Activity

30 days up to

User

Subprojects

Activity

From 01/27/2024 to 02/25/2024

02/25/2024

09:24 PM Bug #15290 (Rejected): speedtest-cli returning 403 Forbidden: The speedtest-cli tool is currently returning 403 Forbidden for all queries for me. When it does work, it is often li... Alex Rosenberg
07:08 PM pfSense Packages Bug #15274: HAProxy Configuration Changes Require pfSense Reboot to Take Effect: Kris Phillips wrote in #note-2:
> Tested this on 23.09.1 with HAProxy 0.63_2. I'm not able to reproduce this. Chan... Zachary Cohen
03:37 AM pfSense Packages Bug #15274 (Incomplete): HAProxy Configuration Changes Require pfSense Reboot to Take Effect: Tested this on 23.09.1 with HAProxy 0.63_2. I'm not able to reproduce this. Changing any frontend or backend settin... Kris Phillips
09:57 AM Bug #15289: Dashboard show's some data twice every interval: Oh dear....
I just found out that this user's had their Chrome/Google browser and settings set to translate English ... Guido Glaus
09:38 AM Bug #15289: Dashboard show's some data twice every interval: See attached recording (same on 2.7.2) Guido Glaus
08:49 AM Bug #15289: Dashboard show's some data twice every interval: Hello Chris,
I added the time zone in case it is taken into account somewhere. Guido Glaus
03:31 AM Bug #15289: Dashboard show's some data twice every interval: Hello Guido,
So, to clarify, the time is first presented in English and then reloads shortly after in the localiza... Kris Phillips
04:01 AM pfSense Plus Feature #15284: Specify a Device parameter for Pushover Notifications: Or even better - just add an input field for *Custom Options* where the user can input _any_ of the optional paramete... Michael Klein
03:43 AM Bug #15282: Users with Deny Config Write privilege can trigger some VLAN interface operations: Tested this on 24.03 builds from Feb 23rd. Can confirm this issue is present. Kris Phillips
01:19 AM pfSense Packages Bug #15222: HTTP_Inspect Preprocessor Engine: wrong legend on parameters: This fix for this bug has been posted as part of this pull request: https://github.com/pfsense/FreeBSD-ports/pull/134... Bill Meeks
01:18 AM pfSense Packages Feature #15260: Snort IPS False Positives and Preprocessor Rules Misconfiguration: The fix for this feature request/bug fix has been posted as part of this pull request: https://github.com/pfsense/Fre... Bill Meeks
12:05 AM Todo #15265 (Resolved): Remove ``jquery-treegrid`` unit testing files: Files are removed on... Christopher Cope

02/24/2024

07:58 PM Bug #15289 (Not a Bug): Dashboard show's some data twice every interval: Connected trough a "slow" Anydesk connection to a pfsense 2.6 or 2.7.2 Router with timezone set to Europe/Zurich and ... Guido Glaus

02/23/2024

08:09 PM Bug #14290: ICMPv6 Path MTU Discovery breaks with NPT: May I ask if this is included in 24.03-DEVELOPMENT (amd64)? As I have tested again on the latest build 24.03.a.202402... John S
06:38 PM Regression #14970: Static ARP assignments lose ``permanent`` flag in ARP table: We pulled in a patch that might fix this. Check out the latest 24.03 development snapshots. Christian McDonald
06:22 PM Regression #14970: Static ARP assignments lose ``permanent`` flag in ARP table: Is there a workaround? Michele D'A.
05:24 PM pfSense Packages Bug #15008 (Resolved): SID MGMT list action to download a single conf file leads to a 502 Bad Gateway error: Jim Pingle
05:03 PM pfSense Packages Bug #15008: SID MGMT list action to download a single conf file leads to a 502 Bad Gateway error: This issue has been resolved. Please mark this issue RESOLVED.
Thanks, Bill Bill Meeks
04:25 PM Bug #15288 (Resolved): ``loader.conf`` may be missing ``loader_conf_files`` so ``loader.conf.lua`` may not be parsed: In some situations @/boot/loader.conf@ is missing the line which tells the loader to read @loader.conf.lua@:... Jim Pingle
03:27 PM pfSense Packages Bug #15048: Snort large memory consumption when updating: You state _"Snort since the last updates uses a lot of memory when updating..."_ . What updates specifically? Updates... Bill Meeks
09:29 AM Bug #15287 (New): hw.ix.unsupported_sfp=1 parameter for ix driver not working: When using ix driver with an Intel 82599ES chipset the driver seem not to support anymore the hw.ix.unsupported_sfp=1... Eric Chaubert

02/22/2024

11:05 PM Bug #15110: pfSense hangs when rebooting: Customer reported this issue utilizing a Dogfish 2242 M.2 SSD. Model SSDMCEAC060B3A. Customer ticket 2396258146. Kris Phillips
10:02 PM Bug #15165: Early boot hangs on pfSense CE: Make sense what u say.
I will try your steps, on which OS version are you running HyperV?
Thanks. Peter Moreno
09:20 PM Bug #15165: Early boot hangs on pfSense CE: I too have Hyper-V and have reoccurring boot hang issues.
Today, had a hang and went to boot, which froze. Turned... Terry Barnes
07:00 PM pfSense Docs Correction #15286 (Rejected): Wireguard Remote Access Config Recipe Typo: The split-tunnel configuration example here is incorrect:
https://docs.netgate.com/pfsense/en/latest/recipes/wiregua... Kris Phillips
05:54 PM Feature #14483: Conditionally reconfigure IPsec VTI interfaces only when necessary while applying IPsec changes: No time for this release, hopefully the next. Jim Pingle
05:53 PM Bug #15285 (Duplicate): Adding interfaces breaks FRR routing over IPsec: Pretty certain this is a duplicate of #14483 (or at least solving that would also solve this, or seems likely to) Jim Pingle
05:26 PM Bug #15285 (Duplicate): Adding interfaces breaks FRR routing over IPsec: When adding a new interface quite a few things happen which I believe are by design on pfSense but noticed something ... Mike Moore
01:44 PM Bug #14661 (Closed): ``dpinger`` can unintentionally choose an IPv6 VIP for a monitoring source: Jim Pingle
07:59 AM Bug #14661: ``dpinger`` can unintentionally choose an IPv6 VIP for a monitoring source: Seems to be resolved in 2.7.2 Hannes Scherbichler
03:14 AM pfSense Plus Feature #15284 (New): Specify a Device parameter for Pushover Notifications: Hello,
Can you please add the ability to specify a DEVICE parameter for Pushover notifications so that a notificat... Michael Klein
01:37 AM Feature #15283: MANUALS VIDGET in a Dashboard: Jim Pingle wrote in #note-1:
> There is already a help link to relevant documentation on every page.
>
> There is... Sergei Shablovsky
01:30 AM Feature #15283 (Rejected): MANUALS VIDGET in a Dashboard: There is already a help link to relevant documentation on every page.
There is already a notes widget if someone w... Jim Pingle
01:28 AM Feature #15283 (Rejected): MANUALS VIDGET in a Dashboard: Brilliant pfSense DevTeam!
Would be great to adding Dashboard “MANUALS” vidget that display a link (several links)... Sergei Shablovsky
01:34 AM pfSense Docs New Content #15278: Switch from IPv4 to IPv6 + Add IPv6 capability to exist IPv4-only configuration: Better FROM USER PERSPECTIVE no to surfing on hundreds of pages of whole Docs, but reading one document with step-by-... Sergei Shablovsky
01:32 AM pfSense Docs New Content #15278: Switch from IPv4 to IPv6 + Add IPv6 capability to exist IPv4-only configuration: Jim Pingle wrote in #note-1:
> We already add IPv6 content where we can over time, but the current state of ISPs/ser... Sergei Shablovsky

02/21/2024

11:48 PM Bug #15282 (Resolved): Users with Deny Config Write privilege can trigger some VLAN interface operations: A user with the Deny Connfig Write privilege set but access to the interfaces config pages can try to create VLANs an... Steve Wheeler
10:49 PM Bug #15110: pfSense hangs when rebooting: Another user having this issue on a 5100. 2396258146 Christopher Cope
09:09 PM Feature #14802: Re-enable multiqueue support for virtio NIC: The issue is discussed in this forum thread https://forum.netgate.com/topic/138174/pfsense-vtnet-lack-of-queues. Howe... Christopher de Haas
08:49 PM pfSense Packages Todo #15281 (Resolved): Upgrade Tailscale to 1.6.0: Plus 24.03 has tailscale-1.56.1 available in the Package Manager. Would be great to pull in 1.6.0 if possible. Chris W
08:11 PM pfSense Plus Feature #15280: Boot Environments 2.0: !clipboard-202402211511-mlhlp.png!
Christian McDonald
07:59 PM pfSense Plus Feature #15280 (Closed): Boot Environments 2.0: Changes:
* Configuration History is now a separate page and is no longer part of Backup & Restore.
* Configuratio... Christian McDonald
04:37 PM Bug #15171: Removing an IPsec Phase 1 entry can either remove the wrong Phase 2 entries or leave orphaned Phase 2 entries in the configuration: Reproduced the same issue in PLUS version 23.09.1 and the issue persisted.
Follow the video of the BUG simulatio... DBACORP DBACORP
03:48 PM pfSense Docs New Content #15278 (Rejected): Switch from IPv4 to IPv6 + Add IPv6 capability to exist IPv4-only configuration: We already add IPv6 content where we can over time, but the current state of ISPs/servers (especially in the US, wher... Jim Pingle
04:29 AM pfSense Docs New Content #15278 (Rejected): Switch from IPv4 to IPv6 + Add IPv6 capability to exist IPv4-only configuration: Dear Brilliant pfSense DevTeam!
REASON
- most of all network equipment (from home teapot and fridge to servers, r... Sergei Shablovsky
03:45 PM Feature #15276: Support JSON content for URL type firewall aliases: Not a bug, it's a feature request.
Not sure how viable it would be as there isn't really a standard for that and w... Jim Pingle
03:23 AM Feature #15276 (New): Support JSON content for URL type firewall aliases: Brilliant pfSense DevTeam!
WHERE
In Firewall / Aliases, URLs tab(selector)
CASE
JSON need to be allowed in “U... Sergei Shablovsky
03:43 PM Bug #15275 (Needs Patch): 56 GbE on Mellanox ConnectX-3 cards not functioning properly: That would be up to FreeBSD to add support for those cards/modes - If you try them on a stock FreeBSD 14 installation... Jim Pingle
03:34 PM Bug #15279 (Duplicate): When deleting phase 1 ipsec removes phase 2 of the other VPN's in the GUI and loses communication: Duplicate of #15171 Jim Pingle
03:31 PM Bug #15279 (Duplicate): When deleting phase 1 ipsec removes phase 2 of the other VPN's in the GUI and loses communication: Good morning,
Discovering a BUG in IPSEC version 23.09.1 and 23.09 in both AWS and AZURE in summer PLUS,... DBACORP DBACORP
01:55 PM pfSense Packages Feature #9141: FRR xmlrpc: No progress here obviously, just wanted to add that in the mean time I'm using a workaround: every time i change some... Adrian Dascalu
11:25 AM Regression #14078 (Confirmed): Traffic graph shows half actual throughput when switching back to the graph: We are waiting for the pull request:
https://redmine.pfsense.org/issues/14933 Danilo Zrenjanin
11:24 AM Bug #14933 (Confirmed): Traffic Graph widget displays bandwidth usage values which are half the actual usage amount: Danilo Zrenjanin
11:16 AM Bug #14933: Traffic Graph widget displays bandwidth usage values which are half the actual usage amount: I was able to replicate the issue using Safari on macOS.
Tests conducted against:... Danilo Zrenjanin
09:48 AM Feature #12564: add column to show that an Alias is in use by or not: khaled osama wrote:
> can you add column to show that an Alias is in used or not
> and it is clickable to show wher... Conny Molin
08:04 AM pfSense Plus Bug #14005: SFP Interfaces not available with Traffic Shaper in v23.01: It has been 7 months since the last reply. Is this problem to be looked at or not? At the moment I cannot use the tra... Brendon Flint
03:59 AM Todo #15277 (New): Allow mixed source (URL (IPs), URL Table (IPs), Host(s) and Network(s) IN OND ALIAS: Dear Brilliant pfSense DevTeam!
WHERE
in Firewall / Aliases
ARGUMENT
From firewall and user perspective ther... Sergei Shablovsky
03:28 AM Feature #15022: Allow overriding text scrolling during package install/uninstall: Yes, that way you can review what versions of package dependencies installed and or got adapted if something goes wro... Jonathan Lee
02:11 AM Feature #15022: Allow overriding text scrolling during package install/uninstall: Jonathan Lee wrote in #note-2:
> It will only allow you to look back one page after it completes the install. It is ... Christian McDonald

