Activity
From 08/04/2024 to 09/02/2024
09/02/2024
-
10:57 PM Feature #15698 (New): Provide global log level setting for IPsec under VPN --> IPsec --> Advanced Settings
- strongswan provides six log levels (-1`to `4). It also provides 18 logging subsystems.
https://docs.strongswan.org/d... -
09:19 PM pfSense Plus Feature #15697 (New): Dashboard Widget for logged-in GUI users
- As discussed here: https://forum.netgate.com/topic/189921/logged-in-as-webui?_=1725311646662
There needs to be so... -
08:34 PM Bug #15081: Upgrade fails due to undersized EFI filesystem
- Came across this on a production environment, can confirm the issue is resolved by following steps mentioned.
-
06:36 PM Revision 62b7615a: Fix regression when removing interface assignments
-
04:24 PM pfSense Docs Correction #15696 (Closed): IKEv2 ACME certificate usage
- https://docs.netgate.com/pfsense/en/latest/recipes/ipsec-mobile-ikev2-eap-mschapv2.html#ipsec-ikev2-p1 states:
A cer... -
01:56 PM Bug #15679: Multicast with intel NIC
- To update on this issue, you can see the FreeBSD bug here : https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=281125
... -
07:48 AM pfSense Plus Bug #15693: Bug #13423 still present in 24.03-RELEASE version
- The best way to confirm that this is indeed the same bug would be to gather `ifmcstat -i <ifname>` on the pfsense box...
09/01/2024
-
- Prometheus node exporter package for pfSense has not worked for at least a year. #14452
Current 24.03 version = node... -
- I copied over `node_exporter-1.8.2.pkg` from the FreeBSD repos. Installed, no errors. It works!
!grafana.jpg! -
04:41 AM Feature #15651: Kea DNS Resolver (Unbound) Integration (IPv4 and IPv6)
- with KEA enabled DNS registration options are present under services>DHCP server, globally, and on each interface's s...
08/31/2024
-
06:13 PM Feature #15651 (Feedback): Kea DNS Resolver (Unbound) Integration (IPv4 and IPv6)
- We now have a brand new integration with Kea that solves all of these issues and more. We now support both DHCPv4 and...
-
- We now have a brand new integration with Kea that solves all of these issues and more. We now support both DHCPv4 and...
-
02:17 PM Regression #15692 (Resolved): OpenVPN QinQ interface creation fails
- This is no longer an issue on:...
-
- Before the move to config access functions, accessing the global config
array with null keys would lead to errors or ...
08/30/2024
-
-
- $ca does not reference the config at this point - no need to remove it.
08/29/2024
-
- config.lib.inc may be sourced without the xml parsing functions being
available first. For example, from auth.inc(31)... -
- This reverts commit c599e81b822bb8d6c89b3844372b44fcc55808bf.
Revert this in favor of requiring the file within the r... -
- Fixed with commit:352e16b8ff56f5b62fdbc7544b29cb27355a9468.
The issue only affects the default gateway group (i.e.... -
03:52 PM Bug #15694: State Killing on Gateway Recovery fails for the default gateway group with the "Kill all" option selected
- Resolved by this @marcosm patch: https://forum.netgate.com/post/1182417
-
09:17 AM Bug #15612: Captive Portal with big number of passththrough MAC addresses is causing webgui gateway timeouts, Error 50x, and HA-sync XMLRPC Error
- We've been having the Same-ish Problem.
Main XMLRPC Error:... -
07:31 AM Bug #11147: Domeneshop DynDNS IPv4 and IPv6
- Daniel T wrote in #note-4:
> Viktor Gurov wrote in #note-3:
> > This is Domeneshop bug, see https://api.domeneshop.... -
07:21 AM Bug #15676: OpenVPN not rendering alises in "IPv4 Local network" setting.
- We are able to reproduce the issue on differents installations but I forgot to mention that we are working with pfSen...
08/28/2024
-
- If a config path is called with a null index, the result is undefined due to the
config functions ignoring consecutiv... -
-
08/27/2024
-
- XML parsing functions must be available for other includes to use them.
