Project

General

Profile

Activity

From 10/29/2023 to 11/27/2023

11/27/2023

10:11 PM Revision fae35334: Update version to 2.7.2-RC
Brad Davis
09:50 PM pfSense Packages Bug #14861: PHP error when pings are enabled but no ping hosts are defined
Hi, not sure what to tell you. I was using the telegraf plugin on 2.7.x sending stats to an influxdb. I don't recall ... David Bowen
08:52 PM Feature #13085 (Feedback): OpenVPN NBDD server options
Marcos M
08:37 PM pfSense Packages Bug #14287 (Resolved): pfBlockerNG does not uninstall cleanly when using RAM disks
Fixed in version 3.2.0_7: https://github.com/pfsense/FreeBSD-ports/commit/bd3ae22c8740dad7db80a893038990c83b55700f Marcos M
07:59 PM pfSense Plus Bug #15035: System GUI unaccessable
TAC ticket number is: 2113707645 Jonathan Lee
07:53 PM pfSense Plus Bug #15035: System GUI unaccessable
https://forum.netgate.com/topic/184377/4-1-6_14-snort-23-09-issue-arm Jonathan Lee
07:49 PM pfSense Plus Bug #15035: System GUI unaccessable
NogBadTheBad
also stated issues with the ".14 fix" Snort update however the thread was locked right after he reporte... Jonathan Lee
07:46 PM pfSense Plus Bug #15035: System GUI unaccessable
I had to uninstall Snort to access the web GUI. It does not work for my configuration you see above at all. I am stuc... Jonathan Lee
07:03 PM pfSense Plus Bug #15035: System GUI unaccessable
wrt snort, the issue with killing states is resolved; see https://forum.netgate.com/topic/184112/important-snort-and-... Marcos M
05:12 PM pfSense Plus Bug #15035: System GUI unaccessable
Thank you open source community for all you do. Jonathan Lee
05:11 PM pfSense Plus Bug #15035: System GUI unaccessable
23.09 is not stable when Snort is used with blocking enabled it will depreciate a firewall to no gui access with bloc... Jonathan Lee
05:08 PM pfSense Plus Bug #15035: System GUI unaccessable
Packages running
23.05.01 final ARM SG2100 stable version time to stable config 2019->2023
I hope that provides... Jonathan Lee
05:02 PM pfSense Plus Bug #15035: System GUI unaccessable
ACLs Jonathan Lee
04:53 PM pfSense Plus Bug #15035: System GUI unaccessable
Squid uses both splice for some and intercept for others Jonathan Lee
04:52 PM pfSense Plus Bug #15035: System GUI unaccessable
None of that is relevant if you cannot reproduce the PHP error while you are on a stock/unmodified 23.09. If you only... Jim Pingle
04:51 PM pfSense Plus Bug #15035: System GUI unaccessable
took from 2019 until 23.05.01 for this to be stable
23.09 on arm processor is not stable with Snort active .14 ver... Jonathan Lee
04:50 PM pfSense Plus Bug #15035: System GUI unaccessable
backups/patched custom Jonathan Lee
04:34 PM pfSense Plus Bug #15035: System GUI unaccessable
Attached is information on how my system works in 23.05.01. This is stable and runs for days without issues even with... Jonathan Lee
03:58 PM pfSense Plus Bug #15035: System GUI unaccessable
23.09 is not stable for Snort it just doesn't work with it on ARM. Jonathan Lee
03:57 PM pfSense Plus Bug #15035: System GUI unaccessable
Steps to reproduce.
1. Use boot environments I went to test out 23.09 again with the latest Snort update. I starte... Jonathan Lee
02:12 PM pfSense Plus Bug #15035 (Rejected): System GUI unaccessable
There is no code like that on line 535 in a current version of head.inc. On 23.05.1 it would imply that the content o... Jim Pingle
02:28 AM pfSense Plus Bug #15035: System GUI unaccessable
Errors that are listed in logs Jonathan Lee
02:26 AM pfSense Plus Bug #15035: System GUI unaccessable
I noticed this after some snort changes when this GUI access was removed
Changes marked unknown... Jonathan Lee
02:00 AM pfSense Plus Bug #15035 (Rejected): System GUI unaccessable
/head.inc, Line: 535, Message: Uncaught TypeError: count): Argument #1 (Svalue) must be of type Countable|array, bool... Jonathan Lee
07:39 PM Regression #15011 (Resolved): ISC DHCP responds from a random port
Marcos M
06:52 PM Regression #15011: ISC DHCP responds from a random port
Before the fix, DHCP logs show the following when a client tries to renew (logs reversed):... Marcos M
07:07 PM Feature #14620: Support running DHCPv4 Server and DHCPv4 Relay at the same time on different interfaces
For reference: https://github.com/pfsense/FreeBSD-ports/commit/43067d320d88d1d9856d048c7129399bd80a2216 Marcos M
07:02 PM Revision 891a9fa4: Show the target for auto outbound NAT rules. Fix #15025
(cherry picked from commit 83bca4954db2a52c35c1581e53be2faa7a47d49b) Marcos M
07:02 PM Revision 9c227343: Append a new line to NAT rule errors. Fix #15024
(cherry picked from commit b7f2b1dc3f0c15c4b2b9d475848f42573c43e261) Marcos M
07:02 PM Revision 4e15e2de: Update misleading function names. Fix #11566
(cherry picked from commit 50b5741beafdb34a3009b78279e203570f5e6d3f) Marcos M
07:02 PM Revision 0323b9fe: Fix IPsec log value handling. Fixes #14990
(cherry picked from commit dcdb461733044d274c742832097b13a312045f37) Jim Pingle
07:02 PM Revision b5f346cf: Save the mobile IPsec group auth setting. Fix #14963
(cherry picked from commit 0fc7765c886ed60555750d12808f493d70918450) Marcos M
07:02 PM Revision 4f89ce19: Remove invalid field from input validation. Fix #14965
(cherry picked from commit a6c6b835f8d75796c0c1fb9ecde90f5b1757f807) Marcos M
07:02 PM Revision a433a061: Update direct config access in services_dhcpv6.php. Fix #14978
(cherry picked from commit 6df70417029defed162b539720e8baa03984f653) Marcos M
07:02 PM Revision 7f85fd87: Fix PHP error when saving PPP interface w/o config. Issue #14949
(cherry picked from commit 0236684082ef0a954ce74a785a4d0eb2e22106cd) Jim Pingle
06:59 PM pfSense Plus Bug #15040 (Closed): ld-elf.so.1: Shared object "libssl.so.30" not found, required by "pfSense-repoc"
It's a known issue that's resolved by https://redmine.pfsense.org/issues/10464. Marcos M
06:07 PM pfSense Plus Bug #15040 (Closed): ld-elf.so.1: Shared object "libssl.so.30" not found, required by "pfSense-repoc"
When using boot environments to move system back to last stable version users can no longer check for updates
@ld... Jonathan Lee
05:35 PM pfSense Plus Feature #15039 (Closed): GUI to configure Packet Flow Data (``pflow``) export
Following #15038 the GUI will need a set of options to configure @pflow(4)@ behavior
It will need at least the fol... Jim Pingle
05:25 PM pfSense Plus Feature #15038 (Closed): Operating System support for PF ``pflow`` packet data flow export
Import the "pflow(4)":https://man.openbsd.org/pflow.4 netflow/IPFIX export functionality for PF from OpenBSD into pfS... Jim Pingle
04:33 PM Bug #15034: FreeBSD-EN-23:16.openzfs: Potential ZFS file corruption
name name wrote in #note-2:
> Could you please tell me if an update is planned for 23.09/2.7.1 once an upstream fix ... Jim Pingle
04:16 PM Bug #15034: FreeBSD-EN-23:16.openzfs: Potential ZFS file corruption
Thank you for looking into it and the recommendation.
Could you please tell me if an update is planned for 23.09/2... name name
02:05 PM Bug #15034 (Closed): FreeBSD-EN-23:16.openzfs: Potential ZFS file corruption
pfSense 23.09 and 2.7.1 are both using code that is close to 2.2.0:... Jim Pingle
03:40 PM Regression #15030 (Confirmed): Keymap Layout Options No Longer Provided
I tried both BIOS and UEFI paths and it doesn't show up in either case. This isn't new, however, it wasn't in 2.7.0 e... Jim Pingle
02:06 PM pfSense Packages Todo #12806 (Closed): Update node_exporter to 1.3.1
Jim Pingle
02:05 AM pfSense Packages Todo #12806: Update node_exporter to 1.3.1
Logan Marchione wrote:
> Sorry if this isn't the right place to ask. I wasn't sure if pfSense published package upda... Logan Marchione
02:06 PM pfSense Packages Bug #14986 (Resolved): Snort's Legacy Blocking Mode custom plugin code causes a Signal 11 and core dump when "kill states" option is enabled
Jim Pingle
01:57 PM pfSense Plus Bug #15026 (Not a Bug): PHP Error since upgrading to 23.09
This isn't a bug, either something didn't complete in your upgrade or something else patched on there is causing it. ... Jim Pingle
01:55 PM Feature #15031 (Closed): Need "Custom Options" section for Kea DHCP Server to support Kea DHCP-DDNS service at a minimum
We are aware of the features not yet implemented in Kea, these are already being developed and do not need to be trac... Jim Pingle
01:51 PM pfSense Packages Bug #15028 (Not a Bug): OpenVPN + FRR BGP routing failure(Unable to contact daemon/Service not running?)
That is the kind of error you'll get if there is a conflicting route already in the table which prevents it from conf... Jim Pingle
01:39 PM pfSense Plus Bug #15036: Traffic Shaper Wizard Dedicated generates error
Please include the details of all the inputs that were given in the wizard which resulted in the error. It should all... Jim Pingle
06:09 AM pfSense Plus Bug #15036: Traffic Shaper Wizard Dedicated generates error
Tested on
23.09-RELEASE (amd64)
built on Thu Nov 23 9:32:00 UTC 2023
FreeBSD 14.0-CURRENT
I can confirm this e... aleksei prokofiev
05:56 AM pfSense Plus Bug #15036 (Confirmed): Traffic Shaper Wizard Dedicated generates error
I can reproduce it on 23.01, 23.05_1 and 23.09
All the time I run *Traffic Shaper Wizard Dedicated* with HFSC que... Azamat Khakimyanov
12:29 PM Bug #15037 (New): NTPD: Serial GPS with PPS error opening /dev/gpspps0
Receive the following error message in the NTP log when using a serial GPS with PPS output connect to a serial COM po... Elvis Impersonator
07:26 AM pfSense Packages Bug #15018: Suricata 7.0.2 service stop problem
Service_Watchdog is not (and was never) installed on affected systems. What I don't understand how can a "suricata.sh... Robert Karsai
04:53 AM Bug #15015: Static routes not working
dylan mendez wrote in #note-2:
> In this case, my best guess is that the IPSec tunnel is going down for some reason, ... Silviu Bajenaru
12:23 AM Bug #15015: Static routes not working
In this case, my best guess is that the IPSec tunnel is going down for some reason, therefore, the route is no longer... dylan mendez
12:22 AM Bug #15015: Static routes not working
Created 3 VMs
VM 1 - pfSense CE 2.7.0 - Subnet: 192.168.1.0/24 - Connected via VTI IPsec to VM2 (10.10.10.1) - Rou... dylan mendez

11/26/2023

11:04 PM pfSense Packages Bug #14986: Snort's Legacy Blocking Mode custom plugin code causes a Signal 11 and core dump when "kill states" option is enabled
The fix has deployed in package updates to both CE 2.7.1 and Plus 23.09. User feedback on the Netgate Forum indicates... Bill Meeks
10:59 PM pfSense Packages Bug #15033: Suricata rule lists can't be manually updated unless the ETOpen Emerging Threats list is enabled
Verified.
The check for enabled rules currently only checks for ET Open, Snort VRT, ET Pro, and Extra Rules as shown... Bill Meeks
02:11 AM pfSense Packages Bug #15033 (Resolved): Suricata rule lists can't be manually updated unless the ETOpen Emerging Threats list is enabled
To reproduce on a system that's never had Suricata installed before:
- Install it, enable an interface and start the... Chris W
10:52 PM pfSense Packages Bug #15018: Suricata 7.0.2 service stop problem
Robert Karsai wrote in #note-4:
> Hello Bill, Thanks for looking into this issue. I've managed to reproduce the probl... Bill Meeks
09:48 PM pfSense Packages Bug #15018: Suricata 7.0.2 service stop problem
Hello Bill, Thanks for looking into this issue. I've managed to reproduce the problem on a Netgate 4100 cluster maste... Robert Karsai
04:53 PM pfSense Packages Bug #15018: Suricata 7.0.2 service stop problem
Continuing to try and gather data about this issue. I have not been able to reproduce it in my local testing machines... Bill Meeks
04:00 AM pfSense Packages Bug #15018: Suricata 7.0.2 service stop problem
Editing redmine to correct title. Kris Phillips
02:52 PM pfSense Plus Bug #15026: PHP Error since upgrading to 23.09

cat /etc/inc/util.inc | grep "php_default_memory"
it is there and the code as well
function get_php_default_memory... Eric Nguyen
01:43 AM pfSense Plus Bug #15026: PHP Error since upgrading to 23.09
Those patches shouldn't affect it. That function 'get_php_default_memory()' should be defined in /etc/inc/util.inc. I... Christopher Cope
11:59 AM Bug #15034 (Resolved): FreeBSD-EN-23:16.openzfs: Potential ZFS file corruption
From reading the ZFS issue tracker there seem to be quite a few problems with the new ZFS 2.2.0 version and I was won... name name
06:23 AM Bug #13413: Some messages presented to users contain relative links to pages which may be invalid when triggered from certain packages
Tested on
23.09-RELEASE (amd64)
built on Fri Nov 17 13:32:00 UTC 2023
FreeBSD 14.0-CURRENT
I've tried different... aleksei prokofiev
05:27 AM pfSense Packages Bug #14287: pfBlockerNG does not uninstall cleanly when using RAM disks
quite similar, both ends of the spectrum though - https://redmine.pfsense.org/issues/13679
can I ask if you have IPv... Jordan G
04:12 AM Bug #14978: PHP error on ``services_dhcpv6.php`` if the configuration contains an empty ``dhcpv6`` section
I set a static v6 address on one of my LANs and when trying to enable ISC or KEA v6 DHCP server I receive the same me... Jordan G
03:56 AM pfSense Packages Bug #14861 (Incomplete): PHP error when pings are enabled but no ping hosts are defined
Tested on 2.7.1. I'm still not able to recreate this bug report. Marking as Incomplete until exact replication step... Kris Phillips
12:03 AM pfSense Plus Bug #15029 (Not a Bug): Additional packages are blank
Christopher Cope

11/25/2023

03:41 PM pfSense Plus Bug #15029: Additional packages are blank
Rebooted system again this morning and its working fine now. thanks for the help. John Beaudoin
03:17 PM pfSense Plus Bug #15029: Additional packages are blank
You can try these steps to force download new repository files. This is often all you need to do but repo issues are ... Chris W
03:14 PM Bug #15032 (Resolved): Kea DHCP sends wrong bootloader file for UEFI
I already posted this problem in the pfSense forum and was asked to report this issue here. Here is the link of the d... David Masshardt
01:30 PM Feature #15031 (Closed): Need "Custom Options" section for Kea DHCP Server to support Kea DHCP-DDNS service at a minimum
With the move to the Kea DHCP server, local resolution of DHCP names in the DNS relay has gone away. A reasonable wo... Brett Wyer
11:35 AM pfSense Docs Correction #9370: Update old screenshots
The screenshots on the *Launching an Instance with a Single Network Interface* page are outdated.
https://docs.netg... Danilo Zrenjanin
10:45 AM pfSense Docs Correction #14988 (Resolved): DHCPv6 relay Destination Server
It looks good now.
I am marking this ticket resolved. Danilo Zrenjanin
09:53 AM Regression #14987: ``Interface Address`` is no longer an option for outbound NAT targets
I've just tested and confirmed on 23.05.1 that there was no need to assign the Tailscale interface to have it in the ... Danilo Zrenjanin
08:44 AM Regression #15005 (Confirmed): Auto Config Backup times are incorrect
Yes, indeed. I can confirm this behavior at:... Danilo Zrenjanin
08:38 AM Regression #15025 (Resolved): Automatic outbound NAT rules show an empty NAT Address
I can confirm this behavior on 23.09.
The patch fixes it.
I am marking this ticket resolved. Danilo Zrenjanin
08:37 AM Bug #15009: System>Update page menu uses incorrect internal URL
Interestingly, a reboot resolved the issue. No changes made. Jon8RFC .

