Project

General

Profile

Activity

From 09/04/2024 to 10/03/2024

10/03/2024

11:23 PM Regression #15762 (Resolved): Captive Portal concurrent login setting does not work
Fixed in commit:c3939d63ad846097e0111faf75b1dc9a632b9a94. Marcos M
11:17 PM Regression #15762 (Resolved): Captive Portal concurrent login setting does not work
When set to @Last login@, the user is able to have multiple active sessions. Marcos M
11:20 PM Revision c3939d63: Config access regression. Fix #15762
Marcos M
08:36 PM Feature #15761 (New): Tailscale failover

Tailscale does not support fail-over, it would be helpful if it runs automatically on backup server in case primary... Alhusein Zawi
07:43 PM Feature #15321: Kea DHCP Custom Configuration Support (IPv4 and IPv6)
After a lot of experimentation and help from Marcos, I discovered it is important to know if the option is already de... Dale Harron
04:32 PM Todo #15728 (Pull Request Review): Improve Thermal Sensors Dashboard widget refresh code
Marcos M
02:14 PM Bug #15751 (Resolved): Declining to reset the admin account via the console menu still prompts to change the password
Jim Pingle
02:02 PM Bug #15751: Declining to reset the admin account via the console menu still prompts to change the password
reproduced on Sept 28 build, it is fixed in the latest
tested on
24.08-DEVELOPMENT (amd64)
built on Wed Oct 2 16:1... Georgiy Tyutyunnik
01:03 PM Bug #15754: log file size growing despite settings
I understand. Thank you for your effort. Tomas B.
12:54 PM Bug #15754 (Not a Bug): log file size growing despite settings
OK, there does not appear to be a bug in how the settings themselves are handled. Your configuration is broken. Eithe... Jim Pingle
06:46 AM Bug #15754: log file size growing despite settings
Hi
this is what it contains.
!clipboard-202410030846-hynuo.png!
 Tomas B.
07:58 AM pfSense Packages Bug #15758: openVPN client exporting for another user and fails to work with ldap.
Finally, there's one more file that should be changed; /usr/local/pkg/... npr .
03:45 AM Bug #12708: Alias with non-resolving FQDN entry breaks underlying PF table
Hello, just meet this issue again on pfsense CE 2.7.2-RELEASE (amd64) Enoch Lau
01:49 AM pfSense Packages Bug #15760 (Resolved): Typo in Snort Important Preproc Information
Hello,
I am letting you know that there is a typo,
located in the Important Preprocessor Information message.
I ... Matthew Zscherpel

10/02/2024

04:37 PM Bug #15759 (New): CVE-2024-43102 umtx Kernel panic or Use-After-Free
Tracking for this vulnerability:
https://www.freebsd.org/security/advisories/FreeBSD-SA-24:14.umtx.asc
Should be ... Kris Phillips
04:02 PM Revision fb79f9b0: kea: fix service restart shortcut
Christian McDonald
02:50 PM pfSense Packages Bug #15758: openVPN client exporting for another user and fails to work with ldap.
This only solves the display issue: there's still another issue where, in this scenario (both local database and anot... npr .
10:02 AM pfSense Packages Bug #15758 (New): openVPN client exporting for another user and fails to work with ldap.
When a second user database is configured for the VPN, for example ldap, then the client export utility will no longe... npr .

10/01/2024

07:38 PM Revision 32fd7d34: Clarify error log when omitting gateway from ruleset
Marcos M
05:45 PM Bug #15754: log file size growing despite settings
Nothing there looks out of sorts.
Check in @/etc/crontab@ and see if you have a line there for newsyslog. It shoul... Jim Pingle
07:21 AM Bug #15754: log file size growing despite settings
Hello.
Providing the info you asked for:
!clipboard-202410010919-ea5w6.png!
!clipboard-202410010919-hxfwh.png!
!c... Tomas B.
04:42 PM pfSense Packages Regression #14189: pfBlocker-NG: HA-Sync is not working
Per https://forum.netgate.com/topic/179060/pfblockerng-sync-not-working/57, still an issue in 3.2.0_17. Steve Y
01:28 PM Bug #15757 (Confirmed): Incorrect dashboard column spacing when using five columns
Setting the dashboard to use 5 columns incorrectly shows spacing for 6 comlumns though the 6th cannot be used.
For... Steve Wheeler

09/30/2024

11:55 PM Bug #15755 (Feedback): Mobile IPsec sends incorrect DNS attribute IDs
Applied in changeset commit:49890f9591cb1eba17a9317c7db29ad0ab6d06ad. Anonymous
09:14 PM Bug #15755: Mobile IPsec sends incorrect DNS attribute IDs
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/1169 Steve Wheeler
09:02 PM Bug #15755 (Closed): Mobile IPsec sends incorrect DNS attribute IDs
The IPsec Mobile additional configuration attributes for DNS domain and Split DNS to pass to clients are generated wi... Steve Wheeler
11:45 PM Revision 49890f95: Correct Mobile IPSec Attribute IDs. Fix #15755
Steve Wheeler
11:43 PM Bug #7420 (Closed): ipsec status freezing
Marcos M
09:52 PM pfSense Packages Bug #15756 (Confirmed): NTOPNG db sits in ramdisk on pfsense, filling it up and crashing pfsense
Environment:
OS name: PFSENSE
OS version: 2.7.2-RELEASE
Architecture: amd64
ntopng version/revision: ntopng Com... cody wasser
07:41 PM Feature #15321: Kea DHCP Custom Configuration Support (IPv4 and IPv6)
I'm providing a patch here to experiment with custom options for DHCP4; no support will be provided for this.
{{colla... Marcos M
02:35 PM Bug #15754: log file size growing despite settings
What version are you seeing this problem on?
I've been trying to replicate it on a lab system but I can't make it ... Jim Pingle
02:31 PM Bug #15754: log file size growing despite settings
Sadly, result was the same again. Tomas B.
01:46 PM Bug #15754: log file size growing despite settings
So the outcome was the same. I will do next round of testing. I will set rotation count manually to 7 in firewall sub... Tomas B.
01:17 PM Bug #15754 (Feedback): log file size growing despite settings
OK, let us know if that started it rotating again. And be sure to check the setting on the Firewall log tab as well t... Jim Pingle
01:05 PM Bug #15754: log file size growing despite settings
OK. So i set the default system settings on 7. I can see it everywhere else. And I restarted logging service. Tomas B.
12:50 PM Bug #15754: log file size growing despite settings
Maybe it's the way your theme or the browser is rendering those settings. There have been cases where the dark theme ... Jim Pingle
12:42 PM Bug #15754: log file size growing despite settings
Hi Jim
without my intervention its there. So it seems that the configuration did not accepted it.
!clipboard-202409... Tomas B.
12:30 PM Bug #15754: log file size growing despite settings
You have "Log Retention Count" set to @0@, which might be the problem. Don't change it on the tab in your screenshot,... Jim Pingle
11:10 AM Bug #15754: log file size growing despite settings
At one point, it was so big it filled the whole SSD and crashed the whole system. Tomas B.
11:08 AM Bug #15754 (Not a Bug): log file size growing despite settings
Hi all
I have a problem with log file for firewall.
Despite these settings, log file keeps growing and growing.
... Tomas B.
02:25 PM Bug #15751 (Feedback): Declining to reset the admin account via the console menu still prompts to change the password
Applied in changeset commit:f66f5022e57722214b33423626bdb3af9b08bf55. Jim Pingle
02:01 PM Bug #15751: Declining to reset the admin account via the console menu still prompts to change the password
Not plus specific.
You can still hit ctrl-c to break out of the password reset until this is corrected.
 Jim Pingle
02:16 PM Revision f66f5022: Fix admin reset password conditions. Fixes #15751
Jim Pingle
01:10 PM Bug #15676: OpenVPN not rendering alises in "IPv4 Local network" setting.
I haven't any space in local networks or inside any alias' definition. You can see that in the config file on my prev... Matteo Capuano
12:40 PM Bug #15753: WAN uptime ppp shows no uptime / ppp-uptime.sh shows - for uptime
Jim Pingle wrote in #note-2:
> What version are you running where you're seeing that behavior?
pfSense Plus
24.... Manuel M.
12:22 PM Bug #15753: WAN uptime ppp shows no uptime / ppp-uptime.sh shows - for uptime
What version are you running where you're seeing that behavior? Jim Pingle
07:49 AM Bug #15753: WAN uptime ppp shows no uptime / ppp-uptime.sh shows - for uptime
After the PPP connection is re-established, it shows the time accurately. I think the necessary entries in the log fi... Manuel M.
07:45 AM Bug #15753 (New): WAN uptime ppp shows no uptime / ppp-uptime.sh shows - for uptime
The WAN uptime on the dashboard shows '-'. The ppp-uptime.sh script shows '-42087' for uptime. I believe this happens... Manuel M.

