Project

General

Profile

Activity

From 12/20/2023 to 01/18/2024

01/18/2024

09:37 PM Bug #15156: Fragmented packets delayed by limiters are lost
While we're gathering things let's also dump the dummynet pipe information:... Kristof Provost
07:12 PM Bug #15156: Fragmented packets delayed by limiters are lost
I'm still rather unclear on why this happens, and why I cannot reproduce fragmentation issues with dummynet pipes loc... Kristof Provost
08:55 PM Bug #15171 (Feedback): Removing an IPsec Phase 1 entry can either remove the wrong Phase 2 entries or leave orphaned Phase 2 entries in the configuration
Applied in changeset commit:48aea6ee7e03b5b7f49dd143bd1993d33ba74f5b. Jim Pingle
07:45 PM Bug #15171 (In Progress): Removing an IPsec Phase 1 entry can either remove the wrong Phase 2 entries or leave orphaned Phase 2 entries in the configuration
I managed to reproduce a couple different issues here.
The original problem seems to be isolated to only the per-r... Jim Pingle
03:41 PM Bug #15171 (Incomplete): Removing an IPsec Phase 1 entry can either remove the wrong Phase 2 entries or leave orphaned Phase 2 entries in the configuration
How are these entries being deleted exactly? Using the trash can at the end of a row, or by checking the box(es) at t... Jim Pingle
11:57 AM Bug #15171: Removing an IPsec Phase 1 entry can either remove the wrong Phase 2 entries or leave orphaned Phase 2 entries in the configuration
The IPsec config before removing the second Phase 1. ... Danilo Zrenjanin
11:46 AM Bug #15171 (Confirmed): Removing an IPsec Phase 1 entry can either remove the wrong Phase 2 entries or leave orphaned Phase 2 entries in the configuration
Tested against:... Danilo Zrenjanin
08:45 PM Revision 48aea6ee: IPsec P1/P2 delete corrections. Fixes #15171
Jim Pingle
08:39 PM pfSense Plus Bug #15103: Netgate Crypto ID missing in 23.09.01 after fresh firmware
I thought I would mention, I also have this issue in 23.09.1 that I just did a reinstall on. 23.09.1 is running on a... Jeff Kuehl
08:15 PM Bug #5413: Reduce disruptions when changing DNS records from DHCP leases in Unbound
A question for you, Christian. Does the DHCP change to KEA's code mean this is no longer a problem? Or are the notifi... Dennis Adler
07:25 PM Feature #13894 (Feedback): Explicitly enable/disable DHCP Dynamic DNS updates in each scope
Applied in changeset commit:fb04e80e014e4759215384054497268944535001. Marcos M
07:19 PM Revision fb04e80e: Explicitly set ddns-updates. Fix #13894
Marcos M
07:05 PM Todo #15173 (Feedback): Add global option to set default PF State Policy (if-bound vs floating)
Applied in changeset commit:7fedaae5775b9fb58dea7a71afce6d7c3ba062f9. Jim Pingle
05:21 PM Todo #15173: Add global option to set default PF State Policy (if-bound vs floating)
MR: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/1123 Jim Pingle
05:18 PM Todo #15173 (Resolved): Add global option to set default PF State Policy (if-bound vs floating)
PF now has an option to set the default state policy to either floating (the current PF and OS default) or interface-... Jim Pingle
06:56 PM Revision 7fedaae5: Add option to set State Policy. Implements #15173
Also changes default policy to if-bound. Jim Pingle
06:42 PM Bug #14290: ICMPv6 Path MTU Discovery breaks with NPT
We can work around the problem by having pf perform the packet-to-big check and generating the icmp6 too big error:
... Kristof Provost
06:27 PM Feature #15174 (New): missing ice driver (Intel E810 series NIC)

As suggested by stephenw10 in the forum [1] to open a feature request, I ask you kindly to add support for the Inte... Adrian Zaugg
12:44 PM Bug #15145 (Resolved): Unable to perform Packet Captures on a tailscale interface in GUI with default settings
Tested the patch against:... Danilo Zrenjanin
01:47 AM pfSense Packages Bug #15172 (New): Tailscale interface goes down without reason
Tailscale on pfSense 2.7.2-RELEASE (tailscale package v0.1.4 [tailscale-1.54.0])
On a VM (Proxmox v8.x (lastest wi... Carlos Montalvo J.

01/17/2024

11:02 PM Bug #14619: Rule separators are ordered incorrectly after removing rules in certain positions
This fixed my issues
I made the config.xml file like this, they had issues in 23.05.01 I think they caused the r... Jonathan Lee
10:47 PM Bug #15171 (Resolved): Removing an IPsec Phase 1 entry can either remove the wrong Phase 2 entries or leave orphaned Phase 2 entries in the configuration
when deleting p1 entry in ipsec, p2 entries below some totally unrelated p1 entry also being deletet
see reports a... Roland Kletzing
09:02 PM pfSense Plus Todo #15164 (Feedback): Add ZFS Boot Environment list to status output
Added to Plus:
https://gitlab.netgate.com/pfSense/factory/-/commit/3a52d6afc43efcd2e4166a7b23fd15aba6a33dff
 Jim Pingle
09:00 PM pfSense Plus Todo #15164 (In Progress): Add ZFS Boot Environment list to status output
Jim Pingle
07:35 PM pfSense Docs Todo #15161 (Closed): System --> Advanced --> Notifications --> Secure SMTP Connection
Notes should now match the observed behavior: https://gitlab.netgate.com/docs/pfSense-docs/-/commit/3d5864f74ae50cf13... Jim Pingle
06:26 PM pfSense Docs Todo #15161: System --> Advanced --> Notifications --> Secure SMTP Connection
Are you attempting to use authentication? It works here when I use authentication on port 587 or 25 and "Enable SMTP ... Jim Pingle
07:29 PM Bug #15156: Fragmented packets delayed by limiters are lost
testing session with client 17.01:
calls had a big chance of success without limiters enabled for the rule on ix0.12... Georgiy Tyutyunnik
06:26 PM Bug #8313 (Not a Bug): STARTTLS auto detection not working
This has apparently been fixed upstream, STARTTLS works automatically for me on port 25 and 587 with auth configured ... Jim Pingle
05:10 PM Bug #15162: Adding Wake-On-LAN entry from ARP table view can incorrectly include OEM text in MAC address field
Though installing nmap activates the OUI info in the field, the code to handle that is not in the nmap package, but i... Jim Pingle
05:08 PM Bug #15167 (Not a Bug): OpenVPN Server can provide duplicate IP addresses to clients with a Client Override, including the first usable IP in the Network.
That is part of how OpenVPN operates. Addresses assigned via overrides are not reserved/kept from being allocated. Jim Pingle
05:07 PM pfSense Plus Feature #15168 (Rejected): Tracker ID as a column
Each redmine must only be a single request.
There is already a way to make a user read-only, there is a "deny conf... Jim Pingle
05:03 PM Bug #15108 (Resolved): ``pfctl`` is unable to retrieve state creator list in certain circumstances
Given that we can't reproduce it there isn't a good way to verify the fix, so we can close this out for now. If we ge... Jim Pingle
05:00 PM Feature #855: Ability to selectively kill states on gateway recovery
would be a charm like this...
love my paint :-) Henniee Walterson
04:46 PM Feature #855 (Assigned): Ability to selectively kill states on gateway recovery
Marcos M
04:36 PM Bug #15157 (Incomplete): PHP error when generating a notification after detecting a malformed configuration
... Jim Pingle
03:21 PM Regression #15170 (Resolved): webConfigurator IPv6 resolver syntax change
Fixed in commit:cb77811ae6aad6d69abefcdb61e84a16a2ff4178. Marcos M
02:29 PM Regression #15170 (Closed): webConfigurator IPv6 resolver syntax change
It looks like a webconfigurator line like this:... Chris Linstruth
03:20 PM Revision cb77811a: Add brackets to returned IPv6 nameservers. Fix #15170
Marcos M

01/16/2024

10:00 PM Bug #13413 (Feedback): Some messages presented to users contain relative links to pages which may be invalid when triggered from certain packages
Applied in changeset commit:b505dae3a3accf4757d3b617e91a60f987d35841. Christopher Cope
09:53 PM Revision b505dae3: Use absolute links in GUI info messages. Fixes #13413
Christopher Cope
09:50 PM Bug #15145 (Feedback): Unable to perform Packet Captures on a tailscale interface in GUI with default settings
Applied in changeset commit:2adf7b8cde44a8e2f0f0cbb2a7f6c360e3bf4050. Christopher Cope
09:48 PM Revision e6a751da: Detect OCI platform
Steve Wheeler
09:42 PM Revision 2adf7b8c: Fix packet captures on tailscale. Fixes #15145
Christopher Cope
09:40 PM pfSense Plus Bug #15169 (Duplicate): Allowed IP Address does not control incoming speed in captive portal, PF Sense Plus Release 23.xx.x
Marcos M
09:30 PM pfSense Plus Bug #15169 (Duplicate): Allowed IP Address does not control incoming speed in captive portal, PF Sense Plus Release 23.xx.x
Hello engineers,
I would like to report a bug that has already been submitted and confirmed but only on the PF CE ... Zephan NLD
03:25 PM pfSense Plus Feature #15039: GUI to configure Packet Flow Data (``pflow``) export
The required OS code has been merged.
pflow configuration is done through `pflowctl`. Use `pflowctl -c` to create... Kristof Provost
03:20 PM pfSense Plus Feature #15038 (Feedback): Operating System support for PF ``pflow`` packet data flow export
I've merged the upstream pflow code. It'll be part of the next snapshot builds.
It includes support for netflow v5... Kristof Provost
02:13 PM Feature #13294: Change gateway name
I'd like to upvote this enhancement (or whatever the process is). Not being able to rename gateways is quite inconven... Chris Jenkins
12:51 PM Bug #14290: ICMPv6 Path MTU Discovery breaks with NPT
I believe I've reproduced this. It looks like the problem is in the icmp6_error() code, which tries to do a route loo... Kristof Provost
11:17 AM Feature #855: Ability to selectively kill states on gateway recovery
+1!
Same problem with multi-path routing and multi-wan!
Seems to be easy to solve with pfctl.
Pls do it. Soon. Henniee Walterson
07:36 AM pfSense Plus Feature #15168 (Rejected): Tracker ID as a column
This is a 2 part request.
1. Have the Firewall rules screen locked. Right an admin can click around firewall rules a... Mike Moore
02:50 AM pfSense Plus Bug #15006: Upgrade Issue to 23.09 Results in Stuck Prompt Mid-upgrade
I have not encountered this personally, but can confirm multiple instances of upgrades failing with:... Craig Coonrad
12:45 AM Feature #4128: Email notification webgui configuration

