Project

General

Profile

Activity

From 09/23/2023 to 10/22/2023

10/22/2023

09:14 PM Feature #14911: Feature request - System Aliases
I posted this feature request also at the community forum, at https://forum.netgate.com/topic/183570/feature-request-... Wolfgang Thegreat
08:24 PM Feature #14911 (Rejected): Feature request - System Aliases
Hello,
I wish to ask for something I call "System Aliases".
At times there is a need to have a list of IPs and/... Wolfgang Thegreat
07:32 PM pfSense Docs Correction #14910 (Closed): Feedback on System Monitoring — Firewall Table Contents
*Page:* https://docs.netgate.com/pfsense/en/latest/monitoring/status/firewall-tables.html
*Feedback:*
Hello,
T... Wolfgang Thegreat
06:49 PM pfSense Packages Bug #14858: Possible SNORT Regression with Remove Blocked Hosts interval / Alert length of time / duration timer being auto changed timer changed by itself and is deleting blocked hosts at 5 mins when set to never
This issue was resolved when I saved the interval again can you please close this ticket. Jonathan Lee
06:48 PM Bug #14909 (Not a Bug): OS Account Changes contains records from a date much before the installation date
Hello,
This bug report is following a community post at https://forum.netgate.com/topic/183563/strange-os-account-... Wolfgang Thegreat
06:47 PM pfSense Packages Feature #14908 (New): FEATURE REQUEST: Snort Alerts / Blocked Page ability to save users order of list choice
Hello fellow Redmine pfSense community members,
I wanted to bring this up and see if anyone else noticed this. I a... Jonathan Lee
05:24 PM Feature #14907 (New): DNS Resolution on Diagnostics > States Summary
Hello,
In version 2.7.0, the page of Diagnostics > States Summary shows numeric IPs, which are sometimes hard to u... Wolfgang Thegreat
03:24 PM Bug #14906 (New): DHCPv4 server self-assigning address to own DHCP client-enabled interfaces
Assume three NICs: igc0, igc1, igc2
Assume a single bridge: bridge0 (OPT2, OPT3)
And a VLAN: igc0.1036
Interface... Luca Piccirillo
03:22 PM Bug #14756 (Resolved): Link loss causes interfaces configured as Track Interface for IPv6 to lose their IPv4 addresses
Tested on 23.05_1
I was able to reproduce this bug.
After applying 49d0874fb4524e05a802eaeabbf6bf152860f3d4 and t... Azamat Khakimyanov
01:21 PM pfSense Packages Bug #11802: FreeRADIUS sync
The problem is relevant. It is impossible to use synchronization: the configuration of certificates on recipient node... Alex Viper_Rus
11:28 AM pfSense Plus Regression #14828: QAT is not being used by some daemons
I've just tried 23.09.b.20231020.0600 on qat_200xx equipped hardware (Xeon D-1736NT) and I can see that the revision ... Rob A
09:45 AM pfSense Plus Regression #14828: QAT is not being used by some daemons
Hi Kris,
No change with 23.09 BETA, including 23.09.b.20231020.0600 for QAT on C3xxx QAT hardware (Netgate 6100 in... Rob A
05:23 AM pfSense Packages Bug #14905: ARPing causes menu bar to stop working
I have tested and can confirm this behavior. aleksei prokofiev
01:42 AM Regression #14896: Suricata is removed when upgrading the base system
Hi Netgate team: I will need a little help addressing this issue. I currently do not have a pfSense Plus test environ... Bill Meeks

10/21/2023

11:31 PM pfSense Packages Bug #14905 (Duplicate): ARPing causes menu bar to stop working
After running ARPing and getting the results, any attempt to navigate to another page by clicking the menu bar (Syste... Christopher Cope
10:06 PM pfSense Plus Bug #14818 (Confirmed): StatusTraffic Graph In/Out traffic misplaced in Graph but correct in text table
It looks like this happens when the Sort By dropdown is set to Bandwidth Out. Using pfSense as an iperf server and a ... Chris W
08:17 PM pfSense Plus Regression #14828: QAT is not being used by some daemons
Rob A wrote in #note-3:
> I still see demonstrable difference between 23.05 and 23.09 dev with QAT. QAT is active o... Kris Phillips
08:14 PM pfSense Packages Bug #14861 (Incomplete): PHP error when pings are enabled but no ping hosts are defined
Tested on 23.09 and unable to reproduce.
What are the exact steps to produce this PHP error? What platform are ... Kris Phillips
07:14 PM Bug #14609 (Resolved): Update check in GUI does not always honor the configured proxy settings
Tested on 23.05_1 and 23.09-BETA (built on Mon Oct 16 2:31:00 UTC 2023)
I was able to reproduce this issue on 23.0... Azamat Khakimyanov
06:47 PM pfSense Plus Feature #14387: Offline config mode
Tested on 23.05.1 and 23.09 there is still significant boot times for the WAN interface being down and the webConfigu... Kris Phillips
02:41 PM pfSense Plus Feature #14387: Offline config mode
Can you confirm you are still having this issue on 23.05.1?
The original redmine is resolved and testing with 23.0... Christopher Cope
06:40 PM pfSense Packages Regression #14904: FRR 9 crashes at startup on 23.09-BETA armv7 (3100)
There was a theory that this was UFS versus ZFS related. Testing on whitebox amd64 with ZFS I'm unable to reproduce ... Kris Phillips
04:38 PM pfSense Packages Regression #14904: FRR 9 crashes at startup on 23.09-BETA armv7 (3100)
I can reliably replicate the issue only on 3100. Danilo Zrenjanin
03:14 PM pfSense Packages Regression #14904: FRR 9 crashes at startup on 23.09-BETA armv7 (3100)
I can't reproduce it on the amd64 build ... Lev Prokofev
03:09 PM pfSense Packages Regression #14904: FRR 9 crashes at startup on 23.09-BETA armv7 (3100)
I can confirm that it worked as expected on 23.09.b.20231018.0600.
 Danilo Zrenjanin
03:00 PM pfSense Packages Regression #14904: FRR 9 crashes at startup on 23.09-BETA armv7 (3100)
Tested against 23.09.b.20231020.0600 Danilo Zrenjanin
02:55 PM pfSense Packages Regression #14904 (Resolved): FRR 9 crashes at startup on 23.09-BETA armv7 (3100)
... Danilo Zrenjanin
04:55 PM Regression #14431: Sending IPv6 traffic on a disabled interface can trigger a kernel panic
... Rob A
04:53 PM Regression #14431: Sending IPv6 traffic on a disabled interface can trigger a kernel panic
Hopefully I have captured the panic:... Rob A
02:30 PM Feature #14903 (New): Support for API based email delivery
Hello,
This feature request is following this community post - https://forum.netgate.com/topic/183548/support-for-... Wolfgang Thegreat
05:52 AM Regression #14880: Diagnostics>States doesn't allow rule ID and interface filtering simultaneously but clearing the interface field is not possible
Works as expected on ... Lev Prokofev

10/20/2023

11:24 PM Regression #14615: PHP crash during bootup with gateway monitoring enabled with custom monitor IP
I think this may be a wider issue. I upgraded from 2.7.0 -> 2.8.0 when it was released, after using 2.7.0 since it wa... Scott Buckel
08:29 PM Bug #14893 (In Progress): Large number of IPsec tunnels causes long filter reload times
Marcos M
08:10 PM pfSense Plus Bug #14902 (Not a Bug): Package Manager available list empty
This site is not for support or diagnostic discussion.
For assistance in solving problems, please post on the "Net... Jim Pingle
07:23 PM pfSense Plus Bug #14902 (Not a Bug): Package Manager available list empty
This seem to have happened after pfSense Plus 23.05.1 upgrade. Although I don't know the exact time frame. I am unabl... Jimmy Chen
06:32 PM pfSense Packages Feature #14901 (New): Feature request - Adding in the GUI the advanced SHA and AES values for SNMPv3
I post this following this community forum post I published - https://forum.netgate.com/topic/183532/setting-advanced... Wolfgang Thegreat
05:46 PM Bug #14892 (Resolved): Traffic graph filters apply incorrectly
Jim Pingle
03:13 PM Bug #14892: Traffic graph filters apply incorrectly
patch corrects the behavior
tested on:
23.09-BETA (amd64)
built on Fri Oct 20 6:00:00 UTC 2023
FreeBSD 14.0-CURRENT Georgiy Tyutyunnik
04:17 PM pfSense Packages Todo #14795: Transition to nut-devel
Merged here:
https://github.com/pfsense/FreeBSD-ports/commit/e55ac518e1e2a4359dbf3b0e5e36aa235bfe1f13 Marcos M
04:17 PM pfSense Packages Todo #14795 (Resolved): Transition to nut-devel
Marcos M
01:07 PM Bug #14900 (New): Spoofed WAN MAC plus L2TP service causes WAN interface link flap
Duplicate of 11571 (I'm the same person who posted that issue which was rejected).
Posted on forum here with no r... Aman Halai
11:30 AM Feature #14899 (New): Feature request - better acknowledgment and validation of the user's public key format
Hello,
This feature request is following my community post at https://forum.netgate.com/topic/183514/cannot-ssh-lo... Wolfgang Thegreat
08:47 AM Feature #11556: Kill states using the pre-NAT address
Proposed implementation in https://reviews.freebsd.org/D42312 (test in https://reviews.freebsd.org/D42313)
This will... Kristof Provost
02:53 AM Bug #14804: Panic when pfsync attempts to synchronize states between hosts with different rulesets
Yes, looks like it is ok now. No more crashes on beta 23.09 Vladimir Suhhanov

10/19/2023

08:07 PM Regression #14896: Suricata is removed when upgrading the base system
I was able to reproduce this upgrading between 23.09-BETA versions:
{{collapse... Marcos M
04:16 PM Regression #14896: Suricata is removed when upgrading the base system
From the Netgate forums working with another user who provided possible insight:
https://forum.netgate.com/topic/1831... Brian Dahlquist
03:52 PM Regression #14896 (Resolved): Suricata is removed when upgrading the base system
After upgrading from 23.05.01 to 23.09 beta on a clean install (and on a second install) the Suricata package will no... Brian Dahlquist
05:12 PM pfSense Packages Bug #14898 (Resolved): Suricata core dumps with signal 11
I installed Suricata on a system with previous config using Legacy Mode, Enable/Disable/Drop SID lists. After attempt... Marcos M
04:15 PM Regression #14897 (Feedback): DHCPv4 service stopped after applying interface settings when no interfaces have DHCPv6 enabled
Applied in changeset commit:dc96586bddbc3d209b04d602412378c656acef16. Jim Pingle
04:06 PM Regression #14897 (Resolved): DHCPv4 service stopped after applying interface settings when no interfaces have DHCPv6 enabled
When applying changes for an interface (e.g. WAN), during @interface_bring_down()@ it ends up calling @services_dhcpd... Jim Pingle
04:07 PM Revision dc96586b: Selectively kill DHCP server by family. Fixes #14897
Jim Pingle
03:42 PM Revision e67b20f4: Fix some syntax/logic errors in interface config.
Jim Pingle
02:01 PM pfSense Plus Bug #14705: Changes in Ethernet ruleset can lead to incorrect rule and separator order
Thanks for looking into this Jonathan Lee
07:57 AM pfSense Plus Bug #14705 (Feedback): Changes in Ethernet ruleset can lead to incorrect rule and separator order
I was finally able to replicate this issue fairly consistently (albeit not every single time). A fix is now in place ... Marcos M
01:38 PM Bug #14386: ``openvpn.auth-user.php`` gets stuck at 100% CPU usage when RADIUS authentication times out
Duplicate Connection was already disabled (multiple connections from the same user are not allowed - check box not ch... Orion Poplawski
07:12 AM Revision 3d5bdf79: Save rules changes before the ruleset is sorted.
Marcos M

10/18/2023

08:26 PM Bug #14893: Large number of IPsec tunnels causes long filter reload times
In my case, all of the remote gateways are IP addresses. There shouldn't be anything in IPsec that needs to resolve a... Max Leighton
06:58 PM Bug #14893: Large number of IPsec tunnels causes long filter reload times
This may be a duplicate of other existing issues such as #12335 Jim Pingle
06:35 PM Bug #14893 (Resolved): Large number of IPsec tunnels causes long filter reload times
On a 23.05.1 system with many IPsec tunnels, reloading the filter can take over 5 minutes. This results in very slow ... Max Leighton
08:06 PM pfSense Packages Bug #14895 (New): Wireguard / bad performance after reboot, if running together with OpenVPN
Hello,
I initially posted in the netgate forum, but in the meantime I conducted more investigations and I think I ... Pascal Terrien
07:48 PM pfSense Plus Bug #13455: Serial console output fails to render properly in certain cases on 4100, 6100, and 8200.
I created a separate issue for the remaining login prompt problem: #14894 Jim Pingle
06:36 PM pfSense Plus Bug #13455: Serial console output fails to render properly in certain cases on 4100, 6100, and 8200.
Chris Mirchandani wrote in #note-16:
> This Redmine was specifically opened for the password protected issue. In the... Jim Pingle
06:33 PM pfSense Plus Bug #13455: Serial console output fails to render properly in certain cases on 4100, 6100, and 8200.
This Redmine was specifically opened for the password protected issue. In the process of looking into that issue you ... Chris Mirchandani
06:17 PM pfSense Plus Bug #13455 (Feedback): Serial console output fails to render properly in certain cases on 4100, 6100, and 8200.
Fix committed: https://gitlab.netgate.com/pfSense/factory/-/commit/69b321f6d5153ed0e8146abf716cee6f8cd98646 Jim Pingle
06:09 PM pfSense Plus Bug #13455 (In Progress): Serial console output fails to render properly in certain cases on 4100, 6100, and 8200.
The unusual characters in the loader clear up if we set the console to @efi@ explicitly on affected platforms (4100, ... Jim Pingle
07:47 PM pfSense Plus Bug #14894 (New): Password protected console login prompt does not render properly on 4100/6100/8200 serial console
After resolving other console issues with the 4100/6100/8200 in #13455 a problem remains with the login prompt.
It... Jim Pingle
05:29 PM Feature #14844: QAT 200xx devices are not recognized as supported
Updating subject for release notes. Jim Pingle
05:24 PM Regression #14876: ``ca_setup_trust_store()`` behavior conflicts with ``certctl``
It works fine on:... Danilo Zrenjanin
05:05 PM Regression #14616 (Resolved): dpinger does not start after renewing DHCP
The same test works as expected against 23.09.b.20231018.0600.
I am marking this ticket resolved. Danilo Zrenjanin
04:59 PM Regression #14616: dpinger does not start after renewing DHCP
I was able to reproduce the reported issue on the 23.05.1 release. Danilo Zrenjanin
03:31 PM Revision 221fc6d2: MVC updates for SSH and gateways code.
Marcos M
03:00 PM Bug #14892 (Feedback): Traffic graph filters apply incorrectly
Applied in changeset commit:af627f37e47b939d6930b1d49fcc6842fd955705. Anonymous
02:31 PM Bug #14892 (In Progress): Traffic graph filters apply incorrectly
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/1092
https://forum.netgate.com/topic/183480/traffic-grap... Steve Wheeler
02:30 PM Bug #14892 (Resolved): Traffic graph filters apply incorrectly
The traffic graphs include a seection to filter for local, remote or all traffic but the results are unexpected.
T... Steve Wheeler
02:53 PM Revision af627f37: Traffic Graph filtering corrections. Fix #14892
Steve Wheeler
02:53 PM pfSense Packages Bug #14390: Squid: SECURITY ALERT: Host header forgery detected
Can anyone advise on the feasibility of building a custom patched version of Squid (at least for testing purposes to ... Simon Byrnand
02:11 PM Bug #14884 (Resolved): Kea service for IPv6 can show active even when no interfaces have DHCPv6 enabled
Tested against:
23.09.b.20231018.0600
I am marking this ticket as resolved.
Danilo Zrenjanin
02:01 PM Regression #14877 (Resolved): Import PKCS #12 (PFX) certificate error when using legacy/low ciphers
Tested against the latest Beta release.
The error message now accurately describes the cause of the failure.
<... Danilo Zrenjanin
10:40 AM Bug #14891 (New): High CPU usage when interface get down and up due to proces check_reload_status
Today I noticed that the cpu usage was high on my pfSense appliance (N5105, I226).
After looking in top I see that ... Thijs K

