Project

General

Profile

Activity

From 05/07/2025 to 06/05/2025

06/05/2025

11:57 PM pfSense Plus Bug #16238 (Confirmed): Clearing a P1's Life Time field does not restore default value
VPN > Ipsec: Add P1.
Create a new P1. The default Life Time is 28800, and the Rekey & Rand times are created based... Chris W
10:36 PM Regression #16237: Drivers that load firmware can cause a kernel panic.
If you are hitting this issue note the affected device if it's not listed above.
To work around it you can:
* Remove... Steve Wheeler
10:30 PM Regression #16237 (Confirmed): Drivers that load firmware can cause a kernel panic.
In recent FreeBSD 15 builds drivers have been moving firmware out of the code to load it when it attaches. This affec... Steve Wheeler
09:32 PM pfSense Packages Bug #16185 (Closed): FreeRADIUS HA sync changes may be overwritten by the system config XMLRPC sync
This will be fixed once https://redmine.pfsense.org/issues/16231 is implemented. Marcos M
09:27 PM Bug #16235 (Pull Request Review): Using IPv4 VIPs on PPPoE interfaces with ``if_pppoe`` causes looping
Marcos M
09:26 PM Bug #16235: Using IPv4 VIPs on PPPoE interfaces with ``if_pppoe`` causes looping
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/1225 Marcos M
08:58 PM Bug #16235 (Resolved): Using IPv4 VIPs on PPPoE interfaces with ``if_pppoe`` causes looping
Originally reported on the forum:
https://forum.netgate.com/topic/197369
IPv4 VIPs are added by rc.newwanip via l... Marcos M
09:04 PM Bug #16236 (New): IPV6 Neighbor Solicitation on WAN interface used as part of Neighbor Unreachability Detection, causes the interface to stop forwarding traffic briefly
It appears that the 2.8.0 by default has setting of the NDP on the NICS enabled with a period of 30 secs. I have obse... Raj Vadi
08:15 PM Feature #16234 (Not a Bug): Feature Request: Support for tls-cert-bundle in pfSense WebGUI
You likely need to add @server:@ to the start of your custom options, as is mentioned in the documentation:
https:... Jim Pingle
08:03 PM Feature #16234 (Not a Bug): Feature Request: Support for tls-cert-bundle in pfSense WebGUI
Dear pfSense Support Team,

I am a pfSense user and have successfully configured DNS over TLS (DoT) using Unboun... Robert S
07:02 PM pfSense Packages Regression #14189: pfBlocker-NG: HA-Sync is not working
Since the backup router (for instance) runs its cron job and re-adds a list that was removed on the primary, without ... Steve Y
06:42 PM pfSense Packages Bug #16233 (Confirmed): Authentication for LDAP Available without Authorization
The options for defining an LDAP server requires Authorization to be checked, even if Authentication is not checked, ... Kris Phillips
05:15 PM Bug #16232 (New): Swap fails to activate on updated pfSense 2.8.0 when multiple swap partitions exist
I have an older pfSense install that I upgraded multiple times. It uses a 2 disk ZFS mirror for the normal data and a... Grimson Gretzleburg
04:25 PM pfSense Packages Todo #16231 (Resolved): Update packages to use the XMLRPC plugins for HA
A few new XMLRPC plugins have been introduced which address the race condition and improve maintainability - "see her... Marcos M
02:34 PM pfSense Packages Bug #14409: pfBlockerNG Cron Redundantly Updates pfSense Configuration When DNSBL is Disabled Due to Faulty Virtual IP Count
Noting this is still an issue, and also given the bug in Plus 24.03/24.11 where pfSense doesn't prune the configurati... Steve Y

06/04/2025

07:18 PM pfSense Packages Bug #16229 (Confirmed): Snort cannot run on if_pppoe interfaces
Sayed Mohammad Badiezadegan
06:31 PM pfSense Packages Bug #16229 (Confirmed): Snort cannot run on if_pppoe interfaces
Snort will fail to start if enabled on a PPPoE interfaces using the new if_pppoe module:... Steve Wheeler
07:08 PM Feature #16230 (New): KEA DHCP server needs log verbosity settings in GUI
Created on a customer's request.
There are config parameters that can be implemented in the current config.xml for t... Georgiy Tyutyunnik
04:04 PM Revision 09d9ca3a: Write to the correct file in backup_config()
Fix regression from 1c033a063dfefae07edce13736f7a00b734aa5d9 Marcos M
01:53 PM Feature #16228 (Needs Patch): Support multiple NAT64 prefixes via DNS64/PREF64
It is possible to return multiple NAT64 prefixes - ie multiple AAAA records returned pointing to each prefix. The ser... Bert Smith

06/03/2025

08:47 PM Feature #16227: Add DynDNS Provider - Infomaniak
PR: https://github.com/pfsense/pfsense/pull/4735 Fabio Gabrielli
08:44 PM Feature #16227 (Pull Request Review): Add DynDNS Provider - Infomaniak
Added the provider Infomaniak to the list of dyndns services.
Tested for IPv4.
More about the API: https://faq.in... Fabio Gabrielli
07:31 PM Feature #16212 (Feedback): Allow custom ZFS pool names
Marcos M
04:45 PM pfSense Plus Bug #16226 (Confirmed): ZFS Error Messages Missing from Widget
We have a Netgate 6100 which has developed some ZFS errors, but they aren't picked up by the widget.
!clipboard-2025... Matthew Fearnley
04:41 PM Bug #16221 (Not a Bug): Other interfaces are not demoted if a CARP interface uses DHCP resulting in split-brain operation
Marcos M
03:05 PM pfSense Packages Bug #16225 (Confirmed): Telegraf service does not restart after change of settings

Documented here: https://forum.netgate.com/topic/197682/telegraf-service-not-starting-after-change-of-setting
Th... Patrik Stahlman