09/29/2024

10:26 AM Bug #15752 (Duplicate): Montly kernel panic
In a regular interval, every month, we experience a kernel panic. As the appliance is connected via a USB console cab... Sebastian Wagner
12:58 AM Bug #15624: Skip Packages option for Configuration Backups fails with large configurations
unable to reproduce the above issue in 24.08.a.20240928.0054 Jordan G
12:46 AM Bug #15676: OpenVPN not rendering alises in "IPv4 Local network" setting.
I'm seeing this on 24.03 only the config doesn't populate the alias when a space precedes the entry used in local net... Jordan G

09/28/2024

07:07 PM Bug #15751 (Confirmed): Declining to reset the admin account via the console menu still prompts to change the password
I can confirm the same behavior. It is likely related to the code changes requiring a non-default password. Christopher Cope
05:33 PM Bug #15751 (Resolved): Declining to reset the admin account via the console menu still prompts to change the password
When it asks @Proceed?@ and you press @n@, it proceeds anyway.
I see this on the Sept 28 dev build and 24.03, but ... Chris W

09/27/2024

09:44 PM pfSense Plus Bug #15741: Firewall Logs reporting high volume of rule (@0) entries on OpenVPN interface
If rules are being added via an external service, it may be from there as well. Check the anchor rules by running @pf... Marcos M
09:02 PM Revision b1360be3: Clean up diffs
Marcos M
08:06 PM Revision d16bf0a3: dhcp: ensure $pconfig is never null or not an array
Christian McDonald
08:03 PM Bug #15750 (Feedback): Hostnames for ISC DHCP leases are not removed from Unbound when switching to Kea
Christian McDonald
02:47 PM Bug #15750 (Resolved): Hostnames for ISC DHCP leases are not removed from Unbound when switching to Kea
When switching to Kea from ISC and dhcp lease registration is enabled the existing lease file (/var/unbound/dhcplease... Steve Wheeler
06:55 PM Revision 14486826: rc.bootup: support deferred package installation scripts
Christian McDonald
03:59 PM pfSense Packages Bug #15749: BGP advertising all routes and ignoring networks statements.
This is actually an issue with how FRR is presenting the announcements of routes.
It is showing that i am sending 19 ... Mike Moore
03:16 PM pfSense Docs New Content #15748 (Closed): Packet Flow Data
The redirects for pflow pages are already defined in the repository, but the redirects aren't getting updated on the ... Jim Pingle
12:39 PM pfSense Plus Bug #15740: NAT uses unknown IP address
There was a recent IP address change on the PPPoE interface to 78.131.44.xx, but the state was again kept using the p... David G
07:54 AM Bug #15676: OpenVPN not rendering alises in "IPv4 Local network" setting.
Hi, were you able to reproduce this issue? Matteo Capuano
03:18 AM pfSense Packages Feature #9833: ACME: add ability to use custom ACME server
+1 more Keith Swalin

09/26/2024

11:49 PM pfSense Packages Bug #15749 (Not a Bug): BGP advertising all routes and ignoring networks statements.
BGP is advertising ALL routes and does not respect the 'network x.x.x.x' statement within the configuration.
How thi... Mike Moore
08:35 PM pfSense Docs New Content #15748 (Closed): Packet Flow Data

Firewall> Packet Flow Data does not have a help link.
Alhusein Zawi
08:07 PM Revision 1c978a25: kea: filter self-signed certs from TLS options
Christian McDonald
07:54 PM Revision 6a610786: Print motd-passwd when it exists
Renato Botelho
07:54 PM Revision 9974d8f7: Add package hooks plugin_xmlrpc_send plugin_xmlrpc_recv, and plugin_xmlrpc_post_recv
Reid Linnemann
07:54 PM Revision 4061910c: Repeat optimization made for product_name
Renato Botelho
07:54 PM Revision 1f024511: Save the product name on /etc/product_name at /etc/rc.banner.
This way we do not need to run PHP again on rc.initial to read the product name.
This file is only written if /etc i... Luiz Souza
07:39 PM pfSense Plus Bug #15741: Firewall Logs reporting high volume of rule (@0) entries on OpenVPN interface
Today, I did make changes to a OVPN client and there are a great amount of entries with @4 now.
I did find the lis... Jeff Kuehl
06:44 PM Revision 3f872bd0: ip_range_to_address_array() 32-bit ARM fix. Issue NG #5445
(cherry picked from commit a6ee0ff91086ba153cfd485dc8fb6d72f918d78b)
(cherry picked from commit 0f5485a49ed4da33bf48f... Viktor Gurov
06:26 PM Revision 2b0dd320: Identify Azure more accurately.
Gen2 smbios info is indistinguishable between Azure and Hyper-V Jim Pingle
06:00 PM Revision 119b5342: Initialize the PHP settings a little bit earlier so PHP is ready for pfSense-upgrade.
Fixes #13726 in more detail (and for 22.05.1). Luiz Souza
06:00 PM Revision bb49910f: ddb.conf: fix script length issue
We need to re-arrange things a little to avoid the maximum script length of
128 bytes.
While here also re-order the ... Kristof Provost
05:51 PM Feature #13468 (Duplicate): FW-rule-groups, would be very, very helpfull
Duplicate of #1937 Jim Pingle
05:51 PM Feature #15747 (Duplicate): Ability to use rule tags to organize rules into groups
Duplicate of #1937 Jim Pingle
05:30 PM Feature #15747 (Duplicate): Ability to use rule tags to organize rules into groups
There is no native rule group grouping functionality so the rules are organized and displayed as a single one-dimensi... Mike Moore
05:25 PM pfSense Plus Bug #15712 (Duplicate): Experimental ethernet rules, order broken when adding rule on other interface tab
IIRC that's expected (as it gets "unbroken"). I'll close this out for now as a duplicate. Feel free to report back if... Marcos M
04:56 PM pfSense Plus Bug #15712: Experimental ethernet rules, order broken when adding rule on other interface tab
Right after the update, the order got messed up a bit again, but currently I cannot reproduce it. Vladimir Suhhanov
04:54 PM Revision 3fc66fe7: Don't unnecessarily remove the config cache
Removing the cache is no longer necessary; the behavior remains the
same without removing the config cache. Marcos M