Attaching interaction 2270966827 here. dylan mendez

01/15/2024

10:42 PM Regression #15152: Systems with low RAM fail to upgrade to 24.03
Tested 24.03 upgrade on a VM with 768MB RAM. With and without RAM Disks enabled. Unable to reproduce. Upgrades comple... Craig Coonrad
02:03 PM Regression #15152: Systems with low RAM fail to upgrade to 24.03
I've not yet been able to reproduce this on a low-memory VM (1GB total RAM).
From the log I would guess that this ... Kristof Provost
10:18 PM Bug #15167 (Not a Bug): OpenVPN Server can provide duplicate IP addresses to clients with a Client Override, including the first usable IP in the Network.
Steps to replicate.
Create OpenVPN Server (example network 192.168.25.0/24)
Add Client Specific Override with IP ... dylan mendez
08:07 PM Feature #15166: ISC DHCPv6 DynamicDNS Bug
This requires DDSMM which is already a requested feature - see the related issues section of this redmine. Additional... Marcos M
07:27 PM Feature #15166: ISC DHCPv6 DynamicDNS Bug
Wait a second the bug 10535 was also closed without any conclution. Could you explain yourself? André L.
04:12 PM Feature #15166 (Duplicate): ISC DHCPv6 DynamicDNS Bug
Marcos M
10:12 AM Feature #15166 (Duplicate): ISC DHCPv6 DynamicDNS Bug
I dont really know how much attention this will get after the ISC retirement for the DHCP Server but if the DHCPv6 is... André L.
05:10 PM Feature #14165: Option to allow the DNS Forwarder to ignore system DNS servers
Merged in commit:840b13703bfae1f666a2ae8d5fa40ffb745a2ca3. Marcos M
05:09 PM Feature #14165 (Feedback): Option to allow the DNS Forwarder to ignore system DNS servers
Marcos M
04:56 PM Revision 840b1370: Merge pull request #4664 from opoplawski/no_system_dns
Marcos M
10:29 AM Bug #15108 (Feedback): ``pfctl`` is unable to retrieve state creator list in certain circumstances
Quick summary from the forum discussion: the reporter has upgraded both (pfsync) hosts to the same version, and the p... Kristof Provost
06:47 AM Bug #15165 (Needs Patch): Early boot hangs on pfSense CE
Hello.
I use Hyperv-V under Windows 10 Pro, went I update to Pfsense 2.7.0 I start having the frezee issue that I ... Peter Moreno
06:07 AM pfSense Packages Todo #15119: Update nut-devel version and update startup script
Can we go ahead and push this out please? Thanks Denny Page
12:11 AM pfSense Plus Todo #15164 (Resolved): Add ZFS Boot Environment list to status output
This is needed to review the BE status/options of the device as well as troubleshoot potential disk space issues.
... Craig Coonrad

01/14/2024

04:01 PM Feature #11556 (In Progress): Kill states using the pre-NAT address
Chris Linstruth
04:00 PM Feature #11556: Kill states using the pre-NAT address
Please also see scenario:
killing states when a pass rule with a schedule expires:
!clipboard-202401141100-0s9e... Chris Linstruth
03:38 PM Feature #15163: Add “WOL GROUPING” in “Services / Wake-on-LAN”
Sergei Shablovsky wrote:
> Hi, brilliant pfSense stuff!
>
> Please add ability to grouping in Wake-on-LAN service... Sergei Shablovsky
12:10 AM Feature #15163 (New): Add “WOL GROUPING” in “Services / Wake-on-LAN”
Hi, brilliant pfSense stuff!
Please add ability to grouping in Wake-on-LAN service “*Services / Wake-on-LAN*”.
... Sergei Shablovsky
11:55 AM Bug #14290: ICMPv6 Path MTU Discovery breaks with NPT
Any update here? Having the same issue when I use the following: IPv6 via DHCP from ISP, internal IPv6 space mapped v... Philip S
06:14 AM pfSense Plus Bug #15036: Traffic Shaper Wizard Dedicated generates error
Tested on
24.03-DEVELOPMENT (amd64)
built on Fri Jan 12 6:00:00 UTC 2024
FreeBSD 15.0-CURRENT
The error is pres... aleksei prokofiev
05:54 AM pfSense Packages Bug #11515: node_exporter 0.18.1_1 - Unable to interact or start the service from web ui
Tested on node_exporter 0.18.1_3
24.03-DEVELOPMENT (amd64)
built on Fri Jan 12 6:00:00 UTC 2024
FreeBSD 15.0-CURR... aleksei prokofiev
04:09 AM pfSense Packages Bug #15131: OpenVPN client export issues with iPhone and IPV6 connections
They have sense reactivated my username and all posts are erased related to this fix and issue on both the other user... Jonathan Lee
04:08 AM pfSense Packages Bug #15131: OpenVPN client export issues with iPhone and IPV6 connections
Someone on OpenVPN forum as an admin deleted the post with the fix that was not mine and also banned my user name I w... Jonathan Lee
03:37 AM pfSense Packages Bug #15131 (Incomplete): OpenVPN client export issues with iPhone and IPV6 connections
Jonathan Lee wrote in #note-1:
> https://forums.openvpn.net/viewtopic.php?p=119902 (lists fix)
> https://forums.ope... Kris Phillips
03:35 AM pfSense Packages Bug #15131: OpenVPN client export issues with iPhone and IPV6 connections
Tested this with IPv4+6 multihome and the client export spits out a config with remote [hostname] udp, not udp4.
... Kris Phillips
04:07 AM Bug #15118: DHCPv6 settings page "DDNS Reverse" check box not showing current state
Tested on Jan 12 snapshots and this issue is still present. You don't need to change any other settings, but simply ... Kris Phillips
03:59 AM Bug #15098: Wireguard crashes on boot if PPPoE is the default gateway
Danilo Zrenjanin wrote in #note-3:
> I couldn't replicate this behavior on the following system:
> [...]
>
> The... Kris Phillips
03:39 AM pfSense Docs Correction #15128 (Confirmed): Note that a WireGuard peer must have "Dynamic" unset to see Endpoint options
I can confirm this behavior in the GUI. Kris Phillips
03:24 AM pfSense Packages Todo #15119 (Resolved): Update nut-devel version and update startup script
Can confirm that the newer nut-devel packages are added as dependencies. Current package version is nut-devel-2024.0... Kris Phillips
03:11 AM Bug #15147: Cannot configure dual stack IPsec tunnel to accept connections from any remote address on both address families
Can confirm that this is very confusing. It might be better to add a "Allow from Any Source" checkbox that just appl... Kris Phillips
03:06 AM pfSense Docs Todo #15161 (Confirmed): System --> Advanced --> Notifications --> Secure SMTP Connection
I can confirm that it doesn't appear that with or without SSL/TLS enabled that STARTTLS is ever used. Kris Phillips
02:52 AM Bug #15157: PHP error when generating a notification after detecting a malformed configuration
Ramon Alonso Costa wrote:
> I am having the following issue when trying to update the DNS Resolver backup. Below is ... Kris Phillips
01:21 AM Bug #15162 (Confirmed): Adding Wake-On-LAN entry from ARP table view can incorrectly include OEM text in MAC address field
Sergei Shablovsky wrote in #note-1:
> Sergei Shablovsky wrote:
> > Hi, brilliant pfSense stuff!
> >
> > Wrong st... Christopher Cope
12:02 AM Bug #15162: Adding Wake-On-LAN entry from ARP table view can incorrectly include OEM text in MAC address field
Sergei Shablovsky wrote:
> Hi, brilliant pfSense stuff!
>
> Wrong string in “ *MAC address* ” txt entry field in ... Sergei Shablovsky
12:12 AM Bug #15067: Secondary node attempts to delete the ``admins`` group when synchronizing accounts via XMLRPC
confirmed Chris Cope's findings by adding new user/group.... Craig Coonrad

01/13/2024

11:54 PM Bug #15162 (Resolved): Adding Wake-On-LAN entry from ARP table view can incorrectly include OEM text in MAC address field
Hi, brilliant pfSense stuff!
Wrong string in “ *MAC address* ” txt entry field in “ *Services / Wake-on-LAN / Edit... Sergei Shablovsky
11:41 PM pfSense Packages Regression #14452: Prometheus node_exporter generates errors with the default config
Tested 24.03 development snapshot. Error persists.... Craig Coonrad
11:04 PM pfSense Docs Todo #15161 (Closed): System --> Advanced --> Notifications --> Secure SMTP Connection
https://docs.netgate.com/pfsense/en/latest/config/advanced-notifications.html
> When set, the firewall will attemp... Craig Coonrad
11:06 AM pfSense Plus Bug #15036 (Confirmed): Traffic Shaper Wizard Dedicated generates error
I've replicated the issue on:... Danilo Zrenjanin
10:19 AM Bug #15145: Unable to perform Packet Captures on a tailscale interface in GUI with default settings
ah cool. Thanks for checking. Danilo Zrenjanin
08:09 AM pfSense Packages Regression #15064 (Confirmed): Statis menu entry for APCUPSD leads to settings page, not status
Tested against:... Danilo Zrenjanin
08:04 AM pfSense Packages Regression #15158 (Confirmed): XMLRPC Timeout won't save if over 150
Tested against:... Danilo Zrenjanin
07:58 AM pfSense Packages Regression #15159 (Confirmed): XMLRPC Replication Target required even if not using it
I tested against:... Danilo Zrenjanin
07:51 AM Regression #15112: ``status_interfaces.php`` is missing several values for SFP modules
Can confirm this behavior since 23.01
!clipboard-202401131150-fmqvr.png!... Lev Prokofev
03:07 AM Feature #15160 (New): Support multiple RAs and router preferences
My ISP currently returns two RAs in response to an RS. Both of the RAs have the preference field set ("RFC 4191":http... James Geboski
02:55 AM Bug #15134: Post upgrade to 2.7.2 - Change in alias name stops all traffic
I presume you're talking about a port forward rule here, but about how many entries does this alias have? Is the forw... Chris W

