04:43 PM Regression #14709 (Resolved): Patch to disable procctl in pkg is missing: Patch is restored Christian McDonald
12:09 AM Regression #14709 (Resolved): Patch to disable procctl in pkg is missing: The patch to remove procctl in pkg is missing. This is needed to prevent child processes being killed which is used i... Marcos M
04:19 PM pfSense Docs Todo #14658 (Resolved): Update firewall/NAT rule source/destination field references: https://gitlab.netgate.com/docs/pfSense-docs/-/merge_requests/59 Marcos M
04:13 PM pfSense Packages Bug #14714: HAProxy Agent Check: Bug No 2 is now described in Bug #14715 Jacques Bourdeau
03:56 PM pfSense Packages Bug #14714: HAProxy Agent Check: Jacques Bourdeau wrote in #note-2:
> Jim Pingle wrote in #note-1:
> > Please create a separate issue entry for each... Jim Pingle
03:46 PM pfSense Packages Bug #14714: HAProxy Agent Check: Jim Pingle wrote in #note-1:
> Please create a separate issue entry for each problem, even if they appear to be rela... Jacques Bourdeau
03:21 PM pfSense Packages Bug #14714: HAProxy Agent Check: Please create a separate issue entry for each problem, even if they appear to be related.
Jim Pingle
03:03 PM pfSense Packages Bug #14714 (New): HAProxy Agent Check: For my load balancing, I ended up needing to use Agent-based checks in HAProxy.
I configured it in my pfSense+ (23... Jacques Bourdeau
04:06 PM pfSense Packages Bug #14715 (New): HAProxy Agent-Check are not enabled in the config despite being checked in the UI: Related to Bug #14714 which also does not populate the config file properly for agent-check based monitoring in HAPro... Jacques Bourdeau
04:01 PM pfSense Packages Feature #14710: Possible Idea for new firewall feature "ACL CONNECTED RED LED FLAG FEATURE": If anyone knows of a more efficient want to poll the state table, please let me know.
Have a good day Jonathan Lee
03:59 PM pfSense Packages Feature #14710: Possible Idea for new firewall feature "ACL CONNECTED RED LED FLAG FEATURE": Here is a photo of testing with the three LEDs enabled when rule 79 went active.
Does the state table counters als... Jonathan Lee
03:49 PM pfSense Packages Feature #14710: Possible Idea for new firewall feature "ACL CONNECTED RED LED FLAG FEATURE": I wonder if there is another way to do it maybe with the active state tables counters. Thanks for looking into this i... Jonathan Lee
03:27 PM pfSense Packages Feature #14710: Possible Idea for new firewall feature "ACL CONNECTED RED LED FLAG FEATURE": I don't see anything like that being added to the base system, but maybe someone might design a package around it.
... Jim Pingle
04:54 AM pfSense Packages Feature #14710: Possible Idea for new firewall feature "ACL CONNECTED RED LED FLAG FEATURE": Side note, I recently learned "The Air force one Executive Phone has a light on the back that lights up red when secu... Jonathan Lee
02:03 AM pfSense Packages Feature #14710: Possible Idea for new firewall feature "ACL CONNECTED RED LED FLAG FEATURE": pfctl -vvss| grep '192.168.1.11' would work great too as it would be IP address based not rule based
also
pfctl -vv... Jonathan Lee
01:26 AM pfSense Packages Feature #14710: Possible Idea for new firewall feature "ACL CONNECTED RED LED FLAG FEATURE": The capability is you can take any rule ID you have that establishes a connection and you could configure it to be us... Jonathan Lee
01:12 AM pfSense Packages Feature #14710 (New): Possible Idea for new firewall feature "ACL CONNECTED RED LED FLAG FEATURE": Hello fellow Netgate pfSense Redmine community members,
I wanted to share this with you all to see if this is any... Jonathan Lee
02:37 PM Bug #14613: Incorrect wireguard control panel status management: You can only enable wiregtuard by starting it in the web gui.
After starting with the script /usr/local/bin/php_wg -... hao zhang
02:07 PM Bug #14613: Incorrect wireguard control panel status management: After running
/usr/local/bin/php_wg -f /usr/local/pkg/wireguard/includes/wg_service.inc stop
fstat shows that /var... hao zhang
02:06 PM Bug #14613: Incorrect wireguard control panel status management: I checked /var/run/wireguardd.pid before rebooting and it was 22536.
After that I rebooted the pfsense.
After reboo... hao zhang
12:58 PM Bug #14613: Incorrect wireguard control panel status management: I do it manually with ssh
/usr/local/bin/php_wg -f /usr/local/pkg/wireguard/includes/wg_service.inc stop
then web... hao zhang
12:40 PM Bug #14613: Incorrect wireguard control panel status management: I reinstalled pfsense and ran into this problem again
I have 3 tunnel, 5 peers and each tunnel is assigned interface... hao zhang
02:37 PM Bug #14691 (Resolved): Separators get shifted when copying firewall rules between interfaces: Tested against:... Danilo Zrenjanin
01:35 PM Regression #14713 (Feedback): Mobile IPsec not allocating address to connecting clients on dev snapshots: Applied in changeset commit:ceea1bd07b25ecb3061f3eda1a5137d2ead8311d. Jim Pingle
01:28 PM Regression #14713: Mobile IPsec not allocating address to connecting clients on dev snapshots: This regressed in a recent rector refactoring ( commit:264198a5a69c0ea45726ccb4c0682f1f0cd5e8a9 ), some references to... Jim Pingle
12:43 PM Regression #14713 (Resolved): Mobile IPsec not allocating address to connecting clients on dev snapshots: This regressed since the previous release at some point. Mobile client attempts to connect but is unable to obtain an... Jim Pingle
01:25 PM Revision ceea1bd0: Mobile IPsec settings PHP refactor corrections. Fixes #14713: Jim Pingle
01:17 PM pfSense Packages Feature #14712: CrowdSec package: e ok wrote:
> I think is not necessary another IPS, but I leave here If something consider that is more robust or go... Marco Mariani
12:32 PM pfSense Packages Feature #14712 (New): CrowdSec package: I think is not necessary another IPS, but I leave here If something consider that is more robust or good tan Snort or... e ok
12:26 PM Revision 67dc6377: Tweak formatting of SMTP notifications: Jim Pingle
06:58 AM Regression #14569 (Feedback): ``bnxt(4)`` driver errors: I've cherry-picked the upstream fixes (see https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=269133) into our branche... Kristof Provost
06:30 AM pfSense Packages Bug #14711 (Resolved): pfBlocker ASN to IP Address option doesn't work: pfBlocker relies on Team Cymru IP to ASN Lookup v1.0 to get the list of prefixes for the defined ASN. But it seems th... Danilo Zrenjanin
06:12 AM pfSense Packages Bug #12822 (Confirmed): IPv4 Source ASN format not working: I have tried to define the ASN format and it appears that it is still not working consistently. Occasionally, it does... Danilo Zrenjanin

