Project

General

Profile

Activity

From 05/10/2012 to 06/08/2012

06/08/2012

10:05 PM Revision ce0631b5: add <radnsservers> to the list of things that are arrays
for ticket #2361 Darren Embry
10:05 PM Revision 163e4b91: actually update RA DNS settings now
finishes #2361 Darren Embry
10:05 PM Revision 4e0fc44f: more work on feature #2361
- fields are there now but don't do anything
- checkbox for 'use same settings' that disables fields Darren Embry
09:47 PM Revision 8921bf89: Merge pull request #130 from marcelloc/master
move css style from last pull request to themes. Scott Ullrich
09:37 PM Revision 97f30a08: fix css style to themes.
Marcello Silva Coutinho
08:00 PM Revision ef3e9f16: Merge pull request #129 from marcelloc/master
convert menu alerts/notices to jquery + domtt Scott Ullrich
07:50 PM Revision 005ac3ca: convert menu alerts/notices to jquery + domtt
Marcello Silva Coutinho
07:37 PM Revision f3475477: split dhcpv6 server and ra #2361
Darren Embry
07:24 PM Revision 25d1c6b2: Shorter version of the fix to always set the radvd interface.
Redmine ticket #2477 Seth Mos
07:20 PM Revision 48a5985c: Make sure to fall through if this tag is not set.
Should fix redmine ticket #2477 Seth Mos
06:02 PM Feature #2361: router adv. daemon only allows for one subnet / limited options
here are the new fields:... Darren Embry
06:00 PM Feature #2361 (Feedback): router adv. daemon only allows for one subnet / limited options
Applied in changeset commit:163e4b91b10fd54374d69b02cb6caad5db262842. Darren Embry
03:49 PM Feature #2361 (Assigned): router adv. daemon only allows for one subnet / limited options
oh wait, i forgot to add fields for dns, searchdomain, use same settings to the RA tab. Darren Embry
03:46 PM Feature #2361 (Feedback): router adv. daemon only allows for one subnet / limited options
implemented, please do further testing.
commit:f347547 split dhcpv6 server and ra #2361
commit:1c8dbfb remove the... Darren Embry
05:53 PM Revision 1c8dbfbb: remove the RA stuff from services_dhcpv6 for #2361
Darren Embry
05:47 PM Revision 93458cb1: rename menu item for #2361
Darren Embry
05:27 PM Revision 5ef4a9e1: prep work for splitting dhcpv6 and RA for #2361.
Darren Embry
04:37 PM Bug #2477: router advertisement daemon (radvd) no longer starts
I think I may have fixed the snapshot. Otherwise please reopen.
Although I understand you file the ticket as high,... Seth Mos
10:25 AM Bug #2477 (Feedback): router advertisement daemon (radvd) no longer starts
I believe Seth had said this was because the snapshot was missing something that should be in the next new snapshot. ... Jim Pingle
10:19 AM Bug #2477: router advertisement daemon (radvd) no longer starts
just found additional logs in routing.log confirming the issue with the configuration file:
Jun 8 14:11:50 pfsens... Johannes Ullrich
10:14 AM Bug #2477 (Resolved): router advertisement daemon (radvd) no longer starts
as of today's update, radvd no longer starts. No obvious error message I can see so far, but the config file looks ba... Johannes Ullrich
04:14 PM Todo #2480 (Closed): Add checkbox to OpenVPN client/server to exlcude VPN server from (pushed) routes
If you try to push a route, or route directly, for the subnet containing the VPN server, OpenVPN would accept the rou... Jim Pingle
04:13 PM Feature #2479 (New): Allow reordering of the traffic graphs on the dashboard
Since the meaning of opt1-optN is variable, listing interfaces in sequence is not very meaningful in many cases. e.g.... Ronald Antony
12:41 PM Revision ff6677cf: Make sure we tag all 2.0 gateways as being IPv4, in 2.1 we require this tag to be present for the gateways.
This should prevent duplicate gateway entries for people coming from 2.0 that have dynamic interfaces Seth Mos
11:52 AM Bug #2478 (Closed): NTPd turns off after restoring a config file
NTP was completely reworked for 2.0.2 and 2.1 - this wouldn't be valid there because of the new design. Jim Pingle
11:50 AM Bug #2478 (Closed): NTPd turns off after restoring a config file
I don't know if this is designed this way on purpose or not but when restoring an XML config file from a system where... Larry Titus
06:34 AM Revision 1e5f47bb: Add blackhole to Null routes
Redmine ticket #2471 Seth Mos
04:52 AM Feature #1965 (Feedback): Support Multiple IPsec Peers
This has been complete on check_reload/pfSctl side. Ermal Luçi
03:38 AM Bug #2476: SECURITY ISSUE - Plain Text Dynamic DNS Account Password
This is the last time I'm going to say it - it's impossible to do in a way that isn't trivially reversible. There's a... Chris Buechler
01:36 AM Bug #2476: SECURITY ISSUE - Plain Text Dynamic DNS Account Password

As I’ve been pointing out and you don’t seem to be grasping, just because there is "seemingly" (by your claims any... NOYB NOYB
12:46 AM Bug #2476: SECURITY ISSUE - Plain Text Dynamic DNS Account Password
Insecurely storing your config can certainly be a security issue with every firewall and router. Literally every rout... Chris Buechler
12:20 AM Bug #2476: SECURITY ISSUE - Plain Text Dynamic DNS Account Password

Please stop misclassifying it as not a security issue.
Sorry you feel your responses here are a waste of your t... NOYB NOYB
12:11 AM Bug #2476: SECURITY ISSUE - Plain Text Dynamic DNS Account Password
It truly is impossible to securely resolve. You won't find anything that has a secure solution for encrypting such pa... Chris Buechler
12:05 AM Bug #2476: SECURITY ISSUE - Plain Text Dynamic DNS Account Password

The point is that you should not be saying it is not a security issue. Rather that it is by design due to lack of... NOYB NOYB
12:00 AM Bug #2476: SECURITY ISSUE - Plain Text Dynamic DNS Account Password
you can call it anything you want, the reality is it's impossible to store such passwords in a hashed or encrypted ma... Chris Buechler
03:03 AM Feature #2471: null routing of unused address space
I can probably add that flag if a Null route is involved. Let me check
Try now. Seth Mos
02:53 AM Feature #2471: null routing of unused address space
this one works, but it's a bit ugly. the -reject or -blackhole might be nicer.
traceroute and ping loop at the pfs... Hannu Teulahti
12:39 AM Revision d23b53eb: add gateways to config from cmdline
Darren Embry
12:39 AM Revision 3176c043: fix: Call to undefined function error
fix: Call to undefined function ipsec_get_phase1_dst() in /etc/inc/filter.inc on line 3216 Darren Embry
12:39 AM Revision 1b8bf24d: again, string interpolation kinda defeats the purpose of gettext. ;-)
Darren Embry
12:39 AM Revision 005a7049: variable interpolation defeats the purpose of gettext.
Darren Embry
12:39 AM Revision c63e3594: work in progress: set gateway IPs from console
- add --dry-run mode
- prompts for gateway IP address as needed
does not yet do:
- add gateway to config Darren Embry

06/07/2012

11:57 PM Bug #2476: SECURITY ISSUE - Plain Text Dynamic DNS Account Password

You have stated that it is not a security issue. It clearly is. Not doing anything about it does not change that... NOYB NOYB
11:53 PM Bug #2476: SECURITY ISSUE - Plain Text Dynamic DNS Account Password
we have the ability to encrypt backups, that's what you should do. It's impossible to securely encrypt such passwords... Chris Buechler
11:49 PM Bug #2476: SECURITY ISSUE - Plain Text Dynamic DNS Account Password

I did read the link. And it is still a security issues. Lack of interest in resolving it does not change the fac... NOYB NOYB
11:44 PM Bug #2476: SECURITY ISSUE - Plain Text Dynamic DNS Account Password
read the link. There are no alternatives for such passwords. Chris Buechler
11:43 PM Bug #2476: SECURITY ISSUE - Plain Text Dynamic DNS Account Password

Just because it is by design does not mean it is not a security issue. Saving account passwords in plain text is ... NOYB NOYB
11:34 PM Bug #2476 (Rejected): SECURITY ISSUE - Plain Text Dynamic DNS Account Password
by design, not a security issue.
http://doc.pfsense.org/index.php/Why_are_some_passwords_stored_in_plaintext_in_con... Chris Buechler
11:33 PM Bug #2476 (Rejected): SECURITY ISSUE - Plain Text Dynamic DNS Account Password

Dynamic DNS account password is saved as plain text in XML config and backup files.

