Activity
From 04/27/2012 to 05/26/2012
05/26/2012
-
04:59 PM Feature #1986: Find a way to list logged in IPsec xauth users
- A bit better info now, the i386/amd64 bit was a red herring, it can crash on both. They key factor is that you have t...
-
- Ermal - running the show-users command with no users connected seems to crash racoon with no logged error, just a cor...
-
01:10 PM Bug #2455: IPSec Phase 2 settings GUI doesn't take into account AH vs ESP selection properly
- I'll check it out as soon as a snapshot is live that incorporates the change...
-
08:41 AM Bug #2455 (Feedback): IPSec Phase 2 settings GUI doesn't take into account AH vs ESP selection properly
- Should be ok now, could you test again ?
Thanks.
Pierre -
-
10:44 AM Bug #1629: invalid state table entries after WAN IP change
- Same deal, 2.0.1-RELEASE and this happens every so often, but not on every IP change. I can delete the 2 state entri...
-
03:20 AM pfSense Packages Bug #2457 (Resolved): Lightsquid 1.8.2 pkg v.2.32 logpath is wrong in lightsquid.cfg
- In my pfSense router:
2.1-DEVELOPMENT (amd64)
built on Mon May 14 10:01:41 EDT 2012
FreeBSD 8.3-RELEASE-p1
...
05/25/2012
-
- There are two things that would massively increase the usefulness of that widget:
a) remember or allow to be confi... -
07:59 PM Bug #2373: There were error(s) loading the rules... (Floating rules bug)
- Thanks Jim, sorry I was a bit frustrated - not with you guys, with myself for not testing the build before running it...
-
- OK, iff there are PPTP issues, that would be a new/separate ticket. Try to confirm with others on the forum first. Th...
-
10:52 AM Bug #2373: There were error(s) loading the rules... (Floating rules bug)
- At least I have no annoying error messages anymore and looks like shaping is working, but i need more time to test it...
-
- This bug appears fixed Ermal, BUT the changes seem to have broken the PPTP server *and* traffic shaping still doesn't...
-
05:12 PM Bug #2440 (New): Wireless client nic set for DHCP does not start dhclient
- Ok, this is definitely not fixed, I can't make sense of it. Deferring.
-
- Applied in changeset commit:6e0b68bfdea29b2943b6f104373f43cc56537bd8.
-
- On the VPN:IPsec:Edit Phase 2 page there is the section Phase 2 proposal (SA/Key Exchange)
If under Protocol ESP i... -
- Now that the traffic shaper itself is fixed, this is the bug I run up against, LOL. Thanks for your hard work Ermal! ...
-
06:10 AM Bug #2454 (Feedback): Captive portal return wrong authentication URL
- Applied in changeset commit:ac10faad42081ccfe48a37aa9814bc4684ffb701.
-
05:45 AM Bug #2454 (Resolved): Captive portal return wrong authentication URL
- Since the last update "Built On: Sun May 13 02:42:10 EDT 2012" our captive portal doesn't work anymore.
The redir... -
12:07 AM Bug #2452 (Rejected): Reject type rules only allowed for TCP
- not a bug, and this isn't a place to ask questions, please post to the forum or mailing list.
05/24/2012
-
- In Interfaces>(assign) you can create a new interface. The first one is WAN, the second is LAN, and then it starts wi...
-
11:15 AM Bug #2012: 4th+ CARP member will not work with default automatic skew
- Additional information:
http://forum.pfsense.org/index.php/topic,49745.0.html
-
11:11 AM Bug #2451: IPv6 rule: 'add network' becomes 'add single host'
- block return in quick on $WIRED inet6 from any to 2a00:1450:: label "USER_RULE: TmpReject YouTube"
-
- can you include what ends up in the /tmp/rules.debug?
-
- I tried to add a reject rule for a range of IPv6 addresses:
"Reject TCP IPv6 to type network 2a00:1450:: CIDR ... -
09:50 AM Bug #2446: pfSense fails to queue UDP packets
- Also note, as I wrote in the original post, that ICMP echo request packets are correctly assigned to the queue for sp...
