Activity

30 days up to

User

Subprojects

Activity

From 11/23/2023 to 12/22/2023

12/22/2023

10:57 PM Feature #15114 (New): Allow mounting of multiple ZFS pools at boot: Current pfSense versions will only mount the default ZFS pool at boot. Since pfSense does not use the FreeBSD RC syst... Steve Wheeler
09:55 PM Revision 7cdf9713: Only backup kernel on UFS systems: Christian McDonald
08:26 PM pfSense Docs Todo #15113 (Closed): Update Image Verification Document to tell people to not sha256sum the .sha256 file, but instead just view the contents: Documentation is here:
https://docs.netgate.com/pfsense/en/latest/install/download-installer-image.html#verifying-th... Kris Phillips
06:04 PM Regression #15112 (Resolved): ``status_interfaces.php`` is missing several values for SFP modules: I am not seeing the SFP module status in pfSense 23.09.1 that was implemented previously. Reference https://redmine.p... Chad Wagner
05:17 PM Bug #15110: pfSense hangs when rebooting: Note this was after adding a 3rd party SSD. Steve Wheeler
01:44 PM Feature #8861: Show SFP module details on ``status_interfaces.php``: Chad Wagner wrote in #note-17:
> Is there a reason I would not be seeing the same on my 6100 with 23.09.1? I just sw... Jim Pingle
06:08 AM Feature #8861: Show SFP module details on ``status_interfaces.php``: Is there a reason I would not be seeing the same on my 6100 with 23.09.1? I just switched from SFP+ DACs to 10GTek SF... Chad Wagner
01:39 PM Bug #15111 (Rejected): LAN ipv4 route can't via WAN route out.: There is not nearly enough information here to say there is a bug rather than something wrong in your setup/environme... Jim Pingle
12:53 AM Bug #15111 (Rejected): LAN ipv4 route can't via WAN route out.: The LAN network ipv4 can't route out VIA ISP wan, LAN lose route yon Liu
11:11 AM pfSense Plus Bug #15097 (Confirmed): Upgrade to 23.09.1 is not offered for 23.05.1: Yeah, I can confirm this behavior on Netgate 6100.... Danilo Zrenjanin

12/21/2023

09:55 PM Feature #14165: Option to allow the DNS Forwarder to ignore system DNS servers: Pull request filed: https://github.com/pfsense/pfsense/pull/4664 Orion Poplawski
07:33 PM pfSense Packages Feature #14999: Feature Request: Update Squid Package to Version 6.5 this was released on updated Nov 6: Pretty Please ...
Maybe a Christmas package.. Jonathan Lee
07:22 PM pfSense Plus Bug #14515: Ethernet rule Action field hint text lists "reject" option which is not compatible with Ethernet rules: Christian McDonald wrote in #note-1:
> Thanks.
>
> pf(4) only supports pass/block action semantics for L2 rul... Jonathan Lee
07:20 PM pfSense Plus Bug #14515: Ethernet rule Action field hint text lists "reject" option which is not compatible with Ethernet rules: Do you still have this commit ID I do not think it shows up. I can't fetch 7cdf5ed172bbb98aa62e9a4ef534866ba1d63ef8 Jonathan Lee
06:59 PM Todo #15106: Remove ``Time`` column from OS Boot logs: Works great!!! Jonathan Lee
06:41 PM Todo #15106: Remove ``Time`` column from OS Boot logs: Marcos M wrote in #note-3:
> Only the @Message@ column is shown now. This affects @userlog@ and @dmesg.boot@ (OS Boo... Jonathan Lee
06:57 PM Bug #15060 (Ready To Test): LDAP bind fails when authentication servers use different CA chains: The first parameter type changed in PHP 8.1:
> The ldap parameter expects an LDAP\Connection instance now; previousl... Marcos M
06:13 PM Bug #15043: IGMP proxy works intermittently: I agree completely. This is a very disruptive bug for those that use IPTV. You can simply not use it. I think this bu... Haraldinho D
06:05 PM Bug #15043: IGMP proxy works intermittently: That pretty much sucks.
So, we either have to wait for 2.8 final or install a snapshot/dev version to be able to use... Arturo de Vries
04:48 PM Bug #15043 (Feedback): IGMP proxy works intermittently: Marcos M
02:34 PM Bug #15043: IGMP proxy works intermittently: This requires a kernel change, so it'll be part of the next release. This issue cannot be fixed through the System_Pa... Kristof Provost
02:24 PM Bug #15043: IGMP proxy works intermittently: When/how will this lead to an installable patch? Haraldinho D
09:37 AM Bug #15043: IGMP proxy works intermittently: The relevant fixes have been merged to the devel-main and plus-devel-main branches, and are included in recent snapsh... Kristof Provost
07:18 AM Bug #15043: IGMP proxy works intermittently: Any news on an official patch yet? Haraldinho D
05:57 PM Bug #14989 (Closed): Typo in the Setup Wizard: Christian McDonald
05:56 PM Bug #14261 (Feedback): Trim white space in a DHCP Leases page search field: Christian McDonald
05:56 PM Revision 8c2615a3: Trim DHCP & DHCPv6 search strings. #14261: Christopher Cope
05:54 PM Revision a13da2b0: Fix typo in setup wizard. Fixes #14989: Christopher Cope
04:47 PM Revision 65b5c400: get_sysctl(): check return status and log failures, add retries. #14648: Reid Linnemann
04:46 PM Revision 273e932c: Update loader on ESPs without use of a label: Reid Linnemann
04:09 PM Bug #15110 (New): pfSense hangs when rebooting: Start the reboot from the GUI:... Danilo Zrenjanin
01:52 PM Regression #15109 (Not a Bug): Many missing files with pkg-static check -s -a after upgrading from 2.7.1 to 2.7.2: All of those are expected the way things work currently. As we work more toward a pkg base for everything more of tho... Jim Pingle
08:44 AM Regression #15109 (Not a Bug): Many missing files with pkg-static check -s -a after upgrading from 2.7.1 to 2.7.2: Many missing files after upgrading from 2.7.1 to 2.7.2 when using:
_pkg-static check -s -a_
*2.7.1 fresh install... Hine Ke
10:00 AM Bug #15108: ``pfctl`` is unable to retrieve state creator list in certain circumstances: I think I see how the 'No space left on device' error can happen if we have many creator ids.
It's already fixed, be... Kristof Provost
09:38 AM pfSense Packages Todo #14073: Shalla block list is offline but still available in pfBlocker: Mike Moore wrote in #note-3:
> Can we get this package cleaned up at least with the removal of the list.
> Its cau... OpIT GmbH

12/20/2023

07:29 PM pfSense Packages Regression #14452: Prometheus node_exporter generates errors with the default config: I'm still seeing this on CE 2.7.2 with node_exporter 0.18.1_3 (upstream node_exporter-1.6.1) installed. Note that the... Logan Marchione
07:08 PM pfSense Packages Bug #15080: Suricata process dying due to Hyperscan error - also may randomly segfault: PR merged, thanks! Jim Pingle
05:18 PM pfSense Packages Bug #15080: Suricata process dying due to Hyperscan error - also may randomly segfault: Additional update for this issue for a complete history:
Two additional heap memory buffer overflow bugs were rece... Bill Meeks
07:08 PM pfSense Packages Bug #14898: Suricata core dumps with signal 11: PR merged, thanks! Jim Pingle
05:19 PM pfSense Packages Bug #14898: Suricata core dumps with signal 11: Additional update for this issue for a complete history:
Two additional heap memory buffer overflow bugs were rece... Bill Meeks
06:29 PM Todo #15106: Remove ``Time`` column from OS Boot logs: @userlog@ has a timestamp it's just not being parsed out since it doesn't match the syslog format. Jim Pingle
06:22 PM Todo #15106 (Resolved): Remove ``Time`` column from OS Boot logs: Only the @Message@ column is shown now. This affects @userlog@ and @dmesg.boot@ (OS Boot) logs - sorting behavior rem... Marcos M
03:45 AM Todo #15106: Remove ``Time`` column from OS Boot logs: Thanks for the information. Should Status / System Logs / System / OS Boot have time column removed as it is mislead... Jonathan Lee
02:21 AM Todo #15106 (Not a Bug): Remove ``Time`` column from OS Boot logs: The kernel boot log has no timestamps, the message log buffer is dumped all at once into the log file by the kernel a... Jim Pingle
02:03 AM Todo #15106 (Resolved): Remove ``Time`` column from OS Boot logs: Hello and happy holidays. I just noticed that the OS Boot Logs under pfSense GUI show "Time" and "Message" columns ho... Jonathan Lee
06:19 PM Revision 08434feb: Show only the Message column for raw logs. Implement #15106: Marcos M
05:58 PM Bug #14631 (Duplicate): ACL on DNS Resolver is not updated list after IPs changed on interfaces: Marcos M
03:58 AM Bug #14631: ACL on DNS Resolver is not updated list after IPs changed on interfaces: https://docs.netgate.com/pfsense/en/latest/config/xml-configuration-file.html
Have you checked this file? You migh... Jonathan Lee
03:56 AM Bug #14631: ACL on DNS Resolver is not updated list after IPs changed on interfaces: Check your config.xml file and see what the setting for this.
If you are still having issues where it can't save ... Jonathan Lee
05:52 PM pfSense Plus Bug #15103 (Resolved): Netgate Crypto ID missing in 23.09.01 after fresh firmware: Thoth is no longer used - the error is from old code which has been cleaned up in dev snaps. This is being tracked wi... Marcos M
04:15 AM pfSense Plus Bug #15103: Netgate Crypto ID missing in 23.09.01 after fresh firmware: With 23.05.01
@AES-GCM,ChaCha20-Poly1305,AES-ICM,AES-XTS,SHA1,SHA256,SHA384,SHA512@
is shown for my model 21... Jonathan Lee
04:32 PM pfSense Plus Feature #12832: 6100 configurable Blinking Blue LED: Have you attempted to just manually set the GPIO settings with a cron job to a different color? Would that help or ma... Jonathan Lee
03:56 PM Revision 55251505: Remove TOTH. Fix NG#12636: Marcos M
03:53 PM Bug #15108 (Resolved): ``pfctl`` is unable to retrieve state creator list in certain circumstances: In certain cases @pfctl -sc@ is unable to obtain the list of state creators, and instead results in an error message ... Jim Pingle
03:32 PM Bug #15057 (Resolved): Router Advertisement daemon does not prioritize IPv6 GUA over ULA: Marcos M
02:04 PM Bug #15057: Router Advertisement daemon does not prioritize IPv6 GUA over ULA: It works !
get_interface_track6ip now returns the GUA as expected, and radvd config file is correct
Thank you Mathis Cavalli
12:37 AM Bug #15057 (Pull Request Review): Router Advertisement daemon does not prioritize IPv6 GUA over ULA: Thanks! I was able to reproduce and confirm the issue. Please test the following patch:
{{collapse... Marcos M
05:32 AM Regression #14970: Static ARP assignments lose ``permanent`` flag in ARP table: Jonathan Lee wrote in #note-13:
> This could be also related
>
> https://redmine.pfsense.org/issues/15104
For... Denny Page
04:25 AM Regression #14970: Static ARP assignments lose ``permanent`` flag in ARP table: This could, could also cause broadcast arp storms and VLAN hopping vulnerabilities. Prior versions had broken up the ... Jonathan Lee
04:23 AM Regression #14970: Static ARP assignments lose ``permanent`` flag in ARP table: This could be also related
https://redmine.pfsense.org/issues/15104
I am having one broadcast domain now the p... Jonathan Lee
05:02 AM pfSense Packages Feature #15107 (New): An option to disable routes: When using Wireguard with FRR (dynamic routing) there needs to be an option to select 'Disable routes'
This will pre... Mike Moore
04:33 AM Feature #8794: NTP authentication support: https://github.com/pfsense/pfsense/pull/4658
User MatthewA1 has merged Marcos's requests as well as added the miss... Jonathan Lee
04:27 AM Regression #14987: ``Interface Address`` is no longer an option for outbound NAT targets: Does this cause issues with layer 2 experimental rules? They are MAC address or interface based. Jonathan Lee
04:12 AM pfSense Plus Bug #13206: SG-3100 LED GPIO hangs: Have you attempted to just manually set the GPIO settings with a cron job to a different color? Would that help or ma... Jonathan Lee
03:51 AM pfSense Plus Bug #13497: unbound process looks like stuck periodically: Post this in the forum it could be you are not using the correct settings and ACL's for unbound. Jonathan Lee
02:19 AM pfSense Plus Feature #14291: Support for cryptographic acceleration using the Multi-Buffer Crypto for IPsec Library (IPsec-MB, IIMB): crypto id/ping-auth has nothing to do with cryptographic acceleration, it's not relevant to this issue in any way. Jim Pingle
02:12 AM pfSense Plus Feature #14291: Support for cryptographic acceleration using the Multi-Buffer Crypto for IPsec Library (IPsec-MB, IIMB): Old post however I wanted to bring more attention to CryptoID loss of ping-auth when fresh firmware is installed.
... Jonathan Lee
12:31 AM Revision c32312a3: Handle IPv6 GUA and ULA in get_interface_track6ip(). Fix #15057: Marcos M