02/20/2024

11:49 PM Bug #15275 (Needs Patch): 56 GbE on Mellanox ConnectX-3 cards not functioning properly: x86 server, pfSense 2.7.2, Mellanox ConnectX-3 NIC
Connecting to Mellanox 6036G switch over original Mellanox DAC ... Piotr Oleszkiewicz
11:44 PM pfSense Packages Feature #12918: pfBlockerNG-devel changes from xmlrpc sync do not take effect immediately: did anyone figure out how to manually fix this my editing the code ? Israel Goldstein
09:54 PM pfSense Packages Bug #15274: HAProxy Configuration Changes Require pfSense Reboot to Take Effect: Zachary Cohen wrote:
> As originally reported here (https://forum.netgate.com/topic/172972/haproxy-config-changes-not... Zachary Cohen
09:51 PM pfSense Packages Bug #15274 (New): HAProxy Configuration Changes Require pfSense Reboot to Take Effect: As originally reported here (https://forum.netgate.com/topic/172972/haproxy-config-changes-not-loaded-pfsense-restart... Zachary Cohen
09:53 PM pfSense Packages Bug #15182: Changing backend port - status remains down: Potentially related to #15274 Zachary Cohen
09:01 PM pfSense Plus Bug #15196: AWS ena interfaces can become unstable/stop responding: User is reporting this issue manifests in relation to CPU spikes.
> Also I want to point that I have a procedure t... Craig Coonrad
07:47 PM Regression #14970: Static ARP assignments lose ``permanent`` flag in ARP table: It seems like an interim fix would be to build arp with "WITHOUT_NETLINK" defined. Denny Page
05:37 PM Regression #14970: Static ARP assignments lose ``permanent`` flag in ARP table: Looks like this might have gotten some attention upstream, will track.
https://reviews.freebsd.org/D43983 Christian McDonald
06:50 PM pfSense Plus Todo #15266: Prevent usage of the default password in User Manager accounts: Moving this so it only gets applied to Plus, since Plus is the only version for appliances where those restrictions h... Jim Pingle
03:03 PM Bug #15269 (Duplicate): DHCP static ARP entries are not static: Duplicate of #14970 Jim Pingle
02:56 PM Bug #15268 (Not a Bug): Network Prefix Translation (NPt) not properly translating the prefix for unsolicited inbound connections: You cannot map multiple internal prefixes to the same external prefix. As you see only the first one will work proper... Jim Pingle
02:53 PM Bug #15043 (Resolved): IGMP proxy works intermittently: Jim Pingle
01:12 PM Feature #15273 (New): Adding ICS Stork as service for BIND and KEA DHCP: Brilliant pfSense DevTeam!
Please add
ISC Stork for BIND and KEA services state monitoring
https://gitlab.isc.... Sergei Shablovsky
07:41 AM Todo #15271: Add information about group keys to Pushover notification settings: Better to USE THE SAME DEFINITION as in SaaS (Pushover) and certain section of pfSense settings that directly belongs... Sergei Shablovsky
07:06 AM Todo #15271: Add information about group keys to Pushover notification settings: Because the Pushover web interface not clear about that. Especially for newbies… Sergei Shablovsky
07:04 AM Todo #15271 (New): Add information about group keys to Pushover notification settings: Brilliant pfSense DevTeam!
Please Correct “User key” description in System/Advanced/Notification/Pushover
from... Sergei Shablovsky
07:41 AM pfSense Docs New Content #15272: Add information about Pushover group key behavior: Better to USE THE SAME DEFINITION as in SaaS (Pushover) and certain section of pfSense settings that directly belongs... Sergei Shablovsky
07:38 AM pfSense Docs New Content #15272: Add information about Pushover group key behavior: Because all 3 objects are different:
- Pushover account user;
- Applications;
- Delivery Groups;
And may be SEV... Sergei Shablovsky
07:35 AM pfSense Docs New Content #15272 (New): Add information about Pushover group key behavior: in Note
from
Using the Pushover API requires a Pushover account user key and API key (Pushover Registration).
... Sergei Shablovsky

02/19/2024

07:12 PM Bug #12673: Firewall Logs Dashboard Widget is slow and may fail to update: Doing so it pretty trivial. It requires almost no skill. (ask me how I know!).
Create github account.
Fork pfsense/... Steve Wheeler
06:51 PM Bug #12673: Firewall Logs Dashboard Widget is slow and may fail to update: My version of the log-widget is way faster (20 times!) than the actual version. With the same GUI and the same functi... Louis B
06:41 PM pfSense Packages Todo #15270 (Closed): ENUMER STUN: Hello,
Recently I reviewed my network activity and found lot of requests to the file http://enumer.org/public-stun... Oleg Khovayko
06:09 PM Feature #13468: FW-rule-groups, would be very, very helpfull: I discovered that interface groups, are IMHO not interface groups, but rule groups. However the GUI is not in line wi... Louis B
11:07 AM Bug #15269: DHCP static ARP entries are not static: On version 2.6.0 static arp mappings remain permanent. Michele D'A.
09:59 AM Bug #15269 (Duplicate): DHCP static ARP entries are not static: When I select the option in the DHCP server:
ARP Table Static Entry: Create an ARP Table Static Entry for this MAC... Michele D'A.

02/18/2024

11:57 PM Bug #14692: Mangled link-local addresses are being logged: Daryl Morse wrote:
> My system is logging discarded ping request messages from a link-local address, as is expected.... Daryl Morse
10:05 PM Feature #15022: Allow overriding text scrolling during package install/uninstall: It will only allow you to look back one page after it completes the install. It is like the scroll object repaints al... Jonathan Lee
07:19 PM Feature #15022: Allow overriding text scrolling during package install/uninstall: Hello Jonathan,
When the package finishes installing you should have no issues scrolling up. Let me know if this i... dylan mendez
03:34 PM pfSense Plus Feature #14976: Cleaner way to know if an interface failed: While out development team considers this, you can implement Remote Syslogs and filter all the logs through a third-p... dylan mendez
01:11 PM Bug #14996: Kea DHCP PHP error from WINS server value: Yep. I'll do it on Monday Christian McDonald
03:27 AM Bug #14996: Kea DHCP PHP error from WINS server value: Kris Phillips wrote in #note-3:
> Jared Hendrickson wrote in #note-2:
> > I opened a PR this morning that contains ... Kris Phillips
03:21 AM Bug #12764: VTI gateway status is pending after assigning the VTI interface: I can confirm this behavior. You can also simply restart the dpinger service to "kick" it out of this state.
VT... Kris Phillips
03:18 AM pfSense Docs New Content #15230 (Confirmed): Gateway status Pending: I can confirm this behavior. Typically restarting the dpinger service will correct this issue, but if you do a relea... Kris Phillips
03:12 AM pfSense Docs Todo #15267 (Rejected): Feedback on Releases — 2.7.2 New Features and Changes: The "New Features and Changes" document is for changes since the previous release, which is 2.7.1. The only change b... Kris Phillips
02:30 AM Bug #14991: Kea does not allow FQDNs for NTP servers but input validation does not prevent them from being added: Brilliant pfSense DevTeam!
Just confirm the same bug.
I reproduce the same environment and receive the same bug... Sergei Shablovsky
02:02 AM Bug #15012: NTP assigned to KEA DHCP Clients causes service to fail: Brilliant pfSense DevTeam!
Just confirm the same bug.
I reproduce the same environment and receive the same bug/beh... Sergei Shablovsky
12:16 AM Bug #15195 (Duplicate): PHP error if config contain <ppps></ppps> empty tag: https://redmine.pfsense.org/issues/14742 Christopher Cope

02/17/2024

11:58 PM Bug #15224 (Resolved): ``services_acb_settings.php`` does not fully validate value of ``frequency``, uses value without encoding: I can reproduce this on... Christopher Cope
10:56 PM Feature #15261: comcast DHCP issues: I have 4100 (ix) to Comcast cable modem. The only DHCP issue I encounter is if I move Comcast to another port. Comcas... Craig Coonrad
09:26 PM Bug #15268 (Not a Bug): Network Prefix Translation (NPt) not properly translating the prefix for unsolicited inbound connections: Unsolicited inbound traffic with the ISP prefix (external prefix) is always translated to the internal prefix specifi... machbot .
05:56 PM pfSense Docs Todo #15267 (Rejected): Feedback on Releases — 2.7.2 New Features and Changes: *Page:* https://docs.netgate.com/pfsense/en/latest/releases/2-7-2.html
*Feedback:*
I suggest the 2.7.2 release no... Steve Y
02:16 PM pfSense Plus Todo #15266: Prevent usage of the default password in User Manager accounts: Jim Pingle wrote in #note-2:
> Not only are there more and more stories about equipment being compromised due to def... Bill Meeks
02:15 PM Bug #15043: IGMP proxy works intermittently: This ticket can be closed and therefore included in the next release 2.8 or earlier (very important). Since the kerne... Martial G
01:14 AM Feature #15257 (Confirmed): Support using a mask to block MAC addresses in Captive Portal: I can duplicate this on 23.09.1. A MAC address block rule which includes a mask still allows authentication and then ... Chris W

