Project

General

Profile

Activity

From 04/26/2024 to 05/25/2024

05/25/2024

11:56 PM Bug #15493: Kea sometimes provides an IP from the DHCP pool despite static mappings
confirmed, also experiencing this behavior with 24.03 - Changing the IP or creating a new reservation does not always... Jordan G
11:25 PM Regression #15094: Updates fail against an authenticated upstream proxy
Tickets 2616976047 and 2698680909 both are regarding this issue. Kris Phillips
10:49 PM pfSense Plus Feature #15506 (Confirmed): GEOM mirrors from previous UFS installs break ability to install with ZFS RAIDZ1 "No Disks Available"
Confirmed. Having this automated would make the install smoother. Christopher Cope
05:33 PM pfSense Plus Bug #15509 (Not a Bug): Debian OpenVPN client breaks the connections
Christopher Cope
04:54 PM Bug #15516: Per-rule byte counter values lost across a filter reload
Just to add another data point, as I mentioned in https://forum.netgate.com/topic/188336/firewall-rule-counters-max-s... Steve Y
04:25 PM Bug #5413: Reduce disruptions when changing DNS records from DHCP leases in Unbound
Any further updates on this? Jay Sols
12:25 PM Bug #15519 (New): Limiter dynamic child queue applied twice when traffic passes out of bound OpenVPN interface with NAT
Setup:
* Limiter is set up with child queues that have a /32 source mask applied - parent limiter is set to 100mbp... Ivan Konash
08:53 AM Bug #15518 (Confirmed): Kea does not send configured TFTP server name
I can confirm this behavior on 24.03. The Lev's workaround works. Danilo Zrenjanin
06:29 AM Bug #15518: Kea does not send configured TFTP server name
I can confirm this behavior on 24.03, I was able to fix it by adding the string "code": 66 in the config
Example:
... Lev Prokofev
05:27 AM Bug #15518 (Resolved): Kea does not send configured TFTP server name
I've a working environment with ISC dhcp server booting a raspberry pi over network. When switching to KEA dhcp the "... Martin Hengesbach
06:35 AM Feature #15321: Kea DHCP Custom Configuration Support (IPv4 and IPv6)
Below is an example of possible options with the right syntax:
https://github.com/isc-projects/kea/blob/master/doc... Lev Prokofev
03:06 AM pfSense Packages Bug #15517 (Rejected): WireGuard not responding to the handshake from the same port
Hello everyone,
I am seeing an issue with WireGuard responding from a different port for the Handshake response. T... Karl Kastr
12:02 AM Regression #15430 (Pull Request Review): Interface-bound state policy does not handle IPsec VTI traffic as expected when filtering on ``enc0`` interface
We can try to work around the issue until #8686 is resolved.
https://gitlab.netgate.com/pfSense/pfSense/-/merge_reque... Marcos M

05/24/2024

11:13 PM Bug #15516 (Resolved): Per-rule byte counter values lost across a filter reload
In some situations the byte counter reported by pfctl is not retained correctly across a filter reload.
It appears... Steve Wheeler
09:13 PM pfSense Docs Todo #15515 (Closed): Feedback on pfSense® software Configuration Recipes — WireGuard Site-to-Multisite VPN Configuration Example
*Page:* https://docs.netgate.com/pfsense/en/latest/recipes/wireguard-s2ms.html
*Feedback:*
Hi
you are propo... NIKOLAOS NIKOU
06:54 PM Todo #15429: Clarify descriptions for gateway recovery options
Thanks for the feedback! I do think the various related settings could use rewording and restructuring for clarificat... Marcos M
06:14 PM Bug #14083 (Resolved): Adding MSS and MTU values on a LAGG VLAN interface breaks connectivity
Marcos M
06:13 PM Bug #15502 (Resolved): Proxy variables in ``crontab`` contents are improperly formatted
Marcos M
06:11 PM Revision 74ad34bc: Avoid configuration loop with LAGG interfaces. Fix #14083
The fix to #9453 introduced a loop when configuring LAGG interfaces.
This happens when interface_lagg_configure() ult... Marcos M
06:06 PM pfSense Plus Bug #15511 (Resolved): Factory resetting the configuration removes WireGuard
Marcos M
04:02 PM pfSense Plus Bug #15511 (Feedback): Factory resetting the configuration removes WireGuard
The WireGuard package is now in the list of installed packages and won't be removed on the factory reset. Luiz Souza
05:25 PM Revision 4b9165e5: Default to an empty array for functions expecting a countable value
Do this for foreach() and count(). Marcos M
03:18 PM Revision 4eddd5ab: Correct default for 'system/acb' in write_config() to empty array instead of null
Reid Linnemann
10:34 AM Bug #14977: Kea fails to restart due to race between process termination and startup
Following up on forum post https://forum.netgate.com/topic/188337/
I am reporting this same issue. I've been using... Ricardo Mendes
07:13 AM pfSense Packages Bug #8197 (Resolved): BIND UI fails to properly update zone with inline DNSSEC signing enabled
I've tested it on 21.02.2 and on latest 24.03
I was able to reproduce this issue on 21.02.2 (BIND 9.16_17) - BIND ... Azamat Khakimyanov

05/23/2024

11:36 PM pfSense Docs Correction #15514 (Closed): Add Netgate 4200 Pre-POST Light States
The Netgate 4200 has a solid orange light while POST'ing before it reaches the boot up process. This is not document... Kris Phillips
08:24 PM Feature #15513 (Rejected): Separate the branch settings for package and system updates
Currently, the repo branch is used for both packages and system updates. The branch must be set to match the currentl... Andrew Almond
08:07 PM Feature #15476: Allow listing and switching repo branches from the CLI
The ability to change repo branches via CLI would be very useful, as we're looking to script the upgrade process acro... Andrew Almond
05:37 PM Revision 63d6bb4f: Update all direct config access with accessor functions
Marcos M
05:37 PM Revision 9f0e98bc: Refactor config upgrade to use config accessors
Marcos M
05:37 PM Revision 40052af4: Use config accessors in traffic shaper functions
Marcos M
05:37 PM Revision 26308930: Use config accessors in certificate functions
Marcos M
05:37 PM Revision 1bb9c407: Use config accessors in users and groups functions
Marcos M
05:37 PM Revision 6cbdf0e7: Remove potential direct config references when displaying form rows
The first eval() change removes the reference and has no functional
effect given that $pkg_source_txt is not modified... Marcos M
05:37 PM Revision 816fef25: Move to is_platform_booting()
The function platform_booting() is deprecated. Marcos M
05:37 PM Revision 134a8703: Move from ${var} to {$var}
The use of ${var} has been deprecated since PHP 8.2 Marcos M
05:37 PM Revision cafdc4a8: Move to date()
The function strftime() is deprecated since PHP 8.2 Marcos M
05:37 PM Revision 4c6b85be: Move to mb_convert_encoding()
The functions utf8_encode()/utf8_decode() are deprecated since PHP 8.2 Marcos M
05:37 PM Revision c1db4dea: Move to str_replace()
The function ereg_replace() is deprecated since PHP 5.3. Marcos M
05:37 PM Revision bd6f0b80: Move to preg_match()
The function ereg() is deprecated since PHP 5.3. Marcos M
05:37 PM Revision e2b0f1f8: Move to foreach()
The function each() is deprecated since PHP 7.2. Marcos M
05:37 PM Revision 189dbb7a: Move to password_hash()
Use of crypt() requires a salt since PHP 8.0. Use password_hash() to align with 8ddf2b5. Marcos M
05:37 PM Revision 2a02ef36: Remove superfluous argument
The product label was mistakenly separated in 573ec19. Now simply remove it. Marcos M
05:37 PM Revision 787a9938: Remove superfluous function arguments
Added in 0eae38c Marcos M
05:37 PM Revision 1123725d: Correctly detect changed settings
Marcos M
05:37 PM Revision fe918db8: Return a value in convert_openvpn_interface_to_friendly_descr()
Calls to this function expect a return value which is then echo'd. Marcos M
05:37 PM Revision 4ef3bed6: Correctly set duplicates limit in forms
Marcos M
05:37 PM Revision bf3d5a8a: Fix missing variable assignment in 22dbacd
Marcos M
05:37 PM Revision ad78dab5: Fix missed changes in f593f80
The argument being removed was previously used to retrieve optX
interfaces; this no longer applies. Marcos M
05:37 PM Revision b44b34d6: Fix missed changes in 0e2bed2
The "level" is determined automatically by the function. Marcos M
05:37 PM Revision f4c1a890: Fix missed changes in c618897
The function parameter was removed since it was not used. Marcos M
05:37 PM Revision 8c34ed68: Fix missed changes in 015a482
The IP Protocol is now determined automatically be the function. Marcos M
05:37 PM Revision 8eab4c32: Fix missed changes in 2aafa69
The direct value is now used instead of the constant variable. Marcos M
05:37 PM Revision 0ae0babf: Fix missed changes in the transition from ipfw to pf
Marcos M
05:37 PM Revision 1ec82c30: Fix typos and copy/paste issues
Issues found by the PHP linter mostly include typos and usage of
unassigned variables. To address these, traverse the... Marcos M
05:37 PM Revision d900b9d4: Fix PHP linter issues
Marcos M
05:37 PM Revision 01258f1e: Support adding to an array in array_set_path()
- Avoid infinite loop with empty paths.
- Support setting $value to the $arr root.
- If $path contains a trailing for... Marcos M
12:52 PM Bug #14083: Adding MSS and MTU values on a LAGG VLAN interface breaks connectivity
The client confirmed that the patch solves the issue #2754566672 Lev Prokofev
09:24 AM pfSense Plus Bug #15196: AWS ena interfaces can become unstable/stop responding
Okay, that would seem to indicate that we're not spending our CPU time in the ena driver. That's a bit unexpected, gi... Kristof Provost
03:45 AM pfSense Plus Bug #15196: AWS ena interfaces can become unstable/stop responding
Here's another dtrace from HS# 2718685720.
I'm not sure if this will be helpful or much different than the previou... Craig Coonrad
08:14 AM pfSense Plus Bug #15511: Factory resetting the configuration removes WireGuard
I couldn't reproduce this.
Tested against:
23.09
23.09.1
24.03
Is there any other specific configuration set... Danilo Zrenjanin

