pfSense

01/17/2014

04:46 AM Feature #3398 (Needs Patch): Notifications - information about errors

I test the pfsense on HP DL360 G5
CPU: Intel(R) Xeon(R) E5410
Ram: 8GB
Disk controller: P400i (RAID5 4x hdd)
Wh... Przemysław W

02:50 AM Bug #3205: Partial system freeze when disconnecting USB 3G stick

i got the same situation as well as with the 3g stick connected if i reboot pfsense then it would just get stuck when... Bipin Chandra

01/16/2014

02:28 AM Bug #3397 (Needs Patch): Cannot load builtin or external firmware for mwl driver

Hello,
I've tried to get a marvell wireless card to work a long time before posting this.
Here's the output of pf... Orsiris de Jong

01/14/2014

09:15 PM Todo #3396 (Resolved): Replace dnsmasq with Unbound

The replacement of dnsmasq with unbound needs to be completed for 2.2.
Chris Buechler

08:40 PM Bug #3214 (Rejected): bogons/bogonsv6 include stupid things

#3395 addresses the only problem here. none of that impacts DHCP4 clients. Chris Buechler

08:39 PM Bug #3395 (Resolved): DHCPv6 client pass rules need to come before bogons

8000::/1 is included in Cymru's v6 bogons list. That's sane, since it shouldn't be in the Internet routing table, but... Chris Buechler

08:17 PM Bug #3394: radvd wrongly binds to *:546 in some circumstances

I'll provide further details privately to the person working on the issue, it's on a customer system and not somethin... Chris Buechler

08:16 PM Bug #3394 (Resolved): radvd wrongly binds to *:546 in some circumstances

I can't seem to determine why, as different systems with seemingly identical radvd.conf files don't consistently disp... Chris Buechler

07:34 AM Bug #3045: NTPD crash / doesn't come up

simply one line contining:
-0.056
(or other numbers) Fabio Giudici

04:03 AM Bug #3045: NTPD crash / doesn't come up

Fabio Giudici wrote:
> Good morning
> Just one more question: is it ntpd running in jail/chroot?
>
> Just to ... Renato Botelho

01:01 AM Bug #3045: NTPD crash / doesn't come up

Good morning
Just one more question: is it ntpd running in jail/chroot?
Just to restrict the issue...but it se... Fabio Giudici

07:10 AM Todo #765: Patch: Add custom DHCP configuration

Hello,
I am aware that this Feature Request is 3 years old but I feel that the last comment by Jonathan Diete is t... Florent Poinsaut

05:40 AM Bug #2706 (Feedback): Padlock may need some adjustments for FreeBSD 10.x

Applied in changeset pfsense-tools:commit:3b8d3adb58956d7415f52bcc81cfb1eca84e80b0. Renato Botelho

01/13/2014

11:14 AM Bug #3045: NTPD crash / doesn't come up

I see a problem on my 2.1 64-bit system with NTPD that may be related to the issues reported here. Anytime the WAN i... Bill Meeks

09:50 AM Bug #3045: NTPD crash / doesn't come up

Fabio Giudici wrote:
> I did just a series of test, and the core dump of ntpd seems strictly related to the presence... Renato Botelho

01/12/2014

08:21 AM Bug #2762: PF drops IPv6 packets with fragment header followed by a last fragment only

And another one on the broken scrub: http://www.freebsd.org/cgi/query-pr.cgi?pr=172648 Doktor Notor

08:16 AM Bug #2762: PF drops IPv6 packets with fragment header followed by a last fragment only

Erm, guys, what's up with this?! Upstream apparently does NOT intend to fix this in any way, cf. http://www.freebsd.o... Doktor Notor

01/11/2014

01:26 PM Feature #2358: NAT64 support

UPVOTE. I really like to be able to run my network with IPv6 only and make legacy IPv4 site available through NAT64. Andreas Peetz

