Project

General

Profile

Activity

From 09/29/2023 to 10/28/2023

10/28/2023

09:48 PM Bug #14933 (Resolved): Traffic Graph widget displays bandwidth usage values which are half the actual usage amount
Problem description:
The Traffic Graphs Widget fails to display the real bandwidth used after the Dashboard browser ... Patrik Stahlman
06:14 PM Regression #11570 (Resolved): Gateway monitoring services is not always restarted on interface events, which may prevent a WAN from recovering back to an online state
Tested on 23.05_1 and on 23.09-BETA (built on Fri Oct 20 9:00:00 MSK 2023)
I was able to reproduce this issue on 2... Azamat Khakimyanov
03:43 PM pfSense Packages Bug #14932 (New): mailreport 3.6.4_1 doesn't handle name address format "Name <email@domain.com>" in sender
mailreport 3.6.4_1 doesn't handle name address format "Name <email@domain.com>". pfSense will correctly use and send ... Andrew Dakin
02:23 PM pfSense Packages Bug #14861: PHP error when pings are enabled but no ping hosts are defined
Kris Phillips wrote in #note-1:
> Tested on 23.09 and unable to reproduce.
>
> What are the exact steps to prod... David Bowen
01:05 PM Feature #14931 (New): Feature request - "Glue" separator rules with the separator to be move together
Hello,
It will be very helpful and friendlier if there will be a way to "glue" together the separator with the rul... Wolfgang Thegreat
02:42 AM Regression #14930: Clean installation using Auto (ZFS) + MBR (BIOS) does not boot
Yes, I proposed a fix for this upstream. I’ll poke the right people again Christian McDonald
02:19 AM Regression #14930 (Resolved): Clean installation using Auto (ZFS) + MBR (BIOS) does not boot
Installing pfSense 2.7.0 using the Auto (ZFS) + MBR (BIOS) options appears successful, however when the installer reb... Boycee .
12:34 AM Bug #14386: ``openvpn.auth-user.php`` gets stuck at 100% CPU usage when RADIUS authentication times out
Marcos M wrote in #note-9:
> Orion Poplawski wrote in #note-8:
> > Just had another reproducer. However, this time... Orion Poplawski

10/27/2023

09:17 PM Bug #14386: ``openvpn.auth-user.php`` gets stuck at 100% CPU usage when RADIUS authentication times out
Orion Poplawski wrote in #note-8:
> Just had another reproducer. However, this time it did not appear to the associ... Marcos M
05:55 PM Bug #14386: ``openvpn.auth-user.php`` gets stuck at 100% CPU usage when RADIUS authentication times out
Just had another reproducer. However, this time it did not appear to the associated with the auth timeout message in... Orion Poplawski
09:06 PM Bug #14929 (Resolved): ``choparp`` service is not stopped after deleting Proxy ARP type Virtual IP addresses
After deleting a ProxyARP virtual IP, the @choparp@ process is still running. To reproduce:
1. Create a new single... Jared Hendrickson
08:58 PM Revision 56142ff4: fix: delete vips before calling interface_proxyarp_configure()
Jared Hendrickson
08:31 PM Bug #14893 (Pull Request Review): Large number of IPsec tunnels causes long filter reload times
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/1094 Marcos M
06:48 PM pfSense Plus Feature #14928 (New): FEATURE REQUEST: Wireless ath0 and MAC address controls
@ifconfig ath0_wlan0 list mac@
This has the ability to have a ACL lists added. Can we please have the ability to m... Jonathan Lee
05:07 PM Bug #14758 (Resolved): ``status_carp.php`` and ``diag_dump_states.php`` unresponsive with large state tables
This has been working well since it went in. Jim Pingle
03:59 PM Feature #6960 (Resolved): Introduce Kea DHCP as an alternative DHCP server for IPv4 and IPv6
Looks good here. I see the expected entry in the config file and the Kea daemon is still up and running.
Thanks! Jim Pingle
03:07 PM pfSense Plus Bug #14927 (Not a Bug): Wireless Interfaces Speed and Duplex settings will not save
You don't set those yourself on Wireless interfaces, they are determined by the chosen standard and other settings. Jim Pingle
02:09 PM pfSense Plus Bug #14927 (Not a Bug): Wireless Interfaces Speed and Duplex settings will not save
Hello fellow PfSense Redmine community members,
I recently noticed that the Speed and Duplex settings will not sta... Jonathan Lee
12:43 PM Bug #6799 (Resolved): Negating ``<interface> net`` when a VIP exists on the interface results in unintended behavior
Jim Pingle
06:18 AM Bug #6799: Negating ``<interface> net`` when a VIP exists on the interface results in unintended behavior
Works as expected on the current Beta build, VIP has not affected the rules.... Lev Prokofev
12:38 PM pfSense Packages Bug #14926 (Rejected): Squid Proxy contains critical vulnerabilities

Squid 5.8 (shipped by the current pfSense package) is affected by the following vulnerabilities:
Critical:
* "S... Peter Müller
06:23 AM Bug #14919: OpenVPN forms invalid ``route`` statements for empty local networks
Can reproduce it on BETA... Lev Prokofev
12:05 AM pfSense Plus Bug #14925 (Rejected): /etc/regdomain.xml file ver low max power limit set
That file is from FreeBSD -- if you want to suggest changes, propose them upstream:
https://github.com/freebsd/fre... Jim Pingle
12:00 AM pfSense Plus Bug #14925: /etc/regdomain.xml file ver low max power limit set
<maxpower>17</maxpower>
<maxpower>30</maxpower>
<maxpower>23</maxpower>
Does others feel this is very restri... Jonathan Lee

10/26/2023

11:58 PM pfSense Plus Bug #14925 (Rejected): /etc/regdomain.xml file ver low max power limit set
Hello Fellow pfSense Redmine members,
I wanted to bring this to your attention. I noticed and learned that the reg... Jonathan Lee
11:06 PM Feature #13293 (New): Option to set auth-gen-token in OpenVPN GUI
Marcos M
10:37 PM Feature #13293 (Duplicate): Option to set auth-gen-token in OpenVPN GUI
Marcos M
10:37 PM Feature #14924 (Duplicate): Add Option for auth-gen-token to OpenVPN Server and OpenVPN Client Export
Marcos M
09:39 PM Feature #14924 (Duplicate): Add Option for auth-gen-token to OpenVPN Server and OpenVPN Client Export
For 2FA deployments customers either use reneg-sec 0 to disable data-channel renegotiation or auth-gen-token to use a... Kris Phillips
09:40 PM Feature #12466: Option to Disable Renegotiation timer in OpenVPN Server
Created additional redmine for auth-gen-token to be added here: https://redmine.pfsense.org/issues/14924 Kris Phillips
09:10 PM Bug #14386: ``openvpn.auth-user.php`` gets stuck at 100% CPU usage when RADIUS authentication times out
Preferably we can get more testing/feedback on this. Given the inconsistent nature of the issue, it may simply be the... Marcos M
12:12 PM Bug #14386: ``openvpn.auth-user.php`` gets stuck at 100% CPU usage when RADIUS authentication times out
The patch fixed the issue on a firewall with the same symptoms. There were no side effects after applying the patch. ... Danilo Zrenjanin
08:52 PM Feature #14923 (New): Feature request - Backup encryption using a public key
This feature request is following a community post at https://forum.netgate.com/topic/183662/backup-encryption-using-... Wolfgang Thegreat
07:30 PM Feature #7085: Edit Firewall Rules Seperator
+10! Should be, I guess, simple to add Wolfgang Thegreat
04:18 PM pfSense Packages Bug #14858 (Closed): Possible SNORT Regression with Remove Blocked Hosts interval / Alert length of time / duration timer being auto changed timer changed by itself and is deleting blocked hosts at 5 mins when set to never
Marcos M
04:14 PM Regression #14918 (Resolved): Filter rules error with 1:1 NAT rules that use the interface subnet macro
That particular behavior (mask-bit in the NAT address) is not new. Marcos M
09:10 AM Regression #14918: Filter rules error with 1:1 NAT rules that use the interface subnet macro
I was able to reproduce the issue. The patch fixes it.
However, if you choose:
(External Subnet IP) - WAN addr... Danilo Zrenjanin
03:56 PM Bug #14922 (Not a Bug): Latest build bug on AMD server
That looks very hardware-specific (And BIOS specific, at that), it may be that FreeBSD 14 doesn't run well on that ha... Jim Pingle
03:47 PM Bug #14922 (Not a Bug): Latest build bug on AMD server
Crash report begins. Anonymous machine information:
amd64
14.0-CURRENT
FreeBSD 14.0-CURRENT #1 RELENG_2_7_0-n25... Rich Benson
03:46 PM Feature #6960 (Feedback): Introduce Kea DHCP as an alternative DHCP server for IPv4 and IPv6
Validation is now in place to check v4 client identifiers as being valid kea hex strings. If this check fails, the cl... Christian McDonald
03:40 PM Revision d1b4e731: kea: validate v4 client identifiers as being valid hex strings, otherwise wrap in single quotes
Christian McDonald
12:37 PM Revision 3d4cab40: Revert "Add zsh to the list of packages to build"
This reverts commit d36017f86fc4da9fbcdad230e7edc0a8f271b0d2.
Revert this until the fix for zsh without docs lands u... Brad Davis
12:29 PM Bug #14919 (Confirmed): OpenVPN forms invalid ``route`` statements for empty local networks
I can replicate the issue on the:... Danilo Zrenjanin

10/25/2023

10:46 PM Bug #14921 (New): External Config Locator does not trigger a pkg sync except on first boot
The ECL dos not set the pkg sync flag when it finds and imports a config unless it is on the first boot after install... Steve Wheeler
06:08 PM pfSense Plus Bug #14440 (Closed): Firewall rule traffic counters show invalid values on 32bit platforms
Closing this since armv7 support is being dropped upstream, so there won't be any way to resolve this. Jim Pingle
06:06 PM Regression #14897 (Resolved): DHCPv4 service stopped after applying interface settings when no interfaces have DHCPv6 enabled
Jim Pingle
06:05 PM Bug #14804 (Resolved): Panic when pfsync attempts to synchronize states between hosts with different rulesets
Jim Pingle
06:04 PM Todo #14790 (Resolved): Eliminate direct config access in ``interfaces.php``
No further errors have popped up so we'll call this complete for now. Any new errors can be addressed individually as... Jim Pingle
06:04 PM Bug #14626 (Resolved): Multi-WAN IPsec does not fail over when preferred WAN loses link
I've tested this quite a bit since making the changes and it does work, though it takes time since it requires waitin... Jim Pingle
06:03 PM Regression #14569 (Closed): ``bnxt(4)`` driver errors
Closing for lack of feedback. If it's still an issue in this release we can reopen and re-target the issue at the nex... Jim Pingle
06:03 PM Bug #14497 (Closed): Kernel panic when using traffic shaping on a PPPoE interface
Closing for lack of feedback. If it's still an issue in this release we can reopen and re-target the issue at the nex... Jim Pingle
06:02 PM Bug #12079 (Closed): Kernel panic when running IGMP Proxy: Sleeping thread owns a non-sleepable lock
Closing for lack of feedback. If it's still an issue in this release we can reopen and re-target the issue at the nex... Jim Pingle
05:59 PM Regression #14876 (Resolved): ``ca_setup_trust_store()`` behavior conflicts with ``certctl``
Jim Pingle
05:57 PM pfSense Plus Bug #13455 (Resolved): Serial console output fails to render properly in certain cases on 4100, 6100, and 8200.
Looks good on latest build. 4100 and 6100 loader/BE menus no longer have any extra non-printable/random odd character... Jim Pingle
05:53 PM Feature #9504 (Resolved): Include hostname being updated in Dynamic DNS notifications
This has been working really well. Only issue is that HE.net tunnel broker updates print the tunnel ID instead of an ... Jim Pingle
05:24 PM Bug #14920 (Rejected): pfSense has detected a crash report or programming bug
There isn't a crash dump attached there, the info file is just metadata about a crash dump not the dump itself.
Th... Jim Pingle
05:23 PM Bug #14920 (Rejected): pfSense has detected a crash report or programming bug
I have no idea why it detected a crash as i have not seen any issues. the only thing I did was update the openvpn pac... Chester Garrett
05:21 PM Bug #14919: OpenVPN forms invalid ``route`` statements for empty local networks
It should trim/ignore any empty entries like that, but it may not be catching that case properly. Jim Pingle
05:02 PM Bug #14919 (Resolved): OpenVPN forms invalid ``route`` statements for empty local networks
If I specify IPv4 Local networks in OpenVPN server and leave comma in end of the list, in config will be presented pu... aleksei prokofiev
10:12 AM pfSense Docs Correction #14910: Feedback on System Monitoring — Firewall Table Contents
Wolfgang Thegreat wrote:
> *Page:* https://docs.netgate.com/pfsense/en/latest/monitoring/status/firewall-tables.html... Wolfgang Thegreat

10/24/2023

10:40 PM Regression #14918 (Feedback): Filter rules error with 1:1 NAT rules that use the interface subnet macro
Applied in changeset commit:4dc98294fe3f1f014730e654405141e94321fdb1.
There are two additional fixes related to bina... Marcos M
10:21 PM Regression #14918 (Pull Request Review): Filter rules error with 1:1 NAT rules that use the interface subnet macro
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/1093 Marcos M
08:46 PM Regression #14918 (Resolved): Filter rules error with 1:1 NAT rules that use the interface subnet macro
Create a binat rule using an interface subnet macro for the internal IP, then save/apply:
> There were error(s) load... Marcos M
10:27 PM Revision 4dc98294: Don't use aliases in binat rules. Fix #14918
While there, handle negated binat addresses.
Also use the correct specialnet description. Marcos M
07:20 PM Revision d36017f8: Add zsh to the list of packages to build
Brad Davis
03:39 PM Bug #14917 (Closed): Mulicast traffic on a detached interface causes a panic
Multicast traffic can attempt to send over an interface that is down triggering a panic.
Here pimd is routing mult... Steve Wheeler
03:24 PM pfSense Docs Todo #14916 (Closed): Feedback on Virtual Private Networks — OpenVPN — OpenVPN Data Channel Offload (DCO)
*Page:* https://docs.netgate.com/pfsense/en/latest/vpn/openvpn/dco.html
*Feedback:*
Compression is not supporte... Steve Wheeler
02:54 PM pfSense Plus Feature #14915 (New): MAC-aliasses / Lists with MAC-addresses would be very helpfull

I would like to create a MAC-filter using the Ethernet layer firewall and it is absolutely not practical / a good i... Louis B
01:52 PM pfSense Plus Bug #13569: Restarting an OpenVPN server running on a CARP VIP in an HA cluster can disrupt unrelated TCP states
Same issue on pfsense 2.7,
I confirm that ... Sebastiano Degan
12:26 PM Feature #14844 (Resolved): QAT 200xx devices are not recognized as supported
Jim Pingle
09:41 AM Feature #14844: QAT 200xx devices are not recognized as supported
Marcos M wrote in #note-3:
> The dashboard should now recognize it.
Confirmed as fixed:
!%202023-10-24%20at%2010.38... Rob A
09:36 AM Regression #14431: Sending IPv6 traffic on a disabled interface can trigger a kernel panic
Understood - thank you. Rob A

