Project

General

Profile

Activity

From 12/30/2024 to 01/28/2025

01/28/2025

11:32 PM Regression #16023: RAM disk configuration check fails at boot
When enable ram disks is set the xml read fails at specific points in boot with:... Steve Wheeler
04:45 PM pfSense Plus Feature #16026 (New): UI improvement on user deletion
User requests for an option to automatically remove and/or revoke user's certificates when deleting a local user. Georgiy Tyutyunnik
04:17 PM pfSense Packages Feature #16025 (New): FreeRADIUS RadSec support
Customer requests an option for FreeRADIUS package to support RadSec Georgiy Tyutyunnik
04:15 PM pfSense Packages Feature #16024 (New): GUI options for users' certificate allocations in FreeRADIUS
Customer requests an option for a FreeRADIUS user creation process:
to be able to create a new user certificate or t... Georgiy Tyutyunnik

01/27/2025

10:55 PM Regression #16023 (Resolved): RAM disk configuration check fails at boot
In some situation the ramdisk_check_enabled function can incorrectly return empty at boot. This results in either RAM... Steve Wheeler
08:10 PM Bug #16022 (Resolved): Static lease DNS records are incorrectly removed when backing lease expires
Records that are registered "early" should not be removed when the backing lease expires. These records should persis... Christian McDonald
08:04 PM Revision 1af53b7a: Do not use the lua script on armv7, it is not supported.
Fixes the warnings at boot. Luiz Souza
03:51 PM pfSense Packages Todo #16021 (New): Improve input validation in the FreeRADIUS package GUI
Review the FreeRADIUS package and identify fields which could support input validation and do not already perform val... Jim Pingle
03:27 PM pfSense Packages Feature #16009 (Resolved): Switch to Suricata's built-in UNIX socket control mechanism to signal rule updates, log rotations, and process shutdown
PRs merged, thanks! Jim Pingle
03:27 PM pfSense Packages Bug #16008 (Resolved): Improperly double-quoted constants when using SIGHUP and SIGUSR2 in GUI code function calls
PRs merged, thanks! Jim Pingle
03:18 PM pfSense Packages Bug #15932: HAProxy entries disappear after saving with MIM enabled
When I had a single entry I saved the output of the installed packaged in HAproxy and then after adding a second entr... Chad High
02:58 PM pfSense Packages Regression #16020 (New): GeoIP filtering no longer working in latest version
Unable to apply any GeoIP filtering
https://forum.netgate.com/topic/196190/ipv4-source-definitions-line-1-invalid-... Mike Moore
02:10 PM Todo #16013 (Feedback): AutoConfigBackup code cleanup and GUI refresh
Applied in changeset commit:c81106eb27b31ee4738addc45798ddc10ff6c841. Jim Pingle
02:10 PM Feature #16014 (Feedback): Download function for AutoConfigBackup entries
Applied in changeset commit:c81106eb27b31ee4738addc45798ddc10ff6c841. Jim Pingle
02:10 PM Bug #16012 (Feedback): "Reset" button on AutoConfigBackup Restore tab does not submit the form
Applied in changeset commit:c81106eb27b31ee4738addc45798ddc10ff6c841. Jim Pingle
02:10 PM Bug #12249 (Feedback): Long configuration revision reasons can cause AutoConfigBackup upload to fail
Applied in changeset commit:c81106eb27b31ee4738addc45798ddc10ff6c841. Jim Pingle
02:10 PM Bug #16011 (Feedback): AutoConfigBackup remote revision timestamps may not be unique due to batch uploads
Applied in changeset commit:c81106eb27b31ee4738addc45798ddc10ff6c841. Jim Pingle
02:10 PM Bug #16010 (Feedback): AutoConfigBackup scheduled backups always upload even when the configuration has not changed
Applied in changeset commit:c81106eb27b31ee4738addc45798ddc10ff6c841. Jim Pingle
02:10 PM Feature #16015 (Feedback): Method to change the AutoConfigBackup device key
Applied in changeset commit:c81106eb27b31ee4738addc45798ddc10ff6c841. Jim Pingle
02:10 PM Todo #16016 (Feedback): Change AutoConfigBackup default key generation format
Applied in changeset commit:c81106eb27b31ee4738addc45798ddc10ff6c841. Jim Pingle
02:02 PM Revision c81106eb: ACB Device Key Changes + General Refresh
- Changed default method of device key generation.
Implements #16016
- Added mechanism to change the device key.
... Jim Pingle
12:47 PM Bug #12947: Old IPv6 addresses may continue to be used after DHCP or RA changes
I'am quiet confused.
On a WAN interface with "Do not wait for RA" is NOT checked (so a WAN interface where we expe... Jan-Jonas Sämann

01/26/2025

03:33 PM Bug #12947: Old IPv6 addresses may continue to be used after DHCP or RA changes
I dug a little deeper on how the renewal of delegated prefixes should happen. DHCPv6 does not have a mechanism where ... Jan-Jonas Sämann
06:24 AM Bug #15346: Port Forward Add Unassociated Filter Rule Not Working
Tested on 24.11
The issue still persists. aleksei prokofiev
06:14 AM pfSense Packages Bug #15644: Snort Status icon disappears
Tested on pfSense 24.11 and snort 4.1.6_22
The issue still persists. aleksei prokofiev

01/25/2025

11:47 PM Bug #16007: Dynamic DNS, Porkbun, "@.mydomain.xyz"
Kris Phillips wrote in #note-3:
> Emanuel Persson wrote in #note-2:
> > API Access is enabled. But for subdomains i... Emanuel Persson
10:53 PM Bug #16007: Dynamic DNS, Porkbun, "@.mydomain.xyz"
Emanuel Persson wrote in #note-2:
> API Access is enabled. But for subdomains it would work but this is a "Root doma... Kris Phillips
11:44 PM pfSense Plus Regression #15880: Upgrade available LED not set before branch is selected.
tested with 25.03.b.20250120.1851 using 6100 as hardware - without the newer update branch selected the indicator lig... Jordan G
11:06 PM Bug #16019 (Resolved): Kea can unintentionally attempt to spawn multiple processes and fail
When doing things like restarting the Kea service or switching between ISC and Kea, there is a possibility of Kea att... Kris Phillips
11:00 PM Bug #15847 (Confirmed): Kea DHCP lease utilization stats incorrect for delegated prefix pools
Tested on 24.11 and 25.03. I can confirm this behavior. The Lease Utilization section on a Delegation Prefix under ... Kris Phillips
10:57 PM Bug #16018 (Incomplete): Mysterious Entire Crash in "PFSense CE"
This looks like a file system issue. If you back up your config, reinstall on the latest firmware, and then restore ... Kris Phillips
08:53 PM Bug #16018 (Incomplete): Mysterious Entire Crash in "PFSense CE"
!https://i.imgur.com/8iRcwyP.png!
When changing Settings the firewall is crashing with this stacktrace on the cons... Guido Lipke
07:20 PM Bug #15852: Alias Nesting Only Shows IP and Network Alias Types On Initial Creation
From my interpretation of your description and based on preliminary testing, it seems what you're stating is possible... Jordan G
05:09 PM Feature #13293: Option to set auth-gen-token in OpenVPN GUI
Bumping this.
Is this possible as an addition for 25.03? We run into this a few times a week and manually addin... Kris Phillips
10:48 AM pfSense Plus Bug #15959: MIM GUI is unable to write IPv6 aliases
The issue persisted.
Tested against:... Danilo Zrenjanin
04:31 AM Bug #12947: Old IPv6 addresses may continue to be used after DHCP or RA changes
My duplicate of this was just closed in the moment I published an attempt to fix primary ipv6 gua selection. So here ... Jan-Jonas Sämann
12:02 AM Bug #12947 (Confirmed): Old IPv6 addresses may continue to be used after DHCP or RA changes
I am re-opening this issue since there are a couple failure cases that can explain the reported issues. To address th... Marcos M
12:04 AM Bug #15625: IPv6 prefix rotation by ISP causes complete service disruption
I implemented a deprecated address check and will observe the behavior in the next few days.
Basically this patch ... Jan-Jonas Sämann
12:03 AM Bug #15625 (Duplicate): IPv6 prefix rotation by ISP causes complete service disruption
Marcos M
12:04 AM Bug #15900 (Duplicate): After an IPv6 prefix and IP change on the WAN interface the old deprecated IPv6 address is shown on Dashboard->Interfaces and Status->Interfaces
Marcos M
12:04 AM Bug #15906 (Duplicate): IPv6 delegated prefix changes upstream do not immediately update track6 interfaces
Marcos M