03:38 AM Bug #3045: NTPD crash / doesn't come up

I did just a series of test, and the core dump of ntpd seems strictly related to the presence of the file /var/db/ntp... Fabio Giudici

01/10/2014

03:08 AM Feature #3393: AS filtering support in aliases

An example of retrieving facebook ips from their AS number
[code]
whois -h whois.radb.net -- '-i origin AS32934' | ... Ermal Luçi

03:06 AM Feature #3393 (Resolved): AS filtering support in aliases

It would be nice to have an option to define a type of AS number in the aliasesand retrieve all the ips from the whoi... Ermal Luçi

01:38 AM Feature #3377: OAuth2 authentication in captive portal

there will be publicly-available 2.2 snapshots in the not too distant future. At this point, I think you might be ok ... Chris Buechler

01/09/2014

04:42 AM Feature #3377: OAuth2 authentication in captive portal

Here is a proof of concept, for a OAuth2 captive portal authentication with Google accounts :
https://github.com/... Thomas NOEL

02:52 AM Bug #3392 (Rejected): Allow to configure different mac addresses for multiple VLANs on same physical interface

duplicate of #2859.
this isn't the place to ask questions, please take those to the forum or mailing list. Chris Buechler

02:50 AM Bug #3392: Allow to configure different mac addresses for multiple VLANs on same physical interface

Feature #2859
how to do that coz i have just one nic and 4 VLANS configured on it, 2 WAN and 2 LAN Nikita Drachev

02:48 AM Bug #3392 (Rejected): Allow to configure different mac addresses for multiple VLANs on same physical interface

I had to beg to change the MAC of the provider.
Very important! I can make a few NIC VMware on, but I can not create... Nikita Drachev

01/08/2014

09:18 AM Feature #972: Allow adding gateways outside of interface subnet

Hi Dan,
I felt in the same trouble, and I the idea I have found to survive reboot is using the ShellCmd package : ... Dédé D

07:41 AM pfSense Packages Bug #3391 (Rejected): Quagga OSPF doesn't install properly

It works fine in a test VM here that never had Quagga, and also in a separate VM that had it previously and reinstall... Jim Pingle

02:46 AM pfSense Packages Bug #3391 (Rejected): Quagga OSPF doesn't install properly

Hello,
I have several pfSense firewalls, all having Quagga OSPF and running without issues.
They where installed ... Johan Braeken

05:28 AM Bug #2800: OpenVPN doesn't work properly with intermediate/chained CAs

You mean you essentially created a cert chain yourself in the Certificate Authority Manager and then it worked? Malte Stretz

01/07/2014

07:20 PM Feature #3388: Add checkbox and logic to disable forwarding of HTTPS requests to captive portal

that's reasonable, submit that as a pull request in github and we'll get it merged. Chris Buechler

04:15 PM Feature #3388: Add checkbox and logic to disable forwarding of HTTPS requests to captive portal

You're still misunderstanding. If the initial connection by the user prior to CP authentication is to, say, https://... Chris Linstruth

02:19 PM Feature #3388: Add checkbox and logic to disable forwarding of HTTPS requests to captive portal

Use a signed certificate on your CP!!! Ermal Luçi

10:37 AM Feature #3388: Add checkbox and logic to disable forwarding of HTTPS requests to captive portal

I believe you are missing the point.
This enables administrators to utilize HTTPS CP authentication, which might b... Chris Linstruth

05:05 AM Feature #3388 (Rejected): Add checkbox and logic to disable forwarding of HTTPS requests to captive portal

Just do not configure https authentication! Ermal Luçi

04:39 PM Feature #3387: process_alias_urltable Frequency

Ah never mind. I forgot about the ability to change the type on the fly... Shawn Bruce

04:12 PM Feature #3387: process_alias_urltable Frequency

Shawn Bruce wrote:
> I have created a diff for firewall_aliases_edit.php against the latest git version. Would this ... Shawn Bruce

