Project

General

Profile

Activity

From 03/17/2024 to 04/15/2024

04/15/2024

06:45 PM pfSense Plus Regression #15409 (New): AMD watchdog module is missing
The amdsbwd kernel module is missing from recent versions resulting in errors on Netgate APU2/4 devices (PCEngines AP... Steve Wheeler
06:07 PM Bug #15405: leap seconds update server has changed
For completeness, someone did open a case upstream: https://bugs.ntp.org/show_bug.cgi?id=3898
 A S
05:59 PM Bug #15405: leap seconds update server has changed
Will report upstream. Thanks! A S
12:24 PM Bug #15405 (Needs Patch): leap seconds update server has changed
That file is part of the NTP package (@ntp.org@), Netgate does not maintain that code. It should be reported upstream... Jim Pingle
05:59 PM Todo #15408 (New): Reduce inconsistencies between Configuration History with/without ZFS Boot Environments
The Configuration History page has diverged a bit between Plus w/Boot Environments and CE which is making it confusin... Jim Pingle
05:53 PM pfSense Plus Regression #15407 (Resolved): pfSense-upgrade incorrectly creates 'unknown error' notice.
The error reporting in pfSense-upgrade incorrectly creates an alert when it's run an an upgrade check and a new versi... Steve Wheeler
04:34 PM Feature #15406 (New): rules: make Virtual IPs selectable as destination
In NAT port forwards it is possible to directly select a Virtual IP (IP Alias, CARP) address from the dropdown list a... Dennis Neuhaeuser
01:33 PM pfSense Docs New Content #15191 (Closed): Document new Packet Flow Data functionality (Plus Only)
Jim Pingle
12:29 PM Feature #15402: A new approach to rc.start_packages
It might be viable but you have the logic a bit backward. The base system should not have specific knowledge of any p... Jim Pingle

04/14/2024

06:21 AM Bug #15405 (Needs Patch): leap seconds update server has changed
/usr/local/sbin/update-leap is attempting to use:
https://www.ietf.org/timezones/data/leap-seconds.list
Per the... A S
03:09 AM pfSense Plus Bug #15303: dpinger service does not always switch from Pending to Online
Tested on 24.03-RC and this issue is still present. Kris Phillips
03:00 AM pfSense Plus Bug #15388: Serial/VGA console forces password reset on 24.03 but Setup Wizard still prompts during setup to change the password erroneously
Jim Pingle wrote in #note-1:
> The wizard has always prompted to change the password, users like having the option. ... Kris Phillips
02:40 AM Bug #14261: Trim white space in a DHCP Leases page search field
on 24.03.r.20240410.1729 adding a leading/trailing space to a search term returns no results Jordan G
01:58 AM pfSense Plus Regression #15387: Boot failure detection tripping on config reset button during boot
On the 4100 & 4200 as of... Christopher Cope
12:34 AM Bug #15404 (Resolved): Captive Portal logo fails to load after authenticated redirect
After signing into the Captive Portal, the default captive portal logo is not loading properly. The logo appears to ... Kris Phillips

04/13/2024

10:12 PM pfSense Docs Correction #15403 (Closed): openvpn client speciffic overrides, local networks clarification
URL: https://docs.netgate.com/pfsense/en/latest/vpn/openvpn/configure-overrides.html
sub heading: IPv4/IPv6 Local ... Craig Coonrad
09:47 PM Regression #15074: ISO fails to boot UEFI
This also occurs in the online upgrade process (in this case on PVE 8.1.10).
22.05 --> 23.01 (success)
23.01 --> 23... Craig Coonrad
08:18 PM Feature #15402 (New): A new approach to rc.start_packages
I have been facing some issues with NUT package due to rc.start_packages.
Once an interfaces goes down, NUT restarts... Marcelo Cury
03:50 PM Regression #15400: IGMP packets are logged when the filter rule has logging disabled
Kristof Provost wrote in #note-2:
> This is intentional, in the sense that it was always meant to log, but didn't du... Denny Page
08:50 AM Regression #15400 (Not a Bug): IGMP packets are logged when the filter rule has logging disabled
This is intentional, in the sense that it was always meant to log, but didn't due to a bug that's now been fixed.
... Kristof Provost
12:18 PM pfSense Plus Bug #15401: 23.09.1 to 24.03b update fails EFI with ZFS mirror

System is using Coreboot (EFI only) and has a ZFS mirror:... M Felden
12:17 PM pfSense Plus Bug #15401 (New): 23.09.1 to 24.03b update fails EFI with ZFS mirror
System is using Coreboot (EFI only) and has a ZFS mirror:... M Felden

04/12/2024

09:42 PM pfSense Plus Feature #13227 (Resolved): Group-based Mobile IPsec Virtual Address Pool assignment via RADIUS
Marcos M
09:40 PM pfSense Plus Feature #13227: Group-based Mobile IPsec Virtual Address Pool assignment via RADIUS
That worked perfectly. Thank you guys! Jon McKinney
09:28 PM Regression #15400: IGMP packets are logged when the filter rule has logging disabled
It may be this is intended behavior, though it's worth clarifying if so. Marcos M
09:02 PM Regression #15400 (Not a Bug): IGMP packets are logged when the filter rule has logging disabled
Example rules:... Marcos M
05:58 PM Bug #15399 (Resolved): Local host gateways are shown in the default gateways list
Marcos M
05:56 PM Bug #15399: Local host gateways are shown in the default gateways list
The patch looks good against 24.03-RC. Steve Wheeler
03:40 PM Bug #15399 (Feedback): Local host gateways are shown in the default gateways list
Applied in changeset commit:15eb946bc19222df48318fd6f9c9cb9e88e54690. Marcos M
03:30 PM Bug #15399 (Ready To Test): Local host gateways are shown in the default gateways list
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/1148 Marcos M
02:31 PM Bug #15399 (Resolved): Local host gateways are shown in the default gateways list
In System > Routing > Gateways the default gateway drop-down selection should not contain localhost (null) gateways. ... Steve Wheeler
05:56 PM Revision 9fd4cb96: Update comment
The updated comment matches the actual behavior. Albeit the
variable name is unintuitive, it follows the behavior bef... Marcos M
05:52 PM Bug #15082 (Closed): Upgrade fails due to unmounted EFI filesystem
Closing this since it didn't turn out to be what we thought, and fixing problems caused by incorrect manual alteratio... Jim Pingle
05:39 PM Bug #15081: Upgrade fails due to undersized EFI filesystem
Moving this ahead as it still might be an issue though it's unclear how many affected systems may be left in the wild... Jim Pingle
03:08 PM Revision 15eb946b: Correct bitwise check when getting a list of gateways. Fix #15399
Marcos M
12:47 PM pfSense Plus Bug #15395: install-boot trips on BIOS installs when an EFI partition is present.
https://gitlab.netgate.com/pfSense/factory-ports/-/merge_requests/100 Steve Wheeler
10:05 AM pfSense Plus Bug #15196: AWS ena interfaces can become unstable/stop responding
Cpu load corresponds with NIC errors in #2598286486
!clipboard-202404121406-jhrkf.png!
 Lev Prokofev
08:16 AM pfSense Plus Bug #15196: AWS ena interfaces can become unstable/stop responding
Another client hit this issue ticket #2598286486 Lev Prokofev
08:12 AM pfSense Packages Feature #15398 (New): Fusioninventory Agent
This tool already works well through the FreeBSD repo.
Fusioninventory is a collection of small tools to perform i... Iván Viso
08:07 AM pfSense Packages Feature #15397 (New): Wazuh Agent
This already works well through the FreeBSD repo.
Wazuh is a free and open source platform used for threat prevent... Iván Viso
07:59 AM Bug #15171: Removing an IPsec Phase 1 entry can either remove the wrong Phase 2 entries or leave orphaned Phase 2 entries in the configuration
DBACORP DBACORP wrote in #note-9:
> Reproduced the same issue in PLUS version 23.09.1 ​​and the issue persisted.
> ... Danilo Zrenjanin
07:16 AM Bug #15178 (Confirmed): ACB (autoconfig backup) restore always returns could not decrypt despite proper password
Yes, I was able to reproduce the described behavior.
Tested against the following versions:... Danilo Zrenjanin

