pfSense bugtracker: Issueshttps://redmine.pfsense.org/https://redmine.pfsense.org/favicon.ico?16780521162017-11-30T13:16:20ZpfSense bugtracker
Redmine pfSense Packages - Feature #8148 (New): OpenVPN - Output Windows Client .MSI Installer for GPO de...https://redmine.pfsense.org/issues/81482017-11-30T13:16:20ZJason Gibbons
<p>First, pfSense is a great product. I appreciate all of the development efforts.</p>
<p>It would be very helpful if the OpenVPN Windows client installer would also generate an .MSI. This would allow GPO deployment which would greatly ease the adoption of OpenVPN in that environment. OpenVPN Access Server has a script to do this. Is it possible to add something like this to pfSense as well?</p>
<p><a class="external" href="https://docs.openvpn.net/configuration/active-directory-deploying-the-access-server-connect-client-via-gpos/">https://docs.openvpn.net/configuration/active-directory-deploying-the-access-server-connect-client-via-gpos/</a></p>
<p>Thanks!</p> pfSense - Feature #7934 (New): format support phone# for international usehttps://redmine.pfsense.org/issues/79342017-10-12T16:10:20ZAdam Thompsonathompso@athompso.net
<p>In the new 2.4.0 release, the Netgate Services and Support dashboard gadget shows the phone# to call. (Good idea, btw!)<br />So that international users know where to call, the phone# should include the country code as "+1".<br />ITU-standard formatting is "+1 (512) 900-2546", but I guess "+1-512-900-2546" would also be recognized by pretty much everyone.<br />You have people in Brazil - check to see which format they would normally expect to see.<br />The important part is the "+" followed by "1", not the punctuation.</p> pfSense - Bug #7857 (New): Interfaces Widget U/I fails to wrap IPV6 addresses when the string is ...https://redmine.pfsense.org/issues/78572017-09-13T03:43:10ZBryan Stenson
<p>Strictly a U/I issue, the widget fails to wrap when the browser window is set small enough to make the string too wide for the box.</p> pfSense - Feature #7718 (New): Hostname for Custom DynDNS Updater.https://redmine.pfsense.org/issues/77182017-07-24T10:05:15ZOliver Loch
<p>Hi,</p>
<p>right now I'm using a custom DynDNS service for VPN connectivity. The problem is that you can't set the hostname anywhere and in the OpenVPN client export the hostname field is empty.<br />So it would be nice if we could have a simple text field that accepts the hostname of the custom DynDNS update and makes it available to other applications.</p>
<p>KR,</p>
<p>G.</p> pfSense - Bug #7648 (New): SPAN ports on an interface renders CARP HA inoperativehttps://redmine.pfsense.org/issues/76482017-06-14T21:05:03ZDavid Van Cleef
<p>When a SPAN port is added to an interface, CARP breaks.</p>
<p>The source address of the CARP announcement, which should be from the IETF VRRP mac range changes to the mac of the physical interface.</p> pfSense Packages - Feature #7608 (New): Captive Portal amount of traffic Account + Free Radius+M...https://redmine.pfsense.org/issues/76082017-05-28T01:47:49Zmohsen abbaspour
<p>limitation on amount of traffic does not work when used CP and Free Radiusand and Mysql to gether </p>
<pre><code>It seams that captive does not count amount of Traffic</code></pre> pfSense - Feature #7030 (New): New Feature Load Balance Per Amount Of GBhttps://redmine.pfsense.org/issues/70302016-12-21T12:45:15Zchristian alfideo arminio
<p><a class="external" href="https://forum.pfsense.org/index.php?topic=122752.0">https://forum.pfsense.org/index.php?topic=122752.0</a></p> pfSense - Feature #6804 (New): Add row counter into Diagnostics -> Edit Filehttps://redmine.pfsense.org/issues/68042016-09-21T21:23:13ZTCI User
<p>Will be extremely helpful if the rows in the Diagnostics -> Edit File window are presented with a number.</p>
<p>In this case you cannot get lost while scrolling up and down into a file.</p>
<p>NOTE: As a work around at the moment I copy the file into my external text editor (Notepad++), make the necessary changes and then copy it back.</p> pfSense - Todo #6647 (New): Enable Additional Security Headershttps://redmine.pfsense.org/issues/66472016-07-26T20:30:24ZChris Buechlercbuechler@gmail.com
<p>The nginx instance for the web GUI should enable CSP. Just adding the following works:</p>
<pre>
add_header Content-Security-Policy "default-src 'self';";
</pre>
<p>though I suspect that may break some edge case I'm not thinking of. The captive portal nginx instance shouldn't have that set, as people routinely include external resources that would be broken by that.</p>
