pfSense

02/19/2012

10:06 PM Bug #910 (Resolved): CARP+Bridging+NAT can lead to "freeze"/"lockup"

Chris Buechler

10:05 PM Feature #803 (Resolved): Ability to circumvent adding of policy route negation rules for VPNs

Chris Buechler

10:05 PM Feature #1204 (Needs Patch): Captive Portal Chart

Chris Buechler

10:05 PM Feature #1357 (Needs Patch): captive portal informations throught SNMP

Chris Buechler

09:49 PM Bug #126 (Resolved): XML parser errors when enabling SSH

Chris Buechler

09:42 PM Feature #2205 (Feedback): relayd enhancements in system_advanced_misc.php

New tab added for global relayd settings. Pierre POMES

11:24 AM Bug #2213: Call to undefined function hash() in /etc/inc/auth.inc on line 507

OK. I'll upgrade to 5.3... I did look at 2115 prior to this submittal. Must have missed the requirement. No worries. ... Delete Account

11:17 AM Bug #2213 (Closed): Call to undefined function hash() in /etc/inc/auth.inc on line 507

This is because you must be using PHP 5.3 on the current code, not PHP 5.2.x. It was switched a while back. See #2115 Jim Pingle

11:16 AM Bug #2213: Call to undefined function hash() in /etc/inc/auth.inc on line 507

Crash report begins. Anonymous machine information:
i386
8.1-RELEASE-p6
FreeBSD 8.1-RELEASE-p6 #0: Mon Dec 12 1... Delete Account

11:10 AM Bug #2213 (Closed): Call to undefined function hash() in /etc/inc/auth.inc on line 507

Attempting to add a new user for captive portal testing purposes. Created a test user and clicked save... received th... Delete Account

02/18/2012

08:48 PM Bug #2212 (Resolved): dhclient not stopped after changing interface from DHCP to other type

after changing an interface away from DHCP, dhclient is left running. Chris Buechler

08:09 PM Feature #2205: relayd enhancements in system_advanced_misc.php

You are right, it is confusing.
According to relayd man page, these parameters can be applied globally and for eac... Pierre POMES

02:03 PM Feature #2211: tun interfaces should not be hidden from Interfaces>assign

Probably just rename the interface as we do for openvpn.
Otherwise some consequenceis might arise.
Most all of th... Ermal Luçi

02:18 AM Feature #2211 (Closed): tun interfaces should not be hidden from Interfaces>assign

tunX interfaces are hidden from assignment and should not be. they're useful in a number of circumstances when manual... Chris Buechler

02/17/2012

08:32 PM Bug #2210 (Resolved): "scrub in" usage needs evaluated

This commit:
https://github.com/bsdperimeter/pfsense/commit/a87c88106ab366f046baf0f459c445a055eea5f9
changed fro... Chris Buechler

08:20 PM Bug #2209 (Resolved): PPPoE MTU is not correctly set from values on interfaces.php

Setting the MTU on interfaces.php is ignored, and overridden by what's configured on the PPP instead. What's set by i... Chris Buechler

05:17 PM Bug #1351: Mobile IPsec no traffic pass trough after 2nd connect after 5 minutes

Need to rebuild the ipsec-tools port and use it in pfSense build. Ermal Luçi

01:54 PM Bug #1351: Mobile IPsec no traffic pass trough after 2nd connect after 5 minutes

Ermal,
Any chance you could shed some light on how to do that? I've got a few clients who this is affecting quite ... Arthur Brownlee IV

01:52 PM Bug #1705: Multi-WAN Failover loses default route

Bump in a new mode:
"Gateways status could not be determined, considering all as up/active."
Sent at least a few ... Harry Coin

02/16/2012

01:28 PM Bug #437 (Feedback): Y2K38 bug in user manager expiration

Ermal Luçi

12:59 PM Bug #437: Y2K38 bug in user manager expiration

that should have said commit:e32805d9 Yehuda Katz

12:56 PM Bug #437: Y2K38 bug in user manager expiration

I see that Seth merged my pull request: e32805d9 Yehuda Katz

11:35 AM pfSense Packages Bug #2208 (Resolved): Snort: Only the last updated rules get extracted, others get deleted

Steps to reproduce:
1. Install Snort via the Package Manager
2. Configure Global Settings to download Snort.org rul... Seb A

10:47 AM Bug #2207 (Resolved): Date header for E-mail incorrect.

PFSense E-mail notification date header: "Date: Thu, 16 Feb 2012 16:43:35 CET"
Date deceleration according to RFC822... Peter O

02/15/2012

06:59 PM Bug #2206: RRD Report Email HTML has incorrect file paths for attachments

Try to change line 198 of /etc/inc/mail_reports.inc from:... Jim Pingle

06:49 PM Bug #2206 (Feedback): RRD Report Email HTML has incorrect file paths for attachments

What e-mail client are you using? Because it renders them fine for me in both Thunderbird and K9. Jim Pingle

05:32 PM Bug #2206 (Resolved): RRD Report Email HTML has incorrect file paths for attachments

The HTML created by the RRD Report Email package is listing the graphs as:... Dainel Spisak

03:03 PM Bug #2200: Upgrade from 2.0-RC3 to 2.0.1 fails with "Something went wrong when trying to update the fstab entry"

