Project

General

Profile

Activity

From 10/22/2014 to 11/20/2014

11/20/2014

11:20 PM Bug #4031 (Resolved): Notifications mail bomb in some gateway failure circumstances
In certain gateway failure scenarios where things are flapping, a significant number of emails can be generated via n... Chris Buechler
06:28 PM Bug #4030: AR9227 cards cause kernic panic when switched to n-mode
did you submit a crash report? If so, what are the first two octets of your IP? (that's enough for me to find it, not... Chris Buechler
06:08 PM Bug #4030 (Resolved): AR9227 cards cause kernic panic when switched to n-mode
I have a PCI AR9227 card that refuses to change to n-mode. After it boots back up, it appears to be in n-mode and wor... Alex Restifo
10:47 AM Bug #3713 (Resolved): Gateways missing for OpenVPN server (shared key or /30s)
yeah the tap scenario before would result in an invalid ruleset previously. This brings back the same behavior as pri... Chris Buechler
08:12 AM Bug #3713: Gateways missing for OpenVPN server (shared key or /30s)
I created and assigned a tun and a tap static key and the tun received a gateway, the tap did not.
There are cases... Jim Pingle
10:06 AM Bug #3968 (Assigned): Incorrect gateway is assumed when using tun + topology subnet
Renato Botelho
09:30 AM Bug #3198: IPSEC, when nating to a different size subnet a invalid natting rule is made.
Applied in changeset commit:a8a642c5c8eff62f7beb228b165b9e1e38e3a7c2. Ermal Luçi
09:23 AM Bug #3198 (Feedback): IPSEC, when nating to a different size subnet a invalid natting rule is made.
Ermal Luçi
08:50 AM Bug #1047: Disable TSO, hardware checksum don't work for unassigned but active interfaces
Applied in changeset commit:2535f6dcc2d0898f1c89c7c0a2606c95b3f59320. Ermal Luçi
08:41 AM Bug #1047 (Feedback): Disable TSO, hardware checksum don't work for unassigned but active interfaces
Can you try with newer snapshots?
For lagg even here there should be a specific special case since it has to go th... Ermal Luçi
08:15 AM Bug #2786 (Feedback): Setting MTU on VLAN does not set MTU on parent interface in 2.2
Can you retry again with the commit i made yesterday.
Lagg still might need special case here. Ermal Luçi
08:09 AM Bug #1681 (Feedback): OpenVPN tun IPs fail HTTP REFERER checks
The pull request seems to add only the CP users which should anyhow be allowed to go through openvpn to the gui.
The ... Ermal Luçi
08:00 AM Bug #3727: PPP config loses "on-demand" setting when configured via interfaces tab
Applied in changeset commit:c4642eb1ff9b2e8beaba57c4833f428e6063c059. Ermal Luçi
07:55 AM Bug #3727 (Feedback): PPP config loses "on-demand" setting when configured via interfaces tab
Last push behaves better for me. Ermal Luçi
07:28 AM Bug #4025 (Feedback): package service starting issues post-package reinstall
Ermal Luçi
07:26 AM Bug #4025: package service starting issues post-package reinstall
The reinstallall from the GUI was not restarting the packages.
Also during reboot i pushed some commits to force ins... Ermal Luçi
04:45 AM Bug #4007 (Feedback): "Last activity" in CP status blank
Ermal Luçi
03:34 AM Bug #2882: 6RD not working in latest snapshots
Will, i disabled the message it was a leftover from development times.
Thanks for reporting that.
You just need to ... Ermal Luçi
03:04 AM Bug #4014: Unbound private reverse lookup domain overrides not working
Yes, they do - quote from http://en.wikipedia.org/wiki/Blackhole_server
"According to IANA, the blackhole servers re... Phillip Davis
02:46 AM Bug #4014: Unbound private reverse lookup domain overrides not working
Chris Buechler wrote:
> I think the way things are now is best, don't want to be hitting the roots (or forwarders) f... Warren Baker
03:03 AM pfSense Packages Todo #4029 (Needs Patch): Update phpsysinfo package
The available phpsysinfo package is totally out dated.
On the project page there has been an major update to 3.x.x ... Patrick Schmidt

11/19/2014

11:34 PM Bug #3966: OpenVPN crashes with AES-NI + AES-CBC
I can confirm that enabling AES-NI and instructing OpenVPN client to use AES-128CBC seems to work perfectly as of 2.2... Jason Ross
11:17 PM Bug #4028: Wireless Obytes counter always 0
It is not a super-important thing, but there might be other device name combinations that have this issue also, or ot... Phillip Davis
11:09 PM Bug #4028 (Resolved): Wireless Obytes counter always 0
On an Alix 2D13 with WiFi card in it.
2.2-BETA (i386)
built on Sun Nov 16 14:10:12 CST 2014
FreeBSD 10.1-RELEASE
... Phillip Davis
10:17 PM Bug #4025 (Confirmed): package service starting issues post-package reinstall
easily replicable as described on the referenced system. Chris Buechler
09:59 PM Bug #3932 (Confirmed): Captive portal with greater than 9000 permanent MAC addresses causes timeout in loading CP
I committed a change last night to shorten the <descr> text, which helps slightly, but still nothing works at 9000 MA... Chris Buechler
09:53 PM Bug #4018: several packages not looking in pbi dir for files
Those changes shouldn't be necessary though, it's a problem of some sort with PBIs in general in 2.2. Chris Buechler
08:01 PM Bug #3713: Gateways missing for OpenVPN server (shared key or /30s)
Pretty sure this should be fine now. Leaving for sanity check from JimP. Chris Buechler
07:20 PM Bug #3713 (Feedback): Gateways missing for OpenVPN server (shared key or /30s)
Applied in changeset commit:687ff78c96938e1bc6175b293e83079abdb704a4. Chris Buechler
02:37 PM Bug #3713 (Confirmed): Gateways missing for OpenVPN server (shared key or /30s)
The fix for this is incorrect. It also excludes tun servers, not only tap servers as the ticket title stated was a pr... Jim Pingle
07:17 PM Bug #2882: 6RD not working in latest snapshots
Hi Chris,
I can confirm that my ipv6 connection appears to be working!
I am seeing one thing new. There is a me... Will Wainwright
04:52 PM Bug #2882 (Resolved): 6RD not working in latest snapshots
others have also confirmed fixed Chris Buechler
01:34 PM Bug #2882: 6RD not working in latest snapshots
Will, I gitsynced your system and rebooted to confirm it's correct now. Looks to work fine now, it came up on its own... Chris Buechler
11:03 AM Bug #2882: 6RD not working in latest snapshots
That did mostly fix it, it's missing adding the default gateway though. I manually added it to Will's system and ever... Chris Buechler
09:13 AM Bug #2882: 6RD not working in latest snapshots
Hi Ermal,
The box is up right now. CMB knows how to get to it...he was poking around in it last Friday.
Feel fr... Will Wainwright
02:41 AM Bug #2882: 6RD not working in latest snapshots
Can you show ifconfig, nestat -rnf inet6 output and system logs ?
Or give me access to a test system with 6rd conn... Ermal Luçi
12:47 AM Bug #2882: 6RD not working in latest snapshots
Hi guys,
Just tried with 2.2-BETA (amd64) built on Tue Nov 18 23:43:52 CST 2014 & the gateway monitor indicator is... Will Wainwright
04:31 PM Bug #4014 (Resolved): Unbound private reverse lookup domain overrides not working
I think the way things are now is best, don't want to be hitting the roots (or forwarders) for PTRs on RFC 1918 in th... Chris Buechler
03:24 AM Bug #4014: Unbound private reverse lookup domain overrides not working
Now works for me on Tue Nov 18 23:43:52 CST 2014 build, reverse looking up internal private IPv4 addresses by having ... Phillip Davis
04:28 PM Bug #4008 (Resolved): dhcpleases doesn't restart when change from/to dnsmasq and unbound
fixed Chris Buechler
04:27 PM Bug #4022 (Resolved): Unbound doesn't set 127.0.0.1 in resolv.conf
confirmed good Chris Buechler
04:20 PM Bug #4022: Unbound doesn't set 127.0.0.1 in resolv.conf
Applied in changeset commit:97383d2bda23b89da93e2cf31827a3b2aefe9246. Chris Buechler
04:15 PM Bug #4022: Unbound doesn't set 127.0.0.1 in resolv.conf
I was wrong on the line where the problem existed. That's fixed now. I also fixed it to ensure it's only in there if ... Chris Buechler
03:52 AM Bug #4022 (Feedback): Unbound doesn't set 127.0.0.1 in resolv.conf
The logic there looks correct, and on my tests it added 127.0.0.1 as the first nameserver in resolv.conf when unbound... Renato Botelho
04:27 PM Bug #4027 (Resolved): Unbound host overrides not being implemented
fixed Chris Buechler
04:49 AM Bug #4027: Unbound host overrides not being implemented
That is working now. I can add a DNS Resolver host override, with or without some aliases also, save and apply and th... Phillip Davis
04:00 AM Bug #4027 (Feedback): Unbound host overrides not being implemented
Applied in changeset commit:b3c6783f82bd4f4b08a4f451e9045e4c5df188cc. Renato Botelho
03:03 AM Bug #4027 (Resolved): Unbound host overrides not being implemented
As at 2.2-BETA (amd64) Tue Nov 18 23:43:52 CST 2014
I add a DNS Resolver Host Override, and also some alias names.
... Phillip Davis
03:24 PM Bug #4011 (Resolved): Integration between unbound and dhcp is not working
looks good Chris Buechler
03:20 PM Bug #4020 (Resolved): Unbound not compiled with libevent
fixed Chris Buechler
12:47 PM Bug #3848: enabling schedule on 2.1.5 causes page fault
can you re-test this on 2.2 and report back? I haven't had any luck replicating this. Chris Buechler
11:34 AM Bug #3996: Solarflare NIC panic with LACP
it wasn't as of 2 weeks ago and I don't see any relevant changes since then. Chris Buechler
01:29 AM Bug #3996 (Feedback): Solarflare NIC panic with LACP
The patch mentioned here is already part of pfSense shiped sfxge driver. Ermal Luçi
10:52 AM Bug #1047 (Confirmed): Disable TSO, hardware checksum don't work for unassigned but active interfaces
In the circumstance described here, where the interface is in use but not directly assigned (so part of a LAGG, or a ... Chris Buechler
02:35 AM Bug #1047: Disable TSO, hardware checksum don't work for unassigned but active interfaces
VLANs are skipped by flags settings.
Normally a reboot should apply the right thing to the interfaces.
Reconfigurat... Ermal Luçi
10:48 AM Bug #2786 (Confirmed): Setting MTU on VLAN does not set MTU on parent interface in 2.2
The original post describes the problem, which is a regression from 2.1x. Say you have em0 and em0_vlan10. Set MTU on... Chris Buechler
10:28 AM Bug #2786: Setting MTU on VLAN does not set MTU on parent interface in 2.2
Currently, setting the MTU on an interface assigned to a VLAN seems to be ignored by pfSense.
For example, running... Andy Sayler
02:01 AM Bug #2786 (Rejected): Setting MTU on VLAN does not set MTU on parent interface in 2.2
What is the problem here really?
Normally an interface should have its own mtu and vlan is its own interface.
Why t... Ermal Luçi
02:50 AM Bug #3894: OpenVPN client started multiple times when connecting to FQDN where connectivity to server is delayed
Applied in changeset commit:d882658e826ca1c9e41c0832b3d0f433756ed903. Ermal Luçi
02:27 AM Bug #3894 (Feedback): OpenVPN client started multiple times when connecting to FQDN where connectivity to server is delayed
The issue here is that resolve-retry infinite is on by default.
I pushed a fix to do only 2 retries by default which... Ermal Luçi
02:29 AM Bug #3949: Dynamic DNS public IP check always uses default gateway
The issue here should be coming from the route-to.
Since routing table need to have static routes to allow entries g... Ermal Luçi
01:49 AM Bug #3987 (Feedback): not possible to have both IKEv1 and IKEv2 mobile P1s
A patch to support both protos on the same instance has been pushed. Ermal Luçi
01:43 AM Bug #4019 (Feedback): clean 2.2 install doesn't have /usr/local/etc/rc.d/ directory
I put code in the builders to create this folder in the images.
 Ermal Luçi
01:39 AM Bug #3809 (Feedback): IPsec Save Xauth Password no longer work
Seems it was only a parser issue for attr plugin https://forum.pfsense.org/index.php?topic=84304.new#new
Setting t... Ermal Luçi

