Project

General

Profile

Activity

From 05/08/2024 to 06/06/2024

06/06/2024

09:03 PM Revision 2cb1f506: Fix RRD script syntax regression
Marcos M
07:03 PM pfSense Plus Bug #15535: Outgoing packets with Private source IP on WAN
I don’t use NAT in such a way that it would try to make two connections use the same conflicting information
There a... David G
04:01 PM Feature #15544 (New): Add hostname to Slack notifications
If multiple pfSense instances are using the same Slack channel, there's currently no way to tell which instance is se... Chris W
03:48 PM pfSense Packages Bug #15457: HAproxy disable zero copy forwarding
I'm not sure this kernel panic is related to the zero-copy-forwarding issue in HAProxy 2.9.1. Steve Wheeler
02:04 PM pfSense Packages Bug #15457: HAproxy disable zero copy forwarding
Backtrace:... Steve Wheeler
03:44 PM pfSense Packages Regression #15540 (Pull Request Review): Cannot create new System Patches package custom entry on Plus 24.08/CE 2.8.0 Snapshots
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/397 Marcos M
12:53 PM Feature #15543 (Duplicate): FREE DISK SPACE and /var/log LIGS SIZE NOTIFICATION
Already covered by other existing requests such as #10467 Jim Pingle
12:14 AM Feature #15543: FREE DISK SPACE and /var/log LIGS SIZE NOTIFICATION
Sorry for misstyping:) Sergei Shablovsky
12:13 AM Feature #15543 (Duplicate): FREE DISK SPACE and /var/log LIGS SIZE NOTIFICATION
Brilliant pfSense DevTeam!
Using pfSense’s IDS/IPS both Snort/Suricata and Ntopng GROWING EACH 6-8month since v.2.... Sergei Shablovsky
12:42 PM Bug #14083: Adding MSS and MTU values on a LAGG VLAN interface breaks connectivity
This patch resolved an issue I was having as well. lagg0 assigned, enabled, and unnumbered, MTU 9000 set on it, and s... Chris Linstruth

06/05/2024

11:15 PM Bug #14435 (Incomplete): PHP error with limiters
Reproducible steps or more context is needed for this to be investigated further. Marcos M
06:19 PM pfSense Plus Feature #15412 (Pull Request Review): Improve error feedback from pfSense-upgrade
It's not really practical to implement root cause tests in this case, but we can expose what part of the process fail... Marcos M
05:18 PM pfSense Packages Feature #15542 (Not a Bug): Default route withdrawal
This site is not for support or diagnostic discussion.
For assistance in solving problems, please post on the "Net... Jim Pingle
05:12 PM pfSense Packages Feature #15542 (Not a Bug): Default route withdrawal
I am running a PFSense FW with one WAN interface and one LAN interface. The WAN is our internet connection and the L... Chuck Slayton
02:13 PM Bug #15471 (Resolved): Memory leak in pfSense module function ``pfSense_get_ifaddrs()``
Tested on a system where I could reproduce the problem before with LCDProc and even after 17 hours there is zero incr... Jim Pingle

06/04/2024

09:30 PM Bug #14708 (Feedback): PHP error when the system fails to create an interface
Applied in changeset commit:ac39332caa1050ee56574395b73b4359d4218999. Marcos M
09:30 PM Bug #15133 (Feedback): PHP error with OpenVPN server certificate verification if the certificate has multiple ``CN`` attributes
Applied in changeset commit:70defd0f1a465b46754faecdc2fc96a0ef7cd279. Marcos M
09:23 PM Revision ac39332c: Handle failures to create an interface. Fix #14708
The function pfSense_interface_create2() may fail to create the
requested interface, in which case it returns the arr... Marcos M
09:21 PM Revision 70defd0f: Handle certificates with multiple CNs. Fix #15133
Multiple CNs are not supported. For compatibility, default to using
the first CN in the certificate instead of return... Marcos M
09:20 PM Bug #15423 (Feedback): PHP error when applying interface settings if the ``/tmp/.interfaces.apply`` file is present but empty
Applied in changeset commit:82e22457b04bf44c55cc1c4c6df91670ddb3e77c. Marcos M
09:12 PM Revision 82e22457: Add a helper function for unserialize(). Fix #15423
For calls to unserialize() which do not check for errors, use the
helper function instead. Marcos M
07:41 PM pfSense Packages Feature #15541 (New): CRON: option to enable/disable task
Check the possibility of creating an option to activate/deactivate tasks in cron.
!clipboard-202406041639-qmd5p.pn... Fabio Rafael Kochhann
07:35 PM pfSense Docs Todo #15497 (Closed): Add a bit more context to Gateway monitoring Action
I added a more info in the block for that setting, should hopefully be more informative now. Jim Pingle
07:14 PM pfSense Packages Regression #15540 (Resolved): Cannot create new System Patches package custom entry on Plus 24.08/CE 2.8.0 Snapshots
At some point between May 14th snapshots and June 2nd snapshots, something broke the ability to create new System Pat... Jim Pingle
07:09 PM pfSense Docs Todo #15522 (Closed): Feedback on Routing — Gateway Groups
Fixed that (plus one more on @multiwan/requirements@). Thanks! Jim Pingle
07:05 PM pfSense Docs Todo #15515 (Closed): Feedback on pfSense® software Configuration Recipes — WireGuard Site-to-Multisite VPN Configuration Example
You are right that wouldn't be valid for multiple clients in the same subnet. I updated the diagram and references in... Jim Pingle
07:02 PM pfSense Plus Regression #15539 (Resolved): PF syntax error when ``pflow`` is present on ``block`` rules
Fixed with 91628a2ed3d32140a2ee66806504590a65e2654f. Marcos M
06:54 PM pfSense Plus Regression #15539 (In Progress): PF syntax error when ``pflow`` is present on ``block`` rules
Marcos M
06:43 PM pfSense Plus Regression #15539 (Resolved): PF syntax error when ``pflow`` is present on ``block`` rules
Something either changed in rule generation or pf that is now triggering a syntax error for rules which have the @pfl... Jim Pingle
06:58 PM Revision 91628a2e: Only apply state tracking to pass rules
State tracking only applies to pass rules. This was broken with the
refactor of 3e28d716. Marcos M
06:36 PM pfSense Docs Correction #15514 (Closed): Add Netgate 4200 Pre-POST Light States
Added: https://gitlab.netgate.com/docs/pfsense-platforms/-/commit/d3056385ee5b1ccf0b20a1a70b55b30dbf27e30a Jim Pingle
04:46 PM Bug #15531: VLANs not cleared in console configuration despite warning
I can replicate this, when doing changes on the console without using the GUI and restarting, it keeps asking to conf... dylan mendez
12:24 PM pfSense Plus Bug #15446 (Resolved): Kernel panic with pflow configured and active
Jim Pingle
03:36 AM pfSense Plus Bug #15446: Kernel panic with pflow configured and active
I booted to the 24.08 dev build and ran IPFIX for about 8-10 hours.
No kernel panics. This appears resolved. Thanks. Craig Coonrad
12:08 AM pfSense Plus Bug #15538: RAM disks trigger boot failure warning when using ZFS
This actually fails the same way if you enable RAM disks after upgrading. Steve Wheeler
12:03 AM pfSense Plus Bug #15538 (Resolved): RAM disks trigger boot failure warning when using ZFS
Upgrades from 24.03 to 24.08-dev builds fail at first boot after rebooting into the new BE for the upgrade.... Steve Wheeler