 NOYB NOYB
09:39 PM Revision 63a202a8: Merge pull request #127 from briantist/patch-1
255 is not a valid skew value. Fixed bug #2012 Scott Ullrich
09:37 PM Revision 648a3ed8: 255 is not a valid skew value. Fixed bug #2012 (http://redmine.pfsense.org/issues/2012)
Brian Scholer
08:34 PM Feature #2413: Allow IPv6 interface configuration from the menu
Okay, you can set gateway IP addresses from the command line now. See config:c63e3594 and config:d23b53eb.
Puntin... Darren Embry
03:13 PM Feature #2413: Allow IPv6 interface configuration from the menu
This is what you will now see:... Darren Embry
02:05 PM Feature #2413: Allow IPv6 interface configuration from the menu
> Note that http://dhcp and http://dhcp6 are not valid, it appears to be almost right.
> http://192.168.2.254:/
>... Darren Embry
01:41 PM Feature #2413: Allow IPv6 interface configuration from the menu
Another new feature for the console menu to clarify console configuration. With the last as it is now, it is hard to ... Seth Mos
01:31 PM Feature #2413: Allow IPv6 interface configuration from the menu
> Tried to set to dhcp6 again, still set to Static IPv6. I think it's not setting the tag.
I'm actually going to j... Darren Embry
01:27 PM Feature #2413: Allow IPv6 interface configuration from the menu
> When configuring interface WAN for dhcp6 it does not set $config['interfaces']['wan']['ipaddrv6'] to dhcp6. Are you... Darren Embry
01:23 PM Feature #2413: Allow IPv6 interface configuration from the menu
> When configuring interface WAN, as dhcp and dhcp6 I get the url http://dhcp/ displayed
Now should be showing IPv6 ... Darren Embry
07:16 PM Revision 0098aa73: show dhcp/dhcp6/static/staticv6 along with descriptions in console
Darren Embry
07:16 PM Revision 6499a7d5: show real interface names
Darren Embry
07:16 PM Revision 3f63e8e2: minor variable name change.
Darren Embry
07:00 PM Revision ee2b3c1f: Merge pull request #126 from marcelloc/patch-21
fix select_source option Scott Ullrich
06:59 PM Revision 1624b5f1: fix select_source option
Marcello Silva Coutinho
06:20 PM Bug #2475 (Resolved): Connection rate limiting does not work for Captive Portal
Using pfSense 2.0.1. Installation of pfSense as a CP at a big exhibition fair failed because the connection rate limi... George Spiliotis
06:03 PM Revision d71371bc: actually display webconfigurator port numbers on console
Darren Embry
05:33 PM Revision bfaafe28: setting $config['interfaces']['wan']['ipaddrv6'] to 'dhcp6' *should* work now.
Darren Embry
05:32 PM Bug #2012: 4th+ CARP member will not work with default automatic skew
Proposed a fix:
https://github.com/bsdperimeter/pfsense/pull/127
This will make the 4th member work, at the very ... Brian Scholer
05:28 PM Revision b3cb233f: now shows ipv6 webConfigurator URLs (#2413)
Darren Embry
04:51 PM Revision 140e4bc6: do #2467 only show GWs from same addr fam oncreate
Darren Embry
04:51 PM Revision a75b0b3b: minor indentation fix
Darren Embry
04:20 PM Revision 9a19c316: While I'm here, don't test these with isset, just test directly, since they will be set to true/false in globals.inc
Jim Pingle
04:14 PM Revision 364e4f74: Provide a way to disable the pkg info link
Jim Pingle
04:13 PM Revision 93888ad9: Provide a way to disable the pkg info link
Jim Pingle
04:12 PM Revision 6afeb202: If radvd is already running, reload, otherwise start one.
Shut down when there are no prefixes to announce Seth Mos
03:48 PM Revision db0d446f: fix for bug #2469 ("WAN -> LAN -> OPT10")
Darren Embry
03:30 PM Bug #2474 (Feedback): Recent changes to pkg_edit code broke select_source
Should be fixed in
commit:1624b5f1e2f6fa8015f24eaa640269c22829fcdb Jim Pingle
11:27 AM Bug #2474 (Resolved): Recent changes to pkg_edit code broke select_source
Something in one of the recent changes to pkg_edit.php has broken select_source.
For example, the interface select... Jim Pingle
01:49 PM Feature #2361: router adv. daemon only allows for one subnet / limited options
We probably want to split them off and keep them tied together.
What Jim and I agreed upon was tabs per interface,... Seth Mos
01:04 PM Bug #2379 (Feedback): When using squid as a proxy server Traphic graph does not show the LAN specific Ip addresses
Which traffic graph? Status > Traffic Graphs?
If so, that's generated by the 'rate' program, and it's somewhat limit... Jim Pingle
12:48 PM Bug #2310: Possible typo - "Optional 11" interface ?
Dim: as I previously stated I believe I fixed this issue, but just to be on the safe side, I'm reassigning to you so ... Darren Embry
11:46 AM Bug #2310 (Assigned): Possible typo - "Optional 11" interface ?
Darren Embry
11:45 AM Bug #2310: Possible typo - "Optional 11" interface ?
I strongly believe this is the same issue as #2469, fixed in commit:db0d446f. Darren Embry
12:45 PM Feature #2467 (Resolved): AJAX enhancement: only show gateways from same address families upon creation
implemented in commit:140e4bc6
 Darren Embry
12:06 PM Revision 838a1ecb: Add better protection for unknown rapriority
Seth Mos
12:05 PM Revision 8ca73e85: Make sure we still start on older configs where the setting is still called mode, and not ramode.
Add a failsafe for the rapriority Seth Mos
12:01 PM Revision dc131dfe: We need to define the default route here, not the advertised prefix.
Seth Mos
11:46 AM Revision 8859c0a6: Correct the syntax, the RemoveRoute needs to end up in route statement
Seth Mos
11:42 AM Bug #2469 (Resolved): Assign interfaces prompt is going WAN -> LAN -> OPT10
fixed in commit:db0d446f
 Darren Embry
11:27 AM Revision 738dfac4: Remove duplicate prefix line
Seth Mos
11:18 AM Revision a99b2b08: Prevent radvd from telling the clients to remove the route to itself.
Seth Mos
11:12 AM Revision 83973bfb: Do not send DeprecatePrefix messages for CARP announcements, it causes clients to purge the CARP default route.
Seth Mos
10:05 AM Revision b5264f22: Sync missing code from interface.inc to newwanip script
Ermal LUÇI
10:00 AM Revision 0d9c5026: Actually do not try to reload everything during bootup since it will be done by bootup code
Ermal LUÇI
09:59 AM Revision ae17d2e9: Actually do not try to reload everything during bootup since it will be done by bootup code
Ermal LUÇI
09:25 AM Revision 76231e63: Bye, bye olsrd back to packages.
Ermal LUÇI
08:51 AM Revision 3e662cb0: Get rid of carpdev, it will never be
Ermal LUÇI
08:36 AM Revision 98aea4c3: Detour through check_reload_status and only when the settings get applied not when the gateway has been changed.
Ermal LUÇI
08:32 AM Revision 7fe30c74: Do not blindly startup check_reload_status check first
Ermal LUÇI
08:27 AM Revision 915089b7: Catch up with multiple events sending. Also do not blindly startup check_reload_status check first
Ermal LUÇI
07:45 AM Revision 30fb0527: Surely this cannot work a fit
Revert "This script update the Dynamic DNS registration when called by apinger if a gateway from a group is down."
T... Ermal LUÇI
07:35 AM Revision 514123f8: Someone needs to ask before breaking stuff like this!
Revert "Eject duplicate script, we already have a script specifically for this."
This reverts commit 56a0c7373ae4cc7... Ermal LUÇI
07:04 AM Feature #1829: CARP with IPv6 support
Confirmed that the latest available snapshot 07-06-2012 17:00 does not have the carp patch. Probably just sheer bad l... Seth Mos
03:48 AM Feature #1829: CARP with IPv6 support
You need a snapshot with a kernel of June 7th or later Seth Mos
03:45 AM Feature #1829: CARP with IPv6 support
if I choose carp int as RA interface, the radvd does not start.... Hannu Teulahti
05:20 AM Todo #2237 (Feedback): Move OLSRD back to a package
This has been moved to pacakges Ermal Luçi

06/06/2012

08:59 PM Revision 2d6f800a: Fix exec bit for usr/local/sbin/openvpn.attributes.sh
Jim Pingle
08:58 PM Revision a1b9105b: Only add openvpn acl script lines if it's a server mode that does user auth
Jim Pingle
06:51 PM Bug #2473 (Rejected): OpenVPN fails to initialize on for either p2p_tls or p2p_shared_key.
Already fixed in git. Jim Pingle
06:47 PM Bug #2473 (Rejected): OpenVPN fails to initialize on for either p2p_tls or p2p_shared_key.
When a P2P mode is selected, OpenVPN fails to start. The logs indicate that the client-connect and client-disconnect... Lott Caskey
06:20 PM Revision 846c7b77: Changeover to the new multiple command pfSctl
Seth Mos
05:21 PM Revision 8275ea28: Reverse the arguments, i got them wrong.
Redmine ticket #1965 Seth Mos
04:11 PM Revision 83d807cb: Trigger dyndns and ipsecdns updates through check_reload_status. IpsecDNS already performs a filter_configure() too.
Redmine ticket #1965 Seth Mos
04:09 PM Revision 56a0c737: Eject duplicate script, we already have a script specifically for this.
Redmine ticket #1965 Seth Mos
03:55 PM Revision b013b81e: This script update the Dynamic DNS registration when called by apinger if a gateway from a group is down.
redmine ticket #1965 Seth Mos
12:26 PM Feature #1965: Support Multiple IPsec Peers
Needs hooks in gateway monitoring.
If a gateway is down we call pfCtl.... Seth Mos
09:22 AM Feature #1829: CARP with IPv6 support
Testing proved that CARP router advertisments work. Excellent. Seth Mos
04:04 AM Feature #1829 (Feedback): CARP with IPv6 support
I've activated the CARP link local patch from Andrew on the 8.3 builds. It appears to work as it should.
I've comm... Seth Mos
08:34 AM Revision 9a933304: When advertising on a CARP vip, pick the CARP ipv6 address as the RDNSS address
Redmine ticket #1829 Seth Mos
08:25 AM Revision e1f6761d: Make sure that both the Carp vip interface and the parent interface are in the list.
Redmine ticket #1829 Seth Mos
08:25 AM Revision 5078cd76: Extra safetynet to prevent duplicate static entries with broken config.xml
Make sure to fil the array that we fill for configured interfaces with the real interface, not just the carp if.
Redm... Seth Mos
08:19 AM Revision 6bee76d5: Make lock files availble to all users for usage from php process
Ermal LUÇI
08:17 AM Revision f26f4fa5: Make lock files availble to all users for usage from php process
Ermal LUÇI
07:22 AM Revision 628306af: Correct upgrade code from report of http://forum.pfsense.org/index.php/topic,50182.0.html
Ermal LUÇI
06:50 AM Revision fe838158: Change the DHCPv6 services page into a RA and DHCPv6 section, move some of the variables.
Add drop down to select carp vip for that interface for CARP advertisements
Allow setting the RA priority.
Redmine ti... Seth Mos

06/05/2012

07:49 PM Revision 52a8cfea: Always use the uppercase description
Seth Mos
07:41 PM Revision 1a69c4d1: Wrong branch
Revert "Import OpenVPN cisco style radius attributes applying policy to logged in users. Feature #2100"
This reverts... Ermal LUÇI
07:40 PM Revision 227a0140: Remove left-over from copy-pasto
Ermal LUÇI
07:39 PM Revision 7056e4ed: Use preg_match instead, we should probably make this a function so we can add proper device detection schemes and a known list of command ports.
That would also allow for resetting the 3g stick when it hangs.
We should consider storing the device and manufacture... Seth Mos
07:39 PM Revision 8574d351: Correct the variable to the modem device output.
Seth Mos
07:38 PM Revision 5b4ee05e: Import OpenVPN cisco style radius attributes applying policy to logged in users. Feature #2100
Ermal LUÇI
07:37 PM Revision 1492e02c: Import OpenVPN cisco style radius attributes applying policy to logged in users. Feature #2100
Ermal LUÇI
07:24 PM Revision 477cc2bc: Import OpenVPN cisco style radius attributes applying policy to logged in users. Feature #2100
Ermal LUÇI
04:59 PM Bug #2405: Lack of traffic shaping queue parent can take firewall down (pass no traffic)
Can you detail how to reproduce this?
The parent is inherited automagically and you do not select it yourself!!!! Ermal Luçi
04:52 PM Feature #1986 (Resolved): Find a way to list logged in IPsec xauth users
We can close this, it's working fine as-is since your last fix and there's no reason not to just code around the othe... Jim Pingle
04:48 PM Feature #1986 (Feedback): Find a way to list logged in IPsec xauth users
For me this is resolved.
Agreed that its easy to skip the non-user tunnels.
If needed be the change to not show the... Ermal Luçi
03:19 PM Todo #2100 (Feedback): Import OpenVPN RADIUS ACL support
Its in 2.1 Ermal Luçi
02:47 PM Revision ae5c8d0e: Make sure the page does match as we trying to match the page to the url path and not the full url
Warren Baker
02:10 PM Bug #2349 (Feedback): vlan(4) needs altq adaption on FreeBSD 8.3++
For 2.1 this is solved in newer snapshots.
During transition to 9 this will be solved in more generic way. Ermal Luçi
06:57 AM Bug #2446: pfSense fails to queue UDP packets
Sorry for the delay, here is the file you asked for. The rule question, I guess, is the first one below the comment
... Torgeir Skjøtskift
05:45 AM Revision fbf0d4d3: Make sure to return the Null route gateways too for looking up a gateway entry
Seth Mos
02:59 AM Feature #2471: null routing of unused address space
applied that change to the other gateway lookup functions as well. Seth Mos
02:49 AM Feature #2471: null routing of unused address space
This fixes the "different address family" problem... Hannu Teulahti

06/04/2012

07:20 PM Bug #2469: Assign interfaces prompt is going WAN -> LAN -> OPT10
Probably the same with http://redmine.pfsense.org/issues/2310 which I submitted a couple of months ago (you may want ... Dim Hatz
07:08 PM Revision 22968348: Revert "Make the ppp-linkup script understand both address families."
This reverts commit 310c29c6a6089f1766ac052572b532e736a2251b. Jim Pingle
06:49 PM Bug #2470 (Resolved): unable to create single address /128 ipv6 route
Chris Buechler
06:41 AM Bug #2470: unable to create single address /128 ipv6 route
Seems to work now. Thank you!
 Hannu Teulahti
05:01 AM Bug #2470 (Feedback): unable to create single address /128 ipv6 route
Fix applied Seth Mos
04:24 AM Bug #2470 (Resolved): unable to create single address /128 ipv6 route
the system_routes_edit.php does not allow /128 for a ipv6 route. the largest mask selectable is 127 bits.
running ... Hannu Teulahti
06:40 PM Feature #2472 (Closed): Option to tie OpenVPN client instance to CARP status
ah I forgot you had already added that Jim. Chris Buechler
07:55 AM Feature #2472: Option to tie OpenVPN client instance to CARP status
To clarify a little: We already do this on 2.0.2 and 2.1, if you bind the client instance to a CARP VIP, it will not ... Jim Pingle
06:32 AM Feature #2472: Option to tie OpenVPN client instance to CARP status
updated with proper description Chris Buechler
05:35 AM Feature #2472 (Closed): Option to tie OpenVPN client instance to CARP status
Currently OpenVPN clients on backup CARP status hosts will still send out packets on that CARP IP, breaking that Open... Rudy Attias
05:48 PM Revision 36b2d82d: Also include gwlb.inc in interfaces.inc
Seth Mos
04:31 PM Bug #2440: Wireless client nic set for DHCP does not start dhclient
Managed to track it down on a 2.0.2 RC. Turns out that the re-configure of a existing link brings the interface down ... Seth Mos
10:44 AM Revision 9847b940: Enhance the gateways status widget. Show Pending when it's not ready yet, show unknown when it really isn't online.
Seth Mos
10:37 AM Revision 603f19f0: Some minor enhancements from renaming the Gathering Data to Pending.
When it doesn't exist in the array it's really unknown. Make that lightblue. show a ~ Seth Mos
10:12 AM Revision 4a67fc61: Use "Pending" instead of gathering data, which is shorter
Seth Mos
09:59 AM Revision 7bfa645c: Fix Typo, although the host might indeed be loca. We'll just keep it local instead.
Seth Mos
08:20 AM Revision 6fdea6a2: Allow for Null routes
Seth Mos
07:48 AM Revision 3d36f9d1: Allow for /128 IPv6 route entries in static routes.
Redmine ticket #2470 Seth Mos
06:37 AM Feature #2471: null routing of unused address space
there is a typo on line 324 gwlb.inc, but I fixed it by hand (locahost instead of localhost).
function return_gate... Hannu Teulahti
05:36 AM Feature #2471 (Feedback): null routing of unused address space
Try now Seth Mos
04:57 AM Feature #2471: null routing of unused address space
We'll add a option for that. Seth Mos
04:54 AM Feature #2471 (Resolved): null routing of unused address space
we have quite a lot of unused ipv4 and ipv6 addresses. we have used to nullroute the large address blocks with our ol... Hannu Teulahti
06:21 AM Revision e90c833a: Always add a link-local of fe80::1:1 when the interface is set to track6. This allows webui access over IPv6 to a easy address.
Make a shortcut in the get_failover_interface() function to get_real_interface() if we find the interface in $config. Seth Mos
05:37 AM Feature #2466 (Feedback): Allow single firewall rules to apply to both IPv4 and IPv6 simultaneously
Seems to work so far, filter.inc code needs to duplicate rules by address families to work for addresses, reply-to an... Seth Mos
12:43 AM Revision 4264284e: Teach rc.initial.ping at least a little bit about ipv6.
Jim Pingle

