Project

General

Profile

Activity

From 09/12/2023 to 10/11/2023

10/11/2023

08:01 PM Bug #14386: ``openvpn.auth-user.php`` gets stuck at 100% CPU usage when RADIUS authentication times out
I'm not sure that the @Operation timed out@ log is related because the existence of the log means that the authentica... Marcos M
07:33 PM pfSense Packages Todo #14795: Transition to nut-devel
The upstream issue is resolved. Denny Page
07:01 PM pfSense Packages Bug #14865 (New): Saving TINC VPN settings on a CARP Primary causes TINC to start on the Secondary
When anything triggers a configuration save or if the TINC VPN configuration is saved on the CARP Primary Firewall, t... Matthew Latin
03:22 PM Regression #14525 (Resolved): PHP error in ``status_ipsec.php`` after removing active IPsec tunnel configuration
Jim Pingle
03:22 PM Regression #14525: PHP error in ``status_ipsec.php`` after removing active IPsec tunnel configuration
Tetsed on
23.05.1-RELEASE (amd64)
built on Wed Jun 28 03:57:27 UTC 2023
FreeBSD 14.0-CURRENT
The patch working... aleksei prokofiev
03:10 PM Regression #14525: PHP error in ``status_ipsec.php`` after removing active IPsec tunnel configuration
Tested patch on
2.7.0-RELEASE (amd64)
built on Wed Jun 28 03:53:34 UTC 2023
FreeBSD 14.0-CURRENT
Patch fixed th... aleksei prokofiev
09:15 AM Regression #14525: PHP error in ``status_ipsec.php`` after removing active IPsec tunnel configuration
I can reproduce this error with follow
1. S2S Ipsec
2. With working state, I delete P2 on one side and got this err... aleksei prokofiev
01:07 PM Feature #14864: Add option to enable unbound respip module (support RPZ)
!clipboard-202310111506-yzspy.png!
 znerol znerol
01:06 PM Feature #14864: Add option to enable unbound respip module (support RPZ)
Filed a "PR":https://github.com/pfsense/pfsense/pull/4650 znerol znerol
01:03 PM Feature #14864 (New): Add option to enable unbound respip module (support RPZ)
Unbound ships with great support for "Response Policy Zones":https://unbound.docs.nlnetlabs.nl/en/latest/topics/filte... znerol znerol
12:14 PM Feature #14860: Column consistancy between DHCP Static mapping and ARP
Do you mean in the DHCP static mapping list on services_dhcp.php / services_dhcpv6.php? The lists on status_dhcp.php ... Jim Pingle
12:07 PM Bug #14857 (Not a Bug): Linebreak or newline deleted from OpenVPN Custom Options Causing Corruption
It's not a bug. Read the text under the advanced options field. Directives in that box must be separated by a semicol... Jim Pingle
07:53 AM pfSense Packages Feature #14863 (New): WireGuard suppport for aliases
Allow to use aliases in "Allowed IPs" in the WireGuard Peer config. That would match with the general ability to use ... Bob Dig
07:17 AM Bug #14854: Packets are passed through dummynet twice when using ``route-to`` leading to half the expected bandwidth
I've tested on
2.7.0-RELEASE (amd64)
built on Wed Jun 28 03:53:34 UTC 2023
FreeBSD 14.0-CURRENT
It is not a bu... aleksei prokofiev
05:41 AM Regression #14856: Duplicating a floating rule places it at the bottom
The patch works great, tested on ... Lev Prokofev
12:43 AM pfSense Packages Documentation #14842: Update Squid troubleshooting
Can an update be made in the netgate documentation or a fix for this issue be investigated?
Its very odd that ticket... Mike Moore
12:33 AM pfSense Plus Bug #14862 (New): netstat nexthop queries fail on an arm32
Using the -o or -O switches with netstat to get nexthop data fails or shows bad data on arm32 devices.... Steve Wheeler

10/10/2023

09:05 PM pfSense Packages Bug #14861 (Resolved): PHP error when pings are enabled but no ping hosts are defined
i was directed to report this issue here
https://forum.netgate.com/topic/183151/telegraf-stopped-working-after-upd... David Bowen
08:30 PM Bug #14083: Adding MSS and MTU values on a LAGG VLAN interface breaks connectivity
I can confirm the issue with pfSense 2.7. We're using multiple vlan interfaces on an lagg1 interface. (lagg1.40, lagg... Daniel Hoffend
08:05 PM Feature #14860 (New): Column consistancy between DHCP Static mapping and ARP
Just a suggestion that the column IP and MAC be swapped in the table for Diagnostics / ARP. This would be consistant ... John Weithman
07:52 PM pfSense Packages Bug #14554 (Duplicate): PHP Fatal error: Uncaught TypeError: Cannot access offset of type string on string
Marcos M
06:46 PM Bug #14840: OpenVPN Uncaught Exception log error: Uncaught Exception: Can't parse time from string
I never configured a gateway group, just setting an IPv4 Tunnel Network 10.50.62.0/24
However, I did not set any I... Phil Wardt
06:05 PM Regression #14845 (Feedback): PHP error in 1:1 NAT rule list when a 1:1 NAT rule uses an interface macro for the external address
The issues noted in #note-6 occur when the IP address is also a VIP.
Applied in changeset commit:77ba34495de9cde375c... Marcos M
02:47 PM Regression #14845 (In Progress): PHP error in 1:1 NAT rule list when a 1:1 NAT rule uses an interface macro for the external address
Marcos M
05:56 PM Revision 77ba3449: Specify specialnet flags for GUI fields. Fix #14845
Store the flags in variables to allow easier future updates. Marcos M
05:47 PM Revision 38e308db: kea: enable RFC6842 compatibility mode
Christian McDonald
04:12 PM pfSense Packages Todo #14795: Transition to nut-devel
The pfSense-pkg-nut build appears to be failing due to an issue upstream in the FreeBSD nut-devel package. I have fil... Denny Page
02:19 PM pfSense Packages Bug #14858: Possible SNORT Regression with Remove Blocked Hosts interval / Alert length of time / duration timer being auto changed timer changed by itself and is deleting blocked hosts at 5 mins when set to never
Sorry I had it set to never to help with my AppID text file I made. I had a huge amount of entries I was making a a g... Jonathan Lee
01:03 PM pfSense Packages Bug #14858: Possible SNORT Regression with Remove Blocked Hosts interval / Alert length of time / duration timer being auto changed timer changed by itself and is deleting blocked hosts at 5 mins when set to never
I'm not following the problem description in this ticket at all. There is no relationship between the @virusprot@ tab... Bill Meeks
06:23 AM pfSense Packages Bug #14858 (Closed): Possible SNORT Regression with Remove Blocked Hosts interval / Alert length of time / duration timer being auto changed timer changed by itself and is deleting blocked hosts at 5 mins when set to never
Hello fellow Redmine community members,
I am having an issue with my Snort �Remove blocked host interval changing ... Jonathan Lee
01:55 PM Revision f3ec053b: kea: fix netboot regression
Christian McDonald
11:36 AM Bug #14859 (Resolved): Config upgrade error: upgrade_config.inc:6135
Upon restoring a config from pfSense 2.4.X or older:... Steve Wheeler
05:55 AM Bug #14857 (Not a Bug): Linebreak or newline deleted from OpenVPN Custom Options Causing Corruption
This bug has existed for at least three years. I don't know what triggers it, but it appears to be triggered behind t... George 77

10/09/2023

11:10 PM Bug #14840: OpenVPN Uncaught Exception log error: Uncaught Exception: Can't parse time from string
This has happened previously on 23.01 when the OpenVPN server is set to use a gateway group and the tier1 gateway is ... Marcos M
10:25 PM Regression #14856 (Feedback): Duplicating a floating rule places it at the bottom
Applied in changeset commit:35492119bf317c56d02b4a6d7f03d9658da6599b. Marcos M
10:16 PM Regression #14856 (Pull Request Review): Duplicating a floating rule places it at the bottom
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/1088 Marcos M
10:13 PM Regression #14856 (Resolved): Duplicating a floating rule places it at the bottom
When duplicating a floating rule, the rule is placed at the bottom instead of after the original rule it was duplicat... Marcos M
10:16 PM Revision 35492119: Save a duplicated floating rule after the original rule. Fix #14856
Marcos M
08:56 PM pfSense Packages Bug #14200: WireGuard reply-to without NAT
Confirmed for 2.7.0 and described here:
https://forum.netgate.com/topic/183278/port-forwarding-through-wg-tunnel-mis... Jens Maul
08:34 PM pfSense Packages Feature #13575 (Feedback): Update to frr 9.0.1
Updated to frr 9.0.1 in 23.09 dev branch. Marcos M
07:50 PM Bug #14854: Packets are passed through dummynet twice when using ``route-to`` leading to half the expected bandwidth
I am using default "new limiter" UploadLimit and speed limit in bits/s (16*1024*1024)
I am using default "new limite... Lukáš Mojžíš
07:43 PM Bug #14854: Packets are passed through dummynet twice when using ``route-to`` leading to half the expected bandwidth
Unable to replicate with the following setup
1 WAN - 1 LAN
pfSense CE 2.7.0 on a VM
Ubuntu Desktop client
Ste... dylan mendez
04:28 PM pfSense Plus Bug #14847: PHP-FPM webgui crashes and freezes
I read some information and experience and tried it. My point is not to rule out any possibility, but to face the pro... yon Liu
04:09 PM pfSense Plus Bug #14847: PHP-FPM webgui crashes and freezes
No, according to research, it is caused by your parameter configuration and PHP code design issues. My hardware resou... yon Liu
12:42 PM pfSense Plus Bug #14847 (Rejected): PHP-FPM webgui crashes and freezes
Those parameters are already adjusted based on system memory. There have been no other similar reports of problems wi... Jim Pingle
01:12 PM Bug #14852 (Not a Bug): SSH authentification with Radius backend is not working
Works for me here. Make sure there is a local user with the correct privileges already on the pfSense side. It doesn'... Jim Pingle
12:58 PM Bug #14237 (Not a Bug): Intermittent packet loss related to DHCP with Multi-WAN
Jim Pingle
12:57 PM Regression #14845: PHP error in 1:1 NAT rule list when a 1:1 NAT rule uses an interface macro for the external address
I am not seeing either of those behaviors here on the latest snapshot or a patched system. I can edit a rule and the ... Jim Pingle
12:43 PM pfSense Plus Bug #14848 (Rejected): The system cannot complete the restart process
There isn't nearly enough detail here to tell what is happening on your system in your environment, but it's not a ge... Jim Pingle
12:38 PM pfSense Packages Bug #14846 (Rejected): shellcmd Can't be executed from order 7 onwards
There is no limit on shellcmd tags, they are all executed by the system in the same manner one after another. If ther... Jim Pingle
12:20 PM pfSense Packages Bug #14855 (Resolved): suricata_Getdirsize issue after PHP 8
Found an issue with suricata_Getdirsize in suricata.inc
Since PHP 8 an Integer needle is no longer treated as a char... Graham Collinson

10/08/2023

10:00 PM Bug #14854: Packets are passed through dummynet twice when using ``route-to`` leading to half the expected bandwidth
I've just registered to report this. This affects me too.
The situation can only be mitigated by setting gateway to ... Lukáš Mojžíš
08:26 PM Bug #14854: Packets are passed through dummynet twice when using ``route-to`` leading to half the expected bandwidth
from: cat /tmp/rules.debug
No gateway specified
anchor "userrules/*"
pass in quick on $LAN inet from 192.16... nasir ahmed
06:08 PM Bug #14854 (Resolved): Packets are passed through dummynet twice when using ``route-to`` leading to half the expected bandwidth
When using a traffic shaper limiter to set bandwidth to say 10mbps in the download using any scheduler, if the gatewa... nasir ahmed
07:17 PM Bug #14237: Intermittent packet loss related to DHCP with Multi-WAN
The reason this happens is that I had pfSense configured to drop all states in case one of gateways goes down.
The r... Nazar Mokrynskyi
05:06 PM pfSense Packages Regression #14452: Prometheus node_exporter generates errors with the default config
A fix for this issue appears to have been merged upstream:
https://github.com/prometheus/node_exporter/issues/2593
... Steve Wheeler
05:03 PM pfSense Packages Bug #14230: PHP error with pfBlockerNG
Pull request sent: https://github.com/pfsense/FreeBSD-ports/pull/1305 Andre Brait
05:03 PM pfSense Packages Bug #14554: PHP Fatal error: Uncaught TypeError: Cannot access offset of type string on string
Pull request sent: https://github.com/pfsense/FreeBSD-ports/pull/1305 Andre Brait
04:10 PM Bug #14804 (Resolved): Panic when pfsync attempts to synchronize states between hosts with different rulesets
Marcos M
02:03 PM pfSense Plus Bug #14847: PHP-FPM webgui crashes and freezes
I initially found the reason. The parameters in php-fpm.conf are incorrect and cannot adapt to high load conditions.
... yon Liu

10/07/2023

11:51 PM Feature #14802: Re-enable multiqueue support for virtio NIC
I second this request, can't get more than ~2.5Gbps out of interfaces because of this, which is really annoying.
Was... Nazar Mokrynskyi
09:03 PM pfSense Packages Bug #14230: PHP error with pfBlockerNG
Kris Phillips wrote in #note-2:
> I'm not seeing any PHP errors in 3.2.0_4 of pfBlockerNG. Was there any particular... Andre Brait
07:36 PM pfSense Packages Bug #14853: Missing response for AAAA or A queries for blacklisted domains in Python mode
GitHub Pull Request here: https://github.com/pfsense/FreeBSD-ports/pull/1304 Andre Brait
07:25 PM pfSense Packages Bug #14853 (Pull Request Review): Missing response for AAAA or A queries for blacklisted domains in Python mode
In Python mode, when a domain is blacklisted, the result gets cached in the dnsblDB dictionary for caching and faster... Andre Brait
06:03 AM Regression #14845: PHP error in 1:1 NAT rule list when a 1:1 NAT rule uses an interface macro for the external address
The patch is working, however, I noticed two issues
1) Brackets after external IP
!clipboard-202310071002-sjgi5.p... Lev Prokofev
05:27 AM Bug #14852: SSH authentification with Radius backend is not working
Tested on ... Lev Prokofev
05:26 AM Bug #14852 (Not a Bug): SSH authentification with Radius backend is not working
On an attempt to ssh using the Radius user credentials I get ... Lev Prokofev
01:01 AM pfSense Packages Regression #14850 (Resolved): Unreadable alerts file results in PHP error
Error:
Fatal error: Uncaught TypeError: fgetcsv(): Argument #1 ($stream) must be of type resource, bool given in /us... Jonathan Lee
12:01 AM Feature #14849 (New): Add checkboxes to System Package Manager GUI, to allow multiple packages installed/removed rather than one at a time
This fairly simple suggestion arises from experience some time ago updating 2.6 to 2.7, where release notes stated _"... Stilez y