10/17/2023

11:15 PM Regression #14889 (Resolved): Lock leak kernel panic after upgrading to 23.09
The user who was hitting this reports success updating to the latest build containing the fix. Steve Wheeler
07:39 PM Regression #14889 (Feedback): Lock leak kernel panic after upgrading to 23.09
Christian McDonald
12:53 PM Regression #14889 (Resolved): Lock leak kernel panic after upgrading to 23.09
After upgrading to 23.09 the system appears to hang after starting the DHCP server (ISC) eventually panicking and reb... Steve Wheeler
06:30 PM Feature #14844 (Feedback): QAT 200xx devices are not recognized as supported
Applied in changeset commit:1579b10b674d08214404b7f145db780e985554c4. Marcos M
06:22 PM Feature #14844 (Pull Request Review): QAT 200xx devices are not recognized as supported
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/1091
The dashboard should now recognize it. Marcos M
06:13 PM Revision 1579b10b: Recognize the 200xx Series QAT device. Implement #14844
Marcos M
04:48 PM Regression #14877: Import PKCS #12 (PFX) certificate error when using legacy/low ciphers
After internal discussion we decided not to enable the legacy provider by default because it had other potentially ne... Jim Pingle
04:46 PM Revision 392133c7: Amend P12 error for bad ciphers. Fixes #14877
Jim Pingle
04:35 PM Revision 43179546: Revert "Enable OpenSSL legacy provider by default. Issue #14877"
This reverts commit 275ae19ad70336f06ed53d655ceb96c8b2ab56f0. Jim Pingle
03:50 PM Regression #14755 (Resolved): Intermittent core dump in ``ndp`` when visiting ``diag_ndp.php``
Marcos M
03:48 PM pfSense Packages Todo #14881: for wiregaurd interface add linklocal IPv6 address
The VIP page allows LL addresses, a new page isn't needed for that part. The MAC address can be manually set on assig... Marcos M
11:43 AM pfSense Packages Todo #14881: for wiregaurd interface add linklocal IPv6 address

I used firewall_virtual_ip.php to add the fe80 address before, and it worked. However, this method has failed in re... yon Liu
01:43 PM pfSense Packages Feature #14890: dtlspipe package
I have told the author and he has seen this post. yon Liu
01:38 PM pfSense Packages Feature #14890: dtlspipe package
First it would have to be added to FreeBSD ports Jim Pingle
01:24 PM pfSense Packages Feature #14890 (New): dtlspipe package
This is a DTSL tool that has been tested and used. It can add DTLS support to almost all UDP. It is especially suitab... yon Liu
08:33 AM Todo #10464: Don't change the current update repo when new releases are available
Jim Pingle wrote in #note-2:
> While not a bug per se, it is something we could improve. It would prevent some accid... Sima Xi
12:43 AM Bug #14809 (Resolved): ``packet_capture.php`` uses ``count`` and ``length`` values in command execution without validation or encoding
Marcos M

10/16/2023

10:53 PM Bug #13911 (Resolved): Unnecessary delay when querying ``ixgbe(4)`` interfaces with SFP ports
This looks good in current 23.09 builds.
Tested:... Steve Wheeler
10:51 PM Regression #14885 (Resolved): PPPoE clients macro does not work
Patch tested by @cjl and the system table now populates correctly:... Marcos M
07:40 PM Regression #14885 (Feedback): PPPoE clients macro does not work
Applied in changeset commit:87510765f94b51d3f5ddcea66b14ab6211cbc864. Marcos M
07:02 PM Regression #14885 (Pull Request Review): PPPoE clients macro does not work
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/1090 Marcos M
06:43 PM Regression #14885 (Resolved): PPPoE clients macro does not work
The PPPOE system alias is missing, and creating a rule with the @PPPoE clients@ macro and gateway results in the foll... Marcos M
10:49 PM Regression #14867 (Resolved): Address family validation prevents creating 1:1 NAT rule
Marcos M
10:44 PM Bug #14785 (Resolved): Primary IPv6 interface address may be incorrect when a VIP is set
The @ifconfig@ output order has not changed, but rather what the system _determines_ to be primary address (e.g. unde... Marcos M
10:30 PM pfSense Packages Feature #13575 (Resolved): Update to frr 9.0.1
Marcos M
10:29 PM Feature #14731 (Resolved): Unbound Advanced Settings entry for ``sock-queue-timeout``
An empty value now defaults to 0 as expected. Marcos M
10:26 PM Feature #14620 (Assigned): Support running DHCPv4 Server and DHCPv4 Relay at the same time on different interfaces
Marcos M
10:10 PM Todo #14888 (Resolved): Exclude non-release branches from general update checks
To make it simpler to provide repos for devel, beta, and rc versions concurrently, the -C option should be modified t... Reid Linnemann
09:17 PM Feature #14887 (Closed): Add an appropriately named file to install images to indicate what they are
If you have written a number of images to USB sticks it can be hard to know which image is actually on any particular... Steve Wheeler
08:52 PM pfSense Packages Todo #14881 (Duplicate): for wiregaurd interface add linklocal IPv6 address
Marcos M
08:48 PM pfSense Packages Todo #14881 (Incomplete): for wiregaurd interface add linklocal IPv6 address
> I originally used aliases to add wg interfaces, but this method is invalid in version pf23.09.
What method is th... Marcos M
08:51 PM pfSense Packages Feature #14652: FRR OSPF6 not working over wireguard
> I guess this request might be regarded as a feature request to add link-local ipv6 to the tun_wg interface by defau... Marcos M
08:27 PM pfSense Packages Feature #14652: FRR OSPF6 not working over wireguard
Probably related to #14881 beermount beermount
08:07 PM Bug #14804 (Feedback): Panic when pfsync attempts to synchronize states between hosts with different rulesets
I've pushed a fix to all relevant branches (including 23.09). It'll be part of the next snapshot builds. Kristof Provost
04:49 PM Bug #14804 (In Progress): Panic when pfsync attempts to synchronize states between hosts with different rulesets
Jim Pingle
04:37 PM Bug #14804: Panic when pfsync attempts to synchronize states between hosts with different rulesets
Cheers, that helped!
I think I see what happened here. Basically I fixed the problem upstream and missed a case in... Kristof Provost
02:47 PM Bug #14804: Panic when pfsync attempts to synchronize states between hosts with different rulesets
Sorry just went out of my head…
FreeBSD 14.0-CURRENT amd64 1400094 #1 plus-RELENG_23_09-n256151-106588946ac: Mon... Vladimir Suhhanov
12:24 PM Bug #14804: Panic when pfsync attempts to synchronize states between hosts with different rulesets
Yes, but what *version* are you running?
Post the output of "uname -a" and "pkg info pfSense-kernel-pfSense". Kristof Provost
12:04 PM Bug #14804: Panic when pfsync attempts to synchronize states between hosts with different rulesets
@db:1:pfs> bt
Tracing pid 12 tid 100062 td 0xfffffe00c641f560
kdb_enter() at kdb_enter+0x32/frame 0xfffffe001b1e260... Vladimir Suhhanov
08:35 AM Bug #14804: Panic when pfsync attempts to synchronize states between hosts with different rulesets
Yes, the relevant patch is in the 23.09 branch. What version are you running and what is the full backtrace you're ge... Kristof Provost
08:17 AM Bug #14804: Panic when pfsync attempts to synchronize states between hosts with different rulesets
Does this patch apply to the current beta builds? I have tried one beta build from 13 Oct and it crashes the same way. Vladimir Suhhanov
07:25 PM Feature #14886 (New): Visual improvement to the Gateway widget: display the icon in a color reflecting the status

A small tweak to the Gateway widget to display the icon in a color reflecting the status.
Rationale:
In my fou... Patrik Stahlman
06:46 PM Revision 87510765: Generate a system alias for PPPoE clients. Fix #14885
Marcos M
05:45 PM Bug #14884 (Feedback): Kea service for IPv6 can show active even when no interfaces have DHCPv6 enabled
Applied in changeset commit:5fc3b1fbae1fba06563bfebf6cc559769b59f8bf. Jim Pingle
05:37 PM Bug #14884 (Resolved): Kea service for IPv6 can show active even when no interfaces have DHCPv6 enabled
If an interface is configured for track6 it can cause the Kea service for IPv6 to appear active and running even when... Jim Pingle
05:39 PM Revision 9a632676: Remove trigger_initial_wizard since it is not used in the pkg
Brad Davis
05:37 PM Revision 5fc3b1fb: Remove outddated DHCPv6 test. Fixes #14884
Jim Pingle
03:19 PM pfSense Plus Regression #14883 (Not a Bug): Package Manager in 23.05.1 broken
The package manager servers are the same for Plus on Netgate and non-Netgate hardware for amd64 systems. There do not... Jim Pingle
03:10 PM pfSense Plus Regression #14883 (Not a Bug): Package Manager in 23.05.1 broken
Hello,
Package Manager on 23.05.1 is not showing Available packages now, as if the repo is offline or something. ... Scott Keats
03:09 PM pfSense Plus Regression #14180: ConnectX-4 LX MCX4121A-ACAT - VT-d passthrough of both ports, virtualized pfSense fails to boot due to mlx5 driver errors
Hi, thanks for looking into it.
My setup was already EFI-based. I've long since abandoned the Mellanox card and am... name name
03:07 PM Regression #14880: Diagnostics>States doesn't allow rule ID and interface filtering simultaneously but clearing the interface field is not possible
Confirmed patch allows Interface and Rule ID at the same time. dylan mendez
03:00 PM Regression #14880 (Feedback): Diagnostics>States doesn't allow rule ID and interface filtering simultaneously but clearing the interface field is not possible
Applied in changeset commit:f8606ffa1b83d1d4105e0a48e49fa0b5ed4a2138. Jim Pingle
02:48 PM Regression #14880: Diagnostics>States doesn't allow rule ID and interface filtering simultaneously but clearing the interface field is not possible
Not specific to plus. Jim Pingle
02:52 PM Bug #12747: Restarting the logging daemon during rotation also restarts ``sshguard``, leading to frequent log messages
Jonathan Stafford wrote in #note-14:
> I'm having this problem as well, with 23.05.1-RELEASE. For me, the issue see... Geovane Gonçalves
02:51 PM Revision f8606ffa: Fix state dump rule ID validation. Fixes #14880
Jim Pingle
02:47 PM Regression #14877 (Feedback): Import PKCS #12 (PFX) certificate error when using legacy/low ciphers
Fixed by commit:275ae19ad70336f06ed53d655ceb96c8b2ab56f0 which enables the legacy provider by default.
If testing ... Jim Pingle
02:27 PM Regression #14877 (In Progress): Import PKCS #12 (PFX) certificate error when using legacy/low ciphers
That's because when it gets exported it's using a low/old/deprecated cipher set. Then the import code doesn't support... Jim Pingle
02:29 PM Revision 275ae19a: Enable OpenSSL legacy provider by default. Issue #14877
Jim Pingle
02:10 PM Regression #14876 (Feedback): ``ca_setup_trust_store()`` behavior conflicts with ``certctl``
Applied in changeset commit:72c441e9e0c0f3d4cd26f554a67aa91e06734b5b. Jim Pingle
01:45 PM Regression #14876: ``ca_setup_trust_store()`` behavior conflicts with ``certctl``
This is really a base system issue and likely the same root cause as other issues we've seen.
@certctl rehash@ is ... Jim Pingle
01:48 PM Revision 72c441e9: Refresh OS CA list after updating trust store. Fixes #14876
Jim Pingle
12:19 PM Regression #14873 (Resolved): Kea DHCP Static Mappings 404 Not Found
Jim Pingle

10/15/2023

11:50 AM Feature #2358: NAT64 support
Please, is there a plan to implement functionality with an alternative to ipfw_nat64?
pfsense is unusable if Provi... Thomas Wagner
10:40 AM pfSense Packages Todo #14881 (Duplicate): for wiregaurd interface add linklocal IPv6 address
Since frr8- frr9 requires that the fe80:: address must be configured. so wiregaurd need add this fe80:: address.
I... yon Liu
06:52 AM pfSense Plus Bug #14879: Disabling DNS Rebinding Checks deletes private domains from unbound config
According to johnpoz in the linked forum thread, DNSSEC validation fails. This would explain why it is not working an... Bob Dig
03:01 AM pfSense Plus Regression #14180: ConnectX-4 LX MCX4121A-ACAT - VT-d passthrough of both ports, virtualized pfSense fails to boot due to mlx5 driver errors
see if it makes any difference booting EFI with your setup - https://docs.netgate.com/pfsense/en/latest/recipes/virtu... Jordan G
02:50 AM pfSense Packages Feature #12179 (Confirmed): QEMU package
A package would also eliminate a lot of the script creation and general "hackery" needed to get the QEMU guest agent ... Kris Phillips
02:15 AM Regression #14873: Kea DHCP Static Mappings 404 Not Found
Tested on Oct 14th builds. Double clicking entries no longer returns any 404 messages. Confirmed fixed. Kris Phillips
02:05 AM Bug #14083: Adding MSS and MTU values on a LAGG VLAN interface breaks connectivity
Daniel Hoffend wrote in #note-12:
> I can confirm the issue with pfSense 2.7. We're using multiple vlan interfaces o... Kris Phillips
01:54 AM Regression #14880: Diagnostics>States doesn't allow rule ID and interface filtering simultaneously but clearing the interface field is not possible
Tested this on 23.05.1 and this error is not present when attempting to filter, so this is new for 23.09. Kris Phillips
01:52 AM Regression #14880: Diagnostics>States doesn't allow rule ID and interface filtering simultaneously but clearing the interface field is not possible
Bug confirmed on latest 23.09 BETA build from Oct 14th. This error appears to be cosmetic, as the filtering still wo... Kris Phillips
12:57 AM Regression #14856 (Resolved): Duplicating a floating rule places it at the bottom
Tested on... Christopher Cope
12:34 AM Bug #14648: Values obtained from ``sysctl`` are sometimes unexpectedly empty, leading to PHP and other math errors
Okay,
So I have been running sysctl -iq hw.physmem for every 10 seconds and it has NEVER returned 0 but today i h... Michael Clews

10/14/2023

08:28 PM Regression #14880 (Resolved): Diagnostics>States doesn't allow rule ID and interface filtering simultaneously but clearing the interface field is not possible
Diagnostics>States doesn't allow rule ID and interface filtering simultaneously but clearing the interface field is n... Jordan G
06:36 PM pfSense Packages Feature #13575: Update to frr 9.0.1