01/12/2024

11:43 PM pfSense Packages Feature #12918: pfBlockerNG-devel changes from xmlrpc sync do not take effect immediately
FWIW a Force Reload on the primary will sync to the secondary. A Force Update will not. Steve Y
11:40 PM pfSense Packages Regression #15159 (Feedback): XMLRPC Replication Target required even if not using it
On page Firewall/pfBlockerNG/Sync if "Sync to configured system backup server" is selected, "XMLRPC Replication Targe... Steve Y
11:37 PM pfSense Packages Regression #15158 (Confirmed): XMLRPC Timeout won't save if over 150
Firewall/pfBlockerNG/Sync has option "XMLRPC Timeout":... Steve Y
11:35 PM Bug #15157 (Resolved): PHP error when generating a notification after detecting a malformed configuration
I am having the following issue when trying to update the DNS Resolver backup. Below is the file with the error. Ramon Alonso Costa
10:31 PM Feature #13894 (Pull Request Review): Explicitly enable/disable DHCP Dynamic DNS updates in each scope
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/1122 Marcos M
07:15 PM pfSense Packages Bug #15088 (Confirmed): BIND does not start after a config restore
Tested against:... Danilo Zrenjanin

01/11/2024

06:59 PM Bug #15156: Fragmented packets delayed by limiters are lost
rules.debug from the firewall Georgiy Tyutyunnik
06:46 PM Bug #15156 (Resolved): Fragmented packets delayed by limiters are lost
Client is having issues with outgoing SIP calls on XG-1537 23.09.1 specifically. KVM host with the same config works ... Georgiy Tyutyunnik
05:32 PM Bug #15154: dco_update_peer_stat: invalid peer ID 0 returned by kernel
https://forum.netgate.com/topic/185411/23-09-01-hardware-crypto-showing-no-hardware-crypto-acceleration-for-system-wi... Jonathan Lee
07:52 AM Bug #15154: dco_update_peer_stat: invalid peer ID 0 returned by kernel
It is supposed to be automatic but it does not show on vmstat at all any increments of interrupt requests Jonathan Lee
07:50 AM Bug #15154: dco_update_peer_stat: invalid peer ID 0 returned by kernel
It’s not being detected by OpenVPN and it’s not listed with vmstat Jonathan Lee
12:16 AM Bug #15154 (New): dco_update_peer_stat: invalid peer ID 0 returned by kernel
Hello fellow redmine members
I am showing this error
@dco_update_peer_stat: invalid peer ID 0 returned by kern... Jonathan Lee
04:40 PM Bug #15155: Mobile IPsec traffic stops working after approximately 55 minutes
In the most recent case, it was working perfectly for 6 months since the last time this occurred, and then yesterday ... Andrew Almond
01:37 PM Bug #15155 (Not a Bug): Mobile IPsec traffic stops working after approximately 55 minutes
This is almost certainly a config issue. Also possible that something changed between 23.05.1 and 23.09.1 so you shou... Jim Pingle
06:00 AM Bug #15155: Mobile IPsec traffic stops working after approximately 55 minutes
I've seen this before. It's an issue with the Windows 10/11 VPN client. I can't remember what the fix was but it's so... Brad Smith
01:23 AM Bug #15155 (Not a Bug): Mobile IPsec traffic stops working after approximately 55 minutes
Windows 10 clients using the builtin IPsec client connecting to pfSense 23.05.1
Most of the time everything works ... Andrew Almond
01:28 PM pfSense Plus Bug #15153 (Not a Bug): Backup Restore Issues restoring (Restore Area: Firewall Rules) Aliases for Subnets
That is expected behavior in this case, as the Firewall Rules area of the backup/restore selection does not include A... Jim Pingle
12:41 PM pfSense Packages Bug #14406 (Resolved): Squid Proxy version 0.4.46 Missing Error subfolder and files for "en" or "en-usa" and all other languages.
This is fixed in 23.09.1. The language folders are present:... Steve Wheeler
02:18 AM pfSense Packages Bug #14406: Squid Proxy version 0.4.46 Missing Error subfolder and files for "en" or "en-usa" and all other languages.
Correction
@ln -s /usr/local/etc/squid/errors/templates /usr/local/etc/squid/errors/en-us@
and
@ln -s /usr/l... Jonathan Lee
02:03 AM pfSense Packages Bug #14406: Squid Proxy version 0.4.46 Missing Error subfolder and files for "en" or "en-usa" and all other languages.
ln -s /usr/local/etc/squid/errors/templates /usr/local/etc/squid/en
This command fixes the problem.
Link the f... Jonathan Lee
07:56 AM pfSense Plus Bug #15151: OpenVPN TAP & BRIDGE
Jim,
we don't need a forum, we need a contact to people who have real influence on the pfSense code - you don't ha... Łukasz Rojczyk

01/10/2024

11:28 PM pfSense Plus Bug #15149: Hardware Crypto showing No Hardware Crypto Acceleration for system with crypto chip installed
25.05.01 It has no issues with that ID Jonathan Lee
11:27 PM pfSense Plus Bug #15149: Hardware Crypto showing No Hardware Crypto Acceleration for system with crypto chip installed
@Jim Pingle
@dco_update_peer_stat: invalid peer ID 0 returned by kernel@
shows when using the crypto chip it... Jonathan Lee
11:22 PM pfSense Plus Bug #15153 (Not a Bug): Backup Restore Issues restoring (Restore Area: Firewall Rules) Aliases for Subnets
Hello fellow Redmine members,
I wanted to report a bug I found in the Backup Restore section of pfSense Plus.
... Jonathan Lee
07:41 PM pfSense Plus Bug #15151: OpenVPN TAP & BRIDGE
A tap bridge is only useful for linking L2 which would see MAC addresses, so you reserve hosts in DHCP by MAC address... Jim Pingle
07:21 PM pfSense Plus Bug #15151: OpenVPN TAP & BRIDGE
I checked what you suggested but from the client side it is also no longer possible to make a bridge with the OpenVPN... Łukasz Rojczyk
05:41 PM pfSense Plus Bug #15151 (Rejected): OpenVPN TAP & BRIDGE
I provided a link with the "official" way to bridge OpenVPN to a LAN.
Third party guides/videos are not good refer... Jim Pingle
05:30 PM pfSense Plus Bug #15151: OpenVPN TAP & BRIDGE
You remain in error.
Somehow it was able to work well for 6 years and I think it was used by many people who use T... Łukasz Rojczyk
05:20 PM pfSense Plus Bug #15151 (Feedback): OpenVPN TAP & BRIDGE
Normally with a tap bridge you don't have an interface address / tunnel network on the member interfaces, only on the... Jim Pingle
04:44 PM pfSense Plus Bug #15151 (Rejected): OpenVPN TAP & BRIDGE
When configuring OpenVPN TAP with a static address pool, there is a problem when configuring the TAP bridge with anot... Łukasz Rojczyk
05:27 PM Regression #15152 (Resolved): Systems with low RAM fail to upgrade to 24.03
The 1100 fails to upgrade to 24.03 with 'no space left' errors. This appears to be on any tmpfs device. So that's /va... Steve Wheeler
03:46 PM pfSense Plus Bug #14824: OpenVPN instance on IPv6 PPPoE interface does not always start automatically
I have diagnosed something, so far I know that removing the TAP bridge from the LAN solves the problem above.
Is t... Łukasz Rojczyk
02:08 PM Bug #15145 (Pull Request Review): Unable to perform Packet Captures on a tailscale interface in GUI with default settings
Can't close this yet, the patch hasn't been merged anywhere. Jim Pingle
07:25 AM Bug #15145 (Resolved): Unable to perform Packet Captures on a tailscale interface in GUI with default settings
Danilo Zrenjanin
07:24 AM Bug #15145: Unable to perform Packet Captures on a tailscale interface in GUI with default settings
The patch fixes it.
Tested against:... Danilo Zrenjanin
08:20 AM Bug #15063 (Confirmed): vpn_openvpn_server.php: shows last used interface, after changing to multihome
Danilo Zrenjanin
08:20 AM Bug #15063: vpn_openvpn_server.php: shows last used interface, after changing to multihome
I can confirm this behavior.
Tested against:... Danilo Zrenjanin

01/09/2024

10:54 PM pfSense Plus Bug #15104: Layer 2 experimental Firewall/Rules/Ethernet: new broadcast domain issues
This is what I mean by rule id I use it with my LED script. With the new rules when using them with wlan address they... Jonathan Lee
10:50 PM pfSense Plus Bug #15104: Layer 2 experimental Firewall/Rules/Ethernet: new broadcast domain issues
https://forum.netgate.com/topic/185443/example-of-layer-2-ethernet-firewall-rules
I was able to get it to work how... Jonathan Lee
10:43 PM Revision c7c8d878: pfSense-boot: silence mount -p stderr
Usually mount -p will not emit stderr, however some automation environments lack
/etc/fstab which will cause error me... Reid Linnemann
03:55 PM Bug #15148 (Resolved): OpenVPN Wizard fails when a VIP is used
Marcos M
03:23 PM Bug #15148: OpenVPN Wizard fails when a VIP is used
Looks good in 23.09.1 - SG2100 and 2.7.1 in a VM. dylan mendez
03:52 PM Revision 1fc8364a: poudriere: move to drm-515-kmod
Marcos M
03:52 PM pfSense Packages Bug #11970 (Confirmed): Netgate Firmware Upgrade Doesn't Work on XG-2758 (ADI/coreboot)
Steve Wheeler
03:51 PM pfSense Packages Bug #11970: Netgate Firmware Upgrade Doesn't Work on XG-2758 (ADI/coreboot)
2.4.4-p3 is still the most recent version that included a compatible firmware update package for the XG-2758. Steve Wheeler
03:43 PM pfSense Plus Bug #15149: Hardware Crypto showing No Hardware Crypto Acceleration for system with crypto chip installed
If it's shown on the dashboard as active, and there is kernel encryption happening on the VPN (e.g. OpenVPN DCO, IPse... Jim Pingle
03:27 PM pfSense Plus Bug #15149: Hardware Crypto showing No Hardware Crypto Acceleration for system with crypto chip installed
Is there anything I can do because I have the older 2100 that has this chip, I understand the new 2100 does not come ... Jonathan Lee
01:49 PM pfSense Plus Bug #15149 (Not a Bug): Hardware Crypto showing No Hardware Crypto Acceleration for system with crypto chip installed
The OpenVPN crypto hardware choice is not relevant and hasn't done anything meaningful in years. It should probably b... Jim Pingle
01:36 AM pfSense Plus Bug #15149: Hardware Crypto showing No Hardware Crypto Acceleration for system with crypto chip installed
New firmware was installed also same issue Jonathan Lee
01:36 AM pfSense Plus Bug #15149: Hardware Crypto showing No Hardware Crypto Acceleration for system with crypto chip installed
https://forum.netgate.com/topic/185411/23-09-01-hardware-crypto-showing-no-hardware-crypto-acceleration-for-system-wi... Jonathan Lee
01:30 AM pfSense Plus Bug #15149 (Not a Bug): Hardware Crypto showing No Hardware Crypto Acceleration for system with crypto chip installed
The Hardware Crypto is no longer showing up under OpenVPN configuration. My Netgate appliance has a crypto chip insta... Jonathan Lee
02:44 PM pfSense Docs New Content #15150 (Resolved): Update IPsec Terminology Differences
Reference: https://docs.netgate.com/pfsense/en/latest/vpn/ipsec/compatibility.html#terminology-differences
Includ... Mike Moore