09/25/2024

11:43 PM pfSense Plus Bug #15740: NAT uses unknown IP address
Can you provide a status output of your firewall here?
https://nc.netgate.com/nextcloud/s/qpLyFbyx2cwokH8
https:/... dylan mendez
09:04 PM Revision d2898b25: Add safety check for alias ID
Marcos M
08:55 PM pfSense Plus Regression #15742 (Not a Bug): Cannot add alias with name "Test"
Aliases and assigned interfaces, including groups, use pf tables for the filter ruleset. As the error message implies... Marcos M
08:32 PM pfSense Plus Bug #15741: Firewall Logs reporting high volume of rule (@0) entries on OpenVPN interface
It may not be the description, but the rule number. You can cross-reference the rule and state with @pfctl -vvss@ and... Marcos M
07:39 PM pfSense Plus Bug #15741: Firewall Logs reporting high volume of rule (@0) entries on OpenVPN interface
I’ll check the rules.debug file for (@) but that’s the only ID / number each line gives me. I don’t think I explicitl... Jeff Kuehl
07:16 PM pfSense Plus Bug #15741 (Incomplete): Firewall Logs reporting high volume of rule (@0) entries on OpenVPN interface
The exact rule can be found using the rule identifier and/or rule number on the state, or checking the generated rule... Marcos M
07:07 PM pfSense Plus Bug #15712: Experimental ethernet rules, order broken when adding rule on other interface tab
A new 24.08 snapshot is available. Please test there if you are able to reproduce this issue. Marcos M
06:36 PM pfSense Packages Bug #15744: Suricata LOGS MGMT feature shows ``enabled`` by default on a green-field install when it should instead default to ``disabled``
https://github.com/pfsense/FreeBSD-ports/commit/97083dc3e251c6663afc9ffc02218f7dc2dde6d6 Marcos M
06:35 PM pfSense Packages Bug #15744 (Feedback): Suricata LOGS MGMT feature shows ``enabled`` by default on a green-field install when it should instead default to ``disabled``
Marcos M
06:31 PM pfSense Docs Todo #12756 (Closed): Add information on correct MTU to use with WireGuard
Info added to docs: https://gitlab.netgate.com/docs/pfSense-docs/-/commit/bb768f6155ab4351d7e124c9225b6915b9029217 Jim Pingle
06:09 PM pfSense Docs Correction #15128 (Closed): Note that a WireGuard peer must have "Dynamic" unset to see Endpoint options
There were a couple other instances where this wasn't noted in other WG recipes. Now they all mention unchecked Dynam... Jim Pingle
05:58 PM pfSense Docs Todo #15553 (Duplicate): Feedback on pfSense® software Configuration Recipes — WireGuard Site-to-Site VPN Configuration Example
Duplicate of #12756 Jim Pingle
05:50 PM pfSense Docs Correction #15445 (Duplicate): Possible mistake in "WireGuard Site-to-Multisite VPN Configuration Example"
This was fixed in #15515 which is a duplicate of this one. Jim Pingle
03:41 PM Bug #14434: PPPoE WAN interface with VIPs causes continuous interface restarting
Steve Wheeler wrote in #note-8:
> This appears to be fixed in 24.03. At least in my test setup. Can anyone who was s... Jon Gerdes
03:15 PM pfSense Docs Todo #14298 (Closed): Add documentation for vendor-class-identifier
Closing this for now, it can be reopened if/when the feature is actually implemented. Jim Pingle
03:13 PM pfSense Docs New Content #14239 (Closed): Feedback on Packages — Nut package
Added, thanks!
https://gitlab.netgate.com/docs/pfSense-docs/-/commit/f49555c871f053cf5922d98fbc6423b1a20a68f8 Jim Pingle
03:00 PM pfSense Docs New Content #15475 (Rejected): Connect to console index page on ddocs
This is already well covered in the docs, both ways.
From the net installer doc it mentions connecting to the consol... Jim Pingle
02:56 PM pfSense Docs Todo #15521 (Closed): Add alert to use single quotes as escape characters when decrypting config.xml using OpenSSL on command line
Added warning:
https://gitlab.netgate.com/docs/pfSense-docs/-/commit/10b61dff0c11786dc2924694fad4ce6c5a0d5409 Jim Pingle
02:40 PM pfSense Docs New Content #12237 (Duplicate): Add information on ``ifqmaxlen`` to Hardware Tuning and Troubleshooting
#10311 is already a docs ticket so now this is a duplicate. Jim Pingle
02:10 PM pfSense Docs New Content #12804 (Closed): Add documentation for Slack notifications
These were added a while ago. Jim Pingle
02:09 PM pfSense Docs New Content #12402 (Rejected): Add recipe for configuring Telegram to receive notifications from pfSense software
Jim Pingle
02:04 PM pfSense Docs Todo #13108 (Rejected): ZFS filesystem implications
It's been a couple years and this hasn't really been an issue. If people start hitting it regularly we can work it in... Jim Pingle
02:03 PM pfSense Docs Todo #14455 (Closed): Clarify console prompt step during firmware installation
This was covered by the changes for the new installer. Jim Pingle
01:43 PM pfSense Docs Todo #15660 (Closed): Update Bandwidth usage section
Updated darkstat capabilities and also fixed its menu location which was wrong in two places.
https://gitlab.netga... Jim Pingle
01:35 PM pfSense Docs Correction #15672 (Closed): Design Considerations - Design Style
Fixed, thanks!
https://gitlab.netgate.com/docs/pfSense-docs/-/commit/9be96a5918809cf6fa9e1795c198025fac05cdea Jim Pingle
01:27 PM pfSense Docs Correction #15721 (Closed): Feedback on System Monitoring — Monitoring Bandwidth Usage
Fixed, thanks!
https://gitlab.netgate.com/docs/pfSense-docs/-/commit/f836872d7978e42c7d1c8ec340f03d41b25c8be6 Jim Pingle
03:47 AM Revision 81057112: Add check for empty interface
Callers may call get_real_interface() with an empty interface;
bail early if so. Marcos M

