Project

General

Profile

Activity

From 01/30/2024 to 02/28/2024

02/28/2024

11:38 PM pfSense Plus Feature #15295 (New): State Filter Rule ID needs clarification
Not sure if this is a feature request but this isn't a bug.
See the forum post for details - https://forum.netgate... Mike Moore
04:17 PM pfSense Packages Bug #15222 (Resolved): HTTP_Inspect Preprocessor Engine: wrong legend on parameters
PR merged, thanks! Jim Pingle
04:17 PM pfSense Packages Feature #15260 (Resolved): Snort IPS False Positives and Preprocessor Rules Misconfiguration
PR merged, thanks! Jim Pingle
03:20 PM pfSense Packages Todo #15294: Naming “Custom Name” of Interface the same as “Interface” on pfSense in “Interface assignment”
I mean “INT_OFFICE_LAN” *would be much usable and informative* than “igb5” Sergei Shablovsky
03:18 PM pfSense Packages Todo #15294 (Rejected): Naming “Custom Name” of Interface the same as “Interface” on pfSense in “Interface assignment”
Brilliant pfSense DevTeam !
Naming “Custom Name” of Interface in ntopng “Interface - Details” the same as “Interfa... Sergei Shablovsky
01:46 PM Bug #12673: Firewall Logs Dashboard Widget is slow and may fail to update
Please update firewall log widget, with attached code
Steve,
- It is probably not complex, but never the less, W... Louis B

02/27/2024

10:10 PM pfSense Plus Feature #13227: Group-based Mobile IPsec Virtual Address Pool assignment via RADIUS
@Netgate - is there zero chance of this simple but VERY usefull feature to surface in pfSense? Some of your people ha... Tue Madsen
06:17 PM Bug #14290: ICMPv6 Path MTU Discovery breaks with NPT
I've managed to reproduce (what I believe is) your problem in a test case, and the expected fix also fixes that.
Tha... Kristof Provost
10:32 AM Bug #14290: ICMPv6 Path MTU Discovery breaks with NPT
So those backtraces are functionally identical. That would suggest that the reason you're not getting the icmp error ... Kristof Provost
03:17 PM Feature #15293: Set LEVEL OF IMPORTANCE for Pushover notifications
cronjob parser automatically find the depends and sending notifications with an *APPROPRIATE LEVEL*.
For example: ... Sergei Shablovsky
03:00 PM Feature #15293: Set LEVEL OF IMPORTANCE for Pushover notifications
P.S.
In this case not necessarily need to make options in System/Advanced/Notification/Pushover WebGUI for depends b... Sergei Shablovsky
02:50 PM Feature #15293 (New): Set LEVEL OF IMPORTANCE for Pushover notifications
Brilliant pfSense Dev Team!
Pushover service (like an all notifications services nowadays) HAS SEVERAL NOTIFICATIO... Sergei Shablovsky
02:11 PM Bug #15290: speedtest-cli returning 403 Forbidden
Alex Rosenberg wrote:
> The speedtest-cli tool is currently returning 403 Forbidden for all queries for me. When it ... Sergei Shablovsky
02:04 PM Bug #15290: speedtest-cli returning 403 Forbidden
Jim Pingle wrote in #note-1:
> Speed tests from the firewall itself are not generally useful, so we discourage the p... Sergei Shablovsky
10:03 AM Bug #14854: Packets are passed through dummynet twice when using ``route-to`` leading to half the expected bandwidth
Greetings,
The current state of the Multi-WAN limiter functionality has been unfortunately problematic for quite som... Marco Goetze
09:02 AM pfSense Packages Bug #14676: Listening Port option in the Tailscale configurator is not respected
The same behaviour on
23.09.1-RELEASE (amd64)
built on Tue Jan 30 15:33:00 MST 2024
FreeBSD 14.0-CURRENT
If us... aleksei prokofiev

02/26/2024

09:11 PM Bug #14290: ICMPv6 Path MTU Discovery breaks with NPT
traceroute -6 --mtu -I 2001:4860:4860::8844 which did return a packet too big response, gave:... John S
06:41 PM Bug #14290: ICMPv6 Path MTU Discovery breaks with NPT
To be clear: I'd expect things to just work if both of your WANs have the same MTU, and maybe not if they don't.
Y... Kristof Provost
05:00 PM Bug #14290: ICMPv6 Path MTU Discovery breaks with NPT
Ok thank you, ah it doesn't seem to be working in my setup.
No I'm not running the traceroute on pfsense, I'm runn... John S
10:52 AM Bug #14290: ICMPv6 Path MTU Discovery breaks with NPT
Yes, the fix is included in that snapshot build.
I had a theory about why it might not be working for you, but it ... Kristof Provost
08:55 PM Regression #14970: Static ARP assignments lose ``permanent`` flag in ARP table
Michele D'Alessio wrote in #note-26:
> Christian McDonald wrote in #note-25:
> > We pulled in a patch that might fi... Christian McDonald
08:55 PM Regression #14970 (Feedback): Static ARP assignments lose ``permanent`` flag in ARP table
Christian McDonald
08:53 PM Regression #14970: Static ARP assignments lose ``permanent`` flag in ARP table
Christian McDonald wrote in #note-25:
> We pulled in a patch that might fix this. Check out the latest 24.03 develop... Michele D'A.
02:00 PM Bug #15290 (Rejected): speedtest-cli returning 403 Forbidden
I can't reproduce this on a current CE or Plus install. Probably a temporary upstream issue or something with your ar... Jim Pingle
01:49 PM pfSense Packages Feature #12658 (Closed): Adding prometheus metrics to darkstat
Jim Pingle
03:41 AM pfSense Packages Feature #12658: Adding prometheus metrics to darkstat
I think we can close this out:... Karim Elatov
01:46 PM Bug #15289 (Not a Bug): Dashboard show's some data twice every interval
Jim Pingle
12:45 PM Bug #10980: ``/etc/rc.local`` script content is executed at login instead of during boot sequence
Jordan G wrote in #note-5:
> confirm startup scripts added (as described here - https://docs.netgate.com/pfsense/en/... alzee bum
09:51 AM pfSense Packages Bug #15292 (Duplicate): Certificate renewal with 'dns_inwx.sh' not working: Error add txt for domain:_acme-challenge.foo.bar
Hello,
we use Acme-package to obtain a wildcard certificate for our domain. It has always worked well.
Lately, t... Lorenzo Marroccoli
09:35 AM Bug #15291 (New): Error on Traffic Shaper 0% Bandwidth
Link to post on pfSense Forum:
https://forum.netgate.com/topic/186137/error-on-traffic-shaper-0-bandwidth?_=1708915... Pavan K
07:32 AM Bug #15165: Early boot hangs on pfSense CE
I have tested and works, I add just 20 seconds but is a value that we can adjust, but looks like we found the patch u... Peter Moreno

02/25/2024

09:24 PM Bug #15290 (Rejected): speedtest-cli returning 403 Forbidden
The speedtest-cli tool is currently returning 403 Forbidden for all queries for me. When it does work, it is often li... Alex Rosenberg
07:08 PM pfSense Packages Bug #15274: HAProxy Configuration Changes Require pfSense Reboot to Take Effect
Kris Phillips wrote in #note-2:
> Tested this on 23.09.1 with HAProxy 0.63_2. I'm not able to reproduce this. Chan... Zachary Cohen
03:37 AM pfSense Packages Bug #15274 (Incomplete): HAProxy Configuration Changes Require pfSense Reboot to Take Effect
Tested this on 23.09.1 with HAProxy 0.63_2. I'm not able to reproduce this. Changing any frontend or backend settin... Kris Phillips
09:57 AM Bug #15289: Dashboard show's some data twice every interval
Oh dear....
I just found out that this user's had their Chrome/Google browser and settings set to translate English ... Guido Glaus
09:38 AM Bug #15289: Dashboard show's some data twice every interval
See attached recording (same on 2.7.2) Guido Glaus
08:49 AM Bug #15289: Dashboard show's some data twice every interval
Hello Chris,
I added the time zone in case it is taken into account somewhere. Guido Glaus
03:31 AM Bug #15289: Dashboard show's some data twice every interval
Hello Guido,
So, to clarify, the time is first presented in English and then reloads shortly after in the localiza... Kris Phillips
04:01 AM pfSense Plus Feature #15284: Specify a Device parameter for Pushover Notifications
Or even better - just add an input field for *Custom Options* where the user can input _any_ of the optional paramete... Michael Klein
03:43 AM Bug #15282: Users with Deny Config Write privilege can trigger some VLAN interface operations
Tested this on 24.03 builds from Feb 23rd. Can confirm this issue is present. Kris Phillips
01:19 AM pfSense Packages Bug #15222: HTTP_Inspect Preprocessor Engine: wrong legend on parameters
This fix for this bug has been posted as part of this pull request: https://github.com/pfsense/FreeBSD-ports/pull/134... Bill Meeks
01:18 AM pfSense Packages Feature #15260: Snort IPS False Positives and Preprocessor Rules Misconfiguration
The fix for this feature request/bug fix has been posted as part of this pull request: https://github.com/pfsense/Fre... Bill Meeks
12:05 AM Todo #15265 (Resolved): Remove ``jquery-treegrid`` unit testing files
Files are removed on... Christopher Cope