10/23/2023

09:15 PM Regression #14431: Sending IPv6 traffic on a disabled interface can trigger a kernel panic
I don't expect another core dump to make any difference in that analysis. I may or may not be able to find the inform... Kristof Provost
08:17 PM Regression #14431: Sending IPv6 traffic on a disabled interface can trigger a kernel panic
Ok, I'll endeavour to get another core dump for you; although it may be as late as the weekend. Rob A
07:33 PM Regression #14431: Sending IPv6 traffic on a disabled interface can trigger a kernel panic
Before if_detach_internal() clears the if_afdata array it also removes all of the addresses from the interface, which... Kristof Provost
03:28 PM Regression #14431: Sending IPv6 traffic on a disabled interface can trigger a kernel panic
The backtrace there shows us in the TCP output path (from a timer callback), sending a packet out. This requires sett... Kristof Provost
06:46 PM pfSense Docs New Content #14641 (Resolved): Add content about multipath routing
Info added and deployed: https://gitlab.netgate.com/docs/pfSense-docs/-/commit/16db172cccc2af98e5cc46c4754d0c71e6b027... Jim Pingle
04:57 PM Bug #14648: Values obtained from ``sysctl`` are sometimes unexpectedly empty, leading to PHP and other math errors
Reviewing this it appears everyone hitting this is running an Intel Nxxx CPU. Is anyone hitting it on something else? Steve Wheeler
03:28 PM pfSense Packages Bug #14913 (Resolved): [Security] Zabbix packages need updating bec. of recent critical security CVEs
Several critical CVEs in Zabbix got recently reported. They are already addressed/fixed by Zabbix, but not yet availa... Carsten Lohrmann
02:32 PM pfSense Plus Regression #14912: WAN Interfaces No Longer Able to Use Gateway Outside Subnet
Jim Pingle wrote in #note-1:
> I can't replicate this as stated. If I add a new route that is outside the subnet (e.... Kris Phillips
02:15 PM pfSense Plus Regression #14912 (Rejected): WAN Interfaces No Longer Able to Use Gateway Outside Subnet
I can't replicate this as stated. If I add a new route that is outside the subnet (e.g. by setting the interface as a... Jim Pingle
02:34 AM pfSense Plus Regression #14912 (Rejected): WAN Interfaces No Longer Able to Use Gateway Outside Subnet
In pfSense Plus 23.09 BETA there seems to be a regression of this former bug:
https://redmine.pfsense.org/issues/972... Kris Phillips
01:50 PM pfSense Packages Regression #14904: FRR 9 crashes at startup on 23.09-BETA armv7 (3100)
Seems to be specific to 3100/armv7... Jim Pingle
12:26 PM Feature #14907: DNS Resolution on Diagnostics > States Summary
Thank you Jim for the reply.
I see your point about performance issues, but I guess you do not have to do it to th... Wolfgang Thegreat
12:19 PM Feature #14907: DNS Resolution on Diagnostics > States Summary
Unfortunately the checkbox method isn't feasible. The contents of the state table page can be enormous and it isn't s... Jim Pingle
12:24 PM Feature #14911 (Rejected): Feature request - System Aliases
This is already possible both via URL table aliases and also via pfBlockerNG and various methods in there such as bui... Jim Pingle
12:22 PM pfSense Packages Bug #14858 (Resolved): Possible SNORT Regression with Remove Blocked Hosts interval / Alert length of time / duration timer being auto changed timer changed by itself and is deleting blocked hosts at 5 mins when set to never
Jim Pingle
12:21 PM Bug #14909 (Not a Bug): OS Account Changes contains records from a date much before the installation date
Those are normal/expected and are from when the OS image was built. Note that they match the approximate date/time of... Jim Pingle
12:13 PM pfSense Packages Bug #14905 (Duplicate): ARPing causes menu bar to stop working
This isn't a problem in arping but a problem with how some packages handle command output. It's already covered by #8502 Jim Pingle
12:13 PM pfSense Packages Bug #13405: Wireguard: The webgui becomes excessively slow to respond with a large number of peers
+1 - Adding Wireguard widget to dashboard makes the dashboard load extremely slowly. Also the menus relating to wireg... Bogdan Tomasciuc
12:07 PM Regression #14880 (Resolved): Diagnostics>States doesn't allow rule ID and interface filtering simultaneously but clearing the interface field is not possible
Jim Pingle

10/22/2023

09:14 PM Feature #14911: Feature request - System Aliases
I posted this feature request also at the community forum, at https://forum.netgate.com/topic/183570/feature-request-... Wolfgang Thegreat
08:24 PM Feature #14911 (Rejected): Feature request - System Aliases
Hello,
I wish to ask for something I call "System Aliases".
At times there is a need to have a list of IPs and/... Wolfgang Thegreat
07:32 PM pfSense Docs Correction #14910 (Closed): Feedback on System Monitoring — Firewall Table Contents
*Page:* https://docs.netgate.com/pfsense/en/latest/monitoring/status/firewall-tables.html
*Feedback:*
Hello,
T... Wolfgang Thegreat
06:49 PM pfSense Packages Bug #14858: Possible SNORT Regression with Remove Blocked Hosts interval / Alert length of time / duration timer being auto changed timer changed by itself and is deleting blocked hosts at 5 mins when set to never
This issue was resolved when I saved the interval again can you please close this ticket. Jonathan Lee
06:48 PM Bug #14909 (Not a Bug): OS Account Changes contains records from a date much before the installation date
Hello,
This bug report is following a community post at https://forum.netgate.com/topic/183563/strange-os-account-... Wolfgang Thegreat
06:47 PM pfSense Packages Feature #14908 (New): FEATURE REQUEST: Snort Alerts / Blocked Page ability to save users order of list choice
Hello fellow Redmine pfSense community members,
I wanted to bring this up and see if anyone else noticed this. I a... Jonathan Lee
05:24 PM Feature #14907 (New): DNS Resolution on Diagnostics > States Summary
Hello,
In version 2.7.0, the page of Diagnostics > States Summary shows numeric IPs, which are sometimes hard to u... Wolfgang Thegreat
03:24 PM Bug #14906 (New): DHCPv4 server self-assigning address to own DHCP client-enabled interfaces
Assume three NICs: igc0, igc1, igc2
Assume a single bridge: bridge0 (OPT2, OPT3)
And a VLAN: igc0.1036
Interface... Luca Piccirillo
03:22 PM Bug #14756 (Resolved): Link loss causes interfaces configured as Track Interface for IPv6 to lose their IPv4 addresses
Tested on 23.05_1
I was able to reproduce this bug.
After applying 49d0874fb4524e05a802eaeabbf6bf152860f3d4 and t... Azamat Khakimyanov
01:21 PM pfSense Packages Bug #11802: FreeRADIUS sync
The problem is relevant. It is impossible to use synchronization: the configuration of certificates on recipient node... Alex Viper_Rus
11:28 AM pfSense Plus Regression #14828: QAT is not being used by some daemons
I've just tried 23.09.b.20231020.0600 on qat_200xx equipped hardware (Xeon D-1736NT) and I can see that the revision ... Rob A
09:45 AM pfSense Plus Regression #14828: QAT is not being used by some daemons
Hi Kris,
No change with 23.09 BETA, including 23.09.b.20231020.0600 for QAT on C3xxx QAT hardware (Netgate 6100 in... Rob A
05:23 AM pfSense Packages Bug #14905: ARPing causes menu bar to stop working
I have tested and can confirm this behavior. aleksei prokofiev
01:42 AM Regression #14896: Suricata is removed when upgrading the base system
Hi Netgate team: I will need a little help addressing this issue. I currently do not have a pfSense Plus test environ... Bill Meeks

10/21/2023

11:31 PM pfSense Packages Bug #14905 (Duplicate): ARPing causes menu bar to stop working
After running ARPing and getting the results, any attempt to navigate to another page by clicking the menu bar (Syste... Christopher Cope
10:06 PM pfSense Plus Bug #14818 (Confirmed): StatusTraffic Graph In/Out traffic misplaced in Graph but correct in text table
It looks like this happens when the Sort By dropdown is set to Bandwidth Out. Using pfSense as an iperf server and a ... Chris W
08:17 PM pfSense Plus Regression #14828: QAT is not being used by some daemons
Rob A wrote in #note-3:
> I still see demonstrable difference between 23.05 and 23.09 dev with QAT. QAT is active o... Kris Phillips
08:14 PM pfSense Packages Bug #14861 (Incomplete): PHP error when pings are enabled but no ping hosts are defined
Tested on 23.09 and unable to reproduce.
What are the exact steps to produce this PHP error? What platform are ... Kris Phillips
07:14 PM Bug #14609 (Resolved): Update check in GUI does not always honor the configured proxy settings
Tested on 23.05_1 and 23.09-BETA (built on Mon Oct 16 2:31:00 UTC 2023)
I was able to reproduce this issue on 23.0... Azamat Khakimyanov
06:47 PM pfSense Plus Feature #14387: Offline config mode
Tested on 23.05.1 and 23.09 there is still significant boot times for the WAN interface being down and the webConfigu... Kris Phillips
02:41 PM pfSense Plus Feature #14387: Offline config mode
Can you confirm you are still having this issue on 23.05.1?
The original redmine is resolved and testing with 23.0... Christopher Cope
06:40 PM pfSense Packages Regression #14904: FRR 9 crashes at startup on 23.09-BETA armv7 (3100)
There was a theory that this was UFS versus ZFS related. Testing on whitebox amd64 with ZFS I'm unable to reproduce ... Kris Phillips
04:38 PM pfSense Packages Regression #14904: FRR 9 crashes at startup on 23.09-BETA armv7 (3100)
I can reliably replicate the issue only on 3100. Danilo Zrenjanin
03:14 PM pfSense Packages Regression #14904: FRR 9 crashes at startup on 23.09-BETA armv7 (3100)
I can't reproduce it on the amd64 build ... Lev Prokofev
03:09 PM pfSense Packages Regression #14904: FRR 9 crashes at startup on 23.09-BETA armv7 (3100)
I can confirm that it worked as expected on 23.09.b.20231018.0600.
 Danilo Zrenjanin
03:00 PM pfSense Packages Regression #14904: FRR 9 crashes at startup on 23.09-BETA armv7 (3100)
Tested against 23.09.b.20231020.0600 Danilo Zrenjanin
02:55 PM pfSense Packages Regression #14904 (Resolved): FRR 9 crashes at startup on 23.09-BETA armv7 (3100)
... Danilo Zrenjanin
04:55 PM Regression #14431: Sending IPv6 traffic on a disabled interface can trigger a kernel panic
... Rob A
04:53 PM Regression #14431: Sending IPv6 traffic on a disabled interface can trigger a kernel panic
Hopefully I have captured the panic:... Rob A
02:30 PM Feature #14903 (New): Support for API based email delivery
Hello,
This feature request is following this community post - https://forum.netgate.com/topic/183548/support-for-... Wolfgang Thegreat
05:52 AM Regression #14880: Diagnostics>States doesn't allow rule ID and interface filtering simultaneously but clearing the interface field is not possible
Works as expected on ... Lev Prokofev

10/20/2023

11:24 PM Regression #14615: PHP crash during bootup with gateway monitoring enabled with custom monitor IP
I think this may be a wider issue. I upgraded from 2.7.0 -> 2.8.0 when it was released, after using 2.7.0 since it wa... Scott Buckel
08:29 PM Bug #14893 (In Progress): Large number of IPsec tunnels causes long filter reload times
Marcos M
08:10 PM pfSense Plus Bug #14902 (Not a Bug): Package Manager available list empty
This site is not for support or diagnostic discussion.
For assistance in solving problems, please post on the "Net... Jim Pingle
07:23 PM pfSense Plus Bug #14902 (Not a Bug): Package Manager available list empty
This seem to have happened after pfSense Plus 23.05.1 upgrade. Although I don't know the exact time frame. I am unabl... Jimmy Chen
06:32 PM pfSense Packages Feature #14901 (New): Feature request - Adding in the GUI the advanced SHA and AES values for SNMPv3
I post this following this community forum post I published - https://forum.netgate.com/topic/183532/setting-advanced... Wolfgang Thegreat
05:46 PM Bug #14892 (Resolved): Traffic graph filters apply incorrectly
Jim Pingle
03:13 PM Bug #14892: Traffic graph filters apply incorrectly
patch corrects the behavior
tested on:
23.09-BETA (amd64)
built on Fri Oct 20 6:00:00 UTC 2023
FreeBSD 14.0-CURRENT Georgiy Tyutyunnik
04:17 PM pfSense Packages Todo #14795: Transition to nut-devel
Merged here:
https://github.com/pfsense/FreeBSD-ports/commit/e55ac518e1e2a4359dbf3b0e5e36aa235bfe1f13 Marcos M
04:17 PM pfSense Packages Todo #14795 (Resolved): Transition to nut-devel
Marcos M
01:07 PM Bug #14900 (New): Spoofed WAN MAC plus L2TP service causes WAN interface link flap
Duplicate of 11571 (I'm the same person who posted that issue which was rejected).
Posted on forum here with no r... Aman Halai
11:30 AM Feature #14899 (New): Feature request - better acknowledgment and validation of the user's public key format
Hello,
This feature request is following my community post at https://forum.netgate.com/topic/183514/cannot-ssh-lo... Wolfgang Thegreat
08:47 AM Feature #11556: Kill states using the pre-NAT address
Proposed implementation in https://reviews.freebsd.org/D42312 (test in https://reviews.freebsd.org/D42313)
This will... Kristof Provost
02:53 AM Bug #14804: Panic when pfsync attempts to synchronize states between hosts with different rulesets
Yes, looks like it is ok now. No more crashes on beta 23.09 Vladimir Suhhanov