06/03/2024

10:39 PM pfSense Plus Bug #13964 (Resolved): PHP syntax error in ``ec2_setup.php``
This is fixed with the config access work in 24.08. Marcos M
10:34 PM pfSense Packages Regression #13970: PHP error in apcupsd widget from UTF-8 string handling
Further feedback/issues would be best left to separate redmine reports with steps to reproduce. Marcos M
10:32 PM pfSense Packages Regression #13970 (Resolved): PHP error in apcupsd widget from UTF-8 string handling
Marcos M
10:32 PM pfSense Packages Regression #13970 (Closed): PHP error in apcupsd widget from UTF-8 string handling
Marcos M
10:30 PM pfSense Packages Bug #13985 (Duplicate): Telegraf error After Update PFSense to 23.01
Marcos M
10:27 PM Regression #13988 (Duplicate): PHP error with OpenVPN if the server certificate subject has duplicate components
Marcos M
10:21 PM pfSense Packages Bug #14419 (Closed): PHP error when trying to access pfBlockerNG configuration
With the move to pfBlockerNG v3 (from v2), pfblockerng.xml is no longer used to define the package GUI. The error is ... Marcos M
10:03 PM pfSense Packages Bug #14523 (Pull Request Review): PHP error when using an unsupported alias type in Advanced Rule Settings
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/400
This adds input validation to make sure the ... Marcos M
09:28 PM pfSense Packages Bug #14572 (Pull Request Review): Unused DNSBL files may not be removed
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/400
The error is related to removing unused DNSB... Marcos M
08:14 PM Bug #14708 (Pull Request Review): PHP error when the system fails to create an interface
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/1157
This is not specific to 6rd. This can happen when... Marcos M
06:45 PM pfSense Packages Regression #14850 (Pull Request Review): Unreadable alerts file results in PHP error
This indicates that the Snort UUID alert file exists but was not readable for some reason. The root cause of that can... Marcos M
06:30 PM pfSense Packages Bug #14861 (Pull Request Review): PHP error when pings are enabled but no ping hosts are defined
This happens when pings are enabled but no ping hosts are defined - simply disable pings to work around the PHP error... Marcos M
06:14 PM pfSense Plus Bug #15196: AWS ena interfaces can become unstable/stop responding
So the log in comment 23 has "kernel: arpresolve: can't allocate llinfo for 172.21.253.1 on ena1". So I'm wondering i... Kristof Provost
07:24 AM pfSense Plus Bug #15196: AWS ena interfaces can become unstable/stop responding
Here's dtrace from HS# 2785863048. This is the ticket Chris mentioned: https://redmine.pfsense.org/issues/15196#note-23 Azamat Khakimyanov
06:13 PM Bug #15133 (Pull Request Review): PHP error with OpenVPN server certificate verification if the certificate has multiple ``CN`` attributes
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/1156
We can handle multiple CNs by simply only using t... Marcos M
12:23 PM Feature #15323 (Pull Request Review): Display server description when WOL is sent using mac url or power-on button
Jim Pingle
12:22 PM pfSense Plus Bug #15535 (Not a Bug): Outgoing packets with Private source IP on WAN
If you use NAT in such a way that it would try to make two connections use the same conflicting information, it will ... Jim Pingle
12:18 PM pfSense Plus Bug #15418 (Incomplete): Incorrect links to edit static mapping and WOL on DHCPv6 leases (status_dhcpv6_leases.php). URL parameter values missing.
Jim Pingle
12:16 PM Bug #15536 (Not a Bug): still generate XMLRPC Error even after checkbox Synchronize states is set to OFF
State synchronization is an entirely separate protocol from XMLRPC configuration sync. State syncrhonization uses the... Jim Pingle
01:07 AM pfSense Packages Feature #9833: ACME: add ability to use custom ACME server
+1 for this as well. Javier Ramirez

06/02/2024

06:31 PM Bug #15537 (Resolved): Separator positions are incorrect when copying interface group rules
This is a bug similar to #14691 and #14619, but seems to only occur on interface groups.
h1. Steps to reproduce
... Christopher Jung
05:46 PM Bug #15536 (Not a Bug): still generate XMLRPC Error even after checkbox Synchronize states is set to OFF
ISSUE
Generating ERROR both in log and Notice WbGUI
XMLRPC Error
* A communications error occurred while atte... Sergei Shablovsky
05:38 PM pfSense Packages Bug #15296: WAN Interface cannot added to ntopng if offline-packet loss
Kris Phillips wrote in #note-2:
> Sergei Shablovsky wrote in #note-1:
> > Sergei Shablovsky wrote:
> > >
> > >
... Sergei Shablovsky
03:59 PM pfSense Plus Bug #15196: AWS ena interfaces can become unstable/stop responding
They do not appear to be seeing noticeably-high CPU load. Chris Linstruth
02:35 PM pfSense Plus Bug #15196: AWS ena interfaces can become unstable/stop responding
Another user is seeing similar behavior on an m5.xlarge with 24.03.
Main symptom there is pfSense static routes de... Chris Linstruth
01:45 AM Feature #15323: Display server description when WOL is sent using mac url or power-on button
the described behavior is also present in the current version of pfSense+ as well (24.03) Jordan G

06/01/2024

09:34 PM pfSense Docs Todo #15497: Add a bit more context to Gateway monitoring Action
Adding additional color to the documentation isnt a bad thing especially when questions about gateway monitoring come... Mike Moore
09:04 PM pfSense Docs Todo #15497: Add a bit more context to Gateway monitoring Action
Seems good to document that it can be beneficial in the case of a single WAN connection or alternatively that it's us... Jordan G
01:30 AM pfSense Docs Todo #15497: Add a bit more context to Gateway monitoring Action
If the gateway monitoring action is disabled, but it's still being monitored, the gateway won't be changed from up to... Kris Phillips
09:07 PM pfSense Packages Regression #15469: RRD Graphs height is smaller than expected
confirmed, resetting RRD data does not seem to provide any change in display scale Jordan G
07:49 PM pfSense Packages Bug #15529 (Confirmed): The path on the AWS High Availability page doesen't show the current tab
Confirmed on:... Christopher Cope
06:59 PM pfSense Packages Regression #14764 (Confirmed): HAProxy local syslog not working
I can confirm that logging into the local syslog is not functioning as expected.
The recommended workaround has re... Danilo Zrenjanin
06:22 PM Bug #15534: pfSense’s installer not table to see ZFS-formatted internal drive
Christopher Cope wrote in #note-1:
> Testing locally and the installer is able to see previously ZFS formatted drive... Sergei Shablovsky
06:19 PM Bug #15534: pfSense’s installer not table to see ZFS-formatted internal drive
Christopher Cope wrote in #note-1:
Thank You for answering!
> I originally misread the report. Please provide a... Sergei Shablovsky
03:09 PM Bug #15534 (New): pfSense’s installer not table to see ZFS-formatted internal drive
Christopher Cope
03:05 PM Bug #15534 (Duplicate): pfSense’s installer not table to see ZFS-formatted internal drive
I originally misread the report. Please provide a step-by-step to reproduce this issue, so we can attempt to recreate... Christopher Cope
01:10 PM pfSense Plus Bug #15535: Outgoing packets with Private source IP on WAN
After stopping and starting the SIP traffic the processing is correct:
Host is sending the same UDP packets with s... David G
06:40 AM pfSense Plus Bug #15535 (Incomplete): Outgoing packets with Private source IP on WAN
Capture on the WAN interface shows, that there are some packets leaving towards the Internet with Private RFC1918 sou... David G
01:21 AM pfSense Packages Bug #15313: Zabbix server 6.4.12 requires Zabbix proxies to be version 6.4.12
Checked in 24.03 release. Zabbix is still at 6.4.10. Kris Phillips
01:12 AM pfSense Plus Bug #15418: Incorrect links to edit static mapping and WOL on DHCPv6 leases (status_dhcpv6_leases.php). URL parameter values missing.
This should be marked as Incomplete until more information can be provided on how this is reproduced. I don't see a ... Kris Phillips
12:26 AM pfSense Packages Feature #15527 (Ready To Test): IPSec Profile Wizard/Windows: Filter User Certificate by Issuer
-Try applying the following patch using the "System Patches":https://docs.netgate.com/pfsense/en/latest/development/s... Marcos M
12:23 AM pfSense Packages Bug #15385 (Pull Request Review): PHP crash when exporting Apple profile, while IPsec P1 authentication method set to "Mutual Certificate"
https://gitlab.netgate.com/pfSense/factory-ports/-/merge_requests/104 Marcos M

