Activity

30 days up to

User

Subprojects

Activity

From 01/17/2024 to 02/15/2024

02/15/2024

10:14 PM pfSense Docs Todo #15259: Feedback on pfSense® software Configuration Recipes — OpenVPN Site-to-Site Configuration Example with SSL/TLS: One strategy to consider - In the future I humbly suggest you state that "I close this report pending additional inf... Michael McNamara
07:33 PM pfSense Plus Bug #15262 (Confirmed): Captive Portal Has High CPU Interrupts With Large Number of Users: When 700+ Captive Portal users are in use, CPU interrupts will cause high load averages to occur. This can lead to c... Kris Phillips
07:01 PM pfSense Packages Feature #15260: Snort IPS False Positives and Preprocessor Rules Misconfiguration: Roberto@ IT and General wrote in #note-3:
> Hello Bill,
>
> The more general writeup about why rules are in specific... Bill Meeks
05:44 PM pfSense Packages Feature #15260: Snort IPS False Positives and Preprocessor Rules Misconfiguration: Hello Bill,
Thank you very much for your comment. I didn't perceive your message as an attempt to be argumentative... Roberto@ IT and General
03:02 PM pfSense Packages Feature #15260: Snort IPS False Positives and Preprocessor Rules Misconfiguration: I am the volunteer package maintainer for Snort on pfSense. The method you described above for removing rules (disabl... Bill Meeks
11:31 AM pfSense Packages Feature #15260: Snort IPS False Positives and Preprocessor Rules Misconfiguration: Above, there is a list of the preprocessor rules and decoder rules that should be enabled/disabled for each of the th... Roberto@ IT and General
11:15 AM pfSense Packages Feature #15260 (Resolved): Snort IPS False Positives and Preprocessor Rules Misconfiguration: Greetings to all from IT And General.
I would like to point out an issue that we are experiencing with the Snort p... Roberto@ IT and General
03:50 PM pfSense Packages Bug #15190 (Resolved): PHP error from RRD Graphs when resolution is null: It works fine on today's release:
I will close this ticket as resolved. Danilo Zrenjanin
01:09 PM Feature #15261 (Not a Bug): comcast DHCP issues: User reports issues with Comcast connection.
WANs intermittently stop from being able to communicate past the Comcas... Georgiy Tyutyunnik
11:17 AM Bug #15248 (Resolved): Removing a gateway group used as the default gateway results in no default route: Tested against:... Danilo Zrenjanin
10:40 AM Bug #15252 (Resolved): Egress states remain when killing states for scheduled rules: Tested against:... Danilo Zrenjanin
05:49 AM pfSense Plus Bug #14968: Google LDAP fail to bind: I suspect it is related to issue #15060, I didn't test with only one LDAP backend configured. Lev Prokofev

02/14/2024

10:37 PM pfSense Docs Todo #15259: Feedback on pfSense® software Configuration Recipes — OpenVPN Site-to-Site Configuration Example with SSL/TLS: Thanks for accepting my feedback on how I made your system work despite the documents leading me astray! Michael McNamara
10:24 PM pfSense Docs Todo #15259: Feedback on pfSense® software Configuration Recipes — OpenVPN Site-to-Site Configuration Example with SSL/TLS: I tested both Plus and CE. If it didn't work, you must have configured it improperly. Jim Pingle
10:23 PM pfSense Docs Todo #15259: Feedback on pfSense® software Configuration Recipes — OpenVPN Site-to-Site Configuration Example with SSL/TLS: I don't need assistance, instead I am reporting that it fails if I just follow the guidelines on the base page.
If... Michael McNamara
09:56 PM pfSense Docs Todo #15259 (Rejected): Feedback on pfSense® software Configuration Recipes — OpenVPN Site-to-Site Configuration Example with SSL/TLS: I'm not sure what you did wrong, but it is absolutely sufficient. I just re-tested that entire set of instructions in... Jim Pingle
09:41 PM pfSense Docs Todo #15259 (Rejected): Feedback on pfSense® software Configuration Recipes — OpenVPN Site-to-Site Configuration Example with SSL/TLS: *Page:* https://docs.netgate.com/pfsense/en/latest/recipes/openvpn-s2s-tls.html
*Text:*
Select the server insta... Michael McNamara
06:01 PM Todo #15258 (Resolved): Update Gandi LiveDNS service with API changes: In August 2023 Gandi changed how authentication works with their API. Now you need to use Personal Access Tokens and ... Matthew Drury
04:23 PM Feature #15257 (Resolved): Support using a mask to block MAC addresses in Captive Portal: Blocking a MAC address in pfSense when using a mask is not working. However, if you use the pass option and specify t... Gordon Bennett
04:16 PM Bug #14933: Traffic Graph widget displays bandwidth usage values which are half the actual usage amount: I can still reproduce this in 23.09.1 dylan mendez
04:12 PM Bug #15015: Static routes not working: The pictures are no longer there, can you please re upload. dylan mendez
08:54 AM pfSense Packages Bug #14409: pfBlockerNG Cron Redundantly Updates pfSense Configuration When DNSBL is Disabled Due to Faulty Virtual IP Count: > I've come up with a patch that sets @$vip_count@ to @0@ if DNSBL is disabled. This causes the Virtual IP counts to ... Sima Xi
05:41 AM Bug #15110: pfSense hangs when rebooting: Another one TAC ticket with the same issue
2336421939 aleksei prokofiev
05:41 AM Bug #15110: pfSense hangs when rebooting: same issue here. 6100, 23.09.1
onboard mmc died, added a WD SN520 NVME SSD.
same console output M O
01:44 AM Feature #12746: IPoE feature for WAN interface: As far as I know, a significant portion of the supply in the Japanese market is using IPoE mode, and currently, almos... Tianyi SUN

02/13/2024

04:33 PM Feature #10843: Allow user manager settings to specify multiple authentication servers: I've been thinking about this a bit lately since we've added something similar in the upcoming TNSR release.
Like ... Jim Pingle
04:16 PM Feature #10843: Allow user manager settings to specify multiple authentication servers: This feature should also include the ability to define specific failover behavior if the configured authentication se... Chris Linstruth
02:29 PM Bug #8087: Provide Calling-Station-ID to RADIUS backed VPN connections: Welp, even "my" last hack stopped working somewhere along the pfSense stable upgrade path, currently on "23.09.1-RELE... Brandon Verkada
01:49 PM Todo #15256 (Resolved): Upgrade Unbound to >= 1.19.1: Unbound 1.19.1 fixes two DoS/CPU exhaustion issues in DNSSEC validation:
https://nlnetlabs.nl/downloads/unbound/CV... Jim Pingle
12:02 PM Bug #14434: PPPoE WAN interface with VIPs causes continuous interface restarting: Steve Wheeler wrote in #note-4:
> Still present in 23.09.1
I can also confirm it is still present is the latest s... Adam French

02/12/2024

04:33 PM pfSense Docs Correction #15255 (Closed): New docs typo: Fixed, thanks!
https://gitlab.netgate.com/docs/pfSense-docs/-/commit/1a9cc91ad99c7e662d45ad85fc6a9ce324bde7bf Jim Pingle
04:18 PM pfSense Docs Correction #15255 (Closed): New docs typo: Typo in new docs (Gateway Settings):
http://stage-feature-mm-gateway_recovery.docs.netgate.com/pfsense/en/latest/rou... William Wrathbone
04:13 PM pfSense Docs Correction #15253 (Closed): New docs typo: Fixed and deployed last week: https://gitlab.netgate.com/docs/pfSense-docs/-/commit/2448141188ae72159faaac282a641c1f4... Jim Pingle
03:48 PM pfSense Docs Correction #15253 (Closed): New docs typo: Typo in new docs for gateway recovery:
http://stage-feature-mm-gateway_recovery.docs.netgate.com/pfsense/en/latest/r... William Wrathbone
04:13 PM pfSense Docs Correction #15254 (Closed): Docs typo: Fixed and deployed (along with some other typos):
https://gitlab.netgate.com/docs/pfSense-docs/-/commit/2dd28e37b2... Jim Pingle
03:49 PM pfSense Docs Correction #15254 (Closed): Docs typo: https://docs.netgate.com/pfsense/en/latest/multiwan/considerations.html
(probably should be "...to the DNS forwarder... William Wrathbone
02:32 PM pfSense Packages Bug #15190 (Feedback): PHP error from RRD Graphs when resolution is null: MR merged. Jim Pingle

02/08/2024

11:34 PM Bug #14386 (Feedback): ``openvpn.auth-user.php`` gets stuck at 100% CPU usage when RADIUS authentication times out: Should be fixed in https://github.com/pfsense/FreeBSD-ports/commit/c0a12f594ba2a873ffd5ec8974c5582e6283fbdf. The 0 by... Reid Linnemann
10:56 PM pfSense Packages Feature #15242: Optimize calls to write_config() function in Suricata GUI to prevent creation of unnecessary config.xml backups when possible: A pull request containing the fix for this issue has been posted to the RELENG_2_7_2 branch of FreeBSD-ports here: ht... Bill Meeks
10:55 PM pfSense Packages Bug #15241: Suricata Dashboard Widget needs the same fix applied as the ALERTS tab code from Redmine #14955.: A pull request containing the fix for this issue has been posted to the RELENG_2_7_2 branch of FreeBSD-ports here: ht... Bill Meeks
10:55 PM pfSense Packages Bug #15240: Suricata GeoIP2 database download and update broken due to recent change in MaxMind API: A pull request containing the fix for this issue has been posted to the RELENG_2_7_2 branch of FreeBSD-ports here: ht... Bill Meeks
10:30 PM pfSense Plus Bug #15246 (Not a Bug): Autofill services like password managers able to override blocked username field for admin user: We already include the tags to suppress them. Password manglers ignore them. Jim Pingle
09:49 PM pfSense Plus Bug #15246 (Not a Bug): Autofill services like password managers able to override blocked username field for admin user: Browsers with extensions like LastPass, BitWarden, etc. that automatically fill relevant fields are able to replace t... Kris Phillips
05:09 PM Feature #7943 (New): Overflow scrolling for top navigation drop-down menus in Fixed mode: The overflow scrolling inside the menu should only be enabled when the menu is fixed to the top of the window and rem... Jim Pingle
10:03 AM Bug #15096: Interface subnet aliases do not contain IPv6 VIPs: The reason it is not working anymore is this patch, so it looks counter-intuitive to me to open another redmine issue. Bob Dig
03:19 AM Feature #15244: Modern authentication via FIDO2 for local account authentication: Duplicate of https://redmine.pfsense.org/issues/14743 Kris Phillips