10/19/2023

08:07 PM Regression #14896: Suricata is removed when upgrading the base system
I was able to reproduce this upgrading between 23.09-BETA versions:
{{collapse... Marcos M
04:16 PM Regression #14896: Suricata is removed when upgrading the base system
From the Netgate forums working with another user who provided possible insight:
https://forum.netgate.com/topic/1831... Brian Dahlquist
03:52 PM Regression #14896 (Resolved): Suricata is removed when upgrading the base system
After upgrading from 23.05.01 to 23.09 beta on a clean install (and on a second install) the Suricata package will no... Brian Dahlquist
05:12 PM pfSense Packages Bug #14898 (Resolved): Suricata core dumps with signal 11
I installed Suricata on a system with previous config using Legacy Mode, Enable/Disable/Drop SID lists. After attempt... Marcos M
04:15 PM Regression #14897 (Feedback): DHCPv4 service stopped after applying interface settings when no interfaces have DHCPv6 enabled
Applied in changeset commit:dc96586bddbc3d209b04d602412378c656acef16. Jim Pingle
04:06 PM Regression #14897 (Resolved): DHCPv4 service stopped after applying interface settings when no interfaces have DHCPv6 enabled
When applying changes for an interface (e.g. WAN), during @interface_bring_down()@ it ends up calling @services_dhcpd... Jim Pingle
04:07 PM Revision dc96586b: Selectively kill DHCP server by family. Fixes #14897
Jim Pingle
03:42 PM Revision e67b20f4: Fix some syntax/logic errors in interface config.
Jim Pingle
02:01 PM pfSense Plus Bug #14705: Changes in Ethernet ruleset can lead to incorrect rule and separator order
Thanks for looking into this Jonathan Lee
07:57 AM pfSense Plus Bug #14705 (Feedback): Changes in Ethernet ruleset can lead to incorrect rule and separator order
I was finally able to replicate this issue fairly consistently (albeit not every single time). A fix is now in place ... Marcos M
01:38 PM Bug #14386: ``openvpn.auth-user.php`` gets stuck at 100% CPU usage when RADIUS authentication times out
Duplicate Connection was already disabled (multiple connections from the same user are not allowed - check box not ch... Orion Poplawski
07:12 AM Revision 3d5bdf79: Save rules changes before the ruleset is sorted.
Marcos M

10/18/2023

08:26 PM Bug #14893: Large number of IPsec tunnels causes long filter reload times
In my case, all of the remote gateways are IP addresses. There shouldn't be anything in IPsec that needs to resolve a... Max Leighton
06:58 PM Bug #14893: Large number of IPsec tunnels causes long filter reload times
This may be a duplicate of other existing issues such as #12335 Jim Pingle
06:35 PM Bug #14893 (Resolved): Large number of IPsec tunnels causes long filter reload times
On a 23.05.1 system with many IPsec tunnels, reloading the filter can take over 5 minutes. This results in very slow ... Max Leighton
08:06 PM pfSense Packages Bug #14895 (New): Wireguard / bad performance after reboot, if running together with OpenVPN
Hello,
I initially posted in the netgate forum, but in the meantime I conducted more investigations and I think I ... Pascal Terrien
07:48 PM pfSense Plus Bug #13455: Serial console output fails to render properly in certain cases on 4100, 6100, and 8200.
I created a separate issue for the remaining login prompt problem: #14894 Jim Pingle
06:36 PM pfSense Plus Bug #13455: Serial console output fails to render properly in certain cases on 4100, 6100, and 8200.
Chris Mirchandani wrote in #note-16:
> This Redmine was specifically opened for the password protected issue. In the... Jim Pingle
06:33 PM pfSense Plus Bug #13455: Serial console output fails to render properly in certain cases on 4100, 6100, and 8200.
This Redmine was specifically opened for the password protected issue. In the process of looking into that issue you ... Chris Mirchandani
06:17 PM pfSense Plus Bug #13455 (Feedback): Serial console output fails to render properly in certain cases on 4100, 6100, and 8200.
Fix committed: https://gitlab.netgate.com/pfSense/factory/-/commit/69b321f6d5153ed0e8146abf716cee6f8cd98646 Jim Pingle
06:09 PM pfSense Plus Bug #13455 (In Progress): Serial console output fails to render properly in certain cases on 4100, 6100, and 8200.
The unusual characters in the loader clear up if we set the console to @efi@ explicitly on affected platforms (4100, ... Jim Pingle
07:47 PM pfSense Plus Bug #14894 (New): Password protected console login prompt does not render properly on 4100/6100/8200 serial console
After resolving other console issues with the 4100/6100/8200 in #13455 a problem remains with the login prompt.
It... Jim Pingle
05:29 PM Feature #14844: QAT 200xx devices are not recognized as supported
Updating subject for release notes. Jim Pingle
05:24 PM Regression #14876: ``ca_setup_trust_store()`` behavior conflicts with ``certctl``
It works fine on:... Danilo Zrenjanin
05:05 PM Regression #14616 (Resolved): dpinger does not start after renewing DHCP
The same test works as expected against 23.09.b.20231018.0600.
I am marking this ticket resolved. Danilo Zrenjanin
04:59 PM Regression #14616: dpinger does not start after renewing DHCP
I was able to reproduce the reported issue on the 23.05.1 release. Danilo Zrenjanin
03:31 PM Revision 221fc6d2: MVC updates for SSH and gateways code.
Marcos M
03:00 PM Bug #14892 (Feedback): Traffic graph filters apply incorrectly
Applied in changeset commit:af627f37e47b939d6930b1d49fcc6842fd955705. Anonymous
02:31 PM Bug #14892 (In Progress): Traffic graph filters apply incorrectly
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/1092
https://forum.netgate.com/topic/183480/traffic-grap... Steve Wheeler
02:30 PM Bug #14892 (Resolved): Traffic graph filters apply incorrectly
The traffic graphs include a seection to filter for local, remote or all traffic but the results are unexpected.
T... Steve Wheeler
02:53 PM Revision af627f37: Traffic Graph filtering corrections. Fix #14892
Steve Wheeler
02:53 PM pfSense Packages Bug #14390: Squid: SECURITY ALERT: Host header forgery detected
Can anyone advise on the feasibility of building a custom patched version of Squid (at least for testing purposes to ... Simon Byrnand
02:11 PM Bug #14884 (Resolved): Kea service for IPv6 can show active even when no interfaces have DHCPv6 enabled
Tested against:
23.09.b.20231018.0600
I am marking this ticket as resolved.
Danilo Zrenjanin
02:01 PM Regression #14877 (Resolved): Import PKCS #12 (PFX) certificate error when using legacy/low ciphers
Tested against the latest Beta release.
The error message now accurately describes the cause of the failure.
<... Danilo Zrenjanin
10:40 AM Bug #14891 (New): High CPU usage when interface get down and up due to proces check_reload_status
Today I noticed that the cpu usage was high on my pfSense appliance (N5105, I226).
After looking in top I see that ... Thijs K

10/17/2023

11:15 PM Regression #14889 (Resolved): Lock leak kernel panic after upgrading to 23.09
The user who was hitting this reports success updating to the latest build containing the fix. Steve Wheeler
07:39 PM Regression #14889 (Feedback): Lock leak kernel panic after upgrading to 23.09
Christian McDonald
12:53 PM Regression #14889 (Resolved): Lock leak kernel panic after upgrading to 23.09
After upgrading to 23.09 the system appears to hang after starting the DHCP server (ISC) eventually panicking and reb... Steve Wheeler
06:30 PM Feature #14844 (Feedback): QAT 200xx devices are not recognized as supported
Applied in changeset commit:1579b10b674d08214404b7f145db780e985554c4. Marcos M
06:22 PM Feature #14844 (Pull Request Review): QAT 200xx devices are not recognized as supported
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/1091
The dashboard should now recognize it. Marcos M
06:13 PM Revision 1579b10b: Recognize the 200xx Series QAT device. Implement #14844
Marcos M
04:48 PM Regression #14877: Import PKCS #12 (PFX) certificate error when using legacy/low ciphers
After internal discussion we decided not to enable the legacy provider by default because it had other potentially ne... Jim Pingle
04:46 PM Revision 392133c7: Amend P12 error for bad ciphers. Fixes #14877
Jim Pingle
04:35 PM Revision 43179546: Revert "Enable OpenSSL legacy provider by default. Issue #14877"
This reverts commit 275ae19ad70336f06ed53d655ceb96c8b2ab56f0. Jim Pingle
03:50 PM Regression #14755 (Resolved): Intermittent core dump in ``ndp`` when visiting ``diag_ndp.php``
Marcos M
03:48 PM pfSense Packages Todo #14881: for wiregaurd interface add linklocal IPv6 address
The VIP page allows LL addresses, a new page isn't needed for that part. The MAC address can be manually set on assig... Marcos M
11:43 AM pfSense Packages Todo #14881: for wiregaurd interface add linklocal IPv6 address

I used firewall_virtual_ip.php to add the fe80 address before, and it worked. However, this method has failed in re... yon Liu
01:43 PM pfSense Packages Feature #14890: dtlspipe package
I have told the author and he has seen this post. yon Liu
01:38 PM pfSense Packages Feature #14890: dtlspipe package
First it would have to be added to FreeBSD ports Jim Pingle
01:24 PM pfSense Packages Feature #14890 (New): dtlspipe package
This is a DTSL tool that has been tested and used. It can add DTLS support to almost all UDP. It is especially suitab... yon Liu
08:33 AM Todo #10464: Don't change the current update repo when new releases are available
Jim Pingle wrote in #note-2:
> While not a bug per se, it is something we could improve. It would prevent some accid... Sima Xi
12:43 AM Bug #14809 (Resolved): ``packet_capture.php`` uses ``count`` and ``length`` values in command execution without validation or encoding
Marcos M

10/16/2023

10:53 PM Bug #13911 (Resolved): Unnecessary delay when querying ``ixgbe(4)`` interfaces with SFP ports
This looks good in current 23.09 builds.
Tested:... Steve Wheeler
10:51 PM Regression #14885 (Resolved): PPPoE clients macro does not work
Patch tested by @cjl and the system table now populates correctly:... Marcos M
07:40 PM Regression #14885 (Feedback): PPPoE clients macro does not work
Applied in changeset commit:87510765f94b51d3f5ddcea66b14ab6211cbc864. Marcos M
07:02 PM Regression #14885 (Pull Request Review): PPPoE clients macro does not work
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/1090 Marcos M
06:43 PM Regression #14885 (Resolved): PPPoE clients macro does not work
The PPPOE system alias is missing, and creating a rule with the @PPPoE clients@ macro and gateway results in the foll... Marcos M
10:49 PM Regression #14867 (Resolved): Address family validation prevents creating 1:1 NAT rule
Marcos M
10:44 PM Bug #14785 (Resolved): Primary IPv6 interface address may be incorrect when a VIP is set
The @ifconfig@ output order has not changed, but rather what the system _determines_ to be primary address (e.g. unde... Marcos M
10:30 PM pfSense Packages Feature #13575 (Resolved): Update to frr 9.0.1
Marcos M
10:29 PM Feature #14731 (Resolved): Unbound Advanced Settings entry for ``sock-queue-timeout``
An empty value now defaults to 0 as expected. Marcos M
10:26 PM Feature #14620 (Assigned): Support running DHCPv4 Server and DHCPv4 Relay at the same time on different interfaces
Marcos M
10:10 PM Todo #14888 (Resolved): Exclude non-release branches from general update checks
To make it simpler to provide repos for devel, beta, and rc versions concurrently, the -C option should be modified t... Reid Linnemann
09:17 PM Feature #14887 (Closed): Add an appropriately named file to install images to indicate what they are
If you have written a number of images to USB sticks it can be hard to know which image is actually on any particular... Steve Wheeler
08:52 PM pfSense Packages Todo #14881 (Duplicate): for wiregaurd interface add linklocal IPv6 address
Marcos M
08:48 PM pfSense Packages Todo #14881 (Incomplete): for wiregaurd interface add linklocal IPv6 address
> I originally used aliases to add wg interfaces, but this method is invalid in version pf23.09.
What method is th... Marcos M
08:51 PM pfSense Packages Feature #14652: FRR OSPF6 not working over wireguard
> I guess this request might be regarded as a feature request to add link-local ipv6 to the tun_wg interface by defau... Marcos M
08:27 PM pfSense Packages Feature #14652: FRR OSPF6 not working over wireguard
Probably related to #14881 beermount beermount
08:07 PM Bug #14804 (Feedback): Panic when pfsync attempts to synchronize states between hosts with different rulesets
I've pushed a fix to all relevant branches (including 23.09). It'll be part of the next snapshot builds. Kristof Provost
04:49 PM Bug #14804 (In Progress): Panic when pfsync attempts to synchronize states between hosts with different rulesets
Jim Pingle
04:37 PM Bug #14804: Panic when pfsync attempts to synchronize states between hosts with different rulesets
Cheers, that helped!
I think I see what happened here. Basically I fixed the problem upstream and missed a case in... Kristof Provost
02:47 PM Bug #14804: Panic when pfsync attempts to synchronize states between hosts with different rulesets
Sorry just went out of my head…
FreeBSD 14.0-CURRENT amd64 1400094 #1 plus-RELENG_23_09-n256151-106588946ac: Mon... Vladimir Suhhanov
12:24 PM Bug #14804: Panic when pfsync attempts to synchronize states between hosts with different rulesets
Yes, but what *version* are you running?
Post the output of "uname -a" and "pkg info pfSense-kernel-pfSense". Kristof Provost
12:04 PM Bug #14804: Panic when pfsync attempts to synchronize states between hosts with different rulesets
@db:1:pfs> bt
Tracing pid 12 tid 100062 td 0xfffffe00c641f560
kdb_enter() at kdb_enter+0x32/frame 0xfffffe001b1e260... Vladimir Suhhanov
08:35 AM Bug #14804: Panic when pfsync attempts to synchronize states between hosts with different rulesets
Yes, the relevant patch is in the 23.09 branch. What version are you running and what is the full backtrace you're ge... Kristof Provost
08:17 AM Bug #14804: Panic when pfsync attempts to synchronize states between hosts with different rulesets
Does this patch apply to the current beta builds? I have tried one beta build from 13 Oct and it crashes the same way. Vladimir Suhhanov
07:25 PM Feature #14886 (New): Visual improvement to the Gateway widget: display the icon in a color reflecting the status