10/06/2023

09:33 PM pfSense Plus Bug #14848 (Rejected): The system cannot complete the restart process
The system cannot complete the restart process.
The system has been stuck and cannot complete the restart process, b... yon Liu
09:29 PM pfSense Plus Bug #14847 (Rejected): PHP-FPM webgui crashes and freezes
Regarding PHP-FPM, webgui crashes and freezes when the system load is relatively heavy, such as when there are a larg... yon Liu
09:21 PM pfSense Packages Bug #14846 (Rejected): shellcmd Can't be executed from order 7 onwards

shellcmd Can't be executed from order 7 onwards
The last two commands in the screenshot cannot be executed aut... yon Liu
08:10 PM Bug #14840: OpenVPN Uncaught Exception log error: Uncaught Exception: Can't parse time from string
I did not make any changes in the config between 16 sept and today
The pfsense box is rebooted nightly
The email no... Phil Wardt
03:16 PM Bug #14840: OpenVPN Uncaught Exception log error: Uncaught Exception: Can't parse time from string
Phil Wardt wrote in #note-2:
> I use pfsense CE 2.7.0
> The upgrade was done a month ago and many rebbots happened ... Jim Pingle
07:57 PM Feature #6960: Introduce Kea DHCP as an alternative DHCP server for IPv4 and IPv6
Christian McDonald wrote in #note-24:
> I added a note to the UI when using Kea that the MAC address is used for mapp... Phil Wardt
07:13 PM Regression #14431: Sending IPv6 traffic on a disabled interface can trigger a kernel panic
I'll message you on the forum. Marcos M
06:50 PM Regression #14431: Sending IPv6 traffic on a disabled interface can trigger a kernel panic
I'm finding it hard to distinguish 'the steps' in that thread from the normal noise and I don't know how to enter the... Rob A
06:35 PM Regression #14431: Sending IPv6 traffic on a disabled interface can trigger a kernel panic
To clarify, make sure that after installing the kernel-debug package, you reboot and select the debug kernel (option ... Marcos M
06:32 PM Regression #14431: Sending IPv6 traffic on a disabled interface can trigger a kernel panic
Not sure if I have done so previously. Currently the file looks like this:... Rob A
05:43 PM Regression #14431: Sending IPv6 traffic on a disabled interface can trigger a kernel panic
Did you edit the pfSense-ddb.conf file and add a swap partition for it to dump to?
Christian is working on a shiny w... Kristof Provost
05:37 PM Regression #14431: Sending IPv6 traffic on a disabled interface can trigger a kernel panic
Regrettably no:... Rob A
05:34 PM Regression #14431: Sending IPv6 traffic on a disabled interface can trigger a kernel panic
It should end up in /var/crash Kristof Provost
05:26 PM Regression #14431: Sending IPv6 traffic on a disabled interface can trigger a kernel panic
With the debug kernel running I triggered a crash and have the regular crash report. I did not see a core dump file ... Rob A
04:54 PM Regression #14431: Sending IPv6 traffic on a disabled interface can trigger a kernel panic
Ok, your job would be easy if it wasn't for these dull customers!... Rob A
04:37 PM Regression #14431: Sending IPv6 traffic on a disabled interface can trigger a kernel panic
Download the file to your device, and install with `pkg install -U <filename>`, via the device CLI. Kristof Provost
04:26 PM Regression #14431: Sending IPv6 traffic on a disabled interface can trigger a kernel panic
I ran the system (In whatever state I achieved above) but I was fighting other issues such as Kea and pfBlocker not r... Rob A
03:30 PM Regression #14431: Sending IPv6 traffic on a disabled interface can trigger a kernel panic
No joy. With pkg install I get the error:... Rob A
02:43 PM Regression #14431: Sending IPv6 traffic on a disabled interface can trigger a kernel panic
You can just pkg install and pkg remove it later.
As usual, make a config backup just in case, but this ought to be ... Kristof Provost
02:20 PM Bug #14804: Panic when pfsync attempts to synchronize states between hosts with different rulesets
There are no more crashes on the latest snapshots. Many thanks to all participants. Vladimir Suhhanov
01:20 PM Regression #14845 (Feedback): PHP error in 1:1 NAT rule list when a 1:1 NAT rule uses an interface macro for the external address
Applied in changeset commit:1db73de1b1014af5bb267c48c711d9917364b9aa. Jim Pingle
05:31 AM Regression #14845: PHP error in 1:1 NAT rule list when a 1:1 NAT rule uses an interface macro for the external address
Can confirm this bug,
tested on ... Lev Prokofev
05:09 AM Regression #14845 (Resolved): PHP error in 1:1 NAT rule list when a 1:1 NAT rule uses an interface macro for the external address
Fatal error: Uncaught TypeError: Cannot access offset of type string on string in /usr/local/www/guiconfig.inc:408 St... yon Liu
01:14 PM Revision 1db73de1: Fix PHP error on 1:1 NAT w/if macros. Fixes #14845
Jim Pingle

10/05/2023

08:06 PM Bug #14840: OpenVPN Uncaught Exception log error: Uncaught Exception: Can't parse time from string
I use pfsense CE 2.7.0
The upgrade was done a month ago and many rebbots happened since then
I noticed the error th... Phil Wardt
12:51 PM Bug #14840 (Incomplete): OpenVPN Uncaught Exception log error: Uncaught Exception: Can't parse time from string
What version of pfSense software are you running now?
What were you doing before the reboot? (e.g. if it was a reb... Jim Pingle
12:29 PM Bug #14840 (Incomplete): OpenVPN Uncaught Exception log error: Uncaught Exception: Can't parse time from string
I received the below notification about an error when pfsense was booted:... Phil Wardt
07:31 PM Feature #14844: QAT 200xx devices are not recognized as supported
Note this is the new qat device in Xeon D-17xx not the device in C2000 Atoms.... Steve Wheeler
07:25 PM Feature #14844 (Resolved): QAT 200xx devices are not recognized as supported
qat_200xx is supported by the qat driver but the pfSense scripts do not recognise it as a valid device.
https://gi... Steve Wheeler
07:22 PM pfSense Plus Bug #14478 (Feedback): Ethernet rules using ``(self)`` as a source or destination make the ruleset fail to load
The fix for this was merged last week. Jim Pingle
07:20 PM Feature #13422: Add a 'type' field to the DHCPv6 server Additional BOOTP/DHCP Options
Custom options for Kea will be in the next version, not this one. Jim Pingle
06:36 PM Regression #14431: Sending IPv6 traffic on a disabled interface can trigger a kernel panic
No problem. Best method to install this in a recoverable way? Rob A
03:21 PM Regression #14431: Sending IPv6 traffic on a disabled interface can trigger a kernel panic
Can you install and run this kernel and try to get a core dump?
https://www.codepro.be/files/pfSense-kernel-debug-p... Kristof Provost
11:42 AM Regression #14431: Sending IPv6 traffic on a disabled interface can trigger a kernel panic
Thanks Kristof, as it happens I had a crash today:... Rob A
06:00 PM Feature #6960 (In Progress): Introduce Kea DHCP as an alternative DHCP server for IPv4 and IPv6
If I put a client ID such as "mint3" in, it's allowed by validation and Kea still crashes and refuses to start.
<p... Jim Pingle
05:09 AM Feature #6960 (Feedback): Introduce Kea DHCP as an alternative DHCP server for IPv4 and IPv6
I added a note to the UI when using Kea that the MAC address is used for mappings that set both a MAC and cid (which ... Christian McDonald
05:44 PM Feature #9504: Include hostname being updated in Dynamic DNS notifications
It's worth noting that this only applies to traditional Dynamic DNS instances (Services > Dynamic DNS, Dynamic DNS Cl... Jim Pingle
05:35 PM pfSense Plus Bug #14837: some services show can't start
/firewall_virtual_ip.php: The command '/sbin/ifconfig tun_wg0 inet6 'fe80::981f:60ff:fee9:56d3' -alias' returned exit... yon Liu
04:43 PM pfSense Plus Bug #14837: some services show can't start
wireguard up online, but wg service show down. yon Liu
05:10 PM pfSense Packages Feature #14729: OpenVPN Client Export - Support PLAP on Windows
Kris Phillips wrote in #note-1:
> Assigning to Jim P since he typically maintains this package.
Thank you. I'm wi... Pablo Bendersky
03:24 PM Bug #14843 (Confirmed): Explicit split DNS domain names required for IoS IPSEC clients.
This is a follow-up to bug #12975.
In the IPSec Mobile Clients GUI page, the SPLIT DNS parameter is commented as "... Serge Caron
02:22 PM pfSense Packages Documentation #14842 (New): Update Squid troubleshooting
The area where the update is needed:
https://docs.netgate.com/pfsense/en/latest/troubleshooting/squid.html#sites-no... Mike Moore
01:43 PM pfSense Packages Bug #14841 (Feedback): IPsec Profile Export for Apple is using incorrect encryption on PKCS#12 data, cannot import into macOS
https://gitlab.netgate.com/pfSense/factory-ports/-/commit/50536bbbe13da52c01bfeb77e6f40370844b9659 Jim Pingle
01:40 PM pfSense Packages Bug #14841 (Resolved): IPsec Profile Export for Apple is using incorrect encryption on PKCS#12 data, cannot import into macOS
Since the change to OpenSSL 3.0 on development snapshots, IPsec Profiles exported for Apple cannot be read.
Simila... Jim Pingle
12:56 PM pfSense Packages Bug #14834: Alerts Tab throws php error when changing size from 2000 back to 500.
Jonathan Lee wrote in #note-6:
> I don't know if this is of concern also. My Lan interface assignment to snort only ... Bill Meeks
02:23 AM pfSense Packages Bug #14834: Alerts Tab throws php error when changing size from 2000 back to 500.
I don't know if this is of concern also. My Lan interface assignment to snort only detects the destination as the fir... Jonathan Lee
12:18 PM Bug #14839 (Incomplete): PHP Parse error: syntax error
The error there is not from pfSsh.php but a problem with code being run through it. Note that it's mentioning "eval()... Jim Pingle
09:43 AM Bug #14839 (Incomplete): PHP Parse error: syntax error
[05-Oct-2023 12:18:36 Asia/Phnom_Penh] PHP Parse error: syntax error, unexpected end of file in /usr/local/sbin/pfSs... Sam Vanchanna
05:05 AM Revision 3b2e7ed2: kea: prevent configuring static reservations with both mac and cid matching
Christian McDonald

10/04/2023

09:57 PM pfSense Packages Feature #14838 (New): Full support for AdBlock-style lists
The AdBlock syntax allows for both blacklisting and whitelisting, as well as using wildcards and sometimes plain regu... Andre Brait
08:23 PM Bug #14804 (Feedback): Panic when pfsync attempts to synchronize states between hosts with different rulesets
I've cherry-picked the upstream fix into our branches. The fix will be part of the next snapshot builds. Kristof Provost
06:35 PM Bug #11192: Using Limiters causes out of order packets within one TCP or UDP flow
Marcos M wrote in #note-15:
> Thank you - it's a good analysis! Since this is more of a FreeBSD issue than a pfSense ... P L
04:14 PM pfSense Plus Bug #14837 (Not a Bug): some services show can't start
I can't reproduce anything like this. UPnP starts fine here, for example. Please post on the forum and diagnose these... Jim Pingle
04:02 PM pfSense Plus Bug #14837 (Not a Bug): some services show can't start
23.09-DEVELOPMENT (amd64)
built on Wed Oct 4 17:15:00 CST 2023
FreeBSD 14.0-CURRENT
status_services.php
wireg... yon Liu
01:29 PM Regression #14431: Sending IPv6 traffic on a disabled interface can trigger a kernel panic
Unfortunately both Steve and I have been unable to reproduce this problem.
We could try to see if a full core dum... Kristof Provost
01:08 PM pfSense Plus Bug #14824: OpenVPN instance on IPv6 PPPoE interface does not always start automatically
Still happens with one of the two VPNs
23.09-DEVELOPMENT (amd64)
built on Tue Oct 3 14:00:00 CST 2023 yon Liu
12:05 PM pfSense Packages Bug #14836: squid and capitive portal integration bug
The errors are from a file packaged with squid, not captive portal, so moving this to squid. Jim Pingle
11:58 AM pfSense Packages Bug #14836 (New): squid and capitive portal integration bug
When activating capitive portal authentication mode in squid, errors start to appear and the squid service does not r... Vamberto Araujo Vamberto
12:02 PM pfSense Plus Feature #14835 (Not a Bug): Nics name netgate 6100
The expected order is the order shown on https://docs.netgate.com/pfsense/en/latest/solutions/netgate-6100/io-ports.h... Jim Pingle
10:36 AM pfSense Plus Feature #14835: Nics name netgate 6100
Or is this the norm for this box?
https://docs.netgate.com/pfsense/en/latest/solutions/netgate-6100/io-ports.html Stepan Afonin
10:10 AM pfSense Plus Feature #14835 (Not a Bug): Nics name netgate 6100
Hello. I think that the WAN interfaces on the netgate 6100 *box* are now called incorrectly.
Like now:
WAN1 = ix3, ... Stepan Afonin
08:40 AM Revision 6d33f471: Template for the kernel-symbols package
The kernel-symbols package will contain the symbols files for the default
(i.e. non-DEBUG) kernel.
(cherry picked fr... Kristof Provost
02:29 AM pfSense Packages Bug #14834: Alerts Tab throws php error when changing size from 2000 back to 500.
Thanks for looking at this. I found a work around. I disabled the keep config, deleted the package, reinstalled and h... Jonathan Lee

10/03/2023

11:59 PM pfSense Packages Bug #14834 (Resolved): Alerts Tab throws php error when changing size from 2000 back to 500.
PR merged, it's building now Jim Pingle
11:51 PM pfSense Packages Bug #14834: Alerts Tab throws php error when changing size from 2000 back to 500.
I introduced this bug by way of a typo in my last package fix. The fix for this is posted and awaiting merge and subs... Bill Meeks
11:13 PM pfSense Packages Bug #14834 (Resolved): Alerts Tab throws php error when changing size from 2000 back to 500.
Steps to create:
Change alert tab length of logs display from 1000 back to 500 after apply
ERROR:
Fatal error:... Jonathan Lee
07:00 PM Bug #14831 (Feedback): IPsec rejects certificate without any SANs
Applied in changeset commit:547ecbf358f667c023b2d6b1c39dd53993fd6164. Jim Pingle
06:58 PM Bug #14785 (Feedback): Primary IPv6 interface address may be incorrect when a VIP is set
Azamat Khakimyanov wrote in #note-6:
> BUT when I used compressed IPv6-address (VIP:VIP::1/128) as a WAN VIP, I stil... Jim Pingle
01:10 PM Bug #14785 (Assigned): Primary IPv6 interface address may be incorrect when a VIP is set
Tested on 23.05_1 and 23.09-DEV (built on Tue Oct 3 6:00:00 UTC 2023)
I partly can reproduce this issue on 23.05_1... Azamat Khakimyanov
06:53 PM Revision 547ecbf3: Refine IPsec P1 cert wildcard check. Fixes #14831
Jim Pingle
06:40 PM Bug #14756: Link loss causes interfaces configured as Track Interface for IPv6 to lose their IPv4 addresses
If testing this via patching, you may need to apply commit:49d0874fb4524e05a802eaeabbf6bf152860f3d4 first Jim Pingle
06:30 PM Bug #14756 (Feedback): Link loss causes interfaces configured as Track Interface for IPv6 to lose their IPv4 addresses
Applied in changeset commit:5cd87ac533d2b7666d1ff5e1ab5a3fdf2a78f9ea. Jim Pingle
06:20 PM Bug #14756 (In Progress): Link loss causes interfaces configured as Track Interface for IPv6 to lose their IPv4 addresses
Looking more at interface_bring_down() it doesn't seem like it could be readily adapted this way since it wants to wo... Jim Pingle
06:39 PM Bug #14626 (Feedback): Multi-WAN IPsec does not fail over when preferred WAN loses link
Fixed in commit:49d0874fb4524e05a802eaeabbf6bf152860f3d4 Jim Pingle
06:39 PM Bug #14829 (Feedback): Multi-WAN Dynamic DNS does not fail over when preferred WAN loses link
Fixed in commit:49d0874fb4524e05a802eaeabbf6bf152860f3d4 Jim Pingle
06:23 PM Revision 5cd87ac5: Don't down static v4+t6 on link loss. Fixes #14756
In this scenario, IPv4 is static and IPv6 is tracking another interface.
Neither of those conditions requires taking ... Jim Pingle
06:17 PM Revision 49d0874f: Force gateway alarm for dynamic WAN link down
* Fixes Dynamic DNS updates when losing link. Issue #14829
* Fixes IPsec not failing over when losing link. Issue #14626 Jim Pingle
03:12 PM pfSense Packages Bug #14832 (Resolved): User-forced disabling of a rule or modifying a rule action from a triggered alert entry using the icons on the ALERTS tab is not saved as persistent.
PR merged and picked back, thanks! Jim Pingle
12:24 PM Bug #14804 (In Progress): Panic when pfsync attempts to synchronize states between hosts with different rulesets
Jim Pingle
06:55 AM Bug #14804: Panic when pfsync attempts to synchronize states between hosts with different rulesets
The affected user has very helpfully provided a core dump, which shows a couple of things.
Firstly it confirms what ... Kristof Provost
11:03 AM pfSense Plus Bug #14824: OpenVPN instance on IPv6 PPPoE interface does not always start automatically
Tested on:
23.01-RELEASE (amd64)
built on Fri Feb 10 20:06:33 UTC 2023
FreeBSD 14.0-CURRENT
(all official pat... Łukasz Rojczyk
04:32 AM Regression #14833 (New): OpenVPN client process in bridged tap mode fails after 2.7.0 CE upgrade

Have a P2P OpenVPN tunnel that bridges 2 physical interfaces for the purpose of passing multicast traffic. Has been... Bob Weybrecht
01:21 AM Feature #14047: Options to control Intel Speed Shift
riva geeza wrote in #note-1:
> This affected myself, on my newly built appliance the gui displayed Intel(R) Celeron(R... Andre Brait

