Project

General

Profile

Activity

From 04/21/2025 to 05/20/2025

05/20/2025

08:46 PM Bug #14693: Filter reload with NAT reflection rules is extremely slow
This problem has been bugging me a lot too. I have lots of interfaces (250 VLANs) and about 200 NAT rules, reloading ... Vincent Caron
12:19 PM pfSense Packages Bug #16195 (New): acme 0.9_1 ocsp must-staple deprecated from let's encrypt
Please remove the ui elements and variable handling code for ocsp must-staple in the pfsense acme package.
Includi... David Horn

05/19/2025

11:42 PM pfSense Plus Bug #16176: Config restored during install can be overwitten by hardware specific default values
I think I understand the issue now. The installer lays down the installer settings file which has the installer confi... Reid Linnemann
11:11 PM pfSense Plus Bug #16176: Config restored during install can be overwitten by hardware specific default values
There is code in place on the initial boot when importing the installer config to touch the 'assign_complete' file th... Reid Linnemann
11:14 PM Revision 7a24be28: poudriere_bulk: add security/snort3
Christian McDonald
05:51 PM Bug #16194 (New): IPv6 ICMP firewall log entries marked with protocol "Options" instead of ICMPv6
Firewall log entries for ICMPv6 packets are showing a value of "Options" in the Protocol column, but only on developm... Jim Pingle
02:41 PM pfSense Docs Correction #16192 (Rejected): There is mismatch of description in the doc and on depiction of layout.
OpenVPN shared key mode is deprecated, not worth fixing this when it'll be going away. Nobody should be configuring t... Jim Pingle
02:21 PM Revision 282ab5c1: poudriere_bulk: add dns/coredns
Christian McDonald
05:04 AM pfSense Docs Todo #16193 (Rejected): Feedback on DHCP — Kea Settings Tab
The current documents have been updated to reflect options in Plus 24.11, Plus 25.03, and CE 2.8.0.
CE 2.7.2 does ... Jim Pingle
02:11 AM pfSense Docs Todo #16193 (Rejected): Feedback on DHCP — Kea Settings Tab
*Page:* https://docs.netgate.com/pfsense/en/latest/services/dhcp/kea-settings.html
*Feedback:*
I'm trying to set ... David Medland-Slater

05/18/2025

07:14 AM Bug #15228: User manger fails to display certificate option for a new user in case of input error
Tested on 25.03-BETA (amd64)
built on Wed May 7 20:11:00 +04 2025
FreeBSD 15.0-CURRENT
The issue still persist. aleksei prokofiev
07:02 AM pfSense Docs Correction #16192 (Rejected): There is mismatch of description in the doc and on depiction of layout.
In the https://docs.netgate.com/pfsense/en/latest/recipes/openvpn-s2s-psk.html
there is mismatch of description in t... aleksei prokofiev

05/17/2025

09:57 PM pfSense Plus Feature #14743: Add Passkey/Certificate-based Authentication
Jesse Norell wrote in #note-3:
> Sergei Shablovsky wrote in #note-2:
> > UPVOTE THIS
>
> How do you vote, just c... Kris Phillips
07:04 PM pfSense Docs Todo #16042: Feedback on pfSense® software Configuration Recipes — Configuring CoDel Limiters for Bufferbloat
I was pointed at this but I don't think my issues are related. That said, the current docs do lead the user to the u... Rob A

05/16/2025

09:44 PM Bug #16142 (Waiting on Merge): XMLRPC requests fail due to incorrect request path
Reid Linnemann
09:44 PM Bug #16142: XMLRPC requests fail due to incorrect request path
A ports merge is underway that will resolve this shortly, no other action needs to be taken. In the interim if you ne... Reid Linnemann
09:08 PM Bug #16142: XMLRPC requests fail due to incorrect request path
This looks to be related to a fix in Net_URL2 v2.2.3 for libpcre2 10.45 that is missing from Net_URL2 v2.2.2. Working... Reid Linnemann
07:03 PM Bug #16191: Early DNS registration can add invalid addreses
In addition, static mappings are currently being added without the prefix, even when a prefix is available.
Detai... Patrik Stahlman
06:58 PM Bug #16191 (New): Early DNS registration can add invalid addreses
When running Kea for DHCPv6 on an interface set to track6 against an upstream PD static DHCP leases can be added to u... Steve Wheeler
04:54 AM Bug #16130: Input validation prevents creating port forwards for the same port using a different address family
Yes it certainly does, but if I use the source alias containing mixed IPv4 and IPv6 for the firewall or NAT TCP rule ... V K

05/15/2025

08:47 PM Bug #16130: Input validation prevents creating port forwards for the same port using a different address family
The rule is created with either inet or inet6; pf will only match the rule for corresponding addresses in the pf tabl... Marcos M
08:21 PM Bug #16130: Input validation prevents creating port forwards for the same port using a different address family
Your advice only works if you can split source aliases into IPv4 and IPv6. However, this is not possible if the sourc... V K
08:08 PM Revision 34c529de: rc.restore_ramdisk_store: make removing the backup directory non-fatal
Christian McDonald
07:58 PM pfSense Plus Regression #16187 (Resolved): Alias autocomplete does not work with Ethernet firewall rules
Marcos M
05:31 PM pfSense Plus Regression #16187: Alias autocomplete does not work with Ethernet firewall rules
fixed in the latest 25.03 beta
tested on:
25.03-BETA (amd64)
built on Thu May 15 14:15:00 UTC 2025
FreeBSD 15.0-C... Georgiy Tyutyunnik
05:58 PM Revision 4f752164: Make sure a valid monitor address exists when creating the rule.
Followup to 83637fdf058f0f9207ca339fb9bc44728f9dbd28. Marcos M
04:21 PM pfSense Plus Feature #14743: Add Passkey/Certificate-based Authentication
Sergei Shablovsky wrote in #note-2:
> UPVOTE THIS
How do you vote, just comment "me too!" or watch the issue or ?... Jesse Norell
04:17 PM pfSense Packages Todo #16190: Update mDNS-Bridge to 2.0
PR https://github.com/pfsense/FreeBSD-ports/pull/1415 Denny Page
04:15 PM pfSense Packages Todo #16190 (New): Update mDNS-Bridge to 2.0
This update adds filtering of link local addresses from forwarded mDNS records.
[NB: This is categorized as Avahi ... Denny Page
02:48 PM Feature #16189: Better Logging for LDAP Connection Errors
PR: https://github.com/pfsense/pfsense/pull/4732 Jim Pingle
02:41 PM Feature #16189 (Waiting on Merge): Better Logging for LDAP Connection Errors
Jim Pingle
06:02 AM Feature #16189 (Waiting on Merge): Better Logging for LDAP Connection Errors
LDAP Connection Errors are hard to debug, as they dont give out any error details. This should be fixable by reading ... Björn Jakobsen
02:46 PM Feature #16166 (Pull Request Review): Option to deactivate ALTQ for VTNET interfaces
PR: https://github.com/pfsense/pfsense/pull/4733
That PR depends on an upstream FreeBSD source change which isn't ... Jim Pingle