06/02/2025

09:12 PM Bug #16221 (Pull Request Review): Other interfaces are not demoted if a CARP interface uses DHCP resulting in split-brain operation
This has been an issue at least since 23.01. The issue was not reproducible for the second WAN on #note-1 because the... Marcos M
08:43 PM Feature #16224 (New): Enhance state filtering and state killing abilities
The filtering capability of @Diagnostics > States > States@ is very limited and cannot handle multiple conditions.
... Andrew Almond
04:57 PM Bug #16217: Memory exhaustion in ``kea2unbound`` when pfBlockerNG DNSBL is enabled in "Unbound mode" instead of "Unbound python mode"
@kea2unbound@ is new in CE 2.8.0. Kea did not have DNS registration functionality before.
You can easily switch pf... Jim Pingle
04:54 PM Bug #16217: Memory exhaustion in ``kea2unbound`` when pfBlockerNG DNSBL is enabled in "Unbound mode" instead of "Unbound python mode"
Jim Pingle wrote in #note-1:
> Priority changed from Normal to Very Low
Should this be a HIGH protity. If I ... Troy R
04:51 PM Bug #16217: Memory exhaustion in ``kea2unbound`` when pfBlockerNG DNSBL is enabled in "Unbound mode" instead of "Unbound python mode"
Why did this change in 2.8.0? I never had errors about memory before the update.. Troy R
07:37 AM Bug #16128: if_pppoe: PHP password handling
Passwords which begin with exclamation mark (!) are broken see:
https://forum.netgate.com/post/1216202
The prop... Scott Ashcroft
03:12 AM pfSense Packages Bug #16223 (Duplicate): PHP Fatal error Allowed memory size of 536870912 bytes exhausted (tried to allocate 20480 bytes)
Duplicate of #16217 Jim Pingle
03:04 AM pfSense Packages Bug #16223: PHP Fatal error Allowed memory size of 536870912 bytes exhausted (tried to allocate 20480 bytes)
What you should be doing here is setting pfBlockerNG to use Unbound mode if you are loading a lot of large lists. Steve Wheeler
02:41 AM pfSense Packages Bug #16223: PHP Fatal error Allowed memory size of 536870912 bytes exhausted (tried to allocate 20480 bytes)
After doing all that I now learned..
!clipboard-202506012137-i4swt.png!
System > Advanced > Miscellaneous > PHP Se... Troy R
02:28 AM pfSense Packages Bug #16223: PHP Fatal error Allowed memory size of 536870912 bytes exhausted (tried to allocate 20480 bytes)
So aftering giving stuff in ChatGPT to lookout from that error and my log PlfBlockerNG Update.log
It told me...
`... Troy R
01:20 AM pfSense Packages Bug #16223: PHP Fatal error Allowed memory size of 536870912 bytes exhausted (tried to allocate 20480 bytes)
I had disabled PFBlocker and didn't have the error when restarting unbound.
Turned PFblocker back on. Had it upd... Troy R
02:15 AM Feature #14483: Conditionally reconfigure IPsec VTI interfaces only when necessary while applying IPsec changes
Any update on this? Mike Moore
02:14 AM Bug #16118: Expand view of system generated alias in GUI
Any update on this? Mike Moore

06/01/2025

10:03 PM pfSense Packages Bug #16223: PHP Fatal error Allowed memory size of 536870912 bytes exhausted (tried to allocate 20480 bytes)
It seems to be triggered by pfBlockerNG. It worked just fine in the old verison. But after updating to 2.8.0 a few ... Troy R
08:48 PM pfSense Packages Bug #16223 (Duplicate): PHP Fatal error Allowed memory size of 536870912 bytes exhausted (tried to allocate 20480 bytes)
Crash report begins. Anonymous machine information:
amd64
15.0-CURRENT
FreeBSD 15.0-CURRENT #1 RELENG_2_8_0-n25... Troy R
10:38 AM pfSense Packages Bug #16222: 2.8.0 - FRR - OSPF Route Propagation Fails After Reboot
Kris Phillips wrote in #note-2:
> F. M. wrote in #note-1:
> > After further troubleshooting, I discovered that, for... F. M.
01:49 AM pfSense Packages Bug #16222: 2.8.0 - FRR - OSPF Route Propagation Fails After Reboot
F. M. wrote in #note-1:
> After further troubleshooting, I discovered that, for some reason, the file /var/etc/frr/f... Kris Phillips
05:31 AM pfSense Plus Bug #16219: pfSense IPsec VTI Mode Incompatible with Juniper Traffic Selector Requirements
Thanks for taking care of the ticket.
Let me clarify. I don't intend to use traffic selector under VTI mode.
Th... Henry Zhou
01:43 AM pfSense Plus Bug #16219 (Incomplete): pfSense IPsec VTI Mode Incompatible with Juniper Traffic Selector Requirements
If you're using traffic selectors, you want Policy-mode in pfSense Plus. VTIs don't use traffic selectors, so I'm co... Kris Phillips
05:08 AM Regression #16209: AutoConfigBackup entries show incorrect timestamps
Tested on 25.03-BETA (amd64)
built on Tue Apr 29 17:29:00 +04 2025
FreeBSD 15.0-CURRENT
Patch is working
before
... aleksei prokofiev
01:50 AM pfSense Docs Correction #16207 (Confirmed): System --> Advanced --> Netgate Nexus. Help link lands on docs main page.
I can confirm this behavior. Tested on latest 25.03 builds.
Marking Confirmed. Kris Phillips
12:35 AM pfSense Packages Todo #16091 (Resolved): tailscale package requires updates
I can confirm both versions below offer Tailscale 0.1.8 which uses tailscale-1.82.5. Marking resolved.... Christopher Cope