FRR 9.0.1 is added and working
23.09-BETA (amd64)
built on Thu Oct 12 23:00:00 PDT 2023
FreeBSD 14.0-CURRENT Alhusein Zawi
06:09 PM Regression #14876: ``ca_setup_trust_store()`` behavior conflicts with ``certctl``
It looks to be related to SSL, disabling curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true); in the download_file functio... Christopher Cope
06:36 AM Regression #14876 (Confirmed): ``ca_setup_trust_store()`` behavior conflicts with ``certctl``
I can confirm this behavior. ... Danilo Zrenjanin
06:33 AM Regression #14876 (Resolved): ``ca_setup_trust_store()`` behavior conflicts with ``certctl``
When you add a commit ID, it generates a proper link, for example, id 01d6aeb62f876fc9b6f9e1083e7586b1866c725b
!cli... Lev Prokofev
02:37 PM pfSense Packages Feature #14875: Snort + VirusTotal could analyse suspicious domains, IPs and URLs to detect malware and other breaches, automatically
I see a potential issue here. Careful reading of the API overview at the link provided yields an important piece of i... Bill Meeks
04:08 AM pfSense Packages Feature #14875 (New): Snort + VirusTotal could analyse suspicious domains, IPs and URLs to detect malware and other breaches, automatically
Hello fellow pfSense Redmine members,
I noticed in Snort we have a resolve IP address option however, time and tim... Jonathan Lee
12:37 PM pfSense Plus Bug #14879 (New): Disabling DNS Rebinding Checks deletes private domains from unbound config
This will make Domain Overrides not work anymore, at least with split DNS.
More Details are described here: https:/... Bob Dig
11:37 AM pfSense Packages Feature #14878 (New): Integrated syslog support
Requesting the integrated support to be able to ship pfblockerng logs to a syslog server. This is crucial for organi... Alan Shearer
09:30 AM pfSense Packages Feature #12179: QEMU package
> It would be more convenient to have it as a package that can be installed/configured from the GUI.
I really woul... Bob Dig
07:44 AM Regression #14877: Import PKCS #12 (PFX) certificate error when using legacy/low ciphers
In the MacOS, the password gets generated once you right-click on the cert in the Keychain Access and choose export.
... Danilo Zrenjanin
07:19 AM Regression #14877: Import PKCS #12 (PFX) certificate error when using legacy/low ciphers
Tested, on ... Lev Prokofev
07:00 AM Regression #14877 (Resolved): Import PKCS #12 (PFX) certificate error when using legacy/low ciphers
Tested against:... Danilo Zrenjanin

10/13/2023

08:30 PM Regression #14873 (Feedback): Kea DHCP Static Mappings 404 Not Found
Applied in changeset commit:b552fd273b50d17a504171081af2f453efd5a386. Jim Pingle
08:19 PM Regression #14873 (In Progress): Kea DHCP Static Mappings 404 Not Found
Looks like a little typo, easy fix. Jim Pingle
05:42 PM Regression #14873 (Resolved): Kea DHCP Static Mappings 404 Not Found
If you double-click on an already defined MAC address in the MAC address column it leads to 404 Not Found page.
!c... Danilo Zrenjanin
08:21 PM Revision b552fd27: Correct typo. Fixes #14873
Jim Pingle
08:14 PM pfSense Plus Bug #14478 (Resolved): Ethernet rules using ``(self)`` as a source or destination make the ruleset fail to load
Jim Pingle
05:55 PM pfSense Plus Bug #14478: Ethernet rules using ``(self)`` as a source or destination make the ruleset fail to load
tested on:
Version 23.09-BETA (amd64)
built on Fri Oct 13 6:00:00 UTC 2023
FreeBSD 14.0-CURRENT
this version has ... Georgiy Tyutyunnik
06:19 PM pfSense Docs Todo #14874: Feedback on pfSense® software Configuration Recipes — IPsec Remote Access VPN Example Using IKEv2 with EAP-MSCHAPv2
if you don't see anything at least worth mentioning in the documentation then....Wow... brian neiferd
05:53 PM pfSense Docs Todo #14874 (Rejected): Feedback on pfSense® software Configuration Recipes — IPsec Remote Access VPN Example Using IKEv2 with EAP-MSCHAPv2
The button appears only if you don't already have a mobile P1. If you already have a mobile P1, you can't create one,... Jim Pingle
05:45 PM pfSense Docs Todo #14874 (Rejected): Feedback on pfSense® software Configuration Recipes — IPsec Remote Access VPN Example Using IKEv2 with EAP-MSCHAPv2
*Page:* https://docs.netgate.com/pfsense/en/latest/recipes/ipsec-mobile-ikev2-eap-mschapv2.html
*Feedback:*
The i... brian neiferd
05:27 PM pfSense Docs Todo #14816: Feedback on pfSense® software Configuration Recipes — OpenVPN Site-to-Site Configuration Example with SSL/TLS
Kris Phillips wrote in #note-1:
> You shouldn't need to define a Remote subnet unless you're doing a /30 S2S, but I... Daniel Castellanos
05:20 PM pfSense Docs Todo #14871: Feedback on pfSense® software Configuration Recipes — IPsec Remote Access VPN Example Using IKEv2 with EAP-MSCHAPv2
There can only be one mobile IPsec P1. It isn't called out in that recipe, but it's documented elsewhere.
 Jim Pingle
05:16 PM pfSense Docs Todo #14871: Feedback on pfSense® software Configuration Recipes — IPsec Remote Access VPN Example Using IKEv2 with EAP-MSCHAPv2
There is only VPN>IPSec>Tunnels, add P1. There is not a button to distinguish between mobile P1 and site-to-site P... brian neiferd
04:31 PM pfSense Docs Todo #14871 (Rejected): Feedback on pfSense® software Configuration Recipes — IPsec Remote Access VPN Example Using IKEv2 with EAP-MSCHAPv2
If that's what you see, you did not follow the instructions properly and you are not editing the mobile P1, but a sit... Jim Pingle
04:03 PM pfSense Docs Todo #14871 (Rejected): Feedback on pfSense® software Configuration Recipes — IPsec Remote Access VPN Example Using IKEv2 with EAP-MSCHAPv2
*Page:* https://docs.netgate.com/pfsense/en/latest/recipes/ipsec-mobile-ikev2-eap-mschapv2.html
*Feedback:*
Impos... brian neiferd
05:16 PM Regression #14870 (Closed): Aliases are incorrectly added to rules
Fix for this is the same as the fix in #14867. Marcos M
05:13 PM Regression #14870 (Feedback): Aliases are incorrectly added to rules
Yes, I believe this is fixed in the current snapshot. Steve Wheeler
04:47 PM Regression #14870: Aliases are incorrectly added to rules
I can't reproduce it on the... Lev Prokofev
03:39 PM Regression #14870: Aliases are incorrectly added to rules
when i input network 2602:fed6:7021::/48, it is show network/0 in firewall rule yon Liu
02:00 PM Regression #14870: Aliases are incorrectly added to rules
Tested:... Steve Wheeler
01:56 PM Regression #14870 (Closed): Aliases are incorrectly added to rules
Aliases are shown incorrectly in rules as 'single/0'. This then throws errors loading the ruleset:... Steve Wheeler
05:12 PM Bug #14829 (Resolved): Multi-WAN Dynamic DNS does not fail over when preferred WAN loses link
Tested against:... Danilo Zrenjanin
04:41 PM pfSense Docs Todo #14872 (Rejected): Feedback on pfSense® software Configuration Recipes — IPsec Remote Access VPN Example Using IKEv2 with EAP-MSCHAPv2
Please post on the forum for help.
Any options not mentioned are to be left at their defaults, but you are also no... Jim Pingle
04:34 PM pfSense Docs Todo #14872 (Rejected): Feedback on pfSense® software Configuration Recipes — IPsec Remote Access VPN Example Using IKEv2 with EAP-MSCHAPv2
*Page:* https://docs.netgate.com/pfsense/en/latest/recipes/ipsec-mobile-ikev2-eap-mschapv2.html
*Feedback:*
Impos... brian neiferd
04:39 PM Regression #14845 (Resolved): PHP error in 1:1 NAT rule list when a 1:1 NAT rule uses an interface macro for the external address
Tested against:... Danilo Zrenjanin
02:37 PM Feature #14860: Column consistancy between DHCP Static mapping and ARP
Please see attached.
Even though the first columns are different (Interface, Static ARP) the IP, MAC and Hostname ... John Weithman
10:26 AM Bug #14831 (Resolved): IPsec rejects certificate without any SANs
Tested against:... Danilo Zrenjanin
09:00 AM Regression #14867: Address family validation prevents creating 1:1 NAT rule
It's fixed in the ... Lev Prokofev
07:57 AM pfSense Packages Bug #14841 (Resolved): IPsec Profile Export for Apple is using incorrect encryption on PKCS#12 data, cannot import into macOS
Tested against:... Danilo Zrenjanin
02:31 AM pfSense Packages Feature #14868 (Pull Request Review): FRR - Support multiple OSPF instances
https://github.com/pfsense/FreeBSD-ports/pull/1293 Edward Valley

10/12/2023

07:37 PM Revision 3e3c3c0a: Remove populating /etc/platform from base.txz
Brad Davis
04:55 PM Regression #14867 (Feedback): Address family validation prevents creating 1:1 NAT rule
Applied in changeset commit:95672f7152db2a583f4fd9f4afe7615137c2a4fb. Marcos M
12:20 PM Regression #14867: Address family validation prevents creating 1:1 NAT rule
It works fine if you define WAN Address > LAN Address. Anything beyond that fails.
!clipboard-202310121419-ogu1u.p... Danilo Zrenjanin
11:52 AM Regression #14867 (Confirmed): Address family validation prevents creating 1:1 NAT rule
I can confirm this behavior.
Tested against:... Danilo Zrenjanin
11:00 AM Regression #14867 (Resolved): Address family validation prevents creating 1:1 NAT rule
... Lev Prokofev
04:47 PM Revision 95672f71: Exclude address/network type from specialnet checks. Fix #14867
These are placeholders for the real value, not specialnets. Marcos M
01:09 PM pfSense Plus Bug #14837: some services show can't start
Wireguard is connected, but it shows that the service has not been started. yon Liu
10:20 AM Regression #14866 (Resolved): System aliases created for local subnets can be an invalid length
Tested the patch against:... Danilo Zrenjanin
10:13 AM Regression #14866: System aliases created for local subnets can be an invalid length
I could reproduce the issue against:... Danilo Zrenjanin
03:10 AM Regression #14866 (Feedback): System aliases created for local subnets can be an invalid length
Applied in changeset commit:01d6aeb62f876fc9b6f9e1083e7586b1866c725b. Marcos M
01:26 AM Regression #14866 (In Progress): System aliases created for local subnets can be an invalid length
Marcos M
12:46 AM Regression #14866: System aliases created for local subnets can be an invalid length
This appears to be introduced here: https://github.com/pfsense/pfsense/commit/85c4a8de0016bc4d192b60fd384af56aa4ba1376 Steve Wheeler
12:39 AM Regression #14866 (Resolved): System aliases created for local subnets can be an invalid length
In 23.09 system aliases are added to the ruleset for subnets on local interfaces. They are automatically created usin... Steve Wheeler
03:19 AM Bug #14056: DNS Resolver experiences intermittent resolution failures with SSL over TLS due to ASLR
Disabling ASLR was a workaround until it was fixed upstream in unbound (which is now the case). In 23.09, unbound is ... Marcos M
02:55 AM Bug #14056: DNS Resolver experiences intermittent resolution failures with SSL over TLS due to ASLR
This ticket has a target version of *23.09*, but I'm pretty sure it was fixed in *23.05*. I came across it in the "23... Michael Vincent
02:54 AM Revision 01d6aeb6: Use the interface name for the reserved system alias suffix. Fix #14866
Marcos M

10/11/2023

08:01 PM Bug #14386: ``openvpn.auth-user.php`` gets stuck at 100% CPU usage when RADIUS authentication times out
I'm not sure that the @Operation timed out@ log is related because the existence of the log means that the authentica... Marcos M
07:33 PM pfSense Packages Todo #14795: Transition to nut-devel
The upstream issue is resolved. Denny Page
07:01 PM pfSense Packages Bug #14865 (New): Saving TINC VPN settings on a CARP Primary causes TINC to start on the Secondary
When anything triggers a configuration save or if the TINC VPN configuration is saved on the CARP Primary Firewall, t... Matthew Latin
03:22 PM Regression #14525 (Resolved): PHP error in ``status_ipsec.php`` after removing active IPsec tunnel configuration
Jim Pingle
03:22 PM Regression #14525: PHP error in ``status_ipsec.php`` after removing active IPsec tunnel configuration
Tetsed on
23.05.1-RELEASE (amd64)
built on Wed Jun 28 03:57:27 UTC 2023
FreeBSD 14.0-CURRENT
The patch working... aleksei prokofiev
03:10 PM Regression #14525: PHP error in ``status_ipsec.php`` after removing active IPsec tunnel configuration
Tested patch on
2.7.0-RELEASE (amd64)
built on Wed Jun 28 03:53:34 UTC 2023
FreeBSD 14.0-CURRENT
Patch fixed th... aleksei prokofiev
09:15 AM Regression #14525: PHP error in ``status_ipsec.php`` after removing active IPsec tunnel configuration
I can reproduce this error with follow
1. S2S Ipsec
2. With working state, I delete P2 on one side and got this err... aleksei prokofiev
01:07 PM Feature #14864: Add option to enable unbound respip module (support RPZ)
!clipboard-202310111506-yzspy.png!
 znerol znerol
01:06 PM Feature #14864: Add option to enable unbound respip module (support RPZ)
Filed a "PR":https://github.com/pfsense/pfsense/pull/4650 znerol znerol
01:03 PM Feature #14864 (New): Add option to enable unbound respip module (support RPZ)
Unbound ships with great support for "Response Policy Zones":https://unbound.docs.nlnetlabs.nl/en/latest/topics/filte... znerol znerol
12:14 PM Feature #14860: Column consistancy between DHCP Static mapping and ARP
Do you mean in the DHCP static mapping list on services_dhcp.php / services_dhcpv6.php? The lists on status_dhcp.php ... Jim Pingle
12:07 PM Bug #14857 (Not a Bug): Linebreak or newline deleted from OpenVPN Custom Options Causing Corruption
It's not a bug. Read the text under the advanced options field. Directives in that box must be separated by a semicol... Jim Pingle
07:53 AM pfSense Packages Feature #14863 (New): WireGuard suppport for aliases
Allow to use aliases in "Allowed IPs" in the WireGuard Peer config. That would match with the general ability to use ... Bob Dig
07:17 AM Bug #14854: Packets are passed through dummynet twice when using ``route-to`` leading to half the expected bandwidth
I've tested on
2.7.0-RELEASE (amd64)
built on Wed Jun 28 03:53:34 UTC 2023
FreeBSD 14.0-CURRENT
It is not a bu... aleksei prokofiev
05:41 AM Regression #14856: Duplicating a floating rule places it at the bottom
The patch works great, tested on ... Lev Prokofev
12:43 AM pfSense Packages Documentation #14842: Update Squid troubleshooting
Can an update be made in the netgate documentation or a fix for this issue be investigated?
Its very odd that ticket... Mike Moore
12:33 AM pfSense Plus Bug #14862 (New): netstat nexthop queries fail on an arm32
Using the -o or -O switches with netstat to get nexthop data fails or shows bad data on arm32 devices.... Steve Wheeler

