Project

General

Profile

Activity

From 07/25/2024 to 08/23/2024

08/23/2024

06:28 PM Regression #15669 (Resolved): Static routes using null gateways are not installed
Marcos M
03:33 PM Regression #15669: Static routes using null gateways are not installed
can't reproduce on the dev, seems to be fixed
tested on:
Version 24.08-DEVELOPMENT (amd64)
built on Fri Aug 23 8:0... Georgiy Tyutyunnik
05:12 PM pfSense Plus Bug #15675: IPv4 Prefixes with IPv6 Next Hops only show one of two Next Hops for Equal Cost Multipath
Customer in ticket 2998961236 is asking for an update on this redmine and if there is a workaround. Kris Phillips
04:01 PM pfSense Plus Regression #15690: pfSense doesn't send gateway event notifications
The issue exists in the 24.08... Lev Prokofev
11:15 AM pfSense Plus Regression #15690 (New): pfSense doesn't send gateway event notifications
tested on ... Lev Prokofev
03:58 PM Bug #15684 (Feedback): Panic in ``tcp_m_copym`` with selective ACK enabled
Jim Pingle
01:44 PM Bug #15684: Panic in ``tcp_m_copym`` with selective ACK enabled
I think I know what's happening here. I'm only 95% sure, but it matches all observations.
It's an issue that's kno... Kristof Provost
12:30 PM Bug #15684: Panic in ``tcp_m_copym`` with selective ACK enabled
I have set `net.inet.tcp.sack.enable=0` through System Tuneables on both Units and will report back if the crash occu... Christian Bönning
12:23 PM Bug #15684: Panic in ``tcp_m_copym`` with selective ACK enabled
The core dump confirms what I suspected from the initial report, in that tcp_m_copym() got called with a NULL mbuf. T... Kristof Provost
03:23 PM Feature #15691 (Rejected): Simplifying use of external SWAP within GUI
No, the use of large swap volumes is discouraged in general, as is external storage. A little swap can be useful, but... Jim Pingle
03:17 PM Feature #15691: Simplifying use of external SWAP within GUI
Just to help with understanding, I now can update Snort and ClamAV at the same time and nothing is terminated because... Jonathan Lee
03:15 PM Feature #15691: Simplifying use of external SWAP within GUI
Currently the process to set this up it requires finding the drive mounting it and partitioning it, after changing th... Jonathan Lee
03:13 PM Feature #15691 (Rejected): Simplifying use of external SWAP within GUI
Is there anyway to simplify the swap configuration for an everyday user, and or to make it easier? Thus someone just ... Jonathan Lee
03:54 AM Bug #12747: Restarting the logging daemon during rotation also restarts ``sshguard``, leading to frequent log messages
Make sure to reboot after applying the patches. Marcos M
03:47 AM Revision d64256a5: Don't restart sshguard when the syslogd service is restarted
Marcos M

08/22/2024

03:56 PM Bug #15684: Panic in ``tcp_m_copym`` with selective ACK enabled
Great we have that and it looks promising. Steve Wheeler
11:15 AM Bug #15684: Panic in ``tcp_m_copym`` with selective ACK enabled
It failed for a switch of WAN Connections I was using.
I uploaded it again as a gzipped version (179848383 bytes)... Christian Bönning
10:58 AM Bug #15684: Panic in ``tcp_m_copym`` with selective ACK enabled
Hmm, not seeing it nextcloud on this side. How did it fail the first time? What size is it? Steve Wheeler
09:31 AM Bug #15684: Panic in ``tcp_m_copym`` with selective ACK enabled
Upload completed with 2nd attempt.
sha1sum of the uploaded file should be the following:
bfe8b2f2cccb7823fcb4b775... Christian Bönning
09:10 AM Bug #15684: Panic in ``tcp_m_copym`` with selective ACK enabled
Excellent. Here we go:
https://nc.netgate.com/nextcloud/s/k6CLjPKRKKaPt5C Steve Wheeler
08:26 AM Bug #15684: Panic in ``tcp_m_copym`` with selective ACK enabled
We have a `vmcore` produced with a crash which occurred earlier today. Can you share a Nextcloud Link so I can provi... Christian Bönning
03:16 PM Bug #12747 (Feedback): Restarting the logging daemon during rotation also restarts ``sshguard``, leading to frequent log messages
Danilo Zrenjanin
03:01 PM Bug #12747 (Resolved): Restarting the logging daemon during rotation also restarts ``sshguard``, leading to frequent log messages
I was able to reproduce the issue on 24.03.
After applying the patch, I got the same results. ... Danilo Zrenjanin
10:16 AM Feature #15689 (New): Nice to have option to customize top panel logo e.g. to add County flag or Company logo.
We have several PFSense clusters in different countries. Sometimes it is hard to identify correct one in browser's op... Vyacheslav Livankin
08:37 AM pfSense Plus Bug #15688 (Confirmed): inverse on graph shows number as Bytes without converting to KB or MB or GB or TB, etc. on mouse over
I can confirm this behavior on 24.03.
Status_Traffic_Totals 2.3.2_4
!clipboard-202408221037-jv5fa.png!
 Danilo Zrenjanin