02/07/2024

08:49 PM Regression #14502: DHCPv6 Prefix Delegation (PD) not installing routes: The PD route is installed on 24.03 as well.
Regarding #note-11, that seems like a different root cause at least; I... Marcos M
08:45 PM Feature #15245 (Feedback): Show interface subnet details in a tooltip on the IPsec Phase 2 list: Applied in changeset commit:6030dd4570752752ffe3697ea263065b61acae76. Marcos M
06:50 PM Feature #15245 (Waiting on Merge): Show interface subnet details in a tooltip on the IPsec Phase 2 list: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/1135 Marcos M
06:46 PM Feature #15245 (Resolved): Show interface subnet details in a tooltip on the IPsec Phase 2 list: When <interface> subnet is selected for Phase 2 configs, show the subnet being used. Marcos M
08:36 PM pfSense Packages Todo #15119: Update nut-devel version and update startup script: Thank you Denny Page
06:54 PM pfSense Packages Todo #15119: Update nut-devel version and update startup script: The new version has been picked back to 2.7.2 and 23.09.1 - it should show up on the next build. Marcos M
08:32 PM Revision 6030dd45: Show interface subnet details for IPsec Phase 2. Implement #15245: While there, prevent interface subnet selections from
showing for the NAT/BINAT field. Marcos M
04:46 PM Feature #9536: Support dynamic prefix in DHCPv6 Server: Is this also similar to 5950? https://redmine.pfsense.org/issues/5950 Are there any plans or updates on this?
Part... Joshua Cooper
04:00 PM pfSense Packages Bug #15190: PHP error from RRD Graphs when resolution is null: Danilo Zrenjanin wrote in #note-8:
> I tested the patch against:
>
> [...]
>
> After clicking the "Update Grap... Christopher Cope
11:11 AM pfSense Packages Bug #15190: PHP error from RRD Graphs when resolution is null: I tested the patch against:... Danilo Zrenjanin
03:32 PM pfSense Plus Feature #14743: Add Passkey/Certificate-based Authentication: Kris Phillips wrote:
> pfSense Plus's webConfigurator is currently limited in authentication for local auth, requiri... Paul Smith
02:52 PM pfSense Docs New Content #15208 (Resolved): Document the new gateway recovery state killing feature: Added to 24.03 docs. Marcos M
02:50 PM Feature #15244 (New): Modern authentication via FIDO2 for local account authentication: Implementation of FIDO2 WebAuthN capabilities into RELENG_2_7_2.
*WHAT*
FIDO2 adds convenient phishing-resistant ... Paul Smith
12:58 PM Todo #15220 (Pull Request Review): Handle ``route-to`` and ``reply-to`` states when using the ``if-bound`` state policy: It seems the reply-to issue can only really be handled by using floating on the rule. This can be done on rule genera... Marcos M
08:45 AM pfSense Packages Feature #15243 (New): CARP causes tinc termination: Obviously, using CARP (rc.carpbackup from the logs) kills tinc on the router that CARP considers backup. However, thi... Michael Lipp

02/06/2024

11:24 PM pfSense Packages Bug #14855 (Resolved): suricata_Getdirsize issue after PHP 8: Jim Pingle
11:06 PM pfSense Packages Bug #14855: suricata_Getdirsize issue after PHP 8: This fix was merged into production on October 16, 2023, but apparently this ticket escaped being closed as a result.... Bill Meeks
11:13 PM pfSense Packages Feature #15242 (Resolved): Optimize calls to write_config() function in Suricata GUI to prevent creation of unnecessary config.xml backups when possible: Examine all calls to @write_config()@ function to see when it is appropriate to set @$backup@ parameter to @false@ to... Bill Meeks
11:09 PM pfSense Packages Bug #15241 (Resolved): Suricata Dashboard Widget needs the same fix applied as the ALERTS tab code from Redmine #14955.: The same bug exists in the Suricata Dashboard Widget code for converting log file timestamps into EventTime objects a... Bill Meeks
10:08 PM pfSense Packages Bug #15240 (Resolved): Suricata GeoIP2 database download and update broken due to recent change in MaxMind API: The MaxMind GeoIP2 geolocation database download/update procedure in the Suricata package was broken by a recent API ... Bill Meeks
07:05 PM pfSense Plus Feature #15239: Add to existing rule: Understood. Thanks for clarifying. Mike Moore
06:36 PM pfSense Plus Feature #15239 (Rejected): Add to existing rule: If the ports are together you can already use a range. If the ports are separate you have to use an alias. If the IP ... Jim Pingle
06:28 PM pfSense Plus Feature #15239 (Rejected): Add to existing rule: First i acknowledge that i do know i can create an alias and group IPs or Ports..
Feature: The ability to add to a... Mike Moore
06:43 PM pfSense Packages Bug #15190 (Feedback): PHP error from RRD Graphs when resolution is null: MR merged. Jim Pingle
04:51 PM pfSense Docs Todo #15235 (Rejected): Feedback on Troubleshooting — Troubleshooting OpenVPN Internal Routing (iroute): The instructions here are fine and there are no changes needed specific to 2.7.0 or later. If it does not work, you h... Jim Pingle
07:25 AM pfSense Docs Todo #15235 (Rejected): Feedback on Troubleshooting — Troubleshooting OpenVPN Internal Routing (iroute): *Page:* https://docs.netgate.com/pfsense/en/latest/troubleshooting/openvpn-iroute.html
*Feedback:* This page needs... Roland Giesler
04:39 PM pfSense Plus Bug #15196: AWS ena interfaces can become unstable/stop responding: Freeback from Amazon:... Kristof Provost
12:38 PM Bug #15211: tcpdump run with BIOS hardware clock set, but no on environment system time: Steve Wheeler wrote in #note-1:
> This should be an option when running the pcap.
Please argue.
All FreeBSD - ... Sergei Shablovsky
12:05 AM Feature #15234 (Feedback): Show details of system aliases in tooltip on firewall and NAT rule lists: Applied in changeset commit:a61d68dd271331b8671afed01c50fc028ba88027. Marcos M

02/05/2024

11:55 PM Feature #15234: Show details of system aliases in tooltip on firewall and NAT rule lists: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/1133 Marcos M
11:49 PM Feature #15234 (Resolved): Show details of system aliases in tooltip on firewall and NAT rule lists: Now that @<interface> net@ uses system aliases, it would be helpful to show its contents. Marcos M
11:54 PM Revision a61d68dd: Show system alias popups for rules. Implement #15234: Marcos M
08:26 PM Regression #14970 (New): Static ARP assignments lose ``permanent`` flag in ARP table: Jim Pingle
08:20 PM Bug #11539 (Rejected): Mobile IPsec ``split_include`` value of ``0.0.0.0/0`` causes some clients to fail: The original reporter(s) of this issue have long since disappeared and nobody else seems to be able to reproduce the ... Jim Pingle
08:17 PM Feature #746 (Duplicate): Add interface group to source/dest drop downs: Marcos M
08:07 PM pfSense Plus Todo #15164: Add ZFS Boot Environment list to status output: Updating subject for release notes. Jim Pingle
06:12 PM pfSense Plus Bug #15196: AWS ena interfaces can become unstable/stop responding: Hmmm 9272e45 committed Dec 28, 2023
ena: Change measurement unit of time since last tx cleanup to ms
This commit:
1.... Jim Thompson
04:15 PM Bug #15096 (Resolved): Interface subnet aliases do not contain IPv6 VIPs: This issue/fix is only related to the alias; if an IPv6 address does not get added to the interface, that would need ... Marcos M
01:23 PM Bug #15096 (New): Interface subnet aliases do not contain IPv6 VIPs: Jim Pingle
03:26 PM Bug #14386: ``openvpn.auth-user.php`` gets stuck at 100% CPU usage when RADIUS authentication times out: pfSense 2.7.2 and pfSense Plus 23.09.1 Orion Poplawski
03:12 PM Feature #15233 (Resolved): Recognize QAT 4xxx devices in System Information Widget: The QAT driver supports qat_4xxx devices but they are not shown as supported in the pfSense GUI.
Same as the last ... Steve Wheeler
02:47 PM Regression #15152 (Resolved): Systems with low RAM fail to upgrade to 24.03: Looks good in todays snapshot:... Steve Wheeler
02:10 PM pfSense Plus Feature #15232: Display proposed changes: Understood. Thanks for the quick response Jim.
Mike Moore
01:29 PM pfSense Plus Feature #15232 (Rejected): Display proposed changes: You can always view the config history, before or after applying, but trying to pick out which specific things in a s... Jim Pingle
02:31 AM pfSense Plus Feature #15232: Display proposed changes: In a way this should technically be possible as there is already a record of what’s changed AFTER it’s applied when y... Mike Moore
02:27 AM pfSense Plus Feature #15232 (Rejected): Display proposed changes: Display proposed changes prior to clicking apply.
Would be great to have multiple engineers (or a single one) make c... Mike Moore
01:38 PM pfSense Packages Bug #15190: PHP error from RRD Graphs when resolution is null: The change should be OK to test, though since this is a patch in the ports tree you'll need to copy paste the diff an... Jim Pingle

02/04/2024

10:48 PM Bug #15181: PHP error in ``interfaces_qinq_edit.php`` when creating a QinQ interface: Also, do you have any existing Interface Groups? dylan mendez
10:22 PM Bug #15181: PHP error in ``interfaces_qinq_edit.php`` when creating a QinQ interface: Does your NIC support QinQ?
dylan mendez
10:18 PM Bug #15181: PHP error in ``interfaces_qinq_edit.php`` when creating a QinQ interface: Tested in 2.7.0, 2.7.2 and 23.09.
I'm able to create QinQ interfaces without any issue. Both with and without the in... dylan mendez
06:50 PM pfSense Packages Todo #15119: Update nut-devel version and update startup script: ping Denny Page
03:44 AM pfSense Packages Bug #14913 (Resolved): [Security] Zabbix packages need updating bec. of recent critical security CVEs: Confirmed the patched packages are available in 23.09.1 and 24.03 of Plus. Kris Phillips
03:40 AM pfSense Packages Todo #15058 (Resolved): Remove Zabbix 4 Agent and Proxy: Checked in pfSense Plus 24.03. These packages are no longer present in the repos. Kris Phillips
03:37 AM pfSense Packages Bug #14805 (Incomplete): when I changed Endpoint ip via webgui, but wiregaurd still using old ip ruuning.: I'm also unable to reproduce this issue.
As Danilo stated, please provide exact reproduction steps.
Marking... Kris Phillips
03:36 AM Bug #15194: PHP Fatal error in easyrule CLI: David Johnston wrote in #note-2:
> To clarify, I ran easyrule as a regular user, and the account didn't have permiss... Kris Phillips
03:32 AM Bug #12942: Code to kill states for old gateway when reconnecting an interface is incorrect: Tested bringing up and down a second gateway with state killing enabled on lower priority gateways and state killing ... Kris Phillips
03:21 AM Bug #15178: ACB (autoconfig backup) restore always returns could not decrypt despite proper password: Re-tested this with a factory defaulted 24.03 box, manually configured ACB, and then re-tested. I can still produce,... Kris Phillips
03:18 AM Feature #13256 (Resolved): Better handling of duplicate IP addresses in static DHCP assignments: the warning is added .
2.8.0.a.20240126.0600 Alhusein Zawi
03:04 AM Feature #14165 (Resolved): Option to allow the DNS Forwarder to ignore system DNS servers: Alhusein Zawi
03:02 AM Feature #15183 (Resolved): Add per-rule option to set PF State Policy (if-bound vs floating): Alhusein Zawi
12:00 AM pfSense Packages Bug #15190: PHP error from RRD Graphs when resolution is null: Updated pull request with changes. Christopher Cope

