Project

General

Profile

Activity

From 10/15/2023 to 11/13/2023

11/13/2023

11:16 PM Revision 88bb1c55: Expand detection of PC Engines APU2 platform to include all variants
Fixes #13498 in Redmine. Brett Keller
11:03 PM pfSense Plus Bug #14973: pfSense as AP's Wireless Interface no longer seen in DHCP tabs
Thank you it was very late and my kid was sick last week, I went to make a guest network really fast and I couldn't g... Jonathan Lee
01:17 PM pfSense Plus Bug #14973 (Not a Bug): pfSense as AP's Wireless Interface no longer seen in DHCP tabs
There is no bug, your Wireless interface in the screenshot has a /32 CIDR, so there isn't any room in that "subnet" f... Jim Pingle
08:25 PM Bug #14978 (Feedback): PHP error on ``services_dhcpv6.php`` if the configuration contains an empty ``dhcpv6`` section
Applied in changeset commit:6df70417029defed162b539720e8baa03984f653. Marcos M
08:16 PM Bug #14978 (Resolved): PHP error on ``services_dhcpv6.php`` if the configuration contains an empty ``dhcpv6`` section
On a fresh install:
# Configure a static IPv6 address on LAN, click @Save@
# Go to @Services > DHCPv6 Server@, clic... Marcos M
08:23 PM Bug #14967 (Pull Request Review): Cannot disable Router Advertisements when the interface IPv6 configuration is set to ``None``
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/1102
Apply the following fix with the System Patches pac... Marcos M
08:17 PM Revision 6df70417: Update direct config access in services_dhcpv6.php. Fix #14978
Marcos M
08:13 PM Bug #14977 (Resolved): Kea fails to restart due to race between process termination and startup
If for some reason the Kea control socket lock file is present while Kea is stopped, then Kea can never start until t... Jim Pingle
08:02 PM Regression #14966: DHCP WAN with multiple (2+) IP Alias VIPs may show ``0.0.0.0`` as an interface address at boot
Merged to plus in 1fbbea8f10 Reid Linnemann
05:10 PM Regression #14966 (Feedback): DHCP WAN with multiple (2+) IP Alias VIPs may show ``0.0.0.0`` as an interface address at boot
Applied in changeset commit:1fbbea8f10c58ef11851662588819c654e31ceae. Reid Linnemann
07:49 PM pfSense Packages Bug #14956 (Resolved): Suricata GUI generates invalid syslog priority values in suricata.yaml file for some drop-down list values
PR merged, thanks! Jim Pingle
07:48 PM pfSense Packages Bug #14955 (Resolved): Suricata GUI throws a PHP error when creating an EventTime object for use on the ALERTS or BLOCKS tabs if there is a malformed log file entry
PR merged, thanks! Jim Pingle
07:48 PM pfSense Packages Feature #14954 (Resolved): Add GUI option to Suricata interface settings for logging of Ethernet (MAC) addresses to the EVE JSON log
PR merged, thanks! Jim Pingle
07:48 PM pfSense Packages Bug #14961 (Resolved): Snort package issue in snort_Getdirsize() function due to behavior change in PHP 8.x
PR merged, thanks! Jim Pingle
07:48 PM pfSense Packages Bug #14645 (Resolved): Snort interface "External Net" (EXTERNAL_NET) custom IP list should have negation when expanded
PR merged, thanks! Jim Pingle
06:34 PM pfSense Packages Bug #14645: Snort interface "External Net" (EXTERNAL_NET) custom IP list should have negation when expanded
Hi Bill,
main problem is when you have some static IPs outside of your network (let's say your work IPs or your VP... Dzmitry Kazei
05:01 PM Revision 1fbbea8f: Remove use of 0.0.0.0 alias in pfSense-dhclient-script. Fixes #14966
Reid Linnemann
04:05 PM Regression #14965 (Feedback): Input validation prevents saving DHCPv6 Relay settings
Applied in changeset commit:a6c6b835f8d75796c0c1fb9ecde90f5b1757f807. Marcos M
03:14 PM Regression #14965 (Pull Request Review): Input validation prevents saving DHCPv6 Relay settings
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/1100 Marcos M
03:01 PM Regression #14965 (In Progress): Input validation prevents saving DHCPv6 Relay settings
Marcos M
04:05 PM Regression #14963 (Feedback): Mobile IPsec Group Authentication cannot be enabled
Applied in changeset commit:0fc7765c886ed60555750d12808f493d70918450. Marcos M
03:54 PM Regression #14963 (Pull Request Review): Mobile IPsec Group Authentication cannot be enabled
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/1101 Marcos M
03:35 PM Regression #14963 (In Progress): Mobile IPsec Group Authentication cannot be enabled
Marcos M
03:59 PM Revision a6c6b835: Remove invalid field from input validation. Fix #14965
Marcos M
03:55 PM Regression #14947: Rules using aliases of type ``URL (IPs)`` are not generated
Is this patch landing in the 'Recommended System Patches' area for 23.09? → luckman212
03:48 PM Revision 0fc7765c: Save the mobile IPsec group auth setting. Fix #14963
Marcos M
03:36 PM pfSense Plus Feature #14976 (New): Cleaner way to know if an interface failed
When an interface status changes from UP to DOWN or is flapping, there are other syslog messages that get generated b... Mike Moore
02:04 PM Bug #14949: PHP Error on ``interfaces.php`` when creating a PPP interface
The files already have unix line endings and are UTF-8. I believe they are unaltered since download:
$ shasum -a 2... Sean McBride
01:23 PM Bug #14949: PHP Error on ``interfaces.php`` when creating a PPP interface
Not sure why they are rejected for you when uploading the file, but if you open them in a text editor that supports u... Jim Pingle
01:46 PM Regression #14974 (Feedback): Incorrect permissions on ``ipsec.auth-user.php``
Fix committed:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/commit/86f1772ba14c290ba67735e6c4a3577d6e58a349
... Jim Pingle
01:45 PM pfSense Packages Todo #14971: Add text about the limit to use only Network type alias for Custom Destination
Thanks.
I think it will be good to add a category of UI, for both the text and visuals of UI. Wolfgang Thegreat
01:41 PM pfSense Packages Todo #14971: Add text about the limit to use only Network type alias for Custom Destination
Wolfgang Thegreat wrote in #note-2:
> I didn't find a more suitable place to ask for it. Can you direct me?
It's ... Jim Pingle
01:32 PM pfSense Packages Todo #14971: Add text about the limit to use only Network type alias for Custom Destination
I didn't find a more suitable place to ask for it. Can you direct me? Wolfgang Thegreat
01:24 PM pfSense Packages Todo #14971: Add text about the limit to use only Network type alias for Custom Destination
This is asking for a change to the GUI, not the documentation. Jim Pingle
01:23 PM pfSense Packages Bug #14638 (Closed): Upgrading from Tailscale 0.1.3.1 to 0.1.4 does not start tailscale after upgrading
Jim Pingle
01:18 PM pfSense Plus Regression #14972 (Not a Bug): DNS Resolver GUI not showing Static DHCP and DHCP Registration seleectors after moving to KEA DHCP
This is a known issue which is mentioned in the release notes as a limitation for this release:
https://docs.netga... Jim Pingle
01:01 PM pfSense Plus Bug #14975: Dynamic DNS client cloudflare not update ip double wan-opt1
For clarification. In this config, everything works fine, it updates in both directions. Stepan Afonin
12:54 PM pfSense Plus Bug #14975 (Not a Bug): Dynamic DNS client cloudflare not update ip double wan-opt1
Hello. There is a group of gateways wan and opt1(wan2), the problem is that if Default gateway wan is the priority, t... Stepan Afonin
01:10 AM Feature #14887: Add an appropriately named file to install images to indicate what they are
https://gitlab.netgate.com/pfSense/Crossbuild/-/merge_requests/117 Steve Wheeler

11/12/2023

07:00 PM Regression #14974 (Resolved): Incorrect permissions on ``ipsec.auth-user.php``
Strongswan cannot execute /etc/inc/ipsec.auth-user.php, breaking Xauth.
Was 0755 in 23.05.1 now 0644 in 23.09 Chris Linstruth
05:22 PM pfSense Plus Bug #14973: pfSense as AP's Wireless Interface no longer seen in DHCP tabs
Can this please be patched as I can not update past 23.09 for this hardware do to Squid use restrictions. I have no a... Jonathan Lee
05:20 PM pfSense Plus Bug #14973: pfSense as AP's Wireless Interface no longer seen in DHCP tabs
This is for an Official Netgate 2100-Max purchased from Netgate Website in 2019 Jonathan Lee
05:19 PM pfSense Plus Bug #14973 (Not a Bug): pfSense as AP's Wireless Interface no longer seen in DHCP tabs
Hello fellow Redmine Members,
We have lost the DHCP tabs for Wireless clients when use of a internal Wireless card... Jonathan Lee
03:03 PM pfSense Plus Regression #14972: DNS Resolver GUI not showing Static DHCP and DHCP Registration seleectors after moving to KEA DHCP
Replying to self here.
Just read posts https://forum.netgate.com/topic/183970/does-static-mapping-work-in-kea-dhcp/1... Eloi Chayer
12:49 PM pfSense Plus Regression #14972 (Not a Bug): DNS Resolver GUI not showing Static DHCP and DHCP Registration seleectors after moving to KEA DHCP
After moving from ISC DHCP to KEA DHCP in System -> Advanced -> Networking, the "Static DHCP" and "DHCP Registration"... Eloi Chayer
09:07 AM Bug #14631: ACL on DNS Resolver is not updated list after IPs changed on interfaces
Tested on
23.09-RELEASE (amd64)
built on Tue Oct 31 22:56:00 MSK 2023
FreeBSD 14.0-CURRENT
Issue still presented. aleksei prokofiev
08:22 AM Regression #14963: Mobile IPsec Group Authentication cannot be enabled
Tested on
23.09-RELEASE (amd64)
built on Tue Oct 31 22:56:00 MSK 2023
FreeBSD 14.0-CURRENT
I can confirm that.... aleksei prokofiev
02:31 AM Bug #14949: PHP Error on ``interfaces.php`` when creating a PPP interface
For me the patches were rejected also because they were "not in unified diff format".
How to proceed? Sean McBride
02:19 AM Regression #14965: Input validation prevents saving DHCPv6 Relay settings
I can also verify this behavior. Kris Phillips
02:07 AM Bug #14967: Cannot disable Router Advertisements when the interface IPv6 configuration is set to ``None``
I can confirm this bug. You can also work around it by setting the LAN interface to "Track Interface" and setting it... Kris Phillips
02:05 AM pfSense Plus Bug #14968: Google LDAP fail to bind
I can confirm this behavior with Google LDAPS. It seems that everything "works" when manually querying LDAP, but som... Kris Phillips
01:06 AM pfSense Packages Regression #13970 (Feedback): PHP error in apcupsd widget from UTF-8 string handling
The widget has the following for the default entries in the warning/critical values by default, or possibly from a pr... Jordan G

11/11/2023

11:56 PM pfSense Packages Regression #14764: HAProxy local syslog not working
Discussion thread: https://forum.netgate.com/topic/182508/haproxy-local-syslog-not-working Michael Vincent
11:46 PM pfSense Packages Bug #14364: APCUPSD unable to process date string
Not sure where the date format is being pulled from, I'm using an older bn700 APC UPS and my date format is mm/dd/yyy... Jordan G
11:25 PM Regression #14970: Static ARP assignments lose ``permanent`` flag in ARP table
Just for completeness, I tested with -S (rather than-s) with similar result.... Denny Page
09:01 PM Regression #14970 (Resolved): Static ARP assignments lose ``permanent`` flag in ARP table
Arp flips back and forth between reporting static arp entries as permanent or having timeouts with large negative val... Denny Page
10:05 PM pfSense Plus Regression #14828: QAT is not being used by some daemons
in 23.09 I am seeing that after enabling IIMB, regardless of whether AES-NI or QAT is set for cryptographic hardware ... Jordan G
09:45 PM pfSense Packages Todo #14971 (New): Add text about the limit to use only Network type alias for Custom Destination
Hello,
At the UI path of pfBlockerNG > IP > IPv4 > edit of a table object > the section of "Advanced Inbound Firew... Wolfgang Thegreat
07:57 PM Bug #14969 (Duplicate): PHP error after changing IPv4 Configuration Type from None to PPPoE
Duplicate of #14949 (already fixed with patches available) Jim Pingle
07:29 PM Bug #14969: PHP error after changing IPv4 Configuration Type from None to PPPoE
Tested against:... Danilo Zrenjanin
07:27 PM Bug #14969 (Duplicate): PHP error after changing IPv4 Configuration Type from None to PPPoE
1) Assign a new interface.
2) Do not set any address. Both IPv4/IPv6 Configuration Type set to *None* . Just enable... Danilo Zrenjanin
07:31 PM Regression #12183 (Confirmed): Changing MAC address for PPP parent interface stopped working
I can confirm that it doesn't work as expected on:... Danilo Zrenjanin
04:45 PM Regression #14965: Input validation prevents saving DHCPv6 Relay settings
the same behavior,
tested on... Lev Prokofev
04:44 PM Regression #14965: Input validation prevents saving DHCPv6 Relay settings
the same behavior,
tested on
Lev Prokofev
02:25 PM Bug #14949: PHP Error on ``interfaces.php`` when creating a PPP interface
Works as expected in 23.09 here. Just use the 'Patch file upload' when you add the new patch. Steve Wheeler
11:49 AM Bug #14949: PHP Error on ``interfaces.php`` when creating a PPP interface
Jim, downloaded .patch files ... but when trying to upload to netgate pfsense I get The uploaded file must be in unif... Peter Kubik
01:25 AM Bug #14949: PHP Error on ``interfaces.php`` when creating a PPP interface
Crazy timing, but I only today tried to update from 23.05 to 23.09. When I go to Interfaces > WAN I reproducibly get... Sean McBride
01:11 PM pfSense Plus Bug #14968 (New): Google LDAP fail to bind
Even with a freshly created cert and Bind user login/pass it fails to bind with the message:
_/system_authservers.... Lev Prokofev
09:56 AM pfSense Packages Bug #14638: Upgrading from Tailscale 0.1.3.1 to 0.1.4 does not start tailscale after upgrading
I couldn't replicate it either.
There are no complaints from anyone else.
As a result, I recommend that we pro... Danilo Zrenjanin