A small tweak to the Gateway widget to display the icon in a color reflecting the status.
Rationale:
In my fou... Patrik Stahlman
06:46 PM Revision 87510765: Generate a system alias for PPPoE clients. Fix #14885
Marcos M
05:45 PM Bug #14884 (Feedback): Kea service for IPv6 can show active even when no interfaces have DHCPv6 enabled
Applied in changeset commit:5fc3b1fbae1fba06563bfebf6cc559769b59f8bf. Jim Pingle
05:37 PM Bug #14884 (Resolved): Kea service for IPv6 can show active even when no interfaces have DHCPv6 enabled
If an interface is configured for track6 it can cause the Kea service for IPv6 to appear active and running even when... Jim Pingle
05:39 PM Revision 9a632676: Remove trigger_initial_wizard since it is not used in the pkg
Brad Davis
05:37 PM Revision 5fc3b1fb: Remove outddated DHCPv6 test. Fixes #14884
Jim Pingle
03:19 PM pfSense Plus Regression #14883 (Not a Bug): Package Manager in 23.05.1 broken
The package manager servers are the same for Plus on Netgate and non-Netgate hardware for amd64 systems. There do not... Jim Pingle
03:10 PM pfSense Plus Regression #14883 (Not a Bug): Package Manager in 23.05.1 broken
Hello,
Package Manager on 23.05.1 is not showing Available packages now, as if the repo is offline or something. ... Scott Keats
03:09 PM pfSense Plus Regression #14180: ConnectX-4 LX MCX4121A-ACAT - VT-d passthrough of both ports, virtualized pfSense fails to boot due to mlx5 driver errors
Hi, thanks for looking into it.
My setup was already EFI-based. I've long since abandoned the Mellanox card and am... name name
03:07 PM Regression #14880: Diagnostics>States doesn't allow rule ID and interface filtering simultaneously but clearing the interface field is not possible
Confirmed patch allows Interface and Rule ID at the same time. dylan mendez
03:00 PM Regression #14880 (Feedback): Diagnostics>States doesn't allow rule ID and interface filtering simultaneously but clearing the interface field is not possible
Applied in changeset commit:f8606ffa1b83d1d4105e0a48e49fa0b5ed4a2138. Jim Pingle
02:48 PM Regression #14880: Diagnostics>States doesn't allow rule ID and interface filtering simultaneously but clearing the interface field is not possible
Not specific to plus. Jim Pingle
02:52 PM Bug #12747: Restarting the logging daemon during rotation also restarts ``sshguard``, leading to frequent log messages
Jonathan Stafford wrote in #note-14:
> I'm having this problem as well, with 23.05.1-RELEASE. For me, the issue see... Geovane Gonçalves
02:51 PM Revision f8606ffa: Fix state dump rule ID validation. Fixes #14880
Jim Pingle
02:47 PM Regression #14877 (Feedback): Import PKCS #12 (PFX) certificate error when using legacy/low ciphers
Fixed by commit:275ae19ad70336f06ed53d655ceb96c8b2ab56f0 which enables the legacy provider by default.
If testing ... Jim Pingle
02:27 PM Regression #14877 (In Progress): Import PKCS #12 (PFX) certificate error when using legacy/low ciphers
That's because when it gets exported it's using a low/old/deprecated cipher set. Then the import code doesn't support... Jim Pingle
02:29 PM Revision 275ae19a: Enable OpenSSL legacy provider by default. Issue #14877
Jim Pingle
02:10 PM Regression #14876 (Feedback): ``ca_setup_trust_store()`` behavior conflicts with ``certctl``
Applied in changeset commit:72c441e9e0c0f3d4cd26f554a67aa91e06734b5b. Jim Pingle
01:45 PM Regression #14876: ``ca_setup_trust_store()`` behavior conflicts with ``certctl``
This is really a base system issue and likely the same root cause as other issues we've seen.
@certctl rehash@ is ... Jim Pingle
01:48 PM Revision 72c441e9: Refresh OS CA list after updating trust store. Fixes #14876
Jim Pingle
12:19 PM Regression #14873 (Resolved): Kea DHCP Static Mappings 404 Not Found
Jim Pingle

10/15/2023

11:50 AM Feature #2358: NAT64 support
Please, is there a plan to implement functionality with an alternative to ipfw_nat64?
pfsense is unusable if Provi... Thomas Wagner
10:40 AM pfSense Packages Todo #14881 (Duplicate): for wiregaurd interface add linklocal IPv6 address
Since frr8- frr9 requires that the fe80:: address must be configured. so wiregaurd need add this fe80:: address.
I... yon Liu
06:52 AM pfSense Plus Bug #14879: Disabling DNS Rebinding Checks deletes private domains from unbound config
According to johnpoz in the linked forum thread, DNSSEC validation fails. This would explain why it is not working an... Bob Dig
03:01 AM pfSense Plus Regression #14180: ConnectX-4 LX MCX4121A-ACAT - VT-d passthrough of both ports, virtualized pfSense fails to boot due to mlx5 driver errors
see if it makes any difference booting EFI with your setup - https://docs.netgate.com/pfsense/en/latest/recipes/virtu... Jordan G
02:50 AM pfSense Packages Feature #12179 (Confirmed): QEMU package
A package would also eliminate a lot of the script creation and general "hackery" needed to get the QEMU guest agent ... Kris Phillips
02:15 AM Regression #14873: Kea DHCP Static Mappings 404 Not Found
Tested on Oct 14th builds. Double clicking entries no longer returns any 404 messages. Confirmed fixed. Kris Phillips
02:05 AM Bug #14083: Adding MSS and MTU values on a LAGG VLAN interface breaks connectivity
Daniel Hoffend wrote in #note-12:
> I can confirm the issue with pfSense 2.7. We're using multiple vlan interfaces o... Kris Phillips
01:54 AM Regression #14880: Diagnostics>States doesn't allow rule ID and interface filtering simultaneously but clearing the interface field is not possible
Tested this on 23.05.1 and this error is not present when attempting to filter, so this is new for 23.09. Kris Phillips
01:52 AM Regression #14880: Diagnostics>States doesn't allow rule ID and interface filtering simultaneously but clearing the interface field is not possible
Bug confirmed on latest 23.09 BETA build from Oct 14th. This error appears to be cosmetic, as the filtering still wo... Kris Phillips
12:57 AM Regression #14856 (Resolved): Duplicating a floating rule places it at the bottom
Tested on... Christopher Cope
12:34 AM Bug #14648: Values obtained from ``sysctl`` are sometimes unexpectedly empty, leading to PHP and other math errors
Okay,
So I have been running sysctl -iq hw.physmem for every 10 seconds and it has NEVER returned 0 but today i h... Michael Clews

10/14/2023

08:28 PM Regression #14880 (Resolved): Diagnostics>States doesn't allow rule ID and interface filtering simultaneously but clearing the interface field is not possible
Diagnostics>States doesn't allow rule ID and interface filtering simultaneously but clearing the interface field is n... Jordan G
06:36 PM pfSense Packages Feature #13575: Update to frr 9.0.1

FRR 9.0.1 is added and working
23.09-BETA (amd64)
built on Thu Oct 12 23:00:00 PDT 2023
FreeBSD 14.0-CURRENT Alhusein Zawi
06:09 PM Regression #14876: ``ca_setup_trust_store()`` behavior conflicts with ``certctl``
It looks to be related to SSL, disabling curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true); in the download_file functio... Christopher Cope
06:36 AM Regression #14876 (Confirmed): ``ca_setup_trust_store()`` behavior conflicts with ``certctl``
I can confirm this behavior. ... Danilo Zrenjanin
06:33 AM Regression #14876 (Resolved): ``ca_setup_trust_store()`` behavior conflicts with ``certctl``
When you add a commit ID, it generates a proper link, for example, id 01d6aeb62f876fc9b6f9e1083e7586b1866c725b
!cli... Lev Prokofev
02:37 PM pfSense Packages Feature #14875: Snort + VirusTotal could analyse suspicious domains, IPs and URLs to detect malware and other breaches, automatically
I see a potential issue here. Careful reading of the API overview at the link provided yields an important piece of i... Bill Meeks
04:08 AM pfSense Packages Feature #14875 (New): Snort + VirusTotal could analyse suspicious domains, IPs and URLs to detect malware and other breaches, automatically
Hello fellow pfSense Redmine members,
I noticed in Snort we have a resolve IP address option however, time and tim... Jonathan Lee
12:37 PM pfSense Plus Bug #14879 (New): Disabling DNS Rebinding Checks deletes private domains from unbound config
This will make Domain Overrides not work anymore, at least with split DNS.
More Details are described here: https:/... Bob Dig
11:37 AM pfSense Packages Feature #14878 (New): Integrated syslog support
Requesting the integrated support to be able to ship pfblockerng logs to a syslog server. This is crucial for organi... Alan Shearer
09:30 AM pfSense Packages Feature #12179: QEMU package
> It would be more convenient to have it as a package that can be installed/configured from the GUI.
I really woul... Bob Dig
07:44 AM Regression #14877: Import PKCS #12 (PFX) certificate error when using legacy/low ciphers
In the MacOS, the password gets generated once you right-click on the cert in the Keychain Access and choose export.
... Danilo Zrenjanin
07:19 AM Regression #14877: Import PKCS #12 (PFX) certificate error when using legacy/low ciphers
Tested, on ... Lev Prokofev
07:00 AM Regression #14877 (Resolved): Import PKCS #12 (PFX) certificate error when using legacy/low ciphers
Tested against:... Danilo Zrenjanin

10/13/2023

08:30 PM Regression #14873 (Feedback): Kea DHCP Static Mappings 404 Not Found
Applied in changeset commit:b552fd273b50d17a504171081af2f453efd5a386. Jim Pingle
08:19 PM Regression #14873 (In Progress): Kea DHCP Static Mappings 404 Not Found
Looks like a little typo, easy fix. Jim Pingle
05:42 PM Regression #14873 (Resolved): Kea DHCP Static Mappings 404 Not Found
If you double-click on an already defined MAC address in the MAC address column it leads to 404 Not Found page.
!c... Danilo Zrenjanin
08:21 PM Revision b552fd27: Correct typo. Fixes #14873
Jim Pingle
08:14 PM pfSense Plus Bug #14478 (Resolved): Ethernet rules using ``(self)`` as a source or destination make the ruleset fail to load
Jim Pingle
05:55 PM pfSense Plus Bug #14478: Ethernet rules using ``(self)`` as a source or destination make the ruleset fail to load
tested on:
Version 23.09-BETA (amd64)
built on Fri Oct 13 6:00:00 UTC 2023
FreeBSD 14.0-CURRENT
this version has ... Georgiy Tyutyunnik
06:19 PM pfSense Docs Todo #14874: Feedback on pfSense® software Configuration Recipes — IPsec Remote Access VPN Example Using IKEv2 with EAP-MSCHAPv2
if you don't see anything at least worth mentioning in the documentation then....Wow... brian neiferd
05:53 PM pfSense Docs Todo #14874 (Rejected): Feedback on pfSense® software Configuration Recipes — IPsec Remote Access VPN Example Using IKEv2 with EAP-MSCHAPv2
The button appears only if you don't already have a mobile P1. If you already have a mobile P1, you can't create one,... Jim Pingle
05:45 PM pfSense Docs Todo #14874 (Rejected): Feedback on pfSense® software Configuration Recipes — IPsec Remote Access VPN Example Using IKEv2 with EAP-MSCHAPv2
*Page:* https://docs.netgate.com/pfsense/en/latest/recipes/ipsec-mobile-ikev2-eap-mschapv2.html
*Feedback:*
The i... brian neiferd
05:27 PM pfSense Docs Todo #14816: Feedback on pfSense® software Configuration Recipes — OpenVPN Site-to-Site Configuration Example with SSL/TLS
Kris Phillips wrote in #note-1:
> You shouldn't need to define a Remote subnet unless you're doing a /30 S2S, but I... Daniel Castellanos
05:20 PM pfSense Docs Todo #14871: Feedback on pfSense® software Configuration Recipes — IPsec Remote Access VPN Example Using IKEv2 with EAP-MSCHAPv2
There can only be one mobile IPsec P1. It isn't called out in that recipe, but it's documented elsewhere.
 Jim Pingle
05:16 PM pfSense Docs Todo #14871: Feedback on pfSense® software Configuration Recipes — IPsec Remote Access VPN Example Using IKEv2 with EAP-MSCHAPv2
There is only VPN>IPSec>Tunnels, add P1. There is not a button to distinguish between mobile P1 and site-to-site P... brian neiferd
04:31 PM pfSense Docs Todo #14871 (Rejected): Feedback on pfSense® software Configuration Recipes — IPsec Remote Access VPN Example Using IKEv2 with EAP-MSCHAPv2
If that's what you see, you did not follow the instructions properly and you are not editing the mobile P1, but a sit... Jim Pingle
04:03 PM pfSense Docs Todo #14871 (Rejected): Feedback on pfSense® software Configuration Recipes — IPsec Remote Access VPN Example Using IKEv2 with EAP-MSCHAPv2
*Page:* https://docs.netgate.com/pfsense/en/latest/recipes/ipsec-mobile-ikev2-eap-mschapv2.html
*Feedback:*
Impos... brian neiferd
05:16 PM Regression #14870 (Closed): Aliases are incorrectly added to rules
Fix for this is the same as the fix in #14867. Marcos M
05:13 PM Regression #14870 (Feedback): Aliases are incorrectly added to rules
Yes, I believe this is fixed in the current snapshot. Steve Wheeler
04:47 PM Regression #14870: Aliases are incorrectly added to rules
I can't reproduce it on the... Lev Prokofev
03:39 PM Regression #14870: Aliases are incorrectly added to rules
when i input network 2602:fed6:7021::/48, it is show network/0 in firewall rule yon Liu
02:00 PM Regression #14870: Aliases are incorrectly added to rules
Tested:... Steve Wheeler
01:56 PM Regression #14870 (Closed): Aliases are incorrectly added to rules
Aliases are shown incorrectly in rules as 'single/0'. This then throws errors loading the ruleset:... Steve Wheeler
05:12 PM Bug #14829 (Resolved): Multi-WAN Dynamic DNS does not fail over when preferred WAN loses link
Tested against:... Danilo Zrenjanin
04:41 PM pfSense Docs Todo #14872 (Rejected): Feedback on pfSense® software Configuration Recipes — IPsec Remote Access VPN Example Using IKEv2 with EAP-MSCHAPv2
Please post on the forum for help.
Any options not mentioned are to be left at their defaults, but you are also no... Jim Pingle
04:34 PM pfSense Docs Todo #14872 (Rejected): Feedback on pfSense® software Configuration Recipes — IPsec Remote Access VPN Example Using IKEv2 with EAP-MSCHAPv2
*Page:* https://docs.netgate.com/pfsense/en/latest/recipes/ipsec-mobile-ikev2-eap-mschapv2.html
*Feedback:*
Impos... brian neiferd
04:39 PM Regression #14845 (Resolved): PHP error in 1:1 NAT rule list when a 1:1 NAT rule uses an interface macro for the external address
Tested against:... Danilo Zrenjanin
02:37 PM Feature #14860: Column consistancy between DHCP Static mapping and ARP
Please see attached.
Even though the first columns are different (Interface, Static ARP) the IP, MAC and Hostname ... John Weithman
10:26 AM Bug #14831 (Resolved): IPsec rejects certificate without any SANs
Tested against:... Danilo Zrenjanin
09:00 AM Regression #14867: Address family validation prevents creating 1:1 NAT rule
It's fixed in the ... Lev Prokofev
07:57 AM pfSense Packages Bug #14841 (Resolved): IPsec Profile Export for Apple is using incorrect encryption on PKCS#12 data, cannot import into macOS
Tested against:... Danilo Zrenjanin
02:31 AM pfSense Packages Feature #14868 (Pull Request Review): FRR - Support multiple OSPF instances
https://github.com/pfsense/FreeBSD-ports/pull/1293 Edward Valley