04/11/2024

09:15 PM pfSense Plus Feature #13227: Group-based Mobile IPsec Virtual Address Pool assignment via RADIUS
Thanks for testing! Try it with this "patch":https://docs.netgate.com/pfsense/en/latest/development/system-patches.ht... Marcos M
08:08 PM pfSense Plus Feature #13227 (In Progress): Group-based Mobile IPsec Virtual Address Pool assignment via RADIUS
Marcos M
01:34 PM pfSense Plus Feature #13227: Group-based Mobile IPsec Virtual Address Pool assignment via RADIUS
I am having issues creating multiple groups. I just installed the plus 24.03 RC last night on my box at home so I can... Jon McKinney
08:54 PM Regression #15391: Prior bug #9459 in 2.7.2: pfr_update_stats: assertion failed.
Believe that the source of the issue was determined:
* set net.bpf.zerocopy_enable=1
* on the external interface co... A S
08:19 PM pfSense Plus Bug #15396 (Resolved): BE upgrade process deferred pkg install can cause significant delays
Some package install scripts attempt to connect out to update lists/signatures/aliases. When run as part of the new B... Steve Wheeler
07:01 PM pfSense Packages Feature #15375: Update ntopng package
Tested in 24.03 RC -- working as intended. Denny Page
07:01 PM Regression #14970 (Resolved): Static ARP assignments lose ``permanent`` flag in ARP table
Jim Pingle
07:00 PM Regression #14970: Static ARP assignments lose ``permanent`` flag in ARP table
Tested with 24.03 RC -- issue appears resolved. Denny Page
04:50 PM pfSense Plus Bug #15395: install-boot trips on BIOS installs when an EFI partition is present.
That is the scheme the Net Installer uses by default on a legacy booting device such as the 7100. Steve Wheeler
04:39 PM pfSense Plus Bug #15395 (Resolved): install-boot trips on BIOS installs when an EFI partition is present.
As mentioned in the title install-boot tries to set a UEFI boot option but fails and exists:... Steve Wheeler
02:52 PM Bug #15178: ACB (autoconfig backup) restore always returns could not decrypt despite proper password
I am unable to reproduce on either... Christopher Cope
11:04 AM pfSense Plus Bug #15386 (Confirmed): EULA Prompting Twice on Plus
Danilo Zrenjanin
10:44 AM pfSense Plus Bug #15386: EULA Prompting Twice on Plus
I can confirm the described behavior.
Tested against the following release:... Danilo Zrenjanin
06:39 AM pfSense Packages Feature #15394 (New): Azure VNet (VPC) Wizard
Is is there any chance to create/develop Azure VPC (VNet) Wizard, which is similar to the existing AWS VPC Wizard in ... Ákos Kovács

04/10/2024

06:06 PM pfSense Packages Feature #15375: Update ntopng package
The package has been tested by a couple of users on 23.09.1, and it works as intended. Denny Page
05:55 PM pfSense Packages Feature #15393 (Resolved): Return to the ga version of NUT
With the release of 2.8.2, NUT is again stable. Move from the development version (nut-devel) back to the release ver... Denny Page
12:59 PM pfSense Packages Bug #15392 (Rejected): Package Service Watchdog issue during reinstall
The package system has no special knowledge of individual packages and adding that would create a significant amount ... Jim Pingle
01:23 AM pfSense Packages Bug #15392 (Rejected): Package Service Watchdog issue during reinstall
Hello fellow pfSense Redmine members,
Can we please migrate the last item to be reinstalled on package reinstall t... Jonathan Lee

04/09/2024

09:52 PM Regression #15391: Prior bug #9459 in 2.7.2: pfr_update_stats: assertion failed.
Thank you. We'll need more info to review the issue further. You may generate a status report of the system by append... Marcos M
07:15 PM Regression #15391: Prior bug #9459 in 2.7.2: pfr_update_stats: assertion failed.
No for all three questions. A S
04:59 PM Regression #15391: Prior bug #9459 in 2.7.2: pfr_update_stats: assertion failed.
Are there any crash reports showing on the dashboard? Or perhaps a crash/panic shown in the console? Does the system ... Marcos M
04:11 PM Regression #15391: Prior bug #9459 in 2.7.2: pfr_update_stats: assertion failed.
This was on a direct install (2.7.2) - no backup restored. Recalled this being present in an earlier version. Nothi... A S
03:18 PM Regression #15391: Prior bug #9459 in 2.7.2: pfr_update_stats: assertion failed.
Are there any changes to the system or configuration that increases the verbosity? The code to silence that on the de... Marcos M
08:51 AM Regression #15391 (New): Prior bug #9459 in 2.7.2: pfr_update_stats: assertion failed.
'pfr_update_stats: assertion failed" errors are surfacing in a voluminous quantity in the system log. NAT type = "Pur... A S
05:38 PM Bug #15157 (Resolved): PHP error when generating a notification after detecting a malformed configuration
This seems to be solved now. Things that triggered it before no longer trigger it now. Jim Pingle
01:14 PM Bug #15384 (Resolved): Reordering IPsec Phase 2 entries may result in a malformed configuration
Jim Pingle
01:28 AM Bug #15384: Reordering IPsec Phase 2 entries may result in a malformed configuration
Confirmed on 2.7.2 change fixes the problem. dylan mendez
01:11 PM pfSense Plus Regression #15387 (Feedback): Boot failure detection tripping on config reset button during boot
Fix committed: https://gitlab.netgate.com/pfSense/factory/-/commit/e2bdb91254b96c5d7caa9a1c26ea65be52d18fbb Jim Pingle
01:09 PM pfSense Plus Regression #15387 (In Progress): Boot failure detection tripping on config reset button during boot
Working with Steve, we have identified a method to work around this. Commit coming shortly.
 Jim Pingle
11:06 AM Bug #15376: OpenVPN DHCP Range | Pool
i used the following in custom option, which worked for me:
server 172.21.0.0 255.255.255.0 nopool;
ifconfig-pool... Felix Wurzacher

04/08/2024

04:17 PM pfSense Plus Regression #15390 (New): Configs with incorrectly removed packages can create php errors.
A config file that contains packages in the <installedpackages> section but not the actual <package> data can generat... Steve Wheeler
03:47 PM pfSense Plus Regression #15387: Boot failure detection tripping on config reset button during boot
This prevents the hardware config reset working on anything that has multiple ZFS BE snapshots present to roll back to. Steve Wheeler
02:54 PM pfSense Plus Regression #15387: Boot failure detection tripping on config reset button during boot
This applies to all devices that have a hardware config reset button. The 4200 can be reset at any time which means i... Steve Wheeler
03:15 PM Bug #15384 (Feedback): Reordering IPsec Phase 2 entries may result in a malformed configuration
Applied in changeset commit:88670c6c167418e7d12b010c0ce8b7d06c2b757f. Jim Pingle
02:12 PM Bug #15384: Reordering IPsec Phase 2 entries may result in a malformed configuration
This only happens if you try to move something into the first position. If you move any P2 into any other place it wo... Jim Pingle
03:08 PM Revision 88670c6c: Fix syntax when moving IPsec P2. Fixes #15384
Jim Pingle
02:29 PM Feature #15389: Allow changing network interface names via UI to make interface-bound states possible on HA firewalls with different NICs
Thank you for looking at the request. Could you please name other workarounds and which you'd recommend? name name
02:18 PM Feature #15389 (Rejected): Allow changing network interface names via UI to make interface-bound states possible on HA firewalls with different NICs
That would make things even more complex and isn't sustainable. There are already workarounds for that limitation (e.... Jim Pingle
02:05 PM Feature #15389 (Rejected): Allow changing network interface names via UI to make interface-bound states possible on HA firewalls with different NICs
With interface-bound states being the default and more secure option in new pfSense versions, it would be nice if one... name name
01:05 PM pfSense Plus Bug #15388 (Rejected): Serial/VGA console forces password reset on 24.03 but Setup Wizard still prompts during setup to change the password erroneously
The wizard has always prompted to change the password, users like having the option. That step can be skipped the sam... Jim Pingle
01:00 PM pfSense Plus Feature #12534 (Closed): Generate a ISO Image for Remote Restore of pfSense Plus on the XG-1537 and 1541 units with IPMI
Jim Pingle
12:59 PM Regression #12549: Per-user Mobile IPsec settings are not applied to connecting mobile clients
It's still marked as "New" and open so no, it has not been resolved. Jim Pingle
12:56 PM pfSense Docs Todo #15383 (Rejected): Feedback on Virtual Private Networks — IPsec — IPsec Configuration — IPsec Pre-Shared Keys Tab
That's due to a bug we've been chasing for a while, and there are potential workarounds, though it's unclear if it's ... Jim Pingle