11/24/2023

09:43 PM Regression #15030 (Confirmed): Keymap Layout Options No Longer Provided
Testing the installer for CE 2.7.1 there is no keyboard/keymap layout option provided as described here:
https://doc... Kris Phillips
08:43 PM Feature #12522: More GUI options for OpenVPN Client-Specific Overrides
and a patch file for current master branch Phil Wardt
08:32 PM Feature #12522: More GUI options for OpenVPN Client-Specific Overrides
I updated the commit as you suggested
https://github.com/pfsense/pfsense/pull/4570 Phil Wardt
06:41 PM pfSense Plus Bug #15029 (Not a Bug): Additional packages are blank
running version
Version 23.09-RELEASE (amd64)
built on Tue Oct 31 15:56:00 EDT 2023
FreeBSD 14.0-CURRENT
Unabl... John Beaudoin
07:25 AM Bug #15009: System>Update page menu uses incorrect internal URL
Hmm. But refresh, ctrl+refresh, shift+refresh, ctrl+shift+refresh all yield the same result for me: Unable to check ... Jon8RFC .

11/23/2023

06:40 PM pfSense Packages Bug #14668: FRR BGP route is not making into kernel route table after WireGuard's peer change is applied
updated to CE 2.7.1, FRR 2.0.2, WireGuard 0.2.1 - the issue is still persist. Oleksii Tucha
06:26 PM pfSense Packages Bug #15028 (Not a Bug): OpenVPN + FRR BGP routing failure(Unable to contact daemon/Service not running?)
Up to version 2.6.0, it works normally without bugs. The new versions 2.7.0 and 2.7.1 report inconsistency according ... Thiago Orico
12:36 PM pfSense Packages Bug #15027 (Resolved): Bind DNS Server cannot reorder zones
Hello all,
Since 23.09 and 23.05 re-ordering zones and saving has no effect, returning to the zone definitions aft... Eric Nguyen
12:30 PM pfSense Plus Bug #15026 (Not a Bug): PHP Error since upgrading to 23.09
Hello all,
Since upgrading to 23.09, have the following error messages in my notice area coming up at regular inte... Eric Nguyen