02/16/2024

11:20 PM pfSense Plus Todo #15266: Prevent usage of the default password in User Manager accounts: Not only are there more and more stories about equipment being compromised due to default passwords and being wide op... Jim Pingle
10:22 PM pfSense Plus Todo #15266: Prevent usage of the default password in User Manager accounts: I would ask why make this change? I think the current warning is sufficient.
I would be okay with forcing a passwo... Bill Meeks
06:53 PM pfSense Plus Todo #15266 (Resolved): Prevent usage of the default password in User Manager accounts: Currently we detect in the GUI when the admin account is using the default password (@"pfsense"@) and print a warning... Jim Pingle
11:05 PM Bug #5849 (Closed): Routing fail on CARP IPsec: Closing this since it hasn't been reproduced and there have been many changes and fixes over the last 8 years in all ... Chris W
07:55 PM Bug #1819: DNS Resolver Not Registering DHCP Server Specified Domain Name: I'm a network engineer and I long ago gave up on trying to use the firewall for an authoritative DNS solution that do... Yousif Hassan
05:15 PM Todo #15265 (Feedback): Remove ``jquery-treegrid`` unit testing files: Applied in changeset commit:4e8f6cedd9c4b32b24ac3619f84e33a9a4708a29. Jim Pingle
05:07 PM Todo #15265 (Resolved): Remove ``jquery-treegrid`` unit testing files: We include the @jquery-treegrid@ library for use in the disks widget. That library includes unit testing files:
* ... Jim Pingle
05:07 PM Revision 4e8f6ced: Remove unnecessary treegrid files. Implements #15265: Jim Pingle
04:55 PM Bug #15264 (Feedback): ``crash_reporter.php`` displays PHP Error log without encoding: Applied in changeset commit:bde72e2d864ba57f2f14e0a4005104d942cdb11d. Jim Pingle
04:45 PM Bug #15264 (Resolved): ``crash_reporter.php`` displays PHP Error log without encoding: The section of @crash_reporter.php@ that displays the PHP error log is printing that log directly without encoding th... Jim Pingle
04:50 PM Bug #15263 (Feedback): PHP error display formatting issues: Applied in changeset commit:9d78a172ec6c9b959ac1f5b321637e5009320658. Jim Pingle
04:40 PM Bug #15263 (Resolved): PHP error display formatting issues: There are multiple issues with the formatting of PHP errors in the GUI, including:
* Error/stack trace is printed ... Jim Pingle
04:46 PM Revision bde72e2d: Encode PHP error log content before display. Fixes #15264: Jim Pingle
04:41 PM Revision 9d78a172: Correct PHP error display issues. Fixes #15263: Jim Pingle
02:32 PM Feature #15245 (Resolved): Show interface subnet details in a tooltip on the IPsec Phase 2 list: Jim Pingle
12:51 PM Feature #15245: Show interface subnet details in a tooltip on the IPsec Phase 2 list: tested, patch works correctly Georgiy Tyutyunnik
02:32 PM Feature #15234 (Resolved): Show details of system aliases in tooltip on firewall and NAT rule lists: Jim Pingle
02:12 PM Feature #15234: Show details of system aliases in tooltip on firewall and NAT rule lists: tested, patch works correctly Georgiy Tyutyunnik
11:20 AM Bug #13089 (Resolved): Some OpenVPN NetBIOS settings are kept even when NetBIOS is disabled: I was able to replicate the reported issue on the 23.09.1 pfSense Plus release.
After disabling NetBios, there we... Danilo Zrenjanin

02/15/2024

10:14 PM pfSense Docs Todo #15259: Feedback on pfSense® software Configuration Recipes — OpenVPN Site-to-Site Configuration Example with SSL/TLS: One strategy to consider - In the future I humbly suggest you state that "I close this report pending additional inf... Michael McNamara
07:33 PM pfSense Plus Bug #15262 (Confirmed): Captive Portal Has High CPU Interrupts With Large Number of Users: When 700+ Captive Portal users are in use, CPU interrupts will cause high load averages to occur. This can lead to c... Kris Phillips
07:01 PM pfSense Packages Feature #15260: Snort IPS False Positives and Preprocessor Rules Misconfiguration: Roberto@ IT and General wrote in #note-3:
> Hello Bill,
>
> The more general writeup about why rules are in specific... Bill Meeks
05:44 PM pfSense Packages Feature #15260: Snort IPS False Positives and Preprocessor Rules Misconfiguration: Hello Bill,
Thank you very much for your comment. I didn't perceive your message as an attempt to be argumentative... Roberto@ IT and General
03:02 PM pfSense Packages Feature #15260: Snort IPS False Positives and Preprocessor Rules Misconfiguration: I am the volunteer package maintainer for Snort on pfSense. The method you described above for removing rules (disabl... Bill Meeks
11:31 AM pfSense Packages Feature #15260: Snort IPS False Positives and Preprocessor Rules Misconfiguration: Above, there is a list of the preprocessor rules and decoder rules that should be enabled/disabled for each of the th... Roberto@ IT and General
11:15 AM pfSense Packages Feature #15260 (Resolved): Snort IPS False Positives and Preprocessor Rules Misconfiguration: Greetings to all from IT And General.
I would like to point out an issue that we are experiencing with the Snort p... Roberto@ IT and General
03:50 PM pfSense Packages Bug #15190 (Resolved): PHP error from RRD Graphs when resolution is null: It works fine on today's release:
I will close this ticket as resolved. Danilo Zrenjanin
01:09 PM Feature #15261 (Not a Bug): comcast DHCP issues: User reports issues with Comcast connection.
WANs intermittently stop from being able to communicate past the Comcas... Georgiy Tyutyunnik
11:17 AM Bug #15248 (Resolved): Removing a gateway group used as the default gateway results in no default route: Tested against:... Danilo Zrenjanin
10:40 AM Bug #15252 (Resolved): Egress states remain when killing states for scheduled rules: Tested against:... Danilo Zrenjanin
05:49 AM pfSense Plus Bug #14968: Google LDAP fail to bind: I suspect it is related to issue #15060, I didn't test with only one LDAP backend configured. Lev Prokofev

02/14/2024

10:37 PM pfSense Docs Todo #15259: Feedback on pfSense® software Configuration Recipes — OpenVPN Site-to-Site Configuration Example with SSL/TLS: Thanks for accepting my feedback on how I made your system work despite the documents leading me astray! Michael McNamara
10:24 PM pfSense Docs Todo #15259: Feedback on pfSense® software Configuration Recipes — OpenVPN Site-to-Site Configuration Example with SSL/TLS: I tested both Plus and CE. If it didn't work, you must have configured it improperly. Jim Pingle
10:23 PM pfSense Docs Todo #15259: Feedback on pfSense® software Configuration Recipes — OpenVPN Site-to-Site Configuration Example with SSL/TLS: I don't need assistance, instead I am reporting that it fails if I just follow the guidelines on the base page.
If... Michael McNamara
09:56 PM pfSense Docs Todo #15259 (Rejected): Feedback on pfSense® software Configuration Recipes — OpenVPN Site-to-Site Configuration Example with SSL/TLS: I'm not sure what you did wrong, but it is absolutely sufficient. I just re-tested that entire set of instructions in... Jim Pingle
09:41 PM pfSense Docs Todo #15259 (Rejected): Feedback on pfSense® software Configuration Recipes — OpenVPN Site-to-Site Configuration Example with SSL/TLS: *Page:* https://docs.netgate.com/pfsense/en/latest/recipes/openvpn-s2s-tls.html
*Text:*
Select the server insta... Michael McNamara
06:01 PM Todo #15258 (Resolved): Update Gandi LiveDNS service with API changes: In August 2023 Gandi changed how authentication works with their API. Now you need to use Personal Access Tokens and ... Matthew Drury
04:23 PM Feature #15257 (Resolved): Support using a mask to block MAC addresses in Captive Portal: Blocking a MAC address in pfSense when using a mask is not working. However, if you use the pass option and specify t... Gordon Bennett
04:16 PM Bug #14933: Traffic Graph widget displays bandwidth usage values which are half the actual usage amount: I can still reproduce this in 23.09.1 dylan mendez
04:12 PM Bug #15015: Static routes not working: The pictures are no longer there, can you please re upload. dylan mendez
08:54 AM pfSense Packages Bug #14409: pfBlockerNG Cron Redundantly Updates pfSense Configuration When DNSBL is Disabled Due to Faulty Virtual IP Count: > I've come up with a patch that sets @$vip_count@ to @0@ if DNSBL is disabled. This causes the Virtual IP counts to ... Sima Xi
05:41 AM Bug #15110: pfSense hangs when rebooting: Another one TAC ticket with the same issue
2336421939 aleksei prokofiev
05:41 AM Bug #15110: pfSense hangs when rebooting: same issue here. 6100, 23.09.1
onboard mmc died, added a WD SN520 NVME SSD.
same console output M O
01:44 AM Feature #12746: IPoE feature for WAN interface: As far as I know, a significant portion of the supply in the Japanese market is using IPoE mode, and currently, almos... Tianyi SUN

02/13/2024

04:33 PM Feature #10843: Allow user manager settings to specify multiple authentication servers: I've been thinking about this a bit lately since we've added something similar in the upcoming TNSR release.
Like ... Jim Pingle
04:16 PM Feature #10843: Allow user manager settings to specify multiple authentication servers: This feature should also include the ability to define specific failover behavior if the configured authentication se... Chris Linstruth
02:29 PM Bug #8087: Provide Calling-Station-ID to RADIUS backed VPN connections: Welp, even "my" last hack stopped working somewhere along the pfSense stable upgrade path, currently on "23.09.1-RELE... Brandon Verkada
01:49 PM Todo #15256 (Resolved): Upgrade Unbound to >= 1.19.1: Unbound 1.19.1 fixes two DoS/CPU exhaustion issues in DNSSEC validation:
https://nlnetlabs.nl/downloads/unbound/CV... Jim Pingle
12:02 PM Bug #14434: PPPoE WAN interface with VIPs causes continuous interface restarting: Steve Wheeler wrote in #note-4:
> Still present in 23.09.1
I can also confirm it is still present is the latest s... Adam French

