Project

General

Profile

Activity

From 08/18/2024 to 09/16/2024

09/16/2024

08:57 PM Bug #15729 (Resolved): Session cookie warnings
PR: https://github.com/pfsense/pfsense/pull/4700
Firefox outputs warnings in the console about the cookies not hav... GChuf 6
08:37 PM Bug #15373: Firewall Logs Dashboard widget update interval does not behave as expected
I was also able to reproduce the problem.
From what I can tell you're reading the code correctly Jim ...
I think th... GChuf 6
06:28 PM Feature #15651: Kea DNS Resolver (Unbound) Integration (IPv4 and IPv6)
I can restart Unbound and still resolve DHCP clients on a standalone system or HA primary, so that part looks good.
... Jim Pingle
05:29 PM Bug #15702: IPv4 DHCP client responses may be routed unexpectedly out unrelated WANs
Updated description + diff based on further testing. Jim Pingle
02:25 PM pfSense Docs Todo #15727 (Closed): Typo in BGP docs - BGP Tab configuration
Fixed, thanks! Jim Pingle
10:25 AM pfSense Packages Bug #15720: Zabbix Proxy only allows selecting RSA certificates
I found out the same thing; The following diff to /usr/local/pkg/zabbix-proxy.inc should fix things; ... npr .

09/15/2024

11:58 PM Bug #14977: Kea fails to restart due to race between process termination and startup
This issue has impacted me on numerous occasions, only when the service is killed in an unclean fashion.
I also ca... Zachary Cohen
02:09 PM Todo #15728 (Resolved): Improve Thermal Sensors Dashboard widget refresh code
Thermal sensor refresh logic is flawed, resulting in "building" of html and initial variables every time the widget r... GChuf 6
02:12 AM pfSense Plus Bug #15639: Automatic boot verification shows negative timer
haven't seen any boot verification messages, still good in 24.08.a.20240913.1746 Jordan G
02:12 AM Bug #15404: Captive Portal logo fails to load after authenticated redirect
Tested this as well. Seems resolved. Kris Phillips
01:25 AM pfSense Docs Todo #15727 (Closed): Typo in BGP docs - BGP Tab configuration
https://docs.netgate.com/pfsense/en/latest/packages/frr/bgp/config-bgp.html#network-distribution
There is a typo i... Marcelo Cury
12:18 AM pfSense Packages Bug #15726 (Resolved): Apcupsd dashboard widget warning/critical values are not digits or units as expected
Attempting to change the warning and critical thresholds for load, temp, charge and battery age in the Apcupsd widget... Jordan G

09/14/2024

10:57 PM Bug #15725: Dashboard widgets refresh at unintended intervals
I've also tested what happens if only 1 widget is active on the master branch - in my case the system informartion ("... GChuf 6
10:47 PM Bug #15725 (Resolved): Dashboard widgets refresh at unintended intervals
Here's the PR:
https://github.com/pfsense/pfsense/pull/4697
Current problem:
the widget system does not work as ... GChuf 6
10:49 PM Feature #13520: Improve Thermal Sensors Dashboard widget readability
Thank you - I've created another PR for the widget refresh, and I'll put optimizations in yet another PR.
You can cl... GChuf 6
09:20 PM Bug #15633: Limiters applied to OpenVPN interface do not apply for download traffic
@Azamat
Why close the bug report when you recon that limiters don't work at all on assigned vpn interfaces? And your... Phil Wardt
08:27 PM Bug #15633 (Resolved): Limiters applied to OpenVPN interface do not apply for download traffic
Tested on 24.03 and on 24.08-DEVELOPMENT (built on Fri Sep 13 17:46:00 UTC 2024)
IN and OUT Limiters work correctl... Azamat Khakimyanov

09/13/2024

08:45 PM Feature #15651: Kea DNS Resolver (Unbound) Integration (IPv4 and IPv6)
> * -Lease entries synchronized from HA primary to secondary are not added to Unbound on secondary-
> * -Lease entri... Christian McDonald
07:03 PM Bug #15679 (Needs Patch): Multicast with intel NIC
Marcos M
04:39 PM Bug #15679: Multicast with intel NIC
I am also hitting the same issue and it is pretty brutal for me with pfsense crashing.
pfsense plus 24.03 Emre K
06:49 PM Revision d46c8560: Fix input validation for gateway
Marcos M

09/12/2024

09:33 PM Feature #15724 (Rejected): allow .local
The @.local@ TLD is reserved for mDNS, it shouldn't be used in regular DNS. Unbound doesn't do anything special with it. Jim Pingle
09:10 PM Feature #15724 (Rejected): allow .local