10/02/2023

11:56 PM pfSense Packages Bug #14832: User-forced disabling of a rule or modifying a rule action from a triggered alert entry using the icons on the ALERTS tab is not saved as persistent.
The fix for the issues in this ticket has been submitted to the DEVEL branch in pull request 1300 here: https://githu... Bill Meeks
10:27 PM pfSense Packages Bug #14832 (Resolved): User-forced disabling of a rule or modifying a rule action from a triggered alert entry using the icons on the ALERTS tab is not saved as persistent.
This was functionality inadvertently broken during the PHP 8.1 updates back in early 2023 and was not detected during... Bill Meeks
07:59 PM Bug #14829 (Pull Request Review): Multi-WAN Dynamic DNS does not fail over when preferred WAN loses link
I have a fix for this coming, but it needs more testing.
Internal MR is https://gitlab.netgate.com/pfSense/pfSense... Jim Pingle
12:58 PM Bug #14829 (Resolved): Multi-WAN Dynamic DNS does not fail over when preferred WAN loses link
Link down for main WAN does trigger GW group failover to secondary WAN, but doesn't trigger DynDNS updatedns event.
... Georgiy Tyutyunnik
07:58 PM Bug #14626 (Pull Request Review): Multi-WAN IPsec does not fail over when preferred WAN loses link
I have a fix for this coming, but it needs more testing.
Internal MR is https://gitlab.netgate.com/pfSense/pfSense... Jim Pingle
07:55 PM Feature #9504 (Feedback): Include hostname being updated in Dynamic DNS notifications
Applied in changeset commit:8de76843e8d58bc6239be05498c2d372b19bac7e. Jim Pingle
07:51 PM Bug #14831 (Resolved): IPsec rejects certificate without any SANs
When I fixed #13373 it apparently created a slightly different bug: Now if there are *no* SANs on a certificate at al... Jim Pingle
07:46 PM Revision 8de76843: Include hostname in DDNS notify. Implements #9504
Jim Pingle
05:01 PM pfSense Plus Regression #14828: QAT is not being used by some daemons
I still see demonstrable difference between 23.05 and 23.09 dev with QAT. QAT is active on 23.05 for all on-device e... Rob A
03:09 PM pfSense Plus Regression #14828 (Feedback): QAT is not being used by some daemons
Waiting on more info from the OP on the forum since it's not clear there is actually a problem yet. The items we expe... Jim Pingle
01:07 PM pfSense Plus Regression #14828: QAT is not being used by some daemons
QAT isn't broken, it is working with IPsec and OpenVPN DCO which is expected since they are in the kernel.
It isn't ... Jim Pingle
11:29 AM pfSense Plus Regression #14828 (Feedback): QAT is not being used by some daemons
QAT not working. Issue identified on Netgate 6100 and subsequently confirmed on a 4100 unit. Issue confined to 23.0... Rob A
02:55 PM pfSense Plus Bug #14824: OpenVPN instance on IPv6 PPPoE interface does not always start automatically
log after rebooting the device (everything ok):
Oct 2 16:52:53 openvpn 39792 Initialization Sequence Completed
... Łukasz Rojczyk
02:49 PM pfSense Plus Bug #14824: OpenVPN instance on IPv6 PPPoE interface does not always start automatically
Probably the same problem that I extinguished (from version 23.05.1)
https://redmine.pfsense.org/issues/14811#chan... Łukasz Rojczyk
02:49 PM Feature #7718: Hostname for Custom DynDNS Updater.
Hi,
had the same problem with the missing hostname on my dynamic dns client page.
i was able to help myself with ... Carsten Terlutter
02:47 PM Feature #6960: Introduce Kea DHCP as an alternative DHCP server for IPv4 and IPv6
Vladimir Suhhanov wrote in #note-20:
> The other question is where I can see CARP status for the DHCP. ISC provided a... Jim Pingle
12:35 PM Feature #6960 (In Progress): Introduce Kea DHCP as an alternative DHCP server for IPv4 and IPv6
Confirmed here as well, setting a 'client identifier' in a static mapping makes Kea fail to start. Looks like we need... Jim Pingle
02:44 PM Regression #14819 (Resolved): File to trigger the wizard post-install is missing
Looks good on latest snapshot. The file is present, hardware is correctly identified, and the wizard is triggered at ... Jim Pingle
02:39 PM Bug #14830 (Duplicate): Kea can't start with both MAC address and Client Identifier on static mappings
Already known and mentioned here: #6960#note-21 Jim Pingle
02:33 PM Bug #14830 (Duplicate): Kea can't start with both MAC address and Client Identifier on static mappings
now no DHCP v4 work.
ERROR [kea-dhcp4.dhcp4.0x101e42412000] DHCP4_INIT_FAIL failed to initialize Kea server: confi... yon Liu
12:42 PM pfSense Docs Todo #14816: Feedback on pfSense® software Configuration Recipes — OpenVPN Site-to-Site Configuration Example with SSL/TLS
Kris Phillips wrote in #note-1:
> You shouldn't need to define a Remote subnet unless you're doing a /30 S2S, but I ... Jim Pingle
12:31 PM pfSense Packages Todo #14825 (Duplicate): please upgrade frr to frr 8.5.3_1
Duplicate of #13575 Jim Pingle
12:18 PM pfSense Packages Bug #14827 (Not a Bug): file space error with unbound: 103% used
It's an issue in your pfBlocker config. You'll have to manually clean up those log files, it's too late for the packa... Jim Pingle
08:25 AM Feature #7881: OpenVPN client - add support for multiple server entries
I'd like to be able to set multiple "remote" as fallback in case some of them fail to connect. AFAIU it can't be curr... Gianluca Gabrielli

10/01/2023

01:52 PM pfSense Packages Bug #14827: file space error with unbound: 103% used
When trying to install any packet now the following error occurs:
pkg-static: Not enough space in /var/cache/pkg, ne... Felix S
11:09 AM pfSense Packages Bug #14827: file space error with unbound: 103% used
Hi Kris,
thank you for your input on this.
I removed pfBlockerNG including its configuration which gives the follow... Felix S
02:22 AM pfSense Packages Bug #14827: file space error with unbound: 103% used
Based on the files, this looks more like an issue with pfBlockerNG than a problem with unbound. All of the files con... Kris Phillips
10:14 AM pfSense Packages Bug #10436 (Feedback): softflowd no longer sends flow data after upgrade (v0.9.9_1 -> v1.0.0)
My fault - I tested it on KVM with vtnet NICs. I'm afraid I don't have SG-3100.
If anyone can run this test on SG-... Azamat Khakimyanov
07:01 AM pfSense Packages Bug #14638: Upgrading from Tailscale 0.1.3.1 to 0.1.4 does not start tailscale after upgrading
Tested on
23.05.1-RELEASE (amd64)
built on Wed Jun 28 03:57:27 UTC 2023
FreeBSD 14.0-CURRENT
Tailscale 0.1.4
... aleksei prokofiev
06:25 AM Feature #6960: Introduce Kea DHCP as an alternative DHCP server for IPv4 and IPv6
No luck here...... Vladimir Suhhanov
02:32 AM Feature #6960: Introduce Kea DHCP as an alternative DHCP server for IPv4 and IPv6
Tested static leases, DHCP status page, service stop/start manually or from reboots. Seems to work without issues at... Kris Phillips
12:56 AM Feature #6960: Introduce Kea DHCP as an alternative DHCP server for IPv4 and IPv6
Testing as we speak with 23.09.a.20230929.2350
I needed to acknowledge deprecation before I could change any legacy ... Jordan G
02:44 AM pfSense Docs Todo #14816 (Confirmed): Feedback on pfSense® software Configuration Recipes — OpenVPN Site-to-Site Configuration Example with SSL/TLS
Reviewing, the option for "Enable authentication of TLS packets" is indeed missing in the UI. It looks like it was r... Kris Phillips
02:36 AM pfSense Packages Todo #14795: Transition to nut-devel
Plus should be updated with this as well. It is still on 2.8.0. Kris Phillips
02:34 AM pfSense Packages Todo #14825 (Confirmed): please upgrade frr to frr 8.5.3_1
Checked current snapshots of 23.09 and 8.5.2 is the current version in the Plus repo. Kris Phillips
02:24 AM pfSense Plus Bug #14824: OpenVPN instance on IPv6 PPPoE interface does not always start automatically
This sounds like an issue with ordering and PPPoE. Likely the PPPoE connection isn't started prior to the OpenVPN Cl... Kris Phillips
01:27 AM Regression #14819 (Feedback): File to trigger the wizard post-install is missing
Should be fixed in the next build Brad Davis

09/30/2023

10:37 PM pfSense Plus Bug #14467: Temperature sensor reading is abnormally high on some systems
getting unknown oid in the latest build 23.09.a.20230929.2350 Jordan G
08:30 PM pfSense Plus Feature #12832: 6100 configurable Blinking Blue LED
you can use the following to disable the blue blinking indicator on 4100/6100/8200 systems... Jordan G
08:20 PM pfSense Packages Bug #14827 (Not a Bug): file space error with unbound: 103% used
pfSense
2.7.0-RELEASE (amd64)
built on Wed Jun 28 03:53:34 UTC 2023
FreeBSD 14.0-CURRENT
df -lh output:
Files... Felix S
06:55 PM pfSense Packages Bug #10436 (Resolved): softflowd no longer sends flow data after upgrade (v0.9.9_1 -> v1.0.0)
Tested on 23.05_1 with SoftFlowD 1.2.6_1
I run SoftFlowd on different interfaces (WAN, LAN and Bridge) and generat... Azamat Khakimyanov
06:28 PM Bug #14634: The default gateway icon is not updated when the default gateway is changed to none
related to #12536 Alhusein Zawi
04:02 PM Feature #14746 (Resolved): Method for users to customize shell initialization behavior
Tested on... Christopher Cope
03:03 PM Feature #6960: Introduce Kea DHCP as an alternative DHCP server for IPv4 and IPv6
Tested the Kea DHCP with the latest release today.
Here are the test results:
- The service started without any... Danilo Zrenjanin
03:02 PM pfSense Plus Bug #14824: OpenVPN instance on IPv6 PPPoE interface does not always start automatically
This problem occurs again yon Liu
09:08 AM pfSense Plus Bug #14824: OpenVPN instance on IPv6 PPPoE interface does not always start automatically
I just updated to this version and this problem did not occur. I will continue to observe and report in the future.
... yon Liu
08:07 AM pfSense Plus Bug #14824: OpenVPN instance on IPv6 PPPoE interface does not always start automatically
my WAN is pppoe. yon Liu
06:55 AM pfSense Plus Bug #14824: OpenVPN instance on IPv6 PPPoE interface does not always start automatically
Can't reproduce it, tunnel on IPv6 only interface starts immediately after a reboot.
tested on ... Lev Prokofev
01:16 AM pfSense Plus Bug #14824: OpenVPN instance on IPv6 PPPoE interface does not always start automatically
tested on
23.09-DEVELOPMENT (amd64)
built on Fri Sep 29 21:07:00 CST 2023
FreeBSD 14.0-CURRENT yon Liu
01:13 AM pfSense Plus Bug #14824 (New): OpenVPN instance on IPv6 PPPoE interface does not always start automatically
openvpn use ipv6 WAN, When pfsense restarts the system, openvpn ipv6 can't autostart. It must be started manually. Af... yon Liu
02:34 PM Bug #14783 (Resolved): List of Dynamic DNS types with split host+domain name is missing several providers
I can confirm it is working fine on:... Danilo Zrenjanin
07:04 AM Bug #14783: List of Dynamic DNS types with split host+domain name is missing several providers
Looks good, tested it with the patch on ... Lev Prokofev
06:34 AM Bug #14783: List of Dynamic DNS types with split host+domain name is missing several providers
After applying the patch, there are no changes. I have resaved the DynDNS entry, but the Client Export Utility still ... Danilo Zrenjanin
11:22 AM pfSense Packages Feature #14826 (New): Add package pfSense-pkg-corosync-qnetd
This package should provide "corosync-qnetd":https://github.com/corosync/corosync-qdevice, a daemon providing an addi... Markus *
09:14 AM Bug #6799: Negating ``<interface> net`` when a VIP exists on the interface results in unintended behavior
Tested on 23.05_1 and on 23.09-DEV ()
I was able to reproduce this issue on 23.05_1 but on 23.09-DEV adding a VIP ... Azamat Khakimyanov
08:08 AM pfSense Packages Feature #8547: fwknop Port Knocking Package
Jim Pingle wrote in #note-1:
> If you want secure remote access, use a VPN.
I understand that censorship circumve... Vitaly Bakulev
01:33 AM pfSense Packages Todo #14825: please upgrade frr to frr 8.5.3_1
sorry, this is 8.5.3
Bug Fixes
bgpd
Add peers back to peer hash when peer_xfer_conn fails
Do not explicitly p... yon Liu
01:27 AM pfSense Packages Todo #14825 (Duplicate): please upgrade frr to frr 8.5.3_1
Because I keep encountering IPV6 bgp sessions in Idle and Connect status, I hope to upgrade to the latest version and... yon Liu
12:04 AM pfSense Packages Feature #14823 (New): Feature Request: pre configured packet crafted response for specific IP addresses (alias) such that the reply would automatically show all closed/filtered on ports for Snort package.
Feature Request for a pre configured packet crafted response for specific IP addresses such that the reply would auto... Jonathan Lee

