Project

General

Profile

Activity

From 05/20/2024 to 06/18/2024

06/18/2024

11:52 PM Feature #15562 (New): Add support for OpenID
The idea have been discussed in the forum 2 years ago and the author said he would create a feature request about it.... Jacques Bourdeau
06:20 PM Bug #15561 (New): wireguardd stop command exits with error
Version: 24.03-RELEASE
Platform: KVM Guest
pfSense reboot (diag_reboot.php) calls ... Craig Coonrad
08:54 AM pfSense Plus Bug #15196: AWS ena interfaces can become unstable/stop responding
Craig Coonrad wrote in #note-34:
> dtrace submitted based on: https://redmine.pfsense.org/issues/15196#note-21
> HS... Kristof Provost

06/17/2024

05:17 PM pfSense Plus Bug #15196: AWS ena interfaces can become unstable/stop responding
dtrace submitted based on: https://redmine.pfsense.org/issues/15196#note-21
HS# 2755313440... Craig Coonrad
12:31 PM pfSense Plus Bug #15196: AWS ena interfaces can become unstable/stop responding
`can't allocate llinfo` is logged by arpresolve_full(), when lltable_alloc_entry() returns NULL. lltable_alloc_entry(... Kristof Provost
02:24 PM Feature #13293: Option to set auth-gen-token in OpenVPN GUI
!clipboard-202406171622-03s2h.png!
Just add "auth-gen-token;" to custom options during the server configuration. Gianni Binomio
02:14 PM Regression #15556 (Closed): Net installer fails (24.06-beta-6) to set vlan tag for PPPoE
Luiz Souza
01:05 PM Revision 5cac5bc4: Revert "Add dns/powerdns to poudriere_bulk"
This reverts commit f30a1955ce187e3b66d15dce6f4270aee606bd71. Christian McDonald
12:42 PM pfSense Docs Correction #15559 (Closed): Typo in "Contact with Netgate Servers"
Fixed, thanks! Jim Pingle
12:21 PM Feature #15371 (Duplicate): Add MAP-E support
Jim Pingle
10:54 AM pfSense Packages Regression #11634 (Resolved): bind hangs when pfsense is reconnecting as an openvpn client to a TUN openvpn server
I was able to reproduce this issue on 2.5.0 CE (Bind 9.16_10).
With active and working Bind, so I was able to reso... Azamat Khakimyanov
08:24 AM Feature #7781: Please Enable Rule Separators on Manual Outbound NAT
Can someone handle this feature request?
Without separators, managing complex configurations becomes really hard. Gianni Binomio

06/16/2024

08:44 AM Bug #15536: still generate XMLRPC Error even after checkbox Synchronize states is set to OFF
Jim Pingle wrote in #note-1:
> State synchronization is an entirely separate protocol from XMLRPC configuration sync... Sergei Shablovsky
08:42 AM Feature #10467: Email alert functionality for system health
tasty ratz wrote:
> Email alerting is not well documented and not very inclusive.
>
> I recently experienced an i... Sergei Shablovsky
08:35 AM Feature #14558: Feature Request: GUI options to Unbound Resolver's new DoH abilities
+ upvote for this!
Using DoT/DoH already are the standard nowadays (at the first because most used browsers Safar... Sergei Shablovsky
01:17 AM Feature #11901: Add MAP-T/MAP-E support to pfSense
Many components of MAP-E are in FreeBSD now. See for an example: https://github.com/pfsense/FreeBSD-src/commit/2aa21... Kris Phillips
01:12 AM Feature #15371: Add MAP-E support
This should be closed as a duplicate and comments added to the original redmine. Creating duplicates intentionally i... Kris Phillips

06/15/2024

02:56 PM pfSense Docs Correction #15559: Typo in "Contact with Netgate Servers"

(I'm really just testing the bug reporting process but I thought I'd share this one typo I happened upon.) Nick Weber
02:54 PM pfSense Docs Correction #15559 (Closed): Typo in "Contact with Netgate Servers"

https://docs.netgate.com/pfsense/en/latest/general/netgate-servers.html
The first paragraph of this page contain... Nick Weber
06:20 AM Regression #15556: Net installer fails (24.06-beta-6) to set vlan tag for PPPoE
It is fixed in pfSense-plus-installer-24.06-BETA7-amd64-latest.img the issue can be marked as resolved. Lev Prokofev

06/14/2024

10:36 PM Bug #15133 (Resolved): PHP error with OpenVPN server certificate verification if the certificate has multiple ``CN`` attributes
Marcos M
05:29 PM Bug #15133: PHP error with OpenVPN server certificate verification if the certificate has multiple ``CN`` attributes
reproduced on 23.09, 24.03
tested on
24.08-DEVELOPMENT (amd64)
built on Fri Jun 14 9:02:00 +03 2024
FreeBSD 15... Georgiy Tyutyunnik
04:13 PM pfSense Plus Bug #15196: AWS ena interfaces can become unstable/stop responding
Kristof Provost wrote in #note-31:
> Are the users affected by `kernel: arpresolve: can't allocate llinfo` running a... Christopher Cope
03:27 PM pfSense Plus Bug #15196: AWS ena interfaces can become unstable/stop responding
Are the users affected by `kernel: arpresolve: can't allocate llinfo` running a routing daemon (openbgpd, frr, ...)?
... Kristof Provost
01:43 PM pfSense Plus Bug #15196: AWS ena interfaces can become unstable/stop responding
Kristof Provost wrote in #note-29:
> Was there a `kernel: arpresolve: can't allocate llinfo ` in HS# 2828658261?
> ... Christopher Cope
07:39 AM pfSense Plus Bug #15196: AWS ena interfaces can become unstable/stop responding
Was there a `kernel: arpresolve: can't allocate llinfo ` in HS# 2828658261?
What sort of connection issues is it see... Kristof Provost
01:14 AM pfSense Plus Bug #15196: AWS ena interfaces can become unstable/stop responding
A fresh deployment of 24.03 on a t3.small. HS# 2828658261. No unusual CPU load.... Chris W
01:49 PM Bug #15557 (New): Dynamic DNS Cloudflare update fails with UNKNOWN ERROR, because get_failover_interface returns an interface without configured IP
Dynamic DNS service configured for Cloudflare DNS fails when WAN IP is configured with DHCP on bridge0 (vtnet0 + vtne... Theo Logan
07:54 AM Regression #15556 (Closed): Net installer fails (24.06-beta-6) to set vlan tag for PPPoE
It was working before on pfSense-plus-installer-24.10-DEVELOPMENT-amd64-20240531-0600.img but now on pfSense-plus-ins... Lev Prokofev
04:18 AM Bug #15555: Coredumps not functional for non-root processes.
Thanks for reviewing this. Jonathan Lee

06/13/2024

05:05 PM Revision f30a1955: Add dns/powerdns to poudriere_bulk
Christian McDonald
01:37 PM Bug #15555: Coredumps not functional for non-root processes.
This is not a Squid specific issue. Services/processes running as non-root users fail to create a core file. Steve Wheeler
02:50 AM Bug #15555 (New): Coredumps not functional for non-root processes.
Jun 12 19:02:08 kernel pid 80887 (squid), jid 0, uid 0: exited on signal 6 (no core dump - bad address)
Jun 12 19... Jonathan Lee
11:57 AM pfSense Plus Feature #11920: SAML Authentication for pfSense (VPN and webConfigurator)
That would be great, I'm changing my LOCAL AD to Microsoft Entra ID and I now need to authenticate my VPN with it. Wagner Ferreira
05:50 AM Feature #4632: Support for Multipath TCP (MPTCP)
+1
 z z