pfsense is not resolving names if the domain was .local .
adding feature to allow .local will help if there was ... Alhusein Zawi
08:08 PM Bug #15723 (Feedback): ``unbound-checkconf`` fails with python mode enabled
Fixed in commit:d3c309afe8c0680a632bd1c1c4115234548a3d56. Marcos M
07:38 PM Bug #15723 (Resolved): ``unbound-checkconf`` fails with python mode enabled
With unbound python mode enabled, the config check always fails:... Marcos M
08:00 PM Revision d3c309af: Set the working directory before checking unbound config. Fix #15723
Marcos M
06:25 PM Bug #15722 (Feedback): Unbound configuration file contains Localhost address in forwarding mode with TLS enabled
Applied in changeset commit:aaa7cb6da6c75ee2ea6a0daebcc3cb72e81f9ede. Marcos M
06:18 PM Bug #15722 (In Progress): Unbound configuration file contains Localhost address in forwarding mode with TLS enabled
Marcos M
06:18 PM Bug #15722 (Resolved): Unbound configuration file contains Localhost address in forwarding mode with TLS enabled
Enabling forwarding mode and TLS in DNS Resolver results in the following:... Marcos M
06:19 PM Revision aaa7cb6d: Improve localhost DNS checks. Fix #15722
Marcos M
05:21 PM pfSense Docs Correction #15721 (Closed): Feedback on System Monitoring — Monitoring Bandwidth Usage
*Page:* https://docs.netgate.com/pfsense/en/latest/monitoring/graphs/bandwidth-usage.html
*Feedback:* For Bandwidt... Craig Leres
05:18 PM Bug #15719 (Resolved): GUI logout messages do not use the ``auth`` log facility
Marcos M
05:01 PM Bug #15719: GUI logout messages do not use the ``auth`` log facility
Tested commit:609a1e17657273c6d09c8795398be4b39df8d361.
Success. Logout messages sent to auth facility for local and... Craig Coonrad
04:40 PM Bug #15719: GUI logout messages do not use the ``auth`` log facility
Fixed in commit:609a1e17657273c6d09c8795398be4b39df8d361. Marcos M
04:39 PM Bug #15719 (Feedback): GUI logout messages do not use the ``auth`` log facility
Marcos M
04:07 PM Bug #15719 (In Progress): GUI logout messages do not use the ``auth`` log facility
Marcos M
04:38 PM Revision 609a1e17: Include GUI logout in auth log. Fix #15719
User logouts do not need to be as loud as user logins. Include
them in the auth log but make them quiet for the console. Marcos M
04:27 PM Feature #13520: Improve Thermal Sensors Dashboard widget readability
I agree it's slow. My only advice is to keep the commits focused; the more detail/explanation about why a change is m... Marcos M
02:07 PM Feature #13520: Improve Thermal Sensors Dashboard widget readability
First of all thank you for looking at the PR and your commits. I agree with all the changes you've made to my commits... GChuf 6
03:50 PM pfSense Docs Todo #15342 (Closed): Document differences due to password security changes
Jim Pingle
12:41 PM pfSense Packages Bug #15720: Zabbix Proxy only allows selecting RSA certificates
The package code appears to limit selection to RSA certificate types only, so it wouldn't allow selecting ECDSA certi... Jim Pingle
11:41 AM pfSense Packages Bug #15720 (New): Zabbix Proxy only allows selecting RSA certificates
Depending on currently unknown details, some certificates, while present on the pfSense host, are not selectable for ... npr .

09/11/2024

06:51 PM Revision b3b1f351: Allow adding package menus with different sections
A package may have multiple menus with the same name but
different sections. Marcos M
06:49 PM Bug #15719: GUI logout messages do not use the ``auth`` log facility
Additional info. This applies to local logging as well.
multiple login/logouts. Only login appears in auth.log
... Craig Coonrad
05:15 PM Bug #15719 (Resolved): GUI logout messages do not use the ``auth`` log facility
Version: 24.03-RELEASE
Platform tested: 2100,4100,QEMU
Login (messages come in correctly on the auth facility)
... Craig Coonrad
09:40 AM pfSense Packages Feature #15548: Add packages for Zabbix 7.0 Agent and Proxy
Any update? Arvid Johansson

09/10/2024

08:42 PM Feature #13520 (Feedback): Improve Thermal Sensors Dashboard widget readability
The feature request has been (partly) implemented:
* commit:4b0deb88ca437dea96d719388a4b9136b49123ee: This change aff... Marcos M
08:13 PM Revision b0c455aa: Improve thermal widget readability
Add a margin between progress bars and sort sensors. Marcos M
08:12 PM Revision 4b0deb88: Theme the progress-bar color in pfSense-dark
Marcos M
07:52 PM pfSense Packages Bug #15715 (Feedback): Tailscale fails to start
patch has been accepted upstream and pulled into our tree Christian McDonald
04:06 PM pfSense Packages Bug #15715 (Waiting on Merge): Tailscale fails to start
https://reviews.freebsd.org/D46626 Christian McDonald
01:14 PM pfSense Packages Bug #15715 (Resolved): Tailscale fails to start
The service can be started manually using: "service tailscaled start"
Once started it can be stopped from the gui ... Steve Wheeler
07:45 PM Bug #15718 (Resolved): AutoConfigBackup tries to upload backups before the system has finished booting
Fixed in commit:750e90694fff04008b77708f859fd73f073918d5. Marcos M
07:43 PM Bug #15718 (Resolved): AutoConfigBackup tries to upload backups before the system has finished booting
If there are changes waiting to be uploaded during bootup, ACB will try to upload these changes even though the WAN i... Marcos M
07:03 PM Bug #14434 (Feedback): PPPoE WAN interface with VIPs causes continuous interface restarting
This needs to be re-tested and confirmed for 24.08. Marcos M
07:00 PM pfSense Plus Bug #15712: Experimental ethernet rules, order broken when adding rule on other interface tab
Yes, there have been several fixes since that build. I expect a new snapshot build to be publicly available soon-ish. Marcos M
05:41 PM pfSense Plus Bug #15712: Experimental ethernet rules, order broken when adding rule on other interface tab