10/10/2023

09:05 PM pfSense Packages Bug #14861 (Resolved): PHP error when pings are enabled but no ping hosts are defined
i was directed to report this issue here
https://forum.netgate.com/topic/183151/telegraf-stopped-working-after-upd... David Bowen
08:30 PM Bug #14083: Adding MSS and MTU values on a LAGG VLAN interface breaks connectivity
I can confirm the issue with pfSense 2.7. We're using multiple vlan interfaces on an lagg1 interface. (lagg1.40, lagg... Daniel Hoffend
08:05 PM Feature #14860 (New): Column consistancy between DHCP Static mapping and ARP
Just a suggestion that the column IP and MAC be swapped in the table for Diagnostics / ARP. This would be consistant ... John Weithman
07:52 PM pfSense Packages Bug #14554 (Duplicate): PHP Fatal error: Uncaught TypeError: Cannot access offset of type string on string
Marcos M
06:46 PM Bug #14840: OpenVPN Uncaught Exception log error: Uncaught Exception: Can't parse time from string
I never configured a gateway group, just setting an IPv4 Tunnel Network 10.50.62.0/24
However, I did not set any I... Phil Wardt
06:05 PM Regression #14845 (Feedback): PHP error in 1:1 NAT rule list when a 1:1 NAT rule uses an interface macro for the external address
The issues noted in #note-6 occur when the IP address is also a VIP.
Applied in changeset commit:77ba34495de9cde375c... Marcos M
02:47 PM Regression #14845 (In Progress): PHP error in 1:1 NAT rule list when a 1:1 NAT rule uses an interface macro for the external address
Marcos M
05:56 PM Revision 77ba3449: Specify specialnet flags for GUI fields. Fix #14845
Store the flags in variables to allow easier future updates. Marcos M
05:47 PM Revision 38e308db: kea: enable RFC6842 compatibility mode
Christian McDonald
04:12 PM pfSense Packages Todo #14795: Transition to nut-devel
The pfSense-pkg-nut build appears to be failing due to an issue upstream in the FreeBSD nut-devel package. I have fil... Denny Page
02:19 PM pfSense Packages Bug #14858: Possible SNORT Regression with Remove Blocked Hosts interval / Alert length of time / duration timer being auto changed timer changed by itself and is deleting blocked hosts at 5 mins when set to never
Sorry I had it set to never to help with my AppID text file I made. I had a huge amount of entries I was making a a g... Jonathan Lee
01:03 PM pfSense Packages Bug #14858: Possible SNORT Regression with Remove Blocked Hosts interval / Alert length of time / duration timer being auto changed timer changed by itself and is deleting blocked hosts at 5 mins when set to never
I'm not following the problem description in this ticket at all. There is no relationship between the @virusprot@ tab... Bill Meeks
06:23 AM pfSense Packages Bug #14858 (Closed): Possible SNORT Regression with Remove Blocked Hosts interval / Alert length of time / duration timer being auto changed timer changed by itself and is deleting blocked hosts at 5 mins when set to never
Hello fellow Redmine community members,
I am having an issue with my Snort �Remove blocked host interval changing ... Jonathan Lee
01:55 PM Revision f3ec053b: kea: fix netboot regression
Christian McDonald
11:36 AM Bug #14859 (Resolved): Config upgrade error: upgrade_config.inc:6135
Upon restoring a config from pfSense 2.4.X or older:... Steve Wheeler
05:55 AM Bug #14857 (Not a Bug): Linebreak or newline deleted from OpenVPN Custom Options Causing Corruption
This bug has existed for at least three years. I don't know what triggers it, but it appears to be triggered behind t... George 77

10/09/2023

11:10 PM Bug #14840: OpenVPN Uncaught Exception log error: Uncaught Exception: Can't parse time from string
This has happened previously on 23.01 when the OpenVPN server is set to use a gateway group and the tier1 gateway is ... Marcos M
10:25 PM Regression #14856 (Feedback): Duplicating a floating rule places it at the bottom
Applied in changeset commit:35492119bf317c56d02b4a6d7f03d9658da6599b. Marcos M
10:16 PM Regression #14856 (Pull Request Review): Duplicating a floating rule places it at the bottom
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/1088 Marcos M
10:13 PM Regression #14856 (Resolved): Duplicating a floating rule places it at the bottom
When duplicating a floating rule, the rule is placed at the bottom instead of after the original rule it was duplicat... Marcos M
10:16 PM Revision 35492119: Save a duplicated floating rule after the original rule. Fix #14856
Marcos M
08:56 PM pfSense Packages Bug #14200: WireGuard reply-to without NAT
Confirmed for 2.7.0 and described here:
https://forum.netgate.com/topic/183278/port-forwarding-through-wg-tunnel-mis... Jens Maul
08:34 PM pfSense Packages Feature #13575 (Feedback): Update to frr 9.0.1
Updated to frr 9.0.1 in 23.09 dev branch. Marcos M
07:50 PM Bug #14854: Packets are passed through dummynet twice when using ``route-to`` leading to half the expected bandwidth
I am using default "new limiter" UploadLimit and speed limit in bits/s (16*1024*1024)
I am using default "new limite... Lukáš Mojžíš
07:43 PM Bug #14854: Packets are passed through dummynet twice when using ``route-to`` leading to half the expected bandwidth
Unable to replicate with the following setup
1 WAN - 1 LAN
pfSense CE 2.7.0 on a VM
Ubuntu Desktop client
Ste... dylan mendez
04:28 PM pfSense Plus Bug #14847: PHP-FPM webgui crashes and freezes
I read some information and experience and tried it. My point is not to rule out any possibility, but to face the pro... yon Liu
04:09 PM pfSense Plus Bug #14847: PHP-FPM webgui crashes and freezes
No, according to research, it is caused by your parameter configuration and PHP code design issues. My hardware resou... yon Liu
12:42 PM pfSense Plus Bug #14847 (Rejected): PHP-FPM webgui crashes and freezes
Those parameters are already adjusted based on system memory. There have been no other similar reports of problems wi... Jim Pingle
01:12 PM Bug #14852 (Not a Bug): SSH authentification with Radius backend is not working
Works for me here. Make sure there is a local user with the correct privileges already on the pfSense side. It doesn'... Jim Pingle
12:58 PM Bug #14237 (Not a Bug): Intermittent packet loss related to DHCP with Multi-WAN
Jim Pingle
12:57 PM Regression #14845: PHP error in 1:1 NAT rule list when a 1:1 NAT rule uses an interface macro for the external address
I am not seeing either of those behaviors here on the latest snapshot or a patched system. I can edit a rule and the ... Jim Pingle
12:43 PM pfSense Plus Bug #14848 (Rejected): The system cannot complete the restart process
There isn't nearly enough detail here to tell what is happening on your system in your environment, but it's not a ge... Jim Pingle
12:38 PM pfSense Packages Bug #14846 (Rejected): shellcmd Can't be executed from order 7 onwards
There is no limit on shellcmd tags, they are all executed by the system in the same manner one after another. If ther... Jim Pingle
12:20 PM pfSense Packages Bug #14855 (Resolved): suricata_Getdirsize issue after PHP 8
Found an issue with suricata_Getdirsize in suricata.inc
Since PHP 8 an Integer needle is no longer treated as a char... Graham Collinson

10/08/2023

10:00 PM Bug #14854: Packets are passed through dummynet twice when using ``route-to`` leading to half the expected bandwidth
I've just registered to report this. This affects me too.
The situation can only be mitigated by setting gateway to ... Lukáš Mojžíš
08:26 PM Bug #14854: Packets are passed through dummynet twice when using ``route-to`` leading to half the expected bandwidth
from: cat /tmp/rules.debug
No gateway specified
anchor "userrules/*"
pass in quick on $LAN inet from 192.16... nasir ahmed
06:08 PM Bug #14854 (Resolved): Packets are passed through dummynet twice when using ``route-to`` leading to half the expected bandwidth
When using a traffic shaper limiter to set bandwidth to say 10mbps in the download using any scheduler, if the gatewa... nasir ahmed
07:17 PM Bug #14237: Intermittent packet loss related to DHCP with Multi-WAN
The reason this happens is that I had pfSense configured to drop all states in case one of gateways goes down.
The r... Nazar Mokrynskyi
05:06 PM pfSense Packages Regression #14452: Prometheus node_exporter generates errors with the default config
A fix for this issue appears to have been merged upstream:
https://github.com/prometheus/node_exporter/issues/2593
... Steve Wheeler
05:03 PM pfSense Packages Bug #14230: PHP error with pfBlockerNG
Pull request sent: https://github.com/pfsense/FreeBSD-ports/pull/1305 Andre Brait
05:03 PM pfSense Packages Bug #14554: PHP Fatal error: Uncaught TypeError: Cannot access offset of type string on string
Pull request sent: https://github.com/pfsense/FreeBSD-ports/pull/1305 Andre Brait
04:10 PM Bug #14804 (Resolved): Panic when pfsync attempts to synchronize states between hosts with different rulesets
Marcos M
02:03 PM pfSense Plus Bug #14847: PHP-FPM webgui crashes and freezes
I initially found the reason. The parameters in php-fpm.conf are incorrect and cannot adapt to high load conditions.
... yon Liu

10/07/2023

11:51 PM Feature #14802: Re-enable multiqueue support for virtio NIC
I second this request, can't get more than ~2.5Gbps out of interfaces because of this, which is really annoying.
Was... Nazar Mokrynskyi
09:03 PM pfSense Packages Bug #14230: PHP error with pfBlockerNG
Kris Phillips wrote in #note-2:
> I'm not seeing any PHP errors in 3.2.0_4 of pfBlockerNG. Was there any particular... Andre Brait
07:36 PM pfSense Packages Bug #14853: Missing response for AAAA or A queries for blacklisted domains in Python mode
GitHub Pull Request here: https://github.com/pfsense/FreeBSD-ports/pull/1304 Andre Brait
07:25 PM pfSense Packages Bug #14853 (Pull Request Review): Missing response for AAAA or A queries for blacklisted domains in Python mode
In Python mode, when a domain is blacklisted, the result gets cached in the dnsblDB dictionary for caching and faster... Andre Brait
06:03 AM Regression #14845: PHP error in 1:1 NAT rule list when a 1:1 NAT rule uses an interface macro for the external address
The patch is working, however, I noticed two issues
1) Brackets after external IP
!clipboard-202310071002-sjgi5.p... Lev Prokofev
05:27 AM Bug #14852: SSH authentification with Radius backend is not working
Tested on ... Lev Prokofev
05:26 AM Bug #14852 (Not a Bug): SSH authentification with Radius backend is not working
On an attempt to ssh using the Radius user credentials I get ... Lev Prokofev
01:01 AM pfSense Packages Regression #14850 (Resolved): Unreadable alerts file results in PHP error
Error:
Fatal error: Uncaught TypeError: fgetcsv(): Argument #1 ($stream) must be of type resource, bool given in /us... Jonathan Lee
12:01 AM Feature #14849 (New): Add checkboxes to System Package Manager GUI, to allow multiple packages installed/removed rather than one at a time
This fairly simple suggestion arises from experience some time ago updating 2.6 to 2.7, where release notes stated _"... Stilez y

10/06/2023

09:33 PM pfSense Plus Bug #14848 (Rejected): The system cannot complete the restart process
The system cannot complete the restart process.
The system has been stuck and cannot complete the restart process, b... yon Liu
09:29 PM pfSense Plus Bug #14847 (Rejected): PHP-FPM webgui crashes and freezes
Regarding PHP-FPM, webgui crashes and freezes when the system load is relatively heavy, such as when there are a larg... yon Liu
09:21 PM pfSense Packages Bug #14846 (Rejected): shellcmd Can't be executed from order 7 onwards

shellcmd Can't be executed from order 7 onwards
The last two commands in the screenshot cannot be executed aut... yon Liu
08:10 PM Bug #14840: OpenVPN Uncaught Exception log error: Uncaught Exception: Can't parse time from string
I did not make any changes in the config between 16 sept and today
The pfsense box is rebooted nightly
The email no... Phil Wardt
03:16 PM Bug #14840: OpenVPN Uncaught Exception log error: Uncaught Exception: Can't parse time from string
Phil Wardt wrote in #note-2:
> I use pfsense CE 2.7.0
> The upgrade was done a month ago and many rebbots happened ... Jim Pingle
07:57 PM Feature #6960: Introduce Kea DHCP as an alternative DHCP server for IPv4 and IPv6
Christian McDonald wrote in #note-24:
> I added a note to the UI when using Kea that the MAC address is used for mapp... Phil Wardt
07:13 PM Regression #14431: Sending IPv6 traffic on a disabled interface can trigger a kernel panic
I'll message you on the forum. Marcos M
06:50 PM Regression #14431: Sending IPv6 traffic on a disabled interface can trigger a kernel panic
I'm finding it hard to distinguish 'the steps' in that thread from the normal noise and I don't know how to enter the... Rob A
06:35 PM Regression #14431: Sending IPv6 traffic on a disabled interface can trigger a kernel panic
To clarify, make sure that after installing the kernel-debug package, you reboot and select the debug kernel (option ... Marcos M
06:32 PM Regression #14431: Sending IPv6 traffic on a disabled interface can trigger a kernel panic
Not sure if I have done so previously. Currently the file looks like this:... Rob A
05:43 PM Regression #14431: Sending IPv6 traffic on a disabled interface can trigger a kernel panic
Did you edit the pfSense-ddb.conf file and add a swap partition for it to dump to?
Christian is working on a shiny w... Kristof Provost
05:37 PM Regression #14431: Sending IPv6 traffic on a disabled interface can trigger a kernel panic
Regrettably no:... Rob A
05:34 PM Regression #14431: Sending IPv6 traffic on a disabled interface can trigger a kernel panic
It should end up in /var/crash Kristof Provost
05:26 PM Regression #14431: Sending IPv6 traffic on a disabled interface can trigger a kernel panic
With the debug kernel running I triggered a crash and have the regular crash report. I did not see a core dump file ... Rob A
04:54 PM Regression #14431: Sending IPv6 traffic on a disabled interface can trigger a kernel panic
Ok, your job would be easy if it wasn't for these dull customers!... Rob A
04:37 PM Regression #14431: Sending IPv6 traffic on a disabled interface can trigger a kernel panic
Download the file to your device, and install with `pkg install -U <filename>`, via the device CLI. Kristof Provost
04:26 PM Regression #14431: Sending IPv6 traffic on a disabled interface can trigger a kernel panic
I ran the system (In whatever state I achieved above) but I was fighting other issues such as Kea and pfBlocker not r... Rob A
03:30 PM Regression #14431: Sending IPv6 traffic on a disabled interface can trigger a kernel panic
No joy. With pkg install I get the error:... Rob A
02:43 PM Regression #14431: Sending IPv6 traffic on a disabled interface can trigger a kernel panic
You can just pkg install and pkg remove it later.
As usual, make a config backup just in case, but this ought to be ... Kristof Provost
02:20 PM Bug #14804: Panic when pfsync attempts to synchronize states between hosts with different rulesets
There are no more crashes on the latest snapshots. Many thanks to all participants. Vladimir Suhhanov
01:20 PM Regression #14845 (Feedback): PHP error in 1:1 NAT rule list when a 1:1 NAT rule uses an interface macro for the external address
Applied in changeset commit:1db73de1b1014af5bb267c48c711d9917364b9aa. Jim Pingle
05:31 AM Regression #14845: PHP error in 1:1 NAT rule list when a 1:1 NAT rule uses an interface macro for the external address
Can confirm this bug,
tested on ... Lev Prokofev
05:09 AM Regression #14845 (Resolved): PHP error in 1:1 NAT rule list when a 1:1 NAT rule uses an interface macro for the external address
Fatal error: Uncaught TypeError: Cannot access offset of type string on string in /usr/local/www/guiconfig.inc:408 St... yon Liu
01:14 PM Revision 1db73de1: Fix PHP error on 1:1 NAT w/if macros. Fixes #14845
Jim Pingle