02/24/2024

07:58 PM Bug #15289 (Not a Bug): Dashboard show's some data twice every interval
Connected trough a "slow" Anydesk connection to a pfsense 2.6 or 2.7.2 Router with timezone set to Europe/Zurich and ... Guido Glaus

02/23/2024

08:09 PM Bug #14290: ICMPv6 Path MTU Discovery breaks with NPT
May I ask if this is included in 24.03-DEVELOPMENT (amd64)? As I have tested again on the latest build 24.03.a.202402... John S
06:38 PM Regression #14970: Static ARP assignments lose ``permanent`` flag in ARP table
We pulled in a patch that might fix this. Check out the latest 24.03 development snapshots. Christian McDonald
06:22 PM Regression #14970: Static ARP assignments lose ``permanent`` flag in ARP table

Is there a workaround? Michele D'A.
05:24 PM pfSense Packages Bug #15008 (Resolved): SID MGMT list action to download a single conf file leads to a 502 Bad Gateway error
Jim Pingle
05:03 PM pfSense Packages Bug #15008: SID MGMT list action to download a single conf file leads to a 502 Bad Gateway error
This issue has been resolved. Please mark this issue RESOLVED.
Thanks, Bill Bill Meeks
04:25 PM Bug #15288 (Resolved): ``loader.conf`` may be missing ``loader_conf_files`` so ``loader.conf.lua`` may not be parsed
In some situations @/boot/loader.conf@ is missing the line which tells the loader to read @loader.conf.lua@:... Jim Pingle
03:27 PM pfSense Packages Bug #15048: Snort large memory consumption when updating
You state _"Snort since the last updates uses a lot of memory when updating..."_ . What updates specifically? Updates... Bill Meeks
09:29 AM Bug #15287 (New): hw.ix.unsupported_sfp=1 parameter for ix driver not working
When using ix driver with an Intel 82599ES chipset the driver seem not to support anymore the hw.ix.unsupported_sfp=1... Eric Chaubert

02/22/2024

11:05 PM Bug #15110: pfSense hangs when rebooting
Customer reported this issue utilizing a Dogfish 2242 M.2 SSD. Model SSDMCEAC060B3A. Customer ticket 2396258146. Kris Phillips
10:02 PM Bug #15165: Early boot hangs on pfSense CE
Make sense what u say.
I will try your steps, on which OS version are you running HyperV?
Thanks. Peter Moreno
09:20 PM Bug #15165: Early boot hangs on pfSense CE
I too have Hyper-V and have reoccurring boot hang issues.
Today, had a hang and went to boot, which froze. Turned... Terry Barnes
07:00 PM pfSense Docs Correction #15286 (Rejected): Wireguard Remote Access Config Recipe Typo
The split-tunnel configuration example here is incorrect:
https://docs.netgate.com/pfsense/en/latest/recipes/wiregua... Kris Phillips
05:54 PM Feature #14483: Conditionally reconfigure IPsec VTI interfaces only when necessary while applying IPsec changes
No time for this release, hopefully the next. Jim Pingle
05:53 PM Bug #15285 (Duplicate): Adding interfaces breaks FRR routing over IPsec
Pretty certain this is a duplicate of #14483 (or at least solving that would also solve this, or seems likely to) Jim Pingle
05:26 PM Bug #15285 (Duplicate): Adding interfaces breaks FRR routing over IPsec
When adding a new interface quite a few things happen which I believe are by design on pfSense but noticed something ... Mike Moore
01:44 PM Bug #14661 (Closed): ``dpinger`` can unintentionally choose an IPv6 VIP for a monitoring source
Jim Pingle
07:59 AM Bug #14661: ``dpinger`` can unintentionally choose an IPv6 VIP for a monitoring source
Seems to be resolved in 2.7.2 Hannes Scherbichler
03:14 AM pfSense Plus Feature #15284 (New): Specify a Device parameter for Pushover Notifications
Hello,
Can you please add the ability to specify a DEVICE parameter for Pushover notifications so that a notificat... Michael Klein
01:37 AM Feature #15283: MANUALS VIDGET in a Dashboard
Jim Pingle wrote in #note-1:
> There is already a help link to relevant documentation on every page.
>
> There is... Sergei Shablovsky
01:30 AM Feature #15283 (Rejected): MANUALS VIDGET in a Dashboard
There is already a help link to relevant documentation on every page.
There is already a notes widget if someone w... Jim Pingle
01:28 AM Feature #15283 (Rejected): MANUALS VIDGET in a Dashboard
Brilliant pfSense DevTeam!
Would be great to adding Dashboard “MANUALS” vidget that display a link (several links)... Sergei Shablovsky
01:34 AM pfSense Docs New Content #15278: Switch from IPv4 to IPv6 + Add IPv6 capability to exist IPv4-only configuration
Better FROM USER PERSPECTIVE no to surfing on hundreds of pages of whole Docs, but reading one document with step-by-... Sergei Shablovsky
01:32 AM pfSense Docs New Content #15278: Switch from IPv4 to IPv6 + Add IPv6 capability to exist IPv4-only configuration
Jim Pingle wrote in #note-1:
> We already add IPv6 content where we can over time, but the current state of ISPs/ser... Sergei Shablovsky

02/21/2024

11:48 PM Bug #15282 (Resolved): Users with Deny Config Write privilege can trigger some VLAN interface operations
A user with the Deny Connfig Write privilege set but access to the interfaces config pages can try to create VLANs an... Steve Wheeler
10:49 PM Bug #15110: pfSense hangs when rebooting
Another user having this issue on a 5100. 2396258146 Christopher Cope
09:09 PM Feature #14802: Re-enable multiqueue support for virtio NIC
The issue is discussed in this forum thread https://forum.netgate.com/topic/138174/pfsense-vtnet-lack-of-queues. Howe... Christopher de Haas
08:49 PM pfSense Packages Todo #15281 (Resolved): Upgrade Tailscale to 1.6.0
Plus 24.03 has tailscale-1.56.1 available in the Package Manager. Would be great to pull in 1.6.0 if possible. Chris W
08:11 PM pfSense Plus Feature #15280: Boot Environments 2.0
!clipboard-202402211511-mlhlp.png!
 Christian McDonald
07:59 PM pfSense Plus Feature #15280 (Closed): Boot Environments 2.0
Changes:
* Configuration History is now a separate page and is no longer part of Backup & Restore.
* Configuratio... Christian McDonald
04:37 PM Bug #15171: Removing an IPsec Phase 1 entry can either remove the wrong Phase 2 entries or leave orphaned Phase 2 entries in the configuration

Reproduced the same issue in PLUS version 23.09.1 ​​and the issue persisted.
Follow the video of the BUG simulatio... DBACORP DBACORP
03:48 PM pfSense Docs New Content #15278 (Rejected): Switch from IPv4 to IPv6 + Add IPv6 capability to exist IPv4-only configuration
We already add IPv6 content where we can over time, but the current state of ISPs/servers (especially in the US, wher... Jim Pingle
04:29 AM pfSense Docs New Content #15278 (Rejected): Switch from IPv4 to IPv6 + Add IPv6 capability to exist IPv4-only configuration
Dear Brilliant pfSense DevTeam!
REASON
- most of all network equipment (from home teapot and fridge to servers, r... Sergei Shablovsky
03:45 PM Feature #15276: Support JSON content for URL type firewall aliases
Not a bug, it's a feature request.
Not sure how viable it would be as there isn't really a standard for that and w... Jim Pingle
03:23 AM Feature #15276 (New): Support JSON content for URL type firewall aliases
Brilliant pfSense DevTeam!
WHERE
In Firewall / Aliases, URLs tab(selector)
CASE
JSON need to be allowed in “U... Sergei Shablovsky
03:43 PM Bug #15275 (Needs Patch): 56 GbE on Mellanox ConnectX-3 cards not functioning properly
That would be up to FreeBSD to add support for those cards/modes - If you try them on a stock FreeBSD 14 installation... Jim Pingle
03:34 PM Bug #15279 (Duplicate): When deleting phase 1 ipsec removes phase 2 of the other VPN's in the GUI and loses communication
Duplicate of #15171 Jim Pingle
03:31 PM Bug #15279 (Duplicate): When deleting phase 1 ipsec removes phase 2 of the other VPN's in the GUI and loses communication
Good morning,
Discovering a BUG in IPSEC version 23.09.1 ​​​​​​​​​​and 23.09 in both AWS and AZURE in summer PLUS,... DBACORP DBACORP
01:55 PM pfSense Packages Feature #9141: FRR xmlrpc
No progress here obviously, just wanted to add that in the mean time I'm using a workaround: every time i change some... Adrian Dascalu
11:25 AM Regression #14078 (Confirmed): Traffic graph shows half actual throughput when switching back to the graph
We are waiting for the pull request:
https://redmine.pfsense.org/issues/14933 Danilo Zrenjanin
11:24 AM Bug #14933 (Confirmed): Traffic Graph widget displays bandwidth usage values which are half the actual usage amount
Danilo Zrenjanin
11:16 AM Bug #14933: Traffic Graph widget displays bandwidth usage values which are half the actual usage amount
I was able to replicate the issue using Safari on macOS.
Tests conducted against:... Danilo Zrenjanin
09:48 AM Feature #12564: add column to show that an Alias is in use by or not
khaled osama wrote:
> can you add column to show that an Alias is in used or not
> and it is clickable to show wher... Conny Molin
08:04 AM pfSense Plus Bug #14005: SFP Interfaces not available with Traffic Shaper in v23.01
It has been 7 months since the last reply. Is this problem to be looked at or not? At the moment I cannot use the tra... Brendon Flint
03:59 AM Todo #15277 (New): Allow mixed source (URL (IPs), URL Table (IPs), Host(s) and Network(s) IN OND ALIAS
Dear Brilliant pfSense DevTeam!
WHERE
in Firewall / Aliases
ARGUMENT
From firewall and user perspective ther... Sergei Shablovsky
03:28 AM Feature #15022: Allow overriding text scrolling during package install/uninstall
Yes, that way you can review what versions of package dependencies installed and or got adapted if something goes wro... Jonathan Lee
02:11 AM Feature #15022: Allow overriding text scrolling during package install/uninstall
Jonathan Lee wrote in #note-2:
> It will only allow you to look back one page after it completes the install. It is ... Christian McDonald