-
- PBX is an alias consisting of two public IP addresses belonging to a public IP subnet defined on the interface opt1 a...
-
- It's igmpproxy doing it. I get it too. As a workaround for myself I have just added igmpproxy to syslog and yes I agr...
-
- I am sorry if I report intended behaviour. But I don't understand why rules of type reject only are allowed with TCP....
-
- Note that a existing rule on a different interface with the same alias actually works and is successfully expanded.
... -
- The following input errors were detected:
mngtports is not a valid start destination port. It must be a port a... -
- I performed more devd.conf changes, the media type is not recognized so I made it act on the _wlan subsystem now.
I ...
05/23/2012
-
05:16 PM Feature #1986 (Feedback): Find a way to list logged in IPsec xauth users
- This mostly works.
Just destination which is the system itself needs some more fixes, though its useable. -
- we currently already have rc.newipsecdns which does purging and reloading of tunnels. You can pass the function the o...
-
- Applied in changeset commit:d01de40fa6d6a05e03351f0ccd83c64f82a4a2e5.
-
- I am sorry but you can use no authentication for empty passwords.
It works as its expected. -
- Applied in changeset commit:062676f880878f788315991de861a71ccb86a478.
-
- I wonder if you are not being bitten by the order of events happening.
If PBX has internal LAN addresses than this r... -
- Sorry about that, her it is, properly unformatted:...
-
- yes, the config for the rule in question is:
<rule>
<id/>
- <type>pass</type>
- <interface>opt1</inte... -
- We switched to ntp.org's ntpd so this is no longer of concern.
-
- I just updated a NanoBSD install and it's fine, /tmp is at 0% used. GUI login is OK.
I'd have to guess that squid ... -
12:56 PM pfSense Packages Bug #2449: Console "Filesystem is full" on NanoBSD version
- Apologies for not giving more information Jim. Let me tell you what ive done:
1. I am currently running a build fr... -
- Not nearly enough information here - specifically we need to know at least what size nanobsd image you're running and...
-
- Tried to upgrade the NanoBSD embedded version and now getting an error on console saying /tmp write failed: Filesyste...
-
- With new snapshots this should be resolved.
Issue was patch missing on 8.3 snaps -
- Applied in changeset commit:6805d2d25f75ccb6d9b1da3814ba2244b3e3107e.
-
- I am using it for HAProxy in a virtualized environment where we have two sites which are part of the same vCenter (we...
-
- I am unsure why you'd want more than 3 members!
-
- Applied in changeset commit:35b714597c8947376b350681c361b38e2569747a.
-
- This is the upgrade code existing there.
Normally the section with s///g should have taken care of that.
Probably y... -
- Chapter 7.5 of the "HUAWEI UMTS Datacard Modem AT Command Interface Specification" lists the ^MODE messages to determ...
05/22/2012
-
- may just be bad timing/false alarm... will open if I can reproduce it again.
-
- Packages are not being built on the nightly run properly because snort is causing the build to fail.
Observe:
<pr... -
- Can you detail the rule you say assigns the traffic to your desired queue?
-
- Some extra details:
The floating rule assigning traffic A to the special queue should be set to "apply the action ... -
- Replication instructions:
Create CBQ or PRIQ shaper on WAN interface and create a default queue and another queue ... -
06:19 PM Bug #2447 (Resolved): Duplicated destination IPs in easy rule.
- On snapshot released Tue May 22 08:05:51 EDT 2012
Easy rule adds duplicated "destination" IPs instead of "source"... -
05:10 AM Bug #2409: ipfw - entryzerostats
- in version 2.1.0 (bild 18May2012) an error is confirmed.
-
- This turned out to be a specific issue with ZTE modems and pin lock.
I've switched to a huawei modem and found a g... -
- Ermal - you can put the time to Coltex
-
-
- Still hitting the double master issue in the Xs4all DC carp
-
- $i = 0;
foreach($config['ipsec']['phase1'] as $phase1) {
if($phase1['interface'] == "vip131")
$config['ipsec'][... -
- Because of the vip renaming per interface any IPsec VPN tunnels, or endpoints referencing a CARP vip are now broken a...