05/31/2025

09:54 PM Bug #16221 (Confirmed): Other interfaces are not demoted if a CARP interface uses DHCP resulting in split-brain operation
I can confirm this on... Christopher Cope
03:00 AM Bug #16221 (Not a Bug): Other interfaces are not demoted if a CARP interface uses DHCP resulting in split-brain operation
Expected behavior:
When you unplug an interface and it goes from MASTER to INIT on a primary, all other interface... Kris Phillips
08:04 PM pfSense Packages Bug #16220 (Confirmed): Wireguard widget default refresh interval is invalid
I can confirm this on... Christopher Cope
04:42 PM pfSense Packages Feature #16089: Add packages for Zabbix 7.2 agent and proxy
Tested in latest 25.03 builds. Zabbix 7.2 packages are still not present. Kris Phillips
04:13 PM pfSense Packages Bug #16222: 2.8.0 - FRR - OSPF Route Propagation Fails After Reboot
After further troubleshooting, I discovered that, for some reason, the file /var/etc/frr/frr.conf is missing the line... F. M.
02:39 PM pfSense Packages Bug #16222 (New): 2.8.0 - FRR - OSPF Route Propagation Fails After Reboot
Since upgrading my pfSense with FRR, OSPF no longer seems to function correctly.
I use site-to-site OpenVPN tunnel... F. M.
08:41 AM pfSense Docs Correction #16208 (Resolved): System --> Update. Help link lands on package manger page.
Tested against:... Danilo Zrenjanin

05/30/2025

07:21 PM pfSense Packages Bug #16220 (Confirmed): Wireguard widget default refresh interval is invalid
The default widget refresh interval was changed to 20 ticks in this commit: https://github.com/pfsense/FreeBSD-ports/... Grant Emsley
06:25 PM pfSense Plus Bug #16219 (New): pfSense IPsec VTI Mode Incompatible with Juniper Traffic Selector Requirements
When configuring an IPsec VPN in VTI (route-based) mode between pfSense (using strongSwan) and Juniper firewalls (e.g... Henry Zhou
05:43 PM pfSense Plus Bug #14772: PFsense Plus doesn't work with AWS new Instance Metadata Service (IMDSv2)
Changing from installer category as it isn't related to the installer Reid Linnemann
05:33 PM pfSense Plus Bug #16176 (Feedback): Config restored during install can be overwitten by hardware specific default values
This is fixed as of https://gitlab.netgate.com/pfSense/installer/-/commit/7076078812bf56d62a326fec8815e255d32f4b8c Reid Linnemann
05:04 PM Feature #16110: Automatically check ``Allow IP options`` when IGMP is selected
patch works as expected
tested on:
25.07-DEVELOPMENT (amd64)
built on Thu May 29 19:08:00 UTC 2025
FreeBSD 15.0-C... Georgiy Tyutyunnik
03:51 PM Bug #16124: Kernel Panic on PCI WiFi Passthrough (AC7265)
Just hit this as well on the upgrade from 2.7.2 to 2.8.0 running on Proxmox (similar to the above ESXi report).
Kerne... MIchael K
03:14 PM Bug #16124: Kernel Panic on PCI WiFi Passthrough (AC7265)
Same problem with another WiFi card after upgrade from 2.7.2 to 2.8.0 or new install
Hope there is a way to ignore... Manuel Himmler
03:26 PM Feature #16212 (Ready To Test): Allow custom ZFS pool names
Marcos M
02:04 PM Feature #16215: Allow matching on IP Options with firewall match rules
patch allows "match" rule creation with IP options enabled. resulting floating rule logs igmp traffic
tested on
25.... Georgiy Tyutyunnik
01:08 PM Bug #16218: All-Inkl Dynamic DNS responses are not parsed correctly
PR: https://github.com/pfsense/pfsense/pull/4734 Christoph Filnkößl
01:06 PM Bug #16218 (Pull Request Review): All-Inkl Dynamic DNS responses are not parsed correctly
All-Inkl response check does not work properly on:
* 200 -> "good" is enough, IP is not contained in response if it ... Christoph Filnkößl
12:00 PM pfSense Packages Feature #14423: haproxy 2.7 QUIC support (+ maybe LUA 5.4?)
Pawel Piaskowy wrote in #note-3:
> Guys did you add USE_QUIC=1 to haproxy?
>
> [...]
>
> I need to give it a t... Bert Smith
06:24 AM Bug #15746: IPv6 is not deprecated on PPPoE Periodic Reset
This issue still persists with pfsense 2.8.0 and since most European isps handout dynamic prefixes will become more o... Johannes Rohde
02:22 AM pfSense Packages Bug #11797: Traffic Totals lost upon reboot when using a ramdisk for /var and /tmp
Confirmed still an issue as of May 2025 with pfSense CE @2.8.0@ and Status Traffic Totals package version @2.3.2_7@
... Greg Maub
02:17 AM pfSense Packages Bug #11054: Check Client Certificate CN not working as described
Confirmed still an issue as of May 2025 with pfSense CE @2.8.0@ and FreeRADIUS package version @0.15.14@
Forum post ... Greg Maub

05/29/2025

08:09 PM Feature #16212 (In Progress): Allow custom ZFS pool names
Marcos M
04:41 PM Bug #16217: Memory exhaustion in ``kea2unbound`` when pfBlockerNG DNSBL is enabled in "Unbound mode" instead of "Unbound python mode"
Switched. Thank you! Kevin Burge
04:28 PM Bug #16217: Memory exhaustion in ``kea2unbound`` when pfBlockerNG DNSBL is enabled in "Unbound mode" instead of "Unbound python mode"
Most users who have encountered this were using pfBlockerNG and were not using python mode. Changing pfBlockerNG to p... Jim Pingle
04:25 PM Bug #16217 (New): Memory exhaustion in ``kea2unbound`` when pfBlockerNG DNSBL is enabled in "Unbound mode" instead of "Unbound python mode"
Upgraded to 2.8.x yesterday:
2.8.0-RELEASE (amd64)
built on Wed May 21 18:12:00 CDT 2025
FreeBSD 15.0-CURRENT
... Kevin Burge
12:40 PM Bug #16216 (New): [BUG?] New PPPoE module (if_pppoe) causes high "Errors Out" on WAN (Vivo Fibra)
[EN_US]
Hi everyone,
I'm testing the new pfSense feature that allows using the kernel-based PPPoE driver (if_pp... Crystian Geovani Dorabiatto
11:35 AM pfSense Packages Bug #16120 (Confirmed): Zebra RIB doesn't reflect the removal of the static routes until the restart of service
Tested against the latest development pfSense Plus release.
I can confirm this behavior.
In reverse order, it fun... Danilo Zrenjanin