10/05/2023

08:06 PM Bug #14840: OpenVPN Uncaught Exception log error: Uncaught Exception: Can't parse time from string
I use pfsense CE 2.7.0
The upgrade was done a month ago and many rebbots happened since then
I noticed the error th... Phil Wardt
12:51 PM Bug #14840 (Incomplete): OpenVPN Uncaught Exception log error: Uncaught Exception: Can't parse time from string
What version of pfSense software are you running now?
What were you doing before the reboot? (e.g. if it was a reb... Jim Pingle
12:29 PM Bug #14840 (Incomplete): OpenVPN Uncaught Exception log error: Uncaught Exception: Can't parse time from string
I received the below notification about an error when pfsense was booted:... Phil Wardt
07:31 PM Feature #14844: QAT 200xx devices are not recognized as supported
Note this is the new qat device in Xeon D-17xx not the device in C2000 Atoms.... Steve Wheeler
07:25 PM Feature #14844 (Resolved): QAT 200xx devices are not recognized as supported
qat_200xx is supported by the qat driver but the pfSense scripts do not recognise it as a valid device.
https://gi... Steve Wheeler
07:22 PM pfSense Plus Bug #14478 (Feedback): Ethernet rules using ``(self)`` as a source or destination make the ruleset fail to load
The fix for this was merged last week. Jim Pingle
07:20 PM Feature #13422: Add a 'type' field to the DHCPv6 server Additional BOOTP/DHCP Options
Custom options for Kea will be in the next version, not this one. Jim Pingle
06:36 PM Regression #14431: Sending IPv6 traffic on a disabled interface can trigger a kernel panic
No problem. Best method to install this in a recoverable way? Rob A
03:21 PM Regression #14431: Sending IPv6 traffic on a disabled interface can trigger a kernel panic
Can you install and run this kernel and try to get a core dump?
https://www.codepro.be/files/pfSense-kernel-debug-p... Kristof Provost
11:42 AM Regression #14431: Sending IPv6 traffic on a disabled interface can trigger a kernel panic
Thanks Kristof, as it happens I had a crash today:... Rob A
06:00 PM Feature #6960 (In Progress): Introduce Kea DHCP as an alternative DHCP server for IPv4 and IPv6
If I put a client ID such as "mint3" in, it's allowed by validation and Kea still crashes and refuses to start.
<p... Jim Pingle
05:09 AM Feature #6960 (Feedback): Introduce Kea DHCP as an alternative DHCP server for IPv4 and IPv6
I added a note to the UI when using Kea that the MAC address is used for mappings that set both a MAC and cid (which ... Christian McDonald
05:44 PM Feature #9504: Include hostname being updated in Dynamic DNS notifications
It's worth noting that this only applies to traditional Dynamic DNS instances (Services > Dynamic DNS, Dynamic DNS Cl... Jim Pingle
05:35 PM pfSense Plus Bug #14837: some services show can't start
/firewall_virtual_ip.php: The command '/sbin/ifconfig tun_wg0 inet6 'fe80::981f:60ff:fee9:56d3' -alias' returned exit... yon Liu
04:43 PM pfSense Plus Bug #14837: some services show can't start
wireguard up online, but wg service show down. yon Liu
05:10 PM pfSense Packages Feature #14729: OpenVPN Client Export - Support PLAP on Windows
Kris Phillips wrote in #note-1:
> Assigning to Jim P since he typically maintains this package.
Thank you. I'm wi... Pablo Bendersky
03:24 PM Bug #14843 (Confirmed): Explicit split DNS domain names required for IoS IPSEC clients.
This is a follow-up to bug #12975.
In the IPSec Mobile Clients GUI page, the SPLIT DNS parameter is commented as "... Serge Caron
02:22 PM pfSense Packages Documentation #14842 (New): Update Squid troubleshooting
The area where the update is needed:
https://docs.netgate.com/pfsense/en/latest/troubleshooting/squid.html#sites-no... Mike Moore
01:43 PM pfSense Packages Bug #14841 (Feedback): IPsec Profile Export for Apple is using incorrect encryption on PKCS#12 data, cannot import into macOS
https://gitlab.netgate.com/pfSense/factory-ports/-/commit/50536bbbe13da52c01bfeb77e6f40370844b9659 Jim Pingle
01:40 PM pfSense Packages Bug #14841 (Resolved): IPsec Profile Export for Apple is using incorrect encryption on PKCS#12 data, cannot import into macOS
Since the change to OpenSSL 3.0 on development snapshots, IPsec Profiles exported for Apple cannot be read.
Simila... Jim Pingle
12:56 PM pfSense Packages Bug #14834: Alerts Tab throws php error when changing size from 2000 back to 500.
Jonathan Lee wrote in #note-6:
> I don't know if this is of concern also. My Lan interface assignment to snort only ... Bill Meeks
02:23 AM pfSense Packages Bug #14834: Alerts Tab throws php error when changing size from 2000 back to 500.
I don't know if this is of concern also. My Lan interface assignment to snort only detects the destination as the fir... Jonathan Lee
12:18 PM Bug #14839 (Incomplete): PHP Parse error: syntax error
The error there is not from pfSsh.php but a problem with code being run through it. Note that it's mentioning "eval()... Jim Pingle
09:43 AM Bug #14839 (Incomplete): PHP Parse error: syntax error
[05-Oct-2023 12:18:36 Asia/Phnom_Penh] PHP Parse error: syntax error, unexpected end of file in /usr/local/sbin/pfSs... Sam Vanchanna
05:05 AM Revision 3b2e7ed2: kea: prevent configuring static reservations with both mac and cid matching
Christian McDonald

10/04/2023

09:57 PM pfSense Packages Feature #14838 (New): Full support for AdBlock-style lists
The AdBlock syntax allows for both blacklisting and whitelisting, as well as using wildcards and sometimes plain regu... Andre Brait
08:23 PM Bug #14804 (Feedback): Panic when pfsync attempts to synchronize states between hosts with different rulesets
I've cherry-picked the upstream fix into our branches. The fix will be part of the next snapshot builds. Kristof Provost
06:35 PM Bug #11192: Using Limiters causes out of order packets within one TCP or UDP flow
Marcos M wrote in #note-15:
> Thank you - it's a good analysis! Since this is more of a FreeBSD issue than a pfSense ... P L
04:14 PM pfSense Plus Bug #14837 (Not a Bug): some services show can't start
I can't reproduce anything like this. UPnP starts fine here, for example. Please post on the forum and diagnose these... Jim Pingle
04:02 PM pfSense Plus Bug #14837 (Not a Bug): some services show can't start
23.09-DEVELOPMENT (amd64)
built on Wed Oct 4 17:15:00 CST 2023
FreeBSD 14.0-CURRENT
status_services.php
wireg... yon Liu
01:29 PM Regression #14431: Sending IPv6 traffic on a disabled interface can trigger a kernel panic
Unfortunately both Steve and I have been unable to reproduce this problem.
We could try to see if a full core dum... Kristof Provost
01:08 PM pfSense Plus Bug #14824: OpenVPN instance on IPv6 PPPoE interface does not always start automatically
Still happens with one of the two VPNs
23.09-DEVELOPMENT (amd64)
built on Tue Oct 3 14:00:00 CST 2023 yon Liu
12:05 PM pfSense Packages Bug #14836: squid and capitive portal integration bug
The errors are from a file packaged with squid, not captive portal, so moving this to squid. Jim Pingle
11:58 AM pfSense Packages Bug #14836 (New): squid and capitive portal integration bug
When activating capitive portal authentication mode in squid, errors start to appear and the squid service does not r... Vamberto Araujo Vamberto
12:02 PM pfSense Plus Feature #14835 (Not a Bug): Nics name netgate 6100
The expected order is the order shown on https://docs.netgate.com/pfsense/en/latest/solutions/netgate-6100/io-ports.h... Jim Pingle
10:36 AM pfSense Plus Feature #14835: Nics name netgate 6100
Or is this the norm for this box?
https://docs.netgate.com/pfsense/en/latest/solutions/netgate-6100/io-ports.html Stepan Afonin
10:10 AM pfSense Plus Feature #14835 (Not a Bug): Nics name netgate 6100
Hello. I think that the WAN interfaces on the netgate 6100 *box* are now called incorrectly.
Like now:
WAN1 = ix3, ... Stepan Afonin
08:40 AM Revision 6d33f471: Template for the kernel-symbols package
The kernel-symbols package will contain the symbols files for the default
(i.e. non-DEBUG) kernel.
(cherry picked fr... Kristof Provost
02:29 AM pfSense Packages Bug #14834: Alerts Tab throws php error when changing size from 2000 back to 500.
Thanks for looking at this. I found a work around. I disabled the keep config, deleted the package, reinstalled and h... Jonathan Lee

10/03/2023

11:59 PM pfSense Packages Bug #14834 (Resolved): Alerts Tab throws php error when changing size from 2000 back to 500.
PR merged, it's building now Jim Pingle
11:51 PM pfSense Packages Bug #14834: Alerts Tab throws php error when changing size from 2000 back to 500.
I introduced this bug by way of a typo in my last package fix. The fix for this is posted and awaiting merge and subs... Bill Meeks
11:13 PM pfSense Packages Bug #14834 (Resolved): Alerts Tab throws php error when changing size from 2000 back to 500.
Steps to create:
Change alert tab length of logs display from 1000 back to 500 after apply
ERROR:
Fatal error:... Jonathan Lee
07:00 PM Bug #14831 (Feedback): IPsec rejects certificate without any SANs
Applied in changeset commit:547ecbf358f667c023b2d6b1c39dd53993fd6164. Jim Pingle
06:58 PM Bug #14785 (Feedback): Primary IPv6 interface address may be incorrect when a VIP is set
Azamat Khakimyanov wrote in #note-6:
> BUT when I used compressed IPv6-address (VIP:VIP::1/128) as a WAN VIP, I stil... Jim Pingle
01:10 PM Bug #14785 (Assigned): Primary IPv6 interface address may be incorrect when a VIP is set
Tested on 23.05_1 and 23.09-DEV (built on Tue Oct 3 6:00:00 UTC 2023)
I partly can reproduce this issue on 23.05_1... Azamat Khakimyanov
06:53 PM Revision 547ecbf3: Refine IPsec P1 cert wildcard check. Fixes #14831
Jim Pingle
06:40 PM Bug #14756: Link loss causes interfaces configured as Track Interface for IPv6 to lose their IPv4 addresses
If testing this via patching, you may need to apply commit:49d0874fb4524e05a802eaeabbf6bf152860f3d4 first Jim Pingle
06:30 PM Bug #14756 (Feedback): Link loss causes interfaces configured as Track Interface for IPv6 to lose their IPv4 addresses
Applied in changeset commit:5cd87ac533d2b7666d1ff5e1ab5a3fdf2a78f9ea. Jim Pingle
06:20 PM Bug #14756 (In Progress): Link loss causes interfaces configured as Track Interface for IPv6 to lose their IPv4 addresses
Looking more at interface_bring_down() it doesn't seem like it could be readily adapted this way since it wants to wo... Jim Pingle
06:39 PM Bug #14626 (Feedback): Multi-WAN IPsec does not fail over when preferred WAN loses link
Fixed in commit:49d0874fb4524e05a802eaeabbf6bf152860f3d4 Jim Pingle
06:39 PM Bug #14829 (Feedback): Multi-WAN Dynamic DNS does not fail over when preferred WAN loses link
Fixed in commit:49d0874fb4524e05a802eaeabbf6bf152860f3d4 Jim Pingle
06:23 PM Revision 5cd87ac5: Don't down static v4+t6 on link loss. Fixes #14756
In this scenario, IPv4 is static and IPv6 is tracking another interface.
Neither of those conditions requires taking ... Jim Pingle
06:17 PM Revision 49d0874f: Force gateway alarm for dynamic WAN link down
* Fixes Dynamic DNS updates when losing link. Issue #14829
* Fixes IPsec not failing over when losing link. Issue #14626 Jim Pingle
03:12 PM pfSense Packages Bug #14832 (Resolved): User-forced disabling of a rule or modifying a rule action from a triggered alert entry using the icons on the ALERTS tab is not saved as persistent.
PR merged and picked back, thanks! Jim Pingle
12:24 PM Bug #14804 (In Progress): Panic when pfsync attempts to synchronize states between hosts with different rulesets
Jim Pingle
06:55 AM Bug #14804: Panic when pfsync attempts to synchronize states between hosts with different rulesets
The affected user has very helpfully provided a core dump, which shows a couple of things.
Firstly it confirms what ... Kristof Provost
11:03 AM pfSense Plus Bug #14824: OpenVPN instance on IPv6 PPPoE interface does not always start automatically
Tested on:
23.01-RELEASE (amd64)
built on Fri Feb 10 20:06:33 UTC 2023
FreeBSD 14.0-CURRENT
(all official pat... Łukasz Rojczyk
04:32 AM Regression #14833 (New): OpenVPN client process in bridged tap mode fails after 2.7.0 CE upgrade

Have a P2P OpenVPN tunnel that bridges 2 physical interfaces for the purpose of passing multicast traffic. Has been... Bob Weybrecht
01:21 AM Feature #14047: Options to control Intel Speed Shift
riva geeza wrote in #note-1:
> This affected myself, on my newly built appliance the gui displayed Intel(R) Celeron(R... Andre Brait

10/02/2023

11:56 PM pfSense Packages Bug #14832: User-forced disabling of a rule or modifying a rule action from a triggered alert entry using the icons on the ALERTS tab is not saved as persistent.
The fix for the issues in this ticket has been submitted to the DEVEL branch in pull request 1300 here: https://githu... Bill Meeks
10:27 PM pfSense Packages Bug #14832 (Resolved): User-forced disabling of a rule or modifying a rule action from a triggered alert entry using the icons on the ALERTS tab is not saved as persistent.
This was functionality inadvertently broken during the PHP 8.1 updates back in early 2023 and was not detected during... Bill Meeks
07:59 PM Bug #14829 (Pull Request Review): Multi-WAN Dynamic DNS does not fail over when preferred WAN loses link
I have a fix for this coming, but it needs more testing.
Internal MR is https://gitlab.netgate.com/pfSense/pfSense... Jim Pingle
12:58 PM Bug #14829 (Resolved): Multi-WAN Dynamic DNS does not fail over when preferred WAN loses link
Link down for main WAN does trigger GW group failover to secondary WAN, but doesn't trigger DynDNS updatedns event.
... Georgiy Tyutyunnik
07:58 PM Bug #14626 (Pull Request Review): Multi-WAN IPsec does not fail over when preferred WAN loses link
I have a fix for this coming, but it needs more testing.
Internal MR is https://gitlab.netgate.com/pfSense/pfSense... Jim Pingle
07:55 PM Feature #9504 (Feedback): Include hostname being updated in Dynamic DNS notifications
Applied in changeset commit:8de76843e8d58bc6239be05498c2d372b19bac7e. Jim Pingle
07:51 PM Bug #14831 (Resolved): IPsec rejects certificate without any SANs
When I fixed #13373 it apparently created a slightly different bug: Now if there are *no* SANs on a certificate at al... Jim Pingle
07:46 PM Revision 8de76843: Include hostname in DDNS notify. Implements #9504
Jim Pingle
05:01 PM pfSense Plus Regression #14828: QAT is not being used by some daemons
I still see demonstrable difference between 23.05 and 23.09 dev with QAT. QAT is active on 23.05 for all on-device e... Rob A
03:09 PM pfSense Plus Regression #14828 (Feedback): QAT is not being used by some daemons
Waiting on more info from the OP on the forum since it's not clear there is actually a problem yet. The items we expe... Jim Pingle
01:07 PM pfSense Plus Regression #14828: QAT is not being used by some daemons
QAT isn't broken, it is working with IPsec and OpenVPN DCO which is expected since they are in the kernel.
It isn't ... Jim Pingle
11:29 AM pfSense Plus Regression #14828 (Feedback): QAT is not being used by some daemons
QAT not working. Issue identified on Netgate 6100 and subsequently confirmed on a 4100 unit. Issue confined to 23.0... Rob A
02:55 PM pfSense Plus Bug #14824: OpenVPN instance on IPv6 PPPoE interface does not always start automatically
log after rebooting the device (everything ok):
Oct 2 16:52:53 openvpn 39792 Initialization Sequence Completed
... Łukasz Rojczyk
02:49 PM pfSense Plus Bug #14824: OpenVPN instance on IPv6 PPPoE interface does not always start automatically
Probably the same problem that I extinguished (from version 23.05.1)
https://redmine.pfsense.org/issues/14811#chan... Łukasz Rojczyk
02:49 PM Feature #7718: Hostname for Custom DynDNS Updater.
Hi,
had the same problem with the missing hostname on my dynamic dns client page.
i was able to help myself with ... Carsten Terlutter
02:47 PM Feature #6960: Introduce Kea DHCP as an alternative DHCP server for IPv4 and IPv6
Vladimir Suhhanov wrote in #note-20:
> The other question is where I can see CARP status for the DHCP. ISC provided a... Jim Pingle
12:35 PM Feature #6960 (In Progress): Introduce Kea DHCP as an alternative DHCP server for IPv4 and IPv6
Confirmed here as well, setting a 'client identifier' in a static mapping makes Kea fail to start. Looks like we need... Jim Pingle
02:44 PM Regression #14819 (Resolved): File to trigger the wizard post-install is missing
Looks good on latest snapshot. The file is present, hardware is correctly identified, and the wizard is triggered at ... Jim Pingle
02:39 PM Bug #14830 (Duplicate): Kea can't start with both MAC address and Client Identifier on static mappings
Already known and mentioned here: #6960#note-21 Jim Pingle
02:33 PM Bug #14830 (Duplicate): Kea can't start with both MAC address and Client Identifier on static mappings
now no DHCP v4 work.
ERROR [kea-dhcp4.dhcp4.0x101e42412000] DHCP4_INIT_FAIL failed to initialize Kea server: confi... yon Liu
12:42 PM pfSense Docs Todo #14816: Feedback on pfSense® software Configuration Recipes — OpenVPN Site-to-Site Configuration Example with SSL/TLS
Kris Phillips wrote in #note-1:
> You shouldn't need to define a Remote subnet unless you're doing a /30 S2S, but I ... Jim Pingle
12:31 PM pfSense Packages Todo #14825 (Duplicate): please upgrade frr to frr 8.5.3_1
Duplicate of #13575 Jim Pingle
12:18 PM pfSense Packages Bug #14827 (Not a Bug): file space error with unbound: 103% used
It's an issue in your pfBlocker config. You'll have to manually clean up those log files, it's too late for the packa... Jim Pingle
08:25 AM Feature #7881: OpenVPN client - add support for multiple server entries
I'd like to be able to set multiple "remote" as fallback in case some of them fail to connect. AFAIU it can't be curr... Gianluca Gabrielli