01/24/2025

09:48 PM Bug #15625: IPv6 prefix rotation by ISP causes complete service disruption
Marcos M wrote in #note-1:
> I don't know if there's any code that still uses @pfSense_get_interface_addresses()@ - ... Jan-Jonas Sämann
08:11 PM pfSense Docs Todo #16017 (Feedback): Update AutoConfigBackup docs to account for new changes
The AutoConfigBackup docs will need updated to match changes happening in 25.03:
* https://redmine.pfsense.org/iss... Jim Pingle
05:10 PM Todo #16016 (Resolved): Change AutoConfigBackup default key generation format
Currently ACB associates backups with a host by a hash of its SSH public key, which is known as the "Device Key" in A... Jim Pingle
04:52 PM Feature #16015 (Resolved): Method to change the AutoConfigBackup device key
Currently the AutoConfigBackup device key is derived automatically and there is no way to change the key. It would be... Jim Pingle
04:42 PM Feature #16014 (Resolved): Download function for AutoConfigBackup entries
The AutoConfigBackup GUI has a "download" icon for entries which can be confusing since it opens a view which downloa... Jim Pingle
04:35 PM Todo #16013 (Resolved): AutoConfigBackup code cleanup and GUI refresh
The frontend and backend code in AutoConfigBackup needs a lot of review/cleanup.
* It's changed a lot over the yea... Jim Pingle
04:17 PM Bug #16012 (Resolved): "Reset" button on AutoConfigBackup Restore tab does not submit the form
When viewing backups for an alternate Device Key on the Restore tab, the "Reset" button changes the key back to the o... Jim Pingle
04:15 PM Bug #16011 (Feedback): AutoConfigBackup remote revision timestamps may not be unique due to batch uploads
The way AutoConfigBackup queues and batches uploads (once per minute), a sufficiently fast system on a sufficiently f... Jim Pingle
04:05 PM Bug #16010 (Rejected): AutoConfigBackup scheduled backups always upload even when the configuration has not changed
There is code to detect and skip scheduled backups if the configuration has not changed since the last upload, but is... Jim Pingle
04:01 PM Bug #12249 (In Progress): Long configuration revision reasons can cause AutoConfigBackup upload to fail
Fixing this as a part of what I'm already working on, best option is to truncate the reason to the limit supported by... Jim Pingle

01/23/2025

07:35 PM Revision d54f6e6d: Bump up Composer dependencies to latest major versions
and fix some fallout Christian McDonald
04:50 PM pfSense Packages Feature #16009: Switch to Suricata's built-in UNIX socket control mechanism to signal rule updates, log rotations, and process shutdown
This feature request is implemented via the following Pull Requests for the RELENG_2_7_2 and DEVEL branches, respecti... Bill Meeks
01:39 PM pfSense Packages Feature #16009 (Resolved): Switch to Suricata's built-in UNIX socket control mechanism to signal rule updates, log rotations, and process shutdown
Suricata provides a UNIX control socket for communicating with the running binary process. Switch to this more robust... Bill Meeks
04:49 PM pfSense Packages Bug #16008: Improperly double-quoted constants when using SIGHUP and SIGUSR2 in GUI code function calls
This issue is corrected in the following Pull Requests for the RELENG_2_7_2 and DEVEL branches, respectively:
http... Bill Meeks
01:20 PM pfSense Packages Bug #16008 (Resolved): Improperly double-quoted constants when using SIGHUP and SIGUSR2 in GUI code function calls
There are multiple instances of improperly double-quoted constants for the SIGHUP and SIGUSR2 values in the Suricata ... Bill Meeks
03:49 PM Revision c3e20129: Update Composer dependencies
Christian McDonald
03:21 PM pfSense Packages Feature #15548: Add packages for Zabbix 7.0 Agent and Proxy
Jim Pingle wrote in #note-45:
> The GUI packages were picked back there but failed to build because the actual under... Maurice Detmers
03:09 PM pfSense Packages Bug #15995: Unable to switch to the RELENG_2_7_2 branch
Jim Pingle wrote in #note-3:
> If it's a VM, it should work.
that works, thank you very much Maurice Detmers

01/22/2025

10:48 PM Bug #15956: Kea DHCP static mappings requires lease expiry before taking effect
Ran into the same issue. I have no way to reproduce it. I changed the assigned static ip to another ip address, unplu... Cornel van Mastrigt
12:47 PM Bug #16007: Dynamic DNS, Porkbun, "@.mydomain.xyz"
API Access is enabled. But for subdomains it would work but this is a "Root domain update". Not a subdomain update. I... Emanuel Persson
12:30 PM Bug #16007: Dynamic DNS, Porkbun, "@.mydomain.xyz"
Porkbun working fine for me on 24.11 software. Make sure you have API enabled for the domain in the Porkbun dashboard... Lev Prokofev
12:03 PM Bug #16007 (New): Dynamic DNS, Porkbun, "@.mydomain.xyz"
!clipboard-202501221253-aai6z.png!... Emanuel Persson
04:21 AM Bug #15906: IPv6 delegated prefix changes upstream do not immediately update track6 interfaces
Although this does restore basic connectivity, it defeats downstream prefix invalidation.
Deprecated prefixes in the... Jan-Jonas Sämann

01/21/2025

07:41 PM Bug #15625: IPv6 prefix rotation by ISP causes complete service disruption
Same here, just added my note to the wrong ticket: #12947#note-24 a week ago...
I can confirm and reproduce this on 2... Manuel Gayer
07:29 PM Revision 8208e606: Improve NAT64 input validation
NAT64 rules do not currently support route-to. Marcos M
07:19 PM Bug #15906: IPv6 delegated prefix changes upstream do not immediately update track6 interfaces
Same here, as already said in #12947#note-24.
For the moment I use this shell script in a cron-job every minute:
<pr... Manuel Gayer
07:02 PM Bug #16005 (Resolved): PHP error from invalid IPv6 address on ``diagnostics_ping.php``
Marcos M
06:05 PM Bug #16005 (Feedback): PHP error from invalid IPv6 address on ``diagnostics_ping.php``
Applied in changeset commit:3e161bebc0c49d6bde2f487682317abb0356698f. Marcos M
05:23 PM pfSense Packages Bug #15932: HAProxy entries disappear after saving with MIM enabled
It would be helpful to see the respective config section before and after reproducing the issue. It can be found in @... Marcos M
08:19 AM Feature #15813: Include alternative TCP stack
Andreas Dekiert wrote in #note-7:
> So, what is the way forward? You marked this issue as a duplicate of another one... Manuel Trier

01/20/2025

08:16 PM Bug #16005 (Pull Request Review): PHP error from invalid IPv6 address on ``diagnostics_ping.php``
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/1184 Marcos M
07:45 PM Bug #16005 (Resolved): PHP error from invalid IPv6 address on ``diagnostics_ping.php``
Steps to reproduce:
# Go to @Diagnostics > Ping@
# Set @IP Protocol@ to @IPv6@
# Enter @2001::1:2:3:4:5:6:7:8@ and... Marcos M
08:12 PM Revision 3e161beb: Handle potential errors with Net_IPv6::checkIPv6. Fix #16005
Marcos M
08:10 PM Revision 5e7e72ee: Don't process empty filter rules from packages
Packages may insert their own filter rules via a function referenced in
the package xml element "filter_rules_needed"... Marcos M
03:39 PM Bug #13158 (Resolved): Input validation error when applying limiter changes
Marcos M
03:39 PM Bug #15925 (Resolved): DNS Resolver option for Query Name Minimization cannot be disabled
The default configuration itself was updated to enable it - it's only done for installs. Marcos M
03:32 PM Bug #16004 (New): tailscale unexpected state: NoState
Found taiscale down today, status: unexpected state: NoState
Restarting the service didn't fix the issue.
To fix,... Marcelo Cury
01:48 PM Feature #16002: SCRAM-SHA-1(-PLUS) + SCRAM-SHA-256(-PLUS) + SCRAM-SHA-512(-PLUS) + SCRAM-SHA3-512(-PLUS) supports
SCRAM is supported by Net_SMTP which uses Auth_SASL or Auth_SASL2:
- https://github.com/pear/Net_SMTP?tab=readme-ov-... Neustradamus -
01:36 PM Feature #16002 (Needs Patch): SCRAM-SHA-1(-PLUS) + SCRAM-SHA-256(-PLUS) + SCRAM-SHA-512(-PLUS) + SCRAM-SHA3-512(-PLUS) supports
We do not directly implement that layer, we use PHP libraries (e.g. Mail which uses "Net_SMTP":https://pear.php.net/p... Jim Pingle
01:47 PM Bug #16000: 400 Bad Request - The plain HTTP request was sent to HTTPS port - nginx
I will create a PR to fix this problem! :) Neustradamus -
01:40 PM Bug #16000: 400 Bad Request - The plain HTTP request was sent to HTTPS port - nginx
It's not a bad or improper configuration, it's working as expected. It should not answer HTTP requests on the HTTPS p... Jim Pingle
01:28 PM pfSense Packages Regression #15469: RRD Graphs height is smaller than expected
That's not the expected scale. They're still about half as tall as they should be. Compare with the images in the ori... Jim Pingle

