Project

General

Profile

Activity

From 03/13/2021 to 04/11/2021

04/11/2021

05:17 AM Feature #11798 (Duplicate): HA Sync for FRR config
I'm using two pfSense firewalls in a cluster with CARP.
On both FRR is configured but there is no sync option from ... Robert Sailer

04/10/2021

06:27 PM Bug #11797 (Confirmed): Traffic Totals lost upon reboot when using a ramdisk for /var and /tmp
When using a ramdisk for /var and /tmp, RRD Data and log files are saved from the ramdisk to disk on a regular basis ... John Cornwell
09:21 AM Bug #11637: Preprocs - possible to create two defaults
Tested in 2.6.0, and the original behavior is fixed. The GUI still has a slight issue:
When creating a new server ... Max Leighton

04/09/2021

08:24 PM Bug #11753: Enabling DNS over HTTPS/TLS Blocking in pfBlockerNG Causes Crash
Resolved in pfBlockerNG v3.0.0_16 BBcan177 .
07:24 AM Bug #11392: FRR - Advanced Routing Behavior - Network Import Check: Flag should be reversed
That's what I fixed yesterday but there isn't a new package yet. Wait for pfSense-pkg-frr version 1.1.0_10. Jim Pingle

04/08/2021

11:44 PM Bug #11392: FRR - Advanced Routing Behavior - Network Import Check: Flag should be reversed
"bgp network import-check" will not be shown up in configuration if I did not enable it once.
if I enabled it it w... Alhusein Zawi
11:18 AM Bug #11392 (Feedback): FRR - Advanced Routing Behavior - Network Import Check: Flag should be reversed
Fixed committed and merged everywhere it is relevant. Jim Pingle
09:44 AM Bug #11392 (In Progress): FRR - Advanced Routing Behavior - Network Import Check: Flag should be reversed
This doesn't add the option when there is no @frrbgpadvanced@ config present, and it should since we want it to be th... Jim Pingle
11:06 AM Bug #11791 (Duplicate): comp-lzo in Client export is still used when Allow Compression set to "Refuse"
Duplicate of #11745 Jim Pingle
10:09 AM Bug #11791 (Duplicate): comp-lzo in Client export is still used when Allow Compression set to "Refuse"
I noticed that the field "Compression" is still being used in client export even when "Refuse any non-stub compressio... chiel chiel
07:20 AM Bug #11637 (Feedback): Preprocs - possible to create two defaults
PR merged on 2.6.0 / 2.5.1. It will be cherry-picked to stable after tests Renato Botelho

04/06/2021

11:45 PM Feature #11749: Option to disable NAT rule creation
I don't want to use the VIP Webservice in general, but the NAT rules are the biggest problem. I can't delete them and... Frank Gouton
07:41 AM Bug #11783 (Not a Bug): /usr/local/pkg/acme/acme_command.sh : Uncaught RuntimeException: Couldn't create directory
Looks like a settings issue, it's got an entry set to need a web root folder but the value is empty. Jim Pingle
01:53 AM Feature #11784 (New): squidguard auto update blacklist option
Would be nice to have an auto update blacklist option with a drop down menu for none, daily, weekly, fortnightly or m... ageekhere ageekhere

04/05/2021

05:44 PM Bug #11783: /usr/local/pkg/acme/acme_command.sh : Uncaught RuntimeException: Couldn't create directory
user was admin during setup process so permissions to create a director should not have been an issue. Martin Thygesen
05:44 PM Bug #11783 (Not a Bug): /usr/local/pkg/acme/acme_command.sh : Uncaught RuntimeException: Couldn't create directory
Tried to setup acme on new firewall instance using old Key & ID from previous installation
Failed to write directory... Martin Thygesen
12:19 PM Bug #11780 (Rejected): Suricata package fails to prune suricata.log
The suricata package does not prune suricata.log. As a result, suricata.log grows without bound eventually resulting ... Kushdeep Chabba
09:20 AM Bug #11766 (Pull Request Review): Certificate no more pointed "in use" by haproxy
Jim Pingle

04/04/2021

10:32 AM Bug #11766: Certificate no more pointed "in use" by haproxy
fix:
https://github.com/pfsense/FreeBSD-ports/pull/1059 Viktor Gurov

04/02/2021

11:58 AM Bug #11637: Preprocs - possible to create two defaults
This problem is corrected by Pull Request 1058 here: https://github.com/pfsense/FreeBSD-ports/pull/1058. This issue ... Bill Meeks