08/21/2024

10:11 PM Revision dc459dc9: Config access regression in general setup
Marcos M
08:24 PM Bug #12747 (Feedback): Restarting the logging daemon during rotation also restarts ``sshguard``, leading to frequent log messages
With commit:f32dca244955da9007e1bc75801d486b5f70352e sshguard now monitors auth.log directly instead of relying on sy... Marcos M
08:18 PM Revision f32dca24: Stop sshguard spam in system logs. Fix #12747
Instead of restarting sshguard with each log rotation, keep it running
separately while monitoring the auth log file.... Marcos M
06:43 PM pfSense Plus Bug #15688 (Confirmed): inverse on graph shows number as Bytes without converting to KB or MB or GB or TB, etc. on mouse over
When using inverse for say the stacked bar graph for traffic totals in the traffic totals package.
See this thread... JohnPoz _
06:38 PM Regression #15687 (Resolved): ``sshguard`` is not properly detecting GUI login failures
Fix was picked back to 24.03 and it's working there, too.
 Jim Pingle
02:28 PM Regression #15687: ``sshguard`` is not properly detecting GUI login failures
Fix works well on Plus 24.08 and CE 2.8.0 snapshots.
Next is picking it back to 24.03 and testing there.
No nee... Jim Pingle
03:00 PM Bug #15684: Panic in ``tcp_m_copym`` with selective ACK enabled
Minutes after rebooting the secondary unit (another Netgate 1537) to enable "full core dump mode" the primary unit on... Christian Bönning
08:57 AM Bug #15684: Panic in ``tcp_m_copym`` with selective ACK enabled
Our Netgate 1537 crashed earlier today. In `/var/crash` however there's only `bounds`, `info.0` as well as `textdump.... Christian Bönning
06:49 AM pfSense Packages Regression #15623 (Resolved): FRR does not load kernel routes at startup
After upgrading FRR to 2.0.2_4, the kernel routes appeared again.
I am marking this ticket as resolved. Danilo Zrenjanin

08/20/2024

08:36 PM pfSense Packages Todo #15683 (Resolved): Fix for vulnerabilities CVE-2024-31950 CVE-2024-31951 in frr
9.1.1 is in the repos now. Brad Davis
05:35 PM Bug #15684: Panic in ``tcp_m_copym`` with selective ACK enabled
To move forward we need a full core dump from a system hitting the bug. If anyone can setup their to provide that ple... Steve Wheeler
12:13 PM Regression #15687 (Ready To Test): ``sshguard`` is not properly detecting GUI login failures
I've re-added the 'webConfigurator authentication error for user' patch in sshguard. Kristof Provost
06:27 AM pfSense Packages Feature #15397: Wazuh Agent
i also would ask for adding the wazuh agent to the packages as it is available already in the BSD Repos the effort se... Matthias Donner

08/19/2024

04:09 PM pfSense Packages Regression #15623 (Feedback): FRR does not load kernel routes at startup
The new FRR version is now available in 24.03. It can be pulled in by running @pfSense-upgrade@ from the CLI. Marcos M
02:06 PM Regression #15687 (Resolved): ``sshguard`` is not properly detecting GUI login failures
The @sshguard@ daemon isn't triggering blocks for GUI authentication failures.
The patch that adds the login strin... Jim Pingle
12:19 AM Feature #15686 (New): Add Host Alias when mapping Static IP
Please consider a feature to add/modify an associated host alias in the firewall when creating a static IP on the DCH... J G

08/18/2024

12:57 AM Bug #15643: Deleting one pre-installed package may delete other pre-installed packages
I am able to successfully remove individual pre-installed packages on 24.08.a.20240814.1541 build Jordan G