05/28/2025

08:40 PM Feature #16110 (Feedback): Automatically check ``Allow IP options`` when IGMP is selected
Applied in changeset commit:ed6c2eb84595aab998c3b3efaf16d226bd62c38d. Marcos M
08:25 PM Feature #16215 (Feedback): Allow matching on IP Options with firewall match rules
Applied in changeset commit:12a7fdf854ec48b0d2679eda374ff366c513aaca. Marcos M
08:17 PM Feature #16215 (Resolved): Allow matching on IP Options with firewall match rules
Match rules now support matching traffic with "allow-opts":
https://cgit.freebsd.org/src/commit/?id=7e70d94acd68b3ac... Marcos M
08:20 PM Revision ed6c2eb8: Automatically check "Allow IP options" when IGMP is selected. Implement #16110
Marcos M
08:18 PM Revision 12a7fdf8: Allow matching on IP Options with firewall match rules. Implement #16215
Marcos M
08:02 PM pfSense Plus Bug #16214 (Duplicate): Maximum Backup Limit Setting Not Enforced
Marcos M
07:02 PM pfSense Plus Bug #16214: Maximum Backup Limit Setting Not Enforced
It appears that the cleanup only occurs when the web UI for the configuration history is loaded. On my system, the b... Robert Jacobson
06:16 PM pfSense Plus Bug #16214 (Duplicate): Maximum Backup Limit Setting Not Enforced
*Issue Description:*
The value set under *Diagnostics > Configuration History > Configuration Backup Settings > Ma... Danilo Zrenjanin
04:11 PM pfSense Packages Feature #16213 (New): Sync some settings from General/IP/DNSBL
I'm using the sync to keep several separate pfSense instances configured with the same blocklists and settings. It wo... Grant Emsley
03:51 PM Feature #16212 (Resolved): Allow custom ZFS pool names
There are various places in the code where the ZFS pool is hardcoded to @pfSense@. Since the installer allows changin... Marcos M
02:06 PM pfSense Packages Bug #16211 (Confirmed): Python errors in Cellular
Errors from Cellular are shown in the boot and upgrade logs in 25.03:... Steve Wheeler
01:29 PM Bug #16010 (Rejected): AutoConfigBackup scheduled backups always upload even when the configuration has not changed
The backups are uploaded on a schedule that runs every minute. It might be a race condition of some sort but I don't ... Jim Pingle

05/27/2025

09:40 PM Todo #16210 (Resolved): Reduce writes to disk when using ZFS
Marcos M
07:50 PM Todo #16210 (Feedback): Reduce writes to disk when using ZFS
Applied in changeset commit:d39063366d8f85ffc3753d337a6afa1bcad2bd61 and commit:1c033a063dfefae07edce13736f7a00b734aa... Marcos M
05:18 PM Todo #16210 (Resolved): Reduce writes to disk when using ZFS
Increasing the default ZFS transaction group time ("@vfs.zfs.txg.timeout@":https://docs.freebsd.org/en/books/handbook... Marcos M
07:42 PM Revision 7a9b5263: Improvements to plugin_xmlrpc functions
- The "merged in config" log may not show all merged sections. Fix this by
not clobbering the "$sections" variable.... Marcos M
05:52 PM Revision 1c033a06: Sync writes for critical data
PHP 8.1 introduced native support for fsync(); use this to bring back the
functionality removed with c5663bf5c9a830d5... Marcos M
05:22 PM Revision d3906336: Tune ZFS TXG and config dataset settings. Implement #16210
Increase vfs.zfs.txg.timeout so more writes are coalesced before they
are flushed to storage. Also change the ZFS dat... Marcos M
04:55 PM Regression #16209 (Feedback): AutoConfigBackup entries show incorrect timestamps
Applied in changeset commit:05aff057848b8a52887c41f26f89a17bc6655026. Anonymous
04:47 PM Regression #16209 (Pull Request Review): AutoConfigBackup entries show incorrect timestamps
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/1223 Marcos M
12:06 AM Regression #16209 (Feedback): AutoConfigBackup entries show incorrect timestamps
Backups in ACB are showing timestamps that seem to be from the remove server (US central time) not local time on the ... Steve Wheeler
04:45 PM Revision 05aff057: Fix ACB timezone conversion. Fix #16209
Lets the client show ACB timestamps using the local timezone. Steve Wheeler
10:38 AM pfSense Packages Bug #16185: FreeRADIUS HA sync changes may be overwritten by the system config XMLRPC sync
patch works, customer reports the issue as resolved.
we can close it Georgiy Tyutyunnik

05/26/2025

10:51 PM Feature #15016: Recursive DHCPv6-PD
> > * The UI doesn't have a simple place to show what prefix (and what size) the ISP delegated to us.
>
> Because ... Grant Emsley
07:00 PM pfSense Docs Correction #16208 (Resolved): System --> Update. Help link lands on package manger page.
pfSense = 25.03-BETA
Help link lands here:
https://docs.netgate.com/pfsense/en/latest/packages/manager.html
Sh... Craig Coonrad
06:48 PM pfSense Docs Correction #16207 (Confirmed): System --> Advanced --> Netgate Nexus. Help link lands on docs main page.
pfSense = 25.03-BETA
The help link lands here:
https://docs.netgate.com/pfsense/en/latest/
I believe it should... Craig Coonrad
04:12 PM Regression #16031: Some older ISA-based uart consoles do not function on development snapshots around 25.03 or later
This should be in 2.8 to allow installing on RCC-VE. Steve Wheeler

05/25/2025

01:17 PM Bug #15973: Kea DHCP server crashes on 3100 (32bit ARM) every 10 days or so post 24.11 upgrade
I'm not sure if this is an agreeable workaround to this issue, or if it works... but I discovered the Service Watchdo... Ian Stacey
01:47 AM pfSense Packages Bug #16206: Package apcupsd starts even when disabled
Confirmed on 2.8
2025-05-24 20:44:50 -0500 apcupsd 3.14.14 (31 May 2016) freebsd startup succeeded Bryan Allen