02/12/2024

04:33 PM pfSense Docs Correction #15255 (Closed): New docs typo: Fixed, thanks!
https://gitlab.netgate.com/docs/pfSense-docs/-/commit/1a9cc91ad99c7e662d45ad85fc6a9ce324bde7bf Jim Pingle
04:18 PM pfSense Docs Correction #15255 (Closed): New docs typo: Typo in new docs (Gateway Settings):
http://stage-feature-mm-gateway_recovery.docs.netgate.com/pfsense/en/latest/rou... William Wrathbone
04:13 PM pfSense Docs Correction #15253 (Closed): New docs typo: Fixed and deployed last week: https://gitlab.netgate.com/docs/pfSense-docs/-/commit/2448141188ae72159faaac282a641c1f4... Jim Pingle
03:48 PM pfSense Docs Correction #15253 (Closed): New docs typo: Typo in new docs for gateway recovery:
http://stage-feature-mm-gateway_recovery.docs.netgate.com/pfsense/en/latest/r... William Wrathbone
04:13 PM pfSense Docs Correction #15254 (Closed): Docs typo: Fixed and deployed (along with some other typos):
https://gitlab.netgate.com/docs/pfSense-docs/-/commit/2dd28e37b2... Jim Pingle
03:49 PM pfSense Docs Correction #15254 (Closed): Docs typo: https://docs.netgate.com/pfsense/en/latest/multiwan/considerations.html
(probably should be "...to the DNS forwarder... William Wrathbone
02:32 PM pfSense Packages Bug #15190 (Feedback): PHP error from RRD Graphs when resolution is null: MR merged. Jim Pingle

02/08/2024

11:34 PM Bug #14386 (Feedback): ``openvpn.auth-user.php`` gets stuck at 100% CPU usage when RADIUS authentication times out: Should be fixed in https://github.com/pfsense/FreeBSD-ports/commit/c0a12f594ba2a873ffd5ec8974c5582e6283fbdf. The 0 by... Reid Linnemann
10:56 PM pfSense Packages Feature #15242: Optimize calls to write_config() function in Suricata GUI to prevent creation of unnecessary config.xml backups when possible: A pull request containing the fix for this issue has been posted to the RELENG_2_7_2 branch of FreeBSD-ports here: ht... Bill Meeks
10:55 PM pfSense Packages Bug #15241: Suricata Dashboard Widget needs the same fix applied as the ALERTS tab code from Redmine #14955.: A pull request containing the fix for this issue has been posted to the RELENG_2_7_2 branch of FreeBSD-ports here: ht... Bill Meeks
10:55 PM pfSense Packages Bug #15240: Suricata GeoIP2 database download and update broken due to recent change in MaxMind API: A pull request containing the fix for this issue has been posted to the RELENG_2_7_2 branch of FreeBSD-ports here: ht... Bill Meeks
10:30 PM pfSense Plus Bug #15246 (Not a Bug): Autofill services like password managers able to override blocked username field for admin user: We already include the tags to suppress them. Password manglers ignore them. Jim Pingle
09:49 PM pfSense Plus Bug #15246 (Not a Bug): Autofill services like password managers able to override blocked username field for admin user: Browsers with extensions like LastPass, BitWarden, etc. that automatically fill relevant fields are able to replace t... Kris Phillips
05:09 PM Feature #7943 (New): Overflow scrolling for top navigation drop-down menus in Fixed mode: The overflow scrolling inside the menu should only be enabled when the menu is fixed to the top of the window and rem... Jim Pingle
10:03 AM Bug #15096: Interface subnet aliases do not contain IPv6 VIPs: The reason it is not working anymore is this patch, so it looks counter-intuitive to me to open another redmine issue. Bob Dig
03:19 AM Feature #15244: Modern authentication via FIDO2 for local account authentication: Duplicate of https://redmine.pfsense.org/issues/14743 Kris Phillips

02/07/2024

08:49 PM Regression #14502: DHCPv6 Prefix Delegation (PD) not installing routes: The PD route is installed on 24.03 as well.
Regarding #note-11, that seems like a different root cause at least; I... Marcos M
08:45 PM Feature #15245 (Feedback): Show interface subnet details in a tooltip on the IPsec Phase 2 list: Applied in changeset commit:6030dd4570752752ffe3697ea263065b61acae76. Marcos M
06:50 PM Feature #15245 (Waiting on Merge): Show interface subnet details in a tooltip on the IPsec Phase 2 list: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/1135 Marcos M
06:46 PM Feature #15245 (Resolved): Show interface subnet details in a tooltip on the IPsec Phase 2 list: When <interface> subnet is selected for Phase 2 configs, show the subnet being used. Marcos M
08:36 PM pfSense Packages Todo #15119: Update nut-devel version and update startup script: Thank you Denny Page
06:54 PM pfSense Packages Todo #15119: Update nut-devel version and update startup script: The new version has been picked back to 2.7.2 and 23.09.1 - it should show up on the next build. Marcos M
08:32 PM Revision 6030dd45: Show interface subnet details for IPsec Phase 2. Implement #15245: While there, prevent interface subnet selections from
showing for the NAT/BINAT field. Marcos M
04:46 PM Feature #9536: Support dynamic prefix in DHCPv6 Server: Is this also similar to 5950? https://redmine.pfsense.org/issues/5950 Are there any plans or updates on this?
Part... Joshua Cooper
04:00 PM pfSense Packages Bug #15190: PHP error from RRD Graphs when resolution is null: Danilo Zrenjanin wrote in #note-8:
> I tested the patch against:
>
> [...]
>
> After clicking the "Update Grap... Christopher Cope
11:11 AM pfSense Packages Bug #15190: PHP error from RRD Graphs when resolution is null: I tested the patch against:... Danilo Zrenjanin
03:32 PM pfSense Plus Feature #14743: Add Passkey/Certificate-based Authentication: Kris Phillips wrote:
> pfSense Plus's webConfigurator is currently limited in authentication for local auth, requiri... Paul Smith
02:52 PM pfSense Docs New Content #15208 (Resolved): Document the new gateway recovery state killing feature: Added to 24.03 docs. Marcos M
02:50 PM Feature #15244 (New): Modern authentication via FIDO2 for local account authentication: Implementation of FIDO2 WebAuthN capabilities into RELENG_2_7_2.
*WHAT*
FIDO2 adds convenient phishing-resistant ... Paul Smith
12:58 PM Todo #15220 (Pull Request Review): Handle ``route-to`` and ``reply-to`` states when using the ``if-bound`` state policy: It seems the reply-to issue can only really be handled by using floating on the rule. This can be done on rule genera... Marcos M
08:45 AM pfSense Packages Feature #15243 (New): CARP causes tinc termination: Obviously, using CARP (rc.carpbackup from the logs) kills tinc on the router that CARP considers backup. However, thi... Michael Lipp

02/06/2024

11:24 PM pfSense Packages Bug #14855 (Resolved): suricata_Getdirsize issue after PHP 8: Jim Pingle
11:06 PM pfSense Packages Bug #14855: suricata_Getdirsize issue after PHP 8: This fix was merged into production on October 16, 2023, but apparently this ticket escaped being closed as a result.... Bill Meeks
11:13 PM pfSense Packages Feature #15242 (Resolved): Optimize calls to write_config() function in Suricata GUI to prevent creation of unnecessary config.xml backups when possible: Examine all calls to @write_config()@ function to see when it is appropriate to set @$backup@ parameter to @false@ to... Bill Meeks
11:09 PM pfSense Packages Bug #15241 (Resolved): Suricata Dashboard Widget needs the same fix applied as the ALERTS tab code from Redmine #14955.: The same bug exists in the Suricata Dashboard Widget code for converting log file timestamps into EventTime objects a... Bill Meeks
10:08 PM pfSense Packages Bug #15240 (Resolved): Suricata GeoIP2 database download and update broken due to recent change in MaxMind API: The MaxMind GeoIP2 geolocation database download/update procedure in the Suricata package was broken by a recent API ... Bill Meeks
07:05 PM pfSense Plus Feature #15239: Add to existing rule: Understood. Thanks for clarifying. Mike Moore
06:36 PM pfSense Plus Feature #15239 (Rejected): Add to existing rule: If the ports are together you can already use a range. If the ports are separate you have to use an alias. If the IP ... Jim Pingle
06:28 PM pfSense Plus Feature #15239 (Rejected): Add to existing rule: First i acknowledge that i do know i can create an alias and group IPs or Ports..
Feature: The ability to add to a... Mike Moore
06:43 PM pfSense Packages Bug #15190 (Feedback): PHP error from RRD Graphs when resolution is null: MR merged. Jim Pingle
04:51 PM pfSense Docs Todo #15235 (Rejected): Feedback on Troubleshooting — Troubleshooting OpenVPN Internal Routing (iroute): The instructions here are fine and there are no changes needed specific to 2.7.0 or later. If it does not work, you h... Jim Pingle
07:25 AM pfSense Docs Todo #15235 (Rejected): Feedback on Troubleshooting — Troubleshooting OpenVPN Internal Routing (iroute): *Page:* https://docs.netgate.com/pfsense/en/latest/troubleshooting/openvpn-iroute.html
*Feedback:* This page needs... Roland Giesler
04:39 PM pfSense Plus Bug #15196: AWS ena interfaces can become unstable/stop responding: Freeback from Amazon:... Kristof Provost
12:38 PM Bug #15211: tcpdump run with BIOS hardware clock set, but no on environment system time: Steve Wheeler wrote in #note-1:
> This should be an option when running the pcap.
Please argue.
All FreeBSD - ... Sergei Shablovsky
12:05 AM Feature #15234 (Feedback): Show details of system aliases in tooltip on firewall and NAT rule lists: Applied in changeset commit:a61d68dd271331b8671afed01c50fc028ba88027. Marcos M