01/08/2024

11:05 PM pfSense Packages Bug #15131: OpenVPN client export issues with iPhone and IPV6 connections
Tried this in an iPhone 13 with latest iOS version, but on IPv4 and it worked fine. This seems to be related to IPv6 ... dylan mendez
10:55 PM Bug #15148 (Feedback): OpenVPN Wizard fails when a VIP is used
Applied in changeset commit:2b2b084c185726487aeaa4d5dd9ea6177d92968c. Marcos M
10:35 PM Bug #15148: OpenVPN Wizard fails when a VIP is used
Looks good with that patch applied to 23.09.1 in aarch64. Steve Wheeler
10:24 PM Bug #15148 (Ready To Test): OpenVPN Wizard fails when a VIP is used
It looks like this never worked. Fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/1120 Marcos M
05:21 PM Bug #15148 (Resolved): OpenVPN Wizard fails when a VIP is used
If you create a remote access server using the OpenVPN wizard and select a VIP as the interface it creates an invalid... Steve Wheeler
09:25 PM Regression #14431: Sending IPv6 traffic on a disabled interface can trigger a kernel panic
I've pushed a workaround to both devel-main and plus-devel-main. That should avoid the panic (or at least make it muc... Kristof Provost
09:20 PM Revision 2b2b084c: Handle VIPs in OpenVPN Wizard. Fix #15148
Marcos M
04:35 PM Bug #15144: smtp account details specifically password are lost with test if not saved
Jim Pingle wrote in #note-1:
> The current text is clear in stating that it uses the SAVED values, not what was ente... Des Quinn
01:34 PM Bug #15144 (Rejected): smtp account details specifically password are lost with test if not saved
The current text is clear in stating that it uses the SAVED values, not what was entered into the form, and that appl... Jim Pingle
02:23 PM Bug #15134: Post upgrade to 2.7.2 - Change in alias name stops all traffic
Kris Phillips wrote in #note-3:
> Also unable to recreate this on either 2.7.2 or 23.09.1. Until more details can b... Rajko B
01:32 PM Bug #15134 (Incomplete): Post upgrade to 2.7.2 - Change in alias name stops all traffic
Jim Pingle
01:31 PM pfSense Packages Bug #13997 (Closed): NUT Package and 23.01
Jim Pingle
01:31 PM Bug #15146 (Rejected): Outbound NAT rules need re-applied after restore in different hardware
Any manual outbound NAT rules in the list would have to be updated by hand (even in hybrid mode). Anything automatic ... Jim Pingle
11:56 AM Revision b580dbfb: Font Awesome: Update to v6.5.1
Christian McDonald
01:17 AM Bug #15147 (Closed): Cannot configure dual stack IPsec tunnel to accept connections from any remote address on both address families
If in Phase 1, Internet Protocol "Both (Dual Stack)" is selected, then under Remote Gateway the explanation in the bl... Lars Wolos

01/07/2024

12:53 PM Bug #15146 (Rejected): Outbound NAT rules need re-applied after restore in different hardware
After restoring a backup to a different hardware access from LAN to WAN was not passed through.
Steps to reproduc... Vasileios Mitrousis
06:15 AM pfSense Packages Bug #14836: squid and capitive portal integration bug
Tested on
23.09.1-RELEASE (amd64)
built on Wed Dec 20 18:27:00 UTC 2023
FreeBSD 14.0-CURRENT
24.03-DEVELOPMEN... aleksei prokofiev
06:02 AM Bug #15145: Unable to perform Packet Captures on a tailscale interface in GUI with default settings
Tested on
23.09.1-RELEASE (amd64)
built on Wed Dec 20 18:27:00 UTC 2023
FreeBSD 14.0-CURRENT
24.03-DEVELOPMENT ... aleksei prokofiev
03:25 AM pfSense Packages Bug #13997: NUT Package and 23.01
This is stale and should be closed. Denny Page
01:41 AM Bug #15130: Kea will not start with identical MAC address filters on multiple interfaces
I can confirm this issue. I also can confirm that it happens with both the Allowed MACs and Denied MACs fields. You... Kris Phillips
01:37 AM Bug #15134: Post upgrade to 2.7.2 - Change in alias name stops all traffic
Also unable to recreate this on either 2.7.2 or 23.09.1. Until more details can be provided, this should be marked a... Kris Phillips

01/06/2024

11:27 PM Bug #15145 (Pull Request Review): Unable to perform Packet Captures on a tailscale interface in GUI with default settings
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/1118 Christopher Cope
11:16 PM Bug #15145 (Resolved): Unable to perform Packet Captures on a tailscale interface in GUI with default settings
Attempts to do a packet capture on the tailscale interface in the GUI results in it stopping immediately.
Trying t... Christopher Cope
10:28 PM Feature #855: Ability to selectively kill states on gateway recovery
This is a very frustrating issue. I do not understand where the issue is at since on a failure, the states are down a... Craig Sharp
05:23 PM Bug #15144 (Rejected): smtp account details specifically password are lost with test if not saved
When you goto enter account and passwpord details for smtp server then press test, it may work. However, the saved pa... Des Quinn
10:51 AM Bug #15143 (Not a Bug): Telegram notification of DynDNS update spoiles IP address
pfSense 2.7.x
DynDNS via "Update URL" like http://sync.afraid.org/u/bla-bla-bla
Telegram Notifications enabled
A... Alexei Mezin
09:18 AM Bug #14757: Special character encoding - crash on save / config restore
Not able to replicate this,
I set the group name with "ü" on 2.6... Lev Prokofev
08:23 AM pfSense Packages Regression #14418 (Resolved): RRD Summary prints zero in all data fields
I tested the version:... Danilo Zrenjanin
02:43 AM Bug #15134: Post upgrade to 2.7.2 - Change in alias name stops all traffic
I'm not able to reproduce this on a system upgraded to 2.7.2 from the 2.7 installation image. I simply made an alias ... Chris W

01/05/2024

07:07 PM pfSense Docs Todo #15125: Feedback on Services — DHCPv4
Ethan Word wrote:
> *Page:* https://docs.netgate.com/pfsense/en/latest/services/dhcp/relay.html
>
> *Feedback:*
... Ethan Word
02:21 PM pfSense Docs Todo #15125 (Closed): Feedback on Services — DHCPv4
Warning corrected (again): https://gitlab.netgate.com/docs/pfSense-docs/-/commit/274f8df2a134de5e29c9ee943b2c705edd5e... Jim Pingle
02:14 PM pfSense Docs Todo #15125: Feedback on Services — DHCPv4
That note was changed after support was added for running both at the same time in #14620 , but didn't get changed ba... Jim Pingle
04:42 PM pfSense Docs Todo #15142: Feedback on Virtual Private Networks — OpenVPN — Assigning OpenVPN Interfaces
agree to disagree. Rick Lunt
04:41 PM pfSense Docs Todo #15142 (Rejected): Feedback on Virtual Private Networks — OpenVPN — Assigning OpenVPN Interfaces
It's already clear what is meant based on context there. Spelling it all out in that much detail makes it far too wor... Jim Pingle
04:29 PM pfSense Docs Todo #15142 (Rejected): Feedback on Virtual Private Networks — OpenVPN — Assigning OpenVPN Interfaces
*Page:* https://docs.netgate.com/pfsense/en/latest/vpn/openvpn/assign.html
*Feedback:*
re-open unclear document... Rick Lunt
04:37 PM pfSense Docs Todo #15136: Feedback on pfSense® software Configuration Recipes — Routing Internet Traffic Through A Site-To-Site OpenVPN Tunnel
Agree, missed the hyperlink to https://docs.netgate.com/pfsense/en/latest/vpn/openvpn/assign.html
Which made the s... Rick Lunt
03:54 PM Todo #13537: Update vendor files
Hi Marcos,
thanks for taking a look.
I think updating to bootstrap 4 might require a bit more work, definitely need... GChuf 6
03:04 PM pfSense Docs Todo #15113 (Closed): Update Image Verification Document to tell people to not sha256sum the .sha256 file, but instead just view the contents
This should hopefully clarify things:
https://gitlab.netgate.com/docs/pfSense-docs/-/commit/b9eaf245752a7738fdc66b... Jim Pingle
02:10 PM pfSense Docs Todo #15141 (Closed): Feedback on Development — Executing Commands at Boot
I added a bit of text there explaining those scripts also get run at other times, and listed examples of those times.... Jim Pingle
02:16 AM pfSense Docs Todo #15141 (Closed): Feedback on Development — Executing Commands at Boot
*Page:* https://docs.netgate.com/pfsense/en/latest/development/boot-commands.html
*Feedback:*
https://forum.net... Vincent Waniel
08:14 AM Bug #15127 (Resolved): ``check_dnsavailable()`` failing even when DNS is available
I applied the patch and tested all the services that were potentially affected.
ACB worked fine.
The DHCP lease pag... Danilo Zrenjanin
08:01 AM Bug #14613: Incorrect wireguard control panel status management
The 2.7.2 bug seems to have been fixed. I upgraded from 2.7 to 2.7.2 and restarted. The bug did not recur. I will con... hao zhang
01:07 AM Bug #15137: wireguard
This site is not for support or diagnostic discussion. Wtf was I doing. I was goin to drop a hole buch of info on thi... Mftic Mftic
12:45 AM Revision fa953ac0: Consolidate is_url_hostname_resolvable() into resolve_address()
is_url_hostname_resolvable() used gethostbyname() which only
supports getting IPv4 records. This change makes resolve... Marcos M