05/24/2025

11:57 PM pfSense Packages Bug #16206 (Confirmed): Package apcupsd starts even when disabled
If you uncheck and save the "Enable APC UPS Daemon Service" option under Services --> apcupsd, if you have configured... Kris Phillips
10:36 PM Bug #16197 (Confirmed): underscore (_) is not permitted in Identifier (Pre-Shared key)
Confirmed this on:
2.8.0-RELEASE (amd64)
built on Wed May 21 23:12:00 UTC 2025
FreeBSD 15.0-CURRENT
&
24.... Bryan Allen
09:52 PM Bug #16205 (Rejected): pfSense 2.8 Release has no package repositories
The repos are currently pointed at release-staging for 2.8.0-RELEASE, so they will not work unless you are able to re... Kris Phillips
09:23 PM Bug #16205 (Confirmed): pfSense 2.8 Release has no package repositories
Seeing the same. Christopher Cope
09:09 PM Bug #16205 (Rejected): pfSense 2.8 Release has no package repositories
2.8.0-RELEASE (amd64)
built on Wed May 21 23:12:00 UTC 2025
FreeBSD 15.0-CURRENT
With fresh install of 2.8 Relea... Bryan Allen
04:15 PM Bug #16204 (Incomplete): AutoConfigBackup no longer uploads configs
I hit this issue immediately after install, but oddly I am no longer seeing this on a fresh install. I assume there h... Christopher Cope
03:25 PM Bug #16204 (Incomplete): AutoConfigBackup no longer uploads configs
Tested on... Christopher Cope
04:00 PM Bug #16010: AutoConfigBackup scheduled backups always upload even when the configuration has not changed
Tried to test this on... Christopher Cope
06:23 AM pfSense Plus Bug #16200 (Confirmed): KEA DHCPv6 allows for invalid static mapping to be configured, leading to server start failure
I can confirm this behavior, the validation should be added.
Tested on ... Lev Prokofev
12:33 AM pfSense Plus Bug #16203 (New): Floating Firewall Rules for ICMP Inconsistently Choose Gateways and May Ignore Routing
When testing Floating rules for ICMP with the interface set to "Any", outbound traffic will choose whatever gateway w... Kris Phillips

05/23/2025

07:22 PM Feature #16202 (New): RFE: Allow using selecting client certificate to use for SMTP notifications
We would like to use client certificates to authenticate to our SMTP servers. There is no way to configure this at t... Orion Poplawski
03:40 PM Bug #16142: XMLRPC requests fail due to incorrect request path
Adding another data point, it's working for me now also. The HA pair I was able to replicate this on before now synch... Jim Pingle
03:34 PM Bug #16180 (Resolved): Improve gateway status detection with routed monitoring addresses
Marcos M
09:12 AM pfSense Docs Correction #16201 (New): Feedback on pfSense® software Configuration Recipes — Configuring CoDel Limiters for Bufferbloat
*Page:* https://docs.netgate.com/pfsense/en/latest/recipes/codel-limiters.html
*Feedback:*
On the section Float... Arya Senna
08:16 AM pfSense Plus Bug #16200 (Confirmed): KEA DHCPv6 allows for invalid static mapping to be configured, leading to server start failure
(in version 25.03.b.20250515.1415)
I accidently specified a static mapping address in the format used on tracking ... Patrik Stahlman

05/22/2025

10:48 PM Bug #14692: Mangled link-local addresses are being logged
Since the last update, the version of pfSense is now 2.7.2.
Previously, I had only seen the discarded messages being... Daryl Morse
09:02 PM Bug #16142 (Resolved): XMLRPC requests fail due to incorrect request path
Working; tested with 25.07.a.20250522.0600. Marcos M
08:45 PM pfSense Packages Bug #16185 (Pull Request Review): FreeRADIUS HA sync changes may be overwritten by the system config XMLRPC sync
Marcos M
08:33 PM pfSense Plus Bug #16199 (Resolved): Config warning is logged after config is synced to secondary HA node when MIM is enabled
Fixed with aa82ef9d32f2a3c6924797bc432a9b1dd0a0e851. Marcos M
08:20 PM pfSense Plus Bug #16199 (Resolved): Config warning is logged after config is synced to secondary HA node when MIM is enabled
On the primary node, go to Status > Filter Reload and force a config sync. On the secondary node the following is log... Marcos M
08:05 PM Todo #16198 (New): Add the ability to schedule a reboot for a future time
It would be great to be able to schedule a one-time reboot from the GUI. Use case is updating the System Patches pack... Dominik Hoffmann
03:59 PM pfSense Packages Todo #16091 (Feedback): tailscale package requires updates
Updated for 2.8.0/25.03. Marcos M
03:35 PM Bug #12833: GUI Service Log Filling Up with Cruft
Jim Pingle wrote in #note-10:
> The "Web Server" checkbox in log settings only disables error logging
>
> [...]
... Daryl Morse
07:04 AM Bug #16197: underscore (_) is not permitted in Identifier (Pre-Shared key)
underscore(_) should be allowed in the account name or the name part (prefix) of the e-mail address, not the domain s... Qian Yan
02:41 AM Bug #16197 (Confirmed): underscore (_) is not permitted in Identifier (Pre-Shared key)
When I put underscore(_) in the identifier, for example "San_Zhang", it will report error when click save.
> The f... Qian Yan

05/21/2025

11:31 PM Regression #16196 (Feedback): System update page shows version string with extra parts
The update widget checks all base/core/meta packages (rather than just the base package like the update page) across ... Marcos M
11:02 PM Regression #16196 (Resolved): System update page shows version string with extra parts
The System > Update page shows the following when updating from 2.8.0-RC to 2.8.0-RELEASE:... Marcos M

05/20/2025

08:46 PM Bug #14693: Filter reload with NAT reflection rules is extremely slow
This problem has been bugging me a lot too. I have lots of interfaces (250 VLANs) and about 200 NAT rules, reloading ... Vincent Caron
12:19 PM pfSense Packages Bug #16195 (New): acme 0.9_1 ocsp must-staple deprecated from let's encrypt
Please remove the ui elements and variable handling code for ocsp must-staple in the pfsense acme package.
Includi... David Horn