09/24/2024

07:22 PM Bug #15746 (New): IPv6 is not deprecated on PPPoE Periodic Reset
Hi,
corresponding forum post: https://forum.netgate.com/topic/190058/ipv6-addresses-not-deprecated-on-pppoe-periodic... anon user
05:57 PM pfSense Packages Bug #15744 (In Progress): Suricata LOGS MGMT feature shows ``enabled`` by default on a green-field install when it should instead default to ``disabled``
Marcos M
03:25 PM Feature #15745 (New): Add User Manager Setting to control Remote Authentication fallback behavior
Currently pfSense software ensures an administrator always maintains access to the installation by treating any remot... Jim Pingle

09/23/2024

06:15 PM Bug #15702 (Feedback): IPv4 DHCP client responses may be routed unexpectedly out unrelated WANs
Applied in changeset commit:a039ec6ad853ef1673cc986127542a51d884f5a0. Jim Pingle
06:11 PM Bug #15702: IPv4 DHCP client responses may be routed unexpectedly out unrelated WANs
All indications are that the latest revision of the workaround is operating OK in lab testing, both internally and fr... Jim Pingle
06:08 PM Revision a039ec6a: Tighten DHCP client rules. Fixes #15702
Jim Pingle
03:53 PM Bug #15722 (Resolved): Unbound configuration file contains Localhost address in forwarding mode with TLS enabled
Marcos M
02:26 PM pfSense Packages Bug #15744 (Resolved): Suricata LOGS MGMT feature shows ``enabled`` by default on a green-field install when it should instead default to ``disabled``
There is a PHP code logic error when testing the value of the "enable_log_mgmt" config parameter in the Suricata pack... Bill Meeks

09/22/2024

08:40 PM Bug #15711: Special characters in the ACB configuration change description can cause PHP errors
Device being tested previously made backup in ACB with illegal character in the description, now in 24.08.a.20240920.... Jordan G
05:58 PM Bug #15722: Unbound configuration file contains Localhost address in forwarding mode with TLS enabled
in 24.08.a.20240920.1508 with forwarding and TLS enabled in services>dns resolver and resolution set to use local, fa... Jordan G
04:55 PM pfSense Plus Regression #15742: Cannot add alias with name "Test"
seeing the same as Danilo just when clicking +add on the firewall>alias page
tested on 24.08.a.20240920.1508 Jordan G

09/21/2024

06:40 PM Bug #15665: Download Limit Issue
The described behavior may happen if the interface where the limiters are applied has a default gateway (e.g., an Ope... Danilo Zrenjanin
05:05 PM Feature #14483: Conditionally reconfigure IPsec VTI interfaces only when necessary while applying IPsec changes
Tested on the 24.08-DEVELOPMENT (built on Mon Sep 16)
Tested OSPF between 2 peers when each of these peers has Mul... Azamat Khakimyanov
02:23 PM pfSense Plus Regression #15742 (Confirmed): Cannot add alias with name "Test"
I could create an Alias with the name test. But a lot of warrning logs appeared in the syslog file. ... Danilo Zrenjanin
01:57 AM pfSense Plus Regression #15742 (Not a Bug): Cannot add alias with name "Test"
The following input errors were detected:
Sorry, an interface group with this name already exists.
There ... dylan mendez
12:36 AM pfSense Plus Bug #15740: NAT uses unknown IP address
Hi Dylan
They are not bridged, but separate interfaces.
192.168.0.1/24 - igb1
10.10.3.254/24 - VLAN 3 on igb1
... David G
12:31 AM pfSense Plus Bug #15740: NAT uses unknown IP address
We need more information.
Are these two networks bridged? 192.168.0.0/24 and 10.10.3.0/24?
 dylan mendez

09/20/2024

11:14 PM Revision e4d661f7: Avoid config access with unknown userid
Marcos M
10:32 PM pfSense Plus Bug #15741 (Incomplete): Firewall Logs reporting high volume of rule (@0) entries on OpenVPN interface
I found I am receiving numerous of these "(@0)" listings on any OpenVpn tunnel, which seems to be every piece of traf... Jeff Kuehl
10:14 PM pfSense Plus Bug #15740 (Not a Bug): NAT uses unknown IP address
The SIP phone, communicating through pfSense, stops working from time to time.
Checking the state table it shows t... David G
09:21 PM Bug #15739: User manager /Radius Auth/Local DB used after Access-Reject
Hi again Jim,
Unfortunately,what is described in this behaviour is in security terms called an horizontal privileg... Eric Nguyen
08:08 PM Bug #15739: User manager /Radius Auth/Local DB used after Access-Reject
Then the docs can be amended to reflect the actual, intended behavior.
 Jim Pingle
08:07 PM Bug #15739: User manager /Radius Auth/Local DB used after Access-Reject
Intented is:
"If the RADIUS or LDAP server is unreachable , the authentication will fall back to Local Database ev... Eric Nguyen
08:04 PM Bug #15739: User manager /Radius Auth/Local DB used after Access-Reject
It's not a security issue, it is intended behavior. Jim Pingle
07:57 PM Bug #15739: User manager /Radius Auth/Local DB used after Access-Reject
So I will take it with netgate security. Please can you delete this ticket?
Thanks,
Eric Eric Nguyen
07:03 PM Bug #15739: User manager /Radius Auth/Local DB used after Access-Reject
No, I read it correctly. That is the expected behavior. You cannot reliably determine the difference between a broken... Jim Pingle
06:51 PM Bug #15739: User manager /Radius Auth/Local DB used after Access-Reject
Hello Jim,
You have have misread the ticket the Radius server is is fully functional....
What happens is you logi... Eric Nguyen
01:41 PM Bug #15739 (Not a Bug): User manager /Radius Auth/Local DB used after Access-Reject
That is by design to prevent a non-functional auth server from locking an admin out of the firewall locally. Jim Pingle
01:38 PM Bug #15739 (Not a Bug): User manager /Radius Auth/Local DB used after Access-Reject
The user manager is set to use RADIUS for Authentication. There is UserA local with password 123 and UserA in Radius ... Eric Nguyen
03:33 PM Revision 9f9a9100: Handle empty variable
Callers of these functions may send null variabes; bail early if so. Marcos M
12:28 PM Bug #15738 (Rejected): xml parsing: whitespace causes errors.
*Overview*
Modifying the insignificant whitespace in config.xml can lead to an error that may brick a pfSense fire... npr .