This what I have in that section:
@$interface = strtolower($interface);
$relative_index_count = -1; // a valid... Vladimir Suhhanov
04:02 PM pfSense Plus Bug #15712 (Feedback): Experimental ethernet rules, order broken when adding rule on other interface tab
I was not able to reproduce this on dev snapshots. It may have been resolved by https://redmine.pfsense.org/issues/15... Marcos M
06:49 PM pfSense Packages Todo #15717 (Resolved): Migrate to use of system-provided set_curlproxy() function
Merged into 2.7.2/24.03 and devel/plus-devel. Marcos M
03:56 PM pfSense Packages Todo #15717: Migrate to use of system-provided set_curlproxy() function
The fix for this issue has been posted in Pull Request 1382 posted against the RELENG_2_7_2 branch of pfSense here: h... Bill Meeks
03:24 PM pfSense Packages Todo #15717 (Resolved): Migrate to use of system-provided set_curlproxy() function
Migrate from the custom code for configuring the CURL proxy when downloading files to using the @set_curlproxy()@ sys... Bill Meeks
06:48 PM pfSense Packages Regression #15713 (Resolved): Suricata Files tab shows nothing due to unassigned variable in ``suricata_files.php``
Merged into 2.7.2/24.03 and devel/plus-devel. Marcos M
03:57 PM pfSense Packages Regression #15713: Suricata Files tab shows nothing due to unassigned variable in ``suricata_files.php``
A Pull Request containing the fix for this issue has been posted against the RELENG_2_7_2 CE branch of pfSense here: ... Bill Meeks
01:07 PM pfSense Packages Regression #15713: Suricata Files tab shows nothing due to unassigned variable in ``suricata_files.php``
Yes, that is a copy-paste typo error in the PHP code. Should be @$instanceid@ as you surmised. I will add this to my ... Bill Meeks
01:03 AM pfSense Packages Regression #15713 (Resolved): Suricata Files tab shows nothing due to unassigned variable in ``suricata_files.php``
Hi, there is a PHP coding bug in the interface of Suricata Files tab - this is where you would see uploaded/downloade... Anton Pleshakov
06:35 PM pfSense Packages Feature #15674 (Feedback): Support custom IP and Port variables for interfaces
Implemented with:
* https://github.com/pfsense/FreeBSD-ports/commit/e223eea228d49070b5f5a912fac61581a329b65c
* https:... Marcos M
04:37 PM pfSense Packages Feature #15674: Support custom IP and Port variables for interfaces
Pull Request 1382 has been submitted against the RELENG_2_7_2 CE branch of pfSense to implement this feature: https:/... Bill Meeks
05:57 PM Bug #15714 (Rejected): remote logging: pfSense does not log GUI logins
Most likely something in your configuration as I get login events via remote syslog from both Plus and CE snapshots, ... Jim Pingle
05:47 PM Bug #15714: remote logging: pfSense does not log GUI logins
problem exists in the latest dev snapshot (24.08.a.20240910.0600) Craig Coonrad
01:06 AM Bug #15714 (Rejected): remote logging: pfSense does not log GUI logins
version: 24.03-RELEASE
platform tested: 2100/4100/QEMU
reproducible: 100%
tested both log message formats (BSD,sys... Craig Coonrad
02:34 PM pfSense Packages Bug #15716 (Confirmed): FRR BFD echo mode is not working
Running pfSense 2.7.2 with everything up-to-date, including system patches, all applied.
I have two ipsec VTI tunnel... Marcelo Cury

09/09/2024

07:38 PM pfSense Plus Bug #15712 (Duplicate): Experimental ethernet rules, order broken when adding rule on other interface tab
To reproduce the issue with Ethernet rule ordering:
1. Install and configure pfBlocker with inbound/outbound inter... Vladimir Suhhanov
05:31 PM Revision 449efba0: Additional safety checks for explode()
See 8c81cad531b1dd43a6514604091b3c4a6932d715 Marcos M
05:23 PM Revision bfeac446: Add config path check when creating a user
Marcos M
05:05 PM Revision 750e9069: Don't do ACB uploads while the system is booting
Marcos M
04:23 PM Revision cd200729: Fix indentation
Style guide is to indent using tabs. Marcos M
03:39 PM pfSense Packages Bug #14299 (Resolved): pfBlockerNG does not honor the cURL source interface setting for DNSBL lists
Marcos M
03:37 PM pfSense Packages Feature #13135 (Resolved): Add dibdot DoH-IP-blocklists feeds
Marcos M
06:52 AM Bug #15612: Captive Portal with big number of passththrough MAC addresses is causing webgui gateway timeouts, Error 50x, and HA-sync XMLRPC Error
I was able to solve our problem. Our firewalls weren't syncing at all at closer inspection. I set the same Options un... Karl Ruskowski

09/08/2024

04:32 PM Bug #15404 (Resolved): Captive Portal logo fails to load after authenticated redirect
Tested on 24.08-DEVELOPMENT (built on Fri Sep 6 20:07:00 UTC 2024)
Captive Portal logo was correctly loaded after au... Azamat Khakimyanov

09/07/2024

09:15 PM Bug #15452: Unexpected/Undefined behaviour of disabled interfaces
system_patches v2.2.11_15 includes the change as a recommended patch to apply for 24.03. Functions as expected with N... Jordan G
08:42 PM Bug #15711: Special characters in the ACB configuration change description can cause PHP errors
confirmed on 24.03 release and 24.08.a.20240906.2007 build Jordan G
03:47 PM Bug #15711 (Resolved): Special characters in the ACB configuration change description can cause PHP errors
As one example, it's possible to create a description with a @|@ at the end but then trying to reach the Restore page... Chris W
05:56 PM Bug #13723: dpinger doesn't renew Gateway Monitoring IP address for IPsec VTi after changing IPsec VTi subnet
Tested on 24.08-DEVELOPMENT (built on Fri Sep 6 20:07:00 UTC 2024)
dpinger is still using 'old' Monitor IP if Loca... Azamat Khakimyanov
05:32 PM pfSense Packages Bug #13441: FRR fails to start with route map on "sequence 0" in configuration
Tested against frr 2.0.2_4
pfSense 24.03
The behavior is the same. Sequence 0 in route map prevents FRR/BGP ... Danilo Zrenjanin
03:47 PM pfSense Packages Bug #15710 (New): Zeek 3.0.6_4 expire-logs Failed - /usr/local/logs/stats Directory not found
With Zeek 3.0.6_4 on Netgate 4200, 24.03, I am getting the following error emailed to me:... William Rolison
03:43 PM pfSense Packages Bug #15709 (New): Zeek 3.0.6_4 UnicodeDecodeError utf-8 invalid continuation byte
With Zeek 3.0.6_4 on Netgate 4200, 24.03, I am getting the following error emailed to me:... William Rolison
01:11 PM Bug #15708 (Confirmed): The filterdns service won't start
I was able to replicate this on 24.03
As long as the list has >749 entries it fails to update. Lev Prokofev
12:24 PM Bug #15708 (Confirmed): The filterdns service won't start
If the filterdns.conf file contains more than 749 entries, the filterdns service will fail to start. This limitation ... Danilo Zrenjanin

