Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Pfsense 2.6.0 Buggy and Should have Remained in Development Branch (one bug report inside). Usage issues as well

    Scheduled Pinned Locked Moved General pfSense Questions
    7 Posts 3 Posters 1.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      Ryu945
      last edited by

      1. Applying changes seems to take significantly longer. (Certain ones, I forgot which ones off the top of my head. I will probably edit this later to mention which ones.

      2. Wireguard default gateway can be confused if you have multiple Gateways like WAN, OpenVPN1, Wireguard1. Wireguard will literally try to run through the OpenVPN1 gateway so Wireguard1 stops working when OpenVPN is turned off.

      3. Applying configurations can fail. I was applying a DNS resolver setting when I got this.

      https://imgur.com/zxB2GyM.png

      Clicking save and apply again will not fix it. I had to alter the setting and then save and apply would work again. Then I could change them back to the desired settings. Then save and apply.

      1. ( I was told this is intended and not a bug) There is no way to disable OpenVPN clients. Disabling the interface does not allow you to disable the OpenVPN client. You have to delete the interface before you can disable it.

      2. After you have disabled the OpenVPN client, you can then recreate the interface. Sometimes it puts this new interface on all your NAT Outbound rules you had for this interface originally and sometimes it doesn't so you have to manually add that interface back in for ever single NAT Outbound rule on that interface. This would not happen if you didn't have to delete the interface.

      R 1 Reply Last reply Reply Quote 0
      • R
        rcoleman-netgate Netgate @Ryu945
        last edited by

        @ryu945 Have you opened any Redmines regarding your experiences? If so please provide the links.

        https://redmine.pfsense.org/

        Ryan
        Repeat, after me: MESH IS THE DEVIL! MESH IS THE DEVIL!
        Requesting firmware for your Netgate device? https://go.netgate.com
        Switching: Mikrotik, Netgear, Extreme
        Wireless: Aruba, Ubiquiti

        R 1 Reply Last reply Reply Quote 0
        • R
          Ryu945 @rcoleman-netgate
          last edited by Ryu945

          @rcoleman-netgate Creating this as a bug report. I am placing these in one report since some of them are likely interrelated.

          https://redmine.pfsense.org/issues/13363?next_issue_id=13362

          1 Reply Last reply Reply Quote 1
          • M
            marcosm Netgate
            last edited by

            1. This can happen on pages that do DNS lookups. If DNS isn't working, the DNS queries neeed to time out before the page will load. This has improved significantly, but it can still be an issue. If you have specific examples and can reproduce it, please provide the steps.

            2. The auto setting does an OK job in most cases, but the logic behind it is basic. It's best not to leave it as automatic if it can be avoided.

            3. The error itself is not a bug, and that's not a directory that exists by default. It's saying it can't read the configured root.key file.

            4. That's done on purpose to avoid actually buggy behavior :)

            5. You can indeed go around the validation that way, but it's not guaranteed to work.

            R 1 Reply Last reply Reply Quote 0
            • M marcosm moved this topic from TNSR Feedback on
            • R
              Ryu945 @marcosm
              last edited by Ryu945

              @marcosm

              1. As I mentioned, there was strange behavior where even when you set the default gateway to Wireguard1, if the previous setting was OpenVPN1 then it will still run Wireguard1 through OpenVPN1. The gateway Wireguard1 will remain unusable until I set it to WAN. Then I am able to get Wireguard1 to not run through OpenVPN1 on either the WAN or Wireguard1 gateway.

              2. Your saying the bug was not the error message but the fact that the files became unreadable until I changed the setting? The files became locked until I did that action which unlocked it.

              3. It would make more since to implement this through disabling the interface. Deleting the interface should not be required. Why even have a disable interface button if you can't use it to turn off the OpenVPNs.

              1 Reply Last reply Reply Quote 0
              • M
                marcosm Netgate
                last edited by

                The VPN interface is separate from, and unnecessary for, the VPN service to work.

                R 1 Reply Last reply Reply Quote 0
                • R
                  Ryu945 @marcosm
                  last edited by

                  @marcosm They are not totally separate. It is physically impossible to turn off the the VPN service in the OpenVPN area unless you delete the VPN interface in the interface area. I was told this was done to prevent unwanted behavior but I was suggesting that it be changed to where disabling the interface is all that is needed to be able to turn off the OpenVPN.

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.