01/19/2025

05:06 PM pfSense Packages Bug #16003 (New): ACME IPV6 cloudflare issues, ipv4 preferred not respected
https://forum.netgate.com/topic/195953/bug-24-11-acme-ipv6-cloudflare-issues-ipv4-not-respected
Using cloudflare d... Jay Sols
04:27 PM Bug #15973: Kea DHCP server crashes on 3100 (32bit ARM) every 10 days or so post 24.11 upgrade
Same issue here, same hardware. I have a core-dump available which I can share with Netgate. I don't want to share it... Sander Peterse
05:31 AM pfSense Packages Feature #12179: QEMU package
if guest agent can be made a package it should feature integration with the dashboard services widget to easily monit... Jordan G
04:01 AM pfSense Packages Regression #15469: RRD Graphs height is smaller than expected
Various RRD graphs viewed via Status>Monitoring show scale as expected with 24.11
!clipboard-202501182201-5b8vb.pn... Jordan G
03:52 AM Bug #13158: Input validation error when applying limiter changes
following the application of the above linked patch (on 24.11), opening a child queue for a limiter, making a change ... Jordan G
03:12 AM Feature #15984: Can we have a way to start smartd on bootup?
Moving to Feature Request, as this is not a Bug. Kris Phillips
03:10 AM Feature #16002: SCRAM-SHA-1(-PLUS) + SCRAM-SHA-256(-PLUS) + SCRAM-SHA-512(-PLUS) + SCRAM-SHA3-512(-PLUS) supports
Moving from Bug Report to Feature Request, as this is not a Bug. Kris Phillips
02:32 AM Bug #15925: DNS Resolver option for Query Name Minimization cannot be disabled
Tested on... Christopher Cope
02:21 AM Todo #15969 (Resolved): Improve the system load impact from Dashboard widgets
Tested on... Christopher Cope

01/18/2025

05:34 AM Bug #16000: 400 Bad Request - The plain HTTP request was sent to HTTPS port - nginx
You have closed my ticket, please reopen, it has not been solved!
Linked to:
- https://www.google.com/search?q=40... Neustradamus -
05:22 AM Bug #16000: 400 Bad Request - The plain HTTP request was sent to HTTPS port - nginx
Thanks for your quick answer!
You can check ALL your devices :)
If you have a WebAdmin in HTTPS, you have autom... Neustradamus -
03:47 AM Bug #16000 (Rejected): 400 Bad Request - The plain HTTP request was sent to HTTPS port - nginx
What you are seeing is expected. You cannot send an HTTP request to an HTTPS port. That cannot be redirected, it's an... Jim Pingle
03:05 AM Bug #16000 (Rejected): 400 Bad Request - The plain HTTP request was sent to HTTPS port - nginx
Dear pfSense team,
Default local machine:
- http://pfsense/
- https://pfsense/
- https://pfsense/system_advance... Neustradamus -
04:00 AM Feature #16002 (Needs Patch): SCRAM-SHA-1(-PLUS) + SCRAM-SHA-256(-PLUS) + SCRAM-SHA-512(-PLUS) + SCRAM-SHA3-512(-PLUS) supports
Dear pfSense team,
I have discovered that "Notification E-Mail auth mechanism" supports are not good:
- https://p... Neustradamus -
03:45 AM Bug #16001 (Rejected): No easy WebAdmin access from WAN feature
Administrators should never expose the firewall GUI to the WAN, so adding rules manually is as "easy" as it will be. ... Jim Pingle
03:43 AM Bug #16001: No easy WebAdmin access from WAN feature
In more with this option, two forms:
- One with authorized IPv4
- One with authorized IPv6
WAN rules:... Neustradamus -
03:28 AM Bug #16001 (Rejected): No easy WebAdmin access from WAN feature
Dear pfSense team,
There is no easy feature to add the WebAdmin access from WAN.
If a NEW option is created (on... Neustradamus -

01/17/2025

10:19 PM pfSense Packages Bug #15996 (Resolved): pfBlockerNG can clobber unbound file permissions
Fixed with https://github.com/pfsense/FreeBSD-ports/commit/8d632447c10537dc99e9ab3aa1ac66768fa55829. Marcos M
08:00 PM Bug #15999 (Duplicate): DNS Forwarder issue with defining domain override
Marcos M
07:23 PM Bug #15999: DNS Forwarder issue with defining domain override
The issue is confirmed at the following pfSense Plus version:... Danilo Zrenjanin
07:22 PM Bug #15999 (Duplicate): DNS Forwarder issue with defining domain override
If you attempt to define a domain override under Services/DNS Forwarder, the entry you created will disappear after s... Danilo Zrenjanin
01:43 PM Bug #15998 (Rejected): IPSec bypass rules cause interface failure
There isn't nearly enough information here to make any conclusions or identify anything specific. It sounds like an i... Jim Pingle
12:26 PM Bug #15998 (Rejected): IPSec bypass rules cause interface failure
When we had version 2.6.3, we migrated an IPSec to a dataline. The only way we found to force IPSec to let go of the... Chaim Robinson
08:23 AM Feature #15997 (New): Multi chassis link aggregation
Multi-Chassis LAG would be a very useful feature and a natural expansion of the clustering feature. MC-LAG would pro... Marcello Lodi

01/16/2025

11:55 PM pfSense Plus Bug #15989: Renaming an alias in MIM does not update firewall and NAT rules with the new alias name
Part of the fix requires a binary update which cannot be applied via the System Patches package. Marcos M
09:27 PM pfSense Plus Bug #15989: Renaming an alias in MIM does not update firewall and NAT rules with the new alias name
Trying to patch using the commitID above and I'm unable to fetch. Mike Moore
04:08 PM pfSense Plus Bug #15989 (Resolved): Renaming an alias in MIM does not update firewall and NAT rules with the new alias name
Georgiy Tyutyunnik
04:08 PM pfSense Plus Bug #15989: Renaming an alias in MIM does not update firewall and NAT rules with the new alias name
latest dev fixes the issue
tested on:
25.07-DEVELOPMENT (amd64)
built on Thu Jan 16 6:00:00 UTC 2025
FreeBSD 15.0... Georgiy Tyutyunnik
11:12 PM pfSense Plus Bug #15978: Unable to get SMART data from 4200 onboard storage
Ive been following this redmine. If there is no way to monitor the system's disk health......Why is this product even... Mike Moore
10:06 PM pfSense Plus Bug #15978: Unable to get SMART data from 4200 onboard storage
So there is no way to monitor the storage health of the Netgate 4200?
How is a user supposed to know if the storage ... Andrew Almond
08:45 PM Bug #15925 (Feedback): DNS Resolver option for Query Name Minimization cannot be disabled
Applied in changeset commit:85a27bcb9b81425868aab775f9a456e27ca5767d. Marcos M
08:31 PM Revision cdba77b2: Fix typo in function name on log error message
Renato Botelho
08:30 PM Revision 21b966d4: Style fixes
Renato Botelho
08:18 PM pfSense Packages Bug #15996 (Resolved): pfBlockerNG can clobber unbound file permissions
To reproduce:
# Use a ZFS system.
# Install pfBlockerNG-devel and set it up DNSBL in Unbound python mode.
# Set up... Marcos M
07:19 PM Bug #15973: Kea DHCP server crashes on 3100 (32bit ARM) every 10 days or so post 24.11 upgrade
Björn Bylander wrote in #note-1:
> Loh Phat wrote:
> > The DHCP server dies with the following log entry:
> >
> ... Blaik Harvey
05:25 PM pfSense Plus Regression #15964 (Closed): Upgrades on UFS from 23.09.1 to 24.03 or 24.11 Fails
Luiz Souza
03:53 PM pfSense Plus Regression #15964 (Resolved): Upgrades on UFS from 23.09.1 to 24.03 or 24.11 Fails
can successfully update from 23.09.1 to the latest dev or latest stable on UFS
tested on:
25.07-DEVELOPMENT (amd64)... Georgiy Tyutyunnik
12:40 PM Bug #15990 (Resolved): Input validation prevents updating a limiter without changing the name
tested, patch fixes the issue
tested on:
25.03-BETA (amd64)
built on Wed Jan 8 2:56:00 CET 2025
FreeBSD 15.0-CURRENT Georgiy Tyutyunnik