11/18/2014

08:08 PM Bug #4026 (Rejected): Virtual IP on a PPPoE interface - OpenVPN fails
WAN interface is PPPoE(em1)
Virtual IP (1.2.3.4) on WAN interface
OpenVPN server on the Virtual IP 1.2.3.4
openv... Walt McDonald
07:13 PM Bug #4025 (Resolved): package service starting issues post-package reinstall
After a package reinstall, package services starting is hit and miss at best. Seems most of the time the services fai... Chris Buechler
06:54 PM Bug #2882: 6RD not working in latest snapshots
yeah that's not new enough Chris Buechler
06:53 PM Bug #2882: 6RD not working in latest snapshots
Hi guys,
No joy with 2.2-BETA (amd64) built on Tue Nov 18 14:41:54 CST 2014.
I guess I need to wait a little lo... Will Wainwright
04:29 PM Bug #2882 (Feedback): 6RD not working in latest snapshots
To be tested with new snapshots. Ermal Luçi
04:52 PM Bug #4023 (Confirmed): allowed networks in Unbound inadequate
Chris Buechler
03:29 AM Bug #4023: allowed networks in Unbound inadequate
At the moment it allows all local-connected subnets, including WAN/s. For example in some of my situations we have a ... Phillip Davis
12:07 AM Bug #4023 (Resolved): allowed networks in Unbound inadequate
Unbound defaults to only answering queries from 127.0.0.1, and you add specific allowed networks to permit queries. T... Chris Buechler
04:52 PM Bug #3894 (Confirmed): OpenVPN client started multiple times when connecting to FQDN where connectivity to server is delayed
Chris Buechler
03:03 PM Bug #3894: OpenVPN client started multiple times when connecting to FQDN where connectivity to server is delayed
On a server with two OpenVPN Clients in Peer to Peer (SSL/TLS) mode, I have the same issue, while "Infinitely resolve... Michael Schefczyk
02:50 PM Bug #4020 (Feedback): Unbound not compiled with libevent
Applied in changeset commit:3ba077846e56459715e1f78a8e538797a890f49b. Renato Botelho
05:30 AM Bug #4020 (Assigned): Unbound not compiled with libevent
Renato Botelho
05:30 AM Bug #4020 (Feedback): Unbound not compiled with libevent
Applied in changeset commit:cd7b929ac0ee324b96baabcd216cf303be937db7. Renato Botelho
05:20 AM Bug #4020 (Assigned): Unbound not compiled with libevent
Renato Botelho
05:20 AM Bug #4020 (Feedback): Unbound not compiled with libevent
Applied in changeset commit:f13df0e3f1bf45d8dab01805f757e623165c044f. Renato Botelho
05:18 AM Bug #4020: Unbound not compiled with libevent
Unbound port built with libevent is marked BROKEN for FreeBSD 10+ due to an issue with capsicum, I reverted the commi... Renato Botelho
04:38 AM Bug #4020: Unbound not compiled with libevent
Warren Baker wrote:
> Thats what i wanted to do but Ermal felt that it should be left with base and modify the compi... Warren Baker
04:34 AM Bug #4020: Unbound not compiled with libevent
Thats what i wanted to do but Ermal felt that it should be left with base and modify the compile options in base to s... Warren Baker
04:08 AM Bug #4020 (Assigned): Unbound not compiled with libevent
Today we are using unbound from base, which has no support for building with libevent. I'll work on moving it to use ... Renato Botelho
10:22 AM Feature #4024 (Closed): Add a reject rule to prevent traffic from "falling through" relayd and reaching the GUI accidentally
Currently if relayd is in use and all pool servers are down, the connection does not get any NAT applied and will end... Jim Pingle
05:44 AM Bug #4014: Unbound private reverse lookup domain overrides not working
In the latest release (v1.5.0 as of today), there is a new option unblock-lan-zones which is detailed as follows:
... Warren Baker

11/17/2014

11:51 PM Bug #4022 (Confirmed): Unbound doesn't set 127.0.0.1 in resolv.conf
Chris Buechler
10:21 PM Bug #4022 (Resolved): Unbound doesn't set 127.0.0.1 in resolv.conf
127.0.0.1 should be first in resolv.conf where unbound is enabled and bound to localhost. line 145 in system.inc. The... Chris Buechler
11:51 PM Bug #4020 (Confirmed): Unbound not compiled with libevent
Chris Buechler
08:59 PM Bug #4020 (Resolved): Unbound not compiled with libevent
It appears Unbound is not being compiled with libevent. With the following in unbound.conf: ... Chris Buechler
11:51 PM Bug #4019 (Confirmed): clean 2.2 install doesn't have /usr/local/etc/rc.d/ directory
Chris Buechler
06:11 PM Bug #4019 (Resolved): clean 2.2 install doesn't have /usr/local/etc/rc.d/ directory
2.1.x and prior versions had an empty /usr/local/etc/rc.d/ directory after a clean install. 2.2 doesn't. This makes s... Chris Buechler
11:51 PM Bug #4018 (Confirmed): several packages not looking in pbi dir for files
Chris Buechler
08:59 PM Bug #4018: several packages not looking in pbi dir for files
And another example of typical range of directories where package files are stored for 2.0.n, 2.1.n and 2.2.n and how... Phillip Davis
05:50 PM Bug #4018: several packages not looking in pbi dir for files
related commit in sudo package.
https://github.com/pfsense/pfsense-packages/commit/f4ae260c8ae8e54f0d40bfd337fbe9ed... Chris Buechler
04:59 PM Bug #4018 (Resolved): several packages not looking in pbi dir for files
Multiple packages are looking for files in /usr/local/ rather than under the PBI's root dir. One example in #4017, Sq... Chris Buechler
11:50 PM Bug #4007 (Confirmed): "Last activity" in CP status blank
no change. We have a test environment up internally. Ermal, ask me re: details. Chris Buechler
05:58 AM Bug #4007 (Feedback): "Last activity" in CP status blank
Next snapshots include patches that fix the behaviour. Ermal Luçi
09:34 PM Bug #4021 (Resolved): Unbound doesn't handle v6 link local correctly
When choosing one of the "$interface IPv6 Link-local" options, it omits those from the unbound config. Chris Buechler
08:50 PM pfSense Packages Bug #4016: squid3 amd64 looks to have bad download link
Indeed, the following only are there:
squid-2.7.9_4-amd64.pbi 17-Jul-2014 21:41 ... Phillip Davis
11:23 AM pfSense Packages Bug #4016 (Resolved): squid3 amd64 looks to have bad download link
Hello,
It looks like squid3 amd64 has a bad download link (and will not install):... John D
06:28 PM Bug #3770: Some drivers not being built with altq support
it's there, was just overlooked in not being added to the list. I just fixed that. Chris Buechler
06:10 PM Bug #3770: Some drivers not being built with altq support
I'm not seeing ALTQ detected on vmxnet3 interfaces, and vmxnet2 is not detected at all... but this says that vmxnet h... Sam Bingner
05:00 PM pfSense Packages Bug #4017: postfix package looking for /usr/local on pfsense 2.2
that looks to be a general issue with a number of packages, #4018 covers that general issue Chris Buechler
04:44 PM pfSense Packages Bug #4017 (Rejected): postfix package looking for /usr/local on pfsense 2.2
I'm seeing these while trying to start posfix on 2.2 BETA
/usr/pbi/postfix-amd64/sbin/postfix start
cd: /usr/local/... Marcello Silva Coutinho
02:30 PM Bug #3949: Dynamic DNS public IP check always uses default gateway
this does set CURLOPT_INTERFACE, which should force source IP selection, and then route-to handle accordingly. I have... Chris Buechler
02:00 PM Bug #3955 (Resolved): IPsec dashboard widget needs adapting for 2.2
fixed Chris Buechler
01:52 PM Bug #4013 (Resolved): DHCP6 static bindings not included in /var/unbound/host_entries.conf
thanks for the feedback Chris Buechler
12:42 PM Bug #4013: DHCP6 static bindings not included in /var/unbound/host_entries.conf
fixed in latest snapshot pierre gleich
01:22 PM Bug #4011 (Feedback): Integration between unbound and dhcp is not working
Worked on the tests I did, sending to Chris for a second round of tests Renato Botelho
07:31 AM Bug #3361: DHCP6 WAN is not obtaining a default gateway
Chris Buechler wrote:
> JimP: you have a way to at least semi-reliably replicate this on current versions? I've been... Jim Pingle

11/16/2014

10:29 PM Bug #3361: DHCP6 WAN is not obtaining a default gateway
JimP: you have a way to at least semi-reliably replicate this on current versions? I've been trying a variety of scen... Chris Buechler
04:23 PM Bug #3966 (Resolved): OpenVPN crashes with AES-NI + AES-CBC
fixed Chris Buechler
04:05 PM Bug #4015 (Confirmed): IKE version change needs javascript to update other available fields
Chris Buechler
03:54 PM Bug #4015 (Resolved): IKE version change needs javascript to update other available fields
Some settings in IPsec are only relevant to IKEv1 or IKEv2, not both. Need some javascript to hide irrelevant setting... Chris Buechler
04:04 PM Bug #3970 (Resolved): some files not removed on upgrade to 2.2
I added the last few missing ones, this is good now. Chris Buechler
03:57 PM Bug #4012 (Resolved): dnsmasq doesn't listen on chosen CARP IPs
fixed Chris Buechler
03:14 PM Bug #3998 (Resolved): Duplicated limiter numbers
fixed Chris Buechler
03:12 PM Bug #3789 (Resolved): rc.update_bogons.sh and login shell ignore http proxy settings
fixed Chris Buechler
03:21 AM Bug #4014: Unbound private reverse lookup domain overrides not working
Pull request added: https://github.com/pfsense/pfsense/pull/1340
And attached is a sample of the GUI entry for a rev... Phillip Davis
03:16 AM Bug #4014 (Resolved): Unbound private reverse lookup domain overrides not working
If I add a domain override for reverse lookups in some private address space, unbound never returns answers to any re... Phillip Davis

11/15/2014

11:08 PM Bug #3989 (Resolved): DNS Resolver interface drop downs need enlarged
fixed Chris Buechler
07:07 PM Todo #3396: Replace dnsmasq with Unbound
I fixed some of what you noted, some has other tickets. What this ticket covers is resolved. Please post any issues y... Chris Buechler
05:33 AM Todo #3396: Replace dnsmasq with Unbound
2.2-BETA (amd64) - built on Sat Nov 15 01:14:19 CST 2014
Host Overrides dose't work properly. Only the top one seems... Raul Ramos
05:23 AM Todo #3396: Replace dnsmasq with Unbound
2.2-BETA (amd64) - built on Sat Nov 15 01:14:19 CST 2014
Pfsense is not the default DNS service. Do not use the DNS ... Raul Ramos
11:51 AM Bug #3913: if_bridge missing ALTQ support
Will do so once i can isolate better the problem.
Thanks. Orsiris de Jong
07:36 AM Bug #4013 (Resolved): DHCP6 static bindings not included in /var/unbound/host_entries.conf
/var/unbound/host_entries.conf contains only IPv4, no IPv6 entries.
On the latest snapshot unbound restart shows t... pierre gleich
01:07 AM Bug #2882: 6RD not working in latest snapshots
Got a good deal of info gathered from OP's system, both from 2.2, and from a 2012 2.1 snapshot where 6rd works fine. ... Chris Buechler

