Activity

30 days up to

User

Subprojects

Activity

From 10/18/2014 to 11/16/2014

11/16/2014

10:29 PM Bug #3361: DHCP6 WAN is not obtaining a default gateway: JimP: you have a way to at least semi-reliably replicate this on current versions? I've been trying a variety of scen... Chris Buechler
10:09 PM Revision 1deb0924: add the last few missed files to obsoletedfiles list. Ticket #3970: Chris Buechler
09:58 PM Revision 9e7e2c94: Properly handle CARP IP binding in dnsmasq post-changes for FreeBSD 10.x CARP. Ticket #4012: Chris Buechler
08:11 PM Revision 11fb4543: show tunnelv4 on v4 the same way tunnelv6 is shown on v6: Chris Buechler
08:09 PM Revision bac17444: show tunnelv4 on v4 the same way tunnelv6 is shown on v6: Chris Buechler
04:23 PM Bug #3966 (Resolved): OpenVPN crashes with AES-NI + AES-CBC: fixed Chris Buechler
04:05 PM Bug #4015 (Confirmed): IKE version change needs javascript to update other available fields: Chris Buechler
03:54 PM Bug #4015 (Resolved): IKE version change needs javascript to update other available fields: Some settings in IPsec are only relevant to IKEv1 or IKEv2, not both. Need some javascript to hide irrelevant setting... Chris Buechler
04:04 PM Bug #3970 (Resolved): some files not removed on upgrade to 2.2: I added the last few missing ones, this is good now. Chris Buechler
03:57 PM Bug #4012 (Resolved): dnsmasq doesn't listen on chosen CARP IPs: fixed Chris Buechler
03:14 PM Bug #3998 (Resolved): Duplicated limiter numbers: fixed Chris Buechler
03:12 PM Bug #3789 (Resolved): rc.update_bogons.sh and login shell ignore http proxy settings: fixed Chris Buechler
09:21 AM Revision 67be8c3d: Sorted the provider names alphabetically: Dustin Dembeck
09:13 AM Revision 984abd66: Handle reverse-lookup zones for unbound: By default unbound returns nothing for private reverse lookups. Here is some information about that from https://www.... Phil Davis
07:18 AM Revision 4e82cebf: Don't show a big red "alarm"-looking message on every visit to the DHCP/DHCPv6 Server pages. Confuses people in that context, and it's not something that justifies highlighting in such a fashion. Move the message to show when you have no eligible interfaces.: Chris Buechler
06:05 AM Revision f2b4a29b: Don't try to clear states to gateway, all that does is wipe the entire state table unnecessarily. rc.newwanip takes care of killing states appropriately as needed when an IP changes.: Chris Buechler
05:37 AM Revision 9a25a85d: show user that something is actually happening when they choose php-fpm_restart: Chris Buechler
05:12 AM Revision b026cb18: Use appropriate size for the interface selects. Ticket #3989. clean up some text while here: Chris Buechler
03:21 AM Bug #4014: Unbound private reverse lookup domain overrides not working: Pull request added: https://github.com/pfsense/pfsense/pull/1340
And attached is a sample of the GUI entry for a rev... Phillip Davis
03:16 AM Bug #4014 (Resolved): Unbound private reverse lookup domain overrides not working: If I add a domain override for reverse lookups in some private address space, unbound never returns answers to any re... Phillip Davis
12:40 AM Revision b5acc797: fix Unbound Advanced options: Chris Buechler
12:16 AM Revision 88a0937d: if unbound is enabled, assign interface IP as DNS, same behavior as dnsmasq: Chris Buechler

11/15/2014

11:08 PM Bug #3989 (Resolved): DNS Resolver interface drop downs need enlarged: fixed Chris Buechler
07:07 PM Todo #3396: Replace dnsmasq with Unbound: I fixed some of what you noted, some has other tickets. What this ticket covers is resolved. Please post any issues y... Chris Buechler
05:33 AM Todo #3396: Replace dnsmasq with Unbound: 2.2-BETA (amd64) - built on Sat Nov 15 01:14:19 CST 2014
Host Overrides dose't work properly. Only the top one seems... Raul Ramos
05:23 AM Todo #3396: Replace dnsmasq with Unbound: 2.2-BETA (amd64) - built on Sat Nov 15 01:14:19 CST 2014
Pfsense is not the default DNS service. Do not use the DNS ... Raul Ramos
02:21 PM Revision a0f9f9f7: Changes in the test page of user manager: Silvio Aparecido Silva
11:51 AM Bug #3913: if_bridge missing ALTQ support: Will do so once i can isolate better the problem.
Thanks. Orsiris de Jong
07:36 AM Bug #4013 (Resolved): DHCP6 static bindings not included in /var/unbound/host_entries.conf: /var/unbound/host_entries.conf contains only IPv4, no IPv6 entries.
On the latest snapshot unbound restart shows t... pierre gleich
07:27 AM Revision 0c50e94b: fix missing strpos parameter: Chris Buechler
01:07 AM Bug #2882: 6RD not working in latest snapshots: Got a good deal of info gathered from OP's system, both from 2.2, and from a 2012 2.1 snapshot where 6rd works fine. ... Chris Buechler

11/14/2014

11:12 PM Revision 63d129cc: 6RD Rapid Deployment is akin to ATM Machine, PIN Number, ... read: it's redundant. let's just call it 6RD Configuration.: Chris Buechler
11:07 PM Todo #3396 (Resolved): Replace dnsmasq with Unbound: this particular todo is complete. There are some outstanding Unbound bugs, covered in other tickets. Chris Buechler
01:42 AM Todo #3396 (Feedback): Replace dnsmasq with Unbound: default config updated. Needs more testing and feedback. Chris Buechler
10:45 PM pfSense Packages Bug #3977: Squid-dev 3.3.11_1 pkg installs but does not start on 2-2-BETA: Also, this bug affects my x64 box, so it is not just i386/x86 affected. Aaron Outhier
09:21 PM Bug #2882 (Confirmed): 6RD not working in latest snapshots: the kernel portion of this seems to be working fine in 2.2. There is an issue with the delegated prefix handling that... Chris Buechler
07:28 PM Bug #4012 (Resolved): dnsmasq doesn't listen on chosen CARP IPs: When configuring dnsmasq with specific bind IPs and choosing CARP IPs in the list, it doesn't actually bind to the CA... Chris Buechler
02:10 PM Bug #3955: IPsec dashboard widget needs adapting for 2.2: there is something here that makes the status inconsistent from time to time. Seeing it on multiple systems. Status>I... Chris Buechler
11:51 AM Revision 4dbcf2fb: Make sure dhcpleases use correct pid file for dnsmasq or unbound. Fixes #4008: Renato Botelho
11:41 AM Bug #4007: "Last activity" in CP status blank: Looks like it's a problem on ipfw patch:... Renato Botelho
10:31 AM Bug #4007 (Confirmed): "Last activity" in CP status blank: Yeah, that was with the most recent gitsynced code as of last night. The rest of those fixes were fine, this one didn... Chris Buechler
03:50 AM Bug #4007 (Feedback): "Last activity" in CP status blank: Did you try latest snapshots? I pushed a fix for this yesterday, commit commit:27c2e32e Renato Botelho
10:06 AM Bug #4009: Selecting "Embedded" during install does not activate the serial console in a persistent way on amd64: It's a regression. In previous versions with the embedded kernel you could not stop the serial console from working s... Jim Pingle
09:53 AM Bug #4009: Selecting "Embedded" during install does not activate the serial console in a persistent way on amd64: Why is this the fault of pfSense? Ermal Luçi
08:07 AM Bug #4009 (Resolved): Selecting "Embedded" during install does not activate the serial console in a persistent way on amd64: Selecting "Embedded" during install does not activate the serial console in a persistent way on amd64 now that there ... Jim Pingle
10:00 AM Bug #4011 (Resolved): Integration between unbound and dhcp is not working: dhcpleases write leases information to /etc/hosts, but unbound never uses data from it. Renato Botelho
09:51 AM Revision 9612943e: Obsolete a lot of files forgotten during all last pfSense versions. It fixes #3970: Renato Botelho
09:46 AM Revision e09797b0: Deal correct with filenames with spaces: Renato Botelho
09:46 AM Revision cc814aef: Make it possible to remove a directory on obsoletedfiles: Renato Botelho
09:46 AM Revision e0141b7a: sort obsoletedfiles: Renato Botelho
08:11 AM Bug #3966: OpenVPN crashes with AES-NI + AES-CBC: Also submitted to FreeBSD ports tree, if accepted, pfPort can be removed - https://bugs.freebsd.org/bugzilla/show_bug... Renato Botelho
07:27 AM Bug #3966: OpenVPN crashes with AES-NI + AES-CBC: Patch integrated on pfPorts and can be tested on next coming snapshots.
Also reported on https://community.openvpn... Ermal Luçi
05:40 AM Bug #3966 (Feedback): OpenVPN crashes with AES-NI + AES-CBC: The issue seems to be that openvpn setups the crypto before forking.
This makes crypto device unhappy in general and... Ermal Luçi
08:07 AM Feature #4010 (New): OpenVPN always loads engines available on openssl: OpenVPN uses EVP API and always loads all available engines and tries to use them.
In the case of aesni for AES* the... Ermal Luçi
08:07 AM Bug #3982: Installer generates errors when selecting "Embedded" but still appears to work: The error is fixed but the console problem I mentioned above is still an issue. I moved it to #4009 Jim Pingle
12:33 AM Bug #3982 (Resolved): Installer generates errors when selecting "Embedded" but still appears to work: fixed Chris Buechler
07:43 AM Revision e2accfac: Update default config.xml for 2.2. Disable dnsmasq, enable Unbound. Remove: outdated comments that used to sort of document the config file, but had
been neglected for quite some time and aren'... Chris Buechler
06:00 AM Bug #4008 (Feedback): dhcpleases doesn't restart when change from/to dnsmasq and unbound: Applied in changeset commit:4dbcf2fbcea9cfe2166c958d3872e3a7353e3c5c. Renato Botelho
05:28 AM Bug #4008 (Resolved): dhcpleases doesn't restart when change from/to dnsmasq and unbound: Steps to reproduce:
1. Configure DNS Forwarder
2. Configure DHCP server
dhcpleases is going to use '-p /var/ru... Renato Botelho
04:00 AM Bug #3970 (Feedback): some files not removed on upgrade to 2.2: Applied in changeset commit:9612943eaa3c6ef427ea4414f7c32dc2b326dd55. Renato Botelho
01:25 AM Bug #3970: some files not removed on upgrade to 2.2: also remember to add the obsolete openntpd files JimP mentioned. Chris Buechler
02:04 AM Bug #3939 (Resolved): Cannot create Host or Network type alias with an IP address/range: fixed Chris Buechler
01:22 AM Bug #4003 (Resolved): SSH host keys regenerated post-2.2 upgrade: fixed Chris Buechler

11/09/2014

09:26 PM Bug #3998: Duplicated limiter numbers: On 2.2 I tried adding a few limiters and children and then deleting ones in the middle of the list... It seems that c... Phillip Davis
02:43 PM Bug #3998 (Resolved): Duplicated limiter numbers: I’ve 19 limiters (number 1 to 20, expect 13)
If I add a new one, he gets an already occupied number, 15. After that ... Reto Strub
03:08 PM Bug #1943: PPPoE won't reconnect after link loss when using vr(4) NICs on certain ISPs only: The bug is still here. Fresh log attached. Dmitriy K
02:20 PM Feature #2129: TCP mss clamping for IPv6: Ok, so people understand better that the input value is not taken as input value but subtracted by some (incorrect) n... Doktor Notor
11:17 AM Bug #3970: some files not removed on upgrade to 2.2: I noticed that list takes only files currently, some of those would be easier to just rm -rf a directory instead of a... Chris Buechler
07:40 AM Bug #3970 (Assigned): some files not removed on upgrade to 2.2: I was working on a similar list but only for a 2.1.5 fresh install against 2.2. Your test is better and I'll check th... Renato Botelho
07:47 AM Bug #3982: Installer generates errors when selecting "Embedded" but still appears to work: ttys_wrap file was removed on 2.2, but is still necessary o 2.1. Would be better if installer guess pfSense version b... Renato Botelho