01/04/2024

09:52 PM Revision 0b3052b3: Clarify function use and description
Marcos M
08:01 PM Bug #15137 (Closed): wireguard
This site is not for support or diagnostic discussion.
For assistance in solving problems, please post on the "Net... Marcos M
03:17 PM Bug #15137 (Closed): wireguard
Each time I get wireguard to work. I run a speed test and pfsense Crash hard. I have to install pfsense all over..
... Mftic Mftic
07:55 PM Bug #15140 (Incomplete): Remote syslog servers on dynamically routed networks are being sent out default GW after reboot when using source IP of "lan"
OK, it's best to track that down for this report (possibly discuss further in the forums). The overall "state" issue ... Marcos M
07:25 PM Bug #15140: Remote syslog servers on dynamically routed networks are being sent out default GW after reboot when using source IP of "lan"
Marcos M wrote in #note-2:
> > While it does prevent the traffic from exiting the WAN interface, the syslog messages... James Blanton
07:06 PM Bug #15140: Remote syslog servers on dynamically routed networks are being sent out default GW after reboot when using source IP of "lan"
> While it does prevent the traffic from exiting the WAN interface, the syslog messages are still not being routed pr... Marcos M
05:04 PM Bug #15140: Remote syslog servers on dynamically routed networks are being sent out default GW after reboot when using source IP of "lan"
Pull request: https://github.com/pfsense/pfsense/pull/4665 James Blanton
04:48 PM Bug #15140 (Incomplete): Remote syslog servers on dynamically routed networks are being sent out default GW after reboot when using source IP of "lan"
Syslogd is started before any packages are started, including the FRR package. If any remote syslog servers are on a ... James Blanton
04:45 PM Feature #14765 (Rejected): DHCPv6 is limited to DUID and unable to consider IAID
Unfortunately this is not supported on ISC DHCPv6, and I've not yet seen a way to handle this on Kea.
https://kb.isc.... Marcos M
04:43 PM Bug #15127 (Feedback): ``check_dnsavailable()`` failing even when DNS is available
Fixed in commit:11b04370dda80cfe9abed42192faa51f21d30eb0. Marcos M
04:41 PM Bug #15139 (Resolved): Local DNS resolution behavior does not add an IPv6 nameserver
Fixed in commit:89cc24a60c601954e86d4acfc52f5356afecd069.... Marcos M
04:36 PM Bug #15139 (Resolved): Local DNS resolution behavior does not add an IPv6 nameserver
Under @System > General Setup@, the "local" DNS Resolution behavior only adds an IPv4 localhost - IPv6 is missing. Th... Marcos M
04:38 PM Revision 11b04370: Refactor system DNS check. Fix #15127
Marcos M
04:38 PM Revision 89cc24a6: Add IPv6 localhost nameserver to /etc/resolv.conf. Fix #15139
Marcos M
03:27 PM pfSense Docs Todo #15138 (Rejected): Feedback on Virtual Private Networks — OpenVPN — Assigning OpenVPN Interfaces
Please post on the forum if you have questions or problems following the documentation. The line in question is refer... Jim Pingle
03:18 PM pfSense Docs Todo #15138 (Rejected): Feedback on Virtual Private Networks — OpenVPN — Assigning OpenVPN Interfaces
*Page:* https://docs.netgate.com/pfsense/en/latest/vpn/openvpn/assign.html
*Feedback:*
this line: Navigate to V... Rick Lunt
03:11 PM pfSense Docs Todo #15136 (Rejected): Feedback on pfSense® software Configuration Recipes — Routing Internet Traffic Through A Site-To-Site OpenVPN Tunnel
Your assumption is incorrect. The only places that "OpenVPN interface" appear in the linked document are after the do... Jim Pingle
02:57 PM pfSense Docs Todo #15136 (Rejected): Feedback on pfSense® software Configuration Recipes — Routing Internet Traffic Through A Site-To-Site OpenVPN Tunnel
*Page:* https://docs.netgate.com/pfsense/en/latest/recipes/openvpn-s2s-route-internet-traffic.html
*Feedback:*
... Rick Lunt
12:38 PM Bug #15117: Shortcut bar on DHCPv6 leases (``status_dhcpv6_leases.php``) navigates to DHCPv4 destinations, not DHCPv6
Rewording subject for the release notes since this affected everything on the shortcut bar on that page, not just the... Jim Pingle
07:29 AM Bug #15117 (Resolved): Shortcut bar on DHCPv6 leases (``status_dhcpv6_leases.php``) navigates to DHCPv4 destinations, not DHCPv6
The patch fixes it.
I am marking this ticket as resolved. Danilo Zrenjanin
12:35 PM pfSense Plus Bug #14824: OpenVPN instance on IPv6 PPPoE interface does not always start automatically
Jan 4 13:00:00 openvpn 21642 Exiting due to fatal error
Jan 4 13:00:00 openvpn 21642 FreeBSD ifconfig failed: ... Łukasz Rojczyk
08:51 AM pfSense Packages Bug #15100: Tailscale IPv6 Exit Node uses first LAN interface when WAN is set to Only Request Prefix
This, or the broader issue of exit node gateway affects me with IPv4.
The seeming lack of configuration ability to s... C C

01/03/2024

11:17 PM pfSense Packages Bug #15132: bind-tools 9.18 pkg moved dnssec-* tools from sbin to bin
I'm working on the fix. The docs say to bump the version number in the makefile.
"When updating a package is it i... Stuart Wyatt
04:12 AM pfSense Packages Bug #15132 (New): bind-tools 9.18 pkg moved dnssec-* tools from sbin to bin
In bind.inc, the path to dnssec-keygen and dnssec-dsfromkey are hard coded to the /user/local/sbin/ directory. In bin... Stuart Wyatt
07:35 PM Bug #15135 (Feedback): Potential local file include vulnerability via DNS Resolver Python Module Script include mechanism
Applied in changeset commit:12cbb18a93c1f78e05806b6d3c90511e8967f43f. Jim Pingle
07:22 PM Bug #15135 (Resolved): Potential local file include vulnerability via DNS Resolver Python Module Script include mechanism
When the DNS Resolver Python Module function is enabled and a Python Module Script is present, the system also looks ... Jim Pingle
07:25 PM Revision 12cbb18a: Improve validation of DNS Resolver Python script. Fixes #15135
Jim Pingle
06:37 PM Bug #15084: Upgrading an EFI system installed to ZFS mirror does not upgrade EFI loader on additional disks
There was some change here recently as now this triggers a failure on upgrade for existing mirrors.
The second dis... Jim Pingle
03:23 PM pfSense Plus Bug #15097: Upgrade to 23.09.1 is not offered for 23.05.1
I had this issue on appliances while upgrading to 23.09 two branches back, where new version check was always failing... Clément PAPPALARDO
03:18 PM Bug #15133 (New): PHP error with OpenVPN server certificate verification if the certificate has multiple ``CN`` attributes
OK, good to know that worked.
We can fix the PHP error in the future but you may hit other issues with that sort o... Jim Pingle
03:14 PM Bug #15133: PHP error with OpenVPN server certificate verification if the certificate has multiple ``CN`` attributes
ok, it makes sense.
I recreated the certificate for this appliance (you were right, there was 2 CN), and now VPN S... Clément PAPPALARDO
02:33 PM Bug #15133: PHP error with OpenVPN server certificate verification if the certificate has multiple ``CN`` attributes
The error you are seeing is not relevant to the tunnel network and so on that's just a coincidence, the bulk of the s... Jim Pingle
02:20 PM Bug #15133: PHP error with OpenVPN server certificate verification if the certificate has multiple ``CN`` attributes
I have 2 WAN, I tried switching WAN source for this VPN server, not ok
I deleted vpn server and recreated it (same va... Clément PAPPALARDO
01:57 PM Bug #15133: PHP error with OpenVPN server certificate verification if the certificate has multiple ``CN`` attributes
I don't think so. I'm using it on 3 same other appliance without problems. My CA is a Windows CA imported.
On this A... Clément PAPPALARDO
01:46 PM Bug #15133 (Feedback): PHP error with OpenVPN server certificate verification if the certificate has multiple ``CN`` attributes
Is there something unusual about your server certificate? Was it created on pfSense or imported from elsewhere?
Th... Jim Pingle
09:46 AM Bug #15133: PHP error with OpenVPN server certificate verification if the certificate has multiple ``CN`` attributes
(but users cant connect without certificate verification) Clément PAPPALARDO
09:40 AM Bug #15133 (Resolved): PHP error with OpenVPN server certificate verification if the certificate has multiple ``CN`` attributes
... Clément PAPPALARDO
11:03 AM Bug #15134 (Incomplete): Post upgrade to 2.7.2 - Change in alias name stops all traffic
After installing the last 2.7.2 release, when we edited an Alias name - that rule stopped working, and all traffic wa... Rajko B
09:48 AM Bug #15130: Kea will not start with identical MAC address filters on multiple interfaces
Tested on:
23.09.1-RELEASE (amd64)
built on Wed Dec 20 18:27:00 UTC 2023
FreeBSD 14.0-CURRENT
I can confirm thi... aleksei prokofiev
06:26 AM Revision a68f7a3d: Update the years in the Copyright notice.
Luiz Souza

01/02/2024

08:50 PM Bug #15117 (Feedback): Shortcut bar on DHCPv6 leases (``status_dhcpv6_leases.php``) navigates to DHCPv4 destinations, not DHCPv6
Applied in changeset commit:3d95bdde7fbd926bd7ed7d3ac716f42727a15ca2. Jim Pingle
02:04 PM Bug #15117: Shortcut bar on DHCPv6 leases (``status_dhcpv6_leases.php``) navigates to DHCPv4 destinations, not DHCPv6
It's incorrect for me as well, the shortcut section on the page is set to @dhcp@ when it should be @dhcp6@:
source... Jim Pingle
08:43 PM Revision 3d95bdde: Correct DHCPv6 lease shortcut section. Fixes #15117
Jim Pingle
06:41 PM pfSense Packages Bug #15131: OpenVPN client export issues with iPhone and IPV6 connections
https://forums.openvpn.net/viewtopic.php?p=119902 (lists fix)
https://forums.openvpn.net/viewtopic.php?p=119904 (my ... Jonathan Lee
06:38 PM pfSense Packages Bug #15131 (Confirmed): OpenVPN client export issues with iPhone and IPV6 connections
I have researched and found an issue within the OpenVPN's client export config file for iPhones (OpenVPN Connect (iOS... Jonathan Lee
05:49 PM Bug #15130 (Resolved): Kea will not start with identical MAC address filters on multiple interfaces
Steps to duplicate:
Enter identical MAC address filters on two interfaces. kea will no longer start:
Jan 2 17:4... Chris Linstruth
05:04 PM pfSense Packages Todo #15119 (Feedback): Update nut-devel version and update startup script
Merged into devel branches, should be in snapshots for testing tomorrow. Jim Pingle
03:48 PM pfSense Plus Bug #15097: Upgrade to 23.09.1 is not offered for 23.05.1
Marcos M wrote in #note-4:
> The issue is due to a missing @.default@ file, e.g. @/usr/local/etc/pfSense/pkg/repos/pf... Tom L
02:06 PM Bug #15129 (Duplicate): Arp table not displaying hostname
Duplicate of #15127 (same root cause) Jim Pingle
01:49 PM Bug #15127: ``check_dnsavailable()`` failing even when DNS is available
This affects a lot more than just ACB. It affects DHCP lease display, ARP display, NDP display, update checks, and po... Jim Pingle
01:33 PM pfSense Plus Regression #14964 (Not a Bug): SG-3100: iscsi support removed from 23.09 kernel
At this point things removed from 3100 are unlikely to return as they were probably removed due to problems with armv... Jim Pingle