10/12/2023

07:37 PM Revision 3e3c3c0a: Remove populating /etc/platform from base.txz
Brad Davis
04:55 PM Regression #14867 (Feedback): Address family validation prevents creating 1:1 NAT rule
Applied in changeset commit:95672f7152db2a583f4fd9f4afe7615137c2a4fb. Marcos M
12:20 PM Regression #14867: Address family validation prevents creating 1:1 NAT rule
It works fine if you define WAN Address > LAN Address. Anything beyond that fails.
!clipboard-202310121419-ogu1u.p... Danilo Zrenjanin
11:52 AM Regression #14867 (Confirmed): Address family validation prevents creating 1:1 NAT rule
I can confirm this behavior.
Tested against:... Danilo Zrenjanin
11:00 AM Regression #14867 (Resolved): Address family validation prevents creating 1:1 NAT rule
... Lev Prokofev
04:47 PM Revision 95672f71: Exclude address/network type from specialnet checks. Fix #14867
These are placeholders for the real value, not specialnets. Marcos M
01:09 PM pfSense Plus Bug #14837: some services show can't start
Wireguard is connected, but it shows that the service has not been started. yon Liu
10:20 AM Regression #14866 (Resolved): System aliases created for local subnets can be an invalid length
Tested the patch against:... Danilo Zrenjanin
10:13 AM Regression #14866: System aliases created for local subnets can be an invalid length
I could reproduce the issue against:... Danilo Zrenjanin
03:10 AM Regression #14866 (Feedback): System aliases created for local subnets can be an invalid length
Applied in changeset commit:01d6aeb62f876fc9b6f9e1083e7586b1866c725b. Marcos M
01:26 AM Regression #14866 (In Progress): System aliases created for local subnets can be an invalid length
Marcos M
12:46 AM Regression #14866: System aliases created for local subnets can be an invalid length
This appears to be introduced here: https://github.com/pfsense/pfsense/commit/85c4a8de0016bc4d192b60fd384af56aa4ba1376 Steve Wheeler
12:39 AM Regression #14866 (Resolved): System aliases created for local subnets can be an invalid length
In 23.09 system aliases are added to the ruleset for subnets on local interfaces. They are automatically created usin... Steve Wheeler
03:19 AM Bug #14056: DNS Resolver experiences intermittent resolution failures with SSL over TLS due to ASLR
Disabling ASLR was a workaround until it was fixed upstream in unbound (which is now the case). In 23.09, unbound is ... Marcos M
02:55 AM Bug #14056: DNS Resolver experiences intermittent resolution failures with SSL over TLS due to ASLR
This ticket has a target version of *23.09*, but I'm pretty sure it was fixed in *23.05*. I came across it in the "23... Michael Vincent
02:54 AM Revision 01d6aeb6: Use the interface name for the reserved system alias suffix. Fix #14866
Marcos M

10/11/2023

08:01 PM Bug #14386: ``openvpn.auth-user.php`` gets stuck at 100% CPU usage when RADIUS authentication times out
I'm not sure that the @Operation timed out@ log is related because the existence of the log means that the authentica... Marcos M
07:33 PM pfSense Packages Todo #14795: Transition to nut-devel
The upstream issue is resolved. Denny Page
07:01 PM pfSense Packages Bug #14865 (New): Saving TINC VPN settings on a CARP Primary causes TINC to start on the Secondary
When anything triggers a configuration save or if the TINC VPN configuration is saved on the CARP Primary Firewall, t... Matthew Latin
03:22 PM Regression #14525 (Resolved): PHP error in ``status_ipsec.php`` after removing active IPsec tunnel configuration
Jim Pingle
03:22 PM Regression #14525: PHP error in ``status_ipsec.php`` after removing active IPsec tunnel configuration
Tetsed on
23.05.1-RELEASE (amd64)
built on Wed Jun 28 03:57:27 UTC 2023
FreeBSD 14.0-CURRENT
The patch working... aleksei prokofiev
03:10 PM Regression #14525: PHP error in ``status_ipsec.php`` after removing active IPsec tunnel configuration
Tested patch on
2.7.0-RELEASE (amd64)
built on Wed Jun 28 03:53:34 UTC 2023
FreeBSD 14.0-CURRENT
Patch fixed th... aleksei prokofiev
09:15 AM Regression #14525: PHP error in ``status_ipsec.php`` after removing active IPsec tunnel configuration
I can reproduce this error with follow
1. S2S Ipsec
2. With working state, I delete P2 on one side and got this err... aleksei prokofiev
01:07 PM Feature #14864: Add option to enable unbound respip module (support RPZ)
!clipboard-202310111506-yzspy.png!
 znerol znerol
01:06 PM Feature #14864: Add option to enable unbound respip module (support RPZ)
Filed a "PR":https://github.com/pfsense/pfsense/pull/4650 znerol znerol
01:03 PM Feature #14864 (New): Add option to enable unbound respip module (support RPZ)
Unbound ships with great support for "Response Policy Zones":https://unbound.docs.nlnetlabs.nl/en/latest/topics/filte... znerol znerol
12:14 PM Feature #14860: Column consistancy between DHCP Static mapping and ARP
Do you mean in the DHCP static mapping list on services_dhcp.php / services_dhcpv6.php? The lists on status_dhcp.php ... Jim Pingle
12:07 PM Bug #14857 (Not a Bug): Linebreak or newline deleted from OpenVPN Custom Options Causing Corruption
It's not a bug. Read the text under the advanced options field. Directives in that box must be separated by a semicol... Jim Pingle
07:53 AM pfSense Packages Feature #14863 (New): WireGuard suppport for aliases
Allow to use aliases in "Allowed IPs" in the WireGuard Peer config. That would match with the general ability to use ... Bob Dig
07:17 AM Bug #14854: Packets are passed through dummynet twice when using ``route-to`` leading to half the expected bandwidth
I've tested on
2.7.0-RELEASE (amd64)
built on Wed Jun 28 03:53:34 UTC 2023
FreeBSD 14.0-CURRENT
It is not a bu... aleksei prokofiev
05:41 AM Regression #14856: Duplicating a floating rule places it at the bottom
The patch works great, tested on ... Lev Prokofev
12:43 AM pfSense Packages Documentation #14842: Update Squid troubleshooting
Can an update be made in the netgate documentation or a fix for this issue be investigated?
Its very odd that ticket... Mike Moore
12:33 AM pfSense Plus Bug #14862 (New): netstat nexthop queries fail on an arm32
Using the -o or -O switches with netstat to get nexthop data fails or shows bad data on arm32 devices.... Steve Wheeler

10/10/2023

09:05 PM pfSense Packages Bug #14861 (Resolved): PHP error when pings are enabled but no ping hosts are defined
i was directed to report this issue here
https://forum.netgate.com/topic/183151/telegraf-stopped-working-after-upd... David Bowen
08:30 PM Bug #14083: Adding MSS and MTU values on a LAGG VLAN interface breaks connectivity
I can confirm the issue with pfSense 2.7. We're using multiple vlan interfaces on an lagg1 interface. (lagg1.40, lagg... Daniel Hoffend
08:05 PM Feature #14860 (New): Column consistancy between DHCP Static mapping and ARP
Just a suggestion that the column IP and MAC be swapped in the table for Diagnostics / ARP. This would be consistant ... John Weithman
07:52 PM pfSense Packages Bug #14554 (Duplicate): PHP Fatal error: Uncaught TypeError: Cannot access offset of type string on string
Marcos M
06:46 PM Bug #14840: OpenVPN Uncaught Exception log error: Uncaught Exception: Can't parse time from string
I never configured a gateway group, just setting an IPv4 Tunnel Network 10.50.62.0/24
However, I did not set any I... Phil Wardt
06:05 PM Regression #14845 (Feedback): PHP error in 1:1 NAT rule list when a 1:1 NAT rule uses an interface macro for the external address
The issues noted in #note-6 occur when the IP address is also a VIP.
Applied in changeset commit:77ba34495de9cde375c... Marcos M
02:47 PM Regression #14845 (In Progress): PHP error in 1:1 NAT rule list when a 1:1 NAT rule uses an interface macro for the external address
Marcos M
05:56 PM Revision 77ba3449: Specify specialnet flags for GUI fields. Fix #14845
Store the flags in variables to allow easier future updates. Marcos M
05:47 PM Revision 38e308db: kea: enable RFC6842 compatibility mode
Christian McDonald
04:12 PM pfSense Packages Todo #14795: Transition to nut-devel
The pfSense-pkg-nut build appears to be failing due to an issue upstream in the FreeBSD nut-devel package. I have fil... Denny Page
02:19 PM pfSense Packages Bug #14858: Possible SNORT Regression with Remove Blocked Hosts interval / Alert length of time / duration timer being auto changed timer changed by itself and is deleting blocked hosts at 5 mins when set to never
Sorry I had it set to never to help with my AppID text file I made. I had a huge amount of entries I was making a a g... Jonathan Lee
01:03 PM pfSense Packages Bug #14858: Possible SNORT Regression with Remove Blocked Hosts interval / Alert length of time / duration timer being auto changed timer changed by itself and is deleting blocked hosts at 5 mins when set to never
I'm not following the problem description in this ticket at all. There is no relationship between the @virusprot@ tab... Bill Meeks
06:23 AM pfSense Packages Bug #14858 (Closed): Possible SNORT Regression with Remove Blocked Hosts interval / Alert length of time / duration timer being auto changed timer changed by itself and is deleting blocked hosts at 5 mins when set to never
Hello fellow Redmine community members,
I am having an issue with my Snort �Remove blocked host interval changing ... Jonathan Lee
01:55 PM Revision f3ec053b: kea: fix netboot regression
Christian McDonald
11:36 AM Bug #14859 (Resolved): Config upgrade error: upgrade_config.inc:6135
Upon restoring a config from pfSense 2.4.X or older:... Steve Wheeler
05:55 AM Bug #14857 (Not a Bug): Linebreak or newline deleted from OpenVPN Custom Options Causing Corruption
This bug has existed for at least three years. I don't know what triggers it, but it appears to be triggered behind t... George 77

10/09/2023

11:10 PM Bug #14840: OpenVPN Uncaught Exception log error: Uncaught Exception: Can't parse time from string
This has happened previously on 23.01 when the OpenVPN server is set to use a gateway group and the tier1 gateway is ... Marcos M
10:25 PM Regression #14856 (Feedback): Duplicating a floating rule places it at the bottom
Applied in changeset commit:35492119bf317c56d02b4a6d7f03d9658da6599b. Marcos M
10:16 PM Regression #14856 (Pull Request Review): Duplicating a floating rule places it at the bottom
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/1088 Marcos M
10:13 PM Regression #14856 (Resolved): Duplicating a floating rule places it at the bottom
When duplicating a floating rule, the rule is placed at the bottom instead of after the original rule it was duplicat... Marcos M
10:16 PM Revision 35492119: Save a duplicated floating rule after the original rule. Fix #14856
Marcos M
08:56 PM pfSense Packages Bug #14200: WireGuard reply-to without NAT
Confirmed for 2.7.0 and described here:
https://forum.netgate.com/topic/183278/port-forwarding-through-wg-tunnel-mis... Jens Maul
08:34 PM pfSense Packages Feature #13575 (Feedback): Update to frr 9.0.1
Updated to frr 9.0.1 in 23.09 dev branch. Marcos M
07:50 PM Bug #14854: Packets are passed through dummynet twice when using ``route-to`` leading to half the expected bandwidth
I am using default "new limiter" UploadLimit and speed limit in bits/s (16*1024*1024)
I am using default "new limite... Lukáš Mojžíš
07:43 PM Bug #14854: Packets are passed through dummynet twice when using ``route-to`` leading to half the expected bandwidth
Unable to replicate with the following setup
1 WAN - 1 LAN
pfSense CE 2.7.0 on a VM
Ubuntu Desktop client
Ste... dylan mendez
04:28 PM pfSense Plus Bug #14847: PHP-FPM webgui crashes and freezes
I read some information and experience and tried it. My point is not to rule out any possibility, but to face the pro... yon Liu
04:09 PM pfSense Plus Bug #14847: PHP-FPM webgui crashes and freezes
No, according to research, it is caused by your parameter configuration and PHP code design issues. My hardware resou... yon Liu
12:42 PM pfSense Plus Bug #14847 (Rejected): PHP-FPM webgui crashes and freezes
Those parameters are already adjusted based on system memory. There have been no other similar reports of problems wi... Jim Pingle
01:12 PM Bug #14852 (Not a Bug): SSH authentification with Radius backend is not working
Works for me here. Make sure there is a local user with the correct privileges already on the pfSense side. It doesn'... Jim Pingle
12:58 PM Bug #14237 (Not a Bug): Intermittent packet loss related to DHCP with Multi-WAN
Jim Pingle
12:57 PM Regression #14845: PHP error in 1:1 NAT rule list when a 1:1 NAT rule uses an interface macro for the external address
I am not seeing either of those behaviors here on the latest snapshot or a patched system. I can edit a rule and the ... Jim Pingle
12:43 PM pfSense Plus Bug #14848 (Rejected): The system cannot complete the restart process
There isn't nearly enough detail here to tell what is happening on your system in your environment, but it's not a ge... Jim Pingle
12:38 PM pfSense Packages Bug #14846 (Rejected): shellcmd Can't be executed from order 7 onwards
There is no limit on shellcmd tags, they are all executed by the system in the same manner one after another. If ther... Jim Pingle
12:20 PM pfSense Packages Bug #14855 (Resolved): suricata_Getdirsize issue after PHP 8
Found an issue with suricata_Getdirsize in suricata.inc
Since PHP 8 an Integer needle is no longer treated as a char... Graham Collinson

10/08/2023

10:00 PM Bug #14854: Packets are passed through dummynet twice when using ``route-to`` leading to half the expected bandwidth
I've just registered to report this. This affects me too.
The situation can only be mitigated by setting gateway to ... Lukáš Mojžíš
08:26 PM Bug #14854: Packets are passed through dummynet twice when using ``route-to`` leading to half the expected bandwidth
from: cat /tmp/rules.debug
No gateway specified
anchor "userrules/*"
pass in quick on $LAN inet from 192.16... nasir ahmed
06:08 PM Bug #14854 (Resolved): Packets are passed through dummynet twice when using ``route-to`` leading to half the expected bandwidth
When using a traffic shaper limiter to set bandwidth to say 10mbps in the download using any scheduler, if the gatewa... nasir ahmed
07:17 PM Bug #14237: Intermittent packet loss related to DHCP with Multi-WAN
The reason this happens is that I had pfSense configured to drop all states in case one of gateways goes down.
The r... Nazar Mokrynskyi
05:06 PM pfSense Packages Regression #14452: Prometheus node_exporter generates errors with the default config
A fix for this issue appears to have been merged upstream:
https://github.com/prometheus/node_exporter/issues/2593
... Steve Wheeler
05:03 PM pfSense Packages Bug #14230: PHP error with pfBlockerNG
Pull request sent: https://github.com/pfsense/FreeBSD-ports/pull/1305 Andre Brait
05:03 PM pfSense Packages Bug #14554: PHP Fatal error: Uncaught TypeError: Cannot access offset of type string on string
Pull request sent: https://github.com/pfsense/FreeBSD-ports/pull/1305 Andre Brait
04:10 PM Bug #14804 (Resolved): Panic when pfsync attempts to synchronize states between hosts with different rulesets
Marcos M
02:03 PM pfSense Plus Bug #14847: PHP-FPM webgui crashes and freezes
I initially found the reason. The parameters in php-fpm.conf are incorrect and cannot adapt to high load conditions.
... yon Liu