05/22/2024

10:06 PM Bug #14434: PPPoE WAN interface with VIPs causes continuous interface restarting
This appears to be fixed in 24.03. At least in my test setup. Can anyone who was seeing this in 23.09.1 confirm that ... Steve Wheeler
08:15 PM Bug #14434: PPPoE WAN interface with VIPs causes continuous interface restarting
I thought I would add another confirmation: I have the same symptoms on upgrade from 2.6.0 to 2.7.0
I too am using... Pete Holzmann
01:37 PM Bug #15502: Proxy variables in ``crontab`` contents are improperly formatted
tested on:
2.7.2-RELEASE (amd64)
built on Wed Dec 6 20:10:00 UTC 2023
FreeBSD 14.0-CURRENT
patch fixes the issue Georgiy Tyutyunnik
12:14 PM Feature #9617: PPPoE Static IP Configuration in GUI
I had a go at doing this, and it didn't seem to work for me, I got some other address from the ISP.
My config alre... Goat Moat
11:36 AM Feature #6626: Support for IPv6 firewall entries with dynamic delegated prefix and static host address
In addition to the previous commit, which introduced the basic ability to auto build rules on-top of dynamic prefixes... Jan-Jonas Sämann
02:22 AM pfSense Plus Bug #15196: AWS ena interfaces can become unstable/stop responding
I looked at the status output for the same case that included the dtrace. It involves high CPU and loss of network. (... Craig Coonrad
12:00 AM Bug #15411: Hostname missing from logs in certain cases can cause the system log to display in an unexpected manner
Had a customer encounter this, restarting firewall and syslogd didn't do it. Changing the lines from 2000 to 500 seem... dylan mendez

05/21/2024

07:08 PM Regression #15470: Port forward rules created by ``miniupnpd`` do not expire
Steve Wheeler wrote in #note-5:
> It's not something that can be patched at runtime but an updated pkg is available ... Bob Dig
06:42 PM Regression #15470: Port forward rules created by ``miniupnpd`` do not expire
It's not something that can be patched at runtime but an updated pkg is available in 24.03:... Steve Wheeler
04:39 PM Regression #15470: Port forward rules created by ``miniupnpd`` do not expire
Marcos M wrote in #note-3:
> With the fix, port mappings correctly automatically expire and can be removed on client... Bob Dig
04:32 PM Feature #15512 (New): Outbound NAT is missing "interface" and "Invert match" as source
Outbound NAT is missing interface and Invert match as source.

With both available, one could easily create outbou... Bob Dig
02:57 PM Regression #15094: Updates fail against an authenticated upstream proxy
Fixed upstream, will be in the next pkg release Brad Davis
02:23 PM Revision 0c1496a4: With pkg switching to curl the format of the auth string has changed
Brad Davis
12:38 PM pfSense Plus Bug #15196: AWS ena interfaces can become unstable/stop responding
This was on a VM that was manifesting the problem (i.e. elevated CPU use and loss of connectivity) at the time the dt... Kristof Provost

05/20/2024

11:56 PM pfSense Plus Bug #15511 (Closed): Factory resetting the configuration removes WireGuard
Resetting the configuration to factory defaults removes the WireGuard package. This package should be kept given that... Marcos M
11:08 AM pfSense Plus Bug #15509: Debian OpenVPN client breaks the connections
Sorry, was problem with network. Evgeny Korostelev
05:19 AM pfSense Plus Bug #15509 (Not a Bug): Debian OpenVPN client breaks the connections
After applying patch https://redmine.pfsense.org/issues/15440, the OpenVPN client on Debian 11 breaks the connection ... Evgeny Korostelev
10:06 AM pfSense Docs Todo #15510 (Closed): Certificate Management navigation breadcrumbs
*Page:* https://docs.netgate.com/pfsense/en/latest/certificates/index.html
*Feedback:* The navigation breadcrumbs ... Jared Silva

05/19/2024

12:12 PM pfSense Packages Bug #11274 (Resolved): ntopng https web server does not present full certificate chain
I was able to reproduce this issue on 21.02.2: I didn't see full certificate chain when I opened NtopNG web page.
... Azamat Khakimyanov
11:20 AM Bug #15508 (Rejected): pfSense breaks after changing System Domain Local Zone Type to Redirect if host overrides or static DHCP leases exist
Changing System Domain Local Zone Type to Redirect will break the management interface entirely if host overrides or ... Lukáš Mojžíš
01:19 AM pfSense Packages Bug #15507: Wireguard stuck interface on boot
oh and the bad thing about this, is that if you restore from backup config file then you'll also migrate whatever the... mrpops2ko .
01:18 AM pfSense Packages Bug #15507 (New): Wireguard stuck interface on boot
i'm sure this has been reported before but it seems all those have been marked as resolved but this still occurs for ... mrpops2ko .
01:01 AM Bug #15490: Sanitize RFC 2136 Dynamic DNS update keys in ``status.php`` output
I can confirm this behavior on 24.03. Kris Phillips
12:57 AM Regression #15430: Interface-bound state policy does not handle IPsec VTI traffic as expected when filtering on ``enc0`` interface
Ran into an issue today with inconsistency here. When trying to upload a file to a web page's PHP-based upload funct... Kris Phillips
12:51 AM Bug #13565: LOR on Boot for Static Routes Startup Item in KVM environment
This redmine can be closed as these messages are no longer present in any release. Kris Phillips
12:50 AM pfSense Plus Bug #12759: Proprietary packages link to non-existant or non-public github pages
Testing this on 24.03, this seems to be less of an issue since it looks like the FreeBSD-ports tree has empty/blank p... Kris Phillips

05/18/2024

08:07 PM pfSense Plus Feature #15506 (Duplicate): GEOM mirrors from previous UFS installs break ability to install with ZFS RAIDZ1 "No Disks Available"
This is similar to the problems with the offline installer as outlined here, but is also relevant to the netinstaller... Kris Phillips
04:58 PM Revision 577cd0eb: Set correct value when toggling CARP maintenance
Marcos M
12:47 PM Bug #15449: IPsec VTI static routes may not be added after the system boots
Another customer is experiencing related issues, see https://forum.netgate.com/topic/188214/vti-gateways-in-24-03 beg... Larry Fahnoe
12:22 PM Bug #15449: IPsec VTI static routes may not be added after the system boots
I used customer's status output file to create the same config on my lab (as Lev done) but I still wasn't able to rep... Azamat Khakimyanov
12:01 PM pfSense Packages Bug #15505 (New): Traffic graphs inaccurate when using Limiters (FQ_CODEL)
this has been ongoing for over a year now, i'm not sure what the issue is.
in short what happens is the traffic g... mrpops2ko .
05:42 AM Feature #15504: PPPoE support for online installer
Net installer with PPPoE support is under development. Lev Prokofev
04:27 AM Feature #15504 (Duplicate): PPPoE support for online installer
The new installer requires internet access to function, but for some of us we rely on PPPoE in order to get a WAN con... mrpops2ko .