11/08/2014

10:09 PM Bug #3970 (Confirmed): some files not removed on upgrade to 2.2: I did a clean install of 1.0.1-REL, then upgraded that to 1.2, 1.2.1, 1.2.2, 1.2.3, 2.0, 2.0.1, 2.0.2, 2.0.3, 2.1, 2.... Chris Buechler
03:04 PM Feature #2129 (Resolved): TCP mss clamping for IPv6: MTU in RA and properly-functioning PMTUD do indeed make it questionable as to whether it's necessary. But MSS clampin... Chris Buechler
07:38 AM Feature #2129: TCP mss clamping for IPv6: Chris Buechler wrote:
> questionable whether this is necessary. Definitely not a priority for 2.2
If you question... Doktor Notor
09:30 AM Bug #3982 (Feedback): Installer generates errors when selecting "Embedded" but still appears to work: Solution put in place for having this working on 2.2 and 64bit installer. Ermal Luçi
06:06 AM Bug #3939 (Feedback): Cannot create Host or Network type alias with an IP address/range: New snapshots will contain last filterdns code Renato Botelho

11/07/2014

11:17 PM Bug #3760 (Resolved): reply-to with TCP and IPv6 generates broken checksums: confirmed working, looks good Chris Buechler
01:48 PM Bug #3760 (Feedback): reply-to with TCP and IPv6 generates broken checksums: Reput back with proper building on snapshots. Ermal Luçi
11:14 PM Bug #3957 (Closed): 2.2 tap missing ALTQ: tun was the potentially problematic one. tap has never had ALTQ and probably isn't sensible to use in the shaper anyway. Chris Buechler
11:08 PM Bug #3913 (Resolved): if_bridge missing ALTQ support: fixed Chris Buechler
01:38 PM Bug #3913 (Feedback): if_bridge missing ALTQ support: It works for me but there were some patches accidentally removed from builds which have been put back. Ermal Luçi
11:02 PM Bug #3995 (Resolved): Site-to-site VPN not working on IKEv2: fixed Chris Buechler
12:30 PM Bug #3995: Site-to-site VPN not working on IKEv2: Applied in changeset commit:80be089f050f0f27398a2f35ff5d48f43c7cfa3f. Ermal Luçi
12:23 PM Bug #3995 (Feedback): Site-to-site VPN not working on IKEv2: Rightsourceip was being set on site-to-site/peer-to-peer configs which is wrong. Ermal Luçi
01:09 AM Bug #3995: Site-to-site VPN not working on IKEv2: I don't know the cause, but it seems most likely to be when we bumped to strongswan 5.2.1 last week. There was a patc... Chris Buechler
01:01 AM Bug #3995 (Resolved): Site-to-site VPN not working on IKEv2: Sometime in the recent past, AES-GCM has stopped working. To replicate, just setup a site to site IPsec VPN using AES... Chris Buechler
10:38 PM Bug #3979: 2.2 IPsec NAT-T / MOBIKE IKEv2 control: really needs some javascript to remove NAT-T option where IKEv2 is selected and replace with MOBIKE control. No longe... Chris Buechler
11:06 AM Bug #3979: 2.2 IPsec NAT-T / MOBIKE IKEv2 control: I'll finish this. Chris Buechler
10:32 PM Bug #2495 (Closed): pfsense doesn't seem to know what its WAN IP is: root issue is #3997, closing this in favor of that. Chris Buechler
10:31 PM Bug #3811 (Closed): IP aliases on CARP w/IPsec getting mixed up on addition of a new VLAN.: root issue is #3997, closing this in favor of that. Chris Buechler
10:31 PM Bug #3997 (Resolved): get_interface_ip() returns first IP on interface, not necessarily primary IP: In some circumstances, IPs can be added/removed from an interface in such ways that an interface's primary IP is no l... Chris Buechler
10:10 PM Bug #3996 (Needs Patch): Solarflare NIC panic with LACP: Up to and including 2.2 are affected by the bug described here.
https://bugs.freenas.org/issues/4803
There is a ... Chris Buechler
06:28 PM Revision 80be089f: Fixes #3995. Do not set rightsourceip on site-to-site VPNs but only on mobile users ones otherwise nothing works.: Ermal LUÇI
04:04 PM Bug #3970: some files not removed on upgrade to 2.2: confirmed that works now. Need to do more testing to ensure the obsoletedfiles list is complete. Chris Buechler
02:25 PM Bug #3981: strongswan "gets crazy" after a few reloads, wipes SAD and doesn't remove old SPD: One way to replicate is changing the P2 local and/or remote subnet on a functional site to site VPN. Check SAD and SP... Chris Buechler
12:37 PM Bug #3981 (Feedback): strongswan "gets crazy" after a few reloads, wipes SAD and doesn't remove old SPD: I cannot reproduce it on my side but for sure it was reloading secrets/crl/ca/cert's but was not realoding the config... Ermal Luçi
01:41 PM Bug #3939 (Assigned): Cannot create Host or Network type alias with an IP address/range: Ermal pointed that the function I disabled is needed in some specific cases. I'm reviewing Renato Botelho
01:37 PM Revision 20a95904: Make ipsec_starter log go to ipsec.log rather than system one: Ermal LUÇI
01:34 PM Bug #3987 (Confirmed): not possible to have both IKEv1 and IKEv2 mobile P1s: some limitations in strongswan that might make this difficult, as well as GUI design issues. Probably postpone the fu... Chris Buechler
01:14 PM Revision e82a1d11: Reload also the configuration not only the secrets before trying to apply existing configuration. Ticket #3981: Ermal LUÇI
12:38 PM Bug #3982: Installer generates errors when selecting "Embedded" but still appears to work: Isn;t memstick just a loader.conf option kernel rather than else on amd64? Ermal Luçi
07:01 AM Bug #3982: Installer generates errors when selecting "Embedded" but still appears to work: Even with only one kernel a choice must still be made about the console, so changing this screen into a console selec... Jim Pingle
03:45 AM Bug #3982: Installer generates errors when selecting "Embedded" but still appears to work: The issue here is that the amd64 builds do not have anymore the wrap kernels.
Only i386 has this type of kernel.
... Ermal Luçi
12:10 PM pfSense Packages Bug #3994: sudo package not working on 2.2: I added my workaround mentioned above for now. The other issue needs verified to ensure there isn't a larger problem ... Jim Pingle
12:05 PM pfSense Packages Bug #3994: sudo package not working on 2.2: The latest sudo 0.2.3 works for me, both on a production 2.1.5 system and a test 2.2 system. Phillip Davis
08:24 AM pfSense Packages Bug #3994: sudo package not working on 2.2: The binary is looking for its files in /usr/local/ when they live in the PBI dir /usr/pbi/sudo-<arch>/local/
I can... Jim Pingle
05:59 AM pfSense Packages Bug #3994: sudo package not working on 2.2: Indeed, same for me. I should really have been using some security on test systems rather than just the root/admin ac... Phillip Davis
12:37 AM pfSense Packages Bug #3994 (Resolved): sudo package not working on 2.2: With a completely default config, when trying to use sudo, you just get: ... Chris Buechler
11:37 AM pfSense Packages Bug #2992: Boot problem after upgrade: Hello,
New 2.1.4 install here, then upgraded to 2.1.5.
I then installed bandwidthd and just had the no boot iss... System IT
05:19 AM Revision bcb83c9e: Reintroduce graphcounter var to traffic_graphs.widget.php: This counter got lost in commit https://github.com/pfsense/pfsense/commit/ee965a5c7bf37b852795e1201688e3b20bf3d8d1
Bu... Phil Davis
04:11 AM Revision a8380480: fix text: Chris Buechler
04:09 AM Revision 6859f881: show interface name, not identifier: Chris Buechler
04:03 AM Revision d3d23754: fix text, PPPoE Server, not VPN: Chris Buechler
03:53 AM Bug #3941: adding a DHCP client interface results in missing default gateway on 2.2: I'll take it. Renato Botelho
03:11 AM Bug #3960 (Closed): deleting or changing phase 2 doesn't remove former P2: Ticket #3981 is the root cause Renato Botelho
02:19 AM Revision 7bd413eb: add a route debug option to log info about route commands executed (where those aren't already logged) to help with troubleshooting various routing scenarios.: Chris Buechler

11/06/2014

11:16 PM Revision 708af634: remove unnecessary is_array check, thanks Renato: Chris Buechler
10:36 PM Revision 6c3be365: Don't allow P2 local+remote network combinations that overlap with: interface+remote-gateway of the P1. Fixes #3812 Chris Buechler
07:24 PM Bug #3980 (Resolved): wrong static routes added for remote P2 subnets: fixed Chris Buechler
12:44 PM Bug #3980 (Feedback): wrong static routes added for remote P2 subnets: looks to be fixed, leaving for further confirmation Chris Buechler
12:00 PM Bug #3980 (Confirmed): wrong static routes added for remote P2 subnets: actually it's strongswan itself doing this, looking at where/why. Chris Buechler
07:23 PM Bug #3812 (Resolved): IPSec validation should prevent phase2 policies(subnets) to include remote peer on it: this is good Chris Buechler
04:50 PM Bug #3812: IPSec validation should prevent phase2 policies(subnets) to include remote peer on it: Applied in changeset commit:6c3be3650008801aaa1579dca67b0588c04b8e18. Chris Buechler
04:33 PM Bug #3812 (Feedback): IPSec validation should prevent phase2 policies(subnets) to include remote peer on it: fix pushed and tested, leaving for further testing and confirmation. The check only prevents P2s where the local+remo... Chris Buechler
06:49 PM Revision dbb95f38: set install_routes=no for charon to avoid the issues noted in ticket: Chris Buechler
06:38 PM Revision 27c2e32e: Pass zone id to pfSense_ipfw_getTablestats(), should fix #3990: Renato Botelho
01:54 PM Revision 118218cb: Make sure target has scope when it's a link-local. Fixes #3969: Renato Botelho
01:40 PM Revision 049c74ec: Check if array is set: Renato Botelho
01:07 PM Revision 10435fa9: Merge pull request #1330 from phil-davis/patch-1: Jim Pingle
12:56 PM Bug #3990 (Resolved): pfSense_ipfw_getTablestats issue: confirmed fixed, though last activity is blank, that's a separate issue I'll check into further and open its own tick... Chris Buechler
12:50 PM Bug #3990 (Feedback): pfSense_ipfw_getTablestats issue: Applied in changeset commit:27c2e32e28f871adf036b666e8e3ae1bf54ea7a2. Renato Botelho
12:49 PM Bug #3981 (Confirmed): strongswan "gets crazy" after a few reloads, wipes SAD and doesn't remove old SPD: Actually this is hit and miss, but it's the same root issue as #3960 it appears. Changed subject to the best descript... Chris Buechler
10:54 AM Bug #3981 (Resolved): strongswan "gets crazy" after a few reloads, wipes SAD and doesn't remove old SPD: something was fixed that resolved this Chris Buechler
12:42 PM Bug #3993: 2.2 memstick installer kernel selection is broken: Matt, you're welcome to pick up #3982, no one's working on that yet. Just assign it to yourself and set to assigned s... Chris Buechler
11:27 AM Bug #3993 (Rejected): 2.2 memstick installer kernel selection is broken: Duplicate of #3982 Jim Pingle
10:12 AM Bug #3993 (Rejected): 2.2 memstick installer kernel selection is broken: In the serial memstick image for 2.2, if you select 'Easy Install' and allow the system to install, you are prompted ... Matthew Smith
11:33 AM Bug #3982: Installer generates errors when selecting "Embedded" but still appears to work: An additional note after talking to Renato earlier and doing some research:
The serial console worked for me becau... Jim Pingle
11:30 AM Bug #3982 (Confirmed): Installer generates errors when selecting "Embedded" but still appears to work: Chris Buechler
11:32 AM Bug #3939 (Resolved): Cannot create Host or Network type alias with an IP address/range: works Chris Buechler
11:11 AM Bug #3960: deleting or changing phase 2 doesn't remove former P2: it's not consistent every time it appears, but it is replicable after discussing and trying further with Renato. Chris Buechler
04:00 AM Bug #3960: deleting or changing phase 2 doesn't remove former P2: Chris Buechler wrote:
> I confirmed it again on the most recent snapshot. In addition to changing it not removing, d... Renato Botelho
10:30 AM Revision 3f6525c1: Make sure srcip has scope when it's link-local. Should fix #3969: Renato Botelho
09:57 AM Revision e7752fc4: Remove extra ; and space: Renato Botelho
09:57 AM Revision e7a00514: Process obsolete files in shell script instead of php: Renato Botelho
09:57 AM Revision 48f77cef: Simplify post_upgrade_command logic and obsolete /usr/local/sbin/cvs_sync.sh instead of removing it on post_upgrade_command: Renato Botelho
09:40 AM Bug #3992 (Resolved): The password confirmation field is not properly formatted at VPN: L2TP: User: Add/Edit: At VPN: L2TP: User: Add/Edit the password confirmation field is longer than the password field.
Also the small "lo... Benedikt N.
09:29 AM Revision a68c6785: Fix to SMART disk matching: preg_match returns 0 when the string does not match the regex.
0 does not "===" FALSE
So this check is not always wor... Phil Davis
08:57 AM Bug #3991: /etc MFS on 2.2 Netgate build memstick image runs out of space: modified pfsense-tools/builder_scripts/scripts/rc.d/etcmfs to set default size to 20m
Matthew Smith
08:32 AM Bug #3991 (Resolved): /etc MFS on 2.2 Netgate build memstick image runs out of space: The /etc MFS on a 2.2 memstick image of the Netgate build is allocated with 10 MB of space. The files that get copied... Matthew Smith
08:31 AM Bug #3969 (Resolved): apinger configuration for DHCPv6 gateway is missing interface scope on source IP and target: Looks good now, gateway shows online at boot time and still shows online across several reboots. Thanks! Jim Pingle
08:00 AM Bug #3969 (Feedback): apinger configuration for DHCPv6 gateway is missing interface scope on source IP and target: Applied in changeset commit:118218cb69b1a8cea2f5915e4c81537b51462c34. Renato Botelho
07:40 AM Bug #3969 (Confirmed): apinger configuration for DHCPv6 gateway is missing interface scope on source IP and target: Source IP is scoped now but it still is not showing "online" - In my testing from earlier it looks like the target ne... Jim Pingle
04:30 AM Bug #3969 (Feedback): apinger configuration for DHCPv6 gateway is missing interface scope on source IP and target: Applied in changeset commit:3f6525c1ab0fd3f704ab8e23f935c475c3cbd16c. Renato Botelho
07:37 AM Bug #3970 (Feedback): some files not removed on upgrade to 2.2: Please try new snapshots, after move part of the logic to shell script it passed on all my tests Renato Botelho
04:58 AM Revision a012464e: fix captive portal status page display: Chris Buechler
04:45 AM Revision bb18cfcb: fix up text: Chris Buechler
02:45 AM Revision e8fa9843: Pass friendlyifname to handle_argument_group, not realifname. Fixes #3984. clean up some text while here.: Chris Buechler
01:47 AM Revision e55e4b74: isset($_GET) seems to always evaluate to true, use something more specific. Fixes use of rc.linkup when run from CLI. Others likely fix similar circumstances, though maybe not ones that are used anywhere.: Chris Buechler
01:33 AM Revision c75e8aed: Disable delete_old_states in dhclient-script. rc.newwanip handles this correctly in 2.2, and this killed states in multiple circumstances where that isn't necessary nor desirable.: Chris Buechler