05/19/2025

11:42 PM pfSense Plus Bug #16176: Config restored during install can be overwitten by hardware specific default values
I think I understand the issue now. The installer lays down the installer settings file which has the installer confi... Reid Linnemann
11:11 PM pfSense Plus Bug #16176: Config restored during install can be overwitten by hardware specific default values
There is code in place on the initial boot when importing the installer config to touch the 'assign_complete' file th... Reid Linnemann
11:14 PM Revision 7a24be28: poudriere_bulk: add security/snort3
Christian McDonald
05:51 PM Bug #16194 (Confirmed): IPv6 ICMP firewall log entries marked with protocol "Options" instead of ICMPv6
Firewall log entries for ICMPv6 packets are showing a value of "Options" in the Protocol column, but only on developm... Jim Pingle
02:41 PM pfSense Docs Correction #16192 (Rejected): There is mismatch of description in the doc and on depiction of layout.
OpenVPN shared key mode is deprecated, not worth fixing this when it'll be going away. Nobody should be configuring t... Jim Pingle
02:21 PM Revision 282ab5c1: poudriere_bulk: add dns/coredns
Christian McDonald
05:04 AM pfSense Docs Todo #16193 (Rejected): Feedback on DHCP — Kea Settings Tab
The current documents have been updated to reflect options in Plus 24.11, Plus 25.03, and CE 2.8.0.
CE 2.7.2 does ... Jim Pingle
02:11 AM pfSense Docs Todo #16193 (Rejected): Feedback on DHCP — Kea Settings Tab
*Page:* https://docs.netgate.com/pfsense/en/latest/services/dhcp/kea-settings.html
*Feedback:*
I'm trying to set ... David Medland-Slater

05/18/2025

07:14 AM Bug #15228: User manger fails to display certificate option for a new user in case of input error
Tested on 25.03-BETA (amd64)
built on Wed May 7 20:11:00 +04 2025
FreeBSD 15.0-CURRENT
The issue still persist. aleksei prokofiev
07:02 AM pfSense Docs Correction #16192 (Rejected): There is mismatch of description in the doc and on depiction of layout.
In the https://docs.netgate.com/pfsense/en/latest/recipes/openvpn-s2s-psk.html
there is mismatch of description in t... aleksei prokofiev

05/17/2025

09:57 PM pfSense Plus Feature #14743: Add Passkey/Certificate-based Authentication
Jesse Norell wrote in #note-3:
> Sergei Shablovsky wrote in #note-2:
> > UPVOTE THIS
>
> How do you vote, just c... Kris Phillips
07:04 PM pfSense Docs Todo #16042: Feedback on pfSense® software Configuration Recipes — Configuring CoDel Limiters for Bufferbloat
I was pointed at this but I don't think my issues are related. That said, the current docs do lead the user to the u... Rob A

05/16/2025

09:44 PM Bug #16142 (Waiting on Merge): XMLRPC requests fail due to incorrect request path
Reid Linnemann
09:44 PM Bug #16142: XMLRPC requests fail due to incorrect request path
A ports merge is underway that will resolve this shortly, no other action needs to be taken. In the interim if you ne... Reid Linnemann
09:08 PM Bug #16142: XMLRPC requests fail due to incorrect request path
This looks to be related to a fix in Net_URL2 v2.2.3 for libpcre2 10.45 that is missing from Net_URL2 v2.2.2. Working... Reid Linnemann
07:03 PM Bug #16191: Early DNS registration can add invalid addreses
In addition, static mappings are currently being added without the prefix, even when a prefix is available.
Detai... Patrik Stahlman
06:58 PM Bug #16191 (New): Early DNS registration can add invalid addreses
When running Kea for DHCPv6 on an interface set to track6 against an upstream PD static DHCP leases can be added to u... Steve Wheeler
04:54 AM Bug #16130: Input validation prevents creating port forwards for the same port using a different address family
Yes it certainly does, but if I use the source alias containing mixed IPv4 and IPv6 for the firewall or NAT TCP rule ... V K

05/15/2025

08:47 PM Bug #16130: Input validation prevents creating port forwards for the same port using a different address family
The rule is created with either inet or inet6; pf will only match the rule for corresponding addresses in the pf tabl... Marcos M
08:21 PM Bug #16130: Input validation prevents creating port forwards for the same port using a different address family
Your advice only works if you can split source aliases into IPv4 and IPv6. However, this is not possible if the sourc... V K
08:08 PM Revision 34c529de: rc.restore_ramdisk_store: make removing the backup directory non-fatal
Christian McDonald
07:58 PM pfSense Plus Regression #16187 (Resolved): Alias autocomplete does not work with Ethernet firewall rules
Marcos M
05:31 PM pfSense Plus Regression #16187: Alias autocomplete does not work with Ethernet firewall rules
fixed in the latest 25.03 beta
tested on:
25.03-BETA (amd64)
built on Thu May 15 14:15:00 UTC 2025
FreeBSD 15.0-C... Georgiy Tyutyunnik
05:58 PM Revision 4f752164: Make sure a valid monitor address exists when creating the rule.
Followup to 83637fdf058f0f9207ca339fb9bc44728f9dbd28. Marcos M
04:21 PM pfSense Plus Feature #14743: Add Passkey/Certificate-based Authentication
Sergei Shablovsky wrote in #note-2:
> UPVOTE THIS
How do you vote, just comment "me too!" or watch the issue or ?... Jesse Norell
04:17 PM pfSense Packages Todo #16190: Update mDNS-Bridge to 2.0
PR https://github.com/pfsense/FreeBSD-ports/pull/1415 Denny Page
04:15 PM pfSense Packages Todo #16190 (New): Update mDNS-Bridge to 2.0
This update adds filtering of link local addresses from forwarded mDNS records.
[NB: This is categorized as Avahi ... Denny Page
02:48 PM Feature #16189: Better Logging for LDAP Connection Errors
PR: https://github.com/pfsense/pfsense/pull/4732 Jim Pingle
02:41 PM Feature #16189 (Waiting on Merge): Better Logging for LDAP Connection Errors
Jim Pingle
06:02 AM Feature #16189 (Waiting on Merge): Better Logging for LDAP Connection Errors
LDAP Connection Errors are hard to debug, as they dont give out any error details. This should be fixable by reading ... Björn Jakobsen
02:46 PM Feature #16166 (Pull Request Review): Option to deactivate ALTQ for VTNET interfaces
PR: https://github.com/pfsense/pfsense/pull/4733
That PR depends on an upstream FreeBSD source change which isn't ... Jim Pingle