02/03/2024

07:57 PM Bug #11192: Using Limiters causes out of order packets within one TCP or UDP flow: I also have tried FIFO + taildrop on the LAN up+down and fq_codel + tildrop WAN up+down, and it seemed to stabilize U... P L
07:47 PM Bug #11192: Using Limiters causes out of order packets within one TCP or UDP flow: Recently I switched to the wpa_supplicant bypass method in pfSense and was still getting out of order packet issues u... P L
06:50 PM pfSense Docs New Content #15230 (Confirmed): Gateway status Pending: https://docs.netgate.com/pfsense/en/latest/monitoring/status/gateways.html#gateways-tab
Sometimes, the status of t... Danilo Zrenjanin
12:15 PM Bug #15096: Interface subnet aliases do not contain IPv6 VIPs: Turns out the patch is only working momentarily. It will prevent you from enabling IPv6 GUA (tested via Track Interfa... Bob Dig
09:20 AM Bug #15178: ACB (autoconfig backup) restore always returns could not decrypt despite proper password: I am not able to replicate it on 24.04-DEV, but I have seen it on SC in ticket #2322652504 (23.09.1). After manual co... Lev Prokofev
08:45 AM pfSense Packages Bug #15190: PHP error from RRD Graphs when resolution is null: I'll wait for Jim's advise to be considered before testing the patch. Danilo Zrenjanin
08:17 AM pfSense Packages Bug #15190: PHP error from RRD Graphs when resolution is null: I can reproduce the issue on the:... Danilo Zrenjanin
08:00 AM Bug #15195: PHP error if config contain <ppps></ppps> empty tag: Yeah I found that config was <version>15.5</version> (seems 2.3.2 software) Lev Prokofev
07:50 AM pfSense Packages Bug #15229 (Resolved): ACME DNS-Selfhost verification issues: When using Selfhost.de DNS verification and entering the requested information the renewal is not working.
To make i... STefan Graf
02:47 AM Bug #14386: ``openvpn.auth-user.php`` gets stuck at 100% CPU usage when RADIUS authentication times out: What version(s) are you currently running and encountering this? Perhaps a test build of fcgicli would be appropriate. Reid Linnemann
12:06 AM Bug #14386: ``openvpn.auth-user.php`` gets stuck at 100% CPU usage when RADIUS authentication times out: I don't have a test instance at the moment, but I've thought about spinning one up for quite a while. I'll see what ... Orion Poplawski
01:26 AM Bug #15225 (Resolved): Killing states on downed gateways breaks for static interface configurations: I can reproduce it here by disconnecting the VM link on the host side using ESXi 7. The patch resolves the issue in t... Marcos M
12:51 AM Bug #15228: User manger fails to display certificate option for a new user in case of input error: See: https://forum.netgate.com/topic/185928/user-manager-fails-to-add-cert-if-passwords-do-not-match Steve Wheeler
12:50 AM Bug #15228 (Confirmed): User manger fails to display certificate option for a new user in case of input error: When creating a new user in the user manager the option to add a user cert for the user is hidden if an error is made... Steve Wheeler

02/02/2024

11:59 PM Bug #14386: ``openvpn.auth-user.php`` gets stuck at 100% CPU usage when RADIUS authentication times out: Since fcgicli is continually calling recv() for 8 bytes, I think it's stuck in its read_packet loop. The socket's bee... Reid Linnemann
08:42 PM Revision cf612ab9: Add the pfSense CE platform addtional meta package to the build list.: (cherry picked from commit a5b49a4e4a10ed054c8a9aa6c458b70a4498ced9) Luiz Souza
08:41 PM Revision 8012c1bf: Add the pfSense CE platform addtional meta package to the build list.: (cherry picked from commit a5b49a4e4a10ed054c8a9aa6c458b70a4498ced9) Luiz Souza
08:27 PM Todo #15188: Remove deprecated OpenVPN hardware crypto engine option: Also removed from docs: https://gitlab.netgate.com/docs/pfSense-docs/-/commit/4d709070146c99553edb01b372ed784150227d82 Jim Pingle
08:23 PM Bug #15225: Killing states on downed gateways breaks for static interface configurations: I couldn't find a way to make the statically defined gateway in the pending status.
I tried:
On a physical app... Danilo Zrenjanin
07:05 PM pfSense Docs New Content #15191: Document new Packet Flow Data functionality (Plus Only): A few edits after feedback from Kristof:
https://gitlab.netgate.com/docs/pfSense-docs/-/commit/50fc3a422fc37e88282... Jim Pingle
05:06 PM Bug #15156 (Feedback): Fragmented packets delayed by limiters are lost: Kristof Provost
05:06 PM Bug #15156: Fragmented packets delayed by limiters are lost: I've pushed the fix upstream and cherry-picked it to our branches. The next snapshot build will have it. Kristof Provost
03:49 PM Bug #15226 (Duplicate): Tables for mixed aliases lists occasionally do not contain all records from the alias list.: This is almost surely caused by either of the following:
* https://redmine.pfsense.org/issues/13792
* https://redmi... Marcos M
10:31 AM Bug #15226 (Duplicate): Tables for mixed aliases lists occasionally do not contain all records from the alias list.: Tested on the client machine with 23.09.1 installed, the ticket for reference #2297130372
target IP 82.xx.xx.137... Lev Prokofev
03:20 PM pfSense Packages Bug #14556: Tailscale dropping routes from FIB: Another user has a very similar issue. Chris Linstruth
03:15 PM pfSense Packages Feature #15227 (New): [Freeradius - 0.15.10_1] Enable Pagination on the user section for the Freeradius package: Hi,
I've created 15000 users in the /cf/conf/config.xml and this is working fine.
However the cheer amount of... robert morann
08:00 AM Bug #15122 (Resolved): PHP errors in LDAP server prevent it from falling back to Local Database: I didn't experience any issues after applying the patch, and I was unable to reproduce the PHP error regardless of th... Danilo Zrenjanin

02/01/2024

10:14 PM Bug #14854: Packets are passed through dummynet twice when using ``route-to`` leading to half the expected bandwidth: I wouldn't say it's incorrect setup, using limiters on multi-wan setup has been working on pfSense for over 8 years. ... Jose Duarte
08:49 PM Bug #14537: Nat Reflection changed behavior on pfsense 2.7: FWIW I've tested this setup in 24.03 and it works fine there. Marcos M
07:04 PM Bug #15223 (Resolved): Killing states on downed gateways breaks when ``Skip rules when gateway is down`` is enabled: I am closing this case as resolved. Danilo Zrenjanin
06:51 PM Bug #15223: Killing states on downed gateways breaks when ``Skip rules when gateway is down`` is enabled: I couldn't replicate the issue on the:... Danilo Zrenjanin
03:17 PM Bug #15223: Killing states on downed gateways breaks when ``Skip rules when gateway is down`` is enabled: The patch only applies to 24.03 since it's dependent on other changes in dev snapshots. Marcos M
03:02 PM Bug #15223: Killing states on downed gateways breaks when ``Skip rules when gateway is down`` is enabled: I was able to replicate the initial behavior as explained here.
After applying the patch, the PHP error below app... Danilo Zrenjanin
01:51 AM Bug #15223 (Feedback): Killing states on downed gateways breaks when ``Skip rules when gateway is down`` is enabled: Applied in commit:ba90ace48a47086b8db5423f369f1857cf8df34c. Marcos M
01:23 AM Bug #15223 (Waiting on Merge): Killing states on downed gateways breaks when ``Skip rules when gateway is down`` is enabled: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/1131 Marcos M
01:17 AM Bug #15223 (Resolved): Killing states on downed gateways breaks when ``Skip rules when gateway is down`` is enabled: If the following options are set, states remain on offline gateways which prevents connections from failing over.
* ... Marcos M
06:05 PM Bug #15225 (Feedback): Killing states on downed gateways breaks for static interface configurations: Applied in changeset commit:8faff1900a29feb8e7c192591ce932f8bd4a62aa. Marcos M
05:37 PM Bug #15225 (Waiting on Merge): Killing states on downed gateways breaks for static interface configurations: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/1132 Marcos M
05:32 PM Bug #15225 (Resolved): Killing states on downed gateways breaks for static interface configurations: An interface with a static configuration can have a pending gateway status. In this scenario, killing states for down... Marcos M
05:34 PM Revision 8faff190: Check static intefaces with a pending gateway. Fix #15225: Interfaces with a static configuration may have a pending gateway
status when killing states for downed interfaces. Marcos M
05:25 PM Bug #15224 (Feedback): ``services_acb_settings.php`` does not fully validate value of ``frequency``, uses value without encoding: Applied in changeset commit:6f59a7f9fdfe3703667819fcbbd8b6f8cbec0d9f. Jim Pingle
04:12 PM Bug #15224 (Resolved): ``services_acb_settings.php`` does not fully validate value of ``frequency``, uses value without encoding: The value supplied by the user for the @frequency@ parameter on @services_acb_settings.php@ is not fully validated, i... Jim Pingle
04:51 PM Regression #15152: Systems with low RAM fail to upgrade to 24.03: The most recent src merge (done yesterday) includes this commit:... Kristof Provost
04:23 PM Feature #2676 (New): Reply-to option in firewall rule: There are some scenarios where it would be nice to have the ability to force @reply-to@ to use a specific value and n... Jim Pingle
01:44 AM Feature #2676 (Rejected): Reply-to option in firewall rule: From what I can tell, the referenced scenarios would be solved by adding a gateway to the interface. This is the curr... Marcos M
04:12 PM Revision 6f59a7f9: ACB: Validate+encode frequency value. Fixes #15224: Jim Pingle
02:51 AM Bug #15194: PHP Fatal error in easyrule CLI: To clarify, I ran easyrule as a regular user, and the account didn't have permissions to write to the backup cache. David Johnston
01:22 AM Revision ba90ace4: Process downed gateways when killing states. Fix #15223: By the time filter_delete_states_for_down_gateways() is called,
filter_generate_gateways() has already removed downed... Marcos M

01/31/2024

10:44 PM Bug #12401: Traffic graphs with untagged and tagged VLAN on same interface: Also seeing this on pfSense CE 2.7.2. See https://forum.netgate.com/topic/185889/vlan-traffic-showing-up-on-the-wron... Bill Somerville
09:21 PM pfSense Packages Bug #15222 (Resolved): HTTP_Inspect Preprocessor Engine: wrong legend on parameters: Server Flow Depth has the following legend:
@Amount of HTTP server response payload to inspect. Minimum is -1 and ... Ronald Antony
08:57 PM Regression #15197 (Resolved): Outbound NAT rules using an alias without a matching address family create unexpected PF rules: Marcos M
12:44 PM Regression #15197: Outbound NAT rules using an alias without a matching address family create unexpected PF rules: tested and reproduced on:
Version 24.03-DEVELOPMENT (amd64)
built on Tue Jan 23 6:00:00 UTC 2024
FreeBSD 15.0-CURR... Georgiy Tyutyunnik
08:50 PM Bug #15156: Fragmented packets delayed by limiters are lost: Okay, that's useful.
The main point we get from this is that the second time we see the trailing fragment (and don't... Kristof Provost
04:18 PM Bug #15156: Fragmented packets delayed by limiters are lost: adding results for dtraces from today's testing.
it fails with limiter and works without it this time, with ability ... Georgiy Tyutyunnik
07:43 PM Feature #15221 (Pull Request Review): Make System Tunables table sortable: On the System > Advanced page's System Tunables tab, it's really hard to
a) find/check values, since they are in no... Ronald Antony
06:57 PM Feature #8698: LDAP authenticated users should be able to log in via ssh: I'm having the same issue that Max Leighton had previously about 3 years ago
I'm also able to login via webGUI wit... Tai Join
05:25 PM pfSense Plus Bug #15196: AWS ena interfaces can become unstable/stop responding: Closed/Fixed FreeBSD bug that appears similar.... Craig Coonrad
04:46 PM Revision 42267161: Don't check empty arrays: min() requires at least one element in the array Marcos M
08:51 AM Revision bedd340c: Remove failover states using only the gateway label: Interfaces were previously specified since the inbound state needs to
be killed (due to route-to) for the connection ... Marcos M
01:27 AM Feature #855 (Needs Patch): Ability to selectively kill states on gateway recovery: Marcos M