09/29/2023

11:59 PM pfSense Packages Feature #14821: Feature Request: pre configured packet crafted response for specific IP addresses such that the reply would automatically show all closed/filtered on ports
Sorry this was supposed to be under Snort not nmap. I will fix that. Jonathan Lee
07:13 PM pfSense Packages Feature #14821 (Rejected): Feature Request: pre configured packet crafted response for specific IP addresses such that the reply would automatically show all closed/filtered on ports
The purpose of the nmap package is to provide a simple GUI for quick scans. I don't think this request is appropriate... Marcos M
06:45 PM pfSense Packages Feature #14821: Feature Request: pre configured packet crafted response for specific IP addresses such that the reply would automatically show all closed/filtered on ports
this still causes event Jonathan Lee
06:39 PM pfSense Packages Feature #14821: Feature Request: pre configured packet crafted response for specific IP addresses such that the reply would automatically show all closed/filtered on ports
Ref:
https://www.snort.org/faq/readme-sfportscan Jonathan Lee
06:37 PM pfSense Packages Feature #14821: Feature Request: pre configured packet crafted response for specific IP addresses such that the reply would automatically show all closed/filtered on ports
Relates to:
https://redmine.pfsense.org/issues/14754
https://redmine.pfsense.org/issues/14514 Jonathan Lee
06:35 PM pfSense Packages Feature #14821 (Rejected): Feature Request: pre configured packet crafted response for specific IP addresses such that the reply would automatically show all closed/filtered on ports
Attached is a example of detection and block of a standard non decoy nmap scan.
Kali OS has decoy/spoofing port sc... Jonathan Lee
10:36 PM Bug #14820 (Resolved): GUI TCP port is not updated in the configuration when saving with the field empty to remove an existing value
Marcos M
06:08 PM Bug #14820: GUI TCP port is not updated in the configuration when saving with the field empty to remove an existing value
patch works
tested on:
Version 23.05.1-RELEASE (amd64)
built on Wed Jun 28 03:57:27 UTC 2023
FreeBSD 14.0-CURRENT Georgiy Tyutyunnik
05:20 PM Bug #14820 (Feedback): GUI TCP port is not updated in the configuration when saving with the field empty to remove an existing value
Applied in changeset commit:57e299906c4525bcc89c728a6246495369178023. Marcos M
05:12 PM Bug #14820 (Pull Request Review): GUI TCP port is not updated in the configuration when saving with the field empty to remove an existing value
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/1085 Marcos M
04:51 PM Bug #14820: GUI TCP port is not updated in the configuration when saving with the field empty to remove an existing value
Can confirm this, tested on ... Lev Prokofev
04:41 PM Bug #14820 (Resolved): GUI TCP port is not updated in the configuration when saving with the field empty to remove an existing value
# Set a value for the GUI TCP port; save
# Remove the value; save
# The config and redirect URL contains the old po... Marcos M
10:33 PM pfSense Packages Bug #13997: NUT Package and 23.01
It may be this gets resolved once the package is updated:
https://redmine.pfsense.org/issues/14795 Marcos M
07:59 PM pfSense Packages Feature #14192: Instant Website Redaction Technology Not working
This now functions as expected with the created rules
If other admins use this firewall in a very large environmen... Jonathan Lee
07:25 PM pfSense Packages Feature #14192: Instant Website Redaction Technology Not working
Thanks for the reply.
I have added this to always allow. I did not know if others have noticed this. Jonathan Lee
06:10 PM pfSense Packages Feature #14192 (Rejected): Instant Website Redaction Technology Not working
This type of issue is better handled outside of the firewall software itself (e.g. by creating your own rules). Marcos M
07:53 PM pfSense Packages Bug #14822: Services/Snort/Pass List/Edit Auto-Generated IP Addresses has degraded performance on passing
Done per request
https://forum.netgate.com/topic/183128/services-snort-pass-list-edit-auto-generated-ip-addresses-... Jonathan Lee
07:26 PM pfSense Packages Bug #14822 (Feedback): Services/Snort/Pass List/Edit Auto-Generated IP Addresses has degraded performance on passing
> I have spoof rules enabled they are still blocking the passlist addresses seen below.
This has been an issue in th... Marcos M
07:02 PM pfSense Packages Bug #14822 (Feedback): Services/Snort/Pass List/Edit Auto-Generated IP Addresses has degraded performance on passing
I have learned that Snort's GUI Passlist Auto-Generated IP addresses area is not 100% passing and still blocking whe... Jonathan Lee
07:07 PM pfSense Packages Bug #14754: Snort security issue bug within tcp/UDP scan detection blocking tool DoS event
I opened a new bug for that I forgot that I have that already set as pass listed Jonathan Lee
06:44 PM pfSense Packages Bug #14754: Snort security issue bug within tcp/UDP scan detection blocking tool DoS event
@Marcos M
They are automatically added to pass list and this still occurs.
Unless this was changed recently.
... Jonathan Lee
06:36 PM pfSense Packages Bug #14754: Snort security issue bug within tcp/UDP scan detection blocking tool DoS event
Related Feature Request
https://redmine.pfsense.org/issues/14821 Jonathan Lee
06:16 PM pfSense Packages Bug #14754: Snort security issue bug within tcp/UDP scan detection blocking tool DoS event
Thanks Marcos I am aware of the passlist area this would resolve this. Again, that would allow backdoor conditional p... Jonathan Lee
05:58 PM pfSense Packages Bug #14754 (Not a Bug): Snort security issue bug within tcp/UDP scan detection blocking tool DoS event
This isn't a bug. To avoid the issue, relevant IP addresses can be added to a passlist. There also likely exist rules... Marcos M
05:39 PM pfSense Packages Bug #14754: Snort security issue bug within tcp/UDP scan detection blocking tool DoS event
Please let me know if that helps with the logic if not I can boot up Kali to offline my system again. That is already... Jonathan Lee
05:31 PM pfSense Packages Bug #14754: Snort security issue bug within tcp/UDP scan detection blocking tool DoS event
Example of detection and block of standard nmap scan.
Kali OS has decoy scanning abilities for lan tests that are ... Jonathan Lee
03:39 PM pfSense Packages Bug #14754: Snort security issue bug within tcp/UDP scan detection blocking tool DoS event
Thus this is what is occuring for my system and creates the DoS event.
Nmap -sS -D 8.8.8.8 64.113.111.129
Resul... Jonathan Lee
03:35 PM pfSense Packages Bug #14754: Snort security issue bug within tcp/UDP scan detection blocking tool DoS event
Durring testing this condition with Palo Alto
Command used was
Nmap -sS -D decoyIP targetIP
This will send th... Jonathan Lee
03:02 PM pfSense Packages Bug #14754: Snort security issue bug within tcp/UDP scan detection blocking tool DoS event
This denial of service attack occurs only when
P: snort is on wan and has port scan detection and blocking enable... Jonathan Lee
02:50 PM pfSense Packages Bug #14754: Snort security issue bug within tcp/UDP scan detection blocking tool DoS event
64.113.111.129 is my IP this block occurs when this IP is used by an invasive actor to perform a port scan of my netw... Jonathan Lee
02:46 PM pfSense Packages Bug #14754: Snort security issue bug within tcp/UDP scan detection blocking tool DoS event
P: pfSense is forwarding it's DNS to 8.8.8.8 and Snort is set to block port scans seen on the WAN interface.
Q: th... Jonathan Lee
01:07 PM pfSense Packages Bug #14754: Snort security issue bug within tcp/UDP scan detection blocking tool DoS event
This bug report makes absolutely no sense to me. I can't follow the logic trail here. All of the blocks shown in the ... Bill Meeks
06:52 PM pfSense Packages Todo #14795: Transition to nut-devel
https://github.com/pfsense/FreeBSD-ports/pull/1296 Marcos M
06:36 PM pfSense Packages Bug #14514: SNORT randomly starts blocking the IP address on the interface that it is residing on
https://redmine.pfsense.org/issues/14821
Related Feature Request Jonathan Lee
06:00 PM pfSense Packages Bug #14514 (Duplicate): SNORT randomly starts blocking the IP address on the interface that it is residing on
Marcos M
06:03 PM Bug #14516 (Not a Bug): With Multiple static ARP MAC-IP pairing to the same IP address hosts in ARP TABLE showing wrong pairings
The ARP page does a DNS lookup to show the hostname. Since the same IP address is used for multiple hostnames, the re... Marcos M
05:14 PM Revision 57e29990: Handle saving empty values in system_advanced_admin.php. Fix #14820
Marcos M
03:17 PM Feature #6960 (Feedback): Introduce Kea DHCP as an alternative DHCP server for IPv4 and IPv6
MR has been merged, it will be in snapshots shortly.
 Jim Pingle
03:12 PM Bug #13911: Unnecessary delay when querying ``ixgbe(4)`` interfaces with SFP ports
Updating subject for release notes. Jim Pingle
03:07 PM Bug #14325: Captive Portal incorrectly allows leading zeroes on voucher roll numbers
Updating subject for release notes. Jim Pingle
02:08 PM Revision bf4e2a03: Add notice when starting the zpool trim
Brad Davis
01:35 PM pfSense Packages Bug #14730: FreeRADIUS package has wrong/old internal_name specified in backup xml causing package reinstall failure on backup restore
For what it's worth, I just restored a backup on 23.09 which had FreeRADIUS3 installed and it restored fine and reins... Jim Pingle
01:24 PM Regression #14819 (Resolved): File to trigger the wizard post-install is missing
After some recent changes to how the base and so on are packaged, the file @/conf/trigger_initial_wizard@ is missing ... Jim Pingle
01:03 PM pfSense Plus Bug #14818: StatusTraffic Graph In/Out traffic misplaced in Graph but correct in text table
Yes but the settings on that traffic graph page can be configured in numerous different ways and how you have that pa... Jim Pingle
12:56 PM pfSense Plus Bug #14818: StatusTraffic Graph In/Out traffic misplaced in Graph but correct in text table
It is a super simple configuration.
One public WAN, one local LAN, only one local client IP
Just look on the pict... Ivaylo Velikov
12:26 PM pfSense Plus Bug #14818: StatusTraffic Graph In/Out traffic misplaced in Graph but correct in text table
Can you show more of the screenshot there to see all of your current settings when that behavior is observed?
Also... Jim Pingle
12:14 PM pfSense Plus Bug #14818 (Confirmed): StatusTraffic Graph In/Out traffic misplaced in Graph but correct in text table
StatusTraffic Graph In/Out traffic misplaced in Graph but correct in text table
See attached picture Ivaylo Velikov
05:45 AM Bug #9889: Cannot validate Certificates against Certificate Revocation Lists for Intermediate Certificate Authorities
1. Version information on dashboard. I've just applied the patch again, and the readout is now 'Unable to check for ... Chris Merchant

09/28/2023

09:50 PM pfSense Plus Bug #14515: Ethernet rule Action field hint text lists "reject" option which is not compatible with Ethernet rules
Thank you!! Jonathan Lee
09:49 PM pfSense Packages Bug #14426: PHP errors in Lightsquid
Thank you!!! Jonathan Lee
09:48 PM Regression #14500: PHP Error when viewing Traffic Graphs in ``iftop`` mode
Thank you!! Jonathan Lee
09:48 PM Todo #14790: Eliminate direct config access in ``interfaces.php``
Thank you ! Jonathan Lee
09:47 PM Bug #14579: PHP error in ``handle_wireless_post()`` when toggling some wireless interface options
Thank you !! Jonathan Lee
09:46 PM pfSense Packages Bug #14406: Squid Proxy version 0.4.46 Missing Error subfolder and files for "en" or "en-usa" and all other languages.
Thank you !! Jonathan Lee
09:45 PM pfSense Packages Bug #14754: Snort security issue bug within tcp/UDP scan detection blocking tool DoS event
Again this is another example where the DNS resolver IP address that is set on the firewall is being used as a decoy ... Jonathan Lee
09:38 PM pfSense Packages Bug #13811: Youtube content getting filtered on Squid when none is Selected
Does anyone know if this has this been resolved? I noticed I had to reapply the fix last update. Jonathan Lee
09:31 PM Feature #6960: Introduce Kea DHCP as an alternative DHCP server for IPv4 and IPv6
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/1073 Marcos M
09:27 PM Revision 9bd56e9d: Introduce Kea DHCP
Christian McDonald
09:22 PM pfSense Packages Feature #14786 (Duplicate): Add GUI option for host_verify_strict
Marcos M
07:21 PM Bug #14717 (Resolved): A default route can remain after setting the default gateway to None
Jim Pingle
07:09 PM Bug #14717: A default route can remain after setting the default gateway to None
patch fixes "stuck" ipv6 default for me
Version 23.05.1-RELEASE (amd64)
built on Wed Jun 28 03:57:27 UTC 2023
Fr... Georgiy Tyutyunnik
03:06 PM pfSense Plus Bug #14817 (Not a Bug): Traffic Graph reporting high Util - no talker found
This is most likely either something in your settings there (such as the 'filter' option) or it could be that some of... Jim Pingle
01:48 PM pfSense Plus Bug #14817 (Not a Bug): Traffic Graph reporting high Util - no talker found
I have a Unifi VLAN and a Wifi VLAN that are on the same interface - trunked. I wanted to provide context to how the ... Mike Moore
01:07 PM Revision 879e06af: Remove version and copynotice handling since it now belongs in the port
Brad Davis
12:06 PM Regression #14649 (Resolved): PHP error with One.com Dynamic DNS provider
Jim Pingle
04:44 AM Regression #14649: PHP error with One.com Dynamic DNS provider
No more crashes after the patch, tested on ... Lev Prokofev
08:55 AM Bug #14807 (Resolved): Logo text is partially rendered when using Compact-RED theme on CE
I applied the patch on the 2.7.
The patch fixes it.
I am marking this ticket closed. Danilo Zrenjanin
08:25 AM pfSense Packages Bug #14498: php errors when looking at snort active rules
The crash was produced in an attempt to grab the status output file, ticket #1936290053 there are no other PHP errors... Lev Prokofev
12:10 AM pfSense Docs Todo #14816 (Closed): Feedback on pfSense® software Configuration Recipes — OpenVPN Site-to-Site Configuration Example with SSL/TLS
*Page:* https://docs.netgate.com/pfsense/en/latest/recipes/openvpn-s2s-tls.html
*Feedback:*
I tried to follow t... Daniel Castellanos

09/27/2023

04:59 PM pfSense Packages Feature #9833: ACME: add ability to use custom ACME server
+1 as well. Many of the other servers running on-premises use the Step CA that is hosted internally. Allowing pfsense... Kevin Lewis
04:03 PM Bug #14814 (Duplicate): PHP erro
Duplicate of #14648 Jim Pingle
03:53 PM Bug #14814 (Duplicate): PHP erro
Hi guys
using pfSense for only about 3 weeks and up on stressing the connection getting below error. please help if ... harry ji
04:02 PM pfSense Packages Bug #14815 (Resolved): ACME.sh ingnores Certificates in Trust Store
ACME.sh does not trust the certificates in /etc/ssl/certs. This a problem when you add a custom ACME provider.
Curl... Hannes Gebhart
01:21 PM pfSense Packages Bug #14806 (Resolved): Freeradius configuration lost when you reinstall package
Jim Pingle
04:51 AM pfSense Packages Bug #14806: Freeradius configuration lost when you reinstall package
Tested on
23.05.1-RELEASE (amd64)
built on Wed Jun 28 03:57:27 UTC 2023
FreeBSD 14.0-CURRENT
freeradius3 0.15.... aleksei prokofiev
01:11 PM Bug #14813 (Rejected): La génération de clé privée et pubic ssh pour des codes voucher ne fonctionne plus depuis upgrade pfsense vers 2.7
The buttons to generate keys work fine on 2.7.0 and even on dev snapshots. There may be something that is not working... Jim Pingle
01:08 PM Bug #14813 (Rejected): La génération de clé privée et pubic ssh pour des codes voucher ne fonctionne plus depuis upgrade pfsense vers 2.7
Depuis upgrade vers 2.7,
le bouton "Generate new keys" ne foonctionne plus.
Les champs restent vides.
Since upg... Anonymous
12:49 PM pfSense Plus Bug #14812 (Not a Bug): Invalid https certificate https://pfsense-plus-pkg00.atx.netgate.com
The certificate is fine, it's self-signed and valid when properly trusted by the OS. Something on your local system i... Jim Pingle
11:20 AM pfSense Plus Bug #14812 (Not a Bug): Invalid https certificate https://pfsense-plus-pkg00.atx.netgate.com
Please update certificates on this web page, it is invalid now.
https://pfsense-plus-pkg00.atx.netgate.com
Expo... Lukasz R
11:11 AM pfSense Packages Bug #14554: PHP Fatal error: Uncaught TypeError: Cannot access offset of type string on string
Alex Kolesnik wrote:
> https://forum.netgate.com/topic/180950/error-on-pfblockerng-inc-5310-pfblockerng-devel-3-2-0_... Lleir Esteves

09/26/2023

09:09 PM pfSense Plus Bug #14478 (Pull Request Review): Ethernet rules using ``(self)`` as a source or destination make the ruleset fail to load
From what I can tell, @(self)@ is the only "dynamic host" we use in pfSense, everything else is a "static host". Fire... Marcos M
07:05 PM Revision 50f22815: Enable zpool autotrim and start a manual trim
Brad Davis
06:50 PM pfSense Packages Bug #14390: Squid: SECURITY ALERT: Host header forgery detected
Or….
We could have a proper fix for this issue then the workarounds that aren’t scalable Mike Moore
03:14 PM pfSense Packages Bug #14390: Squid: SECURITY ALERT: Host header forgery detected
Simon Byrnand wrote in #note-10:
> Could you not just use "Bypass Proxy for These Destination IPs" under "Transpar... Denis Roy
01:32 PM pfSense Packages Bug #14390: Squid: SECURITY ALERT: Host header forgery detected
Denis Roy wrote in #note-9:
> I have a transparent deployment with pfSense 2.7.0, and a mitigation has been to rely o... Simon Byrnand
05:41 PM Regression #14431: Sending IPv6 traffic on a disabled interface can trigger a kernel panic
Understood and thanks for the heads-up that the fix may be 6 months away. I'll have to find a new router solution in... Rob A
05:30 PM Regression #14431: Sending IPv6 traffic on a disabled interface can trigger a kernel panic
Moving the target ahead for now but if we do manage to solve it before release we can always move it back.
 Jim Pingle
05:39 PM Bug #14804: Panic when pfsync attempts to synchronize states between hosts with different rulesets
The address suggests we're crashing on `ifp = r->rpool.cur->kif ? r->rpool.cur->kif->pfik_ifp : NULL;` in pf_route(),... Kristof Provost
05:28 PM Bug #14804: Panic when pfsync attempts to synchronize states between hosts with different rulesets
Those additional backtraces in comment #1 look totally different, and there's no indication that these are the same i... Kristof Provost
05:32 PM Bug #14434: PPPoE WAN interface with VIPs causes continuous interface restarting
Moving the target ahead for now but there have been several other fixes for interface/VIP functions in 23.09 already ... Jim Pingle
05:29 PM Bug #14687: Error in boot messages about missing ``/boot/loader.conf.d`` directory
Moving this ahead for now since it doesn't appear to be a problem and may not even be actionable. If that is the case... Jim Pingle
04:28 PM Bug #14544 (Resolved): PPP interface default username/password are not being populated from provider data on ``interfaces.php`` and ``interfaces_ppps_edit.php``
Works fine on current snapshot. Both @interfaces.php@ and @interfaces_ppps_edit.php@ populate the username, password,... Jim Pingle
04:26 PM Bug #14325 (Resolved): Captive Portal incorrectly allows leading zeroes on voucher roll numbers
Current snapshot uses the integer value as it should, no more leading zeroes in the roll number after saving. Jim Pingle
04:24 PM Todo #14790: Eliminate direct config access in ``interfaces.php``
I've been trying to run @interfaces.php@ through all sorts of different scenarios and so far I have yet to break it o... Jim Pingle
04:23 PM Regression #14791 (Resolved): ``/etc/version.buildtime`` is not being updated on current snapshots
New code appears to be working properly Jim Pingle
03:58 PM Bug #11192 (New): Using Limiters causes out of order packets within one TCP or UDP flow
Thank you - it's a good analysis! Since this is more of a FreeBSD issue than a pfSense one, reporting this "upstream"... Marcos M
08:33 AM Bug #11192: Using Limiters causes out of order packets within one TCP or UDP flow
I've spent two weeks of my working time to debug this problem, find root cause, find workaround, and write complete r... Alexey Ab
03:50 PM Bug #13911 (Feedback): Unnecessary delay when querying ``ixgbe(4)`` interfaces with SFP ports
I've merged a change to the i2c read function to only try once (rather than 11 times) until we've identified an SFP. ... Kristof Provost
03:14 PM Bug #14577: OpenVPN not removing old Cisco-AVPair anchor rules and files in ``/tmp``
Marcos M wrote in #note-15:
> Until the referenced functionality is added upstream, floating client support will need... Michael Mercier
01:29 PM Bug #14811: [pfSense 23.05.1] OPEN VPN TAP
Why do you give such advice that in the tunnel TAP should be for /30 ? They all work, even /22 - see pure debian + op... Łukasz Rojczyk
12:47 PM Bug #14811 (Not a Bug): [pfSense 23.05.1] OPEN VPN TAP
That looks like you might have a configuration error there. In most cases the client tunnel network should be left bl... Jim Pingle
06:40 AM Bug #14811 (Not a Bug): [pfSense 23.05.1] OPEN VPN TAP
Sep 26 08:35:01 openvpn 64050 Exiting due to fatal error
Sep 26 08:35:01 openvpn 64050 FreeBSD ifconfig failed... Łukasz Rojczyk
12:49 PM pfSense Packages Bug #14806: Freeradius configuration lost when you reinstall package
Paolo Rosso wrote in #note-7:
> I confirm that the <keep_settings> tag is not present in my config.xml.
> After ent... Jim Pingle
08:19 AM pfSense Packages Bug #14806: Freeradius configuration lost when you reinstall package
I confirm that the <keep_settings> tag is not present in my config.xml.
After entering settings and saving, the <kee... Paolo Rosso