This is most important during boot where conf... -
- Simple WAN failover/failback config with a primary WAN and a secondary. Failover/failback works as expected overall,...
-
- In fairness how is what you are asking for handled any other way in other security appliances?
I can pick Palos and ... -
06:47 AM Feature #15689: Nice to have option to customize top panel logo e.g. to add County flag or Company logo.
- Thanks!
But this is not what I looking for. Here you go another cool advice "you can look at address bar"
I don't k... -
- You can also find the option "Hostname on Menu" on the same Setup Page.
This will add the Hostname to the GUI, bes... -
- Confirmed. I stumbled on this as well, and is exactly as Serge described.
-
-
11:47 AM Bug #11147: Domeneshop DynDNS IPv4 and IPv6
- Viktor Gurov wrote in #note-3:
> This is Domeneshop bug, see https://api.domeneshop.no/docs/index.html#tag/ddns:
> A ... -
12:04 AM pfSense Plus Bug #15693 (Incomplete): Bug #13423 still present in 24.03-RELEASE version
- Bug #13423 seems to be still present in 24.03-RELEASE version.
I have a fixed IPv6 assigned interface on a VM (fd...
08/26/2024
-
- https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/1167
-
09:41 PM Regression #15692 (Resolved): OpenVPN QinQ interface creation fails
- Trying to use an OpenVPN interface as a parent for VLANs or QinQ fails in current builds....
-
- Also avoid creating bogus dynamic gateways for QinQ interfaces.
-
- If the grep command doesn't find the route, there's no need to log an error.
-
- dylan mendez wrote in #note-1:
> There's always the option to change the hostname of the appliance and make pfSense ... -
- There's always the option to change the hostname of the appliance and make pfSense show that hostname on the login pa...
08/25/2024
-
-
08:33 AM pfSense Plus Regression #15690: pfSense doesn't send gateway event notifications
- Tested on 24.03, I can confirm such behaviour.
08/24/2024
-
- Azamat Khakimyanov wrote in #note-3:
> Tested on latest 24.08-DEVELOPMENT (built on Mon Jul 15 6:00:00 UTC 2024)
> ... -
- I'm not able to reproduce this issue either. Please confirm you have the limiter applied correctly. https://docs.netg...
-
06:07 AM Bug #12747 (Resolved): Restarting the logging daemon during rotation also restarts ``sshguard``, leading to frequent log messages
- Upon testing against the latest development build, I could not replicate the reported issue. Therefore, I am marking ...
08/23/2024
-
-
03:33 PM Regression #15669: Static routes using null gateways are not installed
- can't reproduce on the dev, seems to be fixed
tested on:
Version 24.08-DEVELOPMENT (amd64)
built on Fri Aug 23 8:0... -
05:12 PM pfSense Plus Bug #15675: IPv4 Prefixes with IPv6 Next Hops only show one of two Next Hops for Equal Cost Multipath
- Customer in ticket 2998961236 is asking for an update on this redmine and if there is a workaround.
-
04:01 PM pfSense Plus Regression #15690: pfSense doesn't send gateway event notifications
- The issue exists in the 24.08...
-
- tested on ...
-
03:58 PM Bug #15684 (Feedback): Panic in ``tcp_m_copym`` with selective ACK enabled
-
- I think I know what's happening here. I'm only 95% sure, but it matches all observations.
It's an issue that's kno... -
12:30 PM Bug #15684: Panic in ``tcp_m_copym`` with selective ACK enabled
- I have set `net.inet.tcp.sack.enable=0` through System Tuneables on both Units and will report back if the crash occu...
-
- The core dump confirms what I suspected from the initial report, in that tcp_m_copym() got called with a NULL mbuf. T...
-
- No, the use of large swap volumes is discouraged in general, as is external storage. A little swap can be useful, but...
-
03:17 PM Feature #15691: Simplifying use of external SWAP within GUI
- Just to help with understanding, I now can update Snort and ClamAV at the same time and nothing is terminated because...