01/30/2024

10:45 PM Todo #15220 (In Progress): Handle ``route-to`` and ``reply-to`` states when using the ``if-bound`` state policy: The route-to issue has been addressed "upstream":https://reviews.freebsd.org/D43589 Marcos M
10:44 PM Todo #15220 (Resolved): Handle ``route-to`` and ``reply-to`` states when using the ``if-bound`` state policy: With the re-introduction of @if-bound@ as the default PF state policy, services on the firewall (which do not automat... Marcos M
10:18 PM Revision a5b49a4e: Add the pfSense CE platform addtional meta package to the build list.: Luiz Souza
09:11 PM pfSense Docs New Content #15191 (Feedback): Document new Packet Flow Data functionality (Plus Only): First draft committed:
https://gitlab.netgate.com/docs/pfSense-docs/-/commit/8e4a9a5558959c27ae63231ccee6bceca5bec81... Jim Pingle
05:08 PM pfSense Docs New Content #15191 (In Progress): Document new Packet Flow Data functionality (Plus Only): Jim Pingle
09:03 PM Revision 43b129c7: Update gateway recovery text: Marcos M
07:03 PM Todo #15219 (Rejected): please upgrade to FRR 9.1: It's already in the dev repos/snapshots, unlikely to be backported. Jim Pingle
07:02 PM Todo #15219 (Rejected): please upgrade to FRR 9.1: Because the current version of pfsense frr 9.0 will cause problems with LAN to WAN routing, I want to upgrade to th... yon Liu
07:01 PM pfSense Packages Feature #15218 (New): Allow manual ordering of generated rules: Under Firewall > pfBlockerNG in the IP tab's IP Interface/Rules Configuration section, there's the "Firewall 'Auto' R... Ronald Antony
05:07 PM pfSense Docs New Content #15193 (Closed): Add documentation for new State Policy options: Information added and deployed (put in live docs since we may be pushing out the relevant patch via system patches so... Jim Pingle
04:38 PM Feature #15217 (New): Log command being run in Diagnostics > Command Prompt: I do not see that the commands being run in Diagnostics > Command Prompt are being logged to the system log.
This ... Chris Linstruth
03:47 PM Bug #15216 (New): captive portal zone name conflicts with existing interface name: Customer reports intermittent issues with captive portal on HA cluster.
Connectivity between nodes in this VLAN inte... Georgiy Tyutyunnik
01:52 PM Bug #15211: tcpdump run with BIOS hardware clock set, but no on environment system time: This should be an option when running the pcap. Steve Wheeler
03:44 AM pfSense Plus Bug #15196 (Confirmed): AWS ena interfaces can become unstable/stop responding: Confirmed. ... Craig Coonrad
03:12 AM pfSense Packages Todo #15119: Update nut-devel version and update startup script: I do not understand. We're just updating the git commit level for upstream, which was been done by Jim 27 days ago. A... Denny Page
12:02 AM pfSense Packages Todo #15119: Update nut-devel version and update startup script: I haven't gone through the commit history to see what fixed the build in dev. Assuming there were some previously mis... Marcos M

01/29/2024

10:03 PM Bug #14386: ``openvpn.auth-user.php`` gets stuck at 100% CPU usage when RADIUS authentication times out: Okay, I have that applied and working now. And I don't seem to see a runaway with a simple auth failure. We'll see ... Orion Poplawski
09:15 PM Bug #14386: ``openvpn.auth-user.php`` gets stuck at 100% CPU usage when RADIUS authentication times out: I updated the patch which should deal with the auth failure. Marcos M
08:52 PM Bug #14386: ``openvpn.auth-user.php`` gets stuck at 100% CPU usage when RADIUS authentication times out: As I noted, patching ovpn_auth_verify_async gave me auth failures. I could try it again an see if that is still the ... Orion Poplawski
06:06 PM Bug #14386: ``openvpn.auth-user.php`` gets stuck at 100% CPU usage when RADIUS authentication times out: Orion Poplawski wrote in #note-13:
> FWIW - still present in 2.7.2 and 23.09.1.
Does the patch from #note-11 work ar... Marcos M
08:11 PM pfSense Packages Todo #15119: Update nut-devel version and update startup script: Ping Denny Page
06:09 PM pfSense Docs Todo #15215 (Resolved): Point the main gateways page to the general gateways doc: Change merged. Marcos M
05:47 PM pfSense Docs Todo #15215 (Resolved): Point the main gateways page to the general gateways doc: System > Routing > Gateways currently points to the individual gateway settings page - it should point to the general... Marcos M
05:50 PM Feature #15207: DynDNS - Missing update KEY: Jim Pingle wrote in #note-9:
> OK so all of that still points toward it needing a new client entry created so it nee... Matt Keys
04:37 PM Feature #15207: DynDNS - Missing update KEY: OK so all of that still points toward it needing a new client entry created so it needs to be treated as such. Please... Jim Pingle
04:20 PM Feature #15207: DynDNS - Missing update KEY: They have not shut down username password auth as mine is still operating. They have just added key auth. The reason ... Matt Keys
03:58 PM Feature #15207: DynDNS - Missing update KEY: Matt Keys wrote in #note-6:
> If I'm not mistaken it is the same service, just under a different domain name. Dyn wa... Jim Pingle
03:44 PM Feature #15207: DynDNS - Missing update KEY: Hi Jim,
If I'm not mistaken it is the same service, just under a different domain name. Dyn was acquired by Oracle... Matt Keys
03:05 PM Feature #15207: DynDNS - Missing update KEY: It wasn't clear except for one tiny spot on one screenshot that you meant "dyn.com", "DynDNS" is a generic term and w... Jim Pingle
02:55 PM Feature #15207: DynDNS - Missing update KEY: Dyn Update clients - https://help.dyn.com/update-clients/
Dyn.com portal https://account.dyn.com/
Matt Keys
02:51 PM Feature #15207: DynDNS - Missing update KEY: Jim Pingle wrote in #note-2:
> Whatever service that is, it would need to be added as a supported provider and not b... Matt Keys
02:18 PM Feature #15207 (Incomplete): DynDNS - Missing update KEY: Whatever service that is, it would need to be added as a supported provider and not be handled via the custom option.... Jim Pingle
05:35 PM Bug #15214 (Resolved): Advanced rule options tooltip does not show negated Tag option: Marcos M
05:25 PM Bug #15214 (Waiting on Merge): Advanced rule options tooltip does not show negated Tag option: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/1128 Marcos M
05:21 PM Bug #15214 (Resolved): Advanced rule options tooltip does not show negated Tag option: When hovering over the advanced options icon for a firewall rule, the popup shows @tagged <tag>@ even when the tag is... Marcos M
05:30 PM Revision 4e569a40: Show negate option in popup for advanced rule options. Fix #15214: While there, reoder the tag text to read closr to
how rules are processed. Marcos M
05:28 PM Revision 6727d199: Revert "Show negate option in popup for advanced rule options. Fix #15214": This reverts commit e933a0230e366faa772686447b530a145af06acf. Marcos M
05:24 PM Revision e933a023: Show negate option in popup for advanced rule options. Fix #15214: While there, reoder the tag text to read closr to
how rules are processed. Marcos M
04:54 PM Feature #15213 (New): Dyn.com / dyndns - Update client auth mechanism update: Dyn.com Dynamic DNS service is missing key authentication mechanisms currently.
I am following the request for new... Matt Keys
04:42 PM Regression #15051: Host(s) Aliases using Domains fail to resolve: Steve Wheeler wrote in #note-7:
> Unable to replicate that in 23.09.1:
Thank you Steve, I have reinstalled 23.09.... John Smith
03:22 PM Regression #15051 (Not a Bug): Host(s) Aliases using Domains fail to resolve: Unable to replicate that in 23.09.1:... Steve Wheeler
04:33 PM Bootstrap Bug #5274: services_dyndns_edit.php existing password is not loaded/saved when editing: Steve Russell wrote in #note-7:
> Ugh, yes, you are correct Jim, thanks! Password manager was autofilling the passw... Jim Pingle
04:15 PM Bootstrap Bug #5274: services_dyndns_edit.php existing password is not loaded/saved when editing: Ugh, yes, you are correct Jim, thanks! Password manager was autofilling the password field with who knows what.
S... Steve Russell
02:31 PM Bootstrap Bug #5274: services_dyndns_edit.php existing password is not loaded/saved when editing: Steve Russell wrote in #note-5:
> Not sure if this should be a separate bug now, or when this came back, but this is... Jim Pingle
02:26 PM Bootstrap Bug #5274: services_dyndns_edit.php existing password is not loaded/saved when editing: Not sure if this should be a separate bug now, or when this came back, but this issue is present in 2.60 and 2.72. Steve Russell
04:09 PM pfSense Docs Todo #15212 (New): Feedback on pfSense® software Configuration Recipes — WireGuard Remote Access VPN Configuration Example: *Page:* https://docs.netgate.com/pfsense/en/latest/recipes/wireguard-ra.html
*Feedback:*
See this discussion ab... Jim Kleckner
02:37 PM Bug #15210: Firewall Rules not deleting: I applied the rules after removing it. You can see in my screenshot, I even added a new rule to block port 80, to cou... Ricaardo Garcia
02:27 PM Bug #15210 (Not a Bug): Firewall Rules not deleting: You are either not applying the rules after editing or something is preventing the filter reload from completing whic... Jim Pingle
02:26 PM Feature #15209: Option to specify custom user home directory paths: There may be reasons to move it on some systems but this is meant to be a firewall appliance, not a general-purpose m... Jim Pingle
02:21 PM Feature #7943: Overflow scrolling for top navigation drop-down menus in Fixed mode: Updating subject for release notes. Jim Pingle
02:16 PM Todo #15188 (Resolved): Remove deprecated OpenVPN hardware crypto engine option: Jim Pingle
02:16 PM pfSense Plus Bug #15205 (Not a Bug): Changing a WAN type interface from DHCP to static IPv4 address causes WAN to appear in DHCP server configuration: This is normal and expected. Any static interface with a sufficient size subnet will appear in the DHCP server as an ... Jim Pingle
02:14 PM Feature #15203: Option to allow customized user home directory permissions to be preserved: The way the users are currently synchronized this type of action is made to ensure consistently and that the accounts... Jim Pingle
02:11 PM pfSense Packages Feature #15199 (Rejected): Unable to add user defined options to /etc/ssh/sshd_config due to its dynamic nature and no UI to add additional configuration options: The @sshd_extra@ file method is there for customizing directives. It was added for the sshdcond package but that pack... Jim Pingle
02:03 PM Feature #15201 (Rejected): Unified mechanism for update notifications: All things that have come up before and are either already part of longer term plans or decided against. Jim Pingle
02:03 PM pfSense Docs New Content #15200 (Rejected): usermanager privileges have ZERO documentation on the "User - System: Copy files to home directory (chrooted scp)" privileges setting/setup: That's a deliberate choice. The firewall is not meant to be a general-purpose file server with access handed out free... Jim Pingle
02:00 PM pfSense Packages Feature #15198 (Rejected): System_Patches package should advertize on the dashboard, or send notifications, if there are recommended patches available: This has been asked and answered before, tl;dr: Not going to happen. New patches come with new versions of the packag... Jim Pingle
11:58 AM Bug #15211 (Closed): tcpdump run with BIOS hardware clock set, but no on environment system time: Brilliant pfSense Stuff!
*Please fix* :
tcpdump could be run with TZ (Time Zone) set in the whole system environ... Sergei Shablovsky