04/01/2021

12:21 PM Bug #11771: Darkstat WebGUI Cannot be accessed when Pfsense is accessed via a DNS name
Nevermind, it's the SSL business. The "Access Darkstat" button tries to use SSL and the browser is complaining and n... Jon V
12:10 PM Bug #11771 (Rejected): Darkstat WebGUI Cannot be accessed when Pfsense is accessed via a DNS name
There must be something wrong in your testing. The firewall can't tell if it's being accessed by IP address or hostna... Jim Pingle
12:01 PM Bug #11771 (Rejected): Darkstat WebGUI Cannot be accessed when Pfsense is accessed via a DNS name
Lets say you have a DNS entry "pfsense-local" the configuration of Darkstat only works when you navigate to 192.168.1... Jon V
12:00 PM Bug #11768 (Pull Request Review): FRR OSPF - Comment field within the ospf interfaces gets longer and longer
Jim Pingle
11:29 AM Bug #11768: FRR OSPF - Comment field within the ospf interfaces gets longer and longer
fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/80 Viktor Gurov
08:56 AM Bug #11768 (Resolved): FRR OSPF - Comment field within the ospf interfaces gets longer and longer
The comment field in the assigned ospf interfaces gets longer e.g.
interface ovpns1
description "ospfd: vpn230 D... Robert Sailer
03:54 AM Bug #11766: Certificate no more pointed "in use" by haproxy
Also seeing this - see my comments in linked thread JohnPoz _
03:37 AM Bug #11766 (Resolved): Certificate no more pointed "in use" by haproxy
https://forum.netgate.com/topic/162606/certificate-no-more-pointed-in-use-by-haproxy:
I've seen in version 2.5 that ... Viktor Gurov

03/31/2021

07:58 AM Bug #11763 (New): Traffic graphs refresh issue
Using Windows 10 20H2 and Chrome 89.
If Main page of pfsense is opened with traffic graphs displayed for a while (... Laurent BONNIN
06:52 AM Bug #11753: Enabling DNS over HTTPS/TLS Blocking in pfBlockerNG Causes Crash
Thanks @BBcan177, that was exactly it. Leave it to us dumb users to break stuff. lol. Jeff Strand
03:39 AM Bug #11756: HaProxy does not transfer backend states during reload
Hi Viktor, I do not think that the ticket you linked is correct. I am specifically talking about the config option "l... Florian Apolloner
03:11 AM Bug #11756: HaProxy does not transfer backend states during reload
fixed in haproxy-devel: #10599 Viktor Gurov

03/30/2021

08:47 PM Bug #11753: Enabling DNS over HTTPS/TLS Blocking in pfBlockerNG Causes Crash
When you enable Doh/DoT Blocking, you must select atleast one of the lists below. I will add some input validation an... BBcan177 .
04:33 AM Bug #11756 (Feedback): HaProxy does not transfer backend states during reload
When reloading Haproxy (due to config changes for instance) the newly started process does not seem to remember the e... Florian Apolloner

03/29/2021

05:41 PM Bug #11753 (Resolved): Enabling DNS over HTTPS/TLS Blocking in pfBlockerNG Causes Crash
Enabling the "DoH/DoT Blocking" option in "Firewall/pfBlockerNG/DNSBL/DNSBL SafeSearch" menu causes pfSense to crash.... Jeff Strand
01:54 PM Regression #11738 (Feedback): SquidGuard 1.16.18_17 Not Filtering Blacklist No-Transparent Mode
Merged Renato Botelho
08:47 AM Regression #11738 (Pull Request Review): SquidGuard 1.16.18_17 Not Filtering Blacklist No-Transparent Mode
Jim Pingle
08:53 AM Bug #11746 (Pull Request Review): Second LDAP server configuration misses the ipaNThash control attribute
Jim Pingle
08:52 AM Bug #11745 (Pull Request Review): Incorrect compress options in exported configuration when server is set to refuse compression
Jim Pingle
08:12 AM Feature #11719: ACME - Create script for DNSExit API
Netgate maintains the pfSense package for acme.sh (pfSense GUI, code to setup and invoke acme.sh, etc) but we do not ... Jim Pingle
07:55 AM Feature #10859 (Pull Request Review): Add avahi filtering feature to pfSense
Jim Pingle
05:24 AM Feature #11749 (New): Option to disable NAT rule creation
I'd like to have an option to disable the automatic NAT rule creation of DNSBL.
First I'd like to have full manual... Frank Gouton