01/01/2024

01:55 PM Bug #15129: Arp table not displaying hostname
So I applied this patch https://redmine.pfsense.org/issues/15127 and now hostnames are back..
See the above thread... JohnPoz _
01:30 PM pfSense Packages Bug #14058: Update vendor=on triggers installation failure
I just ran into this with arpwatch on 23.09.1... JohnPoz _
12:10 AM Regression #14970: Static ARP assignments lose ``permanent`` flag in ARP table
Basically someone (likely me) just needs to start producing test builds at various points in time between a known goo... Christian McDonald
12:02 AM Regression #14970: Static ARP assignments lose ``permanent`` flag in ARP table
Christian McDonald wrote in #note-17:
> If someone can provide me with two versions as closely related in time as po... Zachary Cohen

12/31/2023

11:07 PM Bug #15129: Arp table not displaying hostname
Probably more fallout from Netlink. I will look. Christian McDonald
10:44 PM Bug #15129: Arp table not displaying hostname
Thread https://forum.netgate.com/topic/185231/no-hostnames-under-diagnostics-arp JohnPoz _
10:43 PM Bug #15129 (Duplicate): Arp table not displaying hostname
So I recall about a year ago this was happening in the ndp table.. But now seems in the arp table same sort of proble... JohnPoz _
09:19 PM pfSense Docs Correction #15128 (Closed): Note that a WireGuard peer must have "Dynamic" unset to see Endpoint options
*Page:* https://docs.netgate.com/pfsense/en/latest/recipes/wireguard-s2s.html
*Feedback:* The Peer Configuration s... Phil Duby
08:12 PM Regression #14970: Static ARP assignments lose ``permanent`` flag in ARP table
If someone can provide me with two versions as closely related in time as possible along with a reproducer I can bise... Christian McDonald
07:20 AM Regression #14970: Static ARP assignments lose ``permanent`` flag in ARP table
Boycee . wrote in #note-11:
> The issue I opened (#15105) was a decided to be a duplicate of this one. Just pasting... Zachary Cohen
05:19 AM Bug #15117: Shortcut bar on DHCPv6 leases (``status_dhcpv6_leases.php``) navigates to DHCPv4 destinations, not DHCPv6
It is, indeed, the related settings link. on my system, this is a link to
https://<fqdn>/services_dhcp.php - it sho... David Cornejo
01:26 AM Bug #15117: Shortcut bar on DHCPv6 leases (``status_dhcpv6_leases.php``) navigates to DHCPv4 destinations, not DHCPv6
I'm not able to confirm this. Going to Status --> DHCPv6 Leases --> Related Settings link at the top goes to the DHC... Kris Phillips
04:40 AM Bug #15127: ``check_dnsavailable()`` failing even when DNS is available
verified prior condition and that ACB restore entries were once again present following application of the patch above Jordan G
12:43 AM pfSense Plus Bug #15126: SG-1100 pfSense+ recovery results in non aligned disk slices
David Burns wrote:
> Currently preparing for an upgrade of SG-1100 remote worker fleet.
>
> However after install... Kris Phillips
12:20 AM Bug #15122: PHP errors in LDAP server prevent it from falling back to Local Database
Merged https://gitlab.netgate.com/pfSense/pfSense/-/commit/c48e3d87347538a6ef3e8b7542bdd498176343dd Christopher Cope

12/30/2023

10:45 PM Bug #15122 (Feedback): PHP errors in LDAP server prevent it from falling back to Local Database
Marcos M
12:30 AM Bug #15122 (Pull Request Review): PHP errors in LDAP server prevent it from falling back to Local Database
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/1115 Christopher Cope
10:44 PM Revision c48e3d87: Bail earlier if the LDAP connection fails. Fix #15122
Christopher Cope
10:33 PM Bug #15127 (Assigned): ``check_dnsavailable()`` failing even when DNS is available
Marcos M
10:14 PM Bug #15127: ``check_dnsavailable()`` failing even when DNS is available
The attached workaround patch may be applied using the "System Patches package":https://docs.netgate.com/pfsense/en/l... Marcos M
08:31 PM Bug #15127 (Resolved): ``check_dnsavailable()`` failing even when DNS is available
In the file /usr/local/www/services_acb.php there is a call on line 233 to "check_dnsavailable" which queries against... Kris Phillips
05:17 AM Bug #14605: Dynamic DNS uses the default gateway interface instead of the specified interface
Good afternoon. I can confirm that there is an error, but for some reason netgate does not want to investigate it (if... Stepan Afonin

12/29/2023

07:48 PM pfSense Plus Bug #15097 (Resolved): Upgrade to 23.09.1 is not offered for 23.05.1
The system link does exist:... Marcos M
06:35 PM Revision 4bd55d9a: Remove broken input validation
This input validation was originally done in a function that effectively
ignored any input errors. When it was taken ... Marcos M
11:25 AM pfSense Plus Bug #14005: SFP Interfaces not available with Traffic Shaper in v23.01
For info; I have updated the Netgates to version 23.09.1 and the problem still exists. The interfaces Clx0 and clx1 (... Brendon Flint
11:23 AM Bug #15124 (Resolved): IPsec VTI is not created correctly when using a Phase 2 remote type of ``Network``
The patch fixes it. The IPsec interface gets IP address and the gateway as expected with no error logs.
I am mark... Danilo Zrenjanin
03:11 AM pfSense Plus Bug #15126 (Resolved): SG-1100 pfSense+ recovery results in non aligned disk slices
Currently preparing for an upgrade of SG-1100 remote worker fleet.
However after installing the latest SG-1100 rec... David Burns
12:50 AM Bug #6167: IPsec IPComp not working
Some basic testing on 23.09.1 shows it works for policy-based tunnels, but not for route-based tunnels (VTI). Here's ... Marcos M
12:12 AM pfSense Docs Todo #15125 (Closed): Feedback on Services — DHCPv4
*Page:* https://docs.netgate.com/pfsense/en/latest/services/dhcp/relay.html
*Feedback:*
The note here which menti... Ethan Word

12/28/2023

10:45 PM Revision e0b7afa9: pfSense-boot: Ensure freebsd efi directory exists
Reid Linnemann
10:31 PM Bug #15087: IPsec Keep Alive does not update the gateway status
Regarding #note-3, see #15124. Marcos M
10:29 PM Bug #15124 (Feedback): IPsec VTI is not created correctly when using a Phase 2 remote type of ``Network``
Fixed in commit:8e83f722c70bc6bd4a7e4275f8ddc3ac3fe5efc5. Marcos M
10:19 PM Bug #15124 (Resolved): IPsec VTI is not created correctly when using a Phase 2 remote type of ``Network``
The @Remote Network@ field in the IPsec Phase 2 configuration allows for the @Network@ type with VTI mode. This resul... Marcos M
10:27 PM Revision 8e83f722: Strip the prefix size from the VTI remote address. Fix #15124
Marcos M
09:13 PM Bug #15066: PHP allocation failure in pfsense-utils.inc
Happened again. No idea why. Again, no use of the dashboard at the time.
Crash report begins. Anonymous machine i... Alex Rosenberg
08:15 PM Bug #9453: Reconfiguring a parent LAGG interface breaks its VLANs
Mike Moore wrote in #note-10:
> Could the fix resolve https://redmine.pfsense.org/issues/14659 or https://redmine.p... Marcos M
07:32 PM Bug #9453: Reconfiguring a parent LAGG interface breaks its VLANs
Could the fix resolve https://redmine.pfsense.org/issues/14659 or https://redmine.pfsense.org/issues/14483 Mike Moore
02:00 PM Revision 7bb1c10a: pfSenseHelpers.js: improve usepost interface. See comment.
Christian McDonald
09:27 AM Bug #15110: pfSense hangs when rebooting
The TAC ticket number for reference is:
2157407569 Danilo Zrenjanin
09:26 AM Bug #15110: pfSense hangs when rebooting
The drives used in testing:
Trancent ts128Gmte452 and SK hynix.
!clipboard-202312281024-brq7o.png!
The behav... Danilo Zrenjanin
08:25 AM Bug #15110: pfSense hangs when rebooting
Installing the SSD drive in another port did not resolve the issue. It behaved in the same way. Danilo Zrenjanin
12:38 AM Bug #15122 (Resolved): PHP errors in LDAP server prevent it from falling back to Local Database

The following error can be hit when attempting to login with a misconfigured LDAP server, which prevents the code... Christopher Cope