09/25/2023

09:58 PM pfSense Plus Feature #14810 (New): add Packet Too Big icmp type in firewall
I hope more ICMP type refinements can be added to the firewall options.
For example, add Type 2 - Packet Too Big an... yon Liu
08:30 PM Bug #11192 (Feedback): Using Limiters causes out of order packets within one TCP or UDP flow
It would be useful to know if this is reproducible on CE 2.7 (or preferably 23.09 dev) given the major OS version bum... Marcos M
07:25 PM Bug #14325 (Feedback): Captive Portal incorrectly allows leading zeroes on voucher roll numbers
Applied in changeset commit:502398beea2e0d6930a6e9d1f7fc16737f63265d. Jim Pingle
07:18 PM Bug #14325: Captive Portal incorrectly allows leading zeroes on voucher roll numbers
Fixing the backend or doing upgrade code seemed like overkill since there is no way these worked before. I fixed the ... Jim Pingle
07:07 PM Bug #14325 (In Progress): Captive Portal incorrectly allows leading zeroes on voucher roll numbers
The underlying @voucher@ binary strips leading zeroes so we should strip them when creating rolls as well (use @intva... Jim Pingle
07:16 PM Revision 502398be: Use intval of portal voucher data. Fixes #14325
It was already tested to be numeric but this normalizes the result so it
doesn't have things like leading zeroes or t... Jim Pingle
06:30 PM Regression #14525 (Feedback): PHP error in ``status_ipsec.php`` after removing active IPsec tunnel configuration
Applied in changeset commit:202e3c1b7d3af019f03bf2545a7f31062f8e8e08. Jim Pingle
06:24 PM Regression #14525 (In Progress): PHP error in ``status_ipsec.php`` after removing active IPsec tunnel configuration
While I could not reproduce it yet, I checked in what should be a fix for it. I tested the fix on several lab systems... Jim Pingle
03:40 PM Regression #14525: PHP error in ``status_ipsec.php`` after removing active IPsec tunnel configuration
Filip Bengtsson wrote in #note-5:
> As you suspected; starting and stopping did solve the issue (and restarting it d... Jim Pingle
03:24 PM Regression #14525: PHP error in ``status_ipsec.php`` after removing active IPsec tunnel configuration
As you suspected; starting and stopping did solve the issue (and restarting it did not). At least on the local router... Filip Bengtsson
12:55 PM Regression #14525: PHP error in ``status_ipsec.php`` after removing active IPsec tunnel configuration
Did the error go away if you stopped/started (not restart) the IPsec daemon?
For it to hit the error there, it wou... Jim Pingle
12:17 PM Regression #14525: PHP error in ``status_ipsec.php`` after removing active IPsec tunnel configuration
I began getting the same error by doing this:
I had an IPsec connection to a remote site already set up, but the r... Filip Bengtsson
06:21 PM Revision 202e3c1b: Avoid PHP err with missing P2 data. Fixes #14525
Use access functions to ensure we always have an array when expected in
this block of code. Jim Pingle
05:51 PM pfSense Packages Bug #14390: Squid: SECURITY ALERT: Host header forgery detected
I have a transparent deployment with pfSense 2.7.0, and a mitigation has been to rely on pfBlockerNG and custom NAT r... Denis Roy
05:38 PM pfSense Packages Bug #14806 (Feedback): Freeradius configuration lost when you reinstall package
Fix committed and picked back to CE 2.7.0 and Plus 23.05.1
https://github.com/pfsense/FreeBSD-ports/commit/0048927... Jim Pingle
05:32 PM pfSense Packages Bug #14806 (In Progress): Freeradius configuration lost when you reinstall package
Jim Pingle
01:55 PM pfSense Packages Bug #14806: Freeradius configuration lost when you reinstall package
I can't replicate this here but I can see how it might have happened.
If you never went to the Settings tab and cl... Jim Pingle
05:33 PM pfSense Packages Bug #14596 (Duplicate): FreeRADIUS falsely shows its default is to save data during package reinstall
Duplicate of #14806 but I already started working on that issue even though this one was older. Jim Pingle
05:31 PM pfSense Packages Bug #14730: FreeRADIUS package has wrong/old internal_name specified in backup xml causing package reinstall failure on backup restore
That line was put in to help with #11888 so if it gets removed or changed that will need to be reopened or at least t... Jim Pingle
04:15 PM Bug #14783 (Feedback): List of Dynamic DNS types with split host+domain name is missing several providers
Applied in changeset commit:ddb57f79e26e97e2a22f701016fc70a7d1c09ce4. Jim Pingle
04:09 PM Bug #14783: List of Dynamic DNS types with split host+domain name is missing several providers
This is not a package problem. The package is using the global @$dyndns_split_domain_types@ list from the base system... Jim Pingle
04:09 PM Revision ddb57f79: Update DDNS split host+domain list. Fixes #14783
Jim Pingle
04:00 PM Regression #14649 (Feedback): PHP error with One.com Dynamic DNS provider
Applied in changeset commit:dcb4461336de2fe69ac173787c8bce66e93ce672. Jim Pingle
03:55 PM Bug #14807 (Feedback): Logo text is partially rendered when using Compact-RED theme on CE
Applied in changeset commit:aad64829622356cd761062e57f4a8224d1b145e4. Jim Pingle
03:54 PM Revision dcb44613: Fix str concat for one.com DDNS. Fixes #14649
Jim Pingle
03:46 PM Revision aad64829: Correct CE logo w/Compact-Red Theme. Fixes #14807
Doesn't affect Plus logo, only CE.
Fix submitted by James White via Redmine Jim Pingle
03:45 PM Regression #14791 (Feedback): ``/etc/version.buildtime`` is not being updated on current snapshots
Applied in changeset commit:9365f3edaead5fe1fe7bcf7d7c5c8ccffadb353c. Jim Pingle
03:38 PM Revision 9365f3ed: Fix build time on sysinfo widget. Fixes #14791
While here, add a fallback method and error handling in case the file is
missing or invalid. Jim Pingle
03:05 PM Bug #14809 (Feedback): ``packet_capture.php`` uses ``count`` and ``length`` values in command execution without validation or encoding
Applied in changeset commit:f72618c4abb61ea6346938d0c93df9078736b775. Jim Pingle
02:53 PM Bug #14809 (Resolved): ``packet_capture.php`` uses ``count`` and ``length`` values in command execution without validation or encoding
The @packet_capture.php@ page uses the values of @count@ and @length@ when executing @tcpdump@ and it doesn't validat... Jim Pingle
02:59 PM Revision f72618c4: Pcap: Validate+Encode count & length. Fixes #14809
Jim Pingle
01:35 PM Bug #14579 (Resolved): PHP error in ``handle_wireless_post()`` when toggling some wireless interface options
Jim Pingle
01:35 PM Bug #9889: Cannot validate Certificates against Certificate Revocation Lists for Intermediate Certificate Authorities
Chris Merchant wrote in #note-6:
> This patch appears to break two items in 2.7.0-RELEASE (at least from what I have... Jim Pingle
01:23 PM pfSense Packages Bug #14808 (Closed): Configuring RPKI may break BGP
If it works on 23.09 then it seems like an issue in FRR with that particular configuration that's been fixed, and whe... Jim Pingle
01:17 PM Todo #14790: Eliminate direct config access in ``interfaces.php``
Kris Phillips wrote in #note-6:
> Tested disabling an interface on the latest builds. No PHP errors were present an... Jim Pingle
01:14 PM Feature #14777: Status output plugin hook for packages to include their own data
Chris Linstruth wrote in #note-7:
> This looks wonderful. Thank you.
>
> My only concern would be showing the ful... Jim Pingle
12:23 PM pfSense Packages Feature #14793: Package: sfpnfo, SFP Information
This reason is valid and true. I will think about starting a suggestion on how to improve the interface list.
Thank... Marco Goetze
12:21 PM pfSense Packages Feature #14793: Package: sfpnfo, SFP Information
If status_interfaces.php is insufficient in some way, the correct thing to do would be to fix or otherwise improve th... Jim Pingle
10:34 AM pfSense Packages Feature #14793: Package: sfpnfo, SFP Information
Jim Pingle wrote in #note-1:
> This is not needed. SFP information is already printed on Status > Interfaces. If mor... Marco Goetze

09/24/2023

09:51 PM pfSense Packages Feature #11827: Please include acme deploy folder/scripts
I have just created a corresponding "pull request":https://github.com/pfsense/FreeBSD-ports/pull/1298. Markus *
04:29 PM Bug #11192: Using Limiters causes out of order packets within one TCP or UDP flow
There was nothing regarding fragmented packets in my bug report. Alexey Ab
12:52 PM Bug #11192 (Rejected): Using Limiters causes out of order packets within one TCP or UDP flow
Tested on 2.5 CE but I wasn't able to reproduce this issue.
I used KVM with em NICs and I created RA OpenVPN serve... Azamat Khakimyanov
12:16 PM Feature #14777: Status output plugin hook for packages to include their own data
This looks wonderful. Thank you.
My only concern would be showing the full BGP route table. But since we're alread... Chris Linstruth
07:22 AM Bug #9889: Cannot validate Certificates against Certificate Revocation Lists for Intermediate Certificate Authorities

This patch appears to break two items in 2.7.0-RELEASE (at least from what I have discovered so far)
1. Version ... Chris Merchant
06:25 AM Bug #13621: GUI allows selection of ICMP types that pf rejects
Tested on
23.05.1-RELEASE (amd64)
built on Wed Jun 28 03:57:27 UTC 2023
FreeBSD 14.0-CURRENT
23.09-DEVELOPMENT... aleksei prokofiev
06:10 AM Bug #14325: Captive Portal incorrectly allows leading zeroes on voucher roll numbers
Tested on
23.09-DEVELOPMENT (amd64)
built on 20230922-1539
FreeBSD 14.0-CURRENT
The issue still persists, if t... aleksei prokofiev
01:17 AM Regression #14525: PHP error in ``status_ipsec.php`` after removing active IPsec tunnel configuration
Do we know what reproduces this error? Kris Phillips

09/23/2023

11:32 PM Todo #14790: Eliminate direct config access in ``interfaces.php``
Tested disabling an interface on the latest builds. No PHP errors were present and the changeset above was present i... Kris Phillips
11:15 PM pfSense Packages Feature #14729: OpenVPN Client Export - Support PLAP on Windows
Assigning to Jim P since he typically maintains this package. Kris Phillips
11:04 PM pfSense Packages Bug #14806 (Confirmed): Freeradius configuration lost when you reinstall package
Kris Phillips
11:04 PM pfSense Packages Bug #14806: Freeradius configuration lost when you reinstall package
Tested this on the latest 23.09 builds. Even with "Save settings after deletion" checked, all settings are erased on... Kris Phillips
11:34 AM pfSense Packages Bug #14806 (Resolved): Freeradius configuration lost when you reinstall package
I did a simple freeradius configuration and entered a user.
If I reinstall freeradius from the package manager I los... Paolo Rosso
11:01 PM Bug #14807: Logo text is partially rendered when using Compact-RED theme on CE
Tested on pfSense Plus 23.09's latest builds and this doesn't appear to affect Plus, since there is no text below the... Kris Phillips
04:54 PM Bug #14807 (Resolved): Logo text is partially rendered when using Compact-RED theme on CE
Global spelling correction applied at:
https://github.com/pfsense/pfsense/pull/4609/files#diff-7ff40c9b217ad693b2d... James White
10:53 PM pfSense Packages Bug #14808 (Closed): Configuring RPKI may break BGP

enabling RPKI option breaks BGP.
rpki
rpki cache 10.100.100.134 9400 test preference 1
!
pfSense.home.... Alhusein Zawi
06:27 PM pfSense Packages Bug #11434 (Resolved): SquidGuard over 1.16.18_11
Tested on 23.05_1
After adding ldapusersearch option into Group ACL... Azamat Khakimyanov
06:06 PM pfSense Packages Feature #11248 (Resolved): SafeSearch update
Tested on 23.05_1
Ecosia and Onesearch safesearch are available for SquidGuard 1.16_19... Azamat Khakimyanov
05:54 PM pfSense Packages Feature #10779 (Resolved): HAProxy SSL/TLS Compatibility Mode
Tested on 23.05_1
Option 'HAProxy SSL/TLS Compatibility Mode' is available now (HAproxy 0.63_1).
Choosing differe... Azamat Khakimyanov
01:31 PM Bug #14783 (Confirmed): List of Dynamic DNS types with split host+domain name is missing several providers
Using Digital Ocean DynDNS service produces the same behavior. The Client Export Utility exports only the hostname wi... Danilo Zrenjanin
12:07 PM Bug #12747: Restarting the logging daemon during rotation also restarts ``sshguard``, leading to frequent log messages
I'm having this problem as well, with 23.05.1-RELEASE. For me, the issue seems to be that the filter logs are rollin... Jonathan Stafford
11:50 AM pfSense Packages Regression #13978 (Resolved): PHP errors with squidGuard
Tested installing/uninstalling squid 0.4.46 and squidGuard 1.16.19.
There were no PHP errors.
I am marking thi... Danilo Zrenjanin
11:20 AM Regression #14649 (Confirmed): PHP error with One.com Dynamic DNS provider
Tested against:... Danilo Zrenjanin
10:57 AM Bug #14579: PHP error in ``handle_wireless_post()`` when toggling some wireless interface options
Can't reproduce on the ... Lev Prokofev
10:49 AM Bug #14579: PHP error in ``handle_wireless_post()`` when toggling some wireless interface options
I was able to replicate the issue on ... Lev Prokofev
06:33 AM pfSense Packages Bug #14805: when I changed Endpoint ip via webgui, but wiregaurd still using old ip ruuning.
tested on
23.09-DEVELOPMENT (amd64)
built on 20230922-1539
FreeBSD 14.0-CURRENT yon Liu
06:33 AM pfSense Packages Bug #14805 (Incomplete): when I changed Endpoint ip via webgui, but wiregaurd still using old ip ruuning.
when I changed Endpoint ip via webgui, but the wiregaurd still using old Endpoint ip ruuning.
 yon Liu
12:50 AM Bug #13542: Boot delay caused when OpenVPN config uses alias list that relies on DNS
I have access to the instance, will attempt to upgrade it and re-test. Adrien Carlyle

09/22/2023

06:19 PM Bug #14804: Panic when pfsync attempts to synchronize states between hosts with different rulesets
Potentially related:
https://forum.netgate.com/topic/176596/
{{collapse... Marcos M
06:08 PM Bug #14804 (Resolved): Panic when pfsync attempts to synchronize states between hosts with different rulesets
Additional discussion:
https://forum.netgate.com/topic/182442/... Marcos M
05:55 PM Regression #14791: ``/etc/version.buildtime`` is not being updated on current snapshots
We could have the widget parse that datestamp and output a more human-readable string. That's probably easier than al... Jim Pingle
12:19 PM Regression #14791 (New): ``/etc/version.buildtime`` is not being updated on current snapshots
Jim Pingle
01:29 PM Todo #14672 (Resolved): Prevent weak SHA1 certificates from being used with GUI and Captive Portal
The certificate lists appear to be appropriately filtered now. Jim Pingle
12:45 PM pfSense Packages Feature #14588 (Resolved): Add FRR diagnostic status output plugin
Works as desired on dev snapshots. We can tweak the output as needed over time if necessary. Jim Pingle
12:45 PM Feature #14777 (Resolved): Status output plugin hook for packages to include their own data
This is working well on current snapshots Jim Pingle
12:38 PM Bug #14513 (Resolved): Improve error handling in ``status.php``
Working well on the latest snapshot from both the GUI and console, and from root and non-root users. All have the exp... Jim Pingle
06:18 AM Bug #14216: ntopng causes OpenVPN server errors 'error - IP packet with unknown IP version=15 seen' when OpenVPN server interface is selected
I'm not able to reproduce on... Lev Prokofev