06/03/2012

11:54 PM Revision 42db9f7b: Change style of this jquery call, the method that was used did not work properly.
Jim Pingle
10:00 PM Revision f2f721e2: Merge pull request #125 from marcelloc/patch-20
Include github changelog link to package version when $g['disablepackage... Jim Pingle
09:57 PM Revision 8b19e1b3: Include github changelog link to package version when $g['disablepackagehistory'] is not set, domtt titles, remove package info column and move package info to description tab
Marcello Silva Coutinho
09:54 PM Revision 16aa29e4: Merge pull request #124 from marcelloc/patch-19
Include github changelog link to package version when $g['disablepackage... Jim Pingle
09:52 PM Revision 36d82968: Include github changelog link to package version when $g['disablepackagehistory'] is not set , domtt titles, remove package info column and move package info to description tab
Marcello Silva Coutinho
07:48 PM Revision c5e53ee6: Unbreak php errors on login form
Jim Pingle
05:39 PM Revision 6a1ff0fe: Merge pull request #120 from ccesario/master
Change jQuery function: attr() to prop() Scott Ullrich
05:29 PM Revision 88dda5ed: Change jQuery function attr() to prop()
Carlos Cesario
02:11 PM Revision e3b14bbe: Include the gateway functions in rc.banner to prevent throwing a error
Seth Mos
11:32 AM Revision 6dbffeda: Add Gateway Group support to the IPsec interface drop down.
Edit of gateway group correctly reflects the new IP Address.
We need to make a blacklist for interface names in the g... Seth Mos
11:00 AM Revision bf001dec: Allow for failover DynDNS hostnames.
replace get_real_interface() calls with get_failover_interface. If it isn't a group we call get_real_interface() anyh... Seth Mos
09:53 AM Bug #2469: Assign interfaces prompt is going WAN -> LAN -> OPT10
Could be related to the changes from Darren who is working on the console menu.
I'll assign to Darren since he is ... Seth Mos

06/02/2012

10:12 PM Bug #2469 (Resolved): Assign interfaces prompt is going WAN -> LAN -> OPT10
After prompting for WAN, then LAN, a current snapshot then asks the user about "Optional 10 interface", instead of "O... Jim Pingle
10:10 PM Bug #2468 (Resolved): Interface does not exist warning during a network interface mismatch
Instead of reporting that a network interface mismatch happened, then proceeding to the assign interfaces prompt, cur... Jim Pingle
07:48 PM Revision 3e1eec58: Allow for selection of a gateway group as a interface to monitor
Redmine ticket #1965 Seth Mos
07:27 PM Revision ab1112da: The gateway groups array now knows about vips to be tied into that gateway group so we can tie the groups into services.
Redmine ticket #1965 Seth Mos
04:50 PM Revision 27a79802: Add a virtual IP field to a interface in the gateway groups edit screen.
Redmine ticket #1965 Seth Mos
02:25 PM Revision 4adf752c: Add statistic functions for the ZTE modems
Seth Mos
02:10 PM Revision 284101d3: Add support for the ZTE modem stats
Should be generic enough for other modems too. Seth Mos
01:18 PM Feature #2467 (Resolved): AJAX enhancement: only show gateways from same address families upon creation
When creating a new gateway group all gateways are showm, both ipv4 and ipv6. Add some ajax glue that will hide the o... Seth Mos
11:38 AM Bug #2038: Some 3G WANs on 2.0.x do not come up on cold boot
Checked in support for the ZTE modem stats.
Should be easier to add new ones now too.
Do note that the ZTE modem will... Seth Mos
11:18 AM Bug #2038: Some 3G WANs on 2.0.x do not come up on cold boot
With includes changes ZTE 3G dongle now comes up correctly.
Rewrote the stats utility to poke at the application p... Seth Mos
10:59 AM Revision 75e89498: Move the SIM Pin and APN settings to the modem setup since we need these only once.
Seth Mos
10:37 AM Revision aa7504e0: Fix the PinReady command not found error.
Add a log command to show where you are dialing to. Seth Mos
10:12 AM Revision 5100c2de: Unbreak tree, add }
Seth Mos
09:49 AM Revision 117f8e6f: We are on FreeBSD 8.3 now
Seth Mos
08:38 AM Feature #2413 (New): Allow IPv6 interface configuration from the menu
OPtion 2 Set interface IP address.
When configuring interface WAN, as dhcp and dhcp6 I get the url http://dhcp/ disp... Seth Mos
08:19 AM Revision 488595df: Escape the shell variable
Seth Mos

06/01/2012

09:34 PM Revision d27a8a3d: Merge pull request #119 from marcelloc/patch-15
include more features to interfaces_selection Scott Ullrich
09:34 PM Revision e14fbca4: include more features to interfaces_selection
<showips>
<showvirtualips>
<showlistenall>
<hideinterfaceregex>
New features will show only with these new options o... Marcello Silva Coutinho
07:51 PM Revision 85a236e9: Fixes #2428. Reference limiters in rules by name to avoid issues. Also put upgrade code for existing configs. The same fix is necessary for 2.0.x though not sure how this should be committed there.
Ermal LUÇI
05:10 PM Bug #2278 (Feedback): IPv6 Carp vip both master on FreeBSD 8.3
Andrew working on this Chris Buechler
03:50 PM Bug #2428 (Feedback): Removing a limiter breaks any references to limiters after it
Applied in changeset commit:85a236e9dd5db87197ed6855995da609bf310bff. Ermal Luçi
02:50 PM Bug #2349: vlan(4) needs altq adaption on FreeBSD 8.3++
Any update on this issue? I haven't tried since it was reported broken.. Its a show stopper for me to update freebsd ... Cino .
12:25 PM Revision 730b6148: Include util.inc and IPv6.inc before config.lib.inc.
Several parts of the config upgrade relay on functions in these. Seth Mos
12:25 PM Revision 4a5fbf61: Make sure we include "util.inc" during config upgrade. We need is_ipaddrv4() during upgrade which is triggered from gwlb.inc
Seth Mos
12:16 PM Revision 06392e40: Fix function call name
Jim Pingle
10:23 AM Bug #1974: Captive Portal RADIUS accounting bytes wrong
Thanks, however the captive portal in the latest snapshots doesn't work, I believe there is a bug open about that: 24... Yuri Keren
06:10 AM Revision 31bdb9e5: Make sure to get the real interface in case we get passed a friendly interface
Redmine ticket #2463 Seth Mos
05:46 AM Revision e02caf4a: Actually save the IPprotocol variable into the config, otherwise it stil won't work.
People will likely need to edit and save their gateways now if they have double entries.
e.g. both manual and automat... Seth Mos
02:59 AM Bug #2463: system_gateways_edit.php rejects correct configurations with dynamic or vpn interfaces
I just checked in more code, and the fix that allows you to actually save the ipprotocol value.
So edit and save t... Seth Mos

05/31/2012

10:51 PM Revision 4473e33c: Merge pull request #116 from marcelloc/patch-14
Show current/updated repo package description instead of local/cached de... Scott Ullrich
10:47 PM Revision e83a9ff7: Show current/updated repo package description instead of local/cached description.
Marcello Silva Coutinho
09:50 PM Revision 53fde3ce: Merge pull request #115 from marcelloc/patch-13
new pkg_edit.php code with revised functions, no 0-99 loop on row_helper... Scott Ullrich
09:49 PM Revision 55c846c4: new pkg_edit.php code with revised functions, no 0-99 loop on row_helper, movable rows, tootip with domtt.
new field types button, info as well combinefileds working and colspan2 on nodisplaname option.
jquery code improved ... Marcello Silva Coutinho
06:34 PM Revision d4d5f7b4: Rename old RRD quality database to the new GW name so we continue the graph.
Seth Mos
06:09 PM Bug #2458: Pfsense not registering DNS servers found by PPP
ThorstenK code, posted in forum, works flawlessly for me (I use IPv4 only) Vladimir Suhhanov
02:24 AM Bug #2458: Pfsense not registering DNS servers found by PPP
2.1-BETA0 (i386)
built on Wed May 30 19:35:31 EDT 2012
FreeBSD 8.3-RELEASE-p2
The script IS NOT working for me... Vladimir Suhhanov
06:08 PM Revision 05a4cebd: Add a inet46 filter type on the firewall rules page. I have locked down a few of the most common limitations.
Still arguing if we should lock this down even further to aliases only.
Redmine ticket #2466 Seth Mos
05:41 PM Bug #2373 (Resolved): There were error(s) loading the rules... (Floating rules bug)
Ermal Luçi
05:37 PM Feature #2436: Enhance the restore section of the Backup/Restore section
If you want to make a new ticket for the memory issue I guess you can do that. :-) Darren Embry
05:36 PM Feature #2436: Enhance the restore section of the Backup/Restore section
Should I still look into the memory issue? My understanding is some of that XML parsing code we've been using has bi... Darren Embry
03:32 PM Feature #2436 (Resolved): Enhance the restore section of the Backup/Restore section
Seth Mos
03:28 PM Feature #2436: Enhance the restore section of the Backup/Restore section
I can confirm that restoring an entire RRD file from a i386 onto a amd64 works as expected. Great work!
I must have ... Seth Mos
03:25 PM Feature #2436 (Assigned): Enhance the restore section of the Backup/Restore section
When trying to restore just the RRD section on a current 31-5-2012 snapshots I get the following error.... Seth Mos
05:02 PM Bug #2465 (Closed): Values reported by 'ipfw table 1 entrystats' reports a much higher value of transfered bytes, 6-7 times more
Duplicate of #1974 Ermal Luçi
11:03 AM Bug #2465 (Closed): Values reported by 'ipfw table 1 entrystats' reports a much higher value of transfered bytes, 6-7 times more
Thus the radius reported bytes-in / bytes-out values are incorrect which leads to incorrect traffic stats recorded fo... Yuri Keren
05:01 PM Bug #1974: Captive Portal RADIUS accounting bytes wrong
This has been fixed on latest snapshots.
Please try those. Ermal Luçi
04:28 PM Revision c1d36d26: Finally give in and sprout a Internet Protocol drop down on the gateways edit screen.
With added validation and multiple detection parts to work when the value is not set yet.
Redmine ticket #2463 Seth Mos
03:20 PM Feature #2466 (Resolved): Allow single firewall rules to apply to both IPv4 and IPv6 simultaneously
I've added code that allows for setting a firewall rule to IPv4+IPv6
Limitations:
- only allows tcp/udp and icmp
... Seth Mos
01:42 PM Bug #2463 (Feedback): system_gateways_edit.php rejects correct configurations with dynamic or vpn interfaces
Code checked in, I finally gave in and added a drop down for the internet protocol. There is just too much that could... Seth Mos
05:04 AM Bug #2463: system_gateways_edit.php rejects correct configurations with dynamic or vpn interfaces
Confirmed Seth Mos