12/19/2023

07:24 PM Regression #14970: Static ARP assignments lose ``permanent`` flag in ARP table: Thank you for confirming. The 24.03 dev snaps for plus are now available, testing on that would be appreciated (the B... Marcos M
02:49 PM Regression #14970: Static ARP assignments lose ``permanent`` flag in ARP table: The issue I opened (#15105) was a decided to be a duplicate of this one. Just pasting in the detail I added. Person... Boycee .
06:33 PM Feature #4728: Expose ``nopool`` server option in the OpenVPN Server GUI: This can be accomplished with the custom options setting, e.g.:... Marcos M
05:59 PM Feature #9156 (Duplicate): OpenVPN: Add tickbox for 'nopool' directive: Marcos M
05:46 PM pfSense Packages Bug #15086 (Rejected): openvpn-client-export 1.9.2 | Viscosity Bundle | ECDSA cert missing key: I can't replicate this. I created a fresh EC cert using that curve and all export formats contain the certificate and... Jim Pingle
05:41 PM Bug #15060: LDAP bind fails when authentication servers use different CA chains: I have a similar problem. If you use one server and another with the same CA-Chain you do not have a problem.
If you... Ph. T
05:02 PM Bug #15102 (Closed): System - Update - System Update - Branch misspells deprecated as depreciated.: Fixed by Kris Molinari Jim Pingle
02:16 PM Regression #15105: Static ARP entries "converted" to expiring ARP: Jim Pingle wrote in #note-2:
> It's still almost certainly a duplicate of #14970 and doesn't need its own entry - add... Boycee .
02:04 PM Regression #15105 (Duplicate): Static ARP entries "converted" to expiring ARP: It's still almost certainly a duplicate of #14970 and doesn't need its own entry - add your observations there. Jim Pingle
01:52 PM Regression #15105: Static ARP entries "converted" to expiring ARP: Forgot to add there is already an issue opened for the "cosmetic" issue with display in ARP diagnostics page I mentio... Boycee .
01:47 PM Regression #15105 (Duplicate): Static ARP entries "converted" to expiring ARP: I believe there was a static ARP issue introduced with 2.7.0 (https://redmine.pfsense.org/issues/14374). However, th... Boycee .
05:42 AM pfSense Plus Bug #15104: Layer 2 experimental Firewall/Rules/Ethernet: new broadcast domain issues: Thanks happy holidays. I enjoyed the experimental layer 2 broadcast storm puzzles that took me way back to old CCNA c... Jonathan Lee
05:40 AM pfSense Plus Bug #15104: Layer 2 experimental Firewall/Rules/Ethernet: new broadcast domain issues: Also you can see traffic on the experimental layer 2 firewall rules between the interfaces that is the main concern h... Jonathan Lee
05:23 AM pfSense Plus Bug #15104: Layer 2 experimental Firewall/Rules/Ethernet: new broadcast domain issues: I will be moving back to 23.05.01 it's layer 2 abilities were more secure within the broadcast domains. Jonathan Lee
05:21 AM pfSense Plus Bug #15104: Layer 2 experimental Firewall/Rules/Ethernet: new broadcast domain issues: Please see photo. Also when a client has a static entry for the firewall on a secure side "Firewall's LAN(WLAN)" and ... Jonathan Lee
01:18 AM pfSense Plus Bug #15103: Netgate Crypto ID missing in 23.09.01 after fresh firmware: ping-auth -s no longer populates it for you so its empty, how does this effect OpenVPN users? Jonathan Lee
01:17 AM pfSense Plus Bug #15103: Netgate Crypto ID missing in 23.09.01 after fresh firmware: It still works the thorth folder is empty.
I fixed it by transferring the folder over from an older SSD
Jonathan Lee
12:56 AM pfSense Plus Bug #15103 (Confirmed): Netgate Crypto ID missing in 23.09.01 after fresh firmware: Also see: https://redmine.netgate.com/issues/12636
The CryptoID is shown as expected if the /etc/thoth/thothid is ... Steve Wheeler

12/18/2023

10:48 PM pfSense Plus Bug #15104 (New): Layer 2 experimental Firewall/Rules/Ethernet: new broadcast domain issues: Layer 2 broadcast domain in 23.05.01 would separate compex card from the LAN RJ45 ports. It no longer separates the l... Jonathan Lee
10:39 PM pfSense Plus Bug #15103 (Resolved): Netgate Crypto ID missing in 23.09.01 after fresh firmware: Hello I noticed this after fresh firmware install on a SG-2100
@ The command '/usr/local/sbin/ping-auth -s > /etc/... Jonathan Lee
06:28 PM Bug #15102 (Closed): System - Update - System Update - Branch misspells deprecated as depreciated.: Suggest changing depreciated to deprecated. David Benner
06:11 PM Regression #14970: Static ARP assignments lose ``permanent`` flag in ARP table: Unfortunately yes. This is still happening in 23.09.1
If I am not mistaken it started happening two or three release... Johan Belmans
05:48 PM Regression #14970: Static ARP assignments lose ``permanent`` flag in ARP table: Is this still happening on 23.09.1? Marcos M
04:34 PM pfSense Plus Feature #15101 (Rejected): Warning about using Kea DHCP for HA env: Kea does not support HA yet, and that has been warned about in the release notes. We aim to have support in the next ... Jim Pingle
04:29 PM pfSense Plus Feature #15101 (Rejected): Warning about using Kea DHCP for HA env: Using Kea DHCP for HA environment can and will lead to issues with ARPs if you are using dynamic leases. Nice to have... Bartłomiej Bujak
03:25 PM Bug #13413: Some messages presented to users contain relative links to pages which may be invalid when triggered from certain packages: Moving projects/rewording since this isn't specific to any one package, it just happens to affect packages which put ... Jim Pingle
01:17 PM pfSense Packages Feature #15099 (Closed): ACME: please update GUI to include recently added DNSapi providers.: This happens during any update we do, no need for a separate issue to track it. Jim Pingle
01:08 PM Bug #14434: PPPoE WAN interface with VIPs causes continuous interface restarting: Still present in 23.09.1 Steve Wheeler
09:25 AM pfSense Plus Bug #14824: OpenVPN instance on IPv6 PPPoE interface does not always start automatically: is there any progress yet or will it never work properly ???
Dec 18 10:19:00 openvpn 15608 Exiting due to fatal... Łukasz Rojczyk

12/17/2023

04:17 PM Feature #12521: Add the BBR2, QUIC, RACK Congestion Control (CC) protocols: hao zhang wrote in #note-3:
> https://man.freebsd.org/cgi/man.cgi?query=tcp_bbr&apropos=0&sektion=0&manpath=FreeBSD+... Sergei Shablovsky
03:11 AM pfSense Plus Bug #15097: Upgrade to 23.09.1 is not offered for 23.05.1: Can confirm that this seems to consistently happen basically every time someone upgrades from 23.01 to 23.05.1. Kris Phillips
03:04 AM pfSense Packages Bug #15100 (New): Tailscale IPv6 Exit Node uses first LAN interface when WAN is set to Only Request Prefix: When Tailscale on pfSense Plus is being used as an exit node for IPv6 connectivity and the WAN interface is set to "O... Kris Phillips
02:58 AM pfSense Packages Feature #14453: Expand prefix list entry window: Any update on this?
The workaround is to go into the pfsense shell, go into the FRR cli <vtysh> and examine the pref... Mike Moore

12/16/2023

10:51 PM Bug #13413 (Pull Request Review): Some messages presented to users contain relative links to pages which may be invalid when triggered from certain packages: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/1111
I wasn't able to reproduce the error with Wiregua... Christopher Cope
08:29 PM Bug #15067 (Confirmed): Secondary node attempts to delete the ``admins`` group when synchronizing accounts via XMLRPC: After applying the fix, the errors are no longer present with the admins group, but assigning / removing any other gr... Christopher Cope
02:49 PM pfSense Packages Feature #15099 (Closed): ACME: please update GUI to include recently added DNSapi providers.: Please update GUI to include DNS API providers like DnsExit.com that was recently added to acme.sh.
https://github... Michael C
11:35 AM Bug #15057: Router Advertisement daemon does not prioritize IPv6 GUA over ULA: I rolled back my change to get_interface_track6ip to show you what it returns with the original code... Mathis Cavalli
07:05 AM Bug #14691: Separators get shifted when copying firewall rules between interfaces: old separators Jonathan Lee
07:05 AM Bug #14691: Separators get shifted when copying firewall rules between interfaces: @ <separator>
<wan></wan>
<lan></lan>
<opt1></opt1>
<floatingrules></floatingrules>
... Jonathan Lee
06:30 AM Bug #14619: Rule separators are ordered incorrectly after removing rules in certain positions: I still have issues with this in 23.05.01 and they all show up again in 23.09.01
I stopped using separators howev... Jonathan Lee