05/31/2024

10:15 PM Bug #15534 (New): pfSense’s installer not table to see ZFS-formatted internal drive
Brilliant pfSense DevTeam!
*CONDITIONS*
Installing pfSense CE 2.7.2-REL from USB-flash (Transcend 16Gb USB 2.0, ... Sergei Shablovsky
10:09 PM Bug #15423 (Pull Request Review): PHP error when applying interface settings if the ``/tmp/.interfaces.apply`` file is present but empty
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/1155 Marcos M
09:46 PM pfSense Plus Bug #15533 (New): Boot verification script over matches
The boot verification script for ZFS boot environments can over match against other processes and fail to run due to ... Steve Wheeler
09:42 PM pfSense Plus Bug #14685: Kernel panic on reroot
Since this bug is triggered by unloading the zfs module incorrectly on systems that do not require it also see: https... Steve Wheeler
09:11 PM pfSense Plus Bug #14685 (Feedback): Kernel panic on reroot
I fixed it, see https://gitlab.netgate.com/pfSense/FreeBSD-src/-/commit/17758247bb690c60c7e1dbdbded2f21ad61d1f82 Mateusz Guzik
07:10 PM Bug #15449: IPsec VTI static routes may not be added after the system boots
The patch is working, confirmed in ticket #2703470963 and on my test device. The issue can be marked as resolved. Lev Prokofev
06:05 PM Bug #15449 (Resolved): IPsec VTI static routes may not be added after the system boots
Marcos M
04:40 PM Bug #15449 (Feedback): IPsec VTI static routes may not be added after the system boots
Applied in changeset commit:487d7d5e322993703716439422e3d032e40b61b4. Marcos M
04:05 PM Bug #15449 (Ready To Test): IPsec VTI static routes may not be added after the system boots
The inconsistency of the issue seems to stem from the @Gateway Monitoring@ setting. When unchecked (default), the rou... Marcos M
06:44 PM Bug #15362: Config upgrade error with empty gateway interval tags.
Fixed with @de9a3545ce34089e971947fd285522a406fce01f@ Marcos M
06:41 PM Bug #15362 (Resolved): Config upgrade error with empty gateway interval tags.
Marcos M
06:40 PM pfSense Packages Feature #15532: Update NUT status widget
Implemented in pull request 1374 (https://github.com/pfsense/FreeBSD-ports/pull/1374). Denny Page
06:37 PM pfSense Packages Feature #15532 (Resolved): Update NUT status widget
Update usability of the NUT status widget as follows:
* Add color coded icon for Summary status.
* Add line voltage... Denny Page
06:40 PM Revision de9a3545: Handle empty values during config upgrade. Fix #15362
The config may have an empty string - use 'empty()' instead of
'isset()' since '0' is not valid in this case. Marcos M
06:30 PM Bug #14859 (Resolved): Config upgrade error: upgrade_config.inc:6135
These should be resolved with the config access work for 24.08. Marcos M
06:28 PM Bug #14742 (Resolved): Several PHP errors in upgrade_config.inc
These should be resolved with the config access work for 24.08. Marcos M
05:25 PM Regression #15430 (Resolved): Interface-bound state policy does not handle IPsec VTI traffic as expected when filtering on ``enc0`` interface
Great, thanks for confirming! Marcos M
05:09 PM Regression #15430: Interface-bound state policy does not handle IPsec VTI traffic as expected when filtering on ``enc0`` interface
For validation i see my bgp peers haven't dropped. Mike Moore
04:41 PM Regression #15430: Interface-bound state policy does not handle IPsec VTI traffic as expected when filtering on ``enc0`` interface
There was an additional change after that, use the following instead; this should hopefully be included in the System... Marcos M
03:58 PM Regression #15430: Interface-bound state policy does not handle IPsec VTI traffic as expected when filtering on ``enc0`` interface
Patch applied.
Should i undo my previous changes of floating policy? Mike Moore
04:31 PM Revision 487d7d5e: Update the interface cache when configuring IPsec. Fix #15449
Marcos M
11:04 AM Bug #15531 (New): VLANs not cleared in console configuration despite warning
When configuration that includes VLANs is restored to different hardware (different NIC type), pfSense will show Inte... Jernej Simončič
09:28 AM pfSense Packages Bug #15530 (Rejected): pfBlockerNG Sync Tab helptext
Under *Firewall/pfBlockerNG/Sync*, the help text under the *Enable Sync* dropdown menu is unclear. ... Danilo Zrenjanin
09:09 AM pfSense Packages Regression #14189: pfBlocker-NG: HA-Sync is not working
!clipboard-202405311108-n6kth.png!
 Danilo Zrenjanin
09:06 AM pfSense Packages Regression #14189 (Confirmed): pfBlocker-NG: HA-Sync is not working
Danilo Zrenjanin
09:06 AM pfSense Packages Regression #14189: pfBlocker-NG: HA-Sync is not working
I defined GeoIP IPv4 entry for France on the Primary.
I can confirm that the configuration doesn't get replicated f... Danilo Zrenjanin
07:50 AM pfSense Packages Bug #15529 (Confirmed): The path on the AWS High Availability page doesen't show the current tab
No matter which tab you select (IPs, Routes, or Elastic IPs) the path at the top left corner remains *Package/AWS Hig... Danilo Zrenjanin

05/30/2024

08:16 PM pfSense Packages Feature #15528 (Pull Request Review): Add fix for #15430 to pfSense+ 24.03
Marcos M
08:15 PM pfSense Packages Feature #15528: Add fix for #15430 to pfSense+ 24.03
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/397 Marcos M
06:51 PM pfSense Packages Feature #15528 (Resolved): Add fix for #15430 to pfSense+ 24.03
Having this available in 24.03 should mitigate state policy issues when upgrading to 24.03 (for those that use this p... Marcos M
06:15 PM pfSense Packages Feature #15527 (New): IPSec Profile Wizard/Windows: Filter User Certificate by Issuer
Windows EAP config has an option to filter which user certificates can be used by their issuer, so only these certifi... Alex Bryant
06:14 PM Revision 2ca4ce55: Introduce a default return value to the rest of the config functions
The current return values remain the same. The added safety checks
ensures the correct type when calling array_* func... Marcos M
06:05 PM pfSense Docs Todo #15526 (New): Add CLI Commands for Boot Environments to Documentation
There are some situations of disk space exhaustion where the webConfigurator will crash or be unresponsive. Being ab... Kris Phillips
03:25 PM Bug #15525 (Resolved): File browser on ``diag_edit.php`` does not encode directory names before display
Jim Pingle
02:34 PM Bug #15525: File browser on ``diag_edit.php`` does not encode directory names before display
tested on:
24.03-RELEASE (amd64)
built on Wed Apr 24 17:38:00 UTC 2024
FreeBSD 15.0-CURRENT
patch fixes the issue Georgiy Tyutyunnik
01:28 PM Revision ba6d806b: Remove ripgrep since we are not using it
Brad Davis
02:42 AM pfSense Plus Bug #14968: Google LDAP fail to bind
Customer in ticket 2768927031 running into this issue. Kris Phillips
12:32 AM Feature #13293: Option to set auth-gen-token in OpenVPN GUI
I agree. This specific issue drove me crazy. No mention of --auth-gen-token in the pfsense documentation. Sean Scarfo

05/29/2024

07:49 PM Revision 3e28d716: Clean up rule generation code for state-tracking options
Improve readability and make it easier to adjust for future changes. Marcos M
07:47 PM Revision 66344dc6: Fix checkbox always being unchecked on page load
For the GUI option introduced in #15430 Marcos M
07:18 PM pfSense Docs Todo #15510 (Closed): Certificate Management navigation breadcrumbs
There are a lot more references than the ones linked there, but I have updated them all now (except for some historic... Jim Pingle
07:13 PM Bug #15508: pfSense breaks after changing System Domain Local Zone Type to Redirect if host overrides or static DHCP leases exist
Please reach out to me on my email. I will either clone the system for you or I can give you access to my system if w... Lukáš Mojžíš
06:52 PM Bug #15508 (Rejected): pfSense breaks after changing System Domain Local Zone Type to Redirect if host overrides or static DHCP leases exist
I cannot reproduce this as stated. I can switch back and forth without error even with static entries present. Possib... Jim Pingle
06:27 PM pfSense Docs Todo #15524 (Closed): Feedback on Installing and Upgrading — Upgrade Guide — Upgrade Process Overview
Yes, that is how it used to operate previously. That section is a summary/overview not a complete list of steps so it... Jim Pingle
02:13 PM pfSense Docs Todo #15524 (Closed): Feedback on Installing and Upgrading — Upgrade Guide — Upgrade Process Overview
*Page:* https://docs.netgate.com/pfsense/en/latest/install/upgrade-guide-overview.html
*Feedback:* This is a minor... David Myers
05:10 PM Bug #15525 (Feedback): File browser on ``diag_edit.php`` does not encode directory names before display
Applied in changeset commit:33f2ad2414b8a1246d511523b4ec0b67bbb224da. Jim Pingle
04:36 PM Bug #15525 (Resolved): File browser on ``diag_edit.php`` does not encode directory names before display
The file browser on @diag_edit.php@ does not encode directory names before display
Similar to #13262 which fixed p... Jim Pingle
05:10 PM Regression #15430 (Feedback): Interface-bound state policy does not handle IPsec VTI traffic as expected when filtering on ``enc0`` interface
Applied in changeset commit:e254aea45c3694ff280247be7670421b86d5bb31. Marcos M
04:49 PM pfSense Plus Feature #14743: Add Passkey/Certificate-based Authentication
UPVOTE THIS
Nowadays with numbers of hacking attacks rapidly increasing each day, securing the access to firewall ... Sergei Shablovsky
04:48 PM Feature #15244: Modern authentication via FIDO2 for local account authentication
UPVOTE THIS
Nowadays with numbers of hacking attacks rapidly increasing each day, securing the access to firewall ... Sergei Shablovsky
04:36 PM Revision 33f2ad24: Encode dir names in browser.php. Fixes #15525
Jim Pingle
01:20 PM Bug #8882: Interface assignments lost on reboot
I can also confirm the same issue. But the issue come when you use a backup file from a vmware Pfsense and use the sa... Eivind Engberg

05/28/2024

08:12 PM Feature #14208: Automatic Split-DNS for 1:1 NAT
I just rebased the PR. It would be great if it can be merged so I don't have to keep doing that. Yehuda Katz
06:52 PM pfSense Plus Bug #15196: AWS ena interfaces can become unstable/stop responding
Update from the user who provided us the dtrace outputs (HS# 2718685720)
> Hi, just an update. I changed EC2 type ... Craig Coonrad
06:09 PM Revision e254aea4: Automatically use floating states for IPsec rules. Fix #15430
Marcos M
12:57 PM pfSense Plus Feature #15523: Allow to set a password policy for users in the local database
It's something we may expand on in the future, the framework is in place to do it now, but it would require creating ... Jim Pingle
12:55 PM Feature #15513 (Rejected): Separate the branch settings for package and system updates
This is already close to how it works now on current releases. The update check does not alter the branch used for an... Jim Pingle
12:51 PM pfSense Packages Bug #15517 (Rejected): WireGuard not responding to the handshake from the same port
This is almost certainly due to a misconfiguration such as applying outbound NAT on traffic generated from the firewa... Jim Pingle
12:37 PM Bug #13565 (Closed): LOR on Boot for Static Routes Startup Item in KVM environment
Jim Pingle
12:37 PM pfSense Plus Feature #15506 (Duplicate): GEOM mirrors from previous UFS installs break ability to install with ZFS RAIDZ1 "No Disks Available"
Already covered by internal issue 12393 Jim Pingle
12:32 PM Feature #15504 (Duplicate): PPPoE support for online installer
This is already being tracked internally and is coming in the next installer release, it's already in our internal te... Jim Pingle