10/01/2023

01:52 PM pfSense Packages Bug #14827: file space error with unbound: 103% used
When trying to install any packet now the following error occurs:
pkg-static: Not enough space in /var/cache/pkg, ne... Felix S
11:09 AM pfSense Packages Bug #14827: file space error with unbound: 103% used
Hi Kris,
thank you for your input on this.
I removed pfBlockerNG including its configuration which gives the follow... Felix S
02:22 AM pfSense Packages Bug #14827: file space error with unbound: 103% used
Based on the files, this looks more like an issue with pfBlockerNG than a problem with unbound. All of the files con... Kris Phillips
10:14 AM pfSense Packages Bug #10436 (Feedback): softflowd no longer sends flow data after upgrade (v0.9.9_1 -> v1.0.0)
My fault - I tested it on KVM with vtnet NICs. I'm afraid I don't have SG-3100.
If anyone can run this test on SG-... Azamat Khakimyanov
07:01 AM pfSense Packages Bug #14638: Upgrading from Tailscale 0.1.3.1 to 0.1.4 does not start tailscale after upgrading
Tested on
23.05.1-RELEASE (amd64)
built on Wed Jun 28 03:57:27 UTC 2023
FreeBSD 14.0-CURRENT
Tailscale 0.1.4
... aleksei prokofiev
06:25 AM Feature #6960: Introduce Kea DHCP as an alternative DHCP server for IPv4 and IPv6
No luck here...... Vladimir Suhhanov
02:32 AM Feature #6960: Introduce Kea DHCP as an alternative DHCP server for IPv4 and IPv6
Tested static leases, DHCP status page, service stop/start manually or from reboots. Seems to work without issues at... Kris Phillips
12:56 AM Feature #6960: Introduce Kea DHCP as an alternative DHCP server for IPv4 and IPv6
Testing as we speak with 23.09.a.20230929.2350
I needed to acknowledge deprecation before I could change any legacy ... Jordan G
02:44 AM pfSense Docs Todo #14816 (Confirmed): Feedback on pfSense® software Configuration Recipes — OpenVPN Site-to-Site Configuration Example with SSL/TLS
Reviewing, the option for "Enable authentication of TLS packets" is indeed missing in the UI. It looks like it was r... Kris Phillips
02:36 AM pfSense Packages Todo #14795: Transition to nut-devel
Plus should be updated with this as well. It is still on 2.8.0. Kris Phillips
02:34 AM pfSense Packages Todo #14825 (Confirmed): please upgrade frr to frr 8.5.3_1
Checked current snapshots of 23.09 and 8.5.2 is the current version in the Plus repo. Kris Phillips
02:24 AM pfSense Plus Bug #14824: OpenVPN instance on IPv6 PPPoE interface does not always start automatically
This sounds like an issue with ordering and PPPoE. Likely the PPPoE connection isn't started prior to the OpenVPN Cl... Kris Phillips
01:27 AM Regression #14819 (Feedback): File to trigger the wizard post-install is missing
Should be fixed in the next build Brad Davis

09/30/2023

10:37 PM pfSense Plus Bug #14467: Temperature sensor reading is abnormally high on some systems
getting unknown oid in the latest build 23.09.a.20230929.2350 Jordan G
08:30 PM pfSense Plus Feature #12832: 6100 configurable Blinking Blue LED
you can use the following to disable the blue blinking indicator on 4100/6100/8200 systems... Jordan G
08:20 PM pfSense Packages Bug #14827 (Not a Bug): file space error with unbound: 103% used
pfSense
2.7.0-RELEASE (amd64)
built on Wed Jun 28 03:53:34 UTC 2023
FreeBSD 14.0-CURRENT
df -lh output:
Files... Felix S
06:55 PM pfSense Packages Bug #10436 (Resolved): softflowd no longer sends flow data after upgrade (v0.9.9_1 -> v1.0.0)
Tested on 23.05_1 with SoftFlowD 1.2.6_1
I run SoftFlowd on different interfaces (WAN, LAN and Bridge) and generat... Azamat Khakimyanov
06:28 PM Bug #14634: The default gateway icon is not updated when the default gateway is changed to none
related to #12536 Alhusein Zawi
04:02 PM Feature #14746 (Resolved): Method for users to customize shell initialization behavior
Tested on... Christopher Cope
03:03 PM Feature #6960: Introduce Kea DHCP as an alternative DHCP server for IPv4 and IPv6
Tested the Kea DHCP with the latest release today.
Here are the test results:
- The service started without any... Danilo Zrenjanin
03:02 PM pfSense Plus Bug #14824: OpenVPN instance on IPv6 PPPoE interface does not always start automatically
This problem occurs again yon Liu
09:08 AM pfSense Plus Bug #14824: OpenVPN instance on IPv6 PPPoE interface does not always start automatically
I just updated to this version and this problem did not occur. I will continue to observe and report in the future.
... yon Liu
08:07 AM pfSense Plus Bug #14824: OpenVPN instance on IPv6 PPPoE interface does not always start automatically
my WAN is pppoe. yon Liu
06:55 AM pfSense Plus Bug #14824: OpenVPN instance on IPv6 PPPoE interface does not always start automatically
Can't reproduce it, tunnel on IPv6 only interface starts immediately after a reboot.
tested on ... Lev Prokofev
01:16 AM pfSense Plus Bug #14824: OpenVPN instance on IPv6 PPPoE interface does not always start automatically
tested on
23.09-DEVELOPMENT (amd64)
built on Fri Sep 29 21:07:00 CST 2023
FreeBSD 14.0-CURRENT yon Liu
01:13 AM pfSense Plus Bug #14824 (New): OpenVPN instance on IPv6 PPPoE interface does not always start automatically
openvpn use ipv6 WAN, When pfsense restarts the system, openvpn ipv6 can't autostart. It must be started manually. Af... yon Liu
02:34 PM Bug #14783 (Resolved): List of Dynamic DNS types with split host+domain name is missing several providers
I can confirm it is working fine on:... Danilo Zrenjanin
07:04 AM Bug #14783: List of Dynamic DNS types with split host+domain name is missing several providers
Looks good, tested it with the patch on ... Lev Prokofev
06:34 AM Bug #14783: List of Dynamic DNS types with split host+domain name is missing several providers
After applying the patch, there are no changes. I have resaved the DynDNS entry, but the Client Export Utility still ... Danilo Zrenjanin
11:22 AM pfSense Packages Feature #14826 (New): Add package pfSense-pkg-corosync-qnetd
This package should provide "corosync-qnetd":https://github.com/corosync/corosync-qdevice, a daemon providing an addi... Markus *
09:14 AM Bug #6799: Negating ``<interface> net`` when a VIP exists on the interface results in unintended behavior
Tested on 23.05_1 and on 23.09-DEV ()
I was able to reproduce this issue on 23.05_1 but on 23.09-DEV adding a VIP ... Azamat Khakimyanov
08:08 AM pfSense Packages Feature #8547: fwknop Port Knocking Package
Jim Pingle wrote in #note-1:
> If you want secure remote access, use a VPN.
I understand that censorship circumve... Vitaly Bakulev
01:33 AM pfSense Packages Todo #14825: please upgrade frr to frr 8.5.3_1
sorry, this is 8.5.3
Bug Fixes
bgpd
Add peers back to peer hash when peer_xfer_conn fails
Do not explicitly p... yon Liu
01:27 AM pfSense Packages Todo #14825 (Duplicate): please upgrade frr to frr 8.5.3_1
Because I keep encountering IPV6 bgp sessions in Idle and Connect status, I hope to upgrade to the latest version and... yon Liu
12:04 AM pfSense Packages Feature #14823 (New): Feature Request: pre configured packet crafted response for specific IP addresses (alias) such that the reply would automatically show all closed/filtered on ports for Snort package.
Feature Request for a pre configured packet crafted response for specific IP addresses such that the reply would auto... Jonathan Lee