01/28/2024

09:09 PM Regression #15051: Host(s) Aliases using Domains fail to resolve: Marcos M wrote in #note-5:
> It may be best to troubleshoot/discuss further on the forums to narrow down the issue g... John Smith
09:01 PM Regression #15051 (Incomplete): Host(s) Aliases using Domains fail to resolve: It may be best to troubleshoot/discuss further on the forums to narrow down the issue given that we cannot reproduce it. Marcos M
05:08 PM Regression #15051: Host(s) Aliases using Domains fail to resolve: Marcos M wrote in #note-3:
> > Aka google.com in an alias, all clients going to google.com should be diverted from WA... John Smith
05:05 PM Regression #15051 (Not a Bug): Host(s) Aliases using Domains fail to resolve: > Aka google.com in an alias, all clients going to google.com should be diverted from WAN to OpenVPN for that domain,... Marcos M
02:30 AM Regression #15051: Host(s) Aliases using Domains fail to resolve: Danilo Zrenjanin wrote in #note-1:
> I couldn't confirm that behavior on the 23.09.1 pfSense Plus release.
Hey Dani... John Smith
08:58 PM Feature #10271 (Feedback): Large number of VLAN/LANs make "Interfaces" menu hard to access: With the overflow fix in, handling this likely requires a longer-term general UX change. Marcos M
06:47 PM Feature #10271: Large number of VLAN/LANs make "Interfaces" menu hard to access: As far as I understand it is not a duplicate. The other linked topic talks about the problem with the top menubar bei... Jens Groh
04:52 PM Feature #10271 (Duplicate): Large number of VLAN/LANs make "Interfaces" menu hard to access: Marcos M
07:26 PM Bug #15210: Firewall Rules not deleting: I have an issue where I believe it may be a bug in the WebGUI for the firewall filters. I previously created a filter... Ricaardo Garcia
07:17 PM Bug #15210 (Not a Bug): Firewall Rules not deleting: I have an issue where I believe it may be a bug in the WebGUI for the firewall filters. I previously created a filter... Ricaardo Garcia
05:21 PM Feature #15209 (New): Option to specify custom user home directory paths: There are plenty of reasons not to have a home directory in /home/username
There should be the option of specifyin... Ronald Antony
04:55 PM Feature #7943: Overflow scrolling for top navigation drop-down menus in Fixed mode: Applied in changeset commit:79025bde07a7c9f9b4d6d80be3c2efca9f1bd2c4. Marcos M
04:51 PM Feature #7943 (Feedback): Overflow scrolling for top navigation drop-down menus in Fixed mode: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/1127
The CSS fix works for Firefox / Chromium, desktop... Marcos M
04:46 PM Revision 79025bde: Add scroll when nagivating menus overlfow. Fix #7943: Marcos M
04:27 PM Bug #15194 (Incomplete): PHP Fatal error in easyrule CLI: I was not able to reproduce this. The error points to an issue writing the backup cache:... Marcos M
03:45 PM Bug #15146: Outbound NAT rules need re-applied after restore in different hardware: This may have been an indirect result of #15197 Marcos M
03:42 PM Regression #15206 (Resolved): Deleting OpenVPN server or client on 24.03 release gives an error: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/1126 Marcos M
06:13 AM Regression #15206 (Resolved): Deleting OpenVPN server or client on 24.03 release gives an error: Attempt delete OpenVPN server or client on 24.03 release gives an error.
24.03-DEVELOPMENT (amd64)
built on Fri Jan... aleksei prokofiev
03:40 PM Revision e022d8cd: Use the correct function parameters. Fix #15206: Marcos M
03:30 PM Feature #855 (Feedback): Ability to selectively kill states on gateway recovery: Applied in changeset commit:30d46b63834444e9a7a4af310a5d8aaf94baf01a. Marcos M
03:30 PM Bug #12920 (Feedback): Gateway behavior differs when the gateway does not exist in the configuration: Applied in changeset commit:17e64d8dc879e2282a95291621f4192f841f6cc5. Marcos M
03:30 PM Bug #12942 (Feedback): Code to kill states for old gateway when reconnecting an interface is incorrect: Applied in changeset commit:b4df50f412a219e7c58563adb47fe1eabb2c405f. Marcos M
03:21 PM pfSense Docs New Content #15208 (Resolved): Document the new gateway recovery state killing feature: Feature details here:
https://redmine.pfsense.org/issues/855 Marcos M
03:18 PM Revision 30d46b63: Kill states on gateway failover recovery. Implement #855: Marcos M
03:18 PM Revision 17e64d8d: Sync generated gateways to config. Fix #12920: Marcos M
03:18 PM Revision b4df50f4: Remove old state killing colde. Fix #12942: For rc.newwanip, it's redundant to kill specific states before killing
all states. For ppp-linkup, state killing is a... Marcos M
01:13 PM Feature #15207: DynDNS - Missing update KEY: !
!clipboard-202401280813-wtbis.png!
! Matt Keys
12:55 PM Feature #15207 (Incomplete): DynDNS - Missing update KEY: I apologize if this has already been reported, or already exists as a feature request. I did search previous to post,... Matt Keys
07:39 AM Bug #14919: OpenVPN forms invalid ``route`` statements for empty local networks: Tested on
24.03-DEVELOPMENT (amd64)
built on Fri Jan 26 9:00:00 MSK 2024
FreeBSD 15.0-CURRENT
The issue still p... aleksei prokofiev
05:04 AM Bug #15178: ACB (autoconfig backup) restore always returns could not decrypt despite proper password: Tested on
24.03-DEVELOPMENT (amd64)
built on Wed Jan 17 6:00:00 UTC 2024
FreeBSD 15.0-CURRENT
I am unable to ... aleksei prokofiev
04:55 AM Todo #15188: Remove deprecated OpenVPN hardware crypto engine option: Tested on
23.09.1-RELEASE (amd64)
built on Wed Dec 20 21:27:00 MSK 2023
FreeBSD 14.0-CURRENT
24.03-DEVELOPMENT... aleksei prokofiev
02:41 AM pfSense Plus Bug #14401: Changing from Switchport to Discrete Interface in VGA/Serial Console Breaks Port Status Monitoring: possibly related? https://redmine.netgate.com/issues/12480 Jordan G
02:24 AM pfSense Plus Bug #14894: Password protected console login prompt does not render properly on 4100/6100/8200 serial console: seems present on ARM-based as well, when connecting with 1100 console, this is all we see of the first line after con... Jordan G
02:10 AM pfSense Plus Bug #15205 (Not a Bug): Changing a WAN type interface from DHCP to static IPv4 address causes WAN to appear in DHCP server configuration: WAN interface currently using IPv4 DHCP type address, switch this interface to static, enter IP, create gateway, save... Jordan G
01:30 AM Feature #15204 (New): pfSense email notification: support STARTTLS without authentication: According to the NET_SMTP documentation (https://github.com/pear/Net_SMTP):... Craig Coonrad
01:23 AM pfSense Packages Bug #15190 (Pull Request Review): PHP error from RRD Graphs when resolution is null: https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/385 Christopher Cope
01:08 AM Feature #15203 (New): Option to allow customized user home directory permissions to be preserved: It is well intentioned and improves system security in general, that proper home directory ownerships are maintained.... Ronald Antony
12:30 AM Bug #15195: PHP error if config contain <ppps></ppps> empty tag: Lev Prokofev wrote:
> The error occurs on boot if the config containing <ppps></ppps>
>
> tested on
>
>
>
... Kris Phillips
12:28 AM Bug #14996: Kea DHCP PHP error from WINS server value: Jared Hendrickson wrote in #note-2:
> I opened a PR this morning that contains a fix for this: https://github.com/pfs... Kris Phillips
12:21 AM Bug #12774: Picture widget image is not saved in backup: Ronald Antony wrote in #note-6:
> Viktor Gurov wrote in #note-3:
> > But we can only backup image data if the "Incl... Kris Phillips

01/27/2024

11:51 PM pfSense Packages Bug #15190: PHP error from RRD Graphs when resolution is null: More information: The code is being hit when using the custom Time Period. The code attempts to subtract the resoluti... Christopher Cope
11:34 PM Bug #15122: PHP errors in LDAP server prevent it from falling back to Local Database: Danilo Zrenjanin wrote in #note-4:
> The firewall couldn't reach the LDAP server and I couldn't replicate that on 23... Christopher Cope
02:34 PM Bug #15122: PHP errors in LDAP server prevent it from falling back to Local Database: The firewall couldn't reach the LDAP server and I couldn't replicate that on 23.09.1.
Is there any specifically w... Danilo Zrenjanin
11:08 PM Feature #855: Ability to selectively kill states on gateway recovery: Henniee Walterson wrote in #note-26:
> it might be useful to implement the recover state killing in the gateway sect... Alex Viper_Rus
10:32 PM pfSense Packages Feature #15199: Unable to add user defined options to /etc/ssh/sshd_config due to its dynamic nature and no UI to add additional configuration options: So, looking at */etc/sshd* I find this section:... Ronald Antony
09:36 PM pfSense Packages Feature #15199 (Rejected): Unable to add user defined options to /etc/ssh/sshd_config due to its dynamic nature and no UI to add additional configuration options: In order to run a user with scponly privileges
(see: https://forum.netgate.com/topic/185794/there-s-absolutely-no-u... Ronald Antony
10:28 PM pfSense Plus Bug #15202 (New): Add Option for Network Portion of Subnet "Wildcard" for IPv6 Rules: Filtering hosts with IPv6 is extremely difficult when utilizing an upstream provider that is providing a Prefix Deleg... Kris Phillips
10:04 PM Bug #12774: Picture widget image is not saved in backup: Viktor Gurov wrote in #note-3:
> But we can only backup image data if the "Include extra data" option is checked.
... Ronald Antony
10:00 PM Feature #15201 (Rejected): Unified mechanism for update notifications: It would be nice if there were a unified mechanism of notifying admins of
- updates to the base system
- updates to... Ronald Antony
09:44 PM pfSense Docs New Content #15200 (Rejected): usermanager privileges have ZERO documentation on the "User - System: Copy files to home directory (chrooted scp)" privileges setting/setup: The manual section which should have this documented, is glaringly empty:
https://docs.netgate.com/pfsense/en/late... Ronald Antony
09:29 PM pfSense Packages Feature #15198 (Rejected): System_Patches package should advertize on the dashboard, or send notifications, if there are recommended patches available: As non-full-time sysadmin, not only do I not regularly monitor the dashboard, I do even less regularly (read: never) ... Ronald Antony
07:55 PM Regression #15197 (Feedback): Outbound NAT rules using an alias without a matching address family create unexpected PF rules: Applied in changeset commit:4f90b67bb214521e5fc554fa24e97a0b283ad8c3. Marcos M
07:40 PM Regression #15197 (Waiting on Merge): Outbound NAT rules using an alias without a matching address family create unexpected PF rules: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/1125 Marcos M
07:20 PM Regression #15197 (Resolved): Outbound NAT rules using an alias without a matching address family create unexpected PF rules: Create an Outbound NAT rule with:
- @Do not NAT@ checked
- @IPv4+IPv6@ for address family
- Source @<interface> su... Marcos M
07:53 PM Bug #12920 (Pull Request Review): Gateway behavior differs when the gateway does not exist in the configuration: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/1124
This change makes sure gateways are added to the co... Marcos M
07:43 PM Feature #15183: Add per-rule option to set PF State Policy (if-bound vs floating): Firewall State Policy option is added:
pfctl -sr results:
+interface bound state:+
pass in quick on em0 r... Alhusein Zawi
07:39 PM Revision 4f90b67b: Check for empty hosts when generating outbound NAT rules. Fix #15197: Make sure that there's a valid host when calling
filter_nat_rules_generate_if() and add missing new lines. Marcos M
07:37 PM Bug #11418 (Resolved): 'NAT-T: Force' is broken for IPv6 IPsec: Tested on 24.03-DEVELOPMENT (built on Fri Jan 26 9:00:00 MSK 2024)
There is no any issue with 'NAT-T: Force'. I wa... Azamat Khakimyanov
12:44 PM Regression #14078: Traffic graph shows half actual throughput when switching back to the graph: As I mentioned in the related Redmine, the issue is still present and I need to run with my local fix Patrik Stahlman
11:57 AM Regression #14078: Traffic graph shows half actual throughput when switching back to the graph: Related to https://redmine.pfsense.org/issues/14933 Danilo Zrenjanin
11:55 AM Regression #14078 (Feedback): Traffic graph shows half actual throughput when switching back to the graph: I can not reproduce this on 23.09.1.
Google Chrome for MacOS.
The download speed in the /status_graph.php remains ... Danilo Zrenjanin
12:39 PM Bug #14933: Traffic Graph widget displays bandwidth usage values which are half the actual usage amount: This problem is still reproducable for me on pfSense Plus 23.09.1-RELEASE. It might not happen every time you switch ... Patrik Stahlman
12:09 PM Bug #14933: Traffic Graph widget displays bandwidth usage values which are half the actual usage amount: Related to https://redmine.pfsense.org/issues/14078 Danilo Zrenjanin
12:09 PM Bug #14933 (Feedback): Traffic Graph widget displays bandwidth usage values which are half the actual usage amount: I can not reproduce this behavior on 23.09.1.
Google Chrome for MacOS.
The download speed in the widget remain... Danilo Zrenjanin
04:03 AM Feature #8794: NTP authentication support: @Marcos M
Is there something I need to do to get this merged? The PR still has the changes requested label applied e... Matthew Ray
01:01 AM pfSense Plus Bug #15196 (Not a Bug): AWS ena interfaces can become unstable/stop responding: On AMD Epyc hardware in AWS, pfSense Plus ena interfaces can lose their IP addressing and then stop responding entire... Kris Phillips