06/12/2024

11:12 PM pfSense Packages Feature #15554 (New): CARP enabled Wireguard Failover
I am writing to propose two new features for pfSense that would greatly enhance the reliability, usability, and manag... Daewon Kim
08:18 PM pfSense Docs Todo #15553 (Duplicate): Feedback on pfSense® software Configuration Recipes — WireGuard Site-to-Site VPN Configuration Example
*Page:* https://docs.netgate.com/pfsense/en/latest/recipes/wireguard-s2s.html
*Feedback:*
Because the WireGuard... Ross Williams
12:27 PM Bug #15552: NTP option "DNS Resolution" has no effect when using NTP pool hostnames
Point 1 isn't relevant -- that has no effect on anything other than the firewall rules being able to pass IPv6, it do... Jim Pingle
01:40 AM Bug #15552 (Resolved): NTP option "DNS Resolution" has no effect when using NTP pool hostnames
This issue happened in the past on #10322. It appears it was corrected but has come back.
Details
# System -> ... Travis McMurry

06/11/2024

11:57 PM pfSense Packages Bug #15457 (Ready To Test): HAproxy disable zero copy forwarding
HAProxy package has been updated to 2.9.7 which includes the zero copy forwarding fix. Steve Wheeler
11:09 PM pfSense Packages Feature #12711: Add InfluxDB V2 support
I did not encounter any issues with the Telegraf config being overwritten.
I did experience Telegraf going down. So ... Craig Coonrad
09:16 PM pfSense Packages Feature #12711: Add InfluxDB V2 support
> [...] there is a problem when Telegraf restart so the config gets overwritten
Please open a new redmine (or fol... Marcos M
10:05 PM pfSense Plus Bug #15511 (Closed): Factory resetting the configuration removes WireGuard
Luiz Souza
09:09 PM pfSense Packages Bug #9138 (Closed): telegraf: add section for custom config lines
Custom configuration can already be added in current versions. Marcos M
09:09 PM pfSense Packages Feature #8099 (Closed): Add more configuration flexibility to Telegraf
Custom configuration can already be added in current versions. Marcos M
09:01 PM pfSense Packages Bug #9337 (Closed): Telegraf ping input fails
Current available version is 1.30.3 Marcos M
08:57 PM pfSense Packages Bug #14861 (Feedback): PHP error when pings are enabled but no ping hosts are defined
Marcos M
05:19 PM pfSense Packages Bug #14523 (Feedback): PHP error when using an unsupported alias type in Advanced Rule Settings
Marcos M
05:19 PM pfSense Packages Bug #14572 (Resolved): Unused DNSBL files may not be removed
Marcos M
05:08 PM Revision 429312ff: Update text references to UPnP protocols
Marcos M
04:26 PM Regression #15094 (In Progress): Updates fail against an authenticated upstream proxy
https://github.com/freebsd/pkg/pull/2286 Steve Wheeler
12:59 PM pfSense Packages Bug #11563 (Confirmed): BIND GUI writes TXT records > 255 characters
I tested it on 24.03-RELEASE (Bind 9.17) and on 24.08-DEVELOPMENT (Bind 9.18)
When I added some text with more than ... Azamat Khakimyanov

06/10/2024

10:09 PM Bug #15493: Kea sometimes provides an IP from the DHCP pool despite static mappings
Not a bug, the client ID differs and there is an option to ignore the client ID, which you most likely haven't set. Flole Systems
07:38 PM pfSense Packages Feature #12711: Add InfluxDB V2 support
Hi mmendoza / marcos-ng
It would be nice if you can update to the latest Telegraf version and update the package and... Marc Walter
05:50 PM Bug #15551 (Incomplete): New Kea DHCP breaks my PXE booting
There isn't nearly enough information here and this site is not for support or diagnostic discussion.
For assistan... Jim Pingle
05:22 PM Bug #15551 (Incomplete): New Kea DHCP breaks my PXE booting
When I have Kea DHCP turned on I can no longer build my PCS via PXE using Windows WD deploy server
Attached are lo... david scanlon
05:44 PM pfSense Packages Feature #15527 (New): IPSec Profile Wizard/Windows: Filter User Certificate by Issuer
Marcos M
04:55 PM pfSense Packages Feature #15527: IPSec Profile Wizard/Windows: Filter User Certificate by Issuer
Marcos M wrote in #note-1:
> Try applying the following patch using the "System Patches":https://docs.netgate.com/pfs... Alex Bryant
03:20 PM Bug #15516: Per-rule byte counter values lost across a filter reload
I agree with the analysis.
The entire thing however showed up because of performance problems on the 3100.
It v... Mateusz Guzik
12:25 PM Bug #15516: Per-rule byte counter values lost across a filter reload
I believe I see what's happening.
When rules are re-loaded we explicitly copy the counter state from the previous ... Kristof Provost
01:15 PM Feature #15550: Support using aliases/macros for sources when creating a block rule with ``easyrule`` in the CLI
This isn't a bug but a missing feature. Using an alias works for pass rules, but not for block rules.
Though I'm n... Jim Pingle
04:34 AM Feature #15550: Support using aliases/macros for sources when creating a block rule with ``easyrule`` in the CLI
I can replicate this on 24.03.
Documentation indicates an alias should work. dylan mendez
12:00 AM Feature #15550 (New): Support using aliases/macros for sources when creating a block rule with ``easyrule`` in the CLI
If I type from cli:... David Moo
12:56 PM pfSense Packages Feature #15549 (Rejected): Sending E-mail about system processes
That is way out of scope. This package doesn't monitor logs for strings and notify like that, and the items you menti... Jim Pingle
12:50 PM pfSense Packages Regression #15540: Cannot create new System Patches package custom entry on Plus 24.08/CE 2.8.0 Snapshots
Without the patch from the PR it happens on all of mine, but all of mine had existing patch entries. It's possible it... Jim Pingle

06/09/2024

05:15 PM pfSense Packages Bug #15088: BIND does not start after a config restore
Tested on 23.05.1 Bind 9.17 (Bind916-9.16.39), on 23.09.1 Bind 9.17 (Bind916-9.16.42)
and on 24.08-DEV Bind 9.18 (Bi... Azamat Khakimyanov
10:04 AM pfSense Packages Feature #15549 (Rejected): Sending E-mail about system processes
It would be nice to add the ability to send e-mails about hardware statuses and other system processes. Ene As
12:49 AM pfSense Plus Regression #15494: Reinstall Packages button reports another instance of ``pfSense-upgrade`` is running
Still seeing the same on... Christopher Cope
12:46 AM pfSense Packages Feature #15548 (Confirmed): Add packages for Zabbix 7.0 Agent and Proxy
Confirmed not available in 24.03 or 24.08. Kris Phillips
12:36 AM pfSense Packages Bug #15529: The path on the AWS High Availability page doesen't show the current tab
Also confirmed on 24.03. Kris Phillips

06/08/2024

10:06 PM Bug #15098: Wireguard crashes on boot if PPPoE is the default gateway
Tested in 2.7.2
single WAN with PPPoE Gateway and a Wireguard Tunnel.
Tunnel came up without issues, PPPoE sess... dylan mendez
08:21 PM pfSense Packages Bug #15027 (Feedback): Bind DNS Server cannot reorder zones
Azamat Khakimyanov
08:20 PM pfSense Packages Bug #15027: Bind DNS Server cannot reorder zones
Tested on 24.08-DEV (built on Mon Jun 3 6:00:00 UTC 2024) with Bind 9.18
Reordering zones works as it should: after ... Azamat Khakimyanov
07:58 PM pfSense Packages Regression #15540: Cannot create new System Patches package custom entry on Plus 24.08/CE 2.8.0 Snapshots
I'm not seeing this issue on the following version, which doesn't have the pull request above merged yet.... Christopher Cope
07:13 PM pfSense Packages Feature #15548 (Resolved): Add packages for Zabbix 7.0 Agent and Proxy
Zabbix 7.0 has been released. https://www.zabbix.com/rn/rn7.0.0
This might be a good opportunity to address the Za... Andrew Almond
07:11 PM Bug #13723: dpinger doesn't renew Gateway Monitoring IP address for IPsec VTi after changing IPsec VTi subnet
Retested on latest 24.08 (built on Fri Jun 7 18:50:00 UTC 2024)
I still saw exactly the same behavior: after chang... Azamat Khakimyanov
08:44 AM Bug #13723: dpinger doesn't renew Gateway Monitoring IP address for IPsec VTi after changing IPsec VTi subnet
Tested on 24.03, the monitoring IP changes immediately after applying the changes. Lev Prokofev
09:19 AM Bug #15546: when trafic sphaper; delimiters are applied do not work in linux client over nat
Chris W wrote in #note-1:
> What are you changing about the firewall rule which makes it work, and which pipe are yo... sezer h