11/14/2014

11:07 PM Todo #3396 (Resolved): Replace dnsmasq with Unbound
this particular todo is complete. There are some outstanding Unbound bugs, covered in other tickets. Chris Buechler
01:42 AM Todo #3396 (Feedback): Replace dnsmasq with Unbound
default config updated. Needs more testing and feedback. Chris Buechler
10:45 PM pfSense Packages Bug #3977: Squid-dev 3.3.11_1 pkg installs but does not start on 2-2-BETA
Also, this bug affects my x64 box, so it is not just i386/x86 affected. Aaron Outhier
09:21 PM Bug #2882 (Confirmed): 6RD not working in latest snapshots
the kernel portion of this seems to be working fine in 2.2. There is an issue with the delegated prefix handling that... Chris Buechler
07:28 PM Bug #4012 (Resolved): dnsmasq doesn't listen on chosen CARP IPs
When configuring dnsmasq with specific bind IPs and choosing CARP IPs in the list, it doesn't actually bind to the CA... Chris Buechler
02:10 PM Bug #3955: IPsec dashboard widget needs adapting for 2.2
there is something here that makes the status inconsistent from time to time. Seeing it on multiple systems. Status>I... Chris Buechler
11:41 AM Bug #4007: "Last activity" in CP status blank
Looks like it's a problem on ipfw patch:... Renato Botelho
10:31 AM Bug #4007 (Confirmed): "Last activity" in CP status blank
Yeah, that was with the most recent gitsynced code as of last night. The rest of those fixes were fine, this one didn... Chris Buechler
03:50 AM Bug #4007 (Feedback): "Last activity" in CP status blank
Did you try latest snapshots? I pushed a fix for this yesterday, commit commit:27c2e32e Renato Botelho
10:06 AM Bug #4009: Selecting "Embedded" during install does not activate the serial console in a persistent way on amd64
It's a regression. In previous versions with the embedded kernel you could not stop the serial console from working s... Jim Pingle
09:53 AM Bug #4009: Selecting "Embedded" during install does not activate the serial console in a persistent way on amd64
Why is this the fault of pfSense? Ermal Luçi
08:07 AM Bug #4009 (Resolved): Selecting "Embedded" during install does not activate the serial console in a persistent way on amd64
Selecting "Embedded" during install does not activate the serial console in a persistent way on amd64 now that there ... Jim Pingle
10:00 AM Bug #4011 (Resolved): Integration between unbound and dhcp is not working
dhcpleases write leases information to /etc/hosts, but unbound never uses data from it. Renato Botelho
08:11 AM Bug #3966: OpenVPN crashes with AES-NI + AES-CBC
Also submitted to FreeBSD ports tree, if accepted, pfPort can be removed - https://bugs.freebsd.org/bugzilla/show_bug... Renato Botelho
07:27 AM Bug #3966: OpenVPN crashes with AES-NI + AES-CBC
Patch integrated on pfPorts and can be tested on next coming snapshots.
Also reported on https://community.openvpn... Ermal Luçi
05:40 AM Bug #3966 (Feedback): OpenVPN crashes with AES-NI + AES-CBC
The issue seems to be that openvpn setups the crypto before forking.
This makes crypto device unhappy in general and... Ermal Luçi
08:07 AM Feature #4010 (New): OpenVPN always loads engines available on openssl
OpenVPN uses EVP API and always loads all available engines and tries to use them.
In the case of aesni for AES* the... Ermal Luçi
08:07 AM Bug #3982: Installer generates errors when selecting "Embedded" but still appears to work
The error is fixed but the console problem I mentioned above is still an issue. I moved it to #4009 Jim Pingle
12:33 AM Bug #3982 (Resolved): Installer generates errors when selecting "Embedded" but still appears to work
fixed Chris Buechler
06:00 AM Bug #4008 (Feedback): dhcpleases doesn't restart when change from/to dnsmasq and unbound
Applied in changeset commit:4dbcf2fbcea9cfe2166c958d3872e3a7353e3c5c. Renato Botelho
05:28 AM Bug #4008 (Resolved): dhcpleases doesn't restart when change from/to dnsmasq and unbound
Steps to reproduce:
1. Configure DNS Forwarder
2. Configure DHCP server
dhcpleases is going to use '-p /var/ru... Renato Botelho
04:00 AM Bug #3970 (Feedback): some files not removed on upgrade to 2.2
Applied in changeset commit:9612943eaa3c6ef427ea4414f7c32dc2b326dd55. Renato Botelho
01:25 AM Bug #3970: some files not removed on upgrade to 2.2
also remember to add the obsolete openntpd files JimP mentioned. Chris Buechler
02:04 AM Bug #3939 (Resolved): Cannot create Host or Network type alias with an IP address/range
fixed Chris Buechler
01:22 AM Bug #4003 (Resolved): SSH host keys regenerated post-2.2 upgrade
fixed Chris Buechler

11/13/2014

11:25 PM Todo #3958 (Resolved): test 2.2 upgrade scenarios
Aside from issues that have other tickets, I'm satisfied here. Been through a number of test upgrades with varying co... Chris Buechler
11:22 PM Bug #4007: "Last activity" in CP status blank
same root issue is likely breaking other things as well Chris Buechler
11:21 PM Bug #4007: "Last activity" in CP status blank
root of this issue is line 1135 in captiveportal.inc: ... Chris Buechler
11:12 PM Bug #4007 (Resolved): "Last activity" in CP status blank
"Last activity" in CP status page is blank in 2.2. Chris Buechler
11:08 PM Bug #4001 (Resolved): disconnected CP client no longer gets redirected to portal page
fixed Chris Buechler
11:00 AM Bug #4001 (Feedback): disconnected CP client no longer gets redirected to portal page
Applied in changeset commit:b4e0f02b89fa6b8e8b22f31ee4486df171ae5337. Renato Botelho
04:12 AM Bug #4001: disconnected CP client no longer gets redirected to portal page
Renato Botelho wrote:
> After investigate it a bit I noted IPs are not being added to ipfw tables, all are added as ... Ermal Luçi
10:24 PM Bug #3970: some files not removed on upgrade to 2.2
Looks much better, fine to go ahead and commit that.
Still missing some, see attached. Chris Buechler
05:48 AM Bug #3970: some files not removed on upgrade to 2.2
Pass it to Chris to run a final test before commit. Renato Botelho
10:18 PM Bug #3361: DHCP6 WAN is not obtaining a default gateway
Turns out that the ISP for the WAN in question is only experimenting with IP6 at the moment. Anything I've picked up ... Peter Hinman
07:50 PM Bug #3955: IPsec dashboard widget needs adapting for 2.2
this is at least mostly fixed, still seeing a different issue I'm looking into. Chris Buechler
08:12 AM Bug #3955 (Feedback): IPsec dashboard widget needs adapting for 2.2
Ermal Luçi
06:59 PM Bug #3789: rc.update_bogons.sh and login shell ignore http proxy settings
to me for testing Chris Buechler
06:59 PM Bug #4002 (Resolved): 0.0.0.0 shown as being in ipfw tables for CP where it isn't
fixed Chris Buechler
04:24 PM Bug #4006 (Resolved): diag_gmirror.php missing new blank disk as available consumer
works great Chris Buechler
01:16 PM Bug #4006 (Feedback): diag_gmirror.php missing new blank disk as available consumer
Should be fixed by commit:0373c361fe623e466ed2c9b8cf129a7f160f79cf
Assigning back to cmb for testing. Jim Pingle
03:15 PM Bug #3966: OpenVPN crashes with AES-NI + AES-CBC
OpenVPN is using EVP API so it loads all available engines which by default is cryptodev.
There are two problems h... Ermal Luçi
01:17 PM Bug #3966: OpenVPN crashes with AES-NI + AES-CBC
This seems like an openvpn problem, openssl lib does not show any problem when used with the openssl binary.
 Ermal Luçi
06:20 AM Bug #3998: Duplicated limiter numbers
Applied in changeset commit:8105ffa61c2d5aba42fa0ceac92ae7f9f80f8b19. Renato Botelho
06:20 AM Bug #3998 (Feedback): Duplicated limiter numbers
Applied in changeset commit:89cf3dc0b6958322974d40fd1111ef276174053e. Renato Botelho
01:50 AM Bug #4000 (Resolved): guess_interface_from_ip parses netstat output that may be truncated
Ermal Luçi

11/12/2014

07:27 PM Bug #4006 (Resolved): diag_gmirror.php missing new blank disk as available consumer
If you install to a GEOM mirror, remove one of the drives, and add a new blank drive, the new drive doesn't show up a... Chris Buechler
04:03 PM Bug #4000: guess_interface_from_ip parses netstat output that may be truncated
Tested on the latest snapshot (built on Wed Nov 12 11:52:20 CST 2014). Looks good, finally the DHCP failover peer IP ... Trond Vindenes
08:00 AM Bug #4000 (Feedback): guess_interface_from_ip parses netstat output that may be truncated
Applied in changeset commit:aa5acb424f4d05efd15ceed1b9e71d6a34dac674. Ermal Luçi
04:02 PM Todo #3396 (New): Replace dnsmasq with Unbound
to me to change the default config and test Chris Buechler
03:38 PM Bug #4001: disconnected CP client no longer gets redirected to portal page
After investigate it a bit I noted IPs are not being added to ipfw tables, all are added as 0.0.0.0/32:... Renato Botelho
12:56 PM Bug #4001 (Assigned): disconnected CP client no longer gets redirected to portal page
Renato Botelho
12:56 PM Bug #4001: disconnected CP client no longer gets redirected to portal page
I'll take this one Renato Botelho
02:27 PM Bug #3997: get_interface_ip() returns first IP on interface, not necessarily primary IP
That does not have issues with the first ip address but rather no strict linkage of vip/carp interface to its informa... Ermal Luçi
02:01 PM Bug #3981 (Feedback): strongswan "gets crazy" after a few reloads, wipes SAD and doesn't remove old SPD
This seems a non issue since the old SPD will stay there until the SA related to them be alive.
As long as the old S... Ermal Luçi
01:03 PM Bug #3970: some files not removed on upgrade to 2.2
last one was messed up by WebDrive's caching. attached an update Chris Buechler
09:55 AM Bug #3970: some files not removed on upgrade to 2.2
Something is wrong, fresh install is not supposed to have those gettext files. I got last i386 and amd64 iso files an... Renato Botelho
12:03 AM Bug #3970: some files not removed on upgrade to 2.2
updated diff attached.
V: is the clean install, Q: the upgraded system. Chris Buechler
01:02 PM Bug #3999: SRC, GW wrong in pftop on 2.2
I took a quick look at it, and looks like it is also broken on stock FreeBSD (not tested to confirm). Looks like the ... Renato Botelho
12:59 PM Bug #3789 (Feedback): rc.update_bogons.sh and login shell ignore http proxy settings
Implemented as Chris suggested Renato Botelho
12:54 PM Bug #3939: Cannot create Host or Network type alias with an IP address/range
to me for testing Chris Buechler
12:41 PM Bug #3361: DHCP6 WAN is not obtaining a default gateway
Finding a new issue wasn't the contribution I intended to make.
I'll double check with the ISP for that WAN conne... Peter Hinman
12:39 PM Bug #3955 (Confirmed): IPsec dashboard widget needs adapting for 2.2
back to where we started here. Status>IPsec is fine, dashboard widget is wrong in two ways.
1) All connections show... Chris Buechler
05:40 AM Bug #3955 (Feedback): IPsec dashboard widget needs adapting for 2.2
Heh fixed, sorry for the breakage. Ermal Luçi
11:22 AM Bug #4005 (Resolved): There were error(s) loading the rules: rules.debug:11
Thanks. The issue is an all-numeric interface description isn't valid, and no input validation prevented that. I just... Chris Buechler
10:56 AM Bug #4005 (Resolved): There were error(s) loading the rules: rules.debug:11
(this is my first bug report, I hope it is helpful)
There appears to be an error loading the rules that generates ... John D
09:23 AM Bug #4002 (Feedback): 0.0.0.0 shown as being in ipfw tables for CP where it isn't
Patch has been put in snapshots which should correct this. Ermal Luçi
05:49 AM Bug #4002: 0.0.0.0 shown as being in ipfw tables for CP where it isn't
This is just cosmetics rather than table on ipfw issue. Ermal Luçi
08:30 AM Bug #4003 (Feedback): SSH host keys regenerated post-2.2 upgrade
Applied in changeset commit:2951a06ad89fc207a709af362ddc42069fdee172. Renato Botelho
07:56 AM Bug #4003: SSH host keys regenerated post-2.2 upgrade
Working on a fix Renato Botelho
12:46 AM Bug #4003 (Resolved): SSH host keys regenerated post-2.2 upgrade
SSH host keys seem to always be recreated post-upgrade to 2.2 from 2.1x or earlier versions. Chris Buechler
07:33 AM Bug #4004 (Resolved): CARP on HyperV
There might be issues on HyperV with CARP.
Reference information on https://forum.pfsense.org/index.php?action=pro... Ermal Luçi
12:48 AM Todo #3958: test 2.2 upgrade scenarios
more upgrade scenarios confirmed good now that some related blocking problems are fixed. Chris Buechler