01/26/2024

07:41 PM pfSense Docs Correction #14143 (Closed): Feedback on System Monitoring — Remote Logging with Syslog: Updated and deployed: https://gitlab.netgate.com/docs/pfSense-docs/-/commit/79919a2075edcf6a5627b3099cc2471a76893673 Jim Pingle
07:28 PM pfSense Docs New Content #15150 (Resolved): Update IPsec Terminology Differences: Added: https://gitlab.netgate.com/docs/pfSense-docs/-/commit/93f807abb3dcb4c330f9866566555deabf1cc577 Jim Pingle
07:15 PM pfSense Docs Todo #15014 (Rejected): Feedback on Configuration — Advanced Configuration Options — Firewall: We still set the default at 400000 in the default @config.xml@, so the docs are still correct:... Jim Pingle
06:41 PM pfSense Docs Correction #15075 (Closed): Changing MSS for IPsec: I updated the menu location for the option: https://gitlab.netgate.com/docs/pfSense-docs/-/commit/14d49c53df3133db0f6... Jim Pingle
06:35 PM pfSense Docs New Content #15192 (Closed): Document new Speed Shift functionality: Added and deployed:
https://gitlab.netgate.com/docs/pfSense-docs/-/commit/7f8a91bb44b671a70f5696513bd8cd11dff487c7... Jim Pingle
05:15 PM Bug #14996: Kea DHCP PHP error from WINS server value: I opened a PR this morning that contains a fix for this: https://github.com/pfsense/pfsense/pull/4667 Jared Hendrickson
03:04 PM Bug #15195 (Duplicate): PHP error if config contain <ppps></ppps> empty tag: The error occurs on boot if the config containing <ppps></ppps>
tested on ... Lev Prokofev
02:31 PM Bug #15194 (Incomplete): PHP Fatal error in easyrule CLI: Running "easyrule block wan 1.0.152.114" via ssh caused an error.
It looks like it's a problem in backup_config().
... David Johnston
02:22 PM Regression #15152: Systems with low RAM fail to upgrade to 24.03: Something else I may have narrowed down is that in each case it appears to only be dbus that's failing this. It's dbu... Jim Pingle
01:23 PM Feature #7943: Overflow scrolling for top navigation drop-down menus in Fixed mode: The primary reason this hasn't seen any traction is because it's only a problem for users who have opted into the non... Jim Pingle
01:13 PM Feature #7943: Overflow scrolling for top navigation drop-down menus in Fixed mode: Hello,
while this can seem like a trivial issue for some, usability and accesibility are important aspects of any ... Patrik Stahlman
01:18 PM Feature #10271: Large number of VLAN/LANs make "Interfaces" menu hard to access: This issues has also been reported here: https://redmine.pfsense.org/issues/7943 and includes a simple change until... Patrik Stahlman
09:08 AM Bug #15187: OpenVPN client addresses unreachable despite all rules in place and tunnel being up: As far as I can tell we've exhausted all the options. The routes are correct. the firewall rules allow the traffic. ... Roland Giesler

01/25/2024

08:58 PM pfSense Docs New Content #15193 (Closed): Add documentation for new State Policy options: In #15173 we added a global option to change the default state policy to be interface-bound instead of floating. The ... Jim Pingle
08:53 PM pfSense Docs New Content #15192 (Closed): Document new Speed Shift functionality: We added support for Intel Speed Shift in 23.09/2.7.1 and it needs added to the documentation. See #14047 for details... Jim Pingle
08:49 PM pfSense Docs New Content #15191 (Closed): Document new Packet Flow Data functionality (Plus Only): Create documentation for the new pflow/Packet Flow Data functionality added to Plus for 24.03.
See #15039 for deta... Jim Pingle
07:31 PM Feature #15189 (Needs Patch): Firewall Rule Tracer: This has come up before and it's not feasible until/unless PF itself has a test function internally to run such a tra... Jim Pingle
07:13 PM Feature #15189 (Needs Patch): Firewall Rule Tracer: Requesting a Feature popular on successful commercial platforms to improve the viability of PFSense for larger more c... Justin Radke
07:30 PM Todo #15188 (Feedback): Remove deprecated OpenVPN hardware crypto engine option: Applied in changeset commit:7983c2dd617dcc7684b8ed871f463459e640cf34. Jim Pingle
06:54 PM Todo #15188 (Resolved): Remove deprecated OpenVPN hardware crypto engine option: There is an option in the OpenVPN client/server configuration (and wizard) which sets a hardware crypto engine for Op... Jim Pingle
07:26 PM pfSense Packages Bug #15190 (Resolved): PHP error from RRD Graphs when resolution is null: Happens on... Christopher Cope
07:12 PM Bug #15185: Problem with Widgets OpenVPN in Pfsense 2.7.2 after upgrade: We have been using Pfsense platform for eight yers now and the more Certificates per User we have the more slowly Wid... Przemyslaw Przybyl
06:54 PM Revision 7983c2dd: Remove OpenVPN engine option. Implements #15188: It's been non-functional for years and is only confusing users now. Jim Pingle
05:30 PM Feature #15183 (Feedback): Add per-rule option to set PF State Policy (if-bound vs floating): Applied in changeset commit:22de584bd0a234e1c658e703098ea259058cc478. Jim Pingle
05:24 PM Feature #15183: Add per-rule option to set PF State Policy (if-bound vs floating): Note when testing that the _OS_ default is @floating@, thus when inspecting rules output by @pfctl -sr@ the word "flo... Jim Pingle
02:21 PM Feature #15183 (In Progress): Add per-rule option to set PF State Policy (if-bound vs floating): Jim Pingle
05:20 PM Revision 22de584b: Per-rule State Policy option. Implements #15183: Adds a setting in the advanced section when editing a firewall rule
which allows a rule to use a state policy that di... Jim Pingle
05:10 PM pfSense Packages Bug #14805: when I changed Endpoint ip via webgui, but wiregaurd still using old ip ruuning.: I couldn't recreate the behavior you're experiencing on the 23.09.1 pfSense Plus version.
Changing the Endpoint I... Danilo Zrenjanin
02:41 PM Regression #15152: Systems with low RAM fail to upgrade to 24.03: I'm seeing a similar failure though so far only on 1100.
There is a sysctl oid @vfs.tmpfs.memory_percent@ which al... Jim Pingle
02:12 PM Regression #15051: Host(s) Aliases using Domains fail to resolve: I couldn't confirm that behavior on the 23.09.1 pfSense Plus release.
Please see the screenshots below:
!clipb... Danilo Zrenjanin
01:52 PM pfSense Plus Feature #15186: Test DNS over TLS: Such a test wouldn't be ideal to mix in the settings since there are other required parts for that to work that aren'... Jim Pingle
01:46 PM Bug #15187 (Not a Bug): OpenVPN client addresses unreachable despite all rules in place and tunnel being up: I don't see anything in that thread that suggests it's a bug rather than a misconfiguration somewhere. Keep discussin... Jim Pingle
07:29 AM Bug #15187 (Not a Bug): OpenVPN client addresses unreachable despite all rules in place and tunnel being up: Refer to support ticket: https://forum.netgate.com/topic/185705/p2p-vpn-server-can-t-reach-client-but-client-can-reac... Roland Giesler
12:44 PM Bug #15176 (Resolved): Change Mobile IPsec RADIUS accounting to use ``accounting_requires_vip`` so accounting will not activate for non-mobile VPNs: Tested the patch against:... Danilo Zrenjanin