11/10/2023

11:49 PM Bug #13555 (Duplicate): When WAN is lost, ipv6 interface will not renew upon WAN availability
Thank you for confirming. Marcos M
09:31 PM Bug #13555: When WAN is lost, ipv6 interface will not renew upon WAN availability
Confirmed that 23.09 resolves this issue. quiet lion
10:13 PM Bug #14967 (Resolved): Cannot disable Router Advertisements when the interface IPv6 configuration is set to ``None``
Background: This is a Netgate XG-7100-1U box ordered in June 2019. It is setup as a pretty standard 1 WAN, 1 LAN fire... Kevin Murray
09:56 PM Regression #14966: DHCP WAN with multiple (2+) IP Alias VIPs may show ``0.0.0.0`` as an interface address at boot
It's not strictly a cosmetic annoyance, as the 0.0.0.0 address is the primary address of the interface. Things like I... Reid Linnemann
05:27 PM Regression #14966 (Resolved): DHCP WAN with multiple (2+) IP Alias VIPs may show ``0.0.0.0`` as an interface address at boot
On a system with a DHCP WAN and more than one IP alias VIP on the same interface the firewall may end up with the tem... Jim Pingle
09:48 PM Feature #13085: OpenVPN NBDD server options
@Marcos M
Thank you for having noticed that I missed the nbdd_server_change "();" in code Phil Wardt
02:55 PM Feature #13085: OpenVPN NBDD server options
Merged after some minor touchups.
Applied in changeset commit:6c01ae83c2480d5ae692ae11c94918a0cfd43a52. Marcos M
08:01 PM Regression #14488 (Feedback): Extensions directory is not set in ``rc.php_ini_setup``
Applied in changeset 132fef021c94f6823af72ff348e061ad5d3bb64c. Marcos M
07:52 PM Regression #14488 (Pull Request Review): Extensions directory is not set in ``rc.php_ini_setup``
Looks like @extension_dir@ defaults to the correct path when the value is empty. However, @EXTENSIONSDIR@ is used whe... Marcos M
07:56 PM Revision 132fef02: Merge pull request #4642 from marcelloc/patch-8
Marcos M
07:24 PM Bug #14312 (Feedback): MSS clamping on VPN traffic does not work on IPsec IPv6 mobile VPNs
Applied in changeset commit:ced1d06568d3ae5465612f5117ca1434af028daf. Marcos M
06:55 PM Revision ced1d065: Merge pull request #4634 from rlaager/fix-mss-clamping-for-v6-vpn
Marcos M
06:41 PM Bug #14276 (Pull Request Review): One.com dynamic DNS doesn't work
Marcos M
06:34 PM pfSense Docs Correction #14962 (Resolved): Missing Word in IPSec EAP-RADIUS Doc
Fixed and deployed: https://gitlab.netgate.com/docs/pfSense-docs/-/commit/ef7d14c1c260345396ce32d1e7d13881f38a0372 Jim Pingle
01:20 AM pfSense Docs Correction #14962 (Resolved): Missing Word in IPSec EAP-RADIUS Doc
Doc is here: https://docs.netgate.com/pfsense/en/latest/recipes/ipsec-mobile-ikev2-eap-radius.html
Line reads:
"T... Kris Phillips
05:46 PM Bug #13498 (Pull Request Review): Newer variant models within the PC Engines APU2 platform are not recognized, causing garbled early serial console output
Marcos M
05:01 PM Feature #14728 (Feedback): Support for CD/DVD drives in the External Configuration Locator (ECL)
https://github.com/pfsense/pfsense/pull/4647
Merged after minor touch-ups.
Applied in changeset 5506b679754b0f6d5ae... Marcos M
04:51 PM Revision 5506b679: Merge pull request #4647 from Tsuser1/ecl-cdrom
Marcos M
04:37 PM Feature #13242 (Pull Request Review): Enhancements to static route creation/deletion for dpinger monitor IPs
Marcos M
04:33 PM Feature #12522 (Pull Request Review): More GUI options for OpenVPN Client-Specific Overrides
Marcos M
02:41 PM Revision 6c01ae83: Merge pull request #4653 from PhilZ-cwm6/patch_ovpn_nbdd
Marcos M
02:30 PM Todo #13537 (Feedback): Update vendor files
Applied in changeset commit:b18653a30eb4fa5d33ded0a78c7ddba0043f0e0c. Marcos M
02:06 PM Revision d2a91e8a: Update nvd3. Implement #13537
Marcos M
02:03 PM Revision e0cb987c: Update fontawesome. Implement #13537
Marcos M
02:03 PM Revision b18653a3: Update jQuery and jQuery-ui. Implement #13537
Marcos M
10:25 AM Feature #14960: Fixup the connection of a Wireless WAN to a particular BSSID
This issue has been pull-requested: https://github.com/pfsense/pfsense/pull/4656 Dongyoon Han
08:31 AM Regression #14965 (Resolved): Input validation prevents saving DHCPv6 Relay settings
On the 23.09-RELEASE, DHCPv6 Relay won't start. Although the *Upstream Servers* field has a valid server address, it ... Danilo Zrenjanin
04:56 AM pfSense Plus Regression #14964 (Not a Bug): SG-3100: iscsi support removed from 23.09 kernel
I used to use it to easily store larger service logs (e.g. from squid) on a NAS and can probably live without, but si... Jürgen Rühle
03:18 AM Regression #14963 (Resolved): Mobile IPsec Group Authentication cannot be enabled
In pfSense Plus 23.09, if you try to enable "Group Authentication" under VPN --> IPSec --> Mobile Clients, choose a g... Kris Phillips
02:02 AM pfSense Packages Bug #14645: Snort interface "External Net" (EXTERNAL_NET) custom IP list should have negation when expanded
This issue is corrected by Snort package update 4.1.6_12 posted for review and merge here: https://github.com/pfsense... Bill Meeks
12:40 AM pfSense Packages Bug #14645: Snort interface "External Net" (EXTERNAL_NET) custom IP list should have negation when expanded
Sorry to be late replying to this ticket.
First, the double brackets is a bug and will be corrected in a forthcoming... Bill Meeks
02:01 AM pfSense Packages Bug #14961: Snort package issue in snort_Getdirsize() function due to behavior change in PHP 8.x
This issue is corrected by Snort package update 4.1.6_12 posted for review and merge here: https://github.com/pfsense... Bill Meeks
12:46 AM pfSense Packages Bug #14961 (Resolved): Snort package issue in snort_Getdirsize() function due to behavior change in PHP 8.x
Beginning with PHP 8.x specific ASCII control characters should be wrapped with @chr()@ to insure they are interprete... Bill Meeks

11/09/2023

11:14 PM Todo #13537: Update vendor files
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/1098
* nvd3 updated to 1.8.6
* fontawesome updated to 6.... Marcos M
10:20 PM pfSense Packages Feature #14954: Add GUI option to Suricata interface settings for logging of Ethernet (MAC) addresses to the EVE JSON log
The requested feature has been added in code associated with Pull Request 1313 posted here for review and merge: http... Bill Meeks
01:44 AM pfSense Packages Feature #14954: Add GUI option to Suricata interface settings for logging of Ethernet (MAC) addresses to the EVE JSON log
I am working on adding this feature to a forthcoming GUI package update. Bill Meeks
01:31 AM pfSense Packages Feature #14954 (Resolved): Add GUI option to Suricata interface settings for logging of Ethernet (MAC) addresses to the EVE JSON log
Add an option to the INTERFACE SETTINGS tab to allow the use to enable or disable Ethernet (MAC) addresses to the EVE... Bill Meeks
10:18 PM pfSense Packages Bug #14955: Suricata GUI throws a PHP error when creating an EventTime object for use on the ALERTS or BLOCKS tabs if there is a malformed log file entry
This issue is resolved by Pull Request 1313 posted for review and merging here: https://github.com/pfsense/FreeBSD-po... Bill Meeks
01:44 AM pfSense Packages Bug #14955: Suricata GUI throws a PHP error when creating an EventTime object for use on the ALERTS or BLOCKS tabs if there is a malformed log file entry
I will address this problem in a forthcoming GUI package update. Bill Meeks
01:36 AM pfSense Packages Bug #14955 (Resolved): Suricata GUI throws a PHP error when creating an EventTime object for use on the ALERTS or BLOCKS tabs if there is a malformed log file entry
A line containing a number of consecutive spaces in either the @alerts.log@ or @blocks.log@ files will cause a fatal ... Bill Meeks
10:17 PM pfSense Packages Bug #14956: Suricata GUI generates invalid syslog priority values in suricata.yaml file for some drop-down list values
This issue is resolved with Pull Request 1313 posted for review and merge here: https://github.com/pfsense/FreeBSD-po... Bill Meeks
01:45 AM pfSense Packages Bug #14956: Suricata GUI generates invalid syslog priority values in suricata.yaml file for some drop-down list values
I am addressing this problem in a forthcoming GUI package update. Bill Meeks
01:42 AM pfSense Packages Bug #14956 (Resolved): Suricata GUI generates invalid syslog priority values in suricata.yaml file for some drop-down list values
The Suricata GUI code generates invalid syslog priority values in the @suricata.yaml@ file for several drop-down list... Bill Meeks
08:58 PM pfSense Packages Bug #14898: Suricata core dumps with signal 11
I may have found the culprit here (quite by accident I will admit). I think this commit by @kprovost might have fixed... Bill Meeks
04:43 AM pfSense Packages Bug #14898: Suricata core dumps with signal 11
I have not been able to reliably reproduce this crash, but I am testing on pfSense 2.7.0 CE with the latest Suricata ... Bill Meeks
07:13 PM Todo #13536 (Rejected): Compress website images
Thank you for the contribution.
I ran a lossless pass that reduced 48 files and saved less than 100KB. Given that ... Marcos M
06:55 PM pfSense Docs Todo #14959 (Closed): Update config revisions
Done.
https://gitlab.netgate.com/docs/pfSense-docs/-/commit/76a371e0e4165a89167f7d449a5ae21260f5125b
https://gi... Jim Pingle
05:51 PM pfSense Docs Todo #14959 (Closed): Update config revisions
https://docs.netgate.com/pfsense/en/latest/releases/versions.html
Config revisions for 23.09 and 2.7.1 should both... Marcos M
06:47 PM Feature #14960 (New): Fixup the connection of a Wireless WAN to a particular BSSID
When I use Wireless WAN in Infrastructure (BSS mode), sometimes it changed from the closest AP to a distant AP after ... Dongyoon Han
06:36 PM Bug #14929 (Pull Request Review): ``choparp`` service is not stopped after deleting Proxy ARP type Virtual IP addresses
Jim Pingle
08:40 AM Bug #14929: ``choparp`` service is not stopped after deleting Proxy ARP type Virtual IP addresses
I tested the patch, and I can confirm that it fixes the issue. Danilo Zrenjanin
06:21 PM Regression #14947 (Resolved): Rules using aliases of type ``URL (IPs)`` are not generated
I replicated the issue on 23.09-RELEASE (amd64).
After applying the patch, the firewall successfully loaded the l... Danilo Zrenjanin
05:18 PM Bug #14949: PHP Error on ``interfaces.php`` when creating a PPP interface
Thanks for the speed of delivering the patch, I can confirm that I used the workaround method when it was mentioned i... Jonny M
05:09 PM Bug #14949 (Feedback): PHP Error on ``interfaces.php`` when creating a PPP interface
There are indeed two separate issues here, one that affects CE and Plus and one that is Plus only
The issue affectin... Jim Pingle
05:16 PM pfSense Packages Todo #14795: Transition to nut-devel
Thank you! Denny Page
05:15 PM pfSense Packages Todo #14795: Transition to nut-devel
Sure, see attached. Marcos M
03:09 AM pfSense Packages Todo #14795: Transition to nut-devel
Thank you Marcos. Can you also post the ARM version please?
 Denny Page
12:33 AM pfSense Packages Todo #14795 (Feedback): Transition to nut-devel
# Install @nut@ from the package manager GUI
# Upload the attached file to the firewall
# Remove the old dependency... Marcos M
04:49 PM Revision 02366840: Fix PHP error when saving PPP interface w/o config. Issue #14949
Jim Pingle
01:09 PM Todo #14958 (New): Always reinstall *-kmod packages
We should ensure that *-kmod packages (such as drm-510-kmod) always get reinstalled on upgrade.
These ports are kern... Kristof Provost
09:43 AM Feature #12746: IPoE feature for WAN interface
Hello Team,
Can anyone please advise if there is any traction on this issue/feature? Seems like this is preventin... Shaf S
09:41 AM Feature #14957 (New): Edit or copy rule info/UX improvement
Hi! I find a little confusing to know if I'm actually copying a rule or editing it. If I click copy rule, the top pat... Federico Galli