03/28/2021

06:51 AM Bug #11746: Second LDAP server configuration misses the ipaNThash control attribute
fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/79 Viktor Gurov
06:49 AM Bug #11746 (Resolved): Second LDAP server configuration misses the ipaNThash control attribute
Only the first LDAP server configuration contains the ipaNThash control attribute:
https://github.com/pfsense/FreeBS... Viktor Gurov
04:47 AM Bug #11745: Incorrect compress options in exported configuration when server is set to refuse compression
fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/78 Viktor Gurov
04:16 AM Bug #11745 (Resolved): Incorrect compress options in exported configuration when server is set to refuse compression
I create ovpn server. I use it with some options, one of them is "refuse any non-stub compression". Then I use client... Viktor Gurov
12:06 AM Regression #11738: SquidGuard 1.16.18_17 Not Filtering Blacklist No-Transparent Mode
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/77 Viktor Gurov

03/27/2021

03:39 PM Bug #11742 (Not a Bug): Blocking / Unblocking is not working correctly.
If you turn on blocking for a port via the GUI and then turn the blocking back off. Gui indicates that it is off, but... Ian Mitchell
08:24 AM Regression #11738 (Resolved): SquidGuard 1.16.18_17 Not Filtering Blacklist No-Transparent Mode
Hello.
We found some strange behavior, after upgrade to this version 1.16.18_17
SG stop filtering our blacklist a... Peter Moreno

03/26/2021

11:43 AM Bug #10187: Insertion of ZERO_WIDTH_SPACE into IPv6 addresses make it impossible to use browser find functionality
If this is waiting for me to submit a patch: it ain't coming. Izaac Falken

03/24/2021

08:37 PM Feature #11719: ACME - Create script for DNSExit API
I must be misinterpreting the Netgate Package docs.
Reading from the page https://docs.netgate.com/pfsense/en/late... Mike McV
04:45 PM Feature #11719 (Rejected): ACME - Create script for DNSExit API
We don't write custom scripts at pfSense. Please open a ticket on ACME project for that Renato Botelho

03/23/2021

09:00 PM Bug #11632: unbound service not restarted on pfBlocker-devel install/reinstall
Duplicate issue:
https://redmine.pfsense.org/issues/11398 BBcan177 .
11:18 AM Feature #10859: Add avahi filtering feature to pfSense
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/76 Viktor Gurov

03/22/2021

10:48 PM Feature #11719 (Rejected): ACME - Create script for DNSExit API
Link to tech docs.
https://www.dnsexit.com/dns/dns-api/
This is out of my wheelhouse so any assistance would be... Mike McV

03/20/2021

07:11 PM Bug #11575: OpenVPN clients cannot pass traffic when reconnecting using the same source port
Yuran Yastreb wrote:
> Edgardo Rodriguez wrote:
> > Jim Pingle wrote:
> > > No, but since you compiled it on a dif... Edgardo Rodriguez
11:47 AM Bug #11575: OpenVPN clients cannot pass traffic when reconnecting using the same source port
Edgardo Rodriguez wrote:
> Jim Pingle wrote:
> > No, but since you compiled it on a different system and nobody els... Yuran Yastreb
06:42 PM Bug #11711 (Resolved): New Squid Status Page Non-Functional
Under Services --> Squid --> Status, the page does not load or work on 21.02 of 2.5 of pfSense and pfSense Plus. The... Kris Phillips
11:10 AM Feature #11201 (Resolved): Show iTLD Allow IDN domains
Tested on pfBlockerNG-devel 3.0.0_15 version.
It looks fine, the Total TLD Count is included and works as expecte... Danilo Zrenjanin
10:35 AM Feature #11520 (Resolved): Add 'explicit-exit-notify' option by default
Tested on the latest release.
OpenVPN - Client Export Utility adds explicit-exit-notify in the client configurati... Danilo Zrenjanin

03/19/2021

08:58 PM Bug #11515: node_exporter 0.18.1_1 - Unable to interact or start the service from web ui
I note at least two issues remaining.
First, the config file is in @/usr/local/etc/rc.conf.d/@, but that directory... Joel Holveck
05:10 AM Bug #11204 (Feedback): Fix net-snmp logging to syslog
Merged Viktor Gurov
05:09 AM Bug #10990 (Feedback): net-snmp IPv6 listen address needs to be wrapped in square brackets
Merged Viktor Gurov
05:08 AM Bug #11039 (Resolved): route-map not working if Address Family is enabled.
Viktor Gurov