05/14/2025

08:45 PM Feature #8149: NTPsec
Jim Pingle wrote in #note-4:
> We stated in the linked Reddit thread that if we were to change, the option we would ... Sergei Shablovsky
08:30 PM Feature #8149: NTPsec
Richard Yao wrote:
> Would pfSense integrate NTPsec client/sever support to help protect OpenVPN against MITM attack... Sergei Shablovsky
06:18 PM Bug #16022 (Resolved): Static lease DNS records are incorrectly removed when backing lease expires
Marcos M
05:10 PM Bug #16188 (Resolved): Typo in Installer
Fixed with a1462c78ec6ba60c0cbbb4475a8693fa41605e11, thanks! Marcos M
04:54 PM Bug #16188 (Confirmed): Typo in Installer
I confirmed this on the following versions:... Christopher Cope
04:33 PM Bug #16188 (Resolved): Typo in Installer
I didn't get a screen shot as it only shows for a couple seconds. But I'm pretty sure when it gets to the point of p... Steve Y

05/13/2025

07:12 PM pfSense Plus Regression #16187 (Feedback): Alias autocomplete does not work with Ethernet firewall rules
Fixed with commit:f121add4b9bc2905093645494494d54066e909b6. Marcos M
06:54 PM pfSense Plus Regression #16187 (Resolved): Alias autocomplete does not work with Ethernet firewall rules
There is no autocomplete when creating or editing an Ethernet firewall rule and typing an alias for the source or des... Marcos M
06:18 PM Bug #16186 (Duplicate): OpenVPN not removing old Cisco-AVPair anchor rules and files in ``/tmp``
It's not closed, it's still set to waiting on a patch upstream for the floating client support. Since you're seeing t... Marcos M
06:12 PM Bug #16186 (Duplicate): OpenVPN not removing old Cisco-AVPair anchor rules and files in ``/tmp``
Hello,
This is a continuation of #14577, I updated that ticket earlier not realizing it was closed.
I am still... Michael Mercier
04:55 PM Bug #14577: OpenVPN not removing old Cisco-AVPair anchor rules and files in ``/tmp``
Hi Marcos,
This issue is still happening for me. I have not yet figured out a way to reproduce the issue with my ... Michael Mercier
04:22 PM pfSense Packages Bug #16185 (Pull Request Review): FreeRADIUS HA sync changes may be overwritten by the system config XMLRPC sync
Making a change in FreeRADIUS on a HA cluster with configured FreeRADIUS sync triggers both the XMLRPC sync for the g... Georgiy Tyutyunnik

05/12/2025

06:21 PM Todo #13899 (Closed): Unclear description for UPnP option Override WAN address
Fixed as part of https://redmine.pfsense.org/issues/15864 Marcos M
05:00 PM Bug #16180 (Feedback): Improve gateway status detection with routed monitoring addresses
Applied in changeset commit:83637fdf058f0f9207ca339fb9bc44728f9dbd28.
Followup: commit:4f752164bd4d4a85c10e2c258745d... Marcos M
04:51 PM Revision 83637fdf: Improve gateway monitoring. Fix #16180
Revert the changes from 3b5f0ecbfc2d952891dbe227e9afbf9d2ed0ebd4 since
routing an address via an interface causes the... Marcos M
03:25 PM Bug #16183 (Incomplete): IPsec tunnels show as down, but they are working
I can't reproduce this here. It maybe a remnant leftover after a configuration change where strongSwan didn't stop an... Jim Pingle
03:02 PM Bug #16010: AutoConfigBackup scheduled backups always upload even when the configuration has not changed
I tested on both and I can't reproduce any problem. When I switch to a schedule, say every five minutes (@*/5, *, *. ... Jim Pingle
02:17 PM Bug #12833: GUI Service Log Filling Up with Cruft
The "Web Server" checkbox in log settings only disables error logging... Jim Pingle

05/11/2025

03:27 PM Revision f79edd51: Bump config version
Marcos M
04:25 AM Bug #16142: XMLRPC requests fail due to incorrect request path
Still an issue on the latest builds. Any update? dylan mendez

05/10/2025

08:25 PM Bug #15676 (Resolved): OpenVPN not rendering alises in "IPv4 Local network" setting.
I can't reproduce the issue on 24.11.
This ticket has been marked as resolved. Danilo Zrenjanin
06:14 PM Bug #12833: GUI Service Log Filling Up with Cruft
I'm getting hit fairly hard with this right now, as I have a busy 24.11 firewall in Azure that's shipping syslog to m... → luckman212
03:55 PM Bug #16010: AutoConfigBackup scheduled backups always upload even when the configuration has not changed
Tested on... Christopher Cope
02:16 AM Revision 32070a66: Remove interface_isppp_type_ephemeral()
Reid Linnemann
12:45 AM Revision 75dc97b8: Correct a copy/paste error and escape shell args where downing if_pppoe iface
Reid Linnemann