04:11 PM Feature #3387: process_alias_urltable Frequency

I have created a diff for firewall_aliases_edit.php against the latest git version. Would this be acceptable?
I am... Shawn Bruce

04:12 AM Feature #3387: process_alias_urltable Frequency

A code to upgrade current config to new format will be necessary too Renato Botelho

07:39 AM Bug #3383: Web GUI becomes slow or unusable if the LDAP server used for GUI auth is unreachable

It seems like maybe the authentication fallback that allows a person to login using local auth when their LDAP server... Jim Pingle

04:59 AM Bug #3383: Web GUI becomes slow or unusable if the LDAP server used for GUI auth is unreachable

On pfSense 2.2 you will be able to revert GUI auth backend to Local Database on the same option you use to restore GU... Renato Botelho

06:51 AM Bug #3389 (Resolved): GUI allows to configure ICMPv4 types for ICMPv6 firewall rules

When I try to create a firewall rule that handles only certain types of IPv6 ICMP traffic, the interface lets me sele... Andreas Peetz

05:00 AM Bug #3384: NTPd should deny service if the packet spacing violates the lower limits specified in the discard command (CVE-2013-5211)

Applied in changeset commit:51922cb793b83bf7d22fdaa47205fd59b4d70e87. Renato Botelho

05:00 AM Bug #3384 (Feedback): NTPd should deny service if the packet spacing violates the lower limits specified in the discard command (CVE-2013-5211)

Applied in changeset commit:6b6607316481aacaa055f8e4bce2ce1e520d3b1b. Renato Botelho

01/06/2014

04:48 PM Feature #3388 (Rejected): Add checkbox and logic to disable forwarding of HTTPS requests to captive portal

Candidate patch here:
https://github.com/derelict-pf/pfsense/commit/e98daec5960b7ecdd18bc461003df3a18d2adbe7 Chris Linstruth

04:45 PM Bug #3340: Captive Portal deletes concurrent sessions even if noconcurrentlogins is not set

Candidate patch here:
https://github.com/derelict-pf/pfsense/commit/ae6c69833f34d8f14b1c6a9508126905328340bc Chris Linstruth

04:42 PM Bug #3124: portal_reply_page called twice in specific circumstance

Candidate patch here:
https://github.com/derelict-pf/pfsense/commit/4fd56afe541a0a350dfe52b20521a551edd9f276 Chris Linstruth

11:35 AM Feature #3387 (New): process_alias_urltable Frequency

Currently the urltable design only allows for updates on a daily interval and is processed via crontab every 12 hours... Shawn Bruce

10:10 AM Feature #2847 (Feedback): Add a checkbox to flag a gateway as "down"

Applied in changeset commit:81f1947666ebbe19f1f6579a1e5293c42c6d1c04. Renato Botelho

09:13 AM Bug #3386 (Closed): apinger not picking up 2nd OpenVPN tunnel

Ermal Luçi

01/05/2014

08:54 AM Bug #3386: apinger not picking up 2nd OpenVPN tunnel

I did another reboot and now it worked. You can close this issue (did not find button to close it myself). Schlomo Schapiro

08:48 AM Bug #3386 (Closed): apinger not picking up 2nd OpenVPN tunnel

When adding a 2nd OpenVPN tunnel (client side, shared key static setup) and the corresponding Interface and Gateway i... Schlomo Schapiro

01/04/2014

10:32 PM Bug #2800: OpenVPN doesn't work properly with intermediate/chained CAs

After I posted the above, I have a new idea.
I just copied the Root CA certificate to the Intermediate CA's certif... Tim Lau

10:18 PM Bug #2800: OpenVPN doesn't work properly with intermediate/chained CAs

I am hit with the same bug.
Also, if you set the Peer Certificate Authority to the Root CA, 2 things happen:
1.... Tim Lau