05/30/2012

08:51 PM Revision 88165371: Do not allow empty passwords since this might cause problems for some authentication servers like ldap. Fixes #2326
Ermal LUÇI
08:50 PM Revision d427980c: Do not allow empty passwords since this might cause problems for some authentication servers like ldap. Fixes #2326
Ermal LUÇI
08:15 PM Revision a5011585: Rather than doig a string search do a proper matching of selected interfaces. Fixes #2378
Ermal LUÇI
08:14 PM Revision 17103056: Rather than doig a string search do a proper matching of selected interfaces. Fixes #2378
Ermal LUÇI
07:59 PM Revision 4dc04853: Clarify comment. Fixes #2270
Ermal LUÇI
07:58 PM Revision 03bbddae: Clarify comment. Fixes #2270
Ermal LUÇI
05:10 PM Revision 46ca7f3d: Fix copy/paste-o
Jim Pingle
05:10 PM Revision 18172eca: Fix copy/paste-o
Jim Pingle
04:59 PM Revision f56a60e7: Fix input validation and import test.
Jim Pingle
04:59 PM Revision 58168f4e: Fix input validation and import test.
Jim Pingle
04:59 PM Bug #2437 (Resolved): PHP missing bcmath (that was solved for pfSense 2.0 two years ago, re-discovered in the latest pfSense 2.1)
Chris Buechler
03:14 PM Bug #2437: PHP missing bcmath (that was solved for pfSense 2.0 two years ago, re-discovered in the latest pfSense 2.1)
Running bcmod() works now.
Thanks. Yuri Keren
04:50 PM Bug #2326 (Feedback): Erroneous successful webGUI authentication with blank password and AD authentication backend
Applied in changeset commit:88165371efbc79fdc0194de26814eacca68d2a5c. Ermal Luçi
04:47 PM Revision bb39c283: Switch to ntpd from ports, add Services > NTP to select interfaces for binding. Respect old ntp settings in the process.
Conflicts:
etc/inc/system.inc
usr/local/www/fbegin.inc Jim Pingle
04:44 PM Revision cf180ccc: Switch to ntpd from ports, add Services > NTP to select interfaces for binding. Respect old ntp settings in the process.
Jim Pingle
04:36 PM Bug #2446: pfSense fails to queue UDP packets
Please put the file on /tmp/rules.debug after anonymizing addresses here to verify what you say. Ermal Luçi
04:29 PM Bug #1931 (Closed): Status: Captive portal: Test Vouchers tab summary issue
Its by design that you will not be granted access to the portal if you submitted multiple vouchers and one of them is... Ermal Luçi
04:10 PM Bug #2378 (Feedback): Captive portal selects additional interfaces where it shouldn't
Applied in changeset commit:1710305617db80cde51a961077c3d18959c238d3. Ermal Luçi
04:00 PM Bug #2270 (Feedback): CP - default value of "Maximum concurrent connections per client IP address"
Applied in changeset commit:4dc04853f4588043bd39a6e304cbb33388937744. Ermal Luçi
03:03 PM Bug #1974: Captive Portal RADIUS accounting bytes wrong
Does not seem like the fix is working.
I am running pfSense 2.1 built on April 24 and the reported bytes-in and by... Yuri Keren
02:17 PM Revision 829fd8c1: Don't display a "mobile" user without a username.
Jim Pingle
02:09 PM Revision 0551a524: Bump to 2.1-BETA0, let the fun begin.
Jim Pingle
02:08 PM Revision db2243e7: Bump to 2.0.2-RC2 after FreeBSD-SA-12:01 v1.1 and FreeBSD-SA-12:02
Jim Pingle
02:02 PM Revision 52ec5df8: Don't display a "mobile" user without a username.
Jim Pingle
01:39 PM Revision 13fc6fb9: Fix filename (Ticket #2459)
Jim Pingle
01:19 PM Revision fec04267: Disable autocomplete on all but the login form. Fixes #2459
Jim Pingle
12:56 PM Bug #2464: The traffic graph permission does not allow a user to load the graph.
Please use the forum to discuss such issues. If you need to start a new ticket for a new issue, that's fine, but this... Jim Pingle
12:48 PM Bug #2464: The traffic graph permission does not allow a user to load the graph.
Actually this is becoming more complicated than I hoped. I gave the user the permission you mentioned, and now graph.... Jeff Shaw
12:13 PM Bug #2464: The traffic graph permission does not allow a user to load the graph.
I would like to reopen this as a feature request, then, that Status: Traffic Graph implies Diagnostics: Interface Tra... Jeff Shaw
11:10 AM Bug #2464 (Closed): The traffic graph permission does not allow a user to load the graph.
You also need to assign the permission for graph.php (the actual graph), which is "Diagnostics: Interface Traffic pag... Jim Pingle
11:06 AM Bug #2464 (Closed): The traffic graph permission does not allow a user to load the graph.
I wanted a user to be allowed to view the traffic graph, so I created a user for her, and assigned her only the permi... Jeff Shaw
12:33 PM Revision 69b6c2b5: Skip a few pieces of code earlier. Perform file test on dhcpd logs.
Seth Mos
12:17 PM Revision 8dfb0c00: Add a few micro optimizations, bail out when the file does not exist.
Seth Mos
10:08 AM Feature #1361: DNSMasq, source interface and IPSec VPNs
Sorry a beginner at this. The patch file was the wrong way around. Hugh Blandford
10:03 AM Feature #1361: DNSMasq, source interface and IPSec VPNs
Sorry this update has taken so long. I have checked the file still applies and added the capability to handle the _m... Hugh Blandford
09:20 AM Bug #2459 (Feedback): Adding autocomplete=off in the webGUI forms
Applied in changeset commit:fec04267ea5303333839a45149e3cc2edc8250ff. Jim Pingle
07:50 AM Feature #1986: Find a way to list logged in IPsec xauth users
After the last commit, racoon no longer crashes, but now it's listing all tunnels in the 'show-users' output, but non... Jim Pingle
05:19 AM Bug #2373: There were error(s) loading the rules... (Floating rules bug)
For my current configuration and settings issue is fixed. Vladimir Suhhanov

05/29/2012

09:46 PM Revision b0115477: Fix a couple misdirected form submissions
Jim Pingle
08:02 PM Bug #2459: Adding autocomplete=off in the webGUI forms
Apparently you can do this in jQuery by sticking one line in the file somewhere:... Jim Pingle
09:39 AM Bug #2459 (Resolved): Adding autocomplete=off in the webGUI forms
Doing a diff between config.xml versions, I noticed that my pfsense's password was stored in plaintext format in
<pr... Dim Hatz
07:57 PM Feature #1241 (Resolved): Custom Dynamic DNS
thanks Chris Buechler
07:53 PM Feature #1241: Custom Dynamic DNS
This was merged, and can be closed. Matt Corallo
07:56 PM Feature #336: Option to create lagg under assign interfaces
*+1* This is important to me. Although, right now I am about to try and figure out how to do it manually since I need... Ted Lum
07:52 PM Bug #2463 (Resolved): system_gateways_edit.php rejects correct configurations with dynamic or vpn interfaces
eg. Gateway of dynamic makes the "Monitor IP" setting reject everything as having a "different Address Family"
Addit... Matt Corallo
05:25 PM Revision 0350b814: Up the default for tables to 3000
Jim Pingle
05:24 PM Revision 4e2f4c18: Up the default for tables to 3000
Jim Pingle
03:11 PM Feature #2462 (Resolved): New 3G (PPP) provider
pfSense currently doesn't include the 3G provider I'm using. Here's the provider's data:
Country: Slovenia
Provid... Jernej Simončič
02:52 PM Revision d57f6f21: Add a knob to tune the maximum number of tables that can be defined, the pf default of 1000 is too low for systems with >500 aliases.
Jim Pingle
02:51 PM Revision 84aea606: Add a knob to tune the maximum number of tables that can be defined, the pf default of 1000 is too low for systems with >500 aliases.
Conflicts:
etc/inc/filter.inc Jim Pingle

05/28/2012

08:34 PM Bug #2458: Pfsense not registering DNS servers found by PPP
Using snap built on Mon May 28 10:16:21 EDT 2012 I cannot reproduce the log from using the ppp-linkup (Revision 70317... royden yates
04:14 PM Bug #2458: Pfsense not registering DNS servers found by PPP
My comment may be invalid as I have a different response from snap 2.1-DEVELOPMENT (i386)
built on Mon May 28 10:16... royden yates
03:32 PM Bug #2458: Pfsense not registering DNS servers found by PPP
My modem is a Huawei LTE e398
The modified ppp-linkup script fails for me and results in the modem being unrespon... royden yates
10:09 AM Bug #2458 (Feedback): Pfsense not registering DNS servers found by PPP
I committed a fixed ppp-linkup script. It looks like what used to be 2 different variables is now a single variable.
... Seth Mos
09:33 AM Bug #2458 (Resolved): Pfsense not registering DNS servers found by PPP
2.1-DEVELOPMENT (i386) - built May 27 05:31:49 EDT 2012 on i386
If system general DNS settings are left empty no d... royden yates
05:54 PM Revision 30b9b160: Add missing div tag
Jim Pingle
05:53 PM Revision 454ea767: Add missing div tag
Jim Pingle
03:35 PM Bug #2038 (New): Some 3G WANs on 2.0.x do not come up on cold boot
The ZTE MF190 I have here doesn't like pfSense at all. Although the /dev/cuaU0.2 responds to AT and is willing to wor... Seth Mos
03:02 PM Bug #2455 (Resolved): IPSec Phase 2 settings GUI doesn't take into account AH vs ESP selection properly
Chris Buechler
10:18 AM Bug #2455: IPSec Phase 2 settings GUI doesn't take into account AH vs ESP selection properly
Yep, the GUI bug seems to be fixed.
I can even get an AH tunnel up (but so far no traffic goes through it, but if it... Ronald Antony
12:55 PM Revision 703173f2: Update the link script to parse the arguments 6 and 7 differently.
Previously mpd supplied the dns1 string as $6 and the IP as $7. It is now a single argument $6.
Apparently this chang... Seth Mos
10:14 AM Bug #2415: Fallout from CARP vip interface names changes
It's supposed to be selectable there for IP Alias type VIPs, so they can ride on top of the carp interface. (As a mea... Jim Pingle
10:12 AM Bug #2415 (Feedback): Fallout from CARP vip interface names changes
Changes have been committed but I still see Carp vips showing up in different places.
E.g. Add a carp vip on the v... Seth Mos
08:48 AM Bug #2377: Captive portal fails on empty RADIUS password
Why do you need an empty pass? Ermal Luçi
08:30 AM Bug #2440: Wireless client nic set for DHCP does not start dhclient
Cold boot on the alix with 2.0.2 RC1 works. However, the moment the link goes down it enters the up down cycle simila... Seth Mos
08:28 AM Bug #2450 (Resolved): Unable to use a ports alias on a firewall rule.
Through some miracle the alias type was not set in the config.
[2] => Array
(
... Seth Mos

05/27/2012

08:11 AM Revision 8fe0f2d3: Do not add link-local address on carp interface manually. It causes them to go double master.
Redmine ticket #2278 Seth Mos

05/26/2012

04:59 PM Feature #1986: Find a way to list logged in IPsec xauth users
A bit better info now, the i386/amd64 bit was a red herring, it can crash on both. They key factor is that you have t... Jim Pingle
12:50 PM Feature #1986 (New): Find a way to list logged in IPsec xauth users
Ermal - running the show-users command with no users connected seems to crash racoon with no logged error, just a cor... Jim Pingle
01:10 PM Bug #2455: IPSec Phase 2 settings GUI doesn't take into account AH vs ESP selection properly
I'll check it out as soon as a snapshot is live that incorporates the change... Ronald Antony
08:41 AM Bug #2455 (Feedback): IPSec Phase 2 settings GUI doesn't take into account AH vs ESP selection properly
Should be ok now, could you test again ?
Thanks.
Pierre Pierre POMES
08:19 AM Bug #2455 (Assigned): IPSec Phase 2 settings GUI doesn't take into account AH vs ESP selection properly
Pierre POMES
12:43 PM Revision b20a5cdb: Ticket #2455: do not check encryption algo for AH protocol
Pierre POMES
10:44 AM Bug #1629: invalid state table entries after WAN IP change
Same deal, 2.0.1-RELEASE and this happens every so often, but not on every IP change. I can delete the 2 state entri... Akom Benevolent
08:06 AM Revision 730c6494: do a direct return, it will not find the PinReady command
Seth Mos
07:54 AM Revision f94eb529: Adjust the +CPIN? cmd so it works for huawei 3G sticks too
Seth Mos
07:28 AM Revision 2f8782fe: More validation for ejecting CDrom devices for 3G sticks, needs extra manufacturers. Less typos in variable names also helps a lot.
Seth Mos
07:24 AM Revision 17d656fc: Only attempt to remove stale LCK files if they exist.
Seth Mos
03:20 AM pfSense Packages Bug #2457 (Resolved): Lightsquid 1.8.2 pkg v.2.32 logpath is wrong in lightsquid.cfg
In my pfSense router:
2.1-DEVELOPMENT (amd64)
built on Mon May 14 10:01:41 EDT 2012
FreeBSD 8.3-RELEASE-p1
... Gabriel Paniagua Castro