05/09/2025

11:13 PM Bug #16183 (Incomplete): IPsec tunnels show as down, but they are working
Our IPsec connection is working, but the status shows as down:
!clipboard-202505091705-zv4df.png!
The IPSec Overvie... Orion Poplawski
10:18 PM pfSense Plus Bug #15948: GUI times out when attempting to view large Configuration History
This timeout would not be an issue normally but is much more likely to happen due to https://redmine.pfsense.org/issu... Marcos M
09:49 PM Revision 11f07e13: Always bring if_pppoe interfaces down before destroying them
For kernel if_pppoe interfaces, when the interface is destroyed it is removed
immediately without sending a Term-Requ... Reid Linnemann
09:46 PM Bug #16182: Firewall rules using interface subnet aliases may prevent filter rules from loading after upgrades

I have verified that the patch fixes the issue, using the instruction in https://forum.netgate.com/post/1214308
Patrik Stahlman
09:33 PM Bug #16182 (Resolved): Firewall rules using interface subnet aliases may prevent filter rules from loading after upgrades
Tested working by original reporter. Marcos M
08:35 PM Bug #16182: Firewall rules using interface subnet aliases may prevent filter rules from loading after upgrades
Applied in changeset commit:a8e5ba643026ee11001dbeff48246ec9fbd07cc9. Marcos M
08:29 PM Bug #16182 (Feedback): Firewall rules using interface subnet aliases may prevent filter rules from loading after upgrades
Fixed with commit:a8e5ba643026ee11001dbeff48246ec9fbd07cc9.
This changes the behavior for interface "subnet" alias... Marcos M
08:17 PM Bug #16182 (Resolved): Firewall rules using interface subnet aliases may prevent filter rules from loading after upgrades
Sometimes after upgrades with pfBlockerNG installed, there will be an alert on the dashboard stating that the filter ... Marcos M
09:31 PM pfSense Docs Todo #16135 (Resolved): Document NAT64 rules
Looks good to me, thanks! Marcos M
07:25 PM pfSense Docs Todo #16135 (Feedback): Document NAT64 rules
This should all be reasonably complete now, along with other updates to firewall and NAT rules. It has all been deplo... Jim Pingle
08:26 PM Revision a8e5ba64: Add interface network aliases even if empty. Fix #16182
This changes the behavior for interface "subnet" aliases to be included in
/tmp/rules.debug even when the alias is em... Marcos M
07:20 PM Bug #16022: Static lease DNS records are incorrectly removed when backing lease expires
fixed. tested on
25.03-BETA (amd64)
built on Wed May 7 16:11:00 UTC 2025
FreeBSD 15.0-CURRENT
can reproduce on 24... Georgiy Tyutyunnik
03:33 PM pfSense Plus Regression #15880 (Resolved): Upgrade available LED not set before branch is selected.
Only the current branch and release branches are checked for updates. Sounds like it's working as expected given the ... Marcos M
02:14 PM pfSense Plus Regression #15880: Upgrade available LED not set before branch is selected.
re-tested on
25.03-BETA (amd64)
built on Wed May 7 16:11:00 UTC 2025
FreeBSD 15.0-CURRENT
issue still present - ... Georgiy Tyutyunnik
09:18 AM Bug #12922 (Confirmed): Classless static routes received on DHCP WAN can override chosen default gateway
Danilo Zrenjanin

05/08/2025

08:12 PM Revision 8bc76ef2: Fix updating renamed aliases with multiple entries
Previous behavior only checked single-entry aliases. This change allows
calling update_alias_names_upon_change() with... Marcos M
07:12 PM Revision 5379e5cf: Sync config revision
Marcos M
05:16 PM Revision e4f3b5ce: Fix double rc.newwanipv6 execution on if_pppoe
When using if_pppoe and DHCPv6 over the PPP link, both the devd handler script
and dhcp6c execute /etc/rc.newwanipv6 ... Reid Linnemann
03:51 PM pfSense Packages Feature #16075: Add Zabbix 7.0 packages for 24.03
The original request for Zabbix 7.0 was made when 24.03 was still the current release.
Zabbix 6.4 went out of suppor... Andrew Almond
03:48 PM Bug #16010: AutoConfigBackup scheduled backups always upload even when the configuration has not changed
fixed, scheduled backups not running if no config changes were made
tested on:
25.03-BETA (amd64)
built on Wed May... Georgiy Tyutyunnik
03:41 PM pfSense Plus Regression #16179 (Feedback): upgradeconfig php shell script incorrectly replaces running config when Nexus is enabled.
Looks good with that patch. Steve Wheeler
02:41 PM pfSense Plus Regression #16179 (Ready To Test): upgradeconfig php shell script incorrectly replaces running config when Nexus is enabled.
https://gitlab.netgate.com/pfSense/factory/-/merge_requests/172 Marcos M
08:43 AM pfSense Plus Bug #14894: Password protected console login prompt does not render properly on 4100/6100/8200 serial console
It is still the issue on 25.03Beta built on Tue Apr 29... Lev Prokofev

05/07/2025

08:00 PM Feature #15415 (Resolved): Enhanced firewall log action information display
Fixed #note-18 with commit:6cf3e688d725056472ed5641dff30fa75dd95a50. Marcos M
07:51 PM Feature #15415 (In Progress): Enhanced firewall log action information display
There's an issue here with rules containing some HTML characters such as:... Marcos M
07:59 PM Bug #16170 (Resolved): Incorrect logic for detection of DNS server change in cases where the ISP does not provide search domains in DHCPv6 renewal
Marcos M
07:51 PM Revision 6cf3e688: Double-escape HTML characters for use in HTML attribute. Fix #15415
Marcos M
05:44 PM pfSense Plus Feature #16181 (New): Include Nexus controller PTY log in GUI
In some cases there are logs included in @/var/log/pfnet-controller-pty.log@ which can help when troubleshooting issu... Marcos M
05:22 PM Bug #16180 (Pull Request Review): Improve gateway status detection with routed monitoring addresses
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/1221 Marcos M
05:03 PM Bug #16180 (Resolved): Improve gateway status detection with routed monitoring addresses
Gateway monitoring traffic may go out the wrong interface in some cases. Redmine "#16069":https://redmine.pfsense.org... Marcos M
09:00 AM pfSense Plus Bug #14168: OpenVPN status GUI cannot display RADIUS ACL Generated Ruleset with usernames containing an ``@`` symbol
Hello, this problem is still occur in version 24.11-RELEASE.
We located that problem is in status_openvpn.php file o... K H
02:37 AM Feature #16177: Include Unbound 1.23.0 in upcoming release
For whatever it's worth, I second this request. Would love to have the new version if at all possible. It includes a ... Glenn Hall