09/06/2024

07:02 PM Feature #15707 (New): Add Nat logging ability for port forward and outbound nat
ref: https://redmine.pfsense.org/issues/11975, https://redmine.pfsense.org/issues/11975
It would be beneficial whe... Jay Sols
06:18 PM pfSense Docs Correction #15696 (Closed): IKEv2 ACME certificate usage
Updated and deployed, will be visible once the build finishes in a few minutes.
https://gitlab.netgate.com/docs/pf... Jim Pingle
05:44 PM pfSense Docs Todo #15701 (Closed): New 4G compatible USB stick - Huawei E3372-325
I added the Huawei E3372-325 to the documentation under the list of modems reported to work as Ethernet devices.
T... Jim Pingle
03:49 PM Bug #15084 (New): Upgrading an EFI system installed to ZFS mirror does not upgrade EFI loader on additional disks
Christian McDonald wrote in #note-8:
> This should work with the new `install-boot` stage in pfSense-upgrade.
I h... Jim Pingle
02:58 PM Feature #15706 (New): Zabbix
It would be really good to add a zabbix-agent and proxy package for the newest and really good version of zabbix 7.0. Arvid Johansson
01:51 PM pfSense Packages Bug #14556: Tailscale dropping routes from FIB
Close this ticket please. Fix action for the site-to-site subnet routing issue on CE 2.7.x below. This is described i... Matt Keys
02:50 AM Feature #5080: Settings tab for global Kea DHCP server options

custom options were added already to ISC dhcpd Alhusein Zawi

09/05/2024

10:22 PM Bug #15110: pfSense hangs when rebooting
same error here after change the original 16 GB eMMC to a 128 GB NVMe SSD João Moreira
09:13 PM Todo #15705 (Resolved): Clarify console menu option 0 description
Just creating this bug report here as advised by @jim-p, to accompany my Github PR: https://github.com/pfsense/pfsens... Liam Riley
08:02 PM Revision 7939322b: Fix config paths with leading slash
A single or a leading forwward-slash is not supported. Marcos M
07:48 PM Revision dbe25e25: Skip ppp modem interfaces where appropriate
Marcos M
07:22 PM pfSense Docs Correction #15696: IKEv2 ACME certificate usage
Alex Kolesnik wrote in #note-2:
> Also, could you please share that registry setting to ignore that IKE EKU check?
... Jim Pingle
06:05 PM Bug #15704 (Feedback): Automatic EDNS value may be lower than expected
Applied in changeset commit:1b863448a9cf4c333b14e4869c570aefaeb4a862. Marcos M
05:56 PM Bug #15704 (Waiting on Merge): Automatic EDNS value may be lower than expected
Marcos M
05:49 PM Bug #15704 (Resolved): Automatic EDNS value may be lower than expected
When the DNS Resolver configuration has not yet been saved, the active interfaces configuration section may be empty.... Marcos M
05:55 PM Revision 1b863448: Refactor automatic EDNS. Fix #15704
The change adds handling for empty active interfaces. Additionally,
support passing an interface list to allow unboun... Marcos M
02:59 PM Bug #15703 (Resolved): CVE-2023-28450
It's already updated in the repository and will be included in the next release, so there isn't anything else actiona... Jim Pingle
09:35 AM Bug #15703 (Resolved): CVE-2023-28450
Hello, today I just checked with openVAS the pfsense Firewall at home and found the following:
CVE-2023-28450
Sev... André L.
09:37 AM Bug #15643 (Confirmed): Deleting one pre-installed package may delete other pre-installed packages
I can replicate this behavior.
Tested against Netgate 6100 running:... Danilo Zrenjanin

09/04/2024

11:48 PM Revision 607d6bba: Additional safety checks for explode()
See 8c81cad531b1dd43a6514604091b3c4a6932d715 Marcos M
11:32 PM Revision 66e17663: Handle unassigned interfaces in rc.newwanip
Marcos M
11:24 PM Revision 5843f3bf: Add safety checks for calls to convert_real_interface_to_friendly_interface_name()
The function will return null for unassigned interfaces. Add checks
for this where appropriate. Marcos M
08:00 PM Feature #5080 (Feedback): Settings tab for global Kea DHCP server options
Christian McDonald
07:58 PM Bug #15084 (Feedback): Upgrading an EFI system installed to ZFS mirror does not upgrade EFI loader on additional disks
This should work with the new `install-boot` stage in pfSense-upgrade. Christian McDonald
07:47 PM Revision 8c81cad5: Filter out empty array values for explode()
Calling explode() with an empty string will return a single-element
array with an empty value. This change filters ou... Marcos M
07:39 PM Bug #15130 (Resolved): Kea will not start with identical MAC address filters on multiple interfaces
Marcos M
07:00 PM Bug #15130: Kea will not start with identical MAC address filters on multiple interfaces