05/17/2024

09:13 PM pfSense Plus Bug #15196: AWS ena interfaces can become unstable/stop responding
Chris W wrote in #note-15:
> HS# 2718685720 is a 24.03 guest which was upgraded from 23.09.1. Only when on 24.03 did... Chris W
02:19 PM pfSense Plus Bug #15196: AWS ena interfaces can become unstable/stop responding
new case #2733381806
client will run the script when able to Georgiy Tyutyunnik
02:04 PM pfSense Packages Feature #15501: Squid COSS filesystem
Correction: per developer response
“Squid does not support COSS cache_dirs since v3.5. If Squid in question does ... Jonathan Lee
01:30 PM Bug #15502 (Feedback): Proxy variables in ``crontab`` contents are improperly formatted
Applied in changeset commit:45419ed469e182e97b72f534ff4a79b6f531b06e. Anonymous
01:23 PM Bug #15502 (Pull Request Review): Proxy variables in ``crontab`` contents are improperly formatted
MR: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/1150 Jim Pingle
01:30 PM Bug #15471: Memory leak in pfSense module function ``pfSense_get_ifaddrs()``
A quick test of the function looks good compared to my previous tests, but I'd prefer to keep this open for now until... Jim Pingle
01:24 PM Revision 45419ed4: Add newlines to crontab proxy variables. Fixes #15502
Steve Wheeler
01:23 PM Bug #15503: udp6_bind kernel panic
I took a very quick look. The faulting code in6_pcbbind+0x360 translates to /var/jenkins/workspace/pfSense-CE-snapsho... Kristof Provost
12:39 PM Bug #15503 (New): udp6_bind kernel panic
We have seen a few reports of kernel panics with services attempting to listen for requests on link-local IPv6 addres... Steve Wheeler
08:31 AM Bug #15009: System>Update page menu uses incorrect internal URL
I have the same issue after reboot the update menu is pointing again to the other location. https:/.../pkg_mgr_insta... Willem-Jan v R
07:05 AM Bug #15366: Ethernet rules are not blocking the ARP inside the bridge
I retested this with 24.03 with the Interface Bound States enabled, and the result was exactly the same. Lev Prokofev

05/16/2024

11:06 PM pfSense Packages Feature #15501: Squid COSS filesystem
“The Cyclic Object Storage Scheme (costs) is an attempt to develop a custom file system for Squid.”
Ref: squid the... Jonathan Lee
09:53 PM pfSense Packages Feature #15501 (Rejected): Squid COSS filesystem
Hello Coss is missing from the new Squid package it is not listed as an option. This should work great with Squid 6.6... Jonathan Lee
10:06 PM Bug #15502 (Resolved): Proxy variables in ``crontab`` contents are improperly formatted
On systems with an upstream proxy configured lines are added to the crontab so commands run there see the appropriate... Steve Wheeler
06:15 PM pfSense Plus Bug #15196: AWS ena interfaces can become unstable/stop responding
HS# 2718685720 is a 24.03 guest which was upgraded from 23.09.1. Only when on 24.03 did the problem begin, however. Chris W
08:14 AM pfSense Plus Bug #15196: AWS ena interfaces can become unstable/stop responding
There's still very little to go on here.
Let's start by seeing if we can identify what's causing the high CPU load... Kristof Provost
04:32 PM Bug #15500 (New): Hanging connections with failing over to high availability node when floating rule is matched in >= 2.7.1
- Two freshly installed instances, both with identical hardware running pfSense 2.7.0
- Each with 3 interfaces ass... shane shane
04:16 PM Bug #15066 (Duplicate): PHP allocation failure in pfsense-utils.inc
The root issue here is probably #15471. The function @get_interface_info(@) ends up calling @get_interface_addresses(... Marcos M
03:49 PM pfSense Packages Bug #7039: HAProxy backend configuration does not handle intermediate CAs properly
almost 3 years later I have the same problem.
The PR does not seem to be in the current package versions (0.63_2). Dennis Neuhaeuser
01:23 PM Bug #15471: Memory leak in pfSense module function ``pfSense_get_ifaddrs()``
Was able to reproduce on 24.03 and 2.7.2 CE via calling the leaking function in endless loop.
tested on:
Version 2.8... Georgiy Tyutyunnik
11:32 AM Bug #15449 (Confirmed): IPsec VTI static routes may not be added after the system boots
Steve Wheeler

05/15/2024

03:41 PM pfSense Plus Bug #15499: Manually verifying the boot environment makes config changes
See: https://forum.netgate.com/topic/188179/24-03_1-traffic-graphs-does-not-keep-its-configuration Steve Wheeler
03:36 PM pfSense Plus Bug #15499 (New): Manually verifying the boot environment makes config changes
If a user connects to the webgui before the automatic BE verification has run at boot they are presented with the man... Steve Wheeler
03:21 PM pfSense Docs Todo #15497: Add a bit more context to Gateway monitoring Action
I agree that more details about gateway monitoring actions would be helpful.
Expanding on this, it would be helpfu... Andrew Almond
01:05 PM pfSense Packages Feature #15498 (Rejected): Add speedtest-cli to packages
While some find it useful, it isn't a great metric and it is not a practice we want to encourage. Anyone that wants t... Jim Pingle
03:28 AM Regression #14833: OpenVPN client process in bridged tap mode fails after 2.7.0 CE upgrade
Confirm pfSense 2.7.2. I set up the Openvpn bridge on a clean configuration. When changing the parameters of the Open... admin admin

05/14/2024

10:10 PM pfSense Packages Feature #15498 (Rejected): Add speedtest-cli to packages
I've been using the dashboard widget created by Leon Straathof on several pfSense instances and it works great.
http... Andrew Almond
09:42 PM pfSense Packages Feature #15397: Wazuh Agent
Adding Wazuh to packages would be nice. I'm using it on several instances of pfSense with no issues. Andrew Almond
06:26 PM Revision a976c08c: Reapply "Add zsh to the list of packages to build"
This reverts commit 3d4cab4078a9276446d847612c97a52c328fd965.
The plist fix has landed and merged from upstream Brad Davis
01:48 PM pfSense Docs Todo #15497 (Closed): Add a bit more context to Gateway monitoring Action
https://docs.netgate.com/pfsense/en/latest/routing/gateway-configure.html
Section:Disable Gateway Monitoring Actio... Mike Moore
01:39 PM pfSense Packages Bug #15496: Traffic Totals: empty Data Summary
I've removed the database, and restarted vnstatd. After it obtained some data again I do get the Data Summary values ... Kristof Provost
01:22 PM pfSense Packages Bug #15496: Traffic Totals: empty Data Summary
Kristof Provost wrote in #note-4:
> The relevant package has been installed for a very long time, so it's not a lack... Jim Pingle
01:15 PM pfSense Packages Bug #15496: Traffic Totals: empty Data Summary
The relevant package has been installed for a very long time, so it's not a lack of data at least.
Interestingly i... Kristof Provost
12:28 PM pfSense Packages Bug #15496: Traffic Totals: empty Data Summary
I can't reproduce any issue here currently. Seems to be OK on Plus 24.03 amd64 and arm64, and CE 2.8 Snapshots (at le... Jim Pingle
11:38 AM pfSense Packages Bug #15496: Traffic Totals: empty Data Summary
This was observed on 24.03, on an 2100. Kristof Provost
11:38 AM pfSense Packages Bug #15496 (New): Traffic Totals: empty Data Summary
The traffic totals page (i.e. the vnstat output) shows the traffic graph (with what appears to be correct data), but ... Kristof Provost

05/13/2024

10:10 PM pfSense Plus Bug #15196: AWS ena interfaces can become unstable/stop responding
Another instance. HS# 2718685720 Craig Coonrad
06:56 PM pfSense Packages Bug #15061 (New): acme.sh nsupdate with challengealias is failing in certain cases
Change reverted.
 Jim Pingle
09:21 AM pfSense Packages Bug #15061: acme.sh nsupdate with challengealias is failing in certain cases
Hi.
For me, this was working for years and now it stopped.
See forum for more info: https://forum.netgate.com/top... Greg M