11/08/2023

11:13 PM Todo #13268 (Pull Request Review): Dynamically adjust the interface name maximum width in the login banner
The max interface description is known (31 iirc), and the real interface name is almost always relatively short, henc... Marcos M
09:57 PM Todo #13263 (Feedback): Reduce log spam when deleting a static DHCP entry
Marcos M
09:57 PM Todo #13263: Reduce log spam when deleting a static DHCP entry
Applied in changeset 8b4006f25828c5fbd768e27b52470cdd3614f7ea. Marcos M
09:54 PM Revision 8b4006f2: Merge pull request #4603 from luckman212/reduce-log-spew-during-static-dhcp-deletions
Marcos M
09:42 PM Feature #14887: Add an appropriately named file to install images to indicate what they are
In fact the file seem to be added cumulatively. The memstick-vga image only has the correct named txt file. ADI image... Steve Wheeler
09:24 PM Feature #14887 (In Progress): Add an appropriately named file to install images to indicate what they are
Seeing this is 2.7.1 images now but all three file names are added:... Steve Wheeler
09:37 PM Feature #13256 (Feedback): Better handling of duplicate IP addresses in static DHCP assignments
Applied in changeset commit:f6bf8c925d0e460c4e23429d0294b8b357a903a2. Marcos M
09:19 PM Revision f6bf8c92: Merge pull request #4603 from luckman212/enhancement-to-dhcp-static-map-handling-of-duplicate-ips
Marcos M
08:50 PM Bug #11566 (Feedback): Firewall Maximum Table Entries "default size" is whatever is entered
Applied in changeset commit:50b5741beafdb34a3009b78279e203570f5e6d3f. Marcos M
06:10 PM Bug #11566: Firewall Maximum Table Entries "default size" is whatever is entered
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/1096 Marcos M
06:10 PM Bug #11566 (Pull Request Review): Firewall Maximum Table Entries "default size" is whatever is entered
Marcos M
05:48 PM Bug #11566: Firewall Maximum Table Entries "default size" is whatever is entered
It may not be. :) And actually per https://docs.netgate.com/pfsense/en/latest/config/advanced-firewall-nat.html#fire... Steve Y
05:33 PM Bug #11566: Firewall Maximum Table Entries "default size" is whatever is entered
The code simply reports the current value rather than keeping track of the default value (which is accurate only when... Marcos M
01:58 PM Bug #11566: Firewall Maximum Table Entries "default size" is whatever is entered
Since it came up in forum, just noting this is still an issue on 23.05.1. (haven't updated any to 23.09 yet since it ... Steve Y
08:29 PM pfSense Docs Todo #14816 (Closed): Feedback on pfSense® software Configuration Recipes — OpenVPN Site-to-Site Configuration Example with SSL/TLS
I just pushed an update that corrects some of the menu/option names and clarifies a couple other points. I followed a... Jim Pingle
06:43 PM Bug #14949: PHP Error on ``interfaces.php`` when creating a PPP interface
It appears there are multiple problems here.
This line is failing because it's falling through to the default case... Jim Pingle
06:21 PM Bug #14949 (Confirmed): PHP Error on ``interfaces.php`` when creating a PPP interface
I can replicate this in 23.09 after setting an interface IPv4 type from none to pppoe:... Steve Wheeler
06:04 PM Bug #14949: PHP Error on ``interfaces.php`` when creating a PPP interface
I also noticed this problem, although I hadn't used PPPoE for a while now.
https://forum.netgate.com/topic/183934/f... Bob Dig
04:27 PM Bug #14949: PHP Error on ``interfaces.php`` when creating a PPP interface
Freshly assigned, I had not used that interface before I went to set PPPoE up on it for a second ISP. Jonny M
04:26 PM Bug #14949: PHP Error on ``interfaces.php`` when creating a PPP interface
Was OPT1 configured before you started? Or was it freshly assigned?
 Jim Pingle
04:19 PM Bug #14949: PHP Error on ``interfaces.php`` when creating a PPP interface
I browse to Interfaces -> OPT1, change the IPv4 configuration to PPPoE, enter a PPPoE username and password, and then... Jonny M
04:00 PM Bug #14949: PHP Error on ``interfaces.php`` when creating a PPP interface
OK, two more questions:
1. What are the exact steps you are taking that produce the PHP error? I know you said "co... Jim Pingle
03:03 PM Bug #14949: PHP Error on ``interfaces.php`` when creating a PPP interface
Lines 1995-1998 are:... Jonny M
02:15 PM Bug #14949 (Feedback): PHP Error on ``interfaces.php`` when creating a PPP interface
The error is a bit odd considering the code there:... Jim Pingle
06:07 PM Revision 50b5741b: Update misleading function names. Fix #11566
Marcos M
05:53 PM Feature #14953 (Resolved): Add Kea information to ``status.php``
status.php only gathers information, such as the configuration file, for ISC dhcpd. Kea should be incorporated.
Se... Chris Linstruth
04:50 PM Regression #14947 (Feedback): Rules using aliases of type ``URL (IPs)`` are not generated
Applied in changeset commit:a6cf534d0fa0297547f1e587a12729f9d7066bae. Marcos M
04:44 PM Revision a6cf534d: Support URL IP aliases in alias_expand(). Fix #14947
Marcos M
03:09 PM pfSense Packages Bug #14898: Suricata core dumps with signal 11
Thank you Marcos for the hint about the VIP. I am investigating. The crash is happening within a portion of the custo... Bill Meeks
01:51 PM pfSense Packages Bug #14951 (Duplicate): Tripplite Smart1500LCD UPS
Almost certainly the same as other similar recent reports. Some driver/OS change is causing this device to need root ... Jim Pingle
04:19 AM pfSense Packages Bug #14951 (Duplicate): Tripplite Smart1500LCD UPS
I wanted to create this incident ticket to advise the pfsense development team that when I had pfsense version 2.6, I... Adam Di Vizio
05:03 AM Feature #14952 (Rejected): Firewall Alias Import
Hi There,
When you create a new Alias in PFSENSE, you can click on import option where it gives you a text box to ... Adam Di Vizio
01:24 AM Feature #14437: Add DynDNS Provider - Hetzner
PR: https://github.com/pfsense/pfsense/pull/4714
Old PR: https://github.com/pfsense/pfsense/pull/4654
I messed up ... Marvin Hörr
12:15 AM pfSense Packages Todo #14073: Shalla block list is offline but still available in pfBlocker
Can we get this package cleaned up at least with the removal of the list.
Its causing confusion from users. Mike Moore

11/07/2023

11:04 PM Bug #14950: Improve documentation: Configuring CoDel Limiters for Bufferbloat
Aram Akhavan wrote:
> I struggled to get my limiters up and running because I host some video streaming services fro... Aram Akhavan
11:03 PM Bug #14950 (New): Improve documentation: Configuring CoDel Limiters for Bufferbloat
I struggled to get my limiters up and running because I host some video streaming services from my network. I'd like ... Aram Akhavan
10:23 PM Feature #10843: Allow user manager settings to specify multiple authentication servers

Denis Grilli wrote in #note-4:
> Just here to push this up. This feature would be very useful on enterprise envi... Ryan Whitlock
10:18 PM Bug #14949 (Resolved): PHP Error on ``interfaces.php`` when creating a PPP interface
I believe this may be related to #14790, it looks like that issue closed when nobody could make interfaces.php break ... Jonny M
09:20 PM Regression #14947 (Confirmed): Rules using aliases of type ``URL (IPs)`` are not generated
Replicated this in 2.7.1 Steve Wheeler
02:19 PM Regression #14947: Rules using aliases of type ``URL (IPs)`` are not generated
For reference, I've also tested by creating new aliases under 23.09 and assigning these to the firewall rules, and wh... Remy Monsen
02:10 PM Regression #14947 (Resolved): Rules using aliases of type ``URL (IPs)`` are not generated
After updating my Netgate 4100 box to 23.09 it started spamming notifications in the web gui every time the firewall ... Remy Monsen
06:53 PM pfSense Docs Correction #14948 (Closed): Wrong address and prefix for Global Unique Addresses (GUA) - Routable IPv6 addresses
I removed the line in question. I couldn't find anything that still referenced it in that context, and what I could f... Jim Pingle
04:10 PM pfSense Docs Correction #14948 (Closed): Wrong address and prefix for Global Unique Addresses (GUA) - Routable IPv6 addresses
johnpoz write in this thread [1] the GUA address space is
2000::/3 and not 2001::/16 as currently documented.
[1]... slu -
05:29 PM Todo #10464: Don't change the current update repo when new releases are available
Three years later I wake up to find that my SG-3100 has auto-borked itself by automatically updating the pkg package:... Craig Leres
04:48 PM pfSense Packages Bug #14932: mailreport 3.6.4_1 doesn't handle name address format "Name <email@domain.com>" in sender
From examining mail server logs it looks like mailreport sends the email but it sets the from address in the header t... Andrew Dakin
03:26 AM Feature #14483: Conditionally reconfigure IPsec VTI interfaces only when necessary while applying IPsec changes
Any updates/patches that i can apply to test?
These IPsec changes are impacting client/customer connectivity for me.... Mike Moore

11/06/2023

08:58 PM pfSense Packages Feature #14712: CrowdSec package
I created a PR for the package at https://github.com/pfsense/FreeBSD-ports/pull/1311
 Marco Mariani
06:39 PM Feature #13085: OpenVPN NBDD server options
And the patch working on current git release
 Phil Wardt
08:37 AM Feature #13085: OpenVPN NBDD server options
I posted a new patch as requested
https://github.com/pfsense/pfsense/pull/4653
I will add the patch diff file lat... Phil Wardt
06:03 PM pfSense Plus Regression #14946 (Rejected): Kea DHCP GUI DHCP custom options area removed
This is a known limitation and will be addressed in the next release. It's mentioned in the release notes. Jim Pingle
06:03 PM pfSense Plus Regression #14946 (Rejected): Kea DHCP GUI DHCP custom options area removed
Hello fellow pfSense Redmine community members,
I noticed that custom dhcp options are no longer accessible in the... Jonathan Lee
05:47 PM Revision 3c3a5650: Bump to 2.7.1-RC
Brad Davis
05:21 PM pfSense Plus Feature #14945: Allow IPsec VTI ``ipsecX`` interfaces to be added to interface groups
This should be possible so long as the IPsec Filter Mode (VPN > IPsec, Advanced Settings tab) is set to filter VTI on... Jim Pingle
04:54 PM pfSense Plus Feature #14945 (New): Allow IPsec VTI ``ipsecX`` interfaces to be added to interface groups
Provide the ability to add IPsecX interfaces that are set up for VTI and filtering enabled, to be part of an Interfac... Mike Moore
02:39 PM pfSense Plus Bug #14705 (Closed): Changes in Ethernet ruleset can lead to incorrect rule and separator order
Jim Pingle
01:26 PM pfSense Plus Bug #14944 (Not a Bug): IPv6 only works while saving interface settings
To update Track6 on an interface you have to save/apply the interface being tracked (WAN in this case), the settings ... Jim Pingle
08:00 AM pfSense Plus Bug #14944: IPv6 only works while saving interface settings
Also, every time i save settings on the WAN interface, the web-interface is unresponsive after Applying. I hae to go ... Chris Fokkenrood
07:58 AM pfSense Plus Bug #14944 (Not a Bug): IPv6 only works while saving interface settings
When changing IPv6 interface settings from None into Track Interface, i have to reboot in order to get this to work. ... Chris Fokkenrood
01:24 PM pfSense Plus Bug #14943 (Not a Bug): Authentication server LDAPs Unknown CA
Jim Pingle
01:24 PM Feature #13377 (Resolved): Option to configure a custom value for the PHP memory limit
Jim Pingle
08:29 AM Revision 1b612f6f: OpenVPN: expose NBDD servers in GUI
In GUI for both server and client specific overrides, add option to push DHCP NBDD option to client Tux Dictumst
01:08 AM pfSense Packages Bug #14926: Squid Proxy contains critical vulnerabilities
Pretty sure there isnt an official maintainer for Squid in pfSense. Assume that the package will not receive any bug ... Mike Moore

11/05/2023

09:10 PM pfSense Plus Bug #14943: Authentication server LDAPs Unknown CA
Fixed by connecting to the console and ran menu options 16 then 11 as suggested in https://docs.netgate.com/pfsense/e... Marcelo Cury
06:58 PM pfSense Plus Bug #14943: Authentication server LDAPs Unknown CA
Weird, it seems that this only happens in the Dashboard.
Even when I remove the authentication server entirely and r... Marcelo Cury
06:44 PM pfSense Plus Bug #14943 (Not a Bug): Authentication server LDAPs Unknown CA
Found that if you configure an authentication server without authentication (Standard TCP 389), and after that you ch... Marcelo Cury
01:07 PM pfSense Plus Bug #14467: Temperature sensor reading is abnormally high on some systems
This is probably what I am experiencing on a Xeon D-1736NT (Ice Lake) on 23.09-RC (23.09.r.20231027.0151)... Rob A
07:47 AM Feature #13377: Option to configure a custom value for the PHP memory limit
Tested on
23.09-RC (amd64)
built on Fri Oct 27 1:51:00 UTC 2023
FreeBSD 14.0-CURRENT
Looks good, in VM it is calc... aleksei prokofiev
06:40 AM pfSense Packages Bug #14836: squid and capitive portal integration bug
Tested on
23.05.1-RELEASE (amd64)
built on Wed Jun 28 03:57:27 UTC 2023
FreeBSD 14.0-CURRENT
I can confirm such... aleksei prokofiev
06:31 AM pfSense Packages Bug #14932: mailreport 3.6.4_1 doesn't handle name address format "Name <email@domain.com>" in sender
Tested on
23.05.1-RELEASE (amd64)
built on Wed Jun 28 03:57:27 UTC 2023
FreeBSD 14.0-CURRENT
mailreport 3.6.4... aleksei prokofiev
01:10 AM Bug #14634: The default gateway icon is not updated when the default gateway is changed to none
it goes away after applying for me...
!clipboard-202311042010-0bvvg.png!
 Jordan G
01:00 AM Bug #10980: ``/etc/rc.local`` script content is executed at login instead of during boot sequence
confirm startup scripts added (as described here - https://docs.netgate.com/pfsense/en/latest/development/boot-comman... Jordan G
12:30 AM Feature #14887: Add an appropriately named file to install images to indicate what they are
I think this is a good idea. Perhaps also making the disk label reflect the version. Christopher Cope