04/07/2024

10:47 PM pfSense Plus Regression #15320: XMLRPC Sync Trigger on CARP Maintenance Mode Causes webConfigurator Hangs on VIPs
It'd be good to test this on 24.03 as there have been general efficiency improvements that may help here. Marcos M
02:25 AM pfSense Plus Regression #15320: XMLRPC Sync Trigger on CARP Maintenance Mode Causes webConfigurator Hangs on VIPs
Customer ticket 2575064585 is another example of this issue. They did not have webConfigurator hangs, but they did h... Kris Phillips
02:37 PM Bug #7329: DHCP Not Updating DNS
I am running into this issue with 2.7.2-RELEASE (amd64).
I did restart both unbound and DHCP (ICS) and the DNS stick... Will Chevdor
11:06 AM Feature #12746: IPoE feature for WAN interface
While some Japanese ISPs may still offer PPPoE, the latency fluctuates quite a bit, especially during the evening.
... Ryan H
04:16 AM Bug #14261: Trim white space in a DHCP Leases page search field
this seems to work as described with the dhcp lease search as tested on 24.03.b.20240405.1653, adding a leading or tr... Jordan G
02:59 AM pfSense Plus Regression #15387: Boot failure detection tripping on config reset button during boot
Testing multiple times on these units, they still will factory reset just fine, so this appears to not be a critical ... Kris Phillips
02:58 AM pfSense Plus Regression #15387: Boot failure detection tripping on config reset button during boot
This also affected the SG-2440. This appears to not be smbus related, but simply a result of the reset button causin... Kris Phillips
02:38 AM pfSense Plus Regression #15387: Boot failure detection tripping on config reset button during boot
Appears to have the same boot failure detection on the 4100. Likely not the only devices to have this issue.
Shor... Kris Phillips
02:15 AM pfSense Plus Regression #15387 (Resolved): Boot failure detection tripping on config reset button during boot
When booting the 4200, if you follow the instructions outlined here to press the reset button when the appliance star... Kris Phillips
02:53 AM pfSense Plus Bug #15388 (Rejected): Serial/VGA console forces password reset on 24.03 but Setup Wizard still prompts during setup to change the password erroneously
During first boot, new in 24.03 is that the admin password is prompted to be changed from the serial console on first... Kris Phillips

04/06/2024

09:27 PM pfSense Plus Bug #15386 (Resolved): EULA Prompting Twice on Plus
When logging into pfSense Plus for the first time, the EULA and Thank You messages appear as you'd expect. However, ... Kris Phillips
09:20 PM pfSense Packages Bug #15385 (Resolved): PHP crash when exporting Apple profile, while IPsec P1 authentication method set to "Mutual Certificate"
Version: 23.09.1-RELEASE (amd64)
Steps to reproduce:
1. Configure the Phase 1 authentication method to "Mutual ... Craig Coonrad
08:07 PM Feature #15217: Log command being run in Diagnostics > Command Prompt
I wanted to add my support for this. We recently had a ticket were an error was thrown from diag_command.php, but the... Christopher Cope
07:41 PM Bug #13375: Mixing VTI and disabled Tunnel Mode phase 2 entries on the same phase 1 breaks VTI gateway monitoring
Tested this on 23.09.1. This is still present. Kris Phillips
07:38 PM pfSense Plus Feature #12534: Generate a ISO Image for Remote Restore of pfSense Plus on the XG-1537 and 1541 units with IPMI
The netinstaller provides a mechanism for this. This can be closed as Resolved. Kris Phillips
07:38 PM pfSense Packages Feature #10865 (Rejected): squidGuard lacks options to send traffic action logs to syslog server
With the deprecation of squid, marking this as Rejected, since this package will be removed in a future release, so i... Kris Phillips
05:37 PM pfSense Plus Feature #15380: During upgrade Process GUI timeouts still occur
I agree that the timeout should be paused during or restarted after performing the upgrade. Christian McDonald
02:55 PM pfSense Plus Feature #15380: During upgrade Process GUI timeouts still occur
Thank you Jonathan Lee
02:29 PM pfSense Plus Feature #15380 (New): During upgrade Process GUI timeouts still occur
Thanks for the clarification. I'll move it to a feature request. Christopher Cope
01:54 PM pfSense Plus Feature #15380: During upgrade Process GUI timeouts still occur
Sorry I forgot to include this is for users that changed the timeout to 5 mins or so. If I leave my desk the firewall... Jonathan Lee
01:44 PM pfSense Plus Feature #15380 (Not a Bug): During upgrade Process GUI timeouts still occur
The default timeout is 4 hours, which should be enough time for any of those actions. It can be changed, or even disa... Christopher Cope
07:07 AM Bug #15376 (Not a Bug): OpenVPN DHCP Range | Pool
Danilo Zrenjanin
06:52 AM pfSense Packages Bug #13409: Copy button for Optional pre-shared key for this tunnel works in HTTPS mode only
I tested the patch against the 24.03 BETA release.
The patch fixes the issue.
It can be merged. Danilo Zrenjanin
05:22 AM Bug #15384: Reordering IPsec Phase 2 entries may result in a malformed configuration
I can confirm this behavior on ... Lev Prokofev

04/05/2024

11:09 PM pfSense Packages Bug #13810: Squid options obsolete
https://redmine.pfsense.org/issues/15381 Jonathan Lee
11:09 PM pfSense Packages Bug #13810: Squid options obsolete
https://github.com/pfsense/FreeBSD-ports/pull/1365 Jonathan Lee
11:09 PM pfSense Packages Bug #13810: Squid options obsolete
https://github.com/pfsense/FreeBSD-ports/pull/1366 Jonathan Lee
07:23 PM Bug #15157: PHP error when generating a notification after detecting a malformed configuration
Yes, with the notification error patched the real bugs generating a bad config should become apparent. Separate issue... Steve Wheeler
07:12 PM Bug #15157: PHP error when generating a notification after detecting a malformed configuration
tested on:
24.03-BETA (amd64)
built on Fri Mar 22 17:08:00 UTC 2024
FreeBSD 15.0-CURRENT
patch fixes the actual c... Georgiy Tyutyunnik
07:16 PM Bug #15384 (Resolved): Reordering IPsec Phase 2 entries may result in a malformed configuration
Changing the order of phase2 entries for the tunnels and saving produces bad config and results in "configuration res... Georgiy Tyutyunnik
10:56 AM Regression #15019 (Resolved): pfSense Plus is always shown as an available upgrade for eligible CE devices.
This has been fixed on the 2.7.2 release.
If you don't select *[Upgrade] - Latest pfSense Plus Stable Version (23... Danilo Zrenjanin
10:43 AM Regression #12549: Per-user Mobile IPsec settings are not applied to connecting mobile clients
Just to check: Has then been resolved, or is it still pending resolution? Roland Giesler
10:30 AM pfSense Docs Todo #15383 (Rejected): Feedback on Virtual Private Networks — IPsec — IPsec Configuration — IPsec Pre-Shared Keys Tab
*Page:* https://docs.netgate.com/pfsense/en/latest/vpn/ipsec/psk.html
*Feedback:*
When an ipv4 address pool is ... Roland Giesler
08:36 AM pfSense Docs Correction #15382 (New): pfSense Plus Azure support plans
The page explaining Support Resources for pfSense Plus instances in Azure does not include a note about the option to... Danilo Zrenjanin

04/04/2024

06:02 PM pfSense Packages Bug #15381: Update deprecated options

Cachemgr.cgi ref:
https://forum.netgate.com/topic/187107/how-to-guide-for-accessing-squid-s-cachemgr-cgi-over-https
... Jonathan Lee
06:00 PM pfSense Packages Bug #15381 (Closed): Update deprecated options
Squid runs however lists the following errors in 24.03.b.20240322.1708
{{collapse... Jonathan Lee
05:54 PM pfSense Plus Bug #15103: Netgate Crypto ID missing in 23.09.01 after fresh firmware
In 24 the crypto acceleration does not list any counters when VPN is running also. I thought it was able to enable an... Jonathan Lee
05:48 PM pfSense Plus Feature #15380: During upgrade Process GUI timeouts still occur
If use of verify/commit boot environment users will not be able to commit or verify as GUI times out. Can updates be ... Jonathan Lee
03:55 PM pfSense Plus Feature #15380 (New): During upgrade Process GUI timeouts still occur
Hello during my updates the GUI timeout is counting down still and will log me out of the update. Attached is the scr... Jonathan Lee
03:49 PM pfSense Packages Feature #15375 (Feedback): Update ntopng package
PR merged, thanks! Jim Pingle
03:14 PM Bug #15379: Diagnostic/Traceroute follows default gateway instead of IPsec interface for routing traffic
I can confirm it, it seems the traceroute doesn't follow the IPsec policy
tested on ... Lev Prokofev
02:49 PM Bug #15379 (Not a Bug): Diagnostic/Traceroute follows default gateway instead of IPsec interface for routing traffic
You can't force something into policy-based IPsec in that way. Either it matches the traffic selectors and it will go... Jim Pingle
02:28 PM Bug #15379 (Not a Bug): Diagnostic/Traceroute follows default gateway instead of IPsec interface for routing traffic
If you define a specific Source Address in the Diagnostic/Traceroute page and that interface IP is within the IPsec t... Danilo Zrenjanin
01:52 PM Bug #14933: Traffic Graph widget displays bandwidth usage values which are half the actual usage amount
https://github.com/pfsense/pfsense/pull/4677 Steve Wheeler