05/12/2024

02:47 AM Feature #15492: Test if storage/eMMC is actually writable underneath ZFS
I can confirm that if the eMMC controller is alive, but the flash chips refuse to accept writes, there is no messages... Kris Phillips
02:45 AM Regression #15030: Keymap Layout Options No Longer Provided
Of note the Netgate Installer also is affected by this. Keyboard layout doesn't appear to be a prompted item, which ... Kris Phillips
02:43 AM Regression #15430: Interface-bound state policy does not handle IPsec VTI traffic as expected when filtering on ``enc0`` interface
I can confirm this behavior.
Given that VTIs under the default filter mode with the default firewall rules will ... Kris Phillips
02:40 AM pfSense Plus Bug #15303: dpinger service does not always switch from Pending to Online
To summarize current ways this happens:
1. VTI tunnels
2. OpenVPN Client or Server interfaces that are assigned t... Kris Phillips
01:14 AM pfSense Plus Bug #14005: SFP Interfaces not available with Traffic Shaper in v23.01
shaping may not be supported on that driver and/or additional 'tuning' could be required, intel based sfp's (ix drive... Jordan G
12:53 AM pfSense Plus Bug #14401 (Feedback): Changing from Switchport to Discrete Interface in VGA/Serial Console Breaks Port Status Monitoring
7100 on 24.03, reassigning WAN or LAN to ix0/1 from the console appears correctly adjust the port monitoring such tha... Jordan G
12:24 AM pfSense Plus Regression #15494 (Confirmed): Reinstall Packages button reports another instance of ``pfSense-upgrade`` is running
I am seeing the same on... Christopher Cope
12:06 AM Bug #15495 (Closed): Upgrade fails on upstream bectl bug
System: Netgate 6100
Online upgrade to 24.03. (HS# 2584018971)... Craig Coonrad

05/11/2024

05:02 PM pfSense Plus Regression #15494 (Resolved): Reinstall Packages button reports another instance of ``pfSense-upgrade`` is running
Diagnostics>Backup&Restore>Reinstall packages button, after hitting confirm, eventually displays "Another instance of... Jordan G
04:40 PM Bug #15493 (New): Kea sometimes provides an IP from the DHCP pool despite static mappings
Tested on... Christopher Cope
04:07 PM Bug #14933: Traffic Graph widget displays bandwidth usage values which are half the actual usage amount
Steve Wheeler wrote in #note-12:
> https://github.com/pfsense/pfsense/pull/4677
I tested the patch against the:
<pr... Danilo Zrenjanin
03:47 PM Bug #14083: Adding MSS and MTU values on a LAGG VLAN interface breaks connectivity
That patch appears to have done the trick, we have successfully booted completely with MTU/MSS values in place. Steve N
12:16 AM Bug #14083 (Pull Request Review): Adding MSS and MTU values on a LAGG VLAN interface breaks connectivity
Marcos M
12:16 AM Bug #14083: Adding MSS and MTU values on a LAGG VLAN interface breaks connectivity
The looping issue seems to be triggered when there are at least two assigned VLAN interfaces with a LAGG parent, and ... Marcos M
03:19 PM Regression #15439 (Confirmed): Incorrect icon on collapsed dashboard widgets
I can confirm this on:... Danilo Zrenjanin
03:04 PM pfSense Packages Regression #15469 (Confirmed): RRD Graphs height is smaller than expected
I can confirm this behavior on:... Danilo Zrenjanin
07:39 AM pfSense Packages Bug #15385 (Confirmed): PHP crash when exporting Apple profile, while IPsec P1 authentication method set to "Mutual Certificate"
I can replicate this issue.
Tested against:... Danilo Zrenjanin

05/10/2024

10:54 PM pfSense Plus Bug #15472: potential bug with the ath driver
Side note this does not occur when "only" 802.11A is running. Example using Channel 165 Jonathan Lee
08:07 PM Feature #15492: Test if storage/eMMC is actually writable underneath ZFS
And/or Netgate Installer can test this. Steve Y
06:25 PM Feature #15492 (New): Test if storage/eMMC is actually writable underneath ZFS
It seems ZFS allows users to think their storage is writable even if it isn't:
https://forum.netgate.com/topic/18795... Steve Y
08:02 PM Regression #15470 (Resolved): Port forward rules created by ``miniupnpd`` do not expire
With the fix, port mappings correctly automatically expire and can be removed on client request. Marcos M
07:20 PM Bug #14000: PHP error with xmlrpc
Jim Pingle wrote in #note-1:
> This is from an external utility hitting XMLRPC, most likely the Home Assistant integr... Roger Fedor
06:12 PM pfSense Docs Todo #15491 (New): Document dynamic gateway creation
One may wish to create a dynamic gateway before the link is provisioned. This is possible by creating a gatewway with... Marcos M
05:09 PM pfSense Docs Todo #15479 (Closed): Feedback on DNS — Creating Wildcard Records in DNS Forwarder/Resolver
That isn't quite true exactly as stated, but I added some text to clarify what is happening in those cases and how to... Jim Pingle
05:00 PM pfSense Docs Correction #15473 (Closed): Feedback on pfSense® software Configuration Recipes — Blocking External Client DNS Queries: Firefox
It's clear as is -- that's what the "by default" part of that sentence means -- but I added a little more text to mak... Jim Pingle
04:38 PM Bug #15487 (Not a Bug): Unable to ping nodes in remote side of tailscale
Doesn't seem like there is an actionable bug here. It may just not be compatible with tailscale in the way you're try... Jim Pingle
04:35 PM Bug #15486 (Duplicate): Unable to run Packet Captures on a tailscale interface in GUI on 2.7.2
It's already fixed in the repo, there is nothing more to fix. We could maybe add a patch for that to system patches f... Jim Pingle
04:34 PM Feature #15488: Add link from "Tracking ID" when editing a firewall rule to firewall logs filtered for that ID
N.B. whoever implements this, it would have to utilize @usepost@ so it properly submits the form data, it can't just ... Jim Pingle
09:44 AM Feature #15488 (New): Add link from "Tracking ID" when editing a firewall rule to firewall logs filtered for that ID
Dear Brilliant pfSense DevTeam!
IDEA
Click on “Tracking ID” value on Rule edit page lead to open *Status* / *Syst... Sergei Shablovsky
04:26 PM Bug #15490: Sanitize RFC 2136 Dynamic DNS update keys in ``status.php`` output
Specifically the tag is @<keydata>@ that should be sanitized. (@dnsupdates/dnsupdate/<idx>/keydata@) Jim Pingle
03:53 PM Bug #15490 (Resolved): Sanitize RFC 2136 Dynamic DNS update keys in ``status.php`` output
The keys inside the <dnsupdates> should be sanitized because restoring the client's config for test purposes can caus... Lev Prokofev
02:53 PM Feature #15489 (New): Login email notification
Please consider adding a Login email notification option in System\Advanced João Matos
01:26 PM pfSense Plus Bug #15418: Incorrect links to edit static mapping and WOL on DHCPv6 leases (status_dhcpv6_leases.php). URL parameter values missing.
I couldn't replicate this either:
I can see the correct URL parameters "if" and "id." ... Danilo Zrenjanin
05:32 AM Bug #15449: IPsec VTI static routes may not be added after the system boots
I finally replicated the issue by restoring the config from the status output file, the root cause is still unknown h... Lev Prokofev
12:40 AM pfSense Plus Bug #15196: AWS ena interfaces can become unstable/stop responding
Another customer in ticket 2706080899 with this issue. Kris Phillips

05/09/2024

11:14 PM Revision 63419d38: Add a speedtest alternative written in go
Brad Davis
09:39 PM Bug #15487 (Not a Bug): Unable to ping nodes in remote side of tailscale

Unable to ping IPs in remote side of tailscale if I selected the source IP address while it is working with automat... Alhusein Zawi
09:24 PM Bug #15486 (Duplicate): Unable to run Packet Captures on a tailscale interface in GUI on 2.7.2