09/21/2023

09:19 PM Regression #14791: ``/etc/version.buildtime`` is not being updated on current snapshots
The version is being updated, but the version string is now different.
@cat /etc/version.buildtime@
Before:
> Th... Marcos M
06:08 PM Bug #8846 (Resolved): Misleading error message when adding/editing static routes which use a gateway on a disabled interface
Now works with dynamic gateways. For reference, saving a static route to an "inactive' dynamic gateway shows the foll... Marcos M
05:50 PM Revision c81ecafe: Fix error output test in status.php. Fixes #14777
Jim Pingle
05:37 PM pfSense Docs Todo #14449 (Resolved): Add info about crypto accelerator behavior when multiple options are enabled
Jim Pingle
05:37 PM pfSense Docs New Content #14317 (Resolved): Add docs for Ethernet Filtering (Plus Only)
Jim Pingle
05:37 PM pfSense Docs New Content #14375 (Resolved): Add recipe for AT&T fiber ONT/Modem auth bridge setup
Jim Pingle
04:49 PM Revision 54f5251a: Cleanup some unused variables
Marcos M
04:43 PM Revision 720a95a3: Minor cleanup in shift_separators()
Marcos M
04:41 PM Regression #14794 (Resolved): PHP error when adding firewall rule when the configuration contains no separators
The patch fixes it.
I am marking this ticket resolved. Danilo Zrenjanin
01:00 PM Regression #14794 (Feedback): PHP error when adding firewall rule when the configuration contains no separators
Applied in changeset commit:022cb5c41f38bcdd65b512cdbc82360fff6f6a1b. Jim Pingle
12:52 PM Regression #14794 (In Progress): PHP error when adding firewall rule when the configuration contains no separators
I can reproduce that as well, fix coming momentarily. Jim Pingle
11:52 AM Regression #14794: PHP error when adding firewall rule when the configuration contains no separators
I manually added an empty <separator></separator> tag to the config and upon making a rule I didn't get any PHP error... Danilo Zrenjanin
04:36 PM Bug #14687: Error in boot messages about missing ``/boot/loader.conf.d`` directory
My system (6100) was a clean & fresh install for 23.05 (now on 23.09d) and the loader.conf.d directory is in place an... Rob A
01:19 PM Bug #14756: Link loss causes interfaces configured as Track Interface for IPv6 to lose their IPv4 addresses
In rc.linkup if either IPv4 or IPv6 is dynamic it hits the path with @interface_bring_down()@ even if one is static.
... Jim Pingle
01:15 PM Feature #13377 (Feedback): Option to configure a custom value for the PHP memory limit
Applied in changeset commit:b5b4ab910a5dbae492dee19796f027bb2270eace. Jim Pingle
12:57 PM Feature #13377 (In Progress): Option to configure a custom value for the PHP memory limit
Jim Pingle
01:06 PM Revision b5b4ab91: PHP memory limit calc correction. Fixes #13377
Do not limit the maximum to less than the default for the architecture. Jim Pingle
12:53 PM Revision 022cb5c4: Fixup some separator config access issues. Fixes #14794
Jim Pingle
12:33 PM Bug #14803 (Closed): Server crash on client reconnect with fragmentation enabled
We already pull in new versions of OpenVPN as they become available as a part of each release. We don't need to have ... Jim Pingle
10:45 AM Bug #14803 (Closed): Server crash on client reconnect with fragmentation enabled
Hi togehter
This bug has already an issue on OpenVPN (https://github.com/OpenVPN/openvpn/issues/400). We use the o... Patrick Schmid
02:07 AM pfSense Packages Feature #14786: Add GUI option for host_verify_strict
Marcos, the problem is that the squid package is not respecting the host strict setting. The package is broken in tha... Mike Moore

09/20/2023

09:40 PM Bug #14800: Cant find bin/sh
Yes the "/bin/sh: cannot open /etc/rc: No such file or directory" does match what i was seeing. I had just upgraded t... Mike McV
08:08 PM Bug #14800 (Rejected): Cant find bin/sh
There isn't nearly enough information here to know what happened in your case, but it sounds like maybe you didn't se... Jim Pingle
08:05 PM Bug #14800 (Rejected): Cant find bin/sh
Upgrade to 23.09.a.20230920.1314 caused boot fail with "cant find bin/sh" in console.
Resolved with config recove... Mike McV
09:08 PM Feature #14802 (New): Re-enable multiqueue support for virtio NIC
In current versions of pfSense (2.7.0, 23.05.1) multiqueue support for virtio NIC has vanished. Apparently this was d... Christopher de Haas
08:43 PM pfSense Plus Bug #14801 (Duplicate): Fatal error: Uncaught TypeError: array_get_path(): Argument #1 ($arr) must be of type array, null given
Already fixed in the repo: #14790#note-4 Jim Pingle
08:11 PM pfSense Plus Bug #14801 (Duplicate): Fatal error: Uncaught TypeError: array_get_path(): Argument #1 ($arr) must be of type array, null given

Fatal error: Uncaught TypeError: array_get_path(): Argument #1 ($arr) must be of type array, null given, called... yon Liu
07:52 PM pfSense Docs Todo #14799 (Resolved): Feedback on Packages — Package List
Fixed, thanks!
https://gitlab.netgate.com/docs/pfSense-docs/-/commit/8b9aba54cc4db5f6dcebd6cd543d4e5635f7a2ad
 Jim Pingle
05:02 PM pfSense Docs Todo #14799 (Resolved): Feedback on Packages — Package List
*Page:* https://docs.netgate.com/pfsense/en/latest/packages/list.html
The LADVD package name contains a link that ... Denny Page
06:28 PM pfSense Packages Bug #14390: Squid: SECURITY ALERT: Host header forgery detected
Hi Mike, (and others)
Thanks for commenting and having a look at this - I agree, with "host_verify_strict off", whic... Simon Byrnand
05:05 PM pfSense Packages Bug #14390: Squid: SECURITY ALERT: Host header forgery detected
host verify strict is set to OFF by default so technically we souldnt be having these /409 errors.
My suspicion is t... Mike Moore
04:56 PM pfSense Packages Bug #14390: Squid: SECURITY ALERT: Host header forgery detected
https://github.com/rudiservo/pfsense_storeid
This program was made for CDN maybe it can be expanded Jonathan Lee
04:54 PM pfSense Packages Bug #14390: Squid: SECURITY ALERT: Host header forgery detected

Could Squids storeID help resolve this?
https://wiki.squid-cache.org/Features/StoreID
https://forum.netgate... Jonathan Lee
04:44 PM pfSense Packages Bug #14390: Squid: SECURITY ALERT: Host header forgery detected
https://redmine.pfsense.org/issues/14786
I have also seen "UPP" utilizing this to get around non transparent mode ... Jonathan Lee
04:46 PM pfSense Packages Feature #14786: Add GUI option for host_verify_strict
I wish it did resolve this. Thanks for the information. I will keep researching. Jonathan Lee
04:30 PM pfSense Packages Feature #14786: Add GUI option for host_verify_strict
This seems related:
https://redmine.pfsense.org/issues/14390
Keep in mind that a report on the forum mentions tha... Marcos M
03:35 PM Bug #8846 (Feedback): Misleading error message when adding/editing static routes which use a gateway on a disabled interface
Applied in changeset commit:e9c88ff2a0aea18c62382c70b75b6f03649f11e2. Jim Pingle
03:28 PM Revision e9c88ff2: Check disabled gw/ifs when validating gw addr fam. Fixes #8846
Jim Pingle
03:20 PM Bug #12720 (Rejected): Hide the ``tag`` field on non-floating tabs
Marcos M
01:40 PM Todo #14790 (Feedback): Eliminate direct config access in ``interfaces.php``
Applied in changeset commit:3c431c2d2b38ddeee160c685a92c971e83ac972c. Jim Pingle
01:29 PM Todo #14790 (In Progress): Eliminate direct config access in ``interfaces.php``
PHP error when disabling an interface:... Jim Pingle
01:32 PM Revision 3c431c2d: Fix variable name typo. Fixes #14790
Jim Pingle
01:25 PM Bug #14798 (Duplicate): can't ping VIP addresses from the secondary node
Duplicate of #14026 Jim Pingle
01:06 PM Bug #14798 (Duplicate): can't ping VIP addresses from the secondary node
Hello,
I have a master/slave pfsense cluster.Everything is working properly (HA proxy , OpenVPN, Ipsec , etc..) exce... David Texier
01:24 PM pfSense Packages Todo #14795 (Pull Request Review): Transition to nut-devel
Jim Pingle
01:00 PM pfSense Packages Bug #14797 (Not a Bug): FRR not propagating some kernel routes to Zebra table, breaking OSPF redistribution
This is most likely a problem in your configuration, or maybe an upstream bug in FRR on FreeBSD. Either way there isn... Jim Pingle

09/19/2023

11:18 PM pfSense Packages Feature #14786: Add GUI option for host_verify_strict
host_verify_strict on
host_verify_strict off Jonathan Lee
11:15 PM pfSense Packages Feature #14786: Add GUI option for host_verify_strict
Ref:
http://www.squid-cache.org/Doc/config/host_verify_strict/
This option could be built into the GUI to bring m... Jonathan Lee
10:42 PM pfSense Packages Bug #14797 (Not a Bug): FRR not propagating some kernel routes to Zebra table, breaking OSPF redistribution
I recently upgraded a pfSense VM from 2.6.x to 2.7.0, and the FRR package was also updated from _something_ to 1.3_1
... Geoffrey Davis
10:27 PM Bug #8846 (New): Misleading error message when adding/editing static routes which use a gateway on a disabled interface
The error can still appear when a dynamic gateway exists for the disabled interface:
> The gateway "dynamic" is a di... Marcos M
10:15 PM pfSense Packages Bug #14796 (Resolved): ACME for domain registrar INWX in Germany
I am using ACME with INWX in Germany and automatic renewal has worked up to (at least) 11 July 2023. The latest renew... K. K.
10:15 PM Feature #14640 (Resolved): Extend support for SCTP in firewall and NAT rules
Tested with rules allowing, logging, and NAT'ing SCTP traffic. Marcos M
09:23 PM pfSense Packages Todo #14795 (Resolved): Transition to nut-devel
The current NUT package is based upon the 2.8.0 distribution of NUT. Unfortunately, since its release in April of 202... Denny Page
09:22 PM pfSense Packages Feature #13575 (Waiting on Merge): Update to frr 9.0.1
Since frr9 has been released, we can upgrade to that instead. Ideally, it will be merged upstream first:
https://bug... Marcos M
06:23 PM Bug #14513 (Feedback): Improve error handling in ``status.php``
Need to wait for a good snapshot build before testing this for sure. The new include file may not have been in this c... Jim Pingle
06:11 PM Bug #14513 (Resolved): Improve error handling in ``status.php``
Needed one more fix to make sure the error count was right, but now I think it's doing all it can to ensure errors ar... Jim Pingle
06:04 PM Revision b44dbd7c: status.php: Fix error count. Fixes #14513
Make header before adding note at the bottom, otherwise error count is
off by one. Jim Pingle
06:00 PM Bug #9889 (Resolved): Cannot validate Certificates against Certificate Revocation Lists for Intermediate Certificate Authorities
Working as expected in current dev snapshots. Jim Pingle
05:56 PM Feature #13804 (Resolved): Prevent CARP status/maintenance mode from being erroneously toggled
Behavior is correct now. Duplicated a tab and clicked "Enter persistent CARP maintenance mode" on both. The second on... Jim Pingle
05:54 PM Todo #14769 (Resolved): Increase timeout for password entry when restoring an encrypted configuration via ECL
Timeout is now 60 seconds in snapshots. Jim Pingle
05:51 PM Bug #14579: PHP error in ``handle_wireless_post()`` when toggling some wireless interface options
Updating subject for release notes. Jim Pingle
05:48 PM Bug #14687: Error in boot messages about missing ``/boot/loader.conf.d`` directory
I spot checked several systems here and they all had that directory already. Does this only appear on a new fresh ins... Jim Pingle
05:40 PM Feature #14731 (Feedback): Unbound Advanced Settings entry for ``sock-queue-timeout``
Applied in changeset commit:e3fc86e10898518016016d17bba9e6ab36fc3eec. Marcos M
02:54 PM Feature #14731 (New): Unbound Advanced Settings entry for ``sock-queue-timeout``
If you remove the value from the field so it's blank, then save, the config it generates is not valid and unbound won... Jim Pingle
05:31 PM Revision e3fc86e1: Add input validation for sock_queue_timeout. Fix #14731
Marcos M
05:30 PM Todo #14672 (Feedback): Prevent weak SHA1 certificates from being used with GUI and Captive Portal
Applied in changeset commit:ffcb42471edc6684a10e5670c89b5248de9a3038. Jim Pingle
04:31 PM Todo #14672 (In Progress): Prevent weak SHA1 certificates from being used with GUI and Captive Portal
Certs that have a weak CA are still offered for use in the GUI, but rejected in the backend. The GUI filtering still ... Jim Pingle
05:23 PM Revision ffcb4247: Correct HTTPS cert list. Fixes #14672
Make sure to exclude weak CA chains from list of HTTPS certificates. Jim Pingle
05:20 PM Bug #14648 (Confirmed): Values obtained from ``sysctl`` are sometimes unexpectedly empty, leading to PHP and other math errors
Pushing this ahead since we still can't replicate this and have no leads about how it's happening. Jim Pingle
04:54 PM Regression #14791 (Feedback): ``/etc/version.buildtime`` is not being updated on current snapshots
Brad put a fix in for this: https://github.com/pfsense/FreeBSD-ports/commit/11fd487e5b135b73d613fd9809e5303463254d8e ... Jim Pingle
04:50 PM Bug #14717 (Feedback): A default route can remain after setting the default gateway to None
Applied in changeset commit:f016f14911d90cab2d940264a636cfef9303de1d. Marcos M
04:37 PM pfSense Packages Feature #14793: Package: sfpnfo, SFP Information
And just double checked @jimp in scenarios like having a LAG the Mentioned Interface Status is not displaying any SFP... Marco Goetze
04:08 PM pfSense Packages Feature #14793: Package: sfpnfo, SFP Information
I have a totally different opinion on this, the existing interface output is cluttered and not showing all needed inf... Marco Goetze
03:58 PM pfSense Packages Feature #14793 (Rejected): Package: sfpnfo, SFP Information
This is not needed. SFP information is already printed on Status > Interfaces. If more detail is needed the additiona... Jim Pingle
03:21 PM pfSense Packages Feature #14793 (Rejected): Package: sfpnfo, SFP Information
Submitted a PR for a Package displaying Information about inserted SFP / SFP+ Modules in a easy to access way in the ... Marco Goetze
03:41 PM Revision f016f149: Check for routing protocol flags when removing the default route. Fix #14717
Marcos M
03:37 PM Bug #13776 (Resolved): Some functions fail if the Language does not exactly match an available Locale
Works as expected on snapshots Jim Pingle
03:35 PM Regression #14794 (Feedback): PHP error when adding firewall rule when the configuration contains no separators
Applied in changeset commit:261ffcca08615d80f790cdeaeed4d77647362fe2. Jim Pingle
03:24 PM Regression #14794 (Resolved): PHP error when adding firewall rule when the configuration contains no separators
Trying to add a firewall rule to a configuration without separators yields a PHP error:... Jim Pingle
03:25 PM Revision 261ffcca: Skip empty separators. Fixes #14794
Other nearby similar loops already had this check, this was the only one
missing. Jim Pingle
03:18 PM Todo #14750 (Resolved): Automatically configure PF states hash table size
Appears to be using the expected value based on the given calculation. Jim Pingle
03:14 PM pfSense Packages Regression #14636 (Resolved): "Legacy" strength PKCS#12 Export needs ``-legacy`` provider parameter on OpenSSL command
Works as expected on current dev snapshots with the most recent export package. Jim Pingle
03:12 PM Todo #14677 (Resolved): Prevent weak SHA1 certificates from being used with OpenVPN clients and servers
Certificate lists are filtered appropriately. Certificates with weak hashes are not listed. Jim Pingle
03:10 PM Feature #14337 (Resolved): Allow SMTP notifications from non-root processes
Seems to be working as expected on dev snapshots.
 Jim Pingle
03:10 PM Bug #14432 (Resolved): PHP error when failing to write ``config.cache``
Seems to be working as expected on dev snapshots.
 Jim Pingle
03:08 PM Bug #14392 (Resolved): ``find_interface_ipv6_ll()`` can return a VIP instead of the interface address
Works as expected on snapshots. A unicast CARP VIP peer syncs via XMLRPC and uses the expected LL address when fixing... Jim Pingle
03:06 PM Todo #12762 (Resolved): Clarify that the IPsec keep alive check option ignores Child SA Start Action
New text is visible in the IPsec P2 edit page. Jim Pingle
03:01 PM Bug #14665 (Resolved): IGMP Proxy cannot start on VirtIO (``vtnet``) interfaces
Daemon appears to start OK on vtnet interfaces on dev snapshots. Jim Pingle
02:58 PM Bug #14767 (Resolved): Kernel textdumps are not recovered properly on systems with multiple swap partitions
Tested and working as expected on snapshots as well. Jim Pingle
02:55 PM Bug #14784 (Resolved): Correct name of Gandi LiveDNS
Name is correct on current dev snapshots Jim Pingle
02:49 PM Feature #14347 (Resolved): Improve System menu behavior for Certificate Manager privileges
Works as expected on snapshots. A user with privileges to access certificates but not CAs get a menu entry that leads... Jim Pingle
02:45 PM Bug #14549 (Resolved): Interface value is not properly validated when submitted on ``interfaces_gif_edit.php`` and ``interfaces_gre_edit.php``
Problem can easily be reproduced on Plus 23.05.1 and CE 2.7.0, but cannot be reproduced on dev snapshots (CE or Plus)... Jim Pingle
02:35 PM Bug #14547 (Resolved): ``getserviceproviders.php`` does not always validate value of ``$connection``, displays without encoding
Problem can easily be reproduced on Plus 23.05.1 and CE 2.7.0, but cannot be reproduced on dev snapshots (CE or Plus)... Jim Pingle
02:35 PM Bug #14544 (Feedback): PPP interface default username/password are not being populated from provider data on ``interfaces.php`` and ``interfaces_ppps_edit.php``
Applied in changeset commit:b85c6620ba16fd249eafc2575d32a3240969f79c. Jim Pingle
02:27 PM Revision b85c6620: Correct PPP provider pre-fill. Fixes #14544
* Make pre-fill behavior function correctly on interfaces_ppps_edit.php
* Fix some inconsistencies in similar code on... Jim Pingle
12:51 PM Revision ca99238d: Prevent nginx from serving backup copies of files.
Files with .orig can be left in place from patching and .pkgsave files
are left in place if files are replaced with d... Jim Pingle