10/07/2023

11:51 PM Feature #14802: Re-enable multiqueue support for virtio NIC
I second this request, can't get more than ~2.5Gbps out of interfaces because of this, which is really annoying.
Was... Nazar Mokrynskyi
09:03 PM pfSense Packages Bug #14230: PHP error with pfBlockerNG
Kris Phillips wrote in #note-2:
> I'm not seeing any PHP errors in 3.2.0_4 of pfBlockerNG. Was there any particular... Andre Brait
07:36 PM pfSense Packages Bug #14853: Missing response for AAAA or A queries for blacklisted domains in Python mode
GitHub Pull Request here: https://github.com/pfsense/FreeBSD-ports/pull/1304 Andre Brait
07:25 PM pfSense Packages Bug #14853 (Pull Request Review): Missing response for AAAA or A queries for blacklisted domains in Python mode
In Python mode, when a domain is blacklisted, the result gets cached in the dnsblDB dictionary for caching and faster... Andre Brait
06:03 AM Regression #14845: PHP error in 1:1 NAT rule list when a 1:1 NAT rule uses an interface macro for the external address
The patch is working, however, I noticed two issues
1) Brackets after external IP
!clipboard-202310071002-sjgi5.p... Lev Prokofev
05:27 AM Bug #14852: SSH authentification with Radius backend is not working
Tested on ... Lev Prokofev
05:26 AM Bug #14852 (Not a Bug): SSH authentification with Radius backend is not working
On an attempt to ssh using the Radius user credentials I get ... Lev Prokofev
01:01 AM pfSense Packages Regression #14850 (Resolved): Unreadable alerts file results in PHP error
Error:
Fatal error: Uncaught TypeError: fgetcsv(): Argument #1 ($stream) must be of type resource, bool given in /us... Jonathan Lee
12:01 AM Feature #14849 (New): Add checkboxes to System Package Manager GUI, to allow multiple packages installed/removed rather than one at a time
This fairly simple suggestion arises from experience some time ago updating 2.6 to 2.7, where release notes stated _"... Stilez y

10/06/2023

09:33 PM pfSense Plus Bug #14848 (Rejected): The system cannot complete the restart process
The system cannot complete the restart process.
The system has been stuck and cannot complete the restart process, b... yon Liu
09:29 PM pfSense Plus Bug #14847 (Rejected): PHP-FPM webgui crashes and freezes
Regarding PHP-FPM, webgui crashes and freezes when the system load is relatively heavy, such as when there are a larg... yon Liu
09:21 PM pfSense Packages Bug #14846 (Rejected): shellcmd Can't be executed from order 7 onwards

shellcmd Can't be executed from order 7 onwards
The last two commands in the screenshot cannot be executed aut... yon Liu
08:10 PM Bug #14840: OpenVPN Uncaught Exception log error: Uncaught Exception: Can't parse time from string
I did not make any changes in the config between 16 sept and today
The pfsense box is rebooted nightly
The email no... Phil Wardt
03:16 PM Bug #14840: OpenVPN Uncaught Exception log error: Uncaught Exception: Can't parse time from string
Phil Wardt wrote in #note-2:
> I use pfsense CE 2.7.0
> The upgrade was done a month ago and many rebbots happened ... Jim Pingle
07:57 PM Feature #6960: Introduce Kea DHCP as an alternative DHCP server for IPv4 and IPv6
Christian McDonald wrote in #note-24:
> I added a note to the UI when using Kea that the MAC address is used for mapp... Phil Wardt
07:13 PM Regression #14431: Sending IPv6 traffic on a disabled interface can trigger a kernel panic
I'll message you on the forum. Marcos M
06:50 PM Regression #14431: Sending IPv6 traffic on a disabled interface can trigger a kernel panic
I'm finding it hard to distinguish 'the steps' in that thread from the normal noise and I don't know how to enter the... Rob A
06:35 PM Regression #14431: Sending IPv6 traffic on a disabled interface can trigger a kernel panic
To clarify, make sure that after installing the kernel-debug package, you reboot and select the debug kernel (option ... Marcos M
06:32 PM Regression #14431: Sending IPv6 traffic on a disabled interface can trigger a kernel panic
Not sure if I have done so previously. Currently the file looks like this:... Rob A
05:43 PM Regression #14431: Sending IPv6 traffic on a disabled interface can trigger a kernel panic
Did you edit the pfSense-ddb.conf file and add a swap partition for it to dump to?
Christian is working on a shiny w... Kristof Provost
05:37 PM Regression #14431: Sending IPv6 traffic on a disabled interface can trigger a kernel panic
Regrettably no:... Rob A
05:34 PM Regression #14431: Sending IPv6 traffic on a disabled interface can trigger a kernel panic
It should end up in /var/crash Kristof Provost
05:26 PM Regression #14431: Sending IPv6 traffic on a disabled interface can trigger a kernel panic
With the debug kernel running I triggered a crash and have the regular crash report. I did not see a core dump file ... Rob A
04:54 PM Regression #14431: Sending IPv6 traffic on a disabled interface can trigger a kernel panic
Ok, your job would be easy if it wasn't for these dull customers!... Rob A
04:37 PM Regression #14431: Sending IPv6 traffic on a disabled interface can trigger a kernel panic
Download the file to your device, and install with `pkg install -U <filename>`, via the device CLI. Kristof Provost
04:26 PM Regression #14431: Sending IPv6 traffic on a disabled interface can trigger a kernel panic
I ran the system (In whatever state I achieved above) but I was fighting other issues such as Kea and pfBlocker not r... Rob A
03:30 PM Regression #14431: Sending IPv6 traffic on a disabled interface can trigger a kernel panic
No joy. With pkg install I get the error:... Rob A
02:43 PM Regression #14431: Sending IPv6 traffic on a disabled interface can trigger a kernel panic
You can just pkg install and pkg remove it later.
As usual, make a config backup just in case, but this ought to be ... Kristof Provost
02:20 PM Bug #14804: Panic when pfsync attempts to synchronize states between hosts with different rulesets
There are no more crashes on the latest snapshots. Many thanks to all participants. Vladimir Suhhanov
01:20 PM Regression #14845 (Feedback): PHP error in 1:1 NAT rule list when a 1:1 NAT rule uses an interface macro for the external address
Applied in changeset commit:1db73de1b1014af5bb267c48c711d9917364b9aa. Jim Pingle
05:31 AM Regression #14845: PHP error in 1:1 NAT rule list when a 1:1 NAT rule uses an interface macro for the external address
Can confirm this bug,
tested on ... Lev Prokofev
05:09 AM Regression #14845 (Resolved): PHP error in 1:1 NAT rule list when a 1:1 NAT rule uses an interface macro for the external address
Fatal error: Uncaught TypeError: Cannot access offset of type string on string in /usr/local/www/guiconfig.inc:408 St... yon Liu
01:14 PM Revision 1db73de1: Fix PHP error on 1:1 NAT w/if macros. Fixes #14845
Jim Pingle

10/05/2023

08:06 PM Bug #14840: OpenVPN Uncaught Exception log error: Uncaught Exception: Can't parse time from string
I use pfsense CE 2.7.0
The upgrade was done a month ago and many rebbots happened since then
I noticed the error th... Phil Wardt
12:51 PM Bug #14840 (Incomplete): OpenVPN Uncaught Exception log error: Uncaught Exception: Can't parse time from string
What version of pfSense software are you running now?
What were you doing before the reboot? (e.g. if it was a reb... Jim Pingle
12:29 PM Bug #14840 (Incomplete): OpenVPN Uncaught Exception log error: Uncaught Exception: Can't parse time from string
I received the below notification about an error when pfsense was booted:... Phil Wardt
07:31 PM Feature #14844: QAT 200xx devices are not recognized as supported
Note this is the new qat device in Xeon D-17xx not the device in C2000 Atoms.... Steve Wheeler
07:25 PM Feature #14844 (Resolved): QAT 200xx devices are not recognized as supported
qat_200xx is supported by the qat driver but the pfSense scripts do not recognise it as a valid device.
https://gi... Steve Wheeler
07:22 PM pfSense Plus Bug #14478 (Feedback): Ethernet rules using ``(self)`` as a source or destination make the ruleset fail to load
The fix for this was merged last week. Jim Pingle
07:20 PM Feature #13422: Add a 'type' field to the DHCPv6 server Additional BOOTP/DHCP Options
Custom options for Kea will be in the next version, not this one. Jim Pingle
06:36 PM Regression #14431: Sending IPv6 traffic on a disabled interface can trigger a kernel panic
No problem. Best method to install this in a recoverable way? Rob A
03:21 PM Regression #14431: Sending IPv6 traffic on a disabled interface can trigger a kernel panic
Can you install and run this kernel and try to get a core dump?
https://www.codepro.be/files/pfSense-kernel-debug-p... Kristof Provost
11:42 AM Regression #14431: Sending IPv6 traffic on a disabled interface can trigger a kernel panic
Thanks Kristof, as it happens I had a crash today:... Rob A
06:00 PM Feature #6960 (In Progress): Introduce Kea DHCP as an alternative DHCP server for IPv4 and IPv6
If I put a client ID such as "mint3" in, it's allowed by validation and Kea still crashes and refuses to start.
<p... Jim Pingle
05:09 AM Feature #6960 (Feedback): Introduce Kea DHCP as an alternative DHCP server for IPv4 and IPv6
I added a note to the UI when using Kea that the MAC address is used for mappings that set both a MAC and cid (which ... Christian McDonald
05:44 PM Feature #9504: Include hostname being updated in Dynamic DNS notifications
It's worth noting that this only applies to traditional Dynamic DNS instances (Services > Dynamic DNS, Dynamic DNS Cl... Jim Pingle
05:35 PM pfSense Plus Bug #14837: some services show can't start
/firewall_virtual_ip.php: The command '/sbin/ifconfig tun_wg0 inet6 'fe80::981f:60ff:fee9:56d3' -alias' returned exit... yon Liu
04:43 PM pfSense Plus Bug #14837: some services show can't start
wireguard up online, but wg service show down. yon Liu
05:10 PM pfSense Packages Feature #14729: OpenVPN Client Export - Support PLAP on Windows
Kris Phillips wrote in #note-1:
> Assigning to Jim P since he typically maintains this package.
Thank you. I'm wi... Pablo Bendersky
03:24 PM Bug #14843 (Confirmed): Explicit split DNS domain names required for IoS IPSEC clients.
This is a follow-up to bug #12975.
In the IPSec Mobile Clients GUI page, the SPLIT DNS parameter is commented as "... Serge Caron
02:22 PM pfSense Packages Documentation #14842 (New): Update Squid troubleshooting
The area where the update is needed:
https://docs.netgate.com/pfsense/en/latest/troubleshooting/squid.html#sites-no... Mike Moore
01:43 PM pfSense Packages Bug #14841 (Feedback): IPsec Profile Export for Apple is using incorrect encryption on PKCS#12 data, cannot import into macOS
https://gitlab.netgate.com/pfSense/factory-ports/-/commit/50536bbbe13da52c01bfeb77e6f40370844b9659 Jim Pingle
01:40 PM pfSense Packages Bug #14841 (Resolved): IPsec Profile Export for Apple is using incorrect encryption on PKCS#12 data, cannot import into macOS
Since the change to OpenSSL 3.0 on development snapshots, IPsec Profiles exported for Apple cannot be read.
Simila... Jim Pingle
12:56 PM pfSense Packages Bug #14834: Alerts Tab throws php error when changing size from 2000 back to 500.
Jonathan Lee wrote in #note-6:
> I don't know if this is of concern also. My Lan interface assignment to snort only ... Bill Meeks
02:23 AM pfSense Packages Bug #14834: Alerts Tab throws php error when changing size from 2000 back to 500.
I don't know if this is of concern also. My Lan interface assignment to snort only detects the destination as the fir... Jonathan Lee
12:18 PM Bug #14839 (Incomplete): PHP Parse error: syntax error
The error there is not from pfSsh.php but a problem with code being run through it. Note that it's mentioning "eval()... Jim Pingle
09:43 AM Bug #14839 (Incomplete): PHP Parse error: syntax error
[05-Oct-2023 12:18:36 Asia/Phnom_Penh] PHP Parse error: syntax error, unexpected end of file in /usr/local/sbin/pfSs... Sam Vanchanna
05:05 AM Revision 3b2e7ed2: kea: prevent configuring static reservations with both mac and cid matching
Christian McDonald

10/04/2023

09:57 PM pfSense Packages Feature #14838 (New): Full support for AdBlock-style lists
The AdBlock syntax allows for both blacklisting and whitelisting, as well as using wildcards and sometimes plain regu... Andre Brait
08:23 PM Bug #14804 (Feedback): Panic when pfsync attempts to synchronize states between hosts with different rulesets
I've cherry-picked the upstream fix into our branches. The fix will be part of the next snapshot builds. Kristof Provost
06:35 PM Bug #11192: Using Limiters causes out of order packets within one TCP or UDP flow
Marcos M wrote in #note-15:
> Thank you - it's a good analysis! Since this is more of a FreeBSD issue than a pfSense ... P L
04:14 PM pfSense Plus Bug #14837 (Not a Bug): some services show can't start
I can't reproduce anything like this. UPnP starts fine here, for example. Please post on the forum and diagnose these... Jim Pingle
04:02 PM pfSense Plus Bug #14837 (Not a Bug): some services show can't start
23.09-DEVELOPMENT (amd64)
built on Wed Oct 4 17:15:00 CST 2023
FreeBSD 14.0-CURRENT
status_services.php
wireg... yon Liu
01:29 PM Regression #14431: Sending IPv6 traffic on a disabled interface can trigger a kernel panic
Unfortunately both Steve and I have been unable to reproduce this problem.
We could try to see if a full core dum... Kristof Provost
01:08 PM pfSense Plus Bug #14824: OpenVPN instance on IPv6 PPPoE interface does not always start automatically
Still happens with one of the two VPNs
23.09-DEVELOPMENT (amd64)
built on Tue Oct 3 14:00:00 CST 2023 yon Liu
12:05 PM pfSense Packages Bug #14836: squid and capitive portal integration bug
The errors are from a file packaged with squid, not captive portal, so moving this to squid. Jim Pingle
11:58 AM pfSense Packages Bug #14836 (New): squid and capitive portal integration bug
When activating capitive portal authentication mode in squid, errors start to appear and the squid service does not r... Vamberto Araujo Vamberto
12:02 PM pfSense Plus Feature #14835 (Not a Bug): Nics name netgate 6100
The expected order is the order shown on https://docs.netgate.com/pfsense/en/latest/solutions/netgate-6100/io-ports.h... Jim Pingle
10:36 AM pfSense Plus Feature #14835: Nics name netgate 6100
Or is this the norm for this box?
https://docs.netgate.com/pfsense/en/latest/solutions/netgate-6100/io-ports.html Stepan Afonin
10:10 AM pfSense Plus Feature #14835 (Not a Bug): Nics name netgate 6100
Hello. I think that the WAN interfaces on the netgate 6100 *box* are now called incorrectly.
Like now:
WAN1 = ix3, ... Stepan Afonin
08:40 AM Revision 6d33f471: Template for the kernel-symbols package
The kernel-symbols package will contain the symbols files for the default
(i.e. non-DEBUG) kernel.
(cherry picked fr... Kristof Provost
02:29 AM pfSense Packages Bug #14834: Alerts Tab throws php error when changing size from 2000 back to 500.
Thanks for looking at this. I found a work around. I disabled the keep config, deleted the package, reinstalled and h... Jonathan Lee