01/15/2025

08:02 PM Bug #15708: The filterdns service won't start
I also ran into this issue. I had to bump my threads past 4096 to get it to work properly. A message on the "Tables" ... Dark Baritone
04:09 PM pfSense Plus Bug #15993: Upgrade fails with NVMe drive installed
Ok have a good day Jim :) Jonathan Lee
04:09 PM pfSense Plus Bug #15993: Upgrade fails with NVMe drive installed
It is the everything bagel 2100-MAX, we can call it the SG-2100-ULTRA edition .. comes with heat sinks a nvme drive, ... Jonathan Lee
04:07 PM pfSense Plus Bug #15993: Upgrade fails with NVMe drive installed
That you managed to make it function partially does not indicate it is "supported". It may have appeared functional, ... Jim Pingle
04:00 PM pfSense Plus Bug #15993: Upgrade fails with NVMe drive installed
@Jim Pringle
I am using a mpcie to nvme adapter on the mpcie slot that was used for wifi. It does work perfectly how... Jonathan Lee
03:35 PM pfSense Packages Bug #15995: Unable to switch to the RELENG_2_7_2 branch
If it's a VM, it should work. Jim Pingle
03:12 PM pfSense Packages Bug #15995: Unable to switch to the RELENG_2_7_2 branch
Jim Pingle wrote in #note-1:
> You're probably checking out the tree on a Windows filesystem, and the repository is ... Maurice Detmers
03:09 PM pfSense Packages Bug #15995 (Not a Bug): Unable to switch to the RELENG_2_7_2 branch
You're probably checking out the tree on a Windows filesystem, and the repository is not compatible with that. Files ... Jim Pingle
02:36 PM pfSense Packages Bug #15995 (Not a Bug): Unable to switch to the RELENG_2_7_2 branch
Hi,
I hope I am posting this in the right spot and hopefully someone can help me with this.
I am trying to switc... Maurice Detmers
06:49 AM Bug #15988 (Resolved): PHP error when saving System Log settings
The patch has been tested and it fixes the issue. aleksei prokofiev

01/14/2025

08:17 PM Feature #14483: Conditionally reconfigure IPsec VTI interfaces only when necessary while applying IPsec changes
Devs,
Is there any hope on the horizon on getting a patch to fix? If one is available, I have no problem providing a... Mike Moore
07:53 PM pfSense Plus Bug #15993 (Rejected): Upgrade fails with NVMe drive installed
There are systems which require NVMe to function as that is their only drive, so disabling it automatically at any po... Jim Pingle
07:01 PM pfSense Plus Bug #15993 (Rejected): Upgrade fails with NVMe drive installed
Hello fellow Redmine community members, I found a bug during upgrade to 25.11 the upgrade fails with my NVMe driver. ... Jonathan Lee
07:31 PM pfSense Packages Bug #15932: HAProxy entries disappear after saving with MIM enabled
I have also experienced this issue.
I can create a frontend with 1 ACL and it's fine. If I add a second ACL then all... Andrew Almond
07:22 PM pfSense Plus Bug #15994 (Resolved): Backup configuration cache is not cleaned automatically
With the introduction of BE2.0, the configuration backup cache is now only trimmed when backups are listed (e.g. by v... Marcos M
07:06 PM Revision 85a27bcb: QNAME minimization default has changed. Fix #15925
Marcos M
04:54 PM pfSense Packages Feature #15981 (Resolved): Add a fresh Suricata 7.0.8 package version in package manager.
PRs merged/picked. Thanks! Jim Pingle
03:50 PM Bug #15925 (Pull Request Review): DNS Resolver option for Query Name Minimization cannot be disabled
Marcos M
01:16 PM pfSense Plus Regression #15992 (Rejected): PHP Shell Permission Issue for User After Upgrade from 23.03 to 23.11
That has never been intended to work, it should only work as root/admin. It may have worked in certain cases by luck,... Jim Pingle
09:07 AM pfSense Plus Regression #15992 (Rejected): PHP Shell Permission Issue for User After Upgrade from 23.03 to 23.11
Hi
Description:
After upgrading from pfSense version 23.04 to 24.11, I encountered an issue where the nagios use... Abdallah Musa
08:23 AM Bug #15982: Limiters do not change values and disappear after reboot if bandwidth set over 5 Gig
But we need bandwidth limiter higher than ~4,3G. We need for example 7.5G or 10G
So changing just the UI is not very... Marco Eberhardt
07:54 AM Bug #15990: Input validation prevents updating a limiter without changing the name
Working great, thanks! Richard Rovelstad

01/13/2025

10:06 PM Feature #15991: Add support for filter rules for IPIP traffic
PR submitted https://github.com/pfsense/pfsense/pull/4723 Eric Johnson
09:58 PM Feature #15991 (New): Add support for filter rules for IPIP traffic
Currently there is no way to create filter rules for IP-in-IP encapsulated (aka IPIP, IPEncap, protocol 4) traffic vi... Eric Johnson
09:24 PM Feature #14130: Add DynDNS Provider - IPv64.net
2 years have passed. Can you give an update here? Dennis Schröder
09:15 PM pfSense Plus Regression #15964 (Feedback): Upgrades on UFS from 23.09.1 to 24.03 or 24.11 Fails
Relevant fixes have been applied/picked. Marcos M
09:13 PM Todo #15975 (Resolved): Additional error handling for invalid certificate configuration
A typo in the patch introduced a regression - fixed with commit:6065058126c6b6fa3380df7a382f9a3a28068119. Marcos M
09:05 PM Bug #15990 (Feedback): Input validation prevents updating a limiter without changing the name
Applied in changeset commit:6bf3e080f56facab1f00e29acd24dff62d5bd707. Marcos M
08:47 PM Bug #15990 (In Progress): Input validation prevents updating a limiter without changing the name
Thank you for reporting the issue. This is due to a patch that was recently included in the System Patches package wh... Marcos M
08:09 PM Bug #15990: Input validation prevents updating a limiter without changing the name
Patch packages through today have been installed. Richard Rovelstad
08:07 PM Bug #15990 (Resolved): Input validation prevents updating a limiter without changing the name
Hello. I was working with limiters (not child queues) today and found whenever I changed a parameter and tried to sav... Richard Rovelstad
08:59 PM Revision 6bf3e080: Only check for limiter name conflicts if the name changed. Fix #15990
While here, rename the variable $queue to $subqueue for clarity. Marcos M
07:30 PM Feature #15986: status_output: increase system log file length, currently limited to 1000 entries
Yes, an increase to 2500 or 5000 would be great.
I would say 5000, unless you have any concerns with that. Thanks. Craig Coonrad
07:11 PM Feature #15986: status_output: increase system log file length, currently limited to 1000 entries
It has to use the function, otherwise if a log was recently rotated it would only get the new/nearly empty file. The ... Jim Pingle
07:03 PM pfSense Docs Todo #15881 (Closed): Update UPNP service docs
Jim Pingle
06:51 PM pfSense Plus Bug #15989 (Feedback): Renaming an alias in MIM does not update firewall and NAT rules with the new alias name
Fixed with 02a8538d86ff96c2da3321264dd9d506f3bb0370. Marcos M
06:26 PM pfSense Plus Bug #15989 (Resolved): Renaming an alias in MIM does not update firewall and NAT rules with the new alias name
Firewall and NAT rules reference the old alias name after the alias has been renamed. To reproduce:
# Enable MIM
# ... Marcos M
04:30 PM pfSense Docs Todo #15985 (Closed): Missing the word have
There were some other wording/phrasing problems in that doc as well. I went through and reworded things a bit. Should... Jim Pingle
03:55 PM Bug #15988 (Feedback): PHP error when saving System Log settings
Applied in changeset commit:48b2525bae3addc43e99444869aa19ed60b8c443. Jim Pingle
03:47 PM Bug #15988: PHP error when saving System Log settings
I pushed a fix for the PHP error on this, that other message was a leftover debug print from #15874 and I removed it. Jim Pingle
06:07 AM Bug #15988 (Confirmed): PHP error when saving System Log settings
Tested on 24.11
I can reproduce this Bug.
And it's interesting but on 25.03-BETA (built on Wed Jan 8 1:56:00 UT... Azamat Khakimyanov
05:16 AM Bug #15988 (Resolved): PHP error when saving System Log settings
Tested on
24.11-RELEASE (amd64)
built on Wed Nov 27 18:22:00 UTC 2024
FreeBSD 15.0-CURRENT
Steps to reproduce
... aleksei prokofiev
03:45 PM Revision 48b2525b: Fix PHP error in Firewall log settings. Fixes #15988
Jim Pingle
03:45 PM Revision 4fe48229: Remove debug print from issue #15874
Jim Pingle
03:37 PM Revision 4f6e55a9: Check value when setting config root
$value should always be an array when setting the configuration root. Marcos M
03:12 PM Revision 60650581: Typo: Additional error handling for invalid cert config. Fix #15975
Christian McDonald
03:09 PM Feature #15987 (Rejected): Add Wireguard to Diagnostics --> Backup & Restore --> Backup Area
WireGuard is a package, so it can't be added there directly.
For that to happen we would need to engineer some way... Jim Pingle
08:04 AM Bug #15973: Kea DHCP server crashes on 3100 (32bit ARM) every 10 days or so post 24.11 upgrade
Loh Phat wrote:
> The DHCP server dies with the following log entry:
>
> [...]
>
> And then 5 minutes or so later ... Björn Bylander