11/04/2023

11:38 PM Feature #10237 (Closed): Take ZFS snapshot on Upgrade
This was added in as of 22.05 Christopher Cope
10:45 PM Bug #5413: Reduce disruptions when changing DNS records from DHCP leases in Unbound
Hello Christian, any updates on your progress? Thanks! Dennis Adler
10:21 PM Feature #13377: Option to configure a custom value for the PHP memory limit
23.09 on 6100, this looks better for default and range
!clipboard-202311041720-hhol7.png!
 Jordan G
07:48 PM Bug #14634 (Confirmed): The default gateway icon is not updated when the default gateway is changed to none
Tested on... Christopher Cope
04:58 PM Regression #14431: Sending IPv6 traffic on a disabled interface can trigger a kernel panic
Spending more time on my Ice Lake Xeon box recently but no observable difference to that of my 6100. Today's crash o... Rob A
02:56 PM Bug #13087 (Resolved): OpenVPN WINS options may be visible even when NetBIOS is disabled
The patch fixes it.
I am marking this ticket resolved. Danilo Zrenjanin
09:31 AM pfSense Packages Bug #11074 (Confirmed): bind Zone Settings Zones, Save button opens "Confirmation required to save changes"
I can confirm that the Popup dialog appears after hitting the *Save* button.
I don't see the purpose of this Popu... Danilo Zrenjanin
08:48 AM pfSense Packages Bug #14771 (Resolved): Lightsquid creating multiple SSL certificates, not starting
Tested against:... Danilo Zrenjanin
08:29 AM Bug #14938: Can't get "Track interface" working for IPv6 when using DHCP6 "Advanced Configuration"
Thanks Kris
The answer is simple : in the interfaces.inc file, when "advanced configuration" is checked for WAN, the... Damien LE GUILLOU
02:18 AM Bug #14938: Can't get "Track interface" working for IPv6 when using DHCP6 "Advanced Configuration"
I have tested this with an identical configuration, minus the advanced DHCPv6 client options, and things work normall... Kris Phillips
02:32 AM pfSense Packages Bug #14895: Wireguard / bad performance after reboot, if running together with OpenVPN
Is it possible your Wireguard tunnel is trying to establish over your OpenVPN tunnel somehow due to a route-all direc... Kris Phillips
02:30 AM pfSense Packages Bug #14934: haproxy-devel: "Warning: process cannot be trusted anymore!" since pfSense Plus Upgrade to
This issue only affects the devel version of HAProxy and not the stable version on 23.05.1. Tested this on pfSense P... Kris Phillips
02:21 AM Bug #14937: Random UDP loss
Hello,
Can you run a packet capture on both the originating and remote firewall narrowed down to just the appropri... Kris Phillips

11/03/2023

06:46 PM Bug #14648: Values obtained from ``sysctl`` are sometimes unexpectedly empty, leading to PHP and other math errors
Steve Wheeler wrote in #note-25:
> Reviewing this it appears everyone hitting this is running an Intel Nxxx CPU. Is ... Joel Kåberg
03:38 PM pfSense Docs Correction #14599 (Rejected): Change Interface Names in TNSR Remote Office With Existing IPsec Hub to Something Else
Moved to https://redmine.netgate.com/issues/12213 as this Redmine isn't for TNSR docs. Jim Pingle
12:47 PM Bug #14940 (Not a Bug): GUI times out when using EDIT FILE
While you are editing a file there is no communication between your browser and the server, the activity is all local... Jim Pingle
05:07 AM Bug #14940 (Not a Bug): GUI times out when using EDIT FILE
Hello fellow Redmine pfSense members,
I have noticed that as long as you have GUI activity it will not timeout. Ho... Jonathan Lee
12:44 PM pfSense Plus Bug #14939 (Not a Bug): Version info displayed in dashboard seems incorrect
Something likely happened on your system and one or more underlying packages didn't get fully updated so it's having ... Jim Pingle
12:39 PM Bug #14942: DNS Resolver host overrides ignore all aliases if first entry has a domain set but no hostname
Just to note - this isn't a new bug/regression. I can reproduce it on 22.05, but I didn't go back any farther than that. Jim Pingle
10:41 AM Bug #14942: DNS Resolver host overrides ignore all aliases if first entry has a domain set but no hostname
Can confirm this behavior tested on ... Lev Prokofev
10:00 AM Bug #14942 (Resolved): DNS Resolver host overrides ignore all aliases if first entry has a domain set but no hostname
I am not sure this is normal behaviour but might stem from code to control input.
I tried this with multiple alias... Jon Brown
09:46 AM pfSense Packages Feature #14941 (New): add directdomains list in GUI
Is it possible to add directly in the GUI a directdomains category like whitelist or blacklist ...
this directdomain... Claude-Axel Piller

11/02/2023

08:35 PM pfSense Plus Bug #14939 (Not a Bug): Version info displayed in dashboard seems incorrect
Last night upgraded from 23.05.1 to 23.09.r.20231027.0151
On the main dashboard the version is still displayed as ... Jon Hrabowyj
08:14 PM Feature #4165: Allow for security zones when defining interfaces and firewall rules.
Though there's plenty of related documentation and resources already, it'd be helpful to have something for this type... Marcos M
06:15 PM Feature #4165: Allow for security zones when defining interfaces and firewall rules.
Marcos M wrote in #note-3:
> With the use of interface groups and/or aliases, the same functionality is possible (an... Durwin Babb
06:11 PM Feature #4165: Allow for security zones when defining interfaces and firewall rules.
Marcos M wrote in #note-3:
> With the use of interface groups and/or aliases, the same functionality is possible (an... Durwin Babb
07:43 PM pfSense Docs Correction #14910 (Closed): Feedback on System Monitoring — Firewall Table Contents
Updated and deployed.
https://gitlab.netgate.com/docs/pfSense-docs/-/commit/d9b0312226dc0e7fb22d658cde4406cca549b3... Jim Pingle
07:23 PM pfSense Docs Todo #14916 (Closed): Feedback on Virtual Private Networks — OpenVPN — OpenVPN Data Channel Offload (DCO)
Note added and deployed: https://gitlab.netgate.com/docs/pfSense-docs/-/commit/40578282c3d3b0992fca9211548280d737b2b321 Jim Pingle
05:07 PM Bug #14938 (New): Can't get "Track interface" working for IPv6 when using DHCP6 "Advanced Configuration"
Hello,
I'm using this WAN setup to get IPv6 prefix (::/56) from my ISP (Orange France):
- General Configuration... Damien LE GUILLOU
04:31 PM Bug #14929: ``choparp`` service is not stopped after deleting Proxy ARP type Virtual IP addresses
Forgot to add link to PR in case it's needed: https://github.com/pfsense/pfsense/pull/4652 Jared Hendrickson
04:22 PM Bug #14929 (Confirmed): ``choparp`` service is not stopped after deleting Proxy ARP type Virtual IP addresses
I can confirm this behavior on the:... Danilo Zrenjanin
01:58 PM pfSense Packages Regression #14904: FRR 9 crashes at startup on 23.09-BETA armv7 (3100)
Patch was sent upstream: https://reviews.freebsd.org/D42415 Christian McDonald
01:28 PM Bug #11268: Cookie named ``id`` prevents some forms from being loaded or saved properly
Just to say this still affects current versions of pfSense - I've tested it in pfSense 23.05.1 Plus.
Cookie values... Matthew Fearnley

11/01/2023

11:17 PM Feature #13085 (New): OpenVPN NBDD server options
Please submit a new PR with the relevant changes for NBDD. Marcos M
11:11 PM Bug #13089 (Feedback): Some OpenVPN NetBIOS settings are kept even when NetBIOS is disabled
Applied in changeset commit:056e50ee7b3bd252c971724d7d06287e74a145ea. Marcos M
11:07 PM Bug #13090 (Feedback): OpenVPN NetBIOS Node Type and Scope ID options are not pushed to clients
Applied in changeset commit:6b06bf5988646d9755b08904cbc41fa81edad2ad.
Before patch:
> SENT CONTROL [User]: 'PUSH_... Marcos M
10:54 PM Bug #14937 (New): Random UDP loss
Hi,
After upgrading from pfsense CE 2.5 to 2.7 some UDP packets started unexpectedly to loss on GRE interface.
... Roman Kuznetsov
10:41 PM Feature #4165: Allow for security zones when defining interfaces and firewall rules.
Marcos, is there supporting documentation for this incoming? This is a much-needed feature to get that zone-esque tim... Mike Moore
06:03 PM Feature #4165 (Rejected): Allow for security zones when defining interfaces and firewall rules.
With the use of interface groups and/or aliases, the same functionality is possible (and more flexible). This is even... Marcos M
04:37 PM Feature #4165: Allow for security zones when defining interfaces and firewall rules.
This is such an important feature request because from what I have seen in the community there is loads of confusion ... Durwin Babb
10:33 PM Revision 056e50ee: Merge pull request #4575 from PhilZ-cwm6/patch_vpn_netbios_settings
Marcos M
10:33 PM Revision 6b06bf59: Merge pull request #4576 from PhilZ-cwm6/patch_vpn_netbios_deprecated_settings
Marcos M
10:15 PM Bug #13087 (Feedback): OpenVPN WINS options may be visible even when NetBIOS is disabled
Applied in changeset commit:b57ee7830401697a729ac796e5c09f4c2021ccf0. Marcos M
10:05 PM Revision b57ee783: Hide WINS fields if NetBIOS is disabled. Fix #13087
Marcos M
07:35 PM Bug #10980 (Feedback): ``/etc/rc.local`` script content is executed at login instead of during boot sequence
Applied in changeset commit:ce83f38a8a51c3abe1291878420627343cf6b4a4. Marcos M
07:27 PM Revision ce83f38a: Run rc.local on system boot instead of on user logon. Fix #10980
Marcos M
05:21 PM Revision 2b0c1dd5: Merge pull request #4603 from luckman212/scrubing-to-scrubbing
Marcos M
05:18 PM pfSense Packages Regression #14904 (Resolved): FRR 9 crashes at startup on 23.09-BETA armv7 (3100)
I can confirm it works as expected on 23.09. ... Danilo Zrenjanin
03:07 PM Bug #14936: ``radvd`` service shows as stopped in services list when it should be disabled and hidden from that list
Note: The block that is incorrect is the second loop. The first loop was recently changed in #14136 and that loop has... Jim Pingle
03:03 PM Bug #14936 (Resolved): ``radvd`` service shows as stopped in services list when it should be disabled and hidden from that list
The @is_radvd_enabled()@ function in @pfsense-utils.inc@ appears to incorrectly interpret the state of the radvd serv... Jim Pingle
07:12 AM pfSense Plus Bug #14106: arc4random: WARNING: initial seeding bypassed the cryptographic random device because it was not yet seeded and the knob 'bypass_before_seeding' was enabled.
module firmware already present!
real memory = 3602862080 (3435 MB)
avail memory = 3462979584 (3302 MB)
Starting C... Jonathan Lee

10/31/2023

11:36 PM Regression #14896 (Resolved): Suricata is removed when upgrading the base system
Verified working after an upgrade to 23.09:
{{collapse... Marcos M
03:24 PM Regression #14896 (Feedback): Suricata is removed when upgrading the base system
Marcos M
12:34 AM Regression #14896: Suricata is removed when upgrading the base system
Thank you, Marcos. Glad it was an easy fix. Bill Meeks
11:33 PM pfSense Packages Bug #14898: Suricata core dumps with signal 11
This time it continued to crash after an update to the latest 23.09 snap. It seems to be related to the existence of ... Marcos M
09:46 PM Revision 0730c1a6: Use a function to get OpenVPN device names
Marcos M
09:00 PM Revision ac0a027f: Rector some direct config array accesses with pure scalar paths.
Christian McDonald
04:52 PM Revision 602f6d6e: Specify specialnet flags when calling get_specialnet(). Fix #14935
Allow passing specialnet flags to pconfig_to_address() to correctly
handle address/network config elements. Also corr... Marcos M
02:53 PM Regression #14935 (Resolved): Filter rules specifying a VIP address are not generated
Marcos M
02:50 PM Regression #14935 (Feedback): Filter rules specifying a VIP address are not generated
Applied in changeset commit:e729ecf8dea176eea5516c9e249da6614246c87f. Marcos M
02:43 PM Regression #14935 (Pull Request Review): Filter rules specifying a VIP address are not generated
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/1095 Marcos M
02:16 PM pfSense Packages Feature #14633: Cleanup states on dynamic routing changes
Any update on this? Without cleanup up states on route changes, routing based redundancy is impossible to implement. ... Christopher de Haas
12:08 AM Revision e729ecf8: Specify specialnet flags when calling get_specialnet(). Fix #14935
Allow passing specialnet flags to pconfig_to_address() to correctly
handle address/network config elements. Also corr... Marcos M