while this issue was fixed in 24.03 , it is still appearing in 2.7.2
related to https://redmine.pfsense.org/iss... Alhusein Zawi
08:06 PM Bug #15413 (Feedback): Kernel panic in HA nodes when under high load
What is hoped to be the fix has been merged to our branches. Kristof Provost
08:05 PM Bug #15481 (Feedback): File descriptor leak in ``bsnmpd``
And that's been merged to our branches. Kristof Provost
12:16 PM Bug #15481: File descriptor leak in ``bsnmpd``
Upstream fix: https://cgit.freebsd.org/src/commit/?id=f1612e7087d7c3df766ff0bf58c48d02fb0e2f6d Kristof Provost
10:07 AM Bug #15481 (Resolved): File descriptor leak in ``bsnmpd``
A user reports seeing an unusual increase in the number of running processes.
The extra processes are all kernel/net... Kristof Provost
08:03 PM pfSense Packages Todo #15484: Show more characters of the Description column in the WireGuard peer tables
Also, if you must truncate the Description cells, then when I hover over a truncated Description cell, it should show... Jeremy  99
07:41 PM pfSense Packages Todo #15484 (New): Show more characters of the Description column in the WireGuard peer tables
When viewing the table of WireGuard peers, some columns are truncated to make them all fit. I think the most importa... Jeremy  99
08:00 PM pfSense Packages Todo #15485 (New): Usability and consistency of the WireGuard peer tables
Suggestions to make the WireGuard Peer tables a bit more usable:
1) Make the tables sortable. I have 30 Peers and... Jeremy  99
07:33 PM Bug #14083: Adding MSS and MTU values on a LAGG VLAN interface breaks connectivity
Sorry, I didn't get notified of your latest post. I take it the patch did NOT resolve the issue then, but you've iden... Steve N
12:51 AM Bug #14083: Adding MSS and MTU values on a LAGG VLAN interface breaks connectivity
Thanks for the feedback - hopefully we'll have some better luck reproducing the issue now. In the meantime if it's no... Marcos M
05:59 PM pfSense Plus Bug #15196: AWS ena interfaces can become unstable/stop responding
another ticket with this issue
#2694269097 Georgiy Tyutyunnik
01:39 PM Bug #15482 (Rejected): NTP logic
What you're describing would need to be a change made in the NTP daemon behavior, which is out of our control. Probab... Jim Pingle
12:58 PM Bug #15482 (Rejected): NTP logic
it seems to be the case that NTP back end interface querying is hierarchical and if the first rule it encounters fail... mrpops2ko .
01:15 PM Todo #15483: Update Unbound to 1.22.0
If you "read the details":https://nlnetlabs.nl/news/2024/May/08/unbound-1.20.0-released/ that isn't really a vulnerab... Jim Pingle
01:10 PM Todo #15483 (Resolved): Update Unbound to 1.22.0
Update Unbound to version 1.20.0, as this newest version contains a fix for the DNSBomb vulnerability CVE-2024-33655. Glenn Hall
12:34 PM Feature #15478 (Duplicate): Rule Seperators for NAT Rules.
Duplicate of #7781 Jim Pingle
12:33 PM Bug #15480 (Rejected): IX polling driver
Polling was removed because it was no longer useful on modern hardware the way it worked in the OS, which is still tr... Jim Pingle
02:13 AM Bug #15480 (Rejected): IX polling driver
hello i tried searching for this but found little information
this polling man page
https://man.freebsd.org/cgi/... mrpops2ko .
12:21 PM Regression #15470 (Feedback): Port forward rules created by ``miniupnpd`` do not expire
I've updated miniupnpd to the latest version and adjusted the libpfctl patch in https://gitlab.netgate.com/pfSense/Fr... Kristof Provost
12:19 PM Bug #15471 (Feedback): Memory leak in pfSense module function ``pfSense_get_ifaddrs()``
We array_init() 'addr' (which causes PHP to allocate memory), but potentially
break out before adding 'addr'... Kristof Provost
07:07 AM Bug #15449: IPsec VTI static routes may not be added after the system boots
I'm not able to replicate it on 24.03. Lev Prokofev
06:40 AM Bug #15449: IPsec VTI static routes may not be added after the system boots
Ticket for reference #2703470963 the SOs and steps included. Lev Prokofev
12:57 AM pfSense Docs Todo #15479: Feedback on DNS — Creating Wildcard Records in DNS Forwarder/Resolver
edit: oh it does mention it, but more so in the DNS MASQ section, when i was doing this for unbound
i wonder if th... mrpops2ko .
12:54 AM pfSense Docs Todo #15479 (Closed): Feedback on DNS — Creating Wildcard Records in DNS Forwarder/Resolver
*Page:* https://docs.netgate.com/pfsense/en/latest/services/dns/wildcards.html
*Feedback:*
can we suggest that ... mrpops2ko .

05/08/2024

11:46 PM Bug #14083: Adding MSS and MTU values on a LAGG VLAN interface breaks connectivity
This behavior started for me when I moved to 23.05 and persists through 24.03, and is actually worse on 24.03 than it... Steve N
11:20 PM Bug #14083 (Feedback): Adding MSS and MTU values on a LAGG VLAN interface breaks connectivity
Part of the issue here has been solved with #9453. Some situations remain where things can break - see: https://redmi... Marcos M
11:30 PM Bug #9453: Reconfiguring a parent LAGG interface breaks its VLANs
Correct, 7100. I have uploaded the status report as well. Steve N
11:25 PM Bug #9453: Reconfiguring a parent LAGG interface breaks its VLANs
Presumably you're running into this issue on a 7100; I've reopened that one for additional feedback. It would be help... Marcos M
10:51 PM Bug #9453: Reconfiguring a parent LAGG interface breaks its VLANs
I don't even know how I would assign and disable the interface, my bug was actually https://redmine.pfsense.org/issue... Steve N
10:35 PM Bug #9453: Reconfiguring a parent LAGG interface breaks its VLANs
@Steve N
Do you have the parent lagg interface assigned and disabled? See:
https://redmine.pfsense.org/issues/15452 Marcos M
11:10 PM Bug #15452: Unexpected/Undefined behaviour of disabled interfaces
Some parent interfaces like LAGGs are configured separately from the assigned interfaces page. The undefined behavior... Marcos M
10:26 PM Regression #15470: Port forward rules created by ``miniupnpd`` do not expire
Steve Wheeler wrote:
> Testing in 24.03 on a 3100 I added some test values with a 3600s lifetime:
> [...]
>
> 15... Wyatt Childers
10:07 PM Feature #15478 (Duplicate): Rule Seperators for NAT Rules.
Just as there are options for Labeled & Colored rule separators for organization in the Firewall Rules Web UI, can we... Jeff Kuehl
08:24 PM pfSense Plus Bug #15472: potential bug with the ath driver
Compex WLE200NX Jonathan Lee
02:49 AM pfSense Plus Bug #15472: potential bug with the ath driver
Attached is swap crash report Jonathan Lee
02:47 AM pfSense Plus Bug #15472: potential bug with the ath driver
Support ticket 2701044255  Jonathan Lee
02:46 AM pfSense Plus Bug #15472 (New): potential bug with the ath driver
I am having crash and system panics when the ath driver goes full tilt. I didn’t notice it until recently with change... Jonathan Lee
08:22 PM pfSense Packages Feature #11837: Increase field length of FRR Networks in Access Lists and Prefix Lists
Jim (or anyone from the team), can we get this fixed?
If I knew how to expand the windows in PHP (or even knew PHP)... Mike Moore
04:32 PM Feature #15476 (New): Allow listing and switching repo branches from the CLI
Currently you can only set the current update repo branch from the webgui. Since upgrades now require opting into the... Steve Wheeler
04:14 PM Bug #15449: IPsec VTI static routes may not be added after the system boots
So on one of the 4200s running 24.03 I have done the following:
1. Deleted static route to 192.168.5.0/24
2. Deleted... Larry Fahnoe
04:11 PM Bug #15449 (Incomplete): IPsec VTI static routes may not be added after the system boots
Marcos M
06:56 AM Bug #15449: IPsec VTI static routes may not be added after the system boots
I've tested on 23.09.1
- I've added disabled WAN gateway which is not in the same subnet as a real WAN subnet is
-... Azamat Khakimyanov
04:04 PM pfSense Docs New Content #15475 (Rejected): Connect to console index page on ddocs
Create a "Connect to console" index page with instructions for all Netgate models and add it to the Net Installer page. dylan mendez
04:01 PM pfSense Plus Feature #15474 (New): Support for VRRP
FreeBSD supports the VRRP protocol.
Would it be possible to have VRRP replace CARP as a FHRP(first hop redundancy pr... Mike Moore
10:00 AM pfSense Docs Correction #15473 (Closed): Feedback on pfSense® software Configuration Recipes — Blocking External Client DNS Queries: Firefox
*Page:* https://docs.netgate.com/pfsense/en/latest/recipes/dns-block-external.html
*Feedback:*
The pfSense docu... Jared Silva

05/07/2024

05:13 PM Bug #9453: Reconfiguring a parent LAGG interface breaks its VLANs
Steve Wheeler wrote in #note-16:
> I can't replicate that in 24.03. Setting the lagg0 interface MTU (after assigning... Steve N
03:32 PM Bug #15466 (Needs Patch): Kea does not send a subnet mask in its inform response when requested by a client that isn't requesting an address allocation
As far as I can see this may be a bug in Kea itself you may need to report upstream. The configuration appears to be ... Jim Pingle
03:21 PM Bug #15328 (Confirmed): Changes in Kea DHCP interface pools may invalidate lease database content
This appears to be a known issue in Kea, their documentation even warns about it:
https://kea.readthedocs.io/en/ke... Jim Pingle
02:32 PM pfSense Packages Bug #15459 (Closed): Memory leak affecting ``lcdproc_client.php``, eventually hits PHP memory limit and crashes
I made some optimizations to the LCDProc client code to help here but the memory leak issue is still the primary root... Jim Pingle
02:30 PM Bug #15471 (Resolved): Memory leak in pfSense module function ``pfSense_get_ifaddrs()``
Moving this over from #15459 since it does not appear to be a problem in LCDProc but in the base system pfSense PHP m... Jim Pingle
01:42 PM Regression #15470 (Resolved): Port forward rules created by ``miniupnpd`` do not expire
Testing in 24.03 on a 3100 I added some test values with a 3600s lifetime:... Steve Wheeler