01/12/2025

07:45 PM Feature #15987 (Rejected): Add Wireguard to Diagnostics --> Backup & Restore --> Backup Area
pfSense backup/restore currently handles IPsec and Openvpn as distinct backup and restore areas.
Would be a nice fea... Craig Coonrad
07:24 PM Feature #15986 (New): status_output: increase system log file length, currently limited to 1000 entries
For troubleshooting purposes it would be nice for the system.log captured with status.php to gather more than 1000 li... Craig Coonrad
06:30 PM Bug #12552: "Pull DNS" option within OpenVPN client does not cause pfSense to use DNS servers assigned by remote OpenVPN server
Solution
under general dns server settings add the express VPN dns server (i got this from their support, must sa... gcw wil
05:16 AM pfSense Docs Todo #15985 (Closed): Missing the word have
https://docs.netgate.com/pfsense/en/latest/development/freebsd-issues.html
Missing the word *have* .... Antoine Beaubien
03:39 AM pfSense Docs Todo #15881: Update UPNP service docs
staged document accurately reflects the new options and settings presented in the UPnP IGD & PCP services menu (v25.0... Jordan G
03:34 AM Bug #15598 (Resolved): Input validation for duplicate remote gateways does not work when using the duplicate P1 button
dylan mendez
03:33 AM Bug #15598: Input validation for duplicate remote gateways does not work when using the duplicate P1 button
Issue resolved after patch.

!clipboard-202501112133-jfmrr.png!
 dylan mendez
03:10 AM Bug #15925: DNS Resolver option for Query Name Minimization cannot be disabled
this behavior persists in 25.03.b.20250108.0156, GUI selection for q-name minimization has no effect when querying wi... Jordan G
02:11 AM Bug #15977 (Resolved): Incorrect color in button text within disabled rows
Tested on... Christopher Cope

01/11/2025

04:23 PM pfSense Packages Bug #10936 (Resolved): both haproxy/haproxy-devel non-existent option lb-agent-chk
It's no longer there. I tested against haproxy 0.63_9.
This is how it looked:
!clipboard-202501111721-dhbm2.p... Danilo Zrenjanin
03:50 AM pfSense Packages Bug #10936: both haproxy/haproxy-devel non-existent option lb-agent-chk
Danilo Zrenjanin wrote in #note-7:
> Tested on:
>
> [...]
>
> The check method "lb-agent-chk" is still listed... Kris Phillips
03:53 AM pfSense Packages Regression #15967 (Incomplete): pfsense duplicated WAN firewall rules
I'm unable to recreate this issue in pfBlockerNG. Changing the rule order for me properly removes and re-adds the ru... Kris Phillips
01:04 AM Feature #15984 (New): Can we have a way to start smartd on bootup?
I'm able to install smartmontools on my SG2100 but I see that smartd does not start when it boots. I can start it via... Craig Leres
12:43 AM Bug #12947: Old IPv6 addresses may continue to be used after DHCP or RA changes
The bug is still present.
I am able to reproduce this on our Netgate 6100 running 24.11 with an "AVM Fritz!Box 6850 L... Manuel Gayer

01/10/2025

10:50 PM pfSense Packages Feature #9141: FRR xmlrpc
Jim - Any hope we can get it implemented? There is a high degree of interest in making our pfsense deployments highly... Mike Moore
10:57 AM pfSense Packages Feature #9141: FRR xmlrpc
also interested on this,
is implementing this feature consists in changing which keys should be merged/copied in _x... Julien Bennet
10:38 PM pfSense Plus Bug #15983 (Confirmed): Unicode Escaped Characters in Client ID for Kea Cause No Start Condition
I can confirm and reproduce this issue. As a note the hostname already has entry verification, but it seems the clien... Christopher Cope
10:20 PM pfSense Plus Bug #15983 (Confirmed): Unicode Escaped Characters in Client ID for Kea Cause No Start Condition
If a dash is present in the Client ID field for a DHCP Reservation, this will cause Kea to fail with the following er... Kris Phillips
06:07 PM Revision 837c16fb: Fix toggleNATrule() always returning 'enabled' for a single rule
When toggleNATrule() was modified to accept a list of NAT rules, the default
case for a single 'id' in the postdata w... Reid Linnemann
02:21 PM Bug #15982: Limiters do not change values and disappear after reboot if bandwidth set over 5 Gig
Lev Prokofev wrote in #note-2:
> 'Line 34: bandwidth too large'
The bandwidth on a limiter can't be over the maxi... Jim Pingle
12:29 PM Bug #15982: Limiters do not change values and disappear after reboot if bandwidth set over 5 Gig
Update:
Can confirm the above on 24.03
Logs shows: ... Lev Prokofev
11:41 AM Bug #15982: Limiters do not change values and disappear after reboot if bandwidth set over 5 Gig
confirmed.
update: after reboot if the test limiter is applied as a pipe in the firewall rule the rule stops working... Georgiy Tyutyunnik
11:33 AM Bug #15982 (New): Limiters do not change values and disappear after reboot if bandwidth set over 5 Gig
Tested on 24.11 and 25.03BETA
Creating a limiter with a bandwidth of 4250
!clipboard-202501101424-otblj.png!
... Lev Prokofev
12:57 AM pfSense Packages Feature #12860: add mmc-utils package to all images
Has there been any progress on including @mmc-utils@ in the base image or as a package?
I've experienced several f... Andrew Almond