08/24/2023

11:39 PM Bug #14707 (Rejected): Fresh installation with a bug.: That's a hardware/driver issue with your @dc@ based NIC. Given the age of that hardware and the fact that it's only 1... Jim Pingle
10:45 PM Bug #14707 (Rejected): Fresh installation with a bug.: Hi, I made a fresh installation and get a bug/error. Attached the dumps for your future analyst if you consider neces... e ok
11:35 PM Bug #14708 (Resolved): PHP error when the system fails to create an interface: When enabling 6rd while 6to4 is enabled on another interface the web ui will throw an error of @Uncaught TypeError: p... Diana Moore
07:03 PM Bug #14432 (Feedback): PHP error when failing to write ``config.cache``: This should be fixed by commit:596a88fa42f0ac77bd2fc2be87b54457df11f64b Jim Pingle
07:00 PM Feature #14337: Allow SMTP notifications from non-root processes: With the changes I just pushed, I get working SMTP notifications from NUT as well as other users. No duplicates/loops... Jim Pingle
06:50 PM Feature #14337 (Feedback): Allow SMTP notifications from non-root processes: Applied in changeset commit:596a88fa42f0ac77bd2fc2be87b54457df11f64b. Jim Pingle
06:43 PM Revision 596a88fa: Notification code updates: * Rework how notice queue files are setup and maintained, which should
allow all users to send notifications now wi... Jim Pingle
02:29 PM pfSense Packages Feature #14706 (New): Add Cloudflare tunnel pkg: Hello everybody,
I've been using Cloudflare tunnel for more than an year as I'm now behind CGNAT so no more open p... Vlad Saftoiu
01:42 PM Bug #14691: Separators get shifted when copying firewall rules between interfaces: That result indicates a patch is missing. The fix is in the latest build (20230824-0600) - try it there. Marcos M
07:39 AM Bug #14691: Separators get shifted when copying firewall rules between interfaces: After applying the patch, I made the following observations:
h3. Before copying:
Rules on source interface (L... Danilo Zrenjanin
12:50 PM Regression #14690 (Resolved): Creating or duplicating an IPsec P1 entry does not increment the IKE ID: Jim Pingle
05:24 AM Regression #14690: Creating or duplicating an IPsec P1 entry does not increment the IKE ID: Tested on ... Lev Prokofev