02/20/2024

11:49 PM Bug #15275 (Needs Patch): 56 GbE on Mellanox ConnectX-3 cards not functioning properly
x86 server, pfSense 2.7.2, Mellanox ConnectX-3 NIC
Connecting to Mellanox 6036G switch over original Mellanox DAC ... Piotr Oleszkiewicz
11:44 PM pfSense Packages Feature #12918: pfBlockerNG-devel changes from xmlrpc sync do not take effect immediately
did anyone figure out how to manually fix this my editing the code ? Israel Goldstein
09:54 PM pfSense Packages Bug #15274: HAProxy Configuration Changes Require pfSense Reboot to Take Effect
Zachary Cohen wrote:
> As originally reported here (https://forum.netgate.com/topic/172972/haproxy-config-changes-not... Zachary Cohen
09:51 PM pfSense Packages Bug #15274 (New): HAProxy Configuration Changes Require pfSense Reboot to Take Effect
As originally reported here (https://forum.netgate.com/topic/172972/haproxy-config-changes-not-loaded-pfsense-restart... Zachary Cohen
09:53 PM pfSense Packages Bug #15182: Changing backend port - status remains down
Potentially related to #15274 Zachary Cohen
09:01 PM pfSense Plus Bug #15196: AWS ena interfaces can become unstable/stop responding
User is reporting this issue manifests in relation to CPU spikes.
> Also I want to point that I have a procedure t... Craig Coonrad
07:47 PM Regression #14970: Static ARP assignments lose ``permanent`` flag in ARP table
It seems like an interim fix would be to build arp with "WITHOUT_NETLINK" defined. Denny Page
05:37 PM Regression #14970: Static ARP assignments lose ``permanent`` flag in ARP table
Looks like this might have gotten some attention upstream, will track.
https://reviews.freebsd.org/D43983 Christian McDonald
06:50 PM pfSense Plus Todo #15266: Prevent usage of the default password in User Manager accounts
Moving this so it only gets applied to Plus, since Plus is the only version for appliances where those restrictions h... Jim Pingle
03:03 PM Bug #15269 (Duplicate): DHCP static ARP entries are not static
Duplicate of #14970 Jim Pingle
02:56 PM Bug #15268 (Not a Bug): Network Prefix Translation (NPt) not properly translating the prefix for unsolicited inbound connections
You cannot map multiple internal prefixes to the same external prefix. As you see only the first one will work proper... Jim Pingle
02:53 PM Bug #15043 (Resolved): IGMP proxy works intermittently
Jim Pingle
01:12 PM Feature #15273 (New): Adding ICS Stork as service for BIND and KEA DHCP
Brilliant pfSense DevTeam!
Please add
ISC Stork for BIND and KEA services state monitoring
https://gitlab.isc.... Sergei Shablovsky
07:41 AM Todo #15271: Add information about group keys to Pushover notification settings
Better to USE THE SAME DEFINITION as in SaaS (Pushover) and certain section of pfSense settings that directly belongs... Sergei Shablovsky
07:06 AM Todo #15271: Add information about group keys to Pushover notification settings
Because the Pushover web interface not clear about that. Especially for newbies… Sergei Shablovsky
07:04 AM Todo #15271 (New): Add information about group keys to Pushover notification settings
Brilliant pfSense DevTeam!
Please Correct “User key” description in System/Advanced/Notification/Pushover
from... Sergei Shablovsky
07:41 AM pfSense Docs New Content #15272: Add information about Pushover group key behavior
Better to USE THE SAME DEFINITION as in SaaS (Pushover) and certain section of pfSense settings that directly belongs... Sergei Shablovsky
07:38 AM pfSense Docs New Content #15272: Add information about Pushover group key behavior
Because all 3 objects are different:
- Pushover account user;
- Applications;
- Delivery Groups;
And may be SEV... Sergei Shablovsky
07:35 AM pfSense Docs New Content #15272 (New): Add information about Pushover group key behavior
in Note
from
Using the Pushover API requires a Pushover account user key and API key (Pushover Registration).
... Sergei Shablovsky

02/19/2024

07:12 PM Bug #12673: Firewall Logs Dashboard Widget is slow and may fail to update
Doing so it pretty trivial. It requires almost no skill. (ask me how I know!).
Create github account.
Fork pfsense/... Steve Wheeler
06:51 PM Bug #12673: Firewall Logs Dashboard Widget is slow and may fail to update
My version of the log-widget is way faster (20 times!) than the actual version. With the same GUI and the same functi... Louis B
06:41 PM pfSense Packages Todo #15270 (Closed): ENUMER STUN
Hello,
Recently I reviewed my network activity and found lot of requests to the file http://enumer.org/public-stun... Oleg Khovayko
06:09 PM Feature #13468: FW-rule-groups, would be very, very helpfull
I discovered that interface groups, are IMHO not interface groups, but rule groups. However the GUI is not in line wi... Louis B
11:07 AM Bug #15269: DHCP static ARP entries are not static
On version 2.6.0 static arp mappings remain permanent. Michele D'A.
09:59 AM Bug #15269 (Duplicate): DHCP static ARP entries are not static
When I select the option in the DHCP server:
ARP Table Static Entry: Create an ARP Table Static Entry for this MAC... Michele D'A.

02/18/2024

11:57 PM Bug #14692: Mangled link-local addresses are being logged
Daryl Morse wrote:
> My system is logging discarded ping request messages from a link-local address, as is expected.... Daryl Morse
10:05 PM Feature #15022: Allow overriding text scrolling during package install/uninstall
It will only allow you to look back one page after it completes the install. It is like the scroll object repaints al... Jonathan Lee
07:19 PM Feature #15022: Allow overriding text scrolling during package install/uninstall
Hello Jonathan,
When the package finishes installing you should have no issues scrolling up. Let me know if this i... dylan mendez
03:34 PM pfSense Plus Feature #14976: Cleaner way to know if an interface failed
While out development team considers this, you can implement Remote Syslogs and filter all the logs through a third-p... dylan mendez
01:11 PM Bug #14996: Kea DHCP PHP error from WINS server value
Yep. I'll do it on Monday Christian McDonald
03:27 AM Bug #14996: Kea DHCP PHP error from WINS server value
Kris Phillips wrote in #note-3:
> Jared Hendrickson wrote in #note-2:
> > I opened a PR this morning that contains ... Kris Phillips
03:21 AM Bug #12764: VTI gateway status is pending after assigning the VTI interface
I can confirm this behavior. You can also simply restart the dpinger service to "kick" it out of this state.
VT... Kris Phillips
03:18 AM pfSense Docs New Content #15230 (Confirmed): Gateway status Pending
I can confirm this behavior. Typically restarting the dpinger service will correct this issue, but if you do a relea... Kris Phillips
03:12 AM pfSense Docs Todo #15267 (Rejected): Feedback on Releases — 2.7.2 New Features and Changes
The "New Features and Changes" document is for changes since the previous release, which is 2.7.1. The only change b... Kris Phillips
02:30 AM Bug #14991: Kea does not allow FQDNs for NTP servers but input validation does not prevent them from being added
Brilliant pfSense DevTeam!
Just confirm the same bug.
I reproduce the same environment and receive the same bug... Sergei Shablovsky
02:02 AM Bug #15012: NTP assigned to KEA DHCP Clients causes service to fail
Brilliant pfSense DevTeam!
Just confirm the same bug.
I reproduce the same environment and receive the same bug/beh... Sergei Shablovsky
12:16 AM Bug #15195 (Duplicate): PHP error if config contain <ppps></ppps> empty tag
https://redmine.pfsense.org/issues/14742 Christopher Cope