12/27/2023

09:37 PM pfSense Packages Bug #15120 (Not a Bug): Suricata upgrade/install adds default rulesets
Marcos M
09:21 PM pfSense Packages Bug #15120: Suricata upgrade/install adds default rulesets
Suricata upstream periodically adds new built-in rules with upgrades. The new QUIC rules are one recent example, but ... Bill Meeks
08:12 PM pfSense Packages Bug #15120 (Not a Bug): Suricata upgrade/install adds default rulesets
We had traditionally disabled stream-events.rules because of false positives. I have noticed a couple times lately it... Steve Y
09:35 PM Bug #9453 (Feedback): Reconfiguring a parent LAGG interface breaks its VLANs
Fixed in commit:88674cdb01ba38adc71f12be73e0305bb6f57ccd. Marcos M
09:14 PM Revision 563d3c76: Remove unnecessary sleep when configuring unbound
Marcos M
09:10 PM Revision 88674cdb: Reconfigure VLANs after recreating LAGG interfaces. Fix #9453
Marcos M
08:00 PM pfSense Packages Todo #15119: Update nut-devel version and update startup script
The startup script change is contained in PR https://github.com/pfsense/FreeBSD-ports/pull/1340.
The nut-devel upd... Denny Page
07:48 PM pfSense Packages Todo #15119 (Resolved): Update nut-devel version and update startup script
* Update nut startup script to avoid ups failure notifications on nut restart following interface changes.
* Updat... Denny Page
01:53 PM Bug #15087: IPsec Keep Alive does not update the gateway status
If I select Type Network /30, the IPsec interface never gets the IP address. It gets only the gateway.
!clipboard-20... Danilo Zrenjanin
01:49 PM Bug #15118: DHCPv6 settings page "DDNS Reverse" check box not showing current state
Can replicate on 24.03 ... Lev Prokofev
12:41 PM Bug #15118 (Confirmed): DHCPv6 settings page "DDNS Reverse" check box not showing current state
I can replicate this behaviour on:... Danilo Zrenjanin
12:43 PM Bug #15117 (Confirmed): Shortcut bar on DHCPv6 leases (``status_dhcpv6_leases.php``) navigates to DHCPv4 destinations, not DHCPv6
I can confirm this behavior on:... Danilo Zrenjanin
09:09 AM Bug #14919: OpenVPN forms invalid ``route`` statements for empty local networks
Tested against:... Danilo Zrenjanin

12/26/2023

09:45 PM Bug #15043: IGMP proxy works intermittently
It would make a lot of us happy if the kernel patch was made available as a separate download.
There was a downloada... Arturo de Vries
09:40 PM Bug #15116: Kea not working with UEFI HTTPBoot URL configured
There's some information here:
https://kea.readthedocs.io/en/kea-2.0.0/arm/dhcp4-srv.html#reserving-next-server-serv... Jason Montleon
08:25 PM Bug #15116: Kea not working with UEFI HTTPBoot URL configured
With Wireshark I was able to see that ISC DHCP sets the bootp boot file name and option 60 to HTTPClient. With Kea ne... Jason Montleon
07:06 PM Bug #15116 (New): Kea not working with UEFI HTTPBoot URL configured
I have configured and successfully use http boot to occasionally boot libvirt vms by checking off `Enable Network Boo... Jason Montleon
08:35 PM Bug #15118 (Resolved): DHCPv6 settings page "DDNS Reverse" check box not showing current state
If you select the DDNS Reverse checkbox and then save and then apply the changes, the checkbox clears.
It seems li... David Cornejo
08:30 PM Bug #15117 (Resolved): Shortcut bar on DHCPv6 leases (``status_dhcpv6_leases.php``) navigates to DHCPv4 destinations, not DHCPv6
The link to the DHCPv6 settings on the status page takes you to the settings for DHCP (v4)
 David Cornejo
06:14 AM pfSense Packages Bug #15115 (Closed): NUT Package Functionality
I read online that updating the OS version from 2.7 to 2.7.2 should fix some security bugs and I have also followed t... Adam Di Vizio
05:44 AM pfSense Packages Bug #14951: Tripplite Smart1500LCD UPS
I read online that updating the OS version from 2.7 to 2.7.2 should fix some security bugs and I have followed the in... Adam Di Vizio

12/25/2023

07:38 PM pfSense Packages Bug #13421: Stunnel certificate does not refresh
Tested, had to add 2 lines to /usr/local/etc/stunnel at the begining so now it looks like:... A Schnee

12/24/2023

05:20 PM Bug #9453: Reconfiguring a parent LAGG interface breaks its VLANs
There have been various bug reports related to this issue which seem to share the same root cause - a fix is in progr... Marcos M
05:18 PM Bug #9453 (In Progress): Reconfiguring a parent LAGG interface breaks its VLANs
Marcos M
05:14 PM Bug #13473 (Duplicate): No IPv6 address acquired after reboot/dhcp6c not starting
Marcos M
05:12 PM Bug #14083 (Duplicate): Adding MSS and MTU values on a LAGG VLAN interface breaks connectivity
Marcos M
05:10 PM Bug #14603 (Duplicate): LAGG VLAN Interfaces report parent no longer exists
Marcos M
05:07 PM Bug #13344 (Duplicate): Vlan loses parent interface when changing LAGG mtu to jumbo frames
Marcos M
05:06 PM Bug #12926 (Duplicate): Changing LAGG type on CARP interfaces makes VIPs go to an "init" State
Marcos M
05:05 PM Bug #11953 (Ready To Test): XG-1541 crashes when igmpproxy is enabled and network interfaces status change
This needs to be tested against a current pfSense version, preferably a dev snapshot. For reference, this looks like ... Marcos M
08:33 AM Bug #15098: Wireguard crashes on boot if PPPoE is the default gateway
checked the logs and this seems to be repeating endlessly:
Dec 24 09:17:01 php_wg 89853 /usr/local/pkg/wireguard/inc... Oskar Stroka
03:58 AM Feature #14952 (Pull Request Review): Firewall Alias Import
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/1114 Christopher Cope
12:03 AM pfSense Packages Bug #15027 (Confirmed): Bind DNS Server cannot reorder zones
Chris W
12:02 AM pfSense Packages Bug #15027: Bind DNS Server cannot reorder zones
Can confirm with Bind 9.17 on pfSense Plus 23.09.1.
To reproduce:
1. Create two zones.
2. On the Zones tab, drag... Chris W

12/23/2023

09:32 PM Bug #14261: Trim white space in a DHCP Leases page search field
Applied in changeset commit:8c2615a322f4c7ae04d97efb16159904b0503160. Christopher Cope
09:20 PM pfSense Plus Regression #14964: SG-3100: iscsi support removed from 23.09 kernel
I would imagine that the reason it wasn't mentioned in the release notes is because iSCSI support isn't officially su... Kris Phillips
09:18 PM pfSense Plus Bug #14824: OpenVPN instance on IPv6 PPPoE interface does not always start automatically
Łukasz Rojczyk wrote in #note-12:
> is there any progress yet or will it never work properly ???
>
> Dec 18 10:19... Kris Phillips
09:16 PM pfSense Plus Bug #15097: Upgrade to 23.09.1 is not offered for 23.05.1
Danilo Zrenjanin wrote in #note-2:
> Yeah, I can confirm this behavior on Netgate 6100.
>
> [...]
>
> The reco... Kris Phillips
09:15 PM Bug #15087: IPsec Keep Alive does not update the gateway status
Tried this and it doesn't even need to be a FQDN. The Gateway status page of any VTI with a /30 will almost always s... Kris Phillips
07:23 PM Bug #15087: IPsec Keep Alive does not update the gateway status
I tried to replicate that behavior. I set FQDN for the Remote Gateway setup on both sides. Phase 2 in VTI mode. The g... Danilo Zrenjanin
09:13 PM Bug #15110: pfSense hangs when rebooting
Danilo Zrenjanin wrote in #note-3:
> The clean installation procedure on the 3rd party SSD went smoothly, but the is... Kris Phillips
07:36 AM Bug #15110: pfSense hangs when rebooting
The clean installation procedure on the 3rd party SSD went smoothly, but the issue persisted with no other side effects. Danilo Zrenjanin
04:21 PM pfSense Packages Feature #9833: ACME: add ability to use custom ACME server
+1 also
there is a FreeBSD port of step-ca
https://www.freshports.org/security/step-certificates/ Max Budnick
12:47 PM Bug #15098: Wireguard crashes on boot if PPPoE is the default gateway
I couldn't replicate this behavior on the following system:... Danilo Zrenjanin

12/22/2023

10:57 PM Feature #15114 (New): Allow mounting of multiple ZFS pools at boot
Current pfSense versions will only mount the default ZFS pool at boot. Since pfSense does not use the FreeBSD RC syst... Steve Wheeler
09:55 PM Revision 7cdf9713: Only backup kernel on UFS systems
Christian McDonald
08:26 PM pfSense Docs Todo #15113 (Closed): Update Image Verification Document to tell people to not sha256sum the .sha256 file, but instead just view the contents
Documentation is here:
https://docs.netgate.com/pfsense/en/latest/install/download-installer-image.html#verifying-th... Kris Phillips
06:04 PM Regression #15112 (Resolved): ``status_interfaces.php`` is missing several values for SFP modules
I am not seeing the SFP module status in pfSense 23.09.1 that was implemented previously. Reference https://redmine.p... Chad Wagner
05:17 PM Bug #15110: pfSense hangs when rebooting
Note this was after adding a 3rd party SSD. Steve Wheeler
01:44 PM Feature #8861: Show SFP module details on ``status_interfaces.php``
Chad Wagner wrote in #note-17:
> Is there a reason I would not be seeing the same on my 6100 with 23.09.1? I just sw... Jim Pingle
06:08 AM Feature #8861: Show SFP module details on ``status_interfaces.php``
Is there a reason I would not be seeing the same on my 6100 with 23.09.1? I just switched from SFP+ DACs to 10GTek SF... Chad Wagner
01:39 PM Bug #15111 (Rejected): LAN ipv4 route can't via WAN route out.
There is not nearly enough information here to say there is a bug rather than something wrong in your setup/environme... Jim Pingle
12:53 AM Bug #15111 (Rejected): LAN ipv4 route can't via WAN route out.
The LAN network ipv4 can't route out VIA ISP wan, LAN lose route yon Liu
11:11 AM pfSense Plus Bug #15097 (Confirmed): Upgrade to 23.09.1 is not offered for 23.05.1
Yeah, I can confirm this behavior on Netgate 6100.... Danilo Zrenjanin

12/21/2023

09:55 PM Feature #14165: Option to allow the DNS Forwarder to ignore system DNS servers
Pull request filed: https://github.com/pfsense/pfsense/pull/4664 Orion Poplawski
07:33 PM pfSense Packages Feature #14999: Feature Request: Update Squid Package to Version 6.5 this was released on updated Nov 6
Pretty Please ...
Maybe a Christmas package.. Jonathan Lee
07:22 PM pfSense Plus Bug #14515: Ethernet rule Action field hint text lists "reject" option which is not compatible with Ethernet rules