11/05/2014

11:37 PM Bug #3941: adding a DHCP client interface results in missing default gateway on 2.2: the fix earlier in rc.linkup didn't have any effect here. Dug through this more tonight. Best I can definitively say ... Chris Buechler
11:18 PM Revision 9aec47b7: don't duplicate $message in CP log entries: Chris Buechler
10:45 PM Bug #3990 (Resolved): pfSense_ipfw_getTablestats issue: When clicking "Show last activity" on status_captiveportal.php (for instance, probably a problem elsewhere as well), ... Chris Buechler
10:01 PM Bug #3989 (Resolved): DNS Resolver interface drop downs need enlarged: The "Network Interfaces" and "Outgoing Network Interfaces" selection boxes need to be enlarged or made variable to th... Bill Crowder
08:40 PM Bug #3984 (Resolved): system booted with DHCP client NIC unplugged never kicks off dhclient: fixed Chris Buechler
06:56 PM Bug #3984: system booted with DHCP client NIC unplugged never kicks off dhclient: looks like check_reload_status is doing the right thing, rc.linkup seems to be where the issue is. Chris Buechler
05:31 PM Revision d9b05eb4: When an alias contain hosts, add IPs and networks to filterdns too, otherwise you end up with a pre-defined and non-persistent table. Fixes #3939: Renato Botelho
05:27 PM Bug #3760 (Confirmed): reply-to with TCP and IPv6 generates broken checksums: that change made kernel builds fail and was reverted. Chris Buechler
05:26 PM Bug #3938 (Resolved): Captive Portal PHP Error at bootup on current snapshots: fixed Chris Buechler
05:25 PM Bug #3970: some files not removed on upgrade to 2.2: Renato found solution today, implementing tomorrow morning. Chris Buechler
11:54 AM Bug #3939: Cannot create Host or Network type alias with an IP address/range: to me for testing Chris Buechler
11:50 AM Bug #3939: Cannot create Host or Network type alias with an IP address/range: Applied in changeset commit:d9b05eb490ab4d31a132c3e993bd560933eadd8c. Renato Botelho
11:06 AM Bug #3939 (Feedback): Cannot create Host or Network type alias with an IP address/range: Please try next snapshots Renato Botelho
10:23 AM Bug #3842: Verdana font from the Linux package ttf-mscorefonts-installer causes rendering issues with pfSense WebGUI: Hello!
I don't have Verdana or Tahoma fonts installed. I also don't have ttf-mscorefonts-installer package install... Ivo B
09:12 AM Revision fcfa23da: Merge pull request #1319 from phil-davis/patch-1: Renato Botelho
09:07 AM Revision 87d4456c: Merge pull request #1323 from derelict-pf/master: Renato Botelho
09:06 AM Revision 5940e655: Merge pull request #1326 from phil-davis/patch-5: Renato Botelho
09:06 AM Revision 798d8644: Fix obviously broken test in rc.initial.setlanip: IMO might as well back-port any obviously wrong code to 2.1 branch, just in case anybody on 2.1.n cares for it or the... Phil Davis
09:05 AM Revision f81011ea: Merge pull request #1320 from phil-davis/patch-2: Renato Botelho
08:31 AM Bug #3988 (Rejected): menu text shifted to the left after upgrade: Duplicate of #3842 Jim Pingle
07:58 AM Bug #3988: menu text shifted to the left after upgrade: Ivo Babarovic wrote:
> After I upgraded from to 2.1.5 from 2.1.2.
> Text labels in web menus are shifted to the rig... Ivo B
07:56 AM Bug #3988 (Rejected): menu text shifted to the left after upgrade: After I upgraded from to 2.1.5 from 2.1.2.
Text labels in web menus are shifted to the right and longer texts get ou... Ivo B
05:31 AM Revision e39c963a: fix up text: Chris Buechler
05:19 AM Revision 75756ab9: use a bit stronger of defaults in OpenVPN wizard: Chris Buechler
05:08 AM Revision 1c1fe666: Fix WINS description. It's not 1999, and it wasn't a good description for back then either. If you're running WINS at this point on your AD DCs...get rid of the Win 9x boxes, or realize you don't actually need or want WINS on anything Windows 2000 and newer.: Chris Buechler
05:05 AM Revision 7a22ab9b: fix up text: Chris Buechler
04:01 AM Revision cbc6a13f: Fix updating of hosts file on host override updates by bringing back the same behavior from previous releases.: Chris Buechler
03:22 AM Revision b7419cfc: skip disabled phase 1 entries in status output: Chris Buechler
01:57 AM Revision 261f2efe: fix NAT-T status. The 'nat' in the status array just tells how the connection is configured, not what it's actually using. Port seems to be the best way to determine what it's using. Fix up some other text while here: Chris Buechler
01:09 AM Revision 531686c1: use tabs rather than spaces, as most of this already did.: Chris Buechler
01:02 AM Revision d3c414e3: strongswan only has two options for NAT-T, force or auto.: Chris Buechler
12:44 AM Revision a43ddd1a: setting nmbclusters to 0 just results in an error, remove unnecessary line: Chris Buechler
12:34 AM Revision 41367b9c: remove old DISABLE_PHP_LINT_CHECKING, which dates way back to the CVS days and hasn't been relevant in years.: Chris Buechler
12:24 AM Revision 276efd64: touch up text: Chris Buechler
12:18 AM Revision 32171e59: fix invalid ipsec.conf: Chris Buechler
12:02 AM Revision f643a1f1: clean up text: Chris Buechler

11/04/2014

10:51 PM Bug #3987 (Resolved): not possible to have both IKEv1 and IKEv2 mobile P1s: There can only be one mobile P1 currently, which restricts you unnecessarily to only either IKEv1 or IKEv2 for mobile... Chris Buechler
09:31 PM Bug #3979: 2.2 IPsec NAT-T / MOBIKE IKEv2 control: this is correct for IKEv1 after my commits earlier. Seems to be working as it should. It'll continue to work on upgra... Chris Buechler
01:58 PM Bug #3979 (Confirmed): 2.2 IPsec NAT-T / MOBIKE IKEv2 control: after further review and discussion with Ermal, the code is there to set forceencaps, it just isn't setting it correc... Chris Buechler
05:56 AM Bug #3979 (Feedback): 2.2 IPsec NAT-T / MOBIKE IKEv2 control: I have pushed them recently to be enforced.
The only remaining task is to remove Force from the options list because... Ermal Luçi
08:49 PM Revision ea20169a: Use a better method of finding disks for SMART.: Old code was inaccurate and also listed entries that were symlinks to other disks Jim Pingle
08:39 PM pfSense Packages Bug #3986: BandwidthD can break php-fpm in unknown rare edge case: In addition to the 2.2 issue of it somehow taking over php-fpm and thus breaking webGUI and...
I will note here that... Phillip Davis
05:53 PM pfSense Packages Bug #3986 (Closed): BandwidthD can break php-fpm in unknown rare edge case: Hi,
Having a lot of struggles with BandwidthD in v2.2 More info here,
https://forum.pfsense.org/index.php?topic=7... Russell Morris
08:21 PM Revision 0810a719: Restore 3 values back on NAT-T settings Just Enable now its Auto as per strongswan default. and off disabled mobike. Ticket #3979: Ermal LUÇI
08:08 PM Revision 1db2634e: Rename the options to actually make sense with strongswan: Ermal LUÇI
08:07 PM Revision 86ef7a0a: Remove Force options since it has not meaning for now.: Ermal LUÇI
07:31 PM Revision 756d867a: fix comment: Chris Buechler
06:49 PM Bug #3960: deleting or changing phase 2 doesn't remove former P2: similarly, disabling a P1 doesn't remove it from the SPD nor SAD. It does remove it from the config file. Chris Buechler
12:02 AM Bug #3960 (Confirmed): deleting or changing phase 2 doesn't remove former P2: I confirmed it again on the most recent snapshot. In addition to changing it not removing, deleting a P2 doesn't remo... Chris Buechler
05:50 PM pfSense Packages Bug #3985: apcupsd / nut not working in v2.2: Sorry, meant to add this for help, missed it,
https://forum.pfsense.org/index.php?topic=80248.msg437658#msg437658
Russell Morris
05:50 PM pfSense Packages Bug #3985 (Closed): apcupsd / nut not working in v2.2: Hi,
I can't seem to get apcupsd or nut working in v2.2 - looks like a USB / driver issue, but I definitely could b... Russell Morris
05:44 PM Revision 5711c446: Catch some more sensitive info when sanitizing.: Jim Pingle
05:43 PM Revision 8a2229e3: Catch some more sensitive info when sanitizing.: Jim Pingle
05:22 PM Bug #3984 (Confirmed): system booted with DHCP client NIC unplugged never kicks off dhclient: Chris Buechler
01:48 PM Bug #3984 (Resolved): system booted with DHCP client NIC unplugged never kicks off dhclient: Take a simple LAN/WAN setup, WAN set as a DHCP client. Boot the system with WAN's NIC unplugged. Then plug the NIC in... Chris Buechler
03:26 PM Bug #3760 (Feedback): reply-to with TCP and IPv6 generates broken checksums: I pushed a fix that should treat this, test with new snapshots. Ermal Luçi
02:28 PM Todo #3958: test 2.2 upgrade scenarios: aside from things that have bugs open, and things that can't be tested because of other open bugs, this seems fine. S... Chris Buechler
11:09 AM pfSense Packages Todo #3983 (Needs Patch): Option for Cron Package: Jim Pingle
10:25 AM pfSense Packages Todo #3983 (Needs Patch): Option for Cron Package: Hello,
It's possible to add a custom button or other for disable or/and enable a cron task.
In the lastest versio... Julien Bénic
08:42 AM Bug #3361: DHCP6 WAN is not obtaining a default gateway: Watch out for this one. It works on some boots and not others, or depending on the timing. There's a race condition s... Jim Pingle
07:55 AM Bug #3982 (Resolved): Installer generates errors when selecting "Embedded" but still appears to work: When running the installer and choosing "Embedded" two errors are given by the GUI but if "skip" is chosen the instal... Jim Pingle
05:57 AM Bug #3957: 2.2 tap missing ALTQ: As i said before TAP should behave the same on 2.1 as well Ermal Luçi