05/06/2024

07:19 PM pfSense Packages Regression #15469 (Confirmed): RRD Graphs height is smaller than expected
At some point between Plus 23.09.1 and 24.03 the height of RRD graphs shrank. Might be from the jQuery update but it'... Jim Pingle
06:12 PM pfSense Packages Bug #15459: Memory leak affecting ``lcdproc_client.php``, eventually hits PHP memory limit and crashes
Drilling down into the affected functions above, they all call @pfSense_get_ifaddrs()@ one or more (or many!) times a... Jim Pingle
06:08 PM Feature #15461: Support GRE Tunnel Key
Feature Request sent to FreeBSD: https://forums.freebsd.org/threads/feature-request-gre-tunnel-in-bound-key.93358/ David Bojnansky
05:33 PM Feature #15461: Support GRE Tunnel Key
Ok, in fact I need mainly the outbound key. Can you implement it at least partly for now?
Thanks for the response. David Bojnansky
12:51 PM Feature #15461 (Needs Patch): Support GRE Tunnel Key
Support for GRE keys is not complete in FreeBSD at this time. FreeBSD GRE allows configuring an outbound key but not ... Jim Pingle
06:05 PM pfSense Packages Feature #15468 (New): IS-IS protocol support
FRR supports IS-IS.
I assume the FRR version on pfSense already supports so we just need a PHP wrapper for the GUI.
... Mike Moore
03:38 PM pfSense Docs Correction #15467 (Rejected): Feedback on pfSense® software Configuration Recipes — Configuring CoDel Limiters for Bufferbloat
1. There are many other protocols besides TCP/IP which can consume large amounts of bandwidth, such as ESP for IPsec.... Jim Pingle
02:36 PM pfSense Docs Correction #15467 (Rejected): Feedback on pfSense® software Configuration Recipes — Configuring CoDel Limiters for Bufferbloat
*Page:* https://docs.netgate.com/pfsense/en/latest/recipes/codel-limiters.html
*Feedback:*
hi i would like to s... mrpops2ko .
03:37 PM pfSense Plus Bug #15460: Kernel routing SPD Database gets “supenetted” wrong from multiple P2’s
Hi Jim. I stand corrected for calling it a bug. Thanks for Clarifying how this actually works in the Kernel.
Reord... Tue Madsen
12:21 PM pfSense Plus Bug #15460 (Not a Bug): Kernel routing SPD Database gets “supenetted” wrong from multiple P2’s
There are two things that could be a factor here and either one could be affecting it, but neither is a bug.
1. Th... Jim Pingle
02:50 PM Bug #15413: Kernel panic in HA nodes when under high load
The backtrace address shows we're crashing in `if (PF_ANEQ(pd->src, &nk->addr[pd->sidx], pd->af) ||`. That likely mea... Kristof Provost
01:22 PM Feature #14437 (Pull Request Review): Add DynDNS Provider - Hetzner
Jim Pingle
09:42 AM Bug #15466 (Needs Patch): Kea does not send a subnet mask in its inform response when requested by a client that isn't requesting an address allocation
I am using a mac with macos 14.4.1 and pfsense 2.7.2.
When using DHCP on my mac, everything works fine. I do get t... Oliver Mueller

05/05/2024

04:58 PM Bug #14977: Kea fails to restart due to race between process termination and startup
I just switched to kea and am seeing the service get marked as stopped while the process is still running. Same socke... Dean Arnold
02:27 AM pfSense Packages Bug #14427 (Resolved): LLDPD & LADVD permissions with RAM Disks
working in 24.03 :D Jordan G
02:16 AM Bug #15366: Ethernet rules are not blocking the ARP inside the bridge
With the new strict interface filtering in 24.03, has this been re-tested and confirmed to still exist? Kris Phillips
02:03 AM pfSense Plus Bug #15463 (Closed): New admin user is not shown the console menu on SSH login
Chris W
02:02 AM pfSense Plus Bug #15463 (Not a Bug): New admin user is not shown the console menu on SSH login
Chris W
12:26 AM pfSense Plus Bug #15463: New admin user is not shown the console menu on SSH login
Additional users will need to use sudo to perform actions with root privilege, and the sudo package can be installed ... Chris W
01:52 AM pfSense Packages Bug #15451: Cannot remove package
start with the documentation, check the forums if you're still having issues....
https://docs.netgate.com/pfsense/... Jordan G

05/04/2024

11:33 PM pfSense Plus Bug #15418: Incorrect links to edit static mapping and WOL on DHCPv6 leases (status_dhcpv6_leases.php). URL parameter values missing.
Tested this with DHCPv6 upstream with a delegated prefix. I wasn't able to reproduce this on 24.03.
When adding... Kris Phillips
11:25 PM pfSense Plus Bug #15463: New admin user is not shown the console menu on SSH login
Kris Phillips wrote in #note-1:
> This is expected behavior. Only the admin user account will have the pfSense menu... João Matos
10:40 PM pfSense Plus Bug #15463: New admin user is not shown the console menu on SSH login
This is expected behavior. Only the admin user account will have the pfSense menu present iself on login.
To la... Kris Phillips
05:42 PM pfSense Plus Bug #15463 (Closed): New admin user is not shown the console menu on SSH login
A new admin user is not shown the console menu on SSH login.
The new admin user in question has the same effective p... João Matos
10:33 PM Bug #15452: Unexpected/Undefined behaviour of disabled interfaces
this can be triggered by changing MTU on disabled parent LAGG ala XG-7100 @ 24.03 and lower Jordan G
09:16 PM Todo #15465 (Resolved): Update dnsmasq to version 2.90
Apple (and likely others) are using a relatively new type of DNS record.
*Service binding and parameter specificat... Craig Coonrad
07:04 PM Feature #15464: Allow Installer to install CE even if NDI detects as Plus
+1 Elvis Impersonator
05:42 PM Feature #15464 (New): Allow Installer to install CE even if NDI detects as Plus
Some people would prefer to revert to CE.
https://forum.netgate.com/topic/187943/what-happened-to-the-ce-downloads/8 Steve Y
04:53 PM pfSense Plus Feature #15462 (New): Feature request: Allow possibility of copying above separators when copying rules from one interface to another
Allow possibility of copying above separators when copying rules from one interface to another. João Matos
04:44 PM Bug #13237: dhcp6c script cannot be executed safely
I ran across this again in 24.03 when applying a save to the WAN interface. ... Denny Page
02:51 PM Bug #14977: Kea fails to restart due to race between process termination and startup
Jim Pingle wrote in #note-5:
>
> Any hints as to what might have led to it being in the broken state? I tried al... Yuri Weinstein
01:40 PM pfSense Packages Bug #15457: HAproxy disable zero copy forwarding
This is fixed in HAProxy 2.9.2: https://github.com/haproxy/haproxy/issues/2395#issuecomment-1889864836
Currently 2.9... Christopher Cope
08:52 AM Bug #15116: Kea not working with UEFI HTTPBoot URL configured
If I understand correctly there should be option 93 like ... Lev Prokofev
08:35 AM Feature #15461 (Needs Patch): Support GRE Tunnel Key
Hello,
is it possible to implement GRE Tunnel Key according to RFC1701 ( https://datatracker.ietf.org/doc/html/rfc... David Bojnansky
07:41 AM Bug #14261 (Closed): Trim white space in a DHCP Leases page search field
I can confirm it's working as Jim recommended.
Trim is applied only when the "IP Address," "MAC Address," or "Host... Danilo Zrenjanin
07:22 AM Bug #15130: Kea will not start with identical MAC address filters on multiple interfaces
Tested against:... Danilo Zrenjanin
04:49 AM Bug #15228: User manger fails to display certificate option for a new user in case of input error
It is still the issue on 24.03
!clipboard-202405040849-pk7ae.png!
 Lev Prokofev

