Project

General

Profile

Activity

From 10/12/2022 to 11/10/2022

11/10/2022

02:41 PM Feature #13649 (Resolved): Support for ChaCha20-Poly1305 and AES-128-GCM encryption with OpenVPN DCO
Copying from NG Redmine.
The @if_ovpn@ driver (in plus) and OpenVPN userspace now support ChaCha20-Poly1305 and AE... Jim Pingle

11/02/2022

07:27 PM Feature #13511: Priority Code Point (PCP) option on interface configuration
An alternative GUI interface to enable setting the VLAN to zero is, to allow the VLAN to be set to zero in the GUI.
... Patch Public

10/31/2022

01:22 PM Regression #13613 (Resolved): OpenVPN crashes due to if_tuntap changes
Tested patch - issue now fixed. Marcos M
12:34 PM Regression #13613 (Ready To Test): OpenVPN crashes due to if_tuntap changes
https://gitlab.netgate.com/pfSense/factory/-/commit/47923705f62711ff1764e8eac21607f2bdd07401 Kristof Provost
12:23 PM Regression #13613 (Resolved): OpenVPN crashes due to if_tuntap changes
Tested on @pfSense-23.01.a.20221031.0600@.
Client/Server (no DCO) crashes only after a reboot - starting it manual... Marcos M
12:20 PM Regression #13603 (Resolved): OpenVPN with DCO crashes due to userspace code being ahead of kernel
The @dco_set_ifmode@ issue has been resolved after updating to @pfSense-23.01.a.20221031.0600@. Marcos M
11:58 AM Bug #13602 (Resolved): OpenVPN fails to start again if it crashes with DCO enabled
Tested and it works well - thanks! Marcos M

10/28/2022

08:07 AM Bug #13602: OpenVPN fails to start again if it crashes with DCO enabled
https://gitlab.netgate.com/pfSense/factory/-/merge_requests/81
Your analysis is spot on. We can resolve this probl... Kristof Provost
06:45 AM Regression #13603 (Ready To Test): OpenVPN with DCO crashes due to userspace code being ahead of kernel
`dco_set_ifmode: failed to set ifmode=00008002: Operation not supported (errno=45)` happened because the openvpn user... Kristof Provost

10/27/2022

05:40 PM Regression #13603 (Resolved): OpenVPN with DCO crashes due to userspace code being ahead of kernel
Tested on @pfSense-23.01.a.20221026.0600@.
Client/Server crashes with DCO enabled:
> dco_set_ifmode: failed to se... Marcos M
05:16 PM Bug #13602 (Resolved): OpenVPN fails to start again if it crashes with DCO enabled
If OpenVPN crashes with DCO enabled, it doesn't remove the interface which prevents it from starting again. The inter... Marcos M

10/24/2022

07:35 AM Bug #13577 (Not a Bug): Network Time Protocol (NTP) Mode 6 Scanner
Jim Pingle

10/22/2022

01:31 PM Bug #13577: Network Time Protocol (NTP) Mode 6 Scanner
Checking /var/etc/ntpd.conf on 22.05, the proper "notrap" and "nomodify" config line items are present
restrict defa... Kris Phillips

10/19/2022

03:29 PM Bug #13577: Network Time Protocol (NTP) Mode 6 Scanner
The remote NTP server responds to mode 6 queries. Devices that respond to these queries have the potential to be used... Adam Esslinger
03:13 PM Bug #13577 (Not a Bug): Network Time Protocol (NTP) Mode 6 Scanner
Im running a Nessuss scan against my pfsense+ firewall version pfsense+ 22.05-RELEASE (amd64) and it reports that pfs... Adam Esslinger
07:03 AM Bug #13572 (Not a Bug): SG-3100 switch wrong behavior
Jim Pingle

10/18/2022

08:47 PM Bug #13569: Restarting an OpenVPN server running on a CARP VIP in an HA cluster can disrupt unrelated TCP states
Additional notes while working with cjl:
Commenting out the line @/sbin/pfctl -i $1 -Fs@ in @/usr/local/sbin/ovpn-lin... Marcos M
04:38 PM Bug #13572: SG-3100 switch wrong behavior
The problem has been solved with the help of stephenw10 and johnpoz
Details can be found here:
https://forum.netg... Marcelo Cury
09:05 AM Bug #13572: SG-3100 switch wrong behavior
Disregard that VLAN199 in the topology, that doesn't exist anymore.
Follows a pcap made in host 192.168.255.251:
 Marcelo Cury
08:53 AM Bug #13572 (Not a Bug): SG-3100 switch wrong behavior
Problem description: Connections going to host 192.168.255.253 are being sent to 192.168.255.251
*VLAN100 LAN: 192... Marcelo Cury

10/17/2022

08:56 AM Bug #13569: Restarting an OpenVPN server running on a CARP VIP in an HA cluster can disrupt unrelated TCP states
A few points here after working with cjl a bit trying to narrow it down:
* The states that disappear are not direc... Jim Pingle
06:48 AM Bug #13569: Restarting an OpenVPN server running on a CARP VIP in an HA cluster can disrupt unrelated TCP states
Verified. Running OpenVPN server bound to Localhost and port forwarding an IP Alias/CARP VIP to it looks like a reaso... Chris Linstruth
03:43 AM Bug #13569: Restarting an OpenVPN server running on a CARP VIP in an HA cluster can disrupt unrelated TCP states
forgot to add: without OpenVPN running on VIP or even with OpenVPN runnning on WAN, there is no problem with TCP stre... Azamat Khakimyanov
03:37 AM Bug #13569 (New): Restarting an OpenVPN server running on a CARP VIP in an HA cluster can disrupt unrelated TCP states
Our customer (Ticket #1161128024) pointed out on possible problem with HA cluster and TCP streams. During troubleshoo... Azamat Khakimyanov
 

Also available in: Atom