Please post to the forum for support. This is a rejected ticket that was not a bug, but something that happened to th... Jim Pingle

02:59 PM Bug #2200: Upgrade from 2.0-RC3 to 2.0.1 fails with "Something went wrong when trying to update the fstab entry"

I've exactly the same problem. Stefan Hellmann

11:51 AM Bug #2157: Changing relayd settings in system_advanced_misc.php does not trigger relayd config update/reload

Good point. I will review and let you know !
Thanks,
Pierre
Pierre POMES

10:38 AM Bug #2204: DHCP reports client lease, but DNS doesn't know about

No, but details follow as soon as I have full access to the machine again (later this evening). Thomas Schweikle

09:46 AM Bug #2204 (Feedback): DHCP reports client lease, but DNS doesn't know about

Not enough detail here. Do you have a forum thread where this was discussed in more detail? Jim Pingle

08:27 AM Bug #2204 (Duplicate): DHCP reports client lease, but DNS doesn't know about

A client was assigned a lease, but the DNS server doesn't know about the client. It keeps not knowing about the clien... Thomas Schweikle

09:45 AM Feature #2205: relayd enhancements in system_advanced_misc.php

That is ambiguous as to whether that works with inbound or outbound load balancing. The sticky option works for both ... Jim Pingle

09:36 AM Feature #2205 (Resolved): relayd enhancements in system_advanced_misc.php

I suggest to add two new settings in system_advanced_misc.php for a better relayd control. (cf screenshot attached)
... Pierre POMES

02/14/2012

10:13 PM Bug #2157 (Resolved): Changing relayd settings in system_advanced_misc.php does not trigger relayd config update/reload

Test ok. Pierre POMES

08:24 PM Bug #437: Y2K38 bug in user manager expiration

https://github.com/bsdperimeter/pfsense/pull/49 Yehuda Katz

04:47 PM Bug #437: Y2K38 bug in user manager expiration

The issue is the call to strtotime which is limited to 2038 in 32-bit versions of PHP. The only solution that will wo... Yehuda Katz

03:22 PM Bug #2201 (Feedback): Picking interface subnet in IPsec for an interface with no IP generates invalid racoon.conf

Jim Pingle

01:50 PM Feature #2147 (Feedback): Cert Manager - additional download button for .p12

Applied in changeset commit:eaf23c171704362fdf3d7e27200ffdf540642c20. Jim Pingle

08:23 AM Bug #2202: Firewall rules specifying a gateway does not work for WAN subnet in some cases.

This is not unexpected behavior, there need to be policy route negation rules for any directly connected networks, st... Jim Pingle

08:17 AM Bug #2202 (Rejected): Firewall rules specifying a gateway does not work for WAN subnet in some cases.

I have a LAN firewall rule specifying that all outband traffic (destination all) should go to a gateway group contain... Andreas Winge

02/13/2012

06:32 PM Bug #2201 (Resolved): Picking interface subnet in IPsec for an interface with no IP generates invalid racoon.conf

If you pick an interface subnet in an IPsec P2 that has no IP, it generates an invalid racoon.conf. Input validation ... Chris Buechler

03:29 PM Bug #2164: Captive Portal - RADIUS - Acct-Session-Time does not reset when "stop/start accounting" is enabled

I am sorry to say that - or better - I am sorry that I posted something wrong on my first post! :-(
I am wrong wit... Alexander Wilke

09:02 AM Bug #2200: Upgrade from 2.0-RC3 to 2.0.1 fails with "Something went wrong when trying to update the fstab entry"

I disagree with the Rejected status.
I installed this system as described in the installation guide, using dd to... Henrik A

08:58 AM Bug #2200 (Rejected): Upgrade from 2.0-RC3 to 2.0.1 fails with "Something went wrong when trying to update the fstab entry"

This is not a general problem/bug, but something specific to your setup or what you're doing. Please post in the foru... Jim Pingle

03:45 AM Bug #2200 (Rejected): Upgrade from 2.0-RC3 to 2.0.1 fails with "Something went wrong when trying to update the fstab entry"

I tried upgrading from 2.0-RC3 to 2.0.1 on my nanobsd box, but it failed with "Something went wrong when trying to up... Henrik A

01:48 AM pfSense Packages Bug #2199: Varnish3 fails on start with sysctl-ish errors

Same error on Varnish 2.1.5 (pkg v1.0), so it's not specific to v3.
Same error on my production firewall (i386 2.0.1... Adam Thompson

01:39 AM pfSense Packages Bug #2199 (Closed): Varnish3 fails on start with sysctl-ish errors

Running pfSense 2.0.1-RELEASE nanobsd-VGA off a USB stick.
Installed Varnish3.
Performed initial configuration, ena... Adam Thompson

02/12/2012

10:40 AM pfSense Packages Bug #2198 (Rejected): OpenVPN Client Export Utility - When VPN Server mode is SSL/TLS + User Auth no certs to export

Not sure why it doesn't work for you, I've setup 3-4 VPNs this week in SSL/TLS + User Auth mode and it works fine to ... Jim Pingle

10:37 AM pfSense Packages Bug #2198 (Rejected): OpenVPN Client Export Utility - When VPN Server mode is SSL/TLS + User Auth no certs to export