04/03/2024

06:35 PM Bug #15157 (Feedback): PHP error when generating a notification after detecting a malformed configuration
Applied in changeset commit:7b920960e5f38aedd35316c762c5b0b6dbc84c60. Anonymous
04:19 PM Bug #15157 (In Progress): PHP error when generating a notification after detecting a malformed configuration
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/1147 Steve Wheeler
02:11 PM Bug #15157: PHP error when generating a notification after detecting a malformed configuration
The common PHP errors shown here are caused by trying to display a notification when the config file is unavailable. ... Steve Wheeler
11:43 AM Bug #15157: PHP error when generating a notification after detecting a malformed configuration
Good afternoon, I have an update. I have noticed that if I don't use certain characters, such as Ñ and others, in bot... David Cuadrado Sanchez
08:14 AM Bug #15157: PHP error when generating a notification after detecting a malformed configuration
David Cuadrado Sanchez wrote in #note-5:
> Robbe Van der Gucht wrote in #note-3:
> > I have a similar stack trace f... Robbe Van der Gucht
06:29 PM Revision 7b920960: Use only local notifications when config file cannot be read. Fixes #15157
Steve Wheeler
03:29 PM Bug #15376: OpenVPN DHCP Range | Pool
Hello Felix,
This doesn't sound like a pfSense bug.
To achieve your goal, simply add the following line to the... Danilo Zrenjanin
03:09 PM Bug #15378: XMLRPC Not Working as expected.
No, the potential for problems/harm is too high. Each package that supports XMLRPC has its own options to control the... Jim Pingle
03:00 PM Bug #15378: XMLRPC Not Working as expected.
Can we have selection in HA setup for installed packages? Like we have for selection for configuration section (we ma... Qadeer Ahmed
12:14 PM Bug #15378 (Not a Bug): XMLRPC Not Working as expected.
It's working as expected. Packages must handle their own synchronization. Some packages are not compatible with being... Jim Pingle
07:00 AM Bug #15378 (Not a Bug): XMLRPC Not Working as expected.
XMLRPC is not syncing the installed packages configurations sent by client.
XMLRPC.php file has this function me... Qadeer Ahmed
03:06 PM pfSense Plus Regression #14378: Packages are not removed when using the hardware reset button
The issue persisted on the 24.03 BETA today's release.
I tested it on the SG-2100 device. Danilo Zrenjanin
12:25 PM Bug #15361 (Confirmed): Network and broadcast address input validation is incorrectly applied to IPv6 VIPs
Tested against:... Danilo Zrenjanin
05:21 AM pfSense Plus Feature #15377 (New): Offline Storage of Boot Environments onto USB MEDIA
What I wish would happen:
Boot environments has an option to format an external drive/SSD/HDD/FLASH for use with off... Jonathan Lee

04/02/2024

07:35 PM Bug #15157: PHP error when generating a notification after detecting a malformed configuration
Robbe Van der Gucht wrote in #note-3:
> I have a similar stack trace for an issue that is maybe not completely the s... David Cuadrado Sanchez
07:22 PM Bug #15157: PHP error when generating a notification after detecting a malformed configuration
Good afternoon,
When I try to add a host to synchronize pfBlocker with other appliances, upon saving, I encounter th... David Cuadrado Sanchez
06:37 PM pfSense Plus Bug #15202: Add Option for Network Portion of Subnet "Wildcard" for IPv6 Rules
Kris Phillips wrote:
> If there was a way to detect the interface PD for firewall rules, similar to how the DHCPv6 s... Sevi A
06:08 PM pfSense Packages Feature #15375: Update ntopng package
Understood. Thank you Denny. Mike Moore
05:55 PM pfSense Packages Feature #15375: Update ntopng package
Mike Moore wrote in #note-1:
> "Support the addition of configuration lines outside those directly supported by the ... Denny Page
04:22 PM pfSense Packages Feature #15375: Update ntopng package
"Support the addition of configuration lines outside those directly supported by the pfSense ntop package UI. This al... Mike Moore
02:53 AM pfSense Packages Feature #15375 (Resolved): Update ntopng package
This is a tracking issue for a significant number of changes to pfSense-pkg-ntopng.
The list of changes to the pac... Denny Page
09:12 AM Bug #15376 (Not a Bug): OpenVPN DHCP Range | Pool
Ive had an issue with OpenVPN Server in PFSENSE, one Client couldnt connect to VPN. The solution was, reinstalling th... Felix Wurzacher

04/01/2024

11:34 PM pfSense Packages Feature #14712: CrowdSec package
I have been testing this for several months now and like it as another layer of security that uses very little resour... Glenn Hall
11:25 PM pfSense Packages Bug #15365: pfBlockerNG PHP error when editing a list
I can also confirm this behavior. I corrected it in my setup by editing line 391 of /usr/local/www/pfblockerng/pfbloc... Glenn Hall
10:07 PM pfSense Packages Feature #15374: Use of cachemgr.cgi within secure lightsquid access
Of course you can't access it with a GUI login session to light squid, is this something anyone wants to research at ... Jonathan Lee
10:05 PM pfSense Packages Feature #15374 (New): Use of cachemgr.cgi within secure lightsquid access
Hello fellow pfSense redline members,
Can we please add Squid's cachemgr.cgi to the lightsquid package.
Please... Jonathan Lee
07:12 PM Bug #15373 (Resolved): Firewall Logs Dashboard widget update interval does not behave as expected
The update interval on the dashboard widget does not behave as expected. It appears to have a problem with any interv... Jim Pingle
07:04 PM Bug #12673: Firewall Logs Dashboard Widget is slow and may fail to update
Somewhere along the way this changed from the initial issue (updates fail if < 5 seconds) and became about the speed ... Jim Pingle
06:57 PM Revision 017cdba2: Set FW log widget min interval to 5. Fixes #12673
Jim Pingle
06:56 PM Revision 6b7b059a: Fix syntax error (short open tag)
Jim Pingle
06:51 PM Revision 0263ca21: Fix log widget callback filename. Issue #12673
Jim Pingle
06:37 PM Bug #15135 (Resolved): Potential local file include vulnerability via DNS Resolver Python Module Script include mechanism
The added validation prevents any possible means to exploit this, I can't reproduce the original problem on current b... Jim Pingle
06:15 PM Bug #15264 (Resolved): ``crash_reporter.php`` displays PHP Error log without encoding
HTML tags in the PHP log are no longer interpreted, the contents are displayed exactly as they are in the file.
 Jim Pingle
06:11 PM Bug #14936 (Resolved): ``radvd`` service shows as stopped in services list when it should be disabled and hidden from that list
Looks good on a current snapshot. Jim Pingle
06:09 PM Bug #14386 (Resolved): ``openvpn.auth-user.php`` gets stuck at 100% CPU usage when RADIUS authentication times out
No reports of failures since this went in. Can always reopen it if someone can reproduce the problem on current builds. Jim Pingle
06:08 PM Regression #14970: Static ARP assignments lose ``permanent`` flag in ARP table
This fix requires new binaries and cannot be patched on older releases, the only way to get the fix will be by upgrad... Jim Pingle
06:03 PM Todo #13537 (Resolved): Update vendor files
There haven't been any noticeable issues with these updated libraries/files in some time now. If any new issues are i... Jim Pingle
05:42 PM pfSense Plus Todo #15372 (New): Adjust LED patterns for Boot Environments 2.0
With the new Boot Environments code the "upgrade in progress" LED pattern does not display for much time since the bu... Jim Pingle
05:29 PM pfSense Packages Bug #15313: Zabbix server 6.4.12 requires Zabbix proxies to be version 6.4.12
Zabbix server 6.4.13 is out now and I have confirmed that it works correctly with older proxies, including 6.4.1 that... Andrew Almond
12:56 PM pfSense Plus Todo #15266 (Resolved): Prevent usage of the default password in User Manager accounts
Jordan G wrote in #note-18:
> on 20240329-0600 build after restoring a backup with default password, both console an... Jim Pingle
12:55 PM pfSense Plus Todo #15266: Prevent usage of the default password in User Manager accounts
Danilo Zrenjanin wrote in #note-17:
> Another inconsistency is that when performing a clean install in the console, ... Jim Pingle
12:54 PM pfSense Plus Bug #15369 (Rejected): Update Virtual IP Messages to Say "Network ID/Prefix ID" in the Error
This is not true for IPv6. There is nothing special about the prefix ID address like there is in IPv4. In IPv6 every ... Jim Pingle
12:53 PM Bug #15361: Network and broadcast address input validation is incorrectly applied to IPv6 VIPs
Kris Phillips wrote in #note-3:
> In IPv6 there is a prefix ID followed by an interface, which replaces the network ... Jim Pingle
12:51 PM Bug #14942: DNS Resolver host overrides ignore all aliases if first entry has a domain set but no hostname
Lev Prokofev wrote in #note-9:
> I think it should be re-opened, I noticed that after the patch you can't add host o... Jim Pingle
12:48 PM Feature #15367 (Rejected): pfSense throughput would probably seriously benefit from jumbo frames. Please support that!
pfSense already supports Jumbo frames if they are supported by the hardware and drivers. If the hardware and drivers ... Jim Pingle
08:47 AM pfSense Packages Feature #8547: fwknop Port Knocking Package
Also upvote.
Because *bruteforcing by thousands of IoT devices* (fridges, smart bulbs, smart locks, smart tvs, Al... Sergei Shablovsky