11/11/2014

11:57 PM Bug #3955 (Confirmed): IPsec dashboard widget needs adapting for 2.2
this broke IPsec status for everything. All down on dashboard, all down on Status>IPsec (showing down icon, but "esta... Chris Buechler
04:12 PM Bug #3955 (Feedback): IPsec dashboard widget needs adapting for 2.2
Patch put in. Ermal Luçi
11:02 PM pfSense Packages Bug #3977: Squid-dev 3.3.11_1 pkg installs but does not start on 2-2-BETA
I believe I have a fix for to make this work, however, the fix currently needs to be applied manually on every box. I... Aaron Outhier
07:20 PM Bug #4002 (Resolved): 0.0.0.0 shown as being in ipfw tables for CP where it isn't
Under certain circumstances (which I haven't fully quantified), you'll end up with 0.0.0.0 in your ipfw tables. Ermal... Chris Buechler
06:13 PM Bug #4001 (Resolved): disconnected CP client no longer gets redirected to portal page
On 2.2, after disconnecting a user from CP on status_captiveportal.php, their HTTP requests no longer are redirected ... Chris Buechler
05:12 PM Bug #3361: DHCP6 WAN is not obtaining a default gateway
Peter: you're not getting an IP at all? That seems like a different issue, what we've seen here the system gets an IP... Chris Buechler
04:27 PM Bug #3361: DHCP6 WAN is not obtaining a default gateway
Meant to say DHCP6 Peter Hinman
04:25 PM Bug #3361: DHCP6 WAN is not obtaining a default gateway
Currently running:
2.2-BETA (i386)
built on Sat Nov 08 15:40:19 CST 2014
I have a dual WAN configuration. WAN-0... Peter Hinman
02:52 PM Bug #3970: some files not removed on upgrade to 2.2
to me for testing against next snapshot Chris Buechler
11:51 AM Bug #3970: some files not removed on upgrade to 2.2
updated comparison, but against a not freshly installed 2.2 so this is probably not useful at all. When the next new ... Chris Buechler
05:28 AM Bug #3970: some files not removed on upgrade to 2.2
Chris, can you compare files again but now use a fresh installed 2.2? I fixed a bug in bsdinstaller that was introduc... Renato Botelho
02:51 PM Bug #3191: Quality RRD inaccuracies and failure to update status in some circumstances
to me to re-test Chris Buechler
02:50 PM Bug #3981 (Confirmed): strongswan "gets crazy" after a few reloads, wipes SAD and doesn't remove old SPD
this is pretty easily replicable. Log into 22vpntest, VPN>IPsec. Edit one of the "cmb home site to site" P2s, for ins... Chris Buechler
02:42 PM Bug #4000 (Resolved): guess_interface_from_ip parses netstat output that may be truncated
Long interface names are truncated in netstat output, which can lead to various potential problems (though most thing... Chris Buechler
02:27 PM Bug #3967 (Resolved): Need to restore IP aliases on CARP IPs in 2.2
that one's fixed now as well. Everything here works now. Chris Buechler
01:29 PM Bug #3967 (Confirmed): Need to restore IP aliases on CARP IPs in 2.2
that fixed that issue, one remaining. Config sync no longer syncs those aliases to the secondary. Chris Buechler
01:20 PM Bug #3967: Need to restore IP aliases on CARP IPs in 2.2
Applied in changeset commit:94115b931349c4c2dbaff080842bcdbe60ed94b7. Ermal Luçi
01:03 PM Bug #3967 (Feedback): Need to restore IP aliases on CARP IPs in 2.2
Oops fixed! Ermal Luçi
12:58 AM Bug #3967 (Confirmed): Need to restore IP aliases on CARP IPs in 2.2
this is mostly fixed after my commits earlier, I think just one last piece. ifconfig is missing the interface. You'll... Chris Buechler
02:25 PM Bug #3666 (Resolved): PMTUD is broken for NATed traffic
scratch that, the test box wasn't rebooted post-gitsync and gitsync doesn't apply the relevant change on the fly. Thi... Chris Buechler
02:03 PM Bug #3666 (Confirmed): PMTUD is broken for NATed traffic
no change. Test setup on dev ESX is fully in place now, info on chaos wiki. Chris Buechler
01:48 PM Bug #3982: Installer generates errors when selecting "Embedded" but still appears to work
I have corrected this on new snapshots. Ermal Luçi
10:30 AM Bug #3941 (Resolved): adding a DHCP client interface results in missing default gateway on 2.2
works in every scenario I can find Chris Buechler
02:10 AM Bug #3988: menu text shifted to the left after upgrade
I noted above that I cleared browser cache. From the original bug it was noted that main
issue are fonts.
I specifi... Ivo B
01:04 AM Bug #3692 (Resolved): apinger loss % gets stuck
seems this has been resolved. I haven't been able to replicate the circumstances here since Ermal's last round of fix... Chris Buechler
12:20 AM Bug #1943: PPPoE won't reconnect after link loss when using vr(4) NICs on certain ISPs only
Damn, Today I had a 8h internet downtime because of this bug again while I was sleeping! Latest snapshot. Dmitriy K

11/10/2014

09:50 PM Bug #3941: adding a DHCP client interface results in missing default gateway on 2.2
dhclient-script in 2.1x used the same 0.0.0.0/0.0.0.0, so that's a change in behavior between FreeBSD 8.3 and 10.1. C... Chris Buechler
09:37 PM Bug #3941 (Feedback): adding a DHCP client interface results in missing default gateway on 2.2
Thanks for the comment Phil, that thought process brought to mind an idea. Using a /32 mask instead of 0.0.0.0 fixes ... Chris Buechler
07:49 PM Bug #3941: adding a DHCP client interface results in missing default gateway on 2.2
Just a thought - perhaps the interface can be set to all/part of the link-local address space 169.254.0.0/255.255.255... Phillip Davis
05:01 PM Bug #3941: adding a DHCP client interface results in missing default gateway on 2.2
found the exact spot where the issue happens. /sbin/dhclient-script, line 325. ... Chris Buechler
04:33 PM Bug #3941: adding a DHCP client interface results in missing default gateway on 2.2
getting close to finding this, back to me as I'm working on it now. Chris Buechler
05:32 PM Bug #3967: Need to restore IP aliases on CARP IPs in 2.2
to me for testing Chris Buechler
08:30 AM Bug #3967: Need to restore IP aliases on CARP IPs in 2.2
Applied in changeset commit:b0d054ca3b314d0ac7dcfd6a5ba30170a71fe63b. Ermal Luçi
08:22 AM Bug #3967 (Feedback): Need to restore IP aliases on CARP IPs in 2.2
It should work same as before. Ermal Luçi
02:58 PM Bug #3666: PMTUD is broken for NATed traffic
Teh reply from interface was not being set properly.
Works for me now. Ermal Luçi
01:50 PM Bug #3666 (Feedback): PMTUD is broken for NATed traffic
Applied in changeset commit:c46f9695ec7baf6dcfcc5a488fe0dd5dd6f4a00f. Ermal Luçi
12:47 PM Bug #3913: if_bridge missing ALTQ support
this issue is fixed, this isn't the place to discuss what's likely a support issue not a bug. Please post to the 2.2 ... Chris Buechler
09:22 AM Bug #3913: if_bridge missing ALTQ support
The message is gone. Trouble stays:
But i don't have a single clue why but:
I don't have internet access from my ... Orsiris de Jong
12:45 PM Bug #3988: menu text shifted to the left after upgrade
clear your browser cache and it'll almost certainly go away. If not, post to the forum or list with more info, this p... Chris Buechler
05:19 AM Bug #3988: menu text shifted to the left after upgrade
Hello!
I don't have Verdana or Tahoma fonts installed. I also don't have ttf-mscorefonts-installer package install... Ivo B
12:37 PM Bug #3999 (Closed): SRC, GW wrong in pftop on 2.2
In 2.1x and previous versions, the GW field in pftop showed the IP:port of the NAT applied to the connection, the src... Chris Buechler
12:27 PM Bug #3970: some files not removed on upgrade to 2.2
updated comparison attached. S:\ is the upgraded system. Chris Buechler
11:00 AM Bug #3361: DHCP6 WAN is not obtaining a default gateway
On the latest snap + gitsync this is still a problem for me with just one WAN. The gateway appears to be set and is t... Jim Pingle
08:36 AM Bug #3361: DHCP6 WAN is not obtaining a default gateway
This should be retested.
For me this should only happen when you have 2+ dhcp6 wans. Ermal Luçi
04:48 AM Bug #2762: PF drops IPv6 packets with fragment header followed by a last fragment only
Just FYI:
The official bug (https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=172648) got another mention:
-> h... Jens Groh
04:28 AM Feature #1388: 3G outbound failover connection with auto dial-up and hang-up
+1 for me too ! Jo S

11/09/2014

09:26 PM Bug #3998: Duplicated limiter numbers
On 2.2 I tried adding a few limiters and children and then deleting ones in the middle of the list... It seems that c... Phillip Davis
02:43 PM Bug #3998 (Resolved): Duplicated limiter numbers
I’ve 19 limiters (number 1 to 20, expect 13)
If I add a new one, he gets an already occupied number, 15. After that ... Reto Strub
03:08 PM Bug #1943: PPPoE won't reconnect after link loss when using vr(4) NICs on certain ISPs only
The bug is still here. Fresh log attached. Dmitriy K
02:20 PM Feature #2129: TCP mss clamping for IPv6
Ok, so people understand better that the input value is not taken as input value but subtracted by some (incorrect) n... Doktor Notor
11:17 AM Bug #3970: some files not removed on upgrade to 2.2
I noticed that list takes only files currently, some of those would be easier to just rm -rf a directory instead of a... Chris Buechler
07:40 AM Bug #3970 (Assigned): some files not removed on upgrade to 2.2
I was working on a similar list but only for a 2.1.5 fresh install against 2.2. Your test is better and I'll check th... Renato Botelho
07:47 AM Bug #3982: Installer generates errors when selecting "Embedded" but still appears to work
ttys_wrap file was removed on 2.2, but is still necessary o 2.1. Would be better if installer guess pfSense version b... Renato Botelho

11/08/2014

10:09 PM Bug #3970 (Confirmed): some files not removed on upgrade to 2.2
I did a clean install of 1.0.1-REL, then upgraded that to 1.2, 1.2.1, 1.2.2, 1.2.3, 2.0, 2.0.1, 2.0.2, 2.0.3, 2.1, 2.... Chris Buechler
03:04 PM Feature #2129 (Resolved): TCP mss clamping for IPv6
MTU in RA and properly-functioning PMTUD do indeed make it questionable as to whether it's necessary. But MSS clampin... Chris Buechler
07:38 AM Feature #2129: TCP mss clamping for IPv6
Chris Buechler wrote:
> questionable whether this is necessary. Definitely not a priority for 2.2
If you question... Doktor Notor
09:30 AM Bug #3982 (Feedback): Installer generates errors when selecting "Embedded" but still appears to work
Solution put in place for having this working on 2.2 and 64bit installer. Ermal Luçi
06:06 AM Bug #3939 (Feedback): Cannot create Host or Network type alias with an IP address/range
New snapshots will contain last filterdns code Renato Botelho