12/15/2023

11:08 PM Bug #15057 (Incomplete): Router Advertisement daemon does not prioritize IPv6 GUA over ULA: Marcos M
10:59 PM Regression #14987 (Not a Bug): ``Interface Address`` is no longer an option for outbound NAT targets: The "Interface Address" selection is no longer available due to general changes to the outbound NAT pages which bring... Marcos M
08:29 AM Regression #14987: ``Interface Address`` is no longer an option for outbound NAT targets: I've tested on 23.09.1. Indeed, there is no Tailscale address from the drop-down menu in the translation section.
... Danilo Zrenjanin
10:55 PM Bug #15098: Wireguard crashes on boot if PPPoE is the default gateway: restarting the gateway service also solves it.
Edit: Also happens with an DHCP interface as default gateway Oskar Stroka
10:38 PM Bug #15098: Wireguard crashes on boot if PPPoE is the default gateway: changing a static route, even disabling and re-enabling one, allows wireguard to be enabled again Oskar Stroka
08:06 PM Bug #15098 (New): Wireguard crashes on boot if PPPoE is the default gateway: This only seems to happen after a fresh boot, and only if any PPPoE connection is the default gateway.
Even the ser... Oskar Stroka
08:51 PM Bug #14967 (Resolved): Cannot disable Router Advertisements when the interface IPv6 configuration is set to ``None``: Marcos M
08:50 PM Bug #15096 (Resolved): Interface subnet aliases do not contain IPv6 VIPs: Marcos M
05:22 PM Bug #15096: Interface subnet aliases do not contain IPv6 VIPs: Works like a charm! cheers! gwab ber
04:58 PM Bug #15096: Interface subnet aliases do not contain IPv6 VIPs: Patch working great, thanks. Bob Dig
04:50 PM Bug #15096: Interface subnet aliases do not contain IPv6 VIPs: Patch is woring, table now contain the IPV6 alias IP
tested on ... Lev Prokofev
04:20 PM Bug #15096: Interface subnet aliases do not contain IPv6 VIPs: Applied in changeset commit:1c4ca20d3d5910f126f11221f23e1fa21197f225. Marcos M
04:14 PM Bug #15096 (Feedback): Interface subnet aliases do not contain IPv6 VIPs: Fixed in commit 1c4ca20d3d5910f126f11221f23e1fa21197f225. Marcos M
12:01 PM Bug #15096: Interface subnet aliases do not contain IPv6 VIPs: I fixed it temporarely by adding separate allow rule for the ULA. gwab ber
11:58 AM Bug #15096: Interface subnet aliases do not contain IPv6 VIPs: I just looked, created gua and ula on one of my interfaces - and while the gua is shown, the ula is missing.
I cre... JohnPoz _
11:22 AM Bug #15096 (Resolved): Interface subnet aliases do not contain IPv6 VIPs: While the tables _NETWORK not reflecting any IPv6 ULA as VIP at all, an ULA IPv6 connection from LAN is working while... Bob Dig
07:24 PM pfSense Docs Todo #15095 (Closed): Feedback on Installing and Upgrading — Upgrade Guide — Upgrading High Availability Clusters: You are correct, that bit isn't relevant anymore. I've removed it, the updated version will be online in a few minute... Jim Pingle
06:29 PM pfSense Plus Bug #15097 (Resolved): Upgrade to 23.09.1 is not offered for 23.05.1: Since the release of 23.09.1, devices that upgrade to 23.05.1 from a previous version are unable to upgrade to 23.09.... Kris Phillips
04:12 PM Revision 1c4ca20d: Include IPv6 VIPs in system subnet aliases. Fix #15096: Marcos M
11:42 AM Bug #15041: Icmp payload default of 0 can give issues as this is not a official supported value as monitoring of a gateway.: I understand that the value already can be edited, and that the default payload is 1 instead of zero does not change ... Leon Straathof

12/14/2023

07:23 PM Feature #6362 (New): Allow specifying the client identifier hardware type: From what I've gathered so far, this is not a bug. RFC2132 states:... Marcos M
05:40 PM Feature #6362: Allow specifying the client identifier hardware type: Carlo Tognetti wrote in #note-4:
> Still present in rel. 2.7.1
> The bug have been persisting on all releases in th... Kris Phillips
05:27 PM pfSense Docs Todo #15095 (Closed): Feedback on Installing and Upgrading — Upgrade Guide — Upgrading High Availability Clusters: *Page:* https://docs.netgate.com/pfsense/en/latest/install/upgrade-guide-ha.html
*Feedback:*
I believe this is in... Steve Y
04:39 PM Regression #15094 (Resolved): Updates fail against an authenticated upstream proxy: When an upstream authenticated proxy is defined pkg commands fail, appearing to use the defined proxy but not send lo... Steve Wheeler
01:34 PM Bug #15092 (Not a Bug): OPT*_NETWORK tables are showing in Diagnostics - Tables: The page lists all PF tables, and those are now handled as PF tables. Hiding them would be counterintuitive as users ... Jim Pingle
10:52 AM Bug #15092 (Not a Bug): OPT*_NETWORK tables are showing in Diagnostics - Tables: After upgrading to 2.7.2 (or 2.7.1, not sure exactly when it started) a lot of "subnets of this interface" objects ap... Oleksii Tucha
01:31 PM Bug #15093 (Duplicate): Unable to install update 2.7.2 due to EFI error: Duplicate of #15081 Jim Pingle
11:59 AM Bug #15093 (Duplicate): Unable to install update 2.7.2 due to EFI error: Hi there,
I'm trying to install v2.7.2 on out PFSense Firewall, unforunately #15007 seems to have introduced a pr... Lukas Fülling
10:56 AM Bug #15081: Upgrade fails due to undersized EFI filesystem: Do old efifat images match well-known hashes? If so, look for a partition matching the hash (maybe a bunch of differe... Luca Piccirillo
10:44 AM pfSense Packages Feature #15091 (New): FRR, add the ability to change the order of BGP neighbours: Hi!
I currently have over 20 bgp peers, and it's getting awkward to add new peers to an existing group as they app... Oleksii Tucha

12/13/2023

09:10 PM Regression #15074: ISO fails to boot UEFI: Jim Pingle wrote in #note-1:
> Also note that adding a serial port to the VM hardware in Proxmox VE works around the... Phil Duby
06:52 PM pfSense Packages Feature #9833: ACME: add ability to use custom ACME server: +1 also. Stephen Nelson
03:57 PM Bug #15043: IGMP proxy works intermittently: Hi Kristof, there have been quite some igmpproxy regressions in the past releases. I’m always anxious when applying a... Haraldinho D
01:17 PM Bug #15043: IGMP proxy works intermittently: Okay, thanks for confirming.
The relevant fixes are:
https://reviews.freebsd.org/D43031
https://reviews.freebsd.... Kristof Provost
01:49 PM Feature #15090 (New): Improve feedback from config recovery during install: When you run the recover config option during an install there is little to no feedback to the user. It's not clear w... Steve Wheeler
07:51 AM Regression #15005 (Resolved): Auto Config Backup times are incorrect: Yep, I can confirm it's working as expected on 23.09.1.
I am marking this ticket resolved. Danilo Zrenjanin
12:54 AM Regression #15005 (Feedback): Auto Config Backup times are incorrect: The ACB server is now using the expected timezone. Backups report the correct time.
Tested: 23.09.1 Steve Wheeler

12/12/2023

10:46 PM Feature #15089: Support LuaDNS provider: I've opened a pull request in Github; https://github.com/pfsense/pfsense/pull/4663 Aaron Sierra
10:44 PM Feature #15089 (Resolved): Support LuaDNS provider: "LuaDNS":https://luadns.com is supported by the *acme* package, so it would be nice if it were also supported as a Dy... Aaron Sierra
09:52 PM Bug #15057: Router Advertisement daemon does not prioritize IPv6 GUA over ULA: I'm not able to replicate this on 23.09 (should be the same as 2.7.1 for this issue). Regardless of whether the ULA c... Marcos M
07:43 PM pfSense Packages Bug #15088 (Confirmed): BIND does not start after a config restore: Steps:
# Fresh install of pfSense+ 23.09.1
# Install bind package
# Restore a config backup with bind configuratio... Marcos M
07:36 PM Bug #15043: IGMP proxy works intermittently: Kristof Provost wrote in #note-18:
> I believe I've found the reason we don't send an igmp leave when we should, alo... Rai Wol
06:45 PM Bug #15043: IGMP proxy works intermittently: !clipboard-202312121942-zfdcl.png!
Seems to work like a charm!! No more streams that stop and it also shows in the... Haraldinho D
06:16 PM Bug #15043: IGMP proxy works intermittently: I believe I've found the reason we don't send an igmp leave when we should, along with the cleanup improvements for M... Kristof Provost
09:49 AM Bug #15043: IGMP proxy works intermittently: Kristof, I sent logs on rc.newwanip occurrence per email. Haraldinho D
09:27 AM Bug #15043: IGMP proxy works intermittently: It's also not clear to me why igmpproxy shuts down.
The only thing I can think of right now is that there's a new ... Kristof Provost
09:09 AM Bug #15043: IGMP proxy works intermittently: Haraldinho D wrote in #note-14:
> I have pfSense+ 23.09.1, not 2.7.2, so probably this patch is not for me... Can yo... Kristof Provost
07:22 PM Feature #15073 (Rejected): FEATURE REQUEST: Ability at assign authenticated NTP settings under User manager separate from just NTP settings to hide keys: I don't think the benefit of this is worth the effort and technical debt. Marcos M
05:22 PM Bug #15087 (New): IPsec Keep Alive does not update the gateway status: If the IPsec gateway status is pending (e.g. on a VTI after bootup when the remote peer is an FQDN), the keep alive c... Marcos M
01:22 PM pfSense Packages Bug #15086 (Rejected): openvpn-client-export 1.9.2 | Viscosity Bundle | ECDSA cert missing key: Export VPN cert/settings as viscosity bundle do not include the key.key if the cert is ECDSA / secp521r1.
If the c... slu -
09:16 AM pfSense Packages Bug #14668: FRR BGP route is not making into kernel route table after WireGuard's peer change is applied: CE 2.7.2, FRR 2.0.2_1 (frr9-9.0.2), WireGuard 0.2.1 - still the same. Oleksii Tucha
09:10 AM pfSense Packages Feature #14878: Integrated syslog support: Unfortunately I cannot code myself, so I have to ask for changes in detail instead. I think the solution should be ma... Tue Madsen
06:01 AM Feature #8794: NTP authentication support: Just to confirm Marcos M, I could not use NTP authentication direct for NIST.GOV without the two part key entry, with... Jonathan Lee
01:10 AM Feature #8794: NTP authentication support: Some general notes:
* The authentication key is only supported with the @peer@ and @server@ types according to the "m... Marcos M
04:43 AM Regression #14987: ``Interface Address`` is no longer an option for outbound NAT targets: I am running 23.09.1. The Tailscale address is still missing from the pull-down menu in the translation section. In t... Chad Wagner
04:28 AM Regression #14987: ``Interface Address`` is no longer an option for outbound NAT targets: UPDATE:
I see the Tailscale interface has now been added back in 23.09.1
Please update the ticket to let us know ... Mike Moore
04:25 AM Regression #14987: ``Interface Address`` is no longer an option for outbound NAT targets: I second this issue. Is there a workaround.
If you are using tailscale to set a Site2Site VPN then traffic leaving t... Mike Moore
02:22 AM Regression #14987: ``Interface Address`` is no longer an option for outbound NAT targets: Is there a workaround until this gets fixed? Chad Wagner