08/23/2023

11:32 PM Bug #14619: Rule separators are ordered incorrectly after removing rules in certain positions: Side note:
I have also seen this behavior carrying into layer 2 Ethernet filtering rules.
Photos inside duplicat... Jonathan Lee
10:54 PM pfSense Plus Bug #14705: Changes in Ethernet ruleset can lead to incorrect rule and separator order: I was not able to replicate it (including with Ethernet rules, etc). If you can replicate this on a default install/c... Marcos M
10:21 PM pfSense Plus Bug #14705: Changes in Ethernet ruleset can lead to incorrect rule and separator order: Thanks for looking into this. I am not changing the firewall configuration only the firewall rule when this occurs. L... Jonathan Lee
10:00 PM pfSense Plus Bug #14705 (Rejected): Changes in Ethernet ruleset can lead to incorrect rule and separator order: I can only replicate this if I change the config while editing a rule. This is known behavior that is due to the inde... Marcos M
05:28 PM pfSense Plus Bug #14705: Changes in Ethernet ruleset can lead to incorrect rule and separator order: For mine the rules are randomizing. I have some rules that jump to the middle and or end of the rule list. Jonathan Lee
05:21 PM pfSense Plus Bug #14705 (Duplicate): Changes in Ethernet ruleset can lead to incorrect rule and separator order: Most likely a duplicate of #14691 or #14619 Jim Pingle
05:16 PM pfSense Plus Bug #14705 (Closed): Changes in Ethernet ruleset can lead to incorrect rule and separator order: Hello fellow pfSense Redmine community members,
I noticed after the recent software update to 23.05.1 that issues ... Jonathan Lee
09:45 PM Regression #14623 (Feedback): Primary interface address is incorrectly set to the last address on the interface: Applied in changeset commit:baa612e555ba48e1961f03ac54e8f93b078aff48. Marcos M
07:05 PM Regression #14623 (Pull Request Review): Primary interface address is incorrectly set to the last address on the interface: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/1064 Marcos M
09:37 PM Revision baa612e5: Return the first interface address instead of the last. Fix #14623: Marcos M
09:23 PM Revision 9602c76c: Correctly shift separators when deleting a single rule above a separator. Fix #14691: Marcos M
08:55 PM Bug #14691 (Feedback): Separators get shifted when copying firewall rules between interfaces: Applied in changeset commit:26b97b650457ba98360b5648dd801fd0adb567a5. Marcos M
08:45 PM Bug #14691 (In Progress): Separators get shifted when copying firewall rules between interfaces: The behavior of the rule being placed on top when being copied only happens when e.g. copying the last rule of LAN to... Marcos M
06:40 PM Bug #14691 (Feedback): Separators get shifted when copying firewall rules between interfaces: Applied in changeset commit:abc8192b1028f48bb768ffb6727bed4d05adae7f. Marcos M
06:10 PM Bug #14691: Separators get shifted when copying firewall rules between interfaces: Tested against:... Danilo Zrenjanin
08:46 PM Revision 26b97b65: Remove the original rule when chaning the rule's interface. Fix #14691: Marcos M
08:04 PM Feature #14337: Allow SMTP notifications from non-root processes: Thanks Jim Denny Page
07:57 PM Feature #14337 (In Progress): Allow SMTP notifications from non-root processes: I have an alternate idea on how to fix this and (hopefully) also preserve the duplicate message suppression. There is... Jim Pingle
06:32 PM Revision abc8192b: Refactor rule separators. Fix #14691: Marcos M
06:11 PM Feature #13784 (Rejected): Option to completely block MAC addresses in Captive Portal: Now that L2 filtering is possible in the GUI (see #14308), this is no longer needed. Below is the diff for this MR fo... Marcos M
05:18 PM pfSense Packages Bug #14704 (Duplicate): FRR BGP Neighbor configuration page no longer displays BFD Peer(s) in the BFD section: Duplicate of #14654
It's already fixed in the most recent version of the package. Jim Pingle
05:10 PM pfSense Packages Bug #14704 (Duplicate): FRR BGP Neighbor configuration page no longer displays BFD Peer(s) in the BFD section: Hello,
I can no longer select a BFD Peer when creating a FRR BGP neighbor.
As an example.
I have two (2) BFD... Michael Mercier
04:44 PM Bug #13903 (Feedback): PPPoE Server address input validation is incorrectly allowing IPv6: Fixed by commit:9d0cd39f3be509ca0fd46119777bedd1954802c4 (typo'd the issue ID on there) Jim Pingle
03:48 PM Bug #13903 (In Progress): PPPoE Server address input validation is incorrectly allowing IPv6: Looks like it should be IPv4 only so I've fixed the input validation to restrict it to IPv4
I also corrected a mis... Jim Pingle
04:40 PM Bug #14392 (Feedback): ``find_interface_ipv6_ll()`` can return a VIP instead of the interface address: Applied in changeset commit:5df71c77b6b03a30b8f6425da331a892eb9876ad. Jim Pingle