05/27/2024

11:51 AM pfSense Plus Feature #15523 (New): Allow to set a password policy for users in the local database
It would be great if we can set password requirements for the local users like minimun lenght and complexity at less.... Javier Herrera

05/26/2024

11:57 PM pfSense Packages Bug #14556: Tailscale dropping routes from FIB
Update 5/26, regarding the ping from pf1 to pf2 (or vice versa), I notice this only gets a successful reply when usin... Matt Keys
06:42 AM pfSense Docs Todo #15522 (Closed): Feedback on Routing — Gateway Groups
*Page:* https://docs.netgate.com/pfsense/en/latest/routing/gateway-groups.html
*Feedback:*
Sentence "Gateway grou... Seb M
03:01 AM Bug #15178: ACB (autoconfig backup) restore always returns could not decrypt despite proper password
still experiencing this but I've found some newer test backups I've made don't seem to trigger the issue Jordan G
01:51 AM pfSense Docs Todo #15521 (Closed): Add alert to use single quotes as escape characters when decrypting config.xml using OpenSSL on command line
https://docs.netgate.com/pfsense/en/latest/backup/restore.html#encrypted-configuration-files
A password such as @ ... Chris W
01:43 AM Feature #15464: Allow Installer to install CE even if NDI detects as Plus
This is a confirmed issue. I believe this will be resolved in the next version of the installer. Kris Phillips
01:41 AM pfSense Packages Feature #14712: CrowdSec package
There are recent requests for an update on this redmine: https://www.reddit.com/r/PFSENSE/comments/1cz0bsh/pfsense_of... Kris Phillips
12:48 AM pfSense Packages Feature #15501 (Rejected): Squid COSS filesystem
Squid is deprecated in pfSense, so any fixes or feature adds are unlikely to occur.
Marking redmine as Rejected. Kris Phillips
12:44 AM Feature #15513: Separate the branch settings for package and system updates
This is a duplicate of the non-public, Netgate redmine 7479. Kris Phillips
12:41 AM pfSense Packages Bug #15517 (Incomplete): WireGuard not responding to the handshake from the same port
Which side of this packet capture is the pfSense side and what is on the other side? There isn't enough details in t... Kris Phillips
12:26 AM Bug #15452: Unexpected/Undefined behaviour of disabled interfaces
possible to provide the ability to configure MTU for (a) LAGG specifically, when also configuring the other parameter... Jordan G

05/25/2024

11:56 PM Bug #15493: Kea sometimes provides an IP from the DHCP pool despite static mappings
confirmed, also experiencing this behavior with 24.03 - Changing the IP or creating a new reservation does not always... Jordan G
11:25 PM Regression #15094: Updates fail against an authenticated upstream proxy
Tickets 2616976047 and 2698680909 both are regarding this issue. Kris Phillips
10:49 PM pfSense Plus Feature #15506 (Confirmed): GEOM mirrors from previous UFS installs break ability to install with ZFS RAIDZ1 "No Disks Available"
Confirmed. Having this automated would make the install smoother. Christopher Cope
05:33 PM pfSense Plus Bug #15509 (Not a Bug): Debian OpenVPN client breaks the connections
Christopher Cope
04:54 PM Bug #15516: Per-rule byte counter values lost across a filter reload
Just to add another data point, as I mentioned in https://forum.netgate.com/topic/188336/firewall-rule-counters-max-s... Steve Y
04:25 PM Bug #5413: Reduce disruptions when changing DNS records from DHCP leases in Unbound
Any further updates on this? Jay Sols
12:25 PM Bug #15519 (New): Limiter dynamic child queue applied twice when traffic passes out of bound OpenVPN interface with NAT
Setup:
* Limiter is set up with child queues that have a /32 source mask applied - parent limiter is set to 100mbp... Ivan Konash
08:53 AM Bug #15518 (Confirmed): Kea does not send configured TFTP server name
I can confirm this behavior on 24.03. The Lev's workaround works. Danilo Zrenjanin
06:29 AM Bug #15518: Kea does not send configured TFTP server name
I can confirm this behavior on 24.03, I was able to fix it by adding the string "code": 66 in the config
Example:
... Lev Prokofev
05:27 AM Bug #15518 (Resolved): Kea does not send configured TFTP server name
I've a working environment with ISC dhcp server booting a raspberry pi over network. When switching to KEA dhcp the "... Martin Hengesbach
06:35 AM Feature #15321: Kea DHCP Custom Configuration Support (IPv4 and IPv6)
Below is an example of possible options with the right syntax:
https://github.com/isc-projects/kea/blob/master/doc... Lev Prokofev
03:06 AM pfSense Packages Bug #15517 (Rejected): WireGuard not responding to the handshake from the same port
Hello everyone,
I am seeing an issue with WireGuard responding from a different port for the Handshake response. T... Karl Kastr
12:02 AM Regression #15430 (Pull Request Review): Interface-bound state policy does not handle IPsec VTI traffic as expected when filtering on ``enc0`` interface
We can try to work around the issue until #8686 is resolved.
https://gitlab.netgate.com/pfSense/pfSense/-/merge_reque... Marcos M

05/24/2024

11:13 PM Bug #15516 (Resolved): Per-rule byte counter values lost across a filter reload
In some situations the byte counter reported by pfctl is not retained correctly across a filter reload.
It appears... Steve Wheeler
09:13 PM pfSense Docs Todo #15515 (Closed): Feedback on pfSense® software Configuration Recipes — WireGuard Site-to-Multisite VPN Configuration Example
*Page:* https://docs.netgate.com/pfsense/en/latest/recipes/wireguard-s2ms.html
*Feedback:*
Hi
you are propo... NIKOLAOS NIKOU
06:54 PM Todo #15429: Clarify descriptions for gateway recovery options
Thanks for the feedback! I do think the various related settings could use rewording and restructuring for clarificat... Marcos M
06:14 PM Bug #14083 (Resolved): Adding MSS and MTU values on a LAGG VLAN interface breaks connectivity
Marcos M
06:13 PM Bug #15502 (Resolved): Proxy variables in ``crontab`` contents are improperly formatted
Marcos M
06:11 PM Revision 74ad34bc: Avoid configuration loop with LAGG interfaces. Fix #14083
The fix to #9453 introduced a loop when configuring LAGG interfaces.
This happens when interface_lagg_configure() ult... Marcos M
06:06 PM pfSense Plus Bug #15511 (Resolved): Factory resetting the configuration removes WireGuard
Marcos M
04:02 PM pfSense Plus Bug #15511 (Feedback): Factory resetting the configuration removes WireGuard
The WireGuard package is now in the list of installed packages and won't be removed on the factory reset. Luiz Souza
05:25 PM Revision 4b9165e5: Default to an empty array for functions expecting a countable value
Do this for foreach() and count(). Marcos M
03:18 PM Revision 4eddd5ab: Correct default for 'system/acb' in write_config() to empty array instead of null
Reid Linnemann
10:34 AM Bug #14977: Kea fails to restart due to race between process termination and startup
Following up on forum post https://forum.netgate.com/topic/188337/
I am reporting this same issue. I've been using... Ricardo Mendes
07:13 AM pfSense Packages Bug #8197 (Resolved): BIND UI fails to properly update zone with inline DNSSEC signing enabled
I've tested it on 21.02.2 and on latest 24.03
I was able to reproduce this issue on 21.02.2 (BIND 9.16_17) - BIND ... Azamat Khakimyanov