05/05/2025

08:37 PM Revision 9c41e113: pppoe-handler: Mute spurious invalid address warnings
Move the address checking out of the main body of the script into switch cases
that actually use the address
(cherry... Reid Linnemann
08:37 PM Revision 0680e73e: Fix serialization/deserialization of ppp hostuniq and provider attributes
When these two properties were added, the form handling set their config values
to boolean true if empty, leading to ... Reid Linnemann
08:37 PM Revision 30cad817: if_pppoe: Resolve endless loop on dhcp6c
When using if_pppoe, the use of ppp-ipv6 to up the pppoe interface on ADDR_ADD
causes a loop of calling interface_dhc... Reid Linnemann
02:19 PM Bug #16169 (Resolved): NAT64 states have ``src`` and ``dst`` swapped in data returned by pfSense PHP Module
Latest snapshot it working as expected. The fix has been picked back to 25.03/2.8.0 branches as well but isn't in a b... Jim Pingle
10:21 AM pfSense Plus Bug #16176: Config restored during install can be overwitten by hardware specific default values
confirmed
tested on 6100
netgate-installer-v1.1-BETA-amd64-20250429-0600.img Georgiy Tyutyunnik

05/04/2025

09:36 PM pfSense Packages Bug #15061: acme.sh nsupdate with challengealias is failing in certain cases
Sorry for getting it wrong the first time. Fixed it again and tested both challengealias without and with challengedo... Seyfidin Hamraoui
01:29 PM pfSense Plus Regression #16179: upgradeconfig php shell script incorrectly replaces running config when Nexus is enabled.
This only happens when Nexus MIM is enabled. Steve Wheeler
01:16 PM pfSense Plus Regression #16179 (Feedback): upgradeconfig php shell script incorrectly replaces running config when Nexus is enabled.
When called with two file names the php shell session upgradeconfig is supposed to upgrade the first file and save it... Steve Wheeler
01:45 AM Bug #16128 (Confirmed): if_pppoe: PHP password handling
Marking as Confirmed for now, since this is a known difference in behavior. Kris Phillips
01:43 AM Bug #16131: DHCP Relay not working when CARP Status VIP is other than None
Silviu Bajenaru wrote in #note-2:
> Kris Phillips wrote in #note-1:
> > I'm going to guess this is due to IPSec, as... Kris Phillips
01:20 AM Bug #16144: Switching from Static IP block to DHCP on the WAN leaves original routes in place
This would be hard to do, as we have no idea what gateways are suddenly "invalid". Unlike a "consumer" router where ... Kris Phillips
01:12 AM pfSense Plus Bug #16080: Issues Upgrading from 24.03 to 24.11 SG-1100 Atheros 9280
Updating Target version to Plus-Next. This will not be fixed for 25.03, as a WiFi bug for an obscure card cannot be ... Kris Phillips
12:54 AM pfSense Packages Regression #15909: tailscale interface assignment prevents the upgrade from 24.03 to 24.11
Does this same issue happen with interfaces assigned with wireguard? Bryan Allen
12:50 AM pfSense Packages Todo #16091 (Confirmed): tailscale package requires updates
I'd say we should be syncing the package dependencies more often than we do. Version 24.11, which is the current sta... Kris Phillips
12:49 AM pfSense Packages Todo #16091: tailscale package requires updates
Confirmed that pfSense 25.03 is using 1.80.0 package for Tailscale. Package 1.82.5 is available upstream. Marked as c... Bryan Allen
12:49 AM Feature #16165: Threema Gateway API integration
Updating status to Low.
I've never seen a request beyond this redmine for this, but if someone wants to write th... Kris Phillips
12:42 AM pfSense Packages Feature #16075 (Rejected): Add Zabbix 7.0 packages for 24.03
We don't typically port back packages to previous releases. If you need the current version of Zabbix, we recommend ... Kris Phillips
12:38 AM pfSense Packages Bug #16164: mailreport package can't create a Report entity
Tested and confirmed issue with 24.11 resolved in 25.03 Bryan Allen
12:27 AM pfSense Packages Bug #16164 (Resolved): mailreport package can't create a Report entity
Tested on 24.11. Confirmed results. Adding new reports results in blank page with nothing saved.
Tested on 25.... Kris Phillips
12:36 AM pfSense Packages Feature #16089 (Confirmed): Add packages for Zabbix 7.2 agent and proxy
Confirmed. Package not available.
Marking Confirmed. Kris Phillips
12:35 AM pfSense Packages Feature #16089: Add packages for Zabbix 7.2 agent and proxy
Zabbix 7.2 is not available as an available package in 24.11 and 25.03. Package is available upstream. Bryan Allen

05/03/2025

11:28 PM Bug #16162 (Resolved): IPsec unnecessarily prompts to apply changes after input errors
Can confirm behavior is now as expected after applying the patch. dylan mendez
04:43 PM Bug #16162: IPsec unnecessarily prompts to apply changes after input errors
with above changeset applied to pfSense+ 25.03.b.20250429.1329, attempting to delete an IPsec tunnel produces the war... Jordan G
05:59 PM Bug #16178 (Confirmed): Input validation - System>Advanced>Notifications
Tested on... Christopher Cope
05:34 PM Bug #16178 (Confirmed): Input validation - System>Advanced>Notifications
*From e-mail address* field is missing input validation.
It permits any data entry without generating errors upon... Danilo Zrenjanin
05:27 PM Feature #16177 (New): Include Unbound 1.23.0 in upcoming release
Hi all,
I apologize in advance if this is a duplicate. Would it be possible to include the next version of Unboun... Timo M