03/18/2021

07:47 PM Feature #11703 (New): add Krill and Routinator support BGP RPKI
From the perspective of safety and reliability, deploying your own RPKI facilities is the best option, so can these f... yon Liu
07:17 PM Bug #11693: IPv6 static routing fails
!https://i.imgur.com/vm8NKfi.jpg! yon Liu
11:47 AM Bug #11575: OpenVPN clients cannot pass traffic when reconnecting using the same source port
Jim Pingle wrote:
> No, but since you compiled it on a different system and nobody else had replicated it, it's unli... Edgardo Rodriguez
11:39 AM Bug #11575: OpenVPN clients cannot pass traffic when reconnecting using the same source port
No, but since you compiled it on a different system and nobody else had replicated it, it's unlikely to be related wi... Jim Pingle
11:35 AM Bug #11575: OpenVPN clients cannot pass traffic when reconnecting using the same source port
Jim Pingle wrote:
> We haven't evaluated that patch yet, but it's unlikely to make it into the next release this lat... Edgardo Rodriguez
08:00 AM Bug #11575: OpenVPN clients cannot pass traffic when reconnecting using the same source port
We haven't evaluated that patch yet, but it's unlikely to make it into the next release this late in the process. If ... Jim Pingle
11:38 AM Bug #11696 (Feedback): SquidGuard Disable "Groups ACL" no work
Merged Viktor Gurov
08:01 AM Bug #11696 (Pull Request Review): SquidGuard Disable "Groups ACL" no work
Jim Pingle
06:57 AM Bug #11696: SquidGuard Disable "Groups ACL" no work
fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/75 Viktor Gurov
06:47 AM Bug #11696 (Resolved): SquidGuard Disable "Groups ACL" no work
https://forum.netgate.com/topic/162053/squidguard-disable-groups-acl-no-work-bug:
Pfsense 2.5.0
"Common ACL" is D... Viktor Gurov
07:38 AM Bug #11695 (Feedback): PHP error in the last step of the wizard
Merged Renato Botelho
07:05 AM Bug #11695: PHP error in the last step of the wizard
fix:
https://gitlab.netgate.com/pfSense/factory-ports/-/merge_requests/1 Viktor Gurov
06:06 AM Bug #11695 (Resolved): PHP error in the last step of the wizard
I get the following error message when trying to create a VPN using the AWS wizard:... Viktor Gurov

03/17/2021

08:46 PM Bug #11575: OpenVPN clients cannot pass traffic when reconnecting using the same source port
Pippin MMD wrote:
> Asked on #openvpn-devel, this patch should fix this ticket:
> https://patchwork.openvpn.net/pat... Wesley Lucio dos Santos
07:01 AM Bug #11575: OpenVPN clients cannot pass traffic when reconnecting using the same source port
Pippin MMD wrote:
> Asked on #openvpn-devel, this patch should fix this ticket:
> https://patchwork.openvpn.net/pat... Edgardo Rodriguez
06:55 AM Bug #11575: OpenVPN clients cannot pass traffic when reconnecting using the same source port
Asked on #openvpn-devel, this patch should fix this ticket:
https://patchwork.openvpn.net/patch/1550/
It is not r... Pippin MMD
07:38 PM Bug #11693 (Resolved): IPv6 static routing fails
ipv6 static routing rules do not work, when I setup 240e::/20 via wan dhcpv6 interface, but
it still via frr bgp oth... yon Liu