04:21 PM Revision 5df71c77: Correct IPv6 LL addr locate behavior. Fixes #14392: Comments said it should take the first but it was taking the last.
Make that behavior optional but default to taking... Jim Pingle
03:47 PM Revision 9d0cd39f: Fixup PPPoE server input validation. Fixes #13909: Jim Pingle
03:40 PM Bug #14394 (Feedback): PHP error in CSRF Magic from invalid time value: Applied in changeset commit:1a57545864783b3acc5f28d166a79bd92a849759. Jim Pingle
03:10 PM Bug #14394 (In Progress): PHP error in CSRF Magic from invalid time value: Jim Pingle
03:29 PM Revision 1a575458: Correct PHP errors in CSRF Magic. Fixes #14394: Jim Pingle
03:00 PM Bug #13218 (Feedback): GIF-based interface MTU is assigned to parent interface on boot when parent interface is a LAGG: Applied in changeset commit:14beb636e4ca286c011398a30fd818f15c83eb7e. Jim Pingle
02:40 PM Bug #13218 (In Progress): GIF-based interface MTU is assigned to parent interface on boot when parent interface is a LAGG: PR has conflicts (and some logic issues, and outdated code usage). I'm working on an updated version of the changes. Jim Pingle
02:44 PM Revision 14beb636: Simplify interface_find_child_cfgmtu(). Fixes #13218: * Simplify the code in interface_find_child_cfgmtu() so it doesn't have
so much repetition
* Do not test GIF/GRE as... Jim Pingle
02:15 PM Regression #11570: Gateway monitoring services is not always restarted on interface events, which may prevent a WAN from recovering back to an online state: PR has conflicts and needs work/testing still Jim Pingle
02:15 PM Feature #13124 (Feedback): Option to wait for interface selection before displaying firewall rules: Applied in changeset commit:c451853836ae3e00ec20aa666c64a198d08b402c. Jim Pingle
02:09 PM Feature #13124 (In Progress): Option to wait for interface selection before displaying firewall rules: Jim Pingle
02:13 PM Bug #12225 (Rejected): Group membership field is not needed for remote groups: Doesn't seem like something we really need/want at the moment, and the PR was closed a few weeks ago.
Jim Pingle
02:08 PM Revision c4518538: Option to require if select before showing fw rules. Implements #13124: Originally submitted in PR 4582 by Chrisc-c-c at GitHub Jim Pingle
01:40 PM Feature #13245 (Feedback): Type column on Alias lists: Applied in changeset commit:33cd269034590899b429f72305a4abdc4c6f686e. Jim Pingle
01:30 PM Feature #13245 (In Progress): Type column on Alias lists: Jim Pingle
01:32 PM Revision 33cd2690: Type column for Alias list. Implements #13245: While here, clean up some redundant/incorrect variable usage.
Adapted from PR 4592 submitted by luckman212 @ GitHub Jim Pingle
01:26 PM Feature #13377 (Feedback): Option to configure a custom value for the PHP memory limit: MR Merged Jim Pingle
01:12 PM Revision fc62ac50: Add a setting for PHP memory limit in System -> Advanced. Feature #13377: Christopher Cope
01:10 PM Feature #13804 (Feedback): Prevent CARP status/maintenance mode from being erroneously toggled: Applied in changeset commit:a9238fddf3149f0bd22886f91becfa3d373cc164. Christopher Cope
01:05 PM Feature #14347 (Feedback): Improve System menu behavior for Certificate Manager privileges: Applied in changeset commit:d9f02c6abae1d58e57cdff1775f1b516cb038585. Jim Pingle
12:55 PM Feature #14347 (In Progress): Improve System menu behavior for Certificate Manager privileges: Jim Pingle
01:02 PM Revision a9238fdd: Add requested state to status_carp requests. Implements #13804: Christopher Cope
12:59 PM Feature #14208: Automatic Split-DNS for 1:1 NAT: Waiting on changes to the PR, will be better in the next release with more time to test it out. Jim Pingle
12:55 PM Revision d9f02c6a: Pick crt mgr start by privs. Implements #14347: Check user privileges to determine where the menu entry for the
certificate manager should point. Users might have ac... Jim Pingle
12:38 PM Bug #14621 (Feedback): Rule separators are hidden when their index is greater than the number of rules: This was merged a couple weeks ago Jim Pingle
07:56 AM Bug #14702 (Resolved): ``ctype_digit()`` returns unexpected result for values <= ``255`` which can break some validation functions/usages: The patch fixes it.
I am marking this ticket resolved. Danilo Zrenjanin
07:45 AM Bug #14695 (Resolved): Copy function for User Manager Groups does not work for first group in list: Danilo Zrenjanin
07:45 AM Bug #14695: Copy function for User Manager Groups does not work for first group in list: The patch fixes it.
I am marking this ticket resolved.
Danilo Zrenjanin
06:52 AM Bug #14628: PPPoE Interface Panic: Occurred again today.
@
Aug 23 11:47:25 login 74579 login on ttyv0 as root
Aug 23 11:47:25 sshguard 77416 Now mo... Faisal Mahmood