05/02/2025

11:50 PM Bug #16162 (Feedback): IPsec unnecessarily prompts to apply changes after input errors
Applied in changeset commit:16eb8e7bc495d3af0f8031fc1dd7edd9222bf28f. Marcos M
11:43 PM Bug #16162 (In Progress): IPsec unnecessarily prompts to apply changes after input errors
Marcos M
11:41 PM Revision 16eb8e7b: Check input validation before prompting to apply settings. Fix #16162
Marcos M
11:14 PM Bug #16167: if_pppoe sends invalid service name
I've also added changes in https://gitlab.netgate.com/pfSense/factory/-/commit/ff0af2d353b8db1eba524371556d51d028f03d... Reid Linnemann
11:00 AM Bug #16167 (Resolved): if_pppoe sends invalid service name
Looks fixed as of controller build 678d0c35afc910be4f6ce7420259a8321a7f1ec3 Steve Wheeler
10:36 PM pfSense Plus Bug #16176 (Feedback): Config restored during install can be overwitten by hardware specific default values
When installing using the Net Installer an config existing config can be selected to use in the resulting install.
... Steve Wheeler
07:48 PM Bug #16169 (Feedback): NAT64 states have ``src`` and ``dst`` swapped in data returned by pfSense PHP Module
Kristof gave me a test module to try and it worked, so the latest commit should solve it. Will re-test once that's in... Jim Pingle
01:20 PM Bug #16169 (In Progress): NAT64 states have ``src`` and ``dst`` swapped in data returned by pfSense PHP Module
It's closer but now the entire src+src-orig and dst+dst-orig are swapped in the module, but each pair is consistent a... Jim Pingle
03:47 PM Feature #16174: CARP VIP support for ``if_pppoe``
HA and CARP are only supported on static interfaces, not dynamic. That only ever worked by coincidence and luck.
T... Jim Pingle
07:48 AM Feature #16174 (New): CARP VIP support for ``if_pppoe``
With the mpd5 PPPOE implementation it is possible (although perhaps not intentional/supported) to create a CARP VIP o... Bert Smith
03:16 PM pfSense Plus Bug #16175 (Rejected): Error changing Firewall Rules
This site is not for support or diagnostic discussion.
For assistance in solving problems, please post on the "Net... Jim Pingle
02:58 PM pfSense Plus Bug #16175 (Rejected): Error changing Firewall Rules
Hello,
every time i want to change, delete or cahnge a rule in Firewall Rules it doesnt doo anything and i get a not... Felipe Branz
07:45 AM Bug #16173 (New): if_pppoe does not close PPPOE session on restart
When shutting down the interface or reboting, if_pppoe does not inform the peer that the session is terminated.
Fo... Bert Smith

05/01/2025

08:59 PM Feature #16092 (Resolved): Separate IDS/IPS and link-local firewall log entries from default block logging
Marcos M
08:55 PM Bug #16167 (Feedback): if_pppoe sends invalid service name
This should be fixed in the next pfnet-conbtroller build. Steve Wheeler
07:10 PM Bug #16170 (Feedback): Incorrect logic for detection of DNS server change in cases where the ISP does not provide search domains in DHCPv6 renewal
Applied in changeset commit:6976e027ae417d2a14e0192f53e9bab965dba82c. Marcos M
06:28 PM Bug #16170 (In Progress): Incorrect logic for detection of DNS server change in cases where the ISP does not provide search domains in DHCPv6 renewal
Marcos M
04:44 PM Bug #16170: Incorrect logic for detection of DNS server change in cases where the ISP does not provide search domains in DHCPv6 renewal

As expected, in 25.03-BETA on May 1 (25.03.b.20250429.1329) the issue mentioned in the OP still remains, each DHCPv... Patrik Stahlman
07:00 PM Revision 6976e027: Correct the DNS info change detection. Fix #16170
The variable $dns_changed was introduced along with the RENEW reason and
is intended to only take affect with RENEW. ... Marcos M
06:43 PM Revision e1ad3c08: Add collectd to the list of packages to build
Brad Davis
03:35 PM Feature #16172 (New): Adjust the SYSLOG log format for a firewall rule with action match
Security Onion does not collect logs from firewall rules with action==match. The reason is the format of the syslog m... Volodymyr Voskresenskyi
02:04 PM Bug #16171: Configuring a bridge on a base interface breaks bridges on VLAN interfaces on that interface
Jim Pingle wrote in #note-2:
> The configuration isn't just unsupported, it's not viable and even if it were, it's ag... Andreas Wuerl
01:01 PM Bug #16171 (Rejected): Configuring a bridge on a base interface breaks bridges on VLAN interfaces on that interface
The configuration isn't just unsupported, it's not viable and even if it were, it's against best practices for securi... Jim Pingle
06:57 AM Bug #16171: Configuring a bridge on a base interface breaks bridges on VLAN interfaces on that interface
The detailed relevant configuration looks like this:... Andreas Wuerl
06:33 AM Bug #16171 (Rejected): Configuring a bridge on a base interface breaks bridges on VLAN interfaces on that interface
The basic usecase is using a second port on the firewall to connect another hardware switch distributing the internal... Andreas Wuerl
12:28 PM Bug #16169 (Ready To Test): NAT64 states have ``src`` and ``dst`` swapped in data returned by pfSense PHP Module
It turns out that for nat64 we need to swap the wire information. That's a little odd, but it's what pfctl does (both... Kristof Provost