09/19/2024

11:09 PM pfSense Plus Bug #15737: Xen NICs Don't Properly Report Speed
pfSense does not appear to pick up any link speed/capabilities from the xn NIC.
ifconfig:... Craig Coonrad
10:50 PM pfSense Plus Bug #15737 (New): Xen NICs Don't Properly Report Speed
When using xn Xen interfaces in pfSense Plus, the speed will always be reported in SNMP as 10 Megabit, regardless of ... Kris Phillips
09:46 PM pfSense Docs Todo #15736 (New): Feedback on pfSense® software Configuration Recipes — IPsec Remote Access VPN Example Using IKEv2 with EAP-RADIUS
Authenticating against Microsoft NPS server may fail if NTLMv1 has been disabled, which is a common security best pra... Andrew Almond
09:06 PM Bug #15735: Kea fails to give out leases after changing DHCP scope
It's still almost certainly a duplicate, unless you can reproduce it on 24.08 snapshots. Jim Pingle
09:05 PM Bug #15735 (Duplicate): Kea fails to give out leases after changing DHCP scope
Duplicate of #15328 which is already fixed in 24.08 Jim Pingle
08:57 PM Bug #15735 (Duplicate): Kea fails to give out leases after changing DHCP scope
Netgate 4100 running 24.03
Kea DHCP on LAN interface with subnet 192.168.1.0/24
DHCP range was reduced from 192.168... Andrew Almond
03:43 PM Bug #15734 (New): Syslog priority levels shouldn't default to ERR
Too much syslog output from pfSense is emitted as priority ERR when it's not. I believe this is due the the presence,... Nic Bernstein
12:38 PM Bug #15665: Download Limit Issue
I couldn't reproduce this behavior either.
Please disable any floating rules, if applicable, and then test again.... Danilo Zrenjanin
02:47 AM Bug #15732: miniupnpd stops responding after a few minutes
Steve Wheeler wrote in #note-3:
> Not able to replicate that. Do you have more details to reproduce?
>
> pfSense ... Chris F

09/18/2024

11:31 PM Bug #15732: miniupnpd stops responding after a few minutes
Not able to replicate that. Do you have more details to reproduce?
pfSense version and upnp config at least.
A foru... Steve Wheeler
10:56 PM Bug #15732: miniupnpd stops responding after a few minutes
Jim Pingle wrote in #note-1:
> That looks more like a configuration issue (e.g. firewall rules not passing the traff... Chris F
01:05 PM Bug #15732 (Rejected): miniupnpd stops responding after a few minutes
That looks more like a configuration issue (e.g. firewall rules not passing the traffic), and not a bug in the servic... Jim Pingle
03:13 PM pfSense Plus Bug #14531: Traffic Graph widget doesn't show traffic counts for OpenVPN interfaces since 23.05.1 upgrade.
The issue persists in the 24.03
The traffic graph widget doesn't show traffic counts for the OpenVPN interface whe... Danilo Zrenjanin
02:44 PM pfSense Packages Bug #15733 (Resolved): Changing the account key name does not update respective certificates
*Package:*
acme 0.8_1
*Problem:*
Renaming an account key name (as seen in the tab "Account keys"), does not corr... Guy van der Werf

09/17/2024

09:49 PM Bug #15732 (Rejected): miniupnpd stops responding after a few minutes
After restarting the UPnP service, I can type the following from my workstation `upnpc -r 1234 TCP` and I get the res... Chris F
07:58 PM pfSense Packages Regression #15731 (Confirmed): HAProxy widget shows age and ID in hex
The HAProxy dashboard widget incorrectly shows connected client age and ID in hexadecimal:
!Screenshot%20from%202024... Steve Wheeler
07:07 PM pfSense Packages Bug #13405: Wireguard: The webgui becomes excessively slow to respond with a large number of peers
I can confirm that this is happening on 2.7.0 as well. We have over 900 peers and adding a new peer is painfully slow... Clayton Dirkschneider
10:17 AM pfSense Packages Bug #15730 (New): DNSBL custom_list not working
The DNSBL -> DNSBL Group -> DNSBL Custom_List part is not working. I added some test domains it's not really blocking... Manuel M.
09:17 AM pfSense Packages Bug #14711: pfBlocker ASN to IP Address option doesn't work
Dear,
please i hope find you well and am facing same issue for ASN error not cature the ips
can you help me ?
... mohamed safwat

09/16/2024

08:57 PM Bug #15729 (Resolved): Session cookie warnings
PR: https://github.com/pfsense/pfsense/pull/4700
Firefox outputs warnings in the console about the cookies not hav... GChuf 6
08:37 PM Bug #15373: Firewall Logs Dashboard widget update interval does not behave as expected
I was also able to reproduce the problem.
From what I can tell you're reading the code correctly Jim ...
I think th... GChuf 6
06:28 PM Feature #15651: Kea DNS Resolver (Unbound) Integration (IPv4 and IPv6)
I can restart Unbound and still resolve DHCP clients on a standalone system or HA primary, so that part looks good.
... Jim Pingle
05:29 PM Bug #15702: IPv4 DHCP client responses may be routed unexpectedly out unrelated WANs
Updated description + diff based on further testing. Jim Pingle
02:25 PM pfSense Docs Todo #15727 (Closed): Typo in BGP docs - BGP Tab configuration
Fixed, thanks! Jim Pingle
10:25 AM pfSense Packages Bug #15720: Zabbix Proxy only allows selecting RSA certificates
I found out the same thing; The following diff to /usr/local/pkg/zabbix-proxy.inc should fix things; ... npr .

09/15/2024

11:58 PM Bug #14977: Kea fails to restart due to race between process termination and startup
This issue has impacted me on numerous occasions, only when the service is killed in an unclean fashion.
I also ca... Zachary Cohen
02:09 PM Todo #15728 (Resolved): Improve Thermal Sensors Dashboard widget refresh code
Thermal sensor refresh logic is flawed, resulting in "building" of html and initial variables every time the widget r... GChuf 6
02:12 AM pfSense Plus Bug #15639: Automatic boot verification shows negative timer
haven't seen any boot verification messages, still good in 24.08.a.20240913.1746 Jordan G
02:12 AM Bug #15404: Captive Portal logo fails to load after authenticated redirect
Tested this as well. Seems resolved. Kris Phillips
01:25 AM pfSense Docs Todo #15727 (Closed): Typo in BGP docs - BGP Tab configuration
https://docs.netgate.com/pfsense/en/latest/packages/frr/bgp/config-bgp.html#network-distribution
There is a typo i... Marcelo Cury
12:18 AM pfSense Packages Bug #15726 (Resolved): Apcupsd dashboard widget warning/critical values are not digits or units as expected
Attempting to change the warning and critical thresholds for load, temp, charge and battery age in the Apcupsd widget... Jordan G