11/03/2014

09:56 PM Bug #3981 (Resolved): strongswan "gets crazy" after a few reloads, wipes SAD and doesn't remove old SPD: This is a recent regression in 2.2. diag_ipsec_spd.php shows "No IPsec security associations" when there are active, ... Chris Buechler
09:47 PM Bug #3980 (Resolved): wrong static routes added for remote P2 subnets: A static route for the remote network of every P2 is added in 2.2, pointing to WAN's gateway IP. I'm guessing the int... Chris Buechler
09:32 PM Bug #3961 (Resolved): only first of multiple P2s works in 2.2: the issue described here is resolved. The two Ermal noted we'll discuss Chris Buechler
09:33 AM Bug #3961: only first of multiple P2s works in 2.2: I have done testing on this.
It works even today as is.
List of issues i am after:
- Racoon does not like agress... Ermal Luçi
08:53 PM Bug #3979 (Resolved): 2.2 IPsec NAT-T / MOBIKE IKEv2 control: The enable/disable/force NAT-T settings from earlier versions don't do anything in 2.2. It appears in newer strongswa... Chris Buechler
07:38 PM Bug #3913 (Confirmed): if_bridge missing ALTQ support: no change Chris Buechler
07:37 PM Bug #3957 (Confirmed): 2.2 tap missing ALTQ: tun is fine, tap not. Chris Buechler
07:35 PM Bug #3974 (Resolved): DNS Resolver: Advanced - Error in description: looks good, thanks Warren Chris Buechler
07:00 AM Bug #3974 (Feedback): DNS Resolver: Advanced - Error in description: Applied in changeset commit:d5566d43f4ace5036b5e5476d975bb8d13ce3b6f. Warren Baker
05:23 AM Bug #3974: DNS Resolver: Advanced - Error in description: Yeah i have the changes done. Just haven't submitted a pull request just yet. There are a few more which Im still goi... Warren Baker
05:10 AM Bug #3974: DNS Resolver: Advanced - Error in description: I have a bit of code to make that all consistent. I also see that Wagonza just made some updates to the related files... Phillip Davis
01:38 AM Bug #3974: DNS Resolver: Advanced - Error in description: Just noticed that the same issue exists for a few other items on the same page:
Outgoing TCP Buffers 0 vs 10
In... Dustin Dembeck
01:28 AM Bug #3974 (Resolved): DNS Resolver: Advanced - Error in description: Go to Services -> DNS Resolver -> Advanced -> Outgoing TCP Buffers and Incoming TCP Buffers (/services_unbound_advan... Dustin Dembeck
07:18 PM Bug #2650: FTP helper breaks TCP sequence numbers on 2nd WAN: assigning to me for further testing. Unchanged in 2.2 from prior releases, not a common enough issue to hold up and p... Chris Buechler
07:01 PM Bug #1928 (Resolved): Can't sync voucher database when carp peer is also active: fixed. Voucher sync is separate from CP's config sync, it does work. Chris Buechler
06:55 PM Bug #3361 (Confirmed): DHCP6 WAN is not obtaining a default gateway: no change Chris Buechler
05:54 PM Feature #3978 (Needs Patch): Backup and Restore configuration: Chris Buechler
04:58 PM Feature #3978 (Needs Patch): Backup and Restore configuration: Hi,
It's possible to add a custom area to select only backup or restore
-One for Limiter
-One for Layer7
Than... Julien Bénic
05:35 PM pfSense Packages Bug #3977: Squid-dev 3.3.11_1 pkg installs but does not start on 2-2-BETA: Nev Secular wrote:
> 2.2-BETA (i386) built on Thu Oct 30 13:58:57 CDT 2014 FreeBSD 10.1-RC3
> After installing squi... Nev Secular
04:42 PM pfSense Packages Bug #3977 (Resolved): Squid-dev 3.3.11_1 pkg installs but does not start on 2-2-BETA: 2.2-BETA (i386) built on Thu Oct 30 13:58:57 CDT 2014 FreeBSD 10.1-RC3
After installing squid-dev 3.3.11_1 pkg squid... Nev Secular
05:27 PM Revision f384d8a5: Merge pull request #1329 from phil-davis/patch-3: Renato Botelho
04:43 PM Revision a3fad592: Fixup dhcpd interface enabled check: Phil Davis
03:31 PM Bug #3951 (Resolved): Processes like filterdns and ipfw-classifyd accumulate many open file handles: Ermal Luçi
03:04 PM Revision ba667cc6: Fix console set interface IP address: Problem as per forum https://forum.pfsense.org/index.php?topic=83651.0
The problem comes whenever services_dhcpd_conf... Phil Davis
02:30 PM Bug #3941 (Confirmed): adding a DHCP client interface results in missing default gateway on 2.2: that didn't fix the issue described here Chris Buechler
01:32 PM Bug #3970 (Confirmed): some files not removed on upgrade to 2.2: /tmp/post_upgrade_command.php is executed after new files are in place and before reboot, probably the root cause is ... Renato Botelho
12:56 PM Revision ec290464: Merge pull request #1328 from wagonza/master: Renato Botelho
12:54 PM Revision fe9d4894: Fix indent: Renato Botelho
12:52 PM Revision 2783e408: Revert "Indent better": This reverts commit a431bfc9e698c753d9a54218af9076184deb6251. Renato Botelho
12:45 PM Revision d5566d43: Make sure defaults values are actually used. Fixes #3974: Warren Baker
11:48 AM pfSense Packages Bug #3975 (Rejected): Gateway Monitoring Offline: not true, please post more info to the forum or list for assistance. Chris Buechler
05:27 AM pfSense Packages Bug #3975 (Rejected): Gateway Monitoring Offline: PfSense 2.2 shows gateways as always offline Russell Wilson
11:45 AM Bug #3976 (Resolved): VLAN Interfaces on LAGG get orphaned on LAGG change: that is replicable on 2.1.x but not 2.2, already fixed there. Chris Buechler
11:04 AM Bug #3976 (Resolved): VLAN Interfaces on LAGG get orphaned on LAGG change: Reproduce:
1. Create LAGG with e.g. em3 + em4, LACP and a nice description
2. Create a few vlans and assign them ... Jens Weibler
10:48 AM Revision 7bb24e18: Merge pull request #1327 from wagonza/pfSense-master: Renato Botelho
10:30 AM Bug #1629: invalid state table entries after WAN IP change: It's not the gateway that needs states killed, it's the old WAN IP. Chris Buechler
06:36 AM Bug #1629: invalid state table entries after WAN IP change: I'm on ... Anonymous
10:08 AM Revision 46a989ce: Indent here as well: Warren Baker
10:08 AM Revision a431bfc9: Indent better: Warren Baker
10:04 AM Revision 1b436de1: Be consistent with the other pages: Warren Baker
10:03 AM Revision be11b6f1: Add braces: Warren Baker
08:27 AM Revision 4c3abd34: Fix obviously broken test in rc.initial.setlanip: IMO might as well back-port any obviously wrong code to 2.1 branch, just in case anybody on 2.1.n cares for it or the... Phil Davis
07:54 AM Revision 0a89d059: Merge pull request #1324 from phil-davis/patch-3: Renato Botelho
06:04 AM Revision 8727b3c8: Set interface address from consol tidy output: While trying to see why this is not working for me (forum https://forum.pfsense.org/index.php?topic=83651.0 ) I have ... Phil Davis
03:12 AM Bug #3940 (Resolved): check_reload_status uses deprecated libevent-1.4: Renato Botelho
02:35 AM Bug #3940: check_reload_status uses deprecated libevent-1.4: It also looks good on my custom build - no high CPU load. Thomas Hilse

11/02/2014

05:48 PM Bug #3973 (Resolved): Route 53 dynamic DNS provider fails to update record: Existing records are not updating with the Route 53 dynamic DNS provider.
Records that do not exist are created p... Grant Horning
08:58 AM Bug #3951: Processes like filterdns and ipfw-classifyd accumulate many open file handles: Updated to:
2.2-BETA (amd64)
built on Sat Nov 01 21:36:28 CDT 2014
FreeBSD 10.1-RC4
Now filterdns has just 8 th... Phillip Davis
05:46 AM Bug #3951: Processes like filterdns and ipfw-classifyd accumulate many open file handles: My main 2.1.5 production system is the big offender with this - it has over 4000 in filterdns fstat. But I can't upgr... Phillip Davis