01/24/2024

11:57 PM pfSense Plus Feature #15186 (New): Test DNS over TLS: The ability to readily confirm TLS DNS would be established once saved. Jeff Kuehl
09:00 PM pfSense Plus Feature #15039: GUI to configure Packet Flow Data (``pflow``) export: Things to keep in mind when testing.
When _inactive_ (disabled or not yet applied):... Jim Pingle
08:47 PM pfSense Plus Feature #15039 (Feedback): GUI to configure Packet Flow Data (``pflow``) export: MR merged:
https://gitlab.netgate.com/pfSense/factory/-/commit/e755ceefc81c7942797459bc1fd6132343ec2cfc
New fil... Jim Pingle
08:56 PM pfSense Plus Feature #15038 (Closed): Operating System support for PF ``pflow`` packet data flow export: Looks good on current snapshots, everything appears to be working as expected.... Jim Pingle
08:52 PM Bug #15185 (Incomplete): Problem with Widgets OpenVPN in Pfsense 2.7.2 after upgrade: There isn't nearly enough information here to draw any conclusions and I can't reproduce it here.
Please post on t... Jim Pingle
10:46 AM Bug #15185 (Incomplete): Problem with Widgets OpenVPN in Pfsense 2.7.2 after upgrade: After Upgrade with 2.7.0 to 2.7.1 next to 2.7.2.
Widgets OpenVPN - Servers, OpenVPN - Clients, OpenVPN - Client ... Przemyslaw Przybyl
05:22 PM Bug #11418 (Feedback): 'NAT-T: Force' is broken for IPv6 IPsec: 24.03 will have the upstream fixes - this can be tested currently in 24.03 dev snapshots. Marcos M
04:32 PM Bug #13934 (Closed): Killing states by gateway can miss some IPv6 outbound states: This will need to be handled with custom floating rules. With the proposed change, the route-to rules for secondary W... Marcos M
04:15 PM Bug #14386: ``openvpn.auth-user.php`` gets stuck at 100% CPU usage when RADIUS authentication times out: FWIW - still present in 2.7.2 and 23.09.1. Orion Poplawski
10:19 AM Bug #15156: Fragmented packets delayed by limiters are lost: The expected flow here is that the fragmented packets arrive, get passed through the inbound (pf_test(PF_IN)) test, r... Kristof Provost
07:31 AM Bug #15156: Fragmented packets delayed by limiters are lost: There's a clue in the last dtrace that's backed up by the pf debug output in dmesg:... Kristof Provost
12:15 AM Bug #15180: Web UI sort order not maintained after auto refresh: Jim Pingle wrote in #note-3:
> The table sorting is all client side in JavaScript and it has no persistence. There i... James Garrison

01/23/2024

09:11 PM pfSense Plus Feature #15039 (Pull Request Review): GUI to configure Packet Flow Data (``pflow``) export: MR: https://gitlab.netgate.com/pfSense/factory/-/merge_requests/117
Jim Pingle
08:49 PM Bug #11418: 'NAT-T: Force' is broken for IPv6 IPsec: FYI: Wiktel and MICE (https://micemn.net) sponsored work by Klara (https://klarasystems.com), who landed a patch in F... Richard Laager
05:00 PM Bug #15156: Fragmented packets delayed by limiters are lost: attached is requested info from todays diagnostic session
dtraces taken specifically during the calls
pipe info irrel... Georgiy Tyutyunnik
10:36 AM Todo #15184 (New): Change hint text in "Remote Log Servers" to reflect actual possible entry: Dear pfSense Dev Team!
On a page
*Status / System Logs / Settings*
Section
" *Remote Logging Option* "
UI Ele... Sergei Shablovsky

01/22/2024

11:45 PM pfSense Plus Feature #15038 (Feedback): Operating System support for PF ``pflow`` packet data flow export: The signed vs. unsigned issue will be fixed in the next snapshot.
The issue in comment 8 is actually expected beha... Kristof Provost
04:26 PM pfSense Plus Feature #15038: Operating System support for PF ``pflow`` packet data flow export: Per Kristof, the above was an output printing issue in @pflowctl@ and it was correct internally. That will be fixed s... Jim Pingle
03:13 PM pfSense Plus Feature #15038 (In Progress): Operating System support for PF ``pflow`` packet data flow export: After testing a bit I discovered what might be a minor issue.
Not that I expect anyone to need to go this high, bu... Jim Pingle
02:39 PM pfSense Plus Feature #15038 (Feedback): Operating System support for PF ``pflow`` packet data flow export: Module is present now on latest build (24.03.a.20240122.0600) and loads OK.
Had a weird glitch once where I couldn... Jim Pingle
08:31 PM pfSense Packages Feature #14633: Cleanup states on dynamic routing changes: Jim Pingle wrote in #note-2:
> At the moment the FreeBSD port does not appear to build FRR with @--enable-scriptin... Henniee Walterson
03:51 PM pfSense Packages Feature #14633 (Feedback): Cleanup states on dynamic routing changes: I believe #15173 may help here since states would no longer match on the old interface after a routing change. It sho... Marcos M
07:26 PM Feature #13894 (Resolved): Explicitly enable/disable DHCP Dynamic DNS updates in each scope: Marcos M
07:23 PM Bug #14290 (Feedback): ICMPv6 Path MTU Discovery breaks with NPT: Marcos M
07:01 PM Bug #13934 (Pull Request Review): Killing states by gateway can miss some IPv6 outbound states: Marcos M
06:53 PM Bug #12942 (Pull Request Review): Code to kill states for old gateway when reconnecting an interface is incorrect: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/1124 Marcos M
06:33 PM Feature #13844: Make RADIUS Start/Stop accounting immediately log off a user that exceeds quota when reauthentication is disabled: As per comment in #13843, please include multiuser, parallel, simultaneous logins, cumulative when calculating totals... Dale Harron
06:29 PM Feature #13843: Add ability to properly configure RADIUS captive portal user quotas of 4096MB or more: When implementing this feature, please support multi-user logins, including parallel user sessions that have been sta... Dale Harron
06:25 PM Regression #15170 (Closed): webConfigurator IPv6 resolver syntax change: Chris Linstruth
06:25 PM Regression #15170: webConfigurator IPv6 resolver syntax change: Looks good on Jan 22 build. Thanks. Chris Linstruth
05:46 PM pfSense Plus Todo #15164 (Resolved): Add ZFS Boot Environment list to status output: Jim Pingle
05:44 PM pfSense Plus Todo #15164 (Confirmed): Add ZFS Boot Environment list to status output: Confirmed working in 24.03.a.20240122.0600. Craig Coonrad
05:24 PM pfSense Packages Todo #15119: Update nut-devel version and update startup script: Okay, can we go ahead and push this into prod please? I've had users testing builds that I produced from FreeBSD port... Denny Page
03:59 PM pfSense Packages Todo #15119: Update nut-devel version and update startup script: There was an issue with the previous MRs - they seemed to be missing additional commits which caused some build failu... Marcos M
04:27 PM Feature #15183 (Resolved): Add per-rule option to set PF State Policy (if-bound vs floating): Now that #15173 is in place it would be helpful to have a per-rule option to set state policy between default, if-bou... Jim Pingle
03:53 PM Feature #855 (Pull Request Review): Ability to selectively kill states on gateway recovery: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/1124
https://redmine.pfsense.org/issues/15208 Marcos M
02:48 PM pfSense Plus Feature #15039 (In Progress): GUI to configure Packet Flow Data (``pflow``) export: Jim Pingle
01:05 PM Bug #15180 (Not a Bug): Web UI sort order not maintained after auto refresh: The table sorting is all client side in JavaScript and it has no persistence. There is no way for it to remember anyt... Jim Pingle
12:57 AM Bug #15180: Web UI sort order not maintained after auto refresh: Can confirm in 23.09.1
Seems to happen with any table that automatically updates, the table updates with the defau... dylan mendez
01:04 PM Feature #15179 (Rejected): Pre-set “error” in “Advanced Log Filter” in Status / System Logs: Not everything that's a problem contains the string "error" nor does every string that contains "error" mean it's a p... Jim Pingle
03:48 AM pfSense Packages Bug #15182: Changing backend port - status remains down: The workaround is to delete the backend server and recreate Mike Moore
03:44 AM pfSense Packages Bug #15182 (Confirmed): Changing backend port - status remains down: I noticed that if you enable basic health checks on a backend server, in my example port 443 the health check succeed... Mike Moore
01:08 AM Bug #15181: PHP error in ``interfaces_qinq_edit.php`` when creating a QinQ interface: dylan mendez wrote in #note-1:
> Can you please share your pfSense version as well as specific VLAN IDs you're using... Jens Becker
01:02 AM Bug #15181: PHP error in ``interfaces_qinq_edit.php`` when creating a QinQ interface: Created two QinQ interfaces on two different interfaces, no issue. 23.09.1
Can you please share your pfSense versi... dylan mendez

01/21/2024

10:30 PM Bug #15181 (Resolved): PHP error in ``interfaces_qinq_edit.php`` when creating a QinQ interface: When creating a new QinQ interface on /interfaces_qinq_edit.php it throws this error:... Jens Becker
08:00 PM Bug #15180: Web UI sort order not maintained after auto refresh: I can confirm the same issue on pf Plus version 23.09.1, so effects both CE and Plus. Ethan Word
05:55 PM Bug #15180 (Not a Bug): Web UI sort order not maintained after auto refresh: When I select a sort column in any display that refreshes, the sort order reverts to the default when the display ref... James Garrison
04:21 AM pfSense Packages Feature #15107: An option to disable routes: Hey Kris,
The scenario is using wireguard with FRR , bgp in my case.
As i am getting routes from a remote gateway i... Mike Moore
04:08 AM pfSense Packages Feature #15107: An option to disable routes: Mike Moore wrote:
> When using Wireguard with FRR (dynamic routing) there needs to be an option to select 'Disable ro... Kris Phillips
04:15 AM Feature #13293: Option to set auth-gen-token in OpenVPN GUI: Marcos M wrote in #note-2:
> It's unclear if the concerns mentioned on the following link have been addressed - best... Kris Phillips
04:03 AM pfSense Packages Bug #15172: Tailscale interface goes down without reason: I suspect this is because Service Watchguard is watching for the Tailscale service to crash, not for a tunnel to drop... Kris Phillips
04:01 AM Bug #15178: ACB (autoconfig backup) restore always returns could not decrypt despite proper password: Tested on 24.03, I'm getting a different error:
The following input errors were detected:
SHA256 values do ... Kris Phillips
02:30 AM Feature #15179: Pre-set “error” in “Advanced Log Filter” in Status / System Logs: Again one time to explain main idea:
*Just pre-set txt field, but not filtering automatically*
So Admin choose ... Sergei Shablovsky
02:24 AM Feature #15179: Pre-set “error” in “Advanced Log Filter” in Status / System Logs: This about “Message” Filter field in follow section:
System / General
System / Gateways
System / Routings
Sys... Sergei Shablovsky
02:00 AM Feature #15179 (Rejected): Pre-set “error” in “Advanced Log Filter” in Status / System Logs: Dear pfSense Team!
Generally and mostly System Logs section used by FW admins:
- on initial stage of pfSense impl... Sergei Shablovsky
01:12 AM Feature #11047: Add Encryption Password suggestions and Restriction: Sergei Shablovsky wrote in #note-3:
> Jim Pingle wrote in #note-2:
> > That is way too much text to add to the GUI.... Sergei Shablovsky

01/20/2024

10:34 PM Bug #15178 (Resolved): ACB (autoconfig backup) restore always returns could not decrypt despite proper password: ACB restore, using the proper password will permit viewing the encrypted and decrypted configuration, but either usin... Jordan G
09:27 PM Feature #14165: Option to allow the DNS Forwarder to ignore system DNS servers: option is added
2.8.0.a.20240119.0600 Alhusein Zawi
06:06 PM Feature #13340: Option to change QinQ ethertype to Service VLAN Tag: > We faced this issue in our recent 2.6 -> 2.7 upgrade and thank you for posting this! Saved our butts. Whats the mos... Grant Emsley
03:30 PM pfSense Packages Feature #15177 (New): Add an option to choose an interface that the Tailscale will use for connecting to the Login Server: Currently, it is not possible to specify the interface that the Tailscale service will use to connect to the Login Se... Danilo Zrenjanin
03:07 PM pfSense Packages Regression #14043 (Resolved): Netgate Firmware Upgrade fails to mount EFISYS: Tested the upgrade on 6100 from:... Danilo Zrenjanin
12:46 PM Bug #15171 (Resolved): Removing an IPsec Phase 1 entry can either remove the wrong Phase 2 entries or leave orphaned Phase 2 entries in the configuration: Tested the patch against:... Danilo Zrenjanin
07:45 AM pfSense Packages Bug #14566 (Confirmed): Softlflowd package don't send ICMP flows: I can confirm this behavior, package ver. v.1.2.6_1 tested on ... Lev Prokofev
03:44 AM Feature #855 (In Progress): Ability to selectively kill states on gateway recovery: Marcos M