09/29/2023

11:59 PM pfSense Packages Feature #14821: Feature Request: pre configured packet crafted response for specific IP addresses such that the reply would automatically show all closed/filtered on ports
Sorry this was supposed to be under Snort not nmap. I will fix that. Jonathan Lee
07:13 PM pfSense Packages Feature #14821 (Rejected): Feature Request: pre configured packet crafted response for specific IP addresses such that the reply would automatically show all closed/filtered on ports
The purpose of the nmap package is to provide a simple GUI for quick scans. I don't think this request is appropriate... Marcos M
06:45 PM pfSense Packages Feature #14821: Feature Request: pre configured packet crafted response for specific IP addresses such that the reply would automatically show all closed/filtered on ports
this still causes event Jonathan Lee
06:39 PM pfSense Packages Feature #14821: Feature Request: pre configured packet crafted response for specific IP addresses such that the reply would automatically show all closed/filtered on ports
Ref:
https://www.snort.org/faq/readme-sfportscan Jonathan Lee
06:37 PM pfSense Packages Feature #14821: Feature Request: pre configured packet crafted response for specific IP addresses such that the reply would automatically show all closed/filtered on ports
Relates to:
https://redmine.pfsense.org/issues/14754
https://redmine.pfsense.org/issues/14514 Jonathan Lee
06:35 PM pfSense Packages Feature #14821 (Rejected): Feature Request: pre configured packet crafted response for specific IP addresses such that the reply would automatically show all closed/filtered on ports
Attached is a example of detection and block of a standard non decoy nmap scan.
Kali OS has decoy/spoofing port sc... Jonathan Lee
10:36 PM Bug #14820 (Resolved): GUI TCP port is not updated in the configuration when saving with the field empty to remove an existing value
Marcos M
06:08 PM Bug #14820: GUI TCP port is not updated in the configuration when saving with the field empty to remove an existing value
patch works
tested on:
Version 23.05.1-RELEASE (amd64)
built on Wed Jun 28 03:57:27 UTC 2023
FreeBSD 14.0-CURRENT Georgiy Tyutyunnik
05:20 PM Bug #14820 (Feedback): GUI TCP port is not updated in the configuration when saving with the field empty to remove an existing value
Applied in changeset commit:57e299906c4525bcc89c728a6246495369178023. Marcos M
05:12 PM Bug #14820 (Pull Request Review): GUI TCP port is not updated in the configuration when saving with the field empty to remove an existing value
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/1085 Marcos M
04:51 PM Bug #14820: GUI TCP port is not updated in the configuration when saving with the field empty to remove an existing value
Can confirm this, tested on ... Lev Prokofev
04:41 PM Bug #14820 (Resolved): GUI TCP port is not updated in the configuration when saving with the field empty to remove an existing value
# Set a value for the GUI TCP port; save
# Remove the value; save
# The config and redirect URL contains the old po... Marcos M
10:33 PM pfSense Packages Bug #13997: NUT Package and 23.01
It may be this gets resolved once the package is updated:
https://redmine.pfsense.org/issues/14795 Marcos M
07:59 PM pfSense Packages Feature #14192: Instant Website Redaction Technology Not working
This now functions as expected with the created rules
If other admins use this firewall in a very large environmen... Jonathan Lee
07:25 PM pfSense Packages Feature #14192: Instant Website Redaction Technology Not working
Thanks for the reply.
I have added this to always allow. I did not know if others have noticed this. Jonathan Lee
06:10 PM pfSense Packages Feature #14192 (Rejected): Instant Website Redaction Technology Not working
This type of issue is better handled outside of the firewall software itself (e.g. by creating your own rules). Marcos M
07:53 PM pfSense Packages Bug #14822: Services/Snort/Pass List/Edit Auto-Generated IP Addresses has degraded performance on passing
Done per request
https://forum.netgate.com/topic/183128/services-snort-pass-list-edit-auto-generated-ip-addresses-... Jonathan Lee
07:26 PM pfSense Packages Bug #14822 (Feedback): Services/Snort/Pass List/Edit Auto-Generated IP Addresses has degraded performance on passing
> I have spoof rules enabled they are still blocking the passlist addresses seen below.
This has been an issue in th... Marcos M
07:02 PM pfSense Packages Bug #14822 (Feedback): Services/Snort/Pass List/Edit Auto-Generated IP Addresses has degraded performance on passing
I have learned that Snort's GUI Passlist Auto-Generated IP addresses area is not 100% passing and still blocking whe... Jonathan Lee
07:07 PM pfSense Packages Bug #14754: Snort security issue bug within tcp/UDP scan detection blocking tool DoS event
I opened a new bug for that I forgot that I have that already set as pass listed Jonathan Lee
06:44 PM pfSense Packages Bug #14754: Snort security issue bug within tcp/UDP scan detection blocking tool DoS event
@Marcos M
They are automatically added to pass list and this still occurs.
Unless this was changed recently.
... Jonathan Lee
06:36 PM pfSense Packages Bug #14754: Snort security issue bug within tcp/UDP scan detection blocking tool DoS event
Related Feature Request
https://redmine.pfsense.org/issues/14821 Jonathan Lee
06:16 PM pfSense Packages Bug #14754: Snort security issue bug within tcp/UDP scan detection blocking tool DoS event
Thanks Marcos I am aware of the passlist area this would resolve this. Again, that would allow backdoor conditional p... Jonathan Lee
05:58 PM pfSense Packages Bug #14754 (Not a Bug): Snort security issue bug within tcp/UDP scan detection blocking tool DoS event
This isn't a bug. To avoid the issue, relevant IP addresses can be added to a passlist. There also likely exist rules... Marcos M
05:39 PM pfSense Packages Bug #14754: Snort security issue bug within tcp/UDP scan detection blocking tool DoS event
Please let me know if that helps with the logic if not I can boot up Kali to offline my system again. That is already... Jonathan Lee
05:31 PM pfSense Packages Bug #14754: Snort security issue bug within tcp/UDP scan detection blocking tool DoS event
Example of detection and block of standard nmap scan.
Kali OS has decoy scanning abilities for lan tests that are ... Jonathan Lee
03:39 PM pfSense Packages Bug #14754: Snort security issue bug within tcp/UDP scan detection blocking tool DoS event
Thus this is what is occuring for my system and creates the DoS event.
Nmap -sS -D 8.8.8.8 64.113.111.129
Resul... Jonathan Lee
03:35 PM pfSense Packages Bug #14754: Snort security issue bug within tcp/UDP scan detection blocking tool DoS event
Durring testing this condition with Palo Alto
Command used was
Nmap -sS -D decoyIP targetIP
This will send th... Jonathan Lee
03:02 PM pfSense Packages Bug #14754: Snort security issue bug within tcp/UDP scan detection blocking tool DoS event
This denial of service attack occurs only when
P: snort is on wan and has port scan detection and blocking enable... Jonathan Lee
02:50 PM pfSense Packages Bug #14754: Snort security issue bug within tcp/UDP scan detection blocking tool DoS event
64.113.111.129 is my IP this block occurs when this IP is used by an invasive actor to perform a port scan of my netw... Jonathan Lee
02:46 PM pfSense Packages Bug #14754: Snort security issue bug within tcp/UDP scan detection blocking tool DoS event
P: pfSense is forwarding it's DNS to 8.8.8.8 and Snort is set to block port scans seen on the WAN interface.
Q: th... Jonathan Lee
01:07 PM pfSense Packages Bug #14754: Snort security issue bug within tcp/UDP scan detection blocking tool DoS event
This bug report makes absolutely no sense to me. I can't follow the logic trail here. All of the blocks shown in the ... Bill Meeks
06:52 PM pfSense Packages Todo #14795: Transition to nut-devel
https://github.com/pfsense/FreeBSD-ports/pull/1296 Marcos M
06:36 PM pfSense Packages Bug #14514: SNORT randomly starts blocking the IP address on the interface that it is residing on
https://redmine.pfsense.org/issues/14821
Related Feature Request Jonathan Lee
06:00 PM pfSense Packages Bug #14514 (Duplicate): SNORT randomly starts blocking the IP address on the interface that it is residing on
Marcos M
06:03 PM Bug #14516 (Not a Bug): With Multiple static ARP MAC-IP pairing to the same IP address hosts in ARP TABLE showing wrong pairings
The ARP page does a DNS lookup to show the hostname. Since the same IP address is used for multiple hostnames, the re... Marcos M
05:14 PM Revision 57e29990: Handle saving empty values in system_advanced_admin.php. Fix #14820
Marcos M
03:17 PM Feature #6960 (Feedback): Introduce Kea DHCP as an alternative DHCP server for IPv4 and IPv6
MR has been merged, it will be in snapshots shortly.
 Jim Pingle
03:12 PM Bug #13911: Unnecessary delay when querying ``ixgbe(4)`` interfaces with SFP ports
Updating subject for release notes. Jim Pingle
03:07 PM Bug #14325: Captive Portal incorrectly allows leading zeroes on voucher roll numbers
Updating subject for release notes. Jim Pingle
02:08 PM Revision bf4e2a03: Add notice when starting the zpool trim
Brad Davis
01:35 PM pfSense Packages Bug #14730: FreeRADIUS package has wrong/old internal_name specified in backup xml causing package reinstall failure on backup restore
For what it's worth, I just restored a backup on 23.09 which had FreeRADIUS3 installed and it restored fine and reins... Jim Pingle
01:24 PM Regression #14819 (Resolved): File to trigger the wizard post-install is missing
After some recent changes to how the base and so on are packaged, the file @/conf/trigger_initial_wizard@ is missing ... Jim Pingle
01:03 PM pfSense Plus Bug #14818: StatusTraffic Graph In/Out traffic misplaced in Graph but correct in text table
Yes but the settings on that traffic graph page can be configured in numerous different ways and how you have that pa... Jim Pingle
12:56 PM pfSense Plus Bug #14818: StatusTraffic Graph In/Out traffic misplaced in Graph but correct in text table
It is a super simple configuration.
One public WAN, one local LAN, only one local client IP
Just look on the pict... Ivaylo Velikov
12:26 PM pfSense Plus Bug #14818: StatusTraffic Graph In/Out traffic misplaced in Graph but correct in text table
Can you show more of the screenshot there to see all of your current settings when that behavior is observed?
Also... Jim Pingle
12:14 PM pfSense Plus Bug #14818 (Confirmed): StatusTraffic Graph In/Out traffic misplaced in Graph but correct in text table
StatusTraffic Graph In/Out traffic misplaced in Graph but correct in text table
See attached picture Ivaylo Velikov
05:45 AM Bug #9889: Cannot validate Certificates against Certificate Revocation Lists for Intermediate Certificate Authorities
1. Version information on dashboard. I've just applied the patch again, and the readout is now 'Unable to check for ... Chris Merchant

09/28/2023

09:50 PM pfSense Plus Bug #14515: Ethernet rule Action field hint text lists "reject" option which is not compatible with Ethernet rules
Thank you!! Jonathan Lee
09:49 PM pfSense Packages Bug #14426: PHP errors in Lightsquid
Thank you!!! Jonathan Lee
09:48 PM Regression #14500: PHP Error when viewing Traffic Graphs in ``iftop`` mode
Thank you!! Jonathan Lee
09:48 PM Todo #14790: Eliminate direct config access in ``interfaces.php``
Thank you ! Jonathan Lee
09:47 PM Bug #14579: PHP error in ``handle_wireless_post()`` when toggling some wireless interface options
Thank you !! Jonathan Lee
09:46 PM pfSense Packages Bug #14406: Squid Proxy version 0.4.46 Missing Error subfolder and files for "en" or "en-usa" and all other languages.
Thank you !! Jonathan Lee
09:45 PM pfSense Packages Bug #14754: Snort security issue bug within tcp/UDP scan detection blocking tool DoS event
Again this is another example where the DNS resolver IP address that is set on the firewall is being used as a decoy ... Jonathan Lee
09:38 PM pfSense Packages Bug #13811: Youtube content getting filtered on Squid when none is Selected
Does anyone know if this has this been resolved? I noticed I had to reapply the fix last update. Jonathan Lee
09:31 PM Feature #6960: Introduce Kea DHCP as an alternative DHCP server for IPv4 and IPv6
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/1073 Marcos M
09:27 PM Revision 9bd56e9d: Introduce Kea DHCP
Christian McDonald
09:22 PM pfSense Packages Feature #14786 (Duplicate): Add GUI option for host_verify_strict
Marcos M
07:21 PM Bug #14717 (Resolved): A default route can remain after setting the default gateway to None
Jim Pingle
07:09 PM Bug #14717: A default route can remain after setting the default gateway to None
patch fixes "stuck" ipv6 default for me
Version 23.05.1-RELEASE (amd64)
built on Wed Jun 28 03:57:27 UTC 2023
Fr... Georgiy Tyutyunnik
03:06 PM pfSense Plus Bug #14817 (Not a Bug): Traffic Graph reporting high Util - no talker found
This is most likely either something in your settings there (such as the 'filter' option) or it could be that some of... Jim Pingle
01:48 PM pfSense Plus Bug #14817 (Not a Bug): Traffic Graph reporting high Util - no talker found
I have a Unifi VLAN and a Wifi VLAN that are on the same interface - trunked. I wanted to provide context to how the ... Mike Moore
01:07 PM Revision 879e06af: Remove version and copynotice handling since it now belongs in the port
Brad Davis
12:06 PM Regression #14649 (Resolved): PHP error with One.com Dynamic DNS provider
Jim Pingle
04:44 AM Regression #14649: PHP error with One.com Dynamic DNS provider
No more crashes after the patch, tested on ... Lev Prokofev
08:55 AM Bug #14807 (Resolved): Logo text is partially rendered when using Compact-RED theme on CE
I applied the patch on the 2.7.
The patch fixes it.
I am marking this ticket closed. Danilo Zrenjanin
08:25 AM pfSense Packages Bug #14498: php errors when looking at snort active rules
The crash was produced in an attempt to grab the status output file, ticket #1936290053 there are no other PHP errors... Lev Prokofev
12:10 AM pfSense Docs Todo #14816 (Closed): Feedback on pfSense® software Configuration Recipes — OpenVPN Site-to-Site Configuration Example with SSL/TLS
*Page:* https://docs.netgate.com/pfsense/en/latest/recipes/openvpn-s2s-tls.html
*Feedback:*
I tried to follow t... Daniel Castellanos

09/27/2023

04:59 PM pfSense Packages Feature #9833: ACME: add ability to use custom ACME server
+1 as well. Many of the other servers running on-premises use the Step CA that is hosted internally. Allowing pfsense... Kevin Lewis
04:03 PM Bug #14814 (Duplicate): PHP erro
Duplicate of #14648 Jim Pingle
03:53 PM Bug #14814 (Duplicate): PHP erro
Hi guys
using pfSense for only about 3 weeks and up on stressing the connection getting below error. please help if ... harry ji
04:02 PM pfSense Packages Bug #14815 (Resolved): ACME.sh ingnores Certificates in Trust Store
ACME.sh does not trust the certificates in /etc/ssl/certs. This a problem when you add a custom ACME provider.
Curl... Hannes Gebhart
01:21 PM pfSense Packages Bug #14806 (Resolved): Freeradius configuration lost when you reinstall package
Jim Pingle
04:51 AM pfSense Packages Bug #14806: Freeradius configuration lost when you reinstall package
Tested on
23.05.1-RELEASE (amd64)
built on Wed Jun 28 03:57:27 UTC 2023
FreeBSD 14.0-CURRENT
freeradius3 0.15.... aleksei prokofiev
01:11 PM Bug #14813 (Rejected): La génération de clé privée et pubic ssh pour des codes voucher ne fonctionne plus depuis upgrade pfsense vers 2.7
The buttons to generate keys work fine on 2.7.0 and even on dev snapshots. There may be something that is not working... Jim Pingle
01:08 PM Bug #14813 (Rejected): La génération de clé privée et pubic ssh pour des codes voucher ne fonctionne plus depuis upgrade pfsense vers 2.7
Depuis upgrade vers 2.7,
le bouton "Generate new keys" ne foonctionne plus.
Les champs restent vides.
Since upg... Anonymous
12:49 PM pfSense Plus Bug #14812 (Not a Bug): Invalid https certificate https://pfsense-plus-pkg00.atx.netgate.com
The certificate is fine, it's self-signed and valid when properly trusted by the OS. Something on your local system i... Jim Pingle
11:20 AM pfSense Plus Bug #14812 (Not a Bug): Invalid https certificate https://pfsense-plus-pkg00.atx.netgate.com
Please update certificates on this web page, it is invalid now.
https://pfsense-plus-pkg00.atx.netgate.com
Expo... Lukasz R
11:11 AM pfSense Packages Bug #14554: PHP Fatal error: Uncaught TypeError: Cannot access offset of type string on string
Alex Kolesnik wrote:
> https://forum.netgate.com/topic/180950/error-on-pfblockerng-inc-5310-pfblockerng-devel-3-2-0_... Lleir Esteves

09/26/2023

09:09 PM pfSense Plus Bug #14478 (Pull Request Review): Ethernet rules using ``(self)`` as a source or destination make the ruleset fail to load
From what I can tell, @(self)@ is the only "dynamic host" we use in pfSense, everything else is a "static host". Fire... Marcos M
07:05 PM Revision 50f22815: Enable zpool autotrim and start a manual trim
Brad Davis
06:50 PM pfSense Packages Bug #14390: Squid: SECURITY ALERT: Host header forgery detected
Or….
We could have a proper fix for this issue then the workarounds that aren’t scalable Mike Moore
03:14 PM pfSense Packages Bug #14390: Squid: SECURITY ALERT: Host header forgery detected
Simon Byrnand wrote in #note-10:
> Could you not just use "Bypass Proxy for These Destination IPs" under "Transpar... Denis Roy
01:32 PM pfSense Packages Bug #14390: Squid: SECURITY ALERT: Host header forgery detected
Denis Roy wrote in #note-9:
> I have a transparent deployment with pfSense 2.7.0, and a mitigation has been to rely o... Simon Byrnand
05:41 PM Regression #14431: Sending IPv6 traffic on a disabled interface can trigger a kernel panic
Understood and thanks for the heads-up that the fix may be 6 months away. I'll have to find a new router solution in... Rob A
05:30 PM Regression #14431: Sending IPv6 traffic on a disabled interface can trigger a kernel panic
Moving the target ahead for now but if we do manage to solve it before release we can always move it back.
 Jim Pingle
05:39 PM Bug #14804: Panic when pfsync attempts to synchronize states between hosts with different rulesets
The address suggests we're crashing on `ifp = r->rpool.cur->kif ? r->rpool.cur->kif->pfik_ifp : NULL;` in pf_route(),... Kristof Provost
05:28 PM Bug #14804: Panic when pfsync attempts to synchronize states between hosts with different rulesets
Those additional backtraces in comment #1 look totally different, and there's no indication that these are the same i... Kristof Provost
05:32 PM Bug #14434: PPPoE WAN interface with VIPs causes continuous interface restarting
Moving the target ahead for now but there have been several other fixes for interface/VIP functions in 23.09 already ... Jim Pingle
05:29 PM Bug #14687: Error in boot messages about missing ``/boot/loader.conf.d`` directory
Moving this ahead for now since it doesn't appear to be a problem and may not even be actionable. If that is the case... Jim Pingle
04:28 PM Bug #14544 (Resolved): PPP interface default username/password are not being populated from provider data on ``interfaces.php`` and ``interfaces_ppps_edit.php``
Works fine on current snapshot. Both @interfaces.php@ and @interfaces_ppps_edit.php@ populate the username, password,... Jim Pingle
04:26 PM Bug #14325 (Resolved): Captive Portal incorrectly allows leading zeroes on voucher roll numbers
Current snapshot uses the integer value as it should, no more leading zeroes in the roll number after saving. Jim Pingle
04:24 PM Todo #14790: Eliminate direct config access in ``interfaces.php``
I've been trying to run @interfaces.php@ through all sorts of different scenarios and so far I have yet to break it o... Jim Pingle
04:23 PM Regression #14791 (Resolved): ``/etc/version.buildtime`` is not being updated on current snapshots
New code appears to be working properly Jim Pingle
03:58 PM Bug #11192 (New): Using Limiters causes out of order packets within one TCP or UDP flow
Thank you - it's a good analysis! Since this is more of a FreeBSD issue than a pfSense one, reporting this "upstream"... Marcos M
08:33 AM Bug #11192: Using Limiters causes out of order packets within one TCP or UDP flow
I've spent two weeks of my working time to debug this problem, find root cause, find workaround, and write complete r... Alexey Ab
03:50 PM Bug #13911 (Feedback): Unnecessary delay when querying ``ixgbe(4)`` interfaces with SFP ports
I've merged a change to the i2c read function to only try once (rather than 11 times) until we've identified an SFP. ... Kristof Provost
03:14 PM Bug #14577: OpenVPN not removing old Cisco-AVPair anchor rules and files in ``/tmp``
Marcos M wrote in #note-15:
> Until the referenced functionality is added upstream, floating client support will need... Michael Mercier
01:29 PM Bug #14811: [pfSense 23.05.1] OPEN VPN TAP
Why do you give such advice that in the tunnel TAP should be for /30 ? They all work, even /22 - see pure debian + op... Łukasz Rojczyk
12:47 PM Bug #14811 (Not a Bug): [pfSense 23.05.1] OPEN VPN TAP
That looks like you might have a configuration error there. In most cases the client tunnel network should be left bl... Jim Pingle
06:40 AM Bug #14811 (Not a Bug): [pfSense 23.05.1] OPEN VPN TAP
Sep 26 08:35:01 openvpn 64050 Exiting due to fatal error
Sep 26 08:35:01 openvpn 64050 FreeBSD ifconfig failed... Łukasz Rojczyk
12:49 PM pfSense Packages Bug #14806: Freeradius configuration lost when you reinstall package
Paolo Rosso wrote in #note-7:
> I confirm that the <keep_settings> tag is not present in my config.xml.
> After ent... Jim Pingle
08:19 AM pfSense Packages Bug #14806: Freeradius configuration lost when you reinstall package
I confirm that the <keep_settings> tag is not present in my config.xml.
After entering settings and saving, the <kee... Paolo Rosso