11/22/2023

10:55 PM Regression #15025 (Feedback): Automatic outbound NAT rules show an empty NAT Address
Applied in changeset commit:83bca4954db2a52c35c1581e53be2faa7a47d49b. Marcos M
10:45 PM Regression #15025 (Resolved): Automatic outbound NAT rules show an empty NAT Address
The @NAT Address@ column for the automatic outbound NAT rules is empty. Checking @/tmp/rules.debug@, the rules are st... Marcos M
10:45 PM Revision 83bca495: Show the target for auto outbound NAT rules. Fix #15025
Marcos M
10:42 PM Regression #15011 (Feedback): ISC DHCP responds from a random port
Marcos M
10:41 PM Regression #15024 (Resolved): Invalid outbound NAT rules break the following rule
Marcos M
09:11 PM Regression #15024: Invalid outbound NAT rules break the following rule
Patch looks good:... Steve Wheeler
09:10 PM Regression #15024 (Feedback): Invalid outbound NAT rules break the following rule
Applied in changeset commit:b7f2b1dc3f0c15c4b2b9d475848f42573c43e261. Marcos M
04:26 PM Regression #15024: Invalid outbound NAT rules break the following rule
In my test case the rule is added twice:... Steve Wheeler
04:25 PM Regression #15024 (Resolved): Invalid outbound NAT rules break the following rule
Manual outbound NAT rules are commented out in the ruleset if they are invalid such as when he interface is disabled:... Steve Wheeler
09:02 PM Revision b7f2b1dc: Append a new line to NAT rule errors. Fix #15024
Marcos M
06:08 PM Bug #14891: High CPU usage when interface get down and up due to proces check_reload_status
I've seen this issue on two different 4100 units in the past 2 days (Nov 21 and 22).
It seems to prevent the WAN conn... Andrew Almond
04:25 PM Revision e6f78714: Update fontawesome references in form buttons
Marcos M
02:34 PM Bug #15023: KEA DHCP and ERROR [kea-dhcp4.dhcp4.0x545c1212000] DHCP4_PARSER_FAIL failed to create or run parser for configuration element subnet4: option data does not match option definition (space: dhcp4, code: 42)
Thanks Jim.
I just took a look at RFC 2132, Section 8.3, <https://datatracker.ietf.org/doc/html/rfc2132#section-8.... Jeffrey Walton
01:31 PM Bug #15023 (Duplicate): KEA DHCP and ERROR [kea-dhcp4.dhcp4.0x545c1212000] DHCP4_PARSER_FAIL failed to create or run parser for configuration element subnet4: option data does not match option definition (space: dhcp4, code: 42)
Given the content of the file causing the error, this is a duplicate of #14991 Jim Pingle
08:03 AM Bug #15023: KEA DHCP and ERROR [kea-dhcp4.dhcp4.0x545c1212000] DHCP4_PARSER_FAIL failed to create or run parser for configuration element subnet4: option data does not match option definition (space: dhcp4, code: 42)
After SSH'ing into the box, this is what is reported for kea-dhcp4.conf:
```
$ cat -n /usr/local/etc/kea/kea-dhcp... Jeffrey Walton
07:50 AM Bug #15023 (Duplicate): KEA DHCP and ERROR [kea-dhcp4.dhcp4.0x545c1212000] DHCP4_PARSER_FAIL failed to create or run parser for configuration element subnet4: option data does not match option definition (space: dhcp4, code: 42)
Hi Everyone,
I'm using the latest pfSense image, 2.7.1 (amd64). I got the ISC DHCP warning on reboot. I switched t... Jeffrey Walton
01:52 PM Bug #14917 (Feedback): Mulicast traffic on a detached interface causes a panic
I've picked the relevant change (https://cgit.freebsd.org/src/commit/?id=b01cad6d3a8523101e7915809144f47e3045067f) to... Kristof Provost
01:25 PM Bug #14917: Mulicast traffic on a detached interface causes a panic
Forcing V_mfchashtbl to NULL produces a panic on that exact line in X_ip_mrouter_done, with the same `fault virtual a... Kristof Provost
11:23 AM Bug #14917: Mulicast traffic on a detached interface causes a panic
One report decodes to FreeBSD-src-RELENG_2_7_1/sys/netinet/ip_mroute.c:815, or `LIST_FOREACH_SAFE(rt, &V_mfchashtbl[i... Kristof Provost
01:23 AM Feature #15022 (Resolved): Allow overriding text scrolling during package install/uninstall
Hello fellow Redmine community members. I have noticed time and time again I have the ability to scroll during packag... Jonathan Lee

11/21/2023

10:47 PM Regression #15011 (Pull Request Review): ISC DHCP responds from a random port
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/379 Marcos M
02:42 PM Regression #15011: ISC DHCP responds from a random port
Although RFC2131 doesn't specifically dictate the source ports, RFC8357 was proposed to address the requirement to us... Douglas Hoffman
10:45 PM Todo #10464 (Feedback): Don't change the current update repo when new releases are available
The update check process has changed recently (available in 23.09 and CE dev currently).
Now relevant repos are ch... Marcos M
12:53 AM Todo #10464: Don't change the current update repo when new releases are available
Craig Leres wrote in #note-21:
> Three years later I wake up to find that my SG-3100 has auto-borked itself by autom... Kyle Palmer
09:07 PM Feature #13340: Option to change QinQ ethertype to Service VLAN Tag
Steve Wheeler wrote in #note-1:
> In 23.01/2.7 the QinQ is handled by if_vlan directly and not netgraph. It now uses... Yif Swery
08:37 PM Feature #4728: Expose ``nopool`` server option in the OpenVPN Server GUI
I usually find negated settings hard to read. But let me know what you prefer or simply push the edits yourself into ... Florian Apolloner
08:10 PM Bug #15020: pfSense 2.7.1 No Hardware Crypto Acceleration in OpenVPN
Perhaps it is worth removing this option completely so as not to be misleading?
Even better - display OpenVPN hardwa... I Ivanov
04:40 PM Bug #15020 (Not a Bug): pfSense 2.7.1 No Hardware Crypto Acceleration in OpenVPN
The "Hardware Crypto" option hasn't done much of anything in OpenVPN in a long time. OpenVPN/OpenSSL will use what it... Jim Pingle
03:26 PM Bug #15020: pfSense 2.7.1 No Hardware Crypto Acceleration in OpenVPN
Same thing after a clean install I Ivanov
03:25 PM Bug #15020 (Not a Bug): pfSense 2.7.1 No Hardware Crypto Acceleration in OpenVPN
After update to pfSense 2.7.1 only "No Hardware Crypto Acceleration" available in OpenVPN on all my instances (usuall... I Ivanov
07:37 PM Revision 91c4768b: More fontawesomev6 updates
Marcos M
10:29 AM pfSense Packages Bug #14986: Snort's Legacy Blocking Mode custom plugin code causes a Signal 11 and core dump when "kill states" option is enabled
The relevant changes have been merged to 2.7.1 and 23.09.
The 23.09 build is currently failing due to unrelated ch... Kristof Provost

11/20/2023

10:22 PM Regression #15019 (Resolved): pfSense Plus is always shown as an available upgrade for eligible CE devices.
With the new ability of pfSense-upgrade to check for updates in all available repo branches CE devices will always di... Steve Wheeler
09:59 PM pfSense Packages Bug #15018: Suricata 7.0.2 service stop problem
The Subject is "Suricata 7.0.2 service stop problem" not "Suricata 7.0.12" of course Robert Karsai
08:22 PM pfSense Packages Bug #15018 (New): Suricata 7.0.2 service stop problem
Hello,
I can't reliably stop Suricata service using Services / Suricata / Interfaces / <interface> / stop icon. I'... Robert Karsai
09:27 PM Regression #15011: ISC DHCP responds from a random port
Marcos M wrote in #note-9:
> Looks like the standard leaves it up to the client:
> > The time over which the client... Ansley Barnes
06:39 PM Regression #15011: ISC DHCP responds from a random port
Looks like the standard leaves it up to the client:
> The time over which the client collects messages and the mechan... Marcos M
06:12 PM Regression #15011: ISC DHCP responds from a random port
I don't know if it is related, but my HA setup, where the backup pfSense is offline due to a hardware defect, didn't ... name name
08:23 PM pfSense Docs Todo #15014: Feedback on Configuration — Advanced Configuration Options — Firewall
For reference, we did set it before when it was a loader option, but now that it's a tunable the loader default in @/... Marcos M
05:50 PM pfSense Docs Todo #15014 (Rejected): Feedback on Configuration — Advanced Configuration Options — Firewall
*Page:* https://docs.netgate.com/pfsense/en/latest/config/advanced-firewall-nat.html
*Feedback:*
re: "By defaul... Steve Y
07:51 PM pfSense Plus Bug #15017 (Incomplete): DHCP relay CARP status VIP function is not working in pfsense+ 23.09
Hello,
It seems that after 23.05.1->23.09 upgrade DHCP relay CARP status VIP function is not working properly, DHCP ... Robert Karsai
07:47 PM Feature #15016: Recursive DHCPv6-PD
Kristof Provost wrote in #note-2:
> > Because we don't have a way to get that from the client. Lots of DHCPv6 delega... Jim Pingle
07:19 PM Feature #15016: Recursive DHCPv6-PD
> Because we don't have a way to get that from the client. Lots of DHCPv6 delegation features are blocked by that. Th... Kristof Provost
07:05 PM Feature #15016: Recursive DHCPv6-PD
Kristof Provost wrote:
> I'm reconfiguring my network and have a need for a delegated IPv6 prefix from my pfSense bo... Jim Pingle
06:55 PM Feature #15016 (New): Recursive DHCPv6-PD
I'm reconfiguring my network and have a need for a delegated IPv6 prefix from my pfSense box.
The ISP provides a /... Kristof Provost
05:53 PM Bug #15015 (Not a Bug): Static routes not working
Hello,
This morning I updated to PFSense 2.7.1 from 2.7.0. Now, I just tried to add a dynamic gateway and a static... Silviu Bajenaru
05:38 PM Bug #11566 (Resolved): Firewall Maximum Table Entries "default size" is whatever is entered
We don't set a defined value by default - it's whatever the OS reports (which has its own defaults). Marcos M
04:33 PM Bug #11566: Firewall Maximum Table Entries "default size" is whatever is entered
A quick look at the code, I see a few of:
-['placeholder' => pfsense_default_table_entries_size()]
+['placeholder... Steve Y
04:55 PM Bug #15007 (Feedback): pfSense-boot does not update the EFI loader
Applied in changeset commit:87ecf1c2da6e4a1b4964b1c0c0fc31a73b461a57. Reid Linnemann
04:50 PM Revision 87ecf1c2: Correct ESP mount executed in a subshell. Fixes #15007
Reid Linnemann
01:40 PM Regression #14963 (Resolved): Mobile IPsec Group Authentication cannot be enabled
Jim Pingle
01:39 PM Bug #15012 (Duplicate): NTP assigned to KEA DHCP Clients causes service to fail
There is already an open report for this: #14991 Jim Pingle
01:35 PM Bug #15009 (Not a Bug): System>Update page menu uses incorrect internal URL
When you change branches it does a POST and the parameter is set in the POST request so it is not visible in the URL ... Jim Pingle
12:01 AM Bug #14613: Incorrect wireguard control panel status management
Johannes Rohde wrote in #note-7:
> I can second this bug on pfsense ce 2.7.1. It seems to have something to do with ... hao zhang

11/19/2023

09:18 PM Bug #14613: Incorrect wireguard control panel status management
I can get php_wg to work again as well as soon as I make a change to an interface within the gui. That fixes the wire... Johannes Rohde
08:55 PM Bug #14613: Incorrect wireguard control panel status management
I can second this bug on pfsense ce 2.7.1. It seems to have something to do with a missing ipv6 gateway. Please refer... Johannes Rohde
08:28 PM Regression #15011: ISC DHCP responds from a random port
I think I found the problem...
https://github.com/pfsense/FreeBSD-ports/commit/3b827dc6cfe3aebec16332b6494cb2742757a... Douglas Hoffman
05:03 PM Regression #15011: ISC DHCP responds from a random port
It's possible to specify the local port using the ... Douglas Hoffman
03:20 PM Regression #15011: ISC DHCP responds from a random port
Confirmed that using the 23.05.1 binary in 23.09 I'm seeing the "old" behaviour where the Windows Server doesn't spam... Mathias Ringhof
07:12 AM Regression #15011: ISC DHCP responds from a random port
I cross-checked the binaries MD5sums since configuration etc seems to be the same and indeed there's a difference bet... Mathias Ringhof
01:57 AM Regression #15011: ISC DHCP responds from a random port
This appears to be related to a change in behavior with the source port being used by isc dhcpd in 23.09/2.7.1.
Co... Douglas Hoffman
05:11 PM Regression #14963: Mobile IPsec Group Authentication cannot be enabled
Confirmed Patch is working as expected in 23.09 dylan mendez
02:56 PM pfSense Plus Feature #15013 (New): Speed Shift - Add Field to control lowest C-State
Dear pfSense-team,
after updating to 2.7.1 i was curious how well the new speed shift GUI entries work.
In fact a... Dieter Kreuz
06:49 AM pfSense Plus Feature #14252: Optimization for 10GB-Connection/Throughput
Kris Phillips wrote in #note-1:
> Tuning Guide is already present here that contains the first two tuning items:
> ht... Muhammad Waseem Ul Haq
03:53 AM pfSense Plus Feature #14252: Optimization for 10GB-Connection/Throughput
Tuning Guide is already present here that contains the first two tuning items:
https://docs.netgate.com/pfsense/en/l... Kris Phillips
06:38 AM pfSense Packages Bug #14861: PHP error when pings are enabled but no ping hosts are defined
Tested upgrade from 2.6.0 to 2.7.0 with installed telegraf 0.9_6, no issue
2.6.0-RELEASE (amd64)
built on Mon Jan ... aleksei prokofiev
03:44 AM Bug #15012: NTP assigned to KEA DHCP Clients causes service to fail
Testing this it appears that Kea cannot accept hostnames, but can accept IP addresses just fine.
Tested this wit... Kris Phillips
01:55 AM pfSense Packages Bug #14287: pfBlockerNG does not uninstall cleanly when using RAM disks
RAM disks are in use in my environment, for the record. Loh Phat
12:37 AM pfSense Packages Bug #14287: pfBlockerNG does not uninstall cleanly when using RAM disks
are you testing with RAM disks enabled prior to installing pfBlockerNG? that seems to be the necessary catalyst to re... Jordan G
01:53 AM pfSense Packages Feature #14468: pass along ntopng professional license key
Mike
No, wrong link, go to this one.
https://packages.ntop.org/FreeBSD/
As mentioned, use Putty as admin, cu... Russ Reynolds
12:32 AM Bug #11566: Firewall Maximum Table Entries "default size" is whatever is entered
applying this patch on 23.09 removes the "default" size listing below the entry field
clearing the field and savin... Jordan G

11/18/2023

10:42 PM Bug #15012: NTP assigned to KEA DHCP Clients causes service to fail
Harald Holzner Thanks for adding this to my report. Appreciate it. Steven Cedrone
10:08 PM Bug #15012: NTP assigned to KEA DHCP Clients causes service to fail
Steven Cedrone wrote:
> Changed from ISC to KEA DHCP and the service would not stay running.
>
> After going thro... Harald Holzner
09:44 PM Bug #15012 (Duplicate): NTP assigned to KEA DHCP Clients causes service to fail
Changed from ISC to KEA DHCP and the service would not stay running.
After going through System Log it reported an... Steven Cedrone
09:33 PM Regression #14966: DHCP WAN with multiple (2+) IP Alias VIPs may show ``0.0.0.0`` as an interface address at boot
Had this issue on 23.09, patch resolved it! Thank you! Hayden Hill
06:11 PM pfSense Packages Feature #14468: pass along ntopng professional license key
Found this link here in the documentation
Is this what you mean?
https://www.ntop.org/guides/ntopng/third_party_... Mike Moore
05:45 AM pfSense Packages Feature #14468: pass along ntopng professional license key
Mike, I can send details no problem at all, however, pfsense have released an updated Plus Version 23.09 based on the... Russ Reynolds
02:46 PM Bug #15010 (Duplicate): Some strange with arp table
Marcos M
02:29 PM Bug #15010: Some strange with arp table
Negative value of lease time have been several times, so now i can't reproduce it.
About static / dynamic arp my req... Evgeny Korostelev
01:55 PM Bug #15010: Some strange with arp table
So have been able to duplicate this, see this thread.
https://forum.netgate.com/topic/184155/static-arp-in-dhcp-ov... JohnPoz _
07:53 AM Bug #15010: Some strange with arp table
Hello,
Please provide exact steps to reproduce the behavior. Lev Prokofev
07:21 AM Bug #15010: Some strange with arp table
Over some time static arp change to dynamic arp :( Evgeny Korostelev
05:37 AM Bug #15010 (Duplicate): Some strange with arp table
Expiries time has negative time instead of static arp Evgeny Korostelev
06:01 AM Regression #15011: ISC DHCP responds from a random port
EDIT: here is a full 24h of the same Windows server DHCP request with 23.05:
https://gist.github.com/mathiasringhof/... Mathias Ringhof
05:43 AM Regression #15011 (Resolved): ISC DHCP responds from a random port
After upgrading from 23.05.1 to 23.09 I'm seeing a significant jump in log messages from the ISC DHCP server, mostly ... Mathias Ringhof