11/01/2014

11:20 PM Revision ce21dfca: Correct dispaly of checkboxes for ipsec: Ermal LUÇI
10:41 PM Revision 8cb7d3e3: Properly configure NAT Tranversal setting.: Ermal LUÇI
07:54 PM Revision 6af85718: Remove debugging code: Ermal LUÇI
05:56 PM Revision f3dd7e8c: Properly test if FCGI is calling or are being triggered from shell. Normally Fixes #3361: Ermal LUÇI
05:55 PM Revision 9fdc167f: Properly test if FCGI is calling or are being triggered from shell. Normally Fixes #3361: Ermal LUÇI
05:49 PM Revision d338018f: Fixes #3938. Do more error checking.: Ermal LUÇI
05:44 PM Revision 935fcedb: Fixes #3941. When optimizations of the loops were made this brought the problems of overriding default gateway by dynamic interfaces. Try to stick to the first found for now!: Ermal LUÇI
05:43 PM Revision d35dfaae: Fixes #3941. When optimizations of the loops were made this brought the problems of overriding default gateway by dynamic interfaces. Try to stick to the first found for now!: Ermal LUÇI
03:54 PM pfSense Packages Bug #3972: Avahi daemon doesn't start due to missing folder for requisite dbus-daemon.: Working AVAHI on 2.2
mkdir /var/run/dbus
chown messagebus:messagebus /var/run/dbus
dbus-daemon --system
Aaron... Bill Crowder
01:04 PM pfSense Packages Bug #3972: Avahi daemon doesn't start due to missing folder for requisite dbus-daemon.: A general note Jim Pingle
12:58 PM pfSense Packages Bug #3972: Avahi daemon doesn't start due to missing folder for requisite dbus-daemon.: Jim P wrote:
> While this is being fixed, it may also warrant adding a <service> tag for dbus.
Was that a general... Aaron Outhier
12:47 PM pfSense Packages Bug #3972: Avahi daemon doesn't start due to missing folder for requisite dbus-daemon.: While this is being fixed, it may also warrant adding a <service> tag for dbus. Jim Pingle
12:36 PM pfSense Packages Bug #3972: Avahi daemon doesn't start due to missing folder for requisite dbus-daemon.: Oops! I confused the terms "Assignee" and "Assigner". I put myself as the assignee, thinking that I was supposed to d... Aaron Outhier
12:33 PM pfSense Packages Bug #3972 (Resolved): Avahi daemon doesn't start due to missing folder for requisite dbus-daemon.: Avahi package version 0.6.31 pkg v1.06 has a bug which prevents it from working. This bug should be easy to fix. I ha... Aaron Outhier
03:16 PM Bug #3913: if_bridge missing ALTQ support: Well sorry to bring bad news, but i still got the same error message (i have removed the shaper rules and recreated t... Orsiris de Jong
01:36 PM Bug #3967 (Confirmed): Need to restore IP aliases on CARP IPs in 2.2: that does work, but there are issues with that approach. One, you have to remember what VHID you're using on that, an... Chris Buechler
01:12 PM Bug #3967 (Feedback): Need to restore IP aliases on CARP IPs in 2.2: Getting back to this.
Apparently i just made conversion code to convert any such aliases to carp on same vhid.
So... Ermal Luçi
01:00 PM Bug #3361: DHCP6 WAN is not obtaining a default gateway: Applied in changeset commit:f3dd7e8cdb11077486421364ea3a11c411ba807b. Ermal Luçi
01:00 PM Bug #3361: DHCP6 WAN is not obtaining a default gateway: Applied in changeset commit:9fdc167f4ef1c8fd1b76ba9ca6e56c8085dbe672. Ermal Luçi
12:51 PM Bug #3361 (Feedback): DHCP6 WAN is not obtaining a default gateway: Ermal Luçi
01:00 PM Bug #3938: Captive Portal PHP Error at bootup on current snapshots: Applied in changeset commit:d338018f4798ea41975589f8c5b111568747e572. Ermal Luçi
12:44 PM Bug #3938 (Feedback): Captive Portal PHP Error at bootup on current snapshots: Ermal Luçi
12:50 PM Bug #3941: adding a DHCP client interface results in missing default gateway on 2.2: Applied in changeset commit:935fcedbca2dbe8c3d9eb41bc5739b511a9ec19a. Ermal Luçi
12:50 PM Bug #3941: adding a DHCP client interface results in missing default gateway on 2.2: Applied in changeset commit:d35dfaaecb5eabedade43738ba4f76967a7425a3. Ermal Luçi
12:39 PM Bug #3941 (Feedback): adding a DHCP client interface results in missing default gateway on 2.2: Ermal Luçi
01:52 AM Bug #3941: adding a DHCP client interface results in missing default gateway on 2.2: most I've found thus far is it still happens after removing all the "route delete default" commands from dhclient-scr... Chris Buechler
12:45 PM Bug #3692: apinger loss % gets stuck: People have confirmed that the behaviour is improved.
Only the graph part needs improvement. Ermal Luçi
12:23 PM Bug #3951 (Feedback): Processes like filterdns and ipfw-classifyd accumulate many open file handles: Ermal Luçi
12:05 PM Bug #3951: Processes like filterdns and ipfw-classifyd accumulate many open file handles: I think i found the cause.
Please test with new snapshots. Ermal Luçi
09:07 AM Feature #3971 (Resolved): IPv6 - Preserve the DUID used for WAN DHCP-PD in the configuration file: +Feature Request+
Preserve the DUID used to obtain the DHCP-PD addressing on the WAN in config.xml
Secondary ... David Williams
06:42 AM Revision 038f6e96: clarify logs generated by newwanip(v6) when restarting packages, it's not only IP changes that end up here (by design).: Chris Buechler
01:05 AM Bug #3963: PPPoE client interface status wrong while attempting to connect: not the issue it initially appeared to be, assigned to me for review in the future. behavior is no diff than previous... Chris Buechler

10/31/2014

10:05 PM Revision a94a16cd: s/a/an/ and speling.: derelict-pf
09:55 PM Revision 162a7b4e: s/then/than/: derelict-pf
09:13 PM Bug #3666: PMTUD is broken for NATed traffic: Ermal - no change with the kernel you built. I have a test setup up now that you can reach. /msg me for info. Chris Buechler
05:11 PM Bug #3970 (Resolved): some files not removed on upgrade to 2.2: There is at least one file from earlier versions that has to be removed in the process of upgrading to 2.2, with setk... Chris Buechler
02:46 PM Bug #3961: only first of multiple P2s works in 2.2: this is for site to site VPNs with > 1 P2. One easy way to replicate, setup a site to site IPsec between 2.1.5 and 2.... Chris Buechler
02:39 PM Bug #3961 (Feedback): only first of multiple P2s works in 2.2: It works for me for mobile clients which this issue is about!
The unity plugin sends split-include sections now. Ermal Luçi
02:26 PM Revision 4045cf1e: Fix two more instances of rrd.tgz renaming.: Jim Pingle
02:26 PM Revision 8560c756: Fix two more instances of rrd.tgz renaming.: Jim Pingle
02:24 PM Bug #3913 (Feedback): if_bridge missing ALTQ support: Should work correctly on new snapshots. Ermal Luçi
02:15 PM Bug #3957 (Feedback): 2.2 tap missing ALTQ: Ermal Luçi
02:12 PM Bug #3957: 2.2 tap missing ALTQ: Ok reproduced only for TAP, tun is ok.
Also i think tap behaved the same before. Ermal Luçi
02:04 PM Bug #3957: 2.2 tap missing ALTQ: I cannot replicate this on tun/tap?!!!
I do not even see changes in code to not support it! Ermal Luçi
01:30 PM Bug #3941: adding a DHCP client interface results in missing default gateway on 2.2: I'll take this one Chris Buechler
12:44 PM Bug #3870 (Closed): re(4) NICs on APU are unable to hardcode speed/duplex properly: PC Engines not aware of the issue, but not surprised by it given Realtek's horrible documentation.
We've confirme... Chris Buechler
12:39 PM Bug #3876 (Resolved): pfsync is not synchronizing states on 2.2: looks to be fine, works in both directions from testing. Chris Buechler
08:08 AM Bug #3960 (Feedback): deleting or changing phase 2 doesn't remove former P2: I couldn't reproduce it, I changed local or remote subnet and it worked as expected. Can you confirm it is still happ... Renato Botelho
07:27 AM Bug #3969 (Resolved): apinger configuration for DHCPv6 gateway is missing interface scope on source IP and target: When using a DHCPv6 WAN, apinger sets the srcip to be the interface link-local address but it does not set the scope ... Jim Pingle
06:45 AM Bug #3940: check_reload_status uses deprecated libevent-1.4: New snapshots are available, using libevent 2.0 and check_reload_status with fixes. Renato Botelho
04:06 AM Bug #3940: check_reload_status uses deprecated libevent-1.4: pfsense-tools repo already have the final patch applied, please try it or wait new snapshots today yet. Renato Botelho
03:00 AM Bug #3940: check_reload_status uses deprecated libevent-1.4: After applying your patch there are still 3 statements with "socket_close_command(fd, ev);" left:
root@pfsense-bui... Thomas Hilse
02:24 AM Revision c656bc75: Fix getext to gettext typo: Phil Davis
02:23 AM Revision 41aa5cd4: Fix getext to gettext typo: Phil Davis
02:23 AM Revision 29af6265: Fix getext to gettext typo: Phil Davis
02:22 AM Revision 24516832: Fix getext to gettext typo: Phil Davis
02:21 AM Revision b3f0b2e1: Fix getext to gettext typo: Phil Davis
02:10 AM Revision 687712ee: More gettext typos: Phil Davis
02:10 AM Revision 95169728: More gettext typos: Phil Davis
02:09 AM Revision c69f62b8: More gettext typos: Phil Davis
02:07 AM Revision 91ee10c0: More gettext typos: Phil Davis
01:30 AM Revision e4982b90: fix typoed gettext: Chris Buechler

10/30/2014

09:37 PM Revision 1ae41bfe: Kill states associated with the old WAN IP when WAN IP has changed. Retain: hidden config option to wipe all states on IP change, as there seemed to
be circumstances where the 'pfctl -k $oldip'... Chris Buechler
08:35 PM Revision 737b18f2: Allow accept_unencrypted_mainmode_messages to be enabled if needed: Ermal LUÇI
06:15 PM Revision 461eac09: only kill all states if the IP changed. ticket #1629: Chris Buechler
05:03 PM Bug #1629 (Resolved): invalid state table entries after WAN IP change: this is fixed. The states of the former WAN IP are now killed post-IP change, which should resolve nearly all cases w... Chris Buechler
04:59 PM Bug #3921 (Resolved): max-packets option missing from pfctl: issue here is resolved Chris Buechler
04:23 PM Bug #3921 (Feedback): max-packets option missing from pfctl: Its expected and resolving this is not in plan for 2.2.
Also that is not what this ticket is about. Ermal Luçi
04:02 PM Bug #1928: Can't sync voucher database when carp peer is also active: I am unsure if this should be allowed!
Normally switching to master it should have the latest voucher status synched... Ermal Luçi
03:04 PM Bug #3876 (Feedback): pfsync is not synchronizing states on 2.2: Seems to be working for me now. Ermal Luçi
02:06 PM Bug #3760 (Confirmed): reply-to with TCP and IPv6 generates broken checksums: the most common scenario here is fixed, IPv4 is fine, but IPv6 has regressed from 2.1.x. reply-to with v6 works in pr... Chris Buechler
01:54 PM Bug #3947 (Resolved): "ipsec_starter: Bad file descriptor" spams system log: This seems to be resolved with confirmation from https://forum.pfsense.org/index.php?topic=81440.msg457606#msg457606 Ermal Luçi
01:43 PM Bug #3949 (Confirmed): Dynamic DNS public IP check always uses default gateway: Chris Buechler
01:42 PM Bug #3967 (Confirmed): Need to restore IP aliases on CARP IPs in 2.2: Chris Buechler
01:42 PM Bug #3968 (Confirmed): Incorrect gateway is assumed when using tun + topology subnet: I re-opened it after confirming that atypical circumstance. Your pull request is wrong though, it fixes a rare edge c... Chris Buechler
01:31 PM Bug #3968: Incorrect gateway is assumed when using tun + topology subnet: Well, I won't argue. If you see no bug then there is no bug.
Dmitriy K
01:28 PM Bug #3968 (New): Incorrect gateway is assumed when using tun + topology subnet: Chris Buechler
01:13 PM Bug #3968: Incorrect gateway is assumed when using tun + topology subnet: this is valid with topology subnet in newer versions Chris Buechler
01:10 PM Bug #3968: Incorrect gateway is assumed when using tun + topology subnet: I know that pfsense team wants to release 2.2 asap but its quality will suffer if fast decisions were taken place.
... Dmitriy K
12:55 PM Bug #3968 (Rejected): Incorrect gateway is assumed when using tun + topology subnet: scratch that, can happen with topology subnet Chris Buechler
07:23 AM Bug #3968 (Resolved): Incorrect gateway is assumed when using tun + topology subnet: The script */usr/local/sbin/ovpn-linkup* has en error where network mask is returned as a gateway when no gateway pro... Dmitriy K
12:29 PM Bug #3870: re(4) NICs on APU are unable to hardcode speed/duplex properly: I contacted Pascal @ PC Engines to see if that's an issue they're aware of and if they have any further info on it.
... Chris Buechler
10:44 AM Bug #3870: re(4) NICs on APU are unable to hardcode speed/duplex properly: Boy I sure hope this is somehow fixable in software - we have a fair handful of APUs deployed already and continue to... → luckman212
12:41 AM Bug #3870: re(4) NICs on APU are unable to hardcode speed/duplex properly: Linux much happier on SD card in the APU, couldn't get anything to boot from USB flash.
TLDR version: either the... Chris Buechler
12:12 AM Bug #3870: re(4) NICs on APU are unable to hardcode speed/duplex properly: Either OpenBSD has the same problem, or this is a hardware issue. ... Chris Buechler
10:21 AM Bug #2406: No IP alias within the subnet of a CARP IP can be deleted: Chris Buechler wrote:
> This is fixed. You can't remove the last IP alias on the subnet of a CARP IP because it'll b... Nei Ka
07:47 AM Bug #3940: check_reload_status uses deprecated libevent-1.4: That previous patch is not correct, consider this one. Renato Botelho