Christian McDonald wrote in #note-1:
> Thanks.
>
> pf(4) only supports pass/block action semantics for L2 rul... Jonathan Lee
07:20 PM pfSense Plus Bug #14515: Ethernet rule Action field hint text lists "reject" option which is not compatible with Ethernet rules
Do you still have this commit ID I do not think it shows up. I can't fetch 7cdf5ed172bbb98aa62e9a4ef534866ba1d63ef8 Jonathan Lee
06:59 PM Todo #15106: Remove ``Time`` column from OS Boot logs
Works great!!! Jonathan Lee
06:41 PM Todo #15106: Remove ``Time`` column from OS Boot logs
Marcos M wrote in #note-3:
> Only the @Message@ column is shown now. This affects @userlog@ and @dmesg.boot@ (OS Boo... Jonathan Lee
06:57 PM Bug #15060 (Ready To Test): LDAP bind fails when authentication servers use different CA chains
The first parameter type changed in PHP 8.1:
> The ldap parameter expects an LDAP\Connection instance now; previousl... Marcos M
06:13 PM Bug #15043: IGMP proxy works intermittently
I agree completely. This is a very disruptive bug for those that use IPTV. You can simply not use it. I think this bu... Haraldinho D
06:05 PM Bug #15043: IGMP proxy works intermittently
That pretty much sucks.
So, we either have to wait for 2.8 final or install a snapshot/dev version to be able to use... Arturo de Vries
04:48 PM Bug #15043 (Feedback): IGMP proxy works intermittently
Marcos M
02:34 PM Bug #15043: IGMP proxy works intermittently
This requires a kernel change, so it'll be part of the next release. This issue cannot be fixed through the System_Pa... Kristof Provost
02:24 PM Bug #15043: IGMP proxy works intermittently
When/how will this lead to an installable patch? Haraldinho D
09:37 AM Bug #15043: IGMP proxy works intermittently
The relevant fixes have been merged to the devel-main and plus-devel-main branches, and are included in recent snapsh... Kristof Provost
07:18 AM Bug #15043: IGMP proxy works intermittently
Any news on an official patch yet? Haraldinho D
05:57 PM Bug #14989 (Closed): Typo in the Setup Wizard
Christian McDonald
05:56 PM Bug #14261 (Feedback): Trim white space in a DHCP Leases page search field
Christian McDonald
05:56 PM Revision 8c2615a3: Trim DHCP & DHCPv6 search strings. #14261
Christopher Cope
05:54 PM Revision a13da2b0: Fix typo in setup wizard. Fixes #14989
Christopher Cope
04:47 PM Revision 65b5c400: get_sysctl(): check return status and log failures, add retries. #14648
Reid Linnemann
04:46 PM Revision 273e932c: Update loader on ESPs without use of a label
Reid Linnemann
04:09 PM Bug #15110 (New): pfSense hangs when rebooting
Start the reboot from the GUI:... Danilo Zrenjanin
01:52 PM Regression #15109 (Not a Bug): Many missing files with pkg-static check -s -a after upgrading from 2.7.1 to 2.7.2
All of those are expected the way things work currently. As we work more toward a pkg base for everything more of tho... Jim Pingle
08:44 AM Regression #15109 (Not a Bug): Many missing files with pkg-static check -s -a after upgrading from 2.7.1 to 2.7.2
Many missing files after upgrading from 2.7.1 to 2.7.2 when using:
_pkg-static check -s -a_
*2.7.1 fresh install... Hine Ke
10:00 AM Bug #15108: ``pfctl`` is unable to retrieve state creator list in certain circumstances
I think I see how the 'No space left on device' error can happen if we have many creator ids.
It's already fixed, be... Kristof Provost
09:38 AM pfSense Packages Todo #14073: Shalla block list is offline but still available in pfBlocker
Mike Moore wrote in #note-3:
> Can we get this package cleaned up at least with the removal of the list.
> Its cau... OpIT GmbH

12/20/2023

07:29 PM pfSense Packages Regression #14452: Prometheus node_exporter generates errors with the default config
I'm still seeing this on CE 2.7.2 with node_exporter 0.18.1_3 (upstream node_exporter-1.6.1) installed. Note that the... Logan Marchione
07:08 PM pfSense Packages Bug #15080: Suricata process dying due to Hyperscan error - also may randomly segfault
PR merged, thanks! Jim Pingle
05:18 PM pfSense Packages Bug #15080: Suricata process dying due to Hyperscan error - also may randomly segfault
Additional update for this issue for a complete history:
Two additional heap memory buffer overflow bugs were rece... Bill Meeks
07:08 PM pfSense Packages Bug #14898: Suricata core dumps with signal 11
PR merged, thanks! Jim Pingle
05:19 PM pfSense Packages Bug #14898: Suricata core dumps with signal 11
Additional update for this issue for a complete history:
Two additional heap memory buffer overflow bugs were rece... Bill Meeks
06:29 PM Todo #15106: Remove ``Time`` column from OS Boot logs
@userlog@ has a timestamp it's just not being parsed out since it doesn't match the syslog format. Jim Pingle
06:22 PM Todo #15106 (Resolved): Remove ``Time`` column from OS Boot logs
Only the @Message@ column is shown now. This affects @userlog@ and @dmesg.boot@ (OS Boot) logs - sorting behavior rem... Marcos M
03:45 AM Todo #15106: Remove ``Time`` column from OS Boot logs
Thanks for the information. Should Status / System Logs / System / OS Boot have time column removed as it is mislead... Jonathan Lee
02:21 AM Todo #15106 (Not a Bug): Remove ``Time`` column from OS Boot logs
The kernel boot log has no timestamps, the message log buffer is dumped all at once into the log file by the kernel a... Jim Pingle
02:03 AM Todo #15106 (Resolved): Remove ``Time`` column from OS Boot logs
Hello and happy holidays. I just noticed that the OS Boot Logs under pfSense GUI show "Time" and "Message" columns ho... Jonathan Lee
06:19 PM Revision 08434feb: Show only the Message column for raw logs. Implement #15106
Marcos M
05:58 PM Bug #14631 (Duplicate): ACL on DNS Resolver is not updated list after IPs changed on interfaces
Marcos M
03:58 AM Bug #14631: ACL on DNS Resolver is not updated list after IPs changed on interfaces
https://docs.netgate.com/pfsense/en/latest/config/xml-configuration-file.html
Have you checked this file? You migh... Jonathan Lee
03:56 AM Bug #14631: ACL on DNS Resolver is not updated list after IPs changed on interfaces
Check your config.xml file and see what the setting for this.
If you are still having issues where it can't save ... Jonathan Lee
05:52 PM pfSense Plus Bug #15103 (Resolved): Netgate Crypto ID missing in 23.09.01 after fresh firmware
Thoth is no longer used - the error is from old code which has been cleaned up in dev snaps. This is being tracked wi... Marcos M
04:15 AM pfSense Plus Bug #15103: Netgate Crypto ID missing in 23.09.01 after fresh firmware
With 23.05.01
@AES-GCM,ChaCha20-Poly1305,AES-ICM,AES-XTS,SHA1,SHA256,SHA384,SHA512@
is shown for my model 21... Jonathan Lee
04:32 PM pfSense Plus Feature #12832: 6100 configurable Blinking Blue LED
Have you attempted to just manually set the GPIO settings with a cron job to a different color? Would that help or ma... Jonathan Lee
03:56 PM Revision 55251505: Remove TOTH. Fix NG#12636
Marcos M
03:53 PM Bug #15108 (Resolved): ``pfctl`` is unable to retrieve state creator list in certain circumstances
In certain cases @pfctl -sc@ is unable to obtain the list of state creators, and instead results in an error message ... Jim Pingle
03:32 PM Bug #15057 (Resolved): Router Advertisement daemon does not prioritize IPv6 GUA over ULA
Marcos M
02:04 PM Bug #15057: Router Advertisement daemon does not prioritize IPv6 GUA over ULA
It works !
get_interface_track6ip now returns the GUA as expected, and radvd config file is correct
Thank you Mathis Cavalli
12:37 AM Bug #15057 (Pull Request Review): Router Advertisement daemon does not prioritize IPv6 GUA over ULA
Thanks! I was able to reproduce and confirm the issue. Please test the following patch:
{{collapse... Marcos M
05:32 AM Regression #14970: Static ARP assignments lose ``permanent`` flag in ARP table
Jonathan Lee wrote in #note-13:
> This could be also related
>
> https://redmine.pfsense.org/issues/15104
For... Denny Page
04:25 AM Regression #14970: Static ARP assignments lose ``permanent`` flag in ARP table
This could, could also cause broadcast arp storms and VLAN hopping vulnerabilities. Prior versions had broken up the ... Jonathan Lee
04:23 AM Regression #14970: Static ARP assignments lose ``permanent`` flag in ARP table
This could be also related
https://redmine.pfsense.org/issues/15104
I am having one broadcast domain now the p... Jonathan Lee
05:02 AM pfSense Packages Feature #15107 (New): An option to disable routes
When using Wireguard with FRR (dynamic routing) there needs to be an option to select 'Disable routes'
This will pre... Mike Moore
04:33 AM Feature #8794: NTP authentication support
https://github.com/pfsense/pfsense/pull/4658
User MatthewA1 has merged Marcos's requests as well as added the miss... Jonathan Lee
04:27 AM Regression #14987: ``Interface Address`` is no longer an option for outbound NAT targets
Does this cause issues with layer 2 experimental rules? They are MAC address or interface based. Jonathan Lee
04:12 AM pfSense Plus Bug #13206: SG-3100 LED GPIO hangs
Have you attempted to just manually set the GPIO settings with a cron job to a different color? Would that help or ma... Jonathan Lee
03:51 AM pfSense Plus Bug #13497: unbound process looks like stuck periodically
Post this in the forum it could be you are not using the correct settings and ACL's for unbound. Jonathan Lee
02:19 AM pfSense Plus Feature #14291: Support for cryptographic acceleration using the Multi-Buffer Crypto for IPsec Library (IPsec-MB, IIMB)
crypto id/ping-auth has nothing to do with cryptographic acceleration, it's not relevant to this issue in any way. Jim Pingle
02:12 AM pfSense Plus Feature #14291: Support for cryptographic acceleration using the Multi-Buffer Crypto for IPsec Library (IPsec-MB, IIMB)
Old post however I wanted to bring more attention to CryptoID loss of ping-auth when fresh firmware is installed.
... Jonathan Lee
12:31 AM Revision c32312a3: Handle IPv6 GUA and ULA in get_interface_track6ip(). Fix #15057
Marcos M
 

Also available in: Atom