06/07/2024

07:24 PM Bug #15423 (Resolved): PHP error when applying interface settings if the ``/tmp/.interfaces.apply`` file is present but empty
Marcos M
04:05 PM Bug #15423: PHP error when applying interface settings if the ``/tmp/.interfaces.apply`` file is present but empty
reproduce on 24.03 by manually creating empty file /tmp/.interfaces.apply
tested on
24.08-DEVELOPMENT (amd64)
bu... Georgiy Tyutyunnik
05:11 PM Bug #15546: when trafic sphaper; delimiters are applied do not work in linux client over nat
What are you changing about the firewall rule which makes it work, and which pipe are you using (In or Out)? Pf doesn... Chris W
10:31 AM Bug #15546 (New): when trafic sphaper; delimiters are applied do not work in linux client over nat
when i set limiters from trafic shapers 10Mbit/s source address the nat rule not working correctly for just linux cl... sezer h
04:26 PM pfSense Plus Bug #15196: AWS ena interfaces can become unstable/stop responding
fresh dtrace didn't produce meaningful results.
asked client to work with affected firewall instead of restoring it ... Georgiy Tyutyunnik
03:59 PM Revision 11b34dac: Correct config_get_path -> config_set_path in shaper.inc
Reid Linnemann
03:59 PM Revision 65db621a: Add defaults to config_get_path where needed in select files
Some calls to config_get_path may introduce errors if the key does not exist and
the default of null is returned. Thi... Reid Linnemann
02:24 PM Bug #15547 (Not a Bug): Filter rule association incorrectly displayed when editing a port forward
This is actually the expected behaviour.
The shown 'Rule NAT' is confusing if no descriptions are added. Otherwise... Steve Wheeler
02:05 PM Bug #15547 (Not a Bug): Filter rule association incorrectly displayed when editing a port forward
When editing an existing port forward the value shown for 'Filter rule association' is 'Rule NAT' which is not valid ... Steve Wheeler
12:23 PM pfSense Plus Bug #15545 (Incomplete): traffic shaper (Limiter) causes kernel panic -> random reboot
Please attach the full crash dump including the backtrace. Without that information there isn't enough to go on here ... Jim Pingle
07:54 AM pfSense Plus Bug #15545: traffic shaper (Limiter) causes kernel panic -> random reboot
Fatal trap 12: page fault while in kernel mode Evgeny Korostelev
07:37 AM pfSense Plus Bug #15545 (Incomplete): traffic shaper (Limiter) causes kernel panic -> random reboot
After update Pfsense Plus on version 24.03 random reboots appeared.
Canceling the use of a limiter in the rules so... Evgeny Korostelev

06/06/2024

09:03 PM Revision 2cb1f506: Fix RRD script syntax regression
Marcos M
07:03 PM pfSense Plus Bug #15535: Outgoing packets with Private source IP on WAN
I don’t use NAT in such a way that it would try to make two connections use the same conflicting information
There a... David G
04:01 PM Feature #15544 (New): Add hostname to Slack notifications
If multiple pfSense instances are using the same Slack channel, there's currently no way to tell which instance is se... Chris W
03:48 PM pfSense Packages Bug #15457: HAproxy disable zero copy forwarding
I'm not sure this kernel panic is related to the zero-copy-forwarding issue in HAProxy 2.9.1. Steve Wheeler
02:04 PM pfSense Packages Bug #15457: HAproxy disable zero copy forwarding
Backtrace:... Steve Wheeler
03:44 PM pfSense Packages Regression #15540 (Pull Request Review): Cannot create new System Patches package custom entry on Plus 24.08/CE 2.8.0 Snapshots
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/397 Marcos M
12:53 PM Feature #15543 (Duplicate): FREE DISK SPACE and /var/log LIGS SIZE NOTIFICATION
Already covered by other existing requests such as #10467 Jim Pingle
12:14 AM Feature #15543: FREE DISK SPACE and /var/log LIGS SIZE NOTIFICATION
Sorry for misstyping:) Sergei Shablovsky
12:13 AM Feature #15543 (Duplicate): FREE DISK SPACE and /var/log LIGS SIZE NOTIFICATION
Brilliant pfSense DevTeam!
Using pfSense’s IDS/IPS both Snort/Suricata and Ntopng GROWING EACH 6-8month since v.2.... Sergei Shablovsky
12:42 PM Bug #14083: Adding MSS and MTU values on a LAGG VLAN interface breaks connectivity
This patch resolved an issue I was having as well. lagg0 assigned, enabled, and unnumbered, MTU 9000 set on it, and s... Chris Linstruth

06/05/2024

11:15 PM Bug #14435 (Incomplete): PHP error with limiters
Reproducible steps or more context is needed for this to be investigated further. Marcos M
06:19 PM pfSense Plus Feature #15412 (Pull Request Review): Improve error feedback from pfSense-upgrade
It's not really practical to implement root cause tests in this case, but we can expose what part of the process fail... Marcos M
05:18 PM pfSense Packages Feature #15542 (Not a Bug): Default route withdrawal
This site is not for support or diagnostic discussion.
For assistance in solving problems, please post on the "Net... Jim Pingle
05:12 PM pfSense Packages Feature #15542 (Not a Bug): Default route withdrawal
I am running a PFSense FW with one WAN interface and one LAN interface. The WAN is our internet connection and the L... Chuck Slayton
02:13 PM Bug #15471 (Resolved): Memory leak in pfSense module function ``pfSense_get_ifaddrs()``
Tested on a system where I could reproduce the problem before with LCDProc and even after 17 hours there is zero incr... Jim Pingle