When running an OpenVPN server in server mode "User Auth" or "SSL/TLS" the Client export Utility allows to export con... Alexander Wilke

02/11/2012

05:26 AM Bug #2165 (Feedback): IE 9 causes log out on Status>Traffic Graph

Fix tested with IE9, IE8 (with Adobe SVG plugin), Firefox, and Chrome. Erik Fonnesbeck

02/10/2012

10:08 PM pfSense Packages Feature #2197 (Closed): WebDav gateway

I'd like a WebDAV gateway package.
At a minimum, it'd need to support user authentication, and provide read-only a... Scott Brickey

06:14 PM Bug #2196: Multiple crypto cards in a box may conflict in unexpected ways

0x2000000 = 33554432 decimal (why that sysctl wants a hex mask but displays in decimal) Jim Pingle

06:13 PM Bug #2196: Multiple crypto cards in a box may conflict in unexpected ways

Just to keep this noted here.
Seems -1 is not the value for software only but on 8.1 sources 0x02000000 is the value. Ermal Luçi

05:58 PM Bug #2196 (Not a Bug): Multiple crypto cards in a box may conflict in unexpected ways

If there are multiple crypto devices on a box (padlock, hifn, glxsb) it may lead to some abiguity or confusion about ... Jim Pingle

05:09 PM Feature #2143: Captive Portal - RADIUS - attribute: Acct-Terminate-Cause

We need to add an accounting on packet like this after the CP service has restarted:... Alexander Wilke

05:03 PM Bug #2164: Captive Portal - RADIUS - Acct-Session-Time does not reset when "stop/start accounting" is enabled

Hi,
I didn't get the patch too 100% applied with this command:... Alexander Wilke

11:54 AM Bug #2195 (Rejected): static route

Jim Pingle

11:53 AM Bug #2195 (Rejected): static route

Hello,
Static routes fails i have a multilan and multiwan environment because i use recommended settings a do not ... Nicanor Martinez

11:44 AM Bug #2184: Static route issue

Do not cross-post to the ticket system, this is for bug reports, not support discussions. Free support is given on th... Jim Pingle

11:41 AM Bug #2184: Static route issue

Hello,
Static routes fail in multilan y multiwan environment because i use recommended settings a not work, please... Nicanor Martinez

02/09/2012

04:26 PM Bug #2164: Captive Portal - RADIUS - Acct-Session-Time does not reset when "stop/start accounting" is enabled

Attached patch from request Ermal Luçi

08:40 AM Bug #2164: Captive Portal - RADIUS - Acct-Session-Time does not reset when "stop/start accounting" is enabled

Well this is an easy fix if it really works that way.
I am not sure what really the Acc-Session-Time measures but si... Ermal Luçi

12:56 PM pfSense Packages Bug #82 (New): dns-server/tiny-dns-package not working after reinstallation

Fixing up redmine's copies of the git repo it accidentally set this back to feedback in the process. Jim Pingle

12:52 PM pfSense Packages Bug #82 (Feedback): dns-server/tiny-dns-package not working after reinstallation

Applied in changeset commit:71bc2064b506456195c4aa0623aaf016c175aae9. Anonymous

12:53 PM Feature #2032: add functionality to encrypt the private key in a Viscosity bundle (OpenVPN Client Export)

Applied in changeset commit:8490db315678c14c6b580e6d23718e8f089487c9. Jim Pingle

12:53 PM pfSense Packages Feature #1100: Add additional ports to squid (includes patch)

Applied in changeset commit:dfbb5e15dfdcacafbb7544257da252a0c4ea33ed. Jim Pingle

12:33 PM pfSense Packages Bug #1765 (Resolved): Unable able to clear Snort Alerts

Thanks Cino. Ermal Luçi

10:03 AM pfSense Packages Bug #1765: Unable able to clear Snort Alerts

this has been resolved. you can close out this ticket Cino .

11:57 AM Bug #2031: add help text for Certificate Manager serial number

Applied in changeset commit:bfa526dc396cd4bfd79b70cc554fd4a2df394e1f. Jim Pingle

10:07 AM pfSense Packages Bug #1747: Barnyard2

barnyard2 works, i still have to manually install the file but it could because I'm running 2.1-dev Cino .

10:05 AM Bug #2184: Static route issue

I'am sure my static routes is properly configured i am reporting a bug and is not solved yet.
Regards
Nicanor M... Nicanor Martinez

10:01 AM Bug #2184 (Rejected): Static route issue

Please keep discussion and support questions on the forum. This ticket system is for confirmed bugs only, and static ... Jim Pingle

09:59 AM Bug #2184 (Rejected): Static route issue

Excuse me, i think is bug.
I trying instructions from forums since 2.0 beta versions and i can't solve the proble... Nicanor Martinez

10:05 AM Bug #1729: IMSpector-wip is missing some files for install

i believe this has been resolved but i'm unable to test Cino .