01/19/2024

10:42 PM pfSense Plus Feature #15038: Operating System support for PF ``pflow`` packet data flow export: I forgot to include the module in the image in cross build. That's done now, so the next build will have it. Kristof Provost
04:12 PM pfSense Plus Feature #15038 (In Progress): Operating System support for PF ``pflow`` packet data flow export: On 24.03.a.20240117.0600 which should be after this was merged, @pflowctl@ complaints that @pflow.ko@ is not loaded, ... Jim Pingle
05:25 PM Bug #15176 (Feedback): Change Mobile IPsec RADIUS accounting to use ``accounting_requires_vip`` so accounting will not activate for non-mobile VPNs: Applied in changeset commit:7caf3483ce5ba971ecfe7c8d04fbbfe60f3fbca1. Jim Pingle
05:09 PM Bug #15176 (Resolved): Change Mobile IPsec RADIUS accounting to use ``accounting_requires_vip`` so accounting will not activate for non-mobile VPNs: At some point strongSwan's @eap-radius@ plugin gained a setting called @accounting_requires_vip@ which makes strongSw... Jim Pingle
05:14 PM Revision 7caf3483: Fix RA IPsec EAP-RADIUS accounting. Fixes #15176: Set the flag which only activates accounting for connections with VIPs
which will restrict accounting to only mobile ... Jim Pingle
02:46 PM Feature #11556: Kill states using the pre-NAT address: It is killing the LAN side but not the WAN side.
It was an ssh session on a rule with a schedule.
When the sche... Chris Linstruth
02:08 PM Feature #11556: Kill states using the pre-NAT address: Hi Chris,
It's not clear to me what the problem is in comment 9. Is that state not getting killed when you'd expec... Kristof Provost
11:11 AM Feature #855: Ability to selectively kill states on gateway recovery: it would be useful if vpn connections were also reconnected via the restored gateway
Alex Viper_Rus
10:41 AM Feature #855: Ability to selectively kill states on gateway recovery: it might be useful to implement the recover state killing in the gateway section too.
(@ "State Killing on Gateway Fa... Henniee Walterson
07:58 AM Bug #15171: Removing an IPsec Phase 1 entry can either remove the wrong Phase 2 entries or leave orphaned Phase 2 entries in the configuration: Jim Pingle wrote in #note-3:
> How are these entries being deleted exactly? Using the trash can at the end of a row,... Danilo Zrenjanin
02:53 AM pfSense Docs New Content #15175 (New): add explicit license to pfSense documentation: Previous documentation hosted on GitHub repo was under a CC non-commercial license.
Since transitioning to the new... Hayden Mills

01/18/2024

09:37 PM Bug #15156: Fragmented packets delayed by limiters are lost: While we're gathering things let's also dump the dummynet pipe information:... Kristof Provost
07:12 PM Bug #15156: Fragmented packets delayed by limiters are lost: I'm still rather unclear on why this happens, and why I cannot reproduce fragmentation issues with dummynet pipes loc... Kristof Provost
08:55 PM Bug #15171 (Feedback): Removing an IPsec Phase 1 entry can either remove the wrong Phase 2 entries or leave orphaned Phase 2 entries in the configuration: Applied in changeset commit:48aea6ee7e03b5b7f49dd143bd1993d33ba74f5b. Jim Pingle
07:45 PM Bug #15171 (In Progress): Removing an IPsec Phase 1 entry can either remove the wrong Phase 2 entries or leave orphaned Phase 2 entries in the configuration: I managed to reproduce a couple different issues here.
The original problem seems to be isolated to only the per-r... Jim Pingle
03:41 PM Bug #15171 (Incomplete): Removing an IPsec Phase 1 entry can either remove the wrong Phase 2 entries or leave orphaned Phase 2 entries in the configuration: How are these entries being deleted exactly? Using the trash can at the end of a row, or by checking the box(es) at t... Jim Pingle
11:57 AM Bug #15171: Removing an IPsec Phase 1 entry can either remove the wrong Phase 2 entries or leave orphaned Phase 2 entries in the configuration: The IPsec config before removing the second Phase 1. ... Danilo Zrenjanin
11:46 AM Bug #15171 (Confirmed): Removing an IPsec Phase 1 entry can either remove the wrong Phase 2 entries or leave orphaned Phase 2 entries in the configuration: Tested against:... Danilo Zrenjanin
08:45 PM Revision 48aea6ee: IPsec P1/P2 delete corrections. Fixes #15171: Jim Pingle
08:39 PM pfSense Plus Bug #15103: Netgate Crypto ID missing in 23.09.01 after fresh firmware: I thought I would mention, I also have this issue in 23.09.1 that I just did a reinstall on. 23.09.1 is running on a... Jeff Kuehl
08:15 PM Bug #5413: Reduce disruptions when changing DNS records from DHCP leases in Unbound: A question for you, Christian. Does the DHCP change to KEA's code mean this is no longer a problem? Or are the notifi... Dennis Adler
07:25 PM Feature #13894 (Feedback): Explicitly enable/disable DHCP Dynamic DNS updates in each scope: Applied in changeset commit:fb04e80e014e4759215384054497268944535001. Marcos M
07:19 PM Revision fb04e80e: Explicitly set ddns-updates. Fix #13894: Marcos M
07:05 PM Todo #15173 (Feedback): Add global option to set default PF State Policy (if-bound vs floating): Applied in changeset commit:7fedaae5775b9fb58dea7a71afce6d7c3ba062f9. Jim Pingle
05:21 PM Todo #15173: Add global option to set default PF State Policy (if-bound vs floating): MR: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/1123 Jim Pingle
05:18 PM Todo #15173 (Resolved): Add global option to set default PF State Policy (if-bound vs floating): PF now has an option to set the default state policy to either floating (the current PF and OS default) or interface-... Jim Pingle
06:56 PM Revision 7fedaae5: Add option to set State Policy. Implements #15173: Also changes default policy to if-bound. Jim Pingle
06:42 PM Bug #14290: ICMPv6 Path MTU Discovery breaks with NPT: We can work around the problem by having pf perform the packet-to-big check and generating the icmp6 too big error:
... Kristof Provost
06:27 PM Feature #15174 (New): missing ice driver (Intel E810 series NIC): As suggested by stephenw10 in the forum [1] to open a feature request, I ask you kindly to add support for the Inte... Adrian Zaugg
12:44 PM Bug #15145 (Resolved): Unable to perform Packet Captures on a tailscale interface in GUI with default settings: Tested the patch against:... Danilo Zrenjanin
01:47 AM pfSense Packages Bug #15172 (New): Tailscale interface goes down without reason: Tailscale on pfSense 2.7.2-RELEASE (tailscale package v0.1.4 [tailscale-1.54.0])
On a VM (Proxmox v8.x (lastest wi... Carlos Montalvo J.

01/17/2024

11:02 PM Bug #14619: Rule separators are ordered incorrectly after removing rules in certain positions: This fixed my issues
I made the config.xml file like this, they had issues in 23.05.01 I think they caused the r... Jonathan Lee
10:47 PM Bug #15171 (Resolved): Removing an IPsec Phase 1 entry can either remove the wrong Phase 2 entries or leave orphaned Phase 2 entries in the configuration: when deleting p1 entry in ipsec, p2 entries below some totally unrelated p1 entry also being deletet
see reports a... Roland Kletzing
09:02 PM pfSense Plus Todo #15164 (Feedback): Add ZFS Boot Environment list to status output: Added to Plus:
https://gitlab.netgate.com/pfSense/factory/-/commit/3a52d6afc43efcd2e4166a7b23fd15aba6a33dff
Jim Pingle
09:00 PM pfSense Plus Todo #15164 (In Progress): Add ZFS Boot Environment list to status output: Jim Pingle
07:35 PM pfSense Docs Todo #15161 (Closed): System --> Advanced --> Notifications --> Secure SMTP Connection: Notes should now match the observed behavior: https://gitlab.netgate.com/docs/pfSense-docs/-/commit/3d5864f74ae50cf13... Jim Pingle
06:26 PM pfSense Docs Todo #15161: System --> Advanced --> Notifications --> Secure SMTP Connection: Are you attempting to use authentication? It works here when I use authentication on port 587 or 25 and "Enable SMTP ... Jim Pingle
07:29 PM Bug #15156: Fragmented packets delayed by limiters are lost: testing session with client 17.01:
calls had a big chance of success without limiters enabled for the rule on ix0.12... Georgiy Tyutyunnik
06:26 PM Bug #8313 (Not a Bug): STARTTLS auto detection not working: This has apparently been fixed upstream, STARTTLS works automatically for me on port 25 and 587 with auth configured ... Jim Pingle
05:10 PM Bug #15162: Adding Wake-On-LAN entry from ARP table view can incorrectly include OEM text in MAC address field: Though installing nmap activates the OUI info in the field, the code to handle that is not in the nmap package, but i... Jim Pingle
05:08 PM Bug #15167 (Not a Bug): OpenVPN Server can provide duplicate IP addresses to clients with a Client Override, including the first usable IP in the Network.: That is part of how OpenVPN operates. Addresses assigned via overrides are not reserved/kept from being allocated. Jim Pingle
05:07 PM pfSense Plus Feature #15168 (Rejected): Tracker ID as a column: Each redmine must only be a single request.
There is already a way to make a user read-only, there is a "deny conf... Jim Pingle
05:03 PM Bug #15108 (Resolved): ``pfctl`` is unable to retrieve state creator list in certain circumstances: Given that we can't reproduce it there isn't a good way to verify the fix, so we can close this out for now. If we ge... Jim Pingle
05:00 PM Feature #855: Ability to selectively kill states on gateway recovery: would be a charm like this...
love my paint :-) Henniee Walterson
04:46 PM Feature #855 (Assigned): Ability to selectively kill states on gateway recovery: Marcos M
04:36 PM Bug #15157 (Incomplete): PHP error when generating a notification after detecting a malformed configuration: ... Jim Pingle
03:21 PM Regression #15170 (Resolved): webConfigurator IPv6 resolver syntax change: Fixed in commit:cb77811ae6aad6d69abefcdb61e84a16a2ff4178. Marcos M
02:29 PM Regression #15170 (Closed): webConfigurator IPv6 resolver syntax change: It looks like a webconfigurator line like this:... Chris Linstruth
03:20 PM Revision cb77811a: Add brackets to returned IPv6 nameservers. Fix #15170: Marcos M

Also available in: Atom

Project

General

Profile

pfSense

Activity

Activity

02/15/2024

02/14/2024

02/13/2024

02/12/2024

02/11/2024

02/10/2024

02/09/2024

02/08/2024

02/07/2024

02/06/2024

02/05/2024

02/04/2024

02/03/2024

02/02/2024

02/01/2024

01/31/2024

01/30/2024

01/29/2024

01/28/2024

01/27/2024

01/26/2024

01/25/2024

01/24/2024

01/23/2024

01/22/2024

01/21/2024

01/20/2024

01/19/2024

01/18/2024

01/17/2024