10/30/2023

11:37 PM Regression #14935 (Resolved): Filter rules specifying a VIP address are not generated
# Create a Virtual IP
# Create a firewall rule specifying the VIP
# Rule does not appear in /tmp/rules.debug Marcos M
10:15 PM Bug #14386: ``openvpn.auth-user.php`` gets stuck at 100% CPU usage when RADIUS authentication times out
The patched version of ovpn_auth_verify seems to work okay, but if I patch ovpn_auth_verify_async I get auth failures... Orion Poplawski
08:12 PM Regression #14896 (Pull Request Review): Suricata is removed when upgrading the base system
Thanks for taking a look Bill. The issue does not affect Snort. It turns out that a workaround for a recent bug with ... Marcos M
07:31 PM Regression #14896 (In Progress): Suricata is removed when upgrading the base system
Marcos M
05:07 PM pfSense Packages Bug #14934: haproxy-devel: "Warning: process cannot be trusted anymore!" since pfSense Plus Upgrade to
At the suggestion of one of the Netgate admins on the forums when I asked this to get poked, this issue **does not ha... Thomas Ward
04:43 PM pfSense Packages Bug #14934: haproxy-devel: "Warning: process cannot be trusted anymore!" since pfSense Plus Upgrade to
NOTE: As part of testing, I reverted to 2.7.6-4dadaaa and into the pfSense Plus 23.05 (without .1) saved auto boot en... Thomas Ward
04:26 PM pfSense Packages Bug #14934 (Resolved): haproxy-devel: "Warning: process cannot be trusted anymore!" since pfSense Plus Upgrade to
haproxy-devel version: 2.8-dev6-4c7588d
pfSense+ Version: 23.05.1
With the update to pfSense 23.05.1, HAProxy no... Thomas Ward
04:17 PM pfSense Plus Bug #14925: /etc/regdomain.xml file ver low max power limit set
https://github.com/freebsd/freebsd-src/pull/880
Added a pull to set them to 40 Jonathan Lee
03:15 PM Revision 7eba7db8: Update version to 2.7.1
Brad Davis
01:30 PM pfSense Packages Feature #14652: FRR OSPF6 not working over wireguard
when restart wg service, then VIP setup LL address is lost in wg interface. it can't always keep for wg interface yon Liu
01:30 PM pfSense Packages Todo #14881: for wiregaurd interface add linklocal IPv6 address
when restart wg service, then VIP setup LL address is lost in wg interface. it can't always keep for wg interface. yon Liu

10/29/2023

10:56 PM Bug #14933: Traffic Graph widget displays bandwidth usage values which are half the actual usage amount
I can reproduce this in version 23.09
Reloading the dashboard, starting a 220Mbps download, shows fine. Opening anot... dylan mendez
06:27 PM Bug #14386: ``openvpn.auth-user.php`` gets stuck at 100% CPU usage when RADIUS authentication times out
In that case, it seems more likely that the issue is with fcgicli. Given this issue seems to have appeared in 23.01, ... Marcos M
06:07 PM Regression #11570 (Closed): Gateway monitoring services is not always restarted on interface events, which may prevent a WAN from recovering back to an online state
There are a number of factors that can result in the issue described in the original post. These are detailed in sepa... Marcos M
08:42 AM pfSense Packages Bug #14753: pfBlockerNG sync issues
Tested on pfBlocker 3.2.0_6
23.09-RC (amd64)
built on Fri Oct 27 1:51:00 UTC 2023
FreeBSD 14.0-CURRENT
The iss... aleksei prokofiev
04:54 AM pfSense Packages Bug #11515: node_exporter 0.18.1_1 - Unable to interact or start the service from web ui
service appears to start when enabled and shows positive indication in the service status dashboard on 23.09.r.202310... Jordan G
04:39 AM Bug #14634: The default gateway icon is not updated when the default gateway is changed to none
the globe icon is removed when changing default gateway to none, following applying the change, on 23.09.r.20231027.0... Jordan G
04:29 AM pfSense Packages Bug #14287: pfBlockerNG does not uninstall cleanly when using RAM disks
seeing this on pfBlockerNG 3.2.0_6 on 23.09.r.20231027.0151, this was a clean install and immediately attempting to r... Jordan G
02:57 AM pfSense Packages Bug #14861 (New): PHP error when pings are enabled but no ping hosts are defined
Crash report from Forum post:
Crash report begins. Anonymous machine information:
amd64
14.0-CURRENT
FreeBSD ... Kris Phillips
02:57 AM pfSense Packages Bug #14861: PHP error when pings are enabled but no ping hosts are defined
David Bowen wrote in #note-2:
> Kris Phillips wrote in #note-1:
> > Tested on 23.09 and unable to reproduce.
> >... Kris Phillips
01:26 AM Feature #14802: Re-enable multiqueue support for virtio NIC
I'd appreciate if maintainers could take a look at this Nazar Mokrynskyi
12:37 AM pfSense Packages Bug #7267 (Resolved): Status Traffic Totals - Stacked Bar - Scale not high enough
No longer an issue on... Christopher Cope

10/28/2023

09:48 PM Bug #14933 (Resolved): Traffic Graph widget displays bandwidth usage values which are half the actual usage amount
Problem description:
The Traffic Graphs Widget fails to display the real bandwidth used after the Dashboard browser ... Patrik Stahlman
06:14 PM Regression #11570 (Resolved): Gateway monitoring services is not always restarted on interface events, which may prevent a WAN from recovering back to an online state
Tested on 23.05_1 and on 23.09-BETA (built on Fri Oct 20 9:00:00 MSK 2023)
I was able to reproduce this issue on 2... Azamat Khakimyanov
03:43 PM pfSense Packages Bug #14932 (New): mailreport 3.6.4_1 doesn't handle name address format "Name <email@domain.com>" in sender
mailreport 3.6.4_1 doesn't handle name address format "Name <email@domain.com>". pfSense will correctly use and send ... Andrew Dakin
02:23 PM pfSense Packages Bug #14861: PHP error when pings are enabled but no ping hosts are defined
Kris Phillips wrote in #note-1:
> Tested on 23.09 and unable to reproduce.
>
> What are the exact steps to prod... David Bowen
01:05 PM Feature #14931 (New): Feature request - "Glue" separator rules with the separator to be move together
Hello,
It will be very helpful and friendlier if there will be a way to "glue" together the separator with the rul... Wolfgang Thegreat
02:42 AM Regression #14930: Clean installation using Auto (ZFS) + MBR (BIOS) does not boot
Yes, I proposed a fix for this upstream. I’ll poke the right people again Christian McDonald
02:19 AM Regression #14930 (Resolved): Clean installation using Auto (ZFS) + MBR (BIOS) does not boot
Installing pfSense 2.7.0 using the Auto (ZFS) + MBR (BIOS) options appears successful, however when the installer reb... Boycee .
12:34 AM Bug #14386: ``openvpn.auth-user.php`` gets stuck at 100% CPU usage when RADIUS authentication times out
Marcos M wrote in #note-9:
> Orion Poplawski wrote in #note-8:
> > Just had another reproducer. However, this time... Orion Poplawski

10/27/2023

09:17 PM Bug #14386: ``openvpn.auth-user.php`` gets stuck at 100% CPU usage when RADIUS authentication times out
Orion Poplawski wrote in #note-8:
> Just had another reproducer. However, this time it did not appear to the associ... Marcos M
05:55 PM Bug #14386: ``openvpn.auth-user.php`` gets stuck at 100% CPU usage when RADIUS authentication times out
Just had another reproducer. However, this time it did not appear to the associated with the auth timeout message in... Orion Poplawski
09:06 PM Bug #14929 (Resolved): ``choparp`` service is not stopped after deleting Proxy ARP type Virtual IP addresses
After deleting a ProxyARP virtual IP, the @choparp@ process is still running. To reproduce:
1. Create a new single... Jared Hendrickson
08:58 PM Revision 56142ff4: fix: delete vips before calling interface_proxyarp_configure()
Jared Hendrickson
08:31 PM Bug #14893 (Pull Request Review): Large number of IPsec tunnels causes long filter reload times
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/1094 Marcos M
06:48 PM pfSense Plus Feature #14928 (New): FEATURE REQUEST: Wireless ath0 and MAC address controls
@ifconfig ath0_wlan0 list mac@
This has the ability to have a ACL lists added. Can we please have the ability to m... Jonathan Lee
05:07 PM Bug #14758 (Resolved): ``status_carp.php`` and ``diag_dump_states.php`` unresponsive with large state tables
This has been working well since it went in. Jim Pingle
03:59 PM Feature #6960 (Resolved): Introduce Kea DHCP as an alternative DHCP server for IPv4 and IPv6
Looks good here. I see the expected entry in the config file and the Kea daemon is still up and running.
Thanks! Jim Pingle
03:07 PM pfSense Plus Bug #14927 (Not a Bug): Wireless Interfaces Speed and Duplex settings will not save
You don't set those yourself on Wireless interfaces, they are determined by the chosen standard and other settings. Jim Pingle
02:09 PM pfSense Plus Bug #14927 (Not a Bug): Wireless Interfaces Speed and Duplex settings will not save
Hello fellow PfSense Redmine community members,
I recently noticed that the Speed and Duplex settings will not sta... Jonathan Lee
12:43 PM Bug #6799 (Resolved): Negating ``<interface> net`` when a VIP exists on the interface results in unintended behavior
Jim Pingle
06:18 AM Bug #6799: Negating ``<interface> net`` when a VIP exists on the interface results in unintended behavior
Works as expected on the current Beta build, VIP has not affected the rules.... Lev Prokofev
12:38 PM pfSense Packages Bug #14926 (Rejected): Squid Proxy contains critical vulnerabilities

Squid 5.8 (shipped by the current pfSense package) is affected by the following vulnerabilities:
Critical:
* "S... Peter Müller
06:23 AM Bug #14919: OpenVPN forms invalid ``route`` statements for empty local networks
Can reproduce it on BETA... Lev Prokofev
12:05 AM pfSense Plus Bug #14925 (Rejected): /etc/regdomain.xml file ver low max power limit set
That file is from FreeBSD -- if you want to suggest changes, propose them upstream:
https://github.com/freebsd/fre... Jim Pingle
12:00 AM pfSense Plus Bug #14925: /etc/regdomain.xml file ver low max power limit set
<maxpower>17</maxpower>
<maxpower>30</maxpower>
<maxpower>23</maxpower>
Does others feel this is very restri... Jonathan Lee

10/26/2023

11:58 PM pfSense Plus Bug #14925 (Rejected): /etc/regdomain.xml file ver low max power limit set
Hello Fellow pfSense Redmine members,
I wanted to bring this to your attention. I noticed and learned that the reg... Jonathan Lee
11:06 PM Feature #13293 (New): Option to set auth-gen-token in OpenVPN GUI
Marcos M
10:37 PM Feature #13293 (Duplicate): Option to set auth-gen-token in OpenVPN GUI
Marcos M
10:37 PM Feature #14924 (Duplicate): Add Option for auth-gen-token to OpenVPN Server and OpenVPN Client Export
Marcos M
09:39 PM Feature #14924 (Duplicate): Add Option for auth-gen-token to OpenVPN Server and OpenVPN Client Export
For 2FA deployments customers either use reneg-sec 0 to disable data-channel renegotiation or auth-gen-token to use a... Kris Phillips
09:40 PM Feature #12466: Option to Disable Renegotiation timer in OpenVPN Server
Created additional redmine for auth-gen-token to be added here: https://redmine.pfsense.org/issues/14924 Kris Phillips
09:10 PM Bug #14386: ``openvpn.auth-user.php`` gets stuck at 100% CPU usage when RADIUS authentication times out
Preferably we can get more testing/feedback on this. Given the inconsistent nature of the issue, it may simply be the... Marcos M
12:12 PM Bug #14386: ``openvpn.auth-user.php`` gets stuck at 100% CPU usage when RADIUS authentication times out
The patch fixed the issue on a firewall with the same symptoms. There were no side effects after applying the patch. ... Danilo Zrenjanin
08:52 PM Feature #14923 (New): Feature request - Backup encryption using a public key
This feature request is following a community post at https://forum.netgate.com/topic/183662/backup-encryption-using-... Wolfgang Thegreat
07:30 PM Feature #7085: Edit Firewall Rules Seperator
+10! Should be, I guess, simple to add Wolfgang Thegreat
04:18 PM pfSense Packages Bug #14858 (Closed): Possible SNORT Regression with Remove Blocked Hosts interval / Alert length of time / duration timer being auto changed timer changed by itself and is deleting blocked hosts at 5 mins when set to never
Marcos M
04:14 PM Regression #14918 (Resolved): Filter rules error with 1:1 NAT rules that use the interface subnet macro
That particular behavior (mask-bit in the NAT address) is not new. Marcos M
09:10 AM Regression #14918: Filter rules error with 1:1 NAT rules that use the interface subnet macro
I was able to reproduce the issue. The patch fixes it.
However, if you choose:
(External Subnet IP) - WAN addr... Danilo Zrenjanin
03:56 PM Bug #14922 (Not a Bug): Latest build bug on AMD server
That looks very hardware-specific (And BIOS specific, at that), it may be that FreeBSD 14 doesn't run well on that ha... Jim Pingle
03:47 PM Bug #14922 (Not a Bug): Latest build bug on AMD server
Crash report begins. Anonymous machine information:
amd64
14.0-CURRENT
FreeBSD 14.0-CURRENT #1 RELENG_2_7_0-n25... Rich Benson
03:46 PM Feature #6960 (Feedback): Introduce Kea DHCP as an alternative DHCP server for IPv4 and IPv6
Validation is now in place to check v4 client identifiers as being valid kea hex strings. If this check fails, the cl... Christian McDonald
03:40 PM Revision d1b4e731: kea: validate v4 client identifiers as being valid hex strings, otherwise wrap in single quotes
Christian McDonald
12:37 PM Revision 3d4cab40: Revert "Add zsh to the list of packages to build"
This reverts commit d36017f86fc4da9fbcdad230e7edc0a8f271b0d2.
Revert this until the fix for zsh without docs lands u... Brad Davis
12:29 PM Bug #14919 (Confirmed): OpenVPN forms invalid ``route`` statements for empty local networks
I can replicate the issue on the:... Danilo Zrenjanin