04/30/2025

08:12 PM pfSense Docs Todo #16135 (In Progress): Document NAT64 rules
First pass: https://gitlab.netgate.com/docs/pfSense-docs/-/commit/b6748ba9503baa5d4e9d7c7d364ab4d215b0de1a
Staged ... Jim Pingle
07:28 PM Bug #16073: Nested aliases used with OpenVPN do not always load routes
Or from the webgui Diag > Command Prompt page like:
!Screenshot%20from%202025-04-30%2020-26-16.png!
That will rel... Steve Wheeler
07:10 PM Bug #16073: Nested aliases used with OpenVPN do not always load routes
The next time you see this happen, please run these from the php shell in the console menu (option 12) and let us kno... Chris W
05:17 PM Bug #16170 (Resolved): Incorrect logic for detection of DNS server change in cases where the ISP does not provide search domains in DHCPv6 renewal

For 25.03-BETA-3 (25.03.b.20250427.2348) I applied commit https://github.com/pfsense/pfsense/commit/5c2c11b.patch... Patrik Stahlman
04:21 PM Bug #16131: DHCP Relay not working when CARP Status VIP is other than None
Kris Phillips wrote in #note-1:
> I'm going to guess this is due to IPSec, as DHCP Relay is unpredictable with IPSec... Silviu Bajenaru
03:46 PM Bug #16169 (Resolved): NAT64 states have ``src`` and ``dst`` swapped in data returned by pfSense PHP Module
There appears to be a bug in NAT64 state data retrieval via the pfSense PHP module. It has the post-NAT source and de... Jim Pingle
02:38 PM Bug #16167: if_pppoe sends invalid service name
Steve ran this dtrace probe:... Kristof Provost
12:57 PM Bug #16167: if_pppoe sends invalid service name
I'm unable to reproduce this.
There was an issue with pppcfg where '-pppoesvc' (i.e. to remove a service name) did... Kristof Provost
01:36 PM pfSense Packages Feature #16168 (Closed): Synchronize ACME package with new upstream acme.sh version 3.1.1
No need for a request to track this, it's done periodically and not to any specific version but whatever the latest i... Jim Pingle
12:49 AM pfSense Packages Feature #16168 (Closed): Synchronize ACME package with new upstream acme.sh version 3.1.1
The acme.sh project released a new version this past week with support for a ton of new DNS APIs, plus other updates ... Brett Keller
12:07 AM Revision 201a8998: Fix IPsec settings filter policy link
Steve Wheeler
12:03 AM Bug #16155 (Resolved): mpd5 specific options remain availble after enabling if_pppoe
Marcos M

04/29/2025

04:43 PM Bug #16167 (Resolved): if_pppoe sends invalid service name
In some circumstances the if_pppoe module sends an unexpected and seemingly random service name:... Steve Wheeler
03:13 PM pfSense Packages Feature #15960: NTOP Port Configuration in WebUI feature request
I believe this issue can be closed. Denny Page
03:11 PM pfSense Packages Bug #13432: ups driver will not start
I believe this issue can be closed. Denny Page
08:52 AM Feature #16166 (Pull Request Review): Option to deactivate ALTQ for VTNET interfaces
Under System/Advanced/Networking there is an option to deactivate ALTQ for Microsoft Hyper-V hn vNICs. It would be go... Björn Jakobsen
03:01 AM Feature #16165 (New): Threema Gateway API integration
Hello,
I will request a feature to integrate the Threema Gateway API as a notification service besides Telegram an... Dominik H
02:06 AM Revision 9316ad06: Fix config check for if_pppoe
'system/use_mpd5_for_pppoe' is not a valid config path. Marcos M

04/28/2025

06:51 PM pfSense Packages Bug #16164: mailreport package can't create a Report entity
can confirm this happening on pfSense+ 24.11 with mailreport 3.6.4_4. This does not occur when using pfSense+ 25.03.b... Jordan G
06:44 PM pfSense Packages Bug #16164 (Resolved): mailreport package can't create a Report entity
mailreport latest version (3.6.4_4) doesn't create a Report entity for further configuration after you Save in the in... Georgiy Tyutyunnik
09:59 AM pfSense Packages Feature #15397: Wazuh Agent
I would also like wazuh-agent to be included in the official packages.
Possibly also Check_MK agent. Matteo Calorio

04/27/2025

03:34 PM pfSense Plus Bug #16163: Gateway widget incorrectly displays IPv6 default gateway status
Correction: System_Patches rev is 2.2.20_4 Marc Goldburg
03:30 PM pfSense Plus Bug #16163 (New): Gateway widget incorrectly displays IPv6 default gateway status
Running 24.11 + System_Patches 2.2.20_04, the gateway widget occasionally fails to display the "globe icon" and gatew... Marc Goldburg
02:11 PM pfSense Packages Regression #16157 (Duplicate): Wireguard with ipv6 interface breaks in 25.03 beta.
Marcos M
08:19 AM pfSense Packages Regression #16157: Wireguard with ipv6 interface breaks in 25.03 beta.
I can confirm this behavior, as soon as I added IPv6 to the wg tunnel settings I had this crash.
25.03-BETA (amd64)
... aleksei prokofiev
04:55 AM Bug #16155: mpd5 specific options remain availble after enabling if_pppoe
testing this with 25.03 and 25.07 with above patch applied after enabling if_pppoe under System>Advanced>Networking>N... Jordan G
02:15 AM pfSense Plus Bug #15303: dpinger service does not always switch from Pending to Online
Tested on 25.03-BETA. I can still recreate this with VTI tunnels. Haven't tested other methods of reproduction, but... Kris Phillips
02:08 AM Bug #16131: DHCP Relay not working when CARP Status VIP is other than None
I'm going to guess this is due to IPSec, as DHCP Relay is unpredictable with IPSec (especially tunnel mode).
Are y... Kris Phillips
12:05 AM Bug #16162 (Confirmed): IPsec unnecessarily prompts to apply changes after input errors
dylan mendez
12:04 AM Bug #16162: IPsec unnecessarily prompts to apply changes after input errors
I can confirm this behavior on latest development snapshots.
!clipboard-202504261804-bagsm.png!
 dylan mendez