02:49 PM Feature #3385: Accommodate static routes for PPTP connections

correction :
When the VPN reconnects, the static route is not reinstated and must be re-instated to bring the rou... James Mills

02:47 PM Feature #3385 (Closed): Accommodate static routes for PPTP connections

Creating a static route on the pfSense box allows routing from the 10.20.2.0 network back across the (pptp) vpn to th... James Mills

07:00 AM Bug #3384 (Resolved): NTPd should deny service if the packet spacing violates the lower limits specified in the discard command (CVE-2013-5211)

ntp.conf(5):
limited
Deny service if the packet spacing violates the lower limits specified
in ... Jeroen Roovers

04:29 AM Bug #3383 (Resolved): Web GUI becomes slow or unusable if the LDAP server used for GUI auth is unreachable

Hy,
This one have been difficult to find.
I set up a ldap server in user manager through the web gui. Everything ... Florent THOMAS

01/03/2014

03:38 PM Bug #2650: FTP helper breaks TCP sequence numbers on 2nd WAN

I've also run into this problem. I didn't want it to get so buried in the pile that it never got looked at again. Rene Churchill

11:21 AM Bug #3382 (New): IGMPPROXY fails with more than 32 interfaces

Hi,
I have a problem with the igmpproxy:
I am using pfSense in an enviroment of round about 120 users, and every ... Thomas Levi

01/02/2014

09:54 PM Bug #3381: LAN interface root Queue Bandwidth calculation is exactly double the total of the other child queues

Further to this, the " Borrow from other queues when available" doesn't work when you go 1 level deeper than the root... Ignat Esso

08:25 PM Bug #3381: LAN interface root Queue Bandwidth calculation is exactly double the total of the other child queues

FYI - The WAN interface seems to be 100% correct all the time. Ignat Esso

08:25 PM Bug #3381 (Resolved): LAN interface root Queue Bandwidth calculation is exactly double the total of the other child queues

LAN interface root Queue Bandwidth calculation is exactly double the total of the other child queues. This looks to b... Ignat Esso

03:25 PM pfSense Packages Bug #3380 (Not a Bug): FreeRadius-User-Option "Expiration Date" kills the FreeRadius-Server

Hi,
after adding an User-Expiration-Option to an user of FreeRadius Service, radius tries to restart but breaks:
... Thomas Levi

12/31/2013

09:52 AM Feature #3377: OAuth2 authentication in captive portal

Sure go ahead. Ermal Luçi

04:56 AM Feature #3377 (New): OAuth2 authentication in captive portal

In Captive Portal we have native, ldap and radius authentication. Today, a lot of authentication systems provide OAut... Thomas NOEL

12/30/2013

03:30 AM Bug #3376: Alias Edit does not display correctly

Applied in changeset commit:44b72c67ec3331ecd3a6430697ad47dbeac7c450. Phillip Davis

02:10 AM Bug #3376 (Feedback): Alias Edit does not display correctly

Applied in changeset commit:1b9ab14ad23e1f66a11801fbe7a24423ab8529a0. Phillip Davis

12/29/2013

08:13 AM Bug #3376: Alias Edit does not display correctly

I have no idea what I am doing with the jQuery stuff, but I pulled out some "^" marks in pull request https://github.... Phillip Davis

07:54 AM Bug #3376 (Resolved): Alias Edit does not display correctly

I had a 2.1-RELEASE system and GitSync'd to the 2.1 release branch. I was using Alias Bulk Import, but then also real... Phillip Davis

12/27/2013

09:11 AM Bug #2514: static routes for monitor IPs should be removed

There was an attempt to remove it in the past but seems it had side-effects (see ticket #3179 and commit:32a9eb1873).... Renato Botelho

05:05 AM pfSense Packages Bug #3375 (Closed): BIND, ACLs: Incorrect code is being generated for empty range ACL.