10/25/2023

10:46 PM Bug #14921 (New): External Config Locator does not trigger a pkg sync except on first boot
The ECL dos not set the pkg sync flag when it finds and imports a config unless it is on the first boot after install... Steve Wheeler
06:08 PM pfSense Plus Bug #14440 (Closed): Firewall rule traffic counters show invalid values on 32bit platforms
Closing this since armv7 support is being dropped upstream, so there won't be any way to resolve this. Jim Pingle
06:06 PM Regression #14897 (Resolved): DHCPv4 service stopped after applying interface settings when no interfaces have DHCPv6 enabled
Jim Pingle
06:05 PM Bug #14804 (Resolved): Panic when pfsync attempts to synchronize states between hosts with different rulesets
Jim Pingle
06:04 PM Todo #14790 (Resolved): Eliminate direct config access in ``interfaces.php``
No further errors have popped up so we'll call this complete for now. Any new errors can be addressed individually as... Jim Pingle
06:04 PM Bug #14626 (Resolved): Multi-WAN IPsec does not fail over when preferred WAN loses link
I've tested this quite a bit since making the changes and it does work, though it takes time since it requires waitin... Jim Pingle
06:03 PM Regression #14569 (Closed): ``bnxt(4)`` driver errors
Closing for lack of feedback. If it's still an issue in this release we can reopen and re-target the issue at the nex... Jim Pingle
06:03 PM Bug #14497 (Closed): Kernel panic when using traffic shaping on a PPPoE interface
Closing for lack of feedback. If it's still an issue in this release we can reopen and re-target the issue at the nex... Jim Pingle
06:02 PM Bug #12079 (Closed): Kernel panic when running IGMP Proxy: Sleeping thread owns a non-sleepable lock
Closing for lack of feedback. If it's still an issue in this release we can reopen and re-target the issue at the nex... Jim Pingle
05:59 PM Regression #14876 (Resolved): ``ca_setup_trust_store()`` behavior conflicts with ``certctl``
Jim Pingle
05:57 PM pfSense Plus Bug #13455 (Resolved): Serial console output fails to render properly in certain cases on 4100, 6100, and 8200.
Looks good on latest build. 4100 and 6100 loader/BE menus no longer have any extra non-printable/random odd character... Jim Pingle
05:53 PM Feature #9504 (Resolved): Include hostname being updated in Dynamic DNS notifications
This has been working really well. Only issue is that HE.net tunnel broker updates print the tunnel ID instead of an ... Jim Pingle
05:24 PM Bug #14920 (Rejected): pfSense has detected a crash report or programming bug
There isn't a crash dump attached there, the info file is just metadata about a crash dump not the dump itself.
Th... Jim Pingle
05:23 PM Bug #14920 (Rejected): pfSense has detected a crash report or programming bug
I have no idea why it detected a crash as i have not seen any issues. the only thing I did was update the openvpn pac... Chester Garrett
05:21 PM Bug #14919: OpenVPN forms invalid ``route`` statements for empty local networks
It should trim/ignore any empty entries like that, but it may not be catching that case properly. Jim Pingle
05:02 PM Bug #14919 (Resolved): OpenVPN forms invalid ``route`` statements for empty local networks
If I specify IPv4 Local networks in OpenVPN server and leave comma in end of the list, in config will be presented pu... aleksei prokofiev
10:12 AM pfSense Docs Correction #14910: Feedback on System Monitoring — Firewall Table Contents
Wolfgang Thegreat wrote:
> *Page:* https://docs.netgate.com/pfsense/en/latest/monitoring/status/firewall-tables.html... Wolfgang Thegreat

10/24/2023

10:40 PM Regression #14918 (Feedback): Filter rules error with 1:1 NAT rules that use the interface subnet macro
Applied in changeset commit:4dc98294fe3f1f014730e654405141e94321fdb1.
There are two additional fixes related to bina... Marcos M
10:21 PM Regression #14918 (Pull Request Review): Filter rules error with 1:1 NAT rules that use the interface subnet macro
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/1093 Marcos M
08:46 PM Regression #14918 (Resolved): Filter rules error with 1:1 NAT rules that use the interface subnet macro
Create a binat rule using an interface subnet macro for the internal IP, then save/apply:
> There were error(s) load... Marcos M
10:27 PM Revision 4dc98294: Don't use aliases in binat rules. Fix #14918
While there, handle negated binat addresses.
Also use the correct specialnet description. Marcos M
07:20 PM Revision d36017f8: Add zsh to the list of packages to build
Brad Davis
03:39 PM Bug #14917 (Closed): Mulicast traffic on a detached interface causes a panic
Multicast traffic can attempt to send over an interface that is down triggering a panic.
Here pimd is routing mult... Steve Wheeler
03:24 PM pfSense Docs Todo #14916 (Closed): Feedback on Virtual Private Networks — OpenVPN — OpenVPN Data Channel Offload (DCO)
*Page:* https://docs.netgate.com/pfsense/en/latest/vpn/openvpn/dco.html
*Feedback:*
Compression is not supporte... Steve Wheeler
02:54 PM pfSense Plus Feature #14915 (New): MAC-aliasses / Lists with MAC-addresses would be very helpfull

I would like to create a MAC-filter using the Ethernet layer firewall and it is absolutely not practical / a good i... Louis B
01:52 PM pfSense Plus Bug #13569: Restarting an OpenVPN server running on a CARP VIP in an HA cluster can disrupt unrelated TCP states
Same issue on pfsense 2.7,
I confirm that ... Sebastiano Degan
12:26 PM Feature #14844 (Resolved): QAT 200xx devices are not recognized as supported
Jim Pingle
09:41 AM Feature #14844: QAT 200xx devices are not recognized as supported
Marcos M wrote in #note-3:
> The dashboard should now recognize it.
Confirmed as fixed:
!%202023-10-24%20at%2010.38... Rob A
09:36 AM Regression #14431: Sending IPv6 traffic on a disabled interface can trigger a kernel panic
Understood - thank you. Rob A

10/23/2023

09:15 PM Regression #14431: Sending IPv6 traffic on a disabled interface can trigger a kernel panic
I don't expect another core dump to make any difference in that analysis. I may or may not be able to find the inform... Kristof Provost
08:17 PM Regression #14431: Sending IPv6 traffic on a disabled interface can trigger a kernel panic
Ok, I'll endeavour to get another core dump for you; although it may be as late as the weekend. Rob A
07:33 PM Regression #14431: Sending IPv6 traffic on a disabled interface can trigger a kernel panic
Before if_detach_internal() clears the if_afdata array it also removes all of the addresses from the interface, which... Kristof Provost
03:28 PM Regression #14431: Sending IPv6 traffic on a disabled interface can trigger a kernel panic
The backtrace there shows us in the TCP output path (from a timer callback), sending a packet out. This requires sett... Kristof Provost
06:46 PM pfSense Docs New Content #14641 (Resolved): Add content about multipath routing
Info added and deployed: https://gitlab.netgate.com/docs/pfSense-docs/-/commit/16db172cccc2af98e5cc46c4754d0c71e6b027... Jim Pingle
04:57 PM Bug #14648: Values obtained from ``sysctl`` are sometimes unexpectedly empty, leading to PHP and other math errors
Reviewing this it appears everyone hitting this is running an Intel Nxxx CPU. Is anyone hitting it on something else? Steve Wheeler
03:28 PM pfSense Packages Bug #14913 (Resolved): [Security] Zabbix packages need updating bec. of recent critical security CVEs
Several critical CVEs in Zabbix got recently reported. They are already addressed/fixed by Zabbix, but not yet availa... Carsten Lohrmann
02:32 PM pfSense Plus Regression #14912: WAN Interfaces No Longer Able to Use Gateway Outside Subnet
Jim Pingle wrote in #note-1:
> I can't replicate this as stated. If I add a new route that is outside the subnet (e.... Kris Phillips
02:15 PM pfSense Plus Regression #14912 (Rejected): WAN Interfaces No Longer Able to Use Gateway Outside Subnet
I can't replicate this as stated. If I add a new route that is outside the subnet (e.g. by setting the interface as a... Jim Pingle
02:34 AM pfSense Plus Regression #14912 (Rejected): WAN Interfaces No Longer Able to Use Gateway Outside Subnet
In pfSense Plus 23.09 BETA there seems to be a regression of this former bug:
https://redmine.pfsense.org/issues/972... Kris Phillips
01:50 PM pfSense Packages Regression #14904: FRR 9 crashes at startup on 23.09-BETA armv7 (3100)
Seems to be specific to 3100/armv7... Jim Pingle
12:26 PM Feature #14907: DNS Resolution on Diagnostics > States Summary
Thank you Jim for the reply.
I see your point about performance issues, but I guess you do not have to do it to th... Wolfgang Thegreat
12:19 PM Feature #14907: DNS Resolution on Diagnostics > States Summary
Unfortunately the checkbox method isn't feasible. The contents of the state table page can be enormous and it isn't s... Jim Pingle
12:24 PM Feature #14911 (Rejected): Feature request - System Aliases
This is already possible both via URL table aliases and also via pfBlockerNG and various methods in there such as bui... Jim Pingle
12:22 PM pfSense Packages Bug #14858 (Resolved): Possible SNORT Regression with Remove Blocked Hosts interval / Alert length of time / duration timer being auto changed timer changed by itself and is deleting blocked hosts at 5 mins when set to never
Jim Pingle
12:21 PM Bug #14909 (Not a Bug): OS Account Changes contains records from a date much before the installation date
Those are normal/expected and are from when the OS image was built. Note that they match the approximate date/time of... Jim Pingle
12:13 PM pfSense Packages Bug #14905 (Duplicate): ARPing causes menu bar to stop working
This isn't a problem in arping but a problem with how some packages handle command output. It's already covered by #8502 Jim Pingle
12:13 PM pfSense Packages Bug #13405: Wireguard: The webgui becomes excessively slow to respond with a large number of peers
+1 - Adding Wireguard widget to dashboard makes the dashboard load extremely slowly. Also the menus relating to wireg... Bogdan Tomasciuc
12:07 PM Regression #14880 (Resolved): Diagnostics>States doesn't allow rule ID and interface filtering simultaneously but clearing the interface field is not possible
Jim Pingle

10/22/2023

09:14 PM Feature #14911: Feature request - System Aliases
I posted this feature request also at the community forum, at https://forum.netgate.com/topic/183570/feature-request-... Wolfgang Thegreat
08:24 PM Feature #14911 (Rejected): Feature request - System Aliases
Hello,
I wish to ask for something I call "System Aliases".
At times there is a need to have a list of IPs and/... Wolfgang Thegreat
07:32 PM pfSense Docs Correction #14910 (Closed): Feedback on System Monitoring — Firewall Table Contents
*Page:* https://docs.netgate.com/pfsense/en/latest/monitoring/status/firewall-tables.html
*Feedback:*
Hello,
T... Wolfgang Thegreat
06:49 PM pfSense Packages Bug #14858: Possible SNORT Regression with Remove Blocked Hosts interval / Alert length of time / duration timer being auto changed timer changed by itself and is deleting blocked hosts at 5 mins when set to never
This issue was resolved when I saved the interval again can you please close this ticket. Jonathan Lee
06:48 PM Bug #14909 (Not a Bug): OS Account Changes contains records from a date much before the installation date
Hello,
This bug report is following a community post at https://forum.netgate.com/topic/183563/strange-os-account-... Wolfgang Thegreat
06:47 PM pfSense Packages Feature #14908 (New): FEATURE REQUEST: Snort Alerts / Blocked Page ability to save users order of list choice
Hello fellow Redmine pfSense community members,
I wanted to bring this up and see if anyone else noticed this. I a... Jonathan Lee
05:24 PM Feature #14907 (New): DNS Resolution on Diagnostics > States Summary
Hello,
In version 2.7.0, the page of Diagnostics > States Summary shows numeric IPs, which are sometimes hard to u... Wolfgang Thegreat
03:24 PM Bug #14906 (New): DHCPv4 server self-assigning address to own DHCP client-enabled interfaces
Assume three NICs: igc0, igc1, igc2
Assume a single bridge: bridge0 (OPT2, OPT3)
And a VLAN: igc0.1036
Interface... Luca Piccirillo
03:22 PM Bug #14756 (Resolved): Link loss causes interfaces configured as Track Interface for IPv6 to lose their IPv4 addresses
Tested on 23.05_1
I was able to reproduce this bug.
After applying 49d0874fb4524e05a802eaeabbf6bf152860f3d4 and t... Azamat Khakimyanov
01:21 PM pfSense Packages Bug #11802: FreeRADIUS sync
The problem is relevant. It is impossible to use synchronization: the configuration of certificates on recipient node... Alex Viper_Rus
11:28 AM pfSense Plus Regression #14828: QAT is not being used by some daemons
I've just tried 23.09.b.20231020.0600 on qat_200xx equipped hardware (Xeon D-1736NT) and I can see that the revision ... Rob A
09:45 AM pfSense Plus Regression #14828: QAT is not being used by some daemons
Hi Kris,
No change with 23.09 BETA, including 23.09.b.20231020.0600 for QAT on C3xxx QAT hardware (Netgate 6100 in... Rob A
05:23 AM pfSense Packages Bug #14905: ARPing causes menu bar to stop working
I have tested and can confirm this behavior. aleksei prokofiev
01:42 AM Regression #14896: Suricata is removed when upgrading the base system
Hi Netgate team: I will need a little help addressing this issue. I currently do not have a pfSense Plus test environ... Bill Meeks