05/03/2024

10:23 PM pfSense Plus Bug #15460 (Not a Bug): Kernel routing SPD Database gets “supenetted” wrong from multiple P2’s
I have confirmed this bud with multiple tests:
Scenario:
Two sites - both with proper internet connection.
IPS... Tue Madsen
09:04 PM pfSense Packages Feature #15393: Return to the ga version of NUT
Thank you Jim! Denny Page
05:43 PM pfSense Packages Feature #15393 (Feedback): Return to the ga version of NUT
PR merged into devel, should be in snapshots when the next build happens.
 Jim Pingle
07:24 PM pfSense Packages Bug #15459: Memory leak affecting ``lcdproc_client.php``, eventually hits PHP memory limit and crashes
MR: https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/395 Jim Pingle
07:21 PM pfSense Packages Bug #15459 (Closed): Memory leak affecting ``lcdproc_client.php``, eventually hits PHP memory limit and crashes
There is a memory leak affecting @lcdproc_client.php@ leading it to eventually running out of RAM and dying with a PH... Jim Pingle
03:29 PM Bug #15456 (Not a Bug): KEA DHCP allows entering static mappings with no IP address defined
Entries with a MAC address but not an IP address are valid. They define entries for "Deny Unknown Clients" which can ... Jim Pingle
11:23 AM Bug #15456 (Not a Bug): KEA DHCP allows entering static mappings with no IP address defined
After defining a static mapping without an IP address, the DHCP lease page will display two entries for that MAC addr... Danilo Zrenjanin
02:59 PM Bug #14977 (New): Kea fails to restart due to race between process termination and startup
Yuri Weinstein wrote in #note-4:
> I have experienced the same problem today 2 days after updating to 24.03-RELEASE
... Jim Pingle
12:14 AM Bug #14977: Kea fails to restart due to race between process termination and startup
I have experienced the same problem today 2 days after updating to 24.03-RELEASE
In addition to all described abov... Yuri Weinstein
02:44 PM pfSense Packages Todo #15458: Convert Spamhaus DROP/eDROP to one list and JSON format
https://forum.netgate.com/topic/187930/spamhaus-drop-edrop-list Steve Y
02:42 PM pfSense Packages Todo #15458 (New): Convert Spamhaus DROP/eDROP to one list and JSON format
The lists are combined and there is no eDROP list:
https://www.spamhaus.org/resource-hub/network-security/spamhaus-d... Steve Y
02:10 PM pfSense Packages Bug #15457 (Resolved): HAproxy disable zero copy forwarding
See more details here:
https://forum.netgate.com/topic/187757/haproxy-100-cpu-usage
https://github.com/haproxy/... Danilo Zrenjanin
05:17 AM pfSense Plus Bug #15303: dpinger service does not always switch from Pending to Online
In my case I am on 2.7.2 CE. Chris Collins
05:16 AM pfSense Plus Bug #15303: dpinger service does not always switch from Pending to Online
I just got this on a IPv4 gateway DHCP WAN. Usually it works, but on powering up pfSense on this occasion it was stu... Chris Collins

05/02/2024

06:40 PM Bug #14591: Restoring with different interfaces (partially?) applies changes before reboot
I ran into this again today, restoring a 3100 config to a 2100, both running 23.09.1. I deleted the OPT1 interface d... Steve Y
06:28 PM Bug #14977: Kea fails to restart due to race between process termination and startup
This issue was occurring for me too, and I have found a resolution. It manifests itself as a "ghost" kea process whi... Nicholas Ruddick
12:13 PM pfSense Packages Feature #15375 (Resolved): Update ntopng package
Jim Pingle
07:48 AM pfSense Plus Bug #15446 (Feedback): Kernel panic with pflow configured and active
The relevant patch has been merged to our branches and will be part of the next build. Kristof Provost

05/01/2024

11:32 PM pfSense Packages Feature #15393: Return to the ga version of NUT
This is in PR 1368 (https://github.com/pfsense/FreeBSD-ports/pull/1368). Denny Page
11:29 PM pfSense Packages Feature #15375: Update ntopng package
This can be closed as complete. Thanks. Denny Page
05:50 PM Bug #15454 (Resolved): Certificate Manager GUI inconsistency in Revocation tab titles
Jim Pingle
05:50 PM Bug #15454: Certificate Manager GUI inconsistency in Revocation tab titles
tested, patch fixes the issue Georgiy Tyutyunnik
01:00 PM Bug #15454 (Feedback): Certificate Manager GUI inconsistency in Revocation tab titles
Applied in changeset commit:7cbbda697adeabca5eaad369099ea995a4c2cd42. Jim Pingle
11:08 AM Bug #15454 (Resolved): Certificate Manager GUI inconsistency in Revocation tab titles
Minor inconsistency in GUI sub-tab displayed naming:
in System -> Cetificate tab the sub-tab for "Revocation" change... Georgiy Tyutyunnik
03:48 PM Bug #15440 (Resolved): CA certificates are not added to the Trust Store
Jim Pingle
03:36 PM Bug #15440: CA certificates are not added to the Trust Store
I stand corrected.
patch works, wait time around 3 mins after adding a cert to trusted Georgiy Tyutyunnik
12:47 PM Bug #15440: CA certificates are not added to the Trust Store
Georgiy Tyutyunnik wrote in #note-3:
> tested the patch:
> seems like imported ca is correctly recognised post-imp... Jim Pingle
12:42 PM Bug #15440: CA certificates are not added to the Trust Store
tested the patch:
seems like imported ca is correctly recognised post-import as trusted only if you manually re-run... Georgiy Tyutyunnik
03:34 PM Todo #15455 (New): Improve Package Manager behavior when the installed pfSense version differs from the selected update branch
When a new version of pfSense is available, the "Current" branch version changes to match the new version. This cause... Andrew Almond
12:58 PM Bug #15453 (Not a Bug): Assignment of OpenVPN port to an Interface shuts down OpenVPN access to Netgate 1100/2100
After assigning an OpenVPN interface you must edit/save the OpenVPN instance to properly reinitialize the underlying ... Jim Pingle
12:52 PM Revision 7cbbda69: Correct inconsistent CRL tab names. Fixes #15454
Jim Pingle

04/30/2024

11:43 PM Bug #15453 (Not a Bug): Assignment of OpenVPN port to an Interface shuts down OpenVPN access to Netgate 1100/2100
I have a Netgate 2100 that is set up with an OpenVPN server. I can readily connect to it remotely with the SparkLabs ... Dominik Hoffmann
06:53 PM pfSense Docs Todo #15450 (Closed): Feedback on High Availability
Info added.
https://gitlab.netgate.com/docs/pfSense-docs/-/commit/b83e51d63a71013f568e8f7314993fcde182fd49 Jim Pingle
04:32 PM pfSense Packages Bug #15451: Cannot remove package
Jim Pingle wrote in #note-1:
> There isn't nearly enough information here to go on, and this isn't the correct platf... Nafryti Nosferatu
12:15 PM pfSense Packages Bug #15451 (Incomplete): Cannot remove package
There isn't nearly enough information here to go on, and this isn't the correct platform to diagnose the issue. Pleas... Jim Pingle
12:06 AM pfSense Packages Bug #15451 (Incomplete): Cannot remove package
The earlier issue I noticed where it wasn't sending information, I tried restarting the service, no change, so I went... Nafryti Nosferatu
01:18 PM Feature #15422 (Resolved): Show current boot method in System Information Dashboard widget
Jim Pingle
11:48 AM Feature #15422: Show current boot method in System Information Dashboard widget
works as expected Georgiy Tyutyunnik
11:16 AM Feature #15261 (Closed): comcast DHCP issues
not needed anymore
customer figured out the issue with ISP (Comcast) and works with them for resolution. Georgiy Tyutyunnik
08:45 AM pfSense Packages Bug #13444: zabbix_proxy : cannot open "/var/log/zabbix-proxy/zabbix_proxy.log": [13] Permission denied
This problem still exists in the latest version of pfSense (2.7.2-RELEASE) with all Zabbix agent and proxy packages (... Cyril Christin
12:33 AM Bug #13996: Limiters using the fq_pie scheduler no longer pass any traffic.
Confirm the problem, it was working, I then adjusted the quantume, then traffic started going into blackhole, I chang... Chris Collins
12:15 AM Bug #15452: Unexpected/Undefined behaviour of disabled interfaces
The first option there seems far more logical to me but I have always assumed that was the behaviour anyway. Anyone r... Steve Wheeler
12:14 AM Bug #15452 (New): Unexpected/Undefined behaviour of disabled interfaces
Interfaces that are assigned but disabled can produce unexpected behaviour.
Setting an interface to disabled when ... Steve Wheeler