BIND 9.9.4 pkg v 0.3.2;
Steps to reproduce:
1. Create an ACL "Test";
2. Follow the advise and leave "Enter IP ..... Dmitriy K

04:58 AM Bug #3374: Firewall logs shows incorrect rules

I see. Pretty understandable reason.
Basically speaking, if my pfsense box will go berserk with "reload fw filter"... Dmitriy K

02:06 AM Bug #3353: Changing IPv6 from None to DHCP6 or vice-versa causes a panic+reboot

This is probably related to an issue fixed in head of pf and probably the MFC is missed.
Not related to the previous... Ermal Luçi

12/26/2013

03:45 PM Bug #3321: IPSEC failure on modem reset, automatic reconnection is broken, must manually restart racoon service

Same problem here with pfsense 2.1 and cisco router with IOS 12.4(15)T15 as remote endpoint.
IPSEC tunnel doesn't co... Francesco Lotti

12:11 PM Bug #3353 (New): Changing IPv6 from None to DHCP6 or vice-versa causes a panic+reboot

This still happens on a current build. Jim Pingle

12:10 PM Bug #3354 (Feedback): Savecore error during bootup

Applied in changeset commit:3f248cb65a25189f7cff8f6ad4321998caaab073. Renato Botelho

12/24/2013

09:30 AM Bug #3374 (Rejected): Firewall logs shows incorrect rules

It isn't random, it's just using what it knew at the time.
The rules are matched using what is recorded in the act... Jim Pingle

04:59 AM Bug #3374 (Rejected): Firewall logs shows incorrect rules

Over time, Firewall log is going crazy and picking random rule to show.
Reason to this bug is unknown to me. Dmitriy K

12/23/2013

05:44 PM Feature #972: Allow adding gateways outside of interface subnet

What would be the "correct" way to make this survive reboots, please? Dan F

06:34 AM Feature #972: Allow adding gateways outside of interface subnet

because accommodating 1 in 100,000 scenarios isn't a priority, especially when there is an easy manual work around. P... Chris Buechler

10:40 AM Bug #3364: DHCPv6 "Deny unknown clients" does not work

Applied in changeset commit:f2aa8287545d45ed22c44b5e2c102fb7a22658b0. Renato Botelho

10:40 AM Bug #3364 (Feedback): DHCPv6 "Deny unknown clients" does not work

Applied in changeset commit:079c2927622510cf34b3ccc225b9193143534c76. Renato Botelho

12/22/2013

02:39 PM Feature #972: Allow adding gateways outside of interface subnet

Three years and counting... How is this still not implemented / patched?
Oliver K.

12:20 PM Feature #3199: Option to accumulate or not IP addresses in Alias table of FQDNs

Normally this will be fixed when filterdns supports reloading with TTL of the DNS record.
This will come soon. Ermal Luçi

01:28 AM Bug #3373: Sun Quad fast Ethernet ports constantly resetting

I'm guessing it may be fixed already in FreeBSD 10, in which case there isn't anything that needs to be done for 2.2.... Chris Buechler

12/21/2013

10:33 PM Bug #3373: Sun Quad fast Ethernet ports constantly resetting

This driver has worked in all previous versions. There are hundreds of units in operations now with this hardware in ... Charlie Singleton

09:09 PM Bug #3373 (Rejected): Sun Quad fast Ethernet ports constantly resetting

we don't control or develop drivers.
https://doc.pfsense.org/index.php/Policy_on_FreeBSD_issues Chris Buechler

11:11 AM Bug #3373 (Rejected): Sun Quad fast Ethernet ports constantly resetting

Using the hme driver in version 2.1 with part# 501-5406-07 Sun Quad Fast Ethernet PCI card. Once configured, the por... Charlie Singleton

12/20/2013

03:14 AM Bug #3372 (Rejected): Router advertisements originating from VLANs not forwarded correctly

this isn't true, RAs on VLANs are widely used with no issues. Tagging VLAN 1 is generally a bad idea, I suspect your ... Chris Buechler