06/04/2024

09:30 PM Bug #14708 (Feedback): PHP error when the system fails to create an interface
Applied in changeset commit:ac39332caa1050ee56574395b73b4359d4218999. Marcos M
09:30 PM Bug #15133 (Feedback): PHP error with OpenVPN server certificate verification if the certificate has multiple ``CN`` attributes
Applied in changeset commit:70defd0f1a465b46754faecdc2fc96a0ef7cd279. Marcos M
09:23 PM Revision ac39332c: Handle failures to create an interface. Fix #14708
The function pfSense_interface_create2() may fail to create the
requested interface, in which case it returns the arr... Marcos M
09:21 PM Revision 70defd0f: Handle certificates with multiple CNs. Fix #15133
Multiple CNs are not supported. For compatibility, default to using
the first CN in the certificate instead of return... Marcos M
09:20 PM Bug #15423 (Feedback): PHP error when applying interface settings if the ``/tmp/.interfaces.apply`` file is present but empty
Applied in changeset commit:82e22457b04bf44c55cc1c4c6df91670ddb3e77c. Marcos M
09:12 PM Revision 82e22457: Add a helper function for unserialize(). Fix #15423
For calls to unserialize() which do not check for errors, use the
helper function instead. Marcos M
07:41 PM pfSense Packages Feature #15541 (New): CRON: option to enable/disable task
Check the possibility of creating an option to activate/deactivate tasks in cron.
!clipboard-202406041639-qmd5p.pn... Fabio Rafael Kochhann
07:35 PM pfSense Docs Todo #15497 (Closed): Add a bit more context to Gateway monitoring Action
I added a more info in the block for that setting, should hopefully be more informative now. Jim Pingle
07:14 PM pfSense Packages Regression #15540 (Resolved): Cannot create new System Patches package custom entry on Plus 24.08/CE 2.8.0 Snapshots
At some point between May 14th snapshots and June 2nd snapshots, something broke the ability to create new System Pat... Jim Pingle
07:09 PM pfSense Docs Todo #15522 (Closed): Feedback on Routing — Gateway Groups
Fixed that (plus one more on @multiwan/requirements@). Thanks! Jim Pingle
07:05 PM pfSense Docs Todo #15515 (Closed): Feedback on pfSense® software Configuration Recipes — WireGuard Site-to-Multisite VPN Configuration Example
You are right that wouldn't be valid for multiple clients in the same subnet. I updated the diagram and references in... Jim Pingle
07:02 PM pfSense Plus Regression #15539 (Resolved): PF syntax error when ``pflow`` is present on ``block`` rules
Fixed with 91628a2ed3d32140a2ee66806504590a65e2654f. Marcos M
06:54 PM pfSense Plus Regression #15539 (In Progress): PF syntax error when ``pflow`` is present on ``block`` rules
Marcos M
06:43 PM pfSense Plus Regression #15539 (Resolved): PF syntax error when ``pflow`` is present on ``block`` rules
Something either changed in rule generation or pf that is now triggering a syntax error for rules which have the @pfl... Jim Pingle
06:58 PM Revision 91628a2e: Only apply state tracking to pass rules
State tracking only applies to pass rules. This was broken with the
refactor of 3e28d716. Marcos M
06:36 PM pfSense Docs Correction #15514 (Closed): Add Netgate 4200 Pre-POST Light States
Added: https://gitlab.netgate.com/docs/pfsense-platforms/-/commit/d3056385ee5b1ccf0b20a1a70b55b30dbf27e30a Jim Pingle
04:46 PM Bug #15531: VLANs not cleared in console configuration despite warning
I can replicate this, when doing changes on the console without using the GUI and restarting, it keeps asking to conf... dylan mendez
12:24 PM pfSense Plus Bug #15446 (Resolved): Kernel panic with pflow configured and active
Jim Pingle
03:36 AM pfSense Plus Bug #15446: Kernel panic with pflow configured and active
I booted to the 24.08 dev build and ran IPFIX for about 8-10 hours.
No kernel panics. This appears resolved. Thanks. Craig Coonrad
12:08 AM pfSense Plus Bug #15538: RAM disks trigger boot failure warning when using ZFS
This actually fails the same way if you enable RAM disks after upgrading. Steve Wheeler
12:03 AM pfSense Plus Bug #15538 (Resolved): RAM disks trigger boot failure warning when using ZFS
Upgrades from 24.03 to 24.08-dev builds fail at first boot after rebooting into the new BE for the upgrade.... Steve Wheeler

06/03/2024

10:39 PM pfSense Plus Bug #13964 (Resolved): PHP syntax error in ``ec2_setup.php``
This is fixed with the config access work in 24.08. Marcos M
10:34 PM pfSense Packages Regression #13970: PHP error in apcupsd widget from UTF-8 string handling
Further feedback/issues would be best left to separate redmine reports with steps to reproduce. Marcos M
10:32 PM pfSense Packages Regression #13970 (Resolved): PHP error in apcupsd widget from UTF-8 string handling
Marcos M
10:32 PM pfSense Packages Regression #13970 (Closed): PHP error in apcupsd widget from UTF-8 string handling
Marcos M
10:30 PM pfSense Packages Bug #13985 (Duplicate): Telegraf error After Update PFSense to 23.01
Marcos M
10:27 PM Regression #13988 (Duplicate): PHP error with OpenVPN if the server certificate subject has duplicate components
Marcos M
10:21 PM pfSense Packages Bug #14419 (Closed): PHP error when trying to access pfBlockerNG configuration
With the move to pfBlockerNG v3 (from v2), pfblockerng.xml is no longer used to define the package GUI. The error is ... Marcos M
10:03 PM pfSense Packages Bug #14523 (Pull Request Review): PHP error when using an unsupported alias type in Advanced Rule Settings
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/400
This adds input validation to make sure the ... Marcos M
09:28 PM pfSense Packages Bug #14572 (Pull Request Review): Unused DNSBL files may not be removed
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/400
The error is related to removing unused DNSB... Marcos M
08:14 PM Bug #14708 (Pull Request Review): PHP error when the system fails to create an interface
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/1157
This is not specific to 6rd. This can happen when... Marcos M
06:45 PM pfSense Packages Regression #14850 (Pull Request Review): Unreadable alerts file results in PHP error
This indicates that the Snort UUID alert file exists but was not readable for some reason. The root cause of that can... Marcos M
06:30 PM pfSense Packages Bug #14861 (Pull Request Review): PHP error when pings are enabled but no ping hosts are defined
This happens when pings are enabled but no ping hosts are defined - simply disable pings to work around the PHP error... Marcos M
06:14 PM pfSense Plus Bug #15196: AWS ena interfaces can become unstable/stop responding
So the log in comment 23 has "kernel: arpresolve: can't allocate llinfo for 172.21.253.1 on ena1". So I'm wondering i... Kristof Provost
07:24 AM pfSense Plus Bug #15196: AWS ena interfaces can become unstable/stop responding
Here's dtrace from HS# 2785863048. This is the ticket Chris mentioned: https://redmine.pfsense.org/issues/15196#note-23 Azamat Khakimyanov
06:13 PM Bug #15133 (Pull Request Review): PHP error with OpenVPN server certificate verification if the certificate has multiple ``CN`` attributes
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/1156
We can handle multiple CNs by simply only using t... Marcos M
12:23 PM Feature #15323 (Pull Request Review): Display server description when WOL is sent using mac url or power-on button
Jim Pingle
12:22 PM pfSense Plus Bug #15535 (Not a Bug): Outgoing packets with Private source IP on WAN
If you use NAT in such a way that it would try to make two connections use the same conflicting information, it will ... Jim Pingle
12:18 PM pfSense Plus Bug #15418 (Incomplete): Incorrect links to edit static mapping and WOL on DHCPv6 leases (status_dhcpv6_leases.php). URL parameter values missing.
Jim Pingle
12:16 PM Bug #15536 (Not a Bug): still generate XMLRPC Error even after checkbox Synchronize states is set to OFF
State synchronization is an entirely separate protocol from XMLRPC configuration sync. State syncrhonization uses the... Jim Pingle
01:07 AM pfSense Packages Feature #9833: ACME: add ability to use custom ACME server
+1 for this as well. Javier Ramirez

06/02/2024

06:31 PM Bug #15537 (Resolved): Separator positions are incorrect when copying interface group rules
This is a bug similar to #14691 and #14619, but seems to only occur on interface groups.
h1. Steps to reproduce
... Christopher Jung
05:46 PM Bug #15536 (Not a Bug): still generate XMLRPC Error even after checkbox Synchronize states is set to OFF
ISSUE
Generating ERROR both in log and Notice WbGUI
XMLRPC Error
* A communications error occurred while atte... Sergei Shablovsky
05:38 PM pfSense Packages Bug #15296: WAN Interface cannot added to ntopng if offline-packet loss
Kris Phillips wrote in #note-2:
> Sergei Shablovsky wrote in #note-1:
> > Sergei Shablovsky wrote:
> > >
> > >
... Sergei Shablovsky
03:59 PM pfSense Plus Bug #15196: AWS ena interfaces can become unstable/stop responding
They do not appear to be seeing noticeably-high CPU load. Chris Linstruth
02:35 PM pfSense Plus Bug #15196: AWS ena interfaces can become unstable/stop responding
Another user is seeing similar behavior on an m5.xlarge with 24.03.
Main symptom there is pfSense static routes de... Chris Linstruth
01:45 AM Feature #15323: Display server description when WOL is sent using mac url or power-on button
the described behavior is also present in the current version of pfSense+ as well (24.03) Jordan G