12/11/2023

08:19 PM pfSense Packages Bug #11970: Netgate Firmware Upgrade Doesn't Work on XG-2758 (ADI/coreboot): Jordan G wrote in #note-3:
> user reporting fw upgrade failing on 7100 @ 23.09.1 (ref # 2156023693)
>
> [...]
... Marcos M
08:02 PM Bug #15043: IGMP proxy works intermittently: I have pfSense+ 23.09.1, not 2.7.2, so probably this patch is not for me... Can you build one for 23.09.1? Haraldinho D
07:55 PM Bug #15043: IGMP proxy works intermittently: Kristof Provost wrote in #note-12:
> Backup your device, download the pkg file to it, "pkg install -U pfSense-kernel... Rai Wol
07:50 PM Bug #15043: IGMP proxy works intermittently: Backup your device, download the pkg file to it, "pkg install -U pfSense-kernel-pfSense-2.7.2.r.20231211.1745.pkg" an... Kristof Provost
07:41 PM Bug #15043: IGMP proxy works intermittently: Hey Kristof, I just sent you some additional logs + the netstat -gs output as well in your email. Happy to try the pa... Haraldinho D
07:08 PM Bug #15043: IGMP proxy works intermittently: Here's that patched kernel: https://nc.netgate.com/nextcloud/index.php/s/L9ERQHXbtygQHrt
Can someone try that one ... Kristof Provost
02:09 PM Bug #15043: IGMP proxy works intermittently: netstat -gs might be interesting too.
Looking at the igmpproxy log there appear to be two things going on. The fir... Kristof Provost
07:42 PM Feature #15085: Update /etc/rc.initial to reflect default root shell /bin/sh: I think this would benefit the user base because sh has many of the features of bash now and people are familiar with... Craig Coonrad
07:25 PM Feature #15085 (Rejected): Update /etc/rc.initial to reflect default root shell /bin/sh: We chose tcsh for a reason there. We weren't following FreeBSD. The previous default was csh, not tcsh. Jim Pingle
07:22 PM Feature #15085 (Rejected): Update /etc/rc.initial to reflect default root shell /bin/sh: /bin/sh is now the default root shell in FreeBSD (and pfSense.)... Craig Coonrad
06:54 PM Bug #15082: Upgrade fails due to unmounted EFI filesystem: It appears this isn't actually fixing what the users thought it was. By manually mounting the partition it caused the... Jim Pingle
02:10 PM Bug #15082 (Closed): Upgrade fails due to unmounted EFI filesystem: This may be related to #15081 but it's not definite.
Some upgrades have failed in pfSense-boot if the EFI partitio... Jim Pingle
06:25 PM pfSense Packages Bug #15033 (Resolved): Suricata rule lists can't be manually updated unless the ETOpen Emerging Threats list is enabled: PRs merged, thanks! Jim Pingle
06:24 PM pfSense Packages Bug #15080 (Resolved): Suricata process dying due to Hyperscan error - also may randomly segfault: PRs merged, thanks! Jim Pingle
06:24 PM pfSense Packages Bug #14898 (Resolved): Suricata core dumps with signal 11: PRs merged, thanks! Jim Pingle
05:59 PM pfSense Packages Regression #14189: pfBlocker-NG: HA-Sync is not working: comparing:
https://github.com/pfsense/FreeBSD-ports/blob/734989ab5809fe5c7bde23a240e717da656775ac/net/pfSense-pkg-pf... Steve Y
05:23 PM Bug #15083: Installing to ZFS mirror does not format or populate EFI partition on additional disks: Note that this is not specific to pfSense, the problem also exists in FreeBSD. There is a review in progress to addre... Jim Pingle
04:28 PM Bug #15083 (Resolved): Installing to ZFS mirror does not format or populate EFI partition on additional disks: Installing Plus 23.09.1 or CE 2.7.2 to a ZFS mirror does not format or populate the EFI partition on the additional d... Jim Pingle
05:19 PM Feature #15079: Remove spaces from filenames generated by status.php: Every file in the status output has one or more dashes except one: Config History.txt. This change makes that consist... Craig Coonrad
01:31 PM Feature #15079 (Rejected): Remove spaces from filenames generated by status.php: I don't see the value in this. Properly quoting filenames or escaping spaces is trivial in this day and age, and chan... Jim Pingle
04:56 PM Bug #15084 (Resolved): Upgrading an EFI system installed to ZFS mirror does not upgrade EFI loader on additional disks: When an EFI system installed to a ZFS mirror is upgraded, the EFI loader is only updated on the first disk of the mir... Jim Pingle
02:01 PM Bug #15081 (New): Upgrade fails due to undersized EFI filesystem: Some installations as recent as Plus 22.01 / CE 2.6.0 have EFI partitions that were created and/or populated by the o... Jim Pingle

12/10/2023

10:11 PM pfSense Packages Bug #11970: Netgate Firmware Upgrade Doesn't Work on XG-2758 (ADI/coreboot): user reporting fw upgrade failing on 7100 @ 23.09.1 (ref # 2156023693)... Jordan G
06:38 PM pfSense Packages Bug #15033: Suricata rule lists can't be manually updated unless the ETOpen Emerging Threats list is enabled: A fix for this issue has been submitted via this pull request against the RELENG_2_7_2 branch: https://redmine.pfsens... Bill Meeks
04:38 PM Feature #6362: Allow specifying the client identifier hardware type: Still present in rel. 2.7.1
The bug have been persisting on all releases in the last 7 years.
While I'm grateful to... Carlo Tognetti
11:45 AM Bug #15043: IGMP proxy works intermittently: If required I can deliver data too. I also suffer from this issue, but as I don't watch a lot of linear TV, I have 23... Haraldinho D
10:49 AM pfSense Packages Feature #14878: Integrated syslog support: I completely agree. The lack of integrated SYSLOG support (independent of local pfBlockerNG logging) is a MAJOR drawb... Tue Madsen
04:55 AM pfSense Packages Bug #14898: Suricata core dumps with signal 11: Pull request 1333 for the RELENG_2_7_2 branch of FreeBSD-ports has been submitted to address this issue.
https://git... Bill Meeks
04:55 AM pfSense Packages Bug #14491: FRR not starting with AgentX enabled: Mike Moore wrote in #note-10:
> Found a use case for AgentX and ran into the frr start.
>
> Jim - i see the targe... Jim Pingle
04:52 AM pfSense Packages Bug #14491: FRR not starting with AgentX enabled: Found a use case for AgentX and ran into the frr start.
Jim - i see the target versions have been deleted. Does th... Mike Moore
04:50 AM pfSense Packages Bug #15080: Suricata process dying due to Hyperscan error - also may randomly segfault: Pull request 1333 for the RELENG_2_7_2 branch of FreeBSD-ports has been submitted to address this issue.
https://git... Bill Meeks
04:31 AM pfSense Packages Bug #15080 (Resolved): Suricata process dying due to Hyperscan error - also may randomly segfault: Several users on the Netgate Forum are reporting random issues with Suricata failing due to the following Hyperscan e... Bill Meeks
01:18 AM pfSense Packages Todo #14073: Shalla block list is offline but still available in pfBlocker: This is an issue on the pfSense Plus 23.09.X branch still. Kris Phillips
01:16 AM pfSense Packages Bug #13810 (Rejected): Squid options obsolete: Marking this as Rejected since Squid is being deprecated and removed in a future version of pfSense CE and Plus. Kris Phillips
01:14 AM pfSense Packages Feature #14447 (Resolved): Update haproxy from 2.6 to 2.8 lts: Marking this as resolved. pfSense Plus 23.09 and 23.09.1 both have haproxy 2.8.2 for the backend on stable. Kris Phillips
01:09 AM pfSense Plus Bug #15006: Upgrade Issue to 23.09 Results in Stuck Prompt Mid-upgrade: This seems to be present with 23.09.1 as well. Kris Phillips
12:38 AM Bug #14261: Trim white space in a DHCP Leases page search field: Updated merge request to reflect feedback and to only trim on values where a space doesn't make sense. Christopher Cope
12:01 AM Bug #14989 (Pull Request Review): Typo in the Setup Wizard: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/1110 Christopher Cope

12/09/2023

10:41 PM Regression #14930: Clean installation using Auto (ZFS) + MBR (BIOS) does not boot: Christian McDonald wrote in #note-2:
> Yes, I proposed a fix for this upstream. I’ll poke the right people again
... Boycee .
07:39 PM Feature #15079 (Rejected): Remove spaces from filenames generated by status.php: This eases filename expansion on the command line, and simplifies iterating over the files with commands or scripts. ... Craig Coonrad
06:59 PM Bug #14634: The default gateway icon is not updated when the default gateway is changed to none: The icon stays for me, when the default route is set to none. The changes were already applied and even after a reboo... Christopher Cope
03:37 PM Feature #15078 (New): Display all available updates on the dashboard: The available update information in the System Info widget should display all available upgrades.
Currently a devi... Steve Wheeler
10:38 AM Bug #15069 (Resolved): Extra space in ``pkg`` configuration file ``FreeBSD.conf``: Tested the patch.
It removes the extra space.
Marking this case resolved. Danilo Zrenjanin
09:49 AM Bug #15043: IGMP proxy works intermittently: I've ran the test.
The logs are included during my test time.
Also the netstat results are included.
Hope this ... Remie van de Zande
09:14 AM Todo #13268 (Resolved): Dynamically adjust the interface name maximum width in the login banner: Tested the patch on the 23.09.1
It looks good.
I am marking this case resolved. Danilo Zrenjanin
07:41 AM Bug #15071: Applying interface changes may not update default ACLs for the DNS Resolver: Tested the patch on ... Lev Prokofev
07:38 AM Bug #15071 (Resolved): Applying interface changes may not update default ACLs for the DNS Resolver: Tested the patch on 23.09.
The patch fixes all reported misbehavior.
I am marking this ticket reslvoed. Danilo Zrenjanin

12/08/2023

10:25 PM Regression #15076 (Feedback): DHCP leases may not be restored from older configuration backups: Applied in changeset commit:192dba691e8441b7794482c3a196bed3422ee6ce. Marcos M
10:17 PM Regression #15076 (Pull Request Review): DHCP leases may not be restored from older configuration backups: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/1109 Marcos M
05:29 PM Regression #15076 (Resolved): DHCP leases may not be restored from older configuration backups: I noticed a '{' folder in /usr/local/www/ .
Drilling down, I find this file: "/usr/local/www/{/var/dhcpd/var/db/dh... Matthew Fearnley
09:55 PM Revision 192dba69: Handle backuppath entries with multiple paths. Fix #15076: Marcos M
07:58 PM Bug #15042: Potential TCP connection denial of service attack from spoofed RST packets processed by PF: This has been announced by FreeBSD as "FreeBSD-SA-23:17.pf":https://www.freebsd.org/security/advisories/FreeBSD-SA-23... Jim Pingle
07:10 PM Bug #15067 (Feedback): Secondary node attempts to delete the ``admins`` group when synchronizing accounts via XMLRPC: Applied in changeset commit:3e0facb20fa46a13bf7b70d6ddb1970b00485eb2. Marcos M
06:59 PM Revision 3e0facb2: Fix off-by-one error when checking for system uid/gid. Fix #15067: Marcos M
06:38 PM Bug #15077 (Duplicate): Uncaught TypeError: Illegal offset type in /usr/local/www/interfaces.php:1996: Duplicate of #14949 -- already fixed in patches, and also in 23.09.1/2.7.2
Jim Pingle
06:29 PM Bug #15077 (Duplicate): Uncaught TypeError: Illegal offset type in /usr/local/www/interfaces.php:1996: After configuring the switch in my Netgate 2100 to put connector 4 of the LAN ports onto VLAN 4084,
I added a new in... John Messenger
06:29 PM Bug #15071 (Feedback): Applying interface changes may not update default ACLs for the DNS Resolver: Fixed in fbc8d7d04dc5f7cbec65381b81dc5f4eed06a714. Marcos M
06:19 PM Revision fbc8d7d0: Check "all" when restarting unbound based on interface. Fix #15071: Marcos M
04:37 PM pfSense Packages Todo #15058 (Feedback): Remove Zabbix 4 Agent and Proxy: Zabbix 4 is EoL upstream Brad Davis
04:34 PM pfSense Packages Bug #14913 (Feedback): [Security] Zabbix packages need updating bec. of recent critical security CVEs: Done in 23.09.1 and 2.7.2 Brad Davis
04:33 PM Revision c0f95035: Retire Zabbix 4 now that they are EoL: Brad Davis
03:46 PM Revision b8c13d95: Use the correct fontawesome icon prefix: Marcos M