01/09/2025

11:51 PM Bug #12938 (Feedback): Incorrect warning from ``radvd`` about ``AdvRDNSSLifetime`` value
radvd 2.20 is now in snapshots which should resolve this warning even with increased logging. Marcos M
11:50 PM Feature #15808 (Feedback): PREF64 support in Router Advertisements
Applied in changeset commit:5d3bf10347ebee416770437cf5163b5e143f8511. Marcos M
11:47 PM pfSense Plus Regression #15979 (Resolved): Saving DHCPv6 Server settings results in a PHP error
Fixed with b46064eda3b89d99b3f623924de313d5b8ea1bdb. Marcos M
02:49 PM pfSense Plus Regression #15979: Saving DHCPv6 Server settings results in a PHP error
It's in Plus only. Marcos M
08:54 AM pfSense Plus Regression #15979: Saving DHCPv6 Server settings results in a PHP error
I could not replicate the issue.
I configured a static IPv6 address on the LAN and encountered no errors after se... Danilo Zrenjanin
12:54 AM pfSense Plus Regression #15979 (Resolved): Saving DHCPv6 Server settings results in a PHP error
With Kea enabled, saving the DHCPv6 Server settings results in a PHP error.... Marcos M
11:29 PM Revision 5d3bf103: PREF64 support. Implement #15808
Marcos M
11:29 PM Revision 25a17c38: Allow up to 4 RDNSS addresses
Marcos M
10:36 PM pfSense Packages Feature #15981: Add a fresh Suricata 7.0.8 package version in package manager.
I have submitted Pull Requests against the pfSense packages repo to update the Suricata binary to the latest 7.0.8 ve... Bill Meeks
11:46 AM pfSense Packages Feature #15981: Add a fresh Suricata 7.0.8 package version in package manager.
Lev Prokofev wrote:
> The fresh port is available
>
> https://www.freshports.org/security/suricata
Vulnerabili... Tapio Ryhänen
10:32 AM pfSense Packages Feature #15981 (Resolved): Add a fresh Suricata 7.0.8 package version in package manager.

The fresh port is available
https://www.freshports.org/security/suricata Lev Prokofev
09:14 PM Revision 9b5d5a6c: Remove zabbix 6.4 as it is now EoL
Brad Davis
02:43 PM pfSense Packages Feature #14729: OpenVPN Client Export - Support PLAP on Windows
I have this setup manually however get the error "waiting for management interface to come up" - Craig Messer
09:22 AM Bug #15980 (New): Certain schedulers seem not support weight parameter in child queues
Tested on ... Lev Prokofev

01/08/2025

10:30 PM Todo #15975 (Feedback): Additional error handling for invalid certificate configuration
Applied in changeset commit:0eb37ce10db6f12a6c2269347c1c5f5e98ad9f20. Marcos M
10:23 PM Revision 0eb37ce1: Additional error handling for invalid cert config. Fix #15975
Marcos M
07:11 PM pfSense Packages Feature #15548: Add packages for Zabbix 7.0 Agent and Proxy
The GUI packages were picked back there but failed to build because the actual underlying Zabbix 7 ports are not in t... Jim Pingle
07:01 PM pfSense Packages Feature #15548: Add packages for Zabbix 7.0 Agent and Proxy
Maurice Detmers wrote in #note-43:
> To be clear and if I am correct (please correct me if I am wrong), the Zabbix p... Gio M
11:55 AM Bug #15911 (Resolved): PHP error on save with very long configuration change descriptions
I was able to reproduce the issue on 24.11
Tested against the latest dev build.
The issue is fixed. Danilo Zrenjanin
08:34 AM Bug #15977: Incorrect color in button text within disabled rows
I tried to apply the patch to 24.11 and the latest dev build.
The patch didn't apply correctly and the issue pers... Danilo Zrenjanin
05:20 AM Bug #15949: Hardware offload settings not applying to interface used for PPPoE WAN on boot.
I would but I dont have a plus license, so unable to do that. I will check it again whenever 2.8.0 is released. Chris Collins

01/07/2025

11:06 PM pfSense Plus Bug #15978 (Not a Bug): Unable to get SMART data from 4200 onboard storage
That is expected; unfortunately the embedded drive in the Netgate 4200 does not support S.M.A.R.T. nor health checks ... Marcos M
10:35 PM pfSense Plus Bug #15978 (Not a Bug): Unable to get SMART data from 4200 onboard storage
The SMART status for onboard storage on the Netgate 4200 cannot be queried using the builtin SMART status viewer or t... Andrew Almond
10:05 PM Bug #15977 (Feedback): Incorrect color in button text within disabled rows
Applied in changeset commit:9c6818d93aba725673398e46dc26c476f0cec1a1. Marcos M
10:00 PM Bug #15977 (In Progress): Incorrect color in button text within disabled rows
Before / after:
!clipboard-202501071600-xxs2z.png!
 Marcos M
09:56 PM Bug #15977 (Resolved): Incorrect color in button text within disabled rows
Buttons may be included within table rows. For example, the ACME package shows the @Issue/Renew@ button inside the ro... Marcos M
09:59 PM Revision 9c6818d9: Don't override the button text color in disabled rows. Fix #15977
Marcos M
08:40 PM Bug #15956: Kea DHCP static mappings requires lease expiry before taking effect
i just ran into the same problem, under different circumstances, i change mac addresses on a static assignment using ... James Starowitz
06:57 PM pfSense Packages Bug #15976 (Resolved): Fix ntopng listen options
If both IPv4 and IPv6 server listen are enabled, the IPv4 address will not work. While the current version of ntopng ... Denny Page
05:13 PM pfSense Plus Bug #15968 (Closed): Updating to development versions with pfBlockerNG-devel installed causes 50x error on GUI (Dashboard)
This is a symptom of a build version issue in recent snapshots which has been resolved. Marcos M
05:07 PM Feature #15808 (Waiting on Merge): PREF64 support in Router Advertisements
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/1182 Marcos M
04:49 PM Bug #15949 (Feedback): Hardware offload settings not applying to interface used for PPPoE WAN on boot.
This is likely already fixed. A useful test to confirm would be to reproduce on 2.7.2, upgrade to Plus 24.11, and re-... Marcos M
04:46 PM pfSense Plus Regression #15964 (In Progress): Upgrades on UFS from 23.09.1 to 24.03 or 24.11 Fails
Marcos M
04:27 PM Regression #15961 (Resolved): Warning message in logs when changing firewall rules after setting Require Firewall Interface
Jim Pingle
04:23 PM Todo #15975 (Resolved): Additional error handling for invalid certificate configuration
* TypeError: Cannot access offset of type string on string in /etc/inc/certs.inc:110 https://forum.netgate.com/topic/... Marcos M
02:22 PM Revision 03dbbe3f: Bump up the year in the Copyright notice of README.md.
Luiz Souza
02:11 PM Revision 37d60e23: Bump up the year in the Copyright notice.
Luiz Souza
02:07 PM pfSense Docs Correction #15974 (Closed): AWS High Availability help link.
Added and tested, works fine here from each of the tabs in the package.
https://gitlab.netgate.com/docs/pfSense-do... Jim Pingle

01/06/2025

10:33 PM pfSense Docs Correction #15974 (Closed): AWS High Availability help link.

link https://docs.netgate.com/pfsense/en/latest/solutions/aws-vpn-appliance/ha.html to *Package> AWS High Availabil... Alhusein Zawi
03:04 PM pfSense Docs Todo #15972 (Rejected): Feedback on Troubleshooting — Troubleshooting Website Access
That is not a common problem on its own, not enough to warrant calling that much attention to it at that high a level... Jim Pingle
02:34 PM Feature #15808: PREF64 support in Router Advertisements
radvd 2.20 has been released with PREF64 support https://github.com/radvd-project/radvd/releases... Bart Schapendonk
01:24 PM pfSense Packages Bug #15965 (Not a Bug): pfSense UI fails to execute Surricata IPS/IDS cmds
Jim Pingle
09:46 AM pfSense Packages Feature #15548: Add packages for Zabbix 7.0 Agent and Proxy
To be clear and if I am correct (please correct me if I am wrong), the Zabbix packages for PFSense are (primarily) co... Maurice Detmers
04:58 AM Bug #15973 (Confirmed): Kea DHCP server crashes on 3100 (32bit ARM) every 10 days or so post 24.11 upgrade
The DHCP server dies with the following log entry:... Loh Phat
01:51 AM pfSense Plus Regression #15964 (Confirmed): Upgrades on UFS from 23.09.1 to 24.03 or 24.11 Fails
Steve Wheeler