-
- Currently the process to set this up it requires finding the drive mounting it and partitioning it, after changing th...
-
- Is there anyway to simplify the swap configuration for an everyday user, and or to make it easier? Thus someone just ...
-
- Make sure to reboot after applying the patches.
-
08/22/2024
-
- Great we have that and it looks promising.
-
- It failed for a switch of WAN Connections I was using.
I uploaded it again as a gzipped version (179848383 bytes)... -
- Hmm, not seeing it nextcloud on this side. How did it fail the first time? What size is it?
-
- Upload completed with 2nd attempt.
sha1sum of the uploaded file should be the following:
bfe8b2f2cccb7823fcb4b775... -
- Excellent. Here we go:
https://nc.netgate.com/nextcloud/s/k6CLjPKRKKaPt5C -
- We have a `vmcore` produced with a crash which occurred earlier today. Can you share a Nextcloud Link so I can provi...
-
-
- I was able to reproduce the issue on 24.03.
After applying the patch, I got the same results. ... -
- We have several PFSense clusters in different countries. Sometimes it is hard to identify correct one in browser's op...
-
- I can confirm this behavior on 24.03.
Status_Traffic_Totals 2.3.2_4
!clipboard-202408221037-jv5fa.png!
08/21/2024
-
-
- With commit:f32dca244955da9007e1bc75801d486b5f70352e sshguard now monitors auth.log directly instead of relying on sy...
-
- Instead of restarting sshguard with each log rotation, keep it running
separately while monitoring the auth log file.... -
06:43 PM pfSense Plus Bug #15688 (Confirmed): inverse on graph shows number as Bytes without converting to KB or MB or GB or TB, etc. on mouse over
- When using inverse for say the stacked bar graph for traffic totals in the traffic totals package.
See this thread... -
- Fix was picked back to 24.03 and it's working there, too.
-
- Fix works well on Plus 24.08 and CE 2.8.0 snapshots.
Next is picking it back to 24.03 and testing there.
No nee... -
- Minutes after rebooting the secondary unit (another Netgate 1537) to enable "full core dump mode" the primary unit on...
-
- Our Netgate 1537 crashed earlier today. In `/var/crash` however there's only `bounds`, `info.0` as well as `textdump....
-
- After upgrading FRR to 2.0.2_4, the kernel routes appeared again.
I am marking this ticket as resolved.
08/20/2024
-
08:36 PM pfSense Packages Todo #15683 (Resolved): Fix for vulnerabilities CVE-2024-31950 CVE-2024-31951 in frr
- 9.1.1 is in the repos now.
-
- To move forward we need a full core dump from a system hitting the bug. If anyone can setup their to provide that ple...
-
- I've re-added the 'webConfigurator authentication error for user' patch in sshguard.
-
06:27 AM pfSense Packages Feature #15397: Wazuh Agent
- i also would ask for adding the wazuh agent to the packages as it is available already in the BSD Repos the effort se...
08/19/2024
-
- The new FRR version is now available in 24.03. It can be pulled in by running @pfSense-upgrade@ from the CLI.
-
- The @sshguard@ daemon isn't triggering blocks for GUI authentication failures.
The patch that adds the login strin... -
12:19 AM Feature #15686 (New): Add Host Alias when mapping Static IP
- Please consider a feature to add/modify an associated host alias in the firewall when creating a static IP on the DCH...
08/18/2024
-
- I am able to successfully remove individual pre-installed packages on 24.08.a.20240814.1541 build
08/17/2024
-
- The packet loss percentage, for what is considered low and high loss, can be adjusted per gateway. System > Routing a...
-
- Marcos M wrote in #note-18:
> Here's a patch for 24.03 for testing:
> {{collapse
> [...]
> }}
>
> Apply then reboot.... -
- Here's a patch for 24.03 for testing:
Apply then reboot.
08/16/2024
-
- Outstanding work. Thank you Kristof
-
- I've opened https://github.com/FRRouting/frr/pull/16597 with FRR with the fix.