12/07/2023

10:42 PM pfSense Docs Correction #15075: Changing MSS for IPsec: Also the other popular VPN - OpenVPN - has their own way of changing MTU and MSS which should be added to the same do... Mike Moore
10:40 PM pfSense Docs Correction #15075 (Closed): Changing MSS for IPsec: The documentation states to change MSS for IPsec: https://docs.netgate.com/pfsense/en/latest/troubleshooting/low-thro... Mike Moore
06:52 PM pfSense Packages Feature #15072: [pfBlockerNG] RFE: Add ability to disable reverse DNS lookup for log entries: I've filed some initial work here: https://github.com/pfsense/FreeBSD-ports/pull/1331 Orion Poplawski
12:12 AM pfSense Packages Feature #15072 (New): [pfBlockerNG] RFE: Add ability to disable reverse DNS lookup for log entries: Currently pfBlockerNG logs the result of a reverse DNS lookup for a block IP address to ip_block.log and unified.log.... Orion Poplawski
06:03 PM Bug #13707: Unbound not binding to LAN on startup when explicitly set: I would like to help tshoot this issue but not here. Forums
As already stated this isnt the place for this and loggi... Mike Moore
04:03 PM Bug #13707: Unbound not binding to LAN on startup when explicitly set: I am seeing this same issue on a typical setup with a Netgate 4100 (pfSense 23.09) and a Comcast Business modem with ... Anthony Gentile
05:55 PM Bug #15067 (Confirmed): Secondary node attempts to delete the ``admins`` group when synchronizing accounts via XMLRPC: A few notes after confirming this happens for me as well:
* The secondary node does have an @admins@ group in @/et... Jim Pingle
05:44 PM Regression #15074: ISO fails to boot UEFI: Also note that adding a serial port to the VM hardware in Proxmox VE works around the issue. VMs with a serial port p... Jim Pingle
04:41 PM Regression #15074 (New): ISO fails to boot UEFI: In some cases the ISO image can fail to boot past the EFI framebuffer output when booted as UEFI.
It does not happ... Steve Wheeler
02:47 PM Bug #14929 (Resolved): ``choparp`` service is not stopped after deleting Proxy ARP type Virtual IP addresses: I couldn't replicate the issue in 23.09.
I am marking this ticket as resolved. Danilo Zrenjanin
01:11 PM Bug #15043: IGMP proxy works intermittently: MRT_DEL_MFC; Errno(49) is interesting. error 49 is EADDRNOTAVAIL, which can only be returned (for MRT_DEL_MFC at lea... Kristof Provost
12:20 AM Feature #15073 (Rejected): FEATURE REQUEST: Ability at assign authenticated NTP settings under User manager separate from just NTP settings to hide keys: A good patch has been developed by A1Mathew
https://forum.netgate.com/topic/162746/authenicated-ntp/28
https:/... Jonathan Lee

12/06/2023

08:09 PM Revision 5060f7cf: Promote to 2.7.2-RELEASE: Brad Davis
05:38 PM Bug #15071: Applying interface changes may not update default ACLs for the DNS Resolver: Steve Wheeler wrote in #note-1:
> Resaving the Unbound config in the gui correctly creates the ACL file with the new... Jim Pingle
05:22 PM Bug #15071: Applying interface changes may not update default ACLs for the DNS Resolver: Resaving the Unbound config in the gui correctly creates the ACL file with the new subnet.
It appears to not be tr... Steve Wheeler
05:19 PM Bug #15071 (Resolved): Applying interface changes may not update default ACLs for the DNS Resolver: To reproduce:
1. Base install of pfSense Plus 23.09 with 1 LAN and 1 WAN
2. Activate an OPT interface and give it... George Phillips
02:10 PM Bug #15069 (Feedback): Extra space in ``pkg`` configuration file ``FreeBSD.conf``: Applied in changeset commit:ea161f3bbb1748807e9829e995b8485d42a046e9. Jim Pingle
02:04 PM Revision ea161f3b: Remove bonus space. Fixes #15069: Jim Pingle
05:22 AM pfSense Plus Feature #15070: Script to fix: ld-elf.so.1: Shared object "libssl.so.30" not found, required by "pfSense-repoc" error when downgrading boot environments: WARNING: DTB version is 6.4 while kernel expects 5.13, please update the DTB in the ESP
is also displayed when dow... Jonathan Lee
05:14 AM pfSense Plus Feature #15070 (New): Script to fix: ld-elf.so.1: Shared object "libssl.so.30" not found, required by "pfSense-repoc" error when downgrading boot environments: When using boot environments to move system back a version to last stable version users can no longer check for updat... Jonathan Lee
05:20 AM Feature #13377: Option to configure a custom value for the PHP memory limit: What is recommended for SG-2100MAX with 23.05.01 in use I can't remember I was using 128 I think but you guys are sho... Jonathan Lee
04:42 AM pfSense Packages Todo #15058: Remove Zabbix 4 Agent and Proxy: Is there a reason for it to be removed?
Jonathan Lee
04:35 AM Feature #8794: NTP authentication support: Thanks Matthew and Lamar I have confirmed this works as expected with GUI entry in pfSense Plus also patch needs to s... Jonathan Lee

12/05/2023

10:37 PM Bug #15069 (Resolved): Extra space in ``pkg`` configuration file ``FreeBSD.conf``: This is a small, non-impactful file format issue.
/usr/local/etc/pkg/repos/FreeBSD.conf... Craig Coonrad
10:36 PM Feature #15068 (New): Show if an alias is currently in use: I would like to check if it is possible to include in a future release the ability to see if an alias is being used i... Marcelo Cury
08:40 PM Bug #15067 (Resolved): Secondary node attempts to delete the ``admins`` group when synchronizing accounts via XMLRPC: Version: 23.09-RELEASE
Error message:... Craig Coonrad
07:58 PM Bug #15043: IGMP proxy works intermittently: I did a compare on the LAN and the WAN interface after changing TV channel. On the LAN interface I see a IGMP leave g... Rai Wol
07:35 PM Bug #15066: PHP allocation failure in pfsense-utils.inc: Jim Pingle wrote in #note-1:
> That function is used in a variety of places, including several dashboard widgets, th... Alex Rosenberg
07:25 PM Bug #15066 (Feedback): PHP allocation failure in pfsense-utils.inc: It's failing on a line in @get_interface_info()@ where it is running a command to get pf statistics:... Jim Pingle
07:13 PM Bug #15066 (Duplicate): PHP allocation failure in pfsense-utils.inc: Plus 23.09 has been running without issue for some time until this crash report yesterday. No configuration changes o... Alex Rosenberg
07:27 PM Bug #15065 (Duplicate): igmpproxy works very unreliable, needs frequent restarts to watch television: Duplicate of #15043 -- we don't need two issues if it affects both, the original issue can be changed to note that. Jim Pingle
07:18 PM Bug #15065: igmpproxy works very unreliable, needs frequent restarts to watch television: I experience the same behavior on my SG3100 with 23.09. A fix would be highly appreciated.
Cornel van Mastrigt
06:03 PM Bug #15065 (Duplicate): igmpproxy works very unreliable, needs frequent restarts to watch television: Since upgrade to 23.09 igmpproxy works very unreliably.
When watching television the gateway logs produces the follo... Remie van de Zande
05:20 PM Bug #13226 (Feedback): Disconnecting a user from Captive Portal may allow previously established connections to continue: Marcos M
04:44 PM Feature #11556: Kill states using the pre-NAT address: https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/381
The php pfSense module has been updated to imp... Marcos M
04:43 PM Feature #11556 (Feedback): Kill states using the pre-NAT address: Marcos M
03:34 PM Bug #15060: LDAP bind fails when authentication servers use different CA chains: As per Support reply to my #2138801585 ticket: "Unfortunately, what you are seeing is a limitation of the underlying ... Giovanni Vecchi
10:50 AM pfSense Packages Regression #15064 (Confirmed): Statis menu entry for APCUPSD leads to settings page, not status: if you call services/apcupsd in the gui you get the same result as if you call status/apcupsd. Both time you get the ... odo maitre

12/04/2023

07:32 PM Bug #15063 (Confirmed): vpn_openvpn_server.php: shows last used interface, after changing to multihome: How to reproduce:
1. Create openvpn server with interface "WAN" and protocol "UDP on IPv4 only"
2. Save config and ... Grischa Zengel
07:16 PM Bug #15062 (New): cert_get_all_services doesn't check for unbound cert usage: cert_get_all_services in utils.inc doesn't look to see if unbound is using the referenced cert.
https://github.com/p... Josh Stompro
07:11 PM Bug #15057: Router Advertisement daemon does not prioritize IPv6 GUA over ULA: Marcos M wrote in #note-1:
> Try this patch (apply with the system patches package):
> {{collapse
> [...]
> }}
... Mathis Cavalli
05:57 PM pfSense Packages Bug #15061 (New): acme.sh nsupdate with challengealias is failing in certain cases: When using nsupdate with challengealias the wrong filename is used, therefore the script fails.... Seyfidin Hamraoui
05:40 PM Regression #14059 (Not a Bug): Old states are still used after a route change: Related: https://redmine.pfsense.org/issues/14630, https://redmine.pfsense.org/issues/15140
It seems like some sort ... Marcos M
05:38 PM pfSense Packages Feature #14630 (New): FRR script hook for clearing states on routing changes: Marcos M
04:25 PM pfSense Packages Feature #14630 (Duplicate): FRR script hook for clearing states on routing changes: Though the behavior can be worked around in FRR specifically with a script hook, the issue itself is more general and... Marcos M
04:26 PM Bug #15060 (New): LDAP bind fails when authentication servers use different CA chains: The goal is to have 2 separate ldap databases, one for GUI/System authentication and one for OpenVPN authentication: ... Giovanni Vecchi
04:00 PM Todo #13268 (Feedback): Dynamically adjust the interface name maximum width in the login banner: Applied in changeset commit:f15e8e4fb1db624c04eeda8671c6b7fb34a87b03. Marcos M
03:52 PM Revision f15e8e4f: Dynamically adjust login banner interface max width. Fix #13268: Marcos M
03:50 PM Bug #14967 (Feedback): Cannot disable Router Advertisements when the interface IPv6 configuration is set to ``None``: Applied in changeset commit:0e5dec1906fc62e779321f688c35fdff1add2093. Marcos M
03:46 PM Revision b68e0c0c: Consolidate shaper input validation: Remove the duplicate function and integrate it with the rest of the
validate_input() methods.
do_input_validation() i... Marcos M
03:38 PM Revision 0e5dec19: Allow disabling RA with no IPv6 config on the interface. Fix #14967: Marcos M
03:35 PM Feature #14728: Support for CD/DVD drives in the External Configuration Locator (ECL): Applied in changeset commit:16e4d50ad554433d6d8f92a5b607de47a176d68c. Christopher Cope
03:31 PM Feature #14728 (Feedback): Support for CD/DVD drives in the External Configuration Locator (ECL): Marcos M
03:10 PM Feature #14762: Support X25519 and X448 public key algorithms in certificates: See also: https://forum.netgate.com/post/1124620 Jim Pingle
03:08 PM Feature #15059 (Duplicate): openvpn server ed25519 certificate: Duplicate of #14762 Jim Pingle

12/03/2023

05:33 PM Feature #15059 (Duplicate): openvpn server ed25519 certificate: OpenVPN server web-page will not list in the drop-down for Server certificates, a properly imported certificate, if t... Fold right
05:19 PM pfSense Packages Regression #14452: Prometheus node_exporter generates errors with the default config: I enabled FreeBSD repos on 23.09 and installed node_exporter-1.6.1. Same error, does not resolve the issue. Craig Coonrad
01:31 AM pfSense Packages Todo #15058 (Resolved): Remove Zabbix 4 Agent and Proxy: Zabbix 4 is EOL and the packages will be removed upstream in a few weeks. We should remove these from the repos in a... Kris Phillips
01:24 AM pfSense Packages Bug #14913: [Security] Zabbix packages need updating bec. of recent critical security CVEs: There are also updated versions of zabbix-agent6, zabbix-proxy6, zabbix-agent5, zabbix-proxy5, zabbix-agent4, zabbix-... Kris Phillips
01:07 AM pfSense Packages Bug #14913 (Confirmed): [Security] Zabbix packages need updating bec. of recent critical security CVEs: Confirmed that the version in Plus 23.09, 23.09.1, and 2.7.X are all the vulnerable 6.4.5 version.
Freshports has ... Kris Phillips
01:10 AM pfSense Packages Bug #14926 (Rejected): Squid Proxy contains critical vulnerabilities: Squid is deprecated as a package in pfSense CE and Plus. It's recommended that users remove this package as soon as ... Kris Phillips
12:56 AM pfSense Packages Feature #14999 (Rejected): Feature Request: Update Squid Package to Version 6.5 this was released on updated Nov 6: Squid is planned to be removed as an available package in the next version of pfSense CE and Plus.
https://www.n... Kris Phillips
12:36 AM Feature #14728 (Pull Request Review): Support for CD/DVD drives in the External Configuration Locator (ECL): Christopher Cope
12:20 AM Feature #14728: Support for CD/DVD drives in the External Configuration Locator (ECL): https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/1107 Christopher Cope
12:12 AM Revision 16e4d50a: etc/rc.ecl: Update CD/DVD logic. Fixes #14728: Christopher Cope