08/17/2024

07:05 PM Feature #15670 (Confirmed): Link with packet loss, put link on hold on the gateway group.
The packet loss percentage, for what is considered low and high loss, can be adjusted per gateway. System > Routing a... Christopher Cope
06:43 PM Bug #12747: Restarting the logging daemon during rotation also restarts ``sshguard``, leading to frequent log messages
Marcos M wrote in #note-18:
> Here's a patch for 24.03 for testing:
> {{collapse
> [...]
> }}
>
> Apply then reboot.... Christopher Cope
05:24 PM Bug #12747 (Ready To Test): Restarting the logging daemon during rotation also restarts ``sshguard``, leading to frequent log messages
Here's a patch for 24.03 for testing:
Apply then reboot. Marcos M

08/16/2024

02:40 PM pfSense Packages Regression #15623: FRR does not load kernel routes at startup
Outstanding work. Thank you Kristof Mike Moore
12:16 PM pfSense Packages Regression #15623: FRR does not load kernel routes at startup
I've opened https://github.com/FRRouting/frr/pull/16597 with FRR with the fix.
The short version is that FRR made ... Kristof Provost

08/15/2024

09:23 PM Regression #15669 (Feedback): Static routes using null gateways are not installed
Fixed in https://github.com/pfsense/pfsense/commit/2476993c03d6844268639825d431ff5218f169af Marcos M
05:58 PM Revision 485fe02d: Introduce parse_config() and init_config_arr() stubs for backwards compatibility
Clarify comment while there. Marcos M
04:04 PM Bug #15685 (Resolved): Mobile IPsec does not automatically switch to failover gateway
After failing over to a backup WAN interface, the clients were unable to connect using the backup WAN's IP address. U... Danilo Zrenjanin
03:18 PM Bug #15684: Panic in ``tcp_m_copym`` with selective ACK enabled
Customer hit this issue, ticket for reference #3053406835 Lev Prokofev
01:16 PM Bug #15684: Panic in ``tcp_m_copym`` with selective ACK enabled
Hitting this in 24.03 Steve Wheeler
01:12 PM Bug #15684 (Resolved): Panic in ``tcp_m_copym`` with selective ACK enabled
In some situations pfSense panics with:... Steve Wheeler
01:14 PM pfSense Packages Bug #15618 (Duplicate): HAproxy causes system panic
This appears to be unrelated to HAProxy directly. Simply that it's more likely to occur when HAProxy is running. See:... Steve Wheeler

08/14/2024

05:42 PM pfSense Docs Correction #15682 (Closed): VPN Scaling
Yeah that should be compression. I pushed a fix, it'll be live in a couple minutes when it finishes building.
Than... Jim Pingle
12:40 PM pfSense Docs Correction #15682 (Closed): VPN Scaling
This has to be corrected:
Disabling encryption will mitigate that attack
correct:
Disabling *compression* will mit... Bob Dig
03:50 PM pfSense Packages Regression #15623: FRR does not load kernel routes at startup
Can confirm after install of 9.0.3 on my SG-6100, kernal default route is back.
## Before ##
K>* 1.0.0.1/32 [0... Mike Moore
02:10 PM pfSense Packages Todo #15683 (Resolved): Fix for vulnerabilities CVE-2024-31950 CVE-2024-31951 in frr
Current stable-version frr9.1_2 is reported to have the following vulnerabilities:
CVE-2024-31950
CVE-2024-31951
... Georgiy Tyutyunnik
04:02 AM Revision b1e0e393: Minor cleanup
Marcos M

08/13/2024

09:39 PM Revision 0a575039: Move to CURLINFO_RESPONSE_CODE
As of cURL 7.10.8, CURLINFO_HTTP_CODE is a legacy alias of
CURLINFO_RESPONSE_CODE. Marcos M
09:32 PM pfSense Packages Regression #15623 (Needs Patch): FRR does not load kernel routes at startup
There are two potentially different issues here:
* OSPF-learned default routes do not get redistributed
* OSPF(?) def... Marcos M
02:53 PM Feature #15681 (New): Interface uptime
Maybe under Status > Interfaces , provide the ability to show how long the port has been up.
As a router / firewall ... Mike Moore