05/25/2012

10:32 PM Feature #2456 (Resolved): Option to choose default tab in IPsec status Dashboard widget
There are two things that would massively increase the usefulness of that widget:
a) remember or allow to be confi... Ronald Antony
08:42 PM Revision 6e0b68bf: List logged-in IPsec xauth users and provide a mechanism to disconnect them. Implements #1986
Jim Pingle
08:36 PM Revision bf3da811: List logged-in IPsec xauth users and provide a mechanism to disconnect them. Implements #1986
Conflicts:
usr/local/www/diag_ipsec.php Jim Pingle
08:01 PM Revision 2e9b8f61: Merge pull request #114 from marcelloc/patch-12
drag and drop function to reorder lists on pkg framework using jquery. Scott Ullrich
08:00 PM Revision 05a42cce: drag and drop function to reorder lists on pkg framework using jquery.
also new features like base64,description, tooltip custom texts.
tested with sorting features too.
related post on fo... Marcello Silva Coutinho
07:59 PM Bug #2373: There were error(s) loading the rules... (Floating rules bug)
Thanks Jim, sorry I was a bit frustrated - not with you guys, with myself for not testing the build before running it... Mark Uhde
11:15 AM Bug #2373: There were error(s) loading the rules... (Floating rules bug)
OK, iff there are PPTP issues, that would be a new/separate ticket. Try to confirm with others on the forum first. Th... Jim Pingle
10:52 AM Bug #2373: There were error(s) loading the rules... (Floating rules bug)
At least I have no annoying error messages anymore and looks like shaping is working, but i need more time to test it... Vladimir Suhhanov
05:38 AM Bug #2373: There were error(s) loading the rules... (Floating rules bug)
This bug appears fixed Ermal, BUT the changes seem to have broken the PPTP server *and* traffic shaping still doesn't... Mark Uhde
07:16 PM Revision 88810240: Allow for atleast 15 seconds before considering it a timeout, 60 would mean try once, since it would immediately hit the 60 second timeout
Seth Mos
07:16 PM Revision 13ea7caa: Make sure that we only perform validation if the GW name is filled as well as a IP address
Seth Mos
06:18 PM Revision 020ba5fe: Clarify the error message to something useful
Seth Mos
05:12 PM Bug #2440 (New): Wireless client nic set for DHCP does not start dhclient
Ok, this is definitely not fixed, I can't make sense of it. Deferring. Seth Mos
04:40 PM Feature #1986: Find a way to list logged in IPsec xauth users
Applied in changeset commit:6e0b68bfdea29b2943b6f104373f43cc56537bd8. Jim Pingle
04:33 PM Bug #2455 (Resolved): IPSec Phase 2 settings GUI doesn't take into account AH vs ESP selection properly
On the VPN:IPsec:Edit Phase 2 page there is the section Phase 2 proposal (SA/Key Exchange)
If under Protocol ESP i... Ronald Antony
04:14 PM Revision 31f0ef21: Switch to a common function to determine anti-lockout ports, and fix a bug that was getting the ports wrong with custom https+redirect on.
Jim Pingle
04:13 PM Revision 55cfe813: Switch to a common function to determine anti-lockout ports, and fix a bug that was getting the ports wrong with custom https+redirect on.
Jim Pingle
02:39 PM Bug #2349: vlan(4) needs altq adaption on FreeBSD 8.3++
Now that the traffic shaper itself is fixed, this is the bug I run up against, LOL. Thanks for your hard work Ermal! ... Mark Uhde
10:11 AM Revision ac10faad: Ensure there is a '.' between hostname and domain. Partially fixes #2454
Warren Baker
06:10 AM Bug #2454 (Feedback): Captive portal return wrong authentication URL
Applied in changeset commit:ac10faad42081ccfe48a37aa9814bc4684ffb701. Warren Baker
05:45 AM Bug #2454 (Resolved): Captive portal return wrong authentication URL
Since the last update "Built On: Sun May 13 02:42:10 EDT 2012" our captive portal doesn't work anymore.
The redir... Mathieu Déom
12:07 AM Bug #2452 (Rejected): Reject type rules only allowed for TCP
not a bug, and this isn't a place to ask questions, please post to the forum or mailing list. Chris Buechler

05/24/2012

10:23 PM Revision 1b9aff45: Merge pull request #113 from vizvayu/load_average
Added load average information to System Information widget Jim Pingle
09:56 PM Revision 2bae7ce3: Removed extra line :)
Cristian Feldman
09:52 PM Revision 25a46a3c: Added load average information to the System Information widget
Cristian Feldman
08:37 PM Revision 29c70782: Don't resolve on ipsec_get_phase1_dst() results, because ipsec_get_phase1_dst() already does that before returning output.
Conflicts:
etc/inc/ipsec.inc Jim Pingle
08:36 PM Revision fd97f40c: Test for empty here, rather than !, so a blank value (as from mobile clients) doesn't fall to the other tests.
Jim Pingle
08:35 PM Revision a55be495: Don't do resolve_retry on ipsec_get_phase1_dst() results, because ipsec_get_phase1_dst() already does that before returning output.
Jim Pingle
08:33 PM Revision a6222c03: Test for empty here, rather than !, so a blank value (as from mobile clients) doesn't fall to the other tests.
Jim Pingle
01:47 PM Feature #2453 (Resolved): [ER] allow renaming of network interfaces without enabling them
In Interfaces>(assign) you can create a new interface. The first one is WAN, the second is LAN, and then it starts wi... Ronald Antony
11:15 AM Bug #2012: 4th+ CARP member will not work with default automatic skew
Additional information:
http://forum.pfsense.org/index.php/topic,49745.0.html
 Brian Scholer
11:11 AM Bug #2451: IPv6 rule: 'add network' becomes 'add single host'
block return in quick on $WIRED inet6 from any to 2a00:1450:: label "USER_RULE: TmpReject YouTube" Charles Orus
07:39 AM Bug #2451: IPv6 rule: 'add network' becomes 'add single host'
can you include what ends up in the /tmp/rules.debug? Seth Mos
07:13 AM Bug #2451 (Resolved): IPv6 rule: 'add network' becomes 'add single host'
I tried to add a reject rule for a range of IPv6 addresses:
"Reject TCP IPv6 to type network 2a00:1450:: CIDR ... Charles Orus
09:50 AM Bug #2446: pfSense fails to queue UDP packets
Also note, as I wrote in the original post, that ICMP echo request packets are correctly assigned to the queue for sp... Torgeir Skjøtskift
09:46 AM Bug #2446: pfSense fails to queue UDP packets
PBX is an alias consisting of two public IP addresses belonging to a public IP subnet defined on the interface opt1 a... Torgeir Skjøtskift
07:29 AM Revision 310ce280: Merge pull request #2 from TheBlueMatt/master
Custom Dynamic DNS Ermal LUÇI
07:20 AM Feature #1477: IGMPPROXY spamming the main systemlog
It's igmpproxy doing it. I get it too. As a workaround for myself I have just added igmpproxy to syslog and yes I agr... Charles Orus
07:17 AM Bug #2452 (Rejected): Reject type rules only allowed for TCP
I am sorry if I report intended behaviour. But I don't understand why rules of type reject only are allowed with TCP.... Charles Orus
02:25 AM Bug #2450: Unable to use a ports alias on a firewall rule.
Note that a existing rule on a different interface with the same alias actually works and is successfully expanded.
... Seth Mos
02:24 AM Bug #2450 (Resolved): Unable to use a ports alias on a firewall rule.
The following input errors were detected:
mngtports is not a valid start destination port. It must be a port a... Seth Mos
02:23 AM Bug #2440: Wireless client nic set for DHCP does not start dhclient
I performed more devd.conf changes, the media type is not recognized so I made it act on the _wlan subsystem now.
I ... Seth Mos