12/02/2023

11:33 PM Feature #14728 (In Progress): Support for CD/DVD drives in the External Configuration Locator (ECL): Tested on... Christopher Cope
10:50 PM Regression #15005: Auto Config Backup times are incorrect: confirmed, if I make a backup now @ 16:50 the restore page shows the time stamp as 22:50. likewise my scheduled backu... Jordan G
10:24 PM Bug #14167: Auto Config Backup: Selected manual backups are not retained.: on 23.09 ACB adheres to the max entered under settings>manual backups to keep Jordan G
10:11 PM Bug #14967: Cannot disable Router Advertisements when the interface IPv6 configuration is set to ``None``: above patch seems to be effective on 23.09, prevents being caught in a loop of no IPv6, cannot disable RA, rinse, repeat Jordan G
05:22 PM Bug #15057 (Feedback): Router Advertisement daemon does not prioritize IPv6 GUA over ULA: Try this patch (apply with the system patches package):
{{collapse... Marcos M
06:39 AM Bug #15057 (Resolved): Router Advertisement daemon does not prioritize IPv6 GUA over ULA: When saving or reloading radvd service, the conf file is regenerated
If the interface has a public track interface a... Mathis Cavalli
03:30 AM pfSense Packages Bug #14523: PHP error when using an unsupported alias type in Advanced Rule Settings: I have narrowed it down to situation where 'Custom Source' alias name cannot be saved when using 'Host' type aliases ... Sengor K

12/01/2023

09:26 PM Bug #15007 (Closed): pfSense-boot does not update the EFI loader: Jim Pingle
08:32 PM pfSense Packages Feature #15056: Feature Request: Donate to Package Maintainer Button: https://forum.netgate.com/topic/184100/how-are-packages-supported
Lots of talk has started on this today, and man... Jonathan Lee
08:31 PM pfSense Packages Feature #15056 (New): Feature Request: Donate to Package Maintainer Button: Maybe the packages, should have a button so donate button to send some money to maintainers. I recently learned that ... Jonathan Lee
08:07 PM Bug #15042 (Resolved): Potential TCP connection denial of service attack from spoofed RST packets processed by PF: The behavior seems to be correct on current snapshots. On snapshots before the fix it would fall into time_wait every... Jim Pingle
07:20 PM Bug #14917 (Closed): Mulicast traffic on a detached interface causes a panic: The original issue here is rare and difficult to reproduce, only affecting a small number of users. Since we don't ha... Jim Pingle
07:18 PM Feature #14887 (Closed): Add an appropriately named file to install images to indicate what they are: The Plus 23.09 and CE 2.7.2 images I've checked all seem to be OK. They each only have one file and it's appropriatel... Jim Pingle
06:52 PM Todo #15055 (Resolved): Allow the dashboard update widget to show new versions separately from the update page: Marcos M
06:26 PM Todo #10464 (Closed): Don't change the current update repo when new releases are available: Marcos M
05:15 PM pfSense Plus Bug #15040: ld-elf.so.1: Shared object "libssl.so.30" not found, required by "pfSense-repoc": stephenw10 fixed my issue with the linked library Boot Environment issue for plus
pkg-static upgrade -f pfSense-repoc Jonathan Lee
04:45 PM pfSense Plus Bug #15040: ld-elf.so.1: Shared object "libssl.so.30" not found, required by "pfSense-repoc": This is plus with use of Boot environments Jonathan Lee
04:45 PM Bug #11452: pkg breakage related to yet to be installed 21.02 base system: https://redmine.pfsense.org/issues/15040 Jonathan Lee
04:24 PM Bug #14978 (Resolved): PHP error on ``services_dhcpv6.php`` if the configuration contains an empty ``dhcpv6`` section: That is normal if you don't fix the range after switching from tracked to static. The default values for tracked rang... Jim Pingle
04:18 PM Todo #15050 (Resolved): Update strongSwan to 5.9.11_3: This version is present in RC builds and appears to be operating normally. Jim Pingle
04:18 PM Todo #15049 (Resolved): Update OpenVPN to 2.6.8_1: This version is present in RC builds and appears to be operating normally. Jim Pingle
01:23 PM Bug #15034: FreeBSD-EN-23:16.openzfs: Potential ZFS file corruption: FreeBSD released their errata notice for this: https://www.freebsd.org/security/advisories/FreeBSD-EN-23:16.openzfs.asc Jim Pingle
08:06 AM Bug #15043: IGMP proxy works intermittently: Martial G wrote in #note-1:
> Also applies to pfSense Plus version 23.09 according to this article: https://forum.ne... Remie van de Zande
07:52 AM Feature #8794: NTP authentication support: Added NTP Authentication key ID field to the GUI and config
https://github.com/pfsense/pfsense/pull/4658 Matthew Ray

11/30/2023

10:28 PM Revision 92573452: poudriere_bulk: remove frr8* and bump PHP to 8.3: Christian McDonald
08:28 PM Revision d8814ad6: Don't refresh the cache when visiting the update page. Fix #15055: Marcos M
08:25 PM Todo #15055 (Feedback): Allow the dashboard update widget to show new versions separately from the update page: Applied in changeset commit:cea9d2d02e49ea6bcac1b6bd0a00f1cf2a9d33e5. Marcos M
07:29 PM Todo #15055 (Resolved): Allow the dashboard update widget to show new versions separately from the update page: The update check on @System > Update@ (the update page) only checks within the selected branch, whereas the dashboar... Marcos M
07:33 PM Revision cea9d2d0: Don't refresh the cache when visiting the update page. Fix #15055: Marcos M
07:10 PM pfSense Docs Correction #15052 (Closed): SG-3100 reinstall procedure the image name is incorrect: Updated and deployed: https://gitlab.netgate.com/docs/pfsense-platforms/-/commit/4f3e78d209bf9da8eb60c3c8e4035dd943cc... Jim Pingle
10:48 AM pfSense Docs Correction #15052 (Closed): SG-3100 reinstall procedure the image name is incorrect: The docs says:... Danilo Zrenjanin
05:02 PM Bug #15054 (Resolved): Permissions on tmpfs RAM disk for ``/var`` are too lenient: The code in source:src/etc/rc.ramdisk_functions.sh#L133 configures any tmpfs RAM disk with @1777@ permissions, so bot... Jim Pingle
04:59 PM Todo #15053 (Closed): Update PHP to 8.3.x: Christian McDonald
04:52 PM Bug #15044 (Resolved): Route "Invalid argument" error during boot: Marking as resolved as the reproducer no longer fails:... Christian McDonald
04:41 PM Revision 63556af2: make.conf: move to PHP 8.3: Christian McDonald
01:57 PM Bug #14537: Nat Reflection changed behavior on pfsense 2.7: I have the same problem since I upgraded to 2.7.0 (also upgraded to 2.7.1 now, but the behavior is still the same).
I... Tobias D.
09:20 AM Bug #14917: Mulicast traffic on a detached interface causes a panic: The relevant commit has also been cherry-picked in 2.7.2 and 23.09.1. Kristof Provost
12:52 AM Regression #15051 (Not a Bug): Host(s) Aliases using Domains fail to resolve: A very similar issue to this bug which has already been resolved: https://redmine.pfsense.org/issues/14947 which rega... John Smith

11/29/2023

08:45 PM Bug #15044 (Feedback): Route "Invalid argument" error during boot: https://cgit.freebsd.org/src/commit/?id=f818559774cb0c1516364c4beca361480fd68b5b Christian McDonald
08:31 PM Bug #15042 (Feedback): Potential TCP connection denial of service attack from spoofed RST packets processed by PF: Kristof pushed a fix for this to the Plus 23.09.1 and CE 2.7.2 branches. Jim Pingle
08:15 PM Bug #15042: Potential TCP connection denial of service attack from spoofed RST packets processed by PF: Updating subject. This is not specific to NAT. Jim Pingle
06:12 PM Bug #15042: Potential TCP connection denial of service attack from spoofed RST packets processed by PF: (Copy of what I just sent to secteam@FreeBSD.org)
Netgate received a report that there’s an issue with pf’s sequen... Kristof Provost
08:27 PM pfSense Packages Regression #14452: Prometheus node_exporter generates errors with the default config: Still not working with pfSense 23.09 and node_exporter-1.5.0_6. I tested FreeBSD 14.0-RELEASE w/node_exporter-1.6.1. ... Craig Coonrad
07:51 PM pfSense Plus Bug #15017 (Incomplete): DHCP relay CARP status VIP function is not working in pfsense+ 23.09: I was not able to replicate this on 23.09 - toggling maintenance mode on/off on the master correctly stops/starts the... Marcos M
07:51 PM Todo #15050 (Feedback): Update strongSwan to 5.9.11_3: Commits to bring strongSwan up to 5.9.11_3 are in both Plus 23.09.1 and CE 2.7.2 branches
Need to verify the versi... Jim Pingle
06:45 PM Todo #15050 (Resolved): Update strongSwan to 5.9.11_3: Update the strongSwan port from 5.9.11_2 to 5.9.11_3 which brings in a patch to address a potential vulnerability in ... Jim Pingle
07:03 PM Todo #15049 (Feedback): Update OpenVPN to 2.6.8_1: Commits are in the ports tree, just need to validate that the correct version ends up in the next build(s) and operat... Jim Pingle
06:38 PM Todo #15049 (Resolved): Update OpenVPN to 2.6.8_1: OpenVPN released version 2.6.8 to address a segmentation fault in 2.6.7. At least one user on the forum has reported ... Jim Pingle
06:38 PM Todo #14985: Update OpenVPN to 2.6.7: Superseded by #15049 so no need to list it on 23.09.1 Jim Pingle
04:01 PM Bug #15034: FreeBSD-EN-23:16.openzfs: Potential ZFS file corruption: Two data corruption bugs were recently reported against ZFS, including the version provided with pfSense. The upstrea... Marcos M
03:30 PM pfSense Packages Bug #11802: FreeRADIUS sync: A checkbox list like the one under the system's High Availability setup interface would be ideal. This behavior chang... Ansley Barnes
11:23 AM pfSense Packages Bug #11802: FreeRADIUS sync: We're also hit by the same issue after pfSense upgrade, and that's pretty annoying. Our certificate configs are getti... Yury Zaytsev
02:21 PM Revision 99ea9c32: net/frr9: enable SNMP port option: Christian McDonald
09:47 AM pfSense Packages Bug #15048 (New): Snort large memory consumption when updating: Snort since the last updates uses a lot of memory when updating and it has a big impact. Can this be improved?
T... Ricardo ot
05:01 AM pfSense Packages Bug #14287: pfBlockerNG does not uninstall cleanly when using RAM disks: I wonder if this will fix the slow startup time for pfBlockerNG-dev with RAM disks enabled.
There's a long delay (... Loh Phat
01:26 AM pfSense Packages Bug #14491: FRR not starting with AgentX enabled: I see this issue is now assigned, just for reference here are some probably heavily related tickets:
https://gith... Yif Swery