05/23/2024

11:36 PM pfSense Docs Correction #15514 (Closed): Add Netgate 4200 Pre-POST Light States
The Netgate 4200 has a solid orange light while POST'ing before it reaches the boot up process. This is not document... Kris Phillips
08:24 PM Feature #15513 (Rejected): Separate the branch settings for package and system updates
Currently, the repo branch is used for both packages and system updates. The branch must be set to match the currentl... Andrew Almond
08:07 PM Feature #15476: Allow listing and switching repo branches from the CLI
The ability to change repo branches via CLI would be very useful, as we're looking to script the upgrade process acro... Andrew Almond
05:37 PM Revision 63d6bb4f: Update all direct config access with accessor functions
Marcos M
05:37 PM Revision 9f0e98bc: Refactor config upgrade to use config accessors
Marcos M
05:37 PM Revision 40052af4: Use config accessors in traffic shaper functions
Marcos M
05:37 PM Revision 26308930: Use config accessors in certificate functions
Marcos M
05:37 PM Revision 1bb9c407: Use config accessors in users and groups functions
Marcos M
05:37 PM Revision 6cbdf0e7: Remove potential direct config references when displaying form rows
The first eval() change removes the reference and has no functional
effect given that $pkg_source_txt is not modified... Marcos M
05:37 PM Revision 816fef25: Move to is_platform_booting()
The function platform_booting() is deprecated. Marcos M
05:37 PM Revision 134a8703: Move from ${var} to {$var}
The use of ${var} has been deprecated since PHP 8.2 Marcos M
05:37 PM Revision cafdc4a8: Move to date()
The function strftime() is deprecated since PHP 8.2 Marcos M
05:37 PM Revision 4c6b85be: Move to mb_convert_encoding()
The functions utf8_encode()/utf8_decode() are deprecated since PHP 8.2 Marcos M
05:37 PM Revision c1db4dea: Move to str_replace()
The function ereg_replace() is deprecated since PHP 5.3. Marcos M
05:37 PM Revision bd6f0b80: Move to preg_match()
The function ereg() is deprecated since PHP 5.3. Marcos M
05:37 PM Revision e2b0f1f8: Move to foreach()
The function each() is deprecated since PHP 7.2. Marcos M
05:37 PM Revision 189dbb7a: Move to password_hash()
Use of crypt() requires a salt since PHP 8.0. Use password_hash() to align with 8ddf2b5. Marcos M
05:37 PM Revision 2a02ef36: Remove superfluous argument
The product label was mistakenly separated in 573ec19. Now simply remove it. Marcos M
05:37 PM Revision 787a9938: Remove superfluous function arguments
Added in 0eae38c Marcos M
05:37 PM Revision 1123725d: Correctly detect changed settings
Marcos M
05:37 PM Revision fe918db8: Return a value in convert_openvpn_interface_to_friendly_descr()
Calls to this function expect a return value which is then echo'd. Marcos M
05:37 PM Revision 4ef3bed6: Correctly set duplicates limit in forms
Marcos M
05:37 PM Revision bf3d5a8a: Fix missing variable assignment in 22dbacd
Marcos M
05:37 PM Revision ad78dab5: Fix missed changes in f593f80
The argument being removed was previously used to retrieve optX
interfaces; this no longer applies. Marcos M
05:37 PM Revision b44b34d6: Fix missed changes in 0e2bed2
The "level" is determined automatically by the function. Marcos M
05:37 PM Revision f4c1a890: Fix missed changes in c618897
The function parameter was removed since it was not used. Marcos M
05:37 PM Revision 8c34ed68: Fix missed changes in 015a482
The IP Protocol is now determined automatically be the function. Marcos M
05:37 PM Revision 8eab4c32: Fix missed changes in 2aafa69
The direct value is now used instead of the constant variable. Marcos M
05:37 PM Revision 0ae0babf: Fix missed changes in the transition from ipfw to pf
Marcos M
05:37 PM Revision 1ec82c30: Fix typos and copy/paste issues
Issues found by the PHP linter mostly include typos and usage of
unassigned variables. To address these, traverse the... Marcos M
05:37 PM Revision d900b9d4: Fix PHP linter issues
Marcos M
05:37 PM Revision 01258f1e: Support adding to an array in array_set_path()
- Avoid infinite loop with empty paths.
- Support setting $value to the $arr root.
- If $path contains a trailing for... Marcos M
12:52 PM Bug #14083: Adding MSS and MTU values on a LAGG VLAN interface breaks connectivity
The client confirmed that the patch solves the issue #2754566672 Lev Prokofev
09:24 AM pfSense Plus Bug #15196: AWS ena interfaces can become unstable/stop responding
Okay, that would seem to indicate that we're not spending our CPU time in the ena driver. That's a bit unexpected, gi... Kristof Provost
03:45 AM pfSense Plus Bug #15196: AWS ena interfaces can become unstable/stop responding
Here's another dtrace from HS# 2718685720.
I'm not sure if this will be helpful or much different than the previou... Craig Coonrad
08:14 AM pfSense Plus Bug #15511: Factory resetting the configuration removes WireGuard
I couldn't reproduce this.
Tested against:
23.09
23.09.1
24.03
Is there any other specific configuration set... Danilo Zrenjanin

05/22/2024

10:06 PM Bug #14434: PPPoE WAN interface with VIPs causes continuous interface restarting
This appears to be fixed in 24.03. At least in my test setup. Can anyone who was seeing this in 23.09.1 confirm that ... Steve Wheeler
08:15 PM Bug #14434: PPPoE WAN interface with VIPs causes continuous interface restarting
I thought I would add another confirmation: I have the same symptoms on upgrade from 2.6.0 to 2.7.0
I too am using... Pete Holzmann
01:37 PM Bug #15502: Proxy variables in ``crontab`` contents are improperly formatted
tested on:
2.7.2-RELEASE (amd64)
built on Wed Dec 6 20:10:00 UTC 2023
FreeBSD 14.0-CURRENT
patch fixes the issue Georgiy Tyutyunnik
12:14 PM Feature #9617: PPPoE Static IP Configuration in GUI
I had a go at doing this, and it didn't seem to work for me, I got some other address from the ISP.
My config alre... Goat Moat
11:36 AM Feature #6626: Support for IPv6 firewall entries with dynamic delegated prefix and static host address
In addition to the previous commit, which introduced the basic ability to auto build rules on-top of dynamic prefixes... Jan-Jonas Sämann
02:22 AM pfSense Plus Bug #15196: AWS ena interfaces can become unstable/stop responding
I looked at the status output for the same case that included the dtrace. It involves high CPU and loss of network. (... Craig Coonrad
12:00 AM Bug #15411: Hostname missing from logs in certain cases can cause the system log to display in an unexpected manner
Had a customer encounter this, restarting firewall and syslogd didn't do it. Changing the lines from 2000 to 500 seem... dylan mendez

05/21/2024

07:08 PM Regression #15470: Port forward rules created by ``miniupnpd`` do not expire
Steve Wheeler wrote in #note-5:
> It's not something that can be patched at runtime but an updated pkg is available ... Bob Dig
06:42 PM Regression #15470: Port forward rules created by ``miniupnpd`` do not expire
It's not something that can be patched at runtime but an updated pkg is available in 24.03:... Steve Wheeler
04:39 PM Regression #15470: Port forward rules created by ``miniupnpd`` do not expire
Marcos M wrote in #note-3:
> With the fix, port mappings correctly automatically expire and can be removed on client... Bob Dig
04:32 PM Feature #15512 (New): Outbound NAT is missing "interface" and "Invert match" as source
Outbound NAT is missing interface and Invert match as source.

With both available, one could easily create outbou... Bob Dig
02:57 PM Regression #15094: Updates fail against an authenticated upstream proxy
Fixed upstream, will be in the next pkg release Brad Davis
02:23 PM Revision 0c1496a4: With pkg switching to curl the format of the auth string has changed
Brad Davis
12:38 PM pfSense Plus Bug #15196: AWS ena interfaces can become unstable/stop responding
This was on a VM that was manifesting the problem (i.e. elevated CPU use and loss of connectivity) at the time the dt... Kristof Provost

05/20/2024

11:56 PM pfSense Plus Bug #15511 (Closed): Factory resetting the configuration removes WireGuard
Resetting the configuration to factory defaults removes the WireGuard package. This package should be kept given that... Marcos M
11:08 AM pfSense Plus Bug #15509: Debian OpenVPN client breaks the connections
Sorry, was problem with network. Evgeny Korostelev
05:19 AM pfSense Plus Bug #15509 (Not a Bug): Debian OpenVPN client breaks the connections
After applying patch https://redmine.pfsense.org/issues/15440, the OpenVPN client on Debian 11 breaks the connection ... Evgeny Korostelev
10:06 AM pfSense Docs Todo #15510 (Closed): Certificate Management navigation breadcrumbs
*Page:* https://docs.netgate.com/pfsense/en/latest/certificates/index.html
*Feedback:* The navigation breadcrumbs ... Jared Silva

05/19/2024

12:12 PM pfSense Packages Bug #11274 (Resolved): ntopng https web server does not present full certificate chain
I was able to reproduce this issue on 21.02.2: I didn't see full certificate chain when I opened NtopNG web page.
... Azamat Khakimyanov
11:20 AM Bug #15508 (Rejected): pfSense breaks after changing System Domain Local Zone Type to Redirect if host overrides or static DHCP leases exist
Changing System Domain Local Zone Type to Redirect will break the management interface entirely if host overrides or ... Lukáš Mojžíš
01:19 AM pfSense Packages Bug #15507: Wireguard stuck interface on boot
oh and the bad thing about this, is that if you restore from backup config file then you'll also migrate whatever the... mrpops2ko .
01:18 AM pfSense Packages Bug #15507 (New): Wireguard stuck interface on boot
i'm sure this has been reported before but it seems all those have been marked as resolved but this still occurs for ... mrpops2ko .
01:01 AM Bug #15490: Sanitize RFC 2136 Dynamic DNS update keys in ``status.php`` output
I can confirm this behavior on 24.03. Kris Phillips
12:57 AM Regression #15430: Interface-bound state policy does not handle IPsec VTI traffic as expected when filtering on ``enc0`` interface
Ran into an issue today with inconsistency here. When trying to upload a file to a web page's PHP-based upload funct... Kris Phillips
12:51 AM Bug #13565: LOR on Boot for Static Routes Startup Item in KVM environment
This redmine can be closed as these messages are no longer present in any release. Kris Phillips
12:50 AM pfSense Plus Bug #12759: Proprietary packages link to non-existant or non-public github pages
Testing this on 24.03, this seems to be less of an issue since it looks like the FreeBSD-ports tree has empty/blank p... Kris Phillips