01/05/2025

03:04 AM Todo #15953 (Resolved): Link to release information on the system update page
I can also confirm this patch shows links to patch notes for all releases. Marking as Resolved. Kris Phillips
02:40 AM pfSense Plus Bug #15968: Updating to development versions with pfBlockerNG-devel installed causes 50x error on GUI (Dashboard)
Maybe it's the HA component but which I didn't try yet but with just one instance and default settings except for hav... Chris W
12:15 AM pfSense Plus Bug #15968: Updating to development versions with pfBlockerNG-devel installed causes 50x error on GUI (Dashboard)
Installed KVM VM completely from scratch with factory default settings and 25.03.a.20250103.1624 ONLY installed pfBlo... dylan mendez

01/04/2025

11:29 PM pfSense Plus Bug #15968: Updating to development versions with pfBlockerNG-devel installed causes 50x error on GUI (Dashboard)
Tested on standalone pfSense with 0 custom settings, was able to reproduce. Just installing pfBlockerNG-devel causes ... dylan mendez
11:26 PM pfSense Plus Bug #15968: Updating to development versions with pfBlockerNG-devel installed causes 50x error on GUI (Dashboard)
It seems like just by installing pfBlockerNG-devel causes the crash report
!clipboard-202501041726-t7gfw.png!
!clip... dylan mendez
07:14 PM pfSense Plus Bug #15968: Updating to development versions with pfBlockerNG-devel installed causes 50x error on GUI (Dashboard)
I tested the update from version 24.11 with pfBlocker-devel running to version 25.03.a.20250103.1624 and was unable t... Danilo Zrenjanin
10:55 PM Regression #15961: Warning message in logs when changing firewall rules after setting Require Firewall Interface
Success here as well. Thank you. Jay Sols
08:22 PM Regression #15961: Warning message in logs when changing firewall rules after setting Require Firewall Interface
Applied patch on... Christopher Cope
08:26 PM pfSense Docs Todo #15972 (Rejected): Feedback on Troubleshooting — Troubleshooting Website Access
*Page:* https://docs.netgate.com/pfsense/en/latest/troubleshooting/website-access-issues.html
*Feedback:*
Greet... Carmen Jessica Myer
06:11 PM Todo #15953: Link to release information on the system update page
with the above patch applied to 24.11, navigating to the system>update>system update page now presents a link to http... Jordan G
06:04 PM Todo #15969: Improve the system load impact from Dashboard widgets
After applying these patches to a 4100 on 24.11 the dashboard indicated cpu usage dropped around 30% when just leavin... Jordan G
06:01 PM pfSense Packages Feature #15971 (New): Add CautiousConnect IPv6 feed
Add CautiousConnect IPv6 blocker feed:
[[https://sixint.io/products/cc_docs/about.html]]
Github PR here:
[[h... Robert Beverly
02:13 PM pfSense Packages Bug #15965: pfSense UI fails to execute Surricata IPS/IDS cmds
This sounds very much like a situation where the OP had a duplicate Suricata instance running on the interface. I cal... Bill Meeks

01/03/2025

10:35 PM Bug #15911: PHP error on save with very long configuration change descriptions
Applied in changeset pfsense:commit:46238320e89caa44bbb525849ab170bab6937619. Marcos M
10:30 PM Bug #15911 (Feedback): PHP error on save with very long configuration change descriptions
The revision description was not meant to be included in the translation. Marcos M
10:29 PM Revision 46238320: Don't translate the change description. Fix #15911
Revert to the previous behavior of not translating change descriptions. Marcos M
10:16 PM Bug #15970 (Duplicate): IPSEC phase1 deletion causes incorrect phase2 deletions
Marcos M
10:12 PM Bug #15970 (Duplicate): IPSEC phase1 deletion causes incorrect phase2 deletions
I recently deleted an IPSEC phase1 entry named "marty", which the configuration file says was ikeid 3. Then I receive... Drew Stemen
10:07 PM Todo #15969 (Feedback): Improve the system load impact from Dashboard widgets
Marcos M
09:49 PM Todo #15969: Improve the system load impact from Dashboard widgets
Adjust the refresh intervals to be more reasonable for each widget:
https://github.com/pfsense/pfsense/commit/7de19c3... Marcos M
09:49 PM Todo #15969 (In Progress): Improve the system load impact from Dashboard widgets
Marcos M
09:42 PM Todo #15969 (Resolved): Improve the system load impact from Dashboard widgets
The widget refresh behavior changed in 24.11 which can result in an increase in system load; see: https://redmine.pfs... Marcos M
09:49 PM Revision 648eb64f: Skip loading widgets that are not on the dashboard
Part of https://redmine.pfsense.org/issues/15969 Marcos M
07:50 PM Regression #15961 (Feedback): Warning message in logs when changing firewall rules after setting Require Firewall Interface
Applied in changeset commit:714ecd70d2db2fc45273cbf44e9ea6a6008e828b. Marcos M
07:34 PM Regression #15961 (In Progress): Warning message in logs when changing firewall rules after setting Require Firewall Interface
Marcos M
07:36 PM Revision 714ecd70: Don't try getting interface config without an interface. Fix #15961
Marcos M
06:56 PM pfSense Packages Bug #15944 (Closed): ACME Script Places _acme-challenge TXT Records in the Wrong Zone
Jim Pingle
06:54 PM pfSense Packages Bug #15944: ACME Script Places _acme-challenge TXT Records in the Wrong Zone
It's working again and as expected. I saw a hint about the zone IDs in a reddid thread: https://www.reddit.com/r/PFSE... Manuel M.
04:59 PM pfSense Plus Bug #15968: Updating to development versions with pfBlockerNG-devel installed causes 50x error on GUI (Dashboard)
I'm running HA, also. dylan mendez
04:58 PM pfSense Plus Bug #15968 (Closed): Updating to development versions with pfBlockerNG-devel installed causes 50x error on GUI (Dashboard)
pfBlockerNG-devel-3.2.1_20
pfSense 25.03.a.20241231.1206
This has been happening consistently on the last two upd... dylan mendez
04:50 PM Todo #15953 (Feedback): Link to release information on the system update page
Applied in changeset commit:5780d8f41632725f55ba456a36f848609fa3512f. Marcos M
04:43 PM Todo #15953 (In Progress): Link to release information on the system update page
Marcos M
04:40 PM Revision 5780d8f4: Link to release info on the update page. Implement #15953
Marcos M
04:40 PM Bug #15598 (Feedback): Input validation for duplicate remote gateways does not work when using the duplicate P1 button
Applied in changeset commit:51eae36f722f003fdaddb4db7e77b239cab2cd3d. Marcos M
04:34 PM Bug #15598 (In Progress): Input validation for duplicate remote gateways does not work when using the duplicate P1 button
Marcos M
04:34 PM Revision 51eae36f: Use posted config when checking for duplicates. Fix #15598
The duplicate check for remote IPsec P1 entries should be done against
the posted config instead of the saved config. Marcos M
04:12 PM pfSense Packages Regression #15967 (Incomplete): pfsense duplicated WAN firewall rules
in order to replicate this behaiveur.
1- Passing floating rules in pfBlockerNG from Enable to disable (check box in ... Michel Feria
03:39 PM Bug #15966: Kea DHCP - Changing Deny Unknown Clients from Allow Known to Unknown Requires Reboot
The issue is we do not have enough information to act on anything stated here. I'm not saying it didn't happen, or th... Jim Pingle
03:22 PM Bug #15966: Kea DHCP - Changing Deny Unknown Clients from Allow Known to Unknown Requires Reboot
Jim Pingle wrote in #note-5:
> It's not a bug _with this setting_ as stated, and there isn't enough information here... Steven Cedrone
02:02 PM Bug #15966: Kea DHCP - Changing Deny Unknown Clients from Allow Known to Unknown Requires Reboot
It's not a bug _with this setting_ as stated, and there isn't enough information here to identify what that actual un... Jim Pingle
01:32 PM Bug #15966: Kea DHCP - Changing Deny Unknown Clients from Allow Known to Unknown Requires Reboot
Jim Pingle wrote in #note-3:
> Sounds more like something is keeping your daemon from reloading with the new setting... Steven Cedrone
01:25 PM Bug #15966 (Incomplete): Kea DHCP - Changing Deny Unknown Clients from Allow Known to Unknown Requires Reboot
Sounds more like something is keeping your daemon from reloading with the new settings, not a bug specific to that pa... Jim Pingle
01:19 PM Bug #15966: Kea DHCP - Changing Deny Unknown Clients from Allow Known to Unknown Requires Reboot
Lev Prokofev wrote in #note-1:
> Not able to replicate, tested on
>
> [...]
>
> 1)Set Deny Unknown Clients to "Allo... Steven Cedrone
01:18 PM Bug #15966: Kea DHCP - Changing Deny Unknown Clients from Allow Known to Unknown Requires Reboot
Not able to replicate, tested on... Lev Prokofev
12:07 PM Bug #15966 (Incomplete): Kea DHCP - Changing Deny Unknown Clients from Allow Known to Unknown Requires Reboot
Changed DHCP "Deny Unknown Clients" from " Allow Known..." to "Allow All" caused the service to stop answering reques... Steven Cedrone
01:27 PM pfSense Packages Bug #15965 (Incomplete): pfSense UI fails to execute Surricata IPS/IDS cmds
Please post on the forum for assistance with troubleshooting. Jim Pingle
05:29 AM pfSense Packages Bug #15965 (Not a Bug): pfSense UI fails to execute Surricata IPS/IDS cmds
Suricata was installed successfully but when we tried to Disable/Enable Suricata with Rule configuration changes - it... Anuj Saxena
08:19 AM pfSense Packages Feature #15548: Add packages for Zabbix 7.0 Agent and Proxy
Gio M wrote in #note-41:
> Also looking to see this on CE RELENG_2_7_2.
>
> I see here it was added, then remove... Arvid Johansson
07:54 AM pfSense Packages Feature #15548: Add packages for Zabbix 7.0 Agent and Proxy
Also looking to see this on CE RELENG_2_7_2.
I see here it was added, then removed https://redmine.pfsense.org/pr... Gio M
12:40 AM pfSense Plus Regression #15964 (Closed): Upgrades on UFS from 23.09.1 to 24.03 or 24.11 Fails
Upgrading either from Serial/SSH console or the webConfigurator while running on UFS are failing from 23.09.1 with a ... Kris Phillips