05/20/2012
-
09:11 PM Bug #2444: DynamicDNS doesn't update on WAN IP change
- I am not 100% sure what you mean,
my DSL modem is connected to PF and DSL_WAN PF interface manages the PPPoE
connec... -
- is the public IP actually on the firewall, not the modem? That's usually the cause, since in such cases it's impossib...
-
- I have a DSL WAN whose IP changes often.
If i manually make a change to the DSL_WAN interface, DynamicDNC updates ... -
- And cleanup the old LCK files from /var/spool/lock/LCK..cuaU0.0
devd should be able to do this for us. It says it ... -
-
- Hoping the devd changes resolve this, hoping for the best. Wireless is 802.11, not ethernet
-
- Helps in most cases but can still cause it to take too long making the dhcp client fail. Needs proper check_reload_st...
-
-
- The wireless interface reconfigure (Even with persist settings toggled) causes the interface to go down which then ne...
-
- check_reload_status is firing off for vr1, but not for ural0_wlan0 eventhough the kernel is marking it as up....
-
- Error output only lists:...
-
- Change just checked in, let me know how it goes.
-
- Should be resolved properly, or atleast for now, pretty sure we'll run into something new at some point. When adding ...
-
- When dynamic interfaces are down, these will show up even if there is already a manual entry for it too.
I have a ...
05/19/2012
-
- Trying to add a new PPP interface on a system that has no such configuration results in the UI hanging.
A system t... -
- I've configured a wireless nic as a client (infrastructure) on Opt3. It is set for DHCP but although the link comes u...
-
- I've been able to reproduce it.
When i open WAN_DSL connection and apply changes it does force a DynDNS update.
H... -
- I've yet to see it update on WAN IP change.
My WAN_DSL ip has changed, the dsl modem is connected directly to PF.
D... -
12:06 PM Feature #2439 (Resolved): XEN Para-virtualized Drivers Support
- It's possible to include the xen DomU driver in pfsense 2.1 ?
05/18/2012
-
05:58 PM Feature #2438 (Duplicate): Inbound traffic shaping on unpredictable ADSL - the qosmon approach
- I've been using pfSense for some time now, and it's wonderful. I've never been able to solve a problem, anyway: QoS o...
-
05:12 PM Bug #2437 (Resolved): PHP missing bcmath (that was solved for pfSense 2.0 two years ago, re-discovered in the latest pfSense 2.1)
- 1.
When "Radius Accounting" is enabled and trying to disconnect a connected client in the captive portal gui - the f... -
- Also worth noting, though similar to the fact that it happens if you upgrade from 2.0.1 (noted above) is that loading...
05/17/2012
-
08:13 PM Feature #2413 (Feedback): Allow IPv6 interface configuration from the menu
- implemented in commit:c1361a9f
I've done basic testing but this needs a lot more testing than i'm able to do so i'... -
- fixed in commit:283d78c6
-
- Darren, do you think you can prevent this duplicate name issue in the Ajax call?
-
- I just want to say, that amd64 architecture is affected also.
Have just tried it. -
- Seth, reassigning to you for you to test/close/assign back to me as needed.
-
- Fixed in commit:428c289f and commit:8dcca9b5.
Reassigning to you so you can do further testing.
Please close if e... -
- If restoring a partial config, we currently assume that only that section is uploaded. This is somewhat counterintuit...
-
- Fatal error: Allowed memory size of 134217728 bytes exhausted (tried to allocate 90164860 bytes) in /usr/local/www/di...
-
- I've also added "RRD Data" as a backup option in the dropdowns. Requires a little special handling in diag_backup.ph...
-
- I've confirmed that -f is actually necessary anyway and added -f and log_error calls on failure to all the rrdtool re...
-
- The quick test I just did, backup config.xml on i386, upgrade to amd64, then restore config.xml didn't fix the RRD fi...