03:07 AM pfSense Packages Todo #14795: Transition to nut-devel
If it will work, I have a PR prepared: https://github.com/pfsense/FreeBSD-ports/pull/1329. Thanks. Denny Page
02:47 AM Bug #15009 (Not a Bug): System>Update page menu uses incorrect internal URL
v2.7.0
Going to System>Update leads to here:
http://192.168.168.1/pkg_mgr_install.php?id=firmware
Changing the... Jon8RFC .

11/17/2023

11:31 PM pfSense Packages Feature #14468: pass along ntopng professional license key
Russ - Can you provide the documentation on how you did it?
There really needs to be an "approved" Netgate way of ... Mike Moore
10:44 PM pfSense Packages Todo #14795: Transition to nut-devel
Are you saying that if we republish the package as 2.8.1_2 it would work, even though a 2.8.2 has been previously pub... Denny Page
09:19 PM pfSense Packages Todo #14795: Transition to nut-devel
I missed that since the dependency tracking version is by git commits (which don't necessarily align with the release... Marcos M
08:37 PM pfSense Packages Todo #14795: Transition to nut-devel
I'm sorry, but the minor version bump was not correct. The pfSense package numbering is intended to align with the NU... Denny Page
05:48 PM pfSense Packages Todo #14795 (Resolved): Transition to nut-devel
The minor version bump is correct; the version needed to be bumped for the notification tweak to be picked up. There'... Marcos M
04:53 PM pfSense Packages Todo #14795: Transition to nut-devel
Guys, the version number for the released package is wrong. It's not in my original PR, but when the notification twe... Denny Page
10:28 PM pfSense Packages Bug #15008: SID MGMT list action to download a single conf file leads to a 502 Bad Gateway error
This issue is revolved in the pull request posted for review and merge here: https://github.com/pfsense/FreeBSD-ports... Bill Meeks
10:11 PM pfSense Packages Bug #15008 (Resolved): SID MGMT list action to download a single conf file leads to a 502 Bad Gateway error
When attempting to download a single SID MGMT conf file using the action icon, a 502 Bad Gateway error is encountered. Bill Meeks
10:08 PM pfSense Packages Bug #14995: SID Management List Actions download leads to 502 Bad Gateway
The fix for this issue is posted in pull request https://github.com/pfsense/FreeBSD-ports/pull/1327.
Once the pull... Bill Meeks
10:05 PM Bug #13498: Newer variant models within the PC Engines APU2 platform are not recognized, causing garbled early serial console output
Applied in changeset commit:88bb1c55c05edd3ca7e22e10d2e95aa3db8c7afc. Brett Keller
10:04 PM Bug #13498: Newer variant models within the PC Engines APU2 platform are not recognized, causing garbled early serial console output
Applied in changeset fc0910fddba7d086bc8581cc1c08b6870d57a5c1. Marcos M
10:02 PM Bug #13498 (Feedback): Newer variant models within the PC Engines APU2 platform are not recognized, causing garbled early serial console output
Marcos M
09:58 PM Revision fc0910fd: Merge pull request #4615 from blkeller/apu2-expanded-serial-fix
Marcos M
09:51 PM Feature #15004 (Rejected): URL Aliases aren't listed in the autocomplete list at System=>Routing=>Static Routes
This doesn't seem like a good idea to me because it's too prone for abuse/error. Given how URL aliases are generally ... Marcos M
03:55 PM Feature #15004: URL Aliases aren't listed in the autocomplete list at System=>Routing=>Static Routes
I believe that is intentional. I'm not sure if it's viable to support them there. Either way that is a missing featur... Jim Pingle
03:48 PM Feature #15004 (Rejected): URL Aliases aren't listed in the autocomplete list at System=>Routing=>Static Routes
URL Aliases aren't listed in the autocomplete list at System=>Routing=>Static Routes
!clipboard-202311171946-dez72.p... Lev Prokofev
09:02 PM pfSense Packages Bug #14898: Suricata core dumps with signal 11
This bug has likely been traced to the particular version of the @libpfctl@ library bundled with pfSense CE 2.7.0, 2.... Bill Meeks
08:59 PM pfSense Packages Bug #14986: Snort's Legacy Blocking Mode custom plugin code causes a Signal 11 and core dump when "kill states" option is enabled
This bug has likely been traced to the particular version of the @libpfctl@ library bundled with pfSense CE 2.7.0, 2.... Bill Meeks
08:37 PM Bug #15007 (Closed): pfSense-boot does not update the EFI loader
Since commit:8b8f94c7e10, pfSense-boot has been silently failing to update the EFI loader. This is due to an oversigh... Reid Linnemann
07:58 PM pfSense Plus Bug #15006: Upgrade Issue to 23.09 Results in Stuck Prompt Mid-upgrade
Something else to note is that this is NOT a disk space issue. The device that I pulled this upgrade log from had 85... Kris Phillips
07:53 PM pfSense Plus Bug #15006: Upgrade Issue to 23.09 Results in Stuck Prompt Mid-upgrade
Attaching redacted full boot log that removes customer-identifying information. Kris Phillips
07:50 PM pfSense Plus Bug #15006 (Closed): Upgrade Issue to 23.09 Results in Stuck Prompt Mid-upgrade
Symptom:
Devices get stuck at a "Enter full pathname of the shell or RETURN for /bin/sh:" prompt mid-upgrade. Rebo... Kris Phillips
07:10 PM Feature #4728: Expose ``nopool`` server option in the OpenVPN Server GUI
I tested the patch, and it works as expected. I would consider the wording. Steve suggested naming that option 'Auto ... Danilo Zrenjanin
07:04 PM Feature #4728 (Pull Request Review): Expose ``nopool`` server option in the OpenVPN Server GUI
This option might be handy to define a specific scope of IPs that will be served to the clients. That way, we can hav... Danilo Zrenjanin
06:51 PM Regression #14974: Incorrect permissions on ``ipsec.auth-user.php``
Users hitting this can execute the following command to correct the permissions.... Christopher Cope
06:50 PM Regression #15005 (Resolved): Auto Config Backup times are incorrect
The timestamp shown for ACB backups is incorrect by 6hrs. This appears to be because the server is saving/returning f... Steve Wheeler
03:40 PM pfSense Packages Bug #14748: FRR reload script is not executed properly
Mike Moore wrote in #note-12:
> I did add the sym link as suggested earlier up in the thread: ln -s /usr/local/sbin/... Jim Pingle
03:35 PM pfSense Packages Bug #14748: FRR reload script is not executed properly
I did add the sym link as suggested earlier up in the thread: ln -s /usr/local/sbin/frr-reload.py /usr/local/lib/frr/... Mike Moore
03:22 PM pfSense Packages Bug #14748 (Feedback): FRR reload script is not executed properly
The upstream fix was merged/picked and should be in package repositories for 23.09 and 2.7.1 Jim Pingle
02:53 PM Regression #15003 (Duplicate): URL Alias cause the error "Unresolvable source alias"
Duplicate of #14947 Jim Pingle
02:52 PM Regression #15003 (Duplicate): URL Alias cause the error "Unresolvable source alias"
If you set the URL alias and add it to the rule it will cause the error "Unresolvable source alias".
The system will... Lev Prokofev
02:13 PM pfSense Packages Bug #14730: FreeRADIUS package has wrong/old internal_name specified in backup xml causing package reinstall failure on backup restore
Jim Pingle wrote in #note-6:
> For what it's worth, I just restored a backup on 23.09 which had FreeRADIUS3 installe... Luca Piccirillo
01:58 PM Bug #15002 (Duplicate): Error 'Unresolvable destination alias' for URL alias of type URL (IPs) since PFSense 23.09
Duplicate of #14947 Jim Pingle
01:43 PM Bug #15002 (Duplicate): Error 'Unresolvable destination alias' for URL alias of type URL (IPs) since PFSense 23.09
I'm getting the error 'Unresolvable destination alias' since upgrade from PFSense 23.05.1 > 23.09. The issue seems to... Sander Peterse
01:20 PM Bug #15000 (Rejected): miniupnpd is not working
Can't duplicate the problem here, it may be something in your setup/config/environment. Post on the forum for assista... Jim Pingle
06:22 AM Bug #15000 (Rejected): miniupnpd is not working
Since 23.09 miniupnpd is not working, with a fresh install. it was working well in 23.05.1.
the daemon is up and run... Claude-Axel Piller
01:13 PM Bug #15001 (Duplicate): miniupnpd not working
Duplicate of #15000 Jim Pingle
09:04 AM Bug #15001 (Duplicate): miniupnpd not working
Since 23.09 miniupnpd is not working, with a fresh install. it was working well in 23.05.1.
the daemon is up and run... Claude-Axel Piller
01:13 PM pfSense Packages Feature #14997 (Rejected): Feature Request: Snort *.so.rules should also function on ARM architecture processors
Jim Pingle
03:31 AM pfSense Packages Feature #14997: Feature Request: Snort *.so.rules should also function on ARM architecture processors
The SO rules are not available on ARM hardware because the Snort Vulnerability Research Team does not produce the pre... Bill Meeks

11/16/2023

11:38 PM pfSense Packages Feature #14998: Feature Request: Quick Create Splice Rule options in Squid Package
This would make SSL inspection easy for small office networks. Tools like this would break the caste system of enterp... Jonathan Lee
11:28 PM pfSense Packages Feature #14998 (New): Feature Request: Quick Create Splice Rule options in Squid Package
Lot's of enterprise class firewalls have certificate issued proxy use for deep packet inspections/submissions.
Squ... Jonathan Lee
11:36 PM pfSense Packages Feature #14999 (Rejected): Feature Request: Update Squid Package to Version 6.5 this was released on updated Nov 6
Can we please get the Squid package to use the latests version of Squid??
This version has many security fixes
 Jonathan Lee
11:07 PM pfSense Packages Bug #14993: Snort *.so.rules will not down
https://redmine.pfsense.org/issues/14997 Jonathan Lee
11:02 PM pfSense Packages Bug #14993: Snort *.so.rules will not down
Thanks I did not know that. So it has no code to work with ARM processors yet...
I should make this a feature requ... Jonathan Lee
03:15 PM pfSense Packages Bug #14993 (Not a Bug): Snort *.so.rules will not down
Jim Pingle
02:36 PM pfSense Packages Bug #14993: Snort *.so.rules will not down
This is not a bug. This behavior is expected and per design.
The user has an SG-2100 MAX appliance which uses an ARM... Bill Meeks
06:55 AM pfSense Packages Bug #14993: Snort *.so.rules will not down
usr/local/etc/snort/rules
Contains no so.rules on 2100 max anymore for some reason. No custom scrips used. Jonathan Lee
06:51 AM pfSense Packages Bug #14993 (Not a Bug): Snort *.so.rules will not down
Working with Bill on this today we found that *.so.rulea are not downloading into the rule set folder. Jonathan Lee
11:07 PM pfSense Packages Feature #14997 (Rejected): Feature Request: Snort *.so.rules should also function on ARM architecture processors
I just learned that *.so.rules or shared object rules do not function on ARM architecture appliances.
The SG-2100... Jonathan Lee
09:58 PM pfSense Packages Todo #14795: Transition to nut-devel
Thank you kindly Denny Page
06:51 PM pfSense Packages Todo #14795: Transition to nut-devel
The updated package with the revised date format should be available in 23.09/2.7.1 soon. Marcos M
07:11 PM Bug #14929 (Feedback): ``choparp`` service is not stopped after deleting Proxy ARP type Virtual IP addresses
Applied in changeset 9e8a0841716c1f27698c2321816f92632d004d70. Marcos M
07:07 PM Revision 9e8a0841: Merge pull request #4652 from jaredhendrickson13/fix/bring-down-proxyarp-after-deletion
Marcos M
05:19 PM pfSense Packages Bug #14986: Snort's Legacy Blocking Mode custom plugin code causes a Signal 11 and core dump when "kill states" option is enabled
This bug is still under active investigation. I have experienced it three times over two days of running Snort in a C... Bill Meeks
06:48 AM pfSense Packages Bug #14986: Snort's Legacy Blocking Mode custom plugin code causes a Signal 11 and core dump when "kill states" option is enabled
pid 56711 (snort), jid 0, uid 0: exited on signal 11 (core dumped)
Also occurs on SG2100 Max now
 Jonathan Lee
05:12 PM pfSense Packages Bug #14898: Suricata core dumps with signal 11
Kris Phillips wrote in #note-5:
> Users on the forums seem to have worked around the issue and seem to believe it's a... Bill Meeks
04:18 PM pfSense Packages Bug #14898 (Confirmed): Suricata core dumps with signal 11
Users on the forums seem to have worked around the issue and seem to believe it's a Hyperscan issue.
https://for... Kris Phillips
03:23 PM pfSense Packages Bug #14994 (Not a Bug): mailreport - authentication failure
Jim Pingle
10:25 AM pfSense Packages Bug #14994: mailreport - authentication failure
Error fixed. In my postfix, the authentication mechanisms was : CRAM-MD5 DIGEST-MD5 LOGIN PLAIN. Normally, authentica... lc 63
07:58 AM pfSense Packages Bug #14994 (Not a Bug): mailreport - authentication failure
Hello,
I use pfSense 23.05.1-RELEASE and mailreport 3.6.4_1 package.
I first configured SMTP (System | Advanced... lc 63
01:35 PM Bug #14996 (Resolved): Kea DHCP PHP error from WINS server value
... Danilo Zrenjanin
11:00 AM Bug #14991 (Confirmed): Kea does not allow FQDNs for NTP servers but input validation does not prevent them from being added
I can confirm this behavior on 23.09. Danilo Zrenjanin
10:51 AM pfSense Packages Bug #14995 (Resolved): SID Management List Actions download leads to 502 Bad Gateway
If I try to download SID Management Configuration Lists in the WebUI, it will bring up an error page with nginx "502 ... Bob Dig
07:29 AM Bug #14949 (Resolved): PHP Error on ``interfaces.php`` when creating a PPP interface
Jim Pingle wrote in #note-19:
> Not sure why they are rejected for you when uploading the file, but if you open them... Danilo Zrenjanin
02:19 AM Bug #14982: CBQ queue QoS Borrow function not reasonable
Update this issue is not only occured in 2.7 but also 2.6, 2.5
Workaround is manual edit in XML config file.
Sugge... Charlie Huang
12:12 AM pfSense Packages Bug #11970: Netgate Firmware Upgrade Doesn't Work on XG-2758 (ADI/coreboot)
Issue still present on 23.09 of Plus. Customer reported this issue today on the latest Plus release. Kris Phillips

11/15/2023

11:49 PM pfSense Plus Bug #14992 (Not a Bug): PHP Startup: Unable to load dynamic library 'ldap.so'
You somehow have a mix of 23.05.1 and 23.09 files on your system, either from a failed upgrade or from some other com... Jim Pingle
10:00 PM pfSense Plus Bug #14992 (Not a Bug): PHP Startup: Unable to load dynamic library 'ldap.so'
Crash report begins. Anonymous machine information:
amd64
14.0-CURRENT
FreeBSD 14.0-CURRENT #1 plus-RELENG_23_0... Amin Sadeghi
11:11 PM pfSense Packages Bug #14287: pfBlockerNG does not uninstall cleanly when using RAM disks
I tested this both on 23.05.1 and 23.09 but have not managed to replicate it. Both of the reported errors
> PHP ERROR... Marcos M
10:00 PM Bug #14991 (Resolved): Kea does not allow FQDNs for NTP servers but input validation does not prevent them from being added
It looks like kea does not allow FQDNs for NTP servers.
ntp-servers 42 ipv4-address true false
Apparently ISC D... Chris Linstruth
09:51 PM Feature #14887 (Feedback): Add an appropriately named file to install images to indicate what they are
Brad Davis
07:09 PM Todo #13537: Update vendor files
Fontawesome icon names updated in CE/Plus:
* commit:c1d304b34788668535eaef80ef598b6c4d444526
* commit:d365c2c76a0a83e... Marcos M
05:03 PM Revision 6e94c116: Promote 2.7.1 to RELEASE
Brad Davis
04:50 PM Bug #14990 (Feedback): IPsec log categories set to "Audit" do not function properly or save properly in the GUI
Applied in changeset commit:dcdb461733044d274c742832097b13a312045f37. Jim Pingle
04:39 PM Bug #14990 (Resolved): IPsec log categories set to "Audit" do not function properly or save properly in the GUI
The internal value of the IPsec log level "Audit" is @0@ which is confusing the PHP @empty()@ test in @ipsec_get_logl... Jim Pingle
04:41 PM Revision dcdb4617: Fix IPsec log value handling. Fixes #14990
Jim Pingle
04:04 PM Todo #14732: Update Unbound to 1.18.0
Excluding from release notes since it was superseded by #14980 Jim Pingle
03:25 PM Bug #14989 (Closed): Typo in the Setup Wizard
In step 4/9, under *Configure WAN Interface* SelectedType is one word. I suppose it should be two words.
!clipboar... Danilo Zrenjanin
02:30 PM Regression #14974 (Resolved): Incorrect permissions on ``ipsec.auth-user.php``
Latest 2.7.1 RC snap is showing the correct permissions:... Jim Pingle
02:30 PM Todo #14980 (Resolved): Update Unbound to 1.18.0_1 to address looping UDP retries when ENOBUFS is returned