kea-dhcp4 service is working with identical MAC address filters on multiple interfaces.
24.08-DEVELOPMENT (amd64... Alhusein Zawi
07:18 PM Bug #15643: Deleting one pre-installed package may delete other pre-installed packages
This only applies to systems installed with the new online installer. Brad Davis
06:40 PM Bug #15702 (Resolved): IPv4 DHCP client responses may be routed unexpectedly out unrelated WANs
When there are multiple DHCP client interfaces on an installation, DHCP ACK packets from DHCP servers on some interfa... Jim Pingle
06:25 PM Revision 35f66a30: Skip ppp modem interfaces where appropriate
This avoids calling e.g. get_real_interface() for a modem device. Marcos M
05:51 PM pfSense Docs Todo #15701 (Closed): New 4G compatible USB stick - Huawei E3372-325
Hello
I don't know if this is the right place for this but I would like to add a 4g usb stick to the list of compati... Sébastien SANTORO

09/03/2024

10:59 PM Revision 6a3a96f1: Fix returned gateways list
When get_gateways() was introduced, some existing function calls
that were updated to use this new function now get a... Marcos M
10:26 PM Revision 3d1d330a: Fix checks for mobile IPsec
When mobile is set, it is an empty string and hence should be
checked with isset(). Also make sure the mobile network... Marcos M
09:09 PM Revision 43746bd5: Escape only once when printing form fields
Form titles and values are already escaped when printed. Marcos M
08:11 PM Revision f9b81396: Don't try to configure empty ntpd interfaces
Marcos M
08:08 PM Revision dcfd6fa4: Don't try to configure interface groups without members
Marcos M
08:00 PM Bug #15130: Kea will not start with identical MAC address filters on multiple interfaces
Applied in changeset commit:03225b474358b66c96c59c1b87420b0078583ef4. Christian McDonald
07:51 PM Bug #15130: Kea will not start with identical MAC address filters on multiple interfaces
Fixed in https://gitlab.netgate.com/pfSense/pfSense/-/commit/03225b474358b66c96c59c1b87420b0078583ef4 Christian McDonald
07:50 PM Bug #15130 (Feedback): Kea will not start with identical MAC address filters on multiple interfaces
Christian McDonald
07:23 PM Bug #15130 (In Progress): Kea will not start with identical MAC address filters on multiple interfaces
Christian McDonald
07:49 PM Revision 03225b47: kea: allow identical MAC address filters on multiple interfaces. Fixes #15130
Christian McDonald
07:28 PM Feature #15651 (In Progress): Kea DNS Resolver (Unbound) Integration (IPv4 and IPv6)
There are a few things that still need some polishing, Christian is aware, some require changes in Kea that area alre... Jim Pingle
06:09 PM Revision b7a73647: Log invalid config path access
Marcos M
05:49 PM Bug #15700 (Feedback): Package navigation menus can be duplicated when reinstalling the package
This happens because the package name itself can contain trailing whitespace. I've pushed a general fix in pfSense an... Marcos M
05:42 PM Bug #15700 (Resolved): Package navigation menus can be duplicated when reinstalling the package
When an existing package is reinstalled, its navigation menu can be duplicated. This seems to be dependent on the pac... Marcos M
05:19 PM Revision d194c382: Trim name when adding package navigation menus
Marcos M
05:16 PM pfSense Docs Correction #15696: IKEv2 ACME certificate usage
Jim, it would be really nice to mention that in the docs, thanks!
Also, could you please share that registry setti... Alex Kolesnik
02:25 PM pfSense Docs Correction #15696: IKEv2 ACME certificate usage
That is a known limitation it's just not called out in that spot. It says "many" though, not "all".
At one point I... Jim Pingle
02:58 PM pfSense Plus Feature #15697: Dashboard Widget for logged-in GUI users
Thanks for considering this. Its a good idea but is the juice worth the squeeze?
Maybe in the future where the unde... Mike Moore
02:31 PM pfSense Plus Feature #15697: Dashboard Widget for logged-in GUI users
Log scraping is inaccurate and the wrong way to do this sort of thing.
We could maybe have it check other PHP sess... Jim Pingle
02:47 PM Revision ab3af612: Remove reference to undefined function
Marcos M
02:24 PM pfSense Packages Feature #15699 (New): Add possibility to advertise "connector" with pfsense
As descibed in the tailscale docs here > https://tailscale.com/kb/1281/app-connectors
App Connectors are a good thin... Tony Boston

09/02/2024

10:57 PM Feature #15698 (New): Provide global log level setting for IPsec under VPN --> IPsec --> Advanced Settings
strongswan provides six log levels (-1`to `4). It also provides 18 logging subsystems.
https://docs.strongswan.org/d... Craig Coonrad
09:19 PM pfSense Plus Feature #15697 (New): Dashboard Widget for logged-in GUI users
As discussed here: https://forum.netgate.com/topic/189921/logged-in-as-webui?_=1725311646662
There needs to be so... Mike Moore
08:34 PM Bug #15081: Upgrade fails due to undersized EFI filesystem
Came across this on a production environment, can confirm the issue is resolved by following steps mentioned. dylan mendez
06:36 PM Revision 62b7615a: Fix regression when removing interface assignments
Marcos M
04:24 PM pfSense Docs Correction #15696 (Closed): IKEv2 ACME certificate usage
https://docs.netgate.com/pfsense/en/latest/recipes/ipsec-mobile-ikev2-eap-mschapv2.html#ipsec-ikev2-p1 states:
A cer... Alex Kolesnik
01:56 PM Bug #15679: Multicast with intel NIC
To update on this issue, you can see the FreeBSD bug here : https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=281125
... Max Pal
07:48 AM pfSense Plus Bug #15693: Bug #13423 still present in 24.03-RELEASE version
The best way to confirm that this is indeed the same bug would be to gather `ifmcstat -i <ifname>` on the pfsense box... Kristof Provost