-
-
- fixed in commit:dcb94db5
-
12:25 AM pfSense Packages Bug #2435 (Resolved): SquidGuard: Deprecated function 'eregi' warnings
- In squidguard_configurator.inc, there are a number of uses of @eregi()@ which is now deprecated in PHP 5.3. This cau...
05/16/2012
-
- Something still isn't 100% here - When you activate a drop-down to expand one of the closed graphs, it also activates...
05/15/2012
-
- Applied in changeset commit:c886fed9ba6a19fface58c918be5d7b111cca1f3.
-
- Adding this bit in auth.inc broke the realtime traffic graphs:
@Header("X-Frame-Options: DENY");@
We either nee...
05/14/2012
-
- Yeah you're right I started to fix it one way then changed my mind halfway, but didn't back out the original change. ...
-
12:19 PM Bug #2432: OpenVPN Client Specific Override ifconfig-push
- I understand your concern about upgrade users since i appreciate when upgrade runs smoothly.
I've looked at the ... -
- Not sure that making them server-specific will be feasible. At the very least, that will cause problems for upgrade u...
-
- Hello,
I'm using a snapshot of pfSense 2.1 (20120419-1059). My pfSense installation holds two distinct VPN serve... -
11:25 AM pfSense Packages Bug #2429: Hostname issues in OpenVPN Client Export
- I replaced the two {{ with { in /usr/local/pkg/openvpn-client-export.inc on two lines in the file.
It works perfectly! -
- Applied in changeset commit:0d639e580d2fc2651a4386a4248ac9e9b97d949d.
-
- When i select installation hostname when i export it looks like this in the configuration file:
remote host.{domain.... -
- This has already been fixed in 2.0.2/2.1.
-
06:02 AM Bug #2431 (Rejected): Receiving warning message when adding/modifiyng exclude list in Services Status widget (dashboard)
- Warning message displayed :...
-
- Duplicate
-
- Sorry for duplicate submit.
-
- Warning message displayed :...
05/11/2012
-
- It appears that the limiters are referenced only by their index in the current list of limiters, instead of by name o...
-
- Wrong file been referenced. Fix in commit:62fc138e7096d9b28026a86244baad56980494f4
-
- When doing an upgrade the shell script /etc/rc.firmware is executed. As part of the upgrade process this script execu...
-
- fixed in commit:937cec84
-
- [Edit: the ticket system seems to have chopped off all my text except the last line...]
The real issue is making a d... -
04:31 AM Bug #2426 (Resolved): Input validaton on interface gateway creation box needs to reject duplicate names
- If two gateways are created with the same name/label, and one of them is set as default for an interface, it's not po...
05/10/2012
-
02:15 PM Bug #2063: PHP Memory Usage too high for 128MB RAM Systems (like ALIX)
- pull request attempt number 2: https://github.com/bsdperimeter/pfsense/pull/106
-
- Pull request to set the number of web configurator processes to 1 on ALIX systems with 256MB RAM or less
https://... -
-
- This is already fixed for 2.1: https://github.com/bsdperimeter/pfsense/pull/96
-
- http://www.php.net/manual/en/function.openlog.php#98307 suggests an alternate way of specifying the facility that may...
-
- That looks like anything in PHP that uses log_error() is doing that.
However log_error is doing this:... -
11:45 AM Bug #2419 (Feedback): Possible Clickjacking Vunerability
-
- ipfw supports masking MACs, sort of like a CIDR, and this could be a useful feature to allow, for example, all phones...
-
- Over time, NTP eventually loses the ability to keep the clock in sync and sometimes will actually set the wrong time,...
-
06:51 AM Bug #2373: There were error(s) loading the rules... (Floating rules bug)
- Some error
Snap 2.1-DEVELOPMENT built on Wed May 9 21:13:38 EDT 2012 ... -
- Awesome stuff.
-
02:27 AM Feature #2418: HttpOnly and Secure flag are not set in the HTTP response header
- Wow.. Fantastic
Works as i had hoped
thank you for the quick fix
05/09/2012
-
-
- When trying to delete a previously added hostname from a Captive Portal zone - nothing happens. There is no error, bu...