02/17/2024

11:58 PM Bug #15224 (Resolved): ``services_acb_settings.php`` does not fully validate value of ``frequency``, uses value without encoding
I can reproduce this on... Christopher Cope
10:56 PM Feature #15261: comcast DHCP issues
I have 4100 (ix) to Comcast cable modem. The only DHCP issue I encounter is if I move Comcast to another port. Comcas... Craig Coonrad
09:26 PM Bug #15268 (Not a Bug): Network Prefix Translation (NPt) not properly translating the prefix for unsolicited inbound connections
Unsolicited inbound traffic with the ISP prefix (external prefix) is always translated to the internal prefix specifi... machbot .
05:56 PM pfSense Docs Todo #15267 (Rejected): Feedback on Releases — 2.7.2 New Features and Changes
*Page:* https://docs.netgate.com/pfsense/en/latest/releases/2-7-2.html
*Feedback:*
I suggest the 2.7.2 release no... Steve Y
02:16 PM pfSense Plus Todo #15266: Prevent usage of the default password in User Manager accounts
Jim Pingle wrote in #note-2:
> Not only are there more and more stories about equipment being compromised due to def... Bill Meeks
02:15 PM Bug #15043: IGMP proxy works intermittently
This ticket can be closed and therefore included in the next release 2.8 or earlier (very important). Since the kerne... Martial G
01:14 AM Feature #15257 (Confirmed): Support using a mask to block MAC addresses in Captive Portal
I can duplicate this on 23.09.1. A MAC address block rule which includes a mask still allows authentication and then ... Chris W

02/16/2024

11:20 PM pfSense Plus Todo #15266: Prevent usage of the default password in User Manager accounts
Not only are there more and more stories about equipment being compromised due to default passwords and being wide op... Jim Pingle
10:22 PM pfSense Plus Todo #15266: Prevent usage of the default password in User Manager accounts
I would ask why make this change? I think the current warning is sufficient.
I would be okay with forcing a passwo... Bill Meeks
06:53 PM pfSense Plus Todo #15266 (Resolved): Prevent usage of the default password in User Manager accounts
Currently we detect in the GUI when the admin account is using the default password (@"pfsense"@) and print a warning... Jim Pingle
11:05 PM Bug #5849 (Closed): Routing fail on CARP IPsec
Closing this since it hasn't been reproduced and there have been many changes and fixes over the last 8 years in all ... Chris W
07:55 PM Bug #1819: DNS Resolver Not Registering DHCP Server Specified Domain Name
I'm a network engineer and I long ago gave up on trying to use the firewall for an authoritative DNS solution that do... Yousif Hassan
05:15 PM Todo #15265 (Feedback): Remove ``jquery-treegrid`` unit testing files
Applied in changeset commit:4e8f6cedd9c4b32b24ac3619f84e33a9a4708a29. Jim Pingle
05:07 PM Todo #15265 (Resolved): Remove ``jquery-treegrid`` unit testing files
We include the @jquery-treegrid@ library for use in the disks widget. That library includes unit testing files:
* ... Jim Pingle
04:55 PM Bug #15264 (Feedback): ``crash_reporter.php`` displays PHP Error log without encoding
Applied in changeset commit:bde72e2d864ba57f2f14e0a4005104d942cdb11d. Jim Pingle
04:45 PM Bug #15264 (Resolved): ``crash_reporter.php`` displays PHP Error log without encoding
The section of @crash_reporter.php@ that displays the PHP error log is printing that log directly without encoding th... Jim Pingle
04:50 PM Bug #15263 (Feedback): PHP error display formatting issues
Applied in changeset commit:9d78a172ec6c9b959ac1f5b321637e5009320658. Jim Pingle
04:40 PM Bug #15263 (Resolved): PHP error display formatting issues
There are multiple issues with the formatting of PHP errors in the GUI, including:
* Error/stack trace is printed ... Jim Pingle
02:32 PM Feature #15245 (Resolved): Show interface subnet details in a tooltip on the IPsec Phase 2 list
Jim Pingle
12:51 PM Feature #15245: Show interface subnet details in a tooltip on the IPsec Phase 2 list
tested, patch works correctly Georgiy Tyutyunnik
02:32 PM Feature #15234 (Resolved): Show details of system aliases in tooltip on firewall and NAT rule lists
Jim Pingle
02:12 PM Feature #15234: Show details of system aliases in tooltip on firewall and NAT rule lists
tested, patch works correctly Georgiy Tyutyunnik
11:20 AM Bug #13089 (Resolved): Some OpenVPN NetBIOS settings are kept even when NetBIOS is disabled
I was able to replicate the reported issue on the 23.09.1 pfSense Plus release.
After disabling NetBios, there we... Danilo Zrenjanin

02/15/2024

10:14 PM pfSense Docs Todo #15259: Feedback on pfSense® software Configuration Recipes — OpenVPN Site-to-Site Configuration Example with SSL/TLS
One strategy to consider - In the future I humbly suggest you state that "I close this report pending additional inf... Michael McNamara
07:33 PM pfSense Plus Bug #15262 (Confirmed): Captive Portal Has High CPU Interrupts With Large Number of Users
When 700+ Captive Portal users are in use, CPU interrupts will cause high load averages to occur. This can lead to c... Kris Phillips
07:01 PM pfSense Packages Feature #15260: Snort IPS False Positives and Preprocessor Rules Misconfiguration
Roberto@ IT and General wrote in #note-3:
> Hello Bill,
>
> The more general writeup about why rules are in specific... Bill Meeks
05:44 PM pfSense Packages Feature #15260: Snort IPS False Positives and Preprocessor Rules Misconfiguration
Hello Bill,
Thank you very much for your comment. I didn't perceive your message as an attempt to be argumentative... Roberto@ IT and General
03:02 PM pfSense Packages Feature #15260: Snort IPS False Positives and Preprocessor Rules Misconfiguration
I am the volunteer package maintainer for Snort on pfSense. The method you described above for removing rules (disabl... Bill Meeks
11:31 AM pfSense Packages Feature #15260: Snort IPS False Positives and Preprocessor Rules Misconfiguration
Above, there is a list of the preprocessor rules and decoder rules that should be enabled/disabled for each of the th... Roberto@ IT and General
11:15 AM pfSense Packages Feature #15260 (Resolved): Snort IPS False Positives and Preprocessor Rules Misconfiguration
Greetings to all from IT And General.
I would like to point out an issue that we are experiencing with the Snort p... Roberto@ IT and General
03:50 PM pfSense Packages Bug #15190 (Resolved): PHP error from RRD Graphs when resolution is null
It works fine on today's release:
I will close this ticket as resolved. Danilo Zrenjanin
01:09 PM Feature #15261 (Not a Bug): comcast DHCP issues
User reports issues with Comcast connection.
WANs intermittently stop from being able to communicate past the Comcas... Georgiy Tyutyunnik
11:17 AM Bug #15248 (Resolved): Removing a gateway group used as the default gateway results in no default route
Tested against:... Danilo Zrenjanin
10:40 AM Bug #15252 (Resolved): Egress states remain when killing states for scheduled rules
Tested against:... Danilo Zrenjanin
05:49 AM pfSense Plus Bug #14968: Google LDAP fail to bind
I suspect it is related to issue #15060, I didn't test with only one LDAP backend configured. Lev Prokofev

02/14/2024

10:37 PM pfSense Docs Todo #15259: Feedback on pfSense® software Configuration Recipes — OpenVPN Site-to-Site Configuration Example with SSL/TLS
Thanks for accepting my feedback on how I made your system work despite the documents leading me astray! Michael McNamara
10:24 PM pfSense Docs Todo #15259: Feedback on pfSense® software Configuration Recipes — OpenVPN Site-to-Site Configuration Example with SSL/TLS
I tested both Plus and CE. If it didn't work, you must have configured it improperly. Jim Pingle
10:23 PM pfSense Docs Todo #15259: Feedback on pfSense® software Configuration Recipes — OpenVPN Site-to-Site Configuration Example with SSL/TLS
I don't need assistance, instead I am reporting that it fails if I just follow the guidelines on the base page.
If... Michael McNamara
09:56 PM pfSense Docs Todo #15259 (Rejected): Feedback on pfSense® software Configuration Recipes — OpenVPN Site-to-Site Configuration Example with SSL/TLS
I'm not sure what you did wrong, but it is absolutely sufficient. I just re-tested that entire set of instructions in... Jim Pingle
09:41 PM pfSense Docs Todo #15259 (Rejected): Feedback on pfSense® software Configuration Recipes — OpenVPN Site-to-Site Configuration Example with SSL/TLS
*Page:* https://docs.netgate.com/pfsense/en/latest/recipes/openvpn-s2s-tls.html
*Text:*
Select the server insta... Michael McNamara
06:01 PM Todo #15258 (Resolved): Update Gandi LiveDNS service with API changes
In August 2023 Gandi changed how authentication works with their API. Now you need to use Personal Access Tokens and ... Matthew Drury
04:23 PM Feature #15257 (Resolved): Support using a mask to block MAC addresses in Captive Portal
Blocking a MAC address in pfSense when using a mask is not working. However, if you use the pass option and specify t... Gordon Bennett
04:16 PM Bug #14933: Traffic Graph widget displays bandwidth usage values which are half the actual usage amount
I can still reproduce this in 23.09.1 dylan mendez
04:12 PM Bug #15015: Static routes not working
The pictures are no longer there, can you please re upload. dylan mendez
08:54 AM pfSense Packages Bug #14409: pfBlockerNG Cron Redundantly Updates pfSense Configuration When DNSBL is Disabled Due to Faulty Virtual IP Count
> I've come up with a patch that sets @$vip_count@ to @0@ if DNSBL is disabled. This causes the Virtual IP counts to ... Sima Xi
05:41 AM Bug #15110: pfSense hangs when rebooting
Another one TAC ticket with the same issue
2336421939 aleksei prokofiev
05:41 AM Bug #15110: pfSense hangs when rebooting
same issue here. 6100, 23.09.1
onboard mmc died, added a WD SN520 NVME SSD.
same console output M O
01:44 AM Feature #12746: IPoE feature for WAN interface
As far as I know, a significant portion of the supply in the Japanese market is using IPoE mode, and currently, almos... Tianyi SUN