The latest 2.7.1 RC build contains @unbound-1.18.0_1@ and it appears to be working so far. If there is still a proble... Jim Pingle
02:28 PM Todo #14985 (Resolved): Update OpenVPN to 2.6.7
OpenVPN is showing version 2.6.7 on the latest 2.7.1-RC snapshot. OpenVPN client and server instances are up and pass... Jim Pingle
02:27 PM Regression #14966 (Resolved): DHCP WAN with multiple (2+) IP Alias VIPs may show ``0.0.0.0`` as an interface address at boot
Works properly on 2.7.1 RC, the bogus 0.0.0.0 address is no longer present at boot. Jim Pingle
02:12 PM pfSense Docs Correction #14988 (Feedback): DHCPv6 relay Destination Server
Updated and deployed: https://gitlab.netgate.com/docs/pfSense-docs/-/commit/f64904b2e866ec894443758acd7cd0457e947c08
... Jim Pingle
11:19 AM pfSense Docs Correction #14988: DHCPv6 relay Destination Server
https://docs.netgate.com/pfsense/en/latest/services/dhcp/relay.html Danilo Zrenjanin
11:13 AM pfSense Docs Correction #14988 (Resolved): DHCPv6 relay Destination Server
The filed *Destination Server* has recently been replaced with *Upstream Servers*
The docs should be updated accor... Danilo Zrenjanin
11:58 AM Regression #14987: ``Interface Address`` is no longer an option for outbound NAT targets
Tested
23.09-RELEASE (amd64)
built on Tue Oct 31 22:56:00 MSK 2023
FreeBSD 14.0-CURRENT
If I assign Tailscale... aleksei prokofiev
09:00 AM Regression #14987 (Confirmed): ``Interface Address`` is no longer an option for outbound NAT targets
Can confirm this,
tested on ... Lev Prokofev
08:43 AM Regression #14987 (Not a Bug): ``Interface Address`` is no longer an option for outbound NAT targets
After upgrading to version 23.09, the option to choose a Tailscale address when defining an outbound NAT rule on the ... Danilo Zrenjanin
11:08 AM Regression #14965 (Resolved): Input validation prevents saving DHCPv6 Relay settings
I tested again on a clean install and it indeed works fine.
I am marking this ticket resolved. Danilo Zrenjanin
10:07 AM Regression #14965: Input validation prevents saving DHCPv6 Relay settings
Tested the patch and service is able to start
!clipboard-202311151407-p8tcy.png!
 Lev Prokofev
09:34 AM Regression #14965: Input validation prevents saving DHCPv6 Relay settings
I tested the patch.
The error message "Destination Server is required" has been resolved, however, the service is... Danilo Zrenjanin
11:01 AM Bug #14981: WAN_DHCP6 or WAN_SLAAC pending/Unknown
Please close this PR: https://github.com/pfsense/pfsense/pull/4657#issuecomment-1812251228 Dongyoon Han
02:21 AM pfSense Packages Bug #14986 (Resolved): Snort's Legacy Blocking Mode custom plugin code causes a Signal 11 and core dump when "kill states" option is enabled
It appears the changes in this commit approximately two weeks ago: https://github.com/pfsense/FreeBSD-ports/commit/4f... Bill Meeks
01:10 AM Bug #14893 (Feedback): Large number of IPsec tunnels causes long filter reload times
Applied in changeset commit:4bbbcc368bf1da815025fa51268d5de96fa73220. Marcos M
12:57 AM Revision 4bbbcc36: Refactor use of return_gateways_array() with get_gateways(). Fix #14893
Most calls to return_gateways_array() do not need the gateway list to be
recreated. get_gateways() can filter the gat... Marcos M

11/14/2023

11:22 PM Revision d365c2c7: Don't split fontawesome icon names
This makes it easier to update fontawesome versions. While here, fix a
missing closing quote, and use the correct fon... Marcos M
10:04 PM Revision 5002025e: Remove duplicate class
Marcos M
09:50 PM pfSense Packages Bug #14748: FRR reload script is not executed properly
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=275095 Christian McDonald
05:54 PM pfSense Packages Bug #14748: FRR reload script is not executed properly
We are looking into it here. Christian said he sees the issue in port and is looking into a fix. Jim Pingle
04:51 PM pfSense Packages Bug #14748: FRR reload script is not executed properly
Im impacted as well
Jim - Who is supposed to follow up with any upstream issue? Mike Moore
04:07 PM pfSense Packages Bug #14748: FRR reload script is not executed properly
Looks like that's an upstream bug in the @frr9@ or @frr9-pythontools@ port(s).
The script at @/usr/local/sbin/frr-... Jim Pingle
12:19 PM pfSense Packages Bug #14748: FRR reload script is not executed properly
We had the same issue when using FRR OSPF. It seems that the "frr-reload" script that is used to communicate config c... Steffen S
09:47 PM Revision c1d304b3: Update fontawesome icon names to v6. Implement #13537
Marcos M
09:45 PM Revision 47b725b9: Revert "Update fontawesome icon names to v6. Implement #13537"
This reverts commit 32be4696a301144c650f4765b8a2b51e28d95a40. Marcos M
09:21 PM Bug #13498: Newer variant models within the PC Engines APU2 platform are not recognized, causing garbled early serial console output
Thanks. Code updated, rebased, squashed, and ready for re-review, please. Brett Keller
09:00 PM Revision 32be4696: Update fontawesome icon names to v6. Implement #13537
Marcos M
08:44 PM Revision ff165c0c: Utilize new -C flag to pfSense-upgrade
pfSense-upgrade's -c flag is intended to check only for upgrades against the
currently configured repository (better ... Reid Linnemann
08:43 PM Revision 5841d969: Utilize new -C flag to pfSense-upgrade
pfSense-upgrade's -c flag is intended to check only for upgrades against the
currently configured repository (better ... Reid Linnemann
08:38 PM Revision a4e3408c: Remove use of 0.0.0.0 alias in pfSense-dhclient-script. Fixes #14966
Reid Linnemann
08:36 PM Revision a47f5c0c: Revert "Remove use of 0.0.0.0 alias in pfSense-dhclient-script. Fixes #14966"
This reverts commit 74f99510b44344a52a7a1182cf9d8dc9c58279ef. Reid Linnemann
08:35 PM Revision 74f99510: Remove use of 0.0.0.0 alias in pfSense-dhclient-script. Fixes #14966
(cherry picked from commit 1fbbea8f10c58ef11851662588819c654e31ceae) Reid Linnemann
08:18 PM Todo #14980: Update Unbound to 1.18.0_1 to address looping UDP retries when ENOBUFS is returned
Thank you! I'll keep my eyes peeled for it in either the next RC or the final release. Brett Keller
07:59 PM Todo #14980 (Feedback): Update Unbound to 1.18.0_1 to address looping UDP retries when ENOBUFS is returned
This has been committed Jim Pingle
04:11 PM Todo #14980: Update Unbound to 1.18.0_1 to address looping UDP retries when ENOBUFS is returned
We were already looking into doing this. If we can't get it in the release, we can pull it in shortly after so that u... Jim Pingle
05:21 AM Todo #14980 (Resolved): Update Unbound to 1.18.0_1 to address looping UDP retries when ENOBUFS is returned
Ever since upgrading to pfSense 2.7.0, our organization has been experiencing recurring problems with unbound suddenl... Brett Keller
07:58 PM Todo #14985 (Resolved): Update OpenVPN to 2.6.7
Update OpenVPN to 2.6.7 to address multiple CVEs.
This is already in the tree, but added here for tracking. Jim Pingle
07:49 PM Feature #14984 (New): Azure Private DNS Zones With Dynamic DNS
I’m currently using the Dynamic DNS feature with Azure DNS; and it works great. Azure now offers a “Private DNS Zone... KStar Runner
05:54 PM Revision 8d0a54b9: Support URL IP aliases in alias_expand(). Fix #14947
Marcos M
04:58 PM Regression #14970: Static ARP assignments lose ``permanent`` flag in ARP table
How does the kernel in 24.03 compare with that of 23.09? Denny Page
02:57 PM Regression #14970 (Feedback): Static ARP assignments lose ``permanent`` flag in ARP table
This is not reproducible on the latest builds of 2.8.0 and 24.03.
(I was able to reproduce it on 23.09 to some exten... Christian McDonald
04:39 PM pfSense Packages Todo #14795: Transition to nut-devel
Hey all, I've got a good dozen testers that have reported successful results with 2.8.1. Reported tests include local... Denny Page
04:31 PM pfSense Packages Bug #14979 (Resolved): Snort generates an invalid $EXTERNAL_NET variable in snort.conf due to a missing escape character in the PHP code
PR Merged, thanks! Jim Pingle
12:55 AM pfSense Packages Bug #14979: Snort generates an invalid $EXTERNAL_NET variable in snort.conf due to a missing escape character in the PHP code
Two different pull requests have been submitted to correct this bug: 1 each for the 2.7.0 CE Release and 2.8.0 CE DEV... Bill Meeks
12:27 AM pfSense Packages Bug #14979 (Resolved): Snort generates an invalid $EXTERNAL_NET variable in snort.conf due to a missing escape character in the PHP code
The recent 4.1.6_12 Snort GUI package update contained a typo in @/usr/local/pkg/snort/snort_generate_conf@ . A backs... Bill Meeks
03:54 PM pfSense Plus Bug #14975 (Not a Bug): Dynamic DNS client cloudflare not update ip double wan-opt1
Jim Pingle
11:12 AM pfSense Plus Bug #14975: Dynamic DNS client cloudflare not update ip double wan-opt1
It turned out that suricata (inline mode) was enabled on the wan port, and disabled on the wan2 port. As soon as I en... Stepan Afonin
03:49 PM Bug #14983 (New): Upgrade can fail when unexpected EFI partitions are present.
pfSense-upgrade can fail when the pfSense-boot post install script tries to update the bot loader if the first EFI pa... Steve Wheeler
11:34 AM Bug #14982 (New): CBQ queue QoS Borrow function not reasonable
All Developers:
Found there are logical error on web UI to create queuing function.
- Web UI check queue limit an... Charlie Huang
06:53 AM Bug #14981 (New): WAN_DHCP6 or WAN_SLAAC pending/Unknown
This is quite an old bug on Comcast/Xfinity. Especially when using XFINITY/xfinitywifi as WAN, those do not propagate... Dongyoon Han

11/13/2023

11:16 PM Revision 88bb1c55: Expand detection of PC Engines APU2 platform to include all variants
Fixes #13498 in Redmine. Brett Keller
11:03 PM pfSense Plus Bug #14973: pfSense as AP's Wireless Interface no longer seen in DHCP tabs
Thank you it was very late and my kid was sick last week, I went to make a guest network really fast and I couldn't g... Jonathan Lee
01:17 PM pfSense Plus Bug #14973 (Not a Bug): pfSense as AP's Wireless Interface no longer seen in DHCP tabs
There is no bug, your Wireless interface in the screenshot has a /32 CIDR, so there isn't any room in that "subnet" f... Jim Pingle
08:25 PM Bug #14978 (Feedback): PHP error on ``services_dhcpv6.php`` if the configuration contains an empty ``dhcpv6`` section
Applied in changeset commit:6df70417029defed162b539720e8baa03984f653. Marcos M
08:16 PM Bug #14978 (Resolved): PHP error on ``services_dhcpv6.php`` if the configuration contains an empty ``dhcpv6`` section
On a fresh install:
# Configure a static IPv6 address on LAN, click @Save@
# Go to @Services > DHCPv6 Server@, clic... Marcos M
08:23 PM Bug #14967 (Pull Request Review): Cannot disable Router Advertisements when the interface IPv6 configuration is set to ``None``
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/1102
Apply the following fix with the System Patches pac... Marcos M
08:17 PM Revision 6df70417: Update direct config access in services_dhcpv6.php. Fix #14978
Marcos M
08:13 PM Bug #14977 (Resolved): Kea fails to restart due to race between process termination and startup
If for some reason the Kea control socket lock file is present while Kea is stopped, then Kea can never start until t... Jim Pingle
08:02 PM Regression #14966: DHCP WAN with multiple (2+) IP Alias VIPs may show ``0.0.0.0`` as an interface address at boot
Merged to plus in 1fbbea8f10 Reid Linnemann
05:10 PM Regression #14966 (Feedback): DHCP WAN with multiple (2+) IP Alias VIPs may show ``0.0.0.0`` as an interface address at boot
Applied in changeset commit:1fbbea8f10c58ef11851662588819c654e31ceae. Reid Linnemann
07:49 PM pfSense Packages Bug #14956 (Resolved): Suricata GUI generates invalid syslog priority values in suricata.yaml file for some drop-down list values
PR merged, thanks! Jim Pingle
07:48 PM pfSense Packages Bug #14955 (Resolved): Suricata GUI throws a PHP error when creating an EventTime object for use on the ALERTS or BLOCKS tabs if there is a malformed log file entry
PR merged, thanks! Jim Pingle
07:48 PM pfSense Packages Feature #14954 (Resolved): Add GUI option to Suricata interface settings for logging of Ethernet (MAC) addresses to the EVE JSON log
PR merged, thanks! Jim Pingle
07:48 PM pfSense Packages Bug #14961 (Resolved): Snort package issue in snort_Getdirsize() function due to behavior change in PHP 8.x
PR merged, thanks! Jim Pingle
07:48 PM pfSense Packages Bug #14645 (Resolved): Snort interface "External Net" (EXTERNAL_NET) custom IP list should have negation when expanded
PR merged, thanks! Jim Pingle
06:34 PM pfSense Packages Bug #14645: Snort interface "External Net" (EXTERNAL_NET) custom IP list should have negation when expanded
Hi Bill,
main problem is when you have some static IPs outside of your network (let's say your work IPs or your VP... Dzmitry Kazei
05:01 PM Revision 1fbbea8f: Remove use of 0.0.0.0 alias in pfSense-dhclient-script. Fixes #14966
Reid Linnemann
04:05 PM Regression #14965 (Feedback): Input validation prevents saving DHCPv6 Relay settings
Applied in changeset commit:a6c6b835f8d75796c0c1fb9ecde90f5b1757f807. Marcos M
03:14 PM Regression #14965 (Pull Request Review): Input validation prevents saving DHCPv6 Relay settings
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/1100 Marcos M
03:01 PM Regression #14965 (In Progress): Input validation prevents saving DHCPv6 Relay settings
Marcos M
04:05 PM Regression #14963 (Feedback): Mobile IPsec Group Authentication cannot be enabled
Applied in changeset commit:0fc7765c886ed60555750d12808f493d70918450. Marcos M
03:54 PM Regression #14963 (Pull Request Review): Mobile IPsec Group Authentication cannot be enabled
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/1101 Marcos M
03:35 PM Regression #14963 (In Progress): Mobile IPsec Group Authentication cannot be enabled
Marcos M
03:59 PM Revision a6c6b835: Remove invalid field from input validation. Fix #14965
Marcos M
03:55 PM Regression #14947: Rules using aliases of type ``URL (IPs)`` are not generated
Is this patch landing in the 'Recommended System Patches' area for 23.09? → luckman212
03:48 PM Revision 0fc7765c: Save the mobile IPsec group auth setting. Fix #14963
Marcos M
03:36 PM pfSense Plus Feature #14976 (New): Cleaner way to know if an interface failed
When an interface status changes from UP to DOWN or is flapping, there are other syslog messages that get generated b... Mike Moore
02:04 PM Bug #14949: PHP Error on ``interfaces.php`` when creating a PPP interface
The files already have unix line endings and are UTF-8. I believe they are unaltered since download:
$ shasum -a 2... Sean McBride
01:23 PM Bug #14949: PHP Error on ``interfaces.php`` when creating a PPP interface
Not sure why they are rejected for you when uploading the file, but if you open them in a text editor that supports u... Jim Pingle
01:46 PM Regression #14974 (Feedback): Incorrect permissions on ``ipsec.auth-user.php``
Fix committed:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/commit/86f1772ba14c290ba67735e6c4a3577d6e58a349
... Jim Pingle
01:45 PM pfSense Packages Todo #14971: Add text about the limit to use only Network type alias for Custom Destination
Thanks.
I think it will be good to add a category of UI, for both the text and visuals of UI. Wolfgang Thegreat
01:41 PM pfSense Packages Todo #14971: Add text about the limit to use only Network type alias for Custom Destination
Wolfgang Thegreat wrote in #note-2:
> I didn't find a more suitable place to ask for it. Can you direct me?
It's ... Jim Pingle
01:32 PM pfSense Packages Todo #14971: Add text about the limit to use only Network type alias for Custom Destination
I didn't find a more suitable place to ask for it. Can you direct me? Wolfgang Thegreat
01:24 PM pfSense Packages Todo #14971: Add text about the limit to use only Network type alias for Custom Destination
This is asking for a change to the GUI, not the documentation. Jim Pingle
01:23 PM pfSense Packages Bug #14638 (Closed): Upgrading from Tailscale 0.1.3.1 to 0.1.4 does not start tailscale after upgrading
Jim Pingle
01:18 PM pfSense Plus Regression #14972 (Not a Bug): DNS Resolver GUI not showing Static DHCP and DHCP Registration seleectors after moving to KEA DHCP
This is a known issue which is mentioned in the release notes as a limitation for this release:
https://docs.netga... Jim Pingle
01:01 PM pfSense Plus Bug #14975: Dynamic DNS client cloudflare not update ip double wan-opt1
For clarification. In this config, everything works fine, it updates in both directions. Stepan Afonin