-
- Change committed in commit:49ddf9a10ff3379162d437622f664cfe924b4552 - let us know if you happy this please.
-
- According to our tests for PCI-DSS certification by a professional security auditing team.
PfSense lacks the HttpO... -
- The following raw log entry:...
-
- While we're doing this, may as well add a fourth outbound NAT option
* Off (all outbound NAT disabled)
Then someo... -
- According to our tests for PCI-DSS certification by a professional security auditing team.
PfSense has a possible ...
05/08/2012
-
- I reverted that commit, had to adjust a few things since it didn't come out cleanly, but it should be out of RELENG_2...
-
- this needs to be backed out entirely from RELENG_2_0, it wasn't supposed to be there.
-
- Now that CARP VIP interfaces have been renamed, some issues have come up. They are now named, for example, wan_vip241...
-
- Also this does not seem to work.
[2.1-DEVELOPMENT][root@pfsense-amd64.localdomain]/root(68): racoonctl show-sa isa... -
- Setting this back to New since we still need code in the GUI to read this yet.
-
- Updated zoneinfo in commit:23b1fc4 and commit:8a4b381
-
- We do keep a copy of zoneinfo.tgz in the git repo. Hasn't been touched since 2008, and our code pulls the zones from ...
-
- Looks like someone also checked in a fix in commit:107e8acc that broke this again. It appears the fix on this ticket ...
-
- This appears to be properly fixed and functional on current snapshots.
-
- This seems mostly OK but I discovered one case the other day that is still problematic.
If you have a PPPoE interf... -
- I added a hostname with a . to one of my domains using Namecheap DNS and it updated fine, so this is fixed.
-
- Often we suggest people switch to manual outbound NAT to make some very basic adjustments (such as a static port for ...
-
- Applied in changeset commit:76ac460bd4a95a8600b05cecebd8d66f20feed70.
-
- The problem seems to be, in part, that this checks for an interface name of carp or vip, but with IP alias it would a...
-
- Closing this as the routing for PD nets is working great now, I plugged my ALIX in with a stock config and it pulled ...
-
- From Seth:
> There is a problem where pfSense itself can not reach the ipv6 internet [with a DHCPv6 WAN] leading to ... -
- Applied in changeset commit:76db94c28d3cabe38f0b0921c21f80dfddcf93fc.
-
- The code was already there to show that timestamp, so I fixed it up to show it (not quite how this patch was, better ...
-
- That second bit about v4 already has a ticket - #2074
-
- The current console menu only allows for IPv4 interface configuration. We need to add support for IPv6 interface conf...
-
-
- This has been OK for a while, the images are now under 90MB, which is down considerably from where they started.
-
- Setting this back to New only since we still need to code up GUI support for this. The backend part should be OK.
-
-
- Tested newest snapshots and it works for me.
-
- This has been working fine for me since that last commit. Logs are coming across IPv6 and are targeted at an IPv6 IP ...
-
- This has been working fine for me since my last fix. No errors, and it runs as expected during shutdown.
-
-
07:35 AM Bug #2360: OpenVPN "tap" mode not working
- appears to be working now. Thanks!
05/07/2012
-
- This seems to be the classic UDP problem where the system will source the reply from the "closest" address rather tha...
-
-
-
- make a merge request on github and this will make 2.1.
-
- easily worked around by pasting in the cert chain for the CA cert.
-
-
-
- Ah you're right, I didn't copy/paste or save from the test box to the repo like I usually do. Easy to miss in the fon...
-
- I think it works, with one small typo fixed:
pfSense_bridge_add_member($bridgeif, $realifl);
last later should ... -
- This should be fixed now by commit:e5e8840356e1f9ac2cd0e12f511599b5df84ace9
-
- This may be fixed now with commit:e5e8840356e1f9ac2cd0e12f511599b5df84ace9
05/06/2012
-
08:10 AM
Feature #2410 (Feedback): Support name based aliasing via CNAMEs or some other mechanism.
- Applied in changeset commit:5a2a83493cdb3f647b4913f3b84ef864103148f5.