03/31/2024

04:56 PM Bug #15370 (Rejected): GUI Randomly Shows WAN IPv6 Address as DHCPv6 or SLAAC but not both
The first IPv6 GUA to be configured on the interface gets used. The order of what gets configured first is determined... Marcos M
11:39 AM Bug #15370: GUI Randomly Shows WAN IPv6 Address as DHCPv6 or SLAAC but not both
After making a change to WAN interface and hitting save (just unchecked and rechecked a box):
I also noticed the cha... Brian Dahlquist
11:28 AM Bug #15370 (Rejected): GUI Randomly Shows WAN IPv6 Address as DHCPv6 or SLAAC but not both
When the WAN interface gets a DHCPv6 and a SLAAC address it will only show one or the other pretty much at random for... Brian Dahlquist
12:41 PM Feature #15371 (Duplicate): Add MAP-E support
I wonder if this could be considered.
It was originally requested here: https://redmine.pfsense.org/issues/11901
... Token Frenchboy
06:59 AM pfSense Packages Bug #15131: OpenVPN client export issues with iPhone and IPV6 connections
https://forum.netgate.com/topic/185475/new-bogon-hitting-the-openvpn-port-1194 Jonathan Lee
06:59 AM pfSense Packages Bug #15131: OpenVPN client export issues with iPhone and IPV6 connections
Unrelated but if you’re not logging and locking down your VPN use make sure you do. Jonathan Lee
06:53 AM pfSense Packages Bug #15131: OpenVPN client export issues with iPhone and IPV6 connections
remote f.q.d.n 1194 udp4
to
remote f.q.d.n 1194 udp
I am opening a redmine for this as the iPhone uses ipv6 an... Jonathan Lee
06:48 AM pfSense Packages Bug #15131: OpenVPN client export issues with iPhone and IPV6 connections
My original test was from a cellphone iOS iPhone SE latest SE from cell network remote connection to DSL IPv4 only IS... Jonathan Lee
04:00 AM pfSense Packages Bug #12907: PIMD: Nonexistent interfaces should be hidden/disabled in pimd.conf before bringing up the service
0.0.3_6 pimd on 24.03 beta seems to function correctly with regards to bindings and interface selection and the statu... Jordan G
01:08 AM pfSense Plus Todo #15266: Prevent usage of the default password in User Manager accounts
on 20240329-0600 build after restoring a backup with default password, both console and gui requested changing the pa... Jordan G

03/30/2024

11:32 PM pfSense Packages Bug #15131: OpenVPN client export issues with iPhone and IPV6 connections
Just tested a config with udp4 in the remote host line on OpenVPN Connect on Android. The config imported just fine.... Kris Phillips
11:31 PM pfSense Packages Bug #15131: OpenVPN client export issues with iPhone and IPV6 connections
I tested this on 24.03 and am unable to reproduce this. The config file on a new multihome config spits out with udp... Kris Phillips
11:23 PM Regression #14930 (Resolved): Clean installation using Auto (ZFS) + MBR (BIOS) does not boot
MBR (BIOS) is working as expected on... Christopher Cope
11:20 PM pfSense Packages Bug #15313: Zabbix server 6.4.12 requires Zabbix proxies to be version 6.4.12
Checked on the latest 24.03 BETA builds. This is still on the older version: zabbix64-proxy-6.4.10_1  Kris Phillips
11:15 PM pfSense Plus Bug #15303: dpinger service does not always switch from Pending to Online
Tested this on the 24.03 BETA and this issue is present on that version as well. Kris Phillips
11:14 PM pfSense Plus Bug #15369 (Rejected): Update Virtual IP Messages to Say "Network ID/Prefix ID" in the Error
When adding a Virtual IP, pfSense Plus will complain that you can't use the Network ID or Broadcast Address if you tr... Kris Phillips
11:09 PM Bug #15361: Network and broadcast address input validation is incorrectly applied to IPv6 VIPs
In IPv6 there is a prefix ID followed by an interface, which replaces the network ID in IPv6. Assigning the prefix I... Kris Phillips
10:40 PM Bug #15067 (Resolved): Secondary node attempts to delete the ``admins`` group when synchronizing accounts via XMLRPC
Christopher Cope
10:39 PM Bug #15067 (Closed): Secondary node attempts to delete the ``admins`` group when synchronizing accounts via XMLRPC
No more errors on... Christopher Cope
02:22 PM Bug #14942: DNS Resolver host overrides ignore all aliases if first entry has a domain set but no hostname
Tested on the latest 23.04 build, the error did not occur.
24.03-BETA (amd64)
built on Fri Mar 29 6:00:00 UTC 202... Lev Prokofev
02:05 PM Bug #14942: DNS Resolver host overrides ignore all aliases if first entry has a domain set but no hostname
I couldn't replicate the issue on 24.09 - BETA Danilo Zrenjanin
01:49 PM Bug #14942: DNS Resolver host overrides ignore all aliases if first entry has a domain set but no hostname
I think it should be re-opened, I noticed that after the patch you can't add host override without setting the alias ... Lev Prokofev

03/29/2024

05:14 PM pfSense Plus Todo #15266: Prevent usage of the default password in User Manager accounts
Another inconsistency is that when performing a clean install in the console, you will be prompted to change the defa... Danilo Zrenjanin
01:08 AM pfSense Packages Feature #14032: Neighbor Discovery Proxy (NDproxy)
Bump! ndproxy has been patched and now builds on FreeBSD 14 - see commit history:
https://www.freshports.org/net/ndp... Firstname Surname

03/28/2024

09:32 PM Bug #15363 (Resolved): Reply traffic on a secondary WAN may be dropped when passed through dummynet
Tested - working. Marcos M
04:49 PM Bug #15363 (Feedback): Reply traffic on a secondary WAN may be dropped when passed through dummynet
Kristof Provost
04:49 PM Bug #15363: Reply traffic on a secondary WAN may be dropped when passed through dummynet
Fixed in https://cgit.freebsd.org/src/commit/?id=a983cea4e9a8dcd52cfd6a3141d7aa03306b057b (and cherry-picked to plus-... Kristof Provost
08:36 PM Feature #8695: make AdvLinkMTU configurable
Dear Jim Pingle,
in cases where v6 tunnels are active, the v4 MTU differs from the v6 MTU as a v6 tunnel adds addi... Stefan Bauer
06:57 PM Bug #14996 (Resolved): Kea DHCP PHP error from WINS server value
Tested against:... Danilo Zrenjanin
06:35 PM Bug #15361: Network and broadcast address input validation is incorrectly applied to IPv6 VIPs
I need to add a secondary IPv6 address (fd00:0:0:1::/64) on my tun_wg0 interface and it works using the VIPs
If i pu... Mathis Cavalli
04:51 PM Bug #15361: Network and broadcast address input validation is incorrectly applied to IPv6 VIPs
What's the end goal you're looking for here?
An IP alias should take a single address you want to add to a specifi... Chris W
05:21 PM Revision d0a6b799: Improve the messaging used when the upgrade system is busy.
Replace the generic 'error' message by a correct and more clear message. Luiz Souza
03:30 PM pfSense Plus Feature #15368 (New): Bulk import DHCP host reservations
It'd be a huge time saver to import from a CSV or XML file into Kea, or even just pasting into a text field like Fire... Chris W
03:15 PM pfSense Plus Regression #15337 (Resolved): pfSense-boot pkg fails install in UFS
Marcos M
01:00 PM pfSense Plus Regression #15337: pfSense-boot pkg fails install in UFS
tested on:
24.03-BETA (amd64)
built on Fri Mar 22 17:08:00 UTC 2024
FreeBSD 15.0-CURRENT
upgraded from 23.09.1 on... Georgiy Tyutyunnik
02:41 PM Feature #15367 (Rejected): pfSense throughput would probably seriously benefit from jumbo frames. Please support that!
pfSense throughput would probably seriously benefit from jumbo frames. Please support that!
I described this in mo... Louis B
09:28 AM Bug #15366: Ethernet rules are not blocking the ARP inside the bridge
The same behavior if you filter on the bridge
net.link.bridge.pfil_member=0
net.link.bridge.pfil_bridge=1
and... Lev Prokofev
09:25 AM Bug #15366 (New): Ethernet rules are not blocking the ARP inside the bridge
Configuration:
1)IX2 and DMZ interfaces are bridged (192.168.168.0/24)
2)Filtering enabled on members of the brid... Lev Prokofev
08:51 AM pfSense Packages Bug #15365 (Confirmed): pfBlockerNG PHP error when editing a list
I can confirm this behavior.
!clipboard-202403280951-tqfxp.png!... Danilo Zrenjanin