06/01/2024

09:34 PM pfSense Docs Todo #15497: Add a bit more context to Gateway monitoring Action
Adding additional color to the documentation isnt a bad thing especially when questions about gateway monitoring come... Mike Moore
09:04 PM pfSense Docs Todo #15497: Add a bit more context to Gateway monitoring Action
Seems good to document that it can be beneficial in the case of a single WAN connection or alternatively that it's us... Jordan G
01:30 AM pfSense Docs Todo #15497: Add a bit more context to Gateway monitoring Action
If the gateway monitoring action is disabled, but it's still being monitored, the gateway won't be changed from up to... Kris Phillips
09:07 PM pfSense Packages Regression #15469: RRD Graphs height is smaller than expected
confirmed, resetting RRD data does not seem to provide any change in display scale Jordan G
07:49 PM pfSense Packages Bug #15529 (Confirmed): The path on the AWS High Availability page doesen't show the current tab
Confirmed on:... Christopher Cope
06:59 PM pfSense Packages Regression #14764 (Confirmed): HAProxy local syslog not working
I can confirm that logging into the local syslog is not functioning as expected.
The recommended workaround has re... Danilo Zrenjanin
06:22 PM Bug #15534: pfSense’s installer not table to see ZFS-formatted internal drive
Christopher Cope wrote in #note-1:
> Testing locally and the installer is able to see previously ZFS formatted drive... Sergei Shablovsky
06:19 PM Bug #15534: pfSense’s installer not table to see ZFS-formatted internal drive
Christopher Cope wrote in #note-1:
Thank You for answering!
> I originally misread the report. Please provide a... Sergei Shablovsky
03:09 PM Bug #15534 (New): pfSense’s installer not table to see ZFS-formatted internal drive
Christopher Cope
03:05 PM Bug #15534 (Duplicate): pfSense’s installer not table to see ZFS-formatted internal drive
I originally misread the report. Please provide a step-by-step to reproduce this issue, so we can attempt to recreate... Christopher Cope
01:10 PM pfSense Plus Bug #15535: Outgoing packets with Private source IP on WAN
After stopping and starting the SIP traffic the processing is correct:
Host is sending the same UDP packets with s... David G
06:40 AM pfSense Plus Bug #15535 (Incomplete): Outgoing packets with Private source IP on WAN
Capture on the WAN interface shows, that there are some packets leaving towards the Internet with Private RFC1918 sou... David G
01:21 AM pfSense Packages Bug #15313: Zabbix server 6.4.12 requires Zabbix proxies to be version 6.4.12
Checked in 24.03 release. Zabbix is still at 6.4.10. Kris Phillips
01:12 AM pfSense Plus Bug #15418: Incorrect links to edit static mapping and WOL on DHCPv6 leases (status_dhcpv6_leases.php). URL parameter values missing.
This should be marked as Incomplete until more information can be provided on how this is reproduced. I don't see a ... Kris Phillips
12:26 AM pfSense Packages Feature #15527 (Ready To Test): IPSec Profile Wizard/Windows: Filter User Certificate by Issuer
-Try applying the following patch using the "System Patches":https://docs.netgate.com/pfsense/en/latest/development/s... Marcos M
12:23 AM pfSense Packages Bug #15385 (Pull Request Review): PHP crash when exporting Apple profile, while IPsec P1 authentication method set to "Mutual Certificate"
https://gitlab.netgate.com/pfSense/factory-ports/-/merge_requests/104 Marcos M

05/31/2024

10:15 PM Bug #15534 (New): pfSense’s installer not table to see ZFS-formatted internal drive
Brilliant pfSense DevTeam!
*CONDITIONS*
Installing pfSense CE 2.7.2-REL from USB-flash (Transcend 16Gb USB 2.0, ... Sergei Shablovsky
10:09 PM Bug #15423 (Pull Request Review): PHP error when applying interface settings if the ``/tmp/.interfaces.apply`` file is present but empty
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/1155 Marcos M
09:46 PM pfSense Plus Bug #15533 (New): Boot verification script over matches
The boot verification script for ZFS boot environments can over match against other processes and fail to run due to ... Steve Wheeler
09:42 PM pfSense Plus Bug #14685: Kernel panic on reroot
Since this bug is triggered by unloading the zfs module incorrectly on systems that do not require it also see: https... Steve Wheeler
09:11 PM pfSense Plus Bug #14685 (Feedback): Kernel panic on reroot
I fixed it, see https://gitlab.netgate.com/pfSense/FreeBSD-src/-/commit/17758247bb690c60c7e1dbdbded2f21ad61d1f82 Mateusz Guzik
07:10 PM Bug #15449: IPsec VTI static routes may not be added after the system boots
The patch is working, confirmed in ticket #2703470963 and on my test device. The issue can be marked as resolved. Lev Prokofev
06:05 PM Bug #15449 (Resolved): IPsec VTI static routes may not be added after the system boots
Marcos M
04:40 PM Bug #15449 (Feedback): IPsec VTI static routes may not be added after the system boots
Applied in changeset commit:487d7d5e322993703716439422e3d032e40b61b4. Marcos M
04:05 PM Bug #15449 (Ready To Test): IPsec VTI static routes may not be added after the system boots
The inconsistency of the issue seems to stem from the @Gateway Monitoring@ setting. When unchecked (default), the rou... Marcos M
06:44 PM Bug #15362: Config upgrade error with empty gateway interval tags.
Fixed with @de9a3545ce34089e971947fd285522a406fce01f@ Marcos M
06:41 PM Bug #15362 (Resolved): Config upgrade error with empty gateway interval tags.
Marcos M
06:40 PM pfSense Packages Feature #15532: Update NUT status widget
Implemented in pull request 1374 (https://github.com/pfsense/FreeBSD-ports/pull/1374). Denny Page
06:37 PM pfSense Packages Feature #15532 (Resolved): Update NUT status widget
Update usability of the NUT status widget as follows:
* Add color coded icon for Summary status.
* Add line voltage... Denny Page
06:40 PM Revision de9a3545: Handle empty values during config upgrade. Fix #15362
The config may have an empty string - use 'empty()' instead of
'isset()' since '0' is not valid in this case. Marcos M
06:30 PM Bug #14859 (Resolved): Config upgrade error: upgrade_config.inc:6135
These should be resolved with the config access work for 24.08. Marcos M
06:28 PM Bug #14742 (Resolved): Several PHP errors in upgrade_config.inc
These should be resolved with the config access work for 24.08. Marcos M
05:25 PM Regression #15430 (Resolved): Interface-bound state policy does not handle IPsec VTI traffic as expected when filtering on ``enc0`` interface
Great, thanks for confirming! Marcos M
05:09 PM Regression #15430: Interface-bound state policy does not handle IPsec VTI traffic as expected when filtering on ``enc0`` interface
For validation i see my bgp peers haven't dropped. Mike Moore
04:41 PM Regression #15430: Interface-bound state policy does not handle IPsec VTI traffic as expected when filtering on ``enc0`` interface
There was an additional change after that, use the following instead; this should hopefully be included in the System... Marcos M
03:58 PM Regression #15430: Interface-bound state policy does not handle IPsec VTI traffic as expected when filtering on ``enc0`` interface
Patch applied.
Should i undo my previous changes of floating policy? Mike Moore
04:31 PM Revision 487d7d5e: Update the interface cache when configuring IPsec. Fix #15449
Marcos M
11:04 AM Bug #15531 (New): VLANs not cleared in console configuration despite warning
When configuration that includes VLANs is restored to different hardware (different NIC type), pfSense will show Inte... Jernej Simončič
09:28 AM pfSense Packages Bug #15530 (New): pfBlockerNG Sync Tab helptext
Under *Firewall/pfBlockerNG/Sync*, the help text under the *Enable Sync* dropdown menu is unclear. ... Danilo Zrenjanin
09:09 AM pfSense Packages Regression #14189: pfBlocker-NG: HA-Sync is not working
!clipboard-202405311108-n6kth.png!
 Danilo Zrenjanin
09:06 AM pfSense Packages Regression #14189 (Confirmed): pfBlocker-NG: HA-Sync is not working
Danilo Zrenjanin
09:06 AM pfSense Packages Regression #14189: pfBlocker-NG: HA-Sync is not working
I defined GeoIP IPv4 entry for France on the Primary.
I can confirm that the configuration doesn't get replicated f... Danilo Zrenjanin
07:50 AM pfSense Packages Bug #15529 (Confirmed): The path on the AWS High Availability page doesen't show the current tab
No matter which tab you select (IPs, Routes, or Elastic IPs) the path at the top left corner remains *Package/AWS Hig... Danilo Zrenjanin