08/12/2024

04:56 PM Bug #15665: Download Limit Issue
Unable to replicate issue with known good configuration on pfSense CE 2.7.2 or pfSense Plus 24.08-development.
 dylan mendez
04:53 PM Bug #15676: OpenVPN not rendering alises in "IPv4 Local network" setting.
I'm unable to reproduce this issue on pfSense CE 2.7.2.
 dylan mendez
01:57 PM Revision 1b06d5ed: Fix function declaration in config_read_file()
Marcos M
12:46 PM pfSense Packages Bug #15680: replace sysutils/devcpu-data microcode package with sysutils/cpu-microcode
Ok, thank you. Chris Collins
12:14 PM pfSense Packages Bug #15680 (Rejected): replace sysutils/devcpu-data microcode package with sysutils/cpu-microcode
It's already switched in the tree and in snapshots, so there is nothing more to do here.
 Jim Pingle
06:49 AM pfSense Packages Bug #15680 (Rejected): replace sysutils/devcpu-data microcode package with sysutils/cpu-microcode
Upstream FreeBSD has abandoned sysutils/devcpu-data, pfSense has the latest version of that installed in 2.7.2 commun... Chris Collins
12:13 AM Revision af909d61: Refactor config file reading and recovery
config_read_file():
- Refactor to adapt code from parse_config(), parse_config_bootup(),
and write_config().
- Don'... Marcos M

08/11/2024

04:29 PM Bug #15679 (Resolved): Multicast with intel NIC
Since pfSense 2.7.1, in systems with intel X710 netork card, multicast is not working anymore.
By using a multicast ... Max Pal
02:30 AM Bug #15178 (Resolved): ACB (autoconfig backup) restore always returns could not decrypt despite proper password
Jordan G
02:28 AM Bug #15178: ACB (autoconfig backup) restore always returns could not decrypt despite proper password
older backups seem to be fine in testing with 24.03, have not been able to reproduce on current release Jordan G

08/10/2024

10:45 PM pfSense Docs Correction #15678 (New): Update IPsec documentation
Until redmine 14483 is rectified please add a note in the documentation where it states that any changes to any IPsec... Mike Moore
05:09 AM Bug #15110: pfSense hangs when rebooting
Ran into the same issue today on a 6100.
The internal storage was no longer detected after a power outage, so we ins... Andrew Almond

08/09/2024

07:23 PM pfSense Packages Feature #9141: FRR xmlrpc
Just following up to see if there is any progress.
In theory there isn’t really a good reason to not have the config... Mike Moore
12:15 PM pfSense Docs Todo #15677 (Rejected): Feedback on pfSense® software Configuration Recipes — IPsec Remote Access VPN Example Using IKEv2 with EAP-MSCHAPv2
It's used in the recipe because some operating systems still use it by default when you configure clients using the n... Jim Pingle
09:43 AM Bug #15676: OpenVPN not rendering alises in "IPv4 Local network" setting.
Thanks for your answer Marcos. Just a couple of questions:
- is there an ETA for this fix to be released on CE ?
... Matteo Capuano

08/08/2024

10:00 PM Bug #15676 (Feedback): OpenVPN not rendering alises in "IPv4 Local network" setting.
It seems like this has already been fixed - it's not reproducible in 24.08-dev. Marcos M
02:01 PM Bug #15676: OpenVPN not rendering alises in "IPv4 Local network" setting.
Here the relevant, and wrong, lines from config.ovpn after reboot:... Matteo Capuano
10:02 AM Bug #15676 (Resolved): OpenVPN not rendering alises in "IPv4 Local network" setting.
When using network aliases in "IPV4 Local network" OpenVPN setting, they are not rendered and they are sent to client... Matteo Capuano
09:51 PM pfSense Docs Todo #15677 (Rejected): Feedback on pfSense® software Configuration Recipes — IPsec Remote Access VPN Example Using IKEv2 with EAP-MSCHAPv2
*Page:* https://docs.netgate.com/pfsense/en/latest/recipes/ipsec-mobile-ikev2-eap-mschapv2.html
*Feedback:*
re:... Steve Y
08:41 PM Revision 735b7681: Introduce explicit config file read/write functions
Marcos M
08:26 PM Revision 05d01515: Be more explicit about config locks
Introduce config lock in encrypted_configxml() and restore_backup().
Remove config lock from parse_config() and pars... Marcos M
08:04 PM Revision 2476993c: Fix null gateways being ignored
Marcos M
12:43 PM Feature #14483: Conditionally reconfigure IPsec VTI interfaces only when necessary while applying IPsec changes
Is there a patch or a dev build i can try if there is a fix for this? Mike Moore
02:15 AM pfSense Plus Bug #15675 (New): IPv4 Prefixes with IPv6 Next Hops only show one of two Next Hops for Equal Cost Multipath
When configuring FRR to utilize ECMP with IPv6 next hops in BGP for IPv4 prefixes, only one of the next hops will be ... Kris Phillips