02/13/2024

04:33 PM Feature #10843: Allow user manager settings to specify multiple authentication servers
I've been thinking about this a bit lately since we've added something similar in the upcoming TNSR release.
Like ... Jim Pingle
04:16 PM Feature #10843: Allow user manager settings to specify multiple authentication servers
This feature should also include the ability to define specific failover behavior if the configured authentication se... Chris Linstruth
02:29 PM Bug #8087: Provide Calling-Station-ID to RADIUS backed VPN connections
Welp, even "my" last hack stopped working somewhere along the pfSense stable upgrade path, currently on "23.09.1-RELE... Brandon Verkada
01:49 PM Todo #15256 (Resolved): Upgrade Unbound to >= 1.19.1
Unbound 1.19.1 fixes two DoS/CPU exhaustion issues in DNSSEC validation:
https://nlnetlabs.nl/downloads/unbound/CV... Jim Pingle
12:02 PM Bug #14434: PPPoE WAN interface with VIPs causes continuous interface restarting
Steve Wheeler wrote in #note-4:
> Still present in 23.09.1
I can also confirm it is still present is the latest s... Adam French

02/12/2024

04:33 PM pfSense Docs Correction #15255 (Closed): New docs typo
Fixed, thanks!
https://gitlab.netgate.com/docs/pfSense-docs/-/commit/1a9cc91ad99c7e662d45ad85fc6a9ce324bde7bf Jim Pingle
04:18 PM pfSense Docs Correction #15255 (Closed): New docs typo
Typo in new docs (Gateway Settings):
http://stage-feature-mm-gateway_recovery.docs.netgate.com/pfsense/en/latest/rou... William Wrathbone
04:13 PM pfSense Docs Correction #15253 (Closed): New docs typo
Fixed and deployed last week: https://gitlab.netgate.com/docs/pfSense-docs/-/commit/2448141188ae72159faaac282a641c1f4... Jim Pingle
03:48 PM pfSense Docs Correction #15253 (Closed): New docs typo
Typo in new docs for gateway recovery:
http://stage-feature-mm-gateway_recovery.docs.netgate.com/pfsense/en/latest/r... William Wrathbone
04:13 PM pfSense Docs Correction #15254 (Closed): Docs typo
Fixed and deployed (along with some other typos):
https://gitlab.netgate.com/docs/pfSense-docs/-/commit/2dd28e37b2... Jim Pingle
03:49 PM pfSense Docs Correction #15254 (Closed): Docs typo
https://docs.netgate.com/pfsense/en/latest/multiwan/considerations.html
(probably should be "...to the DNS forwarder... William Wrathbone
02:32 PM pfSense Packages Bug #15190 (Feedback): PHP error from RRD Graphs when resolution is null
MR merged. Jim Pingle

02/11/2024

04:23 PM Bug #15248: Removing a gateway group used as the default gateway results in no default route
Confirmed
!clipboard-202402111023-shtvn.png!
 dylan mendez

02/10/2024

11:36 PM pfSense Packages Bug #15190 (Pull Request Review): PHP error from RRD Graphs when resolution is null
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/387 Christopher Cope
10:56 PM Bug #12942 (Resolved): Code to kill states for old gateway when reconnecting an interface is incorrect
Marcos M
10:53 PM Feature #855 (Resolved): Ability to selectively kill states on gateway recovery
This has been working well in 24.03 snapshots. Documentation is available at:
https://docs.netgate.com/pfsense/en/lat... Marcos M
10:17 PM Bug #13226 (Resolved): Disconnecting a user from Captive Portal may allow previously established connections to continue
Marcos M
10:15 PM Feature #11556 (Resolved): Kill states using the pre-NAT address
I separated that issue into its own report: https://redmine.pfsense.org/issues/15252 Marcos M
10:10 PM Bug #15252 (Feedback): Egress states remain when killing states for scheduled rules
Applied in changeset commit:c489213a62b68902bd673f782d59b3888d2bd6da. Marcos M
10:00 PM Bug #15252 (Resolved): Egress states remain when killing states for scheduled rules
When a schedule expires and states are killed, the opposite state (e.g. on the WAN side) remains.
Reported here: h... Marcos M
06:57 PM Feature #15251 (New): Show network preview in rules page
For common networks (LAN, WAN, OPT, etc), it would be nice if you could show a preview of the network that's selected... Jon Moeller
01:02 PM pfSense Plus Regression #14828: QAT is not being used by some daemons
Post 23.09 iss there intent to expand QAT capabilities beyond the set currently used by pfSense, including 'user-spac... Rob A

02/09/2024

07:44 PM Bug #15156: Fragmented packets delayed by limiters are lost
Updating subject for release notes. Jim Pingle
07:43 PM Feature #15234: Show details of system aliases in tooltip on firewall and NAT rule lists
Updating subject for release notes. Jim Pingle
07:42 PM Feature #15245: Show interface subnet details in a tooltip on the IPsec Phase 2 list
Updating subject for release notes. Jim Pingle
07:32 PM pfSense Packages Bug #15250: Potential XSS in HAProxy GUI when editing frontend listener actions or backend pool ACL actions.
Updated packages are now available. Jim Pingle
05:47 PM pfSense Packages Bug #15250 (Feedback): Potential XSS in HAProxy GUI when editing frontend listener actions or backend pool ACL actions.
Fixed in https://github.com/pfsense/FreeBSD-ports/commit/953068694131b523e8906ee70b444c59c53d3eff
Fix also merged ... Jim Pingle
05:32 PM pfSense Packages Bug #15250 (Resolved): Potential XSS in HAProxy GUI when editing frontend listener actions or backend pool ACL actions.
Both haproxy_listeners_edit.php and haproxy_pool_edit.php define a custom cell drawing function which, unlike the sta... Jim Pingle
06:41 PM pfSense Packages Feature #15249: Ability to adjust MTU & MSS on tailscale interface
Edited to specify the desire for both MTU & MSS. Christopher Cope
03:52 PM pfSense Packages Feature #15249 (In Progress): Ability to adjust MTU & MSS on tailscale interface
Easy to add a knob to set TS_DEBUG_MTU in the tailscale environment. Will add it next week. Christian McDonald
03:48 PM pfSense Packages Feature #15249 (In Progress): Ability to adjust MTU & MSS on tailscale interface
Tailscale itself has an environment variable to adjust this TS_DEBUG_MTU. However, it does seem to be primarily for t... Christopher Cope
06:22 PM pfSense Packages Feature #15242 (Resolved): Optimize calls to write_config() function in Suricata GUI to prevent creation of unnecessary config.xml backups when possible
PR merged. Jim Pingle
06:22 PM pfSense Packages Bug #15241 (Resolved): Suricata Dashboard Widget needs the same fix applied as the ALERTS tab code from Redmine #14955.
PR merged. Jim Pingle
06:21 PM pfSense Packages Bug #15240 (Resolved): Suricata GeoIP2 database download and update broken due to recent change in MaxMind API
PR merged. Jim Pingle
04:31 PM Bug #15060 (New): LDAP bind fails when authentication servers use different CA chains
Patch doesn't really help it, it's still broken or inconsistent when I try.
- One LDAP server with custom CA (not ... Jim Pingle
06:48 AM Bug #15060: LDAP bind fails when authentication servers use different CA chains
I tested the patch on the client machine (#2346370170), and both LDAP servers can bind now.
Software version:
... Lev Prokofev
03:40 PM Bug #15248: Removing a gateway group used as the default gateway results in no default route
Applied in changeset commit:b21a0e187fde6ac23162f255db902e208b8a5b80. Marcos M
03:35 PM Bug #15248 (Feedback): Removing a gateway group used as the default gateway results in no default route
Marcos M
03:31 PM Bug #15248 (Pull Request Review): Removing a gateway group used as the default gateway results in no default route
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/1136 Marcos M
03:21 PM Bug #15248 (Resolved): Removing a gateway group used as the default gateway results in no default route
There is no input validation preventing a gateway group used as the default gateway from being removed. When deleting... Marcos M
12:55 PM pfSense Plus Bug #15196: AWS ena interfaces can become unstable/stop responding

Greetings everyone,
I'm Roberto, from IT Ad General.
I'd like to provide some additional details to help b... Roberto@ IT and General
02:18 AM Bug #14854: Packets are passed through dummynet twice when using ``route-to`` leading to half the expected bandwidth
I am encountering the same issue in a multi-WAN setup. Although the upload problem (https://redmine.pfsense.org/issue... Sav Snip