09/01/2024

06:29 PM pfSense Packages Feature #15695 (Resolved): Please upgrade node_exporter to >= node_exporter-1.8.2
Prometheus node exporter package for pfSense has not worked for at least a year. #14452
Current 24.03 version = node... Craig Coonrad
06:19 PM pfSense Packages Regression #14452: Prometheus node_exporter generates errors with the default config
I copied over `node_exporter-1.8.2.pkg` from the FreeBSD repos. Installed, no errors. It works!
!grafana.jpg! Craig Coonrad
04:41 AM Feature #15651: Kea DNS Resolver (Unbound) Integration (IPv4 and IPv6)
with KEA enabled DNS registration options are present under services>DHCP server, globally, and on each interface's s... Jordan G

08/31/2024

06:13 PM Feature #15651 (Feedback): Kea DNS Resolver (Unbound) Integration (IPv4 and IPv6)
We now have a brand new integration with Kea that solves all of these issues and more. We now support both DHCPv4 and... Christian McDonald
06:11 PM Bug #5413 (Feedback): Reduce disruptions when changing DNS records from DHCP leases in Unbound
We now have a brand new integration with Kea that solves all of these issues and more. We now support both DHCPv4 and... Christian McDonald
02:17 PM Regression #15692 (Resolved): OpenVPN QinQ interface creation fails
This is no longer an issue on:... Christopher Cope
01:32 AM Revision 0b92ed13: Add path safety checks to config access functions
Before the move to config access functions, accessing the global config
array with null keys would lead to errors or ... Marcos M

08/30/2024

05:20 PM Revision 5ffc4380: Add some config access safety checks
Marcos M
04:18 PM Revision 284c0da8: Fix accidental deletion of CAs
$ca does not reference the config at this point - no need to remove it. Marcos M

08/29/2024

06:40 PM Revision 67bf8a30: Source xml parsing functions in config.lib.inc
config.lib.inc may be sourced without the xml parsing functions being
available first. For example, from auth.inc(31)... Marcos M
06:34 PM Revision d8c35176: Revert "Adjust xmlparse.inc require order"
This reverts commit c599e81b822bb8d6c89b3844372b44fcc55808bf.
Revert this in favor of requiring the file within the r... Marcos M
03:53 PM Bug #15694 (Resolved): State Killing on Gateway Recovery fails for the default gateway group with the "Kill all" option selected
Fixed with commit:352e16b8ff56f5b62fdbc7544b29cb27355a9468.
The issue only affects the default gateway group (i.e.... Marcos M
03:52 PM Bug #15694: State Killing on Gateway Recovery fails for the default gateway group with the "Kill all" option selected
Resolved by this @marcosm patch: https://forum.netgate.com/post/1182417 Marc Goldburg
09:17 AM Bug #15612: Captive Portal with big number of passththrough MAC addresses is causing webgui gateway timeouts, Error 50x, and HA-sync XMLRPC Error
We've been having the Same-ish Problem.
Main XMLRPC Error:... Karl Ruskowski
07:31 AM Bug #11147: Domeneshop DynDNS IPv4 and IPv6
Daniel T wrote in #note-4:
> Viktor Gurov wrote in #note-3:
> > This is Domeneshop bug, see https://api.domeneshop.... Jostein Hove-Henriksen
07:21 AM Bug #15676: OpenVPN not rendering alises in "IPv4 Local network" setting.
We are able to reproduce the issue on differents installations but I forgot to mention that we are working with pfSen... Matteo Capuano

08/28/2024

10:48 PM Revision 4cd7b4b4: Add safety checks to config index variables
If a config path is called with a null index, the result is undefined due to the
config functions ignoring consecutiv... Marcos M
09:10 PM Revision 3371d190: Kill states on both sides during gateway failover
Marcos M
09:10 PM Revision 352e16b8: Actually kill states when recovering the default gateway group
Marcos M

08/27/2024

11:44 PM Revision c599e81b: Adjust xmlparse.inc require order
XML parsing functions must be available for other includes to use them.
This is most important during boot where conf... Marcos M
09:38 PM Bug #15694 (Resolved): State Killing on Gateway Recovery fails for the default gateway group with the "Kill all" option selected
Simple WAN failover/failback config with a primary WAN and a secondary. Failover/failback works as expected overall,... Marc Goldburg
06:34 PM Feature #15689: Nice to have option to customize top panel logo e.g. to add County flag or Company logo.
In fairness how is what you are asking for handled any other way in other security appliances?
I can pick Palos and ... Mike Moore
06:47 AM Feature #15689: Nice to have option to customize top panel logo e.g. to add County flag or Company logo.
Thanks!
But this is not what I looking for. Here you go another cool advice "you can look at address bar"
I don't k... Vyacheslav Livankin
01:44 AM Feature #15689: Nice to have option to customize top panel logo e.g. to add County flag or Company logo.
You can also find the option "Hostname on Menu" on the same Setup Page.
This will add the Hostname to the GUI, bes... dylan mendez
05:52 PM Bug #14843 (Confirmed): Explicit split DNS domain names required for IoS IPSEC clients.
Confirmed. I stumbled on this as well, and is exactly as Serge described. Craig Coonrad
03:46 PM Revision fd10f3e9: Fix saving DHCP6 config with empty interface config
Marcos M
11:47 AM Bug #11147: Domeneshop DynDNS IPv4 and IPv6
Viktor Gurov wrote in #note-3:
> This is Domeneshop bug, see https://api.domeneshop.no/docs/index.html#tag/ddns:
> A ... Daniel T
12:04 AM pfSense Plus Bug #15693 (Incomplete): Bug #13423 still present in 24.03-RELEASE version
Bug #13423 seems to be still present in 24.03-RELEASE version.
I have a fixed IPv6 assigned interface on a VM (fd... Marek Hajduczenia