01/02/2025

10:35 PM Feature #15963 (New): DynDNS provider SelfHost does support IPv6 updates
This patch adds DynDNS IPv6 update support for provider SelfHost.
Patch can also be found here
https://github.com... Jan-Jonas Sämann
09:53 PM pfSense Packages Feature #15548: Add packages for Zabbix 7.0 Agent and Proxy
when will this be available on Community Edition ? steve pretlove
06:28 PM Bug #15962 (Not a Bug): Block bogon networks issue
The blocks you are seeing are unrelated, out of state packets from killed or closed connections.
See https://docs... Jim Pingle
06:11 PM Bug #15962 (Not a Bug): Block bogon networks issue
running pfsense 2.7.2
When checking on WAN to block bogon networks and applying, it seems to start blocking LAN pa... John Beaudoin
05:42 PM pfSense Packages Bug #15917 (Rejected): In OpenVPN export package, the option Automagic Multi-WAN IPs (port forward targets) does not working as expected
I can't reproduce this here. The exported configuration correctly ends up with two @remote@ lines, one for each WAN.
... Jim Pingle
04:53 PM Regression #15961 (Resolved): Warning message in logs when changing firewall rules after setting Require Firewall Interface
When Require Firewall Interface is set in General setup the following error is logged when opening the firewall rules... Steve Wheeler
03:48 PM pfSense Packages Feature #15960 (New): NTOP Port Configuration in WebUI feature request
Environment:
OS name: pfSense+
OS version: 24.11-RELEASE (FreeBSD 15.0-CURRENT)
Architecture: amd64
ntopng vers... Benjamin Coussement
03:28 PM pfSense Packages Bug #15957 (Rejected): NTOPNG generates duplicate variable in CONF file when using advanced configuration lines on pfsense+
That is expected. There is no feature in the package that would detect and skip duplicate configuration lines like th... Jim Pingle
03:23 PM Bug #15956 (Rejected): Kea DHCP static mappings requires lease expiry before taking effect
I can't reproduce this here. I tested this extensively before the last release. As soon as I enter a static mapping a... Jim Pingle
02:45 PM Feature #15952 (Needs Patch): User Auth RADIUS Client Secure Protocols
We are limited by what is supported in the underlying upstream PHP RADIUS libraries, which lack such support. If an a... Jim Pingle
02:38 PM Bug #15907: PHP error in Captive Portal with undefined zone interface list
Gertjan KROEB wrote in #note-6:
> See also here : https://forum.netgate.com/topic/195520/issues-after-update-from-24... Jim Pingle
02:38 PM Bug #15874 (Resolved): Users with Deny Config Write privilege can trigger logging operations
services no longer hang after being started/stopped by a user with no config write privilegies
tested on:
25.03-DEV... Georgiy Tyutyunnik
02:16 PM pfSense Plus Bug #15948: GUI times out when attempting to view large Configuration History
The config history on Plus also looks into ZFS BE entries, so the more boot environments you have, the longer it will... Jim Pingle
09:20 AM pfSense Plus Bug #15959 (Confirmed): MIM GUI is unable to write IPv6 aliases
I can confirm this behavior.
Tested against the latest dev build. Danilo Zrenjanin
12:53 AM pfSense Plus Bug #15959 (Resolved): MIM GUI is unable to write IPv6 aliases
When creating an Alias (either Host or Network) using the new Multi-Instance-Management (MIM) interface, it is imposs... Jacques Bourdeau
04:31 AM pfSense Plus Bug #15740 (Not a Bug): NAT uses unknown IP address
dylan mendez

01/01/2025

08:38 PM Bug #15015 (Not a Bug): Static routes not working
Setting a gateway to an assigned interface changes the route-to/reply-to behavior for traffic passing the interface. ... Marcos M
07:17 PM pfSense Plus Feature #15958 (New): Need to be able to disable referrals in pam_ldap.conf
We discovered that when one of our offices was offline we could not ssh to a firewall that used nss_ldap authenticati... Orion Poplawski
01:38 PM Bug #15332 (Resolved): Kea fails to start if DHCP pool configuration contains default lease time or max lease time
Georgiy Tyutyunnik
01:38 PM Bug #15332: Kea fails to start if DHCP pool configuration contains default lease time or max lease time
reproduced the behavior on switch between ISC with pool with default-lease-time or max-lease-time to KEA
can't repro... Georgiy Tyutyunnik

12/31/2024

06:35 PM Bug #15956: Kea DHCP static mappings requires lease expiry before taking effect
Log snippet... Kevin Thorne
04:16 PM Bug #15956 (Rejected): Kea DHCP static mappings requires lease expiry before taking effect
See original issue here: https://www.reddit.com/r/PFSENSE/comments/1hqaf28/bug_report_kea_dhcp_static_mappings_ignore... Kevin Thorne
04:45 PM pfSense Packages Bug #15957 (Rejected): NTOPNG generates duplicate variable in CONF file when using advanced configuration lines on pfsense+
Environment:
OS name: pfSense+
OS version: 24.11-RELEASE (FreeBSD 15.0-CURRENT)
Architecture: amd64
ntopng vers... Benjamin Coussement
04:42 PM pfSense Plus Bug #15955 (Not a Bug): L2TP -> IPsec Routing Issue
Marcos M
04:26 PM pfSense Plus Bug #15955: L2TP -> IPsec Routing Issue
I think this is actually user error on my part using an insufficiently configured IPsec tunnel configuration; sorry f... Wyatt Childers
02:33 PM pfSense Plus Bug #15955 (Not a Bug): L2TP -> IPsec Routing Issue
When processing routes from the L2TP gateway IP, IPsec introduced routes are not considered.
e.g. with:
- the L... Wyatt Childers
04:28 PM Bug #15954 (Duplicate): L2TP Enable GUI Resets
Marcos M
02:27 PM Bug #15954 (Duplicate): L2TP Enable GUI Resets
When enabling the L2TP server in the VPN -> L2TP -> Configuration section after pressing save, navigating back to the... Wyatt Childers

12/30/2024

03:44 PM pfSense Plus Bug #15262: Captive Portal Has High CPU Interrupts With Large Number of Users
Kris Phillips wrote in #note-4: [[
> Marking this as confirmed, as we have multiple instances of people reporting iss... Muhammad Waseem Ul Haq
 

Also available in: Atom