05/14/2025

08:45 PM Feature #8149: NTPsec
Jim Pingle wrote in #note-4:
> We stated in the linked Reddit thread that if we were to change, the option we would ... Sergei Shablovsky
08:30 PM Feature #8149: NTPsec
Richard Yao wrote:
> Would pfSense integrate NTPsec client/sever support to help protect OpenVPN against MITM attack... Sergei Shablovsky
06:18 PM Bug #16022 (Resolved): Static lease DNS records are incorrectly removed when backing lease expires
Marcos M
05:10 PM Bug #16188 (Resolved): Typo in Installer
Fixed with a1462c78ec6ba60c0cbbb4475a8693fa41605e11, thanks! Marcos M
04:54 PM Bug #16188 (Confirmed): Typo in Installer
I confirmed this on the following versions:... Christopher Cope
04:33 PM Bug #16188 (Resolved): Typo in Installer
I didn't get a screen shot as it only shows for a couple seconds. But I'm pretty sure when it gets to the point of p... Steve Y

05/13/2025

07:12 PM pfSense Plus Regression #16187 (Feedback): Alias autocomplete does not work with Ethernet firewall rules
Fixed with commit:f121add4b9bc2905093645494494d54066e909b6. Marcos M
06:54 PM pfSense Plus Regression #16187 (Resolved): Alias autocomplete does not work with Ethernet firewall rules
There is no autocomplete when creating or editing an Ethernet firewall rule and typing an alias for the source or des... Marcos M
06:18 PM Bug #16186 (Duplicate): OpenVPN not removing old Cisco-AVPair anchor rules and files in ``/tmp``
It's not closed, it's still set to waiting on a patch upstream for the floating client support. Since you're seeing t... Marcos M
06:12 PM Bug #16186 (Duplicate): OpenVPN not removing old Cisco-AVPair anchor rules and files in ``/tmp``
Hello,
This is a continuation of #14577, I updated that ticket earlier not realizing it was closed.
I am still... Michael Mercier
04:55 PM Bug #14577: OpenVPN not removing old Cisco-AVPair anchor rules and files in ``/tmp``
Hi Marcos,
This issue is still happening for me. I have not yet figured out a way to reproduce the issue with my ... Michael Mercier
04:22 PM pfSense Packages Bug #16185 (Closed): FreeRADIUS HA sync changes may be overwritten by the system config XMLRPC sync
Making a change in FreeRADIUS on a HA cluster with configured FreeRADIUS sync triggers both the XMLRPC sync for the g... Georgiy Tyutyunnik

05/12/2025

06:21 PM Todo #13899 (Closed): Unclear description for UPnP option Override WAN address
Fixed as part of https://redmine.pfsense.org/issues/15864 Marcos M
05:00 PM Bug #16180 (Feedback): Improve gateway status detection with routed monitoring addresses
Applied in changeset commit:83637fdf058f0f9207ca339fb9bc44728f9dbd28.
Followup: commit:4f752164bd4d4a85c10e2c258745d... Marcos M
04:51 PM Revision 83637fdf: Improve gateway monitoring. Fix #16180
Revert the changes from 3b5f0ecbfc2d952891dbe227e9afbf9d2ed0ebd4 since
routing an address via an interface causes the... Marcos M
03:25 PM Bug #16183 (Incomplete): IPsec tunnels show as down, but they are working
I can't reproduce this here. It maybe a remnant leftover after a configuration change where strongSwan didn't stop an... Jim Pingle
03:02 PM Bug #16010: AutoConfigBackup scheduled backups always upload even when the configuration has not changed
I tested on both and I can't reproduce any problem. When I switch to a schedule, say every five minutes (@*/5, *, *. ... Jim Pingle
02:17 PM Bug #12833: GUI Service Log Filling Up with Cruft
The "Web Server" checkbox in log settings only disables error logging... Jim Pingle

05/11/2025

03:27 PM Revision f79edd51: Bump config version
Marcos M
04:25 AM Bug #16142: XMLRPC requests fail due to incorrect request path
Still an issue on the latest builds. Any update? dylan mendez

05/10/2025

08:25 PM Bug #15676 (Resolved): OpenVPN not rendering alises in "IPv4 Local network" setting.
I can't reproduce the issue on 24.11.
This ticket has been marked as resolved. Danilo Zrenjanin
06:14 PM Bug #12833: GUI Service Log Filling Up with Cruft
I'm getting hit fairly hard with this right now, as I have a busy 24.11 firewall in Azure that's shipping syslog to m... → luckman212
03:55 PM Bug #16010: AutoConfigBackup scheduled backups always upload even when the configuration has not changed
Tested on... Christopher Cope
02:16 AM Revision 32070a66: Remove interface_isppp_type_ephemeral()
Reid Linnemann
12:45 AM Revision 75dc97b8: Correct a copy/paste error and escape shell args where downing if_pppoe iface
Reid Linnemann

05/09/2025

11:13 PM Bug #16183 (Incomplete): IPsec tunnels show as down, but they are working
Our IPsec connection is working, but the status shows as down:
!clipboard-202505091705-zv4df.png!
The IPSec Overvie... Orion Poplawski
10:18 PM pfSense Plus Bug #15948: GUI times out when attempting to view large Configuration History
This timeout would not be an issue normally but is much more likely to happen due to https://redmine.pfsense.org/issu... Marcos M
09:49 PM Revision 11f07e13: Always bring if_pppoe interfaces down before destroying them
For kernel if_pppoe interfaces, when the interface is destroyed it is removed
immediately without sending a Term-Requ... Reid Linnemann
09:46 PM Bug #16182: Firewall rules using interface subnet aliases may prevent filter rules from loading after upgrades