02/05/2024

11:55 PM Feature #15234: Show details of system aliases in tooltip on firewall and NAT rule lists: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/1133 Marcos M
11:49 PM Feature #15234 (Resolved): Show details of system aliases in tooltip on firewall and NAT rule lists: Now that @<interface> net@ uses system aliases, it would be helpful to show its contents. Marcos M
11:54 PM Revision a61d68dd: Show system alias popups for rules. Implement #15234: Marcos M
08:26 PM Regression #14970 (New): Static ARP assignments lose ``permanent`` flag in ARP table: Jim Pingle
08:20 PM Bug #11539 (Rejected): Mobile IPsec ``split_include`` value of ``0.0.0.0/0`` causes some clients to fail: The original reporter(s) of this issue have long since disappeared and nobody else seems to be able to reproduce the ... Jim Pingle
08:17 PM Feature #746 (Duplicate): Add interface group to source/dest drop downs: Marcos M
08:07 PM pfSense Plus Todo #15164: Add ZFS Boot Environment list to status output: Updating subject for release notes. Jim Pingle
06:12 PM pfSense Plus Bug #15196: AWS ena interfaces can become unstable/stop responding: Hmmm 9272e45 committed Dec 28, 2023
ena: Change measurement unit of time since last tx cleanup to ms
This commit:
1.... Jim Thompson
04:15 PM Bug #15096 (Resolved): Interface subnet aliases do not contain IPv6 VIPs: This issue/fix is only related to the alias; if an IPv6 address does not get added to the interface, that would need ... Marcos M
01:23 PM Bug #15096 (New): Interface subnet aliases do not contain IPv6 VIPs: Jim Pingle
03:26 PM Bug #14386: ``openvpn.auth-user.php`` gets stuck at 100% CPU usage when RADIUS authentication times out: pfSense 2.7.2 and pfSense Plus 23.09.1 Orion Poplawski
03:12 PM Feature #15233 (Resolved): Recognize QAT 4xxx devices in System Information Widget: The QAT driver supports qat_4xxx devices but they are not shown as supported in the pfSense GUI.
Same as the last ... Steve Wheeler
02:47 PM Regression #15152 (Resolved): Systems with low RAM fail to upgrade to 24.03: Looks good in todays snapshot:... Steve Wheeler
02:10 PM pfSense Plus Feature #15232: Display proposed changes: Understood. Thanks for the quick response Jim.
Mike Moore
01:29 PM pfSense Plus Feature #15232 (Rejected): Display proposed changes: You can always view the config history, before or after applying, but trying to pick out which specific things in a s... Jim Pingle
02:31 AM pfSense Plus Feature #15232: Display proposed changes: In a way this should technically be possible as there is already a record of what’s changed AFTER it’s applied when y... Mike Moore
02:27 AM pfSense Plus Feature #15232 (Rejected): Display proposed changes: Display proposed changes prior to clicking apply.
Would be great to have multiple engineers (or a single one) make c... Mike Moore
01:38 PM pfSense Packages Bug #15190: PHP error from RRD Graphs when resolution is null: The change should be OK to test, though since this is a patch in the ports tree you'll need to copy paste the diff an... Jim Pingle

02/04/2024

10:48 PM Bug #15181: PHP error in ``interfaces_qinq_edit.php`` when creating a QinQ interface: Also, do you have any existing Interface Groups? dylan mendez
10:22 PM Bug #15181: PHP error in ``interfaces_qinq_edit.php`` when creating a QinQ interface: Does your NIC support QinQ?
dylan mendez
10:18 PM Bug #15181: PHP error in ``interfaces_qinq_edit.php`` when creating a QinQ interface: Tested in 2.7.0, 2.7.2 and 23.09.
I'm able to create QinQ interfaces without any issue. Both with and without the in... dylan mendez
06:50 PM pfSense Packages Todo #15119: Update nut-devel version and update startup script: ping Denny Page
03:44 AM pfSense Packages Bug #14913 (Resolved): [Security] Zabbix packages need updating bec. of recent critical security CVEs: Confirmed the patched packages are available in 23.09.1 and 24.03 of Plus. Kris Phillips
03:40 AM pfSense Packages Todo #15058 (Resolved): Remove Zabbix 4 Agent and Proxy: Checked in pfSense Plus 24.03. These packages are no longer present in the repos. Kris Phillips
03:37 AM pfSense Packages Bug #14805 (Incomplete): when I changed Endpoint ip via webgui, but wiregaurd still using old ip ruuning.: I'm also unable to reproduce this issue.
As Danilo stated, please provide exact reproduction steps.
Marking... Kris Phillips
03:36 AM Bug #15194: PHP Fatal error in easyrule CLI: David Johnston wrote in #note-2:
> To clarify, I ran easyrule as a regular user, and the account didn't have permiss... Kris Phillips
03:32 AM Bug #12942: Code to kill states for old gateway when reconnecting an interface is incorrect: Tested bringing up and down a second gateway with state killing enabled on lower priority gateways and state killing ... Kris Phillips
03:21 AM Bug #15178: ACB (autoconfig backup) restore always returns could not decrypt despite proper password: Re-tested this with a factory defaulted 24.03 box, manually configured ACB, and then re-tested. I can still produce,... Kris Phillips
03:18 AM Feature #13256 (Resolved): Better handling of duplicate IP addresses in static DHCP assignments: the warning is added .
2.8.0.a.20240126.0600 Alhusein Zawi
03:04 AM Feature #14165 (Resolved): Option to allow the DNS Forwarder to ignore system DNS servers: Alhusein Zawi
03:02 AM Feature #15183 (Resolved): Add per-rule option to set PF State Policy (if-bound vs floating): Alhusein Zawi
12:00 AM pfSense Packages Bug #15190: PHP error from RRD Graphs when resolution is null: Updated pull request with changes. Christopher Cope

02/03/2024

07:57 PM Bug #11192: Using Limiters causes out of order packets within one TCP or UDP flow: I also have tried FIFO + taildrop on the LAN up+down and fq_codel + tildrop WAN up+down, and it seemed to stabilize U... P L
07:47 PM Bug #11192: Using Limiters causes out of order packets within one TCP or UDP flow: Recently I switched to the wpa_supplicant bypass method in pfSense and was still getting out of order packet issues u... P L
06:50 PM pfSense Docs New Content #15230 (Confirmed): Gateway status Pending: https://docs.netgate.com/pfsense/en/latest/monitoring/status/gateways.html#gateways-tab
Sometimes, the status of t... Danilo Zrenjanin
12:15 PM Bug #15096: Interface subnet aliases do not contain IPv6 VIPs: Turns out the patch is only working momentarily. It will prevent you from enabling IPv6 GUA (tested via Track Interfa... Bob Dig
09:20 AM Bug #15178: ACB (autoconfig backup) restore always returns could not decrypt despite proper password: I am not able to replicate it on 24.04-DEV, but I have seen it on SC in ticket #2322652504 (23.09.1). After manual co... Lev Prokofev
08:45 AM pfSense Packages Bug #15190: PHP error from RRD Graphs when resolution is null: I'll wait for Jim's advise to be considered before testing the patch. Danilo Zrenjanin
08:17 AM pfSense Packages Bug #15190: PHP error from RRD Graphs when resolution is null: I can reproduce the issue on the:... Danilo Zrenjanin
08:00 AM Bug #15195: PHP error if config contain <ppps></ppps> empty tag: Yeah I found that config was <version>15.5</version> (seems 2.3.2 software) Lev Prokofev
07:50 AM pfSense Packages Bug #15229 (Resolved): ACME DNS-Selfhost verification issues: When using Selfhost.de DNS verification and entering the requested information the renewal is not working.
To make i... STefan Graf
02:47 AM Bug #14386: ``openvpn.auth-user.php`` gets stuck at 100% CPU usage when RADIUS authentication times out: What version(s) are you currently running and encountering this? Perhaps a test build of fcgicli would be appropriate. Reid Linnemann
12:06 AM Bug #14386: ``openvpn.auth-user.php`` gets stuck at 100% CPU usage when RADIUS authentication times out: I don't have a test instance at the moment, but I've thought about spinning one up for quite a while. I'll see what ... Orion Poplawski
01:26 AM Bug #15225 (Resolved): Killing states on downed gateways breaks for static interface configurations: I can reproduce it here by disconnecting the VM link on the host side using ESXi 7. The patch resolves the issue in t... Marcos M
12:51 AM Bug #15228: User manger fails to display certificate option for a new user in case of input error: See: https://forum.netgate.com/topic/185928/user-manager-fails-to-add-cert-if-passwords-do-not-match Steve Wheeler
12:50 AM Bug #15228 (Confirmed): User manger fails to display certificate option for a new user in case of input error: When creating a new user in the user manager the option to add a user cert for the user is hidden if an error is made... Steve Wheeler

02/02/2024

11:59 PM Bug #14386: ``openvpn.auth-user.php`` gets stuck at 100% CPU usage when RADIUS authentication times out: Since fcgicli is continually calling recv() for 8 bytes, I think it's stuck in its read_packet loop. The socket's bee... Reid Linnemann
08:42 PM Revision cf612ab9: Add the pfSense CE platform addtional meta package to the build list.: (cherry picked from commit a5b49a4e4a10ed054c8a9aa6c458b70a4498ced9) Luiz Souza
08:41 PM Revision 8012c1bf: Add the pfSense CE platform addtional meta package to the build list.: (cherry picked from commit a5b49a4e4a10ed054c8a9aa6c458b70a4498ced9) Luiz Souza
08:27 PM Todo #15188: Remove deprecated OpenVPN hardware crypto engine option: Also removed from docs: https://gitlab.netgate.com/docs/pfSense-docs/-/commit/4d709070146c99553edb01b372ed784150227d82 Jim Pingle
08:23 PM Bug #15225: Killing states on downed gateways breaks for static interface configurations: I couldn't find a way to make the statically defined gateway in the pending status.
I tried:
On a physical app... Danilo Zrenjanin
07:05 PM pfSense Docs New Content #15191: Document new Packet Flow Data functionality (Plus Only): A few edits after feedback from Kristof:
https://gitlab.netgate.com/docs/pfSense-docs/-/commit/50fc3a422fc37e88282... Jim Pingle
05:06 PM Bug #15156 (Feedback): Fragmented packets delayed by limiters are lost: Kristof Provost
05:06 PM Bug #15156: Fragmented packets delayed by limiters are lost: I've pushed the fix upstream and cherry-picked it to our branches. The next snapshot build will have it. Kristof Provost
03:49 PM Bug #15226 (Duplicate): Tables for mixed aliases lists occasionally do not contain all records from the alias list.: This is almost surely caused by either of the following:
* https://redmine.pfsense.org/issues/13792
* https://redmi... Marcos M
10:31 AM Bug #15226 (Duplicate): Tables for mixed aliases lists occasionally do not contain all records from the alias list.: Tested on the client machine with 23.09.1 installed, the ticket for reference #2297130372
target IP 82.xx.xx.137... Lev Prokofev
03:20 PM pfSense Packages Bug #14556: Tailscale dropping routes from FIB: Another user has a very similar issue. Chris Linstruth
03:15 PM pfSense Packages Feature #15227 (New): [Freeradius - 0.15.10_1] Enable Pagination on the user section for the Freeradius package: Hi,
I've created 15000 users in the /cf/conf/config.xml and this is working fine.
However the cheer amount of... robert morann
08:00 AM Bug #15122 (Resolved): PHP errors in LDAP server prevent it from falling back to Local Database: I didn't experience any issues after applying the patch, and I was unable to reproduce the PHP error regardless of th... Danilo Zrenjanin