08/07/2024

03:02 PM pfSense Packages Feature #15674 (Resolved): Support custom IP and Port variables for interfaces
Add the ability for the user to enter their own custom server and port variables on the Suricata define variables pag... Graham Collinson
01:19 PM pfSense Packages Feature #11206 (Closed): FRR 7.5
Jim Pingle
04:48 AM pfSense Packages Feature #11206: FRR 7.5
I see that Ben is no longer logging in?
Login: bmh.01
Registered on: 10/04/2018
Last connection: 02/24/2021
Can s... Gavin Owen
01:16 PM Todo #15666: Kea dhcp - enable run_script hook plugin
Implementing this turned out not to be too difficult:
https://github.com/pfsense/pfsense/pull/4693 Rob Heat
09:22 AM Bug #15671 (Resolved): Setting the Port Forward interface to an interface group selects an invalid destination
I was able to replicate this behavior on 24.03.
The issue is resolved on the latest 24.08 Development build.
... Danilo Zrenjanin
04:59 AM pfSense Packages Regression #15623: FRR does not load kernel routes at startup
I too am affected by this issue (being the original poster on the forums), and can't upgrade to 24.03 because of it. ... Gavin Owen

08/06/2024

10:46 PM pfSense Packages Feature #15673 (New): Feature request: Develop an actual Tailscale widget
Please see this thread for details: https://forum.netgate.com/topic/177265/tailscale-is-not-online-problem?_=17098346... Jonathan Lee
07:41 PM Bug #15671 (Feedback): Setting the Port Forward interface to an interface group selects an invalid destination
Fix in commit:b7419f41d698f5759e8e17ec08ad5b8265f0fba5. Marcos M
07:51 AM Bug #15671 (Resolved): Setting the Port Forward interface to an interface group selects an invalid destination
Version: 24.03
When creating a port forward NAT rule for the WireGuard interface group, the 'Destination Type' dro... Craig .
07:38 PM Revision b7419f41: Set a default destination type in Port Forward rules. Fix #15671
Check that the destination option exists before switching to it, else
set it to "Address or Alias". Marcos M
06:54 PM pfSense Packages Bug #15319: TailScale widget shows wrong status (green instead of red)
Why is it not a bug when the widget shows the status as running and the TS status shows it's down?!
Please reconsi... Yuri Weinstein
10:49 AM pfSense Docs Correction #15672 (Closed): Design Considerations - Design Style
https://docs.netgate.com/pfsense/en/latest/vpn/wireguard/design.html#design-style
> Typically, a tunnel is defined... Bob Dig
12:40 AM Feature #15670 (Confirmed): Link with packet loss, put link on hold on the gateway group.
I noticed that sometimes there is a link degradation, but not enough to bring the link down, something like 5 or 8% p... Marcelo Cury

08/05/2024

10:32 PM Regression #15669 (Resolved): Static routes using null gateways are not installed
When trying to add a static route to the Null4 gateway, which should be localhost, the operation fails in 24.03 with:... Steve Wheeler
05:08 PM Bug #12747: Restarting the logging daemon during rotation also restarts ``sshguard``, leading to frequent log messages
Damn. I got bit by this today when trying to troubleshoot a remote firewall. Filled to the brim with the logspew (pfS... → luckman212
02:15 PM pfSense Packages Bug #15668 (New): squidclamav.so cat't read the client IP
even the option is set in the WEBGUI and the related config line is available in squid.conf, squidclamav logs
squi... Thomas Eckardt
02:09 PM pfSense Packages Bug #15667 (New): squidclamav does not initialize - squid not working
regular expressions defined in /usr/local/pkg/squid_antivirus.inc are too long
the resulting lines in /usr/local/etc... Thomas Eckardt
12:12 PM Bug #15663 (Not a Bug): KEA DHCP issue with unbound DNS resolution - possibly related to #15651
The feature is not supported on Kea as it's not fully implemented yet. Whatever you are able to make happen now may w... Jim Pingle
12:10 PM Bug #15664 (Not a Bug): IPsec VTI firewall rules not syncing in HA setup
This is a config issue, not a bug.
If the rules appear to not sync then the interfaces must not be assigned in an ... Jim Pingle
12:53 AM Bug #15664 (Not a Bug): IPsec VTI firewall rules not syncing in HA setup
Seems to be a failure in the way the sycing is done with pfSense in High Availability
Two systems in HA.
On Mast... Mike Moore
12:09 PM pfSense Packages Bug #15662 (Not a Bug): Sudo package - errors when saving changed in HA setup
Jim Pingle
12:54 AM pfSense Packages Bug #15662: Sudo package - errors when saving changed in HA setup
This issue can be closed. There were quite a few configuration issues on the secondary node that would prevented any ... Mike Moore
12:02 PM Todo #15666 (New): Kea dhcp - enable run_script hook plugin
For those with DNS not on the pfsense system, it would be helpful to enable the `libdhcp_run_script.so` hook plugin, ... Rob Heat
07:11 AM Bug #15665 (New): Download Limit Issue
Dear Team,
When I am using a Limiter for bandwidth using the upload limit works perfectly and the Download Limit ... Farhan Nazim