09/14/2024

10:57 PM Bug #15725: Dashboard widgets refresh at unintended intervals
I've also tested what happens if only 1 widget is active on the master branch - in my case the system informartion ("... GChuf 6
10:47 PM Bug #15725 (Resolved): Dashboard widgets refresh at unintended intervals
Here's the PR:
https://github.com/pfsense/pfsense/pull/4697
Current problem:
the widget system does not work as ... GChuf 6
10:49 PM Feature #13520: Improve Thermal Sensors Dashboard widget readability
Thank you - I've created another PR for the widget refresh, and I'll put optimizations in yet another PR.
You can cl... GChuf 6
09:20 PM Bug #15633: Limiters applied to OpenVPN interface do not apply for download traffic
@Azamat
Why close the bug report when you recon that limiters don't work at all on assigned vpn interfaces? And your... Phil Wardt
08:27 PM Bug #15633 (Resolved): Limiters applied to OpenVPN interface do not apply for download traffic
Tested on 24.03 and on 24.08-DEVELOPMENT (built on Fri Sep 13 17:46:00 UTC 2024)
IN and OUT Limiters work correctl... Azamat Khakimyanov

09/13/2024

08:45 PM Feature #15651: Kea DNS Resolver (Unbound) Integration (IPv4 and IPv6)
> * -Lease entries synchronized from HA primary to secondary are not added to Unbound on secondary-
> * -Lease entri... Christian McDonald
07:03 PM Bug #15679 (Needs Patch): Multicast with intel NIC
Marcos M
04:39 PM Bug #15679: Multicast with intel NIC
I am also hitting the same issue and it is pretty brutal for me with pfsense crashing.
pfsense plus 24.03 Emre K
06:49 PM Revision d46c8560: Fix input validation for gateway
Marcos M

09/12/2024

09:33 PM Feature #15724 (Rejected): allow .local
The @.local@ TLD is reserved for mDNS, it shouldn't be used in regular DNS. Unbound doesn't do anything special with it. Jim Pingle
09:10 PM Feature #15724 (Rejected): allow .local

pfsense is not resolving names if the domain was .local .
adding feature to allow .local will help if there was ... Alhusein Zawi
08:08 PM Bug #15723 (Feedback): ``unbound-checkconf`` fails with python mode enabled
Fixed in commit:d3c309afe8c0680a632bd1c1c4115234548a3d56. Marcos M
07:38 PM Bug #15723 (Resolved): ``unbound-checkconf`` fails with python mode enabled
With unbound python mode enabled, the config check always fails:... Marcos M
08:00 PM Revision d3c309af: Set the working directory before checking unbound config. Fix #15723
Marcos M
06:25 PM Bug #15722 (Feedback): Unbound configuration file contains Localhost address in forwarding mode with TLS enabled
Applied in changeset commit:aaa7cb6da6c75ee2ea6a0daebcc3cb72e81f9ede. Marcos M
06:18 PM Bug #15722 (In Progress): Unbound configuration file contains Localhost address in forwarding mode with TLS enabled
Marcos M
06:18 PM Bug #15722 (Resolved): Unbound configuration file contains Localhost address in forwarding mode with TLS enabled
Enabling forwarding mode and TLS in DNS Resolver results in the following:... Marcos M
06:19 PM Revision aaa7cb6d: Improve localhost DNS checks. Fix #15722
Marcos M
05:21 PM pfSense Docs Correction #15721 (Closed): Feedback on System Monitoring — Monitoring Bandwidth Usage
*Page:* https://docs.netgate.com/pfsense/en/latest/monitoring/graphs/bandwidth-usage.html
*Feedback:* For Bandwidt... Craig Leres
05:18 PM Bug #15719 (Resolved): GUI logout messages do not use the ``auth`` log facility
Marcos M
05:01 PM Bug #15719: GUI logout messages do not use the ``auth`` log facility
Tested commit:609a1e17657273c6d09c8795398be4b39df8d361.
Success. Logout messages sent to auth facility for local and... Craig Coonrad
04:40 PM Bug #15719: GUI logout messages do not use the ``auth`` log facility
Fixed in commit:609a1e17657273c6d09c8795398be4b39df8d361. Marcos M
04:39 PM Bug #15719 (Feedback): GUI logout messages do not use the ``auth`` log facility
Marcos M
04:07 PM Bug #15719 (In Progress): GUI logout messages do not use the ``auth`` log facility
Marcos M
04:38 PM Revision 609a1e17: Include GUI logout in auth log. Fix #15719
User logouts do not need to be as loud as user logins. Include
them in the auth log but make them quiet for the console. Marcos M
04:27 PM Feature #13520: Improve Thermal Sensors Dashboard widget readability
I agree it's slow. My only advice is to keep the commits focused; the more detail/explanation about why a change is m... Marcos M
02:07 PM Feature #13520: Improve Thermal Sensors Dashboard widget readability
First of all thank you for looking at the PR and your commits. I agree with all the changes you've made to my commits... GChuf 6
03:50 PM pfSense Docs Todo #15342 (Closed): Document differences due to password security changes
Jim Pingle
12:41 PM pfSense Packages Bug #15720: Zabbix Proxy only allows selecting RSA certificates
The package code appears to limit selection to RSA certificate types only, so it wouldn't allow selecting ECDSA certi... Jim Pingle
11:41 AM pfSense Packages Bug #15720 (New): Zabbix Proxy only allows selecting RSA certificates
Depending on currently unknown details, some certificates, while present on the pfSense host, are not selectable for ... npr .

09/11/2024

06:51 PM Revision b3b1f351: Allow adding package menus with different sections
A package may have multiple menus with the same name but
different sections. Marcos M
06:49 PM Bug #15719: GUI logout messages do not use the ``auth`` log facility
Additional info. This applies to local logging as well.
multiple login/logouts. Only login appears in auth.log
... Craig Coonrad
05:15 PM Bug #15719 (Resolved): GUI logout messages do not use the ``auth`` log facility
Version: 24.03-RELEASE
Platform tested: 2100,4100,QEMU
Login (messages come in correctly on the auth facility)
... Craig Coonrad
09:40 AM pfSense Packages Feature #15548: Add packages for Zabbix 7.0 Agent and Proxy
Any update? Arvid Johansson

09/10/2024

08:42 PM Feature #13520 (Feedback): Improve Thermal Sensors Dashboard widget readability
The feature request has been (partly) implemented:
* commit:4b0deb88ca437dea96d719388a4b9136b49123ee: This change aff... Marcos M
08:13 PM Revision b0c455aa: Improve thermal widget readability
Add a margin between progress bars and sort sensors. Marcos M
08:12 PM Revision 4b0deb88: Theme the progress-bar color in pfSense-dark
Marcos M
07:52 PM pfSense Packages Bug #15715 (Feedback): Tailscale fails to start
patch has been accepted upstream and pulled into our tree Christian McDonald
04:06 PM pfSense Packages Bug #15715 (Waiting on Merge): Tailscale fails to start
https://reviews.freebsd.org/D46626 Christian McDonald
01:14 PM pfSense Packages Bug #15715 (Resolved): Tailscale fails to start
The service can be started manually using: "service tailscaled start"
Once started it can be stopped from the gui ... Steve Wheeler
07:45 PM Bug #15718 (Resolved): AutoConfigBackup tries to upload backups before the system has finished booting
Fixed in commit:750e90694fff04008b77708f859fd73f073918d5. Marcos M
07:43 PM Bug #15718 (Resolved): AutoConfigBackup tries to upload backups before the system has finished booting
If there are changes waiting to be uploaded during bootup, ACB will try to upload these changes even though the WAN i... Marcos M
07:03 PM Bug #14434 (Feedback): PPPoE WAN interface with VIPs causes continuous interface restarting
This needs to be re-tested and confirmed for 24.08. Marcos M
07:00 PM pfSense Plus Bug #15712: Experimental ethernet rules, order broken when adding rule on other interface tab
Yes, there have been several fixes since that build. I expect a new snapshot build to be publicly available soon-ish. Marcos M
05:41 PM pfSense Plus Bug #15712: Experimental ethernet rules, order broken when adding rule on other interface tab