05/18/2024

08:07 PM pfSense Plus Feature #15506 (Duplicate): GEOM mirrors from previous UFS installs break ability to install with ZFS RAIDZ1 "No Disks Available"
This is similar to the problems with the offline installer as outlined here, but is also relevant to the netinstaller... Kris Phillips
04:58 PM Revision 577cd0eb: Set correct value when toggling CARP maintenance
Marcos M
12:47 PM Bug #15449: IPsec VTI static routes may not be added after the system boots
Another customer is experiencing related issues, see https://forum.netgate.com/topic/188214/vti-gateways-in-24-03 beg... Larry Fahnoe
12:22 PM Bug #15449: IPsec VTI static routes may not be added after the system boots
I used customer's status output file to create the same config on my lab (as Lev done) but I still wasn't able to rep... Azamat Khakimyanov
12:01 PM pfSense Packages Bug #15505 (New): Traffic graphs inaccurate when using Limiters (FQ_CODEL)
this has been ongoing for over a year now, i'm not sure what the issue is.
in short what happens is the traffic g... mrpops2ko .
05:42 AM Feature #15504: PPPoE support for online installer
Net installer with PPPoE support is under development. Lev Prokofev
04:27 AM Feature #15504 (Duplicate): PPPoE support for online installer
The new installer requires internet access to function, but for some of us we rely on PPPoE in order to get a WAN con... mrpops2ko .

05/17/2024

09:13 PM pfSense Plus Bug #15196: AWS ena interfaces can become unstable/stop responding
Chris W wrote in #note-15:
> HS# 2718685720 is a 24.03 guest which was upgraded from 23.09.1. Only when on 24.03 did... Chris W
02:19 PM pfSense Plus Bug #15196: AWS ena interfaces can become unstable/stop responding
new case #2733381806
client will run the script when able to Georgiy Tyutyunnik
02:04 PM pfSense Packages Feature #15501: Squid COSS filesystem
Correction: per developer response
“Squid does not support COSS cache_dirs since v3.5. If Squid in question does ... Jonathan Lee
01:30 PM Bug #15502 (Feedback): Proxy variables in ``crontab`` contents are improperly formatted
Applied in changeset commit:45419ed469e182e97b72f534ff4a79b6f531b06e. Anonymous
01:23 PM Bug #15502 (Pull Request Review): Proxy variables in ``crontab`` contents are improperly formatted
MR: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/1150 Jim Pingle
01:30 PM Bug #15471: Memory leak in pfSense module function ``pfSense_get_ifaddrs()``
A quick test of the function looks good compared to my previous tests, but I'd prefer to keep this open for now until... Jim Pingle
01:24 PM Revision 45419ed4: Add newlines to crontab proxy variables. Fixes #15502
Steve Wheeler
01:23 PM Bug #15503: udp6_bind kernel panic
I took a very quick look. The faulting code in6_pcbbind+0x360 translates to /var/jenkins/workspace/pfSense-CE-snapsho... Kristof Provost
12:39 PM Bug #15503 (New): udp6_bind kernel panic
We have seen a few reports of kernel panics with services attempting to listen for requests on link-local IPv6 addres... Steve Wheeler
08:31 AM Bug #15009: System>Update page menu uses incorrect internal URL
I have the same issue after reboot the update menu is pointing again to the other location. https:/.../pkg_mgr_insta... Willem-Jan v R
07:05 AM Bug #15366: Ethernet rules are not blocking the ARP inside the bridge
I retested this with 24.03 with the Interface Bound States enabled, and the result was exactly the same. Lev Prokofev

05/16/2024

11:06 PM pfSense Packages Feature #15501: Squid COSS filesystem
“The Cyclic Object Storage Scheme (costs) is an attempt to develop a custom file system for Squid.”
Ref: squid the... Jonathan Lee
09:53 PM pfSense Packages Feature #15501 (Rejected): Squid COSS filesystem
Hello Coss is missing from the new Squid package it is not listed as an option. This should work great with Squid 6.6... Jonathan Lee
10:06 PM Bug #15502 (Resolved): Proxy variables in ``crontab`` contents are improperly formatted
On systems with an upstream proxy configured lines are added to the crontab so commands run there see the appropriate... Steve Wheeler
06:15 PM pfSense Plus Bug #15196: AWS ena interfaces can become unstable/stop responding
HS# 2718685720 is a 24.03 guest which was upgraded from 23.09.1. Only when on 24.03 did the problem begin, however. Chris W
08:14 AM pfSense Plus Bug #15196: AWS ena interfaces can become unstable/stop responding
There's still very little to go on here.
Let's start by seeing if we can identify what's causing the high CPU load... Kristof Provost
04:32 PM Bug #15500 (New): Hanging connections with failing over to high availability node when floating rule is matched in >= 2.7.1
- Two freshly installed instances, both with identical hardware running pfSense 2.7.0
- Each with 3 interfaces ass... shane shane
04:16 PM Bug #15066 (Duplicate): PHP allocation failure in pfsense-utils.inc
The root issue here is probably #15471. The function @get_interface_info(@) ends up calling @get_interface_addresses(... Marcos M
03:49 PM pfSense Packages Bug #7039: HAProxy backend configuration does not handle intermediate CAs properly
almost 3 years later I have the same problem.
The PR does not seem to be in the current package versions (0.63_2). Dennis Neuhaeuser
01:23 PM Bug #15471: Memory leak in pfSense module function ``pfSense_get_ifaddrs()``
Was able to reproduce on 24.03 and 2.7.2 CE via calling the leaking function in endless loop.
tested on:
Version 2.8... Georgiy Tyutyunnik
11:32 AM Bug #15449 (Confirmed): IPsec VTI static routes may not be added after the system boots
Steve Wheeler

05/15/2024

03:41 PM pfSense Plus Bug #15499: Manually verifying the boot environment makes config changes
See: https://forum.netgate.com/topic/188179/24-03_1-traffic-graphs-does-not-keep-its-configuration Steve Wheeler
03:36 PM pfSense Plus Bug #15499 (New): Manually verifying the boot environment makes config changes
If a user connects to the webgui before the automatic BE verification has run at boot they are presented with the man... Steve Wheeler
03:21 PM pfSense Docs Todo #15497: Add a bit more context to Gateway monitoring Action
I agree that more details about gateway monitoring actions would be helpful.
Expanding on this, it would be helpfu... Andrew Almond
01:05 PM pfSense Packages Feature #15498 (Rejected): Add speedtest-cli to packages
While some find it useful, it isn't a great metric and it is not a practice we want to encourage. Anyone that wants t... Jim Pingle
03:28 AM Regression #14833: OpenVPN client process in bridged tap mode fails after 2.7.0 CE upgrade
Confirm pfSense 2.7.2. I set up the Openvpn bridge on a clean configuration. When changing the parameters of the Open... admin admin

05/14/2024

10:10 PM pfSense Packages Feature #15498 (Rejected): Add speedtest-cli to packages
I've been using the dashboard widget created by Leon Straathof on several pfSense instances and it works great.
http... Andrew Almond
09:42 PM pfSense Packages Feature #15397: Wazuh Agent
Adding Wazuh to packages would be nice. I'm using it on several instances of pfSense with no issues. Andrew Almond
06:26 PM Revision a976c08c: Reapply "Add zsh to the list of packages to build"
This reverts commit 3d4cab4078a9276446d847612c97a52c328fd965.
The plist fix has landed and merged from upstream Brad Davis
01:48 PM pfSense Docs Todo #15497 (Closed): Add a bit more context to Gateway monitoring Action
https://docs.netgate.com/pfsense/en/latest/routing/gateway-configure.html
Section:Disable Gateway Monitoring Actio... Mike Moore
01:39 PM pfSense Packages Bug #15496: Traffic Totals: empty Data Summary
I've removed the database, and restarted vnstatd. After it obtained some data again I do get the Data Summary values ... Kristof Provost
01:22 PM pfSense Packages Bug #15496: Traffic Totals: empty Data Summary
Kristof Provost wrote in #note-4:
> The relevant package has been installed for a very long time, so it's not a lack... Jim Pingle
01:15 PM pfSense Packages Bug #15496: Traffic Totals: empty Data Summary
The relevant package has been installed for a very long time, so it's not a lack of data at least.
Interestingly i... Kristof Provost
12:28 PM pfSense Packages Bug #15496: Traffic Totals: empty Data Summary
I can't reproduce any issue here currently. Seems to be OK on Plus 24.03 amd64 and arm64, and CE 2.8 Snapshots (at le... Jim Pingle
11:38 AM pfSense Packages Bug #15496: Traffic Totals: empty Data Summary
This was observed on 24.03, on an 2100. Kristof Provost
11:38 AM pfSense Packages Bug #15496 (New): Traffic Totals: empty Data Summary
The traffic totals page (i.e. the vnstat output) shows the traffic graph (with what appears to be correct data), but ... Kristof Provost