10/03/2023

11:59 PM pfSense Packages Bug #14834 (Resolved): Alerts Tab throws php error when changing size from 2000 back to 500.
PR merged, it's building now Jim Pingle
11:51 PM pfSense Packages Bug #14834: Alerts Tab throws php error when changing size from 2000 back to 500.
I introduced this bug by way of a typo in my last package fix. The fix for this is posted and awaiting merge and subs... Bill Meeks
11:13 PM pfSense Packages Bug #14834 (Resolved): Alerts Tab throws php error when changing size from 2000 back to 500.
Steps to create:
Change alert tab length of logs display from 1000 back to 500 after apply
ERROR:
Fatal error:... Jonathan Lee
07:00 PM Bug #14831 (Feedback): IPsec rejects certificate without any SANs
Applied in changeset commit:547ecbf358f667c023b2d6b1c39dd53993fd6164. Jim Pingle
06:58 PM Bug #14785 (Feedback): Primary IPv6 interface address may be incorrect when a VIP is set
Azamat Khakimyanov wrote in #note-6:
> BUT when I used compressed IPv6-address (VIP:VIP::1/128) as a WAN VIP, I stil... Jim Pingle
01:10 PM Bug #14785 (Assigned): Primary IPv6 interface address may be incorrect when a VIP is set
Tested on 23.05_1 and 23.09-DEV (built on Tue Oct 3 6:00:00 UTC 2023)
I partly can reproduce this issue on 23.05_1... Azamat Khakimyanov
06:53 PM Revision 547ecbf3: Refine IPsec P1 cert wildcard check. Fixes #14831
Jim Pingle
06:40 PM Bug #14756: Link loss causes interfaces configured as Track Interface for IPv6 to lose their IPv4 addresses
If testing this via patching, you may need to apply commit:49d0874fb4524e05a802eaeabbf6bf152860f3d4 first Jim Pingle
06:30 PM Bug #14756 (Feedback): Link loss causes interfaces configured as Track Interface for IPv6 to lose their IPv4 addresses
Applied in changeset commit:5cd87ac533d2b7666d1ff5e1ab5a3fdf2a78f9ea. Jim Pingle
06:20 PM Bug #14756 (In Progress): Link loss causes interfaces configured as Track Interface for IPv6 to lose their IPv4 addresses
Looking more at interface_bring_down() it doesn't seem like it could be readily adapted this way since it wants to wo... Jim Pingle
06:39 PM Bug #14626 (Feedback): Multi-WAN IPsec does not fail over when preferred WAN loses link
Fixed in commit:49d0874fb4524e05a802eaeabbf6bf152860f3d4 Jim Pingle
06:39 PM Bug #14829 (Feedback): Multi-WAN Dynamic DNS does not fail over when preferred WAN loses link
Fixed in commit:49d0874fb4524e05a802eaeabbf6bf152860f3d4 Jim Pingle
06:23 PM Revision 5cd87ac5: Don't down static v4+t6 on link loss. Fixes #14756
In this scenario, IPv4 is static and IPv6 is tracking another interface.
Neither of those conditions requires taking ... Jim Pingle
06:17 PM Revision 49d0874f: Force gateway alarm for dynamic WAN link down
* Fixes Dynamic DNS updates when losing link. Issue #14829
* Fixes IPsec not failing over when losing link. Issue #14626 Jim Pingle
03:12 PM pfSense Packages Bug #14832 (Resolved): User-forced disabling of a rule or modifying a rule action from a triggered alert entry using the icons on the ALERTS tab is not saved as persistent.
PR merged and picked back, thanks! Jim Pingle
12:24 PM Bug #14804 (In Progress): Panic when pfsync attempts to synchronize states between hosts with different rulesets
Jim Pingle
06:55 AM Bug #14804: Panic when pfsync attempts to synchronize states between hosts with different rulesets
The affected user has very helpfully provided a core dump, which shows a couple of things.
Firstly it confirms what ... Kristof Provost
11:03 AM pfSense Plus Bug #14824: OpenVPN instance on IPv6 PPPoE interface does not always start automatically
Tested on:
23.01-RELEASE (amd64)
built on Fri Feb 10 20:06:33 UTC 2023
FreeBSD 14.0-CURRENT
(all official pat... Łukasz Rojczyk
04:32 AM Regression #14833 (New): OpenVPN client process in bridged tap mode fails after 2.7.0 CE upgrade

Have a P2P OpenVPN tunnel that bridges 2 physical interfaces for the purpose of passing multicast traffic. Has been... Bob Weybrecht
01:21 AM Feature #14047: Options to control Intel Speed Shift
riva geeza wrote in #note-1:
> This affected myself, on my newly built appliance the gui displayed Intel(R) Celeron(R... Andre Brait

10/02/2023

11:56 PM pfSense Packages Bug #14832: User-forced disabling of a rule or modifying a rule action from a triggered alert entry using the icons on the ALERTS tab is not saved as persistent.
The fix for the issues in this ticket has been submitted to the DEVEL branch in pull request 1300 here: https://githu... Bill Meeks
10:27 PM pfSense Packages Bug #14832 (Resolved): User-forced disabling of a rule or modifying a rule action from a triggered alert entry using the icons on the ALERTS tab is not saved as persistent.
This was functionality inadvertently broken during the PHP 8.1 updates back in early 2023 and was not detected during... Bill Meeks
07:59 PM Bug #14829 (Pull Request Review): Multi-WAN Dynamic DNS does not fail over when preferred WAN loses link
I have a fix for this coming, but it needs more testing.
Internal MR is https://gitlab.netgate.com/pfSense/pfSense... Jim Pingle
12:58 PM Bug #14829 (Resolved): Multi-WAN Dynamic DNS does not fail over when preferred WAN loses link
Link down for main WAN does trigger GW group failover to secondary WAN, but doesn't trigger DynDNS updatedns event.
... Georgiy Tyutyunnik
07:58 PM Bug #14626 (Pull Request Review): Multi-WAN IPsec does not fail over when preferred WAN loses link
I have a fix for this coming, but it needs more testing.
Internal MR is https://gitlab.netgate.com/pfSense/pfSense... Jim Pingle
07:55 PM Feature #9504 (Feedback): Include hostname being updated in Dynamic DNS notifications
Applied in changeset commit:8de76843e8d58bc6239be05498c2d372b19bac7e. Jim Pingle
07:51 PM Bug #14831 (Resolved): IPsec rejects certificate without any SANs
When I fixed #13373 it apparently created a slightly different bug: Now if there are *no* SANs on a certificate at al... Jim Pingle
07:46 PM Revision 8de76843: Include hostname in DDNS notify. Implements #9504
Jim Pingle
05:01 PM pfSense Plus Regression #14828: QAT is not being used by some daemons
I still see demonstrable difference between 23.05 and 23.09 dev with QAT. QAT is active on 23.05 for all on-device e... Rob A
03:09 PM pfSense Plus Regression #14828 (Feedback): QAT is not being used by some daemons
Waiting on more info from the OP on the forum since it's not clear there is actually a problem yet. The items we expe... Jim Pingle
01:07 PM pfSense Plus Regression #14828: QAT is not being used by some daemons
QAT isn't broken, it is working with IPsec and OpenVPN DCO which is expected since they are in the kernel.
It isn't ... Jim Pingle
11:29 AM pfSense Plus Regression #14828 (Feedback): QAT is not being used by some daemons
QAT not working. Issue identified on Netgate 6100 and subsequently confirmed on a 4100 unit. Issue confined to 23.0... Rob A
02:55 PM pfSense Plus Bug #14824: OpenVPN instance on IPv6 PPPoE interface does not always start automatically
log after rebooting the device (everything ok):
Oct 2 16:52:53 openvpn 39792 Initialization Sequence Completed
... Łukasz Rojczyk
02:49 PM pfSense Plus Bug #14824: OpenVPN instance on IPv6 PPPoE interface does not always start automatically
Probably the same problem that I extinguished (from version 23.05.1)
https://redmine.pfsense.org/issues/14811#chan... Łukasz Rojczyk
02:49 PM Feature #7718: Hostname for Custom DynDNS Updater.
Hi,
had the same problem with the missing hostname on my dynamic dns client page.
i was able to help myself with ... Carsten Terlutter
02:47 PM Feature #6960: Introduce Kea DHCP as an alternative DHCP server for IPv4 and IPv6
Vladimir Suhhanov wrote in #note-20:
> The other question is where I can see CARP status for the DHCP. ISC provided a... Jim Pingle
12:35 PM Feature #6960 (In Progress): Introduce Kea DHCP as an alternative DHCP server for IPv4 and IPv6
Confirmed here as well, setting a 'client identifier' in a static mapping makes Kea fail to start. Looks like we need... Jim Pingle
02:44 PM Regression #14819 (Resolved): File to trigger the wizard post-install is missing
Looks good on latest snapshot. The file is present, hardware is correctly identified, and the wizard is triggered at ... Jim Pingle
02:39 PM Bug #14830 (Duplicate): Kea can't start with both MAC address and Client Identifier on static mappings
Already known and mentioned here: #6960#note-21 Jim Pingle
02:33 PM Bug #14830 (Duplicate): Kea can't start with both MAC address and Client Identifier on static mappings
now no DHCP v4 work.
ERROR [kea-dhcp4.dhcp4.0x101e42412000] DHCP4_INIT_FAIL failed to initialize Kea server: confi... yon Liu
12:42 PM pfSense Docs Todo #14816: Feedback on pfSense® software Configuration Recipes — OpenVPN Site-to-Site Configuration Example with SSL/TLS
Kris Phillips wrote in #note-1:
> You shouldn't need to define a Remote subnet unless you're doing a /30 S2S, but I ... Jim Pingle
12:31 PM pfSense Packages Todo #14825 (Duplicate): please upgrade frr to frr 8.5.3_1
Duplicate of #13575 Jim Pingle
12:18 PM pfSense Packages Bug #14827 (Not a Bug): file space error with unbound: 103% used
It's an issue in your pfBlocker config. You'll have to manually clean up those log files, it's too late for the packa... Jim Pingle
08:25 AM Feature #7881: OpenVPN client - add support for multiple server entries
I'd like to be able to set multiple "remote" as fallback in case some of them fail to connect. AFAIU it can't be curr... Gianluca Gabrielli

10/01/2023

01:52 PM pfSense Packages Bug #14827: file space error with unbound: 103% used
When trying to install any packet now the following error occurs:
pkg-static: Not enough space in /var/cache/pkg, ne... Felix S
11:09 AM pfSense Packages Bug #14827: file space error with unbound: 103% used
Hi Kris,
thank you for your input on this.
I removed pfBlockerNG including its configuration which gives the follow... Felix S
02:22 AM pfSense Packages Bug #14827: file space error with unbound: 103% used
Based on the files, this looks more like an issue with pfBlockerNG than a problem with unbound. All of the files con... Kris Phillips
10:14 AM pfSense Packages Bug #10436 (Feedback): softflowd no longer sends flow data after upgrade (v0.9.9_1 -> v1.0.0)
My fault - I tested it on KVM with vtnet NICs. I'm afraid I don't have SG-3100.
If anyone can run this test on SG-... Azamat Khakimyanov
07:01 AM pfSense Packages Bug #14638: Upgrading from Tailscale 0.1.3.1 to 0.1.4 does not start tailscale after upgrading
Tested on
23.05.1-RELEASE (amd64)
built on Wed Jun 28 03:57:27 UTC 2023
FreeBSD 14.0-CURRENT
Tailscale 0.1.4
... aleksei prokofiev
06:25 AM Feature #6960: Introduce Kea DHCP as an alternative DHCP server for IPv4 and IPv6
No luck here...... Vladimir Suhhanov
02:32 AM Feature #6960: Introduce Kea DHCP as an alternative DHCP server for IPv4 and IPv6
Tested static leases, DHCP status page, service stop/start manually or from reboots. Seems to work without issues at... Kris Phillips
12:56 AM Feature #6960: Introduce Kea DHCP as an alternative DHCP server for IPv4 and IPv6
Testing as we speak with 23.09.a.20230929.2350
I needed to acknowledge deprecation before I could change any legacy ... Jordan G
02:44 AM pfSense Docs Todo #14816 (Confirmed): Feedback on pfSense® software Configuration Recipes — OpenVPN Site-to-Site Configuration Example with SSL/TLS
Reviewing, the option for "Enable authentication of TLS packets" is indeed missing in the UI. It looks like it was r... Kris Phillips
02:36 AM pfSense Packages Todo #14795: Transition to nut-devel
Plus should be updated with this as well. It is still on 2.8.0. Kris Phillips
02:34 AM pfSense Packages Todo #14825 (Confirmed): please upgrade frr to frr 8.5.3_1
Checked current snapshots of 23.09 and 8.5.2 is the current version in the Plus repo. Kris Phillips
02:24 AM pfSense Plus Bug #14824: OpenVPN instance on IPv6 PPPoE interface does not always start automatically
This sounds like an issue with ordering and PPPoE. Likely the PPPoE connection isn't started prior to the OpenVPN Cl... Kris Phillips
01:27 AM Regression #14819 (Feedback): File to trigger the wizard post-install is missing
Should be fixed in the next build Brad Davis