-
04:35 AM Feature #2410: Support name based aliasing via CNAMEs or some other mechanism.
- https://github.com/bsdperimeter/pfsense/pull/99
-
- With the WAN configured as 6to4 it is possible to browse the internet but it is not possible to initiate traffic from...
05/05/2012
-
- The code seems to work fine for me. I added a host, gave it an alias, and it was populated in /etc/hosts as expected....
-
- Whitespace could use some cleanup, but usually patches will work so long as they are clean. It may have been that the...
-
- Whitespace is handled somewhat inconsistently throughout the pfsense codebase. I tried hard to mimic the style of exi...
-
- Done. https://github.com/znerol/pfsense Branch: feature/master/dns-host-alias
-
- mater is 2.1 (for now)
Interesting, I just did another gitsync to bring my VM up to the most current code and it s... -
- Actually the patch is against the master branch on github. The last commit i see in my git log is https://github.com/...
-
- Was that patched against 2.0.1 or 2.1? It doesn't appear to apply to 2.1.
-
- Patch attached. It applies on an installed pfsense 2.0.1 as well as onto git master.
In order to patch a running s...
05/04/2012
-
- The only place that makes a firewall rule for OpenVPN is in the wizard, and that's a one-time deal. There isn't an au...
-
10:06 PM Bug #2411 (Closed): OpenVPN Automatic Rule Generation does not update TCP/UDP
- When changing the protocol type of an OpenVPN connection, the automatic firewall rule generation does not update the ...
-
- Anyone can confirm this issue ?
-
08:02 AM Feature #2410: Support name based aliasing via CNAMEs or some other mechanism.
- Hosts file would work great I suspect, interface mock looks good too. Thanks!
-
- Hi. I probably could put together something for pfSense 2.0. Instead of implementing "real" CNAME support I'd like to...
05/03/2012
-
- Resubmission of feature request 129 from 1.2.2
I would like to request that this feature reconsidered. Regardless ... -
- Cancel that, entering new ticket for this in 2.x.
-
- I would like to request that this ticket be reopened and the feature reconsidered. Regardless of what DJB may think,...
-
- I apologize for my english...
pfSense 2.0.1
When logging in CaptivePortal (auth Radius, Accounting Updates - Start/... -
- aggh, stupid dumb idiot darren forgot to commit changes.
they're there now in commit:6b2d4b5a . -
- we don't create or control drivers, report the problems upstream to FreeBSD, after testing with a newer base stock Fr...
-
06:52 AM Bug #2408 (Rejected): Wireless run driver crashes kernel
- The run driver for a common 11n Ralink chipset casues severe system instability and kernel crashes. I have tested tha...
05/01/2012
-
- fixed
-
- The input validation that triggers: ...
04/30/2012
-
- Applied in changeset commit:60dd7649d02e4a82f9d57953359bf312038f174a.
-
- Looks like that syntax:...
-
- Simple: create a Traffic Shaper queue but forget to choose a queue parent.
from: http://tech.akom.net/archives/59...
04/28/2012
-
- PHP appears to be choking on the new changed syntax in /etc/rc.stop_packages. It's giving a syntax error when execute...
04/27/2012
-
11:02 PM Bug #2373: There were error(s) loading the rules... (Floating rules bug)
- I've done some testing and I think the patch to add the "match" action must be missing.
-
02:52 PM Bug #2373: There were error(s) loading the rules... (Floating rules bug)
- Found this issue and have following observation:
It is always the first match rule that gives the syntax error, no m... -
- Mounting read-only after mounting read-write can be very slow on recent NanoBSD images on 2.1, based on FreeBSD 8.3
... -
08:08 AM Feature #2400 (Closed): GUI options for WPA Enterprise with identity/password
- WebCfg WiFi Interfaces allows one to connect to just about anything, but connecting to a AD network with identity/pas...
-
- Just noticed that https://dns.he.net/ supports IPv6 for DynDNS now. Update format is identical to IPv4, just send the...
-
- I confirm, "ERRO" is in igmpproxy daemon.
Also available in: Atom