11/28/2023

08:18 PM Bug #15034 (Resolved): FreeBSD-EN-23:16.openzfs: Potential ZFS file corruption: We imported a patch for this from upstream and we're planning on making patch releases with this and some other fixes... Jim Pingle
08:18 PM Bug #15044 (In Progress): Route "Invalid argument" error during boot: Christian McDonald
06:43 PM Bug #15044 (Resolved): Route "Invalid argument" error during boot: When booting 24.03, the following route error is shown on the console at different points - e.g.:... Marcos M
06:46 PM Revision 8446884a: Revert "Update version to 2.7.2-RC": This reverts commit fae35334d0fc1266c8b6bdc71d9feffac16338c1. Reid Linnemann
06:39 PM Revision 5588a42e: Correct ESP mount executed in a subshell. Fixes #15007: (cherry picked from commit 87ecf1c2da6e4a1b4964b1c0c0fc31a73b461a57) Reid Linnemann
06:37 PM Bug #15043: IGMP proxy works intermittently: Also applies to pfSense Plus version 23.09 according to this article: https://forum.netgate.com/topic/184360/igmp-pro... Martial G
06:32 PM Bug #15043 (Resolved): IGMP proxy works intermittently: The IGMP proxy no longer works reliably after the update to 2.7.1. Channels that are no longer watched continue to be... Martial G
05:54 PM Bug #15042 (Resolved): Potential TCP connection denial of service attack from spoofed RST packets processed by PF: There is a report (attached) that claims that a third party attacker can send TCP RST packets with a spoofed source a... Jim Pingle
05:03 PM Regression #14970: Static ARP assignments lose ``permanent`` flag in ARP table: Denny Page wrote:
> Arp flips back and forth between reporting static arp entries as permanent or having timeouts wi... Johan Belmans
04:55 PM Bug #14990 (Resolved): IPsec log categories set to "Audit" do not function properly or save properly in the GUI: Working as expected on current 24.03 snapshots Jim Pingle
04:37 PM pfSense Plus Bug #15017: DHCP relay CARP status VIP function is not working in pfsense+ 23.09: OK, this is much more serious than it first looks, if you enter to CARP failover mode then leave CARP failover mode o... Robert Karsai
03:41 PM Bug #15041: Icmp payload default of 0 can give issues as this is not a official supported value as monitoring of a gateway.: To be extra certain I ran a packet capture of a monitoring ping on a default install and confirmed the size is 1 byte... Jim Pingle
03:36 PM Bug #15041 (Not a Bug): Icmp payload default of 0 can give issues as this is not a official supported value as monitoring of a gateway.: The default in pfSense is 1, not 0. The default in dpinger is 0 but pfSense uses 1 when it's unset, not 0.
!clipbo... Jim Pingle
03:35 PM Bug #15041 (Closed): Icmp payload default of 0 can give issues as this is not a official supported value as monitoring of a gateway.: The payload size can already be configured in the gateway's advanced settings. Marcos M
02:49 PM Bug #15041 (Not a Bug): Icmp payload default of 0 can give issues as this is not a official supported value as monitoring of a gateway.: Icmp payload for monitoring a gateway has a default value of 0. The result of the ICMP request can be influenced by f... Leon Straathof
10:52 AM pfSense Plus Feature #15038: Operating System support for PF ``pflow`` packet data flow export: The plan is to start by importing OpenBSD's pflow(4), and then extending it to expose more NAT information (see RFC 8... Kristof Provost
07:53 AM pfSense Packages Bug #14287: pfBlockerNG does not uninstall cleanly when using RAM disks: Jordan G wrote in #note-21:
> quite similar, both ends of the spectrum though - https://redmine.pfsense.org/issues/1... Loh Phat
06:25 AM pfSense Plus Bug #15035: System GUI unaccessable: 23.05.01 with squid was the everything bagel of open source community firewall software... 🥯 Jonathan Lee

11/27/2023

10:11 PM Revision fae35334: Update version to 2.7.2-RC: Brad Davis
09:50 PM pfSense Packages Bug #14861: PHP error when pings are enabled but no ping hosts are defined: Hi, not sure what to tell you. I was using the telegraf plugin on 2.7.x sending stats to an influxdb. I don't recall ... David Bowen
08:52 PM Feature #13085 (Feedback): OpenVPN NBDD server options: Marcos M
08:37 PM pfSense Packages Bug #14287 (Resolved): pfBlockerNG does not uninstall cleanly when using RAM disks: Fixed in version 3.2.0_7: https://github.com/pfsense/FreeBSD-ports/commit/bd3ae22c8740dad7db80a893038990c83b55700f Marcos M
07:59 PM pfSense Plus Bug #15035: System GUI unaccessable: TAC ticket number is: 2113707645 Jonathan Lee
07:53 PM pfSense Plus Bug #15035: System GUI unaccessable: https://forum.netgate.com/topic/184377/4-1-6_14-snort-23-09-issue-arm Jonathan Lee
07:49 PM pfSense Plus Bug #15035: System GUI unaccessable: NogBadTheBad
also stated issues with the ".14 fix" Snort update however the thread was locked right after he reporte... Jonathan Lee
07:46 PM pfSense Plus Bug #15035: System GUI unaccessable: I had to uninstall Snort to access the web GUI. It does not work for my configuration you see above at all. I am stuc... Jonathan Lee
07:03 PM pfSense Plus Bug #15035: System GUI unaccessable: wrt snort, the issue with killing states is resolved; see https://forum.netgate.com/topic/184112/important-snort-and-... Marcos M
05:12 PM pfSense Plus Bug #15035: System GUI unaccessable: Thank you open source community for all you do. Jonathan Lee
05:11 PM pfSense Plus Bug #15035: System GUI unaccessable: 23.09 is not stable when Snort is used with blocking enabled it will depreciate a firewall to no gui access with bloc... Jonathan Lee
05:08 PM pfSense Plus Bug #15035: System GUI unaccessable: Packages running
23.05.01 final ARM SG2100 stable version time to stable config 2019->2023
I hope that provides... Jonathan Lee
05:02 PM pfSense Plus Bug #15035: System GUI unaccessable: ACLs Jonathan Lee
04:53 PM pfSense Plus Bug #15035: System GUI unaccessable: Squid uses both splice for some and intercept for others Jonathan Lee
04:52 PM pfSense Plus Bug #15035: System GUI unaccessable: None of that is relevant if you cannot reproduce the PHP error while you are on a stock/unmodified 23.09. If you only... Jim Pingle
04:51 PM pfSense Plus Bug #15035: System GUI unaccessable: took from 2019 until 23.05.01 for this to be stable
23.09 on arm processor is not stable with Snort active .14 ver... Jonathan Lee
04:50 PM pfSense Plus Bug #15035: System GUI unaccessable: backups/patched custom Jonathan Lee
04:34 PM pfSense Plus Bug #15035: System GUI unaccessable: Attached is information on how my system works in 23.05.01. This is stable and runs for days without issues even with... Jonathan Lee
03:58 PM pfSense Plus Bug #15035: System GUI unaccessable: 23.09 is not stable for Snort it just doesn't work with it on ARM. Jonathan Lee
03:57 PM pfSense Plus Bug #15035: System GUI unaccessable: Steps to reproduce.
1. Use boot environments I went to test out 23.09 again with the latest Snort update. I starte... Jonathan Lee
02:12 PM pfSense Plus Bug #15035 (Rejected): System GUI unaccessable: There is no code like that on line 535 in a current version of head.inc. On 23.05.1 it would imply that the content o... Jim Pingle
02:28 AM pfSense Plus Bug #15035: System GUI unaccessable: Errors that are listed in logs Jonathan Lee
02:26 AM pfSense Plus Bug #15035: System GUI unaccessable: I noticed this after some snort changes when this GUI access was removed
Changes marked unknown... Jonathan Lee
02:00 AM pfSense Plus Bug #15035 (Rejected): System GUI unaccessable: /head.inc, Line: 535, Message: Uncaught TypeError: count): Argument #1 (Svalue) must be of type Countable|array, bool... Jonathan Lee
07:39 PM Regression #15011 (Resolved): ISC DHCP responds from a random port: Marcos M
06:52 PM Regression #15011: ISC DHCP responds from a random port: Before the fix, DHCP logs show the following when a client tries to renew (logs reversed):... Marcos M
07:07 PM Feature #14620: Support running DHCPv4 Server and DHCPv4 Relay at the same time on different interfaces: For reference: https://github.com/pfsense/FreeBSD-ports/commit/43067d320d88d1d9856d048c7129399bd80a2216 Marcos M
07:02 PM Revision 891a9fa4: Show the target for auto outbound NAT rules. Fix #15025: (cherry picked from commit 83bca4954db2a52c35c1581e53be2faa7a47d49b) Marcos M
07:02 PM Revision 9c227343: Append a new line to NAT rule errors. Fix #15024: (cherry picked from commit b7f2b1dc3f0c15c4b2b9d475848f42573c43e261) Marcos M
07:02 PM Revision 4e15e2de: Update misleading function names. Fix #11566: (cherry picked from commit 50b5741beafdb34a3009b78279e203570f5e6d3f) Marcos M
07:02 PM Revision 0323b9fe: Fix IPsec log value handling. Fixes #14990: (cherry picked from commit dcdb461733044d274c742832097b13a312045f37) Jim Pingle
07:02 PM Revision b5f346cf: Save the mobile IPsec group auth setting. Fix #14963: (cherry picked from commit 0fc7765c886ed60555750d12808f493d70918450) Marcos M
07:02 PM Revision 4f89ce19: Remove invalid field from input validation. Fix #14965: (cherry picked from commit a6c6b835f8d75796c0c1fb9ecde90f5b1757f807) Marcos M
07:02 PM Revision a433a061: Update direct config access in services_dhcpv6.php. Fix #14978: (cherry picked from commit 6df70417029defed162b539720e8baa03984f653) Marcos M
07:02 PM Revision 7f85fd87: Fix PHP error when saving PPP interface w/o config. Issue #14949: (cherry picked from commit 0236684082ef0a954ce74a785a4d0eb2e22106cd) Jim Pingle
06:59 PM pfSense Plus Bug #15040 (Closed): ld-elf.so.1: Shared object "libssl.so.30" not found, required by "pfSense-repoc": It's a known issue that's resolved by https://redmine.pfsense.org/issues/10464. Marcos M
06:07 PM pfSense Plus Bug #15040 (Closed): ld-elf.so.1: Shared object "libssl.so.30" not found, required by "pfSense-repoc": When using boot environments to move system back to last stable version users can no longer check for updates
@ld... Jonathan Lee
05:35 PM pfSense Plus Feature #15039 (Closed): GUI to configure Packet Flow Data (``pflow``) export: Following #15038 the GUI will need a set of options to configure @pflow(4)@ behavior
It will need at least the fol... Jim Pingle
05:25 PM pfSense Plus Feature #15038 (Closed): Operating System support for PF ``pflow`` packet data flow export: Import the "pflow(4)":https://man.openbsd.org/pflow.4 netflow/IPFIX export functionality for PF from OpenBSD into pfS... Jim Pingle
04:33 PM Bug #15034: FreeBSD-EN-23:16.openzfs: Potential ZFS file corruption: name name wrote in #note-2:
> Could you please tell me if an update is planned for 23.09/2.7.1 once an upstream fix ... Jim Pingle
04:16 PM Bug #15034: FreeBSD-EN-23:16.openzfs: Potential ZFS file corruption: Thank you for looking into it and the recommendation.
Could you please tell me if an update is planned for 23.09/2... name name
02:05 PM Bug #15034 (Closed): FreeBSD-EN-23:16.openzfs: Potential ZFS file corruption: pfSense 23.09 and 2.7.1 are both using code that is close to 2.2.0:... Jim Pingle
03:40 PM Regression #15030 (Confirmed): Keymap Layout Options No Longer Provided: I tried both BIOS and UEFI paths and it doesn't show up in either case. This isn't new, however, it wasn't in 2.7.0 e... Jim Pingle
02:06 PM pfSense Packages Todo #12806 (Closed): Update node_exporter to 1.3.1: Jim Pingle
02:05 AM pfSense Packages Todo #12806: Update node_exporter to 1.3.1: Logan Marchione wrote:
> Sorry if this isn't the right place to ask. I wasn't sure if pfSense published package upda... Logan Marchione
02:06 PM pfSense Packages Bug #14986 (Resolved): Snort's Legacy Blocking Mode custom plugin code causes a Signal 11 and core dump when "kill states" option is enabled: Jim Pingle
01:57 PM pfSense Plus Bug #15026 (Not a Bug): PHP Error since upgrading to 23.09: This isn't a bug, either something didn't complete in your upgrade or something else patched on there is causing it. ... Jim Pingle
01:55 PM Feature #15031 (Closed): Need "Custom Options" section for Kea DHCP Server to support Kea DHCP-DDNS service at a minimum: We are aware of the features not yet implemented in Kea, these are already being developed and do not need to be trac... Jim Pingle
01:51 PM pfSense Packages Bug #15028 (Not a Bug): OpenVPN + FRR BGP routing failure(Unable to contact daemon/Service not running?): That is the kind of error you'll get if there is a conflicting route already in the table which prevents it from conf... Jim Pingle
01:39 PM pfSense Plus Bug #15036: Traffic Shaper Wizard Dedicated generates error: Please include the details of all the inputs that were given in the wizard which resulted in the error. It should all... Jim Pingle
06:09 AM pfSense Plus Bug #15036: Traffic Shaper Wizard Dedicated generates error: Tested on
23.09-RELEASE (amd64)
built on Thu Nov 23 9:32:00 UTC 2023
FreeBSD 14.0-CURRENT
I can confirm this e... aleksei prokofiev
05:56 AM pfSense Plus Bug #15036 (Confirmed): Traffic Shaper Wizard Dedicated generates error: I can reproduce it on 23.01, 23.05_1 and 23.09
All the time I run *Traffic Shaper Wizard Dedicated* with HFSC que... Azamat Khakimyanov
12:29 PM Bug #15037 (New): NTPD: Serial GPS with PPS error opening /dev/gpspps0: Receive the following error message in the NTP log when using a serial GPS with PPS output connect to a serial COM po... Elvis Impersonator
07:26 AM pfSense Packages Bug #15018: Suricata 7.0.2 service stop problem: Service_Watchdog is not (and was never) installed on affected systems. What I don't understand how can a "suricata.sh... Robert Karsai
04:53 AM Bug #15015: Static routes not working: dylan mendez wrote in #note-2:
> In this case, my best guess is that the IPSec tunnel is going down for some reason, ... Silviu Bajenaru
12:23 AM Bug #15015: Static routes not working: In this case, my best guess is that the IPSec tunnel is going down for some reason, therefore, the route is no longer... dylan mendez
12:22 AM Bug #15015: Static routes not working: Created 3 VMs
VM 1 - pfSense CE 2.7.0 - Subnet: 192.168.1.0/24 - Connected via VTI IPsec to VM2 (10.10.10.1) - Rou... dylan mendez