11/07/2014

11:17 PM Bug #3760 (Resolved): reply-to with TCP and IPv6 generates broken checksums
confirmed working, looks good Chris Buechler
01:48 PM Bug #3760 (Feedback): reply-to with TCP and IPv6 generates broken checksums
Reput back with proper building on snapshots. Ermal Luçi
11:14 PM Bug #3957 (Closed): 2.2 tap missing ALTQ
tun was the potentially problematic one. tap has never had ALTQ and probably isn't sensible to use in the shaper anyway. Chris Buechler
11:08 PM Bug #3913 (Resolved): if_bridge missing ALTQ support
fixed Chris Buechler
01:38 PM Bug #3913 (Feedback): if_bridge missing ALTQ support
It works for me but there were some patches accidentally removed from builds which have been put back. Ermal Luçi
11:02 PM Bug #3995 (Resolved): Site-to-site VPN not working on IKEv2
fixed Chris Buechler
12:30 PM Bug #3995: Site-to-site VPN not working on IKEv2
Applied in changeset commit:80be089f050f0f27398a2f35ff5d48f43c7cfa3f. Ermal Luçi
12:23 PM Bug #3995 (Feedback): Site-to-site VPN not working on IKEv2
Rightsourceip was being set on site-to-site/peer-to-peer configs which is wrong. Ermal Luçi
01:09 AM Bug #3995: Site-to-site VPN not working on IKEv2
I don't know the cause, but it seems most likely to be when we bumped to strongswan 5.2.1 last week. There was a patc... Chris Buechler
01:01 AM Bug #3995 (Resolved): Site-to-site VPN not working on IKEv2
Sometime in the recent past, AES-GCM has stopped working. To replicate, just setup a site to site IPsec VPN using AES... Chris Buechler
10:38 PM Bug #3979: 2.2 IPsec NAT-T / MOBIKE IKEv2 control
really needs some javascript to remove NAT-T option where IKEv2 is selected and replace with MOBIKE control. No longe... Chris Buechler
11:06 AM Bug #3979: 2.2 IPsec NAT-T / MOBIKE IKEv2 control
I'll finish this. Chris Buechler
10:32 PM Bug #2495 (Closed): pfsense doesn't seem to know what its WAN IP is
root issue is #3997, closing this in favor of that. Chris Buechler
10:31 PM Bug #3811 (Closed): IP aliases on CARP w/IPsec getting mixed up on addition of a new VLAN.
root issue is #3997, closing this in favor of that. Chris Buechler
10:31 PM Bug #3997 (Resolved): get_interface_ip() returns first IP on interface, not necessarily primary IP
In some circumstances, IPs can be added/removed from an interface in such ways that an interface's primary IP is no l... Chris Buechler
10:10 PM Bug #3996 (Needs Patch): Solarflare NIC panic with LACP
Up to and including 2.2 are affected by the bug described here.
https://bugs.freenas.org/issues/4803
There is a ... Chris Buechler
04:04 PM Bug #3970: some files not removed on upgrade to 2.2
confirmed that works now. Need to do more testing to ensure the obsoletedfiles list is complete. Chris Buechler
02:25 PM Bug #3981: strongswan "gets crazy" after a few reloads, wipes SAD and doesn't remove old SPD
One way to replicate is changing the P2 local and/or remote subnet on a functional site to site VPN. Check SAD and SP... Chris Buechler
12:37 PM Bug #3981 (Feedback): strongswan "gets crazy" after a few reloads, wipes SAD and doesn't remove old SPD
I cannot reproduce it on my side but for sure it was reloading secrets/crl/ca/cert's but was not realoding the config... Ermal Luçi
01:41 PM Bug #3939 (Assigned): Cannot create Host or Network type alias with an IP address/range
Ermal pointed that the function I disabled is needed in some specific cases. I'm reviewing Renato Botelho
01:34 PM Bug #3987 (Confirmed): not possible to have both IKEv1 and IKEv2 mobile P1s
some limitations in strongswan that might make this difficult, as well as GUI design issues. Probably postpone the fu... Chris Buechler
12:38 PM Bug #3982: Installer generates errors when selecting "Embedded" but still appears to work
Isn;t memstick just a loader.conf option kernel rather than else on amd64? Ermal Luçi
07:01 AM Bug #3982: Installer generates errors when selecting "Embedded" but still appears to work
Even with only one kernel a choice must still be made about the console, so changing this screen into a console selec... Jim Pingle
03:45 AM Bug #3982: Installer generates errors when selecting "Embedded" but still appears to work
The issue here is that the amd64 builds do not have anymore the wrap kernels.
Only i386 has this type of kernel.
... Ermal Luçi
12:10 PM pfSense Packages Bug #3994: sudo package not working on 2.2
I added my workaround mentioned above for now. The other issue needs verified to ensure there isn't a larger problem ... Jim Pingle
12:05 PM pfSense Packages Bug #3994: sudo package not working on 2.2
The latest sudo 0.2.3 works for me, both on a production 2.1.5 system and a test 2.2 system. Phillip Davis
08:24 AM pfSense Packages Bug #3994: sudo package not working on 2.2
The binary is looking for its files in /usr/local/ when they live in the PBI dir /usr/pbi/sudo-<arch>/local/
I can... Jim Pingle
05:59 AM pfSense Packages Bug #3994: sudo package not working on 2.2
Indeed, same for me. I should really have been using some security on test systems rather than just the root/admin ac... Phillip Davis
12:37 AM pfSense Packages Bug #3994 (Resolved): sudo package not working on 2.2
With a completely default config, when trying to use sudo, you just get: ... Chris Buechler
11:37 AM pfSense Packages Bug #2992: Boot problem after upgrade
Hello,
New 2.1.4 install here, then upgraded to 2.1.5.
I then installed bandwidthd and just had the no boot iss... System IT
03:53 AM Bug #3941: adding a DHCP client interface results in missing default gateway on 2.2
I'll take it. Renato Botelho
03:11 AM Bug #3960 (Closed): deleting or changing phase 2 doesn't remove former P2
Ticket #3981 is the root cause Renato Botelho

11/06/2014

07:24 PM Bug #3980 (Resolved): wrong static routes added for remote P2 subnets
fixed Chris Buechler
12:44 PM Bug #3980 (Feedback): wrong static routes added for remote P2 subnets
looks to be fixed, leaving for further confirmation Chris Buechler
12:00 PM Bug #3980 (Confirmed): wrong static routes added for remote P2 subnets
actually it's strongswan itself doing this, looking at where/why. Chris Buechler
07:23 PM Bug #3812 (Resolved): IPSec validation should prevent phase2 policies(subnets) to include remote peer on it
this is good Chris Buechler
04:50 PM Bug #3812: IPSec validation should prevent phase2 policies(subnets) to include remote peer on it
Applied in changeset commit:6c3be3650008801aaa1579dca67b0588c04b8e18. Chris Buechler
04:33 PM Bug #3812 (Feedback): IPSec validation should prevent phase2 policies(subnets) to include remote peer on it
fix pushed and tested, leaving for further testing and confirmation. The check only prevents P2s where the local+remo... Chris Buechler
12:56 PM Bug #3990 (Resolved): pfSense_ipfw_getTablestats issue
confirmed fixed, though last activity is blank, that's a separate issue I'll check into further and open its own tick... Chris Buechler
12:50 PM Bug #3990 (Feedback): pfSense_ipfw_getTablestats issue
Applied in changeset commit:27c2e32e28f871adf036b666e8e3ae1bf54ea7a2. Renato Botelho
12:49 PM Bug #3981 (Confirmed): strongswan "gets crazy" after a few reloads, wipes SAD and doesn't remove old SPD
Actually this is hit and miss, but it's the same root issue as #3960 it appears. Changed subject to the best descript... Chris Buechler
10:54 AM Bug #3981 (Resolved): strongswan "gets crazy" after a few reloads, wipes SAD and doesn't remove old SPD
something was fixed that resolved this Chris Buechler
12:42 PM Bug #3993: 2.2 memstick installer kernel selection is broken
Matt, you're welcome to pick up #3982, no one's working on that yet. Just assign it to yourself and set to assigned s... Chris Buechler
11:27 AM Bug #3993 (Rejected): 2.2 memstick installer kernel selection is broken
Duplicate of #3982 Jim Pingle
10:12 AM Bug #3993 (Rejected): 2.2 memstick installer kernel selection is broken
In the serial memstick image for 2.2, if you select 'Easy Install' and allow the system to install, you are prompted ... Matthew Smith
11:33 AM Bug #3982: Installer generates errors when selecting "Embedded" but still appears to work
An additional note after talking to Renato earlier and doing some research:
The serial console worked for me becau... Jim Pingle
11:30 AM Bug #3982 (Confirmed): Installer generates errors when selecting "Embedded" but still appears to work
Chris Buechler
11:32 AM Bug #3939 (Resolved): Cannot create Host or Network type alias with an IP address/range
works Chris Buechler
11:11 AM Bug #3960: deleting or changing phase 2 doesn't remove former P2
it's not consistent every time it appears, but it is replicable after discussing and trying further with Renato. Chris Buechler
04:00 AM Bug #3960: deleting or changing phase 2 doesn't remove former P2
Chris Buechler wrote:
> I confirmed it again on the most recent snapshot. In addition to changing it not removing, d... Renato Botelho
09:40 AM Bug #3992 (Resolved): The password confirmation field is not properly formatted at VPN: L2TP: User: Add/Edit
At VPN: L2TP: User: Add/Edit the password confirmation field is longer than the password field.
Also the small "lo... Benedikt N.
08:57 AM Bug #3991: /etc MFS on 2.2 Netgate build memstick image runs out of space
modified pfsense-tools/builder_scripts/scripts/rc.d/etcmfs to set default size to 20m
 Matthew Smith
08:32 AM Bug #3991 (Resolved): /etc MFS on 2.2 Netgate build memstick image runs out of space
The /etc MFS on a 2.2 memstick image of the Netgate build is allocated with 10 MB of space. The files that get copied... Matthew Smith
08:31 AM Bug #3969 (Resolved): apinger configuration for DHCPv6 gateway is missing interface scope on source IP and target
Looks good now, gateway shows online at boot time and still shows online across several reboots. Thanks! Jim Pingle
08:00 AM Bug #3969 (Feedback): apinger configuration for DHCPv6 gateway is missing interface scope on source IP and target
Applied in changeset commit:118218cb69b1a8cea2f5915e4c81537b51462c34. Renato Botelho
07:40 AM Bug #3969 (Confirmed): apinger configuration for DHCPv6 gateway is missing interface scope on source IP and target
Source IP is scoped now but it still is not showing "online" - In my testing from earlier it looks like the target ne... Jim Pingle
04:30 AM Bug #3969 (Feedback): apinger configuration for DHCPv6 gateway is missing interface scope on source IP and target
Applied in changeset commit:3f6525c1ab0fd3f704ab8e23f935c475c3cbd16c. Renato Botelho
07:37 AM Bug #3970 (Feedback): some files not removed on upgrade to 2.2
Please try new snapshots, after move part of the logic to shell script it passed on all my tests Renato Botelho

11/05/2014

11:37 PM Bug #3941: adding a DHCP client interface results in missing default gateway on 2.2
the fix earlier in rc.linkup didn't have any effect here. Dug through this more tonight. Best I can definitively say ... Chris Buechler
10:45 PM Bug #3990 (Resolved): pfSense_ipfw_getTablestats issue
When clicking "Show last activity" on status_captiveportal.php (for instance, probably a problem elsewhere as well), ... Chris Buechler
10:01 PM Bug #3989 (Resolved): DNS Resolver interface drop downs need enlarged
The "Network Interfaces" and "Outgoing Network Interfaces" selection boxes need to be enlarged or made variable to th... Bill Crowder
08:40 PM Bug #3984 (Resolved): system booted with DHCP client NIC unplugged never kicks off dhclient
fixed Chris Buechler
06:56 PM Bug #3984: system booted with DHCP client NIC unplugged never kicks off dhclient
looks like check_reload_status is doing the right thing, rc.linkup seems to be where the issue is. Chris Buechler
05:27 PM Bug #3760 (Confirmed): reply-to with TCP and IPv6 generates broken checksums
that change made kernel builds fail and was reverted. Chris Buechler
05:26 PM Bug #3938 (Resolved): Captive Portal PHP Error at bootup on current snapshots
fixed Chris Buechler
05:25 PM Bug #3970: some files not removed on upgrade to 2.2
Renato found solution today, implementing tomorrow morning. Chris Buechler
11:54 AM Bug #3939: Cannot create Host or Network type alias with an IP address/range
to me for testing Chris Buechler
11:50 AM Bug #3939: Cannot create Host or Network type alias with an IP address/range
Applied in changeset commit:d9b05eb490ab4d31a132c3e993bd560933eadd8c. Renato Botelho
11:06 AM Bug #3939 (Feedback): Cannot create Host or Network type alias with an IP address/range
Please try next snapshots Renato Botelho
10:23 AM Bug #3842: Verdana font from the Linux package ttf-mscorefonts-installer causes rendering issues with pfSense WebGUI
Hello!
I don't have Verdana or Tahoma fonts installed. I also don't have ttf-mscorefonts-installer package install... Ivo B
08:31 AM Bug #3988 (Rejected): menu text shifted to the left after upgrade
Duplicate of #3842 Jim Pingle
07:58 AM Bug #3988: menu text shifted to the left after upgrade
Ivo Babarovic wrote:
> After I upgraded from to 2.1.5 from 2.1.2.
> Text labels in web menus are shifted to the rig... Ivo B
07:56 AM Bug #3988 (Rejected): menu text shifted to the left after upgrade
After I upgraded from to 2.1.5 from 2.1.2.
Text labels in web menus are shifted to the right and longer texts get ou... Ivo B