02/08/2024

11:34 PM Bug #14386 (Feedback): ``openvpn.auth-user.php`` gets stuck at 100% CPU usage when RADIUS authentication times out
Should be fixed in https://github.com/pfsense/FreeBSD-ports/commit/c0a12f594ba2a873ffd5ec8974c5582e6283fbdf. The 0 by... Reid Linnemann
10:56 PM pfSense Packages Feature #15242: Optimize calls to write_config() function in Suricata GUI to prevent creation of unnecessary config.xml backups when possible
A pull request containing the fix for this issue has been posted to the RELENG_2_7_2 branch of FreeBSD-ports here: ht... Bill Meeks
10:55 PM pfSense Packages Bug #15241: Suricata Dashboard Widget needs the same fix applied as the ALERTS tab code from Redmine #14955.
A pull request containing the fix for this issue has been posted to the RELENG_2_7_2 branch of FreeBSD-ports here: ht... Bill Meeks
10:55 PM pfSense Packages Bug #15240: Suricata GeoIP2 database download and update broken due to recent change in MaxMind API
A pull request containing the fix for this issue has been posted to the RELENG_2_7_2 branch of FreeBSD-ports here: ht... Bill Meeks
10:30 PM pfSense Plus Bug #15246 (Not a Bug): Autofill services like password managers able to override blocked username field for admin user
We already include the tags to suppress them. Password manglers ignore them. Jim Pingle
09:49 PM pfSense Plus Bug #15246 (Not a Bug): Autofill services like password managers able to override blocked username field for admin user
Browsers with extensions like LastPass, BitWarden, etc. that automatically fill relevant fields are able to replace t... Kris Phillips
05:09 PM Feature #7943 (New): Overflow scrolling for top navigation drop-down menus in Fixed mode
The overflow scrolling inside the menu should only be enabled when the menu is fixed to the top of the window and rem... Jim Pingle
10:03 AM Bug #15096: Interface subnet aliases do not contain IPv6 VIPs
The reason it is not working anymore is this patch, so it looks counter-intuitive to me to open another redmine issue. Bob Dig
03:19 AM Feature #15244: Modern authentication via FIDO2 for local account authentication
Duplicate of https://redmine.pfsense.org/issues/14743 Kris Phillips

02/07/2024

08:49 PM Regression #14502: DHCPv6 Prefix Delegation (PD) not installing routes
The PD route is installed on 24.03 as well.
Regarding #note-11, that seems like a different root cause at least; I... Marcos M
08:45 PM Feature #15245 (Feedback): Show interface subnet details in a tooltip on the IPsec Phase 2 list
Applied in changeset commit:6030dd4570752752ffe3697ea263065b61acae76. Marcos M
06:50 PM Feature #15245 (Waiting on Merge): Show interface subnet details in a tooltip on the IPsec Phase 2 list
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/1135 Marcos M
06:46 PM Feature #15245 (Resolved): Show interface subnet details in a tooltip on the IPsec Phase 2 list
When <interface> subnet is selected for Phase 2 configs, show the subnet being used. Marcos M
08:36 PM pfSense Packages Todo #15119: Update nut-devel version and update startup script
Thank you Denny Page
06:54 PM pfSense Packages Todo #15119: Update nut-devel version and update startup script
The new version has been picked back to 2.7.2 and 23.09.1 - it should show up on the next build. Marcos M
04:46 PM Feature #9536: Support dynamic prefix in DHCPv6 Server
Is this also similar to 5950? https://redmine.pfsense.org/issues/5950 Are there any plans or updates on this?
Part... Joshua Cooper
04:00 PM pfSense Packages Bug #15190: PHP error from RRD Graphs when resolution is null
Danilo Zrenjanin wrote in #note-8:
> I tested the patch against:
>
> [...]
>
> After clicking the "Update Grap... Christopher Cope
11:11 AM pfSense Packages Bug #15190: PHP error from RRD Graphs when resolution is null
I tested the patch against:... Danilo Zrenjanin
03:32 PM pfSense Plus Feature #14743: Add Passkey/Certificate-based Authentication
Kris Phillips wrote:
> pfSense Plus's webConfigurator is currently limited in authentication for local auth, requiri... Paul Smith
02:52 PM pfSense Docs New Content #15208 (Resolved): Document the new gateway recovery state killing feature
Added to 24.03 docs. Marcos M
02:50 PM Feature #15244 (New): Modern authentication via FIDO2 for local account authentication
Implementation of FIDO2 WebAuthN capabilities into RELENG_2_7_2.
*WHAT*
FIDO2 adds convenient phishing-resistant ... Paul Smith
12:58 PM Todo #15220 (Pull Request Review): Handle ``route-to`` and ``reply-to`` states when using the ``if-bound`` state policy
It seems the reply-to issue can only really be handled by using floating on the rule. This can be done on rule genera... Marcos M
08:45 AM pfSense Packages Feature #15243 (New): CARP causes tinc termination
Obviously, using CARP (rc.carpbackup from the logs) kills tinc on the router that CARP considers backup. However, thi... Michael Lipp

02/06/2024

11:24 PM pfSense Packages Bug #14855 (Resolved): suricata_Getdirsize issue after PHP 8
Jim Pingle
11:06 PM pfSense Packages Bug #14855: suricata_Getdirsize issue after PHP 8
This fix was merged into production on October 16, 2023, but apparently this ticket escaped being closed as a result.... Bill Meeks
11:13 PM pfSense Packages Feature #15242 (Resolved): Optimize calls to write_config() function in Suricata GUI to prevent creation of unnecessary config.xml backups when possible
Examine all calls to @write_config()@ function to see when it is appropriate to set @$backup@ parameter to @false@ to... Bill Meeks
11:09 PM pfSense Packages Bug #15241 (Resolved): Suricata Dashboard Widget needs the same fix applied as the ALERTS tab code from Redmine #14955.
The same bug exists in the Suricata Dashboard Widget code for converting log file timestamps into EventTime objects a... Bill Meeks
10:08 PM pfSense Packages Bug #15240 (Resolved): Suricata GeoIP2 database download and update broken due to recent change in MaxMind API
The MaxMind GeoIP2 geolocation database download/update procedure in the Suricata package was broken by a recent API ... Bill Meeks
07:05 PM pfSense Plus Feature #15239: Add to existing rule
Understood. Thanks for clarifying. Mike Moore
06:36 PM pfSense Plus Feature #15239 (Rejected): Add to existing rule
If the ports are together you can already use a range. If the ports are separate you have to use an alias. If the IP ... Jim Pingle
06:28 PM pfSense Plus Feature #15239 (Rejected): Add to existing rule
First i acknowledge that i do know i can create an alias and group IPs or Ports..
Feature: The ability to add to a... Mike Moore
06:43 PM pfSense Packages Bug #15190 (Feedback): PHP error from RRD Graphs when resolution is null
MR merged. Jim Pingle
04:51 PM pfSense Docs Todo #15235 (Rejected): Feedback on Troubleshooting — Troubleshooting OpenVPN Internal Routing (iroute)
The instructions here are fine and there are no changes needed specific to 2.7.0 or later. If it does not work, you h... Jim Pingle
07:25 AM pfSense Docs Todo #15235 (Rejected): Feedback on Troubleshooting — Troubleshooting OpenVPN Internal Routing (iroute)
*Page:* https://docs.netgate.com/pfsense/en/latest/troubleshooting/openvpn-iroute.html
*Feedback:* This page needs... Roland Giesler
04:39 PM pfSense Plus Bug #15196: AWS ena interfaces can become unstable/stop responding
Freeback from Amazon:... Kristof Provost
12:38 PM Bug #15211: tcpdump run with BIOS hardware clock set, but no on environment system time
Steve Wheeler wrote in #note-1:
> This should be an option when running the pcap.
Please argue.
All FreeBSD - ... Sergei Shablovsky
12:05 AM Feature #15234 (Feedback): Show details of system aliases in tooltip on firewall and NAT rule lists
Applied in changeset commit:a61d68dd271331b8671afed01c50fc028ba88027. Marcos M