10/29/2014

10:49 PM Bug #3964 (Resolved): Web interface fails to load on first boot: fixed Chris Buechler
10:43 PM Bug #3894: OpenVPN client started multiple times when connecting to FQDN where connectivity to server is delayed: The specific issue here is OpenVPN client is launched multiple times when connecting to FQDN with "resolv-retry infin... Chris Buechler
08:39 PM Revision 5274102e: Hide burst for limiters, since it doesn't do anything. more details in: ticket #3933 Chris Buechler
06:52 PM Bug #3940 (Feedback): check_reload_status uses deprecated libevent-1.4: Thomas, could you try attached patch, built with libevent 2.0 and let me know the result? Renato Botelho
09:01 AM Bug #3940 (Confirmed): check_reload_status uses deprecated libevent-1.4: I built a custom image and confirmed it. We are not seeing it on our snapshots because builder was not updated and st... Renato Botelho
06:35 PM Bug #3937 (Resolved): Interfaces Dashboard Widget - Font to big and scaling wrong: fixed. Chris Buechler
05:33 PM Bug #3967 (Resolved): Need to restore IP aliases on CARP IPs in 2.2: Ticket for what Ermal and I discussed earlier re: IP aliases on CARP. That functionality is effectively gone from 2.2... Chris Buechler
05:28 PM Bug #3760 (Feedback): reply-to with TCP and IPv6 generates broken checksums: with a kernel Ermal built with his changes as committed earlier, v4 reply-to looks to be fine in all scenarios. Will ... Chris Buechler
02:45 PM Bug #3760: reply-to with TCP and IPv6 generates broken checksums: Current status is broken checksums on IPv6, source NAT doesn't apply to translate the IP back on IPv4 (though return ... Chris Buechler
05:26 PM Bug #3870: re(4) NICs on APU are unable to hardcode speed/duplex properly: I'll try this on Linux to see how that behaves, should help narrow down whether it's hardware or driver. Chris Buechler
05:25 PM Bug #1634: Limiter and bridge needs special handling: to me to review in combination with the other limiter tickets.
non-regression and uncommon issue, removing 2.2 ta... Chris Buechler
03:36 PM Bug #3913 (Confirmed): if_bridge missing ALTQ support: hm, not sure what I was trying at the time, apparently I missed assigning the bridge or something. thanks for the fol... Chris Buechler
02:41 AM Bug #3913: if_bridge missing ALTQ support: Hello,
Sorry for the late testing.
I tried to reenable traffic shaping via the wizard but get this one:
[[There... Orsiris de Jong
03:34 PM Feature #3933 (Confirmed): Limiter burst doesn't have any effect: dummynet burst on stock FreeBSD 10.1 does indeed work how I'd expect it to work. Ours doesn't have any impact whatsoe... Chris Buechler
01:02 PM Revision a4372874: Fix a typo on array index, related to ticket #3963: Renato Botelho
11:16 AM Bug #3963: PPPoE client interface status wrong while attempting to connect: Yeah it really should say "Connecting", how difficult would it be to make that happen? I don't think this is a regres... Chris Buechler
07:56 AM Bug #3963 (Feedback): PPPoE client interface status wrong while attempting to connect: After doing somo analysis, my understanding is 'Status' is supposed to be up, since interface exists on operating sys... Renato Botelho
11:10 AM Feature #3365 (Resolved): Implement package signing: After discussion with Jeremy, we're satisfied this is good for 2.2. Chris Buechler
10:47 AM Feature #3365: Implement package signing: We'll create a secured key repository, and signing keys will be imported into it for access. Renato will create the ... Jeremy Porter
06:08 AM Revision 002d286c: fix up text: Chris Buechler
12:53 AM Bug #1943: PPPoE won't reconnect after link loss when using vr(4) NICs on certain ISPs only: this may or may not still be an issue with 2.2, much has changed, and this is something we've never been able to repl... Chris Buechler
12:50 AM Bug #3961 (Confirmed): only first of multiple P2s works in 2.2: Chris Buechler
12:48 AM Bug #3890 (Resolved): Aliases multiple CIDR ranges show error message: Chris Buechler
12:39 AM Bug #3966 (Confirmed): OpenVPN crashes with AES-NI + AES-CBC: Chris Buechler
12:39 AM Bug #3966 (Resolved): OpenVPN crashes with AES-NI + AES-CBC: On systems with AES-NI enabled, OpenVPN using AES-128-CBC, AES-192-CBC, and AES-256-CBC crashes on start. ... Chris Buechler

10/28/2014

09:33 PM Revision eea2ad5d: FreeBSD fails to set advskew back to 0 after you set it to any other: value. That's a separate issue that needs fixing upstream, but in the mean
time, we can work around it by removing al... Chris Buechler
07:06 PM Revision 70eef835: Remove redundancy as pointed out by phil-davis: Renato Botelho
07:06 PM Revision 44c7d73c: Decode recently created cert and key. It fixes #3964. While here, fix logical condition to create a new cert if crt or key is not present: Renato Botelho
06:31 PM Revision 569e2fdf: Add option to kill all states on IP change, currently a hidden option for more testing. ticket #1629: Chris Buechler
05:06 PM Bug #3910 (Confirmed): Cannot set advskew back to 0: That is correct, we're running the commands correctly to set it back to 0. The source of the issue is FreeBSD 10.1 wo... Chris Buechler
05:00 PM Revision fd057a56: Merge pull request #1317 from phil-davis/patch-1: Renato Botelho
04:55 PM Revision 0a8dd27b: Remove redundancy as pointed out by phil-davis: Renato Botelho
04:26 PM Revision 7c199791: Merge pull request #1297 from phil-davis/patch-23: Renato Botelho
03:23 PM Bug #2325: Limiters don't work on OPT WAN rules w/rdr: needs review along with the other limiter tickets, there is overlap between them. Chris Buechler
02:20 PM Bug #3964: Web interface fails to load on first boot: Applied in changeset commit:44c7d73c4a1aa2cca3a932447ef6b6be2034badd. Renato Botelho
07:30 AM Bug #3964 (Feedback): Web interface fails to load on first boot: Applied in changeset commit:143c22f7719836d5decee0da0ec52e61e79fd6a2. Renato Botelho
12:08 AM Bug #3964 (Resolved): Web interface fails to load on first boot: cert.pem file is missing on first boot of clean 2.2 nano install, which leaves the web interface dead. ... Chris Buechler
01:32 PM Bug #1629: invalid state table entries after WAN IP change: I committed a change to add a new option that kills all states upon IP change. That's going to be the answer for thos... Chris Buechler
12:17 PM Revision 143c22f7: Decode recently created cert and key. It fixes #3964. While here, fix logical condition to create a new cert if crt or key is not present: Renato Botelho
11:51 AM Bug #3890 (Feedback): Aliases multiple CIDR ranges show error message: Pull request has been merged Renato Botelho
11:49 AM Revision 0a8d7fe9: Back to use listr instead of vncellt since it has small fonts and mitigate changes of go outside the sidget. It should fix #3937: Renato Botelho
11:24 AM Revision 30cb409d: Simplify logic: Renato Botelho
11:10 AM Revision bf50b0a4: Remove unecessary variables: Renato Botelho
11:08 AM Revision 9c76c0f1: Whitespace and indent: Renato Botelho
08:48 AM Bug #3965 (Resolved): dhcp6c started before bridge configured at boot, preventing interface tracking: Setup:
- WAN interface configured for DHCPv6 prefix discovery
- LAN interface configured for IPv6, tracking interfa... Gregor Riepl
07:48 AM Bug #3937: Interfaces Dashboard Widget - Font to big and scaling wrong: That change is an improvement and keeps the widget from being pushed off the side of the dash.
Call it a perso... David Williams
07:00 AM Bug #3937 (Feedback): Interfaces Dashboard Widget - Font to big and scaling wrong: Applied in changeset commit:0a8d7fe996275febad7ee28ec3daf70101928cc6. Renato Botelho

10/27/2014

11:10 PM Bug #3963: PPPoE client interface status wrong while attempting to connect: To clarify - eventually it goes to "down" status, after failing for quite a while. The issue is it shows "up" while g... Chris Buechler
10:43 PM Bug #3963: PPPoE client interface status wrong while attempting to connect: this also applies to PPP, likely the same root cause Chris Buechler
10:42 PM Bug #3963 (Closed): PPPoE client interface status wrong while attempting to connect: PPPoE-type WAN interfaces show their status as "up" when they aren't actually. To replicate, just set an interface to... Chris Buechler
10:32 PM Bug #3789 (Confirmed): rc.update_bogons.sh and login shell ignore http proxy settings: this needs to be set in tcshrc so it applies to everything using fetch and similar utilities now and in the future. Chris Buechler
10:04 PM Bug #3198 (Confirmed): IPSEC, when nating to a different size subnet a invalid natting rule is made.: Chris Buechler
08:36 PM Revision 4721677d: fix ping_hosts.sh to not ping IPsec if CARP is in backup: Chris Buechler
08:32 PM Revision 7e1aa4b7: fix ping_hosts.sh to not ping IPsec if CARP is in backup: Chris Buechler
02:57 AM pfSense Packages Bug #3962: LADVD interface handling issues with lagg and bridge: My thoughts are that it is a GUI issue. I believe that only the physical interfaces should be shown. Marco Verleun

10/26/2014

05:33 PM Bug #3913 (Resolved): if_bridge missing ALTQ support: Chris Buechler
05:26 PM Bug #3922: jumbo frames on lagg not working: this issue is fixed, that one's #2786 Chris Buechler
05:25 PM Bug #2786 (Confirmed): Setting MTU on VLAN does not set MTU on parent interface in 2.2: Chris Buechler
05:25 PM Bug #2786: Setting MTU on VLAN does not set MTU on parent interface in 2.2: regressed in 2.2 Chris Buechler
05:13 PM pfSense Packages Bug #3962: LADVD interface handling issues with lagg and bridge: I'm guessing this is a problem with ladvd itself and nothing we're doing with it, so should likely be reported upstre... Chris Buechler
10:04 AM pfSense Packages Bug #3962 (Confirmed): LADVD interface handling issues with lagg and bridge: On my pfsense 2.1.5 router I've got LADVD installed.
Two physical interfaces are bridged.
As long as I only selec... Marco Verleun
03:11 AM Revision e8b5f724: domain and search should not both be defined in resolv.conf per FreeBSD man page and handbook (only the latter is actually used). Change this to just not use domain, and set the search to the system's domain where not using the function that generates the search list for dynamic WANs.: Chris Buechler