08/04/2024

07:44 PM Bug #15663 (Not a Bug): KEA DHCP issue with unbound DNS resolution - possibly related to #15651
(First-time user reporting an issue here, so please bear over with me if I did something wrong).
I would've prefer... Martin J
12:48 PM pfSense Plus Bug #15535: Outgoing packets with Private source IP on WAN
There is only one host communicate to this remote IP:Port.
There is no 1:1 NAT
There is no static port configured.
... David G

08/03/2024

11:59 PM pfSense Packages Bug #15662 (Not a Bug): Sudo package - errors when saving changed in HA setup
pfsense community addition in a High Availability set up.
Installed SUDO package. When i make a change and click sa... Mike Moore
06:52 PM pfSense Packages Bug #15594 (Pull Request Review): ERROR when IP are with " " at the start or end of address
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/408 Christopher Cope
04:36 PM Regression #11819: MAC address OEM information missing from ARP table
Jim Pingle wrote in #note-10:
> It functions properly on 2.7.2 as well.
>
> The MAC OEM list is not a part of the... tasty ratz

08/02/2024

03:36 PM Bug #15130 (Confirmed): Kea will not start with identical MAC address filters on multiple interfaces
I tested and was able to reproduce the issue on the latest 24.08 DEVELOPMENT release.
Danilo Zrenjanin
03:32 PM pfSense Plus Bug #15535 (Incomplete): Outgoing packets with Private source IP on WAN
Marcos M
12:30 PM pfSense Plus Bug #15535: Outgoing packets with Private source IP on WAN
Like I mentioned a couple comments up, the way that happens is when something tries and fails to make a NAT state. Us... Jim Pingle
12:22 PM pfSense Plus Bug #15535 (New): Outgoing packets with Private source IP on WAN
This at least appears to be real. NAT is configured correctly and works as expected most of the time. Periodically a ... Steve Wheeler

08/01/2024

10:37 PM Bug #15130: Kea will not start with identical MAC address filters on multiple interfaces
Customer in ticket 2460340376 is affected by this and asking for an update on a resolution. Kris Phillips
05:47 PM Feature #15661 (Resolved): GUI options to change default SCTP state timeouts
Tested the patch against:... Danilo Zrenjanin
03:40 PM Feature #15661: GUI options to change default SCTP state timeouts
Applied in changeset commit:d68ab15cbb9f888c4ef644d8f107f62c9db2d343. Marcos M
03:34 PM Feature #15661 (Feedback): GUI options to change default SCTP state timeouts
This had only been implemented on the rules themselves initially, though the GUI options are populated somewhat dynam... Marcos M
10:30 AM Feature #15661 (Confirmed): GUI options to change default SCTP state timeouts
Danilo Zrenjanin
10:16 AM Feature #15661: GUI options to change default SCTP state timeouts
I can confirm the behavior on 24.03
If I save the new value it will not save and stand "grey" default value
befor... Lev Prokofev
10:10 AM Feature #15661 (Resolved): GUI options to change default SCTP state timeouts
The system doesn't save the changes regarding the SCTP (first, opening, established, closing, closed) made under *Sys... Danilo Zrenjanin
03:31 PM Revision d68ab15c: Allow changing system-default SCTP timeouts. Implement #15661
Marcos M
01:45 PM pfSense Plus Bug #15638: BE verification fails after logging in before the boot process finishes
triggered it once on 24.03 -> 24.08.a.20240607, can't reproduce now when updating to latest dev
tested on:
24.08-DE... Georgiy Tyutyunnik
09:33 AM Bug #15110: pfSense hangs when rebooting
#3049726503 installed the original drive from the spare device, but it still hangs.
!clipboard-202408011234-stqnb.... Lev Prokofev