10:01 AM Bug #2182: Static Route issue

Please keep discussion and support questions on the forum. This ticket system is for confirmed bugs only, and static ... Jim Pingle

09:56 AM Bug #2182: Static Route issue

Excuse me, i think is bug.
I trying instructions from forums since 2.0 beta versions and i can't solve the proble... Nicanor Martinez

01:09 AM Bug #2182 (Rejected): Static Route issue

not a bug. read the reply you got on the forum Chris Buechler

12:54 AM Bug #2182 (Rejected): Static Route issue

Since beta version of pfsense 2 i have problems with static routes, traffics between static routes stop, all is confi... Nicanor Martinez

02/08/2012

10:43 PM Bug #1001 (Resolved): Captive portal session reuse invalid when MAC changes

this is addressed in #2082 Chris Buechler

10:41 PM Feature #1831: Captive portal IPv6 support

there is a lot involved here, people will expect to auth both v4 and v6 IPs in a single shot which complicates everyt... Chris Buechler

06:07 PM Feature #1520: Option to disable the automatic default gateway (re)selection

The short version is racoon need to learn to differentiate packets by their incoming interface.
A patch is present o... Ermal Luçi

04:00 PM Bug #2052: CP ipfw duplicate rules

Applied in changeset commit:c92fb4c4dea298072593b2aae22aed43dcf44972. Ermal Luçi

04:00 PM Bug #2052 (Feedback): CP ipfw duplicate rules

Applied in changeset commit:10fb17c167e72f7ba83b526f6435be45deeb34be. Ermal Luçi

11:59 AM Bug #2174 (Closed): Using Show States with a large number of states causes an error

I'm running pfSense 2.0.1. I have the system configured to support 800K states, it generally has around 450K states ... Steve Boyle

11:57 AM Bug #2173 (Closed): pfsync errors

After upgrading from 2.0-RC3 to 2.0.1, the pfsync0 interface started reporting send errors.
[2.0.1-RELEASE][admin@ho... Steve Boyle

07:14 AM Bug #2171 (Closed): PHP fast-cgi and exit behaviour

All present php scripts in pfSense call exit after sending a redir or finding an error or wanting to just finish proc... Ermal Luçi

04:39 AM Feature #1169: Add load balancer status in SNMP

It is also necessary to add a text inside snmpd web configuration field where you can add customs commands, or someth... Daniele Palumbo

02/07/2012

09:25 PM pfSense Packages Feature #2170 (Closed): Enable AirPrint mdns via Avahi

Can we have Avahi adjusted to allow mdns broadcasts for Apple AirPrint?
This will allow iOS devices to print via C... kevev kevev

03:43 PM Bug #1527 (Closed): route-to should not override static routes

Follow on #1136 Ermal Luçi

03:35 PM Feature #1099: pptp does not use User Manager

The only way to solve this is teach mpd about external script used to authenticate users, as for OpenVPN/IPSec etc.
... Ermal Luçi

03:25 PM Bug #2082: Captive Portal error when client IPs are reused

A non-fatal warning there would be nice. I'm not sure we should prevent it outright but they should be aware that it ... Jim Pingle

03:25 PM Bug #2082: Captive Portal error when client IPs are reused

Applied in changeset commit:fbdc4b568453198fda514800286825fa9e74896f. Ermal Luçi

03:25 PM Bug #2082: Captive Portal error when client IPs are reused

Applied in changeset commit:2890cae51a424519662922e558bc939077b66c7c. Ermal Luçi

03:22 PM Bug #2082: Captive Portal error when client IPs are reused

Changed error message. Probably should even warn user on dhcp timeout lower than CP timeout? Ermal Luçi

03:20 PM Bug #2082: Captive Portal error when client IPs are reused

Applied in changeset commit:843a6fe25ac303ceda46450a3f4ac24f69a54ecb. Ermal Luçi

03:20 PM Bug #2082 (Feedback): Captive Portal error when client IPs are reused

Applied in changeset commit:443abb317d52d57fba132eef7ebffa839538a0e4. Ermal Luçi

03:06 PM Bug #2127 (Feedback): Full Update Image Size is too large on 2.1

I removed the 3 biggest files there _Dev kernels and uniprocessor one since their presence is not really needed these... Ermal Luçi

02:05 PM Bug #1999 (Feedback): Existing voucher settings upset new CP Zones/Vouchers code

Applied in changeset commit:67e73dcd0663222e2d9c803e50a4a15104f8bc08. Ermal Luçi

02/06/2012

02:15 PM Bug #2166 (Resolved): Dynamic DNS not updating

RFC 2136 DNS is not updating when no DynDNS config is present.
Version:
2.0.1-RELEASE (amd64)
built on Mon Dec... Johan Braeken

02/04/2012

03:50 PM Feature #2143: Captive Portal - RADIUS - attribute: Acct-Terminate-Cause

There seems to be a function in /etc/inc/captiveportal.inc which has "Acct-Terminate-Cause = 7" but it seems not to w... Alexander Wilke

06:49 AM Bug #2163 (Feedback): 1:1 NAT Reflection helper rules do not cover static route subnets

It should be good now with these two fixes and the one just before them for a separate related issue. Erik Fonnesbeck

02:42 AM Bug #2163: 1:1 NAT Reflection helper rules do not cover static route subnets

It appears that this only happens when the gateway referenced by the static route is directly reachable (on the same ... Erik Fonnesbeck