10/25/2014

11:31 PM Bug #3922: jumbo frames on lagg not working: Typo: #3744 should have been #3774 Andy Sayler
11:30 PM Bug #3922: jumbo frames on lagg not working: This still seems to be a problem for me. I'm running the 2.2-BETA (amd64) Fri Oct 24 12:17:25 CDT 2014 build. I have ... Andy Sayler
11:15 PM Bug #3961 (Resolved): only first of multiple P2s works in 2.2: Where you have multiple P2s on 2.2, only the first does anything. It negotiates successfully, but the strongswan/2.2 ... Chris Buechler
10:54 PM Bug #3960 (Closed): deleting or changing phase 2 doesn't remove former P2: When editing an existing P2 in 2.2, the original entry isn't removed from the SPD. For instance, change just the IP s... Chris Buechler
10:11 PM Bug #2981 (Resolved): Virtual IP's not cleaned up on interface change: pretty sure this was fixed in a 2.1.x release since then. It's definitely good in 2.2. Chris Buechler
09:30 PM Bug #3944 (Resolved): git fatal errors are not shown to user when building pfSense iso from source.: Chris Buechler
09:22 PM Bug #3069 (Confirmed): traceroute6 fails to timeout and hangs the webconfigurator GUI: it's pf that makes this hang somehow. disable pf, and traceroute6 finishes no problem. No blocked traffic being logged. Chris Buechler
09:18 PM Bug #1848 (Confirmed): Limiters after policy routing has taken place do not behave correctly: Chris Buechler
09:18 PM Bug #3824 (Confirmed): Limiters on bridge break traffic outside locally-configured IP subnets: Chris Buechler
09:16 PM Bug #3957 (Confirmed): 2.2 tap missing ALTQ: Chris Buechler
09:15 PM Bug #3947 (Confirmed): "ipsec_starter: Bad file descriptor" spams system log: Chris Buechler
09:15 PM Bug #3096 (Confirmed): Limiters problem using Multi WAN: Chris Buechler
03:38 PM Bug #3450 (Rejected): DHCPv6 Lease Status shows no Leases: I don't see any actual bugs here. All DHCPv6 leases are shown in every instance I've seen. Whether they're "active" s... Chris Buechler
03:27 PM Bug #3554 (Closed): apinger and OpenVPN: Gateway down after OpenVPN client service restart: this isn't true on 2.2, haven't tried earlier versions. The "route add failed" scenarios could well be a problem, but... Chris Buechler
01:51 PM pfSense Packages Bug #3959 (Resolved): sshdcond edit /etc/sshd and gets it wrong: sshdcond.inc function restart_sshd() does edits to /etc/sshd and /etc/sshd ends up with invalid PHP syntax.
Forum: h... Phillip Davis
12:42 AM Bug #3227 (Closed): apinger treats interface as down while it isn't: not an apparent issue on 2.2 (unless this somehow overlapped with separate issues open there) Chris Buechler
12:04 AM Bug #3886: (TurkishLanguage) After the firewall rule for example (lan rule) does not come "Apply Button": not sure of status here, assigning to Renato for follow-up. Chris Buechler

10/24/2014

11:55 PM Bug #3898 (Closed): Traffic Graph webpage freezes up after some time: I never could replicate that. The described behavior is the browser not responding, and nothing we do should make the... Chris Buechler
11:46 PM Bug #3666 (Confirmed): PMTUD is broken for NATed traffic: no change. Ermal, msg me and we can both take a look at my test setup. Chris Buechler
11:39 PM Todo #3958 (Resolved): test 2.2 upgrade scenarios: I need to go through and verify a variety of upgrade scenarios.
Only issue I've seen recently is where you have t... Chris Buechler
11:24 PM Bug #1629 (Feedback): invalid state table entries after WAN IP change: Chris Buechler
11:20 PM Bug #3957: 2.2 tap missing ALTQ: this will break enough existing systems it's worthy of RC blocking Chris Buechler
11:07 PM Bug #3957 (Closed): 2.2 tap missing ALTQ: ALTQ support in tun and tap is missing in 2.2. A number of existing configurations on 2.1x will fail to load the rule... Chris Buechler
11:19 PM Bug #3941: adding a DHCP client interface results in missing default gateway on 2.2: the subject doesn't quite cover all the breakage this causes, there are various times that the default gateway is rem... Chris Buechler
11:02 PM Bug #3917 (Resolved): Mobile IPsec status page issues: fixed Chris Buechler
11:00 PM Bug #3950 (Resolved): Entering a backwards IP range in an Alias results in an Internal Server Error: Chris Buechler
09:47 PM Bug #3842 (Resolved): Verdana font from the Linux package ttf-mscorefonts-installer causes rendering issues with pfSense WebGUI: this is good in 2.2, if we do another 2.1.x release we probably want to back port that. Chris Buechler
05:18 PM Revision 23ed5b78: Enable unity plugin as per request from https://forum.pfsense.org/index.php?topic=79737.msg452808#msg452808: Ermal LUÇI
05:05 PM Bug #3678: Kernel panic: "Bogus interrupt trigger mode" on Intel J1900: Chris Buechler wrote:
> this was since fixed in 9 and 10 stable FreeBSD, current 2.2 should work here
I can confi... Ken Masterson
02:38 PM Revision 577b776e: Warn if attempting to import IPv6 range: There is currently no code to convert an IPv6 range to a set of corresponding IPv6 subnets, so warn the user if they ... Phil Davis
02:32 PM Revision bb67ac32: Support converting an IP range to an array of addresses: so that it can be used for expanding ranges in host alias input. Phil Davis
02:25 PM Revision feb1953e: Expand range or subnet for host alias: When entering a host alias, if the user put an IP range (like 192.168.0.10-192.168.0.20) or a subnet (like 192.168.1.... Phil Davis
06:58 AM Bug #3956 (Resolved): Check for invalid CA on generating new certificate: ... or check for valid values on generating dynamic function internalca_change() in system_certmanager.php
I had a... Grischa Zengel

10/23/2014

07:25 PM Feature #3385 (Needs Patch): Accommodate static routes for PPTP connections: PPTP is dead, and shouldn't be used in this context anyway Chris Buechler
07:23 PM Bug #3955 (Resolved): IPsec dashboard widget needs adapting for 2.2: The IPsec dashboard widget needs updating to understand strongswan's status. Chris Buechler
05:00 PM Bug #3901: DynDNS is not forcefully updated after powerup: that's a scenario that no client accounts for. Excessive updating can get you banned from some of the providers, whic... Chris Buechler
04:03 PM Bug #3901: DynDNS is not forcefully updated after powerup: From my point of view the current behaviour is not perfect.
As I described above it might be the case that the data ... Philippe Schnyder
02:25 PM Revision e112f9ee: Merge pull request #1312 from phil-davis/patch-8: Renato Botelho
02:24 PM Revision 095707fe: Merge pull request #1313 from phil-davis/patch-9: Renato Botelho
10:12 AM Bug #3954 (Rejected): Port forwarding rule changes do NOT take affect: Jim Pingle
10:06 AM Bug #3954: Port forwarding rule changes do NOT take affect: Nevermind, I found that vpn->pptp->redirect to x.x.x.x was configured. please close bug. carl paulino
09:21 AM Bug #3954 (Rejected): Port forwarding rule changes do NOT take affect: my pfsense is:
2.1.5-RELEASE (i386)
built on Mon Aug 25 07:44:26 EDT 2014
FreeBSD 8.3-RELEASE-p16
I have a po... carl paulino
09:16 AM Bug #3898: Traffic Graph webpage freezes up after some time: After upgrading my Mac to Yosemite 10.10 and Safari to 8.0, I don't have this problem anymore. I do see the page free... carl paulino
06:46 AM Bug #3944 (Feedback): git fatal errors are not shown to user when building pfSense iso from source.: Pushed Renato Botelho
04:12 AM Bug #2882: 6RD not working in latest snapshots: I'm using the latest snapshot (amd64 built on Tue Oct 21 22:27:38 CDT 2014) and it seems like 6rd still isn't working... Hondo Eriksson

10/22/2014

03:27 PM Bug #3369: Captive vouchers expire too quickly: Chris Buechler wrote:
> mine for further testing when time permits
good luck :) maz nos
12:12 PM Bug #3369: Captive vouchers expire too quickly: mine for further testing when time permits Chris Buechler
12:07 PM Bug #3369: Captive vouchers expire too quickly: Thanks maz, got it. One follow-up question sent via email. Chris Buechler
03:55 AM Bug #3369: Captive vouchers expire too quickly: I have sent you the link through your email Chris cmb(at)pfsense
please do not share the image publicly as its key... maz nos
11:42 AM Bug #1957 (Confirmed): Remove button-inside-hyperlink usage from web forms: this is still the case, though only IE seems to care, it's still an issue in IE 11. Chris Buechler

10/21/2014

06:43 PM Revision a376c57d: Teach the certificate generation code how to make a self-signed certificate, and: change the GUI cert generation code to use it. Also, move the GUI cert
generation code to its own function so we can ... Jim Pingle
06:25 PM Revision c25d1fd7: Encode values before displaying them back to the user in notification settings: Jim Pingle
06:25 PM Revision 5b473705: Encode values before displaying them back to the user in notification settings.: Jim Pingle
05:52 PM Bug #3946 (Confirmed): Disabling RAM Disk doesn't remove schedule from /etc/crontab if schedules aren't disabled: Chris Buechler
05:46 PM Revision 687d0a6d: remove the command number shown in the shell prompt, it's a pointless: waste of screen space Chris Buechler
05:43 PM Bug #2724 (Resolved): CARP IPs in INIT on both firewalls leads to dual master: it doesn't appear to be possible to get a system into this state in FreeBSD 10.x, it's been fixed since 8.x. Chris Buechler
05:42 PM Bug #2166 (Resolved): Dynamic DNS not updating: this definitely works on 2.1x and 2.2. Chris Buechler
05:41 PM Bug #3924 (Confirmed): Renaming limiters removes them from firewall rules: Chris Buechler
04:59 PM Bug #3576 (Resolved): Console upgrade automatically skips hash check if no hash file found: works Chris Buechler
04:53 PM Bug #3797 (Resolved): DHCP server restarted multiple times on secondary after config sync: this looks to be fine, scenarios that previously triggered multiple restarts on the secondary now only have it restar... Chris Buechler
04:48 PM Bug #3876: pfsync is not synchronizing states on 2.2: Additional info, secondary spits this out: ... Chris Buechler
03:18 PM Bug #3951: Processes like filterdns and ipfw-classifyd accumulate many open file handles: Here it is! Petr Klus
03:13 PM Bug #3951: Processes like filterdns and ipfw-classifyd accumulate many open file handles: could anyone attach the full output of fstat from an affected system? Spot checked some using filterdns and they seem... Chris Buechler
07:00 AM Bug #3951: Processes like filterdns and ipfw-classifyd accumulate many open file handles: My case: pfSense 2.1.5 running on i386 embedded version. Clean install, only modification apart from UI is password f... Petr Klus
05:20 AM Bug #3951 (Resolved): Processes like filterdns and ipfw-classifyd accumulate many open file handles: Forum: https://forum.pfsense.org/index.php?topic=63357.msg453040#msg453040
and surrounding discussion and results in... Phillip Davis
03:08 PM Bug #3789: rc.update_bogons.sh and login shell ignore http proxy settings: why do it there in update_bogons? Set it as an env variable in general and nothing else needs to be touched. Chris Buechler
01:43 PM Bug #3950 (Feedback): Entering a backwards IP range in an Alias results in an Internal Server Error: pull requests merged, will leave this to feedback for verification Chris Buechler
03:49 AM Bug #3950 (Resolved): Entering a backwards IP range in an Alias results in an Internal Server Error: Firewall->Aliases, add an alias, type Networks.
Put a range like 192.168.1.10-192.168.1.0
Save
It tries for a wh... Phillip Davis
12:50 PM Bug #3900: DynamicDNS should allow "@" at hostname: Sent a pull request to fix this annoyance. ( https://github.com/pfsense/pfsense/pull/1315 )
Forum discussion at: h... F. D.Castel
09:32 AM Revision 99ba943a: Prevent Internal Server Error if range is backwards: Fixes redmine #3950 - ip_range_to_subnet_array can easily swap the input parameters if the caller has passed/entered ... Phil Davis
09:18 AM Revision 29b3bb05: Prevent Internal Server Error if range is backwards: Fixes redmine #3950 - ip_range_to_subnet_array can easily swap the input parameters if the caller has passed/entered ... Phil Davis
09:07 AM Feature #809: Config sync username change: Still a problem. Version 2.1.5 Paul Rensing
09:07 AM Bug #3953 (Rejected): Web pages extremely slow if LDAP down: Duplicate of #3383
Please search a bit before opening tickets. Jim Pingle
09:05 AM Bug #3953 (Rejected): Web pages extremely slow if LDAP down: I have 2.1.5 with a local user (admin) plus an LDAP server (Active Directory). The LDAP server is set as the primary ... Paul Rensing
09:02 AM Bug #3332 (Rejected): Impossible to change the user for XMLRPC Sync: Duplicate of #809 Jim Pingle
09:02 AM Bug #3952 (Rejected): Username not used in config sync: Duplicate of #809 Jim Pingle
08:59 AM Bug #3952 (Rejected): Username not used in config sync: The HA configuration sync page takes a username and password. However, if you change the username to something other ... Paul Rensing
06:54 AM Revision 9b86d3fe: + is a valid character in some dynamic DNS providers' usernames. Fixes #3912: Chris Buechler
05:40 AM Revision 2fb66948: hostnames can end with a . (and actually always do, it's just usually implied), so allow that here. Fixes wrong input validation in parts of nsupdate GUI, among other things.: Chris Buechler
03:52 AM Bug #3369: Captive vouchers expire too quickly: Chris Buechler wrote:
> maz: if you can upload that image somewhere, I'll check it out.
I will upload it ASAP as ... maz nos
03:07 AM Bug #3904: Firewall Log widget generates a load of HTML code when Reverse DNS resolution is clicked: Also, this is the same as #3829, which is resolved, so good.
Now clicking the IP address takes the user to the full ... Phillip Davis
02:06 AM Bug #3904 (Resolved): Firewall Log widget generates a load of HTML code when Reverse DNS resolution is clicked: Jim worked around this one. Phil, if you see anything that was missed, feedback appreciated but I think this is funct... Chris Buechler
02:35 AM Bug #3811: IP aliases on CARP w/IPsec getting mixed up on addition of a new VLAN.: needs re-testing on 2.2 Chris Buechler
02:20 AM Bug #3198 (New): IPSEC, when nating to a different size subnet a invalid natting rule is made.: this is still an issue. That pull request was not the answer though.
It should suffice (for 2.2) to add input val... Chris Buechler
01:56 AM Bug #3898 (Feedback): Traffic Graph webpage freezes up after some time: I've left multiple browsers up on traffic graph for several hours up to days, with no ill effects. I just pulled up t... Chris Buechler
01:49 AM Bug #3912 (Resolved): Dynamic DNS disallows valid character in username: fixed, thanks Chris Buechler
01:44 AM Bug #3901 (Rejected): DynDNS is not forcefully updated after powerup: You'll see in the system log how it works. If your IP hasn't changed, and it's been less than 25 days since the last ... Chris Buechler
01:44 AM Bug #3915: DHCP server static mapped clients do not receive custom DNS servers: Had a look at dhcp.c ISC source code and submitted a bug report. Then after more research I found this:
Extend the... Phillip Davis
01:17 AM Bug #3928 (Confirmed): lagg and its VLANs must have same MAC address: Chris Buechler
01:11 AM Bug #3949: Dynamic DNS public IP check always uses default gateway: Updated subject to reflect full extent of issue - it's all dynamic DNS services, not just RFC 2136. Chris Buechler
01:07 AM Bug #3949 (Resolved): Dynamic DNS public IP check always uses default gateway: When using the "Use Public IP" option of RFC 2136 dynamic DNS updates, you'll always end up with the public IP of the... Chris Buechler