03/27/2024

09:45 PM pfSense Packages Regression #14189: pfBlocker-NG: HA-Sync is not working
Linking in https://forum.netgate.com/topic/179060/pfblockerng-sync-not-working/54 which says in part:
"All you nee... Steve Y
07:20 PM Bug #10980 (Resolved): ``/etc/rc.local`` script content is executed at login instead of during boot sequence
This is working as expected on the latest Plus snapshot. Jim Pingle
03:47 PM pfSense Packages Bug #15365 (Resolved): pfBlockerNG PHP error when editing a list
When editing an IPv4 list item I hit:... Steve Wheeler
02:45 PM pfSense Plus Bug #15364 (Not a Bug): Netgate XG-7100-1U OS drive timeout / system hang / no access to WebUI nor SSH
There are no issues of that nature with the 7100 hardware on 23.09.1. Most likely that is a hardware problem. Contact... Jim Pingle
01:56 PM pfSense Plus Bug #15364 (Not a Bug): Netgate XG-7100-1U OS drive timeout / system hang / no access to WebUI nor SSH
Bug seems to be similar as #14181 and #14300.
*Contexte* : Upgrade PfSense+ from 23.05.1 to 23.09.1 on Netgate XG... Pf Sensitive
02:17 PM Bug #15291: Error on Traffic Shaper 0% Bandwidth
dylan mendez wrote in #note-3:
> Pavan, please let us know what the result or rebuilding is since this upgrade was f... Pavan K
02:43 AM Bug #15363: Reply traffic on a secondary WAN may be dropped when passed through dummynet
I'll try to reproduce this.
First thoughts:
The state being created as floating (i.e. 'all') is expected for rep... Kristof Provost

03/26/2024

11:18 PM Bug #15362: Config upgrade error with empty gateway interval tags.
Specifically this was config version 8.0 I hit this on though I'd expect anything that hits upgrade_130_to_131() woul... Steve Wheeler
07:12 PM Bug #15362 (Resolved): Config upgrade error with empty gateway interval tags.
Upgrading an old config that has set but empty gateway interval tags throws a php error.
For example a config contai... Steve Wheeler
07:24 PM Bug #14893 (Resolved): Large number of IPsec tunnels causes long filter reload times
Jim Pingle
07:22 PM Bug #13413 (Resolved): Some messages presented to users contain relative links to pages which may be invalid when triggered from certain packages
Jim Pingle
07:15 PM Bug #15363 (Resolved): Reply traffic on a secondary WAN may be dropped when passed through dummynet
When a dummynet pipe with a delay is applied to traffic on a secondary WAN, reply traffic is dropped. It seems that t... Marcos M
07:14 PM Feature #15322 (Resolved): 50x and 404 error handling to GUI web server configuration
Appears to be working as expected. Jim Pingle
07:13 PM Todo #15302 (Resolved): Error handling in the Setup Wizard is very user-unfriendly
Errors are all nicely displayed and the user has the opportunity to correct them. No more blank pages with error mess... Jim Pingle
07:09 PM Bug #10980: ``/etc/rc.local`` script content is executed at login instead of during boot sequence
Somehow the change didn't get carried over into rc.initial on Plus. I just made the equivalent commit there that remo... Jim Pingle
07:02 PM Feature #15233 (Resolved): Recognize QAT 4xxx devices in System Information Widget
Jim Pingle
07:01 PM Bug #15118 (Resolved): DHCPv6 settings page "DDNS Reverse" check box not showing current state
Checkbox is being respected and is displaying its value properly. Jim Pingle
06:57 PM Bug #14991 (Resolved): Kea does not allow FQDNs for NTP servers but input validation does not prevent them from being added
Validation is working, as is the backend filtering. Kea starts properly every time now. Jim Pingle
05:56 PM pfSense Plus Todo #15266: Prevent usage of the default password in User Manager accounts
I think I was able to reproduce that issue finally. Starting from a fresh install or factory reset the user was being... Jim Pingle

03/25/2024

08:54 PM Revision 2f30e7a9: register_all_installed_packages: introduce option
Christian McDonald
08:54 PM Bug #15341 (Closed): PHP errors in ``xmlrpc.php`` during configuration synchronization concerning OpenVPN
This is part of a general change currently in progress. Marcos M
06:50 PM Bug #15118 (Feedback): DHCPv6 settings page "DDNS Reverse" check box not showing current state
Applied in changeset commit:31742a256444b808f646ab805b53987ff95d9207. Jim Pingle
06:41 PM Revision 31742a25: Reflect config value of ddnsreverse for DHCPv6. Fixes #15118
Jim Pingle
06:28 PM Bug #14977 (Closed): Kea fails to restart due to race between process termination and startup
I can't reproduce this at all on current snapshots. I've killed the process and left the old file in place, killed it... Jim Pingle
06:25 PM Bug #14991 (Feedback): Kea does not allow FQDNs for NTP servers but input validation does not prevent them from being added
Applied in changeset commit:216df8ac250e2fe705c90f07c2a5e1811e7011e9. Jim Pingle
06:15 PM Revision 216df8ac: Disallow hostnames in Kea NTP. Fixes #14991
* If they are in the config.xml data already, do not write them into
the Kea configuration.
* Do not allow the user... Jim Pingle
06:00 PM Bug #15032 (Feedback): Kea DHCP sends wrong bootloader file for UEFI
Applied in changeset commit:d027f903cfad356af6cad7a3cf49253a5e5dbc31. Jim Pingle
05:50 PM Bug #14996 (Feedback): Kea DHCP PHP error from WINS server value
Applied in changeset commit:faf9f096448c3d18ba291901e391270036ab47c7. Jim Pingle
05:45 PM Bug #14936 (Feedback): ``radvd`` service shows as stopped in services list when it should be disabled and hidden from that list
Applied in changeset commit:0cd692b7265415410fcaf79575089da58f49739c. Jim Pingle
05:44 PM Revision d027f903: Fix order of Kea boot files. Fixes #15032
Jim Pingle
05:43 PM Revision faf9f096: Fix variable typo. Fixes #14996
Jim Pingle
05:34 PM Revision 0cd692b7: Fix an radvd service status edge case. Fixes #14936
Jim Pingle
04:13 PM pfSense Plus Regression #15337 (Feedback): pfSense-boot pkg fails install in UFS
IIRC this is fixed now, or at least needs re-tested on current snaps. Jim Pingle
01:07 PM pfSense Plus Todo #15266: Prevent usage of the default password in User Manager accounts
Danilo Zrenjanin wrote in #note-14:
> > * Plus: Setup wizard requires the user to change the password and will no... Jim Pingle
01:03 PM pfSense Docs Correction #15359 (Closed): Wireguard Overview: remove word
Fixed, thanks! Jim Pingle
01:00 PM Regression #14930 (Feedback): Clean installation using Auto (ZFS) + MBR (BIOS) does not boot
Jim Pingle
12:24 PM Todo #15358 (Rejected): Correct description in “System Information” widget
There is no need to use both forms everywhere. The string is already long enough as it is without adding to it. Jim Pingle
12:18 PM Bug #14942 (Resolved): DNS Resolver host overrides ignore all aliases if first entry has a domain set but no hostname
Jim Pingle
11:56 AM Bug #13624: Only one alias in local network of OpenVPN Server works in 2.6.0
Kris Phillips wrote in #note-8:
> Reproduced this with a customer. The root of the issue appears to be that OpenVPN... Sean Huggans
04:48 AM Bug #13624: Only one alias in local network of OpenVPN Server works in 2.6.0
Re-upload of image provided by Kris with additional information redacted. Craig Coonrad
09:20 AM Bug #15361 (Resolved): Network and broadcast address input validation is incorrectly applied to IPv6 VIPs
There is no network address in IPv6, nor broadcasts like IPv4
When adding / editing an IP alias and putting there an... Mathis Cavalli

03/24/2024

11:55 PM Regression #14930: Clean installation using Auto (ZFS) + MBR (BIOS) does not boot
This fix is in pfSense Plus currently, and will be in the next release of CE. Upstream will likely be deprecating and... Christian McDonald
07:14 PM Bug #14942: DNS Resolver host overrides ignore all aliases if first entry has a domain set but no hostname
Can confirm the patch is working correctly on 23.09.1 dylan mendez
12:41 PM Bug #14977: Kea fails to restart due to race between process termination and startup
I just experienced exactly this same problem:
DHCP4_CONFIG_LOAD_FAIL configuration error using file: /usr/local/et... Suriname Clubcard
02:18 AM pfSense Plus Bug #15303: dpinger service does not always switch from Pending to Online
Just tested this on 24.03. Added a new VTI, added the interface, and checked the Status --> Gateways page. Gateway ... Kris Phillips
02:07 AM Bug #15346: Port Forward Add Unassociated Filter Rule Not Working
I can also confirm this behavior on the March 22nd builds of 24.03. Associated and None work fine. Kris Phillips
02:06 AM Bug #15360 (Duplicate): pcap & Tailscale interface
https://redmine.pfsense.org/issues/15145 Christopher Cope
01:41 AM Bug #15360 (Duplicate): pcap & Tailscale interface