09/18/2023

08:23 PM Feature #14777: Status output plugin hook for packages to include their own data
To use this, packages need to make two changes:
First define the plugin in their main XML file (e.g. frr.xml)
<pr... Jim Pingle
08:15 PM Feature #14777 (Feedback): Status output plugin hook for packages to include their own data
Applied in changeset commit:edba13d595cd270be852b29fed96029e622282f7. Jim Pingle
04:33 PM Feature #14777 (In Progress): Status output plugin hook for packages to include their own data
Jim Pingle
08:19 PM pfSense Packages Feature #14588 (Feedback): Add FRR diagnostic status output plugin
This is committed and will be in FRR pkg version 2.0.1 when it builds. Only in dev snapshots for now as it depends on... Jim Pingle
08:06 PM Revision edba13d5: Add status output package plugin hook. Implements #14777
* Move status output functions to a separate include file
* Change function names to be specific to this include, the... Jim Pingle
07:47 PM Bug #14717 (Pull Request Review): A default route can remain after setting the default gateway to None
The function which removes the default route specifically checks for the @STATIC@ flag in the default route. When the... Marcos M
07:35 PM Bug #14758: ``status_carp.php`` and ``diag_dump_states.php`` unresponsive with large state tables
The kernel does not sort the list (and neither does pfctl). I had assumed that the sort was only there to ensure we h... Kristof Provost
01:56 PM Bug #14758 (Feedback): ``status_carp.php`` and ``diag_dump_states.php`` unresponsive with large state tables
Jim Pingle
01:56 PM Bug #14758: ``status_carp.php`` and ``diag_dump_states.php`` unresponsive with large state tables
On a current snapshot the `pfctl -sc` changes are present and working on @status_carp.php@ and the CLI. I pushed a sm... Jim Pingle
07:12 PM Regression #14431: Sending IPv6 traffic on a disabled interface can trigger a kernel panic
Core dump provided to Christian McDonald for the related ndp issue.
☕️ Rob A
07:00 PM Bug #14513 (Feedback): Improve error handling in ``status.php``
Applied in changeset commit:1e7eb7900bb3e349c2caadbe9574b1bd774e25a6. Jim Pingle
04:33 PM Bug #14513 (In Progress): Improve error handling in ``status.php``
Jim Pingle
06:56 PM Bug #14792 (Rejected): pfSense 2.7.0 >> OpenVPN >> Aliases
This site is not for support or diagnostic discussion.
For assistance in solving problems, please post on the "Net... Jim Pingle
06:20 PM Bug #14792 (Rejected): pfSense 2.7.0 >> OpenVPN >> Aliases
I didn't really figure out the categories for OpenVPN... and so let's start:
pfSense 2.6.0 > FW > Rules > OpenVPN-... Имя Фамилия
06:51 PM Revision 1e7eb790: Improve error handling in status.php. Implements #14513
Jim Pingle
06:23 PM Regression #14755 (Feedback): Intermittent core dump in ``ndp`` when visiting ``diag_ndp.php``
https://github.com/pfsense/FreeBSD-src/commit/e9e1dd2bf8c43d16878b54cac0a72bab8b8e89af
 Christian McDonald
05:46 PM Regression #14791 (Resolved): ``/etc/version.buildtime`` is not being updated on current snapshots
The file @/etc/version.buildtime@ used to be a part of the @pfSense-base@ package @base.txz@ file, but it isn't there... Jim Pingle
03:55 PM Bug #14579 (Feedback): PHP error in ``handle_wireless_post()`` when toggling some wireless interface options
Applied in changeset commit:1857f9fbf03ad0ea7435c87a3289c5d6da50dc54. Jim Pingle
03:55 PM Todo #14790 (Feedback): Eliminate direct config access in ``interfaces.php``
Applied in changeset commit:1857f9fbf03ad0ea7435c87a3289c5d6da50dc54. Jim Pingle
03:47 PM Todo #14790: Eliminate direct config access in ``interfaces.php``
MR: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/1079 Jim Pingle
03:38 PM Todo #14790 (Resolved): Eliminate direct config access in ``interfaces.php``
The code in @interfaces.php@ needs updated for PHP 8.x and to use the new config/array access functions. There have b... Jim Pingle
03:48 PM Revision 1857f9fb: PHP updates in interfaces.inc. Implements #14790
* Converted to new array/config access functions. Implements #14790
* Eliminated direct config and $g access. Issue #... Jim Pingle
01:53 PM Revision e17a8991: Use full path to tail, sort output. Issue #14758
Jim Pingle
12:51 PM pfSense Packages Bug #14771 (Feedback): Lightsquid creating multiple SSL certificates, not starting
Jim Pingle
12:47 PM pfSense Packages Regression #14774 (Resolved): Lightsquid won't allow change the password.
Jim Pingle
12:47 PM Regression #14500 (Resolved): PHP Error when viewing Traffic Graphs in ``iftop`` mode
Jim Pingle
12:46 PM pfSense Packages Bug #14788 (Not a Bug): NtopNG high swap usage
(a) Not all swap usage is bad: https://docs.netgate.com/pfsense/en/latest/hardware/memory.html#not-all-swap-usage-is-... Jim Pingle
12:41 PM Feature #13377 (New): Option to configure a custom value for the PHP memory limit
It's better but still quirky.
On a VM with 1GB RAM it says the default is 512 but the allowed range is 128 to 449,... Jim Pingle
12:35 PM Bug #14784 (Feedback): Correct name of Gandi LiveDNS
Applied in changeset commit:e2b29aaca1774f9a6347e1d416e8def9b7ba3794. Christopher Cope
12:34 PM Regression #14735: ``arp`` command is not filtering output as expected, behavior changed in FreeBSD
For good measure I also tested out the @arp@ fixes and everything is working properly as far as I can see now.
Man... Jim Pingle
12:28 PM Revision e2b29aac: Correct Gandi LiveDNS name. Fixes #14784
Christopher Cope
07:28 AM pfSense Plus Feature #14789: Captive Portal - Add OTP authentication option to the portal's authentication options
Pull request created: https://github.com/pfsense/pfsense/pull/4649 Barry Schut
06:34 AM pfSense Plus Feature #14789 (Pull Request Review): Captive Portal - Add OTP authentication option to the portal's authentication options
I have created a small modification to the captive portal pages so it would be possible to use an OTP as login option... Barry Schut
01:52 AM Bug #1819: DNS Resolver Not Registering DHCP Server Specified Domain Name
I, for one, would hate to lose a true DNS resolver (Unbound) and have just a forwarder (dnsmasq) as my only choice fo... Glenn Hall

09/17/2023

09:56 PM pfSense Packages Feature #9238: Add support for Zerotier
This is still a hope and a dream for me. Seems like a great way to add SD-WAN features to pfS. Corey Boyle
08:14 PM pfSense Packages Regression #14774: Lightsquid won't allow change the password.
I update the package and now I can add user and change password, thanks team!!! Peter Moreno
05:40 AM pfSense Packages Regression #14774: Lightsquid won't allow change the password.
Tested on 2.7.0-RELEASE (amd64)
built on Wed Jun 28 03:53:34 UTC 2023
FreeBSD 14.0-CURRENT
Lightsquid 3.0.7_3 Th... aleksei prokofiev
06:57 PM Bug #14237: Intermittent packet loss related to DHCP with Multi-WAN
Can someone look into this? It is certainly unexpected that all networking on pfSense goes down for some time when on... Nazar Mokrynskyi
03:07 PM Bug #14783: List of Dynamic DNS types with split host+domain name is missing several providers
Correcting:
Open VPN config file will point to the hostname only, instead of the **FQDN** dylan mendez
07:31 AM Bug #14758: ``status_carp.php`` and ``diag_dump_states.php`` unresponsive with large state tables
You. do also need the kernel and pfctl changes. I'm not sure if there's been a successful build since those landed.
... Kristof Provost
01:49 AM Bug #14758: ``status_carp.php`` and ``diag_dump_states.php`` unresponsive with large state tables
Kristof Provost wrote in #note-8:
> I've merged the fix for the pfctl loop, as well as the new 'list creator ids' co... Kris Phillips
03:02 AM pfSense Plus Bug #13530: Remote Logging strange behavior
unsuccessfully attempted reproducing with my 3100 and graylog - will monitor further to see if anything occurs Jordan G
02:32 AM Bug #14579: PHP error in ``handle_wireless_post()`` when toggling some wireless interface options
Michael Pfsense wrote in #note-5:
> Crash report begins. Anonymous machine information:
>
> amd64
> 14.0-CURREN... Kris Phillips
01:44 AM Bug #14717: A default route can remain after setting the default gateway to None
Tested this without FRR on a stock setup of the latest 23.09 Plus build. When setting Default IPv6 gateway to "none"... Kris Phillips
01:19 AM Regression #14500: PHP Error when viewing Traffic Graphs in ``iftop`` mode
testing with above changeset applied via system_patches package running 23.05.1, I am not seeing any crashes or php e... Jordan G
12:56 AM pfSense Packages Bug #14788 (Not a Bug): NtopNG high swap usage
+*Issue:*+
100% SWAP usage on pfSense+ 23.05.1-RELEASE after a number of days of uptime when the package NtopNG 0.8.... Denis O'Leary

09/16/2023

10:32 PM Bug #14784 (Pull Request Review): Correct name of Gandi LiveDNS
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/1078 Christopher Cope
02:34 PM pfSense Packages Feature #14787 (New): Feature request - Freeradius post-auth custom options
I would like to check if it is possible to add a custom options field for post-auth in Freeradius package.
This woul... Marcelo Cury
02:16 PM Feature #13377: Option to configure a custom value for the PHP memory limit
Jordan G wrote in #note-22:
> still seeing a negative number suggested for the higher limit on system with <1gb RAM ... Christopher Cope
02:14 PM Revision e521e546: PHP memory limit; Accommodate systems with 1GiB or less of RAM. Feature #13377
Christopher Cope
09:07 AM Regression #14735 (Resolved): ``arp`` command is not filtering output as expected, behavior changed in FreeBSD
I have conducted a test on the most recent build today and can verify that it is performing as expected.
I am mark... Danilo Zrenjanin
05:51 AM Bug #14783: List of Dynamic DNS types with split host+domain name is missing several providers
It seems related only to Gandi Live DNS DyDNS, other configured DyDNS give FQDN
!clipboard-202309160948-4jant.png... Lev Prokofev

09/15/2023

09:45 PM Bug #14785 (Feedback): Primary IPv6 interface address may be incorrect when a VIP is set
Applied in changeset commit:9bda254db22b1d87da8e17b14d045eb55a0c7e92. Marcos M
08:46 PM Bug #14785 (Pull Request Review): Primary IPv6 interface address may be incorrect when a VIP is set
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/1077 Marcos M
07:42 PM Bug #14785 (Resolved): Primary IPv6 interface address may be incorrect when a VIP is set
If a compressed IPv6 VIP exists, the interface's primary IPv6 address will be set to the VIP even when a non-VIP GUA ... Marcos M
09:28 PM Revision 9bda254d: Uncompress IPv6 before filtering interface addresses. Fix #14785
Marcos M
09:04 PM Bug #14717 (New): A default route can remain after setting the default gateway to None
Marcos M
08:55 PM Regression #14623 (Resolved): Primary interface address is incorrectly set to the last address on the interface
The fix has worked well (the first interface address is used instead of the last). However, fixing this uncovered two... Marcos M
08:53 PM Bug #14725 (Resolved): Primary IPv6 interface address may be incorrect when a ULA is set
Marcos M
08:05 PM pfSense Packages Feature #14786: Add GUI option for host_verify_strict
Keep in mind my concern is not of Apple's use of UPP rather for, when UPP Get requests are used invasively. How can a... Jonathan Lee
07:49 PM pfSense Packages Feature #14786 (Duplicate): Add GUI option for host_verify_strict
Ref for research of UPP get requests:
https://forum.netgate.com/topic/182866/universal-procedure-pointers-upp-mzstat... Jonathan Lee
02:23 PM Revision fe8ce610: Remove /etc/rc from excludes since we do not have a rc package anymore
Brad Davis
12:17 PM pfSense Packages Regression #14024 (Resolved): PHP error in HAProxy Widget with Show Client Traffic enabled
I couldn't reproduce this issue.
Tested against:... Danilo Zrenjanin
10:33 AM pfSense Packages Regression #14445 (Resolved): HAProxy PHP error /usr/local/www/haproxy/haproxy_global.php:138
I can not reproduce this issue.
Tested on packages:
HAproxy 0.63_1
haproxy-devel 0.63_1
I am marking this cas... Danilo Zrenjanin
12:22 AM Bug #14784 (Resolved): Correct name of Gandi LiveDNS
In the DynDNS Client, Gandi's DynDNS service is called "LiveDNS", but it's referred to as "Live DNS" and "Live DNS v6... Kris Phillips