05/30/2024

08:16 PM pfSense Packages Feature #15528 (Pull Request Review): Add fix for #15430 to pfSense+ 24.03
Marcos M
08:15 PM pfSense Packages Feature #15528: Add fix for #15430 to pfSense+ 24.03
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/397 Marcos M
06:51 PM pfSense Packages Feature #15528 (Resolved): Add fix for #15430 to pfSense+ 24.03
Having this available in 24.03 should mitigate state policy issues when upgrading to 24.03 (for those that use this p... Marcos M
06:15 PM pfSense Packages Feature #15527 (New): IPSec Profile Wizard/Windows: Filter User Certificate by Issuer
Windows EAP config has an option to filter which user certificates can be used by their issuer, so only these certifi... Alex Bryant
06:14 PM Revision 2ca4ce55: Introduce a default return value to the rest of the config functions
The current return values remain the same. The added safety checks
ensures the correct type when calling array_* func... Marcos M
06:05 PM pfSense Docs Todo #15526 (New): Add CLI Commands for Boot Environments to Documentation
There are some situations of disk space exhaustion where the webConfigurator will crash or be unresponsive. Being ab... Kris Phillips
03:25 PM Bug #15525 (Resolved): File browser on ``diag_edit.php`` does not encode directory names before display
Jim Pingle
02:34 PM Bug #15525: File browser on ``diag_edit.php`` does not encode directory names before display
tested on:
24.03-RELEASE (amd64)
built on Wed Apr 24 17:38:00 UTC 2024
FreeBSD 15.0-CURRENT
patch fixes the issue Georgiy Tyutyunnik
01:28 PM Revision ba6d806b: Remove ripgrep since we are not using it
Brad Davis
02:42 AM pfSense Plus Bug #14968: Google LDAP fail to bind
Customer in ticket 2768927031 running into this issue. Kris Phillips
12:32 AM Feature #13293: Option to set auth-gen-token in OpenVPN GUI
I agree. This specific issue drove me crazy. No mention of --auth-gen-token in the pfsense documentation. Sean Scarfo

05/29/2024

07:49 PM Revision 3e28d716: Clean up rule generation code for state-tracking options
Improve readability and make it easier to adjust for future changes. Marcos M
07:47 PM Revision 66344dc6: Fix checkbox always being unchecked on page load
For the GUI option introduced in #15430 Marcos M
07:18 PM pfSense Docs Todo #15510 (Closed): Certificate Management navigation breadcrumbs
There are a lot more references than the ones linked there, but I have updated them all now (except for some historic... Jim Pingle
07:13 PM Bug #15508: pfSense breaks after changing System Domain Local Zone Type to Redirect if host overrides or static DHCP leases exist
Please reach out to me on my email. I will either clone the system for you or I can give you access to my system if w... Lukáš Mojžíš
06:52 PM Bug #15508 (Rejected): pfSense breaks after changing System Domain Local Zone Type to Redirect if host overrides or static DHCP leases exist
I cannot reproduce this as stated. I can switch back and forth without error even with static entries present. Possib... Jim Pingle
06:27 PM pfSense Docs Todo #15524 (Closed): Feedback on Installing and Upgrading — Upgrade Guide — Upgrade Process Overview
Yes, that is how it used to operate previously. That section is a summary/overview not a complete list of steps so it... Jim Pingle
02:13 PM pfSense Docs Todo #15524 (Closed): Feedback on Installing and Upgrading — Upgrade Guide — Upgrade Process Overview
*Page:* https://docs.netgate.com/pfsense/en/latest/install/upgrade-guide-overview.html
*Feedback:* This is a minor... David Myers
05:10 PM Bug #15525 (Feedback): File browser on ``diag_edit.php`` does not encode directory names before display
Applied in changeset commit:33f2ad2414b8a1246d511523b4ec0b67bbb224da. Jim Pingle
04:36 PM Bug #15525 (Resolved): File browser on ``diag_edit.php`` does not encode directory names before display
The file browser on @diag_edit.php@ does not encode directory names before display
Similar to #13262 which fixed p... Jim Pingle
05:10 PM Regression #15430 (Feedback): Interface-bound state policy does not handle IPsec VTI traffic as expected when filtering on ``enc0`` interface
Applied in changeset commit:e254aea45c3694ff280247be7670421b86d5bb31. Marcos M
04:49 PM pfSense Plus Feature #14743: Add Passkey/Certificate-based Authentication
UPVOTE THIS
Nowadays with numbers of hacking attacks rapidly increasing each day, securing the access to firewall ... Sergei Shablovsky
04:48 PM Feature #15244: Modern authentication via FIDO2 for local account authentication
UPVOTE THIS
Nowadays with numbers of hacking attacks rapidly increasing each day, securing the access to firewall ... Sergei Shablovsky
04:36 PM Revision 33f2ad24: Encode dir names in browser.php. Fixes #15525
Jim Pingle
01:20 PM Bug #8882: Interface assignments lost on reboot
I can also confirm the same issue. But the issue come when you use a backup file from a vmware Pfsense and use the sa... Eivind Engberg

05/28/2024

08:12 PM Feature #14208: Automatic Split-DNS for 1:1 NAT
I just rebased the PR. It would be great if it can be merged so I don't have to keep doing that. Yehuda Katz
06:52 PM pfSense Plus Bug #15196: AWS ena interfaces can become unstable/stop responding
Update from the user who provided us the dtrace outputs (HS# 2718685720)
> Hi, just an update. I changed EC2 type ... Craig Coonrad
06:09 PM Revision e254aea4: Automatically use floating states for IPsec rules. Fix #15430
Marcos M
12:57 PM pfSense Plus Feature #15523: Allow to set a password policy for users in the local database
It's something we may expand on in the future, the framework is in place to do it now, but it would require creating ... Jim Pingle
12:55 PM Feature #15513 (Rejected): Separate the branch settings for package and system updates
This is already close to how it works now on current releases. The update check does not alter the branch used for an... Jim Pingle
12:51 PM pfSense Packages Bug #15517 (Rejected): WireGuard not responding to the handshake from the same port
This is almost certainly due to a misconfiguration such as applying outbound NAT on traffic generated from the firewa... Jim Pingle
12:37 PM Bug #13565 (Closed): LOR on Boot for Static Routes Startup Item in KVM environment
Jim Pingle
12:37 PM pfSense Plus Feature #15506 (Duplicate): GEOM mirrors from previous UFS installs break ability to install with ZFS RAIDZ1 "No Disks Available"
Already covered by internal issue 12393 Jim Pingle
12:32 PM Feature #15504 (Duplicate): PPPoE support for online installer
This is already being tracked internally and is coming in the next installer release, it's already in our internal te... Jim Pingle

05/27/2024

11:51 AM pfSense Plus Feature #15523 (New): Allow to set a password policy for users in the local database
It would be great if we can set password requirements for the local users like minimun lenght and complexity at less.... Javier Herrera