12:54 PM pfSense Plus Bug #14975 (Not a Bug): Dynamic DNS client cloudflare not update ip double wan-opt1
Hello. There is a group of gateways wan and opt1(wan2), the problem is that if Default gateway wan is the priority, t... Stepan Afonin
01:10 AM Feature #14887: Add an appropriately named file to install images to indicate what they are
https://gitlab.netgate.com/pfSense/Crossbuild/-/merge_requests/117 Steve Wheeler

11/12/2023

07:00 PM Regression #14974 (Resolved): Incorrect permissions on ``ipsec.auth-user.php``
Strongswan cannot execute /etc/inc/ipsec.auth-user.php, breaking Xauth.
Was 0755 in 23.05.1 now 0644 in 23.09 Chris Linstruth
05:22 PM pfSense Plus Bug #14973: pfSense as AP's Wireless Interface no longer seen in DHCP tabs
Can this please be patched as I can not update past 23.09 for this hardware do to Squid use restrictions. I have no a... Jonathan Lee
05:20 PM pfSense Plus Bug #14973: pfSense as AP's Wireless Interface no longer seen in DHCP tabs
This is for an Official Netgate 2100-Max purchased from Netgate Website in 2019 Jonathan Lee
05:19 PM pfSense Plus Bug #14973 (Not a Bug): pfSense as AP's Wireless Interface no longer seen in DHCP tabs
Hello fellow Redmine Members,
We have lost the DHCP tabs for Wireless clients when use of a internal Wireless card... Jonathan Lee
03:03 PM pfSense Plus Regression #14972: DNS Resolver GUI not showing Static DHCP and DHCP Registration seleectors after moving to KEA DHCP
Replying to self here.
Just read posts https://forum.netgate.com/topic/183970/does-static-mapping-work-in-kea-dhcp/1... Eloi Chayer
12:49 PM pfSense Plus Regression #14972 (Not a Bug): DNS Resolver GUI not showing Static DHCP and DHCP Registration seleectors after moving to KEA DHCP
After moving from ISC DHCP to KEA DHCP in System -> Advanced -> Networking, the "Static DHCP" and "DHCP Registration"... Eloi Chayer
09:07 AM Bug #14631: ACL on DNS Resolver is not updated list after IPs changed on interfaces
Tested on
23.09-RELEASE (amd64)
built on Tue Oct 31 22:56:00 MSK 2023
FreeBSD 14.0-CURRENT
Issue still presented. aleksei prokofiev
08:22 AM Regression #14963: Mobile IPsec Group Authentication cannot be enabled
Tested on
23.09-RELEASE (amd64)
built on Tue Oct 31 22:56:00 MSK 2023
FreeBSD 14.0-CURRENT
I can confirm that.... aleksei prokofiev
02:31 AM Bug #14949: PHP Error on ``interfaces.php`` when creating a PPP interface
For me the patches were rejected also because they were "not in unified diff format".
How to proceed? Sean McBride
02:19 AM Regression #14965: Input validation prevents saving DHCPv6 Relay settings
I can also verify this behavior. Kris Phillips
02:07 AM Bug #14967: Cannot disable Router Advertisements when the interface IPv6 configuration is set to ``None``
I can confirm this bug. You can also work around it by setting the LAN interface to "Track Interface" and setting it... Kris Phillips
02:05 AM pfSense Plus Bug #14968: Google LDAP fail to bind
I can confirm this behavior with Google LDAPS. It seems that everything "works" when manually querying LDAP, but som... Kris Phillips
01:06 AM pfSense Packages Regression #13970 (Feedback): PHP error in apcupsd widget from UTF-8 string handling
The widget has the following for the default entries in the warning/critical values by default, or possibly from a pr... Jordan G

11/11/2023

11:56 PM pfSense Packages Regression #14764: HAProxy local syslog not working
Discussion thread: https://forum.netgate.com/topic/182508/haproxy-local-syslog-not-working Michael Vincent
11:46 PM pfSense Packages Bug #14364: APCUPSD unable to process date string
Not sure where the date format is being pulled from, I'm using an older bn700 APC UPS and my date format is mm/dd/yyy... Jordan G
11:25 PM Regression #14970: Static ARP assignments lose ``permanent`` flag in ARP table
Just for completeness, I tested with -S (rather than-s) with similar result.... Denny Page
09:01 PM Regression #14970 (Resolved): Static ARP assignments lose ``permanent`` flag in ARP table
Arp flips back and forth between reporting static arp entries as permanent or having timeouts with large negative val... Denny Page
10:05 PM pfSense Plus Regression #14828: QAT is not being used by some daemons
in 23.09 I am seeing that after enabling IIMB, regardless of whether AES-NI or QAT is set for cryptographic hardware ... Jordan G
09:45 PM pfSense Packages Todo #14971 (New): Add text about the limit to use only Network type alias for Custom Destination
Hello,
At the UI path of pfBlockerNG > IP > IPv4 > edit of a table object > the section of "Advanced Inbound Firew... Wolfgang Thegreat
07:57 PM Bug #14969 (Duplicate): PHP error after changing IPv4 Configuration Type from None to PPPoE
Duplicate of #14949 (already fixed with patches available) Jim Pingle
07:29 PM Bug #14969: PHP error after changing IPv4 Configuration Type from None to PPPoE
Tested against:... Danilo Zrenjanin
07:27 PM Bug #14969 (Duplicate): PHP error after changing IPv4 Configuration Type from None to PPPoE
1) Assign a new interface.
2) Do not set any address. Both IPv4/IPv6 Configuration Type set to *None* . Just enable... Danilo Zrenjanin
07:31 PM Regression #12183 (Confirmed): Changing MAC address for PPP parent interface stopped working
I can confirm that it doesn't work as expected on:... Danilo Zrenjanin
04:45 PM Regression #14965: Input validation prevents saving DHCPv6 Relay settings
the same behavior,
tested on... Lev Prokofev
04:44 PM Regression #14965: Input validation prevents saving DHCPv6 Relay settings
the same behavior,
tested on
Lev Prokofev
02:25 PM Bug #14949: PHP Error on ``interfaces.php`` when creating a PPP interface
Works as expected in 23.09 here. Just use the 'Patch file upload' when you add the new patch. Steve Wheeler
11:49 AM Bug #14949: PHP Error on ``interfaces.php`` when creating a PPP interface
Jim, downloaded .patch files ... but when trying to upload to netgate pfsense I get The uploaded file must be in unif... Peter Kubik
01:25 AM Bug #14949: PHP Error on ``interfaces.php`` when creating a PPP interface
Crazy timing, but I only today tried to update from 23.05 to 23.09. When I go to Interfaces > WAN I reproducibly get... Sean McBride
01:11 PM pfSense Plus Bug #14968 (New): Google LDAP fail to bind
Even with a freshly created cert and Bind user login/pass it fails to bind with the message:
_/system_authservers.... Lev Prokofev
09:56 AM pfSense Packages Bug #14638: Upgrading from Tailscale 0.1.3.1 to 0.1.4 does not start tailscale after upgrading
I couldn't replicate it either.
There are no complaints from anyone else.
As a result, I recommend that we pro... Danilo Zrenjanin

11/10/2023

11:49 PM Bug #13555 (Duplicate): When WAN is lost, ipv6 interface will not renew upon WAN availability
Thank you for confirming. Marcos M
09:31 PM Bug #13555: When WAN is lost, ipv6 interface will not renew upon WAN availability
Confirmed that 23.09 resolves this issue. quiet lion
10:13 PM Bug #14967 (Resolved): Cannot disable Router Advertisements when the interface IPv6 configuration is set to ``None``
Background: This is a Netgate XG-7100-1U box ordered in June 2019. It is setup as a pretty standard 1 WAN, 1 LAN fire... Kevin Murray
09:56 PM Regression #14966: DHCP WAN with multiple (2+) IP Alias VIPs may show ``0.0.0.0`` as an interface address at boot
It's not strictly a cosmetic annoyance, as the 0.0.0.0 address is the primary address of the interface. Things like I... Reid Linnemann
05:27 PM Regression #14966 (Resolved): DHCP WAN with multiple (2+) IP Alias VIPs may show ``0.0.0.0`` as an interface address at boot
On a system with a DHCP WAN and more than one IP alias VIP on the same interface the firewall may end up with the tem... Jim Pingle
09:48 PM Feature #13085: OpenVPN NBDD server options
@Marcos M
Thank you for having noticed that I missed the nbdd_server_change "();" in code Phil Wardt
02:55 PM Feature #13085: OpenVPN NBDD server options
Merged after some minor touchups.
Applied in changeset commit:6c01ae83c2480d5ae692ae11c94918a0cfd43a52. Marcos M
08:01 PM Regression #14488 (Feedback): Extensions directory is not set in ``rc.php_ini_setup``
Applied in changeset 132fef021c94f6823af72ff348e061ad5d3bb64c. Marcos M
07:52 PM Regression #14488 (Pull Request Review): Extensions directory is not set in ``rc.php_ini_setup``
Looks like @extension_dir@ defaults to the correct path when the value is empty. However, @EXTENSIONSDIR@ is used whe... Marcos M
07:56 PM Revision 132fef02: Merge pull request #4642 from marcelloc/patch-8
Marcos M
07:24 PM Bug #14312 (Feedback): MSS clamping on VPN traffic does not work on IPsec IPv6 mobile VPNs
Applied in changeset commit:ced1d06568d3ae5465612f5117ca1434af028daf. Marcos M
06:55 PM Revision ced1d065: Merge pull request #4634 from rlaager/fix-mss-clamping-for-v6-vpn
Marcos M
06:41 PM Bug #14276 (Pull Request Review): One.com dynamic DNS doesn't work
Marcos M
06:34 PM pfSense Docs Correction #14962 (Resolved): Missing Word in IPSec EAP-RADIUS Doc
Fixed and deployed: https://gitlab.netgate.com/docs/pfSense-docs/-/commit/ef7d14c1c260345396ce32d1e7d13881f38a0372 Jim Pingle
01:20 AM pfSense Docs Correction #14962 (Resolved): Missing Word in IPSec EAP-RADIUS Doc
Doc is here: https://docs.netgate.com/pfsense/en/latest/recipes/ipsec-mobile-ikev2-eap-radius.html
Line reads:
"T... Kris Phillips
05:46 PM Bug #13498 (Pull Request Review): Newer variant models within the PC Engines APU2 platform are not recognized, causing garbled early serial console output
Marcos M
05:01 PM Feature #14728 (Feedback): Support for CD/DVD drives in the External Configuration Locator (ECL)
https://github.com/pfsense/pfsense/pull/4647
Merged after minor touch-ups.
Applied in changeset 5506b679754b0f6d5ae... Marcos M
04:51 PM Revision 5506b679: Merge pull request #4647 from Tsuser1/ecl-cdrom
Marcos M
04:37 PM Feature #13242 (Pull Request Review): Enhancements to static route creation/deletion for dpinger monitor IPs
Marcos M
04:33 PM Feature #12522 (Pull Request Review): More GUI options for OpenVPN Client-Specific Overrides
Marcos M
02:41 PM Revision 6c01ae83: Merge pull request #4653 from PhilZ-cwm6/patch_ovpn_nbdd
Marcos M
02:30 PM Todo #13537 (Feedback): Update vendor files
Applied in changeset commit:b18653a30eb4fa5d33ded0a78c7ddba0043f0e0c. Marcos M
02:06 PM Revision d2a91e8a: Update nvd3. Implement #13537
Marcos M
02:03 PM Revision e0cb987c: Update fontawesome. Implement #13537
Marcos M
02:03 PM Revision b18653a3: Update jQuery and jQuery-ui. Implement #13537
Marcos M
10:25 AM Feature #14960: Fixup the connection of a Wireless WAN to a particular BSSID
This issue has been pull-requested: https://github.com/pfsense/pfsense/pull/4656 Dongyoon Han
08:31 AM Regression #14965 (Resolved): Input validation prevents saving DHCPv6 Relay settings
On the 23.09-RELEASE, DHCPv6 Relay won't start. Although the *Upstream Servers* field has a valid server address, it ... Danilo Zrenjanin
04:56 AM pfSense Plus Regression #14964 (Not a Bug): SG-3100: iscsi support removed from 23.09 kernel
I used to use it to easily store larger service logs (e.g. from squid) on a NAS and can probably live without, but si... Jürgen Rühle
03:18 AM Regression #14963 (Resolved): Mobile IPsec Group Authentication cannot be enabled
In pfSense Plus 23.09, if you try to enable "Group Authentication" under VPN --> IPSec --> Mobile Clients, choose a g... Kris Phillips
02:02 AM pfSense Packages Bug #14645: Snort interface "External Net" (EXTERNAL_NET) custom IP list should have negation when expanded
This issue is corrected by Snort package update 4.1.6_12 posted for review and merge here: https://github.com/pfsense... Bill Meeks
12:40 AM pfSense Packages Bug #14645: Snort interface "External Net" (EXTERNAL_NET) custom IP list should have negation when expanded
Sorry to be late replying to this ticket.
First, the double brackets is a bug and will be corrected in a forthcoming... Bill Meeks
02:01 AM pfSense Packages Bug #14961: Snort package issue in snort_Getdirsize() function due to behavior change in PHP 8.x
This issue is corrected by Snort package update 4.1.6_12 posted for review and merge here: https://github.com/pfsense... Bill Meeks
12:46 AM pfSense Packages Bug #14961 (Resolved): Snort package issue in snort_Getdirsize() function due to behavior change in PHP 8.x
Beginning with PHP 8.x specific ASCII control characters should be wrapped with @chr()@ to insure they are interprete... Bill Meeks

11/09/2023

11:14 PM Todo #13537: Update vendor files
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/1098
* nvd3 updated to 1.8.6
* fontawesome updated to 6.... Marcos M
10:20 PM pfSense Packages Feature #14954: Add GUI option to Suricata interface settings for logging of Ethernet (MAC) addresses to the EVE JSON log
The requested feature has been added in code associated with Pull Request 1313 posted here for review and merge: http... Bill Meeks
01:44 AM pfSense Packages Feature #14954: Add GUI option to Suricata interface settings for logging of Ethernet (MAC) addresses to the EVE JSON log
I am working on adding this feature to a forthcoming GUI package update. Bill Meeks
01:31 AM pfSense Packages Feature #14954 (Resolved): Add GUI option to Suricata interface settings for logging of Ethernet (MAC) addresses to the EVE JSON log
Add an option to the INTERFACE SETTINGS tab to allow the use to enable or disable Ethernet (MAC) addresses to the EVE... Bill Meeks
10:18 PM pfSense Packages Bug #14955: Suricata GUI throws a PHP error when creating an EventTime object for use on the ALERTS or BLOCKS tabs if there is a malformed log file entry
This issue is resolved by Pull Request 1313 posted for review and merging here: https://github.com/pfsense/FreeBSD-po... Bill Meeks
01:44 AM pfSense Packages Bug #14955: Suricata GUI throws a PHP error when creating an EventTime object for use on the ALERTS or BLOCKS tabs if there is a malformed log file entry
I will address this problem in a forthcoming GUI package update. Bill Meeks
01:36 AM pfSense Packages Bug #14955 (Resolved): Suricata GUI throws a PHP error when creating an EventTime object for use on the ALERTS or BLOCKS tabs if there is a malformed log file entry
A line containing a number of consecutive spaces in either the @alerts.log@ or @blocks.log@ files will cause a fatal ... Bill Meeks
10:17 PM pfSense Packages Bug #14956: Suricata GUI generates invalid syslog priority values in suricata.yaml file for some drop-down list values
This issue is resolved with Pull Request 1313 posted for review and merge here: https://github.com/pfsense/FreeBSD-po... Bill Meeks
01:45 AM pfSense Packages Bug #14956: Suricata GUI generates invalid syslog priority values in suricata.yaml file for some drop-down list values
I am addressing this problem in a forthcoming GUI package update. Bill Meeks
01:42 AM pfSense Packages Bug #14956 (Resolved): Suricata GUI generates invalid syslog priority values in suricata.yaml file for some drop-down list values
The Suricata GUI code generates invalid syslog priority values in the @suricata.yaml@ file for several drop-down list... Bill Meeks
08:58 PM pfSense Packages Bug #14898: Suricata core dumps with signal 11
I may have found the culprit here (quite by accident I will admit). I think this commit by @kprovost might have fixed... Bill Meeks
04:43 AM pfSense Packages Bug #14898: Suricata core dumps with signal 11
I have not been able to reliably reproduce this crash, but I am testing on pfSense 2.7.0 CE with the latest Suricata ... Bill Meeks
07:13 PM Todo #13536 (Rejected): Compress website images
Thank you for the contribution.
I ran a lossless pass that reduced 48 files and saved less than 100KB. Given that ... Marcos M
06:55 PM pfSense Docs Todo #14959 (Closed): Update config revisions
Done.
https://gitlab.netgate.com/docs/pfSense-docs/-/commit/76a371e0e4165a89167f7d449a5ae21260f5125b
https://gi... Jim Pingle
05:51 PM pfSense Docs Todo #14959 (Closed): Update config revisions
https://docs.netgate.com/pfsense/en/latest/releases/versions.html
Config revisions for 23.09 and 2.7.1 should both... Marcos M
06:47 PM Feature #14960 (New): Fixup the connection of a Wireless WAN to a particular BSSID
When I use Wireless WAN in Infrastructure (BSS mode), sometimes it changed from the closest AP to a distant AP after ... Dongyoon Han
06:36 PM Bug #14929 (Pull Request Review): ``choparp`` service is not stopped after deleting Proxy ARP type Virtual IP addresses
Jim Pingle
08:40 AM Bug #14929: ``choparp`` service is not stopped after deleting Proxy ARP type Virtual IP addresses