05/23/2012

11:01 PM Revision e820da2a: Fix reference updating for when more than one carp vip exists. Skip the upgrade code if no carp vip defined. Ticket #2445
Erik Fonnesbeck
10:16 PM Revision 79f4bb0b: Disable logging for now since it will spam every 60secs * #users * #zones
Ermal LUÇI
10:14 PM Revision 90d4bccd: Disable logging for now since it will spam every 60secs * #users
Ermal LUÇI
09:49 PM Revision 879f7db7: Add missing declaration for global variable $g where it is used.
Erik Fonnesbeck
09:11 PM Revision 12766374: Fix name of the config section for virtual IPs in upgrade code. Ticket #2445
Erik Fonnesbeck
09:11 PM Revision d39a2fc6: Check the surrounding characters to not allow partial matches. Ticket #2445
Erik Fonnesbeck
08:35 PM Revision fe47f1f2: Revert "Rather do a fix by going through vips in reverse order"
This reverts commit d996dfeab2ec40cf3fb44b51811333b40ed5073f. Erik Fonnesbeck
08:26 PM Revision d01de40f: Fix easyrule duplicate destination for pass - Fixes #2447
Jim Pingle
07:48 PM Revision db461915: Don't skip "lan" as a possible WAN for shaper, since someone could have renamed/repurposed it. Someone may shoot themselves in the foot if they pick it accidentally, but otherwise some valid configs may be prevented accidentally.
Jim Pingle
07:47 PM Revision bd4c21fe: Don't skip "lan" as a possible WAN for shaper, since someone could have renamed/repurposed it. Someone may shoot themselves in the foot if they pick it accidentally, but otherwise some valid configs may be prevented accidentally.
Jim Pingle
07:26 PM Revision c714a1af: Fixes #2364. On busy pppoe servers it might take some time before mpd exits. Check for this before trying to restart
Ermal LUÇI
07:25 PM Revision 062676f8: Fixes #2364. On busy pppoe servers it might take some time before mpd exits. Check for this before trying to restart
Ermal LUÇI
06:56 PM Revision fbda07b9: Do this only for carp type vips
Ermal LUÇI
06:55 PM Revision d996dfea: Rather do a fix by going through vips in reverse order
Ermal LUÇI
06:54 PM Revision 909b0a91: Reflect naming changes, work around broken media type for wireless
Seth Mos
06:49 PM Revision e27d337d: Since this is an interface to avoid issues arising from vip1 and vip11 existing and replacing vip1 will replace even vip11, put on the regex <(starting close tag).
Ermal LUÇI
06:25 PM Revision b45d6db6: Round off the values.
Seth Mos
06:08 PM Revision 5e13bc84: Convert the Bytes per Second into kilobits per second like the status page says
Seth Mos
05:35 PM Revision 6805d2d2: Fixes #2209. Obey the mtu value set on the interfaces.php page. Though this value will be overwritten if there is a configuration under PPP settings tab. Maybe a good idea is to set MRU at the same value if not set?
Ermal LUÇI
05:33 PM Revision e39b6feb: Fixes #2209. Obey the mtu value set on the interfaces.php page. Though this value will be overwritten if there is a configuration under PPP settings tab. Maybe a good idea is to set MRU at the same value if not set?
Ermal LUÇI
05:16 PM Feature #1986 (Feedback): Find a way to list logged in IPsec xauth users
This mostly works.
Just destination which is the system itself needs some more fixes, though its useable. Ermal Luçi
05:01 PM Feature #1965: Support Multiple IPsec Peers
we currently already have rc.newipsecdns which does purging and reloading of tunnels. You can pass the function the o... Seth Mos
04:36 PM Revision 323954b1: Unset the IP protocol tag while processing this array. This prevents a log message
Seth Mos
04:30 PM Bug #2447 (Feedback): Duplicated destination IPs in easy rule.
Applied in changeset commit:d01de40fa6d6a05e03351f0ccd83c64f82a4a2e5. Jim Pingle
04:00 PM Revision e313da37: Be a bit smarter about the stats interface for the huawei cards. Some of the K series have the stats on 0.2, the E series on 0.3
Some of the older E series only have 0.2 too. The new K3770 I got today is too new. Seth Mos
03:35 PM Revision b22fc825: Move vip upgrade code to be later, since it was backed out of 2.0.x it no longer needs to be so early, and otherwise there can be some breakage/fallout. Ticket #2445
Jim Pingle
03:31 PM Bug #1874: Captive Portal Login dies on empty input
I am sorry but you can use no authentication for empty passwords.
It works as its expected. Ermal Luçi
03:30 PM Bug #2364 (Feedback): PPPoE Server doesn't restart correctly
Applied in changeset commit:062676f880878f788315991de861a71ccb86a478. Ermal Luçi
03:29 PM Revision 617244c7: Ooops use correct name for vips
Ermal LUÇI
03:14 PM Revision d23e157a: Add more functions and expand the 3G status interfaces screen.
List the SIM state, service, speeds and mode Seth Mos
03:12 PM Revision 35b71459: Oops this should be sed and not sh. Fixes #2445
Ermal LUÇI
03:12 PM Bug #2446: pfSense fails to queue UDP packets
I wonder if you are not being bitten by the order of events happening.
If PBX has internal LAN addresses than this r... Ermal Luçi
03:24 AM Bug #2446: pfSense fails to queue UDP packets
Sorry about that, her it is, properly unformatted:... Torgeir Skjøtskift
03:24 AM Bug #2446: pfSense fails to queue UDP packets
yes, the config for the rule in question is:
<rule>
<id/>
- <type>pass</type>
- <interface>opt1</inte... Torgeir Skjøtskift
03:08 PM Bug #2423 (Closed): OpenNTPD seems to fail over time and can cause unintended clock skew.
We switched to ntp.org's ntpd so this is no longer of concern.
 Jim Pingle
02:24 PM Revision 7e631290: clean up old lock files for modem ports if a stale is left behind
Seth Mos
02:19 PM pfSense Packages Bug #2449 (Closed): Console "Filesystem is full" on NanoBSD version
I just updated a NanoBSD install and it's fine, /tmp is at 0% used. GUI login is OK.
I'd have to guess that squid ... Jim Pingle
12:56 PM pfSense Packages Bug #2449: Console "Filesystem is full" on NanoBSD version
Apologies for not giving more information Jim. Let me tell you what ive done:
1. I am currently running a build fr... Warren Bird
12:13 PM pfSense Packages Bug #2449 (Feedback): Console "Filesystem is full" on NanoBSD version
Not nearly enough information here - specifically we need to know at least what size nanobsd image you're running and... Jim Pingle
12:04 PM pfSense Packages Bug #2449 (Closed): Console "Filesystem is full" on NanoBSD version
Tried to upgrade the NanoBSD embedded version and now getting an error on console saying /tmp write failed: Filesyste... Warren Bird
02:15 PM Bug #2373 (Feedback): There were error(s) loading the rules... (Floating rules bug)
With new snapshots this should be resolved.
Issue was patch missing on 8.3 snaps Ermal Luçi
01:30 PM Bug #2209 (Feedback): PPPoE MTU is not correctly set from values on interfaces.php
Applied in changeset commit:6805d2d25f75ccb6d9b1da3814ba2244b3e3107e. Ermal Luçi
12:59 PM Revision bf58398c: Specify correct attribute where to read the setting from.
Ermal LUÇI
12:58 PM Revision 8e53abfa: If specified use the default settings for bw limitation rather than 0
Ermal LUÇI
12:57 PM Revision c5b0298f: If specified use the default settings for bw limitation rather than 0
Ermal LUÇI
12:55 PM Revision 64053339: Prevent 2 instances of rc.prunecaptiveportal from running in parallell since this might be a bad thing
Ermal LUÇI
12:53 PM Revision 3807002c: Prevent 2 instances of rc.prunecaptiveportal from running in parallell since this might be a bad thing
Ermal LUÇI
12:30 PM Bug #2012: 4th+ CARP member will not work with default automatic skew
I am using it for HAProxy in a virtualized environment where we have two sites which are part of the same vCenter (we... Brian Scholer
11:45 AM Bug #2012: 4th+ CARP member will not work with default automatic skew
I am unsure why you'd want more than 3 members! Ermal Luçi
11:25 AM Revision d535507a: Add more fields to the 3g stats
Seth Mos
11:10 AM Bug #2445 (Feedback): Carp vip renaming broken IPsec VPN tunnels that reference carp interfaces.
Applied in changeset commit:35b714597c8947376b350681c361b38e2569747a. Ermal Luçi
11:04 AM Bug #2445: Carp vip renaming broken IPsec VPN tunnels that reference carp interfaces.
This is the upgrade code existing there.
Normally the section with s///g should have taken care of that.
Probably y... Ermal Luçi
10:50 AM Revision 739808f7: Make file names match to make this work. Also use zone name in the file to not mix things
Ermal LUÇI
10:48 AM Revision 6b517c76: Make file names match to make this work
Ermal LUÇI
10:15 AM Revision 99f95f7d: Add the 3G mode display, really needs a function that translates these into sane display numbers for strength and mode.
The mode is actually a combination of LED color 4 = blue(idle), 5 = cyan(connected), and submode 7 = HSDPA
I need to ... Seth Mos
09:47 AM Revision fe7fef64: Fix command, remove spurious '
Seth Mos
09:41 AM Revision 7efe5ac5: Initialize the statistics, also parse on MODE messages
Seth Mos
09:35 AM Revision d1796d06: Kill the old 3gstats collector. Clarify the log message
Seth Mos
08:53 AM Revision 71f4a2b7: Unbreak adding IPv6 static routes
Seth Mos
08:00 AM Bug #2038: Some 3G WANs on 2.0.x do not come up on cold boot
Chapter 7.5 of the "HUAWEI UMTS Datacard Modem AT Command Interface Specification" lists the ^MODE messages to determ... Seth Mos
07:21 AM Revision 73ce6909: Make sure to bail the stats script if we can not open the modem device.
Seth Mos

05/22/2012

09:58 PM Revision 6bb73ce6: Remove dead code.
Matt Corallo
09:58 PM Revision fffbfef0: Fix DynDNS issue introduced by f3b2b2a (_dnsIP was not set).
Matt Corallo
09:58 PM Revision 37f3e704: Add the option to use a custom Dynamic DNS Provider via an Update URL and Result Match.
Matt Corallo
09:39 PM pfSense Packages Bug #2448 (Rejected): Snort pfPort is breaking a full package builder run
may just be bad timing/false alarm... will open if I can reproduce it again. Jim Pingle
09:36 PM pfSense Packages Bug #2448 (Rejected): Snort pfPort is breaking a full package builder run
Packages are not being built on the nightly run properly because snort is causing the build to fail.
Observe:
<pr... Jim Pingle
09:00 PM Revision 6bab92aa: Oops add forgotten global for config
Ermal LUÇI
08:59 PM Revision aec0f2fd: If extra bw attributes are supplied during reauthentication apply and log them
Ermal LUÇI
08:57 PM Revision 9261915b: If extra bw attributes are supplied during reauthentication apply and log them
Ermal LUÇI
07:18 PM Revision 5c0b5f64: Unlock if error occurs
Ermal LUÇI
07:17 PM Revision 66c18912: Unlock if error occurs
Ermal LUÇI
06:19 PM Bug #2446: pfSense fails to queue UDP packets
Can you detail the rule you say assigns the traffic to your desired queue? Ermal Luçi
10:13 AM Bug #2446: pfSense fails to queue UDP packets
Some extra details:
The floating rule assigning traffic A to the special queue should be set to "apply the action ... Torgeir Skjøtskift
10:06 AM Bug #2446 (Closed): pfSense fails to queue UDP packets
Replication instructions:
Create CBQ or PRIQ shaper on WAN interface and create a default queue and another queue ... Torgeir Skjøtskift
06:19 PM Bug #2447 (Resolved): Duplicated destination IPs in easy rule.
On snapshot released Tue May 22 08:05:51 EDT 2012
Easy rule adds duplicated "destination" IPs instead of "source"... greg Bernard
01:26 PM Revision 43d735de: Use "proto 112" instead of tcpdump's vrrp keyword since it's a little behind the times and doesn't realize that ip6+vrrp is valid. And since we're not using the vrrp keyword directly anymore, let's call it CARP instead.
Jim Pingle
06:13 AM Revision 5a61fd69: Make sure that we match multiple characters.
Ticket #2415 Seth Mos
05:49 AM Revision e7de69fb: First round of CARP vip renaming changes
Ticket #2415 Seth Mos
05:10 AM Bug #2409: ipfw - entryzerostats
in version 2.1.0 (bild 18May2012) an error is confirmed. Vlad Arakin
04:18 AM Bug #2038 (Resolved): Some 3G WANs on 2.0.x do not come up on cold boot
This turned out to be a specific issue with ZTE modems and pin lock.
I've switched to a huawei modem and found a g... Seth Mos
03:54 AM Bug #2278: IPv6 Carp vip both master on FreeBSD 8.3
Ermal - you can put the time to Coltex Chris Buechler
03:51 AM Bug #2278 (New): IPv6 Carp vip both master on FreeBSD 8.3
Chris Buechler
03:50 AM Bug #2278: IPv6 Carp vip both master on FreeBSD 8.3
Still hitting the double master issue in the Xs4all DC carp Seth Mos
02:39 AM Bug #2445: Carp vip renaming broken IPsec VPN tunnels that reference carp interfaces.
$i = 0;
foreach($config['ipsec']['phase1'] as $phase1) {
if($phase1['interface'] == "vip131")
$config['ipsec'][... Seth Mos
02:34 AM Bug #2445 (Resolved): Carp vip renaming broken IPsec VPN tunnels that reference carp interfaces.
Because of the vip renaming per interface any IPsec VPN tunnels, or endpoints referencing a CARP vip are now broken a... Seth Mos

05/21/2012

05:01 PM Revision ee8c34f4: Properly test for the address family now that the array says what it's supposed to be.
Seth Mos
04:57 PM Revision 44b054ce: Add the address family tag to the gateway groups array
Seth Mos
02:10 PM Revision c0ae3bfb: Don't auto-toggle the "do not backup rrd" setting - we do not want this on unless the user explicitly selects it. It makes for very, very large backup files and must default to off.
Jim Pingle
01:41 PM Revision 2b095a33: Correct the rrd update command
Seth Mos
01:35 PM Revision 852171dd: Read in the correct interface file
Seth Mos
01:31 PM Revision 5e589685: Add 3G statistics for Huawei modems, split the Cellular stats out to per interface instead of global.
Seth Mos