09/25/2023

09:58 PM pfSense Plus Feature #14810 (New): add Packet Too Big icmp type in firewall
I hope more ICMP type refinements can be added to the firewall options.
For example, add Type 2 - Packet Too Big an... yon Liu
08:30 PM Bug #11192 (Feedback): Using Limiters causes out of order packets within one TCP or UDP flow
It would be useful to know if this is reproducible on CE 2.7 (or preferably 23.09 dev) given the major OS version bum... Marcos M
07:25 PM Bug #14325 (Feedback): Captive Portal incorrectly allows leading zeroes on voucher roll numbers
Applied in changeset commit:502398beea2e0d6930a6e9d1f7fc16737f63265d. Jim Pingle
07:18 PM Bug #14325: Captive Portal incorrectly allows leading zeroes on voucher roll numbers
Fixing the backend or doing upgrade code seemed like overkill since there is no way these worked before. I fixed the ... Jim Pingle
07:07 PM Bug #14325 (In Progress): Captive Portal incorrectly allows leading zeroes on voucher roll numbers
The underlying @voucher@ binary strips leading zeroes so we should strip them when creating rolls as well (use @intva... Jim Pingle
07:16 PM Revision 502398be: Use intval of portal voucher data. Fixes #14325
It was already tested to be numeric but this normalizes the result so it
doesn't have things like leading zeroes or t... Jim Pingle
06:30 PM Regression #14525 (Feedback): PHP error in ``status_ipsec.php`` after removing active IPsec tunnel configuration
Applied in changeset commit:202e3c1b7d3af019f03bf2545a7f31062f8e8e08. Jim Pingle
06:24 PM Regression #14525 (In Progress): PHP error in ``status_ipsec.php`` after removing active IPsec tunnel configuration
While I could not reproduce it yet, I checked in what should be a fix for it. I tested the fix on several lab systems... Jim Pingle
03:40 PM Regression #14525: PHP error in ``status_ipsec.php`` after removing active IPsec tunnel configuration
Filip Bengtsson wrote in #note-5:
> As you suspected; starting and stopping did solve the issue (and restarting it d... Jim Pingle
03:24 PM Regression #14525: PHP error in ``status_ipsec.php`` after removing active IPsec tunnel configuration
As you suspected; starting and stopping did solve the issue (and restarting it did not). At least on the local router... Filip Bengtsson
12:55 PM Regression #14525: PHP error in ``status_ipsec.php`` after removing active IPsec tunnel configuration
Did the error go away if you stopped/started (not restart) the IPsec daemon?
For it to hit the error there, it wou... Jim Pingle
12:17 PM Regression #14525: PHP error in ``status_ipsec.php`` after removing active IPsec tunnel configuration
I began getting the same error by doing this:
I had an IPsec connection to a remote site already set up, but the r... Filip Bengtsson
06:21 PM Revision 202e3c1b: Avoid PHP err with missing P2 data. Fixes #14525
Use access functions to ensure we always have an array when expected in
this block of code. Jim Pingle
05:51 PM pfSense Packages Bug #14390: Squid: SECURITY ALERT: Host header forgery detected
I have a transparent deployment with pfSense 2.7.0, and a mitigation has been to rely on pfBlockerNG and custom NAT r... Denis Roy
05:38 PM pfSense Packages Bug #14806 (Feedback): Freeradius configuration lost when you reinstall package
Fix committed and picked back to CE 2.7.0 and Plus 23.05.1
https://github.com/pfsense/FreeBSD-ports/commit/0048927... Jim Pingle
05:32 PM pfSense Packages Bug #14806 (In Progress): Freeradius configuration lost when you reinstall package
Jim Pingle
01:55 PM pfSense Packages Bug #14806: Freeradius configuration lost when you reinstall package
I can't replicate this here but I can see how it might have happened.
If you never went to the Settings tab and cl... Jim Pingle
05:33 PM pfSense Packages Bug #14596 (Duplicate): FreeRADIUS falsely shows its default is to save data during package reinstall
Duplicate of #14806 but I already started working on that issue even though this one was older. Jim Pingle
05:31 PM pfSense Packages Bug #14730: FreeRADIUS package has wrong/old internal_name specified in backup xml causing package reinstall failure on backup restore
That line was put in to help with #11888 so if it gets removed or changed that will need to be reopened or at least t... Jim Pingle
04:15 PM Bug #14783 (Feedback): List of Dynamic DNS types with split host+domain name is missing several providers
Applied in changeset commit:ddb57f79e26e97e2a22f701016fc70a7d1c09ce4. Jim Pingle
04:09 PM Bug #14783: List of Dynamic DNS types with split host+domain name is missing several providers
This is not a package problem. The package is using the global @$dyndns_split_domain_types@ list from the base system... Jim Pingle
04:09 PM Revision ddb57f79: Update DDNS split host+domain list. Fixes #14783
Jim Pingle
04:00 PM Regression #14649 (Feedback): PHP error with One.com Dynamic DNS provider
Applied in changeset commit:dcb4461336de2fe69ac173787c8bce66e93ce672. Jim Pingle
03:55 PM Bug #14807 (Feedback): Logo text is partially rendered when using Compact-RED theme on CE
Applied in changeset commit:aad64829622356cd761062e57f4a8224d1b145e4. Jim Pingle
03:54 PM Revision dcb44613: Fix str concat for one.com DDNS. Fixes #14649
Jim Pingle
03:46 PM Revision aad64829: Correct CE logo w/Compact-Red Theme. Fixes #14807
Doesn't affect Plus logo, only CE.
Fix submitted by James White via Redmine Jim Pingle
03:45 PM Regression #14791 (Feedback): ``/etc/version.buildtime`` is not being updated on current snapshots
Applied in changeset commit:9365f3edaead5fe1fe7bcf7d7c5c8ccffadb353c. Jim Pingle
03:38 PM Revision 9365f3ed: Fix build time on sysinfo widget. Fixes #14791
While here, add a fallback method and error handling in case the file is
missing or invalid. Jim Pingle
03:05 PM Bug #14809 (Feedback): ``packet_capture.php`` uses ``count`` and ``length`` values in command execution without validation or encoding
Applied in changeset commit:f72618c4abb61ea6346938d0c93df9078736b775. Jim Pingle
02:53 PM Bug #14809 (Resolved): ``packet_capture.php`` uses ``count`` and ``length`` values in command execution without validation or encoding
The @packet_capture.php@ page uses the values of @count@ and @length@ when executing @tcpdump@ and it doesn't validat... Jim Pingle
02:59 PM Revision f72618c4: Pcap: Validate+Encode count & length. Fixes #14809
Jim Pingle
01:35 PM Bug #14579 (Resolved): PHP error in ``handle_wireless_post()`` when toggling some wireless interface options
Jim Pingle
01:35 PM Bug #9889: Cannot validate Certificates against Certificate Revocation Lists for Intermediate Certificate Authorities
Chris Merchant wrote in #note-6:
> This patch appears to break two items in 2.7.0-RELEASE (at least from what I have... Jim Pingle
01:23 PM pfSense Packages Bug #14808 (Closed): Configuring RPKI may break BGP
If it works on 23.09 then it seems like an issue in FRR with that particular configuration that's been fixed, and whe... Jim Pingle
01:17 PM Todo #14790: Eliminate direct config access in ``interfaces.php``
Kris Phillips wrote in #note-6:
> Tested disabling an interface on the latest builds. No PHP errors were present an... Jim Pingle
01:14 PM Feature #14777: Status output plugin hook for packages to include their own data
Chris Linstruth wrote in #note-7:
> This looks wonderful. Thank you.
>
> My only concern would be showing the ful... Jim Pingle
12:23 PM pfSense Packages Feature #14793: Package: sfpnfo, SFP Information
This reason is valid and true. I will think about starting a suggestion on how to improve the interface list.
Thank... Marco Goetze
12:21 PM pfSense Packages Feature #14793: Package: sfpnfo, SFP Information
If status_interfaces.php is insufficient in some way, the correct thing to do would be to fix or otherwise improve th... Jim Pingle
10:34 AM pfSense Packages Feature #14793: Package: sfpnfo, SFP Information
Jim Pingle wrote in #note-1:
> This is not needed. SFP information is already printed on Status > Interfaces. If mor... Marco Goetze

09/24/2023

09:51 PM pfSense Packages Feature #11827: Please include acme deploy folder/scripts
I have just created a corresponding "pull request":https://github.com/pfsense/FreeBSD-ports/pull/1298. Markus *
04:29 PM Bug #11192: Using Limiters causes out of order packets within one TCP or UDP flow
There was nothing regarding fragmented packets in my bug report. Alexey Ab
12:52 PM Bug #11192 (Rejected): Using Limiters causes out of order packets within one TCP or UDP flow
Tested on 2.5 CE but I wasn't able to reproduce this issue.
I used KVM with em NICs and I created RA OpenVPN serve... Azamat Khakimyanov
12:16 PM Feature #14777: Status output plugin hook for packages to include their own data
This looks wonderful. Thank you.
My only concern would be showing the full BGP route table. But since we're alread... Chris Linstruth
07:22 AM Bug #9889: Cannot validate Certificates against Certificate Revocation Lists for Intermediate Certificate Authorities

This patch appears to break two items in 2.7.0-RELEASE (at least from what I have discovered so far)
1. Version ... Chris Merchant
06:25 AM Bug #13621: GUI allows selection of ICMP types that pf rejects
Tested on
23.05.1-RELEASE (amd64)
built on Wed Jun 28 03:57:27 UTC 2023
FreeBSD 14.0-CURRENT
23.09-DEVELOPMENT... aleksei prokofiev
06:10 AM Bug #14325: Captive Portal incorrectly allows leading zeroes on voucher roll numbers
Tested on
23.09-DEVELOPMENT (amd64)
built on 20230922-1539
FreeBSD 14.0-CURRENT
The issue still persists, if t... aleksei prokofiev
01:17 AM Regression #14525: PHP error in ``status_ipsec.php`` after removing active IPsec tunnel configuration
Do we know what reproduces this error? Kris Phillips

09/23/2023

11:32 PM Todo #14790: Eliminate direct config access in ``interfaces.php``
Tested disabling an interface on the latest builds. No PHP errors were present and the changeset above was present i... Kris Phillips
11:15 PM pfSense Packages Feature #14729: OpenVPN Client Export - Support PLAP on Windows
Assigning to Jim P since he typically maintains this package. Kris Phillips
11:04 PM pfSense Packages Bug #14806 (Confirmed): Freeradius configuration lost when you reinstall package
Kris Phillips
11:04 PM pfSense Packages Bug #14806: Freeradius configuration lost when you reinstall package
Tested this on the latest 23.09 builds. Even with "Save settings after deletion" checked, all settings are erased on... Kris Phillips
11:34 AM pfSense Packages Bug #14806 (Resolved): Freeradius configuration lost when you reinstall package
I did a simple freeradius configuration and entered a user.
If I reinstall freeradius from the package manager I los... Paolo Rosso
11:01 PM Bug #14807: Logo text is partially rendered when using Compact-RED theme on CE
Tested on pfSense Plus 23.09's latest builds and this doesn't appear to affect Plus, since there is no text below the... Kris Phillips
04:54 PM Bug #14807 (Resolved): Logo text is partially rendered when using Compact-RED theme on CE
Global spelling correction applied at:
https://github.com/pfsense/pfsense/pull/4609/files#diff-7ff40c9b217ad693b2d... James White
10:53 PM pfSense Packages Bug #14808 (Closed): Configuring RPKI may break BGP

enabling RPKI option breaks BGP.
rpki
rpki cache 10.100.100.134 9400 test preference 1
!
pfSense.home.... Alhusein Zawi
06:27 PM pfSense Packages Bug #11434 (Resolved): SquidGuard over 1.16.18_11
Tested on 23.05_1
After adding ldapusersearch option into Group ACL... Azamat Khakimyanov
06:06 PM pfSense Packages Feature #11248 (Resolved): SafeSearch update
Tested on 23.05_1
Ecosia and Onesearch safesearch are available for SquidGuard 1.16_19... Azamat Khakimyanov
05:54 PM pfSense Packages Feature #10779 (Resolved): HAProxy SSL/TLS Compatibility Mode
Tested on 23.05_1
Option 'HAProxy SSL/TLS Compatibility Mode' is available now (HAproxy 0.63_1).
Choosing differe... Azamat Khakimyanov
01:31 PM Bug #14783 (Confirmed): List of Dynamic DNS types with split host+domain name is missing several providers
Using Digital Ocean DynDNS service produces the same behavior. The Client Export Utility exports only the hostname wi... Danilo Zrenjanin
12:07 PM Bug #12747: Restarting the logging daemon during rotation also restarts ``sshguard``, leading to frequent log messages
I'm having this problem as well, with 23.05.1-RELEASE. For me, the issue seems to be that the filter logs are rollin... Jonathan Stafford
11:50 AM pfSense Packages Regression #13978 (Resolved): PHP errors with squidGuard
Tested installing/uninstalling squid 0.4.46 and squidGuard 1.16.19.
There were no PHP errors.
I am marking thi... Danilo Zrenjanin
11:20 AM Regression #14649 (Confirmed): PHP error with One.com Dynamic DNS provider
Tested against:... Danilo Zrenjanin
10:57 AM Bug #14579: PHP error in ``handle_wireless_post()`` when toggling some wireless interface options
Can't reproduce on the ... Lev Prokofev
10:49 AM Bug #14579: PHP error in ``handle_wireless_post()`` when toggling some wireless interface options
I was able to replicate the issue on ... Lev Prokofev
06:33 AM pfSense Packages Bug #14805: when I changed Endpoint ip via webgui, but wiregaurd still using old ip ruuning.
tested on
23.09-DEVELOPMENT (amd64)
built on 20230922-1539
FreeBSD 14.0-CURRENT yon Liu
06:33 AM pfSense Packages Bug #14805 (Incomplete): when I changed Endpoint ip via webgui, but wiregaurd still using old ip ruuning.
when I changed Endpoint ip via webgui, but the wiregaurd still using old Endpoint ip ruuning.
 yon Liu
12:50 AM Bug #13542: Boot delay caused when OpenVPN config uses alias list that relies on DNS
I have access to the instance, will attempt to upgrade it and re-test. Adrien Carlyle
 

Also available in: Atom