08/26/2024

09:56 PM Regression #15692 (Feedback): OpenVPN QinQ interface creation fails
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/1167 Marcos M
09:41 PM Regression #15692 (Resolved): OpenVPN QinQ interface creation fails
Trying to use an OpenVPN interface as a parent for VLANs or QinQ fails in current builds.... Steve Wheeler
09:54 PM Revision 171c8315: Correct OpenVPN QinQ creation. Fix #15692
Also avoid creating bogus dynamic gateways for QinQ interfaces. Marcos M
06:01 PM Revision 22d888ca: Silence error when checking for dynamic route
If the grep command doesn't find the route, there's no need to log an error. Marcos M
07:01 AM Feature #15689: Nice to have option to customize top panel logo e.g. to add County flag or Company logo.
dylan mendez wrote in #note-1:
> There's always the option to change the hostname of the appliance and make pfSense ... Vyacheslav Livankin
02:21 AM Feature #15689: Nice to have option to customize top panel logo e.g. to add County flag or Company logo.
There's always the option to change the hostname of the appliance and make pfSense show that hostname on the login pa... dylan mendez

08/25/2024

05:31 PM Feature #15609 (Resolved): Allow filtering packet captures by system-defined protocols
Marcos M
08:33 AM pfSense Plus Regression #15690: pfSense doesn't send gateway event notifications
Tested on 24.03, I can confirm such behaviour. aleksei prokofiev

08/24/2024

05:59 PM Feature #15609: Allow filtering packet captures by system-defined protocols
Azamat Khakimyanov wrote in #note-3:
> Tested on latest 24.08-DEVELOPMENT (built on Mon Jul 15 6:00:00 UTC 2024)
> ... Christopher Cope
01:45 PM Bug #15665: Download Limit Issue
I'm not able to reproduce this issue either. Please confirm you have the limiter applied correctly. https://docs.netg... Christopher Cope
06:07 AM Bug #12747 (Resolved): Restarting the logging daemon during rotation also restarts ``sshguard``, leading to frequent log messages
Upon testing against the latest development build, I could not replicate the reported issue. Therefore, I am marking ... Danilo Zrenjanin

08/23/2024

06:28 PM Regression #15669 (Resolved): Static routes using null gateways are not installed
Marcos M
03:33 PM Regression #15669: Static routes using null gateways are not installed
can't reproduce on the dev, seems to be fixed
tested on:
Version 24.08-DEVELOPMENT (amd64)
built on Fri Aug 23 8:0... Georgiy Tyutyunnik
05:12 PM pfSense Plus Bug #15675: IPv4 Prefixes with IPv6 Next Hops only show one of two Next Hops for Equal Cost Multipath
Customer in ticket 2998961236 is asking for an update on this redmine and if there is a workaround. Kris Phillips
04:01 PM pfSense Plus Regression #15690: pfSense doesn't send gateway event notifications
The issue exists in the 24.08... Lev Prokofev
11:15 AM pfSense Plus Regression #15690 (New): pfSense doesn't send gateway event notifications
tested on ... Lev Prokofev
03:58 PM Bug #15684 (Feedback): Panic in ``tcp_m_copym`` with selective ACK enabled
Jim Pingle
01:44 PM Bug #15684: Panic in ``tcp_m_copym`` with selective ACK enabled
I think I know what's happening here. I'm only 95% sure, but it matches all observations.
It's an issue that's kno... Kristof Provost
12:30 PM Bug #15684: Panic in ``tcp_m_copym`` with selective ACK enabled
I have set `net.inet.tcp.sack.enable=0` through System Tuneables on both Units and will report back if the crash occu... Christian Bönning
12:23 PM Bug #15684: Panic in ``tcp_m_copym`` with selective ACK enabled
The core dump confirms what I suspected from the initial report, in that tcp_m_copym() got called with a NULL mbuf. T... Kristof Provost
03:23 PM Feature #15691 (Rejected): Simplifying use of external SWAP within GUI
No, the use of large swap volumes is discouraged in general, as is external storage. A little swap can be useful, but... Jim Pingle
03:17 PM Feature #15691: Simplifying use of external SWAP within GUI
Just to help with understanding, I now can update Snort and ClamAV at the same time and nothing is terminated because... Jonathan Lee
03:15 PM Feature #15691: Simplifying use of external SWAP within GUI
Currently the process to set this up it requires finding the drive mounting it and partitioning it, after changing th... Jonathan Lee
03:13 PM Feature #15691 (Rejected): Simplifying use of external SWAP within GUI
Is there anyway to simplify the swap configuration for an everyday user, and or to make it easier? Thus someone just ... Jonathan Lee
03:54 AM Bug #12747: Restarting the logging daemon during rotation also restarts ``sshguard``, leading to frequent log messages
Make sure to reboot after applying the patches. Marcos M
03:47 AM Revision d64256a5: Don't restart sshguard when the syslogd service is restarted
Marcos M