05/20/2012

11:52 PM Revision 612f5198: Modify the tar parameters to exclude .git
Erik Fonnesbeck
09:11 PM Bug #2444: DynamicDNS doesn't update on WAN IP change
I am not 100% sure what you mean,
my DSL modem is connected to PF and DSL_WAN PF interface manages the PPPoE
connec... themisa themisa
08:49 PM Bug #2444 (Feedback): DynamicDNS doesn't update on WAN IP change
is the public IP actually on the firewall, not the modem? That's usually the cause, since in such cases it's impossib... Chris Buechler
08:14 PM Bug #2444 (Closed): DynamicDNS doesn't update on WAN IP change
I have a DSL WAN whose IP changes often.
If i manually make a change to the DSL_WAN interface, DynamicDNC updates ... themisa themisa
07:15 PM Revision c6d0f00b: Allow modification of gateway groups even if the gateways are down.
Seth Mos
06:57 PM Revision 96cd928b: Allow saving on system.php if the gateways are down.
Seth Mos
06:01 PM Revision 793d3c96: Attempt to Eject the CD device on 3G sticks for Huawei and ZTE devices.
Seth Mos
06:01 PM Revision 1de3cd87: Act on wireless interfaces too for linkup.
Redmine ticket #2440 Seth Mos
05:37 PM Feature #2443 (New): Automatically start 3G usb interfaces upon plugin
And cleanup the old LCK files from /var/spool/lock/LCK..cuaU0.0
devd should be able to do this for us. It says it ... Seth Mos
05:10 PM Bug #2440 (Feedback): Wireless client nic set for DHCP does not start dhclient
Seth Mos
05:10 PM Bug #2440: Wireless client nic set for DHCP does not start dhclient
Hoping the devd changes resolve this, hoping for the best. Wireless is 802.11, not ethernet Seth Mos
12:15 PM Bug #2440 (New): Wireless client nic set for DHCP does not start dhclient
Helps in most cases but can still cause it to take too long making the dhcp client fail. Needs proper check_reload_st... Seth Mos
08:47 AM Bug #2440 (Resolved): Wireless client nic set for DHCP does not start dhclient
Seth Mos
07:44 AM Bug #2440: Wireless client nic set for DHCP does not start dhclient
The wireless interface reconfigure (Even with persist settings toggled) causes the interface to go down which then ne... Seth Mos
07:32 AM Bug #2440: Wireless client nic set for DHCP does not start dhclient
check_reload_status is firing off for vr1, but not for ural0_wlan0 eventhough the kernel is marking it as up.... Seth Mos
07:10 AM Bug #2440: Wireless client nic set for DHCP does not start dhclient
Error output only lists:... Seth Mos
04:28 PM Revision e4834b57: Merge pull request #111 from vizvayu/bug2374
Fix of bug #2374 "When entering values in firewall rules leading and trailing spaces are not deleted" bis Jim Pingle
03:51 PM Revision 03f7925a: Fix variable test
Jim Pingle
12:50 PM Revision 2a210730: Initialize variable if it's not set
Seth Mos
12:48 PM Revision ffd2059b: This command works better with Huawei modems. Needs more testing
Seth Mos
11:21 AM Revision 1cba5c58: Make sure we don't accidentaly clobber the v4 dns servers with empty fields from v6
Seth Mos
11:13 AM Revision 3930a9c0: Prevent duplicate gateways from showing up if the interface is down. Redmine ticket #2442
Seth Mos
10:38 AM Revision d23ef852: Set the retry value to 60 seconds, this is not attempts, this is seconds before it needs a reply. So if the DHCP server was any sort of slow it would fail to aquire a lease. This was true for my wireless network at home. Plus, on various other lossy links, even cable modems this could be true.
Redmine ticket #2440
retry time;
The retry statement determines the time that must pass after the
... Seth Mos
10:34 AM Bug #2437 (Feedback): PHP missing bcmath (that was solved for pfSense 2.0 two years ago, re-discovered in the latest pfSense 2.1)
Change just checked in, let me know how it goes. Seth Mos
10:09 AM Revision b2ff5d17: Add the PPP automatic interface type. This would show the _PPP gateways.
Seth Mos
08:46 AM Bug #2442 (Resolved): Duplicate gateways showing for down interfaces
Should be resolved properly, or atleast for now, pretty sure we'll run into something new at some point. When adding ... Seth Mos
07:55 AM Bug #2442 (Resolved): Duplicate gateways showing for down interfaces
When dynamic interfaces are down, these will show up even if there is already a manual entry for it too.
I have a ... Seth Mos

05/19/2012

06:03 PM Bug #2441 (Closed): Setting up a new PPP interface (3g) hangs the webUI
Trying to add a new PPP interface on a system that has no such configuration results in the UI hanging.
A system t... Seth Mos
06:01 PM Bug #2440 (Resolved): Wireless client nic set for DHCP does not start dhclient
I've configured a wireless nic as a client (infrastructure) on Opt3. It is set for DHCP but although the link comes u... Seth Mos
05:00 PM Feature #2148: Dynamic DNS Update Frequency
I've been able to reproduce it.
When i open WAN_DSL connection and apply changes it does force a DynDNS update.
H... themisa themisa
04:38 PM Feature #2148: Dynamic DNS Update Frequency
I've yet to see it update on WAN IP change.
My WAN_DSL ip has changed, the dsl modem is connected directly to PF.
D... themisa themisa
12:06 PM Feature #2439 (Resolved): XEN Para-virtualized Drivers Support
It's possible to include the xen DomU driver in pfsense 2.1 ? Jan Koester
02:22 AM Revision fd86d829: Overcome laziness to avoid unnecessary loop
Cristian Feldman
01:57 AM Revision 90f90934: Fix of bug #2374 "When entering values in firewall rules leading and
trailing spaces are not deleted" Cristian Feldman

05/18/2012

07:49 PM Revision 1346306c: Allow 802.1p tags to be controlled from firewall rules edit screen
Ermal LUÇI
05:58 PM Feature #2438 (Duplicate): Inbound traffic shaping on unpredictable ADSL - the qosmon approach
I've been using pfSense for some time now, and it's wonderful. I've never been able to solve a problem, anyway: QoS o... Stefano Marinelli
05:12 PM Bug #2437 (Resolved): PHP missing bcmath (that was solved for pfSense 2.0 two years ago, re-discovered in the latest pfSense 2.1)
1.
When "Radius Accounting" is enabled and trying to disconnect a connected client in the captive portal gui - the f... Yuri Keren
05:10 PM Revision 26c31b86: Merge pull request #109 from marcelloc/patch-11
Patch 11 Scott Ullrich
05:09 PM Revision 38026252: Include movable code to reorder list,save button, domtt title messages, also base64 decode option, description and custom text to checkbox fields.
New options need xml config to be included on package xml files, so no changes to packages that do not use these func... Marcello Silva Coutinho
03:36 PM Bug #2373: There were error(s) loading the rules... (Floating rules bug)
Also worth noting, though similar to the fact that it happens if you upgrade from 2.0.1 (noted above) is that loading... Mark Uhde
04:11 AM Revision 9c408ade: Merge pull request #108 from vizvayu/dashboard-cpufreq-update
System info widget on dashboard now updates CPU Frequency automatically Scott Ullrich
03:53 AM Revision 4dedd18a: System info widget on dashboard now updates CPU Frequency automatically
Cristian Feldman
03:41 AM Revision 735021f5: Merge pull request #94 from vizvayu/master
Added description text for IPSec tunnel status in "Status: IPsec" page Chris Buechler
01:37 AM Revision a425a28b: Moved status text to img title (tooltip)
Cristian Feldman
01:37 AM Revision 4976f453: Added description text for IPSec tunnel status in "Status: IPsec" page
Cristian Feldman
12:17 AM Revision c1361a9f: feature #2413 Allow IPv6 interface configuration from the menu
Darren Embry

05/17/2012

11:17 PM Revision 416e1530: normalize indentation
Darren Embry
11:02 PM Revision cd485c4f: remove some log_error calls
Darren Embry
11:00 PM Revision 283d78c6: bug fix for #2426
Input validaton on interface gateway creation box needs to reject duplicate names Darren Embry
10:33 PM Revision a0edece9: report errors adding a gateway through ajax calls
Darren Embry
09:32 PM Revision 8dcca9b5: - also rename $section arg to $section_name in some functions to clarify
- also robustify parsing for <tagname> and bulletproof the handling of
certain errors Darren Embry
09:30 PM Revision 428c289f: allow null to be passed as 2nd arg to parse_config_xml*
in which case entire config is returned Darren Embry
09:14 PM Revision ff9fbc7b: fix 'XML error: no Array object found!' errors
Darren Embry
08:49 PM Revision 976d0213: fix cosmetic bug when developer was turned on.
highlight the hidden menu item differently. Darren Embry
08:13 PM Feature #2413 (Feedback): Allow IPv6 interface configuration from the menu
implemented in commit:c1361a9f
I've done basic testing but this needs a lot more testing than i'm able to do so i'... Darren Embry
07:43 PM Revision dcb94db5: fix for #2231
Don't activate master "Save Settings" button on traffic graph min/max. Darren Embry
07:22 PM Revision f757431d: more verbose log_error on rrdtool restore failure
Darren Embry
07:22 PM Revision 5d51f00e: log_error if rrdtool restore calls fail
Darren Embry
07:16 PM Revision 08877746: restore_rrddata() adds log_error calls and uses -f
Darren Embry
07:13 PM Revision 7a865f03: add -f to 'rrdtool restore' call
Darren Embry
06:58 PM Bug #2426 (Resolved): Input validaton on interface gateway creation box needs to reject duplicate names
fixed in commit:283d78c6 Darren Embry
04:53 PM Bug #2426: Input validaton on interface gateway creation box needs to reject duplicate names
Darren, do you think you can prevent this duplicate name issue in the Ajax call?
 Seth Mos
06:55 PM Revision 7eead1fc: add rrddata to backup/restore dropdowns.
Darren Embry
06:05 PM Revision c9a19238: indentation cleanup
Darren Embry
06:03 PM Revision 754b75d0: move certain code to new function restore_rrddata()
Darren Embry
05:46 PM Bug #2373: There were error(s) loading the rules... (Floating rules bug)
I just want to say, that amd64 architecture is affected also.
Have just tried it. Vladimir Suhhanov
05:30 PM Feature #2356: Fill the "Track Interface" prefix drop down list asynchronously
Seth, reassigning to you for you to test/close/assign back to me as needed. Darren Embry
05:29 PM Feature #2436 (Feedback): Enhance the restore section of the Backup/Restore section
Fixed in commit:428c289f and commit:8dcca9b5.
Reassigning to you so you can do further testing.
Please close if e... Darren Embry
03:48 PM Feature #2436 (Resolved): Enhance the restore section of the Backup/Restore section
If restoring a partial config, we currently assume that only that section is uploaded. This is somewhat counterintuit... Seth Mos
04:37 PM Feature #2123: Backup RRD files using the xml dump and restore from RRD tools
Fatal error: Allowed memory size of 134217728 bytes exhausted (tried to allocate 90164860 bytes) in /usr/local/www/di... Seth Mos
03:21 PM Feature #2123: Backup RRD files using the xml dump and restore from RRD tools
I've also added "RRD Data" as a backup option in the dropdowns. Requires a little special handling in diag_backup.ph... Darren Embry
03:18 PM Feature #2123: Backup RRD files using the xml dump and restore from RRD tools
I've confirmed that -f is actually necessary anyway and added -f and log_error calls on failure to all the rrdtool re... Darren Embry
10:12 AM Feature #2123: Backup RRD files using the xml dump and restore from RRD tools
The quick test I just did, backup config.xml on i386, upgrade to amd64, then restore config.xml didn't fix the RRD fi... Seth Mos
04:17 PM Bug #2231 (Resolved): Dashboard: Traffic Graph: Unable to save settings
Darren Embry
03:38 PM Bug #2231: Dashboard: Traffic Graph: Unable to save settings
fixed in commit:dcb94db5 Darren Embry
12:25 AM pfSense Packages Bug #2435 (Resolved): SquidGuard: Deprecated function 'eregi' warnings
In squidguard_configurator.inc, there are a number of uses of @eregi()@ which is now deprecated in PHP 5.3. This cau... Moshe Katz

05/16/2012

06:03 PM Revision b61e8960: Teach mwexec and mwexec_bg how to optionally clear signal masks, and use that when launching ntp or ntpdate.
Jim Pingle
05:21 PM Revision 10e741d5: ntpdate was hanging, use the same hacky fix that works for ntpd and it works too. All happy, even from a cold boot on ALIX 2d3 with no RTC battery.
Jim Pingle
05:17 PM Revision 9cf11774: Fixup halt and reboot to catch the output from the shutdown process properly.
Conflicts:
usr/local/www/halt.php
usr/local/www/reboot.php Jim Pingle
05:15 PM Revision b40e9b1c: Fixup halt and reboot to catch the output from the shutdown process properly.
Jim Pingle
02:57 PM Revision b3f2cc0f: Fixup ntpd logging
Jim Pingle
02:49 PM Revision 90df3bd8: On its own, ntpd does not sync fast enough at bootup, so bring back the ntpdate sync but improve it so it can't get stuck forever.
Conflicts:
etc/rc.newwanipv6 Jim Pingle
02:48 PM Revision 0b8e9d38: On its own, ntpd does not sync fast enough at bootup, so bring back the ntpdate sync but improve it so it can't get stuck forever.
Jim Pingle
09:48 AM Bug #2231 (New): Dashboard: Traffic Graph: Unable to save settings
Something still isn't 100% here - When you activate a drop-down to expand one of the closed graphs, it also activates... Jim Pingle