10/20/2014

11:14 PM Bug #3829 (Resolved): Widget Firewall: Reverse Resolve with DNS Issues: Jim's fix works, and suffices for 2.2. Chris Buechler
10:41 PM Bug #3945 (Confirmed): BOOTP lease end status is mis-parsed: Chris Buechler
10:40 PM Bug #3889 (Confirmed): Non relevant changes in config.xml: A variety of areas do things like this, it'd be nice to eliminate any unrelated changes Chris Buechler
10:14 PM Bug #3937: Interfaces Dashboard Widget - Font to big and scaling wrong: I tried on Opera 25.0.1614.50 and somehow Opera fits it in better, but still the font size of stuff in the Interfaces... Phillip Davis
10:06 PM Bug #3937: Interfaces Dashboard Widget - Font to big and scaling wrong: I have attached a screen shot of what the Interfaces widget looks like on a 2.2 system with a long IPv6 address. Rega... Phillip Davis
10:50 AM Bug #3937: Interfaces Dashboard Widget - Font to big and scaling wrong: 2.2-BETA (amd64)
built on Sun Oct 19
Have tried it with:
Windows7 with Firefox (33.0 and prior)
Mac OSX wit... David Williams
10:25 AM Bug #3937: Interfaces Dashboard Widget - Font to big and scaling wrong: What is the operating system, browser and pfSense version you are using? I couldn't replicate the problem here. Renato Botelho
07:59 PM Bug #3684 (Rejected): Openvpn not routing incomming traffic correct when using tap device: it is broken on 2.2 at the moment, that's #3760.
It does work where route-to/reply-to function correctly though. ... Chris Buechler
07:56 PM Feature #3329: Allow creating "not" rules for IPsec Phase 2: not important for 2.2 Chris Buechler
07:55 PM Bug #3656 (Confirmed): "LAN network" in v6 rules doesn't work when assigning link-local address to LAN: still an issue on latest snapshot. the LAN rule in that scenario ends up as a comment with "at the break". Chris Buechler
07:15 PM Bug #3948 (Closed): Changing OpenVPN from tun to tap or vice-versa breaks that instance: Where you have an OpenVPN client or server instance defined on tun and switch to tap, or vice-versa, the ovpnc*/ovpns... Chris Buechler
07:10 PM Bug #3165: OpenVPN Bridge with Client Specific Override: I fixed it in commit:7d363e57a0df41604777b4019c98caeef0b8a79f before 2.1.4 but apparently never noticed this ticket t... Jim Pingle
06:53 PM Bug #3165 (Resolved): OpenVPN Bridge with Client Specific Override: this has been fixed at some point in the mean time (probably in a 2.1.x release since then, but tested and definitely... Chris Buechler
06:35 PM Bug #2584 (Closed): Import server certificate - Bad Issuer: can't replicate, inadequate detail to know what might have happened there, doesn't appear to be something anyone else... Chris Buechler
06:27 PM Bug #3545 (Rejected): OpenVPN Clients don't reconnect after dynamic WAN IPv4 changes: re-tested this scenario on 2.2 and it works fine there as well. Chris Buechler
06:16 PM Bug #3947 (Resolved): "ipsec_starter: Bad file descriptor" spams system log: Ermal and I talked about this a couple days ago, it doesn't have a ticket though so opening here. System log on 2.2 s... Chris Buechler
05:00 PM Revision a23adfba: Merge pull request #1306 from phil-davis/patch-3: Renato Botelho
03:41 PM Revision 6d951458: Let user decide if he wants to proceed to the upgrade when sha256 fails to download. Fixes #3576: Renato Botelho
01:58 PM Bug #3946 (Resolved): Disabling RAM Disk doesn't remove schedule from /etc/crontab if schedules aren't disabled: pfSense version: 2.1.5-RELEASE (amd64)
built on Mon Aug 25 07:44:45 EDT 2014
FreeBSD 8.3-RELEASE-p16
After ena... Marco Verleun
01:03 PM Feature #3933: Limiter burst doesn't have any effect: after discussion with Ermal, needs testing vs. stock FreeBSD Chris Buechler
11:53 AM Bug #3915: DHCP server static mapped clients do not receive custom DNS servers: Phil - do you not see a pencil to the right of your comment? That's how you can edit previous posts. I thought it was... Chris Buechler
06:06 AM Bug #3915: DHCP server static mapped clients do not receive custom DNS servers: Domain-Name-Server is specifically set in pfSense DHCP config to 10.49.48.*250* and that is delivered correctly to th... Phillip Davis
06:01 AM Bug #3915: DHCP server static mapped clients do not receive custom DNS servers: It is related to the client requesting DHCP "option 252", which is related to web-proxy auto-discovery - http://tools... Phillip Davis
10:50 AM Bug #3576 (Feedback): Console upgrade automatically skips hash check if no hash file found: Applied in changeset commit:6d9514581abc09a05f6d86633bbd0bb08aab2cf5. Renato Botelho
10:26 AM Bug #3921: max-packets option missing from pfctl: @ermal, Are you aware of these performance issues? Renato Botelho
12:31 AM Revision 2c296872: h-node should be 8: Chris Buechler
12:30 AM Revision 13ec619c: h-node should be 8: Chris Buechler

10/19/2014

11:38 PM Revision bc12ae8a: Underscores are valid characters in domains. Fixes #3219: Chris Buechler
07:26 PM Bug #3788 (Resolved): NetBIOS h-node should be translated 8 instead of 5: fixed, thanks Chris Buechler
07:16 PM Bug #3213 (Resolved): Error creating more than 30 limiters: that'll suffice Chris Buechler
07:12 PM Feature #1836 (Resolved): RFC 5006 support for DNS from RAs: Chris Buechler
07:03 PM Bug #2245 (Resolved): User permissions for shell access are not clear/complete: resolution Jim noted has since been implemented, which resolves the only real issue I see here. Chris Buechler
06:57 PM Bug #1637 (Needs Patch): captive portal web service port bind validation issue: lot of things it can conflict with, if you want to add the input validation, patches welcome. Chris Buechler
06:55 PM Bug #2649 (Resolved): Ipv6 Easy rule creation failing: Chris Buechler
06:55 PM Bug #3052 (Rejected): Adding a static dhcp for mac address dissapears.: as described isn't an issue Chris Buechler
06:52 PM Bug #3369: Captive vouchers expire too quickly: maz: if you can upload that image somewhere, I'll check it out. Chris Buechler
06:46 PM Bug #3408 (Closed): IPV6 DHCP not disabling on initial setup: issue as described doesn't exist in 2.2 Chris Buechler
06:37 PM Bug #3762 (Closed): web interface ajax updates do not work after upgrade: Local browser cache was the likely cause of that, though www not matching would be unexpected. Not a replicable issue. Chris Buechler
06:35 PM Bug #3501 (Resolved): sanity check for PBI installations before uninstalling old pbi package.: issue as described was fixed in 2.2 Chris Buechler
06:33 PM Bug #3219 (Resolved): Forwarded domain with underscore should be allowed to add: fixed in 2.2 Chris Buechler
06:02 PM Bug #3939 (Confirmed): Cannot create Host or Network type alias with an IP address/range: Confirmed as described. Create a new host alias containing only "example.com", save and apply changes. ... Chris Buechler
05:52 PM Bug #3861 (Rejected): PPPOE non-NAT config cannot ping attached hosts as packets go upstream: there is something fundamentally wrong with your configuration, LAN and WAN can't have the same IP, and you have a ma... Chris Buechler
05:51 PM Bug #3935 (Resolved): Unable to complete NIC assignment with only one NIC: fixed Chris Buechler
02:42 PM Bug #3945: BOOTP lease end status is mis-parsed: also after changing the display from UTC to local time, BOOTP entries show up as "1969/12/31 07:00:00PM" Chris Buechler
02:40 PM Bug #3945 (Resolved): BOOTP lease end status is mis-parsed: status_dhcp_leases.php shows the end of BOOTP leases as "tstp never", where it should just show the "never" and maybe... Chris Buechler
08:25 AM Bug #3944 (Resolved): git fatal errors are not shown to user when building pfSense iso from source.: git fatal errors are not shown to user when building pfSense iso from source.
This complicates troubleshooting when ... Pi Ba
02:49 AM Bug #3576: Console upgrade automatically skips hash check if no hash file found: Replacing line 90 in rc.initial.firmware_update, the "sleep(15)", with aborting the upgrade instead (making the sha25... Chris Buechler

10/18/2014

11:02 PM Bug #3760 (Confirmed): reply-to with TCP and IPv6 generates broken checksums: Return routing is correct now, but TCP checksums are broken (with or without hardware checksum offloading enabled). Chris Buechler
08:05 PM Bug #3891: ipfw, on pfSense 2.2 kernel dump caused by: ipfw zone 4096 create: Tester issue. Ermal Luçi
08:05 PM Bug #3891 (Resolved): ipfw, on pfSense 2.2 kernel dump caused by: ipfw zone 4096 create: Ermal Luçi

Also available in: Atom

Project

General

Profile

pfSense

Activity

Activity

11/16/2014

11/15/2014

11/14/2014

11/13/2014

11/12/2014

11/11/2014

11/10/2014

11/09/2014

11/08/2014

11/07/2014

11/06/2014

11/05/2014

11/04/2014

11/03/2014

11/02/2014

11/01/2014

10/31/2014

10/30/2014

10/29/2014

10/28/2014

10/27/2014

10/26/2014

10/25/2014

10/24/2014

10/23/2014

10/22/2014

10/21/2014

10/20/2014

10/19/2014

10/18/2014