04/29/2024

10:22 PM pfSense Docs Todo #15450 (Closed): Feedback on High Availability
*Page:* https://docs.netgate.com/pfsense/en/latest/highavailability/index.html
*Feedback:*
Somewhere in the docs ... Ethan Word
05:26 PM Bug #9453 (Resolved): Reconfiguring a parent LAGG interface breaks its VLANs
To reproduce the issue, the parent interface (@lagg0@) needs to be added to the configuration as disabled. When an in... Marcos M
05:02 PM Bug #9453: Reconfiguring a parent LAGG interface breaks its VLANs
I can't replicate that in 24.03. Setting the lagg0 interface MTU (after assigning it) in a 7100 results in a ~30s out... Steve Wheeler
05:22 PM Bug #15449: IPsec VTI static routes may not be added after the system boots
Additional information.
The gateway that is disabled was originally used with a fiber provider's ONT/router which ... Larry Fahnoe
03:37 PM Bug #15449 (Resolved): IPsec VTI static routes may not be added after the system boots
I have a pair of 4200s which were running 23.09.1
Both have an old gateway in a disabled state (see Disabled gateway... Larry Fahnoe
05:01 PM pfSense Packages Bug #15229 (Resolved): ACME DNS-Selfhost verification issues
Fixed in ACME pkg v0.8 Jim Pingle
03:43 PM pfSense Packages Bug #15229 (In Progress): ACME DNS-Selfhost verification issues
Jim Pingle
05:01 PM pfSense Packages Bug #15061 (Resolved): acme.sh nsupdate with challengealias is failing in certain cases
Fixed in ACME pkg v0.8 Jim Pingle
03:25 PM pfSense Packages Bug #15061 (In Progress): acme.sh nsupdate with challengealias is failing in certain cases
Jim Pingle
05:01 PM pfSense Packages Bug #14815 (Resolved): ACME.sh ingnores Certificates in Trust Store
Fixed in ACME pkg v0.8 Jim Pingle
03:22 PM pfSense Packages Bug #14815 (In Progress): ACME.sh ingnores Certificates in Trust Store
Jim Pingle
05:00 PM pfSense Packages Bug #14796 (Resolved): ACME for domain registrar INWX in Germany
Fixed in ACME pkg version ACME pkg v0.8 Jim Pingle
03:20 PM pfSense Packages Bug #14796 (In Progress): ACME for domain registrar INWX in Germany
Jim Pingle
04:17 PM pfSense Plus Bug #15446: Kernel panic with pflow configured and active
Fix in https://cgit.freebsd.org/src/commit/?id=221d459fbc67e0c0565d6c6ea52fe8bbc5466fc7
I've not yet cherry-picked... Kristof Provost
04:10 PM Revision c0cacc1f: fix config.xml recovery
Use bsddialog because dialog no longer exists. Kristof Provost
03:28 PM pfSense Packages Bug #15414 (Rejected): Program Loops on invalid domains
Looks like it's looping inside acme.sh and not code we maintain, so you'd need to report that upstream. Jim Pingle
03:26 PM pfSense Packages Bug #15292 (Duplicate): Certificate renewal with 'dns_inwx.sh' not working: Error add txt for domain:_acme-challenge.foo.bar
Likely a duplicate of #14796 Jim Pingle
03:18 PM pfSense Packages Bug #12623 (Closed): acme.sh package | DNS-ISPConfig settings
This has been fixed for a long time now. Jim Pingle
03:16 PM pfSense Packages Bug #7453 (Closed): DNS-ovh need to save or display consumer key
This field has been in the GUI for years. Jim Pingle
03:15 PM Feature #15422 (Feedback): Show current boot method in System Information Dashboard widget
Applied in changeset commit:b891c3a33aff74f4ded6176a78b22ed84821036a. Jim Pingle
03:07 PM Feature #15422 (In Progress): Show current boot method in System Information Dashboard widget
Jim Pingle
03:06 PM Revision b891c3a3: Add boot method to sysinfo widget. Implements #15422
Jim Pingle
01:44 PM pfSense Plus Bug #15421: Netgate 3100 boot loader lacks Lua support but is trying to read loader.conf.lua
Kris Phillips wrote in #note-2:
> Oddly, I'm getting a similar, but not the same error message on an x86 KVM VM. Se... Jim Pingle
01:35 PM Bug #15448: ``miniupnpd`` lacks IGDv2 support
The choice between v1 and v2 is a compile-time option so we can't make it a GUI selection, however, given the age of ... Jim Pingle
06:32 AM Bug #15448 (New): ``miniupnpd`` lacks IGDv2 support
The pfSense documentation "here":https://docs.netgate.com/pfsense/en/latest/services/upnp.html claims that miniupnpd ... Allan Hsu
12:49 PM Bug #15442 (Resolved): CLI password check exits with a write access error when checking is a read-only operation
Jim Pingle

04/28/2024

01:25 AM pfSense Packages Bug #15447 (Closed): Wireguard not sending keep-alives according to configuration
Closing this redmine, per request. Kris Phillips
01:22 AM pfSense Plus Bug #15421: Netgate 3100 boot loader lacks Lua support but is trying to read loader.conf.lua
Oddly, I'm getting a similar, but not the same error message on an x86 KVM VM. See attached. Not sure if this is re... Kris Phillips

04/27/2024

11:43 PM Bug #15411: Hostname missing from logs in certain cases can cause the system log to display in an unexpected manner
I hit this a few days ago but have yet to see it happen again since rebooting after initially encountering Jordan G
10:38 PM Bug #15442: CLI password check exits with a write access error when checking is a read-only operation

no errors
[2.8.0-DEVELOPMENT][test@pfSense.home.arpa]/home/test: usermgrpasswd -c
Current password is OK.
... Alhusein Zawi
10:24 PM Bug #9453 (Confirmed): Reconfiguring a parent LAGG interface breaks its VLANs
changing anything regarding the parent interface stops all communication... Jordan G
06:37 PM Bug #11192: Using Limiters causes out of order packets within one TCP or UDP flow
I think I may have been affected by this.
I have used limiters in two scenario, one to make my home broadband not ... Chris Collins
06:23 PM pfSense Packages Bug #15420 (Confirmed): Incorrect error pfBlockerNG MaxMind message.
The message remains consistent whether you have entered only the MaxMind Account ID or only the MaxMind License Key o... Danilo Zrenjanin
12:57 PM pfSense Packages Bug #15447: Wireguard not sending keep-alives according to configuration
Sorry, having though about this a bit longer I realise the Keepalive is only sent when there's no Transport data sent... Patrik Stahlman
09:49 AM pfSense Packages Bug #15447 (Closed): Wireguard not sending keep-alives according to configuration

I have configured my wireguard peers with a 30s keep-alive interval. As I was viewing a packet capture in Wireshark... Patrik Stahlman
10:17 AM Todo #15358: Correct description in “System Information” widget
Jim Pingle wrote in #note-1:
> There is no need to use both forms everywhere. The string is already long enough as i... Sergei Shablovsky

04/26/2024

07:59 PM Bug #15434 (Resolved): DNS Forwarder ignores "Use remote DNS Servers, ignore local DNS" setting
dylan mendez wrote in #note-6:
> This patch seems to work, however, I had to manually re-save the config on the Gene... Jim Pingle
07:19 PM pfSense Plus Bug #15446 (Resolved): Kernel panic with pflow configured and active
System: Netgate 4100
Version: 24.03-RELEASE
After switching the export protocol to Netflow v5, device is stable f... Craig Coonrad
05:59 PM pfSense Packages Bug #15365 (Resolved): pfBlockerNG PHP error when editing a list
PR merged, updated package should be available now on 24.03. Jim Pingle
02:28 PM pfSense Packages Bug #15365: pfBlockerNG PHP error when editing a list
ive added the fixes manually and confirmed all is well.
Any reason why this hasn't been pushed out via the repo? Mike Moore
03:50 PM pfSense Docs Correction #15445 (Duplicate): Possible mistake in "WireGuard Site-to-Multisite VPN Configuration Example"
Dear all,
i set up a Wireguard Site-to-Multisite VPN according to the pfSense configuration example.
Configurin... Dieter Kreuz
03:45 PM pfSense Plus Feature #15013: Speed Shift - Add Field to control lowest C-State
Has been solved already and can be closed. Update 26.04: sry ignore my comment i confused it with another ticket - sry! Dieter Kreuz
10:28 AM pfSense Packages Bug #15435: Long boot time when using FQDN for WireGuard VPN endpoint
I bought a console cable and captured the reboot output (attached). It doesn't really show anything new. Most of the ... Patrik Stahlman
04:01 AM pfSense Packages Bug #15444 (Duplicate): Since this update 24.03-RELEASE was installed, PFBlockerNG has not been functioning correctly.
Jim Pingle
02:41 AM pfSense Packages Bug #15444 (Duplicate): Since this update 24.03-RELEASE was installed, PFBlockerNG has not been functioning correctly.
24.03-RELEASE (amd64)
built on Wed Apr 24 10:38:00 PDT 2024
FreeBSD 15.0-CURRENT
Since this update was installed... Ron Nootan
 

Also available in: Atom