08/22/2023

10:45 PM Bug #14691 (Pull Request Review): Separators get shifted when copying firewall rules between interfaces: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/1063 Marcos M
03:36 PM Bug #14691 (In Progress): Separators get shifted when copying firewall rules between interfaces: Marcos M
07:26 PM Feature #13422: Add a 'type' field to the DHCPv6 server Additional BOOTP/DHCP Options: This may already be part of the Kea work, but in case it isn't... Jim Pingle
07:24 PM Feature #13710: Support UTF-8 CA/Certificate subject components: We have enough to worry about with OpenSSL 3.x changes in this release, best not to complicate cert changes any furth... Jim Pingle
07:16 PM pfSense Packages Bug #14349 (Closed): The ClamAV 0.105.1 got a few vulnerabilities: It's already fixed in dev snaps, it'll come back naturally with the next release.
Jim Pingle
06:38 PM pfSense Plus Bug #14682 (Feedback): DCO OpenVPN server bound to Localhost does not pass traffic as expected: Committed upstream in https://cgit.freebsd.org/src/commit/?id=949491f2a6397f2514f8fcde1c7dc61bd82f201a, and cherry-pi... Kristof Provost
03:45 PM pfSense Plus Bug #14682 (In Progress): DCO OpenVPN server bound to Localhost does not pass traffic as expected: I've also been able to reproduce this.
The problem turns out to be that we pass through pf multiple times (which i... Kristof Provost
05:06 PM pfSense Plus Feature #14348 (Resolved): Add unicast CARP indication and peer address to CARP status: This looks really good on Plus and CE both compared to before. Much more useful information and it all appears to be ... Jim Pingle
04:25 PM Revision 0600beae: services_dhcp.php: fix pool address range validation: Christian McDonald
02:20 AM Bug #14648: Values obtained from ``sysctl`` are sometimes unexpectedly empty, leading to PHP and other math errors: I am repeatedly receiving errors related to this. In addition to errors, crash reports, nearly every day. I just appl... C T

Also available in: Atom

Project

General

Profile

pfSense

Activity

Activity

09/20/2023

09/19/2023

09/18/2023

09/17/2023

09/16/2023

09/15/2023

09/14/2023

09/13/2023

09/12/2023

09/11/2023

09/10/2023

09/09/2023

09/08/2023

09/07/2023

09/06/2023

09/05/2023

09/04/2023

09/03/2023

09/02/2023

09/01/2023

08/31/2023

08/30/2023

08/29/2023

08/28/2023

08/27/2023

08/26/2023

08/25/2023

08/24/2023

08/23/2023

08/22/2023