05/13/2024

10:10 PM pfSense Plus Bug #15196: AWS ena interfaces can become unstable/stop responding
Another instance. HS# 2718685720 Craig Coonrad
06:56 PM pfSense Packages Bug #15061 (New): acme.sh nsupdate with challengealias is failing in certain cases
Change reverted.
 Jim Pingle
09:21 AM pfSense Packages Bug #15061: acme.sh nsupdate with challengealias is failing in certain cases
Hi.
For me, this was working for years and now it stopped.
See forum for more info: https://forum.netgate.com/top... Greg M

05/12/2024

02:47 AM Feature #15492: Test if storage/eMMC is actually writable underneath ZFS
I can confirm that if the eMMC controller is alive, but the flash chips refuse to accept writes, there is no messages... Kris Phillips
02:45 AM Regression #15030: Keymap Layout Options No Longer Provided
Of note the Netgate Installer also is affected by this. Keyboard layout doesn't appear to be a prompted item, which ... Kris Phillips
02:43 AM Regression #15430: Interface-bound state policy does not handle IPsec VTI traffic as expected when filtering on ``enc0`` interface
I can confirm this behavior.
Given that VTIs under the default filter mode with the default firewall rules will ... Kris Phillips
02:40 AM pfSense Plus Bug #15303: dpinger service does not always switch from Pending to Online
To summarize current ways this happens:
1. VTI tunnels
2. OpenVPN Client or Server interfaces that are assigned t... Kris Phillips
01:14 AM pfSense Plus Bug #14005: SFP Interfaces not available with Traffic Shaper in v23.01
shaping may not be supported on that driver and/or additional 'tuning' could be required, intel based sfp's (ix drive... Jordan G
12:53 AM pfSense Plus Bug #14401 (Feedback): Changing from Switchport to Discrete Interface in VGA/Serial Console Breaks Port Status Monitoring
7100 on 24.03, reassigning WAN or LAN to ix0/1 from the console appears correctly adjust the port monitoring such tha... Jordan G
12:24 AM pfSense Plus Regression #15494 (Confirmed): Reinstall Packages button reports another instance of ``pfSense-upgrade`` is running
I am seeing the same on... Christopher Cope
12:06 AM Bug #15495 (Closed): Upgrade fails on upstream bectl bug
System: Netgate 6100
Online upgrade to 24.03. (HS# 2584018971)... Craig Coonrad

05/11/2024

05:02 PM pfSense Plus Regression #15494 (Resolved): Reinstall Packages button reports another instance of ``pfSense-upgrade`` is running
Diagnostics>Backup&Restore>Reinstall packages button, after hitting confirm, eventually displays "Another instance of... Jordan G
04:40 PM Bug #15493 (New): Kea sometimes provides an IP from the DHCP pool despite static mappings
Tested on... Christopher Cope
04:07 PM Bug #14933: Traffic Graph widget displays bandwidth usage values which are half the actual usage amount
Steve Wheeler wrote in #note-12:
> https://github.com/pfsense/pfsense/pull/4677
I tested the patch against the:
<pr... Danilo Zrenjanin
03:47 PM Bug #14083: Adding MSS and MTU values on a LAGG VLAN interface breaks connectivity
That patch appears to have done the trick, we have successfully booted completely with MTU/MSS values in place. Steve N
12:16 AM Bug #14083 (Pull Request Review): Adding MSS and MTU values on a LAGG VLAN interface breaks connectivity
Marcos M
12:16 AM Bug #14083: Adding MSS and MTU values on a LAGG VLAN interface breaks connectivity
The looping issue seems to be triggered when there are at least two assigned VLAN interfaces with a LAGG parent, and ... Marcos M
03:19 PM Regression #15439 (Confirmed): Incorrect icon on collapsed dashboard widgets
I can confirm this on:... Danilo Zrenjanin
03:04 PM pfSense Packages Regression #15469 (Confirmed): RRD Graphs height is smaller than expected
I can confirm this behavior on:... Danilo Zrenjanin
07:39 AM pfSense Packages Bug #15385 (Confirmed): PHP crash when exporting Apple profile, while IPsec P1 authentication method set to "Mutual Certificate"
I can replicate this issue.
Tested against:... Danilo Zrenjanin

05/10/2024

10:54 PM pfSense Plus Bug #15472: potential bug with the ath driver
Side note this does not occur when "only" 802.11A is running. Example using Channel 165 Jonathan Lee
08:07 PM Feature #15492: Test if storage/eMMC is actually writable underneath ZFS
And/or Netgate Installer can test this. Steve Y
06:25 PM Feature #15492 (New): Test if storage/eMMC is actually writable underneath ZFS
It seems ZFS allows users to think their storage is writable even if it isn't:
https://forum.netgate.com/topic/18795... Steve Y
08:02 PM Regression #15470 (Resolved): Port forward rules created by ``miniupnpd`` do not expire
With the fix, port mappings correctly automatically expire and can be removed on client request. Marcos M
07:20 PM Bug #14000: PHP error with xmlrpc
Jim Pingle wrote in #note-1:
> This is from an external utility hitting XMLRPC, most likely the Home Assistant integr... Roger Fedor
06:12 PM pfSense Docs Todo #15491 (New): Document dynamic gateway creation
One may wish to create a dynamic gateway before the link is provisioned. This is possible by creating a gatewway with... Marcos M
05:09 PM pfSense Docs Todo #15479 (Closed): Feedback on DNS — Creating Wildcard Records in DNS Forwarder/Resolver
That isn't quite true exactly as stated, but I added some text to clarify what is happening in those cases and how to... Jim Pingle
05:00 PM pfSense Docs Correction #15473 (Closed): Feedback on pfSense® software Configuration Recipes — Blocking External Client DNS Queries: Firefox
It's clear as is -- that's what the "by default" part of that sentence means -- but I added a little more text to mak... Jim Pingle
04:38 PM Bug #15487 (Not a Bug): Unable to ping nodes in remote side of tailscale
Doesn't seem like there is an actionable bug here. It may just not be compatible with tailscale in the way you're try... Jim Pingle
04:35 PM Bug #15486 (Duplicate): Unable to run Packet Captures on a tailscale interface in GUI on 2.7.2
It's already fixed in the repo, there is nothing more to fix. We could maybe add a patch for that to system patches f... Jim Pingle
04:34 PM Feature #15488: Add link from "Tracking ID" when editing a firewall rule to firewall logs filtered for that ID
N.B. whoever implements this, it would have to utilize @usepost@ so it properly submits the form data, it can't just ... Jim Pingle
09:44 AM Feature #15488 (New): Add link from "Tracking ID" when editing a firewall rule to firewall logs filtered for that ID
Dear Brilliant pfSense DevTeam!
IDEA
Click on “Tracking ID” value on Rule edit page lead to open *Status* / *Syst... Sergei Shablovsky
04:26 PM Bug #15490: Sanitize RFC 2136 Dynamic DNS update keys in ``status.php`` output
Specifically the tag is @<keydata>@ that should be sanitized. (@dnsupdates/dnsupdate/<idx>/keydata@) Jim Pingle
03:53 PM Bug #15490 (Resolved): Sanitize RFC 2136 Dynamic DNS update keys in ``status.php`` output
The keys inside the <dnsupdates> should be sanitized because restoring the client's config for test purposes can caus... Lev Prokofev
02:53 PM Feature #15489 (New): Login email notification
Please consider adding a Login email notification option in System\Advanced João Matos
01:26 PM pfSense Plus Bug #15418: Incorrect links to edit static mapping and WOL on DHCPv6 leases (status_dhcpv6_leases.php). URL parameter values missing.
I couldn't replicate this either:
I can see the correct URL parameters "if" and "id." ... Danilo Zrenjanin
05:32 AM Bug #15449: IPsec VTI static routes may not be added after the system boots
I finally replicated the issue by restoring the config from the status output file, the root cause is still unknown h... Lev Prokofev
12:40 AM pfSense Plus Bug #15196: AWS ena interfaces can become unstable/stop responding
Another customer in ticket 2706080899 with this issue. Kris Phillips

05/09/2024

11:14 PM Revision 63419d38: Add a speedtest alternative written in go
Brad Davis
09:39 PM Bug #15487 (Not a Bug): Unable to ping nodes in remote side of tailscale