03/16/2021

07:28 PM Feature #11573: Custom Commands
Maybe web terminal is option here you wanted to ask, but pfsense already allow you run commands, not predefined one DRago_Angel [InV@DER]
05:05 PM Bug #11687: Fix download URLs for SecuriteInfo.com
A pull request fixing this bug can be found on "GitHub":https://github.com/pfsense/FreeBSD-ports/pull/1055. Markus *
04:55 PM Bug #11687 (Resolved): Fix download URLs for SecuriteInfo.com
The download URLs for the SecuriteInfo.com databases in the freshclam configuration are missing the SecuriteInfo.com ID. Markus *
04:33 PM Bug #11575: OpenVPN clients cannot pass traffic when reconnecting using the same source port
Well, confirmed what I stated before,
*enable_async_push=yes* breaks reconnect process when using server with UDP a... Edgardo Rodriguez
03:29 PM Bug #11575: OpenVPN clients cannot pass traffic when reconnecting using the same source port
I found that, using tcp server mode reconnection works as expected (without needing to set lport 0, or nobind, or any... Edgardo Rodriguez
03:59 PM Bug #11686 (Resolved): FRR generated ACCEPTFILTER permit statement broken
When the ACCEPTFILTER is generated all goes well except the last line which is ip prefix-list ACCEPTFILTER seq 10 per... Robert Sailer
01:54 PM Bug #11680 (Feedback): Saving HAProxy FrontEnd description with umlauts causes configuration restore
PR has been merged. Thanks! Renato Botelho
10:48 AM Bug #11680 (Pull Request Review): Saving HAProxy FrontEnd description with umlauts causes configuration restore
Jim Pingle
04:07 AM Bug #11680: Saving HAProxy FrontEnd description with umlauts causes configuration restore
fix:
https://github.com/pfsense/FreeBSD-ports/pull/1054 Viktor Gurov
12:07 AM Bug #11680: Saving HAProxy FrontEnd description with umlauts causes configuration restore
similar to #10442 Viktor Gurov
12:06 AM Bug #11680 (Resolved): Saving HAProxy FrontEnd description with umlauts causes configuration restore
https://forum.netgate.com/topic/162010/saving-haproxy-config-causes-config-restore:
On pfSense 2.5.0, HAProxy, i t... Viktor Gurov
01:53 PM Bug #11640 (Feedback): Ntopng configuration and data loss when shutting down Redis
PR has been merged. Thanks! Renato Botelho
10:50 AM Bug #11683 (Pull Request Review): Certificate Manager page doesn't show FreeRADIUS used certificates
Jim Pingle
06:26 AM Bug #11683: Certificate Manager page doesn't show FreeRADIUS used certificates
fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/74 Viktor Gurov
05:39 AM Bug #11683 (Resolved): Certificate Manager page doesn't show FreeRADIUS used certificates
On the system_certmanager.php page, you can see the "In Use" column which reflects the certificates used by IPsec/Ope... Viktor Gurov
10:49 AM Bug #11682 (Pull Request Review): Certificate Manager page do not show STunnel used certificates
Jim Pingle
05:35 AM Bug #11682: Certificate Manager page do not show STunnel used certificates
fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/73 Viktor Gurov
05:33 AM Bug #11682 (Resolved): Certificate Manager page do not show STunnel used certificates
On the system_certmanager.php page, you can see the "In Use" column which reflects the certificates used by IPsec / O... Viktor Gurov
10:15 AM Bug #11366 (Pull Request Review): Arpwatch Cron Notification every 15 minutes
Jim Pingle
02:07 AM Bug #11366: Arpwatch Cron Notification every 15 minutes
fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/72 Viktor Gurov
10:13 AM Bug #11681 (Pull Request Review): FRR generates invalid BFD configuration after removing interfaces
Jim Pingle
12:49 AM Bug #11681: FRR generates invalid BFD configuration after removing interfaces
fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/71 Viktor Gurov
12:17 AM Bug #11681 (Resolved): FRR generates invalid BFD configuration after removing interfaces
If you create a BFD peer configuration and set the Interface option to a value other than "Default",
and then remove... Viktor Gurov
09:27 AM Bug #11585: WireGuard kernel panic when changing peer port on assigned WireGuard interface
I can test whenever this hits the dev snaps. I assume this is incubating in 2.6 devl?
I'm not sure what you can di... Christian McDonald
08:10 AM Bug #11585 (Feedback): WireGuard kernel panic when changing peer port on assigned WireGuard interface
Many wg fixes were cherry-picked from upstream. This must be tested again Renato Botelho
06:13 AM Bug #11610: NET-SNMP is not setting the correct permissions on AgentX
I *think* the issue is somewhere in here */usr/local/pkg/frr.inc*
in the segment as follows:... Yif Swery
05:58 AM Bug #11610: NET-SNMP is not setting the correct permissions on AgentX
Viktor Gurov wrote:
> Unable to reproduce with FRR pkg 1.1.0_8 -
> frr starts successfully with the "Enable agentx"... Yif Swery

03/15/2021

10:29 PM Bug #11575: OpenVPN clients cannot pass traffic when reconnecting using the same source port
Jim Pingle wrote:
> If an OpenVPN client reconnects immediately after disconnecting, in certain cases it cannot pass... Edgardo Rodriguez

03/14/2021

07:23 AM Regression #11634: bind hangs when pfsense is reconnecting as an openvpn client to a TUN openvpn server
The problem is maybe not directly related, but I encountered this too, and if you wait 5mn before trying to reconnect... Stéphane BARBARAY
05:23 AM Regression #11634: bind hangs when pfsense is reconnecting as an openvpn client to a TUN openvpn server
Good day! I confirm the problem, I created a ticket, but I was told that this is not an error
https://redmine.pfsens... itfabrica Tech
06:48 AM Feature #10818: UDP Broadcast Relay
This is now a FreeBSD port: https://www.freshports.org/net/udpbroadcastrelay/ Steve Wheeler
12:16 AM Bug #11610 (Feedback): NET-SNMP is not setting the correct permissions on AgentX
Viktor Gurov
 

Also available in: Atom