04/26/2025

07:47 PM Feature #15089 (Resolved): Support LuaDNS provider
Tested on... Christopher Cope
07:45 PM Bug #16153: ECL can modify a discovered config file
can confirm this occurs when using ECL on 25.03.b.20250424.1928 and 25.07.a.20250426.1531, when inspecting the conten... Jordan G
07:07 PM Bug #16158 (Closed): IPsec allows deleting P1/P2 entries with an assigned VTI
dylan mendez
02:17 PM Bug #16158 (Incomplete): IPsec allows deleting P1/P2 entries with an assigned VTI
Tested on... Christopher Cope
08:39 AM Bug #16158: IPsec allows deleting P1/P2 entries with an assigned VTI
I am getting the same results on 24.11 pfSense Plus. Everything works as expected. Danilo Zrenjanin
08:28 AM Bug #16158 (Feedback): IPsec allows deleting P1/P2 entries with an assigned VTI
Danilo Zrenjanin
08:28 AM Bug #16158: IPsec allows deleting P1/P2 entries with an assigned VTI
I couldn't reproduce it on:... Danilo Zrenjanin
06:20 PM pfSense Packages Feature #16075: Add Zabbix 7.0 packages for 24.03
@jimp @mmendoza @jgreene
What is needed to get Zabbix 7.0 pushed to 24.03 to see if it builds? Andrew Almond
06:11 PM Feature #15562: Add support for OpenID
+1, OIDC for additional logon method for easy onboarding of helping hands. chris laws
04:25 PM Bug #16155: mpd5 specific options remain availble after enabling if_pppoe
I do not have an actual pppoe link to test this with but using 24.11 with the above changeset applied via system_patc... Jordan G
02:33 PM Bug #14613: Incorrect wireguard control panel status management
2.7.2 This problem is reproduced again hao zhang
02:26 PM Bug #16162 (Resolved): IPsec unnecessarily prompts to apply changes after input errors
When attempting to delete an IPsec P1/P2 with VTI and an interface assigned an error is generated as expected; howeve... Christopher Cope

04/25/2025

09:43 PM pfSense Packages Regression #16160 (Resolved): PHP error after saving WireGuard tunnel with multiple addresses
Marcos M
05:45 PM Bug #16018: Mysterious Entire Crash in "PFSense CE"
Marco, the GUI isnt working anymore when the Crash happends... Also a reboot doesnt work. Where ist the crashdump? Guido Lipke
04:44 PM Bug #16018: Mysterious Entire Crash in "PFSense CE"
The screenshot is not enough - please share the crash report after logging into the GUI and include what version of p... Marcos M
10:08 AM Bug #16018: Mysterious Entire Crash in "PFSense CE"
It isnt a Filesystem Error... This Crash Happens when editing Firewall Rules.
A few Minutes ago... same issue... I s... Guido Lipke
04:57 PM pfSense Packages Bug #13654: Wireguard does not fail back failover WAN setup.
Any update from the Netgate team on this issue? I just received another bill from AT&T with almost $1100 in data over... Andrew Collings
04:50 PM Bug #16161 (Duplicate): Crash report
Based on the backtrace this appears to be a duplicate of #15503 Jim Pingle
04:37 PM Bug #16161 (Duplicate): Crash report
Estou com esse erro de php, onde meu pfsense reinicia. William Nakada
02:52 PM Feature #15089: Support LuaDNS provider
Are you using an API key, rather than your account password? You should be. See https://app.luadns.com/users/api_keys Aaron Sierra

04/24/2025

09:20 PM pfSense Docs Todo #16146: Document net.inet6.icmp6.nd6_onlink_ns_rfc4861
For reference this behavior can be achieved with pfSense as the upstream router, e.g. if the address being pinged by ... Marcos M
09:10 PM pfSense Packages Regression #16160 (Feedback): PHP error after saving WireGuard tunnel with multiple addresses
Fixed with "f6dfb5a189c7e82b4f4962b7890f9c66eb36a088":https://github.com/pfsense/FreeBSD-ports/commit/f6dfb5a189c7e82... Marcos M
09:04 PM pfSense Packages Regression #16160 (Resolved): PHP error after saving WireGuard tunnel with multiple addresses
After adding a second address to a WireGuard tunnel (unassigned interface), the following alert is shown:... Marcos M
03:45 PM pfSense Packages Feature #15397: Wazuh Agent
I would also like this package to make it into the official pfSense package list.
What would it take to make that ha... Kuberan Govender
03:29 PM Bug #16115 (Resolved): Potential XSS in IPsec Phase 1
Jim Pingle
03:23 PM Bug #16115: Potential XSS in IPsec Phase 1
tested, reproduced on 25.07.a.20250331.2135
fixed in 25.07.a.20250409.0600 and later Georgiy Tyutyunnik
03:29 PM Bug #16114 (Resolved): Potential XSS in Firewall Schedules
Jim Pingle
03:23 PM Bug #16114: Potential XSS in Firewall Schedules
tested, reproduced on 25.07.a.20250331.2135
fixed in 25.07.a.20250409.0600 and later Georgiy Tyutyunnik
03:01 PM Bug #16116 (Resolved): Potential XSS in Wake on LAN page and widget
Jim Pingle
03:00 PM Bug #16116: Potential XSS in Wake on LAN page and widget
tested, reproduced on 25.07.a.20250331.2135
fixed in 25.07.a.20250409.0600 and later Georgiy Tyutyunnik
04:01 AM Feature #15089: Support LuaDNS provider
Luadns is added to Dynamic DNS list
I added the hostname and domain, but it’s not registering
/services_dyndns_... Alhusein Zawi
01:15 AM Bug #16155 (Feedback): mpd5 specific options remain availble after enabling if_pppoe
Applied in changeset commit:27e9a8aaa44702d0305f01ca21629f2b081dbdc0. Marcos M
01:09 AM Revision 1c9355bd: Remove the pppoe reset cron job when the interface is disabled or with if_pppoe
Marcos M