The short version is that FRR made ...
08/15/2024
-
- Fixed in https://github.com/pfsense/pfsense/commit/2476993c03d6844268639825d431ff5218f169af
-
- Clarify comment while there.
-
- After failing over to a backup WAN interface, the clients were unable to connect using the backup WAN's IP address. U...
-
- Customer hit this issue, ticket for reference #3053406835
-
- Hitting this in 24.03
-
- In some situations pfSense panics with:...
-
- This appears to be unrelated to HAProxy directly. Simply that it's more likely to occur when HAProxy is running. See:...
08/14/2024
-
- Yeah that should be compression. I pushed a fix, it'll be live in a couple minutes when it finishes building.
Than... -
12:40 PM pfSense Docs Correction #15682 (Closed): VPN Scaling
- This has to be corrected:
Disabling encryption will mitigate that attack
correct:
Disabling *compression* will mit... -
- Can confirm after install of 9.0.3 on my SG-6100, kernal default route is back.
## Before ##
K>* 1.0.0.1/32 [0... -
- Current stable-version frr9.1_2 is reported to have the following vulnerabilities:
CVE-2024-31950
CVE-2024-31951
... -
08/13/2024
-
- As of cURL 7.10.8, CURLINFO_HTTP_CODE is a legacy alias of
CURLINFO_RESPONSE_CODE. -
- There are two potentially different issues here:
* OSPF-learned default routes do not get redistributed
* OSPF(?) def... -
- Maybe under Status > Interfaces , provide the ability to show how long the port has been up.
As a router / firewall ...
08/12/2024
-
- Unable to replicate issue with known good configuration on pfSense CE 2.7.2 or pfSense Plus 24.08-development.
-
- I'm unable to reproduce this issue on pfSense CE 2.7.2.
-
-
12:46 PM pfSense Packages Bug #15680: replace sysutils/devcpu-data microcode package with sysutils/cpu-microcode
- Ok, thank you.
-
- It's already switched in the tree and in snapshots, so there is nothing more to do here.
-
- Upstream FreeBSD has abandoned sysutils/devcpu-data, pfSense has the latest version of that installed in 2.7.2 commun...
-
- config_read_file():
- Refactor to adapt code from parse_config(), parse_config_bootup(),
and write_config().
- Don'...
08/11/2024
-
- Since pfSense 2.7.1, in systems with intel X710 netork card, multicast is not working anymore.
By using a multicast ... -
-
- older backups seem to be fine in testing with 24.03, have not been able to reproduce on current release
08/10/2024
-
- Until redmine 14483 is rectified please add a note in the documentation where it states that any changes to any IPsec...
-
05:09 AM Bug #15110: pfSense hangs when rebooting
- Ran into the same issue today on a 6100.
The internal storage was no longer detected after a power outage, so we ins...
08/09/2024
-
- Just following up to see if there is any progress.
In theory there isn’t really a good reason to not have the config... -
- It's used in the recipe because some operating systems still use it by default when you configure clients using the n...
-
- Thanks for your answer Marcos. Just a couple of questions:
- is there an ETA for this fix to be released on CE ?
...
08/08/2024
-
- It seems like this has already been fixed - it's not reproducible in 24.08-dev.
-
- Here the relevant, and wrong, lines from config.ovpn after reboot:...
-
- When using network aliases in "IPV4 Local network" OpenVPN setting, they are not rendered and they are sent to client...
-
09:51 PM pfSense Docs Todo #15677 (Rejected): Feedback on pfSense® software Configuration Recipes — IPsec Remote Access VPN Example Using IKEv2 with EAP-MSCHAPv2
- *Page:* https://docs.netgate.com/pfsense/en/latest/recipes/ipsec-mobile-ikev2-eap-mschapv2.html
*Feedback:*
re:... -
-
- Introduce config lock in encrypted_configxml() and restore_backup().
Remove config lock from parse_config() and pars... -
-
- Is there a patch or a dev build i can try if there is a fix for this?