This what I have in that section:
@$interface = strtolower($interface);
$relative_index_count = -1; // a valid... Vladimir Suhhanov
04:02 PM pfSense Plus Bug #15712 (Feedback): Experimental ethernet rules, order broken when adding rule on other interface tab
I was not able to reproduce this on dev snapshots. It may have been resolved by https://redmine.pfsense.org/issues/15... Marcos M
06:49 PM pfSense Packages Todo #15717 (Resolved): Migrate to use of system-provided set_curlproxy() function
Merged into 2.7.2/24.03 and devel/plus-devel. Marcos M
03:56 PM pfSense Packages Todo #15717: Migrate to use of system-provided set_curlproxy() function
The fix for this issue has been posted in Pull Request 1382 posted against the RELENG_2_7_2 branch of pfSense here: h... Bill Meeks
03:24 PM pfSense Packages Todo #15717 (Resolved): Migrate to use of system-provided set_curlproxy() function
Migrate from the custom code for configuring the CURL proxy when downloading files to using the @set_curlproxy()@ sys... Bill Meeks
06:48 PM pfSense Packages Regression #15713 (Resolved): Suricata Files tab shows nothing due to unassigned variable in ``suricata_files.php``
Merged into 2.7.2/24.03 and devel/plus-devel. Marcos M
03:57 PM pfSense Packages Regression #15713: Suricata Files tab shows nothing due to unassigned variable in ``suricata_files.php``
A Pull Request containing the fix for this issue has been posted against the RELENG_2_7_2 CE branch of pfSense here: ... Bill Meeks
01:07 PM pfSense Packages Regression #15713: Suricata Files tab shows nothing due to unassigned variable in ``suricata_files.php``
Yes, that is a copy-paste typo error in the PHP code. Should be @$instanceid@ as you surmised. I will add this to my ... Bill Meeks
01:03 AM pfSense Packages Regression #15713 (Resolved): Suricata Files tab shows nothing due to unassigned variable in ``suricata_files.php``
Hi, there is a PHP coding bug in the interface of Suricata Files tab - this is where you would see uploaded/downloade... Anton Pleshakov
06:35 PM pfSense Packages Feature #15674 (Feedback): Support custom IP and Port variables for interfaces
Implemented with:
* https://github.com/pfsense/FreeBSD-ports/commit/e223eea228d49070b5f5a912fac61581a329b65c
* https:... Marcos M
04:37 PM pfSense Packages Feature #15674: Support custom IP and Port variables for interfaces
Pull Request 1382 has been submitted against the RELENG_2_7_2 CE branch of pfSense to implement this feature: https:/... Bill Meeks
05:57 PM Bug #15714 (Rejected): remote logging: pfSense does not log GUI logins
Most likely something in your configuration as I get login events via remote syslog from both Plus and CE snapshots, ... Jim Pingle
05:47 PM Bug #15714: remote logging: pfSense does not log GUI logins
problem exists in the latest dev snapshot (24.08.a.20240910.0600) Craig Coonrad
01:06 AM Bug #15714 (Rejected): remote logging: pfSense does not log GUI logins
version: 24.03-RELEASE
platform tested: 2100/4100/QEMU
reproducible: 100%
tested both log message formats (BSD,sys... Craig Coonrad
02:34 PM pfSense Packages Bug #15716 (Confirmed): FRR BFD echo mode is not working
Running pfSense 2.7.2 with everything up-to-date, including system patches, all applied.
I have two ipsec VTI tunnel... Marcelo Cury

09/09/2024

07:38 PM pfSense Plus Bug #15712 (Duplicate): Experimental ethernet rules, order broken when adding rule on other interface tab
To reproduce the issue with Ethernet rule ordering:
1. Install and configure pfBlocker with inbound/outbound inter... Vladimir Suhhanov
05:31 PM Revision 449efba0: Additional safety checks for explode()
See 8c81cad531b1dd43a6514604091b3c4a6932d715 Marcos M
05:23 PM Revision bfeac446: Add config path check when creating a user
Marcos M
05:05 PM Revision 750e9069: Don't do ACB uploads while the system is booting
Marcos M
04:23 PM Revision cd200729: Fix indentation
Style guide is to indent using tabs. Marcos M
03:39 PM pfSense Packages Bug #14299 (Resolved): pfBlockerNG does not honor the cURL source interface setting for DNSBL lists
Marcos M
03:37 PM pfSense Packages Feature #13135 (Resolved): Add dibdot DoH-IP-blocklists feeds
Marcos M
06:52 AM Bug #15612: Captive Portal with big number of passththrough MAC addresses is causing webgui gateway timeouts, Error 50x, and HA-sync XMLRPC Error
I was able to solve our problem. Our firewalls weren't syncing at all at closer inspection. I set the same Options un... Karl Ruskowski

09/08/2024

04:32 PM Bug #15404 (Resolved): Captive Portal logo fails to load after authenticated redirect
Tested on 24.08-DEVELOPMENT (built on Fri Sep 6 20:07:00 UTC 2024)
Captive Portal logo was correctly loaded after au... Azamat Khakimyanov