09/30/2023

10:37 PM pfSense Plus Bug #14467: Temperature sensor reading is abnormally high on some systems
getting unknown oid in the latest build 23.09.a.20230929.2350 Jordan G
08:30 PM pfSense Plus Feature #12832: 6100 configurable Blinking Blue LED
you can use the following to disable the blue blinking indicator on 4100/6100/8200 systems... Jordan G
08:20 PM pfSense Packages Bug #14827 (Not a Bug): file space error with unbound: 103% used
pfSense
2.7.0-RELEASE (amd64)
built on Wed Jun 28 03:53:34 UTC 2023
FreeBSD 14.0-CURRENT
df -lh output:
Files... Felix S
06:55 PM pfSense Packages Bug #10436 (Resolved): softflowd no longer sends flow data after upgrade (v0.9.9_1 -> v1.0.0)
Tested on 23.05_1 with SoftFlowD 1.2.6_1
I run SoftFlowd on different interfaces (WAN, LAN and Bridge) and generat... Azamat Khakimyanov
06:28 PM Bug #14634: The default gateway icon is not updated when the default gateway is changed to none
related to #12536 Alhusein Zawi
04:02 PM Feature #14746 (Resolved): Method for users to customize shell initialization behavior
Tested on... Christopher Cope
03:03 PM Feature #6960: Introduce Kea DHCP as an alternative DHCP server for IPv4 and IPv6
Tested the Kea DHCP with the latest release today.
Here are the test results:
- The service started without any... Danilo Zrenjanin
03:02 PM pfSense Plus Bug #14824: OpenVPN instance on IPv6 PPPoE interface does not always start automatically
This problem occurs again yon Liu
09:08 AM pfSense Plus Bug #14824: OpenVPN instance on IPv6 PPPoE interface does not always start automatically
I just updated to this version and this problem did not occur. I will continue to observe and report in the future.
... yon Liu
08:07 AM pfSense Plus Bug #14824: OpenVPN instance on IPv6 PPPoE interface does not always start automatically
my WAN is pppoe. yon Liu
06:55 AM pfSense Plus Bug #14824: OpenVPN instance on IPv6 PPPoE interface does not always start automatically
Can't reproduce it, tunnel on IPv6 only interface starts immediately after a reboot.
tested on ... Lev Prokofev
01:16 AM pfSense Plus Bug #14824: OpenVPN instance on IPv6 PPPoE interface does not always start automatically
tested on
23.09-DEVELOPMENT (amd64)
built on Fri Sep 29 21:07:00 CST 2023
FreeBSD 14.0-CURRENT yon Liu
01:13 AM pfSense Plus Bug #14824 (New): OpenVPN instance on IPv6 PPPoE interface does not always start automatically
openvpn use ipv6 WAN, When pfsense restarts the system, openvpn ipv6 can't autostart. It must be started manually. Af... yon Liu
02:34 PM Bug #14783 (Resolved): List of Dynamic DNS types with split host+domain name is missing several providers
I can confirm it is working fine on:... Danilo Zrenjanin
07:04 AM Bug #14783: List of Dynamic DNS types with split host+domain name is missing several providers
Looks good, tested it with the patch on ... Lev Prokofev
06:34 AM Bug #14783: List of Dynamic DNS types with split host+domain name is missing several providers
After applying the patch, there are no changes. I have resaved the DynDNS entry, but the Client Export Utility still ... Danilo Zrenjanin
11:22 AM pfSense Packages Feature #14826 (New): Add package pfSense-pkg-corosync-qnetd
This package should provide "corosync-qnetd":https://github.com/corosync/corosync-qdevice, a daemon providing an addi... Markus *
09:14 AM Bug #6799: Negating ``<interface> net`` when a VIP exists on the interface results in unintended behavior
Tested on 23.05_1 and on 23.09-DEV ()
I was able to reproduce this issue on 23.05_1 but on 23.09-DEV adding a VIP ... Azamat Khakimyanov
08:08 AM pfSense Packages Feature #8547: fwknop Port Knocking Package
Jim Pingle wrote in #note-1:
> If you want secure remote access, use a VPN.
I understand that censorship circumve... Vitaly Bakulev
01:33 AM pfSense Packages Todo #14825: please upgrade frr to frr 8.5.3_1
sorry, this is 8.5.3
Bug Fixes
bgpd
Add peers back to peer hash when peer_xfer_conn fails
Do not explicitly p... yon Liu
01:27 AM pfSense Packages Todo #14825 (Duplicate): please upgrade frr to frr 8.5.3_1
Because I keep encountering IPV6 bgp sessions in Idle and Connect status, I hope to upgrade to the latest version and... yon Liu
12:04 AM pfSense Packages Feature #14823 (New): Feature Request: pre configured packet crafted response for specific IP addresses (alias) such that the reply would automatically show all closed/filtered on ports for Snort package.
Feature Request for a pre configured packet crafted response for specific IP addresses such that the reply would auto... Jonathan Lee

09/29/2023

11:59 PM pfSense Packages Feature #14821: Feature Request: pre configured packet crafted response for specific IP addresses such that the reply would automatically show all closed/filtered on ports
Sorry this was supposed to be under Snort not nmap. I will fix that. Jonathan Lee
07:13 PM pfSense Packages Feature #14821 (Rejected): Feature Request: pre configured packet crafted response for specific IP addresses such that the reply would automatically show all closed/filtered on ports
The purpose of the nmap package is to provide a simple GUI for quick scans. I don't think this request is appropriate... Marcos M
06:45 PM pfSense Packages Feature #14821: Feature Request: pre configured packet crafted response for specific IP addresses such that the reply would automatically show all closed/filtered on ports
this still causes event Jonathan Lee
06:39 PM pfSense Packages Feature #14821: Feature Request: pre configured packet crafted response for specific IP addresses such that the reply would automatically show all closed/filtered on ports
Ref:
https://www.snort.org/faq/readme-sfportscan Jonathan Lee
06:37 PM pfSense Packages Feature #14821: Feature Request: pre configured packet crafted response for specific IP addresses such that the reply would automatically show all closed/filtered on ports
Relates to:
https://redmine.pfsense.org/issues/14754
https://redmine.pfsense.org/issues/14514 Jonathan Lee
06:35 PM pfSense Packages Feature #14821 (Rejected): Feature Request: pre configured packet crafted response for specific IP addresses such that the reply would automatically show all closed/filtered on ports
Attached is a example of detection and block of a standard non decoy nmap scan.
Kali OS has decoy/spoofing port sc... Jonathan Lee
10:36 PM Bug #14820 (Resolved): GUI TCP port is not updated in the configuration when saving with the field empty to remove an existing value
Marcos M
06:08 PM Bug #14820: GUI TCP port is not updated in the configuration when saving with the field empty to remove an existing value
patch works
tested on:
Version 23.05.1-RELEASE (amd64)
built on Wed Jun 28 03:57:27 UTC 2023
FreeBSD 14.0-CURRENT Georgiy Tyutyunnik
05:20 PM Bug #14820 (Feedback): GUI TCP port is not updated in the configuration when saving with the field empty to remove an existing value
Applied in changeset commit:57e299906c4525bcc89c728a6246495369178023. Marcos M
05:12 PM Bug #14820 (Pull Request Review): GUI TCP port is not updated in the configuration when saving with the field empty to remove an existing value
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/1085 Marcos M
04:51 PM Bug #14820: GUI TCP port is not updated in the configuration when saving with the field empty to remove an existing value
Can confirm this, tested on ... Lev Prokofev
04:41 PM Bug #14820 (Resolved): GUI TCP port is not updated in the configuration when saving with the field empty to remove an existing value
# Set a value for the GUI TCP port; save
# Remove the value; save
# The config and redirect URL contains the old po... Marcos M
10:33 PM pfSense Packages Bug #13997: NUT Package and 23.01
It may be this gets resolved once the package is updated:
https://redmine.pfsense.org/issues/14795 Marcos M
07:59 PM pfSense Packages Feature #14192: Instant Website Redaction Technology Not working
This now functions as expected with the created rules
If other admins use this firewall in a very large environmen... Jonathan Lee
07:25 PM pfSense Packages Feature #14192: Instant Website Redaction Technology Not working
Thanks for the reply.
I have added this to always allow. I did not know if others have noticed this. Jonathan Lee
06:10 PM pfSense Packages Feature #14192 (Rejected): Instant Website Redaction Technology Not working
This type of issue is better handled outside of the firewall software itself (e.g. by creating your own rules). Marcos M
07:53 PM pfSense Packages Bug #14822: Services/Snort/Pass List/Edit Auto-Generated IP Addresses has degraded performance on passing
Done per request
https://forum.netgate.com/topic/183128/services-snort-pass-list-edit-auto-generated-ip-addresses-... Jonathan Lee
07:26 PM pfSense Packages Bug #14822 (Feedback): Services/Snort/Pass List/Edit Auto-Generated IP Addresses has degraded performance on passing
> I have spoof rules enabled they are still blocking the passlist addresses seen below.
This has been an issue in th... Marcos M
07:02 PM pfSense Packages Bug #14822 (Feedback): Services/Snort/Pass List/Edit Auto-Generated IP Addresses has degraded performance on passing
I have learned that Snort's GUI Passlist Auto-Generated IP addresses area is not 100% passing and still blocking whe... Jonathan Lee
07:07 PM pfSense Packages Bug #14754: Snort security issue bug within tcp/UDP scan detection blocking tool DoS event
I opened a new bug for that I forgot that I have that already set as pass listed Jonathan Lee
06:44 PM pfSense Packages Bug #14754: Snort security issue bug within tcp/UDP scan detection blocking tool DoS event
@Marcos M
They are automatically added to pass list and this still occurs.
Unless this was changed recently.
... Jonathan Lee
06:36 PM pfSense Packages Bug #14754: Snort security issue bug within tcp/UDP scan detection blocking tool DoS event
Related Feature Request
https://redmine.pfsense.org/issues/14821 Jonathan Lee
06:16 PM pfSense Packages Bug #14754: Snort security issue bug within tcp/UDP scan detection blocking tool DoS event
Thanks Marcos I am aware of the passlist area this would resolve this. Again, that would allow backdoor conditional p... Jonathan Lee
05:58 PM pfSense Packages Bug #14754 (Not a Bug): Snort security issue bug within tcp/UDP scan detection blocking tool DoS event
This isn't a bug. To avoid the issue, relevant IP addresses can be added to a passlist. There also likely exist rules... Marcos M
05:39 PM pfSense Packages Bug #14754: Snort security issue bug within tcp/UDP scan detection blocking tool DoS event
Please let me know if that helps with the logic if not I can boot up Kali to offline my system again. That is already... Jonathan Lee
05:31 PM pfSense Packages Bug #14754: Snort security issue bug within tcp/UDP scan detection blocking tool DoS event
Example of detection and block of standard nmap scan.
Kali OS has decoy scanning abilities for lan tests that are ... Jonathan Lee
03:39 PM pfSense Packages Bug #14754: Snort security issue bug within tcp/UDP scan detection blocking tool DoS event
Thus this is what is occuring for my system and creates the DoS event.
Nmap -sS -D 8.8.8.8 64.113.111.129
Resul... Jonathan Lee
03:35 PM pfSense Packages Bug #14754: Snort security issue bug within tcp/UDP scan detection blocking tool DoS event
Durring testing this condition with Palo Alto
Command used was
Nmap -sS -D decoyIP targetIP
This will send th... Jonathan Lee
03:02 PM pfSense Packages Bug #14754: Snort security issue bug within tcp/UDP scan detection blocking tool DoS event
This denial of service attack occurs only when
P: snort is on wan and has port scan detection and blocking enable... Jonathan Lee
02:50 PM pfSense Packages Bug #14754: Snort security issue bug within tcp/UDP scan detection blocking tool DoS event
64.113.111.129 is my IP this block occurs when this IP is used by an invasive actor to perform a port scan of my netw... Jonathan Lee
02:46 PM pfSense Packages Bug #14754: Snort security issue bug within tcp/UDP scan detection blocking tool DoS event
P: pfSense is forwarding it's DNS to 8.8.8.8 and Snort is set to block port scans seen on the WAN interface.
Q: th... Jonathan Lee
01:07 PM pfSense Packages Bug #14754: Snort security issue bug within tcp/UDP scan detection blocking tool DoS event
This bug report makes absolutely no sense to me. I can't follow the logic trail here. All of the blocks shown in the ... Bill Meeks
06:52 PM pfSense Packages Todo #14795: Transition to nut-devel
https://github.com/pfsense/FreeBSD-ports/pull/1296 Marcos M
06:36 PM pfSense Packages Bug #14514: SNORT randomly starts blocking the IP address on the interface that it is residing on
https://redmine.pfsense.org/issues/14821
Related Feature Request Jonathan Lee
06:00 PM pfSense Packages Bug #14514 (Duplicate): SNORT randomly starts blocking the IP address on the interface that it is residing on
Marcos M
06:03 PM Bug #14516 (Not a Bug): With Multiple static ARP MAC-IP pairing to the same IP address hosts in ARP TABLE showing wrong pairings
The ARP page does a DNS lookup to show the hostname. Since the same IP address is used for multiple hostnames, the re... Marcos M
05:14 PM Revision 57e29990: Handle saving empty values in system_advanced_admin.php. Fix #14820
Marcos M
03:17 PM Feature #6960 (Feedback): Introduce Kea DHCP as an alternative DHCP server for IPv4 and IPv6
MR has been merged, it will be in snapshots shortly.
 Jim Pingle
03:12 PM Bug #13911: Unnecessary delay when querying ``ixgbe(4)`` interfaces with SFP ports
Updating subject for release notes. Jim Pingle
03:07 PM Bug #14325: Captive Portal incorrectly allows leading zeroes on voucher roll numbers
Updating subject for release notes. Jim Pingle
02:08 PM Revision bf4e2a03: Add notice when starting the zpool trim
Brad Davis
01:35 PM pfSense Packages Bug #14730: FreeRADIUS package has wrong/old internal_name specified in backup xml causing package reinstall failure on backup restore
For what it's worth, I just restored a backup on 23.09 which had FreeRADIUS3 installed and it restored fine and reins... Jim Pingle
01:24 PM Regression #14819 (Resolved): File to trigger the wizard post-install is missing
After some recent changes to how the base and so on are packaged, the file @/conf/trigger_initial_wizard@ is missing ... Jim Pingle
01:03 PM pfSense Plus Bug #14818: StatusTraffic Graph In/Out traffic misplaced in Graph but correct in text table
Yes but the settings on that traffic graph page can be configured in numerous different ways and how you have that pa... Jim Pingle
12:56 PM pfSense Plus Bug #14818: StatusTraffic Graph In/Out traffic misplaced in Graph but correct in text table
It is a super simple configuration.
One public WAN, one local LAN, only one local client IP
Just look on the pict... Ivaylo Velikov
12:26 PM pfSense Plus Bug #14818: StatusTraffic Graph In/Out traffic misplaced in Graph but correct in text table
Can you show more of the screenshot there to see all of your current settings when that behavior is observed?
Also... Jim Pingle
12:14 PM pfSense Plus Bug #14818 (Confirmed): StatusTraffic Graph In/Out traffic misplaced in Graph but correct in text table
StatusTraffic Graph In/Out traffic misplaced in Graph but correct in text table
See attached picture Ivaylo Velikov
05:45 AM Bug #9889: Cannot validate Certificates against Certificate Revocation Lists for Intermediate Certificate Authorities
1. Version information on dashboard. I've just applied the patch again, and the readout is now 'Unable to check for ... Chris Merchant
 

Also available in: Atom