02/01/2024

10:14 PM Bug #14854: Packets are passed through dummynet twice when using ``route-to`` leading to half the expected bandwidth: I wouldn't say it's incorrect setup, using limiters on multi-wan setup has been working on pfSense for over 8 years. ... Jose Duarte
08:49 PM Bug #14537: Nat Reflection changed behavior on pfsense 2.7: FWIW I've tested this setup in 24.03 and it works fine there. Marcos M
07:04 PM Bug #15223 (Resolved): Killing states on downed gateways breaks when ``Skip rules when gateway is down`` is enabled: I am closing this case as resolved. Danilo Zrenjanin
06:51 PM Bug #15223: Killing states on downed gateways breaks when ``Skip rules when gateway is down`` is enabled: I couldn't replicate the issue on the:... Danilo Zrenjanin
03:17 PM Bug #15223: Killing states on downed gateways breaks when ``Skip rules when gateway is down`` is enabled: The patch only applies to 24.03 since it's dependent on other changes in dev snapshots. Marcos M
03:02 PM Bug #15223: Killing states on downed gateways breaks when ``Skip rules when gateway is down`` is enabled: I was able to replicate the initial behavior as explained here.
After applying the patch, the PHP error below app... Danilo Zrenjanin
01:51 AM Bug #15223 (Feedback): Killing states on downed gateways breaks when ``Skip rules when gateway is down`` is enabled: Applied in commit:ba90ace48a47086b8db5423f369f1857cf8df34c. Marcos M
01:23 AM Bug #15223 (Waiting on Merge): Killing states on downed gateways breaks when ``Skip rules when gateway is down`` is enabled: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/1131 Marcos M
01:17 AM Bug #15223 (Resolved): Killing states on downed gateways breaks when ``Skip rules when gateway is down`` is enabled: If the following options are set, states remain on offline gateways which prevents connections from failing over.
* ... Marcos M
06:05 PM Bug #15225 (Feedback): Killing states on downed gateways breaks for static interface configurations: Applied in changeset commit:8faff1900a29feb8e7c192591ce932f8bd4a62aa. Marcos M
05:37 PM Bug #15225 (Waiting on Merge): Killing states on downed gateways breaks for static interface configurations: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/1132 Marcos M
05:32 PM Bug #15225 (Resolved): Killing states on downed gateways breaks for static interface configurations: An interface with a static configuration can have a pending gateway status. In this scenario, killing states for down... Marcos M
05:34 PM Revision 8faff190: Check static intefaces with a pending gateway. Fix #15225: Interfaces with a static configuration may have a pending gateway
status when killing states for downed interfaces. Marcos M
05:25 PM Bug #15224 (Feedback): ``services_acb_settings.php`` does not fully validate value of ``frequency``, uses value without encoding: Applied in changeset commit:6f59a7f9fdfe3703667819fcbbd8b6f8cbec0d9f. Jim Pingle
04:12 PM Bug #15224 (Resolved): ``services_acb_settings.php`` does not fully validate value of ``frequency``, uses value without encoding: The value supplied by the user for the @frequency@ parameter on @services_acb_settings.php@ is not fully validated, i... Jim Pingle
04:51 PM Regression #15152: Systems with low RAM fail to upgrade to 24.03: The most recent src merge (done yesterday) includes this commit:... Kristof Provost
04:23 PM Feature #2676 (New): Reply-to option in firewall rule: There are some scenarios where it would be nice to have the ability to force @reply-to@ to use a specific value and n... Jim Pingle
01:44 AM Feature #2676 (Rejected): Reply-to option in firewall rule: From what I can tell, the referenced scenarios would be solved by adding a gateway to the interface. This is the curr... Marcos M
04:12 PM Revision 6f59a7f9: ACB: Validate+encode frequency value. Fixes #15224: Jim Pingle
02:51 AM Bug #15194: PHP Fatal error in easyrule CLI: To clarify, I ran easyrule as a regular user, and the account didn't have permissions to write to the backup cache. David Johnston
01:22 AM Revision ba90ace4: Process downed gateways when killing states. Fix #15223: By the time filter_delete_states_for_down_gateways() is called,
filter_generate_gateways() has already removed downed... Marcos M

01/31/2024

10:44 PM Bug #12401: Traffic graphs with untagged and tagged VLAN on same interface: Also seeing this on pfSense CE 2.7.2. See https://forum.netgate.com/topic/185889/vlan-traffic-showing-up-on-the-wron... Bill Somerville
09:21 PM pfSense Packages Bug #15222 (Resolved): HTTP_Inspect Preprocessor Engine: wrong legend on parameters: Server Flow Depth has the following legend:
@Amount of HTTP server response payload to inspect. Minimum is -1 and ... Ronald Antony
08:57 PM Regression #15197 (Resolved): Outbound NAT rules using an alias without a matching address family create unexpected PF rules: Marcos M
12:44 PM Regression #15197: Outbound NAT rules using an alias without a matching address family create unexpected PF rules: tested and reproduced on:
Version 24.03-DEVELOPMENT (amd64)
built on Tue Jan 23 6:00:00 UTC 2024
FreeBSD 15.0-CURR... Georgiy Tyutyunnik
08:50 PM Bug #15156: Fragmented packets delayed by limiters are lost: Okay, that's useful.
The main point we get from this is that the second time we see the trailing fragment (and don't... Kristof Provost
04:18 PM Bug #15156: Fragmented packets delayed by limiters are lost: adding results for dtraces from today's testing.
it fails with limiter and works without it this time, with ability ... Georgiy Tyutyunnik
07:43 PM Feature #15221 (Pull Request Review): Make System Tunables table sortable: On the System > Advanced page's System Tunables tab, it's really hard to
a) find/check values, since they are in no... Ronald Antony
06:57 PM Feature #8698: LDAP authenticated users should be able to log in via ssh: I'm having the same issue that Max Leighton had previously about 3 years ago
I'm also able to login via webGUI wit... Tai Join
05:25 PM pfSense Plus Bug #15196: AWS ena interfaces can become unstable/stop responding: Closed/Fixed FreeBSD bug that appears similar.... Craig Coonrad
04:46 PM Revision 42267161: Don't check empty arrays: min() requires at least one element in the array Marcos M
08:51 AM Revision bedd340c: Remove failover states using only the gateway label: Interfaces were previously specified since the inbound state needs to
be killed (due to route-to) for the connection ... Marcos M
01:27 AM Feature #855 (Needs Patch): Ability to selectively kill states on gateway recovery: Marcos M

01/30/2024

10:45 PM Todo #15220 (In Progress): Handle ``route-to`` and ``reply-to`` states when using the ``if-bound`` state policy: The route-to issue has been addressed "upstream":https://reviews.freebsd.org/D43589 Marcos M
10:44 PM Todo #15220 (Resolved): Handle ``route-to`` and ``reply-to`` states when using the ``if-bound`` state policy: With the re-introduction of @if-bound@ as the default PF state policy, services on the firewall (which do not automat... Marcos M
10:18 PM Revision a5b49a4e: Add the pfSense CE platform addtional meta package to the build list.: Luiz Souza
09:11 PM pfSense Docs New Content #15191 (Feedback): Document new Packet Flow Data functionality (Plus Only): First draft committed:
https://gitlab.netgate.com/docs/pfSense-docs/-/commit/8e4a9a5558959c27ae63231ccee6bceca5bec81... Jim Pingle
05:08 PM pfSense Docs New Content #15191 (In Progress): Document new Packet Flow Data functionality (Plus Only): Jim Pingle
09:03 PM Revision 43b129c7: Update gateway recovery text: Marcos M
07:03 PM Todo #15219 (Rejected): please upgrade to FRR 9.1: It's already in the dev repos/snapshots, unlikely to be backported. Jim Pingle
07:02 PM Todo #15219 (Rejected): please upgrade to FRR 9.1: Because the current version of pfsense frr 9.0 will cause problems with LAN to WAN routing, I want to upgrade to th... yon Liu
07:01 PM pfSense Packages Feature #15218 (New): Allow manual ordering of generated rules: Under Firewall > pfBlockerNG in the IP tab's IP Interface/Rules Configuration section, there's the "Firewall 'Auto' R... Ronald Antony
05:07 PM pfSense Docs New Content #15193 (Closed): Add documentation for new State Policy options: Information added and deployed (put in live docs since we may be pushing out the relevant patch via system patches so... Jim Pingle
04:38 PM Feature #15217 (New): Log command being run in Diagnostics > Command Prompt: I do not see that the commands being run in Diagnostics > Command Prompt are being logged to the system log.
This ... Chris Linstruth
03:47 PM Bug #15216 (New): captive portal zone name conflicts with existing interface name: Customer reports intermittent issues with captive portal on HA cluster.
Connectivity between nodes in this VLAN inte... Georgiy Tyutyunnik
01:52 PM Bug #15211: tcpdump run with BIOS hardware clock set, but no on environment system time: This should be an option when running the pcap. Steve Wheeler
03:44 AM pfSense Plus Bug #15196 (Confirmed): AWS ena interfaces can become unstable/stop responding: Confirmed. ... Craig Coonrad
03:12 AM pfSense Packages Todo #15119: Update nut-devel version and update startup script: I do not understand. We're just updating the git commit level for upstream, which was been done by Jim 27 days ago. A... Denny Page
12:02 AM pfSense Packages Todo #15119: Update nut-devel version and update startup script: I haven't gone through the commit history to see what fixed the build in dev. Assuming there were some previously mis... Marcos M