02/03/2012

10:58 PM Bug #2165 (Resolved): IE 9 causes log out on Status>Traffic Graph

Browsing to Status>Traffic Graph in IE 9 logs the session out the web interface.
Attached is the contents of "Fol... Chris Buechler

06:53 PM Bug #2039: Adding a local interface conflicting with a static route in the routing table fails to add the link route

updated with proper description of problem Chris Buechler

03:48 PM Bug #2164 (Resolved): Captive Portal - RADIUS - Acct-Session-Time does not reset when "stop/start accounting" is enabled

Acct-Session-Time needs reset to value 0 when accounting-stop packet is sent. This is done when "no accounting update... Alexander Wilke

11:43 AM Bug #2163 (Resolved): 1:1 NAT Reflection helper rules do not cover static route subnets

If you enable NAT reflection for 1:1 NAT and also the outbound NAT rules to assist 1:1 NAT, the resulting rules only ... Jim Pingle

02/02/2012

05:13 PM Feature #2147: Cert Manager - additional download button for .p12

No that's fine, and that would work, but since you mentioned the client export package .p12 that's why I made the oth... Jim Pingle

05:09 PM Feature #2147: Cert Manager - additional download button for .p12

No need to include the CA.crt into pkcs12 (cert.crt + cert.key).
Just make a pkcs12 from the corresponding .crt an... Alexander Wilke

11:49 AM Feature #2147: Cert Manager - additional download button for .p12

The GUI uses PHP's built-in OpenSSL commands, and the Client Export package uses shell commands.
The PHP version o... Jim Pingle

01:12 PM Bug #1736: Allow other users to be used as authenticator in xmlrpc exchanges

Adding this to help prevent duplicate bugs...
In the Firewall -> Virtual IPs scree, in the CARP Settings tab, the ... Tommy McNeely

11:20 AM Bug #2157 (Feedback): Changing relayd settings in system_advanced_misc.php does not trigger relayd config update/reload

Applied in changeset commit:6fbe0168416bdb5d410cb36fdf531b317d3e072a. Jim Pingle

02/01/2012

02:35 PM Bug #2159 (Resolved): Upgrade code breaks RRD databases on nano

Feb 1 20:28:40 php: /status_rrd_graph_img.php: Failed to create graph with error code 1, the error is: ERROR: No DS ... Seth Mos

01:25 PM Bug #2158: SNMP bind needs to list all interfaces/VIPs

Applied in changeset commit:18d4d360a3a5de5c80ab3940ce2cf80bee3859e6. Jim Pingle

01:25 PM Bug #2158 (Feedback): SNMP bind needs to list all interfaces/VIPs

Applied in changeset commit:c82b2c3f212e7c008146df624e0423d0f10770ab. Jim Pingle

08:19 AM Bug #2158 (Resolved): SNMP bind needs to list all interfaces/VIPs

The SNMP GUI has a "bind to LAN interface" option but that is a bit ambiguous and not so useful in 2.x. It also doesn... Jim Pingle

09:27 AM Bug #2130 (Resolved): Invalid netmask on IPv4 addresses core dumps filterdns

Seth Mos

07:46 AM Feature #2117: 6RD support for ISPs like Swisscom

from reading the sparse documentation one needs to calculate the IPv6 prefix address for the broker inside the give p... Seth Mos

01/31/2012

06:04 PM Bug #2157 (Resolved): Changing relayd settings in system_advanced_misc.php does not trigger relayd config update/reload

When changing relayd settings in this screen (for example: "use sticky connections"), /var/etc/relayd.conf should be ... Pierre POMES

02:50 PM pfSense Packages Bug #2156 (Closed): Can't install TinyDNS: unexpected '&'

1.2.3 is no longer supported. If someone would like to make a merge request in git for a separate package for 1.2.3 t... Chris Buechler

12:18 PM pfSense Packages Bug #2156: Can't install TinyDNS: unexpected '&'

Looks like the IPv6 code I added last June might be breaking this in two ways on 1.2.3. First because PHP4 doesn't li... Jim Pingle

06:33 AM pfSense Packages Bug #2156 (Closed): Can't install TinyDNS: unexpected '&'

I was trying to install TinyDNS under my installation of pfsense ..
It got to the Installing dns-server and its de... Ahmed El Gamil

01:04 PM Bug #2149: PPTP Split Tunnel

Yeah I would also be interested in finding out which PPTP server supports that. All the ones I have used don't provid... Warren Baker

01/30/2012

07:32 PM Bug #2149: PPTP Split Tunnel

I'm not aware of any PPTP server that does that in a way that works for all clients, which are you using that does? E... Chris Buechler

09:50 AM Bug #2149: PPTP Split Tunnel

I think your may mean that is it not possible for the PPTP Server used by pfSense to send routes to PPTP clients as I... Chris Mirchandani

02:18 AM Bug #2149 (Rejected): PPTP Split Tunnel

it's not possible to send routes to PPTP clients, has to be done on the client. Chris Buechler

01:18 AM Bug #2149 (Rejected): PPTP Split Tunnel

Establishing a PPTP tunnel with pfSense does not pass routes to PPTP VPN clients. This may or may not be intended so ... Chris Mirchandani

07:28 PM Feature #2148 (Closed): Dynamic DNS Update Frequency

the cron package allows editing that easily, don't think it's worthwhile for us to bother otherwise. though if you're... Chris Buechler