11/04/2014

10:51 PM Bug #3987 (Resolved): not possible to have both IKEv1 and IKEv2 mobile P1s
There can only be one mobile P1 currently, which restricts you unnecessarily to only either IKEv1 or IKEv2 for mobile... Chris Buechler
09:31 PM Bug #3979: 2.2 IPsec NAT-T / MOBIKE IKEv2 control
this is correct for IKEv1 after my commits earlier. Seems to be working as it should. It'll continue to work on upgra... Chris Buechler
01:58 PM Bug #3979 (Confirmed): 2.2 IPsec NAT-T / MOBIKE IKEv2 control
after further review and discussion with Ermal, the code is there to set forceencaps, it just isn't setting it correc... Chris Buechler
05:56 AM Bug #3979 (Feedback): 2.2 IPsec NAT-T / MOBIKE IKEv2 control
I have pushed them recently to be enforced.
The only remaining task is to remove Force from the options list because... Ermal Luçi
08:39 PM pfSense Packages Bug #3986: BandwidthD can break php-fpm in unknown rare edge case
In addition to the 2.2 issue of it somehow taking over php-fpm and thus breaking webGUI and...
I will note here that... Phillip Davis
05:53 PM pfSense Packages Bug #3986 (Closed): BandwidthD can break php-fpm in unknown rare edge case
Hi,
Having a lot of struggles with BandwidthD in v2.2 More info here,
https://forum.pfsense.org/index.php?topic=7... Russell Morris
06:49 PM Bug #3960: deleting or changing phase 2 doesn't remove former P2
similarly, disabling a P1 doesn't remove it from the SPD nor SAD. It does remove it from the config file. Chris Buechler
12:02 AM Bug #3960 (Confirmed): deleting or changing phase 2 doesn't remove former P2
I confirmed it again on the most recent snapshot. In addition to changing it not removing, deleting a P2 doesn't remo... Chris Buechler
05:50 PM pfSense Packages Bug #3985: apcupsd / nut not working in v2.2
Sorry, meant to add this for help, missed it,
https://forum.pfsense.org/index.php?topic=80248.msg437658#msg437658
 Russell Morris
05:50 PM pfSense Packages Bug #3985 (Closed): apcupsd / nut not working in v2.2
Hi,
I can't seem to get apcupsd or nut working in v2.2 - looks like a USB / driver issue, but I definitely could b... Russell Morris
05:22 PM Bug #3984 (Confirmed): system booted with DHCP client NIC unplugged never kicks off dhclient
Chris Buechler
01:48 PM Bug #3984 (Resolved): system booted with DHCP client NIC unplugged never kicks off dhclient
Take a simple LAN/WAN setup, WAN set as a DHCP client. Boot the system with WAN's NIC unplugged. Then plug the NIC in... Chris Buechler
03:26 PM Bug #3760 (Feedback): reply-to with TCP and IPv6 generates broken checksums
I pushed a fix that should treat this, test with new snapshots. Ermal Luçi
02:28 PM Todo #3958: test 2.2 upgrade scenarios
aside from things that have bugs open, and things that can't be tested because of other open bugs, this seems fine. S... Chris Buechler
11:09 AM pfSense Packages Todo #3983 (Needs Patch): Option for Cron Package
Jim Pingle
10:25 AM pfSense Packages Todo #3983 (Needs Patch): Option for Cron Package
Hello,
It's possible to add a custom button or other for disable or/and enable a cron task.
In the lastest versio... Julien Bénic
08:42 AM Bug #3361: DHCP6 WAN is not obtaining a default gateway
Watch out for this one. It works on some boots and not others, or depending on the timing. There's a race condition s... Jim Pingle
07:55 AM Bug #3982 (Resolved): Installer generates errors when selecting "Embedded" but still appears to work
When running the installer and choosing "Embedded" two errors are given by the GUI but if "skip" is chosen the instal... Jim Pingle
05:57 AM Bug #3957: 2.2 tap missing ALTQ
As i said before TAP should behave the same on 2.1 as well Ermal Luçi

11/03/2014

09:56 PM Bug #3981 (Resolved): strongswan "gets crazy" after a few reloads, wipes SAD and doesn't remove old SPD
This is a recent regression in 2.2. diag_ipsec_spd.php shows "No IPsec security associations" when there are active, ... Chris Buechler
09:47 PM Bug #3980 (Resolved): wrong static routes added for remote P2 subnets
A static route for the remote network of every P2 is added in 2.2, pointing to WAN's gateway IP. I'm guessing the int... Chris Buechler
09:32 PM Bug #3961 (Resolved): only first of multiple P2s works in 2.2
the issue described here is resolved. The two Ermal noted we'll discuss Chris Buechler
09:33 AM Bug #3961: only first of multiple P2s works in 2.2
I have done testing on this.
It works even today as is.
List of issues i am after:
- Racoon does not like agress... Ermal Luçi
08:53 PM Bug #3979 (Resolved): 2.2 IPsec NAT-T / MOBIKE IKEv2 control
The enable/disable/force NAT-T settings from earlier versions don't do anything in 2.2. It appears in newer strongswa... Chris Buechler
07:38 PM Bug #3913 (Confirmed): if_bridge missing ALTQ support
no change Chris Buechler
07:37 PM Bug #3957 (Confirmed): 2.2 tap missing ALTQ
tun is fine, tap not. Chris Buechler
07:35 PM Bug #3974 (Resolved): DNS Resolver: Advanced - Error in description
looks good, thanks Warren Chris Buechler
07:00 AM Bug #3974 (Feedback): DNS Resolver: Advanced - Error in description
Applied in changeset commit:d5566d43f4ace5036b5e5476d975bb8d13ce3b6f. Warren Baker
05:23 AM Bug #3974: DNS Resolver: Advanced - Error in description
Yeah i have the changes done. Just haven't submitted a pull request just yet. There are a few more which Im still goi... Warren Baker
05:10 AM Bug #3974: DNS Resolver: Advanced - Error in description
I have a bit of code to make that all consistent. I also see that Wagonza just made some updates to the related files... Phillip Davis
01:38 AM Bug #3974: DNS Resolver: Advanced - Error in description
Just noticed that the same issue exists for a few other items on the same page:
Outgoing TCP Buffers 0 vs 10
In... Dustin Dembeck
01:28 AM Bug #3974 (Resolved): DNS Resolver: Advanced - Error in description
Go to Services -> DNS Resolver -> Advanced -> Outgoing TCP Buffers and Incoming TCP Buffers (/services_unbound_advan... Dustin Dembeck
07:18 PM Bug #2650: FTP helper breaks TCP sequence numbers on 2nd WAN
assigning to me for further testing. Unchanged in 2.2 from prior releases, not a common enough issue to hold up and p... Chris Buechler
07:01 PM Bug #1928 (Resolved): Can't sync voucher database when carp peer is also active
fixed. Voucher sync is separate from CP's config sync, it does work. Chris Buechler
06:55 PM Bug #3361 (Confirmed): DHCP6 WAN is not obtaining a default gateway
no change Chris Buechler
05:54 PM Feature #3978 (Needs Patch): Backup and Restore configuration
Chris Buechler
04:58 PM Feature #3978 (Needs Patch): Backup and Restore configuration
Hi,
It's possible to add a custom area to select only backup or restore
-One for Limiter
-One for Layer7
Than... Julien Bénic
05:35 PM pfSense Packages Bug #3977: Squid-dev 3.3.11_1 pkg installs but does not start on 2-2-BETA
Nev Secular wrote:
> 2.2-BETA (i386) built on Thu Oct 30 13:58:57 CDT 2014 FreeBSD 10.1-RC3
> After installing squi... Nev Secular
04:42 PM pfSense Packages Bug #3977 (Resolved): Squid-dev 3.3.11_1 pkg installs but does not start on 2-2-BETA
2.2-BETA (i386) built on Thu Oct 30 13:58:57 CDT 2014 FreeBSD 10.1-RC3
After installing squid-dev 3.3.11_1 pkg squid... Nev Secular
03:31 PM Bug #3951 (Resolved): Processes like filterdns and ipfw-classifyd accumulate many open file handles
Ermal Luçi
02:30 PM Bug #3941 (Confirmed): adding a DHCP client interface results in missing default gateway on 2.2
that didn't fix the issue described here Chris Buechler
01:32 PM Bug #3970 (Confirmed): some files not removed on upgrade to 2.2
/tmp/post_upgrade_command.php is executed after new files are in place and before reboot, probably the root cause is ... Renato Botelho
11:48 AM pfSense Packages Bug #3975 (Rejected): Gateway Monitoring Offline
not true, please post more info to the forum or list for assistance. Chris Buechler
05:27 AM pfSense Packages Bug #3975 (Rejected): Gateway Monitoring Offline
PfSense 2.2 shows gateways as always offline Russell Wilson
11:45 AM Bug #3976 (Resolved): VLAN Interfaces on LAGG get orphaned on LAGG change
that is replicable on 2.1.x but not 2.2, already fixed there. Chris Buechler
11:04 AM Bug #3976 (Resolved): VLAN Interfaces on LAGG get orphaned on LAGG change
Reproduce:
1. Create LAGG with e.g. em3 + em4, LACP and a nice description
2. Create a few vlans and assign them ... Jens Weibler
10:30 AM Bug #1629: invalid state table entries after WAN IP change
It's not the gateway that needs states killed, it's the old WAN IP. Chris Buechler
06:36 AM Bug #1629: invalid state table entries after WAN IP change
I'm on ... Anonymous
03:12 AM Bug #3940 (Resolved): check_reload_status uses deprecated libevent-1.4
Renato Botelho
02:35 AM Bug #3940: check_reload_status uses deprecated libevent-1.4
It also looks good on my custom build - no high CPU load. Thomas Hilse

11/02/2014

05:48 PM Bug #3973 (Resolved): Route 53 dynamic DNS provider fails to update record
Existing records are not updating with the Route 53 dynamic DNS provider.
Records that do not exist are created p... Grant Horning
08:58 AM Bug #3951: Processes like filterdns and ipfw-classifyd accumulate many open file handles
Updated to:
2.2-BETA (amd64)
built on Sat Nov 01 21:36:28 CDT 2014
FreeBSD 10.1-RC4
Now filterdns has just 8 th... Phillip Davis
05:46 AM Bug #3951: Processes like filterdns and ipfw-classifyd accumulate many open file handles
My main 2.1.5 production system is the big offender with this - it has over 4000 in filterdns fstat. But I can't upgr... Phillip Davis

11/01/2014

03:54 PM pfSense Packages Bug #3972: Avahi daemon doesn't start due to missing folder for requisite dbus-daemon.
Working AVAHI on 2.2
mkdir /var/run/dbus
chown messagebus:messagebus /var/run/dbus
dbus-daemon --system
Aaron... Bill Crowder
01:04 PM pfSense Packages Bug #3972: Avahi daemon doesn't start due to missing folder for requisite dbus-daemon.
A general note Jim Pingle
12:58 PM pfSense Packages Bug #3972: Avahi daemon doesn't start due to missing folder for requisite dbus-daemon.
Jim P wrote:
> While this is being fixed, it may also warrant adding a <service> tag for dbus.
Was that a general... Aaron Outhier
12:47 PM pfSense Packages Bug #3972: Avahi daemon doesn't start due to missing folder for requisite dbus-daemon.
While this is being fixed, it may also warrant adding a <service> tag for dbus. Jim Pingle
12:36 PM pfSense Packages Bug #3972: Avahi daemon doesn't start due to missing folder for requisite dbus-daemon.
Oops! I confused the terms "Assignee" and "Assigner". I put myself as the assignee, thinking that I was supposed to d... Aaron Outhier
12:33 PM pfSense Packages Bug #3972 (Resolved): Avahi daemon doesn't start due to missing folder for requisite dbus-daemon.
Avahi package version 0.6.31 pkg v1.06 has a bug which prevents it from working. This bug should be easy to fix. I ha... Aaron Outhier
03:16 PM Bug #3913: if_bridge missing ALTQ support
Well sorry to bring bad news, but i still got the same error message (i have removed the shaper rules and recreated t... Orsiris de Jong
01:36 PM Bug #3967 (Confirmed): Need to restore IP aliases on CARP IPs in 2.2
that does work, but there are issues with that approach. One, you have to remember what VHID you're using on that, an... Chris Buechler
01:12 PM Bug #3967 (Feedback): Need to restore IP aliases on CARP IPs in 2.2
Getting back to this.
Apparently i just made conversion code to convert any such aliases to carp on same vhid.
So... Ermal Luçi
01:00 PM Bug #3361: DHCP6 WAN is not obtaining a default gateway
Applied in changeset commit:f3dd7e8cdb11077486421364ea3a11c411ba807b. Ermal Luçi
01:00 PM Bug #3361: DHCP6 WAN is not obtaining a default gateway
Applied in changeset commit:9fdc167f4ef1c8fd1b76ba9ca6e56c8085dbe672. Ermal Luçi
12:51 PM Bug #3361 (Feedback): DHCP6 WAN is not obtaining a default gateway
Ermal Luçi
01:00 PM Bug #3938: Captive Portal PHP Error at bootup on current snapshots
Applied in changeset commit:d338018f4798ea41975589f8c5b111568747e572. Ermal Luçi
12:44 PM Bug #3938 (Feedback): Captive Portal PHP Error at bootup on current snapshots
Ermal Luçi
12:50 PM Bug #3941: adding a DHCP client interface results in missing default gateway on 2.2
Applied in changeset commit:935fcedbca2dbe8c3d9eb41bc5739b511a9ec19a. Ermal Luçi
12:50 PM Bug #3941: adding a DHCP client interface results in missing default gateway on 2.2
Applied in changeset commit:d35dfaaecb5eabedade43738ba4f76967a7425a3. Ermal Luçi
12:39 PM Bug #3941 (Feedback): adding a DHCP client interface results in missing default gateway on 2.2
Ermal Luçi
01:52 AM Bug #3941: adding a DHCP client interface results in missing default gateway on 2.2
most I've found thus far is it still happens after removing all the "route delete default" commands from dhclient-scr... Chris Buechler
12:45 PM Bug #3692: apinger loss % gets stuck
People have confirmed that the behaviour is improved.
Only the graph part needs improvement. Ermal Luçi
12:23 PM Bug #3951 (Feedback): Processes like filterdns and ipfw-classifyd accumulate many open file handles
Ermal Luçi
12:05 PM Bug #3951: Processes like filterdns and ipfw-classifyd accumulate many open file handles
I think i found the cause.
Please test with new snapshots. Ermal Luçi
09:07 AM Feature #3971 (Resolved): IPv6 - Preserve the DUID used for WAN DHCP-PD in the configuration file