I tested the patch, and I can confirm that it fixes the issue. Danilo Zrenjanin
06:21 PM Regression #14947 (Resolved): Rules using aliases of type ``URL (IPs)`` are not generated
I replicated the issue on 23.09-RELEASE (amd64).
After applying the patch, the firewall successfully loaded the l... Danilo Zrenjanin
05:18 PM Bug #14949: PHP Error on ``interfaces.php`` when creating a PPP interface
Thanks for the speed of delivering the patch, I can confirm that I used the workaround method when it was mentioned i... Jonny M
05:09 PM Bug #14949 (Feedback): PHP Error on ``interfaces.php`` when creating a PPP interface
There are indeed two separate issues here, one that affects CE and Plus and one that is Plus only
The issue affectin... Jim Pingle
05:16 PM pfSense Packages Todo #14795: Transition to nut-devel
Thank you! Denny Page
05:15 PM pfSense Packages Todo #14795: Transition to nut-devel
Sure, see attached. Marcos M
03:09 AM pfSense Packages Todo #14795: Transition to nut-devel
Thank you Marcos. Can you also post the ARM version please?
 Denny Page
12:33 AM pfSense Packages Todo #14795 (Feedback): Transition to nut-devel
# Install @nut@ from the package manager GUI
# Upload the attached file to the firewall
# Remove the old dependency... Marcos M
04:49 PM Revision 02366840: Fix PHP error when saving PPP interface w/o config. Issue #14949
Jim Pingle
01:09 PM Todo #14958 (New): Always reinstall *-kmod packages
We should ensure that *-kmod packages (such as drm-510-kmod) always get reinstalled on upgrade.
These ports are kern... Kristof Provost
09:43 AM Feature #12746: IPoE feature for WAN interface
Hello Team,
Can anyone please advise if there is any traction on this issue/feature? Seems like this is preventin... Shaf S
09:41 AM Feature #14957 (New): Edit or copy rule info/UX improvement
Hi! I find a little confusing to know if I'm actually copying a rule or editing it. If I click copy rule, the top pat... Federico Galli

11/08/2023

11:13 PM Todo #13268 (Pull Request Review): Dynamically adjust the interface name maximum width in the login banner
The max interface description is known (31 iirc), and the real interface name is almost always relatively short, henc... Marcos M
09:57 PM Todo #13263 (Feedback): Reduce log spam when deleting a static DHCP entry
Marcos M
09:57 PM Todo #13263: Reduce log spam when deleting a static DHCP entry
Applied in changeset 8b4006f25828c5fbd768e27b52470cdd3614f7ea. Marcos M
09:54 PM Revision 8b4006f2: Merge pull request #4603 from luckman212/reduce-log-spew-during-static-dhcp-deletions
Marcos M
09:42 PM Feature #14887: Add an appropriately named file to install images to indicate what they are
In fact the file seem to be added cumulatively. The memstick-vga image only has the correct named txt file. ADI image... Steve Wheeler
09:24 PM Feature #14887 (In Progress): Add an appropriately named file to install images to indicate what they are
Seeing this is 2.7.1 images now but all three file names are added:... Steve Wheeler
09:37 PM Feature #13256 (Feedback): Better handling of duplicate IP addresses in static DHCP assignments
Applied in changeset commit:f6bf8c925d0e460c4e23429d0294b8b357a903a2. Marcos M
09:19 PM Revision f6bf8c92: Merge pull request #4603 from luckman212/enhancement-to-dhcp-static-map-handling-of-duplicate-ips
Marcos M
08:50 PM Bug #11566 (Feedback): Firewall Maximum Table Entries "default size" is whatever is entered
Applied in changeset commit:50b5741beafdb34a3009b78279e203570f5e6d3f. Marcos M
06:10 PM Bug #11566: Firewall Maximum Table Entries "default size" is whatever is entered
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/1096 Marcos M
06:10 PM Bug #11566 (Pull Request Review): Firewall Maximum Table Entries "default size" is whatever is entered
Marcos M
05:48 PM Bug #11566: Firewall Maximum Table Entries "default size" is whatever is entered
It may not be. :) And actually per https://docs.netgate.com/pfsense/en/latest/config/advanced-firewall-nat.html#fire... Steve Y
05:33 PM Bug #11566: Firewall Maximum Table Entries "default size" is whatever is entered
The code simply reports the current value rather than keeping track of the default value (which is accurate only when... Marcos M
01:58 PM Bug #11566: Firewall Maximum Table Entries "default size" is whatever is entered
Since it came up in forum, just noting this is still an issue on 23.05.1. (haven't updated any to 23.09 yet since it ... Steve Y
08:29 PM pfSense Docs Todo #14816 (Closed): Feedback on pfSense® software Configuration Recipes — OpenVPN Site-to-Site Configuration Example with SSL/TLS
I just pushed an update that corrects some of the menu/option names and clarifies a couple other points. I followed a... Jim Pingle
06:43 PM Bug #14949: PHP Error on ``interfaces.php`` when creating a PPP interface
It appears there are multiple problems here.
This line is failing because it's falling through to the default case... Jim Pingle
06:21 PM Bug #14949 (Confirmed): PHP Error on ``interfaces.php`` when creating a PPP interface
I can replicate this in 23.09 after setting an interface IPv4 type from none to pppoe:... Steve Wheeler
06:04 PM Bug #14949: PHP Error on ``interfaces.php`` when creating a PPP interface
I also noticed this problem, although I hadn't used PPPoE for a while now.
https://forum.netgate.com/topic/183934/f... Bob Dig
04:27 PM Bug #14949: PHP Error on ``interfaces.php`` when creating a PPP interface
Freshly assigned, I had not used that interface before I went to set PPPoE up on it for a second ISP. Jonny M
04:26 PM Bug #14949: PHP Error on ``interfaces.php`` when creating a PPP interface
Was OPT1 configured before you started? Or was it freshly assigned?
 Jim Pingle
04:19 PM Bug #14949: PHP Error on ``interfaces.php`` when creating a PPP interface
I browse to Interfaces -> OPT1, change the IPv4 configuration to PPPoE, enter a PPPoE username and password, and then... Jonny M
04:00 PM Bug #14949: PHP Error on ``interfaces.php`` when creating a PPP interface
OK, two more questions:
1. What are the exact steps you are taking that produce the PHP error? I know you said "co... Jim Pingle
03:03 PM Bug #14949: PHP Error on ``interfaces.php`` when creating a PPP interface
Lines 1995-1998 are:... Jonny M
02:15 PM Bug #14949 (Feedback): PHP Error on ``interfaces.php`` when creating a PPP interface
The error is a bit odd considering the code there:... Jim Pingle
06:07 PM Revision 50b5741b: Update misleading function names. Fix #11566
Marcos M
05:53 PM Feature #14953 (Resolved): Add Kea information to ``status.php``
status.php only gathers information, such as the configuration file, for ISC dhcpd. Kea should be incorporated.
Se... Chris Linstruth
04:50 PM Regression #14947 (Feedback): Rules using aliases of type ``URL (IPs)`` are not generated
Applied in changeset commit:a6cf534d0fa0297547f1e587a12729f9d7066bae. Marcos M
04:44 PM Revision a6cf534d: Support URL IP aliases in alias_expand(). Fix #14947
Marcos M
03:09 PM pfSense Packages Bug #14898: Suricata core dumps with signal 11
Thank you Marcos for the hint about the VIP. I am investigating. The crash is happening within a portion of the custo... Bill Meeks
01:51 PM pfSense Packages Bug #14951 (Duplicate): Tripplite Smart1500LCD UPS
Almost certainly the same as other similar recent reports. Some driver/OS change is causing this device to need root ... Jim Pingle
04:19 AM pfSense Packages Bug #14951 (Duplicate): Tripplite Smart1500LCD UPS
I wanted to create this incident ticket to advise the pfsense development team that when I had pfsense version 2.6, I... Adam Di Vizio
05:03 AM Feature #14952 (Rejected): Firewall Alias Import
Hi There,
When you create a new Alias in PFSENSE, you can click on import option where it gives you a text box to ... Adam Di Vizio
01:24 AM Feature #14437: Add DynDNS Provider - Hetzner
PR: https://github.com/pfsense/pfsense/pull/4714
Old PR: https://github.com/pfsense/pfsense/pull/4654
I messed up ... Marvin Hörr
12:15 AM pfSense Packages Todo #14073: Shalla block list is offline but still available in pfBlocker
Can we get this package cleaned up at least with the removal of the list.
Its causing confusion from users. Mike Moore

11/07/2023

11:04 PM Bug #14950: Improve documentation: Configuring CoDel Limiters for Bufferbloat
Aram Akhavan wrote:
> I struggled to get my limiters up and running because I host some video streaming services fro... Aram Akhavan
11:03 PM Bug #14950 (New): Improve documentation: Configuring CoDel Limiters for Bufferbloat
I struggled to get my limiters up and running because I host some video streaming services from my network. I'd like ... Aram Akhavan
10:23 PM Feature #10843: Allow user manager settings to specify multiple authentication servers

Denis Grilli wrote in #note-4:
> Just here to push this up. This feature would be very useful on enterprise envi... Ryan Whitlock
10:18 PM Bug #14949 (Resolved): PHP Error on ``interfaces.php`` when creating a PPP interface
I believe this may be related to #14790, it looks like that issue closed when nobody could make interfaces.php break ... Jonny M
09:20 PM Regression #14947 (Confirmed): Rules using aliases of type ``URL (IPs)`` are not generated
Replicated this in 2.7.1 Steve Wheeler
02:19 PM Regression #14947: Rules using aliases of type ``URL (IPs)`` are not generated
For reference, I've also tested by creating new aliases under 23.09 and assigning these to the firewall rules, and wh... Remy Monsen
02:10 PM Regression #14947 (Resolved): Rules using aliases of type ``URL (IPs)`` are not generated
After updating my Netgate 4100 box to 23.09 it started spamming notifications in the web gui every time the firewall ... Remy Monsen
06:53 PM pfSense Docs Correction #14948 (Closed): Wrong address and prefix for Global Unique Addresses (GUA) - Routable IPv6 addresses
I removed the line in question. I couldn't find anything that still referenced it in that context, and what I could f... Jim Pingle
04:10 PM pfSense Docs Correction #14948 (Closed): Wrong address and prefix for Global Unique Addresses (GUA) - Routable IPv6 addresses
johnpoz write in this thread [1] the GUA address space is
2000::/3 and not 2001::/16 as currently documented.
[1]... slu -
05:29 PM Todo #10464: Don't change the current update repo when new releases are available
Three years later I wake up to find that my SG-3100 has auto-borked itself by automatically updating the pkg package:... Craig Leres
04:48 PM pfSense Packages Bug #14932: mailreport 3.6.4_1 doesn't handle name address format "Name <email@domain.com>" in sender
From examining mail server logs it looks like mailreport sends the email but it sets the from address in the header t... Andrew Dakin
03:26 AM Feature #14483: Conditionally reconfigure IPsec VTI interfaces only when necessary while applying IPsec changes
Any updates/patches that i can apply to test?
These IPsec changes are impacting client/customer connectivity for me.... Mike Moore

11/06/2023

08:58 PM pfSense Packages Feature #14712: CrowdSec package
I created a PR for the package at https://github.com/pfsense/FreeBSD-ports/pull/1311
 Marco Mariani
06:39 PM Feature #13085: OpenVPN NBDD server options
And the patch working on current git release
 Phil Wardt
08:37 AM Feature #13085: OpenVPN NBDD server options
I posted a new patch as requested
https://github.com/pfsense/pfsense/pull/4653
I will add the patch diff file lat... Phil Wardt
06:03 PM pfSense Plus Regression #14946 (Rejected): Kea DHCP GUI DHCP custom options area removed
This is a known limitation and will be addressed in the next release. It's mentioned in the release notes. Jim Pingle
06:03 PM pfSense Plus Regression #14946 (Rejected): Kea DHCP GUI DHCP custom options area removed
Hello fellow pfSense Redmine community members,
I noticed that custom dhcp options are no longer accessible in the... Jonathan Lee
05:47 PM Revision 3c3a5650: Bump to 2.7.1-RC
Brad Davis
05:21 PM pfSense Plus Feature #14945: Allow IPsec VTI ``ipsecX`` interfaces to be added to interface groups
This should be possible so long as the IPsec Filter Mode (VPN > IPsec, Advanced Settings tab) is set to filter VTI on... Jim Pingle
04:54 PM pfSense Plus Feature #14945 (New): Allow IPsec VTI ``ipsecX`` interfaces to be added to interface groups
Provide the ability to add IPsecX interfaces that are set up for VTI and filtering enabled, to be part of an Interfac... Mike Moore
02:39 PM pfSense Plus Bug #14705 (Closed): Changes in Ethernet ruleset can lead to incorrect rule and separator order
Jim Pingle
01:26 PM pfSense Plus Bug #14944 (Not a Bug): IPv6 only works while saving interface settings
To update Track6 on an interface you have to save/apply the interface being tracked (WAN in this case), the settings ... Jim Pingle
08:00 AM pfSense Plus Bug #14944: IPv6 only works while saving interface settings
Also, every time i save settings on the WAN interface, the web-interface is unresponsive after Applying. I hae to go ... Chris Fokkenrood
07:58 AM pfSense Plus Bug #14944 (Not a Bug): IPv6 only works while saving interface settings
When changing IPv6 interface settings from None into Track Interface, i have to reboot in order to get this to work. ... Chris Fokkenrood
01:24 PM pfSense Plus Bug #14943 (Not a Bug): Authentication server LDAPs Unknown CA
Jim Pingle
01:24 PM Feature #13377 (Resolved): Option to configure a custom value for the PHP memory limit
Jim Pingle
08:29 AM Revision 1b612f6f: OpenVPN: expose NBDD servers in GUI
In GUI for both server and client specific overrides, add option to push DHCP NBDD option to client Tux Dictumst
01:08 AM pfSense Packages Bug #14926: Squid Proxy contains critical vulnerabilities
Pretty sure there isnt an official maintainer for Squid in pfSense. Assume that the package will not receive any bug ... Mike Moore

11/05/2023

09:10 PM pfSense Plus Bug #14943: Authentication server LDAPs Unknown CA
Fixed by connecting to the console and ran menu options 16 then 11 as suggested in https://docs.netgate.com/pfsense/e... Marcelo Cury
06:58 PM pfSense Plus Bug #14943: Authentication server LDAPs Unknown CA
Weird, it seems that this only happens in the Dashboard.
Even when I remove the authentication server entirely and r... Marcelo Cury
06:44 PM pfSense Plus Bug #14943 (Not a Bug): Authentication server LDAPs Unknown CA
Found that if you configure an authentication server without authentication (Standard TCP 389), and after that you ch... Marcelo Cury
01:07 PM pfSense Plus Bug #14467: Temperature sensor reading is abnormally high on some systems
This is probably what I am experiencing on a Xeon D-1736NT (Ice Lake) on 23.09-RC (23.09.r.20231027.0151)... Rob A
07:47 AM Feature #13377: Option to configure a custom value for the PHP memory limit
Tested on
23.09-RC (amd64)
built on Fri Oct 27 1:51:00 UTC 2023
FreeBSD 14.0-CURRENT
Looks good, in VM it is calc... aleksei prokofiev
06:40 AM pfSense Packages Bug #14836: squid and capitive portal integration bug
Tested on
23.05.1-RELEASE (amd64)
built on Wed Jun 28 03:57:27 UTC 2023
FreeBSD 14.0-CURRENT
I can confirm such... aleksei prokofiev
06:31 AM pfSense Packages Bug #14932: mailreport 3.6.4_1 doesn't handle name address format "Name <email@domain.com>" in sender
Tested on
23.05.1-RELEASE (amd64)
built on Wed Jun 28 03:57:27 UTC 2023
FreeBSD 14.0-CURRENT
mailreport 3.6.4... aleksei prokofiev
01:10 AM Bug #14634: The default gateway icon is not updated when the default gateway is changed to none
it goes away after applying for me...
!clipboard-202311042010-0bvvg.png!
 Jordan G
01:00 AM Bug #10980: ``/etc/rc.local`` script content is executed at login instead of during boot sequence
confirm startup scripts added (as described here - https://docs.netgate.com/pfsense/en/latest/development/boot-comman... Jordan G
12:30 AM Feature #14887: Add an appropriately named file to install images to indicate what they are
I think this is a good idea. Perhaps also making the disk label reflect the version. Christopher Cope

11/04/2023

11:38 PM Feature #10237 (Closed): Take ZFS snapshot on Upgrade
This was added in as of 22.05 Christopher Cope
10:45 PM Bug #5413: Reduce disruptions when changing DNS records from DHCP leases in Unbound
Hello Christian, any updates on your progress? Thanks! Dennis Adler
10:21 PM Feature #13377: Option to configure a custom value for the PHP memory limit
23.09 on 6100, this looks better for default and range
!clipboard-202311041720-hhol7.png!
 Jordan G
07:48 PM Bug #14634 (Confirmed): The default gateway icon is not updated when the default gateway is changed to none