10/21/2023

11:31 PM pfSense Packages Bug #14905 (Duplicate): ARPing causes menu bar to stop working
After running ARPing and getting the results, any attempt to navigate to another page by clicking the menu bar (Syste... Christopher Cope
10:06 PM pfSense Plus Bug #14818 (Confirmed): StatusTraffic Graph In/Out traffic misplaced in Graph but correct in text table
It looks like this happens when the Sort By dropdown is set to Bandwidth Out. Using pfSense as an iperf server and a ... Chris W
08:17 PM pfSense Plus Regression #14828: QAT is not being used by some daemons
Rob A wrote in #note-3:
> I still see demonstrable difference between 23.05 and 23.09 dev with QAT. QAT is active o... Kris Phillips
08:14 PM pfSense Packages Bug #14861 (Incomplete): PHP error when pings are enabled but no ping hosts are defined
Tested on 23.09 and unable to reproduce.
What are the exact steps to produce this PHP error? What platform are ... Kris Phillips
07:14 PM Bug #14609 (Resolved): Update check in GUI does not always honor the configured proxy settings
Tested on 23.05_1 and 23.09-BETA (built on Mon Oct 16 2:31:00 UTC 2023)
I was able to reproduce this issue on 23.0... Azamat Khakimyanov
06:47 PM pfSense Plus Feature #14387: Offline config mode
Tested on 23.05.1 and 23.09 there is still significant boot times for the WAN interface being down and the webConfigu... Kris Phillips
02:41 PM pfSense Plus Feature #14387: Offline config mode
Can you confirm you are still having this issue on 23.05.1?
The original redmine is resolved and testing with 23.0... Christopher Cope
06:40 PM pfSense Packages Regression #14904: FRR 9 crashes at startup on 23.09-BETA armv7 (3100)
There was a theory that this was UFS versus ZFS related. Testing on whitebox amd64 with ZFS I'm unable to reproduce ... Kris Phillips
04:38 PM pfSense Packages Regression #14904: FRR 9 crashes at startup on 23.09-BETA armv7 (3100)
I can reliably replicate the issue only on 3100. Danilo Zrenjanin
03:14 PM pfSense Packages Regression #14904: FRR 9 crashes at startup on 23.09-BETA armv7 (3100)
I can't reproduce it on the amd64 build ... Lev Prokofev
03:09 PM pfSense Packages Regression #14904: FRR 9 crashes at startup on 23.09-BETA armv7 (3100)
I can confirm that it worked as expected on 23.09.b.20231018.0600.
 Danilo Zrenjanin
03:00 PM pfSense Packages Regression #14904: FRR 9 crashes at startup on 23.09-BETA armv7 (3100)
Tested against 23.09.b.20231020.0600 Danilo Zrenjanin
02:55 PM pfSense Packages Regression #14904 (Resolved): FRR 9 crashes at startup on 23.09-BETA armv7 (3100)
... Danilo Zrenjanin
04:55 PM Regression #14431: Sending IPv6 traffic on a disabled interface can trigger a kernel panic
... Rob A
04:53 PM Regression #14431: Sending IPv6 traffic on a disabled interface can trigger a kernel panic
Hopefully I have captured the panic:... Rob A
02:30 PM Feature #14903 (New): Support for API based email delivery
Hello,
This feature request is following this community post - https://forum.netgate.com/topic/183548/support-for-... Wolfgang Thegreat
05:52 AM Regression #14880: Diagnostics>States doesn't allow rule ID and interface filtering simultaneously but clearing the interface field is not possible
Works as expected on ... Lev Prokofev

10/20/2023

11:24 PM Regression #14615: PHP crash during bootup with gateway monitoring enabled with custom monitor IP
I think this may be a wider issue. I upgraded from 2.7.0 -> 2.8.0 when it was released, after using 2.7.0 since it wa... Scott Buckel
08:29 PM Bug #14893 (In Progress): Large number of IPsec tunnels causes long filter reload times
Marcos M
08:10 PM pfSense Plus Bug #14902 (Not a Bug): Package Manager available list empty
This site is not for support or diagnostic discussion.
For assistance in solving problems, please post on the "Net... Jim Pingle
07:23 PM pfSense Plus Bug #14902 (Not a Bug): Package Manager available list empty
This seem to have happened after pfSense Plus 23.05.1 upgrade. Although I don't know the exact time frame. I am unabl... Jimmy Chen
06:32 PM pfSense Packages Feature #14901 (New): Feature request - Adding in the GUI the advanced SHA and AES values for SNMPv3
I post this following this community forum post I published - https://forum.netgate.com/topic/183532/setting-advanced... Wolfgang Thegreat
05:46 PM Bug #14892 (Resolved): Traffic graph filters apply incorrectly
Jim Pingle
03:13 PM Bug #14892: Traffic graph filters apply incorrectly
patch corrects the behavior
tested on:
23.09-BETA (amd64)
built on Fri Oct 20 6:00:00 UTC 2023
FreeBSD 14.0-CURRENT Georgiy Tyutyunnik
04:17 PM pfSense Packages Todo #14795: Transition to nut-devel
Merged here:
https://github.com/pfsense/FreeBSD-ports/commit/e55ac518e1e2a4359dbf3b0e5e36aa235bfe1f13 Marcos M
04:17 PM pfSense Packages Todo #14795 (Resolved): Transition to nut-devel
Marcos M
01:07 PM Bug #14900 (New): Spoofed WAN MAC plus L2TP service causes WAN interface link flap
Duplicate of 11571 (I'm the same person who posted that issue which was rejected).
Posted on forum here with no r... Aman Halai
11:30 AM Feature #14899 (New): Feature request - better acknowledgment and validation of the user's public key format
Hello,
This feature request is following my community post at https://forum.netgate.com/topic/183514/cannot-ssh-lo... Wolfgang Thegreat
08:47 AM Feature #11556: Kill states using the pre-NAT address
Proposed implementation in https://reviews.freebsd.org/D42312 (test in https://reviews.freebsd.org/D42313)
This will... Kristof Provost
02:53 AM Bug #14804: Panic when pfsync attempts to synchronize states between hosts with different rulesets
Yes, looks like it is ok now. No more crashes on beta 23.09 Vladimir Suhhanov

10/19/2023

08:07 PM Regression #14896: Suricata is removed when upgrading the base system
I was able to reproduce this upgrading between 23.09-BETA versions:
{{collapse... Marcos M
04:16 PM Regression #14896: Suricata is removed when upgrading the base system
From the Netgate forums working with another user who provided possible insight:
https://forum.netgate.com/topic/1831... Brian Dahlquist
03:52 PM Regression #14896 (Resolved): Suricata is removed when upgrading the base system
After upgrading from 23.05.01 to 23.09 beta on a clean install (and on a second install) the Suricata package will no... Brian Dahlquist
05:12 PM pfSense Packages Bug #14898 (Resolved): Suricata core dumps with signal 11
I installed Suricata on a system with previous config using Legacy Mode, Enable/Disable/Drop SID lists. After attempt... Marcos M
04:15 PM Regression #14897 (Feedback): DHCPv4 service stopped after applying interface settings when no interfaces have DHCPv6 enabled
Applied in changeset commit:dc96586bddbc3d209b04d602412378c656acef16. Jim Pingle
04:06 PM Regression #14897 (Resolved): DHCPv4 service stopped after applying interface settings when no interfaces have DHCPv6 enabled
When applying changes for an interface (e.g. WAN), during @interface_bring_down()@ it ends up calling @services_dhcpd... Jim Pingle
04:07 PM Revision dc96586b: Selectively kill DHCP server by family. Fixes #14897
Jim Pingle
03:42 PM Revision e67b20f4: Fix some syntax/logic errors in interface config.
Jim Pingle
02:01 PM pfSense Plus Bug #14705: Changes in Ethernet ruleset can lead to incorrect rule and separator order
Thanks for looking into this Jonathan Lee
07:57 AM pfSense Plus Bug #14705 (Feedback): Changes in Ethernet ruleset can lead to incorrect rule and separator order
I was finally able to replicate this issue fairly consistently (albeit not every single time). A fix is now in place ... Marcos M
01:38 PM Bug #14386: ``openvpn.auth-user.php`` gets stuck at 100% CPU usage when RADIUS authentication times out
Duplicate Connection was already disabled (multiple connections from the same user are not allowed - check box not ch... Orion Poplawski
07:12 AM Revision 3d5bdf79: Save rules changes before the ruleset is sorted.
Marcos M

10/18/2023

08:26 PM Bug #14893: Large number of IPsec tunnels causes long filter reload times
In my case, all of the remote gateways are IP addresses. There shouldn't be anything in IPsec that needs to resolve a... Max Leighton
06:58 PM Bug #14893: Large number of IPsec tunnels causes long filter reload times
This may be a duplicate of other existing issues such as #12335 Jim Pingle
06:35 PM Bug #14893 (Resolved): Large number of IPsec tunnels causes long filter reload times
On a 23.05.1 system with many IPsec tunnels, reloading the filter can take over 5 minutes. This results in very slow ... Max Leighton
08:06 PM pfSense Packages Bug #14895 (New): Wireguard / bad performance after reboot, if running together with OpenVPN
Hello,
I initially posted in the netgate forum, but in the meantime I conducted more investigations and I think I ... Pascal Terrien
07:48 PM pfSense Plus Bug #13455: Serial console output fails to render properly in certain cases on 4100, 6100, and 8200.
I created a separate issue for the remaining login prompt problem: #14894 Jim Pingle
06:36 PM pfSense Plus Bug #13455: Serial console output fails to render properly in certain cases on 4100, 6100, and 8200.
Chris Mirchandani wrote in #note-16:
> This Redmine was specifically opened for the password protected issue. In the... Jim Pingle
06:33 PM pfSense Plus Bug #13455: Serial console output fails to render properly in certain cases on 4100, 6100, and 8200.
This Redmine was specifically opened for the password protected issue. In the process of looking into that issue you ... Chris Mirchandani
06:17 PM pfSense Plus Bug #13455 (Feedback): Serial console output fails to render properly in certain cases on 4100, 6100, and 8200.
Fix committed: https://gitlab.netgate.com/pfSense/factory/-/commit/69b321f6d5153ed0e8146abf716cee6f8cd98646 Jim Pingle
06:09 PM pfSense Plus Bug #13455 (In Progress): Serial console output fails to render properly in certain cases on 4100, 6100, and 8200.
The unusual characters in the loader clear up if we set the console to @efi@ explicitly on affected platforms (4100, ... Jim Pingle
07:47 PM pfSense Plus Bug #14894 (New): Password protected console login prompt does not render properly on 4100/6100/8200 serial console
After resolving other console issues with the 4100/6100/8200 in #13455 a problem remains with the login prompt.
It... Jim Pingle
05:29 PM Feature #14844: QAT 200xx devices are not recognized as supported
Updating subject for release notes. Jim Pingle
05:24 PM Regression #14876: ``ca_setup_trust_store()`` behavior conflicts with ``certctl``
It works fine on:... Danilo Zrenjanin
05:05 PM Regression #14616 (Resolved): dpinger does not start after renewing DHCP
The same test works as expected against 23.09.b.20231018.0600.
I am marking this ticket resolved. Danilo Zrenjanin
04:59 PM Regression #14616: dpinger does not start after renewing DHCP
I was able to reproduce the reported issue on the 23.05.1 release. Danilo Zrenjanin
03:31 PM Revision 221fc6d2: MVC updates for SSH and gateways code.
Marcos M
03:00 PM Bug #14892 (Feedback): Traffic graph filters apply incorrectly
Applied in changeset commit:af627f37e47b939d6930b1d49fcc6842fd955705. Anonymous
02:31 PM Bug #14892 (In Progress): Traffic graph filters apply incorrectly
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/1092
https://forum.netgate.com/topic/183480/traffic-grap... Steve Wheeler
02:30 PM Bug #14892 (Resolved): Traffic graph filters apply incorrectly
The traffic graphs include a seection to filter for local, remote or all traffic but the results are unexpected.
T... Steve Wheeler
02:53 PM Revision af627f37: Traffic Graph filtering corrections. Fix #14892
Steve Wheeler
02:53 PM pfSense Packages Bug #14390: Squid: SECURITY ALERT: Host header forgery detected
Can anyone advise on the feasibility of building a custom patched version of Squid (at least for testing purposes to ... Simon Byrnand
02:11 PM Bug #14884 (Resolved): Kea service for IPv6 can show active even when no interfaces have DHCPv6 enabled
Tested against:
23.09.b.20231018.0600
I am marking this ticket as resolved.
Danilo Zrenjanin
02:01 PM Regression #14877 (Resolved): Import PKCS #12 (PFX) certificate error when using legacy/low ciphers
Tested against the latest Beta release.
The error message now accurately describes the cause of the failure.
<... Danilo Zrenjanin
10:40 AM Bug #14891 (New): High CPU usage when interface get down and up due to proces check_reload_status
Today I noticed that the cpu usage was high on my pfSense appliance (N5105, I226).
After looking in top I see that ... Thijs K