Tailscale is listed in PCAP as unassigned interface.
when I click on start it works for a sec then stop. Alhusein Zawi
02:01 AM Bug #15341 (Pull Request Review): PHP errors in ``xmlrpc.php`` during configuration synchronization concerning OpenVPN
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/1146 Christopher Cope

03/23/2024

08:03 PM Bug #15147 (Closed): Cannot configure dual stack IPsec tunnel to accept connections from any remote address on both address families
note was added
24.03.b.20240322.1708
 Alhusein Zawi
07:55 PM pfSense Packages Bug #13654: Wireguard does not fail back failover WAN setup.
Tested/confirmed on 4100 hardware, pfSense Plus 23.09.1.
Dual ISP in gateway group with tier 1/2.
Wireguard traffic... Craig Coonrad
07:38 PM pfSense Docs Correction #15359 (Closed): Wireguard Overview: remove word
URL: https://docs.netgate.com/pfsense/en/latest/vpn/wireguard/index.html#wireguard-overview
> WireGuard instances ... Craig Coonrad
06:04 PM Todo #15358 (Rejected): Correct description in “System Information” widget
Brilliant pfSense DevTeam!
WHERE
“ *System Information”* widget
in block “*System*”
ISSUE
change
“*Netgate ... Sergei Shablovsky
05:42 PM pfSense Plus Bug #13320 (Resolved): IP aliases with a CARP VIP parent are not available as VIP choices for gateway groups
Tested against 23.09.1.
It works as expected. I was able to choose Alias VIP (nested under CARP VIP IP) in the Vir... Danilo Zrenjanin
05:40 PM Bug #13624: Only one alias in local network of OpenVPN Server works in 2.6.0
Reproduced this with a customer. The root of the issue appears to be that OpenVPN is sometimes passing the NAME of t... Kris Phillips
03:42 PM pfSense Packages Bug #11614: ACME certificate renewal/creation fails with multiple DNS providers
3 years later and I ran into the same issue and the fix is actually extremely simple.
The logic in the function <c... Sherif Fanous
03:09 PM Bug #14933: Traffic Graph widget displays bandwidth usage values which are half the actual usage amount
To apply the patch successfully, the *path strip = 0* must be set. Danilo Zrenjanin
01:14 PM pfSense Plus Todo #15266: Prevent usage of the default password in User Manager accounts
Jim Pingle wrote in #note-10:
> This is now in and complete.
>
> tl;dr: Passwords are now a little more strict on bo... Danilo Zrenjanin
06:27 AM Bug #14942: DNS Resolver host overrides ignore all aliases if first entry has a domain set but no hostname
The patch fixed the behavior. I think the issue can be marked as resolved.
tested on ... Lev Prokofev
06:12 AM Bug #15032: Kea DHCP sends wrong bootloader file for UEFI
I can confirm this behavior on 23.09.1.
The patch makes it work for both legacy and UEFI boot. Lev Prokofev
05:41 AM Bug #15346: Port Forward Add Unassociated Filter Rule Not Working
Can confirm this behavior on 24.03 BETA... Lev Prokofev
12:08 AM pfSense Packages Todo #15270 (Closed): ENUMER STUN
That feed isn't enabled by default and we don't maintain it. The pfBlockerNG developer includes the ability to one-cl... Chris W

03/22/2024

10:35 PM Bug #14371: Firewall does not respond to UDP traceroute requests over IPsec
I am seeing a similar behavior on wireguard tunnels as well. You can see the incoming request in the pcap but no answ... Johannes Rohde
10:05 PM Bug #15357 (Not a Bug): Password policy script remains running after it succeeds in another shell session
It's not a bug. It isn't constantly checking to see if it's changed in the background. User can hit ^C to break out o... Jim Pingle
09:21 PM Bug #15357 (Not a Bug): Password policy script remains running after it succeeds in another shell session
After upgrading/install, @/usr/local/bin/usermgrpasswd@ is triggered, prompting a password change on the serial conso... Marcos M
03:30 PM pfSense Packages Todo #15281 (Confirmed): Upgrade Tailscale to 1.6.0
This is not currently available in the 24.03-BETA. We're still on 1.56. Kris Phillips
02:50 PM Bug #14933: Traffic Graph widget displays bandwidth usage values which are half the actual usage amount
I can confirm that the patch works fine on 23.09.1. Danilo Zrenjanin

03/21/2024

08:55 PM Todo #15256: Upgrade Unbound to >= 1.19.1
Updated to 1.19.3 Marcos M
08:27 PM Bug #15353: Crashes Every ~8-12 Hours in New 2.7.2 Install with Unbound, Suricata, and pfBlockerNG
Thanks for the feedback, this was my first post here. I have more logs if necessary.
I disabled virtualization in ... Devin Dawson
04:00 PM Bug #15353: Crashes Every ~8-12 Hours in New 2.7.2 Install with Unbound, Suricata, and pfBlockerNG
I see quite a few posts on the forum around recent instability. I myself is currently facing the issue with high syst... Mike Moore
06:41 AM Bug #15353 (New): Crashes Every ~8-12 Hours in New 2.7.2 Install with Unbound, Suricata, and pfBlockerNG
After reading some FreeBSD posts, it appears that this bug is potentially triggered by high CPU load. This occurs for... Devin Dawson
07:04 PM pfSense Plus Bug #15356 (Not a Bug): Traffic Graph Widget shows traffic of VLAN-if additionally in no-VLAN-if
This is expected. Traffic tagged with the VLAN still has to pass the parent interface. If it was not shown there the ... Steve Wheeler
06:36 PM pfSense Plus Bug #15356 (Not a Bug): Traffic Graph Widget shows traffic of VLAN-if additionally in no-VLAN-if
!clipboard-202403211934-zwlja.png!
!clipboard-202403211935-dvmgs.png!
See LAN and Medien. Traffic flows to Medien... Thomas Völker
06:53 PM Revision cba5bb65: Update the code for consistency.
No functional changes. Luiz Souza
06:43 PM Revision c379cdf4: Run the pfSense-repoc with the new file names style.
Luiz Souza
06:03 PM pfSense Packages Bug #15334 (Resolved): Interface Description not updated properly when add/creating new interface in Snort
PR merged, thanks! Jim Pingle
06:02 PM pfSense Packages Bug #15351 (Resolved): Snort does not honor user-specified PHP memory limit setting if user specifies a value greater than 384 MB
PR merged, thanks! Jim Pingle
06:02 PM pfSense Packages Bug #15333 (Resolved): Interface Description not updated properly when add/creating new interface in Suricata
PR merged, thanks! Jim Pingle
06:02 PM pfSense Packages Bug #15350 (Resolved): Suricata does not honor user-specified PHP memory limit setting if user specifies a value greater than 512 MB
PR merged, thanks! Jim Pingle
06:00 PM pfSense Packages Feature #15355 (New): Logging Verbosity Change via patch for miniupnpd
Please see https://forum.netgate.com/post/1158297
For those that wish to ingest miniupnpd (UPNP) firewall and nat ... Jeff Lewis
04:55 PM Bug #15354 (Duplicate): Interface Throughput Limitation on Intel(R) Ethernet Connection E823-C for SFP Network Card
https://redmine.pfsense.org/issues/15174 Steve Wheeler
04:26 PM Bug #15354 (Duplicate): Interface Throughput Limitation on Intel(R) Ethernet Connection E823-C for SFP Network Card

In the current stable version of pfSense, 2.7.2 CE, a significant limitation in interface throughput has been ident... Samuel Trnka