09/07/2024

09:15 PM Bug #15452: Unexpected/Undefined behaviour of disabled interfaces
system_patches v2.2.11_15 includes the change as a recommended patch to apply for 24.03. Functions as expected with N... Jordan G
08:42 PM Bug #15711: Special characters in the ACB configuration change description can cause PHP errors
confirmed on 24.03 release and 24.08.a.20240906.2007 build Jordan G
03:47 PM Bug #15711 (Resolved): Special characters in the ACB configuration change description can cause PHP errors
As one example, it's possible to create a description with a @|@ at the end but then trying to reach the Restore page... Chris W
05:56 PM Bug #13723: dpinger doesn't renew Gateway Monitoring IP address for IPsec VTi after changing IPsec VTi subnet
Tested on 24.08-DEVELOPMENT (built on Fri Sep 6 20:07:00 UTC 2024)
dpinger is still using 'old' Monitor IP if Loca... Azamat Khakimyanov
05:32 PM pfSense Packages Bug #13441: FRR fails to start with route map on "sequence 0" in configuration
Tested against frr 2.0.2_4
pfSense 24.03
The behavior is the same. Sequence 0 in route map prevents FRR/BGP ... Danilo Zrenjanin
03:47 PM pfSense Packages Bug #15710 (New): Zeek 3.0.6_4 expire-logs Failed - /usr/local/logs/stats Directory not found
With Zeek 3.0.6_4 on Netgate 4200, 24.03, I am getting the following error emailed to me:... William Rolison
03:43 PM pfSense Packages Bug #15709 (New): Zeek 3.0.6_4 UnicodeDecodeError utf-8 invalid continuation byte
With Zeek 3.0.6_4 on Netgate 4200, 24.03, I am getting the following error emailed to me:... William Rolison
01:11 PM Bug #15708 (Confirmed): The filterdns service won't start
I was able to replicate this on 24.03
As long as the list has >749 entries it fails to update. Lev Prokofev
12:24 PM Bug #15708 (Confirmed): The filterdns service won't start
If the filterdns.conf file contains more than 749 entries, the filterdns service will fail to start. This limitation ... Danilo Zrenjanin

09/06/2024

07:02 PM Feature #15707 (New): Add Nat logging ability for port forward and outbound nat
ref: https://redmine.pfsense.org/issues/11975, https://redmine.pfsense.org/issues/11975
It would be beneficial whe... Jay Sols
06:18 PM pfSense Docs Correction #15696 (Closed): IKEv2 ACME certificate usage
Updated and deployed, will be visible once the build finishes in a few minutes.
https://gitlab.netgate.com/docs/pf... Jim Pingle
05:44 PM pfSense Docs Todo #15701 (Closed): New 4G compatible USB stick - Huawei E3372-325
I added the Huawei E3372-325 to the documentation under the list of modems reported to work as Ethernet devices.
T... Jim Pingle
03:49 PM Bug #15084 (New): Upgrading an EFI system installed to ZFS mirror does not upgrade EFI loader on additional disks
Christian McDonald wrote in #note-8:
> This should work with the new `install-boot` stage in pfSense-upgrade.
I h... Jim Pingle
02:58 PM Feature #15706 (New): Zabbix
It would be really good to add a zabbix-agent and proxy package for the newest and really good version of zabbix 7.0. Arvid Johansson
01:51 PM pfSense Packages Bug #14556: Tailscale dropping routes from FIB
Close this ticket please. Fix action for the site-to-site subnet routing issue on CE 2.7.x below. This is described i... Matt Keys
02:50 AM Feature #5080: Settings tab for global Kea DHCP server options

custom options were added already to ISC dhcpd Alhusein Zawi

09/05/2024

10:22 PM Bug #15110: pfSense hangs when rebooting
same error here after change the original 16 GB eMMC to a 128 GB NVMe SSD João Moreira
09:13 PM Todo #15705 (Resolved): Clarify console menu option 0 description
Just creating this bug report here as advised by @jim-p, to accompany my Github PR: https://github.com/pfsense/pfsens... Liam Riley
08:02 PM Revision 7939322b: Fix config paths with leading slash
A single or a leading forwward-slash is not supported. Marcos M
07:48 PM Revision dbe25e25: Skip ppp modem interfaces where appropriate
Marcos M
07:22 PM pfSense Docs Correction #15696: IKEv2 ACME certificate usage
Alex Kolesnik wrote in #note-2:
> Also, could you please share that registry setting to ignore that IKE EKU check?
... Jim Pingle
06:05 PM Bug #15704 (Feedback): Automatic EDNS value may be lower than expected
Applied in changeset commit:1b863448a9cf4c333b14e4869c570aefaeb4a862. Marcos M
05:56 PM Bug #15704 (Waiting on Merge): Automatic EDNS value may be lower than expected
Marcos M
05:49 PM Bug #15704 (Resolved): Automatic EDNS value may be lower than expected
When the DNS Resolver configuration has not yet been saved, the active interfaces configuration section may be empty.... Marcos M
05:55 PM Revision 1b863448: Refactor automatic EDNS. Fix #15704
The change adds handling for empty active interfaces. Additionally,
support passing an interface list to allow unboun... Marcos M
02:59 PM Bug #15703 (Resolved): CVE-2023-28450
It's already updated in the repository and will be included in the next release, so there isn't anything else actiona... Jim Pingle
09:35 AM Bug #15703 (Resolved): CVE-2023-28450
Hello, today I just checked with openVAS the pfsense Firewall at home and found the following:
CVE-2023-28450
Sev... André L.
09:37 AM Bug #15643 (Confirmed): Deleting one pre-installed package may delete other pre-installed packages
I can replicate this behavior.
Tested against Netgate 6100 running:... Danilo Zrenjanin

09/04/2024

11:48 PM Revision 607d6bba: Additional safety checks for explode()
See 8c81cad531b1dd43a6514604091b3c4a6932d715 Marcos M
11:32 PM Revision 66e17663: Handle unassigned interfaces in rc.newwanip
Marcos M
11:24 PM Revision 5843f3bf: Add safety checks for calls to convert_real_interface_to_friendly_interface_name()
The function will return null for unassigned interfaces. Add checks
for this where appropriate. Marcos M
08:00 PM Feature #5080 (Feedback): Settings tab for global Kea DHCP server options
Christian McDonald
07:58 PM Bug #15084 (Feedback): Upgrading an EFI system installed to ZFS mirror does not upgrade EFI loader on additional disks
This should work with the new `install-boot` stage in pfSense-upgrade. Christian McDonald
07:47 PM Revision 8c81cad5: Filter out empty array values for explode()
Calling explode() with an empty string will return a single-element
array with an empty value. This change filters ou... Marcos M
07:39 PM Bug #15130 (Resolved): Kea will not start with identical MAC address filters on multiple interfaces
Marcos M
07:00 PM Bug #15130: Kea will not start with identical MAC address filters on multiple interfaces

kea-dhcp4 service is working with identical MAC address filters on multiple interfaces.
24.08-DEVELOPMENT (amd64... Alhusein Zawi
07:18 PM Bug #15643: Deleting one pre-installed package may delete other pre-installed packages
This only applies to systems installed with the new online installer. Brad Davis
06:40 PM Bug #15702 (Resolved): IPv4 DHCP client responses may be routed unexpectedly out unrelated WANs
When there are multiple DHCP client interfaces on an installation, DHCP ACK packets from DHCP servers on some interfa... Jim Pingle
06:25 PM Revision 35f66a30: Skip ppp modem interfaces where appropriate
This avoids calling e.g. get_real_interface() for a modem device. Marcos M
05:51 PM pfSense Docs Todo #15701 (Closed): New 4G compatible USB stick - Huawei E3372-325
Hello
I don't know if this is the right place for this but I would like to add a 4g usb stick to the list of compati... Sébastien SANTORO
 

Also available in: Atom