08/22/2024

03:56 PM Bug #15684: Panic in ``tcp_m_copym`` with selective ACK enabled
Great we have that and it looks promising. Steve Wheeler
11:15 AM Bug #15684: Panic in ``tcp_m_copym`` with selective ACK enabled
It failed for a switch of WAN Connections I was using.
I uploaded it again as a gzipped version (179848383 bytes)... Christian Bönning
10:58 AM Bug #15684: Panic in ``tcp_m_copym`` with selective ACK enabled
Hmm, not seeing it nextcloud on this side. How did it fail the first time? What size is it? Steve Wheeler
09:31 AM Bug #15684: Panic in ``tcp_m_copym`` with selective ACK enabled
Upload completed with 2nd attempt.
sha1sum of the uploaded file should be the following:
bfe8b2f2cccb7823fcb4b775... Christian Bönning
09:10 AM Bug #15684: Panic in ``tcp_m_copym`` with selective ACK enabled
Excellent. Here we go:
https://nc.netgate.com/nextcloud/s/k6CLjPKRKKaPt5C Steve Wheeler
08:26 AM Bug #15684: Panic in ``tcp_m_copym`` with selective ACK enabled
We have a `vmcore` produced with a crash which occurred earlier today. Can you share a Nextcloud Link so I can provi... Christian Bönning
03:16 PM Bug #12747 (Feedback): Restarting the logging daemon during rotation also restarts ``sshguard``, leading to frequent log messages
Danilo Zrenjanin
03:01 PM Bug #12747 (Resolved): Restarting the logging daemon during rotation also restarts ``sshguard``, leading to frequent log messages
I was able to reproduce the issue on 24.03.
After applying the patch, I got the same results. ... Danilo Zrenjanin
10:16 AM Feature #15689 (New): Nice to have option to customize top panel logo e.g. to add County flag or Company logo.
We have several PFSense clusters in different countries. Sometimes it is hard to identify correct one in browser's op... Vyacheslav Livankin
08:37 AM pfSense Plus Bug #15688 (Confirmed): inverse on graph shows number as Bytes without converting to KB or MB or GB or TB, etc. on mouse over
I can confirm this behavior on 24.03.
Status_Traffic_Totals 2.3.2_4
!clipboard-202408221037-jv5fa.png!
 Danilo Zrenjanin

08/21/2024

10:11 PM Revision dc459dc9: Config access regression in general setup
Marcos M
08:24 PM Bug #12747 (Feedback): Restarting the logging daemon during rotation also restarts ``sshguard``, leading to frequent log messages
With commit:f32dca244955da9007e1bc75801d486b5f70352e sshguard now monitors auth.log directly instead of relying on sy... Marcos M
08:18 PM Revision f32dca24: Stop sshguard spam in system logs. Fix #12747
Instead of restarting sshguard with each log rotation, keep it running
separately while monitoring the auth log file.... Marcos M
06:43 PM pfSense Plus Bug #15688 (Confirmed): inverse on graph shows number as Bytes without converting to KB or MB or GB or TB, etc. on mouse over
When using inverse for say the stacked bar graph for traffic totals in the traffic totals package.
See this thread... JohnPoz _
06:38 PM Regression #15687 (Resolved): ``sshguard`` is not properly detecting GUI login failures
Fix was picked back to 24.03 and it's working there, too.
 Jim Pingle
02:28 PM Regression #15687: ``sshguard`` is not properly detecting GUI login failures
Fix works well on Plus 24.08 and CE 2.8.0 snapshots.
Next is picking it back to 24.03 and testing there.
No nee... Jim Pingle
03:00 PM Bug #15684: Panic in ``tcp_m_copym`` with selective ACK enabled
Minutes after rebooting the secondary unit (another Netgate 1537) to enable "full core dump mode" the primary unit on... Christian Bönning
08:57 AM Bug #15684: Panic in ``tcp_m_copym`` with selective ACK enabled
Our Netgate 1537 crashed earlier today. In `/var/crash` however there's only `bounds`, `info.0` as well as `textdump.... Christian Bönning
06:49 AM pfSense Packages Regression #15623 (Resolved): FRR does not load kernel routes at startup
After upgrading FRR to 2.0.2_4, the kernel routes appeared again.
I am marking this ticket as resolved. Danilo Zrenjanin

08/20/2024

08:36 PM pfSense Packages Todo #15683 (Resolved): Fix for vulnerabilities CVE-2024-31950 CVE-2024-31951 in frr
9.1.1 is in the repos now. Brad Davis
05:35 PM Bug #15684: Panic in ``tcp_m_copym`` with selective ACK enabled
To move forward we need a full core dump from a system hitting the bug. If anyone can setup their to provide that ple... Steve Wheeler
12:13 PM Regression #15687 (Ready To Test): ``sshguard`` is not properly detecting GUI login failures
I've re-added the 'webConfigurator authentication error for user' patch in sshguard. Kristof Provost
06:27 AM pfSense Packages Feature #15397: Wazuh Agent
i also would ask for adding the wazuh agent to the packages as it is available already in the BSD Repos the effort se... Matthias Donner

08/19/2024

04:09 PM pfSense Packages Regression #15623 (Feedback): FRR does not load kernel routes at startup
The new FRR version is now available in 24.03. It can be pulled in by running @pfSense-upgrade@ from the CLI. Marcos M
02:06 PM Regression #15687 (Resolved): ``sshguard`` is not properly detecting GUI login failures
The @sshguard@ daemon isn't triggering blocks for GUI authentication failures.
The patch that adds the login strin... Jim Pingle
12:19 AM Feature #15686 (New): Add Host Alias when mapping Static IP
Please consider a feature to add/modify an associated host alias in the firewall when creating a static IP on the DCH... J G

08/18/2024

12:57 AM Bug #15643: Deleting one pre-installed package may delete other pre-installed packages
I am able to successfully remove individual pre-installed packages on 24.08.a.20240814.1541 build Jordan G
 

Also available in: Atom