Tested on... Christopher Cope
04:58 PM Regression #14431: Sending IPv6 traffic on a disabled interface can trigger a kernel panic
Spending more time on my Ice Lake Xeon box recently but no observable difference to that of my 6100. Today's crash o... Rob A
02:56 PM Bug #13087 (Resolved): OpenVPN WINS options may be visible even when NetBIOS is disabled
The patch fixes it.
I am marking this ticket resolved. Danilo Zrenjanin
09:31 AM pfSense Packages Bug #11074 (Confirmed): bind Zone Settings Zones, Save button opens "Confirmation required to save changes"
I can confirm that the Popup dialog appears after hitting the *Save* button.
I don't see the purpose of this Popu... Danilo Zrenjanin
08:48 AM pfSense Packages Bug #14771 (Resolved): Lightsquid creating multiple SSL certificates, not starting
Tested against:... Danilo Zrenjanin
08:29 AM Bug #14938: Can't get "Track interface" working for IPv6 when using DHCP6 "Advanced Configuration"
Thanks Kris
The answer is simple : in the interfaces.inc file, when "advanced configuration" is checked for WAN, the... Damien LE GUILLOU
02:18 AM Bug #14938: Can't get "Track interface" working for IPv6 when using DHCP6 "Advanced Configuration"
I have tested this with an identical configuration, minus the advanced DHCPv6 client options, and things work normall... Kris Phillips
02:32 AM pfSense Packages Bug #14895: Wireguard / bad performance after reboot, if running together with OpenVPN
Is it possible your Wireguard tunnel is trying to establish over your OpenVPN tunnel somehow due to a route-all direc... Kris Phillips
02:30 AM pfSense Packages Bug #14934: haproxy-devel: "Warning: process cannot be trusted anymore!" since pfSense Plus Upgrade to
This issue only affects the devel version of HAProxy and not the stable version on 23.05.1. Tested this on pfSense P... Kris Phillips
02:21 AM Bug #14937: Random UDP loss
Hello,
Can you run a packet capture on both the originating and remote firewall narrowed down to just the appropri... Kris Phillips

11/03/2023

06:46 PM Bug #14648: Values obtained from ``sysctl`` are sometimes unexpectedly empty, leading to PHP and other math errors
Steve Wheeler wrote in #note-25:
> Reviewing this it appears everyone hitting this is running an Intel Nxxx CPU. Is ... Joel Kåberg
03:38 PM pfSense Docs Correction #14599 (Rejected): Change Interface Names in TNSR Remote Office With Existing IPsec Hub to Something Else
Moved to https://redmine.netgate.com/issues/12213 as this Redmine isn't for TNSR docs. Jim Pingle
12:47 PM Bug #14940 (Not a Bug): GUI times out when using EDIT FILE
While you are editing a file there is no communication between your browser and the server, the activity is all local... Jim Pingle
05:07 AM Bug #14940 (Not a Bug): GUI times out when using EDIT FILE
Hello fellow Redmine pfSense members,
I have noticed that as long as you have GUI activity it will not timeout. Ho... Jonathan Lee
12:44 PM pfSense Plus Bug #14939 (Not a Bug): Version info displayed in dashboard seems incorrect
Something likely happened on your system and one or more underlying packages didn't get fully updated so it's having ... Jim Pingle
12:39 PM Bug #14942: DNS Resolver host overrides ignore all aliases if first entry has a domain set but no hostname
Just to note - this isn't a new bug/regression. I can reproduce it on 22.05, but I didn't go back any farther than that. Jim Pingle
10:41 AM Bug #14942: DNS Resolver host overrides ignore all aliases if first entry has a domain set but no hostname
Can confirm this behavior tested on ... Lev Prokofev
10:00 AM Bug #14942 (Resolved): DNS Resolver host overrides ignore all aliases if first entry has a domain set but no hostname
I am not sure this is normal behaviour but might stem from code to control input.
I tried this with multiple alias... Jon Brown
09:46 AM pfSense Packages Feature #14941 (New): add directdomains list in GUI
Is it possible to add directly in the GUI a directdomains category like whitelist or blacklist ...
this directdomain... Claude-Axel Piller

11/02/2023

08:35 PM pfSense Plus Bug #14939 (Not a Bug): Version info displayed in dashboard seems incorrect
Last night upgraded from 23.05.1 to 23.09.r.20231027.0151
On the main dashboard the version is still displayed as ... Jon Hrabowyj
08:14 PM Feature #4165: Allow for security zones when defining interfaces and firewall rules.
Though there's plenty of related documentation and resources already, it'd be helpful to have something for this type... Marcos M
06:15 PM Feature #4165: Allow for security zones when defining interfaces and firewall rules.
Marcos M wrote in #note-3:
> With the use of interface groups and/or aliases, the same functionality is possible (an... Durwin Babb
06:11 PM Feature #4165: Allow for security zones when defining interfaces and firewall rules.
Marcos M wrote in #note-3:
> With the use of interface groups and/or aliases, the same functionality is possible (an... Durwin Babb
07:43 PM pfSense Docs Correction #14910 (Closed): Feedback on System Monitoring — Firewall Table Contents
Updated and deployed.
https://gitlab.netgate.com/docs/pfSense-docs/-/commit/d9b0312226dc0e7fb22d658cde4406cca549b3... Jim Pingle
07:23 PM pfSense Docs Todo #14916 (Closed): Feedback on Virtual Private Networks — OpenVPN — OpenVPN Data Channel Offload (DCO)
Note added and deployed: https://gitlab.netgate.com/docs/pfSense-docs/-/commit/40578282c3d3b0992fca9211548280d737b2b321 Jim Pingle
05:07 PM Bug #14938 (New): Can't get "Track interface" working for IPv6 when using DHCP6 "Advanced Configuration"
Hello,
I'm using this WAN setup to get IPv6 prefix (::/56) from my ISP (Orange France):
- General Configuration... Damien LE GUILLOU
04:31 PM Bug #14929: ``choparp`` service is not stopped after deleting Proxy ARP type Virtual IP addresses
Forgot to add link to PR in case it's needed: https://github.com/pfsense/pfsense/pull/4652 Jared Hendrickson
04:22 PM Bug #14929 (Confirmed): ``choparp`` service is not stopped after deleting Proxy ARP type Virtual IP addresses
I can confirm this behavior on the:... Danilo Zrenjanin
01:58 PM pfSense Packages Regression #14904: FRR 9 crashes at startup on 23.09-BETA armv7 (3100)
Patch was sent upstream: https://reviews.freebsd.org/D42415 Christian McDonald
01:28 PM Bug #11268: Cookie named ``id`` prevents some forms from being loaded or saved properly
Just to say this still affects current versions of pfSense - I've tested it in pfSense 23.05.1 Plus.
Cookie values... Matthew Fearnley

11/01/2023

11:17 PM Feature #13085 (New): OpenVPN NBDD server options
Please submit a new PR with the relevant changes for NBDD. Marcos M
11:11 PM Bug #13089 (Feedback): Some OpenVPN NetBIOS settings are kept even when NetBIOS is disabled
Applied in changeset commit:056e50ee7b3bd252c971724d7d06287e74a145ea. Marcos M
11:07 PM Bug #13090 (Feedback): OpenVPN NetBIOS Node Type and Scope ID options are not pushed to clients
Applied in changeset commit:6b06bf5988646d9755b08904cbc41fa81edad2ad.
Before patch:
> SENT CONTROL [User]: 'PUSH_... Marcos M
10:54 PM Bug #14937 (New): Random UDP loss
Hi,
After upgrading from pfsense CE 2.5 to 2.7 some UDP packets started unexpectedly to loss on GRE interface.
... Roman Kuznetsov
10:41 PM Feature #4165: Allow for security zones when defining interfaces and firewall rules.
Marcos, is there supporting documentation for this incoming? This is a much-needed feature to get that zone-esque tim... Mike Moore
06:03 PM Feature #4165 (Rejected): Allow for security zones when defining interfaces and firewall rules.
With the use of interface groups and/or aliases, the same functionality is possible (and more flexible). This is even... Marcos M
04:37 PM Feature #4165: Allow for security zones when defining interfaces and firewall rules.
This is such an important feature request because from what I have seen in the community there is loads of confusion ... Durwin Babb
10:33 PM Revision 056e50ee: Merge pull request #4575 from PhilZ-cwm6/patch_vpn_netbios_settings
Marcos M
10:33 PM Revision 6b06bf59: Merge pull request #4576 from PhilZ-cwm6/patch_vpn_netbios_deprecated_settings
Marcos M
10:15 PM Bug #13087 (Feedback): OpenVPN WINS options may be visible even when NetBIOS is disabled
Applied in changeset commit:b57ee7830401697a729ac796e5c09f4c2021ccf0. Marcos M
10:05 PM Revision b57ee783: Hide WINS fields if NetBIOS is disabled. Fix #13087
Marcos M
07:35 PM Bug #10980 (Feedback): ``/etc/rc.local`` script content is executed at login instead of during boot sequence
Applied in changeset commit:ce83f38a8a51c3abe1291878420627343cf6b4a4. Marcos M
07:27 PM Revision ce83f38a: Run rc.local on system boot instead of on user logon. Fix #10980
Marcos M
05:21 PM Revision 2b0c1dd5: Merge pull request #4603 from luckman212/scrubing-to-scrubbing
Marcos M
05:18 PM pfSense Packages Regression #14904 (Resolved): FRR 9 crashes at startup on 23.09-BETA armv7 (3100)
I can confirm it works as expected on 23.09. ... Danilo Zrenjanin
03:07 PM Bug #14936: ``radvd`` service shows as stopped in services list when it should be disabled and hidden from that list
Note: The block that is incorrect is the second loop. The first loop was recently changed in #14136 and that loop has... Jim Pingle
03:03 PM Bug #14936 (Resolved): ``radvd`` service shows as stopped in services list when it should be disabled and hidden from that list
The @is_radvd_enabled()@ function in @pfsense-utils.inc@ appears to incorrectly interpret the state of the radvd serv... Jim Pingle
07:12 AM pfSense Plus Bug #14106: arc4random: WARNING: initial seeding bypassed the cryptographic random device because it was not yet seeded and the knob 'bypass_before_seeding' was enabled.
module firmware already present!
real memory = 3602862080 (3435 MB)
avail memory = 3462979584 (3302 MB)
Starting C... Jonathan Lee

10/31/2023

11:36 PM Regression #14896 (Resolved): Suricata is removed when upgrading the base system
Verified working after an upgrade to 23.09:
{{collapse... Marcos M
03:24 PM Regression #14896 (Feedback): Suricata is removed when upgrading the base system
Marcos M
12:34 AM Regression #14896: Suricata is removed when upgrading the base system
Thank you, Marcos. Glad it was an easy fix. Bill Meeks
11:33 PM pfSense Packages Bug #14898: Suricata core dumps with signal 11
This time it continued to crash after an update to the latest 23.09 snap. It seems to be related to the existence of ... Marcos M
09:46 PM Revision 0730c1a6: Use a function to get OpenVPN device names
Marcos M
09:00 PM Revision ac0a027f: Rector some direct config array accesses with pure scalar paths.
Christian McDonald
04:52 PM Revision 602f6d6e: Specify specialnet flags when calling get_specialnet(). Fix #14935
Allow passing specialnet flags to pconfig_to_address() to correctly
handle address/network config elements. Also corr... Marcos M
02:53 PM Regression #14935 (Resolved): Filter rules specifying a VIP address are not generated
Marcos M
02:50 PM Regression #14935 (Feedback): Filter rules specifying a VIP address are not generated
Applied in changeset commit:e729ecf8dea176eea5516c9e249da6614246c87f. Marcos M
02:43 PM Regression #14935 (Pull Request Review): Filter rules specifying a VIP address are not generated
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/1095 Marcos M
02:16 PM pfSense Packages Feature #14633: Cleanup states on dynamic routing changes
Any update on this? Without cleanup up states on route changes, routing based redundancy is impossible to implement. ... Christopher de Haas
12:08 AM Revision e729ecf8: Specify specialnet flags when calling get_specialnet(). Fix #14935
Allow passing specialnet flags to pconfig_to_address() to correctly
handle address/network config elements. Also corr... Marcos M

10/30/2023

11:37 PM Regression #14935 (Resolved): Filter rules specifying a VIP address are not generated
# Create a Virtual IP
# Create a firewall rule specifying the VIP
# Rule does not appear in /tmp/rules.debug Marcos M
10:15 PM Bug #14386: ``openvpn.auth-user.php`` gets stuck at 100% CPU usage when RADIUS authentication times out
The patched version of ovpn_auth_verify seems to work okay, but if I patch ovpn_auth_verify_async I get auth failures... Orion Poplawski
08:12 PM Regression #14896 (Pull Request Review): Suricata is removed when upgrading the base system
Thanks for taking a look Bill. The issue does not affect Snort. It turns out that a workaround for a recent bug with ... Marcos M
07:31 PM Regression #14896 (In Progress): Suricata is removed when upgrading the base system
Marcos M
05:07 PM pfSense Packages Bug #14934: haproxy-devel: "Warning: process cannot be trusted anymore!" since pfSense Plus Upgrade to
At the suggestion of one of the Netgate admins on the forums when I asked this to get poked, this issue **does not ha... Thomas Ward
04:43 PM pfSense Packages Bug #14934: haproxy-devel: "Warning: process cannot be trusted anymore!" since pfSense Plus Upgrade to
NOTE: As part of testing, I reverted to 2.7.6-4dadaaa and into the pfSense Plus 23.05 (without .1) saved auto boot en... Thomas Ward
04:26 PM pfSense Packages Bug #14934 (Resolved): haproxy-devel: "Warning: process cannot be trusted anymore!" since pfSense Plus Upgrade to
haproxy-devel version: 2.8-dev6-4c7588d
pfSense+ Version: 23.05.1
With the update to pfSense 23.05.1, HAProxy no... Thomas Ward
04:17 PM pfSense Plus Bug #14925: /etc/regdomain.xml file ver low max power limit set
https://github.com/freebsd/freebsd-src/pull/880
Added a pull to set them to 40 Jonathan Lee
03:15 PM Revision 7eba7db8: Update version to 2.7.1
Brad Davis
01:30 PM pfSense Packages Feature #14652: FRR OSPF6 not working over wireguard
when restart wg service, then VIP setup LL address is lost in wg interface. it can't always keep for wg interface yon Liu
01:30 PM pfSense Packages Todo #14881: for wiregaurd interface add linklocal IPv6 address
when restart wg service, then VIP setup LL address is lost in wg interface. it can't always keep for wg interface. yon Liu

10/29/2023

10:56 PM Bug #14933: Traffic Graph widget displays bandwidth usage values which are half the actual usage amount
I can reproduce this in version 23.09
Reloading the dashboard, starting a 220Mbps download, shows fine. Opening anot... dylan mendez
06:27 PM Bug #14386: ``openvpn.auth-user.php`` gets stuck at 100% CPU usage when RADIUS authentication times out
In that case, it seems more likely that the issue is with fcgicli. Given this issue seems to have appeared in 23.01, ... Marcos M
06:07 PM Regression #11570 (Closed): Gateway monitoring services is not always restarted on interface events, which may prevent a WAN from recovering back to an online state
There are a number of factors that can result in the issue described in the original post. These are detailed in sepa... Marcos M
08:42 AM pfSense Packages Bug #14753: pfBlockerNG sync issues
Tested on pfBlocker 3.2.0_6
23.09-RC (amd64)
built on Fri Oct 27 1:51:00 UTC 2023
FreeBSD 14.0-CURRENT
The iss... aleksei prokofiev
04:54 AM pfSense Packages Bug #11515: node_exporter 0.18.1_1 - Unable to interact or start the service from web ui
service appears to start when enabled and shows positive indication in the service status dashboard on 23.09.r.202310... Jordan G
04:39 AM Bug #14634: The default gateway icon is not updated when the default gateway is changed to none
the globe icon is removed when changing default gateway to none, following applying the change, on 23.09.r.20231027.0... Jordan G
04:29 AM pfSense Packages Bug #14287: pfBlockerNG does not uninstall cleanly when using RAM disks
seeing this on pfBlockerNG 3.2.0_6 on 23.09.r.20231027.0151, this was a clean install and immediately attempting to r... Jordan G
02:57 AM pfSense Packages Bug #14861 (New): PHP error when pings are enabled but no ping hosts are defined
Crash report from Forum post:
Crash report begins. Anonymous machine information:
amd64
14.0-CURRENT
FreeBSD ... Kris Phillips
02:57 AM pfSense Packages Bug #14861: PHP error when pings are enabled but no ping hosts are defined
David Bowen wrote in #note-2:
> Kris Phillips wrote in #note-1:
> > Tested on 23.09 and unable to reproduce.
> >... Kris Phillips
01:26 AM Feature #14802: Re-enable multiqueue support for virtio NIC
I'd appreciate if maintainers could take a look at this Nazar Mokrynskyi
12:37 AM pfSense Packages Bug #7267 (Resolved): Status Traffic Totals - Stacked Bar - Scale not high enough
No longer an issue on... Christopher Cope
 

Also available in: Atom