07/31/2024

08:58 PM pfSense Docs Todo #15660 (Closed): Update Bandwidth usage section
https://docs.netgate.com/pfsense/en/latest/monitoring/graphs/bandwidth-usage.html#monitoring-on-multiple-interfaces
... Mike Moore
03:38 PM Revision 0e24b70b: Make sure array_init_path() always initializes the array
Marcos M
03:01 PM Feature #15659 (New): Kea option for ``reservations-out-of-pool`` and associated input validation (IPv4 and IPv6)
We currently set @"reservations-in-subnet": true@ for all subnets but we do not explicitly set @reservations-out-of-p... Jim Pingle

07/30/2024

11:17 PM pfSense Docs Correction #15658 (New): IPv6 options explainer
For context: https://forum.netgate.com/topic/189410/ipv6-still-logging-despite-rule/2?_=1722379601543
Reason: Fire... Mike Moore
08:17 PM Revision d81fcdd9: Improve path handling in array_init_path()
Adapt the path handling from array_set_path() into array_init_path(). Marcos M
04:58 PM Bug #15657 (Pull Request Review): State table entries printed on ``diag_dump_states.php`` may contain an unexpected interface
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/406 Marcos M
03:50 PM Bug #15657: State table entries printed on ``diag_dump_states.php`` may contain an unexpected interface
The state info is retrieved by calling @pfSense_get_pf_states()@ which in turn populates state info by calling @pfSen... Marcos M
03:49 PM Bug #15657 (Resolved): State table entries printed on ``diag_dump_states.php`` may contain an unexpected interface
When @route-to@ sends traffic out of a different gateway from the default route, the state's interface is set accordi... Marcos M
07:37 AM pfSense Packages Feature #9833: ACME: add ability to use custom ACME server
+1 also Ross Tajvar

07/29/2024

09:45 PM pfSense Plus Bug #15638 (Feedback): BE verification fails after logging in before the boot process finishes
Fixed in commit:ac195834436a29d9dd54781cc4e50246caccdce9 Marcos M
05:55 PM Feature #15575 (Resolved): Kea High Availability Support (IPv4 and IPv6)
Everything appears to be working properly on the latest builds. Including self-signed certs not being listed in the T... Jim Pingle
04:21 PM Bug #15552: NTP option "DNS Resolution" has no effect when using NTP pool hostnames
On 7/29 I've applied the diff. Since applying, the NTP log has stopped showing the "Soliciting Pool Server" requests... Travis McMurry
03:23 PM Revision 9cb40688: Fix PHP error in DDNS widget.
The widget was generating a PHP error when there were no Dynamic DNS
entries (traditional or RFC2136) Jim Pingle
02:57 PM Feature #15656 (Closed): Options to expose Kea REST API (IPv4 and IPv6)
In ISC DHCP the GUI had (effectively) a global option to enable OMAPI support. Kea doesn't have that, but it has a RE... Jim Pingle
02:54 PM Feature #15655 (New): Kea pre-allocation address-in-use check (IPv4 and IPv6)
Issue for tracking a function in Kea to check if an address is in use before proceeding with allocation. In ISC this ... Jim Pingle
02:51 PM Feature #15654 (Resolved): Kea Static ARP Support (IPv4 only)
Issue for tracking Kea Static ARP Support (IPv4 only) -- There is no option in the DHCP GUI to enable/disable the mai... Jim Pingle
02:49 PM Feature #15653 (New): Kea Dynamic DNS Support (IPv4 and IPv6)
Issue for tracking Kea Dynamic DNS Support (IPv4 and IPv6) -- note this is for handing off Dynamic DNS to a DNS serve... Jim Pingle
02:47 PM Feature #15652 (Resolved): Kea DHCPv6 Prefix Delegation Support (IPv6 Only)
Issue for tracking Kea DHCPv6 Prefix Delegation Support (IPv6 Only)
 Jim Pingle
02:46 PM Feature #15651 (Resolved): Kea DNS Resolver (Unbound) Integration (IPv4 and IPv6)
Issue to track integration between Kea and the DNS Resolver (Unbound)
This is already in progress.
Somewhat rel... Jim Pingle
02:42 PM Feature #15650 (New): Kea Feature Integration for parity with ISC DHCP
Parent issue for tracking features not yet implemented in Kea. Not all of these may be possible or viable in Kea.
... Jim Pingle
02:39 PM pfSense Packages Bug #15649 (Resolved): pfBlockerNG can't operate ASN-based Aliases
ASN-based aliases in pfBlockerNG can't properly be populated or updated, resulting in empty file containing placehold... Georgiy Tyutyunnik
01:58 PM Regression #12581 (Resolved): Non Link-Local IPv6 CARP address does not get advertised to endpoints with RADVD
This is working properly on 24.08 snapshots w/Kea DHCP HA. Jim Pingle
12:57 PM Regression #15439 (Resolved): Incorrect icon on collapsed dashboard widgets
Looks good on the latest snapshot
!clipboard-202407290856-0pzka.png!
 Jim Pingle
12:30 PM Bug #15643: Deleting one pre-installed package may delete other pre-installed packages
If you can't reproduce this, you may have already removed and reinstalled one of these packages in the past. Check an... Jim Pingle