03/20/2024

11:54 PM Revision 3c6be688: Instrument the upgrade JSON data with more information about errors and failures.
Now, with the proper return code, instead of presenting no data to the user when
the pfSense-upgrade is busy (running... Luiz Souza
11:51 PM Revision 1e0c40e5: Add the support to the new pfSense-repoc repository files style.
Keeps the support to the old style, so both versions of pfSense-repoc are supported. Luiz Souza
09:18 PM pfSense Plus Feature #13227: Group-based Mobile IPsec Virtual Address Pool assignment via RADIUS
Tue Madsen wrote in #note-11:
> This a fabulous ♥️ Unfortunately I’m away for a couple of weeks right now, so I won’... Reid Linnemann
08:45 PM pfSense Plus Feature #13227 (Resolved): Group-based Mobile IPsec Virtual Address Pool assignment via RADIUS
This is working as expected. Note that strongswan's @eap-radius@ plugin only supports specifying a single group for a... Marcos M
05:14 PM pfSense Plus Feature #13227: Group-based Mobile IPsec Virtual Address Pool assignment via RADIUS
This a fabulous ♥️ Unfortunately I’m away for a couple of weeks right now, so I won’t be able to participate in betat... Tue Madsen
03:13 PM pfSense Plus Feature #13227 (Feedback): Group-based Mobile IPsec Virtual Address Pool assignment via RADIUS
Reid Linnemann
08:52 PM pfSense Docs New Content #15352 (New): Mobile IPsec Group Virtual Address Pools
Document the feature introduced with:
https://redmine.pfsense.org/issues/13227
Note that strongswan's @eap-radius... Marcos M
07:55 PM Feature #15322 (Feedback): 50x and 404 error handling to GUI web server configuration
Applied in changeset commit:6667cd717f7f5c038b1a439f322c71ef2427fa2d. Jim Pingle
07:48 PM Revision 6667cd71: Catch/handle some HTTP errors. Implements #15322
* Catch 50x errors, even from PHP FPM, so users don't end up with a
blank white screen if an error happens too earl... Jim Pingle
07:12 PM pfSense Packages Bug #15334: Interface Description not updated properly when add/creating new interface in Snort
A pull request has been submitted against the RELENG_2_7_2 branch of pfSense CE to correct this issue: https://github... Bill Meeks
07:12 PM pfSense Packages Bug #15351: Snort does not honor user-specified PHP memory limit setting if user specifies a value greater than 384 MB
A pull request has been submitted against the RELENG_2_7_2 branch of pfSense CE to correct this issue: https://github... Bill Meeks
06:46 PM pfSense Packages Bug #15351 (Resolved): Snort does not honor user-specified PHP memory limit setting if user specifies a value greater than 384 MB
Recently pfSense added a new PHP Memory Limit parameter in the *Advanced Settings* tab under the SYSTEM menu. Prior t... Bill Meeks
06:32 PM pfSense Packages Bug #15333: Interface Description not updated properly when add/creating new interface in Suricata
A pull request containing the fix for this issue has been posted against the RELENG_2_7_2 pfSense CE branch here: htt... Bill Meeks
06:31 PM pfSense Packages Bug #15350: Suricata does not honor user-specified PHP memory limit setting if user specifies a value greater than 512 MB
A pull request containing the fix for this issue has been posted against the RELENG_2_7_2 pfSense CE branch here: htt... Bill Meeks
02:18 PM pfSense Packages Bug #15350 (Resolved): Suricata does not honor user-specified PHP memory limit setting if user specifies a value greater than 512 MB
Recently pfSense added a new PHP Memory Limit parameter in the *Advanced Settings* tab under the SYSTEM menu. Prior t... Bill Meeks
03:53 PM Bug #15343: DHCP host names for Windows 10/11 hosts have "." at the end
It's there in the Kea IPv6 lease database but the status page code trims it so it's not shown in the GUI. Just a mino... Jim Pingle
03:29 PM Bug #15343: DHCP host names for Windows 10/11 hosts have "." at the end
DHCPv6 is not adding the "." to the hostnames for Windows 10 / 11 hosts. It's behaving differently than DHCPv4. If DH... Daryl Morse
03:38 PM Bug #12833: GUI Service Log Filling Up with Cruft
In Status / System Logs / Settings, there is the setting "Web Server Log".
I take this setting literally, that if ... Daryl Morse
03:12 PM pfSense Plus Bug #15316 (Confirmed): OpenVPN Clients with Gateway Group Interface on DHCP Exits on Error 1
I was able to replicate this behavior. The OpenVPN client doesn't failover to the next gateway in the gateway group. ... Danilo Zrenjanin
01:51 PM Bug #15110: pfSense hangs when rebooting
The 256 GB WD NVMe SSD performs without any issues when used with the Netgate 6100. Danilo Zrenjanin
01:47 PM Bug #15110: pfSense hangs when rebooting
Another user encountered the same issue with their Netgate 6100 device after installing the Transcend TS256GMTE460T N... Danilo Zrenjanin
09:53 AM Bug #15181 (Resolved): PHP error in ``interfaces_qinq_edit.php`` when creating a QinQ interface
Thank you for confirming, Jens!
I am closing this ticket as resolved. Danilo Zrenjanin

03/19/2024

08:18 PM Revision 63fe1588: Correct empty resolver alias handling. Fixes #14942
Jim Pingle
08:15 PM Bug #14942 (Feedback): DNS Resolver host overrides ignore all aliases if first entry has a domain set but no hostname
Applied in changeset commit:0ea1a9918e4baf00f563a180f801f00b581aebcf. Jim Pingle
08:09 PM Revision 0ea1a991: Adjust unbound host alias validation. Fixes #14942
Jim Pingle
03:18 PM Bug #15343 (Not a Bug): DHCP host names for Windows 10/11 hosts have "." at the end
That is how the clients are sending their own hostname. It's that way in the lease database, and Kea is just recordin... Jim Pingle
02:57 PM pfSense Docs Correction #15345 (Resolved): Advanced options -- fix typo
Fixed, thanks! Jim Pingle
02:56 PM Bug #15347 (Not a Bug): OpenVPN Multiple WAN Asymmetric Routing
The RADIUS authentication is a separate request that is unrelated to the incoming VPN connection at a packet level. I... Jim Pingle
02:48 PM pfSense Docs Correction #15344 (Resolved): Interface Bound States -- fix typo
Fixed, thanks! Jim Pingle
02:32 PM Feature #15348: Block out PSK when viewing Phase 1 IPsec configuration
"It would also render the button to generate a PSK useless without a way to see/copy it."
Is render and copy to cl... Mike Moore
02:30 PM Feature #15348: Block out PSK when viewing Phase 1 IPsec configuration
"If we do anything like this, it will need to have a visibility toggle and/or a button to copy the value to the clipb... Mike Moore
12:34 PM Feature #15348: Block out PSK when viewing Phase 1 IPsec configuration
If we do anything like this, it will need to have a visibility toggle and/or a button to copy the value to the clipbo... Jim Pingle
12:26 PM Bug #15349 (Not a Bug): 1:1 NAT rule for subnet always uses full subnet range
The "/24" in your text appears to be a typo or confusion on your part. The rules it forms use the whole *_/28_* which... Jim Pingle
07:11 AM Bug #13624: Only one alias in local network of OpenVPN Server works in 2.6.0
The same behaviour on 23.09.1 aleksei prokofiev

03/18/2024

11:20 PM Feature #4165: Allow for security zones when defining interfaces and firewall rules.
Marcos M wrote in #note-7:
> Though there's plenty of related documentation and resources already, it'd be helpful t... Ryan S
08:37 PM Bug #15349 (Not a Bug): 1:1 NAT rule for subnet always uses full subnet range
Creating a 1:1 NAT rule for something like @10.0.0.5/28 -> 10.1.0.7/28@ will actually create the proper rules for the... Yehuda Katz
08:22 PM Feature #14208: Automatic Split-DNS for 1:1 NAT
I unfortunately haven't finished my dissertation, but I took a break to work on this. PR is significantly expanded, s... Yehuda Katz
04:22 PM pfSense Plus Feature #13227: Group-based Mobile IPsec Virtual Address Pool assignment via RADIUS
I started down the path of including this using the key identifier and using the identifier as the 'groups' value ins... Reid Linnemann
02:31 PM Feature #15348 (New): Block out PSK when viewing Phase 1 IPsec configuration
When filling out a PSK in the phase 1 proposal section, the PSK really should be entered in obfuscated with the optio... Mike Moore

03/17/2024

06:50 PM Bug #14854 (Resolved): Packets are passed through dummynet twice when using ``route-to`` leading to half the expected bandwidth
https://reviews.freebsd.org/D44365
A fix has been merged; I tested limiting with and without floating rules, as well... Marcos M
06:21 PM pfSense Packages Todo #14073: Shalla block list is offline but still available in pfBlocker
Kris we know what the issue is but how does it get cleaned up?
Seems like something someone internal can push the m... Mike Moore
02:53 AM pfSense Packages Todo #14073: Shalla block list is offline but still available in pfBlocker
This still affects 23.09.1 and 24.03's builds of pfBlockerNG as of today. This source should be removed as soon as p... Kris Phillips
05:08 PM Bug #15343: DHCP host names for Windows 10/11 hosts have "." at the end
The hosts with yellow highlighting are windows 10/11. The others are IoT or mobile. Daryl Morse
02:52 PM Bug #15181: PHP error in ``interfaces_qinq_edit.php`` when creating a QinQ interface
Danilo Zrenjanin wrote in #note-8:
> Can you apply the patch and see if it fixes that in your environment?
I can ... Jens Becker
02:58 AM pfSense Packages Bug #15296: WAN Interface cannot added to ntopng if offline-packet loss
Sergei Shablovsky wrote in #note-1:
> Sergei Shablovsky wrote:
> >
> >
> > But LAN interfaces ALL would be ADDED as... Kris Phillips
01:05 AM Revision d46d5302: pfSense-boot: now just a distribution package, eliminate post-install script
Christian McDonald
 

Also available in: Atom