-
- When configuring FRR to utilize ECMP with IPv6 next hops in BGP for IPv4 prefixes, only one of the next hops will be ...
08/07/2024
-
03:02 PM pfSense Packages Feature #15674 (Resolved): Support custom IP and Port variables for interfaces
- Add the ability for the user to enter their own custom server and port variables on the Suricata define variables pag...
-
-
04:48 AM pfSense Packages Feature #11206: FRR 7.5
- I see that Ben is no longer logging in?
Login: bmh.01
Registered on: 10/04/2018
Last connection: 02/24/2021
Can s... -
01:16 PM Todo #15666: Kea dhcp - enable run_script hook plugin
- Implementing this turned out not to be too difficult:
https://github.com/pfsense/pfsense/pull/4693 -
- I was able to replicate this behavior on 24.03.
The issue is resolved on the latest 24.08 Development build.
... -
- I too am affected by this issue (being the original poster on the forums), and can't upgrade to 24.03 because of it. ...
08/06/2024
-
- Please see this thread for details: https://forum.netgate.com/topic/177265/tailscale-is-not-online-problem?_=17098346...
-
- Fix in commit:b7419f41d698f5759e8e17ec08ad5b8265f0fba5.
-
07:51 AM Bug #15671 (Resolved): Setting the Port Forward interface to an interface group selects an invalid destination
- Version: 24.03
When creating a port forward NAT rule for the WireGuard interface group, the 'Destination Type' dro... -
- Check that the destination option exists before switching to it, else
set it to "Address or Alias". -
06:54 PM pfSense Packages Bug #15319: TailScale widget shows wrong status (green instead of red)
- Why is it not a bug when the widget shows the status as running and the TS status shows it's down?!
Please reconsi... -
- https://docs.netgate.com/pfsense/en/latest/vpn/wireguard/design.html#design-style
> Typically, a tunnel is defined... -
12:40 AM Feature #15670 (Confirmed): Link with packet loss, put link on hold on the gateway group.
- I noticed that sometimes there is a link degradation, but not enough to bring the link down, something like 5 or 8% p...
08/05/2024
-
- When trying to add a static route to the Null4 gateway, which should be localhost, the operation fails in 24.03 with:...
-
05:08 PM Bug #12747: Restarting the logging daemon during rotation also restarts ``sshguard``, leading to frequent log messages
- Damn. I got bit by this today when trying to troubleshoot a remote firewall. Filled to the brim with the logspew (pfS...
-
02:15 PM pfSense Packages Bug #15668 (New): squidclamav.so cat't read the client IP
- even the option is set in the WEBGUI and the related config line is available in squid.conf, squidclamav logs
squi... -
- regular expressions defined in /usr/local/pkg/squid_antivirus.inc are too long
the resulting lines in /usr/local/etc... -
- The feature is not supported on Kea as it's not fully implemented yet. Whatever you are able to make happen now may w...
-
- This is a config issue, not a bug.
If the rules appear to not sync then the interfaces must not be assigned in an ... -
- Seems to be a failure in the way the sycing is done with pfSense in High Availability
Two systems in HA.
On Mast... -
-
- This issue can be closed. There were quite a few configuration issues on the secondary node that would prevented any ...
-
- For those with DNS not on the pfsense system, it would be helpful to enable the `libdhcp_run_script.so` hook plugin, ...
-
07:11 AM Bug #15665 (New): Download Limit Issue
- Dear Team,
When I am using a Limiter for bandwidth using the upload limit works perfectly and the Download Limit ...
08/04/2024
-
07:44 PM Bug #15663 (Not a Bug): KEA DHCP issue with unbound DNS resolution - possibly related to #15651
- (First-time user reporting an issue here, so please bear over with me if I did something wrong).
I would've prefer... -
12:48 PM pfSense Plus Bug #15535: Outgoing packets with Private source IP on WAN
- There is only one host communicate to this remote IP:Port.
There is no 1:1 NAT
There is no static port configured.
...
Also available in: Atom