07/28/2024

11:36 PM Feature #15647: Include ability to generate Configuration file and QR Code for wireguard configuration
Reference: https://redmine.pfsense.org/issues/15648 Sean M
11:31 PM Feature #15647 (New): Include ability to generate Configuration file and QR Code for wireguard configuration
The idea is to make Wireguard configuration and client provisioning easier, similar to how Unifi (or others) handle c... Sean M
11:31 PM Feature #15648 (New): Include ability to gen private/public key in UI for easier WireGuard client provisioning

- Add a button to "Generate Key Pair" when creating a wireguard Peer - this would execute two commands and display ... Sean M
05:38 AM Regression #15439: Incorrect icon on collapsed dashboard widgets
Can confirm patch fixes the issue on 24.08 devel.
 dylan mendez
05:16 AM Bug #15643: Deleting one pre-installed package may delete other pre-installed packages
Cannot reproduce this either on 24.03 or 24.08 latest devel on the GUI. dylan mendez
12:34 AM Feature #15645: Improve sort orders within Interface Assignments
I agree the internal identifier / creation order is rarely optimal for most systems over time.
My preference is for ... Patch Public

07/27/2024

11:09 AM Bug #15625: IPv6 prefix rotation by ISP causes complete service disruption
Thank You for your answer. I don't think the mentioned issue #11570 is related this which just happened before filing... Jan-Jonas Sämann

07/26/2024

08:43 PM Bug #15625 (Feedback): IPv6 prefix rotation by ISP causes complete service disruption
I don't know if there's any code that still uses @pfSense_get_interface_addresses()@ - most if not all has been updat... Marcos M
08:41 PM Feature #12190 (New): Ability to use an IPv6 prefix in firewall rules
Marcos M
03:54 PM Feature #15646: Apply interface sorting preference to interface assignments
I can also confirm, *Custom Settings* are not being used by any user within this system. Guy van der Werf
03:45 PM Feature #15646 (New): Apply interface sorting preference to interface assignments
h3. Interface Assignments - interfaces_assign.php
With reference to the rejected Feature #15645, the reason descri... Guy van der Werf
12:48 PM Feature #15645 (Rejected): Improve sort orders within Interface Assignments
The order of the interfaces is significant (especially to HA setups), so hiding that order by sorting the list by def... Jim Pingle
11:16 AM Feature #15645 (Rejected): Improve sort orders within Interface Assignments
As a network administrator, I request an improvement to the UI to assist administration.
h3. 1. Interface Assignme... Guy van der Werf
10:30 AM Feature #855: Ability to selectively kill states on gateway recovery
Henniee Walterson wrote in #note-26:
> it might be useful to implement the recover state killing in the gateway sect... Asher Oto
10:06 AM pfSense Plus Bug #15639: Automatic boot verification shows negative timer
commit fixes the issue
tested on:
24.08-DEVELOPMENT (amd64)
built on Thu Jul 18 8:00:00 CEST 2024
FreeBSD 15.0-CU... Georgiy Tyutyunnik

07/25/2024

09:30 PM Revision 5fc24fbc: Set blockbogons and blockpriv as flags in setup wizard
These config items are treated as flags everywhere else. Marcos M
07:35 PM Bug #15643: Deleting one pre-installed package may delete other pre-installed packages
I cannot reproduce this.. How are you deleting them? CLI w/ pkg delete? Brad Davis
03:51 PM pfSense Packages Bug #14299: pfBlockerNG does not honor the cURL source interface setting for DNSBL lists
This has issue has been open for over a year and the original pull request is no longer valid so I've closed it, made... Charles Hamilton
01:01 AM pfSense Packages Bug #15644 (Resolved): Snort Status icon disappears
Services > Snort > Interfaces. The green circle with the checkmark changes to what's shown in the second image when m... Chris W
 

Also available in: Atom