09:43 AM Feature #2148: Dynamic DNS Update Frequency

Chris,
My suggestion is not to change the time it runs for everyone. My suggestion is to show the time/frequency i... Chris Mirchandani

01:54 AM Feature #2148: Dynamic DNS Update Frequency

You can change your cron job in that case. We're not going to run something every 3 minutes on everyone's system that... Chris Buechler

01:13 AM Feature #2148: Dynamic DNS Update Frequency

Chris,
Updates may take place if the IP on the WAN interface changes, but not if the pfSense device is behind a DS... Chris Mirchandani

04:11 PM Feature #1829: CARP with IPv6 support

Patch committed for FreeBSD 8. Ermal Luçi

04:41 AM Feature #1829: CARP with IPv6 support

If feasible, add support for manually configuring the link-local address to send by way of a patch to rtadvd.
We cou... Seth Mos

02:53 PM Bug #2155 (Resolved): CP sends voucher as username to RADIUS when "re-auth every minute enabled"

When using Captive Portal + RADIUS + vouchers then CaptivePortal sends the voucher code as username to RADIUS when "r... Alexander Wilke

11:01 AM Feature #2152 (Needs Patch): Pass-through MAC and Vouchers

When I enable Pass-though MAC automatic additions it adds both the people that authenticate using my radius and my vo... Nathan Achey

04:34 AM Feature #2151 (Resolved): Add IPv6 support to the pfSense module

Lifted from /etc/inc/interfaces.inc FIXME notes.
We need something to set the IPv6 address. And we need to have a fu... Seth Mos

03:17 AM Bug #2150 (Rejected): PPTP DNS Issue

thanks Warren, definitely not an issue as described then. Chris, post to the forum or mailing list for help. Chris Buechler

03:03 AM Bug #2150: PPTP DNS Issue

It works fine for me on amd64. No problems at all.
Try use tcpdump and see if the dns traffic is even hitting the FW. Warren Baker

02:34 AM Bug #2150 (Feedback): PPTP DNS Issue

most people run exactly that way, it works. I just double checked another install to verify. Though I don't have an a... Chris Buechler

01:26 AM Bug #2150 (Rejected): PPTP DNS Issue

For PPTP clients DNS fails, I get a DNS time out, on every IP on a pfSense interface for which DNS is configured incl... Chris Mirchandani

01/29/2012

05:09 PM Feature #2148 (Rejected): Dynamic DNS Update Frequency

It updates on every IP change, the cron job is only to update if the IP hasn't changed in 25 days so the provider doe... Chris Buechler

01:45 PM Feature #2148 (Closed): Dynamic DNS Update Frequency

The current Dynamic DNS configuration does not check for IP address changes often enough to be useful in many situati... Chris Mirchandani

04:22 PM Feature #2143: Captive Portal - RADIUS - attribute: Acct-Terminate-Cause

I bought a FreeRADIUS book: "FreeRADIUS Beginner's Guide by Dirk van der Walt" and I uploaded to excerpts which expla... Alexander Wilke

01/28/2012

04:56 PM Bug #1421: Disconnecting PPTP VPNs drops IPsec when using wrong PPTP server IP

http://sourceforge.net/mailarchive/forum.php?thread_name=91C62B8E3E2A4F75893DCBCD634ECACF%40Avitos&forum_name=ipsec-t... Ermal Luçi

12:41 PM Feature #2147 (Resolved): Cert Manager - additional download button for .p12

Cert Manager in pfsense allows to download the .crt and .key file of CA and certificates. But on windows clients we n... Alexander Wilke

01/27/2012

06:38 PM Bug #1698: IPSec tunnel from CARP backup interface

This needs to teach racoon about carp interface status. Ermal Luçi

06:36 PM Bug #1393 (Closed): IPSec Xauth

Follow-up on #1112 Ermal Luçi

06:32 PM Bug #1872 (Closed): ipsec-tools strict DPD cookie check

This probably should just be skipped since its just related to old gear.
Closing for now, can reopen later on. Ermal Luçi

06:28 PM Bug #1351: Mobile IPsec no traffic pass trough after 2nd connect after 5 minutes

This is the same as #1970.
Please try with the new ipsec-tools port from pfPorts. Ermal Luçi

06:13 PM Bug #1421: Disconnecting PPTP VPNs drops IPsec when using wrong PPTP server IP

sounds fine, just file an alert for already-existing configs that are wrong, and add the input validation to prevent ... Chris Buechler

05:32 PM Bug #1421: Disconnecting PPTP VPNs drops IPsec when using wrong PPTP server IP

The changes to ipsec-tools are a bit too intrusive to teach racoon about interface indexes.
I think the better optio... Ermal Luçi

06:10 PM Bug #1970 (Feedback): IPsec stops routing after a while

Applied in changeset commit:d2a5443f5d0f9747be874a4f8787ca18348a8461. Ermal Luçi

05:52 PM Feature #2117: 6RD support for ISPs like Swisscom

earlier 6rd work. http://bougaidenpa.org/masakazu/archives/54 Seth Mos

04:05 PM Feature #1986 (Feedback): Find a way to list logged in IPsec xauth users

pfPort patched.
new racoonctl option show-users Ermal Luçi

04:04 PM Bug #1112 (Feedback): IPsec GUI/backend missing RADIUS support

Patch committed to pfPort of ipsec-tools.
Btw probably it is not needed to compile racoon with LDAP and RADIUS suppor... Ermal Luçi