+Feature Request+
Preserve the DUID used to obtain the DHCP-PD addressing on the WAN in config.xml
Secondary ... David Williams
01:05 AM Bug #3963: PPPoE client interface status wrong while attempting to connect
not the issue it initially appeared to be, assigned to me for review in the future. behavior is no diff than previous... Chris Buechler

10/31/2014

09:13 PM Bug #3666: PMTUD is broken for NATed traffic
Ermal - no change with the kernel you built. I have a test setup up now that you can reach. /msg me for info. Chris Buechler
05:11 PM Bug #3970 (Resolved): some files not removed on upgrade to 2.2
There is at least one file from earlier versions that has to be removed in the process of upgrading to 2.2, with setk... Chris Buechler
02:46 PM Bug #3961: only first of multiple P2s works in 2.2
this is for site to site VPNs with > 1 P2. One easy way to replicate, setup a site to site IPsec between 2.1.5 and 2.... Chris Buechler
02:39 PM Bug #3961 (Feedback): only first of multiple P2s works in 2.2
It works for me for mobile clients which this issue is about!
The unity plugin sends split-include sections now. Ermal Luçi
02:24 PM Bug #3913 (Feedback): if_bridge missing ALTQ support
Should work correctly on new snapshots. Ermal Luçi
02:15 PM Bug #3957 (Feedback): 2.2 tap missing ALTQ
Ermal Luçi
02:12 PM Bug #3957: 2.2 tap missing ALTQ
Ok reproduced only for TAP, tun is ok.
Also i think tap behaved the same before. Ermal Luçi
02:04 PM Bug #3957: 2.2 tap missing ALTQ
I cannot replicate this on tun/tap?!!!
I do not even see changes in code to not support it! Ermal Luçi
01:30 PM Bug #3941: adding a DHCP client interface results in missing default gateway on 2.2
I'll take this one Chris Buechler
12:44 PM Bug #3870 (Closed): re(4) NICs on APU are unable to hardcode speed/duplex properly
PC Engines not aware of the issue, but not surprised by it given Realtek's horrible documentation.
We've confirme... Chris Buechler
12:39 PM Bug #3876 (Resolved): pfsync is not synchronizing states on 2.2
looks to be fine, works in both directions from testing. Chris Buechler
08:08 AM Bug #3960 (Feedback): deleting or changing phase 2 doesn't remove former P2
I couldn't reproduce it, I changed local or remote subnet and it worked as expected. Can you confirm it is still happ... Renato Botelho
07:27 AM Bug #3969 (Resolved): apinger configuration for DHCPv6 gateway is missing interface scope on source IP and target
When using a DHCPv6 WAN, apinger sets the srcip to be the interface link-local address but it does not set the scope ... Jim Pingle
06:45 AM Bug #3940: check_reload_status uses deprecated libevent-1.4
New snapshots are available, using libevent 2.0 and check_reload_status with fixes. Renato Botelho
04:06 AM Bug #3940: check_reload_status uses deprecated libevent-1.4
pfsense-tools repo already have the final patch applied, please try it or wait new snapshots today yet. Renato Botelho
03:00 AM Bug #3940: check_reload_status uses deprecated libevent-1.4
After applying your patch there are still 3 statements with "socket_close_command(fd, ev);" left:
root@pfsense-bui... Thomas Hilse

10/30/2014

05:03 PM Bug #1629 (Resolved): invalid state table entries after WAN IP change
this is fixed. The states of the former WAN IP are now killed post-IP change, which should resolve nearly all cases w... Chris Buechler
04:59 PM Bug #3921 (Resolved): max-packets option missing from pfctl
issue here is resolved Chris Buechler
04:23 PM Bug #3921 (Feedback): max-packets option missing from pfctl
Its expected and resolving this is not in plan for 2.2.
Also that is not what this ticket is about. Ermal Luçi
04:02 PM Bug #1928: Can't sync voucher database when carp peer is also active
I am unsure if this should be allowed!
Normally switching to master it should have the latest voucher status synched... Ermal Luçi
03:04 PM Bug #3876 (Feedback): pfsync is not synchronizing states on 2.2
Seems to be working for me now. Ermal Luçi
02:06 PM Bug #3760 (Confirmed): reply-to with TCP and IPv6 generates broken checksums
the most common scenario here is fixed, IPv4 is fine, but IPv6 has regressed from 2.1.x. reply-to with v6 works in pr... Chris Buechler
01:54 PM Bug #3947 (Resolved): "ipsec_starter: Bad file descriptor" spams system log
This seems to be resolved with confirmation from https://forum.pfsense.org/index.php?topic=81440.msg457606#msg457606 Ermal Luçi
01:43 PM Bug #3949 (Confirmed): Dynamic DNS public IP check always uses default gateway
Chris Buechler
01:42 PM Bug #3967 (Confirmed): Need to restore IP aliases on CARP IPs in 2.2
Chris Buechler
01:42 PM Bug #3968 (Confirmed): Incorrect gateway is assumed when using tun + topology subnet
I re-opened it after confirming that atypical circumstance. Your pull request is wrong though, it fixes a rare edge c... Chris Buechler
01:31 PM Bug #3968: Incorrect gateway is assumed when using tun + topology subnet
Well, I won't argue. If you see no bug then there is no bug.
 Dmitriy K
01:28 PM Bug #3968 (New): Incorrect gateway is assumed when using tun + topology subnet
Chris Buechler
01:13 PM Bug #3968: Incorrect gateway is assumed when using tun + topology subnet
this is valid with topology subnet in newer versions Chris Buechler
01:10 PM Bug #3968: Incorrect gateway is assumed when using tun + topology subnet
I know that pfsense team wants to release 2.2 asap but its quality will suffer if fast decisions were taken place.
... Dmitriy K
12:55 PM Bug #3968 (Rejected): Incorrect gateway is assumed when using tun + topology subnet
scratch that, can happen with topology subnet Chris Buechler
07:23 AM Bug #3968 (Resolved): Incorrect gateway is assumed when using tun + topology subnet
The script */usr/local/sbin/ovpn-linkup* has en error where network mask is returned as a gateway when no gateway pro... Dmitriy K
12:29 PM Bug #3870: re(4) NICs on APU are unable to hardcode speed/duplex properly
I contacted Pascal @ PC Engines to see if that's an issue they're aware of and if they have any further info on it.
... Chris Buechler
10:44 AM Bug #3870: re(4) NICs on APU are unable to hardcode speed/duplex properly
Boy I sure hope this is somehow fixable in software - we have a fair handful of APUs deployed already and continue to... → luckman212
12:41 AM Bug #3870: re(4) NICs on APU are unable to hardcode speed/duplex properly
Linux much happier on SD card in the APU, couldn't get anything to boot from USB flash.
TLDR version: either the... Chris Buechler
12:12 AM Bug #3870: re(4) NICs on APU are unable to hardcode speed/duplex properly
Either OpenBSD has the same problem, or this is a hardware issue. ... Chris Buechler
10:21 AM Bug #2406: No IP alias within the subnet of a CARP IP can be deleted
Chris Buechler wrote:
> This is fixed. You can't remove the last IP alias on the subnet of a CARP IP because it'll b... Nei Ka
07:47 AM Bug #3940: check_reload_status uses deprecated libevent-1.4
That previous patch is not correct, consider this one. Renato Botelho

10/29/2014

10:49 PM Bug #3964 (Resolved): Web interface fails to load on first boot
fixed Chris Buechler
10:43 PM Bug #3894: OpenVPN client started multiple times when connecting to FQDN where connectivity to server is delayed
The specific issue here is OpenVPN client is launched multiple times when connecting to FQDN with "resolv-retry infin... Chris Buechler
06:52 PM Bug #3940 (Feedback): check_reload_status uses deprecated libevent-1.4
Thomas, could you try attached patch, built with libevent 2.0 and let me know the result? Renato Botelho
09:01 AM Bug #3940 (Confirmed): check_reload_status uses deprecated libevent-1.4
I built a custom image and confirmed it. We are not seeing it on our snapshots because builder was not updated and st... Renato Botelho
06:35 PM Bug #3937 (Resolved): Interfaces Dashboard Widget - Font to big and scaling wrong
fixed. Chris Buechler
05:33 PM Bug #3967 (Resolved): Need to restore IP aliases on CARP IPs in 2.2
Ticket for what Ermal and I discussed earlier re: IP aliases on CARP. That functionality is effectively gone from 2.2... Chris Buechler
05:28 PM Bug #3760 (Feedback): reply-to with TCP and IPv6 generates broken checksums
with a kernel Ermal built with his changes as committed earlier, v4 reply-to looks to be fine in all scenarios. Will ... Chris Buechler
02:45 PM Bug #3760: reply-to with TCP and IPv6 generates broken checksums
Current status is broken checksums on IPv6, source NAT doesn't apply to translate the IP back on IPv4 (though return ... Chris Buechler
05:26 PM Bug #3870: re(4) NICs on APU are unable to hardcode speed/duplex properly
I'll try this on Linux to see how that behaves, should help narrow down whether it's hardware or driver. Chris Buechler
05:25 PM Bug #1634: Limiter and bridge needs special handling
to me to review in combination with the other limiter tickets.
non-regression and uncommon issue, removing 2.2 ta... Chris Buechler
03:36 PM Bug #3913 (Confirmed): if_bridge missing ALTQ support
hm, not sure what I was trying at the time, apparently I missed assigning the bridge or something. thanks for the fol... Chris Buechler
02:41 AM Bug #3913: if_bridge missing ALTQ support
Hello,
Sorry for the late testing.
I tried to reenable traffic shaping via the wizard but get this one:
[[There... Orsiris de Jong
03:34 PM Feature #3933 (Confirmed): Limiter burst doesn't have any effect
dummynet burst on stock FreeBSD 10.1 does indeed work how I'd expect it to work. Ours doesn't have any impact whatsoe... Chris Buechler
11:16 AM Bug #3963: PPPoE client interface status wrong while attempting to connect
Yeah it really should say "Connecting", how difficult would it be to make that happen? I don't think this is a regres... Chris Buechler
07:56 AM Bug #3963 (Feedback): PPPoE client interface status wrong while attempting to connect
After doing somo analysis, my understanding is 'Status' is supposed to be up, since interface exists on operating sys... Renato Botelho
11:10 AM Feature #3365 (Resolved): Implement package signing
After discussion with Jeremy, we're satisfied this is good for 2.2. Chris Buechler
10:47 AM Feature #3365: Implement package signing
We'll create a secured key repository, and signing keys will be imported into it for access. Renato will create the ... Jeremy Porter
12:53 AM Bug #1943: PPPoE won't reconnect after link loss when using vr(4) NICs on certain ISPs only
this may or may not still be an issue with 2.2, much has changed, and this is something we've never been able to repl... Chris Buechler
12:50 AM Bug #3961 (Confirmed): only first of multiple P2s works in 2.2
Chris Buechler
12:48 AM Bug #3890 (Resolved): Aliases multiple CIDR ranges show error message
Chris Buechler
12:39 AM Bug #3966 (Confirmed): OpenVPN crashes with AES-NI + AES-CBC
Chris Buechler
12:39 AM Bug #3966 (Resolved): OpenVPN crashes with AES-NI + AES-CBC
On systems with AES-NI enabled, OpenVPN using AES-128-CBC, AES-192-CBC, and AES-256-CBC crashes on start. ... Chris Buechler