10/17/2023

11:15 PM Regression #14889 (Resolved): Lock leak kernel panic after upgrading to 23.09
The user who was hitting this reports success updating to the latest build containing the fix. Steve Wheeler
07:39 PM Regression #14889 (Feedback): Lock leak kernel panic after upgrading to 23.09
Christian McDonald
12:53 PM Regression #14889 (Resolved): Lock leak kernel panic after upgrading to 23.09
After upgrading to 23.09 the system appears to hang after starting the DHCP server (ISC) eventually panicking and reb... Steve Wheeler
06:30 PM Feature #14844 (Feedback): QAT 200xx devices are not recognized as supported
Applied in changeset commit:1579b10b674d08214404b7f145db780e985554c4. Marcos M
06:22 PM Feature #14844 (Pull Request Review): QAT 200xx devices are not recognized as supported
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/1091
The dashboard should now recognize it. Marcos M
06:13 PM Revision 1579b10b: Recognize the 200xx Series QAT device. Implement #14844
Marcos M
04:48 PM Regression #14877: Import PKCS #12 (PFX) certificate error when using legacy/low ciphers
After internal discussion we decided not to enable the legacy provider by default because it had other potentially ne... Jim Pingle
04:46 PM Revision 392133c7: Amend P12 error for bad ciphers. Fixes #14877
Jim Pingle
04:35 PM Revision 43179546: Revert "Enable OpenSSL legacy provider by default. Issue #14877"
This reverts commit 275ae19ad70336f06ed53d655ceb96c8b2ab56f0. Jim Pingle
03:50 PM Regression #14755 (Resolved): Intermittent core dump in ``ndp`` when visiting ``diag_ndp.php``
Marcos M
03:48 PM pfSense Packages Todo #14881: for wiregaurd interface add linklocal IPv6 address
The VIP page allows LL addresses, a new page isn't needed for that part. The MAC address can be manually set on assig... Marcos M
11:43 AM pfSense Packages Todo #14881: for wiregaurd interface add linklocal IPv6 address

I used firewall_virtual_ip.php to add the fe80 address before, and it worked. However, this method has failed in re... yon Liu
01:43 PM pfSense Packages Feature #14890: dtlspipe package
I have told the author and he has seen this post. yon Liu
01:38 PM pfSense Packages Feature #14890: dtlspipe package
First it would have to be added to FreeBSD ports Jim Pingle
01:24 PM pfSense Packages Feature #14890 (New): dtlspipe package
This is a DTSL tool that has been tested and used. It can add DTLS support to almost all UDP. It is especially suitab... yon Liu
08:33 AM Todo #10464: Don't change the current update repo when new releases are available
Jim Pingle wrote in #note-2:
> While not a bug per se, it is something we could improve. It would prevent some accid... Sima Xi
12:43 AM Bug #14809 (Resolved): ``packet_capture.php`` uses ``count`` and ``length`` values in command execution without validation or encoding
Marcos M

10/16/2023

10:53 PM Bug #13911 (Resolved): Unnecessary delay when querying ``ixgbe(4)`` interfaces with SFP ports
This looks good in current 23.09 builds.
Tested:... Steve Wheeler
10:51 PM Regression #14885 (Resolved): PPPoE clients macro does not work
Patch tested by @cjl and the system table now populates correctly:... Marcos M
07:40 PM Regression #14885 (Feedback): PPPoE clients macro does not work
Applied in changeset commit:87510765f94b51d3f5ddcea66b14ab6211cbc864. Marcos M
07:02 PM Regression #14885 (Pull Request Review): PPPoE clients macro does not work
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/1090 Marcos M
06:43 PM Regression #14885 (Resolved): PPPoE clients macro does not work
The PPPOE system alias is missing, and creating a rule with the @PPPoE clients@ macro and gateway results in the foll... Marcos M
10:49 PM Regression #14867 (Resolved): Address family validation prevents creating 1:1 NAT rule
Marcos M
10:44 PM Bug #14785 (Resolved): Primary IPv6 interface address may be incorrect when a VIP is set
The @ifconfig@ output order has not changed, but rather what the system _determines_ to be primary address (e.g. unde... Marcos M
10:30 PM pfSense Packages Feature #13575 (Resolved): Update to frr 9.0.1
Marcos M
10:29 PM Feature #14731 (Resolved): Unbound Advanced Settings entry for ``sock-queue-timeout``
An empty value now defaults to 0 as expected. Marcos M
10:26 PM Feature #14620 (Assigned): Support running DHCPv4 Server and DHCPv4 Relay at the same time on different interfaces
Marcos M
10:10 PM Todo #14888 (Resolved): Exclude non-release branches from general update checks
To make it simpler to provide repos for devel, beta, and rc versions concurrently, the -C option should be modified t... Reid Linnemann
09:17 PM Feature #14887 (Closed): Add an appropriately named file to install images to indicate what they are
If you have written a number of images to USB sticks it can be hard to know which image is actually on any particular... Steve Wheeler
08:52 PM pfSense Packages Todo #14881 (Duplicate): for wiregaurd interface add linklocal IPv6 address
Marcos M
08:48 PM pfSense Packages Todo #14881 (Incomplete): for wiregaurd interface add linklocal IPv6 address
> I originally used aliases to add wg interfaces, but this method is invalid in version pf23.09.
What method is th... Marcos M
08:51 PM pfSense Packages Feature #14652: FRR OSPF6 not working over wireguard
> I guess this request might be regarded as a feature request to add link-local ipv6 to the tun_wg interface by defau... Marcos M
08:27 PM pfSense Packages Feature #14652: FRR OSPF6 not working over wireguard
Probably related to #14881 beermount beermount
08:07 PM Bug #14804 (Feedback): Panic when pfsync attempts to synchronize states between hosts with different rulesets
I've pushed a fix to all relevant branches (including 23.09). It'll be part of the next snapshot builds. Kristof Provost
04:49 PM Bug #14804 (In Progress): Panic when pfsync attempts to synchronize states between hosts with different rulesets
Jim Pingle
04:37 PM Bug #14804: Panic when pfsync attempts to synchronize states between hosts with different rulesets
Cheers, that helped!
I think I see what happened here. Basically I fixed the problem upstream and missed a case in... Kristof Provost
02:47 PM Bug #14804: Panic when pfsync attempts to synchronize states between hosts with different rulesets
Sorry just went out of my head…
FreeBSD 14.0-CURRENT amd64 1400094 #1 plus-RELENG_23_09-n256151-106588946ac: Mon... Vladimir Suhhanov
12:24 PM Bug #14804: Panic when pfsync attempts to synchronize states between hosts with different rulesets
Yes, but what *version* are you running?
Post the output of "uname -a" and "pkg info pfSense-kernel-pfSense". Kristof Provost
12:04 PM Bug #14804: Panic when pfsync attempts to synchronize states between hosts with different rulesets
@db:1:pfs> bt
Tracing pid 12 tid 100062 td 0xfffffe00c641f560
kdb_enter() at kdb_enter+0x32/frame 0xfffffe001b1e260... Vladimir Suhhanov
08:35 AM Bug #14804: Panic when pfsync attempts to synchronize states between hosts with different rulesets
Yes, the relevant patch is in the 23.09 branch. What version are you running and what is the full backtrace you're ge... Kristof Provost
08:17 AM Bug #14804: Panic when pfsync attempts to synchronize states between hosts with different rulesets
Does this patch apply to the current beta builds? I have tried one beta build from 13 Oct and it crashes the same way. Vladimir Suhhanov
07:25 PM Feature #14886 (New): Visual improvement to the Gateway widget: display the icon in a color reflecting the status

A small tweak to the Gateway widget to display the icon in a color reflecting the status.
Rationale:
In my fou... Patrik Stahlman
06:46 PM Revision 87510765: Generate a system alias for PPPoE clients. Fix #14885
Marcos M
05:45 PM Bug #14884 (Feedback): Kea service for IPv6 can show active even when no interfaces have DHCPv6 enabled
Applied in changeset commit:5fc3b1fbae1fba06563bfebf6cc559769b59f8bf. Jim Pingle
05:37 PM Bug #14884 (Resolved): Kea service for IPv6 can show active even when no interfaces have DHCPv6 enabled
If an interface is configured for track6 it can cause the Kea service for IPv6 to appear active and running even when... Jim Pingle
05:39 PM Revision 9a632676: Remove trigger_initial_wizard since it is not used in the pkg
Brad Davis
05:37 PM Revision 5fc3b1fb: Remove outddated DHCPv6 test. Fixes #14884
Jim Pingle
03:19 PM pfSense Plus Regression #14883 (Not a Bug): Package Manager in 23.05.1 broken
The package manager servers are the same for Plus on Netgate and non-Netgate hardware for amd64 systems. There do not... Jim Pingle
03:10 PM pfSense Plus Regression #14883 (Not a Bug): Package Manager in 23.05.1 broken
Hello,
Package Manager on 23.05.1 is not showing Available packages now, as if the repo is offline or something. ... Scott Keats
03:09 PM pfSense Plus Regression #14180: ConnectX-4 LX MCX4121A-ACAT - VT-d passthrough of both ports, virtualized pfSense fails to boot due to mlx5 driver errors
Hi, thanks for looking into it.
My setup was already EFI-based. I've long since abandoned the Mellanox card and am... name name
03:07 PM Regression #14880: Diagnostics>States doesn't allow rule ID and interface filtering simultaneously but clearing the interface field is not possible
Confirmed patch allows Interface and Rule ID at the same time. dylan mendez
03:00 PM Regression #14880 (Feedback): Diagnostics>States doesn't allow rule ID and interface filtering simultaneously but clearing the interface field is not possible
Applied in changeset commit:f8606ffa1b83d1d4105e0a48e49fa0b5ed4a2138. Jim Pingle
02:48 PM Regression #14880: Diagnostics>States doesn't allow rule ID and interface filtering simultaneously but clearing the interface field is not possible
Not specific to plus. Jim Pingle
02:52 PM Bug #12747: Restarting the logging daemon during rotation also restarts ``sshguard``, leading to frequent log messages
Jonathan Stafford wrote in #note-14:
> I'm having this problem as well, with 23.05.1-RELEASE. For me, the issue see... Geovane Gonçalves
02:51 PM Revision f8606ffa: Fix state dump rule ID validation. Fixes #14880
Jim Pingle
02:47 PM Regression #14877 (Feedback): Import PKCS #12 (PFX) certificate error when using legacy/low ciphers
Fixed by commit:275ae19ad70336f06ed53d655ceb96c8b2ab56f0 which enables the legacy provider by default.
If testing ... Jim Pingle
02:27 PM Regression #14877 (In Progress): Import PKCS #12 (PFX) certificate error when using legacy/low ciphers
That's because when it gets exported it's using a low/old/deprecated cipher set. Then the import code doesn't support... Jim Pingle
02:29 PM Revision 275ae19a: Enable OpenSSL legacy provider by default. Issue #14877
Jim Pingle
02:10 PM Regression #14876 (Feedback): ``ca_setup_trust_store()`` behavior conflicts with ``certctl``
Applied in changeset commit:72c441e9e0c0f3d4cd26f554a67aa91e06734b5b. Jim Pingle
01:45 PM Regression #14876: ``ca_setup_trust_store()`` behavior conflicts with ``certctl``
This is really a base system issue and likely the same root cause as other issues we've seen.
@certctl rehash@ is ... Jim Pingle
01:48 PM Revision 72c441e9: Refresh OS CA list after updating trust store. Fixes #14876
Jim Pingle
12:19 PM Regression #14873 (Resolved): Kea DHCP Static Mappings 404 Not Found
Jim Pingle

10/15/2023

11:50 AM Feature #2358: NAT64 support
Please, is there a plan to implement functionality with an alternative to ipfw_nat64?
pfsense is unusable if Provi... Thomas Wagner
10:40 AM pfSense Packages Todo #14881 (Duplicate): for wiregaurd interface add linklocal IPv6 address
Since frr8- frr9 requires that the fe80:: address must be configured. so wiregaurd need add this fe80:: address.
I... yon Liu
06:52 AM pfSense Plus Bug #14879: Disabling DNS Rebinding Checks deletes private domains from unbound config
According to johnpoz in the linked forum thread, DNSSEC validation fails. This would explain why it is not working an... Bob Dig
03:01 AM pfSense Plus Regression #14180: ConnectX-4 LX MCX4121A-ACAT - VT-d passthrough of both ports, virtualized pfSense fails to boot due to mlx5 driver errors
see if it makes any difference booting EFI with your setup - https://docs.netgate.com/pfsense/en/latest/recipes/virtu... Jordan G
02:50 AM pfSense Packages Feature #12179 (Confirmed): QEMU package
A package would also eliminate a lot of the script creation and general "hackery" needed to get the QEMU guest agent ... Kris Phillips
02:15 AM Regression #14873: Kea DHCP Static Mappings 404 Not Found
Tested on Oct 14th builds. Double clicking entries no longer returns any 404 messages. Confirmed fixed. Kris Phillips
02:05 AM Bug #14083: Adding MSS and MTU values on a LAGG VLAN interface breaks connectivity
Daniel Hoffend wrote in #note-12:
> I can confirm the issue with pfSense 2.7. We're using multiple vlan interfaces o... Kris Phillips
01:54 AM Regression #14880: Diagnostics>States doesn't allow rule ID and interface filtering simultaneously but clearing the interface field is not possible
Tested this on 23.05.1 and this error is not present when attempting to filter, so this is new for 23.09. Kris Phillips
01:52 AM Regression #14880: Diagnostics>States doesn't allow rule ID and interface filtering simultaneously but clearing the interface field is not possible
Bug confirmed on latest 23.09 BETA build from Oct 14th. This error appears to be cosmetic, as the filtering still wo... Kris Phillips
12:57 AM Regression #14856 (Resolved): Duplicating a floating rule places it at the bottom
Tested on... Christopher Cope
12:34 AM Bug #14648: Values obtained from ``sysctl`` are sometimes unexpectedly empty, leading to PHP and other math errors
Okay,
So I have been running sysctl -iq hw.physmem for every 10 seconds and it has NEVER returned 0 but today i h... Michael Clews
 

Also available in: Atom