02:38 AM Feature #2146 (Resolved): Allow concurrent logins when using vouchers

When using vouchers it is not possible to use them more then once, even when enabling 'allow concurrent logins'. Usin... Igor Ybema

01/26/2012

04:18 PM Feature #2143: Captive Portal - RADIUS - attribute: Acct-Terminate-Cause

The problem is that I cannot implement this but probably can help on testing. If it will not find a way into 2.1 than... Alexander Wilke

12:15 PM Bug #2144: pfSense dyndns for Namecheap doesn't work with hostnames containing "."

Applied in changeset commit:89bbb204ad58c4d0250ebabf34ebec1996a53088. Jim Pingle

12:15 PM Bug #2144 (Feedback): pfSense dyndns for Namecheap doesn't work with hostnames containing "."

Applied in changeset commit:e8fc69ff43bb089f90de4f87f02db44f55a96b40. Jim Pingle

12:03 PM Bug #2144: pfSense dyndns for Namecheap doesn't work with hostnames containing "."

Except that would break everyone's current settings unless we tried to be smart with some upgrade code (which could s... Jim Pingle

11:55 AM Bug #2144: pfSense dyndns for Namecheap doesn't work with hostnames containing "."

It's probable that other dyndns providers also accept hostnames including dots, since it's legal A record syntax. Thi... Doug Dimick

11:42 AM Bug #2144: pfSense dyndns for Namecheap doesn't work with hostnames containing "."

(Copying my reply from the forum post here)
Yeah we split on ., I didn't realize their client supported that syntax.... Jim Pingle

11:38 AM Bug #2144 (Resolved): pfSense dyndns for Namecheap doesn't work with hostnames containing "."

Namecheap happily supports hostnames like www.sub.domain.com. Their Windows dyndns client also supports hostnames tha... Doug Dimick

01/25/2012

06:50 PM Feature #933 (Closed): Add IPsec option to allow the client to save the Xauth password

Since no complaints received. Ermal Luçi

05:20 PM Feature #2143: Captive Portal - RADIUS - attribute: Acct-Terminate-Cause

if you can implement and fully test and submit a merge request we'll get it in for 2.1, otherwise this probably can't... Chris Buechler

05:15 PM Feature #2143: Captive Portal - RADIUS - attribute: Acct-Terminate-Cause

This is the RFC:
http://freeradius.org/rfc/rfc2866.html#Acct-Terminate-Cause Alexander Wilke

05:13 PM Feature #2143 (Resolved): Captive Portal - RADIUS - attribute: Acct-Terminate-Cause

When using Captive Portal with RADIUS and Captive Portal is restarting the FreeRADIUS server does not get any informa... Alexander Wilke

04:16 PM Feature #2117: 6RD support for ISPs like Swisscom

A healthy chunk of code is already in there. Come to think of it, 6to4 is very similar to this, but the patch for stf... Seth Mos

05:48 AM Feature #2117: 6RD support for ISPs like Swisscom

Got a reply from Swisscom clarifying their 6RD deployment, past trial, now production.
Our productive network uses 6... Seth Mos

01/24/2012

05:11 PM pfSense Packages Bug #2142 (Resolved): Squid Reverse Proxy should have login=PASS on all peers

I noticed that after configuring reverse proxy, I couldnt log into any machines that were behind the proxy.
After di... Ryan Davies

01:26 PM Feature #709: Add DHCP lease counts to the DHCP leases page

See also some notes in #2141 Jim Pingle

01:26 PM Feature #2141 (Closed): DHCP Lease Consumption Graph/Chart

Upon further searching, we already have a ticket for this... #709 Jim Pingle

12:55 PM Feature #2141: DHCP Lease Consumption Graph/Chart

Probably too much computation to do for a widget, and maybe even too much to do automatically for the leases view, si... Jim Pingle

12:49 PM Feature #2141 (Closed): DHCP Lease Consumption Graph/Chart

IPv4 (probably not sane for IPv6?) DHCP Lease consumption graph/chart in style of the Summary View on the Firewall Lo... Larry Titus

08:30 AM Bug #2130 (Feedback): Invalid netmask on IPv4 addresses core dumps filterdns

Applied in changeset commit:7f662df6657787d75b5fb3773199a3077485e4d9. Ermal Luçi

08:28 AM Bug #2130: Invalid netmask on IPv4 addresses core dumps filterdns

It was not a issue of not handling netmask but an issue with threads accessing free'd data. Ermal Luçi

01/23/2012

05:26 PM Bug #2138: RRD Wireless graph broken in BSS mode

Seth, the graph does not make sense when not using the card as an AP.
When using the interface as an AP you would ne... Christian Borchert

05:22 PM Bug #2138: RRD Wireless graph broken in BSS mode

Originally I made this graph for a wireless client connection so we could track the signal strength.
I'm not sure ... Seth Mos