Unable to ping IPs in remote side of tailscale if I selected the source IP address while it is working with automat... Alhusein Zawi
09:24 PM Bug #15486 (Duplicate): Unable to run Packet Captures on a tailscale interface in GUI on 2.7.2

while this issue was fixed in 24.03 , it is still appearing in 2.7.2
related to https://redmine.pfsense.org/iss... Alhusein Zawi
08:06 PM Bug #15413 (Feedback): Kernel panic in HA nodes when under high load
What is hoped to be the fix has been merged to our branches. Kristof Provost
08:05 PM Bug #15481 (Feedback): File descriptor leak in ``bsnmpd``
And that's been merged to our branches. Kristof Provost
12:16 PM Bug #15481: File descriptor leak in ``bsnmpd``
Upstream fix: https://cgit.freebsd.org/src/commit/?id=f1612e7087d7c3df766ff0bf58c48d02fb0e2f6d Kristof Provost
10:07 AM Bug #15481 (Resolved): File descriptor leak in ``bsnmpd``
A user reports seeing an unusual increase in the number of running processes.
The extra processes are all kernel/net... Kristof Provost
08:03 PM pfSense Packages Todo #15484: Show more characters of the Description column in the WireGuard peer tables
Also, if you must truncate the Description cells, then when I hover over a truncated Description cell, it should show... Jeremy  99
07:41 PM pfSense Packages Todo #15484 (New): Show more characters of the Description column in the WireGuard peer tables
When viewing the table of WireGuard peers, some columns are truncated to make them all fit. I think the most importa... Jeremy  99
08:00 PM pfSense Packages Todo #15485 (New): Usability and consistency of the WireGuard peer tables
Suggestions to make the WireGuard Peer tables a bit more usable:
1) Make the tables sortable. I have 30 Peers and... Jeremy  99
07:33 PM Bug #14083: Adding MSS and MTU values on a LAGG VLAN interface breaks connectivity
Sorry, I didn't get notified of your latest post. I take it the patch did NOT resolve the issue then, but you've iden... Steve N
12:51 AM Bug #14083: Adding MSS and MTU values on a LAGG VLAN interface breaks connectivity
Thanks for the feedback - hopefully we'll have some better luck reproducing the issue now. In the meantime if it's no... Marcos M
05:59 PM pfSense Plus Bug #15196: AWS ena interfaces can become unstable/stop responding
another ticket with this issue
#2694269097 Georgiy Tyutyunnik
01:39 PM Bug #15482 (Rejected): NTP logic
What you're describing would need to be a change made in the NTP daemon behavior, which is out of our control. Probab... Jim Pingle
12:58 PM Bug #15482 (Rejected): NTP logic
it seems to be the case that NTP back end interface querying is hierarchical and if the first rule it encounters fail... mrpops2ko .
01:15 PM Todo #15483: Update Unbound to 1.22.0
If you "read the details":https://nlnetlabs.nl/news/2024/May/08/unbound-1.20.0-released/ that isn't really a vulnerab... Jim Pingle
01:10 PM Todo #15483 (Resolved): Update Unbound to 1.22.0
Update Unbound to version 1.20.0, as this newest version contains a fix for the DNSBomb vulnerability CVE-2024-33655. Glenn Hall
12:34 PM Feature #15478 (Duplicate): Rule Seperators for NAT Rules.
Duplicate of #7781 Jim Pingle
12:33 PM Bug #15480 (Rejected): IX polling driver
Polling was removed because it was no longer useful on modern hardware the way it worked in the OS, which is still tr... Jim Pingle
02:13 AM Bug #15480 (Rejected): IX polling driver
hello i tried searching for this but found little information
this polling man page
https://man.freebsd.org/cgi/... mrpops2ko .
12:21 PM Regression #15470 (Feedback): Port forward rules created by ``miniupnpd`` do not expire
I've updated miniupnpd to the latest version and adjusted the libpfctl patch in https://gitlab.netgate.com/pfSense/Fr... Kristof Provost
12:19 PM Bug #15471 (Feedback): Memory leak in pfSense module function ``pfSense_get_ifaddrs()``
We array_init() 'addr' (which causes PHP to allocate memory), but potentially
break out before adding 'addr'... Kristof Provost
07:07 AM Bug #15449: IPsec VTI static routes may not be added after the system boots
I'm not able to replicate it on 24.03. Lev Prokofev
06:40 AM Bug #15449: IPsec VTI static routes may not be added after the system boots
Ticket for reference #2703470963 the SOs and steps included. Lev Prokofev
12:57 AM pfSense Docs Todo #15479: Feedback on DNS — Creating Wildcard Records in DNS Forwarder/Resolver
edit: oh it does mention it, but more so in the DNS MASQ section, when i was doing this for unbound
i wonder if th... mrpops2ko .
12:54 AM pfSense Docs Todo #15479 (Closed): Feedback on DNS — Creating Wildcard Records in DNS Forwarder/Resolver
*Page:* https://docs.netgate.com/pfsense/en/latest/services/dns/wildcards.html
*Feedback:*
can we suggest that ... mrpops2ko .

05/08/2024

11:46 PM Bug #14083: Adding MSS and MTU values on a LAGG VLAN interface breaks connectivity
This behavior started for me when I moved to 23.05 and persists through 24.03, and is actually worse on 24.03 than it... Steve N
11:20 PM Bug #14083 (Feedback): Adding MSS and MTU values on a LAGG VLAN interface breaks connectivity
Part of the issue here has been solved with #9453. Some situations remain where things can break - see: https://redmi... Marcos M
11:30 PM Bug #9453: Reconfiguring a parent LAGG interface breaks its VLANs
Correct, 7100. I have uploaded the status report as well. Steve N
11:25 PM Bug #9453: Reconfiguring a parent LAGG interface breaks its VLANs
Presumably you're running into this issue on a 7100; I've reopened that one for additional feedback. It would be help... Marcos M
10:51 PM Bug #9453: Reconfiguring a parent LAGG interface breaks its VLANs
I don't even know how I would assign and disable the interface, my bug was actually https://redmine.pfsense.org/issue... Steve N
10:35 PM Bug #9453: Reconfiguring a parent LAGG interface breaks its VLANs
@Steve N
Do you have the parent lagg interface assigned and disabled? See:
https://redmine.pfsense.org/issues/15452 Marcos M
11:10 PM Bug #15452: Unexpected/Undefined behaviour of disabled interfaces
Some parent interfaces like LAGGs are configured separately from the assigned interfaces page. The undefined behavior... Marcos M
10:26 PM Regression #15470: Port forward rules created by ``miniupnpd`` do not expire
Steve Wheeler wrote:
> Testing in 24.03 on a 3100 I added some test values with a 3600s lifetime:
> [...]
>
> 15... Wyatt Childers
10:07 PM Feature #15478 (Duplicate): Rule Seperators for NAT Rules.
Just as there are options for Labeled & Colored rule separators for organization in the Firewall Rules Web UI, can we... Jeff Kuehl
08:24 PM pfSense Plus Bug #15472: potential bug with the ath driver
Compex WLE200NX Jonathan Lee
02:49 AM pfSense Plus Bug #15472: potential bug with the ath driver
Attached is swap crash report Jonathan Lee
02:47 AM pfSense Plus Bug #15472: potential bug with the ath driver
Support ticket 2701044255  Jonathan Lee
02:46 AM pfSense Plus Bug #15472 (New): potential bug with the ath driver
I am having crash and system panics when the ath driver goes full tilt. I didn’t notice it until recently with change... Jonathan Lee
08:22 PM pfSense Packages Feature #11837: Increase field length of FRR Networks in Access Lists and Prefix Lists
Jim (or anyone from the team), can we get this fixed?
If I knew how to expand the windows in PHP (or even knew PHP)... Mike Moore
04:32 PM Feature #15476 (New): Allow listing and switching repo branches from the CLI
Currently you can only set the current update repo branch from the webgui. Since upgrades now require opting into the... Steve Wheeler
04:14 PM Bug #15449: IPsec VTI static routes may not be added after the system boots
So on one of the 4200s running 24.03 I have done the following:
1. Deleted static route to 192.168.5.0/24
2. Deleted... Larry Fahnoe
04:11 PM Bug #15449 (Incomplete): IPsec VTI static routes may not be added after the system boots
Marcos M
06:56 AM Bug #15449: IPsec VTI static routes may not be added after the system boots
I've tested on 23.09.1
- I've added disabled WAN gateway which is not in the same subnet as a real WAN subnet is
-... Azamat Khakimyanov
04:04 PM pfSense Docs New Content #15475 (Rejected): Connect to console index page on ddocs
Create a "Connect to console" index page with instructions for all Netgate models and add it to the Net Installer page. dylan mendez
04:01 PM pfSense Plus Feature #15474 (New): Support for VRRP
FreeBSD supports the VRRP protocol.
Would it be possible to have VRRP replace CARP as a FHRP(first hop redundancy pr... Mike Moore
10:00 AM pfSense Docs Correction #15473 (Closed): Feedback on pfSense® software Configuration Recipes — Blocking External Client DNS Queries: Firefox
*Page:* https://docs.netgate.com/pfsense/en/latest/recipes/dns-block-external.html
*Feedback:*
The pfSense docu... Jared Silva
 

Also available in: Atom