01/29/2024

10:03 PM Bug #14386: ``openvpn.auth-user.php`` gets stuck at 100% CPU usage when RADIUS authentication times out: Okay, I have that applied and working now. And I don't seem to see a runaway with a simple auth failure. We'll see ... Orion Poplawski
09:15 PM Bug #14386: ``openvpn.auth-user.php`` gets stuck at 100% CPU usage when RADIUS authentication times out: I updated the patch which should deal with the auth failure. Marcos M
08:52 PM Bug #14386: ``openvpn.auth-user.php`` gets stuck at 100% CPU usage when RADIUS authentication times out: As I noted, patching ovpn_auth_verify_async gave me auth failures. I could try it again an see if that is still the ... Orion Poplawski
06:06 PM Bug #14386: ``openvpn.auth-user.php`` gets stuck at 100% CPU usage when RADIUS authentication times out: Orion Poplawski wrote in #note-13:
> FWIW - still present in 2.7.2 and 23.09.1.
Does the patch from #note-11 work ar... Marcos M
08:11 PM pfSense Packages Todo #15119: Update nut-devel version and update startup script: Ping Denny Page
06:09 PM pfSense Docs Todo #15215 (Resolved): Point the main gateways page to the general gateways doc: Change merged. Marcos M
05:47 PM pfSense Docs Todo #15215 (Resolved): Point the main gateways page to the general gateways doc: System > Routing > Gateways currently points to the individual gateway settings page - it should point to the general... Marcos M
05:50 PM Feature #15207: DynDNS - Missing update KEY: Jim Pingle wrote in #note-9:
> OK so all of that still points toward it needing a new client entry created so it nee... Matt Keys
04:37 PM Feature #15207: DynDNS - Missing update KEY: OK so all of that still points toward it needing a new client entry created so it needs to be treated as such. Please... Jim Pingle
04:20 PM Feature #15207: DynDNS - Missing update KEY: They have not shut down username password auth as mine is still operating. They have just added key auth. The reason ... Matt Keys
03:58 PM Feature #15207: DynDNS - Missing update KEY: Matt Keys wrote in #note-6:
> If I'm not mistaken it is the same service, just under a different domain name. Dyn wa... Jim Pingle
03:44 PM Feature #15207: DynDNS - Missing update KEY: Hi Jim,
If I'm not mistaken it is the same service, just under a different domain name. Dyn was acquired by Oracle... Matt Keys
03:05 PM Feature #15207: DynDNS - Missing update KEY: It wasn't clear except for one tiny spot on one screenshot that you meant "dyn.com", "DynDNS" is a generic term and w... Jim Pingle
02:55 PM Feature #15207: DynDNS - Missing update KEY: Dyn Update clients - https://help.dyn.com/update-clients/
Dyn.com portal https://account.dyn.com/
Matt Keys
02:51 PM Feature #15207: DynDNS - Missing update KEY: Jim Pingle wrote in #note-2:
> Whatever service that is, it would need to be added as a supported provider and not b... Matt Keys
02:18 PM Feature #15207 (Incomplete): DynDNS - Missing update KEY: Whatever service that is, it would need to be added as a supported provider and not be handled via the custom option.... Jim Pingle
05:35 PM Bug #15214 (Resolved): Advanced rule options tooltip does not show negated Tag option: Marcos M
05:25 PM Bug #15214 (Waiting on Merge): Advanced rule options tooltip does not show negated Tag option: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/1128 Marcos M
05:21 PM Bug #15214 (Resolved): Advanced rule options tooltip does not show negated Tag option: When hovering over the advanced options icon for a firewall rule, the popup shows @tagged <tag>@ even when the tag is... Marcos M
05:30 PM Revision 4e569a40: Show negate option in popup for advanced rule options. Fix #15214: While there, reoder the tag text to read closr to
how rules are processed. Marcos M
05:28 PM Revision 6727d199: Revert "Show negate option in popup for advanced rule options. Fix #15214": This reverts commit e933a0230e366faa772686447b530a145af06acf. Marcos M
05:24 PM Revision e933a023: Show negate option in popup for advanced rule options. Fix #15214: While there, reoder the tag text to read closr to
how rules are processed. Marcos M
04:54 PM Feature #15213 (New): Dyn.com / dyndns - Update client auth mechanism update: Dyn.com Dynamic DNS service is missing key authentication mechanisms currently.
I am following the request for new... Matt Keys
04:42 PM Regression #15051: Host(s) Aliases using Domains fail to resolve: Steve Wheeler wrote in #note-7:
> Unable to replicate that in 23.09.1:
Thank you Steve, I have reinstalled 23.09.... John Smith
03:22 PM Regression #15051 (Not a Bug): Host(s) Aliases using Domains fail to resolve: Unable to replicate that in 23.09.1:... Steve Wheeler
04:33 PM Bootstrap Bug #5274: services_dyndns_edit.php existing password is not loaded/saved when editing: Steve Russell wrote in #note-7:
> Ugh, yes, you are correct Jim, thanks! Password manager was autofilling the passw... Jim Pingle
04:15 PM Bootstrap Bug #5274: services_dyndns_edit.php existing password is not loaded/saved when editing: Ugh, yes, you are correct Jim, thanks! Password manager was autofilling the password field with who knows what.
S... Steve Russell
02:31 PM Bootstrap Bug #5274: services_dyndns_edit.php existing password is not loaded/saved when editing: Steve Russell wrote in #note-5:
> Not sure if this should be a separate bug now, or when this came back, but this is... Jim Pingle
02:26 PM Bootstrap Bug #5274: services_dyndns_edit.php existing password is not loaded/saved when editing: Not sure if this should be a separate bug now, or when this came back, but this issue is present in 2.60 and 2.72. Steve Russell
04:09 PM pfSense Docs Todo #15212 (New): Feedback on pfSense® software Configuration Recipes — WireGuard Remote Access VPN Configuration Example: *Page:* https://docs.netgate.com/pfsense/en/latest/recipes/wireguard-ra.html
*Feedback:*
See this discussion ab... Jim Kleckner
02:37 PM Bug #15210: Firewall Rules not deleting: I applied the rules after removing it. You can see in my screenshot, I even added a new rule to block port 80, to cou... Ricaardo Garcia
02:27 PM Bug #15210 (Not a Bug): Firewall Rules not deleting: You are either not applying the rules after editing or something is preventing the filter reload from completing whic... Jim Pingle
02:26 PM Feature #15209: Option to specify custom user home directory paths: There may be reasons to move it on some systems but this is meant to be a firewall appliance, not a general-purpose m... Jim Pingle
02:21 PM Feature #7943: Overflow scrolling for top navigation drop-down menus in Fixed mode: Updating subject for release notes. Jim Pingle
02:16 PM Todo #15188 (Resolved): Remove deprecated OpenVPN hardware crypto engine option: Jim Pingle
02:16 PM pfSense Plus Bug #15205 (Not a Bug): Changing a WAN type interface from DHCP to static IPv4 address causes WAN to appear in DHCP server configuration: This is normal and expected. Any static interface with a sufficient size subnet will appear in the DHCP server as an ... Jim Pingle
02:14 PM Feature #15203: Option to allow customized user home directory permissions to be preserved: The way the users are currently synchronized this type of action is made to ensure consistently and that the accounts... Jim Pingle
02:11 PM pfSense Packages Feature #15199 (Rejected): Unable to add user defined options to /etc/ssh/sshd_config due to its dynamic nature and no UI to add additional configuration options: The @sshd_extra@ file method is there for customizing directives. It was added for the sshdcond package but that pack... Jim Pingle
02:03 PM Feature #15201 (Rejected): Unified mechanism for update notifications: All things that have come up before and are either already part of longer term plans or decided against. Jim Pingle
02:03 PM pfSense Docs New Content #15200 (Rejected): usermanager privileges have ZERO documentation on the "User - System: Copy files to home directory (chrooted scp)" privileges setting/setup: That's a deliberate choice. The firewall is not meant to be a general-purpose file server with access handed out free... Jim Pingle
02:00 PM pfSense Packages Feature #15198 (Rejected): System_Patches package should advertize on the dashboard, or send notifications, if there are recommended patches available: This has been asked and answered before, tl;dr: Not going to happen. New patches come with new versions of the packag... Jim Pingle
11:58 AM Bug #15211 (Closed): tcpdump run with BIOS hardware clock set, but no on environment system time: Brilliant pfSense Stuff!
*Please fix* :
tcpdump could be run with TZ (Time Zone) set in the whole system environ... Sergei Shablovsky