04/23/2025

06:38 PM Bug #16143: Unbound DNS over TLS resumption issue
further to this it turns out its a setting which needed tweaking
specifically;
infra-cache-min-rtt: 750
b... mrpops2ko .
04:36 PM Feature #16159 (New): Provide periodic connection reset for if_pppoe
PPPoE connections using mpd5/netgraph had several advanced options that are not available when if_pppoe is enabled.
... Steve Wheeler
01:24 AM Bug #16158 (Closed): IPsec allows deleting P1/P2 entries with an assigned VTI
!clipboard-202504221835-hmb4v.png!
Input validation does not prevent user from deleting a P1/P2 with a VTI assig... dylan mendez

04/22/2025

10:12 PM Feature #8641: Need way to disable HSTS and/or replace webConfigurator certificate from CLI
I support adding this to the console menu, I locked myself out by being a dumbo using a user certificate not server c... Chris Collins
08:34 PM pfSense Packages Bug #13654: Wireguard does not fail back failover WAN setup.
I can confirm this problem also exists with pfsense CE 2.7.2-RELEASE and WireGuard package 0.2.1.
For reference, thi... Wayne Sherman
05:40 PM Revision 27e9a8aa: Hide unsupported options with if_pppoe. Fix #16155
Marcos M
03:18 PM Bug #16156 (Resolved): DDNS may send requests over IPv4 for IPv6 services
Marcos M
01:20 AM Bug #16156 (Feedback): DDNS may send requests over IPv4 for IPv6 services
Applied in changeset commit:363330d9eea0a54cb688977c2d57b82586843a70. Marcos M
12:47 AM Bug #16156 (In Progress): DDNS may send requests over IPv4 for IPv6 services
Marcos M
02:21 PM Revision 7bfa6007: Check for Kea custom configuration before retrying without it
Errors without custom configuration can also trigger the notice. In such
case, retrying is redundant and the notice t... Marcos M
01:08 AM Revision 363330d9: ddns: use the correct AF for the service type. Fix #16156
Marcos M
01:05 AM Revision 3604a5df: Use IPv6 system preference for all configured interface types in get_request_source_address()
Marcos M
12:43 AM pfSense Packages Regression #16157 (Duplicate): Wireguard with ipv6 interface breaks in 25.03 beta.
Running: 25.03-BETA (amd64)
built on Mon Apr 14 14:38:00 EDT 2025
Upon upgrade, Wireguard will not start. Attache... quiet lion

04/21/2025

11:51 PM Bug #16156 (Resolved): DDNS may send requests over IPv4 for IPv6 services
When a DDNS "v6" service is configured with an interface that is not a gateway group and the interface has both IPv4 ... Marcos M
11:45 PM Bug #16155 (Resolved): mpd5 specific options remain availble after enabling if_pppoe
When if_pppoe is enabled some PPPoE options that only mpd5 supported are no longer available and should be hidden fro... Steve Wheeler
09:52 PM pfSense Packages Bug #16154 (Resolved): pfBlockerNG does not include the VIP ID with DNSBL VIPs
Fixed with "dee5e9429c1954d892716dcd597b5b7232096698":https://github.com/pfsense/FreeBSD-ports/commit/dee5e9429c1954d... Marcos M
09:51 PM pfSense Packages Bug #16154 (Resolved): pfBlockerNG does not include the VIP ID with DNSBL VIPs
VIPs require unique IDs. Omitting the ID causes @get_configured_vip_list()@ to not return all expected VIPs which in ... Marcos M
04:56 PM Revision 06824b27: Correct DHCP6 client log
This function is called regardleass of the "without RA" option. Followup
to dd3d48af87c892a070210f0064e589157868e7c2. Marcos M
04:39 PM Revision 5c2c11bb: Supress info logs for rc.newwanipv6 RENEW
Only log when there's something to do during RENEW. This avoids spamming
the system log now that rc.newwanipv6 is cal... Marcos M
02:54 PM pfSense Docs Todo #16146 (Rejected): Document net.inet6.icmp6.nd6_onlink_ns_rfc4861
Looking at the Bugzilla entry I do not think we should document this. Certainly not in any primary troubleshooting do... Jim Pingle
02:41 PM pfSense Docs Todo #16151 (Resolved): Feedback on Netgate® Nexus — Netgate® Nexus Licensing
Should be cleaned up now, still in the breadcrumbs but not on every instance that used the substitutions:
https://... Jim Pingle
12:49 PM pfSense Docs Todo #16151 (In Progress): Feedback on Netgate® Nexus — Netgate® Nexus Licensing
I had setup instances of those names to use a substitution macro so it isn't actually defined in the text on each ins... Jim Pingle
01:03 AM pfSense Docs Todo #16151 (Resolved): Feedback on Netgate® Nexus — Netgate® Nexus Licensing
*Page:* https://docs.netgate.com/pfsense/en/latest/nexus/license/index.html
*Feedback:*
We already have
Docs>>p... jamie thompson
01:50 PM Bug #16153 (New): ECL can modify a discovered config file
When importing a config using the ECL if a config on an external drive contains RRD data that will be removed from th... Steve Wheeler
12:55 PM Bug #16148 (Rejected): OpenVPN socket listen queue overflow in pfSense 2.7.2
That particular error is on the management socket, so it could be from too many things in the GUI polling status for ... Jim Pingle
12:51 PM pfSense Packages Feature #16150 (Rejected): Add DNS API mijn.host
We pick up new compatible providers when we sync with upstream, no need to track them with separate feature requests. Jim Pingle
12:46 PM pfSense Docs Correction #16152 (Closed): Feedback on Netgate® Nexus — Netgate® Nexus Licensing
That is a global footer which is on every page, I don't see a way to change it on a per-page basis since it applies t... Jim Pingle
01:04 AM pfSense Docs Correction #16152 (Closed): Feedback on Netgate® Nexus — Netgate® Nexus Licensing
Since Netgate Nexus is new functionality, at the bottom of the page it is not (C) 2025 Electric Sheep Fencing LLC and... jamie thompson
12:44 PM Bug #16141 (Resolved): RRD data fails to restore via the ECL
Christian McDonald
 

Also available in: Atom