11/26/2023

11:04 PM pfSense Packages Bug #14986: Snort's Legacy Blocking Mode custom plugin code causes a Signal 11 and core dump when "kill states" option is enabled: The fix has deployed in package updates to both CE 2.7.1 and Plus 23.09. User feedback on the Netgate Forum indicates... Bill Meeks
10:59 PM pfSense Packages Bug #15033: Suricata rule lists can't be manually updated unless the ETOpen Emerging Threats list is enabled: Verified.
The check for enabled rules currently only checks for ET Open, Snort VRT, ET Pro, and Extra Rules as shown... Bill Meeks
02:11 AM pfSense Packages Bug #15033 (Resolved): Suricata rule lists can't be manually updated unless the ETOpen Emerging Threats list is enabled: To reproduce on a system that's never had Suricata installed before:
- Install it, enable an interface and start the... Chris W
10:52 PM pfSense Packages Bug #15018: Suricata 7.0.2 service stop problem: Robert Karsai wrote in #note-4:
> Hello Bill, Thanks for looking into this issue. I've managed to reproduce the probl... Bill Meeks
09:48 PM pfSense Packages Bug #15018: Suricata 7.0.2 service stop problem: Hello Bill, Thanks for looking into this issue. I've managed to reproduce the problem on a Netgate 4100 cluster maste... Robert Karsai
04:53 PM pfSense Packages Bug #15018: Suricata 7.0.2 service stop problem: Continuing to try and gather data about this issue. I have not been able to reproduce it in my local testing machines... Bill Meeks
04:00 AM pfSense Packages Bug #15018: Suricata 7.0.2 service stop problem: Editing redmine to correct title. Kris Phillips
02:52 PM pfSense Plus Bug #15026: PHP Error since upgrading to 23.09: cat /etc/inc/util.inc | grep "php_default_memory"
it is there and the code as well
function get_php_default_memory... Eric Nguyen
01:43 AM pfSense Plus Bug #15026: PHP Error since upgrading to 23.09: Those patches shouldn't affect it. That function 'get_php_default_memory()' should be defined in /etc/inc/util.inc. I... Christopher Cope
11:59 AM Bug #15034 (Resolved): FreeBSD-EN-23:16.openzfs: Potential ZFS file corruption: From reading the ZFS issue tracker there seem to be quite a few problems with the new ZFS 2.2.0 version and I was won... name name
06:23 AM Bug #13413: Some messages presented to users contain relative links to pages which may be invalid when triggered from certain packages: Tested on
23.09-RELEASE (amd64)
built on Fri Nov 17 13:32:00 UTC 2023
FreeBSD 14.0-CURRENT
I've tried different... aleksei prokofiev
05:27 AM pfSense Packages Bug #14287: pfBlockerNG does not uninstall cleanly when using RAM disks: quite similar, both ends of the spectrum though - https://redmine.pfsense.org/issues/13679
can I ask if you have IPv... Jordan G
04:12 AM Bug #14978: PHP error on ``services_dhcpv6.php`` if the configuration contains an empty ``dhcpv6`` section: I set a static v6 address on one of my LANs and when trying to enable ISC or KEA v6 DHCP server I receive the same me... Jordan G
03:56 AM pfSense Packages Bug #14861 (Incomplete): PHP error when pings are enabled but no ping hosts are defined: Tested on 2.7.1. I'm still not able to recreate this bug report. Marking as Incomplete until exact replication step... Kris Phillips
12:03 AM pfSense Plus Bug #15029 (Not a Bug): Additional packages are blank: Christopher Cope

11/25/2023

03:41 PM pfSense Plus Bug #15029: Additional packages are blank: Rebooted system again this morning and its working fine now. thanks for the help. John Beaudoin
03:17 PM pfSense Plus Bug #15029: Additional packages are blank: You can try these steps to force download new repository files. This is often all you need to do but repo issues are ... Chris W
03:14 PM Bug #15032 (Resolved): Kea DHCP sends wrong bootloader file for UEFI: I already posted this problem in the pfSense forum and was asked to report this issue here. Here is the link of the d... David Masshardt
01:30 PM Feature #15031 (Closed): Need "Custom Options" section for Kea DHCP Server to support Kea DHCP-DDNS service at a minimum: With the move to the Kea DHCP server, local resolution of DHCP names in the DNS relay has gone away. A reasonable wo... Brett Wyer
11:35 AM pfSense Docs Correction #9370: Update old screenshots: The screenshots on the *Launching an Instance with a Single Network Interface* page are outdated.
https://docs.netg... Danilo Zrenjanin
10:45 AM pfSense Docs Correction #14988 (Resolved): DHCPv6 relay Destination Server: It looks good now.
I am marking this ticket resolved. Danilo Zrenjanin
09:53 AM Regression #14987: ``Interface Address`` is no longer an option for outbound NAT targets: I've just tested and confirmed on 23.05.1 that there was no need to assign the Tailscale interface to have it in the ... Danilo Zrenjanin
08:44 AM Regression #15005 (Confirmed): Auto Config Backup times are incorrect: Yes, indeed. I can confirm this behavior at:... Danilo Zrenjanin
08:38 AM Regression #15025 (Resolved): Automatic outbound NAT rules show an empty NAT Address: I can confirm this behavior on 23.09.
The patch fixes it.
I am marking this ticket resolved. Danilo Zrenjanin
08:37 AM Bug #15009: System>Update page menu uses incorrect internal URL: Interestingly, a reboot resolved the issue. No changes made. Jon8RFC .

11/24/2023

09:43 PM Regression #15030 (Confirmed): Keymap Layout Options No Longer Provided: Testing the installer for CE 2.7.1 there is no keyboard/keymap layout option provided as described here:
https://doc... Kris Phillips
08:43 PM Feature #12522: More GUI options for OpenVPN Client-Specific Overrides: and a patch file for current master branch Phil Wardt
08:32 PM Feature #12522: More GUI options for OpenVPN Client-Specific Overrides: I updated the commit as you suggested
https://github.com/pfsense/pfsense/pull/4570 Phil Wardt
06:41 PM pfSense Plus Bug #15029 (Not a Bug): Additional packages are blank: running version
Version 23.09-RELEASE (amd64)
built on Tue Oct 31 15:56:00 EDT 2023
FreeBSD 14.0-CURRENT
Unabl... John Beaudoin
07:25 AM Bug #15009: System>Update page menu uses incorrect internal URL: Hmm. But refresh, ctrl+refresh, shift+refresh, ctrl+shift+refresh all yield the same result for me: Unable to check ... Jon8RFC .

11/23/2023

06:40 PM pfSense Packages Bug #14668: FRR BGP route is not making into kernel route table after WireGuard's peer change is applied: updated to CE 2.7.1, FRR 2.0.2, WireGuard 0.2.1 - the issue is still persist. Oleksii Tucha
06:26 PM pfSense Packages Bug #15028 (Not a Bug): OpenVPN + FRR BGP routing failure(Unable to contact daemon/Service not running?): Up to version 2.6.0, it works normally without bugs. The new versions 2.7.0 and 2.7.1 report inconsistency according ... Thiago Orico
12:36 PM pfSense Packages Bug #15027 (Resolved): Bind DNS Server cannot reorder zones: Hello all,
Since 23.09 and 23.05 re-ordering zones and saving has no effect, returning to the zone definitions aft... Eric Nguyen
12:30 PM pfSense Plus Bug #15026 (Not a Bug): PHP Error since upgrading to 23.09: Hello all,
Since upgrading to 23.09, have the following error messages in my notice area coming up at regular inte... Eric Nguyen

Also available in: Atom

Project

General

Profile

pfSense

Activity

Activity

12/22/2023

12/21/2023

12/20/2023

12/19/2023

12/18/2023

12/17/2023

12/16/2023

12/15/2023

12/14/2023

12/13/2023

12/12/2023

12/11/2023

12/10/2023

12/09/2023

12/08/2023

12/07/2023

12/06/2023

12/05/2023

12/04/2023

12/03/2023

12/02/2023

12/01/2023

11/30/2023

11/29/2023

11/28/2023

11/27/2023

11/26/2023

11/25/2023

11/24/2023

11/23/2023