<p>Adding upgrade-insecure-requests while there wouldn't hurt either.</p> pfSense - Feature #6544 (New): RFC 3046 DHCP Option 82 support (and RFC 3315/4649/4580 for IPv6)https://redmine.pfsense.org/issues/65442016-06-27T06:12:47ZBruce Simpsonbms@FreeBSD.org
<p>We use an HPE switch to implement MAC layer security. It is configured to snoop DHCP request & inject Option 82 (RFC 3046) to tell us exactly which port and chassis a client is connected to.</p>
<p>isc-dhcpd will record Option 82 in the lease file, but the pfSense GUI does not do anything with the information.</p>
<p>We understand there is a third-party patch for this, but it currently appears to be unmaintained, and may not have been updated for pfSense 2.3.1-x.</p>
<p>(This might well be a good fit for a more general package of Layer 2 security features in pfSense)</p>
<p>Our switch does not currently support the DHCPv6 Interface-ID option, (as in RFCs 3315, 4649, 4580) but we're keen to use these also.</p> pfSense - Feature #5835 (New): Improve OpenVPN client gateway detection in edge cases where the r...https://redmine.pfsense.org/issues/58352016-02-01T08:37:46ZJim Pingle
<p>There are a few edge cases where OpenVPN does not set the "route_vpn_gateway" or "ifconfig_remote" environment variables so the "up" script cannot determine the gateway.</p>
<p>Currently the script falls back to using the local IP address in this case, which works OK for some things like policy routing when the interface is assigned, but it causes the wrong IP address to be monitored.</p>
The problem scenario requires BOTH of the following to be true:
<ul>
<li>tap mode OR tun+topology subnet is used</li>
<li>Server does not push ANY routes</li>
</ul>
<p>In that case, the only possible way for the client to determine the gateway is by subnet calculation, assuming the gateway is the first IP address in the block. Our code currently falls back to using the client adapter address in this case when the other two variables are unset.</p>
<p>Fixing it would require the ability to do subnet math or similar calculation from a shell script, or perhaps pulling the config off the interface using ifconfig or another similar function.</p>
<p>Since it appears to work fine from a user perspective aside from picking the right monitor IP address, it's pretty minor as far as I can tell so far.</p> pfSense - Feature #5735 (New): Automaticaly add DHCP leases to alias list or make it readable in ...https://redmine.pfsense.org/issues/57352016-01-05T05:21:42ZA Bdaywalker@eth0.io
<p>Hi<br />Last week I had a bigger Setup to deploy with some static DHCP Leases and a few Port forwarding's. I Just want to ask if it would be possible to automate the Process of creating (and linking of course) an Alias that belongs to a DHCP Lease.<br />Something like a system wide network object. Also Maybe fpr Subnets, and Ports of course.<br />But for now i struggled with having to enter everything twice (static DHCP leases and Aliases for the Firewall Rules)</p>
<p>Best regards</p> pfSense - Bug #5091 (Confirmed): In rule creation destination ports fields (from and to) are too...https://redmine.pfsense.org/issues/50912015-09-03T10:43:16ZPierre DOUCETpierre.doucet@sib.fr
<p>Refer to screenshot in attachement.</p>
<p>This could be solved by adding width tag in all.css files for all themes.</p>
<pre>
.formfldalias {
background-color: #990000;
color: #FFFFFF;
width: 300px;
}
</pre> pfSense - Bug #1738 (New): Restore fails when username in backup is not matchinghttps://redmine.pfsense.org/issues/17382011-08-03T01:00:10ZLouis-David Perronldperron@ldasolutions.ca
<p>It's not likely that it will happen to anyone, but the consequences are quite time consuming.</p>
<p>When on the default configuration of today's snapshot, if I import a backup that is using something else as "admin" for web user, then it's almost impossible to properly restore the backup.</p>
<p>After the config upload, my browser gets redirected to interfaces_assign.php, but it mentions:<br />No page assigned to this user! Click here to logout.</p>
<p>If I click logout and then I login into the new user, I get to the install package screen, even if the interfaces are still in the same state as before the restore.</p> pfSense - Feature #895 (New): PPP subsystem MPPE/MPPC supporthttps://redmine.pfsense.org/issues/8952010-09-16T13:38:10ZSadara Kaelsadara@xynexus.com.au
<p>mpd5 and kernel are missing M$ MPPC/MPPE modules and configureation options.</p>
<p>This would benefit all mpd5 services (pppoe connections, pppoe server, l2tp VPN, and PPTP server)<br />These are supported by the HIFN hardware accelerators as well, but I am unaware the exact software requirements<br />This could also be added as a package instead of a core system.</p>