05/26/2024

11:57 PM pfSense Packages Bug #14556: Tailscale dropping routes from FIB
Update 5/26, regarding the ping from pf1 to pf2 (or vice versa), I notice this only gets a successful reply when usin... Matt Keys
06:42 AM pfSense Docs Todo #15522 (Closed): Feedback on Routing — Gateway Groups
*Page:* https://docs.netgate.com/pfsense/en/latest/routing/gateway-groups.html
*Feedback:*
Sentence "Gateway grou... Seb M
03:01 AM Bug #15178: ACB (autoconfig backup) restore always returns could not decrypt despite proper password
still experiencing this but I've found some newer test backups I've made don't seem to trigger the issue Jordan G
01:51 AM pfSense Docs Todo #15521 (Closed): Add alert to use single quotes as escape characters when decrypting config.xml using OpenSSL on command line
https://docs.netgate.com/pfsense/en/latest/backup/restore.html#encrypted-configuration-files
A password such as @ ... Chris W
01:43 AM Feature #15464: Allow Installer to install CE even if NDI detects as Plus
This is a confirmed issue. I believe this will be resolved in the next version of the installer. Kris Phillips
01:41 AM pfSense Packages Feature #14712: CrowdSec package
There are recent requests for an update on this redmine: https://www.reddit.com/r/PFSENSE/comments/1cz0bsh/pfsense_of... Kris Phillips
12:48 AM pfSense Packages Feature #15501 (Rejected): Squid COSS filesystem
Squid is deprecated in pfSense, so any fixes or feature adds are unlikely to occur.
Marking redmine as Rejected. Kris Phillips
12:44 AM Feature #15513: Separate the branch settings for package and system updates
This is a duplicate of the non-public, Netgate redmine 7479. Kris Phillips
12:41 AM pfSense Packages Bug #15517 (Incomplete): WireGuard not responding to the handshake from the same port
Which side of this packet capture is the pfSense side and what is on the other side? There isn't enough details in t... Kris Phillips
12:26 AM Bug #15452: Unexpected/Undefined behaviour of disabled interfaces
possible to provide the ability to configure MTU for (a) LAGG specifically, when also configuring the other parameter... Jordan G

05/25/2024

11:56 PM Bug #15493: Kea sometimes provides an IP from the DHCP pool despite static mappings
confirmed, also experiencing this behavior with 24.03 - Changing the IP or creating a new reservation does not always... Jordan G
11:25 PM Regression #15094: Updates fail against an authenticated upstream proxy
Tickets 2616976047 and 2698680909 both are regarding this issue. Kris Phillips
10:49 PM pfSense Plus Feature #15506 (Confirmed): GEOM mirrors from previous UFS installs break ability to install with ZFS RAIDZ1 "No Disks Available"
Confirmed. Having this automated would make the install smoother. Christopher Cope
05:33 PM pfSense Plus Bug #15509 (Not a Bug): Debian OpenVPN client breaks the connections
Christopher Cope
04:54 PM Bug #15516: Per-rule byte counter values lost across a filter reload
Just to add another data point, as I mentioned in https://forum.netgate.com/topic/188336/firewall-rule-counters-max-s... Steve Y
04:25 PM Bug #5413: Reduce disruptions when changing DNS records from DHCP leases in Unbound
Any further updates on this? Jay Sols
12:25 PM Bug #15519 (New): Limiter dynamic child queue applied twice when traffic passes out of bound OpenVPN interface with NAT
Setup:
* Limiter is set up with child queues that have a /32 source mask applied - parent limiter is set to 100mbp... Ivan Konash
08:53 AM Bug #15518 (Confirmed): Kea does not send configured TFTP server name
I can confirm this behavior on 24.03. The Lev's workaround works. Danilo Zrenjanin
06:29 AM Bug #15518: Kea does not send configured TFTP server name
I can confirm this behavior on 24.03, I was able to fix it by adding the string "code": 66 in the config
Example:
... Lev Prokofev
05:27 AM Bug #15518 (Resolved): Kea does not send configured TFTP server name
I've a working environment with ISC dhcp server booting a raspberry pi over network. When switching to KEA dhcp the "... Martin Hengesbach
06:35 AM Feature #15321: Kea DHCP Custom Configuration Support (IPv4 and IPv6)
Below is an example of possible options with the right syntax:
https://github.com/isc-projects/kea/blob/master/doc... Lev Prokofev
03:06 AM pfSense Packages Bug #15517 (Rejected): WireGuard not responding to the handshake from the same port
Hello everyone,
I am seeing an issue with WireGuard responding from a different port for the Handshake response. T... Karl Kastr
12:02 AM Regression #15430 (Pull Request Review): Interface-bound state policy does not handle IPsec VTI traffic as expected when filtering on ``enc0`` interface
We can try to work around the issue until #8686 is resolved.
https://gitlab.netgate.com/pfSense/pfSense/-/merge_reque... Marcos M

05/24/2024

11:13 PM Bug #15516 (Resolved): Per-rule byte counter values lost across a filter reload
In some situations the byte counter reported by pfctl is not retained correctly across a filter reload.
It appears... Steve Wheeler
09:13 PM pfSense Docs Todo #15515 (Closed): Feedback on pfSense® software Configuration Recipes — WireGuard Site-to-Multisite VPN Configuration Example
*Page:* https://docs.netgate.com/pfsense/en/latest/recipes/wireguard-s2ms.html
*Feedback:*
Hi
you are propo... NIKOLAOS NIKOU
06:54 PM Todo #15429: Clarify descriptions for gateway recovery options
Thanks for the feedback! I do think the various related settings could use rewording and restructuring for clarificat... Marcos M
06:14 PM Bug #14083 (Resolved): Adding MSS and MTU values on a LAGG VLAN interface breaks connectivity
Marcos M
06:13 PM Bug #15502 (Resolved): Proxy variables in ``crontab`` contents are improperly formatted
Marcos M
06:11 PM Revision 74ad34bc: Avoid configuration loop with LAGG interfaces. Fix #14083
The fix to #9453 introduced a loop when configuring LAGG interfaces.
This happens when interface_lagg_configure() ult... Marcos M
06:06 PM pfSense Plus Bug #15511 (Resolved): Factory resetting the configuration removes WireGuard
Marcos M
04:02 PM pfSense Plus Bug #15511 (Feedback): Factory resetting the configuration removes WireGuard
The WireGuard package is now in the list of installed packages and won't be removed on the factory reset. Luiz Souza
05:25 PM Revision 4b9165e5: Default to an empty array for functions expecting a countable value
Do this for foreach() and count(). Marcos M
03:18 PM Revision 4eddd5ab: Correct default for 'system/acb' in write_config() to empty array instead of null
Reid Linnemann
10:34 AM Bug #14977: Kea fails to restart due to race between process termination and startup
Following up on forum post https://forum.netgate.com/topic/188337/
I am reporting this same issue. I've been using... Ricardo Mendes
07:13 AM pfSense Packages Bug #8197 (Resolved): BIND UI fails to properly update zone with inline DNSSEC signing enabled
I've tested it on 21.02.2 and on latest 24.03
I was able to reproduce this issue on 21.02.2 (BIND 9.16_17) - BIND ... Azamat Khakimyanov