10/28/2014

05:06 PM Bug #3910 (Confirmed): Cannot set advskew back to 0
That is correct, we're running the commands correctly to set it back to 0. The source of the issue is FreeBSD 10.1 wo... Chris Buechler
03:23 PM Bug #2325: Limiters don't work on OPT WAN rules w/rdr
needs review along with the other limiter tickets, there is overlap between them. Chris Buechler
02:20 PM Bug #3964: Web interface fails to load on first boot
Applied in changeset commit:44c7d73c4a1aa2cca3a932447ef6b6be2034badd. Renato Botelho
07:30 AM Bug #3964 (Feedback): Web interface fails to load on first boot
Applied in changeset commit:143c22f7719836d5decee0da0ec52e61e79fd6a2. Renato Botelho
12:08 AM Bug #3964 (Resolved): Web interface fails to load on first boot
cert.pem file is missing on first boot of clean 2.2 nano install, which leaves the web interface dead. ... Chris Buechler
01:32 PM Bug #1629: invalid state table entries after WAN IP change
I committed a change to add a new option that kills all states upon IP change. That's going to be the answer for thos... Chris Buechler
11:51 AM Bug #3890 (Feedback): Aliases multiple CIDR ranges show error message
Pull request has been merged Renato Botelho
08:48 AM Bug #3965 (Resolved): dhcp6c started before bridge configured at boot, preventing interface tracking
Setup:
- WAN interface configured for DHCPv6 prefix discovery
- LAN interface configured for IPv6, tracking interfa... Gregor Riepl
07:48 AM Bug #3937: Interfaces Dashboard Widget - Font to big and scaling wrong

That change is an improvement and keeps the widget from being pushed off the side of the dash.
Call it a perso... David Williams
07:00 AM Bug #3937 (Feedback): Interfaces Dashboard Widget - Font to big and scaling wrong
Applied in changeset commit:0a8d7fe996275febad7ee28ec3daf70101928cc6. Renato Botelho

10/27/2014

11:10 PM Bug #3963: PPPoE client interface status wrong while attempting to connect
To clarify - eventually it goes to "down" status, after failing for quite a while. The issue is it shows "up" while g... Chris Buechler
10:43 PM Bug #3963: PPPoE client interface status wrong while attempting to connect
this also applies to PPP, likely the same root cause Chris Buechler
10:42 PM Bug #3963 (Closed): PPPoE client interface status wrong while attempting to connect
PPPoE-type WAN interfaces show their status as "up" when they aren't actually. To replicate, just set an interface to... Chris Buechler
10:32 PM Bug #3789 (Confirmed): rc.update_bogons.sh and login shell ignore http proxy settings
this needs to be set in tcshrc so it applies to everything using fetch and similar utilities now and in the future. Chris Buechler
10:04 PM Bug #3198 (Confirmed): IPSEC, when nating to a different size subnet a invalid natting rule is made.
Chris Buechler
02:57 AM pfSense Packages Bug #3962: LADVD interface handling issues with lagg and bridge
My thoughts are that it is a GUI issue. I believe that only the physical interfaces should be shown. Marco Verleun

10/26/2014

05:33 PM Bug #3913 (Resolved): if_bridge missing ALTQ support
Chris Buechler
05:26 PM Bug #3922: jumbo frames on lagg not working
this issue is fixed, that one's #2786 Chris Buechler
05:25 PM Bug #2786 (Confirmed): Setting MTU on VLAN does not set MTU on parent interface in 2.2
Chris Buechler
05:25 PM Bug #2786: Setting MTU on VLAN does not set MTU on parent interface in 2.2
regressed in 2.2 Chris Buechler
05:13 PM pfSense Packages Bug #3962: LADVD interface handling issues with lagg and bridge
I'm guessing this is a problem with ladvd itself and nothing we're doing with it, so should likely be reported upstre... Chris Buechler
10:04 AM pfSense Packages Bug #3962 (Confirmed): LADVD interface handling issues with lagg and bridge
On my pfsense 2.1.5 router I've got LADVD installed.
Two physical interfaces are bridged.
As long as I only selec... Marco Verleun

10/25/2014

11:31 PM Bug #3922: jumbo frames on lagg not working
Typo: #3744 should have been #3774 Andy Sayler
11:30 PM Bug #3922: jumbo frames on lagg not working
This still seems to be a problem for me. I'm running the 2.2-BETA (amd64) Fri Oct 24 12:17:25 CDT 2014 build. I have ... Andy Sayler
11:15 PM Bug #3961 (Resolved): only first of multiple P2s works in 2.2
Where you have multiple P2s on 2.2, only the first does anything. It negotiates successfully, but the strongswan/2.2 ... Chris Buechler
10:54 PM Bug #3960 (Closed): deleting or changing phase 2 doesn't remove former P2
When editing an existing P2 in 2.2, the original entry isn't removed from the SPD. For instance, change just the IP s... Chris Buechler
10:11 PM Bug #2981 (Resolved): Virtual IP's not cleaned up on interface change
pretty sure this was fixed in a 2.1.x release since then. It's definitely good in 2.2. Chris Buechler
09:30 PM Bug #3944 (Resolved): git fatal errors are not shown to user when building pfSense iso from source.
Chris Buechler
09:22 PM Bug #3069 (Confirmed): traceroute6 fails to timeout and hangs the webconfigurator GUI
it's pf that makes this hang somehow. disable pf, and traceroute6 finishes no problem. No blocked traffic being logged. Chris Buechler
09:18 PM Bug #1848 (Confirmed): Limiters after policy routing has taken place do not behave correctly
Chris Buechler
09:18 PM Bug #3824 (Confirmed): Limiters on bridge break traffic outside locally-configured IP subnets
Chris Buechler
09:16 PM Bug #3957 (Confirmed): 2.2 tap missing ALTQ
Chris Buechler
09:15 PM Bug #3947 (Confirmed): "ipsec_starter: Bad file descriptor" spams system log
Chris Buechler
09:15 PM Bug #3096 (Confirmed): Limiters problem using Multi WAN
Chris Buechler
03:38 PM Bug #3450 (Rejected): DHCPv6 Lease Status shows no Leases
I don't see any actual bugs here. All DHCPv6 leases are shown in every instance I've seen. Whether they're "active" s... Chris Buechler
03:27 PM Bug #3554 (Closed): apinger and OpenVPN: Gateway down after OpenVPN client service restart
this isn't true on 2.2, haven't tried earlier versions. The "route add failed" scenarios could well be a problem, but... Chris Buechler
01:51 PM pfSense Packages Bug #3959 (Resolved): sshdcond edit /etc/sshd and gets it wrong
sshdcond.inc function restart_sshd() does edits to /etc/sshd and /etc/sshd ends up with invalid PHP syntax.
Forum: h... Phillip Davis
12:42 AM Bug #3227 (Closed): apinger treats interface as down while it isn't
not an apparent issue on 2.2 (unless this somehow overlapped with separate issues open there) Chris Buechler
12:04 AM Bug #3886: (TurkishLanguage) After the firewall rule for example (lan rule) does not come "Apply Button"
not sure of status here, assigning to Renato for follow-up. Chris Buechler

10/24/2014

11:55 PM Bug #3898 (Closed): Traffic Graph webpage freezes up after some time
I never could replicate that. The described behavior is the browser not responding, and nothing we do should make the... Chris Buechler
11:46 PM Bug #3666 (Confirmed): PMTUD is broken for NATed traffic
no change. Ermal, msg me and we can both take a look at my test setup. Chris Buechler
11:39 PM Todo #3958 (Resolved): test 2.2 upgrade scenarios
I need to go through and verify a variety of upgrade scenarios.
Only issue I've seen recently is where you have t... Chris Buechler
11:24 PM Bug #1629 (Feedback): invalid state table entries after WAN IP change
Chris Buechler
11:20 PM Bug #3957: 2.2 tap missing ALTQ
this will break enough existing systems it's worthy of RC blocking Chris Buechler
11:07 PM Bug #3957 (Closed): 2.2 tap missing ALTQ
ALTQ support in tun and tap is missing in 2.2. A number of existing configurations on 2.1x will fail to load the rule... Chris Buechler
11:19 PM Bug #3941: adding a DHCP client interface results in missing default gateway on 2.2
the subject doesn't quite cover all the breakage this causes, there are various times that the default gateway is rem... Chris Buechler
11:02 PM Bug #3917 (Resolved): Mobile IPsec status page issues
fixed Chris Buechler
11:00 PM Bug #3950 (Resolved): Entering a backwards IP range in an Alias results in an Internal Server Error
Chris Buechler
09:47 PM Bug #3842 (Resolved): Verdana font from the Linux package ttf-mscorefonts-installer causes rendering issues with pfSense WebGUI
this is good in 2.2, if we do another 2.1.x release we probably want to back port that. Chris Buechler
05:05 PM Bug #3678: Kernel panic: "Bogus interrupt trigger mode" on Intel J1900
Chris Buechler wrote:
> this was since fixed in 9 and 10 stable FreeBSD, current 2.2 should work here
I can confi... Ken Masterson
06:58 AM Bug #3956 (Resolved): Check for invalid CA on generating new certificate
... or check for valid values on generating dynamic function internalca_change() in system_certmanager.php
I had a... Grischa Zengel

10/23/2014

07:25 PM Feature #3385 (Needs Patch): Accommodate static routes for PPTP connections
PPTP is dead, and shouldn't be used in this context anyway Chris Buechler
07:23 PM Bug #3955 (Resolved): IPsec dashboard widget needs adapting for 2.2
The IPsec dashboard widget needs updating to understand strongswan's status. Chris Buechler
05:00 PM Bug #3901: DynDNS is not forcefully updated after powerup
that's a scenario that no client accounts for. Excessive updating can get you banned from some of the providers, whic... Chris Buechler
04:03 PM Bug #3901: DynDNS is not forcefully updated after powerup
From my point of view the current behaviour is not perfect.
As I described above it might be the case that the data ... Philippe Schnyder
10:12 AM Bug #3954 (Rejected): Port forwarding rule changes do NOT take affect
Jim Pingle
10:06 AM Bug #3954: Port forwarding rule changes do NOT take affect
Nevermind, I found that vpn->pptp->redirect to x.x.x.x was configured. please close bug. carl paulino
09:21 AM Bug #3954 (Rejected): Port forwarding rule changes do NOT take affect
my pfsense is:
2.1.5-RELEASE (i386)
built on Mon Aug 25 07:44:26 EDT 2014
FreeBSD 8.3-RELEASE-p16
I have a po... carl paulino
09:16 AM Bug #3898: Traffic Graph webpage freezes up after some time
After upgrading my Mac to Yosemite 10.10 and Safari to 8.0, I don't have this problem anymore. I do see the page free... carl paulino
06:46 AM Bug #3944 (Feedback): git fatal errors are not shown to user when building pfSense iso from source.
Pushed Renato Botelho
04:12 AM Bug #2882: 6RD not working in latest snapshots
I'm using the latest snapshot (amd64 built on Tue Oct 21 22:27:38 CDT 2014) and it seems like 6rd still isn't working... Hondo Eriksson

10/22/2014

03:27 PM Bug #3369: Captive vouchers expire too quickly
Chris Buechler wrote:
> mine for further testing when time permits
good luck :) maz nos
12:12 PM Bug #3369: Captive vouchers expire too quickly
mine for further testing when time permits Chris Buechler
12:07 PM Bug #3369: Captive vouchers expire too quickly
Thanks maz, got it. One follow-up question sent via email. Chris Buechler
03:55 AM Bug #3369: Captive vouchers expire too quickly
I have sent you the link through your email Chris cmb(at)pfsense
please do not share the image publicly as its key... maz nos
11:42 AM Bug #1957 (Confirmed): Remove button-inside-hyperlink usage from web forms
this is still the case, though only IE seems to care, it's still an issue in IE 11. Chris Buechler
 

Also available in: Atom