05/15/2012

09:01 PM Revision 317d1c0b: Hackish workaround for ntpd failing to move away from init when called from within PHP 5.2, PHP 5.3 has a better workaround.
Jim Pingle
08:50 PM Revision df973fcb: Revert "Clear process signals before exec() or ntpd misbehaves if called from PHP on i386." -- this only works on PHP 5.3
This reverts commit ac4bc5853f75a8f8467f5c53704f33e2066c3da6. Jim Pingle
08:42 PM Revision 82deea60: Fix syntax here too in case we need to revive it.
Jim Pingle
08:41 PM Revision 11e06906: Fix syntax here too in case we need to revive it.
Jim Pingle
08:37 PM Revision 7dab8995: Clear process signals before exec() or ntpd misbehaves if called from PHP on i386.
Jim Pingle
08:36 PM Revision ac4bc585: Clear process signals before exec() or ntpd misbehaves if called from PHP on i386.
Jim Pingle
08:08 PM Revision d80eae9a: Update gitsync with latest changes from master branch
feef287ead62815b1a67bac15ebaa2d36226d4e2 - Remove obsolete files after gitsync
26b8990538c71c99df8e95fd5fada57f79465d... Erik Fonnesbeck
07:26 PM Revision ae26412f: Move git package name/URL to the configuration variables section.
Erik Fonnesbeck
06:27 PM Revision da5b3e83: Merge pull request #107 from bcyrill/patch-1
correct closing tags Jim Pingle
06:22 PM Revision ec18e696: correct closing tags
Cyrill B
05:45 PM Revision e37eeb49: Only process this if it's an array
Jim Pingle
05:05 PM Revision ac911619: Use a text description instead of a code.
Jim Pingle
05:04 PM Revision 0770e603: Add NTP status page using ntpq.
Jim Pingle
05:04 PM Revision 321f3076: Use FreeBSD's ntpd instead in the backend
Jim Pingle
05:04 PM Revision 49551bbf: With FreeBSD's ntpd, the current options are irrelevant, but we can have a nice status page
Conflicts:
usr/local/www/fbegin.inc Jim Pingle
05:01 PM Revision a0c16779: Fix ntp name here too
Conflicts:
etc/inc/priv.defs.inc Jim Pingle
05:00 PM Revision 02414e3a: s/OpenNTPD/NTP/ for log pages and menu entry, to save space (and make it easier if we switch)
Conflicts:
usr/local/www/diag_logs.php
usr/local/www/diag_logs_auth.php
usr/local/www/diag_l... Jim Pingle
03:44 PM Revision c886fed9: As suggested by wagonza, using SAMEORIGIN for X-Frame-Options is sufficient here, and does allow the traffic graphs to work. Fixes #2419
Jim Pingle
03:11 PM Revision 29c2c1db: Fix quoting - can't use ' if we want to expand a variable inside the string.
Jim Pingle
02:35 PM Revision 25890c50: Use a text description instead of a code.
Jim Pingle
11:40 AM Bug #2419 (Feedback): Possible Clickjacking Vunerability
Applied in changeset commit:c886fed9ba6a19fface58c918be5d7b111cca1f3. Jim Pingle
10:56 AM Bug #2419 (New): Possible Clickjacking Vunerability
Adding this bit in auth.inc broke the realtime traffic graphs:
@Header("X-Frame-Options: DENY");@
We either nee... Jim Pingle

05/14/2012

08:30 PM Revision e078c882: Add NTP status page using ntpq.
Jim Pingle
07:44 PM Revision 42135f07: Use FreeBSD's ntpd instead in the backend
Jim Pingle
06:50 PM Revision a8543b59: With FreeBSD's ntpd, the current options are irrelevant, but we can have a nice status page
Jim Pingle
06:17 PM Revision ffc7d2c4: Fix ntp name here too
Jim Pingle
06:11 PM Revision ae2c143a: s/OpenNTPD/NTP/ for log pages and menu entry, to save space (and make it easier if we switch)
Jim Pingle
04:39 PM Revision 547c56c4: Create $altnames earlier, and also fix a bracing issue with this if statement. Fixes certificate importing.
Jim Pingle
04:27 PM Revision e052047d: Whoops, don't flip these since I negated the test.
Jim Pingle
03:09 PM Revision d9c96fb1: Flip this test around since it's safer to assume the dev mode is tun. Ticket #2432
Jim Pingle
02:03 PM Revision 93efafec: Fix redirect when saving settings in the widget, it was landing on the widget page instead of returning to the dashboard.
Jim Pingle
02:02 PM Revision e6b16f89: Fix redirect when saving settings in the widget, it was landing on the widget page instead of returning to the dashboard.
Jim Pingle
01:08 PM Revision 310c29c6: Make the ppp-linkup script understand both address families.
Seth Mos
12:54 PM Revision e32cb5d0: Make the ppp-linkup script understand both address families.
Seth Mos
12:23 PM Bug #2432: OpenVPN Client Specific Override ifconfig-push
Yeah you're right I started to fix it one way then changed my mind halfway, but didn't back out the original change. ... Jim Pingle
12:19 PM Bug #2432: OpenVPN Client Specific Override ifconfig-push
I understand your concern about upgrade users since i appreciate when upgrade runs smoothly.
I've looked at the ... Davy Gigan
11:03 AM Bug #2432: OpenVPN Client Specific Override ifconfig-push
Not sure that making them server-specific will be feasible. At the very least, that will cause problems for upgrade u... Jim Pingle
10:48 AM Bug #2432 (Closed): OpenVPN Client Specific Override ifconfig-push
Hello,
I'm using a snapshot of pfSense 2.1 (20120419-1059). My pfSense installation holds two distinct VPN serve... Davy Gigan
11:25 AM pfSense Packages Bug #2429: Hostname issues in OpenVPN Client Export
I replaced the two {{ with { in /usr/local/pkg/openvpn-client-export.inc on two lines in the file.
It works perfectly! Thomas Svedin
10:20 AM pfSense Packages Bug #2429 (Feedback): Hostname issues in OpenVPN Client Export
Applied in changeset commit:0d639e580d2fc2651a4386a4248ac9e9b97d949d. Jim Pingle
05:14 AM pfSense Packages Bug #2429 (Resolved): Hostname issues in OpenVPN Client Export
When i select installation hostname when i export it looks like this in the configuration file:
remote host.{domain.... Thomas Svedin
09:44 AM Bug #2431 (Rejected): Receiving warning message when adding/modifiyng exclude list in Services Status widget (dashboard)
This has already been fixed in 2.0.2/2.1. Jim Pingle
06:02 AM Bug #2431 (Rejected): Receiving warning message when adding/modifiyng exclude list in Services Status widget (dashboard)
Warning message displayed :... Xavier Romain
09:43 AM Bug #2430 (Rejected): Receiving warning message when adding/modifiyng exclude list in Services Status widget (dashboard)
Duplicate Jim Pingle
06:36 AM Bug #2430: Receiving warning message when adding/modifiyng exclude list in Services Status widget (dashboard)
Sorry for duplicate submit. Xavier Romain
06:02 AM Bug #2430 (Rejected): Receiving warning message when adding/modifiyng exclude list in Services Status widget (dashboard)
Warning message displayed :... Xavier Romain

05/11/2012

04:49 PM Revision bbdc5919: remove the stuff triggering display of relay protocol row
Darren Embry
04:49 PM Revision 06d84cf3: allow port in virtual servers to be left blank
in which case listening port would be inherited from the pool Darren Embry
04:49 PM Revision 183ea34c: allow aliases for the ipaddr field in virtual servers (PEV-394754)
Darren Embry
03:16 PM Revision 777c202f: make use of the correct file to send notifications
Warren Baker
03:12 PM Revision 62fc138e: make use of the correct file to send notifications
Warren Baker
03:04 PM Revision 937cec84: fix for bug #2422 could not remove entries from CP Allowed Hostnames
Darren Embry
11:34 AM Bug #2428 (Resolved): Removing a limiter breaks any references to limiters after it
It appears that the limiters are referenced only by their index in the current list of limiters, instead of by name o... Jim Pingle
11:08 AM Bug #2427 (Feedback): /etc/rc.firmware_notify
Wrong file been referenced. Fix in commit:62fc138e7096d9b28026a86244baad56980494f4 Warren Baker
06:36 AM Bug #2427 (Resolved): /etc/rc.firmware_notify
When doing an upgrade the shell script /etc/rc.firmware is executed. As part of the upgrade process this script execu... Warren Baker
10:59 AM Bug #2422 (Resolved): Captive Portal: Allowed Hostnames tab - cannot remove a previously added hostname
fixed in commit:937cec84
 Darren Embry
07:29 AM Bug #2426: Input validaton on interface gateway creation box needs to reject duplicate names
[Edit: the ticket system seems to have chopped off all my text except the last line...]
The real issue is making a d... Jim Pingle
04:31 AM Bug #2426 (Resolved): Input validaton on interface gateway creation box needs to reject duplicate names
If two gateways are created with the same name/label, and one of them is set as default for an interface, it's not po... Max Frames

05/10/2012

07:17 PM Revision 4dfd930e: cleanup: code for building arrays for autocompleted fields
Darren Embry
06:25 PM Revision c9649cf8: Merge pull request #106 from irvingpop/master
max_procs adjustments for small memory systems, attempt 2 Scott Ullrich
06:17 PM Revision 98f20e35: max_procs adjustments for small memory systems, attempt 2
Per Jim P's feedback, move max_procs completely out of
system_webgui_start() and move all of the memory/procs decis... Irving Popovetsky
06:00 PM Revision 5b84bd65: add autocomplete for port (PEV-394754)
Darren Embry
05:51 PM Revision 04d4bcdf: use get_alias_list for port field in load_balancer_pool_edit
Darren Embry
05:48 PM Revision a0539faa: prep work: function get_alias_list()
I wrote this function primarily to remove a lot of duplicate code
that's there because of a lot of those autocomplete... Darren Embry
04:39 PM Revision a1f77238: add autocomplete to load_balancer_pool_edit.php (PEV-394754)
we also enable the json extension here. Darren Embry
04:05 PM Revision 9b420daf: fix a bug in anti-clickjack that made all pages blank
https://github.com/bsdperimeter/pfsense/commit/babac37a3b9a676525fff422011b9f3c0f9bd39f Darren Embry
03:54 PM Revision f3d7f30e: update help text in port fields to Firewall -> Aliases (PEV-394754)
Darren Embry
03:51 PM Revision babac37a: Add click jacking support. Ticket #2419
Scott Ullrich
02:15 PM Bug #2063: PHP Memory Usage too high for 128MB RAM Systems (like ALIX)
pull request attempt number 2: https://github.com/bsdperimeter/pfsense/pull/106 Irving Popovetsky
12:35 PM Bug #2063: PHP Memory Usage too high for 128MB RAM Systems (like ALIX)
Pull request to set the number of web configurator processes to 1 on ALIX systems with 256MB RAM or less
https://... Irving Popovetsky
12:56 PM Revision 970934dc: Revert "Bump config version to take care of new vips" - forgot to revert this when I reverted the main vip commit.
This reverts commit ccf346ddb80997a4426484c25e5c3bd8a223990f. Jim Pingle
12:02 PM Bug #2359 (Resolved): Typo: OpenVPN Configuration Page has two items "Server DHCP Bridge Start"
Jim Pingle
11:49 AM Bug #2359: Typo: OpenVPN Configuration Page has two items "Server DHCP Bridge Start"
This is already fixed for 2.1: https://github.com/bsdperimeter/pfsense/pull/96 Irving Popovetsky
11:46 AM Bug #2328: Numerous non-CP logs ending up in CP logs
http://www.php.net/manual/en/function.openlog.php#98307 suggests an alternate way of specifying the facility that may... Jim Pingle
11:35 AM Bug #2328: Numerous non-CP logs ending up in CP logs
That looks like anything in PHP that uses log_error() is doing that.
However log_error is doing this:... Jim Pingle
11:45 AM Bug #2419 (Feedback): Possible Clickjacking Vunerability
Scott Ullrich
09:57 AM Feature #2424 (Resolved): Allow masking of pass-thru MACs
ipfw supports masking MACs, sort of like a CIDR, and this could be a useful feature to allow, for example, all phones... Jim Pingle
09:34 AM Bug #2423 (Closed): OpenNTPD seems to fail over time and can cause unintended clock skew.
Over time, NTP eventually loses the ability to keep the clock in sync and sometimes will actually set the wrong time,... Jim Pingle
07:07 AM Revision 5b5c9911: Add _ to the list of are allowed characters
Warren Baker
07:02 AM Revision 06f746c3: Add _ to the list of are allowed characters
Warren Baker
06:51 AM Bug #2373: There were error(s) loading the rules... (Floating rules bug)
Some error
Snap 2.1-DEVELOPMENT built on Wed May 9 21:13:38 EDT 2012 ... Yan Triary
02:34 AM Feature #2418 (Closed): HttpOnly and Secure flag are not set in the HTTP response header
Awesome stuff. Warren Baker
02:27 AM Feature #2418: HttpOnly and Secure flag are not set in the HTTP response header
Wow.. Fantastic
Works as i had hoped
thank you for the quick fix Laterpay Gmbh
01:57 AM Revision 82618bec: fix typo
Chris Buechler
01:57 AM Revision b1aa904f: fix typo
Chris Buechler
 

Also available in: Atom