05/23/2024

11:36 PM pfSense Docs Correction #15514 (Closed): Add Netgate 4200 Pre-POST Light States
The Netgate 4200 has a solid orange light while POST'ing before it reaches the boot up process. This is not document... Kris Phillips
08:24 PM Feature #15513 (Rejected): Separate the branch settings for package and system updates
Currently, the repo branch is used for both packages and system updates. The branch must be set to match the currentl... Andrew Almond
08:07 PM Feature #15476: Allow listing and switching repo branches from the CLI
The ability to change repo branches via CLI would be very useful, as we're looking to script the upgrade process acro... Andrew Almond
05:37 PM Revision 63d6bb4f: Update all direct config access with accessor functions
Marcos M
05:37 PM Revision 9f0e98bc: Refactor config upgrade to use config accessors
Marcos M
05:37 PM Revision 40052af4: Use config accessors in traffic shaper functions
Marcos M
05:37 PM Revision 26308930: Use config accessors in certificate functions
Marcos M
05:37 PM Revision 1bb9c407: Use config accessors in users and groups functions
Marcos M
05:37 PM Revision 6cbdf0e7: Remove potential direct config references when displaying form rows
The first eval() change removes the reference and has no functional
effect given that $pkg_source_txt is not modified... Marcos M
05:37 PM Revision 816fef25: Move to is_platform_booting()
The function platform_booting() is deprecated. Marcos M
05:37 PM Revision 134a8703: Move from ${var} to {$var}
The use of ${var} has been deprecated since PHP 8.2 Marcos M
05:37 PM Revision cafdc4a8: Move to date()
The function strftime() is deprecated since PHP 8.2 Marcos M
05:37 PM Revision 4c6b85be: Move to mb_convert_encoding()
The functions utf8_encode()/utf8_decode() are deprecated since PHP 8.2 Marcos M
05:37 PM Revision c1db4dea: Move to str_replace()
The function ereg_replace() is deprecated since PHP 5.3. Marcos M
05:37 PM Revision bd6f0b80: Move to preg_match()
The function ereg() is deprecated since PHP 5.3. Marcos M
05:37 PM Revision e2b0f1f8: Move to foreach()
The function each() is deprecated since PHP 7.2. Marcos M
05:37 PM Revision 189dbb7a: Move to password_hash()
Use of crypt() requires a salt since PHP 8.0. Use password_hash() to align with 8ddf2b5. Marcos M
05:37 PM Revision 2a02ef36: Remove superfluous argument
The product label was mistakenly separated in 573ec19. Now simply remove it. Marcos M
05:37 PM Revision 787a9938: Remove superfluous function arguments
Added in 0eae38c Marcos M
05:37 PM Revision 1123725d: Correctly detect changed settings
Marcos M
05:37 PM Revision fe918db8: Return a value in convert_openvpn_interface_to_friendly_descr()
Calls to this function expect a return value which is then echo'd. Marcos M
05:37 PM Revision 4ef3bed6: Correctly set duplicates limit in forms
Marcos M
05:37 PM Revision bf3d5a8a: Fix missing variable assignment in 22dbacd
Marcos M
05:37 PM Revision ad78dab5: Fix missed changes in f593f80
The argument being removed was previously used to retrieve optX
interfaces; this no longer applies. Marcos M
05:37 PM Revision b44b34d6: Fix missed changes in 0e2bed2
The "level" is determined automatically by the function. Marcos M
05:37 PM Revision f4c1a890: Fix missed changes in c618897
The function parameter was removed since it was not used. Marcos M
05:37 PM Revision 8c34ed68: Fix missed changes in 015a482
The IP Protocol is now determined automatically be the function. Marcos M
05:37 PM Revision 8eab4c32: Fix missed changes in 2aafa69
The direct value is now used instead of the constant variable. Marcos M
05:37 PM Revision 0ae0babf: Fix missed changes in the transition from ipfw to pf
Marcos M
05:37 PM Revision 1ec82c30: Fix typos and copy/paste issues
Issues found by the PHP linter mostly include typos and usage of
unassigned variables. To address these, traverse the... Marcos M
05:37 PM Revision d900b9d4: Fix PHP linter issues
Marcos M
05:37 PM Revision 01258f1e: Support adding to an array in array_set_path()
- Avoid infinite loop with empty paths.
- Support setting $value to the $arr root.
- If $path contains a trailing for... Marcos M
12:52 PM Bug #14083: Adding MSS and MTU values on a LAGG VLAN interface breaks connectivity
The client confirmed that the patch solves the issue #2754566672 Lev Prokofev
09:24 AM pfSense Plus Bug #15196: AWS ena interfaces can become unstable/stop responding
Okay, that would seem to indicate that we're not spending our CPU time in the ena driver. That's a bit unexpected, gi... Kristof Provost
03:45 AM pfSense Plus Bug #15196: AWS ena interfaces can become unstable/stop responding
Here's another dtrace from HS# 2718685720.
I'm not sure if this will be helpful or much different than the previou... Craig Coonrad
08:14 AM pfSense Plus Bug #15511: Factory resetting the configuration removes WireGuard
I couldn't reproduce this.
Tested against:
23.09
23.09.1
24.03
Is there any other specific configuration set... Danilo Zrenjanin

05/22/2024

10:06 PM Bug #14434: PPPoE WAN interface with VIPs causes continuous interface restarting
This appears to be fixed in 24.03. At least in my test setup. Can anyone who was seeing this in 23.09.1 confirm that ... Steve Wheeler
08:15 PM Bug #14434: PPPoE WAN interface with VIPs causes continuous interface restarting
I thought I would add another confirmation: I have the same symptoms on upgrade from 2.6.0 to 2.7.0
I too am using... Pete Holzmann
01:37 PM Bug #15502: Proxy variables in ``crontab`` contents are improperly formatted
tested on:
2.7.2-RELEASE (amd64)
built on Wed Dec 6 20:10:00 UTC 2023
FreeBSD 14.0-CURRENT
patch fixes the issue Georgiy Tyutyunnik
12:14 PM Feature #9617: PPPoE Static IP Configuration in GUI
I had a go at doing this, and it didn't seem to work for me, I got some other address from the ISP.
My config alre... Goat Moat
11:36 AM Feature #6626: Support for IPv6 firewall entries with dynamic delegated prefix and static host address
In addition to the previous commit, which introduced the basic ability to auto build rules on-top of dynamic prefixes... Jan-Jonas Sämann
02:22 AM pfSense Plus Bug #15196: AWS ena interfaces can become unstable/stop responding
I looked at the status output for the same case that included the dtrace. It involves high CPU and loss of network. (... Craig Coonrad
12:00 AM Bug #15411: Hostname missing from logs in certain cases can cause the system log to display in an unexpected manner
Had a customer encounter this, restarting firewall and syslogd didn't do it. Changing the lines from 2000 to 500 seem... dylan mendez

05/21/2024

07:08 PM Regression #15470: Port forward rules created by ``miniupnpd`` do not expire
Steve Wheeler wrote in #note-5:
> It's not something that can be patched at runtime but an updated pkg is available ... Bob Dig
06:42 PM Regression #15470: Port forward rules created by ``miniupnpd`` do not expire
It's not something that can be patched at runtime but an updated pkg is available in 24.03:... Steve Wheeler
04:39 PM Regression #15470: Port forward rules created by ``miniupnpd`` do not expire
Marcos M wrote in #note-3:
> With the fix, port mappings correctly automatically expire and can be removed on client... Bob Dig
04:32 PM Feature #15512 (New): Outbound NAT is missing "interface" and "Invert match" as source
Outbound NAT is missing interface and Invert match as source.

With both available, one could easily create outbou... Bob Dig
02:57 PM Regression #15094: Updates fail against an authenticated upstream proxy
Fixed upstream, will be in the next pkg release Brad Davis
02:23 PM Revision 0c1496a4: With pkg switching to curl the format of the auth string has changed
Brad Davis
12:38 PM pfSense Plus Bug #15196: AWS ena interfaces can become unstable/stop responding
This was on a VM that was manifesting the problem (i.e. elevated CPU use and loss of connectivity) at the time the dt... Kristof Provost

05/20/2024

11:56 PM pfSense Plus Bug #15511 (Closed): Factory resetting the configuration removes WireGuard
Resetting the configuration to factory defaults removes the WireGuard package. This package should be kept given that... Marcos M
11:08 AM pfSense Plus Bug #15509: Debian OpenVPN client breaks the connections
Sorry, was problem with network. Evgeny Korostelev
05:19 AM pfSense Plus Bug #15509 (Not a Bug): Debian OpenVPN client breaks the connections
After applying patch https://redmine.pfsense.org/issues/15440, the OpenVPN client on Debian 11 breaks the connection ... Evgeny Korostelev
10:06 AM pfSense Docs Todo #15510 (Closed): Certificate Management navigation breadcrumbs
*Page:* https://docs.netgate.com/pfsense/en/latest/certificates/index.html
*Feedback:* The navigation breadcrumbs ... Jared Silva
 

Also available in: Atom