01/28/2024

09:09 PM Regression #15051: Host(s) Aliases using Domains fail to resolve: Marcos M wrote in #note-5:
> It may be best to troubleshoot/discuss further on the forums to narrow down the issue g... John Smith
09:01 PM Regression #15051 (Incomplete): Host(s) Aliases using Domains fail to resolve: It may be best to troubleshoot/discuss further on the forums to narrow down the issue given that we cannot reproduce it. Marcos M
05:08 PM Regression #15051: Host(s) Aliases using Domains fail to resolve: Marcos M wrote in #note-3:
> > Aka google.com in an alias, all clients going to google.com should be diverted from WA... John Smith
05:05 PM Regression #15051 (Not a Bug): Host(s) Aliases using Domains fail to resolve: > Aka google.com in an alias, all clients going to google.com should be diverted from WAN to OpenVPN for that domain,... Marcos M
02:30 AM Regression #15051: Host(s) Aliases using Domains fail to resolve: Danilo Zrenjanin wrote in #note-1:
> I couldn't confirm that behavior on the 23.09.1 pfSense Plus release.
Hey Dani... John Smith
08:58 PM Feature #10271 (Feedback): Large number of VLAN/LANs make "Interfaces" menu hard to access: With the overflow fix in, handling this likely requires a longer-term general UX change. Marcos M
06:47 PM Feature #10271: Large number of VLAN/LANs make "Interfaces" menu hard to access: As far as I understand it is not a duplicate. The other linked topic talks about the problem with the top menubar bei... Jens Groh
04:52 PM Feature #10271 (Duplicate): Large number of VLAN/LANs make "Interfaces" menu hard to access: Marcos M
07:26 PM Bug #15210: Firewall Rules not deleting: I have an issue where I believe it may be a bug in the WebGUI for the firewall filters. I previously created a filter... Ricaardo Garcia
07:17 PM Bug #15210 (Not a Bug): Firewall Rules not deleting: I have an issue where I believe it may be a bug in the WebGUI for the firewall filters. I previously created a filter... Ricaardo Garcia
05:21 PM Feature #15209 (New): Option to specify custom user home directory paths: There are plenty of reasons not to have a home directory in /home/username
There should be the option of specifyin... Ronald Antony
04:55 PM Feature #7943: Overflow scrolling for top navigation drop-down menus in Fixed mode: Applied in changeset commit:79025bde07a7c9f9b4d6d80be3c2efca9f1bd2c4. Marcos M
04:51 PM Feature #7943 (Feedback): Overflow scrolling for top navigation drop-down menus in Fixed mode: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/1127
The CSS fix works for Firefox / Chromium, desktop... Marcos M
04:46 PM Revision 79025bde: Add scroll when nagivating menus overlfow. Fix #7943: Marcos M
04:27 PM Bug #15194 (Incomplete): PHP Fatal error in easyrule CLI: I was not able to reproduce this. The error points to an issue writing the backup cache:... Marcos M
03:45 PM Bug #15146: Outbound NAT rules need re-applied after restore in different hardware: This may have been an indirect result of #15197 Marcos M
03:42 PM Regression #15206 (Resolved): Deleting OpenVPN server or client on 24.03 release gives an error: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/1126 Marcos M
06:13 AM Regression #15206 (Resolved): Deleting OpenVPN server or client on 24.03 release gives an error: Attempt delete OpenVPN server or client on 24.03 release gives an error.
24.03-DEVELOPMENT (amd64)
built on Fri Jan... aleksei prokofiev
03:40 PM Revision e022d8cd: Use the correct function parameters. Fix #15206: Marcos M
03:30 PM Feature #855 (Feedback): Ability to selectively kill states on gateway recovery: Applied in changeset commit:30d46b63834444e9a7a4af310a5d8aaf94baf01a. Marcos M
03:30 PM Bug #12920 (Feedback): Gateway behavior differs when the gateway does not exist in the configuration: Applied in changeset commit:17e64d8dc879e2282a95291621f4192f841f6cc5. Marcos M
03:30 PM Bug #12942 (Feedback): Code to kill states for old gateway when reconnecting an interface is incorrect: Applied in changeset commit:b4df50f412a219e7c58563adb47fe1eabb2c405f. Marcos M
03:21 PM pfSense Docs New Content #15208 (Resolved): Document the new gateway recovery state killing feature: Feature details here:
https://redmine.pfsense.org/issues/855 Marcos M
03:18 PM Revision 30d46b63: Kill states on gateway failover recovery. Implement #855: Marcos M
03:18 PM Revision 17e64d8d: Sync generated gateways to config. Fix #12920: Marcos M
03:18 PM Revision b4df50f4: Remove old state killing colde. Fix #12942: For rc.newwanip, it's redundant to kill specific states before killing
all states. For ppp-linkup, state killing is a... Marcos M
01:13 PM Feature #15207: DynDNS - Missing update KEY: !
!clipboard-202401280813-wtbis.png!
! Matt Keys
12:55 PM Feature #15207 (Incomplete): DynDNS - Missing update KEY: I apologize if this has already been reported, or already exists as a feature request. I did search previous to post,... Matt Keys
07:39 AM Bug #14919: OpenVPN forms invalid ``route`` statements for empty local networks: Tested on
24.03-DEVELOPMENT (amd64)
built on Fri Jan 26 9:00:00 MSK 2024
FreeBSD 15.0-CURRENT
The issue still p... aleksei prokofiev
05:04 AM Bug #15178: ACB (autoconfig backup) restore always returns could not decrypt despite proper password: Tested on
24.03-DEVELOPMENT (amd64)
built on Wed Jan 17 6:00:00 UTC 2024
FreeBSD 15.0-CURRENT
I am unable to ... aleksei prokofiev
04:55 AM Todo #15188: Remove deprecated OpenVPN hardware crypto engine option: Tested on
23.09.1-RELEASE (amd64)
built on Wed Dec 20 21:27:00 MSK 2023
FreeBSD 14.0-CURRENT
24.03-DEVELOPMENT... aleksei prokofiev
02:41 AM pfSense Plus Bug #14401: Changing from Switchport to Discrete Interface in VGA/Serial Console Breaks Port Status Monitoring: possibly related? https://redmine.netgate.com/issues/12480 Jordan G
02:24 AM pfSense Plus Bug #14894: Password protected console login prompt does not render properly on 4100/6100/8200 serial console: seems present on ARM-based as well, when connecting with 1100 console, this is all we see of the first line after con... Jordan G
02:10 AM pfSense Plus Bug #15205 (Not a Bug): Changing a WAN type interface from DHCP to static IPv4 address causes WAN to appear in DHCP server configuration: WAN interface currently using IPv4 DHCP type address, switch this interface to static, enter IP, create gateway, save... Jordan G
01:30 AM Feature #15204 (New): pfSense email notification: support STARTTLS without authentication: According to the NET_SMTP documentation (https://github.com/pear/Net_SMTP):... Craig Coonrad
01:23 AM pfSense Packages Bug #15190 (Pull Request Review): PHP error from RRD Graphs when resolution is null: https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/385 Christopher Cope
01:08 AM Feature #15203 (New): Option to allow customized user home directory permissions to be preserved: It is well intentioned and improves system security in general, that proper home directory ownerships are maintained.... Ronald Antony
12:30 AM Bug #15195: PHP error if config contain <ppps></ppps> empty tag: Lev Prokofev wrote:
> The error occurs on boot if the config containing <ppps></ppps>
>
> tested on
>
>
>
... Kris Phillips
12:28 AM Bug #14996: Kea DHCP PHP error from WINS server value: Jared Hendrickson wrote in #note-2:
> I opened a PR this morning that contains a fix for this: https://github.com/pfs... Kris Phillips
12:21 AM Bug #12774: Picture widget image is not saved in backup: Ronald Antony wrote in #note-6:
> Viktor Gurov wrote in #note-3:
> > But we can only backup image data if the "Incl... Kris Phillips

01/27/2024

11:51 PM pfSense Packages Bug #15190: PHP error from RRD Graphs when resolution is null: More information: The code is being hit when using the custom Time Period. The code attempts to subtract the resoluti... Christopher Cope
11:34 PM Bug #15122: PHP errors in LDAP server prevent it from falling back to Local Database: Danilo Zrenjanin wrote in #note-4:
> The firewall couldn't reach the LDAP server and I couldn't replicate that on 23... Christopher Cope
02:34 PM Bug #15122: PHP errors in LDAP server prevent it from falling back to Local Database: The firewall couldn't reach the LDAP server and I couldn't replicate that on 23.09.1.
Is there any specifically w... Danilo Zrenjanin
11:08 PM Feature #855: Ability to selectively kill states on gateway recovery: Henniee Walterson wrote in #note-26:
> it might be useful to implement the recover state killing in the gateway sect... Alex Viper_Rus
10:32 PM pfSense Packages Feature #15199: Unable to add user defined options to /etc/ssh/sshd_config due to its dynamic nature and no UI to add additional configuration options: So, looking at */etc/sshd* I find this section:... Ronald Antony
09:36 PM pfSense Packages Feature #15199 (Rejected): Unable to add user defined options to /etc/ssh/sshd_config due to its dynamic nature and no UI to add additional configuration options: In order to run a user with scponly privileges
(see: https://forum.netgate.com/topic/185794/there-s-absolutely-no-u... Ronald Antony
10:28 PM pfSense Plus Bug #15202 (New): Add Option for Network Portion of Subnet "Wildcard" for IPv6 Rules: Filtering hosts with IPv6 is extremely difficult when utilizing an upstream provider that is providing a Prefix Deleg... Kris Phillips
10:04 PM Bug #12774: Picture widget image is not saved in backup: Viktor Gurov wrote in #note-3:
> But we can only backup image data if the "Include extra data" option is checked.
... Ronald Antony
10:00 PM Feature #15201 (Rejected): Unified mechanism for update notifications: It would be nice if there were a unified mechanism of notifying admins of
- updates to the base system
- updates to... Ronald Antony
09:44 PM pfSense Docs New Content #15200 (Rejected): usermanager privileges have ZERO documentation on the "User - System: Copy files to home directory (chrooted scp)" privileges setting/setup: The manual section which should have this documented, is glaringly empty:
https://docs.netgate.com/pfsense/en/late... Ronald Antony
09:29 PM pfSense Packages Feature #15198 (Rejected): System_Patches package should advertize on the dashboard, or send notifications, if there are recommended patches available: As non-full-time sysadmin, not only do I not regularly monitor the dashboard, I do even less regularly (read: never) ... Ronald Antony
07:55 PM Regression #15197 (Feedback): Outbound NAT rules using an alias without a matching address family create unexpected PF rules: Applied in changeset commit:4f90b67bb214521e5fc554fa24e97a0b283ad8c3. Marcos M
07:40 PM Regression #15197 (Waiting on Merge): Outbound NAT rules using an alias without a matching address family create unexpected PF rules: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/1125 Marcos M
07:20 PM Regression #15197 (Resolved): Outbound NAT rules using an alias without a matching address family create unexpected PF rules: Create an Outbound NAT rule with:
- @Do not NAT@ checked
- @IPv4+IPv6@ for address family
- Source @<interface> su... Marcos M
07:53 PM Bug #12920 (Pull Request Review): Gateway behavior differs when the gateway does not exist in the configuration: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/1124
This change makes sure gateways are added to the co... Marcos M
07:43 PM Feature #15183: Add per-rule option to set PF State Policy (if-bound vs floating): Firewall State Policy option is added:
pfctl -sr results:
+interface bound state:+
pass in quick on em0 r... Alhusein Zawi
07:39 PM Revision 4f90b67b: Check for empty hosts when generating outbound NAT rules. Fix #15197: Make sure that there's a valid host when calling
filter_nat_rules_generate_if() and add missing new lines. Marcos M
07:37 PM Bug #11418 (Resolved): 'NAT-T: Force' is broken for IPv6 IPsec: Tested on 24.03-DEVELOPMENT (built on Fri Jan 26 9:00:00 MSK 2024)
There is no any issue with 'NAT-T: Force'. I wa... Azamat Khakimyanov
12:44 PM Regression #14078: Traffic graph shows half actual throughput when switching back to the graph: As I mentioned in the related Redmine, the issue is still present and I need to run with my local fix Patrik Stahlman
11:57 AM Regression #14078: Traffic graph shows half actual throughput when switching back to the graph: Related to https://redmine.pfsense.org/issues/14933 Danilo Zrenjanin
11:55 AM Regression #14078 (Feedback): Traffic graph shows half actual throughput when switching back to the graph: I can not reproduce this on 23.09.1.
Google Chrome for MacOS.
The download speed in the /status_graph.php remains ... Danilo Zrenjanin
12:39 PM Bug #14933: Traffic Graph widget displays bandwidth usage values which are half the actual usage amount: This problem is still reproducable for me on pfSense Plus 23.09.1-RELEASE. It might not happen every time you switch ... Patrik Stahlman
12:09 PM Bug #14933: Traffic Graph widget displays bandwidth usage values which are half the actual usage amount: Related to https://redmine.pfsense.org/issues/14078 Danilo Zrenjanin
12:09 PM Bug #14933 (Feedback): Traffic Graph widget displays bandwidth usage values which are half the actual usage amount: I can not reproduce this behavior on 23.09.1.
Google Chrome for MacOS.
The download speed in the widget remain... Danilo Zrenjanin
04:03 AM Feature #8794: NTP authentication support: @Marcos M
Is there something I need to do to get this merged? The PR still has the changes requested label applied e... Matthew Ray
01:01 AM pfSense Plus Bug #15196 (Not a Bug): AWS ena interfaces can become unstable/stop responding: On AMD Epyc hardware in AWS, pfSense Plus ena interfaces can lose their IP addressing and then stop responding entire... Kris Phillips

Also available in: Atom

Project

General

Profile

pfSense

Activity

Activity

02/25/2024

02/24/2024

02/23/2024

02/22/2024

02/21/2024

02/20/2024

02/19/2024

02/18/2024

02/17/2024

02/16/2024

02/15/2024

02/14/2024

02/13/2024

02/12/2024

02/11/2024

02/10/2024

02/09/2024

02/08/2024

02/07/2024

02/06/2024

02/05/2024

02/04/2024

02/03/2024

02/02/2024

02/01/2024

01/31/2024

01/30/2024

01/29/2024

01/28/2024

01/27/2024