I have verified that the patch fixes the issue, using the instruction in https://forum.netgate.com/post/1214308
Patrik Stahlman
09:33 PM Bug #16182 (Resolved): Firewall rules using interface subnet aliases may prevent filter rules from loading after upgrades
Tested working by original reporter. Marcos M
08:35 PM Bug #16182: Firewall rules using interface subnet aliases may prevent filter rules from loading after upgrades
Applied in changeset commit:a8e5ba643026ee11001dbeff48246ec9fbd07cc9. Marcos M
08:29 PM Bug #16182 (Feedback): Firewall rules using interface subnet aliases may prevent filter rules from loading after upgrades
Fixed with commit:a8e5ba643026ee11001dbeff48246ec9fbd07cc9.
This changes the behavior for interface "subnet" alias... Marcos M
08:17 PM Bug #16182 (Resolved): Firewall rules using interface subnet aliases may prevent filter rules from loading after upgrades
Sometimes after upgrades with pfBlockerNG installed, there will be an alert on the dashboard stating that the filter ... Marcos M
09:31 PM pfSense Docs Todo #16135 (Resolved): Document NAT64 rules
Looks good to me, thanks! Marcos M
07:25 PM pfSense Docs Todo #16135 (Feedback): Document NAT64 rules
This should all be reasonably complete now, along with other updates to firewall and NAT rules. It has all been deplo... Jim Pingle
08:26 PM Revision a8e5ba64: Add interface network aliases even if empty. Fix #16182
This changes the behavior for interface "subnet" aliases to be included in
/tmp/rules.debug even when the alias is em... Marcos M
07:20 PM Bug #16022: Static lease DNS records are incorrectly removed when backing lease expires
fixed. tested on
25.03-BETA (amd64)
built on Wed May 7 16:11:00 UTC 2025
FreeBSD 15.0-CURRENT
can reproduce on 24... Georgiy Tyutyunnik
03:33 PM pfSense Plus Regression #15880 (Resolved): Upgrade available LED not set before branch is selected.
Only the current branch and release branches are checked for updates. Sounds like it's working as expected given the ... Marcos M
02:14 PM pfSense Plus Regression #15880: Upgrade available LED not set before branch is selected.
re-tested on
25.03-BETA (amd64)
built on Wed May 7 16:11:00 UTC 2025
FreeBSD 15.0-CURRENT
issue still present - ... Georgiy Tyutyunnik
09:18 AM Bug #12922 (Confirmed): Classless static routes received on DHCP WAN can override chosen default gateway
Danilo Zrenjanin

05/08/2025

08:12 PM Revision 8bc76ef2: Fix updating renamed aliases with multiple entries
Previous behavior only checked single-entry aliases. This change allows
calling update_alias_names_upon_change() with... Marcos M
07:12 PM Revision 5379e5cf: Sync config revision
Marcos M
05:16 PM Revision e4f3b5ce: Fix double rc.newwanipv6 execution on if_pppoe
When using if_pppoe and DHCPv6 over the PPP link, both the devd handler script
and dhcp6c execute /etc/rc.newwanipv6 ... Reid Linnemann
03:51 PM pfSense Packages Feature #16075: Add Zabbix 7.0 packages for 24.03
The original request for Zabbix 7.0 was made when 24.03 was still the current release.
Zabbix 6.4 went out of suppor... Andrew Almond
03:48 PM Bug #16010: AutoConfigBackup scheduled backups always upload even when the configuration has not changed
fixed, scheduled backups not running if no config changes were made
tested on:
25.03-BETA (amd64)
built on Wed May... Georgiy Tyutyunnik
03:41 PM pfSense Plus Regression #16179 (Feedback): upgradeconfig php shell script incorrectly replaces running config when Nexus is enabled.
Looks good with that patch. Steve Wheeler
02:41 PM pfSense Plus Regression #16179 (Ready To Test): upgradeconfig php shell script incorrectly replaces running config when Nexus is enabled.
https://gitlab.netgate.com/pfSense/factory/-/merge_requests/172 Marcos M
08:43 AM pfSense Plus Bug #14894: Password protected console login prompt does not render properly on 4100/6100/8200 serial console
It is still the issue on 25.03Beta built on Tue Apr 29... Lev Prokofev

05/07/2025

08:00 PM Feature #15415 (Resolved): Enhanced firewall log action information display
Fixed #note-18 with commit:6cf3e688d725056472ed5641dff30fa75dd95a50. Marcos M
07:51 PM Feature #15415 (In Progress): Enhanced firewall log action information display
There's an issue here with rules containing some HTML characters such as:... Marcos M
07:59 PM Bug #16170 (Resolved): Incorrect logic for detection of DNS server change in cases where the ISP does not provide search domains in DHCPv6 renewal
Marcos M
07:51 PM Revision 6cf3e688: Double-escape HTML characters for use in HTML attribute. Fix #15415
Marcos M
05:44 PM pfSense Plus Feature #16181 (New): Include Nexus controller PTY log in GUI
In some cases there are logs included in @/var/log/pfnet-controller-pty.log@ which can help when troubleshooting issu... Marcos M
05:22 PM Bug #16180 (Pull Request Review): Improve gateway status detection with routed monitoring addresses
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/1221 Marcos M
05:03 PM Bug #16180 (Resolved): Improve gateway status detection with routed monitoring addresses
Gateway monitoring traffic may go out the wrong interface in some cases. Redmine "#16069":https://redmine.pfsense.org... Marcos M
09:00 AM pfSense Plus Bug #14168: OpenVPN status GUI cannot display RADIUS ACL Generated Ruleset with usernames containing an ``@`` symbol
Hello, this problem is still occur in version 24.11-RELEASE.
We located that problem is in status_openvpn.php file o... K H
02:37 AM Feature #16177: Include Unbound 1.23.0 in upcoming release
For whatever it's worth, I second this request. Would love to have the new version if at all possible. It includes a ... Glenn Hall
 

Also available in: Atom