02/05/2024

11:55 PM Feature #15234: Show details of system aliases in tooltip on firewall and NAT rule lists
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/1133 Marcos M
11:49 PM Feature #15234 (Resolved): Show details of system aliases in tooltip on firewall and NAT rule lists
Now that @<interface> net@ uses system aliases, it would be helpful to show its contents. Marcos M
08:26 PM Regression #14970 (New): Static ARP assignments lose ``permanent`` flag in ARP table
Jim Pingle
08:20 PM Bug #11539 (Rejected): Mobile IPsec ``split_include`` value of ``0.0.0.0/0`` causes some clients to fail
The original reporter(s) of this issue have long since disappeared and nobody else seems to be able to reproduce the ... Jim Pingle
08:17 PM Feature #746 (Duplicate): Add interface group to source/dest drop downs
Marcos M
08:07 PM pfSense Plus Todo #15164: Add ZFS Boot Environment list to status output
Updating subject for release notes. Jim Pingle
06:12 PM pfSense Plus Bug #15196: AWS ena interfaces can become unstable/stop responding
Hmmm 9272e45 committed Dec 28, 2023
ena: Change measurement unit of time since last tx cleanup to ms
This commit:
1.... Jim Thompson
04:15 PM Bug #15096 (Resolved): Interface subnet aliases do not contain IPv6 VIPs
This issue/fix is only related to the alias; if an IPv6 address does not get added to the interface, that would need ... Marcos M
01:23 PM Bug #15096 (New): Interface subnet aliases do not contain IPv6 VIPs
Jim Pingle
03:26 PM Bug #14386: ``openvpn.auth-user.php`` gets stuck at 100% CPU usage when RADIUS authentication times out
pfSense 2.7.2 and pfSense Plus 23.09.1 Orion Poplawski
03:12 PM Feature #15233 (Resolved): Recognize QAT 4xxx devices in System Information Widget
The QAT driver supports qat_4xxx devices but they are not shown as supported in the pfSense GUI.
Same as the last ... Steve Wheeler
02:47 PM Regression #15152 (Resolved): Systems with low RAM fail to upgrade to 24.03
Looks good in todays snapshot:... Steve Wheeler
02:10 PM pfSense Plus Feature #15232: Display proposed changes
Understood. Thanks for the quick response Jim.
 Mike Moore
01:29 PM pfSense Plus Feature #15232 (Rejected): Display proposed changes
You can always view the config history, before or after applying, but trying to pick out which specific things in a s... Jim Pingle
02:31 AM pfSense Plus Feature #15232: Display proposed changes
In a way this should technically be possible as there is already a record of what’s changed AFTER it’s applied when y... Mike Moore
02:27 AM pfSense Plus Feature #15232 (Rejected): Display proposed changes
Display proposed changes prior to clicking apply.
Would be great to have multiple engineers (or a single one) make c... Mike Moore
01:38 PM pfSense Packages Bug #15190: PHP error from RRD Graphs when resolution is null
The change should be OK to test, though since this is a patch in the ports tree you'll need to copy paste the diff an... Jim Pingle

02/04/2024

10:48 PM Bug #15181: PHP error in ``interfaces_qinq_edit.php`` when creating a QinQ interface
Also, do you have any existing Interface Groups? dylan mendez
10:22 PM Bug #15181: PHP error in ``interfaces_qinq_edit.php`` when creating a QinQ interface
Does your NIC support QinQ?
 dylan mendez
10:18 PM Bug #15181: PHP error in ``interfaces_qinq_edit.php`` when creating a QinQ interface
Tested in 2.7.0, 2.7.2 and 23.09.
I'm able to create QinQ interfaces without any issue. Both with and without the in... dylan mendez
06:50 PM pfSense Packages Todo #15119: Update nut-devel version and update startup script
ping Denny Page
03:44 AM pfSense Packages Bug #14913 (Resolved): [Security] Zabbix packages need updating bec. of recent critical security CVEs
Confirmed the patched packages are available in 23.09.1 and 24.03 of Plus. Kris Phillips
03:40 AM pfSense Packages Todo #15058 (Resolved): Remove Zabbix 4 Agent and Proxy
Checked in pfSense Plus 24.03. These packages are no longer present in the repos. Kris Phillips
03:37 AM pfSense Packages Bug #14805 (Incomplete): when I changed Endpoint ip via webgui, but wiregaurd still using old ip ruuning.
I'm also unable to reproduce this issue.
As Danilo stated, please provide exact reproduction steps.
Marking... Kris Phillips
03:36 AM Bug #15194: PHP Fatal error in easyrule CLI
David Johnston wrote in #note-2:
> To clarify, I ran easyrule as a regular user, and the account didn't have permiss... Kris Phillips
03:32 AM Bug #12942: Code to kill states for old gateway when reconnecting an interface is incorrect
Tested bringing up and down a second gateway with state killing enabled on lower priority gateways and state killing ... Kris Phillips
03:21 AM Bug #15178: ACB (autoconfig backup) restore always returns could not decrypt despite proper password
Re-tested this with a factory defaulted 24.03 box, manually configured ACB, and then re-tested. I can still produce,... Kris Phillips
03:18 AM Feature #13256 (Resolved): Better handling of duplicate IP addresses in static DHCP assignments

the warning is added .
2.8.0.a.20240126.0600 Alhusein Zawi
03:04 AM Feature #14165 (Resolved): Option to allow the DNS Forwarder to ignore system DNS servers
Alhusein Zawi
03:02 AM Feature #15183 (Resolved): Add per-rule option to set PF State Policy (if-bound vs floating)
Alhusein Zawi
12:00 AM pfSense Packages Bug #15190: PHP error from RRD Graphs when resolution is null
Updated pull request with changes. Christopher Cope

02/03/2024

07:57 PM Bug #11192: Using Limiters causes out of order packets within one TCP or UDP flow
I also have tried FIFO + taildrop on the LAN up+down and fq_codel + tildrop WAN up+down, and it seemed to stabilize U... P L
07:47 PM Bug #11192: Using Limiters causes out of order packets within one TCP or UDP flow
Recently I switched to the wpa_supplicant bypass method in pfSense and was still getting out of order packet issues u... P L
06:50 PM pfSense Docs New Content #15230 (Confirmed): Gateway status Pending
https://docs.netgate.com/pfsense/en/latest/monitoring/status/gateways.html#gateways-tab
Sometimes, the status of t... Danilo Zrenjanin
12:15 PM Bug #15096: Interface subnet aliases do not contain IPv6 VIPs
Turns out the patch is only working momentarily. It will prevent you from enabling IPv6 GUA (tested via Track Interfa... Bob Dig
09:20 AM Bug #15178: ACB (autoconfig backup) restore always returns could not decrypt despite proper password
I am not able to replicate it on 24.04-DEV, but I have seen it on SC in ticket #2322652504 (23.09.1). After manual co... Lev Prokofev
08:45 AM pfSense Packages Bug #15190: PHP error from RRD Graphs when resolution is null
I'll wait for Jim's advise to be considered before testing the patch. Danilo Zrenjanin
08:17 AM pfSense Packages Bug #15190: PHP error from RRD Graphs when resolution is null
I can reproduce the issue on the:... Danilo Zrenjanin
08:00 AM Bug #15195: PHP error if config contain <ppps></ppps> empty tag
Yeah I found that config was <version>15.5</version> (seems 2.3.2 software) Lev Prokofev
07:50 AM pfSense Packages Bug #15229 (Resolved): ACME DNS-Selfhost verification issues
When using Selfhost.de DNS verification and entering the requested information the renewal is not working.
To make i... STefan Graf
02:47 AM Bug #14386: ``openvpn.auth-user.php`` gets stuck at 100% CPU usage when RADIUS authentication times out
What version(s) are you currently running and encountering this? Perhaps a test build of fcgicli would be appropriate. Reid Linnemann
12:06 AM Bug #14386: ``openvpn.auth-user.php`` gets stuck at 100% CPU usage when RADIUS authentication times out
I don't have a test instance at the moment, but I've thought about spinning one up for quite a while. I'll see what ... Orion Poplawski
01:26 AM Bug #15225 (Resolved): Killing states on downed gateways breaks for static interface configurations
I can reproduce it here by disconnecting the VM link on the host side using ESXi 7. The patch resolves the issue in t... Marcos M
12:51 AM Bug #15228: User manger fails to display certificate option for a new user in case of input error
See: https://forum.netgate.com/topic/185928/user-manager-fails-to-add-cert-if-passwords-do-not-match Steve Wheeler
12:50 AM Bug #15228 (Confirmed): User manger fails to display certificate option for a new user in case of input error
When creating a new user in the user manager the option to add a user cert for the user is hidden if an error is made... Steve Wheeler

02/02/2024

11:59 PM Bug #14386: ``openvpn.auth-user.php`` gets stuck at 100% CPU usage when RADIUS authentication times out
Since fcgicli is continually calling recv() for 8 bytes, I think it's stuck in its read_packet loop. The socket's bee... Reid Linnemann
08:27 PM Todo #15188: Remove deprecated OpenVPN hardware crypto engine option
Also removed from docs: https://gitlab.netgate.com/docs/pfSense-docs/-/commit/4d709070146c99553edb01b372ed784150227d82 Jim Pingle
08:23 PM Bug #15225: Killing states on downed gateways breaks for static interface configurations
I couldn't find a way to make the statically defined gateway in the pending status.
I tried:
On a physical app... Danilo Zrenjanin
07:05 PM pfSense Docs New Content #15191: Document new Packet Flow Data functionality (Plus Only)
A few edits after feedback from Kristof:
https://gitlab.netgate.com/docs/pfSense-docs/-/commit/50fc3a422fc37e88282... Jim Pingle
05:06 PM Bug #15156 (Feedback): Fragmented packets delayed by limiters are lost
Kristof Provost
05:06 PM Bug #15156: Fragmented packets delayed by limiters are lost
I've pushed the fix upstream and cherry-picked it to our branches. The next snapshot build will have it. Kristof Provost
03:49 PM Bug #15226 (Duplicate): Tables for mixed aliases lists occasionally do not contain all records from the alias list.
This is almost surely caused by either of the following:
* https://redmine.pfsense.org/issues/13792
* https://redmi... Marcos M
10:31 AM Bug #15226 (Duplicate): Tables for mixed aliases lists occasionally do not contain all records from the alias list.
Tested on the client machine with 23.09.1 installed, the ticket for reference #2297130372
target IP 82.xx.xx.137... Lev Prokofev
03:20 PM pfSense Packages Bug #14556: Tailscale dropping routes from FIB
Another user has a very similar issue. Chris Linstruth
03:15 PM pfSense Packages Feature #15227 (New): [Freeradius - 0.15.10_1] Enable Pagination on the user section for the Freeradius package