05:19 PM Bug #2138 (New): RRD Wireless graph broken in BSS mode

http://forum.pfsense.org/index.php/topic,45194.0.html
I am using pfSense 2.0.1 amd64 with an Atheros card (D-Link ... Christian Borchert

02:15 PM Bug #2066: Error when deleting all-numerical user from a "user manager"

Applied in changeset commit:a82b1ab12d1f433c7f0e9bfc6e952cf511de8045. Jim Pingle

02:15 PM Bug #2066 (Feedback): Error when deleting all-numerical user from a "user manager"

Applied in changeset commit:9fd145911d89d7ca891d0e08a861474420361990. Jim Pingle

01:25 PM Bug #2066 (New): Error when deleting all-numerical user from a "user manager"

Well the key here is that you're using a username that is all numbers, apparently. Not sure how well that was tested,... Jim Pingle

12:52 PM pfSense Packages Feature #2133 (Closed): Add ET's SidReporter to snort package

Please include ET's SidReporter (http://doc.emergingthreats.net/bin/view/Main/SidReporter) into the snortpackage?
... Christian Borchert

12:44 PM Bug #2131 (Closed): pfsync(4) version change breaks HA upgrade

It's noted in the upgrade guide for previous versions and we'll just have to expand that as we always do for new rele... Chris Buechler

11:13 AM Bug #2131: pfsync(4) version change breaks HA upgrade

I added this just to list possible options not really doing anything more with it.
Ermal Luçi

11:08 AM Bug #2131: pfsync(4) version change breaks HA upgrade

We always warn for that, this is no surprise.
We are usually shocked when it does work, since we expect failure he... Jim Pingle

04:06 AM Bug #2131 (Closed): pfsync(4) version change breaks HA upgrade

Since in FreeBSD 9 there is a new pfsync version upgrades will break the protocol so either a compat layer needs to b... Ermal Luçi

11:41 AM Feature #2026: [Patch] Multiple SMTP notice recipients

Something for version 2.1 maybe? Peter O

05:30 AM Bug #2132 (Closed): Multi-wan inbound connections might cease to function when rules with forced-gateway exist on the same interface

Scenario:
WAN interface WAN_TWO
There are rules on WAN_TWO with a forced gateway such as, for instance,... Fulvio Scapin

02:53 AM Bug #2130 (Resolved): Invalid netmask on IPv4 addresses core dumps filterdns

Jan 23 08:55:12 kernel: pid 7134 (filterdns), uid 0: exited on signal 11 (core dumped)
Jan 23 08:55:02 check_reloa... Seth Mos

01/22/2012

03:58 PM Feature #2129: TCP mss clamping for IPv6

the problem is that pf currently does not handle ipv6 fragments. the other case is IPsec tunnels and other VPN soluti... Seth Mos

12:30 PM Feature #2129: TCP mss clamping for IPv6

Ok I ran a test at ICSI Netalyzr, and ran into the same thing
IPv6 Path MTU (?): Warning
Your system can not send... JohnPoz _

12:14 PM Feature #2129: TCP mss clamping for IPv6

Where are you testing this exactly - my tests to http://test-ipv6.com/ show ok
Test IPv6 large packet
ok (0.204s)... JohnPoz _

01/21/2012

05:03 PM Bug #2127: Full Update Image Size is too large on 2.1

Not sure why the UP kernel is in that list either, since we don't use it. There's ~11MB right there... Jim Pingle

05:02 PM Bug #2127: Full Update Image Size is too large on 2.1

I'm sure there is a way to shrink it. Currently the kernels take up more room than anything else (combined, essential... Jim Pingle

04:59 PM Bug #2127: Full Update Image Size is too large on 2.1

I expect we can shrink that down considerably to get under 100 MB. It has to be including a number of unnecessary thi... Chris Buechler

02:56 PM Bug #2127 (Resolved): Full Update Image Size is too large on 2.1

The full update image size from the initial test builds on FreeBSD 9 is more than 100MB. The upload size limit on pfS... Jim Pingle

04:43 PM Feature #2129 (Resolved): TCP mss clamping for IPv6

There is no tcp mss clamping for ipv6 and pf is not doing it either. Rumor has it that OpenBSD has it now.
Your sy... Seth Mos

04:40 PM Feature #2128 (Bogus): Large DNS requests on dnsmaq

Not sure if unbound will fix this, but performing the ICSI netalyzr test it has issues with large dns requests.
Th... Seth Mos

02:48 PM Bug #2126 (Resolved): Build package binaries for FreeBSD 10.x

We need to get a set of FreeBSD 9.x PBI builders going to crank out the needed binaries for FreeBSD 9.x packages. Som... Jim Pingle

02:46 PM Bug #2125 (Resolved): Update Package XML for FreeBSD 10.x

We need 9.x equivalents of
pkg_config.8.xml
pkg_config.8.xml.amd64
We could start first with the purely PHP-bas... Jim Pingle

02:44 PM Bug #2124 (Resolved): Package system updates for FreeBSD 10.x

Several things need to happen to get packages going on FreeBSD 9, see subtasks. Jim Pingle

12:38 PM Feature #1104: mwl driver patch to enable generation of new BSSIDs for additional VAPs

I never mentioned previously in this ticket that I deleted the latter patch because a variant of the extra part of th... Erik Fonnesbeck