09/14/2023

10:01 PM Bug #14783 (Resolved): List of Dynamic DNS types with split host+domain name is missing several providers
Steps to replicate:
1)Configure Dynamic DNS using "Gandi Live DNS". Input both hostname and domain.
2)Export ov... dylan mendez
06:08 PM Regression #14768 (Resolved): "syslog: unknown facility name "radvd"" error when "Routing Daemon Events (RADVD, UPnP, RIP, OSPF, BGP)" option is enabled
I confirmed this behavior on the:... Danilo Zrenjanin
04:00 PM Regression #14623: Primary interface address is incorrectly set to the last address on the interface
Apologies.
In the original report here and https://github.com/pfsense/pfsense/blob/f106b62cfbed279e8140ffa1edf535de... M Felden
03:47 PM Regression #14623: Primary interface address is incorrectly set to the last address on the interface
M Felden wrote in #note-5:
> I am not convinced #14782 is a duplicate of #14623 as the behavior observed in #14782 w... Jim Pingle
03:42 PM Regression #14623: Primary interface address is incorrectly set to the last address on the interface
I am not convinced #14782 is a duplicate of #14623 as the behavior observed in #14782 was all about GUA and involved ... M Felden
03:38 PM Regression #14781 (Resolved): OpenVPN resync for a specific interface may unintentionally restart OpenVPN instances on unrelated interfaces
Jim Pingle
03:34 PM Regression #14781: OpenVPN resync for a specific interface may unintentionally restart OpenVPN instances on unrelated interfaces
Tested changeset on 23.09,
Don't see OpenVPN restart events anymore. Lev Prokofev
02:35 PM Regression #14781 (Feedback): OpenVPN resync for a specific interface may unintentionally restart OpenVPN instances on unrelated interfaces
Applied in changeset commit:f106b62cfbed279e8140ffa1edf535defb0221ab. Jim Pingle
02:25 PM Regression #14781 (In Progress): OpenVPN resync for a specific interface may unintentionally restart OpenVPN instances on unrelated interfaces
OK I see what happened here. Though at the moment I can still only trigger it by forcefully disabling an interface an... Jim Pingle
12:42 PM Regression #14781: OpenVPN resync for a specific interface may unintentionally restart OpenVPN instances on unrelated interfaces
Agree but the OpenVPN server and clients are listening on the WAN interface and have nothing with the OPT10 interface... Lev Prokofev
12:26 PM Regression #14781 (Not a Bug): OpenVPN resync for a specific interface may unintentionally restart OpenVPN instances on unrelated interfaces
That is expected and intended behavior. When an interface event occurs, daemons bound to that interface will be resta... Jim Pingle
10:53 AM Regression #14781: OpenVPN resync for a specific interface may unintentionally restart OpenVPN instances on unrelated interfaces
Update:
Not related to the gateway on LAN, and reproducible on 23.05.1
here I disable OPT10 Interface that is s... Lev Prokofev
09:41 AM Regression #14781 (Resolved): OpenVPN resync for a specific interface may unintentionally restart OpenVPN instances on unrelated interfaces
Tested on ... Lev Prokofev
03:37 PM Bug #14782 (Duplicate): RFC 2136 Dynamic DNS client selects a virtual IPv6 address instead of statically configured WAN Ipv6 address
Looks like it's almost certainly a duplicate of #14623 Jim Pingle
03:15 PM Bug #14782 (Duplicate): RFC 2136 Dynamic DNS client selects a virtual IPv6 address instead of statically configured WAN Ipv6 address
2.7.0
WAN IPv6 address set statically. 2001:db8:5000:5::1/64. Gateway is fe80:: with an interface route %vtnet0
... M Felden
02:39 PM Regression #14736 (Resolved): Unable to select PFS Group for individual Phase 2 configurations if Mobile Client global override is not selected
Danilo Zrenjanin
02:39 PM Regression #14736: Unable to select PFS Group for individual Phase 2 configurations if Mobile Client global override is not selected
Tested on :... Danilo Zrenjanin
02:29 PM Bug #14738 (Resolved): IPsec restart in CARP event scripts does not check VIP properly and never runs
Jim Pingle
02:28 PM Bug #14738: IPsec restart in CARP event scripts does not check VIP properly and never runs
I stand corrected after my config's review - patch is working Georgiy Tyutyunnik
12:45 PM Bug #14738: IPsec restart in CARP event scripts does not check VIP properly and never runs
Georgiy Tyutyunnik wrote in #note-2:
> Reproduced the issue on
> 23.05.1-RELEASE (amd64)
> built on Wed Jun 28 03:... Jim Pingle
12:41 PM Bug #14738: IPsec restart in CARP event scripts does not check VIP properly and never runs
Reproduced the issue on
23.05.1-RELEASE (amd64)
built on Wed Jun 28 03:57:27 UTC 2023
FreeBSD 14.0-CURRENT
IPSe... Georgiy Tyutyunnik
02:26 PM Revision f106b62c: Fix format of OpenVPN cached interface. Fixes #14781
Jim Pingle
01:17 PM Revision d00473a3: status_carp: use the new `pfctl -sc` command
Kristof Provost
01:10 PM Bug #14758: ``status_carp.php`` and ``diag_dump_states.php`` unresponsive with large state tables
I've merged the fix for the pfctl loop, as well as the new 'list creator ids' command.
https://gitlab.netgate.com/pf... Kristof Provost
01:03 PM pfSense Packages Bug #14748: FRR reload script is not executed properly

i using frr webgui setup Route Handling not normal work also. yon Liu
12:57 PM pfSense Packages Regression #14774: Lightsquid won't allow change the password.
Hello Jim.
Other thing, there is a way to create users with lightsquid?
If I type newuser + password and save, ... Peter Moreno
12:55 PM pfSense Packages Bug #14780 (Not a Bug): The assigned Tailscale interface causes the "Network interface mismatch" on booting
Christian McDonald
12:17 PM pfSense Packages Bug #14780: The assigned Tailscale interface causes the "Network interface mismatch" on booting
That is expected, users should not assign the Tailscale interface, it isn't meant to be used that way.
There may n... Jim Pingle
10:13 AM pfSense Packages Bug #14780 (Confirmed): The assigned Tailscale interface causes the "Network interface mismatch" on booting
I can confirm this behavior on the: ... Danilo Zrenjanin
07:16 AM pfSense Packages Bug #14780: The assigned Tailscale interface causes the "Network interface mismatch" on booting
Tested on ... Lev Prokofev
07:09 AM pfSense Packages Bug #14780 (Not a Bug): The assigned Tailscale interface causes the "Network interface mismatch" on booting
If you assign the tailscale0 as the interface, it will cause "Network interface mismatch" during the boot and prevent... Lev Prokofev
12:54 PM Regression #14735 (Feedback): ``arp`` command is not filtering output as expected, behavior changed in FreeBSD
Christian McDonald
09:36 AM pfSense Packages Bug #14711 (Resolved): pfBlocker ASN to IP Address option doesn't work
I am marking this case resolved. Danilo Zrenjanin
09:35 AM pfSense Packages Bug #14711: pfBlocker ASN to IP Address option doesn't work
Yes, I can confirm it works again. ... Danilo Zrenjanin
05:21 AM pfSense Packages Feature #14779 (New): dynamic dns for wireguard peer
Dear team;
we have multiple business with many branches the have smb internet with no static ip address assigned t... Abdulaziz Al-Marwani
12:36 AM Regression #11570 (Feedback): Gateway monitoring services is not always restarted on interface events, which may prevent a WAN from recovering back to an online state
I believe the original issue description is related to the following two issues:
* #14616 (a patch is available)
* ... Marcos M

09/13/2023

11:35 PM Regression #14616 (Feedback): dpinger does not start after renewing DHCP
Applied in changeset commit:c830f50da98b2f91f15163ed21d5b6086f10fc24. Marcos M
11:23 PM Bug #12947 (Feedback): Old IPv6 addresses may continue to be used after DHCP or RA changes
I tested this in 23.09 dev snapshots and am not able to reproduce the issue.
The following are logs from a lease cha... Marcos M
09:39 PM Regression #14039: Limiters have no effect on upload traffic passed by policy routing rules
Marcos M wrote in #note-2:
> The issue can be avoided by creating a floating rule that applies the upload limiter.
... Mike McNabb
09:32 PM pfSense Plus Bug #14778: /usr/local/www/csrf/csrf-magic.php on line 161 PHP Fatal error
Hi Jim,
All-in-all about 140k in size, the largest file has about 2700 CIDR addresses.
I've got a XG7100 that has... Andrew Rojek
07:04 PM pfSense Plus Bug #14778: /usr/local/www/csrf/csrf-magic.php on line 161 PHP Fatal error
How many IP addresses would you say are in those aliases? The GUI isn't capable of handling a ton, usually browsers w... Jim Pingle
06:54 PM pfSense Plus Bug #14778: /usr/local/www/csrf/csrf-magic.php on line 161 PHP Fatal error
Hello Jim,
If memory serves me correctly it's always been related to trying to edit IP Aliases.
Once I've created... Andrew Rojek
04:23 PM pfSense Plus Bug #14778 (Incomplete): /usr/local/www/csrf/csrf-magic.php on line 161 PHP Fatal error
What exact steps did you take that resulted in that error? Include the page filenames specifically and what exactly w... Jim Pingle
04:04 PM pfSense Plus Bug #14778 (Incomplete): /usr/local/www/csrf/csrf-magic.php on line 161 PHP Fatal error
Got this error message when trying to view a small list of CIDR addresses in Firewall->Aliases.
It was followed by a... Andrew Rojek
07:55 PM Revision c830f50d: Remove the cached interface address when killing the dhcp client. Fix #14616
Marcos M
06:29 PM Regression #14755 (In Progress): Intermittent core dump in ``ndp`` when visiting ``diag_ndp.php``
Christian McDonald
06:29 PM Regression #14755: Intermittent core dump in ``ndp`` when visiting ``diag_ndp.php``
Attached is ndp built with debugging symbols for anyone who can reliably replicate this... Christian McDonald
04:45 PM Revision 9e6b1893: Use the real interface name when storing the interface address.
The updated filename aligns with the references in:
find_interface_ip(), delete_old_address(), and add_new_address(). Marcos M
03:51 PM Bug #1819: DNS Resolver Not Registering DHCP Server Specified Domain Name
I left pfSense years ago for a homegrown Linux solution and recently returned. Lots of amazing progress has been made... Mike Pastore
01:03 PM Regression #14735 (Waiting on Merge): ``arp`` command is not filtering output as expected, behavior changed in FreeBSD
https://reviews.freebsd.org/D41839 Christian McDonald
12:25 PM pfSense Packages Feature #14588: Add FRR diagnostic status output plugin
See #14777 for implementation details once that is complete. Jim Pingle
12:24 PM Feature #14777: Status output plugin hook for packages to include their own data
First target is FRR: #14588 Jim Pingle
12:24 PM Feature #14777 (Resolved): Status output plugin hook for packages to include their own data
The status output page (@status.php@) gathers system information that is helpful for diagnosing problems, but it is c... Jim Pingle
12:14 PM Bug #14776: Port forwarding not working properly
What you are describing is explained by a lack of reply-to on the rules as I mentioned in my first response. Post on ... Jim Pingle
11:29 AM Bug #14776: Port forwarding not working properly
You may not understand my question.
For example I have several wiregaurd p2p tunnels,the wg0 public ip is 15.5.5.5... yon Liu

09/12/2023

11:31 PM Regression #14616 (Pull Request Review): dpinger does not start after renewing DHCP
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/1074/
Here's the patch to test.
{{collapse... Marcos M
12:07 AM Regression #14616: dpinger does not start after renewing DHCP
I was able to replicate this on 2.8 dev. The default gateway correctly switches to the tier 2 gateway when the DHCP l... Marcos M
07:21 PM Bug #9889: Cannot validate Certificates against Certificate Revocation Lists for Intermediate Certificate Authorities
Updating subject for release notes. Jim Pingle
07:18 PM Bug #8846: Misleading error message when adding/editing static routes which use a gateway on a disabled interface
Updating subject for release notes. Jim Pingle
07:10 PM Bug #13776 (Feedback): Some functions fail if the Language does not exactly match an available Locale
Applied in changeset commit:6ce83e7455ea35243e2bd0645651ca22b43bc569. Jim Pingle
06:30 PM Bug #13776 (In Progress): Some functions fail if the Language does not exactly match an available Locale
It looks like the easiest path forward is to rename our translation directories and the internal IDs to match the bas... Jim Pingle
07:00 PM Revision 6ce83e74: Align pfSense and OS locale names. Fixes #13776
Jim Pingle
06:19 PM pfSense Plus Regression #14436 (Closed): Upgrades from 23.05-RC/beta/dev fail server authentication
This was fixed before 23.05 released. Jim Pingle
06:19 PM Bug #14776 (Not a Bug): Port forwarding not working properly
That is almost certainly something in your configuration. Inbound NAT such as port forwards will work on any interfac... Jim Pingle
06:16 PM Bug #14776 (Not a Bug): Port forwarding not working properly

when I creat wiregaurd vpn tunnel and setup NAT rule, if Default gateway IPv4 not setup the wiregaurd interface, th... yon Liu
06:01 PM Bug #14758: ``status_carp.php`` and ``diag_dump_states.php`` unresponsive with large state tables
I have a fix for the infinite pfctl loop, and in-progress patches for the improved code to retrieve creator ids. It o... Kristof Provost
05:04 PM Bug #14758: ``status_carp.php`` and ``diag_dump_states.php`` unresponsive with large state tables
Bumping this ahead. It would be nice to fix but I don't think it's a release blocker. Jim Pingle
05:46 PM Bug #13704 (Resolved): Refactor IPsec code using config access functions
Looks like most if not all of this was already committed. See commit:264198a5a69c0ea45726ccb4c0682f1f0cd5e8a9
It m... Jim Pingle
05:45 PM pfSense Packages Regression #14739 (Resolved): PHP error with lightsquid when generating an SSL certificate
Resolved with 3.0.7_1. Marcos M
05:04 PM pfSense Packages Regression #14739 (Feedback): PHP error with lightsquid when generating an SSL certificate
Jim Pingle
05:29 PM Feature #14483: Conditionally reconfigure IPsec VTI interfaces only when necessary while applying IPsec changes
We're are still working on this, but it is going to take more time to untangle this than we have for it to make this ... Jim Pingle
05:20 PM Regression #14735: ``arp`` command is not filtering output as expected, behavior changed in FreeBSD
The problem here is that the behavior of the @arp@ command has changed. Running @arp -n <ip addr>@ used to limit the ... Jim Pingle
03:31 PM pfSense Packages Bug #14775 (New): FRR LocPrf and Weight is forced to 0
frr8-8.5.2
Because some upstream routes show that LocPrf and Weight are 0. FRR LocPrf and Weight is forced to 0
... yon Liu
02:55 PM Todo #14769 (Feedback): Increase timeout for password entry when restoring an encrypted configuration via ECL
Applied in changeset commit:c449bcafcffef37bf0a3818a00f719939ccbd8b4. Jim Pingle
02:47 PM Todo #14769 (In Progress): Increase timeout for password entry when restoring an encrypted configuration via ECL
Bumping up that timeout to 60s should be safe. I'll commit that shortly.
Updating the subject and issue type to mo... Jim Pingle
09:02 AM Todo #14769: Increase timeout for password entry when restoring an encrypted configuration via ECL
I think it is the ECL he didnt specify which link, but told me the process in more detail which sounds like the ECL t... Chris Collins
02:47 PM Revision c449bcaf: Increase ECL passwd prompt timeout. Fixes #14769
Jim Pingle
02:40 PM Regression #14773 (Not a Bug): Unable to boot pfSense after installation on Proxmox VE 8.x
Thanks for following up.
We have seen some similar reports in the past but they were all issues with the Hyperviso... Jim Pingle
02:30 PM Regression #14773: Unable to boot pfSense after installation on Proxmox VE 8.x
The systems were installed using ZFS. Following your suggestion here https://forum.netgate.com/topic/182742/pfsense-2... Christopher de Haas
12:16 PM Regression #14773: Unable to boot pfSense after installation on Proxmox VE 8.x
It works fine in Proxmox VE 7.x, so something must have changed in 8.x, so there is only so much we can do there. It ... Jim Pingle
08:51 AM Regression #14773: Unable to boot pfSense after installation on Proxmox VE 8.x
Also found this redmine issue which may be related https://redmine.pfsense.org/issues/13895 Christopher de Haas
08:48 AM Regression #14773 (Not a Bug): Unable to boot pfSense after installation on Proxmox VE 8.x
I have multiple new pfSense 2.7 installations that are unable to boot after installation. Also tested with pfSense 23... Christopher de Haas
02:17 PM pfSense Packages Regression #14774 (Feedback): Lightsquid won't allow change the password.
I pushed a fix for this, it will be available shortly. Jim Pingle
01:42 PM pfSense Packages Regression #14774 (Resolved): Lightsquid won't allow change the password.
I had the latest version of lightsquid 1.8.5 3.0.7_2.
Is not accepting new password for the user 'admin'.
It wo... Peter Moreno
12:15 PM Bug #14634: The default gateway icon is not updated when the default gateway is changed to none
>however the globe icon does remain even when the default gateway is set to None
yes, it is this. and default route ... yon Liu
12:11 PM Bug #14717: A default route can remain after setting the default gateway to None
frr has no setup ipv6 default gateway.so WAN pppoe auto setup default gateway in pfsense. yon Liu
12:07 PM Bug #14717: A default route can remain after setting the default gateway to None
my frr only has ipv6 bgp sessions, no ipv4 bgp session. frr has no setup ipv4 default gateway yon Liu
12:32 AM Bug #14717 (Feedback): A default route can remain after setting the default gateway to None
Marcos M
12:31 AM Bug #14717: A default route can remain after setting the default gateway to None
It's possible that frr is playing a part here - please try reproducing the issue with frr disabled or removed. For ex... Marcos M
12:10 PM Regression #14727 (Resolved): PCH Temperature missing from Thermal Sensors
Jim Pingle
01:09 AM Regression #14727: PCH Temperature missing from Thermal Sensors
23.09-DEVELOPMENT (amd64)
built on Thu Sep 07 06:05:43 UTC 2023
FreeBSD 14.0-ALPHA2
Confirm PCH temp is presented Ted Quade
 

Also available in: Atom