Hi,
I've created 15000 users in the /cf/conf/config.xml and this is working fine.
However the cheer amount of... robert morann
08:00 AM Bug #15122 (Resolved): PHP errors in LDAP server prevent it from falling back to Local Database
I didn't experience any issues after applying the patch, and I was unable to reproduce the PHP error regardless of th... Danilo Zrenjanin

02/01/2024

10:14 PM Bug #14854: Packets are passed through dummynet twice when using ``route-to`` leading to half the expected bandwidth
I wouldn't say it's incorrect setup, using limiters on multi-wan setup has been working on pfSense for over 8 years. ... Jose Duarte
08:49 PM Bug #14537: Nat Reflection changed behavior on pfsense 2.7
FWIW I've tested this setup in 24.03 and it works fine there. Marcos M
07:04 PM Bug #15223 (Resolved): Killing states on downed gateways breaks when ``Skip rules when gateway is down`` is enabled
I am closing this case as resolved. Danilo Zrenjanin
06:51 PM Bug #15223: Killing states on downed gateways breaks when ``Skip rules when gateway is down`` is enabled
I couldn't replicate the issue on the:... Danilo Zrenjanin
03:17 PM Bug #15223: Killing states on downed gateways breaks when ``Skip rules when gateway is down`` is enabled
The patch only applies to 24.03 since it's dependent on other changes in dev snapshots. Marcos M
03:02 PM Bug #15223: Killing states on downed gateways breaks when ``Skip rules when gateway is down`` is enabled
I was able to replicate the initial behavior as explained here.
After applying the patch, the PHP error below app... Danilo Zrenjanin
01:51 AM Bug #15223 (Feedback): Killing states on downed gateways breaks when ``Skip rules when gateway is down`` is enabled
Applied in commit:ba90ace48a47086b8db5423f369f1857cf8df34c. Marcos M
01:23 AM Bug #15223 (Waiting on Merge): Killing states on downed gateways breaks when ``Skip rules when gateway is down`` is enabled
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/1131 Marcos M
01:17 AM Bug #15223 (Resolved): Killing states on downed gateways breaks when ``Skip rules when gateway is down`` is enabled
If the following options are set, states remain on offline gateways which prevents connections from failing over.
* ... Marcos M
06:05 PM Bug #15225 (Feedback): Killing states on downed gateways breaks for static interface configurations
Applied in changeset commit:8faff1900a29feb8e7c192591ce932f8bd4a62aa. Marcos M
05:37 PM Bug #15225 (Waiting on Merge): Killing states on downed gateways breaks for static interface configurations
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/1132 Marcos M
05:32 PM Bug #15225 (Resolved): Killing states on downed gateways breaks for static interface configurations
An interface with a static configuration can have a pending gateway status. In this scenario, killing states for down... Marcos M
05:25 PM Bug #15224 (Feedback): ``services_acb_settings.php`` does not fully validate value of ``frequency``, uses value without encoding
Applied in changeset commit:6f59a7f9fdfe3703667819fcbbd8b6f8cbec0d9f. Jim Pingle
04:12 PM Bug #15224 (Resolved): ``services_acb_settings.php`` does not fully validate value of ``frequency``, uses value without encoding
The value supplied by the user for the @frequency@ parameter on @services_acb_settings.php@ is not fully validated, i... Jim Pingle
04:51 PM Regression #15152: Systems with low RAM fail to upgrade to 24.03
The most recent src merge (done yesterday) includes this commit:... Kristof Provost
04:23 PM Feature #2676 (New): Reply-to option in firewall rule
There are some scenarios where it would be nice to have the ability to force @reply-to@ to use a specific value and n... Jim Pingle
01:44 AM Feature #2676 (Rejected): Reply-to option in firewall rule
From what I can tell, the referenced scenarios would be solved by adding a gateway to the interface. This is the curr... Marcos M
02:51 AM Bug #15194: PHP Fatal error in easyrule CLI
To clarify, I ran easyrule as a regular user, and the account didn't have permissions to write to the backup cache. David Johnston

01/31/2024

10:44 PM Bug #12401: Traffic graphs with untagged and tagged VLAN on same interface
Also seeing this on pfSense CE 2.7.2. See https://forum.netgate.com/topic/185889/vlan-traffic-showing-up-on-the-wron... Bill Somerville
09:21 PM pfSense Packages Bug #15222 (Resolved): HTTP_Inspect Preprocessor Engine: wrong legend on parameters
Server Flow Depth has the following legend:
@Amount of HTTP server response payload to inspect. Minimum is -1 and ... Ronald Antony
08:57 PM Regression #15197 (Resolved): Outbound NAT rules using an alias without a matching address family create unexpected PF rules
Marcos M
12:44 PM Regression #15197: Outbound NAT rules using an alias without a matching address family create unexpected PF rules
tested and reproduced on:
Version 24.03-DEVELOPMENT (amd64)
built on Tue Jan 23 6:00:00 UTC 2024
FreeBSD 15.0-CURR... Georgiy Tyutyunnik
08:50 PM Bug #15156: Fragmented packets delayed by limiters are lost
Okay, that's useful.
The main point we get from this is that the second time we see the trailing fragment (and don't... Kristof Provost
04:18 PM Bug #15156: Fragmented packets delayed by limiters are lost
adding results for dtraces from today's testing.
it fails with limiter and works without it this time, with ability ... Georgiy Tyutyunnik
07:43 PM Feature #15221 (Pull Request Review): Make System Tunables table sortable
On the System > Advanced page's System Tunables tab, it's really hard to
a) find/check values, since they are in no... Ronald Antony
06:57 PM Feature #8698: LDAP authenticated users should be able to log in via ssh
I'm having the same issue that Max Leighton had previously about 3 years ago
I'm also able to login via webGUI wit... Tai Join
05:25 PM pfSense Plus Bug #15196: AWS ena interfaces can become unstable/stop responding
Closed/Fixed FreeBSD bug that appears similar.... Craig Coonrad
01:27 AM Feature #855 (Needs Patch): Ability to selectively kill states on gateway recovery
Marcos M

01/30/2024

10:45 PM Todo #15220 (In Progress): Handle ``route-to`` and ``reply-to`` states when using the ``if-bound`` state policy
The route-to issue has been addressed "upstream":https://reviews.freebsd.org/D43589 Marcos M
10:44 PM Todo #15220 (Resolved): Handle ``route-to`` and ``reply-to`` states when using the ``if-bound`` state policy
With the re-introduction of @if-bound@ as the default PF state policy, services on the firewall (which do not automat... Marcos M
09:11 PM pfSense Docs New Content #15191 (Feedback): Document new Packet Flow Data functionality (Plus Only)
First draft committed:
https://gitlab.netgate.com/docs/pfSense-docs/-/commit/8e4a9a5558959c27ae63231ccee6bceca5bec81... Jim Pingle
05:08 PM pfSense Docs New Content #15191 (In Progress): Document new Packet Flow Data functionality (Plus Only)
Jim Pingle
07:03 PM Todo #15219 (Rejected): please upgrade to FRR 9.1
It's already in the dev repos/snapshots, unlikely to be backported. Jim Pingle
07:02 PM Todo #15219 (Rejected): please upgrade to FRR 9.1

Because the current version of pfsense frr 9.0 will cause problems with LAN to WAN routing, I want to upgrade to th... yon Liu
07:01 PM pfSense Packages Feature #15218 (New): Allow manual ordering of generated rules
Under Firewall > pfBlockerNG in the IP tab's IP Interface/Rules Configuration section, there's the "Firewall 'Auto' R... Ronald Antony
05:07 PM pfSense Docs New Content #15193 (Closed): Add documentation for new State Policy options
Information added and deployed (put in live docs since we may be pushing out the relevant patch via system patches so... Jim Pingle
04:38 PM Feature #15217 (New): Log command being run in Diagnostics > Command Prompt
I do not see that the commands being run in Diagnostics > Command Prompt are being logged to the system log.
This ... Chris Linstruth
03:47 PM Bug #15216 (New): captive portal zone name conflicts with existing interface name
Customer reports intermittent issues with captive portal on HA cluster.
Connectivity between nodes in this VLAN inte... Georgiy Tyutyunnik
01:52 PM Bug #15211: tcpdump run with BIOS hardware clock set, but no on environment system time
This should be an option when running the pcap. Steve Wheeler
03:44 AM pfSense Plus Bug #15196 (Confirmed): AWS ena interfaces can become unstable/stop responding
Confirmed. ... Craig Coonrad
03:12 AM pfSense Packages Todo #15119: Update nut-devel version and update startup script
I do not understand. We're just updating the git commit level for upstream, which was been done by Jim 27 days ago. A... Denny Page
12:02 AM pfSense Packages Todo #15119: Update nut-devel version and update startup script
I haven't gone through the commit history to see what fixed the build in dev. Assuming there were some previously mis... Marcos M
 

Also available in: Atom